Re: [Swan] meaning of error code -> ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS

2018-02-04 Thread Paul Wouters 

On Wed, 31 Jan 2018, Amir Naftali wrote:


Subject: Re: [Swan] meaning of error code ->
ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS

just saw it again, we're running libreswan 3.16 on ubuntu and we get the 
following message  #484:
ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS must only be used with old IETF drafts
#484: sending encrypted notification BAD_PROPOSAL_SYNTAX to X.X.X.X:4500 


Because of the old version you are using, you are missing this commit:

https://github.com/libreswan/libreswan/commit/f1c2e586c33da8928294f5e55ccdbc16fece7e5e

This fix was introduced in libreswan 3.19.

Paul
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

[Swan-commit] Changes to ref refs/heads/master

2018-02-04 Thread Paul Wouters 
New commits:
commit db3f004f66126a998746553249e5d493525b04e3
Author: Paul Wouters 
Date:   Sun Feb 4 15:29:52 2018 -0500

testing: added newoe-18-private-private-32

confirm lsw#305 is resolved.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

Re: [Swan-dev] status of failing tests

2018-02-04 Thread Paul Wouters 

On Fri, 2 Feb 2018, Andrew Cagney wrote:


- early stop?
 testing/pluto/klips-netkey-pluto-06 failed east:output-different
west:output-different



if final.sh runs a status or trafficstatus and also shuts down pluto for
a leak report, there is a race between nodes. If one shuts down fast,
the other won't see the proper status because it will have processed the
deletes from the other peer's shutdown. The rule is to not have status
and shutdown in final.sh.


This one is a no win.  We've too often missed core dumps because pluto
wasn't being shutdown.

What about wrapping the inconsistent output in --cut-- --tuc--?


I'd say the best fix would be to have a flag that would shutdown pluto
after all ends have send their "done" for the final.sh. Then only grab
the shutdown leaks/cores.

But it would have to be a flag, because often we run a test case, so we
can login to the hosts and look at the state manually, so we wouldn't
want pluto to be shutdown in those cases.

Paul
___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

[Swan-commit] Changes to ref refs/heads/master

2018-02-04 Thread Andrew Cagney 
New commits:
commit 47ba245934dacbfd68025b50d226c6d29a92b185
Author: Andrew Cagney 
Date:   Wed Jan 31 11:39:36 2018 -0500

crypto: pass *MDP to continue function so it can signal re-taken ownership

If ownership isn't taken then crypto code assumes it should release
the MD.

This makes the behaviour consistent with complete_v[12]_state_transition()
(not saying that is a good thing though) and the fork and now callbacks.
(I suspect it fixes another memory leak, but no hard evidence).

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit