./parentR1 ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
./parentR1 ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
./parentR1 ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
./parentR1 loading secrets from "../samples/jj.secrets"
./parentR1 loaded private key for keyid: PPK_RSA:AQOg5H7A4
| processing whack message of size: A
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| Added new connection parker1--jj2 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK
| counting wild cards for @jamesjohnson.emmjay.credil.org is 0
| counting wild cards for @parker01.emmjay.credil.org is 0
| orient parker1--jj2 checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient parker1--jj2 finished with: 1 [132.213.238.7]
| find_host_pair: looking for me=132.213.238.7:500 %address him=192.168.1.1:500 exact-match
| find_host_pair: concluded with <none>
| connect_to_host_pair: 132.213.238.7:500 %address 192.168.1.1:500 -> hp:none
| find_ID_host_pair: looking for me=@jamesjohnson.emmjay.credil.org him=@parker01.emmjay.credil.org (exact)
|   concluded with <none>
./parentR1 adding connection: "parker1--jj2"
| fd68:c9f9:4157::/64===132.213.238.7[@jamesjohnson.emmjay.credil.org]...192.168.1.1[@parker01.emmjay.credil.org]===fd68:c9f9:4157:2:0:1::/96
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|   orient parker1--jj2 finished with: 1 [132.213.238.7]
RC=0 "parker1--jj2": fd68:c9f9:4157::/64===132.213.238.7[@jamesjohnson.emmjay.credil.org]...192.168.1.1[@parker01.emmjay.credil.org]===fd68:c9f9:4157:2:0:1::/96; unrouted; eroute owner: #0
RC=0 "parker1--jj2":     myip=unset; hisip=unset;
RC=0 "parker1--jj2":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
RC=0 "parker1--jj2":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK; prio: 64,96; interface: eth0; kind=CK_PERMANENT
| *received 772 bytes from 192.168.1.1:500 on eth0 (port=500)
|   00 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 03 04  22 00 01 fc
|   02 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  02 00 00 2c
|   02 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 28  03 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 02  00 00 00 08  04 00 00 0e
|   02 00 00 28  04 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 2c  05 01 00 04
|   03 00 00 0c  01 00 00 0c  80 0e 00 80  03 00 00 08
|   03 00 00 02  03 00 00 08  02 00 00 02  00 00 00 08
|   04 00 00 05  02 00 00 2c  06 01 00 04  03 00 00 0c
|   01 00 00 0c  80 0e 00 80  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  07 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  08 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  09 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  02 00 00 28  0a 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 02
|   02 00 00 2c  0b 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 02  00 00 00 2c
|   0c 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 02  28 00 00 c8  00 0e 00 00
|   ff bc 6a 92  a6 b9 55 9b  05 fa 96 a7  a4 35 07 b4
|   c1 e1 c0 86  1a 58 71 d9  ba 73 a1 63  11 37 88 c0
|   de bb 39 79  e7 ff 0c 52  b4 ce 60 50  eb 05 36 9e
|   a4 30 0d 2b  ff 3b 1b 29  9f 3b 80 2c  cb 13 31 8c
|   2a b9 e3 b5  62 7c b4 b3  5e b9 39 98  20 76 b5 7c
|   05 0d 7b 35  c3 c5 c7 cc  8c 0f ea b7  b6 4a 7d 7b
|   6b 8f 6b 4d  ab f4 ac 40  6d d2 01 26  b9 0a 98 ac
|   76 6e fa 37  a7 89 0c 43  94 ff 9a 77  61 5b 58 f5
|   2d 65 1b bf  a5 8d 2a 54  9a f8 b0 1a  a4 bc a3 d7
|   62 42 66 63  b1 55 d4 eb  da 9f 60 a6  a1 35 73 e6
|   a8 88 13 5c  dc 67 3d d4  83 02 99 03  f3 a9 0e ca
|   23 e1 ec 1e  27 03 31 b2  d0 50 f4 f7  58 f4 99 27
|   2b 00 00 14  b5 ce 84 19  09 5c 6e 2b  6b 62 d3 05
|   53 05 b3 c4  00 00 00 10  4f 45 70 6c  75 74 6f 75
|   6e 69 74 30
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34), msgid: 00000000
| I am IKE SA Responder
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| considering state entry: 0
|   reject:state needed and state unavailable
| considering state entry: 1
|   reject:state needed and state unavailable
| considering state entry: 2
|   reject:state needed and state unavailable
| considering state entry: 3
| Now lets proceed with state specific processing
| find_host_connection2 called from ikev2parent_inI1outR1, me=132.213.238.7:500 him=192.168.1.1:500 policy=IKEv2ALLOW/-
| find_host_pair: looking for me=132.213.238.7:500 %address him=192.168.1.1:500 any-match
| find_host_pair: comparing to me=132.213.238.7:500 %address him=192.168.1.1:500
| find_host_pair: concluded with parker1--jj2
| found_host_pair_conn (find_host_connection2): 132.213.238.7:500 %address/192.168.1.1:500 -> hp:parker1--jj2
| searching for connection with policy = IKEv2ALLOW/-
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK (parker1--jj2)
| find_host_connection2 returns parker1--jj2 (ike=none/none)
./parentR1 tentatively considering connection: parker1--jj2
| creating state object #1 at Z
| orient parker1--jj2 checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient parker1--jj2 finished with: 1 [132.213.238.7]
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| inserting state object #1 bucket: 28
| will not send/process a dcookie
| **emit ISAKMP Message:
|    initiator cookie:
|   00 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
| ***emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE
|    critical bit: none
| ****emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    prop #: 1
|    proto ID: 1
|    spi size: 0
|    # transforms: 4
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| ******emit IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
|     [128 is 128??]
