Failed to allocate memory.

分配内存失败

Failed to set an IPv6 header variable to 0.

将IPv6头可变部分置零时出错

Failed to add SP entry in kernel.

向内核添加SP（Security Policy，安全策略） entry失败

Failed to find SP entry in kernel.

在内核中查找SP entry失败

The SP doesn't exist in kernel.

内核中不存在SP

The IPsec tunnel doesn't exist in kernel.

内核中不存在IPsec隧道

The DPD doesn't exist in kernel.

内核中不存在DPD（Dead Peer Detection，对等体存活检测）

Failed to require CCFJOB structure.

申请CCF JOB结构失败

Failed to encrypt CCF.

CCF加密失败

The SA doesn't exist.

SA不存在

Failed to decrypt CCF.

CCF解密失败

Failed to create CCF session.

创建CCF session失败

The packet hash values don’t match.

解封装后的报文哈希值不匹配

No SA in IPsec tunnel.

IPsec隧道中没有SA

Can't find next SA in AH-ESP mode.

AH-ESP模式下，下一个SA找不到

IPsec tunnel has been deleted or updated when fast forwarding is performed.

快转时IPsec隧道已经被删除或更新

Packet should have been encrypted by IPsec.

报文本应该被IPsec保护

SA has been deleted or updated when fast forwarding is performed.

快转时SA已经被删除或更新

In transport mode, SA address doesn’t match packet address.

传输模式下，报文中的地址与SA中的不一致

The packet is too big: size = size.

报文过大，报文大小为size

Failed to add outer IP header.

添加外部IP头失败

The packet is not an IPsec packet.

非IPsec报文

Can't find SP.

找不到SP

Can't find SA by SP.

根据SP查找不到对应的SA

Failed to add node to invalid SPI hash table.

向无效SPI哈希表添加节点失败

Failed to add SA to IPsec tunnel.

向IPsec隧道添加SA失败

Failed to connect to the IPsec daemon.

连接IPsec用户态守护进程失败

The block-flow-table doesn't exist.

阻流表不存在

The ACL mode is wrong.

ACL模式错误

Received replayed packet.

收到了重放包

Can’t find SA when processing ICMP too big packet: SPI = spi.

在处理ICMP过大报文过程中找不到SA，SPI值为spi

No SA in IPsec tunnel.

IPsec隧道没有任何SA

Invalid IPsec profile index.

无效的IPsec profile索引

Failed to get IPsec profile name.

获取IPsec profile名称失败

After decryption, source address check failed.

解封装后源地址检查失败

Failed to create lipc socket.

创建lipc socket失败

The SP already exists.

SP已经存在

Failed to add SP in kernel.

向内核添加SP失败

Failed to add profile SP in kernel

向内核添加profile SP失败

Failed to add SA in kernel.

向内核添加SA失败

Failed to delete SA in kernel.

删除内核中的SA失败

Failed to add IPsec tunnel in kernel.

向内核添加IPsec隧道失败

Failed to delete tunnel in kernel.

删除内核中的IPsec隧道失败

Failed to add DPD in kernel.

向内核添加DPD失败

Failed to delete DPD in kernel.

删除内核中的DPD失败

The SP entry doesn't exist in kernel.

内核SP entry不存在

Number of SAs exceeded the limit.

SA数量超过最大值

Failed to create IPsec IF-CB.

创建IPsec接口控制块失败

Failed to set IPsec IF-CB to interface

(ifIndex = ifindex)

向接口上设置IPsec接口控制块失败，其接口索引为ifindex

Failed to change the aging timer for block-flow-table.

修改阻流表的老化时间失败

Failed to create policy/template.

由命令行创建策略/模板失败

Failed to create policy/template group.

由命令行创建策略组/模板组失败

Failed to initialize policy hash table.

策略哈希表初始化失败

Failed to recover policy/template.

恢复策略/模板失败

Failed to recover policy/template group.

恢复策略组/模板组失败

Failed to recover transform reference.

恢复提议的引用关系失败

Failed to save policy/template/profile info to DBM.

向DBM中保存策略/模板/profile信息失败

Failed to delete policy/template/profile info from DBM.

从DBM中删除策略/模板/profile信息失败

Failed to save system configuration to DBM.

向DBM中保存系统配置失败

Failed to save transform configuration to DBM.

向DBM中保存提议配置失败

Failed to get system configuration from DBM.

从DBM中读取系统配置失败

Failed to save source interface configuration to DBM.

向DBM中保存源接口配置失败               

Failed to save interface configuration to DBM.

向DBM中保存接口配置失败

Failed to get interface name by ifIndex.

通过接口索引获取接口名称失败

Failed to start IPsec daemon.

启动IPsec进程失败

Failed to alloc SP index.

分配SP索引失败

Failed to malloc SP.

分配SP资源失败

Failed to malloc SP entry.

分配SP entry资源失败

Failed to update kernel SP entry.

更新内核的SP entry失败

Failed to find SP entry.

查找SP entry 失败

Failed to add SP to array.

将SP加入数组失败

Failed to find template group.

查找模板组失败

Failed to add policy SP to kernel

向内核添加policy SP失败

Failed to find policy SP.

查找policy SP失败

Failed to add profile SP to kernel.

向内核添加profile SP失败

Failed to get SP when filling ISAKMP SA data.

填充ISAKMP SA数据时获取SP失败

Failed to get DPD when filling ISAKMP SA data.

填充ISAKMP SA数据时获取DPD失败

Failed to add IPsec tunnel when adding manual SA.

添加手工SA时添加IPsec隧道失败

Failed to add IPsec tunnel during ISSU update process.

进行ISSU升级时，添加IPsec隧道失败

Failed to add SA when adding manual SA.

添加手工SA时添加SA失败

Failed to fill SA when adding ISAKMP SA.

添加ISAKMP方式SA时填充SA失败

Failed to add IPsec tunnel when adding ISAKMP SA.

添加ISAKMP方式SA时添加IPsec隧道失败

Failed to add timer when adding ISAKMP SA.

添加ISAKMP方式SA时添加定时器失败

Failed to alloc SPI.

分配SPI失败

Failed to alloc new SPI for ISAKMP SA.

分配ISAKMP方式SA的新SPI失败

Failed to alloc larva SA index when adding larva SA.

添加临时SA时分配临时SA索引失败

Failed to add larval SA.

添加临时SA失败

Failed to alloc SA index.

分配SA索引失败

Failed to alloc ISAKMP SA index.

分配ISAKMP方式SA的索引失败

Failed to alloc manual SA index.

分配手工方式SA的索引失败

Failed to add SA.

添加SA失败

Failed to add SA to kernel.

向内核添加SA失败

Failed to add SA to kernel during ISSU update process.

当进行ISSU升级时向内核添加SA失败

Failed to alloc DPD Index.

分配DPD索引失败

Failed to add DPD timer.

添加DPD定时器失败

Failed to add DPD to kernel.

向内核添加DPD失败

Failed to add DPD timer during smooth processing with IKE.

和IKE进行平滑处理时添加DPD定时器失败

Failed to add DPD to kernel during smooth processing with IKE.

和IKE进行平滑处理时向内核添加DPD数据失败

The same outbound profile SA has existed. SPI: spi Protocol: protocol.

已存在相同的出方向profile SA（IPsec profile生成的SA）。SPI值为spi，协议类型为protocol

The same outbound policy SA has existed. SPI: spi, Remote address: remote-addr, Protocol: protocol.

已存在相同出方向的policy SA（IPsec policy生成的SA）。SPI值为SPI，对端地址为remote-addr，协议类型为protocol

Failed to generate static route.

新建IPsec隧道时，生成路由信息失败

Failed to add static route.

新建IPsec隧道时，路由模块添加静态路由失败

Failed to delete static route.

删除IPsec隧道时，路由模块删除静态路由失败

Failed to notify route module of starting to smooth IPv4 static routes.

和路由模块平滑路由过程中通知路由模块开始平滑IPv4路由，通知失败

Failed to notify route module of starting to smooth IPv6 static routes.

和路由模块平滑路由过程中通知路由模块开始平滑IPv6路由，通知失败

Failed to subscribe service events.

订阅服务事件失败

Failed to set IPsec fragmentation before encryption configuration to kernel.

向内核设置IPsec加密前分片功能失败

Can't find IPsec policy when setting group name.

设置GDOI组名称时查找IPsec安全策略失败

Failed to create GDOI SA entry.

创建GDOI SA entry失败

Failed to allocate GDOI IPsec SA index.

申请GDOI类型IPsec SA索引资源失败

Failed to find GDOI SP SA entry.

查找GDOI类型SP SA表项失败

Failed to get SP when comparing decrypted packets with ACL.

将解封装后的报文进行ACL匹配时查找SP失败

Failed to pre-fragment packet. Dropped the packet.

对报文进行预分片处理失败，丢弃报文

Can't find shared source SP entry.

不能查找到共享源接口的SP entry

Inbound IPsec processing: source address=src-addr, destination address=des-addr, protocol=pro. Packet was dropped according to IPsec policy policyname(sequence number: seqnum).

报文入方向IPsec处理：源地址为src-addr，目的地址为des-addr，协议为：pro。根据IPsec策略（序列号为seqnum）的匹配结果，该报文被丢弃

Failed to get IF CB: ifIndex=index.

获取接口控制块失败，接口索引为index

Inbound IPsec processing: Failed to check packet by ACL.

入方向IPsec处理：报文未通过ACL检查

Inbound IPsec fast processing: SPI not match.

入方向IPsec快转处理：SPI与快转表不匹配

Failed to Convert Buf To Mbuf. Dropped packet.

转换快转BUF为慢转MBUF失败，丢弃报文

Inbound IPsec fast processing: Failed to check packet by ACL.

入方向IPsec快转处理：报文未通过ACL检查

Failed to get Packet Info.

获取报文信息失败

Inbound IPsec fast GDOI processing: Failed to check packet.

入方向IPsec GDOI快转处理：检查报文失败

Output IPsec fast processing: Max loopCount exceeded.

出方向IPsec快转处理：报文的本地回环计数超出最大值

Output IPsec fast processing: Failed to get IPsec cache data.

出方向IPsec快转处理：获取IPsec快转表数据失败

Inbound AH processing: Dropped packet matching GDOI SA (SPI: spi).

入方向AH报文处理：报文匹配上GDOI类型SA的报文（SPI为spi），被丢弃

Failed to add IPsec SA in kernel: invalid IPsec SA index.

在内核中添加IPsec SA失败，该IPsec SA的索引非法

Failed to add IPsec SA to array hash in kernel.

在内核中添加IPsec SA到哈希队列失败

Failed to add IPsec SA to outbound hash in kernel.

在内核中添加IPsec SA到出方向哈希队列失败

Failed to add IPsec SA to inbound hash in kernel.

在内核中添加IPsec SA到入方向哈希队列失败

Failed to get packet information.

获取解封装后的报文信息失败

No SA in GDOI flow.

找不到用于保护GDOI流的SA

Failed to add outbound SA (index: index) for GDOI flow.

设置保护GDOI流的出方向SA失败

Failed to add flow to HIPAC.

向流表中添加流失败

Failed to alloc memory in kernel.

在内核中分配内存失败

Failed to add GDOI flow to array hash table in kernel.

在内核中添加GDOI类型的流到哈希表失败

Failed to add GDOI flow in kernel.

在内核中添加GDOI类型的流失败

Failed to find IPsec SA with index index when switching SA in kernel.

当在内核中切换SA时根据索引index查找IPsec SA失败

Can't find policy/template when setting security ACL.

设置security ACL时查找IPsec安全策略/模版失败

Failed to add GDOI flow to SP.

添加GDOI类型的流信息到SP失败

Failed to add IPsec SA when adding GDOI SA to SP.

添加GDOI SA到SP的过程中添加IPsec SA失败

Failed to find GDOI SP when adding GDOI SA to SP.

添加GDOI SA到SP的过程中查找GDOI SP失败

Failed to find IPsec SP when adding GDOI SA to SP.

添加GDOI SA到SP的过程中查找IPsec SP失败

Failed to send message of dereference GDOI group to GM.

发送解除IPsec策略引用GDOI组的消息到GM失败

Failed to send message of reference GDOI group to GM.

发送IPsec策略引用GDOI组的消息到GM失败

Failed to add download resource to GDOI SP.

添加KS下发的flow和IPsec资源到GDOI SP失败

Failed to add GDOI SP index.

增加GDOI SP索引失败

Failed to create GDOI SP.

创建GDOI SP失败

Failed to get GDOI group.

获取GDOI组失败

Failed to find GDOI SA entry to set current SPI(spi).

设置SPI为spi的当前SPI时查找GDOI SA表项失败

Failed to set outbound IPsec SA (index: index) to kernel.

在内核设置索引为index的出方向IPsec SA失败

Failed to find GDOI IPsec SA index with SPI spi to set outbound IPsec SA.

