ipsec

Change-Id: I3379e4991a5c705b5b0a14e5fee2eb165cc8a1e3
WIP: asterisk: Use jolly/work branch
2024-05-15 20:25:21 +02:00 · 2024-05-15 20:25:21 +02:00 · 2024-05-15 20:25:01 +02:00
6 changed files with 77 additions and 3 deletions
--- a/asterisk-master/Dockerfile
+++ b/asterisk-master/Dockerfile
@ -38,7 +38,7 @@ WORKDIR	/home/${username}

 # clone pjproject
 ARG	PJPROJECT_REMOTE=https://gitea.sysmocom.de/sysmocom/pjproject.git
-ARG	PJPROJECT_BRANCH=sysmocom/2.14
+ARG	PJPROJECT_BRANCH=jolly/work

 RUN	git clone $PJPROJECT_REMOTE
 ADD	https://gitea.sysmocom.de/api/v1/repos/sysmocom/pjproject/git/refs/heads/$PJPROJECT_BRANCH /tmp/pjproject-ver
@ -53,7 +53,7 @@ ARG	ASTERISK_REMOTE=https://gitea.sysmocom.de/sysmocom/asterisk.git
 RUN	git clone $ASTERISK_REMOTE

 RUN	cd asterisk && \
-	git fetch && git checkout -f -B sysmocom/master origin/sysmocom/master
+	git fetch && git checkout -f -B jolly/work origin/jolly/work

 # Use pjproject from git repo above instead of downloading tar.gz:
 RUN	cd asterisk/third-party/pjproject && \
@ -64,7 +64,7 @@ RUN	cd asterisk && \
 	./configure && \
 	make "-j$(nproc)"

-ARG	ASTERISK_BRANCH=sysmocom/master
+ARG	ASTERISK_BRANCH=jolly/work

 ADD	https://gitea.sysmocom.de/api/v1/repos/sysmocom/asterisk/git/refs/heads/$ASTERISK_BRANCH /tmp/asterisk-ver

--- a/common/ttcn3-docker-run.sh
+++ b/common/ttcn3-docker-run.sh
@ -31,6 +31,9 @@ if [ -n "$WAIT_FOR_NETDEV" ]; then
 	done
 fi

+# Make sure /data is owned to the user running inside docker.
+# jenkins-commons.sh fix_perms() will fix back the permissions once done.
+chown -R "$(id -u):$(id -g)" /data
 cd /data

 # Use TEST_NAME to only run one test instead of all. Set it like this:
--- a/debian-bookworm-titan-master/Dockerfile
+++ b/debian-bookworm-titan-master/Dockerfile
@ -20,6 +20,7 @@ RUN	set -x && \
 		build-essential \
 		ca-certificates \
 		git \
+		iproute2 \
 		iputils-ping \
 		netcat-openbsd \
 		procps \
--- a/debian-bookworm-titan/Dockerfile
+++ b/debian-bookworm-titan/Dockerfile
@ -21,6 +21,7 @@ RUN	set -x && \
 		ca-certificates \
 		ccache \
 		git \
+		iproute2 \
 		iputils-ping \
 		netcat-openbsd \
 		procps \
--- a/ttcn3-asterisk-ims-ue-test/ipsec_setup.sh
+++ b/ttcn3-asterisk-ims-ue-test/ipsec_setup.sh
@ -0,0 +1,66 @@
+#!/bin/sh
+
+# use: ipset_setup.sh \
+# $LOC_IP $LOC_PORT_C $LOC_SPI_C $LOC_PORT_S $LOC_SPI_S \
+# $REM_IP $REM_PORT_C $REM_SPI_C $REM_PORT_S $REM_SPI_S \
+# $AUTH_KEY
+
+LOC_IP="${1}"
+LOC_PORT_C="${2}"
+LOC_SPI_C="${3}"
+LOC_PORT_S="${4}"
+LOC_SPI_S="${5}"
+REM_IP="${6}"
+REM_PORT_C="${7}"
+REM_SPI_C="${8}"
+REM_PORT_S="${9}"
+REM_SPI_S="${10}"
+AUTH_KEY="${11}"
+
+set -x
+
+# use: ip_xfrm <src_ip> <src_port> <dst_ip> <dst_port> <spi>
+ip_xfrm_state() {
+        ip xfrm state add \
+        src "${1}" dst "${3}" proto esp spi "${5}" reqid "${5}" mode transport \
+        replay-window 32 \
+        auth-trunc sha1 "${AUTH_KEY}" 96 \
+        enc cipher_null "" \
+        sel src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}"
+}
+
+# TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C
+ip_xfrm_state "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}"
+
+# TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S
+ip_xfrm_state "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}"
+
+# Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S
+ip_xfrm_state "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}"
+
+# Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C
+ip_xfrm_state "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}"
+
+# use: ip_xfrm <src_ip> <src_port> <dst_ip> <dst_port> <req_id> <dir>
+ip_xfrm_policy() {
+        ip xfrm policy add \
+        src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}" \
+        dir "${6}" \
+        tmpl src "${1}" dst "${3}" \
+        proto esp reqid "${5}" mode transport
+}
+
+# TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C out
+ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}" "out"
+
+# TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S out
+ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}" "out"
+
+# Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S in
+ip_xfrm_policy "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}" "in"
+
+# Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C in
+ip_xfrm_policy "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}" "in"
+
+#ip xfrm state
+#ip xfrm policy
--- a/ttcn3-asterisk-ims-ue-test/jenkins.sh
+++ b/ttcn3-asterisk-ims-ue-test/jenkins.sh
@ -13,6 +13,7 @@ mkdir $VOL_BASE_DIR/asterisk-ims-ue-tester
 mkdir $VOL_BASE_DIR/asterisk-ims-ue-tester/unix
 cp Asterisk_Tests.cfg $VOL_BASE_DIR/asterisk-ims-ue-tester/
 write_mp_osmo_repo "$VOL_BASE_DIR/asterisk-ims-ue-tester/Asterisk_Tests.cfg"
+cp ipsec_setup.sh $VOL_BASE_DIR/asterisk-ims-ue-tester/

 mkdir $VOL_BASE_DIR/asterisk
 cp asterisk/* $VOL_BASE_DIR/asterisk/
@ -37,6 +38,8 @@ sleep 3

 echo Starting container with Asterisk testsuite
 docker run	--rm \
+		--cap-add=NET_ADMIN \
+		--cap-add=SYS_RESOURCE \
 		$(docker_network_params $SUBNET 103) \
 		--ulimit core=-1 \
 		-e "TTCN3_PCAP_PATH=/data" \