[Swan-dev] a question on whack exit codes (libreswan-up-down.sh)
Andrew Cagney
andrew.cagney at gmail.com
Wed May 9 16:32:30 UTC 2018
On 9 May 2018 at 11:29, Paul Wouters <paul at nohats.ca> wrote:
> On Mon, 7 May 2018, Andrew Cagney wrote:
>
>>> This log message has the wrong RC_XXX type.
>>>
>>> Looking closer, it seems that RC_WHACK_PROBLEM is unfortunately placed
>>> in lswlog.h. I'll push a fix.
>>
>>
>> I don't think that helped.
>
>
> Can you elaborate? I do think it fixed something, but you might run into
> other messages using a wrong RC_* code ?
In this test:
http://testing.libreswan.org/results/v3.22-1343-g648051a-master/ikev2-unknown-payload-03-auth-sk/OUTPUT/west.console.diff
The 'ipsec auto --up <connection>' didn't establish - something
screwed up so it is retrying in the background.
Previously, the exit code would have been non zero, but now it is
zero. However, ...
>> Here all the initiator knows is that something is wrong.
>>
>> Because the other end never proved their identity, the initiator can't
>> trust what is coming back so it should back off for a bit and then try
>> again.
>
>
> The RC code for that can be RC_LOG or RC_RETRANSMISSION. Both should
> cause the return code for whack to be 0.
you're saying that for this case the exit code should be zero from whack?
>> As an aside, all the ikev2-unknown-payload-* tests prod this area, and
>> highlight how inconsistent pluto is with handling this case. Hmm,
>> just noticed that ikev2-unknown-payload-03-auth-sk-critical doesn't
>> try again :-/
>
>
> That's a bug then, but fortunately pretty minor.
>
> Paul
More information about the Swan-dev
mailing list