xref: /netbsd-src/tests/net/if_wg/t_basic.sh (revision e7ac2a8b5bd66fa2e050809de09a075c36a7014d) 
1#	$NetBSD: t_basic.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $
2#
3# Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com>
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25# POSSIBILITY OF SUCH DAMAGE.
26#
27
28BUS=bus
29SOCK_LOCAL=unix://wg_local
30SOCK_PEER=unix://wg_peer
31SOCK_PEER2=unix://wg_peer2
32
33
34check_ping_payload()
35{
36	local proto=$1
37	local ip=$2
38	local ping= size=
39
40	if [ $proto = inet ]; then
41		ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1"
42	else
43		ping="atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X 1"
44	fi
45
46	for size in $(seq 1 100) $(seq 450 550) $(seq 1400 1500); do
47		$ping -s $size $ip
48	done
49}
50
51test_common()
52{
53	local type=$1
54	local outer_proto=$2
55	local inner_proto=$3
56	local ifconfig="atf_check -s exit:0 rump.ifconfig"
57	local port=51820
58	local ip_local= ip_peer=
59	local ip_wg_local= ip_wg_peer=
60	local outer_prefix= outer_prefixall=
61	local inner_prefix= inner_prefixall=
62
63	if [ $outer_proto = inet ]; then
64		ip_local=192.168.1.1
65		ip_peer=192.168.1.2
66		outer_prefix=24
67		outer_prefixall=32
68	else
69		ip_local=fc00::1
70		ip_peer=fc00::2
71		outer_prefix=64
72		outer_prefixall=128
73	fi
74
75	if [ $inner_proto = inet ]; then
76		ip_wg_local=10.0.0.1
77		ip_wg_peer=10.0.0.2
78		inner_prefix=24
79		inner_prefixall=32
80	else
81		ip_wg_local=fd00::1
82		ip_wg_peer=fd00::2
83		inner_prefix=64
84		inner_prefixall=128
85	fi
86
87	setup_servers
88
89	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
90	generate_keys
91
92	export RUMP_SERVER=$SOCK_LOCAL
93	setup_common shmif0 $outer_proto $ip_local $outer_prefix
94	setup_wg_common wg0 $inner_proto $ip_wg_local $inner_prefix $port "$key_priv_local"
95
96	export RUMP_SERVER=$SOCK_PEER
97	setup_common shmif0 $outer_proto $ip_peer $outer_prefix
98	setup_wg_common wg0 $inner_proto $ip_wg_peer $inner_prefix $port "$key_priv_peer"
99
100	export RUMP_SERVER=$SOCK_LOCAL
101	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/$inner_prefixall
102
103	export RUMP_SERVER=$SOCK_PEER
104	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/$inner_prefixall
105
106	if [ $type = basic ]; then
107		export RUMP_SERVER=$SOCK_LOCAL
108		check_ping $inner_proto $ip_wg_peer
109	elif [ $type = payload ]; then
110		export RUMP_SERVER=$SOCK_LOCAL
111		check_ping_payload $inner_proto $ip_wg_peer
112	fi
113
114	destroy_wg_interfaces
115}
116
117atf_test_case wg_create_destroy cleanup
118wg_create_destroy_head()
119{
120
121	atf_set "descr" "tests to create/destroy wg(4) interfaces"
122	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
123}
124
125wg_create_destroy_body()
126{
127
128	rump_server_crypto_start $SOCK_LOCAL netinet6 wg
129
130	test_create_destroy_common $SOCK_LOCAL wg0 true
131}
132
133wg_create_destroy_cleanup()
134{
135
136	$DEBUG && dump
137	cleanup
138}
139
140wg_create_destroy_peers_common()
141{
142	local proto=$1
143	local ifconfig="atf_check -s exit:0 rump.ifconfig"
144	local port=51820
145	local ip_local= ip_peer=
146	local ip_wg_local= ip_wg_peer=
147	local outer_prefix= outer_prefixall=
148	local inner_prefix= inner_prefixall=
149
150	if [ $proto = inet ]; then
151		ip_local=192.168.1.1
152		ip_peer=192.168.1.2
153		outer_prefix=24
154		outer_prefixall=32
155		ip_wg_local=10.0.0.1
156		ip_wg_peer=10.0.0.2
157		inner_prefix=24
158		inner_prefixall=32
159	else
160		ip_local=fc00::1
161		ip_peer=fc00::2
162		outer_prefix=64
163		outer_prefixall=128
164		ip_wg_local=fd00::1
165		ip_wg_peer=fd00::2
166		inner_prefix=64
167		inner_prefixall=128
168	fi
169
170	rump_server_crypto_start $SOCK_LOCAL netinet6 wg
171	rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
172
173	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
174	generate_keys
175
176	export RUMP_SERVER=$SOCK_LOCAL
177	setup_common shmif0 $proto $ip_local $outer_prefix
178	setup_wg_common wg0 $proto $ip_wg_local $inner_prefix $port "$key_priv_local"
179
180	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/$inner_prefixall
181
182	delete_peer wg0 peer0
183}
184
185atf_test_case wg_create_destroy_peers_ipv4 cleanup
186wg_create_destroy_peers_ipv4_head()
187{
188
189	atf_set "descr" "tests to create/destroy peers (IPv4)"
190	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
191}
192
193wg_create_destroy_peers_ipv4_body()
194{
195
196	wg_create_destroy_peers_common inet
197}
198
199wg_create_destroy_peers_ipv4_cleanup()
200{
201
202	$DEBUG && dump
203	cleanup
204}
205
206atf_test_case wg_create_destroy_peers_ipv6 cleanup
207wg_create_destroy_peers_ipv6_head()
208{
209
210	atf_set "descr" "tests to create/destroy peers (IPv6)"
211	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
212}
213
214wg_create_destroy_peers_ipv6_body()
215{
216
217	wg_create_destroy_peers_common inet6
218}
219
220wg_create_destroy_peers_ipv6_cleanup()
221{
222
223	$DEBUG && dump
224	cleanup
225}
226
227add_basic_test()
228{
229	local inner=$1
230	local outer=$2
231	local ipv4=inet
232	local ipv6=inet6
233
234	name="wg_basic_${inner}_over_${outer}"
235	fulldesc="Test wg(4) with ${inner} over ${outer}"
236
237	eval inner=\$$inner
238	eval outer=\$$outer
239
240	atf_test_case ${name} cleanup
241	eval "
242		${name}_head() {
243			atf_set descr \"${fulldesc}\"
244			atf_set require.progs rump_server wgconfig wg-keygen
245		}
246		${name}_body() {
247			test_common basic $outer $inner
248			rump_server_destroy_ifaces
249		}
250		${name}_cleanup() {
251			\$DEBUG && dump
252			cleanup
253		}"
254	atf_add_test_case ${name}
255}
256
257add_payload_sizes_test()
258{
259	local inner=$1
260	local outer=$2
261	local ipv4=inet
262	local ipv6=inet6
263
264	name="wg_payload_sizes_${inner}_over_${outer}"
265	fulldesc="Test wg(4) with ${inner} over ${outer} with various payload sizes"
266
267	eval inner=\$$inner
268	eval outer=\$$outer
269
270	atf_test_case ${name} cleanup
271	eval "
272		${name}_head() {
273			atf_set descr \"${fulldesc}\"
274			atf_set require.progs rump_server wgconfig wg-keygen
275		}
276		${name}_body() {
277			test_common payload $outer $inner
278			rump_server_destroy_ifaces
279		}
280		${name}_cleanup() {
281			\$DEBUG && dump
282			cleanup
283		}"
284	atf_add_test_case ${name}
285}
286
287atf_test_case wg_multiple_interfaces cleanup
288wg_multiple_interfaces_head()
289{
290
291	atf_set "descr" "tests multiple wg(4) interfaces"
292	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
293}
294
295wg_multiple_interfaces_body()
296{
297	local ifconfig="atf_check -s exit:0 rump.ifconfig"
298	local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
299	local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
300	local key_priv_peer2=
301	local key_pub_peer2=
302	local ip_local=192.168.1.1
303	local ip_local2=192.168.2.1
304	local ip_peer=192.168.1.2
305	local ip_peer2=192.168.2.2
306	local ip_wg_local=10.0.0.1
307	local ip_wg_local2=10.0.1.1
308	local ip_wg_peer=10.0.0.2
309	local ip_wg_peer2=10.0.1.2
310	local port=51820
311	local port2=51821
312	local outfile=./out
313
314	setup_servers
315	rump_server_add_iface $SOCK_LOCAL shmif1 $BUS
316
317	rump_server_crypto_start $SOCK_PEER2 netinet6 wg
318	rump_server_add_iface $SOCK_PEER2 shmif0 $BUS
319
320	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
321	generate_keys
322	key_priv_peer2=$(wg-keygen)
323	key_pub_peer2=$(echo $key_priv_peer2| wg-keygen --pub)
324
325	export RUMP_SERVER=$SOCK_LOCAL
326	setup_common shmif0 inet $ip_local 24
327	setup_common shmif1 inet $ip_local2 24
328	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
329	setup_wg_common wg1 inet $ip_wg_local2 24 $port2 "$key_priv_local"
330
331	export RUMP_SERVER=$SOCK_PEER
332	setup_common shmif0 inet $ip_peer 24
333	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
334
335	export RUMP_SERVER=$SOCK_PEER2
336	setup_common shmif0 inet $ip_peer2 24
