t_ipsec.sh revision 1.3.2.2
1 1.3.2.2 snj # $NetBSD: t_ipsec.sh,v 1.3.2.2 2018/02/11 21:17:35 snj Exp $ 2 1.3.2.2 snj # 3 1.3.2.2 snj # Copyright (c) 2017 Internet Initiative Japan Inc. 4 1.3.2.2 snj # All rights reserved. 5 1.3.2.2 snj # 6 1.3.2.2 snj # Redistribution and use in source and binary forms, with or without 7 1.3.2.2 snj # modification, are permitted provided that the following conditions 8 1.3.2.2 snj # are met: 9 1.3.2.2 snj # 1. Redistributions of source code must retain the above copyright 10 1.3.2.2 snj # notice, this list of conditions and the following disclaimer. 11 1.3.2.2 snj # 2. Redistributions in binary form must reproduce the above copyright 12 1.3.2.2 snj # notice, this list of conditions and the following disclaimer in the 13 1.3.2.2 snj # documentation and/or other materials provided with the distribution. 14 1.3.2.2 snj # 15 1.3.2.2 snj # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.3.2.2 snj # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.3.2.2 snj # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.3.2.2 snj # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.3.2.2 snj # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.3.2.2 snj # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.3.2.2 snj # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.3.2.2 snj # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.3.2.2 snj # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.3.2.2 snj # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.3.2.2 snj # POSSIBILITY OF SUCH DAMAGE. 26 1.3.2.2 snj # 27 1.3.2.2 snj 28 1.3.2.2 snj SOCK1=unix://commsock1 # for ROUTER1 29 1.3.2.2 snj SOCK2=unix://commsock2 # for ROUTER2 30 1.3.2.2 snj ROUTER1_LANIP=192.168.1.1 31 1.3.2.2 snj ROUTER1_LANNET=192.168.1.0/24 32 1.3.2.2 snj ROUTER1_WANIP=10.0.0.1 33 1.3.2.2 snj ROUTER1_IPSECIP=172.16.1.1 34 1.3.2.2 snj ROUTER1_WANIP_DUMMY=10.0.0.11 35 1.3.2.2 snj ROUTER1_IPSECIP_DUMMY=172.16.11.1 36 1.3.2.2 snj ROUTER1_IPSECIP_RECURSIVE1=172.16.101.1 37 1.3.2.2 snj ROUTER1_IPSECIP_RECURSIVE2=172.16.201.1 38 1.3.2.2 snj ROUTER2_LANIP=192.168.2.1 39 1.3.2.2 snj ROUTER2_LANNET=192.168.2.0/24 40 1.3.2.2 snj ROUTER2_WANIP=10.0.0.2 41 1.3.2.2 snj ROUTER2_IPSECIP=172.16.2.1 42 1.3.2.2 snj ROUTER2_WANIP_DUMMY=10.0.0.12 43 1.3.2.2 snj ROUTER2_IPSECIP_DUMMY=172.16.12.1 44 1.3.2.2 snj ROUTER2_IPSECIP_RECURSIVE1=172.16.102.1 45 1.3.2.2 snj ROUTER2_IPSECIP_RECURSIVE2=172.16.202.1 46 1.3.2.2 snj 47 1.3.2.2 snj ROUTER1_LANIP6=fc00:1::1 48 1.3.2.2 snj ROUTER1_LANNET6=fc00:1::/64 49 1.3.2.2 snj ROUTER1_WANIP6=fc00::1 50 1.3.2.2 snj ROUTER1_IPSECIP6=fc00:3::1 51 1.3.2.2 snj ROUTER1_WANIP6_DUMMY=fc00::11 52 1.3.2.2 snj ROUTER1_IPSECIP6_DUMMY=fc00:13::1 53 1.3.2.2 snj ROUTER1_IPSECIP6_RECURSIVE1=fc00:103::1 54 1.3.2.2 snj ROUTER1_IPSECIP6_RECURSIVE2=fc00:203::1 55 1.3.2.2 snj ROUTER2_LANIP6=fc00:2::1 56 1.3.2.2 snj ROUTER2_LANNET6=fc00:2::/64 57 1.3.2.2 snj ROUTER2_WANIP6=fc00::2 58 1.3.2.2 snj ROUTER2_IPSECIP6=fc00:4::1 59 1.3.2.2 snj ROUTER2_WANIP6_DUMMY=fc00::12 60 1.3.2.2 snj ROUTER2_IPSECIP6_DUMMY=fc00:14::1 61 1.3.2.2 snj ROUTER2_IPSECIP6_RECURSIVE1=fc00:104::1 62 1.3.2.2 snj ROUTER2_IPSECIP6_RECURSIVE2=fc00:204::1 63 1.3.2.2 snj 64 1.3.2.2 snj DEBUG=${DEBUG:-false} 65 1.3.2.2 snj TIMEOUT=7 66 1.3.2.2 snj 67 1.3.2.2 snj setup_router() 68 1.3.2.2 snj { 69 1.3.2.2 snj local sock=${1} 70 1.3.2.2 snj local lan=${2} 71 1.3.2.2 snj local lan_mode=${3} 72 1.3.2.2 snj local wan=${4} 73 1.3.2.2 snj local wan_mode=${5} 74 1.3.2.2 snj 75 1.3.2.2 snj rump_server_add_iface $sock shmif0 bus0 76 1.3.2.2 snj rump_server_add_iface $sock shmif1 bus1 77 1.3.2.2 snj 78 1.3.2.2 snj export RUMP_SERVER=${sock} 79 1.3.2.2 snj if [ ${lan_mode} = "ipv6" ]; then 80 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig shmif0 inet6 ${lan} 81 1.3.2.2 snj else 82 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00 83 1.3.2.2 snj fi 84 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig shmif0 up 85 1.3.2.2 snj rump.ifconfig shmif0 86 1.3.2.2 snj 87 1.3.2.2 snj if [ ${wan_mode} = "ipv6" ]; then 88 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig shmif1 inet6 ${wan} 89 1.3.2.2 snj else 90 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000 91 1.3.2.2 snj fi 92 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig shmif1 up 93 1.3.2.2 snj rump.ifconfig shmif1 94 1.3.2.2 snj unset RUMP_SERVER 95 1.3.2.2 snj } 96 1.3.2.2 snj 97 1.3.2.2 snj test_router() 98 1.3.2.2 snj { 99 1.3.2.2 snj local sock=${1} 100 1.3.2.2 snj local lan=${2} 101 1.3.2.2 snj local lan_mode=${3} 102 1.3.2.2 snj local wan=${4} 103 1.3.2.2 snj local wan_mode=${5} 104 1.3.2.2 snj 105 1.3.2.2 snj export RUMP_SERVER=${sock} 106 1.3.2.2 snj atf_check -s exit:0 -o match:shmif0 rump.ifconfig 107 1.3.2.2 snj if [ ${lan_mode} = "ipv6" ]; then 108 1.3.2.2 snj atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${lan} 109 1.3.2.2 snj else 110 1.3.2.2 snj atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan} 111 1.3.2.2 snj fi 112 1.3.2.2 snj 113 1.3.2.2 snj atf_check -s exit:0 -o match:shmif1 rump.ifconfig 114 1.3.2.2 snj if [ ${wan_mode} = "ipv6" ]; then 115 1.3.2.2 snj atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${wan} 116 1.3.2.2 snj else 117 1.3.2.2 snj atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan} 118 1.3.2.2 snj fi 119 1.3.2.2 snj unset RUMP_SERVER 120 1.3.2.2 snj } 121 1.3.2.2 snj 122 1.3.2.2 snj setup() 123 1.3.2.2 snj { 124 1.3.2.2 snj local inner=${1} 125 1.3.2.2 snj local outer=${2} 126 1.3.2.2 snj 127 1.3.2.2 snj rump_server_crypto_start $SOCK1 netipsec netinet6 ipsec 128 1.3.2.2 snj rump_server_crypto_start $SOCK2 netipsec netinet6 ipsec 129 1.3.2.2 snj 130 1.3.2.2 snj router1_lan="" 131 1.3.2.2 snj router1_lan_mode="" 132 1.3.2.2 snj router2_lan="" 133 1.3.2.2 snj router2_lan_mode="" 134 1.3.2.2 snj if [ ${inner} = "ipv6" ]; then 135 1.3.2.2 snj router1_lan=$ROUTER1_LANIP6 136 1.3.2.2 snj router1_lan_mode="ipv6" 137 1.3.2.2 snj router2_lan=$ROUTER2_LANIP6 138 1.3.2.2 snj router2_lan_mode="ipv6" 139 1.3.2.2 snj else 140 1.3.2.2 snj router1_lan=$ROUTER1_LANIP 141 1.3.2.2 snj router1_lan_mode="ipv4" 142 1.3.2.2 snj router2_lan=$ROUTER2_LANIP 143 1.3.2.2 snj router2_lan_mode="ipv4" 144 1.3.2.2 snj fi 145 1.3.2.2 snj 146 1.3.2.2 snj if [ ${outer} = "ipv6" ]; then 147 1.3.2.2 snj setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 148 1.3.2.2 snj $ROUTER1_WANIP6 ipv6 149 1.3.2.2 snj setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 150 1.3.2.2 snj $ROUTER2_WANIP6 ipv6 151 1.3.2.2 snj else 152 1.3.2.2 snj setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 153 1.3.2.2 snj $ROUTER1_WANIP ipv4 154 1.3.2.2 snj setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 155 1.3.2.2 snj $ROUTER2_WANIP ipv4 156 1.3.2.2 snj fi 157 1.3.2.2 snj } 158 1.3.2.2 snj 159 1.3.2.2 snj test_setup() 160 1.3.2.2 snj { 161 1.3.2.2 snj local inner=${1} 162 1.3.2.2 snj local outer=${2} 163 1.3.2.2 snj 164 1.3.2.2 snj local router1_lan="" 165 1.3.2.2 snj local router1_lan_mode="" 166 1.3.2.2 snj local router2_lan="" 167 1.3.2.2 snj local router2_lan_mode="" 168 1.3.2.2 snj if [ ${inner} = "ipv6" ]; then 169 1.3.2.2 snj router1_lan=$ROUTER1_LANIP6 170 1.3.2.2 snj router1_lan_mode="ipv6" 171 1.3.2.2 snj router2_lan=$ROUTER2_LANIP6 172 1.3.2.2 snj router2_lan_mode="ipv6" 173 1.3.2.2 snj else 174 1.3.2.2 snj router1_lan=$ROUTER1_LANIP 175 1.3.2.2 snj router1_lan_mode="ipv4" 176 1.3.2.2 snj router2_lan=$ROUTER2_LANIP 177 1.3.2.2 snj router2_lan_mode="ipv4" 178 1.3.2.2 snj fi 179 1.3.2.2 snj if [ ${outer} = "ipv6" ]; then 180 1.3.2.2 snj test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 181 1.3.2.2 snj $ROUTER1_WANIP6 ipv6 182 1.3.2.2 snj test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 183 1.3.2.2 snj $ROUTER2_WANIP6 ipv6 184 1.3.2.2 snj else 185 1.3.2.2 snj test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 186 1.3.2.2 snj $ROUTER1_WANIP ipv4 187 1.3.2.2 snj test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 188 1.3.2.2 snj $ROUTER2_WANIP ipv4 189 1.3.2.2 snj fi 190 1.3.2.2 snj } 191 1.3.2.2 snj 192 1.3.2.2 snj get_if_ipsec_unique() 193 1.3.2.2 snj { 194 1.3.2.2 snj local sock=${1} 195 1.3.2.2 snj local src=${2} 196 1.3.2.2 snj local proto=${3} 197 1.3.2.2 snj local unique="" 198 1.3.2.2 snj 199 1.3.2.2 snj export RUMP_SERVER=${sock} 200 1.3.2.2 snj unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'` 201 1.3.2.2 snj unset RUMP_SERVER 202 1.3.2.2 snj 203 1.3.2.2 snj echo $unique 204 1.3.2.2 snj } 205 1.3.2.2 snj 206 1.3.2.2 snj setup_if_ipsec() 207 1.3.2.2 snj { 208 1.3.2.2 snj local sock=${1} 209 1.3.2.2 snj local addr=${2} 210 1.3.2.2 snj local remote=${3} 211 1.3.2.2 snj local inner=${4} 212 1.3.2.2 snj local src=${5} 213 1.3.2.2 snj local dst=${6} 214 1.3.2.2 snj local peernet=${7} 215 1.3.2.2 snj 216 1.3.2.2 snj export RUMP_SERVER=${sock} 217 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec0 create 218 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec0 tunnel ${src} ${dst} 219 1.3.2.2 snj if [ ${inner} = "ipv6" ]; then 220 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec0 inet6 ${addr}/128 ${remote} 221 1.3.2.2 snj atf_check -s exit:0 -o ignore rump.route add -inet6 ${peernet} ${addr} 222 1.3.2.2 snj else 223 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 ${remote} 224 1.3.2.2 snj atf_check -s exit:0 -o ignore rump.route add -inet ${peernet} ${addr} 225 1.3.2.2 snj fi 226 1.3.2.2 snj 227 1.3.2.2 snj rump.ifconfig ipsec0 228 1.3.2.2 snj rump.route -nL show 229 1.3.2.2 snj } 230 1.3.2.2 snj 231 1.3.2.2 snj setup_if_ipsec_sa() 232 1.3.2.2 snj { 233 1.3.2.2 snj local sock=${1} 234 1.3.2.2 snj local src=${2} 235 1.3.2.2 snj local dst=${3} 236 1.3.2.2 snj local mode=${4} 237 1.3.2.2 snj local proto=${5} 238 1.3.2.2 snj local algo=${6} 239 1.3.2.2 snj local dir=${7} 240 1.3.2.2 snj 241 1.3.2.2 snj local tmpfile=./tmp 242 1.3.2.2 snj local inunique="" 243 1.3.2.2 snj local outunique="" 244 1.3.2.2 snj local inid="" 245 1.3.2.2 snj local outid="" 246 1.3.2.2 snj local algo_args="$(generate_algo_args $proto $algo)" 247 1.3.2.2 snj 248 1.3.2.2 snj inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` 249 1.3.2.2 snj outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` 250 1.3.2.2 snj 251 1.3.2.2 snj if [ ${dir} = "1to2" ] ; then 252 1.3.2.2 snj if [ ${mode} = "ipv6" ] ; then 253 1.3.2.2 snj inid="10010" 254 1.3.2.2 snj outid="10011" 255 1.3.2.2 snj else 256 1.3.2.2 snj inid="10000" 257 1.3.2.2 snj outid="10001" 258 1.3.2.2 snj fi 259 1.3.2.2 snj else 260 1.3.2.2 snj if [ ${mode} = "ipv6" ] ; then 261 1.3.2.2 snj inid="10011" 262 1.3.2.2 snj outid="10010" 263 1.3.2.2 snj else 264 1.3.2.2 snj inid="10001" 265 1.3.2.2 snj outid="10000" 266 1.3.2.2 snj fi 267 1.3.2.2 snj fi 268 1.3.2.2 snj 269 1.3.2.2 snj cat > $tmpfile <<-EOF 270 1.3.2.2 snj add $dst $src $proto $inid -u $inunique $algo_args; 271 1.3.2.2 snj add $src $dst $proto $outid -u $outunique $algo_args; 272 1.3.2.2 snj EOF 273 1.3.2.2 snj $DEBUG && cat $tmpfile 274 1.3.2.2 snj export RUMP_SERVER=$sock 275 1.3.2.2 snj atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 276 1.3.2.2 snj $DEBUG && $HIJACKING setkey -D 277 1.3.2.2 snj $DEBUG && $HIJACKING setkey -DP 278 1.3.2.2 snj unset RUMP_SERVER 279 1.3.2.2 snj } 280 1.3.2.2 snj 281 1.3.2.2 snj setup_tunnel() 282 1.3.2.2 snj { 283 1.3.2.2 snj local inner=${1} 284 1.3.2.2 snj local outer=${2} 285 1.3.2.2 snj local proto=${3} 286 1.3.2.2 snj local algo=${4} 287 1.3.2.2 snj 288 1.3.2.2 snj local addr="" 289 1.3.2.2 snj local remote="" 290 1.3.2.2 snj local src="" 291 1.3.2.2 snj local dst="" 292 1.3.2.2 snj local peernet="" 293 1.3.2.2 snj 294 1.3.2.2 snj if [ ${inner} = "ipv6" ]; then 295 1.3.2.2 snj addr=$ROUTER1_IPSECIP6 296 1.3.2.2 snj remote=$ROUTER2_IPSECIP6 297 1.3.2.2 snj peernet=$ROUTER2_LANNET6 298 1.3.2.2 snj else 299 1.3.2.2 snj addr=$ROUTER1_IPSECIP 300 1.3.2.2 snj remote=$ROUTER2_IPSECIP 301 1.3.2.2 snj peernet=$ROUTER2_LANNET 302 1.3.2.2 snj fi 303 1.3.2.2 snj if [ ${outer} = "ipv6" ]; then 304 1.3.2.2 snj src=$ROUTER1_WANIP6 305 1.3.2.2 snj dst=$ROUTER2_WANIP6 306 1.3.2.2 snj else 307 1.3.2.2 snj src=$ROUTER1_WANIP 308 1.3.2.2 snj dst=$ROUTER2_WANIP 309 1.3.2.2 snj fi 310 1.3.2.2 snj setup_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ 311 1.3.2.2 snj ${src} ${dst} ${peernet} 312 1.3.2.2 snj 313 1.3.2.2 snj if [ $inner = "ipv6" -a $outer = "ipv4" ]; then 314 1.3.2.2 snj setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${outer} ${proto} ${algo} "1to2" 315 1.3.2.2 snj fi 316 1.3.2.2 snj setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" 317 1.3.2.2 snj 318 1.3.2.2 snj if [ $inner = "ipv6" ]; then 319 1.3.2.2 snj addr=$ROUTER2_IPSECIP6 320 1.3.2.2 snj remote=$ROUTER1_IPSECIP6 321 1.3.2.2 snj peernet=$ROUTER1_LANNET6 322 1.3.2.2 snj else 323 1.3.2.2 snj addr=$ROUTER2_IPSECIP 324 1.3.2.2 snj remote=$ROUTER1_IPSECIP 325 1.3.2.2 snj peernet=$ROUTER1_LANNET 326 1.3.2.2 snj fi 327 1.3.2.2 snj if [ $outer = "ipv6" ]; then 328 1.3.2.2 snj src=$ROUTER2_WANIP6 329 1.3.2.2 snj dst=$ROUTER1_WANIP6 330 1.3.2.2 snj else 331 1.3.2.2 snj src=$ROUTER2_WANIP 332 1.3.2.2 snj dst=$ROUTER1_WANIP 