1# $NetBSD: t_misc.sh,v 1.16 2024/08/26 17:52:46 riastradh Exp $ 2# 3# Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com> 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25# POSSIBILITY OF SUCH DAMAGE. 26# 27 28BUS=bus 29SOCK_LOCAL=unix://wg_local 30SOCK_PEER=unix://wg_peer 31 32 33atf_test_case wg_rekey cleanup 34wg_rekey_head() 35{ 36 37 atf_set "descr" "tests of rekeying of wg(4)" 38 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 39} 40 41wg_rekey_body() 42{ 43 local ifconfig="atf_check -s exit:0 rump.ifconfig" 44 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1" 45 local ip_local=192.168.1.1 46 local ip_peer=192.168.1.2 47 local ip_wg_local=10.0.0.1 48 local ip_wg_peer=10.0.0.2 49 local port=51820 50 local rekey_after_time=3 51 local latest_handshake= 52 53 setup_servers 54 55 export RUMP_SERVER=$SOCK_LOCAL 56 atf_check -s exit:0 -o ignore \ 57 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 58 $DEBUG && atf_check -s exit:0 -o ignore \ 59 rump.sysctl -w net.wg.debug=-1 60 export RUMP_SERVER=$SOCK_PEER 61 atf_check -s exit:0 -o ignore \ 62 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 63 $DEBUG && atf_check -s exit:0 -o ignore \ 64 rump.sysctl -w net.wg.debug=-1 65 66 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 67 generate_keys 68 69 export RUMP_SERVER=$SOCK_LOCAL 70 setup_common shmif0 inet $ip_local 24 71 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 72 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 73 $ifconfig -w 10 74 75 export RUMP_SERVER=$SOCK_PEER 76 setup_common shmif0 inet $ip_peer 24 77 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 78 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 79 $ifconfig -w 10 80 81 export RUMP_SERVER=$SOCK_LOCAL 82 83 echo ping1time=$(date) 84 $ping $ip_wg_peer 85 86 latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \ 87 | awk -F ': ' '/latest-handshake/ {print $2;}') 88 $DEBUG && echo handshake1=$latest_handshake 89 90 sleep 1 91 92 echo ping2time=$(date) 93 $ping $ip_wg_peer 94 95 # No reinitiation is performed 96 atf_check -s exit:0 -o match:"$latest_handshake" \ 97 $HIJACKING wgconfig wg0 show peer peer0 98 99 # Wait for a reinitiation to be performed 100 sleep $rekey_after_time 101 102 echo ping3time=$(date) 103 $ping $ip_wg_peer 104 105 # A reinitiation should be performed 106 atf_check -s exit:0 -o not-match:"$latest_handshake" \ 107 $HIJACKING wgconfig wg0 show peer peer0 108 109 latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \ 110 | awk -F ': ' '/latest-handshake/ {print $2;}') 111 $DEBUG && echo handshake2=$latest_handshake 112 113 # Wait for a reinitiation to be performed again 114 sleep $((rekey_after_time+1)) 115 116 echo ping4time=$(date) 117 $ping $ip_wg_peer 118 119 # A reinitiation should be performed 120 atf_check -s exit:0 -o not-match:"$latest_handshake" \ 121 $HIJACKING wgconfig wg0 show peer peer0 122 123 destroy_wg_interfaces 124} 125 126wg_rekey_cleanup() 127{ 128 129 $DEBUG && dump 130 cleanup 131} 132 133atf_test_case wg_handshake_timeout cleanup 134wg_handshake_timeout_head() 135{ 136 137 atf_set "descr" "tests of handshake timeout of wg(4)" 138 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 139} 140 141wg_handshake_timeout_body() 142{ 143 local ifconfig="atf_check -s exit:0 rump.ifconfig" 144 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1" 145 local ip_local=192.168.1.1 146 local ip_peer=192.168.1.2 147 local ip_wg_local=10.0.0.1 148 local ip_wg_peer=10.0.0.2 149 local port=51820 150 local outfile=./out 151 local rekey_timeout=4 152 local rekey_attempt_time=10 153 local n= 154 155 setup_servers 156 157 export RUMP_SERVER=$SOCK_LOCAL 158 atf_check -s exit:0 -o ignore \ 159 rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout 160 atf_check -s exit:0 -o ignore \ 161 rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time 162 export RUMP_SERVER=$SOCK_PEER 163 atf_check -s exit:0 -o ignore \ 164 rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout 165 atf_check -s exit:0 -o ignore \ 166 rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time 167 168 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 169 generate_keys 170 171 export RUMP_SERVER=$SOCK_LOCAL 172 setup_common shmif0 inet $ip_local 24 173 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 174 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 175 $ifconfig -w 10 176 177 export RUMP_SERVER=$SOCK_PEER 178 setup_common shmif0 inet $ip_peer 24 179 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 180 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 181 $ifconfig -w 10 182 183 # Resolve arp 184 export RUMP_SERVER=$SOCK_LOCAL 185 $ping $ip_peer 186 187 export RUMP_SERVER=$SOCK_PEER 188 $ifconfig shmif0 down 189 export RUMP_SERVER=$SOCK_LOCAL 190 191 extract_new_packets $BUS > $outfile 192 193 # Should fail 194 atf_check -s not-exit:0 -o match:'100.0% packet loss' \ 195 rump.ping -n -c 1 -w 1 $ip_wg_peer 196 197 sleep $((rekey_attempt_time + rekey_timeout)) 198 199 extract_new_packets $BUS > $outfile 200 $DEBUG && cat $outfile 201 202 n=$(grep "$ip_local.$port > $ip_peer.$port" $outfile |wc -l) 203 204 # Give up handshaking after three attempts 205 atf_check_equal $n 3 206 207 export RUMP_SERVER=$SOCK_PEER 208 $ifconfig shmif0 up 209 export RUMP_SERVER=$SOCK_LOCAL 210 211 destroy_wg_interfaces 212} 213 214wg_handshake_timeout_cleanup() 215{ 216 217 $DEBUG && dump 218 cleanup 219} 220 221atf_test_case wg_cookie cleanup 222wg_cookie_head() 223{ 224 225 atf_set "descr" "tests of cookie messages of the wg(4) protocol" 226 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 227} 228 229wg_cookie_body() 230{ 231 local ifconfig="atf_check -s exit:0 rump.ifconfig" 232 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 233 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 234 local ip_local=192.168.1.1 235 local ip_peer=192.168.1.2 236 local ip_wg_local=10.0.0.1 237 local ip_wg_peer=10.0.0.2 238 local port=51820 239 local outfile=./out 240 local rekey_timeout=5 241 242 setup_servers 243 244 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 245 generate_keys 246 247 export RUMP_SERVER=$SOCK_LOCAL 248 setup_common shmif0 inet $ip_local 24 249 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 250 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 251 $ifconfig -w 10 252 253 export RUMP_SERVER=$SOCK_PEER 254 setup_common shmif0 inet $ip_peer 24 255 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 256 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 257 $ifconfig -w 10 258 259 export RUMP_SERVER=$SOCK_PEER 260 # Emulate load on the peer 261 atf_check -s exit:0 -o ignore \ 262 rump.sysctl -w net.wg.force_underload=1 263 264 export RUMP_SERVER=$SOCK_LOCAL 265 266 extract_new_packets $BUS > $outfile 267 $DEBUG && cat $outfile 268 269 # The peer doesn't return a response message but a cookie message 270 # and a session doesn't start 271 $ping_fail $ip_wg_peer 272 273 extract_new_packets $BUS > $outfile 274 $DEBUG && cat $outfile 275 # XXX length 64 indicates the message is a cookie message 276 atf_check -s exit:0 \ 277 -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 64" \ 278 cat $outfile 279 280 $DEBUG && $HIJACKING wgconfig wg0 show all 281 atf_check -s exit:0 -o match:"latest-handshake: \(never\)" \ 282 $HIJACKING wgconfig wg0 283 284 # Wait for restarting a session 285 sleep $rekey_timeout 286 287 # The second attempt should be success because the init message has 288 # a valid cookie. 289 $ping $ip_wg_peer 290 291 $DEBUG && $HIJACKING wgconfig wg0 show all 292 atf_check -s exit:0 -o not-match:"latest-handshake: \(never\)" \ 293 $HIJACKING wgconfig wg0 294 295 destroy_wg_interfaces 296} 297 298wg_cookie_cleanup() 299{ 300 301 $DEBUG && dump 302 cleanup 303} 304 305atf_test_case wg_mobility cleanup 306wg_mobility_head() 307{ 308 309 atf_set "descr" "tests of the mobility of wg(4)" 310 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 311} 312 313wg_mobility_body() 314{ 315 local ifconfig="atf_check -s exit:0 rump.ifconfig" 316 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 317 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 318 local ip_local=192.168.1.1 319 local ip_peer=192.168.1.2 320 local ip_peer_new=192.168.1.3 321 local ip_wg_local=10.0.0.1 322 local ip_wg_peer=10.0.0.2 323 local port=51820 324 local outfile=./out 325 326 setup_servers 327 328 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 329 generate_keys 330 331 export RUMP_SERVER=$SOCK_LOCAL 332 setup_common shmif0 inet $ip_local 24 333 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 334 # Initially, the local doesn't know the endpoint of the peer 335 add_peer wg0 peer0 $key_pub_peer "" $ip_wg_peer/32 336 $ifconfig -w 10 337 338 export RUMP_SERVER=$SOCK_PEER 339 setup_common shmif0 inet $ip_peer 24 340 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 341 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 342 $ifconfig -w 10 343 344 extract_new_packets $BUS > $outfile 345 $DEBUG && cat $outfile 346 347 # Ping from the local to the peer doesn't work because the local 348 # doesn't know the endpoint of the peer 349 export RUMP_SERVER=$SOCK_LOCAL 350 $ping_fail $ip_wg_peer 351 352 extract_new_packets $BUS > $outfile 353 $DEBUG && cat $outfile 354 355 export RUMP_SERVER=$SOCK_PEER 356 $ping $ip_wg_local 357 358 extract_new_packets $BUS > $outfile 359 $DEBUG && cat $outfile 360 361 atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile 362 363 # Change the IP address of the peer 364 setup_common shmif0 inet $ip_peer_new 24 365 $ifconfig -w 10 366 367 # Ping from the local to the peer doesn't work because the local 368 # doesn't know the change of the IP address of the peer 369 export RUMP_SERVER=$SOCK_LOCAL 370 $ping_fail $ip_wg_peer 371 372 extract_new_packets $BUS > $outfile 373 $DEBUG && cat $outfile 374 375 atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile 376 377 # Ping from the peer to the local works because the local notices 378 # the change and updates the IP address of the peer 379 export RUMP_SERVER=$SOCK_PEER 380 $ping $ip_wg_local 381 382 extract_new_packets $BUS > $outfile 383 $DEBUG && cat $outfile 384 385 atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer_new.$port" cat $outfile 386 atf_check -s exit:0 -o match:"$ip_peer_new.$port > $ip_local.$port" cat $outfile 387 atf_check -s exit:0 -o not-match:"$ip_local.$port > $ip_peer.$port" cat $outfile 388 389 destroy_wg_interfaces 390} 391 392wg_mobility_cleanup() 393{ 394 395 $DEBUG && dump 396 cleanup 397} 398 399atf_test_case wg_keepalive cleanup 400wg_keepalive_head() 401{ 402 403 atf_set "descr" "tests keepalive messages" 404 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 405} 406 407wg_keepalive_body() 408{ 409 local ifconfig="atf_check -s exit:0 rump.ifconfig" 410 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 411 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 412 local ip_local=192.168.1.1 413 local ip_peer=192.168.1.2 414 local ip_peer_new=192.168.1.3 415 local ip_wg_local=10.0.0.1 416 local ip_wg_peer=10.0.0.2 417 local port=51820 418 local outfile=./out 419 local keepalive_timeout=3 420 421 setup_servers 422 423 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 424 generate_keys 425 426 export RUMP_SERVER=$SOCK_LOCAL 427 setup_common shmif0 inet $ip_local 24 428 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 429 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 430 $ifconfig -w 10 431 432 export RUMP_SERVER=$SOCK_PEER 433 setup_common shmif0 inet $ip_peer 24 434 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 435 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 436 $ifconfig -w 10 437 438 # Shorten keepalive_timeout of the peer 439 atf_check -s exit:0 -o ignore \ 440 rump.sysctl -w net.wg.keepalive_timeout=$keepalive_timeout 441 442 export RUMP_SERVER=$SOCK_LOCAL 443 444 extract_new_packets $BUS > $outfile 445 $DEBUG && cat $outfile 446 447 $ping $ip_wg_peer 448 449 extract_new_packets $BUS > $outfile 450 $DEBUG && cat $outfile 451 452 sleep $((keepalive_timeout + 1)) 453 454 $ping $ip_wg_peer 455 456 extract_new_packets $BUS > $outfile 457 $DEBUG && cat $outfile 458 459 # XXX length 32 indicates the message is a keepalive (empty) message 460 atf_check -s exit:0 -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 32" \ 461 cat $outfile 462 463 destroy_wg_interfaces 464} 465 466wg_keepalive_cleanup() 467{ 468 469 $DEBUG && dump 470 cleanup 471} 472 473atf_test_case wg_psk cleanup 474wg_psk_head() 475{ 476 477 atf_set "descr" "tests preshared-key" 478 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 479} 480 481test_psk_common() 482{ 483} 484 485wg_psk_body() 486{ 487 local ifconfig="atf_check -s exit:0 rump.ifconfig" 488 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 489 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 490 local ip_local=192.168.1.1 491 local ip_peer=192.168.1.2 492 local ip_peer_new=192.168.1.3 493 local ip_wg_local=10.0.0.1 494 local ip_wg_peer=10.0.0.2 495 local port=51820 496 local outfile=./out 497 local pskfile=./psk 498 local rekey_after_time=3 499 500 setup_servers 501 502 export RUMP_SERVER=$SOCK_LOCAL 503 atf_check -s exit:0 -o ignore \ 504 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 505 export RUMP_SERVER=$SOCK_PEER 506 atf_check -s exit:0 -o ignore \ 507 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 508 509 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 510 generate_keys 511 key_psk=$(wg-keygen --psk) 512 $DEBUG && echo $key_psk 513 514 export RUMP_SERVER=$SOCK_LOCAL 515 setup_common shmif0 inet $ip_local 24 516 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 517 518 export RUMP_SERVER=$SOCK_PEER 519 setup_common shmif0 inet $ip_peer 24 520 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 521 522 echo "$key_psk" > $pskfile 523 524 export RUMP_SERVER=$SOCK_LOCAL 525 526 # The local always has the preshared key 527 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 \ 528 $pskfile "$key_psk" 529 $ifconfig -w 10 530 531 export RUMP_SERVER=$SOCK_PEER 532 533 # First, try the peer without the preshared key 534 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 535 $ifconfig -w 10 536 537 export RUMP_SERVER=$SOCK_LOCAL 538 539 extract_new_packets $BUS > $outfile 540 $DEBUG && cat $outfile 541 542 $ping_fail $ip_wg_peer 543 544 extract_new_packets $BUS > $outfile 545 $DEBUG && cat $outfile 546 547 # Next, try with the preshared key 548 export RUMP_SERVER=$SOCK_PEER 549 delete_peer wg0 peer0 550 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 \ 551 $pskfile "$key_psk" 552 $ifconfig -w 10 553 554 # Need a rekey 555 atf_check -s exit:0 sleep $((rekey_after_time + 1)) 556 557 export RUMP_SERVER=$SOCK_LOCAL 558 559 extract_new_packets $BUS > $outfile 560 $DEBUG && cat $outfile 561 562 $ping $ip_wg_peer 563 564 extract_new_packets $BUS > $outfile 565 $DEBUG && cat $outfile 566 567 # Then, try again without the preshared key just in case 568 export RUMP_SERVER=$SOCK_PEER 569 delete_peer wg0 peer0 570 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 571 $ifconfig -w 10 572 573 # Need a rekey 574 atf_check -s exit:0 sleep $((rekey_after_time + 1)) 575 576 export RUMP_SERVER=$SOCK_LOCAL 577 $ping_fail $ip_wg_peer 578 579 rm -f $pskfile 580 581 destroy_wg_interfaces 582} 583 584wg_psk_cleanup() 585{ 586 587 $DEBUG && dump 588 cleanup 589} 590 591atf_test_case wg_malformed cleanup 592wg_malformed_head() 593{ 594 595 atf_set "descr" "tests malformed packet headers" 596 atf_set "require.progs" "nc" "rump_server" "wgconfig" "wg-keygen" 597 atf_set "timeout" "100" 598} 599 600wg_malformed_body() 601{ 602 local ifconfig="atf_check -s exit:0 rump.ifconfig" 603 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1" 604 local ip_local=192.168.1.1 605 local ip_peer=192.168.1.2 606 local ip_wg_local=10.0.0.1 607 local ip_wg_peer=10.0.0.2 608 local port=51820 609 setup_servers 610 611 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 612 generate_keys 613 614 export RUMP_SERVER=$SOCK_LOCAL 615 setup_common shmif0 inet $ip_local 24 616 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 617 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 618 $ifconfig -w 10 619 620 export RUMP_SERVER=$SOCK_PEER 621 setup_common shmif0 inet $ip_peer 24 622 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 623 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 624 $ifconfig -w 10 625 626 export RUMP_SERVER=$SOCK_LOCAL 627 628 $ping $ip_wg_peer 629 630 printf 'send malformed packets\n' 631 632 $HIJACKING ping -c 1 -n $ip_peer 633 634 printf 'x' | $HIJACKING nc -Nu -w 0 $ip_peer $port 635 printf 'xy' | $HIJACKING nc -Nu -w 0 $ip_peer $port 636 printf 'xyz' | $HIJACKING nc -Nu -w 0 $ip_peer $port 637 printf 'xyzw' | $HIJACKING nc -Nu -w 0 $ip_peer $port 638 printf '\x00\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 639 printf '\x00\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 640 printf '\x01\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 641 printf '\x01\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 642 printf '\x02\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 643 printf '\x02\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 644 printf '\x03\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 645 printf '\x03\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 646 printf '\x04\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 647 printf '\x04\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 648 649 printf 'done sending malformed packets\n' 650 651 $ping $ip_wg_peer 652} 653 654wg_malformed_cleanup() 655{ 656 657 $DEBUG && dump 658 cleanup 659} 660 661atf_init_test_cases() 662{ 663 664 atf_add_test_case wg_rekey 665 atf_add_test_case wg_handshake_timeout 666 atf_add_test_case wg_cookie 667 atf_add_test_case wg_mobility 668 atf_add_test_case wg_keepalive 669 atf_add_test_case wg_psk 670 atf_add_test_case wg_malformed 671} 672