g something i can rely on for this purpose?
>
> Thoughts and suggestions welcome,
>
> --dkg
> ___
> Swan-dev mailing list
> Swan-dev@lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>From b96ef56d
On Sat, Oct 21, 2017 at 06:10:14PM -0400, Paul Wouters wrote:
>
> I think that kvmrunner.py runs final.sh on nic, while swantest does not.
>
> this gives different output, eg:
>
01905fd751490070 Mon Sep 17 00:00:00 2001
From: Antony Antony <ant...@phenome.org>
Date: Thu, 19 Oct 2017 19:33:38 +
Subject: [PATCH] xauth: cancel pending EVENT_v1_SEND_XAUTH
IKEv1 responder, when an xauth response arrive cancel
the pending EVENT_v1_SEND_XAUTH
---
programs/pluto/
On Wed, Oct 18, 2017 at 11:35:55AM -0400, Andrew Cagney wrote:
> Hi,
>
> I'm wondering if debug output should be prefixed with the connection/state
> information as in:
>
> | "westnet-eastnet" #1: .
If every line add such a prefix it would be hard to read, I would struggle
to read the
I pushed a fix for this. It will detect dangling hp in a simple case.
I am not sure about complicated cases, such as mix of CK_INSTANCE and
CK_PERMANENT connections between same IP addresses.
On Mon, Oct 02, 2017 at 01:02:41PM -0400, Paul Wouters wrote:
> On Mon, 2 Oct 2017, Antony Antony wr
On Wed, Sep 27, 2017 at 12:38:08PM -0400, D. Hugh Redelmeier wrote:
> I get a lot of them. This isn't good or useful.
>
> I ran the following script:
>
> for i in testing/pluto/*/OUTPUT/*.diff ; do
> if [ ! -s "$i" ] ; then
> : no difference
>
On Mon, Oct 02, 2017 at 01:50:18PM -0400, Paul Wouters wrote:
> On Mon, 2 Oct 2017, Antony Antony wrote:
>
> > well if the comment was true I could avoid double sending in server.c
>
> I don't understand that part. We still have the issue of sending some
> kind of Main or Ag
of re-factoring.
that also the reason I am testing more.
regards,
-antony
On Sat, Oct 07, 2017 at 01:57:54PM +0200, wolfg...@linogate.de wrote:
> On Sat, 7 Oct 2017 13:35:18 +0200, Antony Antony wrote
> > On Sat, Oct 07, 2017 at 12:02:59PM +0200, wolfg...@linogate.de wrote:
> > &g
I link with Electric Fence. It will detect double free, and cause
Segmentation fault. It kicks in before libreswan magic is executed.
Here is an example. The passert in pfree(), before your patch is applied, do
not provide any extra info in when linked with efnece.
I just tried a double
Hi Wolfgang,
I couldn't stay away from this mystery since I already spend days on it.
One line summary, I can reproduce lsw299. And need to define some things
before fixing it. There is a partial workaround to get connections
established.
I applied patch to the test case and forked it to
On Fri, Oct 06, 2017 at 09:29:33PM +0200, wolfg...@linogate.de wrote:
> > May be you need sharing address pools too, I am not sure.
>
> Sorry, I missed that the initial problem was triggered with a configured
> static ip in /etc/ipsec.d/passwd.
Thanks for this detail. I will stop beating up
On Thu, Oct 05, 2017 at 09:57:06PM +0200, Wolfgang Nothdurft wrote:
> Am 05.10.2017 um 20:57 schrieb Antony Antony:
> > On Thu, Oct 05, 2017 at 08:36:52PM +0200, Wolfgang Nothdurft wrote:
> > > Am 05.10.2017 um 20:18 schrieb Antony Antony:
> > > > Wow, this patch look
On Fri, Oct 06, 2017 at 10:51:38AM -0400, Paul Wouters wrote:
> I've reverted the previous patch, then tested with this patch only. It
> did not cause regression for me. So if Antony is fine with it, we can
> merge this last patch in.
I am still hunting the original bug. I am possibly missing
Hugh,
To link libreswan with Electric Fence in testing just add the following in
your Makefile.inc.local
EFENCE=-lefence
There is a sanitizer for the extra line" Electric Fence "...
-antony
___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
Hi,
> antony, b90248262fbb9975d13a64ab91375a09efb6 enumcheck-01 needs an
> update, and do we really want to keep adding --impair... options when
> --impair ... now works?
what I added is
ipsec whack --debug-all --impair drop-xauth-r0
ipsec whack --impair-drop-xauth-r0 do not work.
On Thu, Oct 05, 2017 at 08:36:52PM +0200, Wolfgang Nothdurft wrote:
> Am 05.10.2017 um 20:18 schrieb Antony Antony:
> > Wow, this patch looks like a heavy hammer solution. To reference count the
> > pool for each lease? There is something else going on. I imagine reproducing
>
for the proposed patch, it gave a bit more insight into the issue.
-antony
On Thu, Oct 05, 2017 at 02:52:06PM +0200, Wolfgang Nothdurft wrote:
> Am 05.10.2017 um 10:13 schrieb Antony Antony:
> > Hi Wolfgang,
> >
> > Thanks for the config so far I only looked at test run resu
Hi Wolfgang,
I tried to reproduce your issue and no luck yet.
Did you try ipsec stop?
On Thu, Oct 05, 2017 at 09:45:02AM +0200, Wolfgang Nothdurft wrote:
> Am 02.10.2017 um 13:58 schrieb Antony Antony:
> > Hi Paul
> >
> > A quick test after the commit bd3a5f01 show a crash i
ng up the connection and "ipsec stop"
regards,
-antony
On Thu, Oct 05, 2017 at 09:45:02AM +0200, Wolfgang Nothdurft wrote:
> Am 02.10.2017 um 13:58 schrieb Antony Antony:
> > Hi Paul
> >
> > A quick test after the commit bd3a5f01 show a crash in test xauth-pluto-16
> >
On Sun, Sep 24, 2017 at 05:05:42PM +, Aviv Heller wrote:
> > coverity-detected anomalies are sometimes subtle. So I looked at this
> > code and found a couple of bugs. I also did some tidying. But no
> > testing!
> >
> > Aviv, Antony: please have a look at commit
> >
Hi Aviv,
On Sun, Sep 24, 2017 at 05:05:42PM +, Aviv Heller wrote:
> > coverity-detected anomalies are sometimes subtle. So I looked at this
> > code and found a couple of bugs. I also did some tidying. But no
> > testing!
> >
> > Aviv, Antony: please have a look at commit
> >
How about one level of "also="
A few globally well defined connections with one connection per file e.g.
westnet-eastnet.conf in /testing/baseconfig/etc/ipsec.d.
This file do not contain "also=" line. However, they are not necessary full
connection.
The test specific config:
ted using xauth-pluto-17
I am, still, suspecious of restart code. If there are multiple connections
from same NAT GW it would restart all of them when one dpd fails. Probably
for another day. Lets fix this crash first.
Also the test is weired. The combination IKEv1 aggressive mode, xauth ,
%an
Hi Paul
A quick test after the commit bd3a5f01 show a crash in test xauth-pluto-16
pointing to addresspool.c. The crash happens with ipsec stop
I couldn't repoduce lsw#299 yet. Did you manage to reproduce before bd3a5f0
patch?
(gdb) bt
#0 0x55a3e7f6830b in unreference_addresspool
On Sat, Sep 30, 2017 at 08:18:11PM -0400, D. Hugh Redelmeier wrote:
> testing/pluto/xauth-pluto-17 failed east:CORE,output-different
> road:output-different
..
> I don't know whether it is repeatable so I'm freezing my test machine for
> now.
The crash appears in my testruns since Sept 28th,
On Sat, Sep 30, 2017 at 08:18:03PM -0400, D. Hugh Redelmeier wrote:
> Sadly this is old news -- I've been isolated due to cable problems and
> other commitments.
>
> The last commit on the tree I'm working from is Tuomo's
> 18f05093e718b803480be2dd94c24eef8d7b6f69
> 2017-09-28 12:39:50
>
>
may be a missing dpkg-checkbuilddep call.
The Debian experimental depends on latest package versions, e.g libunbound
1.6.5 Which is not available on last year's Ubuntu. So, I disabled
dpkg-checkbuilddep to work on older Debian/Ubuntu.
I re-introduced dpkg-checkbuilddep and relaxed version
Which side is retransmitting? east or west?
In IKEv1 tests --impair-retransmits should be on both ends.
I did not know this at the begining. So I may have made mistakes in some
tests.
Keep this mind when creating new test cases.
On Thu, Sep 28, 2017 at 02:04:32AM -0400, D. Hugh Redelmeier
Hi Paul,
Thanks for adding --conn option. It is a good to have option.
If expanding "also" is done well this is a good idea. My experience with
readwriteconf is it need more work before this effort could begin.
Currently, I wonder it work at all! See the example below.
If we do this, my
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1457046:(BAD_SHIFT)
/programs/whack/whack.c: 2114 in main()
/programs/whack/whack.c: 2125 in main()
*** CID
On Fri, Sep 15, 2017 at 11:17:43PM -0400, D. Hugh Redelmeier wrote:
> | From: Antony Antony <ant...@phenome.org>
>
> coverity-detected anomalies are sometimes subtle. So I looked at this
> code and found a couple of bugs. I also did some tidying. But no
> testing!
>
On Sun, Sep 17, 2017 at 06:00:58PM -0400, D. Hugh Redelmeier wrote:
> West starts to diverge with this line:
>
> +002 "westnet-eastnet-nflog" #1: switched from "westnet-eastnet-nflog" to
> "west-east-nflog"
>
> Does anyone else see this?
yes.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1456790:(MIXED_ENUMS)
/programs/pluto/ikev1_spdb_struct.c: 2574 in parse_ipsec_sa_body()
/programs/pluto/ikev1_spdb_struct.c: 2575 in parse_ipsec_sa_body()
/programs/pluto/ikev1_spdb_struct.c: 2576 in
r.ifr_name, sizeof(ifr.ifr_name), ifname);
> --
> 1.8.3.1
>
> ___
> Swan-dev mailing list
> Swan-dev@lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>From 39744f56220ba3da93f283251b7c2dc6dd5ddf8a Mon
On Tue, Sep 12, 2017 at 10:26:36AM -0400, Paul Wouters wrote:
> On Tue, 12 Sep 2017, Antony Antony wrote:
>
> > > It is now set using DEFAULT_DNSSEC_ROOTKEY_FILE which has a builtin
> > > default? So you can still set it to build on debian, but you don't have
> &
On Tue, Sep 12, 2017 at 03:08:59PM -0400, D. Hugh Redelmeier wrote:
> commit 29c0396e3ec932839d769f68b71fcb2a64094880
> Author: Antony Antony <ant...@phenome.org>
> Date: Tue Sep 12 01:47:45 2017 +0200
>
> pluto: no code change. just so
On Thu, Aug 24, 2017 at 12:18:20PM -0400, Paul Wouters wrote:
> On Wed, 23 Aug 2017, Antony Antony wrote:
>
> > Why is commit e0a15de removing DEFAULT_DNSSEC_ROOTKEY_FILE from
> > USERLAND_CFLAGS. The compile time option is necessary for Debian, pluto need
>
Hi Aviv,
thanks for trying to fix the issue. However, this patch introduce more
problems.
netlink_esp_hw_offload = UINT_MAX or UINT_MAX-1
netlink_esp_hw_offload + 32 would overflow.
** CID 1455227:(INTEGER_OVERFLOW)
/programs/pluto/kernel_netlink.c: 932 in netlink_detect_offload()
Hi Paul,
Why is commit e0a15de removing DEFAULT_DNSSEC_ROOTKEY_FILE from
USERLAND_CFLAGS. The compile time option is necessary for Debian, pluto need
the defined value.
USERLAND_CFLAGS+=-DDEFAULT_DNSSEC_ROOTKEY_FILE=\"${DEFAULT_DNSSEC_ROOTKEY_FILE}\"
After the commit e0a15de
Hi Ilan,
There is a coverity warning in the recently added nic-offload code. I do not
understand the related code completely to fix it myself.
Would you please take a look? and see if you can fix it.
programs/pluto/kernel_netlink.c:979 netlink_detect_offload
976
977/* Feature is
In recent scans I noticed a few warnings appearing due to possible incorrect
use strncpy and alike in libreswan code. These are probably not exploits
immediately, because these strings seems to come after other checks.
However, scans generate annoying warnings! If we avoid those may be Hugh's
> #include
> +#include
> #include
> #include /* for inet_ntop */
> #include
> ___
> Swan-dev mailing list
> Swan-dev@lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>From ee7952c5112a2b08c1b196cabd946e0b3c3dc7
I committed this change for now to be able to compile on F26
On Wed, Jun 14, 2017 at 03:39:38PM -0400, Paul Wouters wrote:
> On Wed, 14 Jun 2017, Antony Antony wrote:
>
> > for Wimplicit-fallthrough=3 complaince
> > I have a patch sitting around when I played with F26. I
Hi Ilan,
now all three patches are on the libreswan master. I added a few minor style
changes. please test merge.
-antony
On Fri, Aug 04, 2017 at 02:30:45PM +0200, Antony Antony wrote:
> a couple minor comments. 1/3 is already applied by Paul.
> Here are my comments about 2/3 and wil
On Wed, Aug 02, 2017 at 06:22:28PM +0300, il...@mellanox.com wrote:
> From: Ilan Tayari
>
> Detect kernel capability when adding the first interface.
> Ethtool IOCTL requires a valid device, so this cannot be done
> before that.
>
> Detect per-device capability using ethtool
a couple minor comments. 1/3 is already applied by Paul.
Here are my comments about 2/3 and will send another one for 3/3
On Wed, Aug 02, 2017 at 06:22:27PM +0300, il...@mellanox.com wrote:
> From: Ilan Tayari
>
> Convert nic-offload configuration from boolean to 3-choice
@@ int main(int argc, char **argv)
> continue;
>
> case CD_NIC_OFFLOAD: /* --nic-offload */
> - msg.nic_offload = TRUE;
> + if (streq(optarg, "never"))
> + msg.nic_offload = ni
On Tue, Jul 04, 2017 at 01:58:51PM +, Ilan Tayari wrote:
> Hi Paul, Antony, and all,
>
> I want to discuss an improvement to the basic Libreswan nic-offload feature.
>
> We (Mellanox) propose the following change:
> * Upgrade the nic-offload configuration option from bool to tristate enum:
>
On Mon, Jul 03, 2017 at 04:09:24PM -0400, Paul Wouters wrote:
> On Mon, 3 Jul 2017, D. Hugh Redelmeier wrote:
>
> > Thanks, Paul, for dealing with the one I reported.
> >
> > Here's from last night's run. Could you fix these too? Or hand them
> > off to whoever understands the particular test?
Hi Ilan,
offload patches are in the libreswan master now.
thanks,
-antony
On Sun, Jul 02, 2017 at 06:30:51AM +, Ilan Tayari wrote:
> > -Original Message-
> > From: Antony Antony [mailto:ant...@phenome.org]
> > Subject: Re: [Swan-dev] [PATCH libreswan] Add su
On Mon, Jul 03, 2017 at 10:40:07AM -0400, D. Hugh Redelmeier wrote:
> | From: Antony Antony <ant...@phenome.org>
>
> | I am just saying "conn us" could be in the test config file.
>
> Summary: I can find an error but I don't know what the correct fix is.
> That'
On Mon, Jul 03, 2017 at 01:44:59AM -0400, D. Hugh Redelmeier wrote:
> I've been playing with confread.c
>
> I've made it complain when an also= cannot be found.
sounds great. It would nice to resolve this.
