b5f3c1f785
Define SSHCONF from strongswan testing directory, not TESTDIR
...
This fixes the use of SSHCONF in the ssh wrapper script before ./do-tests
had a chance to create the required symlinks.
2013-03-26 10:31:29 +01:00
0ba8842348
Lazy unmount guest filesystem after building image, as it still might be busy
2013-03-26 10:31:29 +01:00
f7fea72e46
Recipes: Disable Anet unit tests
...
Some Anet unit tests may fail because of the network configuration on
the testing host. These failures do not indicate a problem in Anet but
are a result of unpredictable events.
2013-03-25 16:49:30 +01:00
7e20062fdf
Added hostapd package to base image
2013-03-22 23:53:39 +01:00
8f72ba4aff
Added Framed-IP-Address information to RADIUS accounting records
2013-03-22 23:52:01 +01:00
0b6c43f038
Added ikev2/rw-eap-framed-ip-radius scenario
2013-03-22 19:08:42 +01:00
4a3c1cdc2b
Store debug output from standalone IMC/IMVs
2013-03-22 16:45:24 +01:00
1eada67bcb
Added ikev2/ip-two-pools-v4v6-db scenario
2013-03-22 12:18:43 +01:00
3db17b0ccc
Fixed TKM build
2013-03-22 10:35:48 +01:00
2c80ab3def
Build TNC-enabled wpa_supplicant
2013-03-22 10:33:39 +01:00
8484f2bc5c
Implement multiple-clients integration test
...
Two transport connections to gateway sun are set up, one from client
carol and the other from client dave. The gateway sun uses the Trusted
Key Manager (TKM) and is the responder for both connections. The
authentication is based on X.509 certificates. In order to test the
connections, both carol and dave ping gateway sun.
2013-03-19 15:23:51 +01:00
a520e4a010
Implement net2net-xfrmproxy integration test
2013-03-19 15:23:50 +01:00
847d320950
Implement net2net-initiator integration test
2013-03-19 15:23:50 +01:00
d8b2064a34
Add xfrm_proxy integration test
2013-03-19 15:23:50 +01:00
f10f7fe261
Provide script to build Ada XFRM proxy
2013-03-19 15:23:50 +01:00
3150dbd3e3
Add TKM responder integration test
2013-03-19 15:23:50 +01:00
117375ed00
Add initial TKM integration test
...
A connection between the hosts moon and sun is set up. The host moon
uses the Trusted Key Manager (TKM) and is the initiator of the transport
connection. The authentication is based on X.509 certificates.
2013-03-19 15:23:50 +01:00
7b702150a0
Add expect-file guest image script
...
This script can be used in pretest.dat files to wait until a given file
appears.
2013-03-19 15:23:50 +01:00
0e1d008d71
Add /usr/local/lib/ipsec to linker cache
2013-03-19 15:23:50 +01:00
b491ee4ecd
Provide recipes to build tkm and required libraries
2013-03-19 15:23:50 +01:00
3fc766d61e
Add GNAT compiler and Ada libs to base image
2013-03-19 15:23:50 +01:00
7a87381840
testing: Rename interfaces and bridges so they are easier to identify
...
This simplifies capturing traffic with Wireshark on the host as each of
the guest's interfaces is clearly identified.
The three bridges were previously numbered starting from 0, this scheme
is restored here.
2013-03-19 11:50:39 +01:00
9525e9c506
testing: Don't use a specific version for the QEMU machine type
...
The previously used pc-1.1 is not yet available on e.g. Ubuntu 12.04.
With 'pc' the most current supported version of that type is used.
2013-03-19 11:50:39 +01:00
d62f043f01
testing: Add screen package to base image
...
Makes working in a single SSH session easier.
2013-03-05 17:40:13 +01:00
eeb029360a
testing: Enable ssh connection to second IP by name (e.g. moon1)
2013-03-05 17:40:13 +01:00
45ee7c9429
testing: ssh script accepts IP addresses instead of host names
2013-03-05 17:40:13 +01:00
5057455674
testing: ssh script forwards arguments to ssh command
...
