1 # $NetBSD: t_interoperability.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $ 2 # 3 # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota (at] gmail.com> 4 # All rights reserved. 5 # 6 # Redistribution and use in source and binary forms, with or without 7 # modification, are permitted provided that the following conditions 8 # are met: 9 # 1. Redistributions of source code must retain the above copyright 10 # notice, this list of conditions and the following disclaimer. 11 # 2. Redistributions in binary form must reproduce the above copyright 12 # notice, this list of conditions and the following disclaimer in the 13 # documentation and/or other materials provided with the distribution. 14 # 15 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 # POSSIBILITY OF SUCH DAMAGE. 26 # 27 28 BUS=bus 29 SOCK_LOCAL=unix://wg_local 30 SOCK_PEER=unix://wg_peer 31 32 33 atf_test_case wg_interoperability_basic cleanup 34 wg_interoperability_basic_head() 35 { 36 37 atf_set "descr" "tests of interoperability with the WireGuard protocol" 38 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 39 } 40 41 # 42 # Set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test. 43 # Also to run the test, the following setups are required on the host and a peer. 44 # 45 # [Host] 46 # ifconfig bridge0 create 47 # ifconfig tap0 create 48 # brconfig bridge0 add tap0 49 # brconfig bridge0 add <external-interface> 50 # ifconfig tap0 up 51 # ifconfig bridge0 up 52 # 53 # [Peer] 54 # ip addr add 10.0.0.2/24 dev <external-interface> 55 # ip link add wg0 type wireguard 56 # ip addr add 10.0.1.2/24 dev wg0 57 # privkey="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 58 # ip link set wg0 up 59 # echo $privkey > /tmp/private-key 60 # wg set wg0 listen-port 52428 61 # wg set wg0 private-key /tmp/private-key 62 # pubkey="2iWFzywbDvYu2gQW5Q7/z/g5/Cv4bDDd6L3OKXLOwxs=" 63 # wg set wg0 peer $pubkey endpoint 10.0.0.3:52428 allowed-ips 10.0.1.1/32 64 # 65 wg_interoperability_basic_body() 66 { 67 local ifconfig="atf_check -s exit:0 rump.ifconfig" 68 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 3 -w 3" 69 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 3" 70 local key_priv_local= 71 local key_pub_local= 72 local key_priv_peer= 73 local key_pub_peer= 74 local ip_local=10.0.0.3 75 local ip_peer=10.0.0.2 76 local ip_wg_local=10.0.1.1 77 local ip_wg_peer=10.0.1.2 78 local port=52428 79 local outfile=./out 80 81 if [ "$ATF_NET_IF_WG_INTEROPERABILITY" != yes ]; then 82 atf_skip "set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test" 83 fi 84 85 export RUMP_SERVER=$SOCK_LOCAL 86 rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6 87 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 88 atf_check -s exit:0 rump.ifconfig virt0 create 89 atf_check -s exit:0 rump.ifconfig virt0 $ip_local/24 90 atf_check -s exit:0 rump.ifconfig virt0 up 91 92 $ping $ip_peer 93 94 key_priv_local="aK3TbzUNDO4aeDRX54x8bOG+NaKuqXKt7Hwq0Uz69Wo=" 95 key_pub_local="2iWFzywbDvYu2gQW5Q7/z/g5/Cv4bDDd6L3OKXLOwxs=" 96 key_priv_peer="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 97 key_pub_peer="2ZM9RvDmMZS/Nuh8OaVaJrwFbO57/WJgeU+JoQ//nko=" 98 99 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 100 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 101 102 $ping $ip_wg_peer 103 104 export RUMP_SERVER=$SOCK_LOCAL 105 $ifconfig wg0 destroy 106 } 107 108 wg_interoperability_basic_cleanup() 109 { 110 111 $DEBUG && dump 112 cleanup 113 } 114 115 atf_test_case wg_interoperability_cookie cleanup 116 wg_interoperability_cookie_head() 117 { 118 119 atf_set "descr" "tests of interoperability with the WireGuard protocol" 120 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 121 } 122 123 wg_interoperability_cookie_body() 124 { 125 local ifconfig="atf_check -s exit:0 rump.ifconfig" 126 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 3 -w 3" 127 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 3" 128 local key_priv_local= 129 local key_pub_local= 130 local key_priv_peer= 131 local key_pub_peer= 132 local ip_local=10.0.0.3 133 local ip_peer=10.0.0.2 134 local ip_wg_local=10.0.1.1 135 local ip_wg_peer=10.0.1.2 136 local port=52428 137 local outfile=./out 138 local rekey_timeout=5 # default 139 140 if [ "$ATF_NET_IF_WG_INTEROPERABILITY" != yes ]; then 141 atf_skip "set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test" 142 fi 143 144 export RUMP_SERVER=$SOCK_LOCAL 145 rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6 146 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 147 atf_check -s exit:0 rump.ifconfig virt0 create 148 atf_check -s exit:0 rump.ifconfig virt0 $ip_local/24 149 atf_check -s exit:0 rump.ifconfig virt0 up 150 151 $ping $ip_peer 152 153 key_priv_local="aK3TbzUNDO4aeDRX54x8bOG+NaKuqXKt7Hwq0Uz69Wo=" 154 key_pub_local="2iWFzywbDvYu2gQW5Q7/z/g5/Cv4bDDd6L3OKXLOwxs=" 155 key_priv_peer="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 156 key_pub_peer="2ZM9RvDmMZS/Nuh8OaVaJrwFbO57/WJgeU+JoQ//nko=" 157 158 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 159 160 # Emulate load to send back a cookie on receiving a response message 161 atf_check -s exit:0 -o ignore \ 162 rump.sysctl -w net.wg.force_underload=1 163 164 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 165 166 # ping fails because we don't accept a response message and send a cookie 167 $ping_fail $ip_wg_peer 168 169 # Wait for retrying an initialization that works because the peer 170 # send a response message with the cookie we sent 171 atf_check -s exit:0 sleep $rekey_timeout 172 173 # So ping works 174 $ping $ip_wg_peer 175 176 export RUMP_SERVER=$SOCK_LOCAL 177 $ifconfig wg0 destroy 178 } 179 180 wg_interoperability_cookie_cleanup() 181 { 182 183 $DEBUG && dump 184 cleanup 185 } 186 187 atf_test_case wg_userspace_basic cleanup 188 wg_userspace_basic_head() 189 { 190 191 atf_set "descr" "tests of userspace implementation of wg(4)" 192 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 193 } 194 195 # 196 # Set ATF_NET_IF_WG_USERSPACE=yes to run the test. 197 # Also to run the test, the following setups are required on the host and a peer. 198 # 199 # [Host] 200 # ifconfig bridge0 create 201 # ifconfig tap0 create 202 # brconfig bridge0 add tap0 203 # brconfig bridge0 add <external-interface> 204 # ifconfig tap0 up 205 # ifconfig bridge0 up 206 # 207 # [Peer] 208 # ip addr add 10.0.0.2/24 dev <external-interface> 209 # ip link add wg0 type wireguard 210 # ip addr add 10.0.4.2/24 dev wg0 211 # privkey="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 212 # ip link set wg0 up 213 # echo $privkey > /tmp/private-key 214 # wg set wg0 listen-port 52428 215 # wg set wg0 private-key /tmp/private-key 216 # pubkey="6mQ4lUO3oq5O8FfGW52CFXNbmh5iFT1XMqPzpdrc0nE=" 217 # wg set wg0 peer $pubkey endpoint 10.0.0.3:52428 allowed-ips 10.0.4.1/32 218 # 219 wg_userspace_basic_body() 220 { 221 local ifconfig="atf_check -s exit:0 rump.ifconfig" 222 local ping="atf_check -s exit:0 -o ignore ping -n -c 3 -w 3" 223 local ping_fail="atf_check -s not-exit:0 -o ignore ping -n -c 1 -w 3" 224 local key_priv_local= 225 local key_pub_local= 226 local key_priv_peer= 227 local key_pub_peer= 228 local ip_local=10.0.0.3 229 local ip_peer=10.0.0.2 230 local ip_wg_local=10.0.4.1 231 local ip_wg_peer=10.0.4.2 232 local port_local=52429 233 local port_peer=52428 234 local outfile=./out 235 236 if [ "$ATF_NET_IF_WG_USERSPACE" != yes ]; then 237 atf_skip "set ATF_NET_IF_WG_USERSPACE=yes to run the test" 238 fi 239 240 export RUMP_SERVER=$SOCK_LOCAL 241 rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6 242 atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 243 244 $DEBUG && netstat -nr -f inet 245 246 $ping $ip_peer 247 248 key_priv_local="6B0dualfIAiEG7/jFGOIHrJMhuypq87xCER/0ieIpE4=" 249 key_pub_local="6mQ4lUO3oq5O8FfGW52CFXNbmh5iFT1XMqPzpdrc0nE=" 250 key_priv_peer="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 251 key_pub_peer="2ZM9RvDmMZS/Nuh8OaVaJrwFbO57/WJgeU+JoQ//nko=" 252 253 setup_wg_common wg0 inet $ip_wg_local 24 $port_local "$key_priv_local" tun0 254 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port_peer $ip_wg_peer/32 255 256 $DEBUG && rump.ifconfig wg0 257 $DEBUG && ifconfig tun0 258 $DEBUG && netstat -nr -f inet 259 260 $ping $ip_wg_peer 261 262 export RUMP_SERVER=$SOCK_LOCAL 263 $ifconfig wg0 destroy 264 } 265 266 wg_userspace_basic_cleanup() 267 { 268 269 $DEBUG && dump 270 cleanup 271 } 272 273 atf_init_test_cases() 274 { 275 276 atf_add_test_case wg_interoperability_basic 277 atf_add_test_case wg_interoperability_cookie 278 atf_add_test_case wg_userspace_basic 279 } 280
Indexes created Wed Oct 22 13:09:56 GMT 2025