Add a test for IPv6 and IPsec which is similar to the one for IPv4.

Add comments to the test for IPv4 with IPsec.
MFC after:	1 week

tools/regression/ipsec/ipsec.t

@@ -1,5 +1,14 @@
 #!/bin/sh
 # $FreeBSD$
+#
+# IPsec regression test.
+#
+# This test sets up tunnels on the localhost (lo0) interface 
+# with various ciphers by using the setkey(8) command and then 
+# attempts to ping each end of the tunnel.
+# The test says which pings worked and which failed.      
+#
+# Expected Output: No failures
 
 ipbase="127.255"
 netif="lo0"

tools/regression/ipsec/ipsec6.t

@@ -0,0 +1,99 @@
+#!/bin/sh
+# $FreeBSD$
+#
+# IPv6 IPsec test based on ipsec.t, in this same directory, which tests
+# IPsec by setting up a set of tunnels and then sending ICMPv6 packets,   
+# aka those generated with ping6(8), across the tunnel.
+#
+# This test should ONLY be used as a smoke test to verify that nothing
+# drastic has been broken, it is insufficient for true protocol conformance
+# testing.
+#
+# Expected Output: No failures.
+
+ipbase="1"
+netif="lo0"
+spi="10000"
+
+echo "1..306"
+
+#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
+
+ifconfig $netif inet6 alias ${ipbase}::1/128
+ifconfig $netif inet6 alias ${ipbase}::2/128
+
+i=1
+
+for ecipher in \
+    des-cbc:12345678 \
+    3des-cbc:012345678901234567890123 \
+    blowfish-cbc:0123456789012345 \
+    blowfish-cbc:01234567890123456789 \
+    blowfish-cbc:012345678901234567890123 \
+    blowfish-cbc:0123456789012345678901234567 \
+    blowfish-cbc:01234567890123456789012345678901 \
+    blowfish-cbc:012345678901234567890123456789012345 \
+    blowfish-cbc:0123456789012345678901234567890123456789 \
+    blowfish-cbc:01234567890123456789012345678901234567890123 \
+    blowfish-cbc:012345678901234567890123456789012345678901234567 \
+    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
+    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
+    cast128-cbc:0123456789012345 \
+    rijndael-cbc:0123456789012345 \
+    rijndael-cbc:012345678901234567890123 \
+    rijndael-cbc:01234567890123456789012345678901; do
+
+	ealgo=${ecipher%%:*}
+	ekey=${ecipher##*:}
+
+	for acipher in \
+	    hmac-md5:0123456789012345 \
+	    hmac-sha1:01234567890123456789 \
+	    hmac-ripemd160:01234567890123456789 \
+	    hmac-sha2-256:01234567890123456789012345678901 \
+	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
+	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
+
+		aalgo=${acipher%%:*}
+		akey=${acipher##*:}
+
+		setkey -F
+		setkey -FP
+
+		(echo "add -6 ${ipbase}::1 ${ipbase}::2 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
+		 echo "add -6 ${ipbase}::2 ${ipbase}::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
+
+		 echo "spdadd -6 ${ipbase}::1 ${ipbase}::2 any -P out ipsec esp/transport//require;"
+		 echo "spdadd -6 ${ipbase}::2 ${ipbase}::1 any -P in  ipsec esp/transport//require;"
+		 echo "spdadd -6 ${ipbase}::1 ${ipbase}::2 any -P in  ipsec esp/transport//require;"
+		 echo "spdadd -6 ${ipbase}::2 ${ipbase}::1 any -P out ipsec esp/transport//require;"
+		) | setkey -c >/dev/null 2>&1
+		if [ $? -eq 0 ]; then
+			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
+		else
+			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
+		fi
+		i=$((i+1))
+
+		ping6 -c 1 -i 1 -S ${ipbase}::1 ${ipbase}::2 >/dev/null
+		if [ $? -eq 0 ]; then
+			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
+		else
+			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
+		fi
+		i=$((i+1))
+		ping6 -c 1 -i 1 -S ${ipbase}::2 ${ipbase}::1 >/dev/null
+		if [ $? -eq 0 ]; then
+			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
+		else
+			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
+		fi
+		i=$((i+1))
+	done
+done
+
+setkey -F
+setkey -FP
+
+ifconfig $netif inet6 ${ipbase}::1 delete
+ifconfig $netif inet6 ${ipbase}::2 delete