Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | testing: Don't run redundant crypto tests in sql/rw-cert scenario | Tobias Brunner | 2015-11-09 | 1 | -4/+1 |
| | | | | | They run in all other rw-cert scenarios but in the SQL version there is no change in the loaded crypto plugins. | ||||
* | testing: Fix CRL URIs in ipv6/net2net-ip4-in-ip6-ikev* scenarios | Tobias Brunner | 2015-11-09 | 2 | -2/+2 |
| | |||||
* | testing: Speed up OCSP scenarios | Tobias Brunner | 2015-11-09 | 3 | -4/+4 |
| | | | | | Don't make clients wait for the TCP connections to timeout by dropping packets. By rejecting them the OCSP requests fail immediately. | ||||
* | testing: Speed up ifdown calls in ikev2/mobike scenarios | Tobias Brunner | 2015-11-09 | 3 | -1/+13 |
| | | | | | | ifdown calls bind's rndc, which tries to access TCP port 953 on lo. If these packets are dropped by the firewall we have to wait for the TCP connections to time out, which takes quite a while. | ||||
* | testing: Avoid delays with ping by using -W and -i options | Tobias Brunner | 2015-11-09 | 33 | -55/+55 |
| | | | | | | With -W we reduce timeouts when we don't expect a response. With -i the interval between pings is reduced (mostly in case of auto=route where the first ping yields no reply). | ||||
* | testing: Remove nearly all sleep calls from pretest and posttest scripts | Tobias Brunner | 2015-11-09 | 303 | -452/+500 |
| | | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep. | ||||
* | testing: Adapt tests to retransmission settings and reduce DPD delay/timeout | Tobias Brunner | 2015-11-09 | 26 | -43/+43 |
| | |||||
* | testing: Add libipsec/net2net-null scenario | Tobias Brunner | 2015-11-09 | 11 | -0/+1245 |
| | |||||
* | testing: BLISS CA uses SHA-3 in its CRL | Andreas Steffen | 2015-11-03 | 6 | -3/+6 |
| | |||||
* | testing: Actually send an uncompressed packet in the ipv6/rw-compress-ikev2 ↵ | Tobias Brunner | 2015-10-06 | 1 | -1/+2 |
| | | | | | | | | | | | | | | | | | | | | | | scenario The default of 56 bytes already exceeds the threshold of 90 bytes (8 bytes ICMP + 40 bytes IPv6 = 104 bytes). By reducing the size we make sure the packet is not compressed (40 + 8 + 40 = 88). This also fixes a strange failure of this scenario due to the recently added post-test `ip xfrm state` check. The kernel stores a reference to the used SAs on the inbound skbuffs and since these are garbage collected it could take a while until all references to an SA disappear and the SA is finally destroyed. But while SAs might not get destroyed immediately when we delete them, they are actually marked as dead and therefore won't show up in `ip xfrm state`. However, that's not the case for the tunnel SAs the kernel attaches to IPComp SAs, which we don't explicitly delete, and which aren't modified by the kernel until the IPComp SA is destroyed. So what happened when the last ping unintentionally got compressed is that the skbuff had a reference to the IPComp SA and therefore the tunnel SA. This skbuff often was destroyed after the `ip xfrm state` check ran and because the tunnel SA would still get reported the test case failed. | ||||
* | testing: added ikev2/alg-chacha20poly1305 scenario | Andreas Steffen | 2015-09-01 | 9 | -0/+106 |
| | |||||
* | testing: Updated environment variable documentation in updown scripts | Tobias Brunner | 2015-08-31 | 14 | -14/+126 |
| | |||||
* | Added some spaces in swanctl.conf | Andreas Steffen | 2015-08-25 | 2 | -8/+8 |
| | |||||
* | testing: Fix typo in p2pnat/behind-same-nat scenario | Tobias Brunner | 2015-08-21 | 1 | -2/+2 |
| | |||||
* | testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenario | Tobias Brunner | 2015-08-21 | 1 | -0/+3 |
| | |||||
* | testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenario | Tobias Brunner | 2015-08-21 | 1 | -0/+4 |
| | |||||
* | testing: Print triplets.dat files of clients in EAP-SIM scenarios | Tobias Brunner | 2015-08-21 | 4 | -0/+7 |
| | | | | References #1078. | ||||
* | testing: Add ikev2/trap-any scenario | Tobias Brunner | 2015-08-19 | 17 | -0/+181 |
| | |||||
