Home | History | Annotate | Line # | Download | only in ipsec
t_ipsec_spflags.sh revision 1.1 
      1  1.1  knakahar #       $NetBSD: t_ipsec_spflags.sh,v 1.1 2022/10/11 09:55:21 knakahara Exp $
      2  1.1  knakahar #
      3  1.1  knakahar # Copyright (c) 2022 Internet Initiative Japan Inc.
      4  1.1  knakahar # All rights reserved.
      5  1.1  knakahar #
      6  1.1  knakahar # Redistribution and use in source and binary forms, with or without
      7  1.1  knakahar # modification, are permitted provided that the following conditions
      8  1.1  knakahar # are met:
      9  1.1  knakahar # 1. Redistributions of source code must retain the above copyright
     10  1.1  knakahar #    notice, this list of conditions and the following disclaimer.
     11  1.1  knakahar # 2. Redistributions in binary form must reproduce the above copyright
     12  1.1  knakahar #    notice, this list of conditions and the following disclaimer in the
     13  1.1  knakahar #    documentation and/or other materials provided with the distribution.
     14  1.1  knakahar #
     15  1.1  knakahar # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
     16  1.1  knakahar # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
     17  1.1  knakahar # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     18  1.1  knakahar # PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
     19  1.1  knakahar # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     20  1.1  knakahar # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
     21  1.1  knakahar # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
     22  1.1  knakahar # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
     23  1.1  knakahar # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     24  1.1  knakahar # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
     25  1.1  knakahar # POSSIBILITY OF SUCH DAMAGE.
     26  1.1  knakahar #
     27  1.1  knakahar 
     28  1.1  knakahar SOCK_LOCAL=unix://ipsec_local
     29  1.1  knakahar 
     30  1.1  knakahar DEBUG=${DEBUG:-false}
     31  1.1  knakahar 
     32  1.1  knakahar test_flag_if_ipsec_sp_common()
     33  1.1  knakahar {
     34  1.1  knakahar 	local ip_gwlo_tun=20.0.0.1
     35  1.1  knakahar 	local ip_gwre_tun=20.0.0.2
     36  1.1  knakahar 
     37  1.1  knakahar 	rump_server_crypto_start $SOCK_LOCAL netipsec ipsec
     38  1.1  knakahar 	export RUMP_SERVER=$SOCK_LOCAL
     39  1.1  knakahar 	atf_check -s exit:0 rump.ifconfig ipsec0 create
     40  1.1  knakahar 	atf_check -s exit:0 rump.ifconfig ipsec0 \
     41  1.1  knakahar 	    tunnel $ip_gwlo_tun $ip_gwre_tun
     42  1.1  knakahar 	atf_check -s exit:0 -o match:'sadb_x_policy\{ type=2 dir=2 flags=0x80' $HIJACKING setkey -DPv
     43  1.1  knakahar }
     44  1.1  knakahar 
     45  1.1  knakahar test_flag_userland_sp_common()
     46  1.1  knakahar {
     47  1.1  knakahar 	local ip_gwlo_tun=20.0.0.1
     48  1.1  knakahar 	local ip_gwre_tun=20.0.0.2
     49  1.1  knakahar 	local tmpfile=./tmp
     50  1.1  knakahar 
     51  1.1  knakahar 	name="ipsec_spflag_userland_sp"
     52  1.1  knakahar 	desc="Tests of IPsec SPD flags at userland"
     53  1.1  knakahar 
     54  1.1  knakahar 	atf_test_case ${name} cleanup
     55  1.1  knakahar 
     56  1.1  knakahar 	rump_server_crypto_start $SOCK_LOCAL netipsec ipsec
     57  1.1  knakahar 
     58  1.1  knakahar 	export RUMP_SERVER=$SOCK_LOCAL
     59  1.1  knakahar 
     60  1.1  knakahar 	cat > $tmpfile <<-EOF
     61  1.1  knakahar 	spdadd $ip_gwlo_tun $ip_gwre_tun ipv4 -P in ipsec esp/transport//require ;
     62  1.1  knakahar 	spdadd $ip_gwre_tun $ip_gwlo_tun ipv4 -P out ipsec esp/transport//require ;
     63  1.1  knakahar 	EOF
     64  1.1  knakahar 	$DEBUG && cat $tmpfile
     65  1.1  knakahar 	atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
     66  1.1  knakahar 	atf_check -s exit:0 -o match:'sadb_x_policy\{ type=2 dir=2 flags=0x00' $HIJACKING setkey -DPv
     67  1.1  knakahar }
     68  1.1  knakahar 
     69  1.1  knakahar add_test_spflag()
     70  1.1  knakahar {
     71  1.1  knakahar 	local name=$1
     72  1.1  knakahar 	local desc=$2
     73  1.1  knakahar 
     74  1.1  knakahar 	atf_test_case ${name} cleanup
     75  1.1  knakahar 	eval "								\
     76  1.1  knakahar 	    ${name}_head() {						\
     77  1.1  knakahar 	        atf_set \"descr\" \"$desc\";				\
     78  1.1  knakahar 	        atf_set \"require.progs\" \"rump_server\" \"setkey\";	\
     79  1.1  knakahar 	    };								\
     80  1.1  knakahar 	    ${name}_body() {						\
     81  1.1  knakahar 	        test_${name}_common;					\
     82  1.1  knakahar 	    };        							\
     83  1.1  knakahar 	    ${name}_cleanup() {						\
     84  1.1  knakahar 	        $DEBUG && dump;						\
     85  1.1  knakahar 	        cleanup;						\
     86  1.1  knakahar 	    }								\
     87  1.1  knakahar 	"
     88  1.1  knakahar 	atf_add_test_case ${name}
     89  1.1  knakahar 
     90  1.1  knakahar }
     91  1.1  knakahar 
     92  1.1  knakahar atf_init_test_cases()
     93  1.1  knakahar {
     94  1.1  knakahar 
     95  1.1  knakahar 	add_test_spflag "flag_if_ipsec_sp" "Tests of IPsec SPD flags at IPsec interface"
     96  1.1  knakahar 	add_test_spflag "flag_userland_sp" "Tests of IPsec SPD flags at userland"
     97  1.1  knakahar }
     98