| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | testing: Actually send an uncompressed packet in the ipv6/rw-compress-ikev2 ↵ | Tobias Brunner | 2015-10-06 | 1 | -1/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | scenario The default of 56 bytes already exceeds the threshold of 90 bytes (8 bytes ICMP + 40 bytes IPv6 = 104 bytes). By reducing the size we make sure the packet is not compressed (40 + 8 + 40 = 88). This also fixes a strange failure of this scenario due to the recently added post-test `ip xfrm state` check. The kernel stores a reference to the used SAs on the inbound skbuffs and since these are garbage collected it could take a while until all references to an SA disappear and the SA is finally destroyed. But while SAs might not get destroyed immediately when we delete them, they are actually marked as dead and therefore won't show up in `ip xfrm state`. However, that's not the case for the tunnel SAs the kernel attaches to IPComp SAs, which we don't explicitly delete, and which aren't modified by the kernel until the IPComp SA is destroyed. So what happened when the last ping unintentionally got compressed is that the skbuff had a reference to the IPComp SA and therefore the tunnel SA. This skbuff often was destroyed after the `ip xfrm state` check ran and because the tunnel SA would still get reported the test case failed. | ||||
| * | tests: Introduced IPV6 flag in tests.conf | Andreas Steffen | 2015-07-21 | 19 | -0/+76 |
| | | |||||
| * | Updated RFC3779 certificates5.2.2 | Andreas Steffen | 2014-12-28 | 10 | -213/+213 |
| | | |||||
| * | Increased fragment size to 1400 in ipv6/net2net-ikev1 scenario5.2.1 | Andreas Steffen | 2014-10-18 | 2 | -2/+2 |
| | | |||||
| * | Enabled IKEv2 fragmentation in ipv6/net2net-ikev2 scenario | Andreas Steffen | 2014-10-18 | 4 | -2/+6 |
| | | |||||
| * | configure: Load fetcher plugins after crypto base plugins | Martin Willi | 2014-09-24 | 39 | -39/+39 |
| | | | | | | | | | | | Some fetcher plugins (such as curl) might build upon OpenSSL to implement HTTPS fetching. As we set (and can't unset) threading callbacks in our openssl plugin, we must ensure that OpenSSL functions don't get called after openssl plugin unloading. We achieve that by loading curl and all other fetcher plugins after the base crypto plugins, including openssl. | ||||
| * | testing: Add ipv6/rw-compress-ikev2 scenario | Tobias Brunner | 2014-01-23 | 9 | -0/+125 |
| | | |||||
| * | 5.1.0 changes for test cases | Andreas Steffen | 2013-06-29 | 22 | -0/+33 |
| | | |||||
| * | Updated comments in test.conf of all tests | Tobias Brunner | 2013-01-17 | 18 | -54/+54 |
| | | |||||
| * | Renamed $UMLHOSTS to $VIRTHOSTS | Tobias Brunner | 2013-01-17 | 18 | -36/+36 |
| | | |||||
| * | converted all ipv6 iptables/ip6tables scenarios | Andreas Steffen | 2013-01-17 | 94 | -4619/+380 |
| | | |||||
| * | Add expect-connection guest image script | Reto Buerki | 2013-01-17 | 19 | -38/+46 |
| | | | | | | | | | This script can be used in pretest.dat files to wait until an IPsec connection becomes available. This avoids unconditional sleeps and improves test performance. The ipv6 tests have been updated to use the expect-connection script. | ||||
| * | Adapt test configurations | Reto Buerki | 2013-01-17 | 2 | -2/+2 |
| | | | | | Adapt test configurations to the new Debian-based system. | ||||
| * | fixed typo | Andreas Steffen | 2012-06-20 | 1 | -1/+1 |
| | | |||||
| * | added ipv6/rw-ip6-in-ip4-ikev1 scenario | Andreas Steffen | 2012-06-20 | 19 | -0/+504 |
| | | |||||
| * | added ipv6/rw-ip6-in-ip4-ikev2 scenario | Andreas Steffen | 2012-06-20 | 14 | -0/+440 |
| | | |||||
| * | removed plutostart parameter | Andreas Steffen | 2012-06-13 | 37 | -37/+0 |
| | | |||||
| * | upgraded ipv6 scenarios to 5.0.0 | Andreas Steffen | 2012-05-29 | 121 | -282/+737 |
