14fbebc74SKristof Provost# $FreeBSD$ 24fbebc74SKristof Provost# Utility functions (mainly from pf tests, should be merged one day) 34fbebc74SKristof Provost## 44fbebc74SKristof Provost 54fbebc74SKristof Provost: ${TMPDIR=/tmp} 64fbebc74SKristof Provost 7*06aac31aSKristof Provost. $(atf_get_srcdir)/../../common/vnet.subr 8*06aac31aSKristof Provost 94fbebc74SKristof Provostist_init() 104fbebc74SKristof Provost{ 11*06aac31aSKristof Provost vnet_init 124fbebc74SKristof Provost} 134fbebc74SKristof Provost 144fbebc74SKristof Provostist_labsetup () 154fbebc74SKristof Provost{ 16*06aac31aSKristof Provost epair_LAN_A=$(vnet_mkepair) 174fbebc74SKristof Provost ifconfig ${epair_LAN_A}a up 18*06aac31aSKristof Provost epair_PUB_A=$(vnet_mkepair) 194fbebc74SKristof Provost ifconfig ${epair_PUB_A}a up 20*06aac31aSKristof Provost epair_LAN_B=$(vnet_mkepair) 214fbebc74SKristof Provost ifconfig ${epair_LAN_B}a up 22*06aac31aSKristof Provost epair_PUB_B=$(vnet_mkepair) 234fbebc74SKristof Provost ifconfig ${epair_PUB_B}a up 244fbebc74SKristof Provost 25*06aac31aSKristof Provost vnet_mkjail hostA ${epair_LAN_A}a 26*06aac31aSKristof Provost vnet_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a 27*06aac31aSKristof Provost vnet_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b 28*06aac31aSKristof Provost vnet_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a 29*06aac31aSKristof Provost vnet_mkjail hostB ${epair_LAN_B}a 304fbebc74SKristof Provost} 314fbebc74SKristof Provost 324fbebc74SKristof Provostist_v4_setup () 334fbebc74SKristof Provost{ 344fbebc74SKristof Provost jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up 354fbebc74SKristof Provost jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up 364fbebc74SKristof Provost jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up 374fbebc74SKristof Provost jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up 38e894e376SAlan Somers jexec router ifconfig ${epair_PUB_B}b 198.51.100.5/30 up 39e894e376SAlan Somers jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.6/30 up 404fbebc74SKristof Provost jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up 414fbebc74SKristof Provost jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up 424fbebc74SKristof Provost jexec ipsecA sysctl net.inet.ip.forwarding=1 434fbebc74SKristof Provost jexec router sysctl net.inet.ip.forwarding=1 444fbebc74SKristof Provost jexec ipsecB sysctl net.inet.ip.forwarding=1 454fbebc74SKristof Provost jexec hostA route add default 192.0.2.2 464fbebc74SKristof Provost jexec ipsecA route add default 198.51.100.1 47e894e376SAlan Somers jexec ipsecB route add default 198.51.100.5 484fbebc74SKristof Provost jexec hostB route add default 203.0.113.2 494fbebc74SKristof Provost} 504fbebc74SKristof Provost 514fbebc74SKristof Provostist_v6_setup () 524fbebc74SKristof Provost{ 534fbebc74SKristof Provost jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad 544fbebc74SKristof Provost jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad 554fbebc74SKristof Provost jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad 564fbebc74SKristof Provost jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad 574fbebc74SKristof Provost jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad 584fbebc74SKristof Provost jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad 594fbebc74SKristof Provost jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad 604fbebc74SKristof Provost jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad 614fbebc74SKristof Provost jexec ipsecA sysctl net.inet6.ip6.forwarding=1 624fbebc74SKristof Provost jexec router