t_ipsec.sh revision 1.9
1 1.9 knakahar # $NetBSD: t_ipsec.sh,v 1.9 2019/01/15 05:34:37 knakahara Exp $ 2 1.1 knakahar # 3 1.1 knakahar # Copyright (c) 2017 Internet Initiative Japan Inc. 4 1.1 knakahar # All rights reserved. 5 1.1 knakahar # 6 1.1 knakahar # Redistribution and use in source and binary forms, with or without 7 1.1 knakahar # modification, are permitted provided that the following conditions 8 1.1 knakahar # are met: 9 1.1 knakahar # 1. Redistributions of source code must retain the above copyright 10 1.1 knakahar # notice, this list of conditions and the following disclaimer. 11 1.1 knakahar # 2. Redistributions in binary form must reproduce the above copyright 12 1.1 knakahar # notice, this list of conditions and the following disclaimer in the 13 1.1 knakahar # documentation and/or other materials provided with the distribution. 14 1.1 knakahar # 15 1.1 knakahar # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1 knakahar # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1 knakahar # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1 knakahar # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1 knakahar # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1 knakahar # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1 knakahar # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1 knakahar # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1 knakahar # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1 knakahar # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1 knakahar # POSSIBILITY OF SUCH DAMAGE. 26 1.1 knakahar # 27 1.1 knakahar 28 1.1 knakahar SOCK1=unix://commsock1 # for ROUTER1 29 1.1 knakahar SOCK2=unix://commsock2 # for ROUTER2 30 1.1 knakahar ROUTER1_LANIP=192.168.1.1 31 1.1 knakahar ROUTER1_LANNET=192.168.1.0/24 32 1.1 knakahar ROUTER1_WANIP=10.0.0.1 33 1.1 knakahar ROUTER1_IPSECIP=172.16.1.1 34 1.1 knakahar ROUTER1_WANIP_DUMMY=10.0.0.11 35 1.1 knakahar ROUTER1_IPSECIP_DUMMY=172.16.11.1 36 1.1 knakahar ROUTER1_IPSECIP_RECURSIVE1=172.16.101.1 37 1.1 knakahar ROUTER1_IPSECIP_RECURSIVE2=172.16.201.1 38 1.1 knakahar ROUTER2_LANIP=192.168.2.1 39 1.1 knakahar ROUTER2_LANNET=192.168.2.0/24 40 1.1 knakahar ROUTER2_WANIP=10.0.0.2 41 1.1 knakahar ROUTER2_IPSECIP=172.16.2.1 42 1.1 knakahar ROUTER2_WANIP_DUMMY=10.0.0.12 43 1.1 knakahar ROUTER2_IPSECIP_DUMMY=172.16.12.1 44 1.1 knakahar ROUTER2_IPSECIP_RECURSIVE1=172.16.102.1 45 1.1 knakahar ROUTER2_IPSECIP_RECURSIVE2=172.16.202.1 46 1.1 knakahar 47 1.1 knakahar ROUTER1_LANIP6=fc00:1::1 48 1.1 knakahar ROUTER1_LANNET6=fc00:1::/64 49 1.1 knakahar ROUTER1_WANIP6=fc00::1 50 1.1 knakahar ROUTER1_IPSECIP6=fc00:3::1 51 1.1 knakahar ROUTER1_WANIP6_DUMMY=fc00::11 52 1.1 knakahar ROUTER1_IPSECIP6_DUMMY=fc00:13::1 53 1.1 knakahar ROUTER1_IPSECIP6_RECURSIVE1=fc00:103::1 54 1.1 knakahar ROUTER1_IPSECIP6_RECURSIVE2=fc00:203::1 55 1.1 knakahar ROUTER2_LANIP6=fc00:2::1 56 1.1 knakahar ROUTER2_LANNET6=fc00:2::/64 57 1.1 knakahar ROUTER2_WANIP6=fc00::2 58 1.1 knakahar ROUTER2_IPSECIP6=fc00:4::1 59 1.1 knakahar ROUTER2_WANIP6_DUMMY=fc00::12 60 1.1 knakahar ROUTER2_IPSECIP6_DUMMY=fc00:14::1 61 1.1 knakahar ROUTER2_IPSECIP6_RECURSIVE1=fc00:104::1 62 1.1 knakahar ROUTER2_IPSECIP6_RECURSIVE2=fc00:204::1 63 1.1 knakahar 64 1.1 knakahar DEBUG=${DEBUG:-false} 65 1.8 knakahar TIMEOUT=7 66 1.1 knakahar 67 1.3 ozaki atf_test_case ipsecif_create_destroy cleanup 68 1.3 ozaki ipsecif_create_destroy_head() 69 1.3 ozaki { 70 1.3 ozaki 71 1.3 ozaki atf_set "descr" "Test creating/destroying gif interfaces" 72 1.3 ozaki atf_set "require.progs" "rump_server" 73 1.3 ozaki } 74 1.3 ozaki 75 1.3 ozaki ipsecif_create_destroy_body() 76 1.3 ozaki { 77 1.3 ozaki 78 1.3 ozaki rump_server_start $SOCK1 ipsec 79 1.3 ozaki 80 1.3 ozaki test_create_destroy_common $SOCK1 ipsec0 81 1.3 ozaki } 82 1.3 ozaki 83 1.3 ozaki ipsecif_create_destroy_cleanup() 84 1.3 ozaki { 85 1.3 ozaki 86 1.3 ozaki $DEBUG && dump 87 1.3 ozaki cleanup 88 1.3 ozaki } 89 1.3 ozaki 90 1.1 knakahar setup_router() 91 1.1 knakahar { 92 1.1 knakahar local sock=${1} 93 1.1 knakahar local lan=${2} 94 1.1 knakahar local lan_mode=${3} 95 1.1 knakahar local wan=${4} 96 1.1 knakahar local wan_mode=${5} 97 1.1 knakahar 98 1.1 knakahar rump_server_add_iface $sock shmif0 bus0 99 1.1 knakahar rump_server_add_iface $sock shmif1 bus1 100 1.1 knakahar 101 1.1 knakahar export RUMP_SERVER=${sock} 102 1.9 knakahar 103 1.9 knakahar atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 104 1.9 knakahar atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 105 1.9 knakahar 106 1.1 knakahar if [ ${lan_mode} = "ipv6" ]; then 107 1.1 knakahar atf_check -s exit:0 rump.ifconfig shmif0 inet6 ${lan} 108 1.1 knakahar else 109 1.1 knakahar atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00 110 1.1 knakahar fi 111 1.1 knakahar atf_check -s exit:0 rump.ifconfig shmif0 up 112 1.5 knakahar $DEBUG && rump.ifconfig shmif0 113 1.1 knakahar 114 1.1 knakahar if [ ${wan_mode} = "ipv6" ]; then 115 1.1 knakahar atf_check -s exit:0 rump.ifconfig shmif1 inet6 ${wan} 116 1.1 knakahar else 117 1.1 knakahar atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000 118 1.1 knakahar fi 119 1.1 knakahar atf_check -s exit:0 rump.ifconfig shmif1 up 120 1.9 knakahar atf_check -s exit:0 rump.ifconfig -w 10 121 1.5 knakahar $DEBUG && rump.ifconfig shmif1 122 1.6 knakahar 123 1.1 knakahar unset RUMP_SERVER 124 1.1 knakahar } 125 1.1 knakahar 126 1.1 knakahar test_router() 127 1.1 knakahar { 128 1.1 knakahar local sock=${1} 129 1.1 knakahar local lan=${2} 130 1.1 knakahar local lan_mode=${3} 131 1.1 knakahar local wan=${4} 132 1.1 knakahar local wan_mode=${5} 133 1.1 knakahar 134 1.1 knakahar export RUMP_SERVER=${sock} 135 1.1 knakahar atf_check -s exit:0 -o match:shmif0 rump.ifconfig 136 1.1 knakahar if [ ${lan_mode} = "ipv6" ]; then 137 1.1 knakahar atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${lan} 138 1.1 knakahar else 139 1.1 knakahar atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan} 140 1.1 knakahar fi 141 1.1 knakahar 142 1.1 knakahar atf_check -s exit:0 -o match:shmif1 rump.ifconfig 143 1.1 knakahar if [ ${wan_mode} = "ipv6" ]; then 144 1.1 knakahar atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${wan} 145 1.1 knakahar else 146 1.1 knakahar atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan} 147 1.1 knakahar fi 148 1.1 knakahar unset RUMP_SERVER 149 1.1 knakahar } 150 1.1 knakahar 151 1.1 knakahar setup() 152 1.1 knakahar { 153 1.1 knakahar local inner=${1} 154 1.1 knakahar local outer=${2} 155 1.1 knakahar 156 1.1 knakahar rump_server_crypto_start $SOCK1 netipsec netinet6 ipsec 157 1.1 knakahar rump_server_crypto_start $SOCK2 netipsec netinet6 ipsec 158 1.1 knakahar 159 1.1 knakahar router1_lan="" 160 1.1 knakahar router1_lan_mode="" 161 1.1 knakahar router2_lan="" 162 1.1 knakahar router2_lan_mode="" 163 1.1 knakahar if [ ${inner} = "ipv6" ]; then 164 1.1 knakahar router1_lan=$ROUTER1_LANIP6 165 1.1 knakahar router1_lan_mode="ipv6" 166 1.1 knakahar router2_lan=$ROUTER2_LANIP6 167 1.1 knakahar router2_lan_mode="ipv6" 168 1.1 knakahar else 169 1.1 knakahar router1_lan=$ROUTER1_LANIP 170 1.1 knakahar router1_lan_mode="ipv4" 171 1.1 knakahar router2_lan=$ROUTER2_LANIP 172 1.1 knakahar router2_lan_mode="ipv4" 173 1.1 knakahar fi 174 1.1 knakahar 175 1.1 knakahar if [ ${outer} = "ipv6" ]; then 176 1.1 knakahar setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 177 1.1 knakahar $ROUTER1_WANIP6 ipv6 178 1.1 knakahar setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 179 1.1 knakahar $ROUTER2_WANIP6 ipv6 180 1.1 knakahar else 181 1.1 knakahar setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 182 1.1 knakahar $ROUTER1_WANIP ipv4 183 1.1 knakahar setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 184 1.1 knakahar $ROUTER2_WANIP ipv4 185 1.1 knakahar fi 186 1.1 knakahar } 187 1.1 knakahar 188 1.1 knakahar test_setup() 189 1.1 knakahar { 190 1.1 knakahar local inner=${1} 191 1.1 knakahar local outer=${2} 192 1.1 knakahar 193 1.1 knakahar local router1_lan="" 194 1.1 knakahar local router1_lan_mode="" 195 1.1 knakahar local router2_lan="" 196 1.1 knakahar local router2_lan_mode="" 197 1.1 knakahar if [ ${inner} = "ipv6" ]; then 198 1.1 knakahar router1_lan=$ROUTER1_LANIP6 199 1.1 knakahar router1_lan_mode="ipv6" 200 1.1 knakahar router2_lan=$ROUTER2_LANIP6 201 1.1 knakahar router2_lan_mode="ipv6" 202 1.1 knakahar else 203 1.1 knakahar router1_lan=$ROUTER1_LANIP 204 1.1 knakahar router1_lan_mode="ipv4" 205 1.1 knakahar router2_lan=$ROUTER2_LANIP 206 1.1 knakahar router2_lan_mode="ipv4" 207 1.1 knakahar fi 208 1.1 knakahar if [ ${outer} = "ipv6" ]; then 209 1.1 knakahar test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 210 1.1 knakahar $ROUTER1_WANIP6 ipv6 211 1.1 knakahar test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 212 1.1 knakahar $ROUTER2_WANIP6 ipv6 213 1.1 knakahar else 214 1.1 knakahar test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 215 1.1 knakahar $ROUTER1_WANIP ipv4 216 1.1 knakahar test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 217 1.1 knakahar $ROUTER2_WANIP ipv4 218 1.1 knakahar fi 219 1.1 knakahar } 220 1.1 knakahar 221 1.1 knakahar get_if_ipsec_unique() 222 1.1 knakahar { 223 1.1 knakahar local sock=${1} 224 1.1 knakahar local src=${2} 225 1.1 knakahar local proto=${3} 226 1.1 knakahar local unique="" 227 1.1 knakahar 228 1.1 knakahar export RUMP_SERVER=${sock} 229 1.1 knakahar unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'` 230 1.1 knakahar unset RUMP_SERVER 231 1.1 knakahar 232 1.1 knakahar echo $unique 233 1.1 knakahar } 234 1.1 knakahar 235 1.1 knakahar setup_if_ipsec() 236 1.1 knakahar { 237 1.1 knakahar local sock=${1} 238 1.1 knakahar local addr=${2} 239 1.1 knakahar local remote=${3} 240 1.1 knakahar local inner=${4} 241 1.1 knakahar local src=${5} 242 1.1 knakahar local dst=${6} 243 1.1 knakahar local peernet=${7} 244 1.1 knakahar 245 1.1 knakahar export RUMP_SERVER=${sock} 246 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec0 create 247 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec0 tunnel ${src} ${dst} 248 1.1 knakahar if [ ${inner} = "ipv6" ]; then 249 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec0 inet6 ${addr}/128 ${remote} 250 1.1 knakahar atf_check -s exit:0 -o ignore rump.route add -inet6 ${peernet} ${addr} 251 1.1 knakahar else 252 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 ${remote} 253 1.1 knakahar atf_check -s exit:0 -o ignore rump.route add -inet ${peernet} ${addr} 254 1.1 knakahar fi 255 1.1 knakahar 256 1.9 knakahar atf_check -s exit:0 rump.ifconfig -w 10 257 1.9 knakahar 258 1.5 knakahar $DEBUG && rump.ifconfig ipsec0 259 1.5 knakahar $DEBUG && rump.route -nL show 260 1.1 knakahar } 261 1.1 knakahar 262 1.1 knakahar setup_if_ipsec_sa() 263 1.1 knakahar { 264 1.1 knakahar local sock=${1} 265 1.1 knakahar local src=${2} 266 1.1 knakahar local dst=${3} 267 1.1 knakahar local mode=${4} 268 1.1 knakahar local proto=${5} 269 1.1 knakahar local algo=${6} 270 1.1 knakahar local dir=${7} 271 1.1 knakahar 272 1.1 knakahar local tmpfile=./tmp 273 1.1 knakahar local inunique="" 274 1.1 knakahar local outunique="" 275 1.1 knakahar local inid="" 276 1.1 knakahar local outid="" 277 1.1 knakahar local algo_args="$(generate_algo_args $proto $algo)" 278 1.1 knakahar 279 1.1 knakahar inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` 280 1.4 knakahar atf_check -s exit:0 test "X$inunique" != "X" 281 1.1 knakahar outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` 282 1.4 knakahar atf_check -s exit:0 test "X$outunique" != "X" 283 1.1 knakahar 284 1.1 knakahar if [ ${dir} = "1to2" ] ; then 285 1.1 knakahar if [ ${mode} = "ipv6" ] ; then 286 1.1 knakahar inid="10010" 287 1.1 knakahar outid="10011" 288 1.1 knakahar else 289 1.1 knakahar inid="10000" 290 1.1 knakahar outid="10001" 291 1.1 knakahar fi 292 1.1 knakahar else 293 1.1 knakahar if [ ${mode} = "ipv6" ] ; then 294 1.1 knakahar inid="10011" 295 1.1 knakahar outid="10010" 296 1.1 knakahar else 297 1.1 knakahar inid="10001" 298 1.1 knakahar outid="10000" 299 1.1 knakahar fi 300 1.1 knakahar fi 301 1.1 knakahar 302 1.1 knakahar cat > $tmpfile <<-EOF 303 1.1 knakahar add $dst $src $proto $inid -u $inunique $algo_args; 304 1.1 knakahar add $src $dst $proto $outid -u $outunique $algo_args; 305 1.1 knakahar EOF 306 1.1 knakahar $DEBUG && cat $tmpfile 307 1.1 knakahar export RUMP_SERVER=$sock 308 1.1 knakahar atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 309 1.1 knakahar $DEBUG && $HIJACKING setkey -D 310 1.1 knakahar $DEBUG && $HIJACKING setkey -DP 311 1.1 knakahar unset RUMP_SERVER 312 1.1 knakahar } 313 1.1 knakahar 314 1.1 knakahar setup_tunnel() 315 1.1 knakahar { 316 1.1 knakahar local inner=${1} 317 1.1 knakahar local outer=${2} 318 1.1 knakahar local proto=${3} 319 1.1 knakahar local algo=${4} 320 1.1 knakahar 321 1.1 knakahar local addr="" 322 1.1 knakahar local remote="" 323 1.1 knakahar local src="" 324 1.1 knakahar local dst="" 325 1.1 knakahar local peernet="" 326 1.1 knakahar 327 1.1 knakahar if [ ${inner} = "ipv6" ]; then 328 1.1 knakahar addr=$ROUTER1_IPSECIP6 329 1.1 knakahar remote=$ROUTER2_IPSECIP6 330 1.1 knakahar peernet=$ROUTER2_LANNET6 331 1.1 knakahar else 332 1.1 knakahar addr=$ROUTER1_IPSECIP 333 1.1 knakahar remote=$ROUTER2_IPSECIP 334 1.1 knakahar peernet=$ROUTER2_LANNET 335 1.1 knakahar fi 336 1.1 knakahar if [ ${outer} = "ipv6" ]; then 337 1.1 knakahar src=$ROUTER1_WANIP6 338 1.1 knakahar dst=$ROUTER2_WANIP6 339 1.1 knakahar else 340 1.1 knakahar src=$ROUTER1_WANIP 341 1.1 knakahar dst=$ROUTER2_WANIP 342 1.1 knakahar fi 343 1.1 knakahar setup_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ 344 1.1 knakahar ${src} ${dst} ${peernet} 345 1.1 knakahar 346 1.1 knakahar if [ $inner = "ipv6" -a $outer = "ipv4" ]; then 347 1.1 knakahar setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${outer} ${proto} ${algo} "1to2" 348 1.1 knakahar fi 349 1.1 knakahar setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" 350 1.1 knakahar 351 1.1 knakahar if [ $inner = "ipv6" ]; then 352 1.1 knakahar addr=$ROUTER2_IPSECIP6 353 1.1 knakahar remote=$ROUTER1_IPSECIP6 354 1.1 knakahar peernet=$ROUTER1_LANNET6 355 1.1 knakahar else 356 1.1 knakahar addr=$ROUTER2_IPSECIP 357 1.1 knakahar remote=$ROUTER1_IPSECIP 358 1.1 knakahar peernet=$ROUTER1_LANNET 359 1.1 knakahar fi 360 1.1 knakahar if [ $outer = "ipv6" ]; then 361 1.1 knakahar src=$ROUTER2_WANIP6 362 1.1 knakahar dst=$ROUTER1_WANIP6 363 1.1 knakahar else 364 1.1 knakahar src=$ROUTER2_WANIP 365 1.1 knakahar dst=$ROUTER1_WANIP 366 1.1 knakahar fi 367 1.1 knakahar setup_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ 368 1.1 knakahar ${src} ${dst} ${peernet} ${proto} ${algo} 369 1.1 knakahar if [ $inner = "ipv6" -a $outer = "ipv4" ]; then 370 1.1 knakahar setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${outer} ${proto} ${algo} "2to1" 371 1.1 knakahar fi 372 1.1 knakahar setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" 373 1.1 knakahar } 374 1.1 knakahar 375 1.1 knakahar test_setup_tunnel() 376 1.1 knakahar { 377 1.1 knakahar local mode=${1} 378 1.1 knakahar 379 1.1 knakahar local peernet="" 380 1.1 knakahar local opt="" 381 1.1 knakahar if [ ${mode} = "ipv6" ]; then 382 1.1 knakahar peernet=$ROUTER2_LANNET6 383 1.1 knakahar opt="-inet6" 384 1.1 knakahar else 385 1.1 knakahar peernet=$ROUTER2_LANNET 386 1.1 knakahar opt="-inet" 387 1.1 knakahar fi 388 1.1 knakahar export RUMP_SERVER=$SOCK1 389 1.1 knakahar atf_check -s exit:0 -o match:ipsec0 rump.ifconfig 390 1.1 knakahar atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} 391 1.1 knakahar 392 1.1 knakahar if [ ${mode} = "ipv6" ]; then 393 1.1 knakahar peernet=$ROUTER1_LANNET6 394 1.1 knakahar opt="-inet6" 395 1.1 knakahar else 396 1.1 knakahar peernet=$ROUTER1_LANNET 397 1.1 knakahar opt="-inet" 398 1.1 knakahar fi 399 1.1 knakahar export RUMP_SERVER=$SOCK2 400 1.1 knakahar atf_check -s exit:0 -o match:ipsec0 rump.ifconfig 401 1.1 knakahar atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} 402 1.1 knakahar } 403 1.1 knakahar 404 1.1 knakahar teardown_tunnel() 405 1.1 knakahar { 406 1.1 knakahar export RUMP_SERVER=$SOCK1 407 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel 408 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec0 destroy 409 1.1 knakahar $HIJACKING setkey -F 410 1.1 knakahar 411 1.1 knakahar export RUMP_SERVER=$SOCK2 412 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel 413 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec0 destroy 414 1.1 knakahar $HIJACKING setkey -F 415 1.1 knakahar 416 1.1 knakahar unset RUMP_SERVER 417 1.1 knakahar } 418 1.1 knakahar 419 1.1 knakahar setup_dummy_if_ipsec() 420 1.1 knakahar { 421 1.1 knakahar local sock=${1} 422 1.1 knakahar local addr=${2} 423 1.1 knakahar local remote=${3} 424 1.1 knakahar local inner=${4} 425 1.1 knakahar local src=${5} 426 1.1 knakahar local dst=${6} 427 1.1 knakahar 428 1.1 knakahar export RUMP_SERVER=${sock} 429 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 create 430 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 tunnel ${src} ${dst} 431 1.1 knakahar if [ ${inner} = "ipv6" ]; then 432 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 inet6 ${addr}/128 ${remote} 433 1.1 knakahar else 434 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 inet ${addr}/32 ${remote} 435 1.1 knakahar fi 436 1.9 knakahar atf_check -s exit:0 rump.ifconfig -w 10 437 1.1 knakahar 438 1.5 knakahar $DEBUG && rump.ifconfig ipsec1 439 1.1 knakahar unset RUMP_SERVER 440 1.1 knakahar } 441 1.1 knakahar 442 1.1 knakahar setup_dummy_if_ipsec_sa() 443 1.1 knakahar { 444 1.1 knakahar local sock=${1} 445 1.1 knakahar local src=${2} 446 1.1 knakahar local dst=${3} 447 1.1 knakahar local mode=${4} 448 1.1 knakahar local proto=${5} 449 1.1 knakahar local algo=${6} 450 1.1 knakahar local dir=${7} 451 1.1 knakahar 452 1.1 knakahar local tmpfile=./tmp 453 1.1 knakahar local inunique="" 454 1.1 knakahar local outunique="" 455 1.1 knakahar local inid="" 456 1.1 knakahar local outid="" 457 1.1 knakahar local algo_args="$(generate_algo_args $proto $algo)" 458 1.1 knakahar 459 1.1 knakahar inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` 460 1.4 knakahar atf_check -s exit:0 test "X$inunique" != "X" 461 1.1 knakahar outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` 462 1.4 knakahar atf_check -s exit:0 test "X$outunique" != "X" 463 1.1 knakahar 464 1.1 knakahar if [ ${dir} = "1to2" ] ; then 465 1.1 knakahar inid="20000" 466 1.1 knakahar outid="20001" 467 1.1 knakahar else 468 1.1 knakahar inid="20001" 469 1.1 knakahar outid="20000" 470 1.1 knakahar fi 471 1.1 knakahar 472 1.1 knakahar cat > $tmpfile <<-EOF 473 1.1 knakahar add $dst $src $proto $inid -u $inunique $algo_args; 474 1.1 knakahar add $src $dst $proto $outid -u $outunique $algo_args; 475 1.1 knakahar EOF 476 1.1 knakahar $DEBUG && cat $tmpfile 477 1.1 knakahar export RUMP_SERVER=$sock 478 1.1 knakahar atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 479 1.1 knakahar $DEBUG && $HIJACKING setkey -D 480 1.1 knakahar $DEBUG && $HIJACKING setkey -DP 481 1.1 knakahar unset RUMP_SERVER 482 1.1 knakahar } 483 1.1 knakahar 484 1.1 knakahar setup_dummy_tunnel() 485 1.1 knakahar { 486 1.1 knakahar local inner=${1} 487 1.1 knakahar local outer=${2} 488 1.1 knakahar local proto=${3} 489 1.1 knakahar local algo=${4} 490 1.1 knakahar 491 1.1 knakahar local addr="" 492 1.1 knakahar local remote="" 493 1.1 knakahar local src="" 494 1.1 knakahar local dst="" 495 1.1 knakahar 496 1.1 knakahar if [ ${inner} = "ipv6" ]; then 497 1.1 knakahar addr=$ROUTER1_IPSECIP6_DUMMY 498 1.1 knakahar remote=$ROUTER2_IPSECIP6_DUMMY 499 1.1 knakahar else 500 1.1 knakahar addr=$ROUTER1_IPSECIP_DUMMY 501 1.1 knakahar remote=$ROUTER2_IPSECIP_DUMMY 502 1.1 knakahar fi 503 1.1 knakahar if [ ${outer} = "ipv6" ]; then 504 1.1 knakahar src=$ROUTER1_WANIP6_DUMMY 505 1.1 knakahar dst=$ROUTER2_WANIP6_DUMMY 506 1.1 knakahar else 507 1.1 knakahar src=$ROUTER1_WANIP_DUMMY 508 1.1 knakahar dst=$ROUTER2_WANIP_DUMMY 509 1.1 knakahar fi 510 1.1 knakahar setup_dummy_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ 511 1.1 knakahar ${src} ${dst} ${proto} ${algo} "1to2" 512 1.1 knakahar setup_dummy_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" 513 1.1 knakahar 514 1.1 knakahar if [ $inner = "ipv6" ]; then 515 1.1 knakahar addr=$ROUTER2_IPSECIP6_DUMMY 516 1.1 knakahar remote=$ROUTER1_IPSECIP6_DUMMY 517 1.1 knakahar else 518 1.1 knakahar addr=$ROUTER2_IPSECIP_DUMMY 519 1.1 knakahar remote=$ROUTER1_IPSECIP_DUMMY 520 1.1 knakahar fi 521 1.1 knakahar if [ $outer = "ipv6" ]; then 522 1.1 knakahar src=$ROUTER2_WANIP6_DUMMY 523 1.1 knakahar dst=$ROUTER1_WANIP6_DUMMY 524 1.1 knakahar else 525 1.1 knakahar src=$ROUTER2_WANIP_DUMMY 526 1.1 knakahar dst=$ROUTER1_WANIP_DUMMY 527 1.1 knakahar fi 528 1.1 knakahar setup_dummy_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ 529 1.1 knakahar ${src} ${dst} ${proto} ${algo} "2to1" 530 1.1 knakahar setup_dummy_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" 531 1.1 knakahar } 532 1.1 knakahar 533 1.1 knakahar test_setup_dummy_tunnel() 534 1.1 knakahar { 535 1.1 knakahar export RUMP_SERVER=$SOCK1 536 1.1 knakahar atf_check -s exit:0 -o match:ipsec1 rump.ifconfig 537 1.1 knakahar 538 1.1 knakahar export RUMP_SERVER=$SOCK2 539 1.1 knakahar atf_check -s exit:0 -o match:ipsec1 rump.ifconfig 540 1.1 knakahar 541 1.1 knakahar unset RUMP_SERVER 542 1.1 knakahar } 543 1.1 knakahar 544 1.1 knakahar teardown_dummy_tunnel() 545 1.1 knakahar { 546 1.1 knakahar export RUMP_SERVER=$SOCK1 547 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel 548 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 destroy 549 1.1 knakahar 550 1.1 knakahar export RUMP_SERVER=$SOCK2 551 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel 552 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 destroy 553 1.1 knakahar 554 1.1 knakahar unset RUMP_SERVER 555 1.1 knakahar } 556 1.1 knakahar 557 1.1 knakahar setup_recursive_if_ipsec() 558 1.1 knakahar { 559 1.1 knakahar local sock=${1} 560 1.1 knakahar local ipsec=${2} 561 1.1 knakahar local addr=${3} 562 1.1 knakahar local remote=${4} 563 1.1 knakahar local inner=${5} 564 1.1 knakahar local src=${6} 565 1.1 knakahar local dst=${7} 566 1.1 knakahar local proto=${8} 567 1.1 knakahar local algo=${9} 568 1.1 knakahar local dir=${10} 569 1.1 knakahar 570 1.1 knakahar export RUMP_SERVER=${sock} 571 1.1 knakahar atf_check -s exit:0 rump.ifconfig ${ipsec} create 572 1.1 knakahar atf_check -s exit:0 rump.ifconfig ${ipsec} tunnel ${src} ${dst} 573 1.1 knakahar if [ ${inner} = "ipv6" ]; then 574 1.1 knakahar atf_check -s exit:0 rump.ifconfig ${ipsec} inet6 ${addr}/128 ${remote} 575 1.1 knakahar else 576 1.1 knakahar atf_check -s exit:0 rump.ifconfig ${ipsec} inet ${addr}/32 ${remote} 577 1.1 knakahar fi 578 1.9 knakahar atf_check -s exit:0 rump.ifconfig -w 10 579 1.1 knakahar setup_if_ipsec_sa $sock ${src} ${dst} ${inner} ${proto} ${algo} ${dir} 580 1.1 knakahar 581 1.1 knakahar export RUMP_SERVER=${sock} 582 1.5 knakahar $DEBUG && rump.ifconfig ${ipsec} 583 1.1 knakahar unset RUMP_SERVER 584 1.1 knakahar } 585 1.1 knakahar 586 1.1 knakahar # test in ROUTER1 only 587 1.1 knakahar setup_recursive_tunnels() 588 1.1 knakahar { 589 1.1 knakahar local mode=${1} 590 1.1 knakahar local proto=${2} 591 1.1 knakahar local algo=${3} 592 1.1 knakahar 593 1.1 knakahar local addr="" 594 1.1 knakahar local remote="" 595 1.1 knakahar local src="" 596 1.1 knakahar local dst="" 597 1.1 knakahar 598 1.1 knakahar if [ ${mode} = "ipv6" ]; then 599 1.1 knakahar addr=$ROUTER1_IPSECIP6_RECURSIVE1 600 1.1 knakahar remote=$ROUTER2_IPSECIP6_RECURSIVE1 601 1.1 knakahar src=$ROUTER1_IPSECIP6 602 1.1 knakahar dst=$ROUTER2_IPSECIP6 603 1.1 knakahar else 604 1.1 knakahar addr=$ROUTER1_IPSECIP_RECURSIVE1 605 1.1 knakahar remote=$ROUTER2_IPSECIP_RECURSIVE1 606 1.1 knakahar src=$ROUTER1_IPSECIP 607 1.1 knakahar dst=$ROUTER2_IPSECIP 608 1.1 knakahar fi 609 1.1 knakahar setup_recursive_if_ipsec $SOCK1 ipsec1 ${addr} ${remote} ${mode} \ 610 1.1 knakahar ${src} ${dst} ${proto} ${algo} "1to2" 611 1.1 knakahar 612 1.1 knakahar if [ ${mode} = "ipv6" ]; then 613 1.1 knakahar addr=$ROUTER1_IPSECIP6_RECURSIVE2 614 1.1 knakahar remote=$ROUTER2_IPSECIP6_RECURSIVE2 615 1.1 knakahar src=$ROUTER1_IPSECIP6_RECURSIVE1 616 1.1 knakahar dst=$ROUTER2_IPSECIP6_RECURSIVE1 617 1.1 knakahar else 618 1.1 knakahar addr=$ROUTER1_IPSECIP_RECURSIVE2 619 1.1 knakahar remote=$ROUTER2_IPSECIP_RECURSIVE2 620 1.1 knakahar src=$ROUTER1_IPSECIP_RECURSIVE1 621 1.1 knakahar dst=$ROUTER2_IPSECIP_RECURSIVE1 622 1.1 knakahar fi 623 1.1 knakahar setup_recursive_if_ipsec $SOCK1 ipsec2 ${addr} ${remote} ${mode} \ 624 1.1 knakahar ${src} ${dst} ${proto} ${algo} "1to2" 625 1.1 knakahar } 626 1.1 knakahar 627 1.1 knakahar # test in router1 only 628 1.1 knakahar test_recursive_check() 629 1.1 knakahar { 630 1.1 knakahar local mode=$1 631 1.1 knakahar 632 1.1 knakahar export RUMP_SERVER=$SOCK1 633 1.1 knakahar if [ ${mode} = "ipv6" ]; then 634 1.1 knakahar atf_check -s not-exit:0 -o ignore -e ignore \ 635 1.1 knakahar rump.ping6 -n -X $TIMEOUT -c 1 $ROUTER2_IPSECIP6_RECURSIVE2 636 1.1 knakahar else 637 1.1 knakahar atf_check -s not-exit:0 -o ignore -e ignore \ 638 1.1 knakahar rump.ping -n -w $TIMEOUT -c 1 $ROUTER2_IPSECIP_RECURSIVE2 639 1.1 knakahar fi 640 1.1 knakahar 641 1.1 knakahar atf_check -o match:'ipsec0: recursively called too many times' \ 642 1.1 knakahar -x "$HIJACKING dmesg" 643 1.1 knakahar 644 1.1 knakahar $HIJACKING dmesg 645 1.1 knakahar 646 1.1 knakahar unset RUMP_SERVER 647 1.1 knakahar } 648 1.1 knakahar 649 1.1 knakahar teardown_recursive_tunnels() 650 1.1 knakahar { 651 1.1 knakahar export RUMP_SERVER=$SOCK1 652 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel 653 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec1 destroy 654 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec2 deletetunnel 655 1.1 knakahar atf_check -s exit:0 rump.ifconfig ipsec2 destroy 656 1.1 knakahar unset RUMP_SERVER 657 1.1 knakahar } 658 1.1 knakahar 659 1.1 knakahar test_ping_failure() 660 1.1 knakahar { 661 1.1 knakahar local mode=$1 662 1.1 knakahar 663 1.1 knakahar export RUMP_SERVER=$SOCK1 664 1.1 knakahar if [ ${mode} = "ipv6" ]; then 665 1.1 knakahar atf_check -s not-exit:0 -o ignore -e ignore \ 666 1.1 knakahar rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ 667 1.1 knakahar $ROUTER2_LANIP6 668 1.1 knakahar else 669 1.1 knakahar atf_check -s not-exit:0 -o ignore -e ignore \ 670 1.1 knakahar rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 671 1.1 knakahar $ROUTER2_LANIP 672 1.1 knakahar fi 673 1.1 knakahar 674 1.1 knakahar export RUMP_SERVER=$SOCK2 675 1.1 knakahar if [ ${mode} = "ipv6" ]; then 676 1.1 knakahar atf_check -s not-exit:0 -o ignore -e ignore \ 677 1.1 knakahar rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ 678 1.1 knakahar $ROUTER1_LANIP6 679 1.1 knakahar else 680 1.1 knakahar atf_check -s not-exit:0 -o ignore -e ignore \ 681 1.1 knakahar rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 682 1.1 knakahar $ROUTER2_LANIP 683 1.1 knakahar fi 684 1.1 knakahar 685 1.1 knakahar unset RUMP_SERVER 686 1.1 knakahar } 687 1.1 knakahar 688 1.1 knakahar test_ping_success() 689 1.1 knakahar { 690 1.1 knakahar mode=$1 691 1.1 knakahar 692 1.1 knakahar export RUMP_SERVER=$SOCK1 693 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 694 1.1 knakahar if [ ${mode} = "ipv6" ]; then 695 1.1 knakahar # XXX 696 1.1 knakahar # rump.ping6 rarely fails with the message that 697 1.1 knakahar # "failed to get receiving hop limit". 698 1.1 knakahar # This is a known issue being analyzed. 699 1.1 knakahar atf_check -s exit:0 -o ignore \ 700 1.1 knakahar rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ 701 1.1 knakahar $ROUTER2_LANIP6 702 1.1 knakahar else 703 1.1 knakahar atf_check -s exit:0 -o ignore \ 704 1.1 knakahar rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 705 1.1 knakahar $ROUTER2_LANIP 706 1.1 knakahar fi 707 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 708 1.1 knakahar 709 1.1 knakahar export RUMP_SERVER=$SOCK2 710 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 711 1.1 knakahar if [ ${mode} = "ipv6" ]; then 712 1.1 knakahar atf_check -s exit:0 -o ignore \ 713 1.1 knakahar rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ 714 1.1 knakahar $ROUTER1_LANIP6 715 1.1 knakahar else 716 1.1 knakahar atf_check -s exit:0 -o ignore \ 717 1.1 knakahar rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ 718 1.1 knakahar $ROUTER1_LANIP 719 1.1 knakahar fi 720 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 721 1.1 knakahar 722 1.1 knakahar unset RUMP_SERVER 723 1.1 knakahar } 724 1.1 knakahar 725 1.1 knakahar test_change_tunnel_duplicate() 726 1.1 knakahar { 727 1.1 knakahar local mode=$1 728 1.1 knakahar 729 1.1 knakahar local newsrc="" 730 1.1 knakahar local newdst="" 731 1.1 knakahar if [ ${mode} = "ipv6" ]; then 732 1.1 knakahar newsrc=$ROUTER1_WANIP6_DUMMY 733 1.1 knakahar newdst=$ROUTER2_WANIP6_DUMMY 734 1.1 knakahar else 735 1.1 knakahar newsrc=$ROUTER1_WANIP_DUMMY 736 1.1 knakahar newdst=$ROUTER2_WANIP_DUMMY 737 1.1 knakahar fi 738 1.1 knakahar export RUMP_SERVER=$SOCK1 739 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 740 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec1 741 1.1 knakahar atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ 742 1.1 knakahar rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 743 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 744 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec1 745 1.1 knakahar 746 1.1 knakahar if [ ${mode} = "ipv6" ]; then 747 1.1 knakahar newsrc=$ROUTER2_WANIP6_DUMMY 748 1.1 knakahar newdst=$ROUTER1_WANIP6_DUMMY 749 1.1 knakahar else 750 1.1 knakahar newsrc=$ROUTER2_WANIP_DUMMY 751 1.1 knakahar newdst=$ROUTER1_WANIP_DUMMY 752 1.1 knakahar fi 753 1.1 knakahar export RUMP_SERVER=$SOCK2 754 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 755 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec1 756 1.1 knakahar atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ 757 1.1 knakahar rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 758 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 759 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec1 760 1.1 knakahar 761 1.1 knakahar unset RUMP_SERVER 762 1.1 knakahar } 763 1.1 knakahar 764 1.1 knakahar test_change_tunnel_success() 765 1.1 knakahar { 766 1.1 knakahar local mode=$1 767 1.1 knakahar 768 1.1 knakahar local newsrc="" 769 1.1 knakahar local newdst="" 770 1.1 knakahar if [ ${mode} = "ipv6" ]; then 771 1.1 knakahar newsrc=$ROUTER1_WANIP6_DUMMY 772 1.1 knakahar newdst=$ROUTER2_WANIP6_DUMMY 773 1.1 knakahar else 774 1.1 knakahar newsrc=$ROUTER1_WANIP_DUMMY 775 1.1 knakahar newdst=$ROUTER2_WANIP_DUMMY 776 1.1 knakahar fi 777 1.1 knakahar export RUMP_SERVER=$SOCK1 778 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 779 1.1 knakahar atf_check -s exit:0 \ 780 1.1 knakahar rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 781 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 782 1.1 knakahar 783 1.1 knakahar if [ ${mode} = "ipv6" ]; then 784 1.1 knakahar newsrc=$ROUTER2_WANIP6_DUMMY 785 1.1 knakahar newdst=$ROUTER1_WANIP6_DUMMY 786 1.1 knakahar else 787 1.1 knakahar newsrc=$ROUTER2_WANIP_DUMMY 788 1.1 knakahar newdst=$ROUTER1_WANIP_DUMMY 789 1.1 knakahar fi 790 1.1 knakahar export RUMP_SERVER=$SOCK2 791 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 792 1.1 knakahar atf_check -s exit:0 \ 793 1.1 knakahar rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 794 1.5 knakahar $DEBUG && rump.ifconfig -v ipsec0 795 1.1 knakahar 796 1.1 knakahar unset RUMP_SERVER 797 1.1 knakahar } 798 1.1 knakahar 799 1.1 knakahar basic_setup() 800 1.1 knakahar { 801 1.1 knakahar local inner=$1 802 1.1 knakahar local outer=$2 803 1.1 knakahar local proto=$3 804 1.1 knakahar local algo=$4 805 1.1 knakahar 806 1.1 knakahar setup ${inner} ${outer} 807 1.1 knakahar test_setup ${inner} ${outer} 808 1.1 knakahar 809 1.1 knakahar # Enable once PR kern/49219 is fixed 810 1.1 knakahar #test_ping_failure 811 1.1 knakahar 812 1.1 knakahar setup_tunnel ${inner} ${outer} ${proto} ${algo} 813 1.1 knakahar sleep 1 814 1.1 knakahar test_setup_tunnel ${inner} 815 1.1 knakahar } 816 1.1 knakahar 817 1.1 knakahar basic_test() 818 1.1 knakahar { 819 1.1 knakahar local inner=$1 820 1.1 knakahar local outer=$2 # not use 821 1.1 knakahar 822 1.1 knakahar test_ping_success ${inner} 823 1.1 knakahar } 824 1.1 knakahar 825 1.1 knakahar basic_teardown() 826 1.1 knakahar { 827 1.1 knakahar local inner=$1 828 1.1 knakahar local outer=$2 # not use 829 1.1 knakahar 830 1.1 knakahar teardown_tunnel 831 1.1 knakahar test_ping_failure ${inner} 832 1.1 knakahar } 833 1.1 knakahar 834 1.1 knakahar ioctl_setup() 835 1.1 knakahar { 836 1.1 knakahar local inner=$1 837 1.1 knakahar local outer=$2 838 1.1 knakahar local proto=$3 839 1.1 knakahar local algo=$4 840 1.1 knakahar 841 1.1 knakahar setup ${inner} ${outer} 842 1.1 knakahar test_setup ${inner} ${outer} 843 1.1 knakahar 844 1.1 knakahar # Enable once PR kern/49219 is fixed 845 1.1 knakahar #test_ping_failure 846 1.1 knakahar 847 1.1 knakahar setup_tunnel ${inner} ${outer} ${proto} ${algo} 848 1.1 knakahar setup_dummy_tunnel ${inner} ${outer} ${proto} ${algo} 849 1.1 knakahar sleep 1 850 1.1 knakahar test_setup_tunnel ${inner} 851 1.1 knakahar } 852 1.1 knakahar 853 1.1 knakahar ioctl_test() 854 1.1 knakahar { 855 1.1 knakahar local inner=$1 856 1.1 knakahar local outer=$2 857 1.1 knakahar 858 1.1 knakahar test_ping_success ${inner} 859 1.1 knakahar 860 1.1 knakahar test_change_tunnel_duplicate ${outer} 861 1.1 knakahar 862 1.1 knakahar teardown_dummy_tunnel 863 1.1 knakahar test_change_tunnel_success ${outer} 864 1.1 knakahar } 865 1.1 knakahar 866 1.1 knakahar ioctl_teardown() 867 1.1 knakahar { 868 1.1 knakahar local inner=$1 869 1.1 knakahar local outer=$2 # not use 870 1.1 knakahar 871 1.1 knakahar teardown_tunnel 872 1.1 knakahar test_ping_failure ${inner} 873 1.1 knakahar } 874 1.1 knakahar 875 1.1 knakahar recursive_setup() 876 1.1 knakahar { 877 1.1 knakahar local inner=$1 878 1.1 knakahar local outer=$2 879 1.1 knakahar local proto=$3 880 1.1 knakahar local algo=$4 881 1.1 knakahar 882 1.1 knakahar setup ${inner} ${outer} 883 1.1 knakahar test_setup ${inner} ${outer} 884 1.1 knakahar 885 1.1 knakahar # Enable once PR kern/49219 is fixed 886 1.1 knakahar #test_ping_failure 887 1.1 knakahar 888 1.1 knakahar setup_tunnel ${inner} ${outer} ${proto} ${algo} 889 1.1 knakahar setup_recursive_tunnels ${inner} ${proto} ${algo} 890 1.1 knakahar sleep 1 891 1.1 knakahar test_setup_tunnel ${inner} 892 1.1 knakahar } 893 1.1 knakahar 894 1.1 knakahar recursive_test() 895 1.1 knakahar { 896 1.1 knakahar local inner=$1 897 1.1 knakahar local outer=$2 # not use 898 1.1 knakahar 899 1.1 knakahar test_recursive_check ${inner} 900 1.1 knakahar } 901 1.1 knakahar 902 1.1 knakahar recursive_teardown() 903 1.1 knakahar { 904 1.1 knakahar local inner=$1 # not use 905 1.1 knakahar local outer=$2 # not use 906 1.1 knakahar 907 1.1 knakahar teardown_recursive_tunnels 908 1.1 knakahar teardown_tunnel 909 1.1 knakahar } 910 1.1 knakahar 911 1.1 knakahar add_test() 912 1.1 knakahar { 913 1.1 knakahar local category=$1 914 1.1 knakahar local desc=$2 915 1.1 knakahar local inner=$3 916 1.1 knakahar local outer=$4 917 1.1 knakahar local proto=$5 918 1.1 knakahar local algo=$6 919 1.1 knakahar local _algo=$(echo $algo | sed 's/-//g') 920 1.1 knakahar 921 1.2 ozaki name="ipsecif_${category}_${inner}over${outer}_${proto}_${_algo}" 922 1.1 knakahar fulldesc="Does ${inner} over ${outer} if_ipsec ${desc}" 923 1.1 knakahar 924 1.1 knakahar atf_test_case ${name} cleanup 925 1.1 knakahar eval "${name}_head() { 926 1.1 knakahar atf_set descr \"${fulldesc}\" 927 1.1 knakahar atf_set require.progs rump_server setkey 928 1.1 knakahar } 929 1.1 knakahar ${name}_body() { 930 1.1 knakahar ${category}_setup ${inner} ${outer} ${proto} ${algo} 931 1.1 knakahar ${category}_test ${inner} ${outer} 932 1.1 knakahar ${category}_teardown ${inner} ${outer} 933 1.1 knakahar rump_server_destroy_ifaces 934 1.1 knakahar } 935 1.1 knakahar ${name}_cleanup() { 936 1.1 knakahar \$DEBUG && dump 937 1.1 knakahar cleanup 938 1.1 knakahar }" 939 1.1 knakahar atf_add_test_case ${name} 940 1.1 knakahar } 941 1.1 knakahar 942 1.1 knakahar add_test_allproto() 943 1.1 knakahar { 944 1.1 knakahar local category=$1 945 1.1 knakahar local desc=$2 946 1.1 knakahar 947 1.1 knakahar for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do 948 1.1 knakahar add_test ${category} "${desc}" ipv4 ipv4 esp $algo 949 1.1 knakahar add_test ${category} "${desc}" ipv4 ipv6 esp $algo 950 1.1 knakahar add_test ${category} "${desc}" ipv6 ipv4 esp $algo 951 1.1 knakahar add_test ${category} "${desc}" ipv6 ipv6 esp $algo 952 1.1 knakahar done 953 1.1 knakahar 954 1.1 knakahar # ah does not support yet 955 1.1 knakahar } 956 1.1 knakahar 957 1.1 knakahar atf_init_test_cases() 958 1.1 knakahar { 959 1.3 ozaki 960 1.3 ozaki atf_add_test_case ipsecif_create_destroy 961 1.3 ozaki 962 1.1 knakahar add_test_allproto basic "basic tests" 963 1.1 knakahar add_test_allproto ioctl "ioctl tests" 964 1.1 knakahar add_test_allproto recursive "recursive check tests" 965 1.1 knakahar } 966
Indexes created Sat Sep 27 21:09:56 GMT 2025