2 # Utility functions (mainly from pf tests, should be merged one day)
7 . $(atf_get_srcdir)/../../common/vnet.subr
11 if ! sysctl -q kern.features.ipsec >/dev/null ; then
12 atf_skip "This test requires ipsec"
20 epair_LAN_A=$(vnet_mkepair)
21 ifconfig ${epair_LAN_A}a up
22 epair_PUB_A=$(vnet_mkepair)
23 ifconfig ${epair_PUB_A}a up
24 epair_LAN_B=$(vnet_mkepair)
25 ifconfig ${epair_LAN_B}a up
26 epair_PUB_B=$(vnet_mkepair)
27 ifconfig ${epair_PUB_B}a up
29 vnet_mkjail hostA ${epair_LAN_A}a
30 vnet_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a
31 vnet_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b
32 vnet_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a
33 vnet_mkjail hostB ${epair_LAN_B}a
38 jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up
39 jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up
40 jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up
41 jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up
42 jexec router ifconfig ${epair_PUB_B}b 198.51.100.5/30 up
43 jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.6/30 up
44 jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up
45 jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up
46 jexec ipsecA sysctl net.inet.ip.forwarding=1
47 jexec router sysctl net.inet.ip.forwarding=1
48 jexec ipsecB sysctl net.inet.ip.forwarding=1
49 jexec hostA route add default 192.0.2.2
50 jexec ipsecA route add default 198.51.100.1
51 jexec ipsecB route add default 198.51.100.5
52 jexec hostB route add default 203.0.113.2
57 jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad
58 jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad
59 jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad
60 jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad
61 jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad
62 jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad
63 jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad
64 jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad
65 jexec ipsecA sysctl net.inet6.ip6.forwarding=1
66 jexec router sysctl net.inet6.ip6.forwarding=1
67 jexec ipsecB sysctl net.inet6.ip6.forwarding=1
68 jexec hostA route -6 add default 2001:db8:1::2
69 jexec ipsecA route -6 add default 2001:db8:23::3
70 jexec ipsecB route -6 add default 2001:db8:34::3
71 jexec hostB route -6 add default 2001:db8:45::2
86 printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} "
87 printf "${enc_key} ${auth_algo} ${auth_key}\n"
90 if [ ${afnet} -eq 4 ]; then
91 SRC_LAN="192.0.2.0/24"
92 DST_LAN="203.0.113.0/24"
96 SRC_LAN="2001:db8:1::/64"
97 DST_LAN="2001:db8:45::/64"
98 SRC_GW="2001:db8:23::2"
99 DST_GW="2001:db8:34::2"
101 printf "spdadd ${SRC_LAN} ${DST_LAN} any -P "
102 [ ${dir} = "out" ] && printf "out" || printf "in"
103 printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
104 printf "spdadd ${DST_LAN} ${SRC_LAN} any -P "
105 [ ${dir} = "out" ] && printf "in" || printf "out"
106 printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
107 printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\""
108 [ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
109 printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\""
110 [ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
111 ) > ${TMPDIR}/ipsec.${jname}.conf
118 [ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup
119 ist_setkey ipsecA out $@
120 atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
121 ist_setkey ipsecB in $@
122 atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
124 if [ $1 -eq 4 ]; then
125 atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1
127 atf_check -s exit:0 -o ignore jexec hostA ping6 -c 1 2001:db8:45::1