Re: [PATCH ipsec-next] selftests: add xfrm state-policy-monitor to rtnetlink.sh

[Steffen Klassert]

On Thu, Apr 12, 2018 at 03:59:59PM -0700, Shannon Nelson wrote:
> Add a simple set of tests for the IPsec xfrm commands.
> 
> Signed-off-by: Shannon Nelson 

Applied to ipsec-next, thanks Shannon!

[PATCH ipsec-next] selftests: add xfrm state-policy-monitor to rtnetlink.sh

[Shannon Nelson]

Add a simple set of tests for the IPsec xfrm commands.

Signed-off-by: Shannon Nelson 
---
 tools/testing/selftests/net/rtnetlink.sh | 103 +++
 1 file changed, 103 insertions(+)

diff --git a/tools/testing/selftests/net/rtnetlink.sh 
b/tools/testing/selftests/net/rtnetlink.sh
index e6f4852..760faef 100755
--- a/tools/testing/selftests/net/rtnetlink.sh
+++ b/tools/testing/selftests/net/rtnetlink.sh
@@ -502,6 +502,108 @@ kci_test_macsec()
echo "PASS: macsec"
 }
 
+#---
+# Example commands
+#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
+#spi 0x07 mode transport reqid 0x07 replay-window 32 \
+#aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
+#sel src 14.0.0.52/24 dst 14.0.0.70/24
+#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
+#tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
+#spi 0x07 mode transport reqid 0x07
+#
+# Subcommands not tested
+#ip x s update
+#ip x s allocspi
+#ip x s deleteall
+#ip x p update
+#ip x p deleteall
+#ip x p set
+#---
+kci_test_ipsec()
+{
+   srcip="14.0.0.52"
+   dstip="14.0.0.70"
+   algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 
128"
+
+   # flush to be sure there's nothing configured
+   ip x s flush ; ip x p flush
+   check_err $?
+
+   # start the monitor in the background
+   tmpfile=`mktemp ipsectestXXX`
+   ip x m > $tmpfile &
+   mpid=$!
+   sleep 0.2
+
+   ipsecid="proto esp src $srcip dst $dstip spi 0x07"
+   ip x s add $ipsecid \
+mode transport reqid 0x07 replay-window 32 \
+$algo sel src $srcip/24 dst $dstip/24
+   check_err $?
+
+   lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
+   test $lines -eq 2
+   check_err $?
+
+   ip x s count | grep -q "SAD count 1"
+   check_err $?
+
+   lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
+   test $lines -eq 2
+   check_err $?
+
+   ip x s delete $ipsecid
+   check_err $?
+
+   lines=`ip x s list | wc -l`
+   test $lines -eq 0
+   check_err $?
+
+   ipsecsel="dir out src $srcip/24 dst $dstip/24"
+   ip x p add $ipsecsel \
+   tmpl proto esp src $srcip dst $dstip \
+   spi 0x07 mode transport reqid 0x07
+   check_err $?
+
+   lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
+   test $lines -eq 2
+   check_err $?
+
+   ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
+   check_err $?
+
+   lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
+   test $lines -eq 2
+   check_err $?
+
+   ip x p delete $ipsecsel
+   check_err $?
+
+   lines=`ip x p list | wc -l`
+   test $lines -eq 0
+   check_err $?
+
+   # check the monitor results
+   kill $mpid
+   lines=`wc -l $tmpfile | cut "-d " -f1`
+   test $lines -eq 20
+   check_err $?
+   rm -rf $tmpfile
+
+   # clean up any leftovers
+   ip x s flush
+   check_err $?
+   ip x p flush
+   check_err $?
+
+   if [ $ret -ne 0 ]; then
+   echo "FAIL: ipsec"
+   return 1
+   fi
+   echo "PASS: ipsec"
+}
+
 kci_test_gretap()
 {
testns="testns"
@@ -755,6 +857,7 @@ kci_test_rtnl()
kci_test_vrf
kci_test_encap
kci_test_macsec
+   kci_test_ipsec
 
kci_del_dummy
 }
-- 
2.7.4