333 1.3.2.2 snj fi 334 1.3.2.2 snj setup_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ 335 1.3.2.2 snj ${src} ${dst} ${peernet} ${proto} ${algo} 336 1.3.2.2 snj if [ $inner = "ipv6" -a $outer = "ipv4" ]; then 337 1.3.2.2 snj setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${outer} ${proto} ${algo} "2to1" 338 1.3.2.2 snj fi 339 1.3.2.2 snj setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" 340 1.3.2.2 snj } 341 1.3.2.2 snj 342 1.3.2.2 snj test_setup_tunnel() 343 1.3.2.2 snj { 344 1.3.2.2 snj local mode=${1} 345 1.3.2.2 snj 346 1.3.2.2 snj local peernet="" 347 1.3.2.2 snj local opt="" 348 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 349 1.3.2.2 snj peernet=$ROUTER2_LANNET6 350 1.3.2.2 snj opt="-inet6" 351 1.3.2.2 snj else 352 1.3.2.2 snj peernet=$ROUTER2_LANNET 353 1.3.2.2 snj opt="-inet" 354 1.3.2.2 snj fi 355 1.3.2.2 snj export RUMP_SERVER=$SOCK1 356 1.3.2.2 snj atf_check -s exit:0 -o match:ipsec0 rump.ifconfig 357 1.3.2.2 snj atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} 358 1.3.2.2 snj 359 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 360 1.3.2.2 snj peernet=$ROUTER1_LANNET6 361 1.3.2.2 snj opt="-inet6" 362 1.3.2.2 snj else 363 1.3.2.2 snj peernet=$ROUTER1_LANNET 364 1.3.2.2 snj opt="-inet" 365 1.3.2.2 snj fi 366 1.3.2.2 snj export RUMP_SERVER=$SOCK2 367 1.3.2.2 snj atf_check -s exit:0 -o match:ipsec0 rump.ifconfig 368 1.3.2.2 snj atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} 369 1.3.2.2 snj } 370 1.3.2.2 snj 371 1.3.2.2 snj teardown_tunnel() 372 1.3.2.2 snj { 373 1.3.2.2 snj export RUMP_SERVER=$SOCK1 374 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel 375 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec0 destroy 376 1.3.2.2 snj $HIJACKING setkey -F 377 1.3.2.2 snj 378 1.3.2.2 snj export RUMP_SERVER=$SOCK2 379 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel 380 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec0 destroy 381 1.3.2.2 snj $HIJACKING setkey -F 382 1.3.2.2 snj 383 1.3.2.2 snj unset RUMP_SERVER 384 1.3.2.2 snj } 385 1.3.2.2 snj 386 1.3.2.2 snj setup_dummy_if_ipsec() 387 1.3.2.2 snj { 388 1.3.2.2 snj local sock=${1} 389 1.3.2.2 snj local addr=${2} 390 1.3.2.2 snj local remote=${3} 391 1.3.2.2 snj local inner=${4} 392 1.3.2.2 snj local src=${5} 393 1.3.2.2 snj local dst=${6} 394 1.3.2.2 snj 395 1.3.2.2 snj export RUMP_SERVER=${sock} 396 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 create 397 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 tunnel ${src} ${dst} 398 1.3.2.2 snj if [ ${inner} = "ipv6" ]; then 399 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 inet6 ${addr}/128 ${remote} 400 1.3.2.2 snj else 401 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 inet ${addr}/32 ${remote} 402 1.3.2.2 snj fi 403 1.3.2.2 snj 404 1.3.2.2 snj rump.ifconfig ipsec1 405 1.3.2.2 snj unset RUMP_SERVER 406 1.3.2.2 snj } 407 1.3.2.2 snj 408 1.3.2.2 snj setup_dummy_if_ipsec_sa() 409 1.3.2.2 snj { 410 1.3.2.2 snj local sock=${1} 411 1.3.2.2 snj local src=${2} 412 1.3.2.2 snj local dst=${3} 413 1.3.2.2 snj local mode=${4} 414 1.3.2.2 snj local proto=${5} 415 1.3.2.2 snj local algo=${6} 416 1.3.2.2 snj local dir=${7} 417 1.3.2.2 snj 418 1.3.2.2 snj local tmpfile=./tmp 419 1.3.2.2 snj local inunique="" 420 1.3.2.2 snj local outunique="" 421 1.3.2.2 snj local inid="" 422 1.3.2.2 snj local outid="" 423 1.3.2.2 snj local algo_args="$(generate_algo_args $proto $algo)" 424 1.3.2.2 snj 425 1.3.2.2 snj inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` 426 1.3.2.2 snj outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` 427 1.3.2.2 snj 428 1.3.2.2 snj if [ ${dir} = "1to2" ] ; then 429 1.3.2.2 snj inid="20000" 430 1.3.2.2 snj outid="20001" 431 1.3.2.2 snj else 432 1.3.2.2 snj inid="20001" 433 1.3.2.2 snj outid="20000" 434 1.3.2.2 snj fi 435 1.3.2.2 snj 436 1.3.2.2 snj cat > $tmpfile <<-EOF 437 1.3.2.2 snj add $dst $src $proto $inid -u $inunique $algo_args; 438 1.3.2.2 snj add $src $dst $proto $outid -u $outunique $algo_args; 439 1.3.2.2 snj EOF 440 1.3.2.2 snj $DEBUG && cat $tmpfile 441 1.3.2.2 snj export RUMP_SERVER=$sock 442 1.3.2.2 snj atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 443 1.3.2.2 snj $DEBUG && $HIJACKING setkey -D 444 1.3.2.2 snj $DEBUG && $HIJACKING setkey -DP 445 1.3.2.2 snj unset RUMP_SERVER 446 1.3.2.2 snj } 447 1.3.2.2 snj 448 1.3.2.2 snj setup_dummy_tunnel() 