t_misc.sh revision 1.11
1 1.11 gson # $NetBSD: t_misc.sh,v 1.11 2021/11/26 20:02:35 gson Exp $ 2 1.1 riastrad # 3 1.1 riastrad # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota (at] gmail.com> 4 1.1 riastrad # All rights reserved. 5 1.1 riastrad # 6 1.1 riastrad # Redistribution and use in source and binary forms, with or without 7 1.1 riastrad # modification, are permitted provided that the following conditions 8 1.1 riastrad # are met: 9 1.1 riastrad # 1. Redistributions of source code must retain the above copyright 10 1.1 riastrad # notice, this list of conditions and the following disclaimer. 11 1.1 riastrad # 2. Redistributions in binary form must reproduce the above copyright 12 1.1 riastrad # notice, this list of conditions and the following disclaimer in the 13 1.1 riastrad # documentation and/or other materials provided with the distribution. 14 1.1 riastrad # 15 1.1 riastrad # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1 riastrad # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1 riastrad # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1 riastrad # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1 riastrad # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1 riastrad # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1 riastrad # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1 riastrad # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1 riastrad # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1 riastrad # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1 riastrad # POSSIBILITY OF SUCH DAMAGE. 26 1.1 riastrad # 27 1.1 riastrad 28 1.1 riastrad BUS=bus 29 1.1 riastrad SOCK_LOCAL=unix://wg_local 30 1.1 riastrad SOCK_PEER=unix://wg_peer 31 1.1 riastrad 32 1.1 riastrad 33 1.1 riastrad atf_test_case wg_rekey cleanup 34 1.1 riastrad wg_rekey_head() 35 1.1 riastrad { 36 1.1 riastrad 37 1.1 riastrad atf_set "descr" "tests of rekeying of wg(4)" 38 1.1 riastrad atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 39 1.1 riastrad } 40 1.1 riastrad 41 1.1 riastrad wg_rekey_body() 42 1.1 riastrad { 43 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 44 1.1 riastrad local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1" 45 1.1 riastrad local ip_local=192.168.1.1 46 1.1 riastrad local ip_peer=192.168.1.2 47 1.1 riastrad local ip_wg_local=10.0.0.1 48 1.1 riastrad local ip_wg_peer=10.0.0.2 49 1.1 riastrad local port=51820 50 1.1 riastrad local rekey_after_time=3 51 1.1 riastrad local latest_handshake= 52 1.1 riastrad 53 1.1 riastrad setup_servers 54 1.1 riastrad 55 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 56 1.1 riastrad atf_check -s exit:0 -o ignore \ 57 1.1 riastrad rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 58 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 59 1.1 riastrad atf_check -s exit:0 -o ignore \ 60 1.1 riastrad rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 61 1.1 riastrad 62 1.1 riastrad # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 63 1.1 riastrad generate_keys 64 1.1 riastrad 65 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 66 1.1 riastrad setup_common shmif0 inet $ip_local 24 67 1.1 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 68 1.6 roy add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 69 1.7 martin $ifconfig -w 10 70 1.1 riastrad 71 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 72 1.1 riastrad setup_common shmif0 inet $ip_peer 24 73 1.1 riastrad setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 74 1.1 riastrad add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 75 1.6 roy $ifconfig -w 10 76 1.1 riastrad 77 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 78 1.1 riastrad 79 1.1 riastrad $ping $ip_wg_peer 80 1.1 riastrad 81 1.1 riastrad latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \ 82 1.4 tih | awk -F ': ' '/latest-handshake/ {print $2;}') 83 1.1 riastrad $DEBUG && echo $latest_handshake 84 1.1 riastrad 85 1.1 riastrad sleep 1 86 1.1 riastrad 87 1.1 riastrad $ping $ip_wg_peer 88 1.1 riastrad 89 1.9 riastrad atf_expect_fail "PR kern/56252" 90 1.9 riastrad 91 1.1 riastrad # No reinitiation is performed 92 1.1 riastrad atf_check -s exit:0 -o match:"$latest_handshake" \ 93 1.1 riastrad $HIJACKING wgconfig wg0 show peer peer0 94 1.1 riastrad 95 1.1 riastrad # Wait for a reinitiation to be performed 96 1.1 riastrad sleep $rekey_after_time 97 1.1 riastrad 98 1.1 riastrad $ping $ip_wg_peer 99 1.1 riastrad 100 1.1 riastrad # A reinitiation should be performed 101 1.1 riastrad atf_check -s exit:0 -o not-match:"$latest_handshake" \ 102 1.1 riastrad $HIJACKING wgconfig wg0 show peer peer0 103 1.1 riastrad 104 1.1 riastrad latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \ 105 1.4 tih | awk -F ': ' '/latest-handshake/ {print $2;}') 106 1.1 riastrad $DEBUG && echo $latest_handshake 107 1.1 riastrad 108 1.1 riastrad # Wait for a reinitiation to be performed again 109 1.5 riastrad sleep $((rekey_after_time+1)) 110 1.1 riastrad 111 1.1 riastrad $ping $ip_wg_peer 112 1.1 riastrad 113 1.1 riastrad # A reinitiation should be performed 114 1.1 riastrad atf_check -s exit:0 -o not-match:"$latest_handshake" \ 115 1.1 riastrad $HIJACKING wgconfig wg0 show peer peer0 116 1.1 riastrad 117 1.1 riastrad destroy_wg_interfaces 118 1.9 riastrad 119 1.9 riastrad atf_fail "failed to trigger PR kern/56252" 120 1.1 riastrad } 121 1.1 riastrad 122 1.1 riastrad wg_rekey_cleanup() 123 1.1 riastrad { 124 1.1 riastrad 125 1.1 riastrad $DEBUG && dump 126 1.1 riastrad cleanup 127 1.1 riastrad } 128 1.1 riastrad 129 1.1 riastrad atf_test_case wg_handshake_timeout cleanup 130 1.1 riastrad wg_handshake_timeout_head() 131 1.1 riastrad { 132 1.1 riastrad 133 1.1 riastrad atf_set "descr" "tests of handshake timeout of wg(4)" 134 1.1 riastrad atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 135 1.1 riastrad } 136 1.1 riastrad 137 1.1 riastrad wg_handshake_timeout_body() 138 1.1 riastrad { 139 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 140 1.1 riastrad local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1" 141 1.1 riastrad local ip_local=192.168.1.1 142 1.1 riastrad local ip_peer=192.168.1.2 143 1.1 riastrad local ip_wg_local=10.0.0.1 144 1.1 riastrad local ip_wg_peer=10.0.0.2 145 1.1 riastrad local port=51820 146 1.1 riastrad local rekey_after_time=3 147 1.1 riastrad local outfile=./out 148 1.1 riastrad local rekey_timeout=3 149 1.1 riastrad local rekey_attempt_time=8 150 1.1 riastrad local n= 151 1.1 riastrad 152 1.1 riastrad setup_servers 153 1.1 riastrad 154 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 155 1.1 riastrad atf_check -s exit:0 -o ignore \ 156 1.1 riastrad rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout 157 1.1 riastrad atf_check -s exit:0 -o ignore \ 158 1.1 riastrad rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time 159 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 160 1.1 riastrad atf_check -s exit:0 -o ignore \ 161 1.1 riastrad rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout 162 1.1 riastrad atf_check -s exit:0 -o ignore \ 163 1.1 riastrad rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time 164 1.1 riastrad 165 1.1 riastrad # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 166 1.1 riastrad generate_keys 167 1.1 riastrad 168 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 169 1.1 riastrad setup_common shmif0 inet $ip_local 24 170 1.1 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 171 1.6 roy add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 172 1.6 roy $ifconfig -w 10 173 1.1 riastrad 174 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 175 1.1 riastrad setup_common shmif0 inet $ip_peer 24 176 1.1 riastrad setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 177 1.1 riastrad add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 178 1.6 roy $ifconfig -w 10 179 1.1 riastrad 180 1.1 riastrad # Resolve arp 181 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 182 1.1 riastrad $ping $ip_peer 183 1.1 riastrad 184 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 185 1.1 riastrad $ifconfig shmif0 down 186 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 187 1.1 riastrad 188 1.1 riastrad extract_new_packets $BUS > $outfile 189 1.1 riastrad 190 1.1 riastrad # Should fail 191 1.1 riastrad atf_check -s not-exit:0 -o match:'100.0% packet loss' \ 192 1.1 riastrad rump.ping -n -c 1 -w 1 $ip_wg_peer 193 1.1 riastrad 194 1.1 riastrad sleep $((rekey_attempt_time + rekey_timeout)) 195 1.1 riastrad 196 1.1 riastrad extract_new_packets $BUS > $outfile 197 1.1 riastrad $DEBUG && cat $outfile 198 1.1 riastrad 199 1.1 riastrad n=$(grep "$ip_local.