skip some tests when compiled with Capsicum

When compiled with Capsicum, tcpdump -E 'file filename' fails to read
the secret from the file with the "Not permitted in capability mode"
error and exits with code 3. Skip respective tests until this logic is
handled in a better way.

diff --git a/tests/TESTLIST b/tests/TESTLIST
index 8ba199118a2a21a5618565dbe6c85ccf3f702ca6..061e2746f7eb546b286875fd41075758c32535b6 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -32,7 +32,7 @@ esp0 02-sunrise-sunset-esp.pcap esp0.out -t -n
 isakmp1 isakmp-delete-segfault.pcap isakmp1.out -t
 isakmp2 isakmp-pointer-loop.pcap    isakmp2.out -t
 isakmp3 isakmp-identification-segfault.pcap isakmp3.out -t -v
-isakmp4 isakmp4500.pcap             isakmp4.out -t -E "file esp-secrets.txt"
+# isakmp4 is in crypto.sh
 isakmp5-v      ISAKMP_sa_setup.pcap            isakmp5-v.out   -t -v
 
 # Link Management Protocol tests

diff --git a/tests/crypto.sh b/tests/crypto.sh
index 93d1adc9d09df87421e1c734b771c47aa3e4e6d6..7f74eb0a8d9b8495b987f76b76d224c409b1915e 100755 (executable)
--- a/tests/crypto.sh
+++ b/tests/crypto.sh
@@ -7,10 +7,22 @@ then
        ./TESTonce esp1 02-sunrise-sunset-esp.pcap esp1.out '-t -E "[email protected] 3des-cbc-hmac96:0x4043434545464649494a4a4c4c4f4f515152525454575758"'
        ./TESTonce esp2 08-sunrise-sunset-esp2.pcap esp2.out '-t -E "[email protected] 3des-cbc-hmac96:0x43434545464649494a4a4c4c4f4f51515252545457575840,[email protected] 3des-cbc-hmac96:0x434545464649494a4a4c4c4f4f5151525254545757584043"'
        ./TESTonce esp3 02-sunrise-sunset-esp.pcap esp1.out '-t -E "3des-cbc-hmac96:0x4043434545464649494a4a4c4c4f4f515152525454575758"'
-       ./TESTonce esp4 08-sunrise-sunset-esp2.pcap esp2.out '-t -E "file esp-secrets.txt"'
-       ./TESTonce esp5 08-sunrise-sunset-aes.pcap esp5.out '-t -E "file esp-secrets.txt"'
-       ./TESTonce espudp1 espudp1.pcap espudp1.out '-nnnn -t -E "file esp-secrets.txt"'
-       ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-t -E "file ikev2pI2-secrets.txt" -v -v -v -v'
+       # Reading the secret(s) from a file does not work with Capsicum.
+       if ! grep '^#define HAVE_CAPSICUM 1$' ../config.h >/dev/null
+       then
+               ./TESTonce esp4 08-sunrise-sunset-esp2.pcap esp2.out '-t -E "file esp-secrets.txt"'
+               ./TESTonce esp5 08-sunrise-sunset-aes.pcap esp5.out '-t -E "file esp-secrets.txt"'
+               ./TESTonce espudp1 espudp1.pcap espudp1.out '-nnnn -t -E "file esp-secrets.txt"'
+               ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-t -E "file ikev2pI2-secrets.txt" -v -v -v -v'
+               ./TESTonce isakmp4 isakmp4500.pcap isakmp4.out '-t -E "file esp-secrets.txt"'
+       else
+               FORMAT='    %-30s: TEST SKIPPED (compiled w/Capsicum)\n'
+               printf "$FORMAT" esp4
+               printf "$FORMAT" esp5
+               printf "$FORMAT" espudp1
+               printf "$FORMAT" ikev2pI2
+               printf "$FORMAT" isakmp4
+       fi
 else
        FORMAT='    %-30s: TEST SKIPPED (compiled w/o OpenSSL)\n'
        printf "$FORMAT" esp1
@@ -20,4 +32,5 @@ else
        printf "$FORMAT" esp5
        printf "$FORMAT" espudp1
        printf "$FORMAT" ikev2pI2
+       printf "$FORMAT" isakmp4
 fi