Bug 1375409

Summary: [TAHI] IKEv2.EN.R.1.1.2.2 case failed due to not respond to retransmitted IKE_AUTH
Product: Red Hat Enterprise Linux 7 Reporter: Jianwen Ji <jiji>
Component: libreswanAssignee: Paul Wouters <pwouters>
Status: CLOSED DUPLICATE QA Contact: Jianwen Ji <jiji>
Severity: medium Docs Contact:
Priority: high    
Version: 7.3CC: jiji, omoris, pwouters
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1321286 Environment:
Last Closed: 2018-04-09 16:27:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1321286    
Bug Blocks:    

Description Jianwen Ji 2016-09-13 03:27:07 UTC 
+++ This bug was initially created as a clone of Bug #1321286 +++

Description of problem:
TN  - Test Node
NUT - Node Under Test

When test IKEv2.EN.R.1.1.2.2, TN retransmits IKE_AUTH request, NUT doesn't reply with IKE_AUTH response

Version-Release number of selected component (if applicable):
libreswan-3.15-6.el7.x86_64

How reproducible:
always.

Test procedure:

  NUT             TN1
(End-Node)     (End-Node)
  |                |
  |<---------------| IKE_SA_INIT request (HDR, SAi1, KEi, Ni)
  |                | (Packet #1)
  |--------------->| IKE_SA_INIT response (HDR, SAr1, KEr, Nr)
  |                | (Judgement #1)
  |                |
  |<---------------| IKE_AUTH request (HDR, SK {IDi, AUTH, N, SAi2, TSi, TSr})
  |                | (Packet #2)
  |--------------->| IKE_AUTH response (HDR, SK {IDr, AUTH, N, SAr2, TSi, TSr})
  |                | (Judgement #2)
  |                |
  |                * wait until retrans timer expires
  |---------X      | IKE_AUTH response (HDR, SK {IDr, AUTH, N, SAr2, TSi, TSr})
  |                | (Judgement #3)
  |                |
  |<---------------| IKE_AUTH request (HDR, SK {IDi, AUTH, N, SAi2, TSi, TSr})
  |                | (Packet #3)
  |--------------->| IKE_AUTH response (HDR, SK {IDr, AUTH, N, SAr2, TSi, TSr})
  |                | (Judgement #4)
  |                |
  V                V


Actual results:

In Judgement #4, the NUT doesn't transmit the IKE_AUTH response

Expected results:

In Judgement #4, the NUT should transmit the IKE_AUTH response

Additional info: