CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: rin
Date: Tue Aug 22 05:40:50 UTC 2023
Modified Files:
src/tests/net/ipsec: t_ipsec_gif.sh t_ipsec_l2tp.sh
Log Message:
t_ipsec_{gif,l2tp}: Adjust for tcpdump 4.99.4
It does not longer output redundant `` (ipip-proto-4)'':
https://github.com/the-tcpdump-group/tcpdump/commit/cba9b77a98e9dde764abde71a899ee8937ca56e8
Now, these tests become passing again.
Thanks mlelstv@ for finding out upstream commit.
OK ozaki-r@
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/tests/net/ipsec/t_ipsec_gif.sh \
src/tests/net/ipsec/t_ipsec_l2tp.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_gif.sh
diff -u src/tests/net/ipsec/t_ipsec_gif.sh:1.9 src/tests/net/ipsec/t_ipsec_gif.sh:1.10
--- src/tests/net/ipsec/t_ipsec_gif.sh:1.9 Mon Feb 17 08:46:10 2020
+++ src/tests/net/ipsec/t_ipsec_gif.sh Tue Aug 22 05:40:50 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_gif.sh,v 1.9 2020/02/17 08:46:10 ozaki-r Exp $
+# $NetBSD: t_ipsec_gif.sh,v 1.10 2023/08/22 05:40:50 rin Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -49,11 +49,7 @@ make_gif_pktstr()
proto_cap=ESP
else
proto_cap=AH
- if [ $ipproto = ipv4 ]; then
- inner_str="$src_inner > $dst_inner:.+\(ipip-proto-4\)"
- else
- inner_str="$src_inner > $dst_inner"
- fi
+ inner_str="$src_inner > $dst_inner"
fi
echo "$src > $dst: $proto_cap.+$inner_str"
@@ -144,11 +140,9 @@ test_ipsec4_gif()
extract_new_packets $BUS_TUNNEL > $outfile
str="$ip_gwlo_tun > $ip_gwre_tun:"
str="$str $ip_local > $ip_remote: ICMP echo request,"
- str="$str .+ \(ipip-proto-4\)"
atf_check -s exit:0 -o match:"$str" cat $outfile
str="$ip_gwre_tun > $ip_gwlo_tun:"
str="$str $ip_remote > $ip_local: ICMP echo reply,"
- str="$str .+ \(ipip-proto-4\)"
atf_check -s exit:0 -o match:"$str" cat $outfile
if [ $mode = tunnel ]; then
Index: src/tests/net/ipsec/t_ipsec_l2tp.sh
diff -u src/tests/net/ipsec/t_ipsec_l2tp.sh:1.9 src/tests/net/ipsec/t_ipsec_l2tp.sh:1.10
--- src/tests/net/ipsec/t_ipsec_l2tp.sh:1.9 Mon Feb 17 08:46:10 2020
+++ src/tests/net/ipsec/t_ipsec_l2tp.sh Tue Aug 22 05:40:50 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_l2tp.sh,v 1.9 2020/02/17 08:46:10 ozaki-r Exp $
+# $NetBSD: t_ipsec_l2tp.sh,v 1.10 2023/08/22 05:40:50 rin Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -49,11 +49,7 @@ make_l2tp_pktstr()
else
proto_cap=AH
if [ $ipproto = ipv4 ]; then
- if [ $mode = tunnel ]; then
-proto_str="ip-proto-115 102 \(ipip-proto-4\)"
- else
-proto_str="ip-proto-115 102"
- fi
+ proto_str="ip-proto-115 102"
else
proto_str="ip-proto-115"
fi
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: rin
Date: Tue Aug 22 05:40:50 UTC 2023
Modified Files:
src/tests/net/ipsec: t_ipsec_gif.sh t_ipsec_l2tp.sh
Log Message:
t_ipsec_{gif,l2tp}: Adjust for tcpdump 4.99.4
It does not longer output redundant `` (ipip-proto-4)'':
https://github.com/the-tcpdump-group/tcpdump/commit/cba9b77a98e9dde764abde71a899ee8937ca56e8
Now, these tests become passing again.
Thanks mlelstv@ for finding out upstream commit.
OK ozaki-r@
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/tests/net/ipsec/t_ipsec_gif.sh \
src/tests/net/ipsec/t_ipsec_l2tp.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: knakahara
Date: Mon Jun 19 08:28:09 UTC 2023
Modified Files:
src/tests/net/ipsec: t_ipsec_ah_keys.sh t_ipsec_esp_keys.sh
t_ipsec_transport.sh t_ipsec_tunnel.sh t_ipsec_tunnel_ipcomp.sh
t_ipsec_tunnel_odd.sh
Log Message:
Repair test coverage. I revert by proxy as the committer seems too busy to
even reply mail.
TODO:
Provide some way for small machines to run subset test so that they get
shorter run time at the expense of test coverage.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/t_ipsec_ah_keys.sh \
src/tests/net/ipsec/t_ipsec_esp_keys.sh \
src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh
cvs rdiff -u -r1.7 -r1.8 src/tests/net/ipsec/t_ipsec_transport.sh
cvs rdiff -u -r1.10 -r1.11 src/tests/net/ipsec/t_ipsec_tunnel.sh
cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/t_ipsec_tunnel_odd.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_ah_keys.sh
diff -u src/tests/net/ipsec/t_ipsec_ah_keys.sh:1.3 src/tests/net/ipsec/t_ipsec_ah_keys.sh:1.4
--- src/tests/net/ipsec/t_ipsec_ah_keys.sh:1.3 Sun Jun 4 22:18:47 2023
+++ src/tests/net/ipsec/t_ipsec_ah_keys.sh Mon Jun 19 08:28:09 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_ah_keys.sh,v 1.3 2023/06/04 22:18:47 chs Exp $
+# $NetBSD: t_ipsec_ah_keys.sh,v 1.4 2023/06/19 08:28:09 knakahara Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -152,7 +152,7 @@ add_test_invalid_keys()
atf_init_test_cases()
{
- for aalgo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
+ for aalgo in $AH_AUTHENTICATION_ALGORITHMS; do
add_test_valid_keys $aalgo
add_test_invalid_keys $aalgo
done
Index: src/tests/net/ipsec/t_ipsec_esp_keys.sh
diff -u src/tests/net/ipsec/t_ipsec_esp_keys.sh:1.3 src/tests/net/ipsec/t_ipsec_esp_keys.sh:1.4
--- src/tests/net/ipsec/t_ipsec_esp_keys.sh:1.3 Sun Jun 4 22:18:47 2023
+++ src/tests/net/ipsec/t_ipsec_esp_keys.sh Mon Jun 19 08:28:09 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_esp_keys.sh,v 1.3 2023/06/04 22:18:47 chs Exp $
+# $NetBSD: t_ipsec_esp_keys.sh,v 1.4 2023/06/19 08:28:09 knakahara Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -152,7 +152,7 @@ add_test_invalid_keys()
atf_init_test_cases()
{
- for ealgo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do
+ for ealgo in $ESP_ENCRYPTION_ALGORITHMS; do
add_test_valid_keys $ealgo
add_test_invalid_keys $ealgo
done
Index: src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh
diff -u src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh:1.3 src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh:1.4
--- src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh:1.3 Sun Jun 4 22:18:47 2023
+++ src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh Mon Jun 19 08:28:09 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_tunnel_ipcomp.sh,v 1.3 2023/06/04 22:18:47 chs Exp $
+# $NetBSD: t_ipsec_tunnel_ipcomp.sh,v 1.4 2023/06/19 08:28:09 knakahara Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -395,7 +395,7 @@ atf_init_test_cases()
{
local calgo= algo=
- for calgo in $IPCOMP_COMPRESSION_ALGORITHMS_MINIMUM; do
+ for calgo in $IPCOMP_COMPRESSION_ALGORITHMS; do
for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do
add_test_tunnel_mode ipv4 esp $algo $calgo
add_test_tunnel_mode ipv6 esp $algo $calgo
Index: src/tests/net/ipsec/t_ipsec_transport.sh
diff -u src/tests/net/ipsec/t_ipsec_transport.sh:1.7 src/tests/net/ipsec/t_ipsec_transport.sh:1.8
--- src/tests/net/ipsec/t_ipsec_transport.sh:1.7 Sun Jun 4 22:18:47 2023
+++ src/tests/net/ipsec/t_ipsec_transport.sh Mon Jun 19 08:28:09 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_transport.sh,v 1.7 2023/06/04 22:18:47 chs Exp $
+# $NetBSD: t_ipsec_transport.sh,v 1.8 2023/06/19 08:28:09 knakahara Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -261,15 +261,15 @@ atf_init_test_cases()
{
local algo=
- for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do
+ for algo in $ESP_ENCRYPTION_ALGORITHMS; do
add_test_transport_mode ipv4 esp $algo
add_test_transport_mode ipv6 esp $algo
done
- for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
+ for algo in $AH_AUTHENTICATION_ALGORITHMS; do
add_test_transport_mode ipv4 ah $algo
add_test_transport_mode ipv6 ah $algo
done
- for algo in $IPCOMP_COMPRESSION_ALGORITHMS_MINIMUM; do
+ for algo in $IPCOMP_COMPRESSION_ALGORITHMS; do
add_test_transport_mode ipv4 ipcomp $algo
add_test_transport_mode ipv6 ipcomp $algo
done
Index: src/tests/net/ipsec/t_ipsec_tunnel.sh
diff -u src/tests/net/ipsec/t_ipsec_tunnel.sh:1.10 src/tests/net/ipsec/t_ipsec_tunnel.sh:1.11
--- src/tests/net/ipsec/t_ipsec_tunnel.sh:1.10 Sun Jun 4 22:18:47 2023
+++ src/tests/net/ipsec/t_ipsec_tunnel.sh Mon Jun 19 08:28:09 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_tunnel.sh,v 1.10 2023/06/04 22:18:47 chs Exp $
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: knakahara Date: Mon Jun 19 08:28:09 UTC 2023 Modified Files: src/tests/net/ipsec: t_ipsec_ah_keys.sh t_ipsec_esp_keys.sh t_ipsec_transport.sh t_ipsec_tunnel.sh t_ipsec_tunnel_ipcomp.sh t_ipsec_tunnel_odd.sh Log Message: Repair test coverage. I revert by proxy as the committer seems too busy to even reply mail. TODO: Provide some way for small machines to run subset test so that they get shorter run time at the expense of test coverage. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/t_ipsec_ah_keys.sh \ src/tests/net/ipsec/t_ipsec_esp_keys.sh \ src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh cvs rdiff -u -r1.7 -r1.8 src/tests/net/ipsec/t_ipsec_transport.sh cvs rdiff -u -r1.10 -r1.11 src/tests/net/ipsec/t_ipsec_tunnel.sh cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/t_ipsec_tunnel_odd.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: chs
Date: Sun Jun 4 22:18:47 UTC 2023
Modified Files:
src/tests/net/ipsec: t_ipsec_ah_keys.sh t_ipsec_esp_keys.sh
t_ipsec_transport.sh t_ipsec_tunnel.sh t_ipsec_tunnel_ipcomp.sh
t_ipsec_tunnel_odd.sh
Log Message:
The ATF design is O(N^2) in the number of TCs in one TP, which on some
slower platforms causes the net/ipsec tests to take as much as 30% of
the total time to run all of the ATF tests. Reduce the number of TCs
in various net/ipsec TPs by iterating over *_ALGORITHMS_MINIMUM rather
than *_ALGORITHMS. Various of the net/ipsec tests already use the
smaller lists, so change the rest of them to do so as well.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_ah_keys.sh \
src/tests/net/ipsec/t_ipsec_esp_keys.sh \
src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh
cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/t_ipsec_transport.sh
cvs rdiff -u -r1.9 -r1.10 src/tests/net/ipsec/t_ipsec_tunnel.sh
cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/t_ipsec_tunnel_odd.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_ah_keys.sh
diff -u src/tests/net/ipsec/t_ipsec_ah_keys.sh:1.2 src/tests/net/ipsec/t_ipsec_ah_keys.sh:1.3
--- src/tests/net/ipsec/t_ipsec_ah_keys.sh:1.2 Thu Aug 3 03:16:27 2017
+++ src/tests/net/ipsec/t_ipsec_ah_keys.sh Sun Jun 4 22:18:47 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_ah_keys.sh,v 1.2 2017/08/03 03:16:27 ozaki-r Exp $
+# $NetBSD: t_ipsec_ah_keys.sh,v 1.3 2023/06/04 22:18:47 chs Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -152,7 +152,7 @@ add_test_invalid_keys()
atf_init_test_cases()
{
- for aalgo in $AH_AUTHENTICATION_ALGORITHMS; do
+ for aalgo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
add_test_valid_keys $aalgo
add_test_invalid_keys $aalgo
done
Index: src/tests/net/ipsec/t_ipsec_esp_keys.sh
diff -u src/tests/net/ipsec/t_ipsec_esp_keys.sh:1.2 src/tests/net/ipsec/t_ipsec_esp_keys.sh:1.3
--- src/tests/net/ipsec/t_ipsec_esp_keys.sh:1.2 Thu Aug 3 03:16:27 2017
+++ src/tests/net/ipsec/t_ipsec_esp_keys.sh Sun Jun 4 22:18:47 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_esp_keys.sh,v 1.2 2017/08/03 03:16:27 ozaki-r Exp $
+# $NetBSD: t_ipsec_esp_keys.sh,v 1.3 2023/06/04 22:18:47 chs Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -152,7 +152,7 @@ add_test_invalid_keys()
atf_init_test_cases()
{
- for ealgo in $ESP_ENCRYPTION_ALGORITHMS; do
+ for ealgo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do
add_test_valid_keys $ealgo
add_test_invalid_keys $ealgo
done
Index: src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh
diff -u src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh:1.2 src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh:1.3
--- src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh:1.2 Thu Aug 3 03:16:27 2017
+++ src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh Sun Jun 4 22:18:47 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_tunnel_ipcomp.sh,v 1.2 2017/08/03 03:16:27 ozaki-r Exp $
+# $NetBSD: t_ipsec_tunnel_ipcomp.sh,v 1.3 2023/06/04 22:18:47 chs Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -395,7 +395,7 @@ atf_init_test_cases()
{
local calgo= algo=
- for calgo in $IPCOMP_COMPRESSION_ALGORITHMS; do
+ for calgo in $IPCOMP_COMPRESSION_ALGORITHMS_MINIMUM; do
for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do
add_test_tunnel_mode ipv4 esp $algo $calgo
add_test_tunnel_mode ipv6 esp $algo $calgo
Index: src/tests/net/ipsec/t_ipsec_transport.sh
diff -u src/tests/net/ipsec/t_ipsec_transport.sh:1.6 src/tests/net/ipsec/t_ipsec_transport.sh:1.7
--- src/tests/net/ipsec/t_ipsec_transport.sh:1.6 Thu Aug 3 03:16:27 2017
+++ src/tests/net/ipsec/t_ipsec_transport.sh Sun Jun 4 22:18:47 2023
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_transport.sh,v 1.6 2017/08/03 03:16:27 ozaki-r Exp $
+# $NetBSD: t_ipsec_transport.sh,v 1.7 2023/06/04 22:18:47 chs Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -261,15 +261,15 @@ atf_init_test_cases()
{
local algo=
- for algo in $ESP_ENCRYPTION_ALGORITHMS; do
+ for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do
add_test_transport_mode ipv4 esp $algo
add_test_transport_mode ipv6 esp $algo
done
- for algo in $AH_AUTHENTICATION_ALGORITHMS; do
+ for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
add_test_transport_mode ipv4 ah $algo
add_test_transport_mode ipv6 ah $algo
done
- for algo in $IPCOMP_COMPRESSION_ALGORITHMS; do
+ for algo in $IPCOMP_COMPRESSION_ALGORITHMS_MINIMUM; do
add_test_transport_mode ipv4 ipcomp $algo
add_test_transport_mode ipv6 ipcomp $algo
done
Index: src/tests/net/ipsec/t_ipsec_tunnel.sh
diff -u src/tests/net/ipsec/t_ipsec_tunnel.sh:1.9 src/tests/net/ipsec/t_ipsec_tunnel.sh:1.10
--- src/tests/net/ipsec/t_ipsec_tunnel.sh:1.9 Thu
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: chs Date: Sun Jun 4 22:18:47 UTC 2023 Modified Files: src/tests/net/ipsec: t_ipsec_ah_keys.sh t_ipsec_esp_keys.sh t_ipsec_transport.sh t_ipsec_tunnel.sh t_ipsec_tunnel_ipcomp.sh t_ipsec_tunnel_odd.sh Log Message: The ATF design is O(N^2) in the number of TCs in one TP, which on some slower platforms causes the net/ipsec tests to take as much as 30% of the total time to run all of the ATF tests. Reduce the number of TCs in various net/ipsec TPs by iterating over *_ALGORITHMS_MINIMUM rather than *_ALGORITHMS. Various of the net/ipsec tests already use the smaller lists, so change the rest of them to do so as well. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_ah_keys.sh \ src/tests/net/ipsec/t_ipsec_esp_keys.sh \ src/tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/t_ipsec_transport.sh cvs rdiff -u -r1.9 -r1.10 src/tests/net/ipsec/t_ipsec_tunnel.sh cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/t_ipsec_tunnel_odd.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: knakahara Date: Thu Nov 24 02:58:28 UTC 2022 Modified Files: src/tests/net/ipsec: t_ipsec_forwarding.sh Log Message: clean up To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_forwarding.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: knakahara
Date: Thu Nov 24 02:58:28 UTC 2022
Modified Files:
src/tests/net/ipsec: t_ipsec_forwarding.sh
Log Message:
clean up
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_forwarding.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_forwarding.sh
diff -u src/tests/net/ipsec/t_ipsec_forwarding.sh:1.1 src/tests/net/ipsec/t_ipsec_forwarding.sh:1.2
--- src/tests/net/ipsec/t_ipsec_forwarding.sh:1.1 Wed Nov 9 08:21:20 2022
+++ src/tests/net/ipsec/t_ipsec_forwarding.sh Thu Nov 24 02:58:28 2022
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_forwarding.sh,v 1.1 2022/11/09 08:21:20 knakahara Exp $
+# $NetBSD: t_ipsec_forwarding.sh,v 1.2 2022/11/24 02:58:28 knakahara Exp $
#
# Copyright (c) 2022 Internet Initiative Japan Inc.
# All rights reserved.
@@ -456,33 +456,6 @@ test_ipsec_sp_port_ipv6()
atf_check -s exit:0 \
-o match:"${ip_remote_i}\.$port > ${ip_local_i}\.[0-9]+" \
cat $routfile
-
-# # Check TCP communications from remote to local
-# start_nc_server $SOCK_LOCAL $port $file_recv ipv6
-# prepare_file $file_send
-# export RUMP_SERVER=$SOCK_REMOTE
-# atf_check -s exit:0 $HIJACKING nc -w 3 $ip_local_i $port < $file_send
-# atf_check -s exit:0 diff -q $file_send $file_recv
-# stop_nc_server
-#
-# extract_new_packets $BUS_LOCAL_F > $loutfile
-# extract_new_packets $BUS_REMOTE_F > $routfile
-# $DEBUG && cat $loutfile
-# atf_check -s exit:0 \
-# -o match:"${ip_local_f}\.[0-9]+ > ${ip_remote_i}\.$port" \
-# cat $loutfile
-# atf_check -s exit:0 \
-# -o match:"${ip_remote_i}\.$port > ${ip_local_f}\.[0-9]+" \
-# cat $loutfile
-# $DEBUG && cat $routfile
-# atf_check -s exit:0 \
-# -o match:"${ip_forward_l} > ${ip_remote_i}: ESP" \
-# cat $routfile
-# atf_check -s exit:0 \
-# -o match:"${ip_remote_i} > ${ip_forward_l}: ESP" \
-# cat $routfile
-
-
}
add_test_ipsec_sp_port()
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: msaitoh Date: Sun Dec 5 02:49:21 UTC 2021 Modified Files: src/tests/net/ipsec: algorithms.sh Log Message: s/encript/encrypt/ in comment. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/algorithms.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/algorithms.sh diff -u src/tests/net/ipsec/algorithms.sh:1.6 src/tests/net/ipsec/algorithms.sh:1.7 --- src/tests/net/ipsec/algorithms.sh:1.6 Fri Oct 27 04:31:50 2017 +++ src/tests/net/ipsec/algorithms.sh Sun Dec 5 02:49:21 2021 @@ -1,4 +1,4 @@ -# $NetBSD: algorithms.sh,v 1.6 2017/10/27 04:31:50 ozaki-r Exp $ +# $NetBSD: algorithms.sh,v 1.7 2021/12/05 02:49:21 msaitoh Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -29,7 +29,7 @@ ESP_ENCRYPTION_ALGORITHMS="des-cbc 3des- des-deriv rijndael-cbc aes-ctr camellia-cbc aes-gcm-16 aes-gmac" ESP_ENCRYPTION_ALGORITHMS_MINIMUM="null rijndael-cbc" -# Valid key lengths of ESP encription algorithms +# Valid key lengths of ESP encryption algorithms #des-cbc 64 #3des-cbc192 #null0 to 2048 XXX only accept 0 length
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: msaitoh Date: Sun Dec 5 02:49:21 UTC 2021 Modified Files: src/tests/net/ipsec: algorithms.sh Log Message: s/encript/encrypt/ in comment. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/algorithms.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: martin Date: Mon Aug 31 14:03:56 UTC 2020 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Skip timeout tests, pointing to PR 55632. To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: martin Date: Mon Aug 31 14:03:56 UTC 2020 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Skip timeout tests, pointing to PR 55632. To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/t_ipsec_misc.sh diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.23 src/tests/net/ipsec/t_ipsec_misc.sh:1.24 --- src/tests/net/ipsec/t_ipsec_misc.sh:1.23 Tue Jul 23 04:31:25 2019 +++ src/tests/net/ipsec/t_ipsec_misc.sh Mon Aug 31 14:03:56 2020 @@ -1,4 +1,4 @@ -# $NetBSD: t_ipsec_misc.sh,v 1.23 2019/07/23 04:31:25 ozaki-r Exp $ +# $NetBSD: t_ipsec_misc.sh,v 1.24 2020/08/31 14:03:56 martin Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -565,6 +565,10 @@ test_spi() local spistr= local longtime= shorttime= + if [ $method = timeout ]; then + atf_skip \ + "PR 55632: test fails randomly, leaving spurious rump_server around" + fi if [ $method = timeout -a $preferred = new ]; then skip_if_qemu fi
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Mon Feb 17 08:46:10 UTC 2020 Modified Files: src/tests/net/ipsec: t_ipsec_gif.sh t_ipsec_l2tp.sh Log Message: tests: add missing ifconfig -w This change mitigates PR kern/54897. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/tests/net/ipsec/t_ipsec_gif.sh \ src/tests/net/ipsec/t_ipsec_l2tp.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Mon Feb 17 08:46:10 UTC 2020
Modified Files:
src/tests/net/ipsec: t_ipsec_gif.sh t_ipsec_l2tp.sh
Log Message:
tests: add missing ifconfig -w
This change mitigates PR kern/54897.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/tests/net/ipsec/t_ipsec_gif.sh \
src/tests/net/ipsec/t_ipsec_l2tp.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_gif.sh
diff -u src/tests/net/ipsec/t_ipsec_gif.sh:1.8 src/tests/net/ipsec/t_ipsec_gif.sh:1.9
--- src/tests/net/ipsec/t_ipsec_gif.sh:1.8 Mon Aug 19 03:22:05 2019
+++ src/tests/net/ipsec/t_ipsec_gif.sh Mon Feb 17 08:46:10 2020
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_gif.sh,v 1.8 2019/08/19 03:22:05 ozaki-r Exp $
+# $NetBSD: t_ipsec_gif.sh,v 1.9 2020/02/17 08:46:10 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -59,6 +59,15 @@ make_gif_pktstr()
echo "$src > $dst: $proto_cap.+$inner_str"
}
+wait_for_all_dad_completions()
+{
+
+ for sock in $SOCK_LOCAL $SOCK_TUN_LOCAL $SOCK_TUN_REMOTE $SOCK_REMOTE; do
+ export RUMP_SERVER=$sock
+ atf_check -s exit:0 rump.ifconfig -w 10
+ done
+}
+
test_ipsec4_gif()
{
local mode=$1
@@ -121,8 +130,9 @@ test_ipsec4_gif()
export RUMP_SERVER=$SOCK_REMOTE
atf_check -s exit:0 rump.ifconfig shmif0 $ip_remote/24
- # Run ifconfig -w 10 just once for optimization
- atf_check -s exit:0 rump.ifconfig -w 10
+
+ wait_for_all_dad_completions
+
atf_check -s exit:0 -o ignore \
rump.route -n add -net $subnet_local $ip_gw_remote
@@ -273,8 +283,9 @@ test_ipsec6_gif()
export RUMP_SERVER=$SOCK_REMOTE
atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_remote
- # Run ifconfig -w 10 just once for optimization
- atf_check -s exit:0 rump.ifconfig -w 10
+
+ wait_for_all_dad_completions
+
atf_check -s exit:0 -o ignore \
rump.route -n add -inet6 -net $subnet_local/64 $ip_gw_remote
Index: src/tests/net/ipsec/t_ipsec_l2tp.sh
diff -u src/tests/net/ipsec/t_ipsec_l2tp.sh:1.8 src/tests/net/ipsec/t_ipsec_l2tp.sh:1.9
--- src/tests/net/ipsec/t_ipsec_l2tp.sh:1.8 Mon Aug 19 03:22:05 2019
+++ src/tests/net/ipsec/t_ipsec_l2tp.sh Mon Feb 17 08:46:10 2020
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_l2tp.sh,v 1.8 2019/08/19 03:22:05 ozaki-r Exp $
+# $NetBSD: t_ipsec_l2tp.sh,v 1.9 2020/02/17 08:46:10 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -62,6 +62,15 @@ make_l2tp_pktstr()
echo "$src > $dst: $proto_cap.+$proto_str"
}
+wait_for_all_dad_completions()
+{
+
+ for sock in $SOCK_LOCAL $SOCK_TUN_LOCAL $SOCK_TUN_REMOTE $SOCK_REMOTE; do
+ export RUMP_SERVER=$sock
+ atf_check -s exit:0 rump.ifconfig -w 10
+ done
+}
+
test_ipsec4_l2tp()
{
local mode=$1
@@ -121,8 +130,8 @@ test_ipsec4_l2tp()
export RUMP_SERVER=$SOCK_REMOTE
atf_check -s exit:0 rump.ifconfig shmif0 $ip_remote/24
- # Run ifconfig -w 10 just once for optimization
- atf_check -s exit:0 rump.ifconfig -w 10
+
+ wait_for_all_dad_completions
extract_new_packets $BUS_TUNNEL > $outfile
@@ -263,8 +272,8 @@ test_ipsec6_l2tp()
export RUMP_SERVER=$SOCK_REMOTE
atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_remote
- # Run ifconfig -w 10 just once for optimization
- atf_check -s exit:0 rump.ifconfig -w 10
+
+ wait_for_all_dad_completions
extract_new_packets $BUS_TUNNEL > $outfile
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Tue Jul 23 04:31:25 UTC 2019
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
tests: add tests for getspi and udpate
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.22 src/tests/net/ipsec/t_ipsec_misc.sh:1.23
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.22 Thu Nov 9 04:51:07 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Tue Jul 23 04:31:25 2019
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.22 2017/11/09 04:51:07 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.23 2019/07/23 04:31:25 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -40,9 +40,16 @@ setup_sasp()
local lifetime=$5
local update=$6
local tmpfile=./tmp
+ local saadd=add
+ local saadd_algo_args="$algo_args"
local extra=
- if [ "$update" = sa ]; then
+ if [ "$update" = getspi ]; then
+ saadd=getspi
+ saadd_algo_args=
+ fi
+
+ if [ "$update" = sa -o "$update" = getspi ]; then
extra="update $ip_local $ip_peer $proto 1 $algo_args;
update $ip_peer $ip_local $proto 10001 $algo_args;"
elif [ "$update" = sp ]; then
@@ -51,8 +58,8 @@ setup_sasp()
export RUMP_SERVER=$SOCK_LOCAL
cat > $tmpfile <<-EOF
- add $ip_local $ip_peer $proto 1 -lh $lifetime -ls $lifetime $algo_args;
- add $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $algo_args;
+ $saadd $ip_local $ip_peer $proto 1 -lh $lifetime -ls $lifetime $saadd_algo_args;
+ $saadd $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $saadd_algo_args;
spdadd $ip_local $ip_peer any -P out ipsec $proto/transport//require;
$extra
EOF
@@ -67,8 +74,8 @@ setup_sasp()
export RUMP_SERVER=$SOCK_PEER
cat > $tmpfile <<-EOF
- add $ip_local $ip_peer $proto 1 -lh $lifetime -ls $lifetime $algo_args;
- add $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $algo_args;
+ $saadd $ip_local $ip_peer $proto 1 -lh $lifetime -ls $lifetime $saadd_algo_args;
+ $saadd $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $saadd_algo_args;
spdadd $ip_peer $ip_local any -P out ipsec $proto/transport//require;
$extra
EOF
@@ -370,6 +377,71 @@ add_test_update()
atf_add_test_case ${name}
}
+test_getspi_update()
+{
+ local proto=$1
+ local algo=$2
+ local ip_local=10.0.0.1
+ local ip_peer=10.0.0.2
+ local algo_args="$(generate_algo_args $proto $algo)"
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local outfile=./out
+
+ rump_server_crypto_start $SOCK_LOCAL netipsec
+ rump_server_crypto_start $SOCK_PEER netipsec
+ rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
+ rump_server_add_iface $SOCK_PEER shmif0 $BUS
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24
+
+ export RUMP_SERVER=$SOCK_PEER
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24
+
+ setup_sasp $proto "$algo_args" $ip_local $ip_peer 100 getspi
+
+ extract_new_packets $BUS > $outfile
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+
+ extract_new_packets $BUS > $outfile
+ atf_check -s exit:0 -o match:"$ip_local > $ip_peer: $proto_cap" \
+ cat $outfile
+ atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \
+ cat $outfile
+}
+
+add_test_getspi_update()
+{
+ local proto=$1
+ local algo=$2
+ local _algo=$(echo $algo | sed 's/-//g')
+ local name= desc=
+
+ desc="Tests trying to getspi and udpate SA of $proto ($algo)"
+ name="ipsec_getspi_update_sa_${proto}_${_algo}"
+
+ atf_test_case ${name} cleanup
+ eval "
+ ${name}_head() {
+ atf_set descr \"$desc\"
+ atf_set require.progs rump_server setkey
+ }
+ ${name}_body() {
+ test_getspi_update $proto $algo
+ rump_server_destroy_ifaces
+ }
+ ${name}_cleanup() {
+ \$DEBUG && dump
+ cleanup
+ }
+ "
+ atf_add_test_case ${name}
+}
+
add_sa()
{
local proto=$1
@@ -809,6 +881,7 @@ atf_init_test_cases()
add_test_lifetime ipv6 esp $algo
add_test_update esp $algo sa
add_test_update esp $algo sp
+ add_test_getspi_update esp $algo
add_test_spi esp $algo new delete
add_test_spi esp $algo old delete
add_test_spi esp $algo new timeout
@@ -821,6 +894,7 @@ atf_init_test_cases()
add_test_lifetime ipv6 ah $algo
add_test_update ah $algo sa
add_test_update ah $algo sp
+ add_test_getspi_update ah $algo
add_test_spi ah $algo new delete
add_test_spi ah $algo old delete
add_test_spi ah $algo new timeout
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: knakahara Date: Thu Nov 22 04:51:41 UTC 2018 Modified Files: src/tests/net/ipsec: natt_terminator.c t_ipsec_natt.sh Log Message: Add ATF for IPv6 NAT-T. We use IPv6 NAT-T to avoid IPsec slowing down caused by dropping ESP packets by some Customer Premises Equipments (CPE). I implement ATF to test such situation. I think it can also work with nat66, but I have not tested to the fine details. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/natt_terminator.c \ src/tests/net/ipsec/t_ipsec_natt.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: knakahara
Date: Thu Nov 22 04:51:41 UTC 2018
Modified Files:
src/tests/net/ipsec: natt_terminator.c t_ipsec_natt.sh
Log Message:
Add ATF for IPv6 NAT-T.
We use IPv6 NAT-T to avoid IPsec slowing down caused by dropping ESP packets
by some Customer Premises Equipments (CPE). I implement ATF to test such
situation.
I think it can also work with nat66, but I have not tested to the fine details.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/natt_terminator.c \
src/tests/net/ipsec/t_ipsec_natt.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/natt_terminator.c
diff -u src/tests/net/ipsec/natt_terminator.c:1.1 src/tests/net/ipsec/natt_terminator.c:1.2
--- src/tests/net/ipsec/natt_terminator.c:1.1 Mon Oct 30 15:59:23 2017
+++ src/tests/net/ipsec/natt_terminator.c Thu Nov 22 04:51:41 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: natt_terminator.c,v 1.1 2017/10/30 15:59:23 ozaki-r Exp $ */
+/* $NetBSD: natt_terminator.c,v 1.2 2018/11/22 04:51:41 knakahara Exp $ */
/*-
* Copyright (c) 2017 Internet Initiative Japan Inc.
@@ -41,6 +41,14 @@
#include
#include
+static void
+usage(void)
+{
+ const char *prog = "natt_terminator";
+
+ fprintf(stderr, "Usage: %s [-46] \n", prog);
+}
+
int
main(int argc, char **argv)
{
@@ -49,17 +57,34 @@ main(int argc, char **argv)
int s, e;
const char *addr, *port;
int option;
+ int c, family = AF_INET;
+
+ while ((c = getopt(argc, argv, "46")) != -1) {
+ switch (c) {
+ case '4':
+ family = AF_INET;
+ break;
+ case '6':
+ family = AF_INET6;
+ break;
+ default:
+ usage();
+ return 1;
+ }
+ }
+ argc -= optind;
+ argv += optind;
- if (argc != 3) {
- fprintf(stderr, "Usage: %s \n", argv[0]);
+ if (argc != 2) {
+ usage();
return 1;
}
- addr = argv[1];
- port = argv[2];
+ addr = argv[0];
+ port = argv[1];
memset(, 0, sizeof(hints));
- hints.ai_family = AF_INET;
+ hints.ai_family = family;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = 0;
Index: src/tests/net/ipsec/t_ipsec_natt.sh
diff -u src/tests/net/ipsec/t_ipsec_natt.sh:1.1 src/tests/net/ipsec/t_ipsec_natt.sh:1.2
--- src/tests/net/ipsec/t_ipsec_natt.sh:1.1 Mon Oct 30 15:59:23 2017
+++ src/tests/net/ipsec/t_ipsec_natt.sh Thu Nov 22 04:51:41 2018
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_natt.sh,v 1.1 2017/10/30 15:59:23 ozaki-r Exp $
+# $NetBSD: t_ipsec_natt.sh,v 1.2 2018/11/22 04:51:41 knakahara Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -31,11 +31,12 @@ SOCK_REMOTE=unix://ipsec_natt_remote
BUS_LOCAL=./bus_ipsec_natt_local
BUS_NAT=./bus_ipsec_natt_nat
BUS_REMOTE=./bus_ipsec_natt_remote
+BUS_GLOBAL=./bus_ipsec_natt_global
DEBUG=${DEBUG:-false}
HIJACKING_NPF="${HIJACKING},blanket=/dev/npf"
-setup_servers()
+setup_servers_ipv4()
{
rump_server_crypto_start $SOCK_LOCAL netipsec
@@ -47,6 +48,22 @@ setup_servers()
rump_server_add_iface $SOCK_REMOTE shmif0 $BUS_NAT
}
+setup_servers_ipv6()
+{
+
+ rump_server_crypto_start $SOCK_LOCAL netipsec netinet6 ipsec
+ rump_server_crypto_start $SOCK_REMOTE netipsec netinet6 ipsec
+ rump_server_add_iface $SOCK_LOCAL shmif0 $BUS_GLOBAL
+ rump_server_add_iface $SOCK_REMOTE shmif0 $BUS_GLOBAL
+}
+
+setup_servers()
+{
+ local proto=$1
+
+ setup_servers_$proto
+}
+
setup_sp()
{
local proto=$1
@@ -151,17 +168,24 @@ PIDSFILE=./terminator.pids
start_natt_terminator()
{
local sock=$1
- local ip=$2
- local port=$3
- local pidsfile=$4
+ local proto=$2
+ local ip=$3
+ local port=$4
+ local pidsfile=$5
local backup=$RUMP_SERVER
- local pid=
+ local pid= opt=
local terminator="$(atf_get_srcdir)/natt_terminator"
+ if [ "$proto" = "ipv6" ]; then
+ opt="-6"
+ else
+ opt="-4"
+ fi
+
export RUMP_SERVER=$sock
env LD_PRELOAD=/usr/lib/librumphijack.so \
- $terminator $ip $port &
+ $terminator $opt $ip $port &
pid=$!
if [ ! -f $PIDSFILE ]; then
touch $PIDSFILE
@@ -189,7 +213,7 @@ stop_natt_terminators()
rm -f $PIDSFILE
}
-test_ipsec_natt_transport()
+test_ipsec_natt_transport_ipv4()
{
local algo=$1
local ip_local=10.0.1.2
@@ -204,7 +228,7 @@ test_ipsec_natt_transport()
local algo_args="$(generate_algo_args esp-udp $algo)"
local pid= port=
- setup_servers
+ setup_servers ipv4
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
@@ -278,7 +302,7 @@ test_ipsec_natt_transport()
cat $outfile
# Launch a nc server as a terminator of NAT-T on outside the NAPT
- start_natt_terminator $SOCK_REMOTE $ip_remote 4500
+ start_natt_terminator $SOCK_REMOTE ipv4 $ip_remote 4500
echo zzz > $file_send
export RUMP_SERVER=$SOCK_LOCAL
@@ -288,7 +312,7 @@ test_ipsec_natt_transport()
nc -u -w 3 -p 4500 $ip_remote 4500 < $file_send
# Launch a nc server as a terminator of NAT-T on inside the
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Thu Nov 9 04:51:07 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Dedup some checks
And the change a bit optimizes checks of SA expirations, which
may shorten testing time.
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.21 src/tests/net/ipsec/t_ipsec_misc.sh:1.22
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.21 Thu Nov 9 04:50:37 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Thu Nov 9 04:51:07 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.21 2017/11/09 04:50:37 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.22 2017/11/09 04:51:07 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -78,6 +78,42 @@ setup_sasp()
#check_sa_entries $SOCK_PEER $ip_local $ip_peer
}
+test_sad_disapper_until()
+{
+ local time=$1
+ local check_dead_sa=$2
+ local setkey_opts=
+ local n=$time
+ local tmpfile=./__tmp
+ local sock= ok=
+
+ if $check_dead_sa; then
+ setkey_opts="-D -a"
+ else
+ setkey_opts="-D"
+ fi
+
+ while [ $n -ne 0 ]; do
+ ok=0
+ sleep 1
+ for sock in $SOCK_LOCAL $SOCK_PEER; do
+ export RUMP_SERVER=$sock
+ $HIJACKING setkey $setkey_opts > $tmpfile
+ $DEBUG && cat $tmpfile
+ if grep -q 'No SAD entries.' $tmpfile; then
+ok=$((ok + 1))
+ fi
+ done
+ if [ $ok -eq 2 ]; then
+ return
+ fi
+
+ n=$((n - 1))
+ done
+
+ atf_fail "SAs didn't disappear after $time sec."
+}
+
test_ipsec4_lifetime()
{
local proto=$1
@@ -119,16 +155,8 @@ test_ipsec4_lifetime()
# Set up SAs with lifetime 1 sec.
setup_sasp $proto "$algo_args" $ip_local $ip_peer 1
- # Wait for the SAs to be expired
- atf_check -s exit:0 sleep $((1 + $buffertime))
-
# Check the SAs have been expired
- export RUMP_SERVER=$SOCK_LOCAL
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D
- export RUMP_SERVER=$SOCK_PEER
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D
+ test_sad_disapper_until $((1 + $buffertime)) false
# Clean up SPs
export RUMP_SERVER=$SOCK_LOCAL
@@ -149,15 +177,8 @@ test_ipsec4_lifetime()
atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \
cat $outfile
- atf_check -s exit:0 sleep $((lifetime + $buffertime))
-
- export RUMP_SERVER=$SOCK_LOCAL
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
-
- export RUMP_SERVER=$SOCK_PEER
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
+ # Check the SAs have been expired
+ test_sad_disapper_until $((lifetime + $buffertime)) true
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s not-exit:0 -o match:'0 packets received' \
@@ -206,16 +227,8 @@ test_ipsec6_lifetime()
# Set up SAs with lifetime 1 sec.
setup_sasp $proto "$algo_args" $ip_local $ip_peer 1
- # Wait for the SAs to be expired
- atf_check -s exit:0 sleep $((1 + $buffertime))
-
# Check the SAs have been expired
- export RUMP_SERVER=$SOCK_LOCAL
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D
- export RUMP_SERVER=$SOCK_PEER
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D
+ test_sad_disapper_until $((1 + $buffertime)) false
# Clean up SPs
export RUMP_SERVER=$SOCK_LOCAL
@@ -236,15 +249,8 @@ test_ipsec6_lifetime()
atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \
cat $outfile
- atf_check -s exit:0 sleep $((lifetime + $buffertime))
-
- export RUMP_SERVER=$SOCK_LOCAL
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
-
- export RUMP_SERVER=$SOCK_PEER
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
+ # Check the SAs have been expired
+ test_sad_disapper_until $((lifetime + $buffertime)) true
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s not-exit:0 -o match:'0 packets received' \
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Nov 9 04:51:07 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Dedup some checks And the change a bit optimizes checks of SA expirations, which may shorten testing time. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Nov 9 04:50:37 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: "Mark key_timehandler_ch callout as MP-safe" change needs one more sec to make lifetime tests stable To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Nov 9 04:50:37 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: "Mark key_timehandler_ch callout as MP-safe" change needs one more sec to make lifetime tests stable To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/t_ipsec_misc.sh diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.20 src/tests/net/ipsec/t_ipsec_misc.sh:1.21 --- src/tests/net/ipsec/t_ipsec_misc.sh:1.20 Fri Oct 20 03:45:47 2017 +++ src/tests/net/ipsec/t_ipsec_misc.sh Thu Nov 9 04:50:37 2017 @@ -1,4 +1,4 @@ -# $NetBSD: t_ipsec_misc.sh,v 1.20 2017/10/20 03:45:47 ozaki-r Exp $ +# $NetBSD: t_ipsec_misc.sh,v 1.21 2017/11/09 04:50:37 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -88,6 +88,7 @@ test_ipsec4_lifetime() local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') local algo_args="$(generate_algo_args $proto $algo)" local lifetime=3 + local buffertime=2 rump_server_crypto_start $SOCK_LOCAL netipsec rump_server_crypto_start $SOCK_PEER netipsec @@ -119,7 +120,7 @@ test_ipsec4_lifetime() setup_sasp $proto "$algo_args" $ip_local $ip_peer 1 # Wait for the SAs to be expired - atf_check -s exit:0 sleep 2 + atf_check -s exit:0 sleep $((1 + $buffertime)) # Check the SAs have been expired export RUMP_SERVER=$SOCK_LOCAL @@ -148,7 +149,7 @@ test_ipsec4_lifetime() atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \ cat $outfile - atf_check -s exit:0 sleep $((lifetime + 1)) + atf_check -s exit:0 sleep $((lifetime + $buffertime)) export RUMP_SERVER=$SOCK_LOCAL $DEBUG && $HIJACKING setkey -D @@ -176,6 +177,7 @@ test_ipsec6_lifetime() local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') local algo_args="$(generate_algo_args $proto $algo)" local lifetime=3 + local buffertime=2 rump_server_crypto_start $SOCK_LOCAL netinet6 netipsec rump_server_crypto_start $SOCK_PEER netinet6 netipsec @@ -205,7 +207,7 @@ test_ipsec6_lifetime() setup_sasp $proto "$algo_args" $ip_local $ip_peer 1 # Wait for the SAs to be expired - atf_check -s exit:0 sleep 2 + atf_check -s exit:0 sleep $((1 + $buffertime)) # Check the SAs have been expired export RUMP_SERVER=$SOCK_LOCAL @@ -234,7 +236,7 @@ test_ipsec6_lifetime() atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \ cat $outfile - atf_check -s exit:0 sleep $((lifetime + 1)) + atf_check -s exit:0 sleep $((lifetime + $buffertime)) export RUMP_SERVER=$SOCK_LOCAL $DEBUG && $HIJACKING setkey -D
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Fri Oct 27 04:31:50 UTC 2017 Modified Files: src/tests/net/ipsec: algorithms.sh Log Message: Handle esp-udp for NAT-T To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/algorithms.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/algorithms.sh diff -u src/tests/net/ipsec/algorithms.sh:1.5 src/tests/net/ipsec/algorithms.sh:1.6 --- src/tests/net/ipsec/algorithms.sh:1.5 Mon Jul 3 06:01:16 2017 +++ src/tests/net/ipsec/algorithms.sh Fri Oct 27 04:31:50 2017 @@ -1,4 +1,4 @@ -# $NetBSD: algorithms.sh,v 1.5 2017/07/03 06:01:16 ozaki-r Exp $ +# $NetBSD: algorithms.sh,v 1.6 2017/10/27 04:31:50 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -174,7 +174,7 @@ generate_algo_args() local keylen=$(get_one_valid_keylen $algo) local key=$(generate_key $keylen) - if [ $proto = esp ]; then + if [ $proto = esp -o $proto = "esp-udp" ]; then echo "-E $algo $key" elif [ $proto = ah ]; then echo "-A $algo $key"
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Fri Oct 27 04:31:50 UTC 2017 Modified Files: src/tests/net/ipsec: algorithms.sh Log Message: Handle esp-udp for NAT-T To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/algorithms.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Fri Oct 20 03:45:47 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Add test cases for one SP with multiple SAs
These are for a bug reported recently which modifies SPs accidentally.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.19 src/tests/net/ipsec/t_ipsec_misc.sh:1.20
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.19 Fri Oct 20 03:43:51 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Fri Oct 20 03:45:47 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.19 2017/10/20 03:43:51 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.20 2017/10/20 03:45:47 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -702,6 +702,96 @@ add_test_nosa()
atf_add_test_case ${name}
}
+test_multiple_sa()
+{
+ local proto=$1
+ local algo=$2
+ local update=$3
+ local ip_local=10.0.0.1
+ local ip_peer=10.0.0.2
+ local ip_peer2=10.0.0.3
+ local algo_args="$(generate_algo_args $proto $algo)"
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local outfile=./out
+
+ rump_server_crypto_start $SOCK_LOCAL netipsec
+ rump_server_crypto_start $SOCK_PEER netipsec
+ rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
+ rump_server_add_iface $SOCK_PEER shmif0 $BUS
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24
+
+ export RUMP_SERVER=$SOCK_PEER
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer2/24 alias
+
+ setup_sp $proto "$algo_args" "$ip_local" "0.0.0.0/0"
+
+ extract_new_packets $BUS > $outfile
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ # There is no SA, so ping should fail
+ atf_check -s not-exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+ atf_check -s not-exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer2
+
+ add_sa $proto "$algo_args" $ip_local $ip_peer 100 1
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ # There is only an SA for $ip_peer, so ping to $ip_peer2 should fail
+ atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+ atf_check -s not-exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer2
+
+ add_sa $proto "$algo_args" $ip_local $ip_peer2 100 10010
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+ atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer2
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 -o match:"$proto/transport//require" \
+ $HIJACKING setkey -D -P
+ # Check if the policy isn't modified accidentally
+ atf_check -s exit:0 -o not-match:"$proto/transport/.+\-.+/require" \
+ $HIJACKING setkey -D -P
+ export RUMP_SERVER=$SOCK_PEER
+ atf_check -s exit:0 -o match:"$proto/transport//require" \
+ $HIJACKING setkey -D -P
+ # Check if the policy isn't modified accidentally
+ atf_check -s exit:0 -o not-match:"$proto/transport/.+\-.+/require" \
+ $HIJACKING setkey -D -P
+}
+
+add_test_multiple_sa()
+{
+ local proto=$1
+ local algo=$2
+ local _algo=$(echo $algo | sed 's/-//g')
+ local name= desc=
+
+ desc="Tests multiple SAs with $proto ($algo)"
+ name="ipsec_multiple_sa_${proto}_${_algo}"
+
+ atf_test_case ${name} cleanup
+ eval "
+ ${name}_head() {
+ atf_set descr \"$desc\"
+ atf_set require.progs rump_server setkey
+ }
+ ${name}_body() {
+ test_multiple_sa $proto $algo
+ rump_server_destroy_ifaces
+ }
+ ${name}_cleanup() {
+ \$DEBUG && dump
+ cleanup
+ }
+ "
+ atf_add_test_case ${name}
+}
+
atf_init_test_cases()
{
local algo=
@@ -716,6 +806,7 @@ atf_init_test_cases()
add_test_spi esp $algo new timeout
add_test_spi esp $algo old timeout
add_test_nosa esp $algo
+ add_test_multiple_sa esp $algo
done
for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
add_test_lifetime ipv4 ah $algo
@@ -727,5 +818,6 @@ atf_init_test_cases()
add_test_spi ah $algo new timeout
add_test_spi ah $algo old timeout
add_test_nosa ah $algo
+ add_test_multiple_sa ah $algo
done
}
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Fri Oct 20 03:45:47 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Add test cases for one SP with multiple SAs These are for a bug reported recently which modifies SPs accidentally. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Fri Oct 20 03:43:51 UTC 2017 Modified Files: src/tests/net/ipsec: common.sh t_ipsec_misc.sh Log Message: Fix incomplete SP setups To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/common.sh cvs rdiff -u -r1.18 -r1.19 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/common.sh diff -u src/tests/net/ipsec/common.sh:1.6 src/tests/net/ipsec/common.sh:1.7 --- src/tests/net/ipsec/common.sh:1.6 Tue Aug 8 02:27:03 2017 +++ src/tests/net/ipsec/common.sh Fri Oct 20 03:43:51 2017 @@ -1,4 +1,4 @@ -# $NetBSD: common.sh,v 1.6 2017/08/08 02:27:03 ozaki-r Exp $ +# $NetBSD: common.sh,v 1.7 2017/10/20 03:43:51 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -67,6 +67,9 @@ check_sp_entries() atf_check -s exit:0 \ -o match:"$local_addr\[any\] $remote_addr\[any\] 255\(reserved\)" \ $HIJACKING setkey -D -P + atf_check -s exit:0 \ + -o match:"$remote_addr\[any\] $local_addr\[any\] 255\(reserved\)" \ + $HIJACKING setkey -D -P # TODO: more detail checks } Index: src/tests/net/ipsec/t_ipsec_misc.sh diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.18 src/tests/net/ipsec/t_ipsec_misc.sh:1.19 --- src/tests/net/ipsec/t_ipsec_misc.sh:1.18 Thu Aug 3 03:16:27 2017 +++ src/tests/net/ipsec/t_ipsec_misc.sh Fri Oct 20 03:43:51 2017 @@ -1,4 +1,4 @@ -# $NetBSD: t_ipsec_misc.sh,v 1.18 2017/08/03 03:16:27 ozaki-r Exp $ +# $NetBSD: t_ipsec_misc.sh,v 1.19 2017/10/20 03:43:51 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -625,6 +625,7 @@ setup_sp() export RUMP_SERVER=$SOCK_LOCAL cat > $tmpfile <<-EOF spdadd $ip_local $ip_peer any -P out ipsec $proto/transport//require; + spdadd $ip_peer $ip_local any -P in ipsec $proto/transport//require; EOF $DEBUG && cat $tmpfile atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile @@ -633,6 +634,7 @@ setup_sp() export RUMP_SERVER=$SOCK_PEER cat > $tmpfile <<-EOF spdadd $ip_peer $ip_local any -P out ipsec $proto/transport//require; + spdadd $ip_local $ip_peer any -P in ipsec $proto/transport//require; EOF $DEBUG && cat $tmpfile atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Fri Oct 20 03:43:51 UTC 2017 Modified Files: src/tests/net/ipsec: common.sh t_ipsec_misc.sh Log Message: Fix incomplete SP setups To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/common.sh cvs rdiff -u -r1.18 -r1.19 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Tue Aug 8 02:27:03 UTC 2017 Modified Files: src/tests/net/ipsec: common.sh Log Message: Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/common.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/common.sh diff -u src/tests/net/ipsec/common.sh:1.5 src/tests/net/ipsec/common.sh:1.6 --- src/tests/net/ipsec/common.sh:1.5 Wed Aug 2 06:30:00 2017 +++ src/tests/net/ipsec/common.sh Tue Aug 8 02:27:03 2017 @@ -1,4 +1,4 @@ -# $NetBSD: common.sh,v 1.5 2017/08/02 06:30:00 ozaki-r Exp $ +# $NetBSD: common.sh,v 1.6 2017/08/08 02:27:03 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -65,7 +65,7 @@ check_sp_entries() $DEBUG && $HIJACKING setkey -D -P atf_check -s exit:0 \ - -o match:"$local_addr\[any\] $remote_addr\[any\] reserved" \ + -o match:"$local_addr\[any\] $remote_addr\[any\] 255\(reserved\)" \ $HIJACKING setkey -D -P # TODO: more detail checks }
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Tue Aug 8 02:27:03 UTC 2017 Modified Files: src/tests/net/ipsec: common.sh Log Message: Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/common.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Wed Aug 2 06:30:00 UTC 2017
Modified Files:
src/tests/net/ipsec: common.sh t_ipsec_misc.sh
Log Message:
Add test cases that there are SPs but no relevant SAs
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/common.sh
cvs rdiff -u -r1.16 -r1.17 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/common.sh
diff -u src/tests/net/ipsec/common.sh:1.4 src/tests/net/ipsec/common.sh:1.5
--- src/tests/net/ipsec/common.sh:1.4 Mon Jul 3 06:01:16 2017
+++ src/tests/net/ipsec/common.sh Wed Aug 2 06:30:00 2017
@@ -1,4 +1,4 @@
-# $NetBSD: common.sh,v 1.4 2017/07/03 06:01:16 ozaki-r Exp $
+# $NetBSD: common.sh,v 1.5 2017/08/02 06:30:00 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -54,6 +54,22 @@ check_sa_entries()
# TODO: more detail checks
}
+check_sp_entries()
+{
+ local sock=$1
+ local local_addr=$2
+ local remote_addr=$3
+
+ export RUMP_SERVER=$sock
+
+ $DEBUG && $HIJACKING setkey -D -P
+
+ atf_check -s exit:0 \
+ -o match:"$local_addr\[any\] $remote_addr\[any\] reserved" \
+ $HIJACKING setkey -D -P
+ # TODO: more detail checks
+}
+
generate_pktproto()
{
local proto=$1
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.16 src/tests/net/ipsec/t_ipsec_misc.sh:1.17
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.16 Mon Jul 24 02:07:43 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Wed Aug 2 06:30:00 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.16 2017/07/24 02:07:43 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.17 2017/08/02 06:30:00 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -614,6 +614,92 @@ add_test_spi()
atf_add_test_case ${name}
}
+setup_sp()
+{
+ local proto=$1
+ local algo_args="$2"
+ local ip_local=$3
+ local ip_peer=$4
+ local tmpfile=./tmp
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ cat > $tmpfile <<-EOF
+ spdadd $ip_local $ip_peer any -P out ipsec $proto/transport//require;
+ EOF
+ $DEBUG && cat $tmpfile
+ atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
+ check_sp_entries $SOCK_LOCAL $ip_local $ip_peer
+
+ export RUMP_SERVER=$SOCK_PEER
+ cat > $tmpfile <<-EOF
+ spdadd $ip_peer $ip_local any -P out ipsec $proto/transport//require;
+ EOF
+ $DEBUG && cat $tmpfile
+ atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
+ check_sp_entries $SOCK_PEER $ip_peer $ip_local
+}
+
+test_nosa()
+{
+ local proto=$1
+ local algo=$2
+ local update=$3
+ local ip_local=10.0.0.1
+ local ip_peer=10.0.0.2
+ local algo_args="$(generate_algo_args $proto $algo)"
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local outfile=./out
+
+ rump_server_crypto_start $SOCK_LOCAL netipsec
+ rump_server_crypto_start $SOCK_PEER netipsec
+ rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
+ rump_server_add_iface $SOCK_PEER shmif0 $BUS
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24
+
+ export RUMP_SERVER=$SOCK_PEER
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24
+
+ setup_sp $proto "$algo_args" $ip_local $ip_peer
+
+ extract_new_packets $BUS > $outfile
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ # It doesn't work because there is no SA
+ atf_check -s not-exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+}
+
+add_test_nosa()
+{
+ local proto=$1
+ local algo=$2
+ local _algo=$(echo $algo | sed 's/-//g')
+ local name= desc=
+
+ desc="Tests SPs with no relevant SAs with $proto ($algo)"
+ name="ipsec_nosa_${proto}_${_algo}"
+
+ atf_test_case ${name} cleanup
+ eval "\
+ ${name}_head() { \
+ atf_set \"descr\" \"$desc\";\
+ atf_set \"require.progs\" \"rump_server\" \"setkey\"; \
+ };\
+ ${name}_body() { \
+ test_nosa $proto $algo; \
+ rump_server_destroy_ifaces;\
+ };\
+ ${name}_cleanup() { \
+ $DEBUG && dump; \
+ cleanup; \
+ }\
+ "
+ atf_add_test_case ${name}
+}
+
atf_init_test_cases()
{
local algo=
@@ -627,6 +713,7 @@ atf_init_test_cases()
add_test_spi esp $algo old delete
add_test_spi esp $algo new timeout
add_test_spi esp $algo old timeout
+ add_test_nosa esp $algo
done
for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
add_test_lifetime ipv4 ah $algo
@@ -637,5 +724,6 @@ atf_init_test_cases()
add_test_spi ah $algo old delete
add_test_spi ah $algo new timeout
add_test_spi ah $algo old timeout
+ add_test_nosa ah $algo
done
}
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed Aug 2 06:30:00 UTC 2017 Modified Files: src/tests/net/ipsec: common.sh t_ipsec_misc.sh Log Message: Add test cases that there are SPs but no relevant SAs To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/common.sh cvs rdiff -u -r1.16 -r1.17 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Jul 20 01:10:57 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Don't make SAs expired on tests that delete SAs explicitly To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/t_ipsec_misc.sh diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.13 src/tests/net/ipsec/t_ipsec_misc.sh:1.14 --- src/tests/net/ipsec/t_ipsec_misc.sh:1.13 Wed Jul 19 02:06:47 2017 +++ src/tests/net/ipsec/t_ipsec_misc.sh Thu Jul 20 01:10:57 2017 @@ -1,4 +1,4 @@ -# $NetBSD: t_ipsec_misc.sh,v 1.13 2017/07/19 02:06:47 ozaki-r Exp $ +# $NetBSD: t_ipsec_misc.sh,v 1.14 2017/07/20 01:10:57 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -503,6 +503,15 @@ test_spi() local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') local outfile=./out local spistr= + local longtime= shorttime= + + if [ $method = delete ]; then + shorttime=100 + longtime=100 + else + shorttime=3 + longtime=6 + fi rump_server_crypto_start $SOCK_LOCAL netipsec rump_server_crypto_start $SOCK_PEER netipsec @@ -533,7 +542,7 @@ test_spi() check_packet_spi $outfile $ip_local $ip_peer $proto_cap 1 # Add a new SA with a different SPI - add_sa $proto "$algo_args" $ip_local $ip_peer 6 10010 + add_sa $proto "$algo_args" $ip_local $ip_peer $longtime 10010 export RUMP_SERVER=$SOCK_LOCAL atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer @@ -546,7 +555,7 @@ test_spi() fi # Add another SA with a different SPI - add_sa $proto "$algo_args" $ip_local $ip_peer 3 10020 + add_sa $proto "$algo_args" $ip_local $ip_peer $shorttime 10020 export RUMP_SERVER=$SOCK_LOCAL atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Jul 20 01:10:57 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Don't make SAs expired on tests that delete SAs explicitly To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Wed Jul 19 02:06:47 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Add tests that explicitly delete SAs instead of waiting for expirations
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.12 src/tests/net/ipsec/t_ipsec_misc.sh:1.13
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.12 Wed Jul 19 02:06:11 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Wed Jul 19 02:06:47 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.12 2017/07/19 02:06:11 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.13 2017/07/19 02:06:47 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -418,6 +418,34 @@ add_sa()
#check_sa_entries $SOCK_PEER $ip_local $ip_peer
}
+delete_sa()
+{
+ local proto=$1
+ local ip_local=$2
+ local ip_peer=$3
+ local spi=$4
+ local tmpfile=./tmp
+ local extra=
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ cat > $tmpfile <<-EOF
+ delete $ip_local $ip_peer $proto $((spi));
+ delete $ip_peer $ip_local $proto $((spi + 1));
+ EOF
+ $DEBUG && cat $tmpfile
+ atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
+ $DEBUG && $HIJACKING setkey -D
+
+ export RUMP_SERVER=$SOCK_PEER
+ cat > $tmpfile <<-EOF
+ delete $ip_local $ip_peer $proto $((spi));
+ delete $ip_peer $ip_local $proto $((spi + 1));
+ EOF
+ $DEBUG && cat $tmpfile
+ atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
+ $DEBUG && $HIJACKING setkey -D
+}
+
check_packet_spi()
{
local outfile=$1
@@ -468,6 +496,7 @@ test_spi()
local proto=$1
local algo=$2
local preferred=$3
+ local method=$4
local ip_local=10.0.0.1
local ip_peer=10.0.0.2
local algo_args="$(generate_algo_args $proto $algo)"
@@ -529,7 +558,11 @@ test_spi()
check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10020
fi
- wait_sa_disappeared 10020
+ if [ $method = delete ]; then
+ delete_sa $proto $ip_local $ip_peer 10020
+ else
+ wait_sa_disappeared 10020
+ fi
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
@@ -541,7 +574,11 @@ test_spi()
check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10010
fi
- wait_sa_disappeared 10010
+ if [ $method = delete ]; then
+ delete_sa $proto $ip_local $ip_peer 10010
+ else
+ wait_sa_disappeared 10010
+ fi
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
@@ -559,11 +596,12 @@ add_test_spi()
local proto=$1
local algo=$2
local preferred=$3
+ local method=$4
local _algo=$(echo $algo | sed 's/-//g')
local name= desc=
- desc="Tests SAs with different SPIs of $proto ($algo) ($preferred SA preferred)"
- name="ipsec_spi_${proto}_${_algo}_preferred_${preferred}"
+ desc="Tests SAs with different SPIs of $proto ($algo) ($preferred SA preferred) ($method)"
+ name="ipsec_spi_${proto}_${_algo}_preferred_${preferred}_${method}"
atf_test_case ${name} cleanup
eval "\
@@ -572,7 +610,7 @@ add_test_spi()
atf_set \"require.progs\" \"rump_server\" \"setkey\"; \
};\
${name}_body() { \
- test_spi $proto $algo $preferred; \
+ test_spi $proto $algo $preferred $method; \
rump_server_destroy_ifaces;\
};\
${name}_cleanup() { \
@@ -592,15 +630,19 @@ atf_init_test_cases()
add_test_lifetime ipv6 esp $algo
add_test_update esp $algo sa
add_test_update esp $algo sp
- add_test_spi esp $algo new
- add_test_spi esp $algo old
+ add_test_spi esp $algo new delete
+ add_test_spi esp $algo old delete
+ add_test_spi esp $algo new timeout
+ add_test_spi esp $algo old timeout
done
for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
add_test_lifetime ipv4 ah $algo
add_test_lifetime ipv6 ah $algo
add_test_update ah $algo sa
add_test_update ah $algo sp
- add_test_spi ah $algo new
- add_test_spi ah $algo old
+ add_test_spi ah $algo new delete
+ add_test_spi ah $algo old delete
+ add_test_spi ah $algo new timeout
+ add_test_spi ah $algo old timeout
done
}
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed Jul 19 02:06:47 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Add tests that explicitly delete SAs instead of waiting for expirations To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Wed Jul 19 02:06:11 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Make tests more stable
sleep command seems to wait longer than expected on anita so
use polling to wait for a state change.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.11 src/tests/net/ipsec/t_ipsec_misc.sh:1.12
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.11 Tue Jul 18 02:16:07 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Wed Jul 19 02:06:11 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.11 2017/07/18 02:16:07 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.12 2017/07/19 02:06:11 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -438,6 +438,31 @@ check_packet_spi()
cat $outfile
}
+wait_sa_disappeared()
+{
+ local spi=$1
+ local i=
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ for i in $(seq 1 10); do
+ $HIJACKING setkey -D |grep -q "spi=$spi"
+ [ $? != 0 ] && break
+ sleep 1
+ done
+ if [ $i -eq 10 ]; then
+ atf_fail "SA (spi=$spi) didn't disappear in 10s"
+ fi
+ export RUMP_SERVER=$SOCK_PEER
+ for i in $(seq 1 10); do
+ $HIJACKING setkey -D |grep -q "spi=$spi"
+ [ $? != 0 ] && break
+ sleep 1
+ done
+ if [ $i -eq 10 ]; then
+ atf_fail "SA (spi=$spi) didn't disappear in 10s"
+ fi
+}
+
test_spi()
{
local proto=$1