设置出方向IPsec SA时查找SPI为spi的GDOI类型的IPsec SA索引失败

Failed to add all GDOI SA entries to SP.

将所有GDOI SA添加到SP时失败

Failed to add IPsec SA index to GDOI SP SA entry.

添加IPsec SA索引到GDOI SP SA表项失败

Failed to create GDOI SP flow.

创建GDOI SP流失败

Failed to find IPsec GDOI SP when clearing ACL check flag.

清除ACL检查标记时查找IPsec GDOI SP失败

Failed to find IPsec GDOI SP when setting ACL check flag.

设置ACL检查标记时查找IPsec GDOI SP失败

Failed to find GDOI SP when display GDOI SA.

显示GDOI SA时查找GDOI SP失败

Failed to find SP SA Entry when display GDOI SA.

显示GDOI SA时查找SP SA Entry失败

Failed to get packet information.

获取解密后报文信息失败

No IPv6 SA in GDOI Flow.

GDOI流中没有IPv6 SA

Failed to add GDOI IPsec SA in kernel.

在内核中添加GDOI类型的IPsec SA失败

Failed to delete GDOI IPsec SA in kernel.

在内核中删除GDOI类型的IPsec SA失败

Failed to switch GDOI IPsec SA (index: index) in kernel.

在内核中切换GDOI IPsec SA（index为index）失败

Failed to find IPsec SA with index (index) when updating SA in kernel.

在内核中更新SA时查找IPsec SA（index为index）失败

Failed to allocate asynchronous encryption data memory.

申请异步加密数据内存失败

Failed to allocate asynchronous data.

申请异步数据内存失败

Failed to match ACL by packet information.

报文信息与ACL匹配失败

Inbound AH processing: Dropped packet matching GDOI SA (SPI: spi).

入方向AH报文处理：接收到匹配上SPI为spi的GDOI SA的报文，丢弃报文

Inbound AH IPv6 processing: Dropped packet matching GDOI SA (SPI: spi).

入方向AH IPv6报文处理：接收到匹配上SPI为spi的GDOI SA的报文，丢弃报文

Inbound AH IPv6 processing: Received invalid packet (SPI: spi). Dropped the packet.

入方向AH IPv6报文处理，接收到匹配上SPI为spi的GDOI SA的报文，丢弃报文

Inbound IPsec ESP processing: Authentication failed.

入方向IPsec ESP报文处理：验证失败

Inbound IPsec ESP processing: Received invalid SPI spi.

入方向IPsec ESP报文处理：接收到一个非法的SPI值为spi

Inbound IPsec processing: Failed to process QoS before decapsulation.

入方向IPsec处理：解封装前QoS处理失败

Failed to set IPsec fragmentation configuration to kernel.

向内核设置IPsec加密后分片功能开关失败

Failed to install IKE.

初始化IKE失败

Invalid length of synchronization update SA.

要同步更新的SA长度非法

Processing GDOI synchronization message of switching SA (index: index): Failed to find outbound SA.

处理GDOI切换索引为index的SA的同步消息：查找出方向SA失败

Processing GDOI synchronization message of switching SA (index: index): Failed to find GDOI SP SA entry.

处理GDOI切换索引为index的SA的同步消息：查找GDOI类型的SP SA表项失败

Processing GDOI synchronization message of switching SA (index: index): Failed to send sync message to kernel.

处理GDOI切换索引为index的SA的同步消息：向内核发送同步信息失败

Invalid length of sync SA.

要同步的SA长度非法

Failed to add SA to backup card.

向备用主控板添加SA失败

Failed to add local SA to backup card.

向备用主控板添加本地SA失败

Invalid length of sync GDOI flow.

要同步的GDOI流长度非法

Failed to add GDOI flow.to backup card.

同步添加GDOI流失败

Failed to allocate memory to sync GDOI SP SA entry.

申请要同步的GDOI类型的SP SA表项空间失败

Failed to create synchronization GDOI SP SA entry.

创建要同步的GDOI类型的SP SA表项失败

Failed to add synchronization GDOI flow.

同步添加GDOI流失败

Failed to find GDOI SP SA entry to update SA (SPI: spi).

更新SPI为spi的IPsec SA时查找GDOI类型SP SA表项失败

Failed to find outbound IPsec SA index with SPI spi to update IPsec SA.

更新IPsec SA时查找SPI为spi的出方向IPsec SA索引失败

Failed to update inbound and outbound IPsec SAs.

更新一套IPsec SA失败

Failed to get IPsec SA indexes to update inbound and outbound IPsec SAs.

更新IPsec SA时获取一套IPsec SA索引失败

Failed to send IPsec SA (index: index) update message to kernel.

向内核发送更新索引为index的IPsec SA消息失败

Updating GDOI IPsec SA: Failed to find outbound IPsec SA with index(index).

更新GDOI IPsec SA：通过值为index的索引获取出方向IPsec SA失败

Updating outbound GDOI IPsec SA: Unsupported protocol(PROTO) .

更新GDOI类型出方向IPsec SA：不支持的协议类型 PROTO

Updating GDOI IPsec SA: Failed to find inbound IPsec SA with index(index).

更新GDOI类型IPsec SA：通过值为index的索引查找入方向IPsec SA失败

Updating inbound GDOI IPsec SA: Unsupported protocol protocol-type.

更新GDOI类型入方向IPsec SA：不支持的协议类型protocol-type

Smooth processiong: Failed to smooth GDOI SP flow of group (name: GroupName).

平滑处理：创建GDOI安全策略流失败

Smooth processiong:Failed to find GDOI SP SA entry to add IPsec GDOI SA.

平滑处理：添加IPsec GDOI SA时，查找不到对应的GDOI安全策略表项

Smooth processiong: Failed to add IPsec GDOI SA by GDOI SA entry.

平滑处理：通过GDOI SA表项添加IPsec GDOI SA失败

Smooth processiong: Failed to add GDOI SA to SP.

平滑处理：添加GDOI SA到安全策略失败

Smooth processiong: Failed to create GDOI SP flow

平滑处理：创建GDOI安全策略流失败

Smooth processiong: Failed to create GDOI SP SA entry.

平滑处理：创建GDOI安全策略SA表项失败

Failed to set GDOI outbound IPsec SA(index: index) to kernel.

下发索引为index的GDOI出方向IPsec SA到内核失败

Restoring GDOI SP SA entry: Failed to allocate GDOI SP SA entry.

恢复GDOI安全策略SA表项：申请GDOI安全策略SA表项空间失败

Failed to restore GDOI IPsec SA index.

恢复GDOI IPsec SA索引失败

Failed to cache GDOI SP SA entry when smoothing GDOI flow.

平滑GDOI流时，缓存GDOI安全策略SA表项失败

Failed to rebuild group (name: GroupName) GDOI SP flow.

重建名为GroupName组的GDOI安全策略流失败

Failed to allocate GDOI SP SA entry.

申请GDOI安全策略SA表项空间失败

Failed to add GDOI SP SA entry.

添加GDOI安全策略SA表项失败

Failed to allocate GDOI SP flow.

申请GDOI安全策略流空间失败

Failed to allocate GDOI SP.

申请GDOI安全策略空间失败

Failed to create GDOI SP SA entry: not enough resources.

内存不足，创建GDOI安全策略SA表项失败

Failed to create GDOI IPsec SA index: not enough resources.

内存不足，创建GDOI IPsec SA索引失败

Failed to create GDOI SP: not enough resources.

内存不足，创建GDOI安全策略失败

Failed to allocate GDOI SP SA entry index.

申请GDOI安全策略SA表项索引失败

Failed to add IPsec GDOI SA by GDOI SA entry.

通过GDOI SA表项添加IPsec GDOI SA失败

Smooth processiong: Failed to add no-context data to SP because resources were short.

平滑处理：内存不足，将缓存的没有上下文的数据下发到接口失败

Smooth processiong: Failed to add no-context IPsec GDOI SA by GDOI SA entry.

平滑处理：添加安全策略SA表项下记录的没有上下文的GDOI SA失败

Smooth processiong: Failed to find GDOI SA when adding no-context GDOI SA

平滑处理：添加没有上下文的GDOI SA时，查找GDOI SA失败

Smooth processiong: Failed to add IPsec GDOI SA when adding no-context GDOI SA

平滑处理：添加没有上下文的GDOI SA时，添加IPsec GDOI SA失败

Smooth processiong: Failed to add IPsec SA index when adding no-context GDOI SA

平滑处理：添加没有上下文的GDOI SA时，添加IPsec SA索引失败

Failed to add GDOI flow to kernel.

添加GDOI流到内核失败

Failed to find entry to add GDOI SP SA.

添加GDOI安全策略SA时找不到表项

Failed to add GDOI update download data to SP: not enough resources.

内存不足，将GDOI的更新数据添加至安全策略失败

Failed to add GDOI download data to SP: not enough resources.

内存不足，将GDOI下发的数据添加到安全策略失败

Failed to update GDOI IPsec SA to kernel.

更新GDOI IPsec SA到内核失败

Smooth processing: Failed to add GDOI SA entry.

平滑处理：添加GDOI SA表项失败

Smooth processing: Failed to add GDOI IPsec SA.

平滑处理：添加GDOI IPsec SA失败

Smooth processing: Failed to add GDOI IPsec SA to kernel.

平滑处理：添加GDOI IPsec SA到内核失败

Smooth processing: Failed to add GDOI SA(SPI: spi).

平滑处理：添加SPI为spi的GDOI SA失败

Smooth processing: Failed to add GDOI IPsec SA because resources were short.

平滑处理：内存不足，添加GDOI IPsec SA失败

Smooth processing: Failed to add GDOI IPsec SA because context was invalid.

平滑处理：上下文非法，添加GDOI IPsec SA失败

Failed to allocate GDOI SA entry.

申请GDOI SA表项空间失败

Failed to find SA entry to create GDOI SA.

添加GDOI SA时，查找SA表项失败

Failed to allocate GDOI SA.

申请GDOI SA空间失败

Failed to find SA entry to create GDOI SA update data.

创建GDOI SA的更新数据时，查找SA表项失败

Failed to allocate GDOI SA update data.

申请GDOI SA更新数据空间失败

Failed to add GDOI IPsec SA to kernel.

添加GDOI IPsec SA到内核失败

Failed to add GDOI IPsec SA.

添加GDOI IPsec SA失败

Failed to add GDOI IPsec SA: not enough resources.

内存不足，添加GDOI IPsec SA失败

Restoring GDOI SP SA Entry: Failed to find GDOI SP.

恢复GDOI安全策略SA表项时，查找GDOI安全策略失败

Processing group(name: GroupName) smooth end message: Failed to find GDOI group.

处理GDOI组平滑结束消息：获取GDOI组失败

Processing group(name: GroupName) smooth end message: Failed to add download resource to all interfaces.

处理GDOI组平滑结束消息：将资源下发到所有接口失败

Processing group(name: GroupName) smooth begin message: Failed to find GDOI group.

处理GDOI组平滑开始消息：获取GDOI组失败

Processing group(name: GroupName) smooth TEK message: Failed to find GDOI group.

处理GDOI组平滑TEK消息：获取GDOI组失败

Processing group(name: GroupName) smooth TEK message: Failed to add GDOI SA(SPI: spi).

处理GDOI组平滑TEK消息：添加SPI为spi的GDOI SA失败

Processing group(name: GroupName) smooth flow message: Failed to find GDOI group.

处理GDOI组平滑流消息：获取GDOI组失败

Processing group(name: GroupName) smooth flow message: Failed to add GDOI flow(rule num).

处理GDOI组平滑流消息：添加ACL规则编号为num的GDOI流失败

Failed to reference GDOI group: not enough resources.

内存不足，引用GDOI组失败

IPsec policy SPName family (SPFamily ) and GDOI GM group GroupName family (GroupFamily) not match.

SPName策略的IPsec协议簇版本为SPFamily，与名为GroupName的GDOI GM组的协议簇GroupFamily不符合

Processing group(name: GroupName) delete-all message: Failed to find GDOI group.

处理组GDOI组删除所有数据消息：获取GDOI组失败

Processing group(name: GroupName) batch-update-TEK message: Failed to find GDOI group.

处理组GDOI组批量更新TEK消息：获取GDOI组失败

Processing group(name: GroupName) batch-update-TEK message: Failed to find GDOI SA(SPI: spi).

处理组GDOI组批量更新TEK消息：获取SPI为spi的GDOI SA失败

Processing group(name: GroupName) batch-sync-flow message: Failed to find GDOI group.

处理组GDOI组批量同步流消息：获取GDOI组失败

Processing group(name: GroupName) batch-sync-flow message: Failed to synchronize GDOI flow

处理GDOI组批量同步流消息：同步GDOI流失败

Processing group(name: GroupName) batch-set-outbound-TEK message: Failed to find GDOI group.

处理GDOI组批量配置出方向TEK消息：获取GDOI组失败

Processing group(name: GroupName) batch-set-outbound-TEK message: Failed to set outbound SA(SPI: spi).

处理GDOI组批量配置出方向TEK消息：设置SPI为spi的出方向SA失败

Processing group(name: GroupName) batch-update end message: Stop processing: not enough resources.

处理GDOI组批量更新结束消息：内存不足，处理中断

Processing group(name: GroupName) batch-update end message: Failed to find GDOI group.

处理GDOI组批量更新结束消息：查找GDOI组失败

Processing group(name: GroupName) batch-update end message: Failed to add download resource to all interfaces.

处理GDOI组批量更新结束消息：添加下发数据到所有接口失败

Processing group(name: GroupName) batch-delete-TEK-SPI message: Failed to find GDOI group.

处理GDOI组批量删除TEK SPI消息：查找GDOI组失败

Processing group(name: GroupName) batch-delete-TEK-flow message: Failed to find GDOI group.

处理GDOI组批量删除TEK流消息：查找GDOI组失败

Processing group(name: GroupName) batch-delete-TEK-flow message: Failed to cache GDOI flow(rule rule).

处理GDOI组批量删除TEK流消息：缓存编号为rule的GDOI流失败

Processing group(name: GroupName) batch-update begin message: Stop processing: not enough resources.

处理GDOI组批量更新开始消息：内存不足，处理中断

Processing group(name: GroupName) batch-update begin message: Failed to find GDOI group.

处理GDOI组批量更新开始消息：查找GDOI组失败

Processing group(name: GroupName) batch-add-TEK message: Processing stopped because resources were short

处理GDOI组批量添加TEK消息：内存不足，处理中断

Processing group(name: GroupName) batch-add-TEK message: Failed to find GDOI group.

处理GDOI组批量添加TEK消息：查找GDOI组失败

Processing group(name: GroupName) batch-add-TEK message: Failed to Cached GDOI SA(SPI: spi).

处理GDOI组批量添加TEK消息：缓存SPI为spi的GDOI SA失败

Processing group(name: GroupName) batch-add-flow message: Stop processing: not enough resources.

处理GDOI组批量添加流消息：内存不足，处理中断

Processing group(name: GroupName) batch-add-flow message: Failed to find GDOI group.

处理GDOI组批量添加流消息：获取GDOI组失败

Processing group(name: GroupName) batch-add-flow message: Failed to add GDOI flow(rule rule).

处理GDOI组批量添加流消息：添加编号为rule的GDOI流失败

Smooth processing: Failed to find IPsec SP when adding GDOI group(name: GroupName) smooth data to SP.

平滑处理：添加GDOI组数据到接口时，查找IPsec安全策略失败

Smooth processing: Failed to find GDOI SP when adding GDOI group(name: GroupName) smooth data to SP.

平滑处理：添加GDOI组数据到接口时，查找GDOI安全策略失败

Smooth processing:Failed to add smooth data to SP when adding GDOI group(name: GroupName) smooth data to SP.

平滑处理：添加GDOI组数据到接口时，添加平滑数据失败

Failed to find GDOI group (name: GroupName) when recovering GDOI SP.

恢复GDOI安全策略时，查找名为GroupName的GDOI组失败

Failed to recover GDOI SP(index: index).

恢复索引为index的GDOI安全策略失败

Failed to add SA to IF: not enough resources.

内存不足，添加SA到接口失败

Failed to find SA entry when adding GDOI SA to SP.

添加GDOI SA到安全策略时，查找SA表项失败

Failed to find IPsec SP when adding GDOI SA to SP.

添加GDOI SA到安全策略时，查找IPsec安全策略失败

Failed to find GDOI SP when adding GDOI SA to SP.

添加GDOI SA到安全策略时，查找GDOI安全策略失败

Failed to add IPsec SA when adding GDOI SA to SP.

添加GDOI SA到安全策略时，添加IPsec SA失败

Failed to Set outbound IPsec SA (index: index) to kernel.

下发索引为index的出方向IPsec SA到内核失败

Failed to find GDOI SP when adding SA.

添加SA时，查找GDOI安全策略失败

Failed to find group GroupName when adding SA.

添加SA时，查找组名为GroupName组失败

Failed to add download resource to GDOI SP.

将下发的数据添加到GDOI安全策略失败

Failed to cache GDOI flow(rule num) to be deleted.

缓存待删除的ACL规则编号为num的GDOI流失败

Failed to cache GDOI SA (SPI: spi).

缓存SPI为spi的GDOI SA失败

Failed to create SP index: not enough resources.

内存不足，创建安全策略索引失败

Failed to allocate GDOI group index.

申请GDOI组索引空间失败

Failed to allocate GDOI group: not enough resources.

内存不足，申请GDOI组空间失败

Failed to allocate GDOI group.

申请GDOI组空间失败

Smooth processing: Failed to find IPsec SP when adding no-context data of GDOI group group-name to SP.

平滑处理：添加GDOI组没有上下文的数据到安全策略时，查找IPsec安全策略失败

Smooth processing:Failed to find GDOI SP when adding no-context data of GDOI group group-name  to SP.

平滑处理：添加GDOI组没有上下文的数据到安全策略时，查找GDOI安全策略失败

Smooth processing:Failed to add smooth data to SP when adding no-context data of GDOI group group-name to SP.

平滑处理：添加GDOI组没有上下文的数据到安全策略时，添加平滑数据到安全策略失败

Smooth processing: Failed to find IPsec SP when adding GDOI group(name: GroupName) update data to SP.

平滑处理：添加GDOI组更新数据到安全策略时，查找IPsec安全策略失败

Smooth processing: Failed to find GDOI SP when adding GDOI group(name: GroupName) update data to SP.

平滑处理：添加GDOI组更新数据到安全策略时，查找GDOI安全策略失败

Smooth processing: Failed to add update data to SP when adding GDOI group(name: GroupName) update data to SP.

平滑处理：添加GDOI组更新数据到安全策略时，添加更新数据到安全策略失败

Smooth processing: Failed to add smooth data when adding GDOI group(name: GroupName) download data to SP.

平滑处理：添加GDOI组下发的数据到安全策略时，添加平滑数据失败

Smooth processing: Failed to create GDOI flow.

平滑处理：创建GDOI流失败

Smooth processing: Failed to add GDOI flow.

平滑处理：添加GDOI流失败

Failed to create GDOI flow.

创建GDOI流失败

Failed to allocate flow: not enough resources.

内存不足，申请流空间失败

Processing check group(name: GroupName) reference message: No interface referenced this group.

处理检查名为GroupName组的检查组引用信息时，没有接口引用了这个组

Processing check group(name: GroupName)  reference message: Failed to send message.

处理检查名为GroupName组的检查组引用信息时，发送消息失败

The IPsec IF-CB(ifIndex = ifindex) will be deleted in kernel.

内核中的IPsec的接口控制快（接口序号为ifindex）将要被删除掉

Can't find block-flow-table.

找不到阻流表

Can't find an IPsec tunnel to match the flow.

找不到匹配流的IPsec隧道

IPsec daemon successfully connected.

成功连接到IPsec用户态守护进程

IPsec daemon disconnected.

与用户态守护进程失去连接

Sent SA-Acquire message: SP ID = ID.

发送SA协商请求，对应SP的ID为ID

Sent SA-Expire message: SP ID = SPID, tunnel ID = TNLID.

发送SA重协商请求，对应SP的ID为SPID，Tunnel ID为TNLID

Sent Invalid-SPI message: SPI = spi.

发送Invalid-SPI消息， SPI值为spi

Sent DPD-Request message: DPD ID = DPDID

发送DPD探测请求消息， DPD ID为DPDID

Updated outbound SA of IPsec tunnel: SA ID = saindex.

更新IPsec隧道出方向的SA，SA序号为saindex

Received an interface event message for interface interface-type interface-num, event: event.

收到响应接口事件消息，接口名称为interface-type interface-num，接口事件为event

Received interface network layer event message.

收到响应接口网络层事件消息

Received an event message for slot slot-id, event: event.

收到响应接口板事件消息，板号为slot-number，消息类型为event

Received an ACL message for ACL acl-number, event: event.

收到ACL消息，ACL编号为acl-number，消息类型为event

Received an address message for interface interface-type interface-num, event: event.

收到地址消息，接口名称为interface-type interface-num，消息类型为event

Sent notify message to kernel: slot slot-id, event: event.

发送notify消息给内核，板号为slot-number，消息类型为event

Sent msg to kernel.

向内核发送消息msg，msg是消息类型，包括以下几种：

·     add SP entry：添加SP entry

·     update SP entry：更新SP entry

·     delete SP entry：删除SP entry

·     add source-if SP entry：添加源接口SP entry

·     delete source-if SP entry：删除源接口SP entry

·     add SP：添加SP

·     update SP：更新SP

·     delete SP：删除SP

·     add profile SP：添加profile SP

·     delete profile SP：删除profile SP

·     update profile SP：更新profile SP

Added SA to kernel successfully .

向内核添加SA成功

SA successfully added in kernel.

内核添加SA成功

SA successfully deleted in kernel.

删除内核中的SA成功

Added outbound SA to IPsec tunnel(SA ID = sa-index)

向IPsec隧道添加出方向SA(SA索引为sa-index)

Added tunnel to kernel successfully.

向内核添加IPsec隧道成功

IPsec tunnel successfully added in kernel.

内核添加IPsec隧道成功

IPsec tunnel successfully deleted in kernel.

删除内核中的IPsec隧道成功

IPsec tunnel successfully added to list.

向链表添加IPsec隧道成功

IPsec tunnel added to aggregation-hash

向聚合哈希表中添加IPsec隧道成功

Added SP entry.

添加SP entry

Added SP by policy.

根据策略添加SP

SP entry successfully added in kernel.

内核成功添加SP entry

SP successfully added in kernel.

内核成功添加SP

Added policy SA by manual SP, SP index: index, SP sequence number: sp-seq.

成功根据手工SP添加策略SA，SP索引为sp-index，SP序号为sp-seq

Successfully added an IPsec tunnel during ISSU update process.

在ISSU升级时成功添加IPsec隧道

Added an IPsec tunnel when adding manual SA: tunnel index = tunnel-id, tunnel sequence number = tunnel_seq.

添加手工SA过程中成功添加IPsec隧道。IPsec隧道索引是tunnel-id，IPsec隧道序号是tunnel_seq

Added manual SAs. Number of SAs added is number.

成功添加手工SA。添加的SA的个数number

No. ordinal-number SA: index = sa-id, sequence number = sa-seq.

第ordinal-number个SA的索引是sa-id，SA的序列号是sa-seq

Added SA context to SP.

成功向SP中添加SA内容

Added an IPsec tunnel when adding ISAKMP SA: tunnel index = tunnel-id, tunnel sequence number = tunnel_seq.

添加ISAKMP方式SA过程中成功添加IPsec隧道。IPsec隧道索引是tunnel-id，IPsec隧道序号是tunnel_seq

Added ISAKMP SAs. Number of SAs added is number. No. ordinal-number SA: index = sa-id, sequence number = sa-seq.

成功添加ISAKMP方式SA。添加的SA的个数number，第ordinal-number个的SA索引是sa-id，SA序号是sa-seq

Added SA context to IKE.

向IKE发送SA内容

Timer successfully added when adding ISAKMP SA.

添加ISAKMP方式SA时添加定时器成功

Started to smoothly process SA with IKE.

开始和IKE进行平滑SA

Finished smooth processing SA with IKE.

结束和IKE平滑SA

Started to smoothly process IPsec tunnel with IKE.

开始和IKE进行平滑IPsec隧道

Finished smooth processing IPsec tunnel with IKE.

结束和IKE平滑IPsec隧道

Started to smoothly process DPD with IKE.

开始和IKE进行平滑DPD

Finished smooth processing DPD with IKE.

结束和IKE平滑DPD

Sent msg message to slot:slot-id, message type is type-id.

