[Swan-dev] Matt's changes to informational message handling

Matt Rogers mrogers at redhat.com
Tue Feb 4 19:18:01 EET 2014


Just pushed an update to the main test case, to test both hosts having liveness enabled.

Example of what we would be looking for in the logs:

east initiating liveness from the scheduled event:

| next event EVENT_v2_LIVENESS in 0 seconds for #2
| *time to handle event
| handling event EVENT_v2_LIVENESS
| event after this is EVENT_PENDING_DDNS in 24 seconds
| processing connection westnet-eastnet-ipv4-psk-ikev2
| liveness_check - last_liveness: 1391532680, tm: 1391532685
| **emit ISAKMP Message:
|    initiator cookie:
|   37 de 6f 21  69 b3 fa c6
|    responder cookie:
|   5a 13 9d c3  7f 6c 2d e4
|    next payload type: ISAKMP_NEXT_v2E
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_INFORMATIONAL
|    flags: ISAKMP_FLAG_INIT
|    message ID:  00 00 00 06

west's reply:

| *received 76 bytes from 192.1.2.45:500 on eth1 (port=500)
|   37 de 6f 21  69 b3 fa c6  5a 13 9d c3  7f 6c 2d e4
|   2e 20 25 08  00 00 00 06  00 00 00 4c  00 00 00 30
|   5f 51 31 69  bd 6c 0a 78  1b ab 29 38  38 e2 f7 a7
|   dc f6 60 36  72 f3 91 8b  54 6e b6 a4  18 0c a8 7a
|   d3 2a 1f 01  0f c9 59 d8  01 0c 6c f2
| **parse ISAKMP Message:
|    initiator cookie:
|   37 de 6f 21  69 b3 fa c6
|    responder cookie:
|   5a 13 9d c3  7f 6c 2d e4
|    next payload type: ISAKMP_NEXT_v2E
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_INFORMATIONAL
|    flags: ISAKMP_FLAG_INIT
|    message ID:  00 00 00 06

a receipt of west's initiated exchange:

| *received 76 bytes from 192.1.2.45:500 on eth1 (port=500)
|   37 de 6f 21  69 b3 fa c6  5a 13 9d c3  7f 6c 2d e4
|   2e 20 25 08  00 00 00 07  00 00 00 4c  00 00 00 30
|   e8 54 65 2c  ce 03 46 1f  e7 62 d7 37  33 1a 21 5c
|   58 c2 38 f5  ff 21 16 1c  c0 35 0e 2b  a6 10 6b c7
|   7c b3 88 27  87 47 95 ce  8a 81 cd 0c
| **parse ISAKMP Message:
|    initiator cookie:
|   37 de 6f 21  69 b3 fa c6
|    responder cookie:
|   5a 13 9d c3  7f 6c 2d e4
|    next payload type: ISAKMP_NEXT_v2E
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_INFORMATIONAL
|    flags: ISAKMP_FLAG_INIT
|    message ID:  00 00 00 07
|    length: 76

The exchanges can cross, and they should keep track of the subsequent message ID's and update the liveness state respectively.

Once the block is put up, the exchanges are unanswered and the timeout happens:

| processing connection westnet-eastnet-ipv4-psk-ikev2
| liveness_check - last_liveness: 1391532701, tm: 1391532731
| liveness_check - peer has not responded in 30 seconds, with a timeout of 30, taking action
"westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 peer liveness - clearing connection
| processing connection westnet-eastnet-ipv4-psk-ikev2
"westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_PARENT_R2)

The final ipsec look outputs will show no SAs on each peer. 

Hope that helps :)
Matt


More information about the Swan-dev mailing list