Tobias Brunner
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
Tobias Brunner
ad14f2084e
testing: Add ikev2/mobike-virtual-ip-nat scenario
...
This tests moving from a public IP behind a NAT and back (with proper
changes of the UDP encapsulation).
2018-02-09 11:21:02 +01:00
Adrian-Ken Rueegsegger
fcff3808b4
charon-tkm: Update to latest Anet version
2018-02-08 17:01:38 +01:00
Andreas Steffen
476200ecc6
Version bump to 5.6.2dr4
2018-02-03 11:05:21 +01:00
Tobias Brunner
4492c9c670
testing: Ignore IP-in-IP SAs created with IPComp SAs that remain in the kernel
...
The kernel creates such SAs to handle uncompressed small packets. They
are implicitly created and deleted with IPComp SAs. The problem is that
when we delete an IPComp SA only that state is deleted and removed from
the SA lists immediately, the IP-in-IP state is not removed until the IPComp
state is eventually destroyed. This could take a while if there are still
references to it around. So the IP-in-IP states will keep getting reported
by ip xfrm state until that happens (we also can't flush or explicitly delete
such kernel-created states).
In kernels before 4.14 this wasn't really a problem but since
ec30d78c14a8 ("xfrm: add xdst pcpu cache") the kernel seems to keep the
references to the last used SAs around a lot longer.
Also, usually a test scenario following an IPComp scenario will create
and use new SAs and thus the cached SAs will disappear before the kernel
state is checked again. However, if a following scenario uses different
hosts the states might remain, which caused some unrelated scenarios to
fail before adding this fix.
2018-02-01 17:10:19 +01:00
Andreas Steffen
3c5b010f5b
testing: Added Linux 4.14 and 4.15 config files
2018-01-31 21:32:45 +01:00
Tobias Brunner
351a08e1ff
testing: Fix swanctl --list-sas checks in some scenarios
...
::YES was missing (or written as ::YES]) rendering those checks void.
Turns out some of them actually were wrong.
2017-12-22 10:22:47 +01:00
Tobias Brunner
b3a793541d
testing: Add route-based/net2net-gre scenario
2017-12-22 10:22:47 +01:00
Tobias Brunner
f007bc9ff4
testing: Enable GRE support in 4.13 config
...
Also enables IPv6 support for VTI devices.
2017-12-22 10:22:47 +01:00
Robin McCorkell
e71593d91c
testing: Add route-based/net2net-vti scenario
2017-12-22 10:22:47 +01:00
Robin McCorkell
ff7129ee6a
testing: Added route-based/rw-shared-vti-ip6-in-ip4 scenario
2017-12-22 10:22:47 +01:00
Robin McCorkell
a35416af1c
testing: Added route-based/rw-shared-vti scenario
2017-12-22 10:22:47 +01:00
Robin McCorkell
95deada184
testing: Enable VTI module in kernel config
2017-12-22 10:22:47 +01:00
Robin McCorkell
82b91e113a
testing: Override user environment PATH in chroot
...
chroot will capture the user environment's PATH variable, which may be
wrong (e.g. not include /bin:/sbin, as it is on Arch). We should set a
known-working PATH variable in the chroot.
2017-12-22 10:22:47 +01:00
Andreas Steffen
344e1b6060
Version bump to 5.6.2dr3
2017-12-13 08:54:54 +01:00
Andreas Steffen
5d3eb57cfd
Version bump to 5.6.2dr2
2017-12-10 21:42:02 +01:00
Andreas Steffen
4f60b72a81
Version bump to 5.6.2dr1
2017-12-05 22:23:43 +01:00
Tobias Brunner
8517a0edb4
testing: Explicitly deliver all test results as text/plain
2017-11-28 16:17:50 +01:00
Andreas Steffen
203a86ecb8
Version bump to 5.6.1
2017-11-17 22:42:28 +01:00
Andreas Steffen
f60b08ba0d
testing: Added swanctl/rw-cert-pss scenario
2017-11-17 22:42:07 +01:00
Tobias Brunner
ce4aebe00a
testing: Configure logging via syslog in strongswan.conf
...
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
2017-11-15 17:24:04 +01:00
Tobias Brunner
d24d26c4bc
testing: Disable logging via journal in charon-systemd
...
This avoids duplicate log messages as we already log via syslog to get
daemon.log.
2017-11-15 17:12:09 +01:00
Tobias Brunner
be214cb17e
testing: Globally define logging via syslog for charon-systemd
...
We could make the same change for charon (actually setting it for charon
in strongswan.conf.testing would work for charon-systemd too), however,
there are dozens of test cases that currently set charondebug in
ipsec.conf.
2017-11-15 17:09:55 +01:00
Andreas Steffen
859cb93d28
testing: Do not remove all swanctl subdirectories
2017-11-11 19:23:01 +01:00
Andreas Steffen
b20bf062e8
Version bump to 5.6.1rc1
2017-11-11 18:25:17 +01:00
Andreas Steffen
13a3f20f2e
testing: Converterd tnc to systemd
2017-11-11 16:41:16 +01:00
Andreas Steffen
323f0b05d7
testing: Converted sql to systemd
2017-11-11 16:41:15 +01:00
Andreas Steffen
70dc5bb8ad
testing: Converted swanctl to systemd
2017-11-11 16:41:15 +01:00
Andreas Steffen
65f74cd13d
testing: Added legacy ipv6-stroke scenarios
2017-11-11 16:41:15 +01:00
Andreas Steffen
4402013f05
testing: Converted ipv6/rw-ip6-in-ip4-ikev2 to swanctl
2017-11-10 13:54:51 +01:00
Andreas Steffen
b3ccfcd05e
testing: Converted ipv6/rw-ip6-in-ip4-ikev1 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
da5aa6ae6a
testing: Converted ipv6/net2net-ip6-in-ip4-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
12dbca721e
testing: Converted ipv6/net2net-ip6-in-ip4-ikev1 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
f0476c4a82
testing: Converted ipv6/rw-rfc3779-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
96d7d9392f
testing: Converted ipv6/rw-compress-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
34acd584e5
testing: Converted ipv6/rw-psk-ikev2 to swanctl
2017-11-10 11:49:49 +01:00
Andreas Steffen
0770b37f8f
testing: Converted ipv6/rw-psk-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
ffe0d82c03
testing: Converted ipv6/rw-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
a96238a0d0
testing: Converted ipv6/rw-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
8215681a4a
testing: Converted ipv6/net2net-rfc3779-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
04b79bc98c
testing: Converted ipv6/net2net-ip4-in-ip6-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
fd3f6871c9
testing: Converted ipv6/net2net-ip4-in-ip6-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
f57ca13e28
testing: Converted ipv6/transport-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
4ae1f7c0e3
testing: Converted ipv6/transport-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
7812b6e6cf
testing: Converted ipv6/net2net-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
e94db2b4ad
testing: Converted ipv6/net2net-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
47ec3326e7
testing: Converted ipv6/host2host-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
087b027f88
testing: Converted ipv6/host2host-ikev1 to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
0a6f8644ef
testing: Removed libipsec/rw-suite-b
2017-11-10 11:49:39 +01:00
Andreas Steffen
9375c9c9db
testing: Converted libipsec/net2net-null to swanctl
2017-11-10 11:49:39 +01:00