Starting UML PATH/start.sh
spawn PATH single
Linux version XXXX
On node 0 totalpages: 8192
Kernel command line:
Calibrating delay loop... XXXX bogomips
Dentry-cache hash table entries: NUMBERS
Inode-cache hash table entries: NUMBERS
Mount-cache hash table entries: NUMBERS
Buffer-cache hash table entries: NUMBERS
Page-cache hash table entries: NUMEBRS
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
VFS: Diskquotas version dquot_6.4.0 initialized
devfs: VERSION Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options Q
pty: 256 Unix98 ptys configured
SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256).
loop: loaded (max 8 devices)
PPP generic driver version VERSION
Universal TUN/TAP device driver VERSION
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 2048 bind 2048)
IPv4 over IPv4 tunneling driver
GRE over IPv4 tunneling driver
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Mounted devfs on /dev
INIT: version 2.78 booting
Activating swap...
Calculating module dependancies
done.
Loading modules: LIST

Checking all file systems...
Parallelizing fsck version 1.18 (11-Nov-1999)
Setting kernel variables.
Mounting local filesystems...
/dev/shm on /tmp type tmpfs (rw)
/dev/shm on /var/run type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0622)
none on /usr/share type hostfs (ro)
Enabling packet forwarding: done.
Configuring network interfaces: done.
Cleaning: /tmp /var/lock /var/run.
Initializing random number generator... done.
Recovering nvi editor sessions... done.
Give root password for maintenance
(or type Control-D for normal startup): 
east:~#
 klogd -c 4 -x -f /tmp/klog.log
east:~#
 TZ=GMT export TZ
east:~#
 dig @192.1.4.254 east.uml.freeswan.org. key

; <<>> DiG VERSION<<>> @192.1.4.254 east.uml.freeswan.org. key
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;east.uml.freeswan.org.		IN	KEY

;; ANSWER SECTION:
east.uml.freeswan.org.	604800	IN	KEY	16896 4 1 AQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYg RkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLs qGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9 h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMp zWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2Rd hmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ 50WraQlL

;; AUTHORITY SECTION:
uml.freeswan.org.	604800	IN	NS	NSSERVER
uml.freeswan.org.	604800	IN	NS	NSSERVER

;; ADDITIONAL SECTION:
nic.root-servers.net.	604800	IN	A	192.1.2.254
carrot.uml.freeswan.org. 604800	IN	A	192.1.2.130

;; Query time: 25 msec
;; SERVER: 192.1.4.254#53(192.1.4.254)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

east:~#
 ping -c 2 -n 192.1.2.254
PING 192.1.2.254 (192.1.2.254): 56 data bytes
64 bytes from 192.1.2.254: icmp_seq=0 ttl=257 time=999 ms
64 bytes from 192.1.2.254: icmp_seq=1 ttl=257 time=999 ms

--- 192.1.2.254 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
east:~#
 ipsec spi --clear
east:~#
 ipsec eroute --clear
east:~#
 ipsec klipsdebug --set tunnel-xmit
east:~#
 ipsec eroute --add --eraf inet --src 0.0.0.0/0 --dst 0.0.0.0/0 --said %trap
east:~#
 ipsec tncfg --attach --virtual ipsec0 --physical eth1
east:~#
 ifconfig ipsec0 inet 192.1.2.23 netmask 0xffffff00 broadcast 192.1.2.255 up
east:~#
 ipsec look
east NOW
0.0.0.0/0          -> 0.0.0.0/0          => %trap (0)
ipsec0->eth1 mtu=16260(1500)->1500
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
east:~#
 route add -net 0.0.0.0   netmask 128.0.0.0 gw 192.1.2.254 dev ipsec0
east:~#
 route add -net 128.0.0.0 netmask 128.0.0.0 gw 192.1.2.254 dev ipsec0
east:~#
 ipsec pf_key --daemon /var/run/pf_key.pid >/tmp/pfkey.txt
east:~#
 dig @192.1.4.254 east.uml.freeswan.org. key

; <<>> DiG VERSION<<>> @192.1.4.254 east.uml.freeswan.org. key
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;east.uml.freeswan.org.		IN	KEY

;; ANSWER SECTION:
east.uml.freeswan.org.	604800	IN	KEY	16896 4 1 AQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYg RkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLs qGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9 h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMp zWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2Rd hmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ 50WraQlL

