t_tunnel.sh revision 1.2
1 1.2 tih # $NetBSD: t_tunnel.sh,v 1.2 2020/08/29 07:22:49 tih Exp $ 2 1.1 riastrad # 3 1.1 riastrad # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota (at] gmail.com> 4 1.1 riastrad # All rights reserved. 5 1.1 riastrad # 6 1.1 riastrad # Redistribution and use in source and binary forms, with or without 7 1.1 riastrad # modification, are permitted provided that the following conditions 8 1.1 riastrad # are met: 9 1.1 riastrad # 1. Redistributions of source code must retain the above copyright 10 1.1 riastrad # notice, this list of conditions and the following disclaimer. 11 1.1 riastrad # 2. Redistributions in binary form must reproduce the above copyright 12 1.1 riastrad # notice, this list of conditions and the following disclaimer in the 13 1.1 riastrad # documentation and/or other materials provided with the distribution. 14 1.1 riastrad # 15 1.1 riastrad # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1 riastrad # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1 riastrad # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1 riastrad # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1 riastrad # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1 riastrad # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1 riastrad # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1 riastrad # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1 riastrad # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1 riastrad # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1 riastrad # POSSIBILITY OF SUCH DAMAGE. 26 1.1 riastrad # 27 1.1 riastrad 28 1.1 riastrad BUS_LOCAL=bus_local 29 1.1 riastrad BUS_TUN=bus_tun 30 1.1 riastrad BUS_PEER=bus_peer 31 1.1 riastrad SOCK_LOCAL=unix://wg_local 32 1.1 riastrad SOCK_TUN_LOCAL=unix://wg_tun_local 33 1.1 riastrad SOCK_TUN_PEER=unix://wg_tun_peer 34 1.1 riastrad SOCK_PEER=unix://wg_peer 35 1.1 riastrad 36 1.1 riastrad escape_key() 37 1.1 riastrad { 38 1.1 riastrad 39 1.1 riastrad echo $1 | sed 's/\+/\\+/g' | sed 's|\/|\\/|g' 40 1.1 riastrad } 41 1.1 riastrad 42 1.1 riastrad setup_servers() 43 1.1 riastrad { 44 1.1 riastrad 45 1.1 riastrad rump_server_start $SOCK_LOCAL netinet6 46 1.1 riastrad rump_server_add_iface $SOCK_LOCAL shmif0 $BUS_LOCAL 47 1.1 riastrad 48 1.1 riastrad rump_server_crypto_start $SOCK_TUN_LOCAL netinet6 wg 49 1.1 riastrad rump_server_add_iface $SOCK_TUN_LOCAL shmif0 $BUS_LOCAL 50 1.1 riastrad rump_server_add_iface $SOCK_TUN_LOCAL shmif1 $BUS_TUN 51 1.1 riastrad 52 1.1 riastrad rump_server_crypto_start $SOCK_TUN_PEER netinet6 wg 53 1.1 riastrad rump_server_add_iface $SOCK_TUN_PEER shmif0 $BUS_PEER 54 1.1 riastrad rump_server_add_iface $SOCK_TUN_PEER shmif1 $BUS_TUN 55 1.1 riastrad 56 1.1 riastrad rump_server_start $SOCK_PEER netinet6 57 1.1 riastrad rump_server_add_iface $SOCK_PEER shmif0 $BUS_PEER 58 1.1 riastrad } 59 1.1 riastrad 60 1.1 riastrad setup_edge() 61 1.1 riastrad { 62 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 63 1.1 riastrad local proto=$1 64 1.1 riastrad local ip=$2 65 1.1 riastrad local prefix=$3 66 1.1 riastrad local gw=$4 67 1.1 riastrad local ip_bad=$5 68 1.1 riastrad local alias= 69 1.1 riastrad 70 1.1 riastrad atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 71 1.1 riastrad atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 72 1.1 riastrad $ifconfig shmif0 $proto $ip/$prefix 73 1.1 riastrad atf_check -s exit:0 -o ignore rump.route add -$proto default $gw 74 1.1 riastrad 75 1.1 riastrad if [ -z "$ip_bad" ]; then 76 1.1 riastrad return 77 1.1 riastrad fi 78 1.1 riastrad 79 1.1 riastrad if [ $proto = inet ]; then 80 1.1 riastrad alias="alias" 81 1.1 riastrad fi 82 1.1 riastrad 83 1.1 riastrad $ifconfig shmif0 $proto $ip_bad/$prefix $alias 84 1.1 riastrad } 85 1.1 riastrad 86 1.1 riastrad setup_ip() 87 1.1 riastrad { 88 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 89 1.1 riastrad local proto=$1 90 1.1 riastrad local ip=$2 91 1.1 riastrad local prefix=$3 92 1.1 riastrad 93 1.1 riastrad $ifconfig shmif0 $proto $ip/$prefix 94 1.1 riastrad } 95 1.1 riastrad setup_router() 96 1.1 riastrad { 97 1.1 riastrad 98 1.1 riastrad atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.forwarding=1 99 1.1 riastrad atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.forwarding=1 100 1.1 riastrad atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 101 1.1 riastrad atf_check -s exit:0 rump.sysctl -q -w net.inet6.ip6.dad_count=0 102 1.1 riastrad } 103 1.1 riastrad 104 1.1 riastrad setup_wg() 105 1.1 riastrad { 106 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 107 1.1 riastrad local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 108 1.1 riastrad local proto=$1 109 1.1 riastrad local ip=$2 110 1.1 riastrad local prefix=$3 111 1.1 riastrad local port=$4 112 1.1 riastrad local key_priv="$5" 113 1.1 riastrad local privfile=./tmp 114 1.1 riastrad 115 1.1 riastrad $ifconfig wg0 create 116 1.1 riastrad $ifconfig wg0 $proto $ip/$prefix 117 1.1 riastrad $DEBUG && rump.netstat -nr 118 1.1 riastrad echo $key_priv > $privfile 119 1.1 riastrad $wgconfig wg0 set private-key $privfile 120 1.1 riastrad $wgconfig wg0 set listen-port $port 121 1.1 riastrad rm -f $privfile 122 1.1 riastrad $ifconfig wg0 up 123 1.1 riastrad 124 1.1 riastrad check_conf_port wg0 $port 125 1.1 riastrad check_conf_privkey wg0 "$key_priv" 126 1.1 riastrad } 127 1.1 riastrad 128 1.1 riastrad setup_wg_route() 129 1.1 riastrad { 130 1.1 riastrad local proto=$1 131 1.1 riastrad local subnet=$2 132 1.1 riastrad local subnet_bad=$3 133 1.1 riastrad 134 1.1 riastrad atf_check -s exit:0 -o ignore rump.route add -$proto -net $subnet -link wg0 -iface 135 1.1 riastrad if [ -n "$subnet_bad" ]; then 136 1.1 riastrad atf_check -s exit:0 -o ignore rump.route add -$proto -net $subnet_bad -link wg0 -iface 137 1.1 riastrad fi 138 1.1 riastrad } 139 1.1 riastrad 140 1.1 riastrad prepare_file() 141 1.1 riastrad { 142 1.1 riastrad local file=$1 143 1.1 riastrad local data="0123456789" 144 1.1 riastrad 145 1.1 riastrad touch $file 146 1.1 riastrad for i in `seq 1 200` 147 1.1 riastrad do 148 1.1 riastrad echo $data >> $file 149 1.1 riastrad done 150 1.1 riastrad } 151 1.1 riastrad 152 1.1 riastrad test_tcp() 153 1.1 riastrad { 154 1.1 riastrad local proto=$1 155 1.1 riastrad local ip_peer=$2 156 1.1 riastrad local _proto= 157 1.1 riastrad 158 1.1 riastrad prepare_file ./file_send 159 1.1 riastrad 160 1.1 riastrad if [ $proto = inet ]; then 161 1.1 riastrad _proto=ipv4 162 1.1 riastrad else 163 1.1 riastrad _proto=ipv6 164 1.1 riastrad fi 165 1.1 riastrad start_nc_server $SOCK_PEER 1234 ./file_recv $_proto 166 1.1 riastrad 167 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 168 1.1 riastrad # Send a file to the server 169 1.1 riastrad # XXX Need a bit longer timeout value because the packet processing 170 1.1 riastrad # of the implementation is quite inefficient... 