[Swan] klips + ipsec whack --shutdown causes lockup
Brian T
btuch at usa.net
Sat Sep 7 13:55:34 UTC 2019
>> You still have XFRM loaded or compiled in?
Found the dependency modules in the kernel config that were causing xfrm
to build and removed them. The lockup issue is still present.
-Brian
[root at DA70N-051656 tmp]# ipsec --version
Linux Libreswan U3.master-201936.git/K(no kernel code presently loaded)
on 4.9.119
[root at DA70N-051656 tmp]# service ipsec start
Starting pluto IKE daemon for IPsec: | pfkey_msg_hdr_build:
| pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbec085c4
pfkey_ext=0p0xbec087f8 *pfkey_ext=0p(nil).
| pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbec085c4
pfkey_ext=0p0xbec087f8 *pfkey_ext=0p0x85b150.
| pfkey_msg_build: extensions[0] needs 16 bytes
| pfkey_msg_build: pfkey_msg=0p0x85b168 allocated 16 bytes,
&(extensions[0])=0p0xbec087f8
| pfkey_msg_parse: parsing message ver=2, type=9(flush), errno=0,
satype=0(UNKNOWN), len=2, res=0, seq=1, pid=4995.
| pfkey_msg_parse: remain=0
| pfkey_extensions_free:Free extension 0 (16)
.
[root at DA70N-051656 tmp]# ipsec barf
Unable to find KLIPS messages, typically found in /var/log/messages or
equivalent. You may need to run Libreswan for the first time;
alternatively, your log files have been emptied (ie, logrotate) or we do
not understand your logging configuration.
Unable to find Pluto messages, typically found in /var/log/secure or
equivalent. You may need to run Libreswan for the first time;
alternatively, your log files have been emptied (ie, logrotate) or we do
not understand your logging configuration.
DA70N-051656
Sat Sep 7 08:49:25 CDT 2019
+ _________________________ version
+ ipsec --version
Linux Libreswan 3.master-201936.git (klips) on 4.9.119
+ _________________________ /proc/version
+ cat /proc/version
Linux version 4.9.119 (captain at cd6f56f3db6d) (gcc version 7.4.0
(Ubuntu/Linaro 7.4.0-1ubuntu1~18.04) ) #1 PREEMPT Sat Sep 7 02:38:54 UTC
2019
+ _________________________ /proc/net/ipsec_eroute
+ '[' -r /proc/net/ipsec_eroute ']'
+ sort -sg -k 3 /proc/net/ipsec_eroute
0 10.10.0.0/24 -> 10.0.0.0/24 => tun0x100c at 166.130.x.x
0 10.10.0.0/24 -> 10.0.1.0/24 => tun0x100e at 166.130.x.x
0 10.10.0.0/24 -> 172.20.0.0/24 => tun0x1010 at 166.130.x.x
0 172.18.0.0/24 -> 10.0.0.0/24 => tun0x1006 at 166.130.x.x
0 172.18.0.0/24 -> 10.0.1.0/24 => tun0x1008 at 166.130.x.x
0 172.18.0.0/24 -> 172.20.0.0/24 => tun0x100a at 166.130.x.x
0 192.168.1.0/24 -> 10.0.0.0/24 => tun0x1000 at 166.130.x.x
0 192.168.1.0/24 -> 10.0.1.0/24 => tun0x1002 at 166.130.x.x
0 192.168.1.0/24 -> 172.20.0.0/24 => tun0x1004 at 166.130.x.x
+ _________________________ /proc/net/ipsec_spi
+ '[' -r /proc/net/ipsec_spi ']'
+ cat /proc/net/ipsec_spi
tun0x1010 at 166.130.x.x IPIP: dir=out src=100.114.157.13
jiffies=4294951845 life(c,s,h)=addtime(18,0,0) natencap=none natsport=0
natdport=0 refcount=3 ref=33 refhim=0
tun0x100e at 166.130.x.x IPIP: dir=out src=100.114.157.13
jiffies=4294951845 life(c,s,h)=addtime(19,0,0) natencap=none natsport=0
natdport=0 refcount=3 ref=29 refhim=0
tun0x100c at 166.130.x.x IPIP: dir=out src=100.114.157.13
jiffies=4294951845 life(c,s,h)=addtime(19,0,0) natencap=none natsport=0
natdport=0 refcount=3 ref=25 refhim=0
tun0x100a at 166.130.x.x IPIP: dir=out src=100.114.157.13
jiffies=4294951845 life(c,s,h)=addtime(19,0,0) natencap=none natsport=0
natdport=0 refcount=3 ref=21 refhim=0
tun0x1008 at 166.130.x.x IPIP: dir=out src=100.114.157.13
jiffies=4294951845 life(c,s,h)=addtime(19,0,0) natencap=none natsport=0
natdport=0 refcount=3 ref=17 refhim=0
tun0x1006 at 166.130.x.x IPIP: dir=out src=100.114.157.13
jiffies=4294951845 life(c,s,h)=addtime(19,0,0) natencap=none natsport=0
natdport=0 refcount=3 ref=13 refhim=0
tun0x1004 at 166.130.x.x IPIP: dir=out src=100.114.157.13
jiffies=4294951845 life(c,s,h)=addtime(21,0,0) natencap=none natsport=0
natdport=0 refcount=3 ref=9 refhim=0
tun0x1002 at 166.130.x.x IPIP: dir=out src=100.114.157.13
jiffies=4294951845 life(c,s,h)=addtime(21,0,0) natencap=none natsport=0
natdport=0 refcount=3 ref=5 refhim=0
tun0x1000 at 166.130.x.x IPIP: dir=out src=100.114.157.13
jiffies=4294951845 life(c,s,h)=addtime(23,0,0) natencap=none natsport=0
natdport=0 refcount=3 ref=1 refhim=0
esp0x578d3f4c at 100.114.157.13 ESP_AES_HMAC_SHA1: dir=in src=166.130.x.x
iv_bits=128bits iv=0xb11d203840941679c8e46911046e7cfa ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(18,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=36 refhim=0
esp0x578d3f4b at 100.114.157.13 ESP_AES_HMAC_SHA1: dir=in src=166.130.x.x
iv_bits=128bits iv=0x58fdfbd4b61c331f9c25510437e0a7fb ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=32 refhim=0
esp0x578d3f4a at 100.114.157.13 ESP_AES_HMAC_SHA1: dir=in src=166.130.x.x
iv_bits=128bits iv=0x63fa120df1e46ac70833a539e965d710 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=28 refhim=0
esp0x578d3f49 at 100.114.157.13 ESP_AES_HMAC_SHA1: dir=in src=166.130.x.x
iv_bits=128bits iv=0x19d73e2d7e7397f8b75c57606ddac299 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=24 refhim=0
esp0x578d3f48 at 100.114.157.13 ESP_AES_HMAC_SHA1: dir=in src=166.130.x.x
iv_bits=128bits iv=0xf1a1e675d300707f24ad08266fcc451b ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=20 refhim=0
esp0x578d3f47 at 100.114.157.13 ESP_AES_HMAC_SHA1: dir=in src=166.130.x.x
iv_bits=128bits iv=0x3d1c548c295fcb816aa5d1e78371d542 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=16 refhim=0
esp0x578d3f46 at 100.114.157.13 ESP_AES_HMAC_SHA1: dir=in src=166.130.x.x
iv_bits=128bits iv=0x0f6011dd606e33677a9d4457831f6521 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(21,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=12 refhim=0
esp0x578d3f45 at 100.114.157.13 ESP_AES_HMAC_SHA1: dir=in src=166.130.x.x
iv_bits=128bits iv=0xa086410a2dd54ed420c3540f967b1df1 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(21,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=8 refhim=0
esp0x578d3f44 at 100.114.157.13 ESP_AES_HMAC_SHA1: dir=in src=166.130.x.x
iv_bits=128bits iv=0x1e54aa196e1ec811723fb47146339a31 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(23,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=4 refhim=0
tun0x1011 at 100.114.157.13 IPIP: dir=in src=166.130.x.x
policy=172.20.0.0/24->10.10.0.0/24 flags=0x8<> jiffies=4294951845
life(c,s,h)=addtime(18,0,0) natencap=none natsport=0 natdport=0
refcount=3 ref=35 refhim=0
tun0x100f at 100.114.157.13 IPIP: dir=in src=166.130.x.x
policy=10.0.1.0/24->10.10.0.0/24 flags=0x8<> jiffies=4294951845
life(c,s,h)=addtime(19,0,0) natencap=none natsport=0 natdport=0
refcount=3 ref=31 refhim=0
esp0xc42ed845 at 166.130.x.x ESP_AES_HMAC_SHA1: dir=out src=100.114.157.13
iv_bits=128bits iv=0x867a92e4fe7c22e5595b6d15e2c21f07 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(18,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=34 refhim=0
esp0xc42ed844 at 166.130.x.x ESP_AES_HMAC_SHA1: dir=out src=100.114.157.13
iv_bits=128bits iv=0xae5efb79ce16a7738c3bdb0a3ffafc85 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=30 refhim=0
tun0x100d at 100.114.157.13 IPIP: dir=in src=166.130.x.x
policy=10.0.0.0/24->10.10.0.0/24 flags=0x8<> jiffies=4294951845
life(c,s,h)=addtime(19,0,0) natencap=none natsport=0 natdport=0
refcount=3 ref=27 refhim=0
esp0xc42ed843 at 166.130.x.x ESP_AES_HMAC_SHA1: dir=out src=100.114.157.13
iv_bits=128bits iv=0x056e45dde052fa360beccf1311baac23 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=26 refhim=0
tun0x100b at 100.114.157.13 IPIP: dir=in src=166.130.x.x
policy=172.20.0.0/24->172.18.0.0/24 flags=0x8<> jiffies=4294951845
life(c,s,h)=addtime(19,0,0) natencap=none natsport=0 natdport=0
refcount=3 ref=23 refhim=0
esp0xc42ed842 at 166.130.x.x ESP_AES_HMAC_SHA1: dir=out src=100.114.157.13
iv_bits=128bits iv=0x3dab8ff660986181d9131a6427140dd1 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=22 refhim=0
esp0xc42ed841 at 166.130.x.x ESP_AES_HMAC_SHA1: dir=out src=100.114.157.13
iv_bits=128bits iv=0xf6b56d31a6f215d0320835adad722265 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=18 refhim=0
tun0x1009 at 100.114.157.13 IPIP: dir=in src=166.130.x.x
policy=10.0.1.0/24->172.18.0.0/24 flags=0x8<> jiffies=4294951845
life(c,s,h)=addtime(19,0,0) natencap=none natsport=0 natdport=0
refcount=3 ref=19 refhim=0
esp0xc42ed840 at 166.130.x.x ESP_AES_HMAC_SHA1: dir=out src=100.114.157.13
iv_bits=128bits iv=0xcd58b61667bd9e827ea5201ac49f5950 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(19,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=14 refhim=0
esp0xc42ed83f at 166.130.x.x ESP_AES_HMAC_SHA1: dir=out src=100.114.157.13
iv_bits=128bits iv=0x7b75e622fd5efc8d7d8556d1de67328c ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(21,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=10 refhim=0
tun0x1007 at 100.114.157.13 IPIP: dir=in src=166.130.x.x
policy=10.0.0.0/24->172.18.0.0/24 flags=0x8<> jiffies=4294951845
life(c,s,h)=addtime(19,0,0) natencap=none natsport=0 natdport=0
refcount=3 ref=15 refhim=0
esp0xc42ed83e at 166.130.x.x ESP_AES_HMAC_SHA1: dir=out src=100.114.157.13
iv_bits=128bits iv=0x70d822b5706f9852b6fa05de2d70ff09 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(21,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=6 refhim=0
esp0xc42ed83d at 166.130.x.x ESP_AES_HMAC_SHA1: dir=out src=100.114.157.13
iv_bits=128bits iv=0xb86073b7b82792ed7ba5b85fbdbcbac6 ooowin=32 alen=160
aklen=160 eklen=128 jiffies=4294951845 life(c,s,h)=addtime(23,0,0)
natencap=nonesp natsport=4500 natdport=4500 refcount=3 ref=2 refhim=0
tun0x1005 at 100.114.157.13 IPIP: dir=in src=166.130.x.x
policy=172.20.0.0/24->192.168.1.0/24 flags=0x8<> jiffies=4294951845
life(c,s,h)=addtime(21,0,0) natencap=none natsport=0 natdport=0
refcount=3 ref=11 refhim=0
tun0x1003 at 100.114.157.13 IPIP: dir=in src=166.130.x.x
policy=10.0.1.0/24->192.168.1.0/24 flags=0x8<> jiffies=4294951845
life(c,s,h)=addtime(21,0,0) natencap=none natsport=0 natdport=0
refcount=3 ref=7 refhim=0
tun0x1001 at 100.114.157.13 IPIP: dir=in src=166.130.x.x
policy=10.0.0.0/24->192.168.1.0/24 flags=0x8<> jiffies=4294951845
life(c,s,h)=addtime(23,0,0) natencap=none natsport=0 natdport=0
refcount=3 ref=3 refhim=0
+ _________________________ /proc/net/ipsec_spigrp
+ '[' -r /proc/net/ipsec_spigrp ']'
+ cat /proc/net/ipsec_spigrp
tun0x1010 at 166.130.x.x esp0xc42ed845 at 166.130.x.x
tun0x100e at 166.130.x.x esp0xc42ed844 at 166.130.x.x
tun0x100c at 166.130.x.x esp0xc42ed843 at 166.130.x.x
tun0x100a at 166.130.x.x esp0xc42ed842 at 166.130.x.x
tun0x1008 at 166.130.x.x esp0xc42ed841 at 166.130.x.x
tun0x1006 at 166.130.x.x esp0xc42ed840 at 166.130.x.x
tun0x1004 at 166.130.x.x esp0xc42ed83f at 166.130.x.x
tun0x1002 at 166.130.x.x esp0xc42ed83e at 166.130.x.x
tun0x1000 at 166.130.x.x esp0xc42ed83d at 166.130.x.x
esp0x578d3f4c at 100.114.157.13 tun0x1011 at 100.114.157.13
esp0x578d3f4b at 100.114.157.13 tun0x100f at 100.114.157.13
esp0x578d3f4a at 100.114.157.13 tun0x100d at 100.114.157.13
esp0x578d3f49 at 100.114.157.13 tun0x100b at 100.114.157.13
esp0x578d3f48 at 100.114.157.13 tun0x1009 at 100.114.157.13
esp0x578d3f47 at 100.114.157.13 tun0x1007 at 100.114.157.13
esp0x578d3f46 at 100.114.157.13 tun0x1005 at 100.114.157.13
esp0x578d3f45 at 100.114.157.13 tun0x1003 at 100.114.157.13
esp0x578d3f44 at 100.114.157.13 tun0x1001 at 100.114.157.13
tun0x1011 at 100.114.157.13
tun0x100f at 100.114.157.13
esp0xc42ed845 at 166.130.x.x
esp0xc42ed844 at 166.130.x.x
tun0x100d at 100.114.157.13
esp0xc42ed843 at 166.130.x.x
tun0x100b at 100.114.157.13
esp0xc42ed842 at 166.130.x.x
esp0xc42ed841 at 166.130.x.x
tun0x1009 at 100.114.157.13
esp0xc42ed840 at 166.130.x.x
esp0xc42ed83f at 166.130.x.x
tun0x1007 at 100.114.157.13
esp0xc42ed83e at 166.130.x.x
esp0xc42ed83d at 166.130.x.x
tun0x1005 at 100.114.157.13
tun0x1003 at 100.114.157.13
tun0x1001 at 100.114.157.13
+ _________________________ /proc/net/ipsec_tncfg
+ '[' -r /proc/net/ipsec_tncfg ']'
+ cat /proc/net/ipsec_tncfg
ipsec0 -> wwan0 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
+ '[' -r /proc/sys/net/core/xfrm_acq_expires ']'
+ _________________________ ip-l2tp-tunnel
+ '[' -d /sys/module/l2tp_core ']'
+ '[' -d /sys/module/ip_vti ']'
+ _________________________ /proc/crypto
+ '[' -r /proc/crypto ']'
+ cat /proc/crypto
name : hmac(sha1)
driver : hmac(sha1-generic)
module : kernel
priority : 0
refcnt : 37
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20
name : cbc(aes)
driver : cbc(aes-generic)
module : kernel
priority : 100
refcnt : 37
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : hmac(sha512)
driver : omap-hmac-sha512
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 128
digestsize : 64
name : hmac(sha384)
driver : omap-hmac-sha384
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 128
digestsize : 48
name : sha512
driver : omap-sha512
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 128
digestsize : 64
name : sha384
driver : omap-sha384
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 128
digestsize : 48
name : hmac(sha256)
driver : omap-hmac-sha256
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 32
name : hmac(sha224)
driver : omap-hmac-sha224
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 28
name : sha256
driver : omap-sha256
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 32
name : sha224
driver : omap-sha224
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 28
name : hmac(md5)
driver : omap-hmac-md5
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 16
name : hmac(sha1)
driver : omap-hmac-sha1
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 20
name : md5
driver : omap-md5
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 16
name : sha1
driver : omap-sha1
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 20
name : cbc(des3_ede)
driver : cbc-des3-omap
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : <default>
name : ecb(des3_ede)
driver : ecb-des3-omap
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 0
geniv : <default>
name : cbc(des)
driver : cbc-des-omap
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 8
geniv : <default>
name : ecb(des)
driver : ecb-des-omap
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 0
geniv : <default>
name : rfc4106(gcm(aes))
driver : rfc4106-gcm-aes-omap
module : kernel
priority : 300
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 1
ivsize : 8
maxauthsize : 16
geniv : <none>
name : gcm(aes)
driver : gcm-aes-omap
module : kernel
priority : 300
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 1
ivsize : 12
maxauthsize : 16
geniv : <none>
name : ctr(aes)
driver : ctr-aes-omap
module : kernel
priority : 300
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : eseqiv
name : cbc(aes)
driver : cbc-aes-omap
module : kernel
priority : 300
refcnt : 37
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : ecb(aes)
driver : ecb-aes-omap
module : kernel
priority : 300
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : jitterentropy_rng
driver : jitterentropy_rng
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha256
module : kernel
priority : 207
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha512
module : kernel
priority : 206
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha384
module : kernel
priority : 205
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha1
module : kernel
priority : 204
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha256
module : kernel
priority : 203
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha512
module : kernel
priority : 202
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha384
module : kernel
priority : 201
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha1
module : kernel
priority : 200
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0
name : lzo
driver : lzo-generic
module : kernel
priority : 0
refcnt : 2
selftest : passed
internal : no
type : compression
name : crct10dif
driver : crct10dif-generic
module : kernel
priority : 100
refcnt : 2
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 2
name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 2
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4
name : michael_mic
driver : michael_mic-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 8
digestsize : 8
name : deflate
driver : deflate-generic
module : kernel
priority : 0
refcnt : 2
selftest : passed
internal : no
type : compression
name : ecb(arc4)
driver : ecb(arc4)-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 1
max keysize : 256
ivsize : 0
geniv : <default>
name : arc4
driver : arc4-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 1
min keysize : 1
max keysize : 256
name : aes
driver : aes-generic
module : kernel
priority : 100
refcnt : 19
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : des3_ede
driver : des3_ede-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : sha384
driver : sha384-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 48
name : sha512
driver : sha512-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 64
name : sha224
driver : sha224-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 28
name : sha256
driver : sha256-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 32
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 19
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 16
name : digest_null
driver : digest_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 0
name : compress_null
driver : compress_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : compression
name : ecb(cipher_null)
driver : ecb-cipher_null
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>
name : cipher_null
driver : cipher_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 198:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_*: '
/proc/sys/net/core/xfrm_*: + cat '/proc/sys/net/core/xfrm_*'
cat: can't open '/proc/sys/net/core/xfrm_*': No such file or directory
+ _________________________ /proc/sys/net/ipsec-star
+ '[' -d /proc/sys/net/ipsec ']'
+ cd /proc/sys/net/ipsec
+ grep -E '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_mast
debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel
debug_verbose debug_xform debug_xmit icmp inbound_policy_check tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_mast:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
debug_xmit:0
icmp:0
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+ ipsec whack --status
000 using kernel interface: klips
000 interface ipsec0/wwan0 100.114.157.13:4500
000 interface ipsec0/wwan0 100.114.157.13:500
000
000
000 fips mode=disabled;
000 SElinux=disabled
000 seccomp=unsupported
000
000 config setup options:
000
000 configdir=/etc, configfile=/etc/ipsec.conf,
secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d
000 nssdir=/etc/ipsec.d, dumpdir=/var/run/pluto, statsbin=unset
000 sbindir=/usr/sbin, libexecdir=/usr/libexec/ipsec
000 pluto_version=3.master-201936.git,
pluto_vendorid=OE-Libreswan-3.master-201936.git, audit-log=yes
000 nhelpers=-1, uniqueids=yes, dnssec-enable=no, perpeerlog=no,
logappend=yes, logip=yes, shuntlifetime=900s, xfrmlifetime=30s
000 ddos-cookies-threshold=50000, ddos-max-halfopen=25000, ddos-mode=auto
000 ikeport=500, ikebuf=0, msg_errqueue=yes, strictcrlpolicy=no,
crlcheckinterval=0, listen=<any>, nflog-all=0
000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset>
000 ocsp-trust-name=<unset>
000 ocsp-cache-size=1000, ocsp-cache-min-age=3600,
ocsp-cache-max-age=86400, ocsp-method=get
000 global-redirect=no, global-redirect-to=<unset>
000 secctx-attr-type=<unsupported>
000 debug:
000
000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500
000 virtual-private (%priv):
000 - allowed subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,
25.0.0.0/8, 100.64.0.0/10, fd00::/8, fe80::/10
000
000 Kernel algorithms supported:
000
000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256
000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128
000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128
000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160
000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256
000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256
000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384
000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512
000
000 IKE algorithms supported:
000
000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3,
v2name=3DES, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23,
v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20,
v2name=AES_GCM_C, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19,
v2name=AES_GCM_B, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18,
v2name=AES_GCM_A, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13,
v2name=AES_CTR, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12,
v2name=AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC,
v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC,
v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH,
v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28,
v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256
000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16
000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20
000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32
000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48
000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64
000 algorithm IKE PRF: name=AES_XCBC, hashlen=16
000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536
000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048
000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072
000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096
000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144
000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192
000 algorithm IKE DH Key Exchange: name=DH19, bits=512
000 algorithm IKE DH Key Exchange: name=DH20, bits=768
000 algorithm IKE DH Key Exchange: name=DH21, bits=1056
000 algorithm IKE DH Key Exchange: name=DH31, bits=256
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 Connection list:
000
000 "Tunnel1/1x1":
192.168.1.0/24===100.114.157.13[@HALOHALO]---100.114.157.14...166.130.x.x<166.130.x.x>[@RAMRAM]===10.0.0.0/24;
erouted; eroute owner: #2
000 "Tunnel1/1x1": oriented; my_ip=unset; their_ip=unset;
my_updown=ipsec _updown;
000 "Tunnel1/1x1": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "Tunnel1/1x1": our auth:secret, their auth:secret
000 "Tunnel1/1x1": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "Tunnel1/1x1": labeled_ipsec:no;
000 "Tunnel1/1x1": policy_label:unset;
000 "Tunnel1/1x1": ike_life: 28800s; ipsec_life: 3600s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "Tunnel1/1x1": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "Tunnel1/1x1": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "Tunnel1/1x1": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "Tunnel1/1x1": conn_prio: 24,24; interface: wwan0; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "Tunnel1/1x1": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no; nic-offload:auto;
000 "Tunnel1/1x1": our idtype: ID_FQDN; our id=@HALOHALO; their
idtype: ID_FQDN; their id=@RAMRAM
000 "Tunnel1/1x1": dpd: action:restart; delay:30; timeout:60; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "Tunnel1/1x1": newest ISAKMP SA: #0; newest IPsec SA: #2;
000 "Tunnel1/1x1": aliases: Tunnel1
000 "Tunnel1/1x1": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96;
pfsgroup=<Phase1>
000 "Tunnel1/1x2":
192.168.1.0/24===100.114.157.13[@HALOHALO]---100.114.157.14...166.130.x.x<166.130.x.x>[@RAMRAM]===10.0.1.0/24;
erouted; eroute owner: #3
000 "Tunnel1/1x2": oriented; my_ip=unset; their_ip=unset;
my_updown=ipsec _updown;
000 "Tunnel1/1x2": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "Tunnel1/1x2": our auth:secret, their auth:secret
000 "Tunnel1/1x2": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "Tunnel1/1x2": labeled_ipsec:no;
000 "Tunnel1/1x2": policy_label:unset;
000 "Tunnel1/1x2": ike_life: 28800s; ipsec_life: 3600s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "Tunnel1/1x2": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "Tunnel1/1x2": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "Tunnel1/1x2": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "Tunnel1/1x2": conn_prio: 24,24; interface: wwan0; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "Tunnel1/1x2": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no; nic-offload:auto;
000 "Tunnel1/1x2": our idtype: ID_FQDN; our id=@HALOHALO; their
idtype: ID_FQDN; their id=@RAMRAM
000 "Tunnel1/1x2": dpd: action:restart; delay:30; timeout:60; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "Tunnel1/1x2": newest ISAKMP SA: #0; newest IPsec SA: #3;
000 "Tunnel1/1x2": aliases: Tunnel1
000 "Tunnel1/1x2": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96;
pfsgroup=<Phase1>
000 "Tunnel1/1x3":
192.168.1.0/24===100.114.157.13[@HALOHALO]---100.114.157.14...166.130.x.x<166.130.x.x>[@RAMRAM]===172.20.0.0/24;
erouted; eroute owner: #4
000 "Tunnel1/1x3": oriented; my_ip=unset; their_ip=unset;
my_updown=ipsec _updown;
000 "Tunnel1/1x3": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "Tunnel1/1x3": our auth:secret, their auth:secret
000 "Tunnel1/1x3": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "Tunnel1/1x3": labeled_ipsec:no;
000 "Tunnel1/1x3": policy_label:unset;
000 "Tunnel1/1x3": ike_life: 28800s; ipsec_life: 3600s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "Tunnel1/1x3": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "Tunnel1/1x3": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "Tunnel1/1x3": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "Tunnel1/1x3": conn_prio: 24,24; interface: wwan0; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "Tunnel1/1x3": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no; nic-offload:auto;
000 "Tunnel1/1x3": our idtype: ID_FQDN; our id=@HALOHALO; their
idtype: ID_FQDN; their id=@RAMRAM
000 "Tunnel1/1x3": dpd: action:restart; delay:30; timeout:60; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "Tunnel1/1x3": newest ISAKMP SA: #0; newest IPsec SA: #4;
000 "Tunnel1/1x3": aliases: Tunnel1
000 "Tunnel1/1x3": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96;
pfsgroup=<Phase1>
000 "Tunnel1/2x1":
172.18.0.0/24===100.114.157.13[@HALOHALO]---100.114.157.14...166.130.x.x<166.130.x.x>[@RAMRAM]===10.0.0.0/24;
erouted; eroute owner: #5
000 "Tunnel1/2x1": oriented; my_ip=unset; their_ip=unset;
my_updown=ipsec _updown;
000 "Tunnel1/2x1": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "Tunnel1/2x1": our auth:secret, their auth:secret
000 "Tunnel1/2x1": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "Tunnel1/2x1": labeled_ipsec:no;
000 "Tunnel1/2x1": policy_label:unset;
000 "Tunnel1/2x1": ike_life: 28800s; ipsec_life: 3600s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "Tunnel1/2x1": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "Tunnel1/2x1": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "Tunnel1/2x1": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "Tunnel1/2x1": conn_prio: 24,24; interface: wwan0; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "Tunnel1/2x1": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no; nic-offload:auto;
000 "Tunnel1/2x1": our idtype: ID_FQDN; our id=@HALOHALO; their
idtype: ID_FQDN; their id=@RAMRAM
000 "Tunnel1/2x1": dpd: action:restart; delay:30; timeout:60; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "Tunnel1/2x1": newest ISAKMP SA: #0; newest IPsec SA: #5;
000 "Tunnel1/2x1": aliases: Tunnel1
000 "Tunnel1/2x1": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96;
pfsgroup=<Phase1>
000 "Tunnel1/2x2":
172.18.0.0/24===100.114.157.13[@HALOHALO]---100.114.157.14...166.130.x.x<166.130.x.x>[@RAMRAM]===10.0.1.0/24;
erouted; eroute owner: #6
000 "Tunnel1/2x2": oriented; my_ip=unset; their_ip=unset;
my_updown=ipsec _updown;
000 "Tunnel1/2x2": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "Tunnel1/2x2": our auth:secret, their auth:secret
000 "Tunnel1/2x2": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "Tunnel1/2x2": labeled_ipsec:no;
000 "Tunnel1/2x2": policy_label:unset;
000 "Tunnel1/2x2": ike_life: 28800s; ipsec_life: 3600s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "Tunnel1/2x2": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "Tunnel1/2x2": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "Tunnel1/2x2": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "Tunnel1/2x2": conn_prio: 24,24; interface: wwan0; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "Tunnel1/2x2": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no; nic-offload:auto;
000 "Tunnel1/2x2": our idtype: ID_FQDN; our id=@HALOHALO; their
idtype: ID_FQDN; their id=@RAMRAM
000 "Tunnel1/2x2": dpd: action:restart; delay:30; timeout:60; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "Tunnel1/2x2": newest ISAKMP SA: #0; newest IPsec SA: #6;
000 "Tunnel1/2x2": aliases: Tunnel1
000 "Tunnel1/2x2": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96;
pfsgroup=<Phase1>
000 "Tunnel1/2x3":
172.18.0.0/24===100.114.157.13[@HALOHALO]---100.114.157.14...166.130.x.x<166.130.x.x>[@RAMRAM]===172.20.0.0/24;
erouted; eroute owner: #7
000 "Tunnel1/2x3": oriented; my_ip=unset; their_ip=unset;
my_updown=ipsec _updown;
000 "Tunnel1/2x3": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "Tunnel1/2x3": our auth:secret, their auth:secret
000 "Tunnel1/2x3": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "Tunnel1/2x3": labeled_ipsec:no;
000 "Tunnel1/2x3": policy_label:unset;
000 "Tunnel1/2x3": ike_life: 28800s; ipsec_life: 3600s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "Tunnel1/2x3": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "Tunnel1/2x3": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "Tunnel1/2x3": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "Tunnel1/2x3": conn_prio: 24,24; interface: wwan0; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "Tunnel1/2x3": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no; nic-offload:auto;
000 "Tunnel1/2x3": our idtype: ID_FQDN; our id=@HALOHALO; their
idtype: ID_FQDN; their id=@RAMRAM
000 "Tunnel1/2x3": dpd: action:restart; delay:30; timeout:60; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "Tunnel1/2x3": newest ISAKMP SA: #0; newest IPsec SA: #7;
000 "Tunnel1/2x3": aliases: Tunnel1
000 "Tunnel1/2x3": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96;
pfsgroup=<Phase1>
000 "Tunnel1/3x1":
10.10.0.0/24===100.114.157.13[@HALOHALO]---100.114.157.14...166.130.x.x<166.130.x.x>[@RAMRAM]===10.0.0.0/24;
erouted; eroute owner: #8
000 "Tunnel1/3x1": oriented; my_ip=unset; their_ip=unset;
my_updown=ipsec _updown;
000 "Tunnel1/3x1": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "Tunnel1/3x1": our auth:secret, their auth:secret
000 "Tunnel1/3x1": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "Tunnel1/3x1": labeled_ipsec:no;
000 "Tunnel1/3x1": policy_label:unset;
000 "Tunnel1/3x1": ike_life: 28800s; ipsec_life: 3600s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "Tunnel1/3x1": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "Tunnel1/3x1": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "Tunnel1/3x1": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "Tunnel1/3x1": conn_prio: 24,24; interface: wwan0; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "Tunnel1/3x1": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no; nic-offload:auto;
000 "Tunnel1/3x1": our idtype: ID_FQDN; our id=@HALOHALO; their
idtype: ID_FQDN; their id=@RAMRAM
000 "Tunnel1/3x1": dpd: action:restart; delay:30; timeout:60; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "Tunnel1/3x1": newest ISAKMP SA: #0; newest IPsec SA: #8;
000 "Tunnel1/3x1": aliases: Tunnel1
000 "Tunnel1/3x1": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96;
pfsgroup=<Phase1>
000 "Tunnel1/3x2":
10.10.0.0/24===100.114.157.13[@HALOHALO]---100.114.157.14...166.130.x.x<166.130.x.x>[@RAMRAM]===10.0.1.0/24;
erouted; eroute owner: #9
000 "Tunnel1/3x2": oriented; my_ip=unset; their_ip=unset;
my_updown=ipsec _updown;
000 "Tunnel1/3x2": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "Tunnel1/3x2": our auth:secret, their auth:secret
000 "Tunnel1/3x2": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "Tunnel1/3x2": labeled_ipsec:no;
000 "Tunnel1/3x2": policy_label:unset;
000 "Tunnel1/3x2": ike_life: 28800s; ipsec_life: 3600s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "Tunnel1/3x2": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "Tunnel1/3x2": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "Tunnel1/3x2": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "Tunnel1/3x2": conn_prio: 24,24; interface: wwan0; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "Tunnel1/3x2": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no; nic-offload:auto;
000 "Tunnel1/3x2": our idtype: ID_FQDN; our id=@HALOHALO; their
idtype: ID_FQDN; their id=@RAMRAM
000 "Tunnel1/3x2": dpd: action:restart; delay:30; timeout:60; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "Tunnel1/3x2": newest ISAKMP SA: #0; newest IPsec SA: #9;
000 "Tunnel1/3x2": aliases: Tunnel1
000 "Tunnel1/3x2": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96;
pfsgroup=<Phase1>
000 "Tunnel1/3x3":
10.10.0.0/24===100.114.157.13[@HALOHALO]---100.114.157.14...166.130.x.x<166.130.x.x>[@RAMRAM]===172.20.0.0/24;
erouted; eroute owner: #10
000 "Tunnel1/3x3": oriented; my_ip=unset; their_ip=unset;
my_updown=ipsec _updown;
000 "Tunnel1/3x3": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "Tunnel1/3x3": our auth:secret, their auth:secret
000 "Tunnel1/3x3": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "Tunnel1/3x3": labeled_ipsec:no;
000 "Tunnel1/3x3": policy_label:unset;
000 "Tunnel1/3x3": ike_life: 28800s; ipsec_life: 3600s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "Tunnel1/3x3": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "Tunnel1/3x3": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "Tunnel1/3x3": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "Tunnel1/3x3": conn_prio: 24,24; interface: wwan0; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "Tunnel1/3x3": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no; nic-offload:auto;
000 "Tunnel1/3x3": our idtype: ID_FQDN; our id=@HALOHALO; their
idtype: ID_FQDN; their id=@RAMRAM
000 "Tunnel1/3x3": dpd: action:restart; delay:30; timeout:60; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "Tunnel1/3x3": newest ISAKMP SA: #1; newest IPsec SA: #10;
000 "Tunnel1/3x3": aliases: Tunnel1
000 "Tunnel1/3x3": IKEv1 algorithm newest:
AES_CBC_256-HMAC_SHA2_256-MODP2048
000 "Tunnel1/3x3": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96;
pfsgroup=<Phase1>
000
000 Total IPsec connections: loaded 9, active 9
000
000 State Information: DDoS cookies not required, Accepting new IKE
connections
000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0)
000 IPsec SAs: total(9), authenticated(9), anonymous(0)
000
000 #2: "Tunnel1/1x1":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2826s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #2: "Tunnel1/1x1" esp.c42ed83d at 166.130.x.x
esp.578d3f44 at 100.114.157.13 tun.1000 at 166.130.x.x tun.1001 at 100.114.157.13
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000 #3: "Tunnel1/1x2":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2617s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #3: "Tunnel1/1x2" esp.c42ed83e at 166.130.x.x
esp.578d3f45 at 100.114.157.13 tun.1002 at 166.130.x.x tun.1003 at 100.114.157.13
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000 #4: "Tunnel1/1x3":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2609s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #4: "Tunnel1/1x3" esp.c42ed83f at 166.130.x.x
esp.578d3f46 at 100.114.157.13 tun.1004 at 166.130.x.x tun.1005 at 100.114.157.13
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000 #5: "Tunnel1/2x1":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2548s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #5: "Tunnel1/2x1" esp.c42ed840 at 166.130.x.x
esp.578d3f47 at 100.114.157.13 tun.1006 at 166.130.x.x tun.1007 at 100.114.157.13
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000 #6: "Tunnel1/2x2":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2934s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #6: "Tunnel1/2x2" esp.c42ed841 at 166.130.x.x
esp.578d3f48 at 100.114.157.13 tun.1008 at 166.130.x.x tun.1009 at 100.114.157.13
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000 #7: "Tunnel1/2x3":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2860s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #7: "Tunnel1/2x3" esp.c42ed842 at 166.130.x.x
esp.578d3f49 at 100.114.157.13 tun.100a at 166.130.x.x tun.100b at 100.114.157.13
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000 #8: "Tunnel1/3x1":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2627s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #8: "Tunnel1/3x1" esp.c42ed843 at 166.130.x.x
esp.578d3f4a at 100.114.157.13 tun.100c at 166.130.x.x tun.100d at 100.114.157.13
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000 #9: "Tunnel1/3x2":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2892s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #9: "Tunnel1/3x2" esp.c42ed844 at 166.130.x.x
esp.578d3f4b at 100.114.157.13 tun.100e at 166.130.x.x tun.100f at 100.114.157.13
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000 #1: "Tunnel1/3x3":4500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 27783s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0);
idle;
000 #10: "Tunnel1/3x3":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 2742s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #10: "Tunnel1/3x3" esp.c42ed845 at 166.130.x.x
esp.578d3f4c at 100.114.157.13 tun.1010 at 166.130.x.x tun.1011 at 100.114.157.13
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000
000 Bare Shunt list:
000
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 00:05:e4:05:16:56 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.225/16 brd 172.16.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::205:e4ff:fe05:1656/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
DOWN group default qlen 1000
link/ether 00:05:e4:05:16:55 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet 10.10.0.1/24 brd 10.10.0.255 scope global eth1:10
valid_lft forever preferred_lft forever
inet 172.18.0.1/24 brd 172.18.0.255 scope global eth1:20
valid_lft forever preferred_lft forever
4: sit0 at NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
link/sit 0.0.0.0 brd 0.0.0.0
5: ip6tnl0 at NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
link/tunnel6 :: brd ::
6: usb0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN group default qlen 1000
link/ether c2:4e:ad:dc:fe:b0 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.1/24 brd 192.168.111.255 scope global usb0
valid_lft forever preferred_lft forever
7: wlan0s2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 00:05:e4:06:d6:b7 brd ff:ff:ff:ff:ff:ff
8: eth1s3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 00:05:e4:06:a0:27 brd ff:ff:ff:ff:ff:ff
9: eth0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 00:05:e4:06:a0:26 brd ff:ff:ff:ff:ff:ff
10: wwan0: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP group default qlen 1000
link/ether 00:00:11:12:13:14 brd ff:ff:ff:ff:ff:ff
inet 100.114.157.13/30 brd 100.114.157.15 scope global wwan0
valid_lft forever preferred_lft forever
inet6 2600:100a:b10c:2c5c:200:11ff:fe12:1314/64 scope global
dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 fe80::200:11ff:fe12:1314/64 scope link
valid_lft forever preferred_lft forever
11: ipsec0: <NOARP,UP,LOWER_UP> mtu 16260 qdisc noqueue state UNKNOWN
group default qlen 10
link/ether 00:00:11:12:13:14 brd ff:ff:ff:ff:ff:ff
inet 100.114.157.13/32 scope global ipsec0
valid_lft forever preferred_lft forever
inet6 fe80::200:11ff:fe12:1314/128 scope link
valid_lft forever preferred_lft forever
12: ipsec1: <NOARP> mtu 0 qdisc noop state DOWN group default qlen 10
link/void
13: mast0: <NOARP> mtu 0 qdisc noop state DOWN group default qlen 10
link/none
+ _________________________ ip-route-list-table-all
+ ip route list table all
prohibit default table usb0
192.168.111.0/24 dev usb0 table usb0 scope link linkdown
default via 100.114.157.14 dev wwan0 table wwan0
default via 172.16.0.1 dev eth0 table eth0
192.168.1.0/24 dev eth1 table eth1 scope link src 192.168.1.1 linkdown
10.10.0.0/24 dev eth1 table eth1:10 scope link src 10.10.0.1 linkdown
172.18.0.0/24 dev eth1 table eth1:20 scope link src 172.18.0.1 linkdown
default via 100.114.157.14 dev wwan0 metric 10
10.0.0.0/24 dev ipsec0 scope link
10.0.1.0/24 dev ipsec0 scope link
10.10.0.0/24 dev eth1 proto kernel scope link src 10.10.0.1 linkdown
100.114.157.12/30 dev wwan0 proto kernel scope link src 100.114.157.13
172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.0.225
172.18.0.0/24 dev eth1 proto kernel scope link src 172.18.0.1 linkdown
172.20.0.0/24 dev ipsec0 scope link
192.168.1.0/24 dev eth1 scope link linkdown
192.168.111.0/24 dev usb0 proto kernel scope link src 192.168.111.1
linkdown
broadcast 10.10.0.0 dev eth1 table local proto kernel scope link src
10.10.0.1 linkdown
local 10.10.0.1 dev eth1 table local proto kernel scope host src 10.10.0.1
broadcast 10.10.0.255 dev eth1 table local proto kernel scope link src
10.10.0.1 linkdown
broadcast 100.114.157.12 dev wwan0 table local proto kernel scope link
src 100.114.157.13
local 100.114.157.13 dev wwan0 table local proto kernel scope host src
100.114.157.13
local 100.114.157.13 dev ipsec0 table local proto kernel scope host src
100.114.157.13
broadcast 100.114.157.15 dev wwan0 table local proto kernel scope link
src 100.114.157.13
broadcast 127.0.0.0 dev lo table local proto kernel scope link src
127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src
127.0.0.1
broadcast 172.16.0.0 dev eth0 table local proto kernel scope link src
172.16.0.225
local 172.16.0.225 dev eth0 table local proto kernel scope host src
172.16.0.225
broadcast 172.16.255.255 dev eth0 table local proto kernel scope link
src 172.16.0.225
broadcast 172.18.0.0 dev eth1 table local proto kernel scope link src
172.18.0.1 linkdown
local 172.18.0.1 dev eth1 table local proto kernel scope host src
172.18.0.1
broadcast 172.18.0.255 dev eth1 table local proto kernel scope link src
172.18.0.1 linkdown
broadcast 192.168.1.0 dev eth1 table local proto kernel scope link src
192.168.1.1 linkdown
local 192.168.1.1 dev eth1 table local proto kernel scope host src
192.168.1.1
broadcast 192.168.1.255 dev eth1 table local proto kernel scope link src
192.168.1.1 linkdown
broadcast 192.168.111.0 dev usb0 table local proto kernel scope link src
192.168.111.1 linkdown
local 192.168.111.1 dev usb0 table local proto kernel scope host src
192.168.111.1
broadcast 192.168.111.255 dev usb0 table local proto kernel scope link
src 192.168.111.1 linkdown
fe80::200:11ff:fe12:1314 dev ipsec0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev wwan0 proto kernel metric 256 pref medium
default via fe80::4e:5375:e340 dev wwan0 proto ra metric 1024 expires
65470sec hoplimit 255 pref medium
unreachable default dev lo proto kernel metric 4294967295 error
4294967195 pref medium
local ::1 dev lo table local proto unspec metric 0 pref medium
local 2600:100a:b10c:2c5c:200:11ff:fe12:1314 dev lo table local proto
unspec metric 0 pref medium
local fe80::200:11ff:fe12:1314 dev lo table local proto unspec metric 0
pref medium
local fe80::200:11ff:fe12:1314 dev lo table local proto unspec metric 0
pref medium
local fe80::205:e4ff:fe05:1656 dev lo table local proto unspec metric 0
pref medium
ff00::/8 dev eth0 table local metric 256 pref medium
ff00::/8 dev wwan0 table local metric 256 pref medium
ff00::/8 dev ipsec0 table local metric 256 pref medium
unreachable default dev lo proto kernel metric 4294967295 error
4294967195 pref medium
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
4: from 192.168.111.1 lookup usb0
5: from 100.114.157.13 lookup wwan0
10: from all lookup main
11: from 172.16.0.225 lookup eth0
12: from 192.168.1.1 lookup eth1
13: from 10.10.0.1 lookup eth1:10
14: from 172.18.0.1 lookup eth1:20
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Verifying installed system and configuration files
Version check and ipsec on-path [OK]
Libreswan 3.master-201936.git (klips) on 4.9.119
Checking for IPsec support in kernel [OK]
KLIPS: checking for NAT Traversal support [OK]
KLIPS: checking for OCF crypto offload support [N/A]
KLIPS: IPsec SAref kernel support [N/A]
KLIPS: IPsec SAref Bind kernel support [N/A]
Pluto ipsec.conf syntax [OK]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/all/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/eth0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/eth0s3/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/eth1/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/eth1s3/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/ip6tnl0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/ipsec0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/ipsec1/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/lo/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/mast0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/sit0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/usb0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/wlan0s2/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/wwan0/rp_filter [ENABLED]
rp_filter is not fully aware of IPsec and should be disabled
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options [OK]
ipsec verify: encountered 31 errors - see 'man ipsec_verify' for help
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
DA70N-051656
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
08:49:29 up 2 min, load average: 0.83, 0.39, 0.15
+ _________________________ ps
+ ps alxwf
+ grep -E -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 5521 3837 20 0 2200 1576 wait S+ pts/0
0:00 \_ /bin/sh /usr/libexec/ipsec/barf
0 0 5634 5521 20 0 1684 896 pipe_w S+ pts/0
0:00 \_ grep -E -i ppid|pluto|ipsec|klips
0 0 5048 1 20 0 2632 1716 wait S pts/0 0:00
/bin/sh /usr/libexec/ipsec/_plutorun --config /etc/ipsec.conf --nofork
4 0 5054 5048 20 0 17872 5244 SyS_ep Sl pts/0 0:01 \_
/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork
+ _________________________ ipsec/conf
+ ipsec readwriteconf --config /etc/ipsec.conf
config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
protostack=klips
conn Tunnel1
left=%defaultroute
leftid="@HALOHALO"
leftnexthop=%defaultroute
leftsubnets={192.168.1.0/24, 172.18.0.0/24, 10.10.0.0/24}
right=166.130.x.x
rightid="@RAMRAM"
rightsubnets={10.0.0.0/24, 10.0.1.0/24, 172.20.0.0/24}
auto=start
type=tunnel
pfs=yes
salifetime=3600
ikelifetime=28800
dpddelay=30
dpdtimeout=60
dpdaction=restart
authby=secret
auto=start
type=tunnel
compress=no
pfs=yes
ikepad=yes
authby=secret
phase2=esp
ikev2=no
ppk=no
esn=no
+ _________________________ ipsec/secrets
+ cat /etc/ipsec.secrets
+ ipsec _secretcensor
# This file holds shared secrets (PSK) and XAUTH user passwords used for
# authentication. See pluto(8) manpage or the libreswan website.
# Unlike older openswan, this file does NOT contain any X.509 related
# information such as private key :RSA statements as these now reside
# in the NSS database. See:
#
# https://libreswan.org/wiki/Using_NSS_with_libreswan
# https://libreswan.org/wiki/Migrating_from_Openswan
#
# The preferred method for adding secrets is to create a new file in
# the /etc/ipsec.d/ directory, so it will be included via the include
# line below
include /etc/ipsec.d/*.secrets
+ _________________________ ipsec/listall
+ ipsec whack --listall
000
000 List of Public Keys:
000
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000
000 2: PSK (none) (none)
000
000 List of X.509 End Certificates:
000
000 List of X.509 CA Certificates:
000
000 List of CRLs:
+ _________________________ nss/contents
+ certutil -L -d sql:/etc/ipsec.d
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
+ _________________________ nss/crls
+ crlutil -L -d sql:/etc/ipsec.d
CRL names CRL Type
+ '[' -n /etc/ipsec.d/policies ']'
+ for policy in '${POLICIES}/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of network destinations for which
# communication should never be allowed.
#
# One IPv4 or IPv6 CIDR per line, optionally specifying a further
# narrowing of protocol, source port and destination port
#
# examples:
# 10.0.1.0/24
# 2a03:6000:1004:1::/64
#
# block some outgoing ssh to range
# 10.0.1.0/24 tcp 0 22
# block all incoming ssh
# 0.0.0.0/0 tcp 22 0
+ for policy in '${POLICIES}/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of network destinations for which
# communication should always be in the clear.
#
# One IPv4 or IPv6 CIDR per line, optionally specifying a further
# narrowing of protocol, source port and destination port
#
# examples:
# 10.0.1.0/24
# 2a03:6000:1004:1::/64
#
# dont IPsec encrypt ssh to a range
# 10.0.1.0/24 tcp 0 22
# don't IPsec encrypt any incoming ssh
# 0.0.0.0/0 tcp 22 0
+ for policy in '${POLICIES}/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
# One IPv4 or IPv6 CIDR per line.
# This file defines the set of network destinations for which
# communications will be in the clear, or if the other side initiates IPsec
# to use, will be encrypted on their request. This behaviour is also called
# "Opportunistic Responder".
#
# One IPv4 or IPv6 CIDR per line, optionally specifying a further
# narrowing of protocol, source port and destination port
#
# examples:
# encrypt all traffic to an IPv4 or IPv6 host or subnet if they request it
# 10.0.1.0/24
# 10.1.1.1/32
# 2a03:6000:1004:1::/64
#
# encrypt all smtp traffic to some host if they want to
# 10.0.1.0/24 tcp 0 25
# encrypt all incoming smtp traffic from some host if they request it
# 0.0.0.0/0 tcp 25 0
+ for policy in '${POLICIES}/*'
++ basename /etc/ipsec.d/policies/portexcludes.conf
+ base=portexcludes.conf
+ _________________________ ipsec/policies/portexcludes.conf
+ cat /etc/ipsec.d/policies/portexcludes.conf
# Direction Proto Source Dest Prio
#
# Exclude ssh incoming and outgoing from IPsec encryption for ipv4 and ipv6
#both tcp any 22 1023
#
# Exclude outgoing HTTPS from IPsec encryption for ipv4 and ipv6
#out tcp any 443 1023
#
# Exclude incoming SMTP for ipv4 for ipv4
#in tcp any4 25 1023
# Exclude incoming SMTP for ipv4 from 10.0.0.0/8 only
#in tcp 10.0.0.0/8 25 1023
#
# All udp port 666 should go in the clear within 10/8
#both udp 10.0.0.0/8 10.0.0.0/8 at 666 1023
+ for policy in '${POLICIES}/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# we MUST communicate in the clear. Otherwise traffic is blocked. This
# is enforced (and can be tweaked) by setting the negotiationshunt= and
# failureshunt= to drop.
#
# One IPv4 or IPv6 CIDR per line, optionally specifying a further
# narrowing of protocol, source port and destination port
#
# examples:
# encrypt all traffic to an IPv4 or IPv6 host or subnet
# 10.0.1.0/24
# 10.1.1.1/32
# 2a03:6000:1004:1::/64
#
# encrypt all smtp traffic to some host
# 10.0.1.0/24 tcp 0 25
# encrypt all incoming smtp traffic
# 0.0.0.0/0 tcp 25 0
+ for policy in '${POLICIES}/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be encrypted when possible, but will fallback
# to in the clear otherwise.
#
# This is enforced (and can be tweaked) by setting the failureshunt=
# to passthrough.
#
# One IPv4 or IPv6 CIDR per line, optionally specifying a further
# narrowing of protocol, source port and destination port
#
# examples:
# prefer to encrypt all traffic to an IPv4 or IPv6 host or subnet
# 10.0.1.0/24
# 10.1.1.1/32
# 2a03:6000:1004:1::/64
#
# prefer to encrypt all smtp traffic to some host
# 10.0.1.0/24 tcp 0 25
# prefer encrypt all incoming smtp traffic
# 0.0.0.0/0 tcp 25 0
#
# Ideally, enable this for every host on the internet
# 0.0.0.0/0
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
-rwxr-xr-x 1 root root 152948 Sep 6 21:50 _import_crl
-rwxr-xr-x 1 root root 3055 Sep 6 21:50 _plutorun
-rwxr-xr-x 1 root root 1918 Sep 6 21:50 _secretcensor
-rwxr-xr-x 1 root root 12467 Sep 6 21:50 _stackmanager
-rwxr-xr-x 1 root root 2126 Sep 6 21:50 _unbound-hook
-rwxr-xr-x 1 root root 4335 Sep 6 21:50 _updown
-rwxr-xr-x 1 root root 18680 Sep 6 21:50 _updown.klips
-rwxr-xr-x 1 root root 23873 Sep 6 21:50 _updown.netkey
-rwxr-xr-x 1 root root 188640 Sep 6 21:50 addconn
-rwxr-xr-x 1 root root 358804 Sep 6 21:50 algparse
-rwxr-xr-x 1 root root 6079 Sep 6 21:50 auto
-rwxr-xr-x 1 root root 12380 Sep 6 21:50 barf
-rwxr-xr-x 1 root root 334956 Sep 6 21:50 cavp
-rwxr-xr-x 1 root root 88412 Sep 6 21:50 enumcheck
-rwxr-xr-x 1 root root 99428 Sep 6 21:50 eroute
-rwxr-xr-x 1 root root 145884 Sep 6 21:50 ipcheck
-rwxr-xr-x 1 root root 26984 Sep 6 21:50 jambufcheck
-rwxr-xr-x 1 root root 81136 Sep 6 21:50 klipsdebug
-rwxr-xr-x 1 root root 10411 Sep 6 21:50 letsencrypt
-rwxr-xr-x 1 root root 4467 Sep 6 21:50 look
-rwxr-xr-x 1 root root 3321 Sep 6 21:50 newhostkey
-rwxr-xr-x 1 root root 76080 Sep 6 21:50 pf_key
-rwxr-xr-x 1 root root 1480668 Sep 6 21:50 pluto
-rwxr-xr-x 1 root root 163884 Sep 6 21:50 readwriteconf
-rwxr-xr-x 1 root root 158848 Sep 6 21:50 rsasigkey
-rwxr-xr-x 1 root root 6232 Sep 6 21:50 setup
-rwxr-xr-x 1 root root 3597 Sep 6 21:50 show
-rwxr-xr-x 1 root root 158876 Sep 6 21:50 showhostkey
-rwxr-xr-x 1 root root 83304 Sep 6 21:50 shunkcheck
-rwxr-xr-x 1 root root 335652 Sep 6 21:50 spi
-rwxr-xr-x 1 root root 90328 Sep 6 21:50 spigrp
-rwxr-xr-x 1 root root 34300 Sep 6 21:50 timecheck
-rwxr-xr-x 1 root root 118668 Sep 6 21:50 tncfg
-rwxr-xr-x 1 root root 11222 Sep 6 21:50 verify
-rwxr-xr-x 1 root root 151492 Sep 6 21:50 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed
multicast|bytes packets errs drop fifo colls carrier compressed
wwan0: 5932 19 0 0 0 0 0 0
18771 55 0 0 0 0 0 0
mast0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
eth1s3: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec0: 0 0 0 0 0 0 0 0 0
0 0 4 0 0 0 0
eth0: 83223 880 0 0 0 0 0 0
218991 894 0 0 0 0 0 0
usb0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
lo: 27395 360 0 0 0 0 0 0
27395 360 0 0 0 0 0 0
eth0s3: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ip6tnl0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
wlan0s2: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
sit0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
eth1: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric
Mask MTU Window IRTT
wwan0 00000000 0E9D7264 0003 0 0 10
00000000 0 0 0
ipsec0 0000000A 00000000 0001 0 0 0
00FFFFFF 0 0 0
ipsec0 0001000A 00000000 0001 0 0 0
00FFFFFF 0 0 0
eth1 00000A0A 00000000 0001 0 0 0
00FFFFFF 0 0 0
wwan0 0C9D7264 00000000 0001 0 0 0
FCFFFFFF 0 0 0
eth0 000010AC 00000000 0001 0 0 0
0000FFFF 0 0 0
eth1 000012AC 00000000 0001 0 0 0
00FFFFFF 0 0 0
ipsec0 000014AC 00000000 0001 0 0 0
00FFFFFF 0 0 0
eth1 0001A8C0 00000000 0001 0 0 0
00FFFFFF 0 0 0
usb0 006FA8C0 00000000 0001 0 0 0
00FFFFFF 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
2
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ grep -E '^' all/rp_filter default/rp_filter eth0/rp_filter
eth0s3/rp_filter eth1/rp_filter eth1s3/rp_filter ip6tnl0/rp_filter
ipsec0/rp_filter ipsec1/rp_filter lo/rp_filter mast0/rp_filter
sit0/rp_filter usb0/rp_filter wlan0s2/rp_filter wwan0/rp_filter
all/rp_filter:1
default/rp_filter:1
eth0/rp_filter:1
eth0s3/rp_filter:1
eth1/rp_filter:1
eth1s3/rp_filter:1
ip6tnl0/rp_filter:1
ipsec0/rp_filter:1
ipsec1/rp_filter:1
lo/rp_filter:1
mast0/rp_filter:1
sit0/rp_filter:1
usb0/rp_filter:1
wlan0s2/rp_filter:1
wwan0/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ grep -E '^' all/accept_redirects all/secure_redirects
all/send_redirects default/accept_redirects default/secure_redirects
default/send_redirects eth0/accept_redirects eth0/secure_redirects
eth0/send_redirects eth0s3/accept_redirects eth0s3/secure_redirects
eth0s3/send_redirects eth1/accept_redirects eth1/secure_redirects
eth1/send_redirects eth1s3/accept_redirects eth1s3/secure_redirects
eth1s3/send_redirects ip6tnl0/accept_redirects ip6tnl0/secure_redirects
ip6tnl0/send_redirects ipsec0/accept_redirects ipsec0/secure_redirects
ipsec0/send_redirects ipsec1/accept_redirects ipsec1/secure_redirects
ipsec1/send_redirects lo/accept_redirects lo/secure_redirects
lo/send_redirects mast0/accept_redirects mast0/secure_redirects
mast0/send_redirects sit0/accept_redirects sit0/secure_redirects
sit0/send_redirects usb0/accept_redirects usb0/secure_redirects
usb0/send_redirects wlan0s2/accept_redirects wlan0s2/secure_redirects
wlan0s2/send_redirects wwan0/accept_redirects wwan0/secure_redirects
wwan0/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
eth0s3/accept_redirects:1
eth0s3/secure_redirects:1
eth0s3/send_redirects:1
eth1/accept_redirects:1
eth1/secure_redirects:1
eth1/send_redirects:1
eth1s3/accept_redirects:1
eth1s3/secure_redirects:1
eth1s3/send_redirects:1
ip6tnl0/accept_redirects:1
ip6tnl0/secure_redirects:1
ip6tnl0/send_redirects:1
ipsec0/accept_redirects:1
ipsec0/secure_redirects:1
ipsec0/send_redirects:1
ipsec1/accept_redirects:1
ipsec1/secure_redirects:1
ipsec1/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
mast0/accept_redirects:1
mast0/secure_redirects:1
mast0/send_redirects:1
sit0/accept_redirects:1
sit0/secure_redirects:1
sit0/send_redirects:1
usb0/accept_redirects:1
usb0/secure_redirects:1
usb0/send_redirects:1
wlan0s2/accept_redirects:1
wlan0s2/secure_redirects:1
wlan0s2/send_redirects:1
wwan0/accept_redirects:1
wwan0/secure_redirects:1
wwan0/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
1
+ _________________________ uname-a
+ uname -a
Linux DA70N-051656 4.9.119 #1 PREEMPT Sat Sep 7 02:38:54 UTC 2019 armv7l
GNU/Linux
+ _________________________ config-built-with
+ '[' -r /proc/config_built_with ']'
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ '[' -f /etc/redhat-release ']'
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ '[' -f /etc/debian-release ']'
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ '[' -f /etc/SuSE-release ']'
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ '[' -f /etc/mandrake-release ']'
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ '[' -f /etc/mandriva-release ']'
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ '[' -f /etc/gentoo-release ']'
+ _________________________ /proc/net/ipsec_version
+ '[' -r /proc/net/ipsec_version ']'
+ cat /proc/net/ipsec_version
Libreswan version: 3.master-201936.git
+ _________________________ iptables
+ '[' -e /proc/net/ip_tables_names ']'
+ '[' -r /sbin/iptables-save -o -r /usr/sbin/iptables-save ']'
+ iptables-save --modprobe=/dev/null
# Generated by iptables-save v1.8.2 on Sat Sep 7 08:49:31 2019
*mangle
:PREROUTING ACCEPT [1179:96934]
:INPUT ACCEPT [1173:96029]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1405:272057]
:POSTROUTING ACCEPT [1432:276777]
-A PREROUTING -i wwan+ -p tcp -m tcp --dport 443 -j MARK --set-xmark
0x400/0xffffffff
-A PREROUTING -i wwan+ -p tcp -m tcp --dport 2022 -j MARK --set-xmark
0x400/0xffffffff
COMMIT
# Completed on Sat Sep 7 08:49:31 2019
# Generated by iptables-save v1.8.2 on Sat Sep 7 08:49:31 2019
*nat
:PREROUTING ACCEPT [40:2234]
:INPUT ACCEPT [40:2234]
:OUTPUT ACCEPT [6:1124]
:POSTROUTING ACCEPT [9:750]
-A PREROUTING -i wwan+ -p tcp -m tcp --dport 443 -j REDIRECT --to-ports
10000
-A PREROUTING -i wwan+ -p tcp -m tcp --dport 2022 -j REDIRECT --to-ports 22
-A PREROUTING -d 172.16.0.225/32 -i eth0 -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 10000
-A PREROUTING -d 172.16.0.225/32 -i eth0 -p tcp -m tcp --dport 443 -j
REDIRECT --to-ports 10001
-A PREROUTING -d 192.168.1.1/32 -i eth1 -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 10000
-A PREROUTING -d 192.168.1.1/32 -i eth1 -p tcp -m tcp --dport 443 -j
REDIRECT --to-ports 10001
-A OUTPUT -o usb0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -o eth0s1 -j ACCEPT
-A OUTPUT -o eth1s1 -j ACCEPT
-A OUTPUT -o eth0s2 -j ACCEPT
-A OUTPUT -o eth1s2 -j ACCEPT
-A OUTPUT -o eth0s3 -j ACCEPT
-A OUTPUT -o eth1s3 -j ACCEPT
-A OUTPUT -o wlan+ -j ACCEPT
-A OUTPUT -o wlan0s1 -j ACCEPT
-A OUTPUT -o wlan0s2 -j ACCEPT
-A OUTPUT -o wlan0s3 -j ACCEPT
-A OUTPUT -o vti+ -j ACCEPT
-A OUTPUT -o gre+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A POSTROUTING -o wwan+ -j MASQUERADE
COMMIT
# Completed on Sat Sep 7 08:49:31 2019
# Generated by iptables-save v1.8.2 on Sat Sep 7 08:49:31 2019
*raw
:PREROUTING ACCEPT [1196:97614]
:OUTPUT ACCEPT [1439:278249]
COMMIT
# Completed on Sat Sep 7 08:49:31 2019
# Generated by iptables-save v1.8.2 on Sat Sep 7 08:49:31 2019
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:FLAGS - [0:0]
:SCAN - [0:0]
:TRAFFIC - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i wwan+ -p tcp -m tcp --dport 0:19 -j DROP
-A INPUT -i wwan+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
FIN,SYN,RST,PSH,ACK,URG -j SCAN
-A INPUT -i wwan+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE
-j SCAN
-A INPUT -i wwan+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
FIN,PSH,URG -j FLAGS
-A INPUT -i wwan+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
FIN,SYN,RST,PSH,ACK,URG -j FLAGS
-A INPUT -i wwan+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
FIN,SYN,RST,ACK,URG -j FLAGS
-A INPUT -i wwan+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE
-j FLAGS
-A INPUT -i wwan+ -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j FLAGS
