| @@ -1,951 +1,955 @@ | | | @@ -1,951 +1,955 @@ |
1 | # $NetBSD: t_ipsec.sh,v 1.3 2018/02/01 05:22:01 ozaki-r Exp $ | | 1 | # $NetBSD: t_ipsec.sh,v 1.4 2018/03/13 03:50:26 knakahara Exp $ |
2 | # | | 2 | # |
3 | # Copyright (c) 2017 Internet Initiative Japan Inc. | | 3 | # Copyright (c) 2017 Internet Initiative Japan Inc. |
4 | # All rights reserved. | | 4 | # All rights reserved. |
5 | # | | 5 | # |
6 | # Redistribution and use in source and binary forms, with or without | | 6 | # Redistribution and use in source and binary forms, with or without |
7 | # modification, are permitted provided that the following conditions | | 7 | # modification, are permitted provided that the following conditions |
8 | # are met: | | 8 | # are met: |
9 | # 1. Redistributions of source code must retain the above copyright | | 9 | # 1. Redistributions of source code must retain the above copyright |
10 | # notice, this list of conditions and the following disclaimer. | | 10 | # notice, this list of conditions and the following disclaimer. |
11 | # 2. Redistributions in binary form must reproduce the above copyright | | 11 | # 2. Redistributions in binary form must reproduce the above copyright |
12 | # notice, this list of conditions and the following disclaimer in the | | 12 | # notice, this list of conditions and the following disclaimer in the |
13 | # documentation and/or other materials provided with the distribution. | | 13 | # documentation and/or other materials provided with the distribution. |
14 | # | | 14 | # |
15 | # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | | 15 | # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
16 | # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | | 16 | # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
17 | # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 17 | # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
18 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 18 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
19 | # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 19 | # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
20 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 20 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
21 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 21 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
22 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 22 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
23 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 23 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
24 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 24 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
25 | # POSSIBILITY OF SUCH DAMAGE. | | 25 | # POSSIBILITY OF SUCH DAMAGE. |
26 | # | | 26 | # |
27 | | | 27 | |
28 | SOCK1=unix://commsock1 # for ROUTER1 | | 28 | SOCK1=unix://commsock1 # for ROUTER1 |
29 | SOCK2=unix://commsock2 # for ROUTER2 | | 29 | SOCK2=unix://commsock2 # for ROUTER2 |
30 | ROUTER1_LANIP=192.168.1.1 | | 30 | ROUTER1_LANIP=192.168.1.1 |
31 | ROUTER1_LANNET=192.168.1.0/24 | | 31 | ROUTER1_LANNET=192.168.1.0/24 |
32 | ROUTER1_WANIP=10.0.0.1 | | 32 | ROUTER1_WANIP=10.0.0.1 |
33 | ROUTER1_IPSECIP=172.16.1.1 | | 33 | ROUTER1_IPSECIP=172.16.1.1 |
34 | ROUTER1_WANIP_DUMMY=10.0.0.11 | | 34 | ROUTER1_WANIP_DUMMY=10.0.0.11 |
35 | ROUTER1_IPSECIP_DUMMY=172.16.11.1 | | 35 | ROUTER1_IPSECIP_DUMMY=172.16.11.1 |
36 | ROUTER1_IPSECIP_RECURSIVE1=172.16.101.1 | | 36 | ROUTER1_IPSECIP_RECURSIVE1=172.16.101.1 |
37 | ROUTER1_IPSECIP_RECURSIVE2=172.16.201.1 | | 37 | ROUTER1_IPSECIP_RECURSIVE2=172.16.201.1 |
38 | ROUTER2_LANIP=192.168.2.1 | | 38 | ROUTER2_LANIP=192.168.2.1 |
39 | ROUTER2_LANNET=192.168.2.0/24 | | 39 | ROUTER2_LANNET=192.168.2.0/24 |
40 | ROUTER2_WANIP=10.0.0.2 | | 40 | ROUTER2_WANIP=10.0.0.2 |
41 | ROUTER2_IPSECIP=172.16.2.1 | | 41 | ROUTER2_IPSECIP=172.16.2.1 |
42 | ROUTER2_WANIP_DUMMY=10.0.0.12 | | 42 | ROUTER2_WANIP_DUMMY=10.0.0.12 |
43 | ROUTER2_IPSECIP_DUMMY=172.16.12.1 | | 43 | ROUTER2_IPSECIP_DUMMY=172.16.12.1 |
44 | ROUTER2_IPSECIP_RECURSIVE1=172.16.102.1 | | 44 | ROUTER2_IPSECIP_RECURSIVE1=172.16.102.1 |
45 | ROUTER2_IPSECIP_RECURSIVE2=172.16.202.1 | | 45 | ROUTER2_IPSECIP_RECURSIVE2=172.16.202.1 |
46 | | | 46 | |
47 | ROUTER1_LANIP6=fc00:1::1 | | 47 | ROUTER1_LANIP6=fc00:1::1 |
48 | ROUTER1_LANNET6=fc00:1::/64 | | 48 | ROUTER1_LANNET6=fc00:1::/64 |
49 | ROUTER1_WANIP6=fc00::1 | | 49 | ROUTER1_WANIP6=fc00::1 |
50 | ROUTER1_IPSECIP6=fc00:3::1 | | 50 | ROUTER1_IPSECIP6=fc00:3::1 |
51 | ROUTER1_WANIP6_DUMMY=fc00::11 | | 51 | ROUTER1_WANIP6_DUMMY=fc00::11 |
52 | ROUTER1_IPSECIP6_DUMMY=fc00:13::1 | | 52 | ROUTER1_IPSECIP6_DUMMY=fc00:13::1 |
53 | ROUTER1_IPSECIP6_RECURSIVE1=fc00:103::1 | | 53 | ROUTER1_IPSECIP6_RECURSIVE1=fc00:103::1 |
54 | ROUTER1_IPSECIP6_RECURSIVE2=fc00:203::1 | | 54 | ROUTER1_IPSECIP6_RECURSIVE2=fc00:203::1 |
55 | ROUTER2_LANIP6=fc00:2::1 | | 55 | ROUTER2_LANIP6=fc00:2::1 |
56 | ROUTER2_LANNET6=fc00:2::/64 | | 56 | ROUTER2_LANNET6=fc00:2::/64 |
57 | ROUTER2_WANIP6=fc00::2 | | 57 | ROUTER2_WANIP6=fc00::2 |
58 | ROUTER2_IPSECIP6=fc00:4::1 | | 58 | ROUTER2_IPSECIP6=fc00:4::1 |
59 | ROUTER2_WANIP6_DUMMY=fc00::12 | | 59 | ROUTER2_WANIP6_DUMMY=fc00::12 |
60 | ROUTER2_IPSECIP6_DUMMY=fc00:14::1 | | 60 | ROUTER2_IPSECIP6_DUMMY=fc00:14::1 |
61 | ROUTER2_IPSECIP6_RECURSIVE1=fc00:104::1 | | 61 | ROUTER2_IPSECIP6_RECURSIVE1=fc00:104::1 |
62 | ROUTER2_IPSECIP6_RECURSIVE2=fc00:204::1 | | 62 | ROUTER2_IPSECIP6_RECURSIVE2=fc00:204::1 |
63 | | | 63 | |
64 | DEBUG=${DEBUG:-false} | | 64 | DEBUG=${DEBUG:-false} |
65 | TIMEOUT=7 | | 65 | TIMEOUT=7 |
66 | | | 66 | |
67 | atf_test_case ipsecif_create_destroy cleanup | | 67 | atf_test_case ipsecif_create_destroy cleanup |
68 | ipsecif_create_destroy_head() | | 68 | ipsecif_create_destroy_head() |
69 | { | | 69 | { |
70 | | | 70 | |
71 | atf_set "descr" "Test creating/destroying gif interfaces" | | 71 | atf_set "descr" "Test creating/destroying gif interfaces" |
72 | atf_set "require.progs" "rump_server" | | 72 | atf_set "require.progs" "rump_server" |
73 | } | | 73 | } |
74 | | | 74 | |
75 | ipsecif_create_destroy_body() | | 75 | ipsecif_create_destroy_body() |
76 | { | | 76 | { |
77 | | | 77 | |
78 | rump_server_start $SOCK1 ipsec | | 78 | rump_server_start $SOCK1 ipsec |
79 | | | 79 | |
80 | test_create_destroy_common $SOCK1 ipsec0 | | 80 | test_create_destroy_common $SOCK1 ipsec0 |
81 | } | | 81 | } |
82 | | | 82 | |
83 | ipsecif_create_destroy_cleanup() | | 83 | ipsecif_create_destroy_cleanup() |
84 | { | | 84 | { |
85 | | | 85 | |
86 | $DEBUG && dump | | 86 | $DEBUG && dump |
87 | cleanup | | 87 | cleanup |
88 | } | | 88 | } |
89 | | | 89 | |
90 | setup_router() | | 90 | setup_router() |
91 | { | | 91 | { |
92 | local sock=${1} | | 92 | local sock=${1} |
93 | local lan=${2} | | 93 | local lan=${2} |
94 | local lan_mode=${3} | | 94 | local lan_mode=${3} |
95 | local wan=${4} | | 95 | local wan=${4} |
96 | local wan_mode=${5} | | 96 | local wan_mode=${5} |
97 | | | 97 | |
98 | rump_server_add_iface $sock shmif0 bus0 | | 98 | rump_server_add_iface $sock shmif0 bus0 |
99 | rump_server_add_iface $sock shmif1 bus1 | | 99 | rump_server_add_iface $sock shmif1 bus1 |
100 | | | 100 | |
