Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 3 Dec 2017 13:52:35 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r326497 - in head: etc/mtree tests/sys tests/sys/netipsec tests/sys/netipsec/tunnel
Message-ID:  <201712031352.vB3DqZF3084841@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kp
Date: Sun Dec  3 13:52:35 2017
New Revision: 326497
URL: https://svnweb.freebsd.org/changeset/base/326497

Log:
  Add IPSec tests in tunnel mode
  
  Some IPSec in tunnel mode allowing to test multiple IPSec
  configurations.  These tests are reusing the jail/vnet scripts from pf
  tests for generating complex network.
  
  Submitted by:	olivier@
  Differential Revision:	https://reviews.freebsd.org/D13017

Added:
  head/tests/sys/netipsec/
  head/tests/sys/netipsec/Makefile   (contents, props changed)
  head/tests/sys/netipsec/tunnel/
  head/tests/sys/netipsec/tunnel/Makefile   (contents, props changed)
  head/tests/sys/netipsec/tunnel/aes_cbc_128_hmac_sha1.sh   (contents, props changed)
  head/tests/sys/netipsec/tunnel/aes_cbc_256_hmac_sha2_256.sh   (contents, props changed)
  head/tests/sys/netipsec/tunnel/aes_gcm_128.sh   (contents, props changed)
  head/tests/sys/netipsec/tunnel/aes_gcm_256.sh   (contents, props changed)
  head/tests/sys/netipsec/tunnel/aesni_aes_cbc_128_hmac_sha1.sh   (contents, props changed)
  head/tests/sys/netipsec/tunnel/aesni_aes_cbc_256_hmac_sha2_256.sh   (contents, props changed)
  head/tests/sys/netipsec/tunnel/aesni_aes_gcm_128.sh   (contents, props changed)
  head/tests/sys/netipsec/tunnel/aesni_aes_gcm_256.sh   (contents, props changed)
  head/tests/sys/netipsec/tunnel/empty.sh   (contents, props changed)
  head/tests/sys/netipsec/tunnel/utils.subr   (contents, props changed)
Modified:
  head/etc/mtree/BSD.tests.dist
  head/tests/sys/Makefile

Modified: head/etc/mtree/BSD.tests.dist
==============================================================================
--- head/etc/mtree/BSD.tests.dist	Sun Dec  3 12:14:34 2017	(r326496)
+++ head/etc/mtree/BSD.tests.dist	Sun Dec  3 13:52:35 2017	(r326497)
@@ -478,6 +478,10 @@
         ..
         netinet
         ..
+        netipsec
+            tunnel
+            ..
+        ..
         netpfil
             pf
             ..

Modified: head/tests/sys/Makefile
==============================================================================
--- head/tests/sys/Makefile	Sun Dec  3 12:14:34 2017	(r326496)
+++ head/tests/sys/Makefile	Sun Dec  3 13:52:35 2017	(r326497)
@@ -13,6 +13,7 @@ TESTS_SUBDIRS+=		kqueue
 TESTS_SUBDIRS+=		mac
 TESTS_SUBDIRS+=		mqueue
 TESTS_SUBDIRS+=		netinet
+TESTS_SUBDIRS+=		netipsec
 TESTS_SUBDIRS+=		netpfil
 TESTS_SUBDIRS+=		opencrypto
 TESTS_SUBDIRS+=		posixshm

Added: head/tests/sys/netipsec/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/Makefile	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+TESTSDIR=		${TESTSBASE}/sys/netipsec
+
+TESTS_SUBDIRS+=		tunnel
+
+.include <bsd.test.mk>