-A INPUT -i wwan+ -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j FLAGS
-A INPUT -i wwan+ -f -m limit --limit 2/sec -j LOG --log-prefix
"**FRAGMENT** " --log-level 7
-A INPUT -i wwan+ -f -j DROP
-A INPUT -i wwan+ -p tcp -m tcp --dport 7785 -j ACCEPT
-A INPUT -i wwan+ -p tcp -m tcp --dport 22 -m limit --limit 3/min
--limit-burst 3 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -i wwan+ -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j
DROP
-A INPUT -i wwan+ -p tcp -m tcp --dport 502 -j ACCEPT
-A INPUT -i wwan+ -p udp -m udp --dport 502 -j ACCEPT
-A INPUT -i wwan+ -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -i wwan+ -p udp -m udp --dport 20000 -j ACCEPT
-A INPUT -i wwan+ -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -i wwan+ -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -i wwan+ -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i wwan+ -p tcp -m tcp --dport 10001 -j ACCEPT
-A INPUT -i wwan+ -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -i wwan+ -p icmp -f -m limit --limit 2/sec -j LOG --log-prefix
"**ICMP FRAG** " --log-level 7
-A INPUT -i wwan+ -p icmp -f -j DROP
-A INPUT -i wwan+ -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -i wwan+ -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A INPUT -i wwan+ -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -i wwan+ -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A INPUT -i wwan+ -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i usb0 -p icmp -j ACCEPT
-A INPUT -i eth0 -p icmp -j ACCEPT
-A INPUT -i eth1 -p icmp -j ACCEPT
-A INPUT -i eth0s1 -p icmp -j ACCEPT
-A INPUT -i eth1s1 -p icmp -j ACCEPT
-A INPUT -i eth0s2 -p icmp -j ACCEPT
-A INPUT -i eth1s2 -p icmp -j ACCEPT
-A INPUT -i eth0s3 -p icmp -j ACCEPT
-A INPUT -i eth1s3 -p icmp -j ACCEPT
-A INPUT -i wlan+ -p icmp -j ACCEPT
-A INPUT -i wlan0s1 -p icmp -j ACCEPT
-A INPUT -i wlan0s2 -p icmp -j ACCEPT
-A INPUT -i wlan0s3 -p icmp -j ACCEPT
-A INPUT -i vti+ -p icmp -j ACCEPT
-A INPUT -i gre+ -p icmp -j ACCEPT
-A INPUT -i tun+ -p icmp -j ACCEPT
-A INPUT -i ipsec+ -p icmp -j ACCEPT
-A INPUT -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m limit --limit 2/sec -j LOG --log-prefix "**ICMP
DROP**" --log-level 7
-A INPUT -p icmp -j DROP
-A INPUT -m mark --mark 0x400/0x400 -j ACCEPT
-A INPUT -i wwan+ -p esp -j ACCEPT
-A INPUT -i wwan+ -p vrrp -j ACCEPT
-A INPUT -j TRAFFIC
-A FORWARD -i lo -j ACCEPT
-A FORWARD -o lo -j ACCEPT
-A FORWARD -o ipsec+ -j ACCEPT
-A FORWARD -i ipsec+ -j ACCEPT
-A FORWARD -i br+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j ACCEPT
-A FORWARD -o br+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
-A FORWARD -p tcp -m multiport --ports 137,138,139 -j DROP
-A FORWARD -p udp -m multiport --ports 137,138,139 -j DROP
-A FORWARD -o wwan+ -m conntrack --ctstate INVALID -j DROP
-A FORWARD -o wwan+ -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m
conntrack --ctstate NEW -m limit --limit 2/sec -j LOG --log-prefix
"**TCP FORWARD NON-SYN NEW**" --log-level 7
-A FORWARD -o wwan+ -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m
conntrack --ctstate NEW -j DROP
-A FORWARD -i wwan+ -o usb0 -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i usb0 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i usb0 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o eth0 -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i eth0 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o eth1 -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i eth1 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o eth0s1 -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i eth0s1 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0s1 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o eth1s1 -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i eth1s1 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1s1 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o eth0s2 -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i eth0s2 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0s2 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o eth1s2 -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i eth1s2 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1s2 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o eth0s3 -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i eth0s3 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0s3 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o eth1s3 -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i eth1s3 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1s3 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o wlan+ -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i wlan+ -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan+ -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o wlan0s1 -m conntrack --ctstate
RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0s1 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0s1 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o wlan0s2 -m conntrack --ctstate
RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0s2 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0s2 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o wlan0s3 -m conntrack --ctstate
RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0s3 -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0s3 -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o vti+ -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i vti+ -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vti+ -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o gre+ -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i gre+ -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i gre+ -o wwan+ -p tcp -j DROP
-A FORWARD -i wwan+ -o tun+ -m conntrack --ctstate RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i tun+ -o wwan+ -m conntrack --ctstate
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun+ -o wwan+ -p tcp -j DROP
-A FORWARD -i usb0 -o usb0 -j ACCEPT
-A FORWARD -i usb0 -o eth0 -j ACCEPT
-A FORWARD -i usb0 -o eth1 -j ACCEPT
-A FORWARD -i usb0 -o eth0s1 -j ACCEPT
-A FORWARD -i usb0 -o eth1s1 -j ACCEPT
-A FORWARD -i usb0 -o eth0s2 -j ACCEPT
-A FORWARD -i usb0 -o eth1s2 -j ACCEPT
-A FORWARD -i usb0 -o eth0s3 -j ACCEPT
-A FORWARD -i usb0 -o eth1s3 -j ACCEPT
-A FORWARD -i usb0 -o wlan+ -j ACCEPT
-A FORWARD -i usb0 -o wlan0s1 -j ACCEPT
-A FORWARD -i usb0 -o wlan0s2 -j ACCEPT
-A FORWARD -i usb0 -o wlan0s3 -j ACCEPT
-A FORWARD -i usb0 -o vti+ -j ACCEPT
-A FORWARD -i usb0 -o gre+ -j ACCEPT
-A FORWARD -i usb0 -o tun+ -j ACCEPT
-A FORWARD -i eth0 -o usb0 -j ACCEPT
-A FORWARD -i eth0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A FORWARD -i eth0 -o eth0s1 -j ACCEPT
-A FORWARD -i eth0 -o eth1s1 -j ACCEPT
-A FORWARD -i eth0 -o eth0s2 -j ACCEPT
-A FORWARD -i eth0 -o eth1s2 -j ACCEPT
-A FORWARD -i eth0 -o eth0s3 -j ACCEPT
-A FORWARD -i eth0 -o eth1s3 -j ACCEPT
-A FORWARD -i eth0 -o wlan+ -j ACCEPT
-A FORWARD -i eth0 -o wlan0s1 -j ACCEPT
-A FORWARD -i eth0 -o wlan0s2 -j ACCEPT
-A FORWARD -i eth0 -o wlan0s3 -j ACCEPT
-A FORWARD -i eth0 -o vti+ -j ACCEPT
-A FORWARD -i eth0 -o gre+ -j ACCEPT
-A FORWARD -i eth0 -o tun+ -j ACCEPT
-A FORWARD -i eth1 -o usb0 -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth1 -o eth1 -j ACCEPT
-A FORWARD -i eth1 -o eth0s1 -j ACCEPT
-A FORWARD -i eth1 -o eth1s1 -j ACCEPT
-A FORWARD -i eth1 -o eth0s2 -j ACCEPT
-A FORWARD -i eth1 -o eth1s2 -j ACCEPT
-A FORWARD -i eth1 -o eth0s3 -j ACCEPT
-A FORWARD -i eth1 -o eth1s3 -j ACCEPT
-A FORWARD -i eth1 -o wlan+ -j ACCEPT
-A FORWARD -i eth1 -o wlan0s1 -j ACCEPT
-A FORWARD -i eth1 -o wlan0s2 -j ACCEPT
-A FORWARD -i eth1 -o wlan0s3 -j ACCEPT
-A FORWARD -i eth1 -o vti+ -j ACCEPT
-A FORWARD -i eth1 -o gre+ -j ACCEPT
-A FORWARD -i eth1 -o tun+ -j ACCEPT
-A FORWARD -i eth0s1 -o usb0 -j ACCEPT
-A FORWARD -i eth0s1 -o eth0 -j ACCEPT
-A FORWARD -i eth0s1 -o eth1 -j ACCEPT
-A FORWARD -i eth0s1 -o eth0s1 -j ACCEPT
-A FORWARD -i eth0s1 -o eth1s1 -j ACCEPT
-A FORWARD -i eth0s1 -o eth0s2 -j ACCEPT
-A FORWARD -i eth0s1 -o eth1s2 -j ACCEPT
-A FORWARD -i eth0s1 -o eth0s3 -j ACCEPT
-A FORWARD -i eth0s1 -o eth1s3 -j ACCEPT
-A FORWARD -i eth0s1 -o wlan+ -j ACCEPT
-A FORWARD -i eth0s1 -o wlan0s1 -j ACCEPT
-A FORWARD -i eth0s1 -o wlan0s2 -j ACCEPT
-A FORWARD -i eth0s1 -o wlan0s3 -j ACCEPT
-A FORWARD -i eth0s1 -o vti+ -j ACCEPT
-A FORWARD -i eth0s1 -o gre+ -j ACCEPT
-A FORWARD -i eth0s1 -o tun+ -j ACCEPT
-A FORWARD -i eth1s1 -o usb0 -j ACCEPT
-A FORWARD -i eth1s1 -o eth0 -j ACCEPT
-A FORWARD -i eth1s1 -o eth1 -j ACCEPT
-A FORWARD -i eth1s1 -o eth0s1 -j ACCEPT
-A FORWARD -i eth1s1 -o eth1s1 -j ACCEPT
-A FORWARD -i eth1s1 -o eth0s2 -j ACCEPT
-A FORWARD -i eth1s1 -o eth1s2 -j ACCEPT
-A FORWARD -i eth1s1 -o eth0s3 -j ACCEPT
-A FORWARD -i eth1s1 -o eth1s3 -j ACCEPT
-A FORWARD -i eth1s1 -o wlan+ -j ACCEPT
-A FORWARD -i eth1s1 -o wlan0s1 -j ACCEPT
-A FORWARD -i eth1s1 -o wlan0s2 -j ACCEPT
-A FORWARD -i eth1s1 -o wlan0s3 -j ACCEPT
-A FORWARD -i eth1s1 -o vti+ -j ACCEPT
-A FORWARD -i eth1s1 -o gre+ -j ACCEPT
-A FORWARD -i eth1s1 -o tun+ -j ACCEPT
-A FORWARD -i eth0s2 -o usb0 -j ACCEPT
-A FORWARD -i eth0s2 -o eth0 -j ACCEPT
-A FORWARD -i eth0s2 -o eth1 -j ACCEPT
-A FORWARD -i eth0s2 -o eth0s1 -j ACCEPT
-A FORWARD -i eth0s2 -o eth1s1 -j ACCEPT
-A FORWARD -i eth0s2 -o eth0s2 -j ACCEPT
-A FORWARD -i eth0s2 -o eth1s2 -j ACCEPT
-A FORWARD -i eth0s2 -o eth0s3 -j ACCEPT
-A FORWARD -i eth0s2 -o eth1s3 -j ACCEPT
-A FORWARD -i eth0s2 -o wlan+ -j ACCEPT
-A FORWARD -i eth0s2 -o wlan0s1 -j ACCEPT
-A FORWARD -i eth0s2 -o wlan0s2 -j ACCEPT
-A FORWARD -i eth0s2 -o wlan0s3 -j ACCEPT
-A FORWARD -i eth0s2 -o vti+ -j ACCEPT
-A FORWARD -i eth0s2 -o gre+ -j ACCEPT
-A FORWARD -i eth0s2 -o tun+ -j ACCEPT
-A FORWARD -i eth1s2 -o usb0 -j ACCEPT
-A FORWARD -i eth1s2 -o eth0 -j ACCEPT
-A FORWARD -i eth1s2 -o eth1 -j ACCEPT
-A FORWARD -i eth1s2 -o eth0s1 -j ACCEPT
-A FORWARD -i eth1s2 -o eth1s1 -j ACCEPT
-A FORWARD -i eth1s2 -o eth0s2 -j ACCEPT
-A FORWARD -i eth1s2 -o eth1s2 -j ACCEPT
-A FORWARD -i eth1s2 -o eth0s3 -j ACCEPT
-A FORWARD -i eth1s2 -o eth1s3 -j ACCEPT
-A FORWARD -i eth1s2 -o wlan+ -j ACCEPT
-A FORWARD -i eth1s2 -o wlan0s1 -j ACCEPT
-A FORWARD -i eth1s2 -o wlan0s2 -j ACCEPT
-A FORWARD -i eth1s2 -o wlan0s3 -j ACCEPT
-A FORWARD -i eth1s2 -o vti+ -j ACCEPT
-A FORWARD -i eth1s2 -o gre+ -j ACCEPT
-A FORWARD -i eth1s2 -o tun+ -j ACCEPT
-A FORWARD -i eth0s3 -o usb0 -j ACCEPT
-A FORWARD -i eth0s3 -o eth0 -j ACCEPT
-A FORWARD -i eth0s3 -o eth1 -j ACCEPT
-A FORWARD -i eth0s3 -o eth0s1 -j ACCEPT
-A FORWARD -i eth0s3 -o eth1s1 -j ACCEPT
-A FORWARD -i eth0s3 -o eth0s2 -j ACCEPT
-A FORWARD -i eth0s3 -o eth1s2 -j ACCEPT
-A FORWARD -i eth0s3 -o eth0s3 -j ACCEPT
-A FORWARD -i eth0s3 -o eth1s3 -j ACCEPT
-A FORWARD -i eth0s3 -o wlan+ -j ACCEPT
-A FORWARD -i eth0s3 -o wlan0s1 -j ACCEPT
-A FORWARD -i eth0s3 -o wlan0s2 -j ACCEPT
-A FORWARD -i eth0s3 -o wlan0s3 -j ACCEPT
-A FORWARD -i eth0s3 -o vti+ -j ACCEPT
-A FORWARD -i eth0s3 -o gre+ -j ACCEPT
-A FORWARD -i eth0s3 -o tun+ -j ACCEPT
-A FORWARD -i eth1s3 -o usb0 -j ACCEPT
-A FORWARD -i eth1s3 -o eth0 -j ACCEPT
-A FORWARD -i eth1s3 -o eth1 -j ACCEPT
-A FORWARD -i eth1s3 -o eth0s1 -j ACCEPT
-A FORWARD -i eth1s3 -o eth1s1 -j ACCEPT
-A FORWARD -i eth1s3 -o eth0s2 -j ACCEPT
-A FORWARD -i eth1s3 -o eth1s2 -j ACCEPT
-A FORWARD -i eth1s3 -o eth0s3 -j ACCEPT
-A FORWARD -i eth1s3 -o eth1s3 -j ACCEPT
-A FORWARD -i eth1s3 -o wlan+ -j ACCEPT
-A FORWARD -i eth1s3 -o wlan0s1 -j ACCEPT
-A FORWARD -i eth1s3 -o wlan0s2 -j ACCEPT
-A FORWARD -i eth1s3 -o wlan0s3 -j ACCEPT
-A FORWARD -i eth1s3 -o vti+ -j ACCEPT
-A FORWARD -i eth1s3 -o gre+ -j ACCEPT
-A FORWARD -i eth1s3 -o tun+ -j ACCEPT
-A FORWARD -i wlan+ -o usb0 -j ACCEPT
-A FORWARD -i wlan+ -o eth0 -j ACCEPT
-A FORWARD -i wlan+ -o eth1 -j ACCEPT
-A FORWARD -i wlan+ -o eth0s1 -j ACCEPT
-A FORWARD -i wlan+ -o eth1s1 -j ACCEPT
-A FORWARD -i wlan+ -o eth0s2 -j ACCEPT
-A FORWARD -i wlan+ -o eth1s2 -j ACCEPT
-A FORWARD -i wlan+ -o eth0s3 -j ACCEPT
-A FORWARD -i wlan+ -o eth1s3 -j ACCEPT
-A FORWARD -i wlan+ -o wlan+ -j ACCEPT
-A FORWARD -i wlan+ -o wlan0s1 -j ACCEPT
-A FORWARD -i wlan+ -o wlan0s2 -j ACCEPT
-A FORWARD -i wlan+ -o wlan0s3 -j ACCEPT
-A FORWARD -i wlan+ -o vti+ -j ACCEPT
-A FORWARD -i wlan+ -o gre+ -j ACCEPT
-A FORWARD -i wlan+ -o tun+ -j ACCEPT
-A FORWARD -i wlan0s1 -o usb0 -j ACCEPT
-A FORWARD -i wlan0s1 -o eth0 -j ACCEPT
-A FORWARD -i wlan0s1 -o eth1 -j ACCEPT
-A FORWARD -i wlan0s1 -o eth0s1 -j ACCEPT
-A FORWARD -i wlan0s1 -o eth1s1 -j ACCEPT
-A FORWARD -i wlan0s1 -o eth0s2 -j ACCEPT
-A FORWARD -i wlan0s1 -o eth1s2 -j ACCEPT
-A FORWARD -i wlan0s1 -o eth0s3 -j ACCEPT
-A FORWARD -i wlan0s1 -o eth1s3 -j ACCEPT
-A FORWARD -i wlan0s1 -o wlan+ -j ACCEPT
-A FORWARD -i wlan0s1 -o wlan0s1 -j ACCEPT
-A FORWARD -i wlan0s1 -o wlan0s2 -j ACCEPT
-A FORWARD -i wlan0s1 -o wlan0s3 -j ACCEPT
-A FORWARD -i wlan0s1 -o vti+ -j ACCEPT
-A FORWARD -i wlan0s1 -o gre+ -j ACCEPT
-A FORWARD -i wlan0s1 -o tun+ -j ACCEPT
-A FORWARD -i wlan0s2 -o usb0 -j ACCEPT
-A FORWARD -i wlan0s2 -o eth0 -j ACCEPT
-A FORWARD -i wlan0s2 -o eth1 -j ACCEPT
-A FORWARD -i wlan0s2 -o eth0s1 -j ACCEPT
-A FORWARD -i wlan0s2 -o eth1s1 -j ACCEPT
-A FORWARD -i wlan0s2 -o eth0s2 -j ACCEPT
-A FORWARD -i wlan0s2 -o eth1s2 -j ACCEPT
-A FORWARD -i wlan0s2 -o eth0s3 -j ACCEPT
-A FORWARD -i wlan0s2 -o eth1s3 -j ACCEPT
-A FORWARD -i wlan0s2 -o wlan+ -j ACCEPT
-A FORWARD -i wlan0s2 -o wlan0s1 -j ACCEPT
-A FORWARD -i wlan0s2 -o wlan0s2 -j ACCEPT
-A FORWARD -i wlan0s2 -o wlan0s3 -j ACCEPT
-A FORWARD -i wlan0s2 -o vti+ -j ACCEPT
-A FORWARD -i wlan0s2 -o gre+ -j ACCEPT
-A FORWARD -i wlan0s2 -o tun+ -j ACCEPT
-A FORWARD -i wlan0s3 -o usb0 -j ACCEPT
-A FORWARD -i wlan0s3 -o eth0 -j ACCEPT
-A FORWARD -i wlan0s3 -o eth1 -j ACCEPT
-A FORWARD -i wlan0s3 -o eth0s1 -j ACCEPT
-A FORWARD -i wlan0s3 -o eth1s1 -j ACCEPT
-A FORWARD -i wlan0s3 -o eth0s2 -j ACCEPT
-A FORWARD -i wlan0s3 -o eth1s2 -j ACCEPT
-A FORWARD -i wlan0s3 -o eth0s3 -j ACCEPT
-A FORWARD -i wlan0s3 -o eth1s3 -j ACCEPT
-A FORWARD -i wlan0s3 -o wlan+ -j ACCEPT
-A FORWARD -i wlan0s3 -o wlan0s1 -j ACCEPT
-A FORWARD -i wlan0s3 -o wlan0s2 -j ACCEPT
-A FORWARD -i wlan0s3 -o wlan0s3 -j ACCEPT
-A FORWARD -i wlan0s3 -o vti+ -j ACCEPT
-A FORWARD -i wlan0s3 -o gre+ -j ACCEPT
-A FORWARD -i wlan0s3 -o tun+ -j ACCEPT
-A FORWARD -i vti+ -o usb0 -j ACCEPT
-A FORWARD -i vti+ -o eth0 -j ACCEPT
-A FORWARD -i vti+ -o eth1 -j ACCEPT
-A FORWARD -i vti+ -o eth0s1 -j ACCEPT
-A FORWARD -i vti+ -o eth1s1 -j ACCEPT
-A FORWARD -i vti+ -o eth0s2 -j ACCEPT
-A FORWARD -i vti+ -o eth1s2 -j ACCEPT
-A FORWARD -i vti+ -o eth0s3 -j ACCEPT
-A FORWARD -i vti+ -o eth1s3 -j ACCEPT
-A FORWARD -i vti+ -o wlan+ -j ACCEPT
-A FORWARD -i vti+ -o wlan0s1 -j ACCEPT
-A FORWARD -i vti+ -o wlan0s2 -j ACCEPT
-A FORWARD -i vti+ -o wlan0s3 -j ACCEPT
-A FORWARD -i vti+ -o vti+ -j ACCEPT
-A FORWARD -i vti+ -o gre+ -j ACCEPT
-A FORWARD -i vti+ -o tun+ -j ACCEPT
-A FORWARD -i gre+ -o usb0 -j ACCEPT
-A FORWARD -i gre+ -o eth0 -j ACCEPT
-A FORWARD -i gre+ -o eth1 -j ACCEPT
-A FORWARD -i gre+ -o eth0s1 -j ACCEPT
-A FORWARD -i gre+ -o eth1s1 -j ACCEPT
-A FORWARD -i gre+ -o eth0s2 -j ACCEPT
-A FORWARD -i gre+ -o eth1s2 -j ACCEPT
-A FORWARD -i gre+ -o eth0s3 -j ACCEPT
-A FORWARD -i gre+ -o eth1s3 -j ACCEPT
-A FORWARD -i gre+ -o wlan+ -j ACCEPT
-A FORWARD -i gre+ -o wlan0s1 -j ACCEPT
-A FORWARD -i gre+ -o wlan0s2 -j ACCEPT
-A FORWARD -i gre+ -o wlan0s3 -j ACCEPT
-A FORWARD -i gre+ -o vti+ -j ACCEPT
-A FORWARD -i gre+ -o gre+ -j ACCEPT
-A FORWARD -i gre+ -o tun+ -j ACCEPT
-A FORWARD -i tun+ -o usb0 -j ACCEPT
-A FORWARD -i tun+ -o eth0 -j ACCEPT
-A FORWARD -i tun+ -o eth1 -j ACCEPT
-A FORWARD -i tun+ -o eth0s1 -j ACCEPT
-A FORWARD -i tun+ -o eth1s1 -j ACCEPT
-A FORWARD -i tun+ -o eth0s2 -j ACCEPT
-A FORWARD -i tun+ -o eth1s2 -j ACCEPT
-A FORWARD -i tun+ -o eth0s3 -j ACCEPT
-A FORWARD -i tun+ -o eth1s3 -j ACCEPT
-A FORWARD -i tun+ -o wlan+ -j ACCEPT
-A FORWARD -i tun+ -o wlan0s1 -j ACCEPT
-A FORWARD -i tun+ -o wlan0s2 -j ACCEPT
-A FORWARD -i tun+ -o wlan0s3 -j ACCEPT
-A FORWARD -i tun+ -o vti+ -j ACCEPT
-A FORWARD -i tun+ -o gre+ -j ACCEPT
-A FORWARD -i tun+ -o tun+ -j ACCEPT
-A FORWARD -m limit --limit 2/sec -j LOG --log-prefix "**FORWARD DROP**
" --log-level 7
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o br+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j ACCEPT
-A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
-A OUTPUT -p tcp -m tcp --sport 10000 -m conntrack --ctstate INVALID -j
ACCEPT
-A OUTPUT -p tcp -m tcp --sport 10001 -m conntrack --ctstate INVALID -j
ACCEPT
-A OUTPUT -o wwan+ -p icmp -m icmp --icmp-type 3 -j DROP
-A OUTPUT -p icmp -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o wwan+ -p udp -m udp --dport 500 -j ACCEPT
-A OUTPUT -o wwan+ -p esp -j ACCEPT
-A OUTPUT -o wwan+ -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -o usb0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -o eth0s1 -j ACCEPT
-A OUTPUT -o eth1s1 -j ACCEPT
-A OUTPUT -o eth0s2 -j ACCEPT
-A OUTPUT -o eth1s2 -j ACCEPT
-A OUTPUT -o eth0s3 -j ACCEPT
-A OUTPUT -o eth1s3 -j ACCEPT
-A OUTPUT -o wlan+ -j ACCEPT
-A OUTPUT -o wlan0s1 -j ACCEPT
-A OUTPUT -o wlan0s2 -j ACCEPT
-A OUTPUT -o wlan0s3 -j ACCEPT
-A OUTPUT -o vti+ -j ACCEPT
-A OUTPUT -o gre+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -j TRAFFIC
-A FLAGS -m limit --limit 2/sec -j LOG --log-prefix "**BADFLAGS** "
--log-level 7
-A FLAGS -j DROP
-A SCAN -m limit --limit 2/sec -j LOG --log-prefix "**PORTSCAN** "
--log-level 7
-A SCAN -j DROP
-A TRAFFIC -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A TRAFFIC -i wwan+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j SCAN
-A TRAFFIC -p tcp -m multiport --ports 137,138,139 -j ACCEPT
-A TRAFFIC -p udp -m multiport --ports 137,138,139 -j ACCEPT
-A TRAFFIC -i ipsec+ -j ACCEPT
-A TRAFFIC -o ipsec+ -j ACCEPT
-A TRAFFIC -i usb0 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i eth0 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i eth1 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i eth0s1 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i eth1s1 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i eth0s2 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i eth1s2 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i eth0s3 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i eth1s3 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i wlan+ -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i wlan0s1 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i wlan0s2 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i wlan0s3 -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i vti+ -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i gre+ -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -i tun+ -m conntrack --ctstate NEW -j ACCEPT
-A TRAFFIC -p gre -j ACCEPT
-A TRAFFIC -d 255.255.255.255/32 -j DROP
-A TRAFFIC -p udp -m udp --dport 53 -j DROP
-A TRAFFIC -m limit --limit 2/sec -j LOG --log-prefix "**PACKET DROP** "
--log-level 7
-A TRAFFIC -j DROP
COMMIT
# Completed on Sat Sep 7 08:49:31 2019
+ _________________________ ip6tables
+ '[' -e ip6_tables_names ']'
+ _________________________ /proc/modules
+ '[' -f /proc/modules ']'
+ cat /proc/modules
ipsec 374430 2 - Live 0xbf326000 (O)
cmac 2427 0 - Live 0xbf322000
gcm 10293 0 - Live 0xbf31b000
ccm 7242 0 - Live 0xbf316000
cdc_acm 16829 4 - Live 0xbf30c000
nf_log_ipv6 4241 1 - Live 0xbf307000
nf_conntrack_ipv6 7116 53 - Live 0xbf301000
nf_defrag_ipv6 9577 1 nf_conntrack_ipv6, Live 0xbf2fb000
nf_log_ipv4 3562 8 - Live 0xbf2f7000
nf_log_common 2731 2 nf_log_ipv6,nf_log_ipv4, Live 0xbf2f3000
xt_multiport 1564 4 - Live 0xbf2ef000
xt_TCPMSS 2962 2 - Live 0xbf2eb000
xt_conntrack 2719 112 - Live 0xbf2e7000
xt_LOG 1093 9 - Live 0xbf2e3000
xt_limit 1568 11 - Live 0xbf2df000
iptable_mangle 1177 1 - Live 0xbf2db000
ipt_MASQUERADE 955 1 - Live 0xbf2d7000
nf_nat_masquerade_ipv4 1753 1 ipt_MASQUERADE, Live 0xbf2d3000
xt_REDIRECT 1084 6 - Live 0xbf2cf000
nf_nat_redirect 1134 1 xt_REDIRECT, Live 0xbf2cb000
iptable_nat 1323 1 - Live 0xbf2c7000
nf_conntrack_ipv4 6665 60 - Live 0xbf2c1000
nf_defrag_ipv4 1108 1 nf_conntrack_ipv4, Live 0xbf2bd000
nf_nat_ipv4 3733 1 iptable_nat, Live 0xbf2b9000
nf_nat 10231 3 nf_nat_masquerade_ipv4,nf_nat_redirect,nf_nat_ipv4, Live
0xbf2b1000
iptable_raw 1040 0 - Live 0xbf2ad000
iptable_filter 1049 1 - Live 0xbf2a9000
ip_tables 10169 4 iptable_mangle,iptable_nat,iptable_raw,iptable_filter,
Live 0xbf2a2000
ath9k_htc 53102 0 - Live 0xbf28e000
mac80211 339734 1 ath9k_htc, Live 0xbf224000
ath9k_common 19991 1 ath9k_htc, Live 0xbf21a000
ath9k_hw 345143 2 ath9k_htc,ath9k_common, Live 0xbf1b6000
ath 17993 3 ath9k_htc,ath9k_common,ath9k_hw, Live 0xbf1ad000
cfg80211 200678 4 ath9k_htc,mac80211,ath9k_common,ath, Live 0xbf16b000
GobiNet 51563 0 - Live 0xbf157000 (O)
smsc95xx 16603 0 - Live 0xbf14e000
cdc_ncm 15155 0 - Live 0xbf145000
cdc_ether 4291 0 - Live 0xbf13f000
usbnet 18425 4 GobiNet,smsc95xx,cdc_ncm,cdc_ether, Live 0xbf134000
mii 3782 2 smsc95xx,usbnet, Live 0xbf130000
GobiSerial 6680 0 - Live 0xbf12a000 (O)
ti_am335x_adc 5861 0 - Live 0xbf125000
kfifo_buf 2202 1 ti_am335x_adc, Live 0xbf121000
industrialio 34673 2 ti_am335x_adc,kfifo_buf, Live 0xbf110000
i2c_hid 10037 0 - Live 0xbf109000
usbhid 37931 0 - Live 0xbf0fa000
hid_generic 868 0 - Live 0xbf0f6000
hid 88944 3 i2c_hid,usbhid,hid_generic, Live 0xbf0d9000
xr_usb_serial_common 22029 0 - Live 0xbf0ce000 (O)
option 30974 0 - Live 0xbf0b8000
usb_wwan 6308 1 option, Live 0xbf0b2000
usbserial 20382 3 GobiSerial,option,usb_wwan, Live 0xbf0a7000
ppp_async 7501 0 - Live 0xbf0a2000
ppp_generic 24743 1 ppp_async, Live 0xbf096000
slhc 4596 1 ppp_generic, Live 0xbf091000
gpio_keys 7279 0 - Live 0xbf08b000
evdev 11626 1 - Live 0xbf084000
sd_mod 26469 0 - Live 0xbf078000
sg 20007 0 - Live 0xbf06f000
mtd_spi_sram 3573 0 - Live 0xbf06b000
spi_omap2_mcspi 10318 0 - Live 0xbf065000
lm75 4060 0 - Live 0xbf061000
ads1015 2760 0 - Live 0xbf05d000
hwmon 7269 2 lm75,ads1015, Live 0xbf057000
at25 3836 0 - Live 0xbf053000
at24 6217 0 - Live 0xbf04e000
nvmem_core 8114 2 at25,at24, Live 0xbf048000
usb_f_ecm 5134 1 - Live 0xbf042000
dwc3_omap 3917 0 - Live 0xbf03e000
sxni_iodb 27307 14 - Live 0xbf033000 (O)
g_ether 3177 0 - Live 0xbf02e000
usb_f_rndis 11162 2 g_ether, Live 0xbf026000
libcomposite 34265 3 usb_f_ecm,g_ether,usb_f_rndis, Live 0xbf016000
u_ether 9557 3 usb_f_ecm,g_ether,usb_f_rndis, Live 0xbf00f000
configfs 24170 4 usb_f_ecm,usb_f_rndis,libcomposite, Live 0xbf004000
jbm_feature 2299 0 - Live 0xbf000000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 510784 kB
MemFree: 437576 kB
MemAvailable: 457372 kB
Buffers: 40 kB
Cached: 26204 kB
SwapCached: 0 kB
Active: 29000 kB
Inactive: 12340 kB
Active(anon): 16344 kB
Inactive(anon): 884 kB
Active(file): 12656 kB
Inactive(file): 11456 kB
Unevictable: 1396 kB
Mlocked: 1396 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 510784 kB
LowFree: 437576 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 16504 kB
Mapped: 11208 kB
Shmem: 1052 kB
Slab: 15896 kB
SReclaimable: 7556 kB
SUnreclaim: 8340 kB
KernelStack: 1216 kB
PageTables: 1340 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 255392 kB
Committed_AS: 115616 kB
VmallocTotal: 507904 kB
VmallocUsed: 0 kB
VmallocChunk: 0 kB
+ _________________________ /proc/net/ipsec-ls
+ '[' -f /proc/net/ipsec_version ']'
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug
/proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg
/proc/net/ipsec_version
lrwxrwxrwx 1 root root 16 Sep 7 08:49
/proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx 1 root root 16 Sep 7 08:49
/proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx 1 root root 13 Sep 7 08:49
/proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx 1 root root 16 Sep 7 08:49
/proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx 1 root root 11 Sep 7 08:49
/proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx 1 root root 13 Sep 7 08:49
/proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ '[' -f /proc/config.gz ']'
++ uname -r
+ '[' -f /lib/modules/4.9.119/build/.config ']'
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ '[' -f /etc/syslog.conf ']'
+ '[' -f /etc/syslog-ng/syslog-ng.conf ']'
+ '[' -f /etc/rsyslog.conf ']'
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# DO NOT EDIT THIS FILE.
#
# IT MUST CONTAIN THE SINGLE ENTRY: nameserver 127.0.0.1
#
# USE /etc/dnsmasq/dnsmasq.servers.conf TO EFFECT DNS CHANGES.
#
# DO NOT EDIT THIS FILE.
nameserver 127.0.0.1
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
drwxr-xr-x 4 root root 1712 Sep 7 08:47 4.9.119
+ _________________________ fipscheck
+ cat /proc/sys/crypto/fips_enabled
cat: can't open '/proc/sys/crypto/fips_enabled': No such file or directory
+ _________________________ /proc/ksyms-netif_rx
+ '[' -r /proc/ksyms ']'
+ '[' -r /proc/kallsyms ']'
+ grep -E netif_rx /proc/kallsyms
c05a8c58 t netif_rx_internal
c05a8e08 T netif_rx
c05a8e1c T netif_rx_ni
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
4.9.119:
+ _________________________ kern.debug
+ '[' -f /var/log/kern.debug ']'
+ _________________________ klog
+ dmesg
+ grep -E -i 'klips|ipsec'
[ 118.767758] klips_info:ipsec_init: KLIPS startup, Libreswan KLIPS
IPsec stack version: 3.master-201936.git
[ 118.818505] registered KLIPS /proc/sys/net
[ 118.818526] klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0
(EALG_MAX=255, AALG_MAX=255)
[ 118.818533] klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
[ 118.818547] ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
[ 118.818554] ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac): ret=0
[ 118.818560] ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
[ 118.818592] KLIPS cryptoapi interface: alg_type=15 alg_id=12
name=cbc(aes) keyminbits=128 keymaxbits=256, found(0)
[ 118.866652] KLIPS: lookup for ciphername=cbc(twofish): not found
[ 118.895194] KLIPS: lookup for ciphername=cbc(serpent): not found
[ 118.923878] KLIPS: lookup for ciphername=cbc(cast5): not found
[ 118.923913] KLIPS cryptoapi interface: alg_type=15 alg_id=3
name=cbc(des3_ede) keyminbits=192 keymaxbits=192, found(0)
[ 118.938193] KLIPS: lookup for ciphername=cipher_null: not found
[ 118.938237] KLIPS cryptoapi interface: alg_type=14 alg_id=2
name=hmac(md5) ctx_size=64 keyminbits=128 keymaxbits=128, found(0)
[ 118.938251] KLIPS cryptoapi interface: alg_type=14 alg_id=3
name=hmac(sha1) ctx_size=64 keyminbits=160 keymaxbits=160, found(0)
[ 118.938263] KLIPS cryptoapi interface: alg_type=14 alg_id=5
name=hmac(sha256) ctx_size=64 keyminbits=256 keymaxbits=256, found(0)
[ 118.938275] KLIPS cryptoapi interface: alg_type=14 alg_id=6
name=hmac(sha384) ctx_size=64 keyminbits=384 keymaxbits=384, found(0)
[ 118.938286] KLIPS cryptoapi interface: alg_type=14 alg_id=7
name=hmac(sha512) ctx_size=64 keyminbits=512 keymaxbits=512, found(0)
[ 118.938296] KLIPS cryptoapi interface: alg_type=14 alg_id=252
name=hmac(sha256) ctx_size=64 keyminbits=256 keymaxbits=256, found(0)
+ _________________________ plog
+ '[' -x /usr/bin/journalctl -o -x /bin/journalctl ']'
+ grep -E -i pluto
+ sed -n '1,$p' /dev/null
+ case "${1}" in
+ cat
+ _________________________ date
+ date
Sat Sep 7 08:49:32 CDT 2019
[root at DA70N-051656 tmp]#
[root at DA70N-051656 tmp]# slog &
[1] 5955
[root at DA70N-051656 tmp]#
slog v1.04
Tailing the logfile /var/log/messages ( 20 lines )
**** Press CTRL-C to exit ****
Sep 7 08:49:04 pluto[5054]: "Tunnel1/1x2" #3: STATE_QUICK_I2: sent QI2,
IPsec SA established tunnel mode {ESP/NAT=>0xc42ed83e <0x578d3f45
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=166.130.x.x:4500 DPD=active}
Sep 7 08:49:06 pluto[5054]: "Tunnel1/1x3" #4: STATE_QUICK_I2: sent QI2,
IPsec SA established tunnel mode {ESP/NAT=>0xc42ed83f <0x578d3f46
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=166.130.x.x:4500 DPD=active}
Sep 7 08:49:06 pluto[5054]: "Tunnel1/3x2" #9: STATE_QUICK_I1:
retransmission; will wait 1 seconds for response
Sep 7 08:49:06 pluto[5054]: "Tunnel1/3x1" #8: STATE_QUICK_I1:
retransmission; will wait 1 seconds for response
Sep 7 08:49:06 pluto[5054]: "Tunnel1/2x3" #7: STATE_QUICK_I1:
retransmission; will wait 1 seconds for response
Sep 7 08:49:06 pluto[5054]: "Tunnel1/3x3" #10: STATE_QUICK_I1:
retransmission; will wait 1 seconds for response
Sep 7 08:49:06 pluto[5054]: "Tunnel1/2x1" #5: STATE_QUICK_I2: sent QI2,
IPsec SA established tunnel mode {ESP/NAT=>0xc42ed840 <0x578d3f47
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=166.130.x.x:4500 DPD=active}
Sep 7 08:49:06 pluto[5054]: "Tunnel1/2x3" #7: STATE_QUICK_I1:
retransmission; will wait 2 seconds for response
Sep 7 08:49:06 pluto[5054]: "Tunnel1/3x3" #10: STATE_QUICK_I1:
retransmission; will wait 2 seconds for response
Sep 7 08:49:06 pluto[5054]: "Tunnel1/3x2" #9: STATE_QUICK_I1:
retransmission; will wait 2 seconds for response
Sep 7 08:49:06 pluto[5054]: "Tunnel1/3x1" #8: STATE_QUICK_I1:
retransmission; will wait 2 seconds for response
Sep 7 08:49:06 pluto[5054]: "Tunnel1/2x2" #6: STATE_QUICK_I2: sent QI2,
IPsec SA established tunnel mode {ESP/NAT=>0xc42ed841 <0x578d3f48
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=166.130.x.x:4500 DPD=active}
Sep 7 08:49:06 pluto[5054]: "Tunnel1/2x3" #7: STATE_QUICK_I2: sent QI2,
IPsec SA established tunnel mode {ESP/NAT=>0xc42ed842 <0x578d3f49
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=166.130.x.x:4500 DPD=active}
Sep 7 08:49:07 pluto[5054]: "Tunnel1/3x1" #8: STATE_QUICK_I2: sent QI2,
IPsec SA established tunnel mode {ESP/NAT=>0xc42ed843 <0x578d3f4a
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=166.130.x.x:4500 DPD=active}
Sep 7 08:49:07 pluto[5054]: "Tunnel1/3x2" #9: STATE_QUICK_I2: sent QI2,
IPsec SA established tunnel mode {ESP/NAT=>0xc42ed844 <0x578d3f4b
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=166.130.x.x:4500 DPD=active}
Sep 7 08:49:07 pluto[5054]: "Tunnel1/3x3" #10: STATE_QUICK_I2: sent
QI2, IPsec SA established tunnel mode {ESP/NAT=>0xc42ed845 <0x578d3f4c
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=166.130.x.x:4500 DPD=active}
Sep 7 08:49:16 pluto[5054]: "Tunnel1/3x3" #10: retransmitting in
response to duplicate packet; already STATE_QUICK_I2
Sep 7 08:49:28 pluto[5054]: forgetting secrets
Sep 7 08:49:28 pluto[5054]: loading secrets from "/etc/ipsec.secrets"
Sep 7 08:49:28 pluto[5054]: loading secrets from
"/etc/ipsec.d/tunnel1.secrets"
[root at DA70N-051656 tmp]#
[root at DA70N-051656 tmp]#
[root at DA70N-051656 tmp]# ipsec klipsdebug --all; ipsec whack --debug
all; ipsec whack --shutdown
Sep 7 08:49:53 kernel: [ 173.726261]
klips_debug:pfkey_x_debug_process: set
Sep 7 08:49:53 kernel: [ 173.726286] klips_debug:pfkey_msg_interp:
parsing message type 16(x-debug) with msg_parser 0pbf33b4e8.