101 | export RUMP_SERVER=${sock} | | 101 | export RUMP_SERVER=${sock} |
102 | if [ ${lan_mode} = "ipv6" ]; then | | 102 | if [ ${lan_mode} = "ipv6" ]; then |
103 | atf_check -s exit:0 rump.ifconfig shmif0 inet6 ${lan} | | 103 | atf_check -s exit:0 rump.ifconfig shmif0 inet6 ${lan} |
104 | else | | 104 | else |
105 | atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00 | | 105 | atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00 |
106 | fi | | 106 | fi |
107 | atf_check -s exit:0 rump.ifconfig shmif0 up | | 107 | atf_check -s exit:0 rump.ifconfig shmif0 up |
108 | rump.ifconfig shmif0 | | 108 | rump.ifconfig shmif0 |
109 | | | 109 | |
110 | if [ ${wan_mode} = "ipv6" ]; then | | 110 | if [ ${wan_mode} = "ipv6" ]; then |
111 | atf_check -s exit:0 rump.ifconfig shmif1 inet6 ${wan} | | 111 | atf_check -s exit:0 rump.ifconfig shmif1 inet6 ${wan} |
112 | else | | 112 | else |
113 | atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000 | | 113 | atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000 |
114 | fi | | 114 | fi |
115 | atf_check -s exit:0 rump.ifconfig shmif1 up | | 115 | atf_check -s exit:0 rump.ifconfig shmif1 up |
116 | rump.ifconfig shmif1 | | 116 | rump.ifconfig shmif1 |
117 | unset RUMP_SERVER | | 117 | unset RUMP_SERVER |
118 | } | | 118 | } |
119 | | | 119 | |
120 | test_router() | | 120 | test_router() |
121 | { | | 121 | { |
122 | local sock=${1} | | 122 | local sock=${1} |
123 | local lan=${2} | | 123 | local lan=${2} |
124 | local lan_mode=${3} | | 124 | local lan_mode=${3} |
125 | local wan=${4} | | 125 | local wan=${4} |
126 | local wan_mode=${5} | | 126 | local wan_mode=${5} |
127 | | | 127 | |
128 | export RUMP_SERVER=${sock} | | 128 | export RUMP_SERVER=${sock} |
129 | atf_check -s exit:0 -o match:shmif0 rump.ifconfig | | 129 | atf_check -s exit:0 -o match:shmif0 rump.ifconfig |
130 | if [ ${lan_mode} = "ipv6" ]; then | | 130 | if [ ${lan_mode} = "ipv6" ]; then |
131 | atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${lan} | | 131 | atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${lan} |
132 | else | | 132 | else |
133 | atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan} | | 133 | atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan} |
134 | fi | | 134 | fi |
135 | | | 135 | |
136 | atf_check -s exit:0 -o match:shmif1 rump.ifconfig | | 136 | atf_check -s exit:0 -o match:shmif1 rump.ifconfig |
137 | if [ ${wan_mode} = "ipv6" ]; then | | 137 | if [ ${wan_mode} = "ipv6" ]; then |
138 | atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${wan} | | 138 | atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${wan} |
139 | else | | 139 | else |
140 | atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan} | | 140 | atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan} |
141 | fi | | 141 | fi |
142 | unset RUMP_SERVER | | 142 | unset RUMP_SERVER |
143 | } | | 143 | } |
144 | | | 144 | |
145 | setup() | | 145 | setup() |
146 | { | | 146 | { |
147 | local inner=${1} | | 147 | local inner=${1} |
148 | local outer=${2} | | 148 | local outer=${2} |
149 | | | 149 | |
150 | rump_server_crypto_start $SOCK1 netipsec netinet6 ipsec | | 150 | rump_server_crypto_start $SOCK1 netipsec netinet6 ipsec |
151 | rump_server_crypto_start $SOCK2 netipsec netinet6 ipsec | | 151 | rump_server_crypto_start $SOCK2 netipsec netinet6 ipsec |
152 | | | 152 | |
153 | router1_lan="" | | 153 | router1_lan="" |
154 | router1_lan_mode="" | | 154 | router1_lan_mode="" |
155 | router2_lan="" | | 155 | router2_lan="" |
156 | router2_lan_mode="" | | 156 | router2_lan_mode="" |
157 | if [ ${inner} = "ipv6" ]; then | | 157 | if [ ${inner} = "ipv6" ]; then |
158 | router1_lan=$ROUTER1_LANIP6 | | 158 | router1_lan=$ROUTER1_LANIP6 |
159 | router1_lan_mode="ipv6" | | 159 | router1_lan_mode="ipv6" |
160 | router2_lan=$ROUTER2_LANIP6 | | 160 | router2_lan=$ROUTER2_LANIP6 |
161 | router2_lan_mode="ipv6" | | 161 | router2_lan_mode="ipv6" |
162 | else | | 162 | else |
163 | router1_lan=$ROUTER1_LANIP | | 163 | router1_lan=$ROUTER1_LANIP |
164 | router1_lan_mode="ipv4" | | 164 | router1_lan_mode="ipv4" |
165 | router2_lan=$ROUTER2_LANIP | | 165 | router2_lan=$ROUTER2_LANIP |
166 | router2_lan_mode="ipv4" | | 166 | router2_lan_mode="ipv4" |
167 | fi | | 167 | fi |
168 | | | 168 | |
169 | if [ ${outer} = "ipv6" ]; then | | 169 | if [ ${outer} = "ipv6" ]; then |
170 | setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ | | 170 | setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ |
171 | $ROUTER1_WANIP6 ipv6 | | 171 | $ROUTER1_WANIP6 ipv6 |
172 | setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ | | 172 | setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ |
173 | $ROUTER2_WANIP6 ipv6 | | 173 | $ROUTER2_WANIP6 ipv6 |
174 | else | | 174 | else |
175 | setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ | | 175 | setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ |
176 | $ROUTER1_WANIP ipv4 | | 176 | $ROUTER1_WANIP ipv4 |
177 | setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ | | 177 | setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ |
178 | $ROUTER2_WANIP ipv4 | | 178 | $ROUTER2_WANIP ipv4 |
179 | fi | | 179 | fi |
180 | } | | 180 | } |
181 | | | 181 | |
182 | test_setup() | | 182 | test_setup() |
183 | { | | 183 | { |
184 | local inner=${1} | | 184 | local inner=${1} |
185 | local outer=${2} | | 185 | local outer=${2} |
186 | | | 186 | |
187 | local router1_lan="" | | 187 | local router1_lan="" |
188 | local router1_lan_mode="" | | 188 | local router1_lan_mode="" |
189 | local router2_lan="" | | 189 | local router2_lan="" |
190 | local router2_lan_mode="" | | 190 | local router2_lan_mode="" |
191 | if [ ${inner} = "ipv6" ]; then | | 191 | if [ ${inner} = "ipv6" ]; then |
192 | router1_lan=$ROUTER1_LANIP6 | | 192 | router1_lan=$ROUTER1_LANIP6 |
193 | router1_lan_mode="ipv6" | | 193 | router1_lan_mode="ipv6" |
194 | router2_lan=$ROUTER2_LANIP6 | | 194 | router2_lan=$ROUTER2_LANIP6 |
195 | router2_lan_mode="ipv6" | | 195 | router2_lan_mode="ipv6" |
196 | else | | 196 | else |
197 | router1_lan=$ROUTER1_LANIP | | 197 | router1_lan=$ROUTER1_LANIP |
198 | router1_lan_mode="ipv4" | | 198 | router1_lan_mode="ipv4" |
199 | router2_lan=$ROUTER2_LANIP | | 199 | router2_lan=$ROUTER2_LANIP |
200 | router2_lan_mode="ipv4" | | 200 | router2_lan_mode="ipv4" |
201 | fi | | 201 | fi |
202 | if [ ${outer} = "ipv6" ]; then | | 202 | if [ ${outer} = "ipv6" ]; then |
203 | test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ | | 203 | test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ |
204 | $ROUTER1_WANIP6 ipv6 | | 204 | $ROUTER1_WANIP6 ipv6 |
205 | test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ | | 205 | test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ |
206 | $ROUTER2_WANIP6 ipv6 | | 206 | $ROUTER2_WANIP6 ipv6 |
207 | else | | 207 | else |
208 | test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ | | 208 | test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ |
209 | $ROUTER1_WANIP ipv4 | | 209 | $ROUTER1_WANIP ipv4 |
210 | test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ | | 210 | test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ |
211 | $ROUTER2_WANIP ipv4 | | 211 | $ROUTER2_WANIP ipv4 |
212 | fi | | 212 | fi |
213 | } | | 213 | } |
214 | | | 214 | |
215 | get_if_ipsec_unique() | | 215 | get_if_ipsec_unique() |
216 | { | | 216 | { |
217 | local sock=${1} | | 217 | local sock=${1} |
218 | local src=${2} | | 218 | local src=${2} |
219 | local proto=${3} | | 219 | local proto=${3} |
220 | local unique="" | | 220 | local unique="" |
221 | | | 221 | |
222 | export RUMP_SERVER=${sock} | | 222 | export RUMP_SERVER=${sock} |
223 | unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'` | | 223 | unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'` |
224 | unset RUMP_SERVER | | 224 | unset RUMP_SERVER |
225 | | | 225 | |
226 | echo $unique | | 226 | echo $unique |
227 | } | | 227 | } |
228 | | | 228 | |
229 | setup_if_ipsec() | | 229 | setup_if_ipsec() |
230 | { | | 230 | { |
231 | local sock=${1} | | 231 | local sock=${1} |
232 | local addr=${2} | | 232 | local addr=${2} |
233 | local remote=${3} | | 233 | local remote=${3} |
234 | local inner=${4} | | 234 | local inner=${4} |
235 | local src=${5} | | 235 | local src=${5} |
236 | local dst=${6} | | 236 | local dst=${6} |
237 | local peernet=${7} | | 237 | local peernet=${7} |
238 | | | 238 | |
239 | export RUMP_SERVER=${sock} | | 239 | export RUMP_SERVER=${sock} |
240 | atf_check -s exit:0 rump.ifconfig ipsec0 create | | 240 | atf_check -s exit:0 rump.ifconfig ipsec0 create |
241 | atf_check -s exit:0 rump.ifconfig ipsec0 tunnel ${src} ${dst} | | 241 | atf_check -s exit:0 rump.ifconfig ipsec0 tunnel ${src} ${dst} |
242 | if [ ${inner} = "ipv6" ]; then | | 242 | if [ ${inner} = "ipv6" ]; then |
243 | atf_check -s exit:0 rump.ifconfig ipsec0 inet6 ${addr}/128 ${remote} | | 243 | atf_check -s exit:0 rump.ifconfig ipsec0 inet6 ${addr}/128 ${remote} |
244 | atf_check -s exit:0 -o ignore rump.route add -inet6 ${peernet} ${addr} | | 244 | atf_check -s exit:0 -o ignore rump.route add -inet6 ${peernet} ${addr} |
245 | else | | 245 | else |
246 | atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 ${remote} | | 246 | atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 ${remote} |
247 | atf_check -s exit:0 -o ignore rump.route add -inet ${peernet} ${addr} | | 247 | atf_check -s exit:0 -o ignore rump.route add -inet ${peernet} ${addr} |
248 | fi | | 248 | fi |
249 | | | 249 | |
250 | rump.ifconfig ipsec0 | | 250 | rump.ifconfig ipsec0 |
251 | rump.route -nL show | | 251 | rump.route -nL show |
252 | } | | 252 | } |
253 | | | 253 | |
254 | setup_if_ipsec_sa() | | 254 | setup_if_ipsec_sa() |
255 | { | | 255 | { |
256 | local sock=${1} | | 256 | local sock=${1} |
257 | local src=${2} | | 257 | local src=${2} |
258 | local dst=${3} | | 258 | local dst=${3} |
259 | local mode=${4} | | 259 | local mode=${4} |
260 | local proto=${5} | | 260 | local proto=${5} |
261 | local algo=${6} | | 261 | local algo=${6} |
262 | local dir=${7} | | 262 | local dir=${7} |
263 | | | 263 | |
264 | local tmpfile=./tmp | | 264 | local tmpfile=./tmp |
265 | local inunique="" | | 265 | local inunique="" |
266 | local outunique="" | | 266 | local outunique="" |
267 | local inid="" | | 267 | local inid="" |
268 | local outid="" | | 268 | local outid="" |
269 | local algo_args="$(generate_algo_args $proto $algo)" | | 269 | local algo_args="$(generate_algo_args $proto $algo)" |
270 | | | 270 | |
271 | inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` | | 271 | inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` |
| | | 272 | atf_check -s exit:0 test "X$inunique" != "X" |
272 | outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` | | 273 | outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` |
| | | 274 | atf_check -s exit:0 test "X$outunique" != "X" |
273 | | | 275 | |
274 | if [ ${dir} = "1to2" ] ; then | | 276 | if [ ${dir} = "1to2" ] ; then |
275 | if [ ${mode} = "ipv6" ] ; then | | 277 | if [ ${mode} = "ipv6" ] ; then |
276 | inid="10010" | | 278 | inid="10010" |
277 | outid="10011" | | 279 | outid="10011" |
278 | else | | 280 | else |
279 | inid="10000" | | 281 | inid="10000" |
280 | outid="10001" | | 282 | outid="10001" |
281 | fi | | 283 | fi |
282 | else | | 284 | else |
283 | if [ ${mode} = "ipv6" ] ; then | | 285 | if [ ${mode} = "ipv6" ] ; then |
284 | inid="10011" | | 286 | inid="10011" |
285 | outid="10010" | | 287 | outid="10010" |
286 | else | | 288 | else |
287 | inid="10001" | | 289 | inid="10001" |
288 | outid="10000" | | 290 | outid="10000" |
289 | fi | | 291 | fi |
290 | fi | | 292 | fi |
291 | | | 293 | |
292 | cat > $tmpfile <<-EOF | | 294 | cat > $tmpfile <<-EOF |
293 | add $dst $src $proto $inid -u $inunique $algo_args; | | 295 | add $dst $src $proto $inid -u $inunique $algo_args; |
294 | add $src $dst $proto $outid -u $outunique $algo_args; | | 296 | add $src $dst $proto $outid -u $outunique $algo_args; |
295 | EOF | | 297 | EOF |
296 | $DEBUG && cat $tmpfile | | 298 | $DEBUG && cat $tmpfile |
297 | export RUMP_SERVER=$sock | | 299 | export RUMP_SERVER=$sock |
298 | atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile | | 300 | atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile |
299 | $DEBUG && $HIJACKING setkey -D | | 301 | $DEBUG && $HIJACKING setkey -D |
300 | $DEBUG && $HIJACKING setkey -DP | | 302 | $DEBUG && $HIJACKING setkey -DP |
301 | unset RUMP_SERVER | | 303 | unset RUMP_SERVER |
302 | } | | 304 | } |
303 | | | 305 | |
304 | setup_tunnel() | | 306 | setup_tunnel() |
305 | { | | 307 | { |
306 | local inner=${1} | | 308 | local inner=${1} |
307 | local outer=${2} | | 309 | local outer=${2} |
308 | local proto=${3} | | 310 | local proto=${3} |
309 | local algo=${4} | | 311 | local algo=${4} |
310 | | | 312 | |
311 | local addr="" | | 313 | local addr="" |
312 | local remote="" | | 314 | local remote="" |
313 | local src="" | | 315 | local src="" |
314 | local dst="" | | 316 | local dst="" |
315 | local peernet="" | | 317 | local peernet="" |
316 | | | 318 | |
317 | if [ ${inner} = "ipv6" ]; then | | 319 | if [ ${inner} = "ipv6" ]; then |
318 | addr=$ROUTER1_IPSECIP6 | | 320 | addr=$ROUTER1_IPSECIP6 |
319 | remote=$ROUTER2_IPSECIP6 | | 321 | remote=$ROUTER2_IPSECIP6 |
320 | peernet=$ROUTER2_LANNET6 | | 322 | peernet=$ROUTER2_LANNET6 |
321 | else | | 323 | else |
322 | addr=$ROUTER1_IPSECIP | | 324 | addr=$ROUTER1_IPSECIP |
323 | remote=$ROUTER2_IPSECIP | | 325 | remote=$ROUTER2_IPSECIP |
324 | peernet=$ROUTER2_LANNET | | 326 | peernet=$ROUTER2_LANNET |
325 | fi | | 327 | fi |
326 | if [ ${outer} = "ipv6" ]; then | | 328 | if [ ${outer} = "ipv6" ]; then |
327 | src=$ROUTER1_WANIP6 | | 329 | src=$ROUTER1_WANIP6 |
328 | dst=$ROUTER2_WANIP6 | | 330 | dst=$ROUTER2_WANIP6 |
329 | else | | 331 | else |
330 | src=$ROUTER1_WANIP | | 332 | src=$ROUTER1_WANIP |
331 | dst=$ROUTER2_WANIP | | 333 | dst=$ROUTER2_WANIP |
332 | fi | | 334 | fi |
333 | setup_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ | | 335 | setup_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ |
334 | ${src} ${dst} ${peernet} | | 336 | ${src} ${dst} ${peernet} |
335 | | | 337 | |
336 | if [ $inner = "ipv6" -a $outer = "ipv4" ]; then | | 338 | if [ $inner = "ipv6" -a $outer = "ipv4" ]; then |
337 | setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${outer} ${proto} ${algo} "1to2" | | 339 | setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${outer} ${proto} ${algo} "1to2" |
338 | fi | | 340 | fi |
339 | setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" | | 341 | setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" |
340 | | | 342 | |
341 | if [ $inner = "ipv6" ]; then | | 343 | if [ $inner = "ipv6" ]; then |
342 | addr=$ROUTER2_IPSECIP6 | | 344 | addr=$ROUTER2_IPSECIP6 |
343 | remote=$ROUTER1_IPSECIP6 | | 345 | remote=$ROUTER1_IPSECIP6 |
344 | peernet=$ROUTER1_LANNET6 | | 346 | peernet=$ROUTER1_LANNET6 |
345 | else | | 347 | else |
346 | addr=$ROUTER2_IPSECIP | | 348 | addr=$ROUTER2_IPSECIP |
347 | remote=$ROUTER1_IPSECIP | | 349 | remote=$ROUTER1_IPSECIP |
348 | peernet=$ROUTER1_LANNET | | 350 | peernet=$ROUTER1_LANNET |
349 | fi | | 351 | fi |
350 | if [ $outer = "ipv6" ]; then | | 352 | if [ $outer = "ipv6" ]; then |
351 | src=$ROUTER2_WANIP6 | | 353 | src=$ROUTER2_WANIP6 |
352 | dst=$ROUTER1_WANIP6 | | 354 | dst=$ROUTER1_WANIP6 |
353 | else | | 355 | else |
354 | src=$ROUTER2_WANIP | | 356 | src=$ROUTER2_WANIP |
355 | dst=$ROUTER1_WANIP | | 357 | dst=$ROUTER1_WANIP |
356 | fi | | 358 | fi |
357 | setup_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ | | 359 | setup_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ |
358 | ${src} ${dst} ${peernet} ${proto} ${algo} | | 360 | ${src} ${dst} ${peernet} ${proto} ${algo} |
359 | if [ $inner = "ipv6" -a $outer = "ipv4" ]; then | | 361 | if [ $inner = "ipv6" -a $outer = "ipv4" ]; then |
360 | setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${outer} ${proto} ${algo} "2to1" | | 362 | setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${outer} ${proto} ${algo} "2to1" |
361 | fi | | 363 | fi |
362 | setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" | | 364 | setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" |
363 | } | | 365 | } |
364 | | | 366 | |
365 | test_setup_tunnel() | | 367 | test_setup_tunnel() |
366 | { | | 368 | { |
367 | local mode=${1} | | 369 | local mode=${1} |
368 | | | 370 | |
369 | local peernet="" | | 371 | local peernet="" |
370 | local opt="" | | 372 | local opt="" |
371 | if [ ${mode} = "ipv6" ]; then | | 373 | if [ ${mode} = "ipv6" ]; then |
372 | peernet=$ROUTER2_LANNET6 | | 374 | peernet=$ROUTER2_LANNET6 |
373 | opt="-inet6" | | 375 | opt="-inet6" |
374 | else | | 376 | else |
375 | peernet=$ROUTER2_LANNET | | 377 | peernet=$ROUTER2_LANNET |
376 | opt="-inet" | | 378 | opt="-inet" |
377 | fi | | 379 | fi |
378 | export RUMP_SERVER=$SOCK1 | | 380 | export RUMP_SERVER=$SOCK1 |
379 | atf_check -s exit:0 -o match:ipsec0 rump.ifconfig | | 381 | atf_check -s exit:0 -o match:ipsec0 rump.ifconfig |
380 | atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} | | 382 | atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} |
381 | | | 383 | |
382 | if [ ${mode} = "ipv6" ]; then | | 384 | if [ ${mode} = "ipv6" ]; then |
383 | peernet=$ROUTER1_LANNET6 | | 385 | peernet=$ROUTER1_LANNET6 |
384 | opt="-inet6" | | 386 | opt="-inet6" |
385 | else | | 387 | else |
386 | peernet=$ROUTER1_LANNET | | 388 | peernet=$ROUTER1_LANNET |
387 | opt="-inet" | | 389 | opt="-inet" |
388 | fi | | 390 | fi |
389 | export RUMP_SERVER=$SOCK2 | | 391 | export RUMP_SERVER=$SOCK2 |
390 | atf_check -s exit:0 -o match:ipsec0 rump.ifconfig | | 392 | atf_check -s exit:0 -o match:ipsec0 rump.ifconfig |
391 | atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} | | 393 | atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} |
392 | } | | 394 | } |
393 | | | 395 | |
394 | teardown_tunnel() | | 396 | teardown_tunnel() |
395 | { | | 397 | { |
396 | export RUMP_SERVER=$SOCK1 | | 398 | export RUMP_SERVER=$SOCK1 |
397 | atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel | | 399 | atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel |
398 | atf_check -s exit:0 rump.ifconfig ipsec0 destroy | | 400 | atf_check -s exit:0 rump.ifconfig ipsec0 destroy |
399 | $HIJACKING setkey -F | | 401 | $HIJACKING setkey -F |
400 | | | 402 | |
401 | export RUMP_SERVER=$SOCK2 | | 403 | export RUMP_SERVER=$SOCK2 |
402 | atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel | | 404 | atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel |
403 | atf_check -s exit:0 rump.ifconfig ipsec0 destroy | | 405 | atf_check -s exit:0 rump.ifconfig ipsec0 destroy |
404 | $HIJACKING setkey -F | | 406 | $HIJACKING setkey -F |
405 | | | 407 | |
406 | unset RUMP_SERVER | | 408 | unset RUMP_SERVER |
407 | } | | 409 | } |
408 | | | 410 | |
409 | setup_dummy_if_ipsec() | | 411 | setup_dummy_if_ipsec() |
410 | { | | 412 | { |
411 | local sock=${1} | | 413 | local sock=${1} |
412 | local addr=${2} | | 414 | local addr=${2} |
413 | local remote=${3} | | 415 | local remote=${3} |
414 | local inner=${4} | | 416 | local inner=${4} |
415 | local src=${5} | | 417 | local src=${5} |
416 | local dst=${6} | | 418 | local dst=${6} |
417 | | | 419 | |
418 | export RUMP_SERVER=${sock} | | 420 | export RUMP_SERVER=${sock} |
419 | atf_check -s exit:0 rump.ifconfig ipsec1 create | | 421 | atf_check -s exit:0 rump.ifconfig ipsec1 create |
420 | atf_check -s exit:0 rump.ifconfig ipsec1 tunnel ${src} ${dst} | | 422 | atf_check -s exit:0 rump.ifconfig ipsec1 tunnel ${src} ${dst} |
421 | if [ ${inner} = "ipv6" ]; then | | 423 | if [ ${inner} = "ipv6" ]; then |
422 | atf_check -s exit:0 rump.ifconfig ipsec1 inet6 ${addr}/128 ${remote} | | 424 | atf_check -s exit:0 rump.ifconfig ipsec1 inet6 ${addr}/128 ${remote} |
423 | else | | 425 | else |
424 | atf_check -s exit:0 rump.ifconfig ipsec1 inet ${addr}/32 ${remote} | | 426 | atf_check -s exit:0 rump.ifconfig ipsec1 inet ${addr}/32 ${remote} |
425 | fi | | 427 | fi |
426 | | | 428 | |
427 | rump.ifconfig ipsec1 | | 429 | rump.ifconfig ipsec1 |
428 | unset RUMP_SERVER | | 430 | unset RUMP_SERVER |
429 | } | | 431 | } |
430 | | | 432 | |
431 | setup_dummy_if_ipsec_sa() | | 433 | setup_dummy_if_ipsec_sa() |
432 | { | | 434 | { |
433 | local sock=${1} | | 435 | local sock=${1} |
434 | local src=${2} | | 436 | local src=${2} |
435 | local dst=${3} | | 437 | local dst=${3} |
436 | local mode=${4} | | 438 | local mode=${4} |
437 | local proto=${5} | | 439 | local proto=${5} |
438 | local algo=${6} | | 440 | local algo=${6} |
439 | local dir=${7} | | 441 | local dir=${7} |
440 | | | 442 | |
441 | local tmpfile=./tmp | | 443 | local tmpfile=./tmp |
442 | local inunique="" | | 444 | local inunique="" |
443 | local outunique="" | | 445 | local outunique="" |
444 | local inid="" | | 446 | local inid="" |
445 | local outid="" | | 447 | local outid="" |
446 | local algo_args="$(generate_algo_args $proto $algo)" | | 448 | local algo_args="$(generate_algo_args $proto $algo)" |
447 | | | 449 | |
448 | inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` | | 450 | inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` |
| | | 451 | atf_check -s exit:0 test "X$inunique" != "X" |
449 | outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` | | 452 | outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` |
| | | 453 | atf_check -s exit:0 test "X$outunique" != "X" |
450 | | | 454 | |
451 | if [ ${dir} = "1to2" ] ; then | | 455 | if [ ${dir} = "1to2" ] ; then |
452 | inid="20000" | | 456 | inid="20000" |
453 | outid="20001" | | 457 | outid="20001" |
454 | else | | 458 | else |
455 | inid="20001" | | 459 | inid="20001" |
456 | outid="20000" | | 460 | outid="20000" |
457 | fi | | 461 | fi |
458 | | | 462 | |
459 | cat > $tmpfile <<-EOF | | 463 | cat > $tmpfile <<-EOF |
460 | add $dst $src $proto $inid -u $inunique $algo_args; | | 464 | add $dst $src $proto $inid -u $inunique $algo_args; |
461 | add $src $dst $proto $outid -u $outunique $algo_args; | | 465 | add $src $dst $proto $outid -u $outunique $algo_args; |
462 | EOF | | 466 | EOF |
463 | $DEBUG && cat $tmpfile | | 467 | $DEBUG && cat $tmpfile |
464 | export RUMP_SERVER=$sock | | 468 | export RUMP_SERVER=$sock |
465 | atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile | | 469 | atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile |
466 | $DEBUG && $HIJACKING setkey -D | | 470 | $DEBUG && $HIJACKING setkey -D |
467 | $DEBUG && $HIJACKING setkey -DP | | 471 | $DEBUG && $HIJACKING setkey -DP |
468 | unset RUMP_SERVER | | 472 | unset RUMP_SERVER |
469 | } | | 473 | } |
470 | | | 474 | |
471 | setup_dummy_tunnel() | | 475 | setup_dummy_tunnel() |
472 | { | | 476 | { |
473 | local inner=${1} | | 477 | local inner=${1} |
474 | local outer=${2} | | 478 | local outer=${2} |
475 | local proto=${3} | | 479 | local proto=${3} |
476 | local algo=${4} | | 480 | local algo=${4} |
477 | | | 481 | |
478 | local addr="" | | 482 | local addr="" |
479 | local remote="" | | 483 | local remote="" |
480 | local src="" | | 484 | local src="" |
481 | local dst="" | | 485 | local dst="" |
482 | | | 486 | |
483 | if [ ${inner} = "ipv6" ]; then | | 487 | if [ ${inner} = "ipv6" ]; then |
484 | addr=$ROUTER1_IPSECIP6_DUMMY | | 488 | addr=$ROUTER1_IPSECIP6_DUMMY |
485 | remote=$ROUTER2_IPSECIP6_DUMMY | | 489 | remote=$ROUTER2_IPSECIP6_DUMMY |
486 | else | | 490 | else |
487 | addr=$ROUTER1_IPSECIP_DUMMY | | 491 | addr=$ROUTER1_IPSECIP_DUMMY |
488 | remote=$ROUTER2_IPSECIP_DUMMY | | 492 | remote=$ROUTER2_IPSECIP_DUMMY |
489 | fi | | 493 | fi |
490 | if [ ${outer} = "ipv6" ]; then | | 494 | if [ ${outer} = "ipv6" ]; then |
491 | src=$ROUTER1_WANIP6_DUMMY | | 495 | src=$ROUTER1_WANIP6_DUMMY |
492 | dst=$ROUTER2_WANIP6_DUMMY | | 496 | dst=$ROUTER2_WANIP6_DUMMY |
493 | else | | 497 | else |
494 | src=$ROUTER1_WANIP_DUMMY | | 498 | src=$ROUTER1_WANIP_DUMMY |
495 | dst=$ROUTER2_WANIP_DUMMY | | 499 | dst=$ROUTER2_WANIP_DUMMY |
496 | fi | | 500 | fi |
497 | setup_dummy_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ | | 501 | setup_dummy_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ |
498 | ${src} ${dst} ${proto} ${algo} "1to2" | | 502 | ${src} ${dst} ${proto} ${algo} "1to2" |
499 | setup_dummy_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" | | 503 | setup_dummy_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" |
500 | | | 504 | |
501 | if [ $inner = "ipv6" ]; then | | 505 | if [ $inner = "ipv6" ]; then |
502 | addr=$ROUTER2_IPSECIP6_DUMMY | | 506 | addr=$ROUTER2_IPSECIP6_DUMMY |
503 | remote=$ROUTER1_IPSECIP6_DUMMY | | 507 | remote=$ROUTER1_IPSECIP6_DUMMY |
504 | else | | 508 | else |
505 | addr=$ROUTER2_IPSECIP_DUMMY | | 509 | addr=$ROUTER2_IPSECIP_DUMMY |
506 | remote=$ROUTER1_IPSECIP_DUMMY | | 510 | remote=$ROUTER1_IPSECIP_DUMMY |
507 | fi | | 511 | fi |
508 | if [ $outer = "ipv6" ]; then | | 512 | if [ $outer = "ipv6" ]; then |
509 | src=$ROUTER2_WANIP6_DUMMY | | 513 | src=$ROUTER2_WANIP6_DUMMY |
510 | dst=$ROUTER1_WANIP6_DUMMY | | 514 | dst=$ROUTER1_WANIP6_DUMMY |
511 | else | | 515 | else |
512 | src=$ROUTER2_WANIP_DUMMY | | 516 | src=$ROUTER2_WANIP_DUMMY |
513 | dst=$ROUTER1_WANIP_DUMMY | | 517 | dst=$ROUTER1_WANIP_DUMMY |
514 | fi | | 518 | fi |
515 | setup_dummy_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ | | 519 | setup_dummy_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ |
516 | ${src} ${dst} ${proto} ${algo} "2to1" | | 520 | ${src} ${dst} ${proto} ${algo} "2to1" |
517 | setup_dummy_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" | | 521 | setup_dummy_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" |
518 | } | | 522 | } |
519 | | | 523 | |
520 | test_setup_dummy_tunnel() | | 524 | test_setup_dummy_tunnel() |
521 | { | | 525 | { |
522 | export RUMP_SERVER=$SOCK1 | | 526 | export RUMP_SERVER=$SOCK1 |
523 | atf_check -s exit:0 -o match:ipsec1 rump.ifconfig | | 527 | atf_check -s exit:0 -o match:ipsec1 rump.ifconfig |
524 | | | 528 | |
525 | export RUMP_SERVER=$SOCK2 | | 529 | export RUMP_SERVER=$SOCK2 |
526 | atf_check -s exit:0 -o match:ipsec1 rump.ifconfig | | 530 | atf_check -s exit:0 -o match:ipsec1 rump.ifconfig |
527 | | | 531 | |
528 | unset RUMP_SERVER | | 532 | unset RUMP_SERVER |
529 | } | | 533 | } |
530 | | | 534 | |
531 | teardown_dummy_tunnel() | | 535 | teardown_dummy_tunnel() |
532 | { | | 536 | { |
533 | export RUMP_SERVER=$SOCK1 | | 537 | export RUMP_SERVER=$SOCK1 |
534 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel | | 538 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel |
535 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy | | 539 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy |
536 | | | 540 | |
537 | export RUMP_SERVER=$SOCK2 | | 541 | export RUMP_SERVER=$SOCK2 |
538 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel | | 542 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel |
539 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy | | 543 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy |
540 | | | 544 | |
541 | unset RUMP_SERVER | | 545 | unset RUMP_SERVER |
542 | } | | 546 | } |
543 | | | 547 | |
544 | setup_recursive_if_ipsec() | | 548 | setup_recursive_if_ipsec() |
545 | { | | 549 | { |
546 | local sock=${1} | | 550 | local sock=${1} |
547 | local ipsec=${2} | | 551 | local ipsec=${2} |
548 | local addr=${3} | | 552 | local addr=${3} |
549 | local remote=${4} | | 553 | local remote=${4} |
550 | local inner=${5} | | 554 | local inner=${5} |
551 | local src=${6} | | 555 | local src=${6} |
552 | local dst=${7} | | 556 | local dst=${7} |
553 | local proto=${8} | | 557 | local proto=${8} |
554 | local algo=${9} | | 558 | local algo=${9} |
555 | local dir=${10} | | 559 | local dir=${10} |
556 | | | 560 | |
557 | export RUMP_SERVER=${sock} | | 561 | export RUMP_SERVER=${sock} |
558 | atf_check -s exit:0 rump.ifconfig ${ipsec} create | | 562 | atf_check -s exit:0 rump.ifconfig ${ipsec} create |
559 | atf_check -s exit:0 rump.ifconfig ${ipsec} tunnel ${src} ${dst} | | 563 | atf_check -s exit:0 rump.ifconfig ${ipsec} tunnel ${src} ${dst} |
560 | if [ ${inner} = "ipv6" ]; then | | 564 | if [ ${inner} = "ipv6" ]; then |
561 | atf_check -s exit:0 rump.ifconfig ${ipsec} inet6 ${addr}/128 ${remote} | | 565 | atf_check -s exit:0 rump.ifconfig ${ipsec} inet6 ${addr}/128 ${remote} |
562 | else | | 566 | else |
563 | atf_check -s exit:0 rump.ifconfig ${ipsec} inet ${addr}/32 ${remote} | | 567 | atf_check -s exit:0 rump.ifconfig ${ipsec} inet ${addr}/32 ${remote} |
564 | fi | | 568 | fi |
565 | setup_if_ipsec_sa $sock ${src} ${dst} ${inner} ${proto} ${algo} ${dir} | | 569 | setup_if_ipsec_sa $sock ${src} ${dst} ${inner} ${proto} ${algo} ${dir} |
566 | | | 570 | |
567 | export RUMP_SERVER=${sock} | | 571 | export RUMP_SERVER=${sock} |
568 | rump.ifconfig ${ipsec} | | 572 | rump.ifconfig ${ipsec} |
569 | unset RUMP_SERVER | | 573 | unset RUMP_SERVER |
570 | } | | 574 | } |
571 | | | 575 | |
