ipsec6.t revision 167763
1#!/bin/sh 2# $FreeBSD: head/tools/regression/ipsec/ipsec6.t 167763 2007-03-21 09:39:51Z gnn $ 3# 4# IPv6 IPsec test based on ipsec.t, in this same directory, which tests 5# IPsec by setting up a set of tunnels and then sending ICMPv6 packets, 6# aka those generated with ping6(8), across the tunnel. 7# 8# This test should ONLY be used as a smoke test to verify that nothing 9# drastic has been broken, it is insufficient for true protocol conformance 10# testing. 11# 12# Expected Output: No failures. 13 14ipbase="1" 15netif="lo0" 16spi="10000" 17 18echo "1..306" 19 20#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 21 22ifconfig $netif inet6 alias ${ipbase}::1/128 23ifconfig $netif inet6 alias ${ipbase}::2/128 24 25i=1 26 27for ecipher in \ 28 des-cbc:12345678 \ 29 3des-cbc:012345678901234567890123 \ 30 blowfish-cbc:0123456789012345 \ 31 blowfish-cbc:01234567890123456789 \ 32 blowfish-cbc:012345678901234567890123 \ 33 blowfish-cbc:0123456789012345678901234567 \ 34 blowfish-cbc:01234567890123456789012345678901 \ 35 blowfish-cbc:012345678901234567890123456789012345 \ 36 blowfish-cbc:0123456789012345678901234567890123456789 \ 37 blowfish-cbc:01234567890123456789012345678901234567890123 \ 38 blowfish-cbc:012345678901234567890123456789012345678901234567 \ 39 blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ 40 blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ 41 cast128-cbc:0123456789012345 \ 42 rijndael-cbc:0123456789012345 \ 43 rijndael-cbc:012345678901234567890123 \ 44 rijndael-cbc:01234567890123456789012345678901; do 45 46 ealgo=${ecipher%%:*} 47 ekey=${ecipher##*:} 48 49 for acipher in \ 50 hmac-md5:0123456789012345 \ 51 hmac-sha1:01234567890123456789 \ 52 hmac-ripemd160:01234567890123456789 \ 53 hmac-sha2-256:01234567890123456789012345678901 \ 54 hmac-sha2-384:012345678901234567890123456789012345678901234567 \ 55 hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do 56 57 aalgo=${acipher%%:*} 58 akey=${acipher##*:} 59 60 setkey -F 61 setkey -FP 62 63 (echo "add -6 ${ipbase}::1 ${ipbase}::2 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 64 echo "add -6 ${ipbase}::2 ${ipbase}::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 65 66 echo "spdadd -6 ${ipbase}::1 ${ipbase}::2 any -P out ipsec esp/transport//require;" 67 echo "spdadd -6 ${ipbase}::2 ${ipbase}::1 any -P in ipsec esp/transport//require;" 68 echo "spdadd -6 ${ipbase}::1 ${ipbase}::2 any -P in ipsec esp/transport//require;" 69 echo "spdadd -6 ${ipbase}::2 ${ipbase}::1 any -P out ipsec esp/transport//require;" 70 ) | setkey -c >/dev/null 2>&1 71 if [ $? -eq 0 ]; then 72 echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 73 else 74 echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 75 fi 76 i=$((i+1)) 77 78 ping6 -c 1 -i 1 -S ${ipbase}::1 ${ipbase}::2 >/dev/null 79 if [ $? -eq 0 ]; then 80 echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 81 else 82 echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 83 fi 84 i=$((i+1)) 85 ping6 -c 1 -i 1 -S ${ipbase}::2 ${ipbase}::1 >/dev/null 86 if [ $? -eq 0 ]; then 87 echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 88 else 89 echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 90 fi 91 i=$((i+1)) 92 done 93done 94 95setkey -F 96setkey -FP 97 98ifconfig $netif inet6 ${ipbase}::1 delete 99ifconfig $netif inet6 ${ipbase}::2 delete 100