[Swan-dev] pointless test failures
D. Hugh Redelmeier
hugh at mimosa.com
Sun Jul 19 17:52:43 EEST 2015
netkey-audit-01:
In west.console.diff, I see:
+003 "ikev1-aggr": IKEv1 Aggressive Mode with PSK is vulnerable to dictionary attacks and is cracked on large scale by TLA's
I imagine that this is expected. Whoever changed this should fix the
reference output.
More troubling: a lot of messages like
-type=UNKNOWN[2408] msg=audit(XXX): pid=PID uid=0 auid=AUID ses=SES subj=system_u:system_r:init_t:s0 msg='op=....
seem to have disappeared from east and west.
Is this expected?
================
ikev2-01-fallback-ikev1:
east:
+000 "westnet-eastnet-ikev2-fallback": retransmit-interval: 9999ms; retransmit-timeout: 99s;
I imagine that this is expected. Whoever changed this should fix the
reference output.
west:
Same problem.
In addition, max number of retransmisssions seems to have changed,
resulting in a log change.
Whoever changed this should fix the reference output.
================
ikev2-05-basic-psk:
west:
Someone added an ipsec status command.
Whoever changed this should fix the reference output.
================
ikev2-delete-01 & ikev2-delete-01:
west:
a ref and refhim change. We don't know what this is about. I assume
that it is a false positive. We don't know how to eliminate this.
It has been suggested that this was due to a change I made. I have no
knowledge of this.
================
ikev2-12-x509-ikev1:
west:
-000 "westnet-eastnet-ikev2" #1: starting keying attempt 2 of an unlimited number, but releasing whack
+002 "westnet-eastnet-ikev2" #1: deleting state #1 (STATE_MAIN_I1)
This looks like an intentional change. Whoever changed this should
fix the reference output.
east & west:
List of certs changed
This looks like an intentional change. Whoever changed this should
fix the reference output.
================
At this point, it seems unrewarding for me to look at test results.
(Except for sore thumbs like core files.)
Please, folks, clean up the reference logs! Useless failures are a big
drain on all of us.
More information about the Swan-dev
mailing list