using 3des with ipsec transport mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was trying to follow the example for IPsec transport mode at 
http://www.ipsec-howto.org/x304.html with a 4.1 kernel,
and I find that using 3des_cbc does not work - packets get dropped
at the receiver after decryption: e.g., for a ping, the decrypted 
packet has a mangled icmp header, and is dropped for a bad checksum
in icmp_rcv.

Odd thing here is that the icmp payload was never mangled
on my watch, and esp_input does correctly figure out the ULP of
the payload after decrypt, so there is some pattern to this.

Using blowfish instead of 3des works on 4.1, so I suspect the bug
is specific to the encrypt/decrypt method.

FWIW I tried the 3des instructions from ipsec-howto.org with 
2.6.39 kernels, and it still fails (but so did blowfish, so 
something got better along the way).

Has anyone else noticed this behavior for 3des?

--Sowmini

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux