Tue Mar 13 03:50:26 2018 UTC ()
Enhance assertion ipsecif(4) ATF to avoid confusing setkey(8) error message.

When setkey(8) says "syntax error at [-E]", it must mean get_if_ipsec_unique()
failed.


(knakahara)
diff -r1.3 -r1.4 src/tests/net/if_ipsec/t_ipsec.sh
cvs diff -r1.3 -r1.4 src/tests/net/if_ipsec/t_ipsec.sh (switch to unified diff)

--- src/tests/net/if_ipsec/t_ipsec.sh 2018/02/01 05:22:01 1.3
+++ src/tests/net/if_ipsec/t_ipsec.sh 2018/03/13 03:50:26 1.4
@@ -1,951 +1,955 @@ @@ -1,951 +1,955 @@
1# $NetBSD: t_ipsec.sh,v 1.3 2018/02/01 05:22:01 ozaki-r Exp $ 1# $NetBSD: t_ipsec.sh,v 1.4 2018/03/13 03:50:26 knakahara Exp $
2# 2#
3# Copyright (c) 2017 Internet Initiative Japan Inc. 3# Copyright (c) 2017 Internet Initiative Japan Inc.
4# All rights reserved. 4# All rights reserved.
5# 5#
6# Redistribution and use in source and binary forms, with or without 6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions 7# modification, are permitted provided that the following conditions
8# are met: 8# are met:
9# 1. Redistributions of source code must retain the above copyright 9# 1. Redistributions of source code must retain the above copyright
10# notice, this list of conditions and the following disclaimer. 10# notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright 11# 2. Redistributions in binary form must reproduce the above copyright
12# notice, this list of conditions and the following disclaimer in the 12# notice, this list of conditions and the following disclaimer in the
13# documentation and/or other materials provided with the distribution. 13# documentation and/or other materials provided with the distribution.
14# 14#
15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25# POSSIBILITY OF SUCH DAMAGE. 25# POSSIBILITY OF SUCH DAMAGE.
26# 26#
27 27
28SOCK1=unix://commsock1 # for ROUTER1 28SOCK1=unix://commsock1 # for ROUTER1
29SOCK2=unix://commsock2 # for ROUTER2 29SOCK2=unix://commsock2 # for ROUTER2
30ROUTER1_LANIP=192.168.1.1 30ROUTER1_LANIP=192.168.1.1
31ROUTER1_LANNET=192.168.1.0/24 31ROUTER1_LANNET=192.168.1.0/24
32ROUTER1_WANIP=10.0.0.1 32ROUTER1_WANIP=10.0.0.1
33ROUTER1_IPSECIP=172.16.1.1 33ROUTER1_IPSECIP=172.16.1.1
34ROUTER1_WANIP_DUMMY=10.0.0.11 34ROUTER1_WANIP_DUMMY=10.0.0.11
35ROUTER1_IPSECIP_DUMMY=172.16.11.1 35ROUTER1_IPSECIP_DUMMY=172.16.11.1
36ROUTER1_IPSECIP_RECURSIVE1=172.16.101.1 36ROUTER1_IPSECIP_RECURSIVE1=172.16.101.1
37ROUTER1_IPSECIP_RECURSIVE2=172.16.201.1 37ROUTER1_IPSECIP_RECURSIVE2=172.16.201.1
38ROUTER2_LANIP=192.168.2.1 38ROUTER2_LANIP=192.168.2.1
39ROUTER2_LANNET=192.168.2.0/24 39ROUTER2_LANNET=192.168.2.0/24
40ROUTER2_WANIP=10.0.0.2 40ROUTER2_WANIP=10.0.0.2
41ROUTER2_IPSECIP=172.16.2.1 41ROUTER2_IPSECIP=172.16.2.1
42ROUTER2_WANIP_DUMMY=10.0.0.12 42ROUTER2_WANIP_DUMMY=10.0.0.12
43ROUTER2_IPSECIP_DUMMY=172.16.12.1 43ROUTER2_IPSECIP_DUMMY=172.16.12.1
44ROUTER2_IPSECIP_RECURSIVE1=172.16.102.1 44ROUTER2_IPSECIP_RECURSIVE1=172.16.102.1
45ROUTER2_IPSECIP_RECURSIVE2=172.16.202.1 45ROUTER2_IPSECIP_RECURSIVE2=172.16.202.1
46 46
47ROUTER1_LANIP6=fc00:1::1 47ROUTER1_LANIP6=fc00:1::1
48ROUTER1_LANNET6=fc00:1::/64 48ROUTER1_LANNET6=fc00:1::/64
49ROUTER1_WANIP6=fc00::1 49ROUTER1_WANIP6=fc00::1
50ROUTER1_IPSECIP6=fc00:3::1 50ROUTER1_IPSECIP6=fc00:3::1
51ROUTER1_WANIP6_DUMMY=fc00::11 51ROUTER1_WANIP6_DUMMY=fc00::11
52ROUTER1_IPSECIP6_DUMMY=fc00:13::1 52ROUTER1_IPSECIP6_DUMMY=fc00:13::1
53ROUTER1_IPSECIP6_RECURSIVE1=fc00:103::1 53ROUTER1_IPSECIP6_RECURSIVE1=fc00:103::1
54ROUTER1_IPSECIP6_RECURSIVE2=fc00:203::1 54ROUTER1_IPSECIP6_RECURSIVE2=fc00:203::1
55ROUTER2_LANIP6=fc00:2::1 55ROUTER2_LANIP6=fc00:2::1
56ROUTER2_LANNET6=fc00:2::/64 56ROUTER2_LANNET6=fc00:2::/64
57ROUTER2_WANIP6=fc00::2 57ROUTER2_WANIP6=fc00::2
58ROUTER2_IPSECIP6=fc00:4::1 58ROUTER2_IPSECIP6=fc00:4::1
59ROUTER2_WANIP6_DUMMY=fc00::12 59ROUTER2_WANIP6_DUMMY=fc00::12
60ROUTER2_IPSECIP6_DUMMY=fc00:14::1 60ROUTER2_IPSECIP6_DUMMY=fc00:14::1
61ROUTER2_IPSECIP6_RECURSIVE1=fc00:104::1 61ROUTER2_IPSECIP6_RECURSIVE1=fc00:104::1
62ROUTER2_IPSECIP6_RECURSIVE2=fc00:204::1 62ROUTER2_IPSECIP6_RECURSIVE2=fc00:204::1
63 63
64DEBUG=${DEBUG:-false} 64DEBUG=${DEBUG:-false}
65TIMEOUT=7 65TIMEOUT=7
66 66
67atf_test_case ipsecif_create_destroy cleanup 67atf_test_case ipsecif_create_destroy cleanup
68ipsecif_create_destroy_head() 68ipsecif_create_destroy_head()
69{ 69{
70 70
71 atf_set "descr" "Test creating/destroying gif interfaces" 71 atf_set "descr" "Test creating/destroying gif interfaces"
72 atf_set "require.progs" "rump_server" 72 atf_set "require.progs" "rump_server"
73} 73}
74 74
75ipsecif_create_destroy_body() 75ipsecif_create_destroy_body()
76{ 76{
77 77
78 rump_server_start $SOCK1 ipsec 78 rump_server_start $SOCK1 ipsec
79 79
80 test_create_destroy_common $SOCK1 ipsec0 80 test_create_destroy_common $SOCK1 ipsec0
81} 81}
82 82
83ipsecif_create_destroy_cleanup() 83ipsecif_create_destroy_cleanup()
84{ 84{
85 85
86 $DEBUG && dump 86 $DEBUG && dump
87 cleanup 87 cleanup
88} 88}
89 89
90setup_router() 90setup_router()
91{ 91{
92 local sock=${1} 92 local sock=${1}
93 local lan=${2} 93 local lan=${2}
94 local lan_mode=${3} 94 local lan_mode=${3}
95 local wan=${4} 95 local wan=${4}
96 local wan_mode=${5} 96 local wan_mode=${5}
97 97
98 rump_server_add_iface $sock shmif0 bus0 98 rump_server_add_iface $sock shmif0 bus0
99 rump_server_add_iface $sock shmif1 bus1 99 rump_server_add_iface $sock shmif1 bus1
100 100
101 export RUMP_SERVER=${sock} 101 export RUMP_SERVER=${sock}
102 if [ ${lan_mode} = "ipv6" ]; then 102 if [ ${lan_mode} = "ipv6" ]; then
103 atf_check -s exit:0 rump.ifconfig shmif0 inet6 ${lan} 103 atf_check -s exit:0 rump.ifconfig shmif0 inet6 ${lan}
104 else 104 else
105 atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00 105 atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00
106 fi 106 fi
107 atf_check -s exit:0 rump.ifconfig shmif0 up 107 atf_check -s exit:0 rump.ifconfig shmif0 up
108 rump.ifconfig shmif0 108 rump.ifconfig shmif0
109 109
110 if [ ${wan_mode} = "ipv6" ]; then 110 if [ ${wan_mode} = "ipv6" ]; then
111 atf_check -s exit:0 rump.ifconfig shmif1 inet6 ${wan} 111 atf_check -s exit:0 rump.ifconfig shmif1 inet6 ${wan}
112 else 112 else
113 atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000 113 atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000
114 fi 114 fi
115 atf_check -s exit:0 rump.ifconfig shmif1 up 115 atf_check -s exit:0 rump.ifconfig shmif1 up
116 rump.ifconfig shmif1 116 rump.ifconfig shmif1
117 unset RUMP_SERVER 117 unset RUMP_SERVER
118} 118}
119 119
120test_router() 120test_router()
121{ 121{
122 local sock=${1} 122 local sock=${1}
123 local lan=${2} 123 local lan=${2}
124 local lan_mode=${3} 124 local lan_mode=${3}
125 local wan=${4} 125 local wan=${4}
126 local wan_mode=${5} 126 local wan_mode=${5}
127 127
128 export RUMP_SERVER=${sock} 128 export RUMP_SERVER=${sock}
129 atf_check -s exit:0 -o match:shmif0 rump.ifconfig 129 atf_check -s exit:0 -o match:shmif0 rump.ifconfig
130 if [ ${lan_mode} = "ipv6" ]; then 130 if [ ${lan_mode} = "ipv6" ]; then
131 atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${lan} 131 atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${lan}
132 else 132 else
133 atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan} 133 atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan}
134 fi 134 fi
135 135
136 atf_check -s exit:0 -o match:shmif1 rump.ifconfig 136 atf_check -s exit:0 -o match:shmif1 rump.ifconfig
137 if [ ${wan_mode} = "ipv6" ]; then 137 if [ ${wan_mode} = "ipv6" ]; then
138 atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${wan} 138 atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${wan}
139 else 139 else
140 atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan} 140 atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan}
141 fi 141 fi
142 unset RUMP_SERVER 142 unset RUMP_SERVER
143} 143}
144 144
145setup() 145setup()
146{ 146{
147 local inner=${1} 147 local inner=${1}
148 local outer=${2} 148 local outer=${2}
149 149
150 rump_server_crypto_start $SOCK1 netipsec netinet6 ipsec 150 rump_server_crypto_start $SOCK1 netipsec netinet6 ipsec
151 rump_server_crypto_start $SOCK2 netipsec netinet6 ipsec 151 rump_server_crypto_start $SOCK2 netipsec netinet6 ipsec
152 152
153 router1_lan="" 153 router1_lan=""
154 router1_lan_mode="" 154 router1_lan_mode=""
155 router2_lan="" 155 router2_lan=""
156 router2_lan_mode="" 156 router2_lan_mode=""
157 if [ ${inner} = "ipv6" ]; then 157 if [ ${inner} = "ipv6" ]; then
158 router1_lan=$ROUTER1_LANIP6 158 router1_lan=$ROUTER1_LANIP6
159 router1_lan_mode="ipv6" 159 router1_lan_mode="ipv6"
160 router2_lan=$ROUTER2_LANIP6 160 router2_lan=$ROUTER2_LANIP6
161 router2_lan_mode="ipv6" 161 router2_lan_mode="ipv6"
162 else 162 else
163 router1_lan=$ROUTER1_LANIP 163 router1_lan=$ROUTER1_LANIP
164 router1_lan_mode="ipv4" 164 router1_lan_mode="ipv4"
165 router2_lan=$ROUTER2_LANIP 165 router2_lan=$ROUTER2_LANIP
166 router2_lan_mode="ipv4" 166 router2_lan_mode="ipv4"
167 fi 167 fi
168 168
169 if [ ${outer} = "ipv6" ]; then 169 if [ ${outer} = "ipv6" ]; then
170 setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 170 setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \
171 $ROUTER1_WANIP6 ipv6 171 $ROUTER1_WANIP6 ipv6
172 setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 172 setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \
173 $ROUTER2_WANIP6 ipv6 173 $ROUTER2_WANIP6 ipv6
174 else 174 else
175 setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 175 setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \
176 $ROUTER1_WANIP ipv4 176 $ROUTER1_WANIP ipv4
177 setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 177 setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \
178 $ROUTER2_WANIP ipv4 178 $ROUTER2_WANIP ipv4
179 fi 179 fi
180} 180}
181 181
182test_setup() 182test_setup()
183{ 183{
184 local inner=${1} 184 local inner=${1}
185 local outer=${2} 185 local outer=${2}
186 186
187 local router1_lan="" 187 local router1_lan=""
188 local router1_lan_mode="" 188 local router1_lan_mode=""
189 local router2_lan="" 189 local router2_lan=""
190 local router2_lan_mode="" 190 local router2_lan_mode=""
191 if [ ${inner} = "ipv6" ]; then 191 if [ ${inner} = "ipv6" ]; then
192 router1_lan=$ROUTER1_LANIP6 192 router1_lan=$ROUTER1_LANIP6
193 router1_lan_mode="ipv6" 193 router1_lan_mode="ipv6"
194 router2_lan=$ROUTER2_LANIP6 194 router2_lan=$ROUTER2_LANIP6
195 router2_lan_mode="ipv6" 195 router2_lan_mode="ipv6"
196 else 196 else
197 router1_lan=$ROUTER1_LANIP 197 router1_lan=$ROUTER1_LANIP
198 router1_lan_mode="ipv4" 198 router1_lan_mode="ipv4"
199 router2_lan=$ROUTER2_LANIP 199 router2_lan=$ROUTER2_LANIP
200 router2_lan_mode="ipv4" 200 router2_lan_mode="ipv4"
201 fi 201 fi
202 if [ ${outer} = "ipv6" ]; then 202 if [ ${outer} = "ipv6" ]; then
203 test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 203 test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \
204 $ROUTER1_WANIP6 ipv6 204 $ROUTER1_WANIP6 ipv6
205 test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 205 test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \
206 $ROUTER2_WANIP6 ipv6 206 $ROUTER2_WANIP6 ipv6
207 else 207 else
208 test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ 208 test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \
209 $ROUTER1_WANIP ipv4 209 $ROUTER1_WANIP ipv4
210 test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ 210 test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \
211 $ROUTER2_WANIP ipv4 211 $ROUTER2_WANIP ipv4
212 fi 212 fi
213} 213}
214 214
215get_if_ipsec_unique() 215get_if_ipsec_unique()
216{ 216{
217 local sock=${1} 217 local sock=${1}
218 local src=${2} 218 local src=${2}
219 local proto=${3} 219 local proto=${3}
220 local unique="" 220 local unique=""
221 221
222 export RUMP_SERVER=${sock} 222 export RUMP_SERVER=${sock}
223 unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'` 223 unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'`
224 unset RUMP_SERVER 224 unset RUMP_SERVER
225 225
226 echo $unique 226 echo $unique
227} 227}
228 228
229setup_if_ipsec() 229setup_if_ipsec()
230{ 230{
231 local sock=${1} 231 local sock=${1}
232 local addr=${2} 232 local addr=${2}
233 local remote=${3} 233 local remote=${3}
234 local inner=${4} 234 local inner=${4}
235 local src=${5} 235 local src=${5}
236 local dst=${6} 236 local dst=${6}
237 local peernet=${7} 237 local peernet=${7}
238 238
239 export RUMP_SERVER=${sock} 239 export RUMP_SERVER=${sock}
240 atf_check -s exit:0 rump.ifconfig ipsec0 create 240 atf_check -s exit:0 rump.ifconfig ipsec0 create
241 atf_check -s exit:0 rump.ifconfig ipsec0 tunnel ${src} ${dst} 241 atf_check -s exit:0 rump.ifconfig ipsec0 tunnel ${src} ${dst}
242 if [ ${inner} = "ipv6" ]; then 242 if [ ${inner} = "ipv6" ]; then
243 atf_check -s exit:0 rump.ifconfig ipsec0 inet6 ${addr}/128 ${remote} 243 atf_check -s exit:0 rump.ifconfig ipsec0 inet6 ${addr}/128 ${remote}
244 atf_check -s exit:0 -o ignore rump.route add -inet6 ${peernet} ${addr} 244 atf_check -s exit:0 -o ignore rump.route add -inet6 ${peernet} ${addr}
245 else 245 else
246 atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 ${remote} 246 atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 ${remote}
247 atf_check -s exit:0 -o ignore rump.route add -inet ${peernet} ${addr} 247 atf_check -s exit:0 -o ignore rump.route add -inet ${peernet} ${addr}
248 fi 248 fi
249 249
250 rump.ifconfig ipsec0 250 rump.ifconfig ipsec0
251 rump.route -nL show 251 rump.route -nL show
252} 252}
253 253
254setup_if_ipsec_sa() 254setup_if_ipsec_sa()
255{ 255{
256 local sock=${1} 256 local sock=${1}
257 local src=${2} 257 local src=${2}
258 local dst=${3} 258 local dst=${3}
259 local mode=${4} 259 local mode=${4}
260 local proto=${5} 260 local proto=${5}
261 local algo=${6} 261 local algo=${6}
262 local dir=${7} 262 local dir=${7}
263 263
264 local tmpfile=./tmp 264 local tmpfile=./tmp
265 local inunique="" 265 local inunique=""
266 local outunique="" 266 local outunique=""
267 local inid="" 267 local inid=""
268 local outid="" 268 local outid=""
269 local algo_args="$(generate_algo_args $proto $algo)" 269 local algo_args="$(generate_algo_args $proto $algo)"
270 270
271 inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` 271 inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}`
 272 atf_check -s exit:0 test "X$inunique" != "X"
272 outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` 273 outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}`
 274 atf_check -s exit:0 test "X$outunique" != "X"
273 275
274 if [ ${dir} = "1to2" ] ; then 276 if [ ${dir} = "1to2" ] ; then
275 if [ ${mode} = "ipv6" ] ; then 277 if [ ${mode} = "ipv6" ] ; then
276 inid="10010" 278 inid="10010"
277 outid="10011" 279 outid="10011"
278 else 280 else
279 inid="10000" 281 inid="10000"
280 outid="10001" 282 outid="10001"
281 fi 283 fi
282 else 284 else
283 if [ ${mode} = "ipv6" ] ; then 285 if [ ${mode} = "ipv6" ] ; then
284 inid="10011" 286 inid="10011"
285 outid="10010" 287 outid="10010"
286 else 288 else
287 inid="10001" 289 inid="10001"
288 outid="10000" 290 outid="10000"
289 fi 291 fi
290 fi 292 fi
291 293
292 cat > $tmpfile <<-EOF 294 cat > $tmpfile <<-EOF
293 add $dst $src $proto $inid -u $inunique $algo_args; 295 add $dst $src $proto $inid -u $inunique $algo_args;
294 add $src $dst $proto $outid -u $outunique $algo_args; 296 add $src $dst $proto $outid -u $outunique $algo_args;
295 EOF 297 EOF
296 $DEBUG && cat $tmpfile 298 $DEBUG && cat $tmpfile
297 export RUMP_SERVER=$sock 299 export RUMP_SERVER=$sock
298 atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 300 atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
299 $DEBUG && $HIJACKING setkey -D 301 $DEBUG && $HIJACKING setkey -D
300 $DEBUG && $HIJACKING setkey -DP 302 $DEBUG && $HIJACKING setkey -DP
301 unset RUMP_SERVER 303 unset RUMP_SERVER
302} 304}
303 305
304setup_tunnel() 306setup_tunnel()
305{ 307{
306 local inner=${1} 308 local inner=${1}
307 local outer=${2} 309 local outer=${2}
308 local proto=${3} 310 local proto=${3}
309 local algo=${4} 311 local algo=${4}
310 312
311 local addr="" 313 local addr=""
312 local remote="" 314 local remote=""
313 local src="" 315 local src=""
314 local dst="" 316 local dst=""
315 local peernet="" 317 local peernet=""
316 318
317 if [ ${inner} = "ipv6" ]; then 319 if [ ${inner} = "ipv6" ]; then
318 addr=$ROUTER1_IPSECIP6 320 addr=$ROUTER1_IPSECIP6
319 remote=$ROUTER2_IPSECIP6 321 remote=$ROUTER2_IPSECIP6
320 peernet=$ROUTER2_LANNET6 322 peernet=$ROUTER2_LANNET6
321 else 323 else
322 addr=$ROUTER1_IPSECIP 324 addr=$ROUTER1_IPSECIP
323 remote=$ROUTER2_IPSECIP 325 remote=$ROUTER2_IPSECIP
324 peernet=$ROUTER2_LANNET 326 peernet=$ROUTER2_LANNET
325 fi 327 fi
326 if [ ${outer} = "ipv6" ]; then 328 if [ ${outer} = "ipv6" ]; then
327 src=$ROUTER1_WANIP6 329 src=$ROUTER1_WANIP6
328 dst=$ROUTER2_WANIP6 330 dst=$ROUTER2_WANIP6
329 else 331 else
330 src=$ROUTER1_WANIP 332 src=$ROUTER1_WANIP
331 dst=$ROUTER2_WANIP 333 dst=$ROUTER2_WANIP
332 fi 334 fi
333 setup_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ 335 setup_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \
334 ${src} ${dst} ${peernet} 336 ${src} ${dst} ${peernet}
335 337
336 if [ $inner = "ipv6" -a $outer = "ipv4" ]; then 338 if [ $inner = "ipv6" -a $outer = "ipv4" ]; then
337 setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${outer} ${proto} ${algo} "1to2" 339 setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${outer} ${proto} ${algo} "1to2"
338 fi 340 fi
339 setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" 341 setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2"
340 342
341 if [ $inner = "ipv6" ]; then 343 if [ $inner = "ipv6" ]; then
342 addr=$ROUTER2_IPSECIP6 344 addr=$ROUTER2_IPSECIP6
343 remote=$ROUTER1_IPSECIP6 345 remote=$ROUTER1_IPSECIP6
344 peernet=$ROUTER1_LANNET6 346 peernet=$ROUTER1_LANNET6
345 else 347 else
346 addr=$ROUTER2_IPSECIP 348 addr=$ROUTER2_IPSECIP
347 remote=$ROUTER1_IPSECIP 349 remote=$ROUTER1_IPSECIP
348 peernet=$ROUTER1_LANNET 350 peernet=$ROUTER1_LANNET
349 fi 351 fi
350 if [ $outer = "ipv6" ]; then 352 if [ $outer = "ipv6" ]; then
351 src=$ROUTER2_WANIP6 353 src=$ROUTER2_WANIP6
352 dst=$ROUTER1_WANIP6 354 dst=$ROUTER1_WANIP6
353 else 355 else
354 src=$ROUTER2_WANIP 356 src=$ROUTER2_WANIP
355 dst=$ROUTER1_WANIP 357 dst=$ROUTER1_WANIP
356 fi 358 fi
357 setup_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ 359 setup_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \
358 ${src} ${dst} ${peernet} ${proto} ${algo} 360 ${src} ${dst} ${peernet} ${proto} ${algo}
359 if [ $inner = "ipv6" -a $outer = "ipv4" ]; then 361 if [ $inner = "ipv6" -a $outer = "ipv4" ]; then
360 setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${outer} ${proto} ${algo} "2to1" 362 setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${outer} ${proto} ${algo} "2to1"
361 fi 363 fi
362 setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" 364 setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1"
363} 365}
364 366
365test_setup_tunnel() 367test_setup_tunnel()
366{ 368{
367 local mode=${1} 369 local mode=${1}
368 370
369 local peernet="" 371 local peernet=""
370 local opt="" 372 local opt=""
371 if [ ${mode} = "ipv6" ]; then 373 if [ ${mode} = "ipv6" ]; then
372 peernet=$ROUTER2_LANNET6 374 peernet=$ROUTER2_LANNET6
373 opt="-inet6" 375 opt="-inet6"
374 else 376 else
375 peernet=$ROUTER2_LANNET 377 peernet=$ROUTER2_LANNET
376 opt="-inet" 378 opt="-inet"
377 fi 379 fi
378 export RUMP_SERVER=$SOCK1 380 export RUMP_SERVER=$SOCK1
379 atf_check -s exit:0 -o match:ipsec0 rump.ifconfig 381 atf_check -s exit:0 -o match:ipsec0 rump.ifconfig
380 atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} 382 atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet}
381 383
382 if [ ${mode} = "ipv6" ]; then 384 if [ ${mode} = "ipv6" ]; then
383 peernet=$ROUTER1_LANNET6 385 peernet=$ROUTER1_LANNET6
384 opt="-inet6" 386 opt="-inet6"
385 else 387 else
386 peernet=$ROUTER1_LANNET 388 peernet=$ROUTER1_LANNET
387 opt="-inet" 389 opt="-inet"
388 fi 390 fi
389 export RUMP_SERVER=$SOCK2 391 export RUMP_SERVER=$SOCK2
390 atf_check -s exit:0 -o match:ipsec0 rump.ifconfig 392 atf_check -s exit:0 -o match:ipsec0 rump.ifconfig
391 atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} 393 atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet}
392} 394}
393 395
394teardown_tunnel() 396teardown_tunnel()
395{ 397{
396 export RUMP_SERVER=$SOCK1 398 export RUMP_SERVER=$SOCK1
397 atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel 399 atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel
398 atf_check -s exit:0 rump.ifconfig ipsec0 destroy 400 atf_check -s exit:0 rump.ifconfig ipsec0 destroy
399 $HIJACKING setkey -F 401 $HIJACKING setkey -F
400 402
401 export RUMP_SERVER=$SOCK2 403 export RUMP_SERVER=$SOCK2
402 atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel 404 atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel
403 atf_check -s exit:0 rump.ifconfig ipsec0 destroy 405 atf_check -s exit:0 rump.ifconfig ipsec0 destroy
404 $HIJACKING setkey -F 406 $HIJACKING setkey -F
405 407
406 unset RUMP_SERVER 408 unset RUMP_SERVER
407} 409}
408 410
409setup_dummy_if_ipsec() 411setup_dummy_if_ipsec()
410{ 412{
411 local sock=${1} 413 local sock=${1}
412 local addr=${2} 414 local addr=${2}
413 local remote=${3} 415 local remote=${3}
414 local inner=${4} 416 local inner=${4}
415 local src=${5} 417 local src=${5}
416 local dst=${6} 418 local dst=${6}
417 419
418 export RUMP_SERVER=${sock} 420 export RUMP_SERVER=${sock}
419 atf_check -s exit:0 rump.ifconfig ipsec1 create 421 atf_check -s exit:0 rump.ifconfig ipsec1 create
420 atf_check -s exit:0 rump.ifconfig ipsec1 tunnel ${src} ${dst} 422 atf_check -s exit:0 rump.ifconfig ipsec1 tunnel ${src} ${dst}
421 if [ ${inner} = "ipv6" ]; then 423 if [ ${inner} = "ipv6" ]; then
422 atf_check -s exit:0 rump.ifconfig ipsec1 inet6 ${addr}/128 ${remote} 424 atf_check -s exit:0 rump.ifconfig ipsec1 inet6 ${addr}/128 ${remote}
423 else 425 else
424 atf_check -s exit:0 rump.ifconfig ipsec1 inet ${addr}/32 ${remote} 426 atf_check -s exit:0 rump.ifconfig ipsec1 inet ${addr}/32 ${remote}
425 fi 427 fi
426 428
427 rump.ifconfig ipsec1 429 rump.ifconfig ipsec1
428 unset RUMP_SERVER 430 unset RUMP_SERVER
429} 431}
430 432
431setup_dummy_if_ipsec_sa() 433setup_dummy_if_ipsec_sa()
432{ 434{
433 local sock=${1} 435 local sock=${1}
434 local src=${2} 436 local src=${2}
435 local dst=${3} 437 local dst=${3}
436 local mode=${4} 438 local mode=${4}
437 local proto=${5} 439 local proto=${5}
438 local algo=${6} 440 local algo=${6}
439 local dir=${7} 441 local dir=${7}
440 442
441 local tmpfile=./tmp 443 local tmpfile=./tmp
442 local inunique="" 444 local inunique=""
443 local outunique="" 445 local outunique=""
444 local inid="" 446 local inid=""
445 local outid="" 447 local outid=""
446 local algo_args="$(generate_algo_args $proto $algo)" 448 local algo_args="$(generate_algo_args $proto $algo)"
447 449
448 inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` 450 inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}`
 451 atf_check -s exit:0 test "X$inunique" != "X"
449 outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` 452 outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}`
 453 atf_check -s exit:0 test "X$outunique" != "X"
450 454
451 if [ ${dir} = "1to2" ] ; then 455 if [ ${dir} = "1to2" ] ; then
452 inid="20000" 456 inid="20000"
453 outid="20001" 457 outid="20001"
454 else 458 else
455 inid="20001" 459 inid="20001"
456 outid="20000" 460 outid="20000"
457 fi 461 fi
458 462
459 cat > $tmpfile <<-EOF 463 cat > $tmpfile <<-EOF
460 add $dst $src $proto $inid -u $inunique $algo_args; 464 add $dst $src $proto $inid -u $inunique $algo_args;
461 add $src $dst $proto $outid -u $outunique $algo_args; 465 add $src $dst $proto $outid -u $outunique $algo_args;
462 EOF 466 EOF
463 $DEBUG && cat $tmpfile 467 $DEBUG && cat $tmpfile
464 export RUMP_SERVER=$sock 468 export RUMP_SERVER=$sock
465 atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 469 atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
466 $DEBUG && $HIJACKING setkey -D 470 $DEBUG && $HIJACKING setkey -D
467 $DEBUG && $HIJACKING setkey -DP 471 $DEBUG && $HIJACKING setkey -DP
468 unset RUMP_SERVER 472 unset RUMP_SERVER
469} 473}
470 474
471setup_dummy_tunnel() 475setup_dummy_tunnel()
472{ 476{
473 local inner=${1} 477 local inner=${1}
474 local outer=${2} 478 local outer=${2}
475 local proto=${3} 479 local proto=${3}
476 local algo=${4} 480 local algo=${4}
477 481
478 local addr="" 482 local addr=""
479 local remote="" 483 local remote=""
480 local src="" 484 local src=""
481 local dst="" 485 local dst=""
482 486
483 if [ ${inner} = "ipv6" ]; then 487 if [ ${inner} = "ipv6" ]; then
484 addr=$ROUTER1_IPSECIP6_DUMMY 488 addr=$ROUTER1_IPSECIP6_DUMMY
485 remote=$ROUTER2_IPSECIP6_DUMMY 489 remote=$ROUTER2_IPSECIP6_DUMMY
486 else 490 else
487 addr=$ROUTER1_IPSECIP_DUMMY 491 addr=$ROUTER1_IPSECIP_DUMMY
488 remote=$ROUTER2_IPSECIP_DUMMY 492 remote=$ROUTER2_IPSECIP_DUMMY
489 fi 493 fi
490 if [ ${outer} = "ipv6" ]; then 494 if [ ${outer} = "ipv6" ]; then
491 src=$ROUTER1_WANIP6_DUMMY 495 src=$ROUTER1_WANIP6_DUMMY
492 dst=$ROUTER2_WANIP6_DUMMY 496 dst=$ROUTER2_WANIP6_DUMMY
493 else 497 else
494 src=$ROUTER1_WANIP_DUMMY 498 src=$ROUTER1_WANIP_DUMMY
495 dst=$ROUTER2_WANIP_DUMMY 499 dst=$ROUTER2_WANIP_DUMMY
496 fi 500 fi
497 setup_dummy_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ 501 setup_dummy_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \
498 ${src} ${dst} ${proto} ${algo} "1to2" 502 ${src} ${dst} ${proto} ${algo} "1to2"
499 setup_dummy_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" 503 setup_dummy_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2"
500 504
501 if [ $inner = "ipv6" ]; then 505 if [ $inner = "ipv6" ]; then
502 addr=$ROUTER2_IPSECIP6_DUMMY 506 addr=$ROUTER2_IPSECIP6_DUMMY
503 remote=$ROUTER1_IPSECIP6_DUMMY 507 remote=$ROUTER1_IPSECIP6_DUMMY
504 else 508 else
505 addr=$ROUTER2_IPSECIP_DUMMY 509 addr=$ROUTER2_IPSECIP_DUMMY
506 remote=$ROUTER1_IPSECIP_DUMMY 510 remote=$ROUTER1_IPSECIP_DUMMY
507 fi 511 fi
508 if [ $outer = "ipv6" ]; then 512 if [ $outer = "ipv6" ]; then
509 src=$ROUTER2_WANIP6_DUMMY 513 src=$ROUTER2_WANIP6_DUMMY
510 dst=$ROUTER1_WANIP6_DUMMY 514 dst=$ROUTER1_WANIP6_DUMMY
511 else 515 else
512 src=$ROUTER2_WANIP_DUMMY 516 src=$ROUTER2_WANIP_DUMMY
513 dst=$ROUTER1_WANIP_DUMMY 517 dst=$ROUTER1_WANIP_DUMMY
514 fi 518 fi
515 setup_dummy_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ 519 setup_dummy_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \
516 ${src} ${dst} ${proto} ${algo} "2to1" 520 ${src} ${dst} ${proto} ${algo} "2to1"
517 setup_dummy_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" 521 setup_dummy_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1"
518} 522}
519 523
520test_setup_dummy_tunnel() 524test_setup_dummy_tunnel()
521{ 525{
522 export RUMP_SERVER=$SOCK1 526 export RUMP_SERVER=$SOCK1
523 atf_check -s exit:0 -o match:ipsec1 rump.ifconfig 527 atf_check -s exit:0 -o match:ipsec1 rump.ifconfig
524 528
525 export RUMP_SERVER=$SOCK2 529 export RUMP_SERVER=$SOCK2
526 atf_check -s exit:0 -o match:ipsec1 rump.ifconfig 530 atf_check -s exit:0 -o match:ipsec1 rump.ifconfig
527 531
528 unset RUMP_SERVER 532 unset RUMP_SERVER
529} 533}
530 534
531teardown_dummy_tunnel() 535teardown_dummy_tunnel()
532{ 536{
533 export RUMP_SERVER=$SOCK1 537 export RUMP_SERVER=$SOCK1
534 atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel 538 atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel
535 atf_check -s exit:0 rump.ifconfig ipsec1 destroy 539 atf_check -s exit:0 rump.ifconfig ipsec1 destroy
536 540
537 export RUMP_SERVER=$SOCK2 541 export RUMP_SERVER=$SOCK2
538 atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel 542 atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel
539 atf_check -s exit:0 rump.ifconfig ipsec1 destroy 543 atf_check -s exit:0 rump.ifconfig ipsec1 destroy
540 544
541 unset RUMP_SERVER 545 unset RUMP_SERVER
542} 546}
543 547
544setup_recursive_if_ipsec() 548setup_recursive_if_ipsec()
545{ 549{
546 local sock=${1} 550 local sock=${1}
547 local ipsec=${2} 551 local ipsec=${2}
548 local addr=${3} 552 local addr=${3}
549 local remote=${4} 553 local remote=${4}
550 local inner=${5} 554 local inner=${5}
551 local src=${6} 555 local src=${6}
552 local dst=${7} 556 local dst=${7}
553 local proto=${8} 557 local proto=${8}
554 local algo=${9} 558 local algo=${9}
555 local dir=${10} 559 local dir=${10}
556 560
557 export RUMP_SERVER=${sock} 561 export RUMP_SERVER=${sock}
558 atf_check -s exit:0 rump.ifconfig ${ipsec} create 562 atf_check -s exit:0 rump.ifconfig ${ipsec} create
559 atf_check -s exit:0 rump.ifconfig ${ipsec} tunnel ${src} ${dst} 563 atf_check -s exit:0 rump.ifconfig ${ipsec} tunnel ${src} ${dst}
560 if [ ${inner} = "ipv6" ]; then 564 if [ ${inner} = "ipv6" ]; then
561 atf_check -s exit:0 rump.ifconfig ${ipsec} inet6 ${addr}/128 ${remote} 565 atf_check -s exit:0 rump.ifconfig ${ipsec} inet6 ${addr}/128 ${remote}
562 else 566 else
563 atf_check -s exit:0 rump.ifconfig ${ipsec} inet ${addr}/32 ${remote} 567 atf_check -s exit:0 rump.ifconfig ${ipsec} inet ${addr}/32 ${remote}
564 fi 568 fi
565 setup_if_ipsec_sa $sock ${src} ${dst} ${inner} ${proto} ${algo} ${dir} 569 setup_if_ipsec_sa $sock ${src} ${dst} ${inner} ${proto} ${algo} ${dir}
566 570
567 export RUMP_SERVER=${sock} 571 export RUMP_SERVER=${sock}
568 rump.ifconfig ${ipsec} 572 rump.ifconfig ${ipsec}
569 unset RUMP_SERVER 573 unset RUMP_SERVER
570} 574}
571 575
572# test in ROUTER1 only 576# test in ROUTER1 only
573setup_recursive_tunnels() 577setup_recursive_tunnels()
574{ 578{
575 local mode=${1} 579 local mode=${1}
576 local proto=${2} 580 local proto=${2}
577 local algo=${3} 581 local algo=${3}
578 582
579 local addr="" 583 local addr=""
580 local remote="" 584 local remote=""
581 local src="" 585 local src=""
582 local dst="" 586 local dst=""
583 587
584 if [ ${mode} = "ipv6" ]; then 588 if [ ${mode} = "ipv6" ]; then
585 addr=$ROUTER1_IPSECIP6_RECURSIVE1 589 addr=$ROUTER1_IPSECIP6_RECURSIVE1
586 remote=$ROUTER2_IPSECIP6_RECURSIVE1 590 remote=$ROUTER2_IPSECIP6_RECURSIVE1
587 src=$ROUTER1_IPSECIP6 591 src=$ROUTER1_IPSECIP6
588 dst=$ROUTER2_IPSECIP6 592 dst=$ROUTER2_IPSECIP6
589 else 593 else
590 addr=$ROUTER1_IPSECIP_RECURSIVE1 594 addr=$ROUTER1_IPSECIP_RECURSIVE1
591 remote=$ROUTER2_IPSECIP_RECURSIVE1 595 remote=$ROUTER2_IPSECIP_RECURSIVE1
592 src=$ROUTER1_IPSECIP 596 src=$ROUTER1_IPSECIP
593 dst=$ROUTER2_IPSECIP 597 dst=$ROUTER2_IPSECIP
594 fi 598 fi
595 setup_recursive_if_ipsec $SOCK1 ipsec1 ${addr} ${remote} ${mode} \ 599 setup_recursive_if_ipsec $SOCK1 ipsec1 ${addr} ${remote} ${mode} \
596 ${src} ${dst} ${proto} ${algo} "1to2" 600 ${src} ${dst} ${proto} ${algo} "1to2"
597 601
598 if [ ${mode} = "ipv6" ]; then 602 if [ ${mode} = "ipv6" ]; then
599 addr=$ROUTER1_IPSECIP6_RECURSIVE2 603 addr=$ROUTER1_IPSECIP6_RECURSIVE2
600 remote=$ROUTER2_IPSECIP6_RECURSIVE2 604 remote=$ROUTER2_IPSECIP6_RECURSIVE2
601 src=$ROUTER1_IPSECIP6_RECURSIVE1 605 src=$ROUTER1_IPSECIP6_RECURSIVE1
602 dst=$ROUTER2_IPSECIP6_RECURSIVE1 606 dst=$ROUTER2_IPSECIP6_RECURSIVE1
603 else 607 else
604 addr=$ROUTER1_IPSECIP_RECURSIVE2 608 addr=$ROUTER1_IPSECIP_RECURSIVE2
605 remote=$ROUTER2_IPSECIP_RECURSIVE2 609 remote=$ROUTER2_IPSECIP_RECURSIVE2
606 src=$ROUTER1_IPSECIP_RECURSIVE1 610 src=$ROUTER1_IPSECIP_RECURSIVE1
607 dst=$ROUTER2_IPSECIP_RECURSIVE1 611 dst=$ROUTER2_IPSECIP_RECURSIVE1
608 fi 612 fi
609 setup_recursive_if_ipsec $SOCK1 ipsec2 ${addr} ${remote} ${mode} \ 613 setup_recursive_if_ipsec $SOCK1 ipsec2 ${addr} ${remote} ${mode} \
610 ${src} ${dst} ${proto} ${algo} "1to2" 614 ${src} ${dst} ${proto} ${algo} "1to2"
611} 615}
612 616
613# test in router1 only 617# test in router1 only
614test_recursive_check() 618test_recursive_check()
615{ 619{
616 local mode=$1 620 local mode=$1
617 621
618 export RUMP_SERVER=$SOCK1 622 export RUMP_SERVER=$SOCK1
619 if [ ${mode} = "ipv6" ]; then 623 if [ ${mode} = "ipv6" ]; then
620 atf_check -s not-exit:0 -o ignore -e ignore \ 624 atf_check -s not-exit:0 -o ignore -e ignore \
621 rump.ping6 -n -X $TIMEOUT -c 1 $ROUTER2_IPSECIP6_RECURSIVE2 625 rump.ping6 -n -X $TIMEOUT -c 1 $ROUTER2_IPSECIP6_RECURSIVE2
622 else 626 else
623 atf_check -s not-exit:0 -o ignore -e ignore \ 627 atf_check -s not-exit:0 -o ignore -e ignore \
624 rump.ping -n -w $TIMEOUT -c 1 $ROUTER2_IPSECIP_RECURSIVE2 628 rump.ping -n -w $TIMEOUT -c 1 $ROUTER2_IPSECIP_RECURSIVE2
625 fi 629 fi
626 630
627 atf_check -o match:'ipsec0: recursively called too many times' \ 631 atf_check -o match:'ipsec0: recursively called too many times' \
628 -x "$HIJACKING dmesg" 632 -x "$HIJACKING dmesg"
629 633
630 $HIJACKING dmesg 634 $HIJACKING dmesg
631 635
632 unset RUMP_SERVER 636 unset RUMP_SERVER
633} 637}
634 638
635teardown_recursive_tunnels() 639teardown_recursive_tunnels()
636{ 640{
637 export RUMP_SERVER=$SOCK1 641 export RUMP_SERVER=$SOCK1
638 atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel 642 atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel
639 atf_check -s exit:0 rump.ifconfig ipsec1 destroy 643 atf_check -s exit:0 rump.ifconfig ipsec1 destroy
640 atf_check -s exit:0 rump.ifconfig ipsec2 deletetunnel 644 atf_check -s exit:0 rump.ifconfig ipsec2 deletetunnel
641 atf_check -s exit:0 rump.ifconfig ipsec2 destroy 645 atf_check -s exit:0 rump.ifconfig ipsec2 destroy
642 unset RUMP_SERVER 646 unset RUMP_SERVER
643} 647}
644 648
645test_ping_failure() 649test_ping_failure()
646{ 650{
647 local mode=$1 651 local mode=$1
648 652
649 export RUMP_SERVER=$SOCK1 653 export RUMP_SERVER=$SOCK1
650 if [ ${mode} = "ipv6" ]; then 654 if [ ${mode} = "ipv6" ]; then
651 atf_check -s not-exit:0 -o ignore -e ignore \ 655 atf_check -s not-exit:0 -o ignore -e ignore \
652 rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ 656 rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \
653 $ROUTER2_LANIP6 657 $ROUTER2_LANIP6
654 else 658 else
655 atf_check -s not-exit:0 -o ignore -e ignore \ 659 atf_check -s not-exit:0 -o ignore -e ignore \
656 rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 660 rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \
657 $ROUTER2_LANIP 661 $ROUTER2_LANIP
658 fi 662 fi
659 663
660 export RUMP_SERVER=$SOCK2 664 export RUMP_SERVER=$SOCK2
661 if [ ${mode} = "ipv6" ]; then 665 if [ ${mode} = "ipv6" ]; then
662 atf_check -s not-exit:0 -o ignore -e ignore \ 666 atf_check -s not-exit:0 -o ignore -e ignore \
663 rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ 667 rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \
664 $ROUTER1_LANIP6 668 $ROUTER1_LANIP6
665 else 669 else
666 atf_check -s not-exit:0 -o ignore -e ignore \ 670 atf_check -s not-exit:0 -o ignore -e ignore \
667 rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 671 rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \
668 $ROUTER2_LANIP 672 $ROUTER2_LANIP
669 fi 673 fi
670 674
671 unset RUMP_SERVER 675 unset RUMP_SERVER
672} 676}
673 677
674test_ping_success() 678test_ping_success()
675{ 679{
676 mode=$1 680 mode=$1
677 681
678 export RUMP_SERVER=$SOCK1 682 export RUMP_SERVER=$SOCK1
679 rump.ifconfig -v ipsec0 683 rump.ifconfig -v ipsec0
680 if [ ${mode} = "ipv6" ]; then 684 if [ ${mode} = "ipv6" ]; then
681 # XXX 685 # XXX
682 # rump.ping6 rarely fails with the message that 686 # rump.ping6 rarely fails with the message that
683 # "failed to get receiving hop limit". 687 # "failed to get receiving hop limit".
684 # This is a known issue being analyzed. 688 # This is a known issue being analyzed.
685 atf_check -s exit:0 -o ignore \ 689 atf_check -s exit:0 -o ignore \
686 rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ 690 rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \
687 $ROUTER2_LANIP6 691 $ROUTER2_LANIP6
688 else 692 else
689 atf_check -s exit:0 -o ignore \ 693 atf_check -s exit:0 -o ignore \
690 rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ 694 rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \
691 $ROUTER2_LANIP 695 $ROUTER2_LANIP
692 fi 696 fi
693 rump.ifconfig -v ipsec0 697 rump.ifconfig -v ipsec0
694 698
695 export RUMP_SERVER=$SOCK2 699 export RUMP_SERVER=$SOCK2
696 rump.ifconfig -v ipsec0 700 rump.ifconfig -v ipsec0
697 if [ ${mode} = "ipv6" ]; then 701 if [ ${mode} = "ipv6" ]; then
698 atf_check -s exit:0 -o ignore \ 702 atf_check -s exit:0 -o ignore \
699 rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ 703 rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \
700 $ROUTER1_LANIP6 704 $ROUTER1_LANIP6
701 else 705 else
702 atf_check -s exit:0 -o ignore \ 706 atf_check -s exit:0 -o ignore \
703 rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ 707 rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \
704 $ROUTER1_LANIP 708 $ROUTER1_LANIP
705 fi 709 fi
706 rump.ifconfig -v ipsec0 710 rump.ifconfig -v ipsec0
707 711
708 unset RUMP_SERVER 712 unset RUMP_SERVER
709} 713}
710 714
711test_change_tunnel_duplicate() 715test_change_tunnel_duplicate()
712{ 716{
713 local mode=$1 717 local mode=$1
714 718
715 local newsrc="" 719 local newsrc=""
716 local newdst="" 720 local newdst=""
717 if [ ${mode} = "ipv6" ]; then 721 if [ ${mode} = "ipv6" ]; then
718 newsrc=$ROUTER1_WANIP6_DUMMY 722 newsrc=$ROUTER1_WANIP6_DUMMY
719 newdst=$ROUTER2_WANIP6_DUMMY 723 newdst=$ROUTER2_WANIP6_DUMMY
720 else 724 else
721 newsrc=$ROUTER1_WANIP_DUMMY 725 newsrc=$ROUTER1_WANIP_DUMMY
722 newdst=$ROUTER2_WANIP_DUMMY 726 newdst=$ROUTER2_WANIP_DUMMY
723 fi 727 fi
724 export RUMP_SERVER=$SOCK1 728 export RUMP_SERVER=$SOCK1
725 rump.ifconfig -v ipsec0 729 rump.ifconfig -v ipsec0
726 rump.ifconfig -v ipsec1 730 rump.ifconfig -v ipsec1
727 atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ 731 atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \
728 rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 732 rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst}
729 rump.ifconfig -v ipsec0 733 rump.ifconfig -v ipsec0
730 rump.ifconfig -v ipsec1 734 rump.ifconfig -v ipsec1
731 735
732 if [ ${mode} = "ipv6" ]; then 736 if [ ${mode} = "ipv6" ]; then
733 newsrc=$ROUTER2_WANIP6_DUMMY 737 newsrc=$ROUTER2_WANIP6_DUMMY
734 newdst=$ROUTER1_WANIP6_DUMMY 738 newdst=$ROUTER1_WANIP6_DUMMY
735 else 739 else
736 newsrc=$ROUTER2_WANIP_DUMMY 740 newsrc=$ROUTER2_WANIP_DUMMY
737 newdst=$ROUTER1_WANIP_DUMMY 741 newdst=$ROUTER1_WANIP_DUMMY
738 fi 742 fi
739 export RUMP_SERVER=$SOCK2 743 export RUMP_SERVER=$SOCK2
740 rump.ifconfig -v ipsec0 744 rump.ifconfig -v ipsec0
741 rump.ifconfig -v ipsec1 745 rump.ifconfig -v ipsec1
742 atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ 746 atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \
743 rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 747 rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst}
744 rump.ifconfig -v ipsec0 748 rump.ifconfig -v ipsec0
745 rump.ifconfig -v ipsec1 749 rump.ifconfig -v ipsec1
746 750
747 unset RUMP_SERVER 751 unset RUMP_SERVER
748} 752}
749 753
750test_change_tunnel_success() 754test_change_tunnel_success()
751{ 755{
752 local mode=$1 756 local mode=$1
753 757
754 local newsrc="" 758 local newsrc=""
755 local newdst="" 759 local newdst=""
756 if [ ${mode} = "ipv6" ]; then 760 if [ ${mode} = "ipv6" ]; then
757 newsrc=$ROUTER1_WANIP6_DUMMY 761 newsrc=$ROUTER1_WANIP6_DUMMY
758 newdst=$ROUTER2_WANIP6_DUMMY 762 newdst=$ROUTER2_WANIP6_DUMMY
759 else 763 else
760 newsrc=$ROUTER1_WANIP_DUMMY 764 newsrc=$ROUTER1_WANIP_DUMMY
761 newdst=$ROUTER2_WANIP_DUMMY 765 newdst=$ROUTER2_WANIP_DUMMY
762 fi 766 fi
763 export RUMP_SERVER=$SOCK1 767 export RUMP_SERVER=$SOCK1
764 rump.ifconfig -v ipsec0 768 rump.ifconfig -v ipsec0
765 atf_check -s exit:0 \ 769 atf_check -s exit:0 \
766 rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 770 rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst}
767 rump.ifconfig -v ipsec0 771 rump.ifconfig -v ipsec0
768 772
769 if [ ${mode} = "ipv6" ]; then 773 if [ ${mode} = "ipv6" ]; then
770 newsrc=$ROUTER2_WANIP6_DUMMY 774 newsrc=$ROUTER2_WANIP6_DUMMY
771 newdst=$ROUTER1_WANIP6_DUMMY 775 newdst=$ROUTER1_WANIP6_DUMMY
772 else 776 else
773 newsrc=$ROUTER2_WANIP_DUMMY 777 newsrc=$ROUTER2_WANIP_DUMMY
774 newdst=$ROUTER1_WANIP_DUMMY 778 newdst=$ROUTER1_WANIP_DUMMY
775 fi 779 fi
776 export RUMP_SERVER=$SOCK2 780 export RUMP_SERVER=$SOCK2
777 rump.ifconfig -v ipsec0 781 rump.ifconfig -v ipsec0
778 atf_check -s exit:0 \ 782 atf_check -s exit:0 \
779 rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} 783 rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst}
780 rump.ifconfig -v ipsec0 784 rump.ifconfig -v ipsec0
781 785
782 unset RUMP_SERVER 786 unset RUMP_SERVER
783} 787}
784 788
785basic_setup() 789basic_setup()
786{ 790{
787 local inner=$1 791 local inner=$1
788 local outer=$2 792 local outer=$2
789 local proto=$3 793 local proto=$3
790 local algo=$4 794 local algo=$4
791 795
792 setup ${inner} ${outer} 796 setup ${inner} ${outer}
793 test_setup ${inner} ${outer} 797 test_setup ${inner} ${outer}
794 798
795 # Enable once PR kern/49219 is fixed 799 # Enable once PR kern/49219 is fixed
796 #test_ping_failure 800 #test_ping_failure
797 801
798 setup_tunnel ${inner} ${outer} ${proto} ${algo} 802 setup_tunnel ${inner} ${outer} ${proto} ${algo}
799 sleep 1 803 sleep 1
800 test_setup_tunnel ${inner} 804 test_setup_tunnel ${inner}
801} 805}
802 806
803basic_test() 807basic_test()
804{ 808{
805 local inner=$1 809 local inner=$1
806 local outer=$2 # not use 810 local outer=$2 # not use
