Bug 468354 - [TAHI] IPSec Test, Discard Traffic, ESP=3DES-CBC HMAC-SHA1
[TAHI] IPSec Test, Discard Traffic, ESP=3DES-CBC HMAC-SHA1
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Red Hat Kernel Manager
Martin Jenner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-24 06:10 EDT by wang jiabo
Modified: 2008-11-05 02:47 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-05 02:47:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description wang jiabo 2008-10-24 06:10:03 EDT
Description of problem:
all implementations must support DISCARDing of Fragments using the normal SPD packet classification mechanisms in RFC 4301 section 7.4.
but our IPsec-tools did not support the mechanisms

Version-Release number of selected component (if applicable):
ipsec-tools-0.6.5-13.el5

How reproducible:
everytime

Steps to Reproduce:
1.
2.
3.
  
Actual results:
cannot DISCARD frangments

Expected results:
must support DiSCARDing

Additional info:
tcpdump info:
    17:08:27.337127 IP6 3ffe:501:ffff:1::1 > 3ffe:501:ffff:0:20a:ebff:fe85:9e56: ESP(spi=0x00001000,seq=0x1), length 52
17:08:27.337262 IP6 3ffe:501:ffff:0:20a:ebff:fe85:9e56 > 3ffe:501:ffff:1::1: ESP(spi=0x00002000,seq=0x1), length 52
17:08:44.631694 IP6 3ffe:501:ffff:1::2 > 3ffe:501:ffff:0:20a:ebff:fe85:9e56: ICMP6, echo request, seq 0, length 22
17:08:44.631766 IP6 3ffe:501:ffff:0:20a:ebff:fe85:9e56 > 3ffe:501:ffff:1::2: ICMP6, echo reply, seq 0, length 22
17:08:49.631863 IP6 fe80::20a:ebff:fe85:9e56 > fe80::200:ff:fe00:f: ICMP6, neighbor solicitation, who has fe80::200:ff:fe00:f, length 32
17:08:49.654527 IP6 fe80::200:ff:fe00:f > fe80::20a:ebff:fe85:9e56: ICMP6, neighbor advertisement, tgt is fe80::200:ff:fe00:f, length 32
Comment 1 Tomas Mraz 2008-10-24 06:54:03 EDT
Doesn't it mean that linux kernel doesn't support that in the SPD?

If yes, please reassign to kernel. If not, please give detailed instructions on how to reproduce.
Comment 2 Lawrence Lim 2008-10-24 14:25:46 EDT
That's a good point. Reassigning to kernel.
Comment 3 wang jiabo 2008-10-28 22:09:33 EDT
we test cases using TAHI program between 2 hosts(please see the following info.), one is NUT(RHEL5.3)
,another is TN(FreeBSD7.0).
the case use transport mode in IPsec. 
expected results should discard echo reply 



Start Capturing Packets (Link0)

	Target: Set SAD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 eauth=hmac-sha1 eauthkey=ipv6readylogsha1in01
16:26:26 	vRemote(ipsecSetSAD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 eauth=hmac-sha1 eauthkey=ipv6readylogsha1in01 ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c'' command
/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3d escbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c
3ffe:501:ffff:1::1 3ffe:501:ffff:0:21d:fff:fe0f:be4e 
	esp mode=transport spi=4096(0x00001000) reqid=0(0x00000000)
	E: 3des-cbc  69707636 72656164 796c6f67 6f336465 73636263 696e3031
	A: hmac-sha1  69707636 72656164 796c6f67 73686131 696e3031
	seq=0x00000000 replay=0 flags=0x00000000 state=mature 
	created: Oct 29 00:24:06 2008	current: Oct 29 00:24:06 2008
	diff: 0(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=3485 refcnt=0
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3d escbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c
3ffe:501:ffff:1::1 3ffe:501:ffff:0:21d:fff:fe0f:be4e 
	esp mode=transport spi=4096(0x00001000) reqid=0(0x00000000)
	E: 3des-cbc  69707636 72656164 796c6f67 6f336465 73636263 696e3031
	A: hmac-sha1  69707636 72656164 796c6f67 73686131 696e3031
	seq=0x00000000 replay=0 flags=0x00000000 state=mature 
	created: Oct 29 00:24:06 2008	current: Oct 29 00:24:06 2008
	diff: 0(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=3485 refcnt=0
[root@ipv6test2 ~]''
echo $?
0
[root@ipv6terCommand: exit status: 0
~
[EOT]


	Target: Set SPD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=any direction=in protocol=esp-auth mode=transport policy=ipsec
16:26:31 	vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=any direction=in protocol=esp-auth mode=transport policy=ipsec ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001:0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setkey -c'' command
/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ff e:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001: 0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setke y -c
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=72 seq=1 pid=3496
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=82 seq=0 pid=3496
	refcnt=2
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001:0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ff e:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001: 0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setke y -c
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=72 seq=1 pid=3496
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=82 seq=0 pid=3496
	refcnt=2
[root@ipv6test2 ~]''
echo $?
0
[roorCommand: exit status: 0
~
[EOT]


