Article 978 at 08/11/06 09:42:43 From: akisada@tahi.org Subject: [users:00978] Re: please help me explain 5.1.9 for IPsec

Index: [Article Count Order] [Thread]
Date: Thu, 6 Nov 2008 09:40:55 +0900
From: Yukiyo Akisada <akisada@tahi.org>
Subject: [users:00978] Re: please help me explain 5.1.9 for IPsec
To: wang_jiabo <jiabwang@redhat.com>
Cc: users@tahi.org
Message-Id: <20081106094055.f029bb27.akisada@tahi.org>
In-Reply-To: <49101EA7.9010808@redhat.com>
References: <49101EA7.9010808@redhat.com>
X-Mail-Count: 00978

Wang,

This is not our problem but your problem. :-)

The error message "This test must run by using UDP" already told you how to solve it.
Please rnu this test by "make ipv6ready_p2_end_node_udp".

As you know,
ICMPv6 doesn't have length field, and UDP has it.
In transport mode, upper layer length field is needed to process TFC Padding.

Here is the reference.
RFC 4303 (IP Encapsulating Security Payload (ESP)) says,

    2.7.  Traffic Flow Confidentiality (TFC) Padding

    911    An IPsec implementation SHOULD be capable of padding traffic by
    912    adding bytes after the end of the Payload Data, prior to the
    913    beginning of the Padding field.  However, this padding (hereafter
    914    referred to as TFC padding) can be added only if the Payload Data
    915    field contains a specification of the length of the IP datagram.
    916    This is always true in tunnel mode, and may be true in transport mode
    917    depending on whether the next layer protocol (e.g., IP, UDP, ICMP)
    918    contains explicit length information.  This length information will

Thanks,


On Tue, 04 Nov 2008 18:06:31 +0800
wang_jiabo <jiabwang@redhat.com> wrote:

> Hello, all:
> when I test 5.1.9(TFC Padding (Transport Mode), ESP=3DES-CBC HMAC-SHA1) 
> case on IPsec Self_Test suite, the result reported "Not yet supported";
> please see the following log info.
> the problem is from TAHI, I mean that test suite did not support the case.
> or I need modify some program files to pass the case.
> Thanks
> Best regards
> Wang JiaBo
> 
> 
>   Test Information
> 
> Title 	5.1.9 TFC Padding (Transport Mode), ESP=3DES-CBC HMAC-SHA1
> CommandLine 	./p2_HTR_E_TFC_Padding.seq -pkt ./p2_HTR_E_TFC_Padding.def 
> test_type=ADVANCED support=TFC_PADDING_TRANS_SUPPORT -log 11.html -ti 
> 5.1.9 TFC Padding (Transport Mode), ESP=3DES-CBC HMAC-SHA1
> TestVersion 	V6PC_P2_IPsec_1_9_0_B1
> ToolVersion 	REL_3_1_0
> Start 	2008/11/04 15:43:37
> Tn 	/usr/local/v6eval//etc//tn.def
> Nu 	/usr/local/v6eval//etc//nut.def
> Pkt 	./p2_HTR_E_TFC_Padding.def
> System 	rhel51
> TargetName 	RHEL5.3
> HostName 	ipv6test2
> Type 	host
> 
> ------------------------------------------------------------------------
> 
> 
>   Test Sequence Execution Log
> 
> 15:43:37 	Start
> 
> 	This test must run by using UDP
> This test is not supported now
> 15:43:37 	End
> 
> ------------------------------------------------------------------------
> 
> 
>   Packet Reverse Log
> 
> 
> 


-- 
Yukiyo Akisada <akisada@tahi.org>