aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests
Commit message (Collapse)AuthorAgeFilesLines
...
* testing: Adapt tests to retransmission settings and reduce DPD delay/timeoutTobias Brunner2015-11-0926-43/+43
|
* testing: Add libipsec/net2net-null scenarioTobias Brunner2015-11-0911-0/+1245
|
* testing: BLISS CA uses SHA-3 in its CRLAndreas Steffen2015-11-036-3/+6
|
* testing: Actually send an uncompressed packet in the ipv6/rw-compress-ikev2 ↵Tobias Brunner2015-10-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | scenario The default of 56 bytes already exceeds the threshold of 90 bytes (8 bytes ICMP + 40 bytes IPv6 = 104 bytes). By reducing the size we make sure the packet is not compressed (40 + 8 + 40 = 88). This also fixes a strange failure of this scenario due to the recently added post-test `ip xfrm state` check. The kernel stores a reference to the used SAs on the inbound skbuffs and since these are garbage collected it could take a while until all references to an SA disappear and the SA is finally destroyed. But while SAs might not get destroyed immediately when we delete them, they are actually marked as dead and therefore won't show up in `ip xfrm state`. However, that's not the case for the tunnel SAs the kernel attaches to IPComp SAs, which we don't explicitly delete, and which aren't modified by the kernel until the IPComp SA is destroyed. So what happened when the last ping unintentionally got compressed is that the skbuff had a reference to the IPComp SA and therefore the tunnel SA. This skbuff often was destroyed after the `ip xfrm state` check ran and because the tunnel SA would still get reported the test case failed.
* testing: added ikev2/alg-chacha20poly1305 scenarioAndreas Steffen2015-09-019-0/+106
|
* testing: Updated environment variable documentation in updown scriptsTobias Brunner2015-08-3114-14/+126
|
* Added some spaces in swanctl.confAndreas Steffen2015-08-252-8/+8
|
* testing: Fix typo in p2pnat/behind-same-nat scenarioTobias Brunner2015-08-211-2/+2
|
* testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenarioTobias Brunner2015-08-211-0/+3
|
* testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenarioTobias Brunner2015-08-211-0/+4
|
* testing: Print triplets.dat files of clients in EAP-SIM scenariosTobias Brunner2015-08-214-0/+7
| | | | References #1078.
* testing: Add ikev2/trap-any scenarioTobias Brunner2015-08-1917-0/+181
|
* Extend HCD attribute data for tnc/tnccs-20-hcd-eap scenarioAndreas Steffen2015-08-182-16/+45
|
* Added reason string support to HCD IMVAndreas Steffen2015-08-181-7/+10
|
* Fixed patches format delimited by CR/LFAndreas Steffen2015-08-184-50/+50
|
* testing: Added tnc/tnccs-20-hcd-eap scenarioAndreas Steffen2015-08-1824-0/+674
|
* testing: Updated expired AAA server certificateAndreas Steffen2015-08-044-84/+84
|
* testing: Adapted ha/both-active scenario to new jhash valuesAndreas Steffen2015-07-316-8/+11
|
* testing: Regenerated BLISS certificates due to oracle changesAndreas Steffen2015-07-276-0/+0
|
* testing: Updated loop ca certificatesAndreas Steffen2015-07-222-17/+17
|
* testing: Updated all swanctl scenarios and added some new onesAndreas Steffen2015-07-22102-104/+1744
|
* tests: Introduced IPV6 flag in tests.confAndreas Steffen2015-07-2119-0/+76
|
* tests: Introduced SWANCTL flag in test.confAndreas Steffen2015-07-218-0/+32
|
* tests: fixed evaltest of swanctl/rw-cert scenarioAndreas Steffen2015-07-211-2/+2
|
* tests: fixed description of swanctl ip-pool scenariosAndreas Steffen2015-07-212-9/+8
|
* testing: use a decent PSKAndreas Steffen2015-05-302-2/+2
|
* testing: Added ha/active-passive scenarioAndreas Steffen2015-05-3021-0/+441
|
* testing: Fix URL to TNC@FHH project in scenario descriptionsTobias Brunner2015-05-056-8/+8
|
* testing: Update TKM assert stringsReto Buerki2015-05-057-10/+10
|
* testing: Updated carol's certificate from research CA and dave's certificate ↵5.3.1dr1Andreas Steffen2015-04-2642-838/+837
| | | | from sales CA
* testing: Wait for DH crypto tests to completeAndreas Steffen2015-04-268-8/+8
|
* imv_policy_manager: Added capability to execute an allow or block shell ↵Andreas Steffen2015-04-267-2/+24
| | | | command string
* Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenariosAndreas Steffen2015-03-2730-0/+404
|
* Added tnc/tnccs-20-pt-tls scenarioAndreas Steffen2015-03-2724-5/+114
|
* testing: added tnc/tnccs-20-mutual scenarioAndreas Steffen2015-03-2311-0/+151
|
* testing: Remove obsolete leftnexthop option from configsTobias Brunner2015-03-126-6/+0
|
* testing: Don't check for exact IKEv1 fragment sizeMartin Willi2015-03-101-2/+2
| | | | | Similar to 7a9c0d51, the exact packet size depends on many factors we don't want to consider in this test case.
* testing: Fix active/passive role description in ha/both-active test caseMartin Willi2015-03-101-2/+2
|
* testing: Update modified updown scripts to the latest templateTobias Brunner2015-03-0614-2589/+993
| | | | | This avoids confusion and makes identifying the changes needed for each scenario easier.
* use SHA512 for moon's BLISS signatureAndreas Steffen2015-03-042-2/+3
|
* testing: Test classic public key authentication in ikev2/net2net-cert scenarioTobias Brunner2015-03-042-0/+2
|
* testing: Disable signature authentication on dave in ↵Tobias Brunner2015-03-042-2/+3
| | | | openssl-ikev2/ecdsa-certs scenario
* testing: Don't check for exact IKEv2 fragment sizeTobias Brunner2015-03-041-2/+2
| | | | | Because SHA-256 is now used for signatures the size of the two IKE_AUTH messages changed.
* testing: Update test conditions because signature schemes are now loggedTobias Brunner2015-03-0433-58/+58
| | | | | RFC 7427 signature authentication is now used between strongSwan hosts by default, which causes the actual signature schemes to get logged.
* testing: Add ikev2/rw-sig-auth scenarioTobias Brunner2015-03-0412-0/+180
|
* testing: Add ikev2/net2net-cert-sha2 scenarioTobias Brunner2015-03-049-0/+104
|
* Implemented improved BLISS-B signature algorithmAndreas Steffen2015-02-253-0/+0
|
* testing: Add a forecast test caseMartin Willi2015-02-2011-0/+152
|
* testing: Add a connmark plugin testMartin Willi2015-02-209-0/+109
| | | | | | | | | | In this test two hosts establish a transport mode connection from behind moon. sun uses the connmark plugin to distinguish the flows. This is an example that shows how one can terminate L2TP/IPsec connections from two hosts behind the same NAT. For simplification of the test, we use an SSH connection instead, but this works for any connection initiated flow that conntrack can track.
* testing: Update description and test evaluation of host2host-transport-natMartin Willi2015-02-203-9/+8
| | | | | | | | As we now reuse the reqid for identical SAs, the behavior changes for transport connections to multiple peers behind the same NAT. Instead of rejecting the SA, we now have two valid SAs active. For the reverse path, however, sun sends traffic always over the newer SA, resembling the behavior before we introduced explicit SA conflicts for different reqids.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 16:10:57 +0000