summaryrefslogtreecommitdiff
path: root/testing/do-tests
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2015-10-22 11:43:58 +0200
committerYves-Alexis Perez <corsac@debian.org>2015-10-22 11:43:58 +0200
commit5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (patch)
tree037f1ec5bb860846938ddcf29771c24e9c529be0 /testing/do-tests
parentb238cf34df3fe4476ae6b7012e7cb3e9769d4d51 (diff)
downloadvyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.tar.gz
vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.zip
Imported Upstream version 5.3.3
Diffstat (limited to 'testing/do-tests')
-rwxr-xr-xtesting/do-tests81
1 files changed, 57 insertions, 24 deletions
diff --git a/testing/do-tests b/testing/do-tests
index 35f13ec5b..c01152c7b 100755
--- a/testing/do-tests
+++ b/testing/do-tests
@@ -23,6 +23,7 @@ SSHCONF="-F $DIR/ssh_config"
[ -d $DIR/tests ] || die "Directory 'tests' not found"
[ -d $BUILDDIR ] ||
die "Directory '$BUILDDIR' does not exist, please run make-testing first"
+running_any $STRONGSWANHOSTS || die "Please start test environment before running $0"
ln -sfT $DIR $TESTDIR/testing
@@ -254,27 +255,6 @@ do
continue
fi
- if [ $SUBDIR = "ipv6" -o $name = "rw-psk-ipv6" ]
- then
- IPROUTE_CMD="ip -6 route list table $SOURCEIP_ROUTING_TABLE"
- IPROUTE_DSP=$IPROUTE_CMD
- IPTABLES_CMD="ip6tables -v -n -L"
- IPTABLES_DSP="ip6tables -L"
- else
- IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE"
- IPROUTE_DSP=$IPROUTE_CMD
- IPTABLES_CMD="iptables -v -n -L"
- IPTABLES_DSP="iptables -L"
- fi
-
- if [ $name = "net2net-ip4-in-ip6-ikev2" -o $name = "net2net-ip6-in-ip4-ikev2" ]
- then
- IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE; echo; ip -6 route list table $SOURCEIP_ROUTING_TABLE"
- IPROUTE_DSP="ip (-6) route list table $SOURCEIP_ROUTING_TABLE"
- IPTABLES_CMD="iptables -v -n -L ; echo ; ip6tables -v -n -L"
- IPTABLES_DSP="iptables -L ; ip6tables -L"
- fi
-
[ -f $DEFAULTTESTSDIR/${testname}/description.txt ] || die "!! File 'description.txt' is missing"
[ -f $DEFAULTTESTSDIR/${testname}/test.conf ] || die "!! File 'test.conf' is missing"
[ -f $DEFAULTTESTSDIR/${testname}/pretest.dat ] || die "!! File 'pretest.dat' is missing"
@@ -351,6 +331,8 @@ do
$DIR/scripts/load-testconfig $testname
unset RADIUSHOSTS
+ unset IPV6
+ unset SWANCTL
source $TESTDIR/test.conf
@@ -382,6 +364,14 @@ do
ssh $SSHCONF root@`eval echo \\\$ipv4_$host` 'conntrack -F' >/dev/null 2>&1
done
+ ##########################################################################
+ # flush IPsec state on all hosts
+ #
+
+ for host in $STRONGSWANHOSTS
+ do
+ ssh $SSHCONF root@`eval echo \\\$ipv4_$host` 'ip xfrm state flush; ip xfrm policy flush' >/dev/null 2>&1
+ done
##########################################################################
# execute pre-test commands
@@ -487,6 +477,27 @@ do
<img src="../../images/$DIAGRAM" alt="$VIRTHOSTS">
@EOF
+ if [ -n "$IPV6" ]
+ then
+ IPROUTE_CMD="ip -6 route list table $SOURCEIP_ROUTING_TABLE"
+ IPROUTE_DSP=$IPROUTE_CMD
+ IPTABLES_CMD="ip6tables -v -n -L"
+ IPTABLES_DSP="ip6tables -L"
+ else
+ IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE"
+ IPROUTE_DSP=$IPROUTE_CMD
+ IPTABLES_CMD="iptables -v -n -L"
+ IPTABLES_DSP="iptables -L"
+ fi
+
+ if [ $name = "net2net-ip4-in-ip6-ikev2" -o $name = "net2net-ip6-in-ip4-ikev2" ]
+ then
+ IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE; echo; ip -6 route list table $SOURCEIP_ROUTING_TABLE"
+ IPROUTE_DSP="ip (-6) route list table $SOURCEIP_ROUTING_TABLE"
+ IPTABLES_CMD="iptables -v -n -L ; echo ; ip6tables -v -n -L"
+ IPTABLES_DSP="iptables -L ; ip6tables -L"
+ fi
+
for host in $IPSECHOSTS
do
eval HOSTLOGIN=root@\$ipv4_${host}
@@ -494,7 +505,7 @@ do
scp $SSHCONF $HOSTLOGIN:/etc/strongswan.conf \
$TESTRESULTDIR/${host}.strongswan.conf > /dev/null 2>&1
- if [ $SUBDIR = "swanctl" ]
+ if [ -n "$SWANCTL" ]
then
scp $SSHCONF $HOSTLOGIN:/etc/swanctl/swanctl.conf \
$TESTRESULTDIR/${host}.swanctl.conf > /dev/null 2>&1
@@ -508,6 +519,9 @@ do
ssh $SSHCONF $HOSTLOGIN swanctl --list-pools \
> $TESTRESULTDIR/${host}.swanctl.pools 2>/dev/null
+ ssh $SSHCONF $HOSTLOGIN swanctl --list-authorities \
+ > $TESTRESULTDIR/${host}.swanctl.authorities 2>/dev/null
+
ssh $SSHCONF $HOSTLOGIN swanctl --list-sas \
> $TESTRESULTDIR/${host}.swanctl.sas 2>/dev/null
@@ -543,7 +557,7 @@ do
> $TESTRESULTDIR/${host}.iptables 2>/dev/null
chmod a+r $TESTRESULTDIR/*
- if [ $SUBDIR = "swanctl" ]
+ if [ -n "$SWANCTL" ]
then
cat >> $TESTRESULTDIR/index.html <<@EOF
<h3>$host</h3>
@@ -562,8 +576,8 @@ do
<ul>
<li><a href="$host.swanctl.sas">swanctl --list-sas</a></li>
<li><a href="$host.swanctl.pols">swanctl --list-pols</a></li>
+ <li><a href="$host.swanctl.authorities">swanctl --list-authorities</a></li>
<li><a href="$host.swanctl.stats">swanctl --stats</a></li>
- <li><a href="$host.auth.log">auth.log</a></li>
<li><a href="$host.daemon.log">daemon.log</a></li>
</ul>
</td>
@@ -573,6 +587,7 @@ do
<li><a href="$host.ip.state">ip -s xfrm state</a></li>
<li><a href="$host.ip.route">$IPROUTE_DSP</a></li>
<li><a href="$host.iptables">$IPTABLES_DSP</a></li>
+ <li><a href="$host.auth.log">auth.log</a></li>
</ul>
&nbsp;
</td>
@@ -711,6 +726,24 @@ do
}
}' $TESTDIR/posttest.dat` >> $CONSOLE_LOG 2>&1
+ ##########################################################################
+ # check that IPsec state was cleaned up properly
+ #
+
+ for host in $IPSECHOSTS
+ do
+ eval HOSTLOGIN=root@\$ipv4_${host}
+ IPSECSTATE=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm state'`
+ IPSECPOLICY=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm policy'`
+ if [ -n "$IPSECSTATE" -o -n "$IPSECPOLICY" ]
+ then
+ echo -e "\n$host# ip xfrm state [NO]" >> $CONSOLE_LOG
+ echo "$IPSECSTATE" >> $CONSOLE_LOG
+ echo -e "\n$host# ip xfrm policy [NO]" >> $CONSOLE_LOG
+ echo "$IPSECPOLICY" >> $CONSOLE_LOG
+ STATUS="failed"
+ fi
+ done
##########################################################################
# get a copy of /var/log/auth.log