summaryrefslogtreecommitdiff
path: root/testing
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2015-10-22 11:43:58 +0200
committerYves-Alexis Perez <corsac@debian.org>2015-10-22 11:43:58 +0200
commit5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (patch)
tree037f1ec5bb860846938ddcf29771c24e9c529be0 /testing
parentb238cf34df3fe4476ae6b7012e7cb3e9769d4d51 (diff)
downloadvyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.tar.gz
vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.zip
Imported Upstream version 5.3.3
Diffstat (limited to 'testing')
-rw-r--r--testing/config/kernel/config-4.12201
-rw-r--r--testing/config/kernel/config-4.22266
-rw-r--r--testing/config/kvm/moon.xml5
-rw-r--r--testing/config/kvm/sun.xml5
-rwxr-xr-xtesting/do-tests81
-rw-r--r--testing/hosts/alice/etc/raddb/certs/aaaCert.pem34
-rw-r--r--testing/hosts/alice/etc/raddb/certs/aaaKey.pem50
-rw-r--r--testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.derbin2094 -> 2086 bytes
-rw-r--r--testing/hosts/winnetou/etc/openssl/index.txt3
-rw-r--r--testing/hosts/winnetou/etc/openssl/index.txt.old3
-rw-r--r--testing/hosts/winnetou/etc/openssl/newcerts/33.pem25
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/index.txt3
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/index.txt.old3
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/newcerts/0C.pem24
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/serial.old2
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/index.txt3
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/index.txt.old3
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/newcerts/0A.pem24
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/serial.old2
-rw-r--r--testing/hosts/winnetou/etc/openssl/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/serial.old2
-rwxr-xr-xtesting/scripts/build-guestkernel26
-rwxr-xr-xtesting/scripts/function.sh2
-rw-r--r--testing/scripts/recipes/013_strongswan.mk3
-rwxr-xr-xtesting/start-testing1
-rw-r--r--testing/testing.conf8
-rw-r--r--testing/tests/ha/both-active/evaltest.dat4
-rw-r--r--testing/tests/ha/both-active/hosts/alice/etc/iptables.rules4
-rw-r--r--testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf3
-rw-r--r--testing/tests/ha/both-active/hosts/moon/etc/iptables.rules4
-rw-r--r--testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf3
-rw-r--r--testing/tests/ha/both-active/pretest.dat1
-rwxr-xr-xtesting/tests/ikev1/nat-virtual-ip/hosts/moon/etc/nat_updown10
-rw-r--r--testing/tests/ikev2/alg-chacha20poly1305/description.txt5
-rw-r--r--testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat13
-rw-r--r--testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/ipsec.conf22
-rw-r--r--testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ikev2/alg-chacha20poly1305/posttest.dat4
-rw-r--r--testing/tests/ikev2/alg-chacha20poly1305/pretest.dat6
-rw-r--r--testing/tests/ikev2/alg-chacha20poly1305/test.conf21
-rw-r--r--testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat2
-rw-r--r--testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem16
-rw-r--r--testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem18
-rwxr-xr-xtesting/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown10
-rwxr-xr-xtesting/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown10
-rwxr-xr-xtesting/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown10
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat1
-rw-r--r--testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/modules/sim_files3
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/pretest.dat2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/test.conf4
-rwxr-xr-xtesting/tests/ikev2/rw-mark-in-out/hosts/sun/etc/mark_updown10
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.derbin2094 -> 2086 bytes
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.derbin2172 -> 2175 bytes
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.derbin2094 -> 2086 bytes
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.derbin2173 -> 2179 bytes
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.derbin2094 -> 2086 bytes
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.derbin2190 -> 2200 bytes
-rw-r--r--testing/tests/ikev2/trap-any/description.txt7
-rw-r--r--testing/tests/ikev2/trap-any/evaltest.dat33
-rw-r--r--testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf16
-rw-r--r--testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.secrets1
-rw-r--r--testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf18
-rw-r--r--testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.secrets1
-rw-r--r--testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.secrets1
-rw-r--r--testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf25
-rw-r--r--testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.secrets1
-rw-r--r--testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/trap-any/posttest.dat4
-rw-r--r--testing/tests/ikev2/trap-any/pretest.dat5
-rw-r--r--testing/tests/ikev2/trap-any/test.conf21
-rw-r--r--testing/tests/ipv6/host2host-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/host2host-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/net2net-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/net2net-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/transport-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/transport-ikev2/test.conf4
-rwxr-xr-xtesting/tests/libipsec/host2host-cert/hosts/moon/etc/updown10
-rwxr-xr-xtesting/tests/libipsec/host2host-cert/hosts/sun/etc/updown10
-rwxr-xr-xtesting/tests/libipsec/net2net-3des/hosts/moon/etc/updown10
-rwxr-xr-xtesting/tests/libipsec/net2net-3des/hosts/sun/etc/updown10
-rwxr-xr-xtesting/tests/libipsec/net2net-cert/hosts/moon/etc/updown10
-rwxr-xr-xtesting/tests/libipsec/net2net-cert/hosts/sun/etc/updown10
-rwxr-xr-xtesting/tests/libipsec/rw-suite-b/hosts/carol/etc/updown10
-rwxr-xr-xtesting/tests/libipsec/rw-suite-b/hosts/dave/etc/updown10
-rwxr-xr-xtesting/tests/libipsec/rw-suite-b/hosts/moon/etc/updown10
-rw-r--r--testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf4
-rw-r--r--testing/tests/sql/multi-level-ca/hosts/carol/etc/ipsec.d/data.sql~190
-rw-r--r--testing/tests/sql/multi-level-ca/hosts/dave/etc/ipsec.d/data.sql~193
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/description.txt13
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/evaltest.dat19
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf16
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/carol/etc/swanctl/swanctl.conf33
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf16
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/dave/etc/swanctl/swanctl.conf34
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf16
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/moon/etc/swanctl/swanctl.conf31
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/posttest.dat8
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/pretest.dat9
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/test.conf25
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/description.txt12
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/evaltest.dat19
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf17
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/carol/etc/swanctl/swanctl.conf40
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf17
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/dave/etc/swanctl/swanctl.conf41
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf17
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/moon/etc/swanctl/swanctl.conf38
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/posttest.dat14
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/pretest.dat15
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/test.conf29
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/description.txt6
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/test.conf4
-rwxr-xr-xtesting/tests/swanctl/ip-pool/description.txt11
-rwxr-xr-xtesting/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/swanctl/ip-pool/pretest.dat7
-rwxr-xr-xtesting/tests/swanctl/ip-pool/test.conf4
-rw-r--r--testing/tests/swanctl/multi-level-ca/description.txt7
-rw-r--r--testing/tests/swanctl/multi-level-ca/evaltest.dat19
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf14
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/rsa/carolKey.pem27
-rwxr-xr-xtesting/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/swanctl.conf31
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509/carolCert.pem25
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509ca/researchCert.pem23
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf14
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/rsa/daveKey.pem27
-rwxr-xr-xtesting/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/swanctl.conf31
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509/daveCert.pem24
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509ca/salesCert.pem22
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/moon/etc/ipsec.conf31
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf15
-rwxr-xr-xtesting/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/swanctl.conf58
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/x509ca/researchCert.pem23
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/x509ca/salesCert.pem22
-rw-r--r--testing/tests/swanctl/multi-level-ca/posttest.dat8
-rw-r--r--testing/tests/swanctl/multi-level-ca/pretest.dat8
-rw-r--r--testing/tests/swanctl/multi-level-ca/test.conf25
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/test.conf4
-rwxr-xr-xtesting/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-route/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-route/test.conf4
-rwxr-xr-xtesting/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-start/pretest.dat5
-rwxr-xr-xtesting/tests/swanctl/net2net-start/test.conf4
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/description.txt10
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/evaltest.dat26
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf15
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/rsa/carolKey.pem27
-rwxr-xr-xtesting/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/swanctl.conf39
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/x509/carolCert.pem25
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/x509ca/researchCert.pem23
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf15
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/rsa/daveKey.pem27
-rwxr-xr-xtesting/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/swanctl.conf39
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/x509/daveCert.pem24
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/x509ca/salesCert.pem22
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/ipsec.conf31
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf15
-rwxr-xr-xtesting/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/swanctl.conf68
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/x509ca/researchCert.pem23
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/x509ca/salesCert.pem22
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/posttest.dat8
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/pretest.dat8
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/test.conf25
-rwxr-xr-xtesting/tests/swanctl/rw-cert/evaltest.dat4
-rwxr-xr-xtesting/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-cert/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-cert/test.conf4
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/description.txt6
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/evaltest.dat14
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf17
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf40
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf17
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf40
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf17
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf38
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/posttest.dat8
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/pretest.dat9
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/test.conf25
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/test.conf4
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/test.conf4
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/description.txt11
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/evaltest.dat19
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/apache2/sites-available/default26
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem25
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem27
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.secrets3
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/pts/data1.sql61
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongTNC/settings.ini19
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf35
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/tnc_config3
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/ipsec.conf24
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf158
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/tnc_config4
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/ipsec.conf24
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf117
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/tnc_config4
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/ipsec.conf33
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/ipsec.secrets3
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/iptables.rules36
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf14
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat8
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat17
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/test.conf26
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem34
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem50
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem34
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem50
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf~34
252 files changed, 7801 insertions, 750 deletions
diff --git a/testing/config/kernel/config-4.1 b/testing/config/kernel/config-4.1
new file mode 100644
index 000000000..9cd28ca8e
--- /dev/null
+++ b/testing/config/kernel/config-4.1
@@ -0,0 +1,2201 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Linux/x86 4.1.0 Kernel Configuration
+#
+CONFIG_64BIT=y
+CONFIG_X86_64=y
+CONFIG_X86=y
+CONFIG_INSTRUCTION_DECODER=y
+CONFIG_PERF_EVENTS_INTEL_UNCORE=y
+CONFIG_OUTPUT_FORMAT="elf64-x86-64"
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
+CONFIG_LOCKDEP_SUPPORT=y
+CONFIG_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_LATENCYTOP_SUPPORT=y
+CONFIG_MMU=y
+CONFIG_NEED_DMA_MAP_STATE=y
+CONFIG_NEED_SG_DMA_LENGTH=y
+CONFIG_GENERIC_ISA_DMA=y
+CONFIG_GENERIC_BUG=y
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
+CONFIG_GENERIC_HWEIGHT=y
+CONFIG_ARCH_MAY_HAVE_PC_FDC=y
+CONFIG_RWSEM_XCHGADD_ALGORITHM=y
+CONFIG_GENERIC_CALIBRATE_DELAY=y
+CONFIG_ARCH_HAS_CPU_RELAX=y
+CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
+CONFIG_HAVE_SETUP_PER_CPU_AREA=y
+CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
+CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
+CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_SUSPEND_POSSIBLE=y
+CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
+CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
+CONFIG_ZONE_DMA32=y
+CONFIG_AUDIT_ARCH=y
+CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
+CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
+CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
+CONFIG_ARCH_SUPPORTS_UPROBES=y
+CONFIG_FIX_EARLYCON_MEM=y
+CONFIG_PGTABLE_LEVELS=4
+CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_EXTABLE_SORT=y
+
+#
+# General setup
+#
+CONFIG_BROKEN_ON_SMP=y
+CONFIG_INIT_ENV_ARG_LIMIT=32
+CONFIG_CROSS_COMPILE=""
+# CONFIG_COMPILE_TEST is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
+CONFIG_HAVE_KERNEL_GZIP=y
+CONFIG_HAVE_KERNEL_BZIP2=y
+CONFIG_HAVE_KERNEL_LZMA=y
+CONFIG_HAVE_KERNEL_XZ=y
+CONFIG_HAVE_KERNEL_LZO=y
+CONFIG_HAVE_KERNEL_LZ4=y
+CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_BZIP2 is not set
+# CONFIG_KERNEL_LZMA is not set
+# CONFIG_KERNEL_XZ is not set
+# CONFIG_KERNEL_LZO is not set
+# CONFIG_KERNEL_LZ4 is not set
+CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_SWAP=y
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+CONFIG_CROSS_MEMORY_ATTACH=y
+# CONFIG_FHANDLE is not set
+CONFIG_USELIB=y
+# CONFIG_AUDIT is not set
+CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+
+#
+# IRQ subsystem
+#
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_GENERIC_IRQ_LEGACY_ALLOC_HWIRQ=y
+CONFIG_IRQ_DOMAIN=y
+CONFIG_GENERIC_MSI_IRQ=y
+CONFIG_IRQ_FORCED_THREADING=y
+CONFIG_SPARSE_IRQ=y
+CONFIG_CLOCKSOURCE_WATCHDOG=y
+CONFIG_ARCH_CLOCKSOURCE_DATA=y
+CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
+CONFIG_GENERIC_TIME_VSYSCALL=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
+CONFIG_GENERIC_CMOS_UPDATE=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
+# CONFIG_IRQ_TIME_ACCOUNTING is not set
+CONFIG_BSD_PROCESS_ACCT=y
+# CONFIG_BSD_PROCESS_ACCT_V3 is not set
+# CONFIG_TASKSTATS is not set
+
+#
+# RCU Subsystem
+#
+CONFIG_TINY_RCU=y
+CONFIG_SRCU=y
+# CONFIG_TASKS_RCU is not set
+# CONFIG_RCU_STALL_COMMON is not set
+# CONFIG_TREE_RCU_TRACE is not set
+CONFIG_RCU_KTHREAD_PRIO=0
+# CONFIG_RCU_EXPEDITE_BOOT is not set
+CONFIG_BUILD_BIN2C=y
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=14
+CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
+CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
+CONFIG_ARCH_SUPPORTS_INT128=y
+# CONFIG_CGROUPS is not set
+# CONFIG_CHECKPOINT_RESTORE is not set
+CONFIG_NAMESPACES=y
+# CONFIG_UTS_NS is not set
+# CONFIG_IPC_NS is not set
+# CONFIG_USER_NS is not set
+# CONFIG_PID_NS is not set
+# CONFIG_NET_NS is not set
+# CONFIG_SCHED_AUTOGROUP is not set
+# CONFIG_SYSFS_DEPRECATED is not set
+# CONFIG_RELAY is not set
+# CONFIG_BLK_DEV_INITRD is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_SYSCTL=y
+CONFIG_ANON_INODES=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
+CONFIG_BPF=y
+# CONFIG_EXPERT is not set
+CONFIG_MULTIUSER=y
+CONFIG_SGETMASK_SYSCALL=y
+CONFIG_SYSFS_SYSCALL=y
+# CONFIG_SYSCTL_SYSCALL is not set
+CONFIG_KALLSYMS=y
+# CONFIG_KALLSYMS_ALL is not set
+CONFIG_PRINTK=y
+CONFIG_BUG=y
+CONFIG_ELF_CORE=y
+CONFIG_PCSPKR_PLATFORM=y
+CONFIG_BASE_FULL=y
+CONFIG_FUTEX=y
+CONFIG_EPOLL=y
+CONFIG_SIGNALFD=y
+CONFIG_TIMERFD=y
+CONFIG_EVENTFD=y
+# CONFIG_BPF_SYSCALL is not set
+CONFIG_SHMEM=y
+CONFIG_AIO=y
+CONFIG_ADVISE_SYSCALLS=y
+CONFIG_PCI_QUIRKS=y
+# CONFIG_EMBEDDED is not set
+CONFIG_HAVE_PERF_EVENTS=y
+
+#
+# Kernel Performance Events And Counters
+#
+CONFIG_PERF_EVENTS=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
+CONFIG_VM_EVENT_COUNTERS=y
+CONFIG_COMPAT_BRK=y
+CONFIG_SLAB=y
+# CONFIG_SLUB is not set
+# CONFIG_PROFILING is not set
+CONFIG_HAVE_OPROFILE=y
+CONFIG_OPROFILE_NMI_TIMER=y
+# CONFIG_JUMP_LABEL is not set
+# CONFIG_UPROBES is not set
+# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
+CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
+CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_HAVE_IOREMAP_PROT=y
+CONFIG_HAVE_KPROBES=y
+CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_OPTPROBES=y
+CONFIG_HAVE_KPROBES_ON_FTRACE=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_DMA_ATTRS=y
+CONFIG_HAVE_DMA_CONTIGUOUS=y
+CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
+CONFIG_HAVE_DMA_API_DEBUG=y
+CONFIG_HAVE_HW_BREAKPOINT=y
+CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
+CONFIG_HAVE_USER_RETURN_NOTIFIER=y
+CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_PERF_REGS=y
+CONFIG_HAVE_PERF_USER_STACK_DUMP=y
+CONFIG_HAVE_ARCH_JUMP_LABEL=y
+CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
+CONFIG_HAVE_CMPXCHG_LOCAL=y
+CONFIG_HAVE_CMPXCHG_DOUBLE=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_HAVE_CC_STACKPROTECTOR=y
+CONFIG_CC_STACKPROTECTOR=y
+# CONFIG_CC_STACKPROTECTOR_NONE is not set
+CONFIG_CC_STACKPROTECTOR_REGULAR=y
+# CONFIG_CC_STACKPROTECTOR_STRONG is not set
+CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
+CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
+CONFIG_HAVE_ARCH_HUGE_VMAP=y
+CONFIG_HAVE_ARCH_SOFT_DIRTY=y
+CONFIG_MODULES_USE_ELF_RELA=y
+CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
+CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
+
+#
+# GCOV-based kernel profiling
+#
+CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
+# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
+CONFIG_SLABINFO=y
+CONFIG_RT_MUTEXES=y
+CONFIG_BASE_SMALL=0
+# CONFIG_MODULES is not set
+CONFIG_BLOCK=y
+# CONFIG_BLK_DEV_BSG is not set
+# CONFIG_BLK_DEV_BSGLIB is not set
+# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_CMDLINE_PARSER is not set
+
+#
+# Partition Types
+#
+# CONFIG_PARTITION_ADVANCED is not set
+CONFIG_MSDOS_PARTITION=y
+CONFIG_EFI_PARTITION=y
+
+#
+# IO Schedulers
+#
+CONFIG_IOSCHED_NOOP=y
+CONFIG_IOSCHED_DEADLINE=y
+CONFIG_IOSCHED_CFQ=y
+# CONFIG_DEFAULT_DEADLINE is not set
+CONFIG_DEFAULT_CFQ=y
+# CONFIG_DEFAULT_NOOP is not set
+CONFIG_DEFAULT_IOSCHED="cfq"
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
+CONFIG_INLINE_READ_UNLOCK=y
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
+CONFIG_INLINE_WRITE_UNLOCK=y
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
+CONFIG_ARCH_USE_QUEUE_RWLOCK=y
+CONFIG_FREEZER=y
+
+#
+# Processor type and features
+#
+CONFIG_ZONE_DMA=y
+# CONFIG_SMP is not set
+CONFIG_X86_FEATURE_NAMES=y
+CONFIG_X86_MPPARSE=y
+CONFIG_X86_EXTENDED_PLATFORM=y
+# CONFIG_X86_GOLDFISH is not set
+# CONFIG_X86_INTEL_LPSS is not set
+# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
+CONFIG_IOSF_MBI=y
+CONFIG_SCHED_OMIT_FRAME_POINTER=y
+# CONFIG_HYPERVISOR_GUEST is not set
+CONFIG_NO_BOOTMEM=y
+# CONFIG_MK8 is not set
+# CONFIG_MPSC is not set
+CONFIG_MCORE2=y
+# CONFIG_MATOM is not set
+# CONFIG_GENERIC_CPU is not set
+CONFIG_X86_INTERNODE_CACHE_SHIFT=6
+CONFIG_X86_L1_CACHE_SHIFT=6
+CONFIG_X86_INTEL_USERCOPY=y
+CONFIG_X86_USE_PPRO_CHECKSUM=y
+CONFIG_X86_P6_NOP=y
+CONFIG_X86_TSC=y
+CONFIG_X86_CMPXCHG64=y
+CONFIG_X86_CMOV=y
+CONFIG_X86_MINIMUM_CPU_FAMILY=64
+CONFIG_X86_DEBUGCTLMSR=y
+CONFIG_CPU_SUP_INTEL=y
+CONFIG_CPU_SUP_AMD=y
+CONFIG_CPU_SUP_CENTAUR=y
+CONFIG_HPET_TIMER=y
+CONFIG_DMI=y
+CONFIG_GART_IOMMU=y
+# CONFIG_CALGARY_IOMMU is not set
+CONFIG_SWIOTLB=y
+CONFIG_IOMMU_HELPER=y
+CONFIG_NR_CPUS=1
+CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT is not set
+CONFIG_UP_LATE_INIT=y
+CONFIG_X86_LOCAL_APIC=y
+CONFIG_X86_IO_APIC=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
+# CONFIG_X86_MCE is not set
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
+CONFIG_X86_VSYSCALL_EMULATION=y
+# CONFIG_I8K is not set
+# CONFIG_MICROCODE is not set
+# CONFIG_X86_MSR is not set
+# CONFIG_X86_CPUID is not set
+CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
+CONFIG_ARCH_DMA_ADDR_T_64BIT=y
+CONFIG_X86_DIRECT_GBPAGES=y
+CONFIG_ARCH_SPARSEMEM_ENABLE=y
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y
+CONFIG_ARCH_SELECT_MEMORY_MODEL=y
+CONFIG_ARCH_MEMORY_PROBE=y
+CONFIG_ARCH_PROC_KCORE_TEXT=y
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
+CONFIG_SELECT_MEMORY_MODEL=y
+CONFIG_SPARSEMEM_MANUAL=y
+CONFIG_SPARSEMEM=y
+CONFIG_HAVE_MEMORY_PRESENT=y
+CONFIG_SPARSEMEM_EXTREME=y
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
+CONFIG_SPARSEMEM_VMEMMAP=y
+CONFIG_HAVE_MEMBLOCK=y
+CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_ARCH_DISCARD_MEMBLOCK=y
+CONFIG_MEMORY_ISOLATION=y
+CONFIG_HAVE_BOOTMEM_INFO_NODE=y
+CONFIG_MEMORY_HOTPLUG=y
+CONFIG_MEMORY_HOTPLUG_SPARSE=y
+CONFIG_MEMORY_HOTREMOVE=y
+CONFIG_PAGEFLAGS_EXTENDED=y
+CONFIG_SPLIT_PTLOCK_CPUS=4
+CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
+CONFIG_MEMORY_BALLOON=y
+# CONFIG_COMPACTION is not set
+CONFIG_MIGRATION=y
+CONFIG_PHYS_ADDR_T_64BIT=y
+CONFIG_ZONE_DMA_FLAG=1
+CONFIG_BOUNCE=y
+CONFIG_VIRT_TO_BUS=y
+# CONFIG_KSM is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+# CONFIG_TRANSPARENT_HUGEPAGE is not set
+CONFIG_NEED_PER_CPU_KM=y
+# CONFIG_CLEANCACHE is not set
+# CONFIG_FRONTSWAP is not set
+# CONFIG_CMA is not set
+# CONFIG_ZPOOL is not set
+# CONFIG_ZBUD is not set
+# CONFIG_ZSMALLOC is not set
+CONFIG_GENERIC_EARLY_IOREMAP=y
+# CONFIG_X86_PMEM_LEGACY is not set
+# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
+CONFIG_X86_RESERVE_LOW=64
+CONFIG_MTRR=y
+CONFIG_MTRR_SANITIZER=y
+CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
+CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
+CONFIG_X86_PAT=y
+CONFIG_ARCH_USES_PG_UNCACHED=y
+CONFIG_ARCH_RANDOM=y
+CONFIG_X86_SMAP=y
+# CONFIG_X86_INTEL_MPX is not set
+# CONFIG_EFI is not set
+CONFIG_SECCOMP=y
+# CONFIG_HZ_100 is not set
+CONFIG_HZ_250=y
+# CONFIG_HZ_300 is not set
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=250
+CONFIG_SCHED_HRTICK=y
+# CONFIG_KEXEC is not set
+# CONFIG_CRASH_DUMP is not set
+CONFIG_PHYSICAL_START=0x1000000
+CONFIG_RELOCATABLE=y
+# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_CMDLINE_BOOL is not set
+CONFIG_HAVE_LIVEPATCH=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
+
+#
+# Power management and ACPI options
+#
+CONFIG_SUSPEND=y
+CONFIG_SUSPEND_FREEZER=y
+# CONFIG_HIBERNATION is not set
+CONFIG_PM_SLEEP=y
+# CONFIG_PM_AUTOSLEEP is not set
+# CONFIG_PM_WAKELOCKS is not set
+CONFIG_PM=y
+# CONFIG_PM_DEBUG is not set
+# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_ACPI=y
+CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
+CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
+CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
+CONFIG_ACPI_SLEEP=y
+# CONFIG_ACPI_PROCFS_POWER is not set
+# CONFIG_ACPI_EC_DEBUGFS is not set
+CONFIG_ACPI_AC=y
+CONFIG_ACPI_BATTERY=y
+CONFIG_ACPI_BUTTON=y
+CONFIG_ACPI_FAN=y
+# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_PROCESSOR=y
+# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
+CONFIG_ACPI_THERMAL=y
+# CONFIG_ACPI_CUSTOM_DSDT is not set
+# CONFIG_ACPI_DEBUG is not set
+# CONFIG_ACPI_PCI_SLOT is not set
+CONFIG_X86_PM_TIMER=y
+# CONFIG_ACPI_CONTAINER is not set
+# CONFIG_ACPI_HOTPLUG_MEMORY is not set
+CONFIG_ACPI_HOTPLUG_IOAPIC=y
+# CONFIG_ACPI_SBS is not set
+# CONFIG_ACPI_HED is not set
+# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
+CONFIG_HAVE_ACPI_APEI=y
+CONFIG_HAVE_ACPI_APEI_NMI=y
+# CONFIG_ACPI_APEI is not set
+# CONFIG_PMIC_OPREGION is not set
+# CONFIG_SFI is not set
+
+#
+# CPU Frequency scaling
+#
+# CONFIG_CPU_FREQ is not set
+
+#
+# CPU Idle
+#
+CONFIG_CPU_IDLE=y
+CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
+# CONFIG_INTEL_IDLE is not set
+
+#
+# Memory power savings
+#
+# CONFIG_I7300_IDLE is not set
+
+#
+# Bus options (PCI etc.)
+#
+CONFIG_PCI=y
+CONFIG_PCI_DIRECT=y
+# CONFIG_PCI_MMCONFIG is not set
+CONFIG_PCI_DOMAINS=y
+# CONFIG_PCIEPORTBUS is not set
+CONFIG_PCI_MSI=y
+# CONFIG_PCI_DEBUG is not set
+# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
+# CONFIG_PCI_STUB is not set
+CONFIG_HT_IRQ=y
+# CONFIG_PCI_IOV is not set
+# CONFIG_PCI_PRI is not set
+# CONFIG_PCI_PASID is not set
+CONFIG_PCI_LABEL=y
+
+#
+# PCI host controller drivers
+#
+CONFIG_ISA_DMA_API=y
+CONFIG_AMD_NB=y
+# CONFIG_PCCARD is not set
+# CONFIG_HOTPLUG_PCI is not set
+# CONFIG_RAPIDIO is not set
+# CONFIG_X86_SYSFB is not set
+
+#
+# Executable file formats / Emulations
+#
+CONFIG_BINFMT_ELF=y
+# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
+# CONFIG_HAVE_AOUT is not set
+# CONFIG_BINFMT_MISC is not set
+CONFIG_COREDUMP=y
+# CONFIG_IA32_EMULATION is not set
+CONFIG_X86_DEV_DMA_OPS=y
+CONFIG_PMC_ATOM=y
+CONFIG_NET=y
+
+#
+# Networking options
+#
+CONFIG_PACKET=y
+# CONFIG_PACKET_DIAG is not set
+CONFIG_UNIX=y
+# CONFIG_UNIX_DIAG is not set
+CONFIG_XFRM=y
+CONFIG_XFRM_ALGO=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_SUB_POLICY=y
+CONFIG_XFRM_MIGRATE=y
+CONFIG_XFRM_STATISTICS=y
+CONFIG_XFRM_IPCOMP=y
+CONFIG_NET_KEY=y
+CONFIG_NET_KEY_MIGRATE=y
+CONFIG_INET=y
+# CONFIG_IP_MULTICAST is not set
+CONFIG_IP_ADVANCED_ROUTER=y
+# CONFIG_IP_FIB_TRIE_STATS is not set
+CONFIG_IP_MULTIPLE_TABLES=y
+# CONFIG_IP_ROUTE_MULTIPATH is not set
+# CONFIG_IP_ROUTE_VERBOSE is not set
+CONFIG_IP_ROUTE_CLASSID=y
+# CONFIG_IP_PNP is not set
+# CONFIG_NET_IPIP is not set
+# CONFIG_NET_IPGRE_DEMUX is not set
+CONFIG_NET_IP_TUNNEL=y
+# CONFIG_SYN_COOKIES is not set
+# CONFIG_NET_IPVTI is not set
+CONFIG_NET_UDP_TUNNEL=y
+# CONFIG_NET_FOU is not set
+# CONFIG_GENEVE is not set
+CONFIG_INET_AH=y
+CONFIG_INET_ESP=y
+CONFIG_INET_IPCOMP=y
+CONFIG_INET_XFRM_TUNNEL=y
+CONFIG_INET_TUNNEL=y
+CONFIG_INET_XFRM_MODE_TRANSPORT=y
+CONFIG_INET_XFRM_MODE_TUNNEL=y
+CONFIG_INET_XFRM_MODE_BEET=y
+# CONFIG_INET_LRO is not set
+CONFIG_INET_DIAG=y
+CONFIG_INET_TCP_DIAG=y
+# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_CUBIC=y
+CONFIG_DEFAULT_TCP_CONG="cubic"
+# CONFIG_TCP_MD5SIG is not set
+CONFIG_IPV6=y
+# CONFIG_IPV6_ROUTER_PREF is not set
+CONFIG_IPV6_OPTIMISTIC_DAD=y
+CONFIG_INET6_AH=y
+CONFIG_INET6_ESP=y
+CONFIG_INET6_IPCOMP=y
+CONFIG_IPV6_MIP6=y
+CONFIG_INET6_XFRM_TUNNEL=y
+CONFIG_INET6_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_TRANSPORT=y
+CONFIG_INET6_XFRM_MODE_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_BEET=y
+# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
+# CONFIG_IPV6_VTI is not set
+# CONFIG_IPV6_SIT is not set
+CONFIG_IPV6_TUNNEL=y
+CONFIG_IPV6_GRE=y
+CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IPV6_SUBTREES=y
+# CONFIG_IPV6_MROUTE is not set
+# CONFIG_NETWORK_SECMARK is not set
+# CONFIG_NET_PTP_CLASSIFY is not set
+# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+CONFIG_NETFILTER=y
+# CONFIG_NETFILTER_DEBUG is not set
+CONFIG_NETFILTER_ADVANCED=y
+
+#
+# Core Netfilter Configuration
+#
+CONFIG_NETFILTER_NETLINK=y
+# CONFIG_NETFILTER_NETLINK_ACCT is not set
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_LOG_COMMON=y
+CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+# CONFIG_NF_CONNTRACK_TIMEOUT is not set
+# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
+# CONFIG_NF_CT_PROTO_DCCP is not set
+# CONFIG_NF_CT_PROTO_SCTP is not set
+CONFIG_NF_CT_PROTO_UDPLITE=y
+# CONFIG_NF_CONNTRACK_AMANDA is not set
+# CONFIG_NF_CONNTRACK_FTP is not set
+# CONFIG_NF_CONNTRACK_H323 is not set
+# CONFIG_NF_CONNTRACK_IRC is not set
+# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+# CONFIG_NF_CONNTRACK_SNMP is not set
+# CONFIG_NF_CONNTRACK_PPTP is not set
+CONFIG_NF_CONNTRACK_SANE=y
+# CONFIG_NF_CONNTRACK_SIP is not set
+# CONFIG_NF_CONNTRACK_TFTP is not set
+CONFIG_NF_CT_NETLINK=y
+# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_UDPLITE=y
+# CONFIG_NF_NAT_AMANDA is not set
+# CONFIG_NF_NAT_FTP is not set
+# CONFIG_NF_NAT_IRC is not set
+# CONFIG_NF_NAT_SIP is not set
+# CONFIG_NF_NAT_TFTP is not set
+CONFIG_NF_NAT_REDIRECT=y
+# CONFIG_NF_TABLES is not set
+CONFIG_NETFILTER_XTABLES=y
+
+#
+# Xtables combined modules
+#
+CONFIG_NETFILTER_XT_MARK=y
+CONFIG_NETFILTER_XT_CONNMARK=y
+CONFIG_NETFILTER_XT_SET=y
+
+#
+# Xtables targets
+#
+# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CT=y
+CONFIG_NETFILTER_XT_TARGET_DSCP=y
+CONFIG_NETFILTER_XT_TARGET_HL=y
+# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
+# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_NETFILTER_XT_NAT=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
+# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+# CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
+CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+
+#
+# Xtables matches
+#
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
+# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+# CONFIG_NETFILTER_XT_MATCH_CPU is not set
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HELPER=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
+# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
+CONFIG_NETFILTER_XT_MATCH_L2TP=y
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
+# CONFIG_NETFILTER_XT_MATCH_OSF is not set
+# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
+CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+# CONFIG_NETFILTER_XT_MATCH_TIME is not set
+CONFIG_NETFILTER_XT_MATCH_U32=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=y
+CONFIG_IP_SET_BITMAP_IPMAC=y
+CONFIG_IP_SET_BITMAP_PORT=y
+CONFIG_IP_SET_HASH_IP=y
+# CONFIG_IP_SET_HASH_IPMARK is not set
+CONFIG_IP_SET_HASH_IPPORT=y
+CONFIG_IP_SET_HASH_IPPORTIP=y
+CONFIG_IP_SET_HASH_IPPORTNET=y
+# CONFIG_IP_SET_HASH_MAC is not set
+# CONFIG_IP_SET_HASH_NETPORTNET is not set
+CONFIG_IP_SET_HASH_NET=y
+# CONFIG_IP_SET_HASH_NETNET is not set
+CONFIG_IP_SET_HASH_NETPORT=y
+# CONFIG_IP_SET_HASH_NETIFACE is not set
+CONFIG_IP_SET_LIST_SET=y
+# CONFIG_IP_VS is not set
+
+#
+# IP: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
+CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+# CONFIG_NF_LOG_ARP is not set
+CONFIG_NF_LOG_IPV4=y
+CONFIG_NF_REJECT_IPV4=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_NF_NAT_MASQUERADE_IPV4=y
+# CONFIG_NF_NAT_PPTP is not set
+# CONFIG_NF_NAT_H323 is not set
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=y
+CONFIG_IP_NF_MATCH_ECN=y
+# CONFIG_IP_NF_MATCH_RPFILTER is not set
+CONFIG_IP_NF_MATCH_TTL=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+# CONFIG_IP_NF_TARGET_SYNPROXY is not set
+CONFIG_IP_NF_NAT=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_TARGET_CLUSTERIP=y
+CONFIG_IP_NF_TARGET_ECN=y
+CONFIG_IP_NF_TARGET_TTL=y
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_ARPTABLES=y
+CONFIG_IP_NF_ARPFILTER=y
+CONFIG_IP_NF_ARP_MANGLE=y
+
+#
+# IPv6: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV6=y
+CONFIG_NF_CONNTRACK_IPV6=y
+CONFIG_NF_REJECT_IPV6=y
+CONFIG_NF_LOG_IPV6=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_NF_NAT_MASQUERADE_IPV6=y
+CONFIG_IP6_NF_IPTABLES=y
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+# CONFIG_IP6_NF_MATCH_RPFILTER is not set
+CONFIG_IP6_NF_MATCH_RT=y
+CONFIG_IP6_NF_TARGET_HL=y
+CONFIG_IP6_NF_FILTER=y
+CONFIG_IP6_NF_TARGET_REJECT=y
+# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
+CONFIG_IP6_NF_MANGLE=y
+CONFIG_IP6_NF_RAW=y
+# CONFIG_IP6_NF_NAT is not set
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
+# CONFIG_RDS is not set
+# CONFIG_TIPC is not set
+# CONFIG_ATM is not set
+CONFIG_L2TP=y
+# CONFIG_L2TP_V3 is not set
+# CONFIG_BRIDGE is not set
+CONFIG_HAVE_NET_DSA=y
+# CONFIG_VLAN_8021Q is not set
+# CONFIG_DECNET is not set
+# CONFIG_LLC2 is not set
+# CONFIG_IPX is not set
+# CONFIG_ATALK is not set
+# CONFIG_X25 is not set
+# CONFIG_LAPB is not set
+# CONFIG_PHONET is not set
+# CONFIG_6LOWPAN is not set
+# CONFIG_IEEE802154 is not set
+# CONFIG_NET_SCHED is not set
+# CONFIG_DCB is not set
+# CONFIG_BATMAN_ADV is not set
+# CONFIG_OPENVSWITCH is not set
+# CONFIG_VSOCKETS is not set
+# CONFIG_NETLINK_MMAP is not set
+# CONFIG_NETLINK_DIAG is not set
+# CONFIG_MPLS is not set
+# CONFIG_HSR is not set
+# CONFIG_NET_SWITCHDEV is not set
+CONFIG_NET_RX_BUSY_POLL=y
+CONFIG_BQL=y
+
+#
+# Network testing
+#
+# CONFIG_NET_PKTGEN is not set
+# CONFIG_HAMRADIO is not set
+# CONFIG_CAN is not set
+# CONFIG_IRDA is not set
+# CONFIG_BT is not set
+# CONFIG_AF_RXRPC is not set
+CONFIG_FIB_RULES=y
+CONFIG_WIRELESS=y
+# CONFIG_CFG80211 is not set
+# CONFIG_LIB80211 is not set
+
+#
+# CFG80211 needs to be enabled for MAC80211
+#
+# CONFIG_WIMAX is not set
+# CONFIG_RFKILL is not set
+CONFIG_NET_9P=y
+CONFIG_NET_9P_VIRTIO=y
+# CONFIG_NET_9P_DEBUG is not set
+# CONFIG_CAIF is not set
+# CONFIG_CEPH_LIB is not set
+# CONFIG_NFC is not set
+CONFIG_HAVE_BPF_JIT=y
+
+#
+# Device Drivers
+#
+
+#
+# Generic Driver Options
+#
+CONFIG_UEVENT_HELPER=y
+CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+# CONFIG_DEVTMPFS is not set
+CONFIG_STANDALONE=y
+CONFIG_PREVENT_FIRMWARE_BUILD=y
+CONFIG_FW_LOADER=y
+CONFIG_FIRMWARE_IN_KERNEL=y
+CONFIG_EXTRA_FIRMWARE=""
+# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set
+CONFIG_ALLOW_DEV_COREDUMP=y
+# CONFIG_DEBUG_DRIVER is not set
+# CONFIG_DEBUG_DEVRES is not set
+# CONFIG_SYS_HYPERVISOR is not set
+# CONFIG_GENERIC_CPU_DEVICES is not set
+CONFIG_GENERIC_CPU_AUTOPROBE=y
+# CONFIG_DMA_SHARED_BUFFER is not set
+
+#
+# Bus devices
+#
+# CONFIG_CONNECTOR is not set
+# CONFIG_MTD is not set
+CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
+# CONFIG_PARPORT is not set
+CONFIG_PNP=y
+CONFIG_PNP_DEBUG_MESSAGES=y
+
+#
+# Protocols
+#
+CONFIG_PNPACPI=y
+CONFIG_BLK_DEV=y
+# CONFIG_BLK_DEV_NULL_BLK is not set
+# CONFIG_BLK_DEV_FD is not set
+# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
+# CONFIG_BLK_CPQ_CISS_DA is not set
+# CONFIG_BLK_DEV_DAC960 is not set
+# CONFIG_BLK_DEV_UMEM is not set
+# CONFIG_BLK_DEV_COW_COMMON is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+# CONFIG_BLK_DEV_DRBD is not set
+CONFIG_BLK_DEV_NBD=y
+# CONFIG_BLK_DEV_NVME is not set
+# CONFIG_BLK_DEV_SKD is not set
+# CONFIG_BLK_DEV_SX8 is not set
+# CONFIG_BLK_DEV_RAM is not set
+# CONFIG_BLK_DEV_PMEM is not set
+# CONFIG_CDROM_PKTCDVD is not set
+# CONFIG_ATA_OVER_ETH is not set
+CONFIG_VIRTIO_BLK=y
+# CONFIG_BLK_DEV_HD is not set
+# CONFIG_BLK_DEV_RBD is not set
+# CONFIG_BLK_DEV_RSXX is not set
+
+#
+# Misc devices
+#
+# CONFIG_SENSORS_LIS3LV02D is not set
+# CONFIG_DUMMY_IRQ is not set
+# CONFIG_IBM_ASM is not set
+# CONFIG_PHANTOM is not set
+# CONFIG_SGI_IOC4 is not set
+# CONFIG_TIFM_CORE is not set
+# CONFIG_ENCLOSURE_SERVICES is not set
+# CONFIG_HP_ILO is not set
+# CONFIG_SRAM is not set
+# CONFIG_C2PORT is not set
+
+#
+# EEPROM support
+#
+# CONFIG_EEPROM_93CX6 is not set
+# CONFIG_CB710_CORE is not set
+
+#
+# Texas Instruments shared transport line discipline
+#
+
+#
+# Altera FPGA firmware download module
+#
+# CONFIG_VMWARE_VMCI is not set
+
+#
+# Intel MIC Bus Driver
+#
+# CONFIG_INTEL_MIC_BUS is not set
+
+#
+# Intel MIC Host Driver
+#
+
+#
+# Intel MIC Card Driver
+#
+# CONFIG_GENWQE is not set
+# CONFIG_ECHO is not set
+# CONFIG_CXL_BASE is not set
+CONFIG_HAVE_IDE=y
+# CONFIG_IDE is not set
+
+#
+# SCSI device support
+#
+CONFIG_SCSI_MOD=y
+# CONFIG_RAID_ATTRS is not set
+# CONFIG_SCSI is not set
+# CONFIG_SCSI_DMA is not set
+# CONFIG_SCSI_NETLINK is not set
+# CONFIG_ATA is not set
+# CONFIG_MD is not set
+# CONFIG_FUSION is not set
+
+#
+# IEEE 1394 (FireWire) support
+#
+# CONFIG_FIREWIRE is not set
+# CONFIG_FIREWIRE_NOSY is not set
+# CONFIG_MACINTOSH_DRIVERS is not set
+CONFIG_NETDEVICES=y
+CONFIG_NET_CORE=y
+# CONFIG_BONDING is not set
+CONFIG_DUMMY=y
+# CONFIG_EQUALIZER is not set
+# CONFIG_NET_TEAM is not set
+# CONFIG_MACVLAN is not set
+# CONFIG_IPVLAN is not set
+# CONFIG_VXLAN is not set
+# CONFIG_NETCONSOLE is not set
+# CONFIG_NETPOLL is not set
+# CONFIG_NET_POLL_CONTROLLER is not set
+CONFIG_TUN=y
+# CONFIG_VETH is not set
+CONFIG_VIRTIO_NET=y
+# CONFIG_NLMON is not set
+# CONFIG_ARCNET is not set
+
+#
+# CAIF transport drivers
+#
+# CONFIG_VHOST_NET is not set
+
+#
+# Distributed Switch Architecture drivers
+#
+# CONFIG_NET_DSA_MV88E6XXX is not set
+# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set
+CONFIG_ETHERNET=y
+CONFIG_NET_VENDOR_3COM=y
+# CONFIG_VORTEX is not set
+# CONFIG_TYPHOON is not set
+CONFIG_NET_VENDOR_ADAPTEC=y
+# CONFIG_ADAPTEC_STARFIRE is not set
+CONFIG_NET_VENDOR_AGERE=y
+# CONFIG_ET131X is not set
+CONFIG_NET_VENDOR_ALTEON=y
+# CONFIG_ACENIC is not set
+# CONFIG_ALTERA_TSE is not set
+CONFIG_NET_VENDOR_AMD=y
+# CONFIG_AMD8111_ETH is not set
+# CONFIG_PCNET32 is not set
+# CONFIG_NET_VENDOR_ARC is not set
+CONFIG_NET_VENDOR_ATHEROS=y
+# CONFIG_ATL2 is not set
+# CONFIG_ATL1 is not set
+# CONFIG_ATL1E is not set
+# CONFIG_ATL1C is not set
+# CONFIG_ALX is not set
+CONFIG_NET_CADENCE=y
+# CONFIG_MACB is not set
+CONFIG_NET_VENDOR_BROADCOM=y
+# CONFIG_B44 is not set
+# CONFIG_BCMGENET is not set
+# CONFIG_BNX2 is not set
+# CONFIG_CNIC is not set
+# CONFIG_TIGON3 is not set
+# CONFIG_BNX2X is not set
+CONFIG_NET_VENDOR_BROCADE=y
+# CONFIG_BNA is not set
+CONFIG_NET_VENDOR_CHELSIO=y
+# CONFIG_CHELSIO_T1 is not set
+# CONFIG_CHELSIO_T3 is not set
+# CONFIG_CHELSIO_T4 is not set
+# CONFIG_CHELSIO_T4VF is not set
+CONFIG_NET_VENDOR_CISCO=y
+# CONFIG_ENIC is not set
+# CONFIG_CX_ECAT is not set
+# CONFIG_DNET is not set
+CONFIG_NET_VENDOR_DEC=y
+# CONFIG_NET_TULIP is not set
+CONFIG_NET_VENDOR_DLINK=y
+# CONFIG_DL2K is not set
+# CONFIG_SUNDANCE is not set
+CONFIG_NET_VENDOR_EMULEX=y
+# CONFIG_BE2NET is not set
+CONFIG_NET_VENDOR_EXAR=y
+# CONFIG_S2IO is not set
+# CONFIG_VXGE is not set
+CONFIG_NET_VENDOR_HP=y
+# CONFIG_HP100 is not set
+CONFIG_NET_VENDOR_INTEL=y
+# CONFIG_E100 is not set
+# CONFIG_E1000 is not set
+# CONFIG_E1000E is not set
+# CONFIG_IGB is not set
+# CONFIG_IGBVF is not set
+# CONFIG_IXGB is not set
+# CONFIG_IXGBE is not set
+# CONFIG_IXGBEVF is not set
+# CONFIG_I40E is not set
+# CONFIG_I40EVF is not set
+# CONFIG_FM10K is not set
+CONFIG_NET_VENDOR_I825XX=y
+# CONFIG_IP1000 is not set
+# CONFIG_JME is not set
+CONFIG_NET_VENDOR_MARVELL=y
+# CONFIG_MVMDIO is not set
+# CONFIG_SKGE is not set
+# CONFIG_SKY2 is not set
+CONFIG_NET_VENDOR_MELLANOX=y
+# CONFIG_MLX4_EN is not set
+# CONFIG_MLX4_CORE is not set
+# CONFIG_MLX5_CORE is not set
+CONFIG_NET_VENDOR_MICREL=y
+# CONFIG_KS8851_MLL is not set
+# CONFIG_KSZ884X_PCI is not set
+CONFIG_NET_VENDOR_MYRI=y
+# CONFIG_MYRI10GE is not set
+# CONFIG_FEALNX is not set
+CONFIG_NET_VENDOR_NATSEMI=y
+# CONFIG_NATSEMI is not set
+# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_8390=y
+# CONFIG_NE2K_PCI is not set
+CONFIG_NET_VENDOR_NVIDIA=y
+# CONFIG_FORCEDETH is not set
+CONFIG_NET_VENDOR_OKI=y
+# CONFIG_ETHOC is not set
+CONFIG_NET_PACKET_ENGINE=y
+# CONFIG_HAMACHI is not set
+# CONFIG_YELLOWFIN is not set
+CONFIG_NET_VENDOR_QLOGIC=y
+# CONFIG_QLA3XXX is not set
+# CONFIG_QLCNIC is not set
+# CONFIG_QLGE is not set
+# CONFIG_NETXEN_NIC is not set
+CONFIG_NET_VENDOR_QUALCOMM=y
+CONFIG_NET_VENDOR_REALTEK=y
+# CONFIG_8139CP is not set
+# CONFIG_8139TOO is not set
+# CONFIG_R8169 is not set
+CONFIG_NET_VENDOR_RDC=y
+# CONFIG_R6040 is not set
+CONFIG_NET_VENDOR_ROCKER=y
+CONFIG_NET_VENDOR_SAMSUNG=y
+# CONFIG_SXGBE_ETH is not set
+CONFIG_NET_VENDOR_SEEQ=y
+CONFIG_NET_VENDOR_SILAN=y
+# CONFIG_SC92031 is not set
+CONFIG_NET_VENDOR_SIS=y
+# CONFIG_SIS900 is not set
+# CONFIG_SIS190 is not set
+# CONFIG_SFC is not set
+CONFIG_NET_VENDOR_SMSC=y
+# CONFIG_EPIC100 is not set
+# CONFIG_SMSC911X is not set
+# CONFIG_SMSC9420 is not set
+CONFIG_NET_VENDOR_STMICRO=y
+# CONFIG_STMMAC_ETH is not set
+CONFIG_NET_VENDOR_SUN=y
+# CONFIG_HAPPYMEAL is not set
+# CONFIG_SUNGEM is not set
+# CONFIG_CASSINI is not set
+# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_TEHUTI=y
+# CONFIG_TEHUTI is not set
+CONFIG_NET_VENDOR_TI=y
+# CONFIG_TI_CPSW_ALE is not set
+# CONFIG_TLAN is not set
+CONFIG_NET_VENDOR_VIA=y
+# CONFIG_VIA_RHINE is not set
+# CONFIG_VIA_VELOCITY is not set
+CONFIG_NET_VENDOR_WIZNET=y
+# CONFIG_WIZNET_W5100 is not set
+# CONFIG_WIZNET_W5300 is not set
+# CONFIG_FDDI is not set
+# CONFIG_HIPPI is not set
+# CONFIG_NET_SB1000 is not set
+# CONFIG_PHYLIB is not set
+# CONFIG_PPP is not set
+# CONFIG_SLIP is not set
+
+#
+# Host-side USB support is needed for USB Network Adapter support
+#
+CONFIG_WLAN=y
+# CONFIG_PRISM54 is not set
+# CONFIG_HOSTAP is not set
+# CONFIG_WL_TI is not set
+
+#
+# Enable WiMAX (Networking options) to see the WiMAX drivers
+#
+# CONFIG_WAN is not set
+# CONFIG_VMXNET3 is not set
+# CONFIG_ISDN is not set
+
+#
+# Input device support
+#
+CONFIG_INPUT=y
+# CONFIG_INPUT_FF_MEMLESS is not set
+# CONFIG_INPUT_POLLDEV is not set
+# CONFIG_INPUT_SPARSEKMAP is not set
+# CONFIG_INPUT_MATRIXKMAP is not set
+
+#
+# Userland interfaces
+#
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INPUT_MOUSEDEV_PSAUX=y
+CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
+CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+# CONFIG_INPUT_JOYDEV is not set
+CONFIG_INPUT_EVDEV=y
+# CONFIG_INPUT_EVBUG is not set
+
+#
+# Input Device Drivers
+#
+CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ATKBD=y
+# CONFIG_KEYBOARD_LKKBD is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=y
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_CYPRESS=y
+CONFIG_MOUSE_PS2_LIFEBOOK=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+# CONFIG_MOUSE_PS2_ELANTECH is not set
+# CONFIG_MOUSE_PS2_SENTELIC is not set
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+CONFIG_MOUSE_PS2_FOCALTECH=y
+# CONFIG_MOUSE_SERIAL is not set
+# CONFIG_MOUSE_APPLETOUCH is not set
+# CONFIG_MOUSE_BCM5974 is not set
+# CONFIG_MOUSE_VSXXXAA is not set
+# CONFIG_MOUSE_SYNAPTICS_USB is not set
+# CONFIG_INPUT_JOYSTICK is not set
+# CONFIG_INPUT_TABLET is not set
+# CONFIG_INPUT_TOUCHSCREEN is not set
+# CONFIG_INPUT_MISC is not set
+
+#
+# Hardware I/O ports
+#
+CONFIG_SERIO=y
+CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
+CONFIG_SERIO_I8042=y
+CONFIG_SERIO_SERPORT=y
+# CONFIG_SERIO_CT82C710 is not set
+# CONFIG_SERIO_PCIPS2 is not set
+CONFIG_SERIO_LIBPS2=y
+# CONFIG_SERIO_RAW is not set
+# CONFIG_SERIO_ALTERA_PS2 is not set
+# CONFIG_SERIO_PS2MULT is not set
+# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_GAMEPORT is not set
+
+#
+# Character devices
+#
+CONFIG_TTY=y
+CONFIG_VT=y
+CONFIG_CONSOLE_TRANSLATIONS=y
+CONFIG_VT_CONSOLE=y
+CONFIG_VT_CONSOLE_SLEEP=y
+CONFIG_HW_CONSOLE=y
+# CONFIG_VT_HW_CONSOLE_BINDING is not set
+CONFIG_UNIX98_PTYS=y
+# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
+CONFIG_LEGACY_PTYS=y
+CONFIG_LEGACY_PTY_COUNT=256
+# CONFIG_SERIAL_NONSTANDARD is not set
+# CONFIG_NOZOMI is not set
+# CONFIG_N_GSM is not set
+# CONFIG_TRACE_SINK is not set
+CONFIG_DEVMEM=y
+CONFIG_DEVKMEM=y
+
+#
+# Serial drivers
+#
+# CONFIG_SERIAL_8250 is not set
+
+#
+# Non-8250 serial port support
+#
+# CONFIG_SERIAL_JSM is not set
+# CONFIG_SERIAL_SCCNXP is not set
+# CONFIG_SERIAL_ALTERA_JTAGUART is not set
+# CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_ARC is not set
+# CONFIG_SERIAL_RP2 is not set
+# CONFIG_SERIAL_FSL_LPUART is not set
+CONFIG_HVC_DRIVER=y
+CONFIG_VIRTIO_CONSOLE=y
+# CONFIG_IPMI_HANDLER is not set
+# CONFIG_HW_RANDOM is not set
+# CONFIG_NVRAM is not set
+# CONFIG_R3964 is not set
+# CONFIG_APPLICOM is not set
+# CONFIG_MWAVE is not set
+# CONFIG_RAW_DRIVER is not set
+# CONFIG_HPET is not set
+# CONFIG_HANGCHECK_TIMER is not set
+# CONFIG_TCG_TPM is not set
+# CONFIG_TELCLOCK is not set
+CONFIG_DEVPORT=y
+# CONFIG_XILLYBUS is not set
+
+#
+# I2C support
+#
+# CONFIG_I2C is not set
+# CONFIG_SPI is not set
+# CONFIG_SPMI is not set
+# CONFIG_HSI is not set
+
+#
+# PPS support
+#
+# CONFIG_PPS is not set
+
+#
+# PPS generators support
+#
+
+#
+# PTP clock support
+#
+# CONFIG_PTP_1588_CLOCK is not set
+
+#
+# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
+#
+CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
+# CONFIG_GPIOLIB is not set
+# CONFIG_W1 is not set
+CONFIG_POWER_SUPPLY=y
+# CONFIG_POWER_SUPPLY_DEBUG is not set
+# CONFIG_PDA_POWER is not set
+# CONFIG_TEST_POWER is not set
+# CONFIG_BATTERY_DS2780 is not set
+# CONFIG_BATTERY_DS2781 is not set
+# CONFIG_BATTERY_BQ27x00 is not set
+# CONFIG_CHARGER_MAX8903 is not set
+# CONFIG_POWER_RESET is not set
+# CONFIG_POWER_AVS is not set
+CONFIG_HWMON=y
+# CONFIG_HWMON_VID is not set
+# CONFIG_HWMON_DEBUG_CHIP is not set
+
+#
+# Native drivers
+#
+# CONFIG_SENSORS_ABITUGURU is not set
+# CONFIG_SENSORS_ABITUGURU3 is not set
+# CONFIG_SENSORS_K8TEMP is not set
+# CONFIG_SENSORS_K10TEMP is not set
+# CONFIG_SENSORS_FAM15H_POWER is not set
+# CONFIG_SENSORS_APPLESMC is not set
+# CONFIG_SENSORS_I5K_AMB is not set
+# CONFIG_SENSORS_F71805F is not set
+# CONFIG_SENSORS_F71882FG is not set
+# CONFIG_SENSORS_I5500 is not set
+# CONFIG_SENSORS_CORETEMP is not set
+# CONFIG_SENSORS_IT87 is not set
+# CONFIG_SENSORS_MAX197 is not set
+# CONFIG_SENSORS_PC87360 is not set
+# CONFIG_SENSORS_PC87427 is not set
+# CONFIG_SENSORS_NTC_THERMISTOR is not set
+# CONFIG_SENSORS_NCT6683 is not set
+# CONFIG_SENSORS_NCT6775 is not set
+# CONFIG_SENSORS_SIS5595 is not set
+# CONFIG_SENSORS_SMSC47M1 is not set
+# CONFIG_SENSORS_SMSC47B397 is not set
+# CONFIG_SENSORS_SCH56XX_COMMON is not set
+# CONFIG_SENSORS_VIA_CPUTEMP is not set
+# CONFIG_SENSORS_VIA686A is not set
+# CONFIG_SENSORS_VT1211 is not set
+# CONFIG_SENSORS_VT8231 is not set
+# CONFIG_SENSORS_W83627HF is not set
+# CONFIG_SENSORS_W83627EHF is not set
+
+#
+# ACPI drivers
+#
+# CONFIG_SENSORS_ACPI_POWER is not set
+# CONFIG_SENSORS_ATK0110 is not set
+CONFIG_THERMAL=y
+CONFIG_THERMAL_HWMON=y
+CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
+# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
+CONFIG_THERMAL_GOV_STEP_WISE=y
+# CONFIG_THERMAL_GOV_BANG_BANG is not set
+# CONFIG_THERMAL_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_EMULATION is not set
+# CONFIG_INTEL_POWERCLAMP is not set
+# CONFIG_INTEL_SOC_DTS_THERMAL is not set
+# CONFIG_INT340X_THERMAL is not set
+
+#
+# Texas Instruments thermal drivers
+#
+# CONFIG_WATCHDOG is not set
+CONFIG_SSB_POSSIBLE=y
+
+#
+# Sonics Silicon Backplane
+#
+# CONFIG_SSB is not set
+CONFIG_BCMA_POSSIBLE=y
+
+#
+# Broadcom specific AMBA
+#
+# CONFIG_BCMA is not set
+
+#
+# Multifunction device drivers
+#
+# CONFIG_MFD_CORE is not set
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_HTC_PASIC3 is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_KEMPLD is not set
+# CONFIG_MFD_MT6397 is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_RTSX_PCI is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_TMIO is not set
+# CONFIG_MFD_VX855 is not set
+# CONFIG_REGULATOR is not set
+# CONFIG_MEDIA_SUPPORT is not set
+
+#
+# Graphics support
+#
+# CONFIG_AGP is not set
+CONFIG_VGA_ARB=y
+CONFIG_VGA_ARB_MAX_GPUS=16
+# CONFIG_VGA_SWITCHEROO is not set
+
+#
+# Direct Rendering Manager
+#
+# CONFIG_DRM is not set
+
+#
+# Frame buffer Devices
+#
+# CONFIG_FB is not set
+# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
+# CONFIG_VGASTATE is not set
+
+#
+# Console display driver support
+#
+CONFIG_VGA_CONSOLE=y
+# CONFIG_VGACON_SOFT_SCROLLBACK is not set
+CONFIG_DUMMY_CONSOLE=y
+CONFIG_DUMMY_CONSOLE_COLUMNS=80
+CONFIG_DUMMY_CONSOLE_ROWS=25
+CONFIG_SOUND=y
+# CONFIG_SOUND_OSS_CORE is not set
+# CONFIG_SND is not set
+# CONFIG_SOUND_PRIME is not set
+
+#
+# HID support
+#
+CONFIG_HID=y
+# CONFIG_HID_BATTERY_STRENGTH is not set
+# CONFIG_HIDRAW is not set
+# CONFIG_UHID is not set
+CONFIG_HID_GENERIC=y
+
+#
+# Special HID drivers
+#
+CONFIG_HID_A4TECH=y
+# CONFIG_HID_ACRUX is not set
+CONFIG_HID_APPLE=y
+# CONFIG_HID_AUREAL is not set
+CONFIG_HID_BELKIN=y
+CONFIG_HID_CHERRY=y
+CONFIG_HID_CHICONY=y
+CONFIG_HID_CYPRESS=y
+# CONFIG_HID_DRAGONRISE is not set
+# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
+CONFIG_HID_EZKEY=y
+# CONFIG_HID_KEYTOUCH is not set
+# CONFIG_HID_KYE is not set
+# CONFIG_HID_WALTOP is not set
+# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
+# CONFIG_HID_TWINHAN is not set
+CONFIG_HID_KENSINGTON=y
+# CONFIG_HID_LCPOWER is not set
+# CONFIG_HID_LENOVO is not set
+CONFIG_HID_LOGITECH=y
+# CONFIG_HID_LOGITECH_HIDPP is not set
+# CONFIG_LOGITECH_FF is not set
+# CONFIG_LOGIRUMBLEPAD2_FF is not set
+# CONFIG_LOGIG940_FF is not set
+# CONFIG_LOGIWHEELS_FF is not set
+# CONFIG_HID_MAGICMOUSE is not set
+CONFIG_HID_MICROSOFT=y
+CONFIG_HID_MONTEREY=y
+# CONFIG_HID_MULTITOUCH is not set
+# CONFIG_HID_ORTEK is not set
+# CONFIG_HID_PANTHERLORD is not set
+# CONFIG_HID_PETALYNX is not set
+# CONFIG_HID_PICOLCD is not set
+CONFIG_HID_PLANTRONICS=y
+# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_SAITEK is not set
+# CONFIG_HID_SAMSUNG is not set
+# CONFIG_HID_SPEEDLINK is not set
+# CONFIG_HID_STEELSERIES is not set
+# CONFIG_HID_SUNPLUS is not set
+# CONFIG_HID_RMI is not set
+# CONFIG_HID_GREENASIA is not set
+# CONFIG_HID_SMARTJOYPLUS is not set
+# CONFIG_HID_TIVO is not set
+# CONFIG_HID_TOPSEED is not set
+# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_WACOM is not set
+# CONFIG_HID_XINMO is not set
+# CONFIG_HID_ZEROPLUS is not set
+# CONFIG_HID_ZYDACRON is not set
+# CONFIG_HID_SENSOR_HUB is not set
+CONFIG_USB_OHCI_LITTLE_ENDIAN=y
+CONFIG_USB_SUPPORT=y
+CONFIG_USB_ARCH_HAS_HCD=y
+# CONFIG_USB is not set
+
+#
+# USB port drivers
+#
+
+#
+# USB Physical Layer drivers
+#
+# CONFIG_USB_PHY is not set
+# CONFIG_NOP_USB_XCEIV is not set
+# CONFIG_USB_GADGET is not set
+# CONFIG_UWB is not set
+# CONFIG_MMC is not set
+# CONFIG_MEMSTICK is not set
+# CONFIG_NEW_LEDS is not set
+# CONFIG_ACCESSIBILITY is not set
+# CONFIG_INFINIBAND is not set
+# CONFIG_EDAC is not set
+CONFIG_RTC_LIB=y
+# CONFIG_RTC_CLASS is not set
+# CONFIG_DMADEVICES is not set
+# CONFIG_AUXDISPLAY is not set
+# CONFIG_UIO is not set
+# CONFIG_VIRT_DRIVERS is not set
+CONFIG_VIRTIO=y
+
+#
+# Virtio drivers
+#
+CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_PCI_LEGACY=y
+CONFIG_VIRTIO_BALLOON=y
+# CONFIG_VIRTIO_INPUT is not set
+CONFIG_VIRTIO_MMIO=y
+# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set
+
+#
+# Microsoft Hyper-V guest support
+#
+# CONFIG_STAGING is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+# CONFIG_ACERHDF is not set
+# CONFIG_ASUS_LAPTOP is not set
+# CONFIG_DELL_SMO8800 is not set
+# CONFIG_FUJITSU_TABLET is not set
+# CONFIG_HP_ACCEL is not set
+# CONFIG_HP_WIRELESS is not set
+# CONFIG_THINKPAD_ACPI is not set
+# CONFIG_SENSORS_HDAPS is not set
+# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ACPI_WMI is not set
+# CONFIG_TOPSTAR_LAPTOP is not set
+# CONFIG_TOSHIBA_BT_RFKILL is not set
+# CONFIG_TOSHIBA_HAPS is not set
+# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_IPS is not set
+# CONFIG_IBM_RTL is not set
+# CONFIG_SAMSUNG_Q10 is not set
+# CONFIG_INTEL_RST is not set
+# CONFIG_INTEL_SMARTCONNECT is not set
+# CONFIG_PVPANIC is not set
+# CONFIG_CHROME_PLATFORMS is not set
+
+#
+# Hardware Spinlock drivers
+#
+
+#
+# Clock Source drivers
+#
+CONFIG_CLKEVT_I8253=y
+CONFIG_I8253_LOCK=y
+CONFIG_CLKBLD_I8253=y
+# CONFIG_ATMEL_PIT is not set
+# CONFIG_SH_TIMER_CMT is not set
+# CONFIG_SH_TIMER_MTU2 is not set
+# CONFIG_SH_TIMER_TMU is not set
+# CONFIG_EM_TIMER_STI is not set
+# CONFIG_MAILBOX is not set
+CONFIG_IOMMU_SUPPORT=y
+
+#
+# Generic IOMMU Pagetable Support
+#
+# CONFIG_AMD_IOMMU is not set
+# CONFIG_INTEL_IOMMU is not set
+# CONFIG_IRQ_REMAP is not set
+
+#
+# Remoteproc drivers
+#
+# CONFIG_STE_MODEM_RPROC is not set
+
+#
+# Rpmsg drivers
+#
+
+#
+# SOC (System On Chip) specific Drivers
+#
+# CONFIG_SOC_TI is not set
+# CONFIG_PM_DEVFREQ is not set
+# CONFIG_EXTCON is not set
+# CONFIG_MEMORY is not set
+# CONFIG_IIO is not set
+# CONFIG_NTB is not set
+# CONFIG_VME_BUS is not set
+# CONFIG_PWM is not set
+# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
+# CONFIG_FMC is not set
+
+#
+# PHY Subsystem
+#
+# CONFIG_GENERIC_PHY is not set
+# CONFIG_BCM_KONA_USB2_PHY is not set
+# CONFIG_POWERCAP is not set
+# CONFIG_MCB is not set
+# CONFIG_THUNDERBOLT is not set
+
+#
+# Android
+#
+# CONFIG_ANDROID is not set
+
+#
+# Firmware Drivers
+#
+# CONFIG_EDD is not set
+CONFIG_FIRMWARE_MEMMAP=y
+# CONFIG_DELL_RBU is not set
+# CONFIG_DCDBAS is not set
+CONFIG_DMIID=y
+# CONFIG_DMI_SYSFS is not set
+CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
+# CONFIG_ISCSI_IBFT_FIND is not set
+# CONFIG_GOOGLE_FIRMWARE is not set
+
+#
+# File systems
+#
+CONFIG_DCACHE_WORD_ACCESS=y
+CONFIG_EXT2_FS=y
+# CONFIG_EXT2_FS_XATTR is not set
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
+# CONFIG_EXT3_FS_XATTR is not set
+# CONFIG_EXT4_FS is not set
+CONFIG_JBD=y
+CONFIG_REISERFS_FS=y
+# CONFIG_REISERFS_CHECK is not set
+# CONFIG_REISERFS_PROC_INFO is not set
+# CONFIG_REISERFS_FS_XATTR is not set
+# CONFIG_JFS_FS is not set
+# CONFIG_XFS_FS is not set
+# CONFIG_GFS2_FS is not set
+# CONFIG_BTRFS_FS is not set
+# CONFIG_NILFS2_FS is not set
+# CONFIG_F2FS_FS is not set
+# CONFIG_FS_DAX is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_FILE_LOCKING=y
+CONFIG_FSNOTIFY=y
+CONFIG_DNOTIFY=y
+CONFIG_INOTIFY_USER=y
+# CONFIG_FANOTIFY is not set
+CONFIG_QUOTA=y
+# CONFIG_QUOTA_NETLINK_INTERFACE is not set
+CONFIG_PRINT_QUOTA_WARNING=y
+# CONFIG_QUOTA_DEBUG is not set
+# CONFIG_QFMT_V1 is not set
+# CONFIG_QFMT_V2 is not set
+CONFIG_QUOTACTL=y
+CONFIG_AUTOFS4_FS=y
+# CONFIG_FUSE_FS is not set
+# CONFIG_OVERLAY_FS is not set
+
+#
+# Caches
+#
+# CONFIG_FSCACHE is not set
+
+#
+# CD-ROM/DVD Filesystems
+#
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+# CONFIG_ZISOFS is not set
+# CONFIG_UDF_FS is not set
+
+#
+# DOS/FAT/NT Filesystems
+#
+# CONFIG_MSDOS_FS is not set
+# CONFIG_VFAT_FS is not set
+# CONFIG_NTFS_FS is not set
+
+#
+# Pseudo filesystems
+#
+CONFIG_PROC_FS=y
+CONFIG_PROC_KCORE=y
+CONFIG_PROC_SYSCTL=y
+CONFIG_PROC_PAGE_MONITOR=y
+CONFIG_KERNFS=y
+CONFIG_SYSFS=y
+CONFIG_TMPFS=y
+# CONFIG_TMPFS_POSIX_ACL is not set
+# CONFIG_TMPFS_XATTR is not set
+# CONFIG_HUGETLBFS is not set
+# CONFIG_HUGETLB_PAGE is not set
+# CONFIG_CONFIGFS_FS is not set
+CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ADFS_FS is not set
+# CONFIG_AFFS_FS is not set
+# CONFIG_HFS_FS is not set
+# CONFIG_HFSPLUS_FS is not set
+# CONFIG_BEFS_FS is not set
+# CONFIG_BFS_FS is not set
+# CONFIG_EFS_FS is not set
+# CONFIG_LOGFS is not set
+# CONFIG_CRAMFS is not set
+# CONFIG_SQUASHFS is not set
+# CONFIG_VXFS_FS is not set
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
+# CONFIG_HPFS_FS is not set
+# CONFIG_QNX4FS_FS is not set
+# CONFIG_QNX6FS_FS is not set
+# CONFIG_ROMFS_FS is not set
+# CONFIG_PSTORE is not set
+# CONFIG_SYSV_FS is not set
+# CONFIG_UFS_FS is not set
+CONFIG_NETWORK_FILESYSTEMS=y
+# CONFIG_NFS_FS is not set
+# CONFIG_NFSD is not set
+# CONFIG_CEPH_FS is not set
+# CONFIG_CIFS is not set
+# CONFIG_NCP_FS is not set
+# CONFIG_CODA_FS is not set
+# CONFIG_AFS_FS is not set
+CONFIG_9P_FS=y
+CONFIG_9P_FS_POSIX_ACL=y
+# CONFIG_9P_FS_SECURITY is not set
+CONFIG_NLS=y
+CONFIG_NLS_DEFAULT="iso8859-1"
+# CONFIG_NLS_CODEPAGE_437 is not set
+# CONFIG_NLS_CODEPAGE_737 is not set
+# CONFIG_NLS_CODEPAGE_775 is not set
+# CONFIG_NLS_CODEPAGE_850 is not set
+# CONFIG_NLS_CODEPAGE_852 is not set
+# CONFIG_NLS_CODEPAGE_855 is not set
+# CONFIG_NLS_CODEPAGE_857 is not set
+# CONFIG_NLS_CODEPAGE_860 is not set
+# CONFIG_NLS_CODEPAGE_861 is not set
+# CONFIG_NLS_CODEPAGE_862 is not set
+# CONFIG_NLS_CODEPAGE_863 is not set
+# CONFIG_NLS_CODEPAGE_864 is not set
+# CONFIG_NLS_CODEPAGE_865 is not set
+# CONFIG_NLS_CODEPAGE_866 is not set
+# CONFIG_NLS_CODEPAGE_869 is not set
+# CONFIG_NLS_CODEPAGE_936 is not set
+# CONFIG_NLS_CODEPAGE_950 is not set
+# CONFIG_NLS_CODEPAGE_932 is not set
+# CONFIG_NLS_CODEPAGE_949 is not set
+# CONFIG_NLS_CODEPAGE_874 is not set
+# CONFIG_NLS_ISO8859_8 is not set
+# CONFIG_NLS_CODEPAGE_1250 is not set
+# CONFIG_NLS_CODEPAGE_1251 is not set
+# CONFIG_NLS_ASCII is not set
+# CONFIG_NLS_ISO8859_1 is not set
+# CONFIG_NLS_ISO8859_2 is not set
+# CONFIG_NLS_ISO8859_3 is not set
+# CONFIG_NLS_ISO8859_4 is not set
+# CONFIG_NLS_ISO8859_5 is not set
+# CONFIG_NLS_ISO8859_6 is not set
+# CONFIG_NLS_ISO8859_7 is not set
+# CONFIG_NLS_ISO8859_9 is not set
+# CONFIG_NLS_ISO8859_13 is not set
+# CONFIG_NLS_ISO8859_14 is not set
+# CONFIG_NLS_ISO8859_15 is not set
+# CONFIG_NLS_KOI8_R is not set
+# CONFIG_NLS_KOI8_U is not set
+# CONFIG_NLS_MAC_ROMAN is not set
+# CONFIG_NLS_MAC_CELTIC is not set
+# CONFIG_NLS_MAC_CENTEURO is not set
+# CONFIG_NLS_MAC_CROATIAN is not set
+# CONFIG_NLS_MAC_CYRILLIC is not set
+# CONFIG_NLS_MAC_GAELIC is not set
+# CONFIG_NLS_MAC_GREEK is not set
+# CONFIG_NLS_MAC_ICELAND is not set
+# CONFIG_NLS_MAC_INUIT is not set
+# CONFIG_NLS_MAC_ROMANIAN is not set
+# CONFIG_NLS_MAC_TURKISH is not set
+# CONFIG_NLS_UTF8 is not set
+
+#
+# Kernel hacking
+#
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
+
+#
+# printk and dmesg options
+#
+# CONFIG_PRINTK_TIME is not set
+CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
+# CONFIG_BOOT_PRINTK_DELAY is not set
+
+#
+# Compile-time checks and compiler options
+#
+CONFIG_DEBUG_INFO=y
+# CONFIG_DEBUG_INFO_REDUCED is not set
+# CONFIG_DEBUG_INFO_SPLIT is not set
+# CONFIG_DEBUG_INFO_DWARF4 is not set
+# CONFIG_GDB_SCRIPTS is not set
+CONFIG_ENABLE_WARN_DEPRECATED=y
+CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_FRAME_WARN=1024
+# CONFIG_STRIP_ASM_SYMS is not set
+# CONFIG_READABLE_ASM is not set
+# CONFIG_UNUSED_SYMBOLS is not set
+# CONFIG_PAGE_OWNER is not set
+# CONFIG_DEBUG_FS is not set
+# CONFIG_HEADERS_CHECK is not set
+# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_ARCH_WANT_FRAME_POINTERS=y
+CONFIG_FRAME_POINTER=y
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
+# CONFIG_MAGIC_SYSRQ is not set
+CONFIG_DEBUG_KERNEL=y
+
+#
+# Memory Debugging
+#
+# CONFIG_PAGE_EXTENSION is not set
+# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_DEBUG_OBJECTS is not set
+# CONFIG_DEBUG_SLAB is not set
+CONFIG_HAVE_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
+# CONFIG_DEBUG_STACK_USAGE is not set
+# CONFIG_DEBUG_VM is not set
+# CONFIG_DEBUG_VIRTUAL is not set
+CONFIG_DEBUG_MEMORY_INIT=y
+CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_HAVE_ARCH_KMEMCHECK=y
+CONFIG_HAVE_ARCH_KASAN=y
+CONFIG_KASAN_SHADOW_OFFSET=0xdffffc0000000000
+# CONFIG_DEBUG_SHIRQ is not set
+
+#
+# Debug Lockups and Hangs
+#
+# CONFIG_LOCKUP_DETECTOR is not set
+CONFIG_DETECT_HUNG_TASK=y
+CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
+# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
+CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_PANIC_ON_OOPS is not set
+CONFIG_PANIC_ON_OOPS_VALUE=0
+CONFIG_PANIC_TIMEOUT=0
+# CONFIG_SCHED_DEBUG is not set
+# CONFIG_SCHEDSTATS is not set
+# CONFIG_SCHED_STACK_END_CHECK is not set
+# CONFIG_DEBUG_TIMEKEEPING is not set
+# CONFIG_TIMER_STATS is not set
+
+#
+# Lock Debugging (spinlocks, mutexes, etc...)
