| @@ -1,955 +1,955 @@ | | | @@ -1,955 +1,955 @@ |
1 | # $NetBSD: t_ipsec.sh,v 1.4 2018/03/13 03:50:26 knakahara Exp $ | | 1 | # $NetBSD: t_ipsec.sh,v 1.5 2018/12/25 03:28:29 knakahara Exp $ |
2 | # | | 2 | # |
3 | # Copyright (c) 2017 Internet Initiative Japan Inc. | | 3 | # Copyright (c) 2017 Internet Initiative Japan Inc. |
4 | # All rights reserved. | | 4 | # All rights reserved. |
5 | # | | 5 | # |
6 | # Redistribution and use in source and binary forms, with or without | | 6 | # Redistribution and use in source and binary forms, with or without |
7 | # modification, are permitted provided that the following conditions | | 7 | # modification, are permitted provided that the following conditions |
8 | # are met: | | 8 | # are met: |
9 | # 1. Redistributions of source code must retain the above copyright | | 9 | # 1. Redistributions of source code must retain the above copyright |
10 | # notice, this list of conditions and the following disclaimer. | | 10 | # notice, this list of conditions and the following disclaimer. |
11 | # 2. Redistributions in binary form must reproduce the above copyright | | 11 | # 2. Redistributions in binary form must reproduce the above copyright |
12 | # notice, this list of conditions and the following disclaimer in the | | 12 | # notice, this list of conditions and the following disclaimer in the |
13 | # documentation and/or other materials provided with the distribution. | | 13 | # documentation and/or other materials provided with the distribution. |
14 | # | | 14 | # |
15 | # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | | 15 | # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
16 | # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | | 16 | # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
17 | # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 17 | # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
18 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 18 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
19 | # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 19 | # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
20 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 20 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
21 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 21 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
22 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 22 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
23 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 23 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
24 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 24 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
25 | # POSSIBILITY OF SUCH DAMAGE. | | 25 | # POSSIBILITY OF SUCH DAMAGE. |
26 | # | | 26 | # |
27 | | | 27 | |
28 | SOCK1=unix://commsock1 # for ROUTER1 | | 28 | SOCK1=unix://commsock1 # for ROUTER1 |
29 | SOCK2=unix://commsock2 # for ROUTER2 | | 29 | SOCK2=unix://commsock2 # for ROUTER2 |
30 | ROUTER1_LANIP=192.168.1.1 | | 30 | ROUTER1_LANIP=192.168.1.1 |
31 | ROUTER1_LANNET=192.168.1.0/24 | | 31 | ROUTER1_LANNET=192.168.1.0/24 |
32 | ROUTER1_WANIP=10.0.0.1 | | 32 | ROUTER1_WANIP=10.0.0.1 |
33 | ROUTER1_IPSECIP=172.16.1.1 | | 33 | ROUTER1_IPSECIP=172.16.1.1 |
34 | ROUTER1_WANIP_DUMMY=10.0.0.11 | | 34 | ROUTER1_WANIP_DUMMY=10.0.0.11 |
35 | ROUTER1_IPSECIP_DUMMY=172.16.11.1 | | 35 | ROUTER1_IPSECIP_DUMMY=172.16.11.1 |
36 | ROUTER1_IPSECIP_RECURSIVE1=172.16.101.1 | | 36 | ROUTER1_IPSECIP_RECURSIVE1=172.16.101.1 |
37 | ROUTER1_IPSECIP_RECURSIVE2=172.16.201.1 | | 37 | ROUTER1_IPSECIP_RECURSIVE2=172.16.201.1 |
38 | ROUTER2_LANIP=192.168.2.1 | | 38 | ROUTER2_LANIP=192.168.2.1 |
39 | ROUTER2_LANNET=192.168.2.0/24 | | 39 | ROUTER2_LANNET=192.168.2.0/24 |
40 | ROUTER2_WANIP=10.0.0.2 | | 40 | ROUTER2_WANIP=10.0.0.2 |
41 | ROUTER2_IPSECIP=172.16.2.1 | | 41 | ROUTER2_IPSECIP=172.16.2.1 |
42 | ROUTER2_WANIP_DUMMY=10.0.0.12 | | 42 | ROUTER2_WANIP_DUMMY=10.0.0.12 |
43 | ROUTER2_IPSECIP_DUMMY=172.16.12.1 | | 43 | ROUTER2_IPSECIP_DUMMY=172.16.12.1 |
44 | ROUTER2_IPSECIP_RECURSIVE1=172.16.102.1 | | 44 | ROUTER2_IPSECIP_RECURSIVE1=172.16.102.1 |
45 | ROUTER2_IPSECIP_RECURSIVE2=172.16.202.1 | | 45 | ROUTER2_IPSECIP_RECURSIVE2=172.16.202.1 |
46 | | | 46 | |
47 | ROUTER1_LANIP6=fc00:1::1 | | 47 | ROUTER1_LANIP6=fc00:1::1 |
48 | ROUTER1_LANNET6=fc00:1::/64 | | 48 | ROUTER1_LANNET6=fc00:1::/64 |
49 | ROUTER1_WANIP6=fc00::1 | | 49 | ROUTER1_WANIP6=fc00::1 |
50 | ROUTER1_IPSECIP6=fc00:3::1 | | 50 | ROUTER1_IPSECIP6=fc00:3::1 |
51 | ROUTER1_WANIP6_DUMMY=fc00::11 | | 51 | ROUTER1_WANIP6_DUMMY=fc00::11 |
52 | ROUTER1_IPSECIP6_DUMMY=fc00:13::1 | | 52 | ROUTER1_IPSECIP6_DUMMY=fc00:13::1 |
53 | ROUTER1_IPSECIP6_RECURSIVE1=fc00:103::1 | | 53 | ROUTER1_IPSECIP6_RECURSIVE1=fc00:103::1 |
54 | ROUTER1_IPSECIP6_RECURSIVE2=fc00:203::1 | | 54 | ROUTER1_IPSECIP6_RECURSIVE2=fc00:203::1 |
55 | ROUTER2_LANIP6=fc00:2::1 | | 55 | ROUTER2_LANIP6=fc00:2::1 |
56 | ROUTER2_LANNET6=fc00:2::/64 | | 56 | ROUTER2_LANNET6=fc00:2::/64 |
57 | ROUTER2_WANIP6=fc00::2 | | 57 | ROUTER2_WANIP6=fc00::2 |
58 | ROUTER2_IPSECIP6=fc00:4::1 | | 58 | ROUTER2_IPSECIP6=fc00:4::1 |
59 | ROUTER2_WANIP6_DUMMY=fc00::12 | | 59 | ROUTER2_WANIP6_DUMMY=fc00::12 |
60 | ROUTER2_IPSECIP6_DUMMY=fc00:14::1 | | 60 | ROUTER2_IPSECIP6_DUMMY=fc00:14::1 |
61 | ROUTER2_IPSECIP6_RECURSIVE1=fc00:104::1 | | 61 | ROUTER2_IPSECIP6_RECURSIVE1=fc00:104::1 |
62 | ROUTER2_IPSECIP6_RECURSIVE2=fc00:204::1 | | 62 | ROUTER2_IPSECIP6_RECURSIVE2=fc00:204::1 |
63 | | | 63 | |
64 | DEBUG=${DEBUG:-false} | | 64 | DEBUG=${DEBUG:-false} |
65 | TIMEOUT=7 | | 65 | TIMEOUT=7 |
66 | | | 66 | |
67 | atf_test_case ipsecif_create_destroy cleanup | | 67 | atf_test_case ipsecif_create_destroy cleanup |
68 | ipsecif_create_destroy_head() | | 68 | ipsecif_create_destroy_head() |
69 | { | | 69 | { |
70 | | | 70 | |
71 | atf_set "descr" "Test creating/destroying gif interfaces" | | 71 | atf_set "descr" "Test creating/destroying gif interfaces" |
72 | atf_set "require.progs" "rump_server" | | 72 | atf_set "require.progs" "rump_server" |
73 | } | | 73 | } |
74 | | | 74 | |
75 | ipsecif_create_destroy_body() | | 75 | ipsecif_create_destroy_body() |
76 | { | | 76 | { |
77 | | | 77 | |
78 | rump_server_start $SOCK1 ipsec | | 78 | rump_server_start $SOCK1 ipsec |
79 | | | 79 | |
80 | test_create_destroy_common $SOCK1 ipsec0 | | 80 | test_create_destroy_common $SOCK1 ipsec0 |
81 | } | | 81 | } |
82 | | | 82 | |
83 | ipsecif_create_destroy_cleanup() | | 83 | ipsecif_create_destroy_cleanup() |
84 | { | | 84 | { |
85 | | | 85 | |
86 | $DEBUG && dump | | 86 | $DEBUG && dump |
87 | cleanup | | 87 | cleanup |
88 | } | | 88 | } |
89 | | | 89 | |
90 | setup_router() | | 90 | setup_router() |
91 | { | | 91 | { |
92 | local sock=${1} | | 92 | local sock=${1} |
93 | local lan=${2} | | 93 | local lan=${2} |
94 | local lan_mode=${3} | | 94 | local lan_mode=${3} |
95 | local wan=${4} | | 95 | local wan=${4} |
96 | local wan_mode=${5} | | 96 | local wan_mode=${5} |
97 | | | 97 | |
98 | rump_server_add_iface $sock shmif0 bus0 | | 98 | rump_server_add_iface $sock shmif0 bus0 |
99 | rump_server_add_iface $sock shmif1 bus1 | | 99 | rump_server_add_iface $sock shmif1 bus1 |
100 | | | 100 | |
101 | export RUMP_SERVER=${sock} | | 101 | export RUMP_SERVER=${sock} |
102 | if [ ${lan_mode} = "ipv6" ]; then | | 102 | if [ ${lan_mode} = "ipv6" ]; then |
103 | atf_check -s exit:0 rump.ifconfig shmif0 inet6 ${lan} | | 103 | atf_check -s exit:0 rump.ifconfig shmif0 inet6 ${lan} |
104 | else | | 104 | else |
105 | atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00 | | 105 | atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00 |
106 | fi | | 106 | fi |
107 | atf_check -s exit:0 rump.ifconfig shmif0 up | | 107 | atf_check -s exit:0 rump.ifconfig shmif0 up |
108 | rump.ifconfig shmif0 | | 108 | $DEBUG && rump.ifconfig shmif0 |
109 | | | 109 | |
110 | if [ ${wan_mode} = "ipv6" ]; then | | 110 | if [ ${wan_mode} = "ipv6" ]; then |
111 | atf_check -s exit:0 rump.ifconfig shmif1 inet6 ${wan} | | 111 | atf_check -s exit:0 rump.ifconfig shmif1 inet6 ${wan} |
112 | else | | 112 | else |
113 | atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000 | | 113 | atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000 |
114 | fi | | 114 | fi |
115 | atf_check -s exit:0 rump.ifconfig shmif1 up | | 115 | atf_check -s exit:0 rump.ifconfig shmif1 up |
116 | rump.ifconfig shmif1 | | 116 | $DEBUG && rump.ifconfig shmif1 |
117 | unset RUMP_SERVER | | 117 | unset RUMP_SERVER |
118 | } | | 118 | } |
119 | | | 119 | |
120 | test_router() | | 120 | test_router() |
121 | { | | 121 | { |
122 | local sock=${1} | | 122 | local sock=${1} |
123 | local lan=${2} | | 123 | local lan=${2} |
124 | local lan_mode=${3} | | 124 | local lan_mode=${3} |
125 | local wan=${4} | | 125 | local wan=${4} |
126 | local wan_mode=${5} | | 126 | local wan_mode=${5} |
127 | | | 127 | |
128 | export RUMP_SERVER=${sock} | | 128 | export RUMP_SERVER=${sock} |
129 | atf_check -s exit:0 -o match:shmif0 rump.ifconfig | | 129 | atf_check -s exit:0 -o match:shmif0 rump.ifconfig |
130 | if [ ${lan_mode} = "ipv6" ]; then | | 130 | if [ ${lan_mode} = "ipv6" ]; then |
131 | atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${lan} | | 131 | atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${lan} |
132 | else | | 132 | else |
133 | atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan} | | 133 | atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan} |
134 | fi | | 134 | fi |
135 | | | 135 | |
136 | atf_check -s exit:0 -o match:shmif1 rump.ifconfig | | 136 | atf_check -s exit:0 -o match:shmif1 rump.ifconfig |
137 | if [ ${wan_mode} = "ipv6" ]; then | | 137 | if [ ${wan_mode} = "ipv6" ]; then |
138 | atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${wan} | | 138 | atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${wan} |
139 | else | | 139 | else |
140 | atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan} | | 140 | atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan} |
141 | fi | | 141 | fi |
142 | unset RUMP_SERVER | | 142 | unset RUMP_SERVER |
143 | } | | 143 | } |
144 | | | 144 | |
145 | setup() | | 145 | setup() |
146 | { | | 146 | { |
147 | local inner=${1} | | 147 | local inner=${1} |
148 | local outer=${2} | | 148 | local outer=${2} |
149 | | | 149 | |
150 | rump_server_crypto_start $SOCK1 netipsec netinet6 ipsec | | 150 | rump_server_crypto_start $SOCK1 netipsec netinet6 ipsec |
151 | rump_server_crypto_start $SOCK2 netipsec netinet6 ipsec | | 151 | rump_server_crypto_start $SOCK2 netipsec netinet6 ipsec |
152 | | | 152 | |
153 | router1_lan="" | | 153 | router1_lan="" |
154 | router1_lan_mode="" | | 154 | router1_lan_mode="" |
155 | router2_lan="" | | 155 | router2_lan="" |
156 | router2_lan_mode="" | | 156 | router2_lan_mode="" |
157 | if [ ${inner} = "ipv6" ]; then | | 157 | if [ ${inner} = "ipv6" ]; then |
158 | router1_lan=$ROUTER1_LANIP6 | | 158 | router1_lan=$ROUTER1_LANIP6 |
159 | router1_lan_mode="ipv6" | | 159 | router1_lan_mode="ipv6" |
160 | router2_lan=$ROUTER2_LANIP6 | | 160 | router2_lan=$ROUTER2_LANIP6 |
161 | router2_lan_mode="ipv6" | | 161 | router2_lan_mode="ipv6" |
162 | else | | 162 | else |
163 | router1_lan=$ROUTER1_LANIP | | 163 | router1_lan=$ROUTER1_LANIP |
164 | router1_lan_mode="ipv4" | | 164 | router1_lan_mode="ipv4" |
165 | router2_lan=$ROUTER2_LANIP | | 165 | router2_lan=$ROUTER2_LANIP |
166 | router2_lan_mode="ipv4" | | 166 | router2_lan_mode="ipv4" |
167 | fi | | 167 | fi |
168 | | | 168 | |
169 | if [ ${outer} = "ipv6" ]; then | | 169 | if [ ${outer} = "ipv6" ]; then |
170 | setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ | | 170 | setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ |
171 | $ROUTER1_WANIP6 ipv6 | | 171 | $ROUTER1_WANIP6 ipv6 |
172 | setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ | | 172 | setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ |
173 | $ROUTER2_WANIP6 ipv6 | | 173 | $ROUTER2_WANIP6 ipv6 |
174 | else | | 174 | else |
175 | setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ | | 175 | setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ |
176 | $ROUTER1_WANIP ipv4 | | 176 | $ROUTER1_WANIP ipv4 |
177 | setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ | | 177 | setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ |
178 | $ROUTER2_WANIP ipv4 | | 178 | $ROUTER2_WANIP ipv4 |
179 | fi | | 179 | fi |
180 | } | | 180 | } |
181 | | | 181 | |
182 | test_setup() | | 182 | test_setup() |
183 | { | | 183 | { |
184 | local inner=${1} | | 184 | local inner=${1} |
185 | local outer=${2} | | 185 | local outer=${2} |
186 | | | 186 | |
187 | local router1_lan="" | | 187 | local router1_lan="" |
188 | local router1_lan_mode="" | | 188 | local router1_lan_mode="" |
189 | local router2_lan="" | | 189 | local router2_lan="" |
190 | local router2_lan_mode="" | | 190 | local router2_lan_mode="" |
191 | if [ ${inner} = "ipv6" ]; then | | 191 | if [ ${inner} = "ipv6" ]; then |
192 | router1_lan=$ROUTER1_LANIP6 | | 192 | router1_lan=$ROUTER1_LANIP6 |
193 | router1_lan_mode="ipv6" | | 193 | router1_lan_mode="ipv6" |
194 | router2_lan=$ROUTER2_LANIP6 | | 194 | router2_lan=$ROUTER2_LANIP6 |
195 | router2_lan_mode="ipv6" | | 195 | router2_lan_mode="ipv6" |
196 | else | | 196 | else |
197 | router1_lan=$ROUTER1_LANIP | | 197 | router1_lan=$ROUTER1_LANIP |
198 | router1_lan_mode="ipv4" | | 198 | router1_lan_mode="ipv4" |
199 | router2_lan=$ROUTER2_LANIP | | 199 | router2_lan=$ROUTER2_LANIP |
200 | router2_lan_mode="ipv4" | | 200 | router2_lan_mode="ipv4" |
201 | fi | | 201 | fi |
202 | if [ ${outer} = "ipv6" ]; then | | 202 | if [ ${outer} = "ipv6" ]; then |
203 | test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ | | 203 | test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ |
204 | $ROUTER1_WANIP6 ipv6 | | 204 | $ROUTER1_WANIP6 ipv6 |
205 | test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ | | 205 | test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ |
206 | $ROUTER2_WANIP6 ipv6 | | 206 | $ROUTER2_WANIP6 ipv6 |
207 | else | | 207 | else |
208 | test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ | | 208 | test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \ |
209 | $ROUTER1_WANIP ipv4 | | 209 | $ROUTER1_WANIP ipv4 |
210 | test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ | | 210 | test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \ |
211 | $ROUTER2_WANIP ipv4 | | 211 | $ROUTER2_WANIP ipv4 |
212 | fi | | 212 | fi |
213 | } | | 213 | } |
214 | | | 214 | |
215 | get_if_ipsec_unique() | | 215 | get_if_ipsec_unique() |
216 | { | | 216 | { |
217 | local sock=${1} | | 217 | local sock=${1} |
218 | local src=${2} | | 218 | local src=${2} |
219 | local proto=${3} | | 219 | local proto=${3} |
220 | local unique="" | | 220 | local unique="" |
221 | | | 221 | |
222 | export RUMP_SERVER=${sock} | | 222 | export RUMP_SERVER=${sock} |
223 | unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'` | | 223 | unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'` |
224 | unset RUMP_SERVER | | 224 | unset RUMP_SERVER |
225 | | | 225 | |
226 | echo $unique | | 226 | echo $unique |
227 | } | | 227 | } |
228 | | | 228 | |
229 | setup_if_ipsec() | | 229 | setup_if_ipsec() |
230 | { | | 230 | { |
231 | local sock=${1} | | 231 | local sock=${1} |
232 | local addr=${2} | | 232 | local addr=${2} |
233 | local remote=${3} | | 233 | local remote=${3} |
234 | local inner=${4} | | 234 | local inner=${4} |
235 | local src=${5} | | 235 | local src=${5} |
236 | local dst=${6} | | 236 | local dst=${6} |
237 | local peernet=${7} | | 237 | local peernet=${7} |
238 | | | 238 | |
239 | export RUMP_SERVER=${sock} | | 239 | export RUMP_SERVER=${sock} |
240 | atf_check -s exit:0 rump.ifconfig ipsec0 create | | 240 | atf_check -s exit:0 rump.ifconfig ipsec0 create |
241 | atf_check -s exit:0 rump.ifconfig ipsec0 tunnel ${src} ${dst} | | 241 | atf_check -s exit:0 rump.ifconfig ipsec0 tunnel ${src} ${dst} |
242 | if [ ${inner} = "ipv6" ]; then | | 242 | if [ ${inner} = "ipv6" ]; then |
243 | atf_check -s exit:0 rump.ifconfig ipsec0 inet6 ${addr}/128 ${remote} | | 243 | atf_check -s exit:0 rump.ifconfig ipsec0 inet6 ${addr}/128 ${remote} |
244 | atf_check -s exit:0 -o ignore rump.route add -inet6 ${peernet} ${addr} | | 244 | atf_check -s exit:0 -o ignore rump.route add -inet6 ${peernet} ${addr} |
245 | else | | 245 | else |
246 | atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 ${remote} | | 246 | atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 ${remote} |
247 | atf_check -s exit:0 -o ignore rump.route add -inet ${peernet} ${addr} | | 247 | atf_check -s exit:0 -o ignore rump.route add -inet ${peernet} ${addr} |
248 | fi | | 248 | fi |
249 | | | 249 | |
250 | rump.ifconfig ipsec0 | | 250 | $DEBUG && rump.ifconfig ipsec0 |
251 | rump.route -nL show | | 251 | $DEBUG && rump.route -nL show |
252 | } | | 252 | } |
253 | | | 253 | |
254 | setup_if_ipsec_sa() | | 254 | setup_if_ipsec_sa() |
255 | { | | 255 | { |
256 | local sock=${1} | | 256 | local sock=${1} |
257 | local src=${2} | | 257 | local src=${2} |
258 | local dst=${3} | | 258 | local dst=${3} |
259 | local mode=${4} | | 259 | local mode=${4} |
260 | local proto=${5} | | 260 | local proto=${5} |
261 | local algo=${6} | | 261 | local algo=${6} |
262 | local dir=${7} | | 262 | local dir=${7} |
263 | | | 263 | |
264 | local tmpfile=./tmp | | 264 | local tmpfile=./tmp |
265 | local inunique="" | | 265 | local inunique="" |
266 | local outunique="" | | 266 | local outunique="" |
267 | local inid="" | | 267 | local inid="" |
268 | local outid="" | | 268 | local outid="" |
269 | local algo_args="$(generate_algo_args $proto $algo)" | | 269 | local algo_args="$(generate_algo_args $proto $algo)" |
270 | | | 270 | |
271 | inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` | | 271 | inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` |
272 | atf_check -s exit:0 test "X$inunique" != "X" | | 272 | atf_check -s exit:0 test "X$inunique" != "X" |
273 | outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` | | 273 | outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` |
274 | atf_check -s exit:0 test "X$outunique" != "X" | | 274 | atf_check -s exit:0 test "X$outunique" != "X" |
275 | | | 275 | |
276 | if [ ${dir} = "1to2" ] ; then | | 276 | if [ ${dir} = "1to2" ] ; then |
277 | if [ ${mode} = "ipv6" ] ; then | | 277 | if [ ${mode} = "ipv6" ] ; then |
278 | inid="10010" | | 278 | inid="10010" |
279 | outid="10011" | | 279 | outid="10011" |
280 | else | | 280 | else |
281 | inid="10000" | | 281 | inid="10000" |
282 | outid="10001" | | 282 | outid="10001" |
283 | fi | | 283 | fi |
284 | else | | 284 | else |
285 | if [ ${mode} = "ipv6" ] ; then | | 285 | if [ ${mode} = "ipv6" ] ; then |
286 | inid="10011" | | 286 | inid="10011" |
287 | outid="10010" | | 287 | outid="10010" |
288 | else | | 288 | else |
289 | inid="10001" | | 289 | inid="10001" |
290 | outid="10000" | | 290 | outid="10000" |
291 | fi | | 291 | fi |
292 | fi | | 292 | fi |
293 | | | 293 | |
294 | cat > $tmpfile <<-EOF | | 294 | cat > $tmpfile <<-EOF |
295 | add $dst $src $proto $inid -u $inunique $algo_args; | | 295 | add $dst $src $proto $inid -u $inunique $algo_args; |
296 | add $src $dst $proto $outid -u $outunique $algo_args; | | 296 | add $src $dst $proto $outid -u $outunique $algo_args; |
297 | EOF | | 297 | EOF |
298 | $DEBUG && cat $tmpfile | | 298 | $DEBUG && cat $tmpfile |
299 | export RUMP_SERVER=$sock | | 299 | export RUMP_SERVER=$sock |
300 | atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile | | 300 | atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile |
301 | $DEBUG && $HIJACKING setkey -D | | 301 | $DEBUG && $HIJACKING setkey -D |
302 | $DEBUG && $HIJACKING setkey -DP | | 302 | $DEBUG && $HIJACKING setkey -DP |
303 | unset RUMP_SERVER | | 303 | unset RUMP_SERVER |
304 | } | | 304 | } |
305 | | | 305 | |
306 | setup_tunnel() | | 306 | setup_tunnel() |
307 | { | | 307 | { |
308 | local inner=${1} | | 308 | local inner=${1} |
309 | local outer=${2} | | 309 | local outer=${2} |
310 | local proto=${3} | | 310 | local proto=${3} |
311 | local algo=${4} | | 311 | local algo=${4} |
312 | | | 312 | |
313 | local addr="" | | 313 | local addr="" |
314 | local remote="" | | 314 | local remote="" |
315 | local src="" | | 315 | local src="" |
316 | local dst="" | | 316 | local dst="" |
317 | local peernet="" | | 317 | local peernet="" |
318 | | | 318 | |
319 | if [ ${inner} = "ipv6" ]; then | | 319 | if [ ${inner} = "ipv6" ]; then |
320 | addr=$ROUTER1_IPSECIP6 | | 320 | addr=$ROUTER1_IPSECIP6 |
321 | remote=$ROUTER2_IPSECIP6 | | 321 | remote=$ROUTER2_IPSECIP6 |
322 | peernet=$ROUTER2_LANNET6 | | 322 | peernet=$ROUTER2_LANNET6 |
323 | else | | 323 | else |
324 | addr=$ROUTER1_IPSECIP | | 324 | addr=$ROUTER1_IPSECIP |
325 | remote=$ROUTER2_IPSECIP | | 325 | remote=$ROUTER2_IPSECIP |
326 | peernet=$ROUTER2_LANNET | | 326 | peernet=$ROUTER2_LANNET |
327 | fi | | 327 | fi |
328 | if [ ${outer} = "ipv6" ]; then | | 328 | if [ ${outer} = "ipv6" ]; then |
329 | src=$ROUTER1_WANIP6 | | 329 | src=$ROUTER1_WANIP6 |
330 | dst=$ROUTER2_WANIP6 | | 330 | dst=$ROUTER2_WANIP6 |
331 | else | | 331 | else |
332 | src=$ROUTER1_WANIP | | 332 | src=$ROUTER1_WANIP |
333 | dst=$ROUTER2_WANIP | | 333 | dst=$ROUTER2_WANIP |
334 | fi | | 334 | fi |
335 | setup_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ | | 335 | setup_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ |
336 | ${src} ${dst} ${peernet} | | 336 | ${src} ${dst} ${peernet} |
337 | | | 337 | |
338 | if [ $inner = "ipv6" -a $outer = "ipv4" ]; then | | 338 | if [ $inner = "ipv6" -a $outer = "ipv4" ]; then |
339 | setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${outer} ${proto} ${algo} "1to2" | | 339 | setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${outer} ${proto} ${algo} "1to2" |
340 | fi | | 340 | fi |
341 | setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" | | 341 | setup_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" |
342 | | | 342 | |
343 | if [ $inner = "ipv6" ]; then | | 343 | if [ $inner = "ipv6" ]; then |
344 | addr=$ROUTER2_IPSECIP6 | | 344 | addr=$ROUTER2_IPSECIP6 |
345 | remote=$ROUTER1_IPSECIP6 | | 345 | remote=$ROUTER1_IPSECIP6 |
346 | peernet=$ROUTER1_LANNET6 | | 346 | peernet=$ROUTER1_LANNET6 |
347 | else | | 347 | else |
348 | addr=$ROUTER2_IPSECIP | | 348 | addr=$ROUTER2_IPSECIP |
349 | remote=$ROUTER1_IPSECIP | | 349 | remote=$ROUTER1_IPSECIP |
350 | peernet=$ROUTER1_LANNET | | 350 | peernet=$ROUTER1_LANNET |
351 | fi | | 351 | fi |
352 | if [ $outer = "ipv6" ]; then | | 352 | if [ $outer = "ipv6" ]; then |
353 | src=$ROUTER2_WANIP6 | | 353 | src=$ROUTER2_WANIP6 |
354 | dst=$ROUTER1_WANIP6 | | 354 | dst=$ROUTER1_WANIP6 |
355 | else | | 355 | else |
356 | src=$ROUTER2_WANIP | | 356 | src=$ROUTER2_WANIP |
357 | dst=$ROUTER1_WANIP | | 357 | dst=$ROUTER1_WANIP |
358 | fi | | 358 | fi |
359 | setup_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ | | 359 | setup_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ |
360 | ${src} ${dst} ${peernet} ${proto} ${algo} | | 360 | ${src} ${dst} ${peernet} ${proto} ${algo} |
361 | if [ $inner = "ipv6" -a $outer = "ipv4" ]; then | | 361 | if [ $inner = "ipv6" -a $outer = "ipv4" ]; then |
362 | setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${outer} ${proto} ${algo} "2to1" | | 362 | setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${outer} ${proto} ${algo} "2to1" |
363 | fi | | 363 | fi |
364 | setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" | | 364 | setup_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" |
365 | } | | 365 | } |
366 | | | 366 | |
367 | test_setup_tunnel() | | 367 | test_setup_tunnel() |
368 | { | | 368 | { |
369 | local mode=${1} | | 369 | local mode=${1} |
370 | | | 370 | |
371 | local peernet="" | | 371 | local peernet="" |
372 | local opt="" | | 372 | local opt="" |
373 | if [ ${mode} = "ipv6" ]; then | | 373 | if [ ${mode} = "ipv6" ]; then |
374 | peernet=$ROUTER2_LANNET6 | | 374 | peernet=$ROUTER2_LANNET6 |
375 | opt="-inet6" | | 375 | opt="-inet6" |
376 | else | | 376 | else |
377 | peernet=$ROUTER2_LANNET | | 377 | peernet=$ROUTER2_LANNET |
378 | opt="-inet" | | 378 | opt="-inet" |
379 | fi | | 379 | fi |
380 | export RUMP_SERVER=$SOCK1 | | 380 | export RUMP_SERVER=$SOCK1 |
381 | atf_check -s exit:0 -o match:ipsec0 rump.ifconfig | | 381 | atf_check -s exit:0 -o match:ipsec0 rump.ifconfig |
382 | atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} | | 382 | atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} |
383 | | | 383 | |
384 | if [ ${mode} = "ipv6" ]; then | | 384 | if [ ${mode} = "ipv6" ]; then |
385 | peernet=$ROUTER1_LANNET6 | | 385 | peernet=$ROUTER1_LANNET6 |
386 | opt="-inet6" | | 386 | opt="-inet6" |
387 | else | | 387 | else |
388 | peernet=$ROUTER1_LANNET | | 388 | peernet=$ROUTER1_LANNET |
389 | opt="-inet" | | 389 | opt="-inet" |
390 | fi | | 390 | fi |
391 | export RUMP_SERVER=$SOCK2 | | 391 | export RUMP_SERVER=$SOCK2 |
392 | atf_check -s exit:0 -o match:ipsec0 rump.ifconfig | | 392 | atf_check -s exit:0 -o match:ipsec0 rump.ifconfig |
393 | atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} | | 393 | atf_check -s exit:0 -o match:ipsec0 rump.route -nL get ${opt} ${peernet} |
394 | } | | 394 | } |
395 | | | 395 | |
396 | teardown_tunnel() | | 396 | teardown_tunnel() |
397 | { | | 397 | { |
398 | export RUMP_SERVER=$SOCK1 | | 398 | export RUMP_SERVER=$SOCK1 |
399 | atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel | | 399 | atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel |
400 | atf_check -s exit:0 rump.ifconfig ipsec0 destroy | | 400 | atf_check -s exit:0 rump.ifconfig ipsec0 destroy |
401 | $HIJACKING setkey -F | | 401 | $HIJACKING setkey -F |
402 | | | 402 | |
403 | export RUMP_SERVER=$SOCK2 | | 403 | export RUMP_SERVER=$SOCK2 |
404 | atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel | | 404 | atf_check -s exit:0 rump.ifconfig ipsec0 deletetunnel |
405 | atf_check -s exit:0 rump.ifconfig ipsec0 destroy | | 405 | atf_check -s exit:0 rump.ifconfig ipsec0 destroy |
406 | $HIJACKING setkey -F | | 406 | $HIJACKING setkey -F |
407 | | | 407 | |
408 | unset RUMP_SERVER | | 408 | unset RUMP_SERVER |
409 | } | | 409 | } |
410 | | | 410 | |
411 | setup_dummy_if_ipsec() | | 411 | setup_dummy_if_ipsec() |
412 | { | | 412 | { |
413 | local sock=${1} | | 413 | local sock=${1} |
414 | local addr=${2} | | 414 | local addr=${2} |
415 | local remote=${3} | | 415 | local remote=${3} |
416 | local inner=${4} | | 416 | local inner=${4} |
417 | local src=${5} | | 417 | local src=${5} |
418 | local dst=${6} | | 418 | local dst=${6} |
419 | | | 419 | |
420 | export RUMP_SERVER=${sock} | | 420 | export RUMP_SERVER=${sock} |
421 | atf_check -s exit:0 rump.ifconfig ipsec1 create | | 421 | atf_check -s exit:0 rump.ifconfig ipsec1 create |
422 | atf_check -s exit:0 rump.ifconfig ipsec1 tunnel ${src} ${dst} | | 422 | atf_check -s exit:0 rump.ifconfig ipsec1 tunnel ${src} ${dst} |
423 | if [ ${inner} = "ipv6" ]; then | | 423 | if [ ${inner} = "ipv6" ]; then |
424 | atf_check -s exit:0 rump.ifconfig ipsec1 inet6 ${addr}/128 ${remote} | | 424 | atf_check -s exit:0 rump.ifconfig ipsec1 inet6 ${addr}/128 ${remote} |
425 | else | | 425 | else |
426 | atf_check -s exit:0 rump.ifconfig ipsec1 inet ${addr}/32 ${remote} | | 426 | atf_check -s exit:0 rump.ifconfig ipsec1 inet ${addr}/32 ${remote} |
427 | fi | | 427 | fi |
428 | | | 428 | |
429 | rump.ifconfig ipsec1 | | 429 | $DEBUG && rump.ifconfig ipsec1 |
430 | unset RUMP_SERVER | | 430 | unset RUMP_SERVER |
431 | } | | 431 | } |
432 | | | 432 | |
433 | setup_dummy_if_ipsec_sa() | | 433 | setup_dummy_if_ipsec_sa() |
434 | { | | 434 | { |
435 | local sock=${1} | | 435 | local sock=${1} |
436 | local src=${2} | | 436 | local src=${2} |
437 | local dst=${3} | | 437 | local dst=${3} |
438 | local mode=${4} | | 438 | local mode=${4} |
439 | local proto=${5} | | 439 | local proto=${5} |
440 | local algo=${6} | | 440 | local algo=${6} |
441 | local dir=${7} | | 441 | local dir=${7} |
442 | | | 442 | |
443 | local tmpfile=./tmp | | 443 | local tmpfile=./tmp |
444 | local inunique="" | | 444 | local inunique="" |
445 | local outunique="" | | 445 | local outunique="" |
446 | local inid="" | | 446 | local inid="" |
447 | local outid="" | | 447 | local outid="" |
448 | local algo_args="$(generate_algo_args $proto $algo)" | | 448 | local algo_args="$(generate_algo_args $proto $algo)" |
449 | | | 449 | |
450 | inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` | | 450 | inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}` |
451 | atf_check -s exit:0 test "X$inunique" != "X" | | 451 | atf_check -s exit:0 test "X$inunique" != "X" |
452 | outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` | | 452 | outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}` |
453 | atf_check -s exit:0 test "X$outunique" != "X" | | 453 | atf_check -s exit:0 test "X$outunique" != "X" |
454 | | | 454 | |
455 | if [ ${dir} = "1to2" ] ; then | | 455 | if [ ${dir} = "1to2" ] ; then |
456 | inid="20000" | | 456 | inid="20000" |
457 | outid="20001" | | 457 | outid="20001" |
458 | else | | 458 | else |
