diff options
| author | Christian Weisgerber <naddy@cvs.openbsd.org> | 2006-06-02 17:06:43 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@cvs.openbsd.org> | 2006-06-02 17:06:43 +0000 |
| commit | f18febb939eb0405ee7e9b2fd3244d8117ff5294 (patch) | |
| tree | b2bb201f8c3bd79f8b74c596e9e382b7c135ae22 /regress | |
| parent | 1514e4b20d9080c50e476edf379bb3b2a374fdf9 (diff) | |
check port modifiers in ike rules
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/sbin/ipsecctl/Makefile | 6 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ike42.in | 1 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ike42.ok | 21 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ike43.in | 1 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ike43.ok | 22 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ikefail3.in | 1 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ikefail3.ok | 2 |
7 files changed, 51 insertions, 3 deletions
diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile index c1aad3dd11b..10f3f39601a 100644 --- a/regress/sbin/ipsecctl/Makefile +++ b/regress/sbin/ipsecctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.28 2006/06/02 06:21:14 hshoexer Exp $ +# $OpenBSD: Makefile,v 1.29 2006/06/02 17:06:42 naddy Exp $ # TARGETS # ipsec: feed ipsecNN.in through ipsecctl and check wether the output matches @@ -14,11 +14,11 @@ TCPMD5TESTS=1 2 3 SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 SAFAIL=1 IPSECFAIL=1 2 -IKEFAIL=1 +IKEFAIL=1 3 IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 IKETESTS+=16 17 18 19 20 21 22 23 IKETESTS+=29 30 31 32 33 34 35 36 37 38 39 40 -IKETESTS+=41 +IKETESTS+=41 42 43 SHELL=/bin/sh diff --git a/regress/sbin/ipsecctl/ike42.in b/regress/sbin/ipsecctl/ike42.in new file mode 100644 index 00000000000..5fd64cf0ace --- /dev/null +++ b/regress/sbin/ipsecctl/ike42.in @@ -0,0 +1 @@ +ike esp proto udp from 1.1.1.1 port ntp to 2.2.2.2 diff --git a/regress/sbin/ipsecctl/ike42.ok b/regress/sbin/ipsecctl/ike42.ok new file mode 100644 index 00000000000..c58bdffbb3c --- /dev/null +++ b/regress/sbin/ipsecctl/ike42.ok @@ -0,0 +1,21 @@ +C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force +C set [peer-2.2.2.2]:Phase=1 force +C set [peer-2.2.2.2]:Address=2.2.2.2 force +C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force +C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force +C add [mm-2.2.2.2]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force +C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force +C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force +C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force +C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force +C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [lid-1.1.1.1]:Address=1.1.1.1 force +C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force +C set [rid-2.2.2.2]:Address=2.2.2.2 force +C set [lid-1.1.1.1]:Protocol=17 force +C set [rid-2.2.2.2]:Protocol=17 force +C set [lid-1.1.1.1]:Port=123 force +C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2 diff --git a/regress/sbin/ipsecctl/ike43.in b/regress/sbin/ipsecctl/ike43.in new file mode 100644 index 00000000000..509ab0c0738 --- /dev/null +++ b/regress/sbin/ipsecctl/ike43.in @@ -0,0 +1 @@ +ike esp proto tcp from 3ffe::1 port 2022 to 3ffe::2 port ssh diff --git a/regress/sbin/ipsecctl/ike43.ok b/regress/sbin/ipsecctl/ike43.ok new file mode 100644 index 00000000000..ac456989b93 --- /dev/null +++ b/regress/sbin/ipsecctl/ike43.ok @@ -0,0 +1,22 @@ +C set [Phase 1]:3ffe::2=peer-3ffe::2 force +C set [peer-3ffe::2]:Phase=1 force +C set [peer-3ffe::2]:Address=3ffe::2 force +C set [peer-3ffe::2]:Configuration=mm-3ffe::2 force +C set [mm-3ffe::2]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::2]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::1-3ffe::2]:Phase=2 force +C set [IPsec-3ffe::1-3ffe::2]:ISAKMP-peer=peer-3ffe::2 force +C set [IPsec-3ffe::1-3ffe::2]:Configuration=qm-3ffe::1-3ffe::2 force +C set [IPsec-3ffe::1-3ffe::2]:Local-ID=lid-3ffe::1 force +C set [IPsec-3ffe::1-3ffe::2]:Remote-ID=rid-3ffe::2 force +C set [qm-3ffe::1-3ffe::2]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::1-3ffe::2]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::1]:ID-type=IPV6_ADDR force +C set [lid-3ffe::1]:Address=3ffe::1 force +C set [rid-3ffe::2]:ID-type=IPV6_ADDR force +C set [rid-3ffe::2]:Address=3ffe::2 force +C set [lid-3ffe::1]:Protocol=6 force +C set [rid-3ffe::2]:Protocol=6 force +C set [lid-3ffe::1]:Port=2022 force +C set [rid-3ffe::1]:Port=22 force +C add [Phase 2]:Connections=IPsec-3ffe::1-3ffe::2 diff --git a/regress/sbin/ipsecctl/ikefail3.in b/regress/sbin/ipsecctl/ikefail3.in new file mode 100644 index 00000000000..43c18d230d2 --- /dev/null +++ b/regress/sbin/ipsecctl/ikefail3.in @@ -0,0 +1 @@ +ike esp from 1.1.1.1 to 2.2.2.2 port ssh diff --git a/regress/sbin/ipsecctl/ikefail3.ok b/regress/sbin/ipsecctl/ikefail3.ok new file mode 100644 index 00000000000..113b15b60b3 --- /dev/null +++ b/regress/sbin/ipsecctl/ikefail3.ok @@ -0,0 +1,2 @@ +stdin: 1: no protocol supplied with source/destination ports +ipsecctl: Syntax error in config file: ipsec rules not loaded |