[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: [redhat-lspp] TAHI test results on lspp 44 kernel

From: Fernando T Medrano <ftmedran us ibm com>
To: Venkat Yekkirala <vyekkirala TrustedCS com>
Cc: redhat-lspp redhat com
Subject: RE: [redhat-lspp] TAHI test results on lspp 44 kernel
Date: Tue, 11 Jul 2006 17:49:00 -0500

There were corresponding avc messages in /var/log/messages, but would 
policy matter since I am running in permissive?  Also, if I run with 
NET_XFRM disabled I wont be able to run the IPSec tests, is that what you 
are suggesting?

I plan to run the tests against an upstream kernel to see if there are any 
discrepancies.

Thanks
Fernando Medrano




Venkat Yekkirala <vyekkirala TrustedCS com> 
07/11/2006 03:49 PM

To
Fernando T Medrano/Austin/IBM IBMUS, redhat-lspp redhat com
cc

Subject
RE: [redhat-lspp] TAHI test results on lspp 44 kernel






Have you noticed corresponding avc messages in /var/log/messages or the 
audit log? If so, adding appropriate SELinux policy might take care of the 
respective failures. If not, I would rebuild the kernel with NET_XFRM 
disabled, and rerun the tests to see if the NET_XFRM code is the culprit. 
Thanks.
-----Original Message-----
From: Fernando T Medrano [mailto:ftmedran us ibm com]
Sent: Tuesday, July 11, 2006 2:34 PM
To: redhat-lspp redhat com
Subject: [redhat-lspp] TAHI test results on lspp 44 kernel

Hi,

I have run the TAHI test suite against the lspp44 kernel (permissive) and 
thought some might be interested in the results. Since the results are 
quite extensive I'm just posting a summary, but let me know if you are 
interested in more details.

There are some tests that failed, but I am not sure what has been 
implemented in the kernel and what is expected to fail at this point.


IPv6 Conformance Test For IPv6 Specification - All tests passed
IPv6 Conformance Test For ICMPv6 - All tests passed

IPv6 Conformance Test For Neighbor Discovery - Following tests failed
-Redirect vs Neighbor Unreachability Detection; Redirect to a host 
-Redirect vs Neighbor Unreachability Detection; Redirect to a better 
router
-Redirect vs NA w/ RFlag=0 #2
-Redirect vs RA w/ RouterLifetime=0 #2
-Redirect vs NONCE

IPv6 Conformance Test For Stateless Address Configuration -All tests 
passed

IPv6 Conformance Test For Path MTU Discovery -Following tests failed
-Check receiving RA with MTU Option

IPv6 Conformance Test For Default Router Selection -Most tests failed

IPv6 Conformance Test For IPv6 IPsec -Following tests failed
-Detect modification of DstOpt header option data after AH
-Connect two SA bundles with same spi, same IPsrc, different protocol

Conformance Test For IPv6(UDP) IPsec -All tests passed

Conformance Test For IPv4 IPsec -Following tests failed
-Connect two SA bundles with same spi, same IPsrc, different protocol

Conformance Test For IPv4(UDP) IPsec -Following tests failed
-Connect two SA bundles with same spi, same IPsrc, different protocol

IPv6 Conformance Test For DNS Discovery -Both test fail, but proper 
initialization not confirmed

IPv6 Conformance Test For IPv6 over IPv4 Tunnel -All tests fail, but 
proper initialization not confirmed

IPv6 robustness test -Following tests failed
-Fragment packets with Overlap data(UDP)



Thanks.

Fernando Medrano

References:
- RE: [redhat-lspp] TAHI test results on lspp 44 kernel
  - From: Venkat Yekkirala

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]