Demo branch showing the creation of a listener plugin demo-plugin
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 21 Dec 2015 12:04:24 +0000 (13:04 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 3 Oct 2018 21:47:54 +0000 (23:47 +0200)
19 files changed:
configure.ac
src/libcharon/Makefile.am
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/plugins/demo/Makefile.am [new file with mode: 0644]
src/libcharon/plugins/demo/demo_listener.c [new file with mode: 0644]
src/libcharon/plugins/demo/demo_listener.h [new file with mode: 0644]
src/libcharon/plugins/demo/demo_plugin.c [new file with mode: 0644]
src/libcharon/plugins/demo/demo_plugin.h [new file with mode: 0644]
testing/scripts/recipes/013_strongswan.mk
testing/tests/swanctl/net2net-demo/description.txt [new file with mode: 0755]
testing/tests/swanctl/net2net-demo/evaltest.dat [new file with mode: 0755]
testing/tests/swanctl/net2net-demo/hosts/moon/etc/strongswan.conf [new file with mode: 0755]
testing/tests/swanctl/net2net-demo/hosts/moon/etc/swanctl/swanctl.conf [new file with mode: 0755]
testing/tests/swanctl/net2net-demo/hosts/sun/etc/strongswan.conf [new file with mode: 0755]
testing/tests/swanctl/net2net-demo/hosts/sun/etc/swanctl/swanctl.conf [new file with mode: 0755]
testing/tests/swanctl/net2net-demo/posttest.dat [new file with mode: 0755]
testing/tests/swanctl/net2net-demo/pretest.dat [new file with mode: 0755]
testing/tests/swanctl/net2net-demo/test.conf [new file with mode: 0755]

index 1ef4373..f9dbc9e 100644 (file)
@@ -276,6 +276,7 @@ ARG_ENABL_SET([save-keys],      [enable development/debugging plugin that saves
 ARG_ENABL_SET([systime-fix],    [enable plugin to handle cert lifetimes with invalid system time gracefully.])
 ARG_ENABL_SET([test-vectors],   [enable plugin providing crypto test vectors.])
 ARG_DISBL_SET([updown],         [disable updown firewall script plugin.])
+ARG_ENABL_SET([demo],           [enable demo plugin.])
 # programs/components
 ARG_ENABL_SET([aikgen],         [enable AIK generator for TPM 1.2.])
 ARG_DISBL_SET([charon],         [disable the IKEv1/IKEv2 keying daemon charon.])
@@ -1508,6 +1509,7 @@ ADD_PLUGIN([uci],                  [c charon])
 ADD_PLUGIN([addrblock],            [c charon])
 ADD_PLUGIN([unity],                [c charon])
 ADD_PLUGIN([counters],             [c charon])
+ADD_PLUGIN([demo],                 [c charon])
 
 AC_SUBST(charon_plugins)
 AC_SUBST(starter_plugins)
@@ -1685,6 +1687,7 @@ AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue)
 AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue)
 AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue)
 AM_CONDITIONAL(USE_COUNTERS, test x$counters = xtrue)
+AM_CONDITIONAL(USE_DEMO, test x$demo = xtrue)
 
 #  other options
 # ---------------
@@ -1985,6 +1988,7 @@ AC_CONFIG_FILES([
        src/libcharon/plugins/resolve/Makefile
        src/libcharon/plugins/attr/Makefile
        src/libcharon/plugins/attr_sql/Makefile
+       src/libcharon/plugins/demo/Makefile
        src/libcharon/tests/Makefile
        src/libtpmtss/Makefile
        src/libtpmtss/plugins/tpm/Makefile
index 15ac7a6..c4e03d9 100644 (file)
@@ -733,6 +733,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_DEMO
+  SUBDIRS += plugins/demo
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/demo/libstrongswan-demo.la
+endif
+endif
+
 if MONOLITHIC
   SUBDIRS += .
 endif
index a69db93..4a03add 100644 (file)
@@ -136,7 +136,9 @@ ENUM_NEXT(notify_type_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE,
        "ME_CONNECTAUTH",
        "ME_RESPONSE",
        "RADIUS_ATTRIBUTE");
-ENUM_END(notify_type_names, RADIUS_ATTRIBUTE);
+ENUM_NEXT(notify_type_names, DEMO_PAYLOAD, DEMO_PAYLOAD, RADIUS_ATTRIBUTE,
+       "DEMO_PAYLOAD");
+ENUM_END(notify_type_names, DEMO_PAYLOAD);
 
 
 ENUM_BEGIN(notify_type_short_names, UNSUPPORTED_CRITICAL_PAYLOAD, UNSUPPORTED_CRITICAL_PAYLOAD,
@@ -250,7 +252,9 @@ ENUM_NEXT(notify_type_short_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE
        "ME_CAUTH",
        "ME_R",
        "RADIUS");
-ENUM_END(notify_type_short_names, RADIUS_ATTRIBUTE);
+ENUM_NEXT(notify_type_short_names, DEMO_PAYLOAD, DEMO_PAYLOAD, RADIUS_ATTRIBUTE,
+       "DEMO");
+ENUM_END(notify_type_short_names, DEMO_PAYLOAD);
 
 
 typedef struct private_notify_payload_t private_notify_payload_t;
index b0cf69d..0d1feb0 100644 (file)
@@ -178,6 +178,8 @@ enum notify_type_t {
        ME_RESPONSE = 40968,
        /* RADIUS attribute received/to send to a AAA backend */
        RADIUS_ATTRIBUTE = 40969,
+       /* DEMO payload */
+       DEMO_PAYLOAD = 42000,
 };
 
 /**
diff --git a/src/libcharon/plugins/demo/Makefile.am b/src/libcharon/plugins/demo/Makefile.am
new file mode 100644 (file)
index 0000000..63f1617
--- /dev/null
@@ -0,0 +1,18 @@
+AM_CPPFLAGS = \
+       -I$(top_srcdir)/src/libstrongswan \
+       -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+       $(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-demo.la
+else
+plugin_LTLIBRARIES = libstrongswan-demo.la
+endif
+
+libstrongswan_demo_la_SOURCES = \
+       demo_plugin.h demo_plugin.c \
+       demo_listener.h demo_listener.c 
+
+libstrongswan_demo_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/demo/demo_listener.c b/src/libcharon/plugins/demo/demo_listener.c
new file mode 100644 (file)
index 0000000..f5d717c
--- /dev/null
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2015-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "demo_listener.h"
+
+#include <crypto/hashers/hasher.h>
+#include <utils/debug.h>
+#include <daemon.h>
+
+typedef struct private_demo_listener_t private_demo_listener_t;
+
+/**
+ * Private data of a demo_listener_t object.
+ */
+struct private_demo_listener_t {
+
+       /**
+        * Public demo_listener_t interface.
+        */
+       demo_listener_t public;
+
+       /**
+        * SHA-1 hasher used to hash DEMO payload.
+        */
+       hasher_t *hasher;
+
+};
+
+METHOD(listener_t, message, bool,
+       private_demo_listener_t *this,
+       ike_sa_t *ike_sa, message_t *message, bool incoming, bool plain)
+{
+       enumerator_t *enumerator;
+       payload_t *payload;
+       notify_payload_t *notify;
+       ike_sa_id_t *ike_sa_id;
+       chunk_t data = chunk_empty;
+       char *demo_str;
+
+       if (plain && message->get_exchange_type(message) == CREATE_CHILD_SA)
+       {
+               ike_sa_id = ike_sa->get_id(ike_sa);
+                               
+               if (incoming)
+               {
+                       enumerator = message->create_payload_enumerator(message);
+                       while (enumerator->enumerate(enumerator, &payload))
+                       {
+                               if (payload->get_type(payload) == PLV2_NOTIFY)
+                               {
+                                       notify = (notify_payload_t*)payload;
+                                       if (notify->get_notify_type(notify) == DEMO_PAYLOAD)
+                                       {
+                                               data = notify->get_notification_data(notify);
+                                               break;
+                                       }
+                               }
+                       }
+                       enumerator->destroy(enumerator);
+
+                       if (data.len)
+                       {
+                               DBG1(DBG_IKE, "received %.*s", data.len, data.ptr);
+                       }
+               }
+               else
+               {
+                       demo_str = ike_sa_id->is_initiator(ike_sa_id) ? "demo request" :
+                                                                                                                       "demo response";
+                       DBG1(DBG_IKE, "sending %s", demo_str);
+                       data = chunk_from_str(demo_str);
+                       message->add_notify(message, FALSE, DEMO_PAYLOAD, data);
+               }
+       }
+       return TRUE;
+}
+
+METHOD(demo_listener_t, destroy, void,
+       private_demo_listener_t *this)
+{
+       DESTROY_IF(this->hasher);
+       free(this);
+}
+
+/**
+ * See header
+ */
+demo_listener_t *demo_listener_create()
+{
+       private_demo_listener_t *this;
+
+       INIT(this,
+               .public = {
+                       .listener = {
+                               .message = _message,
