/testing/guestbin/swan-prep
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# cp policies/* /etc/ipsec.d/policies/
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# echo "0.0.0.0/0"  >> /etc/ipsec.d/policies/block
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Redirecting to: /etc/init.d/ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Starting pluto IKE daemon for IPsec: 
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# /testing/pluto/bin/wait-until-pluto-started
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# # give OE policies time to load
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# sleep 5
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# echo "initdone"
initdone
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# ../../pluto/bin/ipsec-look.sh
==== cut ====
start raw xfrm state:
src 0.0.0.0/0 dst 192.1.2.23/32 \	dir fwd action block priority 1564639 ptype main \	tmpl src 0.0.0.0 dst 0.0.0.0\		proto esp reqid 0 mode transport\
src 0.0.0.0/0 dst 192.1.2.23/32 \	dir in action block priority 1564639 ptype main \	tmpl src 0.0.0.0 dst 0.0.0.0\		proto esp reqid 0 mode transport\
src 192.1.2.23/32 dst 0.0.0.0/0 \	dir out action block priority 1564639 ptype main \	tmpl src 0.0.0.0 dst 0.0.0.0\		proto esp reqid 0 mode transport\
src 192.1.2.253/32 dst 192.1.2.23/32 \	dir fwd priority 1564639 ptype main \
src 192.1.2.253/32 dst 192.1.2.23/32 \	dir in priority 1564639 ptype main \
src 192.1.2.23/32 dst 192.1.2.253/32 \	dir out priority 1564639 ptype main \
src 192.1.3.253/32 dst 192.1.2.23/32 \	dir fwd priority 1564639 ptype main \
src 192.1.3.253/32 dst 192.1.2.23/32 \	dir in priority 1564639 ptype main \
src 192.1.2.23/32 dst 192.1.3.253/32 \	dir out priority 1564639 ptype main \
src 192.1.3.254/32 dst 192.1.2.23/32 \	dir fwd priority 1564639 ptype main \
src 192.1.3.254/32 dst 192.1.2.23/32 \	dir in priority 1564639 ptype main \
src 192.1.2.23/32 dst 192.1.3.254/32 \	dir out priority 1564639 ptype main \
src 192.1.2.254/32 dst 192.1.2.23/32 \	dir fwd priority 1564639 ptype main \
src 192.1.2.254/32 dst 192.1.2.23/32 \	dir in priority 1564639 ptype main \
src 192.1.2.23/32 dst 192.1.2.254/32 \	dir out priority 1564639 ptype main \
end raw xfrm state:
==== tuc ====
east Mon Aug 26 18:30:46 UTC 2019
XFRM state:
XFRM policy:
src 0.0.0.0/0 dst 192.1.2.23/32
	dir fwd action block priority 1564639 ptype main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 0 mode transport
src 0.0.0.0/0 dst 192.1.2.23/32
	dir in action block priority 1564639 ptype main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 0 mode transport
src 192.1.2.23/32 dst 0.0.0.0/0
	dir out action block priority 1564639 ptype main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 0 mode transport
src 192.1.2.23/32 dst 192.1.2.253/32
	dir out priority 1564639 ptype main
src 192.1.2.23/32 dst 192.1.2.254/32
	dir out priority 1564639 ptype main
src 192.1.2.23/32 dst 192.1.3.253/32
	dir out priority 1564639 ptype main
src 192.1.2.23/32 dst 192.1.3.254/32
	dir out priority 1564639 ptype main
src 192.1.2.253/32 dst 192.1.2.23/32
	dir fwd priority 1564639 ptype main
src 192.1.2.253/32 dst 192.1.2.23/32
	dir in priority 1564639 ptype main
src 192.1.2.254/32 dst 192.1.2.23/32
	dir fwd priority 1564639 ptype main
src 192.1.2.254/32 dst 192.1.2.23/32
	dir in priority 1564639 ptype main
src 192.1.3.253/32 dst 192.1.2.23/32
	dir fwd priority 1564639 ptype main
src 192.1.3.253/32 dst 192.1.2.23/32
	dir in priority 1564639 ptype main
src 192.1.3.254/32 dst 192.1.2.23/32
	dir fwd priority 1564639 ptype main
src 192.1.3.254/32 dst 192.1.2.23/32
	dir in priority 1564639 ptype main
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 via 192.1.2.45 dev eth1
192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23
NSS_CERTIFICATES

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# # should not show any hits
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# grep "negotiated connection" /tmp/pluto.log
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep "negotiated connection" /tmp/pluto.log' <<<<<<<<<<tuc<<<<<<<<<<: ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# ipsec auto --status
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566844133.486:265910): avc:  denied  { write } for  pid=7504 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=295084539 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566844133.996:266013): avc:  denied  { write } for  pid=8463 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=63889669 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-18-poc-blockall\[root@east newoe-18-poc-blockall]#