向slot-id号接口板发送msg消息，消息ID是type-id

消息类型和其对应的类型ID如下：

·     debug：调试，类型ID为3

·     anti-replay check：抗重放检查，类型ID为4

·     decryption check：解封装后检查，类型ID为5

·     log switch：log开关，类型ID为6

·     idle：空闲，类型ID为7

·     global df-bit：全局df-bit设置，类型ID为8

·     df-bit：接口df-bit设置，类型ID为9

·     all global configuration：所有全局配置，类型ID为10

·     add SP entry：添加SP entry，类型ID为11

·     update SP entry：更新SP entry，类型ID为12

·     delete SP entry：删除SP entry/类型ID为13

·     add SP：添加SP/类型ID为14

·     update SP：更新SP/类型ID为15

·     delete SP：删除SP/类型ID为16

·     add profile SP：添加profile SP，类型ID为17

·     update profile SP：更新profile SP，类型ID为18

·     delete profile SP：删除profile SP，类型ID为19

·     add tunnel：添加tunnel，类型ID为20

·     delete tunnel：删除tunnel，类型ID为21

·     add SA：添加SA，类型ID为22

·     delete SA：删除SA，类型ID为23

·     update MTU：更新MTU，类型ID为24

·     switch SA：切换SA，类型ID为25

·     delete block-flow table：删除阻流表/类型ID为26

·     add DPD：添加DPD/类型ID为27

·     update DPD：更新DPD，类型ID为28

·     delete DPD：删除DPD，类型ID为29

·     update DPD index of SA：更新SA的DPD索引，类型ID为30

·     reset statistics：重置统计计数，类型ID为31

·     idle report：idle报告，类型ID为32

·     smooth start：平滑开始，类型ID为32

·     smooth end：平滑结束，类型ID为34

Adding route: Dest/Mask: ip-address/mask-length, Next hop: ip-address , Source vpn instance: vpn-name, Destination vpn instance: vpn-name, Tag: tag-value, Preference: preference-num

新建IPsec隧道时，即将添加一条静态路由信息

·     Dest/Mask：目的IP地址/掩码长度

·     Next hop：下一跳IP地址

·     Source vpn instance：路由目的地址所属的VPN

·     Destination vpn instance：路由下一跳地址所属的VPN

·     Tag：路由标记

·     Preference：路由优先级

Deleting route: Dest/Mask: ip-address/mask-length, Next hop: ip-address, Source vpn instance: vpn-name, Destination vpn instance: vpn-name, Tag: tag-value, Preference: preference-num

删除IPsec隧道时，即将删除一条静态路由信息

Successfully added a static route.

新建IPsec隧道时，路由模块添加静态路由成功

Only increased the reference count of the static route but didn't add it.

新建IPsec隧道时，发现已经向路由模块添加过相同的静态路由，则不再通知路由模块添加此路由仅增加该路由的引用计数

Successfully deleted a static route.

删除IPsec隧道时，路由模块删除静态路由成功

Only reduced the reference count of the static route but didn't delete it.

删除IPsec隧道时，发现两个以上IPsec隧道对应同一条静态路由，则不通知路由模块删除该静态路由仅减少该路由的引用计数

Started to smoothly process the IPv4 static routes.

开始对IPv4静态路由进行平滑处理

Started to smoothly process the IPv6 static routes.

开始对IPv6静态路由进行平滑处理

Finished smooth processing of the IPv4 static routes.

结束对IPv4静态路由的平滑处理

Finished smooth processing of the IPv6 static routes.

结束对IPv6静态路由的平滑处理

Successfully subscribed service events.

成功订阅所有的服务事件

Received a service event: the status of IPv4 route service is up.

接收到一个IPv4路由服务up事件

Received a service event: the status of IPv4route service is down.

接收到一个IPv4路由服务down事件

Received a service event: the status of IPv6 route service is up.

接收到一个IPv6路由服务up事件

Received a service event: the status of IPv6 route service is down.

接收到一个IPv6路由服务down事件

Deleted GDOI SA with SPI spi successfully.

成功删除SPI为spi的GDOI SA

GDOI SA(SPI: %u) already existed.

SPI为spi的GDOI SA已经存在

Added GDOI IPsec SA (SPI=spi, index=index, sequence number=seq-num) successfully.

添加GDOI类型的IPsec SA成功（SPI为spi，索引为index，序列号为seq-num）

Created GDOI SA entry successfully.

创建GDOI SA表项成功

Created GDOI SP SA entry successfully.

创建GDOI SP SA表项成功

Added GDOI flow to kernel successfully.

添加GDOI流信息到内核成功

Deleted GDOI SP flow successfully.

删除GDOI SP流信息成功

Deleted GDOI SP SA entry successfully.

删除GDOI SP SA表项成功

Found GDOI SA: SPI=spi, SrcPort=src-port, DstPort=dst-port.

找到GDOI类型的IPsec SA（SPI为spi，源端口号为src-port，目的端口号为dst-port）

GDOI flow has been updated.

GDOI类型的流被更新

Added outbound SA(index: index) to GDOI flow successfully.

向GDOI类型的流添加出方向SA（索引为index）成功

Deleted outbound SA(index: index) from GDOI flow.

删除保护GDOI流的索引为index的SA

Added flow to HIPAC successfully.

向流表中添加GDOI流成功

Deleted GDOI flow successfully in kernel.

在内核中删除GDOI流成功

Added GDOI IPsec SA successfully in kernel.

在内核中添加GDOI IPsec SA成功

Added GDOI flow successfully in kernel.

在内核中添加GDOI流成功

Failed to find IPsec SA with index index when deleting SA in kernel.

当在内核中删除SA时根据IPsec SA索引index查找IPsec SA失败

Deleted GDOI SA successfully in kernel.

在内核中删除GDOI SA成功

Switched GDOI SA(index: index) successfully in kernel.

在内核中切换GDOI SA（索引为index）成功

Added GDOI IPsec SA to kernel successfully.

添加GDOI IPsec SA到内核成功

Set GDOI outbound IPsec SA(index: index) to kernel successfully.

设置索引为index的出方向GDOI IPsec SA到内核成功

Created GDOI SP SA entry successfully.

创建GDOI SP SA entry成功

GDOI IPv6 flow has been updated.

GDOI IPv6流更新成功

Deleted GDOI IPsec SA successfully in kernel.

在内核中删除GDOI IPsec SA成功

Switched GDOI IPsec SA(index: index) successfully in kernel.

在内核中切换index为index的GDO IPsec SA成功

IPsec tunnel has been updated.

IPsec隧道更新成功

Created GDOI flow successfully.

创建GDOI流成功

Smooth processing: Added GDOI flow successfully.

平滑处理：添加GDOI流成功

Deleted GDOI group(name: GroupName) successfully.

删除组名为GroupName的GDOI组成功

Restored GDOI group(name: GroupName) successfully.

恢复组名为GroupName的GDOI组成功

Restored GDOI SP(index: index) successfully.

恢复索引为index的GDOI安全策略成功

Cached GDOI SA(SPI: spi) successfully.

恢复索引为index的GDOI安全策略成功

Started to smoothly process GDOI group with IKE.

开始和IKE模块平滑GDOI组数据

Checked GDOI group after smooth with IKE.

和IKE模块平滑后，检查GDOI组

Processing group(name: GroupName) batch-add-flow message: Added GDOI flow(rule num) successfully

处理GDOI组的批量添加流信息：添加ACL规则编号为num的GDOI流成功

Processing group(name: GroupName) batch-add-flow message: GDOI flow(rule num) already exist.

处理GDOI组的批量添加流信息：ACL规则编号为num的GDOI流已经存在

Processing group(name: GroupName) batch-sync-flow message:Synchronize GDOI flow successfully.

处理GDOI组的批量同步流信息：同步GDOI流成功

Processing group(name: GroupName) batch-delete-TEK-flow message: Cached GDOI flow(rule num) successfully.

处理GDOI组的批量删除TEK流信息：缓存ACL规则编号为num的GDOI流成功

Processing group(name: GroupName) add-TEK message: Cached GDOI SA(SPI: spi) successfully.

处理GDOI组的添加TEK信息：缓存SPI为spi的GDOI SA成功

Processing group(name: GroupName) add-TEK message: GDOI SA(SPI: spi) already exist.

处理GDOI组的添加TEK信息：SPI为spi的GDOI SA已经存在

Processing group(name: GroupName) delete-all message: Deleted all GDOI flow and SA successfully.

处理GDOI组的删除所有数据信息：删除所有GDOI流和SA成功

Processing group(name: GroupName) smooth-flow message: Added GDOI flow(rule num) successfully.

处理GDOI组的平滑流信息：添加ACL规则编号为num的GDOI流成功

Processing group(name: GroupName) smooth-flow message: GDOI flow(rule num) already exist.

处理GDOI组的平滑流信息：ACL规则编号为num的GDOI流已经存在

Processing group(name: GroupName) smooth-TEK message: Added GDOI SA(SPI: spi) successfully.

处理GDOI组的平滑TEK信息：添加SPI为spi的GDOI SA成功

Processing group(name: GroupName) smooth-TEK message: GDOI SA(SPI: spi) already exist.

处理GDOI组的平滑TEK信息：SPI为spi的GDOI SA已经存在

Updated GDOI IPsec SA to kernel successfully.

向内核更新GDOI IPsec SA成功

Smooth processing: Added GDOI IPsec SA (SPI=spi, index=index, sequence number=seq-num) successfully.

平滑处理：添加GDOI类型的IPsec SA成功（SPI为spi，索引为index，序列号为seq-num）

Started to smoothly process GDOI SA with IKE.

开始和IKE模块平滑GDOI SA

Finished smooth processing GDOI SA with IKE.

结束和IKE模块平滑GDOI SA

Smooth processing: Added GDOI SA entry successfully.

平滑处理：创建GDOI SA表项成功

Restored GDOI SP SA entry successfully.

恢复GDOI安全策略SA数据成功

Rebuilt group(name: GroupName) GDOI SP flow successfully.

重建组名为GroupName的组的GDOI安全策略流成功

Set GDOI outbound IPsec SA(index: index) to kernel successfully.

下发GDOI出方向索引为index的IPsec SA到内核成功

Smooth processing: Created GDOI SP SA entry successfully.

平滑处理：添加GDOI安全策略SA表项成功

Smooth processing: Added no context smooth GDOI SP SA entry successfully.

平滑处理：添加无上下文的GDOI安全策略SA成功

Started to smoothly process GDOI SP flow with IKE.

开始和IKE模块平滑GDOI安全策略流

Finished smooth processing GDOI SP flow with IKE.

和IKE模块平滑GDOI安全策略流结束

Started to smoothly process GDOI IPsec SA with IKE.

开始和IKE模块平滑GDOI IPsec SA

Finished smooth processing GDOI IPsec SA with IKE.

和IKE模块平滑GDOI IPsec SA结束

Added synchronization GDOI flow to kernel successfully.

下发同步GDOI流信息到内核成功

Deleted synchronization GDOI SP SA entry successfully.

删除同步GDOI安全策略SA表项成功

Created synchronization GDOI SP SA entry successfully.

创建同步GDOI安全策略SA表项成功

Added sync GDOI flow successfully.

添加同步的GDOI流成功

Deleted sync GDOI flow successfully..

删除同步的GDOI流成功

Added sync SA successfully.

添加同步SA成功

Processing GDOI synchronization message of switching SA(index: index): Switched SA successfully.

处理切换索引为index的GDOI同步消息：切换SA成功

Deleted sync SA (SPI: spi) successfully.

删除同步的SPI为spi的SA成功

Processing check group(name: GroupName) reference message successfully.

处理检查名为GroupName组的检查组引用信息时，发送消息成功

Packet will be sent to CCF for sync-encryption.

报文将被发送到CCF执行同步加密操作

Packet will be sent to CCF for sync-decryption

报文将被发送到CCF执行同步解密操作

Packet will be sent to CCF for asyn-encryption.

报文将被发送到CCF执行异步加密操作

Packet will be sent to CCF for asyn-decryption.

报文将被发送到CCF执行异步解密操作

Found SA with SPI spi.

已经找到SPI为spi的SA

Packet matches SP spid.

报文匹配SP，SP ID为spid.

Packet has been encrypted by SA whose SPI is spi.

报文已经被SPI为spi的SA加密

Packet has been decrypted by SA whose SPI is spi.

报文已经被SPI为spi的SA解密

ESP auth algorithm: auth, ESP encp algorithm: encp.

ESP采用的认证算法为auth，加密算法为encp

AH auth algorithm: auth

AH采用的认证算法为auth

Src : src Dst : dst SPI : spi

报文的源地址为，目的地址为，SPI值为spi

Received IPsec(AH) packet

入方向收到AH报文

Received IPsec(ESP) packet

入方向收到ESP报文

Received IPSec packet from fast forwarding

快转入方向收到IPsec报文

Sent routing protocol packet by IPsec

路由协议报文经由IPsec发送

Sent IPsec packet

报文经由IPsec发送

Sent packet by IPsec fast forwarding

报文经由IPsec快转发送

Added IP fast forwarding entry.

添加快转表项

Added IPv6 fast forwarding entry.

添加IPv6快转表项

Failed to find SA by SP.

根据SP找不到对应的SA

The packet is too big, mtu = mtu, packet len = len.

报文过大，MTU值为mtu，长度为len

The reason of dropping packet is reason.

