[Swan-dev] XFRM IP ref-counting testing PR

Fri Jul 21 12:22:54 EEST 2023

Antony,

Regarding the error you found in ip_addr_xfrmi_store_ips(), I fixed that
and pushed the change to the PR. It was a simple issue in
init_pluto_xfrmi(). It was trying to query the IPs on the interface before
the interface was created. I added a simple dev_exists_check() check to
only do that if the device exists.

I'll look into your suggestions for basic-pluto-01 now.

Regards,

*Brady Johnson*
Principal Software Engineer
Telco Solutions & Enablement
brady.johnson at redhat.com

On Thu, Jul 20, 2023 at 7:27 PM Antony Antony <antony at phenome.org> wrote:

> On Thu, Jul 20, 2023 at 07:07:31PM +0200, Antony Antony wrote:
> > Hi Brady,
> >
> > See some feedback from testing your latest branch, from an hour ago.
> >
> > On Thu, Jul 20, 2023 at 05:07:10PM +0200, Brady Johnson wrote:
> > > Hello,
> > >
> > > I submit several patch sets to my XFRM IP ref-counting PR [0] in the
> past
> > > few days. I fixed the assert/segfault that Antony reported on the PR,
> plus
> > > several other fixes and improvements.
> > >
> > > I created a slide [1] explaining the manual testing I have performed.
> > >
> > > Can I get a code review of the PR, please.
> >
> >
> > > I tried running the ikev2-xfrmi-15-interface-ip test that Antony
> created,
> > > but it failed and there were lots and lots of differences.
> >
> > Huge diff is expected, because there is no reference console output in
> that
> > test directory. I didn't not add east.console.txt and west.console.txt
> so
> > diff will be huge.
> >
> > I just read the whole output until we are confident to commit reference
> > output:) I noticed one error when adding connection in the test.
> >
> > ipsec add west
> > 003 ERROR: "west": ip_addr_xfrmi_store_ips() ifinfo_response NULL
> > 002 "west": added IKEv2 connection
> >
> > > But I still get failures when I run the basic tests like
> basic-pluto-01 on
> > > the main branch with Fedora-38, so maybe there are problems with the
> test
> > > suites???
> > >
> > > Here are the basic-pluto-01 errors I get on git main:
> >
> > add leftinterface-ip=192.0.1.251/24 in west.conf.
> >
> > interface-ip=192.0.1.251/24 will be rightinterface-ip=192.0.1.251/24
> and no
> > effect on west.  In basic-pluto-01 west is left.
> >
> > Assuming configuration is correct I expect 3 hunks differences to
> basic-pluto-01.
> >
> > 1. ipsec look and  xfrm policy should have something like the following
> line
> >
> > + if_id 0x1
> >
> > 2. xfrm state also should have the the same if_id
> >
> > + if_id 0x1
> >
> > 3. route should be point to ipsecX and not to via 192.1.2.23
> >
> > - 192.0.2.0/24 via 192.1.2.23 dev eth1
> > + 192.0.1.0/24 dev ipsec1 proto kernel scope link src 192.0.1.251
> > + 192.0.2.0/24 dev ipsec1 scope link
> >
> > "192.0.2.0/24 via 192.1.2.23 dev eth1" probably should be manually
> deleted
> > check westinit.sh first line where I delete that route.
>
> 4. also expect diff in xfrm state depends on your config
>
> +       output-mark 0x1/0xffffffff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20230721/84efd26a/attachment.htm>