diff options
| author | gnn <gnn@FreeBSD.org> | 2007-03-21 09:39:51 +0000 |
|---|---|---|
| committer | gnn <gnn@FreeBSD.org> | 2007-03-21 09:39:51 +0000 |
| commit | faa65f7689d53ced70608507e390d3244168c566 (patch) | |
| tree | 5252c2de4d8bbd7b6ffc3b5cf55906cc272b9ee5 /tools | |
| parent | 8c807af8fac8c95584d7fd1624134b9358fec568 (diff) | |
| download | FreeBSD-src-faa65f7689d53ced70608507e390d3244168c566.zip FreeBSD-src-faa65f7689d53ced70608507e390d3244168c566.tar.gz | |
Add a test for IPv6 and IPsec which is similar to the one for IPv4.
Add comments to the test for IPv4 with IPsec.
MFC after: 1 week
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/regression/ipsec/ipsec.t | 9 | ||||
| -rw-r--r-- | tools/regression/ipsec/ipsec6.t | 99 |
2 files changed, 108 insertions, 0 deletions
diff --git a/tools/regression/ipsec/ipsec.t b/tools/regression/ipsec/ipsec.t index fd33bfc..ca3a8c2 100644 --- a/tools/regression/ipsec/ipsec.t +++ b/tools/regression/ipsec/ipsec.t @@ -1,5 +1,14 @@ #!/bin/sh # $FreeBSD$ +# +# IPsec regression test. +# +# This test sets up tunnels on the localhost (lo0) interface +# with various ciphers by using the setkey(8) command and then +# attempts to ping each end of the tunnel. +# The test says which pings worked and which failed. +# +# Expected Output: No failures ipbase="127.255" netif="lo0" diff --git a/tools/regression/ipsec/ipsec6.t b/tools/regression/ipsec/ipsec6.t new file mode 100644 index 0000000..26f2106 --- /dev/null +++ b/tools/regression/ipsec/ipsec6.t @@ -0,0 +1,99 @@ +#!/bin/sh +# $FreeBSD$ +# +# IPv6 IPsec test based on ipsec.t, in this same directory, which tests +# IPsec by setting up a set of tunnels and then sending ICMPv6 packets, +# aka those generated with ping6(8), across the tunnel. +# +# This test should ONLY be used as a smoke test to verify that nothing +# drastic has been broken, it is insufficient for true protocol conformance +# testing. +# +# Expected Output: No failures. + +ipbase="1" +netif="lo0" +spi="10000" + +echo "1..306" + +#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 + +ifconfig $netif inet6 alias ${ipbase}::1/128 +ifconfig $netif inet6 alias ${ipbase}::2/128 + +i=1 + +for ecipher in \ + des-cbc:12345678 \ + 3des-cbc:012345678901234567890123 \ + blowfish-cbc:0123456789012345 \ + blowfish-cbc:01234567890123456789 \ + blowfish-cbc:012345678901234567890123 \ + blowfish-cbc:0123456789012345678901234567 \ + blowfish-cbc:01234567890123456789012345678901 \ + blowfish-cbc:012345678901234567890123456789012345 \ + blowfish-cbc:0123456789012345678901234567890123456789 \ + blowfish-cbc:01234567890123456789012345678901234567890123 \ + blowfish-cbc:012345678901234567890123456789012345678901234567 \ + blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ + blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ + cast128-cbc:0123456789012345 \ + rijndael-cbc:0123456789012345 \ + rijndael-cbc:012345678901234567890123 \ + rijndael-cbc:01234567890123456789012345678901; do + + ealgo=${ecipher%%:*} + ekey=${ecipher##*:} + + for acipher in \ + hmac-md5:0123456789012345 \ + hmac-sha1:01234567890123456789 \ + hmac-ripemd160:01234567890123456789 \ + hmac-sha2-256:01234567890123456789012345678901 \ + hmac-sha2-384:012345678901234567890123456789012345678901234567 \ + hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do + + aalgo=${acipher%%:*} + akey=${acipher##*:} + + setkey -F + setkey -FP + + (echo "add -6 ${ipbase}::1 ${ipbase}::2 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" + echo "add -6 ${ipbase}::2 ${ipbase}::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" + + echo "spdadd -6 ${ipbase}::1 ${ipbase}::2 any -P out ipsec esp/transport//require;" + echo "spdadd -6 ${ipbase}::2 ${ipbase}::1 any -P in ipsec esp/transport//require;" + echo "spdadd -6 ${ipbase}::1 ${ipbase}::2 any -P in ipsec esp/transport//require;" + echo "spdadd -6 ${ipbase}::2 ${ipbase}::1 any -P out ipsec esp/transport//require;" + ) | setkey -c >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" + else + echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" + fi + i=$((i+1)) + + ping6 -c 1 -i 1 -S ${ipbase}::1 ${ipbase}::2 >/dev/null + if [ $? -eq 0 ]; then + echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" + else + echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" + fi + i=$((i+1)) + ping6 -c 1 -i 1 -S ${ipbase}::2 ${ipbase}::1 >/dev/null + if [ $? -eq 0 ]; then + echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" + else + echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" + fi + i=$((i+1)) + done +done + +setkey -F +setkey -FP + +ifconfig $netif inet6 ${ipbase}::1 delete +ifconfig $netif inet6 ${ipbase}::2 delete |