807 811
808 test_ping_success ${inner} 812 test_ping_success ${inner}
809} 813}
810 814
811basic_teardown() 815basic_teardown()
812{ 816{
813 local inner=$1 817 local inner=$1
814 local outer=$2 # not use 818 local outer=$2 # not use
815 819
816 teardown_tunnel 820 teardown_tunnel
817 test_ping_failure ${inner} 821 test_ping_failure ${inner}
818} 822}
819 823
820ioctl_setup() 824ioctl_setup()
821{ 825{
822 local inner=$1 826 local inner=$1
823 local outer=$2 827 local outer=$2
824 local proto=$3 828 local proto=$3
825 local algo=$4 829 local algo=$4
826 830
827 setup ${inner} ${outer} 831 setup ${inner} ${outer}
828 test_setup ${inner} ${outer} 832 test_setup ${inner} ${outer}
829 833
830 # Enable once PR kern/49219 is fixed 834 # Enable once PR kern/49219 is fixed
831 #test_ping_failure 835 #test_ping_failure
832 836
833 setup_tunnel ${inner} ${outer} ${proto} ${algo} 837 setup_tunnel ${inner} ${outer} ${proto} ${algo}
834 setup_dummy_tunnel ${inner} ${outer} ${proto} ${algo} 838 setup_dummy_tunnel ${inner} ${outer} ${proto} ${algo}
835 sleep 1 839 sleep 1
836 test_setup_tunnel ${inner} 840 test_setup_tunnel ${inner}
837} 841}
838 842
839ioctl_test() 843ioctl_test()
840{ 844{
841 local inner=$1 845 local inner=$1
842 local outer=$2 846 local outer=$2
843 847
844 test_ping_success ${inner} 848 test_ping_success ${inner}
845 849
846 test_change_tunnel_duplicate ${outer} 850 test_change_tunnel_duplicate ${outer}
847 851
848 teardown_dummy_tunnel 852 teardown_dummy_tunnel
849 test_change_tunnel_success ${outer} 853 test_change_tunnel_success ${outer}
850} 854}
851 855
852ioctl_teardown() 856ioctl_teardown()
853{ 857{
854 local inner=$1 858 local inner=$1
855 local outer=$2 # not use 859 local outer=$2 # not use
856 860
857 teardown_tunnel 861 teardown_tunnel
858 test_ping_failure ${inner} 862 test_ping_failure ${inner}
859} 863}
860 864
861recursive_setup() 865recursive_setup()
862{ 866{
863 local inner=$1 867 local inner=$1
864 local outer=$2 868 local outer=$2
865 local proto=$3 869 local proto=$3
866 local algo=$4 870 local algo=$4
867 871
868 setup ${inner} ${outer} 872 setup ${inner} ${outer}
869 test_setup ${inner} ${outer} 873 test_setup ${inner} ${outer}
870 874
871 # Enable once PR kern/49219 is fixed 875 # Enable once PR kern/49219 is fixed
872 #test_ping_failure 876 #test_ping_failure
873 877
874 setup_tunnel ${inner} ${outer} ${proto} ${algo} 878 setup_tunnel ${inner} ${outer} ${proto} ${algo}
875 setup_recursive_tunnels ${inner} ${proto} ${algo} 879 setup_recursive_tunnels ${inner} ${proto} ${algo}
876 sleep 1 880 sleep 1
877 test_setup_tunnel ${inner} 881 test_setup_tunnel ${inner}
878} 882}
879 883
880recursive_test() 884recursive_test()
881{ 885{
882 local inner=$1 886 local inner=$1
883 local outer=$2 # not use 887 local outer=$2 # not use
884 888
885 test_recursive_check ${inner} 889 test_recursive_check ${inner}
886} 890}
887 891
888recursive_teardown() 892recursive_teardown()
889{ 893{
890 local inner=$1 # not use 894 local inner=$1 # not use
891 local outer=$2 # not use 895 local outer=$2 # not use
892 896
893 teardown_recursive_tunnels 897 teardown_recursive_tunnels
894 teardown_tunnel 898 teardown_tunnel
895} 899}
896 900
897add_test() 901add_test()
898{ 902{
899 local category=$1 903 local category=$1
900 local desc=$2 904 local desc=$2
901 local inner=$3 905 local inner=$3
902 local outer=$4 906 local outer=$4
903 local proto=$5 907 local proto=$5
904 local algo=$6 908 local algo=$6
905 local _algo=$(echo $algo | sed 's/-//g') 909 local _algo=$(echo $algo | sed 's/-//g')
906 910
907 name="ipsecif_${category}_${inner}over${outer}_${proto}_${_algo}" 911 name="ipsecif_${category}_${inner}over${outer}_${proto}_${_algo}"
908 fulldesc="Does ${inner} over ${outer} if_ipsec ${desc}" 912 fulldesc="Does ${inner} over ${outer} if_ipsec ${desc}"
909 913
910 atf_test_case ${name} cleanup 914 atf_test_case ${name} cleanup
911 eval "${name}_head() { 915 eval "${name}_head() {
912 atf_set descr \"${fulldesc}\" 916 atf_set descr \"${fulldesc}\"
913 atf_set require.progs rump_server setkey 917 atf_set require.progs rump_server setkey
914 } 918 }
915 ${name}_body() { 919 ${name}_body() {
916 ${category}_setup ${inner} ${outer} ${proto} ${algo} 920 ${category}_setup ${inner} ${outer} ${proto} ${algo}
917 ${category}_test ${inner} ${outer} 921 ${category}_test ${inner} ${outer}
918 ${category}_teardown ${inner} ${outer} 922 ${category}_teardown ${inner} ${outer}
919 rump_server_destroy_ifaces 923 rump_server_destroy_ifaces
920 } 924 }
921 ${name}_cleanup() { 925 ${name}_cleanup() {
922 \$DEBUG && dump 926 \$DEBUG && dump
923 cleanup 927 cleanup
924 }" 928 }"
925 atf_add_test_case ${name} 929 atf_add_test_case ${name}
926} 930}
927 931
928add_test_allproto() 932add_test_allproto()
929{ 933{
930 local category=$1 934 local category=$1
931 local desc=$2 935 local desc=$2
932 936
933 for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do 937 for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do
934 add_test ${category} "${desc}" ipv4 ipv4 esp $algo 938 add_test ${category} "${desc}" ipv4 ipv4 esp $algo
935 add_test ${category} "${desc}" ipv4 ipv6 esp $algo 939 add_test ${category} "${desc}" ipv4 ipv6 esp $algo
936 add_test ${category} "${desc}" ipv6 ipv4 esp $algo 940 add_test ${category} "${desc}" ipv6 ipv4 esp $algo
937 add_test ${category} "${desc}" ipv6 ipv6 esp $algo 941 add_test ${category} "${desc}" ipv6 ipv6 esp $algo
938 done 942 done
939 943
940 # ah does not support yet 944 # ah does not support yet
941} 945}
942 946
943atf_init_test_cases() 947atf_init_test_cases()
944{ 948{
945 949
946 atf_add_test_case ipsecif_create_destroy 950 atf_add_test_case ipsecif_create_destroy
947 951
948 add_test_allproto basic "basic tests" 952 add_test_allproto basic "basic tests"
949 add_test_allproto ioctl "ioctl tests" 953 add_test_allproto ioctl "ioctl tests"
950 add_test_allproto recursive "recursive check tests" 954 add_test_allproto recursive "recursive check tests"
951} 955}