xref: /freebsd/tests/sys/netipsec/tunnel/utils.subr (revision d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf) 
14fbebc74SKristof Provost# Utility functions (mainly from pf tests, should be merged one day)
24fbebc74SKristof Provost##
34fbebc74SKristof Provost
44fbebc74SKristof Provost: ${TMPDIR=/tmp}
54fbebc74SKristof Provost
606aac31aSKristof Provost. $(atf_get_srcdir)/../../common/vnet.subr
706aac31aSKristof Provost
84fbebc74SKristof Provostist_init()
94fbebc74SKristof Provost{
10b685454aSKristof Provost	if ! sysctl -q kern.features.ipsec >/dev/null ; then
11b685454aSKristof Provost		atf_skip "This test requires ipsec"
12b685454aSKristof Provost	fi
13b685454aSKristof Provost
1406aac31aSKristof Provost	vnet_init
154fbebc74SKristof Provost}
164fbebc74SKristof Provost
174fbebc74SKristof Provostist_labsetup ()
184fbebc74SKristof Provost{
1906aac31aSKristof Provost	epair_LAN_A=$(vnet_mkepair)
204fbebc74SKristof Provost	ifconfig ${epair_LAN_A}a up
2106aac31aSKristof Provost	epair_PUB_A=$(vnet_mkepair)
224fbebc74SKristof Provost	ifconfig ${epair_PUB_A}a up
2306aac31aSKristof Provost	epair_LAN_B=$(vnet_mkepair)
244fbebc74SKristof Provost	ifconfig ${epair_LAN_B}a up
2506aac31aSKristof Provost	epair_PUB_B=$(vnet_mkepair)
264fbebc74SKristof Provost	ifconfig ${epair_PUB_B}a up
274fbebc74SKristof Provost
2806aac31aSKristof Provost	vnet_mkjail hostA ${epair_LAN_A}a
2906aac31aSKristof Provost	vnet_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a
3006aac31aSKristof Provost	vnet_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b
3106aac31aSKristof Provost	vnet_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a
3206aac31aSKristof Provost	vnet_mkjail hostB ${epair_LAN_B}a
334fbebc74SKristof Provost}
344fbebc74SKristof Provost
354fbebc74SKristof Provostist_v4_setup ()
364fbebc74SKristof Provost{
374fbebc74SKristof Provost	jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up
384fbebc74SKristof Provost	jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up
394fbebc74SKristof Provost	jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up
404fbebc74SKristof Provost	jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up
41e894e376SAlan Somers	jexec router ifconfig ${epair_PUB_B}b 198.51.100.5/30 up
42e894e376SAlan Somers	jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.6/30 up
434fbebc74SKristof Provost	jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up
444fbebc74SKristof Provost	jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up
454fbebc74SKristof Provost	jexec ipsecA sysctl net.inet.ip.forwarding=1
464fbebc74SKristof Provost	jexec router sysctl net.inet.ip.forwarding=1
474fbebc74SKristof Provost	jexec ipsecB sysctl net.inet.ip.forwarding=1
484fbebc74SKristof Provost	jexec hostA route add default 192.0.2.2
494fbebc74SKristof Provost	jexec ipsecA route add default 198.51.100.1
50e894e376SAlan Somers	jexec ipsecB route add default 198.51.100.5
514fbebc74SKristof Provost	jexec hostB route add default 203.0.113.2
524fbebc74SKristof Provost}
534fbebc74SKristof Provost
544fbebc74SKristof Provostist_v6_setup ()
554fbebc74SKristof Provost{
564fbebc74SKristof Provost	jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad
574fbebc74SKristof Provost	jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad
584fbebc74SKristof Provost	jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad
594fbebc74SKristof Provost	jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad
604fbebc74SKristof Provost	jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad
614fbebc74SKristof Provost	jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad
624fbebc74SKristof Provost	jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad
634fbebc74SKristof Provost	jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad
644fbebc74SKristof Provost	jexec ipsecA sysctl net.inet6.ip6.forwarding=1
654fbebc74SKristof Provost	jexec router sysctl net.inet6.ip6.forwarding=1
664fbebc74SKristof Provost	jexec ipsecB sysctl net.inet6.ip6.forwarding=1
674fbebc74SKristof Provost	jexec hostA route -6 add default 2001:db8:1::2
684fbebc74SKristof Provost	jexec ipsecA route -6 add default 2001:db8:23::3
694fbebc74SKristof Provost	jexec ipsecB route -6 add default 2001:db8:34::3
704fbebc74SKristof Provost	jexec hostB route -6 add default 2001:db8:45::2
714fbebc74SKristof Provost}
724fbebc74SKristof Provost
734fbebc74SKristof Provostist_setkey()
744fbebc74SKristof Provost{
754fbebc74SKristof Provost	jname=$1
764fbebc74SKristof Provost	dir=$2
774fbebc74SKristof Provost	afnet=$3
784fbebc74SKristof Provost	enc_algo=$4
794fbebc74SKristof Provost	enc_key=$5
804fbebc74SKristof Provost	auth_algo=$6
814fbebc74SKristof Provost	auth_key=$7
824fbebc74SKristof Provost
834fbebc74SKristof Provost	# Load
844fbebc74SKristof Provost	(
854fbebc74SKristof Provost		printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} "
864fbebc74SKristof Provost		printf "${enc_key} ${auth_algo} ${auth_key}\n"
874fbebc74SKristof Provost		printf "flush;\n"
884fbebc74SKristof Provost		printf "spdflush;\n"
894fbebc74SKristof Provost		if [ ${afnet} -eq 4 ]; then
904fbebc74SKristof Provost			SRC_LAN="192.0.2.0/24"
914fbebc74SKristof Provost			DST_LAN="203.0.113.0/24"
924fbebc74SKristof Provost			SRC_GW="198.51.100.2"
93e894e376SAlan Somers			DST_GW="198.51.100.6"
944fbebc74SKristof Provost		else
954fbebc74SKristof Provost			SRC_LAN="2001:db8:1::/64"
964fbebc74SKristof Provost			DST_LAN="2001:db8:45::/64"
974fbebc74SKristof Provost			SRC_GW="2001:db8:23::2"
984fbebc74SKristof Provost			DST_GW="2001:db8:34::2"
994fbebc74SKristof Provost		fi
1004fbebc74SKristof Provost		printf "spdadd ${SRC_LAN} ${DST_LAN} any -P "
1014fbebc74SKristof Provost		[ ${dir} = "out" ] && printf "out" || printf "in"
1024fbebc74SKristof Provost		printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
1034fbebc74SKristof Provost		printf "spdadd ${DST_LAN} ${SRC_LAN} any -P "
1044fbebc74SKristof Provost		[ ${dir} = "out" ] && printf "in" || printf "out"
1054fbebc74SKristof Provost		printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
1064fbebc74SKristof Provost		printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\""
1074fbebc74SKristof Provost		[ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
1084fbebc74SKristof Provost		printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\""
1094fbebc74SKristof Provost		[ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
1104fbebc74SKristof Provost	) > ${TMPDIR}/ipsec.${jname}.conf
1114fbebc74SKristof Provost}
1124fbebc74SKristof Provost
1134fbebc74SKristof Provostist_test()
1144fbebc74SKristof Provost{
1154fbebc74SKristof Provost	ist_init
1164fbebc74SKristof Provost	ist_labsetup
1174fbebc74SKristof Provost	[ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup
1184fbebc74SKristof Provost	ist_setkey ipsecA out $@
1194fbebc74SKristof Provost	atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
1204fbebc74SKristof Provost	ist_setkey ipsecB in $@
1214fbebc74SKristof Provost	atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
1224fbebc74SKristof Provost	# Check ipsec tunnel
1234fbebc74SKristof Provost	if [ $1 -eq 4 ]; then
1244fbebc74SKristof Provost		atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1
1254fbebc74SKristof Provost	else
126*01f3f354SAlan Somers		atf_check -s exit:0 -o ignore jexec hostA ping -6 -c 1 2001:db8:45::1
1274fbebc74SKristof Provost	fi
1284fbebc74SKristof Provost}
1294fbebc74SKristof Provostist_cleanup()
1304fbebc74SKristof Provost{
13106aac31aSKristof Provost	vnet_cleanup
1324fbebc74SKristof Provost}
133