Bug#730313: racoon and ipcomp not working for small packets

Sun, 24 Nov 2013 03:34:03 -0800 

Hello,

Some more information, find attached the tcpdump on each machine, both
with the following commandline:
tcpdump -i eth0 -s 65535 -w <filename> proto 50 or proto 51 or proto 108
The information needed for the decryption is fetched using:
ip xfrm state

I have done this with both racoon and manual keying to be able to
investigate this issue a bit further.

Regards, Matthijs

Attachment: ipsec1.racoon.pcap
Description: Binary data

Attachment: ipsec1.setkey.pcap
Description: Binary data

Attachment: ipsec2.racoon.pcap
Description: Binary data

Attachment: ipsec2.setkey.pcap
Description: Binary data

src 192.168.5.94 dst 192.168.5.95
        proto comp spi 0x00004ec3 reqid 0 mode transport
        replay-window 0
        comp deflate (ERROR truncated)
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.94 dst 192.168.5.95
        proto esp spi 0x0486197e reqid 0 mode transport
        replay-window 4
        auth-trunc hmac(sha1) 0xbda5d966ec5b95d8bdf06c8485f418afe74f3bf6 96
        enc cbc(aes) 
0x90d6ed708142f7b026a87429d9b1f97e1576fb4e5b5ad1c12de83f4cdf59c5c9
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.94 dst 192.168.5.95
        proto ah spi 0x0dc1d500 reqid 0 mode transport
        replay-window 4
        auth-trunc hmac(sha1) 0xa95ffc304a87aaf0adba46a324794205b6b0ecc6 96
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.95 dst 192.168.5.94
        proto comp spi 0x0000dbc4 reqid 0 mode transport
        replay-window 0
        comp deflate (ERROR truncated)
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.95 dst 192.168.5.94
        proto esp spi 0x0987761d reqid 0 mode transport
        replay-window 4
        auth-trunc hmac(sha1) 0x5033d0023081c9df0023dbad5e1052fe4a2db055 96
        enc cbc(aes) 
0xaaacb89089097705e58b927f68e74b738d4ef475833e1b5b9e257befa69212e0
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.95 dst 192.168.5.94
        proto ah spi 0x0df15d1f reqid 0 mode transport
        replay-window 4
        auth-trunc hmac(sha1) 0xc65840e9de72e6dd82eede5c96779af22ebfd132 96
        sel src 0.0.0.0/0 dst 0.0.0.0/0

src 192.168.5.95 dst 192.168.5.94
        proto comp spi 0x00000200 reqid 0 mode transport
        replay-window 0
        comp deflate 0x
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.94 dst 192.168.5.95
        proto comp spi 0x00000100 reqid 0 mode transport
        replay-window 0
        comp deflate 0x
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.95 dst 192.168.5.94
        proto esp spi 0x00005fb5 reqid 0 mode transport
        replay-window 0
        enc cbc(aes) 
0x3132333435363738393031323334353637383930313233343536373839303132
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.94 dst 192.168.5.95
        proto esp spi 0x00003d55 reqid 0 mode transport
        replay-window 0
        enc cbc(aes) 
0x3132333435363738393031323334353637383930313233343536373839303132
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.95 dst 192.168.5.94
        proto ah spi 0x00005fb4 reqid 0 mode transport
        replay-window 0
        auth-trunc hmac(sha1) 0x3132333435363738393031323334353637383930 96
        sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.5.94 dst 192.168.5.95
        proto ah spi 0x00003d54 reqid 0 mode transport
        replay-window 0
        auth-trunc hmac(sha1) 0x3132333435363738393031323334353637383930 96
        sel src 0.0.0.0/0 dst 0.0.0.0/0

Reply via email to