/testing/guestbin/swan-prep
west #
 # confirm that the network is alive
west #
 ../../guestbin/wait-until-alive -I 192.0.1.254 192.0.2.254
destination -I 192.0.1.254 192.0.2.254 is alive
west #
 # ensure that clear text does not get through
west #
 iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP
west #
 iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT
west #
 # confirm clear text does not get through
west #
 ../../guestbin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
down
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec add west-east
"west-east": added IKEv1 connection
west #
 ipsec whack --impair suppress_retransmits
west #
 ipsec whack --impair revival
west #
 ipsec route west-east
west #
 # Initiate; during IKE_AUTH the child should fail and the connection
west #
 # put on to the revival queue
west #
 ipsec up west-east
"west-east" #1: initiating IKEv1 Main Mode connection
"west-east" #1: sent Main Mode request
"west-east" #1: sent Main Mode I2
"west-east" #1: sent Main Mode I3
"west-east" #1: Peer ID is FQDN: '@east'
"west-east" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"west-east" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"west-east" #2: sent Quick Mode request
"west-east" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
west #
 # expect the on-demand kernel policy
west #
 ipsec _kernel policy
src 192.0.1.0/24 dst 192.0.2.0/24
	dir out priority PRIORITY ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir in priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
west #
 # Trigger an acquire; this fast track the revival using
west #
 # CREATE_CHILD_SA and again it will fail
west #
 ../../guestbin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
down
west #
 ../../guestbin/wait-for-pluto.sh '#3: IMPAIR: revival'
timeout waiting 30 seconds for cat /tmp/pluto.log to match #3: IMPAIR: revival
output: |   f6 09 70 6f  f9 9e 6d 74  8f ad 96 a7                ..po..mt....
output: | **parse ISAKMP Message:
output: |    initiator SPI: 97 06 df 1f  96 b5 45 f1
output: |    responder SPI: 54 29 74 f6  19 5e e4 8e
output: |    next payload type: ISAKMP_NEXT_KE (0x4)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
output: |    flags: none (0x0)
output: |    Message ID: 0 (00 00 00 00)
output: |    length: 396 (00 00 01 8c)
output: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
output: | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1)
output: | #1 is idle
output: | #1 idle
output: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
output: | ***parse ISAKMP Key Exchange Payload:
output: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
output: |    length: 260 (01 04)
output: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
output: | ***parse ISAKMP Nonce Payload:
output: |    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
output: |    length: 36 (00 24)
output: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
output: | ***parse ISAKMP NAT-D Payload:
output: |    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
output: |    length: 36 (00 24)
output: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
output: | ***parse ISAKMP NAT-D Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 36 (00 24)
output: | message 'main_inR2_outI3' HASH payload not checked early
output: | main_inR2_outI3: delref DH shared secret-key@NULL
output: | main_inR2_outI3: delref skeyid-key@NULL
output: | main_inR2_outI3: delref skeyid_d-key@NULL
output: | main_inR2_outI3: delref skeyid_a-key@NULL
output: | main_inR2_outI3: delref skeyid_e-key@NULL
output: | main_inR2_outI3: delref enc_key-key@NULL
output: | submitting DH shared secret for #1/#1 (main_inR2_outI3() +925 programs/pluto/ikev1_main.c)
output: | struct dh_local_secret: addref @0x7f1c930aafd8(1->2) (submit_dh_shared_secret() +212 programs/pluto/crypt_dh.c)
output: | job: newref @0x7f1c930bbf98(0->1) (submit_task() +331 programs/pluto/server_pool.c)
output: | clone logger: newref @0x7f1c92749fc8(0->1) (submit_task() +358 programs/pluto/server_pool.c)
output: | "west-east" #1: attach whack fd@0x7f1c931a9fe8 to logger 0x7f1c92749fc8 slot 0 (submit_task() +358 programs/pluto/server_pool.c)
output: | struct fd: addref @0x7f1c931a9fe8(2->3) (submit_task() +358 programs/pluto/server_pool.c)
output: | job 2 helper 0 #1 main_inR2_outI3 (dh): added to pending queue
output: | event_schedule_where: newref EVENT_CRYPTO_TIMEOUT-pe@0x7f1c9274bfa8 timeout in 60 seconds for #1
output: | tt: newref @0x7f1c9274df68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | complete v1 state transition with STF_SUSPEND
output: | suspend: saving MD@0x7f1c930ae668 in state #1 (complete_v1_state_transition() +2417 programs/pluto/ikev1.c)
output: | struct msg_digest: addref @0x7f1c930ae668(1->2) (complete_v1_state_transition() +2417 programs/pluto/ikev1.c)
output: | #1 is busy; has suspended MD 0x7f1c930ae668
output: | #1 requesting EVENT_RETRANSMIT-event@0x7f1c930b3fa8 be deleted (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #1 deleting EVENT_RETRANSMIT
output: | tt: delref @0x7f1c930b5f68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f1c930b3fa8(1->0) (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #1 STATE_MAIN_I2: retransmits: cleared
output: | #1 spent 0.368 (2.67) milliseconds in process_packet_tail()
output: | IKEv1 packet dropped
output: | packet from 192.1.2.23:500: delref @0x7f1c930ae668(2->1) (process_iface_packet() +296 programs/pluto/demux.c)
output: | spent 0.779 (9.05) milliseconds in process_iface_packet() reading and processing packet
output: | job 2 helper 1 #1 main_inR2_outI3 (dh): started
output: | newref : g_ir-key@0x7f1c9311bf80 (256-bytes, CONCATENATE_DATA_AND_BASE)
output: | job 2 helper 1 #1 main_inR2_outI3 (dh): finished
output: | "west-east" #1: spent 1.43 (3.1) milliseconds in job 2 helper 1 #1 main_inR2_outI3 (dh)
output: | scheduling resume sending job back to main thread for #1
output: | tt: newref @0x7f1c9274ff68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | helper 1: waiting for work
output: | processing resume sending job back to main thread for #1
output: | suspend: restoring MD@0x7f1c930ae668 from state #1 (resume_handler() +641 programs/pluto/server.c)
output: | job 2 helper 1 #1 main_inR2_outI3 (dh): calling state's callback function
output: | completing DH shared secret for #1/#1
output: | complete_dh_shared_secret: delref st_dh_shared_secret-key@NULL
output: | main_inR2_outI3_continue for #1: calculated DH, sending R1
output: | lsw_get_secret() using IDs for @west->@east of kind SECRET_PSK
output: | line 1: key type SECRET_PSK(@west) to type SECRET_PSK
output: | 1: compared key @west to @west / @east -> 8
output: | 2: compared key @east to @west / @east -> c
output: |   match=c
output: |   match c beats previous best_match 0 match=0x7f1c9271df68 (line=1)
output: | concluding with best_match=c best=0x7f1c9271df68 (lineno=1)
output: |     result: newref psk-key@0x7f1c93213f80 (52-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
output: |     result: newref psk-key@0x7f1c932b9f80 (36-bytes, SHA256_HMAC)(pre_shared_key_skeyid() +66 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | psk: delref tmp-key@0x7f1c93213f80
output: |     result: newref skeyid-key@0x7f1c93213f80 (32-bytes, NSS_IKE1_PRF_DERIVE)(pre_shared_key_skeyid() +89 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | SKEYID psk: delref psk-key@0x7f1c932b9f80
output: | NSS: #1 pointers skeyid_d (nil),  skeyid_a (nil),  skeyid_e (nil),  enc_key (nil)
output: |     result: newref skeyid_d-key@0x7f1c932b9f80 (32-bytes, EXTRACT_KEY_FROM_KEY)(skeyid_d() +121 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: |     result: newref skeyid_a-key@0x7f1c932f9f80 (32-bytes, EXTRACT_KEY_FROM_KEY)(skeyid_a() +152 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: |     result: newref skeyid_e-key@0x7f1c93106f80 (32-bytes, EXTRACT_KEY_FROM_KEY)(skeyid_e() +183 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: |     result: newref keymat_e-key@0x7f1c93211f80 (32-bytes, AES_CBC)(appendix_b_keymat_e() +216 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | NSS: #1 pointers skeyid_d 0x7f1c932b9f80,  skeyid_a 0x7f1c932f9f80,  skeyid_e 0x7f1c93106f80,  enc_key 0x7f1c93211f80
output: | opening output PBS reply packet
output: | **emit ISAKMP Message:
output: |    initiator SPI: 97 06 df 1f  96 b5 45 f1
output: |    responder SPI: 54 29 74 f6  19 5e e4 8e
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 0 (00 00 00 00)
output: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
output: | thinking about whether to send my certificate:
output: |   I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0 
output: |   sendcert: CERT_ALWAYSSEND and I did not get a certificate request 
output: |   so do not send cert.
output: | I did not send a certificate because digital signatures are not being used. (PSK)
output: |  I am not sending a certificate request
output: | I will NOT send an initial contact payload
output: | init checking NAT-T: global enabled; conn enabled; vid RFC 3947 (NAT-Traversal)
output: | natd_hash: hasher=0x555617ddbe20(32)
output: | natd_hash: icookie=
output: |   97 06 df 1f  96 b5 45 f1                             ......E.
output: | natd_hash: rcookie=
output: |   54 29 74 f6  19 5e e4 8e                             T)t..^..
output: | natd_hash: ip=
output: |   c0 01 02 2d                                          ...-
output: | natd_hash: port=
output: |   01 f4                                                ..
output: | natd_hash: hash=
output: |   bc 69 f0 25  a2 7c ac cf  bc 08 7e 83  c0 e9 1d 2f   .i.%.|....~..../
output: |   8c ff 9b b1  99 fc 30 6c  1c d8 79 18  2f 47 cc dc   ......0l..y./G..
output: | natd_hash: hasher=0x555617ddbe20(32)
output: | natd_hash: icookie=
output: |   97 06 df 1f  96 b5 45 f1                             ......E.
output: | natd_hash: rcookie=
output: |   54 29 74 f6  19 5e e4 8e                             T)t..^..
output: | natd_hash: ip=
output: |   c0 01 02 17                                          ....
output: | natd_hash: port=
output: |   01 f4                                                ..
output: | natd_hash: hash=
output: |   cf fa e9 fc  3c 1d 9d e5  51 8d 8e b7  52 41 05 7c   ....<...Q...RA.|
output: |   db 6c 97 6f  f6 09 70 6f  f9 9e 6d 74  8f ad 96 a7   .l.o..po..mt....
output: | expected NAT-D(local):
output: |   bc 69 f0 25  a2 7c ac cf  bc 08 7e 83  c0 e9 1d 2f   .i.%.|....~..../
output: |   8c ff 9b b1  99 fc 30 6c  1c d8 79 18  2f 47 cc dc   ......0l..y./G..
output: | expected NAT-D(remote):
output: |   cf fa e9 fc  3c 1d 9d e5  51 8d 8e b7  52 41 05 7c   ....<...Q...RA.|
output: |   db 6c 97 6f  f6 09 70 6f  f9 9e 6d 74  8f ad 96 a7   .l.o..po..mt....
output: | received NAT-D:
output: |   bc 69 f0 25  a2 7c ac cf  bc 08 7e 83  c0 e9 1d 2f   .i.%.|....~..../
output: |   8c ff 9b b1  99 fc 30 6c  1c d8 79 18  2f 47 cc dc   ......0l..y./G..
output: | received NAT-D:
output: |   cf fa e9 fc  3c 1d 9d e5  51 8d 8e b7  52 41 05 7c   ....<...Q...RA.|
output: |   db 6c 97 6f  f6 09 70 6f  f9 9e 6d 74  8f ad 96 a7   .l.o..po..mt....
output: | NAT_TRAVERSAL encaps using auto-detect
output: | NAT_TRAVERSAL this end is NOT behind NAT
output: | NAT_TRAVERSAL that end is NOT behind NAT
output: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23:500
output: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
output: |  NAT_T_WITH_KA detected
output: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds
output: | ***emit ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ID type: ID_FQDN (0x2)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
output: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
output: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
output: | my identity: 77 65 73 74
output: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
output: |     result: newref clone-key@0x7f1c92760f80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | main mode: delref clone-key@0x7f1c92760f80
output: | ***emit ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
output: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
output: | emitting 32 raw bytes of HASH_I into ISAKMP Hash Payload
output: |   c0 5f 9b ff  e6 59 92 40  e7 6f 32 f4  ef 93 32 f7   ._...Y.@.o2...2.
output: |   be 4e 31 73  6f cc 97 a5  3c d4 ac 78  9c cc 4b 13   .N1so...<..x..K.
output: | emitting length of ISAKMP Hash Payload: 36
output: | Not sending INITIAL_CONTACT
output: | no IKEv1 message padding required
output: | emitting length of ISAKMP Message: 76
output: | job 2 helper 1 #1 main_inR2_outI3 (dh): final status STF_OK; cleaning up
output: | delref @0x7f1c930aafd8(2->1) (cleanup_dh_shared_secret() +170 programs/pluto/crypt_dh.c)
output: | DH: delref secret-key@NULL
output: | "west-east" #1: detach whack fd@0x7f1c931a9fe8 from logger 0x7f1c92749fc8 slot 0 (free_job() +430 programs/pluto/server_pool.c)
output: | delref @0x7f1c931a9fe8(3->2) (free_job() +430 programs/pluto/server_pool.c)
output: | logger: delref @0x7f1c92749fc8(1->0) (free_job() +430 programs/pluto/server_pool.c)
output: | job: delref @0x7f1c930bbf98(1->0) (free_job() +431 programs/pluto/server_pool.c)
output: | complete v1 state transition with STF_OK
output: | #1 is idle
output: | doing_xauth:no, t_xauth_client_done:no
output: | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA)
output: | #1 deleting EVENT_CRYPTO_TIMEOUT
output: | tt: delref @0x7f1c9274df68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f1c9274bfa8(1->0) (delete_event() +534 programs/pluto/timer.c)
output: | #1 STATE_MAIN_I3: retransmits: cleared
output: | sending 76 bytes for main_inR2_outI3 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1)
output: |   97 06 df 1f  96 b5 45 f1  54 29 74 f6  19 5e e4 8e   ......E.T)t..^..
output: |   05 10 02 01  00 00 00 00  00 00 00 4c  08 44 5c df   ...........L.D\.
output: |   43 28 24 83  d8 8d c4 7d  3b d2 64 18  9b 8f b3 93   C($....};.d.....
output: |   91 41 c4 1e  08 14 ae ab  ec 53 2f 7a  5d 52 d7 b8   .A.......S/z]R..
output: |   11 f0 2a 9a  f2 f9 f8 d3  9e d2 50 56                ..*.......PV
output: | event_schedule_where: newref EVENT_RETRANSMIT-pe@0x7f1c9276dfa8 timeout in 60 seconds for #1
output: | tt: newref @0x7f1c930b7f68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | #1 STATE_MAIN_I3: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 12.523145
output: "west-east" #1: sent Main Mode I3
output: | modecfg pull: noquirk policy:push not-client
output: | phase 1 is done, looking for phase 2 to unpend
output: | packet from 192.1.2.23:500: delref @0x7f1c930ae668(1->0) (resume_handler() +687 programs/pluto/server.c)
output: | packet from 192.1.2.23:500: releasing whack (but there are none) (resume_handler() +687 programs/pluto/server.c)
output: | logger: delref @0x7f1c931abfc8(1->0) (resume_handler() +687 programs/pluto/server.c)
output: | delref @0x7f1c931aff38(3->2) (resume_handler() +687 programs/pluto/server.c)
output: | #1 spent 3.21 (16.5) milliseconds in resume sending job back to main thread
output: | tt: delref @0x7f1c9274ff68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | spent 0.00083 (0.00082) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
output: | struct msg_digest: newref @0x7f1c930ae7a8(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | struct iface_endpoint: addref @0x7f1c931aff38(2->3) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | alloc logger: newref @0x7f1c931abfc8(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | *received 76 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP
output: |   97 06 df 1f  96 b5 45 f1  54 29 74 f6  19 5e e4 8e   ......E.T)t..^..
output: |   05 10 02 01  00 00 00 00  00 00 00 4c  8d cb 70 0e   ...........L..p.
output: |   77 d9 f3 3b  eb 61 98 47  e6 56 8b 7f  23 3c 15 18   w..;.a.G.V..#<..
output: |   9d 6b ef 56  b4 69 a6 85  4b 61 6d ec  db f7 4e dd   .k.V.i..Kam...N.
output: |   ea ab 96 d9  c2 a4 c4 01  27 6d ea a9                ........'m..
