1#!/bin/sh 2# Copyright (c) 2016 Red Hat Inc., All Rights Reserved. 3# 4# This program is free software; you can redistribute it and/or 5# modify it under the terms of the GNU General Public License as 6# published by the Free Software Foundation; either version 2 of 7# the License, or (at your option) any later version. 8# 9# This program is distributed in the hope that it would be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with this program; if not, see <http://www.gnu.org/licenses/>. 16# 17# Author: Hangbin Liu <haliu@redhat.com> 18# 19####################################################################### 20 21. test_net.sh 22 23# tst_ipsec_cleanup: flush ipsec state and policy rules 24tst_ipsec_cleanup() 25{ 26 ip xfrm state flush 27 ip xfrm policy flush 28 tst_rhost_run -c "ip xfrm state flush && ip xfrm policy flush" 29} 30 31# tst_ipsec target protocol mode spi src_addr dst_addr: config ipsec with 32# supplied protocol and mode. 33# 34# target: target of the configuration host ( lhost / rhost ) 35# protocol: ah / esp / ipcomp 36# mode: transport / tunnel 37# spi: the first spi value 38# src_addr: source IP address 39# dst_addr: destination IP address 40tst_ipsec() 41{ 42 if [ $# -ne 6 ]; then 43 tst_brkm TCONF "tst_ipsec parameter mismatch" 44 fi 45 tst_check_cmds hexdump 46 47 local target=$1 48 local protocol=$2 49 local mode=$3 50 local spi=$4 51 local src=$5 52 local dst=$6 53 54 # Encryption algorithm 55 local EALGO="des3_ede" 56 local EALGO_KEY=0x$(printf _I_want_to_have_chicken_ | \ 57 hexdump -ve '/1 "%x"') 58 59 # Authentication algorithm 60 local AALGO="sha1" 61 local AALGO_KEY=0x$(printf beef_fish_pork_salad | \ 62 hexdump -ve '/1 "%x"') 63 64 # Compression algorithm 65 local CALGO="deflate" 66 # Algorithm options for each protocol 67 local algo_line= 68 local proto= 69 case $protocol in 70 ah) 71 algo_line="auth $AALGO $AALGO_KEY" 72 proto="ah" 73 ;; 74 esp) 75 algo_line="enc $EALGO $EALGO_KEY auth $AALGO $AALGO_KEY" 76 proto="esp" 77 ;; 78 ipcomp) 79 algo_line="comp $CALGO" 80 proto="comp" 81 ;; 82 *) 83 tst_brkm TCONF "tst_ipsec protocol mismatch" 84 ;; 85 esac 86 87 if [ $target = lhost ]; then 88 local spi_1="0x$spi" 89 local spi_2="0x$(( $spi + 1 ))" 90 ROD ip xfrm state add src $src dst $dst spi $spi_1 \ 91 proto $proto $algo_line mode $mode sel src $src dst $dst 92 ROD ip xfrm state add src $dst dst $src spi $spi_2 \ 93 proto $proto $algo_line mode $mode sel src $dst dst $src 94 95 ROD ip xfrm policy add src $src dst $dst dir out tmpl src $src \ 96 dst $dst proto $proto mode $mode 97 ROD ip xfrm policy add src $dst dst $src dir in tmpl src $dst \ 98 dst $src proto $proto mode $mode level use 99 elif [ $target = rhost ]; then 100 local spi_1="0x$(( $spi + 1 ))" 101 local spi_2="0x$spi" 102 tst_rhost_run -s -c "ip xfrm state add src $src dst $dst \ 103 spi $spi_1 proto $proto $algo_line mode $mode sel \ 104 src $src dst $dst" 105 tst_rhost_run -s -c "ip xfrm state add src $dst dst $src \ 106 spi $spi_2 proto $proto $algo_line mode $mode sel \ 107 src $dst dst $src" 108 109 tst_rhost_run -s -c "ip xfrm policy add src $src dst $dst \ 110 dir out tmpl src $src dst $dst proto $proto mode $mode" 111 tst_rhost_run -s -c "ip xfrm policy add src $dst dst $src dir \ 112 in tmpl src $dst dst $src proto $proto \ 113 mode $mode level use" 114 fi 115} 116