171 1.1 riastrad atf_check -s exit:0 $HIJACKING \ 172 1.1 riastrad nc -N -w 20 $ip_peer 1234 < ./file_send 173 1.1 riastrad $DEBUG && extract_new_packets $BUS > ./out 174 1.1 riastrad $DEBUG && cat ./out 175 1.1 riastrad stop_nc_server 176 1.1 riastrad $DEBUG && ls -s ./file_send ./file_recv 177 1.1 riastrad $DEBUG && wc -l ./file_send 178 1.1 riastrad $DEBUG && wc -l ./file_recv 179 1.1 riastrad $DEBUG && diff -u ./file_send ./file_recv 180 1.1 riastrad atf_check -s exit:0 diff -q ./file_send ./file_recv 181 1.1 riastrad rm -f ./out ./file_recv ./file_send 182 1.1 riastrad } 183 1.1 riastrad 184 1.1 riastrad wg_tunnel_common() 185 1.1 riastrad { 186 1.1 riastrad local outer_proto=$1 187 1.1 riastrad local inner_proto=$2 188 1.1 riastrad local ifconfig="atf_check -s exit:0 rump.ifconfig" 189 1.1 riastrad local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 190 1.1 riastrad local port=51820 191 1.1 riastrad local ip_local= ip_peer= 192 1.1 riastrad local ip_wg_local= ip_wg_peer= 193 1.1 riastrad local outer_prefix= outer_prefixall= 194 1.1 riastrad local inner_prefix= inner_prefixall= 195 1.1 riastrad 196 1.1 riastrad if [ $outer_proto = inet ]; then 197 1.1 riastrad ip_tun_local_tun=192.168.10.1 198 1.1 riastrad ip_tun_peer_tun=192.168.10.2 199 1.1 riastrad outer_prefix=24 200 1.1 riastrad outer_prefixall=32 201 1.1 riastrad else 202 1.1 riastrad ip_tun_local_tun=fc00:10::1 203 1.1 riastrad ip_tun_peer_tun=fc00:10::2 204 1.1 riastrad outer_prefix=64 205 1.1 riastrad outer_prefixall=128 206 1.1 riastrad fi 207 1.1 riastrad 208 1.1 riastrad if [ $inner_proto = inet ]; then 209 1.1 riastrad ip_local=192.168.1.2 210 1.1 riastrad ip_tun_local=192.168.1.1 211 1.1 riastrad ip_wg_local=10.0.0.1 212 1.1 riastrad ip_wg_peer=10.0.0.2 213 1.1 riastrad ip_tun_peer=192.168.2.1 214 1.1 riastrad ip_peer=192.168.2.2 215 1.1 riastrad ip_peer_bad=192.168.3.2 216 1.1 riastrad inner_prefix=24 217 1.1 riastrad inner_prefixall=32 218 1.1 riastrad subnet_local=192.168.1.0/24 219 1.1 riastrad subnet_peer=192.168.2.0/24 220 1.1 riastrad subnet_peer_bad=192.168.3.0/24 221 1.1 riastrad else 222 1.1 riastrad ip_tun_local=fc00:1::1 223 1.1 riastrad ip_local=fc00:1::2 224 1.1 riastrad ip_wg_local=fd00::1 225 1.1 riastrad ip_wg_peer=fd00::2 226 1.1 riastrad ip_tun_peer=fc00:2::1 227 1.1 riastrad ip_peer=fc00:2::2 228 1.1 riastrad ip_peer_bad=fc00:3::2 229 1.1 riastrad inner_prefix=64 230 1.1 riastrad inner_prefixall=128 231 1.1 riastrad subnet_local=fc00:1::/64 232 1.1 riastrad subnet_peer=fc00:2::/64 233 1.1 riastrad subnet_peer_bad=fc00:3::/64 234 1.1 riastrad fi 235 1.1 riastrad 236 1.1 riastrad setup_servers 237 1.1 riastrad 238 1.1 riastrad # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 239 1.1 riastrad generate_keys 240 1.1 riastrad 241 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 242 1.1 riastrad setup_edge $inner_proto $ip_local $inner_prefix $ip_tun_local 243 1.1 riastrad 244 1.1 riastrad export RUMP_SERVER=$SOCK_TUN_LOCAL 245 1.1 riastrad setup_router 246 1.1 riastrad $ifconfig shmif0 $inner_proto $ip_tun_local/$inner_prefix 247 1.1 riastrad $ifconfig shmif1 $outer_proto $ip_tun_local_tun/$outer_prefix 248 1.1 riastrad setup_wg $inner_proto $ip_wg_local $inner_prefix $port "$key_priv_local" 249 1.1 riastrad setup_wg_route $inner_proto $subnet_peer $subnet_peer_bad 250 1.1 riastrad 251 1.1 riastrad export RUMP_SERVER=$SOCK_TUN_PEER 252 1.1 riastrad setup_router 253 1.1 riastrad $ifconfig shmif0 $inner_proto $ip_tun_peer/$inner_prefix 254 1.1 riastrad $ifconfig shmif1 $outer_proto $ip_tun_peer_tun/$outer_prefix 255 1.1 riastrad setup_wg $inner_proto $ip_wg_peer $inner_prefix $port "$key_priv_peer" 256 1.1 riastrad setup_wg_route $inner_proto $subnet_local 257 1.1 riastrad 258 1.1 riastrad export RUMP_SERVER=$SOCK_PEER 259 1.1 riastrad setup_edge $inner_proto $ip_peer $inner_prefix $ip_tun_peer $ip_peer_bad 260 1.1 riastrad 261 1.1 riastrad export RUMP_SERVER=$SOCK_TUN_LOCAL 262 1.1 riastrad add_peer wg0 peer0 $key_pub_peer $ip_tun_peer_tun:$port \ 263 1.1 riastrad $ip_wg_peer/$inner_prefixall,$subnet_peer 264 1.1 riastrad 265 1.1 riastrad export RUMP_SERVER=$SOCK_TUN_PEER 266 1.1 riastrad add_peer wg0 peer0 $key_pub_local $ip_tun_local_tun:$port \ 267 1.1 riastrad $ip_wg_local/$inner_prefixall,$subnet_local 268 1.1 riastrad 269 1.1 riastrad export RUMP_SERVER=$SOCK_TUN_LOCAL 270 1.2 tih atf_check -s exit:0 -o match:"latest-handshake: \(never\)" \ 271 1.1 riastrad $HIJACKING wgconfig wg0 show peer peer0 272 1.1 riastrad 273 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 274 1.1 riastrad check_ping $inner_proto $ip_peer 275 1.1 riastrad 276 1.1 riastrad export RUMP_SERVER=$SOCK_TUN_LOCAL 277 1.2 tih atf_check -s exit:0 -o not-match:"latest-handshake: \(never\)" \ 278 1.1 riastrad $HIJACKING wgconfig wg0 show peer peer0 279 1.1 riastrad 280 1.1 riastrad export RUMP_SERVER=$SOCK_LOCAL 281 1.1 riastrad # ping fails because the subnet of the IP is not allowed 282 1.1 riastrad check_ping_fail $inner_proto $ip_peer_bad 283 1.1 riastrad 284 1.1 riastrad # 285 1.1 riastrad # Test TCP stream over the tunnel 286 1.1 riastrad # 287 1.1 riastrad test_tcp $inner_proto $ip_peer 288 1.1 riastrad 289 1.1 riastrad export RUMP_SERVER=$SOCK_TUN_LOCAL 290 1.1 riastrad $ifconfig wg0 destroy 291 1.1 riastrad export RUMP_SERVER=$SOCK_TUN_PEER 292 1.1 riastrad $ifconfig wg0 destroy 293 1.1 riastrad } 294 1.1 riastrad 295 1.1 riastrad add_tunnel_test() 296 1.1 riastrad { 297 1.1 riastrad local inner=$1 298 1.1 riastrad local outer=$2 299 1.1 riastrad local ipv4=inet 300 1.1 riastrad local ipv6=inet6 301 1.1 riastrad 302 1.1 riastrad name="wg_tunnel_${inner}_over_${outer}" 303 1.1 riastrad fulldesc="Test wg(4) with ${inner} over ${outer}" 304 1.1 riastrad 305 1.1 riastrad eval inner=\$$inner 306 1.1 riastrad eval outer=\$$outer 307 1.1 riastrad 308 1.1 riastrad atf_test_case ${name} cleanup 309 1.1 riastrad eval " 310 1.1 riastrad ${name}_head() { 311 1.1 riastrad atf_set descr \"${fulldesc}\" 312 1.1 riastrad atf_set require.progs rump_server wgconfig wg-keygen 313 1.1 riastrad } 314 1.1 riastrad ${name}_body() { 315 1.1 riastrad wg_tunnel_common $outer $inner 316 1.1 riastrad rump_server_destroy_ifaces 317 1.1 riastrad } 318 1.1 riastrad ${name}_cleanup() { 319 1.1 riastrad \$DEBUG && dump 320 1.1 riastrad cleanup 321 1.1 riastrad }" 322 1.1 riastrad atf_add_test_case ${name} 323 1.1 riastrad } 324 1.1 riastrad 325 1.1 riastrad atf_init_test_cases() 326 1.1 riastrad { 327 1.1 riastrad 328 1.1 riastrad add_tunnel_test ipv4 ipv4 329 1.1 riastrad add_tunnel_test ipv4 ipv6 330 1.1 riastrad add_tunnel_test ipv6 ipv4 331 1.1 riastrad add_tunnel_test ipv6 ipv6 332 1.1 riastrad } 333
Indexes created Mon Sep 29 15:09:53 GMT 2025