xref: /freebsd/tests/sys/netipsec/tunnel/utils.subr (revision 01f3f35447b0a43b37ecc71ebb9296aad123cd43)
14fbebc74SKristof Provost# $FreeBSD$
24fbebc74SKristof Provost# Utility functions (mainly from pf tests, should be merged one day)
34fbebc74SKristof Provost##
44fbebc74SKristof Provost
54fbebc74SKristof Provost: ${TMPDIR=/tmp}
64fbebc74SKristof Provost
706aac31aSKristof Provost. $(atf_get_srcdir)/../../common/vnet.subr
806aac31aSKristof Provost
94fbebc74SKristof Provostist_init()
104fbebc74SKristof Provost{
11b685454aSKristof Provost	if ! sysctl -q kern.features.ipsec >/dev/null ; then
12b685454aSKristof Provost		atf_skip "This test requires ipsec"
13b685454aSKristof Provost	fi
14b685454aSKristof Provost
1506aac31aSKristof Provost	vnet_init
164fbebc74SKristof Provost}
174fbebc74SKristof Provost
184fbebc74SKristof Provostist_labsetup ()
194fbebc74SKristof Provost{
2006aac31aSKristof Provost	epair_LAN_A=$(vnet_mkepair)
214fbebc74SKristof Provost	ifconfig ${epair_LAN_A}a up
2206aac31aSKristof Provost	epair_PUB_A=$(vnet_mkepair)
234fbebc74SKristof Provost	ifconfig ${epair_PUB_A}a up
2406aac31aSKristof Provost	epair_LAN_B=$(vnet_mkepair)
254fbebc74SKristof Provost	ifconfig ${epair_LAN_B}a up
2606aac31aSKristof Provost	epair_PUB_B=$(vnet_mkepair)
274fbebc74SKristof Provost	ifconfig ${epair_PUB_B}a up
284fbebc74SKristof Provost
2906aac31aSKristof Provost	vnet_mkjail hostA ${epair_LAN_A}a
3006aac31aSKristof Provost	vnet_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a
3106aac31aSKristof Provost	vnet_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b
3206aac31aSKristof Provost	vnet_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a
3306aac31aSKristof Provost	vnet_mkjail hostB ${epair_LAN_B}a
344fbebc74SKristof Provost}
354fbebc74SKristof Provost
364fbebc74SKristof Provostist_v4_setup ()
374fbebc74SKristof Provost{
384fbebc74SKristof Provost	jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up
394fbebc74SKristof Provost	jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up
404fbebc74SKristof Provost	jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up
414fbebc74SKristof Provost	jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up
42e894e376SAlan Somers	jexec router ifconfig ${epair_PUB_B}b 198.51.100.5/30 up
43e894e376SAlan Somers	jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.6/30 up
444fbebc74SKristof Provost	jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up
454fbebc74SKristof Provost	jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up
464fbebc74SKristof Provost	jexec ipsecA sysctl net.inet.ip.forwarding=1
474fbebc74SKristof Provost	jexec router sysctl net.inet.ip.forwarding=1
484fbebc74SKristof Provost	jexec ipsecB sysctl net.inet.ip.forwarding=1
494fbebc74SKristof Provost	jexec hostA route add default 192.0.2.2
504fbebc74SKristof Provost	jexec ipsecA route add default 198.51.100.1
51e894e376SAlan Somers	jexec ipsecB route add default 198.51.100.5
524fbebc74SKristof Provost	jexec hostB route add default 203.0.113.2
534fbebc74SKristof Provost}
544fbebc74SKristof Provost
554fbebc74SKristof Provostist_v6_setup ()
564fbebc74SKristof Provost{
574fbebc74SKristof Provost	jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad
584fbebc74SKristof Provost	jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad
594fbebc74SKristof Provost	jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad
604fbebc74SKristof Provost	jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad
614fbebc74SKristof Provost	jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad
624fbebc74SKristof Provost	jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad
634fbebc74SKristof Provost	jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad
644fbebc74SKristof Provost	jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad
654fbebc74SKristof Provost	jexec ipsecA sysctl net.inet6.ip6.forwarding=1
664fbebc74SKristof Provost	jexec router sysctl net.inet6.ip6.forwarding=1
674fbebc74SKristof Provost	jexec ipsecB sysctl net.inet6.ip6.forwarding=1
684fbebc74SKristof Provost	jexec hostA route -6 add default 2001:db8:1::2
694fbebc74SKristof Provost	jexec ipsecA route -6 add default 2001:db8:23::3
704fbebc74SKristof Provost	jexec ipsecB route -6 add default 2001:db8:34::3
714fbebc74SKristof Provost	jexec hostB route -6 add default 2001:db8:45::2
724fbebc74SKristof Provost}
734fbebc74SKristof Provost
744fbebc74SKristof Provostist_setkey()
754fbebc74SKristof Provost{
764fbebc74SKristof Provost	jname=$1
774fbebc74SKristof Provost	dir=$2
784fbebc74SKristof Provost	afnet=$3
794fbebc74SKristof Provost	enc_algo=$4
804fbebc74SKristof Provost	enc_key=$5
814fbebc74SKristof Provost	auth_algo=$6
824fbebc74SKristof Provost	auth_key=$7
834fbebc74SKristof Provost
844fbebc74SKristof Provost	# Load
854fbebc74SKristof Provost	(
864fbebc74SKristof Provost		printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} "
874fbebc74SKristof Provost		printf "${enc_key} ${auth_algo} ${auth_key}\n"
884fbebc74SKristof Provost		printf "flush;\n"
894fbebc74SKristof Provost		printf "spdflush;\n"
904fbebc74SKristof Provost		if [ ${afnet} -eq 4 ]; then
914fbebc74SKristof Provost			SRC_LAN="192.0.2.0/24"
924fbebc74SKristof Provost			DST_LAN="203.0.113.0/24"
934fbebc74SKristof Provost			SRC_GW="198.51.100.2"
94e894e376SAlan Somers			DST_GW="198.51.100.6"
954fbebc74SKristof Provost		else
964fbebc74SKristof Provost			SRC_LAN="2001:db8:1::/64"
974fbebc74SKristof Provost			DST_LAN="2001:db8:45::/64"
984fbebc74SKristof Provost			SRC_GW="2001:db8:23::2"
994fbebc74SKristof Provost			DST_GW="2001:db8:34::2"
1004fbebc74SKristof Provost		fi
1014fbebc74SKristof Provost		printf "spdadd ${SRC_LAN} ${DST_LAN} any -P "
1024fbebc74SKristof Provost		[ ${dir} = "out" ] && printf "out" || printf "in"
1034fbebc74SKristof Provost		printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
1044fbebc74SKristof Provost		printf "spdadd ${DST_LAN} ${SRC_LAN} any -P "
1054fbebc74SKristof Provost		[ ${dir} = "out" ] && printf "in" || printf "out"
1064fbebc74SKristof Provost		printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
1074fbebc74SKristof Provost		printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\""
1084fbebc74SKristof Provost		[ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
1094fbebc74SKristof Provost		printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\""
1104fbebc74SKristof Provost		[ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
1114fbebc74SKristof Provost	) > ${TMPDIR}/ipsec.${jname}.conf
1124fbebc74SKristof Provost}
1134fbebc74SKristof Provost
1144fbebc74SKristof Provostist_test()
1154fbebc74SKristof Provost{
1164fbebc74SKristof Provost	ist_init
1174fbebc74SKristof Provost	ist_labsetup
1184fbebc74SKristof Provost	[ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup
1194fbebc74SKristof Provost	ist_setkey ipsecA out $@
1204fbebc74SKristof Provost	atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
1214fbebc74SKristof Provost	ist_setkey ipsecB in $@
1224fbebc74SKristof Provost	atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
1234fbebc74SKristof Provost	# Check ipsec tunnel
1244fbebc74SKristof Provost	if [ $1 -eq 4 ]; then
1254fbebc74SKristof Provost		atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1
1264fbebc74SKristof Provost	else
127*01f3f354SAlan Somers		atf_check -s exit:0 -o ignore jexec hostA ping -6 -c 1 2001:db8:45::1
1284fbebc74SKristof Provost	fi
1294fbebc74SKristof Provost}
1304fbebc74SKristof Provostist_cleanup()
1314fbebc74SKristof Provost{
13206aac31aSKristof Provost	vnet_cleanup
1334fbebc74SKristof Provost}
134