$port > $ip_peer.$port" $outfile |wc -l) 200 1.1 riastrad 201 1.11 gson atf_expect_fail "PR kern/56252" 202 1.11 gson 203 1.1 riastrad # Give up handshaking after three attempts 204 1.1 riastrad atf_check_equal $n 3 205 1.1 riastrad 206 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 207 1.1 riastrad $ifconfig shmif0 up 208 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 209 1.1 riastrad 210 1.1 riastrad destroy_wg_interfaces 211 1.9 riastrad 212 1.9 riastrad atf_fail "failed to trigger PR kern/56252" 213 1.1 riastrad } 214 1.1 riastrad 215 1.1 riastrad wg_handshake_timeout_cleanup() 216 1.1 riastrad { 217 1.1 riastrad 218 1.1 riastrad $DEBUG && dump 219 1.1 riastrad cleanup 220 1.1 riastrad } 221 1.1 riastrad 222 1.1 riastrad atf_test_case wg_cookie cleanup 223 1.1 riastrad wg_cookie_head() 224 1.1 riastrad { 225 1.1 riastrad 226 1.1 riastrad atf_set "descr" "tests of cookie messages of the wg(4) protocol" 227 1.1 riastrad atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 228 1.1 riastrad } 229 1.1 riastrad 230 1.1 riastrad wg_cookie_body() 231 1.1 riastrad { 232 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 233 1.1 riastrad local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 234 1.1 riastrad local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 235 1.1 riastrad local ip_local=192.168.1.1 236 1.1 riastrad local ip_peer=192.168.1.2 237 1.1 riastrad local ip_wg_local=10.0.0.1 238 1.1 riastrad local ip_wg_peer=10.0.0.2 239 1.1 riastrad local port=51820 240 1.1 riastrad local outfile=./out 241 1.1 riastrad local rekey_timeout=5 242 1.1 riastrad 243 1.1 riastrad setup_servers 244 1.1 riastrad 245 1.1 riastrad # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 246 1.1 riastrad generate_keys 247 1.1 riastrad 248 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 249 1.1 riastrad setup_common shmif0 inet $ip_local 24 250 1.1 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 251 1.6 roy add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 252 1.6 roy $ifconfig -w 10 253 1.1 riastrad 254 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 255 1.1 riastrad setup_common shmif0 inet $ip_peer 24 256 1.1 riastrad setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 257 1.1 riastrad add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 258 1.6 roy $ifconfig -w 10 259 1.1 riastrad 260 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 261 1.1 riastrad # Emulate load on the peer 262 1.1 riastrad atf_check -s exit:0 -o ignore \ 263 1.1 riastrad rump.sysctl -w net.wg.force_underload=1 264 1.1 riastrad 265 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 266 1.1 riastrad 267 1.1 riastrad extract_new_packets $BUS > $outfile 268 1.1 riastrad $DEBUG && cat $outfile 269 1.1 riastrad 270 1.1 riastrad # The peer doesn't return a response message but a cookie message 271 1.1 riastrad # and a session doesn't start 272 1.1 riastrad $ping_fail $ip_wg_peer 273 1.1 riastrad 274 1.9 riastrad atf_expect_fail "PR kern/56252" 275 1.9 riastrad 276 1.1 riastrad extract_new_packets $BUS > $outfile 277 1.1 riastrad $DEBUG && cat $outfile 278 1.1 riastrad # XXX length 64 indicates the message is a cookie message 279 1.1 riastrad atf_check -s exit:0 \ 280 1.1 riastrad -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 64" \ 281 1.1 riastrad cat $outfile 282 1.1 riastrad 283 1.2 riastrad $DEBUG && $HIJACKING wgconfig wg0 show all 284 1.4 tih atf_check -s exit:0 -o match:"latest-handshake: \(never\)" \ 285 1.1 riastrad $HIJACKING wgconfig wg0 286 1.1 riastrad 287 1.1 riastrad # Wait for restarting a session 288 1.1 riastrad sleep $rekey_timeout 289 1.1 riastrad 290 1.1 riastrad # The second attempt should be success because the init message has 291 1.1 riastrad # a valid cookie. 292 1.1 riastrad $ping $ip_wg_peer 293 1.1 riastrad 294 1.2 riastrad $DEBUG && $HIJACKING wgconfig wg0 show all 295 1.4 tih atf_check -s exit:0 -o not-match:"latest-handshake: \(never\)" \ 296 1.1 riastrad $HIJACKING wgconfig wg0 297 1.1 riastrad 298 1.1 riastrad destroy_wg_interfaces 299 1.9 riastrad 300 1.9 riastrad atf_fail "failed to trigger PR kern/56252" 301 1.1 riastrad } 302 1.1 riastrad 303 1.1 riastrad wg_cookie_cleanup() 304 1.1 riastrad { 305 1.1 riastrad 306 1.1 riastrad $DEBUG && dump 307 1.1 riastrad cleanup 308 1.1 riastrad } 309 1.1 riastrad 310 1.1 riastrad atf_test_case wg_mobility cleanup 311 1.1 riastrad wg_mobility_head() 312 1.1 riastrad { 313 1.1 riastrad 314 1.1 riastrad atf_set "descr" "tests of the mobility of wg(4)" 315 1.1 riastrad atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 316 1.1 riastrad } 317 1.1 riastrad 318 1.1 riastrad wg_mobility_body() 319 1.1 riastrad { 320 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 321 1.1 riastrad local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 322 1.1 riastrad local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 323 1.1 riastrad local ip_local=192.168.1.1 324 1.1 riastrad local ip_peer=192.168.1.2 325 1.1 riastrad local ip_peer_new=192.168.1.3 326 1.1 riastrad local ip_wg_local=10.0.0.1 327 1.1 riastrad local ip_wg_peer=10.0.0.2 328 1.1 riastrad local port=51820 329 1.1 riastrad local outfile=./out 330 1.1 riastrad 331 1.1 riastrad setup_servers 332 1.1 riastrad 333 1.1 riastrad # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 334 1.1 riastrad generate_keys 335 1.1 riastrad 336 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 337 1.1 riastrad setup_common shmif0 inet $ip_local 24 338 1.1 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 339 1.6 roy # Initially, the local doesn't know the endpoint of the peer 340 1.6 roy add_peer wg0 peer0 $key_pub_peer "" $ip_wg_peer/32 341 1.6 roy $ifconfig -w 10 342 1.1 riastrad 343 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 344 1.1 riastrad setup_common shmif0 inet $ip_peer 24 345 1.1 riastrad setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 346 1.1 riastrad add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 347 1.6 roy $ifconfig -w 10 348 1.1 riastrad 349 1.1 riastrad extract_new_packets $BUS > $outfile 350 1.1 riastrad $DEBUG && cat $outfile 351 1.1 riastrad 352 1.1 riastrad # Ping from the local to the peer doesn't work because the local 353 1.1 riastrad # doesn't know the endpoint of the peer 354 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 355 1.1 riastrad $ping_fail $ip_wg_peer 356 1.1 riastrad 357 1.9 riastrad atf_expect_fail "PR kern/56252" 358 1.9 riastrad 359 1.1 riastrad extract_new_packets $BUS > $outfile 360 1.1 riastrad $DEBUG && cat $outfile 361 1.1 riastrad 362 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 363 1.1 riastrad $ping $ip_wg_local 364 1.1 riastrad 365 1.1 riastrad extract_new_packets $BUS > $outfile 366 1.1 riastrad $DEBUG && cat $outfile 367 1.1 riastrad 368 1.1 riastrad atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile 369 1.1 riastrad 370 1.1 riastrad # Change the IP address of the peer 371 1.1 riastrad setup_common shmif0 inet $ip_peer_new 24 372 1.6 roy $ifconfig -w 10 373 1.1 riastrad 374 1.1 riastrad # Ping from the local to the peer doesn't work because the local 375 1.1 riastrad # doesn't know the change of the IP address of the peer 376 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 377 1.1 riastrad $ping_fail $ip_wg_peer 378 1.1 riastrad 379 1.1 riastrad extract_new_packets $BUS > $outfile 380 1.1 riastrad $DEBUG && cat $outfile 381 1.1 riastrad 382 1.1 riastrad atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile 383 1.1 riastrad 384 1.1 riastrad # Ping from the peer to the local works because the local notices 385 1.1 riastrad # the change and updates the IP address of the peer 386 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 387 1.1 riastrad $ping $ip_wg_local 388 1.1 riastrad 389 1.1 riastrad extract_new_packets $BUS > $outfile 390 1.1 riastrad $DEBUG && cat $outfile 391 1.1 riastrad 392 1.1 riastrad atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer_new.$port" cat $outfile 393 1.1 riastrad atf_check -s exit:0 -o match:"$ip_peer_new.$port > $ip_local.$port" cat $outfile 394 1.1 riastrad atf_check -s exit:0 -o not-match:"$ip_local.$port > $ip_peer.$port" cat $outfile 395 1.1 riastrad 396 1.1 riastrad destroy_wg_interfaces 397 1.9 riastrad 398 1.9 riastrad atf_fail "failed to trigger PR kern/56252" 399 1.1 riastrad } 400 1.1 riastrad 401 1.1 riastrad wg_mobility_cleanup() 402 1.1 riastrad { 403 1.1 riastrad 404 1.1 riastrad $DEBUG && dump 405 1.1 riastrad cleanup 406 1.1 riastrad } 407 1.1 riastrad 408 1.1 riastrad atf_test_case wg_keepalive cleanup 409 1.1 riastrad wg_keepalive_head() 410 1.1 riastrad { 411 1.1 riastrad 412 1.1 riastrad atf_set "descr" "tests keepalive messages" 413 1.1 riastrad atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 414 1.1 riastrad } 415 1.1 riastrad 416 1.1 riastrad wg_keepalive_body() 417 1.1 riastrad { 418 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 419 1.1 riastrad local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 420 1.1 riastrad local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 421 1.1 riastrad local ip_local=192.168.1.1 422 1.1 riastrad local ip_peer=192.168.1.2 423 1.1 riastrad local ip_peer_new=192.168.1.3 424 1.1 riastrad local ip_wg_local=10.0.0.1 425 1.1 riastrad local ip_wg_peer=10.0.0.2 426 1.1 riastrad local port=51820 427 1.1 riastrad local outfile=./out 428 1.1 riastrad local keepalive_timeout=3 429 1.1 riastrad 430 1.1 riastrad setup_servers 431 1.1 riastrad 432 1.1 riastrad # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 433 1.1 riastrad generate_keys 434 1.1 riastrad 435 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 436 1.1 riastrad setup_common shmif0 inet $ip_local 24 437 1.1 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 438 1.6 roy add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 439 1.8 riastrad $ifconfig -w 10 440 1.1 riastrad 441 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 442 1.1 riastrad setup_common shmif0 inet $ip_peer 24 443 1.1 riastrad setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 444 1.1 riastrad add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 445 1.6 roy $ifconfig -w 10 446 1.1 riastrad 447 1.1 riastrad # Shorten keepalive_timeout of the peer 448 1.1 riastrad atf_check -s exit:0 -o ignore \ 449 1.1 riastrad rump.sysctl -w net.wg.keepalive_timeout=$keepalive_timeout 450 1.1 riastrad 451 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 452 1.1 riastrad 453 1.1 riastrad extract_new_packets $BUS > $outfile 454 1.1 riastrad $DEBUG && cat $outfile 455 1.1 riastrad 456 1.1 riastrad $ping $ip_wg_peer 457 1.1 riastrad 458 1.1 riastrad extract_new_packets $BUS > $outfile 459 1.1 riastrad $DEBUG && cat $outfile 460 1.1 riastrad 461 1.1 riastrad sleep $((keepalive_timeout + 1)) 462 1.1 riastrad 463 1.1 riastrad $ping $ip_wg_peer 464 1.1 riastrad 465 1.1 riastrad extract_new_packets $BUS > $outfile 466 1.1 riastrad $DEBUG && cat $outfile 467 1.1 riastrad 468 1.1 riastrad # XXX length 32 indicates the message is a keepalive (empty) message 469 1.1 riastrad atf_check -s exit:0 -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 32" \ 470 1.1 riastrad cat $outfile 471 1.1 riastrad 472 1.1 riastrad destroy_wg_interfaces 473 1.1 riastrad } 474 1.1 riastrad 475 1.1 riastrad wg_keepalive_cleanup() 476 1.1 riastrad { 477 1.1 riastrad 478 1.1 riastrad $DEBUG && dump 479 1.1 riastrad cleanup 480 1.1 riastrad } 481 1.1 riastrad 482 1.1 riastrad atf_test_case wg_psk cleanup 483 1.1 riastrad wg_psk_head() 484 1.1 riastrad { 485 1.1 riastrad 486 1.1 riastrad atf_set "descr" "tests