报文被丢弃的原因为reason，包括以下几种：

·     Packet too long：报文太长

·     Invalid SPI：无效SPI

·     No available SA：找不到SA

·     No available IPsec tunnel：找不到IPsec隧道

·     Encryption failed：加密失败

·     Decryption failed：解密失败

·     Loop too many times：本机循环次数过多

·     ACL check failed：ACL检查失败

·     Address does not match with SA：报文地址与SA中的地址不匹配

·     Anti-replay sequence number reached the max：抗重放序号达到最大值

·     The encapsulation mode does not match：封装类型不匹配

·     Receive a ESP dummy packet：收到ESP保活报文

·     Memory alloc failed：内存分配失败

·     Packet length wrong：长度错误

·     Replayed packet：重放报文

·     Authentication failed：认证失败

·     Security protocol set of SA does not match：SA的安全协议组合与对端不匹配

Inbound IPsec AH processing: Authentication succeeded.

入方向IPsec AH处理：认证成功

Outbound IPsec AH processing: Authentication finished, anti-replay SN is sn .

出方向IPsec AH处理：认证完成，抗重放序号为sn

Inbound IPsec ESP processing: Decryption succeeded.

入方向IPsec ESP处理：解密成功

Outbound IPsec ESP processing: Encryption succeeded, anti-replay SN is sn.

出方向IPsec ESP处理：加密成功，抗重放序号为sn

Outbound IPsec processing: Sent packet back to IP forwarding.

出方向IPsec处理：将报文重新发送给IP转发

Inbound IPsec processing: Sent packet back to IP forwarding.

入方向IPsec处理：将报文重新发送给IP转发

Outbound IPsec processing: Sent packet back to IP forwarding for following process.

出方向IPsec处理：将报文返回转发继续处理后续业务

IPsec processing: Tunnel mode

采用隧道模式

IPsec processing: Transport mode

采用传输模式

Started outbound processing after CCF processing.

CCF处理后开始出方向处理

Started inbound processing after CCF processing.

CCF处理后开始入方向处理

Restored the original IP header during AH processing

AH处理过程中恢复原始IP头内容

Updated IV during ESP processing.

ESP处理过程中更新IV内容

Started outbound fast forwarding after CCF processing.

CCF处理后开始出方向快转处理

Started inbound fast forwarding after CCF processing.

CCF处理后开始入方向快转处理

Failed to find SA by SP.

根据SP查找SA失败

Outbound IPsec processing: Packet encapsulated successfully.

出方向IPsec处理：报文加封装处理成功

IPsec output processing for relay packet: flag=flag, data length=length

板间透传报文IPsec出方向处理：报文标记为flag，数据长度为length

Received a UDP fragment: src port=src-port, dst port=dst-port.

收到一个UDP分片报文（源端口号为src-port，目的端口号为dst-port）

Inbound IPsec GDOI processing: Sent packet back to IP forwarding.

入方向IPsec GDOI处理：将报文发送回IP转发处理

Received IPsec(ESP) packet: packet length=length

接收到ESP封装的IPsec报文，报文长度为length

Failed to find SA by SA index.

根据SA索引查找SA失败

Packet oversize: MTU=mtu, packet length=length.

报文过大, ，最大传输单元值为mtu，报文长度为length

Sent packet by GDOI fast forwarding

根据GDOI快转表发送报文

Outbound GDOI ESP forwarding processing: Encryption succeeded.

出方向GDOI的ESP报文转发处理：加封装成功

--- Sent GDOI packet ---

发送GDOI报文

--- Sent IPv6 GDOI packet by IPsec fast forwarding ---

通过IPsec快转发送IPv6 GDOI报文

--- Sent IPsec packet ---

发送IPsec报文

--- Sent IPv6 packet by IPsec fast forwarding ---

通过IPsec快转发送IPv6报文

Failed to prepare IPv6 packet

准备IPv6报文失败

MBUF relay sent to node LipNode.

消息透传至编号为LipNode的单板

FS MBUF relay sent to node LipNode.

快转消息透传至编号为LipNode的单板

Adding svti tunnel fast-forwarding cache.

正在添加SVTI隧道快转cache

Adding advpn/gre tunnel fast-forwarding cache.

正在添加ADVPN/GRE隧道快转cache

Failed to get SP: IPsec smooth not end.

获取SP失败，IPsec未平滑结束

Failed to get SP: IPsec process not running.

获取SP失败，IPsec进程未启动

Failed to find SP by index and sequence number.

通过index和SeqNum查找SP失败

Failed to get SP: Creating SA timed out.

获取SP时生成SA超时

Failed to get SP by interface: Target node not online.

通过普通接口获取SP时，目标接口板不在线

Failed to get interface when getting SP by mGRE.

按照mGRE方式获取SP时，获取接口失败

Failed to get SP by mGRE: Invalid interface type.

尝试按照mGRE方式获取SP失败，无效的接口类型

Failed to get SP by mGRE: No tunnel protection configuration.

尝试按照mGRE方式获取SP失败，缺少相关配置

Failed to get SP by mGRE: profile profile not found.

尝试按照mGRE方式获取SP失败，未找到profile profile

Failed to get SP by mGRE: wrong profile type.

尝试按照mGRE方式获取SP失败，profile类型错误

Failed to find profile SP by profile profile when getting SP by mgre.

按照mGRE方式获取SP时，通过profile profile查找SP失败

Failed to get SP by mGRE: SP type not ISAKMP.

尝试按照mGRE方式获取SP失败，SP不是IKE方式的

Failed to get SP by mGRE.

尝试按照mGRE方式获取SP失败

Failed to get SP by SVTI: invalid interface type.

尝试按照SVTI方式获取SP失败，无效的接口类型

Failed to get SP by SVTI: no tunnel protection configuration.

尝试按照SVTI方式获取SP失败，缺少相关配置

Failed to get SP by SVTI: profile profile not found.

尝试按照SVTI方式获取SP失败，未找到profile profile

Failed to get SP by SVTI: wrong type of profile profile.

尝试按照SVTI方式获取SP失败，profile profile类型错误

Failed to find profile SP by profile profile when getting SP by svti.

按照SVTI方式获取SP时，通过profile profile查找SP失败

Failed to get SP by SVTI: SP type not ISAKMP.

尝试按照SVTI方式获取SP失败，SP不是IKE方式的

Failed to match SVTI flow: IKE profile not match.

匹配SVTI流失败，IKE profile不匹配

Failed to match SVTI flow: flow not match with ACL.

匹配SVTI流失败，匹配ACL失败

Failed to get interface data when getting SP by L3 interface.

通过三层口获取SP时，获取接口数据失败

Failed to get SP by L3 interface: no SP entry found by key.

尝试通过三层口获取SP失败，根据SP ENTRY KEY找不到SP ENTRY

Failed to get SP by L3 interface: no source interface SP entry found by key.

尝试通过三层口获取SP失败，根据共享源接口的SP ENTRY KEY找不到SP ENTRY

Failed to match SP when getting SP by L3 interface: SP's mode not ISAKMP.

通过三层口获取SP时，匹配SP失败，SP不是IKE方式的

Failed to match SP when getting SP by L3 interface: SP negotiation not complete.

通过三层口获取SP时，匹配SP失败，SP未协商完成

Rejected peer's request of any flow: SP's mode was ISAKMP template and no ACL was specified.

IKE模板方式且未配置ACL，任意流不触发协商

Failed to match SP when getting SP by L3 interface: Could not find policy by SP.

通过三层口获取SP时，匹配SP失败，通过SP找不到policy

Failed to match profile: IKE profile was profile1 while IPsec used profile profile2.

匹配profile失败，profile profile1和profile profile2

Failed to match flow: ACL not match.

匹配流失败，ACL不匹配

Failed to match flow: renegotiation SP's index or sequence number changed.

匹配流失败，重协商SP的index或sequence num有变化

SP SP-ID is not complete.

SP SP-ID不完整

Failed to get SP (SP ID=SP-ID): Local address not match (SP's address=address1, phase 2 policy's address=address2).

获取SP SP-ID时，Local地址不匹配，SP携带的地址是address1，二阶段policy的地址是address2

Failed to get SP (SP ID=SP-ID): Remote address not exist (hostname=hostname).

获取SP时，对端地址不存在

Failed to get SP (SP ID=SP-ID): Remote address not match (SP's address=address1, phase 2 policy's address=address2).

获取SP时，对端地址不匹配

Failed to match SP when getting SP by L3 interface: no transform-set in SP.

通过三层口获取SP时，匹配SP失败，SP中没有transform-set

Failed to create larval SA when getting SP by L3 interface.

通过三层口获取SP时，创建larval SA失败

Failed to get SP matching ACL.

获取匹配ACL的SP失败

Failed to verify the peer signature.

对端签名验证失败

HASH payload is missing.

未在IKE报文中找到HASH载荷

Failed to verify the peer HASH.

对端HASH验证失败

Signature payload is missing.

未在IKE报文中找到签名载荷

Invalid SPI length (length) in DPD packet.

DPD报文中的SPI长度无效，长度为length

Invalid I-Cookie in DPD packet: I-Cookie

DPD报文中的I-Cookie无效，I-Cookie的值为I-Cookie

Invalid R-Cookie in DPD packet: R-Cookie

DPD报文：R-Cookie无效，R-Cookie的值为R-Cookie

The length (length) of DPD sequence number is invalid.

DPD序列号的长度无效，长度为length

Invalid DPD sequence number (number).

DPD序列号无效，序列号的值为number

DPD packet retransmission timed out.

DPD报文的重传已超时

Invalid IPv4 address length (length).

无效的IPv4地址长度，长度为length

Invalid IPv6 address length (length).

无效的IPv6地址长度，长度为length

Invalid ID of IPv4 address type: ID-IPv4

IPv4地址类型的身份无效，身份的值为ID-IPv4

Invalid ID of IPv6 address type: ID-IPv6

IPv6地址类型的身份无效，身份的值为ID-IPv6

Invalid FQDN ID length (length).

FQDN类型的身份长度无效，长度为length

Invalid user FQDN ID length (length).

User FQDN类型的长度身份无效，长度为length

Failed to get DN because the certificate doesn't exist.

获取DN失败，因为证书不存在

Failed to get ID data for constructing ID payload.

构造ID载荷时获取ID数据失败

Invalid ID payload with protocol protocol-number and port port-number.

无效的ID载荷，ID载荷中的协议号为protocol-number，端口号为port-number

Invalid ID type (ID-type).

身份类型无效，身份类型值为ID-type

Failed to find proposal proposal-number in profile profile-name.

在名称为profile-name的IKE profile中没有找到编号为proposal-number的proposal

Failed to verify HASH for informational exchange.

验证informational exchange报文中的HASH失败

Failed to construct delete payload.

构造delete载荷失败

Invalid SPI length.

SPI长度无效

Protocol ID (ID) in delete payload is invalid.

delete载荷中的协议ID无效，协议号为ID

KE payload doesn’t exist.

KE载荷不存在

Invalid KE payload length (length).

KE载荷的长度无效，长度为length

Failed to construct notification payload for keepalive.

发送keepalive报文时构造notification载荷失败

Length (length) of the sequence number in keepalive packet is invalid.

Keepalive报文中的序列号长度无效，长度为length

Length (length) of the HASH payload in keepalive packet is invalid.

Keepalive报文中的HASH载荷长度无效，长度为length

Failed to calculate HASH for verification of keepalive packet.

验证keepalive报文时，本端计算HASH失败

Failed to add sequence number to keepalive packet.

构造keepalive报文时，添加序列号失败

Failed to calculate HASH for keepalive.

构造keepalive报文时，计算HASH失败

Failed to float port.

切换端口失败

Length (length) of the nonce payload is invalid.

Nonce载荷的长度无效，长度为length

Failed to parse the certificate request payload.

解析证书请求载荷失败

No available proposal.

没有找到可用的proposal

Failed to get certificate.

获取证书失败

Failed to get private key.

获取私钥失败

Failed to construct ID payload.

构造IPsec身份载荷失败

Failed to calculate hash-name.

计算HASH失败，HASH名称为hash-name

Failed to validate hash-name.

验证HASH失败，HASH名称为hash-name

Failed to compute key material.

计算密钥材料失败

Failed to install IPsec SA.

安装IPsec SA失败

The nonce payload doesn't exist.

Nonce载荷不存在

The KE payload doesn't exist.

KE载荷不存在

No valid DH group description in SA payload.

SA载荷中没有有效的DH group

There are too many KE payloads.

KE载荷太多，

The length of the KE payload does't match the DH group description.

KE载荷的长度和用于PFS的DH group描述不匹配

Failed to construct NAT-OA payload.

构造NAT-OA载荷失败

Failed to construct RESPONDER_LIFETIME payload.

构造RESPONDER_LIFETIME载荷失败

Failed to construct KE payload.

构造KE载荷失败

Failed to pad for encryption.

加密报文前的填充失败

Failed to send data. Reason: error-reason.

发送报文失败，错误原因为error-reason

No enough space in the packet for Non-ESP marker.

报文超大，不能添加Non-ESP标记

Failed to decrypt the packet.

解密报文失败

Non-zero message ID (Message-ID) in phase 1.

一阶段的Message ID不为0，其值为Message-ID

I-Cookie must not be zero.

I-Cookie不能为0

The first packet of phase 1 is invalid: Encryption bit is set.

一阶段的第一条报文无效：报文的加密标识为已使能

The first packet of phase 1 is invalid: Non-zero R-Cookie.

一阶段的第一条报文无效：报文的R-Cookie不为0

Failed to parse phase 1 packet. Reason reason.

解析一阶段的IKE报文失败，原因为reason，可能的取值包括：

·     INVALID_PAYLOAD_TYPE：载荷类型无效

·     DOI_NOT_SUPPORTED：不支持的DOI字段

·     SITUATION_NOT_SUPPORTED：不支持的situation字段

·     INVALID_COOKIE：cookie无效

·     INVALID_MAJOR_VERSION：主版本号无效

·     INVALID_MINOR_VERSION：次版本号无效

·     INVALID_EXCHANGE_TYPE：交换类型无效

·     INVALID_FLAGS：标识无效

·     INVALID_MESSAGE_ID：message ID无效

·     INVALID_PROTOCOL_ID：提议号无效

·     INVALID_SPI：SPI无效

·     INVALID_TRANSFORM_ID：transform ID无效

·     ATTRIBUTES_NOT_SUPPORTED：不支持的属性

·     NO_PROPOSAL_CHOSEN：没有匹配的提议

·     BAD_PROPOSAL_SYNTAX：提议语法错误

·     PAYLOAD_MALFORMED：载荷格式错误

·     INVALID_KEY_INFORMATION：密钥信息无效

·     INVALID_ID_INFORMATION：身份无效

·     INVALID_CERT_ENCODING：证书编码无效

·     INVALID_CERTIFICATE：证书无效

·     CERT_TYPE_UNSUPPORTED：不支持的证书类型

·     INVALID_CERT_AUTHORITY：证书认证失败

·     INVALID_HASH_INFORMATION：HASH无效

·     AUTHENTICATION_FAILED：认证失败

·     INVALID_SIGNATURE：签名无效

·     ADDRESS_NOTIFICATION：地址通知

·     NOTIFY_SA_LIFETIME：SA生命周期通知

·     CERTIFICATE_UNAVAILABLE：证书不可用

·     UNSUPPORTED_EXCHANGE_TYPE：不支持的交换类型

·     UNEQUAL_PAYLOAD_LENGTHS：载荷长度不相等

The packet is dropped because of not being encrypted

丢弃报文，因为报文没有加密

Failed to parse informational exchange packet. Reason reason.

解析informational exchange报文失败，原因是reason

reason取值同上

Failed to parse keepalive packet because of reason.

解析keepalive报文失败，原因是reason

reason取值同上

Unsupported exchange type (type) in packet.

不支持的交换类型type，取值包括：

·     None：不存在的交换类型

·     Base：基础交换类型

·     Main：主模式交换类型

·     AO：Authenticaton Only交换类型

·     Aggressive：野蛮模式交换类型

·     Info：infomational exchange交换类型

·     Mode cfg：配置模式交换类型

Invalid Non-ESP marker: marker.

无效的Non-ESP标识：marker

The received packet is too short, which is length bytes.

收到报文的长度太小，长度为length

Failed to receive packet.

接收报文失败

Failed to bind UDP port port-number. Reason: reason.

绑定UDP端口失败，端口号为port-number，错误原因为reason

Failed to set UDP port port-number. Reason: reason.

设置UDP端口失败，端口号为port-number，错误原因为reason

Failed to add UDP port port-number to epoll.

添加UDP端口到epoll失败，端口号为：port-number

Failed to initiate UDP port port-number. Error code: error-number.

初始化UDP端口失败，端口号为port-number，错误码为error-number

byte-numberth byte of the structure struct-name must be 0.

结构struct-name的第byte-number个字节必须为0

Field-name of struct-name has an unknown value: value.

结构struct-name的域field-name的值value无效

field-name of struct-name has unknown members.

结构struct-name的域field-name包含未知的成员

No enough bytes to get data2 from data1.

没有足够的空间来保存从数据data1中获取的数据data2

No enough space in output packet for struct-name.

报文中没有足够的空间用于保存结构struct-name

No enough space to place length bytes of data-name in struct-name.

结构struct-name中没有足够的空间用于保存length字节的数据

No enough space to place data-name in struct-name.

结构struct-name中没有足够的空间保存数据data-name

Failed to add the HASH payload.

添加HASH载荷失败

Ignored the certificate request of type type-id.

忽略证书请求，证书请求的类型为type-id

Failed to get the certificate and key by certificate request.

根据证书请求获取证书和密钥失败

Failed to verify the peer certificate. Reason: error-string.

验证对端证书失败，错误原因为error-string

Failed to find keychain keychain-name in profile profile-name.

在IKE profile profile-name中查找keychain keychain-name失败

Failed to create IKE SA with core data.

根据核心数据创建一阶段SA失败

Failed to create IPsec SA with core data.

根据核心数据创建二阶段SA失败

Failed to receive smooth SA ACK from IPsec.

从IPsec接收SA平滑处理的应答失败

Number of negotiating IKE SAs exceeded the limit.

正在协商的IKE SA的数目超出限制

Number of established IKE SAs exceeded the limit.

已经建立的IKE SA的数目超出限制

Attribute attribute-name is repeated.

属性重复，属性名称为attribute-name

Failed to construct situation.

构造situaton字段失败

Failed to construct proposal payload.

构造proposal载荷失败

Failed to construct transform payload.

构造transform载荷失败

Failed to construct attributes.

构造属性失败

Unsupported DOI doi

不支持的DOI doi

Proposal payload must be the last payload in SA payload, but payload-name payload is found following proposal payload.

proposal载荷必须是SA载荷中的最后一个载荷，但在proposal载荷之后还有payload-name载荷

Unexpected protocol ID (ID-type) found in proposal payload.

proposal载荷中的协议ID无效，协议ID号为ID-type

Invalid SPI length (SPI-length) in proposal payload.

proposal载荷中的SPI长度无效

No transform payload in proposal payload.

proposal载荷中没有transform载荷

Transform number is not monotonically increasing.

Transform号不是单调递增的

Invalid transform ID: id.

无效的transform ID：id

No acceptable transform.

没有可以接受的transform

Unexpected payload-name payload in proposal.

proposal载荷中有不期望出现的载荷payload-name

Only one transform is permitted in one proposal, but trans-count transforms are found.

在选中的proposal载荷中只允许有一个transform，但实际有trans-count个

Failed to parse the IKE SA payload.

解析IKE SA载荷失败

Proposal payload has more transforms than specified in the proposal payload.

proposal载荷中的transform载荷数量比proposal载荷中指定的数量多

Proposal payload has fewer transforms than specified in the proposal payload.

proposal载荷中的transform载荷数量比proposal载荷中指定的数量少

Invalid next payload (payload-type) in transform payload.

transform载荷中的next payload字段无效，载荷类型为payload-type

SA_LIFE_TYPE attribute must be in front of the SA_LIFE_DURATION attribute.

SA_LIFE_TYPE属性必须在SA_LIFE_DURATION属性前面

Attribute attribute-type is repeated in IPsec transform trans-number.

属性类型为的attribute-type属性在IPsec transform中重复，transform号为trans-number

SA_LIFE_TYPE attribute is repeated in packet.

属性SA_LIFE_TYPE在报文中重复

Unsupported IPsec attribute attribute.

不支持的IPsec属性attribute

SA_LIFE_TYPE IPsec attribute not followed by SA_LIFE_DURATION attribute in message.

报文中的IPsec属性SA_LIFE_TYPE后面没有SA_LIFE_DURATION属性

Encapsulation mode must be specified in IPsec transform.

IPsec transform中必须指定封装模式

AUTH_ALGORITHM attribute is missing in AH transform.

在AH协议的transform中没有AUTH_ALGORITHM属性

Transform ID (id) in transform trans-number doesn't match authentication algorithm auth-algo-name (auth-algo-value).

transform中的transform ID和认证算法不匹配，transform号为trans-number，transform ID为id，认证算法为auth-algo-name，其值为auth-algo-value

Neither encryption algorithm nor authentication algorithm is specified in ESP proposal, which is not permitted.

ESP proposal中既没有加密算法也没有认证算法，这是不允许的

Unsupported ESP transform.

不支持的ESP transform

Unsupported ESP authentication algorithm.

不支持的ESP认证算法

IPsec proposal with improper SPI size (size).

IPsec proposal中的SPI大小错误，SPI大小为size

IPsec proposal contains invalid SPI (SPI).

IPsec proposal中的SPI无效，其值为SPI

Failed to get SPI from IPsec proposal.

从IPsec proposal中获取SPI失败

No transform in IPsec proposal.

IPsec proposal中没有transform

SA payload contains more than one AH proposal with the same proposal number.

SA载荷中有多个AH协议的proposal对应同一个proposal号

SA payload contains more than one ESP proposal with the same proposal number.

SA载荷中有多个ESP协议的proposal对应同一个proposal号

Invalid next payload (payload-type-num) in proposal.

Proposal载荷中的next payload字段无效，其类型值为payload-type-num

Unsupported IPsec DOI situation (situation-num).

不支持的IPsec DOI situation，其类型值为situation-num

Invalid IPsec proposal proposal-number.

无效的IPsec proposal，proposal号为proposal-number

Failed to get IPsec policy when renegotiating IPsec SA. Delete IPsec SA.

在重协商IPsec SA时获取IPsec策略失败，删除 IPsec SA

Failed to get IPsec policy for phase 2 responder. Delete IPsec SA.

作为二阶段协商的响应方时，获取IPsec策略失败，删除IPsec SA

No HASH in notification payload.

在notification载荷中没有HASH

Failed to send message to IPsec when getting SPI.

获取SPI时向IPsec发消息失败

Failed to send message to IPsec when adding SA.

添加SA时向IPsec发消息失败

Failed to send message to IPsec when deleting SA.

删除SA时向IPsec发消息失败

Failed to send message to IPsec when getting SP.

获取SP时向IPsec发消息失败

Failed to send message to IPsec when adding DPD.

添加DPD时向IPsec发消息失败

Failed to send message to IPsec when updating DPD.

升级DPD时向IPsec发消息失败

Failed to send message to IPsec when deleting DPD.

删除DPD时向IPsec发消息失败

Failed to send message to IPsec when switching SA.

切换SA时向IPsec发消息失败

Failed to negotiate IKE SA.

协商IKE SA失败

Failed to negotiate IPsec SA.

协商IPsec SA失败

Errstring. Attribute attribute-name.

错误原因为errstring。相关的属性名称为attribute-name

Errstring的内容包括：

·     Unsupported encryption algorithm: enc-alg：不支持的加密算法enc-alg

·     Unsupported HASH algorithm: hash-alg：不支持的HASH算法hash-alg

·     Unsupported authentication method: auth-meth：不支持的认证方法auth-meth

·     Unsupported DH group: group-name：不支持的DH group group-name

·     Unsupported lifetime type: lifetime-type：不支持的生命周期类型lifetime-type

·     OAKLEY_LIFE_DURATION attribute not preceded by OAKLEY_LIFE_TYPE attribute.：OAKLEY_LIFE_DURATION属性没有在OAKLEY_LIFE_TYPE属性之前

·     OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute：OAKLEY_KEY_LENGTH属性没有在OAKLEY_ENCRYPTION_ALGORITHM属性之前

·     OAKLEY_KEY_LENGTH attribute not match OAKLEY_ENCRYPTION_ALGORITHM.：OAKLEY_KEY_LENGTH属性和OAKLEY_ENCRYPTION_ALGORITHM属性不匹配

·     Failed to get encryption algorithm：获取加密算法失败

·     Unsupported OAKLEY attribute attribute：不支持的OAKLEY属性attribute

Failed to match the proposal.

匹配proposal失败

Received invalid SPI message from IPsec, but no IKE SA exists.

收到IPsec的invalid SPI消息，但是没有IKE SA

Failed to get subject name from certificate.

从证书中获取主题名失败

Failed to get local certificate.

获取本地证书失败

Failed to send notification packet for deleting IPsec SA, because of no corresponding IKE SA.

删除IPsec SA时发送notification报文失败，因为没有找到对应的IKE SA

Failed to construct certificate request payload.

构造证书请求载荷失败

Unsupported attribute attribute-type.

不支持的属性，属性类型为attribute-type

Invalid major version(version).

主版本号无效，主版本号为version

Constructed SA payload.

构造SA载荷

Failed to get UDP socket.

获取UDP socket失败

Failed to parse the Cert Request payload.

解析证书请求消息失败

No available proposal.