output: | **parse ISAKMP Message:
output: |    initiator SPI: 97 06 df 1f  96 b5 45 f1
output: |    responder SPI: 54 29 74 f6  19 5e e4 8e
output: |    next payload type: ISAKMP_NEXT_ID (0x5)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 0 (00 00 00 00)
output: |    length: 76 (00 00 00 4c)
output: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
output: | State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1)
output: | #1 is idle
output: | #1 idle
output: | received encrypted packet from 192.1.2.23:500
output: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x120 opt: 0x2080
output: | ***parse ISAKMP Identification Payload:
output: |    next payload type: ISAKMP_NEXT_HASH (0x8)
output: |    length: 12 (00 0c)
output: |    ID type: ID_FQDN (0x2)
output: |    DOI specific A: 0 (00)
output: |    DOI specific B: 0 (00 00)
output: |      obj: 
output: |   65 61 73 74                                          east
output: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x2080
output: | ***parse ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 36 (00 24)
output: | message 'main_inR3' HASH payload not checked early
output: "west-east" #1: Peer ID is FQDN: '@east'
output: | rhc: peer ID matches and no certificate payload - continuing with peer ID @east
output: |     result: newref clone-key@0x7f1c92760f80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | main mode: delref clone-key@0x7f1c92760f80
output: | received message HASH_R data ok
output: | authentication succeeded
output: | wipe_old_connections() contemplating releasing older self
output: | FOR_EACH_CONNECTION[that_id_eq=@east].... in (wipe_old_connections() +2160 programs/pluto/state.c)
output: |   found "west-east"
output: |   matches: 1
output: | "west-east": addref @0x7f1c931a1a78(3->4) "west-east" #1:  (dispatch() +2436 programs/pluto/routing.c)
output: | "west-east" #1: routing: start ESTABLISH_IKE, ROUTED_NEGOTIATION, PERMANENT; ISAKMP #1 (MAIN_I3) by=PEER; $1@0x7f1c931a1a78; routing_sa #1 negotiating_ike_sa #1 (ISAKMP_SA_established() +3023 programs/pluto/ikev1.c)
output: | "west-east" #1: routing: stop ESTABLISH_IKE, ROUTED_NEGOTIATION, PERMANENT; ok=yes; routing_sa #1 negotiating_ike_sa #1 established_ike_sa #0->#1 (ISAKMP_SA_established() +3023 programs/pluto/ikev1.c)
output: | "west-east": delref @0x7f1c931a1a78(4->3) "west-east" #1:  (dispatch() +2450 programs/pluto/routing.c)
output: | complete v1 state transition with STF_OK
output: | #1 is idle
output: | doing_xauth:no, t_xauth_client_done:no
output: | parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA)
output: | #1 requesting EVENT_RETRANSMIT-event@0x7f1c9276dfa8 be deleted (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #1 deleting EVENT_RETRANSMIT
output: | tt: delref @0x7f1c930b7f68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f1c9276dfa8(1->0) (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #1 STATE_MAIN_I4: retransmits: cleared
output: | event_schedule_where: newref EVENT_v1_REPLACE-pe@0x7f1c930a8fa8 timeout in 28001 seconds for #1
output: | tt: newref @0x7f1c930b1f68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | pstats #1 ikev1.isakmp established
output: "west-east" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
output: | "west-east" #1: DPD: dpd_init() called on ISAKMP SA
output: | "west-east" #1: DPD: Peer supports Dead Peer Detection
output: | "west-east" #1: DPD: not initializing DPD because DPD is disabled locally
output: | modecfg pull: noquirk policy:push not-client
output: | phase 1 is done, looking for phase 2 to unpend
output: | pending: unpending state 0x7f1c92731348 #1 pending 0x7f1c92735fa8
output: | pending: unpend() ike 0x7f1c92731348 pending 0x7f1c92735fa8 connection 0x7f1c931a1a78 ike 0x7f1c92731348
output: | struct fd: addref @0x7f1c931a9fe8(2->3) (unpend() +325 programs/pluto/pending.c)
output: | "west-east": attach whack fd@0x7f1c931a9fe8 to empty logger 0x7f1c92711fc8 slot 0
output: | struct iface_endpoint: addref @0x7f1c931aff38(3->4) (duplicate_state() +1198 programs/pluto/state.c)
output: | alloc logger: newref @0x7f1c930b7fc8(0->1) (duplicate_state() +1206 programs/pluto/state.c)
output: | struct fd: addref @0x7f1c931a9fe8(3->4) (new_state() +482 programs/pluto/state.c)
output: |  #0: attach whack fd@0x7f1c931a9fe8 to empty logger 0x7f1c930b7fc8 slot 0
output: | "west-east": addref @0x7f1c931a1a78(3->4)  #2:  (new_state() +491 programs/pluto/state.c)
output: | creating state object #2 at 0x7f1c9276d348
output: | pstats #2 ikev1.ipsec started
output: | duplicating state object #1 "west-east" as #2 for IPSEC SA
output: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (duplicate_state() +1220 programs/pluto/state.c)
output: | duplicate_state: addref st_skeyid_nss-key@0x7f1c93213f80
output: | duplicate_state: addref st_skey_d_nss-key@0x7f1c932b9f80
output: | duplicate_state: addref st_skey_ai_nss-key@0x7f1c932f9f80
output: | duplicate_state: addref st_skey_ar_nss-key@NULL
output: | duplicate_state: addref st_skey_ei_nss-key@0x7f1c93106f80
output: | duplicate_state: addref st_skey_er_nss-key@NULL
output: | duplicate_state: addref st_skey_pi_nss-key@NULL
output: | duplicate_state: addref st_skey_pr_nss-key@NULL
output: | duplicate_state: addref st_enc_key_nss-key@0x7f1c93211f80
output: | child state #2: UNDEFINED(ignore) => QUICK_I1(established CHILD SA)
output: "west-east" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
output: | job: newref @0x7f1c92749f98(0->1) (submit_task() +331 programs/pluto/server_pool.c)
output: | clone logger: newref @0x7f1c9274dfc8(0->1) (submit_task() +358 programs/pluto/server_pool.c)
output: | "west-east" #2: attach whack fd@0x7f1c931a9fe8 to logger 0x7f1c9274dfc8 slot 0 (submit_task() +358 programs/pluto/server_pool.c)
output: | struct fd: addref @0x7f1c931a9fe8(4->5) (submit_task() +358 programs/pluto/server_pool.c)
output: | job 3 helper 0 #2 quick_outI1 (dh): added to pending queue
output: | event_schedule_where: newref EVENT_CRYPTO_TIMEOUT-pe@0x7f1c9274ffa8 timeout in 60 seconds for #2
output: | tt: newref @0x7f1c927a3f68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | "west-east": addref @0x7f1c931a1a78(4->5) "west-east" #2:  (dispatch() +2436 programs/pluto/routing.c)
output: | "west-east" #2: routing: start INITIATED, ROUTED_NEGOTIATION, PERMANENT; ISAKMP #1 (MAIN_I4) IPsec #2 (QUICK_I1) by=PENDING; $1@0x7f1c931a1a78; routing_sa #1 negotiating_ike_sa #1 established_ike_sa #1 (unpend() +332 programs/pluto/pending.c)
output: | "west-east" #2: routing:   Child SA's IKE SA matches .routing_sa
output: | "west-east" #2: routing: stop INITIATED, ROUTED_NEGOTIATION, PERMANENT; ok=yes; routing_sa #1->#2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #0->#2 (unpend() +332 programs/pluto/pending.c)
output: | "west-east": delref @0x7f1c931a1a78(5->4) "west-east" #2:  (dispatch() +2450 programs/pluto/routing.c)
output: | "west-east": detach whack fd@0x7f1c931a9fe8 from logger 0x7f1c92711fc8 slot 0 (unpend() +333 programs/pluto/pending.c)
output: | delref @0x7f1c931a9fe8(5->4) (unpend() +333 programs/pluto/pending.c)
output: | pending: unqueuing pending [0x7f1c92735fa8] Quick Mode connection "west-east" [0x7f1c931a1a78]
output: | "west-east": delref @0x7f1c931a1a78(4->3)  (delete_pending() +262 programs/pluto/pending.c)
output: | "west-east": detach whack fd@0x7f1c931a9fe8 from logger 0x7f1c92739fc8 slot 0 (delete_pending() +263 programs/pluto/pending.c)
output: | delref @0x7f1c931a9fe8(4->3) (delete_pending() +263 programs/pluto/pending.c)
output: | logger: delref @0x7f1c92739fc8(1->0) (delete_pending() +263 programs/pluto/pending.c)
output: | "west-east" #1: detach whack fd@0x7f1c931a9fe8 from logger 0x7f1c92733fc8 slot 0 (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | delref @0x7f1c931a9fe8(3->2) (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | #1 spent 1.47 (13.3) milliseconds in process_packet_tail()
output: | IKEv1 packet dropped
output: | packet from 192.1.2.23:500: delref @0x7f1c930ae7a8(1->0) (process_iface_packet() +296 programs/pluto/demux.c)
output: | packet from 192.1.2.23:500: releasing whack (but there are none) (process_iface_packet() +296 programs/pluto/demux.c)
output: | logger: delref @0x7f1c931abfc8(1->0) (process_iface_packet() +296 programs/pluto/demux.c)
output: | delref @0x7f1c931aff38(4->3) (process_iface_packet() +296 programs/pluto/demux.c)
output: | spent 2.2 (18.2) milliseconds in process_iface_packet() reading and processing packet
output: | job 3 helper 1 #2 quick_outI1 (dh): started
output: | struct dh_local_secret: newref @0x7f1c931abfd8(0->1) (calc_dh_local_secret() +85 programs/pluto/crypt_dh.c)
output: | job 3 helper 1 #2 quick_outI1 (dh): finished
output: | "west-east" #2: spent 3.08 (5.59) milliseconds in job 3 helper 1 #2 quick_outI1 (dh)
output: | scheduling resume sending job back to main thread for #2
output: | tt: newref @0x7f1c927d0f68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | libevent: delref @0x7f1c9329ffb8(1->0) (libevent_realloc() +965 programs/pluto/server.c)
output: | libevent: newref @0x7f1c927d2f78(0->1) (libevent_realloc() +969 programs/pluto/server.c)
output: | helper 1: waiting for work
output: | processing resume sending job back to main thread for #2
output: | suspend: no MD saved in state #2 (resume_handler() +641 programs/pluto/server.c)
output: | job 3 helper 1 #2 quick_outI1 (dh): calling state's callback function
output: | quick_outI1_continue for #2: calculated ke+nonce, sending I1
output: | quick_outI1_continue for #2: calculated ke+nonce, sending I1
output: | opening output PBS reply packet
output: | **emit ISAKMP Message:
output: |    initiator SPI: 97 06 df 1f  96 b5 45 f1
output: |    responder SPI: 54 29 74 f6  19 5e e4 8e
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 2496690960 (94 d0 7b 10)
output: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
output: | ***emit ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
output: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
output: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
output: | emitting length of ISAKMP Hash Payload: 36
output: | emitting quick defaults using policy: encrypt
output: | empty esp_info, returning defaults for: encrypt
output: | sadb: newref @0x7f1c9329ffe8(0->1) (v1_kernel_alg_makedb() +445 programs/pluto/ikev1_spdb_struct.c)
output: | ***emit ISAKMP Security Association Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    DOI: ISAKMP_DOI_IPSEC (0x1)
output: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
output: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
output: | ****emit IPsec DOI SIT:
output: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
output: | ikev1_out_sa() pcn: 0 has 1 valid proposals
output: | ikev1_out_sa() pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2
output: | ****emit ISAKMP Proposal Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    proposal number: 0 (00)
output: |    protocol ID: PROTO_IPSEC_ESP (0x3)
output: |    SPI size: 4 (04)
output: |    number of transforms: 2 (02)
output: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
output: | "west-east" #2: routing:  kernel_ops_get_ipsec_spi() 192.1.2.23-ESP->192.1.2.45 reqid=4005 [1000,ffffffff] for SPI ...
