summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
authortobhe <tobhe@cvs.openbsd.org>2020-09-13 09:45:01 +0000
committertobhe <tobhe@cvs.openbsd.org>2020-09-13 09:45:01 +0000
commit3e1a043e68357813ed98497c75a740cdf9515a69 (patch)
tree86763ea74c591f5d61fd242e9217122bbe89d529 /regress
parentf27f191dbc7b404372c68291cc1a94216749e9e3 (diff)
Refactor config setup boilerplate to allow asymmetric test setups.
Return _ret from TEST_FLOWS to allow known-negative tests.
Diffstat (limited to 'regress')
-rw-r--r--regress/sbin/iked/live/Makefile94
-rw-r--r--regress/sbin/iked/live/iked.in4
2 files changed, 52 insertions, 46 deletions
diff --git a/regress/sbin/iked/live/Makefile b/regress/sbin/iked/live/Makefile
index 1ce1a166e81..c1b2d792f76 100644
--- a/regress/sbin/iked/live/Makefile
+++ b/regress/sbin/iked/live/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.17 2020/09/10 20:40:18 tobhe Exp $
+# $OpenBSD: Makefile,v 1.18 2020/09/13 09:45:00 tobhe Exp $
# Copyright (c) 2020 Tobias Heider <tobhe@openbsd.org>
#
@@ -32,7 +32,7 @@ regress:
TEST_FLOWS = \
[ -z $$tmode ] && tmode=tunnel; \
- success=false; \
+ _ret=1; \
count=0; \
while [[ $$count -le 3 ]]; do \
ipsecctlleft=`ssh ${LEFT_SSH} ipsecctl -sa`; \
@@ -52,14 +52,13 @@ TEST_FLOWS = \
if [[ -n "$$saleft_ltor" && -n "$$saleft_rtol" && \
-n "$$saright_ltor" && -n "$$saright_rtol" && \
-n "$$flowleft" && -n "$$flowright" ]]; then \
- success=true; \
+ _ret=0; \
break; \
fi; \
let count=$$count+1; \
done; \
- if [[ "$$success" = false ]]; then \
- echo "error: SAs not found:\n$$ipsecctlleft\n$$ipsecctlright"; \
- exit 1; \
+ if [[ "$${_ret}" -ne 0 ]]; then \
+ echo "SAs not found:\n$$ipsecctlleft\n$$ipsecctlright"; \
fi
TEST_PING = \
@@ -87,10 +86,9 @@ TEST_SINGLEIKESA = \
exit 1; \
fi
-SETUP_CONFIGS = \
+SETUP_CONFIG = \
authstr=""; \
if [[ "$$auth" = "psk" ]]; then \
- psk=`openssl rand -hex 20`; \
authstr="psk $$psk"; \
fi; \
ipcomp=""; \
@@ -104,27 +102,39 @@ SETUP_CONFIGS = \
if [ "$$singleikesa" = true ]; then \
global="$${global}set enforcesingleikesa\n"; \
fi; \
- echo "TMODE=\"$$tmode\"" > $@_left.conf; \
- echo "LOCAL_ADDR=\"${LEFT_ADDR}\"" >> $@_left.conf; \
- echo "PEER_ADDR=\"${RIGHT_ADDR}\"" >> $@_left.conf; \
- echo "IPCOMP=\"$$ipcomp\"" >> $@_left.conf; \
- echo "SRCID=\"$$leftid\"" >> $@_left.conf; \
- echo "AUTH=\"$$authstr\"" >> $@_left.conf; \
- echo "$$global" >> $@_left.conf; \
- cat ${.CURDIR}/iked.in >> $@_left.conf; \
+ echo "MODE=\"active\"" > $@_$$side.conf; \
+ echo "TMODE=\"$$tmode\"" >> $@_$$side.conf; \
+ echo "LOCAL_ADDR=\"$$local\"" >> $@_$$side.conf; \
+ echo "PEER_ADDR=\"$$peer\"" >> $@_$$side.conf; \
+ echo "IPCOMP=\"$$ipcomp\"" >> $@_$$side.conf; \
+ echo "SRCID=\"$$srcid\"" >> $@_$$side.conf; \
+ echo "DSTID=\"\"" >> $@_$$side.conf; \
+ echo "AUTH=\"$$authstr\"" >> $@_$$side.conf; \
+ echo "$$global" >> $@_$$side.conf; \
+ cat ${.CURDIR}/iked.in >> $@_$$side.conf
+
+DEPLOY_CONFIGS = \
chmod 0600 $@_left.conf; \
echo "cd /tmp\nput $@_left.conf test.conf" | sftp -q ${LEFT_SSH}; \
- echo "TMODE=\"$$tmode\"" > $@_right.conf; \
- echo "LOCAL_ADDR=\"${RIGHT_ADDR}\"" >> $@_right.conf; \
- echo "PEER_ADDR=\"${LEFT_ADDR}\"" >> $@_right.conf; \
- echo "IPCOMP=\"$$ipcomp\"" >> $@_right.conf; \
- echo "SRCID=\"$$rightid\"" >> $@_right.conf; \
- echo "AUTH=\"$$authstr\"" >> $@_right.conf; \
- echo "$$global" >> $@_right.conf; \
- cat ${.CURDIR}/iked.in >> $@_right.conf; \
