From owner-freebsd-hackers@freebsd.org Thu Aug 2 06:00:16 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 559581059439 for ; Thu, 2 Aug 2018 06:00:16 +0000 (UTC) (envelope-from christian.mauderer@embedded-brains.de) Received: from dedi548.your-server.de (dedi548.your-server.de [85.10.215.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CE12C74E35; Thu, 2 Aug 2018 06:00:15 +0000 (UTC) (envelope-from christian.mauderer@embedded-brains.de) Received: from [88.198.220.130] (helo=sslproxy01.your-server.de) by dedi548.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.85_2) (envelope-from ) id 1fl6ei-0007nz-Pk; Thu, 02 Aug 2018 08:00:12 +0200 Received: from [82.135.62.35] (helo=mail.embedded-brains.de) by sslproxy01.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1fl6ei-0001En-G3; Thu, 02 Aug 2018 08:00:12 +0200 Received: from localhost (localhost.localhost [127.0.0.1]) by mail.embedded-brains.de (Postfix) with ESMTP id C886D2A1685; Thu, 2 Aug 2018 08:00:29 +0200 (CEST) Received: from mail.embedded-brains.de ([127.0.0.1]) by localhost (zimbra.eb.localhost [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id rO0yjln_7mdy; Thu, 2 Aug 2018 08:00:27 +0200 (CEST) Received: from localhost (localhost.localhost [127.0.0.1]) by mail.embedded-brains.de (Postfix) with ESMTP id 71BC02A1686; Thu, 2 Aug 2018 08:00:27 +0200 (CEST) X-Virus-Scanned: amavisd-new at zimbra.eb.localhost Received: from mail.embedded-brains.de ([127.0.0.1]) by localhost (zimbra.eb.localhost [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0uO0cV0fb7mN; Thu, 2 Aug 2018 08:00:27 +0200 (CEST) Received: from [192.168.96.177] (unknown [192.168.96.177]) by mail.embedded-brains.de (Postfix) with ESMTPSA id 4087A2A1685; Thu, 2 Aug 2018 08:00:27 +0200 (CEST) Subject: Re: Configuration for IPSec Loop-Back Test To: "Bjoern A. Zeeb" , Alan Somers Cc: freebsd-hackers@freebsd.org References: <20127f75-c6d6-463e-046f-3844502f3da9@embedded-brains.de> <0842B1D8-AAB9-4553-AD0B-AB710CEDB68D@lists.zabbadoz.net> From: Christian Mauderer Openpgp: preference=signencrypt Autocrypt: addr=christian.mauderer@embedded-brains.de; prefer-encrypt=mutual; keydata= xsFNBFLXhAQBEACrTfMX2lFXJlA7pmoCXwz4jSRCfCOcgRRcvPxiw/Kb5ky2aG1OvFezra62 zysQQllygJdyRqBzOj0R/t8xtncR8D3MIUyLe71hpFzSOEkaC7w+cJOHLoAynV1zHpvBJ9k0 +d0ukL/mdGKwGOiI5JvKP/jxC/kHDedMr+RuHeWvwwYfYw3HgUURTBZXwl+9nzDXYAoSkt6e Lw4LK4gPAMNSg5bp9zg2oiLVH1Mc+UDiG3a11atxInuhBwCnVrvEbM4cDfaXxQwPOPnR83lV qPlcd/ggs8x5POpSYHqGWXFMkL8QcPHQQkyb+fmeo0UqKPH0n7SFs+tSkhwbpo5KtfvY5P7A KiDnKFoAg1PQn66ILd4yglt9w/F3RbDPDRp4+XGjajd5gc1IKap610Lna/ueO0Gd2Y1b/PDO njN7u7eNgwNuhbNQtTqvlItmkqx0wSbTWPC7uO1gl76VBksaXKrnrQDBiS0gOd7y0OIfd7VO TEE2ABo8iLiln1r5CN5jBhxxt7J8WMrfSI10UhREJtOWFy7c6UamDSUCdlzbakFCFY7E4CFu ipyCjQr5yBNmd5TPtJCL4KCWls4tVWDZWtBrI+BXGKMGzPO3UiPkT5T8zvlViVmTIdbrucgs 