> Now lots of tests fail.
>
> Example problem:
> testing/baseconfigs/all/etc/ipsec.d
>
On Wed, Jun 28, 2017 at 05:53:17AM +, Ilan Tayari wrote:
> Hi Antony,
> (Sorry for confusing you with Paul in previous email)
no problem.
> > 1. how to detect which esp algorithms are supported by this card?
> There is no kernel API for that :/
> Currently the user is supposed to be aware
On Thu, Jun 29, 2017 at 11:02:03AM -0400, D. Hugh Redelmeier wrote:
> > testing/pluto/interop-ikev2-strongswan-23-initiator-cp failed
> > road:output-different
>
> +CHILD_SA roadnet-eastnet-ikev2{1} established with SPIs SPISPI_i SPISPI_o
> and TS 192.0.2.1/32 === 0.0.0.0/0
>
> I don't think
I got the xfrm.h updated. I am running tests various distros. The errors
were due to the order in which in.h and in6.h were included.
On Wed, Jun 28, 2017 at 08:03:49AM +, Ilan Tayari wrote:
> This reminds me of a different thing.
> With the crypto offload we easily reach 18Gbps on a single
On Wed, Jun 28, 2017 at 05:31:06AM +, Ilan Tayari wrote:
> > -Original Message-
> > From: Antony Antony [mailto:ant...@phenome.org]
> > Subject: Re: [Swan-dev] [PATCH libreswan] Add support for IPSec HW-offload
> > on the NIC
> >
> > I guess this
oh, few informational questions.
1. how to detect which esp algorithms are supported by this card?
2. how does it deal with add_sa for a unsupported algorithm?
3. does the card support AH SA?
4. does it support xfrm acquire, block and pass polices too?
5. Any limits on number of SA supported? and
I guess this is could be applied. However, please hold on, lets update
xfrm.h first.
I plan to update linux26/xfrm.h with history from kernel commits.
It should happen before this patch. Otherwise it hard to know how upto date
xfrm.h is.
Another comment. It would be nice to add whack option?
On Mon, Jun 26, 2017 at 07:37:25AM -0400, Paul Wouters wrote:
> On Mon, 26 Jun 2017, Antony Antony wrote:
>
> > AUTH payload failure is a different code path. This was AUTH payload success
> > and installing SA failed; ie AUTH exchange failure. So parent advanced and
> > t
On Fri, Jun 23, 2017 at 10:00:23PM -0400, Andrew Cagney wrote:
> > http://swantest.libreswan.fi/results/blackswan/2017-06-23-swantest-3.21rc2-142-g4cb3a8b-master/newoe-02-klips/OUTPUT/road.pluto.log
>
> I'm not sure that us proposing something we don't support is the root
> cause here; rather it
o do
more dns magic.
Thanks for testing 3.21rcX on debain.
regards,
-antony
>From fdf94f2756d3b3844b8d6fe62286c941d705e59f Mon Sep 17 00:00:00 2001
From: Antony Antony <ant...@phenome.org>
Date: Sat, 24 Jun 2017 00:21:12 +0200
Subject: [PATCH] add dns-root-data dependency and use root.key
On Sun, Jun 18, 2017 at 12:19:25PM -0400, Paul Wouters wrote:
> On Sun, 18 Jun 2017, D. Hugh Redelmeier wrote:
>
> > After a pause of a few months, I ran the test suite last night.
> > I tested HEAD, as of ce5d67b98214746e8e55a2a1c401343117dba1aa.
> >
> > A *lot* of tests seem to have failed. I
I need the following packages too. I use for debugging.
telnet
screen
mtr
> I've added these (minus the version number):
>
> bind-utils-9.10.4-4.P8.fc24.x86_64
> net-tools-2.0-0.37.20160329git.fc24.x86_64
> psmisc-22.21-8.fc24.x86_64
> tcpdump-4.7.4-4.fc24.x86_64
>
well I am also adding to
Outside RHEL, the 9pfs support is gaining more support. EPEL kernel has 9fs
enabled. Ubuntu seems to support it now, and XEN now.