@@ -504,7 +529,7 @@ test_spi()
check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10020
fi
- sleep $((3 + 1))
+ wait_sa_disappeared 10020
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
@@ -516,7 +541,7 @@ test_spi()
check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10010
fi
- sleep $((6 + 1 - (3 + 1)))
+ wait_sa_disappeared 10010
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed Jul 19 02:06:11 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Sat Jul 15 07:26:02 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Fix wrong argument handling
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.9 src/tests/net/ipsec/t_ipsec_misc.sh:1.10
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.9 Fri Jul 14 11:54:52 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Sat Jul 15 07:26:02 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.9 2017/07/14 11:54:52 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.10 2017/07/15 07:26:02 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -655,8 +655,7 @@ test_spi()
{
local proto=$1
local algo=$2
- local update=$3
- local preferred=$4
+ local preferred=$3
local ip_local=10.0.0.1
local ip_peer=10.0.0.2
local algo_args="$(generate_algo_args $proto $algo)"
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Sat Jul 15 07:26:02 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Fix wrong argument handling To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Fri Jul 14 11:54:52 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Add test cases for SAs with different SPIs
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.8 src/tests/net/ipsec/t_ipsec_misc.sh:1.9
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.8 Wed Jul 5 01:25:03 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Fri Jul 14 11:54:52 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.8 2017/07/05 01:25:03 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.9 2017/07/14 11:54:52 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -595,6 +595,183 @@ add_test_update()
atf_add_test_case ${name}
}
+add_sa()
+{
+ local proto=$1
+ local algo_args="$2"
+ local ip_local=$3
+ local ip_peer=$4
+ local lifetime=$5
+ local spi=$6
+ local tmpfile=./tmp
+ local extra=
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ cat > $tmpfile <<-EOF
+ add $ip_local $ip_peer $proto $((spi)) -lh $lifetime -ls $lifetime $algo_args;
+ add $ip_peer $ip_local $proto $((spi + 1)) -lh $lifetime -ls $lifetime $algo_args;
+ $extra
+ EOF
+ $DEBUG && cat $tmpfile
+ atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
+ $DEBUG && $HIJACKING setkey -D
+ # XXX it can be expired if $lifetime is very short
+ #check_sa_entries $SOCK_LOCAL $ip_local $ip_peer
+
+ export RUMP_SERVER=$SOCK_PEER
+ cat > $tmpfile <<-EOF
+ add $ip_local $ip_peer $proto $((spi)) -lh $lifetime -ls $lifetime $algo_args;
+ add $ip_peer $ip_local $proto $((spi + 1)) -lh $lifetime -ls $lifetime $algo_args;
+ $extra
+ EOF
+ $DEBUG && cat $tmpfile
+ atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
+ $DEBUG && $HIJACKING setkey -D
+ # XXX it can be expired if $lifetime is very short
+ #check_sa_entries $SOCK_PEER $ip_local $ip_peer
+}
+
+check_packet_spi()
+{
+ local outfile=$1
+ local ip_local=$2
+ local ip_peer=$3
+ local proto=$4
+ local spi=$5
+ local spistr=
+
+ $DEBUG && cat $outfile
+ spistr=$(printf "%08x" $spi)
+ atf_check -s exit:0 \
+ -o match:"$ip_local > $ip_peer: $proto_cap\(spi=0x$spistr," \
+ cat $outfile
+ spistr=$(printf "%08x" $((spi + 1)))
+ atf_check -s exit:0 \
+ -o match:"$ip_peer > $ip_local: $proto_cap\(spi=0x$spistr," \
+ cat $outfile
+}
+
+test_spi()
+{
+ local proto=$1
+ local algo=$2
+ local update=$3
+ local preferred=$4
+ local ip_local=10.0.0.1
+ local ip_peer=10.0.0.2
+ local algo_args="$(generate_algo_args $proto $algo)"
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local outfile=./out
+ local spistr=
+
+ rump_server_crypto_start $SOCK_LOCAL netipsec
+ rump_server_crypto_start $SOCK_PEER netipsec
+ rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
+ rump_server_add_iface $SOCK_PEER shmif0 $BUS
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24
+ if [ $preferred = old ]; then
+ atf_check -s exit:0 rump.sysctl -q -w net.key.prefered_oldsa=1
+ fi
+
+ export RUMP_SERVER=$SOCK_PEER
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24
+ if [ $preferred = old ]; then
+ atf_check -s exit:0 rump.sysctl -q -w net.key.prefered_oldsa=1
+ fi
+
+ setup_sasp $proto "$algo_args" $ip_local $ip_peer 100
+
+ extract_new_packets $BUS > $outfile
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+ extract_new_packets $BUS > $outfile
+ check_packet_spi $outfile $ip_local $ip_peer $proto_cap 1
+
+ # Add a new SA with a different SPI
+ add_sa $proto "$algo_args" $ip_local $ip_peer 6 10010
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+ extract_new_packets $BUS > $outfile
+ if [ $preferred = old ]; then
+ check_packet_spi $outfile $ip_local $ip_peer $proto_cap 1
+ else
+ # The new SA is preferred
+ check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10010
+ fi
+
+ # Add another SA with a different SPI
+ add_sa $proto "$algo_args" $ip_local $ip_peer 3 10020
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+ extract_new_packets $BUS > $outfile
+ if [ $preferred = old ]; then
+ check_packet_spi $outfile $ip_local $ip_peer $proto_cap 1
+ else
+ # The newest SA is preferred
+ check_packet_spi $outfile $ip_local $ip_peer $proto_cap 10020
+ fi
+
+ sleep $((3 + 1))
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+ extract_new_packets $BUS > $outfile
+ if [ $preferred = old ]; then
+ check_packet_spi $outfile $ip_local $ip_peer $proto_cap 1
+ else
+ # The newest
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Fri Jul 14 11:54:52 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Add test cases for SAs with different SPIs To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed Jul 5 01:25:03 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Wed Jul 5 01:25:03 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Add test cases for updating SA/SP
The tests require newly-added udpate command of setkey.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.7 src/tests/net/ipsec/t_ipsec_misc.sh:1.8
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.7 Mon Jun 19 10:05:04 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Wed Jul 5 01:25:03 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.7 2017/06/19 10:05:04 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.8 2017/07/05 01:25:03 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -38,24 +38,39 @@ setup_sasp()
local ip_local=$3
local ip_peer=$4
local lifetime=$5
+ local update=$6
local tmpfile=./tmp
+ local extra=
+
+ if [ "$update" = sa ]; then
+ extra="update $ip_local $ip_peer $proto 1 $algo_args;
+ update $ip_peer $ip_local $proto 10001 $algo_args;"
+ elif [ "$update" = sp ]; then
+ extra="spdupdate $ip_local $ip_peer any -P out ipsec $proto/transport//require;"
+ fi
export RUMP_SERVER=$SOCK_LOCAL
cat > $tmpfile <<-EOF
add $ip_local $ip_peer $proto 1 -lh $lifetime -ls $lifetime $algo_args;
add $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $algo_args;
spdadd $ip_local $ip_peer any -P out ipsec $proto/transport//require;
+ $extra
EOF
$DEBUG && cat $tmpfile
atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
# XXX it can be expired if $lifetime is very short
#check_sa_entries $SOCK_LOCAL $ip_local $ip_peer
+ if [ "$update" = sp ]; then
+ extra="spdupdate $ip_peer $ip_local any -P out ipsec $proto/transport//require;"
+ fi
+
export RUMP_SERVER=$SOCK_PEER
cat > $tmpfile <<-EOF
add $ip_local $ip_peer $proto 1 -lh $lifetime -ls $lifetime $algo_args;
add $ip_peer $ip_local $proto 10001 -lh $lifetime -ls $lifetime $algo_args;
spdadd $ip_peer $ip_local any -P out ipsec $proto/transport//require;
+ $extra
EOF
$DEBUG && cat $tmpfile
atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
@@ -512,6 +527,74 @@ add_test_tcp()
atf_add_test_case ${name}
}
+test_update()
+{
+ local proto=$1
+ local algo=$2
+ local update=$3
+ local ip_local=10.0.0.1
+ local ip_peer=10.0.0.2
+ local algo_args="$(generate_algo_args $proto $algo)"
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local outfile=./out
+
+ rump_server_crypto_start $SOCK_LOCAL netipsec
+ rump_server_crypto_start $SOCK_PEER netipsec
+ rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
+ rump_server_add_iface $SOCK_PEER shmif0 $BUS
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24
+
+ export RUMP_SERVER=$SOCK_PEER
+ atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24
+
+ setup_sasp $proto "$algo_args" $ip_local $ip_peer 100 $update
+
+ extract_new_packets $BUS > $outfile
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_peer
+
+ extract_new_packets $BUS > $outfile
+ atf_check -s exit:0 -o match:"$ip_local > $ip_peer: $proto_cap" \
+ cat $outfile
+ atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \
+ cat $outfile
+}
+
+add_test_update()
+{
+ local proto=$1
+ local algo=$2
+ local update=$3
+ local _update=$(echo $update |tr 'a-z' 'A-Z')
+ local _algo=$(echo $algo | sed 's/-//g')
+ local name= desc=
+
+ desc="Tests trying to udpate $_update of $proto ($algo)"
+ name="ipsec_update_${update}_${proto}_${_algo}"
+
+ atf_test_case ${name} cleanup
+ eval "\
+ ${name}_head() { \
+ atf_set \"descr\" \"$desc\";\
+ atf_set \"require.progs\" \"rump_server\" \"setkey\"; \
+ };\
+ ${name}_body() { \
+ test_update $proto $algo $update; \
+ rump_server_destroy_ifaces;\
+ };\
+ ${name}_cleanup() { \
+ $DEBUG && dump; \
+ cleanup; \
+ }\
+ "
+ atf_add_test_case ${name}
+}
+
atf_init_test_cases()
{
local algo=
@@ -522,6 +605,8 @@ atf_init_test_cases()
add_test_tcp ipv4 esp $algo
add_test_tcp ipv6 esp $algo
add_test_tcp ipv4mappedipv6 esp $algo
+ add_test_update esp $algo sa
+ add_test_update esp $algo sp
done
for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
add_test_lifetime ipv4 ah $algo
@@ -529,6 +614,8 @@ atf_init_test_cases()
add_test_tcp ipv4 ah $algo
add_test_tcp ipv6 ah $algo
add_test_tcp ipv4mappedipv6 ah $algo
+ add_test_update ah $algo sa
+ add_test_update ah $algo sp
done
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Mon Jun 19 10:05:04 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Add test cases of TCP/IPsec on an IPv4-mapped IPv6 address It reproduces the same panic reported in PR kern/52304 (but not sure that its cause is also same). To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Mon Jun 19 10:05:04 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Add test cases of TCP/IPsec on an IPv4-mapped IPv6 address
It reproduces the same panic reported in PR kern/52304
(but not sure that its cause is also same).
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.6 src/tests/net/ipsec/t_ipsec_misc.sh:1.7
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.6 Thu Jun 1 03:56:47 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Mon Jun 19 10:05:04 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.6 2017/06/01 03:56:47 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.7 2017/06/19 10:05:04 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -313,22 +313,23 @@ prepare_file()
test_tcp()
{
- local proto=$1
+ local local_proto=$1
local ip_local=$2
- local ip_peer=$3
+ local peer_proto=$3
+ local ip_peer=$4
local port=1234
local file_send=./file.send
local file_recv=./file.recv
local opts=
- if [ $proto = ipv4 ]; then
+ if [ $local_proto = ipv4 ]; then
opts="-N -w 3 -4"
else
opts="-N -w 3 -6"
fi
# Start nc server
- start_nc_server $SOCK_PEER $port $file_recv $proto
+ start_nc_server $SOCK_PEER $port $file_recv $peer_proto
export RUMP_SERVER=$SOCK_LOCAL
# Send a file to the server
@@ -371,7 +372,7 @@ test_tcp_ipv4()
extract_new_packets $BUS > $outfile
- test_tcp ipv4 $ip_local $ip_peer
+ test_tcp ipv4 $ip_local ipv4 $ip_peer
extract_new_packets $BUS > $outfile
$DEBUG && cat $outfile
@@ -415,7 +416,54 @@ test_tcp_ipv6()
extract_new_packets $BUS > $outfile
- test_tcp ipv6 $ip_local $ip_peer
+ test_tcp ipv6 $ip_local ipv6 $ip_peer
+
+ extract_new_packets $BUS > $outfile
+ $DEBUG && cat $outfile
+
+ if [ $proto != none ]; then
+ atf_check -s exit:0 \
+ -o match:"$ip_local > $ip_peer: $proto_cap" \
+ cat $outfile
+ atf_check -s exit:0 \
+ -o match:"$ip_peer > $ip_local: $proto_cap" \
+ cat $outfile
+ fi
+}
+
+test_tcp_ipv4mappedipv6()
+{
+ local proto=$1
+ local algo=$2
+ local ip_local=10.0.0.1
+ local ip_peer=10.0.0.2
+ local ip6_peer=:::10.0.0.2
+ local algo_args="$(generate_algo_args $proto $algo)"
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local outfile=./out
+
+ rump_server_crypto_start $SOCK_LOCAL netipsec
+ rump_server_crypto_start $SOCK_PEER netipsec netinet6
+ rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
+ rump_server_add_iface $SOCK_PEER shmif0 $BUS
+
+ export RUMP_SERVER=$SOCK_LOCAL
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24
+ atf_check -s exit:0 rump.ifconfig -w 10
+
+ export RUMP_SERVER=$SOCK_PEER
+ atf_check -s exit:0 -o ignore rump.sysctl -w net.inet6.ip6.v6only=0
+ atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24
+ atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip6_peer/96
+ atf_check -s exit:0 rump.ifconfig -w 10
+
+ if [ $proto != none ]; then
+ setup_sasp $proto "$algo_args" $ip_local $ip_peer 100
+ fi
+
+ extract_new_packets $BUS > $outfile
+
+ test_tcp ipv4 $ip_local ipv6 $ip_peer
extract_new_packets $BUS > $outfile
$DEBUG && cat $outfile
@@ -473,14 +521,17 @@ atf_init_test_cases()
add_test_lifetime ipv6 esp $algo
add_test_tcp ipv4 esp $algo
add_test_tcp ipv6 esp $algo
+ add_test_tcp ipv4mappedipv6 esp $algo
done
for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
add_test_lifetime ipv4 ah $algo
add_test_lifetime ipv6 ah $algo
add_test_tcp ipv4 ah $algo
add_test_tcp ipv6 ah $algo
+ add_test_tcp ipv4mappedipv6 ah $algo
done
add_test_tcp ipv4 none
add_test_tcp ipv6 none
+ add_test_tcp ipv4mappedipv6 none
}
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Wed Jun 14 02:33:37 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_gif.sh t_ipsec_l2tp.sh
Log Message:
Enable DEBUG for babylon5
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/t_ipsec_gif.sh \
src/tests/net/ipsec/t_ipsec_l2tp.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_gif.sh
diff -u src/tests/net/ipsec/t_ipsec_gif.sh:1.5 src/tests/net/ipsec/t_ipsec_gif.sh:1.6
--- src/tests/net/ipsec/t_ipsec_gif.sh:1.5 Fri May 12 02:34:45 2017
+++ src/tests/net/ipsec/t_ipsec_gif.sh Wed Jun 14 02:33:37 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_gif.sh,v 1.5 2017/05/12 02:34:45 ozaki-r Exp $
+# $NetBSD: t_ipsec_gif.sh,v 1.6 2017/06/14 02:33:37 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -33,7 +33,7 @@ BUS_LOCAL=./bus_ipsec_local
BUS_TUNNEL=./bus_ipsec_tunnel
BUS_REMOTE=./bus_ipsec_remote
-DEBUG=${DEBUG:-false}
+DEBUG=${DEBUG:-true}
make_gif_pktstr()
{
Index: src/tests/net/ipsec/t_ipsec_l2tp.sh
diff -u src/tests/net/ipsec/t_ipsec_l2tp.sh:1.5 src/tests/net/ipsec/t_ipsec_l2tp.sh:1.6
--- src/tests/net/ipsec/t_ipsec_l2tp.sh:1.5 Fri May 12 02:34:45 2017
