[Swan-dev] errors reported by test suite

D. Hugh Redelmeier hugh at mimosa.com
Sun Jul 9 20:33:40 UTC 2017


I get a lot of errors when I run the tests.  Can folks work on fixing
them?  In some cases, the fix is to update the referencee logs.


lost a data packet -- probably nothing to be done
ah-pluto-07-klips-netkey/OUTPUT/west.console.diff
ikev1-algo-esp-sha2-01-netkey-klips/OUTPUT/west.console.diff
ikev1-algo-esp-sha2-02-netkey-klips/OUTPUT/west.console.diff

?? different traffic, extra "src"
certoe-07-nat-2-clients/OUTPUT/road.console.diff
certoe-07-nat-2-clients/OUTPUT/east.console.diff

New warning? clear-or-private#192.1.2.0/24 #1 not fetching ipseckey that end rsasigkey != %dnsondemand  can only query DNS for IPSECKEY for ID that is a FQDN, IPV4_ADDR, or IPV6_ADDR id type=ID_NULL IKEv2_AUTH_NULL remote=192.1.2.254 thatid=ID_NULL
certoe-08-nat-packet-cop-restart/OUTPUT/road.console.diff
certoe-08-nat-packet-cop-restart/OUTPUT/east.console.diff

New retransmit interval not reflected in logs?
delete-sa-04/OUTPUT/east.console.diff
... and states numbered differently?
delete-sa-04/OUTPUT/west.console.diff

tunnel missing?
dnsoe-01/OUTPUT/road.console.diff
dnsoe-01/OUTPUT/east.console.diff

dnsoe-02/OUTPUT/road.console.diff
dnsoe-02/OUTPUT/east.console.diff

dnssec-pluto-01/OUTPUT/west.console.diff

some lost traffic, different "src"
dpd-01/OUTPUT/west.console.diff

missing interfaces:
dynamic-iface-01/OUTPUT/west.console.diff

cert-related error?
+003 "westnet-eastnet-ikev2" #2: ID_DER_ASN1_DN 'E=user-east at testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' does not match expected 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org'
fips-08-ikev2-x509/OUTPUT/west.console.diff
ikev1-27-uniqueid/OUTPUT/north.console.diff
ikev1-aggr-replace-01/OUTPUT/north.console.diff

script was updated -- bugs added
ikev1-02-fuzzer/OUTPUT/west.console.diff

missing connection
ikev1-aggr-sendcert-01/OUTPUT/north.console.diff
ikev1-aggr-sendcert-01/OUTPUT/east.console.diff

negotiation went off rails
ikev1-rekey-connswitch/OUTPUT/east.console.diff
ikev1-rekey-connswitch/OUTPUT/west.console.diff

different informational payload generated??
-003 "san" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12
+003 "san" #1: ignoring informational payload INVALID_KEY_INFORMATION, msgid=00000000, length=12
ikev1-x509-05-san-firstemail-match/OUTPUT/west.console.diff

different informational payload generated??
-002 "san" #1: Peer public key is not available for this exchange
-218 "san" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
-002 "san" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.23:500
+003 "san" #1: no RSA public key known for 'NOTeast at testing.libreswan.org'
+217 "san" #1: STATE_MAIN_I3: INVALID_KEY_INFORMATION
+002 "san" #1: sending encrypted notification INVALID_KEY_INFORMATION to 192.1.2.23:500
ikev1-x509-06-san-email-mismatch/OUTPUT/west.console.diff
ikev1-x509-08-san-dns-mismatch/OUTPUT/west.console.diff

different informational payload generated??
-003 "san" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12
+003 "san" #1: ignoring informational payload INVALID_KEY_INFORMATION, msgid=00000000, length=12
ikev1-x509-07-san-ip-mismatch/OUTPUT/west.console.diff
ikev1-x509-aggr-05-san-firstemail-match/OUTPUT/west.console.diff

negotiation went off rails
+003 "san" #1: ignoring informational payload INVALID_KEY_INFORMATION, msgid=00000000, length=12
ikev1-x509-12-san-dn-match/OUTPUT/east.console.diff
ikev1-x509-12-san-dn-match/OUTPUT/west.console.diff
ikev1-x509-13-san-dn-mismatch/OUTPUT/east.console.diff
ikev1-x509-13-san-dn-mismatch/OUTPUT/west.console.diff

Here I ran out of time.

(I did a similar exercise last week but ran out of time and my results
got stale.  So I'm sending this off now, before they get stale.  I'm
sure that if people fix these errors, a lot of other failed tests will
be fixed as a side-effect.)


More information about the Swan-dev mailing list