This allows to execute commands on a virtual host.
2013-03-05 17:40:12 +01:00
d7eec03815
removed unneeded DS files
2013-03-05 09:08:25 +01:00
7b11a1dcdc
upgraded KVM test suite to Linux 3.8 kernel
2013-03-03 11:59:07 +01:00
f7580a5a67
added openssl-ikev2/alg-aes-gcm scenario
2013-03-03 11:43:52 +01:00
81419b9748
use DNs in tnc/tnccs-20-tls scenario
2013-03-03 10:47:17 +01:00
9a70fe8412
testing: Add a script to easily connect to a host via SSH
...
This doesn't require any entries in /etc/hosts and the correct SSH
config is used to allow password-less access.
2013-02-28 18:21:14 +01:00
b32e732b2f
Check kvm command existence in start-testing
2013-02-22 19:22:08 +01:00
f0c102cbfa
Added ikev2/rw-dnssec scenario
2013-02-19 12:25:01 +01:00
1d4ff25fb8
Added ikev2/net2net-dnssec scenario
2013-02-19 12:25:01 +01:00
37c589f0e0
Configure winnetou as a DNSSEC enabled nameserver for the strongswan.org, org, and root zones
2013-02-19 12:25:01 +01:00
3fbc328d14
Build unbound and ipseckey plugins on KVM image
2013-02-19 12:25:01 +01:00
5374fe3a09
added ikev1/net2net-fragmentation scenario
2013-02-12 23:01:48 +01:00
7d355f853d
use EAP identity in tnc/tnccs-20-pdp scenario
2013-02-12 20:41:37 +01:00
d82372fab8
Removed INSTALL from EXTRA_DIST
2013-01-17 23:20:37 +01:00
232af2fab5
Updated documentation for the integration tests
2013-01-17 16:56:02 +01:00
812cd9c18a
Removed UML from description of ikev2/default-keys test
2013-01-17 16:56:02 +01:00
b1169a880a
Updated comments in test.conf of all tests
2013-01-17 16:56:02 +01:00
7699a928f7
Renamed $UMLHOSTS to $VIRTHOSTS
2013-01-17 16:56:02 +01:00
88bffacfdc
Drop vim swap file
2013-01-17 16:55:04 +01:00
f3db566983
Enforce reception of multicast traffic on virbr[1|2]
...
This is needed to let the ha/both-active test pass.
2013-01-17 16:55:04 +01:00
41943e9c1b
Make core dumps work
...
Core dumps are written to the /var/local/dumps directory.
2013-01-17 16:55:04 +01:00
e3a3013323
Append seconds to TESTDATE
...
This avoids 'file exists' warnings when running tests multiple times in
one minute.
2013-01-17 16:55:04 +01:00
2c4954ad24
Switch to 'mapped' access mode for hostfs
...
Passthrough mode only works as expected when running as root. On
Debian/Ubuntu systems qemu runs as user 'libvirt-qemu' and group 'kvm'
so all shared files must be chowned to grant access from guests.
Symlinks created on the host are still problematic because the Plan 9
filesystem has no direct notion of symbolic links, see [1].
[1] - http://ericvh.github.com/9p-rfc/rfc9p2000.u.html
2013-01-17 16:55:04 +01:00
677795c3e7
Make guest ACPI shutdown work
2013-01-17 16:55:03 +01:00
c25f850601
Drop obsolete Gentoo dhcpd init script
2013-01-17 16:55:03 +01:00
530f7b8421
No need to enable ip_forward in pretest files
...
It is enabled by default now.
