168349Sobrien#!/bin/sh 268349Sobrien# $FreeBSD: releng/11.0/tools/regression/ipsec/ipsec6.t 167893 2007-03-26 07:40:51Z gnn $ 368349Sobrien# 468349Sobrien# IPv6 IPsec test based on ipsec.t, in this same directory, which tests 568349Sobrien# IPsec by setting up a set of tunnels and then sending ICMPv6 packets, 668349Sobrien# aka those generated with ping6(8), across the tunnel. 768349Sobrien# 868349Sobrien# This test should ONLY be used as a smoke test to verify that nothing 968349Sobrien# drastic has been broken, it is insufficient for true protocol conformance 1068349Sobrien# testing. 1168349Sobrien# 1268349Sobrien# Expected Output: No failures. 1368349Sobrien 1468349Sobriennetif="lo0" 1568349Sobrienspi="10000" 1668349Sobrien 17159764Sobrienecho "1..414" 18159764Sobrien 19159764Sobrien#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 20159764Sobrien 21159764Sobrienifconfig $netif inet6 alias 1::1 22159764Sobrienifconfig $netif inet6 alias 2::1 23159764Sobrien 24159764Sobrieni=1 25159764Sobrien 26159764Sobrienfor ecipher in \ 27159764Sobrien des-cbc:12345678 \ 28159764Sobrien 3des-cbc:012345678901234567890123 \ 29159764Sobrien blowfish-cbc:0123456789012345 \ 30159764Sobrien blowfish-cbc:01234567890123456789 \ 31159764Sobrien blowfish-cbc:012345678901234567890123 \ 32159764Sobrien blowfish-cbc:0123456789012345678901234567 \ 33159764Sobrien blowfish-cbc:01234567890123456789012345678901 \ 34159764Sobrien blowfish-cbc:012345678901234567890123456789012345 \ 35159764Sobrien blowfish-cbc:0123456789012345678901234567890123456789 \ 36159764Sobrien blowfish-cbc:01234567890123456789012345678901234567890123 \ 37159764Sobrien blowfish-cbc:012345678901234567890123456789012345678901234567 \ 38159764Sobrien blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ 39103373Sobrien blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ 40103373Sobrien cast128-cbc:0123456789012345 \ 41103373Sobrien aes-ctr:01234567890123456789\ 42159764Sobrien aes-ctr:0123456789012345678901234567\ 43159764Sobrien aes-ctr:012345678901234567890123456789012345\ 44159764Sobrien camellia-cbc:0123456789012345\ 45159764Sobrien camellia-cbc:012345678901234567890123\ 46159764Sobrien camellia-cbc:01234567890123456789012345678901\ 4769216Sobrien rijndael-cbc:0123456789012345 \ 4869216Sobrien rijndael-cbc:012345678901234567890123 \ 49103373Sobrien rijndael-cbc:01234567890123456789012345678901; do 50103373Sobrien 51103373Sobrien ealgo=${ecipher%%:*} 52103373Sobrien ekey=${ecipher##*:} 53103373Sobrien 54103373Sobrien for acipher in \ 55103373Sobrien hmac-md5:0123456789012345 \ 56103373Sobrien hmac-sha1:01234567890123456789 \ 57103373Sobrien hmac-ripemd160:01234567890123456789 \ 5869216Sobrien hmac-sha2-256:01234567890123456789012345678901 \ 5969216Sobrien hmac-sha2-384:012345678901234567890123456789012345678901234567 \ 60103373Sobrien hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do 61103373Sobrien 62103373Sobrien aalgo=${acipher%%:*} 63103373Sobrien akey=${acipher##*:} 64103373Sobrien 65103373Sobrien setkey -F 66103373Sobrien setkey -FP 67103373Sobrien 68103373Sobrien (echo "add -6 1::1 2::1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 6968349Sobrien echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 70103373Sobrien 7168349Sobrien echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;" 7268349Sobrien echo "spdadd -6 2::1 1::1 any -P in ipsec esp/transport//require;" 7374784Sobrien echo "spdadd -6 1::1 2::1 any -P in ipsec esp/transport//require;" 7474784Sobrien echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;" 7568349Sobrien ) | setkey -c >/dev/null 2>&1 7668349Sobrien if [ $? -eq 0 ]; then 7768349Sobrien echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 7868349Sobrien else 79133359Sobrien echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 8068349Sobrien fi 8168349Sobrien i=$((i+1)) 8268349Sobrien 8368349Sobrien ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null 8475937Sobrien if [ $? -eq 0 ]; then 8568349Sobrien echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 86133359Sobrien else 8768349Sobrien echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 8868349Sobrien fi 8968349Sobrien i=$((i+1)) 9068349Sobrien ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null 9168349Sobrien if [ $? -eq 0 ]; then 9268349Sobrien echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 9368349Sobrien else 9468349Sobrien echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 95159764Sobrien fi 9668349Sobrien i=$((i+1)) 9768349Sobrien done 9868349Sobriendone 9984685Sobrien 10068349Sobriensetkey -F 101139368Sobriensetkey -FP 102111658Sobrien 10368349Sobrienifconfig $netif inet6 1::1 delete 10468349Sobrienifconfig $netif inet6 2::1 delete 10568349Sobrien