Eventually RHEL will support something like 9pfs + Windows support in secure
way! For 'security' reasons 9fs is not supported now.
The new RHEL blessed one seems
yes thanks. I didn't notice the fix when replying to .gitignore suggestion.
On Wed, Apr 26, 2017 at 01:02:42PM -0400, Andrew Cagney wrote:
> On 26 April 2017 at 10:20, Antony Antony <ant...@phenome.org> wrote:
>
> > I don't understand why not in the old behavior,
> >
On Tue, Apr 25, 2017 at 10:52:12AM -0400, Paul Wouters wrote:
> On Tue, 25 Apr 2017, Andrew Cagney wrote:
>
> >- the obvious problem is that the generated file version.c shouldn't
> >even be in the source tree
>
> Can we add these to .gitignore ?
Probably not necessary if the old behavior is
I noticed libreswan build system is keeping a stale copy of
lib/libswan/version.c possibly since commit ccd2cf. Also another related one is
modobj/version.c. The second one is probably due to a different issue. And it
probably has a longer history.
To demonstrate the issue I picked a test
On Wed, Apr 12, 2017 at 09:37:37PM -0400, Paul Wouters wrote:
>
>
> I am looking at ensuring that RSA key rollover works. This is supposed
> to be supported via leftrsasigkey= and leftrsasigkey2=
Wouldn't a simple RSA keyrollover work with one key in the connection? May be
you are thinking of
On Mon, Apr 10, 2017 at 02:10:32PM -0400, Andrew Cagney wrote:
> Can we agree that the use of macros that conditionally return as a
> side effect are, in general, a bad idea and their use should not be
> encouraged?
why is it a bad idea? one reason I can think is running in gdb. I think it is
On Sun, Nov 27, 2016 at 10:48:37PM -0500, Andrew Cagney wrote:
> On 27 November 2016 at 13:40, Antony Antony <ant...@vault.libreswan.fi> wrote:
> > commit 749c8d5ea579fde2831cf553909c5062b41e5e74
> > Author: Antony Antony <ant...@phenome.org>
> > Date:
called with up-client.
Here is a simple patch for proof of concept.
I modified and existing test ikev2-48-nat-cp to test, changed auto=start and
removed add and up from road*
-antony
>From d66ee4897381d769ddb47680d34ad7da4e42033d Mon Sep 17 00:00:00 2001
From: Antony Antony <ant...@pheno
c2ea0911 introduced a crasher for IKEv1. When pluto replace IKE SA and delete
itself.
#0 0x5610ca3c34b7 in free_generalNames (gn=0xe, free_name=1)
at /home/build/libreswan/lib/libswan/x509dn.c:742
#1 0x5610ca329edb in delete_state (st=0x5610cb16eaa0) at
On Tue, Aug 09, 2016 at 08:51:02AM -0400, Andrew Cagney wrote:
> On 8 August 2016 at 13:39, Antony Antony <ant...@phenome.org> wrote:
> > here is a report of missing make dependencies.
> >
> > Over the weekend I tracked down a couple missing make dependencies.
here is a report of missing make dependencies.
Over the weekend I tracked down a couple missing make dependencies. Some of
them are hard to trackdown when compiling over 9pfs or nfs...
1. addconn is missing dependency on lib/libipsecconf/keywords.c. Seee below
to reproduce.
