xref: /netbsd-src/tests/net/ipsec/t_ipsec_spflags.sh (revision ae6e8d4c4e9b80742804d53c8d09c1c51ba9d936) 
1#       $NetBSD: t_ipsec_spflags.sh,v 1.1 2022/10/11 09:55:21 knakahara Exp $
2#
3# Copyright (c) 2022 Internet Initiative Japan Inc.
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25# POSSIBILITY OF SUCH DAMAGE.
26#
27
28SOCK_LOCAL=unix://ipsec_local
29
30DEBUG=${DEBUG:-false}
31
32test_flag_if_ipsec_sp_common()
33{
34	local ip_gwlo_tun=20.0.0.1
35	local ip_gwre_tun=20.0.0.2
36
37	rump_server_crypto_start $SOCK_LOCAL netipsec ipsec
38	export RUMP_SERVER=$SOCK_LOCAL
39	atf_check -s exit:0 rump.ifconfig ipsec0 create
40	atf_check -s exit:0 rump.ifconfig ipsec0 \
41	    tunnel $ip_gwlo_tun $ip_gwre_tun
42	atf_check -s exit:0 -o match:'sadb_x_policy\{ type=2 dir=2 flags=0x80' $HIJACKING setkey -DPv
43}
44
45test_flag_userland_sp_common()
46{
47	local ip_gwlo_tun=20.0.0.1
48	local ip_gwre_tun=20.0.0.2
49	local tmpfile=./tmp
50
51	name="ipsec_spflag_userland_sp"
52	desc="Tests of IPsec SPD flags at userland"
53
54	atf_test_case ${name} cleanup
55
56	rump_server_crypto_start $SOCK_LOCAL netipsec ipsec
57
58	export RUMP_SERVER=$SOCK_LOCAL
59
60	cat > $tmpfile <<-EOF
61	spdadd $ip_gwlo_tun $ip_gwre_tun ipv4 -P in ipsec esp/transport//require ;
62	spdadd $ip_gwre_tun $ip_gwlo_tun ipv4 -P out ipsec esp/transport//require ;
63	EOF
64	$DEBUG && cat $tmpfile
65	atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
66	atf_check -s exit:0 -o match:'sadb_x_policy\{ type=2 dir=2 flags=0x00' $HIJACKING setkey -DPv
67}
68
69add_test_spflag()
70{
71	local name=$1
72	local desc=$2
73
74	atf_test_case ${name} cleanup
75	eval "								\
76	    ${name}_head() {						\
77	        atf_set \"descr\" \"$desc\";				\
78	        atf_set \"require.progs\" \"rump_server\" \"setkey\";	\
79	    };								\
80	    ${name}_body() {						\
81	        test_${name}_common;					\
82	    };        							\
83	    ${name}_cleanup() {						\
84	        $DEBUG && dump;						\
85	        cleanup;						\
86	    }								\
87	"
88	atf_add_test_case ${name}
89
90}
91
92atf_init_test_cases()
93{
94
95	add_test_spflag "flag_if_ipsec_sp" "Tests of IPsec SPD flags at IPsec interface"
96	add_test_spflag "flag_userland_sp" "Tests of IPsec SPD flags at userland"
97}
98