[Swan-dev] XFRM IP ref-counting testing PR
Antony Antony
antony at phenome.org
Thu Jul 20 20:07:29 EEST 2023
Hi Brady,
See some feedback from testing your latest branch, from an hour ago.
On Thu, Jul 20, 2023 at 05:07:10PM +0200, Brady Johnson wrote:
> Hello,
>
> I submit several patch sets to my XFRM IP ref-counting PR [0] in the past
> few days. I fixed the assert/segfault that Antony reported on the PR, plus
> several other fixes and improvements.
>
> I created a slide [1] explaining the manual testing I have performed.
>
> Can I get a code review of the PR, please.
> I tried running the ikev2-xfrmi-15-interface-ip test that Antony created,
> but it failed and there were lots and lots of differences.
Huge diff is expected, because there is no reference console output in that
test directory. I didn't not add east.console.txt and west.console.txt so
diff will be huge.
I just read the whole output until we are confident to commit reference
output:) I noticed one error when adding connection in the test.
ipsec add west
003 ERROR: "west": ip_addr_xfrmi_store_ips() ifinfo_response NULL
002 "west": added IKEv2 connection
> But I still get failures when I run the basic tests like basic-pluto-01 on
> the main branch with Fedora-38, so maybe there are problems with the test
> suites???
>
> Here are the basic-pluto-01 errors I get on git main:
add leftinterface-ip=192.0.1.251/24 in west.conf.
interface-ip=192.0.1.251/24 will be rightinterface-ip=192.0.1.251/24 and no
effect on west. In basic-pluto-01 west is left.
Assuming configuration is correct I expect 3 hunks differences to basic-pluto-01.
1. ipsec look and xfrm policy should have something like the following line
+ if_id 0x1
2. xfrm state also should have the the same if_id
+ if_id 0x1
3. route should be point to ipsecX and not to via 192.1.2.23
- 192.0.2.0/24 via 192.1.2.23 dev eth1
+ 192.0.1.0/24 dev ipsec1 proto kernel scope link src 192.0.1.251
+ 192.0.2.0/24 dev ipsec1 scope link
"192.0.2.0/24 via 192.1.2.23 dev eth1" probably should be manually deleted
check westinit.sh first line where I delete that route.
> $ more west.console.diff
> --- west.console.txt 2023-07-20 14:40:01.926847087 +0000
> +++ OUTPUT/west.console.txt 2023-07-20 14:51:24.049038460 +0000
> @@ -209,8 +209,8 @@
> iptables filter TABLE
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> -ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 policy match
> dir in pol ipsec
> -DROP all -- 192.0.2.0/24 0.0.0.0/0
> +ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 policy match
> dir in pol ipsec
> +DROP 0 -- 192.0.2.0/24 0.0.0.0/0
the above diff appear due difference between KVM and namespace and not
actually working xfrmi and leftinterface-ip. Refrence is output from kvm.
More information about the Swan-dev
mailing list