From: Ondrej M. <om...@re...> - 2011-11-01 13:33:16
|
Hi Stephan, audit-test contains configuration for the following IPsec testing scenarios: 1. ESP between TOE and itself over IPv4/TCP (TOE = Target of Evaluation, NS = Network Server) 2. AH between TOE and NS over IPv4/TCP 3. ESP between TOE and itself over IPv4/UDP allowing SystemLow (s0) on port 4300 only 4. ESP between TOE and itself over IPv4/UDP allowing SystemHigh (s15:c0.c1023) on port 4301 only 5. AH between TOE and NS over IPv4/UDPallowing SystemLow (s0) on port 4300 only 6. AH between TOE and NS over IPv4/UDPallowing SystemHigh (s15:c0.c1023) on port 4301only 7. ESP between TOE and itself over IPv6/TCP 8. AH between TOE and NS over IPv6/TCP 9. ESP between TOE and itself over IPv6/UDP allowing SystemLow (s0) on port 4300 only 10.ESP between TOE and itself over IPv6/UDP allowing SystemHigh (s15:c0.c1023) on port 4301 only 11.AH between TOE and NS over IPv6/UDPallowing SystemLow (s0) on port 4300 only 12. AH between TOE and NS over IPv6/UDPallowing SystemHigh (s15:c0.c1023) on port 4301only but IPsec test in trustedprograms (test_ipsec.bash) tests only scenarios 2 and 8. Configuration of IPsec comes from audit-test used in RHEL5, it was just rewritten from ipsec-tools / setkey notation into openswan / ip_xfrm notation. On RHEL5, IPsec test in trustedprograms (test_racoon.bash) tests scenario 2 only. We have extended it to cover scenario 8 as well. But remaining scenarios are not covered by IPsec test trustedprograms (test_ipsec.bash) on RHEL6. What is the meaning of the other testing scenarios (ie. {1..12} / {2,8})? Is their configuration needed for some tests in networking directory of audit-test? Are they supposed to be covered by ipsec test in trustedprograms? Otherwise they are useless and they should be removed them from ipsec configuration (which is performed, for instance, on TOE by 'make netconfig'). -- Ondrej Moriš, RHCE Quality Assurance Engineer BaseOS QE - Security Email: om...@re... Web: www.cz.redhat.com IRC: omoris at #qa #urt #brno, #penguins Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic |