> ---------- Forwarded message ---------- > From: George Herlin <[email protected]> > To: [email protected] > Cc: > Date: Sat, 6 Jun 2015 13:34:31 +0200 > Subject: Re: test failures on banana pi without --enable-all > Hallo Mike, > > Here is the promised "--enable-all" test suite... >
Hello George, I'm responding on-list without the original attachment of the test suite output since it was a bit large. If anyone wants this output they can email either of us directly. > > Summary: > [make distcheck] ensure proper distribution creation................fail > (2) > This one is because the 'makeinfo' binary doesn't appear to be installed - safe to ignore. > [Rijndael] [client+server] localhost hostname->IP (tcp/22 ssh)......fail > (353) > [Rijndael] [client+server] local NAT 192.168.1.123 (tcp/22 ssh).....fail > (424) > [Rijndael] [client+server] local NAT hostname->IP (tcp/22 ssh)......fail > (425) > I think the above are most likely because localhost is being resolved to an IPv6 address instead of 127.0.0.1. Easy to verify. The main thing is that many of the 'complete' cycle tests are passing, and I suspect that any hostname that resolves to an IPv4 address will work just fine. > [Rijndael] [server] --pcap-file processing..........................fail > (435) > [Rijndael+HMAC] [server] --pcap-file processing.....................fail > (521) > These two are a bit puzzling, but likely not a problem since this only affects reading SPA packets from a file. There may be a timeout that the test suite is hitting since it doesn't detect fwknopd running until after 7 cycles. It might be interesting to run these tests without valgrind (which slows things down substantially): # ./test-fwknop.pl --include "pcap-file" > [Rijndael+HMAC] [client+server] FORWARD_ALL SNAT translate IP.......fail > (603) > This one is currently broken in the test suite itself - need to fix that one. > [Rijndael+HMAC] [FUZZING] pkts from fko-wrapper.....................fail > (620) > This test is failing because by default the test suite does not create the test/fko-wrapper/send_spa_payloads by default. If you use --enable-complete then this test should start passing, but please note that the send_spa_payloads file along with other supporting files uses a lot of disk space. And, this fuzzing infrastructure has largely been replace with AFL + ASAN runs. [Rijndael+HMAC] [client->server OS compatibility] v2.5.1 FreeBSD9.2.fail > (633) > Looks like the rule got added, but the test suite didn't allow enough time for it to be deleted. I think the timeouts need to be adjusted for your platform. > [python fko extension] [basic exec] import and use fko..............fail > (667) > [python fko extension] [compatibility] python -> C server...........fail > (668) > You probably need to install a python-devel package. The test suite should be smarter about disabling these tests with Python.h does not appear to be available. > [GPG (no pw)] [client+server] complete cycle (tcp/22 ssh)...........fail > (669) > [GPG (no pw)] [client+server] complete cycle no sig verify..........fail > (670) > [GPG (no pw)] [client+server] 4096-bit signing key..................fail > (672) > [GPG (no pw)] [client+server] 4096-bit signing key with subkey......fail > (673) > [GPG (no pw)] [client+server] 4096 enc key, 2048 signing subkey.....fail > (674) > [GPG (no pw)] [client+server] fingerprint complete cycle tcp/22.....fail > (676) > [GPG (no pw)] [client+server] invalid fingerprint...................fail > (678) > [GPG (no pw)] [client+server] multi gpg-IDs (tcp/22 ssh)............fail > (679) > [GPG (no pw)] [client+server] iptables - no flush at init...........fail > (680) > [GPG (no pw)] [client+server] iptables - no flush at exit...........fail > (681) > [GPG (no pw)] [client+server] iptables - no flush at init or exit...fail > (682) > [GPG (no pw)] [client+server] complete cycle (tcp/23 telnet)........fail > (683) > [GPG (no pw)] [client+server] complete cycle (tcp/9418 git).........fail > (684) > [GPG (no pw)] [client+server] complete cycle (tcp/60001)............fail > (685) > [GPG (no pw)] [client+server] complete cycle (udp/53 dns)...........fail > (686) > [GPG (no pw)] [client+server] base64 altered SPA data...............fail > (691) > [GPG (no pw)] [client+server] appended data to SPA pkt..............fail > (692) > [GPG (no pw)] [client+server] prepended data to SPA pkt.............fail > (693) > [GPG (no pw)] [client+server] spoof