+++ src/tests/net/ipsec/t_ipsec_l2tp.sh Wed Jun 14 02:33:37 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_l2tp.sh,v 1.5 2017/05/12 02:34:45 ozaki-r Exp $
+# $NetBSD: t_ipsec_l2tp.sh,v 1.6 2017/06/14 02:33:37 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -33,7 +33,7 @@ BUS_LOCAL=./bus_ipsec_local
BUS_TUNNEL=./bus_ipsec_tunnel
BUS_REMOTE=./bus_ipsec_remote
-DEBUG=${DEBUG:-false}
+DEBUG=${DEBUG:-true}
make_l2tp_pktstr()
{
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed Jun 14 02:33:37 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_gif.sh t_ipsec_l2tp.sh Log Message: Enable DEBUG for babylon5 To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/t_ipsec_gif.sh \ src/tests/net/ipsec/t_ipsec_l2tp.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Thu Jun 1 03:56:47 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Test TCP communications over IPsec transport mode with ESP or AH
This tests SP caches of PCB.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.5 src/tests/net/ipsec/t_ipsec_misc.sh:1.6
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.5 Thu Jun 1 03:51:47 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Thu Jun 1 03:56:47 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.5 2017/06/01 03:51:47 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.6 2017/06/01 03:56:47 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -344,8 +344,13 @@ test_tcp()
test_tcp_ipv4()
{
+ local proto=$1
+ local algo=$2
local ip_local=10.0.0.1
local ip_peer=10.0.0.2
+ local algo_args="$(generate_algo_args $proto $algo)"
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local outfile=./out
rump_server_crypto_start $SOCK_LOCAL netipsec
rump_server_crypto_start $SOCK_PEER netipsec
@@ -360,13 +365,36 @@ test_tcp_ipv4()
atf_check -s exit:0 rump.ifconfig shmif0 $ip_peer/24
atf_check -s exit:0 rump.ifconfig -w 10
+ if [ $proto != none ]; then
+ setup_sasp $proto "$algo_args" $ip_local $ip_peer 100
+ fi
+
+ extract_new_packets $BUS > $outfile
+
test_tcp ipv4 $ip_local $ip_peer
+
+ extract_new_packets $BUS > $outfile
+ $DEBUG && cat $outfile
+
+ if [ $proto != none ]; then
+ atf_check -s exit:0 \
+ -o match:"$ip_local > $ip_peer: $proto_cap" \
+ cat $outfile
+ atf_check -s exit:0 \
+ -o match:"$ip_peer > $ip_local: $proto_cap" \
+ cat $outfile
+ fi
}
test_tcp_ipv6()
{
+ local proto=$1
+ local algo=$2
local ip_local=fd00::1
local ip_peer=fd00::2
+ local algo_args="$(generate_algo_args $proto $algo)"
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local outfile=./out
rump_server_crypto_start $SOCK_LOCAL netinet6 netipsec
rump_server_crypto_start $SOCK_PEER netinet6 netipsec
@@ -381,16 +409,42 @@ test_tcp_ipv6()
atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_peer
atf_check -s exit:0 rump.ifconfig -w 10
+ if [ $proto != none ]; then
+ setup_sasp $proto "$algo_args" $ip_local $ip_peer 100
+ fi
+
+ extract_new_packets $BUS > $outfile
+
test_tcp ipv6 $ip_local $ip_peer
+
+ extract_new_packets $BUS > $outfile
+ $DEBUG && cat $outfile
+
+ if [ $proto != none ]; then
+ atf_check -s exit:0 \
+ -o match:"$ip_local > $ip_peer: $proto_cap" \
+ cat $outfile
+ atf_check -s exit:0 \
+ -o match:"$ip_peer > $ip_local: $proto_cap" \
+ cat $outfile
+ fi
}
add_test_tcp()
{
local ipproto=$1
+ local proto=$2
+ local algo=$3
+ local _algo=$(echo $algo | sed 's/-//g')
local name= desc=
- name="ipsec_tcp_${ipproto}"
- desc="Tests of TCP with IPsec enabled ($ipproto)"
+ if [ $proto = none ]; then
+ desc="Tests of TCP with IPsec enabled ($ipproto)"
+ name="ipsec_tcp_${ipproto}_${proto}"
+ else
+ desc="Tests of TCP with IPsec ($ipproto) $proto $algo"
+ name="ipsec_tcp_${ipproto}_${proto}_${_algo}"
+ fi
atf_test_case ${name} cleanup
eval "\
@@ -399,7 +453,7 @@ add_test_tcp()
atf_set \"require.progs\" \"rump_server\" \"setkey\"; \
};\
${name}_body() { \
- test_tcp_${ipproto}; \
+ test_tcp_${ipproto} $proto $algo; \
rump_server_destroy_ifaces;\
};\
${name}_cleanup() { \
@@ -417,12 +471,16 @@ atf_init_test_cases()
for algo in $ESP_ENCRYPTION_ALGORITHMS_MINIMUM; do
add_test_lifetime ipv4 esp $algo
add_test_lifetime ipv6 esp $algo
+ add_test_tcp ipv4 esp $algo
+ add_test_tcp ipv6 esp $algo
done
for algo in $AH_AUTHENTICATION_ALGORITHMS_MINIMUM; do
add_test_lifetime ipv4 ah $algo
add_test_lifetime ipv6 ah $algo
+ add_test_tcp ipv4 ah $algo
+ add_test_tcp ipv6 ah $algo
done
- add_test_tcp ipv4
- add_test_tcp ipv6
+ add_test_tcp ipv4 none
+ add_test_tcp ipv6 none
}
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Jun 1 03:56:47 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Test TCP communications over IPsec transport mode with ESP or AH This tests SP caches of PCB. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Jun 1 03:51:47 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Remove a unused local variable To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Jun 1 03:51:47 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Remove a unused local variable To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/t_ipsec_misc.sh diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.4 src/tests/net/ipsec/t_ipsec_misc.sh:1.5 --- src/tests/net/ipsec/t_ipsec_misc.sh:1.4 Wed May 24 09:34:48 2017 +++ src/tests/net/ipsec/t_ipsec_misc.sh Thu Jun 1 03:51:47 2017 @@ -1,4 +1,4 @@ -# $NetBSD: t_ipsec_misc.sh,v 1.4 2017/05/24 09:34:48 ozaki-r Exp $ +# $NetBSD: t_ipsec_misc.sh,v 1.5 2017/06/01 03:51:47 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -167,7 +167,6 @@ test_ipsec6_lifetime() local algo=$2 local ip_local=fd00::1 local ip_peer=fd00::2 - local tmpfile=./tmp local outfile=./out local proto_cap=$(echo $proto | tr 'a-z' 'A-Z') local algo_args="$(generate_algo_args $proto $algo)"
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Wed May 24 09:34:48 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Enable DEBUG to know what is happening on anita/sparc
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.3 src/tests/net/ipsec/t_ipsec_misc.sh:1.4
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.3 Thu May 18 14:43:42 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Wed May 24 09:34:48 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.3 2017/05/18 14:43:42 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.4 2017/05/24 09:34:48 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -29,7 +29,7 @@ SOCK_LOCAL=unix://ipsec_local
SOCK_PEER=unix://ipsec_peer
BUS=./bus_ipsec
-DEBUG=${DEBUG:-false}
+DEBUG=${DEBUG:-true}
setup_sasp()
{
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed May 24 09:34:48 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Enable DEBUG to know what is happening on anita/sparc To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu May 18 14:43:42 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Don't check the existence of SA entries eagerly They can be expired at that point if their lifetime is very short. This may fix unexpected failures of tests running on anita. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu May 18 14:43:42 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_misc.sh Log Message: Don't check the existence of SA entries eagerly They can be expired at that point if their lifetime is very short. This may fix unexpected failures of tests running on anita. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/t_ipsec_misc.sh diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.2 src/tests/net/ipsec/t_ipsec_misc.sh:1.3 --- src/tests/net/ipsec/t_ipsec_misc.sh:1.2 Wed May 17 06:30:15 2017 +++ src/tests/net/ipsec/t_ipsec_misc.sh Thu May 18 14:43:42 2017 @@ -1,4 +1,4 @@ -# $NetBSD: t_ipsec_misc.sh,v 1.2 2017/05/17 06:30:15 ozaki-r Exp $ +# $NetBSD: t_ipsec_misc.sh,v 1.3 2017/05/18 14:43:42 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -48,7 +48,8 @@ setup_sasp() EOF $DEBUG && cat $tmpfile atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile - check_sa_entries $SOCK_LOCAL $ip_local $ip_peer + # XXX it can be expired if $lifetime is very short + #check_sa_entries $SOCK_LOCAL $ip_local $ip_peer export RUMP_SERVER=$SOCK_PEER cat > $tmpfile <<-EOF @@ -58,7 +59,8 @@ setup_sasp() EOF $DEBUG && cat $tmpfile atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile - check_sa_entries $SOCK_PEER $ip_local $ip_peer + # XXX it can be expired if $lifetime is very short + #check_sa_entries $SOCK_PEER $ip_local $ip_peer } test_ipsec4_lifetime()
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Mon May 15 09:56:47 UTC 2017 Modified Files: src/tests/net/ipsec: common.sh Log Message: Fix typo To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/common.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/common.sh diff -u src/tests/net/ipsec/common.sh:1.2 src/tests/net/ipsec/common.sh:1.3 --- src/tests/net/ipsec/common.sh:1.2 Wed May 10 04:46:13 2017 +++ src/tests/net/ipsec/common.sh Mon May 15 09:56:47 2017 @@ -1,4 +1,4 @@ -# $NetBSD: common.sh,v 1.2 2017/05/10 04:46:13 ozaki-r Exp $ +# $NetBSD: common.sh,v 1.3 2017/05/15 09:56:47 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -47,7 +47,7 @@ check_sa_entries() $DEBUG && $HIJACKING setkey -D - atf_check -s exit:0 -o match:"$local_addr $rmote_addr" \ + atf_check -s exit:0 -o match:"$local_addr $remote_addr" \ $HIJACKING setkey -D atf_check -s exit:0 -o match:"$remote_addr $local_addr" \ $HIJACKING setkey -D
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Mon May 15 09:56:47 UTC 2017 Modified Files: src/tests/net/ipsec: common.sh Log Message: Fix typo To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/common.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Fri May 12 02:34:46 UTC 2017
Modified Files:
src/tests/net/ipsec: algorithms.sh t_ipsec_gif.sh t_ipsec_l2tp.sh
t_ipsec_transport.sh t_ipsec_tunnel.sh t_ipsec_tunnel_odd.sh
Log Message:
Dedup some routines
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/algorithms.sh \
src/tests/net/ipsec/t_ipsec_transport.sh
cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/t_ipsec_gif.sh \
src/tests/net/ipsec/t_ipsec_l2tp.sh
cvs rdiff -u -r1.7 -r1.8 src/tests/net/ipsec/t_ipsec_tunnel.sh
cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_tunnel_odd.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/algorithms.sh
diff -u src/tests/net/ipsec/algorithms.sh:1.3 src/tests/net/ipsec/algorithms.sh:1.4
--- src/tests/net/ipsec/algorithms.sh:1.3 Thu Apr 27 08:06:59 2017
+++ src/tests/net/ipsec/algorithms.sh Fri May 12 02:34:45 2017
@@ -1,4 +1,4 @@
-# $NetBSD: algorithms.sh,v 1.3 2017/04/27 08:06:59 ozaki-r Exp $
+# $NetBSD: algorithms.sh,v 1.4 2017/05/12 02:34:45 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -160,3 +160,17 @@ generate_key()
echo $key
}
+
+generate_algo_args()
+{
+ local proto=$1
+ local algo=$2
+ local keylen=$(get_one_valid_keylen $algo)
+ local key=$(generate_key $keylen)
+
+ if [ $proto = esp ]; then
+ echo "-E $algo $key"
+ else
+ echo "-A $algo $key"
+ fi
+}
Index: src/tests/net/ipsec/t_ipsec_transport.sh
diff -u src/tests/net/ipsec/t_ipsec_transport.sh:1.3 src/tests/net/ipsec/t_ipsec_transport.sh:1.4
--- src/tests/net/ipsec/t_ipsec_transport.sh:1.3 Wed May 10 04:46:13 2017
+++ src/tests/net/ipsec/t_ipsec_transport.sh Fri May 12 02:34:45 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_transport.sh,v 1.3 2017/05/10 04:46:13 ozaki-r Exp $
+# $NetBSD: t_ipsec_transport.sh,v 1.4 2017/05/12 02:34:45 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -37,19 +37,10 @@ test_ipsec4_transport()
local algo=$2
local ip_local=10.0.0.1
local ip_peer=10.0.0.2
- local keylen=$(get_one_valid_keylen $algo)
- local key=$(generate_key $keylen)
local tmpfile=./tmp
local outfile=./out
- local opt= proto_cap=
-
- if [ $proto = esp ]; then
- opt=-E
- proto_cap=ESP
- else
- opt=-A
- proto_cap=AH
- fi
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local algo_args="$(generate_algo_args $proto $algo)"
rump_server_crypto_start $SOCK_LOCAL netipsec
rump_server_crypto_start $SOCK_PEER netipsec
@@ -78,8 +69,8 @@ test_ipsec4_transport()
export RUMP_SERVER=$SOCK_LOCAL
# from https://www.netbsd.org/docs/network/ipsec/
cat > $tmpfile <<-EOF
- add $ip_local $ip_peer $proto 1 $opt $algo $key;
- add $ip_peer $ip_local $proto 10001 $opt $algo $key;
+ add $ip_local $ip_peer $proto 1 $algo_args;
+ add $ip_peer $ip_local $proto 10001 $algo_args;
spdadd $ip_local $ip_peer any -P out ipsec $proto/transport//require;
EOF
$DEBUG && cat $tmpfile
@@ -88,8 +79,8 @@ test_ipsec4_transport()
export RUMP_SERVER=$SOCK_PEER
cat > $tmpfile <<-EOF
- add $ip_local $ip_peer $proto 1 $opt $algo $key;
- add $ip_peer $ip_local $proto 10001 $opt $algo $key;
+ add $ip_local $ip_peer $proto 1 $algo_args;
+ add $ip_peer $ip_local $proto 10001 $algo_args;
spdadd $ip_peer $ip_local any -P out ipsec $proto/transport//require;
EOF
$DEBUG && cat $tmpfile
@@ -115,19 +106,10 @@ test_ipsec6_transport()
local algo=$2
local ip_local=fd00::1
local ip_peer=fd00::2
- local keylen=$(get_one_valid_keylen $algo)
- local key=$(generate_key $keylen)
local tmpfile=./tmp
local outfile=./out
- local opt= proto_cap=
-
- if [ $proto = esp ]; then
- opt=-E
- proto_cap=ESP
- else
- opt=-A
- proto_cap=AH
- fi
+ local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
+ local algo_args="$(generate_algo_args $proto $algo)"
rump_server_crypto_start $SOCK_LOCAL netinet6 netipsec
rump_server_crypto_start $SOCK_PEER netinet6 netipsec
@@ -156,8 +138,8 @@ test_ipsec6_transport()
export RUMP_SERVER=$SOCK_LOCAL
# from https://www.netbsd.org/docs/network/ipsec/
cat > $tmpfile <<-EOF
- add $ip_local $ip_peer $proto 1 $opt $algo $key;
- add $ip_peer $ip_local $proto 10001 $opt $algo $key;
+ add $ip_local $ip_peer $proto 1 $algo_args;
+ add $ip_peer $ip_local $proto 10001 $algo_args;
spdadd $ip_local $ip_peer any -P out ipsec $proto/transport//require;
EOF
$DEBUG && cat $tmpfile
@@ -166,8 +148,8 @@ test_ipsec6_transport()
export RUMP_SERVER=$SOCK_PEER
cat > $tmpfile <<-EOF
- add $ip_local $ip_peer $proto 1 $opt $algo $key;
- add $ip_peer $ip_local $proto 10001 $opt $algo $key;
+ add $ip_local $ip_peer $proto 1 $algo_args;
+ add $ip_peer $ip_local $proto 10001 $algo_args;
spdadd $ip_peer $ip_local any -P out ipsec $proto/transport//require;
EOF
$DEBUG && cat $tmpfile
Index:
