[Swan-dev] Does F27 as the KVM host loose large packets?

Andrew Cagney andrew.cagney at gmail.com
Fri Dec 29 18:17:00 UTC 2017 

--- MASTER/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt
+++ OUTPUT/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt
@@ -23,15 +23,6 @@
 002 "san" #1: I am sending a certificate request
 002 "san" #1: IMPAIR RETRANSMITS: scheduling timeout in 0.5 seconds
 112 "san" #1: STATE_AGGR_I1: initiate
-002 "san" #1: Peer ID is ID_USER_FQDN: 'NOTeast at testing.libreswan.org'
-002 "san" #1: certificate verified OK:
E=user-east at testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test
Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
-003 "san" #1: No matching subjectAltName found
-003 "san" #1: certificate does not contain ID_USER_FQDN
subjectAltName=NOTeast at testing.libreswan.org
-002 "san" #1: Peer public key SubjectAltName does not match peer ID
for this connection
-002 "san" #1: X509: CERT payload does not match connection ID
-003 "san" #1: initial Aggressive Mode packet claiming to be from
NOTeast at testing.libreswan.org on 192.1.2.23 but no connection has been
authorized
-218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION
-002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500
 002 "san" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set
 002 "san" #1: IMPAIR RETRANSMITS: suppressing re-key
 002 "san" #1: deleting state (STATE_AGGR_I1)
@@ -43,7 +34,6 @@
 west #
  grep "ID type" /tmp/pluto.log
 |    ID type: ID_USER_FQDN (0x3)
-|    ID type: ID_USER_FQDN (0x3)
 west #
 west #
  if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv
/tmp/core* OUTPUT/; fi

Looking at what was exchanged:

[cagney at bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]'
testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/east.pluto.log
| *received 512 bytes from 192.1.2.45:500 on eth1 (port=500)
| sending 1552 bytes for STATE_AGGR_R0 through eth1:500 to
192.1.2.45:500 (using #1)
[cagney at bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]'
testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/west.pluto.log
| sending 512 bytes for aggr_outI1 through eth1:500 to 192.1.2.23:500 (using #1)

west never sees east's 1552 byte reply

(adding to my woes, my qemu images have started getting stuck in a
'device wait' (all you can do is reboot). I'm trying an older kernel
to see if that prevents it :-(  this is unrelated to the above)


On 27 December 2017 at 17:09, Paul Wouters <paul at nohats.ca> wrote:
> I’m using f27 on the host and see no issues ? Do you have an example test case?
>
> Sent from my iPhone
>
>> On Dec 27, 2017, at 16:48, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>>
>> Is anyone (other than me) having trouble getting the x509 tests to
>> work when using F27 as the host (F22 as the guest)?  Looking at the
>> log it seems that the responder (east) sends a large (2k) packet but
>> west (the initiator) never sees it?
>>
>> Andrew
>> _______________________________________________
>> Swan-dev mailing list
>> Swan-dev at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan-dev
>

More information about the Swan-dev mailing list