[Swan-dev] ran the tests. Please fix what you can!

D. Hugh Redelmeier hugh at mimosa.com
Mon May 21 20:00:52 UTC 2018


I looked at these for a while but I didn't have time to do the whole
list.

data packet lost:
testing/pluto/ikev2-delete-05-sa-start failed west:output-different
testing/pluto/ikev2-delete-06-start-both failed west:output-different
testing/pluto/ikev1-algo-esp-sha2-01-netkey-klips failed west:output-different
testing/pluto/ikev1-algo-esp-sha2-02-netkey-klips failed west:output-different

all data packets lost:
testing/pluto/interop-ikev2-strongswan-38-mobike-initiator failed north:output-different
testing/pluto/newoe-06-prio failed east:output-different road:output-different

-| "westnet-eastnet" #1: discarding duplicate packet; already STATE_MAIN_I2
 | "westnet-eastnet" #1: discarding duplicate packet; already STATE_MAIN_I4
testing/pluto/ikev1-impair-01-replay-duplicates failed west:output-different

bad sanitizer (fixed):
testing/pluto/ikev2-48-nat-cp-start failed road:output-different
testing/pluto/netkey-vti-09 failed east:output-different west:output-different
testing/pluto/interop-ikev2-strongswan-39-mobike-responder failed road:output-different

 002 "road"[1] 192.1.2.23 #2: suppressing retransmit because IMPAIR_RETRANSMITS is set.
-002 "road"[1] 192.1.2.23 #2: certificate verified OK: E=user-east at testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
-002 "road"[1] 192.1.2.23 #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org'
testing/pluto/ikev2-10-2behind-nat failed east:output-different road:output-different
testing/pluto/ikev2-10-2behind-nat/OUTPUT/east.console.diff

-192.0.2.0/24 via 192.1.2.23 dev eth1 
testing/pluto/ikev2-algo-ike-dh-ecp-01 failed west:output-different
testing/pluto/ikev2-unknown-payload-01-sa-init failed west:output-different
testing/pluto/ikev2-unknown-payload-03-auth-sk failed west:output-different
testing/pluto/ikev2-impair-04-corrupt-auth-sk-payload failed west:output-different

 CHILD_SA road-east{1} established with SPIs SPISPI_i SPISPI_o and TS 192.0.3.10/32 === 192.0.2.0/24
-peer supports MOBIKE
testing/pluto/interop-ikev2-strongswan-38-mobike-pool failed east:output-different road:output-different


-003 "westnet-eastnet-ipv4-psk-ikev2" #3: reschedule pending Phase 2 of connection"westnet-eastnet-ipv4-psk-ikev2" state #4: - the parent is going away
+003 "westnet-eastnet-ipv4-psk-ikev2" #3: reschedule pending child #4 STATE_PARENT_I2 of connection "westnet-eastnet-ipv4-psk-ikev2" - the parent is going away
testing/pluto/ikev2-unknown-payload-02-auth failed west:output-different

-003 "san" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12
-003 "san" #1: received and ignored informational message
testing/pluto/ikev1-x509-05-san-firstemail-match failed west:output-different
testing/pluto/ikev1-x509-07-san-ip-mismatch failed west:output-different

-002 "san" #1: Peer ID is ID_USER_FQDN: 'east at testing.libreswan.org'
-002 "san" #1: certificate verified OK: E=user-east at testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
-003 "san" #1: Authenticated using RSA
-004 "san" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=aes_256 integ=sha2_256 group=MODP2048}
-002 "san" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
-002 "san" #2: IMPAIR RETRANSMITS: scheduling timeout in 0.5 seconds
-117 "san" #2: STATE_QUICK_I1: initiate
-004 "san" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
+002 "san" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set
+002 "san" #1: IMPAIR RETRANSMITS: suppressing re-key
+002 "san" #1: deleting state (STATE_MAIN_I3)
testing/pluto/ikev1-x509-09-san-email-match failed west:output-different
testing/pluto/ikev1-x509-10-san-ip-match failed west:output-different

IKE retransmission:
testing/pluto/ikev2-x509-20-multicert-rightid-san-wildcard failed west:output-different

On road:
-002 "westnet-eastnet-ipv4-psk-ikev1" #1: Received IP address 192.0.2.1/32
+002 "westnet-eastnet-ipv4-psk-ikev1" #1: Received IP address 192.0.2.2/32
-002 "westnet-eastnet-ipv4-psk-ikev1" #1: setting ip source address to 192.0.2.1/32
+002 "westnet-eastnet-ipv4-psk-ikev1" #1: setting ip source address to 192.0.2.2/32
On east, lots of mayhem, starint with:
-000 "roadnet-eastnet-ipv4-psk-ikev1"[2]: 192.1.2.23/32===192.1.2.23<192.1.2.23>[@east,MS+XS+S=C]...192.1.2.63[@road,+MC+XS+S=C]===192.0.2.1/32; erouted; eroute owner: #4
+000 "roadnet-eastnet-ipv4-psk-ikev1"[1]: 192.1.2.23/32===192.1.2.23<192.1.2.23>[@east,MS+XS+S=C]...192.1.2.254[@road,+MC+XS+S=C]===192.0.2.1/32; erouted; eroute owner: #2
+000 "roadnet-eastnet-ipv4-psk-ikev1"[1]:     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
testing/pluto/ikev1-hostpair-01 failed east:output-different road:output-different

mostly the same but in a different order:
testing/pluto/nflog-01-global failed west:output-different

tcpdump didn't work:
+tcpdump: truncated dump file; tried to read 4 file header bytes, only got 0
testing/pluto/nflog-03-conns failed west:output-different

