From 49104abddf3d71d5abf5cf75dc7f95fa6c55fa63 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Fri, 26 Oct 2007 14:10:02 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.1.8) --- testing/INSTALL | 8 +- testing/Makefile.am | 11 + testing/Makefile.in | 358 +++++++++++ testing/README | 2 +- testing/do-tests | 661 -------------------- testing/do-tests.in | 663 +++++++++++++++++++++ testing/scripts/build-hostconfig | 4 +- testing/scripts/build-sshkeys | 14 +- testing/scripts/build-umlhostfs | 8 +- testing/scripts/build-umlkernel | 14 +- testing/scripts/build-umlrootfs | 14 +- testing/scripts/function.sh | 5 +- testing/scripts/kstart-umls | 6 +- testing/scripts/load-testconfig | 2 +- testing/scripts/restore-defaults | 2 +- testing/scripts/start-switches | 6 +- testing/scripts/start-umls | 6 +- testing/scripts/xstart-umls | 6 +- testing/stop-testing | 4 +- testing/testing.conf | 6 +- .../dynamic-initiator/hosts/carol/etc/ipsec.conf | 1 + .../dynamic-initiator/hosts/dave/etc/ipsec.conf | 1 + .../dynamic-initiator/hosts/moon/etc/ipsec.conf | 1 + .../dynamic-responder/hosts/carol/etc/ipsec.conf | 1 + .../dynamic-responder/hosts/dave/etc/ipsec.conf | 1 + .../dynamic-responder/hosts/moon/etc/ipsec.conf | 1 + .../dynamic-two-peers/hosts/carol/etc/ipsec.conf | 1 + .../dynamic-two-peers/hosts/dave/etc/ipsec.conf | 1 + .../dynamic-two-peers/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/passthrough/posttest.dat | 2 + testing/tests/ikev1/passthrough/pretest.dat | 3 + .../hosts/carol/etc/ipsec.secrets | 6 +- .../ikev2/config-payload-swapped/evaltest.dat | 4 +- testing/tests/ikev2/config-payload/evaltest.dat | 4 +- .../tests/ikev2/force-udp-encaps/description.txt | 6 + testing/tests/ikev2/force-udp-encaps/evaltest.dat | 6 + .../force-udp-encaps/hosts/alice/etc/ipsec.conf | 24 + .../force-udp-encaps/hosts/sun/etc/init.d/iptables | 76 +++ .../force-udp-encaps/hosts/sun/etc/ipsec.conf | 35 ++ testing/tests/ikev2/force-udp-encaps/posttest.dat | 6 + testing/tests/ikev2/force-udp-encaps/pretest.dat | 11 + testing/tests/ikev2/force-udp-encaps/test.conf | 21 + testing/tests/ikev2/mobike-nat/description.txt | 2 +- testing/tests/ikev2/mobike-nat/evaltest.dat | 12 +- .../ikev2/mobike-nat/hosts/alice/etc/ipsec.conf | 2 +- .../tests/ikev2/mobike-virtual-ip/description.txt | 2 +- testing/tests/ikev2/mobike-virtual-ip/evaltest.dat | 12 +- .../mobike-virtual-ip/hosts/alice/etc/ipsec.conf | 2 +- testing/tests/ikev2/nat-two-rw/evaltest.dat | 2 +- .../ikev2/net2net-cert/hosts/moon/etc/ipsec.conf | 1 + .../ikev2/net2net-cert/hosts/sun/etc/ipsec.conf | 1 + .../ikev2/net2net-psk/hosts/moon/etc/ipsec.conf | 3 +- .../ikev2/net2net-psk/hosts/sun/etc/ipsec.conf | 3 +- .../ikev2/net2net-route/hosts/moon/etc/ipsec.conf | 1 + .../ikev2/net2net-route/hosts/sun/etc/ipsec.conf | 1 + .../ikev2/net2net-start/hosts/moon/etc/ipsec.conf | 1 + .../ikev2/net2net-start/hosts/sun/etc/ipsec.conf | 1 + testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat | 2 +- testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat | 2 +- .../tests/ikev2/virtual-ip-override/evaltest.dat | 4 +- testing/tests/ikev2/virtual-ip/evaltest.dat | 4 +- 61 files changed, 1327 insertions(+), 744 deletions(-) create mode 100644 testing/Makefile.am create mode 100644 testing/Makefile.in delete mode 100755 testing/do-tests create mode 100755 testing/do-tests.in create mode 100644 testing/tests/ikev2/force-udp-encaps/description.txt create mode 100644 testing/tests/ikev2/force-udp-encaps/evaltest.dat create mode 100755 testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/init.d/iptables create mode 100755 testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/force-udp-encaps/posttest.dat create mode 100644 testing/tests/ikev2/force-udp-encaps/pretest.dat create mode 100644 testing/tests/ikev2/force-udp-encaps/test.conf (limited to 'testing') diff --git a/testing/INSTALL b/testing/INSTALL index a48c5a253..4e55ab633 100644 --- a/testing/INSTALL +++ b/testing/INSTALL @@ -53,7 +53,7 @@ are required for the strongSwan testing environment: * A vanilla Linux kernel on which the UML kernel will be based on. We recommend the use of - http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.21.5.tar.bz2 + http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.23.1.tar.bz2 * Starting with Linux kernel 2.6.9 no patch must be applied any more in order to make the vanilla kernel UML-capable. For older kernels you'll find @@ -63,7 +63,7 @@ are required for the strongSwan testing environment: * The matching .config file required to compile the UML kernel: - http://download.strongswan.org/uml/.config-2.6.21 + http://download.strongswan.org/uml/.config-2.6.23 * A gentoo-based UML file system (compressed size 130 MBytes) found at @@ -71,7 +71,7 @@ are required for the strongSwan testing environment: * The latest strongSwan distribution - http://download.strongswan.org/strongswan-4.1.4.tar.gz + http://download.strongswan.org/strongswan-4.1.8.tar.gz 3. Creating the environment @@ -146,5 +146,5 @@ README document. ----------------------------------------------------------------------------- -This file is RCSID $Id: INSTALL,v 1.39 2006/04/24 16:58:03 as Exp $ +This file is RCSID $Id: INSTALL 3308 2007-10-17 03:39:16Z andreas $ diff --git a/testing/Makefile.am b/testing/Makefile.am new file mode 100644 index 000000000..2ce6f2cd0 --- /dev/null +++ b/testing/Makefile.am @@ -0,0 +1,11 @@ +noinst_SCRIPTS = do-tests +CLEANFILES = do-tests +EXTRA_DIST = do-tests.in make-testing start-testing stop-testing \ + testing.conf hosts images scripts tests INSTALL README + +do-tests : do-tests.in + sed \ + -e "s:\@IPSEC_ROUTING_TABLE\@:$(IPSEC_ROUTING_TABLE):" \ + $< > $@ + chmod +x $@ + diff --git a/testing/Makefile.in b/testing/Makefile.in new file mode 100644 index 000000000..234607599 --- /dev/null +++ b/testing/Makefile.in @@ -0,0 +1,358 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = testing +DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + INSTALL +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +SCRIPTS = $(noinst_SCRIPTS) +SOURCES = +DIST_SOURCES = +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ +IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LINUX_HEADERS = @LINUX_HEADERS@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +backenddir = @backenddir@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +confdir = @confdir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbus_CFLAGS = @dbus_CFLAGS@ +dbus_LIBS = @dbus_LIBS@ +docdir = @docdir@ +dvidir = @dvidir@ +eapdir = @eapdir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +interfacedir = @interfacedir@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecuid = @ipsecuid@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linuxdir = @linuxdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +noinst_SCRIPTS = do-tests +CLEANFILES = do-tests +EXTRA_DIST = do-tests.in make-testing start-testing stop-testing \ + testing.conf hosts images scripts tests INSTALL README + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testing/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu testing/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(SCRIPTS) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-exec-am: + +install-html: install-html-am + +install-info: install-info-am + +install-man: + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + distclean distclean-generic distclean-libtool distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am + + +do-tests : do-tests.in + sed \ + -e "s:\@IPSEC_ROUTING_TABLE\@:$(IPSEC_ROUTING_TABLE):" \ + $< > $@ + chmod +x $@ +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/testing/README b/testing/README index e1930a6e3..e594b7865 100644 --- a/testing/README +++ b/testing/README @@ -156,5 +156,5 @@ restored with the command ----------------------------------------------------------------------------- -This file is RCSID $Id: README,v 1.2 2004/12/20 16:26:39 as Exp $ +This file is RCSID $Id: README 3273 2007-10-08 20:18:34Z andreas $ diff --git a/testing/do-tests b/testing/do-tests deleted file mode 100755 index 72379bda0..000000000 --- a/testing/do-tests +++ /dev/null @@ -1,661 +0,0 @@ -#!/bin/bash -# Automatically execute the strongSwan test cases -# -# Copyright (C) 2004 Eric Marchionni, Patrik Rayo -# Zuercher Hochschule Winterthur -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: do-tests,v 1.20 2006/02/08 21:27:59 as Exp $ - -DIR=`dirname $0` - -source $DIR/scripts/function.sh - -[ -f $DIR/testing.conf ] || die "Configuration file 'testing.conf' not found" -[ -d $DIR/hosts ] || die "Directory 'hosts' not found" -[ -d $DIR/tests ] || die "Directory 'tests' not found" - -source $DIR/testing.conf - - -############################################################################## -# test if UMLs have been built at all -# - -[ -d $BUILDDIR ] || die "Directory '$BUILDDIR' does not exist. Please run 'make-testing'first." - - -############################################################################## -# take care of new path and file variables -# - -[ -d $TESTRESULTSDIR ] || mkdir $TESTRESULTSDIR - -TESTDATE=`date +%Y%m%d-%H%M` - -TODAYDIR=$TESTRESULTSDIR/$TESTDATE -mkdir $TODAYDIR -TESTRESULTSHTML=$TODAYDIR/all.html -INDEX=$TODAYDIR/index.html -DEFAULTTESTSDIR=$UMLTESTDIR/testing/tests - -testnumber="0" -failed_cnt="0" -passed_cnt="0" - - -############################################################################## -# copy default tests to $BUILDDIR -# - -TESTSDIR=$BUILDDIR/tests -[ -d $TESTSDIR ] || mkdir $TESTSDIR - -############################################################################## -# assign IP for each host to hostname -# - -for host in $STRONGSWANHOSTS -do - eval ipv4_${host}="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" - eval ipv6_${host}="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" - - case $host in - moon) - eval ipv4_moon1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - eval ipv6_moon1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - ;; - sun) - eval ipv4_sun1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - eval ipv6_sun1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - ;; - alice) - eval ipv4_alice1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - eval ipv6_alice1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - ;; - venus) - ;; - bob) - ;; - carol) - eval ipv4_carol1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - eval ipv6_carol1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - ;; - dave) - eval ipv4_dave1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - eval ipv6_dave1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" - ;; - winnetou) - ;; - esac -done - - -############################################################################## -# create header for the results html file -# - -KERNEL_VERSION=`basename $KERNEL .tar.bz2` -IPSEC_VERSION=`basename $STRONGSWAN .tar.bz2` - -cat > $INDEX <<@EOF - - - strongSwan UML Tests - - -

strongSwan UML Tests

- - - - - - - - - - - - - - - - - - - - - - - -@EOF - -cat $INDEX > $TESTRESULTSHTML -cat >> $TESTRESULTSHTML <<@EOF - - - - - -@EOF - -cecho "UML kernel: $KERNEL_VERSION" -cecho "IPsec: $IPSEC_VERSION" -cecho "Date: $TESTDATE" -cecho "" - - -############################################################################## -# enter specific test directory -# - -if [ $# -gt 0 ] -then - TESTS=$* -elif [ $SELECTEDTESTSONLY = "yes" ] -then - # set internal field seperator - TESTS=$SELECTEDTESTS -else - # set internal field seperator - TESTS="`ls $DEFAULTTESTSDIR`" -fi - -for SUBDIR in $TESTS -do - SUBTESTS="`basename $SUBDIR`" - - if [ $SUBTESTS = $SUBDIR ] - then - SUBTESTS="`ls $DEFAULTTESTSDIR/$SUBDIR`" - else - SUBDIR="`dirname $SUBDIR`" - fi - - if [ ! -d $TODAYDIR/$SUBDIR ] - then - mkdir $TODAYDIR/$SUBDIR - if [ $testnumber == 0 ] - then - FIRST="Category:" >> $INDEX - echo " ">> $INDEX - echo " " >> $INDEX - echo " " >> $INDEX - echo " " >> $INDEX - echo " " >> $INDEX - SUBTESTSINDEX=$TODAYDIR/$SUBDIR/index.html - cat > $SUBTESTSINDEX <<@EOF - - - strongSwan $SUBDIR Tests - - -

strongSwan $SUBDIR Tests

-
Host:`uname -a`
UML kernel:  $KERNEL_VERSION
IPsec:$IPSEC_VERSION
Date:$TESTDATE
    
NumberTestResult
$FIRST$SUBDIRx 
- - - - - - - - - - - - - - - - - - - - - - - -@EOF - fi - - for name in $SUBTESTS - do - let "testnumber += 1" - testname=$SUBDIR/$name - cecho-n " $testnumber $testname.." - - if [ ! -d $DEFAULTTESTSDIR/${testname} ] - then - cecho "is missing..skipped" - continue - fi - - [ -f $DEFAULTTESTSDIR/${testname}/description.txt ] || die "!! File 'description.txt' is missing" - [ -f $DEFAULTTESTSDIR/${testname}/test.conf ] || die "!! File 'test.conf' is missing" - [ -f $DEFAULTTESTSDIR/${testname}/pretest.dat ] || die "!! File 'pretest.dat' is missing" - [ -f $DEFAULTTESTSDIR/${testname}/posttest.dat ] || die "!! File 'posttest.dat' is missing" - [ -f $DEFAULTTESTSDIR/${testname}/evaltest.dat ] || die "!! File 'evaltest.dat' is missing" - - TESTRESULTDIR=$TODAYDIR/$testname - mkdir -p $TESTRESULTDIR - CONSOLE_LOG=$TESTRESULTDIR/console.log - touch $CONSOLE_LOG - - TESTDIR=$TESTSDIR/${testname} - rm -rf $TESTDIR - mkdir -p $TESTDIR - cp -rfp $DEFAULTTESTSDIR/${testname}/* $TESTDIR - - - ############################################################################## - # replace IP wildcards with actual IPv4 and IPv6 addresses - # - - for host in $STRONGSWANHOSTS - do - case $host in - moon) - searchandreplace PH_IP_MOON1 $ipv4_moon1 $TESTDIR - searchandreplace PH_IP_MOON $ipv4_moon $TESTDIR - searchandreplace PH_IP6_MOON1 $ipv6_moon1 $TESTDIR - searchandreplace PH_IP6_MOON $ipv6_moon $TESTDIR - ;; - sun) - searchandreplace PH_IP_SUN1 $ipv4_sun1 $TESTDIR - searchandreplace PH_IP_SUN $ipv4_sun $TESTDIR - searchandreplace PH_IP6_SUN1 $ipv6_sun1 $TESTDIR - searchandreplace PH_IP6_SUN $ipv6_sun $TESTDIR - ;; - alice) - searchandreplace PH_IP_ALICE1 $ipv4_alice1 $TESTDIR - searchandreplace PH_IP_ALICE $ipv4_alice $TESTDIR - searchandreplace PH_IP6_ALICE1 $ipv6_alice1 $TESTDIR - searchandreplace PH_IP6_ALICE $ipv6_alice $TESTDIR - ;; - venus) - searchandreplace PH_IP_VENUS $ipv4_venus $TESTDIR - searchandreplace PH_IP6_VENUS $ipv6_venus $TESTDIR - ;; - bob) - searchandreplace PH_IP_BOB $ipv4_bob $TESTDIR - searchandreplace PH_IPV6_BOB $ipv6_bob $TESTDIR - ;; - carol) - searchandreplace PH_IP_CAROL1 $ipv4_carol1 $TESTDIR - searchandreplace PH_IP_CAROL $ipv4_carol $TESTDIR - searchandreplace PH_IP6_CAROL1 $ipv6_carol1 $TESTDIR - searchandreplace PH_IP6_CAROL $ipv6_carol $TESTDIR - ;; - dave) - searchandreplace PH_IP_DAVE1 $ipv4_dave1 $TESTDIR - searchandreplace PH_IP_DAVE $ipv4_dave $TESTDIR - searchandreplace PH_IP6_DAVE1 $ipv6_dave1 $TESTDIR - searchandreplace PH_IP6_DAVE $ipv6_dave $TESTDIR - ;; - winnetou) - searchandreplace PH_IP_WINNETOU $ipv4_winnetou $TESTDIR - searchandreplace PH_IP6_WINNETOU $ipv6_winnetou $TESTDIR - ;; - esac - done - - - ########################################################################## - # copy test specific configurations to uml hosts and clear auth.log files - # - - $DIR/scripts/load-testconfig $testname - source $TESTDIR/test.conf - - - ########################################################################## - # run tcpdump in the background - # - - if [ "$TCPDUMPHOSTS" != "" ] - then - echo -e "TCPDUMP\n" >> $CONSOLE_LOG 2>&1 - - for host_iface in $TCPDUMPHOSTS - do - host=`echo $host_iface | awk -F ":" '{print $1}'` - iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'` - tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &" - echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG - ssh root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'` - eval TDUP_${host}="true" - done - fi - - - ########################################################################## - # execute pre-test commands - # - - cecho-n "pre.." - echo -e "\nPRE-TEST\n" >> $CONSOLE_LOG 2>&1 - - eval `awk -F "::" '{ - if ($2 != "") - { - printf("echo \"%s# %s\"; ", $1, $2) - printf("ssh root@\044ipv4_%s \"%s\"; ", $1, $2) - printf("echo;\n") - } - }' $TESTDIR/pretest.dat` >> $CONSOLE_LOG 2>&1 - - - ########################################################################## - # stop tcpdump - # - - function stop_tcpdump { - echo "${1}# killall tcpdump" >> $CONSOLE_LOG - eval ssh root@\$ipv4_${1} killall tcpdump - eval TDUP_${1}="false" - echo "" - } - - - ########################################################################## - # get and evaluate test results - # - - cecho-n "test.." - echo -e "\nTEST\n" >> $CONSOLE_LOG 2>&1 - - STATUS="passed" - - eval `awk -F "::" '{ - host=$1 - command=$2 - pattern=$3 - hit=$4 - if (command != "") - { - if (command == "tcpdump") - { - printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host) - printf("echo \"%s# cat /tmp/tcpdump.log | grep \047%s\047 [%s]\"; ", host, pattern, hit) - printf("ssh root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"; ", host, pattern) - } - else - { - printf("echo \"%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit) - printf("ssh root@\044ipv4_%s %s | grep \"%s\"; ", host, command, pattern) - } - printf("cmd_exit=\044?; ") - printf("echo; ") - printf("if [ \044cmd_exit -eq 0 -a \"%s\" = \"NO\" ] ", hit) - printf("|| [ \044cmd_exit -ne 0 -a \"%s\" = \"YES\" ] ", hit) - printf("; then STATUS=\"failed\"; fi; \n") - } - }' $TESTDIR/evaltest.dat` >> $CONSOLE_LOG 2>&1 - - - ########################################################################## - # set counters - # - - if [ $STATUS = "failed" ] - then - let "failed_cnt += 1" - else - let "passed_cnt += 1" - fi - - - ########################################################################## - # log statusall and listall output - # get copies of ipsec.conf, ipsec.secrets - # create index.html for the given test case - - cat > $TESTRESULTDIR/index.html <<@EOF - - - Test $testname - - -
UML kernel:  $KERNEL_VERSION
IPsec:$IPSEC_VERSION
Date:$TESTDATE
    
NumberTestResult
- - -
-

Test $testname

-

Description

-@EOF - - cat $TESTDIR/description.txt >> $TESTRESULTDIR/index.html - - cat >> $TESTRESULTDIR/index.html <<@EOF - - $UMLHOSTS -@EOF - - for host in $IPSECHOSTS - do - eval HOSTLOGIN=root@\$ipv4_${host} - - for command in statusall listall - do - ssh $HOSTLOGIN ipsec $command \ - > $TESTRESULTDIR/${host}.$command 2>/dev/null - done - - for file in ipsec.conf ipsec.secrets - do - scp $HOSTLOGIN:/etc/$file \ - $TESTRESULTDIR/${host}.$file > /dev/null 2>&1 - done - - ssh $HOSTLOGIN ip route list \ - > $TESTRESULTDIR/${host}.iproute 2>/dev/null - ssh $HOSTLOGIN iptables -v -n -L \ - > $TESTRESULTDIR/${host}.iptables 2>/dev/null - cat >> $TESTRESULTDIR/index.html <<@EOF -

$host

- - - - - -
- - - -
-@EOF - - done - - cat >> $TESTRESULTDIR/index.html <<@EOF -
- Back -
- - -@EOF - - - ########################################################################## - # execute post-test commands - # - - cecho-n "post.." - echo -e "\nPOST-TEST\n" >> $CONSOLE_LOG 2>&1 - - eval `awk -F "::" '{ - if ($2 != "") - { - printf("echo \"%s# %s\"; ", $1, $2) - printf("ssh root@\044ipv4_%s \"%s\"; ", $1, $2) - printf("echo;\n") - } - }' $TESTDIR/posttest.dat` >> $CONSOLE_LOG 2>&1 - - - ########################################################################## - # get a copy of /var/log/auth.log - # - - for host in $IPSECHOSTS - do - eval HOSTLOGIN=root@\$ipv4_${host} - ssh $HOSTLOGIN grep pluto /var/log/auth.log \ - > $TESTRESULTDIR/${host}.auth.log - echo >> $TESTRESULTDIR/${host}.auth.log - ssh $HOSTLOGIN grep charon /var/log/auth.log \ - >> $TESTRESULTDIR/${host}.auth.log - done - - - ########################################################################## - # get a copy of /var/log/daemon.log - # - - for host in $IPSECHOSTS - do - eval HOSTLOGIN=root@\$ipv4_${host} - ssh $HOSTLOGIN grep pluto /var/log/daemon.log \ - > $TESTRESULTDIR/${host}.daemon.log - echo >> $TESTRESULTDIR/${host}.daemon.log - ssh $HOSTLOGIN grep charon /var/log/daemon.log \ - >> $TESTRESULTDIR/${host}.daemon.log - done - - - ########################################################################## - # stop tcpdump if necessary - # - - for host in $TCPDUMPHOSTS - do - if [ "`eval echo \\\$TDUP_${host}`" = "true" ] - then - echo "${host}# killall tcpdump" >> $CONSOLE_LOG - eval ssh root@\$ipv4_$host killall tcpdump - eval TDUP_${host}="false" - fi - done - - - ########################################################################## - # copy default host config back if necessary - # - - $DIR/scripts/restore-defaults $testname - - - ########################################################################## - # write test status to html file - # - - if [ $STATUS = "passed" ] - then - COLOR="green" - cecho "\033[1;32m$STATUS" - else - COLOR="red" - cecho "$STATUS" - fi - - cat >> $TESTRESULTSHTML << @EOF - - $testnumber - $testname - $STATUS -   - -@EOF - cat >> $SUBTESTSINDEX << @EOF - - $testnumber - $name - $STATUS -   - -@EOF - - done - -done - - -############################################################################## -# finish the results html file -# - -cat >> $TESTRESULTSHTML << @EOF - -

- Passed:   $passed_cnt
- Failed:   $failed_cnt
-

- - -@EOF - -let "all_cnt = $passed_cnt + $failed_cnt" - -cat >> $INDEX << @EOF - -   - all - $all_cnt -   - - - Failed: -   - $failed_cnt -   - - - - -@EOF - -cecho "" -cecho "\033[1;32mPassed: $passed_cnt" -cecho "Failed: $failed_cnt" -cecho "" - - -############################################################################## -# copy the test results to the apache server -# - -HTDOCS="/var/www/localhost/htdocs" - -cecho-n "Copying test results to winnetou.." -ssh root@${ipv4_winnetou} mkdir -p $HTDOCS/testresults > /dev/null 2>&1 -scp -r $TODAYDIR root@${ipv4_winnetou}:$HTDOCS/testresults > /dev/null 2>&1 -ssh root@${ipv4_winnetou} ln -s $HTDOCS/images $HTDOCS/testresults/$TESTDATE/images > /dev/null 2>&1 -cecho "done" -cecho "" -cecho "The results are available in $TODAYDIR" -cecho "or via the link http://$ipv4_winnetou/testresults/$TESTDATE" diff --git a/testing/do-tests.in b/testing/do-tests.in new file mode 100755 index 000000000..2b26d4517 --- /dev/null +++ b/testing/do-tests.in @@ -0,0 +1,663 @@ +#!/bin/bash +# Automatically execute the strongSwan test cases +# +# Copyright (C) 2004 Eric Marchionni, Patrik Rayo +# Zuercher Hochschule Winterthur +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See . +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# +# RCSID $Id: do-tests.in 3273 2007-10-08 20:18:34Z andreas $ + +DIR=`dirname $0` + +source $DIR/scripts/function.sh + +[ -f $DIR/testing.conf ] || die "Configuration file 'testing.conf' not found" +[ -d $DIR/hosts ] || die "Directory 'hosts' not found" +[ -d $DIR/tests ] || die "Directory 'tests' not found" + +source $DIR/testing.conf + + +############################################################################## +# test if UMLs have been built at all +# + +[ -d $BUILDDIR ] || die "Directory '$BUILDDIR' does not exist. Please run 'make-testing'first." + + +############################################################################## +# take care of new path and file variables +# + +[ -d $TESTRESULTSDIR ] || mkdir $TESTRESULTSDIR + +TESTDATE=`date +%Y%m%d-%H%M` + +TODAYDIR=$TESTRESULTSDIR/$TESTDATE +mkdir $TODAYDIR +TESTRESULTSHTML=$TODAYDIR/all.html +INDEX=$TODAYDIR/index.html +DEFAULTTESTSDIR=$UMLTESTDIR/testing/tests + +SOURCEIP_ROUTING_TABLE=@IPSEC_ROUTING_TABLE@ + +testnumber="0" +failed_cnt="0" +passed_cnt="0" + + +############################################################################## +# copy default tests to $BUILDDIR +# + +TESTSDIR=$BUILDDIR/tests +[ -d $TESTSDIR ] || mkdir $TESTSDIR + +############################################################################## +# assign IP for each host to hostname +# + +for host in $STRONGSWANHOSTS +do + eval ipv4_${host}="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" + eval ipv6_${host}="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" + + case $host in + moon) + eval ipv4_moon1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_moon1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + sun) + eval ipv4_sun1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_sun1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + alice) + eval ipv4_alice1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_alice1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + venus) + ;; + bob) + ;; + carol) + eval ipv4_carol1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_carol1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + dave) + eval ipv4_dave1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_dave1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + winnetou) + ;; + esac +done + + +############################################################################## +# create header for the results html file +# + +KERNEL_VERSION=`basename $KERNEL .tar.bz2` +IPSEC_VERSION=`basename $STRONGSWAN .tar.bz2` + +cat > $INDEX <<@EOF + + + strongSwan UML Tests + + +

strongSwan UML Tests

+ + + + + + + + + + + + + + + + + + + + + + + +@EOF + +cat $INDEX > $TESTRESULTSHTML +cat >> $TESTRESULTSHTML <<@EOF + + + + + +@EOF + +cecho "UML kernel: $KERNEL_VERSION" +cecho "IPsec: $IPSEC_VERSION" +cecho "Date: $TESTDATE" +cecho "" + + +############################################################################## +# enter specific test directory +# + +if [ $# -gt 0 ] +then + TESTS=$* +elif [ $SELECTEDTESTSONLY = "yes" ] +then + # set internal field seperator + TESTS=$SELECTEDTESTS +else + # set internal field seperator + TESTS="`ls $DEFAULTTESTSDIR`" +fi + +for SUBDIR in $TESTS +do + SUBTESTS="`basename $SUBDIR`" + + if [ $SUBTESTS = $SUBDIR ] + then + SUBTESTS="`ls $DEFAULTTESTSDIR/$SUBDIR`" + else + SUBDIR="`dirname $SUBDIR`" + fi + + if [ ! -d $TODAYDIR/$SUBDIR ] + then + mkdir $TODAYDIR/$SUBDIR + if [ $testnumber == 0 ] + then + FIRST="Category:" >> $INDEX + echo " ">> $INDEX + echo " " >> $INDEX + echo " " >> $INDEX + echo " " >> $INDEX + echo " " >> $INDEX + SUBTESTSINDEX=$TODAYDIR/$SUBDIR/index.html + cat > $SUBTESTSINDEX <<@EOF + + + strongSwan $SUBDIR Tests + + +

strongSwan $SUBDIR Tests

+
Host:`uname -a`
UML kernel:  $KERNEL_VERSION
IPsec:$IPSEC_VERSION
Date:$TESTDATE
    
NumberTestResult
$FIRST$SUBDIRx 
+ + + + + + + + + + + + + + + + + + + + + + + +@EOF + fi + + for name in $SUBTESTS + do + let "testnumber += 1" + testname=$SUBDIR/$name + cecho-n " $testnumber $testname.." + + if [ ! -d $DEFAULTTESTSDIR/${testname} ] + then + cecho "is missing..skipped" + continue + fi + + [ -f $DEFAULTTESTSDIR/${testname}/description.txt ] || die "!! File 'description.txt' is missing" + [ -f $DEFAULTTESTSDIR/${testname}/test.conf ] || die "!! File 'test.conf' is missing" + [ -f $DEFAULTTESTSDIR/${testname}/pretest.dat ] || die "!! File 'pretest.dat' is missing" + [ -f $DEFAULTTESTSDIR/${testname}/posttest.dat ] || die "!! File 'posttest.dat' is missing" + [ -f $DEFAULTTESTSDIR/${testname}/evaltest.dat ] || die "!! File 'evaltest.dat' is missing" + + TESTRESULTDIR=$TODAYDIR/$testname + mkdir -p $TESTRESULTDIR + CONSOLE_LOG=$TESTRESULTDIR/console.log + touch $CONSOLE_LOG + + TESTDIR=$TESTSDIR/${testname} + rm -rf $TESTDIR + mkdir -p $TESTDIR + cp -rfp $DEFAULTTESTSDIR/${testname}/* $TESTDIR + + + ############################################################################## + # replace IP wildcards with actual IPv4 and IPv6 addresses + # + + for host in $STRONGSWANHOSTS + do + case $host in + moon) + searchandreplace PH_IP_MOON1 $ipv4_moon1 $TESTDIR + searchandreplace PH_IP_MOON $ipv4_moon $TESTDIR + searchandreplace PH_IP6_MOON1 $ipv6_moon1 $TESTDIR + searchandreplace PH_IP6_MOON $ipv6_moon $TESTDIR + ;; + sun) + searchandreplace PH_IP_SUN1 $ipv4_sun1 $TESTDIR + searchandreplace PH_IP_SUN $ipv4_sun $TESTDIR + searchandreplace PH_IP6_SUN1 $ipv6_sun1 $TESTDIR + searchandreplace PH_IP6_SUN $ipv6_sun $TESTDIR + ;; + alice) + searchandreplace PH_IP_ALICE1 $ipv4_alice1 $TESTDIR + searchandreplace PH_IP_ALICE $ipv4_alice $TESTDIR + searchandreplace PH_IP6_ALICE1 $ipv6_alice1 $TESTDIR + searchandreplace PH_IP6_ALICE $ipv6_alice $TESTDIR + ;; + venus) + searchandreplace PH_IP_VENUS $ipv4_venus $TESTDIR + searchandreplace PH_IP6_VENUS $ipv6_venus $TESTDIR + ;; + bob) + searchandreplace PH_IP_BOB $ipv4_bob $TESTDIR + searchandreplace PH_IPV6_BOB $ipv6_bob $TESTDIR + ;; + carol) + searchandreplace PH_IP_CAROL1 $ipv4_carol1 $TESTDIR + searchandreplace PH_IP_CAROL $ipv4_carol $TESTDIR + searchandreplace PH_IP6_CAROL1 $ipv6_carol1 $TESTDIR + searchandreplace PH_IP6_CAROL $ipv6_carol $TESTDIR + ;; + dave) + searchandreplace PH_IP_DAVE1 $ipv4_dave1 $TESTDIR + searchandreplace PH_IP_DAVE $ipv4_dave $TESTDIR + searchandreplace PH_IP6_DAVE1 $ipv6_dave1 $TESTDIR + searchandreplace PH_IP6_DAVE $ipv6_dave $TESTDIR + ;; + winnetou) + searchandreplace PH_IP_WINNETOU $ipv4_winnetou $TESTDIR + searchandreplace PH_IP6_WINNETOU $ipv6_winnetou $TESTDIR + ;; + esac + done + + + ########################################################################## + # copy test specific configurations to uml hosts and clear auth.log files + # + + $DIR/scripts/load-testconfig $testname + source $TESTDIR/test.conf + + + ########################################################################## + # run tcpdump in the background + # + + if [ "$TCPDUMPHOSTS" != "" ] + then + echo -e "TCPDUMP\n" >> $CONSOLE_LOG 2>&1 + + for host_iface in $TCPDUMPHOSTS + do + host=`echo $host_iface | awk -F ":" '{print $1}'` + iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'` + tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &" + echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG + ssh root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'` + eval TDUP_${host}="true" + done + fi + + + ########################################################################## + # execute pre-test commands + # + + cecho-n "pre.." + echo -e "\nPRE-TEST\n" >> $CONSOLE_LOG 2>&1 + + eval `awk -F "::" '{ + if ($2 != "") + { + printf("echo \"%s# %s\"; ", $1, $2) + printf("ssh root@\044ipv4_%s \"%s\"; ", $1, $2) + printf("echo;\n") + } + }' $TESTDIR/pretest.dat` >> $CONSOLE_LOG 2>&1 + + + ########################################################################## + # stop tcpdump + # + + function stop_tcpdump { + echo "${1}# killall tcpdump" >> $CONSOLE_LOG + eval ssh root@\$ipv4_${1} killall tcpdump + eval TDUP_${1}="false" + echo "" + } + + + ########################################################################## + # get and evaluate test results + # + + cecho-n "test.." + echo -e "\nTEST\n" >> $CONSOLE_LOG 2>&1 + + STATUS="passed" + + eval `awk -F "::" '{ + host=$1 + command=$2 + pattern=$3 + hit=$4 + if (command != "") + { + if (command == "tcpdump") + { + printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host) + printf("echo \"%s# cat /tmp/tcpdump.log | grep \047%s\047 [%s]\"; ", host, pattern, hit) + printf("ssh root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"; ", host, pattern) + } + else + { + printf("echo \"%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit) + printf("ssh root@\044ipv4_%s %s | grep \"%s\"; ", host, command, pattern) + } + printf("cmd_exit=\044?; ") + printf("echo; ") + printf("if [ \044cmd_exit -eq 0 -a \"%s\" = \"NO\" ] ", hit) + printf("|| [ \044cmd_exit -ne 0 -a \"%s\" = \"YES\" ] ", hit) + printf("; then STATUS=\"failed\"; fi; \n") + } + }' $TESTDIR/evaltest.dat` >> $CONSOLE_LOG 2>&1 + + + ########################################################################## + # set counters + # + + if [ $STATUS = "failed" ] + then + let "failed_cnt += 1" + else + let "passed_cnt += 1" + fi + + + ########################################################################## + # log statusall and listall output + # get copies of ipsec.conf, ipsec.secrets + # create index.html for the given test case + + cat > $TESTRESULTDIR/index.html <<@EOF + + + Test $testname + + +
UML kernel:  $KERNEL_VERSION
IPsec:$IPSEC_VERSION
Date:$TESTDATE
    
NumberTestResult
+ + +
+

Test $testname

+

Description

+@EOF + + cat $TESTDIR/description.txt >> $TESTRESULTDIR/index.html + + cat >> $TESTRESULTDIR/index.html <<@EOF + + $UMLHOSTS +@EOF + + for host in $IPSECHOSTS + do + eval HOSTLOGIN=root@\$ipv4_${host} + + for command in statusall listall + do + ssh $HOSTLOGIN ipsec $command \ + > $TESTRESULTDIR/${host}.$command 2>/dev/null + done + + for file in ipsec.conf ipsec.secrets + do + scp $HOSTLOGIN:/etc/$file \ + $TESTRESULTDIR/${host}.$file > /dev/null 2>&1 + done + + ssh $HOSTLOGIN ip route list table $SOURCEIP_ROUTING_TABLE \ + > $TESTRESULTDIR/${host}.iproute 2>/dev/null + ssh $HOSTLOGIN iptables -v -n -L \ + > $TESTRESULTDIR/${host}.iptables 2>/dev/null + cat >> $TESTRESULTDIR/index.html <<@EOF +

$host

+ + + + + +
+ + + +
+@EOF + + done + + cat >> $TESTRESULTDIR/index.html <<@EOF +
+ Back +
+ + +@EOF + + + ########################################################################## + # execute post-test commands + # + + cecho-n "post.." + echo -e "\nPOST-TEST\n" >> $CONSOLE_LOG 2>&1 + + eval `awk -F "::" '{ + if ($2 != "") + { + printf("echo \"%s# %s\"; ", $1, $2) + printf("ssh root@\044ipv4_%s \"%s\"; ", $1, $2) + printf("echo;\n") + } + }' $TESTDIR/posttest.dat` >> $CONSOLE_LOG 2>&1 + + + ########################################################################## + # get a copy of /var/log/auth.log + # + + for host in $IPSECHOSTS + do + eval HOSTLOGIN=root@\$ipv4_${host} + ssh $HOSTLOGIN grep pluto /var/log/auth.log \ + > $TESTRESULTDIR/${host}.auth.log + echo >> $TESTRESULTDIR/${host}.auth.log + ssh $HOSTLOGIN grep charon /var/log/auth.log \ + >> $TESTRESULTDIR/${host}.auth.log + done + + + ########################################################################## + # get a copy of /var/log/daemon.log + # + + for host in $IPSECHOSTS + do + eval HOSTLOGIN=root@\$ipv4_${host} + ssh $HOSTLOGIN grep pluto /var/log/daemon.log \ + > $TESTRESULTDIR/${host}.daemon.log + echo >> $TESTRESULTDIR/${host}.daemon.log + ssh $HOSTLOGIN grep charon /var/log/daemon.log \ + >> $TESTRESULTDIR/${host}.daemon.log + done + + + ########################################################################## + # stop tcpdump if necessary + # + + for host in $TCPDUMPHOSTS + do + if [ "`eval echo \\\$TDUP_${host}`" = "true" ] + then + echo "${host}# killall tcpdump" >> $CONSOLE_LOG + eval ssh root@\$ipv4_$host killall tcpdump + eval TDUP_${host}="false" + fi + done + + + ########################################################################## + # copy default host config back if necessary + # + + $DIR/scripts/restore-defaults $testname + + + ########################################################################## + # write test status to html file + # + + if [ $STATUS = "passed" ] + then + COLOR="green" + cecho "\033[1;32m$STATUS" + else + COLOR="red" + cecho "$STATUS" + fi + + cat >> $TESTRESULTSHTML << @EOF + + $testnumber + $testname + $STATUS +   + +@EOF + cat >> $SUBTESTSINDEX << @EOF + + $testnumber + $name + $STATUS +   + +@EOF + + done + +done + + +############################################################################## +# finish the results html file +# + +cat >> $TESTRESULTSHTML << @EOF + +

