| History log of /src/tests/net/if_ipsec |
| Revision | Date | Author | Comments |
| 1.4 | 25-Nov-2022 |
knakahara | Add ATF for unnumbered interfaces.
|
| 1.3 | 17-Jan-2019 |
knakahara | Add ATF for ipsecif(4) pfil.
|
| 1.2 | 25-Dec-2018 |
knakahara | Add ATF for NAT-T enabled ipsecif(4).
|
| 1.1 | 10-Jan-2018 |
knakahara | branches: 1.1.2; 1.1.4; 1.1.6;
add ipsec(4) interface ATF.
|
| 1.1.6.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.1.4.2 | 18-Jan-2019 |
pgoyette | Synch with HEAD
|
| 1.1.4.1 | 26-Dec-2018 |
pgoyette | Sync with HEAD, resolve a few conflicts
|
| 1.1.2.2 | 11-Feb-2018 |
snj | Pull up following revision(s) (requested by ozaki-r in ticket #536):
distrib/sets/lists/base/shl.mi: 1.825
distrib/sets/lists/comp/mi: 1.2168-1.2169
distrib/sets/lists/comp/shl.mi: 1.310
distrib/sets/lists/debug/mi: 1.234
distrib/sets/lists/debug/shl.mi: 1.188
distrib/sets/lists/man/mi: 1.1570
distrib/sets/lists/tests/mi: 1.772
etc/mtree/NetBSD.dist.tests: 1.150
share/man/man4/Makefile: 1.650
share/man/man4/ipsec.4: 1.42-1.43
share/man/man4/ipsecif.4: 1.1-1.5
sys/arch/amd64/conf/ALL: 1.77
sys/arch/amd64/conf/GENERIC: 1.480
sys/conf/files: 1.1191
sys/net/Makefile: 1.34
sys/net/files.net: 1.14
sys/net/if.c: 1.404
sys/net/if.h: 1.248
sys/net/if_gif.c: 1.135
sys/net/if_ipsec.c: 1.1-1.3
sys/net/if_ipsec.h: 1.1
sys/net/if_l2tp.c: 1.16
sys/net/if_types.h: 1.28
sys/netinet/in.c: 1.214
sys/netinet/in.h: 1.103
sys/netinet/in_gif.c: 1.92
sys/netinet/ip_var.h: 1.122
sys/netinet6/in6.c: 1.257
sys/netinet6/in6.h: 1.88
sys/netinet6/in6_gif.c: 1.90
sys/netinet6/ip6_var.h: 1.75
sys/netipsec/Makefile: 1.6
sys/netipsec/files.netipsec: 1.13
sys/netipsec/ipsec.h: 1.62
sys/netipsec/ipsecif.c: 1.1
sys/netipsec/ipsecif.h: 1.1
sys/netipsec/key.c: 1.246-1.247
sys/netipsec/key.h: 1.34
sys/rump/net/Makefile.rumpnetcomp: 1.20
sys/rump/net/lib/libipsec/IPSEC.ioconf: 1.1
sys/rump/net/lib/libipsec/Makefile: 1.1
sys/rump/net/lib/libipsec/ipsec_component.c: 1.1
tests/net/Makefile: 1.34
tests/net/if_ipsec/Makefile: 1.1
tests/net/if_ipsec/t_ipsec.sh: 1.1-1.2
Don't touch an SP without a reference to it
unify processing to check nesting count for some tunnel protocols.
add ipsec(4) interface, which is used for route-based VPN.
man and ATF are added later, please see man for details.
reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html
ipsec(4) interface supports rump now.
add ipsec(4) interface ATF.
add ipsec(4) interface man as ipsecif.4.
add ipsec(4) interface to amd64/GENERIC and amd64/ALL configs.
apply in{,6}_tunnel_validate() to gif(4).
Spell IPsec that way. Simplify macro usage. Sort SEE ALSO. Bump
date for previous.
Improve wording and macro use.
Some parts are not clear to me, so someone with knowledge of ipsecif(4)
should improve this some more.
Improve ipsecif.4. Default port ipsec(4) NAT-T is tested now.
pointed out by wiz@n.o and suggested by ozaki-r@n.o, thanks.
Change the prefix of test names to ipsecif_ to distinguish from tests for ipsec(4)
New sentence, new line. Remove empty macro.
Fix PR kern/52920. Pointed out by David Binderman, thanks.
Improve wording, and put a new drawing, from me and Kengo Nakahara.
apply a little more #ifdef INET/INET6. fixes !INET6 builds.
|
| 1.1.2.1 | 10-Jan-2018 |
snj | file Makefile was added on branch netbsd-8 on 2018-02-11 21:17:35 +0000
|
| 1.11 | 05-Aug-2020 |
knakahara | Fix missing "-m tranport" options. Pointed out by k-goda@IIJ.
Using any mode SA causes unepected call path, that is,
ipsec4_common_input_cb() calls ip_input() directly instead of
ipsecif4_input().
|
| 1.10 | 19-Aug-2019 |
ozaki-r | tests: use rump_server_add_iface to create interfaces
|
| 1.9 | 15-Jan-2019 |
knakahara | branches: 1.9.2;
Fix PR kern/53848. Add missing "ifconfig -w".
|
| 1.8 | 15-Jan-2019 |
knakahara | revert t_ipsec.sh:r1.7
|
| 1.7 | 11-Jan-2019 |
knakahara | workaround for PR kern/53848
|
| 1.6 | 10-Jan-2019 |
knakahara | tests/net/if_ipsec/t_ipsec disable dad. This may fix PR kern/53848
|
| 1.5 | 25-Dec-2018 |
knakahara | reduce debug messages when $DEBUG is not true.
|
| 1.4 | 13-Mar-2018 |
knakahara | branches: 1.4.2;
Enhance assertion ipsecif(4) ATF to avoid confusing setkey(8) error message.
When setkey(8) says "syntax error at [-E]", it must mean get_if_ipsec_unique()
failed.
|
| 1.3 | 01-Feb-2018 |
ozaki-r | branches: 1.3.2; 1.3.4;
Commonalize and add tests of creating/destroying interfaces
|
| 1.2 | 11-Jan-2018 |
ozaki-r | Change the prefix of test names to ipsecif_ to distinguish from tests for ipsec(4)
|
| 1.1 | 10-Jan-2018 |
knakahara | add ipsec(4) interface ATF.
|
| 1.3.4.3 | 18-Jan-2019 |
pgoyette | Synch with HEAD
|
| 1.3.4.2 | 26-Dec-2018 |
pgoyette | Sync with HEAD, resolve a few conflicts
|
| 1.3.4.1 | 15-Mar-2018 |
pgoyette | Synch with HEAD
|
| 1.3.2.4 | 13-Mar-2018 |
martin | Pull up following revision(s) (requested by knakahara in ticket #627):
sys/netipsec/ipsecif.c: revision 1.5
tests/net/if_ipsec/t_ipsec.sh: revision 1.4
sys/net/if_ipsec.c: revision 1.7
Fix IPv6 ipsecif(4) ATF regression, sorry.
There must *not* be padding between the src sockaddr and the dst sockaddr
after struct sadb_x_policy.
Comment out confusing (and incorrect) code and add comment. Pointed out by maxv@n.o, thanks.
Enhance assertion ipsecif(4) ATF to avoid confusing setkey(8) error message.