572 | # test in ROUTER1 only | | 576 | # test in ROUTER1 only |
573 | setup_recursive_tunnels() | | 577 | setup_recursive_tunnels() |
574 | { | | 578 | { |
575 | local mode=${1} | | 579 | local mode=${1} |
576 | local proto=${2} | | 580 | local proto=${2} |
577 | local algo=${3} | | 581 | local algo=${3} |
578 | | | 582 | |
579 | local addr="" | | 583 | local addr="" |
580 | local remote="" | | 584 | local remote="" |
581 | local src="" | | 585 | local src="" |
582 | local dst="" | | 586 | local dst="" |
583 | | | 587 | |
584 | if [ ${mode} = "ipv6" ]; then | | 588 | if [ ${mode} = "ipv6" ]; then |
585 | addr=$ROUTER1_IPSECIP6_RECURSIVE1 | | 589 | addr=$ROUTER1_IPSECIP6_RECURSIVE1 |
586 | remote=$ROUTER2_IPSECIP6_RECURSIVE1 | | 590 | remote=$ROUTER2_IPSECIP6_RECURSIVE1 |
587 | src=$ROUTER1_IPSECIP6 | | 591 | src=$ROUTER1_IPSECIP6 |
588 | dst=$ROUTER2_IPSECIP6 | | 592 | dst=$ROUTER2_IPSECIP6 |
589 | else | | 593 | else |
590 | addr=$ROUTER1_IPSECIP_RECURSIVE1 | | 594 | addr=$ROUTER1_IPSECIP_RECURSIVE1 |
591 | remote=$ROUTER2_IPSECIP_RECURSIVE1 | | 595 | remote=$ROUTER2_IPSECIP_RECURSIVE1 |
592 | src=$ROUTER1_IPSECIP | | 596 | src=$ROUTER1_IPSECIP |
593 | dst=$ROUTER2_IPSECIP | | 597 | dst=$ROUTER2_IPSECIP |
594 | fi | | 598 | fi |
595 | setup_recursive_if_ipsec $SOCK1 ipsec1 ${addr} ${remote} ${mode} \ | | 599 | setup_recursive_if_ipsec $SOCK1 ipsec1 ${addr} ${remote} ${mode} \ |
596 | ${src} ${dst} ${proto} ${algo} "1to2" | | 600 | ${src} ${dst} ${proto} ${algo} "1to2" |
597 | | | 601 | |
598 | if [ ${mode} = "ipv6" ]; then | | 602 | if [ ${mode} = "ipv6" ]; then |
599 | addr=$ROUTER1_IPSECIP6_RECURSIVE2 | | 603 | addr=$ROUTER1_IPSECIP6_RECURSIVE2 |
600 | remote=$ROUTER2_IPSECIP6_RECURSIVE2 | | 604 | remote=$ROUTER2_IPSECIP6_RECURSIVE2 |
601 | src=$ROUTER1_IPSECIP6_RECURSIVE1 | | 605 | src=$ROUTER1_IPSECIP6_RECURSIVE1 |
602 | dst=$ROUTER2_IPSECIP6_RECURSIVE1 | | 606 | dst=$ROUTER2_IPSECIP6_RECURSIVE1 |
603 | else | | 607 | else |
604 | addr=$ROUTER1_IPSECIP_RECURSIVE2 | | 608 | addr=$ROUTER1_IPSECIP_RECURSIVE2 |
605 | remote=$ROUTER2_IPSECIP_RECURSIVE2 | | 609 | remote=$ROUTER2_IPSECIP_RECURSIVE2 |
606 | src=$ROUTER1_IPSECIP_RECURSIVE1 | | 610 | src=$ROUTER1_IPSECIP_RECURSIVE1 |
607 | dst=$ROUTER2_IPSECIP_RECURSIVE1 | | 611 | dst=$ROUTER2_IPSECIP_RECURSIVE1 |
608 | fi | | 612 | fi |
609 | setup_recursive_if_ipsec $SOCK1 ipsec2 ${addr} ${remote} ${mode} \ | | 613 | setup_recursive_if_ipsec $SOCK1 ipsec2 ${addr} ${remote} ${mode} \ |
610 | ${src} ${dst} ${proto} ${algo} "1to2" | | 614 | ${src} ${dst} ${proto} ${algo} "1to2" |
611 | } | | 615 | } |
612 | | | 616 | |
613 | # test in router1 only | | 617 | # test in router1 only |
614 | test_recursive_check() | | 618 | test_recursive_check() |
615 | { | | 619 | { |
616 | local mode=$1 | | 620 | local mode=$1 |
617 | | | 621 | |
618 | export RUMP_SERVER=$SOCK1 | | 622 | export RUMP_SERVER=$SOCK1 |
619 | if [ ${mode} = "ipv6" ]; then | | 623 | if [ ${mode} = "ipv6" ]; then |
620 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 624 | atf_check -s not-exit:0 -o ignore -e ignore \ |
621 | rump.ping6 -n -X $TIMEOUT -c 1 $ROUTER2_IPSECIP6_RECURSIVE2 | | 625 | rump.ping6 -n -X $TIMEOUT -c 1 $ROUTER2_IPSECIP6_RECURSIVE2 |
622 | else | | 626 | else |
623 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 627 | atf_check -s not-exit:0 -o ignore -e ignore \ |
624 | rump.ping -n -w $TIMEOUT -c 1 $ROUTER2_IPSECIP_RECURSIVE2 | | 628 | rump.ping -n -w $TIMEOUT -c 1 $ROUTER2_IPSECIP_RECURSIVE2 |
625 | fi | | 629 | fi |
626 | | | 630 | |
627 | atf_check -o match:'ipsec0: recursively called too many times' \ | | 631 | atf_check -o match:'ipsec0: recursively called too many times' \ |
628 | -x "$HIJACKING dmesg" | | 632 | -x "$HIJACKING dmesg" |
629 | | | 633 | |
630 | $HIJACKING dmesg | | 634 | $HIJACKING dmesg |
631 | | | 635 | |
632 | unset RUMP_SERVER | | 636 | unset RUMP_SERVER |
633 | } | | 637 | } |
634 | | | 638 | |
635 | teardown_recursive_tunnels() | | 639 | teardown_recursive_tunnels() |
636 | { | | 640 | { |
637 | export RUMP_SERVER=$SOCK1 | | 641 | export RUMP_SERVER=$SOCK1 |
638 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel | | 642 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel |
639 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy | | 643 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy |
640 | atf_check -s exit:0 rump.ifconfig ipsec2 deletetunnel | | 644 | atf_check -s exit:0 rump.ifconfig ipsec2 deletetunnel |
641 | atf_check -s exit:0 rump.ifconfig ipsec2 destroy | | 645 | atf_check -s exit:0 rump.ifconfig ipsec2 destroy |
642 | unset RUMP_SERVER | | 646 | unset RUMP_SERVER |
643 | } | | 647 | } |
644 | | | 648 | |
645 | test_ping_failure() | | 649 | test_ping_failure() |
646 | { | | 650 | { |
647 | local mode=$1 | | 651 | local mode=$1 |
648 | | | 652 | |
649 | export RUMP_SERVER=$SOCK1 | | 653 | export RUMP_SERVER=$SOCK1 |
650 | if [ ${mode} = "ipv6" ]; then | | 654 | if [ ${mode} = "ipv6" ]; then |
651 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 655 | atf_check -s not-exit:0 -o ignore -e ignore \ |
652 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ | | 656 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ |
653 | $ROUTER2_LANIP6 | | 657 | $ROUTER2_LANIP6 |
654 | else | | 658 | else |
655 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 659 | atf_check -s not-exit:0 -o ignore -e ignore \ |
656 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ | | 660 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ |
657 | $ROUTER2_LANIP | | 661 | $ROUTER2_LANIP |
658 | fi | | 662 | fi |
659 | | | 663 | |
660 | export RUMP_SERVER=$SOCK2 | | 664 | export RUMP_SERVER=$SOCK2 |
661 | if [ ${mode} = "ipv6" ]; then | | 665 | if [ ${mode} = "ipv6" ]; then |
662 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 666 | atf_check -s not-exit:0 -o ignore -e ignore \ |
663 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ | | 667 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ |
664 | $ROUTER1_LANIP6 | | 668 | $ROUTER1_LANIP6 |
665 | else | | 669 | else |
666 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 670 | atf_check -s not-exit:0 -o ignore -e ignore \ |
667 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ | | 671 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ |
668 | $ROUTER2_LANIP | | 672 | $ROUTER2_LANIP |
669 | fi | | 673 | fi |
670 | | | 674 | |
671 | unset RUMP_SERVER | | 675 | unset RUMP_SERVER |
672 | } | | 676 | } |
673 | | | 677 | |
674 | test_ping_success() | | 678 | test_ping_success() |
675 | { | | 679 | { |
676 | mode=$1 | | 680 | mode=$1 |
677 | | | 681 | |
678 | export RUMP_SERVER=$SOCK1 | | 682 | export RUMP_SERVER=$SOCK1 |
679 | rump.ifconfig -v ipsec0 | | 683 | rump.ifconfig -v ipsec0 |
680 | if [ ${mode} = "ipv6" ]; then | | 684 | if [ ${mode} = "ipv6" ]; then |
681 | # XXX | | 685 | # XXX |
682 | # rump.ping6 rarely fails with the message that | | 686 | # rump.ping6 rarely fails with the message that |
683 | # "failed to get receiving hop limit". | | 687 | # "failed to get receiving hop limit". |
684 | # This is a known issue being analyzed. | | 688 | # This is a known issue being analyzed. |
685 | atf_check -s exit:0 -o ignore \ | | 689 | atf_check -s exit:0 -o ignore \ |
686 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ | | 690 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ |
687 | $ROUTER2_LANIP6 | | 691 | $ROUTER2_LANIP6 |
688 | else | | 692 | else |
689 | atf_check -s exit:0 -o ignore \ | | 693 | atf_check -s exit:0 -o ignore \ |
690 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ | | 694 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ |
691 | $ROUTER2_LANIP | | 695 | $ROUTER2_LANIP |
692 | fi | | 696 | fi |
693 | rump.ifconfig -v ipsec0 | | 697 | rump.ifconfig -v ipsec0 |
694 | | | 698 | |
695 | export RUMP_SERVER=$SOCK2 | | 699 | export RUMP_SERVER=$SOCK2 |
696 | rump.ifconfig -v ipsec0 | | 700 | rump.ifconfig -v ipsec0 |
697 | if [ ${mode} = "ipv6" ]; then | | 701 | if [ ${mode} = "ipv6" ]; then |
698 | atf_check -s exit:0 -o ignore \ | | 702 | atf_check -s exit:0 -o ignore \ |
699 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ | | 703 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ |
700 | $ROUTER1_LANIP6 | | 704 | $ROUTER1_LANIP6 |
701 | else | | 705 | else |
702 | atf_check -s exit:0 -o ignore \ | | 706 | atf_check -s exit:0 -o ignore \ |
703 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ | | 707 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ |
704 | $ROUTER1_LANIP | | 708 | $ROUTER1_LANIP |
705 | fi | | 709 | fi |
706 | rump.ifconfig -v ipsec0 | | 710 | rump.ifconfig -v ipsec0 |
707 | | | 711 | |
708 | unset RUMP_SERVER | | 712 | unset RUMP_SERVER |
709 | } | | 713 | } |
710 | | | 714 | |
711 | test_change_tunnel_duplicate() | | 715 | test_change_tunnel_duplicate() |
712 | { | | 716 | { |
713 | local mode=$1 | | 717 | local mode=$1 |
714 | | | 718 | |
715 | local newsrc="" | | 719 | local newsrc="" |
716 | local newdst="" | | 720 | local newdst="" |
717 | if [ ${mode} = "ipv6" ]; then | | 721 | if [ ${mode} = "ipv6" ]; then |
718 | newsrc=$ROUTER1_WANIP6_DUMMY | | 722 | newsrc=$ROUTER1_WANIP6_DUMMY |
719 | newdst=$ROUTER2_WANIP6_DUMMY | | 723 | newdst=$ROUTER2_WANIP6_DUMMY |
720 | else | | 724 | else |
721 | newsrc=$ROUTER1_WANIP_DUMMY | | 725 | newsrc=$ROUTER1_WANIP_DUMMY |
722 | newdst=$ROUTER2_WANIP_DUMMY | | 726 | newdst=$ROUTER2_WANIP_DUMMY |
723 | fi | | 727 | fi |
724 | export RUMP_SERVER=$SOCK1 | | 728 | export RUMP_SERVER=$SOCK1 |
725 | rump.ifconfig -v ipsec0 | | 729 | rump.ifconfig -v ipsec0 |
726 | rump.ifconfig -v ipsec1 | | 730 | rump.ifconfig -v ipsec1 |
727 | atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ | | 731 | atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ |
728 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} | | 732 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} |
729 | rump.ifconfig -v ipsec0 | | 733 | rump.ifconfig -v ipsec0 |
730 | rump.ifconfig -v ipsec1 | | 734 | rump.ifconfig -v ipsec1 |
731 | | | 735 | |
732 | if [ ${mode} = "ipv6" ]; then | | 736 | if [ ${mode} = "ipv6" ]; then |
733 | newsrc=$ROUTER2_WANIP6_DUMMY | | 737 | newsrc=$ROUTER2_WANIP6_DUMMY |
734 | newdst=$ROUTER1_WANIP6_DUMMY | | 738 | newdst=$ROUTER1_WANIP6_DUMMY |
735 | else | | 739 | else |
736 | newsrc=$ROUTER2_WANIP_DUMMY | | 740 | newsrc=$ROUTER2_WANIP_DUMMY |
737 | newdst=$ROUTER1_WANIP_DUMMY | | 741 | newdst=$ROUTER1_WANIP_DUMMY |
738 | fi | | 742 | fi |
739 | export RUMP_SERVER=$SOCK2 | | 743 | export RUMP_SERVER=$SOCK2 |
740 | rump.ifconfig -v ipsec0 | | 744 | rump.ifconfig -v ipsec0 |
741 | rump.ifconfig -v ipsec1 | | 745 | rump.ifconfig -v ipsec1 |
742 | atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ | | 746 | atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ |
743 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} | | 747 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} |
744 | rump.ifconfig -v ipsec0 | | 748 | rump.ifconfig -v ipsec0 |
745 | rump.ifconfig -v ipsec1 | | 749 | rump.ifconfig -v ipsec1 |
746 | | | 750 | |
747 | unset RUMP_SERVER | | 751 | unset RUMP_SERVER |
748 | } | | 752 | } |
749 | | | 753 | |
750 | test_change_tunnel_success() | | 754 | test_change_tunnel_success() |
751 | { | | 755 | { |
752 | local mode=$1 | | 756 | local mode=$1 |
753 | | | 757 | |
754 | local newsrc="" | | 758 | local newsrc="" |
755 | local newdst="" | | 759 | local newdst="" |
756 | if [ ${mode} = "ipv6" ]; then | | 760 | if [ ${mode} = "ipv6" ]; then |
757 | newsrc=$ROUTER1_WANIP6_DUMMY | | 761 | newsrc=$ROUTER1_WANIP6_DUMMY |
758 | newdst=$ROUTER2_WANIP6_DUMMY | | 762 | newdst=$ROUTER2_WANIP6_DUMMY |
759 | else | | 763 | else |
760 | newsrc=$ROUTER1_WANIP_DUMMY | | 764 | newsrc=$ROUTER1_WANIP_DUMMY |
761 | newdst=$ROUTER2_WANIP_DUMMY | | 765 | newdst=$ROUTER2_WANIP_DUMMY |
762 | fi | | 766 | fi |
763 | export RUMP_SERVER=$SOCK1 | | 767 | export RUMP_SERVER=$SOCK1 |
764 | rump.ifconfig -v ipsec0 | | 768 | rump.ifconfig -v ipsec0 |
765 | atf_check -s exit:0 \ | | 769 | atf_check -s exit:0 \ |
766 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} | | 770 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} |
767 | rump.ifconfig -v ipsec0 | | 771 | rump.ifconfig -v ipsec0 |
768 | | | 772 | |
769 | if [ ${mode} = "ipv6" ]; then | | 773 | if [ ${mode} = "ipv6" ]; then |
770 | newsrc=$ROUTER2_WANIP6_DUMMY | | 774 | newsrc=$ROUTER2_WANIP6_DUMMY |
771 | newdst=$ROUTER1_WANIP6_DUMMY | | 775 | newdst=$ROUTER1_WANIP6_DUMMY |
772 | else | | 776 | else |
773 | newsrc=$ROUTER2_WANIP_DUMMY | | 777 | newsrc=$ROUTER2_WANIP_DUMMY |
774 | newdst=$ROUTER1_WANIP_DUMMY | | 778 | newdst=$ROUTER1_WANIP_DUMMY |
775 | fi | | 779 | fi |
776 | export RUMP_SERVER=$SOCK2 | | 780 | export RUMP_SERVER=$SOCK2 |
777 | rump.ifconfig -v ipsec0 | | 781 | rump.ifconfig -v ipsec0 |
778 | atf_check -s exit:0 \ | | 782 | atf_check -s exit:0 \ |
779 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} | | 783 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} |
780 | rump.ifconfig -v ipsec0 | | 784 | rump.ifconfig -v ipsec0 |
781 | | | 785 | |
782 | unset RUMP_SERVER | | 786 | unset RUMP_SERVER |
783 | } | | 787 | } |
784 | | | 788 | |
785 | basic_setup() | | 789 | basic_setup() |
786 | { | | 790 | { |
787 | local inner=$1 | | 791 | local inner=$1 |
788 | local outer=$2 | | 792 | local outer=$2 |
789 | local proto=$3 | | 793 | local proto=$3 |
790 | local algo=$4 | | 794 | local algo=$4 |
791 | | | 795 | |
792 | setup ${inner} ${outer} | | 796 | setup ${inner} ${outer} |
793 | test_setup ${inner} ${outer} | | 797 | test_setup ${inner} ${outer} |
794 | | | 798 | |
795 | # Enable once PR kern/49219 is fixed | | 799 | # Enable once PR kern/49219 is fixed |
796 | #test_ping_failure | | 800 | #test_ping_failure |
797 | | | 801 | |
798 | setup_tunnel ${inner} ${outer} ${proto} ${algo} | | 802 | setup_tunnel ${inner} ${outer} ${proto} ${algo} |
799 | sleep 1 | | 803 | sleep 1 |
800 | test_setup_tunnel ${inner} | | 804 | test_setup_tunnel ${inner} |
801 | } | | 805 | } |
802 | | | 806 | |
803 | basic_test() | | 807 | basic_test() |
804 | { | | 808 | { |
805 | local inner=$1 | | 809 | local inner=$1 |
806 | local outer=$2 # not use | | 810 | local outer=$2 # not use |
807 | | | 811 | |
808 | test_ping_success ${inner} | | 812 | test_ping_success ${inner} |
809 | } | | 813 | } |
810 | | | 814 | |
811 | basic_teardown() | | 815 | basic_teardown() |
812 | { | | 816 | { |
813 | local inner=$1 | | 817 | local inner=$1 |