	Target: Set SAD entries: src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" spi=0x2000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcout1 eauth=hmac-sha1 eauthkey=ipv6readylogsha1out1
16:26:37 	vRemote(ipsecSetSAD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" spi=0x2000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcout1 eauth=hmac-sha1 eauthkey=ipv6readylogsha1out1 ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A hmac-sha1 "ipv6readylogsha1out1"; dump;' | setkey -c'' command
/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ff ff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3d escbcout1" -A hmac-sha1 "ipv6readylogsha1out1"; dump;' | setkey -c
3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:1::1 
	esp mode=transport spi=8192(0x00002000) reqid=0(0x00000000)
	E: 3des-cbc  69707636 72656164 796c6f67 6f336465 73636263 6f757431
	A: hmac-sha1  69707636 72656164 796c6f67 73686131 6f757431
	seq=0x00000000 replay=0 flags=0x00000000 state=mature 
	created: Oct 29 00:24:17 2008	current: Oct 29 00:24:17 2008
	diff: 0(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=1 pid=3502 refcnt=0
3ffe:501:ffff:1::1 3ffe:501:ffff:0:21d:fff:fe0f:be4e 
	esp mode=transport spi=4096(0x00001000) reqid=0(0x00000000)
	E: 3des-cbc  69707636 72656164 796c6f67 6f336465 73636263 696e3031
	A: hmac-sha1  69707636 72656164 796c6f67 73686131 696e3031
	seq=0x00000000 replay=0 flags=0x00000000 state=mature 
	created: Oct 29 00:24:06 2008	current: Oct 29 00:24:17 2008
	diff: 11(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=3502 refcnt=0
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A hmac-sha1 "ipv6readylogsha1out1"; dump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ff ff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3d escbcout1" -A hmac-sha1 "ipv6readylogsha1out1"; dump;' | setkey -c
3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:1::1 
	esp mode=transport spi=8192(0x00002000) reqid=0(0x00000000)
	E: 3des-cbc  69707636 72656164 796c6f67 6f336465 73636263 6f757431
	A: hmac-sha1  69707636 72656164 796c6f67 73686131 6f757431
	seq=0x00000000 replay=0 flags=0x00000000 state=mature 
	created: Oct 29 00:24:17 2008	current: Oct 29 00:24:17 2008
	diff: 0(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=1 pid=3502 refcnt=0
3ffe:501:ffff:1::1 3ffe:501:ffff:0:21d:fff:fe0f:be4e 
	esp mode=transport spi=4096(0x00001000) reqid=0(0x00000000)
	E: 3des-cbc  69707636 72656164 796c6f67 6f336465 73636263 696e3031
	A: hmac-sha1  69707636 72656164 796c6f67 73686131 696e3031
	seq=0x00000000 replay=0 flags=0x00000000 state=mature 
	created: Oct 29 00:24:06 2008	current: Oct 29 00:24:17 2008
	diff: 11(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=3502 refcnt=0
[root@ipv6test2 ~]''
echo $?
0
[roorCommand: exit status: 0
~
[EOT]


	Target: Set SPD entries: src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" upperspec=any direction=out protocol=esp-auth mode=transport policy=ipsec
16:26:42 	vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" upperspec=any direction=out protocol=esp-auth mode=transport policy=ipsec ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setkey -c'' command
/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501 :ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21 d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setk ey -c
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=72 seq=2 pid=3512
	refcnt=1
3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any
	out prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:22 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=89 seq=1 pid=3512
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=82 seq=0 pid=3512
	refcnt=1
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501 :ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21 d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setk ey -c
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=72 seq=2 pid=3512
	refcnt=1
3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any
	out prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:22 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=89 seq=1 pid=3512
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=82 seq=0 pid=3512
	refcnt=1
[root@ipv6test2 ~]''
echo $?
0
[roorCommand: exit status: 0
~
[EOT]


	Target: Enable and start IPsec function
16:26:47 	vRemote(ipsecEnable.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecEnable.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 ''


	*** Target testing phase ***
16:26:48	Clear Captured Packets (Link0)
16:26:48	vSend(Link0,echo_request_from_host1_esp)
Send Echo Request with ESP from HOST-1(TN)
16:26:48 	vRecv(Link0,echo_reply_to_host1_esp ns_to_router_linkaddr_w_linkaddr rs_from_nut rs_from_nut_wsll ns_to_router_wo_sllopt ns_to_router_linkaddr ns_to_router rs_from_nut_wunspec) timeout:3 cntLimit:0 seektime:0
Receive Echo Reply with ESP from End-Node(NUT) to Host-1(TN)
16:26:48 	vRecv(Link0,ns_to_router_linkaddr_w_linkaddr ns_to_router_wo_sllopt ns_to_router_linkaddr ns_to_router) timeout:3 cntLimit:0 seektime:0
vRecv() return status=1
16:26:51 	vRecv(Link0,ns_to_router_linkaddr_w_linkaddr ns_to_router_wo_sllopt ns_to_router_linkaddr ns_to_router) timeout:3 cntLimit:0 seektime:0
vRecv() return status=1

