https://testing.libreswan.org/v3.27-1219-g7142d2c37-master/newoe-27-replace-sa-authnull-authnull/OUTPUT/east.pluto.log.gz
FYI, several things go wrong. Most notably, pluto's inability to handle an IKE_AUTH where the IKE SA succeeds but the CHILD SA fails. - IKE_SA_INIT is exchanged - first IKE_AUTH packet arrives: -- IKE SA successfully authenticates; it starts constructing the response; state is transitioned to established _but_ Message IDs are not updated (since things are still in flux it is too early) -- CHILD SA barfs and is deleted; the response is thrown away and the Message IDs aren't updated - duplicate IKE_AUTH packet arrives: -- the duplicate isn't recognized because the Message IDs don't line up -- state machine doesn't match as this is nonsensical -- then the crash I've stopped the crash with: "private-or-clear#192.1.3.0/24"[2] ...192.1.3.209 #3: dropping message with no matching microcode _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