| | | |||||
| * | define explicit IKEv1 keyexchange mode III | Andreas Steffen | 2010-10-14 | 10 | -0/+10 |
| | | |||||
| * | testing: Adding kernel-netlink to pluto.load statements. | Tobias Brunner | 2010-09-02 | 2 | -2/+2 |
| | | |||||
| * | all x509 based ipv6/*-ikev2 scenarios require the revocation plugin | Andreas Steffen | 2010-07-15 | 18 | -18/+18 |
| | | |||||
| * | Added addrblock plugin to RFC3779 test cases | Martin Willi | 2010-07-13 | 5 | -5/+5 |
| | | |||||
| * | Adding socket-default to the plugin list in all test cases. | Tobias Brunner | 2010-03-09 | 21 | -21/+21 |
| | | |||||
| * | hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6 | Andreas Steffen | 2010-02-06 | 26 | -48/+82 |
| | | |||||
| * | hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6 | Andreas Steffen | 2010-02-06 | 6 | -12/+20 |
| | | |||||
| * | hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6 | Andreas Steffen | 2010-02-05 | 6 | -12/+20 |
| | | |||||
| * | IPv6 fragment and http access are not needed in PSK scenario | Andreas Steffen | 2010-02-05 | 4 | -21/+1 |
| | | |||||
| * | hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6 | Andreas Steffen | 2010-02-05 | 7 | -12/+21 |
| | | |||||
| * | IPv6 frag netfilter rule not needed anymore | Andreas Steffen | 2010-02-05 | 2 | -6/+0 |
| | | |||||
| * | hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6 | Andreas Steffen | 2010-02-05 | 7 | -6/+21 |
| | | |||||
| * | removed charon-specific load statement in pluto scenario | Andreas Steffen | 2009-12-26 | 2 | -10/+0 |
| | | |||||
| * | added three RFC 3779 scenarios | Andreas Steffen | 2009-12-25 | 41 | -0/+1217 |
| | | |||||
| * | firewall-enabled ipv6/net2net-ip6-in-ip4-ikev2 scenario | Andreas Steffen | 2009-12-17 | 8 | -38/+41 |
| | | |||||
| * | firewall-enabled ipv6/net2net-ip4-in-ip6-ikev2 scenario | Andreas Steffen | 2009-12-17 | 6 | -4/+9 |
| | | |||||
| * | added ipv6/net2net-ip4-in-ip6-ikev1 and ipv6/net2net-ip4-in-ip6-ikev1 scenarios | Andreas Steffen | 2009-10-16 | 22 | -0/+642 |
| | | |||||
| * | tests load pem/pkcs1 plugins, pubkey plugin not needed anymore | Martin Willi | 2009-08-26 | 16 | -16/+16 |
| | | |||||
| * | loading updown plugin if required | Martin Willi | 2008-10-16 | 12 | -12/+12 |
| | | |||||
| * | explicitly load kernel-netlink plugin in UML scenarios | Andreas Steffen | 2008-10-07 | 16 | -16/+16 |
| | | |||||
| * | added ipv6/net2net-ip6-in-ip6-ikev2 scenario | Andreas Steffen | 2008-08-06 | 22 | -1/+323 |
| | | |||||
| * | define plugins to be loaded in strongswan.conf | Andreas Steffen | 2008-05-28 | 14 | -0/+70 |
| | | |||||
| * | fixed another transport mode evaltest | Andreas Steffen | 2008-04-18 | 1 | -1/+1 |
| | | |||||
| * | added ipv6/net2net-ipv4-ikev2 scenario | Andreas Steffen | 2008-04-18 | 9 | -0/+306 |
| | | |||||
| * | add ip xfrm state test for ikev1 transport mode | Andreas Steffen | 2007-12-19 | 1 | -0/+2 |
| | | |||||
| * | added ipv6 transport mode scenarios for IKEv1 and IKEv2 | Andreas Steffen | 2007-12-19 | 26 | -18/+595 |
| | | |||||
| * | fixed typo in iptables script | Andreas Steffen | 2007-11-16 | 18 | -18/+18 |
| | | |||||
| * | added rw-psk-ikev2 scenario | Andreas Steffen | 2007-11-16 | 14 | -0/+452 |
| | | |||||
| * | added rw-psk-ikev1 scenario | Andreas Steffen | 2007-11-16 | 11 | -0/+295 |
| | | |||||
| * | IPv6 scenarios now used the new IPv6 topology graphs | Andreas Steffen | 2007-11-08 | 6 | -6/+6 |
| | | |||||
| * | another four IPv6 scenarios fully demonstrate ip6tables firewall use | Andreas Steffen | 2007-11-08 | 32 | -11/+1109 |
| | | |||||
| * | enabled ip6tables-based firewalling in first two IPv6 scenarios | Andreas Steffen | 2007-11-07 | 11 | -6/+415 |
| | | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |