selftests: add xfrm state-policy-monitor to rtnetlink.sh

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add a simple set of tests for the IPsec xfrm commands.

Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

authored by

Shannon Nelson and committed by

Steffen Klassert 8 years ago 5e596ee1 ef53e9e1

+103

1 changed file

expand all

tools

testing

selftests

net

rtnetlink.sh

+103

tools/testing/selftests/net/rtnetlink.sh

··· 502 502 echo "PASS: macsec" 503 503 } 504 504 505 + #------------------------------------------------------------------- 506 + # Example commands 507 + # ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ 508 + # spi 0x07 mode transport reqid 0x07 replay-window 32 \ 509 + # aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ 510 + # sel src 14.0.0.52/24 dst 14.0.0.70/24 511 + # ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ 512 + # tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ 513 + # spi 0x07 mode transport reqid 0x07 514 + # 515 + # Subcommands not tested 516 + # ip x s update 517 + # ip x s allocspi 518 + # ip x s deleteall 519 + # ip x p update 520 + # ip x p deleteall 521 + # ip x p set 522 + #------------------------------------------------------------------- 523 + kci_test_ipsec() 524 + { 525 + srcip="14.0.0.52" 526 + dstip="14.0.0.70" 527 + algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" 528 + 529 + # flush to be sure there's nothing configured 530 + ip x s flush ; ip x p flush 531 + check_err $? 532 + 533 + # start the monitor in the background 534 + tmpfile=`mktemp ipsectestXXX` 535 + ip x m > $tmpfile & 536 + mpid=$! 537 + sleep 0.2 538 + 539 + ipsecid="proto esp src $srcip dst $dstip spi 0x07" 540 + ip x s add $ipsecid \ 541 + mode transport reqid 0x07 replay-window 32 \ 542 + $algo sel src $srcip/24 dst $dstip/24 543 + check_err $? 544 + 545 + lines=`ip x s list | grep $srcip | grep $dstip | wc -l` 546 + test $lines -eq 2 547 + check_err $? 548 + 549 + ip x s count | grep -q "SAD count 1" 550 + check_err $? 551 + 552 + lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l` 553 + test $lines -eq 2 554 + check_err $? 555 + 556 + ip x s delete $ipsecid 557 + check_err $? 558 + 559 + lines=`ip x s list | wc -l` 560 + test $lines -eq 0 561 + check_err $? 562 + 563 + ipsecsel="dir out src $srcip/24 dst $dstip/24" 564 + ip x p add $ipsecsel \ 565 + tmpl proto esp src $srcip dst $dstip \ 566 + spi 0x07 mode transport reqid 0x07 567 + check_err $? 568 + 569 + lines=`ip x p list | grep $srcip | grep $dstip | wc -l` 570 + test $lines -eq 2 571 + check_err $? 572 + 573 + ip x p count | grep -q "SPD IN 0 OUT 1 FWD 0" 574 + check_err $? 575 + 576 + lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l` 577 + test $lines -eq 2 578 + check_err $? 579 + 580 + ip x p delete $ipsecsel 581 + check_err $? 582 + 583 + lines=`ip x p list | wc -l` 584 + test $lines -eq 0 585 + check_err $? 586 + 587 + # check the monitor results 588 + kill $mpid 589 + lines=`wc -l $tmpfile | cut "-d " -f1` 590 + test $lines -eq 20 591 + check_err $? 592 + rm -rf $tmpfile 593 + 594 + # clean up any leftovers 595 + ip x s flush 596 + check_err $? 597 + ip x p flush 598 + check_err $? 599 + 600 + if [ $ret -ne 0 ]; then 601 + echo "FAIL: ipsec" 602 + return 1 603 + fi 604 + echo "PASS: ipsec" 605 + } 606 + 505 607 kci_test_gretap() 506 608 { 507 609 testns="testns" ··· 857 755 kci_test_vrf 858 756 kci_test_encap 859 757 kci_test_macsec 758 + kci_test_ipsec 860 759 861 760 kci_del_dummy 862 761 }