Uploaded image for project: 'vpp'
  1. vpp
  2. VPP-387

ipsec-input trace

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Low Low
    • 16.12
    • None
    • None

      ipsec-input trace shows " esp: no tunnel spi 1000 seq 1" in case when esp packet with correct spi is received in tunnnel mode:

      Packet 1

      00:00:16:300042: dpdk-input
      GigabitEthernet0/8/0 rx queue 0
      buffer 0x4e03: current data 0, length 102, free-list 0, totlen-nifb 0, trace 0x0
      PKT MBUF: port 0, nb_segs 1, pkt_len 102
      buf_len 2176, data_len 102, ol_flags 0x0, data_off 128, phys_addr 0x72933fc0
      packet_type 0x0
      IP4: 08:00:27:9b:18:46 -> 08:00:27:0e:c0:fc
      IPSEC_ESP: 192.168.100.2 -> 192.168.100.3
      tos 0x00, ttl 64, length 88, checksum 0x311d
      fragment id 0x0001
      00:00:16:300121: ethernet-input
      IP4: 08:00:27:9b:18:46 -> 08:00:27:0e:c0:fc
      00:00:16:300130: ip4-input
      IPSEC_ESP: 192.168.100.2 -> 192.168.100.3
      tos 0x00, ttl 64, length 88, checksum 0x311d
      fragment id 0x0001
      00:00:16:300134: ipsec-input-ip4
      esp: no tunnel spi 1000 seq 1
      00:00:16:300136: esp-decrypt
      esp: crypto aes-cbc-128 integrity sha1-96
      00:00:16:300225: ip4-input
      ICMP: 192.168.3.3 -> 192.168.4.4
      tos 0x00, ttl 64, length 28, checksum 0xf288
      fragment id 0x0001
      ICMP echo_request checksum 0xf7ff
      00:00:16:300226: ip4-lookup
      fib 0 adj-idx 6 : 192.168.4.4/24 flow hash: 0x00000000
      ICMP: 192.168.3.3 -> 192.168.4.4
      tos 0x00, ttl 64, length 28, checksum 0xf288
      fragment id 0x0001
      ICMP echo_request checksum 0xf7ff
      00:00:16:300230: ip4-local
      ICMP: 192.168.3.3 -> 192.168.4.4
      tos 0x00, ttl 64, length 28, checksum 0xf288
      fragment id 0x0001
      ICMP echo_request checksum 0xf7ff
      00:00:16:300232: ip4-icmp-input
      ICMP: 192.168.3.3 -> 192.168.4.4
      tos 0x00, ttl 64, length 28, checksum 0xf288
      fragment id 0x0001
      ICMP echo_request checksum 0xf7ff
      00:00:16:300233: ip4-icmp-echo-request
      ICMP: 192.168.3.3 -> 192.168.4.4
      tos 0x00, ttl 64, length 28, checksum 0xf288
      fragment id 0x0001
      ICMP echo_request checksum 0xf7ff
      00:00:16:300238: ip4-rewrite-local
      tx_sw_if_index 1 adj-idx 7 : GigabitEthernet0/8/0
      IP4: 08:00:27:0e:c0:fc -> 08:00:27:9b:18:46 flow hash: 0x00000000
      IP4: 08:00:27:0e:c0:fc -> 08:00:27:9b:18:46
      ICMP: 192.168.4.4 -> 192.168.3.3
      tos 0x00, ttl 64, length 28, checksum 0xe9f5
      fragment id 0x0894
      ICMP echo_reply checksum 0xffff
      00:00:16:300240: GigabitEthernet0/8/0-output
      GigabitEthernet0/8/0
      IP4: 08:00:27:0e:c0:fc -> 08:00:27:9b:18:46
      ICMP: 192.168.4.4 -> 192.168.3.3
      tos 0x00, ttl 64, length 28, checksum 0xe9f5
      fragment id 0x0894
      ICMP echo_reply checksum 0xffff
      00:00:16:300242: ipsec-output
      spd 1
      00:00:16:300245: esp-encrypt
      esp: spi 1001 seq 0 crypto aes-cbc-128 integrity sha1-96
      00:00:16:300367: ipsec-output
      spd 1

      IPSEC config:
      sa 10 spi 1001 mode tunnel protocol esp
      crypto alg aes-cbc-128 key 543068775377485678325a51374d7355 integrity alg sha1-96 key 456f7132716966644348636c3966675262587043
      tunnel src 192.168.100.3 dst 192.168.100.2
      sa 20 spi 1000 mode tunnel protocol esp
      crypto alg aes-cbc-128 key 543068775377485678325a51374d7355 integrity alg sha1-96 key 456f7132716966644348636c3966675262587043
      tunnel src 192.168.100.2 dst 192.168.100.3
      spd 1
      outbound policies
      priority 100 action bypass protocol IPSEC_ESP
      local addr range 0.0.0.0 - 255.255.255.255 port range 0 - 65535
      remte addr range 0.0.0.0 - 255.255.255.255 port range 0 - 65535
      packets 1 bytes 88
      priority 10 action protect protocol any sa 10
      local addr range 192.168.4.4 - 192.168.4.4 port range 0 - 65535
      remte addr range 192.168.3.3 - 192.168.3.3 port range 0 - 65535
      packets 1 bytes 28
      priority 100 action bypass protocol IPSEC_ESP
      local addr range :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff port range 0 - 65535
      remote addr range :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff port range 0 - 65535
      packets 0 bytes 0
      inbound policies
      priority 10 action protect protocol any sa 20
      local addr range 192.168.4.4 - 192.168.4.4 port range 0 - 65535
      remte addr range 192.168.3.3 - 192.168.3.3 port range 0 - 65535
      packets 1 bytes 88
      priority 100 action bypass protocol IPSEC_ESP
      local addr range 0.0.0.0 - 255.255.255.255 port range 0 - 65535
      remte addr range 0.0.0.0 - 255.255.255.255 port range 0 - 65535
      packets 0 bytes 0
      priority 100 action bypass protocol IPSEC_ESP
      local addr range :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff port range 0 - 65535
      remote addr range :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff port range 0 - 65535
      packets 0 bytes 0
      tunnel interfaces

      Packet sent from TG to DUT:
      Sending packet out of eth1 of len 102
      ###[ Ethernet ]###
      dst = 08:00:27:0e:c0:fc
      src = 08:00:27:9b:18:46
      type = 0x800
      ###[ IP ]###
      version = 4L
      ihl = 5L
      tos = 0x0
      len = 88
      id = 1
      flags =
      frag = 0L
      ttl = 64
      proto = esp
      chksum = 0x311d
      src = 192.168.100.2
      dst = 192.168.100.3
      \options \
      ###[ ESP ]###
      spi = 0x3e8
      seq = 1
      data = '\xdb\xdc\xc3\xbc|\x90&\x92S\xb0\xa6\x18+\x00S C\xe1@\x9f\x9c\xa8)

      {\x86}

      /4\x0b\xf4U\xe3\x8b4\xefMa\x04j\xd8\x8f?\t\xa4Tk\xce9\x016\xfc?^\xd6KL\xec\xc2n}'

            matfabia Matus Fabian
            jgelety Jan Gelety
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: