[Swan-dev] drop ipsec-auto-up.n.sed
Andrew Cagney
andrew.cagney at gmail.com
Mon Sep 28 16:44:03 UTC 2020
I'm planning on removing the sanitizer ipsec-auto-up.n.sed. It removes
what I consider to be important contextual information from console.txt.
For instance, consider this output:
--- MASTER/testing/pluto/nss-cert-crl-03-strict/west.console.txt
+++ OUTPUT/testing/pluto/nss-cert-crl-03-strict/west.console.txt
@@ -41,8 +41,10 @@
1v1 "nss-cert-crl" #1: sent Main Mode I3
003 "nss-cert-crl" #1: ignoring informational payload
INVALID_ID_INFORMATION, msgid=00000000, length=12
003 "nss-cert-crl" #1: received and ignored notification payload:
INVALID_ID_INFORMATION
003 "nss-cert-crl" #1: ignoring informational payload
INVALID_ID_INFORMATION, msgid=00000000, length=12
003 "nss-cert-crl" #1: received and ignored notification payload:
INVALID_ID_INFORMATION
002 "nss-cert-crl" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario,
L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org,
E=user-east at testing.libreswan.org'
002 "nss-cert-crl" #1: certificate verified OK: E=
user-east at testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test
Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
003 "nss-cert-crl" #1: authenticated using RSA with SHA-1
the duplicate "ignoring informational payload" seems to be from the other
end spontaneously sending duplicates (this is IKEv1 after all), and things
take time to establish because the other end was slow. However, once
retransmits are visible:
--- MASTER/testing/pluto/nss-cert-crl-03-strict/west.console.txt
+++ OUTPUT/testing/pluto/nss-cert-crl-03-strict/west.console.txt
@@ -41,8 +41,10 @@
1v1 "nss-cert-crl" #1: sent Main Mode I3
003 "nss-cert-crl" #1: ignoring informational payload
INVALID_ID_INFORMATION, msgid=00000000, length=12
003 "nss-cert-crl" #1: received and ignored notification payload:
INVALID_ID_INFORMATION
+010 "nss-cert-crl" #1: STATE_MAIN_I3: retransmission; will wait 0.5
seconds for response
003 "nss-cert-crl" #1: ignoring informational payload
INVALID_ID_INFORMATION, msgid=00000000, length=12
003 "nss-cert-crl" #1: received and ignored notification payload:
INVALID_ID_INFORMATION
+010 "nss-cert-crl" #1: STATE_MAIN_I3: retransmission; will wait 1 seconds
for response
002 "nss-cert-crl" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario,
L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org,
E=user-east at testing.libreswan.org'
002 "nss-cert-crl" #1: certificate verified OK: E=
user-east at testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test
Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
003 "nss-cert-crl" #1: authenticated using RSA with SHA-1
it looks more likely that the re-transmit triggered forward progress.
Similarly, but in contrast:
--- MASTER/testing/pluto/ikev2-keyingtries-01/west.console.txt
+++ OUTPUT/testing/pluto/ikev2-keyingtries-01/west.console.txt
@@ -28,7 +28,9 @@
002 "westnet-eastnet-k1" #1: IMPAIR: omitting KE payload
1v2 "westnet-eastnet-k1" #1: sent IKE_SA_INIT request
003 "westnet-eastnet-k1" #1: dropping unexpected IKE_SA_INIT message
containing INVALID_SYNTAX notification; message payloads: N; missing
payloads: SA,KE,Ni
+010 "westnet-eastnet-k1" #1: STATE_PARENT_I1: retransmission; will wait 1
seconds for response
003 "westnet-eastnet-k1" #1: dropping unexpected IKE_SA_INIT message
containing INVALID_SYNTAX notification; message payloads: N; missing
payloads: SA,KE,Ni
+010 "westnet-eastnet-k1" #1: STATE_PARENT_I1: retransmission; will wait 2
seconds for response
003 "westnet-eastnet-k1" #1: dropping unexpected IKE_SA_INIT message
containing INVALID_SYNTAX notification; message payloads: N; missing
payloads: SA,KE,Ni
031 "westnet-eastnet-k1" #1: STATE_PARENT_I1: 3 second timeout exceeded
after 2 retransmits. No response (or no acceptable response) to our first
IKEv2 message
002 "westnet-eastnet-k1" #1: deleting state (STATE_PARENT_I1) and NOT
sending notification
the re-transmits suggest they are just adding noise to the test (and it
could delete-on-retransmit).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20200928/ee8e91bb/attachment.html>
More information about the Swan-dev
mailing list