Bug 468353
| Summary: | [TAHI] IPSec Test, select SPD failure for ICMP type | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | wang jiabo <jiabwang> |
| Component: | ipsec-tools | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE <qe-baseos-auto> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.3 | CC: | benl, llim, mmarcini |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-10-29 07:34:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
wang jiabo
2008-10-24 09:54:57 UTC
Could you please give detailed instructions on how to reproduce the problem? I am also afraid that I do not quite understand the meaning of some phrases of the bug report due to bad translation to english. llim->jiabwang: prolly some specific example would help. I use the TAHI cases to test the IPsec between 2 hosts on transport mode(please see the following info.), one is NUT(RHEL5.3),another is TN(FreeBSD7.0)
16:21:36 Start Capturing Packets (Link0)
Target: Set SAD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 eauth=hmac-sha1 eauthkey=ipv6readylogsha1in01 unique=10000
16:21:36 vRemote(ipsecSetSAD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 eauth=hmac-sha1 eauthkey=ipv6readylogsha1in01 unique=10000 ''
Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...
[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#)
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#)
[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -u 10000 -E 3des-cbc "ipv6readylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c'' command
/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -u 10000 -E 3des-cbc "ipv6re adylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c
3ffe:501:ffff:1::1 3ffe:501:ffff:0:21d:fff:fe0f:be4e
esp mode=transport spi=4096(0x00001000) reqid=10000(0x00002710)
E: 3des-cbc 69707636 72656164 796c6f67 6f336465 73636263 696e3031
A: hmac-sha1 69707636 72656164 796c6f67 73686131 696e3031
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Oct 29 00:19:15 2008 current: Oct 29 00:19:15 2008
diff: 0(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=3440 refcnt=0
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -u 10000 -E 3des-cbc "ipv6readylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -u 10000 -E 3des-cbc "ipv6re adylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c
3ffe:501:ffff:1::1 3ffe:501:ffff:0:21d:fff:fe0f:be4e
esp mode=transport spi=4096(0x00001000) reqid=10000(0x00002710)
E: 3des-cbc 69707636 72656164 796c6f67 6f336465 73636263 696e3031
A: hmac-sha1 69707636 72656164 796c6f67 73686131 696e3031
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Oct 29 00:19:15 2008 current: Oct 29 00:19:15 2008
diff: 0(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=3440 refcnt=0
[root@ipv6test2 ~]''
echo $?
0
[root@ipv6terCommand: exit status: 0
~
[EOT]
Target: Set SPD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=icmp6 icmp6_type=128 icmp6_code=0 direction=in protocol=esp-auth mode=transport level=unique unique=10000
16:21:41 vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=icmp6 icmp6_type=128 icmp6_code=0 direction=in protocol=esp-auth mode=transport level=unique unique=10000 ''
Connected
upperspec must be one of any|tcp|udp
ipsecSetSPD.rmt [parameters]
parameters:
src=source address
dst=destination address
sport=source port (default:any)
dport=destination port (default:any)
upperspec={any|tcp|udp} (default:any)
direction={in|out}
protocol={ah|esp|ah-esp}
mode={transport|tunnel}
policy={ipsec|none|discard} (default:ipsec)
tsrc=tunnel entry address
tdst=tunnel exit address
unique=unique ID for MIPv6 configuration
~
[EOT]
Cannot Set SPD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=icmp6 icmp6_type=128 icmp6_code=0 direction=in protocol=esp-auth mode=transport level=unique unique=10000
NG
16:21:41 End
This is a duplicate of already reported problem. The problem is in the test suite as the ipsecSetSPD.rmt is part of the test suite and not part of the ipsec-tools package. *** This bug has been marked as a duplicate of bug 363521 *** |