+                       },
+                       .destroy = _destroy,
+               },
+               .hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1),
+       );
+
+       return &this->public;
+}
diff --git a/src/libcharon/plugins/demo/demo_listener.h b/src/libcharon/plugins/demo/demo_listener.h
new file mode 100644 (file)
index 0000000..3cbbcc5
--- /dev/null
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2015-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup demo_listener demo_listener
+ * @{ @ingroup demo
+ */
+
+#ifndef DEMO_LISTENER_H_
+#define DEMO_LISTENER_H_
+
+
+#include <bus/listeners/listener.h>
+
+typedef struct demo_listener_t demo_listener_t;
+
+/**
+ * Insert and process DEMO notify payload
+ */
+struct demo_listener_t {
+
+       /**
+        * Implements a listener.
+        */
+       listener_t listener;
+
+       /**
+        * Destroy a demo_listener_t.
+        */
+       void (*destroy)(demo_listener_t *this);
+};
+
+/**
+ * Create a demo_listener instance.
+ */
+demo_listener_t *demo_listener_create();
+
+#endif /** DEMO_LISTENER_H_ @}*/
diff --git a/src/libcharon/plugins/demo/demo_plugin.c b/src/libcharon/plugins/demo/demo_plugin.c
new file mode 100644 (file)
index 0000000..fd15fe6
--- /dev/null
@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2015-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+
+#include "demo_plugin.h"
+#include "demo_listener.h"
+
+#include <daemon.h>
+
+typedef struct private_demo_plugin_t private_demo_plugin_t;
+
+/**
+ * Private data of a demo_plugin_t object.
+ */
+struct private_demo_plugin_t {
+
+       /**
+        * Public radius_plugin_t interface.
+        */
+       demo_plugin_t public;
+
+       /**
+        * Message listener inserting and processing DEMO notify payload
+        */
+       demo_listener_t *demo;
+};
+
+METHOD(plugin_t, get_name, char*,
+       private_demo_plugin_t *this)
+{
+       return "demo";
+}
+
+/**
+ * Register listener
+ */
+static bool plugin_cb(private_demo_plugin_t *this,
+                                         plugin_feature_t *feature, bool reg, void *cb_data)
+{
+       if (reg)
+       {
+               this->demo = demo_listener_create();
+               if (this->demo)
+               {
+                       charon->bus->add_listener(charon->bus, &this->demo->listener);
+               }
+       }
+       else
+       {
+               if (this->demo)
+               {
+                       charon->bus->remove_listener(charon->bus, &this->demo->listener);
+                       this->demo->destroy(this->demo);
+               }
+       }
+       return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+       private_demo_plugin_t *this, plugin_feature_t *features[])
+{
+       static plugin_feature_t f[] = {
+               PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
+                       PLUGIN_PROVIDE(CUSTOM, "demo"),
+                               PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+       };
+       *features = f;
+       return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+       private_demo_plugin_t *this)
+{
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *demo_plugin_create()
+{
+       private_demo_plugin_t *this;
+
+       INIT(this,
+               .public = {
+                       .plugin = {
+                               .get_name = _get_name,
+                               .get_features = _get_features,
+                               .destroy = _destroy,
+                       },
+               },
+       );
+
+       return &this->public.plugin;
+}
diff --git a/src/libcharon/plugins/demo/demo_plugin.h b/src/libcharon/plugins/demo/demo_plugin.h
new file mode 100644 (file)
index 0000000..020b5eb
--- /dev/null
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup demo demo
+ * @ingroup cplugins
+ *
+ * @defgroup demo_plugin demo_plugin
+ * @{ @ingroup demo
+ */
+
+#ifndef DEMO_PLUGIN_H_
+#define DEMO_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct demo_plugin_t demo_plugin_t;
+
+/**
+ * DEMO plugin.
+ *
+ * This plugin subscribes a listener to the IKE message hook and provides
+ * the sending and processing of a DEMO notify payload.
+ */
+struct demo_plugin_t {
+
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+#endif /** DEMO_PLUGIN_H_ @}*/
index 13a1b23..31b471d 100644 (file)
@@ -105,7 +105,8 @@ CONFIG_OPTS = \
        --enable-newhope \
        --enable-systemd \
        --enable-counters \
-       --enable-save-keys
+       --enable-save-keys \
+       --enable-demo
 
