[Swan-dev] a question on whack exit codes (libreswan-up-down.sh)

Andrew Cagney andrew.cagney at gmail.com
Wed May 9 16:32:30 UTC 2018

On 9 May 2018 at 11:29, Paul Wouters <paul at nohats.ca> wrote:
> On Mon, 7 May 2018, Andrew Cagney wrote:
>>> This log message has the wrong RC_XXX type.
>>> Looking closer, it seems that RC_WHACK_PROBLEM is unfortunately placed
>>> in lswlog.h. I'll push a fix.
>> I don't think that helped.
> Can you elaborate? I do think it fixed something, but you might run into
> other messages using a wrong RC_* code ?

In this test:


The 'ipsec auto --up <connection>' didn't establish - something
screwed up so it is retrying in the background.

Previously, the exit code would have been non zero, but now it is
zero.  However, ...

>> Here all the initiator knows is that something is wrong.
>> Because the other end never proved their identity, the initiator can't
>> trust what is coming back so it should back off for a bit and then try
>> again.
> The RC code for that can be RC_LOG or RC_RETRANSMISSION. Both should
> cause the return code for whack to be 0.

you're saying that for this case the exit code should be zero from whack?

>> As an aside, all the ikev2-unknown-payload-* tests prod this area, and
>> highlight how inconsistent pluto is with handling this case.  Hmm,
>> just noticed that ikev2-unknown-payload-03-auth-sk-critical doesn't
>> try again :-/
> That's a bug then, but fortunately pretty minor.
> Paul

More information about the Swan-dev mailing list