[Swan-dev] Does F27 as the KVM host loose large packets?
Andrew Cagney
andrew.cagney at gmail.com
Thu Jan 4 20:37:45 UTC 2018
I just noticed my virtual networks were very old:
-rw-rw-r-- 1 cagney cagney 143 Sep 25 21:00 ../pool/l.192_0_1.xml
and seem to pre-date F27:
-rw-r--r-- 1 root root 33 Oct 24 13:42 /etc/fedora-release
after rebuilding them the tests I've so far tried now pass :-/
For reference, a grep of the broken test results confirm that no
packet greater than 1500 bytes was being received (working results
receive 3400 byte packets; and running tests by hand also worked :-/
). So presumably there is another race.
On 31 December 2017 at 16:29, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> On 29 December 2017 at 13:17, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>> --- MASTER/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt
>> +++ OUTPUT/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt
>> @@ -23,15 +23,6 @@
>> 002 "san" #1: I am sending a certificate request
>> 002 "san" #1: IMPAIR RETRANSMITS: scheduling timeout in 0.5 seconds
>> 112 "san" #1: STATE_AGGR_I1: initiate
>> -002 "san" #1: Peer ID is ID_USER_FQDN: 'NOTeast at testing.libreswan.org'
>> -002 "san" #1: certificate verified OK:
>> E=user-east at testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test
>> Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
>> -003 "san" #1: No matching subjectAltName found
>> -003 "san" #1: certificate does not contain ID_USER_FQDN
>> subjectAltName=NOTeast at testing.libreswan.org
>> -002 "san" #1: Peer public key SubjectAltName does not match peer ID
>> for this connection
>> -002 "san" #1: X509: CERT payload does not match connection ID
>> -003 "san" #1: initial Aggressive Mode packet claiming to be from
>> NOTeast at testing.libreswan.org on 192.1.2.23 but no connection has been
>> authorized
>> -218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION
>> -002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500
>> 002 "san" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set
>> 002 "san" #1: IMPAIR RETRANSMITS: suppressing re-key
>> 002 "san" #1: deleting state (STATE_AGGR_I1)
>> @@ -43,7 +34,6 @@
>> west #
>> grep "ID type" /tmp/pluto.log
>> | ID type: ID_USER_FQDN (0x3)
>> -| ID type: ID_USER_FQDN (0x3)
>> west #
>> west #
>> if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv
>> /tmp/core* OUTPUT/; fi
>>
>> Looking at what was exchanged:
>>
>> [cagney at bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]'
>> testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/east.pluto.log
>> | *received 512 bytes from 192.1.2.45:500 on eth1 (port=500)
>> | sending 1552 bytes for STATE_AGGR_R0 through eth1:500 to
>> 192.1.2.45:500 (using #1)
>> [cagney at bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]'
>> testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/west.pluto.log
>> | sending 512 bytes for aggr_outI1 through eth1:500 to 192.1.2.23:500 (using #1)
>>
>> west never sees east's 1552 byte reply
>>
>> (adding to my woes, my qemu images have started getting stuck in a
>> 'device wait' (all you can do is reboot). I'm trying an older kernel
>> to see if that prevents it :-( this is unrelated to the above)
>>
>>
>> On 27 December 2017 at 17:09, Paul Wouters <paul at nohats.ca> wrote:
>>> I’m using f27 on the host and see no issues ? Do you have an example test case?
>>>
>>> Sent from my iPhone
>>>
>>>> On Dec 27, 2017, at 16:48, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>>>>
>>>> Is anyone (other than me) having trouble getting the x509 tests to
>>>> work when using F27 as the host (F22 as the guest)? Looking at the
>>>> log it seems that the responder (east) sends a large (2k) packet but
>>>> west (the initiator) never sees it?
>>>>
>>>> Andrew
>>>> _______________________________________________
>>>> Swan-dev mailing list
>>>> Swan-dev at lists.libreswan.org
>>>> https://lists.libreswan.org/mailman/listinfo/swan-dev
>>>
More information about the Swan-dev
mailing list