[Swan-dev] testing: drifting reference logs

Andrew Cagney andrew.cagney at gmail.com
Tue Jan 6 21:56:57 EET 2015


I'm not sure I completely follow:

On 6 January 2015 at 13:32, Paul Wouters <paul at nohats.ca> wrote:

>> 000
>> 000 IKE algorithms supported:
>> +000
>> +000 [...]
>> 000
>
>
> The whole point of this output is to see it though. However, in a lot of
> test cases we currently run just "ipsec status" and not "ipsec status |grep
> conn name".

It leaves critical bits such as:

000 Connection list:
000
000 "westnet-eastnet":
192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24;
unrouted; erout
e owner: #0
000 "westnet-eastnet":     oriented; my_ip=unset; their_ip=unset
...

untouched.   It just stripped out the supported IKE algorithm list
which, I suspect, only needs to be tested once.

> over. The idea here is that only for specific test cases do we want
> to see the above output. For example the AES_CTR libreswan test (but
> not for the ctr libreswan interop test)
>
> In the next few weeks we will also work on an "ipsec status" like
> command that will list more specific things in a more terse format,
> without it being basically a pluto variable dump. So perhaps more
> calls to ipsec status can be changed to this new command over time.

A more focused command would certainly help.


More information about the Swan-dev mailing list