aboutsummaryrefslogtreecommitdiffstats
path: root/testing
Commit message (Collapse)AuthorAgeFilesLines
* vici: Don't report memory usage via leak-detectiveTobias Brunner2015-12-111-1/+0
| | | | | This slowed down the `swanctl --stats` calls in the test scenarios significantly, with not much added value.
* testing: Use expect-connection in swanctl scenariosTobias Brunner2015-12-1113-15/+37
| | | | | Only in net2net-start do we have to use `sleep` to ensure the SA is up when the tests are running.
* testing: The expect-connection helper may use swanctl to check for connectionsTobias Brunner2015-12-111-1/+7
| | | | | | Depending on the plugin configuration in the test scenario either `ipsec statusall` or `swanctl --list-conns` is used to check for a named connection.
* testing: Some more timing fixesAndreas Steffen2015-12-012-2/+2
|
* testing: Updated expired mars.strongswan.org certificateAndreas Steffen2015-11-2613-168/+195
|
* testing: Error messages of curl plugin have changed5.3.4rc1Andreas Steffen2015-11-133-4/+4
|
* testing: Fixed another timing issueAndreas Steffen2015-11-131-1/+1
|
* testing: Check for leases in swanctl/ip-pool scenarioAndreas Steffen2015-11-111-0/+2
|
* testing: Fixed some more timing issuesAndreas Steffen2015-11-1010-8/+10
|
* testing: Reduce runtime of all tests that use SQLite databases by storing ↵Tobias Brunner2015-11-09161-312/+319
| | | | them in ramfs
* testing: tnc/tnccs-20-hcd-eap scenario does not use SWID IMV/strongTNCTobias Brunner2015-11-094-114/+1
|
* testing: Add test config to create and remove a directory for DBs stored in ↵Tobias Brunner2015-11-091-1/+23
| | | | ramfs
* testing: Improve runtime of TNC tests by storing the SQLite DB in ramfsTobias Brunner2015-11-0914-9/+30
| | | | This saves about 50%-70% of the time needed for scenarios that use a DB.
* testing: Fix test constraints in ikev2/rw-ntru-bliss scenarioTobias Brunner2015-11-091-4/+4
| | | | | Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes").
* testing: Use sha3 plugin in ikev2/rw-cert scenarioAndreas Steffen2015-11-093-3/+3
|
* testing: Report the actual strongSwan and kernel versionsTobias Brunner2015-11-091-0/+6
|
* testing: Record strongSwan version when building from tarballTobias Brunner2015-11-091-0/+1
|
* testing: Record strongSwan version when building from source treeTobias Brunner2015-11-091-0/+11
|
* testing: Report time required for all scenarios on test overview pageTobias Brunner2015-11-091-4/+13
|
* testing: Remove old SWID tags when building from repositoryTobias Brunner2015-11-091-0/+3
| | | | This fixes the TNC-PDP scenarios.
* testing: Don't log anything to the console if auth.log or daemon.log do not ↵Tobias Brunner2015-11-091-2/+2
| | | | exist
* testing: Simplify fetching of swanctl --list-* outputTobias Brunner2015-11-091-20/+8
|
* testing: Don't run redundant crypto tests in sql/rw-cert scenarioTobias Brunner2015-11-091-4/+1
| | | | | They run in all other rw-cert scenarios but in the SQL version there is no change in the loaded crypto plugins.
* testing: Fix CRL URIs in ipv6/net2net-ip4-in-ip6-ikev* scenariosTobias Brunner2015-11-092-2/+2
|
* testing: Speed up OCSP scenariosTobias Brunner2015-11-093-4/+4
| | | | | Don't make clients wait for the TCP connections to timeout by dropping packets. By rejecting them the OCSP requests fail immediately.
* testing: Speed up ifdown calls in ikev2/mobike scenariosTobias Brunner2015-11-093-1/+13
| | | | | | ifdown calls bind's rndc, which tries to access TCP port 953 on lo. If these packets are dropped by the firewall we have to wait for the TCP connections to time out, which takes quite a while.
* testing: Avoid delays with ping by using -W and -i optionsTobias Brunner2015-11-0933-55/+55
| | | | | | With -W we reduce timeouts when we don't expect a response. With -i the interval between pings is reduced (mostly in case of auto=route where the first ping yields no reply).
* testing: Remove nearly all sleep calls from pretest and posttest scriptsTobias Brunner2015-11-09303-452/+500
| | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep.
* testing: Adapt tests to retransmission settings and reduce DPD delay/timeoutTobias Brunner2015-11-0926-43/+43
|
* testing: Only send two retransmits after 1 second each to fail negative ↵Tobias Brunner2015-11-091-0/+6
| | | | tests earlier
* testing: Add a base strongswan.conf file used by all hosts in all scenariosTobias Brunner2015-11-092-0/+2
| | | | | | We will use this to set some defaults (e.g. timeouts to make testing negative tests quicker). We don't want these settings to show up in the configs of the actual scenarios though.
* testing: Add libipsec/net2net-null scenarioTobias Brunner2015-11-0911-0/+1245
|
* testing: BLISS CA uses SHA-3 in its CRLAndreas Steffen2015-11-038-5/+9
|
* testing: Update tkm to version 0.1.3Tobias Brunner2015-10-301-1/+1
| | | | | | Adds XFRM state/policy flush when terminating which caused tests to fail due to the check added with 9086f060d35a ("testing: Let test scenarios fail if IPsec SAs or policies are not removed").
* testing: Actually send an uncompressed packet in the ipv6/rw-compress-ikev2 ↵Tobias Brunner2015-10-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | scenario The default of 56 bytes already exceeds the threshold of 90 bytes (8 bytes ICMP + 40 bytes IPv6 = 104 bytes). By reducing the size we make sure the packet is not compressed (40 + 8 + 40 = 88). This also fixes a strange failure of this scenario due to the recently added post-test `ip xfrm state` check. The kernel stores a reference to the used SAs on the inbound skbuffs and since these are garbage collected it could take a while until all references to an SA disappear and the SA is finally destroyed. But while SAs might not get destroyed immediately when we delete them, they are actually marked as dead and therefore won't show up in `ip xfrm state`. However, that's not the case for the tunnel SAs the kernel attaches to IPComp SAs, which we don't explicitly delete, and which aren't modified by the kernel until the IPComp SA is destroyed. So what happened when the last ping unintentionally got compressed is that the skbuff had a reference to the IPComp SA and therefore the tunnel SA. This skbuff often was destroyed after the `ip xfrm state` check ran and because the tunnel SA would still get reported the test case failed.
* testing: added ikev2/alg-chacha20poly1305 scenarioAndreas Steffen2015-09-019-0/+106
|
* testing: update to Linux 4.2 kernelAndreas Steffen2015-09-013-4/+4471
|
* testing: Updated environment variable documentation in updown scriptsTobias Brunner2015-08-3114-14/+126
|
* Added some spaces in swanctl.confAndreas Steffen2015-08-252-8/+8
|
* testing: Let test scenarios fail if IPsec SAs or policies are not removedTobias Brunner2015-08-211-0/+18
| | | | | The IKE daemon should delete all installed SAs and policies when everything works properly, so we fail the test if that's not the case.
* testing: Flush state and policies before every scenarioTobias Brunner2015-08-211-0/+8
| | | | Similar to conntrack we make sure we are working on a clean slate.
* testing: Fix typo in p2pnat/behind-same-nat scenarioTobias Brunner2015-08-211-2/+2
|
* testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenarioTobias Brunner2015-08-211-0/+3
|
* testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenarioTobias Brunner2015-08-211-0/+4
|
* testing: Print triplets.dat files of clients in EAP-SIM scenariosTobias Brunner2015-08-214-0/+7
| | | | References #1078.
* testing: Add ikev2/trap-any scenarioTobias Brunner2015-08-1917-0/+181
|
* Extend HCD attribute data for tnc/tnccs-20-hcd-eap scenarioAndreas Steffen2015-08-182-16/+45
|
* Added reason string support to HCD IMVAndreas Steffen2015-08-181-7/+10
|
* Fixed patches format delimited by CR/LFAndreas Steffen2015-08-184-50/+50
|
* testing: Added tnc/tnccs-20-hcd-eap scenarioAndreas Steffen2015-08-1824-0/+674
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 13:53:32 +0000