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Fri May 12 02:34:46 UTC 2017 Modified Files: src/tests/net/ipsec: algorithms.sh t_ipsec_gif.sh t_ipsec_l2tp.sh t_ipsec_transport.sh t_ipsec_tunnel.sh t_ipsec_tunnel_odd.sh Log Message: Dedup some routines To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/algorithms.sh \ src/tests/net/ipsec/t_ipsec_transport.sh cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/t_ipsec_gif.sh \ src/tests/net/ipsec/t_ipsec_l2tp.sh cvs rdiff -u -r1.7 -r1.8 src/tests/net/ipsec/t_ipsec_tunnel.sh cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_tunnel_odd.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed May 10 09:00:29 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_tunnel.sh Log Message: Disable DAD rather than waiting its completion every time To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/t_ipsec_tunnel.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed May 10 09:00:29 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_tunnel.sh Log Message: Disable DAD rather than waiting its completion every time To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/t_ipsec_tunnel.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/t_ipsec_tunnel.sh diff -u src/tests/net/ipsec/t_ipsec_tunnel.sh:1.6 src/tests/net/ipsec/t_ipsec_tunnel.sh:1.7 --- src/tests/net/ipsec/t_ipsec_tunnel.sh:1.6 Wed May 10 08:59:40 2017 +++ src/tests/net/ipsec/t_ipsec_tunnel.sh Wed May 10 09:00:29 2017 @@ -1,4 +1,4 @@ -# $NetBSD: t_ipsec_tunnel.sh,v 1.6 2017/05/10 08:59:40 ozaki-r Exp $ +# $NetBSD: t_ipsec_tunnel.sh,v 1.7 2017/05/10 09:00:29 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -91,11 +91,13 @@ test_ipsec4_tunnel() setup_servers export RUMP_SERVER=$SOCK_LOCAL + atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24 atf_check -s exit:0 -o ignore \ rump.route -n add -net $subnet_remote $ip_gw_local export RUMP_SERVER=$SOCK_TUNNEL_LOCAL + atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 atf_check -s exit:0 rump.ifconfig shmif0 $ip_gw_local/24 atf_check -s exit:0 rump.ifconfig shmif1 $ip_gw_local_tunnel/24 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.forwarding=1 @@ -103,6 +105,7 @@ test_ipsec4_tunnel() rump.route -n add -net $subnet_remote $ip_gw_remote_tunnel export RUMP_SERVER=$SOCK_TUNNEL_REMOTE + atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 atf_check -s exit:0 rump.ifconfig shmif0 $ip_gw_remote/24 atf_check -s exit:0 rump.ifconfig shmif1 $ip_gw_remote_tunnel/24 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.forwarding=1 @@ -110,9 +113,8 @@ test_ipsec4_tunnel() rump.route -n add -net $subnet_local $ip_gw_local_tunnel export RUMP_SERVER=$SOCK_REMOTE + atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 atf_check -s exit:0 rump.ifconfig shmif0 $ip_remote/24 - # Run ifconfig -w 10 just once for optimization - atf_check -s exit:0 rump.ifconfig -w 10 atf_check -s exit:0 -o ignore \ rump.route -n add -net $subnet_local $ip_gw_remote @@ -198,11 +200,13 @@ test_ipsec6_tunnel() setup_servers export RUMP_SERVER=$SOCK_LOCAL + atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_local/64 atf_check -s exit:0 -o ignore \ rump.route -n add -inet6 -net $subnet_remote/64 $ip_gw_local export RUMP_SERVER=$SOCK_TUNNEL_LOCAL + atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_gw_local/64 atf_check -s exit:0 rump.ifconfig shmif1 inet6 $ip_gw_local_tunnel/64 atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.forwarding=1 @@ -210,6 +214,7 @@ test_ipsec6_tunnel() rump.route -n add -inet6 -net $subnet_remote/64 $ip_gw_remote_tunnel export RUMP_SERVER=$SOCK_TUNNEL_REMOTE + atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_gw_remote/64 atf_check -s exit:0 rump.ifconfig shmif1 inet6 $ip_gw_remote_tunnel/64 atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.forwarding=1 @@ -217,9 +222,8 @@ test_ipsec6_tunnel() rump.route -n add -inet6 -net $subnet_local/64 $ip_gw_local_tunnel export RUMP_SERVER=$SOCK_REMOTE + atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_remote - # Run ifconfig -w 10 just once for optimization - atf_check -s exit:0 rump.ifconfig -w 10 atf_check -s exit:0 -o ignore \ rump.route -n add -inet6 -net $subnet_local/64 $ip_gw_remote
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Wed May 10 08:59:40 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_tunnel.sh
Log Message:
Dedup some routines
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/t_ipsec_tunnel.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_tunnel.sh
diff -u src/tests/net/ipsec/t_ipsec_tunnel.sh:1.5 src/tests/net/ipsec/t_ipsec_tunnel.sh:1.6
--- src/tests/net/ipsec/t_ipsec_tunnel.sh:1.5 Wed May 10 04:46:13 2017
+++ src/tests/net/ipsec/t_ipsec_tunnel.sh Wed May 10 08:59:40 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_tunnel.sh,v 1.5 2017/05/10 04:46:13 ozaki-r Exp $
+# $NetBSD: t_ipsec_tunnel.sh,v 1.6 2017/05/10 08:59:40 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -35,6 +35,33 @@ BUS_REMOTE=./bus_ipsec_remote
DEBUG=${DEBUG:-false}
+setup_servers()
+{
+
+ # See https://www.netbsd.org/docs/network/ipsec/#sample_vpn
+ rump_server_crypto_start $SOCK_LOCAL netinet6
+ rump_server_crypto_start $SOCK_TUNNEL_LOCAL netipsec netinet6
+ rump_server_crypto_start $SOCK_TUNNEL_REMOTE netipsec netinet6
+ rump_server_crypto_start $SOCK_REMOTE netinet6
+ rump_server_add_iface $SOCK_LOCAL shmif0 $BUS_LOCAL
+ rump_server_add_iface $SOCK_TUNNEL_LOCAL shmif0 $BUS_LOCAL
+ rump_server_add_iface $SOCK_TUNNEL_LOCAL shmif1 $BUS_TUNNEL
+ rump_server_add_iface $SOCK_TUNNEL_REMOTE shmif0 $BUS_REMOTE
+ rump_server_add_iface $SOCK_TUNNEL_REMOTE shmif1 $BUS_TUNNEL
+ rump_server_add_iface $SOCK_REMOTE shmif0 $BUS_REMOTE
+}
+
+check_tunnel_packets()
+{
+ local outfile=$1
+ local src=$2
+ local dst=$3
+ local proto=$4
+
+ atf_check -s exit:0 -o match:"$src > $dst: $proto" cat $outfile
+ atf_check -s exit:0 -o match:"$dst > $src: $proto" cat $outfile
+}
+
test_ipsec4_tunnel()
{
local proto=$1
@@ -61,17 +88,7 @@ test_ipsec4_tunnel()
proto_cap=AH
fi
- # See https://www.netbsd.org/docs/network/ipsec/#sample_vpn
- rump_server_crypto_start $SOCK_LOCAL
- rump_server_crypto_start $SOCK_TUNNEL_LOCAL netipsec
- rump_server_crypto_start $SOCK_TUNNEL_REMOTE netipsec
- rump_server_crypto_start $SOCK_REMOTE
- rump_server_add_iface $SOCK_LOCAL shmif0 $BUS_LOCAL
- rump_server_add_iface $SOCK_TUNNEL_LOCAL shmif0 $BUS_LOCAL
- rump_server_add_iface $SOCK_TUNNEL_LOCAL shmif1 $BUS_TUNNEL
- rump_server_add_iface $SOCK_TUNNEL_REMOTE shmif0 $BUS_REMOTE
- rump_server_add_iface $SOCK_TUNNEL_REMOTE shmif1 $BUS_TUNNEL
- rump_server_add_iface $SOCK_REMOTE shmif0 $BUS_REMOTE
+ setup_servers
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s exit:0 rump.ifconfig shmif0 $ip_local/24
@@ -145,12 +162,8 @@ test_ipsec4_tunnel()
atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_remote
extract_new_packets $BUS_TUNNEL > $outfile
- atf_check -s exit:0 \
- -o match:"$ip_gw_local_tunnel > $ip_gw_remote_tunnel: $proto_cap" \
- cat $outfile
- atf_check -s exit:0 \
- -o match:"$ip_gw_remote_tunnel > $ip_gw_local_tunnel: $proto_cap" \
- cat $outfile
+ check_tunnel_packets $outfile $ip_gw_local_tunnel $ip_gw_remote_tunnel \
+ $proto_cap
test_flush_entries $SOCK_TUNNEL_LOCAL
test_flush_entries $SOCK_TUNNEL_REMOTE
@@ -182,16 +195,7 @@ test_ipsec6_tunnel()
proto_cap=AH
fi
- rump_server_crypto_start $SOCK_LOCAL netinet6
- rump_server_crypto_start $SOCK_TUNNEL_LOCAL netipsec netinet6
- rump_server_crypto_start $SOCK_TUNNEL_REMOTE netipsec netinet6
- rump_server_crypto_start $SOCK_REMOTE netinet6
- rump_server_add_iface $SOCK_LOCAL shmif0 $BUS_LOCAL
- rump_server_add_iface $SOCK_TUNNEL_LOCAL shmif0 $BUS_LOCAL
- rump_server_add_iface $SOCK_TUNNEL_LOCAL shmif1 $BUS_TUNNEL
- rump_server_add_iface $SOCK_TUNNEL_REMOTE shmif0 $BUS_REMOTE
- rump_server_add_iface $SOCK_TUNNEL_REMOTE shmif1 $BUS_TUNNEL
- rump_server_add_iface $SOCK_REMOTE shmif0 $BUS_REMOTE
+ setup_servers
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s exit:0 rump.ifconfig shmif0 inet6 $ip_local/64
@@ -265,12 +269,8 @@ test_ipsec6_tunnel()
atf_check -s exit:0 -o ignore rump.ping6 -c 1 -n -X 3 $ip_remote
extract_new_packets $BUS_TUNNEL > $outfile
- atf_check -s exit:0 \
- -o match:"$ip_gw_local_tunnel > $ip_gw_remote_tunnel: $proto_cap" \
- cat $outfile
- atf_check -s exit:0 \
- -o match:"$ip_gw_remote_tunnel > $ip_gw_local_tunnel: $proto_cap" \
- cat $outfile
+ check_tunnel_packets $outfile $ip_gw_local_tunnel $ip_gw_remote_tunnel \
+ $proto_cap
test_flush_entries $SOCK_TUNNEL_LOCAL
test_flush_entries $SOCK_TUNNEL_REMOTE
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed May 10 08:59:40 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_tunnel.sh Log Message: Dedup some routines To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/tests/net/ipsec/t_ipsec_tunnel.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Wed May 10 04:46:13 UTC 2017
Modified Files:
src/tests/net/ipsec: common.sh t_ipsec_gif.sh t_ipsec_l2tp.sh
t_ipsec_transport.sh t_ipsec_tunnel.sh
Log Message:
Introduce check_sa_entries to remove lots of duplicated codes
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/common.sh
cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/t_ipsec_gif.sh \
src/tests/net/ipsec/t_ipsec_l2tp.sh
cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_transport.sh
cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/t_ipsec_tunnel.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/common.sh
diff -u src/tests/net/ipsec/common.sh:1.1 src/tests/net/ipsec/common.sh:1.2
--- src/tests/net/ipsec/common.sh:1.1 Tue May 9 04:25:28 2017
+++ src/tests/net/ipsec/common.sh Wed May 10 04:46:13 2017
@@ -1,4 +1,4 @@
-# $NetBSD: common.sh,v 1.1 2017/05/09 04:25:28 ozaki-r Exp $
+# $NetBSD: common.sh,v 1.2 2017/05/10 04:46:13 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -36,3 +36,20 @@ test_flush_entries()
atf_check -s exit:0 -o match:"No SAD entries." $HIJACKING setkey -D -a
atf_check -s exit:0 -o match:"No SPD entries." $HIJACKING setkey -D -P
}
+
+check_sa_entries()
+{
+ local sock=$1
+ local local_addr=$2
+ local remote_addr=$3
+
+ export RUMP_SERVER=$sock
+
+ $DEBUG && $HIJACKING setkey -D
+
+ atf_check -s exit:0 -o match:"$local_addr $rmote_addr" \
+ $HIJACKING setkey -D
+ atf_check -s exit:0 -o match:"$remote_addr $local_addr" \
+ $HIJACKING setkey -D
+ # TODO: more detail checks
+}
Index: src/tests/net/ipsec/t_ipsec_gif.sh
diff -u src/tests/net/ipsec/t_ipsec_gif.sh:1.3 src/tests/net/ipsec/t_ipsec_gif.sh:1.4
--- src/tests/net/ipsec/t_ipsec_gif.sh:1.3 Tue May 9 04:25:28 2017
+++ src/tests/net/ipsec/t_ipsec_gif.sh Wed May 10 04:46:13 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_gif.sh,v 1.3 2017/05/09 04:25:28 ozaki-r Exp $
+# $NetBSD: t_ipsec_gif.sh,v 1.4 2017/05/10 04:46:13 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -161,12 +161,6 @@ test_ipsec4_gif()
EOF
$DEBUG && cat $tmpfile
atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwlo_tun $ip_gwre_tun" \
- $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwre_tun $ip_gwlo_tun" \
- $HIJACKING setkey -D
- # TODO: more detail checks
export RUMP_SERVER=$SOCK_TUN_REMOTE
cat > $tmpfile <<-EOF
@@ -179,12 +173,6 @@ test_ipsec4_gif()
EOF
$DEBUG && cat $tmpfile
atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwlo_tun $ip_gwre_tun" \
- $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwre_tun $ip_gwlo_tun" \
- $HIJACKING setkey -D
- # TODO: more detail checks
else # transport mode
export RUMP_SERVER=$SOCK_TUN_LOCAL
# from https://www.netbsd.org/docs/network/ipsec/
@@ -198,12 +186,6 @@ test_ipsec4_gif()
EOF
$DEBUG && cat $tmpfile
atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwlo_tun $ip_gwre_tun" \
- $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwre_tun $ip_gwlo_tun" \
- $HIJACKING setkey -D
- # TODO: more detail checks
export RUMP_SERVER=$SOCK_TUN_REMOTE
cat > $tmpfile <<-EOF
@@ -216,14 +198,11 @@ test_ipsec4_gif()
EOF
$DEBUG && cat $tmpfile
atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwlo_tun $ip_gwre_tun" \
- $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwre_tun $ip_gwlo_tun" \
- $HIJACKING setkey -D
- # TODO: more detail checks
fi
+ check_sa_entries $SOCK_TUN_LOCAL $ip_gwlo_tun $ip_gwre_tun
+ check_sa_entries $SOCK_TUN_REMOTE $ip_gwlo_tun $ip_gwre_tun
+
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_remote
@@ -378,21 +357,8 @@ test_ipsec6_gif()
atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
fi
- export RUMP_SERVER=$SOCK_TUN_LOCAL
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwlo_tun $ip_gwre_tun" \
- $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwre_tun $ip_gwlo_tun" \
- $HIJACKING setkey -D
- # TODO: more detail checks
-
- export RUMP_SERVER=$SOCK_TUN_REMOTE
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwlo_tun $ip_gwre_tun" \
- $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gwre_tun $ip_gwlo_tun" \
- $HIJACKING setkey -D
- # TODO: more detail checks
+ check_sa_entries $SOCK_TUN_LOCAL $ip_gwlo_tun $ip_gwre_tun
+ check_sa_entries
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Wed May 10 04:46:13 UTC 2017 Modified Files: src/tests/net/ipsec: common.sh t_ipsec_gif.sh t_ipsec_l2tp.sh t_ipsec_transport.sh t_ipsec_tunnel.sh Log Message: Introduce check_sa_entries to remove lots of duplicated codes To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/common.sh cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/t_ipsec_gif.sh \ src/tests/net/ipsec/t_ipsec_l2tp.sh cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_transport.sh cvs rdiff -u -r1.4 -r1.5 src/tests/net/ipsec/t_ipsec_tunnel.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Tue May 9 04:25:28 UTC 2017
Modified Files:
src/tests/net/ipsec: Makefile t_ipsec_gif.sh t_ipsec_l2tp.sh
t_ipsec_transport.sh t_ipsec_tunnel.sh
Added Files:
src/tests/net/ipsec: common.sh
Log Message:
Test flushing SAD/SPD entries
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/Makefile \
src/tests/net/ipsec/t_ipsec_tunnel.sh
cvs rdiff -u -r0 -r1.1 src/tests/net/ipsec/common.sh
cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_gif.sh \
src/tests/net/ipsec/t_ipsec_l2tp.sh
cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_transport.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/Makefile
diff -u src/tests/net/ipsec/Makefile:1.3 src/tests/net/ipsec/Makefile:1.4
--- src/tests/net/ipsec/Makefile:1.3 Thu Apr 27 06:53:44 2017
+++ src/tests/net/ipsec/Makefile Tue May 9 04:25:28 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.3 2017/04/27 06:53:44 ozaki-r Exp $
+# $NetBSD: Makefile,v 1.4 2017/05/09 04:25:28 ozaki-r Exp $
#
.include
@@ -8,7 +8,8 @@ TESTSDIR= ${TESTSBASE}/net/ipsec
.for name in ipsec_ah_keys ipsec_esp_keys ipsec_gif ipsec_l2tp ipsec_sysctl \
ipsec_transport ipsec_tunnel
TESTS_SH+= t_${name}
-TESTS_SH_SRC_t_${name}= ../net_common.sh ./algorithms.sh t_${name}.sh
+TESTS_SH_SRC_t_${name}= ../net_common.sh ./common.sh ./algorithms.sh \
+t_${name}.sh
.endfor
.include
Index: src/tests/net/ipsec/t_ipsec_tunnel.sh
diff -u src/tests/net/ipsec/t_ipsec_tunnel.sh:1.3 src/tests/net/ipsec/t_ipsec_tunnel.sh:1.4
--- src/tests/net/ipsec/t_ipsec_tunnel.sh:1.3 Sun Apr 16 10:34:49 2017
+++ src/tests/net/ipsec/t_ipsec_tunnel.sh Tue May 9 04:25:28 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_tunnel.sh,v 1.3 2017/04/16 10:34:49 ozaki-r Exp $
+# $NetBSD: t_ipsec_tunnel.sh,v 1.4 2017/05/09 04:25:28 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -163,6 +163,9 @@ test_ipsec4_tunnel()
atf_check -s exit:0 \
-o match:"$ip_gw_remote_tunnel > $ip_gw_local_tunnel: $proto_cap" \
cat $outfile
+
+ test_flush_entries $SOCK_TUNNEL_LOCAL
+ test_flush_entries $SOCK_TUNNEL_REMOTE
}
test_ipsec6_tunnel()
@@ -292,6 +295,9 @@ test_ipsec6_tunnel()
atf_check -s exit:0 \
-o match:"$ip_gw_remote_tunnel > $ip_gw_local_tunnel: $proto_cap" \
cat $outfile
+
+ test_flush_entries $SOCK_TUNNEL_LOCAL