* | Extend HCD attribute data for tnc/tnccs-20-hcd-eap scenario | Andreas Steffen | 2015-08-18 | 2 | -16/+45 |
| | |||||
* | Added reason string support to HCD IMV | Andreas Steffen | 2015-08-18 | 1 | -7/+10 |
| | |||||
* | Fixed patches format delimited by CR/LF | Andreas Steffen | 2015-08-18 | 4 | -50/+50 |
| | |||||
* | testing: Added tnc/tnccs-20-hcd-eap scenario | Andreas Steffen | 2015-08-18 | 24 | -0/+674 |
| | |||||
* | testing: Updated expired AAA server certificate | Andreas Steffen | 2015-08-04 | 4 | -84/+84 |
| | |||||
* | testing: Adapted ha/both-active scenario to new jhash values | Andreas Steffen | 2015-07-31 | 6 | -8/+11 |
| | |||||
* | testing: Regenerated BLISS certificates due to oracle changes | Andreas Steffen | 2015-07-27 | 6 | -0/+0 |
| | |||||
* | testing: Updated loop ca certificates | Andreas Steffen | 2015-07-22 | 2 | -17/+17 |
| | |||||
* | testing: Updated all swanctl scenarios and added some new ones | Andreas Steffen | 2015-07-22 | 102 | -104/+1744 |
| | |||||
* | tests: Introduced IPV6 flag in tests.conf | Andreas Steffen | 2015-07-21 | 19 | -0/+76 |
| | |||||
* | tests: Introduced SWANCTL flag in test.conf | Andreas Steffen | 2015-07-21 | 8 | -0/+32 |
| | |||||
* | tests: fixed evaltest of swanctl/rw-cert scenario | Andreas Steffen | 2015-07-21 | 1 | -2/+2 |
| | |||||
* | tests: fixed description of swanctl ip-pool scenarios | Andreas Steffen | 2015-07-21 | 2 | -9/+8 |
| | |||||
* | testing: use a decent PSK | Andreas Steffen | 2015-05-30 | 2 | -2/+2 |
| | |||||
* | testing: Added ha/active-passive scenario | Andreas Steffen | 2015-05-30 | 21 | -0/+441 |
| | |||||
* | testing: Fix URL to TNC@FHH project in scenario descriptions | Tobias Brunner | 2015-05-05 | 6 | -8/+8 |
| | |||||
* | testing: Update TKM assert strings | Reto Buerki | 2015-05-05 | 7 | -10/+10 |
| | |||||
* | testing: Updated carol's certificate from research CA and dave's certificate ↵5.3.1dr1 | Andreas Steffen | 2015-04-26 | 42 | -838/+837 |
| | | | | from sales CA | ||||
* | testing: Wait for DH crypto tests to complete | Andreas Steffen | 2015-04-26 | 8 | -8/+8 |
| | |||||
* | imv_policy_manager: Added capability to execute an allow or block shell ↵ | Andreas Steffen | 2015-04-26 | 7 | -2/+24 |
| | | | | command string | ||||
* | Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios | Andreas Steffen | 2015-03-27 | 30 | -0/+404 |
| | |||||
* | Added tnc/tnccs-20-pt-tls scenario | Andreas Steffen | 2015-03-27 | 24 | -5/+114 |
| | |||||
* | testing: added tnc/tnccs-20-mutual scenario | Andreas Steffen | 2015-03-23 | 11 | -0/+151 |
| | |||||
* | testing: Remove obsolete leftnexthop option from configs | Tobias Brunner | 2015-03-12 | 6 | -6/+0 |
| | |||||
* | testing: Don't check for exact IKEv1 fragment size | Martin Willi | 2015-03-10 | 1 | -2/+2 |
| | | | | | Similar to 7a9c0d51, the exact packet size depends on many factors we don't want to consider in this test case. | ||||
* | testing: Fix active/passive role description in ha/both-active test case | Martin Willi | 2015-03-10 | 1 | -2/+2 |
| | |||||
* | testing: Update modified updown scripts to the latest template | Tobias Brunner | 2015-03-06 | 14 | -2589/+993 |
| | | | | | This avoids confusion and makes identifying the changes needed for each scenario easier. | ||||
* | use SHA512 for moon's BLISS signature | Andreas Steffen | 2015-03-04 | 2 | -2/+3 |
| | |||||
* | testing: Test classic public key authentication in ikev2/net2net-cert scenario | Tobias Brunner | 2015-03-04 | 2 | -0/+2 |
| | |||||
* | testing: Disable signature authentication on dave in ↵ | Tobias Brunner | 2015-03-04 | 2 | -2/+3 |
| | | | | openssl-ikev2/ecdsa-certs scenario | ||||
* | testing: Don't check for exact IKEv2 fragment size | Tobias Brunner | 2015-03-04 | 1 | -2/+2 |
| | | | | | Because SHA-256 is now used for signatures the size of the two IKE_AUTH messages changed. | ||||
* | testing: Update test conditions because signature schemes are now logged | Tobias Brunner | 2015-03-04 | 33 | -58/+58 |
| | | | | | RFC 7427 signature authentication is now used between strongSwan hosts by default, which causes the actual signature schemes to get logged. |