Article 960 at 08/10/29 19:28:34 From: jiabwang@redhat.com Subject: [users:00960] [IPsec]could you help me explain the failure

Index: [Article Count Order] [Thread]
Date: Wed, 29 Oct 2008 18:29:09 +0800
From: wang_jiabo <jiabwang@redhat.com>
Subject: [users:00960] [IPsec]could you help me explain the failure
To: users@tahi.org
Message-Id: <49083AF5.7040708@redhat.com>
X-Mail-Count: 00960

Hell,all:
   I get the failure on 5.1.2, the following is log info.
do you think it is ipsecSetSAD.rmt bug.
thanks
Best regards
Wang

16:21:36 	Start Capturing Packets (Link0)

	Target: Set SAD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" 
dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport 
protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 
eauth=hmac-sha1 eauthkey=ipv6readylogsha1in01 unique=10000
16:21:36 	vRemote(ipsecSetSAD.rmt) 
``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p 
redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" 
dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport 
protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01 
eauth=hmac-sha1 eauthkey=ipv6readylogsha1in01 unique=10000 ''

Connected
prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''
rLogin: Wait for login prompt (0.2 sec)...
rLogin: Never got prompt; try again
rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt
rLogin: Got command prompt
_rCommand: Try to get command prompt (0.2 sec.)
_rCommand: (\$|#) 
_rCommand: command prompt...
_rCommand: Try to get command prompt (30 sec.)
_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -u 10000 -E 3des-cbc "ipv6readylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c'' command
/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -u 10000 -E 3des-cbc "ipv6re adylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c
3ffe:501:ffff:1::1 3ffe:501:ffff:0:21d:fff:fe0f:be4e 
	esp mode=transport spi=4096(0x00001000) reqid=10000(0x00002710)
	E: 3des-cbc  69707636 72656164 796c6f67 6f336465 73636263 696e3031
	A: hmac-sha1  69707636 72656164 796c6f67 73686131 696e3031
	seq=0x00000000 replay=0 flags=0x00000000 state=mature 
	created: Oct 29 00:19:15 2008	current: Oct 29 00:19:15 2008
	diff: 0(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=3440 refcnt=0
[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -u 10000 -E 3des-cbc "ipv6readylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c
rCommand: Try to get command prompt (0.2 sec)
rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -u 10000 -E 3des-cbc "ipv6re adylogo3descbcin01" -A hmac-sha1 "ipv6readylogsha1in01"; dump;' | setkey -c
3ffe:501:ffff:1::1 3ffe:501:ffff:0:21d:fff:fe0f:be4e 
	esp mode=transport spi=4096(0x00001000) reqid=10000(0x00002710)
	E: 3des-cbc  69707636 72656164 796c6f67 6f336465 73636263 696e3031
	A: hmac-sha1  69707636 72656164 796c6f67 73686131 696e3031
	seq=0x00000000 replay=0 flags=0x00000000 state=mature 
	created: Oct 29 00:19:15 2008	current: Oct 29 00:19:15 2008
	diff: 0(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=3440 refcnt=0
[root@ipv6test2 ~]''
echo $?
0
[root@ipv6terCommand: exit status: 0
~
[EOT]
      


	Target: Set SPD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" 
dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=icmp6 icmp6_type=128 
icmp6_code=0 direction=in protocol=esp-auth mode=transport level=unique 
unique=10000
16:21:41 	vRemote(ipsecSetSPD.rmt) 
``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p 
redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001" 
dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=icmp6 icmp6_type=128 
icmp6_code=0 direction=in protocol=esp-auth mode=transport level=unique 
unique=10000 ''

Connected
upperspec must be one of any|tcp|udp
ipsecSetSPD.rmt [parameters]
parameters:
src=source address
dst=destination address
sport=source port (default:any)
dport=destination port (default:any)
upperspec={any|tcp|udp} (default:any)
direction={in|out}
protocol={ah|esp|ah-esp}
mode={transport|tunnel}
policy={ipsec|none|discard} (default:ipsec)
tsrc=tunnel entry address
tdst=tunnel exit address
unique=unique ID for MIPv6 configuration
~
[EOT]
      


	Cannot Set SPD entries: src="3ffe:501:ffff:0001:0000:0000:0000:0001" 
dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=icmp6 icmp6_type=128 
icmp6_code=0 direction=in protocol=esp-auth mode=transport level=unique 
unique=10000
NG
16:21:41 	End


	960_2.html (attatchment)(tag is disabled)