2013-01-17 16:55:03 +01:00
49b1655ae1
Auto-create symlink to testing directory in workdir
2013-01-17 16:55:03 +01:00
44e533b88e
converted ha/both-active iptables scenario
2013-01-17 16:55:03 +01:00
5c09942d54
converted all ipv6 iptables/ip6tables scenarios
2013-01-17 16:55:03 +01:00
a0ffe67fab
converted all p2pnat iptables scenarios
2013-01-17 16:55:02 +01:00
b27836412b
Rename UML to KVM tests
2013-01-17 16:55:02 +01:00
472a411aa8
converted all tnc iptables scenarios
2013-01-17 16:55:02 +01:00
4aa32cc3fe
List daemon.log on $RADIUSHOSTS
2013-01-17 16:55:02 +01:00
cedc96c2c4
implemented ip6tables.rules
2013-01-17 16:55:02 +01:00
136f74161b
converted all sql iptables scenarios
2013-01-17 16:55:02 +01:00
6fff9d9ace
converted all pfkey iptables scenarios
2013-01-17 16:55:01 +01:00
8fbb9458d6
converted all openssl-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
44047e7adb
converted all openssl-ikev1 iptables scenarios
2013-01-17 16:55:01 +01:00
61ab7db386
converted all gcrypt-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
1dc14281fc
converted all af-alg iptables scenarios
2013-01-17 16:55:01 +01:00
ac09da8e50
added ikev1/nat-virtual-ip scenario
2013-01-17 16:55:00 +01:00
ca0128588f
converted all ikev1 iptables scenarios
2013-01-17 16:55:00 +01:00
d815235d17
use iptables-restore in all ikev2 firewall scenarios
2013-01-17 16:55:00 +01:00
28b7db2b3c
Updated mark_update script in several IKEv2 scenarios
2013-01-17 16:55:00 +01:00
9b4477d5b8
activated iptables in some ikev2 scenarios
2013-01-17 16:55:00 +01:00
8e75e8dfa7
Fixed NO evaltest in tnc/tnccs-20-pdp scenario
2013-01-17 16:54:59 +01:00
9c36018cc7
Disable IPv4 forwarding on carol in order to pass tnc/tnccs-20-os scenario
2013-01-17 16:54:59 +01:00
7deb8bd905
Added less package to Debian base image
2013-01-17 16:54:59 +01:00
54c526675e
Added config directory to EXTRA-DIST
2013-01-17 16:54:59 +01:00
8b8a4c5c45
Added config für Linux 3.6 guest kernels
2013-01-17 16:54:59 +01:00
aafc0a1799
Make test scripts callable from any path
2013-01-17 16:54:58 +01:00
0593b6c975
Export compile directory to guests
...
Use 9p over virtio to share files on the host with the guest domains.
The files are accessible in the guests /hostfs directory.
2013-01-17 16:54:58 +01:00
48ea1d8b0b
Create all images in $BUILDDIR/images
2013-01-17 16:54:58 +01:00
482d3ec9ff
Also restore 'default' host configuration
2013-01-17 16:54:58 +01:00
58e0b386ea
Add eth1 NIC to alice domain
2013-01-17 16:54:58 +01:00
602ba2f6d1
Adjust ikev2/farp test to qemu network interfaces
2013-01-17 16:54:58 +01:00
23382d2e00
Directly use STRONGSWANHOSTS in build-guestimages
...
Drop support for building guests specified on the command line; creating
all images unconditionally is very fast now thanks to qcow2.
2013-01-17 16:54:57 +01:00
12f1ff3a0e
Drop SELECTEDTESTSONLY support
2013-01-17 16:54:57 +01:00
50fb9b8457
Use exit trap to kill open ssh sessions
2013-01-17 16:54:57 +01:00
16cd6f63e2
Don't refer to recipes and images via $TESTDIR
...
This way no symlink to the testing directory is required in $TESTDIR.
2013-01-17 16:54:57 +01:00
7fa92110e8
Adjust ikev2/dhcp tests to qemu network interfaces
2013-01-17 16:54:57 +01:00
b351656cc7
Disable checksum offloading on moon's eth1 interface
...
Disable checksum offloading on eth1 because it does not currently work
with virtio and the isc-dhcp-server running on venus, see [1].