459 | inid="20001" | | 459 | inid="20001" |
460 | outid="20000" | | 460 | outid="20000" |
461 | fi | | 461 | fi |
462 | | | 462 | |
463 | cat > $tmpfile <<-EOF | | 463 | cat > $tmpfile <<-EOF |
464 | add $dst $src $proto $inid -u $inunique $algo_args; | | 464 | add $dst $src $proto $inid -u $inunique $algo_args; |
465 | add $src $dst $proto $outid -u $outunique $algo_args; | | 465 | add $src $dst $proto $outid -u $outunique $algo_args; |
466 | EOF | | 466 | EOF |
467 | $DEBUG && cat $tmpfile | | 467 | $DEBUG && cat $tmpfile |
468 | export RUMP_SERVER=$sock | | 468 | export RUMP_SERVER=$sock |
469 | atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile | | 469 | atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile |
470 | $DEBUG && $HIJACKING setkey -D | | 470 | $DEBUG && $HIJACKING setkey -D |
471 | $DEBUG && $HIJACKING setkey -DP | | 471 | $DEBUG && $HIJACKING setkey -DP |
472 | unset RUMP_SERVER | | 472 | unset RUMP_SERVER |
473 | } | | 473 | } |
474 | | | 474 | |
475 | setup_dummy_tunnel() | | 475 | setup_dummy_tunnel() |
476 | { | | 476 | { |
477 | local inner=${1} | | 477 | local inner=${1} |
478 | local outer=${2} | | 478 | local outer=${2} |
479 | local proto=${3} | | 479 | local proto=${3} |
480 | local algo=${4} | | 480 | local algo=${4} |
481 | | | 481 | |
482 | local addr="" | | 482 | local addr="" |
483 | local remote="" | | 483 | local remote="" |
484 | local src="" | | 484 | local src="" |
485 | local dst="" | | 485 | local dst="" |
486 | | | 486 | |
487 | if [ ${inner} = "ipv6" ]; then | | 487 | if [ ${inner} = "ipv6" ]; then |
488 | addr=$ROUTER1_IPSECIP6_DUMMY | | 488 | addr=$ROUTER1_IPSECIP6_DUMMY |
489 | remote=$ROUTER2_IPSECIP6_DUMMY | | 489 | remote=$ROUTER2_IPSECIP6_DUMMY |
490 | else | | 490 | else |
491 | addr=$ROUTER1_IPSECIP_DUMMY | | 491 | addr=$ROUTER1_IPSECIP_DUMMY |
492 | remote=$ROUTER2_IPSECIP_DUMMY | | 492 | remote=$ROUTER2_IPSECIP_DUMMY |
493 | fi | | 493 | fi |
494 | if [ ${outer} = "ipv6" ]; then | | 494 | if [ ${outer} = "ipv6" ]; then |
495 | src=$ROUTER1_WANIP6_DUMMY | | 495 | src=$ROUTER1_WANIP6_DUMMY |
496 | dst=$ROUTER2_WANIP6_DUMMY | | 496 | dst=$ROUTER2_WANIP6_DUMMY |
497 | else | | 497 | else |
498 | src=$ROUTER1_WANIP_DUMMY | | 498 | src=$ROUTER1_WANIP_DUMMY |
499 | dst=$ROUTER2_WANIP_DUMMY | | 499 | dst=$ROUTER2_WANIP_DUMMY |
500 | fi | | 500 | fi |
501 | setup_dummy_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ | | 501 | setup_dummy_if_ipsec $SOCK1 ${addr} ${remote} ${inner} \ |
502 | ${src} ${dst} ${proto} ${algo} "1to2" | | 502 | ${src} ${dst} ${proto} ${algo} "1to2" |
503 | setup_dummy_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" | | 503 | setup_dummy_if_ipsec_sa $SOCK1 ${src} ${dst} ${inner} ${proto} ${algo} "1to2" |
504 | | | 504 | |
505 | if [ $inner = "ipv6" ]; then | | 505 | if [ $inner = "ipv6" ]; then |
506 | addr=$ROUTER2_IPSECIP6_DUMMY | | 506 | addr=$ROUTER2_IPSECIP6_DUMMY |
507 | remote=$ROUTER1_IPSECIP6_DUMMY | | 507 | remote=$ROUTER1_IPSECIP6_DUMMY |
508 | else | | 508 | else |
509 | addr=$ROUTER2_IPSECIP_DUMMY | | 509 | addr=$ROUTER2_IPSECIP_DUMMY |
510 | remote=$ROUTER1_IPSECIP_DUMMY | | 510 | remote=$ROUTER1_IPSECIP_DUMMY |
511 | fi | | 511 | fi |
512 | if [ $outer = "ipv6" ]; then | | 512 | if [ $outer = "ipv6" ]; then |
513 | src=$ROUTER2_WANIP6_DUMMY | | 513 | src=$ROUTER2_WANIP6_DUMMY |
514 | dst=$ROUTER1_WANIP6_DUMMY | | 514 | dst=$ROUTER1_WANIP6_DUMMY |
515 | else | | 515 | else |
516 | src=$ROUTER2_WANIP_DUMMY | | 516 | src=$ROUTER2_WANIP_DUMMY |
517 | dst=$ROUTER1_WANIP_DUMMY | | 517 | dst=$ROUTER1_WANIP_DUMMY |
518 | fi | | 518 | fi |
519 | setup_dummy_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ | | 519 | setup_dummy_if_ipsec $SOCK2 ${addr} ${remote} ${inner} \ |
520 | ${src} ${dst} ${proto} ${algo} "2to1" | | 520 | ${src} ${dst} ${proto} ${algo} "2to1" |
521 | setup_dummy_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" | | 521 | setup_dummy_if_ipsec_sa $SOCK2 ${src} ${dst} ${inner} ${proto} ${algo} "2to1" |
522 | } | | 522 | } |
523 | | | 523 | |
524 | test_setup_dummy_tunnel() | | 524 | test_setup_dummy_tunnel() |
525 | { | | 525 | { |
526 | export RUMP_SERVER=$SOCK1 | | 526 | export RUMP_SERVER=$SOCK1 |
527 | atf_check -s exit:0 -o match:ipsec1 rump.ifconfig | | 527 | atf_check -s exit:0 -o match:ipsec1 rump.ifconfig |
528 | | | 528 | |
529 | export RUMP_SERVER=$SOCK2 | | 529 | export RUMP_SERVER=$SOCK2 |
530 | atf_check -s exit:0 -o match:ipsec1 rump.ifconfig | | 530 | atf_check -s exit:0 -o match:ipsec1 rump.ifconfig |
531 | | | 531 | |
532 | unset RUMP_SERVER | | 532 | unset RUMP_SERVER |
533 | } | | 533 | } |
534 | | | 534 | |
535 | teardown_dummy_tunnel() | | 535 | teardown_dummy_tunnel() |
536 | { | | 536 | { |
537 | export RUMP_SERVER=$SOCK1 | | 537 | export RUMP_SERVER=$SOCK1 |
538 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel | | 538 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel |
539 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy | | 539 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy |
540 | | | 540 | |
541 | export RUMP_SERVER=$SOCK2 | | 541 | export RUMP_SERVER=$SOCK2 |
542 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel | | 542 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel |
543 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy | | 543 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy |
544 | | | 544 | |
545 | unset RUMP_SERVER | | 545 | unset RUMP_SERVER |
546 | } | | 546 | } |
547 | | | 547 | |
548 | setup_recursive_if_ipsec() | | 548 | setup_recursive_if_ipsec() |
549 | { | | 549 | { |
550 | local sock=${1} | | 550 | local sock=${1} |
551 | local ipsec=${2} | | 551 | local ipsec=${2} |
552 | local addr=${3} | | 552 | local addr=${3} |
553 | local remote=${4} | | 553 | local remote=${4} |
554 | local inner=${5} | | 554 | local inner=${5} |
555 | local src=${6} | | 555 | local src=${6} |
556 | local dst=${7} | | 556 | local dst=${7} |
557 | local proto=${8} | | 557 | local proto=${8} |
558 | local algo=${9} | | 558 | local algo=${9} |
559 | local dir=${10} | | 559 | local dir=${10} |
560 | | | 560 | |
561 | export RUMP_SERVER=${sock} | | 561 | export RUMP_SERVER=${sock} |
562 | atf_check -s exit:0 rump.ifconfig ${ipsec} create | | 562 | atf_check -s exit:0 rump.ifconfig ${ipsec} create |
563 | atf_check -s exit:0 rump.ifconfig ${ipsec} tunnel ${src} ${dst} | | 563 | atf_check -s exit:0 rump.ifconfig ${ipsec} tunnel ${src} ${dst} |
564 | if [ ${inner} = "ipv6" ]; then | | 564 | if [ ${inner} = "ipv6" ]; then |
565 | atf_check -s exit:0 rump.ifconfig ${ipsec} inet6 ${addr}/128 ${remote} | | 565 | atf_check -s exit:0 rump.ifconfig ${ipsec} inet6 ${addr}/128 ${remote} |
566 | else | | 566 | else |
567 | atf_check -s exit:0 rump.ifconfig ${ipsec} inet ${addr}/32 ${remote} | | 567 | atf_check -s exit:0 rump.ifconfig ${ipsec} inet ${addr}/32 ${remote} |
568 | fi | | 568 | fi |
569 | setup_if_ipsec_sa $sock ${src} ${dst} ${inner} ${proto} ${algo} ${dir} | | 569 | setup_if_ipsec_sa $sock ${src} ${dst} ${inner} ${proto} ${algo} ${dir} |
570 | | | 570 | |
571 | export RUMP_SERVER=${sock} | | 571 | export RUMP_SERVER=${sock} |
572 | rump.ifconfig ${ipsec} | | 572 | $DEBUG && rump.ifconfig ${ipsec} |
573 | unset RUMP_SERVER | | 573 | unset RUMP_SERVER |
574 | } | | 574 | } |
575 | | | 575 | |
576 | # test in ROUTER1 only | | 576 | # test in ROUTER1 only |
577 | setup_recursive_tunnels() | | 577 | setup_recursive_tunnels() |
578 | { | | 578 | { |
579 | local mode=${1} | | 579 | local mode=${1} |
580 | local proto=${2} | | 580 | local proto=${2} |
581 | local algo=${3} | | 581 | local algo=${3} |
582 | | | 582 | |
583 | local addr="" | | 583 | local addr="" |
584 | local remote="" | | 584 | local remote="" |
585 | local src="" | | 585 | local src="" |
586 | local dst="" | | 586 | local dst="" |
587 | | | 587 | |
588 | if [ ${mode} = "ipv6" ]; then | | 588 | if [ ${mode} = "ipv6" ]; then |
589 | addr=$ROUTER1_IPSECIP6_RECURSIVE1 | | 589 | addr=$ROUTER1_IPSECIP6_RECURSIVE1 |
590 | remote=$ROUTER2_IPSECIP6_RECURSIVE1 | | 590 | remote=$ROUTER2_IPSECIP6_RECURSIVE1 |
591 | src=$ROUTER1_IPSECIP6 | | 591 | src=$ROUTER1_IPSECIP6 |
592 | dst=$ROUTER2_IPSECIP6 | | 592 | dst=$ROUTER2_IPSECIP6 |
593 | else | | 593 | else |
594 | addr=$ROUTER1_IPSECIP_RECURSIVE1 | | 594 | addr=$ROUTER1_IPSECIP_RECURSIVE1 |
595 | remote=$ROUTER2_IPSECIP_RECURSIVE1 | | 595 | remote=$ROUTER2_IPSECIP_RECURSIVE1 |
596 | src=$ROUTER1_IPSECIP | | 596 | src=$ROUTER1_IPSECIP |
597 | dst=$ROUTER2_IPSECIP | | 597 | dst=$ROUTER2_IPSECIP |
598 | fi | | 598 | fi |
599 | setup_recursive_if_ipsec $SOCK1 ipsec1 ${addr} ${remote} ${mode} \ | | 599 | setup_recursive_if_ipsec $SOCK1 ipsec1 ${addr} ${remote} ${mode} \ |
600 | ${src} ${dst} ${proto} ${algo} "1to2" | | 600 | ${src} ${dst} ${proto} ${algo} "1to2" |
601 | | | 601 | |
602 | if [ ${mode} = "ipv6" ]; then | | 602 | if [ ${mode} = "ipv6" ]; then |
603 | addr=$ROUTER1_IPSECIP6_RECURSIVE2 | | 603 | addr=$ROUTER1_IPSECIP6_RECURSIVE2 |
604 | remote=$ROUTER2_IPSECIP6_RECURSIVE2 | | 604 | remote=$ROUTER2_IPSECIP6_RECURSIVE2 |
605 | src=$ROUTER1_IPSECIP6_RECURSIVE1 | | 605 | src=$ROUTER1_IPSECIP6_RECURSIVE1 |
606 | dst=$ROUTER2_IPSECIP6_RECURSIVE1 | | 606 | dst=$ROUTER2_IPSECIP6_RECURSIVE1 |
607 | else | | 607 | else |
608 | addr=$ROUTER1_IPSECIP_RECURSIVE2 | | 608 | addr=$ROUTER1_IPSECIP_RECURSIVE2 |
609 | remote=$ROUTER2_IPSECIP_RECURSIVE2 | | 609 | remote=$ROUTER2_IPSECIP_RECURSIVE2 |
610 | src=$ROUTER1_IPSECIP_RECURSIVE1 | | 610 | src=$ROUTER1_IPSECIP_RECURSIVE1 |
611 | dst=$ROUTER2_IPSECIP_RECURSIVE1 | | 611 | dst=$ROUTER2_IPSECIP_RECURSIVE1 |
612 | fi | | 612 | fi |
613 | setup_recursive_if_ipsec $SOCK1 ipsec2 ${addr} ${remote} ${mode} \ | | 613 | setup_recursive_if_ipsec $SOCK1 ipsec2 ${addr} ${remote} ${mode} \ |
614 | ${src} ${dst} ${proto} ${algo} "1to2" | | 614 | ${src} ${dst} ${proto} ${algo} "1to2" |
615 | } | | 615 | } |
616 | | | 616 | |
617 | # test in router1 only | | 617 | # test in router1 only |
618 | test_recursive_check() | | 618 | test_recursive_check() |
619 | { | | 619 | { |
620 | local mode=$1 | | 620 | local mode=$1 |
621 | | | 621 | |
622 | export RUMP_SERVER=$SOCK1 | | 622 | export RUMP_SERVER=$SOCK1 |
623 | if [ ${mode} = "ipv6" ]; then | | 623 | if [ ${mode} = "ipv6" ]; then |
624 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 624 | atf_check -s not-exit:0 -o ignore -e ignore \ |
625 | rump.ping6 -n -X $TIMEOUT -c 1 $ROUTER2_IPSECIP6_RECURSIVE2 | | 625 | rump.ping6 -n -X $TIMEOUT -c 1 $ROUTER2_IPSECIP6_RECURSIVE2 |
626 | else | | 626 | else |
627 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 627 | atf_check -s not-exit:0 -o ignore -e ignore \ |
628 | rump.ping -n -w $TIMEOUT -c 1 $ROUTER2_IPSECIP_RECURSIVE2 | | 628 | rump.ping -n -w $TIMEOUT -c 1 $ROUTER2_IPSECIP_RECURSIVE2 |
629 | fi | | 629 | fi |
630 | | | 630 | |
631 | atf_check -o match:'ipsec0: recursively called too many times' \ | | 631 | atf_check -o match:'ipsec0: recursively called too many times' \ |
632 | -x "$HIJACKING dmesg" | | 632 | -x "$HIJACKING dmesg" |
633 | | | 633 | |
634 | $HIJACKING dmesg | | 634 | $HIJACKING dmesg |
635 | | | 635 | |
636 | unset RUMP_SERVER | | 636 | unset RUMP_SERVER |
637 | } | | 637 | } |
638 | | | 638 | |
639 | teardown_recursive_tunnels() | | 639 | teardown_recursive_tunnels() |
640 | { | | 640 | { |
641 | export RUMP_SERVER=$SOCK1 | | 641 | export RUMP_SERVER=$SOCK1 |
642 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel | | 642 | atf_check -s exit:0 rump.ifconfig ipsec1 deletetunnel |
643 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy | | 643 | atf_check -s exit:0 rump.ifconfig ipsec1 destroy |
644 | atf_check -s exit:0 rump.ifconfig ipsec2 deletetunnel | | 644 | atf_check -s exit:0 rump.ifconfig ipsec2 deletetunnel |
645 | atf_check -s exit:0 rump.ifconfig ipsec2 destroy | | 645 | atf_check -s exit:0 rump.ifconfig ipsec2 destroy |
646 | unset RUMP_SERVER | | 646 | unset RUMP_SERVER |
647 | } | | 647 | } |
648 | | | 648 | |
649 | test_ping_failure() | | 649 | test_ping_failure() |
650 | { | | 650 | { |
651 | local mode=$1 | | 651 | local mode=$1 |
652 | | | 652 | |
653 | export RUMP_SERVER=$SOCK1 | | 653 | export RUMP_SERVER=$SOCK1 |
654 | if [ ${mode} = "ipv6" ]; then | | 654 | if [ ${mode} = "ipv6" ]; then |
655 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 655 | atf_check -s not-exit:0 -o ignore -e ignore \ |
656 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ | | 656 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ |
657 | $ROUTER2_LANIP6 | | 657 | $ROUTER2_LANIP6 |
658 | else | | 658 | else |
659 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 659 | atf_check -s not-exit:0 -o ignore -e ignore \ |
660 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ | | 660 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ |
661 | $ROUTER2_LANIP | | 661 | $ROUTER2_LANIP |
662 | fi | | 662 | fi |
663 | | | 663 | |
664 | export RUMP_SERVER=$SOCK2 | | 664 | export RUMP_SERVER=$SOCK2 |
665 | if [ ${mode} = "ipv6" ]; then | | 665 | if [ ${mode} = "ipv6" ]; then |
666 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 666 | atf_check -s not-exit:0 -o ignore -e ignore \ |
667 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ | | 667 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ |
668 | $ROUTER1_LANIP6 | | 668 | $ROUTER1_LANIP6 |
669 | else | | 669 | else |
670 | atf_check -s not-exit:0 -o ignore -e ignore \ | | 670 | atf_check -s not-exit:0 -o ignore -e ignore \ |
671 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ | | 671 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ |
672 | $ROUTER2_LANIP | | 672 | $ROUTER2_LANIP |
673 | fi | | 673 | fi |
674 | | | 674 | |
675 | unset RUMP_SERVER | | 675 | unset RUMP_SERVER |
676 | } | | 676 | } |
677 | | | 677 | |
678 | test_ping_success() | | 678 | test_ping_success() |
679 | { | | 679 | { |
680 | mode=$1 | | 680 | mode=$1 |
681 | | | 681 | |
682 | export RUMP_SERVER=$SOCK1 | | 682 | export RUMP_SERVER=$SOCK1 |
683 | rump.ifconfig -v ipsec0 | | 683 | $DEBUG && rump.ifconfig -v ipsec0 |
684 | if [ ${mode} = "ipv6" ]; then | | 684 | if [ ${mode} = "ipv6" ]; then |
685 | # XXX | | 685 | # XXX |
686 | # rump.ping6 rarely fails with the message that | | 686 | # rump.ping6 rarely fails with the message that |
687 | # "failed to get receiving hop limit". | | 687 | # "failed to get receiving hop limit". |
688 | # This is a known issue being analyzed. | | 688 | # This is a known issue being analyzed. |
689 | atf_check -s exit:0 -o ignore \ | | 689 | atf_check -s exit:0 -o ignore \ |
