We now support OpenSSL's implementation in the openssl plugin. This
makes sure our plugin is used on at least one of the hosts if we ever
switch to an OpenSSL version that supports ML-KEM.
In the ikev2/rw-mlkem scenario the logic is reversed. There the ml plugin
is preferred on moon to test the responder side (and carol for the
initiator) and dave will switch to OpenSSL if it ever provides ML-KEM.
Tests transport mode and UDP encapsulation with random source ports.
Interestingly, the responder always uses the same SA to respond (maybe
due to the cache on the policy).
A recent gettext release (0.25 via Homebrew) installs the M4 macros in a
different location (<prefix>/share/gettext/m4 instead of
<prefix>/share/aclocal). According to the commit messages to avoid "bad
interactions between autoreconf and autopoint". Since we only depend
on gettext for that macro and this move makes it complicated, we can also
just integrate the macro from gnulib directly (which gettext 0.18+ relies
on anyway).
It seems that scp is sometimes very slow (unclear what causes it as it's
not always the same). Packing up the files with tar performs a lot
better in these situations. And copying the files to multiple hosts
in parallel additionally helps to reduce the time required for these
steps.
Using --overwrite and -h preserves existing symlinks (e.g. for the users
file in /etc/freeradius/3.0) and overwrites the target file instead.
The -m option ignores timestamps when extracting the files as some target
files will be newer than the source. Using -h when packing up files in
load-testconfig allows using symlinks in the test config dirs to files
on the host running the tests.
The file won't exist in the previous location until load-testconfig was
executed once. Since it's not modified by the script it's fine to
load it directly from the original location.
Fixes: a103f3a2849f ("testing: Add options to only run pre- or posttest scripts of a scenario")
This allows to manually do some testing without having to type commands
to set up a scenario.
Also changes how arguments are parsed (allowing to pass options mixed
with test dirs) and adds some usage output.
Some scenarios disable route installation and if they are executed before
any scenarios that don't, there won't be a rule for table 220 and we get
"FIB table does not exist" errors.
Directly calling setup.py is deprecated (apparently has been for a while,
but now we get large warnings). Direct installation is also discouraged.
So this removes that option. The built wheel (the old egg format is not
used/built anymore) can be installed manually in a venv or the like.
There are a lot of files without patterns and running them all through
sed is quite slow. Using grep first makes this quicker (about 0.5s per
test). Ignoring PEM files is also helpful.
In particular the swanctl calls all take a while and this allows doing
them in parallel if multiple hosts are involved. This reduces the runtime
of each test by 1-3 seconds.
In particular for the first one randomization could trigger an additional
rekeying, which let the "Adding ESA ..." check fail. But even without
randomization (could be seen in the second scenario that already uses
`rand_time=0`) 4 seconds can apparently be too low some time.