[1] - https://bugs.mageia.org/show_bug.cgi?id=1243
2013-01-17 16:54:57 +01:00
63178a8830
Add ethtool to debootstrap package includes
2013-01-17 16:54:56 +01:00
82499010eb
stop-testing requires virsh
2013-01-17 16:54:56 +01:00
bd4c6122a4
Add ssh config to guest root account
2013-01-17 16:54:56 +01:00
ac8c96e51b
Patch iptables for use with HA kernel patch (XFRM hooks)
2013-01-17 16:54:56 +01:00
1a16b170ba
start-testing requires virsh
2013-01-17 16:54:56 +01:00
cbe031d755
Make root image a clone of the base image
2013-01-17 16:54:56 +01:00
76ccd25a05
Add expect-connection guest image script
...
This script can be used in pretest.dat files to wait until an IPsec
connection becomes available. This avoids unconditional sleeps and
improves test performance.
The ipv6 tests have been updated to use the expect-connection script.
2013-01-17 16:54:55 +01:00
44e83859e0
Rename build-umlhostfs script to build-guestimages
2013-01-17 16:54:55 +01:00
90dd71e41c
Rename build-umlrootfs script to build-rootimg
2013-01-17 16:54:55 +01:00
258cbd40cf
Unify naming of base,root image settings
2013-01-17 16:54:55 +01:00
aba43136c2
Drop now obsolete UML helper functions
2013-01-17 16:54:55 +01:00
345dba0de4
Exclude iptables from debootstrap
2013-01-17 16:54:55 +01:00
74c0839ad6
Run on_exit commands in FILO order
2013-01-17 16:54:54 +01:00
97265abaf0
Inform kernel about /dev/nbd0 partition changes
2013-01-17 16:54:54 +01:00
b24d3ed5fc
Test availability of required commands
2013-01-17 16:54:54 +01:00
f241f46d88
Exit make-testing on script failure
2013-01-17 16:54:54 +01:00
8ed98c1373
Switch from raw images to qcow2 format
...
This allows to use minimal copy-on-write clones of the base image as
guest images, which in turn saves a lot of disk space.
2013-01-17 16:54:54 +01:00
7fa2719185
Set default TESTDIR to /srv/strongswan-testing
2013-01-17 16:54:54 +01:00
bc3cc45e8b
Drop unneeded TZUML variable
2013-01-17 16:54:53 +01:00
043caec129
Set BUILDDIR to $TESTDIR/build
2013-01-17 16:54:53 +01:00
619c5430b8
Drop unneeded UMLKERNEL variable
2013-01-17 16:54:53 +01:00
bf48ee33e5
Rename UMLTESTDIR variable to TESTDIR
2013-01-17 16:54:53 +01:00
36a3fe90d8
Drop cecho functions
2013-01-17 16:54:53 +01:00
8cb4628ff9
Use log_action function in do-tests script
2013-01-17 16:54:53 +01:00
1102a8c1cc
Remove executable bit from testing.conf
2013-01-17 16:54:52 +01:00
9b3316ed27
Use qemu/KVM virtualization instead of UML
...
Guest and network configuration is setup using the libvirt
virtualization API. The [start|stop]_testing scripts have been updated
accordingly.
qemu/KVM does not currently support a hostfs, so the shared build tree
mount has been dropped for now.
2013-01-17 16:54:52 +01:00
f9df3d06b5
Rename build-umlkernel script to build-guestkernel
2013-01-17 15:22:11 +01:00
62a277cfae
Move ROOTFSDIR declaration to testing.conf
2013-01-17 15:22:11 +01:00
ee1cd88c7a
Prefix all recipes with a number
2013-01-17 15:22:11 +01:00
0cc4063799
Use do_on_exit() in build scripts for cleanup
2013-01-17 15:22:11 +01:00
9a045eef8e
Provide do_on_exit() function
...
This function allows to register an exit action which executes when the
calling script terminates.
2013-01-17 15:22:11 +01:00
7c2ef58e86
Import testing.conf file in function.sh
...
This is needed to have access to $LOGFILE and possibly other config
settings.
