Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 363501

Summary: TAHI--IPSECv6--When having IPsecv6 tests, TN received no echo reply from HOST-1(TN) to HOST-3(TN) via SGW(NUT)
Product: Red Hat Enterprise Linux 5 Reporter: Zhiyong Wu <zwu>
Component: ipsec-toolsAssignee: Thomas Graf <tgraf>
Status: CLOSED DUPLICATE QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: davem, desktop-bugs, iboverma, llim, nhorman, rkhan, sghosh, tgraf, yshang
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-08 16:42:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 253764    
Attachments:
Description Flags
test result about IPsec Host transport mode, ESP=3DES-CBC NULL
none
test result for ipsec Host transport mode, ESP=AES-CTR HMAC-SHA1
none
ps format result
none
ps format result none

Description Zhiyong Wu 2007-11-02 08:53:25 UTC 
Description of problem:

  When having ipsecv6 tests for the software gateway mode,we found that 

TN received no echo reply from HOST-1(TN) to HOST-3(TN) via SGW(NUT) in some 

scenarios.

Version-Release number of selected component (if applicable):

  kernel-2.6.18-43.el5

Software Environment:   
  Testee(NUT):   
    RHEL5 
    Kernel:2.6.18-43.el5 
   
  Tester(TN):   
    FreeBSD6.2
    v6eval-3.0.12.tar.gz
   
TAHI package:    
  IPsec_Self_Test_P2_1-1-1.tar.gz

How reproducible:
  every time

Steps to Reproduce:    
  1. Configure TAHI test environment.     
  2. Run the TAHI test suite     
  3. After the test completes, check for the results 
  
Actual results:

   TN received no echo reply from HOST-1(TN) to HOST-3(TN) via SGW(NUT)

Expected results:

   TN should receive echo reply from HOST-1(TN) to HOST-3(TN) via SGW(NUT)  

Additional info:
  
   please refer to 

http://focus.brisbane.redhat.com/~zwu/ipsec_sgw/20071022/IPsec_Self_Test_P2_1-1-1_sgw/ipsec.p2/index.html

   (1) 16	6.1.14 ICV (ESN), ESP=3DES-CBC HMAC-SHA1

   (2) 19	6.2.2 SGW tunnel mode, ESP=3DES-CBC AES-XCBC-MAC

   (3) 20	6.2.3 SGW tunnel mode, ESP=3DES-CBC HMAC-NULL

   (4) 22	6.2.5 SGW tunnel mode, ESP=AES-CTR HMAC-SHA1
Comment 1 Zhiyong Wu 2007-11-02 09:23:45 UTC 
   Also about it:

   when NUT is set to the host mode,

   pls refer to the url below:

http://focus.brisbane.redhat.com/~zwu/ipsec_endnode/20071028/IPsec_Self_Test_P2_1-1-1_end_node/ipsec.p2/index.html

   (1) 14	5.1.12 ICV calculation (ESN), ESP=3DES-CBC HMAC-SHA1

   (2) 16	5.2.2 Host transport mode, ESP=3DES-CBC AES-XCBC-MAC

   (3) 17	5.2.3 Host transport mode, ESP=3DES-CBC NULL

   (4) 19	5.2.5 Host transport mode, ESP=AES-CTR HMAC-SHA1
Comment 3 Zhiyong Wu 2008-02-20 09:19:36 UTC 
the test cases still FAIL On RHEL5.2

for more details, pls refer to 

http://focus.brisbane.redhat.com/~zwu/RHEL5.2-Server-20080212.0/20080220/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html
Comment 4 Zhiyong Wu 2008-02-25 07:10:01 UTC 
the test cases still FAIL On RHEL5.2

for more details, pls refer to 

http://focus.brisbane.redhat.com/~zwu/RHEL5.2-Server-20080212.0/20080220/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/16.html
Comment 5 Zhiyong Wu 2008-02-25 07:11:22 UTC 
the test cases still FAIL On RHEL5.2

for more details, pls refer to 

http://focus.brisbane.redhat.com/~zwu/RHEL5.2-Server-20080212.0/20080220/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/15.html

http://focus.brisbane.redhat.com/~zwu/RHEL5.2-Server-20080212.0/20080220/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/18.html
Comment 8 shangyanfeng 2008-04-07 07:43:14 UTC 
 5.2.2 Host transport mode, ESP=3DES-CBC AES-XCBC-MAC
this bug pass in new tree RHEL52-Server-20080402
version:
ipsec-tools-0.6.5-8.el5 
kernel-2.6.18-88.el5
for more details,pls refer to
http://focus.bne.redhat.com/~yshang/RHEL520402/i386noxen/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html
http://focus.bne.redhat.com/~yshang/RHEL520402/i386xen/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html
http://focus.bne.redhat.com/~yshang/RHEL520402/x86_64_noxen/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html
http://focus.bne.redhat.com/~yshang/RHEL520402/x86_64_xen/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html
Comment 9 Lawrence Lim 2008-04-08 02:42:24 UTC 
The latest version for ipsec-tools on errata is 0.6.5-9.el5. Should we include
this bug in kernel/ipsec-tools errata? Or we are good to resolve the bug?
Comment 10 shangyanfeng 2008-04-08 05:16:27 UTC 
sorry,"ipsec-tools-0.6.5-8.el5" shouble be "ipsec-tools-0.6.5-9.el5" 
ipsec-tools-0.6.5-8-el5 isn't pass
--------------------------------------------------------------
(In reply to comment #8)
>  5.2.2 Host transport mode, ESP=3DES-CBC AES-XCBC-MAC
> this bug pass in new tree RHEL52-Server-20080402
> version:
> ipsec-tools-0.6.5-8.el5 
> kernel-2.6.18-88.el5
> for more details,pls refer to
>
http://focus.bne.redhat.com/~yshang/RHEL520402/i386noxen/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html
>
http://focus.bne.redhat.com/~yshang/RHEL520402/i386xen/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html
>
http://focus.bne.redhat.com/~yshang/RHEL520402/x86_64_noxen/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html
>
http://focus.bne.redhat.com/~yshang/RHEL520402/x86_64_xen/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html
Comment 11 Linda Wang 2008-04-08 16:42:23 UTC 
Verifed based on comment#9.  Therefore, dup'ed to bug 435803.

*** This bug has been marked as a duplicate of 435803 ***
Comment 12 shangyanfeng 2008-05-06 09:49:24 UTC 
Created attachment 304617 [details]
test result about IPsec Host transport mode, ESP=3DES-CBC NULL

this is the test for RHEL520430
ipsec-tools-0.6.5-9.el5 kernel 2.6.18-92.el5 on an i686
Host transport mode, ESP=3DES-CBC NULL
fail
Comment 13 shangyanfeng 2008-05-06 09:50:36 UTC 
Created attachment 304618 [details]
test result for ipsec Host transport mode, ESP=AES-CTR HMAC-SHA1

this is the test for RHEL520430
ipsec-tools-0.6.5-9.el5 kernel 2.6.18-92.el5 on an i686
Host transport mode, ESP=AES-CTR HMAC-SHA1
fail
Comment 14 shangyanfeng 2008-05-08 04:59:09 UTC 
Created attachment 304834 [details]
ps format result

test result about IPsec Host transport mode, ESP=3DES-CBC NULL

kernel 2.6.18-92.el5 ipsec-tools-0.6.5-9.el5
Comment 15 shangyanfeng 2008-05-08 05:00:43 UTC 
Created attachment 304835 [details]
ps format result

test result for ipsec Host transport mode, ESP=AES-CTR HMAC-SHA1

ipsec-tools-0.6.5-9.el5 kernel:2.6.18-92.el5