aboutsummaryrefslogblamecommitdiff
path: root/tools/regression/ipsec/ipsec6.t
blob: a13edd3611858355431367ad775a947e53d30e18 (plain) (tree) 
a564577c9454













a564577c9454



43888ab17cc4

a564577c9454



5a146d512529


a564577c9454


















43888ab17cc4






a564577c9454





















5a146d512529


a564577c9454

5a146d512529




a564577c9454








5a146d512529

a564577c9454






5a146d512529

a564577c9454












5a146d512529


1
2
3
4
5
6
7
8
9
10
11
12
13

14
15
16

17

18
19
20

21
22

23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

41
42
43
44
45
46

47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

68
69

70

71
72
73
74

75
76
77
78
79
80
81
82

83

84
85
86
87
88
89

90

91
92
93
94
95
96
97
98
99
100
101
102

103
104













                                                                           


           
             


                                                       

                                

















                                                                           





                                                  




















                                                                                              

                                                                                                                       
 



                                                                                    







                                                                                   
                                                       





                                                                                   
                                                       











                                                                                   

                                 
#!/bin/sh
# $FreeBSD$
#
# IPv6 IPsec test based on ipsec.t, in this same directory, which tests
# IPsec by setting up a set of tunnels and then sending ICMPv6 packets,   
# aka those generated with ping6(8), across the tunnel.
#
# This test should ONLY be used as a smoke test to verify that nothing
# drastic has been broken, it is insufficient for true protocol conformance
# testing.
#
# Expected Output: No failures.

netif="lo0"
spi="10000"

echo "1..414"

#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1

ifconfig $netif inet6 alias 1::1
ifconfig $netif inet6 alias 2::1

i=1

for ecipher in \
    des-cbc:12345678 \
    3des-cbc:012345678901234567890123 \
    blowfish-cbc:0123456789012345 \
    blowfish-cbc:01234567890123456789 \
    blowfish-cbc:012345678901234567890123 \
    blowfish-cbc:0123456789012345678901234567 \
    blowfish-cbc:01234567890123456789012345678901 \
    blowfish-cbc:012345678901234567890123456789012345 \
    blowfish-cbc:0123456789012345678901234567890123456789 \
    blowfish-cbc:01234567890123456789012345678901234567890123 \
    blowfish-cbc:012345678901234567890123456789012345678901234567 \
    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
    cast128-cbc:0123456789012345 \
    aes-ctr:01234567890123456789\
    aes-ctr:0123456789012345678901234567\
    aes-ctr:012345678901234567890123456789012345\
    camellia-cbc:0123456789012345\
    camellia-cbc:012345678901234567890123\
    camellia-cbc:01234567890123456789012345678901\
    rijndael-cbc:0123456789012345 \
    rijndael-cbc:012345678901234567890123 \
    rijndael-cbc:01234567890123456789012345678901; do

	ealgo=${ecipher%%:*}
	ekey=${ecipher##*:}

	for acipher in \
	    hmac-md5:0123456789012345 \
	    hmac-sha1:01234567890123456789 \
	    hmac-ripemd160:01234567890123456789 \
	    hmac-sha2-256:01234567890123456789012345678901 \
	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do

		aalgo=${acipher%%:*}
		akey=${acipher##*:}

		setkey -F
		setkey -FP

		(echo "add -6 1::1 2::1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
		 echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"

		 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;"
		 echo "spdadd -6 2::1 1::1 any -P in  ipsec esp/transport//require;"
		 echo "spdadd -6 1::1 2::1 any -P in  ipsec esp/transport//require;"
		 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;"
		) | setkey -c >/dev/null 2>&1
		if [ $? -eq 0 ]; then
			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
		else
			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
		fi
		i=$((i+1))

		ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null
		if [ $? -eq 0 ]; then
			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
		else
			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
		fi
		i=$((i+1))
		ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null
		if [ $? -eq 0 ]; then
			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
		else
			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
		fi
		i=$((i+1))
	done
done

setkey -F
setkey -FP

ifconfig $netif inet6 1::1 delete
ifconfig $netif inet6 2::1 delete
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 02:52:11 +0000