Sep 7 08:49:53 kernel: [ 173.726290]
klips_debug:pfkey_x_msg_debug_parse: .
Sep 7 08:49:53 kernel: [ 173.726424] ipsec_sa_put: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (1--) decremented by
pfkey_msg_interp:3144.
Sep 7 08:49:53 kernel: [ 173.726429] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:53 kernel: [ 173.726438] klips_debug:ipsec_sa_wipe:
removing SA=unk0:0@<invalid>(0pdd51b000), SAref=0, table=0(0pdd508000),
entry=0 from the refTable.
Sep 7 08:49:53 kernel: [ 173.726584] klips_debug:pfkey_release:
sock=0pde6f5800 sk=0pdd4d4000
Sep 7 08:49:53 kernel: [ 173.726589] klips_debug:pfkey_destroy_socket:
0pdd4d4000
Sep 7 08:49:53 kernel: [ 173.726593] klips_debug:pfkey_remove_socket:
0pdd4d4000
Sep 7 08:49:53 kernel: [ 173.726600] klips_debug:pfkey_destroy_socket:
pfkey_remove_socket called, sk=0pdd4d4000
Sep 7 08:49:53 kernel: [ 173.726606] klips_debug:pfkey_destroy_socket:
sk(0pdd4d4000)->(&0pdd4d407c)receive_queue.{next=0pdd4d407c,prev=0pdd4d407c}.
Sep 7 08:49:53 kernel: [ 173.726730] klips_debug:pfkey_destroy_socket:
destroyed.
Sep 7 08:49:53 kernel: [ 173.726736]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726741]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726744]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726747]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726749]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726753]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726755]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726758]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726761]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726764]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726766]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726769]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726871]
klips_debug:pfkey_list_remove_socket: removing sock=0pde6f5800
Sep 7 08:49:53 kernel: [ 173.726874] klips_debug:pfkey_release: succeeded.
Sep 7 08:49:53 pluto[5054]: | old debugging none + base+cpu-usage
Sep 7 08:49:54 pluto[5054]: | base debugging = base+cpu-usage
Sep 7 08:49:54 pluto[5054]: | old impairing none + none
Sep 7 08:49:54 pluto[5054]: | base impairing = none
Sep 7 08:49:54 pluto[5054]: | close_any(fd at 12) (in whack_process() at
rcv_whack.c:700)
Sep 7 08:49:54 pluto[5054]: | spent 0.502 milliseconds in whack
002 shutting down
Sep 7 08:49:54 pluto[5054]: | accept(whackctlfd, (struct sockaddr
*)&whackaddr, &whackaddrlen) -> fd at 12 (in whack_handle() at rcv_whack.c:722)
Sep 7 08:49:54 pluto[5054]: shutting down
Sep 7 08:49:54 pluto[5054]: | processing: RESET whack log_fd (was
fd at 12) (in exit_pluto() at plutomain.c:1825)
Sep 7 08:49:54 pluto[5054]: | certs and keys locked by
'free_preshared_secrets'
Sep 7 08:49:54 pluto[5054]: forgetting secrets
Sep 7 08:49:54 pluto[5054]: | certs and keys unlocked by
'free_preshared_secrets'
Sep 7 08:49:54 pluto[5054]: | start processing: connection
"Tunnel1/3x3" (in delete_connection() at connections.c:189)
Sep 7 08:49:54 pluto[5054]: | Deleting states for connection -
including all other IPsec SA's of this IKE SA
Sep 7 08:49:54 pluto[5054]: | pass 0
Sep 7 08:49:54 pluto[5054]: | FOR_EACH_STATE_... in
foreach_state_by_connection_func_delete
Sep 7 08:49:54 pluto[5054]: | state #10
Sep 7 08:49:54 pluto[5054]: | suspend processing: connection
"Tunnel1/3x3" (in foreach_state_by_connection_func_delete() at state.c:1310)
Sep 7 08:49:54 pluto[5054]: | start processing: state #10 connection
"Tunnel1/3x3" from 166.130.x.x:4500 (in
foreach_state_by_connection_func_delete() at state.c:1310)
Sep 7 08:49:54 pluto[5054]: | pstats #10 ikev1.ipsec deleted completed
Sep 7 08:49:54 pluto[5054]: | [RE]START processing: state #10
connection "Tunnel1/3x3" from 166.130.x.x:4500 (in delete_state() at
state.c:879)
Sep 7 08:49:54 pluto[5054]: "Tunnel1/3x3" #10: deleting state
(STATE_QUICK_I2) aged 52.148s and sending notification
Sep 7 08:49:54 pluto[5054]: | child state #10: QUICK_I2(established
CHILD SA) => delete
Sep 7 08:49:54 pluto[5054]: | get_sa_info esp.c42ed845 at 166.130.x.x
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p(nil).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p0xb6010a48.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=c42ed845 replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8a68e8
allocated 88 bytes, &(extensions[0])=0p0xbe9a9fac
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=11, res=0, seq=95, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8a68f8 with
parser pfkey_sa_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed845 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8a6910 with parser
pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8a6928 with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_GET message 95
for Get SA esp.c42ed845 at 166.130.x.x
Sep 7 08:49:54 pluto[5054]: | 02 05 00 03 0b 00 00 00 5f 00 00 00
be 13 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 c4 2e d8 45 00 01 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
a6 82 3e 34
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_GET message 95
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=15, res=0, seq=95, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=13.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
ext_type=1(security-association) ext_len=3 parsing ext 0p0xbe9aa0c4 with
parser pfkey_sa_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed845 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=2(lifetime-current) remain=10.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=10
ext_type=2(lifetime-current) ext_len=4 parsing ext 0p0xbe9aa0dc with
parser pfkey_lifetime_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:enter
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:
life_type=2(lifetime-current) alloc=1 bytes=0 add=42949500 use=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
2(lifetime-current) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0xbe9aa0fc with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0xbe9aa114 with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 pluto[5054]: | get_sa_info esp.578d3f4c at 100.114.157.13
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p(nil).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p0xb6010a48.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=578d3f4c replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8ca980
allocated 88 bytes, &(extensions[0])=0p0xbe9a9fac
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=11, res=0, seq=96, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8ca990 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.140792] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 kernel: [ 174.140813] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 kernel: [ 174.140844] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 kernel: [ 174.140860] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=5, errno=0, satype=3(ESP), len=11, res=0,
seq=95, pid=5054.
Sep 7 08:49:54 kernel: [ 174.140880] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 kernel: [ 174.140884] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 kernel: [ 174.140914] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 kernel: [ 174.140925] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=5(get), errno=0, satype=3(ESP), len=11,
res=0, seq=95, pid=5054.
Sep 7 08:49:54 kernel: [ 174.140932] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.140936] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.140942] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.140951] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd584d10 with parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.140962] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=c42ed845
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.140990] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.140995] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.141002] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd584d28
with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.141012] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.141015] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.141018] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.141022] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.141028] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd584d40 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.141034] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=166.130.x.x proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.141057] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.141061] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.141069] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd584d10 with processor 0pbf340de4.
Sep 7 08:49:54 kernel: [ 174.141072] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 kernel: [ 174.141077] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd584d28 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.141080] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.141087]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 kernel: [ 174.141090]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 kernel: [ 174.141095]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.141099]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.141103] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd584d40 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.141127] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.141132]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 kernel: [ 174.141135]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 kernel: [ 174.141138]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.141143]
klips_debug:pfkey_address_process: ips_said.dst set to 166.130.x.x.
Sep 7 08:49:54 kernel: [ 174.141146]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.141151] klips_debug:pfkey_msg_interp:
parsing message type 5(get) with msg_parser 0pbf33c2a8.
Sep 7 08:49:54 kernel: [ 174.141155] klips_debug:pfkey_get_parse: .
Sep 7 08:49:54 kernel: [ 174.141165] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=136 of SA:esp.c42ed845 at 166.130.x.x requested.
Sep 7 08:49:54 kernel: [ 174.141175] ipsec_sa_get: ipsec_sa dd45c400
SA:esp.c42ed845 at 166.130.x.x, ref:34 reference count (3++) incremented by
ipsec_sa_getbyid:540.
Sep 7 08:49:54 kernel: [ 174.141187] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.141195] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 kernel: [ 174.141200] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0pddebfe40.
Sep 7 08:49:54 kernel: [ 174.141204] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.141207] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.141215] klips_debug:pfkey_sa_build:
spi=c42ed845 replay=0 sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.141219] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.141221] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.141225] klips_debug:pfkey_lifetime_build:
Sep 7 08:49:54 kernel: [ 174.141228] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.141230] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.141235] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f4c replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.141239] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.141245] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.141249] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.141252] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.141254] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.141258] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8ca9a8 with parser
pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.141260] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:54 kernel: [ 174.141264] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.141267] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.141269] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.141271] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.141282] ipsec_sa_put: ipsec_sa dd45c400
SA:esp.c42ed845 at 166.130.x.x, ref:34 reference count (4--) decremented by
pfkey_get_parse:1208.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.141309] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.141314] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8ca9c0 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.141318] klips_debug:pfkey_msg_build:
extensions[2] needs 32 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.141321] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.141325] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.141331] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd4c6980 allocated 120 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_GET message 96
for Get SA esp.578d3f4c at 100.114.157.13
Sep 7 08:49:54 kernel: [ 174.141336] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | 02 05 00 03 0b 00 00 00 60 00 00 00
be 13 00 00
Sep 7 08:49:54 kernel: [ 174.141341] klips_debug:pfkey_msg_build:
copying 32 bytes from extensions[2] (type=2)
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 57 8d 3f 4c 00 01 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.141345] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.141349] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 a6 82 3e 34 00 00 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.141380] klips_debug:pfkey_upmsg:
allocating 120 bytes...
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
64 72 9d 0d
Sep 7 08:49:54 kernel: [ 174.141386] klips_debug:pfkey_upmsg:
...allocated at 0pdd0f8540.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 kernel: [ 174.141395] klips_debug:pfkey_get_parse:
succeeded in sending get reply message.
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_GET message 96
Sep 7 08:49:54 kernel: [ 174.141402]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.141406]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.141411]
klips_debug:pfkey_extensions_free:Free extension 2 (32)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.141415]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.141419]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=15, res=0, seq=96, pid=5054.
Sep 7 08:49:54 kernel: [ 174.141451] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.c42ed845 at 166.130.x.x, ref:0 reference count (1--) decremented by
pfkey_msg_interp:3144.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.141454] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
Sep 7 08:49:54 kernel: [ 174.141464] klips_debug:ipsec_sa_wipe:
removing SA=esp.c42ed845 at 166.130.x.x(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=13.
Sep 7 08:49:54 kernel: [ 174.163249] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
ext_type=1(security-association) ext_len=3 parsing ext 0p0xbe9aa0c4 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.163266] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f4c replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.163298] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.163312] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=5, errno=0, satype=3(ESP), len=11, res=0,
seq=96, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=2(lifetime-current) remain=10.
Sep 7 08:49:54 kernel: [ 174.163332] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=10
ext_type=2(lifetime-current) ext_len=4 parsing ext 0p0xbe9aa0dc with
parser pfkey_lifetime_parse.
Sep 7 08:49:54 kernel: [ 174.163336] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:enter
Sep 7 08:49:54 kernel: [ 174.163366] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:
life_type=2(lifetime-current) alloc=1 bytes=0 add=42949500 use=0.
Sep 7 08:49:54 kernel: [ 174.163376] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=5(get), errno=0, satype=3(ESP), len=11,
res=0, seq=96, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
2(lifetime-current) parsed.
Sep 7 08:49:54 kernel: [ 174.163383] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.163387] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0xbe9aa0fc with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.163394] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:54 kernel: [ 174.163403] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd4c6c10 with parser pfkey_sa_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.163413] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=578d3f4c
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.163441] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.163445] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0xbe9aa114 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.163452] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd4c6c28
with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.163461] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.163463] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.163467] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 pluto[5054]: "Tunnel1/3x3" #10: ESP traffic information:
in=0B out=0B
Sep 7 08:49:54 kernel: [ 174.163471] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 pluto[5054]: | state #10 requesting
EVENT_DPD-pe at 0x8a5250 be deleted
Sep 7 08:49:54 kernel: [ 174.163477] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd4c6c40 with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | libevent_free: release ptr-libevent at 0x8aa810
Sep 7 08:49:54 kernel: [ 174.163483] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=100.114.157.13 proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | free_event_entry: release
EVENT_DPD-pe at 0x8a5250
Sep 7 08:49:54 kernel: [ 174.163504] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | #10 send IKEv1 delete notification for
STATE_QUICK_I2
Sep 7 08:49:54 kernel: [ 174.163508] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 pluto[5054]: | FOR_EACH_STATE_... in find_phase1_state
Sep 7 08:49:54 kernel: [ 174.163515] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd4c6c10 with processor 0pbf340de4.
Sep 7 08:49:54 pluto[5054]: | **emit ISAKMP Message:
Sep 7 08:49:54 kernel: [ 174.163518] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 pluto[5054]: | initiator cookie:
Sep 7 08:49:54 kernel: [ 174.163523] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd4c6c28 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | 54 35 b4 b8 be ba 22 5a
Sep 7 08:49:54 kernel: [ 174.163526] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | responder cookie:
Sep 7 08:49:54 kernel: [ 174.163532]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 pluto[5054]: | 9e 6e 00 44 ba 3a 20 41
Sep 7 08:49:54 kernel: [ 174.163536]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 pluto[5054]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 7 08:49:54 kernel: [ 174.163540]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | ISAKMP version: ISAKMP Version 1.0
(rfc2407) (0x10)
Sep 7 08:49:54 kernel: [ 174.163544]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | exchange type: ISAKMP_XCHG_INFO (0x5)
Sep 7 08:49:54 kernel: [ 174.163549] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd4c6c40 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
Sep 7 08:49:54 kernel: [ 174.163572] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | Message ID: 3836972172 (0xe4b38c8c)
Sep 7 08:49:54 kernel: [ 174.163578]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | next payload chain: saving message
location 'ISAKMP Message'.'next payload type'
Sep 7 08:49:54 kernel: [ 174.163581]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 pluto[5054]: | ***emit ISAKMP Hash Payload:
Sep 7 08:49:54 kernel: [ 174.163584]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 7 08:49:54 kernel: [ 174.163590]
klips_debug:pfkey_address_process: ips_said.dst set to 100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | next payload chain: setting previous
'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload
(8:ISAKMP_NEXT_HASH)
Sep 7 08:49:54 kernel: [ 174.163593]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | next payload chain: saving location
'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
Sep 7 08:49:54 kernel: [ 174.163598] klips_debug:pfkey_msg_interp:
parsing message type 5(get) with msg_parser 0pbf33c2a8.
Sep 7 08:49:54 pluto[5054]: | emitting 32 zero bytes of HASH DATA into
ISAKMP Hash Payload
Sep 7 08:49:54 kernel: [ 174.163602] klips_debug:pfkey_get_parse: .
Sep 7 08:49:54 pluto[5054]: | emitting length of ISAKMP Hash Payload: 36
Sep 7 08:49:54 kernel: [ 174.163612] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=113 of SA:esp.578d3f4c at 100.114.157.13 requested.
Sep 7 08:49:54 pluto[5054]: | ***emit ISAKMP Delete Payload:
Sep 7 08:49:54 kernel: [ 174.163622] ipsec_sa_get: ipsec_sa ddf29c00
SA:esp.578d3f4c at 100.114.157.13, ref:36 reference count (3++) incremented
by ipsec_sa_getbyid:540.
Sep 7 08:49:54 pluto[5054]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 7 08:49:54 kernel: [ 174.163634] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | DOI: ISAKMP_DOI_IPSEC (0x1)
Sep 7 08:49:54 kernel: [ 174.163643] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 pluto[5054]: | protocol ID: 3 (0x3)
Sep 7 08:49:54 kernel: [ 174.163649] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd006480.
Sep 7 08:49:54 pluto[5054]: | SPI size: 4 (0x4)
Sep 7 08:49:54 kernel: [ 174.163653] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | number of SPIs: 1 (0x1)
Sep 7 08:49:54 kernel: [ 174.163656] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | next payload chain: setting previous
'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete
Payload (12:ISAKMP_NEXT_D)
Sep 7 08:49:54 kernel: [ 174.163664] klips_debug:pfkey_sa_build:
spi=578d3f4c replay=0 sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 pluto[5054]: | next payload chain: saving location
'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
Sep 7 08:49:54 kernel: [ 174.163667] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | emitting 4 raw bytes of delete payload
into ISAKMP Delete Payload
Sep 7 08:49:54 kernel: [ 174.163670] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | delete payload 57 8d 3f 4c
Sep 7 08:49:54 kernel: [ 174.163674] klips_debug:pfkey_lifetime_build:
Sep 7 08:49:54 pluto[5054]: | emitting length of ISAKMP Delete Payload: 16
Sep 7 08:49:54 kernel: [ 174.163677] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | send delete HASH(1):
Sep 7 08:49:54 kernel: [ 174.163679] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | f1 28 15 c0 e6 01 dc f4 e9 6f 41 6d
e8 eb fc 6c
Sep 7 08:49:54 kernel: [ 174.163684] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | c3 05 aa 6e 53 c7 b0 b9 48 62 73 10
43 4b b8 2a
Sep 7 08:49:54 kernel: [ 174.163688] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | emitting 12 zero bytes of encryption
padding into ISAKMP Message
Sep 7 08:49:54 kernel: [ 174.163693] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 pluto[5054]: | no IKEv1 message padding required
Sep 7 08:49:54 kernel: [ 174.163697] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | emitting length of ISAKMP Message: 92
Sep 7 08:49:54 kernel: [ 174.163700] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | sending 96 bytes for delete notify
through wwan0 from 100.114.157.13:4500 to 166.130.x.x:4500 (using #1)
Sep 7 08:49:54 kernel: [ 174.163702] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 54 35 b4 b8 be ba 22 5a
9e 6e 00 44
Sep 7 08:49:54 kernel: [ 174.163706] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | ba 3a 20 41 08 10 05 01 e4 b3 8c 8c
00 00 00 5c
Sep 7 08:49:54 kernel: [ 174.163708] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | 32 f1 72 36 bd a5 cd e0 71 15 1e c7
47 4b 84 8b
Sep 7 08:49:54 kernel: [ 174.163712] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 pluto[5054]: | da 19 85 82 49 0d 74 14 68 b7 0d e5
e5 73 c1 4a
Sep 7 08:49:54 kernel: [ 174.163715] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | 4f 37 d1 35 3a c0 4c 89 4a 3e e2 b0
5b 15 0a a7
Sep 7 08:49:54 kernel: [ 174.163718] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | ed 34 da 03 3e cc 4b b1 bd 3b 47 bc
55 9d d5 af
Sep 7 08:49:54 kernel: [ 174.163720] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | state #10 requesting EVENT_SA_REPLACE to
be deleted
Sep 7 08:49:54 kernel: [ 174.163731] ipsec_sa_put: ipsec_sa ddf29c00
SA:esp.578d3f4c at 100.114.157.13, ref:36 reference count (4--) decremented
by pfkey_get_parse:1208.
Sep 7 08:49:54 pluto[5054]: | libevent_free: release ptr-libevent at 0x8a5908
Sep 7 08:49:54 kernel: [ 174.163758] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 pluto[5054]: | free_event_entry: release
EVENT_SA_REPLACE-pe at 0x8a5750
Sep 7 08:49:54 kernel: [ 174.163763] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | running updown command "ipsec _updown"
for verb down
Sep 7 08:49:54 kernel: [ 174.163767] klips_debug:pfkey_msg_build:
extensions[2] needs 32 bytes
Sep 7 08:49:54 pluto[5054]: | command executing down-client
Sep 7 08:49:54 kernel: [ 174.163770] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | executing down-client: 2>&1
PLUTO_VERB='down-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='Tunnel1/3x3' PLUTO_INTERFACE='ipsec0'
PLUTO_NEXT_HOP='100.114.157.14' PLUTO_ME='100.114.157.13'
PLUTO_MY_ID='@HALOHALO' PLUTO_MY_CLIENT='10.10.0.0/24'
PLUTO_MY_CLIENT_NET='10.10.0.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16420'
PLUTO_SA_TYPE='ESP' PLUTO_PEER='166.130.x.x' PLUTO_PEER_ID='@RAMRAM'
PLUTO_PEER_CLIENT='172.20.0.0/24' PLUTO_PEER_CLIENT_NET='172.20.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='klips'
PLUTO_ADDTIME='42949500'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO'
PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4'
XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=''
PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0'
PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V
Sep 7 08:49:54 kernel: [ 174.163774] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | popen cmd is 1059 chars long
Sep 7 08:49:54 kernel: [ 174.163781] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd4c6000 allocated 120 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 pluto[5054]: | cmd( 0):2>&1 PLUTO_VERB='down-client'
PLUTO_VERSION='2.0' PLUTO_CONNECTION='Tunnel1/3x3':
Sep 7 08:49:54 kernel: [ 174.163786] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | cmd( 80): PLUTO_INTERFACE='ipsec0'
PLUTO_NEXT_HOP='100.114.157.14' PLUTO_ME='100.114.157.:
Sep 7 08:49:54 kernel: [ 174.163791] klips_debug:pfkey_msg_build:
copying 32 bytes from extensions[2] (type=2)
Sep 7 08:49:54 pluto[5054]: | cmd( 160):13' PLUTO_MY_ID='@HALOHALO'
PLUTO_MY_CLIENT='10.10.0.0/24' PLUTO_MY_CLIENT_NET=':
Sep 7 08:49:54 kernel: [ 174.163796] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | cmd( 240):10.10.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO:
Sep 7 08:49:54 kernel: [ 174.163800] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | cmd( 320):COL='0' PLUTO_SA_REQID='16420'
PLUTO_SA_TYPE='ESP' PLUTO_PEER='166.130.x.x' PL:
Sep 7 08:49:54 kernel: [ 174.163827] klips_debug:pfkey_upmsg:
allocating 120 bytes...
Sep 7 08:49:54 pluto[5054]: | cmd( 400):UTO_PEER_ID='@RAMRAM'
PLUTO_PEER_CLIENT='172.20.0.0/24' PLUTO_PEER_CLIENT_NET='1:
Sep 7 08:49:54 kernel: [ 174.163833] klips_debug:pfkey_upmsg:
...allocated at 0pdf762cc0.
Sep 7 08:49:54 pluto[5054]: | cmd( 480):72.20.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER:
Sep 7 08:49:54 kernel: [ 174.163842] klips_debug:pfkey_get_parse:
succeeded in sending get reply message.
Sep 7 08:49:54 pluto[5054]: | cmd( 560):_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_STACK='klips' PLUTO_ADDTIME='42949500' PLUT:
Sep 7 08:49:54 kernel: [ 174.163849]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 pluto[5054]: | cmd(
640):O_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+:
Sep 7 08:49:54 kernel: [ 174.163853]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 pluto[5054]: | cmd( 720):ESN_NO'
PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED:
Sep 7 08:49:54 kernel: [ 174.163858]
klips_debug:pfkey_extensions_free:Free extension 2 (32)
Sep 7 08:49:54 pluto[5054]: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0'
PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT:
Sep 7 08:49:54 kernel: [ 174.163862]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 pluto[5054]: | cmd( 880):O_PEER_BANNER=''
PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=':
Sep 7 08:49:54 kernel: [ 174.163866]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 pluto[5054]: | cmd( 960):0' VTI_IFACE=''
VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xc42ed845 SPI_OUT=0x578:
Sep 7 08:49:54 kernel: [ 174.163900] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.578d3f4c at 100.114.157.13, ref:0 reference count (1--) decremented
by pfkey_msg_interp:3144.
Sep 7 08:49:54 pluto[5054]: | cmd(1040):d3f4c ipsec _updown:
Sep 7 08:49:54 kernel: [ 174.163903] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 kernel: [ 174.163913] klips_debug:ipsec_sa_wipe:
removing SA=esp.578d3f4c at 100.114.157.13(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:54 pluto[5054]: | shunt_eroute() called for connection
'Tunnel1/3x3' to 'replace with shunt' for rt_kind 'prospective erouted'
using protoports 10.10.0.0/24:0 --0->- 172.20.0.0/24:0
Sep 7 08:49:54 pluto[5054]: | priority calculation of connection
"Tunnel1/3x3" is 0xfe7e7
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9aadbc pfkey_ext=0p0xbe9aaf00 *pfkey_ext=0p(nil).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9aadbc pfkey_ext=0p0xbe9aaf00 *pfkey_ext=0p0xb6010a48.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=00000104 replay=0
sa_state=0 auth=0 encrypt=0 flags=2
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=0.0.0.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=21 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=10.10.0.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=22 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=172.20.0.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=23 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=255.255.255.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=24 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=255.255.255.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[21] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[22] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[23] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[24] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x813628
allocated 184 bytes, &(extensions[0])=0p0xbe9aaf00
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[21] (type=21)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[22] (type=22)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[23] (type=23)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[24] (type=24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=14(x-addflow(eroute)), errno=0, satype=11(INT), len=23, res=0,
seq=97, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 11(INT)
conversion to proto gives 61 for msg_type 14(x-addflow(eroute)).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=21
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=21.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=21
ext_type=1(security-association) ext_len=3 parsing ext 0p0x813638 with
parser pfkey_sa_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=00000104 replay=0 state=0 auth=0
encrypt=0 flags=2 ref=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=18.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=18
ext_type=5(source-address) ext_len=3 parsing ext 0p0x813650 with parser
pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=15.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=15
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x813668 with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=0.0.0.0 proto=0
port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=21(X-source-flow-address) remain=12.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=12
ext_type=21(X-source-flow-address) ext_len=3 parsing ext 0p0x813680 with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=21(X-source-flow-address) family=2(AF_INET) address=10.10.0.0
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
21(X-source-flow-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=22(X-dest-flow-address) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=22(X-dest-flow-address) ext_len=3 parsing ext 0p0x813698 with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=22(X-dest-flow-address) family=2(AF_INET) address=172.20.0.0
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
22(X-dest-flow-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=23(X-source-mask) remain=6.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=23(X-source-mask) ext_len=3 parsing ext 0p0x8136b0 with parser
pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.0
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
23(X-source-mask) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=24(X-dest-mask) remain=3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=24(X-dest-mask) ext_len=3 parsing ext 0p0x8136c8 with parser
pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.0 proto=0
port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
24(X-dest-mask) parsed.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_X_ADDFLOW
message 97 for flow eroute_connection replace with shunt
Sep 7 08:49:54 pluto[5054]: | 02 0e 00 0b 17 00 00 00 61 00 00 00
be 13 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 00 00 01 04 00 00 00 00
02 00 00 00
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 15 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 0a 0a 00 00 00 00 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 16 00 00 00 00 00 02 00 00 00
ac 14 00 00
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 17 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 ff ff ff 00 00 00 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 18 00 00 00 00 00 02 00 00 00
ff ff ff 00
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_X_ADDFLOW message 97
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 21 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 22 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 23 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 24 (24)
Sep 7 08:49:54 pluto[5054]: | delete esp.c42ed845 at 166.130.x.x
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9aaf2c pfkey_ext=0p0xbe9aafa0 *pfkey_ext=0p(nil).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9aaf2c pfkey_ext=0p0xbe9aafa0 *pfkey_ext=0p0xb6010a48.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=c42ed845 replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.374470] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 kernel: [ 174.374596] klips_debug:pfkey_sendmsg:
allocating 184 bytes for downward message.
Sep 7 08:49:54 kernel: [ 174.374602] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 kernel: [ 174.374617] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=14, errno=0, satype=11(INT), len=23, res=0,
seq=97, pid=5054.
Sep 7 08:49:54 kernel: [ 174.374664] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 kernel: [ 174.374668] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 kernel: [ 174.374674] klips_debug:pfkey_msg_interp:
satype 11 lookups to proto=61.
Sep 7 08:49:54 kernel: [ 174.374685] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=14(x-addflow(eroute)), errno=0,
satype=11(INT), len=23, res=0, seq=97, pid=5054.
Sep 7 08:49:54 kernel: [ 174.374692] klips_debug:pfkey_msg_parse:
satype 11(INT) conversion to proto gives 61 for msg_type
14(x-addflow(eroute)).
Sep 7 08:49:54 kernel: [ 174.374722] klips_debug:pfkey_msg_parse:
remain=21
Sep 7 08:49:54 kernel: [ 174.374728] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=21.
Sep 7 08:49:54 kernel: [ 174.374737] klips_debug:pfkey_msg_parse:
remain=21 ext_type=1(security-association) ext_len=3 parsing ext
0pdd4c4010 with parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.374748] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=00000104
replay=0 state=0 auth=0 encrypt=0 flags=2 ref=0.
Sep 7 08:49:54 kernel: [ 174.374753] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.374757] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=18.
Sep 7 08:49:54 kernel: [ 174.374763] klips_debug:pfkey_msg_parse:
remain=18 ext_type=5(source-address) ext_len=3 parsing ext 0pdd4c4028
with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.374796] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.374799] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.374803] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.374807] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=15.
Sep 7 08:49:54 kernel: [ 174.374813] klips_debug:pfkey_msg_parse:
remain=15 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd4c4040 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.374820] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET) address=0.0.0.0
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.374823] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.374827] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.374831] klips_debug:pfkey_msg_parse:
parsing ext type=21(X-source-flow-address) remain=12.
Sep 7 08:49:54 kernel: [ 174.374859] klips_debug:pfkey_msg_parse:
remain=12 ext_type=21(X-source-flow-address) ext_len=3 parsing ext
0pdd4c4058 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.374867] klips_debug:pfkey_address_parse:
found exttype=21(X-source-flow-address) family=2(AF_INET)
address=10.10.0.0 proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.374869] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.374873] klips_debug:pfkey_msg_parse:
Extension 21(X-source-flow-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.374877] klips_debug:pfkey_msg_parse:
parsing ext type=22(X-dest-flow-address) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.374883] klips_debug:pfkey_msg_parse:
remain=9 ext_type=22(X-dest-flow-address) ext_len=3 parsing ext
0pdd4c4070 with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.374890] klips_debug:pfkey_address_parse:
found exttype=22(X-dest-flow-address) family=2(AF_INET)
address=172.20.0.0 proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.374892] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.374895] klips_debug:pfkey_msg_parse:
Extension 22(X-dest-flow-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.374899] klips_debug:pfkey_msg_parse:
parsing ext type=23(X-source-mask) remain=6.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 kernel: [ 174.374926] klips_debug:pfkey_msg_parse:
remain=6 ext_type=23(X-source-mask) ext_len=3 parsing ext 0pdd4c4088
with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.374934] klips_debug:pfkey_address_parse:
found exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.0
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.374937] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.374940] klips_debug:pfkey_msg_parse:
Extension 23(X-source-mask) parsed.
Sep 7 08:49:54 kernel: [ 174.374944] klips_debug:pfkey_msg_parse:
parsing ext type=24(X-dest-mask) remain=3.