When setkey(8) says "syntax error at [-E]", it must mean get_if_ipsec_unique()
failed.
|
| 1.3.2.3 | 26-Feb-2018 |
snj | Pull up following revision(s) (requested by ozaki-r in ticket #572):
sys/net/if_bridge.c: 1.138, 1.148
tests/net/if_bridge/t_bridge.sh: 1.18
tests/net/if_gif/t_gif.sh: 1.12
tests/net/if_ipsec/t_ipsec.sh: 1.3
tests/net/if_l2tp/t_l2tp.sh: 1.4
tests/net/if_loop/t_basic.sh: 1.2
tests/net/if_pppoe/t_pppoe.sh: 1.18
tests/net/if_tap/t_tap.sh: 1.7
tests/net/if_tun/Makefile: 1.2
tests/net/if_tun/t_tun.sh: 1.5
tests/net/if_vlan/t_vlan.sh: 1.8
tests/net/net_common.sh: 1.26
Remove unnecessary splsoftnet
--
If the bridge is not running, don't call bridge_stop. Otherwise the
following commands will crash the kernel:
ifconfig bridge0 create
ifconfig bridge0 destroy
--
Commonalize and add tests of creating/destroying interfaces
|
| 1.3.2.2 | 11-Feb-2018 |
snj | Pull up following revision(s) (requested by ozaki-r in ticket #536):
distrib/sets/lists/base/shl.mi: 1.825
distrib/sets/lists/comp/mi: 1.2168-1.2169
distrib/sets/lists/comp/shl.mi: 1.310
distrib/sets/lists/debug/mi: 1.234
distrib/sets/lists/debug/shl.mi: 1.188
distrib/sets/lists/man/mi: 1.1570
distrib/sets/lists/tests/mi: 1.772
etc/mtree/NetBSD.dist.tests: 1.150
share/man/man4/Makefile: 1.650
share/man/man4/ipsec.4: 1.42-1.43
share/man/man4/ipsecif.4: 1.1-1.5
sys/arch/amd64/conf/ALL: 1.77
sys/arch/amd64/conf/GENERIC: 1.480
sys/conf/files: 1.1191
sys/net/Makefile: 1.34
sys/net/files.net: 1.14
sys/net/if.c: 1.404
sys/net/if.h: 1.248
sys/net/if_gif.c: 1.135
sys/net/if_ipsec.c: 1.1-1.3
sys/net/if_ipsec.h: 1.1
sys/net/if_l2tp.c: 1.16
sys/net/if_types.h: 1.28
sys/netinet/in.c: 1.214
sys/netinet/in.h: 1.103
sys/netinet/in_gif.c: 1.92
sys/netinet/ip_var.h: 1.122
sys/netinet6/in6.c: 1.257
sys/netinet6/in6.h: 1.88
sys/netinet6/in6_gif.c: 1.90
sys/netinet6/ip6_var.h: 1.75
sys/netipsec/Makefile: 1.6
sys/netipsec/files.netipsec: 1.13
sys/netipsec/ipsec.h: 1.62
sys/netipsec/ipsecif.c: 1.1
sys/netipsec/ipsecif.h: 1.1
sys/netipsec/key.c: 1.246-1.247
sys/netipsec/key.h: 1.34
sys/rump/net/Makefile.rumpnetcomp: 1.20
sys/rump/net/lib/libipsec/IPSEC.ioconf: 1.1
sys/rump/net/lib/libipsec/Makefile: 1.1
sys/rump/net/lib/libipsec/ipsec_component.c: 1.1
tests/net/Makefile: 1.34
tests/net/if_ipsec/Makefile: 1.1
tests/net/if_ipsec/t_ipsec.sh: 1.1-1.2
Don't touch an SP without a reference to it
unify processing to check nesting count for some tunnel protocols.
add ipsec(4) interface, which is used for route-based VPN.
man and ATF are added later, please see man for details.
reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html
ipsec(4) interface supports rump now.
add ipsec(4) interface ATF.
add ipsec(4) interface man as ipsecif.4.
add ipsec(4) interface to amd64/GENERIC and amd64/ALL configs.
apply in{,6}_tunnel_validate() to gif(4).
