Test Information

TitleAccept both old and new SA for incoming traffic **
CommandLine./SGW/SG_R_RFC2408_5_3_2_2.seq -pkt ./SGW/SG_R_RFC2408_5_3_2_2.def test_phase=2 test_type=BASIC -log 243.html -ti Accept both old and new SA for incoming traffic **
TestVersionundefined
ToolVersionREL_3_0_8
Start2006/03/13 16:26:46
Tn/usr/local/v6eval//etc//tn.def
Nu/usr/local/v6eval//etc//nut.def
Pkt./SGW/SG_R_RFC2408_5_3_2_2.def
Systemfreebsd-i386
TargetNameFreeBSD 5.4-RELEASE
HostNametarget1.tahi.org
Typerouter

Test Sequence Execution Log

16:26:46Start

 *** Target IKE initialization phase ***
Target: Reset IKE SA entries: saddump
16:26:47 vRemote(ikeResetSA.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ikeResetSA.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 saddump '' 
Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
dump;
flush;
EOD

? dump;
? flush;
? EOD
The result of line 1: No SAD entries.
target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODdump;flush;EOD
echo $status
0
target1# kill -TERM `head -1 /var/run/racoon.pid`
head: /var/run/racoon.pid: No such file or directory

target1# 
target1# echo $status
1
target1# /bin/rm -f /var/run/racoon.pid

target1# 
target1# echo $status
0
~
[EOT]

Target: Clear SPD entries: spddump
16:26:54 vRemote(ipsecResetSPD.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ipsecResetSPD.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 spddump '' 
Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
spddump;
spdflush? spddump;
;
EOD

? spdflush;
EOD

? EOD
The result of line 1: No SPD entries.
target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODspddump;spdflush;EOD
echo $status
0
~
[EOT]

Target: Set SPD entries: src=3ffe:501:ffff:100::/64 dst=3ffe:501:ffff:104::/64 tsrc=3ffe:501:ffff:102::1 tdst=3ffe:501:ffff:103::11 upperspec=any direction=out protocol=PROTO_IPSEC_ESP mode=Tunnel
16:27:00 vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ipsecSetSPD.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 src=3ffe:501:ffff:100::/64 dst=3ffe:501:ffff:104::/64 tsrc=3ffe:501:ffff:102::1 tdst=3ffe:501:ffff:103::11 upperspec=any direction=out protocol=PROTO_IPSEC_ESP mode=Tunnel '' 
Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
spdadd 3ffe:501:ffff:100::/64 3ffe:501:ffff:104::/64
       any
       -P out ipsec
       esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
;
spddump;
EOD

? spdadd 3ffe:501:ffff:100::/64 3ffe:501:ffff:104::/64
       any
       -P out ipsec
       esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
;
spddump;
EOD

?        any
?        -P out ipsec
?        esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
? ;
? spddump;
? EOD
3ffe:501:ffff:100::/64[any] 3ffe:501:ffff:104::/64[any] any
        out ipsec
        esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
        created: Mar 13 16:33:38 2006  lastused: Mar 13 16:33:38 2006
        lifetime: 0(s) validtime: 0(s)
        spid=19284 seq=0 pid=3188
        refcnt=1
target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODspdadd 3ffe:501:ffff:100::/64 3ffe:501:ffff:104::/64       any       -P out ipsec       esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require;spddump;EOD
echo $status
0
~
[EOT]

Target: Set SPD entries: dst=3ffe:501:ffff:100::/64 src=3ffe:501:ffff:104::/64 tdst=3ffe:501:ffff:102::1 tsrc=3ffe:501:ffff:103::11 upperspec=any direction=in protocol=PROTO_IPSEC_ESP mode=Tunnel
16:27:06 vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ipsecSetSPD.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 dst=3ffe:501:ffff:100::/64 src=3ffe:501:ffff:104::/64 tdst=3ffe:501:ffff:102::1 tsrc=3ffe:501:ffff:103::11 upperspec=any direction=in protocol=PROTO_IPSEC_ESP mode=Tunnel '' 
Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
spdadd 3ffe:501:ffff:104::/64 3ffe:501:ffff:100::/64
       any
       -P in ipsec
       esp/tunnel/3ffe:501:ffff:103::11-3ffe:501:ffff:102::1/require
;
spddump;
EOD

? spdadd 3ffe:501:ffff:104::/64 3ffe:501:ffff:100::/64
       any
       -P in ipsec
       esp/tunnel/3ffe:501:ffff:103::11-3ffe:501:ffff:102::1/require
;
spddump;
EOD

?        any
?        -P in ipsec
?        esp/tunnel/3ffe:501:ffff:103::11-3ffe:501:ffff:102::1/require
? ;
? spddump;
? EOD
3ffe:501:ffff:104::/64[any] 3ffe:501:ffff:100::/64[any] any
        in ipsec
        esp/tunnel/3ffe:501:ffff:103::11-3ffe:501:ffff:102::1/require
        created: Mar 13 16:33:44 2006  lastused: Mar 13 16:33:44 2006
        lifetime: 0(s) validtime: 0(s)
        spid=19285 seq=1 pid=3189
        refcnt=1
3ffe:501:ffff:100::/64[any] 3ffe:501:ffff:104::/64[any] any
        out ipsec
        esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
        created: Mar 13 16:33:38 2006  lastused: Mar 13 16:33:38 2006
        lifetime: 0(s) validtime: 0(s)
        spid=19284 seq=0 pid=3189
        refcnt=1
target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODspdadd 3ffe:501:ffff:104::/64 3ffe:501:ffff:100::/64       any       -P in ipsec       esp/tunnel/3ffe:501:ffff:103::11-3ffe:501:ffff:102::1/require;spddump;EOD
echo $status
0
~
[EOT]

Target: Set IKE SA entries: dst=3ffe:501:ffff:103::11 dst_port=500 exchange_mode=main doi=ipsec_doi situation=identity_only isakmp_src_id_type=address isakmp_src_id=3ffe:501:ffff:102::1 dh_group=2 lifetime=28800 lifetime_unit=seconds encryption_algorithm=3des hash_algorithm=sha1 authentication_method=pre_shared_key key_id=3ffe:501:ffff:103::11 key_value=0x494b452d54455354 ph2_id_type=address ph2_src_id=3ffe:501:ffff:100::/64 ph2_dst_id=3ffe:501:ffff:104::/64 ph2_src_upper=any ph2_dst_upper=any ipsec_p_num=1 ipsec_p1_t_num=1 ph2_p1_t1_lt=60 ph2_p1_t1_lt_unit=seconds ph2_p1_t1_enc_alg=ESP_3DES ph2_p1_t1_auth_mtd=HMAC_SHA
16:27:12 vRemote(ikeSetSA.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ikeSetSA.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 dst=3ffe:501:ffff:103::11 dst_port=500 exchange_mode=main doi=ipsec_doi situation=identity_only isakmp_src_id_type=address isakmp_src_id=3ffe:501:ffff:102::1 dh_group=2 lifetime=28800 lifetime_unit=seconds encryption_algorithm=3des hash_algorithm=sha1 authentication_method=pre_shared_key key_id=3ffe:501:ffff:103::11 key_value=0x494b452d54455354 ph2_id_type=address ph2_src_id=3ffe:501:ffff:100::/64 ph2_dst_id=3ffe:501:ffff:104::/64 ph2_src_upper=any ph2_dst_upper=any ipsec_p_num=1 ipsec_p1_t_num=1 ph2_p1_t1_lt=60 ph2_p1_t1_lt_unit=seconds ph2_p1_t1_enc_alg=ESP_3DES ph2_p1_t1_auth_mtd=HMAC_SHA '' 
Connected

target1# 
target1# ~[set] echocheck

target1# 
target1# ~[put] freebsd-i386.psk.txt /tmp/psk.txt
Dtarget1# 

target1# 
target1# /bin/chmod 600 /tmp/psk.txt
target1# echo $status
0
target1# ~[set] echocheck

target1# 
target1# ~[put] freebsd-i386.ike.conf /tmp/ike.conf
Dtarget1# 
target1# 
target1# test -f /var/run/racoon.pid &&kill -TERM `head -1 /var/run/racoon.pid`

target1# 
target1# echo $status
1
target1# /usr/local/sbin/racoon -f /tmp/ike.conf

target1# 
target1# echo $status
0
~
[EOT]
16:27:27 vRemote(ikeEnable.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ikeEnable.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 '' 






*** Target initialization phase ***




16:27:27Start Capturing Packets (Link0)





16:27:27Start Capturing Packets (Link1)







*** Target pre-test seaquence ***
*** Phase-1 1st message send ***




16:27:27Clear Captured Packets (Link0)







16:27:28
vSend(Link0,isakmp_phase1_send_1st)


Send 1st message from HOST2(TN)








*** Phase-1 2nd message recieve ***





16:27:28
vRecv(Link0,isakmp_phase1_recv_2nd router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Receive Neighbor Solicitation from SGW1(NUT)











16:27:28
vSend(Link0,router_na)


Send Neighbor Advertisement(TN)






