From 8e9e899cbc57691805f26e07d3045492d3e8b6fe Mon Sep 17 00:00:00 2001 From: bluhm Date: Fri, 14 Apr 2017 18:14:33 +0000 Subject: [PATCH] Add tests with the ipsec.conf SA bundle keyword. --- regress/sbin/ipsecctl/Makefile | 4 ++-- regress/sbin/ipsecctl/sa25.in | 12 ++++++++---- regress/sbin/ipsecctl/sa26.in | 10 ++++++---- regress/sbin/ipsecctl/sa27.in | 10 ++++++++++ regress/sbin/ipsecctl/sa27.ok | 18 ++++++++++++++++++ 5 files changed, 44 insertions(+), 10 deletions(-) create mode 100644 regress/sbin/ipsecctl/sa27.in create mode 100644 regress/sbin/ipsecctl/sa27.ok diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile index c084c455918..3b8896fc3ea 100644 --- a/regress/sbin/ipsecctl/Makefile +++ b/regress/sbin/ipsecctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.61 2017/03/23 17:12:27 bluhm Exp $ +# $OpenBSD: Makefile,v 1.62 2017/04/14 18:14:33 bluhm Exp $ # you can update the *.ok files with: make -i | patch # TARGETS @@ -12,7 +12,7 @@ IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 IPSECTESTS+=25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 IPSECTESTS+=51 52 53 54 55 56 57 58 TCPMD5TESTS=1 2 3 -SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 +SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 SAFAIL=1 2 3 IPSECFAIL=1 2 3 IKEFAIL=1 3 4 5 6 8 9 11 12 13 14 diff --git a/regress/sbin/ipsecctl/sa25.in b/regress/sbin/ipsecctl/sa25.in index b63a628e5f4..6d4c25eab77 100644 --- a/regress/sbin/ipsecctl/sa25.in +++ b/regress/sbin/ipsecctl/sa25.in @@ -1,10 +1,14 @@ # group the sa bundle if from and to are identical esp transport from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 \ authkey file "DIR/ak256:DIR/ak256" \ - enckey file "DIR/ek128:DIR/ek128" + enckey file "DIR/ek128:DIR/ek128" \ + bundle foo ah transport from 1.1.1.1 to 2.2.2.2 spi 0x2a000000:0x2b000000 \ - authkey file "DIR/ak256:DIR/ak256" + authkey file "DIR/ak256:DIR/ak256" \ + bundle foo ah transport from 3.3.3.3 to 2.2.2.2 spi 0x3a000000:0x3b000000 \ - authkey file "DIR/ak256:DIR/ak256" + authkey file "DIR/ak256:DIR/ak256" \ + bundle foo ah transport from 1.1.1.1 to 3.3.3.3 spi 0x4a000000:0x4b000000 \ - authkey file "DIR/ak256:DIR/ak256" + authkey file "DIR/ak256:DIR/ak256" \ + bundle foo diff --git a/regress/sbin/ipsecctl/sa26.in b/regress/sbin/ipsecctl/sa26.in index de20ce5ee0a..a99cacfa7df 100644 --- a/regress/sbin/ipsecctl/sa26.in +++ b/regress/sbin/ipsecctl/sa26.in @@ -1,8 +1,10 @@ # group all kind of sa bundles -ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 -ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00 +ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 bundle foo +ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00 bundle foo esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000:0x3b000000 \ authkey file "DIR/ak256:DIR/ak256" \ - enckey file "DIR/ek128:DIR/ek128" + enckey file "DIR/ek128:DIR/ek128" \ + bundle foo ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000:0x4b000000 \ - authkey file "DIR/ak256:DIR/ak256" + authkey file "DIR/ak256:DIR/ak256" \ + bundle foo diff --git a/regress/sbin/ipsecctl/sa27.in b/regress/sbin/ipsecctl/sa27.in new file mode 100644 index 00000000000..bd1a80bdf71 --- /dev/null +++ b/regress/sbin/ipsecctl/sa27.in @@ -0,0 +1,10 @@ +# group sa bundles selectively +ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 bundle foo +ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00 bundle bar +esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000:0x3b000000 \ + authkey file "DIR/ak256:DIR/ak256" \ + enckey file "DIR/ek128:DIR/ek128" \ + bundle foo +ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000:0x4b000000 \ + authkey file "DIR/ak256:DIR/ak256" \ + bundle bar diff --git a/regress/sbin/ipsecctl/sa27.ok b/regress/sbin/ipsecctl/sa27.ok new file mode 100644 index 00000000000..9e9a38aecba --- /dev/null +++ b/regress/sbin/ipsecctl/sa27.ok @@ -0,0 +1,18 @@ +ipip from 1.1.1.1 to 2.2.2.2 spi 0x1a000000 +ipip from 2.2.2.2 to 1.1.1.1 spi 0x1b000000 +ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x00002a00 comp deflate +ipcomp transport from 2.2.2.2 to 1.1.1.1 spi 0x00002b00 comp deflate +esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000 auth hmac-sha2-256 enc aes \ + authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \ + enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +[group ipip to 2.2.2.2 spi 0x1a000000 with esp to 2.2.2.2 spi 0x3a000000] +esp transport from 2.2.2.2 to 1.1.1.1 spi 0x3b000000 auth hmac-sha2-256 enc aes \ + authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \ + enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +[group ipip to 1.1.1.1 spi 0x1b000000 with esp to 1.1.1.1 spi 0x3b000000] +ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000 auth hmac-sha2-256 \ + authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +[group ipcomp to 2.2.2.2 spi 0x00002a00 with ah to 2.2.2.2 spi 0x4a000000] +ah transport from 2.2.2.2 to 1.1.1.1 spi 0x4b000000 auth hmac-sha2-256 \ + authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +[group ipcomp to 1.1.1.1 spi 0x00002b00 with ah to 1.1.1.1 spi 0x4b000000] -- 2.20.1