ike_sa_t *a, *b;
uint32_t spi_a = _i+1, spi_b = 2-_i;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_updown */
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
ike_sa_t *a, *b;
uint32_t spi_a = _i+1, spi_b = 2-_i;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_updown */
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
ike_sa_t *a, *b;
uint32_t spi_a = _i+1, spi_b = 2-_i;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_updown */
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
ike_sa_t *a, *b;
uint32_t spi_a = _i+1, spi_b = 2-_i;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_updown */
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
{
ike_sa_t *a, *b;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
initiate_rekey(a, 1);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
{
ike_sa_t *a, *b;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
initiate_rekey(a, 1);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
{
ike_sa_t *a, *b;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
initiate_rekey(a, 1);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 0);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
{
ike_sa_t *a, *b;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
initiate_rekey(a, 1);
/* child_rekey */
assert_hook();
+ /* the additional CHILD_SA here is the one we destroyed on b without
+ * triggering an event */
+ assert_track_sas(2, 3);
assert_sa_idle(a);
assert_sa_idle(b);
ike_sa_t *a, *b;
message_t *msg;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
initiate_rekey(a, 1);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
{
ike_sa_t *a, *b;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
{
ike_sa_t *a, *b;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, &multi_ke_conf);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
};
ike_sa_t *a, *b;
+ assert_track_sas_start();
+
/* let's accept what the peer proposes first */
lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
FALSE, lib->ns);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
ike_sa_t *a, *b;
message_t *msg;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
ike_sa_t *a, *b;
message_t *msg;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 0);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
_i %= 2;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, &multi_ke_conf);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
_i %= 3;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
assert_sa_idle(a);
assert_sa_idle(b);
ike_sa_t *a, *b;
message_t *msg;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
assert_sa_idle(a);
assert_sa_idle(b);
ike_sa_t *a, *b;
message_t *msg;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 0);
assert_sa_idle(a);
assert_sa_idle(b);
_i %= 3;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, &multi_ke_conf);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
assert_sa_idle(a);
assert_sa_idle(b);
};
ike_sa_t *a, *b;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, &conf);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
assert_sa_idle(a);
assert_sa_idle(b);
ike_sa_t *a, *b;
message_t *msg;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, &conf);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
assert_sa_idle(a);
assert_sa_idle(b);
ike_sa_t *a, *b;
message_t *msg;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* child_rekey/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
call_ikesa(a, destroy);
call_ikesa(b, destroy);
ike_sa_t *a, *b;
uint32_t spi_a = _i+1, spi_b = 2-_i;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_rekey */
assert_hook();
+ assert_track_sas(2, 0);
assert_sa_idle(a);
assert_sa_idle(b);
ike_sa_t *a, *b;
uint32_t spi_a = _i+1, spi_b = 2-_i;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_rekey */
assert_hook();
+ assert_track_sas(2, 0);
assert_sa_idle(a);
assert_sa_idle(b);
message_t *msg;
uint32_t spi_a = _i+1, spi_b = 2-_i;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_rekey */
assert_hook();
+ assert_track_sas(2, 0);
assert_sa_idle(a);
assert_sa_idle(b);
message_t *msg;
uint32_t spi_a = _i+1, spi_b = 2-_i;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_rekey */
assert_hook();
+ assert_track_sas(2, 0);
assert_sa_idle(a);
assert_sa_idle(b);
message_t *msg;
uint32_t spi_a = _i+1, spi_b = 2-_i;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_rekey */
assert_hook();
+ assert_track_sas(2, 0);
assert_sa_idle(a);
assert_sa_idle(b);
ike_sa_t *a, *b;
uint32_t spi_a = _i+1;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* ike_rekey/child_rekey */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
assert_sa_idle(a);
assert_sa_idle(b);
message_t *msg;
status_t s;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the CHILD_SA (SPI 2) */
exchange_test_helper->establish_sa(exchange_test_helper,
/* child_rekey */
assert_hook();
+ assert_track_sas(0, 0);
}
END_TEST
ike_sa_t *a, *b, *new_sa;
status_t s;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the IKE_SA */
exchange_test_helper->establish_sa(exchange_test_helper,
assert_hook();
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
ike_sa_t *a, *b, *new_sa;
status_t s;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the IKE_SA */
exchange_test_helper->establish_sa(exchange_test_helper,
assert_hook();
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
ike_sa_t *a, *b, *sa;
status_t s;
+ assert_track_sas_start();
+
lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
FALSE, lib->ns);
if (_i)
assert_hook();
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
ike_sa_t *a, *b, *sa;
status_t s;
+ assert_track_sas_start();
+
lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
FALSE, lib->ns);
if (_i)
assert_hook();
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
ike_sa_t *a, *b, *sa;
status_t status;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
assert_hook();
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
ike_sa_t *a, *b, *sa;
status_t status;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, &multi_ke_conf);
assert_hook();
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
ike_sa_t *a, *b, *sa;
status_t status;
+ assert_track_sas_start();
+
/* let's accept what the peer proposes first */
lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
FALSE, lib->ns);
assert_hook();
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
ike_sa_t *a, *b, *sa;
status_t status;
+ assert_track_sas_start();
+
lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
FALSE, lib->ns);
assert_hook();
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
message_t *msg;
status_t s;
+ assert_track_sas_start();
+
lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
FALSE, lib->ns);
/* ike_updown/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
message_t *msg, *d;
status_t s;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* ike_updown/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
_i %= 2;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, &multi_ke_conf);
/* ike_updown/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
message_t *msg;
status_t s;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* ike_updown/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
message_t *msg;
status_t s;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* ike_updown/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
message_t *msg;
status_t s;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, NULL);
/* ike_updown/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
_i %= 3;
+ assert_track_sas_start();
+
exchange_test_helper->establish_sa(exchange_test_helper,
&a, &b, &multi_ke_conf);
/* ike_updown/child_updown */
assert_hook();
assert_hook();
+ assert_track_sas(2, 2);
charon->ike_sa_manager->flush(charon->ike_sa_manager);
}
message_t *msg;
status_t s;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the IKE_SA */
exchange_test_helper->establish_sa(exchange_test_helper,
/* ike_rekey */
assert_hook();
+ assert_track_sas(0, 0);
}
END_TEST
message_t *msg;
status_t s;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the IKE_SA */
exchange_test_helper->establish_sa(exchange_test_helper,
/* ike_rekey */
assert_hook();
+ assert_track_sas(0, 0);
}
END_TEST
message_t *msg;
status_t s;
+ assert_track_sas_start();
+
if (_i)
{ /* responder rekeys the IKE_SA */
exchange_test_helper->establish_sa(exchange_test_helper,
/* ike_rekey */
assert_hook();
+ assert_track_sas(0, 0);
}
END_TEST
return TRUE;
}
+/**
+ * Track SAs via updown event.
+ */
+static void track_sa_updown(listener_track_sas_assert_t *this, char *event,
+ array_t *sas, uint32_t id, bool up)
+{
+ uint32_t existing;
+ bool found = FALSE;
+ int i;
+
+ if (up)
+ {
+ for (i = 0; i < array_count(sas); i++)
+ {
+ array_get(sas, i, &existing);
+ assert_listener_msg(id != existing, this, "duplicate %s(up) event "
+ "for SA %u", event, id);
+ }
+ array_insert(sas, ARRAY_TAIL, &id);
+ }
+ else
+ {
+ for (i = 0; i < array_count(sas); i++)
+ {
+ array_get(sas, i, &existing);
+ if (id == existing)
+ {
+ array_remove(sas, i, NULL);
+ found = TRUE;
+ break;
+ }
+ }
+ assert_listener_msg(found, this, "%s(down) event for unknown SA %u",
+ event, id);
+ }
+}
+
+/**
+ * Track SAs via a rekey event.
+ */
+static void track_sa_rekey(listener_track_sas_assert_t *this, char *event,
+ array_t *sas, uint32_t old_id, uint32_t new_id)
+{
+ uint32_t existing;
+ bool found = FALSE;
+ int i;
+
+ for (i = 0; i < array_count(sas); i++)
+ {
+ array_get(sas, i, &existing);
+ if (old_id == existing)
+ {
+ array_remove(sas, i, NULL);
+ found = TRUE;
+ break;
+ }
+ }
+ assert_listener_msg(found, this, "%s() event for unknown old SA %u", event,
+ old_id);
+
+ for (i = 0; i < array_count(sas); i++)
+ {
+ array_get(sas, i, &existing);
+ assert_listener_msg(new_id != existing, this, "%s() event for "
+ "already up new SA %u", event, new_id);
+ }
+ array_insert(sas, ARRAY_TAIL, &new_id);
+}
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_track_ike_updown(listener_t *listener,
+ ike_sa_t *ike_sa, bool up)
+{
+ listener_track_sas_assert_t *this = (listener_track_sas_assert_t*)listener;
+
+ track_sa_updown(this, "ike_updown", this->ike_sas,
+ ike_sa->get_unique_id(ike_sa), up);
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_track_child_updown(listener_t *listener,
+ ike_sa_t *ike_sa,
+ child_sa_t *child_sa, bool up)
+{
+ listener_track_sas_assert_t *this = (listener_track_sas_assert_t*)listener;
+
+ track_sa_updown(this, "child_updown", this->child_sas,
+ child_sa->get_unique_id(child_sa), up);
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_track_ike_rekey(listener_t *listener, ike_sa_t *old,
+ ike_sa_t *new)
+{
+ listener_track_sas_assert_t *this = (listener_track_sas_assert_t*)listener;
+
+ track_sa_rekey(this, "ike_rekey", this->ike_sas, old->get_unique_id(old),
+ new->get_unique_id(new));
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_track_child_rekey(listener_t *listener,
+ ike_sa_t *ike_sa, child_sa_t *old,
+ child_sa_t *new)
+{
+ listener_track_sas_assert_t *this = (listener_track_sas_assert_t*)listener;
+
+ track_sa_rekey(this, "child_rekey", this->child_sas, old->get_unique_id(old),
+ new->get_unique_id(new));
+ return TRUE;
+}
+
/**
* Assert a given message rule
*/
/*
- * Copyright (C) 2016-2017 Tobias Brunner
+ * Copyright (C) 2016-2022 Tobias Brunner
*
* Copyright (C) secunet Security Networks AG
*
#include <bus/listeners/listener.h>
typedef struct listener_hook_assert_t listener_hook_assert_t;
+typedef struct listener_track_sas_assert_t listener_track_sas_assert_t;
typedef struct listener_message_assert_t listener_message_assert_t;
typedef struct listener_message_rule_t listener_message_rule_t;
typedef struct ipsec_sas_assert_t ipsec_sas_assert_t;
} \
} while(FALSE)
+/**
+ * Track SAs by following events.
+ */
+struct listener_track_sas_assert_t {
+
+ /**
+ * Implemented interface
+ */
+ listener_t listener;
+
+ /**
+ * Original source file
+ */
+ const char *file;
+
+ /**
+ * Source line
+ */
+ int line;
+
+ /**
+ * Tracked IKE_SAs.
+ */
+ array_t *ike_sas;
+
+ /**
+ * Tracked CHILD_SAs.
+ */
+ array_t *child_sas;
+};
+
+
+/**
+ * Implementation of listener_t::ike_updown.
+ */
+bool exchange_test_asserts_track_ike_updown(listener_t *this, ike_sa_t *ike_sa,
+ bool up);
+
+/**
+ * Implementation of listener_t::child_updown.
+ */
+bool exchange_test_asserts_track_child_updown(listener_t *this, ike_sa_t *ike_sa,
+ child_sa_t *child_sa, bool up);
+
+/**
+ * Implementation of listener_t::ike_rekey.
+ */
+bool exchange_test_asserts_track_ike_rekey(listener_t *this, ike_sa_t *old,
+ ike_sa_t *new);
+
+/**
+ * Implementation of listener_t::child_rekey.
+ */
+bool exchange_test_asserts_track_child_rekey(listener_t *this, ike_sa_t *ike_sa,
+ child_sa_t *old, child_sa_t *new);
+
+/**
+ * Start tracking SAs via their hooks.
+ */
+#define assert_track_sas_start() \
+do { \
+ listener_track_sas_assert_t _track_sas_listener = { \
+ .listener = { \
+ .ike_updown = exchange_test_asserts_track_ike_updown, \
+ .ike_rekey = exchange_test_asserts_track_ike_rekey, \
+ .child_updown = exchange_test_asserts_track_child_updown, \
+ .child_rekey = exchange_test_asserts_track_child_rekey, \
+ }, \
+ .file = __FILE__, \
+ .line = __LINE__, \
+ .ike_sas = array_create(sizeof(uint32_t), 8), \
+ .child_sas = array_create(sizeof(uint32_t), 8), \
+ }; \
+ exchange_test_helper->add_listener(exchange_test_helper, &_track_sas_listener.listener)
+
+/**
+ * Check if there are the right number of SAs still up.
+ *
+ * @param ike the expected number of IKE_SAs
+ * @param child the expected number of CHILD_SAs
+ */
+#define assert_track_sas(ike, child) \
+ charon->bus->remove_listener(charon->bus, &_track_sas_listener.listener); \
+ u_int _up_ike = array_count(_track_sas_listener.ike_sas); \
+ u_int _up_child = array_count(_track_sas_listener.child_sas); \
+ array_destroy(_track_sas_listener.ike_sas); \
+ array_destroy(_track_sas_listener.child_sas); \
+ assert_listener_msg(_up_ike == (ike), &_track_sas_listener, \
+ "%d IKE_SAs without matching down event", _up_ike); \
+ assert_listener_msg(_up_child == (child), &_track_sas_listener, \
+ "%d CHILD_SAs without matching down event", _up_child); \
+} while(FALSE)
+
/**
* Rules regarding payloads/notifies to expect/not expect in a message
*/
projects / thirdparty / strongswan.git / commitdiff