16:27:28
vRecv(Link0,isakmp_phase1_recv_2nd router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Recv 2nd message from HOST1(NUT)











OK payload_check
*** Phase-1 3rd message send ***




16:27:29Clear Captured Packets (Link0)







16:27:29
vSend(Link0,isakmp_phase1_send_3rd)


Send 3rd message from HOST2(TN)








*** Phase-1 4th message recieve ***





16:27:29
vRecv(Link0,isakmp_phase1_recv_4th router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Recv 4th message from HOST1(NUT)











OK payload_check
*** Phase-1 5th message send ***




16:27:29Clear Captured Packets (Link0)







16:27:30
vSend(Link0,isakmp_phase1_send_5th)


Send 5th message from HOST2(TN)








*** Phase-1 6th message recieve ***





16:27:30
vRecv(Link0,isakmp_phase1_recv_6th router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Recv 6th message from HOST1(NUT)











OK payload_check
*** Target testing phase start ***
*** Phase-2 1st message send ***




16:27:31Clear Captured Packets (Link0)





16:27:31Clear Captured Packets (Link1)







16:27:31
vSend(Link0,isakmp_phase2_send)


Send Phase-2 1st message (HDR*, HASH(1), SA, Ni) from HOST2(TN)








*** Phase-2 2nd message recv ***





16:27:31
vRecv(Link0,isakmp_phase2_recv_2nd router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Recv Phase-2 2nd message (HDR*, HASH(2), SA, Ni) from HOST1(NUT)











OK payload_check
*** Phase-2 3rd message send ***




16:27:31Clear Captured Packets (Link0)





16:27:32Clear Captured Packets (Link1)







16:27:32
vSend(Link0,isakmp_phase2_send_3rd)


Send Phase-2 3rd message HDR*, HASH(3) from HOST2(TN)







16:27:32
Wait 1 second





*** 1st IPsec SA is esatblished ***
*** Wait 42 sec to expire IPsec SA Lifetime ***




16:27:33
Wait 42 second





## 1st SA elapsed time: 42 ##
*** Re-Key phase start ***
*** Re-Key 1st message send ***




16:28:15Clear Captured Packets (Link0)





16:28:15Clear Captured Packets (Link1)







16:28:15
vSend(Link0,isakmp_phase2_send)


Send Phase-2 1st message (HDR*, HASH(1), SA, Ni) from HOST2(TN)








*** Re-Key 2nd message recv ***





16:28:16
vRecv(Link0,isakmp_phase2_recv_2nd router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Recv Phase-2 2nd message (HDR*, HASH(2), SA, Ni) from HOST1(NUT)











OK payload_check
*** Re-Key 3rd message send ***




16:28:16Clear Captured Packets (Link0)





16:28:16Clear Captured Packets (Link1)







16:28:17
vSend(Link0,isakmp_phase2_send_3rd)


Send Phase-2 3rd message HDR*, HASH(3) from HOST2(TN)







16:28:17
Wait 1 second





*** Re-Key IPsec SA is esatblished ***




16:28:18Clear Captured Packets (Link0)







*** Encrypted Echo Request message send using 1st IPsec SA ***




16:28:18Clear Captured Packets (Link0)





16:28:18Clear Captured Packets (Link1)







16:28:18
vSend(Link0,echo_request_send_esp_tunnel_net3sgw2_net2sgw1)


Send Encrypted Echo Request from HOST-2(TN)






16:28:18
vRecv(Link1,echo_request_recv_net4host2_net0host1 router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Receive Echo Request from HOST-2(TN) via SGW1(NUT)











## 1st SA elapsed time: 46 ##
## 2nd SA elapsed time: 1 ##
*** Echo Request message recv ***
*** Encrypted Echo Request message send using 2nd IPsec SA ***




16:28:19Clear Captured Packets (Link0)





16:28:19Clear Captured Packets (Link1)







## 1st SA elapsed time: 46 ##
## 2nd SA elapsed time: 1 ##







16:28:19
vSend(Link0,echo_request_send_esp_tunnel_net3sgw2_net2sgw1)


Send Encrypted Echo Request from HOST-2(TN)






16:28:19
vRecv(Link1,echo_request_recv_net4host2_net0host1 router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Receive Echo Request from HOST-2(TN) via SGW1(NUT)











*** Echo Request message recv ***
Using both old and new SA for incoming traffic is correct
*** Target test finish ***




16:28:20Stop Capturing Packets (Link0)





16:28:20Stop Capturing Packets (Link1)







Target: Reset IKE SA entries: saddump



16:28:20

vRemote(ikeResetSA.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ikeResetSA.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1  saddump ''

Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
dump;
flush;
EOD

? dump;
? flush;
? EOD
3ffe:501:ffff:102::1 3ffe:501:ffff:103::11 
        esp mode=tunnel spi=4097(0x00001001) reqid=0(0x00000000)
        E: 3des-cbc  9d75c20b 6395a6a7 53df1732 73d5837a 7bafed96 c07328ff
        A: hmac-sha1  ef0ae2e5 d33503a9 5835a914 b42ba73a 27a32408
        seq=0x00000000 replay=4 flags=0x00000000 state=mature 
        created: Mar 13 16:34:54 2006   current: Mar 13 16:34:58 2006
        diff: 4(s)      hard: 60(s)     soft: 48(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=3 pid=3196 refcnt=1
3ffe:501:ffff:102::1 3ffe:501:ffff:103::11 
        esp mode=tunnel spi=4096(0x00001000) reqid=0(0x00000000)
        E: 3des-cbc  afb24e01 e179c9ea 30642b52 e5d2cd32 e4124352 9c4749f7
        A: hmac-sha1  6f9c5b97 3cf2f13b a32e2235 e708d88c 7084dda0
        seq=0x00000000 replay=4 flags=0x00000000 state=mature 
        created: Mar 13 16:34:09 2006   current: Mar 13 16:34:58 2006
        diff: 49(s)     hard: 60(s)     soft: 48(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=2 pid=3196 refcnt=1
3ffe:501:ffff:103::11 3ffe:501:ffff:102::1 
        esp mode=tunnel spi=185188132(0x0b09bf24) reqid=0(0x00000000)
        E: 3des-cbc  b0b49f72 62920369 c4b4d5da 5d18fca7 53aa0450 c9094f9a
        A: hmac-sha1  2004e23b c4168bfb 726e4ffb 3a051631 e325b421
        seq=0x00000001 replay=4 flags=0x00000000 state=mature 
        created: Mar 13 16:34:54 2006   current: Mar 13 16:34:59 2006
        diff: 5(s)      hard: 60(s)     soft: 48(s)
        last: Mar 13 16:34:56 2006      hard: 0(s)      soft: 0(s)
        current: 56(bytes)      hard: 0(bytes)  soft: 0(bytes)
        allocated: 1    hard: 0 soft: 0
        sadb_seq=1 pid=3196 refcnt=1
3ffe:501:ffff:103::11 3ffe:501:ffff:102::1 
        esp mode=tunnel spi=64129380(0x03d28964) reqid=0(0x00000000)
        E: 3des-cbc  e3589b0a 1c25c018 51849759 28340a55 cd124afc fd396f2b
        A: hmac-sha1  392e6066 a49a5e8c c76a7b92 f1c1bcaa ef024860
        seq=0x00000001 replay=4 flags=0x00000000 state=mature 
        created: Mar 13 16:34:09 2006   current: Mar 13 16:34:59 2006
        diff: 50(s)     hard: 60(s)     soft: 48(s)
        last: Mar 13 16:34:55 2006      hard: 0(s)      soft: 0(s)
        current: 56(bytes)      hard: 0(bytes)  soft: 0(bytes)
        allocated: 1    hard: 0 soft: 0
        sadb_seq=0 pid=3196 refcnt=1
target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODdump;flush;EOD
echo $status
0
target1# kill -TERM `head -1 /var/run/racoon.pid`

target1# 
target1# echo $status
0
target1# /bin/rm -f /var/run/racoon.pid

target1# 
target1# echo $status
0
~
[EOT]







Target: Clear SPD entries: spddump



16:28:26

vRemote(ipsecResetSPD.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ipsecResetSPD.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1  spddump ''

Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
spddump;
spdflush;
EO? spddump;
? Dspdflush;


? EOD
3ffe:501:ffff:104::/64[any] 3ffe:501:ffff:100::/64[any] any
        in ipsec
        esp/tunnel/3ffe:501:ffff:103::11-3ffe:501:ffff:102::1/require
        created: Mar 13 16:33:44 2006  lastused: Mar 13 16:34:56 2006
        lifetime: 0(s) validtime: 0(s)
        spid=19285 seq=1 pid=3202
        refcnt=1
3ffe:501:ffff:100::/64[any] 3ffe:501:ffff:104::/64[any] any
        out ipsec
        esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
        created: Mar 13 16:33:38 2006  lastused: Mar 13 16:33:38 2006
        lifetime: 0(s) validtime: 0(s)
        spid=19284 seq=0 pid=3202
        refcnt=1

target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODspddump;spdflush;EOD
echo $status
0
~
[EOT]







OK




16:28:32End




Packet Reverse Log