Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src add ipsec(4) interface ATF.
details: https://anonhg.NetBSD.org/src/rev/a013ca538ed3
branches: trunk
changeset: 828927:a013ca538ed3
user: knakahara <knakahara%NetBSD.org@localhost>
date: Wed Jan 10 11:06:06 2018 +0000
description:
add ipsec(4) interface ATF.
diffstat:
distrib/sets/lists/tests/mi | 6 +-
etc/mtree/NetBSD.dist.tests | 3 +-
tests/net/Makefile | 4 +-
tests/net/if_ipsec/Makefile | 14 +
tests/net/if_ipsec/t_ipsec.sh | 925 ++++++++++++++++++++++++++++++++++++++++++
5 files changed, 948 insertions(+), 4 deletions(-)
diffs (truncated from 1002 to 300 lines):
diff -r a13c6477f39a -r a013ca538ed3 distrib/sets/lists/tests/mi
--- a/distrib/sets/lists/tests/mi Wed Jan 10 11:02:41 2018 +0000
+++ b/distrib/sets/lists/tests/mi Wed Jan 10 11:06:06 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.771 2017/12/10 15:39:37 christos Exp $
+# $NetBSD: mi,v 1.772 2018/01/10 11:06:06 knakahara Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -3295,6 +3295,10 @@
./usr/tests/net/if_gif/Atffile tests-net-tests atf,rump
./usr/tests/net/if_gif/Kyuafile tests-net-tests atf,rump,kyua
./usr/tests/net/if_gif/t_gif tests-net-tests atf,rump
+./usr/tests/net/if_ipsec tests-net-tests compattestfile,atf
+./usr/tests/net/if_ipsec/Atffile tests-net-tests atf,rump
+./usr/tests/net/if_ipsec/Kyuafile tests-net-tests atf,rump,kyua
+./usr/tests/net/if_ipsec/t_ipsec tests-net-tests atf,rump
./usr/tests/net/if_l2tp tests-net-tests compattestfile,atf
./usr/tests/net/if_l2tp/Atffile tests-net-tests atf,rump
./usr/tests/net/if_l2tp/Kyuafile tests-net-tests atf,rump,kyua
diff -r a13c6477f39a -r a013ca538ed3 etc/mtree/NetBSD.dist.tests
--- a/etc/mtree/NetBSD.dist.tests Wed Jan 10 11:02:41 2018 +0000
+++ b/etc/mtree/NetBSD.dist.tests Wed Jan 10 11:06:06 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: NetBSD.dist.tests,v 1.149 2017/11/01 08:32:07 martin Exp $
+# $NetBSD: NetBSD.dist.tests,v 1.150 2018/01/10 11:06:06 knakahara Exp $
./usr/libdata/debug/usr/tests
./usr/libdata/debug/usr/tests/atf
@@ -332,6 +332,7 @@
./usr/tests/net/if
./usr/tests/net/if_bridge
./usr/tests/net/if_gif
+./usr/tests/net/if_ipsec
./usr/tests/net/if_l2tp
./usr/tests/net/if_loop
./usr/tests/net/if_pppoe
diff -r a13c6477f39a -r a013ca538ed3 tests/net/Makefile
--- a/tests/net/Makefile Wed Jan 10 11:02:41 2018 +0000
+++ b/tests/net/Makefile Wed Jan 10 11:06:06 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.33 2017/05/27 21:02:56 bouyer Exp $
+# $NetBSD: Makefile,v 1.34 2018/01/10 11:06:06 knakahara Exp $
.include <bsd.own.mk>
@@ -7,7 +7,7 @@
TESTS_SUBDIRS= fdpass in_cksum net sys
.if (${MKRUMP} != "no") && !defined(BSD_MK_COMPAT_FILE)
TESTS_SUBDIRS+= arp bpf bpfilter can carp icmp if if_bridge if_gif
-TESTS_SUBDIRS+= if_l2tp if_loop if_pppoe if_tap if_tun ipsec
+TESTS_SUBDIRS+= if_ipsec if_l2tp if_loop if_pppoe if_tap if_tun ipsec
TESTS_SUBDIRS+= mcast mpls ndp npf route if_vlan
.if (${MKSLJIT} != "no")
TESTS_SUBDIRS+= bpfjit
diff -r a13c6477f39a -r a013ca538ed3 tests/net/if_ipsec/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/net/if_ipsec/Makefile Wed Jan 10 11:06:06 2018 +0000
@@ -0,0 +1,14 @@
+# $NetBSD: Makefile,v 1.1 2018/01/10 11:06:06 knakahara Exp $
+#
+
+.include <bsd.own.mk>
+
+TESTSDIR= ${TESTSBASE}/net/if_ipsec
+
+.for name in ipsec
+TESTS_SH+= t_${name}
+TESTS_SH_SRC_t_${name}= ../net_common.sh t_${name}.sh \
+ ../ipsec/common.sh ../ipsec/algorithms.sh
+.endfor
+
+.include <bsd.test.mk>
diff -r a13c6477f39a -r a013ca538ed3 tests/net/if_ipsec/t_ipsec.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/net/if_ipsec/t_ipsec.sh Wed Jan 10 11:06:06 2018 +0000
@@ -0,0 +1,925 @@
+# $NetBSD: t_ipsec.sh,v 1.1 2018/01/10 11:06:06 knakahara Exp $
+#
+# Copyright (c) 2017 Internet Initiative Japan Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+SOCK1=unix://commsock1 # for ROUTER1
+SOCK2=unix://commsock2 # for ROUTER2
+ROUTER1_LANIP=192.168.1.1
+ROUTER1_LANNET=192.168.1.0/24
+ROUTER1_WANIP=10.0.0.1
+ROUTER1_IPSECIP=172.16.1.1
+ROUTER1_WANIP_DUMMY=10.0.0.11
+ROUTER1_IPSECIP_DUMMY=172.16.11.1
+ROUTER1_IPSECIP_RECURSIVE1=172.16.101.1
+ROUTER1_IPSECIP_RECURSIVE2=172.16.201.1
+ROUTER2_LANIP=192.168.2.1
+ROUTER2_LANNET=192.168.2.0/24
+ROUTER2_WANIP=10.0.0.2
+ROUTER2_IPSECIP=172.16.2.1
+ROUTER2_WANIP_DUMMY=10.0.0.12
+ROUTER2_IPSECIP_DUMMY=172.16.12.1
+ROUTER2_IPSECIP_RECURSIVE1=172.16.102.1
+ROUTER2_IPSECIP_RECURSIVE2=172.16.202.1
+
+ROUTER1_LANIP6=fc00:1::1
+ROUTER1_LANNET6=fc00:1::/64
+ROUTER1_WANIP6=fc00::1
+ROUTER1_IPSECIP6=fc00:3::1
+ROUTER1_WANIP6_DUMMY=fc00::11
+ROUTER1_IPSECIP6_DUMMY=fc00:13::1
+ROUTER1_IPSECIP6_RECURSIVE1=fc00:103::1
+ROUTER1_IPSECIP6_RECURSIVE2=fc00:203::1
+ROUTER2_LANIP6=fc00:2::1
+ROUTER2_LANNET6=fc00:2::/64
+ROUTER2_WANIP6=fc00::2
+ROUTER2_IPSECIP6=fc00:4::1
+ROUTER2_WANIP6_DUMMY=fc00::12
+ROUTER2_IPSECIP6_DUMMY=fc00:14::1
+ROUTER2_IPSECIP6_RECURSIVE1=fc00:104::1
+ROUTER2_IPSECIP6_RECURSIVE2=fc00:204::1
+
+DEBUG=${DEBUG:-false}
+TIMEOUT=7
+
+setup_router()
+{
+ local sock=${1}
+ local lan=${2}
+ local lan_mode=${3}
+ local wan=${4}
+ local wan_mode=${5}
+
+ rump_server_add_iface $sock shmif0 bus0
+ rump_server_add_iface $sock shmif1 bus1
+
+ export RUMP_SERVER=${sock}
+ if [ ${lan_mode} = "ipv6" ]; then
+ atf_check -s exit:0 rump.ifconfig shmif0 inet6 ${lan}
+ else
+ atf_check -s exit:0 rump.ifconfig shmif0 inet ${lan} netmask 0xffffff00
+ fi
+ atf_check -s exit:0 rump.ifconfig shmif0 up
+ rump.ifconfig shmif0
+
+ if [ ${wan_mode} = "ipv6" ]; then
+ atf_check -s exit:0 rump.ifconfig shmif1 inet6 ${wan}
+ else
+ atf_check -s exit:0 rump.ifconfig shmif1 inet ${wan} netmask 0xff000000
+ fi
+ atf_check -s exit:0 rump.ifconfig shmif1 up
+ rump.ifconfig shmif1
+ unset RUMP_SERVER
+}
+
+test_router()
+{
+ local sock=${1}
+ local lan=${2}
+ local lan_mode=${3}
+ local wan=${4}
+ local wan_mode=${5}
+
+ export RUMP_SERVER=${sock}
+ atf_check -s exit:0 -o match:shmif0 rump.ifconfig
+ if [ ${lan_mode} = "ipv6" ]; then
+ atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${lan}
+ else
+ atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${lan}
+ fi
+
+ atf_check -s exit:0 -o match:shmif1 rump.ifconfig
+ if [ ${wan_mode} = "ipv6" ]; then
+ atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X $TIMEOUT ${wan}
+ else
+ atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w $TIMEOUT ${wan}
+ fi
+ unset RUMP_SERVER
+}
+
+setup()
+{
+ local inner=${1}
+ local outer=${2}
+
+ rump_server_crypto_start $SOCK1 netipsec netinet6 ipsec
+ rump_server_crypto_start $SOCK2 netipsec netinet6 ipsec
+
+ router1_lan=""
+ router1_lan_mode=""
+ router2_lan=""
+ router2_lan_mode=""
+ if [ ${inner} = "ipv6" ]; then
+ router1_lan=$ROUTER1_LANIP6
+ router1_lan_mode="ipv6"
+ router2_lan=$ROUTER2_LANIP6
+ router2_lan_mode="ipv6"
+ else
+ router1_lan=$ROUTER1_LANIP
+ router1_lan_mode="ipv4"
+ router2_lan=$ROUTER2_LANIP
+ router2_lan_mode="ipv4"
+ fi
+
+ if [ ${outer} = "ipv6" ]; then
+ setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \
+ $ROUTER1_WANIP6 ipv6
+ setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \
+ $ROUTER2_WANIP6 ipv6
+ else
+ setup_router $SOCK1 ${router1_lan} ${router1_lan_mode} \
+ $ROUTER1_WANIP ipv4
+ setup_router $SOCK2 ${router2_lan} ${router2_lan_mode} \
+ $ROUTER2_WANIP ipv4
+ fi
+}
+
+test_setup()
+{
+ local inner=${1}
+ local outer=${2}
+
+ local router1_lan=""
+ local router1_lan_mode=""
+ local router2_lan=""
+ local router2_lan_mode=""
+ if [ ${inner} = "ipv6" ]; then
+ router1_lan=$ROUTER1_LANIP6
+ router1_lan_mode="ipv6"
+ router2_lan=$ROUTER2_LANIP6
+ router2_lan_mode="ipv6"
+ else
+ router1_lan=$ROUTER1_LANIP
+ router1_lan_mode="ipv4"
+ router2_lan=$ROUTER2_LANIP
+ router2_lan_mode="ipv4"
+ fi
+ if [ ${outer} = "ipv6" ]; then
+ test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \
+ $ROUTER1_WANIP6 ipv6
+ test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \
+ $ROUTER2_WANIP6 ipv6
+ else
+ test_router $SOCK1 ${router1_lan} ${router1_lan_mode} \
+ $ROUTER1_WANIP ipv4
+ test_router $SOCK2 ${router2_lan} ${router2_lan_mode} \
+ $ROUTER2_WANIP ipv4
+ fi
+}
+
+get_if_ipsec_unique()
+{
+ local sock=${1}
+ local src=${2}
+ local proto=${3}
+ local unique=""
+
+ export RUMP_SERVER=${sock}
+ unique=`$HIJACKING setkey -DP | grep -A2 "^${src}.*(${proto})$" | grep unique | sed 's/.*unique#//'`
+ unset RUMP_SERVER
+
+ echo $unique
+}
+
+setup_if_ipsec()
+{
+ local sock=${1}
+ local addr=${2}
+ local remote=${3}
+ local inner=${4}
+ local src=${5}
+ local dst=${6}
+ local peernet=${7}
+
+ export RUMP_SERVER=${sock}
+ atf_check -s exit:0 rump.ifconfig ipsec0 create
+ atf_check -s exit:0 rump.ifconfig ipsec0 tunnel ${src} ${dst}
+ if [ ${inner} = "ipv6" ]; then
+ atf_check -s exit:0 rump.ifconfig ipsec0 inet6 ${addr}/128 ${remote}
+ atf_check -s exit:0 -o ignore rump.route add -inet6 ${peernet} ${addr}
+ else
+ atf_check -s exit:0 rump.ifconfig ipsec0 inet ${addr}/32 ${remote}
Home |
Main Index |
Thread Index |
Old Index