| 发明名称 |
Methods, systems, and computer readable media for performing encapsulating security payload (ESP) rehashing |
| 摘要 |
Methods, systems, and computer readable media for accelerating stateless IPsec traffic generation by performing ESP rehashing of ESP packets are disclosed. A first ESP packet is generated by encrypting a portion of the packet and adding ESP headers and trailers to the encrypted portion, hashing the encrypted portion and the ESP header to compute a first ESP integrity check value (ICV), and adding the ESP ICV as a trailer to the ESP packet. At least one second ESP packet is generated by modifying parameters in the first ESP packet. The first and second ESP packets are transmitted to a device under test. |
| 申请公布号 |
US8745381(B2) |
申请公布日期 |
2014.06.03 |
| 申请号 |
US201113276906 |
申请日期 |
2011.10.19 |
| 申请人 |
IXIA |
发明人 |
Badea Alexandru R. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for accelerating stateless Internet protocol security (IPsec) traffic generation by performing encapsulating security payload (ESP) rehashing of ESP packets, the method comprising:
generating a first ESP packet by encrypting a portion of the packet and adding an ESP header and an ESP trailer to the encrypted portion, hashing the encrypted portion and the ESP header to compute a first ESP integrity check value (ICV), and adding the first ESP ICV as a trailer to the ESP packet; performing rehashing of the first ESP packet to generate at least one second ESP packet whereby the encrypted portion of the first ESP packet is used in the at least one second ESP packet without decrypting and re-encrypting the encrypted portion of the first ESP packet, wherein performing rehashing of the first ESP packet includes generating the at least one second ESP packet by modifying at least one parameter in the ESP header of the first ESP packet, hashing the modified ESP header and the encrypted portion of the first ESP packet to compute a second ESP ICV for the at least one second ESP packet, and replacing the first ESP ICV with the second ESP ICV in the at least one second ESP packet; and transmitting the first and the at least one second ESP packets to a device under test to test an aspect of the device under test.
|
| 地址 |
Calabasas CA US |