Sep 7 08:49:54 kernel: [ 174.374950] klips_debug:pfkey_msg_parse:
remain=3 ext_type=24(X-dest-mask) ext_len=3 parsing ext 0pdd4c40a0 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.374956] klips_debug:pfkey_address_parse:
found exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.0
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.374959] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.374962] klips_debug:pfkey_msg_parse:
Extension 24(X-dest-mask) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.374968] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd4c4010 with processor 0pbf340de4.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cb0e0
allocated 88 bytes, &(extensions[0])=0p0xbe9aafa0
Sep 7 08:49:54 kernel: [ 174.374992] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.374998] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd4c4028 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.375002] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.375008]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=98, pid=5054.
Sep 7 08:49:54 kernel: [ 174.375012]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:54 kernel: [ 174.375016]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.375020]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.375025] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd4c4040 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cb0f0 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.375027] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed845 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.375032]
klips_debug:pfkey_address_process: found address family=2, AF_INET, 0.0.0.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.375034]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.375060]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cb108 with parser
pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.375066]
klips_debug:pfkey_address_process: ips_said.dst set to 0.0.0.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.375069]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.375073] klips_debug:pfkey_msg_interp:
processing ext 21 0pdd4c4058 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.375076] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.375080]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
10.10.0.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cb120 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.375084]
klips_debug:pfkey_address_process: found src flow address.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.375090] klips_debug:pfkey_alloc_eroute:
allocating 248 bytes for an eroute at 0pdd50f100
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.375099] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/0:0->0.0.0.0/0:0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.375101]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_DELETE message
98 for Delete SA esp.c42ed845 at 166.130.x.x
Sep 7 08:49:54 kernel: [ 174.375106] klips_debug:pfkey_msg_interp:
processing ext 22 0pdd4c4070 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | 02 04 00 03 0b 00 00 00 62 00 00 00
be 13 00 00
Sep 7 08:49:54 kernel: [ 174.375130] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 c4 2e d8 45 00 01 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.375135]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
172.20.0.0.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.375138]
klips_debug:pfkey_address_process: found dst flow address.
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.375142] klips_debug:pfkey_alloc_eroute:
eroute struct already allocated
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
a6 82 3e 34
Sep 7 08:49:54 kernel: [ 174.375148] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/0:0->172.20.0.0/0:0
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 kernel: [ 174.375151]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_DELETE message 98
Sep 7 08:49:54 kernel: [ 174.375156] klips_debug:pfkey_msg_interp:
processing ext 23 0pdd4c4088 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.375158] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.375162]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
255.255.255.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.375166]
klips_debug:pfkey_address_process: found src mask address.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.375169] klips_debug:pfkey_alloc_eroute:
eroute struct already allocated
Sep 7 08:49:54 pluto[5054]: | delete esp.578d3f4c at 100.114.157.13
Sep 7 08:49:54 kernel: [ 174.375175] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/24:0->172.20.0.0/0:0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.375197]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9aaf7c pfkey_ext=0p0xbe9aaff0 *pfkey_ext=0p(nil).
Sep 7 08:49:54 kernel: [ 174.375203] klips_debug:pfkey_msg_interp:
processing ext 24 0pdd4c40a0 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9aaf7c pfkey_ext=0p0xbe9aaff0 *pfkey_ext=0p0xb6010a48.
Sep 7 08:49:54 kernel: [ 174.375205] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=578d3f4c replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.375210]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
255.255.255.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.375213]
klips_debug:pfkey_address_process: found dst mask address.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.375215] klips_debug:pfkey_alloc_eroute:
eroute struct already allocated
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.375222] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/24:0->172.20.0.0/24:0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.375224]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.375229] klips_debug:pfkey_msg_interp:
parsing message type 14(x-addflow(eroute)) with msg_parser 0pbf33c8f0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.375234] klips_debug:pfkey_x_addflow_parse: .
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.375240]
klips_debug:pfkey_x_addflow_parse: calling breakeroute and/or makeroute
for 10.10.0.0/24->172.20.0.0/24
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.375266]
klips_debug:pfkey_x_addflow_parse: REPLACEFLOW flag set, calling
breakeroute.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 kernel: [ 174.375275] klips_debug:ipsec_breakroute:
attempting to delete eroute for 10.10.0.0/24:0->172.20.0.0/24:0 0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.375291] klips_debug:ipsec_breakroute:
deleted eroute=0pdd601000, ident=0p (null)->0p (null), first=0p
(null), last=0p (null)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.375296]
klips_debug:pfkey_x_addflow_parse: calling makeroute.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.375312] klips_debug:ipsec_makeroute:
attempting to allocate 248 bytes to insert eroute for
10.10.0.0/24->172.20.0.0/24, SA: %trap, PID:5054, skb=0p (null),
ident:NULL->NULL
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cb488
allocated 88 bytes, &(extensions[0])=0p0xbe9aaff0
Sep 7 08:49:54 kernel: [ 174.375374] klips_debug:ipsec_makeroute:
2c1a01000a0a0000ac1400000000000000000000000000000000000000000000000000000000000000000000
/
2c1aff00ffffff00ffffff000000000000000000000000000000000000000000000000000000000000000000
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.375379] klips_debug:ipsec_makeroute:
calling rj_addroute now
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.375416] klips_debug:ipsec_makeroute:
pid=05054 count= 0 lasttime= 0 10.10.0.0/24 ->
172.20.0.0/24 => %trap
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.375419] klips_debug:ipsec_makeroute:
succeeded.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=99, pid=5054.
Sep 7 08:49:54 kernel: [ 174.375423]
klips_debug:pfkey_x_addflow_parse: makeroute call successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:54 kernel: [ 174.375426] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.375433] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdb0c pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.375439] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdb0c pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd006180.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cb498 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.375442] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f4c replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.375445] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.375453] klips_debug:pfkey_sa_build:
spi=00000104 replay=0 sa_state=0 auth=0 encrypt=0 flags=2
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.375479] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cb4b0 with parser
pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.375481] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:54 kernel: [ 174.375487] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.375490] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.375497] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.375502] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cb4c8 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.375505] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.375507] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.375511] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.375513] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_DELETE message
99 for Delete SA esp.578d3f4c at 100.114.157.13
Sep 7 08:49:54 kernel: [ 174.375517] klips_debug:pfkey_address_build:
found address=0.0.0.0:0.
Sep 7 08:49:54 pluto[5054]: | 02 04 00 03 0b 00 00 00 63 00 00 00
be 13 00 00
Sep 7 08:49:54 kernel: [ 174.375520] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 57 8d 3f 4c 00 01 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.375543] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.375545] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 a6 82 3e 34 00 00 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.375549] klips_debug:pfkey_address_build:
exttype=21 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
64 72 9d 0d
Sep 7 08:49:54 kernel: [ 174.375551] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 kernel: [ 174.375556] klips_debug:pfkey_address_build:
found address=10.10.0.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_DELETE message 99
Sep 7 08:49:54 kernel: [ 174.375559] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.375562] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.375564] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.375568] klips_debug:pfkey_address_build:
exttype=22 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.375570] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | stop processing: connection "Tunnel1/3x3"
(BACKGROUND) (in update_state_connection() at connections.c:4037)
Sep 7 08:49:54 kernel: [ 174.375574] klips_debug:pfkey_address_build:
found address=172.20.0.0:0.
Sep 7 08:49:54 pluto[5054]: | start processing: connection NULL (in
update_state_connection() at connections.c:4038)
Sep 7 08:49:54 kernel: [ 174.375577] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | in connection_discard for connection
Tunnel1/3x3
Sep 7 08:49:54 kernel: [ 174.375580] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | State DB: deleting IKEv1 state #10 in
QUICK_I2
Sep 7 08:49:54 kernel: [ 174.375582] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | child state #10: QUICK_I2(established
CHILD SA) => UNDEFINED(ignore)
Sep 7 08:49:54 kernel: [ 174.375586] klips_debug:pfkey_address_build:
exttype=23 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | stop processing: state #10 from
166.130.x.x:4500 (in delete_state() at state.c:1143)
Sep 7 08:49:54 kernel: [ 174.375607] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | processing: STOP state #0 (in
foreach_state_by_connection_func_delete() at state.c:1312)
Sep 7 08:49:54 kernel: [ 174.375613] klips_debug:pfkey_address_build:
found address=255.255.255.0:0.
Sep 7 08:49:54 pluto[5054]: | state #9
Sep 7 08:49:54 kernel: [ 174.375616] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | start processing: state #9 connection
"Tunnel1/3x2" from 166.130.x.x:4500 (in
foreach_state_by_connection_func_delete() at state.c:1310)
Sep 7 08:49:54 kernel: [ 174.375619] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pstats #9 ikev1.ipsec deleted completed
Sep 7 08:49:54 kernel: [ 174.375621] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | [RE]START processing: state #9 connection
"Tunnel1/3x2" from 166.130.x.x:4500 (in delete_state() at state.c:879)
Sep 7 08:49:54 kernel: [ 174.375625] klips_debug:pfkey_address_build:
exttype=24 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: "Tunnel1/3x2" #9: deleting state
(STATE_QUICK_I2) aged 52.439s and sending notification
Sep 7 08:49:54 kernel: [ 174.375627] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | child state #9: QUICK_I2(established
CHILD SA) => delete
Sep 7 08:49:54 kernel: [ 174.375631] klips_debug:pfkey_address_build:
found address=255.255.255.0:0.
Sep 7 08:49:54 pluto[5054]: | get_sa_info esp.c42ed844 at 166.130.x.x
Sep 7 08:49:54 kernel: [ 174.375634] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.375637] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p(nil).
Sep 7 08:49:54 kernel: [ 174.375639] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p0x8a5270.
Sep 7 08:49:54 kernel: [ 174.375644] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=c42ed844 replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.375648] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.375651] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.375676] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.375680] klips_debug:pfkey_msg_build:
extensions[21] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.375683] klips_debug:pfkey_msg_build:
extensions[22] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.375687] klips_debug:pfkey_msg_build:
extensions[23] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.375690] klips_debug:pfkey_msg_build:
extensions[24] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.375696] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd4c4cc0 allocated 184 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.375702] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 kernel: [ 174.375706] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.375711] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.375715] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[21] (type=21)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.375719] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[22] (type=22)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cb4e8
allocated 88 bytes, &(extensions[0])=0p0xbe9a9fac
Sep 7 08:49:54 kernel: [ 174.375743] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[23] (type=23)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.375748] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[24] (type=24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.375753] klips_debug:pfkey_upmsg:
allocating 184 bytes...
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.375760] klips_debug:pfkey_upmsg:
...allocated at 0pddcc1840.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=11, res=0, seq=100, pid=5054.
Sep 7 08:49:54 kernel: [ 174.375773]
klips_debug:pfkey_x_addflow_parse: sending up x_addflow reply message
for satype=11(INT) (proto=61) to socket=0pde2611c0 succeeded.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.375777]
klips_debug:pfkey_x_addflow_parse: extr->ips cleaned up and freed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.375783]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.375787]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cb4f8 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.375813]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed844 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.375817]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.375822]
klips_debug:pfkey_extensions_free:Free extension 21 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.375825]
klips_debug:pfkey_extensions_free:Free extension 22 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cb510 with parser
pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.375829]
klips_debug:pfkey_extensions_free:Free extension 23 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.375833]
klips_debug:pfkey_extensions_free:Free extension 24 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.375843] ipsec_sa_put: ipsec_sa dd51b000
SA:%trap, ref:0 reference count (1--) decremented by pfkey_msg_interp:3144.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.375846] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.375855] klips_debug:ipsec_sa_wipe:
removing SA=%trap(0pdd51b000), SAref=0, table=0(0pdd508000), entry=0
from the refTable.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cb528 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.395103] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.395120] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.395135] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.395150] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0,
seq=98, pid=5054.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_GET message 100
for Get SA esp.c42ed844 at 166.130.x.x
Sep 7 08:49:54 kernel: [ 174.395170] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 pluto[5054]: | 02 05 00 03 0b 00 00 00 64 00 00 00
be 13 00 00
Sep 7 08:49:54 kernel: [ 174.395175] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 c4 2e d8 44 00 01 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.395180] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.395190] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=4(delete), errno=0, satype=3(ESP), len=11,
res=0, seq=98, pid=5054.
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.395196] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
a6 82 3e 34
Sep 7 08:49:54 kernel: [ 174.395201] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 kernel: [ 174.395208] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_GET message 100
Sep 7 08:49:54 kernel: [ 174.395216] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd4c6310 with parser pfkey_sa_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.395227] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=c42ed845
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.395232] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.395236] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.395243] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd4c6328
with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=15, res=0, seq=100, pid=5054.
Sep 7 08:49:54 kernel: [ 174.395252] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.395255] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
Sep 7 08:49:54 kernel: [ 174.395259] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=13.
Sep 7 08:49:54 kernel: [ 174.395263] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
ext_type=1(security-association) ext_len=3 parsing ext 0p0xbe9aa0c4 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.395269] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd4c6340 with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed844 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.395276] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=166.130.x.x proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.395278] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=2(lifetime-current) remain=10.
Sep 7 08:49:54 kernel: [ 174.395281] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=10
ext_type=2(lifetime-current) ext_len=4 parsing ext 0p0xbe9aa0dc with
parser pfkey_lifetime_parse.
Sep 7 08:49:54 kernel: [ 174.395288] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd4c6310 with processor 0pbf340de4.
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:enter
Sep 7 08:49:54 kernel: [ 174.395291] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:
life_type=2(lifetime-current) alloc=1 bytes=0 add=42949499 use=0.
Sep 7 08:49:54 kernel: [ 174.395296] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd4c6328 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
2(lifetime-current) parsed.
Sep 7 08:49:54 kernel: [ 174.395299] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.395305]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0xbe9aa0fc with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.395309]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.395314]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.395318]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.395323] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd4c6340 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.395325] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0xbe9aa114 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.395329]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.395332]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.395335]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.395340]
klips_debug:pfkey_address_process: ips_said.dst set to 166.130.x.x.
Sep 7 08:49:54 pluto[5054]: | get_sa_info esp.578d3f4b at 100.114.157.13
Sep 7 08:49:54 kernel: [ 174.395343]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.395348] klips_debug:pfkey_msg_interp:
parsing message type 4(delete) with msg_parser 0pbf33d914.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p(nil).
Sep 7 08:49:54 kernel: [ 174.395352] klips_debug:pfkey_delete_parse: .
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p0x8a5270.
Sep 7 08:49:54 kernel: [ 174.395363] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=136 of SA:esp.c42ed845 at 166.130.x.x requested.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=578d3f4b replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.395372] ipsec_sa_get: ipsec_sa dd45c400
SA:esp.c42ed845 at 166.130.x.x, ref:34 reference count (3++) incremented by
ipsec_sa_getbyid:540.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.395383] ipsec_sa_put: ipsec_sa dd526000
SA:tun.1010 at 166.130.x.x, ref:33 reference count (3--) decremented by
ipsec_sa_untern:448.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.395390] klips_debug:ipsec_sa_del:
unhashing SA:tun.1010 at 166.130.x.x (ref=33), hashval=50.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.395399] ipsec_sa_put: ipsec_sa dd526000
SA:tun.1010 at 166.130.x.x, ref:33 reference count (2--) decremented by
ipsec_sa_rm:729.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.395402] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.395409] ipsec_sa_put: ipsec_sa dd45c400
SA:esp.c42ed845 at 166.130.x.x, ref:34 reference count (4--) decremented by
ipsec_sa_untern:448.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.395415] klips_debug:ipsec_sa_del:
unhashing SA:esp.c42ed845 at 166.130.x.x (ref=34), hashval=136.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.395422] ipsec_sa_put: ipsec_sa dd45c400
SA:esp.c42ed845 at 166.130.x.x, ref:34 reference count (3--) decremented by
ipsec_sa_rm:729.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.395424] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 kernel: [ 174.395432] ipsec_sa_put: ipsec_sa dd45c400
SA:esp.c42ed845 at 166.130.x.x, ref:34 reference count (2--) decremented by
pfkey_delete_parse:953.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.395440] ipsec_sa_put: ipsec_sa dd526000
SA:tun.1010 at 166.130.x.x, ref:33 reference count (1--) decremented by
pfkey_delete_parse:960.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.395443] ipsec_sa_put: freeing dd526000
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.395451] klips_debug:ipsec_sa_wipe:
removing SA=tun.1010 at 166.130.x.x(0pdd526000), SAref=33,
table=0(0pdd508000), entry=33 from the refTable.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cb600
allocated 88 bytes, &(extensions[0])=0p0xbe9a9fac
Sep 7 08:49:54 kernel: [ 174.395462] ipsec_sa_put: ipsec_sa dd45c400
SA:esp.c42ed845 at 166.130.x.x, ref:34 reference count (1--) decremented by
ipsec_sa_wipe:1116.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.395465] ipsec_sa_put: freeing dd45c400
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.395473] klips_debug:ipsec_sa_wipe:
removing SA=esp.c42ed845 at 166.130.x.x(0pdd45c400), SAref=34,
table=0(0pdd508000), entry=34 from the refTable.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.395502] klips_debug: ipsec_alg_sa_wipe()
:unlinking for encalg=12
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=11, res=0, seq=101, pid=5054.
Sep 7 08:49:54 kernel: [ 174.395507] klips_debug: ipsec_alg_sa_wipe()
:unlinking for authalg=3
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.395515] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.395523] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.395528] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd2223c0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cb610 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.395532] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f4b replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.395535] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.395543] klips_debug:pfkey_sa_build:
spi=c42ed845 replay=0 sa_state=0 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.395547] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cb628 with parser
pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.395549] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:54 kernel: [ 174.395555] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.395559] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.395565] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.395569] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cb640 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.395571] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.395574] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.395577] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.395579] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_GET message 101
for Get SA esp.578d3f4b at 100.114.157.13
Sep 7 08:49:54 kernel: [ 174.395584] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 pluto[5054]: | 02 05 00 03 0b 00 00 00 65 00 00 00
be 13 00 00
Sep 7 08:49:54 kernel: [ 174.395586] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 57 8d 3f 4b 00 01 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.395589] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.395591] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 a6 82 3e 34 00 00 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.395596] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
64 72 9d 0d
Sep 7 08:49:54 kernel: [ 174.395600] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 kernel: [ 174.395604] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_GET message 101
Sep 7 08:49:54 kernel: [ 174.395608] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.395613] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd607580 allocated 88 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.395618] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.395623] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.395627] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=15, res=0, seq=101, pid=5054.
Sep 7 08:49:54 kernel: [ 174.395632] klips_debug:pfkey_upmsg:
allocating 88 bytes...
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.395637] klips_debug:pfkey_upmsg:
...allocated at 0pddef81c0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
Sep 7 08:49:54 kernel: [ 174.395649] klips_debug:pfkey_delete_parse:
sending up delete reply message for satype=3(ESP) to socket=0pde2611c0
succeeded.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=13.
Sep 7 08:49:54 kernel: [ 174.395655]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
ext_type=1(security-association) ext_len=3 parsing ext 0p0xbe9aa0c4 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.395659]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f4b replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.395664]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.395668]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=2(lifetime-current) remain=10.
Sep 7 08:49:54 kernel: [ 174.395677] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.c42ed845 at 166.130.x.x, ref:0 reference count (1--) decremented by
pfkey_msg_interp:3144.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=10
ext_type=2(lifetime-current) ext_len=4 parsing ext 0p0xbe9aa0dc with
parser pfkey_lifetime_parse.
Sep 7 08:49:54 kernel: [ 174.395680] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:enter
Sep 7 08:49:54 kernel: [ 174.395688] klips_debug:ipsec_sa_wipe:
removing SA=esp.c42ed845 at 166.130.x.x(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:
life_type=2(lifetime-current) alloc=1 bytes=0 add=42949499 use=0.
Sep 7 08:49:54 kernel: [ 174.411563] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
2(lifetime-current) parsed.
Sep 7 08:49:54 kernel: [ 174.411578] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.411583] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0xbe9aa0fc with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.411596] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0,
seq=99, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:54 kernel: [ 174.411615] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.411619] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.411624] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.411634] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=4(delete), errno=0, satype=3(ESP), len=11,
res=0, seq=99, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0xbe9aa114 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.411641] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.411645] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.411652] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.411661] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd584390 with parser pfkey_sa_parse.
Sep 7 08:49:54 pluto[5054]: "Tunnel1/3x2" #9: ESP traffic information:
in=0B out=0B
Sep 7 08:49:54 kernel: [ 174.411672] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=578d3f4c
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 pluto[5054]: | #9 send IKEv1 delete notification for
STATE_QUICK_I2
Sep 7 08:49:54 kernel: [ 174.411676] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 pluto[5054]: | FOR_EACH_STATE_... in find_phase1_state
Sep 7 08:49:54 kernel: [ 174.411680] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 pluto[5054]: | **emit ISAKMP Message:
Sep 7 08:49:54 kernel: [ 174.411687] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd5843a8
with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | initiator cookie:
Sep 7 08:49:54 kernel: [ 174.411696] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | 54 35 b4 b8 be ba 22 5a
Sep 7 08:49:54 kernel: [ 174.411699] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | responder cookie:
Sep 7 08:49:54 kernel: [ 174.411703] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 pluto[5054]: | 9e 6e 00 44 ba 3a 20 41
Sep 7 08:49:54 kernel: [ 174.411707] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 pluto[5054]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 7 08:49:54 kernel: [ 174.411713] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd5843c0 with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | ISAKMP version: ISAKMP Version 1.0
(rfc2407) (0x10)
Sep 7 08:49:54 kernel: [ 174.411720] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=100.114.157.13 proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | exchange type: ISAKMP_XCHG_INFO (0x5)
Sep 7 08:49:54 kernel: [ 174.411722] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
Sep 7 08:49:54 kernel: [ 174.411725] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 pluto[5054]: | Message ID: 1254670773 (0x4ac8c1b5)
Sep 7 08:49:54 kernel: [ 174.411731] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd584390 with processor 0pbf340de4.
Sep 7 08:49:54 pluto[5054]: | next payload chain: saving message
location 'ISAKMP Message'.'next payload type'
Sep 7 08:49:54 kernel: [ 174.411734] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 pluto[5054]: | ***emit ISAKMP Hash Payload:
Sep 7 08:49:54 kernel: [ 174.411739] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd5843a8 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 7 08:49:54 kernel: [ 174.411742] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | next payload chain: setting previous
'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload
(8:ISAKMP_NEXT_HASH)
Sep 7 08:49:54 kernel: [ 174.411748]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 pluto[5054]: | next payload chain: saving location
'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
Sep 7 08:49:54 kernel: [ 174.411752]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 pluto[5054]: | emitting 32 zero bytes of HASH DATA into
ISAKMP Hash Payload
Sep 7 08:49:54 kernel: [ 174.411756]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | emitting length of ISAKMP Hash Payload: 36
Sep 7 08:49:54 kernel: [ 174.411760]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | ***emit ISAKMP Delete Payload:
Sep 7 08:49:54 kernel: [ 174.411765] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd5843c0 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 7 08:49:54 kernel: [ 174.411767] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | DOI: ISAKMP_DOI_IPSEC (0x1)
Sep 7 08:49:54 kernel: [ 174.411772]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | protocol ID: 3 (0x3)
Sep 7 08:49:54 kernel: [ 174.411775]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 pluto[5054]: | SPI size: 4 (0x4)
Sep 7 08:49:54 kernel: [ 174.411778]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | number of SPIs: 1 (0x1)
Sep 7 08:49:54 kernel: [ 174.411783]
klips_debug:pfkey_address_process: ips_said.dst set to 100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | next payload chain: setting previous
'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete
Payload (12:ISAKMP_NEXT_D)
Sep 7 08:49:54 kernel: [ 174.411785]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | next payload chain: saving location
'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
Sep 7 08:49:54 kernel: [ 174.411790] klips_debug:pfkey_msg_interp:
parsing message type 4(delete) with msg_parser 0pbf33d914.
Sep 7 08:49:54 pluto[5054]: | emitting 4 raw bytes of delete payload
into ISAKMP Delete Payload
Sep 7 08:49:54 kernel: [ 174.411794] klips_debug:pfkey_delete_parse: .
Sep 7 08:49:54 pluto[5054]: | delete payload 57 8d 3f 4b
Sep 7 08:49:54 kernel: [ 174.411804] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=113 of SA:esp.578d3f4c at 100.114.157.13 requested.
Sep 7 08:49:54 pluto[5054]: | emitting length of ISAKMP Delete Payload: 16
Sep 7 08:49:54 kernel: [ 174.411814] ipsec_sa_get: ipsec_sa ddf29c00
SA:esp.578d3f4c at 100.114.157.13, ref:36 reference count (3++) incremented
by ipsec_sa_getbyid:540.
Sep 7 08:49:54 pluto[5054]: | send delete HASH(1):
Sep 7 08:49:54 kernel: [ 174.411824] ipsec_sa_put: ipsec_sa ddf29c00
SA:esp.578d3f4c at 100.114.157.13, ref:36 reference count (4--) decremented
by ipsec_sa_untern:448.
Sep 7 08:49:54 pluto[5054]: | bb 08 1b 4c 20 e0 df 73 7f 02 7a a6
c0 04 47 c2
Sep 7 08:49:54 kernel: [ 174.411831] klips_debug:ipsec_sa_del:
unhashing SA:esp.578d3f4c at 100.114.157.13 (ref=36), hashval=113.
Sep 7 08:49:54 pluto[5054]: | 6e 17 f4 63 42 32 c8 dd 07 93 e8 b1
5e d0 33 3f
Sep 7 08:49:54 kernel: [ 174.411839] ipsec_sa_put: ipsec_sa ddf29c00
SA:esp.578d3f4c at 100.114.157.13, ref:36 reference count (3--) decremented
by ipsec_sa_rm:729.
Sep 7 08:49:54 pluto[5054]: | emitting 12 zero bytes of encryption
padding into ISAKMP Message
Sep 7 08:49:54 kernel: [ 174.411843] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:54 pluto[5054]: | no IKEv1 message padding required
Sep 7 08:49:54 kernel: [ 174.411851] ipsec_sa_put: ipsec_sa ddf29800
SA:tun.1011 at 100.114.157.13, ref:35 reference count (3--) decremented by
ipsec_sa_untern:448.
Sep 7 08:49:54 pluto[5054]: | emitting length of ISAKMP Message: 92
Sep 7 08:49:54 kernel: [ 174.411857] klips_debug:ipsec_sa_del:
unhashing SA:tun.1011 at 100.114.157.13 (ref=35), hashval=133.
Sep 7 08:49:54 pluto[5054]: | sending 96 bytes for delete notify
through wwan0 from 100.114.157.13:4500 to 166.130.x.x:4500 (using #1)
Sep 7 08:49:54 kernel: [ 174.411864] ipsec_sa_put: ipsec_sa ddf29800
SA:tun.1011 at 100.114.157.13, ref:35 reference count (2--) decremented by
ipsec_sa_rm:729.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 54 35 b4 b8 be ba 22 5a
9e 6e 00 44
Sep 7 08:49:54 kernel: [ 174.411867] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:54 pluto[5054]: | ba 3a 20 41 08 10 05 01 4a c8 c1 b5
00 00 00 5c
Sep 7 08:49:54 kernel: [ 174.411874] ipsec_sa_put: ipsec_sa ddf29c00
SA:esp.578d3f4c at 100.114.157.13, ref:36 reference count (2--) decremented
by pfkey_delete_parse:953.
Sep 7 08:49:54 pluto[5054]: | 8d 9e d5 50 27 67 12 65 a2 5b 37 3c
a7 8f 73 b1
Sep 7 08:49:54 kernel: [ 174.411881] ipsec_sa_put: ipsec_sa ddf29c00
SA:esp.578d3f4c at 100.114.157.13, ref:36 reference count (1--) decremented
by pfkey_delete_parse:960.
Sep 7 08:49:54 pluto[5054]: | 5b f4 87 44 9a 3c b0 4a 9d 76 56 81
51 68 46 6a
Sep 7 08:49:54 kernel: [ 174.411885] ipsec_sa_put: freeing ddf29c00
Sep 7 08:49:54 pluto[5054]: | 9c aa bb 1a 1b 9e eb 68 14 d4 44 52
8b 98 e1 6f
Sep 7 08:49:54 kernel: [ 174.411894] klips_debug:ipsec_sa_wipe:
removing SA=esp.578d3f4c at 100.114.157.13(0pddf29c00), SAref=36,
table=0(0pdd508000), entry=36 from the refTable.
Sep 7 08:49:54 pluto[5054]: | 15 a6 3c c6 ae f6 ea 5a 6d 2d 4b 5a
53 ad 91 c5
Sep 7 08:49:54 kernel: [ 174.411921] klips_debug: ipsec_alg_sa_wipe()
:unlinking for encalg=12
Sep 7 08:49:54 pluto[5054]: | state #9 requesting EVENT_SA_REPLACE to
be deleted
Sep 7 08:49:54 kernel: [ 174.411926] klips_debug: ipsec_alg_sa_wipe()
:unlinking for authalg=3
Sep 7 08:49:54 pluto[5054]: | libevent_free: release
ptr-libevent at 0xb6017e08
Sep 7 08:49:54 kernel: [ 174.411935] ipsec_sa_put: ipsec_sa ddf29800
SA:tun.1011 at 100.114.157.13, ref:35 reference count (1--) decremented by
ipsec_sa_wipe:1116.
Sep 7 08:49:54 pluto[5054]: | free_event_entry: release
EVENT_SA_REPLACE-pe at 0x8a5330
Sep 7 08:49:54 kernel: [ 174.411938] ipsec_sa_put: freeing ddf29800
Sep 7 08:49:54 pluto[5054]: | running updown command "ipsec _updown"
for verb down
Sep 7 08:49:54 kernel: [ 174.411946] klips_debug:ipsec_sa_wipe:
removing SA=tun.1011 at 100.114.157.13(0pddf29800), SAref=35,
table=0(0pdd508000), entry=35 from the refTable.
Sep 7 08:49:54 pluto[5054]: | command executing down-client
Sep 7 08:49:54 kernel: [ 174.411954] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | executing down-client: 2>&1
PLUTO_VERB='down-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='Tunnel1/3x2' PLUTO_INTERFACE='ipsec0'
PLUTO_NEXT_HOP='100.114.157.14' PLUTO_ME='100.114.157.13'
PLUTO_MY_ID='@HALOHALO' PLUTO_MY_CLIENT='10.10.0.0/24'
PLUTO_MY_CLIENT_NET='10.10.0.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16416'
PLUTO_SA_TYPE='ESP' PLUTO_PEER='166.130.x.x' PLUTO_PEER_ID='@RAMRAM'
PLUTO_PEER_CLIENT='10.0.1.0/24' PLUTO_PEER_CLIENT_NET='10.0.1.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='klips'
PLUTO_ADDTIME='42949499'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO'
PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4'
XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=''
PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0'
PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=''
VTI_ROUTING='no' VTI_S
Sep 7 08:49:54 kernel: [ 174.411963] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 pluto[5054]: | popen cmd is 1055 chars long
Sep 7 08:49:54 kernel: [ 174.411968] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd222440.
Sep 7 08:49:54 pluto[5054]: | cmd( 0):2>&1 PLUTO_VERB='down-client'
PLUTO_VERSION='2.0' PLUTO_CONNECTION='Tunnel1/3x2':
Sep 7 08:49:54 kernel: [ 174.411972] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | cmd( 80): PLUTO_INTERFACE='ipsec0'
PLUTO_NEXT_HOP='100.114.157.14' PLUTO_ME='100.114.157.:
Sep 7 08:49:54 kernel: [ 174.411975] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | cmd( 160):13' PLUTO_MY_ID='@HALOHALO'
PLUTO_MY_CLIENT='10.10.0.0/24' PLUTO_MY_CLIENT_NET=':
Sep 7 08:49:54 kernel: [ 174.411982] klips_debug:pfkey_sa_build:
spi=578d3f4c replay=0 sa_state=0 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 pluto[5054]: | cmd( 240):10.10.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO:
Sep 7 08:49:54 kernel: [ 174.411986] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | cmd( 320):COL='0' PLUTO_SA_REQID='16416'
PLUTO_SA_TYPE='ESP' PLUTO_PEER='166.130.x.x' PL:
Sep 7 08:49:54 kernel: [ 174.411988] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | cmd( 400):UTO_PEER_ID='@RAMRAM'
PLUTO_PEER_CLIENT='10.0.1.0/24' PLUTO_PEER_CLIENT_NET='10.:
Sep 7 08:49:54 kernel: [ 174.411993] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | cmd( 480):0.1.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO:
Sep 7 08:49:54 kernel: [ 174.411997] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | cmd( 560):TOCOL='0' PLUTO_PEER_CA=''
PLUTO_STACK='klips' PLUTO_ADDTIME='42949499' PLUTO_CO:
Sep 7 08:49:54 kernel: [ 174.412002] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 pluto[5054]: | cmd(
640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_:
Sep 7 08:49:54 kernel: [ 174.412006] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | cmd( 720):NO'
PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4'
XAUTH_FAILED=0 P:
Sep 7 08:49:54 kernel: [ 174.412008] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | cmd( 800):LUTO_IS_PEER_CISCO='0'
PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE:
Sep 7 08:49:54 kernel: [ 174.412011] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | cmd( 880):ER_BANNER=''
PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V:
Sep 7 08:49:54 kernel: [ 174.412014] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | cmd( 960):TI_IFACE='' VTI_ROUTING='no'
VTI_SHARED='no' SPI_IN=0xc42ed844 SPI_OUT=0x578d3f4:
Sep 7 08:49:54 kernel: [ 174.412017] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | cmd(1040):b ipsec _updown:
Sep 7 08:49:54 kernel: [ 174.412021] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.412024] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.412027] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.412029] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.412034] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 kernel: [ 174.412038] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.412041] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.412045] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.412051] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd551800 allocated 88 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 kernel: [ 174.412056] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.412061] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.412066] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.412070] klips_debug:pfkey_upmsg:
allocating 88 bytes...
Sep 7 08:49:54 kernel: [ 174.412075] klips_debug:pfkey_upmsg:
...allocated at 0pddd967c0.
Sep 7 08:49:54 kernel: [ 174.412087] klips_debug:pfkey_delete_parse:
sending up delete reply message for satype=3(ESP) to socket=0pde2611c0
succeeded.
Sep 7 08:49:54 kernel: [ 174.412093]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.412097]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.412102]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.412105]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.412116] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.578d3f4c at 100.114.157.13, ref:0 reference count (1--) decremented
by pfkey_msg_interp:3144.
Sep 7 08:49:54 kernel: [ 174.412119] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 kernel: [ 174.412127] klips_debug:ipsec_sa_wipe:
removing SA=esp.578d3f4c at 100.114.157.13(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:54 kernel: [ 174.434564] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 kernel: [ 174.434579] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 kernel: [ 174.434593] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 kernel: [ 174.434606] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=5, errno=0, satype=3(ESP), len=11, res=0,
seq=100, pid=5054.
Sep 7 08:49:54 kernel: [ 174.434626] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 kernel: [ 174.434631] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 kernel: [ 174.434637] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 kernel: [ 174.434646] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=5(get), errno=0, satype=3(ESP), len=11,
res=0, seq=100, pid=5054.
Sep 7 08:49:54 kernel: [ 174.434653] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.434658] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.434665] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.434673] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd584390 with parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.434685] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=c42ed844
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.434690] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.434694] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.434700] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd5843a8
with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.434711] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.434713] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.434717] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.434722] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.434727] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd5843c0 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.434734] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=166.130.x.x proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.434736] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.434740] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.434747] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd584390 with processor 0pbf340de4.
Sep 7 08:49:54 kernel: [ 174.434750] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 kernel: [ 174.434755] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd5843a8 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.434759] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.434765]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 kernel: [ 174.434769]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 kernel: [ 174.434773]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.434778]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.434782] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd5843c0 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.434784] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.434789]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 kernel: [ 174.434792]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 kernel: [ 174.434795]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.434800]
klips_debug:pfkey_address_process: ips_said.dst set to 166.130.x.x.
Sep 7 08:49:54 kernel: [ 174.434803]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.434808] klips_debug:pfkey_msg_interp:
parsing message type 5(get) with msg_parser 0pbf33c2a8.
Sep 7 08:49:54 kernel: [ 174.434811] klips_debug:pfkey_get_parse: .
Sep 7 08:49:54 kernel: [ 174.434822] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=137 of SA:esp.c42ed844 at 166.130.x.x requested.
Sep 7 08:49:54 kernel: [ 174.434831] ipsec_sa_get: ipsec_sa dd45dc00
SA:esp.c42ed844 at 166.130.x.x, ref:30 reference count (3++) incremented by
ipsec_sa_getbyid:540.
Sep 7 08:49:54 kernel: [ 174.434835] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.434842] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 kernel: [ 174.434848] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd222500.
Sep 7 08:49:54 kernel: [ 174.434851] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.434854] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.434861] klips_debug:pfkey_sa_build:
spi=c42ed844 replay=0 sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.434865] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.434867] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.434872] klips_debug:pfkey_lifetime_build:
Sep 7 08:49:54 kernel: [ 174.434875] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.434877] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.434882] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 kernel: [ 174.434886] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 kernel: [ 174.434892] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.434896] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.434898] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.434900] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.434904] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 kernel: [ 174.434906] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 kernel: [ 174.434911] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.434913] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.434916] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.434918] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.434929] ipsec_sa_put: ipsec_sa dd45dc00
SA:esp.c42ed844 at 166.130.x.x, ref:30 reference count (4--) decremented by
pfkey_get_parse:1208.
Sep 7 08:49:54 kernel: [ 174.434935] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 kernel: [ 174.434939] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.434943] klips_debug:pfkey_msg_build:
extensions[2] needs 32 bytes
Sep 7 08:49:54 kernel: [ 174.434947] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.434950] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.434956] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd551800 allocated 120 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 kernel: [ 174.434961] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.434966] klips_debug:pfkey_msg_build:
copying 32 bytes from extensions[2] (type=2)
Sep 7 08:49:54 kernel: [ 174.434970] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.434974] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.434979] klips_debug:pfkey_upmsg:
allocating 120 bytes...
Sep 7 08:49:54 kernel: [ 174.434985] klips_debug:pfkey_upmsg:
...allocated at 0pddd967c0.
Sep 7 08:49:54 kernel: [ 174.434993] klips_debug:pfkey_get_parse:
succeeded in sending get reply message.
Sep 7 08:49:54 kernel: [ 174.435000]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.435005]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.435009]
klips_debug:pfkey_extensions_free:Free extension 2 (32)
Sep 7 08:49:54 kernel: [ 174.435013]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.435017]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.435026] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.c42ed844 at 166.130.x.x, ref:0 reference count (1--) decremented by
pfkey_msg_interp:3144.
Sep 7 08:49:54 kernel: [ 174.435029] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 kernel: [ 174.435039] klips_debug:ipsec_sa_wipe:
removing SA=esp.c42ed844 at 166.130.x.x(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:54 kernel: [ 174.457813] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 kernel: [ 174.457831] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 kernel: [ 174.457844] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 kernel: [ 174.457858] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=5, errno=0, satype=3(ESP), len=11, res=0,
seq=101, pid=5054.
Sep 7 08:49:54 kernel: [ 174.457879] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 kernel: [ 174.457883] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 kernel: [ 174.457888] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 kernel: [ 174.457898] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=5(get), errno=0, satype=3(ESP), len=11,
res=0, seq=101, pid=5054.
Sep 7 08:49:54 kernel: [ 174.457905] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.457908] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.457914] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.457924] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd584390 with parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.457935] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=578d3f4b
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.457939] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.457943] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.457950] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd5843a8
with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.457960] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.457963] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.457966] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.457970] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.457976] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd5843c0 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.457983] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=100.114.157.13 proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.457985] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.457989] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.457995] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd584390 with processor 0pbf340de4.
Sep 7 08:49:54 kernel: [ 174.457998] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 kernel: [ 174.458003] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd5843a8 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.458006] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.458012]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 kernel: [ 174.458016]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 kernel: [ 174.458020]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.458025]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.458029] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd5843c0 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.458031] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.458035]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 kernel: [ 174.458038]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 kernel: [ 174.458041]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.458046]
klips_debug:pfkey_address_process: ips_said.dst set to 100.114.157.13.
Sep 7 08:49:54 kernel: [ 174.458049]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.458054] klips_debug:pfkey_msg_interp:
parsing message type 5(get) with msg_parser 0pbf33c2a8.
Sep 7 08:49:54 kernel: [ 174.458057] klips_debug:pfkey_get_parse: .
Sep 7 08:49:54 kernel: [ 174.458068] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=114 of SA:esp.578d3f4b at 100.114.157.13 requested.
Sep 7 08:49:54 kernel: [ 174.458077] ipsec_sa_get: ipsec_sa dd45d400
SA:esp.578d3f4b at 100.114.157.13, ref:32 reference count (3++) incremented
by ipsec_sa_getbyid:540.
Sep 7 08:49:54 kernel: [ 174.458081] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.458088] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 kernel: [ 174.458094] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd222340.
Sep 7 08:49:54 kernel: [ 174.458097] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.458100] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.458108] klips_debug:pfkey_sa_build:
spi=578d3f4b replay=0 sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.458112] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.458114] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.458118] klips_debug:pfkey_lifetime_build:
Sep 7 08:49:54 kernel: [ 174.458122] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.458124] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.458129] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 kernel: [ 174.458133] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 kernel: [ 174.458138] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.458143] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.458145] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.458147] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.458151] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 kernel: [ 174.458153] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 kernel: [ 174.458158] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.458160] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.458163] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.458165] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.458175] ipsec_sa_put: ipsec_sa dd45d400
SA:esp.578d3f4b at 100.114.157.13, ref:32 reference count (4--) decremented
by pfkey_get_parse:1208.
Sep 7 08:49:54 kernel: [ 174.458182] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 kernel: [ 174.458186] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.458190] klips_debug:pfkey_msg_build:
extensions[2] needs 32 bytes
Sep 7 08:49:54 kernel: [ 174.458194] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.458197] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.458203] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd551800 allocated 120 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 kernel: [ 174.458208] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.458213] klips_debug:pfkey_msg_build:
copying 32 bytes from extensions[2] (type=2)
Sep 7 08:49:54 kernel: [ 174.458217] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.458221] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.458225] klips_debug:pfkey_upmsg:
allocating 120 bytes...
Sep 7 08:49:54 kernel: [ 174.458232] klips_debug:pfkey_upmsg:
...allocated at 0pddcc1780.
Sep 7 08:49:54 kernel: [ 174.458242] klips_debug:pfkey_get_parse:
succeeded in sending get reply message.
Sep 7 08:49:54 kernel: [ 174.458248]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.458269]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.458273]
klips_debug:pfkey_extensions_free:Free extension 2 (32)
Sep 7 08:49:54 kernel: [ 174.458277]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.458282]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.458291] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.578d3f4b at 100.114.157.13, ref:0 reference count (1--) decremented
by pfkey_msg_interp:3144.
Sep 7 08:49:54 kernel: [ 174.458295] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 kernel: [ 174.458305] klips_debug:ipsec_sa_wipe:
removing SA=esp.578d3f4b at 100.114.157.13(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:54 pluto[5054]: | shunt_eroute() called for connection
'Tunnel1/3x2' to 'replace with shunt' for rt_kind 'prospective erouted'
using protoports 10.10.0.0/24:0 --0->- 10.0.1.0/24:0
Sep 7 08:49:54 pluto[5054]: | priority calculation of connection
"Tunnel1/3x2" is 0xfe7e7
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9aadbc pfkey_ext=0p0xbe9aaf00 *pfkey_ext=0p(nil).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9aadbc pfkey_ext=0p0xbe9aaf00 *pfkey_ext=0p0x8a5270.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=00000104 replay=0
sa_state=0 auth=0 encrypt=0 flags=2
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=0.0.0.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=21 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=10.10.0.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=22 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=10.0.1.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=23 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=255.255.255.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=24 proto=0
prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=255.255.255.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[21] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[22] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[23] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[24] needs 24
bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x813628
allocated 184 bytes, &(extensions[0])=0p0xbe9aaf00
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[21] (type=21)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[22] (type=22)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[23] (type=23)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[24] (type=24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=14(x-addflow(eroute)), errno=0, satype=11(INT), len=23, res=0,
seq=102, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 11(INT)
conversion to proto gives 61 for msg_type 14(x-addflow(eroute)).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=21
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=21.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=21
ext_type=1(security-association) ext_len=3 parsing ext 0p0x813638 with
parser pfkey_sa_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=00000104 replay=0 state=0 auth=0
encrypt=0 flags=2 ref=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=18.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=18
ext_type=5(source-address) ext_len=3 parsing ext 0p0x813650 with parser
pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=15.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=15
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x813668 with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=0.0.0.0 proto=0
port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=21(X-source-flow-address) remain=12.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=12
ext_type=21(X-source-flow-address) ext_len=3 parsing ext 0p0x813680 with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=21(X-source-flow-address) family=2(AF_INET) address=10.10.0.0
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
21(X-source-flow-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=22(X-dest-flow-address) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=22(X-dest-flow-address) ext_len=3 parsing ext 0p0x813698 with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=22(X-dest-flow-address) family=2(AF_INET) address=10.0.1.0
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
22(X-dest-flow-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=23(X-source-mask) remain=6.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=23(X-source-mask) ext_len=3 parsing ext 0p0x8136b0 with parser
pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.0
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
23(X-source-mask) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=24(X-dest-mask) remain=3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=24(X-dest-mask) ext_len=3 parsing ext 0p0x8136c8 with parser
pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.0 proto=0
port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
24(X-dest-mask) parsed.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_X_ADDFLOW
message 102 for flow eroute_connection replace with shunt
Sep 7 08:49:54 pluto[5054]: | 02 0e 00 0b 17 00 00 00 66 00 00 00
be 13 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 00 00 01 04 00 00 00 00
02 00 00 00
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 15 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 0a 0a 00 00 00 00 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 16 00 00 00 00 00 02 00 00 00
0a 00 01 00
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 17 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 ff ff ff 00 00 00 00 00
00 00 00 00
Sep 7 08:49:54 pluto[5054]: | 03 00 18 00 00 00 00 00 02 00 00 00
ff ff ff 00
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_X_ADDFLOW message 102
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 21 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 22 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 23 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 24 (24)
Sep 7 08:49:54 pluto[5054]: | delete esp.c42ed844 at 166.130.x.x
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9aaf2c pfkey_ext=0p0xbe9aafa0 *pfkey_ext=0p(nil).
Sep 7 08:49:54 kernel: [ 174.724180] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 kernel: [ 174.724201] klips_debug:pfkey_sendmsg:
allocating 184 bytes for downward message.
Sep 7 08:49:54 kernel: [ 174.724325] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 kernel: [ 174.724341] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=14, errno=0, satype=11(INT), len=23, res=0,
seq=102, pid=5054.
Sep 7 08:49:54 kernel: [ 174.724386] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 kernel: [ 174.724392] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 kernel: [ 174.724397] klips_debug:pfkey_msg_interp:
satype 11 lookups to proto=61.
Sep 7 08:49:54 kernel: [ 174.724408] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=14(x-addflow(eroute)), errno=0,
satype=11(INT), len=23, res=0, seq=102, pid=5054.
Sep 7 08:49:54 kernel: [ 174.724416] klips_debug:pfkey_msg_parse:
satype 11(INT) conversion to proto gives 61 for msg_type
14(x-addflow(eroute)).
Sep 7 08:49:54 kernel: [ 174.724445] klips_debug:pfkey_msg_parse:
remain=21
Sep 7 08:49:54 kernel: [ 174.724451] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=21.
Sep 7 08:49:54 kernel: [ 174.724460] klips_debug:pfkey_msg_parse:
remain=21 ext_type=1(security-association) ext_len=3 parsing ext
0pddcc1f10 with parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.724472] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=00000104
replay=0 state=0 auth=0 encrypt=0 flags=2 ref=0.
Sep 7 08:49:54 kernel: [ 174.724476] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.724481] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=18.
Sep 7 08:49:54 kernel: [ 174.724487] klips_debug:pfkey_msg_parse:
remain=18 ext_type=5(source-address) ext_len=3 parsing ext 0pddcc1f28
with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.724518] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.724521] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.724525] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.724529] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=15.
Sep 7 08:49:54 kernel: [ 174.724535] klips_debug:pfkey_msg_parse:
remain=15 ext_type=6(destination-address) ext_len=3 parsing ext
0pddcc1f40 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.724542] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET) address=0.0.0.0
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.724544] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.724547] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.724552] klips_debug:pfkey_msg_parse:
parsing ext type=21(X-source-flow-address) remain=12.
Sep 7 08:49:54 kernel: [ 174.724558] klips_debug:pfkey_msg_parse:
remain=12 ext_type=21(X-source-flow-address) ext_len=3 parsing ext
0pddcc1f58 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.724587] klips_debug:pfkey_address_parse:
found exttype=21(X-source-flow-address) family=2(AF_INET)
address=10.10.0.0 proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.724589] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.724593] klips_debug:pfkey_msg_parse:
Extension 21(X-source-flow-address) parsed.
Sep 7 08:49:54 kernel: [ 174.724597] klips_debug:pfkey_msg_parse:
parsing ext type=22(X-dest-flow-address) remain=9.
Sep 7 08:49:54 kernel: [ 174.724604] klips_debug:pfkey_msg_parse:
remain=9 ext_type=22(X-dest-flow-address) ext_len=3 parsing ext
0pddcc1f70 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.724610] klips_debug:pfkey_address_parse:
found exttype=22(X-dest-flow-address) family=2(AF_INET) address=10.0.1.0
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.724612] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9aaf2c pfkey_ext=0p0xbe9aafa0 *pfkey_ext=0p0x8a5270.
Sep 7 08:49:54 kernel: [ 174.724616] klips_debug:pfkey_msg_parse:
Extension 22(X-dest-flow-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=c42ed844 replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.724620] klips_debug:pfkey_msg_parse:
parsing ext type=23(X-source-mask) remain=6.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.724626] klips_debug:pfkey_msg_parse:
remain=6 ext_type=23(X-source-mask) ext_len=3 parsing ext 0pddcc1f88
with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.724653] klips_debug:pfkey_address_parse:
found exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.0
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.724656] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.724659] klips_debug:pfkey_msg_parse:
Extension 23(X-source-mask) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.724664] klips_debug:pfkey_msg_parse:
parsing ext type=24(X-dest-mask) remain=3.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.724670] klips_debug:pfkey_msg_parse:
remain=3 ext_type=24(X-dest-mask) ext_len=3 parsing ext 0pddcc1fa0 with
parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.724677] klips_debug:pfkey_address_parse:
found exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.0
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.724679] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 kernel: [ 174.724682] klips_debug:pfkey_msg_parse:
Extension 24(X-dest-mask) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.724689] klips_debug:pfkey_msg_interp:
processing ext 1 0pddcc1f10 with processor 0pbf340de4.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.724692] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.724719] klips_debug:pfkey_msg_interp:
processing ext 5 0pddcc1f28 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cb660
allocated 88 bytes, &(extensions[0])=0p0xbe9aafa0
Sep 7 08:49:54 kernel: [ 174.724723] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.724729]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.724733]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.724738]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=103, pid=5054.
Sep 7 08:49:54 kernel: [ 174.724742]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:54 kernel: [ 174.724747] klips_debug:pfkey_msg_interp:
processing ext 6 0pddcc1f40 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.724749] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.724754]
klips_debug:pfkey_address_process: found address family=2, AF_INET, 0.0.0.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cb670 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.724756]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed844 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.724760]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.724786]
klips_debug:pfkey_address_process: ips_said.dst set to 0.0.0.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.724788]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cb688 with parser
pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.724794] klips_debug:pfkey_msg_interp:
processing ext 21 0pddcc1f58 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.724796] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.724801]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
10.10.0.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.724804]
klips_debug:pfkey_address_process: found src flow address.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.724812] klips_debug:pfkey_alloc_eroute:
allocating 248 bytes for an eroute at 0pddf39e00
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cb6a0 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.724821] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/0:0->0.0.0.0/0:0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.724823]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.724828] klips_debug:pfkey_msg_interp:
processing ext 22 0pddcc1f70 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.724851] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_DELETE message
103 for Delete SA esp.c42ed844 at 166.130.x.x
Sep 7 08:49:54 kernel: [ 174.724856]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
10.0.1.0.
Sep 7 08:49:54 pluto[5054]: | 02 04 00 03 0b 00 00 00 67 00 00 00
be 13 00 00
Sep 7 08:49:54 kernel: [ 174.724859]
klips_debug:pfkey_address_process: found dst flow address.
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 c4 2e d8 44 00 01 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.724862] klips_debug:pfkey_alloc_eroute:
eroute struct already allocated
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.724869] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/0:0->10.0.1.0/0:0
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.724871]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
a6 82 3e 34
Sep 7 08:49:54 kernel: [ 174.724876] klips_debug:pfkey_msg_interp:
processing ext 23 0pddcc1f88 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 kernel: [ 174.724878] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_DELETE message 103
Sep 7 08:49:54 kernel: [ 174.724882]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
255.255.255.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.724885]
klips_debug:pfkey_address_process: found src mask address.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.724888] klips_debug:pfkey_alloc_eroute:
eroute struct already allocated
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.724894] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/24:0->10.0.1.0/0:0
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.724918]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | delete esp.578d3f4b at 100.114.157.13
Sep 7 08:49:54 kernel: [ 174.724923] klips_debug:pfkey_msg_interp:
processing ext 24 0pddcc1fa0 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.724926] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9aaf7c pfkey_ext=0p0xbe9aaff0 *pfkey_ext=0p(nil).
Sep 7 08:49:54 kernel: [ 174.724931]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
255.255.255.0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9aaf7c pfkey_ext=0p0xbe9aaff0 *pfkey_ext=0p0x8a5270.
Sep 7 08:49:54 kernel: [ 174.724934]
klips_debug:pfkey_address_process: found dst mask address.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=578d3f4b replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.724937] klips_debug:pfkey_alloc_eroute:
eroute struct already allocated
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.724942] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/24:0->10.0.1.0/24:0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.724945]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.724950] klips_debug:pfkey_msg_interp:
parsing message type 14(x-addflow(eroute)) with msg_parser 0pbf33c8f0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.724955] klips_debug:pfkey_x_addflow_parse: .
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.724961]
klips_debug:pfkey_x_addflow_parse: calling breakeroute and/or makeroute
for 10.10.0.0/24->10.0.1.0/24
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.724987]
klips_debug:pfkey_x_addflow_parse: REPLACEFLOW flag set, calling
breakeroute.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.724996] klips_debug:ipsec_breakroute:
attempting to delete eroute for 10.10.0.0/24:0->10.0.1.0/24:0 0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.725012] klips_debug:ipsec_breakroute:
deleted eroute=0pdd601100, ident=0p (null)->0p (null), first=0p
(null), last=0p (null)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 kernel: [ 174.725016]
klips_debug:pfkey_x_addflow_parse: calling makeroute.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.725030] klips_debug:ipsec_makeroute:
attempting to allocate 248 bytes to insert eroute for
10.10.0.0/24->10.0.1.0/24, SA: %trap, PID:5054, skb=0p (null),
ident:NULL->NULL
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.725091] klips_debug:ipsec_makeroute:
2c1a01000a0a00000a0001000000000000000000000000000000000000000000000000000000000000000000
/
2c1aff00ffffff00ffffff000000000000000000000000000000000000000000000000000000000000000000
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.725096] klips_debug:ipsec_makeroute:
calling rj_addroute now
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cb790
allocated 88 bytes, &(extensions[0])=0p0xbe9aaff0
Sep 7 08:49:54 kernel: [ 174.725134] klips_debug:ipsec_makeroute:
pid=05054 count= 0 lasttime= 0 10.10.0.0/24 ->
10.0.1.0/24 => %trap
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.725137] klips_debug:ipsec_makeroute:
succeeded.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.725141]
klips_debug:pfkey_x_addflow_parse: makeroute call successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.725145] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=104, pid=5054.
Sep 7 08:49:54 kernel: [ 174.725151] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdb0c pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:54 kernel: [ 174.725157] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdb0c pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd222500.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.725161] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.725163] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cb7a0 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.725172] klips_debug:pfkey_sa_build:
spi=00000104 replay=0 sa_state=0 auth=0 encrypt=0 flags=2
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f4b replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.725196] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.725199] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.725204] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cb7b8 with parser
pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.725208] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:54 kernel: [ 174.725213] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.725218] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.725221] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.725223] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cb7d0 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.725227] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.725229] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.725233] klips_debug:pfkey_address_build:
found address=0.0.0.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.725237] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_DELETE message
104 for Delete SA esp.578d3f4b at 100.114.157.13
Sep 7 08:49:54 kernel: [ 174.725262] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | 02 04 00 03 0b 00 00 00 68 00 00 00
be 13 00 00
Sep 7 08:49:54 kernel: [ 174.725265] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 57 8d 3f 4b 00 01 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.725269] klips_debug:pfkey_address_build:
exttype=21 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.725271] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 a6 82 3e 34 00 00 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.725275] klips_debug:pfkey_address_build:
found address=10.10.0.0:0.
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
64 72 9d 0d
Sep 7 08:49:54 kernel: [ 174.725279] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 kernel: [ 174.725281] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_DELETE message 104
Sep 7 08:49:54 kernel: [ 174.725283] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.725287] klips_debug:pfkey_address_build:
exttype=22 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.725290] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.725293] klips_debug:pfkey_address_build:
found address=10.0.1.0:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.725297] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | in connection_discard for connection
Tunnel1/3x2
Sep 7 08:49:54 kernel: [ 174.725299] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | State DB: deleting IKEv1 state #9 in QUICK_I2
Sep 7 08:49:54 kernel: [ 174.725302] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | child state #9: QUICK_I2(established
CHILD SA) => UNDEFINED(ignore)
Sep 7 08:49:54 kernel: [ 174.725305] klips_debug:pfkey_address_build:
exttype=23 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | stop processing: state #9 from
166.130.x.x:4500 (in delete_state() at state.c:1143)
Sep 7 08:49:54 kernel: [ 174.725327] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | processing: STOP state #0 (in
foreach_state_by_connection_func_delete() at state.c:1312)
Sep 7 08:49:54 kernel: [ 174.725332] klips_debug:pfkey_address_build:
found address=255.255.255.0:0.
Sep 7 08:49:54 pluto[5054]: | state #8
Sep 7 08:49:54 kernel: [ 174.725336] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | start processing: state #8 connection
"Tunnel1/3x1" from 166.130.x.x:4500 (in
foreach_state_by_connection_func_delete() at state.c:1310)
Sep 7 08:49:54 kernel: [ 174.725338] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pstats #8 ikev1.ipsec deleted completed
Sep 7 08:49:54 kernel: [ 174.725341] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | [RE]START processing: state #8 connection
"Tunnel1/3x1" from 166.130.x.x:4500 (in delete_state() at state.c:879)
Sep 7 08:49:54 kernel: [ 174.725345] klips_debug:pfkey_address_build:
exttype=24 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: "Tunnel1/3x1" #8: deleting state
(STATE_QUICK_I2) aged 52.794s and sending notification
Sep 7 08:49:54 kernel: [ 174.725347] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | child state #8: QUICK_I2(established
CHILD SA) => delete
Sep 7 08:49:54 kernel: [ 174.725352] klips_debug:pfkey_address_build:
found address=255.255.255.0:0.
Sep 7 08:49:54 pluto[5054]: | get_sa_info esp.c42ed843 at 166.130.x.x
Sep 7 08:49:54 kernel: [ 174.725355] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.725358] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p(nil).
Sep 7 08:49:54 kernel: [ 174.725360] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p0x8a5270.
Sep 7 08:49:54 kernel: [ 174.725365] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=c42ed843 replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.725369] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.725372] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.725396] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.725400] klips_debug:pfkey_msg_build:
extensions[21] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.725403] klips_debug:pfkey_msg_build:
extensions[22] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.725406] klips_debug:pfkey_msg_build:
extensions[23] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.725410] klips_debug:pfkey_msg_build:
extensions[24] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.725416] klips_debug:pfkey_msg_build:
pfkey_msg=0pddd96d80 allocated 184 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.725422] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 kernel: [ 174.725426] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.725430] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.725435] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[21] (type=21)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.725439] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[22] (type=22)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cb7f0
allocated 88 bytes, &(extensions[0])=0p0xbe9a9fac
Sep 7 08:49:54 kernel: [ 174.725463] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[23] (type=23)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.725468] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[24] (type=24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.725473] klips_debug:pfkey_upmsg:
allocating 184 bytes...
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.725480] klips_debug:pfkey_upmsg:
...allocated at 0pdd0f8540.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=11, res=0, seq=105, pid=5054.
Sep 7 08:49:54 kernel: [ 174.725493]
klips_debug:pfkey_x_addflow_parse: sending up x_addflow reply message
for satype=11(INT) (proto=61) to socket=0pde2611c0 succeeded.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.725496]
klips_debug:pfkey_x_addflow_parse: extr->ips cleaned up and freed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.725503]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.725507]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cb800 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.725532]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed843 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.725537]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.725542]
klips_debug:pfkey_extensions_free:Free extension 21 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.725545]
klips_debug:pfkey_extensions_free:Free extension 22 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cb818 with parser
pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.725549]
klips_debug:pfkey_extensions_free:Free extension 23 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.725553]
klips_debug:pfkey_extensions_free:Free extension 24 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.725563] ipsec_sa_put: ipsec_sa dd51b000
SA:%trap, ref:0 reference count (1--) decremented by pfkey_msg_interp:3144.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.725567] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.725575] klips_debug:ipsec_sa_wipe:
removing SA=%trap(0pdd51b000), SAref=0, table=0(0pdd508000), entry=0
from the refTable.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cb830 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.746577] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.746595] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.746601] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.746615] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0,
seq=103, pid=5054.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_GET message 105
for Get SA esp.c42ed843 at 166.130.x.x
Sep 7 08:49:54 kernel: [ 174.746635] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 pluto[5054]: | 02 05 00 03 0b 00 00 00 69 00 00 00
be 13 00 00
Sep 7 08:49:54 kernel: [ 174.746639] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 c4 2e d8 43 00 01 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.746643] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.746654] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=4(delete), errno=0, satype=3(ESP), len=11,
res=0, seq=103, pid=5054.
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.746661] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
a6 82 3e 34
Sep 7 08:49:54 kernel: [ 174.746666] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 kernel: [ 174.746672] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_GET message 105
Sep 7 08:49:54 kernel: [ 174.746681] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd4c6090 with parser pfkey_sa_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.746692] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=c42ed844
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.746696] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.746701] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.746708] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd4c60a8
with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=15, res=0, seq=105, pid=5054.
Sep 7 08:49:54 kernel: [ 174.746717] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.746720] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
Sep 7 08:49:54 kernel: [ 174.746724] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=13.
Sep 7 08:49:54 kernel: [ 174.746728] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
ext_type=1(security-association) ext_len=3 parsing ext 0p0xbe9aa0c4 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.746734] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd4c60c0 with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed843 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.746741] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=166.130.x.x proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.746744] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=2(lifetime-current) remain=10.
Sep 7 08:49:54 kernel: [ 174.746747] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=10
ext_type=2(lifetime-current) ext_len=4 parsing ext 0p0xbe9aa0dc with
parser pfkey_lifetime_parse.
Sep 7 08:49:54 kernel: [ 174.746753] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd4c6090 with processor 0pbf340de4.
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:enter
Sep 7 08:49:54 kernel: [ 174.746757] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:
life_type=2(lifetime-current) alloc=1 bytes=0 add=42949499 use=0.
Sep 7 08:49:54 kernel: [ 174.746762] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd4c60a8 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
2(lifetime-current) parsed.
Sep 7 08:49:54 kernel: [ 174.746765] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.746771]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0xbe9aa0fc with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.746774]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.746779]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.746783]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.746788] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd4c60c0 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.746791] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0xbe9aa114 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.746795]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.746798]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.746801]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.746806]
klips_debug:pfkey_address_process: ips_said.dst set to 166.130.x.x.
Sep 7 08:49:54 pluto[5054]: | get_sa_info esp.578d3f4a at 100.114.157.13
Sep 7 08:49:54 kernel: [ 174.746808]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.746813] klips_debug:pfkey_msg_interp:
parsing message type 4(delete) with msg_parser 0pbf33d914.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p(nil).
Sep 7 08:49:54 kernel: [ 174.746817] klips_debug:pfkey_delete_parse: .
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p0x8a5270.
Sep 7 08:49:54 kernel: [ 174.746827] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=137 of SA:esp.c42ed844 at 166.130.x.x requested.
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_build: spi=578d3f4a replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.746837] ipsec_sa_get: ipsec_sa dd45dc00
SA:esp.c42ed844 at 166.130.x.x, ref:30 reference count (3++) incremented by
ipsec_sa_getbyid:540.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.746848] ipsec_sa_put: ipsec_sa dd51e800
SA:tun.100e at 166.130.x.x, ref:29 reference count (3--) decremented by
ipsec_sa_untern:448.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.746856] klips_debug:ipsec_sa_del:
unhashing SA:tun.100e at 166.130.x.x (ref=29), hashval=52.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.746865] ipsec_sa_put: ipsec_sa dd51e800
SA:tun.100e at 166.130.x.x, ref:29 reference count (2--) decremented by
ipsec_sa_rm:729.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.746868] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:54 kernel: [ 174.746875] ipsec_sa_put: ipsec_sa dd45dc00
SA:esp.c42ed844 at 166.130.x.x, ref:30 reference count (4--) decremented by
ipsec_sa_untern:448.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:54 kernel: [ 174.746881] klips_debug:ipsec_sa_del:
unhashing SA:esp.c42ed844 at 166.130.x.x (ref=30), hashval=137.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.746888] ipsec_sa_put: ipsec_sa dd45dc00
SA:esp.c42ed844 at 166.130.x.x, ref:30 reference count (3--) decremented by
ipsec_sa_rm:729.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:54 kernel: [ 174.746891] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:54 kernel: [ 174.746899] ipsec_sa_put: ipsec_sa dd45dc00
SA:esp.c42ed844 at 166.130.x.x, ref:30 reference count (2--) decremented by
pfkey_delete_parse:953.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.746906] ipsec_sa_put: ipsec_sa dd51e800
SA:tun.100e at 166.130.x.x, ref:29 reference count (1--) decremented by
pfkey_delete_parse:960.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.746909] ipsec_sa_put: freeing dd51e800
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:54 kernel: [ 174.746918] klips_debug:ipsec_sa_wipe:
removing SA=tun.100e at 166.130.x.x(0pdd51e800), SAref=29,
table=0(0pdd508000), entry=29 from the refTable.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cb908
allocated 88 bytes, &(extensions[0])=0p0xbe9a9fac
Sep 7 08:49:54 kernel: [ 174.746929] ipsec_sa_put: ipsec_sa dd45dc00
SA:esp.c42ed844 at 166.130.x.x, ref:30 reference count (1--) decremented by
ipsec_sa_wipe:1116.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.746932] ipsec_sa_put: freeing dd45dc00
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.746939] klips_debug:ipsec_sa_wipe:
removing SA=esp.c42ed844 at 166.130.x.x(0pdd45dc00), SAref=30,
table=0(0pdd508000), entry=30 from the refTable.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.746968] klips_debug: ipsec_alg_sa_wipe()
:unlinking for encalg=12
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=11, res=0, seq=106, pid=5054.
Sep 7 08:49:54 kernel: [ 174.746973] klips_debug: ipsec_alg_sa_wipe()
:unlinking for authalg=3
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.746980] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.746987] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.746993] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd2226c0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cb918 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.746997] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f4a replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.747000] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.747007] klips_debug:pfkey_sa_build:
spi=c42ed844 replay=0 sa_state=0 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.747011] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cb930 with parser
pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.747013] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:54 kernel: [ 174.747019] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.747022] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.747027] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.747031] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cb948 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.747034] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.747036] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.747040] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.747043] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | finish_pfkey_msg: K_SADB_GET message 106
for Get SA esp.578d3f4a at 100.114.157.13
Sep 7 08:49:54 kernel: [ 174.747047] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 pluto[5054]: | 02 05 00 03 0b 00 00 00 6a 00 00 00
be 13 00 00
Sep 7 08:49:54 kernel: [ 174.747050] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | 03 00 01 00 57 8d 3f 4a 00 01 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.747053] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.747055] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | 02 00 00 00 a6 82 3e 34 00 00 00 00
00 00 00 00
Sep 7 08:49:54 kernel: [ 174.747060] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
64 72 9d 0d
Sep 7 08:49:54 kernel: [ 174.747064] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:54 kernel: [ 174.747067] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_get: K_SADB_GET message 106
Sep 7 08:49:54 kernel: [ 174.747070] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.747077] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd607600 allocated 88 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.747082] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.747087] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.747091] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=15, res=0, seq=106, pid=5054.
