X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=blobdiff_plain;f=testing%2Fdo-tests;h=fd5cfe61be9d9855b21bf93fa543e913f0afc041;hp=c87ba05a7e7079e9ab54252052188fdc08a7dbb1;hb=94ae1ac18e621a48ab1823447cf0bb6df29093e9;hpb=e873cb5a289f58100e2c5d9097e257fed77df602 diff --git a/testing/do-tests b/testing/do-tests index c87ba05..fd5cfe6 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -46,6 +46,7 @@ SOURCEIP_ROUTING_TABLE=220 testnumber="0" failed_cnt="0" passed_cnt="0" +subdir_cnt="0" ############################################################################## # copy default tests to $BUILDDIR @@ -111,6 +112,13 @@ done [ -f $SHAREDDIR/.strongswan-version ] && SWANVERSION=`cat $SHAREDDIR/.strongswan-version` KERNELVERSION=`ssh $SSHCONF root@\$ipv4_winnetou uname -r 2>/dev/null` +# check if tcpdump supports --immediate-mode +ssh $SSHCONF root@$ipv4_winnetou tcpdump --immediate-mode -c 1 >/dev/null 2>&1 +if [ $? -eq 0 ] +then + TCPDUMP_IM=--immediate-mode +fi + ############################################################################## # create header for the results html file # @@ -174,17 +182,25 @@ echo "strongSwan : $SWANVERSION" echo "Date : $TESTDATE" echo +############################################################################## +# trap CTRL-C to properly terminate a long run +# + +function abort_tests() +{ + echo -n "...aborting..." > /dev/tty + aborted=YES +} +trap abort_tests INT ############################################################################## # enter specific test directory # - if [ $# -gt 0 ] then - TESTS=$* + TESTS=$(printf "%s\n" $* | sort -u) else - # set internal field seperator - TESTS="`ls $DEFAULTTESTSDIR`" + TESTS=$(ls $DEFAULTTESTSDIR) fi for SUBDIR in $TESTS @@ -207,12 +223,18 @@ do else FIRST=" " fi + + if [ $subdir_cnt != 0 ] + then + echo " $subdir_cnt" >> $INDEX + echo "  " >> $INDEX + echo " " >> $INDEX + subdir_cnt="0" + fi echo " " >> $INDEX echo " $FIRST">> $INDEX echo " $SUBDIR" >> $INDEX - echo " x" >> $INDEX - echo "  " >> $INDEX - echo " " >> $INDEX + SUBTESTSINDEX=$TODAYDIR/$SUBDIR/index.html cat > $SUBTESTSINDEX <<@EOF @@ -252,6 +274,7 @@ do for name in $SUBTESTS do let "testnumber += 1" + let "subdir_cnt += 1" testname=$SUBDIR/$name log_action " $testnumber $testname:" @@ -334,7 +357,7 @@ do ########################################################################## - # copy test specific configurations to uml hosts and clear auth.log files + # copy test specific configurations to hosts and clear log files # DBDIR=/etc/db.d @@ -359,7 +382,7 @@ do do host=`echo $host_iface | awk -F ":" '{print $1}'` iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'` - tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain > /tmp/tcpdump.log 2>&1 &" + tcpdump_cmd="tcpdump -l $TCPDUMP_IM -i $iface not port ssh and not port domain >/tmp/tcpdump.log 2>/tmp/tcpdump.err.log &" echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG ssh $SSHCONF root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'` eval TDUP_${host}="true" @@ -387,6 +410,16 @@ do done ########################################################################## + # remove leak detective log on all hosts + # + + export LEAK_DETECTIVE_LOG=/var/log/leak-detective.log + for host in $STRONGSWANHOSTS + do + ssh $SSHCONF root@`eval echo \\\$ipv4_$host` 'rm -f $LEAK_DETECTIVE_LOG' >/dev/null 2>&1 + done + + ########################################################################## # flush IPsec state on all hosts # @@ -403,7 +436,7 @@ do echo -e "\nPRE-TEST\n" >> $CONSOLE_LOG 2>&1 eval `awk -F "::" '{ - if ($2 != "") + if ($1 !~ /^#.*/ && $2 != "") { printf("echo \"%s# %s\"; ", $1, $2) printf("ssh \044SSHCONF root@\044ipv4_%s \"%s\"; ", $1, $2) @@ -417,10 +450,12 @@ do # function stop_tcpdump { + # wait for packets to get processed, but don't wait longer than 1s + eval ssh $SSHCONF root@\$ipv4_${1} "\"i=100; while [ \\\$i -gt 0 ]; do pkill -USR1 tcpdump; tail -1 /tmp/tcpdump.err.log | perl -n -e '/(\\d+).*?(\\d+)/; exit (\\\$1 == \\\$2)' || break; sleep 0.01; i=\\\$((\\\$i-1)); done;\"" echo "${1}# killall tcpdump" >> $CONSOLE_LOG - eval ssh $SSHCONF root@\$ipv4_${1} killall tcpdump + eval ssh $SSHCONF root@\$ipv4_${1} "\"killall tcpdump; while true; do killall -q -0 tcpdump || break; sleep 0.01; done;\"" eval TDUP_${1}="false" - echo "" + echo "" >> $CONSOLE_LOG } @@ -438,7 +473,7 @@ do command=$2 pattern=$3 hit=$4 - if (command != "") + if (host !~ /^#.*/ && command != "") { if (command == "tcpdump") { @@ -461,18 +496,6 @@ do ########################################################################## - # set counters - # - - if [ $STATUS = "failed" ] - then - let "failed_cnt += 1" - else - let "passed_cnt += 1" - fi - - - ########################################################################## # log statusall and listall output # get copies of ipsec.conf, ipsec.secrets # create index.html for the given test case @@ -499,27 +522,44 @@ do $VIRTHOSTS @EOF + IPTABLES_CMD_V4="echo -e '=== filter table ==='; iptables -v -n -L; echo -e '\n=== nat table ==='; iptables -v -n -t nat -L; echo -e '\n=== mangle table ==='; iptables -v -n -t mangle -L" + IPTABLES_CMD_V6="echo -e '=== filter table ==='; ip6tables -v -n -L; echo -e '\n=== nat table ==='; ip6tables -v -n -t nat -L; echo -e '\n=== mangle table ==='; ip6tables -v -n -t mangle -L" + if [ -n "$IPV6" ] then IPROUTE_CMD="ip -6 route list table $SOURCEIP_ROUTING_TABLE" IPROUTE_DSP=$IPROUTE_CMD - IPTABLES_CMD="ip6tables -v -n -L" + IPTABLES_CMD="$IPTABLES_CMD_V6" IPTABLES_DSP="ip6tables -L" + IPTABLES_SAVE_CMD="ip6tables-save" + IPTABLES_SAVE_DSP="ip6tables-save" else IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE" IPROUTE_DSP=$IPROUTE_CMD - IPTABLES_CMD="iptables -v -n -L" + IPTABLES_CMD="$IPTABLES_CMD_V4" IPTABLES_DSP="iptables -L" + IPTABLES_SAVE_CMD="iptables-save" + IPTABLES_SAVE_DSP="iptables-save" fi if [ $name = "net2net-ip4-in-ip6-ikev2" -o $name = "net2net-ip6-in-ip4-ikev2" ] then IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE; echo; ip -6 route list table $SOURCEIP_ROUTING_TABLE" IPROUTE_DSP="ip (-6) route list table $SOURCEIP_ROUTING_TABLE" - IPTABLES_CMD="iptables -v -n -L ; echo ; ip6tables -v -n -L" + IPTABLES_CMD="$IPTABLES_CMD_V4; echo; $IPTABLES_CMD_V6" IPTABLES_DSP="iptables -L ; ip6tables -L" + IPTABLES_SAVE_CMD="iptables-save; echo; ip6tables-save" + IPTABLES_SAVE_DSP="iptables-save ; ip6tables-save" fi + for host in $DBHOSTS + do + eval HOSTLOGIN=root@\$ipv4_${host} + + scp $SSHCONF $HOSTLOGIN:/etc/db.d/ipsec.sql \ + $TESTRESULTDIR/${host}.ipsec.sql > /dev/null 2>&1 + done + for host in $IPSECHOSTS do eval HOSTLOGIN=root@\$ipv4_${host} @@ -531,15 +571,20 @@ do scp $SSHCONF $HOSTLOGIN:/etc/swanctl/swanctl.conf \ $TESTRESULTDIR/${host}.swanctl.conf > /dev/null 2>&1 - for subsys in conns certs pools authorities sas pols + for subsys in conns algs certs pools authorities sas pols do ssh $SSHCONF $HOSTLOGIN swanctl --list-$subsys \ > $TESTRESULTDIR/${host}.swanctl.$subsys 2>/dev/null done - # this is quite slow due to allocation stats via leak-detective ssh $SSHCONF $HOSTLOGIN swanctl --stats \ > $TESTRESULTDIR/${host}.swanctl.stats 2>/dev/null + + echo "" >> $TESTRESULTDIR/${host}.swanctl.sas + cat $TESTRESULTDIR/${host}.swanctl.pols >> \ + $TESTRESULTDIR/${host}.swanctl.sas + cat $TESTRESULTDIR/${host}.swanctl.algs >> \ + $TESTRESULTDIR/${host}.swanctl.stats else for file in ipsec.conf ipsec.secrets do @@ -552,9 +597,11 @@ do ssh $SSHCONF $HOSTLOGIN ipsec $command \ > $TESTRESULTDIR/${host}.$command 2>/dev/null done + fi - scp $SSHCONF $HOSTLOGIN:/etc/ipsec.d/ipsec.sql \ - $TESTRESULTDIR/${host}.ipsec.sql > /dev/null 2>&1 + if (! [ -f $TESTRESULTDIR/${host}.ipsec.sql ] ) then + scp $SSHCONF $HOSTLOGIN:/etc/ipsec.d/ipsec.sql \ + $TESTRESULTDIR/${host}.ipsec.sql > /dev/null 2>&1 fi ssh $SSHCONF $HOSTLOGIN ip -s xfrm policy \ @@ -565,6 +612,8 @@ do > $TESTRESULTDIR/${host}.ip.route 2>/dev/null ssh $SSHCONF $HOSTLOGIN $IPTABLES_CMD \ > $TESTRESULTDIR/${host}.iptables 2>/dev/null + ssh $SSHCONF $HOSTLOGIN $IPTABLES_SAVE_CMD \ + > $TESTRESULTDIR/${host}.iptables-save 2>/dev/null chmod a+r $TESTRESULTDIR/* if [ -n "$SWANCTL" ] @@ -578,16 +627,17 @@ do
  • swanctl.conf
  • swanctl --list-conns
  • swanctl --list-certs
  • -
  • swanctl --list-pools
  • strongswan.conf
  • +
  • ipsec.sql
  • @@ -597,7 +647,7 @@ do
  • ip -s xfrm state
  • $IPROUTE_DSP
  • $IPTABLES_DSP
  • -
  • auth.log
  • +
  • $IPTABLES_SAVE_DSP
  •   @@ -632,6 +682,7 @@ do
  • ip -s xfrm state
  • $IPROUTE_DSP
  • $IPTABLES_DSP
  • +
  • $IPTABLES_SAVE_DSP
  • @@ -697,15 +748,9 @@ do for host in $TCPDUMPHOSTS do - eval HOSTLOGIN=root@\$ipv4_${host} - - scp $SSHCONF $HOSTLOGIN:/tmp/tcpdump.log \ - $TESTRESULTDIR/${host}.tcpdump.log > /dev/null 2>&1 - cat >> $TESTRESULTDIR/index.html <<@EOF
  • $host tcpdump.log
  • @EOF - done cat >> $TESTRESULTDIR/index.html <<@EOF @@ -728,7 +773,7 @@ do echo -e "\nPOST-TEST\n" >> $CONSOLE_LOG 2>&1 eval `awk -F "::" '{ - if ($2 != "") + if ($1 !~ /^#.*/ && $2 != "") { printf("echo \"%s# %s\"; ", $1, $2) printf("ssh \044SSHCONF root@\044ipv4_%s \"%s\"; ", $1, $2) @@ -755,6 +800,25 @@ do fi done + + ########################################################################## + # make sure there were no leaks + # + + for host in $STRONGSWANHOSTS + do + eval HOSTLOGIN=root@\$ipv4_${host} + LEAKS=`ssh $SSHCONF $HOSTLOGIN 'cat $LEAK_DETECTIVE_LOG 2>/dev/null | grep -v "No leaks detected.*"'` + if [ -n "$LEAKS" ] + then + echo -e "\n$host# cat $LEAK_DETECTIVE_LOG [NO]" >> $CONSOLE_LOG + echo "$LEAKS" >> $CONSOLE_LOG + echo "<<< $host $LEAK_DETECTIVE_LOG >>>" >> $CONSOLE_LOG + STATUS="failed" + fi + done + + ########################################################################## # get a copy of /var/log/auth.log # @@ -787,10 +851,11 @@ do do if [ "`eval echo \\\$TDUP_${host}`" = "true" ] then - echo "${host}# killall tcpdump" >> $CONSOLE_LOG - eval ssh $SSHCONF root@\$ipv4_$host killall tcpdump - eval TDUP_${host}="false" + stop_tcpdump $host fi + eval HOSTLOGIN=root@\$ipv4_${host} + scp $SSHCONF $HOSTLOGIN:/tmp/tcpdump.log \ + $TESTRESULTDIR/${host}.tcpdump.log > /dev/null 2>&1 done ########################################################################## @@ -811,6 +876,18 @@ do ########################################################################## + # set counters + # + + if [ $STATUS = "failed" ] + then + let "failed_cnt += 1" + else + let "passed_cnt += 1" + fi + + + ########################################################################## # write test status to html file # testend=$(date +%s) @@ -854,6 +931,11 @@ do ssh $SSHCONF $HOSTLOGIN 'if [ -f /var/run/charon.pid ]; then rm /var/run/charon.pid; echo " removed charon.pid on `hostname`"; fi' done + if [ -n "$aborted" ] + then + break 2 + fi + done done @@ -881,6 +963,15 @@ cat >> $TESTRESULTSHTML << @EOF @EOF +if [ $subdir_cnt != 0 ] +then +cat >> $INDEX << @EOF + $subdir_cnt +   + +@EOF +fi + let "all_cnt = $passed_cnt + $failed_cnt" cat >> $INDEX << @EOF @@ -904,18 +995,7 @@ cat >> $INDEX << @EOF echo echo_ok "Passed : $passed_cnt" echo_failed "Failed : $failed_cnt" -echo - - -############################################################################## -# copy the test results to the apache server -# - -HTDOCS="/var/www" -ssh $SSHCONF root@${ipv4_winnetou} mkdir -p $HTDOCS/testresults > /dev/null 2>&1 -scp $SSHCONF -r $TODAYDIR root@${ipv4_winnetou}:$HTDOCS/testresults > /dev/null 2>&1 -ssh $SSHCONF root@${ipv4_winnetou} ln -s $HTDOCS/images $HTDOCS/testresults/$TESTDATE/images > /dev/null 2>&1 echo echo "The results are available in $TODAYDIR" echo "or via the link http://$ipv4_winnetou/testresults/$TESTDATE"