output: | sendrecv_xfrm_msg() sending 22 Get SPI SPI
output: | sendrecv_xfrm_msg() recvfrom() returned 256 bytes
output: | "west-east" #2: routing:   ... allocated 665b5b22 for SPI
output: | emitting 4 raw bytes of SPI SPISPI ISAKMP Proposal Payload
output: | SPI: 66 5b 5b 22
output: | *****emit ISAKMP Transform Payload (ESP):
output: |    next payload type: ISAKMP_NEXT_T (0x3)
output: |    ESP transform number: 0 (00)
output: |    ESP transform ID: ESP_AES (0xc)
output: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+GROUP_DESCRIPTION (0x8003)
output: |    length/value: 14 (00 0e)
output: |     [14 is OAKLEY_GROUP_MODP2048]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
output: |    length/value: 1 (00 01)
output: |     [1 is ENCAPSULATION_MODE_TUNNEL]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_TYPE (0x8001)
output: |    length/value: 1 (00 01)
output: |     [1 is SA_LIFE_TYPE_SECONDS]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_DURATION (variable length) (0x8002)
output: |    length/value: 28800 (70 80)
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+AUTH_ALGORITHM (0x8005)
output: |    length/value: 2 (00 02)
output: |     [2 is AUTH_ALGORITHM_HMAC_SHA1]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+KEY_LENGTH (0x8006)
output: |    length/value: 128 (00 80)
output: | emitting length of ISAKMP Transform Payload (ESP): 32
output: | *****emit ISAKMP Transform Payload (ESP):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ESP transform number: 1 (01)
output: |    ESP transform ID: ESP_3DES (0x3)
output: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' containing ISAKMP_NEXT_T (0x3) is ISAKMP_NEXT_T (0x3)
output: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+GROUP_DESCRIPTION (0x8003)
output: |    length/value: 14 (00 0e)
output: |     [14 is OAKLEY_GROUP_MODP2048]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
output: |    length/value: 1 (00 01)
output: |     [1 is ENCAPSULATION_MODE_TUNNEL]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_TYPE (0x8001)
output: |    length/value: 1 (00 01)
output: |     [1 is SA_LIFE_TYPE_SECONDS]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_DURATION (variable length) (0x8002)
output: |    length/value: 28800 (70 80)
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+AUTH_ALGORITHM (0x8005)
output: |    length/value: 2 (00 02)
output: |     [2 is AUTH_ALGORITHM_HMAC_SHA1]
output: | emitting length of ISAKMP Transform Payload (ESP): 28
output: | emitting length of ISAKMP Proposal Payload: 72
output: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
output: | emitting length of ISAKMP Security Association Payload: 84
output: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
output: | sadb: delref @0x7f1c9329ffe8(1->0) (free_sa() +857 programs/pluto/ikev1_spdb.c)
output: | ***emit ISAKMP Nonce Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
output: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
output: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload
output: |   8f 1c c9 29  97 f2 a5 bb  00 93 ac 5c  28 2d c7 e3   ...).......\(-..
output: |   92 49 a8 85  7a 53 16 80  9a 1e 48 14  d5 8d 19 51   .I..zS....H....Q
output: | emitting length of ISAKMP Nonce Payload: 36
output: | struct dh_local_secret: addref @0x7f1c931abfd8(1->2) (unpack_KE_from_helper() +155 programs/pluto/crypt_ke.c)
output: | ***emit ISAKMP Key Exchange Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE)
output: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet'
output: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
output: |   af 64 cb d6  55 c2 e7 e2  06 c1 52 4c  dc 3d 40 26   .d..U.....RL.=@&
output: |   88 98 7a 10  b6 e7 af 10  67 c0 4d 23  91 a4 08 d4   ..z.....g.M#....
output: |   da 49 80 82  8d d0 c0 96  61 d1 ed 2d  5d 43 7c fe   .I......a..-]C|.
output: |   38 3a 71 04  76 c2 13 be  26 38 5c a1  2e d0 92 67   8:q.v...&8\....g
output: |   dc ee 39 e2  6a 4c ef 01  71 76 b8 bc  4d 8f d5 68   ..9.jL..qv..M..h
output: |   c4 e7 3e 5f  83 be 0c b4  08 27 64 8e  af ed be 0e   ..>_.....'d.....
output: |   de 3b 1d a0  73 54 1b 77  af 7a 86 89  33 44 bc 9e   .;..sT.w.z..3D..
output: |   04 03 bc 35  a0 30 5b f6  fe 67 f0 d7  3d 8c db 2f   ...5.0[..g..=../
output: |   f9 f5 58 90  f4 3f 8f c2  51 77 12 82  0e 6a fa 41   ..X..?..Qw...j.A
output: |   82 59 5a 2a  0f 00 3f 9d  b3 be bf a1  81 a7 50 48   .YZ*..?.......PH
output: |   63 bd c0 90  82 a7 35 33  59 26 b3 85  76 55 82 b8   c.....53Y&..vU..
output: |   ce 02 2e 5f  87 de 42 fb  d1 d7 5c c1  ea 60 cb 15   ..._..B...\..`..
output: |   e2 9c d8 c5  77 6a ad 8f  b0 d7 b2 e1  5c 3d 2b b0   ....wj......\=+.
output: |   14 87 ea 35  4e 36 6c a2  b1 7d 6b 0c  10 3c 3c 6d   ...5N6l..}k..<<m
output: |   b8 84 90 bc  c4 1f 5b b1  ed 05 85 08  1e 8c a5 c5   ......[.........
output: |   60 6f da 6b  ee 3c 27 bc  22 56 f8 b5  c3 b2 e8 09   `o.k.<'."V......
output: | emitting length of ISAKMP Key Exchange Payload: 260
output: | ***emit ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ID type: ID_IPV4_ADDR_SUBNET (0x4)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
output: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
output: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
output: | client network: c0 00 01 00
output: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI)
output: | client mask: ff ff ff 00
output: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16
output: | ***emit ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ID type: ID_IPV4_ADDR_SUBNET (0x4)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
output: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
output: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
output: | client network: c0 00 02 00
output: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI)
output: | client mask: ff ff ff 00
output: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16
output: |     result: newref clone-key@0x7f1c92760f80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | HASH(1): delref clone-key@0x7f1c92760f80
output: | outI1 HASH(1):
output: |   e7 3e af 47  8a 77 2e bb  b2 13 45 08  76 93 60 51   .>.G.w....E.v.`Q
output: |   8b 3f d1 ee  53 49 12 d0  c0 fc da a6  cd 4d 52 5b   .?..SI.......MR[
output: | no IKEv1 message padding required
output: | emitting length of ISAKMP Message: 476
output: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #2)
output: |   97 06 df 1f  96 b5 45 f1  54 29 74 f6  19 5e e4 8e   ......E.T)t..^..
output: |   08 10 20 01  94 d0 7b 10  00 00 01 dc  8d c1 64 27   .. ...{.......d'
output: |   33 ad f8 37  82 e9 51 05  ca 36 1d 9c  78 50 6e cf   3..7..Q..6..xPn.
output: |   a1 e3 8e 82  3f 11 6e d2  a9 da b6 ef  7d 61 de 85   ....?.n.....}a..
output: |   cb 32 9d 26  38 88 ac 62  e2 43 27 c6  3d 34 df c7   .2.&8..b.C'.=4..
output: |   f3 50 7f a6  5d 69 28 60  24 59 9a 26  a9 d3 1f 83   .P..]i(`$Y.&....
output: |   b2 ca 6d 8e  74 27 a0 5c  cf 19 63 dc  38 0a fa 67   ..m.t'.\..c.8..g
output: |   9c 82 a5 1e  f1 18 2a ea  77 19 b7 b4  27 8a a4 45   ......*.w...'..E
output: |   81 2d 5b ba  74 a7 d0 4b  38 1c be 11  af 0a 58 24   .-[.t..K8.....X$
output: |   36 f6 c3 77  a1 4a 11 e6  f6 12 58 89  7a 63 53 3f   6..w.J....X.zcS?
output: |   7f 9c 12 48  71 23 b6 1c  19 68 55 a1  a8 22 0e 3d   ...Hq#...hU..".=
output: |   45 11 12 3b  78 9c dc 46  da e6 90 83  43 60 b8 2f   E..;x..F....C`./
output: |   6d a6 03 08  98 af 34 2d  32 20 bf 95  b9 7b e2 f3   m.....4-2 ...{..
output: |   98 19 3e c2  4c 23 e0 fc  2d 53 9c eb  60 e9 64 ec   ..>.L#..-S..`.d.
output: |   7a 13 45 eb  84 a6 3b 21  a3 f5 10 01  e1 ed e0 b9   z.E...;!........
output: |   00 66 d3 2d  ac c7 6c 31  1e 2c 9e e7  f9 13 e5 50   .f.-..l1.,.....P
output: |   89 b5 7b e1  f5 93 f5 c6  11 89 e1 50  5c 16 92 25   ..{........P\..%
output: |   54 d9 c1 c1  0b a8 b7 15  96 8c e7 c3  bc 76 8e ca   T............v..
output: |   bd f5 ca 1a  af fe 3e 67  66 61 dd af  95 e2 29 5e   ......>gfa....)^
output: |   5c a0 70 02  26 dc 1a 52  6c d1 a1 5f  83 03 0d 33   \.p.&..Rl.._...3
output: |   26 23 93 fa  af 17 82 4f  67 4d fd e7  57 de 3c 3e   &#.....OgM..W.<>
output: |   92 e8 10 c8  d1 42 91 c1  66 37 7d 48  f9 ca fe da   .....B..f7}H....
