On Sun, 1 Oct 2017, Paul Wouters wrote:
On Sun, 1 Oct 2017, D. Hugh Redelmeier wrote:
In the reference output, ksize=128
In the actual output, ksize=0
This is for a bunch of lines. Here's one:
type=CRYPTO_IPSEC_SA msg=audit(XXX): pid=PID uid=0 auid=AUID ses=SES
subj=system_u:system_r:unconfined_service_t:s0 msg='op=start
conn-name="ikev1" connstate=2, satype=ipsec-esp samode=tunnel cipher=AES
ksize=0 integ=HMAC_SHA1 in-spi=DEC(HEX) out-spi=DEC(HEX) in-spi=DEC(HEX)
out-spi=DEC(HEX) laddr=192.1.2.45 exe="PATH/libexec/ipsec/pluto"
hostname=? addr=192.1.2.23 terminal=? res=success'
Which is correct?
The reference output. This is a new bug I guess.
I fixed the ksize= bug, but I noticed another one based on the audit
log diffs that are still present in this test case when run with my
bugfix applied.
The test case runs:
ipsec auto --up ikev1
ipsec auto --delete ikev1
ipsec auto --up ikev1-aggr
ipsec auto --delete ikev1-aggr
ipsec auto --up ikev2
ipsec auto --down ikev2
This tests the three different kind of CRYPTO_IKE_SA logs that can be
produced. It also creates an CRYPTO_IPSEC_SA log 3 times.
Because we run --up and --delete, we expect to see:
IKE op=start
IPsec op=start
IPsec op=destroy
IKE op=destroy
[ times 3]
But the test case currently sows that IPsec is not getting destroyed.
And instead, this only happens in final.sl when 'ipsec stop' is called.
I think this is also why out delete-sa-* cases show up a little
different. It seems we now linger ipsec sa's much longer then we used to.
Paul
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
