ipsec6.t revision 167866
1#!/bin/sh 2# $FreeBSD: head/tools/regression/ipsec/ipsec6.t 167866 2007-03-24 13:47:16Z gnn $ 3# 4# IPv6 IPsec test based on ipsec.t, in this same directory, which tests 5# IPsec by setting up a set of tunnels and then sending ICMPv6 packets, 6# aka those generated with ping6(8), across the tunnel. 7# 8# This test should ONLY be used as a smoke test to verify that nothing 9# drastic has been broken, it is insufficient for true protocol conformance 10# testing. 11# 12# Expected Output: No failures. 13 14netif="lo0" 15spi="10000" 16 17echo "1..306" 18 19#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 20 21ifconfig $netif inet6 alias 1::1 22ifconfig $netif inet6 alias 2::1 23 24i=1 25 26for ecipher in \ 27 des-cbc:12345678 \ 28 3des-cbc:012345678901234567890123 \ 29 blowfish-cbc:0123456789012345 \ 30 blowfish-cbc:01234567890123456789 \ 31 blowfish-cbc:012345678901234567890123 \ 32 blowfish-cbc:0123456789012345678901234567 \ 33 blowfish-cbc:01234567890123456789012345678901 \ 34 blowfish-cbc:012345678901234567890123456789012345 \ 35 blowfish-cbc:0123456789012345678901234567890123456789 \ 36 blowfish-cbc:01234567890123456789012345678901234567890123 \ 37 blowfish-cbc:012345678901234567890123456789012345678901234567 \ 38 blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ 39 blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ 40 cast128-cbc:0123456789012345 \ 41 rijndael-cbc:0123456789012345 \ 42 rijndael-cbc:012345678901234567890123 \ 43 rijndael-cbc:01234567890123456789012345678901; do 44 45 ealgo=${ecipher%%:*} 46 ekey=${ecipher##*:} 47 48 for acipher in \ 49 hmac-md5:0123456789012345 \ 50 hmac-sha1:01234567890123456789 \ 51 hmac-ripemd160:01234567890123456789 \ 52 hmac-sha2-256:01234567890123456789012345678901 \ 53 hmac-sha2-384:012345678901234567890123456789012345678901234567 \ 54 hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do 55 56 aalgo=${acipher%%:*} 57 akey=${acipher##*:} 58 59 setkey -F 60 setkey -FP 61 62 (echo "add -6 1::1 2::1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 63 echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 64 65 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;" 66 echo "spdadd -6 2::1 1::1 any -P in ipsec esp/transport//require;" 67 echo "spdadd -6 1::1 2::1 any -P in ipsec esp/transport//require;" 68 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;" 69 ) | setkey -c >/dev/null 2>&1 70 if [ $? -eq 0 ]; then 71 echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 72 else 73 echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 74 fi 75 i=$((i+1)) 76 77 ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null 78 if [ $? -eq 0 ]; then 79 echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 80 else 81 echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 82 fi 83 i=$((i+1)) 84 ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null 85 if [ $? -eq 0 ]; then 86 echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 87 else 88 echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 89 fi 90 i=$((i+1)) 91 done 92done 93 94setkey -F 95setkey -FP 96 97ifconfig $netif inet6 1::1 delete 98ifconfig $netif inet6 2::1 delete 99