On Tue, 20 Jun 2017, D. Hugh Redelmeier wrote:
There are two new "failures" in the test runs. This is from two
instances of a new message.
./xauth-pluto-07/OUTPUT/road.console.diff:+005 "modecfg-road-eastnet-psk" #1:
Subnet 192.0.2.0/24 already has an spd_route - ignoring
./xauth-pluto-08/OUTPUT/road.console.diff:+005 "modecfg-road-eastnet-psk" #1:
Subnet 192.0.2.0/24 already has an spd_route - ignoring
These message were added in 835d41d1 by Oleg Rosowiecki.
I think that the message is correct and I'm wondering if it should be
expected or it is a misconfiguration of the tests.
It is not a misconfiguration.
In these tests, the subnet in question is hardwired into the conn and
is also passed in the xauth/modeconfig exchange.
That is indeed what is causing the attempt at the duplicate spd_route.
The duplicate is ignored, but when removing these at down time, there
is an error when the 2nd delete can't find its spd_route entry.
If this is a mistake in the configuration:
- should the diagnostic be treated as more serious?
- should the test configurations be fixed?
- should the reference logs be fixed?
Different XAUTH clients apparently can behave slightly differently.
Note with remote-peer-type=cisco, the 0th spd_route is skipped
and the "conn" leftsubnet/rightsubnet is never established.
We aren't checking where the duplicate came from, it could be from
multiple duplicate CISCO_SPLIT_INC directives too.
We could either test if the SPLIT directive maps to the rightsubnet
we already have configured and skip the spd_route (and prevent the
warning) or we could ignore the warning (and fixup the test output)
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
