Project

General

Profile

Bug #8381 ยป acqspray.sh

Dan McDonald, 2017-06-16 12:32 AM

 
1
#!/bin/sh
2

    
3
#
4
# This file and its contents are supplied under the terms of the
5
# Common Development and Distribution License ("CDDL"), version 1.0.
6
# You may only use this file in accordance with the terms of version
7
# 1.0 of the CDDL.
8
#
9
# A full copy of the text of the CDDL should have accompanied this
10
# source.  A copy of the CDDL is also available via the Internet at
11
# http://www.illumos.org/license/CDDL.
12
#
13

    
14
#
15
# Copyright (c) 2017, Joyent, Inc.
16
#
17

    
18

    
19
PREFIX=10.21.12.0/24
20
MONITOR_LOG=/tmp/ipseckey-monitor.$$
21

    
22
# Find the ipsec_alg_lock to monitor with lockstat (below).
23
GLOBAL_NETSTACK=`echo ::netstack | mdb -k | grep -w 0 | awk '{print $1}'`
24
GLOBAL_IPSEC=`echo $GLOBAL_NETSTACK::print netstack_t | mdb -k | grep -w nu_ipsec | awk '{print $3}'`
25
IPSEC_ALG_LOCK=`echo $GLOBAL_IPSEC::print -a ipsec_stack_t ipsec_alg_lock | mdb -k | head -1 | awk '{print $1}'`
26

    
27
echo "WARNING -- this test flushes out IPsec policy..."
28
echo "GLOBAL_NETSTACK = $GLOBAL_NETSTACK"
29
echo "GLOBAL_IPSEC = $GLOBAL_IPSEC"
30
echo "IPSEC_ALG_LOCK = $IPSEC_ALG_LOCK"
31

    
32
ipsecconf -f
33

    
34
# Simple one-type-of-ESP setup...
35
echo "{ raddr $PREFIX } ipsec { encr_algs aes encr_auth_algs sha512 }" | \
36
	ipsecconf -a -
37
ipsecconf -ln
38

    
39
# Get monitoring PF_KEY for at least regular ACQUIREs.
40
ipseckey flush
41
ipseckey -np monitor > $MONITOR_LOG &
42
IPSECKEY_PID=$!
43

    
44
# Bonus points: get IKE up and running...
45
svcs -H ike | grep enabled
46
if [ $? -ne 0 ]; then
47
	IKE=1
48
	# Temporarily launch in.iked...
49
	echo "Launching in.iked temporarily, using /dev/null as config file."
50
	/usr/lib/inet/in.iked -f /dev/null
51
else
52
	echo "in.iked already running, pid = " `pgrep in.iked`
53
	IKE=0
54
fi
55

    
56
# Launch 255 pings to different addresses (each requiring an ACQUIRE).
57
i=1
58
while [ $i -le 255 ]; do
59
	truss -Topen -o /dev/null ping -svn 10.21.12.$i 1024 1 2>&1 > /dev/null &
60
	i=`expr $i + 1`
61
done
62

    
63
# Unleash the pings in 10 seconds, Smithers.
64
( sleep 10 ; prun `pgrep ping` ) &
65

    
66
# Get the lockstats going now.
67
echo "Running:     lockstat -A -l 0x$IPSEC_ALG_LOCK,8 sleep 30"
68
lockstat -A -l 0x$IPSEC_ALG_LOCK,8 sleep 30
69
kill $IPSECKEY_PID
70
if [ $IKE -eq 1 ]; then
71
	pkill in.iked
72
fi
    (1-1/1)