Refactor config setup boilerplate to allow asymmetric test setups.

Return _ret from TEST_FLOWS to allow known-negative tests.

2 files changed, 52 insertions, 46 deletions

diff --git a/regress/sbin/iked/live/Makefile b/regress/sbin/iked/live/Makefile
index 1ce1a166e81..c1b2d792f76 100644
--- a/regress/sbin/iked/live/Makefile
+++ b/regress/sbin/iked/live/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.17 2020/09/10 20:40:18 tobhe Exp $
+#	$OpenBSD: Makefile,v 1.18 2020/09/13 09:45:00 tobhe Exp $
 
 # Copyright (c) 2020 Tobias Heider <tobhe@openbsd.org>
 #
@@ -32,7 +32,7 @@ regress:
 
 TEST_FLOWS = \
 	[ -z $$tmode ] && tmode=tunnel; \
-	success=false; \
+	_ret=1; \
 	count=0; \
 	while [[ $$count -le 3 ]]; do \
 		ipsecctlleft=`ssh ${LEFT_SSH} ipsecctl -sa`; \
@@ -52,14 +52,13 @@ TEST_FLOWS = \
 		if [[ -n "$$saleft_ltor" && -n "$$saleft_rtol" && \
 		     -n "$$saright_ltor" && -n "$$saright_rtol" && \
 		     -n "$$flowleft" && -n "$$flowright" ]]; then \
-			 success=true; \
+			 _ret=0; \
 			 break; \
 		fi; \
 		let count=$$count+1; \
 	done; \
-	if [[ "$$success" = false ]]; then \
-		echo "error: SAs not found:\n$$ipsecctlleft\n$$ipsecctlright"; \
-		exit 1; \
+	if [[ "$${_ret}" -ne 0 ]]; then \
+		echo "SAs not found:\n$$ipsecctlleft\n$$ipsecctlright"; \
 	fi
 
 TEST_PING = \
@@ -87,10 +86,9 @@ TEST_SINGLEIKESA = \
 		exit 1; \
 	fi
 
-SETUP_CONFIGS = \
+SETUP_CONFIG = \
 	authstr=""; \
 	if [[ "$$auth" = "psk" ]]; then \
-		psk=`openssl rand -hex 20`; \
 		authstr="psk $$psk"; \
 	fi; \
 	ipcomp=""; \
@@ -104,27 +102,39 @@ SETUP_CONFIGS = \
 	if [ "$$singleikesa" = true ]; then \
 		global="$${global}set enforcesingleikesa\n"; \
 	fi; \
-	echo "TMODE=\"$$tmode\"" > $@_left.conf; \
-	echo "LOCAL_ADDR=\"${LEFT_ADDR}\"" >> $@_left.conf; \
-	echo "PEER_ADDR=\"${RIGHT_ADDR}\"" >> $@_left.conf; \
-	echo "IPCOMP=\"$$ipcomp\"" >> $@_left.conf; \
-	echo "SRCID=\"$$leftid\"" >> $@_left.conf; \
-	echo "AUTH=\"$$authstr\"" >> $@_left.conf; \
-	echo "$$global" >> $@_left.conf; \
-	cat ${.CURDIR}/iked.in >> $@_left.conf; \
+	echo "MODE=\"active\"" > $@_$$side.conf; \
+	echo "TMODE=\"$$tmode\"" >> $@_$$side.conf; \
+	echo "LOCAL_ADDR=\"$$local\"" >> $@_$$side.conf; \
+	echo "PEER_ADDR=\"$$peer\"" >> $@_$$side.conf; \
+	echo "IPCOMP=\"$$ipcomp\"" >> $@_$$side.conf; \
+	echo "SRCID=\"$$srcid\"" >> $@_$$side.conf; \
+	echo "DSTID=\"\"" >> $@_$$side.conf; \
+	echo "AUTH=\"$$authstr\"" >> $@_$$side.conf; \
+	echo "$$global" >> $@_$$side.conf; \
+	cat ${.CURDIR}/iked.in >> $@_$$side.conf
+
+DEPLOY_CONFIGS = \
 	chmod 0600 $@_left.conf; \
 	echo "cd /tmp\nput $@_left.conf test.conf" | sftp -q ${LEFT_SSH}; \
-	echo "TMODE=\"$$tmode\"" > $@_right.conf; \
-	echo "LOCAL_ADDR=\"${RIGHT_ADDR}\"" >> $@_right.conf; \
-	echo "PEER_ADDR=\"${LEFT_ADDR}\"" >> $@_right.conf; \
-	echo "IPCOMP=\"$$ipcomp\"" >> $@_right.conf; \
-	echo "SRCID=\"$$rightid\"" >> $@_right.conf; \
-	echo "AUTH=\"$$authstr\"" >> $@_right.conf; \
-	echo "$$global" >> $@_right.conf; \
-	cat ${.CURDIR}/iked.in >> $@_right.conf; \
 	chmod 0600 $@_right.conf; \
 	echo "cd /tmp\nput $@_right.conf test.conf" | sftp -q ${RIGHT_SSH}
 
+SETUP_CONFIGS = \
+	if [[ "$$auth" = "psk" ]]; then \
+		psk=`openssl rand -hex 20`; \
+	fi; \
+	side=left; \
+	srcid=$$leftid; \
+	local=${LEFT_ADDR} \
+	peer=${RIGHT_ADDR} \
+	    ${SETUP_CONFIG}; \
+	side=right; \
+	srcid=$$rightid; \
+	local=${RIGHT_ADDR} \
+	peer=${LEFT_ADDR} \
+	    ${SETUP_CONFIG}; \
+	${DEPLOY_CONFIGS}
+
 SETUP_SYSCTL = \
 	ssh ${LEFT_SSH} "sysctl $$sysctl"; \
 	ssh ${RIGHT_SSH} "sysctl $$sysctl"
@@ -230,9 +240,8 @@ run-cert-single-ca:
 	rightid=right-from-ca-both; \
 	    ${SETUP_CONFIGS}
 	${SETUP_START}
-	flowtype=esp; ${TEST_FLOWS}
-	${TEST_PING}; \
-	if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
 
 REGRESS_TARGETS += run-cert-multi-ca
 run-cert-multi-ca:
@@ -242,9 +251,8 @@ run-cert-multi-ca:
 	rightid=right-from-ca-left; \
 	    ${SETUP_CONFIGS}
 	${SETUP_START}
-	flowtype=esp; ${TEST_FLOWS}
-	${TEST_PING}; \
-	if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
 
 REGRESS_TARGETS += run-cert-second-altname
 run-cert-second-altname:
@@ -254,9 +262,8 @@ run-cert-second-altname:
 	rightid=right-from-ca-both@openbsd.org; \
 	    ${SETUP_CONFIGS}
 	${SETUP_START}
-	flowtype=esp; ${TEST_FLOWS}
-	${TEST_PING}; \
-	if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
 
 REGRESS_TARGETS += run-psk
 run-psk:
@@ -267,7 +274,8 @@ run-psk:
 	flowtype=esp; \
 	    ${SETUP_CONFIGS}
 	${SETUP_START}
-	flowtype=esp; ${TEST_FLOWS}
+	flowtype=esp; ${TEST_FLOWS}; \
+	if [[ $$_ret -ne 0 ]]; then exit 1; fi
 	${TEST_PING}; \
 	if [[ $$_ret -ne 0 ]]; then exit 1; fi
 
@@ -280,7 +288,8 @@ run-fragmentation:
 	rightid=right-from-ca-both; \
 	    ${SETUP_CONFIGS}
 	${SETUP_START}
-	flowtype=esp; ${TEST_FLOWS}
+	flowtype=esp; ${TEST_FLOWS}; \
+	if [[ $$_ret -ne 0 ]]; then exit 1; fi
 	${TEST_PING}; \
 	if [[ $$_ret -ne 0 ]]; then exit 1; fi
 
@@ -294,9 +303,8 @@ run-transport:
 	    ${SETUP_CONFIGS}
 	${SETUP_START}
 	tmode=transport; flowtype=esp; \
-	  ${TEST_FLOWS}
-	${TEST_PING}; \
-	if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	    ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
 
 REGRESS_TARGETS += run-singleikesa
 run-singleikesa:
@@ -320,9 +328,8 @@ run-ipcomp:
 	sysctl="net.inet.ipcomp.enable=1"; \
 	    ${SETUP_SYSCTL}
 	${SETUP_START}
-	flowtype=ipcomp; ${TEST_FLOWS}
-	${TEST_PING}; \
-	if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	flowtype=ipcomp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
 
 REGRESS_TARGETS += run-udpencap-port
 run-udpencap-port:
@@ -335,9 +342,8 @@ run-udpencap-port:
 	    ${SETUP_SYSCTL};
 	iked_flags=-p9999; \
 	    ${SETUP_START};
-	flowtype=esp; ${TEST_FLOWS}; \
-	    ${TEST_PING}; \
-	    if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+	${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
 	sysctl="net.inet.esp.udpencap_port=4500"; \
 	    ${SETUP_SYSCTL};
 
diff --git a/regress/sbin/iked/live/iked.in b/regress/sbin/iked/live/iked.in
index e93f93b3819..9e0b491b1c3 100644
--- a/regress/sbin/iked/live/iked.in
+++ b/regress/sbin/iked/live/iked.in
@@ -1,4 +1,4 @@
-ikev2 "test" active $IPCOMP $TMODE esp from $LOCAL_ADDR to $PEER_ADDR \
+ikev2 "test" $MODE $IPCOMP $TMODE esp from $LOCAL_ADDR to $PEER_ADDR \
 	peer $PEER_ADDR \
-	srcid $SRCID \
+	srcid $SRCID $DSTID \
 	$AUTH