t_ipsec_pfil.sh revision 1.1.2.2
1 1.1.2.2 pgoyette # $NetBSD: t_ipsec_pfil.sh,v 1.1.2.2 2019/01/18 08:51:00 pgoyette Exp $ 2 1.1.2.2 pgoyette # 3 1.1.2.2 pgoyette # Copyright (c) 2019 Internet Initiative Japan Inc. 4 1.1.2.2 pgoyette # All rights reserved. 5 1.1.2.2 pgoyette # 6 1.1.2.2 pgoyette # Redistribution and use in source and binary forms, with or without 7 1.1.2.2 pgoyette # modification, are permitted provided that the following conditions 8 1.1.2.2 pgoyette # are met: 9 1.1.2.2 pgoyette # 1. Redistributions of source code must retain the above copyright 10 1.1.2.2 pgoyette # notice, this list of conditions and the following disclaimer. 11 1.1.2.2 pgoyette # 2. Redistributions in binary form must reproduce the above copyright 12 1.1.2.2 pgoyette # notice, this list of conditions and the following disclaimer in the 13 1.1.2.2 pgoyette # documentation and/or other materials provided with the distribution. 14 1.1.2.2 pgoyette # 15 1.1.2.2 pgoyette # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1.2.2 pgoyette # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1.2.2 pgoyette # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1.2.2 pgoyette # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1.2.2 pgoyette # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1.2.2 pgoyette # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1.2.2 pgoyette # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1.2.2 pgoyette # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1.2.2 pgoyette # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1.2.2 pgoyette # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1.2.2 pgoyette # POSSIBILITY OF SUCH DAMAGE. 26 1.1.2.2 pgoyette # 27 1.1.2.2 pgoyette 28 1.1.2.2 pgoyette SOCK_ROUTER1=unix://router1 29 1.1.2.2 pgoyette SOCK_ROUTER2=unix://router2 30 1.1.2.2 pgoyette ROUTER1_LANIP=192.168.1.1 31 1.1.2.2 pgoyette ROUTER1_LANNET=192.168.1.0/24 32 1.1.2.2 pgoyette ROUTER1_WANIP=10.0.0.1 33 1.1.2.2 pgoyette ROUTER1_IPSECIP=172.16.1.1 34 1.1.2.2 pgoyette ROUTER2_LANIP=192.168.2.1 35 1.1.2.2 pgoyette ROUTER2_LANNET=192.168.2.0/24 36 1.1.2.2 pgoyette ROUTER2_WANIP=10.0.0.2 37 1.1.2.2 pgoyette ROUTER2_IPSECIP=172.16.2.1 38 1.1.2.2 pgoyette 39 1.1.2.2 pgoyette DEBUG=${DEBUG:-false} 40 1.1.2.2 pgoyette TIMEOUT=7 41 1.1.2.2 pgoyette HIJACKING_NPF="${HIJACKING},blanket=/dev/npf" 42 1.1.2.2 pgoyette 43 1.1.2.2 pgoyette setup_router() 44 1.1.2.2 pgoyette { 45 1.1.2.2 pgoyette local sock=$1 46 1.1.2.2 pgoyette local lan=$2 47 1.1.2.2 pgoyette local wan=$3 48 1.1.2.2 pgoyette 49 1.1.2.2 pgoyette rump_server_add_iface $sock shmif0 bus0 50 1.1.2.2 pgoyette rump_server_add_iface $sock shmif1 bus1 51 1.1.2.2 pgoyette 52 1.1.2.2 pgoyette export RUMP_SERVER=${sock} 53 1.1.2.2 pgoyette atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 54 1.1.2.2 pgoyette 55 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00 56 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig shmif0 up 57 1.1.2.2 pgoyette # Ensure shmif0 is running 58 1.1.2.2 pgoyette atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan} 59 1.1.2.2 pgoyette $DEBUG && rump.ifconfig shmif0 60 1.1.2.2 pgoyette 61 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000 62 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig shmif1 up 63 1.1.2.2 pgoyette # Ensure shmif1 is running 64 1.1.2.2 pgoyette atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan} 65 1.1.2.2 pgoyette $DEBUG && rump.ifconfig shmif1 66 1.1.2.2 pgoyette 67 1.1.2.2 pgoyette unset RUMP_SERVER 68 1.1.2.2 pgoyette } 69 1.1.2.2 pgoyette 70 1.1.2.2 pgoyette setup_if_ipsec() 71 1.1.2.2 pgoyette { 72 1.1.2.2 pgoyette local addr=$1 73 1.1.2.2 pgoyette local remote=$2 74 1.1.2.2 pgoyette local src=$3 75 1.1.2.2 pgoyette local dst=$4 76 1.1.2.2 pgoyette local peernet=$5 77 1.1.2.2 pgoyette 78 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig ipsec0 create 79 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig ipsec0 tunnel $src $dst 80 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 $remote 81 1.1.2.2 pgoyette atf_check -s exit:0 -o ignore rump.route add -inet $peernet $addr 82 1.1.2.2 pgoyette 83 1.1.2.2 pgoyette $DEBUG && rump.ifconfig ipsec0 84 1.1.2.2 pgoyette $DEBUG && rump.route -nL show -inet 85 1.1.2.2 pgoyette } 86 1.1.2.2 pgoyette 87 1.1.2.2 pgoyette get_if_ipsec_unique() 88 1.1.2.2 pgoyette { 89 1.1.2.2 pgoyette local src=$1 90 1.1.2.2 pgoyette local proto=$2 91 1.1.2.2 pgoyette local unique="" 92 1.1.2.2 pgoyette 93 1.1.2.2 pgoyette unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'` 94 1.1.2.2 pgoyette 95 1.1.2.2 pgoyette echo $unique 96 1.1.2.2 pgoyette } 97 1.1.2.2 pgoyette 98 1.1.2.2 pgoyette setup_if_ipsec_sa() 99 1.1.2.2 pgoyette { 100 1.1.2.2 pgoyette local src=$1 101 1.1.2.2 pgoyette local dst=$2 102 1.1.2.2 pgoyette local inid=$3 103 1.1.2.2 pgoyette local outid=$4 104 1.1.2.2 pgoyette local proto=$5 105 1.1.2.2 pgoyette local algo=$6 106 1.1.2.2 pgoyette 107 1.1.2.2 pgoyette local tmpfile=./tmp 108 1.1.2.2 pgoyette local inunique="" 109 1.1.2.2 pgoyette local outunique="" 110 1.1.2.2 pgoyette local algo_args="$(generate_algo_args $proto $algo)" 111 1.1.2.2 pgoyette 112 1.1.2.2 pgoyette inunique=`get_if_ipsec_unique $dst "ipv4"` 113 1.1.2.2 pgoyette atf_check -s exit:0 test "X$inunique" != "X" 114 1.1.2.2 pgoyette outunique=`get_if_ipsec_unique $src "ipv4"` 115 1.1.2.2 pgoyette atf_check -s exit:0 test "X$outunique" != "X" 116 1.1.2.2 pgoyette 117 1.1.2.2 pgoyette cat > $tmpfile <<-EOF 118 1.1.2.2 pgoyette add $dst $src $proto $inid -u $inunique $algo_args; 119 1.1.2.2 pgoyette add $src $dst $proto $outid -u $outunique $algo_args; 120 1.1.2.2 pgoyette EOF 121 1.1.2.2 pgoyette $DEBUG && cat $tmpfile 122 1.1.2.2 pgoyette atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 123 1.1.2.2 pgoyette $DEBUG && $HIJACKING setkey -D 124 1.1.2.2 pgoyette $DEBUG && $HIJACKING setkey -DP 125 1.1.2.2 pgoyette } 126 1.1.2.2 pgoyette 127 1.1.2.2 pgoyette setup_tunnel() 128 1.1.2.2 pgoyette { 129 1.1.2.2 pgoyette local proto=$1 130 1.1.2.2 pgoyette local algo=$2 131 1.1.2.2 pgoyette 132 1.1.2.2 pgoyette local addr= remote= src= dst= peernet= 133 1.1.2.2 pgoyette 134 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER1 135 1.1.2.2 pgoyette addr=$ROUTER1_IPSECIP 136 1.1.2.2 pgoyette remote=$ROUTER2_IPSECIP 137 1.1.2.2 pgoyette src=$ROUTER1_WANIP 138 1.1.2.2 pgoyette dst=$ROUTER2_WANIP 139 1.1.2.2 pgoyette peernet=$ROUTER2_LANNET 140 1.1.2.2 pgoyette setup_if_ipsec $addr $remote $src $dst $peernet 141 1.1.2.2 pgoyette setup_if_ipsec_sa $src $dst "10000" "10001" $proto $algo 142 1.1.2.2 pgoyette 143 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER2 144 1.1.2.2 pgoyette addr=$ROUTER2_IPSECIP 145 1.1.2.2 pgoyette remote=$ROUTER1_IPSECIP 146 1.1.2.2 pgoyette src=$ROUTER2_WANIP 147 1.1.2.2 pgoyette dst=$ROUTER1_WANIP 148 1.1.2.2 pgoyette peernet=$ROUTER1_LANNET 149 1.1.2.2 pgoyette setup_if_ipsec $addr $remote $src $dst $peernet 150 1.1.2.2 pgoyette setup_if_ipsec_sa $src $dst "10001" "10000" $proto $algo 151 1.1.2.2 pgoyette 152 1.1.2.2 pgoyette # Ensure ipsecif(4) settings have completed. 153 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER1 154 1.1.2.2 pgoyette atf_check -s exit:0 -o ignore \ 155 1.1.2.2 pgoyette rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 156 1.1.2.2 pgoyette $ROUTER2_LANIP 157 1.1.2.2 pgoyette 158 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER2 159 1.1.2.2 pgoyette atf_check -s exit:0 -o ignore \ 160 1.1.2.2 pgoyette rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ 161 1.1.2.2 pgoyette $ROUTER1_LANIP 162 1.1.2.2 pgoyette 163 1.1.2.2 pgoyette unset RUMP_SERVER 164 1.1.2.2 pgoyette } 165 1.1.2.2 pgoyette 166 1.1.2.2 pgoyette ipsecif_pfil_setup() 167 1.1.2.2 pgoyette { 168 1.1.2.2 pgoyette local proto=$1 169 1.1.2.2 pgoyette local algo=$2 170 1.1.2.2 pgoyette 171 1.1.2.2 pgoyette rump_server_crypto_npf_start $SOCK_ROUTER1 netipsec ipsec 172 1.1.2.2 pgoyette rump_server_crypto_npf_start $SOCK_ROUTER2 netipsec ipsec 173 1.1.2.2 pgoyette 174 1.1.2.2 pgoyette setup_router $SOCK_ROUTER1 $ROUTER1_LANIP $ROUTER1_WANIP 175 1.1.2.2 pgoyette setup_router $SOCK_ROUTER2 $ROUTER2_LANIP $ROUTER2_WANIP 176 1.1.2.2 pgoyette 177 1.1.2.2 pgoyette setup_tunnel $proto $algo 178 1.1.2.2 pgoyette } 179 1.1.2.2 pgoyette 180 1.1.2.2 pgoyette prepare_file() 181 1.1.2.2 pgoyette { 182 1.1.2.2 pgoyette local file=$1 183 1.1.2.2 pgoyette local data="0123456789" 184 1.1.2.2 pgoyette 185 1.1.2.2 pgoyette touch $file 186 1.1.2.2 pgoyette for i in `seq 1 512` 187 1.1.2.2 pgoyette do 188 1.1.2.2 pgoyette echo $data >> $file 189 1.1.2.2 pgoyette done 190 1.1.2.2 pgoyette } 191 1.1.2.2 pgoyette 192 1.1.2.2 pgoyette build_npf_conf() 193 1.1.2.2 pgoyette { 194 1.1.2.2 pgoyette local outfile=$1 195 1.1.2.2 pgoyette local subnet=$2 196 1.1.2.2 pgoyette local direction=$3 197 1.1.2.2 pgoyette 198 1.1.2.2 pgoyette local reverse= 199 1.1.2.2 pgoyette if [ "X${direction}" = "Xin" ] ; then 200 1.1.2.2 pgoyette reverse="out" 201 1.1.2.2 pgoyette else 202 1.1.2.2 pgoyette reverse="in" 203 1.1.2.2 pgoyette fi 204 1.1.2.2 pgoyette 205 1.1.2.2 pgoyette cat > $outfile <<-EOF 206 1.1.2.2 pgoyette set bpf.jit off 207 1.1.2.2 pgoyette \$if = inet4(ipsec0) 208 1.1.2.2 pgoyette \$subnet = { $subnet } 209 1.1.2.2 pgoyette 210 1.1.2.2 pgoyette procedure "log0" { 211 1.1.2.2 pgoyette log: npflog0 212 1.1.2.2 pgoyette } 213 1.1.2.2 pgoyette 214 1.1.2.2 pgoyette group default { 215 1.1.2.2 pgoyette block $direction on \$if proto tcp from \$subnet apply "log0" 216 1.1.2.2 pgoyette pass $reverse on \$if proto tcp from \$subnet 217 1.1.2.2 pgoyette pass in on \$if proto icmp from 0.0.0.0/0 218 1.1.2.2 pgoyette pass out on \$if proto icmp from 0.0.0.0/0 219 1.1.2.2 pgoyette pass final on shmif0 all 220 1.1.2.2 pgoyette pass final on shmif1 all 221 1.1.2.2 pgoyette } 222 1.1.2.2 pgoyette EOF 223 1.1.2.2 pgoyette } 224 1.1.2.2 pgoyette 225 1.1.2.2 pgoyette ipsecif_pfil_test() 226 1.1.2.2 pgoyette { 227 1.1.2.2 pgoyette local outfile=./out 228 1.1.2.2 pgoyette local npffile=./npf.conf 229 1.1.2.2 pgoyette local file_send=./file.send 230 1.1.2.2 pgoyette local file_recv=./file.recv 231 1.1.2.2 pgoyette 232 1.1.2.2 pgoyette local subnet="172.16.0.0/16" 233 1.1.2.2 pgoyette 234 1.1.2.2 pgoyette # Try TCP communications just in case. 235 1.1.2.2 pgoyette start_nc_server $SOCK_ROUTER2 8888 $file_recv ipv4 236 1.1.2.2 pgoyette prepare_file $file_send 237 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER1 238 1.1.2.2 pgoyette atf_check -s exit:0 $HIJACKING nc -w 3 $ROUTER2_IPSECIP 8888 < $file_send 239 1.1.2.2 pgoyette atf_check -s exit:0 diff -q $file_send $file_recv 240 1.1.2.2 pgoyette stop_nc_server 241 1.1.2.2 pgoyette 242 1.1.2.2 pgoyette # Setup npf to block *out* direction for ipsecif(4). 243 1.1.2.2 pgoyette build_npf_conf $npffile $subnet "out" 244 1.1.2.2 pgoyette $DEBUG && cat $npffile 245 1.1.2.2 pgoyette 246 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER1 247 1.1.2.2 pgoyette atf_check -s exit:0 $HIJACKING_NPF npfctl reload $npffile 248 1.1.2.2 pgoyette atf_check -s exit:0 $HIJACKING_NPF npfctl start 249 1.1.2.2 pgoyette $DEBUG && ${HIJACKING},"blanket=/dev/npf" npfctl show 250 1.1.2.2 pgoyette 251 1.1.2.2 pgoyette # ping should still work 252 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER1 253 1.1.2.2 pgoyette atf_check -s exit:0 -o ignore \ 254 1.1.2.2 pgoyette rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 255 1.1.2.2 pgoyette $ROUTER2_LANIP 256 1.1.2.2 pgoyette 257 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER2 258 1.1.2.2 pgoyette atf_check -s exit:0 -o ignore \ 259 1.1.2.2 pgoyette rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ 260 1.1.2.2 pgoyette $ROUTER1_LANIP 261 1.1.2.2 pgoyette 262 1.1.2.2 pgoyette # TCP communications should be blocked. 263 1.1.2.2 pgoyette start_nc_server $SOCK_ROUTER2 8888 $file_recv ipv4 264 1.1.2.2 pgoyette prepare_file $file_send 265 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER1 266 1.1.2.2 pgoyette atf_check -s exit:1 -o ignore $HIJACKING nc -w 3 $ROUTER2_IPSECIP 8888 < $file_send 267 1.1.2.2 pgoyette stop_nc_server 268 1.1.2.2 pgoyette 269 1.1.2.2 pgoyette atf_check -s exit:0 $HIJACKING_NPF npfctl stop 270 1.1.2.2 pgoyette $DEBUG && ${HIJACKING},"blanket=/dev/npf" npfctl show 271 1.1.2.2 pgoyette 272 1.1.2.2 pgoyette # Setup npf to block *in* direction for ipsecif(4). 273 1.1.2.2 pgoyette build_npf_conf $npffile $subnet "in" 274 1.1.2.2 pgoyette $DEBUG && cat $npffile 275 1.1.2.2 pgoyette 276 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER2 277 1.1.2.2 pgoyette atf_check -s exit:0 $HIJACKING_NPF npfctl reload $npffile 278 1.1.2.2 pgoyette atf_check -s exit:0 $HIJACKING_NPF npfctl start 279 1.1.2.2 pgoyette $DEBUG && ${HIJACKING},"blanket=/dev/npf" npfctl show 280 1.1.2.2 pgoyette 281 1.1.2.2 pgoyette # ping should still work. 282 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER1 283 1.1.2.2 pgoyette atf_check -s exit:0 -o ignore \ 284 1.1.2.2 pgoyette rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 285 1.1.2.2 pgoyette $ROUTER2_LANIP 286 1.1.2.2 pgoyette 287 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER2 288 1.1.2.2 pgoyette atf_check -s exit:0 -o ignore \ 289 1.1.2.2 pgoyette rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ 290 1.1.2.2 pgoyette $ROUTER1_LANIP 291 1.1.2.2 pgoyette 292 1.1.2.2 pgoyette # TCP communications should be blocked. 293 1.1.2.2 pgoyette start_nc_server $SOCK_ROUTER2 8888 $file_recv ipv4 294 1.1.2.2 pgoyette prepare_file $file_send 295 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER1 296 1.1.2.2 pgoyette atf_check -s exit:1 -o ignore $HIJACKING nc -w 3 $ROUTER2_IPSECIP 8888 < $file_send 297 1.1.2.2 pgoyette stop_nc_server 298 1.1.2.2 pgoyette 299 1.1.2.2 pgoyette atf_check -s exit:0 $HIJACKING_NPF npfctl stop 300 1.1.2.2 pgoyette $DEBUG && ${HIJACKING},"blanket=/dev/npf" npfctl show 301 1.1.2.2 pgoyette 302 1.1.2.2 pgoyette 303 1.1.2.2 pgoyette unset RUMP_SERVER 304 1.1.2.2 pgoyette } 305 1.1.2.2 pgoyette 306 1.1.2.2 pgoyette ipsecif_pfil_teardown() 307 1.1.2.2 pgoyette { 308 1.1.2.2 pgoyette 309 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER1 310 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel 311 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig ipsec0 destroy 312 1.1.2.2 pgoyette $HIJACKING setkey -F 313 1.1.2.2 pgoyette 314 1.1.2.2 pgoyette export RUMP_SERVER=$SOCK_ROUTER2 315 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel 316 1.1.2.2 pgoyette atf_check -s exit:0 rump.ifconfig ipsec0 destroy 317 1.1.2.2 pgoyette $HIJACKING setkey -F 318 1.1.2.2 pgoyette 319 1.1.2.2 pgoyette unset RUMP_SERVER 320 1.1.2.2 pgoyette } 321 1.1.2.2 pgoyette 322 1.1.2.2 pgoyette add_test() 323 1.1.2.2 pgoyette { 324 1.1.2.2 pgoyette local proto=$1 325 1.1.2.2 pgoyette local algo=$2 326 1.1.2.2 pgoyette local _algo=$(echo $algo | sed 's/-//g') 327 1.1.2.2 pgoyette 328 1.1.2.2 pgoyette name="ipsecif_pfil_${proto}_${_algo}" 329 1.1.2.2 pgoyette desc="Does ipsecif filter tests" 330 1.1.2.2 pgoyette 331 1.1.2.2 pgoyette atf_test_case ${name} cleanup 332 1.1.2.2 pgoyette eval "${name}_head() { 333 1.1.2.2 pgoyette atf_set descr \"${desc}\" 334 1.1.2.2 pgoyette atf_set require.progs rump_server setkey 335 1.1.2.2 pgoyette } 336 1.1.2.2 pgoyette ${name}_body() { 337 1.1.2.2 pgoyette ipsecif_pfil_setup ${proto} ${algo} 338 1.1.2.2 pgoyette ipsecif_pfil_test 339 1.1.2.2 pgoyette ipsecif_pfil_teardown 340 1.1.2.2 pgoyette rump_server_destroy_ifaces 341 1.1.2.2 pgoyette } 342 1.1.2.2 pgoyette ${name}_cleanup() { 343 1.1.2.2 pgoyette \$DEBUG && dump 344 1.1.2.2 pgoyette cleanup 345 1.1.2.2 pgoyette }" 346 1.1.2.2 pgoyette atf_add_test_case ${name} 347 1.1.2.2 pgoyette } 348 1.1.2.2 pgoyette 349 1.1.2.2 pgoyette add_test_allalgo() 350 1.1.2.2 pgoyette { 351 1.1.2.2 pgoyette local desc=$1 352 1.1.2.2 pgoyette 353 1.1.2.2 pgoyette for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do 354 1.1.2.2 pgoyette add_test esp $algo 355 1.1.2.2 pgoyette done 356 1.1.2.2 pgoyette 357 1.1.2.2 pgoyette # ah does not support yet 358 1.1.2.2 pgoyette } 359 1.1.2.2 pgoyette 360 1.1.2.2 pgoyette atf_init_test_cases() 361 1.1.2.2 pgoyette { 362 1.1.2.2 pgoyette 363 1.1.2.2 pgoyette add_test_allalgo ipsecif_pfil 364 1.1.2.2 pgoyette } 365
Indexes created Thu Oct 02 14:10:14 GMT 2025