+ Passed:   $passed_cnt
+ Failed:   $failed_cnt
+

+ + +@EOF + +let "all_cnt = $passed_cnt + $failed_cnt" + +cat >> $INDEX << @EOF + +   + all + $all_cnt +   + + + Failed: +   + $failed_cnt +   + + + + +@EOF + +cecho "" +cecho "\033[1;32mPassed: $passed_cnt" +cecho "Failed: $failed_cnt" +cecho "" + + +############################################################################## +# copy the test results to the apache server +# + +HTDOCS="/var/www/localhost/htdocs" + +cecho-n "Copying test results to winnetou.." +ssh root@${ipv4_winnetou} mkdir -p $HTDOCS/testresults > /dev/null 2>&1 +scp -r $TODAYDIR root@${ipv4_winnetou}:$HTDOCS/testresults > /dev/null 2>&1 +ssh root@${ipv4_winnetou} ln -s $HTDOCS/images $HTDOCS/testresults/$TESTDATE/images > /dev/null 2>&1 +cgecho "done" +cecho "" +cecho "The results are available in $TODAYDIR" +cecho "or via the link http://$ipv4_winnetou/testresults/$TESTDATE" diff --git a/testing/scripts/build-hostconfig b/testing/scripts/build-hostconfig index 0c2afd2c2..5d1c83060 100755 --- a/testing/scripts/build-hostconfig +++ b/testing/scripts/build-hostconfig @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-hostconfig,v 1.3 2005/02/08 10:40:48 as Exp $ +# RCSID $Id: build-hostconfig 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -121,4 +121,4 @@ do esac done -cecho "done" +cgecho "done" diff --git a/testing/scripts/build-sshkeys b/testing/scripts/build-sshkeys index 23f62e005..a26f0162c 100755 --- a/testing/scripts/build-sshkeys +++ b/testing/scripts/build-sshkeys @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-sshkeys,v 1.2 2005/02/15 14:12:16 as Exp $ +# RCSID $Id: build-sshkeys 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -37,25 +37,25 @@ if [ ! -f $LOGFILE ] then cecho-n " * Logfile '$LOGFILE' does not exist..creating.." touch $LOGFILE - cecho "done" + cgecho "done" fi if [ ! -d ~/.ssh ] then cecho-n " * Creating directory '~/.ssh'.." mkdir ~/.ssh - cecho "done" + cgecho "done" fi if [ -f ~/.ssh/known_hosts ] then cecho-n " * Backing up ~/.ssh/known_hosts to '~/.ssh/known_hosts.before_uml'.." cp -fp ~/.ssh/known_hosts ~/.ssh/known_hosts.before_uml - cecho "done" + cgecho "done" else cecho-n " * Creating '~/.ssh/known_hosts'" touch ~/.ssh/known_hosts - cecho "done" + cgecho "done" fi for host in $HOSTNAMEIPV4 @@ -68,7 +68,7 @@ do else cecho-n " * Adding uml host $HOSTNAME ($IP) to '~/.ssh/known_hosts'.." echo "$HOSTNAME,$IP `cat $DIR/../hosts/ssh_host_rsa_key.pub`" >> ~/.ssh/known_hosts - cecho "done" + cgecho "done" fi done @@ -84,5 +84,5 @@ else cecho "not found" cecho-n " * Generating ssh rsa key pair.." echo "" | ssh-keygen -N "" -t rsa -f ~/.ssh/id_rsa >> $LOGFILE 2>&1 - cecho "done" + cgecho "done" fi diff --git a/testing/scripts/build-umlhostfs b/testing/scripts/build-umlhostfs index 69ad9fe02..c73ce00d0 100755 --- a/testing/scripts/build-umlhostfs +++ b/testing/scripts/build-umlhostfs @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-umlhostfs,v 1.3 2006/03/30 21:20:27 as Exp $ +# RCSID $Id: build-umlhostfs 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -32,7 +32,7 @@ if [ ! -d $BUILDDIR ] then cecho-n " * Directory '$BUILDDIR' does not exist..creating.." mkdir $BUILDDIR - cecho "done" + cgecho "done" fi LOGFILE=${BUILDDIR}/testing.log @@ -41,7 +41,7 @@ if [ ! -f $LOGFILE ] then cecho-n " * Logfile '$LOGFILE' does not exist..creating.." touch $LOGFILE - cecho "done" + cgecho "done" fi LOOPDIR=loop @@ -76,4 +76,4 @@ do umount $LOOPDIR done -cecho "done" +cgecho "done" diff --git a/testing/scripts/build-umlkernel b/testing/scripts/build-umlkernel index 074d7847a..61dee8ff5 100755 --- a/testing/scripts/build-umlkernel +++ b/testing/scripts/build-umlkernel @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-umlkernel,v 1.2 2005/01/09 21:54:25 as Exp $ +# RCSID $Id: build-umlkernel 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -75,12 +75,12 @@ if [ ! -f $LOGFILE ] then cecho-n " * Logfile '$LOGFILE' does not exist..creating.." touch $LOGFILE - cecho "done" + cgecho "done" fi cecho-n " * Unpacking kernel.." tar xjf $KERNEL >> $LOGFILE 2>&1 -cecho "done" +cgecho "done" KERNELDIR=${BUILDDIR}/linux-${KERNELVERSION} @@ -109,7 +109,7 @@ if [ $UMLPATCH ] then cecho-n " * Applying uml patch.." bzcat $UMLPATCH | patch -p1 >> $LOGFILE 2>&1 - cecho "done" + cgecho "done" fi ####################################################### @@ -125,10 +125,8 @@ make oldconfig ARCH=um >> $LOGFILE 2>&1 cecho-n " * Now compiling uml kernel.." make linux ARCH=um >> $LOGFILE 2>&1 -cecho "done" +cgecho "done" cecho-n " * Copying uml kernel to '${BUILDDIR}/linux-uml-${KERNELVERSION}'.." mv linux ${BUILDDIR}/linux-uml-${KERNELVERSION} -cecho "done" - - +cgecho "done" diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs index f839e3e8e..3498f216e 100755 --- a/testing/scripts/build-umlrootfs +++ b/testing/scripts/build-umlrootfs @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-umlrootfs,v 1.11 2006/01/08 22:29:56 as Exp $ +# RCSID $Id: build-umlrootfs 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -57,7 +57,7 @@ if [ ! -f $LOGFILE ] then cecho-n " * Logfile '$LOGFILE' does not exist..creating.." touch $LOGFILE - cecho "done" + cgecho "done" fi ROOTFSDIR=$BUILDDIR/root-fs @@ -66,7 +66,7 @@ if [ ! -d $ROOTFSDIR ] then cecho-n " * Root file system directory '$ROOTFSDIR' does not exist..creating.." mkdir $ROOTFSDIR - cecho "done" + cgecho "done" fi cd $ROOTFSDIR @@ -87,7 +87,7 @@ dd if=/dev/zero of=gentoo-fs count=$ROOTFSSIZE bs=1M >> $LOGFILE 2>&1 mkreiserfs -q -f gentoo-fs >> $LOGFILE 2>&1 mount -o loop gentoo-fs $LOOPDIR >> $LOGFILE 2>&1 tar xjpf $ROOTFS -C $LOOPDIR >> $LOGFILE 2>&1 -cecho "done" +cgecho "done" ###################################################### # remove /etc/resolv.conf @@ -129,6 +129,8 @@ echo "ln -sf /usr/share/zoneinfo/${TZUML} /etc/localtime" >> $INSTALLSHELL echo "cd /root/${STRONGSWANVERSION}" >> $INSTALLSHELL echo -n "./configure --sysconfdir=/etc" >> $INSTALLSHELL echo -n " --with-random-device=/dev/urandom" >> $INSTALLSHELL +echo -n " --enable-integrity-test" >> $INSTALLSHELL + if [ "$USE_LIBCURL" = "yes" ] then echo -n " --enable-http" >> $INSTALLSHELL @@ -150,10 +152,8 @@ echo "ldconfig" >> $INSTALLSHELL cecho-n " * Compiling $STRONGSWANVERSION within the root file system as chroot.." chroot $LOOPDIR /bin/bash /install.sh >> $LOGFILE 2>&1 -cecho "done" - rm -f $INSTALLSHELL - +cgecho "done" ###################################################### # copying the host's ssh public key diff --git a/testing/scripts/function.sh b/testing/scripts/function.sh index aa944924c..f147e782e 100755 --- a/testing/scripts/function.sh +++ b/testing/scripts/function.sh @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: function.sh,v 1.3 2005/02/16 22:20:52 as Exp $ +# RCSID $Id: function.sh 3273 2007-10-08 20:18:34Z andreas $ ############################################ @@ -24,6 +24,9 @@ function cecho { echo -e "\033[1;31m$1\033[0m" } +function cgecho { + echo -e "\033[1;32m$1\033[0m" +} function cecho-n { echo -en "\033[1;31m$1\033[0m" diff --git a/testing/scripts/kstart-umls b/testing/scripts/kstart-umls index eeaa959e8..91ec00b60 100755 --- a/testing/scripts/kstart-umls +++ b/testing/scripts/kstart-umls @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: kstart-umls,v 1.6 2005/08/30 22:13:12 as Exp $ +# RCSID $Id: kstart-umls 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -68,7 +68,7 @@ do ubda=$UMLHOSTFS \ \$SWITCH_${host} \ mem=${MEM}M con=pty con0=fd:0,fd:1" & - cecho "\033[1;32mdone" + cgecho "done" fi let "x0+=dx" let "y0+=dy" @@ -114,7 +114,7 @@ do cecho "exit" exit 1 else - cecho "\033[1;32mup" + cgecho "up" fi done diff --git a/testing/scripts/load-testconfig b/testing/scripts/load-testconfig index 6558018c2..e4dd63d59 100755 --- a/testing/scripts/load-testconfig +++ b/testing/scripts/load-testconfig @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: load-testconfig,v 1.2 2004/12/13 21:02:42 as Exp $ +# RCSID $Id: load-testconfig 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` diff --git a/testing/scripts/restore-defaults b/testing/scripts/restore-defaults index b1dae1ea2..dc2ebb312 100755 --- a/testing/scripts/restore-defaults +++ b/testing/scripts/restore-defaults @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: restore-defaults,v 1.2 2004/12/20 07:56:33 as Exp $ +# RCSID $Id: restore-defaults 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` diff --git a/testing/scripts/start-switches b/testing/scripts/start-switches index aab82b8ff..118a2250e 100755 --- a/testing/scripts/start-switches +++ b/testing/scripts/start-switches @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: start-switches,v 1.2 2004/12/19 19:17:25 