[Swan-dev] IKEv1 and XFRMi interface

Paul Wouters paul at nohats.ca
Fri Sep 4 16:15:05 UTC 2020

On Fri, 4 Sep 2020, Antony Antony wrote:

> https://testing.libreswan.org/v3.30-1548-g6ff4d70e27-main/ikev2-xfrmi-01/
> showing up as pass. So I am not following the issue.
> Lets discuss this further on swan-dev!

That is an ikev2 test case, not an ikev1 test case.

kvmplutotest	ikev1-xfrmi-01				good
kvmplutotest	ikev1-xfrmi-02				wip
kvmplutotest	ikev1-xfrmi-02-aggr			wip
kvmplutotest	ikev1-xfrmi-04				good
kvmplutotest	ikev1-xfrmi-04-aggr			good
kvmplutotest	ikev1-xfrmi-05-remote-access-client	good

For ikev1-xfrmi-02 and ikev1-xfrmi-02-aggr we see:

4 packets transmitted, 4 received, 0% packet loss, time XXXX

  ip -s link show ipsec1
X: ipsec1 at eth0: <NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN
     RX: bytes  packets  errors  dropped overrun mcast
     0          0        0       0       0       0
     TX: bytes  packets  errors  dropped carrier collsns
     440        5        0       0       0       0

006 #2: "road", type=ESP, add_time=1234567890, inBytes=0, outBytes=440, id='@east'

So it looks like something weird is happening on the incoming byte stream? Like
arriving in the clear?


More information about the Swan-dev mailing list