2. make base or
luto/server.c:628
#4 0x55584ea49643 in call_server ()
at /home/build/libreswan/programs/pluto/server.c:742
-antony
commit e927f35a93c2a55f3d37ac8681230d91f5593e0a
Author: Antony Antony <ant...@phenome.org>
Date: Tue Jul 12 16:19:20 2016 +0200
install: expose systemd varia
On Mon, Jul 11, 2016 at 03:54:03PM -0400, Andrew Cagney wrote:
> On 11 July 2016 at 13:51, Paul Wouters <p...@nohats.ca> wrote:
> > On Mon, 11 Jul 2016, Antony Antony wrote:
> >
> >> Subject: Re: [Swan-dev] a scan of failing tests
> >>
> >> may
new files weren't added to git yet. Pushed now
>
> Sent from my iPhone
>
> > On Jul 8, 2016, at 23:53, Antony Antony <ant...@phenome.org> wrote:
> >
> > good to see tests are cleaned up. Thanks! From the last run, some of the
> > ikev2-liveness-0x tests stil
here is the stack trace while running an interop test
interop-ikev2-strongswan-15-create_child_sa
ASSERTION FAILED at /home/build/libreswan/lib/libswan/constants.c:2090:
p->en_last - p->en_first + 1 == p->en_checklen
(gdb) bt
#0 0x7fd985472a28 in __GI_raise (sig=sig@entry=6)
at
On Fri, Jun 24, 2016 at 12:42:03PM -0400, Andrew Cagney wrote:
> On 24 June 2016 at 11:43, Antony Antony <ant...@phenome.org> wrote:
> > additional run scripts would be nice to have.
>
> More than just nice. For instance:
>
> - west brings up a connection
&
On Fri, Jun 24, 2016 at 10:30:13AM -0400, Andrew Cagney wrote:
> On 5 February 2016 at 16:31, Andrew Cagney wrote:
> > On 5 February 2016 at 15:56, Paul Wouters wrote:
> >> On Fri, 5 Feb 2016, Andrew Cagney wrote:
> >>
> >>> While this question is kind of
On Sun, May 22, 2016 at 10:00:31AM +0200, Antony Antony wrote:
> so finally we could run multiple instances. And only one instance we could
> ssh into. that is fine to me.
last night it was an interesting moement to get multiple instances working :)
The last couple of days when I started
dhcp is not required, if you removed ip.
I guess you figured that out and change to kvmsh looks good
my run using two instances went well. Each instance finished in less than 5:00
hours where as one instance would take 9:30 and results are good.
so finally we could run multiple instances. And
are you trying to run two tests concurrently?
In Docker setup bridges (on the host) have no IP address configured. So bridge
with no ip address and namespace isolates the tests.
In the past few days I tried similar trick with KVM. There is no IP address on
swan112 which seems to work. I just
not allow multiple virtual network interfaces at start.
pipework is the workaround I found. This way the real ethX configs are in one
place which is also used by
kvm tests.
-antony
On Sun, May 15, 2016 at 05:51:49PM +0200, Antony Antony wrote:
> Hi Ondrej,
> I am still on F22:) ik
how to make protostack=klips work under docker.
The module is loaded on the host. All instances share the same module.
-antony
On Sun, May 15, 2016 at 04:21:10PM +0200, Ondrej Moris wrote:
> Hey Antony, thanks for your reply, sorry for such a delayed answer,
> please see my inline comments
Hi Ondrej,
here is a quick response. Do you still have the system where you followed the
steps in [1]?
On Wed, May 11, 2016 at 01:42:37PM +0200, Ondrej Moris wrote:
> Hi,
>
> a few months ago I became aware of "libreswan testing suite docker
> adventures" [1].Then I had a chance to have a
ior.
make check "UPDATEONLY=1" is used while working one specific test case that has
nothing to do with certs and want update the pluto on vm. Especially the
uncommited working directory.
On Fri, Nov 20, 2015 at 10:02:22AM +0100, Antony Antony wrote:
> On Thu, Nov 19, 2015 at 0
On Thu, Nov 19, 2015 at 01:50:48PM -0500, Andrew Cagney wrote:
> Heads up!
>
> On 23 October 2015 at 10:21, Andrew Cagney wrote:
> > On 22 October 2015 at 11:02, Matt Rogers wrote:
> >>
> >> One note is that the CRLs (except for needupdate.crl) are
On Mon, Sep 21, 2015 at 11:42:03AM -0400, D. Hugh Redelmeier wrote:
> newoe-20-ipv6
> New test.
