[Swan-dev] a question on whack exit codes (libreswan-up-down.sh)

Mon May 7 14:25:23 UTC 2018

To follow up IRC (and now that I've fixed the more serious bug), below
is a breakdown of the first failure in:
http://testing.libreswan.org/results/v3.22-1336-g508891c-master/ikev2-unknown-payload-03-auth-sk/OUTPUT/west.console.diff

The test is running the script testing/pluto/bin/libreswan-up-down.sh
which is set up to abort on first failure (i.e, simplified):

#!/bin/sh
set -eu
config=$1 ; shift
ipsec auto --add ${config}
ipsec auto --up ${config}        # was exiting with non-zero status
${bindir}/wait-until-alive "$@"
...

In the past, if the connection didn't come up immediately, 'ipsec auto
--up ${config}' would fail and the script would stop.  With recent
changes, that operation now succeeds and the script continues
executing wait-until-alive (that script runs ping, and the ping then
tricks east into trying to bring up the connection ....):

--- MASTER/testing/pluto/ikev2-unknown-payload-03-auth-sk/west.console.txt
+++ OUTPUT/testing/pluto/ikev2-unknown-payload-03-auth-sk/west.console.txt
@@ -55,6 +55,12 @@
 134 "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I2: sent v2I2,
expected v2R2 {auth=IKEv2 cipher=aes_gcm_16_256 integ=n/a prf=sha2_512
group=MODP2048}
 002 "westnet-eastnet-ipv4-psk-ikev2" #4: IKE SA authentication
request rejected: UNSUPPORTED_CRITICAL_PAYLOAD
 000 "westnet-eastnet-ipv4-psk-ikev2" #4: scheduling retry attempt 1
of an unlimited number, but releasing whack
+ping -n -c 1 -w 4 -I 192.0.1.254 192.0.2.254
+PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data.
+--- 192.0.2.254 ping statistics ---
+4 packets transmitted, 0 received, 100% packet loss, time XXXX
+pipe 4
+destination -I 192.0.1.254 192.0.2.254 is dead
 west #
  echo done
 done

Given the connection neither succeed nor failed, what should the exit code be?

Andrew

PS: For the moment I'm sitting on a tweak to libreswan-up-down.sh that
works regardless of the exit code
