You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue with bytes packet reconstruction in AH Tunnel mode
Scapy version
2.5.0
Python version
3.8.10
Operating system
Ubuntu 22.04
Additional environment information
No response
How to reproduce
I am encountering a problem when trying to reconstruct packets in AH tunnel mode using Scapy. The packets are sent through a socket using the raw() method.
Setup:
AH Tunnel Mode Configuration:
Outer IP: src = 192.168.100.4
AH Header with Next Header set to IPv4
Inner IPv4 packet contains ICMP from 10.0.1.2 to 10.0.1.1
fromscapy.allimportSecurityAssociation, AH, IP, ICMP, raw# Security Association Setupsa=SecurityAssociation(AH, spi=0x222, auth_algo='SHA2-384-192', auth_key=b'secret key', tunnel_header=IP(src='192.168.100.4', dst='192.168.100.6'))
# Packet definition and encryptionpacket=packet_from_Interface# inner IP and ICMP detailse1=sa.encrypt(packet)
print("AH packet:")
e1.show()
###[ IP ]### version=4ihl=5tos=0x0len=140id=1flags=frag=0ttl=64proto=ahchksum=0x30e3src=192.168.100.4dst=192.168.100.6
\options \
###[ AH ]### nh=4payloadlen=7reserved=Nonespi=0x222seq=2icv=266cd31bc38315f1091b8c9affb181b9ec8b33a43b9cb50dpadding=None###[ IP ]### version=4ihl=5tos=0x0len=84id=7564flags=DFfrag=0ttl=64proto=icmpchksum=0x71bsrc=10.0.1.2dst=10.0.1.1
\options \
###[ ICMP ]### type=echo-requestcode=0chksum=0xc8bbid=0x7seq=0x1unused=''###[ Raw ]### load='\x0e\\x8fLf\x00\x00\x00\x00\x12t\x03\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567'
Actual result
Upon receiving the packet on the receiver side, it is reconstructed using Scapy as follows:
recv_packet=IP(byte_packet_received)
recv_packet.show()```###[ IP ]### version=4ihl=5tos=0x0len=128id=1flags=frag=0ttl=64proto=ahchksum=0x30efsrc=192.168.100.4dst=192.168.100.6
\options \
###[ AH ]### nh=4payloadlen=4reserved=0spi=0x222seq=1icv=ebf23a021ee0bbf47fab24acpadding=###[ Raw ]### load='E\x00\x00T\\xabS@\x00@\x01yS\n\x00\x01\x02\n\x00\x01\x01\x08\x00\\xabB\x00\x08\x00\x01ߒLf\x00\x00\x00\x00X\\xe8\t\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567'
Expected result
The reconstructed packet does not include the inner IP details, and using the AH decrypt method yields incorrect results. It appears that the problem might be related to how the packet is constructed on the receiver side.
Question:
Does anyone have suggestions on if it is expected behavior of scapy in AH Tunnel mode or how to resolve this issue?
Related resources
No response
The text was updated successfully, but these errors were encountered:
MuhammadBor
changed the title
IPsec AH and ESP different representations
Issue with Packet Creation in AH Tunnel Mode over Socket
May 21, 2024
Brief description
Issue with bytes packet reconstruction in AH Tunnel mode
Scapy version
2.5.0
Python version
3.8.10
Operating system
Ubuntu 22.04
Additional environment information
No response
How to reproduce
I am encountering a problem when trying to reconstruct packets in AH tunnel mode using Scapy. The packets are sent through a socket using the raw() method.
Setup:
Actual result
Upon receiving the packet on the receiver side, it is reconstructed using Scapy as follows:
Expected result
The reconstructed packet does not include the inner IP details, and using the AH decrypt method yields incorrect results. It appears that the problem might be related to how the packet is constructed on the receiver side.
Question:
Does anyone have suggestions on if it is expected behavior of scapy in AH Tunnel mode or how to resolve this issue?
Related resources
No response
The text was updated successfully, but these errors were encountered: