Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e596ee1 authored by Shannon Nelson's avatar Shannon Nelson Committed by Steffen Klassert
Browse files

selftests: add xfrm state-policy-monitor to rtnetlink.sh 



Add a simple set of tests for the IPsec xfrm commands.

Signed-off-by: default avatarShannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent ef53e9e1

tools/testing/selftests/net/rtnetlink.sh

+103 −0
Original line number Diff line number Diff line
@@ -502,6 +502,108 @@ kci_test_macsec() 
	echo "PASS: macsec"

}



#-------------------------------------------------------------------

# Example commands

#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \

#            spi 0x07 mode transport reqid 0x07 replay-window 32 \

#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \

#            sel src 14.0.0.52/24 dst 14.0.0.70/24

#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \

#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \

#            spi 0x07 mode transport reqid 0x07

#

# Subcommands not tested

#    ip x s update

#    ip x s allocspi

#    ip x s deleteall

#    ip x p update

#    ip x p deleteall

#    ip x p set

#-------------------------------------------------------------------

kci_test_ipsec()

{

	srcip="14.0.0.52"

	dstip="14.0.0.70"

	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"



	# flush to be sure there's nothing configured

	ip x s flush ; ip x p flush

	check_err $?



	# start the monitor in the background

	tmpfile=`mktemp ipsectestXXX`

	ip x m > $tmpfile &

	mpid=$!

	sleep 0.2



	ipsecid="proto esp src $srcip dst $dstip spi 0x07"

	ip x s add $ipsecid \

            mode transport reqid 0x07 replay-window 32 \

            $algo sel src $srcip/24 dst $dstip/24

	check_err $?



	lines=`ip x s list | grep $srcip | grep $dstip | wc -l`

	test $lines -eq 2

	check_err $?



	ip x s count | grep -q "SAD count 1"

	check_err $?



	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`

	test $lines -eq 2

	check_err $?



	ip x s delete $ipsecid

	check_err $?



	lines=`ip x s list | wc -l`

	test $lines -eq 0

	check_err $?



	ipsecsel="dir out src $srcip/24 dst $dstip/24"

	ip x p add $ipsecsel \

		    tmpl proto esp src $srcip dst $dstip \

		    spi 0x07 mode transport reqid 0x07

	check_err $?



	lines=`ip x p list | grep $srcip | grep $dstip | wc -l`

	test $lines -eq 2

	check_err $?



	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"

	check_err $?



	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`

	test $lines -eq 2

	check_err $?



	ip x p delete $ipsecsel

	check_err $?



	lines=`ip x p list | wc -l`

	test $lines -eq 0

	check_err $?



	# check the monitor results

	kill $mpid

	lines=`wc -l $tmpfile | cut "-d " -f1`

	test $lines -eq 20

	check_err $?

	rm -rf $tmpfile



	# clean up any leftovers

	ip x s flush

	check_err $?

	ip x p flush

	check_err $?



	if [ $ret -ne 0 ]; then

		echo "FAIL: ipsec"

		return 1

	fi

	echo "PASS: ipsec"

}



kci_test_gretap()

{

	testns="testns"
@@ -755,6 +857,7 @@ kci_test_rtnl() 
	kci_test_vrf

	kci_test_encap

	kci_test_macsec

	kci_test_ipsec



	kci_del_dummy

}