sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-12-05 00:01:49 -05:00
Code Issues Projects Releases Wiki Activity
14,570 Commits 104 Branches 331 Tags
Commit Graph

1398 Commits

Author SHA1 Message Date
Tobias Brunner
f519acd42f testing: Remove nearly all sleep calls from pretest and posttest scripts 
By consistently using the `expect-connection` helper we can avoid pretty
much all previously needed calls to sleep.
 2015-11-09 15:18:35 +01:00
Tobias Brunner
f36b6d49af testing: Adapt tests to retransmission settings and reduce DPD delay/timeout 2015-11-09 15:18:34 +01:00
Tobias Brunner
8713e32435 testing: Only send two retransmits after 1 second each to fail negative tests earlier 2015-11-09 15:18:34 +01:00
Tobias Brunner
9a0871ab94 testing: Add a base strongswan.conf file used by all hosts in all scenarios 
We will use this to set some defaults (e.g. timeouts to make testing
negative tests quicker).  We don't want these settings to show up in the
configs of the actual scenarios though.
 2015-11-09 15:18:34 +01:00
Tobias Brunner
17816515d2 testing: Add libipsec/net2net-null scenario 2015-11-09 11:09:48 +01:00
Andreas Steffen
a98360a64c testing: BLISS CA uses SHA-3 in its CRL 2015-11-03 21:35:09 +01:00
Tobias Brunner
92ef3c2f21 testing: Update tkm to version 0.1.3 
Adds XFRM state/policy flush when terminating which caused tests to fail
due to the check added with 9086f060d35a ("testing: Let test scenarios
fail if IPsec SAs or policies are not removed").
 2015-10-30 11:19:44 +01:00
Tobias Brunner
c6aa606a65 testing: Actually send an uncompressed packet in the ipv6/rw-compress-ikev2 scenario 
The default of 56 bytes already exceeds the threshold of 90 bytes (8 bytes
ICMP + 40 bytes IPv6 = 104 bytes).  By reducing the size we make sure the
packet is not compressed (40 + 8 + 40 = 88).

This also fixes a strange failure of this scenario due to the recently
added post-test `ip xfrm state` check.  The kernel stores a reference to
the used SAs on the inbound skbuffs and since these are garbage collected
it could take a while until all references to an SA disappear and the SA
is finally destroyed.  But while SAs might not get destroyed immediately
when we delete them, they are actually marked as dead and therefore won't
show up in `ip xfrm state`.  However, that's not the case for the tunnel
SAs the kernel attaches to IPComp SAs, which we don't explicitly delete,
and which aren't modified by the kernel until the IPComp SA is destroyed.
So what happened when the last ping unintentionally got compressed is that
the skbuff had a reference to the IPComp SA and therefore the tunnel SA.
This skbuff often was destroyed after the `ip xfrm state` check ran and
because the tunnel SA would still get reported the test case failed.
 2015-10-06 15:48:55 +02:00
Andreas Steffen
2b5c543051 testing: added ikev2/alg-chacha20poly1305 scenario 2015-09-01 17:30:15 +02:00
Andreas Steffen
57eb3b2b25 testing: update to Linux 4.2 kernel 2015-09-01 17:29:30 +02:00
Tobias Brunner
e9ea7e6fb7 testing: Updated environment variable documentation in updown scripts 2015-08-31 11:00:05 +02:00
Andreas Steffen
cdb61c3e88 Added some spaces in swanctl.conf 2015-08-25 15:10:13 +02:00
Tobias Brunner
9086f060d3 testing: Let test scenarios fail if IPsec SAs or policies are not removed 
The IKE daemon should delete all installed SAs and policies when
everything works properly, so we fail the test if that's not the case.
 2015-08-21 18:27:06 +02:00
Tobias Brunner
c91682d1b8 testing: Flush state and policies before every scenario 
Similar to conntrack we make sure we are working on a clean slate.
 2015-08-21 18:27:06 +02:00
Tobias Brunner
8923621280 testing: Fix typo in p2pnat/behind-same-nat scenario 2015-08-21 17:48:37 +02:00
Tobias Brunner
efb4b9440a testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenario 2015-08-21 11:37:23 +02:00
Tobias Brunner
161d75f403 testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenario 2015-08-21 11:17:25 +02:00
Tobias Brunner
18943c1f1b testing: Print triplets.dat files of clients in EAP-SIM scenarios 
References #1078.
 2015-08-21 11:16:56 +02:00
Tobias Brunner
bb1d9e454d testing: Add ikev2/trap-any scenario 2015-08-19 11:34:25 +02:00
Andreas Steffen
5f60c55919 Extend HCD attribute data for tnc/tnccs-20-hcd-eap scenario 2015-08-18 21:25:39 +02:00
Andreas Steffen
b19ef52d51 Added reason string support to HCD IMV 2015-08-18 21:25:39 +02:00
Andreas Steffen
627e4b9659 Fixed patches format delimited by CR/LF 2015-08-18 21:25:39 +02:00
Andreas Steffen
ac28daac38 testing: Added tnc/tnccs-20-hcd-eap scenario 2015-08-18 21:25:39 +02:00
Andreas Steffen
ebed384887 testing: enable HCD IMC and IMV 2015-08-18 21:25:38 +02:00
Andreas Steffen
626b2e85f0 testing: Update AAA certificate on Freeradius as well 2015-08-05 10:01:21 +02:00
Andreas Steffen
9b1eaf083f testing: Updated expired AAA server certificate 2015-08-04 21:50:01 +02:00
Tobias Brunner
008a9ad12c testing: Don't run do-tests when hosts are not running 
running_any is satisfied if at least one host is running.  We could
easily add a running_all() helper to check if all hosts are running if
it turns out that's not strong enough.
 2015-08-03 13:34:05 +02:00
Tobias Brunner
50dd7de226 testing: Suppress errors when checking for running hosts 
If libvirt is not running virsh can't connect to it and will complain that
the socket does not exist.
 2015-08-03 12:54:09 +02:00
Andreas Steffen
493ad293b7 testing: Adapted ha/both-active scenario to new jhash values 2015-07-31 14:43:40 +02:00
Tobias Brunner
1f406f3e6e testing: Fix initial kernel build 
The directory does not exist yet if the kernel was never built.