2013-01-17 15:22:10 +01:00
261cf0e395
Drop build-hostconfig script
...
Use processed host configurations directly instead.
2013-01-17 15:22:10 +01:00
2d1577d661
Update build-umlhostfs script to new log format
2013-01-17 15:22:10 +01:00
bf3ff0e585
Update build-umlrootfs script to new log format
2013-01-17 15:22:10 +01:00
5828e434bd
Update build-umlkernel script to new log format
2013-01-17 15:22:10 +01:00
fb2aab414a
Use red color in die() function
...
This is the function where red color SHOULD be used.
2013-01-17 15:22:10 +01:00
b86866579a
Move execute wrappers to function.sh file
2013-01-17 15:22:09 +01:00
9574bf7a5e
Use log_action, log_status in build-baseimage script
2013-01-17 15:22:09 +01:00
c120f25e60
Provide log_action and log_status functions
...
These two functions are used to log action descriptions and the
corresponding command exit status in a consistent way.
2013-01-17 15:22:09 +01:00
3c9df38c5e
Add chroot() helper function
2013-01-17 15:22:09 +01:00
3b75c7ddc8
Use execute wrapper to disable root password
2013-01-17 15:22:09 +01:00
6022f37aec
Simplify test starting and stopping logic
...
Reduce the coupling of the different scripts.
make-testing : Build the testing environment
start-testing : Start switches and guests
do-tests : Run tests
stop-testing : Stop switches and guests
2013-01-17 15:22:09 +01:00
18bce26ea6
Use key(and password-)less SSH authentication
2013-01-17 15:22:09 +01:00
beff82dd98
Adjust strongSwan version handling in HTML output
2013-01-17 15:22:08 +01:00
ffe710ae71
Patch AVP parsing in EAP-TTLS module in FreeRADIUS
2013-01-17 15:22:08 +01:00
d47b751850
Add recipes for libtnc and TNC@FHH
2013-01-17 15:22:08 +01:00
669fc9f9ec
Copy and display host specific tcpdump.log files
2013-01-17 15:22:08 +01:00
b460fb1dd2
Drop SHAREDTREE in favor of mounting the compile dir
2013-01-17 15:22:08 +01:00
633bee03fc
Patch EAP-SIM module in FreeRADIUS
2013-01-17 15:22:08 +01:00
d94f6a2ff6
Don't generate do-tests
2013-01-17 15:22:08 +01:00
533177003c
Adapt test configurations
...
Adapt test configurations to the new Debian-based system.
2013-01-17 15:22:07 +01:00
766466b8d1
Adapt host configuration
...
Adapt the configuration of the test hosts to the new Debian-based
system.
2012-12-18 16:00:21 +01:00
108040800d
Add recipe for iptables
2012-12-18 16:00:21 +01:00
adbb5cbd43
Add freeradius recipe
2012-12-18 16:00:21 +01:00
e61ce6ee02
Factor out building of strongswan into own Makefile
...
Small Makefiles (recipes) are used to install software from source into
the root UML image.
2012-12-18 16:00:21 +01:00
aa5803e0e3
testing: Switch to Debian based guest images
...
Instead of extracting a downloaded Gentoo filesystem tree into a file
containing a reiserfs filesystem, create an ext3 filesystem inside a
sparse file, mount it and debootstrap an up-to-date Debian system. Use
this image as base for all UML guest images.
Also, drop support for the various consoles and use xterm
unconditionally.
2012-12-18 16:00:21 +01:00
ef214f2855
added ike2/rw-eap-md5-class-radius scenario
2012-11-21 06:05:34 +01:00
7c49d77982
updated parameters
2012-11-12 10:45:38 +01:00
a9c9414d58
implemented IETF Numeric Version attribute
2012-10-18 22:33:26 +02:00
ef315c5a1c
implemented IETF Remediation Instructions attribute
2012-10-18 18:24:26 +02:00
154cae09e3
increased IMC/IMV debug level to 3
2012-10-17 10:02:53 +02:00
Martin Willi