xref: /freebsd/tests/sys/netipsec/tunnel/utils.subr (revision b89a7cc2ed6e4398d5be502f5bb5885d1ec6ff0f)
1# $FreeBSD$
2# Utility functions (mainly from pf tests, should be merged one day)
3##
4
5: ${TMPDIR=/tmp}
6
7ist_init()
8{
9	if [ "$(sysctl -i -n kern.features.vimage)" != 1 ]; then
10		atf_skip "This test requires VIMAGE"
11	fi
12}
13
14pft_mkepair()
15{
16	ifname=$(ifconfig epair create)
17	echo $ifname >> created_interfaces.lst
18	echo ${ifname%a}
19}
20
21pft_mkjail()
22{
23	jailname=$1
24	shift
25
26	vnet_interfaces=
27	for ifname in $@
28	do
29		vnet_interfaces="${vnet_interfaces} vnet.interface=${ifname}"
30	done
31	jail -c name=${jailname} persist vnet ${vnet_interfaces}
32
33	echo $jailname >> created_jails.lst
34}
35
36ist_labsetup ()
37{
38	epair_LAN_A=$(pft_mkepair)
39	ifconfig ${epair_LAN_A}a up
40	epair_PUB_A=$(pft_mkepair)
41	ifconfig ${epair_PUB_A}a up
42	epair_LAN_B=$(pft_mkepair)
43	ifconfig ${epair_LAN_B}a up
44	epair_PUB_B=$(pft_mkepair)
45	ifconfig ${epair_PUB_B}a up
46
47	pft_mkjail hostA ${epair_LAN_A}a
48	pft_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a
49	pft_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b
50	pft_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a
51	pft_mkjail hostB ${epair_LAN_B}a
52}
53
54ist_v4_setup ()
55{
56	jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up
57	jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up
58	jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up
59	jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up
60	jexec router ifconfig ${epair_PUB_B}b 198.51.100.5/30 up
61	jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.6/30 up
62	jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up
63	jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up
64	jexec ipsecA sysctl net.inet.ip.forwarding=1
65	jexec router sysctl net.inet.ip.forwarding=1
66	jexec ipsecB sysctl net.inet.ip.forwarding=1
67	jexec hostA route add default 192.0.2.2
68	jexec ipsecA route add default 198.51.100.1
69	jexec ipsecB route add default 198.51.100.5
70	jexec hostB route add default 203.0.113.2
71}
72
73ist_v6_setup ()
74{
75	jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad
76	jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad
77	jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad
78	jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad
79	jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad
80	jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad
81	jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad
82	jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad
83	jexec ipsecA sysctl net.inet6.ip6.forwarding=1
84	jexec router sysctl net.inet6.ip6.forwarding=1
85	jexec ipsecB sysctl net.inet6.ip6.forwarding=1
86	jexec hostA route -6 add default 2001:db8:1::2
87	jexec ipsecA route -6 add default 2001:db8:23::3
88	jexec ipsecB route -6 add default 2001:db8:34::3
89	jexec hostB route -6 add default 2001:db8:45::2
90}
91
92ist_setkey()
93{
94	jname=$1
95	dir=$2
96	afnet=$3
97	enc_algo=$4
98	enc_key=$5
99	auth_algo=$6
100	auth_key=$7
101
102	# Load
103	(
104		printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} "
105		printf "${enc_key} ${auth_algo} ${auth_key}\n"
106		printf "flush;\n"
107		printf "spdflush;\n"
108		if [ ${afnet} -eq 4 ]; then
109			SRC_LAN="192.0.2.0/24"
110			DST_LAN="203.0.113.0/24"
111			SRC_GW="198.51.100.2"
112			DST_GW="198.51.100.6"
113		else
114			SRC_LAN="2001:db8:1::/64"
115			DST_LAN="2001:db8:45::/64"
116			SRC_GW="2001:db8:23::2"
117			DST_GW="2001:db8:34::2"
118		fi
119		printf "spdadd ${SRC_LAN} ${DST_LAN} any -P "
120		[ ${dir} = "out" ] && printf "out" || printf "in"
121		printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
122		printf "spdadd ${DST_LAN} ${SRC_LAN} any -P "
123		[ ${dir} = "out" ] && printf "in" || printf "out"
124		printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
125		printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\""
126		[ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
127		printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\""
128		[ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
129	) > ${TMPDIR}/ipsec.${jname}.conf
130}
131
132ist_test()
133{
134	ist_init
135	ist_labsetup
136	[ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup
137	ist_setkey ipsecA out $@
138	atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
139	ist_setkey ipsecB in $@
140	atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
141	# Check ipsec tunnel
142	if [ $1 -eq 4 ]; then
143		atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1
144	else
145		atf_check -s exit:0 -o ignore jexec hostA ping6 -c 1 2001:db8:45::1
146	fi
147}
148ist_cleanup()
149{
150	if [ -f created_jails.lst ]; then
151		for jailname in $(cat created_jails.lst)
152		do
153			jail -r ${jailname}
154			rm -f ${TMPDIR}/ipsec.${jailname}.conf
155		done
156		rm created_jails.lst
157	fi
158
159	if [ -f created_interfaces.lst ]; then
160		for ifname in $(cat created_interfaces.lst)
161		do
162			ifconfig ${ifname} destroy
163		done
164		rm created_interfaces.lst
165	fi
166}
167