449 1.3.2.2 snj { 450 1.3.2.2 snj local inner=${1} 451 1.3.2.2 snj local outer=${2} 452 1.3.2.2 snj local proto=${3} 453 1.3.2.2 snj local algo=${4} 454 1.3.2.2 snj 455 1.3.2.2 snj local addr="" 456 1.3.2.2 snj local remote="" 457 1.3.2.2 snj local src="" 458 1.3.2.2 snj local dst="" 459 1.3.2.2 snj 460 1.3.2.2 snj if [ ${inner} = "ipv6" ]; then 461 1.3.2.2 snj addr=$ROUTER1_IPSECIP6_DUMMY 462 1.3.2.2 snj remote=$ROUTER2_IPSECIP6_DUMMY 463 1.3.2.2 snj else 464 1.3.2.2 snj addr=$ROUTER1_IPSECIP_DUMMY 465 1.3.2.2 snj remote=$ROUTER2_IPSECIP_DUMMY 466 1.3.2.2 snj fi 467 1.3.2.2 snj if [ ${outer} = "ipv6" ]; then 468 1.3.2.2 snj src=$ROUTER1_WANIP6_DUMMY 469 1.3.2.2 snj dst=$ROUTER2_WANIP6_DUMMY 470 1.3.2.2 snj else 471 1.3.2.2 snj src=$ROUTER1_WANIP_DUMMY 472 1.3.2.2 snj dst=$ROUTER2_WANIP_DUMMY 473 1.3.2.2 snj fi 474 1.3.2.2 snj setup_dummy_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ 475 1.3.2.2 snj ${src} ${dst} ${proto} ${algo} "1to2" 476 1.3.2.2 snj setup_dummy_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" 477 1.3.2.2 snj 478 1.3.2.2 snj if [ $inner = "ipv6" ]; then 479 1.3.2.2 snj addr=$ROUTER2_IPSECIP6_DUMMY 480 1.3.2.2 snj remote=$ROUTER1_IPSECIP6_DUMMY 481 1.3.2.2 snj else 482 1.3.2.2 snj addr=$ROUTER2_IPSECIP_DUMMY 483 1.3.2.2 snj remote=$ROUTER1_IPSECIP_DUMMY 484 1.3.2.2 snj fi 485 1.3.2.2 snj if [ $outer = "ipv6" ]; then 486 1.3.2.2 snj src=$ROUTER2_WANIP6_DUMMY 487 1.3.2.2 snj dst=$ROUTER1_WANIP6_DUMMY 488 1.3.2.2 snj else 489 1.3.2.2 snj src=$ROUTER2_WANIP_DUMMY 490 1.3.2.2 snj dst=$ROUTER1_WANIP_DUMMY 491 1.3.2.2 snj fi 492 1.3.2.2 snj setup_dummy_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ 493 1.3.2.2 snj ${src} ${dst} ${proto} ${algo} "2to1" 494 1.3.2.2 snj setup_dummy_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" 495 1.3.2.2 snj } 496 1.3.2.2 snj 497 1.3.2.2 snj test_setup_dummy_tunnel() 498 1.3.2.2 snj { 499 1.3.2.2 snj export RUMP_SERVER=$SOCK1 500 1.3.2.2 snj atf_check -s exit:0 -o match:ipsec1 rump.ifconfig 501 1.3.2.2 snj 502 1.3.2.2 snj export RUMP_SERVER=$SOCK2 503 1.3.2.2 snj atf_check -s exit:0 -o match:ipsec1 rump.ifconfig 504 1.3.2.2 snj 505 1.3.2.2 snj unset RUMP_SERVER 506 1.3.2.2 snj } 507 1.3.2.2 snj 508 1.3.2.2 snj teardown_dummy_tunnel() 509 1.3.2.2 snj { 510 1.3.2.2 snj export RUMP_SERVER=$SOCK1 511 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel 512 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 destroy 513 1.3.2.2 snj 514 1.3.2.2 snj export RUMP_SERVER=$SOCK2 515 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel 516 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 destroy 517 1.3.2.2 snj 518 1.3.2.2 snj unset RUMP_SERVER 519 1.3.2.2 snj } 520 1.3.2.2 snj 521 1.3.2.2 snj setup_recursive_if_ipsec() 522 1.3.2.2 snj { 523 1.3.2.2 snj local sock=${1} 524 1.3.2.2 snj local ipsec=${2} 525 1.3.2.2 snj local addr=${3} 526 1.3.2.2 snj local remote=${4} 527 1.3.2.2 snj local inner=${5} 528 1.3.2.2 snj local src=${6} 529 1.3.2.2 snj local dst=${7} 530 1.3.2.2 snj local proto=${8} 531 1.3.2.2 snj local algo=${9} 532 1.3.2.2 snj local dir=${10} 533 1.3.2.2 snj 534 1.3.2.2 snj export RUMP_SERVER=${sock} 535 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ${ipsec} create 536 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ${ipsec} tunnel ${src} ${dst} 537 1.3.2.2 snj if [ ${inner} = "ipv6" ]; then 538 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ${ipsec} inet6 ${addr}/128 ${remote} 539 1.3.2.2 snj else 540 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ${ipsec} inet ${addr}/32 ${remote} 541 1.3.2.2 snj fi 542 1.3.2.2 snj setup_if_ipsec_sa $sock ${src} ${dst} ${inner} ${proto} ${algo} ${dir} 543 1.3.2.2 snj 544 1.3.2.2 snj export RUMP_SERVER=${sock} 545 1.3.2.2 snj rump.ifconfig ${ipsec} 546 1.3.2.2 snj unset RUMP_SERVER 547 1.3.2.2 snj } 548 1.3.2.2 snj 549 1.3.2.2 snj # test in ROUTER1 only 550 1.3.2.2 snj setup_recursive_tunnels() 551 1.3.2.2 snj { 552 1.3.2.2 snj local mode=${1} 553 1.3.2.2 snj local proto=${2} 554 1.3.2.2 snj local algo=${3} 555 1.3.2.2 snj 556 1.3.2.2 snj local addr="" 557 1.3.2.2 snj local remote="" 558 1.3.2.2 snj local src="" 559 1.3.2.2 snj local dst="" 560 1.3.2.2 snj 561 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 562 1.3.2.2 snj addr=$ROUTER1_IPSECIP6_RECURSIVE1 563 1.3.2.2 snj remote=$ROUTER2_IPSECIP6_RECURSIVE1 564 1.3.2.2 snj