xref: /freebsd/tests/sys/netipsec/tunnel/utils.subr (revision 731d06abf2105cc0873fa84e972178f9f37ca760) 
1# $FreeBSD$
2# Utility functions (mainly from pf tests, should be merged one day)
3##
4
5: ${TMPDIR=/tmp}
6
7. $(atf_get_srcdir)/../../common/vnet.subr
8
9ist_init()
10{
11	vnet_init
12}
13
14ist_labsetup ()
15{
16	epair_LAN_A=$(vnet_mkepair)
17	ifconfig ${epair_LAN_A}a up
18	epair_PUB_A=$(vnet_mkepair)
19	ifconfig ${epair_PUB_A}a up
20	epair_LAN_B=$(vnet_mkepair)
21	ifconfig ${epair_LAN_B}a up
22	epair_PUB_B=$(vnet_mkepair)
23	ifconfig ${epair_PUB_B}a up
24
25	vnet_mkjail hostA ${epair_LAN_A}a
26	vnet_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a
27	vnet_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b
28	vnet_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a
29	vnet_mkjail hostB ${epair_LAN_B}a
30}
31
32ist_v4_setup ()
33{
34	jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up
35	jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up
36	jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up
37	jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up
38	jexec router ifconfig ${epair_PUB_B}b 198.51.100.5/30 up
39	jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.6/30 up
40	jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up
41	jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up
42	jexec ipsecA sysctl net.inet.ip.forwarding=1
43	jexec router sysctl net.inet.ip.forwarding=1
44	jexec ipsecB sysctl net.inet.ip.forwarding=1
45	jexec hostA route add default 192.0.2.2
46	jexec ipsecA route add default 198.51.100.1
47	jexec ipsecB route add default 198.51.100.5
48	jexec hostB route add default 203.0.113.2
49}
50
51ist_v6_setup ()
52{
53	jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad
54	jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad
55	jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad
56	jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad
57	jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad
58	jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad
59	jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad
60	jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad
61	jexec ipsecA sysctl net.inet6.ip6.forwarding=1
62	jexec router sysctl net.inet6.ip6.forwarding=1
63	jexec ipsecB sysctl net.inet6.ip6.forwarding=1
64	jexec hostA route -6 add default 2001:db8:1::2
65	jexec ipsecA route -6 add default 2001:db8:23::3
66	jexec ipsecB route -6 add default 2001:db8:34::3
67	jexec hostB route -6 add default 2001:db8:45::2
68}
69
70ist_setkey()
71{
72	jname=$1
73	dir=$2
74	afnet=$3
75	enc_algo=$4
76	enc_key=$5
77	auth_algo=$6
78	auth_key=$7
79
80	# Load
81	(
82		printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} "
83		printf "${enc_key} ${auth_algo} ${auth_key}\n"
84		printf "flush;\n"
85		printf "spdflush;\n"
86		if [ ${afnet} -eq 4 ]; then
87			SRC_LAN="192.0.2.0/24"
88			DST_LAN="203.0.113.0/24"
89			SRC_GW="198.51.100.2"
90			DST_GW="198.51.100.6"
91		else
92			SRC_LAN="2001:db8:1::/64"
93			DST_LAN="2001:db8:45::/64"
94			SRC_GW="2001:db8:23::2"
95			DST_GW="2001:db8:34::2"
96		fi
97		printf "spdadd ${SRC_LAN} ${DST_LAN} any -P "
98		[ ${dir} = "out" ] && printf "out" || printf "in"
99		printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
100		printf "spdadd ${DST_LAN} ${SRC_LAN} any -P "
101		[ ${dir} = "out" ] && printf "in" || printf "out"
102		printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
103		printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\""
104		[ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
105		printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\""
106		[ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
107	) > ${TMPDIR}/ipsec.${jname}.conf
108}
109
110ist_test()
111{
112	ist_init
113	ist_labsetup
114	[ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup
115	ist_setkey ipsecA out $@
116	atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
117	ist_setkey ipsecB in $@
118	atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
119	# Check ipsec tunnel
120	if [ $1 -eq 4 ]; then
121		atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1
122	else
123		atf_check -s exit:0 -o ignore jexec hostA ping6 -c 1 2001:db8:45::1
124	fi
125}
126ist_cleanup()
127{
128	vnet_cleanup
129}
130