没有可用的安全提议

Obtained profile ProfileName.

获取到名为ProfileName的安全profile

Deleted GDOI GM IKE SA.

删除GDOI GM IKE SA

Signature verification succeeded.

验证签名成功

HASH verification succeeded.

验证HASH成功

Delete IPsec SAs.

删除IPsecSA

Delete IKE SA with connection ID id.

删除IKE SA，connection ID为id

Update DPD configuration in IKE SA.

更新一阶段SA中的DPD配置

Notify IPsec to add DPD.

通知IPsec添加DPD

Notify IPsec to delete DPD.

通知IPsec删除DPD

Notify IPsec to update DPD.

通知IPsec更新DPD

Process interface interface-type interface-num active event.

处理接口激活事件，接口名为interface-type interface-num

Process interface interface-name deactive event.

处理接口去激活事件，接口名为interface-type interface-num

Process interface interface-name delete event.

处理接口删除事件，接口名为interface-type interface-num

The board chassis chassis-num slot slot-num is inserted.

单板插入chassic-number号成员设备的slot-number号槽位中

Protocol/port in phase 1 ID payload is protocol-number/port-number, which is acceptable.

一阶段ID载荷中的协议号/端口号为protocol-number/port-number，它们是可接受的

Begin to construct IPsec SA delete packet.

开始构造二阶段SA delete报文

Delete IKE SA with connection ID id.

删除一阶段SA，connection ID为id

Received IPsec SA delete packet.

收到二阶段SA delete报文

Process delete payload.

处理delete载荷

Ignore delete payload: packet not encrypted or IKE SA not established.

忽略delete载荷：报文没有加密或者一阶段SA没有建立

Received SA acquire message from IPsec.

收到IPsec的SA请求消息

Received IPsec capability.

收到IPsec规格

Received smooth IPsec SA ACK.

收到平滑IPsec SA的应答

IKE keepalive timed out. Delete IKE SA with connection ID id.

IKE Keepalive定时器超时，删除一阶段SA，connection ID为id

Reset IKE keepalive timeout timer. New time value is time

重置IKE Keepalive超时定时器，新的时间值为time

I am behind NAT.

我在NAT设备之后

Peer is behind NAT.

对端在NAT设备之后

No need to float port.

不需要切换端口

Float port to local port local-port and remote port remote-port

切换端口，本端端口为local-port，对端端口为remote-port

Sending DPD packet of type type with sequence number seq-no.

发送type类型的DPD报文，序列号为seq-no

Delete IKE SA by received notification.

根据错误通知报文删除一阶段SA

INITIAL-CONTACT message is dropped because of not being encrypted.

INITIAL-CONTACT未加密，丢弃它

Delete redundant SA.

删除多余的SA

Length (length) of notification packet is invalid.

notification报文的长度无效，长度为length

Protocol-ID (ID) of notification packet is unsupported.

不支持notification报文中的协议号：ID

Notification notification-name is received.

收到通知报文notification-name

Inbound flow: dst-addr->src-addr

入方向流量：目的地址->源地址

Outbound flow: src-addr->dst-addr

出方向流量：源地址->目的地址

Validated hash-name successfully.

验证HASH成功，HASH名称为hash-name

Getting IPsec message timed out. Delete IPsec SA.

获取IPsec消息超时，删除二阶段SA

Protocol: protocol

安全协议为protocol（AH或ESP）

Inbound SPI: in-spi

入方向SPI值为in-spi

Outbound SPI: out-spi

出方向SPI值为out-spi

Install IPsec SAs.

下发IPsec SA

Lifetime in seconds: seconds

SA的生命周期为seconds秒

Lifetime in kilobytes: bytes

SA的生命周期为bytes字节

Phase 2 Exchange chooses role: Local is initiator.

二阶段协商选择角色：本端为发起方

Phase 2 Exchange chooses role: Local is responder.

二阶段协商选择角色：本端为响应方

Begin Quick mode exchange.

开始进行快速模式协商过程

No enough space to send packet.

没有足够的空间来发送报文

Retransmittion of phase 1 packet timed out.

重传一阶段报文超时

Ignore phase 1 packet retransmit timeout event.

忽略一阶段报文重传超时事件

Retransmittion of  phase 2 packet timed out.

重传二阶段报文超时

Ignore phase 2 packet retransmit timeout event.

忽略二阶段报文重传超时事件

Phase 1 Exchange chooses role: Local is initiator.

一阶段协商选择角色：本端为发起方

Phase 1 Exchange chooses role: Local is responder.

一阶段协商选择角色：本端为响应方

Phase 1 packet is malformed: Not starting with an SA payload.

一阶段报文格式错误：没有以SA载荷开始

Phase2 packet is malformed: Not starting with an HASH payload.

二阶段报文格式错误：没有以HASH载荷开始

Quick mode packet is received, but IKE SA does not exist.

收到快速模式的报文，但一阶段SA不存在

Quick mode packet is received, but IKE SA is incomplete.

收到快速模式的报文，但一阶段SA不完整

Ignored delete SA payload because the IKE SA is not established.

忽略删除SA的报文，因为IKE SA不存在

Ignored delete SA payload because the packet is not encrypted.

忽略删除SA的报文，因为报文没有加密

Received informational exchange packet, but IKE SA is inexistent or incomplete.

收到information exchange报文，但是一阶段SA不存在或者不完整

Received keepalive packet, but IKE SA is not existed.

收到IKE keepaclive报文，但是一阶段SA不存在

Received keepalive packet, but it is not encrypted.

收到IKE keepaclive报文，但是它没有加密

Received keepalive packet, but IKE SA is incomplete.

收到IKE keepaclive报文，但是一阶段SA不完整

Ignore NAT keepalive packet.

忽略NAT keepalive报文

Initialize UDP port.

初始化UDP端口

PKI data had been changed.

PKI数据已经有所变化

Found pre-shared key that matches address address in keychain keychain-name.

在keychain keychain-name中找到了预共享密钥，该预共享密钥与地址address匹配

Pre-shared key matching address address not found.

根据地址address无法找到匹配的预共享密钥

Found keychain keychain-name in profile profile-name successfully.

成功在IKE profile profile-name中找到keychain keychain-name

Get profile profile-name.

获取IKE profile profile-name

Initiator created an SA for peer address, local port local-port, remote port remote-port.

发起方创建SA，对端地址为address，本端端口为local-port，对端端口为remote-port

Set IKE SA state to state-name.

设置一阶段SA状态为state-name

IKE SA state changed from state1 to state2.

一阶段SA状态从state1转换到state2

Set IPsec SA state to state-name.

设置二阶段SA状态为state-name

IPsec SA state changed from state1 to state2.

二阶段SA状态从state1转换到state2

Responder created an SA for peer address, local port local-port, remote port remote-port.

发起方创建SA，对端地址为address，本端端口为local-port，对端端口为remote-port

Delete IPsec SA.

删除二阶段SA

Oakley transform trans-number is acceptable.

Oakley transform是可接受的，transform号为trans-number

Begin mode mode exchange.

开始mode模式的IKE协商

IKE SA not found. Initiate IKE SA negotiation.

没有一阶段SA，发起一阶段SA的协商

IKE SA is prepared for renegotiation.

一阶段SA已经准备好进行重协商

IKE SA is expired.

一阶段SA生命周期到达

Renegotiation has already started for this IKE SA.

该IKE SA的重协商已经开始

IKE SA with connection ID connection-id has expired, and it will be deleted.

一阶段SA生命周期到达，将其删除，connection ID为connection-id

IPsec SA is being negotiated.

二阶段SA正在协商

IPsec SA has expired and will be deleted.

生命周期到达，删除二阶段SA

IKE thread thread-id processes a job.

IKE线程thread-id处理一个job

IKE thread thread-id processes a CTL-Queue msg.

IKE线程thread-id处理一个控制队列消息

Vendor ID verdor-id is matched.

匹配上vendor ID verdor-id

No vendor ID is matched.

没有匹配的verdor ID

IKE SA is soft expired(Timer handle: %u, Icookie: %s), renegotiate IKE SA.

IKE SA时间软超时，将发起重协商

IKE SA is soft expired(Timer handle: %u, Icookie: %s), no need to renegotiate IKE SA.

IKE SA时间软超时，无需发起重协商

IPsec SA is soft expired(timer handle:%u, message ID: 0x%x), will be renegotiated.

IPsec SA时间软超时，将发起重协商

IPsec SA is soft expired(timer handle:%u, message ID: 0x%x), no need to renegotiate.

IPsec SA时间软超时，无需发起重协商

IPsec SA is traffic expired(SPI:%u), will be renegotiated.

IPsec SA流量软超时，将发起重协商

IPsec SA is traffic expired(SPI:%u), no need to renegotiate.

IPsec SA流量软超时，无需发起重协商

Succeed to set responder-only flag for P1SA.

成功设置一阶段SA的responder-only标识

Succeed to set responder-only flag for P2SA.

成功设置二阶段SA的responder-only标识

Construct authentication data by pre-shared key.

根据预共享密钥生成认证数据

Verify HASH payload.

验证HASH载荷

Construct authentication data by private key.

根据私钥生成认证数据

Verify signature payload.

验证签名载荷

DPD packet with sequence number sequence-number is received.

收到DPD报文，序列号为：sequence-number

Retransmit DPD packet.

重传DPD报文

Peer ID value: address address.

对端ID值：地址address

Peer ID value: FQDN fqdn.

对端ID值：FQDN fqdn

Peer ID value: User FQDN user-fqdn.

对端ID值：User FQDN user-fqdn

Peer ID value: DN DN-value

对端ID值：DN，DN的内容为DN-value

Peer ID type: ID-type (value).

对端ID类型：ID-type，类型的值为value

Local ID type: ID-type (value).

本端ID类型：ID-type，类型的值为value

Local ID value: ID-value.

本端ID值：ID-value

Construct ID payload.

构造ID载荷

The profile profile-name is matched.

匹配到profile为profile-name

No profile is matched.

没有匹配到profile

Process ID payload.

处理ID载荷

Construct notification packet: notification-type.

构造notification报文：notification-type

Construct delete payload.

构造delete载荷

The phase 1 delete packet is received.

收到一阶段delete报文

The cookies' length (length) is invalid.

Cookies的长度length无效

Construct KE payload.

构造KE载荷

Process KE payload.

处理KE载荷

Send keepalive packet with sequence number sequence-number.

发送IKE keepalive报文，序列号为sequence-number

Process keepalive packet with sequence number sequence-number.

处理IKE keepalive报文，序列号为sequence-number

Construct NAT-D payload.

构造NAT-D载荷

Received count NAT-D payloads.

收到NAT-D载荷，数量为count

Construct NONCE payload.

构造NONCE载荷

Process NONCE payload.

处理NONCE载荷

Construct INITIAL-CONTACT payload.

构造INITIAL-CONTACT载荷

Construct SA payload.

构造SA载荷

Construct IPsec ID payload.

构造IPsec ID载荷

Process HASH payload.

处理HASH载荷

Construct IPsec SA payload.

构造IPsec SA载荷

Construct HASH(3) payload.

构造HASH(3)载荷

Process IPsec ID payload.

处理IPsec ID载荷

Construct NAT-OA payload.

构造NAT-OA载荷

Process NAT-OA payload: address.

处理NAT-OA载荷，地址为address

Received count NAT-OA payloads.

收到NAT-OA载荷，数量为count

Construct IPsec RESPONDER_LIFETIME payload.

构造IPsec RESPONDER_LIFETIME载荷

Construct HASH(1) payload.

构造HASH(1)载荷

Collision of phase 2 negotiation is found.

二阶段协商发生碰撞

Construct HASH(2) payload.

构造HASH(2)载荷

I-Cookie: icookie

R-Cookie: rcookie

next payload: next-payload

version: version

exchange mode: mode

flags: [flag]

message ID: mid

length: length

·     发起方cookie：icookie

·     响应方cookie：rcookie

·     下一个载荷：next-payload

·     ISAKMP版本：version

·     协商模式：mode

·     标识为：flag

·     Message ID：mid

·     报文长度：length

Encrypt the packet.

对报文进行加密

Received payload-name.

收到载荷payload-name

Sending packet to address, remote port remote-port, local port local-port.

发送报文到地址address，对端端口号为remote-port，本端端口号为local-port

Sending an IPv4 packet.

发送一个IPv4报文

Sending an IPv6 packet.

发送一个IPv6报文

Retransmit phase 1 packet.

重传一阶段报文

Retransmit phase 2 packet.

重传二阶段报文

Retransmit in response to duplicate packet.

针对对端重发的报文，重传对应的响应报文

Discard duplicate packet because of exhausted retransmission.

本端重传次数已达到最大，不再响应该重复的报文，将其丢弃

Discard duplicate packet with no response.

丢弃对端重复发送的报文，不进行响应

Collision of phase 1 negotiation is found.

