X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=tests%2Fovs-monitor-ipsec.at;h=bd150cf9727519447521c89326daa60760afe808;hb=fba6bd1d3f5891471daea8bf5da22303c2d889df;hp=f2794e0384513926553465e3009e3eadb34f9009;hpb=b153e667907ed68164a15207ad5f91ad4c39927c;p=sliver-openvswitch.git diff --git a/tests/ovs-monitor-ipsec.at b/tests/ovs-monitor-ipsec.at index f2794e038..bd150cf97 100644 --- a/tests/ovs-monitor-ipsec.at +++ b/tests/ovs-monitor-ipsec.at @@ -3,10 +3,12 @@ AT_BANNER([ovs-monitor-ipsec]) AT_SETUP([ovs-monitor-ipsec]) AT_SKIP_IF([test $HAVE_PYTHON = no]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR +OVS_DBDIR=`pwd`; export OVS_DBDIR OVS_PKGDATADIR=`pwd`; export OVS_PKGDATADIR cp "$top_srcdir/vswitchd/vswitch.ovsschema" . -trap 'kill `cat pid ovs-monitor-ipsec.pid`' 0 +ON_EXIT([kill `cat pid ovs-monitor-ipsec.pid`]) mkdir etc etc/init.d etc/racoon etc/racoon/certs mkdir usr usr/sbin @@ -31,7 +33,7 @@ chmod +x usr/sbin/setkey touch etc/racoon/certs/ovs-stale.pem ovs_vsctl () { - ovs-vsctl --timeout=5 --no-wait -vreconnect:ANY:emer --db=unix:socket "$@" + ovs-vsctl --no-wait -vreconnect:emer --db=unix:socket "$@" } trim () { # Removes blank lines and lines starting with # from input. sed -e '/^#/d' -e '/^[ ]*$/d' "$@" @@ -219,4 +221,95 @@ sainfo anonymous { ]) AT_CHECK([test ! -f etc/racoon/certs/ovs-2.3.4.5.pem]) +### +### Add an SSL certificate interface. +### +cp cert.pem ssl-cert.pem +cp key.pem ssl-key.pem +AT_DATA([ssl-cacert.pem], [dnl +-----BEGIN CERTIFICATE----- +(not a real CA certificate) +-----END CERTIFICATE----- +]) +AT_CHECK([ovs_vsctl set-ssl /ssl-key.pem /ssl-cert.pem /ssl-cacert.pem \ + -- add-port br0 gre2 \ + -- set Interface gre2 type=ipsec_gre \ + options:remote_ip=3.4.5.6 \ + options:peer_cert='"-----BEGIN CERTIFICATE----- +(not a real peer certificate) +-----END CERTIFICATE----- +"' \ + options:use_ssl_cert='"true"']) +OVS_WAIT_UNTIL([test `wc -l < actions` -ge 33]) +AT_CHECK([sed '1,29d' actions], [0], [dnl +racoon: reload +setkey: +> spdadd 0.0.0.0/0 3.4.5.6 gre -P out ipsec esp/transport//require; +> spdadd 3.4.5.6 0.0.0.0/0 gre -P in ipsec esp/transport//require; +]) +AT_CHECK([trim etc/racoon/psk.txt], [0], []) +AT_CHECK([trim etc/racoon/racoon.conf], [0], [dnl +path pre_shared_key "/etc/racoon/psk.txt"; +path certificate "/etc/racoon/certs"; +remote 3.4.5.6 { + exchange_mode main; + nat_traversal on; + ike_frag on; + certificate_type x509 "/ssl-cert.pem" "/ssl-key.pem"; + my_identifier asn1dn; + peers_identifier asn1dn; + peers_certfile x509 "/etc/racoon/certs/ovs-3.4.5.6.pem"; + verify_identifier on; + proposal { + encryption_algorithm aes; + hash_algorithm sha1; + authentication_method rsasig; + dh_group 2; + } +} +sainfo anonymous { + pfs_group 2; + lifetime time 1 hour; + encryption_algorithm aes; + authentication_algorithm hmac_sha1, hmac_md5; + compression_algorithm deflate; +} +]) +AT_CHECK([cat etc/racoon/certs/ovs-3.4.5.6.pem], [0], [dnl +-----BEGIN CERTIFICATE----- +(not a real peer certificate) +-----END CERTIFICATE----- +]) + +### +### Delete the SSL certificate interface. +### +AT_CHECK([ovs_vsctl del-port gre2]) +OVS_WAIT_UNTIL([test `wc -l < actions` -ge 41]) +AT_CHECK([sed '1,33d' actions], [0], [dnl +racoon: reload +setkey: +> spddelete 0.0.0.0/0 3.4.5.6 gre -P out; +> spddelete 3.4.5.6 0.0.0.0/0 gre -P in; +setkey: +> dump ; +setkey: +> dump ; +]) +AT_CHECK([trim etc/racoon/psk.txt], [0], []) +AT_CHECK([trim etc/racoon/racoon.conf], [0], [dnl +path pre_shared_key "/etc/racoon/psk.txt"; +path certificate "/etc/racoon/certs"; +sainfo anonymous { + pfs_group 2; + lifetime time 1 hour; + encryption_algorithm aes; + authentication_algorithm hmac_sha1, hmac_md5; + compression_algorithm deflate; +} +]) +AT_CHECK([test ! -f etc/racoon/certs/ovs-3.4.5.6.pem]) + +OVSDB_SERVER_SHUTDOWN + AT_CLEANUP