Description of problem: when Encryption Algorithm use 3DES-CBC and Authentication Algorithm use NULL On Host transport mode ,TN received no echo reply from End-Node(NUT) to HOST-1(TN) (please see the Additional info section for detail log ) info.), NUT is RHEL5.3, TN is FreeBSD7.0. Version-Release number of selected component (if applicable): ipsec-tools-0.6.5-13.el5 How reproducible: everytime Steps to Reproduce: 1. 2. 3. Actual results: TN received no echo reply from End-Node(NUT) to HOST-1(TN) tcpdump info: reading from file 16.html.Link0.dump, link-type EN10MB (Ethernet) 16:30:21.590202 IP6 3ffe:501:ffff:1::1 > 3ffe:501:ffff:0:21d:fff:fe0f:be4e: ESP(spi=0x00001000,seq=0x1), length 40 Expected results: TN received echo reply from End-Node(NUT) to HOST-1(TN) Additional info: Target: Set SAD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 eauth=null eauthkey= 16:29:59 vRemote(ipsecSetSAD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 eauth=null eauthkey= '' Connected prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) '' rLogin: Wait for login prompt (0.2 sec)... rLogin: Never got prompt; try again rLogin: Wait for login prompt (50 sec)... [root@ipv6test2 ~]# rLogin: Got command prompt rLogin: Got command prompt _rCommand: Try to get command prompt (0.2 sec.) _rCommand: (\$|#) _rCommand: command prompt... _rCommand: Try to get command prompt (30 sec.) _rCommand: (\$|#) [root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbcin01" -A null "1"; dump;' | setkey -c'' command /bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3d escbcin01" -A null "1"; dump;' | setkey -c line 0: syntax error at [1] No SAD entries. [root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbcin01" -A null "1"; dump;' | setkey -c rCommand: Try to get command prompt (0.2 sec) rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3d escbcin01" -A null "1"; dump;' | setkey -c line 0: syntax error at [1] No SAD entries. [root@ipv6test2 ~]'' echo $? 0 [roorCommand: exit status: 0 ~ [EOT] Target: Set SPD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=any direction=in protocol=esp-auth mode=transport 16:30:04 vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=any direction=in protocol=esp-auth mode=transport '' Connected prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) '' rLogin: Wait for login prompt (0.2 sec)... rLogin: Never got prompt; try again rLogin: Wait for login prompt (50 sec)... [root@ipv6test2 ~]# rLogin: Got command prompt rLogin: Got command prompt _rCommand: Try to get command prompt (0.2 sec.) _rCommand: (\$|#) _rCommand: command prompt... _rCommand: Try to get command prompt (30 sec.) _rCommand: (\$|#) [root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001:0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setkey -c'' command /bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ff e:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001: 0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setke y -c 3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any in prio def ipsec esp/transport//require created: Oct 29 00:27:44 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=216 seq=1 pid=3761 refcnt=2 3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any fwd prio def ipsec esp/transport//require created: Oct 29 00:27:44 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=226 seq=0 pid=3761 refcnt=2 [root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001:0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setkey -c rCommand: Try to get command prompt (0.2 sec) rCommand: CmdOutput=``/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ff e:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001: 0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setke y -c 3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any in prio def ipsec esp/transport//require created: Oct 29 00:27:44 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=216 seq=1 pid=3761 refcnt=2 3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any fwd prio def ipsec esp/transport//require created: Oct 29 00:27:44 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=226 seq=0 pid=3761 refcnt=2 [root@ipv6test2 ~]'' echo $? 0 [roorCommand: exit status: 0 ~ [EOT] Target: Set SAD entries: src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" spi=0x2000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcout1 eauth=null eauthkey= 16:30:09 vRemote(ipsecSetSAD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" spi=0x2000 mode=transport protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcout1 eauth=null eauthkey= '' Connected prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) '' rLogin: Wait for login prompt (0.2 sec)... rLogin: Never got prompt; try again rLogin: Wait for login prompt (50 sec)... [root@ipv6test2 ~]# rLogin: Got command prompt rLogin: Got command prompt _rCommand: Try to get command prompt (0.2 sec.) _rCommand: (\$|#) _rCommand: command prompt... _rCommand: Try to get command prompt (30 sec.) _rCommand: (\$|#) [root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A null "1"; dump;' | setkey -c'' command /bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ff ff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3d escbcout1" -A null "1"; dump;' | setkey -c line 0: syntax error at [1] No SAD entries. [root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A null "1"; dump;' | setkey -c rCommand: Try to get command prompt (0.2 sec) rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ff ff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3d escbcout1" -A null "1"; dump;' | setkey -c line 0: syntax error at [1] No SAD entries. [root@ipv6test2 ~]'' echo $? 0 [roorCommand: exit status: 0 ~ [EOT] Target: Set SPD entries: src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" upperspec=any direction=out protocol=esp-auth mode=transport 16:30:15 vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 src="3ffe:501:ffff:0:21d:fff:fe0f:be4e" dst="3ffe:501:ffff:0001:0000:0000:0000:0001" upperspec=any direction=out protocol=esp-auth mode=transport '' Connected prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) '' rLogin: Wait for login prompt (0.2 sec)... rLogin: Never got prompt; try again rLogin: Wait for login prompt (50 sec)... [root@ipv6test2 ~]# rLogin: Got command prompt rLogin: Got command prompt _rCommand: Try to get command prompt (0.2 sec.) _rCommand: (\$|#) _rCommand: command prompt... _rCommand: Try to get command prompt (30 sec.) _rCommand: (\$|#) [root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setkey -c'' command /bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501 :ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21 d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setk ey -c 3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any in prio def ipsec esp/transport//require created: Oct 29 00:27:44 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=216 seq=2 pid=3774 refcnt=1 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any out prio def ipsec esp/transport//require created: Oct 29 00:27:55 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=233 seq=1 pid=3774 refcnt=2 3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any fwd prio def ipsec esp/transport//require created: Oct 29 00:27:44 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=226 seq=0 pid=3774 refcnt=1 [root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setkey -c rCommand: Try to get command prompt (0.2 sec) rCommand: CmdOutput=``/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501 :ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21 d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setk ey -c 3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any in prio def ipsec esp/transport//require created: Oct 29 00:27:44 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=216 seq=2 pid=3774 refcnt=1 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any out prio def ipsec esp/transport//require created: Oct 29 00:27:55 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=233 seq=1 pid=3774 refcnt=2 3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any fwd prio def ipsec esp/transport//require created: Oct 29 00:27:44 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=226 seq=0 pid=3774 refcnt=1 [root@ipv6test2 ~]'' echo $? 0 [roorCommand: exit status: 0 ~ [EOT] Target: Enable and start IPsec function 16:30:21 vRemote(ipsecEnable.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecEnable.rmt -t rhel51 -u root -p redhat -d cuad0 -o 1 '' *** Target testing phase *** 16:30:21 Clear Captured Packets (Link0) 16:30:21 vSend(Link0,echo_request_from_host1_esp) Send Echo Request with ESP from HOST-1(TN) 16:30:21 vRecv(Link0,echo_reply_to_host1_esp ns_to_router_linkaddr_w_linkaddr rs_from_nut rs_from_nut_wsll ns_to_router_wo_sllopt ns_to_router_linkaddr ns_to_router rs_from_nut_wunspec) timeout:3 cntLimit:0 seektime:0 vRecv() return status=1 TN received no echo reply from End-Node(NUT) to HOST-1(TN). NG 16:30:24 End
The null algorithm shouldn't have a key in the spd entry. Please fix the test suite.