Project

General

Profile

Bug #904

swanctl list-sas/list-conns

Added by Noel Kuntze over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
swanctl
Target version:
Start date:
21.03.2015
Due date:
Estimated time:
Affected version:
5.2.2
Resolution:
Fixed

Description

Hello team,

The output of swanctl shows ESN usage like this:
home-active: #16, ESTABLISHED, IKEv2, a3ab9c837370b991:2b11d4dd8e3384bb
local 'thermi.strangled.net' 2a03:4000:6:3064::1
remote 'thermi-home-gw-1'
2a02:8071:9186:7d00:5054:ff:fe2f:7fa
AES_GCM_16-256/PRF_HMAC_SHA2_256/MODP_4096
established 100395s ago
home-active: #26, INSTALLED, TUNNEL, ESP:AES_CBC-256/AES_XCBC_96/MODP_4096/1
installed 952 ago, rekeying in 736s, expires in 1029s
in c1e45941/77ac, 0 bytes, 0 packets
out c09d5fd5/50af, 0 bytes, 0 packets
local 0.0.0.0/0
remote 192.168.178.161/32

Shouldn't the "1" after MODP_4096 be replaced by some human readable stuff like (ESN $ESNLENGTH)
or the ESN length itself?

Kind regards,
Noel Kuntze

Associated revisions

Revision d143e7b0 (diff)
Added by Martin Willi over 5 years ago

swanctl: Append /ESN to proposal for a CHILD_SA using Extended Sequence Numbers

We previously printed just the value for the "esn" keyword, which is "1", and
not helpful as such.

Fixes #904.

History

#1 Updated by Martin Willi over 5 years ago

  • Tracker changed from Issue to Bug
  • Category set to swanctl
  • Status changed from New to Closed
  • Assignee set to Martin Willi
  • Target version set to 5.3.0
  • Resolution set to Fixed

Noel,

Thanks for your bug report, fixed with the referenced commit.

Shouldn't the "1" after MODP_4096 be replaced by some human readable stuff like (ESN $ESNLENGTH) or the ESN length itself?

There is no ESN length: Either the SA uses ESN (64-bit sequence numbers), or it doesn't (and uses 32-bit sequence numbers). So with the pushed patch we now just append "/ESN" to that proposal string, or we don't.

Kind regards
Martin

Also available in: Atom PDF