artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 07f0d14)
Add tests with the ipsec.conf SA bundle keyword.
authorbluhm <bluhm@openbsd.org>
Fri, 14 Apr 2017 18:14:33 +0000 (18:14 +0000)
committerbluhm <bluhm@openbsd.org>
Fri, 14 Apr 2017 18:14:33 +0000 (18:14 +0000)
regress/sbin/ipsecctl/Makefile patch | blob | history
regress/sbin/ipsecctl/sa25.in patch | blob | history
regress/sbin/ipsecctl/sa26.in patch | blob | history
regress/sbin/ipsecctl/sa27.in [new file with mode: 0644] patch | blob
regress/sbin/ipsecctl/sa27.ok [new file with mode: 0644] patch | blob

diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile
index c084c45..3b8896f 100644 (file)
--- a/regress/sbin/ipsecctl/Makefile
+++ b/regress/sbin/ipsecctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.61 2017/03/23 17:12:27 bluhm Exp $
+# $OpenBSD: Makefile,v 1.62 2017/04/14 18:14:33 bluhm Exp $
 
 # you can update the *.ok files with: make -i | patch
 # TARGETS
@@ -12,7 +12,7 @@ IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 IPSECTESTS+=25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
 IPSECTESTS+=51 52 53 54 55 56 57 58
 TCPMD5TESTS=1 2 3
-SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
+SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
 SAFAIL=1 2 3
 IPSECFAIL=1 2 3
 IKEFAIL=1 3 4 5 6 8 9 11 12 13 14
diff --git a/regress/sbin/ipsecctl/sa25.in b/regress/sbin/ipsecctl/sa25.in
index b63a628..6d4c25e 100644 (file)
--- a/regress/sbin/ipsecctl/sa25.in
+++ b/regress/sbin/ipsecctl/sa25.in
@@ -1,10 +1,14 @@
 # group the sa bundle if from and to are identical
 esp transport from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 \
        authkey file "DIR/ak256:DIR/ak256" \
-       enckey file "DIR/ek128:DIR/ek128"
+       enckey file "DIR/ek128:DIR/ek128" \
+       bundle foo
 ah transport from 1.1.1.1 to 2.2.2.2 spi 0x2a000000:0x2b000000 \
-       authkey file "DIR/ak256:DIR/ak256"
+       authkey file "DIR/ak256:DIR/ak256" \
+       bundle foo
 ah transport from 3.3.3.3 to 2.2.2.2 spi 0x3a000000:0x3b000000 \
-       authkey file "DIR/ak256:DIR/ak256"
+       authkey file "DIR/ak256:DIR/ak256" \
+       bundle foo
 ah transport from 1.1.1.1 to 3.3.3.3 spi 0x4a000000:0x4b000000 \
-       authkey file "DIR/ak256:DIR/ak256"
+       authkey file "DIR/ak256:DIR/ak256" \
+       bundle foo
diff --git a/regress/sbin/ipsecctl/sa26.in b/regress/sbin/ipsecctl/sa26.in
index de20ce5..a99cacf 100644 (file)
--- a/regress/sbin/ipsecctl/sa26.in
+++ b/regress/sbin/ipsecctl/sa26.in
@@ -1,8 +1,10 @@
 # group all kind of sa bundles
-ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000
-ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00
+ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 bundle foo
+ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00 bundle foo
 esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000:0x3b000000 \
        authkey file "DIR/ak256:DIR/ak256" \
-       enckey file "DIR/ek128:DIR/ek128"
+       enckey file "DIR/ek128:DIR/ek128" \
+       bundle foo
 ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000:0x4b000000 \
-       authkey file "DIR/ak256:DIR/ak256"
+       authkey file "DIR/ak256:DIR/ak256" \
+       bundle foo
diff --git a/regress/sbin/ipsecctl/sa27.in b/regress/sbin/ipsecctl/sa27.in
new file mode 100644 (file)
index 0000000..bd1a80b
--- /dev/null
+++ b/regress/sbin/ipsecctl/sa27.in
@@ -0,0 +1,10 @@
+# group sa bundles selectively
+ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 bundle foo
+ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00 bundle bar
+esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000:0x3b000000 \
+       authkey file "DIR/ak256:DIR/ak256" \
+       enckey file "DIR/ek128:DIR/ek128" \
+       bundle foo
+ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000:0x4b000000 \
+       authkey file "DIR/ak256:DIR/ak256" \
+       bundle bar
diff --git a/regress/sbin/ipsecctl/sa27.ok b/regress/sbin/ipsecctl/sa27.ok
new file mode 100644 (file)
index 0000000..9e9a38a
--- /dev/null
+++ b/regress/sbin/ipsecctl/sa27.ok
@@ -0,0 +1,18 @@
+ipip from 1.1.1.1 to 2.2.2.2 spi 0x1a000000
+ipip from 2.2.2.2 to 1.1.1.1 spi 0x1b000000
+ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x00002a00 comp deflate
+ipcomp transport from 2.2.2.2 to 1.1.1.1 spi 0x00002b00 comp deflate
+esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000 auth hmac-sha2-256 enc aes \
+       authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
+       enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
+[group ipip to 2.2.2.2 spi 0x1a000000 with esp to 2.2.2.2 spi 0x3a000000]
+esp transport from 2.2.2.2 to 1.1.1.1 spi 0x3b000000 auth hmac-sha2-256 enc aes \
+       authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
+       enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
+[group ipip to 1.1.1.1 spi 0x1b000000 with esp to 1.1.1.1 spi 0x3b000000]
+ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000 auth hmac-sha2-256 \
+       authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+[group ipcomp to 2.2.2.2 spi 0x00002a00 with ah to 2.2.2.2 spi 0x4a000000]
+ah transport from 2.2.2.2 to 1.1.1.1 spi 0x4b000000 auth hmac-sha2-256 \
+       authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+[group ipcomp to 1.1.1.1 spi 0x00002b00 with ah to 1.1.1.1 spi 0x4b000000]
OpenBSD src
by Ahmet Artu Yildirim