diff options
author | pjd <pjd@FreeBSD.org> | 2006-06-04 22:06:17 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2006-06-04 22:06:17 +0000 |
commit | 6cad615115477702d652c5f2f0a69e7fa6be9973 (patch) | |
tree | ccd821486e915782a1ff888f417df48dc6dd2ee9 /tools | |
parent | 00649b114383cedc1e28dfa1cdd9b4c5f4b2a496 (diff) | |
download | FreeBSD-src-6cad615115477702d652c5f2f0a69e7fa6be9973.zip FreeBSD-src-6cad615115477702d652c5f2f0a69e7fa6be9973.tar.gz |
Add regression tests for IPsec.
Diffstat (limited to 'tools')
-rw-r--r-- | tools/regression/ipsec/ipsec.t | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/tools/regression/ipsec/ipsec.t b/tools/regression/ipsec/ipsec.t new file mode 100644 index 0000000..fd33bfc --- /dev/null +++ b/tools/regression/ipsec/ipsec.t @@ -0,0 +1,89 @@ +#!/bin/sh +# $FreeBSD$ + +ipbase="127.255" +netif="lo0" +spi="10000" + +echo "1..306" + +#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 + +ifconfig $netif alias ${ipbase}.0.1/24 +ifconfig $netif alias ${ipbase}.1.1/24 + +i=1 + +for ecipher in \ + des-cbc:12345678 \ + 3des-cbc:012345678901234567890123 \ + blowfish-cbc:0123456789012345 \ + blowfish-cbc:01234567890123456789 \ + blowfish-cbc:012345678901234567890123 \ + blowfish-cbc:0123456789012345678901234567 \ + blowfish-cbc:01234567890123456789012345678901 \ + blowfish-cbc:012345678901234567890123456789012345 \ + blowfish-cbc:0123456789012345678901234567890123456789 \ + blowfish-cbc:01234567890123456789012345678901234567890123 \ + blowfish-cbc:012345678901234567890123456789012345678901234567 \ + blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ + blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ + cast128-cbc:0123456789012345 \ + rijndael-cbc:0123456789012345 \ + rijndael-cbc:012345678901234567890123 \ + rijndael-cbc:01234567890123456789012345678901; do + + ealgo=${ecipher%%:*} + ekey=${ecipher##*:} + + for acipher in \ + hmac-md5:0123456789012345 \ + hmac-sha1:01234567890123456789 \ + hmac-ripemd160:01234567890123456789 \ + hmac-sha2-256:01234567890123456789012345678901 \ + hmac-sha2-384:012345678901234567890123456789012345678901234567 \ + hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do + + aalgo=${acipher%%:*} + akey=${acipher##*:} + + setkey -F + setkey -FP + + (echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" + echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" + + echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;" + echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in ipsec esp/transport//require;" + echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in ipsec esp/transport//require;" + echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;" + ) | setkey -c >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" + else + echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" + fi + i=$((i+1)) + + ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null + if [ $? -eq 0 ]; then + echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" + else + echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" + fi + i=$((i+1)) + ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null + if [ $? -eq 0 ]; then + echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" + else + echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" + fi + i=$((i+1)) + done +done + +setkey -F +setkey -FP + +ifconfig $netif -alias ${ipbase}.0.1 +ifconfig $netif -alias ${ipbase}.1.1 |