[src/trunk]: src/tests/net/ipsec Test flushing SAD/SPD entries

[ozaki-r <ozaki-r%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/85941a13dc8c
branches:  trunk
changeset: 823787:85941a13dc8c
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Tue May 09 04:25:28 2017 +0000

description:
Test flushing SAD/SPD entries

diffstat:

 tests/net/ipsec/Makefile             |   5 ++-
 tests/net/ipsec/common.sh            |  38 ++++++++++++++++++++++++++++++++++++
 tests/net/ipsec/t_ipsec_gif.sh       |   8 ++++++-
 tests/net/ipsec/t_ipsec_l2tp.sh      |   8 ++++++-
 tests/net/ipsec/t_ipsec_transport.sh |   8 ++++++-
 tests/net/ipsec/t_ipsec_tunnel.sh    |   8 ++++++-
 6 files changed, 69 insertions(+), 6 deletions(-)

diffs (177 lines):

diff -r e32817951373 -r 85941a13dc8c tests/net/ipsec/Makefile
--- a/tests/net/ipsec/Makefile  Tue May 09 04:24:10 2017 +0000
+++ b/tests/net/ipsec/Makefile  Tue May 09 04:25:28 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.3 2017/04/27 06:53:44 ozaki-r Exp $
+# $NetBSD: Makefile,v 1.4 2017/05/09 04:25:28 ozaki-r Exp $
 #
 
 .include <bsd.own.mk>
@@ -8,7 +8,8 @@
 .for name in ipsec_ah_keys ipsec_esp_keys ipsec_gif ipsec_l2tp ipsec_sysctl \
     ipsec_transport ipsec_tunnel
 TESTS_SH+=             t_${name}
-TESTS_SH_SRC_t_${name}=        ../net_common.sh ./algorithms.sh t_${name}.sh
+TESTS_SH_SRC_t_${name}=        ../net_common.sh ./common.sh ./algorithms.sh \
+    t_${name}.sh
 .endfor
 
 .include <bsd.test.mk>
diff -r e32817951373 -r 85941a13dc8c tests/net/ipsec/common.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/net/ipsec/common.sh Tue May 09 04:25:28 2017 +0000
@@ -0,0 +1,38 @@
+#      $NetBSD: common.sh,v 1.1 2017/05/09 04:25:28 ozaki-r Exp $
+#
+# Copyright (c) 2017 Internet Initiative Japan Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+test_flush_entries()
+{
+       local sock=$1
+
+       export RUMP_SERVER=$sock
+
+       atf_check -s exit:0 -o empty $HIJACKING setkey -F
+       atf_check -s exit:0 -o empty $HIJACKING setkey -F -P
+       atf_check -s exit:0 -o match:"No SAD entries." $HIJACKING setkey -D -a
+       atf_check -s exit:0 -o match:"No SPD entries." $HIJACKING setkey -D -P
+}
diff -r e32817951373 -r 85941a13dc8c tests/net/ipsec/t_ipsec_gif.sh
--- a/tests/net/ipsec/t_ipsec_gif.sh    Tue May 09 04:24:10 2017 +0000
+++ b/tests/net/ipsec/t_ipsec_gif.sh    Tue May 09 04:25:28 2017 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: t_ipsec_gif.sh,v 1.2 2017/04/27 10:17:12 ozaki-r Exp $
+#      $NetBSD: t_ipsec_gif.sh,v 1.3 2017/05/09 04:25:28 ozaki-r Exp $
 #
 # Copyright (c) 2017 Internet Initiative Japan Inc.
 # All rights reserved.
@@ -234,6 +234,9 @@
        str=$(make_gif_pktstr $ip_gwre_tun $ip_gwlo_tun \
            $ip_remote $ip_local $proto ipv4)
        atf_check -s exit:0 -o match:"$str" cat $outfile
+
+       test_flush_entries $SOCK_TUN_LOCAL
+       test_flush_entries $SOCK_TUN_REMOTE
 }
 
 test_ipsec6_gif()
@@ -401,6 +404,9 @@
        str=$(make_gif_pktstr $ip_gwre_tun $ip_gwlo_tun \
            $ip_remote $ip_local $proto ipv6)
        atf_check -s exit:0 -o match:"$str" cat $outfile
+
+       test_flush_entries $SOCK_TUN_LOCAL
+       test_flush_entries $SOCK_TUN_REMOTE
 }
 
 test_ipsec_gif_common()
diff -r e32817951373 -r 85941a13dc8c tests/net/ipsec/t_ipsec_l2tp.sh
--- a/tests/net/ipsec/t_ipsec_l2tp.sh   Tue May 09 04:24:10 2017 +0000
+++ b/tests/net/ipsec/t_ipsec_l2tp.sh   Tue May 09 04:25:28 2017 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: t_ipsec_l2tp.sh,v 1.2 2017/04/27 10:17:12 ozaki-r Exp $
+#      $NetBSD: t_ipsec_l2tp.sh,v 1.3 2017/05/09 04:25:28 ozaki-r Exp $
 #
 # Copyright (c) 2017 Internet Initiative Japan Inc.
 # All rights reserved.
@@ -220,6 +220,9 @@
        atf_check -s exit:0 -o match:"$str" cat $outfile
        str=$(make_l2tp_pktstr $ip_gwre_tun $ip_gwlo_tun $proto ipv4 $mode)
        atf_check -s exit:0 -o match:"$str" cat $outfile
+
+       test_flush_entries $SOCK_TUN_LOCAL
+       test_flush_entries $SOCK_TUN_REMOTE
 }
 
 test_ipsec6_l2tp()
@@ -387,6 +390,9 @@
        atf_check -s exit:0 -o match:"$str" cat $outfile
        str=$(make_l2tp_pktstr $ip_gwre_tun $ip_gwlo_tun $proto ipv6 $mode)
        atf_check -s exit:0 -o match:"$str" cat $outfile
+
+       test_flush_entries $SOCK_TUN_LOCAL
+       test_flush_entries $SOCK_TUN_REMOTE
 }
 
 test_ipsec_l2tp_common()
diff -r e32817951373 -r 85941a13dc8c tests/net/ipsec/t_ipsec_transport.sh
--- a/tests/net/ipsec/t_ipsec_transport.sh      Tue May 09 04:24:10 2017 +0000
+++ b/tests/net/ipsec/t_ipsec_transport.sh      Tue May 09 04:25:28 2017 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: t_ipsec_transport.sh,v 1.1 2017/04/14 02:56:49 ozaki-r Exp $
+#      $NetBSD: t_ipsec_transport.sh,v 1.2 2017/05/09 04:25:28 ozaki-r Exp $
 #
 # Copyright (c) 2017 Internet Initiative Japan Inc.
 # All rights reserved.
@@ -114,6 +114,9 @@
            cat $outfile
        atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \
            cat $outfile
+
+       test_flush_entries $SOCK_LOCAL
+       test_flush_entries $SOCK_PEER
 }
 
 test_ipsec6_transport()
@@ -199,6 +202,9 @@
            cat $outfile
        atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \
            cat $outfile
+
+       test_flush_entries $SOCK_LOCAL
+       test_flush_entries $SOCK_PEER
 }
 
 test_transport_common()
diff -r e32817951373 -r 85941a13dc8c tests/net/ipsec/t_ipsec_tunnel.sh
--- a/tests/net/ipsec/t_ipsec_tunnel.sh Tue May 09 04:24:10 2017 +0000
+++ b/tests/net/ipsec/t_ipsec_tunnel.sh Tue May 09 04:25:28 2017 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: t_ipsec_tunnel.sh,v 1.3 2017/04/16 10:34:49 ozaki-r Exp $
+#      $NetBSD: t_ipsec_tunnel.sh,v 1.4 2017/05/09 04:25:28 ozaki-r Exp $
 #
 # Copyright (c) 2017 Internet Initiative Japan Inc.
 # All rights reserved.
@@ -163,6 +163,9 @@
        atf_check -s exit:0 \
            -o match:"$ip_gw_remote_tunnel > $ip_gw_local_tunnel: $proto_cap" \
            cat $outfile
+
+       test_flush_entries $SOCK_TUNNEL_LOCAL
+       test_flush_entries $SOCK_TUNNEL_REMOTE
 }
 
 test_ipsec6_tunnel()
@@ -292,6 +295,9 @@
        atf_check -s exit:0 \
            -o match:"$ip_gw_remote_tunnel > $ip_gw_local_tunnel: $proto_cap" \
            cat $outfile
+
+       test_flush_entries $SOCK_TUNNEL_LOCAL
+       test_flush_entries $SOCK_TUNNEL_REMOTE
 }
 
 test_tunnel_common()