as Exp $ +# RCSID $Id: start-switches 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -31,9 +31,9 @@ do cecho " * Great, umlswitch$n is already running!" else cecho-n " * Starting umlswitch$n.." - uml_switch -tap tap$n -unix /tmp/umlswitch$n >/dev/null 2>&1 /dev/null 2>&1 /dev/null done -cecho "\033[1;32mdone" +cgecho "done" ##################################################### # Shutting down the uml switches @@ -47,5 +47,5 @@ cecho "\033[1;32mdone" cecho-n " * Stopping the UML switches.." killall uml_switch &> /dev/null rm -f /tmp/umlswitch[012] &> /dev/null 2>&1 -cecho "\033[1;32mdone" +cgecho "done" diff --git a/testing/testing.conf b/testing/testing.conf index 8c97cc3a4..aecedd7ae 100755 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -21,20 +21,20 @@ UMLTESTDIR=~/strongswan-testing # Bzipped kernel sources # (file extension .tar.bz2 required) -KERNEL=$UMLTESTDIR/linux-2.6.21.5.tar.bz2 +KERNEL=$UMLTESTDIR/linux-2.6.22.1.tar.bz2 # Extract kernel version KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'` # Kernel configuration file -KERNELCONFIG=$UMLTESTDIR/.config-2.6.21 +KERNELCONFIG=$UMLTESTDIR/.config-2.6.22 # Bzipped uml patch for kernel # (not needed anymore for 2.6.9 kernel or higher) #UMLPATCH=$UMLTESTDIR/uml_jmpbuf-2.6.18.patch.bz2 # Bzipped source of strongSwan -STRONGSWAN=$UMLTESTDIR/strongswan-4.1.4.tar.bz2 +STRONGSWAN=$UMLTESTDIR/strongswan-4.1.7.tar.bz2 # strongSwan compile options (use "yes" or "no") USE_LIBCURL="yes" diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf index ba6f7bfe9..d8b885a88 100755 --- a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf index ba6f7bfe9..d8b885a88 100755 --- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf index 2658293ac..bf39d7527 100755 --- a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf @@ -12,6 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 left=%defaultroute + leftnexthop=%direct leftsubnet=10.1.0.0/16 leftsourceip=PH_IP_MOON1 leftcert=moonCert.pem diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf index ba6f7bfe9..d8b885a88 100755 --- a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf index ba6f7bfe9..d8b885a88 100755 --- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf index 2658293ac..bf39d7527 100755 --- a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf @@ -12,6 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 left=%defaultroute + leftnexthop=%direct leftsubnet=10.1.0.0/16 leftsourceip=PH_IP_MOON1 leftcert=moonCert.pem diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf index 41123c9d6..1f964d0de 100755 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf index 2ba4db724..c098ffd90 100755 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_DAVE1 leftcert=daveCert.pem leftid=dave@strongswan.org diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf index 50c3a6a69..45ec8094b 100755 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf @@ -12,6 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 left=%defaultroute + leftnexthop=%direct leftsubnet=10.1.0.0/16 leftsourceip=PH_IP_MOON1 leftcert=moonCert.pem diff --git a/testing/tests/ikev1/passthrough/posttest.dat b/testing/tests/ikev1/passthrough/posttest.dat index 5a9150bc8..db17f4c65 100644 --- a/testing/tests/ikev1/passthrough/posttest.dat +++ b/testing/tests/ikev1/passthrough/posttest.dat @@ -1,4 +1,6 @@ moon::ipsec stop sun::ipsec stop +moon::ip route flush table 50 +moon::ip rule del table 50 moon::/etc/init.d/iptables stop 2> /dev/null sun::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev1/passthrough/pretest.dat b/testing/tests/ikev1/passthrough/pretest.dat index 2606db192..6b5295469 100644 --- a/testing/tests/ikev1/passthrough/pretest.dat +++ b/testing/tests/ikev1/passthrough/pretest.dat @@ -2,6 +2,9 @@ moon::/etc/init.d/iptables start 2> /dev/null sun::/etc/init.d/iptables start 2> /dev/null moon::iptables -I INPUT -i eth1 -s 10.1.0.0/16 -j ACCEPT moon::iptables -I OUTPUT -o eth1 -d 10.1.0.0/16 -j ACCEPT +moon::ip rule add pref 50 table 50 +moon::ip route add 192.168.0.254 via PH_IP_MOON table 50 +moon::ip route add 10.1.0.0/16 via PH_IP_MOON1 table 50 moon::ipsec start sun::ipsec start moon::sleep 2 diff --git a/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets index 70ea1dab6..d2bba2f4c 100644 --- a/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets @@ -1,5 +1,9 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL +carol@strongswan.org @dave.strongswan.org : PSK 0sqc1FhzwoUSbpjYUSp8I6qUdxDacxLCTq + +carol@strongswan.org @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL + +carol@strongswan.org @sun.strongswan.org : PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5 : XAUTH carol "4iChxLT3" diff --git a/testing/tests/ikev2/config-payload-swapped/evaltest.dat b/testing/tests/ikev2/config-payload-swapped/evaltest.dat index 40cb4339b..73d5ea206 100644 --- a/testing/tests/ikev2/config-payload-swapped/evaltest.dat +++ b/testing/tests/ikev2/config-payload-swapped/evaltest.dat @@ -1,11 +1,11 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES -carol::ip route list dev eth0::10.1.0.0/16.*src PH_IP_CAROL1::YES +carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list dev eth0::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave::ipsec status::home.*INSTALLED::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec status::rw-carol.*INSTALLED::YES diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat index 40cb4339b..73d5ea206 100644 --- a/testing/tests/ikev2/config-payload/evaltest.dat +++ b/testing/tests/ikev2/config-payload/evaltest.dat @@ -1,11 +1,11 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES -carol::ip route list dev eth0::10.1.0.0/16.*src PH_IP_CAROL1::YES +carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list dev eth0::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave::ipsec status::home.*INSTALLED::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec status::rw-carol.*INSTALLED::YES diff --git a/testing/tests/ikev2/force-udp-encaps/description.txt b/testing/tests/ikev2/force-udp-encaps/description.txt new file mode 100644 index 000000000..a079363cf --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/description.txt @@ -0,0 +1,6 @@ +The roadwarrior alice sitting behind the NAT router moon sets up a tunnel to +gateway sun. Since the firewall on sun blocks the ESP protocol, enforced UDP +encapsulation (forceencaps=yes) is used by alice to punch through this hurdle. +leftfirewall=yes automatically inserts iptables-based firewall rules that let pass +the tunneled traffic. In order to test the tunnel, host alice pings the +client bob behind the gateway sun. diff --git a/testing/tests/ikev2/force-udp-encaps/evaltest.dat b/testing/tests/ikev2/force-udp-encaps/evaltest.dat new file mode 100644 index 000000000..35f01d491 --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/evaltest.dat @@ -0,0 +1,6 @@ +alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES +alice::ipsec statusall::nat-t.*INSTALLED::YES +sun::ipsec statusall::nat-t.*INSTALLED::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES +moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > alice.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf new file mode 100755 index 000000000..2074646cc --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn nat-t + left=%defaultroute + leftcert=aliceCert.pem + leftid=alice@strongswan.org + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + forceencaps=yes + auto=add diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/init.d/iptables b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/init.d/iptables new file mode 100755 index 000000000..5bb63f5ac --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/init.d/iptables @@ -0,0 +1,76 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow IKE + iptables -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT + + # allow NAT-T + iptables -A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..a2c168601 --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf @@ -0,0 +1,35 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftfirewall=yes + +conn net-net + leftsubnet=10.2.0.0/16 + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add + +conn host-host + right=PH_IP_MOON + rightid=@moon.strongswan.org + auto=add + +conn nat-t + leftsubnet=10.2.0.0/16 + right=%any + rightsubnet=10.1.0.10/32 + auto=add diff --git a/testing/tests/ikev2/force-udp-encaps/posttest.dat b/testing/tests/ikev2/force-udp-encaps/posttest.dat new file mode 100644 index 000000000..979f2fcd0 --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/posttest.dat @@ -0,0 +1,6 @@ +alice::ipsec stop +sun::ipsec stop +alice::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null +sun::ip route del 10.1.0.0/16 via PH_IP_MOON +winnetou::ip route del 10.1.0.0/16 via PH_IP_MOON diff --git a/testing/tests/ikev2/force-udp-encaps/pretest.dat b/testing/tests/ikev2/force-udp-encaps/pretest.dat new file mode 100644 index 000000000..6f00cd387 --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/pretest.dat @@ -0,0 +1,11 @@ +alice::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +sun::ip route add 10.1.0.0/16 via PH_IP_MOON +winnetou::ip route add 10.1.0.0/16 via PH_IP_MOON +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +alice::ipsec start +sun::ipsec start +alice::sleep 4 +alice::ipsec up nat-t +alice::sleep 1 + diff --git a/testing/tests/ikev2/force-udp-encaps/test.conf b/testing/tests/ikev2/force-udp-encaps/test.conf new file mode 100644 index 000000000..d84149aaf --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="alice sun" diff --git a/testing/tests/ikev2/mobike-nat/description.txt b/testing/tests/ikev2/mobike-nat/description.txt index dd8a3a11a..ba8fc5bf0 100644 --- a/testing/tests/ikev2/mobike-nat/description.txt +++ b/testing/tests/ikev2/mobike-nat/description.txt @@ -4,4 +4,4 @@ via an additional eth1 interface. alice builds up a tunnel to gate in order to reach bob in the subnet behind. When the eth1 interface goes away, alice switches to eth0 and signals the IP address change via a MOBIKE ADDRESS_UPDATE notification to peer sun. alice sets -a virtual IP of PH_IP_ALICE, so that the IPsec policies don't have to be changed. +a virtual IP of 10.3.0.3, so that the IPsec policies don't have to be changed. diff --git a/testing/tests/ikev2/mobike-nat/evaltest.dat b/testing/tests/ikev2/mobike-nat/evaltest.dat index f6259cfb6..541b218d0 100644 --- a/testing/tests/ikev2/mobike-nat/evaltest.dat +++ b/testing/tests/ikev2/mobike-nat/evaltest.dat @@ -1,16 +1,16 @@ alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES +sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES +sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::moon.strongswan.org.*sun.strongswan.org.*: UDP-encap: ESP::YES moon::tcpdump::sun.strongswan.org.*moon.strongswan.org.*: UDP-encap: ESP::YES -bob::tcpdump::alice.strongswan.org.*bob.strongswan.org.*ICMP echo request::YES -bob::tcpdump::bob.strongswan.org.*alice.strongswan.org.*ICMP echo reply::YES +bob::tcpdump::10.3.0.3.*bob.strongswan.org.*ICMP echo request::YES +bob::tcpdump::bob.strongswan.org.*10.3.0.3.*ICMP echo reply::YES diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf index e05356b39..e9abfdac8 100755 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf @@ -14,7 +14,7 @@ conn %default conn mobike left=PH_IP_ALICE1 - leftsourceip=PH_IP_ALICE + leftsourceip=10.3.0.3 leftcert=aliceCert.pem leftid=alice@strongswan.org leftfirewall=yes diff --git a/testing/tests/ikev2/mobike-virtual-ip/description.txt b/testing/tests/ikev2/mobike-virtual-ip/description.txt index 997c7f3e8..df5612727 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/description.txt +++ b/testing/tests/ikev2/mobike-virtual-ip/description.txt @@ -4,4 +4,4 @@ via an additional eth1 interface. alice builds up a tunnel to gate in order to reach bob in the subnet behind. When the eth1 interface goes away, alice switches to eth0 and signals the IP address change via a MOBIKE ADDRESS_UPDATE notification to peer sun. alice sets -a virtual IP of PH_IP_ALICE, so that the IPsec policies don't have to be changed. +a virtual IP of 10.3.0.3, so that the IPsec policies don't have to be changed. diff --git a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat index 482cef866..5be507d2e 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat @@ -1,16 +1,16 @@ alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES +sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES +sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::alice.strongswan.org.*sun.strongswan.org.*: ESP::YES moon::tcpdump::sun.strongswan.org.*alice.strongswan.org.*: ESP::YES -bob::tcpdump::alice.strongswan.org.*bob.strongswan.org.*ICMP echo request::YES -bob::tcpdump::bob.strongswan.org.*alice.strongswan.org.*ICMP echo reply::YES +bob::tcpdump::10.3.0.3.*bob.strongswan.org.*ICMP echo request::YES +bob::tcpdump::bob.strongswan.org.*10.3.0.3.*ICMP echo reply::YES diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf index e05356b39..e9abfdac8 100755 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf @@ -14,7 +14,7 @@ conn %default conn mobike left=PH_IP_ALICE1 - leftsourceip=PH_IP_ALICE + leftsourceip=10.3.0.3 leftcert=aliceCert.pem leftid=alice@strongswan.org leftfirewall=yes diff --git a/testing/tests/ikev2/nat-two-rw/evaltest.dat b/testing/tests/ikev2/nat-two-rw/evaltest.dat index 28d5b5289..bd0a4b52b 100644 --- a/testing/tests/ikev2/nat-two-rw/evaltest.dat +++ b/testing/tests/ikev2/nat-two-rw/evaltest.dat @@ -2,7 +2,7 @@ alice::ipsec statusall::nat-t.*INSTALLED::YES venus::ipsec statusall::nat-t.*INSTALLED::YES sun::ipsec statusall::nat-t.*INSTALLED::YES sun::ipsec status::alice@strongswan.org::YES -sun::ipsec status::@venus.strongswan.org::YES +sun::ipsec status::venus.strongswan.org::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf index e86ed4f72..562f26826 100755 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf index ea55d2edb..24e5df519 100755 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf index 55fe84bc3..15d8ddb11 100755 --- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf @@ -10,7 +10,8 @@ conn %default keyingtries=1 authby=secret keyexchange=ikev2 - + mobike=no + conn net-net left=PH_IP_MOON leftsubnet=10.1.0.0/16 diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf index 063f23b29..e145d9974 100755 --- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf @@ -10,7 +10,8 @@ conn %default keyingtries=1 authby=secret keyexchange=ikev2 - + mobike=no + conn net-net left=PH_IP_SUN leftsubnet=10.2.0.0/16 diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf index fe75ede89..8a2f8b77c 100755 --- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf index ea55d2edb..24e5df519 100755 --- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf index 77abdcdd1..1cc812864 100755 --- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf index ea55d2edb..24e5df519 100755 --- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat index f7f9dc51d..1ce38fc6a 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat @@ -3,7 +3,7 @@ moon::cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre- moon::ipsec statusall::rw-psk.*INSTALLED::YES carol::ipsec statusall::home.*ESTABLISHED::YES moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::authentication of '@moon.strongswan.org' (myself) with RSA signature::YES +moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature::YES moon::ipsec statusall::rw-rsasig.*INSTALLED::YES dave::ipsec statusall::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES diff --git a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat index c0fd8b16b..8c7d2e9ea 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat @@ -1,6 +1,6 @@ moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES -moon::cat /var/log/daemon.log::authentication of '@moon.strongswan.org' (myself) with RSA signature::YES +moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature::YES moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*ESTABLISHED::YES dave::ipsec statusall::home.*ESTABLISHED::YES diff --git a/testing/tests/ikev2/virtual-ip-override/evaltest.dat b/testing/tests/ikev2/virtual-ip-override/evaltest.dat index 5216a53bb..34ccb76ca 100644 --- a/testing/tests/ikev2/virtual-ip-override/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip-override/evaltest.dat @@ -7,7 +7,7 @@ moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::NO moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES -carol::ip route list dev eth0::src PH_IP_CAROL1::YES +carol::ip route list table 220::src PH_IP_CAROL1::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list dev eth0::src PH_IP_DAVE1::YES +dave::ip route list table 220::src PH_IP_DAVE1::YES diff --git a/testing/tests/ikev2/virtual-ip/evaltest.dat b/testing/tests/ikev2/virtual-ip/evaltest.dat index dbb873ebc..e3c3c7f3c 100644 --- a/testing/tests/ikev2/virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip/evaltest.dat @@ -7,9 +7,9 @@ moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES -carol::ip route list dev eth0::src PH_IP_CAROL1::YES +carol::ip route list table 220::src PH_IP_CAROL1::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list dev eth0::src PH_IP_DAVE1::YES +dave::ip route list table 220::src PH_IP_DAVE1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -- cgit v1.2.3