From 1dfd11fd9249704ca29675c5ee11059a79aac203 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 22 Apr 2014 16:27:41 +0200 Subject: [PATCH] testing: Added pfkey/compress test case --- testing/tests/pfkey/compress/description.txt | 4 ++++ testing/tests/pfkey/compress/evaltest.dat | 12 ++++++++++++ .../pfkey/compress/hosts/carol/etc/ipsec.conf | 21 +++++++++++++++++++++ .../pfkey/compress/hosts/carol/etc/strongswan.conf | 5 +++++ .../tests/pfkey/compress/hosts/moon/etc/ipsec.conf | 21 +++++++++++++++++++++ .../pfkey/compress/hosts/moon/etc/strongswan.conf | 5 +++++ testing/tests/pfkey/compress/posttest.dat | 4 ++++ testing/tests/pfkey/compress/pretest.dat | 6 ++++++ testing/tests/pfkey/compress/test.conf | 22 ++++++++++++++++++++++ 9 files changed, 100 insertions(+) create mode 100644 testing/tests/pfkey/compress/description.txt create mode 100644 testing/tests/pfkey/compress/evaltest.dat create mode 100644 testing/tests/pfkey/compress/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/pfkey/compress/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/pfkey/compress/posttest.dat create mode 100644 testing/tests/pfkey/compress/pretest.dat create mode 100644 testing/tests/pfkey/compress/test.conf diff --git a/testing/tests/pfkey/compress/description.txt b/testing/tests/pfkey/compress/description.txt new file mode 100644 index 0000000..4c60384 --- /dev/null +++ b/testing/tests/pfkey/compress/description.txt @@ -0,0 +1,4 @@ +This scenario enables IPComp compression between roadwarrior carol and +gateway moon. Two pings from carol to alice check +the established tunnel with compression. The packet sizes of the two pings +are different because the kernel does not compress small packets. diff --git a/testing/tests/pfkey/compress/evaltest.dat b/testing/tests/pfkey/compress/evaltest.dat new file mode 100644 index 0000000..843326e --- /dev/null +++ b/testing/tests/pfkey/compress/evaltest.dat @@ -0,0 +1,12 @@ +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL.*IPCOMP::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL.*IPCOMP::YES +moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES +moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES +moon:: ip xfrm state::proto comp spi::YES +carol::ip xfrm state::proto comp spi::YES +carol::ping -n -c 1 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES +carol::ping -n -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE::YES +moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/compress/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/compress/hosts/carol/etc/ipsec.conf new file mode 100644 index 0000000..7880989 --- /dev/null +++ b/testing/tests/pfkey/compress/hosts/carol/etc/ipsec.conf @@ -0,0 +1,21 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + compress=yes + leftfirewall=yes + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf new file mode 100644 index 0000000..2061e52 --- /dev/null +++ b/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown +} diff --git a/testing/tests/pfkey/compress/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/compress/hosts/moon/etc/ipsec.conf new file mode 100644 index 0000000..718b3c8 --- /dev/null +++ b/testing/tests/pfkey/compress/hosts/moon/etc/ipsec.conf @@ -0,0 +1,21 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + compress=yes + leftfirewall=yes + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightid=carol@strongswan.org + auto=add diff --git a/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf new file mode 100644 index 0000000..2061e52 --- /dev/null +++ b/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown +} diff --git a/testing/tests/pfkey/compress/posttest.dat b/testing/tests/pfkey/compress/posttest.dat new file mode 100644 index 0000000..046d4cf --- /dev/null +++ b/testing/tests/pfkey/compress/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/pfkey/compress/pretest.dat b/testing/tests/pfkey/compress/pretest.dat new file mode 100644 index 0000000..29a9035 --- /dev/null +++ b/testing/tests/pfkey/compress/pretest.dat @@ -0,0 +1,6 @@ +carol::iptables-restore < /etc/iptables.rules +moon::iptables-restore < /etc/iptables.rules +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/pfkey/compress/test.conf b/testing/tests/pfkey/compress/test.conf new file mode 100644 index 0000000..d7b7142 --- /dev/null +++ b/testing/tests/pfkey/compress/test.conf @@ -0,0 +1,22 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + -- 2.7.4