diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2015-10-22 11:43:58 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2015-10-22 11:43:58 +0200 |
| commit | 5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (patch) | |
| tree | 037f1ec5bb860846938ddcf29771c24e9c529be0 /testing/do-tests | |
| parent | b238cf34df3fe4476ae6b7012e7cb3e9769d4d51 (diff) | |
| download | vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.tar.gz vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.zip | |
Imported Upstream version 5.3.3
Diffstat (limited to 'testing/do-tests')
| -rwxr-xr-x | testing/do-tests | 81 |
1 files changed, 57 insertions, 24 deletions
diff --git a/testing/do-tests b/testing/do-tests index 35f13ec5b..c01152c7b 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -23,6 +23,7 @@ SSHCONF="-F $DIR/ssh_config" [ -d $DIR/tests ] || die "Directory 'tests' not found" [ -d $BUILDDIR ] || die "Directory '$BUILDDIR' does not exist, please run make-testing first" +running_any $STRONGSWANHOSTS || die "Please start test environment before running $0" ln -sfT $DIR $TESTDIR/testing @@ -254,27 +255,6 @@ do continue fi - if [ $SUBDIR = "ipv6" -o $name = "rw-psk-ipv6" ] - then - IPROUTE_CMD="ip -6 route list table $SOURCEIP_ROUTING_TABLE" - IPROUTE_DSP=$IPROUTE_CMD - IPTABLES_CMD="ip6tables -v -n -L" - IPTABLES_DSP="ip6tables -L" - else - IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE" - IPROUTE_DSP=$IPROUTE_CMD - IPTABLES_CMD="iptables -v -n -L" - IPTABLES_DSP="iptables -L" - fi - - if [ $name = "net2net-ip4-in-ip6-ikev2" -o $name = "net2net-ip6-in-ip4-ikev2" ] - then - IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE; echo; ip -6 route list table $SOURCEIP_ROUTING_TABLE" - IPROUTE_DSP="ip (-6) route list table $SOURCEIP_ROUTING_TABLE" - IPTABLES_CMD="iptables -v -n -L ; echo ; ip6tables -v -n -L" - IPTABLES_DSP="iptables -L ; ip6tables -L" - fi - [ -f $DEFAULTTESTSDIR/${testname}/description.txt ] || die "!! File 'description.txt' is missing" [ -f $DEFAULTTESTSDIR/${testname}/test.conf ] || die "!! File 'test.conf' is missing" [ -f $DEFAULTTESTSDIR/${testname}/pretest.dat ] || die "!! File 'pretest.dat' is missing" @@ -351,6 +331,8 @@ do $DIR/scripts/load-testconfig $testname unset RADIUSHOSTS + unset IPV6 + unset SWANCTL source $TESTDIR/test.conf @@ -382,6 +364,14 @@ do ssh $SSHCONF root@`eval echo \\\$ipv4_$host` 'conntrack -F' >/dev/null 2>&1 done + ########################################################################## + # flush IPsec state on all hosts + # + + for host in $STRONGSWANHOSTS + do + ssh $SSHCONF root@`eval echo \\\$ipv4_$host` 'ip xfrm state flush; ip xfrm policy flush' >/dev/null 2>&1 + done ########################################################################## # execute pre-test commands @@ -487,6 +477,27 @@ do <img src="../../images/$DIAGRAM" alt="$VIRTHOSTS"> @EOF + if [ -n "$IPV6" ] + then + IPROUTE_CMD="ip -6 route list table $SOURCEIP_ROUTING_TABLE" + IPROUTE_DSP=$IPROUTE_CMD + IPTABLES_CMD="ip6tables -v -n -L" + IPTABLES_DSP="ip6tables -L" + else + IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE" + IPROUTE_DSP=$IPROUTE_CMD + IPTABLES_CMD="iptables -v -n -L" + IPTABLES_DSP="iptables -L" + fi + + if [ $name = "net2net-ip4-in-ip6-ikev2" -o $name = "net2net-ip6-in-ip4-ikev2" ] + then + IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE; echo; ip -6 route list table $SOURCEIP_ROUTING_TABLE" + IPROUTE_DSP="ip (-6) route list table $SOURCEIP_ROUTING_TABLE" + IPTABLES_CMD="iptables -v -n -L ; echo ; ip6tables -v -n -L" + IPTABLES_DSP="iptables -L ; ip6tables -L" + fi + for host in $IPSECHOSTS do eval HOSTLOGIN=root@\$ipv4_${host} @@ -494,7 +505,7 @@ do scp $SSHCONF $HOSTLOGIN:/etc/strongswan.conf \ $TESTRESULTDIR/${host}.strongswan.conf > /dev/null 2>&1 - if [ $SUBDIR = "swanctl" ] + if [ -n "$SWANCTL" ] then scp $SSHCONF $HOSTLOGIN:/etc/swanctl/swanctl.conf \ $TESTRESULTDIR/${host}.swanctl.conf > /dev/null 2>&1 @@ -508,6 +519,9 @@ do ssh $SSHCONF $HOSTLOGIN swanctl --list-pools \ > $TESTRESULTDIR/${host}.swanctl.pools 2>/dev/null + ssh $SSHCONF $HOSTLOGIN swanctl --list-authorities \ + > $TESTRESULTDIR/${host}.swanctl.authorities 2>/dev/null + ssh $SSHCONF $HOSTLOGIN swanctl --list-sas \ > $TESTRESULTDIR/${host}.swanctl.sas 2>/dev/null @@ -543,7 +557,7 @@ do > $TESTRESULTDIR/${host}.iptables 2>/dev/null chmod a+r $TESTRESULTDIR/* - if [ $SUBDIR = "swanctl" ] + if [ -n "$SWANCTL" ] then cat >> $TESTRESULTDIR/index.html <<@EOF <h3>$host</h3> @@ -562,8 +576,8 @@ do <ul> <li><a href="$host.swanctl.sas">swanctl --list-sas</a></li> <li><a href="$host.swanctl.pols">swanctl --list-pols</a></li> + <li><a href="$host.swanctl.authorities">swanctl --list-authorities</a></li> <li><a href="$host.swanctl.stats">swanctl --stats</a></li> - <li><a href="$host.auth.log">auth.log</a></li> <li><a href="$host.daemon.log">daemon.log</a></li> </ul> </td> @@ -573,6 +587,7 @@ do <li><a href="$host.ip.state">ip -s xfrm state</a></li> <li><a href="$host.ip.route">$IPROUTE_DSP</a></li> <li><a href="$host.iptables">$IPTABLES_DSP</a></li> + <li><a href="$host.auth.log">auth.log</a></li> </ul> </td> @@ -711,6 +726,24 @@ do } }' $TESTDIR/posttest.dat` >> $CONSOLE_LOG 2>&1 + ########################################################################## + # check that IPsec state was cleaned up properly + # + + for host in $IPSECHOSTS + do + eval HOSTLOGIN=root@\$ipv4_${host} + IPSECSTATE=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm state'` + IPSECPOLICY=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm policy'` + if [ -n "$IPSECSTATE" -o -n "$IPSECPOLICY" ] + then + echo -e "\n$host# ip xfrm state [NO]" >> $CONSOLE_LOG + echo "$IPSECSTATE" >> $CONSOLE_LOG + echo -e "\n$host# ip xfrm policy [NO]" >> $CONSOLE_LOG + echo "$IPSECPOLICY" >> $CONSOLE_LOG + STATUS="failed" + fi + done ########################################################################## # get a copy of /var/log/auth.log |