On Sat, 22 Jun 2019 at 09:00, Andrew Cagney <[email protected]> wrote: > > https://testing.libreswan.org/v3.28-214-g00f4ca6a5-master/ikev1-ikev2-connswitch-01/OUTPUT/east.pluto.log.gz > > The test currently core dumps as the IKEv2 code goes to use the IKE > proposal suite but discovers it missing. However, it seems the > problem is it found the wrong connection:
the code was meant to use the, not exactly obvious, call: find_next_host_connection(candidate->hp_next, req_policy, policy_exact_mask) note the hp_next. > | Now let's proceed with state specific processing > | calling processor Respond to IKE_SA_INIT > | find_host_connection me=192.1.2.23:500 him=192.1.2.45:500 > policy=ECDSA+IKEV2_ALLOW > | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 > | find_next_host_connection policy=ECDSA+IKEV2_ALLOW > | found policy = > RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO > (westnet-eastnet2) > | found policy = > RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO > (westnet-eastnet1) > | find_next_host_connection returns empty > | find_host_connection me=192.1.2.23:500 him=%any:500 policy=ECDSA+IKEV2_ALLOW > | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 > | find_next_host_connection policy=ECDSA+IKEV2_ALLOW > | find_next_host_connection returns empty > | initial parent SA message received on 192.1.2.23:500 but no > connection has been authorized with policy ECDSA+IKEV2_ALLOW > | find_host_connection me=192.1.2.23:500 him=192.1.2.45:500 > policy=RSASIG+IKEV2_ALLOW > | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 > | find_next_host_connection policy=RSASIG+IKEV2_ALLOW > | found policy = > RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO > (westnet-eastnet2) > | find_next_host_connection returns westnet-eastnet2 > | found connection: westnet-eastnet1 with policy RSASIG+IKEV2_ALLOW > | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 > | creating state object #3 at 0x7f92f59de518 > | State DB: adding IKEv2 state #3 in UNDEFINED > | pstats #3 ikev2.ike started > | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 > lastrecv=4294967295 lastreplied=0 > | parent state #3: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) > | Message ID: init_ike #3; ike: initiator.sent=0->-1 > initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 > wip.initiator=0->-1 wip.responder=0->-1 > | Message ID: start-responder #3 request 0; ike: initiator.sent=-1 > initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 > wip.responder=-1->0 > | processing: start state #3 connection "westnet-eastnet1" 192.1.2.45 > (in initialize_new_state() at ipsec_doi.c:483) _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
