[Swan-dev] testing shutdowns of pluto?

Andrew Cagney andrew.cagney at gmail.com
Wed Jul 27 15:51:55 UTC 2016

On 27 July 2016 at 05:49, Paul Wouters <paul at nohats.ca> wrote:
> hi,
> I think we are seeing a few false positives if during final.sh (or just
> after it when one end is still executing final.sh) one end shut down and
> sends a delete/notify to the other. It can be processed before in
> final.sh it runs ipsec look, which then shows up as a missing IPsec SA.


According to:
kvmrunner ran the scripts in the order:
  INFO t1.runner nflog-01-global 1:30:36.794/1:58.900: running
scripts: east:eastinit.sh west:westinit.sh west:westrun.sh
east:final.sh west:final.sh

i.e., the below was first run on east:

ipsec look
: ==== cut ====
ipsec auto --status
: ==== tuc ====
ipsec stop
# show no nflog left behind
iptables -L -n
if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv
/tmp/core* OUTPUT/; fi
if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
: ==== end ====

and then, once it finished, it was then run on west.

Since the final.sh scripts are no longer being run in parallel, the
output may actually be stable - assuming "ipsec stop" blocks until
things shut down.

> For example:
> http://testing.libreswan.org/results/testing/2016-07-26-1948-3.18dr3-207-g57f5c49-dirty-master/nflog-01-global/OUTPUT/west.console.diff
> http://testing.libreswan.org/results/testing/2016-07-26-1948-3.18dr3-207-g57f5c49-dirty-master/nflog-03-conns/OUTPUT/east.console.diff

> This was probably one reason to not call shutdown in final.sh mostly,
> although some testcases need to do some specific test and do that,
> such as the nflog ones.
> Paul
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list