URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [ecos-3.0/] [packages/] [net/] [ipsec/] [libipsec/] [current/] [tests/] [test-policy.c] - Blame information for rev 834

Go to most recent revision | Details | Compare with Previous | View Log


//==========================================================================
//
//      test/test-policy.c
//
//==========================================================================
// ####BSDCOPYRIGHTBEGIN####                                    
// -------------------------------------------                  
// This file is part of eCos, the Embedded Configurable Operating System.
//
// Portions of this software may have been derived from FreeBSD, OpenBSD,
// or other sources, and if so are covered by the appropriate copyright
// and license included herein.                                 
//
// Portions created by the Free Software Foundation are         
// Copyright (C) 2002 Free Software Foundation, Inc.            
// -------------------------------------------                  
// ####BSDCOPYRIGHTEND####                                      
//==========================================================================
 
/*      $KAME: test-policy.c,v 1.16 2003/08/26 03:24:08 itojun Exp $    */
 
/*
 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */
 
#include "network.h"
 
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
 
#include <netinet/in.h>
#include <net/pfkeyv2.h>
#include <netkey/key_debug.h>
#include <netinet6/ipsec.h>
 
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
 
#if 1 //ECOS
#include <cyg/infra/testcase.h>
#include <cyg/infra/diag.h>
 
#define  errx(eval, fmt, ... ) \
 CYG_MACRO_START             \
 char buf[128];              \
 diag_snprintf(buf, sizeof(buf), fmt, ##__VA_ARGS__); \
 CYG_TEST_FAIL_FINISH(buf); \
 CYG_MACRO_END
 
#define warn  CYG_TEST_INFO
#define warnx CYG_TEST_INFO
#define err(eval, str) CYG_TEST_FAIL_FINISH(str)
//#define printf diag_printf
#else
//#include <err.h>
#endif
 
#include "libpfkey.h"
 
struct req_t {
        int result;     /* expected result; 0:ok 1:ng */
        char *str;
} reqs[] = {
{ 0, "out ipsec" },
{ 1, "must_error" },
{ 1, "in ipsec must_error" },
{ 1, "out ipsec esp/must_error" },
{ 1, "out discard" },
{ 1, "out none" },
{ 0, "in entrust" },
{ 0, "out entrust" },
{ 1, "out ipsec esp" },
{ 0, "in ipsec ah/transport" },
{ 1, "in ipsec ah/tunnel" },
{ 0, "out ipsec ah/transport/" },
{ 1, "out ipsec ah/tunnel/" },
{ 0, "in ipsec esp / transport / 10.0.0.1-10.0.0.2" },
#ifdef CYGPKG_NET_INET6
{ 0, "in ipsec esp/tunnel/::1-::2" },
{ 1, "in ipsec esp/tunnel/10.0.0.1-::2" },
{ 0, "in ipsec esp/tunnel/::1-::2/require" },
#endif
{ 0, "out ipsec ah/transport//use" },
{ 1, "out ipsec ah/transport esp/use" },
{ 1, "in ipsec ah/transport esp/tunnel" },
#ifdef CYGPKG_NET_INET6
{ 0, "in ipsec ah/transport esp/tunnel/::1-::1" },
{ 0, "in ipsec\n"
"       ah / transport\n"
"       esp / tunnel / ::1-::2" },
{ 0, "out ipsec\n"
"       ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"
"       ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"
"       ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"
"       " },
{ 0, "out ipsec esp/transport/fec0::10-fec0::11/use" },
#endif
};
 
int test1 __P((void));
int test1sub1 __P((struct req_t *));
int test1sub2 __P((char *, int));
int test2 __P((void));
int test2sub __P((int));
 
int
main(int ac, char **av)
{
 
        init_all_network_interfaces();
 
        test1();
        test2();
 