chmod 0600 $@_right.conf; \
echo "cd /tmp\nput $@_right.conf test.conf" | sftp -q ${RIGHT_SSH}
+SETUP_CONFIGS = \
+ if [[ "$$auth" = "psk" ]]; then \
+ psk=`openssl rand -hex 20`; \
+ fi; \
+ side=left; \
+ srcid=$$leftid; \
+ local=${LEFT_ADDR} \
+ peer=${RIGHT_ADDR} \
+ ${SETUP_CONFIG}; \
+ side=right; \
+ srcid=$$rightid; \
+ local=${RIGHT_ADDR} \
+ peer=${LEFT_ADDR} \
+ ${SETUP_CONFIG}; \
+ ${DEPLOY_CONFIGS}
+
SETUP_SYSCTL = \
ssh ${LEFT_SSH} "sysctl $$sysctl"; \
ssh ${RIGHT_SSH} "sysctl $$sysctl"
@@ -230,9 +240,8 @@ run-cert-single-ca:
rightid=right-from-ca-both; \
${SETUP_CONFIGS}
${SETUP_START}
- flowtype=esp; ${TEST_FLOWS}
- ${TEST_PING}; \
- if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ ${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
REGRESS_TARGETS += run-cert-multi-ca
run-cert-multi-ca:
@@ -242,9 +251,8 @@ run-cert-multi-ca:
rightid=right-from-ca-left; \
${SETUP_CONFIGS}
${SETUP_START}
- flowtype=esp; ${TEST_FLOWS}
- ${TEST_PING}; \
- if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ ${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
REGRESS_TARGETS += run-cert-second-altname
run-cert-second-altname:
@@ -254,9 +262,8 @@ run-cert-second-altname:
rightid=right-from-ca-both@openbsd.org; \
${SETUP_CONFIGS}
${SETUP_START}
- flowtype=esp; ${TEST_FLOWS}
- ${TEST_PING}; \
- if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ ${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
REGRESS_TARGETS += run-psk
run-psk:
@@ -267,7 +274,8 @@ run-psk:
flowtype=esp; \
${SETUP_CONFIGS}
${SETUP_START}
- flowtype=esp; ${TEST_FLOWS}
+ flowtype=esp; ${TEST_FLOWS}; \
+ if [[ $$_ret -ne 0 ]]; then exit 1; fi
${TEST_PING}; \
if [[ $$_ret -ne 0 ]]; then exit 1; fi
@@ -280,7 +288,8 @@ run-fragmentation:
rightid=right-from-ca-both; \
${SETUP_CONFIGS}
${SETUP_START}
- flowtype=esp; ${TEST_FLOWS}
+ flowtype=esp; ${TEST_FLOWS}; \
+ if [[ $$_ret -ne 0 ]]; then exit 1; fi
${TEST_PING}; \
if [[ $$_ret -ne 0 ]]; then exit 1; fi
@@ -294,9 +303,8 @@ run-transport:
${SETUP_CONFIGS}
${SETUP_START}
tmode=transport; flowtype=esp; \
- ${TEST_FLOWS}
- ${TEST_PING}; \
- if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ ${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
REGRESS_TARGETS += run-singleikesa
run-singleikesa:
@@ -320,9 +328,8 @@ run-ipcomp:
sysctl="net.inet.ipcomp.enable=1"; \
${SETUP_SYSCTL}
${SETUP_START}
- flowtype=ipcomp; ${TEST_FLOWS}
- ${TEST_PING}; \
- if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ flowtype=ipcomp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ ${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
REGRESS_TARGETS += run-udpencap-port
run-udpencap-port:
@@ -335,9 +342,8 @@ run-udpencap-port:
${SETUP_SYSCTL};
iked_flags=-p9999; \
${SETUP_START};
- flowtype=esp; ${TEST_FLOWS}; \
- ${TEST_PING}; \
- if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+ ${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
sysctl="net.inet.esp.udpencap_port=4500"; \
${SETUP_SYSCTL};
diff --git a/regress/sbin/iked/live/iked.in b/regress/sbin/iked/live/iked.in
index e93f93b3819..9e0b491b1c3 100644
--- a/regress/sbin/iked/live/iked.in
+++ b/regress/sbin/iked/live/iked.in
@@ -1,4 +1,4 @@
-ikev2 "test" active $IPCOMP $TMODE esp from $LOCAL_ADDR to $PEER_ADDR \
+ikev2 "test" $MODE $IPCOMP $TMODE esp from $LOCAL_ADDR to $PEER_ADDR \
peer $PEER_ADDR \
- srcid $SRCID \
+ srcid $SRCID $DSTID \
$AUTH