Added: head/tests/sys/netipsec/tunnel/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/Makefile	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,19 @@
+# $FreeBSD$
+
+PACKAGE=	tests
+
+TESTSDIR=       ${TESTSBASE}/sys/netipsec/tunnel
+
+ATF_TESTS_SH+=	empty \
+		aes_cbc_128_hmac_sha1 \
+		aes_cbc_256_hmac_sha2_256 \
+		aes_gcm_128 \
+		aes_gcm_256 \
+		aesni_aes_cbc_128_hmac_sha1 \
+		aesni_aes_cbc_256_hmac_sha2_256 \
+		aesni_aes_gcm_128 \
+		aesni_aes_gcm_256
+
+${PACKAGE}FILES+=	utils.subr
+
+.include <bsd.test.mk>

Added: head/tests/sys/netipsec/tunnel/aes_cbc_128_hmac_sha1.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/aes_cbc_128_hmac_sha1.sh	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,47 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v4" "cleanup"
+v4_head()
+{
+	atf_set descr 'IPSec inet4 tunnel using aes-cbc-128-hmac-sha1'
+	atf_set require.user root
+	# Unload AESNI module if loaded
+	kldstat -q -n aesni && kldunload aesni
+}
+
+v4_body()
+{
+	ist_test 4 rijndael-cbc "1234567890123456" hmac-sha1 "12345678901234567890"
+}
+
+v4_cleanup()
+{
+	ist_cleanup
+}
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPSec inet6 tunnel using aes-cbc-128-hmac-sha1'
+	atf_set require.user root
+	# Unload AESNI module if loaded
+	kldstat -q -n aesni && kldunload aesni
+}
+
+v6_body()
+{
+	ist_test 6 rijndael-cbc "1234567890123456" hmac-sha1 "12345678901234567890"
+}
+
+v6_cleanup()
+{
+	ist_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v4"
+	atf_add_test_case "v6"
+}

Added: head/tests/sys/netipsec/tunnel/aes_cbc_256_hmac_sha2_256.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/aes_cbc_256_hmac_sha2_256.sh	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,47 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v4" "cleanup"
+v4_head()
+{
+	atf_set descr 'IPSec inet4 tunnel using aes-cbc-256-hmac-sha2-256'
+	atf_set require.user root
+	# load AESNI module if not already
+	kldstat -q -n aesni || kldload aesni
+}
+
+v4_body()
+{
+	ist_test 4 rijndael-cbc "12345678901234567890123456789012" hmac-sha2-256 "12345678901234567890123456789012"
+}
+
+v4_cleanup()
+{
+	ist_cleanup
+}
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPSec inet6 tunnel using aes-cbc-256-hmac-sha2-256'
+	atf_set require.user root
+	# load AESNI module if not already
+	kldstat -q -n aesni || kldload aesni
+}
+
+v6_body()
+{
+	ist_test 6 rijndael-cbc "12345678901234567890123456789012" hmac-sha2-256 "12345678901234567890123456789012"
+}
+
+v6_cleanup()
+{
+	ist_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v4"
+	atf_add_test_case "v6"
+}

Added: head/tests/sys/netipsec/tunnel/aes_gcm_128.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/aes_gcm_128.sh	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,47 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v4" "cleanup"
+v4_head()
+{
+	atf_set descr 'IPSec inet4 tunnel using aes-gcm-128'
+	atf_set require.user root
+	# Unload AESNI module if loaded
+	kldstat -q -n aesni && kldunload aesni
+}
+
+v4_body()
+{
+	ist_test 4 aes-gcm-16 "12345678901234567890"
+}
+
+v4_cleanup()
+{
+	ist_cleanup
+}
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPSec inet6 tunnel using aes-gcm-128'
+	atf_set require.user root
+	# Unload AESNI module if loaded
+	kldstat -q -n aesni && kldunload aesni
+}
+
+v6_body()
+{
+	ist_test 6 aes-gcm-16 "12345678901234567890"
+}
+
+v6_cleanup()
+{
+	ist_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v4"
+	atf_add_test_case "v6"
+}

