aboutsummaryrefslogtreecommitdiffstats
path: root/testing
Commit message (Collapse)AuthorAgeFilesLines
...
* testing: Serve images in testresults via mod_rewrite and not a symlinkTobias Brunner2016-08-293-1/+4
|
* Version bump to 5.5.1dr25.5.1dr2Andreas Steffen2016-08-261-2/+2
|
* testing: Virtual IPs went missingAndreas Steffen2016-08-165-15/+17
|
* Version bump to 5.5.1dr15.5.1dr1Andreas Steffen2016-08-102-3/+2463
|
* testing: Added swanctl/rw-newhope-bliss scenarioAndreas Steffen2016-08-1020-0/+212
|
* testing: Add chapoly, ntru and newhope plugins to crypto and integrity testsAndreas Steffen2016-08-103-3/+3
|
* testing: Added ikev2/rw-newhope-bliss scenarioAndreas Steffen2016-08-1024-1/+195
|
* Version bump to 5.5.05.5.0Andreas Steffen2016-07-131-1/+1
|
* testing: Remove obsolete openssl-fips recipeTobias Brunner2016-07-041-23/+0
| | | | | | This was only required when we initially started and OpenSSL was built from sources, which was changed with b97dd59ba841 ("install FIPS-aware OpenSSL Debian packages").
* Revert "testing: Only load selected plugins in swanctl"Tobias Brunner2016-07-011-4/+0
| | | | | | | This reverts commit dee01d019ba9743b2784b417155601d10c173a66. Thanks to 505c31870162 ("leak-detective: Try to properly free allocations after deinitialization") this is not required anymore.
* testing: Version bump to 4.6.3 kernel and strongSwan 5.5.0Andreas Steffen2016-06-302-3/+2435
|
* testing: Add ikev1/net2net-esn scenarioTobias Brunner2016-06-299-0/+117
|
* testing: Ignore tests/local directoryTobias Brunner2016-06-291-0/+1
| | | | | This could be used for experimental test scenarios that should not get tracked in the repository.
* testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tlsTobias Brunner2016-06-211-1/+1
| | | | | | | | | | | | | The change in c423d0e8a124 ("testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenario") is not really ideal as now the vici plugin might not yet be ready when `swanctl --load-creds` is called. Perhaps starting charon before Apache causes enough delay. Once we switch to charon-systemd this isn't a problem anymore as starting the unit will block until everything is up and ready. Also, the individual swanctl calls will be redundant as the default service unit calls --load-all. But start scripts do run before charon-systemd signals that the daemon is ready, so using these would work too then.
* testing: Only load selected plugins in swanctlTobias Brunner2016-06-201-0/+4
| | | | | | | | | The main issue is that the ldap and curl plugins, or rather the libraries they use, initialize GnuTLS (curl, strangely, even when it is, by its own account, linked against OpenSSL). Some of these allocations are only freed once the libraries are unloaded. This means that the leak detective causes invalid frees when swanctl is terminated and libraries are unloaded after the leak detective is already deinitialized.
* testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenarioTobias Brunner2016-06-172-3/+1
| | | | | | | | | | aacf84d837e7 ("testing: Add expect-connection calls for all tests and hosts") removed the expect-connection call for the non-existing aaa connection. However, because the credentials were loaded asynchronously via start-script the clients might have been connecting when the secrets were not yet loaded. As `swanctl --load-creds` is a synchronous call this change avoids that issue without having to add a sleep or failing expect-connection call.
* testing: Use TLS 1.2 in RADIUS test casesTobias Brunner2016-06-172-0/+6
| | | | | | | | | This took a while as in the OpenSSL package shipped with Debian and on which our FIPS-enabled package is based, the function SSL_export_keying_material(), which is used by FreeRADIUS to derive the MSK, did not use the correct digest to calculate the result when TLS 1.2 was used. This caused IKE to fail with "verification of AUTH payload with EAP MSK failed". The fix was only backported to jessie recently.
* testing: Update FreeRADIUS to 2.2.8Tobias Brunner2016-06-172-3/+3
| | | | | | | | | While this is not the latest 2.x release it is the latest in /old. Upgrading to 3.0 might be possible, not sure if the TNC-FHH patches could be easily updated, though. Upgrading to 3.1 will definitely not be possible directly as that version removes the EAP-TNC module. So we'd first have to get rid of the TNC-FHH stuff.
* testing: Fix firewall rule on alice in tnc/tnccs-20-pdp-pt-tls scenarioTobias Brunner2016-06-171-2/+2
|
* testing: Build hostapd from sourcesTobias Brunner2016-06-163-1/+78
| | | | | | | | There is a bug (fix at [1]) in hostapd 2.1-2.3 that let it crash when used with the wired driver. The package in jessie (and sid) is affected, so we build it from sources (same, older, version as wpa_supplicant). [1] http://w1.fi/cgit/hostap/commit/?id=e9b783d58c23a7bb50b2f25bce7157f1f3
* testing: Update download URL for wpa_supplicantTobias Brunner2016-06-161-1/+1
|
* testing: Wait for packets to be processed by tcpdumpTobias Brunner2016-06-161-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | Sometimes tcpdump fails to process all packets during the short running time of a scenario: 0 packets captured 18 packets received by filter 0 packets dropped by kernel So 18 packets were captured by libpcap but tcpdump did not yet process and print them. This tries to use --immediate-mode if supported by tcpdump (the one currently in jessie or wheezy does not, but the one in jessie-backports does), which disables the buffering in libpcap. However, even with immediate mode there are cases where it takes a while longer for all packets to get processed. And without it we also need a workaround (even though the version in wheezy actually works fine). That's why there now is a loop checking for differences in captured vs. received packets. There are actually cases where these numbers are not equal but we still captured all packets we're interested in, so we abort after 1s of retrying. But sometimes it could still happen that packets we expected got lost somewhere ("packets dropped by kernel" is not always 0 either).
* testing: Fix expect-connection for tkm testsTobias Brunner2016-06-161-1/+1
| | | | We don't use swanctl there but there is no load statement either.
* testing: Add expect-connection calls for all tests and hostsTobias Brunner2016-06-16184-11/+236
| | | | There are some exceptions (e.g. those that use auto=start or p2pnat).
* testing: Update test scenarios for Debian jessieTobias Brunner2016-06-16289-576/+576
| | | | | | | The main difference is that ping now reports icmp_seq instead of icmp_req, so we match for icmp_.eq, which works with both releases. tcpdump now also reports port 4500 as ipsec-nat-t.
* testing: Fix posttest.dat for ikev2/rw-dnssec scenarioTobias Brunner2016-06-161-6/+6
|
* testing: Make sure tcpdump is actually terminated before ↵Tobias Brunner2016-06-161-11/+6
| | | | analyzing/collecting logs
* testing: Correctly dis-/enable services with systemdTobias Brunner2016-06-162-4/+16
|
* testing: Install packages like the FIPS-enabled OpenSSL from a custom apt repoTobias Brunner2016-06-163-14/+28
|
* testing: Update base image to Debian jessieTobias Brunner2016-06-153-10/+30
| | | | | | | | | | | | | Several packages got renamed/updated, libgcrypt was apparently installed by default previously. Since most libraries changed we have to completely rebuild all the tools installed in the root image. We currently don't provide a clean target in the recipes, and even if we did we'd have to track which base image we last built for. It's easier to just use a different build directory for each base image, at the cost of some additional disk space (if not manually cleaned). However, that's also the case when updating kernel or software versions.
* testing: Update 4.x kernel configs to be compatible with Debian 8/systemdTobias Brunner2016-06-156-13/+130
|
* testing: Add root to fstabTobias Brunner2016-06-151-0/+1
| | | | This seems to be required for systemd to remount it.
* testing: Update Apache config for newer Debian releasesTobias Brunner2016-06-159-62/+103
| | | | | | It is still compatible with the current release as the config in sites-available will be ignored, while conf-enabled does not exist and is not included in the main config.
* testing: Explicitly enable RC4 in SSH server configTobias Brunner2016-06-151-0/+1
| | | | | | Newer OpenSSH versions disable this by default because it's unsafe. Since this is not relevant for our use case we enable it due to its speed.
* testing: Add script to chroot into an imageTobias Brunner2016-06-151-0/+67
| | | | | If changes are made to the base or root image the images depending on these have to be rebuilt.
* testing: Add a patch to tnc-fhh that avoids building the tncsim packageTobias Brunner2016-06-152-1/+20
| | | | This sub-package does not build on Debian jessie.
* testing: Don't attempt to stop services when building base imageTobias Brunner2016-06-151-2/+0
| | | | | | Unlike `apt-get install` in a chroot debootstrap does not seem to start the services but stopping them might cause problems if they were running outside the chroot.
* testing: Fix scenarios that check /etc/resolv.confTobias Brunner2016-06-133-6/+6
|
* testing: Changed gcrypt-ikev1 scenarios to swanctlAndreas Steffen2016-05-1520-126/+148
|
* testing: wait until connections are loadedAndreas Steffen2016-05-1598-89/+178
|
* swanctl: Do not display rekey times for shuntsAndreas Steffen2016-05-051-0/+1
|
* testing: Use reauthentication and set CHILD_SA rekey time, bytes and packets ↵Andreas Steffen2016-05-042-0/+8
| | | | limits
* testing: uses xauth_id in swanctl/xauth-rsa scenarioAndreas Steffen2016-05-044-6/+8
|
* testing: Use absolute path of imv_policy_managerAndreas Steffen2016-04-268-8/+9
|
* testing: -D and -u options in sfdisk are not supported any moreAndreas Steffen2016-04-261-1/+1
|
* testing: updated testing.confAndreas Steffen2016-04-244-3/+7000
|
* testing: Added swanctl/rw-multi-ciphers-ikev1 scenarioAndreas Steffen2016-04-1211-0/+238
|
* testing: Added swanctl/manual_prio scenarioAndreas Steffen2016-04-0911-0/+277
|
* testing: Add swanctl/net2net-gw scenarioTobias Brunner2016-04-0911-0/+204
|
* testing: List conntrack table on sun in ikev2/host2host-transport-connmark ↵Tobias Brunner2016-04-061-0/+1
| | | | scenario
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-28 09:33:16 +0000