690 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ | | 690 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER1_LANIP6 \ |
691 | $ROUTER2_LANIP6 | | 691 | $ROUTER2_LANIP6 |
692 | else | | 692 | else |
693 | atf_check -s exit:0 -o ignore \ | | 693 | atf_check -s exit:0 -o ignore \ |
694 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ | | 694 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER1_LANIP \ |
695 | $ROUTER2_LANIP | | 695 | $ROUTER2_LANIP |
696 | fi | | 696 | fi |
697 | rump.ifconfig -v ipsec0 | | 697 | $DEBUG && rump.ifconfig -v ipsec0 |
698 | | | 698 | |
699 | export RUMP_SERVER=$SOCK2 | | 699 | export RUMP_SERVER=$SOCK2 |
700 | rump.ifconfig -v ipsec0 | | 700 | $DEBUG && rump.ifconfig -v ipsec0 |
701 | if [ ${mode} = "ipv6" ]; then | | 701 | if [ ${mode} = "ipv6" ]; then |
702 | atf_check -s exit:0 -o ignore \ | | 702 | atf_check -s exit:0 -o ignore \ |
703 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ | | 703 | rump.ping6 -n -X $TIMEOUT -c 1 -S $ROUTER2_LANIP6 \ |
704 | $ROUTER1_LANIP6 | | 704 | $ROUTER1_LANIP6 |
705 | else | | 705 | else |
706 | atf_check -s exit:0 -o ignore \ | | 706 | atf_check -s exit:0 -o ignore \ |
707 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ | | 707 | rump.ping -n -w $TIMEOUT -c 1 -I $ROUTER2_LANIP \ |
708 | $ROUTER1_LANIP | | 708 | $ROUTER1_LANIP |
709 | fi | | 709 | fi |
710 | rump.ifconfig -v ipsec0 | | 710 | $DEBUG && rump.ifconfig -v ipsec0 |
711 | | | 711 | |
712 | unset RUMP_SERVER | | 712 | unset RUMP_SERVER |
713 | } | | 713 | } |
714 | | | 714 | |
715 | test_change_tunnel_duplicate() | | 715 | test_change_tunnel_duplicate() |
716 | { | | 716 | { |
717 | local mode=$1 | | 717 | local mode=$1 |
718 | | | 718 | |
719 | local newsrc="" | | 719 | local newsrc="" |
720 | local newdst="" | | 720 | local newdst="" |
721 | if [ ${mode} = "ipv6" ]; then | | 721 | if [ ${mode} = "ipv6" ]; then |
722 | newsrc=$ROUTER1_WANIP6_DUMMY | | 722 | newsrc=$ROUTER1_WANIP6_DUMMY |
723 | newdst=$ROUTER2_WANIP6_DUMMY | | 723 | newdst=$ROUTER2_WANIP6_DUMMY |
724 | else | | 724 | else |
725 | newsrc=$ROUTER1_WANIP_DUMMY | | 725 | newsrc=$ROUTER1_WANIP_DUMMY |
726 | newdst=$ROUTER2_WANIP_DUMMY | | 726 | newdst=$ROUTER2_WANIP_DUMMY |
727 | fi | | 727 | fi |
728 | export RUMP_SERVER=$SOCK1 | | 728 | export RUMP_SERVER=$SOCK1 |
729 | rump.ifconfig -v ipsec0 | | 729 | $DEBUG && rump.ifconfig -v ipsec0 |
730 | rump.ifconfig -v ipsec1 | | 730 | $DEBUG && rump.ifconfig -v ipsec1 |
731 | atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ | | 731 | atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ |
732 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} | | 732 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} |
733 | rump.ifconfig -v ipsec0 | | 733 | $DEBUG && rump.ifconfig -v ipsec0 |
734 | rump.ifconfig -v ipsec1 | | 734 | $DEBUG && rump.ifconfig -v ipsec1 |
735 | | | 735 | |
736 | if [ ${mode} = "ipv6" ]; then | | 736 | if [ ${mode} = "ipv6" ]; then |
737 | newsrc=$ROUTER2_WANIP6_DUMMY | | 737 | newsrc=$ROUTER2_WANIP6_DUMMY |
738 | newdst=$ROUTER1_WANIP6_DUMMY | | 738 | newdst=$ROUTER1_WANIP6_DUMMY |
739 | else | | 739 | else |
740 | newsrc=$ROUTER2_WANIP_DUMMY | | 740 | newsrc=$ROUTER2_WANIP_DUMMY |
741 | newdst=$ROUTER1_WANIP_DUMMY | | 741 | newdst=$ROUTER1_WANIP_DUMMY |
742 | fi | | 742 | fi |
743 | export RUMP_SERVER=$SOCK2 | | 743 | export RUMP_SERVER=$SOCK2 |
744 | rump.ifconfig -v ipsec0 | | 744 | $DEBUG && rump.ifconfig -v ipsec0 |
745 | rump.ifconfig -v ipsec1 | | 745 | $DEBUG && rump.ifconfig -v ipsec1 |
746 | atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ | | 746 | atf_check -s exit:0 -e match:SIOCSLIFPHYADDR \ |
747 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} | | 747 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} |
748 | rump.ifconfig -v ipsec0 | | 748 | $DEBUG && rump.ifconfig -v ipsec0 |
749 | rump.ifconfig -v ipsec1 | | 749 | $DEBUG && rump.ifconfig -v ipsec1 |
750 | | | 750 | |
751 | unset RUMP_SERVER | | 751 | unset RUMP_SERVER |
752 | } | | 752 | } |
753 | | | 753 | |
754 | test_change_tunnel_success() | | 754 | test_change_tunnel_success() |
755 | { | | 755 | { |
756 | local mode=$1 | | 756 | local mode=$1 |
757 | | | 757 | |
758 | local newsrc="" | | 758 | local newsrc="" |
759 | local newdst="" | | 759 | local newdst="" |
760 | if [ ${mode} = "ipv6" ]; then | | 760 | if [ ${mode} = "ipv6" ]; then |
761 | newsrc=$ROUTER1_WANIP6_DUMMY | | 761 | newsrc=$ROUTER1_WANIP6_DUMMY |
762 | newdst=$ROUTER2_WANIP6_DUMMY | | 762 | newdst=$ROUTER2_WANIP6_DUMMY |
763 | else | | 763 | else |
764 | newsrc=$ROUTER1_WANIP_DUMMY | | 764 | newsrc=$ROUTER1_WANIP_DUMMY |
765 | newdst=$ROUTER2_WANIP_DUMMY | | 765 | newdst=$ROUTER2_WANIP_DUMMY |
766 | fi | | 766 | fi |
767 | export RUMP_SERVER=$SOCK1 | | 767 | export RUMP_SERVER=$SOCK1 |
768 | rump.ifconfig -v ipsec0 | | 768 | $DEBUG && rump.ifconfig -v ipsec0 |
769 | atf_check -s exit:0 \ | | 769 | atf_check -s exit:0 \ |
770 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} | | 770 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} |
771 | rump.ifconfig -v ipsec0 | | 771 | $DEBUG && rump.ifconfig -v ipsec0 |
772 | | | 772 | |
773 | if [ ${mode} = "ipv6" ]; then | | 773 | if [ ${mode} = "ipv6" ]; then |
774 | newsrc=$ROUTER2_WANIP6_DUMMY | | 774 | newsrc=$ROUTER2_WANIP6_DUMMY |
775 | newdst=$ROUTER1_WANIP6_DUMMY | | 775 | newdst=$ROUTER1_WANIP6_DUMMY |
776 | else | | 776 | else |
777 | newsrc=$ROUTER2_WANIP_DUMMY | | 777 | newsrc=$ROUTER2_WANIP_DUMMY |
778 | newdst=$ROUTER1_WANIP_DUMMY | | 778 | newdst=$ROUTER1_WANIP_DUMMY |
779 | fi | | 779 | fi |
780 | export RUMP_SERVER=$SOCK2 | | 780 | export RUMP_SERVER=$SOCK2 |
781 | rump.ifconfig -v ipsec0 | | 781 | $DEBUG && rump.ifconfig -v ipsec0 |
782 | atf_check -s exit:0 \ | | 782 | atf_check -s exit:0 \ |
783 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} | | 783 | rump.ifconfig ipsec0 tunnel ${newsrc} ${newdst} |
784 | rump.ifconfig -v ipsec0 | | 784 | $DEBUG && rump.ifconfig -v ipsec0 |
785 | | | 785 | |
786 | unset RUMP_SERVER | | 786 | unset RUMP_SERVER |
787 | } | | 787 | } |
788 | | | 788 | |
789 | basic_setup() | | 789 | basic_setup() |
790 | { | | 790 | { |
791 | local inner=$1 | | 791 | local inner=$1 |
792 | local outer=$2 | | 792 | local outer=$2 |
793 | local proto=$3 | | 793 | local proto=$3 |
794 | local algo=$4 | | 794 | local algo=$4 |
795 | | | 795 | |
796 | setup ${inner} ${outer} | | 796 | setup ${inner} ${outer} |
797 | test_setup ${inner} ${outer} | | 797 | test_setup ${inner} ${outer} |
798 | | | 798 | |
799 | # Enable once PR kern/49219 is fixed | | 799 | # Enable once PR kern/49219 is fixed |
800 | #test_ping_failure | | 800 | #test_ping_failure |
801 | | | 801 | |
802 | setup_tunnel ${inner} ${outer} ${proto} ${algo} | | 802 | setup_tunnel ${inner} ${outer} ${proto} ${algo} |
803 | sleep 1 | | 803 | sleep 1 |
804 | test_setup_tunnel ${inner} | | 804 | test_setup_tunnel ${inner} |
805 | } | | 805 | } |
806 | | | 806 | |
807 | basic_test() | | 807 | basic_test() |
808 | { | | 808 | { |
809 | local inner=$1 | | 809 | local inner=$1 |
810 | local outer=$2 # not use | | 810 | local outer=$2 # not use |
811 | | | 811 | |
812 | test_ping_success ${inner} | | 812 | test_ping_success ${inner} |
813 | } | | 813 | } |
814 | | | 814 | |
815 | basic_teardown() | | 815 | basic_teardown() |
