[Swan-dev] a question on whack exit codes (libreswan-up-down.sh)
paul at nohats.ca
Wed May 9 15:29:47 UTC 2018
On Mon, 7 May 2018, Andrew Cagney wrote:
>> This log message has the wrong RC_XXX type.
>> Looking closer, it seems that RC_WHACK_PROBLEM is unfortunately placed
>> in lswlog.h. I'll push a fix.
> I don't think that helped.
Can you elaborate? I do think it fixed something, but you might run into
other messages using a wrong RC_* code ?
> Here all the initiator knows is that something is wrong.
> Because the other end never proved their identity, the initiator can't
> trust what is coming back so it should back off for a bit and then try
The RC code for that can be RC_LOG or RC_RETRANSMISSION. Both should
cause the return code for whack to be 0.
> As an aside, all the ikev2-unknown-payload-* tests prod this area, and
> highlight how inconsistent pluto is with handling this case. Hmm,
> just noticed that ikev2-unknown-payload-03-auth-sk-critical doesn't
> try again :-/
That's a bug then, but fortunately pretty minor.
More information about the Swan-dev