+002 "westnet-eastnet-vti" #2: prepare-client output: vti interface "vti0" already exists with conflicting setting (perhaps need vti-sharing=yes ?
testing/pluto/netkey-vti-01 failed west:output-different
testing/pluto/netkey-vti-05 failed west:output-different
testing/pluto/netkey-vti-06 failed road:output-different

testing/pluto/newoe-07-ike-replace-initiator failed road:output-different
testing/pluto/newoe-15-portpass failed road:output-different
testing/pluto/newoe-20-ipv6 failed east:output-different road:output-different
testing/pluto/newoe-21-liveness-clear failed east:output-different road:output-different
testing/pluto/newoe-23-reverse-nat failed east:output-different road:output-different
testing/pluto/newoe-25-cat-2 failed road:output-different
testing/pluto/newoe-25-cat-3-4-way failed north:output-different road:output-different
testing/pluto/newoe-25-cat-4 failed road:output-different
testing/pluto/newoe-27-replace-sa failed road:output-different
testing/pluto/newoe-27-replace-sa-authnull failed east:output-different road:output-different
testing/pluto/certoe-06-nat-packet-cop failed east:output-different road:output-different
testing/pluto/certoe-07-nat-2-clients failed east:output-different north:output-different road:output-different
testing/pluto/newoe-18-poc-cop-port22-transport failed road:output-different
testing/pluto/ikev2-asymmetric-01-parsing failed west:output-different
testing/pluto/ikev2-asymmetric-16-auth-mismatch failed west:output-different
testing/pluto/dpd-01 failed west:output-different
testing/pluto/dpd-02 failed west:output-different
testing/pluto/dpd-03 failed west:output-different
testing/pluto/dpd-04 failed west:output-different
testing/pluto/dpd-05 failed west:output-different
testing/pluto/dpd-06 failed west:output-different
testing/pluto/dpd-07 failed west:output-different
testing/pluto/dpd-09-shared failed north:output-different
testing/pluto/x509-pluto-02 failed north:output-different
testing/pluto/x509-pluto-03 failed west:output-different
testing/pluto/x509-pluto-frag-01 failed east:output-different road:output-different
testing/pluto/x509-pluto-frag-02 failed east:output-different road:output-different
testing/pluto/xauth-pluto-24-static-addresspool failed east:output-different north:output-different road:output-different
testing/pluto/interop-ikev2-strongswan-34-esp-null-responder failed west:output-different
testing/pluto/klips-algo-twofish-01 failed west:output-different
testing/pluto/klips-algo-serpent-01 failed west:output-different
testing/pluto/klips-algo-cast-01 failed west:output-different
testing/pluto/klips-basic-pluto-01 failed east:output-different
testing/pluto/ah-pluto-07-klips-netkey failed west:output-different
testing/pluto/interop-ikev1-strongswan-11-ah-initiator-sha512 failed west:output-different
testing/pluto/klips-netkey-pluto-06 failed west:output-different
testing/pluto/ikev2-ipv6-transport-mode-02-netkey-netkey failed east:output-different
testing/pluto/interop-ikev2-strongswan-07-strongswan failed west:output-different
testing/pluto/interop-ikev2-strongswan-29-responder-rekey failed west:output-different
testing/pluto/interop-ikev2-strongswan-35-rekey-reauth failed east:output-different west:output-different
testing/pluto/interop-ikev2-strongswan-35-responder-rekey-pfs failed west:output-different
testing/pluto/l2tp-01 failed north:output-different
testing/pluto/l2tp-02 failed north:output-different
testing/pluto/fips-08-ikev2-x509 failed east:output-different west:output-different
testing/pluto/fips-10-ikev2-psk failed west:output-different
testing/pluto/klips-passthrough-00 failed west:output-different
testing/pluto/nss-cert-crl-01 failed west:output-different
testing/pluto/nss-cert-crl-03 failed west:output-different
testing/pluto/nss-cert-crl-03-strict failed west:output-different
testing/pluto/nss-cert-09-notyetvalid-initiator failed east:output-different west:output-different
testing/pluto/nss-cert-10-notyetvalid-responder-ikev2 failed east:output-different west:output-different
testing/pluto/seccomp-03-updown failed road:output-different

testing/pluto/ikev2-09-rw-rsa unresolved east:output-missing nic:output-missing road:output-missing
testing/pluto/ikev2-48-nat-cp unresolved east:output-missing nic:output-missing road:output-missing
testing/pluto/ikev2-50-propnum unresolved east:output-missing west:output-missing
testing/pluto/ikev2-51-rw-nat-ikeport unresolved east:output-missing nic:output-missing road:output-missing
testing/pluto/certoe-03-cop-whack unresolved east:output-missing nic:output-missing road:output-missing
testing/pluto/ikev2-liveness-01 unresolved east:output-missing west:output-missing
testing/pluto/ikev2-liveness-02 unresolved east:output-missing west:output-missing
testing/pluto/ikev2-liveness-03 unresolved east:output-missing west:output-missing
testing/pluto/ikev2-liveness-05 unresolved east:output-missing west:output-missing
testing/pluto/ikev2-cp-01-resolvconf unresolved east:output-missing nic:output-missing road:output-missing
testing/pluto/x509-pluto-frag-00 unresolved east:output-missing nic:output-missing road:output-missing


More information about the Swan-dev mailing list