[Openswan dev] how to test netkey with uml tests

Michael Richardson mcr at xelerance.com
Thu Jan 10 18:44:07 EST 2008

Hash: SHA1

This is how I did interop testing using UML against racoon, and tested
ikev2+KLIPS vs ikev2+netkey.   

First note that you can run "make uml" in two different trees, (I
suggest you use two different windows), and run a *interactive* UML from
each tree, and the mcast transport will let them communicate.  If you
run it non-interactively (i.e. ../../utils/runme.sh), then it uses a
randomized local Unix-domain socket, so it's private to that run.

a) setup for "make uml" as normal.
   You probably want to run the test case in testing/pluto/basic-pluto-01
   to confirm that all is well.

b) I assume you have a routine like 'startuml.sh' in your path, usually
   in $HOME/bin.  There is a sample in testing/utils/startuml-sample.sh.
c) Build the kernel that you want to run against. Do this like this:
	 mv plain26 netkey26
	 cd netkey26
	 make ARCH=um menuconfig
	 make ARCH=um 
	 # build it statically if you can. If not make sure that you
	 # install the modules in the right place at (e)

d) Make an image to run it with:
	mv west westnetkey
	vi westnetkey/start.sh
	change all occurances of UMLPOOL/west to UMLPOOL/westnetkey
	change path of kernel to be UMLPOOL/netkey26/linux

e) If appropriate, you might go into your racoon source (or other tree) and do:
	make DESTDIR=/path/to/UMLPOOL/westnetkey/root install

f) cd $HOME/bin
   ln -s -f westnetkey startuml.sh

g) a new "make uml"
   will re-create the plain26 and "west" directories for you if you
   still need them.

You can now start your "alternate" kernel with "westnetkey".
Don't run it at the same time as "west", as it uses everything the same:
IPs, MACs, private keys, etc.

All of the build parts could be automated, however that won't let you
run netkey kernel with pluto automated tests.  What remains to be done
is that "ipsec eroute" needs to understand how to do netlink messages to
get essentially the same format output as for KLIPS, and ditto for
"ipsec spi" (if you want to run the kernel-only tests).

- -- 
]           Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]  Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
]mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
]panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys


More information about the Dev mailing list