816 | { | | 816 | { |
817 | local inner=$1 | | 817 | local inner=$1 |
818 | local outer=$2 # not use | | 818 | local outer=$2 # not use |
819 | | | 819 | |
820 | teardown_tunnel | | 820 | teardown_tunnel |
821 | test_ping_failure ${inner} | | 821 | test_ping_failure ${inner} |
822 | } | | 822 | } |
823 | | | 823 | |
824 | ioctl_setup() | | 824 | ioctl_setup() |
825 | { | | 825 | { |
826 | local inner=$1 | | 826 | local inner=$1 |
827 | local outer=$2 | | 827 | local outer=$2 |
828 | local proto=$3 | | 828 | local proto=$3 |
829 | local algo=$4 | | 829 | local algo=$4 |
830 | | | 830 | |
831 | setup ${inner} ${outer} | | 831 | setup ${inner} ${outer} |
832 | test_setup ${inner} ${outer} | | 832 | test_setup ${inner} ${outer} |
833 | | | 833 | |
834 | # Enable once PR kern/49219 is fixed | | 834 | # Enable once PR kern/49219 is fixed |
835 | #test_ping_failure | | 835 | #test_ping_failure |
836 | | | 836 | |
837 | setup_tunnel ${inner} ${outer} ${proto} ${algo} | | 837 | setup_tunnel ${inner} ${outer} ${proto} ${algo} |
838 | setup_dummy_tunnel ${inner} ${outer} ${proto} ${algo} | | 838 | setup_dummy_tunnel ${inner} ${outer} ${proto} ${algo} |
839 | sleep 1 | | 839 | sleep 1 |
840 | test_setup_tunnel ${inner} | | 840 | test_setup_tunnel ${inner} |
841 | } | | 841 | } |
842 | | | 842 | |
843 | ioctl_test() | | 843 | ioctl_test() |
844 | { | | 844 | { |
845 | local inner=$1 | | 845 | local inner=$1 |
846 | local outer=$2 | | 846 | local outer=$2 |
847 | | | 847 | |
848 | test_ping_success ${inner} | | 848 | test_ping_success ${inner} |
849 | | | 849 | |
850 | test_change_tunnel_duplicate ${outer} | | 850 | test_change_tunnel_duplicate ${outer} |
851 | | | 851 | |
852 | teardown_dummy_tunnel | | 852 | teardown_dummy_tunnel |
853 | test_change_tunnel_success ${outer} | | 853 | test_change_tunnel_success ${outer} |
854 | } | | 854 | } |
855 | | | 855 | |
856 | ioctl_teardown() | | 856 | ioctl_teardown() |
857 | { | | 857 | { |
858 | local inner=$1 | | 858 | local inner=$1 |
859 | local outer=$2 # not use | | 859 | local outer=$2 # not use |
860 | | | 860 | |
861 | teardown_tunnel | | 861 | teardown_tunnel |
862 | test_ping_failure ${inner} | | 862 | test_ping_failure ${inner} |
863 | } | | 863 | } |
864 | | | 864 | |
865 | recursive_setup() | | 865 | recursive_setup() |
866 | { | | 866 | { |
867 | local inner=$1 | | 867 | local inner=$1 |
868 | local outer=$2 | | 868 | local outer=$2 |
869 | local proto=$3 | | 869 | local proto=$3 |
870 | local algo=$4 | | 870 | local algo=$4 |
871 | | | 871 | |
872 | setup ${inner} ${outer} | | 872 | setup ${inner} ${outer} |
873 | test_setup ${inner} ${outer} | | 873 | test_setup ${inner} ${outer} |
874 | | | 874 | |
875 | # Enable once PR kern/49219 is fixed | | 875 | # Enable once PR kern/49219 is fixed |
876 | #test_ping_failure | | 876 | #test_ping_failure |
877 | | | 877 | |
878 | setup_tunnel ${inner} ${outer} ${proto} ${algo} | | 878 | setup_tunnel ${inner} ${outer} ${proto} ${algo} |
879 | setup_recursive_tunnels ${inner} ${proto} ${algo} | | 879 | setup_recursive_tunnels ${inner} ${proto} ${algo} |
880 | sleep 1 | | 880 | sleep 1 |
881 | test_setup_tunnel ${inner} | | 881 | test_setup_tunnel ${inner} |
882 | } | | 882 | } |
883 | | | 883 | |
884 | recursive_test() | | 884 | recursive_test() |
885 | { | | 885 | { |
886 | local inner=$1 | | 886 | local inner=$1 |
887 | local outer=$2 # not use | | 887 | local outer=$2 # not use |
888 | | | 888 | |
889 | test_recursive_check ${inner} | | 889 | test_recursive_check ${inner} |
890 | } | | 890 | } |
891 | | | 891 | |
892 | recursive_teardown() | | 892 | recursive_teardown() |
893 | { | | 893 | { |
894 | local inner=$1 # not use | | 894 | local inner=$1 # not use |
895 | local outer=$2 # not use | | 895 | local outer=$2 # not use |
896 | | | 896 | |
897 | teardown_recursive_tunnels | | 897 | teardown_recursive_tunnels |
898 | teardown_tunnel | | 898 | teardown_tunnel |
899 | } | | 899 | } |
900 | | | 900 | |
901 | add_test() | | 901 | add_test() |
902 | { | | 902 | { |
903 | local category=$1 | | 903 | local category=$1 |
904 | local desc=$2 | | 904 | local desc=$2 |
905 | local inner=$3 | | 905 | local inner=$3 |
906 | local outer=$4 | | 906 | local outer=$4 |
907 | local proto=$5 | | 907 | local proto=$5 |
908 | local algo=$6 | | 908 | local algo=$6 |
909 | local _algo=$(echo $algo | sed 's/-//g') | | 909 | local _algo=$(echo $algo | sed 's/-//g') |
910 | | | 910 | |
911 | name="ipsecif_${category}_${inner}over${outer}_${proto}_${_algo}" | | 911 | name="ipsecif_${category}_${inner}over${outer}_${proto}_${_algo}" |
912 | fulldesc="Does ${inner} over ${outer} if_ipsec ${desc}" | | 912 | fulldesc="Does ${inner} over ${outer} if_ipsec ${desc}" |
913 | | | 913 | |
914 | atf_test_case ${name} cleanup | | 914 | atf_test_case ${name} cleanup |
915 | eval "${name}_head() { | | 915 | eval "${name}_head() { |
916 | atf_set descr \"${fulldesc}\" | | 916 | atf_set descr \"${fulldesc}\" |
917 | atf_set require.progs rump_server setkey | | 917 | atf_set require.progs rump_server setkey |
918 | } | | 918 | } |
919 | ${name}_body() { | | 919 | ${name}_body() { |
920 | ${category}_setup ${inner} ${outer} ${proto} ${algo} | | 920 | ${category}_setup ${inner} ${outer} ${proto} ${algo} |
921 | ${category}_test ${inner} ${outer} | | 921 | ${category}_test ${inner} ${outer} |
922 | ${category}_teardown ${inner} ${outer} | | 922 | ${category}_teardown ${inner} ${outer} |
923 | rump_server_destroy_ifaces | | 923 | rump_server_destroy_ifaces |
924 | } | | 924 | } |
925 | ${name}_cleanup() { | | 925 | ${name}_cleanup() { |
926 | \$DEBUG && dump | | 926 | \$DEBUG && dump |
927 | cleanup | | 927 | cleanup |
928 | }" | | 928 | }" |
929 | atf_add_test_case ${name} | | 929 | atf_add_test_case ${name} |
930 | } | | 930 | } |
931 | | | 931 | |
932 | add_test_allproto() | | 932 | add_test_allproto() |
933 | { | | 933 | { |
934 | local category=$1 | | 934 | local category=$1 |
935 | local desc=$2 | | 935 | local desc=$2 |
936 | | | 936 | |
937 | for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do | | 937 | for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do |
938 | add_test ${category} "${desc}" ipv4 ipv4 esp $algo | | 938 | add_test ${category} "${desc}" ipv4 ipv4 esp $algo |
939 | add_test ${category} "${desc}" ipv4 ipv6 esp $algo | | 939 | add_test ${category} "${desc}" ipv4 ipv6 esp $algo |
940 | add_test ${category} "${desc}" ipv6 ipv4 esp $algo | | 940 | add_test ${category} "${desc}" ipv6 ipv4 esp $algo |
941 | add_test ${category} "${desc}" ipv6 ipv6 esp $algo | | 941 | add_test ${category} "${desc}" ipv6 ipv6 esp $algo |
942 | done | | 942 | done |
943 | | | 943 | |
944 | # ah does not support yet | | 944 | # ah does not support yet |
945 | } | | 945 | } |
946 | | | 946 | |
947 | atf_init_test_cases() | | 947 | atf_init_test_cases() |
948 | { | | 948 | { |
949 | | | 949 | |
950 | atf_add_test_case ipsecif_create_destroy | | 950 | atf_add_test_case ipsecif_create_destroy |
951 | | | 951 | |
952 | add_test_allproto basic "basic tests" | | 952 | add_test_allproto basic "basic tests" |
953 | add_test_allproto ioctl "ioctl tests" | | 953 | add_test_allproto ioctl "ioctl tests" |
954 | add_test_allproto recursive "recursive check tests" | | 954 | add_test_allproto recursive "recursive check tests" |
955 | } | | 955 | } |