[strongSwan-dev] Problems with forecast plugin

Gmail alanrevans at gmail.com
Sun Feb 3 08:40:38 CET 2019 

Hello dev,

I've been struggling getting multicasts to work so I decided to setup 
the test suite environment and run the ikev2/forecast test.
https://www.strongswan.org/testing/testresults/ikev2/forecast/index.html

I duplicated my problems in this environment so I thought I'd report the 
issues:

Setup the environment as for the ikev2/forecast test, run the test to 
ensure environment is good, then:

*Issue #1 forecast breaks normal network connectvity*

On carol, ping dave. Notice ping never reaches dave.

*carol:~# ping -W 1 -c 1 -t 5  10.1.0.130*
PING 10.1.0.130 (10.1.0.130) 56(84) bytes of data.

--- 10.1.0.130 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Monitor on moon:

*moon:~# tcpdump -n -i any -f 'esp or icmp'*
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 
262144 bytes


07:20:47.683930 IP 192.168.0.100 > 192.168.0.1: 
ESP(spi=0xce42c224,seq=0x71), length 136
07:20:47.684084 IP 10.1.0.129 > 10.1.0.130: ICMP echo request, id 2768, 
seq 1, length 64

Monitor on dave:

dave:~# tcpdump -i any -f 'host 10.1.0.129'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 
262144 bytes

*Isuue #2 forecast injects multiple copies of broadcast message it 
receives.*

On carol send a broadcast ping with TTL set to 5:

*carol:~# ping -W 1 -c 1 -t 5 -b 10.1.255.255*
PING 10.1.255.255 (10.1.255.255) 56(84) bytes of data.

--- 10.1.255.255 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Dave receives multiple pings:

*dave:~# tcpdump -i any -f 'host 10.1.0.129'*
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 
262144 bytes
07:11:28.269132 IP 10.1.0.129 > 10.1.255.255: ICMP echo request, id 
2750, seq 1, length 64
07:11:28.270247 IP 10.1.0.129 > 10.1.255.255: ICMP echo request, id 
2750, seq 1, length 64
07:11:28.270322 IP 10.1.0.129 > 10.1.255.255: ICMP echo request, id 
2750, seq 1, length 64
07:11:28.271475 IP 10.1.0.129 > 10.1.255.255: ICMP echo request, id 
2750, seq 1, length 64
07:11:28.271504 IP 10.1.0.129 > 10.1.255.255: ICMP echo request, id 
2750, seq 1, length 64
07:11:28.272482 IP 10.1.0.129 > 10.1.255.255: ICMP echo request, id 
2750, seq 1, length 64
07:11:28.272509 IP 10.1.0.129 > 10.1.255.255: ICMP echo request, id 
2750, seq 1, length 64
07:11:28.272996 IP 10.1.0.129 > 10.1.255.255: ICMP echo request, id 
2750, seq 1, length 64
^C
8 packets captured
9 packets received by filter
0 packets dropped by kernel
dave:~#

syslog on moon shows forecast intercepting the packet muttiple times, I 
assume its the packet that it injected is getting intercepted.


Feb  3 07:13:18 moon charon: 11[NET] forecast intercepted packet: 
10.1.0.129 to 10.1.255.255
Feb  3 07:13:18 moon charon: 11[NET] forwarding a 10.1.255.255 broadcast 
from 10.1.0.129 to peer 10.1.255.255/32 (2)
Feb  3 07:13:18 moon charon: 11[NET] forwarding a 10.1.255.255 broadcast 
from peer 10.1.0.129 to internal network
Feb  3 07:13:18 moon charon: 12[NET] forecast intercepted packet: 
10.1.0.129 to 10.1.255.255
Feb  3 07:13:18 moon charon: 12[NET] forwarding a 10.1.255.255 broadcast 
from 10.1.0.129 to peer 10.1.255.255/32 (2)
Feb  3 07:13:18 moon charon: 12[NET] forwarding a 10.1.255.255 broadcast 
from peer 10.1.0.129 to internal network
Feb  3 07:13:18 moon charon: 08[NET] forecast intercepted packet: 
10.1.0.129 to 10.1.255.255
Feb  3 07:13:18 moon charon: 08[NET] forwarding a 10.1.255.255 broadcast 
from 10.1.0.129 to peer 10.1.255.255/32 (2)
Feb  3 07:13:18 moon charon: 08[NET] forwarding a 10.1.255.255 broadcast 
from peer 10.1.0.129 to internal network
Feb  3 07:13:18 moon charon: 14[NET] forecast intercepted packet: 
10.1.0.129 to 10.1.255.255
Feb  3 07:13:18 moon charon: 14[NET] forwarding a 10.1.255.255 broadcast 
from 10.1.0.129 to peer 10.1.255.255/32 (2)
Feb  3 07:13:18 moon charon: 14[NET] forwarding a 10.1.255.255 broadcast 
from peer 10.1.0.129 to internal network
Feb  3 07:13:18 moon charon: 13[NET] forecast intercepted packet: 
10.1.0.129 to 10.1.255.255
Feb  3 07:13:18 moon charon: 13[NET] forwarding a 10.1.255.255 broadcast 
from 10.1.0.129 to peer 10.1.255.255/32 (2)
Feb  3 07:13:18 moon charon: 13[NET] forwarding a 10.1.255.255 broadcast 
from peer 10.1.0.129 to internal network


Let me know if you need any more information, it seems very easy to 
recreate.

Thanks

Alan


**



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20190203/17342b25/attachment.html>

More information about the Dev mailing list