使ってみよう(1)

MacOS: KAME IPsec実装、トランスポートモード

$ sudo setkey -c 
add 127.0.0.1 127.0.0.1 esp 0x2000 -E des-cbc 0x1233456712345678;
spdadd 127.0.0.1 127.0.0.1 any -P out ipsec esp/transport//use;
^D
$ sudo tcpdump -n -i lo0 -s 2000 (window 2)
$ ping 127.0.0.1
14:50:47.075895 IP 127.0.0.1 > 127.0.0.1: ESP(spi=0x00002000,seq=0x1)
14:50:47.076000 IP 127.0.0.1 > 127.0.0.1: ESP(spi=0x00002000,seq=0x2)

$ sudo setkey -c 
add 127.0.0.1 127.0.0.1 ah 0x2000 -E hmac-sha1 "abcdabcdabcdabcdabcd";
spdadd 127.0.0.1 127.0.0.1 any -P out ipsec ah/transport//use;
^D
$ sudo tcpdump -n -i lo0 -s 2000 (window 2)
$ ping 127.0.0.1
14:52:41.923859 IP 127.0.0.1 > 127.0.0.1: AH(spi=0x00002000,seq=0x9): icmp 64: echo request seq 0
14:52:41.923969 IP 127.0.0.1 > 127.0.0.1: AH(spi=0x00002000,seq=0xb): icmp 64: echo reply seq 0