While running IKE main mode with self-test version 1.0.5 SGW with v6eval
3.0.10, there are quite a few problem that I encountered (my OS is
FreeBSD 7.0 Pre-release):
Take IKE responder as an example: (Initiator also had these problems)
test item 167: Processing invalid ISAKMP payload length
test item 246: Processing invalid ISAKMP Payload Length
"!!! unable decode Hdr_ISAKMP size(28,0) ,in Udp_ISAKMP at(0,0)/size(0)"
would occur and cleanup will suspend the whole test.
I am thinking that maybe because the "Packet reverse log" parser think
the sent packet from TN is invalid (Although that is the purpose of the
item) so the item aborted.
test item 177: Processing invalid DOI field
test item 178: Processing invalid situation field
test item 184: IPSEC Situation Definition(SIT_SECRECY)
test item 185: IPSEC Situation Definition(SIT_INTEGRITY)
test item 259: Processing invalid DOI field
test item 260: Processing invalid Situation field
"Proposal Payload doesn't exist after SA." would occur after TN sent out
the 1st ISAKMP or Quick mode 1st packet.
The message also occurred a few times in other test items. I don't have
any idea.
test item 219: ESP_NULL,AES-XCBC-MAC
It seems that the test script does not support authentication algorithm
AES-XCBC-MAC since the transform payload in TN's first quick mode packet
carries HMAC-MD5 instead of AES-XCBC-MAC (type 5 value 2)
The attached file is the tarball of my test results. The total size
would be 61Kb.
Thanks.
BR,
Yi-Wen
613_2.rar