[Swan-dev] test suite status
Paul Wouters
paul at nohats.ca
Sun Jun 18 17:02:03 UTC 2017
On Sun, 18 Jun 2017, Antony Antony wrote:
>> The problem was that the "ip xfrm pol" output had two issues:
>>
>> 1) pseudo random order of in/out/fwd entries in "ip xfrm pol" output
>> 2) Spurious extra 0.0.0.0/0 socket options line.
>
> this sounds like an iprovement.
> Is the state order is important? Isn't how how packet processing will find the state.
The order of the in/fwd/out of one IPse SA does not matter, as those are
different 'tables'. You are thinking of multiple IPsec SA's so we have
multiple in rules and multiple out rules and multiple fwd rules. In that
sense, you are right in that order matters, although only after
"priority".
This particular status output randomness is somehow caused by the
kernel's netlink spitting out in the order of install, and somehow
the order of install differs sometimes when we tell the kernel the
three SPD entries to insert.
> I wish "ipsec look" output change and the test output change was pushed together.
> For example you could run tests on a branch and merge them together.
I tried but kinda forgot about the ordering change.
Paul
More information about the Swan-dev
mailing list