        CYG_TEST_FINISH("done");
        exit(0);
}
 
int
test1()
{
        int i;
        int result;
 
        printf("TEST1\n");
        for (i = 0; i < sizeof(reqs)/sizeof(reqs[0]); i++) {
                printf("#%d [%s]\n", i + 1, reqs[i].str);
 
                result = test1sub1(&reqs[i]);
                if (result == 0 && reqs[i].result == 1) {
                        warnx("ERROR: expecting failure.");
                } else if (result == 1 && reqs[i].result == 0) {
                        warnx("ERROR: expecting success.");
                }
        }
 
        return 0;
}
 
int
test1sub1(req)
        struct req_t *req;
{
        char *buf;
 
        buf = ipsec_set_policy(req->str, strlen(req->str));
        if (buf == NULL) {
                printf("ipsec_set_policy: %s\n", ipsec_strerror());
                return 1;
        }
 
        if (test1sub2(buf, PF_INET) != 0 ||
#ifdef CYG_PKG_NET_INET6
            test1sub2(buf, PF_INET6) != 0
#else
 
#endif
            ) {
                free(buf);
                return 1;
        }
#if 0
        kdebug_sadb_x_policy((struct sadb_ext *)buf);
#endif
        free(buf);
        return 0;
}
 
int
test1sub2(policy, family)
        char *policy;
        int family;
{
        int so;
        int proto = 0, optname = 0;
        int len;
        char getbuf[1024];
 
        switch (family) {
        case PF_INET:
                proto = IPPROTO_IP;
                optname = IP_IPSEC_POLICY;
                break;
        case PF_INET6:
                proto = IPPROTO_IPV6;
                optname = IPV6_IPSEC_POLICY;
                break;
        }
 
        if ((so = socket(family, SOCK_DGRAM, 0)) < 0)
                err(1, "socket");
 
        len = ipsec_get_policylen(policy);
#if 0
        printf("\tsetlen:%d\n", len);
#endif
 
        if (setsockopt(so, proto, optname, policy, len) < 0) {
                printf("fail to set sockopt; %s\n", strerror(errno));
                close(so);
                return 1;
        }
 
        memset(getbuf, 0, sizeof(getbuf));
        memcpy(getbuf, policy, sizeof(struct sadb_x_policy));
        if (getsockopt(so, proto, optname, getbuf, &len) < 0) {
                printf("fail to get sockopt; %s\n", strerror(errno));
                close(so);
                return 1;
        }
 
    {
        char *buf = NULL;
 
#if 0
        printf("\tgetlen:%d\n", len);
#endif
 
        if ((buf = ipsec_dump_policy(getbuf, NULL)) == NULL) {
                printf("%s\n", ipsec_strerror());
                close(so);
                return 1;
        }
#if 1
        printf("\t[%s]\n", buf);
#endif
        free(buf);
    }
 
        close (so);
        return 0;
}
 
char addr[] = {
        28, 28, 0, 0,
        0, 0, 0, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1,
        0, 0, 0, 0,
};
 
int
test2()
{
        int so;
        char *pol1 = "out ipsec";
        char *pol2 = "out ipsec ah/transport//use";
        char *sp1, *sp2;
        int splen1, splen2;
        int spid;
        struct sadb_msg *m;
 
        printf("TEST2\n");
#if 0
        if (getuid() != 0)
                errx(1, "root privilege required.");
#endif
        sp1 = ipsec_set_policy(pol1, strlen(pol1));
        splen1 = ipsec_get_policylen(sp1);
        sp2 = ipsec_set_policy(pol2, strlen(pol2));
        splen2 = ipsec_get_policylen(sp2);
 
        if ((so = pfkey_open()) < 0)
                errx(1, "ERROR: %s", ipsec_strerror());
 
        printf("spdflush()\n");
        if (pfkey_send_spdflush(so) < 0)
                errx(1, "ERROR: %s", ipsec_strerror());
        m = pfkey_recv(so);
        free(m);
 
        printf("spdsetidx()\n");
        if (pfkey_send_spdsetidx(so, (struct sockaddr *)addr, 128,
                                (struct sockaddr *)addr, 128,
                                255, sp1, splen1, 0) < 0)
                errx(1, "ERROR: %s", ipsec_strerror());
        m = pfkey_recv(so);
        free(m);
 
        printf("spdupdate()\n");
        if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128,
                                (struct sockaddr *)addr, 128,
                                255, sp2, splen2, 0) < 0)
                errx(1, "ERROR: %s", ipsec_strerror());
        m = pfkey_recv(so);
        free(m);
 
