[Openswan dev] UML testing of openswan-2.4.2dr1
David McCullough
davidm at snapgear.com
Thu Oct 13 08:36:44 CEST 2005
Jivin Paul Wouters lays it down ...
> On Wed, 12 Oct 2005, David McCullough wrote:
>
> >I have just been setting up the OpenSwan UML testing so I can check that
> >the OCF changes haven't broken anything. I am using 2.4.2dr1 and linus'
> >2.4.31. Now it is all setup and the east/west manual test works, but
>
> Excellent! Glad to see others using the UML test suite.
> What are the "OCF changes"
I ported the OpenBSD cryptographic framework to linux:
http://ocf-linux.sourceforge.net/
and the changes to Openswan are basically to introduce a simple state
machine for RX/TX processing so that you can do asynchronous crypto
processing in hardware. It's been running fairly stable for a while
now and I have just updated to the latest openswan release and thought
I should start testing this and hopefully get at least the state machine
merged in to make my life a little easier :-)
> >all of the "make check" tests are failing. It seems fairly simple. Kernel
> >output/boot messages are different. My tcpdump outputs more info for
> >ESP packets as well.
>
> The test output is for KLIPS, not NETKEY.
I'm not sure what you mean here. When I run the test it tells me either
the console output differed or the local output differed. For example:
******* KLIPS RUNNING east-icmp-01 *******
reading from file OUTPUT/spi1-output.pcap, link-type EN10MB (Ethernet)
public side output differed
Console output differed
Recording "false: 1" to
/home/davidm/work/ocf-uml/results/east-icmp-01/status
******* FAILED east-icmp-01 ********
> >So my question is basically should I be running 2.6 or some other
> >kernel version. Should I be using CVS (which branch) instead of the
> >2.4.2dr1 release ?
>
> Probably best right now is to use the v2_4_x branch. That is the 'stable'
> branch, where HEAD is the 'unstable' branch.
Ok, and the uml tests in this branch are ok to run on a 2.4 system
using 2.4.31 based UML systems ?
I just want to make sure I'm not doing something that is a waste of time :-)
> >Below are the two OUTPUT diffs for the east-icmp-01 test. I am using
> >tcpdump
> >from debian testing:
> >
> > tcpdump version 3.9.3
> > libpcap version 0.9.3
> >
> >Any pointers on how to best fixup my setup appreciated, otherwise I can
> >probably mod the sed scripts to fix most of these simple errors,
>
> There is a 'sanitizer' script that removes all the 'changing bits' of the
> output that you might want to use instead of your own sed/awk scripts.
I was meaning the scripts included with the tests. Like those in
test/klips/fixups. Should I need to change those ? It looks fairly
simple to get these tests passing by adding a few lines to these
scripts,
Cheers,
Davidm
--
David McCullough, davidm at cyberguard.com.au, Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com
More information about the Dev
mailing list