Spell IPsec that way. Simplify macro usage. Sort SEE ALSO. Bump
date for previous.
Improve wording and macro use.
Some parts are not clear to me, so someone with knowledge of ipsecif(4)
should improve this some more.
Improve ipsecif.4. Default port ipsec(4) NAT-T is tested now.
pointed out by wiz@n.o and suggested by ozaki-r@n.o, thanks.
Change the prefix of test names to ipsecif_ to distinguish from tests for ipsec(4)
New sentence, new line. Remove empty macro.
Fix PR kern/52920. Pointed out by David Binderman, thanks.
Improve wording, and put a new drawing, from me and Kengo Nakahara.
apply a little more #ifdef INET/INET6. fixes !INET6 builds.
|
| 1.3.2.1 | 01-Feb-2018 |
snj | file t_ipsec.sh was added on branch netbsd-8 on 2018-02-11 21:17:35 +0000
|
| 1.4.2.2 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.4.2.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.9.2.1 | 10-Nov-2020 |
martin | Pull up following revision(s) (requested by knakahara in ticket #1129):
tests/net/if_ipsec/t_ipsec_pfil.sh: revision 1.3
tests/net/if_ipsec/t_ipsec.sh: revision 1.11
tests/net/if_ipsec/t_ipsec_natt.sh: revision 1.4
tests/net/if_ipsec/t_ipsec_natt.sh: revision 1.5
tests/net/ipsec/t_ipsec_natt.sh: revision 1.4
tests/net/ipsec/t_ipsec_natt.sh: revision 1.5
tests/net/ipsec/common.sh: revision 1.8
Typo in error message
Refactor a little and follow new format of "npfctl list".
Fix the below ATF failures.
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_null
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_rijndaelcbc
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_null
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_rijndaelcbc
ok'ed by ozaki-r@n.o, thanks.
Fix missing "-m tranport" options. Pointed out by k-goda@IIJ.
Using any mode SA causes unepected call path, that is,
ipsec4_common_input_cb() calls ip_input() directly instead of
ipsecif4_input().
|
| 1.5 | 05-Jun-2020 |
knakahara | Refactor a little and follow new format of "npfctl list".
Fix the below ATF failures.
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_null
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_rijndaelcbc
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_null
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_rijndaelcbc
ok'ed by ozaki-r@n.o, thanks.
|
| 1.4 | 01-Jun-2020 |
martin | Typo in error message
|
| 1.3 | 19-Aug-2019 |
ozaki-r | tests: use rump_server_add_iface to create interfaces
|
| 1.2 | 26-Dec-2018 |
knakahara | branches: 1.2.2; 1.2.4; 1.2.6;
Add ATF for ipsecif(4) which connect to two peers in the same NAPT.
|
| 1.1 | 25-Dec-2018 |
knakahara | Add ATF for NAT-T enabled ipsecif(4).
|
| 1.2.6.1 | 10-Nov-2020 |
martin | Pull up following revision(s) (requested by knakahara in ticket #1129):
tests/net/if_ipsec/t_ipsec_pfil.sh: revision 1.3
tests/net/if_ipsec/t_ipsec.sh: revision 1.11
tests/net/if_ipsec/t_ipsec_natt.sh: revision 1.4
tests/net/if_ipsec/t_ipsec_natt.sh: revision 1.5
tests/net/ipsec/t_ipsec_natt.sh: revision 1.4
tests/net/ipsec/t_ipsec_natt.sh: revision 1.5
tests/net/ipsec/common.sh: revision 1.8
Typo in error message
Refactor a little and follow new format of "npfctl list".
Fix the below ATF failures.
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_null
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_rijndaelcbc
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_null
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_rijndaelcbc
ok'ed by ozaki-r@n.o, thanks.
Fix missing "-m tranport" options. Pointed out by k-goda@IIJ.
