[Swan-dev] ikev2 broke in master 500519c..6eca8ba

Antony Antony antony at phenome.org
Tue Sep 15 12:46:12 EEST 2015


just sharing my experince.
that commit, 6eca8ba4, seems to have many failures runnig  test cases too. may be try one before.

many simple ikev2 tests have failed. e.g
http://hal.phenome.org:8081/results/blackswan/2015-09-15-blackswan-v3.15-90-g6eca8ba-master/ikev2-03-basic-rawrsa/OUTPUT/west.console.txt 
try the one before that?

or even a simple psk case failed.

134 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_gcm_16_256 integ=n/a prf=sha group=MODP2048}
003 "westnet-eastnet-ipv4-psk-ikev2" #2: not enough room in input packet for IKEv2 Traffic Selector Payload (remain=0, sd->size=8)
003 "westnet-eastnet-ipv4-psk-ikev2" #2: malformed payload in packet
002 "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east'
002 "westnet-eastnet-ipv4-psk-ikev2" #2: missing v2SA, v2TSi or v2TSr: not attempting to setup child SA
214 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: v2N_NO_PROPOSAL_CHOSEN
003 "westnet-eastnet-ipv4-psk-ikev2" #2: EXPECTATION FAILED at /source/programs/pluto/ikev2.c:1823: st != NULL && st->st_event != NULL && st->st_event->ev_type == EVENT_v2_RETRANSMIT
^C#\[root at west ]#  timedout send line: ipsec auto --up  westnet-eastnet-ipv4-psk-ikev2
ping -n -c 4 -I 192.0.1.254 192.0.2.254

-antony


On Tue, Sep 15, 2015 at 12:16:42PM +0300, Tuomo Soini wrote:
> I upgraded my real world testing packages from 500519c to 6eca8ba and
> noticed ikev2 connections stopped working. I had big difficulty in
> bisecting the actual problem with was:
> 
> attached log file 6eca8ba.log
> 
> The problem I had with bisecting was I hit another bug or series of
> other bugs so I couldn't find the commit which causes this room issue
> because I couldn't run necessary revisions because these asserted.
> 
> Sep 15 12:09:47 pata pluto[28128]: "espoo-vihti4/0x2" #8: ASSERTION
> FAILED at /builddir/build/BUILD/libreswan-3.15/programs/pluto/kernel.c:2878: esr != NULL
> Sep 15 12:09:47 pata pluto[28128]: "espoo-vihti4/0x2" #8: ABORT
> at /builddir/build/BUILD/libreswan-3.15/programs/pluto/kernel.c:2878
> Sep 15 12:09:47 pata pluto[28128]: "espoo-vihti4/0x2" #8: ABORT
> at /builddir/build/BUILD/libreswan-3.15/programs/pluto/kernel.c:2878
> 
> bisecting revealed 6d4f4f20d1058cdf36120719691ab128a64e1329 to be first
> bad commit.
> 
> It looks to me last commit fixes this commit but I can't verify because
> I can't run 6eca8ba because of that room bug - or the room bug doesn't
> let me far enough in code to see that ASSERT.
> 
> -- 
> Tuomo Soini <tis at foobar.fi>
> Foobar Linux services
> +358 40 5240030
> Foobar Oy <http://foobar.fi/>

> Sep 15 10:20:59 foo-gw pluto[17454]: "vihti-espoo4/2x0" #56: initiating v2 parent SA
> Sep 15 10:20:59 foo-gw pluto[17454]: "vihti-espoo4/2x0" #56: STATE_PARENT_I1: sent v2I1, expected v2R1
> Sep 15 10:20:59 foo-gw pluto[17454]: | Sending [CERT] of certificate: CN=foo-gw.foobar.fi,OU=Security,O=Foobar Oy,L=Vihti,C=FI
> Sep 15 10:20:59 foo-gw pluto[17454]: "vihti-espoo4/2x0" #57: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_gcm_16_256 integ=n/a prf=OAKLEY_SHA2_256 group=MODP4096}
> Sep 15 10:20:59 foo-gw pluto[17454]: "vihti-espoo4/2x0" #57: not enough room in input packet for IKEv2 Traffic Selector Payload (remain=0, sd->size=8)
> Sep 15 10:20:59 foo-gw pluto[17454]: "vihti-espoo4/2x0" #57: malformed payload in packet
> Sep 15 10:20:59 foo-gw pluto[17454]: "vihti-espoo4/2x0" #57: certificate CN=pata.foobar.fi,OU=Security,O=Foobar Oy,L=Vihti,C=FI OK
> Sep 15 10:20:59 foo-gw pluto[17454]: "vihti-espoo4/2x0" #57: IKEv2 mode peer ID is ID_FQDN: '@pata.foobar.fi'
> Sep 15 10:20:59 foo-gw pluto[17454]: "vihti-espoo4/2x0" #57: missing v2SA, v2TSi or v2TSr: not attempting to setup child SA
> Sep 15 10:20:59 foo-gw pluto[17454]: "vihti-espoo4/2x0" #57: EXPECTATION FAILED at /builddir/build/BUILD/libreswan-3.15/programs/pluto/ikev2.c:1823: st != NULL && st->st_event != NULL && st->st_event->ev_type == EVENT_v2_RETRANSMIT
> Sep 15 10:21:10 foo-gw pluto[17454]: packet from 81.22.252.190:500: sending unencrypted notification v2N_INVALID_MESSAGE_ID to 81.22.252.190:500

> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev



More information about the Swan-dev mailing list