aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/tests
Commit message (Collapse)AuthorAgeFilesLines
* child-rekey: Don't install outbound SA in case of lost collisionsTobias Brunner2017-08-071-25/+57
| | | | | | | This splits the SA installation also on the initiator, so we can avoid installing the outbound SA if we lost a rekey collision, which might have caused traffic loss depending on the timing of the DELETEs that are sent in both directions.
* child-sa: Use flags to track installation of outbound SA and policies separatelyTobias Brunner2017-08-071-1/+2
|
* unit-tests: Stringify direction in message asserts earlyTobias Brunner2017-07-281-6/+6
| | | | x86_64-w64-mingw32-gcc on Windows requires this.
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-261-11/+19
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* unit-tests: Check installed IPsec SAs in child-rekey testsTobias Brunner2017-05-231-3/+94
|
* unit-tests: Add assert to check for installed IPsec SAsTobias Brunner2017-05-232-3/+115
|
* unit-tests: Migrate cached IPsec SAs to new IKE_SAs during rekeyingTobias Brunner2017-05-231-0/+42
|
* unit-tests: Keep track of installed IPsec SAs in mock kernel_ipsec_t ↵Tobias Brunner2017-05-232-4/+136
| | | | implementation
* child-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAsTobias Brunner2017-05-231-122/+362
| | | | | | | | After deleting a rekeyed CHILD_SA we uninstall the outbound SA but don't destroy the CHILD_SA (and the inbound SA) immediately. We delay it a few seconds or until the SA expires to allow delayed packets to get processed. The CHILD_SA remains in state CHILD_DELETING until it finally gets destroyed.
* child-sa: Remove state to track installation of half the SA againTobias Brunner2017-05-231-45/+45
|
* unit-tests: Overload helper macro to check for outbound SA stateTobias Brunner2017-05-231-2/+30
|
* ikev2: Delay installation of outbound SAs during rekeying on the responderTobias Brunner2017-05-231-20/+32
| | | | | | | | The responder has all the information needed to install both SAs before the initiator does. So if the responder immediately installs the outbound SA it might send packets using the new SA which the initiator is not yet able to process. This can be avoided by delaying the installation of the outbound SA until the replaced SA is deleted.
* unit-tests: Add test cases for MID sync exchangesTobias Brunner2017-02-083-0/+537
|
* proposal: Copy SPI and proposal number from correct proposal in select()Tobias Brunner2017-02-061-1/+25
| | | | | | | | If charon.prefer_configured_proposals is disabled select() is called on the received proposal. This incorrectly set the SPI to 0 as the configured proposal has no SPI set. Fixes #2190.
* daemon: Use separate method to set default loggersTobias Brunner2017-01-252-2/+2
| | | | | This way it is not necessary to pass the same values to reload the loggers.
* unit-tests: Enable optional logging in libcharon unit testsTobias Brunner2016-10-051-0/+17
|
* unit-tests: Add more tests for proposal creationTobias Brunner2016-10-051-8/+62
|
* proposal: Make DH groups mandatory in IKE proposals parsed from stringsTobias Brunner2016-10-051-17/+29
| | | | References #2051.
* libcharon: Add exchange_tests to .gitignoreTobias Brunner2016-07-251-0/+1
|
* unit-tests: Add tests for expires after CHILD_SA rekeyingTobias Brunner2016-06-171-0/+129
|
* unit-tests: Add test for CHILD_SA rekey if a retry due to an ↵Tobias Brunner2016-06-171-0/+143
| | | | INVALID_KE_PAYLOAD is delayed
* unit-tests: Add test for collision between IKE_SA rekey and CHILD_SA creationTobias Brunner2016-06-173-0/+108
|
* unit-tests: Add tests for IKE rekeying if INVALID_KE_PAYLOAD notifies are ↵Tobias Brunner2016-06-171-0/+470
| | | | received
* proposal: Handle MODP_NONE in both directions when selecting proposalsTobias Brunner2016-06-173-0/+83
|
* unit-tests: Add test for rekey collision if one CREATE_CHILD_SA response is ↵Tobias Brunner2016-06-171-0/+221
| | | | delayed
* unit-tests: Add tests for IKE_SA rekeying if collision is not detected by ↵Tobias Brunner2016-06-171-0/+340
| | | | one peer
* unit-tests: Add tests for IKE/CHILD delete collisionsTobias Brunner2016-06-171-0/+165
|
* unit-tests: Add tests for IKE/CHILD rekey collisionsTobias Brunner2016-06-171-0/+170
|
* unit-tests: Add tests for collisions between IKE_SA rekeying and deletionTobias Brunner2016-06-171-0/+174
|
* unit-tests: Add tests for IKE SA deletionTobias Brunner2016-06-173-0/+139
|
* unit-tests: Only deliver messages to the SA they are addressed toTobias Brunner2016-06-171-4/+12
|
* unit-tests: Add test for simple IKE rekey collisionTobias Brunner2016-06-171-5/+171
|
* ikev2: Add a new state to track rekeyed IKE_SAsTobias Brunner2016-06-171-1/+1
| | | | | | | | | This makes handling such IKE_SAs more specifically compared to keeping them in state IKE_CONNECTING or IKE_ESTABLISHED (which we did when we lost a collision - even triggering the ike_updown event), or using IKE_REKEYING for them, which would also be ambiguous. For instance, we can now reject anything but DELETES for such SAs.
* unit-tests: Add tests for IKE_SA rekeyingTobias Brunner2016-06-173-0/+111
|
* unit-tests: Add asserts against IKE_SAsTobias Brunner2016-06-171-0/+45
|
* unit-tests: Make sure to flush the IKE_SA manager before destroying the senderTobias Brunner2016-06-171-1/+3
| | | | | | | | | | As the static plugin that creates and destroys the default sender was not initialized because of the missing socket the daemon won't destroy our sender. Test cases will eventually have to flush the IKE_SA manager to satisfy the leak detective. However, in case of a test failure and if there are IKE_SAs in the manager the daemon will flush the SAs when deinitializing, which will cause deletes to get sent. This crashes if the sender is already destroyed.
* unit-tests: Return status from process_message()Tobias Brunner2016-06-172-4/+8
|
* unit-tests: Use wrapper for add_listener in bus_t related assertsTobias Brunner2016-06-171-2/+2
|
* unit-tests: Provide a wrapper around bus_t::add_listener and unregister them ↵Tobias Brunner2016-06-172-0/+32
| | | | | | | | during cleanup In case listeners on the stack are triggered while cleaning up after a test failed (e.g. via ike_sa_manager_t::flush) remaining listeners defined on the stack would cause a segmentation fault.
* unit-tests: Add tests where a peer is not aware of a CHILD_SA rekey collisionTobias Brunner2016-06-171-1/+354
|
* unit-tests: Test for rekeying if INVALID_KE_PAYLOAD notifies are receivedTobias Brunner2016-06-171-0/+253
|
* unit-tests: Make IKE and ESP proposals configurableTobias Brunner2016-06-174-44/+116
|
* unit-tests: Add tests for CHILD_SA rekeying/deletion collisionsTobias Brunner2016-06-171-1/+288
|
* unit-tests: Add asserts against job schedulingTobias Brunner2016-06-172-0/+60
|
* ikev2: Use CHILD_REKEYED for replaced CHILD_SAs after rekeyingTobias Brunner2016-06-171-6/+5
| | | | This allows handling collisions better, in particular with deletions.
* unit-tests: Add asserts against task queues of IKE_SAsTobias Brunner2016-06-171-0/+32
|
* unit-tests: Add unit tests for basic CHILD_SA rekeyingTobias Brunner2016-06-173-0/+237
|
* unit-tests: Add asserts against ike|child_rekey hooksTobias Brunner2016-06-172-0/+82
|
* unit-tests: Match in and outbound SPIs in SA assertsTobias Brunner2016-06-171-2/+15
| | | | Since we use unique sequential SPIs that should be OK.
* unit-tests: Register nonce generator and make first nonce byte configurableTobias Brunner2016-06-172-1/+19
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 03:40:26 +0000