[LTP] [PATCHv3 2/3] network/stress: add ipsec lib

Hangbin Liu haliu@redhat.com
Thu Mar 17 11:04:15 CET 2016


Signed-off-by: Hangbin Liu <haliu@redhat.com>
---
 testcases/network/stress/ipsec/Makefile     |  29 ++++++++
 testcases/network/stress/ipsec/ipsec_lib.sh | 111 ++++++++++++++++++++++++++++
 2 files changed, 140 insertions(+)
 create mode 100644 testcases/network/stress/ipsec/Makefile
 create mode 100644 testcases/network/stress/ipsec/ipsec_lib.sh

diff --git a/testcases/network/stress/ipsec/Makefile b/testcases/network/stress/ipsec/Makefile
new file mode 100644
index 0000000..0d7f1b6
--- /dev/null
+++ b/testcases/network/stress/ipsec/Makefile
@@ -0,0 +1,29 @@
+#!/bin/sh
+# Copyright (c) 2016 Red Hat Inc.,  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+# Author: Hangbin Liu <haliu@redhat.com>
+#
+#######################################################################
+
+
+top_srcdir		?= ../../../..
+
+include $(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_TARGETS		:= *.sh
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/network/stress/ipsec/ipsec_lib.sh b/testcases/network/stress/ipsec/ipsec_lib.sh
new file mode 100644
index 0000000..33716ce
--- /dev/null
+++ b/testcases/network/stress/ipsec/ipsec_lib.sh
@@ -0,0 +1,111 @@
+#!/bin/sh
+# Copyright (c) 2016 Red Hat Inc.,  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Author: Hangbin Liu <haliu@redhat.com>
+#
+#######################################################################
+
+. test_net.sh
+
+# tst_ipsec flush: flush the ipsec state and policy
+# tst_ipsec target protocol mode spi src_addr dst_addr: config ipsec
+#
+# target: target of the configuration file ( src / dst )
+# protocol: ah / esp / ipcomp
+# mode: transport / tunnel
+# spi: the first spi value
+# src_addr: source IP address
+# dst_addr: destination IP address
+tst_ipsec()
+{
+	if [ "$1" = "flush" ]; then
+		ROD ip xfrm state flush
+		ROD ip xfrm policy flush
+		tst_rhost_run -s -c "ip xfrm state flush && ip xfrm policy flush"
+		return 0
+	fi
+	if [ $# -ne 6 ]; then
+		tst_resm TINFO "tst_ipsec parameter mismatch"
+		return 1
+	fi
+
+	target=$1
+	protocol=$2
+	mode=$3
+	spi=$4
+	src=$5
+	dst=$6
+
+	# Encryption algorithm
+	EALGO="des3_ede"
+	EALGO_KEY=0x$(printf _I_want_to_have_chicken_ | hexdump -ve '/1 "%x"')
+
+	# Authentication algorithm
+	AALGO="sha1"
+	AALGO_KEY=0x$(printf beef_fish_pork_salad | hexdump -ve '/1 "%x"')
+
+	# Compression algorithm
+	CALGO="deflate"
+	# Algorithm options for each protocol
+	case $protocol in
+	ah)
+		algo_line="auth $AALGO $AALGO_KEY"
+		proto="ah"
+		;;
+	esp)
+		algo_line="enc $EALGO $EALGO_KEY auth $AALGO $AALGO_KEY"
+		proto="esp"
+		;;
+	ipcomp)
+		algo_line="comp $CALGO"
+		proto="comp"
+		;;
+	*)
+		tst_resm TINFO "tst_ipsec protocol mismatch"
+		return 1
+		;;
+	esac
+
+	if [ $target = src ]; then
+		spi_1="0x$spi"
+		spi_2="0x$(( $spi + 1 ))"
+		ROD ip xfrm state add src $src dst $dst spi $spi_1 proto $proto \
+			$algo_line mode $mode sel src $src dst $dst
+		ROD ip xfrm policy add src $src dst $dst dir out tmpl src $src \
+			dst $dst proto $proto mode $mode
+
+		ROD ip xfrm state add src $dst dst $src spi $spi_2 proto $proto \
+			$algo_line mode $mode sel src $dst dst $src
+		ROD ip xfrm policy add src $dst dst $src dir in tmpl src $dst \
+			dst $src proto $proto mode $mode level use
+		ROD ip xfrm state
+		ROD ip xfrm policy
+	elif [ $target = dst ]; then
+		spi_1="0x$(( $spi + 1 ))"
+		spi_2="0x$spi"
+		tst_rhost_run -s -c "ip xfrm state add src $src dst $dst spi $spi_1 \
+			proto $proto $algo_line mode $mode sel src $src dst $dst"
+		tst_rhost_run -s -c "ip xfrm policy add src $src dst $dst dir out \
+			tmpl src $src dst $dst proto $proto mode $mode"
+
+		tst_rhost_run -s -c "ip xfrm state add src $dst dst $src spi $spi_2 \
+			proto $proto $algo_line mode $mode sel src $dst dst $src"
+		tst_rhost_run -s -c "ip xfrm policy add src $dst dst $src dir in \
+			tmpl src $dst dst $src proto $proto mode $mode level use"
+		tst_rhost_run -s -c "ip xfrm state"
+		tst_rhost_run -s -c "ip xfrm policy"
+	fi
+}
-- 
2.5.0



More information about the ltp mailing list