Next: , Previous: , Up: Top  

ESPER – ESPv3 daemon

That daemon listens on divert socket (FreeBSD/OpenBSD specific). ESP packets will be decrypted and others will be sent further. Non-ESP packets are checked against security policies (SP) and encrypted with corresponding SA.

Because outgoing packets, coming to divert port, have invalid dummy checksums, ESPER calculates them explicitly for IPv4 (IPv6 does not have checksum), TCP, UDP and ICMPv6 packets, before encapsulating. Other protocol types possibly will have wrong checksum.