#!/bin/bash
#
# !!!!YOU MUST RUN THIS SCRIPT AS ROOT!!!!
#
# This is test input for the ipsadm program. This was originally
# written by Gordon Oliver, and is hereby placed in the public domain.
# There is of course NO WARRANTY for any of this, and since it is
# in the public domain, you may do as you wish...
#
# The configurable part is in hostsetup.
#

if [ $# != 1 ]; then
  echo "$0: usage $0 [ A | B ]";
  exit 1;
fi

SOURCE=$1
. hostsetup

#
# install the necessary modules
# with nice protective syncs so you won't lose too much data :-)
#

sync; sync;
insmod pfkey
insmod ipsec

#
# Set up four host aliases on the given network address.
# this allows the test to be done between two computers...
#

ifconfig ${ETH}:1 ${LOCAL_1} up
ifconfig ${ETH}:2 ${LOCAL_2} up
ifconfig ${ETH}:3 ${LOCAL_3} up
ifconfig ${ETH}:4 ${LOCAL_4} up

ipsadm << EOF
create 1;
create 2;
create 3;
attach ipsec0 ${ETH}:1;
attach ipsec1 ${ETH}:2;
attach ipsec2 ${ETH}:3;
attach ipsec3 ${ETH}:4;
EOF


#
# Config all of the ipsec ifc's up.
#
ifconfig ipsec0 up
ifconfig ipsec1 up
ifconfig ipsec2 up
ifconfig ipsec3 up

#
# set up the routes
# (must be done manually for now)
# dump out the results at the end.

route add ${REMOTE_1} dev ipsec0
route add ${REMOTE_2} dev ipsec1
route add ${REMOTE_3} dev ipsec2
route add ${REMOTE_4} dev ipsec3
route

#
# now create a bunch of SA's and bundles.
# sync first in case something is totally broken.
# Note that the # sign is also a comment indicater for ipsadm...
#
sync; sync;
echo "Running IPSADM"
ipsadm << EOF2

#
# The general rules here are...
#	First the SA's
#	Then Bundles
#	Then Rules.
#
# Set up stuff between H1A and H1B
# Host 1A to Host 1B Have the following rules
#	ICMP goes in a Simple AH, transport mode.
#	All other communication goes in an ESP followed by an AH
#	The authentication is shared between the two bundles.
#
add ah spi 0x101
	source ${H1A}
	dest ${H1B}
	md5-hmac ahkey 32 0X11134591;

add esp spi 0x102
	source ${H1A}
	dest ${H1B}
	des-cbc espkey 64 0X8719833ACECDA478;

add ah spi 0x101
	source ${H1B}
	dest ${H1A}
	md5-hmac ahkey 32 0X97134519;

add esp spi 0x102
	source ${H1B}
	dest ${H1A}
	des-cbc espkey 64 0X891983391ECDA4a8;

bundle add 11 ah 0x101 ${H1B};
bundle add 12 esp 0x102 ${H1B} ah 0x101 ${H1B};
bundle add 13 ah 0x101 ${H1A};
bundle add 14 esp 0x102 ${H1A} ah 0x101 ${H1A};

policy add ${FROMA} source ${H1A} dest ${H1B}
	protocol 1 position 0xffff bundle 11;
policy add ${FROMA} source ${H1A} dest ${H1B}
	position 0xffff bundle 12;
policy add ${FROMB} source ${H1B} dest ${H1A}
	protocol 1 position 0xffff bundle 13;
policy add ${FROMB} source ${H1B} dest ${H1A}
	position 0xffff bundle 14;

#
# Host 2A to Host 2B Have the following rules
#	Everything in the direction B->A goes in a single ESP with SHA1 auth
#	FTP (TCP port 21) from A->B goes in a combined AH, ESP
#	Everything else goes in an ESP.
#

add esp spi 0x102
	source ${H2A}
	dest ${H2B}
	des-cbc espkey 64 0X1113459111134591
	sha1 ahkey 64 0X11a3459111135591;

add ah spi 0x102
	source ${H2A}
	dest ${H2B}
	md5-hmac ahkey 64 0X11a3459111135591;

add esp spi 0x102
	source ${H2B}
	dest ${H2A}
	des-cbc espkey 64 0X1113459111134591;

bundle add 21 esp 0x102 ${H2B};
bundle add 22 esp 0x102 ${H2B} ah 0x102 ${H2B};
bundle add 23 esp 0x102 ${H2A};

policy add ${FROMA} source ${H2A} dest ${H2B}
	dport 21 protocol 6 position 0xffff bundle 21;
policy add ${FROMA} source ${H2A} dest ${H2B}
	position 0xffff bundle 22;
policy add ${FROMB} source ${H2B} dest ${H2A}
	position 0xffff bundle 23;


#
# Host 3A to Host 3B Have the following rules
#	everything goes in a single tunnel mode ESP with Auth...
#

add esp spi 0x102
	source ${H3A}
	proxy ${H3A}
	dest ${H3B}
	replay 10
	des-cbc espkey 64 0X1A13499111134591
	md5-hmac ahkey 64 0X38AC878B87129763;

add esp spi 0x102
	source ${H3B}
	proxy ${H3B}
	dest ${H3A}
	replay 10
	des3-cbc espkey 192 0X1A134e91111345911b134ea1131345c111b3347a1131845c
	sha1 ahkey 64 0X38AC875B87129763;

bundle add 31 esp 0x102 ${H3A};
bundle add 32 esp 0x102 ${H3B};

policy add ${FROMA} source ${H3A} dest ${H3B}
	position 0xffff bundle 32;
policy add ${FROMB} source ${H3B} dest ${H3A}
	position 0xffff bundle 31;

#
# Host 4A to Host 4B Have the following rules
#	everything goes in a old style ESP and AH transport.
#

add esp spi 0x102
	source ${H4A}
	dest ${H4B}
	des-iv32 espkey 64 0X1A13499111134591;

add ah spi 0x102
	source ${H4A}
	dest ${H4B}
	replay 10
	md5-kpdk ahkey 64 0X38AC878B87129763;

add esp spi 0x102
	source ${H4B}
	dest ${H4A}
	des-iv32 espkey 64 0X1C13299114174591;

add ah spi 0x102
	source ${H4B}
	dest ${H4A}
	replay 10
	md5-kpdk ahkey 64 0X3FAC876B8712a763;

bundle add 41 esp 0x102 ${H4A} ah 0x102 ${H4A};
bundle add 42 esp 0x102 ${H4B} ah 0x102 ${H4B};

policy add ${FROMA} source ${H4A} dest ${H4B}
	position 0xffff bundle 42;
policy add ${FROMB} source ${H4B} dest ${H4A}
	position 0xffff bundle 41;
EOF2
