[Swan-dev] Does F27 as the KVM host loose large packets?

Andrew Cagney andrew.cagney at gmail.com
Sun Dec 31 21:29:14 UTC 2017 

FYI,

I filed https://bugzilla.redhat.com/show_bug.cgi?id=1530002 (qemu, the
process that cannot die) which is for the other issue.  Let me know if
your seeing the below.

Andrew


On 29 December 2017 at 13:17, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> --- MASTER/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt
> +++ OUTPUT/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt
> @@ -23,15 +23,6 @@
>  002 "san" #1: I am sending a certificate request
>  002 "san" #1: IMPAIR RETRANSMITS: scheduling timeout in 0.5 seconds
>  112 "san" #1: STATE_AGGR_I1: initiate
> -002 "san" #1: Peer ID is ID_USER_FQDN: 'NOTeast at testing.libreswan.org'
> -002 "san" #1: certificate verified OK:
> E=user-east at testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test
> Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
> -003 "san" #1: No matching subjectAltName found
> -003 "san" #1: certificate does not contain ID_USER_FQDN
> subjectAltName=NOTeast at testing.libreswan.org
> -002 "san" #1: Peer public key SubjectAltName does not match peer ID
> for this connection
> -002 "san" #1: X509: CERT payload does not match connection ID
> -003 "san" #1: initial Aggressive Mode packet claiming to be from
> NOTeast at testing.libreswan.org on 192.1.2.23 but no connection has been
> authorized
> -218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION
> -002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500
>  002 "san" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set
>  002 "san" #1: IMPAIR RETRANSMITS: suppressing re-key
>  002 "san" #1: deleting state (STATE_AGGR_I1)
> @@ -43,7 +34,6 @@
>  west #
>   grep "ID type" /tmp/pluto.log
>  |    ID type: ID_USER_FQDN (0x3)
> -|    ID type: ID_USER_FQDN (0x3)
>  west #
>  west #
>   if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv
> /tmp/core* OUTPUT/; fi
>
> Looking at what was exchanged:
>
> [cagney at bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]'
> testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/east.pluto.log
> | *received 512 bytes from 192.1.2.45:500 on eth1 (port=500)
> | sending 1552 bytes for STATE_AGGR_R0 through eth1:500 to
> 192.1.2.45:500 (using #1)
> [cagney at bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]'
> testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/west.pluto.log
> | sending 512 bytes for aggr_outI1 through eth1:500 to 192.1.2.23:500 (using #1)
>
> west never sees east's 1552 byte reply
>
> (adding to my woes, my qemu images have started getting stuck in a
> 'device wait' (all you can do is reboot). I'm trying an older kernel
> to see if that prevents it :-(  this is unrelated to the above)
>
>
> On 27 December 2017 at 17:09, Paul Wouters <paul at nohats.ca> wrote:
>> I’m using f27 on the host and see no issues ? Do you have an example test case?
>>
>> Sent from my iPhone
>>
>>> On Dec 27, 2017, at 16:48, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>>>
>>> Is anyone (other than me) having trouble getting the x509 tests to
>>> work when using F27 as the host (F22 as the guest)?  Looking at the
>>> log it seems that the responder (east) sends a large (2k) packet but
>>> west (the initiator) never sees it?
>>>
>>> Andrew
>>> _______________________________________________
>>> Swan-dev mailing list
>>> Swan-dev at lists.libreswan.org
>>> https://lists.libreswan.org/mailman/listinfo/swan-dev
>>

More information about the Swan-dev mailing list