[Swan-dev] XFRM IP ref-counting testing PR
Antony Antony
antony at phenome.org
Thu Jul 20 20:27:07 EEST 2023
On Thu, Jul 20, 2023 at 07:07:31PM +0200, Antony Antony wrote:
> Hi Brady,
>
> See some feedback from testing your latest branch, from an hour ago.
>
> On Thu, Jul 20, 2023 at 05:07:10PM +0200, Brady Johnson wrote:
> > Hello,
> >
> > I submit several patch sets to my XFRM IP ref-counting PR [0] in the past
> > few days. I fixed the assert/segfault that Antony reported on the PR, plus
> > several other fixes and improvements.
> >
> > I created a slide [1] explaining the manual testing I have performed.
> >
> > Can I get a code review of the PR, please.
>
>
> > I tried running the ikev2-xfrmi-15-interface-ip test that Antony created,
> > but it failed and there were lots and lots of differences.
>
> Huge diff is expected, because there is no reference console output in that
> test directory. I didn't not add east.console.txt and west.console.txt so
> diff will be huge.
>
> I just read the whole output until we are confident to commit reference
> output:) I noticed one error when adding connection in the test.
>
> ipsec add west
> 003 ERROR: "west": ip_addr_xfrmi_store_ips() ifinfo_response NULL
> 002 "west": added IKEv2 connection
>
> > But I still get failures when I run the basic tests like basic-pluto-01 on
> > the main branch with Fedora-38, so maybe there are problems with the test
> > suites???
> >
> > Here are the basic-pluto-01 errors I get on git main:
>
> add leftinterface-ip=192.0.1.251/24 in west.conf.
>
> interface-ip=192.0.1.251/24 will be rightinterface-ip=192.0.1.251/24 and no
> effect on west. In basic-pluto-01 west is left.
>
> Assuming configuration is correct I expect 3 hunks differences to basic-pluto-01.
>
> 1. ipsec look and xfrm policy should have something like the following line
>
> + if_id 0x1
>
> 2. xfrm state also should have the the same if_id
>
> + if_id 0x1
>
> 3. route should be point to ipsecX and not to via 192.1.2.23
>
> - 192.0.2.0/24 via 192.1.2.23 dev eth1
> + 192.0.1.0/24 dev ipsec1 proto kernel scope link src 192.0.1.251
> + 192.0.2.0/24 dev ipsec1 scope link
>
> "192.0.2.0/24 via 192.1.2.23 dev eth1" probably should be manually deleted
> check westinit.sh first line where I delete that route.
4. also expect diff in xfrm state depends on your config
+ output-mark 0x1/0xffffffff
More information about the Swan-dev
mailing list