ipsec.t revision 167763
1#!/bin/sh 2# $FreeBSD: head/tools/regression/ipsec/ipsec.t 167763 2007-03-21 09:39:51Z gnn $ 3# 4# IPsec regression test. 5# 6# This test sets up tunnels on the localhost (lo0) interface 7# with various ciphers by using the setkey(8) command and then 8# attempts to ping each end of the tunnel. 9# The test says which pings worked and which failed. 10# 11# Expected Output: No failures 12 13ipbase="127.255" 14netif="lo0" 15spi="10000" 16 17echo "1..306" 18 19#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 20 21ifconfig $netif alias ${ipbase}.0.1/24 22ifconfig $netif alias ${ipbase}.1.1/24 23 24i=1 25 26for ecipher in \ 27 des-cbc:12345678 \ 28 3des-cbc:012345678901234567890123 \ 29 blowfish-cbc:0123456789012345 \ 30 blowfish-cbc:01234567890123456789 \ 31 blowfish-cbc:012345678901234567890123 \ 32 blowfish-cbc:0123456789012345678901234567 \ 33 blowfish-cbc:01234567890123456789012345678901 \ 34 blowfish-cbc:012345678901234567890123456789012345 \ 35 blowfish-cbc:0123456789012345678901234567890123456789 \ 36 blowfish-cbc:01234567890123456789012345678901234567890123 \ 37 blowfish-cbc:012345678901234567890123456789012345678901234567 \ 38 blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ 39 blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ 40 cast128-cbc:0123456789012345 \ 41 rijndael-cbc:0123456789012345 \ 42 rijndael-cbc:012345678901234567890123 \ 43 rijndael-cbc:01234567890123456789012345678901; do 44 45 ealgo=${ecipher%%:*} 46 ekey=${ecipher##*:} 47 48 for acipher in \ 49 hmac-md5:0123456789012345 \ 50 hmac-sha1:01234567890123456789 \ 51 hmac-ripemd160:01234567890123456789 \ 52 hmac-sha2-256:01234567890123456789012345678901 \ 53 hmac-sha2-384:012345678901234567890123456789012345678901234567 \ 54 hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do 55 56 aalgo=${acipher%%:*} 57 akey=${acipher##*:} 58 59 setkey -F 60 setkey -FP 61 62 (echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 63 echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 64 65 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;" 66 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in ipsec esp/transport//require;" 67 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in ipsec esp/transport//require;" 68 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;" 69 ) | setkey -c >/dev/null 2>&1 70 if [ $? -eq 0 ]; then 71 echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 72 else 73 echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 74 fi 75 i=$((i+1)) 76 77 ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null 78 if [ $? -eq 0 ]; then 79 echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 80 else 81 echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 82 fi 83 i=$((i+1)) 84 ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null 85 if [ $? -eq 0 ]; then 86 echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 87 else 88 echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 89 fi 90 i=$((i+1)) 91 done 92done 93 94setkey -F 95setkey -FP 96 97ifconfig $netif -alias ${ipbase}.0.1 98ifconfig $netif -alias ${ipbase}.1.1 99