1 //==========================================================================
5 //==========================================================================
6 //####BSDCOPYRIGHTBEGIN####
8 // -------------------------------------------
10 // Portions of this software may have been derived from OpenBSD,
11 // FreeBSD or other sources, and are covered by the appropriate
12 // copyright disclaimers included herein.
14 // Portions created by Red Hat are
15 // Copyright (C) 2002 Red Hat, Inc. All Rights Reserved.
17 // -------------------------------------------
19 //####BSDCOPYRIGHTEND####
20 //==========================================================================
22 /* $KAME: test-policy.c,v 1.16 2003/08/26 03:24:08 itojun Exp $ */
25 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
26 * All rights reserved.
28 * Redistribution and use in source and binary forms, with or without
29 * modification, are permitted provided that the following conditions
31 * 1. Redistributions of source code must retain the above copyright
32 * notice, this list of conditions and the following disclaimer.
33 * 2. Redistributions in binary form must reproduce the above copyright
34 * notice, this list of conditions and the following disclaimer in the
35 * documentation and/or other materials provided with the distribution.
36 * 3. Neither the name of the project nor the names of its contributors
37 * may be used to endorse or promote products derived from this software
38 * without specific prior written permission.
40 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 #include <sys/types.h>
56 #include <sys/param.h>
57 #include <sys/socket.h>
59 #include <netinet/in.h>
60 #include <net/pfkeyv2.h>
61 #include <netkey/key_debug.h>
62 #include <netinet6/ipsec.h>
71 #include <cyg/infra/testcase.h>
72 #include <cyg/infra/diag.h>
74 #define errx(eval, fmt, ... ) \
77 diag_snprintf(buf, sizeof(buf), fmt, ##__VA_ARGS__); \
78 CYG_TEST_FAIL_FINISH(buf); \
81 #define warn CYG_TEST_INFO
82 #define warnx CYG_TEST_INFO
83 #define err(eval, str) CYG_TEST_FAIL_FINISH(str)
84 //#define printf diag_printf
92 int result; /* expected result; 0:ok 1:ng */
97 { 1, "in ipsec must_error" },
98 { 1, "out ipsec esp/must_error" },
102 { 0, "out entrust" },
103 { 1, "out ipsec esp" },
104 { 0, "in ipsec ah/transport" },
105 { 1, "in ipsec ah/tunnel" },
106 { 0, "out ipsec ah/transport/" },
107 { 1, "out ipsec ah/tunnel/" },
108 { 0, "in ipsec esp / transport / 10.0.0.1-10.0.0.2" },
109 #ifdef CYGPKG_NET_INET6
110 { 0, "in ipsec esp/tunnel/::1-::2" },
111 { 1, "in ipsec esp/tunnel/10.0.0.1-::2" },
112 { 0, "in ipsec esp/tunnel/::1-::2/require" },
114 { 0, "out ipsec ah/transport//use" },
115 { 1, "out ipsec ah/transport esp/use" },
116 { 1, "in ipsec ah/transport esp/tunnel" },
117 #ifdef CYGPKG_NET_INET6
118 { 0, "in ipsec ah/transport esp/tunnel/::1-::1" },
121 " esp / tunnel / ::1-::2" },
123 " ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"
124 " ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"
125 " ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"
127 { 0, "out ipsec esp/transport/fec0::10-fec0::11/use" },
131 int test1 __P((void));
132 int test1sub1 __P((struct req_t *));
133 int test1sub2 __P((char *, int));
134 int test2 __P((void));
135 int test2sub __P((int));
138 main(int ac, char **av)
141 init_all_network_interfaces();
146 CYG_TEST_FINISH("done");
157 for (i = 0; i < sizeof(reqs)/sizeof(reqs[0]); i++) {
158 printf("#%d [%s]\n", i + 1, reqs[i].str);
160 result = test1sub1(&reqs[i]);
161 if (result == 0 && reqs[i].result == 1) {
