mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	selftests: add xfrm state-policy-monitor to rtnetlink.sh
Add a simple set of tests for the IPsec xfrm commands. Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
		
							parent
							
								
									ef53e9e147
								
							
						
					
					
						commit
						5e596ee171
					
				| @ -502,6 +502,108 @@ kci_test_macsec() | ||||
| 	echo "PASS: macsec" | ||||
| } | ||||
| 
 | ||||
| #------------------------------------------------------------------- | ||||
| # Example commands | ||||
| #   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ | ||||
| #            spi 0x07 mode transport reqid 0x07 replay-window 32 \ | ||||
| #            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ | ||||
| #            sel src 14.0.0.52/24 dst 14.0.0.70/24 | ||||
| #   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ | ||||
| #            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ | ||||
| #            spi 0x07 mode transport reqid 0x07 | ||||
| # | ||||
| # Subcommands not tested | ||||
| #    ip x s update | ||||
| #    ip x s allocspi | ||||
| #    ip x s deleteall | ||||
| #    ip x p update | ||||
| #    ip x p deleteall | ||||
| #    ip x p set | ||||
| #------------------------------------------------------------------- | ||||
| kci_test_ipsec() | ||||
| { | ||||
| 	srcip="14.0.0.52" | ||||
| 	dstip="14.0.0.70" | ||||
| 	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" | ||||
| 
 | ||||
| 	# flush to be sure there's nothing configured | ||||
| 	ip x s flush ; ip x p flush | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	# start the monitor in the background | ||||
| 	tmpfile=`mktemp ipsectestXXX` | ||||
| 	ip x m > $tmpfile & | ||||
| 	mpid=$! | ||||
| 	sleep 0.2 | ||||
| 
 | ||||
| 	ipsecid="proto esp src $srcip dst $dstip spi 0x07" | ||||
| 	ip x s add $ipsecid \ | ||||
|             mode transport reqid 0x07 replay-window 32 \ | ||||
|             $algo sel src $srcip/24 dst $dstip/24 | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	lines=`ip x s list | grep $srcip | grep $dstip | wc -l` | ||||
| 	test $lines -eq 2 | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	ip x s count | grep -q "SAD count 1" | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l` | ||||
| 	test $lines -eq 2 | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	ip x s delete $ipsecid | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	lines=`ip x s list | wc -l` | ||||
| 	test $lines -eq 0 | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	ipsecsel="dir out src $srcip/24 dst $dstip/24" | ||||
| 	ip x p add $ipsecsel \ | ||||
| 		    tmpl proto esp src $srcip dst $dstip \ | ||||
| 		    spi 0x07 mode transport reqid 0x07 | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	lines=`ip x p list | grep $srcip | grep $dstip | wc -l` | ||||
| 	test $lines -eq 2 | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0" | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l` | ||||
| 	test $lines -eq 2 | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	ip x p delete $ipsecsel | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	lines=`ip x p list | wc -l` | ||||
| 	test $lines -eq 0 | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	# check the monitor results | ||||
| 	kill $mpid | ||||
| 	lines=`wc -l $tmpfile | cut "-d " -f1` | ||||
| 	test $lines -eq 20 | ||||
| 	check_err $? | ||||
| 	rm -rf $tmpfile | ||||
| 
 | ||||
| 	# clean up any leftovers | ||||
| 	ip x s flush | ||||
| 	check_err $? | ||||
| 	ip x p flush | ||||
| 	check_err $? | ||||
| 
 | ||||
| 	if [ $ret -ne 0 ]; then | ||||
| 		echo "FAIL: ipsec" | ||||
| 		return 1 | ||||
| 	fi | ||||
| 	echo "PASS: ipsec" | ||||
| } | ||||
| 
 | ||||
| kci_test_gretap() | ||||
| { | ||||
| 	testns="testns" | ||||
| @ -755,6 +857,7 @@ kci_test_rtnl() | ||||
| 	kci_test_vrf | ||||
| 	kci_test_encap | ||||
| 	kci_test_macsec | ||||
| 	kci_test_ipsec | ||||
| 
 | ||||
| 	kci_del_dummy | ||||
| } | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Shannon Nelson
						Shannon Nelson