Menu
▾
▴
[Audit-test-developer] IPsec - configuration vs. tests
|
From: Ondrej M. <om...@re...> - 2011-11-01 13:33:16
|
Hi Stephan,
audit-test contains configuration for the following IPsec testing scenarios:
1. ESP between TOE and itself over IPv4/TCP (TOE = Target of Evaluation,
NS = Network Server)
2. AH between TOE and NS over IPv4/TCP
3. ESP between TOE and itself over IPv4/UDP allowing SystemLow (s0) on
port 4300 only
4. ESP between TOE and itself over IPv4/UDP allowing SystemHigh
(s15:c0.c1023) on port 4301 only
5. AH between TOE and NS over IPv4/UDPallowing SystemLow (s0) on port
4300 only
6. AH between TOE and NS over IPv4/UDPallowing SystemHigh (s15:c0.c1023)
on port 4301only
7. ESP between TOE and itself over IPv6/TCP
8. AH between TOE and NS over IPv6/TCP
9. ESP between TOE and itself over IPv6/UDP allowing SystemLow (s0) on
port 4300 only
10.ESP between TOE and itself over IPv6/UDP allowing SystemHigh
(s15:c0.c1023) on port 4301 only
11.AH between TOE and NS over IPv6/UDPallowing SystemLow (s0) on port
4300 only
12. AH between TOE and NS over IPv6/UDPallowing SystemHigh
(s15:c0.c1023) on port 4301only
but IPsec test in trustedprograms (test_ipsec.bash) tests only scenarios
2 and 8. Configuration of IPsec comes from audit-test used in RHEL5, it
was just rewritten from ipsec-tools / setkey notation into openswan /
ip_xfrm notation. On RHEL5, IPsec test in trustedprograms
(test_racoon.bash) tests scenario 2 only. We have extended it to cover
scenario 8 as well. But remaining scenarios are not covered by IPsec
test trustedprograms (test_ipsec.bash) on RHEL6.
What is the meaning of the other testing scenarios (ie. {1..12} /
{2,8})? Is their configuration needed for some tests in networking
directory of audit-test? Are they supposed to be covered by ipsec test
in trustedprograms? Otherwise they are useless and they should be
removed them from ipsec configuration (which is performed, for instance,
on TOE by 'make netconfig').
--
Ondrej Moriš, RHCE
Quality Assurance Engineer
BaseOS QE - Security
Email: om...@re...
Web: www.cz.redhat.com
IRC: omoris at #qa #urt #brno, #penguins
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
|