Added: head/tests/sys/netipsec/tunnel/aes_gcm_256.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/aes_gcm_256.sh	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,47 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v4" "cleanup"
+v4_head()
+{
+	atf_set descr 'IPSec inet4 tunnel using aes-gcm-256'
+	atf_set require.user root
+	# Unload AESNI module if loaded
+	kldstat -q -n aesni && kldunload aesni
+}
+
+v4_body()
+{
+	ist_test 4 aes-gcm-16 "123456789012345678901234567890123456"
+}
+
+v4_cleanup()
+{
+	ist_cleanup
+}
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPSec inet6 tunnel using aes-gcm-256'
+	atf_set require.user root
+	# Unload AESNI module if loaded
+	kldstat -q -n aesni && kldunload aesni
+}
+
+v6_body()
+{
+	ist_test 6 aes-gcm-16 "123456789012345678901234567890123456"
+}
+
+v6_cleanup()
+{
+	ist_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v4"
+	atf_add_test_case "v6"
+}

Added: head/tests/sys/netipsec/tunnel/aesni_aes_cbc_128_hmac_sha1.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/aesni_aes_cbc_128_hmac_sha1.sh	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,47 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v4" "cleanup"
+v4_head()
+{
+	atf_set descr 'IPSec inet4 tunnel using aes-cbc-128-hmac-sha1 and AESNI'
+	atf_set require.user root
+	# load AESNI module if not already
+	kldstat -q -n aesni || kldload aesni
+}
+
+v4_body()
+{
+	ist_test 4 rijndael-cbc "1234567890123456" hmac-sha1 "12345678901234567890"
+}
+
+v4_cleanup()
+{
+	ist_cleanup
+}
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPSec inet6 tunnel using aes-cbc-128-hmac-sha1 and AESNI'
+	atf_set require.user root
+	# load AESNI module if not already
+	kldstat -q -n aesni || kldload aesni
+}
+
+v6_body()
+{
+	ist_test 6 rijndael-cbc "1234567890123456" hmac-sha1 "12345678901234567890"
+}
+
+v6_cleanup()
+{
+	ist_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v4"
+	atf_add_test_case "v6"
+}

Added: head/tests/sys/netipsec/tunnel/aesni_aes_cbc_256_hmac_sha2_256.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/aesni_aes_cbc_256_hmac_sha2_256.sh	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,47 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v4" "cleanup"
+v4_head()
+{
+	atf_set descr 'IPSec inet4 tunnel using aes-cbc-256-hmac-sha2-256 and AESNI'
+	atf_set require.user root
+	# Unload AESNI module if loaded
+	kldstat -q -n aesni && kldunload aesni
+}
+
+v4_body()
+{
+	ist_test 4 rijndael-cbc "12345678901234567890123456789012" hmac-sha2-256 "12345678901234567890123456789012"
+}
+
+v4_cleanup()
+{
+	ist_cleanup
+}
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPSec inet6 tunnel using aes-cbc-256-hmac-sha2-256 and AESNI'
+	atf_set require.user root
+	# Unload AESNI module if loaded
+	kldstat -q -n aesni && kldunload aesni
+}
+
+v6_body()
+{
+	ist_test 6 rijndael-cbc "12345678901234567890123456789012" hmac-sha2-256 "12345678901234567890123456789012"
+}
+
+v6_cleanup()
+{
+	ist_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v4"
+	atf_add_test_case "v6"
+}

Added: head/tests/sys/netipsec/tunnel/aesni_aes_gcm_128.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/aesni_aes_gcm_128.sh	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,48 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v4" "cleanup"
+v4_head()
+{
+	atf_set descr 'IPSec inet4 tunnel using aes-gcm-128 and AESNI'
+	atf_set require.user root
+	# load AESNI module if not already
+	kldstat -q -n aesni || kldload aesni
+}
+
+v4_body()
+{
+	ist_test 4 aes-gcm-16 "12345678901234567890"
+}
+
+v4_cleanup()
+{
+	ist_cleanup
+}
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPSec inet6 tunnel using aes-gcm-128 and AESNI'
+	atf_set require.user root
+	# load AESNI module if not already
+	kldstat -q -n aesni || kldload aesni
+}
+
+v6_body()
+{
+	atf_expect_fail "PR 201447"
+	ist_test 6 aes-gcm-16 "12345678901234567890"
+}
+
+v6_cleanup()
+{
+	ist_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v4"
+	atf_add_test_case "v6"
+}