+ test_flush_entries $SOCK_TUNNEL_REMOTE
}
test_tunnel_common()
Index: src/tests/net/ipsec/t_ipsec_gif.sh
diff -u src/tests/net/ipsec/t_ipsec_gif.sh:1.2 src/tests/net/ipsec/t_ipsec_gif.sh:1.3
--- src/tests/net/ipsec/t_ipsec_gif.sh:1.2 Thu Apr 27 10:17:12 2017
+++ src/tests/net/ipsec/t_ipsec_gif.sh Tue May 9 04:25:28 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_gif.sh,v 1.2 2017/04/27 10:17:12 ozaki-r Exp $
+# $NetBSD: t_ipsec_gif.sh,v 1.3 2017/05/09 04:25:28 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -234,6 +234,9 @@ test_ipsec4_gif()
str=$(make_gif_pktstr $ip_gwre_tun $ip_gwlo_tun \
$ip_remote $ip_local $proto ipv4)
atf_check -s exit:0 -o match:"$str" cat $outfile
+
+ test_flush_entries $SOCK_TUN_LOCAL
+ test_flush_entries $SOCK_TUN_REMOTE
}
test_ipsec6_gif()
@@ -401,6 +404,9 @@ test_ipsec6_gif()
str=$(make_gif_pktstr $ip_gwre_tun $ip_gwlo_tun \
$ip_remote $ip_local $proto ipv6)
atf_check -s exit:0 -o match:"$str" cat $outfile
+
+ test_flush_entries $SOCK_TUN_LOCAL
+ test_flush_entries $SOCK_TUN_REMOTE
}
test_ipsec_gif_common()
Index: src/tests/net/ipsec/t_ipsec_l2tp.sh
diff -u src/tests/net/ipsec/t_ipsec_l2tp.sh:1.2 src/tests/net/ipsec/t_ipsec_l2tp.sh:1.3
--- src/tests/net/ipsec/t_ipsec_l2tp.sh:1.2 Thu Apr 27 10:17:12 2017
+++ src/tests/net/ipsec/t_ipsec_l2tp.sh Tue May 9 04:25:28 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_l2tp.sh,v 1.2 2017/04/27 10:17:12 ozaki-r Exp $
+# $NetBSD: t_ipsec_l2tp.sh,v 1.3 2017/05/09 04:25:28 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -220,6 +220,9 @@ test_ipsec4_l2tp()
atf_check -s exit:0 -o match:"$str" cat $outfile
str=$(make_l2tp_pktstr $ip_gwre_tun $ip_gwlo_tun $proto ipv4 $mode)
atf_check -s exit:0 -o match:"$str" cat $outfile
+
+ test_flush_entries $SOCK_TUN_LOCAL
+ test_flush_entries $SOCK_TUN_REMOTE
}
test_ipsec6_l2tp()
@@ -387,6 +390,9 @@ test_ipsec6_l2tp()
atf_check -s exit:0 -o match:"$str" cat $outfile
str=$(make_l2tp_pktstr $ip_gwre_tun $ip_gwlo_tun $proto ipv6 $mode)
atf_check -s exit:0 -o match:"$str" cat $outfile
+
+ test_flush_entries $SOCK_TUN_LOCAL
+ test_flush_entries $SOCK_TUN_REMOTE
}
test_ipsec_l2tp_common()
Index: src/tests/net/ipsec/t_ipsec_transport.sh
diff -u src/tests/net/ipsec/t_ipsec_transport.sh:1.1 src/tests/net/ipsec/t_ipsec_transport.sh:1.2
--- src/tests/net/ipsec/t_ipsec_transport.sh:1.1 Fri
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Tue May 9 04:25:28 UTC 2017 Modified Files: src/tests/net/ipsec: Makefile t_ipsec_gif.sh t_ipsec_l2tp.sh t_ipsec_transport.sh t_ipsec_tunnel.sh Added Files: src/tests/net/ipsec: common.sh Log Message: Test flushing SAD/SPD entries To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/tests/net/ipsec/Makefile \ src/tests/net/ipsec/t_ipsec_tunnel.sh cvs rdiff -u -r0 -r1.1 src/tests/net/ipsec/common.sh cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_gif.sh \ src/tests/net/ipsec/t_ipsec_l2tp.sh cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_transport.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Thu Apr 27 10:17:12 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_gif.sh t_ipsec_l2tp.sh
Log Message:
Test transport mode as well as tunnel mode
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_gif.sh \
src/tests/net/ipsec/t_ipsec_l2tp.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_gif.sh
diff -u src/tests/net/ipsec/t_ipsec_gif.sh:1.1 src/tests/net/ipsec/t_ipsec_gif.sh:1.2
--- src/tests/net/ipsec/t_ipsec_gif.sh:1.1 Thu Apr 27 06:52:45 2017
+++ src/tests/net/ipsec/t_ipsec_gif.sh Thu Apr 27 10:17:12 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_gif.sh,v 1.1 2017/04/27 06:52:45 ozaki-r Exp $
+# $NetBSD: t_ipsec_gif.sh,v 1.2 2017/04/27 10:17:12 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -61,14 +61,15 @@ make_gif_pktstr()
test_ipsec4_gif()
{
- local proto=$1
- local algo=$2
+ local mode=$1
+ local proto=$2
+ local algo=$3
local ip_local=10.0.1.2
local ip_gw_local=10.0.1.1
- local ip_gw_local_tun=20.0.0.1
- local ip_gw_local_gif=20.1.0.1
- local ip_gw_remote_gif=20.1.0.2
- local ip_gw_remote_tun=20.0.0.2
+ local ip_gwlo_tun=20.0.0.1
+ local ip_gwlo_gif=20.1.0.1
+ local ip_gwre_gif=20.1.0.2
+ local ip_gwre_tun=20.0.0.2
local ip_gw_remote=10.0.2.1
local ip_remote=10.0.2.2
local subnet_local=10.0.1.0
@@ -103,27 +104,27 @@ test_ipsec4_gif()
export RUMP_SERVER=$SOCK_TUN_LOCAL
atf_check -s exit:0 rump.ifconfig shmif0 $ip_gw_local/24
- atf_check -s exit:0 rump.ifconfig shmif1 $ip_gw_local_tun/24
+ atf_check -s exit:0 rump.ifconfig shmif1 $ip_gwlo_tun/24
atf_check -s exit:0 rump.ifconfig gif0 create
atf_check -s exit:0 rump.ifconfig gif0 \
- tunnel $ip_gw_local_tun $ip_gw_remote_tun
+ tunnel $ip_gwlo_tun $ip_gwre_tun
atf_check -s exit:0 rump.ifconfig gif0 \
- inet $ip_gw_local_gif/32 $ip_gw_remote_gif
+ inet $ip_gwlo_gif/32 $ip_gwre_gif
atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.forwarding=1
atf_check -s exit:0 -o ignore \
- rump.route -n add -net $subnet_remote $ip_gw_remote_gif
+ rump.route -n add -net $subnet_remote $ip_gwre_gif
export RUMP_SERVER=$SOCK_TUN_REMOTE
atf_check -s exit:0 rump.ifconfig shmif0 $ip_gw_remote/24
- atf_check -s exit:0 rump.ifconfig shmif1 $ip_gw_remote_tun/24
+ atf_check -s exit:0 rump.ifconfig shmif1 $ip_gwre_tun/24
atf_check -s exit:0 rump.ifconfig gif0 create
atf_check -s exit:0 rump.ifconfig gif0 \
- tunnel $ip_gw_remote_tun $ip_gw_local_tun
+ tunnel $ip_gwre_tun $ip_gwlo_tun
atf_check -s exit:0 rump.ifconfig gif0 \
- inet $ip_gw_remote_gif/32 $ip_gw_local_gif
+ inet $ip_gwre_gif/32 $ip_gwlo_gif
atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.forwarding=1
atf_check -s exit:0 -o ignore \
- rump.route -n add -net $subnet_local $ip_gw_local_gif
+ rump.route -n add -net $subnet_local $ip_gwlo_gif
export RUMP_SERVER=$SOCK_REMOTE
atf_check -s exit:0 rump.ifconfig shmif0 $ip_remote/24
@@ -138,74 +139,114 @@ test_ipsec4_gif()
atf_check -s exit:0 -o ignore rump.ping -c 1 -n -w 3 $ip_remote
extract_new_packets $BUS_TUNNEL > $outfile
- str="$ip_gw_local_tun > $ip_gw_remote_tun:"
+ str="$ip_gwlo_tun > $ip_gwre_tun:"
str="$str $ip_local > $ip_remote: ICMP echo request,"
str="$str .+ \(ipip-proto-4\)"
atf_check -s exit:0 -o match:"$str" cat $outfile
- str="$ip_gw_remote_tun > $ip_gw_local_tun:"
+ str="$ip_gwre_tun > $ip_gwlo_tun:"
str="$str $ip_remote > $ip_local: ICMP echo reply,"
str="$str .+ \(ipip-proto-4\)"
atf_check -s exit:0 -o match:"$str" cat $outfile
- export RUMP_SERVER=$SOCK_TUN_LOCAL
- # from https://www.netbsd.org/docs/network/ipsec/
- cat > $tmpfile <<-EOF
- add $ip_gw_local_tun $ip_gw_remote_tun $proto 1 $opt $algo $key;
- add $ip_gw_remote_tun $ip_gw_local_tun $proto 10001 $opt $algo $key;
- spdadd $subnet_local/24 $subnet_remote/24 any -P out ipsec
- $proto/tunnel/$ip_gw_local_tun-$ip_gw_remote_tun/require;
- spdadd $subnet_remote/24 $subnet_local/24 any -P in ipsec
- $proto/tunnel/$ip_gw_remote_tun-$ip_gw_local_tun/require;
- EOF
- $DEBUG && cat $tmpfile
- atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gw_local_tun $ip_gw_remote_tun" \
- $HIJACKING setkey -D
- atf_check -s exit:0 -o match:"$ip_gw_remote_tun $ip_gw_local_tun" \
- $HIJACKING setkey -D
- # TODO: more detail checks
-
- export RUMP_SERVER=$SOCK_TUN_REMOTE
- cat > $tmpfile <<-EOF
- add $ip_gw_local_tun $ip_gw_remote_tun $proto 1 $opt $algo $key;
- add $ip_gw_remote_tun $ip_gw_local_tun $proto 10001 $opt $algo $key;
- spdadd $subnet_remote/24 $subnet_local/24 any -P out ipsec
- $proto/tunnel/$ip_gw_remote_tun-$ip_gw_local_tun/require;
- spdadd $subnet_local/24 $subnet_remote/24 any -P in ipsec
-
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Apr 27 10:17:12 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_gif.sh t_ipsec_l2tp.sh Log Message: Test transport mode as well as tunnel mode To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_gif.sh \ src/tests/net/ipsec/t_ipsec_l2tp.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Apr 27 08:06:59 UTC 2017 Modified Files: src/tests/net/ipsec: algorithms.sh Log Message: Prefer rijndael-cbc To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/algorithms.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/algorithms.sh diff -u src/tests/net/ipsec/algorithms.sh:1.2 src/tests/net/ipsec/algorithms.sh:1.3 --- src/tests/net/ipsec/algorithms.sh:1.2 Thu Apr 27 06:50:42 2017 +++ src/tests/net/ipsec/algorithms.sh Thu Apr 27 08:06:59 2017 @@ -1,4 +1,4 @@ -# $NetBSD: algorithms.sh,v 1.2 2017/04/27 06:50:42 ozaki-r Exp $ +# $NetBSD: algorithms.sh,v 1.3 2017/04/27 08:06:59 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -27,7 +27,7 @@ ESP_ENCRYPTION_ALGORITHMS="des-cbc 3des-cbc null blowfish-cbc cast128-cbc \ des-deriv rijndael-cbc aes-ctr camellia-cbc aes-gcm-16 aes-gmac" -ESP_ENCRYPTION_ALGORITHMS_MINIMUM="null aes-ctr" +ESP_ENCRYPTION_ALGORITHMS_MINIMUM="null rijndael-cbc" # Valid key lengths of ESP encription algorithms #des-cbc 64
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Apr 27 08:06:59 UTC 2017 Modified Files: src/tests/net/ipsec: algorithms.sh Log Message: Prefer rijndael-cbc To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/algorithms.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Apr 27 06:50:42 UTC 2017 Modified Files: src/tests/net/ipsec: algorithms.sh Log Message: Add minimum sets of algorithms for testing To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/algorithms.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/ipsec/algorithms.sh diff -u src/tests/net/ipsec/algorithms.sh:1.1 src/tests/net/ipsec/algorithms.sh:1.2 --- src/tests/net/ipsec/algorithms.sh:1.1 Fri Apr 14 02:56:49 2017 +++ src/tests/net/ipsec/algorithms.sh Thu Apr 27 06:50:42 2017 @@ -1,4 +1,4 @@ -# $NetBSD: algorithms.sh,v 1.1 2017/04/14 02:56:49 ozaki-r Exp $ +# $NetBSD: algorithms.sh,v 1.2 2017/04/27 06:50:42 ozaki-r Exp $ # # Copyright (c) 2017 Internet Initiative Japan Inc. # All rights reserved. @@ -27,6 +27,7 @@ ESP_ENCRYPTION_ALGORITHMS="des-cbc 3des-cbc null blowfish-cbc cast128-cbc \ des-deriv rijndael-cbc aes-ctr camellia-cbc aes-gcm-16 aes-gmac" +ESP_ENCRYPTION_ALGORITHMS_MINIMUM="null aes-ctr" # Valid key lengths of ESP encription algorithms #des-cbc 64 @@ -72,6 +73,7 @@ invalid_keys_aesgmac="152 168 216 232 28 AH_AUTHENTICATION_ALGORITHMS="hmac-md5 hmac-sha1 keyed-md5 keyed-sha1 null \ hmac-sha256 hmac-sha384 hmac-sha512 hmac-ripemd160 aes-xcbc-mac" +AH_AUTHENTICATION_ALGORITHMS_MINIMUM="null hmac-sha512" # Valid key lengths of AH authentication algorithms #hmac-md5128
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Thu Apr 27 06:50:42 UTC 2017 Modified Files: src/tests/net/ipsec: algorithms.sh Log Message: Add minimum sets of algorithms for testing To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/algorithms.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Sun Apr 16 10:34:49 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_tunnel.sh
Log Message:
Revert "Mark tests of tunnel/AH/IPv6 as expected failure (PR kern/52161)"
The issue was fixed by christos@
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_tunnel.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_tunnel.sh
diff -u src/tests/net/ipsec/t_ipsec_tunnel.sh:1.2 src/tests/net/ipsec/t_ipsec_tunnel.sh:1.3
--- src/tests/net/ipsec/t_ipsec_tunnel.sh:1.2 Fri Apr 14 03:35:40 2017
+++ src/tests/net/ipsec/t_ipsec_tunnel.sh Sun Apr 16 10:34:49 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_tunnel.sh,v 1.2 2017/04/14 03:35:40 ozaki-r Exp $
+# $NetBSD: t_ipsec_tunnel.sh,v 1.3 2017/04/16 10:34:49 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -312,15 +312,11 @@ add_test_tunnel_mode()
local ipproto=$1
local proto=$2
local algo=$3
- local expected_failure=$4
local _algo=$(echo $algo | sed 's/-//g')
- local name= desc= expected_failure_code=
+ local name= desc=
name="ipsec_tunnel_${ipproto}_${proto}_${_algo}"
desc="Tests of IPsec ($ipproto) tunnel mode with $proto ($algo)"
- if [ "$expected_failure" = yes ]; then
- expected_failure_code="atf_expect_fail 'PR kern/52161';"
- fi
atf_test_case ${name} cleanup
eval "\
@@ -329,7 +325,6 @@ add_test_tunnel_mode()
atf_set \"require.progs\" \"rump_server\" \"setkey\"; \
};\
${name}_body() { \
- $expected_failure_code \
test_tunnel_common $ipproto $proto $algo; \
rump_server_destroy_ifaces;\
};\
@@ -352,10 +347,6 @@ atf_init_test_cases()
for algo in $AH_AUTHENTICATION_ALGORITHMS; do
add_test_tunnel_mode ipv4 ah $algo
- if [ $algo = null ]; then
- add_test_tunnel_mode ipv6 ah $algo
- else
- add_test_tunnel_mode ipv6 ah $algo yes
- fi
+ add_test_tunnel_mode ipv6 ah $algo
done
}
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Sun Apr 16 10:34:49 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_tunnel.sh Log Message: Revert "Mark tests of tunnel/AH/IPv6 as expected failure (PR kern/52161)" The issue was fixed by christos@ To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/tests/net/ipsec/t_ipsec_tunnel.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/net/ipsec
Module Name:src
Committed By: ozaki-r
Date: Fri Apr 14 03:35:40 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_tunnel.sh
Log Message:
Mark tests of tunnel/AH/IPv6 as expected failure (PR kern/52161)
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_tunnel.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/ipsec/t_ipsec_tunnel.sh
diff -u src/tests/net/ipsec/t_ipsec_tunnel.sh:1.1 src/tests/net/ipsec/t_ipsec_tunnel.sh:1.2
--- src/tests/net/ipsec/t_ipsec_tunnel.sh:1.1 Fri Apr 14 02:56:49 2017
+++ src/tests/net/ipsec/t_ipsec_tunnel.sh Fri Apr 14 03:35:40 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_tunnel.sh,v 1.1 2017/04/14 02:56:49 ozaki-r Exp $
+# $NetBSD: t_ipsec_tunnel.sh,v 1.2 2017/04/14 03:35:40 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -312,11 +312,15 @@ add_test_tunnel_mode()
local ipproto=$1
local proto=$2
local algo=$3
+ local expected_failure=$4
local _algo=$(echo $algo | sed 's/-//g')
- local name= desc=
+ local name= desc= expected_failure_code=
name="ipsec_tunnel_${ipproto}_${proto}_${_algo}"
desc="Tests of IPsec ($ipproto) tunnel mode with $proto ($algo)"
+ if [ "$expected_failure" = yes ]; then
+ expected_failure_code="atf_expect_fail 'PR kern/52161';"
+ fi
atf_test_case ${name} cleanup
eval "\
@@ -325,6 +329,7 @@ add_test_tunnel_mode()
atf_set \"require.progs\" \"rump_server\" \"setkey\"; \
};\
${name}_body() { \
+ $expected_failure_code \
test_tunnel_common $ipproto $proto $algo; \
rump_server_destroy_ifaces;\
};\
@@ -347,6 +352,10 @@ atf_init_test_cases()
for algo in $AH_AUTHENTICATION_ALGORITHMS; do
add_test_tunnel_mode ipv4 ah $algo
- add_test_tunnel_mode ipv6 ah $algo
+ if [ $algo = null ]; then
+ add_test_tunnel_mode ipv6 ah $algo
+ else
+ add_test_tunnel_mode ipv6 ah $algo yes
+ fi
done
}
CVS commit: src/tests/net/ipsec
Module Name:src Committed By: ozaki-r Date: Fri Apr 14 03:35:40 UTC 2017 Modified Files: src/tests/net/ipsec: t_ipsec_tunnel.sh Log Message: Mark tests of tunnel/AH/IPv6 as expected failure (PR kern/52161) To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/tests/net/ipsec/t_ipsec_tunnel.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
