t_ipsec_misc.sh revision 1.9
1 1.9 ozaki # $NetBSD: t_ipsec_misc.sh,v 1.9 2017/07/14 11:54:52 ozaki-r Exp $ 2 1.1 ozaki # 3 1.1 ozaki # Copyright (c) 2017 Internet Initiative Japan Inc. 4 1.1 ozaki # All rights reserved. 5 1.1 ozaki # 6 1.1 ozaki # Redistribution and use in source and binary forms, with or without 7 1.1 ozaki # modification, are permitted provided that the following conditions 8 1.1 ozaki # are met: 9 1.1 ozaki # 1. Redistributions of source code must retain the above copyright 10 1.1 ozaki # notice, this list of conditions and the following disclaimer. 11 1.1 ozaki # 2. Redistributions in binary form must reproduce the above copyright 12 1.1 ozaki # notice, this list of conditions and the following disclaimer in the 13 1.1 ozaki # documentation and/or other materials provided with the distribution. 14 1.1 ozaki # 15 1.1 ozaki # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1 ozaki # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1 ozaki # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1 ozaki # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1 ozaki # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1 ozaki # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1 ozaki # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1 ozaki # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1 ozaki # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1 ozaki # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1 ozaki # POSSIBILITY OF SUCH DAMAGE. 26 1.1 ozaki # 27 1.1 ozaki 28 1.1 ozaki SOCK_LOCAL=unix://ipsec_local 29 1.1 ozaki SOCK_PEER=unix://ipsec_peer 30 1.1 ozaki BUS=./bus_ipsec 31 1.1 ozaki 32 1.4 ozaki DEBUG=${DEBUG:-true} 33 1.1 ozaki 34 1.1 ozaki setup_sasp() 35 1.1 ozaki { 36 1.1 ozaki local proto=$1 37 1.1 ozaki local algo_args="$2" 38 1.1 ozaki local ip_local=$3 39 1.1 ozaki local ip_peer=$4 40 1.1 ozaki local lifetime=$5 41 1.8 ozaki local update=$6 42 1.1 ozaki local tmpfile=./tmp 43 1.8 ozaki local extra= 44 1.8 ozaki 45 1.8 ozaki if [ "$update" = sa ]; then 46 1.8 ozaki extra="update $ip_local $ip_peer $proto 10000 $algo_args; 47 1.8 ozaki update $ip_peer $ip_local $proto 10001 $algo_args;" 48 1.8 ozaki elif [ "$update" = sp ]; then 49 1.8 ozaki extra="spdupdate $ip_local $ip_peer any -P out ipsec $proto/transport//require;" 50 1.8 ozaki fi 51 1.1 ozaki 52 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 53 1.1 ozaki cat > $tmpfile <<-EOF 54 1.1 ozaki add $ip_local $ip_peer $proto 10000 -lh $lifetime -ls $lifetime $algo_args; 55 1.1 ozaki add $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $algo_args; 56 1.1 ozaki spdadd $ip_local $ip_peer any -P out ipsec $proto/transport//require; 57 1.8 ozaki $extra 58 1.1 ozaki EOF 59 1.1 ozaki $DEBUG && cat $tmpfile 60 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 61 1.3 ozaki # XXX it can be expired if $lifetime is very short 62 1.3 ozaki #check_sa_entries $SOCK_LOCAL $ip_local $ip_peer 63 1.1 ozaki 64 1.8 ozaki if [ "$update" = sp ]; then 65 1.8 ozaki extra="spdupdate $ip_peer $ip_local any -P out ipsec $proto/transport//require;" 66 1.8 ozaki fi 67 1.8 ozaki 68 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 69 1.1 ozaki cat > $tmpfile <<-EOF 70 1.1 ozaki add $ip_local $ip_peer $proto 10000 -lh $lifetime -ls $lifetime $algo_args; 71 1.1 ozaki add $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $algo_args; 72 1.1 ozaki spdadd $ip_peer $ip_local any -P out ipsec $proto/transport//require; 73 1.8 ozaki $extra 74 1.1 ozaki EOF 75 1.1 ozaki $DEBUG && cat $tmpfile 76 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 77 1.3 ozaki # XXX it can be expired if $lifetime is very short 78 1.3 ozaki #check_sa_entries $SOCK_PEER $ip_local $ip_peer 79 1.1 ozaki } 80 1.1 ozaki 81 1.1 ozaki test_ipsec4_lifetime() 82 1.1 ozaki { 83 1.1 ozaki local proto=$1 84 1.1 ozaki local algo=$2 85 1.1 ozaki local ip_local=10.0.0.1 86 1.1 ozaki local ip_peer=10.0.0.2 87 1.1 ozaki local outfile=./out 88 1.1 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 89 1.1 ozaki local algo_args="$(generate_algo_args $proto $algo)" 90 1.1 ozaki local lifetime=3 91 1.1 ozaki 92 1.1 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 93 1.1 ozaki rump_server_crypto_start $SOCK_PEER netipsec 94 1.1 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 95 1.1 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 96 1.1 ozaki 97 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 98 1.1 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 99 1.1 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 100 1.1 ozaki #atf_check -s exit:0 -o ignore rump.sysctl -w net.key.debug=0xff 101 1.1 ozaki 102 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 103 1.1 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 104 1.1 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 105 1.1 ozaki #atf_check -s exit:0 -o ignore rump.sysctl -w net.key.debug=0xff 106 1.1 ozaki 107 1.1 ozaki extract_new_packets $BUS > $outfile 108 1.1 ozaki 109 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 110 1.1 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 111 1.1 ozaki 112 1.1 ozaki extract_new_packets $BUS > $outfile 113 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: ICMP echo request" \ 114 1.1 ozaki cat $outfile 115 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: ICMP echo reply" \ 116 1.1 ozaki cat $outfile 117 1.1 ozaki 118 1.1 ozaki # Set up SAs with lifetime 1 sec. 119 1.1 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 1 120 1.1 ozaki 121 1.1 ozaki # Wait for the SAs to be expired 122 1.1 ozaki atf_check -s exit:0 sleep 2 123 1.1 ozaki 124 1.1 ozaki # Check the SAs have been expired 125 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 126 1.1 ozaki $DEBUG && $HIJACKING setkey -D 127 1.1 ozaki atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D 128 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 129 1.1 ozaki $DEBUG && $HIJACKING setkey -D 130 1.1 ozaki atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D 131 1.1 ozaki 132 1.1 ozaki # Clean up SPs 133 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 134 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -F -P 135 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 136 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -F -P 137 1.1 ozaki 138 1.1 ozaki # Set up SAs with lifetime with $lifetime 139 1.1 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer $lifetime 140 1.1 ozaki 141 1.1 ozaki # Use the SAs; this will create a reference from an SP to an SA 142 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 143 1.1 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 144 1.1 ozaki 145 1.1 ozaki extract_new_packets $BUS > $outfile 146 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: $proto_cap" \ 147 1.1 ozaki cat $outfile 148 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \ 149 1.1 ozaki cat $outfile 150 1.1 ozaki 151 1.1 ozaki atf_check -s exit:0 sleep $((lifetime + 1)) 152 1.1 ozaki 153 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 154 1.1 ozaki $DEBUG && $HIJACKING setkey -D 155 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -D 156 1.1 ozaki # The SA on output remain because sp/isr still refers it 157 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local $ip_peer" \ 158 1.1 ozaki $HIJACKING setkey -D -a 159 1.1 ozaki atf_check -s exit:0 -o not-match:"$ip_peer $ip_local" \ 160 1.1 ozaki $HIJACKING setkey -D -a 161 1.1 ozaki 162 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 163 1.1 ozaki $DEBUG && $HIJACKING setkey -D 164 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -D 165 1.1 ozaki atf_check -s exit:0 -o not-match:"$ip_local $ip_peer" \ 166 1.1 ozaki $HIJACKING setkey -D -a 167 1.1 ozaki # The SA on output remain because sp/isr still refers it 168 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer $ip_local" \ 169 1.1 ozaki $HIJACKING setkey -D -a 170 1.1 ozaki 171 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 172 1.1 ozaki atf_check -s not-exit:0 -o match:'0 packets received' \ 173 1.1 ozaki rump.ping -c 1 -n -w 1 $ip_peer 174 1.1 ozaki 175 1.1 ozaki test_flush_entries $SOCK_LOCAL 176 1.1 ozaki test_flush_entries $SOCK_PEER 177 1.1 ozaki } 178 1.1 ozaki 179 1.1 ozaki test_ipsec6_lifetime() 180 1.1 ozaki { 181 1.1 ozaki local proto=$1 182 1.1 ozaki local algo=$2 183 1.1 ozaki local ip_local=fd00::1 184 1.1 ozaki local ip_peer=fd00::2 185 1.1 ozaki local outfile=./out 186 1.1 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 187 1.1 ozaki local algo_args="$(generate_algo_args $proto $algo)" 188 1.1 ozaki local lifetime=3 189 1.1 ozaki 190 1.1 ozaki rump_server_crypto_start $SOCK_LOCAL netinet6 netipsec 191 1.1 ozaki rump_server_crypto_start $SOCK_PEER netinet6 netipsec 192 1.1 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 193 1.1 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 194 1.1 ozaki 195 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 196 1.1 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 197 1.1 ozaki atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_local 198 1.1 ozaki 199 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 200 1.1 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 201 1.1 ozaki atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_peer 202 1.1 ozaki 203 1.1 ozaki extract_new_packets $BUS > $outfile 204 1.1 ozaki 205 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 206 1.1 ozaki atf_check -s exit:0 -o ignore rump.ping6 -c 1 -n -X 3 $ip_peer 207 1.1 ozaki 208 1.1 ozaki extract_new_packets $BUS > $outfile 209 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: ICMP6, echo request" \ 210 1.1 ozaki cat $outfile 211 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: ICMP6, echo reply" \ 212 1.1 ozaki cat $outfile 213 1.1 ozaki 214 1.1 ozaki # Set up SAs with lifetime 1 sec. 215 1.1 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 1 216 1.1 ozaki 217 1.1 ozaki # Wait for the SAs to be expired 218 1.1 ozaki atf_check -s exit:0 sleep 2 219 1.1 ozaki 220 1.1 ozaki # Check the SAs have been expired 221 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 222 1.1 ozaki $DEBUG && $HIJACKING setkey -D 223 1.1 ozaki atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D 224 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 225 1.1 ozaki $DEBUG && $HIJACKING setkey -D 226 1.1 ozaki atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D 227 1.1 ozaki 228 1.1 ozaki # Clean up SPs 229 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 230 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -F -P 231 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 232 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -F -P 233 1.1 ozaki 234 1.1 ozaki # Set up SAs with lifetime with $lifetime 235 1.1 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer $lifetime 236 1.1 ozaki 237 1.1 ozaki # Use the SAs; this will create a reference from an SP to an SA 238 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 239 1.1 ozaki atf_check -s exit:0 -o ignore rump.ping6 -c 1 -n -X 3 $ip_peer 240 1.1 ozaki 241 1.1 ozaki extract_new_packets $BUS > $outfile 242 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: $proto_cap" \ 243 1.1 ozaki cat $outfile 244 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \ 245 1.1 ozaki cat $outfile 246 1.1 ozaki 247 1.1 ozaki atf_check -s exit:0 sleep $((lifetime + 1)) 248 1.1 ozaki 249 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 250 1.1 ozaki $DEBUG && $HIJACKING setkey -D 251 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -D 252 1.1 ozaki # The SA on output remain because sp/isr still refers it 253 1.1 ozaki atf_check -s exit:0 -o match:"$ip_local $ip_peer" \ 254 1.1 ozaki $HIJACKING setkey -D -a 255 1.1 ozaki atf_check -s exit:0 -o not-match:"$ip_peer $ip_local" \ 256 1.1 ozaki $HIJACKING setkey -D -a 257 1.1 ozaki 258 1.1 ozaki export RUMP_SERVER=$SOCK_PEER 259 1.1 ozaki $DEBUG && $HIJACKING setkey -D 260 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -D 261 1.1 ozaki atf_check -s exit:0 -o not-match:"$ip_local $ip_peer" \ 262 1.1 ozaki $HIJACKING setkey -D -a 263 1.1 ozaki # The SA on output remain because sp/isr still refers it 264 1.1 ozaki atf_check -s