[Swan-dev] state numbers in enduser output?
Andrew Cagney
andrew.cagney at gmail.com
Tue Mar 5 17:55:21 EET 2024
On Tue, 5 Mar 2024 at 10:23, Paul Wouters via Swan-dev
<swan-dev at lists.libreswan.org> wrote:
>
> On Tue, 5 Mar 2024, Andrew Cagney via Swan-commit wrote:
>
> > Date: Mon Mar 4 20:15:11 2024 -0500
> >
> > ikev2: drop .... and NOT sending notify
> >
> > it's redundant and confusing vis:
> > "west-cuckold" #4: sent INFORMATIONAL request to delete IKE SA
> > "west-cuckold" #5: ESP traffic information: in=0B out=0B
> > -"west-cuckold" #4: deleting IKE SA (IKE_SA_DELETE) and NOT sending notification
> > +"west-cuckold" #4: deleting IKE SA (STATE_IKESA_DEL)
>
> I'm okay with this, but I thought we were also aiming at removing all
> state names from user output? Eg why not "+"west-cuckold" #4: deleting IKE SA"
Fair question (I wondered if the example was a little misleading).
STATE_IKESA_DEL is the state's story :-( When it isn't bogus, it is
somewhat useful vis:
"westnet-eastnet-k2" #1: STATE_V2_PARENT_I1: 3 second timeout
exceeded after 2 retransmits. No response (or no acceptable response)
to our first IKEv2 message
"westnet-eastnet-k2" #1: connection is supposed to remain up; revival
attempt 1 scheduled in 0 seconds
"westnet-eastnet-k2" #1: IMPAIR: revival: skip scheduling revival event
-"westnet-eastnet-k2" #1: deleting IKE SA (PARENT_I1) and NOT sending
notification
+"westnet-eastnet-k2" #1: deleting IKE SA (sent IKE_SA_INIT request)
"private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1: processed
IKE_SA_INIT response from 192.1.2.23:UDP/500 {cipher=AES_GCM_16_256
integ=n/a prf=HMAC_SHA2_512 group=DH19}, initiating IKE_AUTH
"private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1: IKE SA
authentication request rejected by peer: AUTHENTICATION_FAILED
"private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1: encountered
fatal error in state STATE_V2_PARENT_I2
-"private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1: deleting IKE SA
(PARENT_I2) and NOT sending notification
+"private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1: deleting IKE SA
(sent IKE_AUTH request)
but it could easily be dropped.
More information about the Swan-dev
mailing list