+#
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_LOCK_STAT is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_LOCK_TORTURE_TEST is not set
+# CONFIG_STACKTRACE is not set
+# CONFIG_DEBUG_KOBJECT is not set
+CONFIG_DEBUG_BUGVERBOSE=y
+# CONFIG_DEBUG_LIST is not set
+# CONFIG_DEBUG_PI_LIST is not set
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_NOTIFIERS is not set
+# CONFIG_DEBUG_CREDENTIALS is not set
+
+#
+# RCU Debugging
+#
+# CONFIG_PROVE_RCU is not set
+# CONFIG_SPARSE_RCU_POINTER is not set
+# CONFIG_TORTURE_TEST is not set
+# CONFIG_RCU_TORTURE_TEST is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
+# CONFIG_NOTIFIER_ERROR_INJECTION is not set
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_LATENCYTOP is not set
+CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
+# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
+CONFIG_USER_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_FUNCTION_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
+CONFIG_HAVE_DYNAMIC_FTRACE=y
+CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
+CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
+CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
+CONFIG_HAVE_FENTRY=y
+CONFIG_HAVE_C_RECORDMCOUNT=y
+CONFIG_TRACING_SUPPORT=y
+CONFIG_FTRACE=y
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_SCHED_TRACER is not set
+# CONFIG_ENABLE_DEFAULT_TRACERS is not set
+# CONFIG_FTRACE_SYSCALLS is not set
+# CONFIG_TRACER_SNAPSHOT is not set
+CONFIG_BRANCH_PROFILE_NONE=y
+# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
+# CONFIG_PROFILE_ALL_BRANCHES is not set
+# CONFIG_STACK_TRACER is not set
+# CONFIG_BLK_DEV_IO_TRACE is not set
+# CONFIG_UPROBE_EVENT is not set
+# CONFIG_PROBE_EVENTS is not set
+# CONFIG_MMIOTRACE is not set
+# CONFIG_TRACEPOINT_BENCHMARK is not set
+
+#
+# Runtime Testing
+#
+# CONFIG_TEST_LIST_SORT is not set
+# CONFIG_BACKTRACE_SELF_TEST is not set
+# CONFIG_RBTREE_TEST is not set
+# CONFIG_ATOMIC64_SELFTEST is not set
+# CONFIG_TEST_HEXDUMP is not set
+# CONFIG_TEST_STRING_HELPERS is not set
+# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_TEST_RHASHTABLE is not set
+# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
+# CONFIG_DMA_API_DEBUG is not set
+# CONFIG_TEST_FIRMWARE is not set
+# CONFIG_TEST_UDELAY is not set
+# CONFIG_MEMTEST is not set
+# CONFIG_SAMPLES is not set
+CONFIG_HAVE_ARCH_KGDB=y
+# CONFIG_KGDB is not set
+# CONFIG_STRICT_DEVMEM is not set
+CONFIG_X86_VERBOSE_BOOTUP=y
+CONFIG_EARLY_PRINTK=y
+# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_X86_PTDUMP is not set
+CONFIG_DEBUG_RODATA=y
+CONFIG_DEBUG_RODATA_TEST=y
+CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
+# CONFIG_IOMMU_DEBUG is not set
+# CONFIG_IOMMU_STRESS is not set
+CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+CONFIG_IO_DELAY_TYPE_0X80=0
+CONFIG_IO_DELAY_TYPE_0XED=1
+CONFIG_IO_DELAY_TYPE_UDELAY=2
+CONFIG_IO_DELAY_TYPE_NONE=3
+CONFIG_IO_DELAY_0X80=y
+# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_UDELAY is not set
+# CONFIG_IO_DELAY_NONE is not set
+CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_CPA_DEBUG is not set
+# CONFIG_OPTIMIZE_INLINING is not set
+# CONFIG_DEBUG_NMI_SELFTEST is not set
+# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
+
+#
+# Security options
+#
+# CONFIG_KEYS is not set
+# CONFIG_SECURITY_DMESG_RESTRICT is not set
+# CONFIG_SECURITY is not set
+# CONFIG_SECURITYFS is not set
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
+CONFIG_CRYPTO=y
+
+#
+# Crypto core or helper
+#
+CONFIG_CRYPTO_ALGAPI=y
+CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_BLKCIPHER=y
+CONFIG_CRYPTO_BLKCIPHER2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_RNG=y
+CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_PCOMP=y
+CONFIG_CRYPTO_PCOMP2=y
+CONFIG_CRYPTO_MANAGER=y
+CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
+CONFIG_CRYPTO_GF128MUL=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_CRYPTD=y
+# CONFIG_CRYPTO_MCRYPTD is not set
+CONFIG_CRYPTO_AUTHENC=y
+CONFIG_CRYPTO_ABLK_HELPER=y
+CONFIG_CRYPTO_GLUE_HELPER_X86=y
+
+#
+# Authenticated Encryption with Associated Data
+#
+CONFIG_CRYPTO_CCM=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_SEQIV=y
+
+#
+# Block modes
+#
+CONFIG_CRYPTO_CBC=y
+CONFIG_CRYPTO_CTR=y
+# CONFIG_CRYPTO_CTS is not set
+CONFIG_CRYPTO_ECB=y
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=y
+CONFIG_CRYPTO_XTS=y
+
+#
+# Hash modes
+#
+CONFIG_CRYPTO_CMAC=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=y
+# CONFIG_CRYPTO_VMAC is not set
+
+#
+# Digest
+#
+CONFIG_CRYPTO_CRC32C=y
+# CONFIG_CRYPTO_CRC32C_INTEL is not set
+# CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_PCLMUL is not set
+# CONFIG_CRYPTO_CRCT10DIF is not set
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_MD4=y
+CONFIG_CRYPTO_MD5=y
+CONFIG_CRYPTO_MICHAEL_MIC=y
+CONFIG_CRYPTO_RMD128=y
+CONFIG_CRYPTO_RMD160=y
+CONFIG_CRYPTO_RMD256=y
+CONFIG_CRYPTO_RMD320=y
+CONFIG_CRYPTO_SHA1=y
+# CONFIG_CRYPTO_SHA1_SSSE3 is not set
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
+# CONFIG_CRYPTO_SHA1_MB is not set
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=y
+CONFIG_CRYPTO_TGR192=y
+CONFIG_CRYPTO_WP512=y
+# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
+
+#
+# Ciphers
+#
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=y
+CONFIG_CRYPTO_ARC4=y
+CONFIG_CRYPTO_BLOWFISH=y
+CONFIG_CRYPTO_BLOWFISH_COMMON=y
+CONFIG_CRYPTO_BLOWFISH_X86_64=y
+CONFIG_CRYPTO_CAMELLIA=y
+CONFIG_CRYPTO_CAMELLIA_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
+CONFIG_CRYPTO_CAST_COMMON=y
+CONFIG_CRYPTO_CAST5=y
+CONFIG_CRYPTO_CAST5_AVX_X86_64=y
+CONFIG_CRYPTO_CAST6=y
+CONFIG_CRYPTO_CAST6_AVX_X86_64=y
+CONFIG_CRYPTO_DES=y
+# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set
+CONFIG_CRYPTO_FCRYPT=y
+CONFIG_CRYPTO_KHAZAD=y
+CONFIG_CRYPTO_SALSA20=y
+CONFIG_CRYPTO_SALSA20_X86_64=y
+CONFIG_CRYPTO_SEED=y
+CONFIG_CRYPTO_SERPENT=y
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y
+CONFIG_CRYPTO_TEA=y
+CONFIG_CRYPTO_TWOFISH=y
+CONFIG_CRYPTO_TWOFISH_COMMON=y
+CONFIG_CRYPTO_TWOFISH_X86_64=y
+CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y
+
+#
+# Compression
+#
+CONFIG_CRYPTO_DEFLATE=y
+CONFIG_CRYPTO_ZLIB=y
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_LZ4=y
+CONFIG_CRYPTO_LZ4HC=y
+
+#
+# Random Number Generation
+#
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+# CONFIG_CRYPTO_DRBG_MENU is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+# CONFIG_CRYPTO_USER_API_RNG is not set
+# CONFIG_CRYPTO_HW is not set
+CONFIG_HAVE_KVM=y
+CONFIG_VIRTUALIZATION=y
+# CONFIG_KVM is not set
+# CONFIG_BINARY_PRINTF is not set
+
+#
+# Library routines
+#
+CONFIG_BITREVERSE=y
+# CONFIG_HAVE_ARCH_BITREVERSE is not set
+CONFIG_GENERIC_STRNCPY_FROM_USER=y
+CONFIG_GENERIC_STRNLEN_USER=y
+CONFIG_GENERIC_NET_UTILS=y
+CONFIG_GENERIC_FIND_FIRST_BIT=y
+CONFIG_GENERIC_PCI_IOMAP=y
+CONFIG_GENERIC_IOMAP=y
+CONFIG_GENERIC_IO=y
+CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
+CONFIG_CRC_CCITT=y
+CONFIG_CRC16=y
+# CONFIG_CRC_T10DIF is not set
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC32=y
+# CONFIG_CRC32_SELFTEST is not set
+CONFIG_CRC32_SLICEBY8=y
+# CONFIG_CRC32_SLICEBY4 is not set
+# CONFIG_CRC32_SARWATE is not set
+# CONFIG_CRC32_BIT is not set
+CONFIG_CRC7=y
+CONFIG_LIBCRC32C=y
+# CONFIG_CRC8 is not set
+# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set
+# CONFIG_RANDOM32_SELFTEST is not set
+CONFIG_ZLIB_INFLATE=y
+CONFIG_ZLIB_DEFLATE=y
+CONFIG_LZO_COMPRESS=y
+CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_COMPRESS=y
+CONFIG_LZ4HC_COMPRESS=y
+CONFIG_LZ4_DECOMPRESS=y
+# CONFIG_XZ_DEC is not set
+# CONFIG_XZ_DEC_BCJ is not set
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=y
+CONFIG_TEXTSEARCH_BM=y
+CONFIG_TEXTSEARCH_FSM=y
+CONFIG_HAS_IOMEM=y
+CONFIG_HAS_IOPORT_MAP=y
+CONFIG_HAS_DMA=y
+CONFIG_DQL=y
+CONFIG_NLATTR=y
+CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
+CONFIG_AVERAGE=y
+# CONFIG_CORDIC is not set
+# CONFIG_DDR is not set
+CONFIG_ARCH_HAS_SG_CHAIN=y
diff --git a/testing/config/kernel/config-4.2 b/testing/config/kernel/config-4.2
new file mode 100644
index 000000000..72d5b93dd
--- /dev/null
+++ b/testing/config/kernel/config-4.2
@@ -0,0 +1,2266 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Linux/x86 4.2.0 Kernel Configuration
+#
+CONFIG_64BIT=y
+CONFIG_X86_64=y
+CONFIG_X86=y
+CONFIG_INSTRUCTION_DECODER=y
+CONFIG_PERF_EVENTS_INTEL_UNCORE=y
+CONFIG_OUTPUT_FORMAT="elf64-x86-64"
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
+CONFIG_LOCKDEP_SUPPORT=y
+CONFIG_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_LATENCYTOP_SUPPORT=y
+CONFIG_MMU=y
+CONFIG_NEED_DMA_MAP_STATE=y
+CONFIG_NEED_SG_DMA_LENGTH=y
+CONFIG_GENERIC_ISA_DMA=y
+CONFIG_GENERIC_BUG=y
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
+CONFIG_GENERIC_HWEIGHT=y
+CONFIG_ARCH_MAY_HAVE_PC_FDC=y
+CONFIG_RWSEM_XCHGADD_ALGORITHM=y
+CONFIG_GENERIC_CALIBRATE_DELAY=y
+CONFIG_ARCH_HAS_CPU_RELAX=y
+CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
+CONFIG_HAVE_SETUP_PER_CPU_AREA=y
+CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
+CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
+CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_SUSPEND_POSSIBLE=y
+CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
+CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
+CONFIG_ZONE_DMA32=y
+CONFIG_AUDIT_ARCH=y
+CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
+CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
+CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
+CONFIG_ARCH_SUPPORTS_UPROBES=y
+CONFIG_FIX_EARLYCON_MEM=y
+CONFIG_PGTABLE_LEVELS=4
+CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_EXTABLE_SORT=y
+
+#
+# General setup
+#
+CONFIG_BROKEN_ON_SMP=y
+CONFIG_INIT_ENV_ARG_LIMIT=32
+CONFIG_CROSS_COMPILE=""
+# CONFIG_COMPILE_TEST is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
+CONFIG_HAVE_KERNEL_GZIP=y
+CONFIG_HAVE_KERNEL_BZIP2=y
+CONFIG_HAVE_KERNEL_LZMA=y
+CONFIG_HAVE_KERNEL_XZ=y
+CONFIG_HAVE_KERNEL_LZO=y
+CONFIG_HAVE_KERNEL_LZ4=y
+CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_BZIP2 is not set
+# CONFIG_KERNEL_LZMA is not set
+# CONFIG_KERNEL_XZ is not set
+# CONFIG_KERNEL_LZO is not set
+# CONFIG_KERNEL_LZ4 is not set
+CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_SWAP=y
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+CONFIG_CROSS_MEMORY_ATTACH=y
+# CONFIG_FHANDLE is not set
+CONFIG_USELIB=y
+# CONFIG_AUDIT is not set
+CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+
+#
+# IRQ subsystem
+#
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_IRQ_DOMAIN=y
+CONFIG_IRQ_DOMAIN_HIERARCHY=y
+CONFIG_GENERIC_MSI_IRQ=y
+CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
+CONFIG_IRQ_FORCED_THREADING=y
+CONFIG_SPARSE_IRQ=y
+CONFIG_CLOCKSOURCE_WATCHDOG=y
+CONFIG_ARCH_CLOCKSOURCE_DATA=y
+CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
+CONFIG_GENERIC_TIME_VSYSCALL=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
+CONFIG_GENERIC_CMOS_UPDATE=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
+# CONFIG_IRQ_TIME_ACCOUNTING is not set
+CONFIG_BSD_PROCESS_ACCT=y
+# CONFIG_BSD_PROCESS_ACCT_V3 is not set
+# CONFIG_TASKSTATS is not set
+
+#
+# RCU Subsystem
+#
+CONFIG_TINY_RCU=y
+# CONFIG_RCU_EXPERT is not set
+CONFIG_SRCU=y
+# CONFIG_TASKS_RCU is not set
+# CONFIG_RCU_STALL_COMMON is not set
+# CONFIG_TREE_RCU_TRACE is not set
+# CONFIG_RCU_EXPEDITE_BOOT is not set
+CONFIG_BUILD_BIN2C=y
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=14
+CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
+CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
+CONFIG_ARCH_SUPPORTS_INT128=y
+# CONFIG_CGROUPS is not set
+# CONFIG_CHECKPOINT_RESTORE is not set
+CONFIG_NAMESPACES=y
+# CONFIG_UTS_NS is not set
+# CONFIG_IPC_NS is not set
+# CONFIG_USER_NS is not set
+# CONFIG_PID_NS is not set
+# CONFIG_NET_NS is not set
+# CONFIG_SCHED_AUTOGROUP is not set
+# CONFIG_SYSFS_DEPRECATED is not set
+# CONFIG_RELAY is not set
+# CONFIG_BLK_DEV_INITRD is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_SYSCTL=y
+CONFIG_ANON_INODES=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
+CONFIG_BPF=y
+# CONFIG_EXPERT is not set
+CONFIG_MULTIUSER=y
+CONFIG_SGETMASK_SYSCALL=y
+CONFIG_SYSFS_SYSCALL=y
+# CONFIG_SYSCTL_SYSCALL is not set
+CONFIG_KALLSYMS=y
+# CONFIG_KALLSYMS_ALL is not set
+CONFIG_PRINTK=y
+CONFIG_BUG=y
+CONFIG_ELF_CORE=y
+CONFIG_PCSPKR_PLATFORM=y
+CONFIG_BASE_FULL=y
+CONFIG_FUTEX=y
+CONFIG_EPOLL=y
+CONFIG_SIGNALFD=y
+CONFIG_TIMERFD=y
+CONFIG_EVENTFD=y
+# CONFIG_BPF_SYSCALL is not set
+CONFIG_SHMEM=y
+CONFIG_AIO=y
+CONFIG_ADVISE_SYSCALLS=y
+CONFIG_PCI_QUIRKS=y
+# CONFIG_EMBEDDED is not set
+CONFIG_HAVE_PERF_EVENTS=y
+
+#
+# Kernel Performance Events And Counters
+#
+CONFIG_PERF_EVENTS=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
+CONFIG_VM_EVENT_COUNTERS=y
+CONFIG_COMPAT_BRK=y
+CONFIG_SLAB=y
+# CONFIG_SLUB is not set
+# CONFIG_PROFILING is not set
+CONFIG_HAVE_OPROFILE=y
+CONFIG_OPROFILE_NMI_TIMER=y
+# CONFIG_JUMP_LABEL is not set
+# CONFIG_UPROBES is not set
+# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
+CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
+CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_HAVE_IOREMAP_PROT=y
+CONFIG_HAVE_KPROBES=y
+CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_OPTPROBES=y
+CONFIG_HAVE_KPROBES_ON_FTRACE=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_DMA_ATTRS=y
+CONFIG_HAVE_DMA_CONTIGUOUS=y
+CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
+CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
+CONFIG_HAVE_DMA_API_DEBUG=y
+CONFIG_HAVE_HW_BREAKPOINT=y
+CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
+CONFIG_HAVE_USER_RETURN_NOTIFIER=y
+CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_PERF_REGS=y
+CONFIG_HAVE_PERF_USER_STACK_DUMP=y
+CONFIG_HAVE_ARCH_JUMP_LABEL=y
+CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
+CONFIG_HAVE_CMPXCHG_LOCAL=y
+CONFIG_HAVE_CMPXCHG_DOUBLE=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_HAVE_CC_STACKPROTECTOR=y
+CONFIG_CC_STACKPROTECTOR=y
+# CONFIG_CC_STACKPROTECTOR_NONE is not set
+CONFIG_CC_STACKPROTECTOR_REGULAR=y
+# CONFIG_CC_STACKPROTECTOR_STRONG is not set
+CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
+CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
+CONFIG_HAVE_ARCH_HUGE_VMAP=y
+CONFIG_HAVE_ARCH_SOFT_DIRTY=y
+CONFIG_MODULES_USE_ELF_RELA=y
+CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
+CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
+CONFIG_HAVE_COPY_THREAD_TLS=y
+
+#
+# GCOV-based kernel profiling
+#
+CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
+# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
+CONFIG_SLABINFO=y
+CONFIG_RT_MUTEXES=y
+CONFIG_BASE_SMALL=0
+# CONFIG_MODULES is not set
+CONFIG_MODULES_TREE_LOOKUP=y
+CONFIG_BLOCK=y
+# CONFIG_BLK_DEV_BSG is not set
+# CONFIG_BLK_DEV_BSGLIB is not set
+# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_CMDLINE_PARSER is not set
+
+#
+# Partition Types
+#
+# CONFIG_PARTITION_ADVANCED is not set
+CONFIG_MSDOS_PARTITION=y
+CONFIG_EFI_PARTITION=y
+
+#
+# IO Schedulers
+#
+CONFIG_IOSCHED_NOOP=y
+CONFIG_IOSCHED_DEADLINE=y
+CONFIG_IOSCHED_CFQ=y
+# CONFIG_DEFAULT_DEADLINE is not set
+CONFIG_DEFAULT_CFQ=y
+# CONFIG_DEFAULT_NOOP is not set
+CONFIG_DEFAULT_IOSCHED="cfq"
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
+CONFIG_INLINE_READ_UNLOCK=y
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
+CONFIG_INLINE_WRITE_UNLOCK=y
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
+CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y
+CONFIG_ARCH_USE_QUEUED_RWLOCKS=y
+CONFIG_FREEZER=y
+
+#
+# Processor type and features
+#
+CONFIG_ZONE_DMA=y
+# CONFIG_SMP is not set
+CONFIG_X86_FEATURE_NAMES=y
+CONFIG_X86_MPPARSE=y
+CONFIG_X86_EXTENDED_PLATFORM=y
+# CONFIG_X86_GOLDFISH is not set
+# CONFIG_X86_INTEL_LPSS is not set
+# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
+CONFIG_IOSF_MBI=y
+CONFIG_SCHED_OMIT_FRAME_POINTER=y
+# CONFIG_HYPERVISOR_GUEST is not set
+CONFIG_NO_BOOTMEM=y
+# CONFIG_MK8 is not set
+# CONFIG_MPSC is not set
+CONFIG_MCORE2=y
+# CONFIG_MATOM is not set
+# CONFIG_GENERIC_CPU is not set
+CONFIG_X86_INTERNODE_CACHE_SHIFT=6
+CONFIG_X86_L1_CACHE_SHIFT=6
+CONFIG_X86_INTEL_USERCOPY=y
+CONFIG_X86_USE_PPRO_CHECKSUM=y
+CONFIG_X86_P6_NOP=y
+CONFIG_X86_TSC=y
+CONFIG_X86_CMPXCHG64=y
+CONFIG_X86_CMOV=y
+CONFIG_X86_MINIMUM_CPU_FAMILY=64
+CONFIG_X86_DEBUGCTLMSR=y
+CONFIG_CPU_SUP_INTEL=y
+CONFIG_CPU_SUP_AMD=y
+CONFIG_CPU_SUP_CENTAUR=y
+CONFIG_HPET_TIMER=y
+CONFIG_DMI=y
+CONFIG_GART_IOMMU=y
+# CONFIG_CALGARY_IOMMU is not set
+CONFIG_SWIOTLB=y
+CONFIG_IOMMU_HELPER=y
+CONFIG_NR_CPUS=1
+CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT is not set
+CONFIG_UP_LATE_INIT=y
+CONFIG_X86_LOCAL_APIC=y
+CONFIG_X86_IO_APIC=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
+# CONFIG_X86_MCE is not set
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
+CONFIG_X86_VSYSCALL_EMULATION=y
+# CONFIG_I8K is not set
+# CONFIG_MICROCODE is not set
+# CONFIG_X86_MSR is not set
+# CONFIG_X86_CPUID is not set
+CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
+CONFIG_ARCH_DMA_ADDR_T_64BIT=y
+CONFIG_X86_DIRECT_GBPAGES=y
+CONFIG_ARCH_SPARSEMEM_ENABLE=y
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y
+CONFIG_ARCH_SELECT_MEMORY_MODEL=y
+CONFIG_ARCH_MEMORY_PROBE=y
+CONFIG_ARCH_PROC_KCORE_TEXT=y
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
+CONFIG_SELECT_MEMORY_MODEL=y
+CONFIG_SPARSEMEM_MANUAL=y
+CONFIG_SPARSEMEM=y
+CONFIG_HAVE_MEMORY_PRESENT=y
+CONFIG_SPARSEMEM_EXTREME=y
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
+CONFIG_SPARSEMEM_VMEMMAP=y
+CONFIG_HAVE_MEMBLOCK=y
+CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_ARCH_DISCARD_MEMBLOCK=y
+CONFIG_MEMORY_ISOLATION=y
+CONFIG_HAVE_BOOTMEM_INFO_NODE=y
+CONFIG_MEMORY_HOTPLUG=y
+CONFIG_MEMORY_HOTPLUG_SPARSE=y
+CONFIG_MEMORY_HOTREMOVE=y
+CONFIG_PAGEFLAGS_EXTENDED=y
+CONFIG_SPLIT_PTLOCK_CPUS=4
+CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
+CONFIG_MEMORY_BALLOON=y
+# CONFIG_COMPACTION is not set
+CONFIG_MIGRATION=y
+CONFIG_PHYS_ADDR_T_64BIT=y
+CONFIG_ZONE_DMA_FLAG=1
+CONFIG_BOUNCE=y
+CONFIG_VIRT_TO_BUS=y
+# CONFIG_KSM is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+# CONFIG_TRANSPARENT_HUGEPAGE is not set
+CONFIG_NEED_PER_CPU_KM=y
+# CONFIG_CLEANCACHE is not set
+# CONFIG_FRONTSWAP is not set
+# CONFIG_CMA is not set
+# CONFIG_ZPOOL is not set
+# CONFIG_ZBUD is not set
+# CONFIG_ZSMALLOC is not set
+CONFIG_GENERIC_EARLY_IOREMAP=y
+CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
+# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
+# CONFIG_X86_PMEM_LEGACY is not set
+# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
+CONFIG_X86_RESERVE_LOW=64
+CONFIG_MTRR=y
+CONFIG_MTRR_SANITIZER=y
+CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
+CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
+CONFIG_X86_PAT=y
+CONFIG_ARCH_USES_PG_UNCACHED=y
+CONFIG_ARCH_RANDOM=y
+CONFIG_X86_SMAP=y
+# CONFIG_X86_INTEL_MPX is not set
+# CONFIG_EFI is not set
+CONFIG_SECCOMP=y
+# CONFIG_HZ_100 is not set
+CONFIG_HZ_250=y
+# CONFIG_HZ_300 is not set
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=250
+CONFIG_SCHED_HRTICK=y
+# CONFIG_KEXEC is not set
+# CONFIG_CRASH_DUMP is not set
+CONFIG_PHYSICAL_START=0x1000000
+CONFIG_RELOCATABLE=y
+# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_CMDLINE_BOOL is not set
+CONFIG_HAVE_LIVEPATCH=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
+
+#
+# Power management and ACPI options
+#
+CONFIG_SUSPEND=y
+CONFIG_SUSPEND_FREEZER=y
+# CONFIG_HIBERNATION is not set
+CONFIG_PM_SLEEP=y
+# CONFIG_PM_AUTOSLEEP is not set
+# CONFIG_PM_WAKELOCKS is not set
+CONFIG_PM=y
+# CONFIG_PM_DEBUG is not set
+# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_ACPI=y
+CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
+CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
+CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
+CONFIG_ACPI_SLEEP=y
+# CONFIG_ACPI_PROCFS_POWER is not set
+CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
+# CONFIG_ACPI_EC_DEBUGFS is not set
+CONFIG_ACPI_AC=y
+CONFIG_ACPI_BATTERY=y
+CONFIG_ACPI_BUTTON=y
+CONFIG_ACPI_FAN=y
+# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_PROCESSOR=y
+# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
+CONFIG_ACPI_THERMAL=y
+# CONFIG_ACPI_CUSTOM_DSDT is not set
+# CONFIG_ACPI_DEBUG is not set
+# CONFIG_ACPI_PCI_SLOT is not set
+CONFIG_X86_PM_TIMER=y
+# CONFIG_ACPI_CONTAINER is not set
+# CONFIG_ACPI_HOTPLUG_MEMORY is not set
+CONFIG_ACPI_HOTPLUG_IOAPIC=y
+# CONFIG_ACPI_SBS is not set
+# CONFIG_ACPI_HED is not set
+# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
+# CONFIG_ACPI_NFIT is not set
+CONFIG_HAVE_ACPI_APEI=y
+CONFIG_HAVE_ACPI_APEI_NMI=y
+# CONFIG_ACPI_APEI is not set
+# CONFIG_PMIC_OPREGION is not set
+# CONFIG_SFI is not set
+
+#
+# CPU Frequency scaling
+#
+# CONFIG_CPU_FREQ is not set
+
+#
+# CPU Idle
+#
+CONFIG_CPU_IDLE=y
+CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
+# CONFIG_INTEL_IDLE is not set
+
+#
+# Memory power savings
+#
+# CONFIG_I7300_IDLE is not set
+
+#
+# Bus options (PCI etc.)
+#
+CONFIG_PCI=y
+CONFIG_PCI_DIRECT=y
+# CONFIG_PCI_MMCONFIG is not set
+CONFIG_PCI_DOMAINS=y
+# CONFIG_PCIEPORTBUS is not set
+CONFIG_PCI_BUS_ADDR_T_64BIT=y
+CONFIG_PCI_MSI=y
+CONFIG_PCI_MSI_IRQ_DOMAIN=y
+# CONFIG_PCI_DEBUG is not set
+# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
+# CONFIG_PCI_STUB is not set
+CONFIG_HT_IRQ=y
+# CONFIG_PCI_IOV is not set
+# CONFIG_PCI_PRI is not set
+# CONFIG_PCI_PASID is not set
+CONFIG_PCI_LABEL=y
+
+#
+# PCI host controller drivers
+#
+CONFIG_ISA_DMA_API=y
+CONFIG_AMD_NB=y
+# CONFIG_PCCARD is not set
+# CONFIG_HOTPLUG_PCI is not set
+# CONFIG_RAPIDIO is not set
+# CONFIG_X86_SYSFB is not set
+
+#
+# Executable file formats / Emulations
+#
+CONFIG_BINFMT_ELF=y
+# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
+# CONFIG_HAVE_AOUT is not set
+# CONFIG_BINFMT_MISC is not set
+CONFIG_COREDUMP=y
+# CONFIG_IA32_EMULATION is not set
+CONFIG_X86_DEV_DMA_OPS=y
+CONFIG_PMC_ATOM=y
+CONFIG_NET=y
+CONFIG_NET_INGRESS=y
+
+#
+# Networking options
+#
+CONFIG_PACKET=y
+# CONFIG_PACKET_DIAG is not set
+CONFIG_UNIX=y
+# CONFIG_UNIX_DIAG is not set
+CONFIG_XFRM=y
+CONFIG_XFRM_ALGO=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_SUB_POLICY=y
+CONFIG_XFRM_MIGRATE=y
+CONFIG_XFRM_STATISTICS=y
+CONFIG_XFRM_IPCOMP=y
+CONFIG_NET_KEY=y
+CONFIG_NET_KEY_MIGRATE=y
+CONFIG_INET=y
+# CONFIG_IP_MULTICAST is not set
+CONFIG_IP_ADVANCED_ROUTER=y
+# CONFIG_IP_FIB_TRIE_STATS is not set
+CONFIG_IP_MULTIPLE_TABLES=y
+# CONFIG_IP_ROUTE_MULTIPATH is not set
+# CONFIG_IP_ROUTE_VERBOSE is not set
+CONFIG_IP_ROUTE_CLASSID=y
+# CONFIG_IP_PNP is not set
+# CONFIG_NET_IPIP is not set
+# CONFIG_NET_IPGRE_DEMUX is not set
+CONFIG_NET_IP_TUNNEL=y
+# CONFIG_SYN_COOKIES is not set
+# CONFIG_NET_IPVTI is not set
+CONFIG_NET_UDP_TUNNEL=y
+# CONFIG_NET_FOU is not set
+# CONFIG_GENEVE_CORE is not set
+CONFIG_INET_AH=y
+CONFIG_INET_ESP=y
+CONFIG_INET_IPCOMP=y
+CONFIG_INET_XFRM_TUNNEL=y
+CONFIG_INET_TUNNEL=y
+CONFIG_INET_XFRM_MODE_TRANSPORT=y
+CONFIG_INET_XFRM_MODE_TUNNEL=y
+CONFIG_INET_XFRM_MODE_BEET=y
+# CONFIG_INET_LRO is not set
+CONFIG_INET_DIAG=y
+CONFIG_INET_TCP_DIAG=y
+# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_CUBIC=y
+CONFIG_DEFAULT_TCP_CONG="cubic"
+# CONFIG_TCP_MD5SIG is not set
+CONFIG_IPV6=y
+# CONFIG_IPV6_ROUTER_PREF is not set
+CONFIG_IPV6_OPTIMISTIC_DAD=y
+CONFIG_INET6_AH=y
+CONFIG_INET6_ESP=y
+CONFIG_INET6_IPCOMP=y
+CONFIG_IPV6_MIP6=y
+CONFIG_INET6_XFRM_TUNNEL=y
+CONFIG_INET6_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_TRANSPORT=y
+CONFIG_INET6_XFRM_MODE_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_BEET=y
+# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
+# CONFIG_IPV6_VTI is not set
+# CONFIG_IPV6_SIT is not set
+CONFIG_IPV6_TUNNEL=y
+CONFIG_IPV6_GRE=y
+CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IPV6_SUBTREES=y
+# CONFIG_IPV6_MROUTE is not set
+# CONFIG_NETWORK_SECMARK is not set
+# CONFIG_NET_PTP_CLASSIFY is not set
+# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+CONFIG_NETFILTER=y
+# CONFIG_NETFILTER_DEBUG is not set
+CONFIG_NETFILTER_ADVANCED=y
+
+#
+# Core Netfilter Configuration
+#
+CONFIG_NETFILTER_INGRESS=y
+CONFIG_NETFILTER_NETLINK=y
+# CONFIG_NETFILTER_NETLINK_ACCT is not set
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_LOG_COMMON=y
+CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+# CONFIG_NF_CONNTRACK_TIMEOUT is not set
+# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
+# CONFIG_NF_CT_PROTO_DCCP is not set
+# CONFIG_NF_CT_PROTO_SCTP is not set
+CONFIG_NF_CT_PROTO_UDPLITE=y
+# CONFIG_NF_CONNTRACK_AMANDA is not set
+# CONFIG_NF_CONNTRACK_FTP is not set
+# CONFIG_NF_CONNTRACK_H323 is not set
+# CONFIG_NF_CONNTRACK_IRC is not set
+# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+# CONFIG_NF_CONNTRACK_SNMP is not set
+# CONFIG_NF_CONNTRACK_PPTP is not set
+CONFIG_NF_CONNTRACK_SANE=y
+# CONFIG_NF_CONNTRACK_SIP is not set
+# CONFIG_NF_CONNTRACK_TFTP is not set
+CONFIG_NF_CT_NETLINK=y
+# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_UDPLITE=y
+# CONFIG_NF_NAT_AMANDA is not set
+# CONFIG_NF_NAT_FTP is not set
+# CONFIG_NF_NAT_IRC is not set
+# CONFIG_NF_NAT_SIP is not set
+# CONFIG_NF_NAT_TFTP is not set
+CONFIG_NF_NAT_REDIRECT=y
+# CONFIG_NF_TABLES is not set
+CONFIG_NETFILTER_XTABLES=y
+
+#
+# Xtables combined modules
+#
+CONFIG_NETFILTER_XT_MARK=y
+CONFIG_NETFILTER_XT_CONNMARK=y
+CONFIG_NETFILTER_XT_SET=y
+
+#
+# Xtables targets
+#
+# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CT=y
+CONFIG_NETFILTER_XT_TARGET_DSCP=y
+CONFIG_NETFILTER_XT_TARGET_HL=y
+# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
+# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_NETFILTER_XT_NAT=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
+# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+# CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
+CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+
+#
+# Xtables matches
+#
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
+# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+# CONFIG_NETFILTER_XT_MATCH_CPU is not set
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HELPER=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
+# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
+CONFIG_NETFILTER_XT_MATCH_L2TP=y
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
+# CONFIG_NETFILTER_XT_MATCH_OSF is not set
+# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
+CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+# CONFIG_NETFILTER_XT_MATCH_TIME is not set
+CONFIG_NETFILTER_XT_MATCH_U32=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=y
+CONFIG_IP_SET_BITMAP_IPMAC=y
+CONFIG_IP_SET_BITMAP_PORT=y
+CONFIG_IP_SET_HASH_IP=y
+# CONFIG_IP_SET_HASH_IPMARK is not set
+CONFIG_IP_SET_HASH_IPPORT=y
+CONFIG_IP_SET_HASH_IPPORTIP=y
+CONFIG_IP_SET_HASH_IPPORTNET=y
+# CONFIG_IP_SET_HASH_MAC is not set
+# CONFIG_IP_SET_HASH_NETPORTNET is not set
+CONFIG_IP_SET_HASH_NET=y
+# CONFIG_IP_SET_HASH_NETNET is not set
+CONFIG_IP_SET_HASH_NETPORT=y
+# CONFIG_IP_SET_HASH_NETIFACE is not set
+CONFIG_IP_SET_LIST_SET=y
+# CONFIG_IP_VS is not set
+
+#
+# IP: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
+CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+# CONFIG_NF_LOG_ARP is not set
+CONFIG_NF_LOG_IPV4=y
+CONFIG_NF_REJECT_IPV4=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_NF_NAT_MASQUERADE_IPV4=y
+# CONFIG_NF_NAT_PPTP is not set
+# CONFIG_NF_NAT_H323 is not set
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=y
+CONFIG_IP_NF_MATCH_ECN=y
+# CONFIG_IP_NF_MATCH_RPFILTER is not set
+CONFIG_IP_NF_MATCH_TTL=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+# CONFIG_IP_NF_TARGET_SYNPROXY is not set
+CONFIG_IP_NF_NAT=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_TARGET_CLUSTERIP=y
+CONFIG_IP_NF_TARGET_ECN=y
+CONFIG_IP_NF_TARGET_TTL=y
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_ARPTABLES=y
+CONFIG_IP_NF_ARPFILTER=y
+CONFIG_IP_NF_ARP_MANGLE=y
+
+#
+# IPv6: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV6=y
+CONFIG_NF_CONNTRACK_IPV6=y
+CONFIG_NF_REJECT_IPV6=y
+CONFIG_NF_LOG_IPV6=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_NF_NAT_MASQUERADE_IPV6=y
+CONFIG_IP6_NF_IPTABLES=y
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+# CONFIG_IP6_NF_MATCH_RPFILTER is not set
+CONFIG_IP6_NF_MATCH_RT=y
+CONFIG_IP6_NF_TARGET_HL=y
+CONFIG_IP6_NF_FILTER=y
+CONFIG_IP6_NF_TARGET_REJECT=y
+# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
+CONFIG_IP6_NF_MANGLE=y
+CONFIG_IP6_NF_RAW=y
+# CONFIG_IP6_NF_NAT is not set
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
+# CONFIG_RDS is not set
+# CONFIG_TIPC is not set
+# CONFIG_ATM is not set
+CONFIG_L2TP=y
+# CONFIG_L2TP_V3 is not set
+# CONFIG_BRIDGE is not set
+CONFIG_HAVE_NET_DSA=y
+# CONFIG_VLAN_8021Q is not set
+# CONFIG_DECNET is not set
+# CONFIG_LLC2 is not set
+# CONFIG_IPX is not set
+# CONFIG_ATALK is not set
+# CONFIG_X25 is not set
+# CONFIG_LAPB is not set
+# CONFIG_PHONET is not set
+# CONFIG_6LOWPAN is not set
+# CONFIG_IEEE802154 is not set
+# CONFIG_NET_SCHED is not set
+# CONFIG_DCB is not set
+# CONFIG_BATMAN_ADV is not set
+# CONFIG_OPENVSWITCH is not set
+# CONFIG_VSOCKETS is not set
+# CONFIG_NETLINK_MMAP is not set
+# CONFIG_NETLINK_DIAG is not set
+# CONFIG_MPLS is not set
+# CONFIG_HSR is not set
+# CONFIG_NET_SWITCHDEV is not set
+CONFIG_NET_RX_BUSY_POLL=y
+CONFIG_BQL=y
+
+#
+# Network testing
+#
+# CONFIG_NET_PKTGEN is not set
+# CONFIG_HAMRADIO is not set
+# CONFIG_CAN is not set
+# CONFIG_IRDA is not set
+# CONFIG_BT is not set
+# CONFIG_AF_RXRPC is not set
+CONFIG_FIB_RULES=y
+CONFIG_WIRELESS=y
+# CONFIG_CFG80211 is not set
+# CONFIG_LIB80211 is not set
+
+#
+# CFG80211 needs to be enabled for MAC80211
+#
+CONFIG_MAC80211_STA_HASH_MAX_SIZE=0
+# CONFIG_WIMAX is not set
+# CONFIG_RFKILL is not set
+CONFIG_NET_9P=y
+CONFIG_NET_9P_VIRTIO=y
+# CONFIG_NET_9P_DEBUG is not set
+# CONFIG_CAIF is not set
+# CONFIG_CEPH_LIB is not set
+# CONFIG_NFC is not set
+CONFIG_HAVE_BPF_JIT=y
+
+#
+# Device Drivers
+#
+
+#
+# Generic Driver Options
+#
+CONFIG_UEVENT_HELPER=y
+CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+# CONFIG_DEVTMPFS is not set
+CONFIG_STANDALONE=y
+CONFIG_PREVENT_FIRMWARE_BUILD=y
+CONFIG_FW_LOADER=y
+CONFIG_FIRMWARE_IN_KERNEL=y
+CONFIG_EXTRA_FIRMWARE=""
+# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set
+CONFIG_ALLOW_DEV_COREDUMP=y
+# CONFIG_DEBUG_DRIVER is not set
+# CONFIG_DEBUG_DEVRES is not set
+# CONFIG_SYS_HYPERVISOR is not set
+# CONFIG_GENERIC_CPU_DEVICES is not set
+CONFIG_GENERIC_CPU_AUTOPROBE=y
+# CONFIG_DMA_SHARED_BUFFER is not set
+
+#
+# Bus devices
+#
+# CONFIG_CONNECTOR is not set
+# CONFIG_MTD is not set
+# CONFIG_OF is not set
+CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
+# CONFIG_PARPORT is not set
+CONFIG_PNP=y
+CONFIG_PNP_DEBUG_MESSAGES=y
+
+#
+# Protocols
+#
+CONFIG_PNPACPI=y
+CONFIG_BLK_DEV=y
+# CONFIG_BLK_DEV_NULL_BLK is not set
+# CONFIG_BLK_DEV_FD is not set
+# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
+# CONFIG_BLK_CPQ_CISS_DA is not set
+# CONFIG_BLK_DEV_DAC960 is not set
+# CONFIG_BLK_DEV_UMEM is not set
+# CONFIG_BLK_DEV_COW_COMMON is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+# CONFIG_BLK_DEV_DRBD is not set
+CONFIG_BLK_DEV_NBD=y
+# CONFIG_BLK_DEV_NVME is not set
+# CONFIG_BLK_DEV_SKD is not set
+# CONFIG_BLK_DEV_SX8 is not set
+# CONFIG_BLK_DEV_RAM is not set
+# CONFIG_CDROM_PKTCDVD is not set
+# CONFIG_ATA_OVER_ETH is not set
+CONFIG_VIRTIO_BLK=y
+# CONFIG_BLK_DEV_HD is not set
+# CONFIG_BLK_DEV_RBD is not set
+# CONFIG_BLK_DEV_RSXX is not set
+
+#
+# Misc devices
+#
+# CONFIG_SENSORS_LIS3LV02D is not set
+# CONFIG_DUMMY_IRQ is not set
+# CONFIG_IBM_ASM is not set
+# CONFIG_PHANTOM is not set
+# CONFIG_SGI_IOC4 is not set
+# CONFIG_TIFM_CORE is not set
+# CONFIG_ENCLOSURE_SERVICES is not set
+# CONFIG_HP_ILO is not set
+# CONFIG_SRAM is not set
+# CONFIG_C2PORT is not set
+
+#
+# EEPROM support
+#
+# CONFIG_EEPROM_93CX6 is not set
+# CONFIG_CB710_CORE is not set
+
+#
+# Texas Instruments shared transport line discipline
+#
+
+#
+# Altera FPGA firmware download module
+#
+# CONFIG_VMWARE_VMCI is not set
+
+#
+# Intel MIC Bus Driver
+#
+# CONFIG_INTEL_MIC_BUS is not set
+
+#
+# SCIF Bus Driver
+#
+# CONFIG_SCIF_BUS is not set
+
+#
+# Intel MIC Host Driver
+#
+
+#
+# Intel MIC Card Driver
+#
+
+#
+# SCIF Driver
+#
+# CONFIG_GENWQE is not set
+# CONFIG_ECHO is not set
+# CONFIG_CXL_BASE is not set
+# CONFIG_CXL_KERNEL_API is not set
+CONFIG_HAVE_IDE=y
+# CONFIG_IDE is not set
+
+#
+# SCSI device support
+#
+CONFIG_SCSI_MOD=y
+# CONFIG_RAID_ATTRS is not set
+# CONFIG_SCSI is not set
+# CONFIG_SCSI_DMA is not set
+# CONFIG_SCSI_NETLINK is not set
+# CONFIG_ATA is not set
+# CONFIG_MD is not set
+# CONFIG_FUSION is not set
+
+#
+# IEEE 1394 (FireWire) support
+#
+# CONFIG_FIREWIRE is not set
+# CONFIG_FIREWIRE_NOSY is not set
+# CONFIG_MACINTOSH_DRIVERS is not set
+CONFIG_NETDEVICES=y
+CONFIG_NET_CORE=y
+# CONFIG_BONDING is not set
+CONFIG_DUMMY=y
+# CONFIG_EQUALIZER is not set
+# CONFIG_NET_TEAM is not set
+# CONFIG_MACVLAN is not set
+# CONFIG_IPVLAN is not set
+# CONFIG_VXLAN is not set
+# CONFIG_NETCONSOLE is not set
+# CONFIG_NETPOLL is not set
+# CONFIG_NET_POLL_CONTROLLER is not set
+CONFIG_TUN=y
+# CONFIG_TUN_VNET_CROSS_LE is not set
+# CONFIG_VETH is not set
+CONFIG_VIRTIO_NET=y
+# CONFIG_NLMON is not set
+# CONFIG_ARCNET is not set
+
+#
+# CAIF transport drivers
+#
+# CONFIG_VHOST_NET is not set
+# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set
+
+#
+# Distributed Switch Architecture drivers
+#
+# CONFIG_NET_DSA_MV88E6XXX is not set
+# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set
+CONFIG_ETHERNET=y
+CONFIG_NET_VENDOR_3COM=y
+# CONFIG_VORTEX is not set
+# CONFIG_TYPHOON is not set
+CONFIG_NET_VENDOR_ADAPTEC=y
+# CONFIG_ADAPTEC_STARFIRE is not set
+CONFIG_NET_VENDOR_AGERE=y
+# CONFIG_ET131X is not set
+CONFIG_NET_VENDOR_ALTEON=y
+# CONFIG_ACENIC is not set
+# CONFIG_ALTERA_TSE is not set
+CONFIG_NET_VENDOR_AMD=y
+# CONFIG_AMD8111_ETH is not set
+# CONFIG_PCNET32 is not set
+# CONFIG_NET_VENDOR_ARC is not set
+CONFIG_NET_VENDOR_ATHEROS=y
+# CONFIG_ATL2 is not set
+# CONFIG_ATL1 is not set
+# CONFIG_ATL1E is not set
+# CONFIG_ATL1C is not set
+# CONFIG_ALX is not set
+CONFIG_NET_CADENCE=y
+# CONFIG_MACB is not set
+CONFIG_NET_VENDOR_BROADCOM=y
+# CONFIG_B44 is not set
+# CONFIG_BCMGENET is not set
+# CONFIG_BNX2 is not set
+# CONFIG_CNIC is not set
+# CONFIG_TIGON3 is not set
+# CONFIG_BNX2X is not set
+CONFIG_NET_VENDOR_BROCADE=y
+# CONFIG_BNA is not set
+CONFIG_NET_VENDOR_CAVIUM=y
+# CONFIG_THUNDER_NIC_PF is not set
+# CONFIG_THUNDER_NIC_VF is not set
+# CONFIG_THUNDER_NIC_BGX is not set
+# CONFIG_LIQUIDIO is not set
+CONFIG_NET_VENDOR_CHELSIO=y
+# CONFIG_CHELSIO_T1 is not set
+# CONFIG_CHELSIO_T3 is not set
+# CONFIG_CHELSIO_T4 is not set
+# CONFIG_CHELSIO_T4VF is not set
+CONFIG_NET_VENDOR_CISCO=y
+# CONFIG_ENIC is not set
+# CONFIG_CX_ECAT is not set
+# CONFIG_DNET is not set
+CONFIG_NET_VENDOR_DEC=y
+# CONFIG_NET_TULIP is not set
+CONFIG_NET_VENDOR_DLINK=y
+# CONFIG_DL2K is not set
+# CONFIG_SUNDANCE is not set
+CONFIG_NET_VENDOR_EMULEX=y
+# CONFIG_BE2NET is not set
+CONFIG_NET_VENDOR_EZCHIP=y
+CONFIG_NET_VENDOR_EXAR=y
+# CONFIG_S2IO is not set
+# CONFIG_VXGE is not set
+CONFIG_NET_VENDOR_HP=y
+# CONFIG_HP100 is not set
+CONFIG_NET_VENDOR_INTEL=y
+# CONFIG_E100 is not set
+# CONFIG_E1000 is not set
+# CONFIG_E1000E is not set
+# CONFIG_IGB is not set
+# CONFIG_IGBVF is not set
+# CONFIG_IXGB is not set
+# CONFIG_IXGBE is not set
+# CONFIG_IXGBEVF is not set
+# CONFIG_I40E is not set
+# CONFIG_I40EVF is not set
+# CONFIG_FM10K is not set
+CONFIG_NET_VENDOR_I825XX=y
+# CONFIG_IP1000 is not set
+# CONFIG_JME is not set
+CONFIG_NET_VENDOR_MARVELL=y
+# CONFIG_MVMDIO is not set
+# CONFIG_SKGE is not set
+# CONFIG_SKY2 is not set
+CONFIG_NET_VENDOR_MELLANOX=y
+# CONFIG_MLX4_EN is not set
+# CONFIG_MLX4_CORE is not set
+# CONFIG_MLX5_CORE is not set
+CONFIG_NET_VENDOR_MICREL=y
+# CONFIG_KS8851_MLL is not set
+# CONFIG_KSZ884X_PCI is not set
+CONFIG_NET_VENDOR_MYRI=y
+# CONFIG_MYRI10GE is not set
+# CONFIG_FEALNX is not set
+CONFIG_NET_VENDOR_NATSEMI=y
+# CONFIG_NATSEMI is not set
+# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_8390=y
+# CONFIG_NE2K_PCI is not set
+CONFIG_NET_VENDOR_NVIDIA=y
+# CONFIG_FORCEDETH is not set
+CONFIG_NET_VENDOR_OKI=y
+# CONFIG_ETHOC is not set
+CONFIG_NET_PACKET_ENGINE=y
+# CONFIG_HAMACHI is not set
+# CONFIG_YELLOWFIN is not set
+CONFIG_NET_VENDOR_QLOGIC=y
+# CONFIG_QLA3XXX is not set
+# CONFIG_QLCNIC is not set
+# CONFIG_QLGE is not set
+# CONFIG_NETXEN_NIC is not set
+CONFIG_NET_VENDOR_QUALCOMM=y
+CONFIG_NET_VENDOR_REALTEK=y
+# CONFIG_8139CP is not set
+# CONFIG_8139TOO is not set
+# CONFIG_R8169 is not set
+CONFIG_NET_VENDOR_RENESAS=y
+CONFIG_NET_VENDOR_RDC=y
+# CONFIG_R6040 is not set
+CONFIG_NET_VENDOR_ROCKER=y
+CONFIG_NET_VENDOR_SAMSUNG=y
+# CONFIG_SXGBE_ETH is not set
+CONFIG_NET_VENDOR_SEEQ=y
+CONFIG_NET_VENDOR_SILAN=y
+# CONFIG_SC92031 is not set
+CONFIG_NET_VENDOR_SIS=y
+# CONFIG_SIS900 is not set
+# CONFIG_SIS190 is not set
+# CONFIG_SFC is not set
+CONFIG_NET_VENDOR_SMSC=y
+# CONFIG_EPIC100 is not set
+# CONFIG_SMSC911X is not set
+# CONFIG_SMSC9420 is not set
+CONFIG_NET_VENDOR_STMICRO=y
+# CONFIG_STMMAC_ETH is not set
+CONFIG_NET_VENDOR_SUN=y
+# CONFIG_HAPPYMEAL is not set
+# CONFIG_SUNGEM is not set
+# CONFIG_CASSINI is not set
+# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_TEHUTI=y
+# CONFIG_TEHUTI is not set
+CONFIG_NET_VENDOR_TI=y
+# CONFIG_TI_CPSW_ALE is not set
+# CONFIG_TLAN is not set
+CONFIG_NET_VENDOR_VIA=y
+# CONFIG_VIA_RHINE is not set
+# CONFIG_VIA_VELOCITY is not set
+CONFIG_NET_VENDOR_WIZNET=y
+# CONFIG_WIZNET_W5100 is not set
+# CONFIG_WIZNET_W5300 is not set
+# CONFIG_FDDI is not set
+# CONFIG_HIPPI is not set
+# CONFIG_NET_SB1000 is not set
+# CONFIG_PHYLIB is not set
+# CONFIG_PPP is not set
+# CONFIG_SLIP is not set
+
+#
+# Host-side USB support is needed for USB Network Adapter support
+#
+CONFIG_WLAN=y
+# CONFIG_PRISM54 is not set
+# CONFIG_HOSTAP is not set
+# CONFIG_WL_MEDIATEK is not set
+# CONFIG_WL_TI is not set
+
+#
+# Enable WiMAX (Networking options) to see the WiMAX drivers
+#
+# CONFIG_WAN is not set
+# CONFIG_VMXNET3 is not set
+# CONFIG_ISDN is not set
+
+#
+# Input device support
+#
+CONFIG_INPUT=y
+# CONFIG_INPUT_FF_MEMLESS is not set
+# CONFIG_INPUT_POLLDEV is not set
+# CONFIG_INPUT_SPARSEKMAP is not set
+# CONFIG_INPUT_MATRIXKMAP is not set
+
+#
+# Userland interfaces
+#
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INPUT_MOUSEDEV_PSAUX=y
+CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
+CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+# CONFIG_INPUT_JOYDEV is not set
+CONFIG_INPUT_EVDEV=y
+# CONFIG_INPUT_EVBUG is not set
+
+#
+# Input Device Drivers
+#
+CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ATKBD=y
+# CONFIG_KEYBOARD_LKKBD is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=y
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_CYPRESS=y
+CONFIG_MOUSE_PS2_LIFEBOOK=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+# CONFIG_MOUSE_PS2_ELANTECH is not set
+# CONFIG_MOUSE_PS2_SENTELIC is not set
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+CONFIG_MOUSE_PS2_FOCALTECH=y
+# CONFIG_MOUSE_SERIAL is not set
+# CONFIG_MOUSE_APPLETOUCH is not set
+# CONFIG_MOUSE_BCM5974 is not set
+# CONFIG_MOUSE_VSXXXAA is not set
+# CONFIG_MOUSE_SYNAPTICS_USB is not set
+# CONFIG_INPUT_JOYSTICK is not set
+# CONFIG_INPUT_TABLET is not set
+# CONFIG_INPUT_TOUCHSCREEN is not set
+# CONFIG_INPUT_MISC is not set
+
+#
+# Hardware I/O ports
+#
+CONFIG_SERIO=y
+CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
+CONFIG_SERIO_I8042=y
+CONFIG_SERIO_SERPORT=y
+# CONFIG_SERIO_CT82C710 is not set
+# CONFIG_SERIO_PCIPS2 is not set
+CONFIG_SERIO_LIBPS2=y
+# CONFIG_SERIO_RAW is not set
+# CONFIG_SERIO_ALTERA_PS2 is not set
+# CONFIG_SERIO_PS2MULT is not set
+# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_GAMEPORT is not set
+
+#
+# Character devices
+#
+CONFIG_TTY=y
+CONFIG_VT=y
+CONFIG_CONSOLE_TRANSLATIONS=y
+CONFIG_VT_CONSOLE=y
+CONFIG_VT_CONSOLE_SLEEP=y
+CONFIG_HW_CONSOLE=y
+# CONFIG_VT_HW_CONSOLE_BINDING is not set
+CONFIG_UNIX98_PTYS=y
+# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
+CONFIG_LEGACY_PTYS=y
+CONFIG_LEGACY_PTY_COUNT=256
+# CONFIG_SERIAL_NONSTANDARD is not set
+# CONFIG_NOZOMI is not set
+# CONFIG_N_GSM is not set
+# CONFIG_TRACE_SINK is not set
+CONFIG_DEVMEM=y
+CONFIG_DEVKMEM=y
+
+#
+# Serial drivers
+#
+# CONFIG_SERIAL_8250 is not set
+
+#
+# Non-8250 serial port support
+#
+# CONFIG_SERIAL_JSM is not set
+# CONFIG_SERIAL_SCCNXP is not set
+# CONFIG_SERIAL_ALTERA_JTAGUART is not set
+# CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_ARC is not set
+# CONFIG_SERIAL_RP2 is not set
+# CONFIG_SERIAL_FSL_LPUART is not set
+CONFIG_HVC_DRIVER=y
+CONFIG_VIRTIO_CONSOLE=y
+# CONFIG_IPMI_HANDLER is not set
+# CONFIG_HW_RANDOM is not set
+# CONFIG_NVRAM is not set
+# CONFIG_R3964 is not set
+# CONFIG_APPLICOM is not set
+# CONFIG_MWAVE is not set
+# CONFIG_RAW_DRIVER is not set
+# CONFIG_HPET is not set
+# CONFIG_HANGCHECK_TIMER is not set
+# CONFIG_TCG_TPM is not set
+# CONFIG_TELCLOCK is not set
+CONFIG_DEVPORT=y
+# CONFIG_XILLYBUS is not set
+
+#
+# I2C support
+#
+# CONFIG_I2C is not set
+# CONFIG_SPI is not set
+# CONFIG_SPMI is not set
+# CONFIG_HSI is not set
+
+#
+# PPS support
+#
+# CONFIG_PPS is not set
+
+#
+# PPS generators support
+#
+
+#
+# PTP clock support
+#
+# CONFIG_PTP_1588_CLOCK is not set
+
+#
+# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
+#
+CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
+# CONFIG_GPIOLIB is not set
+# CONFIG_W1 is not set
+CONFIG_POWER_SUPPLY=y
+# CONFIG_POWER_SUPPLY_DEBUG is not set
+# CONFIG_PDA_POWER is not set
+# CONFIG_TEST_POWER is not set
+# CONFIG_BATTERY_DS2780 is not set
+# CONFIG_BATTERY_DS2781 is not set
+# CONFIG_BATTERY_BQ27x00 is not set
+# CONFIG_CHARGER_MAX8903 is not set
+# CONFIG_POWER_RESET is not set
+# CONFIG_POWER_AVS is not set
+CONFIG_HWMON=y
+# CONFIG_HWMON_VID is not set
+# CONFIG_HWMON_DEBUG_CHIP is not set
+
+#
+# Native drivers
+#
+# CONFIG_SENSORS_ABITUGURU is not set
+# CONFIG_SENSORS_ABITUGURU3 is not set
+# CONFIG_SENSORS_K8TEMP is not set
+# CONFIG_SENSORS_K10TEMP is not set
+# CONFIG_SENSORS_FAM15H_POWER is not set
+# CONFIG_SENSORS_APPLESMC is not set
+# CONFIG_SENSORS_DELL_SMM is not set
+# CONFIG_SENSORS_I5K_AMB is not set
+# CONFIG_SENSORS_F71805F is not set
+# CONFIG_SENSORS_F71882FG is not set
+# CONFIG_SENSORS_I5500 is not set
+# CONFIG_SENSORS_CORETEMP is not set
+# CONFIG_SENSORS_IT87 is not set
+# CONFIG_SENSORS_MAX197 is not set
+# CONFIG_SENSORS_PC87360 is not set
+# CONFIG_SENSORS_PC87427 is not set
+# CONFIG_SENSORS_NTC_THERMISTOR is not set
+# CONFIG_SENSORS_NCT6683 is not set
+# CONFIG_SENSORS_NCT6775 is not set
+# CONFIG_SENSORS_SIS5595 is not set
+# CONFIG_SENSORS_SMSC47M1 is not set
+# CONFIG_SENSORS_SMSC47B397 is not set
+# CONFIG_SENSORS_SCH56XX_COMMON is not set
+# CONFIG_SENSORS_VIA_CPUTEMP is not set
+# CONFIG_SENSORS_VIA686A is not set
+# CONFIG_SENSORS_VT1211 is not set
+# CONFIG_SENSORS_VT8231 is not set
+# CONFIG_SENSORS_W83627HF is not set
+# CONFIG_SENSORS_W83627EHF is not set
+
+#
+# ACPI drivers
+#
+# CONFIG_SENSORS_ACPI_POWER is not set
+# CONFIG_SENSORS_ATK0110 is not set
+CONFIG_THERMAL=y
+CONFIG_THERMAL_HWMON=y
+# CONFIG_THERMAL_WRITABLE_TRIPS is not set
+CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
+# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set
+# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
+CONFIG_THERMAL_GOV_STEP_WISE=y
+# CONFIG_THERMAL_GOV_BANG_BANG is not set
+# CONFIG_THERMAL_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set
+# CONFIG_THERMAL_EMULATION is not set
+# CONFIG_INTEL_POWERCLAMP is not set
+# CONFIG_INTEL_SOC_DTS_THERMAL is not set
+# CONFIG_INT340X_THERMAL is not set
+
+#
+# Texas Instruments thermal drivers
+#
+# CONFIG_WATCHDOG is not set
+CONFIG_SSB_POSSIBLE=y
+
+#
+# Sonics Silicon Backplane
+#
+# CONFIG_SSB is not set
+CONFIG_BCMA_POSSIBLE=y
+
+#
+# Broadcom specific AMBA
+#
+# CONFIG_BCMA is not set
+
+#
+# Multifunction device drivers
+#
+# CONFIG_MFD_CORE is not set
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_HTC_PASIC3 is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_KEMPLD is not set
+# CONFIG_MFD_MT6397 is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_RTSX_PCI is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_TMIO is not set
+# CONFIG_MFD_VX855 is not set
+# CONFIG_REGULATOR is not set
+# CONFIG_MEDIA_SUPPORT is not set
+
+#
+# Graphics support
+#
+# CONFIG_AGP is not set
+CONFIG_VGA_ARB=y
+CONFIG_VGA_ARB_MAX_GPUS=16
+# CONFIG_VGA_SWITCHEROO is not set
+
+#
+# Direct Rendering Manager
+#
+# CONFIG_DRM is not set
+
+#
+# Frame buffer Devices
+#
+# CONFIG_FB is not set
+# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
+# CONFIG_VGASTATE is not set
+
+#
+# Console display driver support
+#
+CONFIG_VGA_CONSOLE=y
+# CONFIG_VGACON_SOFT_SCROLLBACK is not set
+CONFIG_DUMMY_CONSOLE=y
+CONFIG_DUMMY_CONSOLE_COLUMNS=80
+CONFIG_DUMMY_CONSOLE_ROWS=25
+CONFIG_SOUND=y
+# CONFIG_SOUND_OSS_CORE is not set
+# CONFIG_SND is not set
+# CONFIG_SOUND_PRIME is not set
+
+#
+# HID support
+#
+CONFIG_HID=y
+# CONFIG_HID_BATTERY_STRENGTH is not set
+# CONFIG_HIDRAW is not set
+# CONFIG_UHID is not set
+CONFIG_HID_GENERIC=y
+
+#
+# Special HID drivers
+#
+CONFIG_HID_A4TECH=y
+# CONFIG_HID_ACRUX is not set
+CONFIG_HID_APPLE=y
+# CONFIG_HID_AUREAL is not set
+CONFIG_HID_BELKIN=y
+CONFIG_HID_CHERRY=y
+CONFIG_HID_CHICONY=y
+CONFIG_HID_CYPRESS=y
+# CONFIG_HID_DRAGONRISE is not set
+# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
+CONFIG_HID_EZKEY=y
+# CONFIG_HID_KEYTOUCH is not set
+# CONFIG_HID_KYE is not set
+# CONFIG_HID_WALTOP is not set
+# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
+# CONFIG_HID_TWINHAN is not set
+CONFIG_HID_KENSINGTON=y
+# CONFIG_HID_LCPOWER is not set
+# CONFIG_HID_LENOVO is not set
+CONFIG_HID_LOGITECH=y
+# CONFIG_HID_LOGITECH_HIDPP is not set
+# CONFIG_LOGITECH_FF is not set
+# CONFIG_LOGIRUMBLEPAD2_FF is not set
+# CONFIG_LOGIG940_FF is not set
+# CONFIG_LOGIWHEELS_FF is not set
+# CONFIG_HID_MAGICMOUSE is not set
+CONFIG_HID_MICROSOFT=y
+CONFIG_HID_MONTEREY=y
+# CONFIG_HID_MULTITOUCH is not set
+# CONFIG_HID_ORTEK is not set
+# CONFIG_HID_PANTHERLORD is not set
+# CONFIG_HID_PETALYNX is not set
+# CONFIG_HID_PICOLCD is not set
+CONFIG_HID_PLANTRONICS=y
+# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_SAITEK is not set
+# CONFIG_HID_SAMSUNG is not set
+# CONFIG_HID_SPEEDLINK is not set
+# CONFIG_HID_STEELSERIES is not set
+# CONFIG_HID_SUNPLUS is not set
+# CONFIG_HID_RMI is not set
+# CONFIG_HID_GREENASIA is not set
+# CONFIG_HID_SMARTJOYPLUS is not set
+# CONFIG_HID_TIVO is not set
+# CONFIG_HID_TOPSEED is not set
+# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_WACOM is not set
+# CONFIG_HID_XINMO is not set
+# CONFIG_HID_ZEROPLUS is not set
+# CONFIG_HID_ZYDACRON is not set
+# CONFIG_HID_SENSOR_HUB is not set
+CONFIG_USB_OHCI_LITTLE_ENDIAN=y
+CONFIG_USB_SUPPORT=y
+CONFIG_USB_ARCH_HAS_HCD=y
+# CONFIG_USB is not set
+
+#
+# USB port drivers
+#
+
+#
+# USB Physical Layer drivers
+#
+# CONFIG_USB_PHY is not set
+# CONFIG_NOP_USB_XCEIV is not set
+# CONFIG_USB_GADGET is not set
+# CONFIG_UWB is not set
+# CONFIG_MMC is not set
+# CONFIG_MEMSTICK is not set
+# CONFIG_NEW_LEDS is not set
+# CONFIG_ACCESSIBILITY is not set
+# CONFIG_INFINIBAND is not set
+CONFIG_EDAC_ATOMIC_SCRUB=y
+CONFIG_EDAC_SUPPORT=y
+# CONFIG_EDAC is not set
+CONFIG_RTC_LIB=y
+# CONFIG_RTC_CLASS is not set
+# CONFIG_DMADEVICES is not set
+# CONFIG_AUXDISPLAY is not set
+# CONFIG_UIO is not set
+# CONFIG_VIRT_DRIVERS is not set
+CONFIG_VIRTIO=y
+
+#
+# Virtio drivers
+#
+CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_PCI_LEGACY=y
+CONFIG_VIRTIO_BALLOON=y
+# CONFIG_VIRTIO_INPUT is not set
+CONFIG_VIRTIO_MMIO=y
+# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set
+
+#
+# Microsoft Hyper-V guest support
+#
+# CONFIG_STAGING is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+# CONFIG_ACERHDF is not set
+# CONFIG_DELL_SMO8800 is not set
+# CONFIG_FUJITSU_TABLET is not set
+# CONFIG_HP_ACCEL is not set
+# CONFIG_HP_WIRELESS is not set
+# CONFIG_SENSORS_HDAPS is not set
+# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ACPI_WMI is not set
+# CONFIG_TOPSTAR_LAPTOP is not set
+# CONFIG_TOSHIBA_BT_RFKILL is not set
+# CONFIG_TOSHIBA_HAPS is not set
+# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_IPS is not set
+# CONFIG_IBM_RTL is not set
+# CONFIG_SAMSUNG_Q10 is not set
+# CONFIG_INTEL_RST is not set
+# CONFIG_INTEL_SMARTCONNECT is not set
+# CONFIG_PVPANIC is not set
+# CONFIG_INTEL_PMC_IPC is not set
+# CONFIG_CHROME_PLATFORMS is not set
+
+#
+# Hardware Spinlock drivers
+#
+
+#
+# Clock Source drivers
+#
+CONFIG_CLKEVT_I8253=y
+CONFIG_I8253_LOCK=y
+CONFIG_CLKBLD_I8253=y
+# CONFIG_ATMEL_PIT is not set
+# CONFIG_SH_TIMER_CMT is not set
+# CONFIG_SH_TIMER_MTU2 is not set
+# CONFIG_SH_TIMER_TMU is not set
+# CONFIG_EM_TIMER_STI is not set
+# CONFIG_MAILBOX is not set
+CONFIG_IOMMU_SUPPORT=y
+
+#
+# Generic IOMMU Pagetable Support
+#
+# CONFIG_AMD_IOMMU is not set
+# CONFIG_INTEL_IOMMU is not set
+# CONFIG_IRQ_REMAP is not set
+
+#
+# Remoteproc drivers
+#
+# CONFIG_STE_MODEM_RPROC is not set
+
+#
+# Rpmsg drivers
+#
+
+#
+# SOC (System On Chip) specific Drivers
+#
+# CONFIG_SUNXI_SRAM is not set
+# CONFIG_SOC_TI is not set
+# CONFIG_PM_DEVFREQ is not set
+# CONFIG_EXTCON is not set
+# CONFIG_MEMORY is not set
+# CONFIG_IIO is not set
+# CONFIG_NTB is not set
+# CONFIG_VME_BUS is not set
+# CONFIG_PWM is not set
+# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
+# CONFIG_FMC is not set
+
+#
+# PHY Subsystem
+#
+# CONFIG_GENERIC_PHY is not set
+# CONFIG_PHY_PXA_28NM_HSIC is not set
+# CONFIG_PHY_PXA_28NM_USB2 is not set
+# CONFIG_BCM_KONA_USB2_PHY is not set
+# CONFIG_POWERCAP is not set
+# CONFIG_MCB is not set
+# CONFIG_THUNDERBOLT is not set
+
+#
+# Android
+#
+# CONFIG_ANDROID is not set
+# CONFIG_LIBNVDIMM is not set
+
+#
+# Firmware Drivers
+#
+# CONFIG_EDD is not set
+CONFIG_FIRMWARE_MEMMAP=y
+# CONFIG_DELL_RBU is not set
+# CONFIG_DCDBAS is not set
+CONFIG_DMIID=y
+# CONFIG_DMI_SYSFS is not set
+CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
+# CONFIG_ISCSI_IBFT_FIND is not set
+# CONFIG_GOOGLE_FIRMWARE is not set
+
+#
+# File systems
+#
+CONFIG_DCACHE_WORD_ACCESS=y
+CONFIG_EXT2_FS=y
+# CONFIG_EXT2_FS_XATTR is not set
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
+# CONFIG_EXT3_FS_XATTR is not set
+# CONFIG_EXT4_FS is not set
+CONFIG_JBD=y
+CONFIG_REISERFS_FS=y
+# CONFIG_REISERFS_CHECK is not set
+# CONFIG_REISERFS_PROC_INFO is not set
+# CONFIG_REISERFS_FS_XATTR is not set
+# CONFIG_JFS_FS is not set
+# CONFIG_XFS_FS is not set
+# CONFIG_GFS2_FS is not set
+# CONFIG_BTRFS_FS is not set
+# CONFIG_NILFS2_FS is not set
+# CONFIG_F2FS_FS is not set
+# CONFIG_FS_DAX is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_FILE_LOCKING=y
+CONFIG_FSNOTIFY=y
+CONFIG_DNOTIFY=y
+CONFIG_INOTIFY_USER=y
+# CONFIG_FANOTIFY is not set
+CONFIG_QUOTA=y
+# CONFIG_QUOTA_NETLINK_INTERFACE is not set
+CONFIG_PRINT_QUOTA_WARNING=y
+# CONFIG_QUOTA_DEBUG is not set
+# CONFIG_QFMT_V1 is not set
+# CONFIG_QFMT_V2 is not set
+CONFIG_QUOTACTL=y
+CONFIG_AUTOFS4_FS=y
+# CONFIG_FUSE_FS is not set
+# CONFIG_OVERLAY_FS is not set
+
+#
+# Caches
+#
+# CONFIG_FSCACHE is not set
+
+#
+# CD-ROM/DVD Filesystems
+#
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+# CONFIG_ZISOFS is not set
+# CONFIG_UDF_FS is not set
+
+#
+# DOS/FAT/NT Filesystems
+#
+# CONFIG_MSDOS_FS is not set
+# CONFIG_VFAT_FS is not set
+# CONFIG_NTFS_FS is not set
+
+#
+# Pseudo filesystems
+#
+CONFIG_PROC_FS=y
+CONFIG_PROC_KCORE=y
+CONFIG_PROC_SYSCTL=y
+CONFIG_PROC_PAGE_MONITOR=y
+# CONFIG_PROC_CHILDREN is not set
+CONFIG_KERNFS=y
+CONFIG_SYSFS=y
+CONFIG_TMPFS=y
+# CONFIG_TMPFS_POSIX_ACL is not set
+# CONFIG_TMPFS_XATTR is not set
+# CONFIG_HUGETLBFS is not set
+# CONFIG_HUGETLB_PAGE is not set
+# CONFIG_CONFIGFS_FS is not set
+CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ADFS_FS is not set
+# CONFIG_AFFS_FS is not set
+# CONFIG_HFS_FS is not set
+# CONFIG_HFSPLUS_FS is not set
+# CONFIG_BEFS_FS is not set
+# CONFIG_BFS_FS is not set
+# CONFIG_EFS_FS is not set
+# CONFIG_LOGFS is not set
+# CONFIG_CRAMFS is not set
+# CONFIG_SQUASHFS is not set
+# CONFIG_VXFS_FS is not set
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
+# CONFIG_HPFS_FS is not set
+# CONFIG_QNX4FS_FS is not set
+# CONFIG_QNX6FS_FS is not set
+# CONFIG_ROMFS_FS is not set
+# CONFIG_PSTORE is not set
+# CONFIG_SYSV_FS is not set
+# CONFIG_UFS_FS is not set
+CONFIG_NETWORK_FILESYSTEMS=y
+# CONFIG_NFS_FS is not set
+# CONFIG_NFSD is not set
+# CONFIG_CEPH_FS is not set
+# CONFIG_CIFS is not set
+# CONFIG_NCP_FS is not set
+# CONFIG_CODA_FS is not set
+# CONFIG_AFS_FS is not set
+CONFIG_9P_FS=y
+CONFIG_9P_FS_POSIX_ACL=y
+# CONFIG_9P_FS_SECURITY is not set
+CONFIG_NLS=y
+CONFIG_NLS_DEFAULT="iso8859-1"
+# CONFIG_NLS_CODEPAGE_437 is not set
+# CONFIG_NLS_CODEPAGE_737 is not set
+# CONFIG_NLS_CODEPAGE_775 is not set
+# CONFIG_NLS_CODEPAGE_850 is not set
+# CONFIG_NLS_CODEPAGE_852 is not set
+# CONFIG_NLS_CODEPAGE_855 is not set
+# CONFIG_NLS_CODEPAGE_857 is not set
+# CONFIG_NLS_CODEPAGE_860 is not set
+# CONFIG_NLS_CODEPAGE_861 is not set
+# CONFIG_NLS_CODEPAGE_862 is not set
+# CONFIG_NLS_CODEPAGE_863 is not set
+# CONFIG_NLS_CODEPAGE_864 is not set
+# CONFIG_NLS_CODEPAGE_865 is not set
+# CONFIG_NLS_CODEPAGE_866 is not set
+# CONFIG_NLS_CODEPAGE_869 is not set
+# CONFIG_NLS_CODEPAGE_936 is not set
+# CONFIG_NLS_CODEPAGE_950 is not set
+# CONFIG_NLS_CODEPAGE_932 is not set
+# CONFIG_NLS_CODEPAGE_949 is not set
+# CONFIG_NLS_CODEPAGE_874 is not set
+# CONFIG_NLS_ISO8859_8 is not set
+# CONFIG_NLS_CODEPAGE_1250 is not set
+# CONFIG_NLS_CODEPAGE_1251 is not set
+# CONFIG_NLS_ASCII is not set
+# CONFIG_NLS_ISO8859_1 is not set
+# CONFIG_NLS_ISO8859_2 is not set
+# CONFIG_NLS_ISO8859_3 is not set
+# CONFIG_NLS_ISO8859_4 is not set
+# CONFIG_NLS_ISO8859_5 is not set
+# CONFIG_NLS_ISO8859_6 is not set
+# CONFIG_NLS_ISO8859_7 is not set
+# CONFIG_NLS_ISO8859_9 is not set
+# CONFIG_NLS_ISO8859_13 is not set
+# CONFIG_NLS_ISO8859_14 is not set
+# CONFIG_NLS_ISO8859_15 is not set
+# CONFIG_NLS_KOI8_R is not set
+# CONFIG_NLS_KOI8_U is not set
+# CONFIG_NLS_MAC_ROMAN is not set
+# CONFIG_NLS_MAC_CELTIC is not set
+# CONFIG_NLS_MAC_CENTEURO is not set
+# CONFIG_NLS_MAC_CROATIAN is not set
+# CONFIG_NLS_MAC_CYRILLIC is not set
+# CONFIG_NLS_MAC_GAELIC is not set
+# CONFIG_NLS_MAC_GREEK is not set
+# CONFIG_NLS_MAC_ICELAND is not set
+# CONFIG_NLS_MAC_INUIT is not set
+# CONFIG_NLS_MAC_ROMANIAN is not set
+# CONFIG_NLS_MAC_TURKISH is not set
+# CONFIG_NLS_UTF8 is not set
+
+#
+# Kernel hacking
+#
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
+
+#
+# printk and dmesg options
+#
+# CONFIG_PRINTK_TIME is not set
+CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
+# CONFIG_BOOT_PRINTK_DELAY is not set
+
+#
+# Compile-time checks and compiler options
+#
+CONFIG_DEBUG_INFO=y
+# CONFIG_DEBUG_INFO_REDUCED is not set
+# CONFIG_DEBUG_INFO_SPLIT is not set
+# CONFIG_DEBUG_INFO_DWARF4 is not set
+# CONFIG_GDB_SCRIPTS is not set
+CONFIG_ENABLE_WARN_DEPRECATED=y
+CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_FRAME_WARN=1024
+# CONFIG_STRIP_ASM_SYMS is not set
+# CONFIG_READABLE_ASM is not set
+# CONFIG_UNUSED_SYMBOLS is not set
+# CONFIG_PAGE_OWNER is not set
+# CONFIG_DEBUG_FS is not set
+# CONFIG_HEADERS_CHECK is not set
+# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_ARCH_WANT_FRAME_POINTERS=y
+CONFIG_FRAME_POINTER=y
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
+# CONFIG_MAGIC_SYSRQ is not set
+CONFIG_DEBUG_KERNEL=y
+
+#
+# Memory Debugging
+#
+# CONFIG_PAGE_EXTENSION is not set
+# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_DEBUG_OBJECTS is not set
+# CONFIG_DEBUG_SLAB is not set
+CONFIG_HAVE_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
+# CONFIG_DEBUG_STACK_USAGE is not set
+# CONFIG_DEBUG_VM is not set
+# CONFIG_DEBUG_VIRTUAL is not set
+CONFIG_DEBUG_MEMORY_INIT=y
+CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_HAVE_ARCH_KMEMCHECK=y
+CONFIG_HAVE_ARCH_KASAN=y
+# CONFIG_DEBUG_SHIRQ is not set
+
+#
+# Debug Lockups and Hangs
+#
+# CONFIG_LOCKUP_DETECTOR is not set
+CONFIG_DETECT_HUNG_TASK=y
+CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
+# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
+CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_PANIC_ON_OOPS is not set
+CONFIG_PANIC_ON_OOPS_VALUE=0
+CONFIG_PANIC_TIMEOUT=0
+# CONFIG_SCHED_DEBUG is not set
+# CONFIG_SCHED_INFO is not set
+# CONFIG_SCHEDSTATS is not set
+# CONFIG_SCHED_STACK_END_CHECK is not set
+# CONFIG_DEBUG_TIMEKEEPING is not set
+# CONFIG_TIMER_STATS is not set
+
+#
+# Lock Debugging (spinlocks, mutexes, etc...)