Added: head/tests/sys/netipsec/tunnel/aesni_aes_gcm_256.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/aesni_aes_gcm_256.sh	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,48 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v4" "cleanup"
+v4_head()
+{
+	atf_set descr 'IPSec inet4 tunnel using aes-gcm-256 and AESNI'
+	atf_set require.user root
+	# load AESNI module if not already
+	kldstat -q -n aesni || kldload aesni
+}
+
+v4_body()
+{
+	ist_test 4 aes-gcm-16 "123456789012345678901234567890123456"
+}
+
+v4_cleanup()
+{
+	ist_cleanup
+}
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPSec inet6 tunnel using aes-gcm-256 and AESNI'
+	atf_set require.user root
+	# load AESNI module if not already
+	kldstat -q -n aesni || kldload aesni
+}
+
+v6_body()
+{
+	atf_expect_fail "PR 201447"
+	ist_test 6 aes-gcm-16 "123456789012345678901234567890123456"
+}
+
+v6_cleanup()
+{
+	ist_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v4"
+	atf_add_test_case "v6"
+}

Added: head/tests/sys/netipsec/tunnel/empty.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/empty.sh	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,44 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v4" "cleanup"
+v4_head()
+{
+	atf_set descr 'IPSec inet4 tunnel using NULL encryption'
+	atf_set require.user root
+}
+
+v4_body()
+{
+	# Can't use filename "null" for this script: PR 223564
+	ist_test 4 null ""
+}
+
+v4_cleanup()
+{
+	ist_cleanup
+}
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPSec inet6 tunnel using NULL encryption'
+	atf_set require.user root
+}
+
+v6_body()
+{
+	ist_test 6 null ""
+}
+
+v6_cleanup()
+{
+	ist_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v4"
+	atf_add_test_case "v6"
+}