output: |   8f f3 0b 77  2c b2 d7 36  bf 60 e7 b6  c0 3d d3 3e   ...w,..6.`...=.>
output: |   f1 59 8a 9f  16 e0 c3 50  21 c4 39 57  d6 45 db 4d   .Y.....P!.9W.E.M
output: |   83 13 c3 3e  45 b5 6c 36  1d f2 68 a4  42 2a a1 9b   ...>E.l6..h.B*..
output: |   c2 35 60 5a  28 eb 04 61  a4 b2 0b d4  08 a8 ac 3e   .5`Z(..a.......>
output: |   64 ee da f4  5f 68 48 5c  09 4f e5 54  9b e6 be 0b   d..._hH\.O.T....
output: |   c5 18 52 64  b2 96 fa 14  48 42 a1 84  87 6a 06 89   ..Rd....HB...j..
output: |   69 1b 44 29  59 95 39 6c  2b c7 df eb  d1 05 7a 1a   i.D)Y.9l+.....z.
output: |   4d 19 7c 42  7e 37 d3 16  b6 93 a0 88                M.|B~7......
output: | #2 deleting EVENT_CRYPTO_TIMEOUT
output: | tt: delref @0x7f1c927a3f68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f1c9274ffa8(1->0) (delete_event() +534 programs/pluto/timer.c)
output: | #2 STATE_QUICK_I1: retransmits: cleared
output: | event_schedule_where: newref EVENT_RETRANSMIT-pe@0x7f1c927a3fa8 timeout in 60 seconds for #2
output: | tt: newref @0x7f1c9274ff68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | #2 STATE_QUICK_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 12.580786
output: "west-east" #2: sent Quick Mode request
output: | job 3 helper 1 #2 quick_outI1 (dh): final status STF_SKIP_COMPLETE_STATE_TRANSITION; cleaning up
output: | delref @0x7f1c931abfd8(2->1) (cleanup_ke_and_nonce() +83 programs/pluto/crypt_ke.c)
output: | "west-east" #2: detach whack fd@0x7f1c931a9fe8 from logger 0x7f1c9274dfc8 slot 0 (free_job() +430 programs/pluto/server_pool.c)
output: | delref @0x7f1c931a9fe8(2->1) (free_job() +430 programs/pluto/server_pool.c)
output: | logger: delref @0x7f1c9274dfc8(1->0) (free_job() +430 programs/pluto/server_pool.c)
output: | job: delref @0x7f1c92749f98(1->0) (free_job() +431 programs/pluto/server_pool.c)
output: | resume sending job back to main thread for #2 suppressed complete_v1_state_transition()
output: | #2 spent 1.86 (22.6) milliseconds in resume sending job back to main thread
output: | tt: delref @0x7f1c927d0f68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | spent 0 (0.00163) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
output: | struct msg_digest: newref @0x7f1c927ce628(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | struct iface_endpoint: addref @0x7f1c931aff38(3->4) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | alloc logger: newref @0x7f1c92747fc8(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | *received 460 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP
output: |   97 06 df 1f  96 b5 45 f1  54 29 74 f6  19 5e e4 8e   ......E.T)t..^..
output: |   08 10 20 01  94 d0 7b 10  00 00 01 cc  3c 62 b9 0a   .. ...{.....<b..
output: |   69 a3 26 86  2d 0a 93 2c  e3 64 3a 06  fb 3f f1 60   i.&.-..,.d:..?.`
output: |   fa 41 2b 65  ed 27 50 49  4e 7b 6b 6c  e8 82 c0 b8   .A+e.'PIN{kl....
output: |   37 fb 2e 7a  e9 b1 ab c7  b2 09 29 d5  45 9c f0 a9   7..z......).E...
output: |   3a b3 fd d6  04 1b f6 a7  c7 b2 89 86  ec 38 00 09   :............8..
output: |   42 32 41 17  43 49 39 8b  35 83 60 44  77 0a a8 4b   B2A.CI9.5.`Dw..K
output: |   ee f5 57 00  a9 9d a3 72  27 f5 0e 9c  ff a1 36 f4   ..W....r'.....6.
output: |   43 f1 97 76  5f ab 06 c3  2d 5d d4 da  5b be 21 a1   C..v_...-]..[.!.
output: |   0b c6 7e e3  f2 a7 30 a9  53 f2 80 68  9d 19 84 cf   ..~...0.S..h....
output: |   ca bf bc 35  84 b8 ff b0  ce 67 e7 3e  96 90 c3 aa   ...5.....g.>....
output: |   7b 97 3e 05  9d ca bc 33  48 e9 45 c5  e9 fe 7f 25   {.>....3H.E....%
output: |   ca f5 12 3f  11 9d b7 e7  ea e4 52 be  fe 86 59 83   ...?......R...Y.
output: |   d8 2a 7d 9d  b2 f9 c8 0b  d9 90 ef 29  50 73 3e 4e   .*}........)Ps>N
output: |   b3 d2 3a a3  84 97 84 cc  36 22 ab 0f  50 9c 20 4e   ..:.....6"..P. N
output: |   05 48 0a 11  d2 07 3e ac  45 2c 12 69  27 40 52 47   .H....>.E,.i'@RG
output: |   90 42 b6 04  0f 56 3c e9  84 d8 0f 68  d4 e4 67 1a   .B...V<....h..g.
output: |   ef f0 bb b8  5b d2 ee fc  5a 2c 31 4e  76 47 9d 4d   ....[...Z,1NvG.M
output: |   22 0a 57 85  e9 e8 19 58  54 09 8e 7b  75 3e e1 58   ".W....XT..{u>.X
output: |   28 b9 a7 89  7b d4 ad 58  cf 44 96 b2  b2 46 86 4e   (...{..X.D...F.N
output: |   78 e0 31 11  26 cc 06 35  b0 b8 05 32  a1 bd 16 bc   x.1.&..5...2....
output: |   7d 0f a1 20  84 d3 47 99  c3 38 38 a8  dd b1 29 7f   }.. ..G..88...).
output: |   af ae 02 1b  45 84 da 18  72 a7 bf 21  c5 97 44 da   ....E...r..!..D.
output: |   04 7b 35 34  e0 47 44 58  8f c1 dc a3  4d 8f d8 0e   .{54.GDX....M...
output: |   e2 ab 9a 61  e1 35 15 ce  70 b4 ea c9  b6 e0 1a 85   ...a.5..p.......
output: |   37 d8 ba d0  c6 c9 96 0b  79 af a3 46  4c a8 7c da   7.......y..FL.|.
output: |   21 e3 21 61  3b 7b 91 87  e9 1b 4d f7  cd 41 9c 93   !.!a;{....M..A..
output: |   83 e6 b0 f9  e2 96 f4 70  8b 26 0f 50  f2 56 b2 d0   .......p.&.P.V..
output: |   8e d3 60 06  da 20 ae 0a  e9 82 da 67                ..`.. .....g
output: | **parse ISAKMP Message:
output: |    initiator SPI: 97 06 df 1f  96 b5 45 f1
output: |    responder SPI: 54 29 74 f6  19 5e e4 8e
output: |    next payload type: ISAKMP_NEXT_HASH (0x8)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 2496690960 (94 d0 7b 10)
output: |    length: 460 (00 00 01 cc)
output: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
output: | State DB: found IKEv1 state #2 in QUICK_I1 (find_state_ikev1)
output: | #2 is idle
output: | #2 idle
output: | received encrypted packet from 192.1.2.23:500
output: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
output: | ***parse ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_SA (0x1)
output: |    length: 36 (00 24)
output: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
output: | ***parse ISAKMP Security Association Payload:
output: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
output: |    length: 56 (00 38)
output: |    DOI: ISAKMP_DOI_IPSEC (0x1)
output: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
output: | ***parse ISAKMP Nonce Payload:
output: |    next payload type: ISAKMP_NEXT_KE (0x4)
output: |    length: 36 (00 24)
output: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030
output: | ***parse ISAKMP Key Exchange Payload:
output: |    next payload type: ISAKMP_NEXT_ID (0x5)
output: |    length: 260 (01 04)
output: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
output: | ***parse ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_ID (0x5)
output: |    length: 16 (00 10)
output: |    ID type: ID_IPV4_ADDR_SUBNET (0x4)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: |      obj: 
output: |   c0 00 01 00  ff ff ff 00                             ........
output: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
output: | ***parse ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 16 (00 10)
output: |    ID type: ID_IPV4_ADDR_SUBNET (0x4)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: |      obj: 
output: |   c0 00 02 00  ff ff ff 00                             ........
output: | removing 12 bytes of padding
output: |     result: newref clone-key@0x7f1c92760f80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | HASH(2): delref clone-key@0x7f1c92760f80
output: | quick_inR1_outI2 HASH(2):
output: |   1f aa 09 7f  5e e7 d9 e2  51 df f4 76  c1 f5 1c f3   ....^...Q..v....
output: |   d5 43 4e 04  96 09 c9 65  7d e8 f0 8d  f5 2b bf 03   .CN....e}....+..
output: | received 'quick_inR1_outI2' message HASH(2) data ok
output: | ****parse IPsec DOI SIT:
output: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
output: | ****parse ISAKMP Proposal Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 44 (00 2c)
output: |    proposal number: 0 (00)
output: |    protocol ID: PROTO_IPSEC_ESP (0x3)
output: |    SPI size: 4 (04)
output: |    number of transforms: 1 (01)
output: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
output: |   4c 14 57 f8                                          L.W.
