[Swan-dev] "westnet-eastnet-ikev2c" #11: EXPECTATION FAILED: initiator == NULL (in is_duplicate_response() at ikev2.c:1488)
Andrew Cagney
andrew.cagney at gmail.com
Fri Jun 21 00:12:51 UTC 2019
https://testing.libreswan.org/v3.28-276-g4bcbe4ec4-master/ikev2-ike-rekey-04/OUTPUT/
The expectation failure is correct. Here's roughly what happens:
west:
west.#8 needs a rekey, so west.#11 is created and it sends off a
CREATE_CHILD_SA, with ID 3
#8 gives up on the re-key so it forces a delete request (aka record
'n' send), sending a second message with ID 4
two messages sent with a window size of 1
east:
receives the rekey with ID 3, creates east.#11 and and sends it off
for further processing
receives the delete with ID 4, forces a message ID update and sends an
ID 4 response confirming the delete
east.#3 finishes its crypto so east sends back its response with Message ID *3*
two messages returned and out-of-order and still with a window size of 1
and then west:
gets the ID 4 response, tries to delete the IKE SA but can't because
west.#11 is lurking; but regardless the ID window is forced 2->4
gets the ID 3 response, which is clearly to-old so expects no state
yet finds the lingering west.#11, arggggh
Maybe discard the state to dig our way out of the hole.
Need I say record 'n' send yet again.
:-(
More information about the Swan-dev
mailing list