exit:0 -o match:"$ip_peer $ip_local" \ 265 1.1 ozaki $HIJACKING setkey -D -a 266 1.1 ozaki 267 1.1 ozaki export RUMP_SERVER=$SOCK_LOCAL 268 1.1 ozaki atf_check -s not-exit:0 -o match:'0 packets received' \ 269 1.1 ozaki rump.ping6 -c 1 -n -X 1 $ip_peer 270 1.1 ozaki 271 1.1 ozaki test_flush_entries $SOCK_LOCAL 272 1.1 ozaki test_flush_entries $SOCK_PEER 273 1.1 ozaki } 274 1.1 ozaki 275 1.1 ozaki test_lifetime_common() 276 1.1 ozaki { 277 1.1 ozaki local ipproto=$1 278 1.1 ozaki local proto=$2 279 1.1 ozaki local algo=$3 280 1.1 ozaki 281 1.1 ozaki if [ $ipproto = ipv4 ]; then 282 1.1 ozaki test_ipsec4_lifetime $proto $algo 283 1.1 ozaki else 284 1.1 ozaki test_ipsec6_lifetime $proto $algo 285 1.1 ozaki fi 286 1.1 ozaki } 287 1.1 ozaki 288 1.1 ozaki add_test_lifetime() 289 1.1 ozaki { 290 1.1 ozaki local ipproto=$1 291 1.1 ozaki local proto=$2 292 1.1 ozaki local algo=$3 293 1.1 ozaki local _algo=$(echo $algo | sed 's/-//g') 294 1.1 ozaki local name= desc= 295 1.1 ozaki 296 1.1 ozaki name="ipsec_lifetime_${ipproto}_${proto}_${_algo}" 297 1.1 ozaki desc="Tests of lifetime of IPsec ($ipproto) with $proto ($algo)" 298 1.1 ozaki 299 1.1 ozaki atf_test_case ${name} cleanup 300 1.1 ozaki eval " \ 301 1.1 ozaki ${name}_head() { \ 302 1.1 ozaki atf_set \"descr\" \"$desc\"; \ 303 1.1 ozaki atf_set \"require.progs\" \"rump_server\" \"setkey\"; \ 304 1.1 ozaki }; \ 305 1.1 ozaki ${name}_body() { \ 306 1.1 ozaki test_lifetime_common $ipproto $proto $algo; \ 307 1.1 ozaki rump_server_destroy_ifaces; \ 308 1.1 ozaki }; \ 309 1.1 ozaki ${name}_cleanup() { \ 310 1.1 ozaki $DEBUG && dump; \ 311 1.1 ozaki cleanup; \ 312 1.1 ozaki } \ 313 1.1 ozaki " 314 1.1 ozaki atf_add_test_case ${name} 315 1.1 ozaki } 316 1.1 ozaki 317 1.2 ozaki prepare_file() 318 1.2 ozaki { 319 1.2 ozaki local file=$1 320 1.2 ozaki local data="0123456789" 321 1.2 ozaki 322 1.2 ozaki touch $file 323 1.2 ozaki for i in `seq 1 512` 324 1.2 ozaki do 325 1.2 ozaki echo $data >> $file 326 1.2 ozaki done 327 1.2 ozaki } 328 1.2 ozaki 329 1.2 ozaki test_tcp() 330 1.2 ozaki { 331 1.7 ozaki local local_proto=$1 332 1.2 ozaki local ip_local=$2 333 1.7 ozaki local peer_proto=$3 334 1.7 ozaki local ip_peer=$4 335 1.2 ozaki local port=1234 336 1.2 ozaki local file_send=./file.send 337 1.2 ozaki local file_recv=./file.recv 338 1.2 ozaki local opts= 339 1.2 ozaki 340 1.7 ozaki if [ $local_proto = ipv4 ]; then 341 1.2 ozaki opts="-N -w 3 -4" 342 1.2 ozaki else 343 1.2 ozaki opts="-N -w 3 -6" 344 1.2 ozaki fi 345 1.2 ozaki 346 1.2 ozaki # Start nc server 347 1.7 ozaki start_nc_server $SOCK_PEER $port $file_recv $peer_proto 348 1.2 ozaki 349 1.2 ozaki export RUMP_SERVER=$SOCK_LOCAL 350 1.2 ozaki # Send a file to the server 351 1.2 ozaki prepare_file $file_send 352 1.2 ozaki atf_check -s exit:0 $HIJACKING nc $opts $ip_peer $port < $file_send 353 1.2 ozaki 354 1.2 ozaki # Check if the file is transferred correctly 355 1.2 ozaki atf_check -s exit:0 diff -q $file_send $file_recv 356 1.2 ozaki 357 1.2 ozaki stop_nc_server 358 1.2 ozaki rm -f $file_send $file_recv 359 1.2 ozaki } 360 1.2 ozaki 361 1.2 ozaki test_tcp_ipv4() 362 1.2 ozaki { 363 1.6 ozaki local proto=$1 364 1.6 ozaki local algo=$2 365 1.2 ozaki local ip_local=10.0.0.1 366 1.2 ozaki local ip_peer=10.0.0.2 367 1.6 ozaki local algo_args="$(generate_algo_args $proto $algo)" 368 1.6 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 369 1.6 ozaki local outfile=./out 370 1.2 ozaki 371 1.2 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 372 1.2 ozaki rump_server_crypto_start $SOCK_PEER netipsec 373 1.2 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 374 1.2 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 375 1.2 ozaki 376 1.2 ozaki export RUMP_SERVER=$SOCK_LOCAL 377 1.2 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 378 1.2 ozaki atf_check -s exit:0 rump.ifconfig -w 10 379 1.2 ozaki 380 1.2 ozaki export RUMP_SERVER=$SOCK_PEER 381 1.2 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 382 1.2 ozaki atf_check -s exit:0 rump.ifconfig -w 10 383 1.2 ozaki 384 1.6 ozaki if [ $proto != none ]; then 385 1.6 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 100 386 1.6 ozaki fi 387 1.6 ozaki 388 1.6 ozaki extract_new_packets $BUS > $outfile 389 1.6 ozaki 390 1.7 ozaki test_tcp ipv4 $ip_local ipv4 $ip_peer 391 1.6 ozaki 392 1.6 ozaki extract_new_packets $BUS > $outfile 393 1.6 ozaki $DEBUG && cat $outfile 394 1.6 ozaki 395 1.6 ozaki if [ $proto != none ]; then 396 1.6 ozaki atf_check -s exit:0 \ 397 1.6 ozaki -o match:"$ip_local > $ip_peer: $proto_cap" \ 398 1.6 ozaki cat $outfile 399 1.6 ozaki atf_check -s exit:0 \ 400 1.6 ozaki -o match:"$ip_peer > $ip_local: $proto_cap" \ 401 1.6 ozaki cat $outfile 402 1.6 ozaki fi 403 1.2 ozaki } 404 1.2 ozaki 405 1.2 ozaki test_tcp_ipv6() 406 1.2 ozaki { 407 1.6 ozaki local proto=$1 408 1.6 ozaki local algo=$2 409 1.2 ozaki local ip_local=fd00::1 410 1.2 ozaki local ip_peer=fd00::2 411 1.6 ozaki local algo_args="$(generate_algo_args $proto $algo)" 412 1.6 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 413 1.6 ozaki local outfile=./out 414 1.2 ozaki 415 1.2 ozaki rump_server_crypto_start $SOCK_LOCAL netinet6 netipsec 416 1.2 ozaki rump_server_crypto_start $SOCK_PEER netinet6 netipsec 417 1.2 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 418 1.2 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 419 1.2 ozaki 420 1.2 ozaki export RUMP_SERVER=$SOCK_LOCAL 421 1.2 ozaki atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_local 422 1.2 ozaki atf_check -s exit:0 rump.ifconfig -w 10 423 1.2 ozaki 424 1.2 ozaki export RUMP_SERVER=$SOCK_PEER 425 1.2 ozaki atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_peer 426 1.2 ozaki atf_check -s exit:0 rump.ifconfig -w 10 427 1.2 ozaki 428 1.6 ozaki if [ $proto != none ]; then 429 1.6 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 100 430 1.6 ozaki fi 431 1.6 ozaki 432 1.6 ozaki extract_new_packets $BUS > $outfile 433 1.6 ozaki 434 1.7 ozaki test_tcp ipv6 $ip_local ipv6 $ip_peer 435 1.7 ozaki 436 1.7 ozaki extract_new_packets $BUS > $outfile 437 1.7 ozaki $DEBUG && cat $outfile 438 1.7 ozaki 439 1.7 ozaki if [ $proto != none ]; then 440 1.7 ozaki atf_check -s exit:0 \ 441 1.7 ozaki -o match:"$ip_local > $ip_peer: $proto_cap" \ 442 1.7 ozaki cat $outfile 443 1.7 ozaki atf_check -s exit:0 \ 444 1.7 ozaki -o match:"$ip_peer > $ip_local: $proto_cap" \ 445 1.7 ozaki cat $outfile 446 1.7 ozaki fi 447 1.7 ozaki } 448 1.7 ozaki 449 1.7 ozaki test_tcp_ipv4mappedipv6() 450 1.7 ozaki { 451 1.7 ozaki local proto=$1 452 1.7 ozaki local algo=$2 453 1.7 ozaki local ip_local=10.0.0.1 454 1.7 ozaki local ip_peer=10.0.0.2 455 1.7 ozaki local ip6_peer=::ffff:10.0.0.2 456 1.7 ozaki local algo_args="$(generate_algo_args $proto $algo)" 457 1.7 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 458 1.7 ozaki local outfile=./out 459 1.7 ozaki 460 1.7 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 461 1.7 ozaki rump_server_crypto_start $SOCK_PEER netipsec netinet6 462 1.7 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 463 1.7 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 464 1.7 ozaki 465 1.7 ozaki export RUMP_SERVER=$SOCK_LOCAL 466 1.7 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 467 1.7 ozaki atf_check -s exit:0 rump.ifconfig -w 10 468 1.7 ozaki 469 1.7 ozaki export RUMP_SERVER=$SOCK_PEER 470 1.7 ozaki atf_check -s exit:0 -o ignore rump.sysctl -w net.inet6.ip6.v6only=0 471 1.7 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 472 1.7 ozaki atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip6_peer/96 473 1.7 ozaki atf_check -s exit:0 rump.ifconfig -w 10 474 1.7 ozaki 475 1.7 ozaki if [ $proto != none ]; then 476 1.7 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 100 477 1.7 ozaki fi 478 1.7 ozaki 479 1.7 ozaki extract_new_packets $BUS > $outfile 480 1.7 ozaki 481 1.7 ozaki test_tcp ipv4 $ip_local ipv6 $ip_peer 482 1.6 ozaki 483 1.6 ozaki extract_new_packets $BUS > $outfile 484 1.6 ozaki $DEBUG && cat $outfile 485 1.6 ozaki 486 1.6 ozaki if [ $proto != none ]; then 487 1.6 ozaki atf_check -s exit:0 \ 488 1.6 ozaki -o match:"$ip_local > $ip_peer: $proto_cap" \ 489 1.6 ozaki cat $outfile 