username (tcp/22 ssh)...........fail > (694) > [GPG (no pw) HMAC] [client+server] complete cycle (tcp/22 ssh)......fail > (695) > [GPG (no pw) HMAC] [client+server] complete cycle same key signer...fail > (696) > [GPG (no pw) HMAC] [client+server] complete cycle SHA512............fail > (698) > [GPG (no pw) HMAC] [client+server] gpg args from rc file............fail > (699) > [GPG (no pw) HMAC] [client+server] complete cycle (tcp/23 telnet)...fail > (700) > [GPG (no pw) HMAC] [client+server] complete cycle (tcp/9418 git)....fail > (701) > [GPG (no pw) HMAC] [client+server] complete cycle (tcp/60001 git)...fail > (702) > [GPG (no pw) HMAC] [client+server] complete cycle (udp/53 dns)......fail > (703) > [GPG] [client+server] pinentry not required.........................fail > (707) > I think all of the above are likely timeout related once again with the exception of the pinentry one. The GnuPG engine on your system appears to require pinentry, and this means that GPG keys with associated passphrases won't work with fwknopd. This is an artifact of the GnuPG engine itself - not fwknop. There is a bit more detail here: http://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html#fwknop-gpg > [configure args] [compile] --enable-udp-server no libpcap linkage...fail > (708) > [configure args] [compile] --disable-execvpe check..................fail > (712) > [configure args] [compile] restore previous config args.............fail > (716) > These are artifacts of 'makeinfo' not being installed since this causes a non-success exit status from 'make'. The test suite should compensate for this, but it is not an indication of a problem with the fwknop code itself. > [+] 13716/0/13716 OpenSSL tests passed/failed/executed > [+] 5963/1/5964 OpenSSL HMAC tests passed/failed/executed > [+] 4504/0/4504 Fuzzing tests passed/failed/executed > [+] 676/42/718 test buckets passed/failed/executed > > > The peculiar readline() on closed file appears a few times, see the extra > log file in the archive. > This is a minor bug in the test suite itself as well, and appears to happen mostly during GPG tests. It appears to happen because of a filehandle scoping issue that I haven't tracked down yet. More responses inline below: > > Anything I can do? > > Best regards > > > > George Herlin > Tél: +33 450 407 945 > Mob: +33 658 301 928 > > > On 5 June 2015 at 17:25, George Herlin <[email protected]> wrote: > >> Hallo, Mike, >> >> Attached a test tar-archive made by running the shorter non-valgrind test >> sequence. >> HW: Banana pi >> Linux: Debian jessie with Igor Pecovnik's kernel 4.0.4 as compiled by him. >> >> Summary: >> >> [Rijndael] [client+server] localhost hostname->IP (tcp/22 ssh)......fail >> (350) >> [Rijndael] [client+server] local NAT hostname->IP (tcp/22 ssh)......fail >> (418) >> [Rijndael+HMAC] [client+server] FORWARD_ALL SNAT translate IP.......fail >> (587) >> [Rijndael+HMAC] [FUZZING] pkts from fko-wrapper.....................fail >> (604) >> [+] 10/0/10 Fuzzing tests passed/failed/executed >> [+] 696/4/700 test buckets passed/failed/executed >> >> Tried to read the relevant .test files, but couldn't make head nor tail >> of them... How serious is this? >> >> Let me know if I can help. >> >> The --enable-all has additional problems (make-dist fails, I remember) >> and takes forever on this platform. No surprise there. I'll run it >> overnight and send it to you asap. >> >> Also, I noted a strange message around test 660 that does not appear in >> the output log... look in the inconsistent-... file I added to the archive. >> >> On another front, I have been following with interest your activities >> with Jonathan regarding the new android client. Congratulations to both of >> you on this. >> > Thanks - Jonathan's work should get all of the credit here. I think his new Android app will be really important for the fwknop project. I'm hoping to replicate this for the iPhone as well. > >> I shall without doubt be an user, and would happily volunteer for a beta >> test. Let me know. >> > That would be great. I've been running Jonathan's app under Parallels on a Mac with the Android 'experimental' VM. More testing would definitely help. Thanks, --Mike > >> Best regards. >> >> >> George Herlin >> Tél: +33 450 407 945 >> Mob: +33 658 301 928 >> >> > -- Michael Rash | Founder http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
_______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
