2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
ad14f2084e
testing: Add ikev2/mobike-virtual-ip-nat scenario
...
This tests moving from a public IP behind a NAT and back (with proper
changes of the UDP encapsulation).
2018-02-09 11:21:02 +01:00
fcff3808b4
charon-tkm: Update to latest Anet version
2018-02-08 17:01:38 +01:00
476200ecc6
Version bump to 5.6.2dr4
2018-02-03 11:05:21 +01:00
4492c9c670
testing: Ignore IP-in-IP SAs created with IPComp SAs that remain in the kernel
...
The kernel creates such SAs to handle uncompressed small packets. They
are implicitly created and deleted with IPComp SAs. The problem is that
when we delete an IPComp SA only that state is deleted and removed from
the SA lists immediately, the IP-in-IP state is not removed until the IPComp
state is eventually destroyed. This could take a while if there are still
references to it around. So the IP-in-IP states will keep getting reported
by ip xfrm state until that happens (we also can't flush or explicitly delete
such kernel-created states).
In kernels before 4.14 this wasn't really a problem but since
ec30d78c14a8 ("xfrm: add xdst pcpu cache") the kernel seems to keep the
references to the last used SAs around a lot longer.
Also, usually a test scenario following an IPComp scenario will create
and use new SAs and thus the cached SAs will disappear before the kernel
state is checked again. However, if a following scenario uses different
hosts the states might remain, which caused some unrelated scenarios to
fail before adding this fix.
2018-02-01 17:10:19 +01:00
3c5b010f5b
testing: Added Linux 4.14 and 4.15 config files
2018-01-31 21:32:45 +01:00
351a08e1ff
testing: Fix swanctl --list-sas checks in some scenarios
...
::YES was missing (or written as ::YES]) rendering those checks void.
Turns out some of them actually were wrong.
2017-12-22 10:22:47 +01:00
b3a793541d
testing: Add route-based/net2net-gre scenario
2017-12-22 10:22:47 +01:00
f007bc9ff4
testing: Enable GRE support in 4.13 config
...
Also enables IPv6 support for VTI devices.
2017-12-22 10:22:47 +01:00
e71593d91c
testing: Add route-based/net2net-vti scenario
2017-12-22 10:22:47 +01:00
ff7129ee6a
testing: Added route-based/rw-shared-vti-ip6-in-ip4 scenario
2017-12-22 10:22:47 +01:00
a35416af1c
testing: Added route-based/rw-shared-vti scenario
2017-12-22 10:22:47 +01:00
95deada184
testing: Enable VTI module in kernel config
2017-12-22 10:22:47 +01:00
82b91e113a
testing: Override user environment PATH in chroot
...
chroot will capture the user environment's PATH variable, which may be
wrong (e.g. not include /bin:/sbin, as it is on Arch). We should set a
known-working PATH variable in the chroot.
2017-12-22 10:22:47 +01:00
344e1b6060
Version bump to 5.6.2dr3
2017-12-13 08:54:54 +01:00
5d3eb57cfd
Version bump to 5.6.2dr2
2017-12-10 21:42:02 +01:00
4f60b72a81
Version bump to 5.6.2dr1
2017-12-05 22:23:43 +01:00
8517a0edb4
testing: Explicitly deliver all test results as text/plain
2017-11-28 16:17:50 +01:00
203a86ecb8
Version bump to 5.6.1
2017-11-17 22:42:28 +01:00
f60b08ba0d
testing: Added swanctl/rw-cert-pss scenario
2017-11-17 22:42:07 +01:00
ce4aebe00a
testing: Configure logging via syslog in strongswan.conf
...
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
2017-11-15 17:24:04 +01:00
d24d26c4bc
testing: Disable logging via journal in charon-systemd
...
This avoids duplicate log messages as we already log via syslog to get
daemon.log.
2017-11-15 17:12:09 +01:00
be214cb17e
testing: Globally define logging via syslog for charon-systemd
...
We could make the same change for charon (actually setting it for charon
in strongswan.conf.testing would work for charon-systemd too), however,
there are dozens of test cases that currently set charondebug in
ipsec.conf.
2017-11-15 17:09:55 +01:00
859cb93d28
testing: Do not remove all swanctl subdirectories
2017-11-11 19:23:01 +01:00
b20bf062e8
Version bump to 5.6.1rc1
2017-11-11 18:25:17 +01:00
13a3f20f2e
testing: Converterd tnc to systemd
2017-11-11 16:41:16 +01:00
323f0b05d7
testing: Converted sql to systemd
2017-11-11 16:41:15 +01:00
70dc5bb8ad
testing: Converted swanctl to systemd
2017-11-11 16:41:15 +01:00
65f74cd13d
testing: Added legacy ipv6-stroke scenarios
2017-11-11 16:41:15 +01:00
4402013f05
testing: Converted ipv6/rw-ip6-in-ip4-ikev2 to swanctl
2017-11-10 13:54:51 +01:00
b3ccfcd05e
testing: Converted ipv6/rw-ip6-in-ip4-ikev1 to swanctl
2017-11-10 13:54:50 +01:00
da5aa6ae6a
testing: Converted ipv6/net2net-ip6-in-ip4-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
12dbca721e
testing: Converted ipv6/net2net-ip6-in-ip4-ikev1 to swanctl
2017-11-10 13:54:50 +01:00
f0476c4a82
testing: Converted ipv6/rw-rfc3779-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
96d7d9392f
testing: Converted ipv6/rw-compress-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
34acd584e5
testing: Converted ipv6/rw-psk-ikev2 to swanctl
2017-11-10 11:49:49 +01:00
0770b37f8f
testing: Converted ipv6/rw-psk-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
ffe0d82c03
testing: Converted ipv6/rw-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
a96238a0d0
testing: Converted ipv6/rw-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
8215681a4a
testing: Converted ipv6/net2net-rfc3779-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
04b79bc98c
testing: Converted ipv6/net2net-ip4-in-ip6-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
fd3f6871c9
testing: Converted ipv6/net2net-ip4-in-ip6-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
f57ca13e28
testing: Converted ipv6/transport-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
4ae1f7c0e3
testing: Converted ipv6/transport-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
7812b6e6cf
testing: Converted ipv6/net2net-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
e94db2b4ad
testing: Converted ipv6/net2net-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
47ec3326e7
testing: Converted ipv6/host2host-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
087b027f88
testing: Converted ipv6/host2host-ikev1 to swanctl
2017-11-10 11:49:39 +01:00
0a6f8644ef
testing: Removed libipsec/rw-suite-b
2017-11-10 11:49:39 +01:00
9375c9c9db
testing: Converted libipsec/net2net-null to swanctl
2017-11-10 11:49:39 +01:00
Tobias Brunner