490 1.6 ozaki atf_check -s exit:0 \ 491 1.6 ozaki -o match:"$ip_peer > $ip_local: $proto_cap" \ 492 1.6 ozaki cat $outfile 493 1.6 ozaki fi 494 1.2 ozaki } 495 1.2 ozaki 496 1.2 ozaki add_test_tcp() 497 1.2 ozaki { 498 1.2 ozaki local ipproto=$1 499 1.6 ozaki local proto=$2 500 1.6 ozaki local algo=$3 501 1.6 ozaki local _algo=$(echo $algo | sed 's/-//g') 502 1.2 ozaki local name= desc= 503 1.2 ozaki 504 1.6 ozaki if [ $proto = none ]; then 505 1.6 ozaki desc="Tests of TCP with IPsec enabled ($ipproto)" 506 1.6 ozaki name="ipsec_tcp_${ipproto}_${proto}" 507 1.6 ozaki else 508 1.6 ozaki desc="Tests of TCP with IPsec ($ipproto) $proto $algo" 509 1.6 ozaki name="ipsec_tcp_${ipproto}_${proto}_${_algo}" 510 1.6 ozaki fi 511 1.2 ozaki 512 1.2 ozaki atf_test_case ${name} cleanup 513 1.2 ozaki eval " \ 514 1.2 ozaki ${name}_head() { \ 515 1.2 ozaki atf_set \"descr\" \"$desc\"; \ 516 1.2 ozaki atf_set \"require.progs\" \"rump_server\" \"setkey\"; \ 517 1.2 ozaki }; \ 518 1.2 ozaki ${name}_body() { \ 519 1.6 ozaki test_tcp_${ipproto} $proto $algo; \ 520 1.2 ozaki rump_server_destroy_ifaces; \ 521 1.2 ozaki }; \ 522 1.2 ozaki ${name}_cleanup() { \ 523 1.2 ozaki $DEBUG && dump; \ 524 1.2 ozaki cleanup; \ 525 1.2 ozaki } \ 526 1.2 ozaki " 527 1.2 ozaki atf_add_test_case ${name} 528 1.2 ozaki } 529 1.2 ozaki 530 1.8 ozaki test_update() 531 1.8 ozaki { 532 1.8 ozaki local proto=$1 533 1.8 ozaki local algo=$2 534 1.8 ozaki local update=$3 535 1.8 ozaki local ip_local=10.0.0.1 536 1.8 ozaki local ip_peer=10.0.0.2 537 1.8 ozaki local algo_args="$(generate_algo_args $proto $algo)" 538 1.8 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 539 1.8 ozaki local outfile=./out 540 1.8 ozaki 541 1.8 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 542 1.8 ozaki rump_server_crypto_start $SOCK_PEER netipsec 543 1.8 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 544 1.8 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 545 1.8 ozaki 546 1.8 ozaki export RUMP_SERVER=$SOCK_LOCAL 547 1.8 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 548 1.8 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 549 1.8 ozaki 550 1.8 ozaki export RUMP_SERVER=$SOCK_PEER 551 1.8 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 552 1.8 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 553 1.8 ozaki 554 1.8 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 100 $update 555 1.8 ozaki 556 1.8 ozaki extract_new_packets $BUS > $outfile 557 1.8 ozaki 558 1.8 ozaki export RUMP_SERVER=$SOCK_LOCAL 559 1.8 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 560 1.8 ozaki 561 1.8 ozaki extract_new_packets $BUS > $outfile 562 1.8 ozaki atf_check -s exit:0 -o match:"$ip_local > $ip_peer: $proto_cap" \ 563 1.8 ozaki cat $outfile 564 1.8 ozaki atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \ 565 1.8 ozaki cat $outfile 566 1.8 ozaki } 567 1.8 ozaki 568 1.8 ozaki add_test_update() 569 1.8 ozaki { 570 1.8 ozaki local proto=$1 571 1.8 ozaki local algo=$2 572 1.8 ozaki local update=$3 573 1.8 ozaki local _update=$(echo $update |tr 'a-z' 'A-Z') 574 1.8 ozaki local _algo=$(echo $algo | sed 's/-//g') 575 1.8 ozaki local name= desc= 576 1.8 ozaki 577 1.8 ozaki desc="Tests trying to udpate $_update of $proto ($algo)" 578 1.8 ozaki name="ipsec_update_${update}_${proto}_${_algo}" 579 1.8 ozaki 580 1.8 ozaki atf_test_case ${name} cleanup 581 1.8 ozaki eval " \ 582 1.8 ozaki ${name}_head() { \ 583 1.8 ozaki atf_set \"descr\" \"$desc\"; \ 584 1.8 ozaki atf_set \"require.progs\" \"rump_server\" \"setkey\"; \ 585 1.8 ozaki }; \ 586 1.8 ozaki ${name}_body() { \ 587 1.8 ozaki test_update $proto $algo $update; \ 588 1.8 ozaki rump_server_destroy_ifaces; \ 589 1.8 ozaki }; \ 590 1.8 ozaki ${name}_cleanup() { \ 591 1.8 ozaki $DEBUG && dump; \ 592 1.8 ozaki cleanup; \ 593 1.8 ozaki } \ 594 1.8 ozaki " 595 1.8 ozaki atf_add_test_case ${name} 596 1.8 ozaki } 597 1.8 ozaki 598 1.9 ozaki add_sa() 599 1.9 ozaki { 600 1.9 ozaki local proto=$1 601 1.9 ozaki local algo_args="$2" 602 1.9 ozaki local ip_local=$3 603 1.9 ozaki local ip_peer=$4 604 1.9 ozaki local