[Openswan dev] UML testing of openswan-2.4.2dr1

David McCullough davidm at snapgear.com
Thu Oct 13 08:36:44 CEST 2005

Jivin Paul Wouters lays it down ...
> On Wed, 12 Oct 2005, David McCullough wrote:
> >I have just been setting up the OpenSwan UML testing so I can check that
> >the OCF changes haven't broken anything.  I am using 2.4.2dr1 and linus'
> >2.4.31.  Now it is all setup and the east/west manual test works,  but
> Excellent! Glad to see others using the UML test suite.
> What are the "OCF changes"

I ported the OpenBSD cryptographic framework to linux:


and the changes to Openswan are basically to introduce a simple state
machine for RX/TX processing so that you can do asynchronous crypto
processing in hardware.  It's been running fairly stable for a while
now and I have just updated to the latest openswan release and thought
I should start testing this and hopefully get at least the state machine
merged in to make my life a little easier  :-)

> >all of the "make check" tests are failing.  It seems fairly simple.  Kernel
> >output/boot messages are different.  My tcpdump outputs more info for
> >ESP packets as well.
> The test output is for KLIPS, not NETKEY.

I'm not sure what you mean here.  When I run the test it tells me either
the console output differed or the local output differed.  For example:

*******  KLIPS RUNNING east-icmp-01 *******
reading from file OUTPUT/spi1-output.pcap, link-type EN10MB (Ethernet)
public   side output differed
Console output differed
Recording "false: 1" to
*******  FAILED east-icmp-01 ********

> >So my question is basically should I be running 2.6 or some other
> >kernel version.  Should I be using CVS (which branch) instead of the
> >2.4.2dr1 release ?
> Probably best right now is to use the v2_4_x branch. That is the 'stable'
> branch, where HEAD is the 'unstable' branch.

Ok,  and the uml tests in this branch are ok to run on a 2.4 system
using 2.4.31 based UML systems ?

I just want to make sure I'm not doing something that is a waste of time :-)

> >Below are the two OUTPUT diffs for the east-icmp-01 test.  I am using 
> >tcpdump
> >from debian testing:
> >
> >	tcpdump version 3.9.3
> >	libpcap version 0.9.3
> >
> >Any pointers on how to best fixup my setup appreciated,  otherwise I can
> >probably mod the sed scripts to fix most of these simple errors,
> There is a 'sanitizer' script that removes all the 'changing bits' of the
> output that you might want to use instead of your own sed/awk scripts.

I was meaning the scripts included with the tests.  Like those in
test/klips/fixups.  Should I need to change those ?  It looks fairly
simple to get these tests passing by adding a few lines to these


David McCullough, davidm at cyberguard.com.au, Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com

More information about the Dev mailing list