;; AUTHORITY SECTION:
uml.freeswan.org.	604800	IN	NS	NSSERVER
uml.freeswan.org.	604800	IN	NS	NSSERVER

;; ADDITIONAL SECTION:
nic.root-servers.net.	604800	IN	A	192.1.2.254
carrot.uml.freeswan.org. 604800	IN	A	192.1.2.130

;; Query time: 25 msec
;; SERVER: 192.1.4.254#53(192.1.4.254)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

east:~#
 dig +tcp @192.1.4.254 east.uml.freeswan.org. key

; <<>> DiG VERSION<<>> +tcp @192.1.4.254 east.uml.freeswan.org. key
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;east.uml.freeswan.org.		IN	KEY

;; ANSWER SECTION:
east.uml.freeswan.org.	604800	IN	KEY	16896 4 1 AQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYg RkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLs qGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9 h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMp zWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2Rd hmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ 50WraQlL

;; AUTHORITY SECTION:
uml.freeswan.org.	604800	IN	NS	NSSERVER
uml.freeswan.org.	604800	IN	NS	NSSERVER

;; ADDITIONAL SECTION:
nic.root-servers.net.	604800	IN	A	192.1.2.254
carrot.uml.freeswan.org. 604800	IN	A	192.1.2.130

;; Query time: 25 msec
;; SERVER: 192.1.4.254#53(192.1.4.254)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

east:~#
 ipsec eroute
0          0.0.0.0/0          -> 0.0.0.0/0          => %trap
0          192.1.2.23/32      -> 192.1.4.254/32     => %hold
east:~#
 kill `cat /var/run/pf_key.pid`
east:~#
 cat /tmp/pfkey.txt; echo

pfkey v2 msg. type=7(register) seq=1 len=7 pid=987 errno=0 satype=3(ESP)
version=2 type=7 errno=0 satype=3 len=7 seq=1 pid=987 {ext=14 len=3 bytes=0x000000000300a000a00000000200800080000000 } {ext=15 len=2 bytes=0x000000000380a800a8000000 } 

pfkey v2 msg. type=7(register) seq=2 len=4 pid=987 errno=0 satype=9(IPIP)
version=2 type=7 errno=0 satype=9 len=4 seq=2 pid=987 {ext=15 len=2 bytes=0x000000000100200020000000 } 

pfkey v2 msg. type=7(register) seq=3 len=4 pid=987 errno=0 satype=10(COMP)
version=2 type=7 errno=0 satype=10 len=4 seq=3 pid=987 {ext=15 len=2 bytes=0x000000000200010001000000 } 

pfkey v2 msg. type=6(acquire) seq=1 len=29 pid=987 errno=0 satype=3(ESP)
version=2 type=6 errno=0 satype=3 len=29 seq=1 pid=987 {ext=5 len=3 proto=0 prefixlen=0 addr=0x02000000c00102170000000000000000 } {ext=6 len=3 proto=0 prefixlen=0 addr=0x02000000c00104fe0000000000000000 } {ext=13 len=21 bytes=0x400000000203010080008000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e10000000000008051010000000000000000000000000003030100a000a000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e100000000000080510100000000000000000000000000 } 

pfkey v2 msg. type=6(acquire) seq=2 len=29 pid=987 errno=0 satype=3(ESP)
version=2 type=6 errno=0 satype=3 len=29 seq=2 pid=987 {ext=5 len=3 proto=0 prefixlen=0 addr=0x02000000c00102170000000000000000 } {ext=6 len=3 proto=0 prefixlen=0 addr=0x02000000c00104fe0000000000000000 } {ext=13 len=21 bytes=0x400000000203010080008000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e10000000000008051010000000000000000000000000003030100a000a000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e100000000000080510100000000000000000000000000 } 

pfkey v2 msg. type=6(acquire) seq=3 len=29 pid=987 errno=0 satype=3(ESP)
version=2 type=6 errno=0 satype=3 len=29 seq=3 pid=987 {ext=5 len=3 proto=0 prefixlen=0 addr=0x02000000c00102170000000000000000 } {ext=6 len=3 proto=0 prefixlen=0 addr=0x02000000c00104fe0000000000000000 } {ext=13 len=21 bytes=0x400000000203010080008000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e10000000000008051010000000000000000000000000003030100a000a000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e100000000000080510100000000000000000000000000 } 