lifetime=$5 605 1.9 ozaki local spi=$6 606 1.9 ozaki local tmpfile=./tmp 607 1.9 ozaki local extra= 608 1.9 ozaki 609 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 610 1.9 ozaki cat > $tmpfile <<-EOF 611 1.9 ozaki add $ip_local $ip_peer $proto $((spi)) -lh $lifetime -ls $lifetime $algo_args; 612 1.9 ozaki add $ip_peer $ip_local $proto $((spi + 1)) -lh $lifetime -ls $lifetime $algo_args; 613 1.9 ozaki $extra 614 1.9 ozaki EOF 615 1.9 ozaki $DEBUG && cat $tmpfile 616 1.9 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 617 1.9 ozaki $DEBUG && $HIJACKING setkey -D 618 1.9 ozaki # XXX it can be expired if $lifetime is very short 619 1.9 ozaki #check_sa_entries $SOCK_LOCAL $ip_local $ip_peer 620 1.9 ozaki 621 1.9 ozaki export RUMP_SERVER=$SOCK_PEER 622 1.9 ozaki cat > $tmpfile <<-EOF 623 1.9 ozaki add $ip_local $ip_peer $proto $((spi)) -lh $lifetime -ls $lifetime $algo_args; 624 1.9 ozaki add $ip_peer $ip_local $proto $((spi + 1)) -lh $lifetime -ls $lifetime $algo_args; 625 1.9 ozaki $extra 626 1.9 ozaki EOF 627 1.9 ozaki $DEBUG && cat $tmpfile 628 1.9 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 629 1.9 ozaki $DEBUG && $HIJACKING setkey -D 630 1.9 ozaki # XXX it can be expired if $lifetime is very short 631 1.9 ozaki #check_sa_entries $SOCK_PEER $ip_local $ip_peer 632 1.9 ozaki } 633 1.9 ozaki 634 1.9 ozaki check_packet_spi() 635 1.9 ozaki { 636 1.9 ozaki local outfile=$1 637 1.9 ozaki local ip_local=$2 638 1.9 ozaki local ip_peer=$3 639 1.9 ozaki local proto=$4 640 1.9 ozaki local spi=$5 641 1.9 ozaki local spistr= 642 1.9 ozaki 643 1.9 ozaki $DEBUG && cat $outfile 644 1.9 ozaki spistr=$(printf "%08x" $spi) 645 1.9 ozaki atf_check -s exit:0 \ 646 1.9 ozaki -o match:"$ip_local > $ip_peer: $proto_cap\(spi=0x$spistr," \ 647 1.9 ozaki cat $outfile 648 1.9 ozaki spistr=$(printf "%08x" $((spi + 1))) 649 1.9 ozaki atf_check -s exit:0 \ 650 1.9 ozaki -o match:"$ip_peer > $ip_local: $proto_cap\(spi=0x$spistr," \ 651 1.9 ozaki cat $outfile 652 1.9 ozaki } 653 1.9 ozaki 654 1.9 ozaki test_spi() 655 1.9 ozaki { 656 1.9 ozaki local proto=$1 657 1.9 ozaki local algo=$2 658 1.9 ozaki local update=$3 659 1.9 ozaki local preferred=$4 660 1.9 ozaki local ip_local=10.0.0.1 661 1.9 ozaki local ip_peer=10.0.0.2 662 1.9 ozaki local algo_args="$(generate_algo_args $proto $algo)" 663 1.9 ozaki local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') 664 1.9 ozaki local outfile=./out 665 1.9 ozaki local spistr= 666 1.9 ozaki 667 1.9 ozaki rump_server_crypto_start $SOCK_LOCAL netipsec 668 1.9 ozaki rump_server_crypto_start $SOCK_PEER netipsec 669 1.9 ozaki rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 670 1.9 ozaki rump_server_add_iface $SOCK_PEER shmif0 $BUS 671 1.9 ozaki 672 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 673 1.9 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 674 1.9 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 675 1.9 ozaki if [ $preferred = old ]; then 676 1.9 ozaki atf_check -s exit:0 rump.sysctl -q -w net.key.prefered_oldsa=1 677 1.9 ozaki fi 678 1.9 ozaki 679 1.9 ozaki export RUMP_SERVER=$SOCK_PEER 680 1.9 ozaki atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 681 1.9 ozaki atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24 682 1.9 ozaki if [ $preferred = old ]; then 683 1.9 ozaki atf_check -s exit:0 rump.sysctl -q -w net.key.prefered_oldsa=1 684 1.9 ozaki fi 685 1.9 ozaki 686 1.9 ozaki setup_sasp $proto "$algo_args" $ip_local $ip_peer 100 687 1.9 ozaki 688 1.9 ozaki extract_new_packets $BUS > $outfile 689 1.9 ozaki 690 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 691 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 692 1.9 ozaki extract_new_packets $BUS > $outfile 693 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 694 1.9 ozaki 695 1.9 ozaki # Add a new SA with a different SPI 696 1.9 ozaki add_sa $proto "$algo_args" $ip_local $ip_peer 6 10010 697 1.9 ozaki 698 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 699 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 700 1.9 ozaki extract_new_packets $BUS > $outfile 701 1.9 ozaki