        printf("sleep(4)\n");
        sleep(4);
 
        printf("spddelete()\n");
        if (pfkey_send_spddelete(so, (struct sockaddr *)addr, 128,
                                (struct sockaddr *)addr, 128,
                                255, sp1, splen1, 0) < 0)
                errx(1, "ERROR: %s", ipsec_strerror());
        m = pfkey_recv(so);
        free(m);
 
        printf("spdadd()\n");
        if (pfkey_send_spdadd(so, (struct sockaddr *)addr, 128,
                                (struct sockaddr *)addr, 128,
                                255, sp2, splen2, 0) < 0)
                errx(1, "ERROR: %s", ipsec_strerror());
        spid = test2sub(so);
 
        printf("spdget(%u)\n", spid);
        if (pfkey_send_spdget(so, spid) < 0)
                errx(1, "ERROR: %s", ipsec_strerror());
        m = pfkey_recv(so);
        free(m);
 
        printf("sleep(4)\n");
        sleep(4);
 
        printf("spddelete2()\n");
        if (pfkey_send_spddelete2(so, spid) < 0)
                errx(1, "ERROR: %s", ipsec_strerror());
        m = pfkey_recv(so);
        free(m);
 
        printf("spdadd() with lifetime's 10(s)\n");
        if (pfkey_send_spdadd2(so, (struct sockaddr *)addr, 128,
                                (struct sockaddr *)addr, 128,
                                255, 0, 10, sp2, splen2, 0) < 0)
                errx(1, "ERROR: %s", ipsec_strerror());
        spid = test2sub(so);
 
        /* expecting failure */
        printf("spdupdate()\n");
        if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128,
                                (struct sockaddr *)addr, 128,
                                255, sp2, splen2, 0) == 0) {
                warnx("ERROR: expecting failure.");
        }
 
        return 0;
}
 
int
test2sub(so)
        int so;
{
        struct sadb_msg *msg;
        caddr_t mhp[SADB_EXT_MAX + 1];
 
        if ((msg = pfkey_recv(so)) == NULL)
                errx(1, "ERROR: pfkey_recv failure.");
        if (pfkey_align(msg, mhp) < 0)
                errx(1, "ERROR: pfkey_align failure.");
 
        return ((struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY])->sadb_x_policy_id;
}
 

Browse

Tools

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [ecos-3.0/] [packages/] [net/] [ipsec/] [libipsec/] [current/] [tests/] [test-policy.c] - Blame information for rev 834

Line No.	Rev	Author	Line
1	786	skrzyp	`//==========================================================================`
2			`//`
3			`// test/test-policy.c`
4			`//`
5			`//==========================================================================`
6			`// ####BSDCOPYRIGHTBEGIN####`
7			`// -------------------------------------------`
8			`// This file is part of eCos, the Embedded Configurable Operating System.`
9			`//`
10			`// Portions of this software may have been derived from FreeBSD, OpenBSD,`
11			`// or other sources, and if so are covered by the appropriate copyright`
12			`// and license included herein.`
13			`//`
14			`// Portions created by the Free Software Foundation are`
15			`// Copyright (C) 2002 Free Software Foundation, Inc.`
16			`// -------------------------------------------`
17			`// ####BSDCOPYRIGHTEND####`
18			`//==========================================================================`
19
20			`/* $KAME: test-policy.c,v 1.16 2003/08/26 03:24:08 itojun Exp $ */`
21
22			`/*`
23			`* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.`
24			`* All rights reserved.`
25			`*`
26			`* Redistribution and use in source and binary forms, with or without`
27			`* modification, are permitted provided that the following conditions`
28			`* are met:`
29			`* 1. Redistributions of source code must retain the above copyright`
30			`* notice, this list of conditions and the following disclaimer.`
31			`* 2. Redistributions in binary form must reproduce the above copyright`
32			`* notice, this list of conditions and the following disclaimer in the`
33			`* documentation and/or other materials provided with the distribution.`
34			`* 3. Neither the name of the project nor the names of its contributors`
35			`* may be used to endorse or promote products derived from this software`
36			`* without specific prior written permission.`
37			`*`
38			* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
39			`* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
40			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE`
41			`* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE`
42			`* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
43			`* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS`
44			`* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
45			`* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT`
46			`* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY`
47			`* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
48			`* SUCH DAMAGE.`
49			`*/`
50
51			`#include "network.h"`
52
53			`#include <sys/types.h>`
54			`#include <sys/param.h>`
55			`#include <sys/socket.h>`
56
57			`#include <netinet/in.h>`
58			`#include <net/pfkeyv2.h>`
59			`#include <netkey/key_debug.h>`
60			`#include <netinet6/ipsec.h>`
61
62			`#include <stdio.h>`
63			`#include <stdlib.h>`
64			`#include <unistd.h>`
65			`#include <string.h>`
66			`#include <errno.h>`
67
68			`#if 1 //ECOS`
69			`#include <cyg/infra/testcase.h>`
70			`#include <cyg/infra/diag.h>`
71
72			`#define errx(eval, fmt, ... ) \`
73			`CYG_MACRO_START \`
74			`char buf[128]; \`
75			`diag_snprintf(buf, sizeof(buf), fmt, ##__VA_ARGS__); \`
76			`CYG_TEST_FAIL_FINISH(buf); \`
77			`CYG_MACRO_END`
78
79			`#define warn CYG_TEST_INFO`
80			`#define warnx CYG_TEST_INFO`
81			`#define err(eval, str) CYG_TEST_FAIL_FINISH(str)`
82			`//#define printf diag_printf`
83			`#else`
84			`//#include <err.h>`
85			`#endif`
86
87			`#include "libpfkey.h"`
88
89			`struct req_t {`
90			`int result; /* expected result; 0:ok 1:ng */`
91			`char *str;`
92			`} reqs[] = {`
93			`{ 0, "out ipsec" },`
94			`{ 1, "must_error" },`
95			`{ 1, "in ipsec must_error" },`
96			`{ 1, "out ipsec esp/must_error" },`
97			`{ 1, "out discard" },`
98			`{ 1, "out none" },`
99			`{ 0, "in entrust" },`