preshared-key" 487 1.1 riastrad atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 488 1.1 riastrad } 489 1.1 riastrad 490 1.1 riastrad test_psk_common() 491 1.1 riastrad { 492 1.1 riastrad } 493 1.1 riastrad 494 1.1 riastrad wg_psk_body() 495 1.1 riastrad { 496 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 497 1.1 riastrad local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 498 1.1 riastrad local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 499 1.1 riastrad local ip_local=192.168.1.1 500 1.1 riastrad local ip_peer=192.168.1.2 501 1.1 riastrad local ip_peer_new=192.168.1.3 502 1.1 riastrad local ip_wg_local=10.0.0.1 503 1.1 riastrad local ip_wg_peer=10.0.0.2 504 1.1 riastrad local port=51820 505 1.1 riastrad local outfile=./out 506 1.1 riastrad local pskfile=./psk 507 1.1 riastrad local rekey_after_time=3 508 1.1 riastrad 509 1.1 riastrad setup_servers 510 1.1 riastrad 511 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 512 1.1 riastrad atf_check -s exit:0 -o ignore \ 513 1.1 riastrad rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 514 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 515 1.1 riastrad atf_check -s exit:0 -o ignore \ 516 1.1 riastrad rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 517 1.1 riastrad 518 1.1 riastrad # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 519 1.1 riastrad generate_keys 520 1.1 riastrad key_psk=$(wg-keygen --psk) 521 1.1 riastrad $DEBUG && echo $key_psk 522 1.1 riastrad 523 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 524 1.1 riastrad setup_common shmif0 inet $ip_local 24 525 1.1 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 526 1.1 riastrad 527 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 528 1.1 riastrad setup_common shmif0 inet $ip_peer 24 529 1.1 riastrad setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 530 1.1 riastrad 531 1.1 riastrad echo "$key_psk" > $pskfile 532 1.1 riastrad 533 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 534 1.1 riastrad 535 1.1 riastrad # The local always has the preshared key 536 1.1 riastrad add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 \ 537 1.1 riastrad $pskfile "$key_psk" 538 1.6 roy $ifconfig -w 10 539 1.1 riastrad 540 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 541 1.1 riastrad 542 1.1 riastrad # First, try the peer without the preshared key 543 1.1 riastrad add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 544 1.6 roy $ifconfig -w 10 545 1.1 riastrad 546 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 547 1.1 riastrad 548 1.1 riastrad extract_new_packets $BUS > $outfile 549 1.1 riastrad $DEBUG && cat $outfile 550 1.1 riastrad 551 1.1 riastrad $ping_fail $ip_wg_peer 552 1.1 riastrad 553 1.1 riastrad extract_new_packets $BUS > $outfile 554 1.1 riastrad $DEBUG && cat $outfile 555 1.1 riastrad 556 1.1 riastrad # Next, try with the preshared key 557 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 558 1.1 riastrad delete_peer wg0 peer0 559 1.1 riastrad add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 \ 560 1.1 riastrad $pskfile "$key_psk" 561 1.6 roy $ifconfig -w 10 562 1.1 riastrad 563 1.1 riastrad # Need a rekey 564 1.1 riastrad atf_check -s exit:0 sleep $((rekey_after_time + 1)) 565 1.1 riastrad 566 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 567 1.1 riastrad 568 1.1 riastrad extract_new_packets $BUS > $outfile 569 1.1 riastrad $DEBUG && cat $outfile 570 1.1 riastrad 571 1.1 riastrad $ping $ip_wg_peer 572 1.1 riastrad 573 1.1 riastrad extract_new_packets $BUS > $outfile 574 1.1 riastrad $DEBUG && cat $outfile 575 1.1 riastrad 576 1.1 riastrad # Then, try again without the preshared key just in case 577 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 578 1.1 riastrad delete_peer wg0 peer0 579 1.1 riastrad add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 580 1.6 roy $ifconfig -w 10 581 1.1 riastrad 582 1.1 riastrad # Need a rekey 583 1.1 riastrad atf_check -s exit:0 sleep $((rekey_after_time + 1)) 584 1.1 riastrad 585 