Starting UML PATH/start.sh spawn PATH single Linux version XXXX On node 0 totalpages: 8192 Kernel command line: Calibrating delay loop... XXXX bogomips Dentry-cache hash table entries: NUMBERS Inode-cache hash table entries: NUMBERS Mount-cache hash table entries: NUMBERS Buffer-cache hash table entries: NUMBERS Page-cache hash table entries: NUMEBRS POSIX conformance testing by UNIFIX Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket Starting kswapd VFS: Diskquotas version dquot_6.4.0 initialized devfs: VERSION Richard Gooch (rgooch@atnf.csiro.au) devfs: boot_options Q pty: 256 Unix98 ptys configured SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256). loop: loaded (max 8 devices) PPP generic driver version VERSION Universal TUN/TAP device driver VERSION NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP IP: routing cache hash table of 512 buckets, 4Kbytes TCP: Hash tables configured (established 2048 bind 2048) IPv4 over IPv4 tunneling driver GRE over IPv4 tunneling driver NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Mounted devfs on /dev INIT: version 2.78 booting Activating swap... Calculating module dependancies done. Loading modules: LIST Checking all file systems... Parallelizing fsck version 1.18 (11-Nov-1999) Setting kernel variables. Mounting local filesystems... /dev/shm on /tmp type tmpfs (rw) /dev/shm on /var/run type tmpfs (rw) devpts on /dev/pts type devpts (rw,mode=0622) none on /usr/share type hostfs (ro) Enabling packet forwarding: done. Configuring network interfaces: done. Cleaning: /tmp /var/lock /var/run. Initializing random number generator... done. Recovering nvi editor sessions... done. Give root password for maintenance (or type Control-D for normal startup): east:~# klogd -c 4 -x -f /tmp/klog.log east:~# set -u east:~# route delete -net 192.0.1.0 netmask 255.255.255.0 east:~# route delete -net default east:~# route add -net default gw 192.1.2.45 east:~# named east:~# dig sunrise-oe.uml.freeswan.org a ; <<>> DiG VERSION<<>> sunrise-oe.uml.freeswan.org a ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;sunrise-oe.uml.freeswan.org. IN A ;; ANSWER SECTION: sunrise-oe.uml.freeswan.org. 604800 IN A 192.0.2.2 ;; Query time: 25 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: DATE ;; MSG SIZE rcvd: SIZE east:~# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.9.2.0 0.0.0.0 255.255.255.0 U 40 0 0 eth2 192.1.2.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 192.0.2.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 0.0.0.0 192.1.2.45 0.0.0.0 UG 40 0 0 eth1 east:~# export IPSEC_CONFS="/tmp/etc" east:~# mkdir $IPSEC_CONFS east:~# cp -a /etc/ipsec.conf /etc/ipsec.d $IPSEC_CONFS/ east:~# cp -a /testing/baseconfigs/japan/etc/ipsec.secrets $IPSEC_CONFS/ east:~# ipsec setup start ipsec_setup: Starting Libreswan IPsec VERSION east:~# /testing/pluto/basic-pluto-01/whackwait.sh east:~# ipsec auto --add private east:~# ipsec whack --listen 002 listening for IKE messages 002 forgetting secrets 002 loading secrets from "/tmp/etc/ipsec.secrets" 002 loading group "/tmp/etc/ipsec.d/policies/private" east:~# ipsec auto --route private east:~# east:~# : This should fail, but only because we do not know our own secret. east:~# : We use --oppohere/--oppothere so that the negotiation is logged. east:~# : Failure should come before negotiation is actually started. east:~# : No shunt eroute will be created because of using --oppohere/--oppothere. east:~# ipsec whack --oppohere 192.1.2.23 --oppothere 192.0.1.3 033 Can't Opportunistically initiate for 192.1.2.23 to 192.0.1.3: TXT RR for us has wrong key east:~# ipsec eroute 0 0.0.0.0/0 -> 0.0.0.0/0 => %trap 0 192.1.2.23/32 -> 192.0.1.0/24 => %trap east:~# : Try again, using traffic to prompt negotiation. east:~# : This should result in a %drop east:~# ping -c 2 -n 192.0.1.3 PING 192.0.1.3 (192.0.1.3): 56 data bytes --- 192.0.1.3 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss east:~# ipsec eroute 0 0.0.0.0/0 -> 0.0.0.0/0 => %trap 1 192.1.2.23/32 -> 192.0.1.0/24 => %trap 2 192.1.2.23/32 -> 192.0.1.3/32 => %drop east:~# : the nether world according to pluto east:~# east:~# echo end end east:~# east:~# east:~# halt INIT: Switching to runlevel: 0 INIT: Sending processes the TERM signal east:~# kill `cat /var/run/klogd.pid`; cat /tmp/klog.log klogd 1.3-3#33.1, log source = /proc/kmsg started. east:~# halt east:~# INIT: Sending processes the KILL signal Stopping domain name service: named. Stopping internet superserver: inetd. Stopping portmap daemon: portmap. ipsec_setup: Stopping Libreswan IPsec... IPSEC EVENT: KLIPS device ipsec0 shut down. Stopping system log daemon: klogd syslogd. Sending all processes the TERM signal... done. Sending all processes the KILL signal... done. Unmounting remote filesystems... done. Deactivating swap... done. Unmounting local filesystems... done. Power down.