337	setup_wg_common wg0 inet $ip_wg_peer2 24 $port2 "$key_priv_peer2"
338
339	export RUMP_SERVER=$SOCK_LOCAL
340	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
341	add_peer wg1 peer0 $key_pub_peer2 $ip_peer2:$port2 $ip_wg_peer2/32
342
343	export RUMP_SERVER=$SOCK_PEER
344	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
345
346	export RUMP_SERVER=$SOCK_PEER2
347	add_peer wg0 peer0 $key_pub_local $ip_local2:$port2 $ip_wg_local2/32
348
349	export RUMP_SERVER=$SOCK_LOCAL
350
351	extract_new_packets $BUS > $outfile
352	$DEBUG && cat $outfile
353
354	$ping $ip_wg_peer
355
356	extract_new_packets $BUS > $outfile
357	$DEBUG && cat $outfile
358
359	$ping $ip_wg_peer2
360
361	extract_new_packets $BUS > $outfile
362	$DEBUG && cat $outfile
363
364	export RUMP_SERVER=$SOCK_LOCAL
365	$ifconfig wg0 destroy
366	$ifconfig wg1 destroy
367	export RUMP_SERVER=$SOCK_PEER
368	$ifconfig wg0 destroy
369	export RUMP_SERVER=$SOCK_PEER2
370	$ifconfig wg0 destroy
371}
372
373wg_multiple_interfaces_cleanup()
374{
375
376	$DEBUG && dump
377	cleanup
378}
379
380atf_test_case wg_multiple_peers cleanup
381wg_multiple_peers_head()
382{
383
384	atf_set "descr" "tests multiple wg(4) peers"
385	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
386}
387
388wg_multiple_peers_body()
389{
390	local ifconfig="atf_check -s exit:0 rump.ifconfig"
391	local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
392	local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
393	local key_priv_peer2=
394	local key_pub_peer2=
395	local ip_local=192.168.1.1
396	local ip_peer=192.168.1.2
397	local ip_peer2=192.168.1.3
398	local ip_wg_local=10.0.0.1
399	local ip_wg_peer=10.0.0.2
400	local ip_wg_peer2=10.0.0.3
401	local port=51820
402	local outfile=./out
403
404	setup_servers
405	rump_server_add_iface $SOCK_LOCAL shmif1 $BUS
406
407	rump_server_crypto_start $SOCK_PEER2 netinet6 wg
408	rump_server_add_iface $SOCK_PEER2 shmif0 $BUS
409
410	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
411	generate_keys
412	key_priv_peer2=$(wg-keygen)
413	key_pub_peer2=$(echo $key_priv_peer2| wg-keygen --pub)
414
415	export RUMP_SERVER=$SOCK_LOCAL
416	setup_common shmif0 inet $ip_local 24
417	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
418
419	export RUMP_SERVER=$SOCK_PEER
420	setup_common shmif0 inet $ip_peer 24
421	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
422
423	export RUMP_SERVER=$SOCK_PEER2
424	setup_common shmif0 inet $ip_peer2 24
425	setup_wg_common wg0 inet $ip_wg_peer2 24 $port "$key_priv_peer2"
426
427	export RUMP_SERVER=$SOCK_LOCAL
428	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
429	add_peer wg0 peer1 $key_pub_peer2 $ip_peer2:$port $ip_wg_peer2/32
430
431	export RUMP_SERVER=$SOCK_PEER
432	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
433
434	export RUMP_SERVER=$SOCK_PEER2
435	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
436
437	export RUMP_SERVER=$SOCK_LOCAL
438
439	extract_new_packets $BUS > $outfile
440	$DEBUG && cat $outfile
441
442	$ping $ip_wg_peer
443
444	extract_new_packets $BUS > $outfile
445	$DEBUG && cat $outfile
446
447	$ping $ip_wg_peer2
448
449	extract_new_packets $BUS > $outfile
450	$DEBUG && cat $outfile
451
452	export RUMP_SERVER=$SOCK_LOCAL
453	$ifconfig wg0 destroy
454	export RUMP_SERVER=$SOCK_PEER
455	$ifconfig wg0 destroy
456	export RUMP_SERVER=$SOCK_PEER2
457	$ifconfig wg0 destroy
458}
459
460wg_multiple_peers_cleanup()
461{
462
463	$DEBUG && dump
464	cleanup
465}
466
467atf_init_test_cases()
468{
469
470	add_basic_test ipv4 ipv4
471	add_basic_test ipv4 ipv6
472	add_basic_test ipv6 ipv4
473	add_basic_test ipv6 ipv6
474
475	add_payload_sizes_test ipv4 ipv4
476	add_payload_sizes_test ipv4 ipv6
477	add_payload_sizes_test ipv6 ipv4
478	add_payload_sizes_test ipv6 ipv6
479
480	atf_add_test_case wg_create_destroy
481	atf_add_test_case wg_create_destroy_peers_ipv4
482	atf_add_test_case wg_create_destroy_peers_ipv6
483	atf_add_test_case wg_multiple_interfaces
484	atf_add_test_case wg_multiple_peers
485}
486