+#
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_LOCK_STAT is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_LOCK_TORTURE_TEST is not set
+# CONFIG_STACKTRACE is not set
+# CONFIG_DEBUG_KOBJECT is not set
+CONFIG_DEBUG_BUGVERBOSE=y
+# CONFIG_DEBUG_LIST is not set
+# CONFIG_DEBUG_PI_LIST is not set
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_NOTIFIERS is not set
+# CONFIG_DEBUG_CREDENTIALS is not set
+
+#
+# RCU Debugging
+#
+# CONFIG_PROVE_RCU is not set
+# CONFIG_SPARSE_RCU_POINTER is not set
+# CONFIG_TORTURE_TEST is not set
+# CONFIG_RCU_TORTURE_TEST is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_RCU_EQS_DEBUG is not set
+# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
+# CONFIG_NOTIFIER_ERROR_INJECTION is not set
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_LATENCYTOP is not set
+CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
+# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
+CONFIG_USER_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_FUNCTION_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
+CONFIG_HAVE_DYNAMIC_FTRACE=y
+CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
+CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
+CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
+CONFIG_HAVE_FENTRY=y
+CONFIG_HAVE_C_RECORDMCOUNT=y
+CONFIG_TRACING_SUPPORT=y
+CONFIG_FTRACE=y
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_SCHED_TRACER is not set
+# CONFIG_ENABLE_DEFAULT_TRACERS is not set
+# CONFIG_FTRACE_SYSCALLS is not set
+# CONFIG_TRACER_SNAPSHOT is not set
+CONFIG_BRANCH_PROFILE_NONE=y
+# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
+# CONFIG_PROFILE_ALL_BRANCHES is not set
+# CONFIG_STACK_TRACER is not set
+# CONFIG_BLK_DEV_IO_TRACE is not set
+# CONFIG_UPROBE_EVENT is not set
+# CONFIG_PROBE_EVENTS is not set
+# CONFIG_MMIOTRACE is not set
+# CONFIG_TRACEPOINT_BENCHMARK is not set
+
+#
+# Runtime Testing
+#
+# CONFIG_TEST_LIST_SORT is not set
+# CONFIG_BACKTRACE_SELF_TEST is not set
+# CONFIG_RBTREE_TEST is not set
+# CONFIG_ATOMIC64_SELFTEST is not set
+# CONFIG_TEST_HEXDUMP is not set
+# CONFIG_TEST_STRING_HELPERS is not set
+# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_TEST_RHASHTABLE is not set
+# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
+# CONFIG_DMA_API_DEBUG is not set
+# CONFIG_TEST_FIRMWARE is not set
+# CONFIG_TEST_UDELAY is not set
+# CONFIG_MEMTEST is not set
+# CONFIG_SAMPLES is not set
+CONFIG_HAVE_ARCH_KGDB=y
+# CONFIG_KGDB is not set
+# CONFIG_STRICT_DEVMEM is not set
+CONFIG_X86_VERBOSE_BOOTUP=y
+CONFIG_EARLY_PRINTK=y
+# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_X86_PTDUMP is not set
+CONFIG_DEBUG_RODATA=y
+CONFIG_DEBUG_RODATA_TEST=y
+CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
+# CONFIG_IOMMU_DEBUG is not set
+# CONFIG_IOMMU_STRESS is not set
+CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+CONFIG_IO_DELAY_TYPE_0X80=0
+CONFIG_IO_DELAY_TYPE_0XED=1
+CONFIG_IO_DELAY_TYPE_UDELAY=2
+CONFIG_IO_DELAY_TYPE_NONE=3
+CONFIG_IO_DELAY_0X80=y
+# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_UDELAY is not set
+# CONFIG_IO_DELAY_NONE is not set
+CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_CPA_DEBUG is not set
+# CONFIG_OPTIMIZE_INLINING is not set
+# CONFIG_DEBUG_ENTRY is not set
+# CONFIG_DEBUG_NMI_SELFTEST is not set
+# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
+CONFIG_X86_DEBUG_FPU=y
+# CONFIG_PUNIT_ATOM_DEBUG is not set
+
+#
+# Security options
+#
+# CONFIG_KEYS is not set
+# CONFIG_SECURITY_DMESG_RESTRICT is not set
+# CONFIG_SECURITY is not set
+# CONFIG_SECURITYFS is not set
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
+CONFIG_CRYPTO=y
+
+#
+# Crypto core or helper
+#
+CONFIG_CRYPTO_ALGAPI=y
+CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_BLKCIPHER=y
+CONFIG_CRYPTO_BLKCIPHER2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_RNG=y
+CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_RNG_DEFAULT=y
+CONFIG_CRYPTO_PCOMP=y
+CONFIG_CRYPTO_PCOMP2=y
+CONFIG_CRYPTO_AKCIPHER2=y
+# CONFIG_CRYPTO_RSA is not set
+CONFIG_CRYPTO_MANAGER=y
+CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
+CONFIG_CRYPTO_GF128MUL=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_CRYPTD=y
+# CONFIG_CRYPTO_MCRYPTD is not set
+CONFIG_CRYPTO_AUTHENC=y
+CONFIG_CRYPTO_ABLK_HELPER=y
+CONFIG_CRYPTO_GLUE_HELPER_X86=y
+
+#
+# Authenticated Encryption with Associated Data
+#
+CONFIG_CRYPTO_CCM=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_CHACHA20POLY1305=y
+CONFIG_CRYPTO_SEQIV=y
+CONFIG_CRYPTO_ECHAINIV=y
+
+#
+# Block modes
+#
+CONFIG_CRYPTO_CBC=y
+CONFIG_CRYPTO_CTR=y
+# CONFIG_CRYPTO_CTS is not set
+CONFIG_CRYPTO_ECB=y
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=y
+CONFIG_CRYPTO_XTS=y
+
+#
+# Hash modes
+#
+CONFIG_CRYPTO_CMAC=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=y
+# CONFIG_CRYPTO_VMAC is not set
+
+#
+# Digest
+#
+CONFIG_CRYPTO_CRC32C=y
+# CONFIG_CRYPTO_CRC32C_INTEL is not set
+# CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_PCLMUL is not set
+# CONFIG_CRYPTO_CRCT10DIF is not set
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_POLY1305=y
+CONFIG_CRYPTO_MD4=y
+CONFIG_CRYPTO_MD5=y
+CONFIG_CRYPTO_MICHAEL_MIC=y
+CONFIG_CRYPTO_RMD128=y
+CONFIG_CRYPTO_RMD160=y
+CONFIG_CRYPTO_RMD256=y
+CONFIG_CRYPTO_RMD320=y
+CONFIG_CRYPTO_SHA1=y
+# CONFIG_CRYPTO_SHA1_SSSE3 is not set
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
+# CONFIG_CRYPTO_SHA1_MB is not set
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=y
+CONFIG_CRYPTO_TGR192=y
+CONFIG_CRYPTO_WP512=y
+# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
+
+#
+# Ciphers
+#
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=y
+CONFIG_CRYPTO_ARC4=y
+CONFIG_CRYPTO_BLOWFISH=y
+CONFIG_CRYPTO_BLOWFISH_COMMON=y
+CONFIG_CRYPTO_BLOWFISH_X86_64=y
+CONFIG_CRYPTO_CAMELLIA=y
+CONFIG_CRYPTO_CAMELLIA_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
+CONFIG_CRYPTO_CAST_COMMON=y
+CONFIG_CRYPTO_CAST5=y
+CONFIG_CRYPTO_CAST5_AVX_X86_64=y
+CONFIG_CRYPTO_CAST6=y
+CONFIG_CRYPTO_CAST6_AVX_X86_64=y
+CONFIG_CRYPTO_DES=y
+# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set
+CONFIG_CRYPTO_FCRYPT=y
+CONFIG_CRYPTO_KHAZAD=y
+CONFIG_CRYPTO_SALSA20=y
+CONFIG_CRYPTO_SALSA20_X86_64=y
+CONFIG_CRYPTO_CHACHA20=y
+CONFIG_CRYPTO_SEED=y
+CONFIG_CRYPTO_SERPENT=y
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y
+CONFIG_CRYPTO_TEA=y
+CONFIG_CRYPTO_TWOFISH=y
+CONFIG_CRYPTO_TWOFISH_COMMON=y
+CONFIG_CRYPTO_TWOFISH_X86_64=y
+CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y
+
+#
+# Compression
+#
+CONFIG_CRYPTO_DEFLATE=y
+CONFIG_CRYPTO_ZLIB=y
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_842=y
+CONFIG_CRYPTO_LZ4=y
+CONFIG_CRYPTO_LZ4HC=y
+
+#
+# Random Number Generation
+#
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+CONFIG_CRYPTO_DRBG_MENU=y
+CONFIG_CRYPTO_DRBG_HMAC=y
+CONFIG_CRYPTO_DRBG_HASH=y
+CONFIG_CRYPTO_DRBG_CTR=y
+CONFIG_CRYPTO_DRBG=y
+CONFIG_CRYPTO_JITTERENTROPY=y
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+# CONFIG_CRYPTO_USER_API_RNG is not set
+CONFIG_CRYPTO_USER_API_AEAD=y
+# CONFIG_CRYPTO_HW is not set
+CONFIG_HAVE_KVM=y
+CONFIG_VIRTUALIZATION=y
+# CONFIG_KVM is not set
+# CONFIG_BINARY_PRINTF is not set
+
+#
+# Library routines
+#
+CONFIG_BITREVERSE=y
+# CONFIG_HAVE_ARCH_BITREVERSE is not set
+CONFIG_GENERIC_STRNCPY_FROM_USER=y
+CONFIG_GENERIC_STRNLEN_USER=y
+CONFIG_GENERIC_NET_UTILS=y
+CONFIG_GENERIC_FIND_FIRST_BIT=y
+CONFIG_GENERIC_PCI_IOMAP=y
+CONFIG_GENERIC_IOMAP=y
+CONFIG_GENERIC_IO=y
+CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
+CONFIG_CRC_CCITT=y
+CONFIG_CRC16=y
+# CONFIG_CRC_T10DIF is not set
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC32=y
+# CONFIG_CRC32_SELFTEST is not set
+CONFIG_CRC32_SLICEBY8=y
+# CONFIG_CRC32_SLICEBY4 is not set
+# CONFIG_CRC32_SARWATE is not set
+# CONFIG_CRC32_BIT is not set
+CONFIG_CRC7=y
+CONFIG_LIBCRC32C=y
+# CONFIG_CRC8 is not set
+# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set
+# CONFIG_RANDOM32_SELFTEST is not set
+CONFIG_842_COMPRESS=y
+CONFIG_842_DECOMPRESS=y
+CONFIG_ZLIB_INFLATE=y
+CONFIG_ZLIB_DEFLATE=y
+CONFIG_LZO_COMPRESS=y
+CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_COMPRESS=y
+CONFIG_LZ4HC_COMPRESS=y
+CONFIG_LZ4_DECOMPRESS=y
+# CONFIG_XZ_DEC is not set
+# CONFIG_XZ_DEC_BCJ is not set
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=y
+CONFIG_TEXTSEARCH_BM=y
+CONFIG_TEXTSEARCH_FSM=y
+CONFIG_HAS_IOMEM=y
+CONFIG_HAS_IOPORT_MAP=y
+CONFIG_HAS_DMA=y
+CONFIG_DQL=y
+CONFIG_NLATTR=y
+CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
+CONFIG_AVERAGE=y
+# CONFIG_CORDIC is not set
+# CONFIG_DDR is not set
+CONFIG_ARCH_HAS_SG_CHAIN=y
+CONFIG_ARCH_HAS_PMEM_API=y
diff --git a/testing/config/kvm/moon.xml b/testing/config/kvm/moon.xml
index a7ea6e120..954af7aa1 100644
--- a/testing/config/kvm/moon.xml
+++ b/testing/config/kvm/moon.xml
@@ -10,6 +10,11 @@
<cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
+ <cpu>
+ <model fallback='allow'>core2duo</model>
+ <feature policy='optional' name='aes'/>
+ <feature policy='optional' name='pclmuldq'/>
+ </cpu>
<features>
<acpi/>
<apic/>
diff --git a/testing/config/kvm/sun.xml b/testing/config/kvm/sun.xml
index b7ddec90e..c2d26737c 100644
--- a/testing/config/kvm/sun.xml
+++ b/testing/config/kvm/sun.xml
@@ -10,6 +10,11 @@
<cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
+ <cpu>
+ <model fallback='allow'>core2duo</model>
+ <feature policy='optional' name='aes'/>
+ <feature policy='optional' name='pclmuldq'/>
+ </cpu>
<features>
<acpi/>
<apic/>
diff --git a/testing/do-tests b/testing/do-tests
index 35f13ec5b..c01152c7b 100755
--- a/testing/do-tests
+++ b/testing/do-tests
@@ -23,6 +23,7 @@ SSHCONF="-F $DIR/ssh_config"
[ -d $DIR/tests ] || die "Directory 'tests' not found"
[ -d $BUILDDIR ] ||
die "Directory '$BUILDDIR' does not exist, please run make-testing first"
+running_any $STRONGSWANHOSTS || die "Please start test environment before running $0"
ln -sfT $DIR $TESTDIR/testing
@@ -254,27 +255,6 @@ do
continue
fi
- if [ $SUBDIR = "ipv6" -o $name = "rw-psk-ipv6" ]
- then
- IPROUTE_CMD="ip -6 route list table $SOURCEIP_ROUTING_TABLE"
- IPROUTE_DSP=$IPROUTE_CMD
- IPTABLES_CMD="ip6tables -v -n -L"
- IPTABLES_DSP="ip6tables -L"
- else
- IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE"
- IPROUTE_DSP=$IPROUTE_CMD
- IPTABLES_CMD="iptables -v -n -L"
- IPTABLES_DSP="iptables -L"
- fi
-
- if [ $name = "net2net-ip4-in-ip6-ikev2" -o $name = "net2net-ip6-in-ip4-ikev2" ]
- then
- IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE; echo; ip -6 route list table $SOURCEIP_ROUTING_TABLE"
- IPROUTE_DSP="ip (-6) route list table $SOURCEIP_ROUTING_TABLE"
- IPTABLES_CMD="iptables -v -n -L ; echo ; ip6tables -v -n -L"
- IPTABLES_DSP="iptables -L ; ip6tables -L"
- fi
-
[ -f $DEFAULTTESTSDIR/${testname}/description.txt ] || die "!! File 'description.txt' is missing"
[ -f $DEFAULTTESTSDIR/${testname}/test.conf ] || die "!! File 'test.conf' is missing"
[ -f $DEFAULTTESTSDIR/${testname}/pretest.dat ] || die "!! File 'pretest.dat' is missing"
@@ -351,6 +331,8 @@ do
$DIR/scripts/load-testconfig $testname
unset RADIUSHOSTS
+ unset IPV6
+ unset SWANCTL
source $TESTDIR/test.conf
@@ -382,6 +364,14 @@ do
ssh $SSHCONF root@`eval echo \\\$ipv4_$host` 'conntrack -F' >/dev/null 2>&1
done
+ ##########################################################################
+ # flush IPsec state on all hosts
+ #
+
+ for host in $STRONGSWANHOSTS
+ do
+ ssh $SSHCONF root@`eval echo \\\$ipv4_$host` 'ip xfrm state flush; ip xfrm policy flush' >/dev/null 2>&1
+ done
##########################################################################
# execute pre-test commands
@@ -487,6 +477,27 @@ do
<img src="../../images/$DIAGRAM" alt="$VIRTHOSTS">
@EOF
+ if [ -n "$IPV6" ]
+ then
+ IPROUTE_CMD="ip -6 route list table $SOURCEIP_ROUTING_TABLE"
+ IPROUTE_DSP=$IPROUTE_CMD
+ IPTABLES_CMD="ip6tables -v -n -L"
+ IPTABLES_DSP="ip6tables -L"
+ else
+ IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE"
+ IPROUTE_DSP=$IPROUTE_CMD
+ IPTABLES_CMD="iptables -v -n -L"
+ IPTABLES_DSP="iptables -L"
+ fi
+
+ if [ $name = "net2net-ip4-in-ip6-ikev2" -o $name = "net2net-ip6-in-ip4-ikev2" ]
+ then
+ IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE; echo; ip -6 route list table $SOURCEIP_ROUTING_TABLE"
+ IPROUTE_DSP="ip (-6) route list table $SOURCEIP_ROUTING_TABLE"
+ IPTABLES_CMD="iptables -v -n -L ; echo ; ip6tables -v -n -L"
+ IPTABLES_DSP="iptables -L ; ip6tables -L"
+ fi
+
for host in $IPSECHOSTS
do
eval HOSTLOGIN=root@\$ipv4_${host}
@@ -494,7 +505,7 @@ do
scp $SSHCONF $HOSTLOGIN:/etc/strongswan.conf \
$TESTRESULTDIR/${host}.strongswan.conf > /dev/null 2>&1
- if [ $SUBDIR = "swanctl" ]
+ if [ -n "$SWANCTL" ]
then
scp $SSHCONF $HOSTLOGIN:/etc/swanctl/swanctl.conf \
$TESTRESULTDIR/${host}.swanctl.conf > /dev/null 2>&1
@@ -508,6 +519,9 @@ do
ssh $SSHCONF $HOSTLOGIN swanctl --list-pools \
> $TESTRESULTDIR/${host}.swanctl.pools 2>/dev/null
+ ssh $SSHCONF $HOSTLOGIN swanctl --list-authorities \
+ > $TESTRESULTDIR/${host}.swanctl.authorities 2>/dev/null
+
ssh $SSHCONF $HOSTLOGIN swanctl --list-sas \
> $TESTRESULTDIR/${host}.swanctl.sas 2>/dev/null
@@ -543,7 +557,7 @@ do
> $TESTRESULTDIR/${host}.iptables 2>/dev/null
chmod a+r $TESTRESULTDIR/*
- if [ $SUBDIR = "swanctl" ]
+ if [ -n "$SWANCTL" ]
then
cat >> $TESTRESULTDIR/index.html <<@EOF
<h3>$host</h3>
@@ -562,8 +576,8 @@ do
<ul>
<li><a href="$host.swanctl.sas">swanctl --list-sas</a></li>
<li><a href="$host.swanctl.pols">swanctl --list-pols</a></li>
+ <li><a href="$host.swanctl.authorities">swanctl --list-authorities</a></li>
<li><a href="$host.swanctl.stats">swanctl --stats</a></li>
- <li><a href="$host.auth.log">auth.log</a></li>
<li><a href="$host.daemon.log">daemon.log</a></li>
</ul>
</td>
@@ -573,6 +587,7 @@ do
<li><a href="$host.ip.state">ip -s xfrm state</a></li>
<li><a href="$host.ip.route">$IPROUTE_DSP</a></li>
<li><a href="$host.iptables">$IPTABLES_DSP</a></li>
+ <li><a href="$host.auth.log">auth.log</a></li>
</ul>
&nbsp;
</td>
@@ -711,6 +726,24 @@ do
}
}' $TESTDIR/posttest.dat` >> $CONSOLE_LOG 2>&1
+ ##########################################################################
+ # check that IPsec state was cleaned up properly
+ #
+
+ for host in $IPSECHOSTS
+ do
+ eval HOSTLOGIN=root@\$ipv4_${host}
+ IPSECSTATE=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm state'`
+ IPSECPOLICY=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm policy'`
+ if [ -n "$IPSECSTATE" -o -n "$IPSECPOLICY" ]
+ then
+ echo -e "\n$host# ip xfrm state [NO]" >> $CONSOLE_LOG
+ echo "$IPSECSTATE" >> $CONSOLE_LOG
+ echo -e "\n$host# ip xfrm policy [NO]" >> $CONSOLE_LOG
+ echo "$IPSECPOLICY" >> $CONSOLE_LOG
+ STATUS="failed"
+ fi
+ done
##########################################################################
# get a copy of /var/log/auth.log
diff --git a/testing/hosts/alice/etc/raddb/certs/aaaCert.pem b/testing/hosts/alice/etc/raddb/certs/aaaCert.pem
index 6aeb0c0b1..42083c2a9 100644
--- a/testing/hosts/alice/etc/raddb/certs/aaaCert.pem
+++ b/testing/hosts/alice/etc/raddb/certs/aaaCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIBIjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTEwMDgwNDA4Mzg0MVoXDTE1MDgwMzA4Mzg0MVowRTELMAkGA1UE
+b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z
-dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2R
-RcAYdZ/jOhHBSjrLDYT1OhRJ2mXjyuSbWyJQogF9c6sY8W2GhTC4e1gNThZM9+Pm
-Vzs0R39kzxsmOFhuTfwIhavMzvkWJ7945WDvTpuo2teK4fTtfix3iuyycVXywa7W
-Uum6vZb4uwNoFsZtlYSUFs+app/1VC3X8vEFvP9p//KW2fwbJ6PzR1XN/8AibxoF
-AnfqAXUenRQ1Xs/07/xF4bkZ5MUNTFTo5H+BAc49lAC16TarSTPnX1D925kIGxni
-wePHlIZrCYQTFr003+YNUehVvUxyv0NuIwlxFPokFPLDkQWk6SDvD87FW5IJ06cg
-EbrCFjcIR9/2vIepJd8CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgOoMB0GA1UdDgQWBBQS5lPpgsOE14sz7JGZimSmSbZOeDBtBgNVHSMEZjBkgBRd
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX
+z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii
+95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS
+rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6
+fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR
+dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig
+kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd
p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
-Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAqM2eqrsJmAop2roa
-yNeJt8317sdAll8TvDf+s4EeCtcpDT0cIX5vCumpL6E7nV9NWWDazGCAOkwWDPpp
-iuq6R0Js8r0MbyIUbVgOe3xIOqLKd9YW0sb1IwfR/zvWcPUjnUHlqfRH7gdiR4G2
-bWIvKenl3hOQege/XnJNPUwzxeVX7k/qPivOk4I3pLnBjTRtFQdweHM95ex7Fk/d
-HoeWjw5q3MxS3ZwXpKQxZvWU5SDkkc2NJ0/0sm+wca8NC86cXkGqcLFEgJo2l3Dr
-EpZgxIhllub0M88PU7dQrDmy8OQ5j0fhayB1xpVO+REn3norclXZ2yrl4uz0eWR4
-v42sww==
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs
+nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/
+TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2
+FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ
+GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH
+sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73
+xyr/Qw==
-----END CERTIFICATE-----
diff --git a/testing/hosts/alice/etc/raddb/certs/aaaKey.pem b/testing/hosts/alice/etc/raddb/certs/aaaKey.pem
index da8cdb051..adc47dd33 100644
--- a/testing/hosts/alice/etc/raddb/certs/aaaKey.pem
+++ b/testing/hosts/alice/etc/raddb/certs/aaaKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEArZFFwBh1n+M6EcFKOssNhPU6FEnaZePK5JtbIlCiAX1zqxjx
-bYaFMLh7WA1OFkz34+ZXOzRHf2TPGyY4WG5N/AiFq8zO+RYnv3jlYO9Om6ja14rh
-9O1+LHeK7LJxVfLBrtZS6bq9lvi7A2gWxm2VhJQWz5qmn/VULdfy8QW8/2n/8pbZ
-/Bsno/NHVc3/wCJvGgUCd+oBdR6dFDVez/Tv/EXhuRnkxQ1MVOjkf4EBzj2UALXp
-NqtJM+dfUP3bmQgbGeLB48eUhmsJhBMWvTTf5g1R6FW9THK/Q24jCXEU+iQU8sOR
-BaTpIO8PzsVbkgnTpyARusIWNwhH3/a8h6kl3wIDAQABAoIBAQCJDzatQqNf5uds
-Ld6YHtBGNf/vFYLJAuCtNaD5sAK+enpkmgXMH3X9yzBbj+Yh5hW6eaJYtiffiZOi
-NMQ50KD0bSZhTBIE0GIC6Uz5BwBkGyr1Gk7kQsZoBt5Fm4O0A0a+8a/3secU2MWV
-IxUZDGANmYOJ3O3HUstuiCDoA0gDyDt44n0RWOhKrPQmTP6vTItd/14Zi1Pg9ez3
-Mej/ulDmVV1R474EwUXbLLPBjP3vk++SLukWn4iWUeeHgDHSn0b/T5csUcH0kQMI
-aYRU2FOoCPZpRxyTr9aZxcHhr5EhQSCg7zc8u0IjpTFm8kZ4uN+60777w1A/FH5X
-YHq+yqVBAoGBANy6zM0egvyWQaX4YeoML65393iXt9OXW3uedMbmWc9VJ0bH7qdq
-b4X5Xume8yY1/hF8nh7aC1npfVjdBuDse0iHJ/eBGfCJ2VoC6/ZoCzBD7q0Qn2If
-/Sr/cbtQNTDkROT75hAo6XbewPGt7RjynH8sNmtclsZ0yyXHx0ml90tlAoGBAMlN
-P4ObM0mgP2NMPeDFqUBnHVj/h/KGS9PKrqpsvFOUm5lxJNRIxbEBavWzonphRX1X
-V83RICgCiWDAnqUaPfHh9mVBlyHCTWxrrnu3M9qbr5vZMFTyYiMoLxSfTmW5Qk8t
-cArqBDowQbiaKJE9fHv+32Q0IYRhJFVcxZRdQXHzAoGALRBmJ6qHC5KRrJTdSK9c
-PL55Y8F14lkQcFiVdtYol8/GyQigjMWKJ0wWOJQfCDoVuPQ8RAg4MQ8ebDoT4W/m
-a5RMcJeG+Djsixf1nMT5I816uRKft6TYRyMH0To64dR4zFcxTTNNFtu7gJwFwAYo
-NT6NjbXFgpbtsrTq1vpvVpECgYA0ldlhp8leEl58sg34CaqNCGLCPP5mfG6ShP/b
-xUvtCYUcMFJOojQCaTxnsuVe0so0U/y750VfLkp029yVhKVp6n1TNi8kwn03NWn/
-J3yEPudA7xuRFUBNrtGdsX/pUtvfkx8RutAf4ztH3f1683Txb0MsCfI3gqjbI8D5
-YOMXwQKBgAJnMfPslZIg6jOpBCo6RjdwvjZyPXXyn4dcCyW//2+olPdWnuu+HRCZ
-SkAWB7lSRLSvDZARHb63k+gwSl8lmwrSM53nDwaRdTKjhK2BFWsAKJNOhrOUQqJu
-EXvH4R1NrqOkPqLoG5Iw3XFUh5lQGKvKkU28W6Weolj2saljbW2b
+MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl
+h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l
+0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a
+VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S
+W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD
+e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k
+nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj
+AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/
+/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs
+P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF
+sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek
+uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj
+PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5
+hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg
+Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+
+Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL
+SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU
+zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH
+xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I
+XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF
+hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9
+AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO
+Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH
+yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5
+9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc=
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der b/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der
index cbc7e09c1..fdfd39f13 100644
--- a/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der
+++ b/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der
Binary files differ
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt b/testing/hosts/winnetou/etc/openssl/index.txt
index ba3349cf9..537f25913 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/index.txt
@@ -31,7 +31,7 @@ R 141123125153Z 141128194312Z,superseded 1E unknown /C=CH/O=Linux strongSwan/OU=
V 150226210530Z 1F unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 190404095433Z 21 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
-V 150803083841Z 22 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org
+R 150803083841Z 150804144912Z,superseded 22 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org
V 151119165922Z 23 unknown /C=CH/O=Linux strongSwan/OU=Virtual VPN Gateway/CN=mars.strongswan.org
V 161015124507Z 24 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org
V 161015124759Z 25 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org
@@ -48,3 +48,4 @@ R 190826150222Z 140827150343Z,keyCompromise 2F unknown /C=CH/O=Linux strongSwan/
V 190826150536Z 30 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 190826151202Z 31 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
V 191127201436Z 32 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
+V 190906145531Z 33 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt.old b/testing/hosts/winnetou/etc/openssl/index.txt.old
index b3ff1c581..d8c6f4ba0 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/index.txt.old
@@ -31,7 +31,7 @@ R 141123125153Z 141128194312Z,superseded 1E unknown /C=CH/O=Linux strongSwan/OU=
V 150226210530Z 1F unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 190404095433Z 21 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
-V 150803083841Z 22 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org
+R 150803083841Z 150804144912Z,superseded 22 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org
V 151119165922Z 23 unknown /C=CH/O=Linux strongSwan/OU=Virtual VPN Gateway/CN=mars.strongswan.org
V 161015124507Z 24 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org
V 161015124759Z 25 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org
@@ -47,3 +47,4 @@ V 190826145626Z 2E unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongsw
R 190826150222Z 140827150343Z,keyCompromise 2F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 190826150536Z 30 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 190826151202Z 31 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
+V 191127201436Z 32 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/33.pem b/testing/hosts/winnetou/etc/openssl/newcerts/33.pem
new file mode 100644
index 000000000..42083c2a9
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/33.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX
+z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii
+95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS
+rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6
+fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR
+dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig
+kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd
+p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
+EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
+ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs
+nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/
+TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2
+FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ
+GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH
+sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73
+xyr/Qw==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt b/testing/hosts/winnetou/etc/openssl/research/index.txt
index 13510bac5..9833ada43 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt
@@ -4,8 +4,9 @@ R 120323210330Z 140324140605Z,superseded 03 unknown /C=CH/O=Linux strongSwan/OU=
R 140323203747Z 140324142334Z,superseded 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
R 151103161503Z 141128215838Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA
R 150406092057Z 150426102340Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
-V 150702151839Z 07 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
+R 150702151839Z 150722132235Z,superseded 07 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
V 190323140633Z 08 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
V 190323142352Z 09 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
V 190401220708Z 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA
V 190403102504Z 0B unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+V 190403133912Z 0C unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt.old b/testing/hosts/winnetou/etc/openssl/research/index.txt.old
index dc1c912aa..661c02af1 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt.old
@@ -4,7 +4,8 @@ R 120323210330Z 140324140605Z,superseded 03 unknown /C=CH/O=Linux strongSwan/OU=
R 140323203747Z 140324142334Z,superseded 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
R 151103161503Z 141128215838Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA
R 150406092057Z 150426102340Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
-V 150702151839Z 07 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
+R 150702151839Z 150722132235Z,superseded 07 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
V 190323140633Z 08 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
V 190323142352Z 09 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
V 190401220708Z 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA
+V 190403102504Z 0B unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/0C.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/0C.pem
new file mode 100644
index 000000000..4e4195184
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/research/newcerts/0C.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBDDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTE1MDcyMjEzMzkxMloXDTE5MDQwMzEzMzkx
+MlowSzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAM
+BgNVBAsTBVNhbGVzMREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH
+/QcWm1Xfqnc9qaPPGoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq
+4JI87exSen1ggmCVEib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6
+XL9DKcRk3TxZtv9SuDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562
+kDtfQdwezat0LAyOsVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAj
+gbBRI1A3iqoU3Nq1vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOB6DCB5TAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1
+p0wul+oLkygwbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPdVCChSaRHMEUx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
+ExJzdHJvbmdTd2FuIFJvb3QgQ0GCASAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDov
+L2NybC5zdHJvbmdzd2FuLm9yZy9yZXNlYXJjaC5jcmwwDQYJKoZIhvcNAQELBQAD
+ggEBAA02ru9JhdIdlASKIJeVq71tl1wCpLZXZHwogfJqxQ+4oFghXS1dlqQ6H3bC
+FbjycssfGVEox349edq1s+4vbK+VS9j2kFBAwxw7NUXKOJ1tM0/FjSFrBTDzw53S
+e7V12nzyep5p8Dzd4CMP2ThpKKofNWzaRb9o/K2vsk3nP2W/CVj+E32Chm5ySdl9
+sYHzAlNYoBi/xxHeSzWSzTA9gEMV5onNx025SGUx6TwQejMAD/DEp0QNGaqBD1lC
+916UfBG0voUz8BpQzvRXeFCW3qPbNuJWvu3c/VRhYe5DRz3Cq1R9YoQnZhStjdRr
+v7YJ5uRiz1rJ0yrQ/W1rMNFGirI=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/serial b/testing/hosts/winnetou/etc/openssl/research/serial
index d73cdef37..8af8809ac 100644
--- a/testing/hosts/winnetou/etc/openssl/research/serial
+++ b/testing/hosts/winnetou/etc/openssl/research/serial
@@ -1 +1 @@
-0C
+0D
diff --git a/testing/hosts/winnetou/etc/openssl/research/serial.old b/testing/hosts/winnetou/etc/openssl/research/serial.old
index eb589e9da..d73cdef37 100644
--- a/testing/hosts/winnetou/etc/openssl/research/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/research/serial.old
@@ -1 +1 @@
-0B
+0C
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt b/testing/hosts/winnetou/etc/openssl/sales/index.txt
index c4ff334eb..57d121dd5 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt
@@ -3,7 +3,8 @@ R 100615195536Z 100703150410Z,superseded 02 unknown /C=CH/O=Linux strongSwan/OU=
R 120323211811Z 140324141327Z,superseded 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
R 140323211053Z 140324141726Z,superseded 04 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
R 150406094241Z 150426095935Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
-V 150702152829Z 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+R 150702152829Z 150722132042Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 190323141524Z 07 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
V 190323152702Z 08 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
V 190403102220Z 09 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
+V 190403133601Z 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
index 46d4c4bbb..3dcad9693 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
@@ -3,6 +3,7 @@ R 100615195536Z 100703150410Z,superseded 02 unknown /C=CH/O=Linux strongSwan/OU=
R 120323211811Z 140324141327Z,superseded 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
R 140323211053Z 140324141726Z,superseded 04 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
R 150406094241Z 150426095935Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
-V 150702152829Z 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+R 150702152829Z 150722132042Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 190323141524Z 07 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
V 190323152702Z 08 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
+V 190403102220Z 09 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/sales/newcerts/0A.pem b/testing/hosts/winnetou/etc/openssl/sales/newcerts/0A.pem
new file mode 100644
index 000000000..c8ef183c0
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/sales/newcerts/0A.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID/TCCAuWgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
+BAMTCFNhbGVzIENBMB4XDTE1MDcyMjEzMzYwMVoXDTE5MDQwMzEzMzYwMVowUTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsT
+CFJlc2VhcmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHf
+rxnGsvmDFCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9ID
+BxzQaQyUzsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx
+4PKJ54FO/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5q
+m+0iNKy0C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha
+/m0Ug494+wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOB5TCB4jAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPM
+x8gPKfPdVCAwbQYDVR0jBGYwZIAUX5sTRvkgcsgA1Yi1p0wul+oLkyihSaRHMEUx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
+ExJzdHJvbmdTd2FuIFJvb3QgQ0GCASEwNAYDVR0fBC0wKzApoCegJYYjaHR0cDov
+L2NybC5zdHJvbmdzd2FuLm9yZy9zYWxlcy5jcmwwDQYJKoZIhvcNAQELBQADggEB
+AExl2Twec2R2A187Ythn+by+HmP2KYcwt80MwgAXX8jYGiidmv05g6Oa+cvP1Hxo
+ilCZwTbMSOGmSJSpBDeJq3iQOnOONvNuhiu37ziqMY2CBSOVBzxp6gATp1k3m3m9
+oKR/LWl74VhgHxoF4E4Tds4BYzD0T6mrEo5Vi8tNr4T4LKhoe+pfwNvqSzefWEKY
+27ehiMPhQoAr4S/aBynp9qtzrrvGFIFqbINKMCDZy5P3BzI6ki69J6FkvkO75SEa
+31JRvEB8jyfxaJz9EzdvmfEAsSc5Akzc3ZLR7e0T+NaJitbtFoaqZc+1TIfKNbdt
+dSLmfo9Q/ieLbkd0Tljl/Cg=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial b/testing/hosts/winnetou/etc/openssl/sales/serial
index d9bb888f8..eb589e9da 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/serial
+++ b/testing/hosts/winnetou/etc/openssl/sales/serial
@@ -1 +1 @@
-0A
+0B
diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial.old b/testing/hosts/winnetou/etc/openssl/sales/serial.old
index 86397e5c1..d9bb888f8 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/sales/serial.old
@@ -1 +1 @@
-09
+0A
diff --git a/testing/hosts/winnetou/etc/openssl/serial b/testing/hosts/winnetou/etc/openssl/serial
index bb95160cb..a78736459 100644
--- a/testing/hosts/winnetou/etc/openssl/serial
+++ b/testing/hosts/winnetou/etc/openssl/serial
@@ -1 +1 @@
-33
+34
diff --git a/testing/hosts/winnetou/etc/openssl/serial.old b/testing/hosts/winnetou/etc/openssl/serial.old
index f5c89552b..bb95160cb 100644
--- a/testing/hosts/winnetou/etc/openssl/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/serial.old
@@ -1 +1 @@
-32
+33
diff --git a/testing/scripts/build-guestkernel b/testing/scripts/build-guestkernel
index 17f22bd83..a10fb83d2 100755
--- a/testing/scripts/build-guestkernel
+++ b/testing/scripts/build-guestkernel
@@ -26,21 +26,27 @@ then
execute "wget -q $url"
fi
-log_action "Unpacking kernel"
-execute "tar xJf $KERNELTARBALL"
-
KERNELDIR=$BUILDDIR/$KERNEL
-cd $KERNELDIR
-if [ $KERNELPATCH ]
+if [ ! -d "$KERNELDIR" ]
then
- log_action "Applying kernel patch"
- bzcat ../$KERNELPATCH | patch -p1 >>$LOGFILE 2>&1
- log_status $?
- [ $? -eq 0 ] || exit 1
+ log_action "Unpacking kernel"
+ execute "tar xJf $KERNELTARBALL"
+
+ if [ $KERNELPATCH ]
+ then
+ log_action "Applying kernel patch"
+ bzcat $KERNELPATCH | patch -d $KERNELDIR -p1 >>$LOGFILE 2>&1
+ log_status $?
+ [ $? -eq 0 ] || exit 1
+ fi
fi
+cd $KERNELDIR
-execute "cp $KERNELCONFIG .config" 0
+if [ ! -f .config ]
+then
+ execute "cp $KERNELCONFIG .config" 0
+fi
echo "Creating kernel configuration, you might get prompted for new parameters"
make oldconfig 2>&1 | tee -a $LOGFILE
diff --git a/testing/scripts/function.sh b/testing/scripts/function.sh
index 2dd465c85..bab2f7422 100755
--- a/testing/scripts/function.sh
+++ b/testing/scripts/function.sh
@@ -163,7 +163,7 @@ running_any()
command -v virsh >/dev/null || return 1
for host in $*
do
- virsh list --name | grep "^$host$" >/dev/null && return 0
+ virsh list --name 2>/dev/null | grep "^$host$" >/dev/null && return 0
done
return 1
}
diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk
index d58de95bf..404c6c6bf 100644
--- a/testing/scripts/recipes/013_strongswan.mk
+++ b/testing/scripts/recipes/013_strongswan.mk
@@ -54,6 +54,8 @@ CONFIG_OPTS = \
--enable-imv-attestation \
--enable-imc-swid \
--enable-imv-swid \
+ --enable-imc-hcd \
+ --enable-imv-hcd \
--enable-sql \
--enable-sqlite \
--enable-attr-sql \
@@ -77,6 +79,7 @@ CONFIG_OPTS = \
--enable-ccm \
--enable-gcm \
--enable-cmac \
+ --enable-chapoly \
--enable-ha \
--enable-af-alg \
--enable-whitelist \
diff --git a/testing/start-testing b/testing/start-testing
index 83291de28..d339ac025 100755
--- a/testing/start-testing
+++ b/testing/start-testing
@@ -14,6 +14,7 @@ MCASTBRS="test-br0 test-br1"
echo "Starting test environment"
[ `id -u` -eq 0 ] || die "You must be root to run $0"
+running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
check_commands kvm virsh
diff --git a/testing/testing.conf b/testing/testing.conf
index 737bcae23..dedc3310f 100644
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -24,14 +24,14 @@ fi
: ${TESTDIR=/srv/strongswan-testing}
# Kernel configuration
-: ${KERNELVERSION=4.0}
+: ${KERNELVERSION=4.2}
: ${KERNEL=linux-$KERNELVERSION}
: ${KERNELTARBALL=$KERNEL.tar.xz}
-: ${KERNELCONFIG=$DIR/../config/kernel/config-4.0}
-: ${KERNELPATCH=ha-3.18-abicompat.patch.bz2}
+: ${KERNELCONFIG=$DIR/../config/kernel/config-4.2}
+: ${KERNELPATCH=ha-4.2-abicompat.patch.bz2}
# strongSwan version used in tests
-: ${SWANVERSION=5.3.1}
+: ${SWANVERSION=5.3.3}
# Build directory where the guest kernel and images will be built
: ${BUILDDIR=$TESTDIR/build}
diff --git a/testing/tests/ha/both-active/evaltest.dat b/testing/tests/ha/both-active/evaltest.dat
index 89e5f4b6e..3865be9f1 100644
--- a/testing/tests/ha/both-active/evaltest.dat
+++ b/testing/tests/ha/both-active/evaltest.dat
@@ -1,6 +1,6 @@
-alice::ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES
+alice::ipsec status 2> /dev/null::rw\[1].*PASSIVE.*mars.strongswan.org.*carol@strongswan.org::YES
alice::ipsec status 2> /dev/null::rw\[2].*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1].*PASSIVE.*mars.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw\[2].*PASSIVE.*mars.strongswan.org.*dave@strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*mars.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*mars.strongswan.org::YES
diff --git a/testing/tests/ha/both-active/hosts/alice/etc/iptables.rules b/testing/tests/ha/both-active/hosts/alice/etc/iptables.rules
index cad1d202a..744560dec 100644
--- a/testing/tests/ha/both-active/hosts/alice/etc/iptables.rules
+++ b/testing/tests/ha/both-active/hosts/alice/etc/iptables.rules
@@ -11,8 +11,8 @@
-A FORWARD -o eth1 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
# clusterip rules
--A INPUT -i eth1 -d 192.168.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:c0:a8:00:05 --total-nodes 2 --local-node 2
--A INPUT -i eth0 -d 10.1.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:0a:01:00:05 --total-nodes 2 --local-node 2
+-A INPUT -i eth1 -d 192.168.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:c0:a8:00:05 --total-nodes 2 --local-node 0
+-A INPUT -i eth0 -d 10.1.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:0a:01:00:05 --total-nodes 2 --local-node 0
# allow esp
-A INPUT -p 50 -j ACCEPT
diff --git a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
index b1717607c..e8be72ae0 100644
--- a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
@@ -5,8 +5,9 @@ charon {
plugins {
ha {
local = PH_IP_ALICE
- remote = PH_IP_MOON1
+ remote = PH_IP_MOON1
segment_count = 2
+ autobalance = 10
fifo_interface = yes
monitor = yes
}
diff --git a/testing/tests/ha/both-active/hosts/moon/etc/iptables.rules b/testing/tests/ha/both-active/hosts/moon/etc/iptables.rules
index ab7fd7fcb..365c07e96 100644
--- a/testing/tests/ha/both-active/hosts/moon/etc/iptables.rules
+++ b/testing/tests/ha/both-active/hosts/moon/etc/iptables.rules
@@ -11,8 +11,8 @@
-A FORWARD -m policy -o eth0 --dir out --pol ipsec --proto esp -j ACCEPT
# clusterip rules
--A INPUT -i eth0 -d 192.168.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:c0:a8:00:05 --total-nodes 2 --local-node 1
--A INPUT -i eth1 -d 10.1.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:0a:01:00:05 --total-nodes 2 --local-node 1
+-A INPUT -i eth0 -d 192.168.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:c0:a8:00:05 --total-nodes 2 --local-node 0
+-A INPUT -i eth1 -d 10.1.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:0a:01:00:05 --total-nodes 2 --local-node 0
# allow esp
-A INPUT -p 50 -j ACCEPT
diff --git a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
index 30ae28e5f..206fb21b6 100644
--- a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
@@ -5,8 +5,9 @@ charon {
plugins {
ha {
local = PH_IP_MOON1
- remote = PH_IP_ALICE
+ remote = PH_IP_ALICE
segment_count = 2
+ autobalance = 10
fifo_interface = yes
monitor = yes
}
diff --git a/testing/tests/ha/both-active/pretest.dat b/testing/tests/ha/both-active/pretest.dat
index af4d66cfc..5ffc38766 100644
--- a/testing/tests/ha/both-active/pretest.dat
+++ b/testing/tests/ha/both-active/pretest.dat
@@ -11,6 +11,7 @@ carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
alice::ipsec start
+alice::sleep 1
carol::ipsec start
dave::ipsec start
carol::sleep 1
diff --git a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/nat_updown b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/nat_updown
index b8b1fdd09..d8a0018c4 100755
--- a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/nat_updown
+++ b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/nat_updown
@@ -63,7 +63,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -86,6 +86,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/description.txt b/testing/tests/ikev2/alg-chacha20poly1305/description.txt
new file mode 100644
index 000000000..dd8918b68
--- /dev/null
+++ b/testing/tests/ikev2/alg-chacha20poly1305/description.txt
@@ -0,0 +1,5 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite
+<b>CHACHA20_POLY1305_256</b> both for IKE and ESP by defining
+<b>ike=chacha20poly1305-prfsha256-ntru256</b> and
+<b>esp=chacha20poly1305-ntru256</b> in ipsec.conf, respectively.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat
new file mode 100644
index 000000000..893e94da8
--- /dev/null
+++ b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat
@@ -0,0 +1,13 @@
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+moon:: ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES
+moon:: ipsec statusall 2> /dev/null::CHACHA20_POLY1305_256,::YES
+carol::ipsec statusall 2> /dev/null::CHACHA20_POLY1305_256,::YES
+moon:: ip xfrm state::aead rfc7539esp(chacha20,poly1305)::YES
+carol::ip xfrm state::aead rfc7539esp(chacha20,poly1305)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..eebbaa174
--- /dev/null
+++ b/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=chacha20poly1305-prfsha256-ntru256!
+ esp=chacha20poly1305-ntru256!
+
+conn home
+ left=PH_IP_CAROL
+ leftfirewall=yes
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..9e655eaa9
--- /dev/null
+++ b/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..b0b57631f
--- /dev/null
+++ b/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=chacha20poly1305-prfsha256-ntru256!
+ esp=chacha20poly1305-ntru256!
+
+conn rw
+ left=PH_IP_MOON
+ leftfirewall=yes
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..964c520d3
--- /dev/null
+++ b/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/posttest.dat b/testing/tests/ikev2/alg-chacha20poly1305/posttest.dat
new file mode 100644
index 000000000..046d4cfdc
--- /dev/null
+++ b/testing/tests/ikev2/alg-chacha20poly1305/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat b/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat
new file mode 100644
index 000000000..4fc25772b
--- /dev/null
+++ b/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat
@@ -0,0 +1,6 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/test.conf b/testing/tests/ikev2/alg-chacha20poly1305/test.conf
new file mode 100644
index 000000000..4a5fc470f
--- /dev/null
+++ b/testing/tests/ikev2/alg-chacha20poly1305/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat
index 2d54c6027..eb69d2e45 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat
@@ -2,6 +2,8 @@ alice::cat /etc/freeradius/clients.conf
alice::cat /etc/freeradius/eap.conf
alice::cat /etc/freeradius/proxy.conf
alice::cat /etc/freeradius/triplets.dat
+carol::cat /etc/ipsec.d/triplets.dat
+dave::cat /etc/ipsec.d/triplets.dat
alice::radiusd
moon::ipsec start
carol::ipsec start
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem
index 37ef9c665..c8ef183c0 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIID/TCCAuWgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
+MIID/TCCAuWgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTEwMDcwMzE1MjgyOVoXDTE1MDcwMjE1MjgyOVowUTEL
+BAMTCFNhbGVzIENBMB4XDTE1MDcyMjEzMzYwMVoXDTE5MDQwMzEzMzYwMVowUTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsT
CFJlc2VhcmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHf
@@ -15,10 +15,10 @@ x8gPKfPdVCAwbQYDVR0jBGYwZIAUX5sTRvkgcsgA1Yi1p0wul+oLkyihSaRHMEUx
CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
ExJzdHJvbmdTd2FuIFJvb3QgQ0GCASEwNAYDVR0fBC0wKzApoCegJYYjaHR0cDov
L2NybC5zdHJvbmdzd2FuLm9yZy9zYWxlcy5jcmwwDQYJKoZIhvcNAQELBQADggEB
-ALRTVUS8bpb3NrwWV/aIE6K9MvtX1kPzMUbZgykwOm4g1jfDmqbPw28X6YZESQ2B
-bG1QRh3SUpSoT5vplPcD4OCv3ORKACzGhx4xemd7TpYP8dnptfk66cfFCP+It0t4
-hP45BqlgVZfd5ZAO/ogRQ+2s79Obc5XPq/ShGvConGVOPDuqkWrP/ISIMdBXFHqk
-WyW24e/Kzq7pPMG18Ect7NA4gRXSiWx0U33lhWNasPvSKtKgC6dcmRNqjyTHQoFy
-02FLgKP1p214ThLkSr9dgHT6e69R7ES9Vin3DUgPuJdlXcax/BWm6gLugqHcXVGF
-yuVPkDSgPds6m0KQcEVnuaU=
+AExl2Twec2R2A187Ythn+by+HmP2KYcwt80MwgAXX8jYGiidmv05g6Oa+cvP1Hxo
+ilCZwTbMSOGmSJSpBDeJq3iQOnOONvNuhiu37ziqMY2CBSOVBzxp6gATp1k3m3m9
+oKR/LWl74VhgHxoF4E4Tds4BYzD0T6mrEo5Vi8tNr4T4LKhoe+pfwNvqSzefWEKY
+27ehiMPhQoAr4S/aBynp9qtzrrvGFIFqbINKMCDZy5P3BzI6ki69J6FkvkO75SEa
+31JRvEB8jyfxaJz9EzdvmfEAsSc5Akzc3ZLR7e0T+NaJitbtFoaqZc+1TIfKNbdt
+dSLmfo9Q/ieLbkd0Tljl/Cg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem
index 0a435b90d..4e4195184 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIBBzANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
+MIIEADCCAuigAwIBAgIBDDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDcwMzE1MTgzOVoXDTE1MDcwMjE1MTgz
-OVowSzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAM
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTE1MDcyMjEzMzkxMloXDTE5MDQwMzEzMzkx
+MlowSzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAM
BgNVBAsTBVNhbGVzMREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH
/QcWm1Xfqnc9qaPPGoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq
@@ -15,10 +15,10 @@ p0wul+oLkygwbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPdVCChSaRHMEUx
CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
ExJzdHJvbmdTd2FuIFJvb3QgQ0GCASAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDov
L2NybC5zdHJvbmdzd2FuLm9yZy9yZXNlYXJjaC5jcmwwDQYJKoZIhvcNAQELBQAD
-ggEBADPiBfTbTkHwRdpt4iAY/wx0AKKwnF636+1E+m8dHn1HhTU8FZkiRCsRSRdx
-qpzprMga6v7ksV29CIJpTciaD48S2zWNsiQ2vfNB4UenG4wKVG8742CQakCzZk/7
-MrHutk+VDcN3oGcu4gFECPzrZiYPTVv74PCFRfd37SYlXmN0KF0Ivzgu2DNwJNMD
-Aa6sHs+/8H/7BbzHxUZkT7zrTuy4M5FGIKllQBxALp/8N/LN4vz0ZbLgbNU7Eo16
-EikbEASUs3Scmna+dFBSfexf0G9oqvHvxjWPiZRw6ZrS5TZkAE1DmdqLWwTNq/Fo
-aeDWsllgAdqMA2fL7i9tsFHZVYk=
+ggEBAA02ru9JhdIdlASKIJeVq71tl1wCpLZXZHwogfJqxQ+4oFghXS1dlqQ6H3bC
+FbjycssfGVEox349edq1s+4vbK+VS9j2kFBAwxw7NUXKOJ1tM0/FjSFrBTDzw53S
+e7V12nzyep5p8Dzd4CMP2ThpKKofNWzaRb9o/K2vsk3nP2W/CVj+E32Chm5ySdl9
+sYHzAlNYoBi/xxHeSzWSzTA9gEMV5onNx025SGUx6TwQejMAD/DEp0QNGaqBD1lC
+916UfBG0voUz8BpQzvRXeFCW3qPbNuJWvu3c/VRhYe5DRz3Cq1R9YoQnZhStjdRr
+v7YJ5uRiz1rJ0yrQ/W1rMNFGirI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown
index e0c15f56a..482ea3f87 100755
--- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown
index 1afd70df8..f3bfd9b36 100755
--- a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown
+++ b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown
@@ -62,7 +62,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -85,6 +85,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown
index e9ab41c7f..7e12e2fcd 100755
--- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown
+++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat
index b9117af36..f8a9cc852 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
alice::cat /etc/freeradius/triplets.dat
+carol::cat /etc/ipsec.d/triplets.dat
alice::radiusd
moon::ipsec start
carol::ipsec start
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat
index 0b3e901c2..0e9e46bfd 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat
@@ -5,6 +5,8 @@ moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
alice::cat /etc/freeradius/triplets.dat
+carol::cat /etc/ipsec.d/triplets.dat
+dave::cat /etc/ipsec.d/triplets.dat
alice::radiusd
moon::ipsec start
carol::ipsec start
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/modules/sim_files b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/modules/sim_files
new file mode 100644
index 000000000..10c26aa15
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/modules/sim_files
@@ -0,0 +1,3 @@
+sim_files {
+ simtriplets = "/etc/freeradius/triplets.dat"
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat
index c17bec0f7..57c9f11a8 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat
@@ -5,6 +5,8 @@ alice::cat /etc/freeradius/clients.conf
alice::cat /etc/freeradius/eap.conf
alice::cat /etc/freeradius/proxy.conf
alice::cat /etc/freeradius/triplets.dat
+carol::cat /etc/ipsec.d/triplets.dat
+dave::cat /etc/ipsec.d/triplets.dat
alice::radiusd
moon::ipsec start
carol::ipsec start
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/test.conf b/testing/tests/ikev2/rw-eap-sim-radius/test.conf
index f29298850..42d23a50b 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/test.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# Guest instances on which FreeRadius is started
+#
+RADIUSHOSTS="alice"
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/mark_updown b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/mark_updown
index b8b45e3b0..00ce6cd9c 100755
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/mark_updown
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/mark_updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der
index cbc7e09c1..fdfd39f13 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der
Binary files differ
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der
index 491e245dd..8a520c0b4 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der
Binary files differ
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der
index cbc7e09c1..fdfd39f13 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der
Binary files differ
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der
index 83a213710..75a114339 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der
Binary files differ
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der
index cbc7e09c1..fdfd39f13 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der
Binary files differ
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der
index 1ab7d21f7..d0ea364b0 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der
Binary files differ
diff --git a/testing/tests/ikev2/trap-any/description.txt b/testing/tests/ikev2/trap-any/description.txt
new file mode 100644
index 000000000..81e148259
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/description.txt
@@ -0,0 +1,7 @@
+The hosts <b>moon</b>, <b>sun</b> and <b>dave</b> install <b>transport-mode</b> trap
+policies with <b>right=%any</b>. The remote host is dynamically determined based on
+the acquires received from the kernel. Host <b>dave</b> additionally limits the remote
+hosts to <b>moon</b> and <b>sun</b> with <b>rightsubnet</b>. This is tested by
+pinging <b>sun</b> and <b>carol</b> from <b>moon</b>, <b>carol</b> from <b>sun</b>, and
+<b>sun</b> and <b>moon</b> from <b>dave</b>. The latter also pings <b>carol</b>, which
+is not going to be encrypted as <b>carol</b> is not part of the configured <b>rightsubnet</b>.
diff --git a/testing/tests/ikev2/trap-any/evaltest.dat b/testing/tests/ikev2/trap-any/evaltest.dat
new file mode 100644
index 000000000..bcba9ef08
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/evaltest.dat
@@ -0,0 +1,33 @@
+moon::ping -c 2 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES
+moon::ping -c 2 -W 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES
+sun::ping -c 2 -W 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES
+dave::ping -c 2 -W 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=2::YES
+dave::ping -c 2 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES
+dave::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=1::YES
+moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_SUN::YES
+moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_CAROL::YES
+moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_DAVE::YES
+sun:: ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES
+sun:: ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_SUN.*PH_IP_DAVE::YES
+sun:: ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_SUN.*PH_IP_CAROL::YES
+dave:: ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_DAVE.*PH_IP_MOON::YES
+dave:: ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_DAVE.*PH_IP_SUN::YES
+carol:: ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_CAROL.*PH_IP_MOON::YES
+carol:: ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_CAROL.*PH_IP_SUN::YES
+carol:: ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_CAROL.*PH_IP_DAVE::NO
+moon::ipsec status 2> /dev/null::trap-any.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::trap-any.*INSTALLED, TRANSPORT::YES
+dave:: ipsec status 2> /dev/null::trap-any.*INSTALLED, TRANSPORT::YES
+carol:: ipsec status 2> /dev/null::trap-any.*INSTALLED, TRANSPORT::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+sun::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > carol.strongswan.org: ESP::YES
+sun::tcpdump::IP dave.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > dave.strongswan.org: ESP::YES
+carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+carol::tcpdump::IP sun.strongswan.org > carol.strongswan.org: ESP::YES
+carol::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES
+carol::tcpdump::IP dave.strongswan.org > carol.strongswan.org: ICMP echo request::YES
+carol::tcpdump::IP carol.strongswan.org > dave.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..a2d62296f
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,16 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="knl 2"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+conn trap-any
+ right=%any
+ type=transport
+ authby=psk
+ auto=add
diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..34647bc0b
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1 @@
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL \ No newline at end of file
diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..8e685c862
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..3c7adfbf9
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,18 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="knl 2"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+conn trap-any
+ right=%any
+ rightsubnet=192.168.0.0/30
+ type=transport
+ authby=psk
+ auto=route
+
diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..34647bc0b
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1 @@
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL \ No newline at end of file
diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..8e685c862
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..409bee2cb
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="knl 2"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+# to access the host via SSH in the test environment
+conn pass-ssh
+ authby=never
+ leftsubnet=0.0.0.0/0[tcp/22]
+ rightsubnet=0.0.0.0/0[tcp]
+ type=pass
+ auto=route
+
+conn trap-any
+ right=%any
+ type=transport
+ authby=psk
+ auto=route
diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..34647bc0b
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1 @@
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL \ No newline at end of file
diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..8e685c862
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf
new file mode 100644
index 000000000..71edc4c14
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="knl 2"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+# to access the host via SSH in the test environment
+conn pass-ssh
+ authby=never
+ leftsubnet=0.0.0.0/0[tcp/22]
+ rightsubnet=0.0.0.0/0[tcp]
+ type=pass
+ auto=route
+
+conn trap-any
+ right=%any
+ type=transport
+ authby=psk
+ auto=route
+
diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.secrets
new file mode 100644
index 000000000..34647bc0b
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.secrets
@@ -0,0 +1 @@
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL \ No newline at end of file
diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..8e685c862
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ikev2/trap-any/posttest.dat b/testing/tests/ikev2/trap-any/posttest.dat
new file mode 100644
index 000000000..1bf206e26
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
diff --git a/testing/tests/ikev2/trap-any/pretest.dat b/testing/tests/ikev2/trap-any/pretest.dat
new file mode 100644
index 000000000..0924078b3
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/pretest.dat
@@ -0,0 +1,5 @@
+moon::ipsec start
+sun::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::sleep 1
diff --git a/testing/tests/ikev2/trap-any/test.conf b/testing/tests/ikev2/trap-any/test.conf
new file mode 100644
index 000000000..742bf02bd
--- /dev/null
+++ b/testing/tests/ikev2/trap-any/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon winnetou sun carol dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-s.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun carol"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun carol dave"
diff --git a/testing/tests/ipv6/host2host-ikev1/test.conf b/testing/tests/ipv6/host2host-ikev1/test.conf
index 56df1a0da..e1d17aa16 100644
--- a/testing/tests/ipv6/host2host-ikev1/test.conf
+++ b/testing/tests/ipv6/host2host-ikev1/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/host2host-ikev2/test.conf b/testing/tests/ipv6/host2host-ikev2/test.conf
index 56df1a0da..e1d17aa16 100644
--- a/testing/tests/ipv6/host2host-ikev2/test.conf
+++ b/testing/tests/ipv6/host2host-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/net2net-ikev1/test.conf b/testing/tests/ipv6/net2net-ikev1/test.conf
index 55b90befe..abade5bba 100644
--- a/testing/tests/ipv6/net2net-ikev1/test.conf
+++ b/testing/tests/ipv6/net2net-ikev1/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/net2net-ikev2/test.conf b/testing/tests/ipv6/net2net-ikev2/test.conf
index 55b90befe..abade5bba 100644
--- a/testing/tests/ipv6/net2net-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf
index 8f8d9222d..58ec28767 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf
index 8f8d9222d..58ec28767 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf
index fe141076d..345e2d808 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf
index fe141076d..345e2d808 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf
index 55b90befe..abade5bba 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/rw-compress-ikev2/test.conf b/testing/tests/ipv6/rw-compress-ikev2/test.conf
index 4e8d1e9fb..8098d4720 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/test.conf
@@ -20,3 +20,7 @@ TCPDUMPHOSTS="moon"
#
IPSECHOSTS="moon carol"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/rw-ikev1/test.conf b/testing/tests/ipv6/rw-ikev1/test.conf
index 05bb8ab6d..69b0757fd 100644
--- a/testing/tests/ipv6/rw-ikev1/test.conf
+++ b/testing/tests/ipv6/rw-ikev1/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/rw-ikev2/test.conf b/testing/tests/ipv6/rw-ikev2/test.conf
index 05bb8ab6d..69b0757fd 100644
--- a/testing/tests/ipv6/rw-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf
index 05bb8ab6d..69b0757fd 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf
index 05bb8ab6d..69b0757fd 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/rw-psk-ikev1/test.conf b/testing/tests/ipv6/rw-psk-ikev1/test.conf
index 05bb8ab6d..69b0757fd 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/test.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/rw-psk-ikev2/test.conf b/testing/tests/ipv6/rw-psk-ikev2/test.conf
index 05bb8ab6d..69b0757fd 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf
index 05bb8ab6d..69b0757fd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/transport-ikev1/test.conf b/testing/tests/ipv6/transport-ikev1/test.conf
index 56df1a0da..e1d17aa16 100644
--- a/testing/tests/ipv6/transport-ikev1/test.conf
+++ b/testing/tests/ipv6/transport-ikev1/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/transport-ikev2/test.conf b/testing/tests/ipv6/transport-ikev2/test.conf
index 56df1a0da..e1d17aa16 100644
--- a/testing/tests/ipv6/transport-ikev2/test.conf
+++ b/testing/tests/ipv6/transport-ikev2/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown
index 7c510261d..f7ec06498 100755
--- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown
+++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown
index 7c510261d..f7ec06498 100755
--- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown
+++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown
index 1b362e65c..61f65311c 100755
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown
index 1b362e65c..61f65311c 100755
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown
index 1b362e65c..61f65311c 100755
--- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown
+++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown
index 1b362e65c..61f65311c 100755
--- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown
+++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown
index 7d0c583b3..652d17dab 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown
+++ b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown
index 7d0c583b3..652d17dab 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown
+++ b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
index 7d0c583b3..652d17dab 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
+++ b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
@@ -71,7 +71,7 @@
# PLUTO_MY_SOURCEIP6_$i
# contains IPv4/IPv6 virtual IP received from a responder,
# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
# virtual IP, IPv4 or IPv6.
#
# PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
+# PLUTO_PEER_SOURCEIP
+# PLUTO_PEER_SOURCEIP4_$i
+# PLUTO_PEER_SOURCEIP6_$i
+# contains IPv4/IPv6 virtual IP sent to an initiator,
+# $i enumerates from 1 to the number of IP per address family.
+# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+# virtual IP, IPv4 or IPv6.
+#
# PLUTO_PEER_PROTOCOL
# is the IP protocol that will be transported.
#
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf
index 4baa7b59f..4dc1effea 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf
@@ -19,11 +19,11 @@ conn medsrv
leftauth=psk
right=PH_IP_CAROL
rightid=carol@strongswan.org
- rightauth=pubkeye
+ rightauth=pubkey
mediation=yes
auto=start
-conn peer
+conn peer
leftcert=venusCert.pem
leftid=@venus.strongswan.org
right=%any
diff --git a/testing/tests/sql/multi-level-ca/hosts/carol/etc/ipsec.d/data.sql~ b/testing/tests/sql/multi-level-ca/hosts/carol/etc/ipsec.d/data.sql~
deleted file mode 100644
index 4040b955f..000000000
--- a/testing/tests/sql/multi-level-ca/hosts/carol/etc/ipsec.d/data.sql~
+++ /dev/null
@@ -1,190 +0,0 @@
-/* Identities */
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 9, X'3045310B300906035504061302434831193017060355040A13104C696E7578207374726F6E675377616E311B3019060355040313127374726F6E675377616E20526F6F74204341'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */
- 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */
- 11, X'ae096b87b44886d3b820978623dabd0eae22ebbc'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* C=CH, O=Linux strongSwan, OU=Research, CN=Research CA */
- 9, X'3051310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311430120603550403130b5265736561726368204341'
-);
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, OU=Research, CN=Research CA' */
- 11, X'e775f0a0f2ad20cdcd6023ccc7c80f29f3dd5420');
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, OU=Research, CN=Research CA' */
- 11, X'c71449851517718914a496532a1ee801b21c6aa5');
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* carol@strongswan.org */
- 3, X'6361726f6c407374726f6e677377616e2e6f7267'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' */
- 11, X'5da9f9ef80718d3a883938e2de6e6624989fdf69'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* moon.strongswan.org */
- 2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
- );
-
-/* Certificates */
-
-INSERT INTO certificates (
- type, keytype, data
-) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f62ea3d566e58b3c87a49caf3ac61cfa96377734d842db3f8fd6ea023f7b0132e66265012317386729c6d7c427a8d9f167be138e8ebae2b12b95933baef36a315c3ddf224cee4bb9bd578135d0467382629621ff96b8d45f6e002e5083662dce181805c140b3f2ce93f83aee3c861cff610a39f0189cb3a3c7cb9bf7e2a09544e2170efaa18fdd4ff20fa94be176d7fecff821f68d17152041d9b46f0cfcfc1e4cf43de5d3f3a587763afe9267f53b11699b3264fc55c5189f5682871166cb98307950569641fa30ffb50de134fed2f973cef1a392827862bc4ddaa97bbb01442e293c41070d07224d4be47ae2753eb2bed4bc1da91c68ec780c4620f0f0203010001a381b23081af30120603551d130101ff040830060101ff020101300b0603551d0f040403020106301d0603551d0e041604145da7dd700651327ee7b66db3b5e5e060ea2e4def306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100300d06092a864886f70d01010b0500038201010023929aa101b412d1f5a577532088f209b34798a72ed7bd6945d74beaa2b3a1768764ad7f8b0df8d97a1a3ed1102e92a5f107e3059dc2250be49d02261ca83a342e0e5de7d43c37744e3fcea3197720ca1184d4ef94e6beeb0d241746b0b92b7fb1004c08e88bf9eb4ce60f3e149466f3e9fc3f98bce449f448f9d465e52b59f0101e6203cfad0d89e23509fa043d4c12021e8f32be7db8b2edbada641d64aa1a04af64a2ee5b814a753dd76b30e3de04f3c6b61166e632f8364d51cf3730a9564a4d93b9227c28b09b0f5595d92a632f72fe509a129ca9ee54df2b0edc6c3d38564f10256efcd8be82b2ec64977e3a6f5ef098eaa7f00662a6cded16cb80637c'
-);
-
-INSERT INTO certificates (
- type, keytype, data
-) VALUES ( /* C=CH, O=Linux strongSwan, OU=Research, CN=Research CA */
- 1, 1, X'308203c1308202a9a003020102020120300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3130303430363039353335305a170d3139303430343039353335305a3051310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311430120603550403130b526573656172636820434130820122300d06092a864886f70d01010105000382010f003082010a0282010100b639b23aa6e0075b58a73f4fb25a856a72f71b5d3db1e780137a95b9e961a1dfaf19c6b2f9831421591c277b7a046a43f02e2471dc12fdc351d7c9596032a559d4bdd95ca79f21063a717d33d73fd203071cd0690c94cec13120658e5546367bbc49e412819d7564a24de1b58e07af519da8d87edcb1266de809067813452471e0f289e7814efdbefc2d4cc1fab331af3c70fe59c8f2312602d2a5ba043b73d6ae31e142cfe3669527e74a85a11cde6a9bed2234acb40bedb922e13c36afa2de3b41888f01c01a87637bb622e7e5521f4d73d77f47abc6b113cc1ecdf45f51dafe6d14838f78fb0c2ac1f1016518f3c4c98c17fd521b82351374c3389decae390203010001a381af3081ac300f0603551d130101ff040530030101ff300b0603551d0f040403020106301d0603551d0e04160414e775f0a0f2ad20cdcd6023ccc7c80f29f3dd5420306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100300d06092a864886f70d01010b050003820101008d6da16d1b2dcc815c0a3215e2ca1b2e1289b70d059b3fae80a173051abf47e8c8b74260c60528478738bbc8b1322389fa58e0c3f2dd20604395e972ce6f385c16f7b8cce987c1caa8f1e3eeea4c1a8e68b31705b789dcb230432262ae9a8767396c3ac71c8710a370c00c3ce0469968e974ea942e82e5c17f44161040dab11907589a9a06d4279339791344b9b9bcc51e816b0ff4391cffb6dfadc42f63c5c8c7a099ce155d2cb3b5ecddddf63ea86f286801c6354b672ab7cc3feb306db15d5c8a3d4e3acde94c08fd5476c33adad2f5730022e2ca246b4d8642b3ffaf00611eddb66c930de2036ce4d4af8537638e0c156332eeeb7205601bd6f2c1668992'
-);
-
-INSERT INTO certificates (
- type, keytype, data
-) VALUES ( /* C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org */
- 1, 1, X'3082042c30820314a00302010202010b300d06092a864886f70d01010b05003051310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311430120603550403130b5265736561726368204341301e170d3135303432363130323530345a170d3139303430333130323530345a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100aba9b87a9452a4ae7ec12d8d24d91244c5b131965d09306682db00f3656783d5d03c758eedf146f56d8d01cddd3b31e88b01d493b793f74c131c2db5b78103c1caa0a630f82146f3ee9759453eb414f9c65c1ae6c755507228f0e9f5c7b45bdecf910e1276fd8bc27ff1f5dda3ada86f8bed7cadecec11419371e06c7ad2c814d9986bf56b0cb2558941e4bddaf6ba52219837873aa91372ad2f734d9109d3289bb5f961774ecb2dc833fa31ea09d51c3cae20f3e4c7f070ad7a4d27d9046edc87db10cfa2e846998d426ad64a7a93d1c0220291e3cafd1d5937cc1b16241a3ab31527f3f6af14ce78bddc03f0d00294d9fdc686c45ec3b78f01a58dce666f8d0203010001a38201043082010030090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604145da9f9ef80718d3a883938e2de6e6624989fdf69306d0603551d23046630648014e775f0a0f2ad20cdcd6023ccc7c80f29f3dd5420a149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820120301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730370603551d1f0430302e302ca02aa0288626687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f72657365617263682e63726c300d06092a864886f70d01010b050003820101004e05096d72fcdded75173a3e5c6310db815fc5d52f95ec7d21c9e73599e3b32e1c61a521a1f748d402243a1761ed1e22f5db5d7db14b2d0477a9cda398bf6e6dd40ff3716265940e5d7e795d5e7f19be04e20d93d9953c6a16f2f99cd0b047088c67a8b7b7d17dbc54adc8e720ac5977b26c412691e39accacd714390a454f6d76baba2352782b12801e682e54484897b05d753fae7851e8d1f0309ccf02e2e1006f8d14c7ddb70c0b9ec58ec5add67fca081d3c752d288c3f93fba94deffd4ac8bade7913729d7cdcd460259f91b4dc8bf09bd493153d6662390130e098fb78a110ea73951f695825a5f69ef6f1d6f79a4d15b039b58dd39fdcf2b55ddd8f27');
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 1, 1
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 1, 2
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 1, 3
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 2, 4
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 2, 5
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 2, 6
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 3, 7
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 3, 8
-);
-
-/* Private Keys */
-
-INSERT INTO private_keys (
- type, data
-) VALUES ( /* key of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' */
- 1, X'308204a40201000282010100aba9b87a9452a4ae7ec12d8d24d91244c5b131965d09306682db00f3656783d5d03c758eedf146f56d8d01cddd3b31e88b01d493b793f74c131c2db5b78103c1caa0a630f82146f3ee9759453eb414f9c65c1ae6c755507228f0e9f5c7b45bdecf910e1276fd8bc27ff1f5dda3ada86f8bed7cadecec11419371e06c7ad2c814d9986bf56b0cb2558941e4bddaf6ba52219837873aa91372ad2f734d9109d3289bb5f961774ecb2dc833fa31ea09d51c3cae20f3e4c7f070ad7a4d27d9046edc87db10cfa2e846998d426ad64a7a93d1c0220291e3cafd1d5937cc1b16241a3ab31527f3f6af14ce78bddc03f0d00294d9fdc686c45ec3b78f01a58dce666f8d020301000102820100426a6be1a1394855eadcbacefd0eaf2ec47e05fd7309771c724c6155ca49fe8bdf01454a836cf2534a8b5fc35270f0a25405e54531a5a1ec610869f700847dfba075ff56bae9c515e39dd300237e710f225bc85cb98a9c914e9dc7273c98df62995439e992f80df6b6a1daca61e5726195f5d0634a631b5a0fbde3629532b00e1ed0a7024d324f65a513ef5e7cb4ee5e8648402c7e21ca3a2f0a7c242999616da97d493d728f5d8ba502979d02f80e5172fa6c13b0997170b3100ab3d3a785cf88a6810bb34122da79dba917bedcc8f775de70f637bf9819f5ab58a6dda8632e42799face41665ff78ae53ac423c82cdb1c8788b49b174fe0c1293d12c04210102818100d6672852209839c41c03e16d48ef1bcb34aed2e4193b5712fd5112e666ed448b8ba37dcbd0fd326d59c121f93789a06aef4194f7c5e3842194c0dc100d09becdb2cafa9fa3fb82f66b2be3b4e579aa5d1bda093a7b2459a17d787afb26c42d8e16a1a6183f9578f378a4ff90dfd40c085bdfdba04cb4a1f25d09e4c00eb51b7d02818100ccf7c72e9de24fdc4baa9a7dccff63da6f53b3a9bafd4cf3b9ace9ce5eeb60c94b91de9f05606ab90e3aa9b3b95aff923bbc9969653b3ae5867bace78355564ab2c166544c7eefb37b5b8411335d79d448f39f27bf56cc9479adf7e4626603a065eec7dc3e1d2e986b42b242f2d96c68fd0659845991feb89fedfb2995f6415102818100c8a7266f261e1101de0e2bacf1730599f9a61bac6988c586fa18240e0909c8faa826cc163172a4fcfde0e800aadf5c88777df302a7eab3c011cd24a6c8ecf3eae2876062833f6163690d5c3ff1fb195ba6333a2bc70f4feaf8d8069081c95bb0fcb13016c57b08052445970068d9b4a1260aad2aaa5eeaa93e358225d41ddea90281801d21feb296884b37919daf15c0647069e4b6edeb6b0383c384999a25d601f8a0c3d7f8df7b6127ea23a69ce649ab3076357d6a04bbf9be364f7616ae555174d16b34e7f98561e96a06578c9ef1411106e65392449102a2535c3428eed23993bc61a09dd1a5167abff946e295777505deaa5013bb270c043b73a7dcb21d7981f102818100aeb7b4ac389d03b60a738dab58cca061e375a0c236de47245ec93e8e5ae3e22d488a41837c5b9a1da59e75ce8aef171bba8843230335ecd24d736cce3f11a430c1ab5311917465031832f9b8e9fd277613777d8d0ed04358cd9112e43adf0a06e83e59ab5a855ec54df11030963bc84ed1f2e6c2a20af05e0453c072395b0772'
-
-INSERT INTO private_key_identity (
- private_key, identity
-) VALUES (
- 1, 7
-);
-
-INSERT INTO private_key_identity (
- private_key, identity
-) VALUES (
- 1, 8
-);
-
-/* Configurations */
-
-INSERT INTO ike_configs (
- local, remote
-) VALUES (
- 'PH_IP_CAROL', 'PH_IP_MOON'
-);
-
-INSERT INTO peer_configs (
- name, ike_cfg, local_id, remote_id
-) VALUES (
- 'home', 1, 7, 9
-);
-
-INSERT INTO child_configs (
- name, updown
-) VALUES (
- 'home', 'ipsec _updown iptables'
-);
-
-INSERT INTO peer_config_child_config (
- peer_cfg, child_cfg
-) VALUES (
- 1, 1
-);
-
-INSERT INTO traffic_selectors (
- type, start_addr, end_addr
-) VALUES ( /* 10.1.0.0/16 */
- 7, X'0a010000', X'0a01ffff'
-);
-
-INSERT INTO traffic_selectors (
- type
-) VALUES ( /* dynamic/32 */
- 7
-);
-
-INSERT INTO child_config_traffic_selector (
- child_cfg, traffic_selector, kind
-) VALUES (
- 1, 1, 1
-);
-
-INSERT INTO child_config_traffic_selector (
- child_cfg, traffic_selector, kind
-) VALUES (
- 1, 2, 2
-);
-
diff --git a/testing/tests/sql/multi-level-ca/hosts/dave/etc/ipsec.d/data.sql~ b/testing/tests/sql/multi-level-ca/hosts/dave/etc/ipsec.d/data.sql~
deleted file mode 100644
index 656a5adea..000000000
--- a/testing/tests/sql/multi-level-ca/hosts/dave/etc/ipsec.d/data.sql~
+++ /dev/null
@@ -1,193 +0,0 @@
-/* Identities */
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 9, X'3045310B300906035504061302434831193017060355040A13104C696E7578207374726F6E675377616E311B3019060355040313127374726F6E675377616E20526F6F74204341'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */
- 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */
- 11, X'ae096b87b44886d3b820978623dabd0eae22ebbc'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA */
- 9, X'304b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e310e300c060355040b130553616c65733111300f0603550403130853616c6573204341'
-);
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA' */
- 11, X'5f9b1346f92072c800d588b5a74c2e97ea0b9328'
-);
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA' */
- 11, X'c9ca6b980be96d5f210d7fed1529eb6c567ec26c'
-);
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* dave@strongswan.org */
- 3, X'64617665407374726f6e677377616e2e6f7267'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, OU=Sales, CN=dave@strongswan.org' */
- 11, X'81c0c1dfa134c6f60e0b9a42ff901977b6145fc7'
- );
-
-INSERT INTO identities (
- type, data
-) VALUES ( /* moon.strongswan.org */
- 2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
- );
-
-/* Certificates */
-
-INSERT INTO certificates (
- type, keytype, data
-) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f62ea3d566e58b3c87a49caf3ac61cfa96377734d842db3f8fd6ea023f7b0132e66265012317386729c6d7c427a8d9f167be138e8ebae2b12b95933baef36a315c3ddf224cee4bb9bd578135d0467382629621ff96b8d45f6e002e5083662dce181805c140b3f2ce93f83aee3c861cff610a39f0189cb3a3c7cb9bf7e2a09544e2170efaa18fdd4ff20fa94be176d7fecff821f68d17152041d9b46f0cfcfc1e4cf43de5d3f3a587763afe9267f53b11699b3264fc55c5189f5682871166cb98307950569641fa30ffb50de134fed2f973cef1a392827862bc4ddaa97bbb01442e293c41070d07224d4be47ae2753eb2bed4bc1da91c68ec780c4620f0f0203010001a381b23081af30120603551d130101ff040830060101ff020101300b0603551d0f040403020106301d0603551d0e041604145da7dd700651327ee7b66db3b5e5e060ea2e4def306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100300d06092a864886f70d01010b0500038201010023929aa101b412d1f5a577532088f209b34798a72ed7bd6945d74beaa2b3a1768764ad7f8b0df8d97a1a3ed1102e92a5f107e3059dc2250be49d02261ca83a342e0e5de7d43c37744e3fcea3197720ca1184d4ef94e6beeb0d241746b0b92b7fb1004c08e88bf9eb4ce60f3e149466f3e9fc3f98bce449f448f9d465e52b59f0101e6203cfad0d89e23509fa043d4c12021e8f32be7db8b2edbada641d64aa1a04af64a2ee5b814a753dd76b30e3de04f3c6b61166e632f8364d51cf3730a9564a4d93b9227c28b09b0f5595d92a632f72fe509a129ca9ee54df2b0edc6c3d38564f10256efcd8be82b2ec64977e3a6f5ef098eaa7f00662a6cded16cb80637c'
-);
-
-INSERT INTO certificates (
- type, keytype, data
-) VALUES ( /* C=CH, O=Linux strongSwan, OU=Sales CN=Sales CA */
- 1, 1, X'308203bb308202a3a003020102020121300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3130303430363039353433335a170d3139303430343039353433335a304b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e310e300c060355040b130553616c65733111300f0603550403130853616c657320434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c24e4d26998c37b9511fa125ba1d704e34581c569beaf41620fe14b736734847fd07169b55dfaa773da9a3cf1a8c4ed817f05e01441df39d4331c6bad861b2f74c3e49963f5677b83af0b1caab98bcaae0923cedec527a7d608260951226f9e53e1f371ad320625aa1ee899fdbfd6701b607e52bde7140ff075c91276a27173a5cbf4329c464dd3c59b6ff52b837ed13d1bbf3b3ba3c94b27f2518865773d4465ee4f4ec52801b049d030d7271df9eb6903b5f41dc1ecdab742c0c8eb1569b62aff41bf7c16702cb7abe2a185dbedc2b2f3fb8cd5e785161e4afdbee22da602381b0512350378aaa14dcdab5bcf02aceb7a4388fd157d1eb7bd2f5afc5f574810203010001a381af3081ac300f0603551d130101ff040530030101ff300b0603551d0f040403020106301d0603551d0e041604145f9b1346f92072c800d588b5a74c2e97ea0b9328306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100300d06092a864886f70d01010b0500038201010024654ea5cc8c7cbbafbad69eaff4f721674dde9dfb2e8a9078fd92f612039abbc587663f7238f983f6aa93e762349ec9f302978648c8c5e77d46f3e4ebee5e9e12092d2021427a98aebee5fd5add449d07809ed0e7789a45084262f32850914aa7615a8573349ae5f814f56b977df9a2d600be52da9a94a103e01bae0c3e0872dd2c946f8a817a9964dc9751ffa3a00392d078db4b888ed8fdd6cc33646f9f6f38448231a764ea3761eea7a04d2c7bfa7cb8b1749a4cfa71bb6631987feedd9ee63a64386f22dd7ccebff69f510b0503e13394a3621190219566373343aca19500ab5ae4b1bc0700468b4b9773d7c15d645c7df237375fc8663fe86f9b775828'
-);
-
-INSERT INTO certificates (
- type, keytype, data
-) VALUES ( /* C=CH, O=Linux strongSwan, OU=Sales, CN=dave@strongswan.org */
- 1, 1, X'3082041c30820304a003020102020109300d06092a864886f70d01010b0500304b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e310e300c060355040b130553616c65733111300f0603550403130853616c6573204341301e170d3135303432363130323232305a170d3139303430333130323232305a3056310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e310e300c060355040b130553616c6573311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100bcd9eb80441d113a64758fcf6928fd29e36b83cf8c0b0087fd23e4504ea28c89fefb2ca16996a38b926b037cfdc9afac8b447fe0f8f1b20c23baaaf1011578806eb78ca3a638b58c2bd111d3f00fafd2a65df9e615d76a67096d19da3d8660e20508a611dbef2b85cae27036058fa92746f9828fb93f88086c750de461a1d6edf847ff490c2bd7d471e721898abf81110f94db3839ca0e347b293deaf10cbe0c49dd8e2fb66353562e8b7c5ceca7a82356f488b466cefce74c33575833d64926e1076d7b49dd95442efa049b4bbb8cf8054f120774646636dde7005761ec36d08679c8ff3a7b10e33f3e81220a25fc04a9eba656c49b6629a5968e667f797b8f0203010001a381ff3081fc30090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e0416041481c0c1dfa134c6f60e0b9a42ff901977b6145fc7306d0603551d230466306480145f9b1346f92072c800d588b5a74c2e97ea0b9328a149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820121301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f73616c65732e63726c300d06092a864886f70d01010b05000382010100b955fba1ace12b097ea795f9f38172011e17964df72ea1b373d5c45ab5d2064595412c892d9108c006c5fadadd307022788143204f40f1811fdb6500eff6da79aba6e8e5724cf9b164b9fd0d88f99efb0f4eafe55872eca29631e71c5deb8a12b66453815e5da463aebbb6218530bdc18e16984151c0d19b127dedc0bb171c92ed14db974934bab5f804e3783bb27bcfcd26a4bde5805c319cd68b01bf5603059827a2ca00286d69889362ce8a3145a4d376c920a22e29ae790a7f0cede405d5a585a7a5dc47bd9640396eaa05721a5b1c7f1e40ac8e2e14670762e4fd1842de61881635b5dbbb0976375692ba3250b7a99d42cbc90400ea3cbeb44bb85d9d82'
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 1, 1
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 1, 2
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 1, 3
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 2, 4
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 2, 5
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 2, 6
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 3, 7
-);
-
-INSERT INTO certificate_identity (
- certificate, identity
-) VALUES (
- 3, 8
-);
-
-/* Private Keys */
-
-INSERT INTO private_keys (
- type, data
-) VALUES ( /* key of 'C=CH, O=Linux strongSwan, OU=Sales, CN=dave@strongswan.org' */
- 1, X'308204a40201000282010100bcd9eb80441d113a64758fcf6928fd29e36b83cf8c0b0087fd23e4504ea28c89fefb2ca16996a38b926b037cfdc9afac8b447fe0f8f1b20c23baaaf1011578806eb78ca3a638b58c2bd111d3f00fafd2a65df9e615d76a67096d19da3d8660e20508a611dbef2b85cae27036058fa92746f9828fb93f88086c750de461a1d6edf847ff490c2bd7d471e721898abf81110f94db3839ca0e347b293deaf10cbe0c49dd8e2fb66353562e8b7c5ceca7a82356f488b466cefce74c33575833d64926e1076d7b49dd95442efa049b4bbb8cf8054f120774646636dde7005761ec36d08679c8ff3a7b10e33f3e81220a25fc04a9eba656c49b6629a5968e667f797b8f020301000102820100079e7315d5a9a68c488945a8048216d49dcc34a126f13ab041d234dfd88c4e4732f64732abe3dbed4196f7a90f4417c64a481530aa5a75e86f789474ecaa45164961365753d96dd99ddaed71337a2e89bd14858476d51e01d22b88a3795ff680a7db5577dafba731daa1900d5de411daf7ce112a633ae0ee161212e167def3a0cc5bbb3e065853d6f85d0fe7955697207fb432aae3c7d5ac70b151fbd67d58f1f1f65ccbe768200280921e56bf3564def51657617f0fc7c1e8e6bc49df7217bdd4380364a2379b3a0614cc05f0b84d5bdd72311442908d8d6e2eb3d5d411043a45266bec230375aa78acb10d7d1e751a23079430d15a4c6a7debc82581d7a46102818100edc6707a7610fc83764a6044302092878e41e84de990823eca82da736a614154568b4c8ec0bc292f60625a7f879d274ef9de386a247af4ca53178a447816ecd9b38453544ee72c14f3691b534273aeed677e3629933a8f54511e16c859b9ba8edf8e5c50cb27944090b26b0398c765951897b23d781a9df0f08215c72650e36d02818100cb53823e5c2baf9ecf121416c23461a6aa4f3bd083dbae66effed1bba4c38dd3f0f7c00dc4d9f4d69464e17d95705a742028156ffa2b17d41930fca7b4646cf66d9fcca198913018417d57c8286f2b7bd249d6350e02b62910105db1e5d70e55a866dde904dc2298c5dda344f637418fb33e573508d00176d5c79651b283016b02818100d714d395d2cad6bfcbf6c751a6ff2fccb2dfe754e2dbb7153976584862880ae2514ebc37bd1bf75d45a072203df9e81ec6633f40b4330ccf1f8e81a221c70b047a204e884abf4ddebdb7ebe1ca907e417d866b53fc3bd27f00c968ee5e4b64f7ec3d084085240e34c12ec32283c68a9aed9dfabb23b35fff1c6f6f67afbf279902818100c6dfc997014461a4add97af8bfbfc87be23d59be1c1af5bd0da56ab364f73974424fb1f445c5022c183d8c28efd053491e62d6850e66b409eb11f52e7bcd769e9a9f20e2367e5c527d4c025e6ede3de400cde3cd4504f5f3b818a9ec656932462a4f63629634534aa6cea0f1c4fa4b10293c22c466f83d5664c7b189fb57143d0281807d11912b6f18a0363dea94b10c36811880f0917eb334fe7ff55e05d39d1784c6b5fe80b0f0a9d7432fd55030fa0d27a70559dbb5b477ab2670f4c3b0b736a22051b3856c0d06f47b247e2bd7b11570947effdb53557b6c36980b4ad2c00a98d98ea71ebe96bc16038e0f91d7f86a84b407c7a19af727558963d96e75a22498fb'
-
-INSERT INTO private_key_identity (
- private_key, identity
-) VALUES (
- 1, 7
-);
-
-INSERT INTO private_key_identity (
- private_key, identity
-) VALUES (
- 1, 8
-);
-
-/* Configurations */
-
-INSERT INTO ike_configs (
- local, remote
-) VALUES (
- 'PH_IP_DAVE', 'PH_IP_MOON'
-);
-
-INSERT INTO peer_configs (
- name, ike_cfg, local_id, remote_id
-) VALUES (
- 'home', 1, 7, 9
-);
-
-INSERT INTO child_configs (
- name, updown
-) VALUES (
- 'home', 'ipsec _updown iptables'
-);
-
-INSERT INTO peer_config_child_config (
- peer_cfg, child_cfg
-) VALUES (
- 1, 1
-);
-
-INSERT INTO traffic_selectors (
- type, start_addr, end_addr
-) VALUES ( /* 10.1.0.0/16 */
- 7, X'0a010000', X'0a01ffff'
-);
-
-INSERT INTO traffic_selectors (
- type
-) VALUES ( /* dynamic/32 */
- 7
-);
-
-INSERT INTO child_config_traffic_selector (
- child_cfg, traffic_selector, kind
-) VALUES (
- 1, 1, 1
-);
-
-INSERT INTO child_config_traffic_selector (
- child_cfg, traffic_selector, kind
-) VALUES (
- 1, 2, 2
-);
-
diff --git a/testing/tests/swanctl/frags-ipv4/description.txt b/testing/tests/swanctl/frags-ipv4/description.txt
new file mode 100755
index 000000000..51744cf7c
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/description.txt
@@ -0,0 +1,13 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b> using the <b>IKEv2</b> key exchange protocol. The
+authentication is based on <b>X.509 certificates</b>. <b>dave</b> advertises
+the support of the IKEv2 fragmentation protocol defined in <b>RFC 7383</b>
+which prevents the IP fragmentation of the IKEv2 messages carrying large X.509
+certificates whereas <b>carol</b> announces support of non-standardized
+IKEv1 fragmentation.
+
+<p/>
+Upon the successful establishment of the IPsec tunnels, the updown script
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/swanctl/frags-ipv4/evaltest.dat b/testing/tests/swanctl/frags-ipv4/evaltest.dat
new file mode 100755
index 000000000..a4aea93ba
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/evaltest.dat
@@ -0,0 +1,19 @@
+carol:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+dave:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+moon:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+carol:: cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES
+carol:: cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES
+dave:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
+dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+moon:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
+moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..2a7eaaa15
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,16 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
+
+ fragment_size = 1400
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..9062e6571
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 1
+ fragmentation = yes
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-ecp256
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..2a7eaaa15
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,16 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
+
+ fragment_size = 1400
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..a4abc6ffc
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ mobike = no
+ fragmentation = yes
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-ecp256
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..2a7eaaa15
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,16 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
+
+ fragment_size = 1400
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..a19f54254
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,31 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ mobike = no
+ fragmentation = yes
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-ecp256
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv4/posttest.dat b/testing/tests/swanctl/frags-ipv4/posttest.dat
new file mode 100755
index 000000000..17e36599c
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home 2> /dev/null
+dave::swanctl --terminate --ike home 2> /dev/null
+carol::service charon stop 2> /dev/null
+dave::service charon stop 2> /dev/null
+moon::service charon stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/frags-ipv4/pretest.dat b/testing/tests/swanctl/frags-ipv4/pretest.dat
new file mode 100755
index 000000000..706bd1edd
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+dave::service charon start 2> /dev/null
+moon::sleep 1
+carol::swanctl --initiate --child home 2> /dev/null
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/frags-ipv4/test.conf b/testing/tests/swanctl/frags-ipv4/test.conf
new file mode 100755
index 000000000..1227b9d1c
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv4/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/frags-ipv6/description.txt b/testing/tests/swanctl/frags-ipv6/description.txt
new file mode 100755
index 000000000..4650d72a2
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/description.txt
@@ -0,0 +1,12 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
+to gateway <b>moon</b> using the <b>IKEv1</b> and <b>IKEv2</b> key exchange
+protocol, respectively. The authentication is based on <b>X.509 certificates</b>.
+<b>dave</b> advertises the support of the IKEv2 fragmentation protocol defined in
+<b>RFC 7383</b> which prevents the IP fragmentation of the IKEv2 messages carrying
+large X.509 certificates whereas <b>carol</b> announces support of non-standardized
+IKEv1 fragmentation.
