1 1.1 riastrad # $NetBSD: t_interoperability.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $ 2 1.1 riastrad # 3 1.1 riastrad # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota (at] gmail.com> 4 1.1 riastrad # All rights reserved. 5 1.1 riastrad # 6 1.1 riastrad # Redistribution and use in source and binary forms, with or without 7 1.1 riastrad # modification, are permitted provided that the following conditions 8 1.1 riastrad # are met: 9 1.1 riastrad # 1. Redistributions of source code must retain the above copyright 10 1.1 riastrad # notice, this list of conditions and the following disclaimer. 11 1.1 riastrad # 2. Redistributions in binary form must reproduce the above copyright 12 1.1 riastrad # notice, this list of conditions and the following disclaimer in the 13 1.1 riastrad # documentation and/or other materials provided with the distribution. 14 1.1 riastrad # 15 1.1 riastrad # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1 riastrad # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1 riastrad # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1 riastrad # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1 riastrad # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1 riastrad # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1 riastrad # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1 riastrad # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1 riastrad # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1 riastrad # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1 riastrad # POSSIBILITY OF SUCH DAMAGE. 26 1.1 riastrad # 27 1.1 riastrad 28 1.1 riastrad BUS=bus 29 1.1 riastrad SOCK_LOCAL=unix://wg_local 30 1.1 riastrad SOCK_PEER=unix://wg_peer 31 1.1 riastrad 32 1.1 riastrad 33 1.1 riastrad atf_test_case wg_interoperability_basic cleanup 34 1.1 riastrad wg_interoperability_basic_head() 35 1.1 riastrad { 36 1.1 riastrad 37 1.1 riastrad atf_set "descr" "tests of interoperability with the WireGuard protocol" 38 1.1 riastrad atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 39 1.1 riastrad } 40 1.1 riastrad 41 1.1 riastrad # 42 1.1 riastrad # Set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test. 43 1.1 riastrad # Also to run the test, the following setups are required on the host and a peer. 44 1.1 riastrad # 45 1.1 riastrad # [Host] 46 1.1 riastrad # ifconfig bridge0 create 47 1.1 riastrad # ifconfig tap0 create 48 1.1 riastrad # brconfig bridge0 add tap0 49 1.1 riastrad # brconfig bridge0 add <external-interface> 50 1.1 riastrad # ifconfig tap0 up 51 1.1 riastrad # ifconfig bridge0 up 52 1.1 riastrad # 53 1.1 riastrad # [Peer] 54 1.1 riastrad # ip addr add 10.0.0.2/24 dev <external-interface> 55 1.1 riastrad # ip link add wg0 type wireguard 56 1.1 riastrad # ip addr add 10.0.1.2/24 dev wg0 57 1.1 riastrad # privkey="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 58 1.1 riastrad # ip link set wg0 up 59 1.1 riastrad # echo $privkey > /tmp/private-key 60 1.1 riastrad # wg set wg0 listen-port 52428 61 1.1 riastrad # wg set wg0 private-key /tmp/private-key 62 1.1 riastrad # pubkey="2iWFzywbDvYu2gQW5Q7/z/g5/Cv4bDDd6L3OKXLOwxs=" 63 1.1 riastrad # wg set wg0 peer $pubkey endpoint 10.0.0.3:52428 allowed-ips 10.0.1.1/32 64 1.1 riastrad # 65 1.1 riastrad wg_interoperability_basic_body() 66 1.1 riastrad { 67 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 68 1.1 riastrad local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 3 -w 3" 69 1.1 riastrad local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 3" 70 1.1 riastrad local key_priv_local= 71 1.1 riastrad local key_pub_local= 72 1.1 riastrad local key_priv_peer= 73 1.1 riastrad local key_pub_peer= 74 1.1 riastrad local ip_local=10.0.0.3 75 1.1 riastrad local ip_peer=10.0.0.2 76 1.1 riastrad local ip_wg_local=10.0.1.1 77 1.1 riastrad local ip_wg_peer=10.0.1.2 78 1.1 riastrad local port=52428 79 1.1 riastrad local outfile=./out 80 1.1 riastrad 81 1.1 riastrad if [ "$ATF_NET_IF_WG_INTEROPERABILITY" != yes ]; then 82 1.1 riastrad atf_skip "set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test" 83 1.1 riastrad fi 84 1.1 riastrad 85 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 86 1.1 riastrad rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6 87 1.1 riastrad atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 88 1.1 riastrad atf_check -s exit:0 rump.ifconfig virt0 create 89 1.1 riastrad atf_check -s exit:0 rump.ifconfig virt0 $ip_local/24 90 1.1 riastrad atf_check -s exit:0 rump.ifconfig virt0 up 91 1.1 riastrad 92 1.1 riastrad $ping $ip_peer 93 1.1 riastrad 94 1.1 riastrad key_priv_local="aK3TbzUNDO4aeDRX54x8bOG+NaKuqXKt7Hwq0Uz69Wo=" 95 1.1 riastrad key_pub_local="2iWFzywbDvYu2gQW5Q7/z/g5/Cv4bDDd6L3OKXLOwxs=" 96 1.1 riastrad key_priv_peer="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 97 1.1 riastrad key_pub_peer="2ZM9RvDmMZS/Nuh8OaVaJrwFbO57/WJgeU+JoQ//nko=" 98 1.1 riastrad 99 1.1 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 100 1.1 riastrad add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 101 1.1 riastrad 102 1.1 riastrad $ping $ip_wg_peer 103 1.1 riastrad 104 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 105 1.1 riastrad $ifconfig wg0 destroy 106 1.1 riastrad } 107 1.1 riastrad 108 1.1 riastrad wg_interoperability_basic_cleanup() 109 1.1 riastrad { 110 1.1 riastrad 111 1.1 riastrad $DEBUG && dump 112 1.1 riastrad cleanup 113 1.1 riastrad } 114 1.1 riastrad 115 1.1 riastrad atf_test_case wg_interoperability_cookie cleanup 116 1.1 riastrad wg_interoperability_cookie_head() 117 1.1 riastrad { 118 1.1 riastrad 119 1.1 riastrad atf_set "descr" "tests of interoperability with the WireGuard protocol" 120 1.1 riastrad atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 121 1.1 riastrad } 122 1.1 riastrad 123 1.1 riastrad wg_interoperability_cookie_body() 124 1.1 riastrad { 125 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 126 1.1 riastrad local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 3 -w 3" 127 1.1 riastrad local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 3" 128 1.1 riastrad local key_priv_local= 129 1.1 riastrad local key_pub_local= 130 1.1 riastrad local key_priv_peer= 131 1.1 riastrad local key_pub_peer= 132 1.1 riastrad local ip_local=10.0.0.3 133 1.1 riastrad local ip_peer=10.0.0.2 134 1.1 riastrad local ip_wg_local=10.0.1.1 135 1.1 riastrad local ip_wg_peer=10.0.1.2 136 1.1 riastrad local port=52428 137 1.1 riastrad local outfile=./out 138 1.1 riastrad local rekey_timeout=5 # default 139 1.1 riastrad 140 1.1 riastrad if [ "$ATF_NET_IF_WG_INTEROPERABILITY" != yes ]; then 141 1.1 riastrad atf_skip "set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test" 142 1.1 riastrad fi 143 1.1 riastrad 144 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 145 1.1 riastrad rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6 146 1.1 riastrad atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 147 1.1 riastrad atf_check -s exit:0 rump.ifconfig virt0 create 148 1.1 riastrad atf_check -s exit:0 rump.ifconfig virt0 $ip_local/24 149 1.1 riastrad atf_check -s exit:0 rump.ifconfig virt0 up 150 1.1 riastrad 151 1.1 riastrad $ping $ip_peer 152 1.1 riastrad 153 1.1 riastrad key_priv_local="aK3TbzUNDO4aeDRX54x8bOG+NaKuqXKt7Hwq0Uz69Wo=" 154 1.1 riastrad key_pub_local="2iWFzywbDvYu2gQW5Q7/z/g5/Cv4bDDd6L3OKXLOwxs=" 155 1.1 riastrad key_priv_peer="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 156 1.1 riastrad key_pub_peer="2ZM9RvDmMZS/Nuh8OaVaJrwFbO57/WJgeU+JoQ//nko=" 157 1.1 riastrad 158 1.1 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 159 1.1 riastrad 160 1.1 riastrad # Emulate load to send back a cookie on receiving a response message 161 1.1 riastrad atf_check -s exit:0 -o ignore \ 162 1.1 riastrad rump.sysctl -w net.wg.force_underload=1 163 1.1 riastrad 164 1.1 riastrad add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 165 1.1 riastrad 166 1.1 riastrad # ping fails because we don't accept a response message and send a cookie 167 1.1 riastrad $ping_fail $ip_wg_peer 168 1.1 riastrad 169 1.1 riastrad # Wait for retrying an initialization that works because the peer 170 1.1 riastrad # send a response message with the cookie we sent 171 1.1 riastrad atf_check -s exit:0 sleep $rekey_timeout 172 1.1 riastrad 173 1.1 riastrad # So ping works 174 1.1 riastrad $ping $ip_wg_peer 175 1.1 riastrad 176 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 177 1.1 riastrad $ifconfig wg0 destroy 178 1.1 riastrad } 179 1.1 riastrad 180 1.1 riastrad wg_interoperability_cookie_cleanup() 181 1.1 riastrad { 182 1.1 riastrad 183 1.1 riastrad $DEBUG && dump 184 1.1 riastrad cleanup 185 1.1 riastrad } 186 1.1 riastrad 187 1.1 riastrad atf_test_case wg_userspace_basic cleanup 188 1.1 riastrad wg_userspace_basic_head() 189 1.1 riastrad { 190 1.1 riastrad 191 1.1 riastrad atf_set "descr" "tests of userspace implementation of wg(4)" 192 1.1 riastrad atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 193 1.1 riastrad } 194 1.1 riastrad 195 1.1 riastrad # 196 1.1 riastrad # Set ATF_NET_IF_WG_USERSPACE=yes to run the test. 197 1.1 riastrad # Also to run the test, the following setups are required on the host and a peer. 198 1.1 riastrad # 199 1.1 riastrad # [Host] 200 1.1 riastrad # ifconfig bridge0 create 201 1.1 riastrad # ifconfig tap0 create 202 1.1 riastrad # brconfig bridge0 add tap0 203 1.1 riastrad # brconfig bridge0 add <external-interface> 204 1.1 riastrad # ifconfig tap0 up 205 1.1 riastrad # ifconfig bridge0 up 206 1.1 riastrad # 207 1.1 riastrad # [Peer] 208 1.1 riastrad # ip addr add 10.0.0.2/24 dev <external-interface> 209 1.1 riastrad # ip link add wg0 type wireguard 210 1.1 riastrad # ip addr add 10.0.4.2/24 dev wg0 211 1.1 riastrad # privkey="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 212 1.1 riastrad # ip link set wg0 up 213 1.1 riastrad # echo $privkey > /tmp/private-key 214 1.1 riastrad # wg set wg0 listen-port 52428 215 1.1 riastrad # wg set wg0 private-key /tmp/private-key 216 1.1 riastrad # pubkey="6mQ4lUO3oq5O8FfGW52CFXNbmh5iFT1XMqPzpdrc0nE=" 217 1.1 riastrad # wg set wg0 peer $pubkey endpoint 10.0.0.3:52428 allowed-ips 10.0.4.1/32 218 1.1 riastrad # 219 1.1 riastrad wg_userspace_basic_body() 220 1.1 riastrad { 221 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 222 1.1 riastrad local ping="atf_check -s exit:0 -o ignore ping -n -c 3 -w 3" 223 1.1 riastrad local ping_fail="atf_check -s not-exit:0 -o ignore ping -n -c 1 -w 3" 224 1.1 riastrad local key_priv_local= 225 1.1 riastrad local key_pub_local= 226 1.1 riastrad local key_priv_peer= 227 1.1 riastrad local key_pub_peer= 228 1.1 riastrad local ip_local=10.0.0.3 229 1.1 riastrad local ip_peer=10.0.0.2 230 1.1 riastrad local ip_wg_local=10.0.4.1 231 1.1 riastrad local ip_wg_peer=10.0.4.2 232 1.1 riastrad local port_local=52429 233 1.1 riastrad local port_peer=52428 234 1.1 riastrad local outfile=./out 235 1.1 riastrad 236 1.1 riastrad if [ "$ATF_NET_IF_WG_USERSPACE" != yes ]; then 237 1.1 riastrad atf_skip "set ATF_NET_IF_WG_USERSPACE=yes to run the test" 238 1.1 riastrad fi 239 1.1 riastrad 240 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 241 1.1 riastrad rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6 242 1.1 riastrad atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 243 1.1 riastrad 244 1.1 riastrad $DEBUG && netstat -nr -f inet 245 1.1 riastrad 246 1.1 riastrad $ping $ip_peer 247 1.1 riastrad 248 1.1 riastrad key_priv_local="6B0dualfIAiEG7/jFGOIHrJMhuypq87xCER/0ieIpE4=" 249 1.1 riastrad key_pub_local="6mQ4lUO3oq5O8FfGW52CFXNbmh5iFT1XMqPzpdrc0nE=" 250 1.1 riastrad key_priv_peer="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 251 1.1 riastrad key_pub_peer="2ZM9RvDmMZS/Nuh8OaVaJrwFbO57/WJgeU+JoQ//nko=" 252 1.1 riastrad 253 1.1 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port_local "$key_priv_local" tun0 254 1.1 riastrad add_peer wg0 peer0 $key_pub_peer $ip_peer:$port_peer $ip_wg_peer/32 255 1.1 riastrad 256 1.1 riastrad $DEBUG && rump.ifconfig wg0 257 1.1 riastrad $DEBUG && ifconfig tun0 258 1.1 riastrad $DEBUG && netstat -nr -f inet 259 1.1 riastrad 260 1.1 riastrad $ping $ip_wg_peer 261 1.1 riastrad 262 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 263 1.1 riastrad $ifconfig wg0 destroy 264 1.1 riastrad } 265 1.1 riastrad 266 1.1 riastrad wg_userspace_basic_cleanup() 267 1.1 riastrad { 268 1.1 riastrad 269 1.1 riastrad $DEBUG && dump 270 1.1 riastrad cleanup 271 1.1 riastrad } 272 1.1 riastrad 273 1.1 riastrad atf_init_test_cases() 274 1.1 riastrad { 275 1.1 riastrad 276 1.1 riastrad atf_add_test_case wg_interoperability_basic 277 1.1 riastrad atf_add_test_case wg_interoperability_cookie 278 1.1 riastrad atf_add_test_case wg_userspace_basic 279 1.1 riastrad } 280
Indexes created Wed Oct 22 06:10:02 GMT 2025