<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

</head>

<body bgcolor="#ffffff" text="#000000">

Hello, TAHI:<br>

&nbsp;&nbsp;&nbsp;&nbsp; when I test IPsec suite, 5.1.2 and 5.2.3 report failures.<br>

do you think 5.1.2 is a bug of ipsecSetSPD.rmt, please&nbsp; give me&nbsp;

explain.<br>

another bug , it is 5.2.3.&nbsp; do you&nbsp; think&nbsp; that&nbsp; the&nbsp; null&nbsp; algorithm

should have a key in the spd entry.<br>

we thought that the null algorithm shouldn't have a key in the spd entry<br>

Thanks<br>

Best regards<br>

Wang JiaBo<br>

<br>

5.2.3 log info:<br>

<br>

<table border="1">

  <tbody>

    <tr valign="top">

      <td>16:29:59</td>

      <td>Start Capturing Packets (Link0)<br>

      </td>

    </tr>

    <tr>

      <td><br>

      </td>

      <td>Target: Set SAD entries:

src="3ffe:501:ffff:0001:0000:0000:0000:0001"

dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport

protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01

eauth=null eauthkey=</td>

    </tr>

    <tr valign="top">

      <td>16:29:59</td>

      <td>

vRemote(ipsecSetSAD.rmt)

``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p

redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001"

dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" spi=0x1000 mode=transport

protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcin01

eauth=null eauthkey= ''

      <pre>Connected

prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''

rLogin: Wait for login prompt (0.2 sec)...

rLogin: Never got prompt; try again

rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt

rLogin: Got command prompt

_rCommand: Try to get command prompt (0.2 sec.)

_rCommand: (\$|#) 

_rCommand: command prompt...

_rCommand: Try to get command prompt (30 sec.)

_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbcin01" -A null "1"; dump;' | setkey -c'' command

/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3d escbcin01" -A null "1"; dump;' | setkey -c

line 0: syntax error at [1]

No SAD entries.

[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbcin01" -A null "1"; dump;' | setkey -c

rCommand: Try to get command prompt (0.2 sec)

rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:5 01:ffff:0:21d:fff:fe0f:be4e esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3d escbcin01" -A null "1"; dump;' | setkey -c

line 0: syntax error at [1]

No SAD entries.

[root@ipv6test2 ~]''

echo $?

0

[roorCommand: exit status: 0

~

[EOT]

      </pre>

      </td>

    </tr>

    <tr>

      <td><br>

      </td>

      <td>Target: Set SPD entries:

src="3ffe:501:ffff:0001:0000:0000:0000:0001"

dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=any direction=in

protocol=esp-auth mode=transport</td>

    </tr>

    <tr valign="top">

      <td>16:30:04</td>

      <td>

vRemote(ipsecSetSPD.rmt)

``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p

redhat -d cuad0 -o 1 src="3ffe:501:ffff:0001:0000:0000:0000:0001"

dst="3ffe:501:ffff:0:21d:fff:fe0f:be4e" upperspec=any direction=in

protocol=esp-auth mode=transport ''

      <pre>Connected

prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''

rLogin: Wait for login prompt (0.2 sec)...

rLogin: Never got prompt; try again

rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt

rLogin: Got command prompt

_rCommand: Try to get command prompt (0.2 sec.)

_rCommand: (\$|#) 

_rCommand: command prompt...

_rCommand: Try to get command prompt (30 sec.)

_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001:0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setkey -c'' command

/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ff e:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001: 0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setke y -c

3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any

	in prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:44 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=216 seq=1 pid=3761

	refcnt=2

3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any

	fwd prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:44 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=226 seq=0 pid=3761

	refcnt=2

[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ffe:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001:0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setkey -c

rCommand: Try to get command prompt (0.2 sec)

rCommand: CmdOutput=``/bin/echo 'spdadd 3ffe:501:ffff:0001:0000:0000:0000:0001 3ff e:501:ffff:0:21d:fff:fe0f:be4e any -P in ipsec esp/transport/3ffe:501:ffff:0001: 0000:0000:0000:0001-3ffe:501:ffff:0:21d:fff:fe0f:be4e/require; spddump;' | setke y -c

3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any

	in prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:44 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=216 seq=1 pid=3761

	refcnt=2

3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any

	fwd prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:44 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=226 seq=0 pid=3761

	refcnt=2

[root@ipv6test2 ~]''

echo $?

0

[roorCommand: exit status: 0

~

[EOT]

      </pre>

      </td>

    </tr>

    <tr>

      <td><br>

      </td>

      <td>Target: Set SAD entries:

src="3ffe:501:ffff:0:21d:fff:fe0f:be4e"

dst="3ffe:501:ffff:0001:0000:0000:0000:0001" spi=0x2000 mode=transport

protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcout1

eauth=null eauthkey=</td>

    </tr>

    <tr valign="top">

      <td>16:30:09</td>

      <td>

vRemote(ipsecSetSAD.rmt)

``/usr/local/v6eval//bin/rhel51//ipsecSetSAD.rmt -t rhel51 -u root -p

redhat -d cuad0 -o 1 src="3ffe:501:ffff:0:21d:fff:fe0f:be4e"

dst="3ffe:501:ffff:0001:0000:0000:0000:0001" spi=0x2000 mode=transport

protocol=esp ealgo=3des-cbc ealgokey=ipv6readylogo3descbcout1

eauth=null eauthkey= ''

      <pre>Connected

prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''

rLogin: Wait for login prompt (0.2 sec)...

rLogin: Never got prompt; try again

rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt

rLogin: Got command prompt

_rCommand: Try to get command prompt (0.2 sec.)

_rCommand: (\$|#) 

_rCommand: command prompt...

_rCommand: Try to get command prompt (30 sec.)

_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A null "1"; dump;' | setkey -c'' command

/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ff ff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3d escbcout1" -A null "1"; dump;' | setkey -c

line 0: syntax error at [1]

No SAD entries.

[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A null "1"; dump;' | setkey -c

rCommand: Try to get command prompt (0.2 sec)

rCommand: CmdOutput=``/bin/echo 'add 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ff ff:0001:0000:0000:0000:0001 esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3d escbcout1" -A null "1"; dump;' | setkey -c

line 0: syntax error at [1]

No SAD entries.

[root@ipv6test2 ~]''

echo $?

0

[roorCommand: exit status: 0

~

[EOT]

      </pre>

      </td>

    </tr>

    <tr>

      <td><br>

      </td>

      <td>Target: Set SPD entries:

src="3ffe:501:ffff:0:21d:fff:fe0f:be4e"

dst="3ffe:501:ffff:0001:0000:0000:0000:0001" upperspec=any

direction=out protocol=esp-auth mode=transport</td>

    </tr>

    <tr valign="top">

      <td>16:30:15</td>

      <td>

vRemote(ipsecSetSPD.rmt)

``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t rhel51 -u root -p

redhat -d cuad0 -o 1 src="3ffe:501:ffff:0:21d:fff:fe0f:be4e"

dst="3ffe:501:ffff:0001:0000:0000:0000:0001" upperspec=any

direction=out protocol=esp-auth mode=transport ''

      <pre>Connected

prompt_user: ``login: '', prompt_password: ``Password: '', prompt_command: ``(\$|#) ''

rLogin: Wait for login prompt (0.2 sec)...

rLogin: Never got prompt; try again

rLogin: Wait for login prompt (50 sec)...

[root@ipv6test2 ~]# rLogin: Got command prompt

rLogin: Got command prompt

_rCommand: Try to get command prompt (0.2 sec.)

_rCommand: (\$|#) 

_rCommand: command prompt...

_rCommand: Try to get command prompt (30 sec.)

_rCommand: (\$|#) 

[root@ipv6test2 ~]# _rCommand: Do ``/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setkey -c'' command

/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501 :ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21 d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setk ey -c

3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any

	in prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:44 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=216 seq=2 pid=3774

	refcnt=1

3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any

	out prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:55 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=233 seq=1 pid=3774

	refcnt=2

3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any

	fwd prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:44 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=226 seq=0 pid=3774

	refcnt=1

[root@ipv6test2 ~]# sendMessagesSync: never got /bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501:ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setkey -c

rCommand: Try to get command prompt (0.2 sec)

rCommand: CmdOutput=``/bin/echo 'spdadd 3ffe:501:ffff:0:21d:fff:fe0f:be4e 3ffe:501 :ffff:0001:0000:0000:0000:0001 any -P out ipsec esp/transport/3ffe:501:ffff:0:21 d:fff:fe0f:be4e-3ffe:501:ffff:0001:0000:0000:0000:0001/require; spddump;' | setk ey -c

3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any

	in prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:44 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=216 seq=2 pid=3774

	refcnt=1

3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] 3ffe:501:ffff:1::1[any] any

	out prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:55 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=233 seq=1 pid=3774

	refcnt=2

3ffe:501:ffff:1::1[any] 3ffe:501:ffff:0:21d:fff:fe0f:be4e[any] any

	fwd prio def ipsec

	esp/transport//require

	created: Oct 29 00:27:44 2008  lastused:                     

	lifetime: 0(s) validtime: 0(s)

	spid=226 seq=0 pid=3774

	refcnt=1

[root@ipv6test2 ~]''

echo $?

0

[roorCommand: exit status: 0

~

[EOT]

      </pre>

      </td>

    </tr>

    <tr>

      <td><br>

      </td>

      <td>Target: Enable and start IPsec function</td>

    </tr>

    <tr valign="top">

      <td>16:30:21</td>

      <td>

vRemote(ipsecEnable.rmt)

``/usr/local/v6eval//bin/rhel51//ipsecEnable.rmt -t rhel51 -u root -p

redhat -d cuad0 -o 1 ''

      </td>

    </tr>

    <tr>

      <td><br>

      </td>

      <td><font size="3">*** Target testing phase ***</font><br>

      </td>

    </tr>

    <tr valign="top">

      <td>16:30:21</td>

      <td>Clear Captured Packets (Link0)<br>

      </td>

    </tr>

    <tr valign="top">

      <td>16:30:21</td>

      <td>vSend(Link0,echo_request_from_host1_esp)<br>

      <a name="vSend0"></a>

      <a

 href="http://10.66.70.9/IPsec_Self_Test_P2_1-9-0b1_RHEL5.3/ipsec.p2/16.html#vSendPKT0">Send

Echo Request with ESP from HOST-1(TN)</a><br>

      </td>

    </tr>

    <tr valign="top">

      <td>16:30:21</td>

      <td>vRecv(Link0,echo_reply_to_host1_esp

ns_to_router_linkaddr_w_linkaddr rs_from_nut rs_from_nut_wsll

ns_to_router_wo_sllopt ns_to_router_linkaddr ns_to_router

rs_from_nut_wunspec) timeout:3 cntLimit:0 seektime:0<br>

vRecv() return status=1

      </td>

    </tr>

    <tr>

      <td><br>

      </td>

      <td>TN received no echo reply from End-Node(NUT) to HOST-1(TN).<br>

      <font color="#ff0000">NG</font><br>

      </td>

    </tr>

    <tr>

      <td>16:30:24</td>

      <td>End</td>

    </tr>

  </tbody>

</table>

<br>

</body>

</html>