Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
277,923 Commits 606 Branches 0 Tags 3.1 GiB
5c3bd061a3
Commit Graph

49 Commits

Author SHA1 Message Date
knakahara
f26b5d9d11 Refactor a little and follow new format of "npfctl list". 
Fix the below ATF failures.
    - net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_null
    - net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_rijndaelcbc
    - net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_null
    - net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_rijndaelcbc

ok'ed by ozaki-r@n.o, thanks.
 2020-06-05 03:24:58 +00:00
martin
c9e294b294 Typo in error message 2020-06-01 04:38:37 +00:00
ozaki-r
ccef126b54 tests: add missing ifconfig -w 
This change mitigates PR kern/54897.
 2020-02-17 08:46:10 +00:00
ozaki-r
ce0ae1dfed tests: use rump_server_add_iface to create interfaces 2019-08-19 03:22:05 +00:00
ozaki-r
ac002ee323 tests: add tests for getspi and udpate 2019-07-23 04:31:25 +00:00
knakahara
d1268e2e86 Add ATF for IPv6 NAT-T. 
We use IPv6 NAT-T to avoid IPsec slowing down caused by dropping ESP packets
by some Customer Premises Equipments (CPE). I implement ATF to test such
situation.

I think it can also work with nat66, but I have not tested to the fine details.
 2018-11-22 04:51:41 +00:00
ozaki-r
6676be48c1 Dedup some checks 
And the change a bit optimizes checks of SA expirations, which
may shorten testing time.
 2017-11-09 04:51:07 +00:00
ozaki-r
eb73cc98c0 "Mark key_timehandler_ch callout as MP-safe" change needs one more sec to make lifetime tests stable 2017-11-09 04:50:37 +00:00
ozaki-r
0de7b04927 Add test cases of NAT-T (transport mode) 
A small C program is added to make a special socket (UDP_ENCAP_ESPINUDP)
and keep it to handle UDP-encapsulated ESP packets.
 2017-10-30 15:59:23 +00:00
ozaki-r
0d858128c2 Handle esp-udp for NAT-T 2017-10-27 04:31:50 +00:00
ozaki-r
690df934db Add test cases for one SP with multiple SAs 
These are for a bug reported recently which modifies SPs accidentally.
 2017-10-20 03:45:47 +00:00
ozaki-r
101922ebfc Fix incomplete SP setups 2017-10-20 03:43:51 +00:00
ozaki-r
708290e277 Fix setkey -D -P outputs 
The outputs were tweaked (by me), but I forgot updating libipsec
in my local ATF environment...
 2017-08-08 02:27:03 +00:00
ozaki-r
3f30ca4e9f Clean up clunky eval strings 
- Remove unnecessary \ at EOL
  - This allows to omit ; too
- Remove unnecessary quotes for arguments of atf_set
- Don't expand $DEBUG in eval
  - We expect it's expanded on execution

