t_ipsec_misc.sh revision 1.22
1 1.22 ozaki # $NetBSD: t_ipsec_misc.sh,v 1.22 2017/11/09 04:51:07 ozaki-r Exp $ 2 1.1 ozaki # 3 1.1 ozaki # Copyright (c) 2017 Internet Initiative Japan Inc. 4 1.1 ozaki # All rights reserved. 5 1.1 ozaki # 6 1.1 ozaki # Redistribution and use in source and binary forms, with or without 7 1.1 ozaki # modification, are permitted provided that the following conditions 8 1.1 ozaki # are met: 9 1.1 ozaki # 1. Redistributions of source code must retain the above copyright 10 1.1 ozaki # notice, this list of conditions and the following disclaimer. 11 1.1 ozaki # 2. Redistributions in binary form must reproduce the above copyright 12 1.1 ozaki # notice, this list of conditions and the following disclaimer in the 13 1.1 ozaki # documentation and/or other materials provided with the distribution. 14 1.1 ozaki # 15 1.1 ozaki # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1 ozaki # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1 ozaki # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1 ozaki # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1 ozaki # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1 ozaki # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1 ozaki # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1 ozaki # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1 ozaki # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1 ozaki # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1 ozaki # POSSIBILITY OF SUCH DAMAGE. 26 1.1 ozaki # 27 1.1 ozaki 28 1.1 ozaki SOCK_LOCAL=unix://ipsec_local 29 1.1 ozaki SOCK_PEER=unix://ipsec_peer 30 1.1 ozaki BUS=./bus_ipsec 31 1.1 ozaki 32 1.4 ozaki DEBUG=${DEBUG:-true} 33 1.1 ozaki 34 1.1 ozaki setup_sasp() 35 1.1 ozaki { 36 1.1 ozaki local proto=$1 37 1.1 ozaki local algo_args="$2" 38 1.1 ozaki local ip_local=$3 39 1.1 ozaki local ip_peer=$4 40 1.1 ozaki local lifetime=$5 41 1.8 ozaki local update=$6 42 1.1 ozaki local tmpfile=./tmp 43 1.8 ozaki local extra= 44 1.8 ozaki 45 1.8 ozaki if [ "$update" = sa ]; then 46 1.8 ozaki extra="update $ip_local $ip_peer $proto 10000 $algo_args; 47 1.8 ozaki update $ip_peer $ip_local $proto 10001 $algo_args;" 48 1.8 ozaki elif [ "$update" = sp ]; then 49 1.8 ozaki extra="spdupdate $ip_local $ip_peer any -P out ipsec $proto/transport//require;" 50 1.8 ozaki fi 51 1.1 ozaki 52 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 53 1.1 ozaki cat > $tmpfile <<-EOF 54 1.1 ozaki add $ip_local $ip_peer $proto 10000 -lh $lifetime -ls $lifetime $algo_args; 55 1.1 ozaki add $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $algo_args; 56 1.1 ozaki spdadd $ip_local $ip_peer any -P out ipsec $proto/transport//require; 57 1.8 ozaki $extra 58 1.1 ozaki EOF 59 1.1 ozaki $DEBUG && cat $tmpfile 60 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 61 1.3 ozaki # XXX it can be expired if $lifetime is very short 62 1.3 ozaki #check_sa_entries $SOCK_LOCAL $ip_local $ip_peer 63 1.1 ozaki 64 1.8 ozaki if [ "$update" = sp ]; then 65 1.8 ozaki extra="spdupdate $ip_peer $ip_local any -P out ipsec $proto/transport//require;" 66 1.8 ozaki fi 67 1.8 ozaki 68 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 69 1.1 ozaki cat > $tmpfile <<-EOF 70 1.1 ozaki add $ip_local $ip_peer $proto 10000 -lh $lifetime -ls $lifetime $algo_args; 71 1.1 ozaki add $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $algo_args; 72 1.1 ozaki spdadd $ip_peer $ip_local any -P out ipsec $proto/transport//require; 73 1.8 ozaki $extra 74 1.1 ozaki EOF 75 1.1 ozaki $DEBUG && cat $tmpfile 76 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 77 1.3 ozaki # XXX it can be expired if $lifetime is very short 78 1.3 ozaki #check_sa_entries $SOCK_PEER $ip_local $ip_peer 79 1.1 ozaki } 80 1.1 ozaki 81 1.22 ozaki test_sad_disapper_until() 82 1.22 ozaki { 83 1.22 ozaki local time=$1 84 1.22 ozaki local check_dead_sa=$2 85 1.22 ozaki local setkey_opts= 86 1.22 ozaki local n=$time 87 1.22 ozaki local tmpfile=./__tmp 88 1.22 ozaki local sock= ok= 89 1.22 ozaki 90 1.22 ozaki if $check_dead_sa; then 91 1.22 ozaki setkey_opts="-D -a" 92 1.22 ozaki else 93 1.22 ozaki setkey_opts="-D" 94 1.22 ozaki fi 95 1.22 ozaki 96 1.22 ozaki while [ $n -ne 0 ]; do 97 1.22 ozaki ok=0 98 1.22 ozaki sleep 1 99 1.22 ozaki for sock in $SOCK_LOCAL $SOCK_PEER; do 100 1.22 ozaki export RUMP_SERVER=$sock 101 1.22 ozaki $HIJACKING setkey $setkey_opts > $tmpfile 102 1.22 ozaki $DEBUG && cat $tmpfile 103 1.22 ozaki if grep -q 'No SAD entries.' $tmpfile; then 104 1.22 ozaki ok=$((ok + 1)) 105 1.22 ozaki fi 106 1.22 ozaki done 107 1.22 ozaki if [ $ok -eq 2 ]; then 108 1.22 ozaki return 109 1.22 ozaki fi 110 1.22 ozaki 111 1.22 ozaki n=$((n - 1)) 112 1.22 ozaki done 113 1.22 ozaki 114 1.22 ozaki atf_fail "SAs didn't disappear after $time sec." 115 1.22 ozaki } 116 1.22 ozaki 117 1.1 ozaki test_ipsec4_lifetime() 118 1.1 ozaki { 119 1.1 ozaki local proto=$1 120 1.1 ozaki local algo=$2 121 1.1 ozaki local ip_local=10.0.0.1 122 1.1 ozaki local ip_peer=10.0.0.2 123 1.1 ozaki local outfile=./out 124 1.1 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 125 1.1 ozaki local algo_args="$(generate_algo_args $proto $algo)" 126 1.1 ozaki local lifetime=3 127 1.21 ozaki local buffertime=2 128 1.1 ozaki 129 1.1 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 130 1.1 ozaki rump_server_crypto_start $SOCK_PEER netipsec 131 1.1 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 132 1.1 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 133 1.1 ozaki 134 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 135 1.1 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 136 1.1 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 137 1.1 ozaki #atf_check -s exit:0 -o ignore rump.sysctl -w net.key.debug=0xff 138 1.1 ozaki 139 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 140 1.1 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 141 1.1 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 142 1.1 ozaki #atf_check -s exit:0 -o ignore rump.sysctl -w net.key.debug=0xff 143 1.1 ozaki 144 1.1 ozaki extract_new_packets $BUS > $outfile 145 1.1 ozaki 146 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 147 1.1 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 148 1.1 ozaki 149 1.1 ozaki extract_new_packets $BUS > $outfile 150 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: ICMP echo request" \ 151 1.1 ozaki cat $outfile 152 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: ICMP echo reply" \ 153 1.1 ozaki cat $outfile 154 1.1 ozaki 155 1.1 ozaki # Set up SAs with lifetime 1 sec. 156 1.1 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 1 157 1.1 ozaki 158 1.1 ozaki # Check the SAs have been expired 159 1.22 ozaki test_sad_disapper_until $((1 + $buffertime)) false 160 1.1 ozaki 161 1.1 ozaki # Clean up SPs 162 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 163 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -F -P 164 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 165 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -F -P 166 1.1 ozaki 167 1.1 ozaki # Set up SAs with lifetime with $lifetime 168 1.1 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer $lifetime 169 1.1 ozaki 170 1.1 ozaki # Use the SAs; this will create a reference from an SP to an SA 171 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 172 1.1 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 173 1.1 ozaki 174 1.1 ozaki extract_new_packets $BUS > $outfile 175 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: $proto_cap" \ 176 1.1 ozaki cat $outfile 177 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \ 178 1.1 ozaki cat $outfile 179 1.1 ozaki 180 1.22 ozaki # Check the SAs have been expired 181 1.22 ozaki test_sad_disapper_until $((lifetime + $buffertime)) true 182 1.1 ozaki 183 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 184 1.1 ozaki atf_check -s not-exit:0 -o match:'0 packets received' \ 185 1.1 ozaki rump.ping -c 1 -n -w 1 $ip_peer 186 1.1 ozaki 187 1.1 ozaki test_flush_entries $SOCK_LOCAL 188 1.1 ozaki test_flush_entries $SOCK_PEER 189 1.1 ozaki } 190 1.1 ozaki 191 1.1 ozaki test_ipsec6_lifetime() 192 1.1 ozaki { 193 1.1 ozaki local proto=$1 194 1.1 ozaki local algo=$2 195 1.1 ozaki local ip_local=fd00::1 196 1.1 ozaki local ip_peer=fd00::2 197 1.1 ozaki local outfile=./out 198 1.1 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 199 1.1 ozaki local algo_args="$(generate_algo_args $proto $algo)" 200 1.1 ozaki local lifetime=3 201 1.21 ozaki local buffertime=2 202 1.1 ozaki 203 1.1 ozaki rump_server_crypto_start $SOCK_LOCAL netinet6 netipsec 204 1.1 ozaki rump_server_crypto_start $SOCK_PEER netinet6 netipsec 205 1.1 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 206 1.1 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 207 1.1 ozaki 208 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 209 1.1 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 210 1.1 ozaki atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_local 211 1.1 ozaki 212 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 213 1.1 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 214 1.1 ozaki atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_peer 215 1.1 ozaki 216 1.1 ozaki extract_new_packets $BUS > $outfile 217 1.1 ozaki 218 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 219 1.1 ozaki atf_check -s exit:0 -o ignore rump.ping6 -c 1 -n -X 3 $ip_peer 220 1.1 ozaki 221 1.1 ozaki extract_new_packets $BUS > $outfile 222 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: ICMP6, echo request" \ 223 1.1 ozaki cat $outfile 224 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: ICMP6, echo reply" \ 225 1.1 ozaki cat $outfile 226 1.1 ozaki 227 1.1 ozaki # Set up SAs with lifetime 1 sec. 228 1.1 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 1 229 1.1 ozaki 230 1.1 ozaki # Check the SAs have been expired 231 1.22 ozaki test_sad_disapper_until $((1 + $buffertime)) false 232 1.1 ozaki 233 1.1 ozaki # Clean up SPs 234 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 235 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -F -P 236 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 237 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -F -P 238 1.1 ozaki 239 1.1 ozaki # Set up SAs with lifetime with $lifetime 240 1.1 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer $lifetime 241 1.1 ozaki 242 1.1 ozaki # Use the SAs; this will create a reference from an SP to an SA 243 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 244 1.1 ozaki atf_check -s exit:0 -o ignore rump.ping6 -c 1 -n -X 3 $ip_peer 245 1.1 ozaki 246 1.1 ozaki extract_new_packets $BUS > $outfile 247 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: $proto_cap" \ 248 1.1 ozaki cat $outfile 249 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \ 250 1.1 ozaki cat $outfile 251 1.1 ozaki 252 1.22 ozaki # Check the SAs have been expired 253 1.22 ozaki test_sad_disapper_until $((lifetime + $buffertime)) true 254 1.1 ozaki 255 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 256 1.1 ozaki atf_check -s not-exit:0 -o match:'0 packets received' \ 257 1.1 ozaki rump.ping6 -c 1 -n -X 1 $ip_peer 258 1.1 ozaki 259 1.1 ozaki test_flush_entries $SOCK_LOCAL 260 1.1 ozaki test_flush_entries $SOCK_PEER 261 1.1 ozaki } 262 1.1 ozaki 263 1.1 ozaki test_lifetime_common() 264 1.1 ozaki { 265 1.1 ozaki local ipproto=$1 266 1.1 ozaki local proto=$2 267 1.1 ozaki local algo=$3 268 1.1 ozaki 269 1.1 ozaki if [ $ipproto = ipv4 ]; then 270 1.1 ozaki test_ipsec4_lifetime $proto $algo 271 1.1 ozaki else 272 1.1 ozaki test_ipsec6_lifetime $proto $algo 273 1.1 ozaki fi 274 1.1 ozaki } 275 1.1 ozaki 276 1.1 ozaki add_test_lifetime() 277 1.1 ozaki { 278 1.1 ozaki local ipproto=$1 279 1.1 ozaki local proto=$2 280 1.1 ozaki local algo=$3 281 1.1 ozaki local _algo=$(echo $algo | sed 's/-//g') 282 1.1 ozaki local name= desc= 283 1.1 ozaki 284 1.1 ozaki name="ipsec_lifetime_${ipproto}_${proto}_${_algo}" 285 1.1 ozaki desc="Tests of lifetime of IPsec ($ipproto) with $proto ($algo)" 286 1.1 ozaki 287 1.1 ozaki atf_test_case ${name} cleanup 288 1.18 ozaki eval " 289 1.18 ozaki ${name}_head() { 290 1.18 ozaki atf_set descr \"$desc\" 291 1.18 ozaki atf_set require.progs rump_server setkey 292 1.18 ozaki } 293 1.18 ozaki ${name}_body() { 294 1.18 ozaki test_lifetime_common $ipproto $proto $algo 295 1.18 ozaki rump_server_destroy_ifaces 296 1.18 ozaki } 297 1.18 ozaki ${name}_cleanup() { 298 1.18 ozaki \$DEBUG && dump 299 1.18 ozaki cleanup 300 1.18 ozaki } 301 1.1 ozaki " 302 1.1 ozaki atf_add_test_case ${name} 303 1.1 ozaki } 304 1.1 ozaki 305 1.8 ozaki test_update() 306 1.8 ozaki { 307 1.8 ozaki local proto=$1 308 1.8 ozaki local algo=$2 309 1.8 ozaki local update=$3 310 1.8 ozaki local ip_local=10.0.0.1 311 1.8 ozaki local ip_peer=10.0.0.2 312 1.8 ozaki local algo_args="$(generate_algo_args $proto $algo)" 313 1.8 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 314 1.8 ozaki local outfile=./out 315 1.8 ozaki 316 1.8 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 317 1.8 ozaki rump_server_crypto_start $SOCK_PEER netipsec 318 1.8 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 319 1.8 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 320 1.8 ozaki 321 1.8 ozaki export RUMP_SERVER=$SOCK_LOCAL 322 1.8 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 323 1.8 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 324 1.8 ozaki 325 1.8 ozaki export RUMP_SERVER=$SOCK_PEER 326 1.8 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 327 1.8 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 328 1.8 ozaki 329 1.8 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 100 $update 330 1.8 ozaki 331 1.8 ozaki extract_new_packets $BUS > $outfile 332 1.8 ozaki 333 1.8 ozaki export RUMP_SERVER=$SOCK_LOCAL 334 1.8 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 335 1.8 ozaki 336 1.8 ozaki extract_new_packets $BUS > $outfile 337 1.8 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: $proto_cap" \ 338 1.8 ozaki cat $outfile 339 1.8 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \ 340 1.8 ozaki cat $outfile 341 1.8 ozaki } 342 1.8 ozaki 343 1.8 ozaki add_test_update() 344 1.8 ozaki { 345 1.8 ozaki local proto=$1 346 1.8 ozaki local algo=$2 347 1.8 ozaki local update=$3 348 1.8 ozaki local _update=$(echo $update |tr 'a-z' 'A-Z') 349 1.8 ozaki local _algo=$(echo $algo | sed 's/-//g') 350 1.8 ozaki local name= desc= 351 1.8 ozaki 352 1.8 ozaki desc="Tests trying to udpate $_update of $proto ($algo)" 353 1.8 ozaki name="ipsec_update_${update}_${proto}_${_algo}" 354 1.8 ozaki 355 1.8 ozaki atf_test_case ${name} cleanup 356 1.18 ozaki eval " 357 1.18 ozaki ${name}_head() { 358 1.18 ozaki atf_set descr \"$desc\" 359 1.18 ozaki atf_set require.progs rump_server setkey 360 1.18 ozaki } 361 1.18 ozaki ${name}_body() { 362 1.18 ozaki test_update $proto $algo $update 363 1.18 ozaki rump_server_destroy_ifaces 364 1.18 ozaki } 365 1.18 ozaki ${name}_cleanup() { 366 1.18 ozaki \$DEBUG && dump 367 1.18 ozaki cleanup 368 1.18 ozaki } 369 1.8 ozaki " 370 1.8 ozaki atf_add_test_case ${name} 371 1.8 ozaki } 372 1.8 ozaki 373 1.9 ozaki add_sa() 374 1.9 ozaki { 375 1.9 ozaki local proto=$1 376 1.9 ozaki local algo_args="$2" 377 1.9 ozaki local ip_local=$3 378 1.9 ozaki local ip_peer=$4 379 1.9 ozaki local lifetime=$5 380 1.9 ozaki local spi=$6 381 1.9 ozaki local tmpfile=./tmp 382 1.9 ozaki local extra= 383 1.9 ozaki 384 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 385 1.9 ozaki cat > $tmpfile <<-EOF 386 1.9 ozaki add $ip_local $ip_peer $proto $((spi)) -lh $lifetime -ls $lifetime $algo_args; 387 1.9 ozaki add $ip_peer $ip_local $proto $((spi + 1)) -lh $lifetime -ls $lifetime $algo_args; 388 1.9 ozaki $extra 389 1.9 ozaki EOF 390 1.9 ozaki $DEBUG && cat $tmpfile 391 1.9 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 392 1.9 ozaki $DEBUG && $HIJACKING setkey -D 393 1.9 ozaki # XXX it can be expired if $lifetime is very short 394 1.9 ozaki #check_sa_entries $SOCK_LOCAL $ip_local $ip_peer 395 1.9 ozaki 396 1.9 ozaki export RUMP_SERVER=$SOCK_PEER 397 1.9 ozaki cat > $tmpfile <<-EOF 398 1.9 ozaki add $ip_local $ip_peer $proto $((spi)) -lh $lifetime -ls $lifetime $algo_args; 399 1.9 ozaki add $ip_peer $ip_local $proto $((spi + 1)) -lh $lifetime -ls $lifetime $algo_args; 400 1.9 ozaki $extra 401 1.9 ozaki EOF 402 1.9 ozaki $DEBUG && cat $tmpfile 403 1.9 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 404 1.9 ozaki $DEBUG && $HIJACKING setkey -D 405 1.9 ozaki # XXX it can be expired if $lifetime is very short 406 1.9 ozaki #check_sa_entries $SOCK_PEER $ip_local $ip_peer 407 1.9 ozaki } 408 1.9 ozaki 409 1.13 ozaki delete_sa() 410 1.13 ozaki { 411 1.13 ozaki local proto=$1 412 1.13 ozaki local ip_local=$2 413 1.13 ozaki local ip_peer=$3 414 1.13 ozaki local spi=$4 415 1.13 ozaki local tmpfile=./tmp 416 1.13 ozaki local extra= 417 1.13 ozaki 418 1.13 ozaki export RUMP_SERVER=$SOCK_LOCAL 419 1.13 ozaki cat > $tmpfile <<-EOF 420 1.13 ozaki delete $ip_local $ip_peer $proto $((spi)); 421 1.13 ozaki delete $ip_peer $ip_local $proto $((spi + 1)); 422 1.13 ozaki EOF 423 1.13 ozaki $DEBUG && cat $tmpfile 424 1.13 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 425 1.13 ozaki $DEBUG && $HIJACKING setkey -D 426 1.13 ozaki 427 1.13 ozaki export RUMP_SERVER=$SOCK_PEER 428 1.13 ozaki cat > $tmpfile <<-EOF 429 1.13 ozaki delete $ip_local $ip_peer $proto $((spi)); 430 1.13 ozaki delete $ip_peer $ip_local $proto $((spi + 1)); 431 1.13 ozaki EOF 432 1.13 ozaki $DEBUG && cat $tmpfile 433 1.13 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 434 1.13 ozaki $DEBUG && $HIJACKING setkey -D 435 1.13 ozaki } 436 1.13 ozaki 437 1.9 ozaki check_packet_spi() 438 1.9 ozaki { 439 1.9 ozaki local outfile=$1 440 1.9 ozaki local ip_local=$2 441 1.9 ozaki local ip_peer=$3 442 1.9 ozaki local proto=$4 443 1.9 ozaki local spi=$5 444 1.9 ozaki local spistr= 445 1.9 ozaki 446 1.9 ozaki $DEBUG && cat $outfile 447 1.9 ozaki spistr=$(printf "%08x" $spi) 448 1.9 ozaki atf_check -s exit:0 \ 449 1.9 ozaki -o match:"$ip_local > $ip_peer: $proto_cap\(spi=0x$spistr," \ 450 1.9 ozaki cat $outfile 451 1.9 ozaki spistr=$(printf "%08x" $((spi + 1))) 452 1.9 ozaki atf_check -s exit:0 \ 453 1.9 ozaki -o match:"$ip_peer > $ip_local: $proto_cap\(spi=0x$spistr," \ 454 1.9 ozaki cat $outfile 455 1.9 ozaki } 456 1.9 ozaki 457 1.12 ozaki wait_sa_disappeared() 458 1.12 ozaki { 459 1.12 ozaki local spi=$1 460 1.12 ozaki local i= 461 1.12 ozaki 462 1.12 ozaki export RUMP_SERVER=$SOCK_LOCAL 463 1.12 ozaki for i in $(seq 1 10); do 464 1.12 ozaki $HIJACKING setkey -D |grep -q "spi=$spi" 465 1.12 ozaki [ $? != 0 ] && break 466 1.12 ozaki sleep 1 467 1.12 ozaki done 468 1.12 ozaki if [ $i -eq 10 ]; then 469 1.12 ozaki atf_fail "SA (spi=$spi) didn't disappear in 10s" 470 1.12 ozaki fi 471 1.12 ozaki export RUMP_SERVER=$SOCK_PEER 472 1.12 ozaki for i in $(seq 1 10); do 473 1.12 ozaki $HIJACKING setkey -D |grep -q "spi=$spi" 474 1.12 ozaki [ $? != 0 ] && break 475 1.12 ozaki sleep 1 476 1.12 ozaki done 477 1.12 ozaki if [ $i -eq 10 ]; then 478 1.12 ozaki atf_fail "SA (spi=$spi) didn't disappear in 10s" 479 1.12 ozaki fi 480 1.12 ozaki } 481 1.12 ozaki 482 1.9 ozaki test_spi() 483 1.9 ozaki { 484 1.9 ozaki local proto=$1 485 1.9 ozaki local algo=$2 486 1.10 ozaki local preferred=$3 487 1.13 ozaki local method=$4 488 1.9 ozaki local ip_local=10.0.0.1 489 1.9 ozaki local ip_peer=10.0.0.2 490 1.9 ozaki local algo_args="$(generate_algo_args $proto $algo)" 491 1.9 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 492 1.9 ozaki local outfile=./out 493 1.9 ozaki local spistr= 494 1.14 ozaki local longtime= shorttime= 495 1.14 ozaki 496 1.16 ozaki if [ $method = timeout -a $preferred = new ]; then 497 1.16 ozaki skip_if_qemu 498 1.16 ozaki fi 499 1.16 ozaki 500 1.14 ozaki if [ $method = delete ]; then 501 1.14 ozaki shorttime=100 502 1.14 ozaki longtime=100 503 1.14 ozaki else 504 1.14 ozaki shorttime=3 505 1.14 ozaki longtime=6 506 1.14 ozaki fi 507 1.9 ozaki 508 1.9 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 509 1.9 ozaki rump_server_crypto_start $SOCK_PEER netipsec 510 1.9 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 511 1.9 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 512 1.9 ozaki 513 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 514 1.9 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 515 1.9 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 516 1.9 ozaki if [ $preferred = old ]; then 517 1.9 ozaki atf_check -s exit:0 rump.sysctl -q -w net.key.prefered_oldsa=1 518 1.9 ozaki fi 519 1.9 ozaki 520 1.9 ozaki export RUMP_SERVER=$SOCK_PEER 521 1.9 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 522 1.9 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 523 1.9 ozaki if [ $preferred = old ]; then 524 1.9 ozaki atf_check -s exit:0 rump.sysctl -q -w net.key.prefered_oldsa=1 525 1.9 ozaki fi 526 1.9 ozaki 527 1.9 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 100 528 1.9 ozaki 529 1.9 ozaki extract_new_packets $BUS > $outfile 530 1.9 ozaki 531 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 532 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 533 1.9 ozaki extract_new_packets $BUS > $outfile 534 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 535 1.9 ozaki 536 1.9 ozaki # Add a new SA with a different SPI 537 1.14 ozaki add_sa $proto "$algo_args" $ip_local $ip_peer $longtime 10010 538 1.9 ozaki 539 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 540 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 541 1.9 ozaki extract_new_packets $BUS > $outfile 542 1.9 ozaki if [ $preferred = old ]; then 543 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 544 1.9 ozaki else 545 1.9 ozaki # The new SA is preferred 546 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10010 547 1.9 ozaki fi 548 1.9 ozaki 549 1.9 ozaki # Add another SA with a different SPI 550 1.14 ozaki add_sa $proto "$algo_args" $ip_local $ip_peer $shorttime 10020 551 1.9 ozaki 552 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 553 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 554 1.9 ozaki extract_new_packets $BUS > $outfile 555 1.9 ozaki if [ $preferred = old ]; then 556 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 557 1.9 ozaki else 558 1.9 ozaki # The newest SA is preferred 559 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10020 560 1.9 ozaki fi 561 1.9 ozaki 562 1.13 ozaki if [ $method = delete ]; then 563 1.13 ozaki delete_sa $proto $ip_local $ip_peer 10020 564 1.13 ozaki else 565 1.13 ozaki wait_sa_disappeared 10020 566 1.13 ozaki fi 567 1.9 ozaki 568 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 569 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 570 1.9 ozaki extract_new_packets $BUS > $outfile 571 1.9 ozaki if [ $preferred = old ]; then 572 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 573 1.9 ozaki else 574 1.9 ozaki # The newest one is removed and the second one is used 575 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10010 576 1.9 ozaki fi 577 1.9 ozaki 578 1.13 ozaki if [ $method = delete ]; then 579 1.13 ozaki delete_sa $proto $ip_local $ip_peer 10010 580 1.13 ozaki else 581 1.13 ozaki wait_sa_disappeared 10010 582 1.13 ozaki fi 583 1.9 ozaki 584 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 585 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 586 1.9 ozaki extract_new_packets $BUS > $outfile 587 1.9 ozaki if [ $preferred = old ]; then 588 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 589 1.9 ozaki else 590 1.9 ozaki # The second one is removed and the original one is used 591 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 592 1.9 ozaki fi 593 1.9 ozaki } 594 1.9 ozaki 595 1.9 ozaki add_test_spi() 596 1.9 ozaki { 597 1.9 ozaki local proto=$1 598 1.9 ozaki local algo=$2 599 1.9 ozaki local preferred=$3 600 1.13 ozaki local method=$4 601 1.9 ozaki local _algo=$(echo $algo | sed 's/-//g') 602 1.9 ozaki local name= desc= 603 1.9 ozaki 604 1.13 ozaki desc="Tests SAs with different SPIs of $proto ($algo) ($preferred SA preferred) ($method)" 605 1.13 ozaki name="ipsec_spi_${proto}_${_algo}_preferred_${preferred}_${method}" 606 1.9 ozaki 607 1.9 ozaki atf_test_case ${name} cleanup 608 1.18 ozaki eval " 609 1.18 ozaki ${name}_head() { 610 1.18 ozaki atf_set descr \"$desc\" 611 1.18 ozaki atf_set require.progs rump_server setkey 612 1.18 ozaki } 613 1.18 ozaki ${name}_body() { 614 1.18 ozaki test_spi $proto $algo $preferred $method 615 1.18 ozaki rump_server_destroy_ifaces 616 1.18 ozaki } 617 1.18 ozaki ${name}_cleanup() { 618 1.18 ozaki \$DEBUG && dump 619 1.18 ozaki cleanup 620 1.18 ozaki } 621 1.9 ozaki " 622 1.9 ozaki atf_add_test_case ${name} 623 1.9 ozaki } 624 1.9 ozaki 625 1.17 ozaki setup_sp() 626 1.17 ozaki { 627 1.17 ozaki local proto=$1 628 1.17 ozaki local algo_args="$2" 629 1.17 ozaki local ip_local=$3 630 1.17 ozaki local ip_peer=$4 631 1.17 ozaki local tmpfile=./tmp 632 1.17 ozaki 633 1.17 ozaki export RUMP_SERVER=$SOCK_LOCAL 634 1.17 ozaki cat > $tmpfile <<-EOF 635 1.17 ozaki spdadd $ip_local $ip_peer any -P out ipsec $proto/transport//require; 636 1.19 ozaki spdadd $ip_peer $ip_local any -P in ipsec $proto/transport//require; 637 1.17 ozaki EOF 638 1.17 ozaki $DEBUG && cat $tmpfile 639 1.17 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 640 1.17 ozaki check_sp_entries $SOCK_LOCAL $ip_local $ip_peer 641 1.17 ozaki 642 1.17 ozaki export RUMP_SERVER=$SOCK_PEER 643 1.17 ozaki cat > $tmpfile <<-EOF 644 1.17 ozaki spdadd $ip_peer $ip_local any -P out ipsec $proto/transport//require; 645 1.19 ozaki spdadd $ip_local $ip_peer any -P in ipsec $proto/transport//require; 646 1.17 ozaki EOF 647 1.17 ozaki $DEBUG && cat $tmpfile 648 1.17 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 649 1.17 ozaki check_sp_entries $SOCK_PEER $ip_peer $ip_local 650 1.17 ozaki } 651 1.17 ozaki 652 1.17 ozaki test_nosa() 653 1.17 ozaki { 654 1.17 ozaki local proto=$1 655 1.17 ozaki local algo=$2 656 1.17 ozaki local update=$3 657 1.17 ozaki local ip_local=10.0.0.1 658 1.17 ozaki local ip_peer=10.0.0.2 659 1.17 ozaki local algo_args="$(generate_algo_args $proto $algo)" 660 1.17 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 661 1.17 ozaki local outfile=./out 662 1.17 ozaki 663 1.17 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 664 1.17 ozaki rump_server_crypto_start $SOCK_PEER netipsec 665 1.17 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 666 1.17 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 667 1.17 ozaki 668 1.17 ozaki export RUMP_SERVER=$SOCK_LOCAL 669 1.17 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 670 1.17 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 671 1.17 ozaki 672 1.17 ozaki export RUMP_SERVER=$SOCK_PEER 673 1.17 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 674 1.17 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 675 1.17 ozaki 676 1.17 ozaki setup_sp $proto "$algo_args" $ip_local $ip_peer 677 1.17 ozaki 678 1.17 ozaki extract_new_packets $BUS > $outfile 679 1.17 ozaki 680 1.17 ozaki export RUMP_SERVER=$SOCK_LOCAL 681 1.17 ozaki # It doesn't work because there is no SA 682 1.17 ozaki atf_check -s not-exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 683 1.17 ozaki } 684 1.17 ozaki 685 1.17 ozaki add_test_nosa() 686 1.17 ozaki { 687 1.17 ozaki local proto=$1 688 1.17 ozaki local algo=$2 689 1.17 ozaki local _algo=$(echo $algo | sed 's/-//g') 690 1.17 ozaki local name= desc= 691 1.17 ozaki 692 1.17 ozaki desc="Tests SPs with no relevant SAs with $proto ($algo)" 693 1.17 ozaki name="ipsec_nosa_${proto}_${_algo}" 694 1.17 ozaki 695 1.17 ozaki atf_test_case ${name} cleanup 696 1.18 ozaki eval " 697 1.18 ozaki ${name}_head() { 698 1.18 ozaki atf_set descr \"$desc\" 699 1.18 ozaki atf_set require.progs rump_server setkey 700 1.18 ozaki } 701 1.18 ozaki ${name}_body() { 702 1.18 ozaki test_nosa $proto $algo 703 1.18 ozaki rump_server_destroy_ifaces 704 1.18 ozaki } 705 1.18 ozaki ${name}_cleanup() { 706 1.18 ozaki \$DEBUG && dump 707 1.18 ozaki cleanup 708 1.18 ozaki } 709 1.17 ozaki " 710 1.17 ozaki atf_add_test_case ${name} 711 1.17 ozaki } 712 1.17 ozaki 713 1.20 ozaki test_multiple_sa() 714 1.20 ozaki { 715 1.20 ozaki local proto=$1 716 1.20 ozaki local algo=$2 717 1.20 ozaki local update=$3 718 1.20 ozaki local ip_local=10.0.0.1 719 1.20 ozaki local ip_peer=10.0.0.2 720 1.20 ozaki local ip_peer2=10.0.0.3 721 1.20 ozaki local algo_args="$(generate_algo_args $proto $algo)" 722 1.20 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 723 1.20 ozaki local outfile=./out 724 1.20 ozaki 725 1.20 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 726 1.20 ozaki rump_server_crypto_start $SOCK_PEER netipsec 727 1.20 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 728 1.20 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 729 1.20 ozaki 730 1.20 ozaki export RUMP_SERVER=$SOCK_LOCAL 731 1.20 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 732 1.20 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 733 1.20 ozaki 734 1.20 ozaki export RUMP_SERVER=$SOCK_PEER 735 1.20 