output: | *****parse ISAKMP Transform Payload (ESP):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 32 (00 20)
output: |    ESP transform number: 0 (00)
output: |    ESP transform ID: ESP_AES (0xc)
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+GROUP_DESCRIPTION (0x8003)
output: |    length/value: 14 (00 0e)
output: |    [14 is OAKLEY_GROUP_MODP2048]
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
output: |    length/value: 1 (00 01)
output: |    [1 is ENCAPSULATION_MODE_TUNNEL]
output: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_TYPE (0x8001)
output: |    length/value: 1 (00 01)
output: |    [1 is SA_LIFE_TYPE_SECONDS]
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_DURATION (variable length) (0x8002)
output: |    length/value: 28800 (70 80)
output: |    basic duration: 28800 (TV)
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+AUTH_ALGORITHM (0x8005)
output: |    length/value: 2 (00 02)
output: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+KEY_LENGTH (0x8006)
output: |    length/value: 128 (00 80)
output: | ESP IPsec Transform verified unconditionally; no alg_info to check against
output: | submitting DH shared secret for #2/#2 (quick_inR1_outI2() +1615 programs/pluto/ikev1_quick.c)
output: | struct dh_local_secret: addref @0x7f1c931abfd8(1->2) (submit_dh_shared_secret() +212 programs/pluto/crypt_dh.c)
output: | job: newref @0x7f1c927d6f98(0->1) (submit_task() +331 programs/pluto/server_pool.c)
output: | clone logger: newref @0x7f1c927dafc8(0->1) (submit_task() +358 programs/pluto/server_pool.c)
output: | "west-east" #2: attach whack fd@0x7f1c931a9fe8 to logger 0x7f1c927dafc8 slot 0 (submit_task() +358 programs/pluto/server_pool.c)
output: | struct fd: addref @0x7f1c931a9fe8(1->2) (submit_task() +358 programs/pluto/server_pool.c)
output: | job 4 helper 0 #2 quick_inR1_outI2 (dh): added to pending queue
output: | event_schedule_where: newref EVENT_CRYPTO_TIMEOUT-pe@0x7f1c927dcfa8 timeout in 60 seconds for #2
output: | tt: newref @0x7f1c927def68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | complete v1 state transition with STF_SUSPEND
output: | suspend: saving MD@0x7f1c927ce628 in state #2 (complete_v1_state_transition() +2417 programs/pluto/ikev1.c)
output: | struct msg_digest: addref @0x7f1c927ce628(1->2) (complete_v1_state_transition() +2417 programs/pluto/ikev1.c)
output: | #2 is busy; has suspended MD 0x7f1c927ce628
output: | #2 requesting EVENT_RETRANSMIT-event@0x7f1c927a3fa8 be deleted (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #2 deleting EVENT_RETRANSMIT
output: | tt: delref @0x7f1c9274ff68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f1c927a3fa8(1->0) (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #2 STATE_QUICK_I1: retransmits: cleared
output: | #2 spent 0.782 (6.2) milliseconds in process_packet_tail()
output: | IKEv1 packet dropped
output: | packet from 192.1.2.23:500: delref @0x7f1c927ce628(2->1) (process_iface_packet() +296 programs/pluto/demux.c)
output: | spent 2.47 (17) milliseconds in process_iface_packet() reading and processing packet
output: | job 4 helper 1 #2 quick_inR1_outI2 (dh): started
output: | newref : g_ir-key@0x7f1c92760f80 (256-bytes, CONCATENATE_DATA_AND_BASE)
output: | job 4 helper 1 #2 quick_inR1_outI2 (dh): finished
output: | "west-east" #2: spent 1.87 (3.46) milliseconds in job 4 helper 1 #2 quick_inR1_outI2 (dh)
output: | scheduling resume sending job back to main thread for #2
output: | tt: newref @0x7f1c927e0f68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | helper 1: waiting for work
output: | processing resume sending job back to main thread for #2
output: | suspend: restoring MD@0x7f1c927ce628 from state #2 (resume_handler() +641 programs/pluto/server.c)
output: | job 4 helper 1 #2 quick_inR1_outI2 (dh): calling state's callback function
output: | completing DH shared secret for #2/#2
output: | complete_dh_shared_secret: delref st_dh_shared_secret-key@NULL
output: | quick_inR1_outI2_continue for #2: calculated ke+nonce, calculating DH
output: | opening output PBS reply packet
output: | **emit ISAKMP Message:
output: |    initiator SPI: 97 06 df 1f  96 b5 45 f1
output: |    responder SPI: 54 29 74 f6  19 5e e4 8e
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 2496690960 (94 d0 7b 10)
output: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
output: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
output: |   c0 00 01 00                                          ....
output: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask
output: |   ff ff ff 00                                          ....
output: | our client is subnet 192.0.1.0/24
output: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
output: |   c0 00 02 00                                          ....
output: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask
output: |   ff ff ff 00                                          ....
output: | peer client is subnet 192.0.2.0/24
output: | ***emit ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
output: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
output: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
output: | emitting length of ISAKMP Hash Payload: 36
output: |     result: newref clone-key@0x7f1c927e2f80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | HASH(3): delref clone-key@0x7f1c927e2f80
output: | quick_inR1_outI2 HASH(3):
output: |   38 85 a2 47  20 bd fe 40  d5 b0 c5 53  21 1a b9 fe   8..G ..@...S!...
output: |   87 07 c8 59  26 57 d9 9b  ca f6 09 bd  de b1 dd e4   ...Y&W..........
output: | compute_proto_keymat: needed_len (after ESP enc)=16
output: | compute_proto_keymat: needed_len (after ESP auth)=36
output: |     result: newref section_5_keymat-key@0x7f1c927e2f80 (36-bytes, EXTRACT_KEY_FROM_KEY)(section_5_keymat() +290 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | section 5 keymat: newref slot-key@0x7f1c9322df80 (36-bytes, EXTRACT_KEY_FROM_KEY)
output: | section 5 keymat: delref slot-key-key@0x7f1c9322df80
output: | section 5 keymat: delref keymat-key@0x7f1c927e2f80
output: |     result: newref section_5_keymat-key@0x7f1c927e2f80 (36-bytes, EXTRACT_KEY_FROM_KEY)(section_5_keymat() +290 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | section 5 keymat: newref slot-key@0x7f1c9322df80 (36-bytes, EXTRACT_KEY_FROM_KEY)
output: | section 5 keymat: delref slot-key-key@0x7f1c9322df80
output: | section 5 keymat: delref keymat-key@0x7f1c927e2f80
output: | "west-east": addref @0x7f1c931a1a78(3->4) "west-east" #2:  (dispatch() +2436 programs/pluto/routing.c)
output: | "west-east" #2: routing: start ESTABLISH_INBOUND, ROUTED_NEGOTIATION, PERMANENT; ISAKMP #1 (MAIN_I4) IPsec #2 (QUICK_I1) by=PEER; $1@0x7f1c931a1a78; routing_sa #2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #2 (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | kernel: install_inbound_ipsec_sa() for #2: inbound (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | checking west-east for conflicts
output: | spd_owner() looking for SPD owner of 192.0.1.0/24===192.0.2.0/24 with routing >= ROUTED_INBOUND_NEGOTIATION[NEGOTIATION]
output: | FOR_EACH_SPD_ROUTE[remote_client_range=192.0.2.0/24]... in (install_inbound_ipsec_sa() +1986 programs/pluto/kernel.c)
output: |   found "west-east" 192.0.1.0/24===192.0.2.0/24
output: |    "west-east" 192.0.1.0/24===192.0.2.0/24 ROUTED_NEGOTIATION[NEGOTIATION] skipped; ignoring self
output: |   matches: 1
output: | spd_owner: owners of 192.0.1.0/24===192.0.2.0/24 routing >= ROUTED_INBOUND_NEGOTIATION[NEGOTIATION]
output: | initiator ipsec-max-bytes: hard-limit=9223372036854775808 soft-limit=4611686018427387900 softer-limit=2305843009213693950 fuzz=536540121962932367 actual-limit=2842383131176626317
output: | initiator ipsec-max-packets: hard-limit=9223372036854775808 soft-limit=4611686018427387900 softer-limit=2305843009213693950 fuzz=561992743118899625 actual-limit=2867835752332593575
output: | kernel: setup_half_kernel_state() INBOUND <unset-selector>->[192.1.2.23=TUNNEL=>192.1.2.45]-><unset-selector> sec_label=
output: | kernel: looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96
output: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12
output: | kernel: child->sa.st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20
output: | kernel: setting IPsec SA replay-window to 128
output: | kernel: NIC esp-hw-offload disabled for connection 'west-east'
output: | "west-east" #2: routing:  kernel_ops_add_sa() level=0 INBOUND TUNNEL
output: | "west-east" #2: routing:   (src) <unset-selector> -> 192.1.2.23[665b5b22] ==> 192.1.2.45 -> <unset-selector> (dst)
output: | "west-east" #2: routing:   HMAC_SHA1_96:20 AES_CBC:16 replay_window=128 +dont_encap_dscp ...
