xref: /freebsd/tests/sys/netipsec/tunnel/utils.subr (revision 4d846d26) 
1# $FreeBSD$
2# Utility functions (mainly from pf tests, should be merged one day)
3##
4
5: ${TMPDIR=/tmp}
6
7. $(atf_get_srcdir)/../../common/vnet.subr
8
9ist_init()
10{
11	if ! sysctl -q kern.features.ipsec >/dev/null ; then
12		atf_skip "This test requires ipsec"
13	fi
14
15	vnet_init
16}
17
18ist_labsetup ()
19{
20	epair_LAN_A=$(vnet_mkepair)
21	ifconfig ${epair_LAN_A}a up
22	epair_PUB_A=$(vnet_mkepair)
23	ifconfig ${epair_PUB_A}a up
24	epair_LAN_B=$(vnet_mkepair)
25	ifconfig ${epair_LAN_B}a up
26	epair_PUB_B=$(vnet_mkepair)
27	ifconfig ${epair_PUB_B}a up
28
29	vnet_mkjail hostA ${epair_LAN_A}a
30	vnet_mkjail ipsecA ${epair_LAN_A}b ${epair_PUB_A}a
31	vnet_mkjail router ${epair_PUB_A}b ${epair_PUB_B}b
32	vnet_mkjail ipsecB ${epair_LAN_B}b ${epair_PUB_B}a
33	vnet_mkjail hostB ${epair_LAN_B}a
34}
35
36ist_v4_setup ()
37{
38	jexec hostA ifconfig ${epair_LAN_A}a 192.0.2.1/30 up
39	jexec ipsecA ifconfig ${epair_LAN_A}b 192.0.2.2/30 up
40	jexec ipsecA ifconfig ${epair_PUB_A}a 198.51.100.2/30 up
41	jexec router ifconfig ${epair_PUB_A}b 198.51.100.1/30 up
42	jexec router ifconfig ${epair_PUB_B}b 198.51.100.5/30 up
43	jexec ipsecB ifconfig ${epair_PUB_B}a 198.51.100.6/30 up
44	jexec ipsecB ifconfig ${epair_LAN_B}b 203.0.113.2/30 up
45	jexec hostB ifconfig ${epair_LAN_B}a 203.0.113.1/30 up
46	jexec ipsecA sysctl net.inet.ip.forwarding=1
47	jexec router sysctl net.inet.ip.forwarding=1
48	jexec ipsecB sysctl net.inet.ip.forwarding=1
49	jexec hostA route add default 192.0.2.2
50	jexec ipsecA route add default 198.51.100.1
51	jexec ipsecB route add default 198.51.100.5
52	jexec hostB route add default 203.0.113.2
53}
54
55ist_v6_setup ()
56{
57	jexec hostA ifconfig ${epair_LAN_A}a inet6 2001:db8:1::1/64 up no_dad
58	jexec ipsecA ifconfig ${epair_LAN_A}b inet6 2001:db8:1::2/64 up no_dad
59	jexec ipsecA ifconfig ${epair_PUB_A}a inet6 2001:db8:23::2/64 up no_dad
60	jexec router ifconfig ${epair_PUB_A}b inet6 2001:db8:23::3/64 up no_dad
61	jexec router ifconfig ${epair_PUB_B}b inet6 2001:db8:34::3/64 up no_dad
62	jexec ipsecB ifconfig ${epair_PUB_B}a inet6 2001:db8:34::2/64 up no_dad
63	jexec ipsecB ifconfig ${epair_LAN_B}b inet6 2001:db8:45::2/64 up no_dad
64	jexec hostB ifconfig ${epair_LAN_B}a inet6 2001:db8:45::1/64 up no_dad
65	jexec ipsecA sysctl net.inet6.ip6.forwarding=1
66	jexec router sysctl net.inet6.ip6.forwarding=1
67	jexec ipsecB sysctl net.inet6.ip6.forwarding=1
68	jexec hostA route -6 add default 2001:db8:1::2
69	jexec ipsecA route -6 add default 2001:db8:23::3
70	jexec ipsecB route -6 add default 2001:db8:34::3
71	jexec hostB route -6 add default 2001:db8:45::2
72}
73
74ist_setkey()
75{
76	jname=$1
77	dir=$2
78	afnet=$3
79	enc_algo=$4
80	enc_key=$5
81	auth_algo=$6
82	auth_key=$7
83
84	# Load
85	(
86		printf "#arguments debug: ${jname} ${afnet} ${dir} ${enc_algo} "
87		printf "${enc_key} ${auth_algo} ${auth_key}\n"
88		printf "flush;\n"
89		printf "spdflush;\n"
90		if [ ${afnet} -eq 4 ]; then
91			SRC_LAN="192.0.2.0/24"
92			DST_LAN="203.0.113.0/24"
93			SRC_GW="198.51.100.2"
94			DST_GW="198.51.100.6"
95		else
96			SRC_LAN="2001:db8:1::/64"
97			DST_LAN="2001:db8:45::/64"
98			SRC_GW="2001:db8:23::2"
99			DST_GW="2001:db8:34::2"
100		fi
101		printf "spdadd ${SRC_LAN} ${DST_LAN} any -P "
102		[ ${dir} = "out" ] && printf "out" || printf "in"
103		printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
104		printf "spdadd ${DST_LAN} ${SRC_LAN} any -P "
105		[ ${dir} = "out" ] && printf "in" || printf "out"
106		printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
107		printf "add ${SRC_GW} ${DST_GW} esp 0x1000 -E ${enc_algo} \"${enc_key}\""
108		[ -n "${auth_algo}" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
109		printf "add ${DST_GW} ${SRC_GW} esp 0x1001 -E ${enc_algo} \"${enc_key}\""
110		[ -n "$auth_algo" ] && printf " -A ${auth_algo} \"${auth_key}\";\n" || printf ";\n"
111	) > ${TMPDIR}/ipsec.${jname}.conf
112}
113
114ist_test()
115{
116	ist_init
117	ist_labsetup
118	[ $1 -eq 4 ] && ist_v4_setup || ist_v6_setup
119	ist_setkey ipsecA out $@
120	atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
121	ist_setkey ipsecB in $@
122	atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
123	# Check ipsec tunnel
124	if [ $1 -eq 4 ]; then
125		atf_check -s exit:0 -o ignore jexec hostA ping -c 1 203.0.113.1
126	else
127		atf_check -s exit:0 -o ignore jexec hostA ping -6 -c 1 2001:db8:45::1
128	fi
129}
130ist_cleanup()
131{
132	vnet_cleanup
133}
134