162 warnx("ERROR: expecting failure.");
163 } else if (result == 1 && reqs[i].result == 0) {
164 warnx("ERROR: expecting success.");
177 buf = ipsec_set_policy(req->str, strlen(req->str));
179 printf("ipsec_set_policy: %s\n", ipsec_strerror());
183 if (test1sub2(buf, PF_INET) != 0 ||
184 #ifdef CYG_PKG_NET_INET6
185 test1sub2(buf, PF_INET6) != 0
194 kdebug_sadb_x_policy((struct sadb_ext *)buf);
201 test1sub2(policy, family)
206 int proto = 0, optname = 0;
213 optname = IP_IPSEC_POLICY;
216 proto = IPPROTO_IPV6;
217 optname = IPV6_IPSEC_POLICY;
221 if ((so = socket(family, SOCK_DGRAM, 0)) < 0)
224 len = ipsec_get_policylen(policy);
226 printf("\tsetlen:%d\n", len);
229 if (setsockopt(so, proto, optname, policy, len) < 0) {
230 printf("fail to set sockopt; %s\n", strerror(errno));
235 memset(getbuf, 0, sizeof(getbuf));
236 memcpy(getbuf, policy, sizeof(struct sadb_x_policy));
237 if (getsockopt(so, proto, optname, getbuf, &len) < 0) {
238 printf("fail to get sockopt; %s\n", strerror(errno));
247 printf("\tgetlen:%d\n", len);
250 if ((buf = ipsec_dump_policy(getbuf, NULL)) == NULL) {
251 printf("%s\n", ipsec_strerror());
256 printf("\t[%s]\n", buf);
268 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1,
276 char *pol1 = "out ipsec";
277 char *pol2 = "out ipsec ah/transport//use";
286 errx(1, "root privilege required.");
288 sp1 = ipsec_set_policy(pol1, strlen(pol1));
289 splen1 = ipsec_get_policylen(sp1);
290 sp2 = ipsec_set_policy(pol2, strlen(pol2));
291 splen2 = ipsec_get_policylen(sp2);
293 if ((so = pfkey_open()) < 0)
294 errx(1, "ERROR: %s", ipsec_strerror());
296 printf("spdflush()\n");
297 if (pfkey_send_spdflush(so) < 0)
298 errx(1, "ERROR: %s", ipsec_strerror());
302 printf("spdsetidx()\n");
303 if (pfkey_send_spdsetidx(so, (struct sockaddr *)addr, 128,
304 (struct sockaddr *)addr, 128,
305 255, sp1, splen1, 0) < 0)
306 errx(1, "ERROR: %s", ipsec_strerror());
310 printf("spdupdate()\n");
311 if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128,
312 (struct sockaddr *)addr, 128,
313 255, sp2, splen2, 0) < 0)
314 errx(1, "ERROR: %s", ipsec_strerror());
318 printf("sleep(4)\n");
321 printf("spddelete()\n");
322 if (pfkey_send_spddelete(so, (struct sockaddr *)addr, 128,
323 (struct sockaddr *)addr, 128,
324 255, sp1, splen1, 0) < 0)
325 errx(1, "ERROR: %s", ipsec_strerror());
329 printf("spdadd()\n");
330 if (pfkey_send_spdadd(so, (struct sockaddr *)addr, 128,
331 (struct sockaddr *)addr, 128,
332 255, sp2, splen2, 0) < 0)
333 errx(1, "ERROR: %s", ipsec_strerror());
336 printf("spdget(%u)\n", spid);
337 if (pfkey_send_spdget(so, spid) < 0)
338 errx(1, "ERROR: %s", ipsec_strerror());
342 printf("sleep(4)\n");
345 printf("spddelete2()\n");
346 if (pfkey_send_spddelete2(so, spid) < 0)
347 errx(1, "ERROR: %s", ipsec_strerror());
351 printf("spdadd() with lifetime's 10(s)\n");
352 if (pfkey_send_spdadd2(so, (struct sockaddr *)addr, 128,
353 (struct sockaddr *)addr, 128,
354 255, 0, 10, sp2, splen2, 0) < 0)
355 errx(1, "ERROR: %s", ipsec_strerror());
358 /* expecting failure */
359 printf("spdupdate()\n");
360 if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128,
361 (struct sockaddr *)addr, 128,
362 255, sp2, splen2, 0) == 0) {
363 warnx("ERROR: expecting failure.");
373 struct sadb_msg *msg;
374 caddr_t mhp[SADB_EXT_MAX + 1];
376 if ((msg = pfkey_recv(so)) == NULL)
377 errx(1, "ERROR: pfkey_recv failure.");
378 if (pfkey_align(msg, mhp) < 0)
379 errx(1, "ERROR: pfkey_align failure.");
381 return ((struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY])->sadb_x_policy_id;