Suggested by kre@
 2017-08-03 03:16:26 +00:00
ozaki-r
5084329750 Add test cases that there are SPs but no relevant SAs 2017-08-02 06:30:00 +00:00
ozaki-r
548d2e187c Add test cases for setsockopt(IP_IPSEC_POLICY) 2017-08-02 02:19:56 +00:00
ozaki-r
b0de75e145 Skip ipsec_spi_*_*_preferred_new_timeout when running on qemu 
Probably due to PR 43997
 2017-07-24 02:07:43 +00:00
ozaki-r
6ff108ffbe Stop setting isr->sav on looking up sav in key_checkrequest 2017-07-21 04:43:42 +00:00
ozaki-r
a9fb96bdfe Don't make SAs expired on tests that delete SAs explicitly 2017-07-20 01:10:57 +00:00
ozaki-r
38d6ad3a8b Add tests that explicitly delete SAs instead of waiting for expirations 2017-07-19 02:06:47 +00:00
ozaki-r
80503e641a Make tests more stable 
sleep command seems to wait longer than expected on anita so
use polling to wait for a state change.
 2017-07-19 02:06:11 +00:00
ozaki-r
6ed91e62d5 Separate test files 2017-07-18 02:16:07 +00:00
ozaki-r
8534aec06b Fix wrong argument handling 2017-07-15 07:26:02 +00:00
ozaki-r
dfda6b6abe Add test cases for SAs with different SPIs 2017-07-14 11:54:52 +00:00
ozaki-r
9f04f77dde Add test cases for updating SA/SP 
The tests require newly-added udpate command of setkey.
 2017-07-05 01:25:03 +00:00
ozaki-r
b95a267001 Add test cases for IPComp 2017-07-03 06:01:16 +00:00
ozaki-r
6bf9d9c9db Add test cases of TCP/IPsec on an IPv4-mapped IPv6 address 
It reproduces the same panic reported in PR kern/52304
(but not sure that its cause is also same).
 2017-06-19 10:05:04 +00:00
ozaki-r
388744f33f Enable DEBUG for babylon5 2017-06-14 02:33:37 +00:00
ozaki-r
946f090610 Test TCP communications over IPsec transport mode with ESP or AH 
This tests SP caches of PCB.
 2017-06-01 03:56:47 +00:00
ozaki-r
8504d69233 Remove a unused local variable 2017-06-01 03:51:47 +00:00
ozaki-r
1104a9e5a4 Enable DEBUG to know what is happening on anita/sparc 2017-05-24 09:34:48 +00:00
ozaki-r
43af182f5e Don't check the existence of SA entries eagerly 
They can be expired at that point if their lifetime is very short.
This may fix unexpected failures of tests running on anita.
 2017-05-18 14:43:42 +00:00
ozaki-r
beade07f61 Add test cases of TCP communications with IPsec enabled 
The test cases transfer data over TCP by using nc with IPsec just enabled
(no SA/SP is configured) and confirm the commit "Fix diagnostic assertion
failure in ipsec_init_policy" really fixes the issue.
 2017-05-17 06:30:15 +00:00
ozaki-r
fe20eadb23 Add test cases for SA lifetime 2017-05-15 09:58:22 +00:00
ozaki-r
12efcd61a3 Fix typo 2017-05-15 09:56:47 +00:00
ozaki-r
e106de3177 Dedup some routines 2017-05-12 02:34:45 +00:00
ozaki-r
cb7a3799fb Test tunnel mode with IPv4 over IPv6 and IPv6 over IPv4 2017-05-10 09:08:25 +00:00
ozaki-r
f70653090a Disable DAD rather than waiting its completion every time 2017-05-10 09:00:29 +00:00
ozaki-r
27f51fa5d6 Dedup some routines 2017-05-10 08:59:40 +00:00
ozaki-r
0eb085d9dc Introduce check_sa_entries to remove lots of duplicated codes 2017-05-10 04:46:13 +00:00
ozaki-r
63d8d68bc2 Test flushing SAD/SPD entries 2017-05-09 04:25:28 +00:00
ozaki-r
1926b285fc Test transport mode as well as tunnel mode 2017-04-27 10:17:12 +00:00
ozaki-r
15fbe23193 Prefer rijndael-cbc 2017-04-27 08:06:59 +00:00
ozaki-r
3c135203c7 Add test cases for L2TP/IPsec 2017-04-27 06:53:44 +00:00
ozaki-r
9b089297f0 Add test cases for gif/IPsec 2017-04-27 06:52:45 +00:00
ozaki-r
881bdf498c Add minimum sets of algorithms for testing 2017-04-27 06:50:42 +00:00
ozaki-r
ef3b2c8cef Revert "Mark tests of tunnel/AH/IPv6 as expected failure (PR kern/52161)" 
The issue was fixed by christos@
 2017-04-16 10:34:49 +00:00
ozaki-r
47978ed2ef Mark tests of tunnel/AH/IPv6 as expected failure (PR kern/52161) 2017-04-14 03:35:40 +00:00
ozaki-r
0b5da45aff Add tests for ipsec 
- Check if setkey correctly handles algorithms for AH/ESP
- Check IPsec of transport mode with AH/ESP over IPv4/IPv6
- Check IPsec of tunnel mode with AH/ESP over IPv4/IPv6
 2017-04-14 02:56:48 +00:00