[Swan-commit] Changes to ref refs/heads/fragmentation
Paul Wouters
paul at vault.libreswan.fi
Sat Mar 9 01:58:04 EET 2013
New commits:
commit cd4aa6479bd9dfe7dfdc8583d743e402987161c5
Merge: 0b6b498 42a46c4
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 18:57:55 2013 -0500
Merge branch 'master' into fragmentation
Conflicts:
programs/pluto/demux.h
testing/guestbin/swan-prep
testing/x509/dist_certs
commit 42a46c43be90dda2c9054312ea6ebf915adeabbd
Merge: 61bd40d e0c6962
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 18:52:17 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 61bd40dfbe10337f65e7f690508850a49857e872
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 18:49:18 2013 -0500
* pluto: fixup phread locking using lock_certs_and_keys()/unlock_certs_and_keys()
The code using lock_certs_and_keys()/unlock_certs_and_keys() was commented
out because it depended on LIBCURL which is not always present. A "fixme"
warning was issued.
But only the CRL code should depend on LIBCURL. So I re-instated the
pthread locking by moving these functions from programs/pluto/fetch.c
to lib/libswan/secrets.c
commit e0c6962f636408cdd4600177c5ff0acd1284efe0
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Mar 8 23:36:08 2013 +0200
scripts: fix ipv6 default route split
commit be31894a46c6af0fea62e41c49c24d22ffe8f28a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 14:15:20 2013 -0500
* pluto: Add pthread mutex locks to some logging functions
Some logging functions are calling non re-entrant functions. Until we've
caught them all, use a mutex to insure threads aren't accessing them at
the same time.
Functions changed: libreswan_log() DBG_log() loglog() and fmt_log()
commit 12acc276f502ec0c9379cba5be158e22cbd1c28e
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 13:51:48 2013 -0500
* clarify logging example in ipsec.conf
commit 00c8c8e3a0918145b382370c7c08405906266e06
Merge: 2a97164 961dc4e
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 13:46:54 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 2a9716410c34e9786770d846ca6d6d53515bd197
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 13:42:50 2013 -0500
* log XAUTH username on same line as Traffic statistics
In ipsec auto --status it shows up as:
000 #2: "redhat" esp.e4432d35 at 66.187.233.55 esp.a9433c16 at 172.20.10.2 tun.0 at 66.187.233.55 tun.0 at 172.20.10.2 ref=0 refhim=4294901761 XAUTHuser=pwouters Traffic: ESPin=474B ESPout=336B ESPmax=4095GB
when the connection goes down, it shows up as:
"redhat" #2: deleting state (STATE_QUICK_I2)
"redhat" #2: ESP traffic information: in=474B out=336B XAUTHuser=pwouters
Also, make humanize_number() static
commit 5b725c34ae3477c326474319a367f05171d7178c
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 19:43:01 2013 -0500
* Removed xfrm xuctx security context log message with incomplete format string
commit 961dc4eb72c221b6fa13c3799dc5b52a5305ba93
Merge: 4d7ce94 bd44e1c
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 22:05:20 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit bd44e1c18d1315f163655e324a5f14a34d830176
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 14:34:32 2013 -0500
* Bug 73 - extra logging from dpd packets after commit d18825150b
Fixed, and added a comment to ensure this isn't 'fixed' again.
commit 5627bf955e2f207c0097f0e3f45212da8e3c060d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 14:17:04 2013 -0500
* threads: protect crypt() with a mutex
crypt_r requires -D_GNU_SOURCE. Not sure crypt_r is implemented under
OpenBSD and FreeBSD. crypt requires -D_XOPEN_SOURCE and thus should
be implemented on every Unix/Unix-like. The pthread library is even
implemented under Windows/Cygwin. It is implemented on Linux/HP-UX/Tru64
(both HP's Unix). So the pthread library should as well be under
OpenBSD/FreeBSD.