pfkey v2 msg. type=6(acquire) seq=4 len=29 pid=987 errno=0 satype=3(ESP)
version=2 type=6 errno=0 satype=3 len=29 seq=4 pid=987 {ext=5 len=3 proto=0 prefixlen=0 addr=0x02000000c00102170000000000000000 } {ext=6 len=3 proto=0 prefixlen=0 addr=0x02000000c00104fe0000000000000000 } {ext=13 len=21 bytes=0x400000000203010080008000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e10000000000008051010000000000000000000000000003030100a000a000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e100000000000080510100000000000000000000000000 } 

pfkey v2 msg. type=6(acquire) seq=5 len=29 pid=987 errno=0 satype=3(ESP)
version=2 type=6 errno=0 satype=3 len=29 seq=5 pid=987 {ext=5 len=3 proto=0 prefixlen=0 addr=0x02000000c00102170000000000000000 } {ext=6 len=3 proto=0 prefixlen=0 addr=0x02000000c00104fe0000000000000000 } {ext=13 len=21 bytes=0x400000000203010080008000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e10000000000008051010000000000000000000000000003030100a000a000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e100000000000080510100000000000000000000000000 } 

pfkey v2 msg. type=6(acquire) seq=6 len=29 pid=987 errno=0 satype=3(ESP)
version=2 type=6 errno=0 satype=3 len=29 seq=6 pid=987 {ext=5 len=3 proto=0 prefixlen=0 addr=0x02000000c00102170000000000000000 } {ext=6 len=3 proto=0 prefixlen=0 addr=0x02000000c00104fe0000000000000000 } {ext=13 len=21 bytes=0x400000000203010080008000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e10000000000008051010000000000000000000000000003030100a000a000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e100000000000080510100000000000000000000000000 } 

pfkey v2 msg. type=6(acquire) seq=7 len=29 pid=987 errno=0 satype=3(ESP)
version=2 type=6 errno=0 satype=3 len=29 seq=7 pid=987 {ext=5 len=3 proto=0 prefixlen=0 addr=0x02000000c00102170000000000000000 } {ext=6 len=3 proto=0 prefixlen=0 addr=0x02000000c00104fe0000000000000000 } {ext=13 len=21 bytes=0x400000000203010080008000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e10000000000008051010000000000000000000000000003030100a000a000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e100000000000080510100000000000000000000000000 } 
pf_key: Exiting on signal 15

