[Swan-dev] testing: drifting reference logs
Paul Wouters
paul at nohats.ca
Tue Jan 6 20:32:02 EET 2015
On Tue, 6 Jan 2015, Andrew Cagney wrote:
> Perhaps the attached sanitizer will help. It changes this:
>
> 000
> 000 IKE algorithms supported:
> -000
> -000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3,
> v2name=3DES, blocksize=8, keydeflen=192
> -000 algorithm IKE encrypt: v1id=24, v1name=OAKLEY_CAMELLIA_CTR,
> v2id=24, v2name=CAMELLIA_CTR, blocksize=16, keydeflen=128
> -000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC,
> v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
> -000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13,
> v2name=AES_CTR, blocksize=16, keydeflen=128
> -000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12,
> v2name=AES_CBC, blocksize=16, keydeflen=128
> -000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC,
> v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
> -000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC,
> v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
> -000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH,
> v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
> -000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashlen=16
> -000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashlen=20
> -000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashlen=32
> -000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashlen=48
> -000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashlen=64
> -000 algorithm IKE hash: id=9, name=DISABLED-OAKLEY_AES_XCBC, hashlen=16
> -000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
> -000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
> -000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
> -000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
> -000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
> -000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
> -000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
> -000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
> -000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
> -000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
> 000
>
> to this:
>
> 000
> 000 IKE algorithms supported:
> +000
> +000 [...]
> 000
The whole point of this output is to see it though. However, in a lot of
test cases we currently run just "ipsec status" and not
"ipsec status |grep conn name". I've slowly started to migrate tests
over. The idea here is that only for specific test cases do we want
to see the above output. For example the AES_CTR libreswan test (but
not for the ctr libreswan interop test)
In the next few weeks we will also work on an "ipsec status" like
command that will list more specific things in a more terse format,
without it being basically a pluto variable dump. So perhaps more
calls to ipsec status can be changed to this new command over time.
Paul
More information about the Swan-dev
mailing list