summaryrefslogtreecommitdiff
path: root/regress/sbin/iked/live
diff options
context:
space:
mode:
Diffstat (limited to 'regress/sbin/iked/live')
-rw-r--r--regress/sbin/iked/live/Makefile118
-rw-r--r--regress/sbin/iked/live/iked.in6
2 files changed, 124 insertions, 0 deletions
diff --git a/regress/sbin/iked/live/Makefile b/regress/sbin/iked/live/Makefile
new file mode 100644
index 00000000000..73e43fe9bd1
--- /dev/null
+++ b/regress/sbin/iked/live/Makefile
@@ -0,0 +1,118 @@
+# $OpenBSD: Makefile,v 1.1 2020/01/14 11:16:36 tobhe Exp $
+
+# Copyright (c) 2020 Tobias Heider <tobhe@openbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+REGRESS_CLEANUP = cleanup
+CLEANFILES = *.conf
+
+SSHLEFT ?=
+SSHRIGHT ?=
+LEFTGW ?=
+RIGHTGW ?=
+
+.if empty (SSHLEFT) || empty (SSHRIGHT) || empty (LEFTGW) || empty (RIGHTGW)
+regress:
+ @echo this test needs two remote machines to operate
+ @echo SSHLEFT SSHRIGHT RIGHTGW LEFTGW are not defined
+ @echo SKIPPED
+.endif
+
+TEST_FLOWS = \
+ success=false; \
+ count=0; \
+ while [[ $$count -le 3 ]]; do \
+ sasleft=`ssh ${SSHLEFT} ipsecctl -sa`; \
+ flowleft=`echo "$$sasleft" \
+ | sed -n "/^flow $$flowtype in from ${RIGHTGW} to ${LEFTGW}/p"`; \
+ sasright=`ssh ${SSHRIGHT} ipsecctl -sa`; \
+ flowright=`echo "$$sasright" \
+ | sed -n "/^flow $$flowtype in from ${LEFTGW} to ${RIGHTGW}/p"`; \
+ if [[ -n "$$flowleft" && -n "$$flowright" ]]; then \
+ success=true; \
+ break; \
+ fi; \
+ let count=$$count+1; \
+ done; \
+ if [[ "$$success" = false ]]; then \
+ echo "error: SAs not found : $$sasleft $$sasright"; \
+ exit 1; \
+ fi
+
+TEST_PING = \
+ dump=`ssh ${SSHLEFT} "tcpdump -c2 -i enc0 -w '/tmp/test.pcap' > /dev/null & \
+ ping -c 5 ${RIGHTGW} > /dev/null && tcpdump -r /tmp/test.pcap" && rm -f /tmp/test.pcap`; \
+ rtol=`echo "$$dump" \
+ | sed -n "/(authentic,confidential): SPI 0x[0-9a-f]\{8\}: ${LEFTGW} > ${RIGHTGW}/p"`; \
+ ltor=`echo "$$dump" \
+ | sed -n "/(authentic,confidential): SPI 0x[0-9a-f]\{8\}: ${RIGHTGW} > ${LEFTGW}/p"`; \
+ if [[ -z "$$rtol" || -z "$$ltor" ]]; then \
+ echo "error: no esp traffic."; \
+ exit 1; \
+ fi; \
+ echo "$$dump"
+
+SETUP_CONFIGS = \
+ psk=`openssl rand -hex 20`; \
+ echo "LEFTGW=\"${LEFTGW}\"" > $@_left.conf; \
+ echo "RIGHTGW=\"${RIGHTGW}\"" >> $@_left.conf; \
+ ipcomp=""; \
+ if [[ "$$flowtype" = "ipcomp" ]]; then \
+ ipcomp="ipcomp"; \
+ fi; \
+ echo "IPCOMP=\"$$ipcomp\"" >> $@_left.conf; \
+ echo "PSK=\"$$psk\"" >> $@_left.conf; \
+ cat ${.CURDIR}/iked.in >> $@_left.conf; \
+ chmod 0600 $@_left.conf; \
+ echo "cd /tmp\nrm test.conf\nput $@_left.conf test.conf" | sftp -q ${SSHLEFT}; \
+ echo "LEFTGW=\"${RIGHTGW}\"" > $@_right.conf; \
+ echo "RIGHTGW=\"${LEFTGW}\"" >> $@_right.conf; \
+ echo "IPCOMP=\"$$ipcomp\"" >> $@_right.conf; \
+ echo "PSK=\"$$psk\"" >> $@_right.conf; \
+ cat ${.CURDIR}/iked.in >> $@_right.conf; \
+ chmod 0600 $@_right.conf; \
+ echo "cd /tmp\nrm test.conf\nput $@_right.conf test.conf" | sftp -q ${SSHRIGHT}
+
+SETUP_SYSCTL = \
+ ssh ${SSHLEFT} "sysctl net.inet.ipcomp.enable=1"; \
+ ssh ${SSHRIGHT} "sysctl net.inet.ipcomp.enable=1"
+
+SETUP_START = \
+ ssh ${SSHLEFT} "ipsecctl -F; pkill iked; iked -6 -f /tmp/test.conf"; \
+ ssh ${SSHRIGHT} "ipsecctl -F; pkill iked; iked -6 -f /tmp/test.conf"
+
+cleanup:
+ -ssh ${SSHLEFT} 'rm -f /tmp/test.conf; ipsecctl -F; pkill iked'
+ -ssh ${SSHRIGHT} 'rm -f /tmp/test.conf; ipsecctl -F; pkill iked'
+
+REGRESS_TARGETS = run-basic run-ipcomp
+
+run-basic:
+ @echo '======= $@ ========'
+ flowtype=esp; \
+ ${SETUP_CONFIGS}; \
+ ${SETUP_START}; \
+ ${TEST_FLOWS}; \
+ ${TEST_PING}
+
+run-ipcomp:
+ @echo '======= $@ ========'
+ flowtype=ipcomp; \
+ ${SETUP_CONFIGS}; \
+ ${SETUP_SYSCTL}; \
+ ${SETUP_START}; \
+ ${TEST_FLOWS}; \
+ ${TEST_PING}
+
+.include <bsd.regress.mk>
diff --git a/regress/sbin/iked/live/iked.in b/regress/sbin/iked/live/iked.in
new file mode 100644
index 00000000000..471513fa525
--- /dev/null
+++ b/regress/sbin/iked/live/iked.in
@@ -0,0 +1,6 @@
+ikev2 "test" active $IPCOMP esp from $LEFTGW to $RIGHTGW \
+ peer $RIGHTGW \
+ psk $PSK
+ikev2 "test" active $IPCOMP esp from $LEFTGW to $RIGHTGW \
+ peer $RIGHTGW \
+ psk $PSK