From 469a449a1ea05ef81338eabb1c6596128dc4b40c Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Mon, 21 Dec 2015 13:04:24 +0100 Subject: [PATCH] Demo branch showing the creation of a listener plugin --- configure.ac | 4 + src/libcharon/Makefile.am | 7 ++ .../encoding/payloads/notify_payload.c | 8 +- .../encoding/payloads/notify_payload.h | 2 + src/libcharon/plugins/demo/Makefile.am | 18 +++ src/libcharon/plugins/demo/demo_listener.c | 115 ++++++++++++++++++ src/libcharon/plugins/demo/demo_listener.h | 50 ++++++++ src/libcharon/plugins/demo/demo_plugin.c | 107 ++++++++++++++++ src/libcharon/plugins/demo/demo_plugin.h | 45 +++++++ testing/scripts/recipes/013_strongswan.mk | 3 +- .../swanctl/net2net-demo/description.txt | 6 + .../tests/swanctl/net2net-demo/evaltest.dat | 5 + .../hosts/moon/etc/strongswan.conf | 22 ++++ .../hosts/moon/etc/swanctl/swanctl.conf | 29 +++++ .../hosts/sun/etc/strongswan.conf | 14 +++ .../hosts/sun/etc/swanctl/swanctl.conf | 29 +++++ .../tests/swanctl/net2net-demo/posttest.dat | 5 + .../tests/swanctl/net2net-demo/pretest.dat | 9 ++ testing/tests/swanctl/net2net-demo/test.conf | 25 ++++ 19 files changed, 500 insertions(+), 3 deletions(-) create mode 100644 src/libcharon/plugins/demo/Makefile.am create mode 100644 src/libcharon/plugins/demo/demo_listener.c create mode 100644 src/libcharon/plugins/demo/demo_listener.h create mode 100644 src/libcharon/plugins/demo/demo_plugin.c create mode 100644 src/libcharon/plugins/demo/demo_plugin.h create mode 100755 testing/tests/swanctl/net2net-demo/description.txt create mode 100755 testing/tests/swanctl/net2net-demo/evaltest.dat create mode 100755 testing/tests/swanctl/net2net-demo/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/swanctl/net2net-demo/hosts/moon/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/net2net-demo/hosts/sun/etc/strongswan.conf create mode 100755 testing/tests/swanctl/net2net-demo/hosts/sun/etc/swanctl/swanctl.conf create mode 100755 testing/tests/swanctl/net2net-demo/posttest.dat create mode 100755 testing/tests/swanctl/net2net-demo/pretest.dat create mode 100755 testing/tests/swanctl/net2net-demo/test.conf diff --git a/configure.ac b/configure.ac index 1ef437389a..f9dbc9e180 100644 --- a/configure.ac +++ b/configure.ac @@ -276,6 +276,7 @@ ARG_ENABL_SET([save-keys], [enable development/debugging plugin that saves ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with invalid system time gracefully.]) ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.]) ARG_DISBL_SET([updown], [disable updown firewall script plugin.]) +ARG_ENABL_SET([demo], [enable demo plugin.]) # programs/components ARG_ENABL_SET([aikgen], [enable AIK generator for TPM 1.2.]) ARG_DISBL_SET([charon], [disable the IKEv1/IKEv2 keying daemon charon.]) @@ -1508,6 +1509,7 @@ ADD_PLUGIN([uci], [c charon]) ADD_PLUGIN([addrblock], [c charon]) ADD_PLUGIN([unity], [c charon]) ADD_PLUGIN([counters], [c charon]) +ADD_PLUGIN([demo], [c charon]) AC_SUBST(charon_plugins) AC_SUBST(starter_plugins) @@ -1685,6 +1687,7 @@ AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue) AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue) AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue) AM_CONDITIONAL(USE_COUNTERS, test x$counters = xtrue) +AM_CONDITIONAL(USE_DEMO, test x$demo = xtrue) # other options # --------------- @@ -1985,6 +1988,7 @@ AC_CONFIG_FILES([ src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile + src/libcharon/plugins/demo/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 15ac7a6d1e..c4e03d96f4 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -733,6 +733,13 @@ if MONOLITHIC endif endif +if USE_DEMO + SUBDIRS += plugins/demo +if MONOLITHIC + libcharon_la_LIBADD += plugins/demo/libstrongswan-demo.la +endif +endif + if MONOLITHIC SUBDIRS += . endif diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index a69db93577..4a03addf6f 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -136,7 +136,9 @@ ENUM_NEXT(notify_type_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE, "ME_CONNECTAUTH", "ME_RESPONSE", "RADIUS_ATTRIBUTE"); -ENUM_END(notify_type_names, RADIUS_ATTRIBUTE); +ENUM_NEXT(notify_type_names, DEMO_PAYLOAD, DEMO_PAYLOAD, RADIUS_ATTRIBUTE, + "DEMO_PAYLOAD"); +ENUM_END(notify_type_names, DEMO_PAYLOAD); ENUM_BEGIN(notify_type_short_names, UNSUPPORTED_CRITICAL_PAYLOAD, UNSUPPORTED_CRITICAL_PAYLOAD, @@ -250,7 +252,9 @@ ENUM_NEXT(notify_type_short_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE "ME_CAUTH", "ME_R", "RADIUS"); -ENUM_END(notify_type_short_names, RADIUS_ATTRIBUTE); +ENUM_NEXT(notify_type_short_names, DEMO_PAYLOAD, DEMO_PAYLOAD, RADIUS_ATTRIBUTE, + "DEMO"); +ENUM_END(notify_type_short_names, DEMO_PAYLOAD); typedef struct private_notify_payload_t private_notify_payload_t; diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index b0cf69d02e..0d1feb0970 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -178,6 +178,8 @@ enum notify_type_t { ME_RESPONSE = 40968, /* RADIUS attribute received/to send to a AAA backend */ RADIUS_ATTRIBUTE = 40969, + /* DEMO payload */ + DEMO_PAYLOAD = 42000, }; /** diff --git a/src/libcharon/plugins/demo/Makefile.am b/src/libcharon/plugins/demo/Makefile.am new file mode 100644 index 0000000000..63f1617fcd --- /dev/null +++ b/src/libcharon/plugins/demo/Makefile.am @@ -0,0 +1,18 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-demo.la +else +plugin_LTLIBRARIES = libstrongswan-demo.la +endif + +libstrongswan_demo_la_SOURCES = \ + demo_plugin.h demo_plugin.c \ + demo_listener.h demo_listener.c + +libstrongswan_demo_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/demo/demo_listener.c b/src/libcharon/plugins/demo/demo_listener.c new file mode 100644 index 0000000000..f5d717c5fc --- /dev/null +++ b/src/libcharon/plugins/demo/demo_listener.c @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2015-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "demo_listener.h" + +#include +#include +#include + +typedef struct private_demo_listener_t private_demo_listener_t; + +/** + * Private data of a demo_listener_t object. + */ +struct private_demo_listener_t { + + /** + * Public demo_listener_t interface. + */ + demo_listener_t public; + + /** + * SHA-1 hasher used to hash DEMO payload. + */ + hasher_t *hasher; + +}; + +METHOD(listener_t, message, bool, + private_demo_listener_t *this, + ike_sa_t *ike_sa, message_t *message, bool incoming, bool plain) +{ + enumerator_t *enumerator; + payload_t *payload; + notify_payload_t *notify; + ike_sa_id_t *ike_sa_id; + chunk_t data = chunk_empty; + char *demo_str; + + if (plain && message->get_exchange_type(message) == CREATE_CHILD_SA) + { + ike_sa_id = ike_sa->get_id(ike_sa); + + if (incoming) + { + enumerator = message->create_payload_enumerator(message); + while (enumerator->enumerate(enumerator, &payload)) + { + if (payload->get_type(payload) == PLV2_NOTIFY) + { + notify = (notify_payload_t*)payload; + if (notify->get_notify_type(notify) == DEMO_PAYLOAD) + { + data = notify->get_notification_data(notify); + break; + } + } + } + enumerator->destroy(enumerator); + + if (data.len) + { + DBG1(DBG_IKE, "received %.*s", data.len, data.ptr); + } + } + else + { + demo_str = ike_sa_id->is_initiator(ike_sa_id) ? "demo request" : + "demo response"; + DBG1(DBG_IKE, "sending %s", demo_str); + data = chunk_from_str(demo_str); + message->add_notify(message, FALSE, DEMO_PAYLOAD, data); + } + } + return TRUE; +} + +METHOD(demo_listener_t, destroy, void, + private_demo_listener_t *this) +{ + DESTROY_IF(this->hasher); + free(this); +} + +/** + * See header + */ +demo_listener_t *demo_listener_create() +{ + private_demo_listener_t *this; + + INIT(this, + .public = { + .listener = { + .message = _message, + }, + .destroy = _destroy, + }, + .hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1), + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/demo/demo_listener.h b/src/libcharon/plugins/demo/demo_listener.h new file mode 100644 index 0000000000..3cbbcc5cbd --- /dev/null +++ b/src/libcharon/plugins/demo/demo_listener.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2015-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup demo_listener demo_listener + * @{ @ingroup demo + */ + +#ifndef DEMO_LISTENER_H_ +#define DEMO_LISTENER_H_ + + +#include + +typedef struct demo_listener_t demo_listener_t; + +/** + * Insert and process DEMO notify payload + */ +struct demo_listener_t { + + /** + * Implements a listener. + */ + listener_t listener; + + /** + * Destroy a demo_listener_t. + */ + void (*destroy)(demo_listener_t *this); +}; + +/** + * Create a demo_listener instance. + */ +demo_listener_t *demo_listener_create(); + +#endif /** DEMO_LISTENER_H_ @}*/ diff --git a/src/libcharon/plugins/demo/demo_plugin.c b/src/libcharon/plugins/demo/demo_plugin.c new file mode 100644 index 0000000000..fd15fe6b46 --- /dev/null +++ b/src/libcharon/plugins/demo/demo_plugin.c @@ -0,0 +1,107 @@ +/* + * Copyright (C) 2015-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + + +#include "demo_plugin.h" +#include "demo_listener.h" + +#include + +typedef struct private_demo_plugin_t private_demo_plugin_t; + +/** + * Private data of a demo_plugin_t object. + */ +struct private_demo_plugin_t { + + /** + * Public radius_plugin_t interface. + */ + demo_plugin_t public; + + /** + * Message listener inserting and processing DEMO notify payload + */ + demo_listener_t *demo; +}; + +METHOD(plugin_t, get_name, char*, + private_demo_plugin_t *this) +{ + return "demo"; +} + +/** + * Register listener + */ +static bool plugin_cb(private_demo_plugin_t *this, + plugin_feature_t *feature, bool reg, void *cb_data) +{ + if (reg) + { + this->demo = demo_listener_create(); + if (this->demo) + { + charon->bus->add_listener(charon->bus, &this->demo->listener); + } + } + else + { + if (this->demo) + { + charon->bus->remove_listener(charon->bus, &this->demo->listener); + this->demo->destroy(this->demo); + } + } + return TRUE; +} + +METHOD(plugin_t, get_features, int, + private_demo_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL), + PLUGIN_PROVIDE(CUSTOM, "demo"), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_demo_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *demo_plugin_create() +{ + private_demo_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/demo/demo_plugin.h b/src/libcharon/plugins/demo/demo_plugin.h new file mode 100644 index 0000000000..020b5ebc57 --- /dev/null +++ b/src/libcharon/plugins/demo/demo_plugin.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2015 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup demo demo + * @ingroup cplugins + * + * @defgroup demo_plugin demo_plugin + * @{ @ingroup demo + */ + +#ifndef DEMO_PLUGIN_H_ +#define DEMO_PLUGIN_H_ + +#include + +typedef struct demo_plugin_t demo_plugin_t; + +/** + * DEMO plugin. + * + * This plugin subscribes a listener to the IKE message hook and provides + * the sending and processing of a DEMO notify payload. + */ +struct demo_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** DEMO_PLUGIN_H_ @}*/ diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk index 13a1b23c8f..31b471df8c 100644 --- a/testing/scripts/recipes/013_strongswan.mk +++ b/testing/scripts/recipes/013_strongswan.mk @@ -105,7 +105,8 @@ CONFIG_OPTS = \ --enable-newhope \ --enable-systemd \ --enable-counters \ - --enable-save-keys + --enable-save-keys \ + --enable-demo export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat diff --git a/testing/tests/swanctl/net2net-demo/description.txt b/testing/tests/swanctl/net2net-demo/description.txt new file mode 100755 index 0000000000..345769a5f4 --- /dev/null +++ b/testing/tests/swanctl/net2net-demo/description.txt @@ -0,0 +1,6 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on X.509 certificates. Upon the successful +establishment of the IPsec tunnel, the updown script automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/swanctl/net2net-demo/evaltest.dat b/testing/tests/swanctl/net2net-demo/evaltest.dat new file mode 100755 index 0000000000..898f2f2097 --- /dev/null +++ b/testing/tests/swanctl/net2net-demo/evaltest.dat @@ -0,0 +1,5 @@ +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-demo/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-demo/hosts/moon/etc/strongswan.conf new file mode 100755 index 0000000000..ed1fe60e5c --- /dev/null +++ b/testing/tests/swanctl/net2net-demo/hosts/moon/etc/strongswan.conf @@ -0,0 +1,22 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici demo + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + syslog { + daemon { + default = 1 + } + auth { + default = 0 + } + } +} diff --git a/testing/tests/swanctl/net2net-demo/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-demo/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..ea53e921b0 --- /dev/null +++ b/testing/tests/swanctl/net2net-demo/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,29 @@ +connections { + + gw-gw { + local_addrs = 192.168.0.1 + remote_addrs = 192.168.0.2 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + id = sun.strongswan.org + } + children { + net-net { + local_ts = 10.1.0.0/16 + remote_ts = 10.2.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/net2net-demo/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-demo/hosts/sun/etc/strongswan.conf new file mode 100755 index 0000000000..9a80e51825 --- /dev/null +++ b/testing/tests/swanctl/net2net-demo/hosts/sun/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici demo + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/net2net-demo/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-demo/hosts/sun/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..c3512132f2 --- /dev/null +++ b/testing/tests/swanctl/net2net-demo/hosts/sun/etc/swanctl/swanctl.conf @@ -0,0 +1,29 @@ +connections { + + gw-gw { + local_addrs = 192.168.0.2 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = sunCert.pem + id = sun.strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + net-net { + local_ts = 10.2.0.0/16 + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/net2net-demo/posttest.dat b/testing/tests/swanctl/net2net-demo/posttest.dat new file mode 100755 index 0000000000..30d10b5551 --- /dev/null +++ b/testing/tests/swanctl/net2net-demo/posttest.dat @@ -0,0 +1,5 @@ +moon::swanctl --terminate --ike gw-gw 2> /dev/null +moon::service charon stop 2> /dev/null +sun::service charon stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/net2net-demo/pretest.dat b/testing/tests/swanctl/net2net-demo/pretest.dat new file mode 100755 index 0000000000..dd6729cc5c --- /dev/null +++ b/testing/tests/swanctl/net2net-demo/pretest.dat @@ -0,0 +1,9 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +moon::service charon start 2> /dev/null +sun::service charon start 2> /dev/null +moon::expect-connection gw-gw +sun::expect-connection gw-gw +moon::swanctl --initiate --child net-net 2> /dev/null +moon::swanctl --terminate --child net-net 2> /dev/null +moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-demo/test.conf b/testing/tests/swanctl/net2net-demo/test.conf new file mode 100755 index 0000000000..07a3b247a1 --- /dev/null +++ b/testing/tests/swanctl/net2net-demo/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" + +# charon controlled by swanctl +# +SWANCTL=1 -- 2.47.2