Re: IPSec ESN: Packets decryption fail with ESN enabled connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 03, 2019 at 04:16:56PM +0530, Harsh Jain wrote:
> 
> On 02-01-2019 18:21, Herbert Xu wrote:
> > Does this occur if you use software crypto on the receiving end
> > while keeping the sending end unchanged?
> 
> I tried with "authencesn(hmac(sha1-ssse3),cbc(aes-asm))" on both sides.
> 
> Server : iperf  -s  -w 512k  -p 20002
> 
> Client : iperf  -t 60 -w 512k -l 2048 -c 1.0.0.96 -P 32 -p 20002
> 
> >
> > If not then I would start debugging this within your driver.
> 
> ESP Packet whose's sequence No. is out of window gets dropped with EBADMSG.  It seems that "xfrm_replay_seqhi" intentionally increments the "seq_hi" to fail verification for Out of seq packet.

Yes, this is defined in RFC 4303 Appendix A2.2.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux