1# $NetBSD: common.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $ 2# 3# Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com> 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25# POSSIBILITY OF SUCH DAMAGE. 26# 27 28escape_key() 29{ 30 31 echo $1 | sed 's/\+/\\+/g' | sed 's|\/|\\/|g' 32} 33 34setup_servers() 35{ 36 37 rump_server_crypto_start $SOCK_LOCAL netinet6 wg 38 rump_server_add_iface $SOCK_LOCAL shmif0 $BUS 39 40 rump_server_crypto_start $SOCK_PEER netinet6 wg 41 rump_server_add_iface $SOCK_PEER shmif0 $BUS 42} 43 44check_conf_port() 45{ 46 local ifname=$1 47 local port=$2 48 49 atf_check -s exit:0 -o match:"listen-port: $port" \ 50 $HIJACKING wgconfig $ifname 51} 52 53check_conf_privkey() 54{ 55 local ifname=$1 56 local key_priv="$2" 57 58 atf_check -s exit:0 -o match:"private-key: $(escape_key $key_priv)" \ 59 $HIJACKING wgconfig $ifname show private-key 60} 61 62setup_common() 63{ 64 local ifconfig="atf_check -s exit:0 rump.ifconfig" 65 local ifname=$1 66 local proto=$2 67 local ip=$3 68 local prefix=$4 69 70 $ifconfig $ifname $proto $ip/$prefix 71} 72 73setup_wg_common() 74{ 75 local ifconfig="atf_check -s exit:0 rump.ifconfig" 76 local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 77 local ifname=$1 78 local proto=$2 79 local ip=$3 80 local prefix=$4 81 local port=$5 82 local key_priv="$6" 83 local tun=$7 84 local privfile=./tmp 85 86 $ifconfig $ifname create 87 if [ -n "$tun" ]; then 88 $ifconfig $ifname linkstr $tun 89 fi 90 $ifconfig $ifname $proto $ip/$prefix 91 $DEBUG && rump.netstat -nr 92 echo $key_priv > $privfile 93 $wgconfig $ifname set private-key $privfile 94 $wgconfig $ifname set listen-port $port 95 rm -f $privfile 96 $ifconfig $ifname up 97 $DEBUG && rump.ifconfig $ifname 98 99 check_conf_port $ifname $port 100 check_conf_privkey $ifname "$key_priv" 101} 102 103check_ping() 104{ 105 local proto=$1 106 local ip=$2 107 local ping= 108 109 if [ $proto = inet ]; then 110 ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 111 else 112 ping="atf_check -s exit:0 -o ignore rump.ping6 -n -i 0.1 -c 3 -X 1" 113 fi 114 115 $ping $ip 116} 117 118check_ping_fail() 119{ 120 local proto=$1 121 local ip=$2 122 local ping= 123 124 if [ $proto = inet ]; then 125 ping="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 126 else 127 ping="atf_check -s not-exit:0 -o ignore rump.ping6 -n -c 1 -X 1" 128 fi 129 130 $ping $ip 131} 132 133destroy_wg_interfaces() 134{ 135 local ifconfig="atf_check -s exit:0 rump.ifconfig" 136 137 export RUMP_SERVER=$SOCK_LOCAL 138 $ifconfig wg0 destroy 139 export RUMP_SERVER=$SOCK_PEER 140 $ifconfig wg0 destroy 141} 142 143add_peer() 144{ 145 local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 146 local ifname=$1 147 local peername=$2 148 local key=$3 149 local endpoint=$4 150 local allowedips=$5 151 local pskfile=$6 152 local key_psk="$7" 153 local pskopt= 154 local endpoint_opts= 155 156 if [ -n "$pskfile" ]; then 157 pskopt="--preshared-key=$pskfile" 158 fi 159 160 if [ -n "$endpoint" ]; then 161 endpoint_opts="--endpoint=$endpoint" 162 fi 163 164 $wgconfig $ifname add peer $peername $key $endpoint_opts \ 165 --allowed-ips=$allowedips $pskopt 166 atf_check -s exit:0 -o match:"allowed-ips: $allowedips" \ 167 $HIJACKING wgconfig $ifname show peer $peername 168 if [ -n "$key_psk" ]; then 169 atf_check -s exit:0 \ 170 -o match:"preshared-key: $(escape_key $key_psk)" \ 171 $HIJACKING wgconfig $ifname show peer $peername \ 172 --show-preshared-key 173 else 174 atf_check -s exit:0 -o match:"preshared-key: \(none\)" \ 175 $HIJACKING wgconfig $ifname show peer $peername \ 176 --show-preshared-key 177 fi 178} 179 180delete_peer() 181{ 182 local wgconfig="atf_check -s exit:0 $HIJACKING wgconfig" 183 local ifname=$1 184 local peername=$2 185 186 $wgconfig $ifname delete peer $peername 187 atf_check -s exit:0 -o not-match:"peer: $peername" \ 188 $HIJACKING wgconfig $ifname 189} 190 191generate_keys() 192{ 193 194 key_priv_local=$(wg-keygen) 195 key_pub_local=$(echo $key_priv_local| wg-keygen --pub) 196 key_priv_peer=$(wg-keygen) 197 key_pub_peer=$(echo $key_priv_peer| wg-keygen --pub) 198 199 export key_priv_local key_pub_local key_priv_peer key_pub_peer 200} 201