diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2006-03-30 13:40:45 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2006-03-30 13:40:45 +0000 |
| commit | df79e05a412b3308c84d211d6d2e47e90f55b648 (patch) | |
| tree | c9ba06f5f460fef6d02bbf747b61b3dcd17af2e8 /regress/sbin/ipsecctl | |
| parent | 97543d764ce2608478650ddd8d233881dab35660 (diff) | |
add regress tests for dynamic, bypass, deny and the macros.
inspired my markus last commit, ok hshoexer@
Diffstat (limited to 'regress/sbin/ipsecctl')
| -rw-r--r-- | regress/sbin/ipsecctl/Makefile | 6 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ike9.in | 1 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ike9.ok | 25 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ipsec16.in | 5 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ipsec16.ok | 8 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ipsec17.in | 1 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ipsec17.ok | 2 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ipsec18.in | 1 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ipsec18.ok | 2 |
9 files changed, 48 insertions, 3 deletions
diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile index 25ccfa50ad2..414a881bb49 100644 --- a/regress/sbin/ipsecctl/Makefile +++ b/regress/sbin/ipsecctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.13 2006/03/30 12:44:20 markus Exp $ +# $OpenBSD: Makefile,v 1.14 2006/03/30 13:40:44 reyk Exp $ # TARGETS # ipsec: feed ipsecNN.in through ipsecctl and check wether the output matches @@ -7,11 +7,11 @@ # sa: same as above, but for SA rules. # ike: same as above, but for ike rules. -IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 +IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 TCPMD5TESTS=1 2 3 SATESTS=1 2 3 4 5 6 7 8 9 10 SAFAIL=1 -IKETESTS=1 2 3 4 5 6 7 8 +IKETESTS=1 2 3 4 5 6 7 8 9 SHELL=/bin/sh diff --git a/regress/sbin/ipsecctl/ike9.in b/regress/sbin/ipsecctl/ike9.in new file mode 100644 index 00000000000..e2adccc5915 --- /dev/null +++ b/regress/sbin/ipsecctl/ike9.in @@ -0,0 +1 @@ +ike dynamic esp from 3.3.3.0/24 to 4.4.4.0/24 peer 2.2.2.2 diff --git a/regress/sbin/ipsecctl/ike9.ok b/regress/sbin/ipsecctl/ike9.ok new file mode 100644 index 00000000000..7c246f69c37 --- /dev/null +++ b/regress/sbin/ipsecctl/ike9.ok @@ -0,0 +1,25 @@ +C set [General]:Check-interval=30 force +C set [General]:DPD-check-interval=5 force +C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force +C set [peer-2.2.2.2]:Phase=1 force +C set [peer-2.2.2.2]:Address=2.2.2.2 force +C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force +C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force +C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force +C set [peer-2.2.2.2]:ID=local-ID force +C set [local-ID]:ID-type=FQDN force +C set [local-ID]:Name=ganesh.hq.vantronix.net force +C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Phase=2 force +C set [IPsec-3.3.3.0/24-4.4.4.0/24]:ISAKMP-peer=peer-2.2.2.2 force +C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Configuration=qm-3.3.3.0/24-4.4.4.0/24 force +C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Local-ID=lid-3.3.3.0/24 force +C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Remote-ID=rid-4.4.4.0/24 force +C set [qm-3.3.3.0/24-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3.3.3.0/24-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-3.3.3.0/24]:Network=3.3.3.0 force +C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force +C set [rid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-4.4.4.0/24]:Network=4.4.4.0 force +C set [rid-4.4.4.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-3.3.3.0/24-4.4.4.0/24 diff --git a/regress/sbin/ipsecctl/ipsec16.in b/regress/sbin/ipsecctl/ipsec16.in new file mode 100644 index 00000000000..14cef559c58 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec16.in @@ -0,0 +1,5 @@ +a="1.1.1.0/24" +b="2.2.2.0/24" +l="192.168.0.1" +p="192.168.100.1" +flow esp from $a to $b local $l peer $p diff --git a/regress/sbin/ipsecctl/ipsec16.ok b/regress/sbin/ipsecctl/ipsec16.ok new file mode 100644 index 00000000000..2a9020468c2 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec16.ok @@ -0,0 +1,8 @@ +a = "1.1.1.0/24" +b = "2.2.2.0/24" +l = "192.168.0.1" +p = "192.168.100.1" +flow esp out from 1.1.1.0/24 to 2.2.2.0/24 local 192.168.0.1 peer 192.168.100.1 + type require +flow esp in from 2.2.2.0/24 to 1.1.1.0/24 local 192.168.0.1 peer 192.168.100.1 + type use diff --git a/regress/sbin/ipsecctl/ipsec17.in b/regress/sbin/ipsecctl/ipsec17.in new file mode 100644 index 00000000000..ab3f26d4dea --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec17.in @@ -0,0 +1 @@ +flow in from 3.3.3.0/24 to 3.3.3.0/24 type bypass diff --git a/regress/sbin/ipsecctl/ipsec17.ok b/regress/sbin/ipsecctl/ipsec17.ok new file mode 100644 index 00000000000..fbcf60da111 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec17.ok @@ -0,0 +1,2 @@ +flow esp in from 3.3.3.0/24 to 3.3.3.0/24 + type bypass diff --git a/regress/sbin/ipsecctl/ipsec18.in b/regress/sbin/ipsecctl/ipsec18.in new file mode 100644 index 00000000000..9ca60732a4d --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec18.in @@ -0,0 +1 @@ +flow in from any to 3.3.3.0/24 type deny diff --git a/regress/sbin/ipsecctl/ipsec18.ok b/regress/sbin/ipsecctl/ipsec18.ok new file mode 100644 index 00000000000..af00b1ad91a --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec18.ok @@ -0,0 +1,2 @@ +flow esp in from 0.0.0.0/0 to 3.3.3.0/24 + type deny |