+<p/>
+Upon the successful establishment of the IPv6 IPsec tunnels, the updown script
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/swanctl/frags-ipv6/evaltest.dat b/testing/tests/swanctl/frags-ipv6/evaltest.dat
new file mode 100755
index 000000000..4ec34d71d
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/evaltest.dat
@@ -0,0 +1,19 @@
+carol:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+dave:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+moon:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+carol:: cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES
+carol:: cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES
+dave:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
+dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+moon:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
+moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:10 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-id=moon.strongswan.org remote-host=fec0:\:20 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
+alice::ping6 -c 1 ip6-carol.strongswan.org::64 bytes from ip6-carol.strongswan.org: icmp_seq=1::YES
+alice::ping6 -c 1 ip6-dave.strongswan.org::64 bytes from ip6-dave.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..f9c0ace55
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
+
+ fragment_size = 1400
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ auth = /usr/local/sbin/swanctl --load-authorities
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..9e857f69b
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,40 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 1
+ fragmentation = yes
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..f9c0ace55
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
+
+ fragment_size = 1400
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ auth = /usr/local/sbin/swanctl --load-authorities
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..bc5e54198
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,41 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ mobike = no
+ fragmentation = yes
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..f9c0ace55
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
+
+ fragment_size = 1400
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ auth = /usr/local/sbin/swanctl --load-authorities
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..a59d13790
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,38 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ mobike = no
+ fragmentation = yes
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/swanctl/frags-ipv6/posttest.dat b/testing/tests/swanctl/frags-ipv6/posttest.dat
new file mode 100755
index 000000000..39b16a9be
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/posttest.dat
@@ -0,0 +1,14 @@
+carol::swanctl --terminate --ike home 2> /dev/null
+dave::swanctl --terminate --ike home 2> /dev/null
+carol::service charon stop 2> /dev/null
+dave::service charon stop 2> /dev/null
+moon::service charon stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
+dave::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/swanctl/frags-ipv6/pretest.dat b/testing/tests/swanctl/frags-ipv6/pretest.dat
new file mode 100755
index 000000000..868038678
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/pretest.dat
@@ -0,0 +1,15 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+dave::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+dave::"ip route add fec1:\:/16 via fec0:\:1"
+moon::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+dave::service charon start 2> /dev/null
+moon::sleep 1
+carol::swanctl --initiate --child home 2> /dev/null
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/frags-ipv6/test.conf b/testing/tests/swanctl/frags-ipv6/test.conf
new file mode 100755
index 000000000..5be224041
--- /dev/null
+++ b/testing/tests/swanctl/frags-ipv6/test.conf
@@ -0,0 +1,29 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/ip-pool-db/description.txt b/testing/tests/swanctl/ip-pool-db/description.txt
index 9774e573b..2cac465db 100755
--- a/testing/tests/swanctl/ip-pool-db/description.txt
+++ b/testing/tests/swanctl/ip-pool-db/description.txt
@@ -1,7 +1,7 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload
-by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual IP
-addresses from a pool named <b>bigpool</b> that was created in an SQL database by the command
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload.
+The gateway <b>moon</b> assigns virtual IP addresses from a pool named <b>bigpool</b> that was
+created in an SQL database by the command
<b>ipsec pool --name bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0</b>.
<p>
The updown script automatically inserts iptables-based firewall rules that let pass the
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
index 8f87a52e9..44384caf4 100755
--- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,10 @@ swanctl {
}
charon {
- dh_exponent_ansi_x9_42 = no
-
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default resolve updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
index 8f87a52e9..79bd9630b 100755
--- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,10 @@ swanctl {
}
charon {
- dh_exponent_ansi_x9_42 = no
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default resolve updown vici
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default resolve updown vici
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
index 2f632288d..c5ddd386a 100755
--- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -5,10 +5,13 @@ swanctl {
}
charon {
- dh_exponent_ansi_x9_42 = no
-
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown sqlite attr-sql vici
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/swanctl/ip-pool-db/pretest.dat b/testing/tests/swanctl/ip-pool-db/pretest.dat
index 0607f6715..4b88a6f4a 100755
--- a/testing/tests/swanctl/ip-pool-db/pretest.dat
+++ b/testing/tests/swanctl/ip-pool-db/pretest.dat
@@ -11,11 +11,5 @@ moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
moon::sleep 1
-moon::swanctl --load-conns 2> /dev/null
-carol::swanctl --load-conns 2> /dev/null
-dave::swanctl --load-conns 2> /dev/null
-moon::swanctl --load-creds 2> /dev/null
-carol::swanctl --load-creds 2> /dev/null
-dave::swanctl --load-creds 2> /dev/null
carol::swanctl --initiate --child home 2> /dev/null
dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/ip-pool-db/test.conf b/testing/tests/swanctl/ip-pool-db/test.conf
index f29298850..1227b9d1c 100755
--- a/testing/tests/swanctl/ip-pool-db/test.conf
+++ b/testing/tests/swanctl/ip-pool-db/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/ip-pool/description.txt b/testing/tests/swanctl/ip-pool/description.txt
index 23cab8e8f..17b1573f6 100755
--- a/testing/tests/swanctl/ip-pool/description.txt
+++ b/testing/tests/swanctl/ip-pool/description.txt
@@ -1,10 +1,9 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload
-by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual
-IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
-increasing order.
-<p>
-<b>The updown script automatically inserts iptables-based firewall rules that let pass
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload.
+The gateway <b>moon</b> assigns virtual IP addresses from a simple pool defined in the pools section
+of swanctl.conf in a monotonously increasing order.
+<p/>
+The updown script automatically inserts iptables-based firewall rules that let pass
the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
index 75f18475c..cd161bed0 100755
--- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
@@ -6,8 +6,10 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ pools = /usr/local/sbin/swanctl --load-pools
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/ip-pool/pretest.dat b/testing/tests/swanctl/ip-pool/pretest.dat
index 25288f5ba..706bd1edd 100755
--- a/testing/tests/swanctl/ip-pool/pretest.dat
+++ b/testing/tests/swanctl/ip-pool/pretest.dat
@@ -5,12 +5,5 @@ moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
moon::sleep 1
-moon::swanctl --load-conns 2> /dev/null
-carol::swanctl --load-conns 2> /dev/null
-dave::swanctl --load-conns 2> /dev/null
-moon::swanctl --load-creds 2> /dev/null
-carol::swanctl --load-creds 2> /dev/null
-dave::swanctl --load-creds 2> /dev/null
-moon::swanctl --load-pools 2> /dev/null
carol::swanctl --initiate --child home 2> /dev/null
dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/ip-pool/test.conf b/testing/tests/swanctl/ip-pool/test.conf
index f29298850..1227b9d1c 100755
--- a/testing/tests/swanctl/ip-pool/test.conf
+++ b/testing/tests/swanctl/ip-pool/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/multi-level-ca/description.txt b/testing/tests/swanctl/multi-level-ca/description.txt
new file mode 100644
index 000000000..64825cb30
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/description.txt
@@ -0,0 +1,7 @@
+The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
+<b>venus</b> by means of two different Intermediate CAs. Access to
+<b>alice</b> is granted to users presenting a certificate issued by the Research CA
+whereas <b>venus</b> can only be reached with a certificate issued by the
+Sales CA. The roadwarriors <b>carol</b> and <b>dave</b> have certificates from
+the Research CA and Sales CA, respectively. Therefore <b>carol</b> can access
+<b>alice</b> and <b>dave</b> can reach <b>venus</b>.
diff --git a/testing/tests/swanctl/multi-level-ca/evaltest.dat b/testing/tests/swanctl/multi-level-ca/evaltest.dat
new file mode 100644
index 000000000..619f44b08
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/evaltest.dat
@@ -0,0 +1,19 @@
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*alice.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.10/32]::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::research.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*alice.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.10/32] remote-ts=\[192.168.0.100/32]::YES
+carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.*child-sas.*venus.*state=INSTALLED::NO
+moon:: swanctl --list-sas --raw 2> /dev/null::sales.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-id=carol@strongswan.org.*child-sas.*venus.*state=INSTALLED::NO
+dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
+moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
+moon:: cat /var/log/daemon.log::selected peer config.*research.*inacceptable::YES
+moon:: cat /var/log/daemon.log::switching to peer config.*sales::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.*child-sas.*alice.*state=INSTALLED::NO
+moon:: swanctl --list-sas --raw 2> /dev/null::research.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-id=dave@strongswan.org.*child-sas.*alice.*state=INSTALLED::NO
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*venus.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.20/32]::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::sales.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*venus.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.20/32] remote-ts=\[192.168.0.200/32]::YES
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..7c5aca6bf
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..3a5d7c487
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAq6m4epRSpK5+wS2NJNkSRMWxMZZdCTBmgtsA82Vng9XQPHWO
+7fFG9W2NAc3dOzHoiwHUk7eT90wTHC21t4EDwcqgpjD4IUbz7pdZRT60FPnGXBrm
+x1VQcijw6fXHtFvez5EOEnb9i8J/8fXdo62ob4vtfK3s7BFBk3HgbHrSyBTZmGv1
+awyyVYlB5L3a9rpSIZg3hzqpE3KtL3NNkQnTKJu1+WF3TsstyDP6MeoJ1Rw8riDz
+5MfwcK16TSfZBG7ch9sQz6LoRpmNQmrWSnqT0cAiApHjyv0dWTfMGxYkGjqzFSfz
+9q8Uzni93APw0AKU2f3GhsRew7ePAaWNzmZvjQIDAQABAoIBAEJqa+GhOUhV6ty6
+zv0Ory7EfgX9cwl3HHJMYVXKSf6L3wFFSoNs8lNKi1/DUnDwolQF5UUxpaHsYQhp
+9wCEffugdf9WuunFFeOd0wAjfnEPIlvIXLmKnJFOnccnPJjfYplUOemS+A32tqHa
+ymHlcmGV9dBjSmMbWg+942KVMrAOHtCnAk0yT2WlE+9efLTuXoZIQCx+Ico6Lwp8
+JCmZYW2pfUk9co9di6UCl50C+A5RcvpsE7CZcXCzEAqz06eFz4imgQuzQSLaedup
+F77cyPd13nD2N7+YGfWrWKbdqGMuQnmfrOQWZf94rlOsQjyCzbHIeItJsXT+DBKT
+0SwEIQECgYEA1mcoUiCYOcQcA+FtSO8byzSu0uQZO1cS/VES5mbtRIuLo33L0P0y
+bVnBIfk3iaBq70GU98XjhCGUwNwQDQm+zbLK+p+j+4L2ayvjtOV5ql0b2gk6eyRZ
+oX14evsmxC2OFqGmGD+VePN4pP+Q39QMCFvf26BMtKHyXQnkwA61G30CgYEAzPfH
+Lp3iT9xLqpp9zP9j2m9Ts6m6/Uzzuazpzl7rYMlLkd6fBWBquQ46qbO5Wv+SO7yZ
+aWU7OuWGe6zng1VWSrLBZlRMfu+ze1uEETNdedRI858nv1bMlHmt9+RiZgOgZe7H
+3D4dLphrQrJC8tlsaP0GWYRZkf64n+37KZX2QVECgYEAyKcmbyYeEQHeDius8XMF
+mfmmG6xpiMWG+hgkDgkJyPqoJswWMXKk/P3g6ACq31yId33zAqfqs8ARzSSmyOzz
+6uKHYGKDP2FjaQ1cP/H7GVumMzorxw9P6vjYBpCByVuw/LEwFsV7CAUkRZcAaNm0
+oSYKrSqqXuqpPjWCJdQd3qkCgYAdIf6ylohLN5GdrxXAZHBp5Lbt62sDg8OEmZol
+1gH4oMPX+N97YSfqI6ac5kmrMHY1fWoEu/m+Nk92Fq5VUXTRazTn+YVh6WoGV4ye
+8UERBuZTkkSRAqJTXDQo7tI5k7xhoJ3RpRZ6v/lG4pV3dQXeqlATuycMBDtzp9yy
+HXmB8QKBgQCut7SsOJ0DtgpzjatYzKBh43WgwjbeRyReyT6OWuPiLUiKQYN8W5od
+pZ51zorvFxu6iEMjAzXs0k1zbM4/EaQwwatTEZF0ZQMYMvm46f0ndhN3fY0O0ENY
+zZES5DrfCgboPlmrWoVexU3xEDCWO8hO0fLmwqIK8F4EU8ByOVsHcg==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..89fccff92
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,31 @@
+connections {
+
+ home {
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ cacerts = strongswanCert.pem
+ revocation = strict
+ }
+ children {
+ alice {
+ remote_ts = 10.1.0.10/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ venus {
+ remote_ts = 10.1.0.20/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509/carolCert.pem
new file mode 100644
index 000000000..698e47cc0
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509/carolCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIELDCCAxSgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTE1MDQyNjEwMjUwNFoXDTE5MDQwMzEwMjUw
+NFowWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKupuHqUUqSufsEtjSTZEkTF
+sTGWXQkwZoLbAPNlZ4PV0Dx1ju3xRvVtjQHN3Tsx6IsB1JO3k/dMExwttbeBA8HK
+oKYw+CFG8+6XWUU+tBT5xlwa5sdVUHIo8On1x7Rb3s+RDhJ2/YvCf/H13aOtqG+L
+7Xyt7OwRQZNx4Gx60sgU2Zhr9WsMslWJQeS92va6UiGYN4c6qRNyrS9zTZEJ0yib
+tflhd07LLcgz+jHqCdUcPK4g8+TH8HCtek0n2QRu3IfbEM+i6EaZjUJq1kp6k9HA
+IgKR48r9HVk3zBsWJBo6sxUn8/avFM54vdwD8NAClNn9xobEXsO3jwGljc5mb40C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRd
+qfnvgHGNOog5OOLebmYkmJ/faTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
+YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+TgUJbXL83e11Fzo+XGMQ24FfxdUvlex9IcnnNZnjsy4cYaUhofdI1AIkOhdh7R4i
+9dtdfbFLLQR3qc2jmL9ubdQP83FiZZQOXX55XV5/Gb4E4g2T2ZU8ahby+ZzQsEcI
+jGeot7fRfbxUrcjnIKxZd7JsQSaR45rMrNcUOQpFT212urojUngrEoAeaC5USEiX
+sF11P654UejR8DCczwLi4QBvjRTH3bcMC57FjsWt1n/KCB08dS0ojD+T+6lN7/1K
+yLreeRNynXzc1GAln5G03Ivwm9STFT1mYjkBMOCY+3ihEOpzlR9pWCWl9p728db3
+mk0VsDm1jdOf3PK1Xd2PJw==
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509ca/researchCert.pem b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509ca/researchCert.pem
new file mode 100644
index 000000000..d53365f78
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509ca/researchCert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
+FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
+zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
+/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
+C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
+BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
+VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..7c5aca6bf
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/rsa/daveKey.pem b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/rsa/daveKey.pem
new file mode 100644
index 000000000..ebba49cae
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/rsa/daveKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvNnrgEQdETpkdY/PaSj9KeNrg8+MCwCH/SPkUE6ijIn++yyh
+aZaji5JrA3z9ya+si0R/4PjxsgwjuqrxARV4gG63jKOmOLWMK9ER0/APr9KmXfnm
+FddqZwltGdo9hmDiBQimEdvvK4XK4nA2BY+pJ0b5go+5P4gIbHUN5GGh1u34R/9J
+DCvX1HHnIYmKv4ERD5TbODnKDjR7KT3q8Qy+DEndji+2Y1NWLot8XOynqCNW9Ii0
+Zs7850wzV1gz1kkm4Qdte0ndlUQu+gSbS7uM+AVPEgd0ZGY23ecAV2HsNtCGecj/
+OnsQ4z8+gSIKJfwEqeumVsSbZimllo5mf3l7jwIDAQABAoIBAAeecxXVqaaMSIlF
+qASCFtSdzDShJvE6sEHSNN/YjE5HMvZHMqvj2+1BlvepD0QXxkpIFTCqWnXob3iU
+dOyqRRZJYTZXU9lt2Z3a7XEzei6JvRSFhHbVHgHSK4ijeV/2gKfbVXfa+6cx2qGQ
+DV3kEdr3zhEqYzrg7hYSEuFn3vOgzFu7PgZYU9b4XQ/nlVaXIH+0Mqrjx9WscLFR
++9Z9WPHx9lzL52ggAoCSHla/NWTe9RZXYX8Px8Ho5rxJ33IXvdQ4A2SiN5s6BhTM
+BfC4TVvdcjEUQpCNjW4us9XUEQQ6RSZr7CMDdap4rLENfR51GiMHlDDRWkxqfevI
+JYHXpGECgYEA7cZwenYQ/IN2SmBEMCCSh45B6E3pkII+yoLac2phQVRWi0yOwLwp
+L2BiWn+HnSdO+d44aiR69MpTF4pEeBbs2bOEU1RO5ywU82kbU0Jzru1nfjYpkzqP
+VFEeFshZubqO345cUMsnlECQsmsDmMdllRiXsj14Gp3w8IIVxyZQ420CgYEAy1OC
+Plwrr57PEhQWwjRhpqpPO9CD265m7/7Ru6TDjdPw98ANxNn01pRk4X2VcFp0ICgV
+b/orF9QZMPyntGRs9m2fzKGYkTAYQX1XyChvK3vSSdY1DgK2KRAQXbHl1w5VqGbd
+6QTcIpjF3aNE9jdBj7M+VzUI0AF21ceWUbKDAWsCgYEA1xTTldLK1r/L9sdRpv8v
+zLLf51Ti27cVOXZYSGKICuJRTrw3vRv3XUWgciA9+egexmM/QLQzDM8fjoGiIccL
+BHogTohKv03evbfr4cqQfkF9hmtT/DvSfwDJaO5eS2T37D0IQIUkDjTBLsMig8aK
+mu2d+rsjs1//HG9vZ6+/J5kCgYEAxt/JlwFEYaSt2Xr4v7/Ie+I9Wb4cGvW9DaVq
+s2T3OXRCT7H0RcUCLBg9jCjv0FNJHmLWhQ5mtAnrEfUue812npqfIOI2flxSfUwC
+Xm7ePeQAzePNRQT187gYqexlaTJGKk9jYpY0U0qmzqDxxPpLECk8IsRm+D1WZMex
+iftXFD0CgYB9EZErbxigNj3qlLEMNoEYgPCRfrM0/n/1XgXTnReExrX+gLDwqddD
+L9VQMPoNJ6cFWdu1tHerJnD0w7C3NqIgUbOFbA0G9HskfivXsRVwlH7/21NVe2w2
+mAtK0sAKmNmOpx6+lrwWA44Pkdf4aoS0B8ehmvcnVYlj2W51oiSY+w==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..0a87ed3b8
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,31 @@
+connections {
+
+ home {
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ cacerts = strongswanCert.pem
+ revocation = strict
+ }
+ children {
+ alice {
+ remote_ts = 10.1.0.10/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ venus {
+ remote_ts = 10.1.0.20/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509/daveCert.pem b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509/daveCert.pem
new file mode 100644
index 000000000..4718e7a16
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509/daveCert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEHDCCAwSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
+BAMTCFNhbGVzIENBMB4XDTE1MDQyNjEwMjIyMFoXDTE5MDQwMzEwMjIyMFowVjEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
+BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNnrgEQdETpkdY/PaSj9KeNrg8+MCwCH/SPk
+UE6ijIn++yyhaZaji5JrA3z9ya+si0R/4PjxsgwjuqrxARV4gG63jKOmOLWMK9ER
+0/APr9KmXfnmFddqZwltGdo9hmDiBQimEdvvK4XK4nA2BY+pJ0b5go+5P4gIbHUN
+5GGh1u34R/9JDCvX1HHnIYmKv4ERD5TbODnKDjR7KT3q8Qy+DEndji+2Y1NWLot8
+XOynqCNW9Ii0Zs7850wzV1gz1kkm4Qdte0ndlUQu+gSbS7uM+AVPEgd0ZGY23ecA
+V2HsNtCGecj/OnsQ4z8+gSIKJfwEqeumVsSbZimllo5mf3l7jwIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSBwMHfoTTG9g4LmkL/
+kBl3thRfxzBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC5VfuhrOErCX6nlfnzgXIB
+HheWTfcuobNz1cRatdIGRZVBLIktkQjABsX62t0wcCJ4gUMgT0DxgR/bZQDv9tp5
+q6bo5XJM+bFkuf0NiPme+w9Or+VYcuyiljHnHF3rihK2ZFOBXl2kY667tiGFML3B
+jhaYQVHA0ZsSfe3Auxccku0U25dJNLq1+ATjeDuye8/NJqS95YBcMZzWiwG/VgMF
+mCeiygAobWmIk2LOijFFpNN2ySCiLimueQp/DO3kBdWlhael3Ee9lkA5bqoFchpb
+HH8eQKyOLhRnB2Lk/RhC3mGIFjW127sJdjdWkroyULepnULLyQQA6jy+tEu4XZ2C
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509ca/salesCert.pem b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509ca/salesCert.pem
new file mode 100644
index 000000000..a10a18cba
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509ca/salesCert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
+MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
+GoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq4JI87exSen1ggmCV
+Eib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6XL9DKcRk3TxZtv9S
+uDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562kDtfQdwezat0LAyO
+sVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAjgbBRI1A3iqoU3Nq1
+vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
+MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
+VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
+MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..3a5aaa6b6
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,31 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+ca strongswan
+ cacert=strongswanCert.pem
+ crluri=http://crl.strongswan.org/strongswan.crl
+ auto=add
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftsendcert=ifasked
+ leftid=@moon.strongswan.org
+
+conn alice
+ leftsubnet=PH_IP_ALICE/32
+ right=%any
+ rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+ auto=add
+
+conn venus
+ leftsubnet=PH_IP_VENUS/32
+ right=%any
+ rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
+ auto=add
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..6d368f08b
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ auths = /usr/local/sbin/swanctl --load-authorities
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..496c5fdfa
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,58 @@
+connections {
+
+ research {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ cacerts = researchCert.pem
+ revocation = ifuri
+ }
+ children {
+ alice {
+ local_ts = 10.1.0.10/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+
+ sales {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ cacerts = salesCert.pem
+ revocation = ifuri
+ }
+ children {
+ venus {
+ local_ts = 10.1.0.20/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+authorities {
+
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://crl.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/x509ca/researchCert.pem b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/x509ca/researchCert.pem
new file mode 100644
index 000000000..d53365f78
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/x509ca/researchCert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
+FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
+zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
+/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
+C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
+BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
+VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/x509ca/salesCert.pem b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/x509ca/salesCert.pem
new file mode 100644
index 000000000..a10a18cba
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/x509ca/salesCert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
+MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
+GoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq4JI87exSen1ggmCV
+Eib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6XL9DKcRk3TxZtv9S
+uDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562kDtfQdwezat0LAyO
+sVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAjgbBRI1A3iqoU3Nq1
+vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
+MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
+VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
+MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/multi-level-ca/posttest.dat b/testing/tests/swanctl/multi-level-ca/posttest.dat
new file mode 100644
index 000000000..acac04a3b
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home 2> /dev/null
+dave::swanctl --terminate --ike home 2> /dev/null
+carol::service charon stop 2> /dev/null
+dave::service charon stop 2> /dev/null
+moon::service charon stop 2> /dev/null
+carol::rm -r /etc/swanctl
+dave::rm -r /etc/swanctl
+moon::rm -r /etc/swanctl
diff --git a/testing/tests/swanctl/multi-level-ca/pretest.dat b/testing/tests/swanctl/multi-level-ca/pretest.dat
new file mode 100644
index 000000000..61ac75d84
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/pretest.dat
@@ -0,0 +1,8 @@
+moon::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+dave::service charon start 2> /dev/null
+moon::sleep 1
+carol::swanctl --initiate --child alice 2> /dev/null
+carol::swanctl --initiate --child venus 2> /dev/null
+dave::swanctl --initiate --child alice 2> /dev/null
+dave::swanctl --initiate --child venus 2> /dev/null
diff --git a/testing/tests/swanctl/multi-level-ca/test.conf b/testing/tests/swanctl/multi-level-ca/test.conf
new file mode 100644
index 000000000..c295cf019
--- /dev/null
+++ b/testing/tests/swanctl/multi-level-ca/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS=""
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/net2net-cert/pretest.dat b/testing/tests/swanctl/net2net-cert/pretest.dat
index 382564367..81410ffc2 100755
--- a/testing/tests/swanctl/net2net-cert/pretest.dat
+++ b/testing/tests/swanctl/net2net-cert/pretest.dat
@@ -3,8 +3,4 @@ sun::iptables-restore < /etc/iptables.rules
moon::service charon start 2> /dev/null
sun::service charon start 2> /dev/null
moon::sleep 1
-moon::swanctl --load-conns 2> /dev/null
-sun::swanctl --load-conns 2> /dev/null
-moon::swanctl --load-creds 2> /dev/null
-sun::swanctl --load-creds 2> /dev/null
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-cert/test.conf b/testing/tests/swanctl/net2net-cert/test.conf
index 646b8b3e6..07a3b247a 100755
--- a/testing/tests/swanctl/net2net-cert/test.conf
+++ b/testing/tests/swanctl/net2net-cert/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/net2net-route/pretest.dat b/testing/tests/swanctl/net2net-route/pretest.dat
index 71f8f8885..065d38d76 100755
--- a/testing/tests/swanctl/net2net-route/pretest.dat
+++ b/testing/tests/swanctl/net2net-route/pretest.dat
@@ -3,8 +3,4 @@ moon::iptables-restore < /etc/iptables.rules
sun::service charon start 2> /dev/null
moon::service charon start 2> /dev/null
moon::sleep 1
-sun::swanctl --load-creds 2> /dev/null
-moon::swanctl --load-creds 2> /dev/null
-sun::swanctl --load-conns 2> /dev/null
-moon::swanctl --load-conns 2> /dev/null
alice::ping -c 3 10.2.0.10
diff --git a/testing/tests/swanctl/net2net-route/test.conf b/testing/tests/swanctl/net2net-route/test.conf
index 646b8b3e6..07a3b247a 100755
--- a/testing/tests/swanctl/net2net-route/test.conf
+++ b/testing/tests/swanctl/net2net-route/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/net2net-start/pretest.dat b/testing/tests/swanctl/net2net-start/pretest.dat
index 5528eb70f..e4198365f 100755
--- a/testing/tests/swanctl/net2net-start/pretest.dat
+++ b/testing/tests/swanctl/net2net-start/pretest.dat
@@ -3,8 +3,3 @@ moon::iptables-restore < /etc/iptables.rules
sun::service charon start 2> /dev/null
moon::service charon start 2> /dev/null
moon::sleep 1
-sun::swanctl --load-creds 2> /dev/null
-moon::swanctl --load-creds 2> /dev/null
-sun::swanctl --load-conns 2> /dev/null
-moon::swanctl --load-conns 2> /dev/null
-moon::sleep 1
diff --git a/testing/tests/swanctl/net2net-start/test.conf b/testing/tests/swanctl/net2net-start/test.conf
index 646b8b3e6..07a3b247a 100755
--- a/testing/tests/swanctl/net2net-start/test.conf
+++ b/testing/tests/swanctl/net2net-start/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/ocsp-multi-level/description.txt b/testing/tests/swanctl/ocsp-multi-level/description.txt
new file mode 100644
index 000000000..cd0ecf162
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/description.txt
@@ -0,0 +1,10 @@
+The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
+<b>venus</b> by means of two different Intermediate CAs. Access to
+<b>alice</b> is granted to users presenting a certificate issued by the Research CA
+whereas <b>venus</b> can only be reached with a certificate issued by the
+Sales CA. The roadwarriors <b>carol</b> and <b>dave</b> have certificates from
+the Research CA and Sales CA, respectively. Therefore <b>carol</b> can access
+<b>alice</b> and <b>dave</b> can reach <b>venus</b>.
+<p>
+By setting <b>strictcrlpolicy=yes</b>, the certificate status from the strongSwan, Research and
+Sales OCSP servers must be fetched first, before the connection setups can be successfully completed.
diff --git a/testing/tests/swanctl/ocsp-multi-level/evaltest.dat b/testing/tests/swanctl/ocsp-multi-level/evaltest.dat
new file mode 100644
index 000000000..48776c47c
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/evaltest.dat
@@ -0,0 +1,26 @@
+moon:: swanctl --list-certs --type X509_OCSP_RESPONSE 2> /dev/null::subject.*ocsp.research.strongswan.org::YES
+moon:: swanctl --list-certs --type X509_OCSP_RESPONSE 2> /dev/null::subject.*ocsp.sales.strongswan.org::YES
+moon:: swanctl --list-certs --type X509_OCSP_RESPONSE 2> /dev/null::subject.*ocsp.strongswan.org::YES
+carol::swanctl --list-certs --type X509_OCSP_RESPONSE 2> /dev/null::subject.*ocsp.strongswan.org::YES
+dave:: swanctl --list-certs --type X509_OCSP_RESPONSE 2> /dev/null::subject.*ocsp.strongswan.org::YES
+moon:: cat /var/log/daemon.log::ocsp response correctly signed by.*ocsp.research.strongswan.org::YES
+moon:: cat /var/log/daemon.log::ocsp response correctly signed by.*ocsp.sales.strongswan.org::YES
+moon:: cat /var/log/daemon.log::ocsp response correctly signed by.*ocsp.strongswan.org::YES
+carol::cat /var/log/daemon.log::ocsp response correctly signed by.*ocsp.strongswan.org::YES
+dave:: cat /var/log/daemon.log::ocsp response correctly signed by.*ocsp.strongswan.org::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
+carol::cat /var/log/daemon.log::certificate status is good::YES
+dave:: cat /var/log/daemon.log::certificate status is good::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*alice.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.10/32]::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::research.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*alice.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.10/32] remote-ts=\[192.168.0.100/32]::YES
+carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.*child-sas.*venus.*state=INSTALLED::NO
+moon:: swanctl --list-sas --raw 2> /dev/null::sales.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-id=carol@strongswan.org.*child-sas.*venus.*state=INSTALLED::NO
+dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
+moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
+moon:: cat /var/log/daemon.log::selected peer config.*research.*inacceptable::YES
+moon:: cat /var/log/daemon.log::switching to peer config.*sales::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.*child-sas.*alice.*state=INSTALLED::NO
+moon:: swanctl --list-sas --raw 2> /dev/null::research.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-id=dave@strongswan.org.*child-sas.*alice.*state=INSTALLED::NO
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*venus.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.20/32]::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::sales.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*venus.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.20/32] remote-ts=\[192.168.0.200/32]::YES
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..acf2151a9
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ auths = /usr/local/sbin/swanctl --load-authorities
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..3a5d7c487
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAq6m4epRSpK5+wS2NJNkSRMWxMZZdCTBmgtsA82Vng9XQPHWO
+7fFG9W2NAc3dOzHoiwHUk7eT90wTHC21t4EDwcqgpjD4IUbz7pdZRT60FPnGXBrm
+x1VQcijw6fXHtFvez5EOEnb9i8J/8fXdo62ob4vtfK3s7BFBk3HgbHrSyBTZmGv1
+awyyVYlB5L3a9rpSIZg3hzqpE3KtL3NNkQnTKJu1+WF3TsstyDP6MeoJ1Rw8riDz
+5MfwcK16TSfZBG7ch9sQz6LoRpmNQmrWSnqT0cAiApHjyv0dWTfMGxYkGjqzFSfz
+9q8Uzni93APw0AKU2f3GhsRew7ePAaWNzmZvjQIDAQABAoIBAEJqa+GhOUhV6ty6
+zv0Ory7EfgX9cwl3HHJMYVXKSf6L3wFFSoNs8lNKi1/DUnDwolQF5UUxpaHsYQhp
+9wCEffugdf9WuunFFeOd0wAjfnEPIlvIXLmKnJFOnccnPJjfYplUOemS+A32tqHa
+ymHlcmGV9dBjSmMbWg+942KVMrAOHtCnAk0yT2WlE+9efLTuXoZIQCx+Ico6Lwp8
+JCmZYW2pfUk9co9di6UCl50C+A5RcvpsE7CZcXCzEAqz06eFz4imgQuzQSLaedup
+F77cyPd13nD2N7+YGfWrWKbdqGMuQnmfrOQWZf94rlOsQjyCzbHIeItJsXT+DBKT
+0SwEIQECgYEA1mcoUiCYOcQcA+FtSO8byzSu0uQZO1cS/VES5mbtRIuLo33L0P0y
+bVnBIfk3iaBq70GU98XjhCGUwNwQDQm+zbLK+p+j+4L2ayvjtOV5ql0b2gk6eyRZ
+oX14evsmxC2OFqGmGD+VePN4pP+Q39QMCFvf26BMtKHyXQnkwA61G30CgYEAzPfH
+Lp3iT9xLqpp9zP9j2m9Ts6m6/Uzzuazpzl7rYMlLkd6fBWBquQ46qbO5Wv+SO7yZ
+aWU7OuWGe6zng1VWSrLBZlRMfu+ze1uEETNdedRI858nv1bMlHmt9+RiZgOgZe7H
+3D4dLphrQrJC8tlsaP0GWYRZkf64n+37KZX2QVECgYEAyKcmbyYeEQHeDius8XMF
+mfmmG6xpiMWG+hgkDgkJyPqoJswWMXKk/P3g6ACq31yId33zAqfqs8ARzSSmyOzz
+6uKHYGKDP2FjaQ1cP/H7GVumMzorxw9P6vjYBpCByVuw/LEwFsV7CAUkRZcAaNm0
+oSYKrSqqXuqpPjWCJdQd3qkCgYAdIf6ylohLN5GdrxXAZHBp5Lbt62sDg8OEmZol
+1gH4oMPX+N97YSfqI6ac5kmrMHY1fWoEu/m+Nk92Fq5VUXTRazTn+YVh6WoGV4ye
+8UERBuZTkkSRAqJTXDQo7tI5k7xhoJ3RpRZ6v/lG4pV3dQXeqlATuycMBDtzp9yy
+HXmB8QKBgQCut7SsOJ0DtgpzjatYzKBh43WgwjbeRyReyT6OWuPiLUiKQYN8W5od
+pZ51zorvFxu6iEMjAzXs0k1zbM4/EaQwwatTEZF0ZQMYMvm46f0ndhN3fY0O0ENY
+zZES5DrfCgboPlmrWoVexU3xEDCWO8hO0fLmwqIK8F4EU8ByOVsHcg==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..26c3a898e
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,39 @@
+connections {
+
+ home {
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ cacerts = strongswanCert.pem
+ revocation = strict
+ }
+ children {
+ alice {
+ remote_ts = 10.1.0.10/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ venus {
+ remote_ts = 10.1.0.20/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+authorities {
+
+ strongswan {
+ cacert = strongswanCert.pem
+ ocsp_uris = http://ocsp.strongswan.org:8880
+ }
+}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/x509/carolCert.pem
new file mode 100644
index 000000000..698e47cc0
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/x509/carolCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIELDCCAxSgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTE1MDQyNjEwMjUwNFoXDTE5MDQwMzEwMjUw
+NFowWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKupuHqUUqSufsEtjSTZEkTF
+sTGWXQkwZoLbAPNlZ4PV0Dx1ju3xRvVtjQHN3Tsx6IsB1JO3k/dMExwttbeBA8HK
+oKYw+CFG8+6XWUU+tBT5xlwa5sdVUHIo8On1x7Rb3s+RDhJ2/YvCf/H13aOtqG+L
+7Xyt7OwRQZNx4Gx60sgU2Zhr9WsMslWJQeS92va6UiGYN4c6qRNyrS9zTZEJ0yib
+tflhd07LLcgz+jHqCdUcPK4g8+TH8HCtek0n2QRu3IfbEM+i6EaZjUJq1kp6k9HA
+IgKR48r9HVk3zBsWJBo6sxUn8/avFM54vdwD8NAClNn9xobEXsO3jwGljc5mb40C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRd
+qfnvgHGNOog5OOLebmYkmJ/faTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
+YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+TgUJbXL83e11Fzo+XGMQ24FfxdUvlex9IcnnNZnjsy4cYaUhofdI1AIkOhdh7R4i
+9dtdfbFLLQR3qc2jmL9ubdQP83FiZZQOXX55XV5/Gb4E4g2T2ZU8ahby+ZzQsEcI
+jGeot7fRfbxUrcjnIKxZd7JsQSaR45rMrNcUOQpFT212urojUngrEoAeaC5USEiX
+sF11P654UejR8DCczwLi4QBvjRTH3bcMC57FjsWt1n/KCB08dS0ojD+T+6lN7/1K
+yLreeRNynXzc1GAln5G03Ivwm9STFT1mYjkBMOCY+3ihEOpzlR9pWCWl9p728db3
+mk0VsDm1jdOf3PK1Xd2PJw==
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/x509ca/researchCert.pem b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/x509ca/researchCert.pem
new file mode 100644
index 000000000..d53365f78
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/swanctl/x509ca/researchCert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
+FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
+zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
+/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
+C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
+BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
+VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..6d368f08b
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ auths = /usr/local/sbin/swanctl --load-authorities
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/rsa/daveKey.pem b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/rsa/daveKey.pem
new file mode 100644
index 000000000..ebba49cae
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/rsa/daveKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvNnrgEQdETpkdY/PaSj9KeNrg8+MCwCH/SPkUE6ijIn++yyh
+aZaji5JrA3z9ya+si0R/4PjxsgwjuqrxARV4gG63jKOmOLWMK9ER0/APr9KmXfnm
+FddqZwltGdo9hmDiBQimEdvvK4XK4nA2BY+pJ0b5go+5P4gIbHUN5GGh1u34R/9J
+DCvX1HHnIYmKv4ERD5TbODnKDjR7KT3q8Qy+DEndji+2Y1NWLot8XOynqCNW9Ii0
+Zs7850wzV1gz1kkm4Qdte0ndlUQu+gSbS7uM+AVPEgd0ZGY23ecAV2HsNtCGecj/
+OnsQ4z8+gSIKJfwEqeumVsSbZimllo5mf3l7jwIDAQABAoIBAAeecxXVqaaMSIlF
+qASCFtSdzDShJvE6sEHSNN/YjE5HMvZHMqvj2+1BlvepD0QXxkpIFTCqWnXob3iU
+dOyqRRZJYTZXU9lt2Z3a7XEzei6JvRSFhHbVHgHSK4ijeV/2gKfbVXfa+6cx2qGQ
+DV3kEdr3zhEqYzrg7hYSEuFn3vOgzFu7PgZYU9b4XQ/nlVaXIH+0Mqrjx9WscLFR
++9Z9WPHx9lzL52ggAoCSHla/NWTe9RZXYX8Px8Ho5rxJ33IXvdQ4A2SiN5s6BhTM
+BfC4TVvdcjEUQpCNjW4us9XUEQQ6RSZr7CMDdap4rLENfR51GiMHlDDRWkxqfevI
+JYHXpGECgYEA7cZwenYQ/IN2SmBEMCCSh45B6E3pkII+yoLac2phQVRWi0yOwLwp
+L2BiWn+HnSdO+d44aiR69MpTF4pEeBbs2bOEU1RO5ywU82kbU0Jzru1nfjYpkzqP
+VFEeFshZubqO345cUMsnlECQsmsDmMdllRiXsj14Gp3w8IIVxyZQ420CgYEAy1OC
+Plwrr57PEhQWwjRhpqpPO9CD265m7/7Ru6TDjdPw98ANxNn01pRk4X2VcFp0ICgV
+b/orF9QZMPyntGRs9m2fzKGYkTAYQX1XyChvK3vSSdY1DgK2KRAQXbHl1w5VqGbd
+6QTcIpjF3aNE9jdBj7M+VzUI0AF21ceWUbKDAWsCgYEA1xTTldLK1r/L9sdRpv8v
+zLLf51Ti27cVOXZYSGKICuJRTrw3vRv3XUWgciA9+egexmM/QLQzDM8fjoGiIccL
+BHogTohKv03evbfr4cqQfkF9hmtT/DvSfwDJaO5eS2T37D0IQIUkDjTBLsMig8aK
+mu2d+rsjs1//HG9vZ6+/J5kCgYEAxt/JlwFEYaSt2Xr4v7/Ie+I9Wb4cGvW9DaVq
+s2T3OXRCT7H0RcUCLBg9jCjv0FNJHmLWhQ5mtAnrEfUue812npqfIOI2flxSfUwC
+Xm7ePeQAzePNRQT187gYqexlaTJGKk9jYpY0U0qmzqDxxPpLECk8IsRm+D1WZMex
+iftXFD0CgYB9EZErbxigNj3qlLEMNoEYgPCRfrM0/n/1XgXTnReExrX+gLDwqddD
+L9VQMPoNJ6cFWdu1tHerJnD0w7C3NqIgUbOFbA0G9HskfivXsRVwlH7/21NVe2w2
+mAtK0sAKmNmOpx6+lrwWA44Pkdf4aoS0B8ehmvcnVYlj2W51oiSY+w==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..8752e9bc8
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,39 @@
+connections {
+
+ home {
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ cacerts = strongswanCert.pem
+ revocation = strict
+ }
+ children {
+ alice {
+ remote_ts = 10.1.0.10/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ venus {
+ remote_ts = 10.1.0.20/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+authorities {
+
+ strongswan {
+ cacert = strongswanCert.pem
+ ocsp_uris = http://ocsp.strongswan.org:8880
+ }
+}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/x509/daveCert.pem b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/x509/daveCert.pem
new file mode 100644
index 000000000..4718e7a16
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/x509/daveCert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEHDCCAwSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
+BAMTCFNhbGVzIENBMB4XDTE1MDQyNjEwMjIyMFoXDTE5MDQwMzEwMjIyMFowVjEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
+BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNnrgEQdETpkdY/PaSj9KeNrg8+MCwCH/SPk
+UE6ijIn++yyhaZaji5JrA3z9ya+si0R/4PjxsgwjuqrxARV4gG63jKOmOLWMK9ER
+0/APr9KmXfnmFddqZwltGdo9hmDiBQimEdvvK4XK4nA2BY+pJ0b5go+5P4gIbHUN
+5GGh1u34R/9JDCvX1HHnIYmKv4ERD5TbODnKDjR7KT3q8Qy+DEndji+2Y1NWLot8
+XOynqCNW9Ii0Zs7850wzV1gz1kkm4Qdte0ndlUQu+gSbS7uM+AVPEgd0ZGY23ecA
+V2HsNtCGecj/OnsQ4z8+gSIKJfwEqeumVsSbZimllo5mf3l7jwIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSBwMHfoTTG9g4LmkL/
+kBl3thRfxzBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC5VfuhrOErCX6nlfnzgXIB
+HheWTfcuobNz1cRatdIGRZVBLIktkQjABsX62t0wcCJ4gUMgT0DxgR/bZQDv9tp5
+q6bo5XJM+bFkuf0NiPme+w9Or+VYcuyiljHnHF3rihK2ZFOBXl2kY667tiGFML3B
+jhaYQVHA0ZsSfe3Auxccku0U25dJNLq1+ATjeDuye8/NJqS95YBcMZzWiwG/VgMF
+mCeiygAobWmIk2LOijFFpNN2ySCiLimueQp/DO3kBdWlhael3Ee9lkA5bqoFchpb
+HH8eQKyOLhRnB2Lk/RhC3mGIFjW127sJdjdWkroyULepnULLyQQA6jy+tEu4XZ2C
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/x509ca/salesCert.pem b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/x509ca/salesCert.pem
new file mode 100644
index 000000000..a10a18cba
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/swanctl/x509ca/salesCert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
+MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
+GoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq4JI87exSen1ggmCV
+Eib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6XL9DKcRk3TxZtv9S
+uDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562kDtfQdwezat0LAyO
+sVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAjgbBRI1A3iqoU3Nq1
+vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
+MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
+VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
+MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/ipsec.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..3a5aaa6b6
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,31 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+ca strongswan
+ cacert=strongswanCert.pem
+ crluri=http://crl.strongswan.org/strongswan.crl
+ auto=add
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftsendcert=ifasked
+ leftid=@moon.strongswan.org
+
+conn alice
+ leftsubnet=PH_IP_ALICE/32
+ right=%any
+ rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+ auto=add
+
+conn venus
+ leftsubnet=PH_IP_VENUS/32
+ right=%any
+ rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
+ auto=add
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..6d368f08b
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ auths = /usr/local/sbin/swanctl --load-authorities
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..2cb05013d
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,68 @@
+connections {
+
+ research {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ cacerts = researchCert.pem
+ revocation = ifuri
+ }
+ children {
+ alice {
+ local_ts = 10.1.0.10/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+
+ sales {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ cacerts = salesCert.pem
+ revocation = ifuri
+ }
+ children {
+ venus {
+ local_ts = 10.1.0.20/32
+ esp_proposals = aes128-sha256-ecp256
+ }
+ }
+
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+authorities {
+
+ strongswan {
+ cacert = strongswanCert.pem
+ ocsp_uris = http://ocsp.strongswan.org:8880
+ }
+
+ research {
+ cacert = researchCert.pem
+ ocsp_uris = http://ocsp.strongswan.org:8881
+ }
+
+ sales {
+ cacert = salesCert.pem
+ ocsp_uris = http://ocsp.strongswan.org:8882
+ }
+}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/x509ca/researchCert.pem b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/x509ca/researchCert.pem
new file mode 100644
index 000000000..d53365f78
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/x509ca/researchCert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
+FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
+zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
+/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
+C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
+BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
+VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/x509ca/salesCert.pem b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/x509ca/salesCert.pem
new file mode 100644
index 000000000..a10a18cba
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/swanctl/x509ca/salesCert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
+MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
+GoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq4JI87exSen1ggmCV
+Eib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6XL9DKcRk3TxZtv9S
+uDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562kDtfQdwezat0LAyO
+sVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAjgbBRI1A3iqoU3Nq1
+vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
+MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
+VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
+MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/ocsp-multi-level/posttest.dat b/testing/tests/swanctl/ocsp-multi-level/posttest.dat
new file mode 100644
index 000000000..acac04a3b
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home 2> /dev/null
+dave::swanctl --terminate --ike home 2> /dev/null
+carol::service charon stop 2> /dev/null
+dave::service charon stop 2> /dev/null
+moon::service charon stop 2> /dev/null
+carol::rm -r /etc/swanctl
+dave::rm -r /etc/swanctl
+moon::rm -r /etc/swanctl
diff --git a/testing/tests/swanctl/ocsp-multi-level/pretest.dat b/testing/tests/swanctl/ocsp-multi-level/pretest.dat
new file mode 100644
index 000000000..61ac75d84
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/pretest.dat
@@ -0,0 +1,8 @@
+moon::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+dave::service charon start 2> /dev/null
+moon::sleep 1
+carol::swanctl --initiate --child alice 2> /dev/null
+carol::swanctl --initiate --child venus 2> /dev/null
+dave::swanctl --initiate --child alice 2> /dev/null
+dave::swanctl --initiate --child venus 2> /dev/null
diff --git a/testing/tests/swanctl/ocsp-multi-level/test.conf b/testing/tests/swanctl/ocsp-multi-level/test.conf
new file mode 100644
index 000000000..c295cf019
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-multi-level/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS=""
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-cert/evaltest.dat b/testing/tests/swanctl/rw-cert/evaltest.dat
index bb5e08bf4..ee3fb76b4 100755
--- a/testing/tests/swanctl/rw-cert/evaltest.dat
+++ b/testing/tests/swanctl/rw-cert/evaltest.dat
@@ -1,7 +1,7 @@
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
index 75f18475c..7d7e5f9f5 100755
--- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/rw-cert/pretest.dat b/testing/tests/swanctl/rw-cert/pretest.dat
index 75b359ac1..706bd1edd 100755
--- a/testing/tests/swanctl/rw-cert/pretest.dat
+++ b/testing/tests/swanctl/rw-cert/pretest.dat
@@ -5,11 +5,5 @@ moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
moon::sleep 1
-moon::swanctl --load-conns 2> /dev/null
-carol::swanctl --load-conns 2> /dev/null
-dave::swanctl --load-conns 2> /dev/null
-moon::swanctl --load-creds 2> /dev/null
-carol::swanctl --load-creds 2> /dev/null
-dave::swanctl --load-creds 2> /dev/null
carol::swanctl --initiate --child home 2> /dev/null
dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-cert/test.conf b/testing/tests/swanctl/rw-cert/test.conf
index f29298850..1227b9d1c 100755
--- a/testing/tests/swanctl/rw-cert/test.conf
+++ b/testing/tests/swanctl/rw-cert/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-hash-and-url/description.txt b/testing/tests/swanctl/rw-hash-and-url/description.txt
new file mode 100755
index 000000000..6af7a39ae
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPsec tunnels, the updown script
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat
new file mode 100755
index 000000000..5242db17c
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat
@@ -0,0 +1,14 @@
+carol::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
+dave:: cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES
+moon:: cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..4b0e31118
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ auths = /usr/local/sbin/swanctl --load-authorities
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+
+ hash_and_url = yes
+}
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..7b0b2adba
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,40 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128gcm128-modp2048
+ }
+ }
+
+ version = 2
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-modp2048
+ }
+}
+
+authorities {
+
+ strongswan {
+ cacert = strongswanCert.pem
+ cert_uri_base = http://winnetou.strongswan.org/certs/
+ }
+}
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..4b0e31118
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ auths = /usr/local/sbin/swanctl --load-authorities
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+
+ hash_and_url = yes
+}
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..b4d82096a
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,40 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128gcm128-modp2048
+ }
+ }
+
+ version = 2
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-modp2048
+ }
+}
+
+authorities {
+
+ strongswan {
+ cacert = strongswanCert.pem
+ cert_uri_base = http://winnetou.strongswan.org/certs/
+ }
+}
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..4b0e31118
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ auths = /usr/local/sbin/swanctl --load-authorities
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+
+ hash_and_url = yes
+}
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..258d9e87c
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,38 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128gcm128-modp2048
+ }
+ }
+
+ version = 2
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-modp2048
+ }
+}
+
+authorities {
+
+ strongswan {
+ cacert = strongswanCert.pem
+ cert_uri_base = http://winnetou.strongswan.org/certs/
+ }
+}
diff --git a/testing/tests/swanctl/rw-hash-and-url/posttest.dat b/testing/tests/swanctl/rw-hash-and-url/posttest.dat
new file mode 100755
index 000000000..d7107ccc6
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::service charon stop 2> /dev/null
+dave::service charon stop 2> /dev/null
+moon::service charon stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-hash-and-url/pretest.dat b/testing/tests/swanctl/rw-hash-and-url/pretest.dat
new file mode 100755
index 000000000..706bd1edd
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+dave::service charon start 2> /dev/null
+moon::sleep 1
+carol::swanctl --initiate --child home 2> /dev/null
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-hash-and-url/test.conf b/testing/tests/swanctl/rw-hash-and-url/test.conf
new file mode 100755
index 000000000..1227b9d1c
--- /dev/null
+++ b/testing/tests/swanctl/rw-hash-and-url/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index 772f18a3b..68df22ac8 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
index 772f18a3b..68df22ac8 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index 772f18a3b..68df22ac8 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
index 7507ac355..d55df408c 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
@@ -8,11 +8,5 @@ moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
moon::sleep 1
-moon::swanctl --load-conns 2> /dev/null
-carol::swanctl --load-conns 2> /dev/null
-dave::swanctl --load-conns 2> /dev/null
-moon::swanctl --load-creds 2> /dev/null
-carol::swanctl --load-creds 2> /dev/null
-dave::swanctl --load-creds 2> /dev/null
carol::swanctl --initiate --child home 2> /dev/null
dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-psk-fqdn/test.conf b/testing/tests/swanctl/rw-psk-fqdn/test.conf
index f29298850..1227b9d1c 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/test.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 772f18a3b..c560a37f5 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index 772f18a3b..c560a37f5 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 772f18a3b..c560a37f5 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -6,8 +6,9 @@ swanctl {
charon {
load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
-}
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
}
diff --git a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
index 7507ac355..d55df408c 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
@@ -8,11 +8,5 @@ moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
moon::sleep 1
-moon::swanctl --load-conns 2> /dev/null
-carol::swanctl --load-conns 2> /dev/null
-dave::swanctl --load-conns 2> /dev/null
-moon::swanctl --load-creds 2> /dev/null
-carol::swanctl --load-creds 2> /dev/null
-dave::swanctl --load-creds 2> /dev/null
carol::swanctl --initiate --child home 2> /dev/null
dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-psk-ipv4/test.conf b/testing/tests/swanctl/rw-psk-ipv4/test.conf
index f29298850..1227b9d1c 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/test.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/description.txt b/testing/tests/tnc/tnccs-20-hcd-eap/description.txt
new file mode 100644
index 000000000..625f68b1e
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/description.txt
@@ -0,0 +1,11 @@
+The hardcopy devices <b>carol</b> and <b>dave</b> set up a connection each to the policy enforcement
+point <b>moon</b>. At the outset the gateway authenticates itself to the devices by sending an IKEv2
+<b>RSA signature</b> accompanied by a certificate. <b>carol</b> and <b>dave</b> then set up an
+<b>EAP-TTLS</b> tunnel each via gateway <b>moon</b> to the policy decision point <b>alice</b>
+authenticated by an X.509 AAA certificate. In a next step the EAP-TNC protocol is used within
+the EAP-TTLS tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0</b>
+client-server interface defined by <b>RFC 5793 PB-TNC</b>. The communication between IMCs and IMVs
+is based on the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
+<p>
+The HCD IMC on the hardcopy devices <b>carol</b> and <b>dave</b> sends printer attributes to the HCD IMV
+located on the RADIUS server <b>alice</b>. Because some mandatory HCD attributes are missing, the hardcopy devices <b>carol</b> and <b>dave</b> are blocked from accessing the network behind gateway <b>moon</b>.