> Fails. Pretty completely.
> Maybe it relates to this in road.pluto.log:
> initiate on demand from 2001:db8:1:3::209:1 to 2001:db8:1:3::209:3 proto=58
> state: fos_start because:
just sharing my experince.
that commit, 6eca8ba4, seems to have many failures runnig test cases too. may
be try one before.
many simple ikev2 tests have failed. e.g
On Tue, Sep 08, 2015 at 02:19:47PM -0400, Andrew Cagney wrote:
> On 7 September 2015 at 12:06, Paul Wouters wrote:
> > On Sat, 5 Sep 2015, D. Hugh Redelmeier wrote:
> >
> >> I imagine that somebody changed something without updating the
> >> reference logs.
> >>
> >> Please fix
On Sat, Sep 05, 2015 at 06:22:30PM -0400, D. Hugh Redelmeier wrote:
> | From: D. Hugh Redelmeier
>
> | So: this looks like a bug in stwantest.
>
> I'm surprised to find that gdb can tell one something about a running
> python program.
>
> Apparently swantest is hung in line
Here is a data point.
I don't see the warning you mentioned. May be I need a newer gcc? There is no
warning on stock Ubuntu 15.04, i686, and libreswan master.
gcc --version
gcc (Ubuntu 4.9.2-10ubuntu13) 4.9.2
root@vivid32:~# uname -m
i686
cc -c -pthread -g -fexceptions
On Wed, Aug 26, 2015 at 11:26:08AM -0400, Lennart Sorensen wrote:
On Wed, Aug 26, 2015 at 11:23:39AM -0400, Paul Wouters wrote:
On Wed, 26 Aug 2015, Lennart Sorensen wrote:
Aug 5 14:50:13 ruggedcom pluto[8239]: Test #3: ignoring Delete SA
payload:
PROTO_IPSEC_ESP SA(0xbd111c17) not
On Mon, Aug 03, 2015 at 03:55:23PM -0400, D. Hugh Redelmeier wrote:
I just poked at the Bison rule in out lib/libipsecconf/Makefile
I hope that the plan9 filesystem problem that Antony encountered
remains fixed. Instead of a cat, I used a mv.
yes. Thanks Paul Hugh.
-antony
I noticed
On Thu, Jul 23, 2015 at 03:17:36AM -0400, Paul Wouters wrote:
On Thu, 23 Jul 2015, D. Hugh Redelmeier wrote:
| cd . bison -g --verbose -v -d ../../../lib/libipsecconf/$(basename
../../../lib/libipsecconf/parser.y)
| cd . sed -i 's/if YYENABLE_NLS/if defined YYENABLE_NLS \\
I am running into an error while compiling on the vm, make check UPDATE=1
It appears to be caused by permission error, after
44e03f97f200ab8f33f3599a0b1d0d06450795da introduced a check.
+ tail -20 compile-log.txt
* ) echo # $f ignored by Makefile.dep ;; \
esac ; \
done
On Wed, Jul 15, 2015 at 12:58:23PM -0400, Andrew Cagney wrote:
when run against a non-FIPS pluto things are more of a mess; I'm
tweaking things to skip the tests by default.
However, I think it would be useful to always build pluto capable of
being in FIPS mode so the good tests could be run.
I still have issues to install the patched pyOpenssl RPM on FC20. The patched
package is a barrier for me.
Of the 3 servers I run, so far I only manged to run distcert.py on one and I
copied the generated files to the other tow.
-antony
On Tue, Jun 23, 2015 at 12:25:48PM -0300, Paul Wouters
On Sun, Jun 14, 2015 at 11:38:32AM -0400, D. Hugh Redelmeier wrote:
| From: Paul Wouters p...@nohats.ca
| On Sun, 14 Jun 2015, D. Hugh Redelmeier wrote:
|
| 31 lines were unique.
| 256 appeared twice.
|
| Why the heck are tests being run twice? When will it stop?
|
| Because you
201 - 300 of 336 matches
Mail list logo