This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 363521 - TAHI--IPSECv6--SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 authentication, NUT cannot Set SPD entries
TAHI--IPSECv6--SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 authentication, NU...
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ipsec-tools (Show other bugs)
5.0
All Linux
high Severity medium
: rc
: ---
Assigned To: Tomas Mraz
:
: 468353 (view as bug list)
Depends On:
Blocks: KernelPrio5.3
  Show dependency treegraph
 
Reported: 2007-11-02 05:12 EDT by Zhiyong Wu
Modified: 2008-10-29 03:34 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-29 14:31:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
test for RHEL5.2-20080430 (8.45 KB, text/html)
2008-05-06 05:37 EDT, shangyanfeng
no flags Details
ps format result (118.85 KB, application/octet-stream)
2008-05-08 00:51 EDT, shangyanfeng
no flags Details

  None (edit)
Description Zhiyong Wu 2007-11-02 05:12:13 EDT
Description of problem:

  When having ipsecv6 tests about "SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 

authentication" in the software gateway mode,we found that NUT cannot Set SPD 

entries.

scenarios.

Version-Release number of selected component (if applicable):

  kernel-2.6.18-43.el5

Software Environment:   
  Testee(NUT):   
    RHEL5 
    Kernel:2.6.18-43.el5 
   
  Tester(TN):   
    FreeBSD6.2
    v6eval-3.0.12.tar.gz
   
TAHI package:    
  IPsec_Self_Test_P2_1-1-1.tar.gz

How reproducible:
  every time

Steps to Reproduce:    
  1. Configure TAHI test environment.     
  2. Run the TAHI test suite     
  3. After the test completes, check for the results 
  
Actual results:

   NUT cannot Set SPD entries

Expected results:

   NUT can Set SPD entries

Additional info:
  
   please refer to 

http://focus.brisbane.redhat.com/~zwu/ipsec_sgw/20071022/IPsec_Self_Test_P2_1-1-1_sgw/ipsec.p2/index.html

   (1) 3	6.1.2 Select SPD (ICMP Type), ESP=3DES-CBC HMAC-SHA1
Comment 1 Zhiyong Wu 2007-11-02 05:19:20 EDT
   Also about it:

   when NUT is set to the host mode,

   pls refer to the url below:

http://focus.brisbane.redhat.com/~zwu/ipsec_endnode/20071028/IPsec_Self_Test_P2_1-1-1_end_node/ipsec.p2/index.html

   (1) 3	5.1.2 Select SPD (ICMP Type), ESP=3DES-CBC HMAC-SHA1
Comment 3 Zhiyong Wu 2008-02-20 04:18:35 EST
the test case still FAIL On RHEL5.2

for more details, pls refer to 

http://focus.brisbane.redhat.com/~zwu/RHEL5.2-Server-20080212.0/20080220/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html

(1) 3	5.1.2 Select SPD (ICMP Type), ESP=3DES-CBC HMAC-SHA1
Comment 6 shangyanfeng 2008-05-06 05:37:12 EDT
Created attachment 304613 [details]
test for RHEL5.2-20080430

this is IPsec test for RHEL5.2-20080430,also fail
Comment 7 Lawrence Lim 2008-05-07 10:47:37 EDT
Thomas,
Could you confirm whether kernel support this mode?

SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 authentication
Comment 8 Thomas Graf 2008-05-07 11:11:57 EDT
Yes, the kernel supports both algorithms. As you can see in the test log, the
algorithms have been successfully configured, if they weren't supported this
step would fail.
Comment 9 Thomas Graf 2008-05-07 11:20:25 EDT
To me this looks like something is broken in the test scripts. Out of the
logs:

Remote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t 
[...]
eval $main::rOpt_upperspec='icmp6'
[...]
Connected
upperspec must be one of any|tcp|udp
ipsecSetSPD.rmt [parameters]
parameters:
src=source address
[...]
Comment 10 shangyanfeng 2008-05-08 00:51:56 EDT
Created attachment 304831 [details]
ps format result

test for RHEL5.2-20080430

this is IPsec test for RHEL5.2-20080430,also fail

kernel 2.6.18-92.el5 ipsec-tools-0.6.5-9.el5

convert the result from html format to ps
Comment 12 Thomas Graf 2008-06-13 17:21:36 EDT
According to the logs, this looks like a problem with ipsec-tools, the test
cannot be configured correctly. The algorithm itself is supported by the kernel.
Comment 13 Tomas Mraz 2008-06-13 17:47:49 EDT
What is the command on the tested computer that fails?
Comment 14 Red Hat Bugzilla 2008-07-07 21:24:11 EDT
Adding yshao@redhat.com to the cc list as the manager of the disabled user zwu@redhat.com who reported this bug
Comment 15 Tomas Mraz 2008-07-29 14:31:19 EDT
Without the required information it is not possible to fix the problem. Also
from the attached logs it seems clear that the command which is failing is part
of the testsuite and not the setkey command which is contained in the
ipsec-tools package.

Closing as NOTABUG for now, please reopen if you can provide logs where the
setkey command fails.
Comment 16 Tomas Mraz 2008-10-29 03:34:42 EDT
*** Bug 468353 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.