tests/sys/netipsec/tunnel/utils.subr

   1 # $FreeBSD$
   2 # Utility functions (mainly from pf tests, should be merged one day)
   3 ##
   4
   5 : ${TMPDIR=/tmp}
   6
   7 . $(atf_get_srcdir)/../../common/vnet.subr
   8
   9 ist_init()
  10 {
  11         if ! sysctl -q kern.features.ipsec >/dev/null ; then
  12                 atf_skip "This test requires ipsec"
  13         fi
  14
  15         vnet_init
  16 }
  17
  18 ist_labsetup ()
  19 {
  20         epair_LAN_A=$(vnet_mkepair)
  21         ifconfig ${epair_LAN_A}a up
  22         epair_PUB_A=$(vnet_mkepair)
  23         ifconfig ${epair_PUB_A}a up
  24         epair_LAN_B=$(vnet_mkepair)
  25         ifconfig ${epair_LAN_B}a up
  26         epair_PUB_B=$(vnet_mkepair)
  27         ifconfig ${epair_PUB_B}a up
  28
  29         vnet_mkjail hostA ${epair_LAN_A}a
  30         vnet_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a
  31         vnet_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b
  32         vnet_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a
  33         vnet_mkjail hostB ${epair_LAN_B}a
  34 }
  35
  36 ist_v4_setup ()
  37 {
  38         jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up
  39         jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up
  40         jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up
  41         jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up
  42         jexec router ifconfig ${epair_PUB_B}b 198.51.100.5/30 up
  43         jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.6/30 up
  44         jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up
  45         jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up
  46         jexec ipsecA sysctl net.inet.ip.forwarding=1
  47         jexec router sysctl net.inet.ip.forwarding=1
  48         jexec ipsecB sysctl net.inet.ip.forwarding=1
  49         jexec hostA route add default 192.0.2.2
  50         jexec ipsecA route add default 198.51.100.1
  51         jexec ipsecB route add default 198.51.100.5
  52         jexec hostB route add default 203.0.113.2
  53 }
  54
  55 ist_v6_setup ()
  56 {
  57         jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad
  58         jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad
  59         jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad
  60         jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad
  61         jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad
  62         jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad
  63         jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad
  64         jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad
  65         jexec ipsecA sysctl net.inet6.ip6.forwarding=1
  66         jexec router sysctl net.inet6.ip6.forwarding=1
  67         jexec ipsecB sysctl net.inet6.ip6.forwarding=1
  68         jexec hostA route -6 add default 2001:db8:1::2
  69         jexec ipsecA route -6 add default 2001:db8:23::3
  70         jexec ipsecB route -6 add default 2001:db8:34::3
  71         jexec hostB route -6 add default 2001:db8:45::2
  72 }
  73
  74 ist_setkey()
  75 {
  76         jname=$1
  77         dir=$2
  78         afnet=$3
  79         enc_algo=$4
  80         enc_key=$5
  81         auth_algo=$6
  82         auth_key=$7
  83
  84         # Load
  85         (
  86                 printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} "
  87                 printf "${enc_key} ${auth_algo} ${auth_key}\n"
  88                 printf "flush;\n"
  89                 printf "spdflush;\n"
  90                 if [ ${afnet} -eq 4 ]; then
  91                         SRC_LAN="192.0.2.0/24"
  92                         DST_LAN="203.0.113.0/24"
  93                         SRC_GW="198.51.100.2"
  94                         DST_GW="198.51.100.6"
  95                 else
  96                         SRC_LAN="2001:db8:1::/64"
  97                         DST_LAN="2001:db8:45::/64"
  98                         SRC_GW="2001:db8:23::2"
  99                         DST_GW="2001:db8:34::2"
 100                 fi
 101                 printf "spdadd ${SRC_LAN} ${DST_LAN} any -P "
 102                 [ ${dir} = "out" ] && printf "out" || printf "in"
 103                 printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
 104                 printf "spdadd ${DST_LAN} ${SRC_LAN} any -P "
 105                 [ ${dir} = "out" ] && printf "in" || printf "out"
 106                 printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
 107                 printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\""
 108                 [ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
 109                 printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\""
 110                 [ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
 111         ) > ${TMPDIR}/ipsec.${jname}.conf
 112 }
 113
 114 ist_test()
 115 {
 116         ist_init
 117         ist_labsetup
 118         [ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup
 119         ist_setkey ipsecA out $@
 120         atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
 121         ist_setkey ipsecB in $@
 122         atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
 123         # Check ipsec tunnel
 124         if [ $1 -eq 4 ]; then
 125                 atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1
 126         else
 127                 atf_check -s exit:0 -o ignore jexec hostA ping6 -c 1 2001:db8:45::1
 128         fi
 129 }
 130 ist_cleanup()
 131 {
 132         vnet_cleanup
 133 }