[Swan-dev] several tests fail because output of ipsec-look.sh isn't sannitized completely

D. Hugh Redelmeier hugh at mimosa.com
Tue Jun 12 16:20:38 UTC 2018 

(I'm testing the tree from almost 24 hours ago.  This might have already 
been fixed.)

Here's an example:

--- MASTER/testing/pluto/klips-ikev2-algo-sha2-07/east.console.txt
+++ OUTPUT/testing/pluto/klips-ikev2-algo-sha2-07/east.console.txt
@@ -48,12 +48,14 @@
 east #
  ../../pluto/bin/ipsec-look.sh
 east NOW
-192.0.2.0/24       -> 192.0.1.0/24       => tun0xIPIP at 192.1.2.45 esp0xESPSPI at 192.1.2.45
-ipsec0->eth1 mtu=16260(9999)->1500
-tun0xTUN#@192.1.2.45 IPIP: dir=out src=192.1.2.23 jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
-esp0xSPISPI at 192.1.2.45 ESP_AES_HMAC_SHA2_512: dir=out src=192.1.2.23 iv_bits=128bits iv=0xIVISFORRANDOM000IVISFORRANDOM000 ooowin=32  alen=512 aklen=512 eklen=128 jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
-esp0xSPISPI at 192.1.2.23 ESP_AES_HMAC_SHA2_512: dir=in  src=192.1.2.45 iv_bits=128bits iv=0xIVISFORRANDOM000IVISFORRANDOM000 ooowin=32   alen=512 aklen=512 eklen=128 jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
-tun0xTUN#@192.1.2.23 IPIP: dir=in  src=192.1.2.45 policy=192.0.1.0/24->192.0.2.0/24 flags=0x8<> jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
+192.0.2.0/24       -> 192.0.1.0/24       => tun0x1000 at 192.1.2.45 esp0xbf8e27c8 at 192.1.2.45  (2)
+ipsec0->eth1 mtu=16260(1500)->1500
+esp0x563d8d9 at 192.1.2.23 ESP_AES_HMAC_SHA2_512: dir=in  src=192.1.2.45 iv_bits=128bits iv=0xbed81e99dcd29af0fa25a443fdf0cd1d ooowin=32 seq=2 bit=0x3 alen=512 aklen=512 eklen=128 jiffies=4294709828 life(c,s,h)=bytes(168,0,0) idle=0 natencap=none natsport=0 natdport=0 refcount=3 ref=4 refhim=0
+esp0xbf8e27c8 at 192.1.2.45 ESP_AES_HMAC_SHA2_512: dir=out src=192.1.2.23 iv_bits=128bits iv=0x89083535be5bbbcffaeb72d44ca7c025 ooowin=32 seq=2 alen=512 aklen=512 eklen=128 jiffies=4294709828 life(c,s,h)=bytes(168,0,0) idle=0 natencap=none natsport=0 natdport=0 refcount=3 ref=2 refhim=0
+tun0x1000 at 192.1.2.45 IPIP: dir=out src=192.1.2.23 jiffies=4294709828 life(c,s,h)=bytes(208,0,0) idle=0 natencap=none natsport=0 natdport=0 refcount=3 ref=1 refhim=0
+tun0x1001 at 192.1.2.23 IPIP: dir=in  src=192.1.2.45 policy=192.0.1.0/24->192.0.2.0/24 flags=0x8<> jiffies=4294709828 life(c,s,h)=bytes(168,0,0) idle=0 natencap=none natsport=0 natdport=0 refcount=3 ref=3 refhim=0
+IPSEC mangle TABLES
+NEW_IPSEC_CONN mangle TABLES
 ROUTING TABLES
 default via 192.1.2.254 dev eth1 
 192.0.1.0/24 dev ipsec0  scope link

More information about the Swan-dev mailing list