[Swan-dev] XFRM IP ref-counting testing PR

Antony Antony antony at phenome.org
Thu Jul 20 20:27:07 EEST 2023 

On Thu, Jul 20, 2023 at 07:07:31PM +0200, Antony Antony wrote:
> Hi Brady,
> 
> See some feedback from testing your latest branch, from an hour ago.
> 
> On Thu, Jul 20, 2023 at 05:07:10PM +0200, Brady Johnson wrote:
> > Hello,
> > 
> > I submit several patch sets to my XFRM IP ref-counting PR [0] in the past
> > few days. I fixed the assert/segfault that Antony reported on the PR, plus
> > several other fixes and improvements.
> > 
> > I created a slide [1] explaining the manual testing I have performed.
> > 
> > Can I get a code review of the PR, please.
> 
> 
> > I tried running the ikev2-xfrmi-15-interface-ip test that Antony created,
> > but it failed and there were lots and lots of differences.
> 
> Huge diff is expected, because there is no reference console output in that 
> test directory. I didn't not add east.console.txt and west.console.txt so 
> diff will be huge.
> 
> I just read the whole output until we are confident to commit reference 
> output:) I noticed one error when adding connection in the test.
> 
> ipsec add west
> 003 ERROR: "west": ip_addr_xfrmi_store_ips() ifinfo_response NULL
> 002 "west": added IKEv2 connection
> 
> > But I still get failures when I run the basic tests like basic-pluto-01 on
> > the main branch with Fedora-38, so maybe there are problems with the test
> > suites???
> > 
> > Here are the basic-pluto-01 errors I get on git main:
> 
> add leftinterface-ip=192.0.1.251/24 in west.conf.
> 
> interface-ip=192.0.1.251/24 will be rightinterface-ip=192.0.1.251/24 and no 
> effect on west.  In basic-pluto-01 west is left.
> 
> Assuming configuration is correct I expect 3 hunks differences to basic-pluto-01.
> 
> 1. ipsec look and  xfrm policy should have something like the following line
> 
> + if_id 0x1
> 
> 2. xfrm state also should have the the same if_id
> 
> + if_id 0x1
> 
> 3. route should be point to ipsecX and not to via 192.1.2.23
> 
> - 192.0.2.0/24 via 192.1.2.23 dev eth1
> + 192.0.1.0/24 dev ipsec1 proto kernel scope link src 192.0.1.251
> + 192.0.2.0/24 dev ipsec1 scope link
> 
> "192.0.2.0/24 via 192.1.2.23 dev eth1" probably should be manually deleted
> check westinit.sh first line where I delete that route.

4. also expect diff in xfrm state depends on your config

+	output-mark 0x1/0xffffffff

More information about the Swan-dev mailing list