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 736 1.20 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 737 1.20 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer2/24 alias 738 1.20 ozaki 739 1.20 ozaki setup_sp $proto "$algo_args" "$ip_local" "0.0.0.0/0" 740 1.20 ozaki 741 1.20 ozaki extract_new_packets $BUS > $outfile 742 1.20 ozaki 743 1.20 ozaki export RUMP_SERVER=$SOCK_LOCAL 744 1.20 ozaki # There is no SA, so ping should fail 745 1.20 ozaki atf_check -s not-exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 746 1.20 ozaki atf_check -s not-exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer2 747 1.20 ozaki 748 1.20 ozaki add_sa $proto "$algo_args" $ip_local $ip_peer 100 10000 749 1.20 ozaki 750 1.20 ozaki export RUMP_SERVER=$SOCK_LOCAL 751 1.20 ozaki # There is only an SA for $ip_peer, so ping to $ip_peer2 should fail 752 1.20 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 753 1.20 ozaki atf_check -s not-exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer2 754 1.20 ozaki 755 1.20 ozaki add_sa $proto "$algo_args" $ip_local $ip_peer2 100 10010 756 1.20 ozaki 757 1.20 ozaki export RUMP_SERVER=$SOCK_LOCAL 758 1.20 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 759 1.20 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer2 760 1.20 ozaki 761 1.20 ozaki export RUMP_SERVER=$SOCK_LOCAL 762 1.20 ozaki atf_check -s exit:0 -o match:"$proto/transport//require" \ 763 1.20 ozaki $HIJACKING setkey -D -P 764 1.20 ozaki # Check if the policy isn't modified accidentally 765 1.20 ozaki atf_check -s exit:0 -o not-match:"$proto/transport/.+\-.+/require" \ 766 1.20 ozaki $HIJACKING setkey -D -P 767 1.20 ozaki export RUMP_SERVER=$SOCK_PEER 768 1.20 ozaki atf_check -s exit:0 -o match:"$proto/transport//require" \ 769 1.20 ozaki $HIJACKING setkey -D -P 770 1.20 ozaki # Check if the policy isn't modified accidentally 771 1.20 ozaki atf_check -s exit:0 -o not-match:"$proto/transport/.+\-.+/require" \ 772 1.20 ozaki $HIJACKING setkey -D -P 773 1.20 ozaki } 774 1.20 ozaki 775 1.20 ozaki add_test_multiple_sa() 776 1.20 ozaki { 777 1.20 ozaki local proto=$1 778 1.20 ozaki local algo=$2 779 1.20 ozaki local _algo=$(echo $algo | sed 's/-//g') 780 1.20 ozaki local name= desc= 781 1.20 ozaki 782 1.20 ozaki desc="Tests multiple SAs with $proto ($algo)" 783 1.20 ozaki name="ipsec_multiple_sa_${proto}_${_algo}" 784 1.20 ozaki 785 1.20 ozaki atf_test_case ${name} cleanup 786 1.20 ozaki eval " 787 1.20 ozaki ${name}_head() { 788 1.20 ozaki atf_set descr \"$desc\" 789 1.20 ozaki atf_set require.progs rump_server setkey 790 1.20 ozaki } 791 1.20 ozaki ${name}_body() { 792 1.20 ozaki test_multiple_sa $proto $algo 793 1.20 ozaki rump_server_destroy_ifaces 794 1.20 ozaki } 795 1.20 ozaki ${name}_cleanup() { 796 1.20 ozaki \$DEBUG && dump 797 1.20 ozaki cleanup 798 1.20 ozaki } 799 1.20 ozaki " 800 1.20 ozaki atf_add_test_case ${name} 801 1.20 ozaki } 802 1.20 ozaki 803 1.1 ozaki atf_init_test_cases() 804 1.1 ozaki { 805 1.1 ozaki local algo= 806 1.1 ozaki 807 1.1 ozaki for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do 808 1.1 ozaki add_test_lifetime ipv4 esp $algo 809 1.1 ozaki add_test_lifetime ipv6 esp $algo 810 1.8 ozaki add_test_update esp $algo sa 811 1.8 ozaki add_test_update esp $algo sp 812 1.13 ozaki add_test_spi esp $algo new delete 813 1.13 ozaki add_test_spi esp $algo old delete 814 1.13 ozaki add_test_spi esp $algo new timeout 815 1.13 ozaki add_test_spi esp $algo old timeout 816 1.17 ozaki add_test_nosa esp $algo 817 1.20 ozaki add_test_multiple_sa esp $algo 818 1.1 ozaki done 819 1.1 ozaki for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do 820 1.1 ozaki add_test_lifetime ipv4 ah $algo 821 1.1 ozaki add_test_lifetime ipv6 ah $algo 822 1.8 ozaki add_test_update ah $algo sa 823 1.8 ozaki add_test_update ah $algo sp 824 1.13 ozaki add_test_spi ah $algo new delete 825 1.13 ozaki add_test_spi ah $algo old delete 826 1.13 ozaki add_test_spi ah $algo new timeout 827 1.13 ozaki add_test_spi ah $algo old timeout 828 1.17 ozaki add_test_nosa ah $algo 829 1.20 ozaki add_test_multiple_sa ah $algo 830 1.1 ozaki done 831 1.1 ozaki } 832
Indexes created Tue Sep 23 07:09:52 GMT 2025