Fixes: a4a13d0be29b ("testing: Extract and patch each kernel version only once")
 2015-07-31 12:34:44 +02:00
Andreas Steffen
fbcac07043 testing: Regenerated BLISS certificates due to oracle changes 2015-07-27 22:09:08 +02:00
Andreas Steffen
aaeb524cea testing: Updated loop ca certificates 2015-07-22 17:11:00 +02:00
Andreas Steffen
450c6e8dd9 testing: Added swanctl --list-authorities output to do-tests 2015-07-22 13:27:08 +02:00
Andreas Steffen
73cbd5c7f8 testing: Updated all swanctl scenarios and added some new ones 2015-07-22 13:27:08 +02:00
Andreas Steffen
db69295d2e tests: Introduced IPV6 flag in tests.conf 2015-07-21 23:17:14 +02:00
Andreas Steffen
6b265c5e5c tests: Introduced SWANCTL flag in test.conf 2015-07-21 23:17:14 +02:00
Andreas Steffen
3d9bfb607c tests: fixed evaltest of swanctl/rw-cert scenario 2015-07-21 23:17:13 +02:00
Andreas Steffen
f335e2f848 tests: fixed description of swanctl ip-pool scenarios 2015-07-21 23:17:13 +02:00
Tobias Brunner
170e8d141c testing: Do not attempt to start the test environment if hosts are still running 2015-07-15 16:53:37 +02:00
Martin Willi
918dfce551 testing: Enable AESNI/PCLMULQD in moon/sun guests, if supported 2015-07-12 13:54:08 +02:00
Martin Willi
2a75c6e487 testing: Do not overwrite kernel configuration if it already exists 
This allows us to do changes to the kernel configuration using menuconfig
and friends, and update the kernel with make-testing.
 2015-07-12 13:54:08 +02:00
Martin Willi
a4a13d0be2 testing: Extract and patch each kernel version only once 
This allows us to do modifications to the kernel tree and rebuild that kernel
using make-testing. We can even have a git kernel tree in a directory to
do kernel development.
 2015-07-12 13:54:08 +02:00
Martin Willi
6f913def3c testing: Build with --enable-chapoly 2015-07-12 13:54:08 +02:00
Andreas Steffen
b8399a2edc testing: use a decent PSK 2015-05-30 16:56:41 +02:00
Andreas Steffen
1047d44b57 testing: Added ha/active-passive scenario 2015-05-30 16:48:17 +02:00
Tobias Brunner
13497e6cc1 testing: Include iperf and htop in base image 2015-05-22 13:30:10 +02:00
Tobias Brunner
682aab205e testing: Don't check parent dir (and subdirs) when downloading OpenSSL packages 2015-05-21 09:32:37 +02:00
Tobias Brunner
c077642cbd testing: Fix kernel download URL for kernel versions != 4.x 2015-05-19 17:00:06 +02:00
Tobias Brunner
966efbc10d testing: Fix URL to TNC@FHH project in scenario descriptions 2015-05-05 11:48:56 +02:00
Reto Buerki
41e9a261ac testing: Update TKM assert strings 2015-05-05 10:55:14 +02:00