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 586 1.1 riastrad $ping_fail $ip_wg_peer 587 1.1 riastrad 588 1.1 riastrad rm -f $pskfile 589 1.1 riastrad 590 1.1 riastrad destroy_wg_interfaces 591 1.1 riastrad } 592 1.1 riastrad 593 1.1 riastrad wg_psk_cleanup() 594 1.1 riastrad { 595 1.1 riastrad 596 1.1 riastrad $DEBUG && dump 597 1.1 riastrad cleanup 598 1.1 riastrad } 599 1.1 riastrad 600 1.3 riastrad atf_test_case wg_malformed cleanup 601 1.3 riastrad wg_malformed_head() 602 1.3 riastrad { 603 1.3 riastrad 604 1.3 riastrad atf_set "descr" "tests malformed packet headers" 605 1.3 riastrad atf_set "require.progs" "nc" "rump_server" "wgconfig" "wg-keygen" 606 1.3 riastrad atf_set "timeout" "10" 607 1.3 riastrad } 608 1.3 riastrad 609 1.3 riastrad wg_malformed_body() 610 1.3 riastrad { 611 1.3 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 612 1.3 riastrad local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1" 613 1.3 riastrad local ip_local=192.168.1.1 614 1.3 riastrad local ip_peer=192.168.1.2 615 1.3 riastrad local ip_wg_local=10.0.0.1 616 1.3 riastrad local ip_wg_peer=10.0.0.2 617 1.3 riastrad local port=51820 618 1.3 riastrad setup_servers 619 1.3 riastrad 620 1.3 riastrad # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 621 1.3 riastrad generate_keys 622 1.3 riastrad 623 1.3 riastrad export RUMP_SERVER=$SOCK_LOCAL 624 1.3 riastrad setup_common shmif0 inet $ip_local 24 625 1.3 riastrad setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 626 1.6 roy add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 627 1.6 roy $ifconfig -w 10 628 1.3 riastrad 629 1.3 riastrad export RUMP_SERVER=$SOCK_PEER 630 1.3 riastrad setup_common shmif0 inet $ip_peer 24 631 1.3 riastrad setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 632 1.3 riastrad add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 633 1.6 roy $ifconfig -w 10 634 1.3 riastrad 635 1.3 riastrad export RUMP_SERVER=$SOCK_LOCAL 636 1.3 riastrad 637 1.3 riastrad $ping $ip_wg_peer 638 1.3 riastrad 639 1.3 riastrad printf 'send malformed packets\n' 640 1.3 riastrad 641 1.3 riastrad $HIJACKING ping -c 1 -n $ip_peer 642 1.3 riastrad 643 1.3 riastrad printf 'x' | $HIJACKING nc -Nu -w 0 $ip_peer $port 644 1.3 riastrad printf 'xy' | $HIJACKING nc -Nu -w 0 $ip_peer $port 645 1.3 riastrad printf 'xyz' | $HIJACKING nc -Nu -w 0 $ip_peer $port 646 1.3 riastrad printf 'xyzw' | $HIJACKING nc -Nu -w 0 $ip_peer $port 647 1.3 riastrad printf '\x00\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 648 1.3 riastrad printf '\x00\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 649 1.3 riastrad printf '\x01\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 650 1.3 riastrad printf '\x01\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 651 1.3 riastrad printf '\x02\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 652 1.3 riastrad printf '\x02\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 653 1.3 riastrad printf '\x03\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 654 1.3 riastrad printf '\x03\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 655 1.3 riastrad printf '\x04\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 656 1.3 riastrad printf '\x04\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 657 1.3 riastrad 658 1.3 riastrad printf 'done sending malformed packets\n' 659 1.3 riastrad 660 1.3 riastrad $ping $ip_wg_peer 661 1.3 riastrad } 662 1.3 riastrad 663 1.3 riastrad wg_malformed_cleanup() 664 1.3 riastrad { 665 1.3 riastrad 666 1.3 riastrad $DEBUG && dump 667 1.3 riastrad cleanup 668 1.3 riastrad } 669 1.3 riastrad 670 1.1 riastrad atf_init_test_cases() 671 1.1 riastrad { 672 1.1 riastrad 673 1.1 riastrad atf_add_test_case wg_rekey 674 1.1 riastrad atf_add_test_case wg_handshake_timeout 675 1.1 riastrad atf_add_test_case wg_cookie 676 1.1 riastrad atf_add_test_case wg_mobility 677 1.1 riastrad atf_add_test_case wg_keepalive 678 1.1 riastrad atf_add_test_case wg_psk 679 1.3 riastrad atf_add_test_case wg_malformed 680 1.1 riastrad } 681
Indexes created Fri Sep 26 20:09:58 GMT 2025