search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / crypto / dist / ipsec-tools / src / libipsec / test-policy-priority.c
blob858bc3a6d733e8258b56b381366bb29178b419a6
1 /* $NetBSD: test-policy-priority.c,v 1.3 2006/09/09 16:22:09 manu Exp $ */
2
3 /* $KAME: test-policy.c,v 1.16 2003/08/26 03:24:08 itojun Exp $ */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #include <sys/types.h>
39 #include <sys/param.h>
40 #include <sys/socket.h>
41
42 #include <netinet/in.h>
43 #include <net/pfkeyv2.h>
44 #include PATH_IPSEC_H
45
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <unistd.h>
49 #include <string.h>
50 #include <errno.h>
51 #include <err.h>
52
53 #include "libpfkey.h"
54
55 struct req_t {
56 int result; /* expected result; 0:ok 1:ng */
57 int dump_result; /* dumped result expected to match original: 1:yes 0:no */
58 char *str;
59 u_int32_t expected_priority;
60 } reqs[] = {
61 #ifdef HAVE_PFKEY_POLICY_PRIORITY
62 { 0, 0, "out ipsec esp/transport//require", PRIORITY_DEFAULT },
63 { 0, 0, "out prio -1 ipsec esp/transport//require", PRIORITY_DEFAULT + 1 },
64 { 0, 0, "out priority 2147483648 ipsec esp/transport//require", 0 },
65 { 0, 1, "in prio def ipsec esp/transport//require", PRIORITY_DEFAULT },
66 { 0, 1, "in prio low ipsec esp/transport//require", PRIORITY_LOW },
67 { 0, 1, "in prio high ipsec esp/transport//require", PRIORITY_HIGH },
68 { 0, 1, "in prio def + 1 ipsec esp/transport//require", PRIORITY_DEFAULT - 1 },
69 { 0, 1, "in prio def - 1 ipsec esp/transport//require", PRIORITY_DEFAULT + 1},
70 { 0, 1, "in prio low + 1 ipsec esp/transport//require", PRIORITY_LOW - 1 },
71 { 0, 1, "in prio low - 1 ipsec esp/transport//require", PRIORITY_LOW + 1 },
72 { 0, 1, "in prio high + 1 ipsec esp/transport//require", PRIORITY_HIGH - 1 },
73 { 0, 1, "in prio high - 1 ipsec esp/transport//require", PRIORITY_HIGH + 1 },
74 { 1, 0, "in prio low - -1 ipsec esp/transport//require", 0 },
75 { 1, 0, "in prio low + high ipsec esp/transport//require", 0 },
76 #else
77 { 0, 1, "out ipsec esp/transport//require", 0 },
78 { 1, 0, "out prio -1 ipsec esp/transport//require", 0 },
79 { 1, 0, "in prio def ipsec esp/transport//require", 0 },
80 { 1, 0, "in prio def + 1 ipsec esp/transport//require", 0 },
81 #endif
82 };
83
84 int test1 __P((void));
85 int test1sub1 __P((struct req_t *));
86 int test1sub2 __P((char *, int));
87 int test2 __P((void));
88 int test2sub __P((int));
89
90 int
91 main(ac, av)
92 int ac;
93 char **av;
94 {
95 return test1();
96 }
97
98 int
99 test1()
100 {
101 int i;
102 int result;
103 int error = 0;
104
105 printf("TEST1\n");
106 for (i = 0; i < sizeof(reqs)/sizeof(reqs[0]); i++) {
107 printf("#%d [%s]\n", i + 1, reqs[i].str);
108
109 result = test1sub1(&reqs[i]);
110 if (result == 0 && reqs[i].result == 1) {
111 error = 1;
112 warnx("ERROR: expecting failure.");
113 } else if (result == 1 && reqs[i].result == 0) {
114 error = 1;
115 warnx("ERROR: expecting success.");
116 }
117 }
118
119 return error;
120 }
121
122 int
123 test1sub1(req)
124 struct req_t *req;
125 {
126 char *policy;
127 char *policy_str;
128 struct sadb_x_policy *xpl;
129
130 int len;
131
132 policy = ipsec_set_policy(req->str, strlen(req->str));
133 if (policy == NULL) {
134 if (req->result == 0) {
135 printf("ipsec_set_policy: %s\n", ipsec_strerror());
136 }
137 return 1;
138 }
139
140 #ifdef HAVE_PFKEY_POLICY_PRIORITY
141 /* check priority matches expected */
142 xpl = (struct sadb_x_policy *)policy;
143 if (xpl->sadb_x_policy_priority != req->expected_priority) {
144 printf("Actual priority %u does not match expected priority %u\n",
145 xpl->sadb_x_policy_priority, req->expected_priority);
146 free(policy);
147 return 1;
148 }
149 #endif
150
151 if (req->dump_result) {
152 /* invert policy */
153 len = ipsec_get_policylen(policy);
154 if ((policy_str = ipsec_dump_policy(policy, NULL)) == NULL) {
155 printf("%s\n", ipsec_strerror());
156 free(policy);
157 return 1;
158 }
159
160 /* check that they match */
161 if (strcmp(req->str, policy_str) != 0) {
162 printf("ipsec_dump_policy result (%s) does not match original "
163 "(%s)\n", policy_str, req->str);
164 free(policy_str);
165 free(policy);
166 return 1;
167 }
168
169 free(policy_str);
170 }
171
172 free(policy);
173 return 0;
174 }
NetBSD on the FriendlyARM MINI2440