how to get port information from xfrm?

zgh · 11-02-2010, 08:09 AM

Hello,

I have the following question:

How can I get the port information about the "session" that triggered a xfrm acquire, without using ports in policies?

An example:
I'm using the Host Identity Protocol for signaling and securing communication between two hosts. What it does is set up a policy for the HIP Address Prefix (2001:10::/28). ip xfrm monitor:

Code:

src 2001:10::/28 dst 2001:10::/28 
        dir in priority 0 
        tmpl src :: dst ::
                proto 0 reqid 0 mode transport

src 2001:10::/28 dst 2001:10::/28 
        dir out priority 0 
        tmpl src :: dst ::
                proto 0 reqid 0 mode transport

Now, when I trigger a new connection between the two hosts the acquire message looks like this (I'm using ssh for this example, therefore destination port 22). ip xfrm monitor dumps:

Code:

acquire proto 0 
  sel src 2001:16:2895:e713:474d:2e1c:42e3:81b1/128 dst 2001:11:eb2c:9bcf:7908:b80a:c16c:dfa/128 proto tcp sport 0 dport 22 
  policy src 2001:10::/28 dst 2001:10::/28 
        dir out priority 0 
        tmpl src :: dst ::
                proto 0 reqid 0 mode transport

What I'm interested in are the source and destination ports. As you can see, the destination port is set correctly, yet the source port is not? Why is that? Is there any way to get the source port, too?

Any suggestions?
Thanks!

mdlinuxwolf · 11-16-2010, 11:28 AM

Quote:

Originally Posted by zgh

Hello,

I have the following question:

How can I get the port information about the "session" that triggered a xfrm acquire, without using ports in policies?

An example:
I'm using the Host Identity Protocol for signaling and securing communication between two hosts. What it does is set up a policy for the HIP Address Prefix (2001:10::/28). ip xfrm monitor:

Code:

src 2001:10::/28 dst 2001:10::/28 
        dir in priority 0 
        tmpl src :: dst ::
                proto 0 reqid 0 mode transport

src 2001:10::/28 dst 2001:10::/28 
        dir out priority 0 
        tmpl src :: dst ::
                proto 0 reqid 0 mode transport

Now, when I trigger a new connection between the two hosts the acquire message looks like this (I'm using ssh for this example, therefore destination port 22). ip xfrm monitor dumps:

Code:

acquire proto 0 
  sel src 2001:16:2895:e713:474d:2e1c:42e3:81b1/128 dst 2001:11:eb2c:9bcf:7908:b80a:c16c:dfa/128 proto tcp sport 0 dport 22 
  policy src 2001:10::/28 dst 2001:10::/28 
        dir out priority 0 
        tmpl src :: dst ::
                proto 0 reqid 0 mode transport

What I'm interested in are the source and destination ports. As you can see, the destination port is set correctly, yet the source port is not? Why is that? Is there any way to get the source port, too?

Any suggestions?
Thanks!

This suggestion might be a little "off the beaten path" but I would suggest using an application called Wireshark instead of what you are using now. Wireshark will tell you more then you wanted to ever know about your network, & then even more then that.