1 # $NetBSD: t_ipsec_sysctl.sh,v 1.1 2017/04/14 02:56:49 ozaki-r Exp $ 2 # 3 # Copyright (c) 2017 Internet Initiative Japan Inc. 4 # All rights reserved. 5 # 6 # Redistribution and use in source and binary forms, with or without 7 # modification, are permitted provided that the following conditions 8 # are met: 9 # 1. Redistributions of source code must retain the above copyright 10 # notice, this list of conditions and the following disclaimer. 11 # 2. Redistributions in binary form must reproduce the above copyright 12 # notice, this list of conditions and the following disclaimer in the 13 # documentation and/or other materials provided with the distribution. 14 # 15 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 # POSSIBILITY OF SUCH DAMAGE. 26 # 27 28 DEBUG=${DEBUG:-false} 29 30 atf_test_case ipsec_sysctl0 cleanup 31 ipsec_sysctl0_head() 32 { 33 34 atf_set "descr" "Tests of sysctl entries of IPsec without ipsec.so" 35 atf_set "require.progs" "rump_server" 36 } 37 38 ipsec_sysctl0_body() 39 { 40 local sock=unix://ipsec_sysctl 41 42 rump_server_crypto_start $sock 43 44 export RUMP_SERVER=$sock 45 atf_check -s not-exit:0 -e match:'invalid' \ 46 rump.sysctl net.inet.ipsec.enabled 47 atf_check -s not-exit:0 -e match:'invalid' \ 48 rump.sysctl net.inet6.ipsec6.enabled 49 } 50 51 ipsec_sysctl0_cleanup() 52 { 53 54 $DEBUG && dump 55 cleanup 56 } 57 58 atf_test_case ipsec_sysctl4 cleanup 59 ipsec_sysctl4_head() 60 { 61 62 atf_set "descr" "Tests of sysctl entries of IPsec without netinet6.so" 63 atf_set "require.progs" "rump_server" 64 } 65 66 ipsec_sysctl4_body() 67 { 68 local sock=unix://ipsec_sysctl 69 70 rump_server_crypto_start $sock netipsec 71 72 export RUMP_SERVER=$sock 73 atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet.ipsec.enabled 74 # net.inet6.ipsec6 entries exit regardless of netinet6 75 # net.inet6.ipsec6.enabled always equals net.inet.ipsec.enabled 76 atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet6.ipsec6.enabled 77 78 atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet.ipsec.used 79 # net.inet6.ipsec6.used always equals net.inet.ipsec.used 80 atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet6.ipsec6.used 81 82 # Add an SAD entry for IPv4 83 atf_check -s exit:0 -o empty $HIJACKING setkey -c <<-EOF 84 add 10.0.0.1 10.0.0.2 esp 9876 -E 3des-cbc "hogehogehogehogehogehoge"; 85 EOF 86 $DEBUG && $HIJACKING setkey -D 87 88 atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet.ipsec.used 89 atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet6.ipsec6.used 90 91 # Add an SPD entry for IPv4, which activates the IPsec function 92 atf_check -s exit:0 -o empty $HIJACKING setkey -c <<-EOF 93 spdadd 10.0.0.1 10.0.0.2 any -P out ipsec esp/transport//use; 94 EOF 95 $DEBUG && $HIJACKING setkey -D 96 97 atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet.ipsec.used 98 atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet6.ipsec6.used 99 } 100 101 ipsec_sysctl4_cleanup() 102 { 103 104 $DEBUG && dump 105 cleanup 106 } 107 108 atf_test_case ipsec_sysctl6 cleanup 109 ipsec_sysctl6_head() 110 { 111 112 atf_set "descr" "Tests of sysctl entries of IPsec" 113 atf_set "require.progs" "rump_server" 114 } 115 116 ipsec_sysctl6_body() 117 { 118 local sock=unix://ipsec_sysctl 119 120 rump_server_crypto_start $sock netinet6 netipsec 121 122 export RUMP_SERVER=$sock 123 atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet.ipsec.enabled 124 atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet6.ipsec6.enabled 125 126 atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet.ipsec.used 127 atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet6.ipsec6.used 128 129 # Add an SAD entry for IPv6 130 atf_check -s exit:0 -o empty $HIJACKING setkey -c <<-EOF 131 add fd00::1 fd00::2 esp 9876 -E 3des-cbc "hogehogehogehogehogehoge"; 132 EOF 133 $DEBUG && $HIJACKING setkey -D 134 135 atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet.ipsec.used 136 atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet6.ipsec6.used 137 138 # Add an SPD entry for IPv6, which activates the IPsec function 139 atf_check -s exit:0 -o empty $HIJACKING setkey -c <<-EOF 140 spdadd fd00::1 fd00::2 any -P out ipsec esp/transport//use; 141 EOF 142 $DEBUG && $HIJACKING setkey -D 143 144 atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet.ipsec.used 145 atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet6.ipsec6.used 146 } 147 148 ipsec_sysctl6_cleanup() 149 { 150 151 $DEBUG && dump 152 cleanup 153 } 154 155 atf_init_test_cases() 156 { 157 158 atf_add_test_case ipsec_sysctl0 159 atf_add_test_case ipsec_sysctl4 160 atf_add_test_case ipsec_sysctl6 161 } 162
Indexes created Sun Oct 12 20:09:57 GMT 2025