From owner-freebsd-hackers@freebsd.org  Wed Aug  1 14:50:07 2018
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B038105F6BD
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Wed,  1 Aug 2018 14:50:07 +0000 (UTC)
 (envelope-from asomers@gmail.com)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com
 [IPv6:2a00:1450:4864:20::12a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 694B8778E1
 for <freebsd-hackers@freebsd.org>; Wed,  1 Aug 2018 14:50:06 +0000 (UTC)
 (envelope-from asomers@gmail.com)
Received: by mail-lf1-x12a.google.com with SMTP id v22-v6so13515443lfe.8
 for <freebsd-hackers@freebsd.org>; Wed, 01 Aug 2018 07:50:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc;
 bh=W4b3O2oE9fKwWu9tBKHzxKmlEpg/5b/7E/e8ZxmsVeI=;
 b=P201cGJDbN77HwpFWsgJ3iXWxwBBgVuDlHN/3V/Ed5EsPTuFIL+s8vOxioOl1vEH80
 oOfmgTZORDbue5icUMz0Cq/1EiPUK5jtjKLvxmHLZfFvNyiGLnLqaHakbfj9d0Pr3eB5
 QTG/ob5wqPZkmmO56DPT3gMd57wCorZ3l7QmUz8RpeKUnyZkO8orBJHU5Jt4e3hkVgkG
 0PKMWbCv2epLrD4oOrb+5aynS++WRSiGds9mQt8WbB5/P+1Llh00xeTTiRlhfXz/rZVp
 SD2hNKvMPerAn0h8nar/khzAfKLMXH5t0VcRwhDmYEPHl89QTfJNPcZPPQ0IaYRkJZRY
 Z87A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc;
 bh=W4b3O2oE9fKwWu9tBKHzxKmlEpg/5b/7E/e8ZxmsVeI=;
 b=kjUYK2NngyZa6gRs8uPTVxgbIKa+O1yoYCt+CnFxNYh8BIj9S0eVEcXMP9Rt4on8Vu
 6gZ7i+Pkxh44VjVP0X6wZ+Pbr4WceAO5g1JSgOSo47Qya0PdQ/Npcta9/wRBe16XCdl4
 gPNF6nE/80YoL5OfFR5dB4uUnxG+Hycq9a1VgkAwtjBqWh+SBuQidb/cJtbh1oWDviKm
 Y11w0t5LOrMllrpGTasI9PZWP7F8YJ1cq+WofEsTPsMhv3Tzc8bxN6vYg7pnPOn8BImL
 rB0G2tFDZF7J68igE2wX+PVvM2ct4wI9swlTZV9d71/k59lxgd9FN8DBdH4rQObaHZXC
 Z8QQ==
X-Gm-Message-State: AOUpUlFxUHhgpvWnbP8Pmks0+g9SDGXneE0LX3NEnuk7UQnL9DkNgbKM
 XFBQivt11FCzQd3WcbYlnu9E/DfKkMwpF34+EHoxhg==
X-Google-Smtp-Source: AAOMgpc8BlhGTzkRfG06xtwaYLateYPR7La6AnlV94E3dYGbn+tyXUgbWuTEPgcs1HnS2PpvY7cT8idDfByXFzXqARw=
X-Received: by 2002:a19:a417:: with SMTP id
 q23-v6mr15631976lfc.59.1533135004923; 
 Wed, 01 Aug 2018 07:50:04 -0700 (PDT)
MIME-Version: 1.0
Sender: asomers@gmail.com
Received: by 2002:ab3:7851:0:0:0:0:0 with HTTP;
 Wed, 1 Aug 2018 07:50:04 -0700 (PDT)
In-Reply-To: <20127f75-c6d6-463e-046f-3844502f3da9@embedded-brains.de>
References: <20127f75-c6d6-463e-046f-3844502f3da9@embedded-brains.de>
From: Alan Somers <asomers@freebsd.org>
Date: Wed, 1 Aug 2018 08:50:04 -0600
X-Google-Sender-Auth: _twKfi7WPQG9cdL8AKnX2UImh-g
Message-ID: <CAOtMX2hzxKHBaBtmWcLdNDiDSThGSMribQ7HeKxh+8qOTCB3_g@mail.gmail.com>
Subject: Re: Configuration for IPSec Loop-Back Test
To: Christian Mauderer <christian.mauderer@embedded-brains.de>
Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.27
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Aug 2018 14:50:07 -0000

On Wed, Aug 1, 2018 at 7:15 AM, Christian Mauderer <
christian.mauderer@embedded-brains.de> wrote:

> Hello,
>
> I'm working on a port for IPSec and ipsec-tools (racoon, setkey,
> libipsec) to an embedded operating system (RTEMS). RTEMS uses the
> FreeBSD network stack via a compatibility layer (rtems-libbsd).
>
> I can already create a IPSec connection on some real hardware with some
> real peer. To prevent regression in a future version, I would like to
> add a test that would check that the port still works. That test would
> have to run on a system _without_ a real hardware peer. Therefore I
> would like to create some IPSec loop back connection. In that case
> racoon would have to talk to itself because I currently only support one
> instance.
>
> Do you have any hints how I could create such a network?
>
> My current thought would be something along a virtual network device
> (maybe tun?) that can be connected to some other virtual network device
> via for example a bridge device. Maybe I could then try to configure two
> gif-devices that would use this tunnel. racoon would have to listen on
> both devices (maybe on different ports).
>
> Currently I have trouble setting this up. Are there any simpler ideas
> for an IPSec loop back connection that would use most of the stack layers?
>
> Thanks in advance for every answer.
>
> With kind regards
>
> Christian Mauderer
>

Does RTEMS support multiple FIBs?  In FreeBSD I've done this kind of thing
using multiple FIBs with tap(4) devices (though tun(4) might work for your
use case).  In the FreeBSD source tree, see tests/sys/netinet/fibs_test.sh.

-Alan