if [ $preferred = old ]; then 702 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 703 1.9 ozaki else 704 1.9 ozaki # The new SA is preferred 705 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10010 706 1.9 ozaki fi 707 1.9 ozaki 708 1.9 ozaki # Add another SA with a different SPI 709 1.9 ozaki add_sa $proto "$algo_args" $ip_local $ip_peer 3 10020 710 1.9 ozaki 711 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 712 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 713 1.9 ozaki extract_new_packets $BUS > $outfile 714 1.9 ozaki if [ $preferred = old ]; then 715 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 716 1.9 ozaki else 717 1.9 ozaki # The newest SA is preferred 718 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10020 719 1.9 ozaki fi 720 1.9 ozaki 721 1.9 ozaki sleep $((3 + 1)) 722 1.9 ozaki 723 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 724 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 725 1.9 ozaki extract_new_packets $BUS > $outfile 726 1.9 ozaki if [ $preferred = old ]; then 727 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 728 1.9 ozaki else 729 1.9 ozaki # The newest one is removed and the second one is used 730 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10010 731 1.9 ozaki fi 732 1.9 ozaki 733 1.9 ozaki sleep $((6 + 1 - (3 + 1))) 734 1.9 ozaki 735 1.9 ozaki export RUMP_SERVER=$SOCK_LOCAL 736 1.9 ozaki atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer 737 1.9 ozaki extract_new_packets $BUS > $outfile 738 1.9 ozaki if [ $preferred = old ]; then 739 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 740 1.9 ozaki else 741 1.9 ozaki # The second one is removed and the original one is used 742 1.9 ozaki check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10000 743 1.9 ozaki fi 744 1.9 ozaki } 745 1.9 ozaki 746 1.9 ozaki add_test_spi() 747 1.9 ozaki { 748 1.9 ozaki local proto=$1 749 1.9 ozaki local algo=$2 750 1.9 ozaki local preferred=$3 751 1.9 ozaki local _algo=$(echo $algo | sed 's/-//g') 752 1.9 ozaki local name= desc= 753 1.9 ozaki 754 1.9 ozaki desc="Tests SAs with different SPIs of $proto ($algo) ($preferred SA preferred)" 755 1.9 ozaki name="ipsec_spi_${proto}_${_algo}_preferred_${preferred}" 756 1.9 ozaki 757 1.9 ozaki atf_test_case ${name} cleanup 758 1.9 ozaki eval " \ 759 1.9 ozaki ${name}_head() { \ 760 1.9 ozaki atf_set \"descr\" \"$desc\"; \ 761 1.9 ozaki atf_set \"require.progs\" \"rump_server\" \"setkey\"; \ 762 1.9 ozaki }; \ 763 1.9 ozaki ${name}_body() { \ 764 1.9 ozaki test_spi $proto $algo $preferred; \ 765 1.9 ozaki rump_server_destroy_ifaces; \ 766 1.9 ozaki }; \ 767 1.9 ozaki ${name}_cleanup() { \ 768 1.9 ozaki $DEBUG && dump; \ 769 1.9 ozaki cleanup; \ 770 1.9 ozaki } \ 771 1.9 ozaki " 772 1.9 ozaki atf_add_test_case ${name} 773 1.9 ozaki } 774 1.9 ozaki 775 1.1 ozaki atf_init_test_cases() 776 1.1 ozaki { 777 1.1 ozaki local algo= 778 1.1 ozaki 779 1.1 ozaki for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do 780 1.1 ozaki add_test_lifetime ipv4 esp $algo 781 1.1 ozaki add_test_lifetime ipv6 esp $algo 782 1.6 ozaki add_test_tcp ipv4 esp $algo 783 1.6 ozaki add_test_tcp ipv6 esp $algo 784 1.7 ozaki add_test_tcp ipv4mappedipv6 esp $algo 785 1.8 ozaki add_test_update esp $algo sa 786 1.8 ozaki add_test_update esp $algo sp 787 1.9 ozaki add_test_spi esp $algo new 788 1.9 ozaki add_test_spi esp $algo old 789 1.1 ozaki done 790 1.1 ozaki for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do 791 1.1 ozaki add_test_lifetime ipv4 ah $algo 792 1.1 ozaki add_test_lifetime ipv6 ah $algo 793 1.6 ozaki add_test_tcp ipv4 ah $algo 794 1.6 ozaki add_test_tcp ipv6 ah $algo 795 1.7 ozaki add_test_tcp ipv4mappedipv6 ah $algo 796 1.8 ozaki add_test_update ah $algo sa 797 1.8 ozaki add_test_update ah $algo sp 798 1.9 ozaki add_test_spi ah $algo new 799 1.9 ozaki add_test_spi ah $algo old 800 1.1 ozaki done 801 1.2 ozaki 802 1.6 ozaki add_test_tcp ipv4 none 803 1.6 ozaki add_test_tcp ipv6 none 804 1.7 ozaki add_test_tcp ipv4mappedipv6 none 805 1.1 ozaki } 806
Indexes created Wed Sep 24 05:09:52 GMT 2025