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/evaltest.dat
new file mode 100644
index 000000000..1293e9883
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/evaltest.dat
@@ -0,0 +1,19 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
+carol::cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
+carol:: cat /var/log/daemon.log::PB-TNC assessment result is.*non-compliant major::YES
+carol:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Denied::YES
+carol:: cat /var/log/daemon.log::reason string is.*Mandatory HCD attributes are missing::YES
+carol:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
+dave:: cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
+dave:: cat /var/log/daemon.log::PB-TNC assessment result is.*non-compliant major::YES
+dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Denied::YES
+dave:: cat /var/log/daemon.log::reason string is.*Mandatory HCD attributes are missing::YES
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+alice::cat /var/log/daemon.log::user AR identity.*dave.*authenticated by certificate::YES
+alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by certificate::YES
+alice::cat /var/log/daemon.log::policy enforced on peer.*carol@strongswan.org.*is.*no access::YES
+alice::cat /var/log/daemon.log::policy enforced on peer.*dave@strongswan.org.*is.*no access::YES
+moon:: cat /var/log/daemon.log::RADIUS authentication of.*dave@strongswan.org.*failed::YES
+moon:: cat /var/log/daemon.log::RADIUS authentication of.*dave@strongswan.org.*failed::YES
+
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/apache2/sites-available/default
new file mode 100644
index 000000000..626000612
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/apache2/sites-available/default
@@ -0,0 +1,26 @@
+WSGIPythonPath /var/www/tnc
+
+<VirtualHost *:80>
+ ServerName tnc.strongswan.org
+ ServerAlias tnc
+ ServerAdmin webmaster@localhost
+
+ DocumentRoot /var/www/tnc
+
+ <Directory /var/www/tnc/config>
+ <Files wsgi.py>
+ Order deny,allow
+ Allow from all
+ </Files>
+ </Directory>
+
+ WSGIScriptAlias / /var/www/tnc/config/wsgi.py
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+
+ Alias /static/ /var/www/tnc/static/
+
+ ErrorLog ${APACHE_LOG_DIR}/tnc/error.log
+ LogLevel warn
+ CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined
+</VirtualHost>
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.conf
new file mode 100644
index 000000000..f2e611952
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,9 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="tnc 2, imv 3"
+
+conn aaa
+ leftcert=aaaCert.pem
+ leftid=aaa.strongswan.org
+ auto=add
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
new file mode 100644
index 000000000..42083c2a9
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX
+z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii
+95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS
+rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6
+fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR
+dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig
+kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd
+p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
+EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
+ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs
+nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/
+TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2
+FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ
+GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH
+sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73
+xyr/Qw==
+-----END CERTIFICATE-----
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem
new file mode 100644
index 000000000..adc47dd33
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl
+h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l
+0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a
+VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S
+W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD
+e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k
+nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj
+AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/
+/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs
+P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF
+sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek
+uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj
+PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5
+hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg
+Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+
+Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL
+SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU
+zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH
+xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I
+XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF
+hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9
+AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO
+Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH
+yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5
+9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.secrets
new file mode 100644
index 000000000..606e184bd
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA aaaKey.pem
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/pts/data1.sql
new file mode 100644
index 000000000..d6a547bd1
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/pts/data1.sql
@@ -0,0 +1,61 @@
+/* Devices */
+
+INSERT INTO devices ( /* 1 */
+ value, product, created
+)
+SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
+
+/* Groups Members */
+
+INSERT INTO groups_members (
+ group_id, device_id
+) VALUES (
+ 10, 1
+);
+
+/* Identities */
+
+INSERT INTO identities (
+ type, value
+) VALUES ( /* dave@strongswan.org */
+ 5, X'64617665'
+);
+
+/* Sessions */
+
+INSERT INTO sessions (
+ time, connection, identity, device, product, rec
+)
+SELECT NOW, 1, 1, 1, id, 0
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
+
+/* Results */
+
+INSERT INTO results (
+ session, policy, rec, result
+) VALUES (
+ 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found'
+);
+
+/* Enforcements */
+
+INSERT INTO enforcements (
+ policy, group_id, max_age, rec_fail, rec_noresult
+) VALUES (
+ 3, 10, 0, 2, 2
+);
+
+INSERT INTO enforcements (
+ policy, group_id, max_age
+) VALUES (
+ 17, 2, 86400
+);
+
+INSERT INTO enforcements (
+ policy, group_id, max_age
+) VALUES (
+ 18, 10, 86400
+);
+
+DELETE FROM enforcements WHERE id = 1;
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongTNC/settings.ini
new file mode 100644
index 000000000..5e7b7b556
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongTNC/settings.ini
@@ -0,0 +1,19 @@
+[debug]
+DEBUG=0
+TEMPLATE_DEBUG=0
+DEBUG_TOOLBAR=0
+
+[db]
+DJANGO_DB_URL=sqlite:////var/www/tnc/django.db
+STRONGTNC_DB_URL = sqlite:////etc/pts/config.db
+
+[localization]
+LANGUAGE_CODE=en-us
+TIME_ZONE=Europe/Zurich
+
+[admins]
+Your Name: alice@strongswan.org
+
+[security]
+SECRET_KEY=strongSwan
+ALLOWED_HOSTS=127.0.0.1,10.10.0.1,tnc.strongswan.org,tnc
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..d22a7e978
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,35 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
+
+ plugins {
+ eap-ttls {
+ request_peer_auth = yes
+ phase2_piggyback = yes
+ phase2_tnc = yes
+ max_message_count = 0
+ }
+ eap-tnc {
+ max_message_count = 0
+ }
+ tnc-pdp {
+ server = aaa.strongswan.org
+ radius {
+ secret = gv6URkSs
+ }
+ }
+ }
+}
+
+libimcv {
+ debug_level = 3
+ database = sqlite:///etc/pts/config.db
+ policy_script = ipsec imv_policy_manager
+
+ plugins {
+ imv-swid {
+ rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+ }
+ }
+}
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/tnc_config
new file mode 100644
index 000000000..5d74cc573
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/tnc_config
@@ -0,0 +1,3 @@
+#IMV configuration file for strongSwan client
+
+IMV "HCD" /usr/local/lib/ipsec/imcvs/imv-hcd.so
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..2cca42cd7
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="tnc 2, imc 3"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftauth=eap
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ rightauth=pubkey
+ aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+ auto=add
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..2694b75d8
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,158 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+
+ plugins {
+ eap-ttls {
+ max_message_count = 0
+ }
+ eap-tnc {
+ max_message_count = 0
+ }
+ tnccs-20 {
+ max_batch_size = 1600
+ max_message_size = 1568
+ }
+ }
+}
+
+libimcv {
+ os_info {
+ name = strongPrint OS
+ version = 1.0
+ default_password_enabled = yes
+ }
+
+ plugins {
+ imc-hcd {
+ push_info = no
+ subtypes {
+ system {
+ attributes_natural_language = en
+ machine_type_model = strongPrint Laser X.509a
+ vendor_name = ITA-HSR
+ vendor_smi_code = 36906
+ pstn_fax_enabled = yes
+ time_source = 0.ch.pool.ntp.org
+ user_application_enabled = yes
+ user_application_persistence_enabled = no
+
+ firmware {
+ fw-1 {
+ name = Firmware ABC for ARMv6 32bit strongPrint OS 1.0
+ patches = "security patch CVE-2014-1630 2014-05-08\r\nmajor upgrade for ABC (European version 1.0-en) 2014-08-16\r\nsecurity patch CVE-2015-1111 2015-03-22\r\nsecurity patch CVE-2015-3324 2015-06-01"
+ string_version = 1.0.7
+ version = 00000001000000000000000700000000
+ }
+ fw-2 {
+ name = Firmware UVW for ARMv6 32 bit strongPrint OS 1.0
+ patches = "security patch CVE-2014-1288 2014-01-01\r\nsecurity patch CVE-2014-1492 2014-02-01\r\nsecurity patch CVE-2014-1622 2014-05-01\r\nsecurity patch CVE-2014-2775 2014-07-01\r\n\security patch CVE-2014-4453 2014-08-01\r\nsecurity patch CVE-2014-6108 2014-11-01\r\nsecurity patch CVE-2015-0555 2015-01-01\r\nsecurity patch CVE-2015-4319 2015-07-01\r\n"
+ string_version = 13.8.5
+ version = 0000000D000000080000000500000000
+ }
+ fw-3 {
+ name = Firmware XYZ for ARMv6 32 bit strongPrint OS 1.0
+ patches = "spring 2015 service pack for professional printing services 10.1.2a\r\n"
+ string_version = 10.1.2
+ version = 0000000A000000010000000200000000
+ }
+ }
+
+ resident_application {
+ resident-app-1 {
+ name = Resident App XYZ
+ patches = "xmas patch 2014-12-24\r\nservice patch for App XYZ 2015-05-22\r\n"
+ string_version = 2.5
+ version = 00000002000000050000000000000000
+ }
+ }
+
+ user_application {
+ user-app-1 {
+ name = My Java Photo App
+ patches =
+ string_version = 5.2.3.8.1
+ version = 00000005000000020000000300080001
+ }
+ user-app-2 {
+ name = Print Your Dinosaur!
+ patches =
+ string_version = 1.0
+ version = 00000001000000000000000000000000
+ }
+ user-app-3 {
+ name = Label Everything App
+ patches =
+ string_version = 7.5.8.2.3
+ version = 00000007000000050000000800020003
+ }
+ user-app-4 {
+ name = Happy Millionaire - Forge Your Own Currency (CHF, USD, EUR, AUD)
+ string_version = 0.9.7.8
+ version = 00000000000000090000000700080000
+ }
+ }
+ certification_state = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4f4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767678797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecededeff0f1f2f3f4f5f6f7f9f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4f4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767678797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecededeff0f1f2f3f4f5f6f7f9f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4f4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767678797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecededeff0f1f2f3f4f5f6f7f9f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4f4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767678797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecededeff0f1f2f3f4f5f6f7f9f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4f4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767678797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecededeff0f1f2f3f4f5f6f7f9f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4f4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767678797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecededeff0f1f2f3f4f5f6f7f9f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4f4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767678797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecededeff0f1f2f3f4f5f6f7f9f9fafbfcfdfeff
+ configuration_state = f0f1f2f3f4f5f6f7f8f9fafbfcfdfeffe0e1e2e3e4e5e6e7e8e9eaebecedeeefd0d1d2d3d4d5d6d7d8d9dadbdcdddedf
+ }
+
+ console {
+ attributes_natural_language = ru
+ }
+
+ marker {
+ attributes_natural_language = fr
+ }
+
+ finisher {
+ attributes_natural_language = de
+ }
+
+ interface {
+ attributes_natural_language = en
+
+ firmware {
+ fw-if {
+ name = Interface Firmware
+ patches =
+ string_version = 7.8
+ version = 00000007000000080000000000000000
+ }
+ }
+
+ resident_application {
+ resident-app-if {
+ name = Resident Interface App
+ patches = "service patch 2015-02-09\r\n"
+ string_version = 2.5
+ version = 00000002000000050000000000000000
+ }
+ }
+ }
+
+ scanner {
+ attributes_natural_language = en
+
+ firmware {
+ fw-scanner {
+ name = Scanner Firmware
+ patches = "security patch 2013-08-11\r\nsecurity patch 2015-5-30\r\n"
+ string_version = 2.5.3
+ version = 00000002000000050000000300000000
+ }
+ }
+
+ user_application {
+ user-app-scanner {
+ name = EasyScan
+ patches =
+ string_version = 2.2.3.5.7
+ version = 00000002000000020000000300050007
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/tnc_config
new file mode 100644
index 000000000..199d62c45
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/tnc_config
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client
+
+IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
+IMC "HCD" /usr/local/lib/ipsec/imcvs/imc-hcd.so
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..2707b2be9
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="tnc 2, imc 3"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftauth=eap
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ rightauth=pubkey
+ aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+ auto=add
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..dbc845de9
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,117 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+
+ plugins {
+ eap-ttls {
+ max_message_count = 0
+ }
+ eap-tnc {
+ max_message_count = 0
+ }
+ tnccs-20 {
+ max_batch_size = 1600
+ max_message_size = 1568
+ }
+ }
+}
+
+libimcv {
+ os_info {
+ name = strongPrint OS
+ version = 1.1
+ default_password_enabled = no
+ }
+
+ plugins {
+ imc-hcd {
+ push_info = no
+ subtypes {
+ system {
+ attributes_natural_language = en
+ machine_type_model = strongPrint Laser X.509a
+ vendor_name = ITA-HSR
+ vendor_smi_code = 36906
+ pstn_fax_enabled = yes
+ time_source = 0.ch.pool.ntp.org
+ user_application_enabled = no
+ user_application_persistence_enabled = no
+
+ firmware {
+ fw-1 {
+ name = Firmware ABC
+ patches = "security patch 2014-05-08\r\nupgrade 2014-08-16\r\nsecurity patch 2015-3-22\r\n"
+ string_version = 1.0.7
+ version = 00000001000000000000000700000000
+ }
+ fw-2 {
+ name = Firmware UVW
+ string_version = 13.8.5
+ version = 0000000D000000080000000500000000
+ }
+ }
+
+ resident_application {
+ resident-app-1 {
+ name = Resident App XYZ
+ patches = "xmas patch 2014-12-24\r\nservice patch 2015-05-22\r\n"
+ string_version = 2.5
+ version = 00000002000000050000000000000000
+ }
+ }
+
+ certification_state = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+ configuration_state = f0f1f2f3f4f5f6f7f8f9fafbfcfdfeffe0e1e2e3e4e5e6e7e8e9eaebecedeeefd0d1d2d3d4d5d6d7d8d9dadbdcdddedf
+ }
+
+ console {
+ attributes_natural_language = ru
+ }
+
+ marker {
+ attributes_natural_language = fr
+ }
+
+ finisher {
+ attributes_natural_language = de
+ }
+
+ interface {
+ attributes_natural_language = en
+
+ firmware {
+ fw-if {
+ name = Interface Firmware
+ patches =
+ string_version = 7.8
+ version = 00000007000000080000000000000000
+ }
+ }
+
+ resident_application {
+ resident-app-if {
+ name = Resident Interface App
+ patches = "service patch 2015-02-09\r\n"
+ string_version = 2.5
+ version = 00000002000000050000000000000000
+ }
+ }
+ }
+
+ scanner {
+ attributes_natural_language = en
+
+ firmware {
+ fw-scanner {
+ name = Scanner Firmware
+ patches = "security patch 2013-08-11\r\nsecurity patch 2015-5-30\r\n"
+ string_version = 2.5.3
+ version = 00000002000000050000000300000000
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/tnc_config
new file mode 100644
index 000000000..199d62c45
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/tnc_config
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client
+
+IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
+IMC "HCD" /usr/local/lib/ipsec/imcvs/imc-hcd.so
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..02ada5665
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,33 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn rw-allow
+ rightgroups=allow
+ leftsubnet=10.1.0.0/28
+ also=rw-eap
+ auto=add
+
+conn rw-isolate
+ rightgroups=isolate
+ leftsubnet=10.1.0.16/28
+ also=rw-eap
+ auto=add
+
+conn rw-eap
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftauth=pubkey
+ leftfirewall=yes
+ rightauth=eap-radius
+ rightsendcert=never
+ right=%any
+ eap_identity=%any
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..e86d6aa5c
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/iptables.rules
new file mode 100644
index 000000000..3d878567f
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/iptables.rules
@@ -0,0 +1,36 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+# allow crl fetch from winnetou for AAA server alice
+-A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -d PH_IP_ALICE -j ACCEPT
+-A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -s PH_IP_ALICE -j ACCEPT
+
+# allow RADIUS protocol with alice
+-A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+-A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..fc647a079
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-radius updown
+ multiple_authentication=no
+ plugins {
+ eap-radius {
+ secret = gv6URkSs
+ #server = PH_IP6_ALICE
+ server = PH_IP_ALICE
+ filter_id = yes
+ }
+ }
+}
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat
new file mode 100644
index 000000000..369cfe86f
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+alice::ipsec stop
+winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
new file mode 100644
index 000000000..913dd2190
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
@@ -0,0 +1,17 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
+alice::cat /etc/tnc_config
+carol::cat /etc/tnc_config
+dave::cat /etc/tnc_config
+carol::echo 0 > /proc/sys/net/ipv4/ip_forward
+dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
+alice::ipsec start
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+dave::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+dave::sleep 1
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/test.conf b/testing/tests/tnc/tnccs-20-hcd-eap/test.conf
new file mode 100644
index 000000000..c4ca1a19f
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/test.conf
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave alice"
+
+# Guest instances on which FreeRadius is started
+#
+RADIUSHOSTS=
+
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
index 6aeb0c0b1..42083c2a9 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIBIjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTEwMDgwNDA4Mzg0MVoXDTE1MDgwMzA4Mzg0MVowRTELMAkGA1UE
+b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z
-dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2R
-RcAYdZ/jOhHBSjrLDYT1OhRJ2mXjyuSbWyJQogF9c6sY8W2GhTC4e1gNThZM9+Pm
-Vzs0R39kzxsmOFhuTfwIhavMzvkWJ7945WDvTpuo2teK4fTtfix3iuyycVXywa7W
-Uum6vZb4uwNoFsZtlYSUFs+app/1VC3X8vEFvP9p//KW2fwbJ6PzR1XN/8AibxoF
-AnfqAXUenRQ1Xs/07/xF4bkZ5MUNTFTo5H+BAc49lAC16TarSTPnX1D925kIGxni
-wePHlIZrCYQTFr003+YNUehVvUxyv0NuIwlxFPokFPLDkQWk6SDvD87FW5IJ06cg
-EbrCFjcIR9/2vIepJd8CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgOoMB0GA1UdDgQWBBQS5lPpgsOE14sz7JGZimSmSbZOeDBtBgNVHSMEZjBkgBRd
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX
+z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii
+95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS
+rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6
+fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR
+dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig
+kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd
p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
-Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAqM2eqrsJmAop2roa
-yNeJt8317sdAll8TvDf+s4EeCtcpDT0cIX5vCumpL6E7nV9NWWDazGCAOkwWDPpp
-iuq6R0Js8r0MbyIUbVgOe3xIOqLKd9YW0sb1IwfR/zvWcPUjnUHlqfRH7gdiR4G2
-bWIvKenl3hOQege/XnJNPUwzxeVX7k/qPivOk4I3pLnBjTRtFQdweHM95ex7Fk/d
-HoeWjw5q3MxS3ZwXpKQxZvWU5SDkkc2NJ0/0sm+wca8NC86cXkGqcLFEgJo2l3Dr
-EpZgxIhllub0M88PU7dQrDmy8OQ5j0fhayB1xpVO+REn3norclXZ2yrl4uz0eWR4
-v42sww==
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs
+nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/
+TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2
+FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ
+GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH
+sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73
+xyr/Qw==
-----END CERTIFICATE-----
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem
index da8cdb051..adc47dd33 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEArZFFwBh1n+M6EcFKOssNhPU6FEnaZePK5JtbIlCiAX1zqxjx
-bYaFMLh7WA1OFkz34+ZXOzRHf2TPGyY4WG5N/AiFq8zO+RYnv3jlYO9Om6ja14rh
-9O1+LHeK7LJxVfLBrtZS6bq9lvi7A2gWxm2VhJQWz5qmn/VULdfy8QW8/2n/8pbZ
-/Bsno/NHVc3/wCJvGgUCd+oBdR6dFDVez/Tv/EXhuRnkxQ1MVOjkf4EBzj2UALXp
-NqtJM+dfUP3bmQgbGeLB48eUhmsJhBMWvTTf5g1R6FW9THK/Q24jCXEU+iQU8sOR
-BaTpIO8PzsVbkgnTpyARusIWNwhH3/a8h6kl3wIDAQABAoIBAQCJDzatQqNf5uds
-Ld6YHtBGNf/vFYLJAuCtNaD5sAK+enpkmgXMH3X9yzBbj+Yh5hW6eaJYtiffiZOi
-NMQ50KD0bSZhTBIE0GIC6Uz5BwBkGyr1Gk7kQsZoBt5Fm4O0A0a+8a/3secU2MWV
-IxUZDGANmYOJ3O3HUstuiCDoA0gDyDt44n0RWOhKrPQmTP6vTItd/14Zi1Pg9ez3
-Mej/ulDmVV1R474EwUXbLLPBjP3vk++SLukWn4iWUeeHgDHSn0b/T5csUcH0kQMI
-aYRU2FOoCPZpRxyTr9aZxcHhr5EhQSCg7zc8u0IjpTFm8kZ4uN+60777w1A/FH5X
-YHq+yqVBAoGBANy6zM0egvyWQaX4YeoML65393iXt9OXW3uedMbmWc9VJ0bH7qdq
-b4X5Xume8yY1/hF8nh7aC1npfVjdBuDse0iHJ/eBGfCJ2VoC6/ZoCzBD7q0Qn2If
-/Sr/cbtQNTDkROT75hAo6XbewPGt7RjynH8sNmtclsZ0yyXHx0ml90tlAoGBAMlN
-P4ObM0mgP2NMPeDFqUBnHVj/h/KGS9PKrqpsvFOUm5lxJNRIxbEBavWzonphRX1X
-V83RICgCiWDAnqUaPfHh9mVBlyHCTWxrrnu3M9qbr5vZMFTyYiMoLxSfTmW5Qk8t
-cArqBDowQbiaKJE9fHv+32Q0IYRhJFVcxZRdQXHzAoGALRBmJ6qHC5KRrJTdSK9c
-PL55Y8F14lkQcFiVdtYol8/GyQigjMWKJ0wWOJQfCDoVuPQ8RAg4MQ8ebDoT4W/m
-a5RMcJeG+Djsixf1nMT5I816uRKft6TYRyMH0To64dR4zFcxTTNNFtu7gJwFwAYo
-NT6NjbXFgpbtsrTq1vpvVpECgYA0ldlhp8leEl58sg34CaqNCGLCPP5mfG6ShP/b
-xUvtCYUcMFJOojQCaTxnsuVe0so0U/y750VfLkp029yVhKVp6n1TNi8kwn03NWn/
-J3yEPudA7xuRFUBNrtGdsX/pUtvfkx8RutAf4ztH3f1683Txb0MsCfI3gqjbI8D5
-YOMXwQKBgAJnMfPslZIg6jOpBCo6RjdwvjZyPXXyn4dcCyW//2+olPdWnuu+HRCZ
-SkAWB7lSRLSvDZARHb63k+gwSl8lmwrSM53nDwaRdTKjhK2BFWsAKJNOhrOUQqJu
-EXvH4R1NrqOkPqLoG5Iw3XFUh5lQGKvKkU28W6Weolj2saljbW2b
+MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl
+h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l
+0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a
+VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S
+W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD
+e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k
+nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj
+AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/
+/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs
+P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF
+sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek
+uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj
+PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5
+hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg
+Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+
+Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL
+SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU
+zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH
+xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I
+XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF
+hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9
+AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO
+Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH
+yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5
+9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
index 6aeb0c0b1..42083c2a9 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIBIjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTEwMDgwNDA4Mzg0MVoXDTE1MDgwMzA4Mzg0MVowRTELMAkGA1UE
+b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z
-dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2R
-RcAYdZ/jOhHBSjrLDYT1OhRJ2mXjyuSbWyJQogF9c6sY8W2GhTC4e1gNThZM9+Pm
-Vzs0R39kzxsmOFhuTfwIhavMzvkWJ7945WDvTpuo2teK4fTtfix3iuyycVXywa7W
-Uum6vZb4uwNoFsZtlYSUFs+app/1VC3X8vEFvP9p//KW2fwbJ6PzR1XN/8AibxoF
-AnfqAXUenRQ1Xs/07/xF4bkZ5MUNTFTo5H+BAc49lAC16TarSTPnX1D925kIGxni
-wePHlIZrCYQTFr003+YNUehVvUxyv0NuIwlxFPokFPLDkQWk6SDvD87FW5IJ06cg
-EbrCFjcIR9/2vIepJd8CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgOoMB0GA1UdDgQWBBQS5lPpgsOE14sz7JGZimSmSbZOeDBtBgNVHSMEZjBkgBRd
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX
+z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii
+95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS
+rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6
+fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR
+dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig
+kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd
p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
-Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAqM2eqrsJmAop2roa
-yNeJt8317sdAll8TvDf+s4EeCtcpDT0cIX5vCumpL6E7nV9NWWDazGCAOkwWDPpp
-iuq6R0Js8r0MbyIUbVgOe3xIOqLKd9YW0sb1IwfR/zvWcPUjnUHlqfRH7gdiR4G2
-bWIvKenl3hOQege/XnJNPUwzxeVX7k/qPivOk4I3pLnBjTRtFQdweHM95ex7Fk/d
-HoeWjw5q3MxS3ZwXpKQxZvWU5SDkkc2NJ0/0sm+wca8NC86cXkGqcLFEgJo2l3Dr
-EpZgxIhllub0M88PU7dQrDmy8OQ5j0fhayB1xpVO+REn3norclXZ2yrl4uz0eWR4
-v42sww==
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs
+nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/
+TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2
+FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ
+GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH
+sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73
+xyr/Qw==
-----END CERTIFICATE-----
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem
index da8cdb051..adc47dd33 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEArZFFwBh1n+M6EcFKOssNhPU6FEnaZePK5JtbIlCiAX1zqxjx
-bYaFMLh7WA1OFkz34+ZXOzRHf2TPGyY4WG5N/AiFq8zO+RYnv3jlYO9Om6ja14rh
-9O1+LHeK7LJxVfLBrtZS6bq9lvi7A2gWxm2VhJQWz5qmn/VULdfy8QW8/2n/8pbZ
-/Bsno/NHVc3/wCJvGgUCd+oBdR6dFDVez/Tv/EXhuRnkxQ1MVOjkf4EBzj2UALXp
-NqtJM+dfUP3bmQgbGeLB48eUhmsJhBMWvTTf5g1R6FW9THK/Q24jCXEU+iQU8sOR
-BaTpIO8PzsVbkgnTpyARusIWNwhH3/a8h6kl3wIDAQABAoIBAQCJDzatQqNf5uds
-Ld6YHtBGNf/vFYLJAuCtNaD5sAK+enpkmgXMH3X9yzBbj+Yh5hW6eaJYtiffiZOi
-NMQ50KD0bSZhTBIE0GIC6Uz5BwBkGyr1Gk7kQsZoBt5Fm4O0A0a+8a/3secU2MWV
-IxUZDGANmYOJ3O3HUstuiCDoA0gDyDt44n0RWOhKrPQmTP6vTItd/14Zi1Pg9ez3
-Mej/ulDmVV1R474EwUXbLLPBjP3vk++SLukWn4iWUeeHgDHSn0b/T5csUcH0kQMI
-aYRU2FOoCPZpRxyTr9aZxcHhr5EhQSCg7zc8u0IjpTFm8kZ4uN+60777w1A/FH5X
-YHq+yqVBAoGBANy6zM0egvyWQaX4YeoML65393iXt9OXW3uedMbmWc9VJ0bH7qdq
-b4X5Xume8yY1/hF8nh7aC1npfVjdBuDse0iHJ/eBGfCJ2VoC6/ZoCzBD7q0Qn2If
-/Sr/cbtQNTDkROT75hAo6XbewPGt7RjynH8sNmtclsZ0yyXHx0ml90tlAoGBAMlN
-P4ObM0mgP2NMPeDFqUBnHVj/h/KGS9PKrqpsvFOUm5lxJNRIxbEBavWzonphRX1X
-V83RICgCiWDAnqUaPfHh9mVBlyHCTWxrrnu3M9qbr5vZMFTyYiMoLxSfTmW5Qk8t
-cArqBDowQbiaKJE9fHv+32Q0IYRhJFVcxZRdQXHzAoGALRBmJ6qHC5KRrJTdSK9c
-PL55Y8F14lkQcFiVdtYol8/GyQigjMWKJ0wWOJQfCDoVuPQ8RAg4MQ8ebDoT4W/m
-a5RMcJeG+Djsixf1nMT5I816uRKft6TYRyMH0To64dR4zFcxTTNNFtu7gJwFwAYo
-NT6NjbXFgpbtsrTq1vpvVpECgYA0ldlhp8leEl58sg34CaqNCGLCPP5mfG6ShP/b
-xUvtCYUcMFJOojQCaTxnsuVe0so0U/y750VfLkp029yVhKVp6n1TNi8kwn03NWn/
-J3yEPudA7xuRFUBNrtGdsX/pUtvfkx8RutAf4ztH3f1683Txb0MsCfI3gqjbI8D5
-YOMXwQKBgAJnMfPslZIg6jOpBCo6RjdwvjZyPXXyn4dcCyW//2+olPdWnuu+HRCZ
-SkAWB7lSRLSvDZARHb63k+gwSl8lmwrSM53nDwaRdTKjhK2BFWsAKJNOhrOUQqJu
-EXvH4R1NrqOkPqLoG5Iw3XFUh5lQGKvKkU28W6Weolj2saljbW2b
+MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl
+h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l
+0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a
+VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S
+W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD
+e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k
+nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj
+AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/
+/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs
+P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF
+sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek
+uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj
+PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5
+hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg
+Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+
+Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL
+SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU
+zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH
+xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I
+XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF
+hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9
+AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO
+Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH
+yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5
+9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf~ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf~
deleted file mode 100644
index 87dd585b6..000000000
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf~
+++ /dev/null
@@ -1,34 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = pem pkcs1 nonce x509 openssl curl revocation constraints socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
-
- plugins {
- tnc-pdp {
- server = aaa.strongswan.org
- radius {
- secret = gv6URkSs
- }
- }
- }
-}
-
-libtls {
- suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-}
-
-libimcv {
- database = sqlite:///etc/pts/config.db
- policy_script = ipsec imv_policy_manager
-
- plugins {
- imv-swid {
- rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
- }
- }
-}
-
-imv_policy_manager {
- command_allow = host with IP address %s is allowed
- command_block = host with IP address %s is blocked
-}