Sep 7 08:49:54 kernel: [ 174.747096] klips_debug:pfkey_upmsg:
allocating 88 bytes...
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.747102] klips_debug:pfkey_upmsg:
...allocated at 0pddead340.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
Sep 7 08:49:54 kernel: [ 174.747115] klips_debug:pfkey_delete_parse:
sending up delete reply message for satype=3(ESP) to socket=0pde2611c0
succeeded.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=13.
Sep 7 08:49:54 kernel: [ 174.747120]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=13
ext_type=1(security-association) ext_len=3 parsing ext 0p0xbe9aa0c4 with
parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.747125]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f4a replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.747129]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.747133]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=2(lifetime-current) remain=10.
Sep 7 08:49:54 kernel: [ 174.747143] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.c42ed844 at 166.130.x.x, ref:0 reference count (1--) decremented by
pfkey_msg_interp:3144.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=10
ext_type=2(lifetime-current) ext_len=4 parsing ext 0p0xbe9aa0dc with
parser pfkey_lifetime_parse.
Sep 7 08:49:54 kernel: [ 174.747146] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:enter
Sep 7 08:49:54 kernel: [ 174.747154] klips_debug:ipsec_sa_wipe:
removing SA=esp.c42ed844 at 166.130.x.x(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:54 pluto[5054]: | pfkey_lifetime_parse:
life_type=2(lifetime-current) alloc=1 bytes=0 add=42949499 use=0.
Sep 7 08:49:54 kernel: [ 174.765281] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
2(lifetime-current) parsed.
Sep 7 08:49:54 kernel: [ 174.765299] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.765315] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0xbe9aa0fc with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.765330] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0,
seq=104, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:54 kernel: [ 174.765350] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.765354] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.765359] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.765370] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=4(delete), errno=0, satype=3(ESP), len=11,
res=0, seq=104, pid=5054.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0xbe9aa114 with
parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.765376] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.765381] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:54 kernel: [ 174.765387] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.765396] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd551890 with parser pfkey_sa_parse.
Sep 7 08:49:54 pluto[5054]: "Tunnel1/3x1" #8: ESP traffic information:
in=0B out=0B
Sep 7 08:49:54 kernel: [ 174.765407] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=578d3f4b
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 pluto[5054]: | #8 send IKEv1 delete notification for
STATE_QUICK_I2
Sep 7 08:49:54 kernel: [ 174.765411] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 pluto[5054]: | FOR_EACH_STATE_... in find_phase1_state
Sep 7 08:49:54 kernel: [ 174.765416] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 pluto[5054]: | **emit ISAKMP Message:
Sep 7 08:49:54 kernel: [ 174.765422] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd5518a8
with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | initiator cookie:
Sep 7 08:49:54 kernel: [ 174.765432] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | 54 35 b4 b8 be ba 22 5a
Sep 7 08:49:54 kernel: [ 174.765436] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | responder cookie:
Sep 7 08:49:54 kernel: [ 174.765439] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 pluto[5054]: | 9e 6e 00 44 ba 3a 20 41
Sep 7 08:49:54 kernel: [ 174.765443] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 pluto[5054]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 7 08:49:54 kernel: [ 174.765449] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd5518c0 with parser pfkey_address_parse.
Sep 7 08:49:54 pluto[5054]: | ISAKMP version: ISAKMP Version 1.0
(rfc2407) (0x10)
Sep 7 08:49:54 kernel: [ 174.765456] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=100.114.157.13 proto=0 port=0.
Sep 7 08:49:54 pluto[5054]: | exchange type: ISAKMP_XCHG_INFO (0x5)
Sep 7 08:49:54 kernel: [ 174.765459] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 pluto[5054]: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
Sep 7 08:49:54 kernel: [ 174.765462] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 pluto[5054]: | Message ID: 3212677092 (0xbf7d8fe4)
Sep 7 08:49:54 kernel: [ 174.765469] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd551890 with processor 0pbf340de4.
Sep 7 08:49:54 pluto[5054]: | next payload chain: saving message
location 'ISAKMP Message'.'next payload type'
Sep 7 08:49:54 kernel: [ 174.765472] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 pluto[5054]: | ***emit ISAKMP Hash Payload:
Sep 7 08:49:54 kernel: [ 174.765477] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd5518a8 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 7 08:49:54 kernel: [ 174.765480] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | next payload chain: setting previous
'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload
(8:ISAKMP_NEXT_HASH)
Sep 7 08:49:54 kernel: [ 174.765486]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 pluto[5054]: | next payload chain: saving location
'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
Sep 7 08:49:54 kernel: [ 174.765490]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 pluto[5054]: | emitting 32 zero bytes of HASH DATA into
ISAKMP Hash Payload
Sep 7 08:49:54 kernel: [ 174.765494]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | emitting length of ISAKMP Hash Payload: 36
Sep 7 08:49:54 kernel: [ 174.765498]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | ***emit ISAKMP Delete Payload:
Sep 7 08:49:54 kernel: [ 174.765502] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd5518c0 with processor 0pbf341164.
Sep 7 08:49:54 pluto[5054]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 7 08:49:54 kernel: [ 174.765505] klips_debug:pfkey_address_process:
Sep 7 08:49:54 pluto[5054]: | DOI: ISAKMP_DOI_IPSEC (0x1)
Sep 7 08:49:54 kernel: [ 174.765509]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | protocol ID: 3 (0x3)
Sep 7 08:49:54 kernel: [ 174.765512]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 pluto[5054]: | SPI size: 4 (0x4)
Sep 7 08:49:54 kernel: [ 174.765516]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 pluto[5054]: | number of SPIs: 1 (0x1)
Sep 7 08:49:54 kernel: [ 174.765521]
klips_debug:pfkey_address_process: ips_said.dst set to 100.114.157.13.
Sep 7 08:49:54 pluto[5054]: | next payload chain: setting previous
'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete
Payload (12:ISAKMP_NEXT_D)
Sep 7 08:49:54 kernel: [ 174.765523]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 pluto[5054]: | next payload chain: saving location
'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
Sep 7 08:49:54 kernel: [ 174.765528] klips_debug:pfkey_msg_interp:
parsing message type 4(delete) with msg_parser 0pbf33d914.
Sep 7 08:49:54 pluto[5054]: | emitting 4 raw bytes of delete payload
into ISAKMP Delete Payload
Sep 7 08:49:54 kernel: [ 174.765531] klips_debug:pfkey_delete_parse: .
Sep 7 08:49:54 pluto[5054]: | delete payload 57 8d 3f 4a
Sep 7 08:49:54 kernel: [ 174.765542] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=114 of SA:esp.578d3f4b at 100.114.157.13 requested.
Sep 7 08:49:54 pluto[5054]: | emitting length of ISAKMP Delete Payload: 16
Sep 7 08:49:54 kernel: [ 174.765552] ipsec_sa_get: ipsec_sa dd45d400
SA:esp.578d3f4b at 100.114.157.13, ref:32 reference count (3++) incremented
by ipsec_sa_getbyid:540.
Sep 7 08:49:54 pluto[5054]: | send delete HASH(1):
Sep 7 08:49:54 kernel: [ 174.765563] ipsec_sa_put: ipsec_sa dd45d400
SA:esp.578d3f4b at 100.114.157.13, ref:32 reference count (4--) decremented
by ipsec_sa_untern:448.
Sep 7 08:49:54 pluto[5054]: | eb 08 13 2c ec c6 7b 7c f7 fa 8c 53
e2 b3 60 92
Sep 7 08:49:54 kernel: [ 174.765570] klips_debug:ipsec_sa_del:
unhashing SA:esp.578d3f4b at 100.114.157.13 (ref=32), hashval=114.
Sep 7 08:49:54 pluto[5054]: | 86 8d 7a 1e d4 45 9f 84 02 39 9e b8
06 f2 65 45
Sep 7 08:49:54 kernel: [ 174.765578] ipsec_sa_put: ipsec_sa dd45d400
SA:esp.578d3f4b at 100.114.157.13, ref:32 reference count (3--) decremented
by ipsec_sa_rm:729.
Sep 7 08:49:54 pluto[5054]: | emitting 12 zero bytes of encryption
padding into ISAKMP Message
Sep 7 08:49:54 kernel: [ 174.765581] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:54 pluto[5054]: | no IKEv1 message padding required
Sep 7 08:49:54 kernel: [ 174.765590] ipsec_sa_put: ipsec_sa dd45d000
SA:tun.100f at 100.114.157.13, ref:31 reference count (3--) decremented by
ipsec_sa_untern:448.
Sep 7 08:49:54 pluto[5054]: | emitting length of ISAKMP Message: 92
Sep 7 08:49:54 kernel: [ 174.765596] klips_debug:ipsec_sa_del:
unhashing SA:tun.100f at 100.114.157.13 (ref=31), hashval=135.
Sep 7 08:49:54 pluto[5054]: | sending 96 bytes for delete notify
through wwan0 from 100.114.157.13:4500 to 166.130.x.x:4500 (using #1)
Sep 7 08:49:54 kernel: [ 174.765603] ipsec_sa_put: ipsec_sa dd45d000
SA:tun.100f at 100.114.157.13, ref:31 reference count (2--) decremented by
ipsec_sa_rm:729.
Sep 7 08:49:54 pluto[5054]: | 00 00 00 00 54 35 b4 b8 be ba 22 5a
9e 6e 00 44
Sep 7 08:49:54 kernel: [ 174.765606] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:54 pluto[5054]: | ba 3a 20 41 08 10 05 01 bf 7d 8f e4
00 00 00 5c
Sep 7 08:49:54 kernel: [ 174.765613] ipsec_sa_put: ipsec_sa dd45d400
SA:esp.578d3f4b at 100.114.157.13, ref:32 reference count (2--) decremented
by pfkey_delete_parse:953.
Sep 7 08:49:54 pluto[5054]: | 83 a9 59 3a b9 28 b4 18 c3 84 ea 17
7b e0 d5 3c
Sep 7 08:49:54 kernel: [ 174.765620] ipsec_sa_put: ipsec_sa dd45d400
SA:esp.578d3f4b at 100.114.157.13, ref:32 reference count (1--) decremented
by pfkey_delete_parse:960.
Sep 7 08:49:54 pluto[5054]: | 20 ed ce b9 59 24 58 ce dc 2d 56 da
9a 11 a8 02
Sep 7 08:49:54 kernel: [ 174.765623] ipsec_sa_put: freeing dd45d400
Sep 7 08:49:54 pluto[5054]: | b3 6e 3a 10 65 67 df 4b 1c 84 00 26
11 b1 5d 15
Sep 7 08:49:54 kernel: [ 174.765632] klips_debug:ipsec_sa_wipe:
removing SA=esp.578d3f4b at 100.114.157.13(0pdd45d400), SAref=32,
table=0(0pdd508000), entry=32 from the refTable.
Sep 7 08:49:54 pluto[5054]: | fa e1 c4 fc cb cc b3 9b 7f 9b 7e cb
5e 6e 57 4b
Sep 7 08:49:54 kernel: [ 174.765662] klips_debug: ipsec_alg_sa_wipe()
:unlinking for encalg=12
Sep 7 08:49:54 pluto[5054]: | state #8 requesting EVENT_SA_REPLACE to
be deleted
Sep 7 08:49:54 kernel: [ 174.765666] klips_debug: ipsec_alg_sa_wipe()
:unlinking for authalg=3
Sep 7 08:49:54 pluto[5054]: | libevent_free: release
ptr-libevent at 0xb6026520
Sep 7 08:49:54 kernel: [ 174.765675] ipsec_sa_put: ipsec_sa dd45d000
SA:tun.100f at 100.114.157.13, ref:31 reference count (1--) decremented by
ipsec_sa_wipe:1116.
Sep 7 08:49:54 pluto[5054]: | free_event_entry: release
EVENT_SA_REPLACE-pe at 0xb60042b0
Sep 7 08:49:54 kernel: [ 174.765678] ipsec_sa_put: freeing dd45d000
Sep 7 08:49:54 pluto[5054]: | running updown command "ipsec _updown"
for verb down
Sep 7 08:49:54 kernel: [ 174.765686] klips_debug:ipsec_sa_wipe:
removing SA=tun.100f at 100.114.157.13(0pdd45d000), SAref=31,
table=0(0pdd508000), entry=31 from the refTable.
Sep 7 08:49:54 pluto[5054]: | command executing down-client
Sep 7 08:49:54 kernel: [ 174.765695] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 pluto[5054]: | executing down-client: 2>&1
PLUTO_VERB='down-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='Tunnel1/3x1' PLUTO_INTERFACE='ipsec0'
PLUTO_NEXT_HOP='100.114.157.14' PLUTO_ME='100.114.157.13'
PLUTO_MY_ID='@HALOHALO' PLUTO_MY_CLIENT='10.10.0.0/24'
PLUTO_MY_CLIENT_NET='10.10.0.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16412'
PLUTO_SA_TYPE='ESP' PLUTO_PEER='166.130.x.x' PLUTO_PEER_ID='@RAMRAM'
PLUTO_PEER_CLIENT='10.0.0.0/24' PLUTO_PEER_CLIENT_NET='10.0.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='klips'
PLUTO_ADDTIME='42949499'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO'
PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4'
XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=''
PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0'
PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=''
VTI_ROUTING='no' VTI_S
Sep 7 08:49:54 kernel: [ 174.765702] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 pluto[5054]: | popen cmd is 1055 chars long
Sep 7 08:49:54 kernel: [ 174.765708] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd222740.
Sep 7 08:49:54 pluto[5054]: | cmd( 0):2>&1 PLUTO_VERB='down-client'
PLUTO_VERSION='2.0' PLUTO_CONNECTION='Tunnel1/3x1':
Sep 7 08:49:54 kernel: [ 174.765712] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | cmd( 80): PLUTO_INTERFACE='ipsec0'
PLUTO_NEXT_HOP='100.114.157.14' PLUTO_ME='100.114.157.:
Sep 7 08:49:54 kernel: [ 174.765715] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | cmd( 160):13' PLUTO_MY_ID='@HALOHALO'
PLUTO_MY_CLIENT='10.10.0.0/24' PLUTO_MY_CLIENT_NET=':
Sep 7 08:49:54 kernel: [ 174.765722] klips_debug:pfkey_sa_build:
spi=578d3f4b replay=0 sa_state=0 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 pluto[5054]: | cmd( 240):10.10.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO:
Sep 7 08:49:54 kernel: [ 174.765725] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | cmd( 320):COL='0' PLUTO_SA_REQID='16412'
PLUTO_SA_TYPE='ESP' PLUTO_PEER='166.130.x.x' PL:
Sep 7 08:49:54 kernel: [ 174.765728] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | cmd( 400):UTO_PEER_ID='@RAMRAM'
PLUTO_PEER_CLIENT='10.0.0.0/24' PLUTO_PEER_CLIENT_NET='10.:
Sep 7 08:49:54 kernel: [ 174.765733] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | cmd( 480):0.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO:
Sep 7 08:49:54 kernel: [ 174.765736] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | cmd( 560):TOCOL='0' PLUTO_PEER_CA=''
PLUTO_STACK='klips' PLUTO_ADDTIME='42949499' PLUTO_CO:
Sep 7 08:49:54 kernel: [ 174.765742] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 pluto[5054]: | cmd(
640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_:
Sep 7 08:49:54 kernel: [ 174.765746] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 pluto[5054]: | cmd( 720):NO'
PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4'
XAUTH_FAILED=0 P:
Sep 7 08:49:54 kernel: [ 174.765749] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 pluto[5054]: | cmd( 800):LUTO_IS_PEER_CISCO='0'
PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE:
Sep 7 08:49:54 kernel: [ 174.765751] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 pluto[5054]: | cmd( 880):ER_BANNER=''
PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V:
Sep 7 08:49:54 kernel: [ 174.765755] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 pluto[5054]: | cmd( 960):TI_IFACE='' VTI_ROUTING='no'
VTI_SHARED='no' SPI_IN=0xc42ed843 SPI_OUT=0x578d3f4:
Sep 7 08:49:54 kernel: [ 174.765758] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 pluto[5054]: | cmd(1040):a ipsec _updown:
Sep 7 08:49:54 kernel: [ 174.765762] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.765765] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.765767] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.765769] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.765774] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 kernel: [ 174.765778] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.765782] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.765785] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.765791] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd551b00 allocated 88 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 kernel: [ 174.765797] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.765801] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.765805] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.765811] klips_debug:pfkey_upmsg:
allocating 88 bytes...
Sep 7 08:49:54 kernel: [ 174.765815] klips_debug:pfkey_upmsg:
...allocated at 0pdd0f8400.
Sep 7 08:49:54 kernel: [ 174.765827] klips_debug:pfkey_delete_parse:
sending up delete reply message for satype=3(ESP) to socket=0pde2611c0
succeeded.
Sep 7 08:49:54 kernel: [ 174.765834]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.765839]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.765843]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.765847]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.765856] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.578d3f4b at 100.114.157.13, ref:0 reference count (1--) decremented
by pfkey_msg_interp:3144.
Sep 7 08:49:54 kernel: [ 174.765859] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 kernel: [ 174.765867] klips_debug:ipsec_sa_wipe:
removing SA=esp.578d3f4b at 100.114.157.13(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:54 kernel: [ 174.787777] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 kernel: [ 174.787792] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 kernel: [ 174.787807] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 kernel: [ 174.787819] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=5, errno=0, satype=3(ESP), len=11, res=0,
seq=105, pid=5054.
Sep 7 08:49:54 kernel: [ 174.787839] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 kernel: [ 174.787844] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 kernel: [ 174.787848] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 kernel: [ 174.787859] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=5(get), errno=0, satype=3(ESP), len=11,
res=0, seq=105, pid=5054.
Sep 7 08:49:54 kernel: [ 174.787866] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.787870] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.787877] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.787886] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd551890 with parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.787898] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=c42ed843
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.787902] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.787906] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.787913] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd5518a8
with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.787923] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.787926] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.787929] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.787933] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.787939] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd5518c0 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.787946] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=166.130.x.x proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.787948] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.787952] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.787958] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd551890 with processor 0pbf340de4.
Sep 7 08:49:54 kernel: [ 174.787961] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 kernel: [ 174.787966] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd5518a8 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.787969] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.787975]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 kernel: [ 174.787979]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 kernel: [ 174.787983]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.787988]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.787992] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd5518c0 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.787994] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.787998]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 kernel: [ 174.788001]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 kernel: [ 174.788004]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.788009]
klips_debug:pfkey_address_process: ips_said.dst set to 166.130.x.x.
Sep 7 08:49:54 kernel: [ 174.788011]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.788016] klips_debug:pfkey_msg_interp:
parsing message type 5(get) with msg_parser 0pbf33c2a8.
Sep 7 08:49:54 kernel: [ 174.788019] klips_debug:pfkey_get_parse: .
Sep 7 08:49:54 kernel: [ 174.788030] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=138 of SA:esp.c42ed843 at 166.130.x.x requested.
Sep 7 08:49:54 kernel: [ 174.788039] ipsec_sa_get: ipsec_sa dd51e400
SA:esp.c42ed843 at 166.130.x.x, ref:26 reference count (3++) incremented by
ipsec_sa_getbyid:540.
Sep 7 08:49:54 kernel: [ 174.788043] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.788051] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 kernel: [ 174.788057] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd222800.
Sep 7 08:49:54 kernel: [ 174.788060] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.788063] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.788071] klips_debug:pfkey_sa_build:
spi=c42ed843 replay=0 sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.788075] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.788077] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.788081] klips_debug:pfkey_lifetime_build:
Sep 7 08:49:54 kernel: [ 174.788085] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.788087] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.788092] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 kernel: [ 174.788096] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 kernel: [ 174.788102] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.788106] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.788108] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.788111] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.788115] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 kernel: [ 174.788117] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 kernel: [ 174.788122] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.788125] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.788127] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.788130] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.788141] ipsec_sa_put: ipsec_sa dd51e400
SA:esp.c42ed843 at 166.130.x.x, ref:26 reference count (4--) decremented by
pfkey_get_parse:1208.
Sep 7 08:49:54 kernel: [ 174.788147] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 kernel: [ 174.788151] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.788155] klips_debug:pfkey_msg_build:
extensions[2] needs 32 bytes
Sep 7 08:49:54 kernel: [ 174.788159] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.788162] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.788168] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd551b00 allocated 120 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 kernel: [ 174.788173] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.788178] klips_debug:pfkey_msg_build:
copying 32 bytes from extensions[2] (type=2)
Sep 7 08:49:54 kernel: [ 174.788182] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.788187] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.788191] klips_debug:pfkey_upmsg:
allocating 120 bytes...
Sep 7 08:49:54 kernel: [ 174.788196] klips_debug:pfkey_upmsg:
...allocated at 0pddcc1240.
Sep 7 08:49:54 kernel: [ 174.788206] klips_debug:pfkey_get_parse:
succeeded in sending get reply message.
Sep 7 08:49:54 kernel: [ 174.788212]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:54 kernel: [ 174.788217]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:54 kernel: [ 174.788221]
klips_debug:pfkey_extensions_free:Free extension 2 (32)
Sep 7 08:49:54 kernel: [ 174.788225]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:54 kernel: [ 174.788229]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:54 kernel: [ 174.788239] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.c42ed843 at 166.130.x.x, ref:0 reference count (1--) decremented by
pfkey_msg_interp:3144.
Sep 7 08:49:54 kernel: [ 174.788241] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:54 kernel: [ 174.788251] klips_debug:ipsec_sa_wipe:
removing SA=esp.c42ed843 at 166.130.x.x(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:54 kernel: [ 174.816720] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:54 kernel: [ 174.816740] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:54 kernel: [ 174.816756] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:54 kernel: [ 174.816770] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=5, errno=0, satype=3(ESP), len=11, res=0,
seq=106, pid=5054.
Sep 7 08:49:54 kernel: [ 174.816791] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:54 kernel: [ 174.816795] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:54 kernel: [ 174.816800] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:54 kernel: [ 174.816811] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=5(get), errno=0, satype=3(ESP), len=11,
res=0, seq=106, pid=5054.
Sep 7 08:49:54 kernel: [ 174.816818] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 5(get).
Sep 7 08:49:54 kernel: [ 174.816822] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:54 kernel: [ 174.816828] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:54 kernel: [ 174.816837] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd4c6090 with parser pfkey_sa_parse.
Sep 7 08:49:54 kernel: [ 174.816848] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=578d3f4a
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:54 kernel: [ 174.816853] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:54 kernel: [ 174.816857] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:54 kernel: [ 174.816864] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd4c60a8
with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.816874] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.816877] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.816880] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:54 kernel: [ 174.816885] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:54 kernel: [ 174.816891] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd4c60c0 with parser pfkey_address_parse.
Sep 7 08:49:54 kernel: [ 174.816898] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=100.114.157.13 proto=0 port=0.
Sep 7 08:49:54 kernel: [ 174.816900] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:54 kernel: [ 174.816903] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:54 kernel: [ 174.816910] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd4c6090 with processor 0pbf340de4.
Sep 7 08:49:54 kernel: [ 174.816913] klips_debug:pfkey_sa_process: .
Sep 7 08:49:54 kernel: [ 174.816919] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd4c60a8 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.816922] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.816928]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:54 kernel: [ 174.816931]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:54 kernel: [ 174.816935]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.816940]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.816944] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd4c60c0 with processor 0pbf341164.
Sep 7 08:49:54 kernel: [ 174.816946] klips_debug:pfkey_address_process:
Sep 7 08:49:54 kernel: [ 174.816951]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:54 kernel: [ 174.816953]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:54 kernel: [ 174.816956]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:54 kernel: [ 174.816962]
klips_debug:pfkey_address_process: ips_said.dst set to 100.114.157.13.
Sep 7 08:49:54 kernel: [ 174.816964]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:54 kernel: [ 174.816969] klips_debug:pfkey_msg_interp:
parsing message type 5(get) with msg_parser 0pbf33c2a8.
Sep 7 08:49:54 kernel: [ 174.816972] klips_debug:pfkey_get_parse: .
Sep 7 08:49:54 kernel: [ 174.816983] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=115 of SA:esp.578d3f4a at 100.114.157.13 requested.
Sep 7 08:49:54 kernel: [ 174.816993] ipsec_sa_get: ipsec_sa dd526c00
SA:esp.578d3f4a at 100.114.157.13, ref:28 reference count (3++) incremented
by ipsec_sa_getbyid:540.
Sep 7 08:49:54 kernel: [ 174.816996] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:54 kernel: [ 174.817004] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:54 kernel: [ 174.817009] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbb4 pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd2225c0.
Sep 7 08:49:54 kernel: [ 174.817013] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.817016] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.817024] klips_debug:pfkey_sa_build:
spi=578d3f4a replay=0 sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:54 kernel: [ 174.817027] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.817029] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.817034] klips_debug:pfkey_lifetime_build:
Sep 7 08:49:54 kernel: [ 174.817037] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.817039] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.817045] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:54 kernel: [ 174.817048] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 kernel: [ 174.817054] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:54 kernel: [ 174.817057] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.817060] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.817062] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.817066] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:54 kernel: [ 174.817068] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:54 kernel: [ 174.817072] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:54 kernel: [ 174.817076] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:54 kernel: [ 174.817078] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:54 kernel: [ 174.817080] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:54 kernel: [ 174.817091] ipsec_sa_put: ipsec_sa dd526c00
SA:esp.578d3f4a at 100.114.157.13, ref:28 reference count (4--) decremented
by pfkey_get_parse:1208.
Sep 7 08:49:54 kernel: [ 174.817098] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:54 kernel: [ 174.817102] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.817105] klips_debug:pfkey_msg_build:
extensions[2] needs 32 bytes
Sep 7 08:49:54 kernel: [ 174.817109] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.817112] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:54 kernel: [ 174.817119] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd607600 allocated 120 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:54 kernel: [ 174.817124] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:54 kernel: [ 174.817129] klips_debug:pfkey_msg_build:
copying 32 bytes from extensions[2] (type=2)
Sep 7 08:49:54 kernel: [ 174.817133] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:54 kernel: [ 174.817137] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:54 kernel: [ 174.817142] klips_debug:pfkey_upmsg:
allocating 120 bytes...
Sep 7 08:49:54 kernel: [ 174.817147] klips_debug:pfkey_upmsg:
...allocated at 0pdd0f8400.
Sep 7 08:49:55 kernel: [ 174.817157] klips_debug:pfkey_get_parse:
succeeded in sending get reply message.
Sep 7 08:49:55 kernel: [ 174.817163]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:55 kernel: [ 174.817168]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:55 kernel: [ 174.817172]
klips_debug:pfkey_extensions_free:Free extension 2 (32)
Sep 7 08:49:55 kernel: [ 174.817176]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:55 kernel: [ 174.817180]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:55 kernel: [ 174.817190] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.578d3f4a at 100.114.157.13, ref:0 reference count (1--) decremented
by pfkey_msg_interp:3144.
Sep 7 08:49:55 kernel: [ 174.817193] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:55 kernel: [ 174.817202] klips_debug:ipsec_sa_wipe:
removing SA=esp.578d3f4a at 100.114.157.13(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:55 kernel: [ 175.419693] UDP_ENCAP_ESPINUDP_NON_IKE:
len=96 0x0
Sep 7 08:49:55 kernel: [ 175.419704] UDP_ENCAP_ESPINUDP: IKE packet
detected
Sep 7 08:49:55 pluto[5054]: | shunt_eroute() called for connection
'Tunnel1/3x1' to 'replace with shunt' for rt_kind 'prospective erouted'
using protoports 10.10.0.0/24:0 --0->- 10.0.0.0/24:0
Sep 7 08:49:55 pluto[5054]: | priority calculation of connection
"Tunnel1/3x1" is 0xfe7e7
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9aadbc pfkey_ext=0p0xbe9aaf00 *pfkey_ext=0p(nil).
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9aadbc pfkey_ext=0p0xbe9aaf00 *pfkey_ext=0p0x8a5270.
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_build: spi=00000104 replay=0
sa_state=0 auth=0 encrypt=0 flags=2
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=0.0.0.0:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=21 proto=0
prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=10.10.0.0:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=22 proto=0
prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=10.0.0.0:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=23 proto=0
prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=255.255.255.0:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=24 proto=0
prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=255.255.255.0:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[21] needs 24
bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[22] needs 24
bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[23] needs 24
bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[24] needs 24
bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x813628
allocated 184 bytes, &(extensions[0])=0p0xbe9aaf00
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[21] (type=21)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[22] (type=22)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[23] (type=23)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[24] (type=24)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=14(x-addflow(eroute)), errno=0, satype=11(INT), len=23, res=0,
seq=107, pid=5054.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: satype 11(INT)
conversion to proto gives 61 for msg_type 14(x-addflow(eroute)).
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=21
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=21.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=21
ext_type=1(security-association) ext_len=3 parsing ext 0p0x813638 with
parser pfkey_sa_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=00000104 replay=0 state=0 auth=0
encrypt=0 flags=2 ref=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=18.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=18
ext_type=5(source-address) ext_len=3 parsing ext 0p0x813650 with parser
pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=15.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=15
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x813668 with
parser pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=0.0.0.0 proto=0
port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=21(X-source-flow-address) remain=12.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=12
ext_type=21(X-source-flow-address) ext_len=3 parsing ext 0p0x813680 with
parser pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=21(X-source-flow-address) family=2(AF_INET) address=10.10.0.0
proto=0 port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
21(X-source-flow-address) parsed.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=22(X-dest-flow-address) remain=9.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=22(X-dest-flow-address) ext_len=3 parsing ext 0p0x813698 with
parser pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=22(X-dest-flow-address) family=2(AF_INET) address=10.0.0.0
proto=0 port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
22(X-dest-flow-address) parsed.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=23(X-source-mask) remain=6.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=23(X-source-mask) ext_len=3 parsing ext 0p0x8136b0 with parser
pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.0
proto=0 port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
23(X-source-mask) parsed.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=24(X-dest-mask) remain=3.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=24(X-dest-mask) ext_len=3 parsing ext 0p0x8136c8 with parser
pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.0 proto=0
port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
24(X-dest-mask) parsed.
Sep 7 08:49:55 pluto[5054]: | finish_pfkey_msg: K_SADB_X_ADDFLOW
message 107 for flow eroute_connection replace with shunt
Sep 7 08:49:55 pluto[5054]: | 02 0e 00 0b 17 00 00 00 6b 00 00 00
be 13 00 00
Sep 7 08:49:55 pluto[5054]: | 03 00 01 00 00 00 01 04 00 00 00 00
02 00 00 00
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:55 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:55 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
00 00 00 00
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 15 00
00 00 00 00
Sep 7 08:49:55 pluto[5054]: | 02 00 00 00 0a 0a 00 00 00 00 00 00
00 00 00 00
Sep 7 08:49:55 pluto[5054]: | 03 00 16 00 00 00 00 00 02 00 00 00
0a 00 00 00
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 17 00
00 00 00 00
Sep 7 08:49:55 pluto[5054]: | 02 00 00 00 ff ff ff 00 00 00 00 00
00 00 00 00
Sep 7 08:49:55 pluto[5054]: | 03 00 18 00 00 00 00 00 02 00 00 00
ff ff ff 00
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:55 pluto[5054]: | pfkey_get: K_SADB_X_ADDFLOW message 107
Sep 7 08:49:55 kernel: [ 175.493477] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:55 kernel: [ 175.493499] klips_debug:pfkey_sendmsg:
allocating 184 bytes for downward message.
Sep 7 08:49:55 kernel: [ 175.493675] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:55 kernel: [ 175.493693] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=14, errno=0, satype=11(INT), len=23, res=0,
seq=107, pid=5054.
Sep 7 08:49:55 kernel: [ 175.493714] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:55 kernel: [ 175.493718] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:55 kernel: [ 175.493922] klips_debug:pfkey_msg_interp:
satype 11 lookups to proto=61.
Sep 7 08:49:55 kernel: [ 175.493934] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=14(x-addflow(eroute)), errno=0,
satype=11(INT), len=23, res=0, seq=107, pid=5054.
Sep 7 08:49:55 kernel: [ 175.493941] klips_debug:pfkey_msg_parse:
satype 11(INT) conversion to proto gives 61 for msg_type
14(x-addflow(eroute)).
Sep 7 08:49:55 kernel: [ 175.493946] klips_debug:pfkey_msg_parse:
remain=21
Sep 7 08:49:55 kernel: [ 175.493952] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=21.
Sep 7 08:49:55 kernel: [ 175.493961] klips_debug:pfkey_msg_parse:
remain=21 ext_type=1(security-association) ext_len=3 parsing ext
0pddff0550 with parser pfkey_sa_parse.
Sep 7 08:49:55 kernel: [ 175.494072] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=00000104
replay=0 state=0 auth=0 encrypt=0 flags=2 ref=0.
Sep 7 08:49:55 kernel: [ 175.494077] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:55 kernel: [ 175.494081] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=18.
Sep 7 08:49:55 kernel: [ 175.494089] klips_debug:pfkey_msg_parse:
remain=18 ext_type=5(source-address) ext_len=3 parsing ext 0pddff0568
with parser pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.494099] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.494102] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:55 kernel: [ 175.494262] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:55 kernel: [ 175.494267] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=15.
Sep 7 08:49:55 kernel: [ 175.494275] klips_debug:pfkey_msg_parse:
remain=15 ext_type=6(destination-address) ext_len=3 parsing ext
0pddff0580 with parser pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.494283] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET) address=0.0.0.0
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.494285] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:55 kernel: [ 175.494288] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:55 kernel: [ 175.494293] klips_debug:pfkey_msg_parse:
parsing ext type=21(X-source-flow-address) remain=12.
Sep 7 08:49:55 kernel: [ 175.494300] klips_debug:pfkey_msg_parse:
remain=12 ext_type=21(X-source-flow-address) ext_len=3 parsing ext
0pddff0598 with parser pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.494410] klips_debug:pfkey_address_parse:
found exttype=21(X-source-flow-address) family=2(AF_INET)
address=10.10.0.0 proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.494413] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:55 kernel: [ 175.494417] klips_debug:pfkey_msg_parse:
Extension 21(X-source-flow-address) parsed.
Sep 7 08:49:55 kernel: [ 175.494421] klips_debug:pfkey_msg_parse:
parsing ext type=22(X-dest-flow-address) remain=9.
Sep 7 08:49:55 kernel: [ 175.494428] klips_debug:pfkey_msg_parse:
remain=9 ext_type=22(X-dest-flow-address) ext_len=3 parsing ext
0pddff05b0 with parser pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:55 kernel: [ 175.494434] klips_debug:pfkey_address_parse:
found exttype=22(X-dest-flow-address) family=2(AF_INET) address=10.0.0.0
proto=0 port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:55 kernel: [ 175.494437] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:55 kernel: [ 175.494440] klips_debug:pfkey_msg_parse:
Extension 22(X-dest-flow-address) parsed.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:55 kernel: [ 175.494444] klips_debug:pfkey_msg_parse:
parsing ext type=23(X-source-mask) remain=6.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 21 (24)
Sep 7 08:49:55 kernel: [ 175.494551] klips_debug:pfkey_msg_parse:
remain=6 ext_type=23(X-source-mask) ext_len=3 parsing ext 0pddff05c8
with parser pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 22 (24)
Sep 7 08:49:55 kernel: [ 175.494560] klips_debug:pfkey_address_parse:
found exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.0
proto=0 port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 23 (24)
Sep 7 08:49:55 kernel: [ 175.494562] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 24 (24)
Sep 7 08:49:55 kernel: [ 175.494566] klips_debug:pfkey_msg_parse:
Extension 23(X-source-mask) parsed.
Sep 7 08:49:55 pluto[5054]: | delete esp.c42ed843 at 166.130.x.x
Sep 7 08:49:55 kernel: [ 175.494571] klips_debug:pfkey_msg_parse:
parsing ext type=24(X-dest-mask) remain=3.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:55 kernel: [ 175.494577] klips_debug:pfkey_msg_parse:
remain=3 ext_type=24(X-dest-mask) ext_len=3 parsing ext 0pddff05e0 with
parser pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9aaf2c pfkey_ext=0p0xbe9aafa0 *pfkey_ext=0p(nil).
Sep 7 08:49:55 kernel: [ 175.494584] klips_debug:pfkey_address_parse:
found exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.0
proto=0 port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9aaf2c pfkey_ext=0p0xbe9aafa0 *pfkey_ext=0p0x8a5270.
Sep 7 08:49:55 kernel: [ 175.494586] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_build: spi=c42ed843 replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:55 kernel: [ 175.494696] klips_debug:pfkey_msg_parse:
Extension 24(X-dest-mask) parsed.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:55 kernel: [ 175.494705] klips_debug:pfkey_msg_interp:
processing ext 1 0pddff0550 with processor 0pbf340de4.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 kernel: [ 175.494708] klips_debug:pfkey_sa_process: .
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:55 kernel: [ 175.494713] klips_debug:pfkey_msg_interp:
processing ext 5 0pddff0568 with processor 0pbf341164.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 kernel: [ 175.494717] klips_debug:pfkey_address_process:
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:55 kernel: [ 175.494724]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 kernel: [ 175.494727]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:55 kernel: [ 175.494732]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 kernel: [ 175.494905]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:55 kernel: [ 175.494912] klips_debug:pfkey_msg_interp:
processing ext 6 0pddff0580 with processor 0pbf341164.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.494915] klips_debug:pfkey_address_process:
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.494919]
klips_debug:pfkey_address_process: found address family=2, AF_INET, 0.0.0.0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.494922]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cb968
allocated 88 bytes, &(extensions[0])=0p0xbe9aafa0
Sep 7 08:49:55 kernel: [ 175.494926]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:55 kernel: [ 175.494931]
klips_debug:pfkey_address_process: ips_said.dst set to 0.0.0.0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:55 kernel: [ 175.494934]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:55 kernel: [ 175.494939] klips_debug:pfkey_msg_interp:
processing ext 21 0pddff0598 with processor 0pbf341164.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=108, pid=5054.
Sep 7 08:49:55 kernel: [ 175.494941] klips_debug:pfkey_address_process:
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:55 kernel: [ 175.494946]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
10.10.0.0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:55 kernel: [ 175.495041]
klips_debug:pfkey_address_process: found src flow address.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:55 kernel: [ 175.495050] klips_debug:pfkey_alloc_eroute:
allocating 248 bytes for an eroute at 0pdd50ff00
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cb978 with
parser pfkey_sa_parse.
Sep 7 08:49:55 kernel: [ 175.495060] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/0:0->0.0.0.0/0:0
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed843 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:55 kernel: [ 175.495062]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:55 kernel: [ 175.495067] klips_debug:pfkey_msg_interp:
processing ext 22 0pddff05b0 with processor 0pbf341164.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:55 kernel: [ 175.495070] klips_debug:pfkey_address_process:
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cb990 with parser
pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.495075]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
10.0.0.0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.495078]
klips_debug:pfkey_address_process: found dst flow address.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.495081] klips_debug:pfkey_alloc_eroute:
eroute struct already allocated
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:55 kernel: [ 175.495179] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/0:0->10.0.0.0/0:0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:55 kernel: [ 175.495183]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cb9a8 with
parser pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.495189] klips_debug:pfkey_msg_interp:
processing ext 23 0pddff05c8 with processor 0pbf341164.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.495192] klips_debug:pfkey_address_process:
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.495197]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
255.255.255.0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:55 kernel: [ 175.495200]
klips_debug:pfkey_address_process: found src mask address.
Sep 7 08:49:55 pluto[5054]: | finish_pfkey_msg: K_SADB_DELETE message
108 for Delete SA esp.c42ed843 at 166.130.x.x
Sep 7 08:49:55 kernel: [ 175.495202] klips_debug:pfkey_alloc_eroute:
eroute struct already allocated
Sep 7 08:49:55 pluto[5054]: | 02 04 00 03 0b 00 00 00 6c 00 00 00
be 13 00 00
Sep 7 08:49:55 kernel: [ 175.495209] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/24:0->10.0.0.0/0:0
Sep 7 08:49:55 pluto[5054]: | 03 00 01 00 c4 2e d8 43 00 01 00 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.495211]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.495216] klips_debug:pfkey_msg_interp:
processing ext 24 0pddff05e0 with processor 0pbf341164.
Sep 7 08:49:55 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.495218] klips_debug:pfkey_address_process:
Sep 7 08:49:55 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
a6 82 3e 34
Sep 7 08:49:55 kernel: [ 175.495314]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
255.255.255.0.
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:55 kernel: [ 175.495319]
klips_debug:pfkey_address_process: found dst mask address.
Sep 7 08:49:55 pluto[5054]: | pfkey_get: K_SADB_DELETE message 108
Sep 7 08:49:55 kernel: [ 175.495322] klips_debug:pfkey_alloc_eroute:
eroute struct already allocated
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:55 kernel: [ 175.495329] klips_debug:pfkey_address_parse:
extr->eroute set to 10.10.0.0/24:0->10.0.0.0/24:0
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:55 kernel: [ 175.495331]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:55 kernel: [ 175.495338] klips_debug:pfkey_msg_interp:
parsing message type 14(x-addflow(eroute)) with msg_parser 0pbf33c8f0.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:55 kernel: [ 175.495342] klips_debug:pfkey_x_addflow_parse: .
Sep 7 08:49:55 pluto[5054]: | delete esp.578d3f4a at 100.114.157.13
Sep 7 08:49:55 kernel: [ 175.495349]
klips_debug:pfkey_x_addflow_parse: calling breakeroute and/or makeroute
for 10.10.0.0/24->10.0.0.0/24
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:55 kernel: [ 175.495353]
klips_debug:pfkey_x_addflow_parse: REPLACEFLOW flag set, calling
breakeroute.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9aaf7c pfkey_ext=0p0xbe9aaff0 *pfkey_ext=0p(nil).
Sep 7 08:49:55 kernel: [ 175.497769] klips_debug:ipsec_breakroute:
attempting to delete eroute for 10.10.0.0/24:0->10.0.0.0/24:0 0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9aaf7c pfkey_ext=0p0xbe9aaff0 *pfkey_ext=0p0x8a5270.
Sep 7 08:49:55 kernel: [ 175.497858] klips_debug:ipsec_breakroute:
deleted eroute=0pdd601200, ident=0p (null)->0p (null), first=0p
(null), last=0p (null)
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_build: spi=578d3f4a replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:55 kernel: [ 175.497863]
klips_debug:pfkey_x_addflow_parse: calling makeroute.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:55 kernel: [ 175.497908] klips_debug:ipsec_makeroute:
attempting to allocate 248 bytes to insert eroute for
10.10.0.0/24->10.0.0.0/24, SA: %trap, PID:5054, skb=0p (null),
ident:NULL->NULL
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 kernel: [ 175.497969] klips_debug:ipsec_makeroute:
2c1a01000a0a00000a0000000000000000000000000000000000000000000000000000000000000000000000
/
2c1aff00ffffff00ffffff000000000000000000000000000000000000000000000000000000000000000000
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:55 kernel: [ 175.497975] klips_debug:ipsec_makeroute:
calling rj_addroute now
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 kernel: [ 175.497993] klips_debug:ipsec_makeroute:
pid=05054 count= 0 lasttime= 0 10.10.0.0/24 ->
10.0.0.0/24 => %trap
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:55 kernel: [ 175.497997] klips_debug:ipsec_makeroute:
succeeded.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 kernel: [ 175.498001]
klips_debug:pfkey_x_addflow_parse: makeroute call successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:55 kernel: [ 175.498004] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 kernel: [ 175.498034] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdb0c pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:55 kernel: [ 175.498041] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdb0c pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd222700.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.498045] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.498048] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.498056] klips_debug:pfkey_sa_build:
spi=00000104 replay=0 sa_state=0 auth=0 encrypt=0 flags=2
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cba98
allocated 88 bytes, &(extensions[0])=0p0xbe9aaff0
Sep 7 08:49:55 kernel: [ 175.498060] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:55 kernel: [ 175.498062] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:55 kernel: [ 175.498068] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:55 kernel: [ 175.498072] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=109, pid=5054.
Sep 7 08:49:55 kernel: [ 175.498101] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:55 kernel: [ 175.498106] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:55 kernel: [ 175.498108] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:55 kernel: [ 175.498111] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cbaa8 with
parser pfkey_sa_parse.
Sep 7 08:49:55 kernel: [ 175.498115] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f4a replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:55 kernel: [ 175.498117] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:55 kernel: [ 175.498122] klips_debug:pfkey_address_build:
found address=0.0.0.0:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:55 kernel: [ 175.498125] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cbac0 with parser
pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.498127] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:55 kernel: [ 175.498130] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.498134] klips_debug:pfkey_address_build:
exttype=21 proto=0 prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:55 kernel: [ 175.498137] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:55 kernel: [ 175.498141] klips_debug:pfkey_address_build:
found address=10.10.0.0:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cbad8 with
parser pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.498165] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.498168] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.498170] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:55 kernel: [ 175.498174] klips_debug:pfkey_address_build:
exttype=22 proto=0 prefixlen=0
Sep 7 08:49:55 pluto[5054]: | finish_pfkey_msg: K_SADB_DELETE message
109 for Delete SA esp.578d3f4a at 100.114.157.13
Sep 7 08:49:55 kernel: [ 175.498177] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:55 pluto[5054]: | 02 04 00 03 0b 00 00 00 6d 00 00 00
be 13 00 00
Sep 7 08:49:55 kernel: [ 175.498182] klips_debug:pfkey_address_build:
found address=10.0.0.0:0.
Sep 7 08:49:55 pluto[5054]: | 03 00 01 00 57 8d 3f 4a 00 01 00 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.498186] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.498189] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | 02 00 00 00 a6 82 3e 34 00 00 00 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.498191] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
64 72 9d 0d
Sep 7 08:49:55 kernel: [ 175.498195] klips_debug:pfkey_address_build:
exttype=23 proto=0 prefixlen=0
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:55 kernel: [ 175.498197] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_get: K_SADB_DELETE message 109
Sep 7 08:49:55 kernel: [ 175.498201] klips_debug:pfkey_address_build:
found address=255.255.255.0:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:55 kernel: [ 175.498205] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:55 kernel: [ 175.498207] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:55 kernel: [ 175.498229] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:55 kernel: [ 175.498233] klips_debug:pfkey_address_build:
exttype=24 proto=0 prefixlen=0
Sep 7 08:49:55 pluto[5054]: | in connection_discard for connection
Tunnel1/3x1
Sep 7 08:49:55 kernel: [ 175.498236] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:55 pluto[5054]: | State DB: deleting IKEv1 state #8 in QUICK_I2
Sep 7 08:49:55 kernel: [ 175.498241] klips_debug:pfkey_address_build:
found address=255.255.255.0:0.
Sep 7 08:49:55 pluto[5054]: | child state #8: QUICK_I2(established
CHILD SA) => UNDEFINED(ignore)
Sep 7 08:49:55 kernel: [ 175.498244] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:55 pluto[5054]: | stop processing: state #8 from
166.130.x.x:4500 (in delete_state() at state.c:1143)
Sep 7 08:49:55 kernel: [ 175.498247] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | processing: STOP state #0 (in
foreach_state_by_connection_func_delete() at state.c:1312)
Sep 7 08:49:55 kernel: [ 175.498249] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | state #7
Sep 7 08:49:55 kernel: [ 175.498254] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:55 pluto[5054]: | start processing: state #7 connection
"Tunnel1/2x3" from 166.130.x.x:4500 (in
foreach_state_by_connection_func_delete() at state.c:1310)
Sep 7 08:49:55 kernel: [ 175.498258] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: | pstats #7 ikev1.ipsec deleted completed
Sep 7 08:49:55 kernel: [ 175.498261] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: | [RE]START processing: state #7 connection
"Tunnel1/2x3" from 166.130.x.x:4500 (in delete_state() at state.c:879)
Sep 7 08:49:55 kernel: [ 175.498265] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: "Tunnel1/2x3" #7: deleting state
(STATE_QUICK_I2) aged 53.600s and sending notification
Sep 7 08:49:55 kernel: [ 175.498269] klips_debug:pfkey_msg_build:
extensions[21] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: | child state #7: QUICK_I2(established
CHILD SA) => delete
Sep 7 08:49:55 kernel: [ 175.498272] klips_debug:pfkey_msg_build:
extensions[22] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: | get_sa_info esp.c42ed842 at 166.130.x.x
Sep 7 08:49:55 kernel: [ 175.498294] klips_debug:pfkey_msg_build:
extensions[23] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:55 kernel: [ 175.498298] klips_debug:pfkey_msg_build:
extensions[24] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p(nil).
Sep 7 08:49:55 kernel: [ 175.498306] klips_debug:pfkey_msg_build:
pfkey_msg=0pddc0e0c0 allocated 184 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p0x8a5270.
Sep 7 08:49:55 kernel: [ 175.498311] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_build: spi=c42ed842 replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:55 kernel: [ 175.498316] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:55 kernel: [ 175.498321] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 kernel: [ 175.498325] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[21] (type=21)
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:55 kernel: [ 175.498329] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[22] (type=22)
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 kernel: [ 175.498333] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[23] (type=23)
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:55 kernel: [ 175.498338] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[24] (type=24)
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 kernel: [ 175.498364] klips_debug:pfkey_upmsg:
allocating 184 bytes...
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:55 kernel: [ 175.498372] klips_debug:pfkey_upmsg:
...allocated at 0pdd3bcd80.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 kernel: [ 175.498388]
klips_debug:pfkey_x_addflow_parse: sending up x_addflow reply message
for satype=11(INT) (proto=61) to socket=0pde2611c0 succeeded.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:55 kernel: [ 175.498392]
klips_debug:pfkey_x_addflow_parse: extr->ips cleaned up and freed.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.498397]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.498402]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.498406]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cbaf8
allocated 88 bytes, &(extensions[0])=0p0xbe9a9fac
Sep 7 08:49:55 kernel: [ 175.498433]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:55 kernel: [ 175.498437]
klips_debug:pfkey_extensions_free:Free extension 21 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:55 kernel: [ 175.498442]
klips_debug:pfkey_extensions_free:Free extension 22 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:55 kernel: [ 175.498446]
klips_debug:pfkey_extensions_free:Free extension 23 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=11, res=0, seq=110, pid=5054.
Sep 7 08:49:55 kernel: [ 175.498450]
klips_debug:pfkey_extensions_free:Free extension 24 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:55 kernel: [ 175.498462] ipsec_sa_put: ipsec_sa dd51b000
SA:%trap, ref:0 reference count (1--) decremented by pfkey_msg_interp:3144.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:55 kernel: [ 175.498465] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:55 kernel: [ 175.498474] klips_debug:ipsec_sa_wipe:
removing SA=%trap(0pdd51b000), SAref=0, table=0(0pdd508000), entry=0
from the refTable.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cbb08 with
parser pfkey_sa_parse.
Sep 7 08:49:55 kernel: [ 175.535938] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed842 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:55 kernel: [ 175.535957] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:55 kernel: [ 175.535963] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:55 kernel: [ 175.535977] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0,
seq=108, pid=5054.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cbb20 with parser
pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.535998] ipsec_sa_get: ipsec_sa dd51b000
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.536002] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd51b000.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.536008] klips_debug:pfkey_msg_interp:
satype 3 lookups to proto=50.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:55 kernel: [ 175.536019] klips_debug:pfkey_msg_parse:
parsing message ver=2, type=4(delete), errno=0, satype=3(ESP), len=11,
res=0, seq=108, pid=5054.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:55 kernel: [ 175.536025] klips_debug:pfkey_msg_parse:
satype 3(ESP) conversion to proto gives 50 for msg_type 4(delete).
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cbb38 with
parser pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.536029] klips_debug:pfkey_msg_parse: remain=9
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.536035] klips_debug:pfkey_msg_parse:
parsing ext type=1(security-association) remain=9.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.536045] klips_debug:pfkey_msg_parse:
remain=9 ext_type=1(security-association) ext_len=3 parsing ext
0pdd607210 with parser pfkey_sa_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:55 kernel: [ 175.536056] klips_debug:pfkey_sa_parse:
successfully found len=3 exttype=1(security-association) spi=c42ed843
replay=0 state=1 auth=0 encrypt=0 flags=0 ref=0.
Sep 7 08:49:55 pluto[5054]: | finish_pfkey_msg: K_SADB_GET message 110
for Get SA esp.c42ed842 at 166.130.x.x
Sep 7 08:49:55 kernel: [ 175.536060] klips_debug:pfkey_msg_parse:
Extension 1(security-association) parsed.
Sep 7 08:49:55 pluto[5054]: | 02 05 00 03 0b 00 00 00 6e 00 00 00
be 13 00 00
Sep 7 08:49:55 kernel: [ 175.536065] klips_debug:pfkey_msg_parse:
parsing ext type=5(source-address) remain=6.
Sep 7 08:49:55 pluto[5054]: | 03 00 01 00 c4 2e d8 42 00 01 00 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.536071] klips_debug:pfkey_msg_parse:
remain=6 ext_type=5(source-address) ext_len=3 parsing ext 0pdd607228
with parser pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.536081] klips_debug:pfkey_address_parse:
found exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:55 pluto[5054]: | 02 00 00 00 64 72 9d 0d 00 00 00 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.536084] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:55 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
a6 82 3e 34
Sep 7 08:49:55 kernel: [ 175.536087] klips_debug:pfkey_msg_parse:
Extension 5(source-address) parsed.
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:55 kernel: [ 175.536091] klips_debug:pfkey_msg_parse:
parsing ext type=6(destination-address) remain=3.
Sep 7 08:49:55 pluto[5054]: | pfkey_get: K_SADB_GET message 110
Sep 7 08:49:55 kernel: [ 175.536097] klips_debug:pfkey_msg_parse:
remain=3 ext_type=6(destination-address) ext_len=3 parsing ext
0pdd607240 with parser pfkey_address_parse.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:55 kernel: [ 175.536104] klips_debug:pfkey_address_parse:
found exttype=6(destination-address) family=2(AF_INET)
address=166.130.x.x proto=0 port=0.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:55 kernel: [ 175.536106] klips_debug:pfkey_address_parse:
successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:55 kernel: [ 175.536109] klips_debug:pfkey_msg_parse:
Extension 6(destination-address) parsed.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:55 kernel: [ 175.536116] klips_debug:pfkey_msg_interp:
processing ext 1 0pdd607210 with processor 0pbf340de4.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=15, res=0, seq=110, pid=5054.
Sep 7 08:49:55 kernel: [ 175.536119] klips_debug:pfkey_sa_process: .
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:55 kernel: [ 175.536124] klips_debug:pfkey_msg_interp:
processing ext 5 0pdd607228 with processor 0pbf341164.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=13
Sep 7 08:49:55 kernel: [ 175.536127] klips_debug:pfkey_address_process:
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=13.
Sep 7 08:49:55 kernel: [ 175.536133]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
100.114.157.13.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=13
ext_type=1(security-association) ext_len=3 parsing ext 0p0xbe9aa0c4 with
parser pfkey_sa_parse.
Sep 7 08:49:55 kernel: [ 175.536137]
klips_debug:pfkey_address_process: found src address.
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=c42ed842 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:55 kernel: [ 175.536141]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:55 kernel: [ 175.536146]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=2(lifetime-current) remain=10.
Sep 7 08:49:55 kernel: [ 175.536151] klips_debug:pfkey_msg_interp:
processing ext 6 0pdd607240 with processor 0pbf341164.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=10
ext_type=2(lifetime-current) ext_len=4 parsing ext 0p0xbe9aa0dc with
parser pfkey_lifetime_parse.
Sep 7 08:49:55 kernel: [ 175.536153] klips_debug:pfkey_address_process:
Sep 7 08:49:55 pluto[5054]: | pfkey_lifetime_parse:enter
Sep 7 08:49:55 kernel: [ 175.536157]
klips_debug:pfkey_address_process: found address family=2, AF_INET,
166.130.x.x.
Sep 7 08:49:55 pluto[5054]: | pfkey_lifetime_parse:
life_type=2(lifetime-current) alloc=1 bytes=0 add=42949499 use=0.
Sep 7 08:49:55 kernel: [ 175.536160]
klips_debug:pfkey_address_process: found dst address.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
2(lifetime-current) parsed.
Sep 7 08:49:55 kernel: [ 175.536163]
klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:55 kernel: [ 175.536169]
klips_debug:pfkey_address_process: ips_said.dst set to 166.130.x.x.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0xbe9aa0fc with
parser pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.536171]
klips_debug:pfkey_address_process: successful.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.536176] klips_debug:pfkey_msg_interp:
parsing message type 4(delete) with msg_parser 0pbf33d914.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.536179] klips_debug:pfkey_delete_parse: .
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:55 kernel: [ 175.536190] ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=138 of SA:esp.c42ed843 at 166.130.x.x requested.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:55 kernel: [ 175.536199] ipsec_sa_get: ipsec_sa dd51e400
SA:esp.c42ed843 at 166.130.x.x, ref:26 reference count (3++) incremented by
ipsec_sa_getbyid:540.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0xbe9aa114 with
parser pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.536211] ipsec_sa_put: ipsec_sa dd4f5c00
SA:tun.100c at 166.130.x.x, ref:25 reference count (3--) decremented by
ipsec_sa_untern:448.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=166.130.x.x
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.536219] klips_debug:ipsec_sa_del:
unhashing SA:tun.100c at 166.130.x.x (ref=25), hashval=54.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.536227] ipsec_sa_put: ipsec_sa dd4f5c00
SA:tun.100c at 166.130.x.x, ref:25 reference count (2--) decremented by
ipsec_sa_rm:729.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:55 kernel: [ 175.536230] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:55 pluto[5054]: | get_sa_info esp.578d3f49 at 100.114.157.13
Sep 7 08:49:55 kernel: [ 175.536238] ipsec_sa_put: ipsec_sa dd51e400
SA:esp.c42ed843 at 166.130.x.x, ref:26 reference count (4--) decremented by
ipsec_sa_untern:448.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build:
Sep 7 08:49:55 kernel: [ 175.536243] klips_debug:ipsec_sa_del:
unhashing SA:esp.c42ed843 at 166.130.x.x (ref=26), hashval=138.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_entry
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p(nil).
Sep 7 08:49:55 kernel: [ 175.536251] ipsec_sa_put: ipsec_sa dd51e400
SA:esp.c42ed843 at 166.130.x.x, ref:26 reference count (3--) decremented by
ipsec_sa_rm:729.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_hdr_build: on_exit
&pfkey_ext=0p0xbe9a9f34 pfkey_ext=0p0xbe9a9fac *pfkey_ext=0p0x8a5270.
Sep 7 08:49:55 kernel: [ 175.536253] klips_debug:ipsec_sa_del:
successfully unhashed first ipsec_sa in chain.
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_build: spi=578d3f49 replay=0
sa_state=1 auth=0 encrypt=0 flags=0
Sep 7 08:49:55 kernel: [ 175.536261] ipsec_sa_put: ipsec_sa dd51e400
SA:esp.c42ed843 at 166.130.x.x, ref:26 reference count (2--) decremented by
pfkey_delete_parse:953.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=5 proto=0
prefixlen=0
Sep 7 08:49:55 kernel: [ 175.536268] ipsec_sa_put: ipsec_sa dd4f5c00
SA:tun.100c at 166.130.x.x, ref:25 reference count (1--) decremented by
pfkey_delete_parse:960.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 kernel: [ 175.536271] ipsec_sa_put: freeing dd4f5c00
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=166.130.x.x:0.
Sep 7 08:49:55 kernel: [ 175.536280] klips_debug:ipsec_sa_wipe:
removing SA=tun.100c at 166.130.x.x(0pdd4f5c00), SAref=25,
table=0(0pdd508000), entry=25 from the refTable.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 kernel: [ 175.536292] ipsec_sa_put: ipsec_sa dd51e400
SA:esp.c42ed843 at 166.130.x.x, ref:26 reference count (1--) decremented by
ipsec_sa_wipe:1116.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: exttype=6 proto=0
prefixlen=0
Sep 7 08:49:55 kernel: [ 175.536294] ipsec_sa_put: freeing dd51e400
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found address family
AF_INET.
Sep 7 08:49:55 kernel: [ 175.536303] klips_debug:ipsec_sa_wipe:
removing SA=esp.c42ed843 at 166.130.x.x(0pdd51e400), SAref=26,
table=0(0pdd508000), entry=26 from the refTable.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: found
address=100.114.157.13:0.
Sep 7 08:49:55 kernel: [ 175.536333] klips_debug: ipsec_alg_sa_wipe()
:unlinking for encalg=12
Sep 7 08:49:55 pluto[5054]: | pfkey_address_build: successful created
len: 3.
Sep 7 08:49:55 kernel: [ 175.536337] klips_debug: ipsec_alg_sa_wipe()
:unlinking for authalg=3
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[0] needs 16
bytes
Sep 7 08:49:55 kernel: [ 175.536345] klips_debug:pfkey_msg_hdr_build:
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[1] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.536353] klips_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0p (null).
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[5] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.536359] klips_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0pdd5fdbcc pfkey_ext=0pdd5fdc94 *pfkey_ext=0pdd222900.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: extensions[6] needs 24
bytes
Sep 7 08:49:55 kernel: [ 175.536363] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: pfkey_msg=0p0x8cbc10
allocated 88 bytes, &(extensions[0])=0p0xbe9a9fac
Sep 7 08:49:55 kernel: [ 175.536366] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[1] (type=1)
Sep 7 08:49:55 kernel: [ 175.536373] klips_debug:pfkey_sa_build:
spi=c42ed843 replay=0 sa_state=0 auth=0 encrypt=0 flags=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[5] (type=5)
Sep 7 08:49:55 kernel: [ 175.536377] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_build: copying 24 bytes from
extensions[6] (type=6)
Sep 7 08:49:55 kernel: [ 175.536379] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=11, res=0, seq=111, pid=5054.
Sep 7 08:49:55 kernel: [ 175.536384] klips_debug:pfkey_address_build:
exttype=5 proto=0 prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:55 kernel: [ 175.536388] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=9
Sep 7 08:49:55 kernel: [ 175.536394] klips_debug:pfkey_address_build:
found address=100.114.157.13:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Sep 7 08:49:55 kernel: [ 175.536398] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0p0x8cbc20 with
parser pfkey_sa_parse.
Sep 7 08:49:55 kernel: [ 175.536401] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f49 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:55 kernel: [ 175.536403] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:55 kernel: [ 175.536407] klips_debug:pfkey_address_build:
exttype=6 proto=0 prefixlen=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Sep 7 08:49:55 kernel: [ 175.536410] klips_debug:pfkey_address_build:
found address family AF_INET.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0p0x8cbc38 with parser
pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.536414] klips_debug:pfkey_address_build:
found address=166.130.x.x:0.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=166.130.x.x proto=0
port=0.
Sep 7 08:49:55 kernel: [ 175.536417] klips_debug:pfkey_address_build:
successful created len: 3.
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.536420] klips_debug:pfkey_safe_build: error=0
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
5(source-address) parsed.
Sep 7 08:49:55 kernel: [ 175.536422] klips_debug:pfkey_safe_build:success.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Sep 7 08:49:55 kernel: [ 175.536427] klips_debug:pfkey_msg_build:
extensions[0] needs 16 bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0p0x8cbc50 with
parser pfkey_address_parse.
Sep 7 08:49:55 kernel: [ 175.536430] klips_debug:pfkey_msg_build:
extensions[1] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=100.114.157.13
proto=0 port=0.
Sep 7 08:49:55 kernel: [ 175.536434] klips_debug:pfkey_msg_build:
extensions[5] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_address_parse: successful.
Sep 7 08:49:55 kernel: [ 175.536438] klips_debug:pfkey_msg_build:
extensions[6] needs 24 bytes
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
6(destination-address) parsed.
Sep 7 08:49:55 kernel: [ 175.536444] klips_debug:pfkey_msg_build:
pfkey_msg=0pdd607000 allocated 88 bytes, &(extensions[0])=0pdd5fdc94
Sep 7 08:49:55 pluto[5054]: | finish_pfkey_msg: K_SADB_GET message 111
for Get SA esp.578d3f49 at 100.114.157.13
Sep 7 08:49:55 kernel: [ 175.536449] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[1] (type=1)
Sep 7 08:49:55 pluto[5054]: | 02 05 00 03 0b 00 00 00 6f 00 00 00
be 13 00 00
Sep 7 08:49:55 kernel: [ 175.536454] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[5] (type=5)
Sep 7 08:49:55 pluto[5054]: | 03 00 01 00 57 8d 3f 49 00 01 00 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.536458] klips_debug:pfkey_msg_build:
copying 24 bytes from extensions[6] (type=6)
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00 03 00 05 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.536463] klips_debug:pfkey_upmsg:
allocating 88 bytes...
Sep 7 08:49:55 pluto[5054]: | 02 00 00 00 a6 82 3e 34 00 00 00 00
00 00 00 00
Sep 7 08:49:55 kernel: [ 175.536469] klips_debug:pfkey_upmsg:
...allocated at 0pdd14e700.
Sep 7 08:49:55 pluto[5054]: | 03 00 06 00 00 00 00 00 02 00 00 00
64 72 9d 0d
Sep 7 08:49:55 kernel: [ 175.536482] klips_debug:pfkey_delete_parse:
sending up delete reply message for satype=3(ESP) to socket=0pde2611c0
succeeded.
Sep 7 08:49:55 pluto[5054]: | 00 00 00 00 00 00 00 00
Sep 7 08:49:55 kernel: [ 175.536487]
klips_debug:pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:55 pluto[5054]: | pfkey_get: K_SADB_GET message 111
Sep 7 08:49:55 kernel: [ 175.536492]
klips_debug:pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 0 (16)
Sep 7 08:49:55 kernel: [ 175.536496]
klips_debug:pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 1 (24)
Sep 7 08:49:55 kernel: [ 175.536500]
klips_debug:pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 5 (24)
Sep 7 08:49:55 kernel: [ 175.536509] ipsec_sa_put: ipsec_sa dd51b000
SA:esp.c42ed843 at 166.130.x.x, ref:0 reference count (1--) decremented by
pfkey_msg_interp:3144.
Sep 7 08:49:55 pluto[5054]: | pfkey_extensions_free:Free extension 6 (24)
Sep 7 08:49:55 kernel: [ 175.536512] ipsec_sa_put: freeing dd51b000
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing message ver=2,
type=5(get), errno=0, satype=3(ESP), len=15, res=0, seq=111, pid=5054.
Sep 7 08:49:55 kernel: [ 175.536520] klips_debug:ipsec_sa_wipe:
removing SA=esp.c42ed843 at 166.130.x.x(0pdd51b000), SAref=0,
table=0(0pdd508000), entry=0 from the refTable.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: satype 3(ESP) conversion
to proto gives 50 for msg_type 5(get).
Sep 7 08:49:55 kernel: [ 175.570175] klips_debug:pfkey_sendmsg: .
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=13
Sep 7 08:49:55 kernel: [ 175.570194] klips_debug:pfkey_sendmsg:
allocating 88 bytes for downward message.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=1(security-association) remain=13.
Sep 7 08:49:55 kernel: [ 175.570209] klips_debug:pfkey_sendmsg: msg
sent for parsing.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: remain=13
ext_type=1(security-association) ext_len=3 parsing ext 0p0xbe9aa0c4 with
parser pfkey_sa_parse.
Sep 7 08:49:55 kernel: [ 175.570224] klips_debug:pfkey_msg_interp:
parsing message ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0,
seq=109, pid=5054.
Sep 7 08:49:55 pluto[5054]: | pfkey_sa_parse: successfully found len=3
exttype=1(security-association) spi=578d3f49 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=0.
Sep 7 08:49:55 kernel: [ 175.570244] ipsec_sa_get: ipsec_sa dd594400
SA:unk0:0@<invalid>, ref:0 reference count (0++) incremented by
ipsec_sa_alloc:430.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: Extension
1(security-association) parsed.
Sep 7 08:49:55 kernel: [ 175.570248] klips_debug:pfkey_msg_interp:
allocated extr->ips=0pdd594400.
Sep 7 08:49:55 pluto[5054]: | pfkey_msg_parse: parsing ext
type=2(lifetime-current) remain=10.
Sep 7 08:49:55 kernel: [ 175.570254] klips_debug:pfkey_ms
More information about the Swan
mailing list