Home | History | Annotate | Download | only in ipsec
History log of /src/tests/net/ipsec/t_ipsec_natt.sh
RevisionDateAuthorComments
 1.5  05-Jun-2020  knakahara Refactor a little and follow new format of "npfctl list".

Fix the below ATF failures.
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_null
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_rijndaelcbc
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_null
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_rijndaelcbc

ok'ed by ozaki-r@n.o, thanks.
 1.4  01-Jun-2020  martin Typo in error message
 1.3  19-Aug-2019  ozaki-r tests: use rump_server_add_iface to create interfaces
 1.2  22-Nov-2018  knakahara branches: 1.2.2;
Add ATF for IPv6 NAT-T.

We use IPv6 NAT-T to avoid IPsec slowing down caused by dropping ESP packets
by some Customer Premises Equipments (CPE). I implement ATF to test such
situation.

I think it can also work with nat66, but I have not tested to the fine details.
 1.1  30-Oct-2017  ozaki-r branches: 1.1.2; 1.1.4; 1.1.6;
Add test cases of NAT-T (transport mode)

A small C program is added to make a special socket (UDP_ENCAP_ESPINUDP)
and keep it to handle UDP-encapsulated ESP packets.
 1.1.6.2  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.1.6.1  10-Jun-2019  christos Sync with HEAD
 1.1.4.1  26-Nov-2018  pgoyette Sync with HEAD, resolve a couple of conflicts
 1.1.2.2  17-Nov-2017  snj Pull up following revision(s) (requested by ozaki-r in ticket #357):
distrib/sets/lists/debug/mi: 1.228
distrib/sets/lists/tests/mi: 1.765-1.766
etc/mtree/NetBSD.dist.tests: 1.149
sys/net/npf/npf_ctl.c: 1.49
tests/net/ipsec/Makefile: 1.10
tests/net/ipsec/algorithms.sh: 1.6
tests/net/ipsec/natt_terminator.c: 1.1
tests/net/ipsec/t_ipsec_natt.sh: 1.1
tests/net/net_common.sh: 1.23-1.24
usr.sbin/npf/npfctl/npfctl.c: 1.54
Handle esp-udp for NAT-T
--
Fix npfclt reload on rump kernels
It fails because npfctl cannot get an errno when it calls ioctl to the (rump)
kernel; npfctl (libnpf) expects that an errno is returned via proplib,
however, the rump library of npf doesn't so. It happens because of mishandlings
of complicate npf kernel options.
PR kern/52643
--
Fix showing translated port (ntohs-ed twice wrongly)
--
Add test cases of NAT-T (transport mode)
A small C program is added to make a special socket (UDP_ENCAP_ESPINUDP)
and keep it to handle UDP-encapsulated ESP packets.
--
Add net/ipsec debug lib directory
--
Add ./usr/libdata/debug/usr/tests/net/ipsec
--
Stop using bpfjit
Because most architectures don't support it and npf still works without it.
 1.1.2.1  30-Oct-2017  snj file t_ipsec_natt.sh was added on branch netbsd-8 on 2017-11-17 20:43:11 +0000
 1.2.2.1  10-Nov-2020  martin Pull up following revision(s) (requested by knakahara in ticket #1129):

tests/net/if_ipsec/t_ipsec_pfil.sh: revision 1.3
tests/net/if_ipsec/t_ipsec.sh: revision 1.11
tests/net/if_ipsec/t_ipsec_natt.sh: revision 1.4
tests/net/if_ipsec/t_ipsec_natt.sh: revision 1.5
tests/net/ipsec/t_ipsec_natt.sh: revision 1.4
tests/net/ipsec/t_ipsec_natt.sh: revision 1.5
tests/net/ipsec/common.sh: revision 1.8

Typo in error message

Refactor a little and follow new format of "npfctl list".

Fix the below ATF failures.
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_null
- net/if_ipsec/t_ipsec_natt:ipsecif_natt_transport_rijndaelcbc
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_null
- net/ipsec/t_ipsec_natt:ipsec_natt_transport_ipv4_rijndaelcbc
ok'ed by ozaki-r@n.o, thanks.

Fix missing "-m tranport" options. Pointed out by k-goda@IIJ.

Using any mode SA causes unepected call path, that is,
ipsec4_common_input_cb() calls ip_input() directly instead of
ipsecif4_input().

RSS XML Feed