[Swan-dev] two new test failures

Paul Wouters paul at nohats.ca
Tue Jun 20 23:32:17 UTC 2017

On Tue, 20 Jun 2017, D. Hugh Redelmeier wrote:

> There are two new "failures" in the test runs.  This is from two
> instances of a new message.
> ./xauth-pluto-07/OUTPUT/road.console.diff:+005 "modecfg-road-eastnet-psk" #1: Subnet already has an spd_route - ignoring
> ./xauth-pluto-08/OUTPUT/road.console.diff:+005 "modecfg-road-eastnet-psk" #1: Subnet already has an spd_route - ignoring
> These message were added in 835d41d1 by Oleg Rosowiecki.
> I think that the message is correct and I'm wondering if it should be
> expected or it is a misconfiguration of the tests.

It is not a misconfiguration.

> In these tests, the subnet in question is hardwired into the conn and
> is also passed in the xauth/modeconfig exchange.

That is indeed what is causing the attempt at the duplicate spd_route.
The duplicate is ignored, but when removing these at down time, there
is an error when the 2nd delete can't find its spd_route entry.

> If this is a mistake in the configuration:
> - should the diagnostic be treated as more serious?
> - should the test configurations be fixed?
> - should the reference logs be fixed?

Different XAUTH clients apparently can behave slightly differently.
Note with remote-peer-type=cisco, the 0th spd_route is skipped
and the "conn" leftsubnet/rightsubnet is never established.

We aren't checking where the duplicate came from, it could be from
multiple duplicate CISCO_SPLIT_INC directives too.

We could either test if the SPLIT directive maps to the rightsubnet
we already have configured and skip the spd_route (and prevent the
warning) or we could ignore the warning (and fixup the test output)


More information about the Swan-dev mailing list