Patch by Philippe Vouters <philippe.vouters at laposte.net>
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit bdddc287874d7fe9a36c3ce6f66f93f37e7a7da4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 14:07:31 2013 -0500
* xauth: crypt() can return NULL (ie in FIPS mode)
commit a1f1b5815cee2327183045d09d50cdf1a8c3f5cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 14:05:51 2013 -0500
* audit: add comment about false positive valgrind warning
commit 713deb1a7294f59134eda52a8eef1d14106dadbe
Merge: 5ede192 5291079
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 11:55:31 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 4d7ce94fd7f245ccfcb1d7ac3ee3afa2517aba71
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 11:23:27 2013 +0200
scripts: remove whitespaces at end of the line
commit 52910798b6c8d81e3c57194901fc0397528ec846
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 11:10:35 2013 +0200
scripts: fix hardcoded path in ipsec.in
commit fb534e5dc42faa26ede1331fb6e4365c8cebc091
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 11:04:52 2013 +0200
initsystem: fix bashism in init scripts
commit ef11afa8971af1c5b4c2fd1039c89a0b94a6d08a
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 11:01:18 2013 +0200
scripts: cleanup ipsec script and fix one bashism.
commit 5ede19293a9f604923dd135214258bbfe2c92ca5
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 23:15:49 2013 -0500
* simplify PK11_Derive_lsw() and squash a warning about an unreachable switch default
commit 819b129f617f94b27bbcd9f80ba51d491340091f
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 23:46:38 2013 -0500
* sprinkled a few passert()s to ensure conn name is not NULL
commit 578e6c4ad6d8c65182c27998b5526e2feb50dde4
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 6 17:31:23 2013 -0500
* added testcase for basic-pluto-01 with valgrind
commit 4103f3b8a6b9a9dcaa51301c82cda5eb7fd381c0
Merge: cb798e0 e25f507
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 6 15:41:10 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit cb798e0817fa5bf2a193dd0d158c860ba7ddfe18
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 6 15:37:30 2013 -0500
* pluto: display the number of loaded/active connections in status
000 "redhat": prio: 32,32; interface: bnep0; metric: 0, mtu: unset;
000 "redhat": newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "redhat": IKE algorithms wanted: AES_CBC(7)_000-SHA1(2)_000-MODP1536(5), AES_CBC(7)_000-SHA1(2)_000-MODP1024(2)
000 "redhat": IKE algorithms found: AES_CBC(7)_128-SHA1(2)_160-MODP1536(5)AES_CBC(7)_128-SHA1(2)_160-MODP1024(2)
000 "redhat": IKE algorithm newest: AES_CBC_128-SHA1-MODP1536
000 "redhat": ESP algorithms wanted: AES(12)_000-SHA1(2)_000; pfsgroup=MODP1024(2)
000 "redhat": ESP algorithms loaded: AES(12)_128-SHA1(2)_160
000 "redhat": ESP algorithm newest: AES_256-HMAC_SHA1; pfsgroup=MODP1024
000
000 Total IPsec connections: loaded 1, active 1
000
000 #2: "redhat":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE_IF_USED in 85643s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
commit e25f5079936682e1add8e8c0362497750c300ca4
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 21:56:17 2013 +0200
fix typo in d18825150b042f7dbe2c25e85b1c0b6a949a663a
commit b4bbff0949ee9b5f225669b4cb6ec7058fc2e359
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 21:28:18 2013 +0200
init.debian.in: fix wrong variable expansion
commit 4d75cf59b1b8264294c0d95d6f282c59ce672b83
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 21:21:36 2013 +0200
plutorun: use correct variable for config file
commit 9664adc5d309055b1016d177f615aaf2241d69a4
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 21:18:30 2013 +0200
stackmanager: remove extra then and finalize cleanup
commit 982e36711df044604e48a1a700cd1940a4b4c202
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 20:36:09 2013 +0200
add changelog entry for bug#50
commit 6d534f25b26ade55c4c18c4029a85f7f610188bf
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 6 12:49:57 2013 -0500
KLIPS: fix kmod building for rhel/fedora spec file versioning with arch
commit c382317f1e21a0939a1f01d7e9f29efd81066f15
Merge: d5a9176 ec3054f
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 17:33:53 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit d5a917623ce2fb58ca254dd9013c7c7a5532aa70
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 17:31:00 2013 +0200
scripts: big script cleanup unifying coding style to new one where possible.
This cleanup also fixes multiple bugs in scripts.
Also this should fix libreswan bug #50.
commit ec3054f1c17e521adc38d452cfb9539c4a42fa65
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Mar 6 03:07:39 2013 -0500
* address re-entrancy
- add NOT RE-ENTRANT comments where evident
- make bitnamesofb() re-entrant
- add a jame_str function to do what people try to use strncpy for
- replace confusing global buffer diag_space with local variables
- convert some file-static variables to function-static
commit 5d4e8cd79e147ca6e64f65852230e71b0378e300
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Mar 6 02:04:03 2013 -0500
* tweak timetoa to make it more concise
commit 852a7c61cff495acbb1707cdb683f5bc4c787d65
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 14:49:36 2013 -0500
* testing: int/string issue in swan-prep
commit 418da26c1f5ffdd13cf3ea523bf7a69f295f6a17
Merge: 29999c3 896ff57
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 14:19:13 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 896ff57192f6846ef6864c5596d00ef200d76766
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 5 21:18:50 2013 +0200
pluto: fix IPCOMP logging to be easier to read
commit 29999c34453352a80feaad787fd8b2961998cd52
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 14:17:27 2013 -0500
* fixup recently introduced check for rekey=no plus dpdaction=restart
commit 4dde1771e5e89cd80 to implement this never triggered because it
confused conn->options_set[X] and conn->options[X]
commit a0e4dd1a3a854286deef1ef876b94ea17b5d31f7
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 14:11:35 2013 -0500
* testing: added testing/klips/fixups/cut-postfinal.sed
commit 79a9a9d9a951d8cdd8a69d28ed37c94b7e34bd4d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 13:35:28 2013 -0500
* lswconf.c: remove unused variable env
commit d18825150b042f7dbe2c25e85b1c0b6a949a663a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 13:33:44 2013 -0500
* ikev1.c: code cleanup - as suggested by dhr on the mailing list
commit eeaf4d5c2cbf8257cce3ed5715581ef8ce518c77
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 12:25:18 2013 -0500
* libswan/pluto: don't use localtime/gmtime - not thread safe
Instead use localtime_r/gmtime_r
This resolves a crasher when many rekeys with XAUTH are happening,
and the do_authentication() call in the threads are logging a lot.
commit 9ff70cbb08ecb00c045354f80c6d44a46b62078c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 11:52:49 2013 -0500
* testing: swan-prep: fix regression in killing old IKE daemons
commit 76ae9b534a24159f23da1fcc1043e14b3fa15192
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 00:11:25 2013 -0500
* testing: sync up test case work.
commit 2ed580d33b18ee5dbd66c30856fb81c2a2f9cc36
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 23:53:29 2013 -0500
* testing: dotest logs RESULT now.
commit 04e006fd6e97005599ebc0cb00d0dac79c376849
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 23:52:51 2013 -0500
* testing: swan-prep: don't use lstat, it throws exception.
commit ff4dfee2c2c5cdf2e20e5afff45f618b7de02e1f
Merge: ece0d94 d666696
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 17:58:17 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit ece0d94d7e2f699fe6779b70d3ddc554914310ca
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 17:57:41 2013 -0500
* testing: make stackmanager call path independant
commit d666696d755b4fbd58fd7f68621abd9b6734f3fd
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 16:03:27 2013 -0500
* testing: lstat / testname/dir fix.
commit 8d406e98dd1be3272f4bd424902b20e6f2da3b62
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 15:36:00 2013 -0500
* testing: run swan-prep in each test, to assist manual test runs
It has been taken from runkvm.py so it is easier to run test manually.
Some better checks for the /tmp/pluto.log softlink as well
commit 426c47723f6a96e1e9dac3a13b2c01c089b3fdd0
Merge: 7542cd1 a7ff698
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 11:13:06 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 7542cd1cb5eab5eab955d3d7f4eaf6eac84a46b8
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 11:10:40 2013 -0500
* testing: added four testcases for compression=
compress-pluto-01 is klips-klips with compress=yes
compress-pluto-02 is klips-klips with compress=yes/no mismatch (should fail)
compress-pluto-03 is netkey-netkey with compress=yes (should not fail but does)
compress-pluto-03 is klips-netkey with compress=yes (should not fail but does)
This shows a clear bug in kernel_netlink.[ch] with compress handling on NETKEY
(regression from osw 2.6.38)
commit a7ff69897209ccdc7ebaccb71d7e190190379e30
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 3 20:44:39 2013 +0200
update changes for rpm spec file changes
commit 506a0d3b97f353aba2cd2eed3ef0996aa245a95e
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 3 20:42:55 2013 +0200
packaging: add /etc/ipsec.d/crls and /etc/ipsec.d/cacerts dirs to rpm spec files
commit c821518211729228ee3b397632b7d24cf4dd9ea2
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 12:38:55 2013 -0500
* testing: fixups of basic-pluto-0[134]
commit b42987f38600d68f90fcd275362791c3af379343
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 12:10:30 2013 -0500
* testing: added host-prompt-sanitize.sed
commit 02c89c841f45e1acd9b90cd10626021589d4d0aa
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 11:54:39 2013 -0500
* testing: basic-pluto-01 dont run duplicate swan-prep
commit cd113d3d11be3027806c5435d3cd7352890074d9
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 11:49:39 2013 -0500
* testing: dotest.sh store RESULT in OUTPUT/
Also, at the start of the test, create the RESULT file with content "RUNNING"
commit 59cf5d47d2a04e442aa92897dab0b87dc0017c8b
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 00:47:23 2013 -0500
* testing: fix version sanitizer
commit d2692a785fb2c4637ca431b4cd883a43f275f6e2
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 00:46:22 2013 -0500
* testing: dotest.sh should pick different tcpdump iface for north tests
commit 6d1594d509e859f99f4859a4f057a20e488280ee
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 00:45:47 2013 -0500
* testing: fixed basic-pluto-03
commit cda1132a8e30d14d3c04ab287d81bf637cf974cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 23:32:16 2013 -0500
* testing: fixup klips-spi-sanitize.sed to replace all esp.XXXXX occurances
commit 6c95cc11947399a28f704148b579066e098b6af0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 22:37:40 2013 -0500
* testing: basic-pluto-03 converted to kvm style
commit 84327a996a94d1c79426c5742218c637b798d264
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 22:36:06 2013 -0500
* testing: sanitizer fixup for "Starting Pluto" without pid.
commit 3a28e178f34d460466306d0bc91a2f1ef6caec30
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 18:24:57 2013 -0500
* testing: dotest.sh would abort when nic was in use.
The following would terminate dotest.sh
if [ -n "$NIC_PID" ] ; then
kill -9 $NIC_PID
fi
Commented out
commit 16789b973974c0fff9a89876ba8d7130c9ca0bda
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 18:23:43 2013 -0500
* testing: remove lefnexthop= from left=%any setting in ipsec.conf.common
commit e78c346c1c2f2e0fb00c613fb04b51360732da14
Merge: f5b7db1 7f3fa6c
Author: Antony Antony <antony at phenome.org>
Date: Fri Mar 1 20:37:44 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 7f3fa6cc56c28a24cd4f71a7c77c6f3d0cc8de3d
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Mar 1 20:21:15 2013 +0200
fix: crlcheckinterval value is time, not number
commit 86fe4d1afa7a33de799c381e872b263f843110a8
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Feb 28 23:09:36 2013 -0500
* add comments describing protocol for Informational Exchange
commit 3d3594f5406260e91d8732cdbc9ccd20f87dbc67
Merge: a65a4e6 ab5d717
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Feb 28 23:07:10 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a65a4e6e21058c78bb6921b16c4568af326059ce
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Feb 28 23:01:36 2013 -0500
* struct msg_digest: clarify that some fields are only for ikev1 and some are only for ikev2
commit ab5d71709978bcdf4bed7d2927afc8f6c03aa571
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 18:08:26 2013 -0500
* stackmanager: don't do anything without kernel module support
commit 67de91d21fe22515a17fdc0878186dd49b7d7e84
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 10:46:51 2013 -0500
* testing: runkvm.py: give the prompt a 0.5ms margin to appear.
This secret sauce seems to make final.sh happier.
commit 9cee42c35d4ece93db1f8cadda6877d369b3b993
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 10:28:37 2013 -0500
* testing: runkvm.py Attempts to grab serial reduced from 200s to 20s
This was put in by mistake by me. Also removed the implicit default
for hostname to east
commit c7d0d0d5cf165b60be77dfb75d4fe40eacc79194
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 10:25:06 2013 -0500
* testing: runkvm.sh also needs full prompt for running final.sh
commit f50caa292f0de28efc2c5330fb9decd0e8b25ae4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 00:15:58 2013 -0500
* documentation: updated stock ipsec.conf file
commit 43e1428e8c5b070b2dd109a99ad3a4c718a8cacc
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 23:45:00 2013 -0500
* testing: Figured out the occasional mangling of lines!!
The cause was that we were waiting in the expect loop on the prompt
to return, to then send the next line. But the prompt was defined
as "root at hostname", even though it was "[root at hostname testname]# ".
probably the [] were left out because within expect that also has
meaning so you have to protect them using \[ and \]
With matching the full prompt now, I managed to run basic-pluto-01
5 times in a row without seeing the mangling anywhere.
commit eee8e35e170f32d9d9a568f141bb76668c660c8a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 23:44:14 2013 -0500
* testing: north gets a new raw rsa key that's in NSS
commit aad9f13140ed57b2c6f3fccb85682d0226d390fb
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 23:14:45 2013 -0500
* testing: remove unused virtinstall-base
commit 3dcf525c51d81c44b88bd389bc74fc2e671d05b5
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 22:59:58 2013 -0500
* testing: dotest.sh now logs results to testname/RESULT
commit ba895127bf6fa79d5f37d8b522f0d577b81aa24e
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 21:52:30 2013 -0500
* testing: Make dotest.sh and runkvm.py a little more robust
I was regularly seeing "hangs" and a failure for a test case to take
control of a VM. These changes resolve the hangs for me and improves
the output for humans to figure out what's going on.
We used the serial console to reboot a VM, now we use virsh reboot
directly. When we still had something running (eg ipsec auto --up retrying
a long time) our reboot command would never arrive.
Related, we now hit return and ctrl-c when reconnecting to the
VM. Additionally, we run stty sane because the console's tty insanity upon
reconnect seems to cause what we called "flow problems" in the output.
Use setproctitle to rename the runkvm.py processes (called python) to
"swankvm". This allows us to "killall swankvm" at the start of a test
to kill any lingering python scripts from previous runs. We also kill
any remaining tcpdump processes.
Prepend the prompt (hostname at testname:) for all output to the shell
running the test, to make it easier for the human to see which of the
running hosts is generating the output while the test is running. This
does not change the output in the test OUTPUT/ directory
wrap all child.expect() calls into a try: / except: statement, so we can
just throw a human readable error, instead of a python stack trace that
scrolls off the screen, especially when sharing a screen with 'screen'.
When expect is waiting on either the login: prompt or the root prompt,
act differently based on which we actually get back. Only attempt to
login when we did not get a root prompt.
Move deletion of /tmp/pluto.log and symlink from runkvm.py to swan-prep
Also reboot "nic" for each test so it properly clears the iptables and
conntrack tables.
Reduce the timeout values for expect so failing tests fail a little quicker.
Before this it would take minutes to fail.
Clearly notify failure/success for gaining access to a VM.
When hitting return to get a shell prompt, also attempt ctrl-c
commit 99767039c33ee7bf73fea5594dec339de4bc8f46
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 21:12:17 2013 -0500
* testing: basic-pluto-01 fix in eastinit.sh to use rm -f not rm -r
commit b00165aa6eb21bcbf016c25efbd6355afb3c969c
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Mon Feb 4 16:41:02 2013 +0100
* XAUTH: remove modecfg* from sa_policy_bit_names
They were only removed from pluto_policy in commit c015d1a038546a5c32d9a36d16462d490108e254.
commit 840b15e445a5544f8446d010f9d3ee3d16ca0f01
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 16:40:55 2013 -0500
* testing: basic-pluto-01 showed wrong policy name for SAREFTRACK and IKE_FRAG
commit 06564f0fff2d6ddd99e1e1da2d9064db36fabb9d
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 26 16:23:12 2013 +0200
Fix ipsec.secrets.5 man page name which was broken by
8a0165bd09ce2e7328abbc95dfab14b855f84526
commit f9039425c342523d86d43eb566e7024585c5c2fb
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:54:25 2013 -0500
* testing: fix harmless typo in dotest.sh
commit e82619d2410083e2f8b638d12acf0763ace382fa
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:43:03 2013 -0500
* testing: basic-pluto-01 now passes on bofh.nohats.ca.
commit dec81090c44f70a7225e33c068b1045d5c5e5681
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:38:01 2013 -0500
* testing: fixup of runkvm.py
I had introduced the skipping of lines starting with "#" a while ago
to fix text flow issues, but that caused us to not put in the markers
in the console log for # --- cut --- and # --- tuc --- and we would
end up with too much for the sanitized console.
runkvm.py also called ipsec whack shutdown, even though we do that already
in final.sh. At for non-pluto userlands it would need to be different anyway.
And for some tests (eg netkey) we want to test if the ip xfrm tables are
empty afterwards, so it is not neccessarily the last action we want to do.
So leave it up to final.sh to do the shutdown.
commit 0cdfdf67e0114ff12188b073cc72a8aac4e9d75b
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:30:51 2013 -0500
* testing: add esp.XXXXXXXX syntax to klips-spi-sanitize.sed
commit dd1ccbc6433488b2f2c4b39fda8e0925401b9eb6
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:29:52 2013 -0500
* testing: cut out kernel AVX/padlock detection messages in kern-list-fixups.sed
commit e29b8a5c04fb14a26c79db59f8919f4596ea4e3d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:29:06 2013 -0500
* testing: add EST and UTC timezones to ipsec-look-sanitize.sed
commit 17891b5bff97a4e77a6cd8c3859f8e6f6090377c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 25 22:59:36 2013 -0500
* testing: fix dotest.sh to properly find functions.sh
commit 5bee229727e8b59fb85b25d829893e8c7a03048b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 25 22:58:30 2013 -0500
* testing: libvirt: generate X509 certs, fixup libvirt net create, nic vm
commit b0332e34e0a704604ce9c02765e6c89d80bbcae1
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 25 22:58:04 2013 -0500
* testing: add host entries to VMs for north/west/east/road/nic
commit 80683a439e5190ba94c9556997c7b3a0f152ab7d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:26:50 2013 -0500
* testing: flat.conf fixups
commit e7aaedcd1ec1cf6f0a0a169ce874bb70bfed2796
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:24:55 2013 -0500
* testing: swan-prep needs glob and pexpect
commit 501596dfec6d4692030c9a39c39cc8a4bec0879d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:24:28 2013 -0500
* fixup ipsec.conf.common path
commit 7fe25c551be7566d25437495b0ed70e6861176c4
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:06:02 2013 -0500
* testing: initialise the nss database in swan-prep
commit 6c7a6a400579a235b9ffe9d7238a09467a0bee88
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:05:16 2013 -0500
* testing: add north to sanitizer
commit d38ad8a048a9ca3a93f7349474feb6ee53718c4c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 16:38:53 2013 -0500
* testing: remove default testname from swan-prep for autodetect, fix typo
commit 2fb6cd5073abd23633f8429cd42d246127341695
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 16:35:57 2013 -0500
* testing: support north as initiator
commit a5872b4fb00435df924079ca674ba4bc2ad395b0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 16:30:17 2013 -0500
* testing: fix all occurances of ipsec.common.conf
Fix them to point to /testing/baseconfigs/all/etc/ipsec.d/
commit 3df2893c9a3330762abd033269ee33745df00e2a
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 16:21:08 2013 -0500
* testing: add pexpect to VMs for Fedora 17
commit 77ee60ec235fbace1748d558ede4914c24c0f708
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 23 22:20:50 2013 -0500
* testing: pull up nat-pluto-01 from addresspool branch
commit 4dde1771e5e89cd80c60f97683659d6d1e3671b3
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 23 22:17:07 2013 -0500
* DPD: Do not allow dpdaction=restart/restart_by_peer for rekey=no
Do not allow DPD to restart/initiate a connection when the policy is
rekey=no. If this is configured by the user, log a message and use
the default dpdaction of "hold".
commit 62e53fd9a384c1b2faac2d066522864fe2e35520
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 23 21:38:55 2013 -0500
* NAT-T: Added more debugging lines in DBG_NATT category
commit f5b7db1472324b74bded8e73bb0b834eed6c6dbf
Merge: 087f529 211996f
Author: Antony Antony <antony at phenome.org>
Date: Fri Feb 22 13:07:56 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 211996f47a2efce92d656ddb95e85d967cc48254
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 22 00:27:07 2013 -0500
* testing: remove obsoletd netjig documentation
netjig was used with uml in the past, but the current kvm setup
does not use it anymore.
commit e1dfe1ad49caec945a439d1e158f302a9676f820
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 21 20:50:24 2013 -0500
* testing: filter STP from tcpdump
commit 23a4c0d9e497fe7875558e63a5b7624e9a5878bd
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 21 16:15:23 2013 -0500
* testing: Fix north's IP address and east's nexthop for east-north cases
The configuration and documentation (testnet.png) mismatched and caused
nat-pluto-01 to fail as north could not orient itself to its bogus IP
address.
commit 9c32f2fec0f77aafc198019ee30001fe7206feb4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 21 16:02:37 2013 -0500
* testing: fix paste error in gateway setting for north's baseconfig
commit d6bd8efb010727aaa3bb918f1ecad8545ea77d68
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 21 15:04:21 2013 -0500
* testing: swan-prep tries to determine testname on pwd if not specified
This saves us from needing to set/export TESTNAME and makes copying
test cases easier.
commit 3612a6dd5abd5b683bac41dc8094f99b2af9fc67
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 23:29:19 2013 +0200
rhel: fix debug package creation
commit 737734f8e2fd25180056936e78f915e97539759f
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 23:05:09 2013 +0200
rhel: libreswan.spec cleanup
commit be27d31e1e9997d2d48cada82f2b1f9a45548e08
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 11:11:46 2013 +0200
out_sa: fix syntax errors caused by 249fbd0eda68d71e466812ea8298dc28f6235d74
commit 9bcb72743bdd0b007ceb1873c4582f512985b1e8
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 00:08:29 2013 +0200
update CHANGES for X509: Warn 14 days before certificates expire
commit 747190592b92a4383d7095637e28a9c6dd2034c0
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 00:06:01 2013 +0200
checkpubkeys: warn 14 days before public keys expire
commit 62402104e4b280bf0deab23950d00ea0ed47cd06
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 19 20:35:18 2013 +0200
makerelease: fix git archive command to work with older git versions.
commit 2ca5e969c230eabdf3aae14154ec8333e7568123
Merge: d992d7b 1e9faef
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 15 14:12:48 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d992d7bb2ec313c63e77bd9de07af697b629ef5a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 15 14:11:45 2013 -0500
* DPD: Don't try to delete non-events
This happened only when we were just firing up the phase2. It was
ignored, so this is mostly a cosmetic fix.
commit 1e9faef52b7b4cea87adc43a78a0985c2c59a428
Merge: 9ad72f1 e7bb0e2
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 15 11:34:42 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 9ad72f16ccacd721c4c85d281843302a3594ea86
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 15 11:33:36 2013 -0500
* IKEv2: narrowing used a wrong port range in determining bestfit
This could lead to narrowed proposals failing.
commit e7bb0e20f3815d43c0cbbc4b973df1f59141a3a3
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Feb 15 00:48:01 2013 -0500
* in oakley_alg_makedb, gsp is already NULL enough (Coverity Scan)
commit f860cc7f360d34196c30ac408c275f608903b118
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Feb 14 23:44:01 2013 -0500
* fix type error in init_nat_traversal (found by Coverity)
commit e3570cae16ab9e6a111f0b12bafe2f96eb11d5f4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 22:06:11 2013 -0500
* fix for printing a ";" in ipsec auto --status
Introduced in 9ac4101f
commit 249fbd0eda68d71e466812ea8298dc28f6235d74
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 22:01:52 2013 -0500
* pluto: more missing checks for failing out_raw() / out_struct() calls
commit b67dbad175df9009a4bd4fb7c567a05956c4e9ab
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 15:37:47 2013 -0500
* xauth: fix indentation of CISCO_SPLIT_DNS and }
commit 5ac0162adc886f713f600671029c66c57567cf09
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 15:12:44 2013 -0500
* XAUTH: Added missing return code checks for out_struct/out_raw
We were not always checking the return code of out_struct() and
out_raw() in the xauth processing states. So we could have failed
to construct a part of the packet, and continued without returning
STF_INTERNAL_ERROR
commit 5b5576f6299de8f0b2e3c7099942c4c6bf9d6a18
Merge: f1c2510 158a418
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 13:39:01 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit f1c25101e80783cf1625f47c5c8724e626a3770d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 13:38:06 2013 -0500
* document the retransmits=yes|no option for the ipsec.conf man page
commit 158a418b7606b45f449c45df0815443d3668528d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 12:57:52 2013 -0500
* IANA: Added note about our PEN number 41286
commit 972f233ebd348c3c128417646d382dda88ebb448
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 21:07:18 2013 -0500
* testing: fix typo for "can't idenity INITIATOR"
commit 087f5293b82fe46e4eb23db1aeb3255b02c21637
Merge: a580f91 94669a3
Author: Antony Antony <antony at phenome.org>
Date: Wed Feb 13 03:30:51 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a580f917eff48c97f759f750a6ac797655904064
Author: Antony Antony <antony at phenome.org>
Date: Tue Feb 12 09:14:56 2013 +0200
*testing : add road dist_cert
runkvm won't run shutdown it could be in final.sh
More information about the Swan-commit
mailing list