一阶段协商发生碰撞

Decrypt the packet.

对报文进行解密

Begin a new phase 1 negotiation as responder.

作为响应方，开始加入一个新的一阶段协商过程

Parse informational exchange packet successfully.

成功解析informational exchange报文

Received packet from address source port source-port destination port des-port.

收到的来自address的报文，源端口为source-port，目的端口为des-port

Skipping length raw bytes of name1 to get name2.

跳过载荷name1的length字节，去获取下一个载荷name2

Add certificate request payload subjectname.

添加证书请求载荷，主题名为subjectname

Construct certificate request payload.

构造证书请求载荷

Received certificate request payload that contains issuer name issuer-name.

收到证书请求载荷，签发者名为issuer-name

Process certificate request payload.

处理证书请求载荷

The certificate request payload is empty.

证书请求载荷是空的

Construct certificate payload.

构造证书载荷

The profile profile-name is matched by remote certificate.

通过对端证书匹配到一个IKE profile profile-name

Process certificate payload.

处理证书载荷

Encryption algorithm is enc-algo.

加密算法为enc-algo

HASH algorithm is hash-algo.

HASH算法为hash-algo

Authentication method is auth-method.

认证方法为auth-method

DH group is group.

DH group为group

Lifetime type is type.

生命周期类型为type，type值为：

·     in seconds：时间生命周期

·     in kilobytes：字节生命周期

Life duration is value.

生命周期为value

Key length is length bytes.

密钥长度为length字节

Check ISAKMP transform trans-number.

检查ISAKMP transform，transform号为trans-number

Attributes is acceptable.

属性是可接受的

Construct transfrom payload for transform trans-number.

构造transform载荷，transform号为trans-number

Encapsulation mode is mode.

封装模式为mode，mode取值包括：

·     Tunnel：隧道模式

·     Transport：传输模式

·     Tunnel-UDP：UDP封装的隧道模式

·     Transport-UDP：UDP封装的传输模式

Set attributes according to phase 2 transform.

根据二阶段transform设置属性

Transform ID is id.

Transform ID为id

Construct transform 1.

构造transform 1

Construct IPsec proposal proposal-number.

构造IPsec proposal，proposal号为proposal-number

Parse transform trans-number.

解析transform，transform号为trans-number

The SA_LIFE_TYPE attribute is repeated in packet.

SA_LIFE_TYPE属性在报文中重复

Number of key rounds is round.

密钥轮数为round

Process IPsec SA payload.

处理IPsec SA载荷

The attributes are unacceptable.

属性不可接受

Construct vid-name vendor ID payload.

构造vendor id载荷，vendor ID名称为vid-name

Process vendor ID payload.

处理vendor ID载荷

HASH:value

HASH为value

SKEYID:value

SKEYID为value

Extended Skeyid_e:value

扩展的Skeyid_e为value

Local generated new IV: value

本地新生成的IV为value

SKEYID_a: value

SKEYID_a为value

SKEYID_d: value

SKEYID_d为value

SKEYID_e: value

SKEYID_e为value

Encrypt IV: value

加密IV为value

Encryption generated new IV: value

加密新生成的IV为value

Decrypt IV: value

解密IV为value

Remote new IV: value

对端新IV为value

The proposal is acceptable.

提议是可以接受的

The proposal is unacceptable.

提议是不能接受的

Invalid I-Cookie in DPD packet: I-Cookie

DPD报文中的I-Cookie无效，I-Cookie的值为I-Cookie

Invalid R-Cookie in DPD packet: R-Cookie

DPD报文中的R-Cookie无效，R-Cookie的值为R-Cookie

DPD packet with sequence number seq-no is received.

收到序列号为seq-no的DPD报文

Retransmit DPD packet.

重传DPD报文

Send keepalive packet with sequence number sequence number.

发送序号为sequence number的keepalive报文。

Sending packet to address,remote port remote-port,local port local-port.

发送报文到地址address，对端端口号为remote-port，本端端口号为local-port

Sending packet to address,remote port remote-port,local port local-port.

发送报文到地址address，对端端口号为remote-port，本端端口号为local-port

Authorization failed.

IKEv2获取AAA授权属性失败

Failed to allocate PAM handle to user user-name.

IKEv2获取AAA PAM句柄失败

Invalid major version version.

IKEv2报文中主版本号错误

The address pool overlaps with an existing address pool.

新配置的本地地址池地址范围和已有本地地址池冲突

Failed to compute ECDH shared key.

计算ECDH共享密钥失败

Received an invalid DH group.

收到的IKEv2报文中携带错误的或不支持的DH号

Required key length (keylen) over 255 times the length of the PRF output.

IKEv2计算密钥时，要求的密钥长度超过了PRF算法输出长度的255倍

Failed to compute keys.

计算密钥失败

Failed to obtain hash algorithm.

从加密算法库中获取Hash算法失败

Failed to obtain encryption algorithm.

从crypto获取加密算法失败

Failed to obtain private key.

获取DSA/ESA/EC私钥失败

Failed to obtain public key.

证书方式签名AUTH载荷时，获取公钥失败

Failed to compute local authentication data.

计算本端的认证数据失败

Failed to compute SKEYSEED.

计算密钥种子失败

Failed to compute keying material.

计算密钥材料失败

Failed to create IPsec keying material.

创建IPsec密钥材料失败

Failed to verify peer's authentication data.

验证对端的认证数据失败

Invalid length (length) for hash-and-URL encoded certificate.

hash-and-url编码方式的证书长度非法

A non-printable character exists in the URL of the hash-and-URL encoded certificate. Ignored the character and those that follow.

Hash-and-url编码方式的证书里的URL中有不可打印的字符，忽略掉该字符和它之后的内容

Invalid X509 digest length (length) in Certificate Request payload.

证书请求载荷中X509摘要长度非法

Unsupported certificate request encoding type cert-encoding-type.

不支持的证书请求编码方式

No certificate exists in payload.

载荷中没有证书

Received an unsupported hash-and-URL encoded certificate.

接收到对端的hash-and-url编码格式证书，但是本端不支持该格式证书

Failed to obtain a certificate from URL url.

从URL地址对应的证书服务器获取证书失败

Unsupported certificate encoding type cert-encoding-type.

不支持的证书编码方式

Failed to obtain certificate data.

获取认证数据失败

Failed to construct Certificate Request payload.

构造证书请求载荷失败

Failed to obtain certificate and key pair.

获取证书和密钥对失败

Failed to obtain certificate request.

获取证书请求失败

Failed to construct USE_TRANSPORT notification.

构造USE_TRANSPORT通知消息失败

Failed to find the Child SA for rekey.

找不到需要重协商的Child SA

Lack of SA payload.

报文中缺少SA载荷

Lack of TSi payload.

报文中缺少TSi载荷

Lack of TSr payload.

报文中缺少TSr载荷

Local and peer encapsulation modes not match.

协商双方的封装模式不匹配

Failed to parse TS payload.

解析TS载荷失败

Failed to obtain IPsec policy for rekeying IKE SA.

重协商IKE SA时，获取IPsec策略失败

Failed to find IKE SA for rekey.

找不到需要重协商的IKE SA

Lack of NONCE payload.

IKEv2报文中缺少nonce载荷

Failed to generate cookie.

生成cookie失败

Invalid payload attribute: type=attribute-type, length=attribute-len.

长度为attribute-len，类型为attribute-type的载荷属性非法

Failed to get address pool to assign internal address.

从AAA获取IPv4地址池失败，无法分配私网地址

The addresses in address pool pool-name were exhausted.

地址池地址资源耗尽

Failed to assign an address from address pool pool-name to the peer.

从地址池中为对端分配地址失败

Failed to get IPv6 address pool to assign internal address.

从AAA获取IPv6地址池失败，无法分配私网地址

Failed to assign an address from address pool pool-name.

从地址池获取IP地址失败

Configuration payload attribute attribute-name ignored: unsupported attribute.

不支持的配置载荷属性，将其忽略

Unsupported Configuration payload attribute attribute-name.

不支持的配置载荷属性

Failed to construct Configuration payload.

构造配置载荷失败

Unsupported Configuration payload type.

不支持的配置载荷类型

Failed to construct Delete payload.

构造删除载荷失败

Failed to send add-DPD request.

向IPsec进程发送添加DPD请求失败

Failed to send delete-DPD request.

向IPsec进程发送删除DPD请求失败

Failed to increase memory for packet generator.

构造报文时增大内存空间失败

Encoding type encoding-type-name supports only 8-bit alignment.

encoding-type-name编码类型要求报文中添加的内容必须8比特对齐

4-bit integers must be 4-bit aligned.

要添加的4比特整数内容必须是4比特对齐

Attribute format flag was not set.

未设置属性格式标记

Failed to generate a data block at bitpos bitpos.

在报文的bitpos位置处生成数据块失败

Invalid encoding type encoding-type in rule number.

该编码规则（编号为number）中的编码类型（类型为encoding-type）不合法

Failed to pad data encoded by rule number of type encoding-type.

向报文中填充number 编码规则encoding-type编码类型的数据失败

Invalid ID type id-type was found during ID payload construction.

构造ID载荷时发现不可识别的身份类型

Unsupported ID type (id-type).

不支持的身份类型

Failed to construct payload-type payload.

构造载荷失败

Received AUTHENTICATION_FAILED notification. Destroyed IKE SA.

收到认证失败通知报文，销毁IKE SA

Profile profile-name does not exist.

IKEv2 profile不存在

No keychain found in profile profile-name.

profile下没有配置keychain

No pre-shared key found.

没有找到预共享密钥

No pre-shared key found for local or peer.

没有找到本端或对端的预共享密钥

Failed to create Child SA while getting SPI.

发起方获取SPI（安全参数索引）时创建Child SA失败

Failed to find peer authentication method.

没有找到对端的认证方式

Failed to find local pre-shared key.

没有找到本端预共享密钥

No matching profile found.

没有找到匹配的proile

Profile profile-name does not exist.

profile不存在

Peer authentication method was not specified in the profile.

Profile中没有配置对端的认证方式

Failed to find peer pre-shared key.

没有找到对端预共享密钥

IPsec policy verification failed because peer ID does not match profile profile-name.

对端的身份信息匹配profile失败，因此对端的安全策略验证失败

Lack of IDr payload.

报文中缺少响应方ID载荷

Peer ignored AUTH payload and proposed EAP, which was unsupported on local.

对端忽略AUTH载荷，期望使用EAP认证方式，但是本端不支持

Lack of SA payload.

报文中缺少SA载荷

Lack of KE payload.

报文中缺少KE载荷

Lack of NONCE payload.

报文中缺少NONCE载荷

Profile profile-name not found to construct AUTH exchange request. IKEv2 negotiation terminated.

发起方构造AUTH交换请求报文时找不到对应的profile，终止IKEv2协商

Child SA not found. IKEv2 negotiation terminated.

找不到Child SA，终止协商

Failed to find Child SA.

查找Child SA失败

Authentication failed.

认证失败

Failed to create new Child SA.

新建Child SA失败

Failed to parse KE payload.

解析KE载荷失败

Received an invalid DH group.

收到一个不可识别的DH号

The peer's KE payload contained an incorrect DH group.

对端的KE载荷中包含了错误的DH group

The local proposed DH group dh-group1 rather than DH group dh-group2.

本端提议使用dh-group1，而不是dh-group2

Failed to construct KE payload.

构造KE载荷失败

Failed to parse KE payload.

解析KE载荷失败

The peer's KE payload contained an incorrect DH group.

对端的KE载荷中包含错误的DH组

Failed to calculate DH public key.

计算DH公钥失败

Failed to parse payload-type payload.

解析载荷失败

Failed to parse packet due to lack of Encrypted payload.

收到的IKEv2协商报文中没有加密载荷，解析报文失败

Encrypted payload was not the last payload.

加密载荷不是最后一个载荷

Invalid payload length.

载荷长度非法

Number of received payload-type payloads exceeded the upper limit.

本端收到payload-type类型的载荷数目超过最大值

Number of received payload-type payloads was smaller than the lower limit.

payload-type类型载荷出现的次数少于最小值

Invalid message: exchange type=exchange-type, request flag=flag.

非法消息，交换类型为exchange-type，请求报文标记为flag（flag取值为true或者false）

Invalid message.

非法的消息

Failed to construct NAT-OA payload.

构造NAT-OA载荷失败

Failed to parse NAT-OA payload.

解析NAT-OA载荷失败

Failed to compute NAT-D.

计算NAT-D失败

Unrecognized protocol (prototolID).

不识别的协议号

Invalid data length (data-length) for notify-type notification.

notify-type类型的通知数据长度非法

Local did not accept the DH group proposed by peer.

本端不接受对端提议的DH号

Local does not support the DH group proposed by peer.

本端不支持对端提议的DH号

Failed to construct NOTIFY payload.