100			`{ 0, "out entrust" },`
101			`{ 1, "out ipsec esp" },`
102			`{ 0, "in ipsec ah/transport" },`
103			`{ 1, "in ipsec ah/tunnel" },`
104			`{ 0, "out ipsec ah/transport/" },`
105			`{ 1, "out ipsec ah/tunnel/" },`
106			`{ 0, "in ipsec esp / transport / 10.0.0.1-10.0.0.2" },`
107			`#ifdef CYGPKG_NET_INET6`
108			`{ 0, "in ipsec esp/tunnel/::1-::2" },`
109			`{ 1, "in ipsec esp/tunnel/10.0.0.1-::2" },`
110			`{ 0, "in ipsec esp/tunnel/::1-::2/require" },`
111			`#endif`
112			`{ 0, "out ipsec ah/transport//use" },`
113			`{ 1, "out ipsec ah/transport esp/use" },`
114			`{ 1, "in ipsec ah/transport esp/tunnel" },`
115			`#ifdef CYGPKG_NET_INET6`
116			`{ 0, "in ipsec ah/transport esp/tunnel/::1-::1" },`
117			`{ 0, "in ipsec\n"`
118			`" ah / transport\n"`
119			`" esp / tunnel / ::1-::2" },`
120			`{ 0, "out ipsec\n"`
121			`" ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"`
122			`" ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"`
123			`" ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"`
124			`" " },`
125			`{ 0, "out ipsec esp/transport/fec0::10-fec0::11/use" },`
126			`#endif`
127			`};`
128
129			`int test1 __P((void));`
130			`int test1sub1 __P((struct req_t *));`
131			`int test1sub2 __P((char *, int));`
132			`int test2 __P((void));`
133			`int test2sub __P((int));`
134
135			`int`
136			`main(int ac, char **av)`
137			`{`
138
139			`init_all_network_interfaces();`
140
141			`test1();`
142			`test2();`
143
144			`CYG_TEST_FINISH("done");`
145			`exit(0);`
146			`}`
147
148			`int`
149			`test1()`
150			`{`
151			`int i;`
152			`int result;`
153
154			`printf("TEST1\n");`
155			`for (i = 0; i < sizeof(reqs)/sizeof(reqs[0]); i++) {`
156			`printf("#%d [%s]\n", i + 1, reqs[i].str);`
157
158			`result = test1sub1(&reqs[i]);`
159			`if (result == 0 && reqs[i].result == 1) {`
160			`warnx("ERROR: expecting failure.");`
161			`} else if (result == 1 && reqs[i].result == 0) {`
162			`warnx("ERROR: expecting success.");`
163			`}`
164			`}`
165
166			`return 0;`
167			`}`
168
169			`int`
170			`test1sub1(req)`
171			`struct req_t *req;`
172			`{`
173			`char *buf;`
174
175			`buf = ipsec_set_policy(req->str, strlen(req->str));`
176			`if (buf == NULL) {`
177			`printf("ipsec_set_policy: %s\n", ipsec_strerror());`
178			`return 1;`
179			`}`
180
181			`if (test1sub2(buf, PF_INET) != 0 \|\|`
182			`#ifdef CYG_PKG_NET_INET6`
183			`test1sub2(buf, PF_INET6) != 0`
184			`#else`
185
186			`#endif`
187			`) {`
188			`free(buf);`
189			`return 1;`
190			`}`
191			`#if 0`
192			`kdebug_sadb_x_policy((struct sadb_ext *)buf);`
193			`#endif`
194			`free(buf);`
195			`return 0;`
196			`}`
197
198			`int`
199			`test1sub2(policy, family)`
200			`char *policy;`
201			`int family;`
202			`{`
203			`int so;`
204			`int proto = 0, optname = 0;`
205			`int len;`
206			`char getbuf[1024];`
207
208			`switch (family) {`
209			`case PF_INET:`
210			`proto = IPPROTO_IP;`
211			`optname = IP_IPSEC_POLICY;`
212			`break;`
213			`case PF_INET6:`
214			`proto = IPPROTO_IPV6;`
215			`optname = IPV6_IPSEC_POLICY;`
216			`break;`
217			`}`
218
219			`if ((so = socket(family, SOCK_DGRAM, 0)) < 0)`
220			`err(1, "socket");`
221
222			`len = ipsec_get_policylen(policy);`
223			`#if 0`
224			`printf("\tsetlen:%d\n", len);`
225			`#endif`
226
227			`if (setsockopt(so, proto, optname, policy, len) < 0) {`
228			`printf("fail to set sockopt; %s\n", strerror(errno));`
229			`close(so);`
230			`return 1;`
231			`}`
232
233			`memset(getbuf, 0, sizeof(getbuf));`
234			`memcpy(getbuf, policy, sizeof(struct sadb_x_policy));`
235			`if (getsockopt(so, proto, optname, getbuf, &len) < 0) {`
236			`printf("fail to get sockopt; %s\n", strerror(errno));`
237			`close(so);`
238			`return 1;`
239			`}`
240
241			`{`
242			`char *buf = NULL;`
243
244			`#if 0`
245			`printf("\tgetlen:%d\n", len);`
246			`#endif`
247
248			`if ((buf = ipsec_dump_policy(getbuf, NULL)) == NULL) {`
249			`printf("%s\n", ipsec_strerror());`
250			`close(so);`
251			`return 1;`
252			`}`
253			`#if 1`
254			`printf("\t[%s]\n", buf);`
255			`#endif`
256			`free(buf);`
257			`}`
258
259			`close (so);`
260			`return 0;`
261			`}`
262
263			`char addr[] = {`
264			`28, 28, 0, 0,`
265			`0, 0, 0, 0,`
266			`0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1,`
267			`0, 0, 0, 0,`
268			`};`
269
270			`int`
271			`test2()`
272			`{`
273			`int so;`
274			`char *pol1 = "out ipsec";`
275			`char *pol2 = "out ipsec ah/transport//use";`
276			`char sp1, sp2;`
277			`int splen1, splen2;`
278			`int spid;`
279			`struct sadb_msg *m;`
280
281			`printf("TEST2\n");`
282			`#if 0`
283			`if (getuid() != 0)`
284			`errx(1, "root privilege required.");`
285			`#endif`
286			`sp1 = ipsec_set_policy(pol1, strlen(pol1));`
287			`splen1 = ipsec_get_policylen(sp1);`
288			`sp2 = ipsec_set_policy(pol2, strlen(pol2));`
289			`splen2 = ipsec_get_policylen(sp2);`
290
291			`if ((so = pfkey_open()) < 0)`
292			`errx(1, "ERROR: %s", ipsec_strerror());`
293
294			`printf("spdflush()\n");`
295			`if (pfkey_send_spdflush(so) < 0)`
296			`errx(1, "ERROR: %s", ipsec_strerror());`
297			`m = pfkey_recv(so);`
298			`free(m);`
299
300			`printf("spdsetidx()\n");`
301			`if (pfkey_send_spdsetidx(so, (struct sockaddr *)addr, 128,`
302			`(struct sockaddr *)addr, 128,`
303			`255, sp1, splen1, 0) < 0)`
304			`errx(1, "ERROR: %s", ipsec_strerror());`
305			`m = pfkey_recv(so);`
306			`free(m);`
307
308			`printf("spdupdate()\n");`
309			`if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128,`
310			`(struct sockaddr *)addr, 128,`
311			`255, sp2, splen2, 0) < 0)`
312			`errx(1, "ERROR: %s", ipsec_strerror());`
313			`m = pfkey_recv(so);`
314			`free(m);`
315
316			`printf("sleep(4)\n");`
317			`sleep(4);`
318
319			`printf("spddelete()\n");`
320			`if (pfkey_send_spddelete(so, (struct sockaddr *)addr, 128,`
321			`(struct sockaddr *)addr, 128,`
322			`255, sp1, splen1, 0) < 0)`
323			`errx(1, "ERROR: %s", ipsec_strerror());`
324			`m = pfkey_recv(so);`
325			`free(m);`
326
327			`printf("spdadd()\n");`
328			`if (pfkey_send_spdadd(so, (struct sockaddr *)addr, 128,`
329			`(struct sockaddr *)addr, 128,`
330			`255, sp2, splen2, 0) < 0)`
331			`errx(1, "ERROR: %s", ipsec_strerror());`
332			`spid = test2sub(so);`
333
334			`printf("spdget(%u)\n", spid);`
335			`if (pfkey_send_spdget(so, spid) < 0)`
336			`errx(1, "ERROR: %s", ipsec_strerror());`
337			`m = pfkey_recv(so);`
338			`free(m);`
339
340			`printf("sleep(4)\n");`
341			`sleep(4);`
342
343			`printf("spddelete2()\n");`
344			`if (pfkey_send_spddelete2(so, spid) < 0)`
345			`errx(1, "ERROR: %s", ipsec_strerror());`
346			`m = pfkey_recv(so);`
347			`free(m);`
348
349			`printf("spdadd() with lifetime's 10(s)\n");`
350			`if (pfkey_send_spdadd2(so, (struct sockaddr *)addr, 128,`
351			`(struct sockaddr *)addr, 128,`
352			`255, 0, 10, sp2, splen2, 0) < 0)`
353			`errx(1, "ERROR: %s", ipsec_strerror());`
354			`spid = test2sub(so);`
355
356			`/* expecting failure */`
357			`printf("spdupdate()\n");`
358			`if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128,`
359			`(struct sockaddr *)addr, 128,`
360			`255, sp2, splen2, 0) == 0) {`
361			`warnx("ERROR: expecting failure.");`
362			`}`
363
364			`return 0;`
365			`}`
366
367			`int`
368			`test2sub(so)`
369			`int so;`
370			`{`
371			`struct sadb_msg *msg;`
372			`caddr_t mhp[SADB_EXT_MAX + 1];`
373
374			`if ((msg = pfkey_recv(so)) == NULL)`
375			`errx(1, "ERROR: pfkey_recv failure.");`
376			`if (pfkey_align(msg, mhp) < 0)`
377			`errx(1, "ERROR: pfkey_align failure.");`
378
379			`return ((struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY])->sadb_x_policy_id;`
380			`}`
381