814 | local outer=$2 # not use | | 818 | local outer=$2 # not use |
815 | | | 819 | |
816 | teardown_tunnel | | 820 | teardown_tunnel |
817 | test_ping_failure ${inner} | | 821 | test_ping_failure ${inner} |
818 | } | | 822 | } |
819 | | | 823 | |
820 | ioctl_setup() | | 824 | ioctl_setup() |
821 | { | | 825 | { |
822 | local inner=$1 | | 826 | local inner=$1 |
823 | local outer=$2 | | 827 | local outer=$2 |
824 | local proto=$3 | | 828 | local proto=$3 |
825 | local algo=$4 | | 829 | local algo=$4 |
826 | | | 830 | |
827 | setup ${inner} ${outer} | | 831 | setup ${inner} ${outer} |
828 | test_setup ${inner} ${outer} | | 832 | test_setup ${inner} ${outer} |
829 | | | 833 | |
830 | # Enable once PR kern/49219 is fixed | | 834 | # Enable once PR kern/49219 is fixed |
831 | #test_ping_failure | | 835 | #test_ping_failure |
832 | | | 836 | |
833 | setup_tunnel ${inner} ${outer} ${proto} ${algo} | | 837 | setup_tunnel ${inner} ${outer} ${proto} ${algo} |
834 | setup_dummy_tunnel ${inner} ${outer} ${proto} ${algo} | | 838 | setup_dummy_tunnel ${inner} ${outer} ${proto} ${algo} |
835 | sleep 1 | | 839 | sleep 1 |
836 | test_setup_tunnel ${inner} | | 840 | test_setup_tunnel ${inner} |
837 | } | | 841 | } |
838 | | | 842 | |
839 | ioctl_test() | | 843 | ioctl_test() |
840 | { | | 844 | { |
841 | local inner=$1 | | 845 | local inner=$1 |
842 | local outer=$2 | | 846 | local outer=$2 |
843 | | | 847 | |
844 | test_ping_success ${inner} | | 848 | test_ping_success ${inner} |
845 | | | 849 | |
846 | test_change_tunnel_duplicate ${outer} | | 850 | test_change_tunnel_duplicate ${outer} |
847 | | | 851 | |
848 | teardown_dummy_tunnel | | 852 | teardown_dummy_tunnel |
849 | test_change_tunnel_success ${outer} | | 853 | test_change_tunnel_success ${outer} |
850 | } | | 854 | } |
851 | | | 855 | |
852 | ioctl_teardown() | | 856 | ioctl_teardown() |
853 | { | | 857 | { |
854 | local inner=$1 | | 858 | local inner=$1 |
855 | local outer=$2 # not use | | 859 | local outer=$2 # not use |
856 | | | 860 | |
857 | teardown_tunnel | | 861 | teardown_tunnel |
858 | test_ping_failure ${inner} | | 862 | test_ping_failure ${inner} |
859 | } | | 863 | } |
860 | | | 864 | |
861 | recursive_setup() | | 865 | recursive_setup() |
862 | { | | 866 | { |
863 | local inner=$1 | | 867 | local inner=$1 |
864 | local outer=$2 | | 868 | local outer=$2 |
865 | local proto=$3 | | 869 | local proto=$3 |
866 | local algo=$4 | | 870 | local algo=$4 |
867 | | | 871 | |
868 | setup ${inner} ${outer} | | 872 | setup ${inner} ${outer} |
869 | test_setup ${inner} ${outer} | | 873 | test_setup ${inner} ${outer} |
870 | | | 874 | |
871 | # Enable once PR kern/49219 is fixed | | 875 | # Enable once PR kern/49219 is fixed |
872 | #test_ping_failure | | 876 | #test_ping_failure |
873 | | | 877 | |
874 | setup_tunnel ${inner} ${outer} ${proto} ${algo} | | 878 | setup_tunnel ${inner} ${outer} ${proto} ${algo} |
875 | setup_recursive_tunnels ${inner} ${proto} ${algo} | | 879 | setup_recursive_tunnels ${inner} ${proto} ${algo} |
876 | sleep 1 | | 880 | sleep 1 |
877 | test_setup_tunnel ${inner} | | 881 | test_setup_tunnel ${inner} |
878 | } | | 882 | } |
879 | | | 883 | |
880 | recursive_test() | | 884 | recursive_test() |
881 | { | | 885 | { |
882 | local inner=$1 | | 886 | local inner=$1 |
883 | local outer=$2 # not use | | 887 | local outer=$2 # not use |
884 | | | 888 | |
885 | test_recursive_check ${inner} | | 889 | test_recursive_check ${inner} |
886 | } | | 890 | } |
887 | | | 891 | |
888 | recursive_teardown() | | 892 | recursive_teardown() |
889 | { | | 893 | { |
890 | local inner=$1 # not use | | 894 | local inner=$1 # not use |
891 | local outer=$2 # not use | | 895 | local outer=$2 # not use |
892 | | | 896 | |
893 | teardown_recursive_tunnels | | 897 | teardown_recursive_tunnels |
894 | teardown_tunnel | | 898 | teardown_tunnel |
895 | } | | 899 | } |
896 | | | 900 | |
897 | add_test() | | 901 | add_test() |
898 | { | | 902 | { |
899 | local category=$1 | | 903 | local category=$1 |
900 | local desc=$2 | | 904 | local desc=$2 |
901 | local inner=$3 | | 905 | local inner=$3 |
902 | local outer=$4 | | 906 | local outer=$4 |
903 | local proto=$5 | | 907 | local proto=$5 |
904 | local algo=$6 | | 908 | local algo=$6 |
905 | local _algo=$(echo $algo | sed 's/-//g') | | 909 | local _algo=$(echo $algo | sed 's/-//g') |
906 | | | 910 | |
907 | name="ipsecif_${category}_${inner}over${outer}_${proto}_${_algo}" | | 911 | name="ipsecif_${category}_${inner}over${outer}_${proto}_${_algo}" |
908 | fulldesc="Does ${inner} over ${outer} if_ipsec ${desc}" | | 912 | fulldesc="Does ${inner} over ${outer} if_ipsec ${desc}" |
909 | | | 913 | |
910 | atf_test_case ${name} cleanup | | 914 | atf_test_case ${name} cleanup |
911 | eval "${name}_head() { | | 915 | eval "${name}_head() { |
912 | atf_set descr \"${fulldesc}\" | | 916 | atf_set descr \"${fulldesc}\" |
913 | atf_set require.progs rump_server setkey | | 917 | atf_set require.progs rump_server setkey |
914 | } | | 918 | } |
915 | ${name}_body() { | | 919 | ${name}_body() { |
916 | ${category}_setup ${inner} ${outer} ${proto} ${algo} | | 920 | ${category}_setup ${inner} ${outer} ${proto} ${algo} |
917 | ${category}_test ${inner} ${outer} | | 921 | ${category}_test ${inner} ${outer} |
918 | ${category}_teardown ${inner} ${outer} | | 922 | ${category}_teardown ${inner} ${outer} |
919 | rump_server_destroy_ifaces | | 923 | rump_server_destroy_ifaces |
920 | } | | 924 | } |
921 | ${name}_cleanup() { | | 925 | ${name}_cleanup() { |
922 | \$DEBUG && dump | | 926 | \$DEBUG && dump |
923 | cleanup | | 927 | cleanup |
924 | }" | | 928 | }" |
925 | atf_add_test_case ${name} | | 929 | atf_add_test_case ${name} |
926 | } | | 930 | } |
927 | | | 931 | |
928 | add_test_allproto() | | 932 | add_test_allproto() |
929 | { | | 933 | { |
930 | local category=$1 | | 934 | local category=$1 |
931 | local desc=$2 | | 935 | local desc=$2 |
932 | | | 936 | |
933 | for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do | | 937 | for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do |
934 | add_test ${category} "${desc}" ipv4 ipv4 esp $algo | | 938 | add_test ${category} "${desc}" ipv4 ipv4 esp $algo |
935 | add_test ${category} "${desc}" ipv4 ipv6 esp $algo | | 939 | add_test ${category} "${desc}" ipv4 ipv6 esp $algo |
936 | add_test ${category} "${desc}" ipv6 ipv4 esp $algo | | 940 | add_test ${category} "${desc}" ipv6 ipv4 esp $algo |
937 | add_test ${category} "${desc}" ipv6 ipv6 esp $algo | | 941 | add_test ${category} "${desc}" ipv6 ipv6 esp $algo |
938 | done | | 942 | done |
939 | | | 943 | |
940 | # ah does not support yet | | 944 | # ah does not support yet |
941 | } | | 945 | } |
942 | | | 946 | |
943 | atf_init_test_cases() | | 947 | atf_init_test_cases() |
944 | { | | 948 | { |
945 | | | 949 | |
946 | atf_add_test_case ipsecif_create_destroy | | 950 | atf_add_test_case ipsecif_create_destroy |
947 | | | 951 | |
948 | add_test_allproto basic "basic tests" | | 952 | add_test_allproto basic "basic tests" |
949 | add_test_allproto ioctl "ioctl tests" | | 953 | add_test_allproto ioctl "ioctl tests" |
950 | add_test_allproto recursive "recursive check tests" | | 954 | add_test_allproto recursive "recursive check tests" |
951 | } | | 955 | } |