tcpdump will not compile with ability to decrypt ESP encapsulated packets.

Dr Otacon otacon at octo.sytes.net
Tue Dec 2 09:29:04 PST 2003


I'm trying to tcpdump ESP encapsulated packets with tcpdump using:

    tcpdump -w tcpdump.log -E blowfish-cbc:secret esp host safehost

...but `tcpshow < tcpdump.log' has this message repeated at the end of every 
packet:

    <*** No decode support for encapsulated protocol ***>

I have both /usr/lib/libcrypto.so (base) and /usr/local/lib/libcrypto.so 
(port) installed, which I think may be causing some kind of a conflict. IPSec 
is working fine between the two computers. Here's the output of the nm 
command on the crypto libraries...

# nm /usr/local/lib/libcrypto.* | grep BF_cbc_encrypt
00000840 T BF_cbc_encrypt
         U BF_cbc_encrypt
00049830 T BF_cbc_encrypt
00049830 T BF_cbc_encrypt
[root at octo]-[/var/log]# nm /usr/lib/libcrypto.* | grep BF_cbc_encrypt
         U BF_cbc_encrypt
00000868 T BF_cbc_encrypt


And another command....

# ldd `which tcpdump`
/usr/sbin/tcpdump:
        libpcap.so.2 => /usr/lib/libpcap.so.2 (0x280a9000)
        libc.so.4 => /usr/lib/libc.so.4 (0x280c5000)


Any help is appreciated. TIA


More information about the freebsd-stable mailing list