1# $FreeBSD$ 2# Utility functions (mainly from pf tests, should be merged one day) 3## 4 5: ${TMPDIR=/tmp} 6 7ist_init() 8{ 9 if [ "$(sysctl -i -n kern.features.vimage)" != 1 ]; then 10 atf_skip "This test requires VIMAGE" 11 fi 12} 13 14pft_mkepair() 15{ 16 ifname=$(ifconfig epair create) 17 echo $ifname >> created_interfaces.lst 18 echo ${ifname%a} 19} 20 21pft_mkjail() 22{ 23 jailname=$1 24 shift 25 26 vnet_interfaces= 27 for ifname in $@ 28 do 29 vnet_interfaces="${vnet_interfaces} vnet.interface=${ifname}" 30 done 31 jail -c name=${jailname} persist vnet ${vnet_interfaces} 32 33 echo $jailname >> created_jails.lst 34} 35 36ist_labsetup () 37{ 38 epair_LAN_A=$(pft_mkepair) 39 ifconfig ${epair_LAN_A}a up 40 epair_PUB_A=$(pft_mkepair) 41 ifconfig ${epair_PUB_A}a up 42 epair_LAN_B=$(pft_mkepair) 43 ifconfig ${epair_LAN_B}a up 44 epair_PUB_B=$(pft_mkepair) 45 ifconfig ${epair_PUB_B}a up 46 47 pft_mkjail hostA ${epair_LAN_A}a 48 pft_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a 49 pft_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b 50 pft_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a 51 pft_mkjail hostB ${epair_LAN_B}a 52} 53 54ist_v4_setup () 55{ 56 jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up 57 jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up 58 jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up 59 jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up 60 jexec router ifconfig ${epair_PUB_B}b 198.51.100.5/30 up 61 jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.6/30 up 62 jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up 63 jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up 64 jexec ipsecA sysctl net.inet.ip.forwarding=1 65 jexec router sysctl net.inet.ip.forwarding=1 66 jexec ipsecB sysctl net.inet.ip.forwarding=1 67 jexec hostA route add default 192.0.2.2 68 jexec ipsecA route add default 198.51.100.1 69 jexec ipsecB route add default 198.51.100.5 70 jexec hostB route add default 203.0.113.2 71} 72 73ist_v6_setup () 74{ 75 jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad 76 jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad 77 jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad 78 jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad 79 jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad 80 jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad 81 jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad 82 jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad 83 jexec ipsecA sysctl net.inet6.ip6.forwarding=1 84 jexec router sysctl net.inet6.ip6.forwarding=1 85 jexec ipsecB sysctl net.inet6.ip6.forwarding=1 86 jexec hostA route -6 add default 2001:db8:1::2 87 jexec ipsecA route -6 add default 2001:db8:23::3 88 jexec ipsecB route -6 add default 2001:db8:34::3 89 jexec hostB route -6 add default 2001:db8:45::2 90} 91 92ist_setkey() 93{ 94 jname=$1 95 dir=$2 96 afnet=$3 97 enc_algo=$4 98 enc_key=$5 99 auth_algo=$6 100 auth_key=$7 101 102 # Load 103 ( 104 printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} " 105 printf "${enc_key} ${auth_algo} ${auth_key}\n" 106 printf "flush;\n" 107 printf "spdflush;\n" 108 if [ ${afnet} -eq 4 ]; then 109 SRC_LAN="192.0.2.0/24" 110 DST_LAN="203.0.113.0/24" 111 SRC_GW="198.51.100.2" 112 DST_GW="198.51.100.6" 113 else 114 SRC_LAN="2001:db8:1::/64" 115 DST_LAN="2001:db8:45::/64" 116 SRC_GW="2001:db8:23::2" 117 DST_GW="2001:db8:34::2" 118 fi 119 printf "spdadd ${SRC_LAN} ${DST_LAN} any -P " 120 [ ${dir} = "out" ] && printf "out" || printf "in" 121 printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n" 122 printf "spdadd ${DST_LAN} ${SRC_LAN} any -P " 123 [ ${dir} = "out" ] && printf "in" || printf "out" 124 printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n" 125 printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\"" 126 [ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n" 127 printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\"" 128 [ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n" 129 ) > ${TMPDIR}/ipsec.${jname}.conf 130} 131 132ist_test() 133{ 134 ist_init 135 ist_labsetup 136 [ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup 137 ist_setkey ipsecA out $@ 138 atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf 139 ist_setkey ipsecB in $@ 140 atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf 141 # Check ipsec tunnel 142 if [ $1 -eq 4 ]; then 143 atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1 144 else 145 atf_check -s exit:0 -o ignore jexec hostA ping6 -c 1 2001:db8:45::1 146 fi 147} 148ist_cleanup() 149{ 150 if [ -f created_jails.lst ]; then 151 for jailname in $(cat created_jails.lst) 152 do 153 jail -r ${jailname} 154 rm -f ${TMPDIR}/ipsec.${jailname}.conf 155 done 156 rm created_jails.lst 157 fi 158 159 if [ -f created_interfaces.lst ]; then 160 for ifname in $(cat created_interfaces.lst) 161 do 162 ifconfig ${ifname} destroy 163 done 164 rm created_interfaces.lst 165 fi 166} 167