t_ipsec_sysctl.sh revision 1.1
1 1.1 ozaki # $NetBSD: t_ipsec_sysctl.sh,v 1.1 2017/04/14 02:56:49 ozaki-r Exp $ 2 1.1 ozaki # 3 1.1 ozaki # Copyright (c) 2017 Internet Initiative Japan Inc. 4 1.1 ozaki # All rights reserved. 5 1.1 ozaki # 6 1.1 ozaki # Redistribution and use in source and binary forms, with or without 7 1.1 ozaki # modification, are permitted provided that the following conditions 8 1.1 ozaki # are met: 9 1.1 ozaki # 1. Redistributions of source code must retain the above copyright 10 1.1 ozaki # notice, this list of conditions and the following disclaimer. 11 1.1 ozaki # 2. Redistributions in binary form must reproduce the above copyright 12 1.1 ozaki # notice, this list of conditions and the following disclaimer in the 13 1.1 ozaki # documentation and/or other materials provided with the distribution. 14 1.1 ozaki # 15 1.1 ozaki # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1 ozaki # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1 ozaki # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1 ozaki # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1 ozaki # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1 ozaki # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1 ozaki # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1 ozaki # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1 ozaki # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1 ozaki # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1 ozaki # POSSIBILITY OF SUCH DAMAGE. 26 1.1 ozaki # 27 1.1 ozaki 28 1.1 ozaki DEBUG=${DEBUG:-false} 29 1.1 ozaki 30 1.1 ozaki atf_test_case ipsec_sysctl0 cleanup 31 1.1 ozaki ipsec_sysctl0_head() 32 1.1 ozaki { 33 1.1 ozaki 34 1.1 ozaki atf_set "descr" "Tests of sysctl entries of IPsec without ipsec.so" 35 1.1 ozaki atf_set "require.progs" "rump_server" 36 1.1 ozaki } 37 1.1 ozaki 38 1.1 ozaki ipsec_sysctl0_body() 39 1.1 ozaki { 40 1.1 ozaki local sock=unix://ipsec_sysctl 41 1.1 ozaki 42 1.1 ozaki rump_server_crypto_start $sock 43 1.1 ozaki 44 1.1 ozaki export RUMP_SERVER=$sock 45 1.1 ozaki atf_check -s not-exit:0 -e match:'invalid' \ 46 1.1 ozaki rump.sysctl net.inet.ipsec.enabled 47 1.1 ozaki atf_check -s not-exit:0 -e match:'invalid' \ 48 1.1 ozaki rump.sysctl net.inet6.ipsec6.enabled 49 1.1 ozaki } 50 1.1 ozaki 51 1.1 ozaki ipsec_sysctl0_cleanup() 52 1.1 ozaki { 53 1.1 ozaki 54 1.1 ozaki $DEBUG && dump 55 1.1 ozaki cleanup 56 1.1 ozaki } 57 1.1 ozaki 58 1.1 ozaki atf_test_case ipsec_sysctl4 cleanup 59 1.1 ozaki ipsec_sysctl4_head() 60 1.1 ozaki { 61 1.1 ozaki 62 1.1 ozaki atf_set "descr" "Tests of sysctl entries of IPsec without netinet6.so" 63 1.1 ozaki atf_set "require.progs" "rump_server" 64 1.1 ozaki } 65 1.1 ozaki 66 1.1 ozaki ipsec_sysctl4_body() 67 1.1 ozaki { 68 1.1 ozaki local sock=unix://ipsec_sysctl 69 1.1 ozaki 70 1.1 ozaki rump_server_crypto_start $sock netipsec 71 1.1 ozaki 72 1.1 ozaki export RUMP_SERVER=$sock 73 1.1 ozaki atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet.ipsec.enabled 74 1.1 ozaki # net.inet6.ipsec6 entries exit regardless of netinet6 75 1.1 ozaki # net.inet6.ipsec6.enabled always equals net.inet.ipsec.enabled 76 1.1 ozaki atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet6.ipsec6.enabled 77 1.1 ozaki 78 1.1 ozaki atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet.ipsec.used 79 1.1 ozaki # net.inet6.ipsec6.used always equals net.inet.ipsec.used 