1167763Sgnn#!/bin/sh 2167763Sgnn# $FreeBSD$ 3167763Sgnn# 4167763Sgnn# IPv6 IPsec test based on ipsec.t, in this same directory, which tests 5167763Sgnn# IPsec by setting up a set of tunnels and then sending ICMPv6 packets, 6167763Sgnn# aka those generated with ping6(8), across the tunnel. 7167763Sgnn# 8167763Sgnn# This test should ONLY be used as a smoke test to verify that nothing 9167763Sgnn# drastic has been broken, it is insufficient for true protocol conformance 10167763Sgnn# testing. 11167763Sgnn# 12167763Sgnn# Expected Output: No failures. 13167763Sgnn 14167763Sgnnnetif="lo0" 15167763Sgnnspi="10000" 16167763Sgnn 17167893Sgnnecho "1..414" 18167763Sgnn 19167763Sgnn#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 20167763Sgnn 21167866Sgnnifconfig $netif inet6 alias 1::1 22167866Sgnnifconfig $netif inet6 alias 2::1 23167763Sgnn 24167763Sgnni=1 25167763Sgnn 26167763Sgnnfor ecipher in \ 27167763Sgnn des-cbc:12345678 \ 28167763Sgnn 3des-cbc:012345678901234567890123 \ 29167763Sgnn blowfish-cbc:0123456789012345 \ 30167763Sgnn blowfish-cbc:01234567890123456789 \ 31167763Sgnn blowfish-cbc:012345678901234567890123 \ 32167763Sgnn blowfish-cbc:0123456789012345678901234567 \ 33167763Sgnn blowfish-cbc:01234567890123456789012345678901 \ 34167763Sgnn blowfish-cbc:012345678901234567890123456789012345 \ 35167763Sgnn blowfish-cbc:0123456789012345678901234567890123456789 \ 36167763Sgnn blowfish-cbc:01234567890123456789012345678901234567890123 \ 37167763Sgnn blowfish-cbc:012345678901234567890123456789012345678901234567 \ 38167763Sgnn blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ 39167763Sgnn blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ 40167763Sgnn cast128-cbc:0123456789012345 \ 41167893Sgnn aes-ctr:01234567890123456789\ 42167893Sgnn aes-ctr:0123456789012345678901234567\ 43167893Sgnn aes-ctr:012345678901234567890123456789012345\ 44167893Sgnn camellia-cbc:0123456789012345\ 45167893Sgnn camellia-cbc:012345678901234567890123\ 46167893Sgnn camellia-cbc:01234567890123456789012345678901\ 47167763Sgnn rijndael-cbc:0123456789012345 \ 48167763Sgnn rijndael-cbc:012345678901234567890123 \ 49167763Sgnn rijndael-cbc:01234567890123456789012345678901; do 50167763Sgnn 51167763Sgnn ealgo=${ecipher%%:*} 52167763Sgnn ekey=${ecipher##*:} 53167763Sgnn 54167763Sgnn for acipher in \ 55167763Sgnn hmac-md5:0123456789012345 \ 56167763Sgnn hmac-sha1:01234567890123456789 \ 57167763Sgnn hmac-ripemd160:01234567890123456789 \ 58167763Sgnn hmac-sha2-256:01234567890123456789012345678901 \ 59167763Sgnn hmac-sha2-384:012345678901234567890123456789012345678901234567 \ 60167763Sgnn hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do 61167763Sgnn 62167763Sgnn aalgo=${acipher%%:*} 63167763Sgnn akey=${acipher##*:} 64167763Sgnn 65167763Sgnn setkey -F 66167763Sgnn setkey -FP 67167763Sgnn 68167866Sgnn (echo "add -6 1::1 2::1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 69167866Sgnn echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 70167763Sgnn 71167866Sgnn echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;" 72167866Sgnn echo "spdadd -6 2::1 1::1 any -P in ipsec esp/transport//require;" 73167866Sgnn echo "spdadd -6 1::1 2::1 any -P in ipsec esp/transport//require;" 74167866Sgnn echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;" 75167763Sgnn ) | setkey -c >/dev/null 2>&1 76167763Sgnn if [ $? -eq 0 ]; then 77167763Sgnn echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 78167763Sgnn else 79167763Sgnn echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 80167763Sgnn fi 81167763Sgnn i=$((i+1)) 82167763Sgnn 83167866Sgnn ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null 84167763Sgnn if [ $? -eq 0 ]; then 85167763Sgnn echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 86167763Sgnn else 87167763Sgnn echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 88167763Sgnn fi 89167763Sgnn i=$((i+1)) 90167866Sgnn ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null 91167763Sgnn if [ $? -eq 0 ]; then 92167763Sgnn echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 93167763Sgnn else 94167763Sgnn echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 95167763Sgnn fi 96167763Sgnn i=$((i+1)) 97167763Sgnn done 98167763Sgnndone 99167763Sgnn 100167763Sgnnsetkey -F 101167763Sgnnsetkey -FP 102167763Sgnn 103167866Sgnnifconfig $netif inet6 1::1 delete 104167866Sgnnifconfig $netif inet6 2::1 delete 105