File tree Expand file tree Collapse file tree 1 file changed +34
-0
lines changed Expand file tree Collapse file tree 1 file changed +34
-0
lines changed Original file line number Diff line number Diff line change @@ -26,3 +26,37 @@ Build wolfip with:
2626-DWOLFIP_ESP -DWOLFSSL_WOLFIP
2727```
2828
29+ # testing
30+
31+ Use ` scripts/ip-xfrm ` convenience scripts:
32+
33+ ```
34+ ./scripts/ip-xfrm/delete_all && ./scripts/ip-xfrm/cbc_auth sha256 128
35+ ```
36+
37+ Use this to show what is set:
38+
39+ ```
40+ ./scripts/ip-xfrm/show
41+ ip xfrm policy show
42+ src 0.0.0.0/0 dst 10.10.10.2/32 proto tcp
43+ dir out priority 0 ptype main
44+ tmpl src 0.0.0.0 dst 0.0.0.0
45+ proto esp spi 0x764f47c9 reqid 0 mode transport
46+
47+ ip xfrm state show
48+ src 10.10.10.2 dst 10.10.10.1
49+ proto esp spi 0x49ebfdd4 reqid 0 mode transport
50+ replay-window 0
51+ auth-trunc hmac(sha256) 0x02020202020202020202020202020202 128
52+ enc cbc(aes) 0x04040404040404040404040404040404
53+ ...etc...
54+ ```
55+
56+ Use ` ./scripts/ip-xfrm/watch_stat ` to troubleshoot XfrmIn/Out errors.
57+
58+ # wireshark
59+
60+ Use this for your wireshark ` esp_sa ` file, and wireshark will be able to
61+ decrypt and verify all ESP traffic:
62+ - ` scripts/ip-xfrm/esp_sa.txt `
You can’t perform that action at this time.
0 commit comments