 export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
 
diff --git a/testing/tests/swanctl/net2net-demo/description.txt b/testing/tests/swanctl/net2net-demo/description.txt
new file mode 100755 (executable)
index 0000000..345769a
--- /dev/null
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>X.509 certificates</b>. Upon the successful
+establishment of the IPsec tunnel, the updown script automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/swanctl/net2net-demo/evaltest.dat b/testing/tests/swanctl/net2net-demo/evaltest.dat
new file mode 100755 (executable)
index 0000000..898f2f2
--- /dev/null
@@ -0,0 +1,5 @@
+moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-demo/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-demo/hosts/moon/etc/strongswan.conf
new file mode 100755 (executable)
index 0000000..ed1fe60
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+}
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici demo 
+
+  start-scripts {
+    creds = /usr/local/sbin/swanctl --load-creds 
+    conns = /usr/local/sbin/swanctl --load-conns
+  }
+  syslog {
+    daemon {
+      default = 1 
+    }
+    auth {
+      default = 0
+    }
+  } 
+}
diff --git a/testing/tests/swanctl/net2net-demo/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-demo/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755 (executable)
index 0000000..ea53e92
--- /dev/null
@@ -0,0 +1,29 @@
+connections {
+
+   gw-gw {
+      local_addrs  = 192.168.0.1
+      remote_addrs = 192.168.0.2 
+
+      local {
+         auth = pubkey 
+         certs = moonCert.pem
+         id = moon.strongswan.org
+      }
+      remote {
+         auth = pubkey
+         id = sun.strongswan.org 
+      }
+      children {
+         net-net {
+            local_ts  = 10.1.0.0/16 
+            remote_ts = 10.2.0.0/16 
+
+            updown = /usr/local/libexec/ipsec/_updown iptables
+            esp_proposals = aes128gcm128-modp3072
+         }
+      }
+      version = 2
+      mobike = no
+      proposals = aes128-sha256-modp3072
+   }
+}
diff --git a/testing/tests/swanctl/net2net-demo/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-demo/hosts/sun/etc/strongswan.conf
new file mode 100755 (executable)
index 0000000..9a80e51
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+}
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici demo 
+
+  start-scripts {
+    creds = /usr/local/sbin/swanctl --load-creds 
+    conns = /usr/local/sbin/swanctl --load-conns
+  } 
+}
diff --git a/testing/tests/swanctl/net2net-demo/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-demo/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755 (executable)
index 0000000..c351213
--- /dev/null
@@ -0,0 +1,29 @@
+connections {
+
+   gw-gw {
+      local_addrs  = 192.168.0.2
+      remote_addrs = 192.168.0.1 
+
+      local {
+         auth = pubkey
+         certs = sunCert.pem
+         id = sun.strongswan.org
+      }
+      remote {
+         auth = pubkey
+         id = moon.strongswan.org 
+      }
+      children {
+         net-net {
+            local_ts  = 10.2.0.0/16 
+            remote_ts = 10.1.0.0/16 
+
+            updown = /usr/local/libexec/ipsec/_updown iptables
+            esp_proposals = aes128gcm128-modp3072
+         }
+      }
+      version = 2
+      mobike = no
+      proposals = aes128-sha256-modp3072
+   }
+}
diff --git a/testing/tests/swanctl/net2net-demo/posttest.dat b/testing/tests/swanctl/net2net-demo/posttest.dat
new file mode 100755 (executable)
index 0000000..30d10b5
--- /dev/null
@@ -0,0 +1,5 @@
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::service charon stop 2> /dev/null
+sun::service charon stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-demo/pretest.dat b/testing/tests/swanctl/net2net-demo/pretest.dat
new file mode 100755 (executable)
index 0000000..dd6729c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::service charon start 2> /dev/null
+sun::service charon start 2> /dev/null
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate  --child net-net 2> /dev/null
+moon::swanctl --terminate --child net-net 2> /dev/null
+moon::swanctl --initiate  --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-demo/test.conf b/testing/tests/swanctl/net2net-demo/test.conf
new file mode 100755 (executable)
index 0000000..07a3b24
--- /dev/null
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1