Using any mode SA causes unepected call path, that is,
ipsec4_common_input_cb() calls ip_input() directly instead of
ipsecif4_input().
|
| 1.2.4.3 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.2.4.2 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.2.4.1 | 26-Dec-2018 |
christos | file t_ipsec_natt.sh was added on branch phil-wifi on 2019-06-10 22:10:09 +0000
|
| 1.2.2.3 | 18-Jan-2019 |
pgoyette | Synch with HEAD
|
| 1.2.2.2 | 26-Dec-2018 |
pgoyette | Sync with HEAD, resolve a few conflicts
|
| 1.2.2.1 | 26-Dec-2018 |
pgoyette | file t_ipsec_natt.sh was added on branch pgoyette-compat on 2018-12-26 14:02:10 +0000
|
| 1.3 | 05-Aug-2020 |
knakahara | Fix missing "-m tranport" options. Pointed out by k-goda@IIJ.
Using any mode SA causes unepected call path, that is,
ipsec4_common_input_cb() calls ip_input() directly instead of
ipsecif4_input().
|
| 1.2 | 19-Aug-2019 |
ozaki-r | tests: use rump_server_add_iface to create interfaces
|
| 1.1 | 17-Jan-2019 |
knakahara | branches: 1.1.2; 1.1.4; 1.1.6;
Add ATF for ipsecif(4) pfil.
|
| 1.1.6.1 | 10-Nov-2020 |
martin | Pull up following revision(s) (requested by knakahara in ticket #1129):
tests/net/if_ipsec/t_ipsec_pfil.sh: revision 1.3
tests/net/if_ipsec/t_ipsec.sh: revision 1.11
tests/net/if_ipsec/t_ipsec_natt.sh: revision 1.4
tests/net/if_ipsec/t_ipsec_natt.sh: revision 1.5
tests/net/ipsec/t_ipsec_natt.sh: revision 1.4
tests/net/ipsec/t_ipsec_natt.sh: revision 1.5
tests/net/ipsec/common.sh: revision 1.8
Typo in error message
Refactor a little and follow new format of "npfctl list".
Fix the below ATF failures.
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_null
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_rijndaelcbc
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_null
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_rijndaelcbc
ok'ed by ozaki-r@n.o, thanks.
Fix missing "-m tranport" options. Pointed out by k-goda@IIJ.
Using any mode SA causes unepected call path, that is,
ipsec4_common_input_cb() calls ip_input() directly instead of
ipsecif4_input().
|
| 1.1.4.3 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.1.4.2 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.1.4.1 | 17-Jan-2019 |
christos | file t_ipsec_pfil.sh was added on branch phil-wifi on 2019-06-10 22:10:09 +0000
|
| 1.1.2.2 | 18-Jan-2019 |
pgoyette | Synch with HEAD
|
| 1.1.2.1 | 17-Jan-2019 |
pgoyette | file t_ipsec_pfil.sh was added on branch pgoyette-compat on 2019-01-18 08:51:00 +0000
|
| 1.2 | 27-Sep-2023 |
knakahara | Update for sys/net/if_ipsec.c:r1.35
|
| 1.1 | 25-Nov-2022 |
knakahara | branches: 1.1.2;
Add ATF for unnumbered interfaces.
|
| 1.1.2.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by knakahara in ticket #378):
tests/net/if_ipsec/t_ipsec_unnumbered.sh: revision 1.2
sys/net/if_ipsec.c: revision 1.35
sys/netipsec/key.c: revision 1.281
Use kmem_free instead of kmem_intr_free, as key_freesaval() is not called in softint after key.c:r1.223.
E.g. key_freesaval() was called the following call path before SAD MP-ify.
esp_input_cb()
KEY_FREESAV()
key_freesav()
key_delsav()
key_freesaval()
ok'ed by ozaki-r@n.o.
Use unit id instead of if_index to reduce fixed_reqid space.
Update for sys/net/if_ipsec.c:r1.35
|