80 1.1 ozaki atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet6.ipsec6.used 81 1.1 ozaki 82 1.1 ozaki # Add an SAD entry for IPv4 83 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c <<-EOF 84 1.1 ozaki add 10.0.0.1 10.0.0.2 esp 9876 -E 3des-cbc "hogehogehogehogehogehoge"; 85 1.1 ozaki EOF 86 1.1 ozaki $DEBUG && $HIJACKING setkey -D 87 1.1 ozaki 88 1.1 ozaki atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet.ipsec.used 89 1.1 ozaki atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet6.ipsec6.used 90 1.1 ozaki 91 1.1 ozaki # Add an SPD entry for IPv4, which activates the IPsec function 92 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c <<-EOF 93 1.1 ozaki spdadd 10.0.0.1 10.0.0.2 any -P out ipsec esp/transport//use; 94 1.1 ozaki EOF 95 1.1 ozaki $DEBUG && $HIJACKING setkey -D 96 1.1 ozaki 97 1.1 ozaki atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet.ipsec.used 98 1.1 ozaki atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet6.ipsec6.used 99 1.1 ozaki } 100 1.1 ozaki 101 1.1 ozaki ipsec_sysctl4_cleanup() 102 1.1 ozaki { 103 1.1 ozaki 104 1.1 ozaki $DEBUG && dump 105 1.1 ozaki cleanup 106 1.1 ozaki } 107 1.1 ozaki 108 1.1 ozaki atf_test_case ipsec_sysctl6 cleanup 109 1.1 ozaki ipsec_sysctl6_head() 110 1.1 ozaki { 111 1.1 ozaki 112 1.1 ozaki atf_set "descr" "Tests of sysctl entries of IPsec" 113 1.1 ozaki atf_set "require.progs" "rump_server" 114 1.1 ozaki } 115 1.1 ozaki 116 1.1 ozaki ipsec_sysctl6_body() 117 1.1 ozaki { 118 1.1 ozaki local sock=unix://ipsec_sysctl 119 1.1 ozaki 120 1.1 ozaki rump_server_crypto_start $sock netinet6 netipsec 121 1.1 ozaki 122 1.1 ozaki export RUMP_SERVER=$sock 123 1.1 ozaki atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet.ipsec.enabled 124 1.1 ozaki atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet6.ipsec6.enabled 125 1.1 ozaki 126 1.1 ozaki atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet.ipsec.used 127 1.1 ozaki atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet6.ipsec6.used 128 1.1 ozaki 129 1.1 ozaki # Add an SAD entry for IPv6 130 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c <<-EOF 131 1.1 ozaki add fd00::1 fd00::2 esp 9876 -E 3des-cbc "hogehogehogehogehogehoge"; 132 1.1 ozaki EOF 133 1.1 ozaki $DEBUG && $HIJACKING setkey -D 134 1.1 ozaki 135 1.1 ozaki atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet.ipsec.used 136 1.1 ozaki atf_check -s exit:0 -o match:'= 0' rump.sysctl net.inet6.ipsec6.used 137 1.1 ozaki 138 1.1 ozaki # Add an SPD entry for IPv6, which activates the IPsec function 139 1.1 ozaki atf_check -s exit:0 -o empty $HIJACKING setkey -c <<-EOF 140 1.1 ozaki spdadd fd00::1 fd00::2 any -P out ipsec esp/transport//use; 141 1.1 ozaki EOF 142 1.1 ozaki $DEBUG && $HIJACKING setkey -D 143 1.1 ozaki 144 1.1 ozaki atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet.ipsec.used 145 1.1 ozaki atf_check -s exit:0 -o match:'= 1' rump.sysctl net.inet6.ipsec6.used 146 1.1 ozaki } 147 1.1 ozaki 148 1.1 ozaki ipsec_sysctl6_cleanup() 149 1.1 ozaki { 150 1.1 ozaki 151 1.1 ozaki $DEBUG && dump 152 1.1 ozaki cleanup 153 1.1 ozaki } 154 1.1 ozaki 155 1.1 ozaki atf_init_test_cases() 156 1.1 ozaki { 157 1.1 ozaki 158 1.1 ozaki atf_add_test_case ipsec_sysctl0 159 1.1 ozaki atf_add_test_case ipsec_sysctl4 160 1.1 ozaki atf_add_test_case ipsec_sysctl6 161 1.1 ozaki } 162
Indexes created Sun Oct 12 05:10:08 GMT 2025