1 # $NetBSD: common.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $ 2 # 3 # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota (at] gmail.com> 4 # All rights reserved. 5 # 6 # Redistribution and use in source and binary forms, with or without 7 # modification, are permitted provided that the following conditions 8 # are met: 9 # 1. Redistributions of source code must retain the above copyright 10 # notice, this list of conditions and the following disclaimer. 11 # 2. Redistributions in binary form must reproduce the above copyright 12 # notice, this list of conditions and the following disclaimer in the 13 # documentation and/or other materials provided with the distribution. 14 # 15 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 # POSSIBILITY OF SUCH DAMAGE. 26 # 27 28 escape_key() 29 { 30 31 echo $1 | sed 's/\+/\\+/g' | sed 's|\/|\\/|g' 32 } 33 34 setup_servers() 35 { 36 37 rump_server_crypto_start $SOCK_LOCAL netinet6 wg 38 rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 39 40 rump_server_crypto_start $SOCK_PEER netinet6 wg 41 rump_server_add_iface $SOCK_PEER shmif0 $BUS 42 } 43 44 check_conf_port() 45 { 46 local ifname=$1 47 local port=$2 48 49 atf_check -s exit:0 -o match:"listen-port: $port" \ 50 $HIJACKING wgconfig $ifname 51 } 52 53 check_conf_privkey() 54 { 55 local ifname=$1 56 local key_priv="$2" 57 58 atf_check -s exit:0 -o match:"private-key: $(escape_key $key_priv)" \ 59 $HIJACKING wgconfig $ifname show private-key 60 } 61 62 setup_common() 63 { 64 local ifconfig="atf_check -s exit:0 rump.ifconfig" 65 local ifname=$1 66 local proto=$2 67 local ip=$3 68 local prefix=$4 69 70 $ifconfig $ifname $proto $ip/$prefix 71 } 72 73 setup_wg_common() 74 { 75 local ifconfig="atf_check -s exit:0 rump.ifconfig" 76 local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 77 local ifname=$1 78 local proto=$2 79 local ip=$3 80 local prefix=$4 81 local port=$5 82 local key_priv="$6" 83 local tun=$7 84 local privfile=./tmp 85 86 $ifconfig $ifname create 87 if [ -n "$tun" ]; then 88 $ifconfig $ifname linkstr $tun 89 fi 90 $ifconfig $ifname $proto $ip/$prefix 91 $DEBUG && rump.netstat -nr 92 echo $key_priv > $privfile 93 $wgconfig $ifname set private-key $privfile 94 $wgconfig $ifname set listen-port $port 95 rm -f $privfile 96 $ifconfig $ifname up 97 $DEBUG && rump.ifconfig $ifname 98 99 check_conf_port $ifname $port 100 check_conf_privkey $ifname "$key_priv" 101 } 102 103 check_ping() 104 { 105 local proto=$1 106 local ip=$2 107 local ping= 108 109 if [ $proto = inet ]; then 110 ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 111 else 112 ping="atf_check -s exit:0 -o ignore rump.ping6 -n -i 0.1 -c 3 -X 1" 113 fi 114 115 $ping $ip 116 } 117 118 check_ping_fail() 119 { 120 local proto=$1 121 local ip=$2 122 local ping= 123 124 if [ $proto = inet ]; then 125 ping="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 126 else 127 ping="atf_check -s not-exit:0 -o ignore rump.ping6 -n -c 1 -X 1" 128 fi 129 130 $ping $ip 131 } 132 133 destroy_wg_interfaces() 134 { 135 local ifconfig="atf_check -s exit:0 rump.ifconfig" 136 137 export RUMP_SERVER=$SOCK_LOCAL 138 $ifconfig wg0 destroy 139 export RUMP_SERVER=$SOCK_PEER 140 $ifconfig wg0 destroy 141 } 142 143 add_peer() 144 { 145 local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 146 local ifname=$1 147 local peername=$2 148 local key=$3 149 local endpoint=$4 150 local allowedips=$5 151 local pskfile=$6 152 local key_psk="$7" 153 local pskopt= 154 local endpoint_opts= 155 156 if [ -n "$pskfile" ]; then 157 pskopt="--preshared-key=$pskfile" 158 fi 159 160 if [ -n "$endpoint" ]; then 161 endpoint_opts="--endpoint=$endpoint" 162 fi 163 164 $wgconfig $ifname add peer $peername $key $endpoint_opts \ 165 --allowed-ips=$allowedips $pskopt 166 atf_check -s exit:0 -o match:"allowed-ips: $allowedips" \ 167 $HIJACKING wgconfig $ifname show peer $peername 168 if [ -n "$key_psk" ]; then 169 atf_check -s exit:0 \ 170 -o match:"preshared-key: $(escape_key $key_psk)" \ 171 $HIJACKING wgconfig $ifname show peer $peername \ 172 --show-preshared-key 173 else 174 atf_check -s exit:0 -o match:"preshared-key: \(none\)" \ 175 $HIJACKING wgconfig $ifname show peer $peername \ 176 --show-preshared-key 177 fi 178 } 179 180 delete_peer() 181 { 182 local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 183 local ifname=$1 184 local peername=$2 185 186 $wgconfig $ifname delete peer $peername 187 atf_check -s exit:0 -o not-match:"peer: $peername" \ 188 $HIJACKING wgconfig $ifname 189 } 190 191 generate_keys() 192 { 193 194 key_priv_local=$(wg-keygen) 195 key_pub_local=$(echo $key_priv_local| wg-keygen --pub) 196 key_priv_peer=$(wg-keygen) 197 key_pub_peer=$(echo $key_priv_peer| wg-keygen --pub) 198 199 export key_priv_local key_pub_local key_priv_peer key_pub_peer 200 } 201
Indexes created Tue Oct 21 12:09:54 GMT 2025