02LsSDbROOQrigXJWieiUexjajocmuRaXBZqxTu3jYS4+Ijf/wARAQABzTpDaHJpc3RpYW4g TWF1ZGVyZXIgPGNocmlzdGlhbi5tYXVkZXJlckBlbWJlZGRlZC1icmFpbnMuZGU+wsF/BBMB AgApBQJS14QEAhsjBQkJZgGABwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQPZabD0IS fb09lQ/8CZrerI5CcF+FHx40FL0LqnFZcJ88UhqVCCc0LlsDUWLzbvbkQgiAiHoIc9AfDRhT sECeg3BMFIXEnIzNuOD0Yr6XvUSUvdo2I5VuEkGB3tX6u86KlLHCCTfi5qiy2CbeaLCEO1+D 0/09SGNZL4fWUXLmGVjPR4cbgkwbG7Hl8P9WXH/n9EHfI10/Mbj2Y+eH4WcKnumrkup0OHfk 3rjKYmbWqxyZv9oGf+AOeyTbZ59EhX2/M2+7GuuKqiggN+1oQpXyec63dvqr0YGBmkU87qEG 4ncugVXaFf+B6ILPEOgROuZwT+xK3RrNroCmjqQXeMhN8lQ0kyrcavDmqk6ovEjF2EM8cUis NuYJEwmx6YMzvfTzMuX4kLJgW+zIz+Dz9hLX9Bqeey5O5xCJVLUXOYe8snEsMy84aE1H9n/6 /zCqXwHcvLjf9nDiOMLBiwFOQyRPwfAxcyvqE9ynsAFP4sRKod4pkrOG1CeRdNtAz/92hhCN sP9FOqst85yQOPfpN/tJzlkHbTOhuAFAypBk0pZIAtiRKO+vw2VSP3BeGXRZjgQ1/ElZ0CVC xFwEB4Qfo++ClMkREquy1GdvLaZ7Gex850ptv3Uur1oLm4yu9jbuWZUQTR9dqa4RBUBKIctw fwhAq8k2GMOa33gYUWVK0l1cH8xqqpj5QONmyrNApQbOwU0EUteEBAEQAMuuzztQKBR3vsQG UGzXHps5c3l5HzvZ9uR4qBem1IWM9TGMUcRKbcPf+hmVzZIV5gkV1B/1B+h90GhEGATpbYE6 OdoCB6vlpc/aXjOVc921TqJ4jDM8iYfl0CIDC7EHBUPCsza8rMJYo4QH3noWc5UxW+ceW4ue luYK5CSCqbDhjguoZjCaVB2NkPZKSsjGmhx7Rw0JVSivdhPStQ41y2W+azSwNlEsmQkCQW9i xHEjRW1RLVDROj1robqHArLNwI0/SySmebSKJRQ8IpG0iSyivZ5ibnyLvjri2n87AUBVGv/u CtbWsA7oIwF4VlknKUJwDraPs798Ig06lFjz6WsjEa0BZjmDPBjkHZEqbbBI0h/Zmqo7AOrU iBefxJRDKjzQRHe3srJWr0TK/U4Lxmv1cMnF3U8sBJSM9TOfMF6QLjL92AQsX6SZEno6tzBg 3PkLwbxoC1rHFRVRsLfPercynpuIv5jaUDTKf5TqW2T8hCXJshcgSNb9l5JiNdj1PyqC7+2D k2I2/Ts9LkQRHQIAflxyshcjeBubUnIwR70AYvgMF12tQC6ZeW1HVCk8P/SBk78f9+T8SEws MPJL7td8iE4sbEhyzl9dKN3ols85tZeHTsSo3r8s6MoAjq876SvpslEcuQp+6tyOgsORv/nZ KaU7TiPMk6FCtGvB26FlABEBAAHCwWUEGAECAA8FAlLXhAQCGwwFCQlmAYAACgkQPZabD0IS fb1Ztg//S78bHPvMneb7HrA1deOBultlOIlb07ntz9nIdLo6VHIulc9t5RA4KWLTR927H52k zaTIf+ingyRGSSx9glQZ/9unNL8QQVE5TY/Hvzdl+y05189qQwsMyIIx16g8HN2h7dhIunuG 1HSK5bPlbD7yC8+Az3ICdMPr2kh/0rOJEqtQF4ySH/FLXGlbTGRnhOcLtSwK3rAacm9HCPNq muPHQoVT/goDbWMXjBp/dr/AOMYLDUS5lEJuGN8kKajQ4YWUZAPucNKh7XP8g/1ylnZpu5Mz XolRqDRrbLzWkcCE4fuAlrjyJPo8/Fj9MRvdF4Jf0KMBtd/UnJbyLO9TqWdQ5sp05ZE5SmL6 sjBxekiLLO3VLMeID6X4tY08VItTCbcb/OgkIqoAKOJaPbQQ8QczRfefNkUF7vuLJ8oIcy6O LssMWItO+3FVa4M1GBwrN1O+YWUVzcxbxPCS/1gOfMakfvObIFsexNZCJZRUeeYGSNnSJGON ajRod+BAC+CQQFqA4f3cdwpNTmUiiP4hAyb+dKNdgpTPNKFsouwDHsN/d2xXQqOh8CBMwndf NSGVW0B2n9YtXgW+LYcUd/3o4Ei/lYy8csG0xZ4RZ70j2Tq8oe5DXpvFcNv4E+vURhFBc5W2 cLTtbgqL8+Roy3aPZDft02dFgZUC1XXGw3C9KoR9rsE= Organization: embedded brains GmbH Message-ID: Date: Thu, 2 Aug 2018 08:00:09 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <0842B1D8-AAB9-4553-AD0B-AB710CEDB68D@lists.zabbadoz.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-Authenticated-Sender: smtp-embedded@poldinet.de X-Virus-Scanned: Clear (ClamAV 0.100.0/24804/Thu Aug 2 02:43:46 2018) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2018 06:00:16 -0000 Am 01.08.2018 um 18:22 schrieb Bjoern A. Zeeb: > On 1 Aug 2018, at 14:50, Alan Somers wrote: >=20 >> On Wed, Aug 1, 2018 at 7:15 AM, Christian Mauderer < >> christian.mauderer@embedded-brains.de> wrote: >> >>> Hello, >>> >>> I'm working on a port for IPSec and ipsec-tools (racoon, setkey, >>> libipsec) to an embedded operating system (RTEMS). RTEMS uses the >>> FreeBSD network stack via a compatibility layer (rtems-libbsd). >>> >>> I can already create a IPSec connection on some real hardware with so= me >>> real peer. To prevent regression in a future version, I would like to >>> add a test that would check that the port still works. That test woul= d >>> have to run on a system _without_ a real hardware peer. Therefore I >>> would like to create some IPSec loop back connection. In that case >>> racoon would have to talk to itself because I currently only support = one >>> instance. >>> >>> Do you have any hints how I could create such a network? >>> >>> My current thought would be something along a virtual network device >>> (maybe tun?) that can be connected to some other virtual network devi= ce >>> via for example a bridge device. Maybe I could then try to configure = two >>> gif-devices that would use this tunnel. racoon would have to listen o= n >>> both devices (maybe on different ports). >>> >>> Currently I have trouble setting this up. Are there any simpler ideas >>> for an IPSec loop back connection that would use most of the stack >>> layers? >>> >>> Thanks in advance for every answer. >>> >>> With kind regards >>> >>> Christian Mauderer >>> >> >> Does RTEMS support multiple FIBs?=C2=A0 In FreeBSD I've done this kind= of >> thing >> using multiple FIBs with tap(4) devices (though tun(4) might work for >> your >> use case).=C2=A0 In the FreeBSD source tree, see >> tests/sys/netinet/fibs_test.sh. >=20 >=20 > And, on FreeBSD,=C2=A0 I have used VIMAGE ( which I doubt you have ) th= ough > with two vnets in two jails talking to each other or three of them with > a middle node forwarding or five of them with two clients, two security > gateways, and a forwarding node. >=20 > /bz Thanks a lot for the answers. I had a look at both suggestions: - FIBs are currently not really implemented. Theoretically it should be possible to add them. But it would be quite some effort and it would add some code that is only used for the tests but would be always active. - Regarding VIMAGE / vnets: You are right: That part is not imported. Most likely I'll fall back to writing an example instead of an automated test. So we can still at least make sure that everything is compile-clean and it is possible to sometimes run the test manually. Best regards Christian Mauderer