output: | netlink_add_sa() tunnel enabling inner-most tunnel mode
output: | netlink_add_sa() adding IPsec SA with reqid 16389
output: | netlink_add_sa() disabling Encap DSCP
output: | netlink_add_sa() setting IPsec SA replay-window to 128 using xfrm_replay_state_esn
output: | netlink_add_sa() esp-hw-offload not set for IPsec SA
output: | sendrecv_xfrm_msg() sending 26 Add SA esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | sendrecv_xfrm_msg() netlink response for Add SA esp.ESPSPIi@192.1.2.45 included non-error error
output: | "west-east" #2: routing:   ... yes
output: | kernel: install_inbound_ipsec_kernel_policies() owner=#2
output: | kernel: install_inbound_ipsec_kernel_policies() is installing SPD for 192.0.2.0/24=>192.0.1.0/24
output: | kernel: NIC esp-hw-offload disabled for connection 'west-east'
output: | priority calculation of is 1757393 (0x1ad0d1) base=1 portsw=2 protow=1, srcw=104 dstw=104 instw=1
output: | kernel: install_inbound_ipsec_kernel_policy() is installing SPD for 192.0.2.0/24=>192.0.1.0/24
output: | "west-east" #2: routing:  kernel_ops_policy_add() ADD+INBOUND add inbound Child SA (install_inbound_ipsec_kernel_policies() +1636 programs/pluto/kernel.c)
output: | "west-east" #2: routing:   client=192.0.2.0/24=>192.0.1.0/24 lifetime=0s
output: | "west-east" #2: routing:   sa_marks=out:0/00000000,in:0/00000000
output: | "west-east" #2: routing:   policy=192.1.2.23=>192.1.2.45,IPSEC=IPSEC,priority=1757393,TUNNEL[ESP@16389(ALL)]
output: | kernel_ops_policy_add()   policy=IPv4 action=0 xfrm_dir=0 op=ADD dir=INBOUND
output: | kernel_xfrm_policy_add() using family IPv4 (2)
output: | set_xfrm_selectors() using family IPv4 (2)
output: | kernel_xfrm_policy_add() IPsec SA SPD priority set to 1757393
output: | kernel_xfrm_policy_add() adding xfrm_user_tmpl reqid=16389 id.proto=50 optional=0 family=2 mode=1 saddr=192.1.2.23 daddr=192.1.2.45
output: | sendrecv_xfrm_msg() sending 25 policy IPv4
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | kernel_ops_policy_add()   XFRM_MSG_UPDPOLICY for flow IPv4 (in) had A policy
output: | kernel_xfrm_policy_add() adding policy forward (suspect a tunnel)
output: | sendrecv_xfrm_msg() sending 25 policy IPv4
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | kernel_ops_policy_add()   XFRM_MSG_UPDPOLICY for flow IPv4 (fwd) had A policy
output: | "west-east" #2: routing:   ... yes
output: | "west-east" #2: routing: stop ESTABLISH_INBOUND, ROUTED_NEGOTIATION->ROUTED_INBOUND_NEGOTIATION, PERMANENT; ok=yes; routing_sa #2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #2 (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | "west-east": delref @0x7f1c931a1a78(4->3) "west-east" #2:  (dispatch() +2450 programs/pluto/routing.c)
output: | "west-east": addref @0x7f1c931a1a78(3->4) "west-east" #2:  (dispatch() +2436 programs/pluto/routing.c)
output: | "west-east" #2: routing: start ESTABLISH_OUTBOUND, ROUTED_INBOUND_NEGOTIATION, PERMANENT; ISAKMP #1 (MAIN_I4) IPsec #2 (QUICK_I1) by=PEER; $1@0x7f1c931a1a78; routing_sa #2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #2 (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | kernel: install_outbound_ipsec_sa() for #2: outbound (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | initiator ipsec-max-bytes: hard-limit=9223372036854775808 soft-limit=4611686018427387900 softer-limit=2305843009213693950 fuzz=556635407029781826 actual-limit=2862478416243475776
output: | initiator ipsec-max-packets: hard-limit=9223372036854775808 soft-limit=4611686018427387900 softer-limit=2305843009213693950 fuzz=29534811064955573 actual-limit=2335377820278649523
output: | kernel: setup_half_kernel_state() OUTBOUND <unset-selector>->[192.1.2.45=TUNNEL=>192.1.2.23]-><unset-selector> sec_label=
output: | kernel: looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96
output: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12
output: | kernel: child->sa.st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20
output: | kernel: setting IPsec SA replay-window to 128
output: | kernel: NIC esp-hw-offload disabled for connection 'west-east'
output: | "west-east" #2: routing:  kernel_ops_add_sa() level=0 OUTBOUND TUNNEL
output: | "west-east" #2: routing:   (src) <unset-selector> -> 192.1.2.45[4c1457f8] ==> 192.1.2.23 -> <unset-selector> (dst)
output: | "west-east" #2: routing:   HMAC_SHA1_96:20 AES_CBC:16 replay_window=128 +dont_encap_dscp ...
output: | netlink_add_sa() tunnel enabling inner-most tunnel mode
output: | netlink_add_sa() adding IPsec SA with reqid 16389
output: | netlink_add_sa() disabling Encap DSCP
output: | netlink_add_sa() setting IPsec SA replay-window to 128 using xfrm_replay_state_esn
output: | netlink_add_sa() esp-hw-offload not set for IPsec SA
output: | sendrecv_xfrm_msg() sending 16 Add SA esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | sendrecv_xfrm_msg() netlink response for Add SA esp.ESPSPIi@192.1.2.23 included non-error error
output: | "west-east" #2: routing:   ... yes
output: | kernel: install_outbound_ipsec_kernel_policies() installing IPsec policies for #2: connection is currently #2 RT_ROUTED_INBOUND_NEGOTIATION route=no up=yes
output: | spd_owner() looking for SPD owner of 192.0.1.0/24===192.0.2.0/24 with routing >= ROUTED_TUNNEL[IPSEC]
output: | FOR_EACH_SPD_ROUTE[remote_client_range=192.0.2.0/24]... in (get_connection_spd_conflict() +793 programs/pluto/kernel.c)
output: |   found "west-east" 192.0.1.0/24===192.0.2.0/24
output: |    "west-east" 192.0.1.0/24===192.0.2.0/24 ROUTED_INBOUND_NEGOTIATION[NEGOTIATION] skipped; ignoring self
output: |   matches: 1
output: | spd_owner: owners of 192.0.1.0/24===192.0.2.0/24 routing >= ROUTED_TUNNEL[IPSEC]
output: | kernel: get_connection_spd_conflict looking for 192.0.1.0/24===192.0.2.0/24
output: | kernel: NIC esp-hw-offload disabled for connection 'west-east'
output: | priority calculation of is 1757393 (0x1ad0d1) base=1 portsw=2 protow=1, srcw=104 dstw=104 instw=1
output: | "west-east" #2: routing:  kernel_ops_policy_add() ADD+OUTBOUND install IPsec policy (install_outbound_ipsec_kernel_policies() +1844 programs/pluto/kernel.c)
output: | "west-east" #2: routing:   client=192.0.1.0/24=>192.0.2.0/24 lifetime=0s
output: | "west-east" #2: routing:   sa_marks=out:0/00000000,in:0/00000000
output: | "west-east" #2: routing:   policy=192.1.2.45=>192.1.2.23,IPSEC=IPSEC,priority=1757393,TUNNEL[ESP@16389(ALL)]
output: | kernel_ops_policy_add()   policy=IPv4 action=0 xfrm_dir=1 op=ADD dir=OUTBOUND
output: | kernel_xfrm_policy_add() using family IPv4 (2)
output: | set_xfrm_selectors() using family IPv4 (2)
output: | kernel_xfrm_policy_add() IPsec SA SPD priority set to 1757393
output: | kernel_xfrm_policy_add() adding xfrm_user_tmpl reqid=16389 id.proto=50 optional=0 family=2 mode=1 saddr=192.1.2.45 daddr=192.1.2.23
output: | sendrecv_xfrm_msg() sending 25 policy IPv4
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | kernel_ops_policy_add()   XFRM_MSG_UPDPOLICY for flow IPv4 (out) had A policy
output: | "west-east" #2: routing:   ... yes
output: | kernel: running updown command "ipsec _updown" for verb prepare 
output: | kernel: command executing prepare-client
output: | kernel: get_ipsec_traffic() esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() sending 18 Get SA esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() recvfrom() returned 568 bytes
output: | xfrm_get_kernel_state() rtattribute type 24 ...
output: | xfrm_get_kernel_state() rtattribute type 1 ...
output: | xfrm_get_kernel_state() rtattribute type 20 ...
output: | xfrm_get_kernel_state() rtattribute type 2 ...
output: | xfrm_get_kernel_state() rtattribute type 23 ...
output: | kernel: get_ipsec_traffic() bytes=0 add_time=1709039333 lastused=0
output: | kernel: get_ipsec_traffic() esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() sending 18 Get SA esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() recvfrom() returned 568 bytes
output: | xfrm_get_kernel_state() rtattribute type 24 ...
output: | xfrm_get_kernel_state() rtattribute type 1 ...
output: | xfrm_get_kernel_state() rtattribute type 20 ...
output: | xfrm_get_kernel_state() rtattribute type 2 ...
output: | xfrm_get_kernel_state() rtattribute type 23 ...
output: | kernel: get_ipsec_traffic() bytes=0 add_time=1709039333 lastused=0
output: | executing prepare-client: 2>&1 PLUTO_VERB='prepare-client' PLUTO_CONNECTION='west-east' PLUTO_CONNECTION_TYPE='tunnel' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_CLIENT_FAMILY='ipv4' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=0 PLUTO_MY_PROTOCOL=0 PLUTO_SA_REQID=16389 PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=0 PLUTO_PEER_PROTOCOL=0 PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME=0 PLUTO_CONN_POLICY='IKEv1+PSK+ENCRYPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=0 PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=0 PLUTO_CFG_CLIENT=0 PLUTO_NM_CONFIG...
