Imported Upstream version 5.0.2

9 files changed, 67 insertions, 143 deletions

diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
index 4b0ddace7..9e536870e 100644
--- a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
+++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
@@ -1,11 +1,11 @@
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.50/32::YES
@@ -14,12 +14,12 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::arp reply carol3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply carol3.strongswan.org is-at 52:54:00:43:e3:35::YES
 alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::arp reply dave3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply dave3.strongswan.org is-at 52:54:00:43:e3:35::YES
 alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index 058bebb2d..000000000
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow bootpc and bootps
-	iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
-	iptables -A INPUT  -p udp --sport bootps --dport bootps -j ACCEPT
-
-	# allow broadcasts from eth1
-	iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow MobIKE
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-        # log dropped packets
-        iptables -A INPUT  -j LOG --log-prefix " IN: "
-        iptables -A OUTPUT -j LOG --log-prefix " OUT: "
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules
new file mode 100644
index 000000000..2d9a466b0
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules
@@ -0,0 +1,39 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow bootpc and bootps
+-A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+-A INPUT  -p udp --sport bootps --dport bootps -j ACCEPT
+
+# allow broadcasts from eth1
+-A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+# log dropped packets
+-A INPUT  -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcp/dhcpd.conf
index 2176af702..7a178505f 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcp/dhcpd.conf
@@ -4,11 +4,11 @@ ddns-update-style none;
 
 subnet 10.1.0.0 netmask 255.255.0.0 {
   option domain-name          "strongswan.org";
-  option domain-name-servers   10.1.0.20;
-  option netbios-name-servers  10.1.0.10;
-  option routers               10.1.0.1;
+  option domain-name-servers   PH_IP_VENUS;
+  option netbios-name-servers  PH_IP_ALICE;
+  option routers               PH_IP_MOON1;
   option broadcast-address     10.1.255.255;
-  next-server                  10.1.0.20;
+  next-server                  PH_IP_VENUS;
 
   range 10.1.0.50 10.1.0.60;
 }
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
index 2d35dfd64..ec8c945a7 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
@@ -1,7 +1,7 @@
 interface=eth0
 dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
-dhcp-option=option:router,10.1.0.1
-dhcp-option=option:dns-server,10.1.0.20
-dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:router,PH_IP_MOON1
+dhcp-option=option:dns-server,PH_IP_VENUS
+dhcp-option=option:netbios-ns,PH_IP_ALICE
 dhcp-option=option:domain-name,strongswan.org
 log-dhcp
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd
deleted file mode 100755
index 4044dcc35..000000000
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop"
-
-depend() {
-	need net
-	need logger
-}
-
-start() {
-	ebegin "Starting DHCP server"
-	start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping DHCP server"
-	start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
-	rm -f /var/state/dhcp/dhcpd.leases
-	touch /var/state/dhcp/dhcpd.leases
-	eend $?
-}
diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
index 1f5487596..f783127bf 100644
--- a/testing/tests/ikev2/dhcp-dynamic/posttest.dat
+++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
@@ -2,9 +2,9 @@ moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
 venus::cat /var/state/dhcp/dhcpd.leases
-venus::/etc/init.d/dhcpd stop 2> /dev/null
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
+venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
 alice::arp -d 10.1.0.50
 alice::arp -d 10.1.0.51
diff --git a/testing/tests/ikev2/dhcp-dynamic/pretest.dat b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
index bd36b4fe3..5670a2e89 100644
--- a/testing/tests/ikev2/dhcp-dynamic/pretest.dat
+++ b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
@@ -1,12 +1,12 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-venus::cat /etc/dhcpd.conf
-venus::/etc/init.d/dhcpd start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+venus::cat /etc/dhcp/dhcpd.conf
+venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
 carol::ipsec start
 dave::ipsec start
 moon::ipsec start
-carol::sleep 2 
+carol::sleep 2
 carol::ipsec up home
 dave::ipsec up home
 carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-dynamic/test.conf b/testing/tests/ikev2/dhcp-dynamic/test.conf
index a2ad7b25f..fd8a59c90 100644
--- a/testing/tests/ikev2/dhcp-dynamic/test.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/test.conf
@@ -1,21 +1,21 @@
 #!/bin/bash
 #
 # This configuration file provides information on the
-# UML instances used for this test
+# guest instances used for this test
 
-# All UML instances that are required for this test
+# All guest instances that are required for this test
 #
-UMLHOSTS="alice venus moon carol winnetou dave"
+VIRTHOSTS="alice venus moon carol winnetou dave"
 
 # Corresponding block diagram
 #
 DIAGRAM="a-v-m-c-w-d.png"
 
-# UML instances on which tcpdump is to be started
+# Guest instances on which tcpdump is to be started
 #
 TCPDUMPHOSTS="moon alice"
 
-# UML instances on which IPsec is started
+# Guest instances on which IPsec is started
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="moon carol dave"