[Swan-dev] testing: drifting reference logs
Paul Wouters
paul at nohats.ca
Wed Jan 7 05:52:50 EET 2015
On Tue, 6 Jan 2015, Andrew Cagney wrote:
> I'm not sure I completely follow:
>
> On 6 January 2015 at 13:32, Paul Wouters <paul at nohats.ca> wrote:
>
>>> 000
>>> 000 IKE algorithms supported:
>>> +000
>>> +000 [...]
>>> 000
>>
>>
>> The whole point of this output is to see it though. However, in a lot of
>> test cases we currently run just "ipsec status" and not "ipsec status |grep
>> conn name".
>
> It leaves critical bits such as:
>
> 000 Connection list:
> 000
> 000 "westnet-eastnet":
> 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24;
> unrouted; erout
> e owner: #0
> 000 "westnet-eastnet": oriented; my_ip=unset; their_ip=unset
> ...
>
> untouched. It just stripped out the supported IKE algorithm list
> which, I suspect, only needs to be tested once.
There is more in the "complete status output" like some features, IP
addresses bound, NAT usage, and compiled in features.
While you said "Let's filter the crypto stuff in most calls to ipsec
status" I say "Let's fix most ipsec status calls that only care about
the connection properties to only show the connection properties".
> A more focused command would certainly help.
Yes, we need one to display the "OE status" and the load in general,
and we need something that just says "these tunnels are up". possibly
all the information of a named connection but perhaps that's just
better dug out of this current status version.
Paul
More information about the Swan-dev
mailing list