	TN received echo reply from NUT to HOST1.
Judgement #1: OK
Set Discard policy to NUT
Target: Set SPD entries: src=any dst=any upperspec=any direction=in protocol=esp-auth mode=transport policy=discard
16:26:54 	vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src=any dst=any upperspec=any direction=in protocol=esp-auth mode=transport policy=discard ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd any any any -P in discard; spddump;' | setkey -c'' command
/bin/echo 'spdadd any any any -P in discard; spddump;' | set key -c
line 0: syntax error at [any]
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused: Oct 29 00:24:27 2008
	lifetime: 0(s) validtime: 0(s)
	spid=72 seq=2 pid=3518
	refcnt=2
3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any
	out prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:22 2008  lastused: Oct 29 00:24:27 2008
	lifetime: 0(s) validtime: 0(s)
	spid=89 seq=1 pid=3518
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=82 seq=0 pid=3518
	refcnt=1
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd any any any -P in discard; spddump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'spdadd any any any -P in discard; spddump;' | set key -c
line 0: syntax error at [any]
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused: Oct 29 00:24:27 2008
	lifetime: 0(s) validtime: 0(s)
	spid=72 seq=2 pid=3518
	refcnt=2
3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any
	out prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:22 2008  lastused: Oct 29 00:24:27 2008
	lifetime: 0(s) validtime: 0(s)
	spid=89 seq=1 pid=3518
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=82 seq=0 pid=3518
	refcnt=1
[root@ipv6test2 ~]''
echo $?
0
[roorCommand: exit status: 0
~
[EOT]


	Target: Set SPD entries: src=any dst=any upperspec=any direction=out protocol=esp-auth mode=transport policy=discard
16:26:59 	vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src=any dst=any upperspec=any direction=out protocol=esp-auth mode=transport policy=discard ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd any any any -P out discard; spddump;' | setkey -c'' command
/bin/echo 'spdadd any any any -P out discard; spddump;' | se tkey -c
line 0: syntax error at [any]
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused: Oct 29 00:24:27 2008
	lifetime: 0(s) validtime: 0(s)
	spid=72 seq=2 pid=3524
	refcnt=2
3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any
	out prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:22 2008  lastused: Oct 29 00:24:27 2008
	lifetime: 0(s) validtime: 0(s)
	spid=89 seq=1 pid=3524
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=82 seq=0 pid=3524
	refcnt=1
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd any any any -P out discard; spddump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'spdadd any any any -P out discard; spddump;' | se tkey -c
line 0: syntax error at [any]
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused: Oct 29 00:24:27 2008
	lifetime: 0(s) validtime: 0(s)
	spid=72 seq=2 pid=3524
	refcnt=2
3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any
	out prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:22 2008  lastused: Oct 29 00:24:27 2008
	lifetime: 0(s) validtime: 0(s)
	spid=89 seq=1 pid=3524
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:24:11 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=82 seq=0 pid=3524
	refcnt=1
[root@ipv6test2 ~]''
echo $?
0
[roorCommand: exit status: 0
~
[EOT]


	Target: Enable and start IPsec function
16:27:05 	vRemote(ipsecEnable.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecEnable.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 ''

16:27:05	Clear Captured Packets (Link0)
16:27:05	vSend(Link0,echo_request_from_host2_net1_to_host0_net0)
Send Echo Request from Host2(TN) to End-Node(NUT)
16:27:05 	vRecv(Link0,echo_reply_from_host0_net0_to_host2_net1 echo_reply_to_host2_esp ns_to_router_linkaddr_w_linkaddr rs_from_nut rs_from_nut_wsll ns_to_router_wo_sllopt ns_to_router_linkaddr ns_to_router rs_from_nut_wunspec) timeout:3 cntLimit:0 seektime:0
Receive Echo Reply from End-Node(NUT) to Host2(TN)
16:27:05 	vRecv(Link0,ns_to_router_linkaddr_w_linkaddr ns_to_router_wo_sllopt ns_to_router_linkaddr ns_to_router) timeout:3 cntLimit:0 seektime:0
vRecv() return status=1
16:27:08 	vRecv(Link0,ns_to_router_linkaddr_w_linkaddr ns_to_router_wo_sllopt ns_to_router_linkaddr ns_to_router) timeout:3 cntLimit:0 seektime:0
vRecv() return status=1

	TN received echo reply from End-Node(NUT) to HOST-1(TN).
NG
16:27:11	End
Comment 4 wang jiabo 2008-11-05 02:47:54 EST
thanks you help.
 I have found where problem is for the bug.
the issue is from my test suite  of TAHI.
I have fixed the test suite of TAHI. 
I am very sorry to disturb you.
Thanks

Note You need to log in before you can comment on or make changes to this bug.