sysctl net.inet6.ip6.forwarding=1 634fbebc74SKristof Provost jexec ipsecB sysctl net.inet6.ip6.forwarding=1 644fbebc74SKristof Provost jexec hostA route -6 add default 2001:db8:1::2 654fbebc74SKristof Provost jexec ipsecA route -6 add default 2001:db8:23::3 664fbebc74SKristof Provost jexec ipsecB route -6 add default 2001:db8:34::3 674fbebc74SKristof Provost jexec hostB route -6 add default 2001:db8:45::2 684fbebc74SKristof Provost} 694fbebc74SKristof Provost 704fbebc74SKristof Provostist_setkey() 714fbebc74SKristof Provost{ 724fbebc74SKristof Provost jname=$1 734fbebc74SKristof Provost dir=$2 744fbebc74SKristof Provost afnet=$3 754fbebc74SKristof Provost enc_algo=$4 764fbebc74SKristof Provost enc_key=$5 774fbebc74SKristof Provost auth_algo=$6 784fbebc74SKristof Provost auth_key=$7 794fbebc74SKristof Provost 804fbebc74SKristof Provost # Load 814fbebc74SKristof Provost ( 824fbebc74SKristof Provost printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} " 834fbebc74SKristof Provost printf "${enc_key} ${auth_algo} ${auth_key}\n" 844fbebc74SKristof Provost printf "flush;\n" 854fbebc74SKristof Provost printf "spdflush;\n" 864fbebc74SKristof Provost if [ ${afnet} -eq 4 ]; then 874fbebc74SKristof Provost SRC_LAN="192.0.2.0/24" 884fbebc74SKristof Provost DST_LAN="203.0.113.0/24" 894fbebc74SKristof Provost SRC_GW="198.51.100.2" 90e894e376SAlan Somers DST_GW="198.51.100.6" 914fbebc74SKristof Provost else 924fbebc74SKristof Provost SRC_LAN="2001:db8:1::/64" 934fbebc74SKristof Provost DST_LAN="2001:db8:45::/64" 944fbebc74SKristof Provost SRC_GW="2001:db8:23::2" 954fbebc74SKristof Provost DST_GW="2001:db8:34::2" 964fbebc74SKristof Provost fi 974fbebc74SKristof Provost printf "spdadd ${SRC_LAN} ${DST_LAN} any -P " 984fbebc74SKristof Provost [ ${dir} = "out" ] && printf "out" || printf "in" 994fbebc74SKristof Provost printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n" 1004fbebc74SKristof Provost printf "spdadd ${DST_LAN} ${SRC_LAN} any -P " 1014fbebc74SKristof Provost [ ${dir} = "out" ] && printf "in" || printf "out" 1024fbebc74SKristof Provost printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n" 1034fbebc74SKristof Provost printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\"" 1044fbebc74SKristof Provost [ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n" 1054fbebc74SKristof Provost printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\"" 1064fbebc74SKristof Provost [ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n" 1074fbebc74SKristof Provost ) > ${TMPDIR}/ipsec.${jname}.conf 1084fbebc74SKristof Provost} 1094fbebc74SKristof Provost 1104fbebc74SKristof Provostist_test() 1114fbebc74SKristof Provost{ 1124fbebc74SKristof Provost ist_init 1134fbebc74SKristof Provost ist_labsetup 1144fbebc74SKristof Provost [ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup 1154fbebc74SKristof Provost ist_setkey ipsecA out $@ 1164fbebc74SKristof Provost atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf 1174fbebc74SKristof Provost ist_setkey ipsecB in $@ 1184fbebc74SKristof Provost atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf 1194fbebc74SKristof Provost # Check ipsec tunnel 1204fbebc74SKristof Provost if [ $1 -eq 4 ]; then 1214fbebc74SKristof Provost atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1 1224fbebc74SKristof Provost else 1234fbebc74SKristof Provost atf_check -s exit:0 -o ignore jexec hostA ping6 -c 1 2001:db8:45::1 1244fbebc74SKristof Provost fi 1254fbebc74SKristof Provost} 1264fbebc74SKristof Provostist_cleanup() 1274fbebc74SKristof Provost{ 128*06aac31aSKristof Provost vnet_cleanup 1294fbebc74SKristof Provost} 130