| emitting length of IKEv2 Transform Substructure Payload: 12
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 2
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 4
|    transform ID: 14
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 44
| emitting length of IKEv2 Security Association Payload: 48
./parentR1 KE has 192 byte DH public value; 256 required
./parentR1 sending  notification v2N_INVALID_KE_PAYLOAD to 192.168.1.1:500
| **emit ISAKMP Message:
|    initiator cookie:
|   00 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    next payload type: ISAKMP_NEXT_v2N
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
| Adding a v2N Payload
| ***emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    critical bit: none
|    Protocol ID: PROTO_ISAKMP
|    SPI size: 0
|    Notify Message Type: v2N_INVALID_KE_PAYLOAD
| emitting 2 raw bytes of Notify data into IKEv2 Notify Payload
| Notify data  00 0e
| emitting length of IKEv2 Notify Payload: 10
| emitting 2 zero bytes of message padding into ISAKMP Message
| emitting length of ISAKMP Message: 40
sending 40 bytes for send_v2_notification through eth0:500 to 192.168.1.1:500 (using #1)
|   00 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   29 20 22 20  00 00 00 00  00 00 00 28  00 00 00 0a
|   01 00 00 11  00 0e 00 00
./parentR1 deleting state #1 (STATE_PARENT_R1)
| considering request to delete IKE parent state
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| complete v2 state transition with STF_FAIL
./parentR1 STATE_CHILDSA_DEL: INVALID_KEY_INFORMATION
./parentR1 sending  notification v2N_INVALID_KE_PAYLOAD to 192.168.1.1:500
| **emit ISAKMP Message:
|    initiator cookie:
|   00 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    next payload type: ISAKMP_NEXT_v2N
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
| Adding a v2N Payload
| ***emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    critical bit: none
|    Protocol ID: PROTO_ISAKMP
|    SPI size: 0
|    Notify Message Type: v2N_INVALID_KE_PAYLOAD
| emitting length of IKEv2 Notify Payload: 8
| emitting length of ISAKMP Message: 36
sending 36 bytes for send_v2_notification through eth0:500 to 192.168.1.1:500 (using #1)
|   00 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   29 20 22 20  00 00 00 00  00 00 00 24  00 00 00 08
|   01 00 00 11
| state transition function for STATE_CHILDSA_DEL failed: INVALID_KEY_INFORMATION
./parentR1 deleting connection
| pass 0: considering CHILD SAs to delete
| pass 1: considering PARENT SAs to delete
./parentR1 leak: 2 * notification packet, item size: X
./parentR1 leak: db_attrs, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_v2_prop, item size: X
./parentR1 leak: db_attrs, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_attrs, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_attrs, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_attrs, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: db_attrs, item size: X
./parentR1 leak: db_v2_trans, item size: X
./parentR1 leak: db_v2_prop_conj, item size: X
./parentR1 leak: 12 * sa copy attrs array, item size: X
./parentR1 leak: sa copy trans array, item size: X
./parentR1 leak: sa copy prop array, item size: X
./parentR1 leak: sa copy prop conj array, item size: X
./parentR1 leak: sa copy prop_conj, item size: X
./parentR1 leak: saved first received packet, item size: X
./parentR1 leak: ikev2_inI1outR1 KE, item size: X
./parentR1 leak: struct state in new_state(), item size: X
./parentR1 leak: msg_digest, item size: X
./parentR1 leak: policies path, item size: X
./parentR1 leak: ocspcerts path, item size: X
./parentR1 leak: aacerts path, item size: X
./parentR1 leak: certs path, item size: X
./parentR1 leak: private path, item size: X
./parentR1 leak: crls path, item size: X
./parentR1 leak: cacert path, item size: X
./parentR1 leak: acert path, item size: X
./parentR1 leak: default conf var_dir, item size: X
./parentR1 leak: default conf conffile, item size: X
./parentR1 leak: default conf ipsecd_dir, item size: X
./parentR1 leak: default conf ipsec_conf_dir, item size: X
./parentR1 leak: 2 * id list, item size: X
./parentR1 leak: secret, item size: X
./parentR1 leak: 2 * hasher name, item size: X
./parentR1 leak detective found Z leaks, total size X
Pre-amble (offset: X): #!-pluto-whack-file- recorded on FOO