src=$ROUTER1_IPSECIP6 565 1.3.2.2 snj dst=$ROUTER2_IPSECIP6 566 1.3.2.2 snj else 567 1.3.2.2 snj addr=$ROUTER1_IPSECIP_RECURSIVE1 568 1.3.2.2 snj remote=$ROUTER2_IPSECIP_RECURSIVE1 569 1.3.2.2 snj src=$ROUTER1_IPSECIP 570 1.3.2.2 snj dst=$ROUTER2_IPSECIP 571 1.3.2.2 snj fi 572 1.3.2.2 snj setup_recursive_if_ipsec $SOCK1 ipsec1 ${addr} ${remote} ${mode} \ 573 1.3.2.2 snj ${src} ${dst} ${proto} ${algo} "1to2" 574 1.3.2.2 snj 575 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 576 1.3.2.2 snj addr=$ROUTER1_IPSECIP6_RECURSIVE2 577 1.3.2.2 snj remote=$ROUTER2_IPSECIP6_RECURSIVE2 578 1.3.2.2 snj src=$ROUTER1_IPSECIP6_RECURSIVE1 579 1.3.2.2 snj dst=$ROUTER2_IPSECIP6_RECURSIVE1 580 1.3.2.2 snj else 581 1.3.2.2 snj addr=$ROUTER1_IPSECIP_RECURSIVE2 582 1.3.2.2 snj remote=$ROUTER2_IPSECIP_RECURSIVE2 583 1.3.2.2 snj src=$ROUTER1_IPSECIP_RECURSIVE1 584 1.3.2.2 snj dst=$ROUTER2_IPSECIP_RECURSIVE1 585 1.3.2.2 snj fi 586 1.3.2.2 snj setup_recursive_if_ipsec $SOCK1 ipsec2 ${addr} ${remote} ${mode} \ 587 1.3.2.2 snj ${src} ${dst} ${proto} ${algo} "1to2" 588 1.3.2.2 snj } 589 1.3.2.2 snj 590 1.3.2.2 snj # test in router1 only 591 1.3.2.2 snj test_recursive_check() 592 1.3.2.2 snj { 593 1.3.2.2 snj local mode=$1 594 1.3.2.2 snj 595 1.3.2.2 snj export RUMP_SERVER=$SOCK1 596 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 597 1.3.2.2 snj atf_check -s not-exit:0 -o ignore -e ignore \ 598 1.3.2.2 snj rump.ping6 -n -X $TIMEOUT -c 1 $ROUTER2_IPSECIP6_RECURSIVE2 599 1.3.2.2 snj else 600 1.3.2.2 snj atf_check -s not-exit:0 -o ignore -e ignore \ 601 1.3.2.2 snj rump.ping -n -w $TIMEOUT -c 1 $ROUTER2_IPSECIP_RECURSIVE2 602 1.3.2.2 snj fi 603 1.3.2.2 snj 604 1.3.2.2 snj atf_check -o match:'ipsec0: recursively called too many times' \ 605 1.3.2.2 snj -x "$HIJACKING dmesg" 606 1.3.2.2 snj 607 1.3.2.2 snj $HIJACKING dmesg 608 1.3.2.2 snj 609 1.3.2.2 snj unset RUMP_SERVER 610 1.3.2.2 snj } 611 1.3.2.2 snj 612 1.3.2.2 snj teardown_recursive_tunnels() 613 1.3.2.2 snj { 614 1.3.2.2 snj export RUMP_SERVER=$SOCK1 615 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel 616 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec1 destroy 617 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec2 deletetunnel 618 1.3.2.2 snj atf_check -s exit:0 rump.ifconfig ipsec2 destroy 619 1.3.2.2 snj unset RUMP_SERVER 620 1.3.2.2 snj } 621 1.3.2.2 snj 622 1.3.2.2 snj test_ping_failure() 623 1.3.2.2 snj { 624 1.3.2.2 snj local mode=$1 625 1.3.2.2 snj 626 1.3.2.2 snj export RUMP_SERVER=$SOCK1 627 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 628 1.3.2.2 snj atf_check -s not-exit:0 -o ignore -e ignore \ 629 1.3.2.2 snj rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ 630 1.3.2.2 snj $ROUTER2_LANIP6 631 1.3.2.2 snj else 632 1.3.2.2 snj atf_check -s not-exit:0 -o ignore -e ignore \ 633 1.3.2.2 snj rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 634 1.3.2.2 snj $ROUTER2_LANIP 635 1.3.2.2 snj fi 636 1.3.2.2 snj 637 1.3.2.2 snj export RUMP_SERVER=$SOCK2 638 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 639 1.3.2.2 snj atf_check -s not-exit:0 -o ignore -e ignore \ 640 1.3.2.2 snj rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ 641 1.3.2.2 snj $ROUTER1_LANIP6 642 1.3.2.2 snj else 643 1.3.2.2 snj atf_check -s not-exit:0 -o ignore -e ignore \ 644 1.3.2.2 snj rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 645 1.3.2.2 snj $ROUTER2_LANIP 646 1.3.2.2 snj fi 647 1.3.2.2 snj 648 1.3.2.2 snj unset RUMP_SERVER 649 1.3.2.2 snj } 650 1.3.2.2 snj 651 1.3.2.2 snj test_ping_success() 652 1.3.2.2 snj { 653 1.3.2.2 snj mode=$1 654 1.3.2.2 snj 655 1.3.2.2 snj export RUMP_SERVER=$SOCK1 656 1.3.2.2 snj rump.ifconfig -v ipsec0 657 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 658 1.3.2.2 snj # XXX 659 1.3.2.2 snj # rump.ping6 rarely fails with the message that 660 1.3.2.2 snj # "failed to get receiving hop limit". 661 1.3.2.2 snj # This is a known issue being analyzed. 662 1.3.2.2 snj atf_check -s exit:0 -o ignore \ 663 1.3.2.2 snj rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ 664 1.3.2.2 snj $ROUTER2_LANIP6 665 1.3.2.2 snj else 666 1.3.2.2 snj atf_check -s exit:0 -o ignore \ 667 1.3.2.2 snj rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 668 1.3.2.2 snj $ROUTER2_LANIP 669 1.3.2.2 snj fi 670 1.3.2.2 snj rump.ifconfig -v ipsec0 671 1.3.2.2 snj 672 1.3.2.2 snj export RUMP_SERVER=$SOCK2 673 1.3.2.2 snj rump.ifconfig -v ipsec0 674 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 675 1.3.2.2 snj atf_check -s exit:0 -o ignore \ 676 1.3.2.2 snj rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ 677 1.3.2.2 snj $ROUTER1_LANIP6 678 1.3.2.2 snj else 679 1.3.2.2 snj atf_check -s exit:0 -o ignore \ 680 1.3.2.2 snj rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ 681 1.3.2.2 snj $ROUTER1_LANIP 682 1.3.2.2 snj fi 683 1.3.2.2 snj rump.ifconfig -v ipsec0 684 1.3.2.2 snj 685 1.3.2.2 snj unset RUMP_SERVER 686 1.3.2.2 snj } 687 1.3.2.2 snj 688 1.3.2.2 snj test_change_tunnel_duplicate() 689 1.3.2.2 snj { 690 1.3.2.2 snj local mode=$1 691 1.3.2.2 snj 692 1.3.2.2 snj local newsrc="" 693 1.3.2.2 snj local newdst="" 694 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 695 1.3.2.2 snj newsrc=$ROUTER1_WANIP6_DUMMY 696 1.3.2.2 snj newdst=$ROUTER2_WANIP6_DUMMY 697 1.3.2.2 snj else 698 1.3.2.2 snj newsrc=$ROUTER1_WANIP_DUMMY 699 1.3.2.2 snj newdst=$ROUTER2_WANIP_DUMMY 700 1.3.2.2 snj fi 701 1.3.2.2 snj export RUMP_SERVER=$SOCK1 702 1.3.2.2 snj rump.ifconfig -v ipsec0 703 1.3.2.2 snj rump.ifconfig -v ipsec1 704 1.3.2.2 snj atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ 705 1.3.2.2 snj rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 706 1.3.2.2 snj rump.ifconfig -v ipsec0 707 1.3.2.2 snj rump.ifconfig -v ipsec1 708 1.3.2.2 snj 709 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 710 1.3.2.2 snj newsrc=$ROUTER2_WANIP6_DUMMY 711 1.3.2.2 snj newdst=$ROUTER1_WANIP6_DUMMY 712 1.3.2.2 snj else 713 1.3.2.2 snj newsrc=$ROUTER2_WANIP_DUMMY 714 1.3.2.2 snj newdst=$ROUTER1_WANIP_DUMMY 715 1.3.2.2 snj fi 716 1.3.2.2 snj export RUMP_SERVER=$SOCK2 717 1.3.2.2 snj rump.ifconfig -v ipsec0 718 1.3.2.2 snj rump.ifconfig -v ipsec1 719 1.3.2.2 snj atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ 720 1.3.2.2 snj rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 721 1.3.2.2 snj rump.ifconfig -v ipsec0 722 1.3.2.2 snj rump.ifconfig -v ipsec1 723 1.3.2.2 snj 724 1.3.2.2 snj unset RUMP_SERVER 725 1.3.2.2 snj } 726 1.3.2.2 snj 727 1.3.2.2 snj test_change_tunnel_success() 728 1.3.2.2 snj { 729 1.3.2.2 snj local mode=$1 730 1.3.2.2 snj 731 1.3.2.2 snj local newsrc="" 732 1.3.2.2 snj local newdst="" 733 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 734 1.3.2.2 snj newsrc=$ROUTER1_WANIP6_DUMMY 735 1.3.2.2 snj newdst=$ROUTER2_WANIP6_DUMMY 736 1.3.2.2 snj else 737 1.3.2.2 snj newsrc=$ROUTER1_WANIP_DUMMY 738 1.3.2.2 snj newdst=$ROUTER2_WANIP_DUMMY 739 1.3.2.2 snj fi 740 1.3.2.2 snj export RUMP_SERVER=$SOCK1 741 1.3.2.2 snj rump.ifconfig -v ipsec0 742 1.3.2.2 snj atf_check -s exit:0 \ 743 1.3.2.2 snj rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 744 1.3.2.2 snj rump.ifconfig -v ipsec0 745 1.3.2.2 snj 746 1.3.2.2 snj if [ ${mode} = "ipv6" ]; then 747 1.3.2.2 snj newsrc=$ROUTER2_WANIP6_DUMMY 748 1.3.2.2 snj newdst=$ROUTER1_WANIP6_DUMMY 749 1.3.2.2 snj else 750 1.3.2.2 snj newsrc=$ROUTER2_WANIP_DUMMY 751 1.3.2.2 snj newdst=$ROUTER1_WANIP_DUMMY 752 1.3.2.2 snj fi 753 1.3.2.2 snj export RUMP_SERVER=$SOCK2 754 1.3.2.2 snj rump.ifconfig -v ipsec0 755 1.3.2.2 snj atf_check -s exit:0 \ 756 1.3.2.2 snj rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 757 1.3.2.2 snj rump.ifconfig -v ipsec0 758 1.3.2.2 snj 759 1.3.2.2 snj unset RUMP_SERVER 760 1.3.2.2 snj } 761 1.3.2.2 snj 762 1.3.2.2 snj basic_setup() 763 1.3.2.2 snj { 764 1.3.2.2 snj local inner=$1 765 1.3.2.2 snj local outer=$2 766 1.3.2.2 snj local proto=$3 767 1.3.2.2 snj local algo=$4 768 1.3.2.2 snj 769 1.3.2.2 snj setup ${inner} ${outer} 770 1.3.2.2 snj test_setup ${inner} ${outer} 771 1.3.2.2 snj 772 1.3.2.2 snj # Enable once PR kern/49219 is fixed 773 1.3.2.2 snj #test_ping_failure 774 1.3.2.2 snj 775 1.3.2.2 snj setup_tunnel ${inner} ${outer} ${proto} ${algo} 776 1.3.2.2 snj sleep 1 777 1.3.2.2 snj test_setup_tunnel ${inner} 778 1.3.2.2 snj } 779 1.3.2.2 snj 780 1.3.2.2 snj basic_test() 781 1.3.2.2 snj { 782 1.3.2.2 snj local inner=$1 783 1.3.2.2 snj local outer=$2 # not use 784 1.3.2.2 snj 785 1.3.2.2 snj test_ping_success ${inner} 786 1.3.2.2 snj } 787 1.3.2.2 snj 788 1.3.2.2 snj basic_teardown() 789 1.3.2.2 snj { 790 1.3.2.2 snj local inner=$1 791 1.3.2.2 snj local outer=$2 # not use 792 1.3.2.2 snj 793 1.3.2.2 snj teardown_tunnel 794 1.3.2.2 snj test_ping_failure ${inner} 795 1.3.2.2 snj } 796 1.3.2.2 snj 797 1.3.2.2 snj ioctl_setup() 798 1.3.2.2 snj { 799 1.3.2.2 snj local inner=$1 800 1.3.2.2 snj local outer=$2 801 1.3.2.2 snj local proto=$3 802 1.3.2.2 snj local algo=$4 803 1.3.2.2 snj 804 1.3.2.2 snj setup ${inner} ${outer} 805 1.3.2.2 snj test_setup ${inner} ${outer} 806 1.3.2.2 snj 807 1.3.2.2 snj # Enable once PR kern/49219 is fixed 808 1.3.2.2 snj #test_ping_failure 809 1.3.2.2 snj 810 1.3.2.2 snj setup_tunnel ${inner} ${outer} ${proto} ${algo} 811 1.3.2.2 snj setup_dummy_tunnel ${inner} ${outer} ${proto} ${algo} 812 1.3.2.2 snj sleep 1 813 1.3.2.2 snj test_setup_tunnel ${inner} 814 1.3.2.2 snj } 815 1.3.2.2 snj 816 1.3.2.2 snj ioctl_test() 817 1.3.2.2 snj { 818 1.3.2.2 snj local inner=$1 819 1.3.2.2 snj local outer=$2 820 1.3.2.2 snj 821 1.3.2.2 snj test_ping_success ${inner} 822 1.3.2.2 snj 823 1.3.2.2 snj test_change_tunnel_duplicate ${outer} 824 1.3.2.2 snj 825 1.3.2.2 snj teardown_dummy_tunnel 826 1.3.2.2 snj test_change_tunnel_success ${outer} 827 1.3.2.2 snj } 828 1.3.2.2 snj 829 1.3.2.2 snj ioctl_teardown() 830 1.3.2.2 snj { 831 1.3.2.2 snj local inner=$1 832 1.3.2.2 snj local outer=$2 # not use 833 1.3.2.2 snj 834 1.3.2.2 snj teardown_tunnel 835 1.3.2.2 snj test_ping_failure ${inner} 836 1.3.2.2 snj } 837 1.3.2.2 snj 838 1.3.2.2 snj recursive_setup() 839 1.3.2.2 snj { 840 1.3.2.2 snj local inner=$1 841 1.3.2.2 snj local outer=$2 842 1.3.2.2 snj local proto=$3 843 1.3.2.2 snj local algo=$4 844 1.3.2.2 snj 845 1.3.2.2 snj setup ${inner} ${outer} 846 1.3.2.2 snj test_setup ${inner} ${outer} 847 1.3.2.2 snj 848 1.3.2.2 snj # Enable once PR kern/49219 is fixed 849 1.3.2.2 snj #test_ping_failure 850 1.3.2.2 snj 851 1.3.2.2 snj setup_tunnel ${inner} ${outer} ${proto} ${algo} 852 1.3.2.2 snj setup_recursive_tunnels ${inner} ${proto} ${algo} 853 1.3.2.2 snj sleep 1 854 1.3.2.2 snj test_setup_tunnel ${inner} 855 1.3.2.2 snj } 856 1.3.2.2 snj 857 1.3.2.2 snj recursive_test() 858 1.3.2.2 snj { 859 1.3.2.2 snj local inner=$1 860 1.3.2.2 snj local outer=$2 # not use 861 1.3.2.2 snj 862 1.3.2.2 snj test_recursive_check ${inner} 863 1.3.2.2 snj } 864 1.3.2.2 snj 865 1.3.2.2 snj recursive_teardown() 866 1.3.2.2 snj { 867 1.3.2.2 snj local inner=$1 # not use 868 1.3.2.2 snj local outer=$2 # not use 869 1.3.2.2 snj 870 1.3.2.2 snj teardown_recursive_tunnels 871 1.3.2.2 snj teardown_tunnel 872 1.3.2.2 snj } 873 1.3.2.2 snj 874 1.3.2.2 snj add_test() 875 1.3.2.2 snj { 876 1.3.2.2 snj local category=$1 877 1.3.2.2 snj local desc=$2 878 1.3.2.2 snj local inner=$3 879 1.3.2.2 snj local outer=$4 880 1.3.2.2 snj local proto=$5 881 1.3.2.2 snj local algo=$6 882 1.3.2.2 snj local _algo=$(echo $algo | sed 's/-//g') 883 1.3.2.2 snj 884 1.3.2.2 snj name="ipsecif_${category}_${inner}over${outer}_${proto}_${_algo}" 885 1.3.2.2 snj fulldesc="Does ${inner} over ${outer} if_ipsec ${desc}" 886 1.3.2.2 snj 887 1.3.2.2 snj atf_test_case ${name} cleanup 888 1.3.2.2 snj eval "${name}_head() { 889 1.3.2.2 snj atf_set descr \"${fulldesc}\" 890 1.3.2.2 snj atf_set require.progs rump_server setkey 891 1.3.2.2 snj } 892 1.3.2.2 snj ${name}_body() { 893 1.3.2.2 snj ${category}_setup ${inner} ${outer} ${proto} ${algo} 894 1.3.2.2 snj ${category}_test ${inner} ${outer} 895 1.3.2.2 snj ${category}_teardown ${inner} ${outer} 896 1.3.2.2 snj rump_server_destroy_ifaces 897 1.3.2.2 snj } 898 1.3.2.2 snj ${name}_cleanup() { 899 1.3.2.2 snj \$DEBUG && dump 900 1.3.2.2 snj cleanup 901 1.3.2.2 snj }" 902 1.3.2.2 snj atf_add_test_case ${name} 903 1.3.2.2 snj } 904 1.3.2.2 snj 905 1.3.2.2 snj add_test_allproto() 906 1.3.2.2 snj { 907 1.3.2.2 snj local category=$1 908 1.3.2.2 snj local desc=$2 909 1.3.2.2 snj 910 1.3.2.2 snj for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do 911 1.3.2.2 snj add_test ${category} "${desc}" ipv4 ipv4 esp $algo 912 1.3.2.2 snj add_test ${category} "${desc}" ipv4 ipv6 esp $algo 913 1.3.2.2 snj add_test ${category} "${desc}" ipv6 ipv4 esp $algo 914 1.3.2.2 snj add_test ${category} "${desc}" ipv6 ipv6 esp $algo 915 1.3.2.2 snj done 916 1.3.2.2 snj 917 1.3.2.2 snj # ah does not support yet 918 1.3.2.2 snj } 919 1.3.2.2 snj 920 1.3.2.2 snj atf_init_test_cases() 921 1.3.2.2 snj { 922 1.3.2.2 snj add_test_allproto basic "basic tests" 923 1.3.2.2 snj add_test_allproto ioctl "ioctl tests" 924 1.3.2.2 snj add_test_allproto recursive "recursive check tests" 925 1.3.2.2 snj } 926
Indexes created Tue Sep 30 20:09:53 GMT 2025