Hi Brady, See some feedback from testing your latest branch, from an hour ago.
On Thu, Jul 20, 2023 at 05:07:10PM +0200, Brady Johnson wrote: > Hello, > > I submit several patch sets to my XFRM IP ref-counting PR [0] in the past > few days. I fixed the assert/segfault that Antony reported on the PR, plus > several other fixes and improvements. > > I created a slide [1] explaining the manual testing I have performed. > > Can I get a code review of the PR, please. > I tried running the ikev2-xfrmi-15-interface-ip test that Antony created, > but it failed and there were lots and lots of differences. Huge diff is expected, because there is no reference console output in that test directory. I didn't not add east.console.txt and west.console.txt so diff will be huge. I just read the whole output until we are confident to commit reference output:) I noticed one error when adding connection in the test. ipsec add west 003 ERROR: "west": ip_addr_xfrmi_store_ips() ifinfo_response NULL 002 "west": added IKEv2 connection > But I still get failures when I run the basic tests like basic-pluto-01 on > the main branch with Fedora-38, so maybe there are problems with the test > suites??? > > Here are the basic-pluto-01 errors I get on git main: add leftinterface-ip=192.0.1.251/24 in west.conf. interface-ip=192.0.1.251/24 will be rightinterface-ip=192.0.1.251/24 and no effect on west. In basic-pluto-01 west is left. Assuming configuration is correct I expect 3 hunks differences to basic-pluto-01. 1. ipsec look and xfrm policy should have something like the following line + if_id 0x1 2. xfrm state also should have the the same if_id + if_id 0x1 3. route should be point to ipsecX and not to via 192.1.2.23 - 192.0.2.0/24 via 192.1.2.23 dev eth1 + 192.0.1.0/24 dev ipsec1 proto kernel scope link src 192.0.1.251 + 192.0.2.0/24 dev ipsec1 scope link "192.0.2.0/24 via 192.1.2.23 dev eth1" probably should be manually deleted check westinit.sh first line where I delete that route. > $ more west.console.diff > --- west.console.txt 2023-07-20 14:40:01.926847087 +0000 > +++ OUTPUT/west.console.txt 2023-07-20 14:51:24.049038460 +0000 > @@ -209,8 +209,8 @@ > iptables filter TABLE > Chain INPUT (policy ACCEPT) > target prot opt source destination > -ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 policy match > dir in pol ipsec > -DROP all -- 192.0.2.0/24 0.0.0.0/0 > +ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 policy match > dir in pol ipsec > +DROP 0 -- 192.0.2.0/24 0.0.0.0/0 the above diff appear due difference between KVM and namespace and not actually working xfrmi and leftinterface-ip. Refrence is output from kvm. _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