east:~#
 ipsec eroute
0          0.0.0.0/0          -> 0.0.0.0/0          => %trap
0          192.1.2.23/32      -> 192.1.4.254/32     => %hold
east:~#
 ipsec setup stop
ipsec_setup: Stopping FreeS/WAN IPsec...
ipsec_setup: stop ordered, but IPsec does not appear to be running!
ipsec_setup: doing cleanup anyway...
IPSEC EVENT: KLIPS device ipsec0 shut down.
east:~#
 kill `cat /var/run/klogd.pid`; cat /tmp/klog.log
klogd 1.3-3#33.1, log source = /proc/kmsg started.
east:~#
 halt -p -f
Power down.
klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=81 hard_header_len:14 10:00:00:64:64:23:10:00:00:64:64:23:08:00 
klips_debug:udp port check: fragoff: 0 len: 67>28 
klips_debug:udp port in packet: port 1024 -> 53
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet or local DNS saddr=c0010217, er=0pDEADF00D, daddr=c00104fe, er_dst=0, proto=17 sport=1024 dport=53
klips_debug:ipsec_xmit_SAlookup: possible DNS packet
klips_debug:ipsec_xmit_SAlookup: bypass = 1
klips_debug:ipsec_xmit_encap_bundle: SADB_ACQUIRE sent due to 262 with src=192.1.2.23:0, dst=192.1.4.254:0, proto=0.
klips_debug:ipsec_xmit_encap_bundle: PASSTRAP: letting packet out after %%trap
klips_debug:ipsec_xmit_send: ...done, calling ip_send() on device:eth1
klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=74 hard_header_len:14 10:00:00:64:64:23:10:00:00:64:64:23:08:00 
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet or local DNS saddr=c0010217, er=0pDEADF00D, daddr=c00104fe, er_dst=0, proto=6 sport=1024 dport=53
klips_debug:ipsec_xmit_SAlookup: possible DNS packet
klips_debug:ipsec_xmit_SAlookup: bypass = 1
klips_debug:ipsec_xmit_encap_bundle: SADB_ACQUIRE sent due to 262 with src=192.1.2.23:0, dst=192.1.4.254:0, proto=0.
klips_debug:ipsec_xmit_encap_bundle: PASSTRAP: letting packet out after %%trap
klips_debug:ipsec_xmit_send: ...done, calling ip_send() on device:eth1
klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=66 hard_header_len:14 10:00:00:64:64:23:10:00:00:64:64:23:08:00 
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet or local DNS saddr=c0010217, er=0pDEADF00D, daddr=c00104fe, er_dst=0, proto=6 sport=1024 dport=53
klips_debug:ipsec_xmit_SAlookup: possible DNS packet
klips_debug:ipsec_xmit_SAlookup: bypass = 1
klips_debug:ipsec_xmit_encap_bundle: SADB_ACQUIRE sent due to 262 with src=192.1.2.23:0, dst=192.1.4.254:0, proto=0.
klips_debug:ipsec_xmit_encap_bundle: PASSTRAP: letting packet out after %%trap
klips_debug:ipsec_xmit_send: ...done, calling ip_send() on device:eth1
klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=107 hard_header_len:14 10:00:00:64:64:23:10:00:00:64:64:23:08:00 
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet or local DNS saddr=c0010217, er=0pDEADF00D, daddr=c00104fe, er_dst=0, proto=6 sport=1024 dport=53
klips_debug:ipsec_xmit_SAlookup: possible DNS packet
klips_debug:ipsec_xmit_SAlookup: bypass = 1
klips_debug:ipsec_xmit_encap_bundle: SADB_ACQUIRE sent due to 262 with src=192.1.2.23:0, dst=192.1.4.254:0, proto=0.
klips_debug:ipsec_xmit_encap_bundle: PASSTRAP: letting packet out after %%trap
klips_debug:ipsec_xmit_send: ...done, calling ip_send() on device:eth1
klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=66 hard_header_len:14 10:00:00:64:64:23:10:00:00:64:64:23:08:00 
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet or local DNS saddr=c0010217, er=0pDEADF00D, daddr=c00104fe, er_dst=0, proto=6 sport=1024 dport=53
klips_debug:ipsec_xmit_SAlookup: possible DNS packet
klips_debug:ipsec_xmit_SAlookup: bypass = 1
klips_debug:ipsec_xmit_encap_bundle: SADB_ACQUIRE sent due to 262 with src=192.1.2.23:0, dst=192.1.4.254:0, proto=0.
klips_debug:ipsec_xmit_encap_bundle: PASSTRAP: letting packet out after %%trap
klips_debug:ipsec_xmit_send: ...done, calling ip_send() on device:eth1
klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=66 hard_header_len:14 10:00:00:64:64:23:10:00:00:64:64:23:08:00 
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet or local DNS saddr=c0010217, er=0pDEADF00D, daddr=c00104fe, er_dst=0, proto=6 sport=1024 dport=53
klips_debug:ipsec_xmit_SAlookup: possible DNS packet
klips_debug:ipsec_xmit_SAlookup: bypass = 1
klips_debug:ipsec_xmit_encap_bundle: SADB_ACQUIRE sent due to 262 with src=192.1.2.23:0, dst=192.1.4.254:0, proto=0.
klips_debug:ipsec_xmit_encap_bundle: PASSTRAP: letting packet out after %%trap
klips_debug:ipsec_xmit_send: ...done, calling ip_send() on device:eth1
klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=66 hard_header_len:14 10:00:00:64:64:23:10:00:00:64:64:23:08:00 
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet or local DNS saddr=c0010217, er=0pDEADF00D, daddr=c00104fe, er_dst=0, proto=6 sport=1024 dport=53
klips_debug:ipsec_xmit_SAlookup: possible DNS packet
klips_debug:ipsec_xmit_SAlookup: bypass = 1
klips_debug:ipsec_xmit_encap_bundle: SADB_ACQUIRE sent due to 262 with src=192.1.2.23:0, dst=192.1.4.254:0, proto=0.
klips_debug:ipsec_xmit_encap_bundle: PASSTRAP: letting packet out after %%trap
klips_debug:ipsec_xmit_send: ...done, calling ip_send() on device:eth1

