Add tests with the ipsec.conf SA bundle keyword.

5 files changed, 44 insertions, 10 deletions

diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile
index c084c455918..3b8896fc3ea 100644
--- a/regress/sbin/ipsecctl/Makefile
+++ b/regress/sbin/ipsecctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.61 2017/03/23 17:12:27 bluhm Exp $
+# $OpenBSD: Makefile,v 1.62 2017/04/14 18:14:33 bluhm Exp $
 
 # you can update the *.ok files with: make -i | patch
 # TARGETS
@@ -12,7 +12,7 @@ IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 IPSECTESTS+=25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
 IPSECTESTS+=51 52 53 54 55 56 57 58
 TCPMD5TESTS=1 2 3
-SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
+SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
 SAFAIL=1 2 3
 IPSECFAIL=1 2 3
 IKEFAIL=1 3 4 5 6 8 9 11 12 13 14
diff --git a/regress/sbin/ipsecctl/sa25.in b/regress/sbin/ipsecctl/sa25.in
index b63a628e5f4..6d4c25eab77 100644
--- a/regress/sbin/ipsecctl/sa25.in
+++ b/regress/sbin/ipsecctl/sa25.in
@@ -1,10 +1,14 @@
 # group the sa bundle if from and to are identical
 esp transport from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 \
 	authkey file "DIR/ak256:DIR/ak256" \
-	enckey file "DIR/ek128:DIR/ek128"
+	enckey file "DIR/ek128:DIR/ek128" \
+	bundle foo
 ah transport from 1.1.1.1 to 2.2.2.2 spi 0x2a000000:0x2b000000 \
-	authkey file "DIR/ak256:DIR/ak256"
+	authkey file "DIR/ak256:DIR/ak256" \
+	bundle foo
 ah transport from 3.3.3.3 to 2.2.2.2 spi 0x3a000000:0x3b000000 \
-	authkey file "DIR/ak256:DIR/ak256"
+	authkey file "DIR/ak256:DIR/ak256" \
+	bundle foo
 ah transport from 1.1.1.1 to 3.3.3.3 spi 0x4a000000:0x4b000000 \
-	authkey file "DIR/ak256:DIR/ak256"
+	authkey file "DIR/ak256:DIR/ak256" \
+	bundle foo
diff --git a/regress/sbin/ipsecctl/sa26.in b/regress/sbin/ipsecctl/sa26.in
index de20ce5ee0a..a99cacfa7df 100644
--- a/regress/sbin/ipsecctl/sa26.in
+++ b/regress/sbin/ipsecctl/sa26.in
@@ -1,8 +1,10 @@
 # group all kind of sa bundles
-ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000
-ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00
+ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 bundle foo
+ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00 bundle foo
 esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000:0x3b000000 \
 	authkey file "DIR/ak256:DIR/ak256" \
-	enckey file "DIR/ek128:DIR/ek128"
+	enckey file "DIR/ek128:DIR/ek128" \
+	bundle foo
 ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000:0x4b000000 \
-	authkey file "DIR/ak256:DIR/ak256"
+	authkey file "DIR/ak256:DIR/ak256" \
+	bundle foo
diff --git a/regress/sbin/ipsecctl/sa27.in b/regress/sbin/ipsecctl/sa27.in
new file mode 100644
index 00000000000..bd1a80bdf71
--- /dev/null
+++ b/regress/sbin/ipsecctl/sa27.in
@@ -0,0 +1,10 @@
+# group sa bundles selectively
+ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 bundle foo
+ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00 bundle bar
+esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000:0x3b000000 \
+	authkey file "DIR/ak256:DIR/ak256" \
+	enckey file "DIR/ek128:DIR/ek128" \
+	bundle foo
+ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000:0x4b000000 \
+	authkey file "DIR/ak256:DIR/ak256" \
+	bundle bar
diff --git a/regress/sbin/ipsecctl/sa27.ok b/regress/sbin/ipsecctl/sa27.ok
new file mode 100644
index 00000000000..9e9a38aecba
--- /dev/null
+++ b/regress/sbin/ipsecctl/sa27.ok
@@ -0,0 +1,18 @@
+ipip from 1.1.1.1 to 2.2.2.2 spi 0x1a000000
+ipip from 2.2.2.2 to 1.1.1.1 spi 0x1b000000
+ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x00002a00 comp deflate
+ipcomp transport from 2.2.2.2 to 1.1.1.1 spi 0x00002b00 comp deflate
+esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000 auth hmac-sha2-256 enc aes \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
+	enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
+[group ipip to 2.2.2.2 spi 0x1a000000 with esp to 2.2.2.2 spi 0x3a000000]
+esp transport from 2.2.2.2 to 1.1.1.1 spi 0x3b000000 auth hmac-sha2-256 enc aes \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
+	enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
+[group ipip to 1.1.1.1 spi 0x1b000000 with esp to 1.1.1.1 spi 0x3b000000]
+ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+[group ipcomp to 2.2.2.2 spi 0x00002a00 with ah to 2.2.2.2 spi 0x4a000000]
+ah transport from 2.2.2.2 to 1.1.1.1 spi 0x4b000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+[group ipcomp to 1.1.1.1 spi 0x00002b00 with ah to 1.1.1.1 spi 0x4b000000]