[Swan-dev] robustifying certoe-14-poc-del-slash32

Andrew Cagney andrew.cagney at gmail.com
Mon Jan 20 13:27:02 UTC 2020 

My local certoe-14-poc-del-slash32 sometimes fails vis:

--- MASTER/testing/pluto/certoe-14-poc-del-slash32/road.console.txt
+++ OUTPUT/testing/pluto/certoe-14-poc-del-slash32/road.console.txt
@@ -45,12 +45,11 @@
 road #
  ping -n -c 5 -I 192.1.3.209 192.1.2.23
 PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.
-64 bytes from 192.1.2.23: icmp_seq=2 ttl=64 time=0.XXX ms
 64 bytes from 192.1.2.23: icmp_seq=3 ttl=64 time=0.XXX ms
 64 bytes from 192.1.2.23: icmp_seq=4 ttl=64 time=0.XXX ms
 64 bytes from 192.1.2.23: icmp_seq=5 ttl=64 time=0.XXX ms
 --- 192.1.2.23 ping statistics ---
-5 packets transmitted, 4 received, 20% packet loss, time XXXX
+5 packets transmitted, 3 received, 40% packet loss, time XXXX
 rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
 road #
  # wait on OE retransmits and rekeying
@@ -60,7 +59,7 @@
  # should show established tunnel and no bare shunts
 road #
  ipsec whack --trafficstatus
-006 #2: "private-or-clear#192.1.2.23/32"[1] ...192.1.2.23, type=ESP,
add_time=1234567890, inBytes=336, outBytes=336, id='ID_NULL'
+006 #2: "private-or-clear#192.1.2.23/32"[1] ...192.1.2.23, type=ESP,
add_time=1234567890, inBytes=252, outBytes=252, id='ID_NULL'
 road #
  ipsec whack --shuntstatus
 000 Bare Shunt list:

given only 4 of 5 pings are expected to work, I'm gessing the intent
is for the first ping to trigger OE and then, when things are up, for
the remaining pings get through?

With that in mind, what about the below:

diff --git a/testing/pluto/certoe-14-poc-del-slash32/3-road-run.sh
b/testing/pluto/certoe-14-poc-del-slash32/3-road-run.sh
index aa2211d0fa..d1c351867d 100644
--- a/testing/pluto/certoe-14-poc-del-slash32/3-road-run.sh
+++ b/testing/pluto/certoe-14-poc-del-slash32/3-road-run.sh
@@ -1,10 +1,9 @@
-ping -n -c 5 -I 192.1.3.209 192.1.2.23
-# wait on OE retransmits and rekeying
-sleep 5
+# trigger oe?
+../../pluto/bin/ping-once.sh --down -I 192.1.3.209 192.1.2.23
+# wait for things to come online; expect 0
+../../pluto/bin/wait-for-whack-trafficstatus.sh
'private-or-clear#192.1.2.23/32'
 # should show established tunnel and no bare shunts
+../../pluto/bin/ping-once.sh --up -I 192.1.3.209 192.1.2.23
 ipsec whack --trafficstatus
 ipsec whack --shuntstatus
-# ping should succeed through tunnel
-ping -n -c 2 -I 192.1.3.209 192.1.2.23
-ipsec whack --trafficstatus
 echo "waiting on east to send delete for this IPsec SA"

More information about the Swan-dev mailing list