output: | popen cmd is 1127 chars long
output: | cmd(   0):2>&1 PLUTO_VERB='prepare-client' PLUTO_CONNECTION='west-east' PLUTO_CONNECTION_T:
output: | cmd(  80):YPE='tunnel' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUT:
output: | cmd( 160):E='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO:
output: | cmd( 240):_CLIENT_FAMILY='ipv4' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.:
output: | cmd( 320):1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=0 PLUTO_MY_PROTOCOL=0 PL:
output: | cmd( 400):UTO_SA_REQID=16389 PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@e:
output: | cmd( 480):ast' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE:
output: | cmd( 560):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=0 PLUTO_PEER_PROTOCOL=0 PLUTO_PEE:
output: | cmd( 640):R_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME=0 PLUTO_CONN_POLICY='IKEv1+PSK+ENCRYPT+:
output: | cmd( 720):TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES' PLUTO_CONN_KIND='CK_PERMANENT:
output: | cmd( 800):' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=0 PLUTO_PEER_D:
output: | cmd( 880):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=0 PLU:
output: | cmd( 960):TO_CFG_CLIENT=0 PLUTO_NM_CONFIGURED=0 PLUTO_INBYTES=0 PLUTO_OUTBYTES=0 VTI_IFACE:
output: | cmd(1040):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4c1457f8 SPI_OUT=0x665b5b22 ipsec :
output: | cmd(1120):_updown:
output: | kernel: install_outbound_ipsec_kernel_policies() skipping updown-route as non-bare
output: | kernel: running updown command "ipsec _updown" for verb up 
output: | kernel: command executing up-client
output: | kernel: get_ipsec_traffic() esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() sending 18 Get SA esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() recvfrom() returned 568 bytes
output: | xfrm_get_kernel_state() rtattribute type 24 ...
output: | xfrm_get_kernel_state() rtattribute type 1 ...
output: | xfrm_get_kernel_state() rtattribute type 20 ...
output: | xfrm_get_kernel_state() rtattribute type 2 ...
output: | xfrm_get_kernel_state() rtattribute type 23 ...
output: | kernel: get_ipsec_traffic() bytes=0 add_time=1709039333 lastused=0
output: | kernel: get_ipsec_traffic() esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() sending 18 Get SA esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() recvfrom() returned 568 bytes
output: | xfrm_get_kernel_state() rtattribute type 24 ...
output: | xfrm_get_kernel_state() rtattribute type 1 ...
output: | xfrm_get_kernel_state() rtattribute type 20 ...
output: | xfrm_get_kernel_state() rtattribute type 2 ...
output: | xfrm_get_kernel_state() rtattribute type 23 ...
output: | kernel: get_ipsec_traffic() bytes=0 add_time=1709039333 lastused=0
output: | executing up-client: 2>&1 PLUTO_VERB='up-client' PLUTO_CONNECTION='west-east' PLUTO_CONNECTION_TYPE='tunnel' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_CLIENT_FAMILY='ipv4' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=0 PLUTO_MY_PROTOCOL=0 PLUTO_SA_REQID=16389 PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=0 PLUTO_PEER_PROTOCOL=0 PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME=1709039333 PLUTO_CONN_POLICY='IKEv1+PSK+ENCRYPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=0 PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=0 PLUTO_CFG_CLIENT=0 PLUTO_NM_CONFIGU...
output: | popen cmd is 1131 chars long
output: | cmd(   0):2>&1 PLUTO_VERB='up-client' PLUTO_CONNECTION='west-east' PLUTO_CONNECTION_TYPE=':
output: | cmd(  80):tunnel' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' :
output: | cmd( 160):PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_CLIE:
output: | cmd( 240):NT_FAMILY='ipv4' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' :
output: | cmd( 320):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=0 PLUTO_MY_PROTOCOL=0 PLUTO_S:
output: | cmd( 400):A_REQID=16389 PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' :
output: | cmd( 480):PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CL:
output: | cmd( 560):IENT_MASK='255.255.255.0' PLUTO_PEER_PORT=0 PLUTO_PEER_PROTOCOL=0 PLUTO_PEER_CA=:
output: | cmd( 640):'' PLUTO_STACK='xfrm' PLUTO_ADDTIME=1709039333 PLUTO_CONN_POLICY='IKEv1+PSK+ENCR:
output: | cmd( 720):YPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES' PLUTO_CONN_KIND='CK_PERMA:
output: | cmd( 800):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=0 PLUTO_PE:
output: | cmd( 880):ER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=0:
output: | cmd( 960): PLUTO_CFG_CLIENT=0 PLUTO_NM_CONFIGURED=0 PLUTO_INBYTES=0 PLUTO_OUTBYTES=0 VTI_I:
output: | cmd(1040):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4c1457f8 SPI_OUT=0x665b5b22 ip:
output: | cmd(1120):sec _updown:
output: | "west-east" #2: routing: stop ESTABLISH_OUTBOUND, ROUTED_INBOUND_NEGOTIATION->ROUTED_TUNNEL, PERMANENT; ok=yes; routing_sa #2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #2 established_child_sa #0->#2 (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | "west-east": delref @0x7f1c931a1a78(4->3) "west-east" #2:  (dispatch() +2450 programs/pluto/routing.c)
output: | emitting 12 zero bytes of encryption padding into ISAKMP Message
output: | no IKEv1 message padding required
output: | emitting length of ISAKMP Message: 76
output: | "west-east" #2: DPD: dpd_init() called on IPsec SA
output: | "west-east" #2: DPD: Peer does not support Dead Peer Detection
output: | job 4 helper 1 #2 quick_inR1_outI2 (dh): final status STF_OK; cleaning up
output: | delref @0x7f1c931abfd8(2->1) (cleanup_dh_shared_secret() +170 programs/pluto/crypt_dh.c)
output: | DH: delref secret-key@NULL
output: | "west-east" #2: detach whack fd@0x7f1c931a9fe8 from logger 0x7f1c927dafc8 slot 0 (free_job() +430 programs/pluto/server_pool.c)
output: | delref @0x7f1c931a9fe8(2->1) (free_job() +430 programs/pluto/server_pool.c)
output: | logger: delref @0x7f1c927dafc8(1->0) (free_job() +430 programs/pluto/server_pool.c)
output: | job: delref @0x7f1c927d6f98(1->0) (free_job() +431 programs/pluto/server_pool.c)
output: | complete v1 state transition with STF_OK
output: | #2 is idle
output: | doing_xauth:no, t_xauth_client_done:no
output: | child state #2: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA)
output: | #2 deleting EVENT_CRYPTO_TIMEOUT
output: | tt: delref @0x7f1c927def68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f1c927dcfa8(1->0) (delete_event() +534 programs/pluto/timer.c)
output: | #2 STATE_QUICK_I2: retransmits: cleared
output: | sending 76 bytes for quick_inR1_outI2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #2)
output: |   97 06 df 1f  96 b5 45 f1  54 29 74 f6  19 5e e4 8e   ......E.T)t..^..
output: |   08 10 20 01  94 d0 7b 10  00 00 00 4c  96 2f 4f e0   .. ...{....L./O.
output: |   f7 6f ca 08  c7 b5 ed da  16 5e c2 61  67 53 db d5   .o.......^.agS..
output: |   4a 6c ae 06  72 90 21 f2  01 70 88 cb  39 74 0d 9a   Jl..r.!..p..9t..
output: |   59 00 7f 70  10 c3 86 72  3b 55 1e 1d                Y..p...r;U..
output: | event_schedule_where: newref EVENT_v1_REPLACE-pe@0x7f1c927fcfa8 timeout in 28239 seconds for #2
output: | tt: newref @0x7f1c927eff68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | pstats #2 ikev1.ipsec established
output: "west-east" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
output: | modecfg pull: noquirk policy:push not-client
output: | phase 1 is done, looking for phase 2 to unpend
output: | "west-east" #2: detach whack fd@0x7f1c931a9fe8 from logger 0x7f1c930b7fc8 slot 0 (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | delref @0x7f1c931a9fe8(1->0) (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | freeref fd@0x7f1c931a9fe8 (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | packet from 192.1.2.23:500: delref @0x7f1c927ce628(1->0) (resume_handler() +687 programs/pluto/server.c)
output: | packet from 192.1.2.23:500: releasing whack (but there are none) (resume_handler() +687 programs/pluto/server.c)
output: | logger: delref @0x7f1c92747fc8(1->0) (resume_handler() +687 programs/pluto/server.c)
output: | delref @0x7f1c931aff38(4->3) (resume_handler() +687 programs/pluto/server.c)
output: | #2 spent 4.82 (56.3) milliseconds in resume sending job back to main thread
output: | tt: delref @0x7f1c927e0f68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | processing signal PLUTO_SIGCHLD
output: | waitpid returned ECHILD (no child processes left)
output: | spent 0.00603 (0.119) milliseconds in signal handler PLUTO_SIGCHLD
output: | processing signal PLUTO_SIGCHLD
output: | waitpid returned ECHILD (no child processes left)
output: | spent 0.00462 (0.11) milliseconds in signal handler PLUTO_SIGCHLD
output: | processing global timer EVENT_SHUNT_SCAN
output: | kernel: checking for aged bare shunts from shunt table to expire
output: | spent 0.0122 (0.129) milliseconds in global timer EVENT_SHUNT_SCAN
output: | processing global timer EVENT_NAT_T_KEEPALIVE
output: | FOR_EACH_STATE_... in (nat_traversal_ka_event() +304 programs/pluto/nat_traversal.c)
output: |   found "west-east" #2
output: | not behind NAT: no NAT-T KEEP-ALIVE required for conn west-east
output: |   found "west-east" #1
output: | not behind NAT: no NAT-T KEEP-ALIVE required for conn west-east
output: |   matches: 2
output: | spent 0.0605 (0.61) milliseconds in global timer EVENT_NAT_T_KEEPALIVE
west #
 ipsec _kernel state
west #
 ipsec _kernel policy
src 192.0.1.0/24 dst 192.0.2.0/24
	dir out priority PRIORITY ptype main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 0 mode transport
west #
 ipsec unroute west-east
west #