Added: head/tests/sys/netipsec/tunnel/utils.subr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netipsec/tunnel/utils.subr	Sun Dec  3 13:52:35 2017	(r326497)
@@ -0,0 +1,166 @@
+# $FreeBSD$
+# Utility functions (mainly from pf tests, should be merged one day)
+##
+
+: ${TMPDIR=/tmp}
+
+ist_init()
+{
+	if [ "$(sysctl -i -n kern.features.vimage)" != 1 ]; then
+		atf_skip "This test requires VIMAGE"
+	fi
+}
+
+pft_mkepair()
+{
+	ifname=$(ifconfig epair create)
+	echo $ifname >> created_interfaces.lst
+	echo ${ifname%a}
+}
+
+pft_mkjail()
+{
+	jailname=$1
+	shift
+
+	vnet_interfaces=
+	for ifname in $@
+	do
+		vnet_interfaces="${vnet_interfaces} vnet.interface=${ifname}"
+	done
+	jail -c name=${jailname} persist vnet ${vnet_interfaces}
+
+	echo $jailname >> created_jails.lst
+}
+
+ist_labsetup ()
+{
+	epair_LAN_A=$(pft_mkepair)
+	ifconfig ${epair_LAN_A}a up
+	epair_PUB_A=$(pft_mkepair)
+	ifconfig ${epair_PUB_A}a up
+	epair_LAN_B=$(pft_mkepair)
+	ifconfig ${epair_LAN_B}a up
+	epair_PUB_B=$(pft_mkepair)
+	ifconfig ${epair_PUB_B}a up
+
+	pft_mkjail hostA ${epair_LAN_A}a
+	pft_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a
+	pft_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b
+	pft_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a
+	pft_mkjail hostB ${epair_LAN_B}a
+}
+
+ist_v4_setup ()
+{
+	jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up
+	jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up
+	jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up
+	jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up
+	jexec router ifconfig ${epair_PUB_B}b 198.51.100.6/30 up
+	jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.7/30 up
+	jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up
+	jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up
+	jexec ipsecA sysctl net.inet.ip.forwarding=1
+	jexec router sysctl net.inet.ip.forwarding=1
+	jexec ipsecB sysctl net.inet.ip.forwarding=1
+	jexec hostA route add default 192.0.2.2
+	jexec ipsecA route add default 198.51.100.1
+	jexec ipsecB route add default 198.51.100.6
+	jexec hostB route add default 203.0.113.2
+}
+
+ist_v6_setup ()
+{
+	jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad
+	jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad
+	jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad
+	jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad
+	jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad
+	jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad
+	jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad
+	jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad
+	jexec ipsecA sysctl net.inet6.ip6.forwarding=1
+	jexec router sysctl net.inet6.ip6.forwarding=1
+	jexec ipsecB sysctl net.inet6.ip6.forwarding=1
+	jexec hostA route -6 add default 2001:db8:1::2
+	jexec ipsecA route -6 add default 2001:db8:23::3
+	jexec ipsecB route -6 add default 2001:db8:34::3
+	jexec hostB route -6 add default 2001:db8:45::2
+}
+
+ist_setkey()
+{
+	jname=$1
+	dir=$2
+	afnet=$3
+	enc_algo=$4
+	enc_key=$5
+	auth_algo=$6
+	auth_key=$7
+
+	# Load
+	(
+		printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} "
+		printf "${enc_key} ${auth_algo} ${auth_key}\n"
+		printf "flush;\n"
+		printf "spdflush;\n"
+		if [ ${afnet} -eq 4 ]; then
+			SRC_LAN="192.0.2.0/24"
+			DST_LAN="203.0.113.0/24"
+			SRC_GW="198.51.100.2"
+			DST_GW="198.51.100.7"
+		else
+			SRC_LAN="2001:db8:1::/64"
+			DST_LAN="2001:db8:45::/64"
+			SRC_GW="2001:db8:23::2"
+			DST_GW="2001:db8:34::2"
+		fi
+		printf "spdadd ${SRC_LAN} ${DST_LAN} any -P "
+		[ ${dir} = "out" ] && printf "out" || printf "in"
+		printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
+		printf "spdadd ${DST_LAN} ${SRC_LAN} any -P "
+		[ ${dir} = "out" ] && printf "in" || printf "out"
+		printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
+		printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\""
+		[ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
+		printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\""
+		[ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
+	) > ${TMPDIR}/ipsec.${jname}.conf
+}
+
+ist_test()
+{
+	ist_init
+	ist_labsetup
+	[ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup
+	ist_setkey ipsecA out $@
+	atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
+	ist_setkey ipsecB in $@
+	atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
+	# Check ipsec tunnel
+	if [ $1 -eq 4 ]; then
+		atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1
+	else
+		atf_check -s exit:0 -o ignore jexec hostA ping6 -c 1 2001:db8:45::1
+	fi
+}
+ist_cleanup()
+{
+	if [ -f created_jails.lst ]; then
+		for jailname in $(cat created_jails.lst)
+		do
+			jail -r ${jailname}
+			rm -f ${TMPDIR}/ipsec.${jailname}.conf
+		done
+		rm created_jails.lst
+	fi
+
+	if [ -f created_interfaces.lst ]; then
+		for ifname in $(cat created_interfaces.lst)
+		do
+			ifconfig ${ifname} destroy
+		done
+		rm created_interfaces.lst
+	fi
+}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712031352.vB3DqZF3084841>