NEEDS FIXING Starting UML /btmp/antony/ikev2/2008_01_14/UMLPOOL/west/start.sh spawn /btmp/antony/ikev2/2008_01_14/UMLPOOL/west/start.sh single Checking that ptrace can change system call numbers...OK Checking syscall emulation patch for ptrace...OK Checking advanced syscall emulation patch for ptrace...OK Checking for tmpfs mount on /dev/shm...OK Checking PROT_EXEC mmap in /dev/shm/...OK Checking for the skas3 patch in the host: - /proc/mm...not found - PTRACE_FAULTINFO...not found - PTRACE_LDT...not found UML running in SKAS0 mode Checking that ptrace can change system call numbers...OK Checking syscall emulation patch for ptrace...OK Checking advanced syscall emulation patch for ptrace...OK Linux version 2.6.18.6 (antony@cyclops) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 Mon Jan 14 16:26:00 EST 2008 Built 1 zonelists. Total pages: 8192 Kernel command line: initrd=/btmp/antony/ikev2/2008_01_14/UMLPOOL/initrd.uml umlroot=/btmp/antony/ikev2/2008_01_14/UMLPOOL/west/root root=/dev/ram0 rw ssl=pty eth0=daemon,10:00:00:ab:cd:ff,unix,/tmp/umlIryn1i.d/west/ctl,/tmp/umlIryn1i.d/west/data eth1=daemon,10:00:00:64:64:45,unix,/tmp/umlIryn1i.d/public/ctl,/tmp/umlIryn1i.d/public/data eth2=daemon,10:00:00:32:64:45,unix,/tmp/umlIryn1i.d/admin/ctl,/tmp/umlIryn1i.d/admin/data init=/linuxrc single PID hash table entries: 256 (order: 8, 1024 bytes) Dentry cache hash table entries: 4096 (order: 2, 16384 bytes) Inode-cache hash table entries: 2048 (order: 1, 8192 bytes) Memory: 27292k available Mount-cache hash table entries: 512 Checking for host processor cmov support...Yes Checking for host processor xmm support...No Checking that host ptys support output SIGIO...Yes Checking that host ptys support SIGIO on close...No, enabling workaround checking if image is initramfs...it isn't (bad gzip magic numbers); looks like an initrd Freeing initrd memory: 1212k freed Using 2.6 host AIO umid "west" is already in use by pid 23985 Failed to initialize umid "west", trying with a random umid NET: Registered protocol family 16 NET: Registered protocol family 2 IP route cache hash table entries: 256 (order: -2, 1024 bytes) TCP established hash table entries: 1024 (order: 0, 4096 bytes) TCP bind hash table entries: 512 (order: -1, 2048 bytes) TCP: Hash tables configured (established 1024 bind 512) TCP reno registered klips_info:ipsec_init: KLIPS startup, Libreswan KLIPS IPsec stack version: 2.5.testing-g70d71a2f-dirty NET: Registered protocol family 15 klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251) klips_info:ipsec_alg_init: calling ipsec_alg_static_init() ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0 ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac): ret=0 ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0 daemon_setup : Ignoring data socket specification Netdevice 0 (10:00:00:ab:cd:ff) : daemon backend (uml_switch version 3) - unix:/tmp/umlIryn1i.d/west/ctl daemon_setup : Ignoring data socket specification Netdevice 1 (10:00:00:64:64:45) : daemon backend (uml_switch version 3) - unix:/tmp/umlIryn1i.d/public/ctl daemon_setup : Ignoring data socket specification Netdevice 2 (10:00:00:32:64:45) : daemon backend (uml_switch version 3) - unix:/tmp/umlIryn1i.d/admin/ctl Checking host MADV_REMOVE support...OK mconsole (version 2) initialized on /home/antony/.uml/CCqrSg/mconsole Host TLS support detected Detected host type: i386 VFS: Disk quotas dquot_6.5.1 Dquot-cache hash table entries: 1024 (order 0, 4096 bytes) Initializing Cryptographic API io scheduler noop registered io scheduler anticipatory registered (default) io scheduler deadline registered io scheduler cfq registered RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize loop: loaded (max 8 devices) nbd: registered device at major 43 PPP generic driver version 2.4.2 SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256). tun: Universal TUN/TAP device driver, 1.6 tun: (C) 1999-2004 Max Krasnyansky Netfilter messages via NETLINK v0.30. IPv4 over IPv4 tunneling driver GRE over IPv4 tunneling driver ip_conntrack version 2.4 (213 buckets, 1704 max) - 204 bytes per conntrack ip_tables: (C) 2000-2006 Netfilter Core Team arp_tables: (C) 2002 David S. Miller TCP bic registered TCP cubic registered TCP westwood registered TCP highspeed registered TCP hybla registered TCP htcp registered TCP vegas registered TCP scalable registered NET: Registered protocol family 1 NET: Registered protocol family 17 Initialized stdio console driver Console initialized on /dev/tty0 Initializing software serial port version 1 Failed to open 'root_fs', errno = 2 RAMDISK: cramfs filesystem found at block 0 RAMDISK: Loading 1212KiB [1 disk] into ram disk... |/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\done. VFS: Mounted root (cramfs filesystem) readonly. MOUNTING /btmp/antony/ikev2/2008_01_14/UMLPOOL/west/root for UML testing root. Mounting a tmpfs over /dev...done. Creating initial device nodes...done. Invoked with Arguments: single Creating initial device nodes...done. crw-r--r-- 1 root root 5, 1 Feb 15 20:35 /dev/console line_ioctl: tty0: ioctl KDSIGACCEPT called INIT: version 2.78 booting /dev/root on / type hostfs (rw) proc on /proc type proc (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/shm on /tmp type tmpfs (rw) /dev/shm on /var/run type tmpfs (rw) none on /usr/share type hostfs (ro) none on /testing type hostfs (ro,/home/antony/ikev2/testing) none on /usr/src type hostfs (ro,/home/antony/ikev2) none on /usr/obj type hostfs (ro,/home/antony/ikev2/OBJ.linux.i386) none on /usr/local type hostfs (rw,/btmp/antony/ikev2/2008_01_14/UMLPOOL/west/root/usr/local) none on /var/tmp type hostfs (rw,/btmp/antony/ikev2/2008_01_14/UMLPOOL/west/root/var/tmp) none on /proc type proc (rw) crw-r--r-- 1 root root 5, 1 Feb 15 20:35 /dev/console mount: proc already mounted Activating swap... Checking all file systems... Parallelizing fsck version 1.18 (11-Nov-1999) Setting kernel variables. Mounting local filesystems... mount: devpts already mounted on /dev/pts /dev/shm on /tmp type tmpfs (rw) /dev/shm on /var/run type tmpfs (rw) none on /usr/share type hostfs (ro) none on /testing type hostfs (ro,/home/antony/ikev2/testing) none on /usr/src type hostfs (ro,/home/antony/ikev2) none on /usr/obj type hostfs (ro,/home/antony/ikev2/OBJ.linux.i386) none on /usr/local type hostfs (rw,/btmp/antony/ikev2/2008_01_14/UMLPOOL/west/root/usr/local) none on /var/tmp type hostfs (rw,/btmp/antony/ikev2/2008_01_14/UMLPOOL/west/root/var/tmp) Enabling packet forwarding: done. Configuring network interfaces: done. Cleaning: /tmp /var/lock /var/run. Initializing random number generator... done. Recovering nvi editor sessions... done. Give root password for maintenance (or type Control-D for normal startup): west:~# echo Starting loading module Starting loading module west:~# exec bash --noediting west:~# ulimit -c unlimited west:~# echo Finished loading module Finished loading module west:~# klogd -c 4 -x -f /tmp/klog.log west:~# : ==== start ==== west:~# TESTNAME=interop-ikev2-racoon-04-x509-responder west:~# source /testing/pluto/bin/westlocal.sh west:~# ping -n -c 1 192.0.2.254 PING 192.0.2.254 (192.0.2.254): 56 data bytes 64 bytes from 192.0.2.254: icmp_seq=0 ttl=64 time=32.6 ms --- 192.0.2.254 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 32.6/32.6/32.6 ms west:~# iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP west:~# ping -n -c 1 192.0.2.254 PING 192.0.2.254 (192.0.2.254): 56 data bytes --- 192.0.2.254 ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss west:~# ipsec setup start ipsec_setup: Starting Libreswan IPsec U2.5.testing-g21680e0d-dirty/K2.5.testing-g70d71a2f-dirty... west:~# ipsec whack --whackrecord /var/tmp/ikev2.record west:~# ipsec auto --add west--east-ikev2 037 can not load certificate file /testing/baseconfigs/all/etc/ipsec.d/certs/east.crt 037 can not load certificate file /testing/baseconfigs/all/etc/ipsec.d/certs/west.crt west:~# ipsec auto --status 000 using kernel interface: klips 000 interface ipsec0/eth1 192.1.2.45 000 %myid = (none) 000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509 000 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128 000 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 "west--east-ikev2": 192.1.2.45<192.1.2.45>[C=ca, ST=Ontario, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=testing.libreswan.org,S-C]...192.1.2.23<192.1.2.23>[C=ca, ST=Ontario, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=testing.libreswan.org,S-C]; unrouted; eroute owner: #0 000 "west--east-ikev2": myip=unset; hisip=unset; mycert=/testing/baseconfigs/all/etc/ipsec.d/certs/east.crt; hiscert=/testing/baseconfigs/all/etc/ipsec.d/certs/west.crt; 000 "west--east-ikev2": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "west--east-ikev2": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_DISABLE+IKEv2ALLOW+IKEV2_PROPOSE; prio: 32,32; interface: eth1; 000 "west--east-ikev2": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 000 west:~# /testing/pluto/bin/wait-until-pluto-started west:~# echo done done west:~# : === NETJIG start of WEST westrun.sh west:~# ipsec auto --up west--east-ikev2 133 "west--east-ikev2" #1: STATE_PARENT_I1: initiate 133 "west--east-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 003 "west--east-ikev2" #1: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used 134 "west--east-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1 prf=oakley_sha group=modp2048} 218 "west--east-ikev2" #2: STATE_PARENT_I2: INVALID_ID_INFORMATION