-
Notifications
You must be signed in to change notification settings - Fork 283
/
Copy pathipsecbase.pm
115 lines (95 loc) · 3.62 KB
/
ipsecbase.pm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# SUSE's openQA tests
#
# Copyright 2016-2023 SUSE LLC
# SPDX-License-Identifier: FSFAP
# Summary: Base module for IPsec tests
# Maintainer: Kernel QE <[email protected]>
#
# Test requirement and topology can refer following link:
# https://github.com/linux-test-project/ltp/issues/920
# https://www.ipv6ready.org/docs/Phase2_IPsec_Interoperability_Latest.pdf
package ipsecbase;
use Mojo::Base 'opensusebasetest';
use testapi;
use serial_terminal 'select_serial_terminal';
use utils;
use Utils::Architectures;
use version_utils 'is_sle';
use lockapi;
use Utils::Logging 'save_and_upload_log';
use network_utils;
sub new {
my ($class, $args) = @_;
my $self = $class->SUPER::new($args);
$self->{ipsec_id} = "0x26c44388";
$self->{ipsec_key} = "0x6f887514ca6eccb1d273366f70b21a91aa2a3421";
$self->{ipsec_mode} = "tunnel";
$self->{ipsec_aead} = "'rfc4106(gcm(aes))'";
$self->{ipsec_proto} = "esp";
return $self;
}
sub get_net_prefix_len {
my ($self, %args) = @_;
my ($len) = $args{net} =~ /\/(\d+)/;
return $len;
}
sub add_ipv6_addr {
my ($self, %args) = @_;
$args{dev} ||= iface();
$args{plen} ||= 64;
$args{ip} = $args{ip} . "/" . $args{plen};
assert_script_run("ip -6 addr add $args{ip} dev $args{dev}");
}
sub add_ipv6_route {
my ($self, %args) = @_;
assert_script_run("ip -6 route add $args{dst} via $args{via}");
}
sub destroy_test_barriers {
my ($self) = @_;
barrier_destroy('IPSEC_IP_SETUP_DONE');
barrier_destroy('IPSEC_ROUTE_SETUP_DONE');
barrier_destroy('IPSEC_ROUTE_SETUP_CHECK_DONE');
barrier_destroy('IPSEC_TUNNEL_MODE_SETUP_DONE');
barrier_destroy('IPSEC_SET_MTU_DONE');
barrier_destroy('IPSEC_TUNNEL_MODE_CHECK_DONE');
barrier_destroy('IPSEC_TRANSPORT_MODE_SETUP_DONE');
barrier_destroy('IPSEC_TRANSPORT_MODE_CHECK_DONE');
}
sub check_ipv6_addr {
my $errors = 0;
my $tries = 10;
my $no_ip = 1;
my $output = '';
while ($tries > 0 && $no_ip) {
$no_ip = 0;
$output = script_output('ip a');
if ($output =~ /tentative/) {
record_info('Waiting for IPv6 ready, still tentative state');
$no_ip = 1;
}
$tries -= 1;
sleep(5);
}
}
sub config_ipsec {
my ($self, $args) = @_;
assert_script_run("ip xfrm state flush && ip xfrm policy flush");
assert_script_run("ip xfrm state add src $args->{local_ip} dst $args->{remote_ip} proto $self->{ipsec_proto} spi $self->{ipsec_id} reqid $self->{ipsec_id} mode $self->{ipsec_mode} aead $self->{ipsec_aead} $self->{ipsec_key} 128");
assert_script_run("ip xfrm state add src $args->{remote_ip} dst $args->{local_ip} proto $self->{ipsec_proto} spi $self->{ipsec_id} reqid $self->{ipsec_id} mode $self->{ipsec_mode} aead $self->{ipsec_aead} $self->{ipsec_key} 128");
assert_script_run("ip xfrm policy add src $args->{new_local_net} dst $args->{new_remote_net} dir out tmpl src $args->{local_ip} dst $args->{remote_ip} proto $self->{ipsec_proto} reqid $self->{ipsec_id} mode $self->{ipsec_mode}");
assert_script_run("ip xfrm policy add src $args->{new_remote_net} dst $args->{new_local_net} dir in tmpl src $args->{remote_ip} dst $args->{local_ip} proto $self->{ipsec_proto} reqid $self->{ipsec_id} mode $self->{ipsec_mode}");
}
sub pre_run_hook {
mutex_wait 'support_server_ready';
my ($self, $args) = @_;
select_serial_terminal;
# disable packagekitd
quit_packagekit();
ensure_service_disabled('apparmor');
# Stop firewall
ensure_service_disabled($self->firewall);
set_hostname(get_var('HOSTNAME', 'susetest'));
zypper_call('install tcpdump');
$self->SUPER::pre_run_hook;
}
1;