On Tue, 3 Oct 2017, D. Hugh Redelmeier wrote:
If you are responsible for a test failure, or know what is going on PLEASE FIX
IT.
I have been going through these for a few days, and slowly fixing up as
I go. But there are changes I don't yet understand.
testing/pluto/ah-pluto-07-klips-netkey/OUTPUT/.console.diff failed
west:output-different
Kind of interesting.
switched from "westnet-eastnet-ah-md5" to "westnet-eastnet-ah-sha1"
and many othr differences
We see a few new connection switches (and a few switches without a
switch message!). It seems likely these came in via a new call to
refine_host_connection() in the SAN code. I think what might be
happening is that for SAN code we prefer to switch since we are
looking for something better. But in these other cases, I think we
should have prefered the one we were one because it matched. We
might need to pass a bool to refine_host_connection() to signal this.
testing/pluto/algo-pluto-10/OUTPUT/.console.diff failed west:output-different
retransmission + discarding packet received during asynchronous work (DNS or
crypto) in STATE_QUICK_I1
It passes for me. So this is likely due to retransmit
testing/pluto/basic-pluto-02/OUTPUT/.console.diff failed east:output-different
west:output-different
This seems related to the bug I'm chasing in the audit test case. east
is not properly deleting IPsec SA's when it receives a delete.
testing/pluto/compress-pluto-01/OUTPUT/.console.diff failed
east:output-different west:output-different
east: a lot of changed XFRM state info. Why?
Same issue. west issues a down and east is not doing it,
testing/pluto/certoe-07-nat-2-clients/OUTPUT/.console.diff failed
east:output-different road:output-different
east: different amount of traffic
road: another XFRM SA?
The NAT tests are very different to me. I was hoping Antony could
explain those a bit better.
testing/pluto/certoe-08-nat-packet-cop-restart/OUTPUT/.console.diff failed
road:output-different
different ammount of traffic? Amount not scrubbed, nor id scrubbed?
-icmp 1 27 src=192.1.3.209 dst=192.1.2.23 type=8 code=0 id=XXXX
src=192.1.2.23 dst=10.0.10.1 type=0 code=0 id=XXXX mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
+icmp 1 29 src=192.1.3.209 dst=192.1.2.23 type=8 code=0 id=1881
src=192.1.2.23 dst=10.0.10.1 type=0 code=0 id=1881 mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
odd that id= appears in lower case. That might be due to our changed
send/receive error code ?
- conntrack -L -n
+ conntrack -L -n | sed "s/id=[0-9]*/id=XXXX/g"
IP addresses changed:
packet cont changed:
-icmp 1 16 src=192.1.3.209 dst=192.1.2.23 type=8 code=0 id=XXXX
src=192.1.2.23 dst=192.1.3.209 type=0 code=0 id=XXXX mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
+icmp 1 17 src=192.1.3.209 dst=192.1.2.23 type=8 code=0 id=XXXX
src=192.1.2.23 dst=192.1.3.209 type=0 code=0 id=XXXX mark=0
secctx=system_u:object_r:unlabeled_t:s0 use=1
That's probably ephemeral :(
testing/pluto/delete-sa-01/OUTPUT/.console.diff failed east:output-different
west:output-different
+whack error: "SAwest-east" unexpected argument "leftrsasigkey"
testing/pluto/delete-sa-03/OUTPUT/.console.diff failed east:output-different
west:output-different
west: divergence starts +002 "west-east" #1: switched from "west-east" to
"west-east-c"
i will refix these, it seems perhaps my fix/commit was lost or stashed
without a commit.
east: divergence starts:
-000 "west-east":
192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]; prospective erouted;
eroute owner: #0
+000 "west-east":
192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]; erouted; eroute owner: #2
I saw that one and I'm not sure if that change is correct or not.
testing/pluto/delete-sa-04/OUTPUT/.console.diff failed east:output-different
west:output-different
These differences might be due to some sanitizer problem or script change. But
more is going on.
- ipsec status |grep EVENT_v1_RETRANSMIT | sed "s/EVENT_v1_RETRANSMIT in
/EVENT_v1_RETRANSMIT in .../"
+ ipsec status |grep EVENT_v1_RETRANSMIT | sed "s/EVENT_v1_RETRANSMIT in
.*$/EVENT_v1_RETRANSMIT in .../"
A delete does not happen on west.
This is the problem I'm looking at now, showing up in several test
cases.
Note this all relates to how we deal with auto=add plus changed state,
eg on west --up is called. and east it receives an up request. What
is expected on either end when it receives a delete? Go back to
auto=add or go initiate?
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
