1 1.1 riastrad # $NetBSD: common.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $ 2 1.1 riastrad # 3 1.1 riastrad # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota (at] gmail.com> 4 1.1 riastrad # All rights reserved. 5 1.1 riastrad # 6 1.1 riastrad # Redistribution and use in source and binary forms, with or without 7 1.1 riastrad # modification, are permitted provided that the following conditions 8 1.1 riastrad # are met: 9 1.1 riastrad # 1. Redistributions of source code must retain the above copyright 10 1.1 riastrad # notice, this list of conditions and the following disclaimer. 11 1.1 riastrad # 2. Redistributions in binary form must reproduce the above copyright 12 1.1 riastrad # notice, this list of conditions and the following disclaimer in the 13 1.1 riastrad # documentation and/or other materials provided with the distribution. 14 1.1 riastrad # 15 1.1 riastrad # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1 riastrad # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1 riastrad # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1 riastrad # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1 riastrad # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1 riastrad # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1 riastrad # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1 riastrad # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1 riastrad # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1 riastrad # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1 riastrad # POSSIBILITY OF SUCH DAMAGE. 26 1.1 riastrad # 27 1.1 riastrad 28 1.1 riastrad escape_key() 29 1.1 riastrad { 30 1.1 riastrad 31 1.1 riastrad echo $1 | sed 's/\+/\\+/g' | sed 's|\/|\\/|g' 32 1.1 riastrad } 33 1.1 riastrad 34 1.1 riastrad setup_servers() 35 1.1 riastrad { 36 1.1 riastrad 37 1.1 riastrad rump_server_crypto_start $SOCK_LOCAL netinet6 wg 38 1.1 riastrad rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 39 1.1 riastrad 40 1.1 riastrad rump_server_crypto_start $SOCK_PEER netinet6 wg 41 1.1 riastrad rump_server_add_iface $SOCK_PEER shmif0 $BUS 42 1.1 riastrad } 43 1.1 riastrad 44 1.1 riastrad check_conf_port() 45 1.1 riastrad { 46 1.1 riastrad local ifname=$1 47 1.1 riastrad local port=$2 48 1.1 riastrad 49 1.1 riastrad atf_check -s exit:0 -o match:"listen-port: $port" \ 50 1.1 riastrad $HIJACKING wgconfig $ifname 51 1.1 riastrad } 52 1.1 riastrad 53 1.1 riastrad check_conf_privkey() 54 1.1 riastrad { 55 1.1 riastrad local ifname=$1 56 1.1 riastrad local key_priv="$2" 57 1.1 riastrad 58 1.1 riastrad atf_check -s exit:0 -o match:"private-key: $(escape_key $key_priv)" \ 59 1.1 riastrad $HIJACKING wgconfig $ifname show private-key 60 1.1 riastrad } 61 1.1 riastrad 62 1.1 riastrad setup_common() 63 1.1 riastrad { 64 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 65 1.1 riastrad local ifname=$1 66 1.1 riastrad local proto=$2 67 1.1 riastrad local ip=$3 68 1.1 riastrad local prefix=$4 69 1.1 riastrad 70 1.1 riastrad $ifconfig $ifname $proto $ip/$prefix 71 1.1 riastrad } 72 1.1 riastrad 73 1.1 riastrad setup_wg_common() 74 1.1 riastrad { 75 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 76 1.1 riastrad local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 77 1.1 riastrad local ifname=$1 78 1.1 riastrad local proto=$2 79 1.1 riastrad local ip=$3 80 1.1 riastrad local prefix=$4 81 1.1 riastrad local port=$5 82 1.1 riastrad local key_priv="$6" 83 1.1 riastrad local tun=$7 84 1.1 riastrad local privfile=./tmp 85 1.1 riastrad 86 1.1 riastrad $ifconfig $ifname create 87 1.1 riastrad if [ -n "$tun" ]; then 88 1.1 riastrad $ifconfig $ifname linkstr $tun 89 1.1 riastrad fi 90 1.1 riastrad $ifconfig $ifname $proto $ip/$prefix 91 1.1 riastrad $DEBUG && rump.netstat -nr 92 1.1 riastrad echo $key_priv > $privfile 93 1.1 riastrad $wgconfig $ifname set private-key $privfile 94 1.1 riastrad $wgconfig $ifname set listen-port $port 95 1.1 riastrad rm -f $privfile 96 1.1 riastrad $ifconfig $ifname up 97 1.1 riastrad $DEBUG && rump.ifconfig $ifname 98 1.1 riastrad 99 1.1 riastrad check_conf_port $ifname $port 100 1.1 riastrad check_conf_privkey $ifname "$key_priv" 101 1.1 riastrad } 102 1.1 riastrad 103 1.1 riastrad check_ping() 104 1.1 riastrad { 105 1.1 riastrad local proto=$1 106 1.1 riastrad local ip=$2 107 1.1 riastrad local ping= 108 1.1 riastrad 109 1.1 riastrad if [ $proto = inet ]; then 110 1.1 riastrad ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 111 1.1 riastrad else 112 1.1 riastrad ping="atf_check -s exit:0 -o ignore rump.ping6 -n -i 0.1 -c 3 -X 1" 113 1.1 riastrad fi 114 1.1 riastrad 115 1.1 riastrad $ping $ip 116 1.1 riastrad } 117 1.1 riastrad 118 1.1 riastrad check_ping_fail() 119 1.1 riastrad { 120 1.1 riastrad local proto=$1 121 1.1 riastrad local ip=$2 122 1.1 riastrad local ping= 123 1.1 riastrad 124 1.1 riastrad if [ $proto = inet ]; then 125 1.1 riastrad ping="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 126 1.1 riastrad else 127 1.1 riastrad ping="atf_check -s not-exit:0 -o ignore rump.ping6 -n -c 1 -X 1" 128 1.1 riastrad fi 129 1.1 riastrad 130 1.1 riastrad $ping $ip 131 1.1 riastrad } 132 1.1 riastrad 133 1.1 riastrad destroy_wg_interfaces() 134 1.1 riastrad { 135 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 136 1.1 riastrad 137 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 138 1.1 riastrad $ifconfig wg0 destroy 139 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 140 1.1 riastrad $ifconfig wg0 destroy 141 1.1 riastrad } 142 1.1 riastrad 143 1.1 riastrad add_peer() 144 1.1 riastrad { 145 1.1 riastrad local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 146 1.1 riastrad local ifname=$1 147 1.1 riastrad local peername=$2 148 1.1 riastrad local key=$3 149 1.1 riastrad local endpoint=$4 150 1.1 riastrad local allowedips=$5 151 1.1 riastrad local pskfile=$6 152 1.1 riastrad local key_psk="$7" 153 1.1 riastrad local pskopt= 154 1.1 riastrad local endpoint_opts= 155 1.1 riastrad 156 1.1 riastrad if [ -n "$pskfile" ]; then 157 1.1 riastrad pskopt="--preshared-key=$pskfile" 158 1.1 riastrad fi 159 1.1 riastrad 160 1.1 riastrad if [ -n "$endpoint" ]; then 161 1.1 riastrad endpoint_opts="--endpoint=$endpoint" 162 1.1 riastrad fi 163 1.1 riastrad 164 1.1 riastrad $wgconfig $ifname add peer $peername $key $endpoint_opts \ 165 1.1 riastrad --allowed-ips=$allowedips $pskopt 166 1.1 riastrad atf_check -s exit:0 -o match:"allowed-ips: $allowedips" \ 167 1.1 riastrad $HIJACKING wgconfig $ifname show peer $peername 168 1.1 riastrad if [ -n "$key_psk" ]; then 169 1.1 riastrad atf_check -s exit:0 \ 170 1.1 riastrad -o match:"preshared-key: $(escape_key $key_psk)" \ 171 1.1 riastrad $HIJACKING wgconfig $ifname show peer $peername \ 172 1.1 riastrad --show-preshared-key 173 1.1 riastrad else 174 1.1 riastrad atf_check -s exit:0 -o match:"preshared-key: \(none\)" \ 175 1.1 riastrad $HIJACKING wgconfig $ifname show peer $peername \ 176 1.1 riastrad --show-preshared-key 177 1.1 riastrad fi 178 1.1 riastrad } 179 1.1 riastrad 180 1.1 riastrad delete_peer() 181 1.1 riastrad { 182 1.1 riastrad local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 183 1.1 riastrad local ifname=$1 184 1.1 riastrad local peername=$2 185 1.1 riastrad 186 1.1 riastrad $wgconfig $ifname delete peer $peername 187 1.1 riastrad atf_check -s exit:0 -o not-match:"peer: $peername" \ 188 1.1 riastrad $HIJACKING wgconfig $ifname 189 1.1 riastrad } 190 1.1 riastrad 191 1.1 riastrad generate_keys() 192 1.1 riastrad { 193 1.1 riastrad 194 1.1 riastrad key_priv_local=$(wg-keygen) 195 1.1 riastrad key_pub_local=$(echo $key_priv_local| wg-keygen --pub) 196 1.1 riastrad key_priv_peer=$(wg-keygen) 197 1.1 riastrad key_pub_peer=$(echo $key_priv_peer| wg-keygen --pub) 198 1.1 riastrad 199 1.1 riastrad export key_priv_local key_pub_local key_priv_peer key_pub_peer 200 1.1 riastrad } 201
Indexes created Mon Oct 20 11:09:49 GMT 2025