Bug 468948 - [TAHI]Authentication Algorithm test on transport mode
[TAHI]Authentication Algorithm test on transport mode
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ipsec-tools (Show other bugs)
5.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-28 22:52 EDT by wang jiabo
Modified: 2008-10-29 08:49 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-29 08:49:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description wang jiabo 2008-10-28 22:52:45 EDT
Description of problem:
when Encryption Algorithm use 3DES-CBC and Authentication Algorithm use NULL On Host transport mode ,TN received no echo reply from End-Node(NUT) to HOST-1(TN)
(please see the Additional info section for detail log )
info.),  NUT is RHEL5.3, TN is FreeBSD7.0.

Version-Release number of selected component (if applicable):
ipsec-tools-0.6.5-13.el5


How reproducible:
everytime

Steps to Reproduce:
1.
2.
3.
  
Actual results:
TN received no echo reply from End-Node(NUT) to HOST-1(TN)



tcpdump info:
reading from file 16.html.Link0.dump, link-type EN10MB (Ethernet)
16:30:21.590202 IP6 3ffe:501:ffff:1::1 > 3ffe:501:ffff:0:21d:fff:fe0f:be4e: ESP(spi=0x00001000,seq=0x1), length 40

Expected results:
TN received echo reply from End-Node(NUT) to HOST-1(TN)

Additional info:



Target: Set SAD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 eauth=null eauthkey=
16:29:59 	vRemote(ipsecSetSAD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 eauth=null eauthkey= ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbcin01" -A null "1"; dump;' | setkey -c'' command
/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3d escbcin01" -A null "1"; dump;' | setkey -c
line 0: syntax error at [1]
No SAD entries.
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbcin01" -A null "1"; dump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3d escbcin01" -A null "1"; dump;' | setkey -c
line 0: syntax error at [1]
No SAD entries.
[root@ipv6test2 ~]''
echo $?
0
[roorCommand: exit status: 0
~
[EOT]


	Target: Set SPD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=any direction=in protocol=esp-auth mode=transport
16:30:04 	vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=any direction=in protocol=esp-auth mode=transport ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001:0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setkey -c'' command
/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ff e:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001: 0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setke y -c
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:44 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=216 seq=1 pid=3761
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:44 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=226 seq=0 pid=3761
	refcnt=2
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001:0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ff e:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001: 0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setke y -c
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:44 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=216 seq=1 pid=3761
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:44 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=226 seq=0 pid=3761
	refcnt=2
[root@ipv6test2 ~]''
echo $?
0
[roorCommand: exit status: 0
~
[EOT]


	Target: Set SAD entries: src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" spi=0x2000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcout1 eauth=null eauthkey=
16:30:09 	vRemote(ipsecSetSAD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" spi=0x2000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcout1 eauth=null eauthkey= ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A null "1"; dump;' | setkey -c'' command
/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ff ff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3d escbcout1" -A null "1"; dump;' | setkey -c
line 0: syntax error at [1]
No SAD entries.
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A null "1"; dump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ff ff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3d escbcout1" -A null "1"; dump;' | setkey -c
line 0: syntax error at [1]
No SAD entries.
[root@ipv6test2 ~]''
echo $?
0
[roorCommand: exit status: 0
~
[EOT]


	Target: Set SPD entries: src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" upperspec=any direction=out protocol=esp-auth mode=transport
16:30:15 	vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" upperspec=any direction=out protocol=esp-auth mode=transport ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setkey -c'' command
/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501 :ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21 d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setk ey -c
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:44 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=216 seq=2 pid=3774
	refcnt=1
3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any
	out prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:55 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=233 seq=1 pid=3774
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:44 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=226 seq=0 pid=3774
	refcnt=1
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501 :ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21 d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setk ey -c
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	in prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:44 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=216 seq=2 pid=3774
	refcnt=1
3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any
	out prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:55 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=233 seq=1 pid=3774
	refcnt=2
3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any
	fwd prio def ipsec
	esp/transport//require
	created: Oct 29 00:27:44 2008  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=226 seq=0 pid=3774
	refcnt=1
[root@ipv6test2 ~]''
echo $?
0
[roorCommand: exit status: 0
~
[EOT]


	Target: Enable and start IPsec function
16:30:21 	vRemote(ipsecEnable.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecEnable.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 ''


	*** Target testing phase ***
16:30:21	Clear Captured Packets (Link0)
16:30:21	vSend(Link0,echo_request_from_host1_esp)
Send Echo Request with ESP from HOST-1(TN)
16:30:21 	vRecv(Link0,echo_reply_to_host1_esp ns_to_router_linkaddr_w_linkaddr rs_from_nut rs_from_nut_wsll ns_to_router_wo_sllopt ns_to_router_linkaddr ns_to_router rs_from_nut_wunspec) timeout:3 cntLimit:0 seektime:0
vRecv() return status=1

	TN received no echo reply from End-Node(NUT) to HOST-1(TN).
NG
16:30:24	End
Comment 1 Tomas Mraz 2008-10-29 08:49:25 EDT
The null algorithm shouldn't have a key in the spd entry. Please fix the test suite.

Note You need to log in before you can comment on or make changes to this bug.