xref: /netbsd-src/tests/net/if_wg/t_misc.sh (revision d16b7486a53dcb8072b60ec6fcb4373a2d0c27b7) 
1#	$NetBSD: t_misc.sh,v 1.12 2022/06/13 07:59:15 martin Exp $
2#
3# Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com>
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25# POSSIBILITY OF SUCH DAMAGE.
26#
27
28BUS=bus
29SOCK_LOCAL=unix://wg_local
30SOCK_PEER=unix://wg_peer
31
32
33atf_test_case wg_rekey cleanup
34wg_rekey_head()
35{
36
37	atf_set "descr" "tests of rekeying of wg(4)"
38	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
39}
40
41wg_rekey_body()
42{
43	local ifconfig="atf_check -s exit:0 rump.ifconfig"
44	local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1"
45	local ip_local=192.168.1.1
46	local ip_peer=192.168.1.2
47	local ip_wg_local=10.0.0.1
48	local ip_wg_peer=10.0.0.2
49	local port=51820
50	local rekey_after_time=3
51	local latest_handshake=
52
53	setup_servers
54
55	export RUMP_SERVER=$SOCK_LOCAL
56	atf_check -s exit:0 -o ignore \
57	    rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
58	export RUMP_SERVER=$SOCK_PEER
59	atf_check -s exit:0 -o ignore \
60	    rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
61
62	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
63	generate_keys
64
65	export RUMP_SERVER=$SOCK_LOCAL
66	setup_common shmif0 inet $ip_local 24
67	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
68	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
69	$ifconfig -w 10
70
71	export RUMP_SERVER=$SOCK_PEER
72	setup_common shmif0 inet $ip_peer 24
73	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
74	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
75	$ifconfig -w 10
76
77	export RUMP_SERVER=$SOCK_LOCAL
78
79	$ping $ip_wg_peer
80
81	latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \
82	    | awk -F ': ' '/latest-handshake/ {print $2;}')
83	$DEBUG && echo $latest_handshake
84
85	sleep 1
86
87	$ping $ip_wg_peer
88
89	atf_expect_fail "PR kern/56252"
90
91	# No reinitiation is performed
92	atf_check -s exit:0 -o match:"$latest_handshake" \
93	    $HIJACKING wgconfig wg0 show peer peer0
94
95	# Wait for a reinitiation to be performed
96	sleep $rekey_after_time
97
98	$ping $ip_wg_peer
99
100	# A reinitiation should be performed
101	atf_check -s exit:0 -o not-match:"$latest_handshake" \
102	    $HIJACKING wgconfig wg0 show peer peer0
103
104	latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \
105	    | awk -F ': ' '/latest-handshake/ {print $2;}')
106	$DEBUG && echo $latest_handshake
107
108	# Wait for a reinitiation to be performed again
109	sleep $((rekey_after_time+1))
110
111	$ping $ip_wg_peer
112
113	# A reinitiation should be performed
114	atf_check -s exit:0 -o not-match:"$latest_handshake" \
115	    $HIJACKING wgconfig wg0 show peer peer0
116
117	destroy_wg_interfaces
118
119	atf_fail "failed to trigger PR kern/56252"
120}
121
122wg_rekey_cleanup()
123{
124
125	$DEBUG && dump
126	cleanup
127}
128
129atf_test_case wg_handshake_timeout cleanup
130wg_handshake_timeout_head()
131{
132
133	atf_set "descr" "tests of handshake timeout of wg(4)"
134	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
135}
136
137wg_handshake_timeout_body()
138{
139	local ifconfig="atf_check -s exit:0 rump.ifconfig"
140	local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1"
141	local ip_local=192.168.1.1
142	local ip_peer=192.168.1.2
143	local ip_wg_local=10.0.0.1
144	local ip_wg_peer=10.0.0.2
145	local port=51820
146	local rekey_after_time=3
147	local outfile=./out
148	local rekey_timeout=3
149	local rekey_attempt_time=8
150	local n=
151
152	setup_servers
153
154	export RUMP_SERVER=$SOCK_LOCAL
155	atf_check -s exit:0 -o ignore \
156	    rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout
157	atf_check -s exit:0 -o ignore \
158	    rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time
159	export RUMP_SERVER=$SOCK_PEER
160	atf_check -s exit:0 -o ignore \
161	    rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout
162	atf_check -s exit:0 -o ignore \
163	    rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time
164
165	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
166	generate_keys
167
168	export RUMP_SERVER=$SOCK_LOCAL
169	setup_common shmif0 inet $ip_local 24
170	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
171	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
172	$ifconfig -w 10
173
174	export RUMP_SERVER=$SOCK_PEER
175	setup_common shmif0 inet $ip_peer 24
176	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
177	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
178	$ifconfig -w 10
179
180	# Resolve arp
181	export RUMP_SERVER=$SOCK_LOCAL
182	$ping $ip_peer
183
184	export RUMP_SERVER=$SOCK_PEER
185	$ifconfig shmif0 down
186	export RUMP_SERVER=$SOCK_LOCAL
187
188	extract_new_packets $BUS > $outfile
189
190	# Should fail
191	atf_check -s not-exit:0 -o match:'100.0% packet loss' \
192	    rump.ping -n -c 1 -w 1 $ip_wg_peer
193
194	sleep $((rekey_attempt_time + rekey_timeout))
195
196	extract_new_packets $BUS > $outfile
197	$DEBUG && cat $outfile
198
199	n=$(grep "$ip_local.$port > $ip_peer.$port" $outfile |wc -l)
200
201	atf_expect_fail "PR kern/56252"
202
203	# Give up handshaking after three attempts
204	atf_check_equal $n 3
205
206	export RUMP_SERVER=$SOCK_PEER
207	$ifconfig shmif0 up
208	export RUMP_SERVER=$SOCK_LOCAL
209
210	destroy_wg_interfaces
211
212	atf_fail "failed to trigger PR kern/56252"
213}
214
215wg_handshake_timeout_cleanup()
216{
217
218	$DEBUG && dump
219	cleanup
220}
221
222atf_test_case wg_cookie cleanup
223wg_cookie_head()
224{
225
226	atf_set "descr" "tests of cookie messages of the wg(4) protocol"
227	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
228}
229
230wg_cookie_body()
231{
232	local ifconfig="atf_check -s exit:0 rump.ifconfig"
233	local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
234	local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
235	local ip_local=192.168.1.1
236	local ip_peer=192.168.1.2
237	local ip_wg_local=10.0.0.1
238	local ip_wg_peer=10.0.0.2
239	local port=51820
240	local outfile=./out
241	local rekey_timeout=5
242
243	setup_servers
244
245	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
246	generate_keys
247
248	export RUMP_SERVER=$SOCK_LOCAL
249	setup_common shmif0 inet $ip_local 24
250	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
251	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
252	$ifconfig -w 10
253
254	export RUMP_SERVER=$SOCK_PEER
255	setup_common shmif0 inet $ip_peer 24
256	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
257	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
258	$ifconfig -w 10
259
260	export RUMP_SERVER=$SOCK_PEER
261	# Emulate load on the peer
262	atf_check -s exit:0 -o ignore \
263	    rump.sysctl -w net.wg.force_underload=1
264
265	export RUMP_SERVER=$SOCK_LOCAL
266
267	extract_new_packets $BUS > $outfile
268	$DEBUG && cat $outfile
269
270	# The peer doesn't return a response message but a cookie message
271	# and a session doesn't start
272	$ping_fail $ip_wg_peer
273
274	atf_expect_fail "PR kern/56252"
275
276	extract_new_packets $BUS > $outfile
277	$DEBUG && cat $outfile
278	# XXX length 64 indicates the message is a cookie message
279	atf_check -s exit:0 \
280	    -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 64" \
281	    cat $outfile
282
283	$DEBUG && $HIJACKING wgconfig wg0 show all
284	atf_check -s exit:0 -o match:"latest-handshake: \(never\)" \
285	    $HIJACKING wgconfig wg0
286
287	# Wait for restarting a session
288	sleep $rekey_timeout
289
290	# The second attempt should be success because the init message has
291	# a valid cookie.
292	$ping $ip_wg_peer
293
294	$DEBUG && $HIJACKING wgconfig wg0 show all
295	atf_check -s exit:0 -o not-match:"latest-handshake: \(never\)" \
296	    $HIJACKING wgconfig wg0
297
298	destroy_wg_interfaces
299
300	atf_fail "failed to trigger PR kern/56252"
301}
302
303wg_cookie_cleanup()
304{
305
306	$DEBUG && dump
307	cleanup
308}
309
310atf_test_case wg_mobility cleanup
311wg_mobility_head()
312{
313
314	atf_set "descr" "tests of the mobility of wg(4)"
315	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
316}
317
318wg_mobility_body()
319{
320	local ifconfig="atf_check -s exit:0 rump.ifconfig"
321	local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
322	local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
323	local ip_local=192.168.1.1
324	local ip_peer=192.168.1.2
325	local ip_peer_new=192.168.1.3
326	local ip_wg_local=10.0.0.1
327	local ip_wg_peer=10.0.0.2
328	local port=51820
329	local outfile=./out
330
331	setup_servers
332
333	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
334	generate_keys
335
336	export RUMP_SERVER=$SOCK_LOCAL
337	setup_common shmif0 inet $ip_local 24
338	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
339	# Initially, the local doesn't know the endpoint of the peer
340	add_peer wg0 peer0 $key_pub_peer "" $ip_wg_peer/32
341	$ifconfig -w 10
342
343	export RUMP_SERVER=$SOCK_PEER
344	setup_common shmif0 inet $ip_peer 24
345	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
346	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
347	$ifconfig -w 10
348
349	extract_new_packets $BUS > $outfile
350	$DEBUG && cat $outfile
351
352	# Ping from the local to the peer doesn't work because the local
353	# doesn't know the endpoint of the peer
354	export RUMP_SERVER=$SOCK_LOCAL
355	$ping_fail $ip_wg_peer
356
357	atf_expect_fail "PR kern/56252"
358
359	extract_new_packets $BUS > $outfile
360	$DEBUG && cat $outfile
361
362	export RUMP_SERVER=$SOCK_PEER
363	$ping $ip_wg_local
364
365	extract_new_packets $BUS > $outfile
366	$DEBUG && cat $outfile
367
368	atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile
369
370	# Change the IP address of the peer
371	setup_common shmif0 inet $ip_peer_new 24
372	$ifconfig -w 10
373
374	# Ping from the local to the peer doesn't work because the local
375	# doesn't know the change of the IP address of the peer
376	export RUMP_SERVER=$SOCK_LOCAL
377	$ping_fail $ip_wg_peer
378
379	extract_new_packets $BUS > $outfile
380	$DEBUG && cat $outfile
381
382	atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile
383
384	# Ping from the peer to the local works because the local notices
385	# the change and updates the IP address of the peer
386	export RUMP_SERVER=$SOCK_PEER
387	$ping $ip_wg_local
388
389	extract_new_packets $BUS > $outfile
390	$DEBUG && cat $outfile
391
392	atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer_new.$port" cat $outfile
393	atf_check -s exit:0 -o match:"$ip_peer_new.$port > $ip_local.$port" cat $outfile
394	atf_check -s exit:0 -o not-match:"$ip_local.$port > $ip_peer.$port" cat $outfile
395
396	destroy_wg_interfaces
397
398	atf_fail "failed to trigger PR kern/56252"
399}
400
401wg_mobility_cleanup()
402{
403
404	$DEBUG && dump
405	cleanup
406}
407
408atf_test_case wg_keepalive cleanup
409wg_keepalive_head()
410{
411
412	atf_set "descr" "tests keepalive messages"
413	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
414}
415
416wg_keepalive_body()
417{
418	local ifconfig="atf_check -s exit:0 rump.ifconfig"
419	local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
420	local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
421	local ip_local=192.168.1.1
422	local ip_peer=192.168.1.2
423	local ip_peer_new=192.168.1.3
424	local ip_wg_local=10.0.0.1
425	local ip_wg_peer=10.0.0.2
426	local port=51820
427	local outfile=./out
428	local keepalive_timeout=3
429
430	setup_servers
431
432	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
433	generate_keys
434
435	export RUMP_SERVER=$SOCK_LOCAL
436	setup_common shmif0 inet $ip_local 24
437	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
438	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
439	$ifconfig -w 10
440
441	export RUMP_SERVER=$SOCK_PEER
442	setup_common shmif0 inet $ip_peer 24
443	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
444	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
445	$ifconfig -w 10
446
447	# Shorten keepalive_timeout of the peer
448	atf_check -s exit:0 -o ignore \
449	    rump.sysctl -w net.wg.keepalive_timeout=$keepalive_timeout
450
451	export RUMP_SERVER=$SOCK_LOCAL
452
453	extract_new_packets $BUS > $outfile
454	$DEBUG && cat $outfile
455
456	$ping $ip_wg_peer
457
458	extract_new_packets $BUS > $outfile
459	$DEBUG && cat $outfile
460
461	sleep $((keepalive_timeout + 1))
462
463	$ping $ip_wg_peer
464
465	extract_new_packets $BUS > $outfile
466	$DEBUG && cat $outfile
467
468	# XXX length 32 indicates the message is a keepalive (empty) message
469	atf_check -s exit:0 -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 32" \
470	    cat $outfile
471
472	destroy_wg_interfaces
473}
474
475wg_keepalive_cleanup()
476{
477
478	$DEBUG && dump
479	cleanup
480}
481
482atf_test_case wg_psk cleanup
483wg_psk_head()
484{
485
486	atf_set "descr" "tests preshared-key"
487	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
488}
489
490test_psk_common()
491{
492}
493
494wg_psk_body()
495{
496	local ifconfig="atf_check -s exit:0 rump.ifconfig"
497	local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
498	local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
499	local ip_local=192.168.1.1
500	local ip_peer=192.168.1.2
501	local ip_peer_new=192.168.1.3
502	local ip_wg_local=10.0.0.1
503	local ip_wg_peer=10.0.0.2
504	local port=51820
505	local outfile=./out
506	local pskfile=./psk
507	local rekey_after_time=3
508
509	setup_servers
510
511	export RUMP_SERVER=$SOCK_LOCAL
512	atf_check -s exit:0 -o ignore \
513	    rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
514	export RUMP_SERVER=$SOCK_PEER
515	atf_check -s exit:0 -o ignore \
516	    rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
517
518	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
519	generate_keys
520	key_psk=$(wg-keygen --psk)
521	$DEBUG && echo $key_psk
522
523	export RUMP_SERVER=$SOCK_LOCAL
524	setup_common shmif0 inet $ip_local 24
525	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
526
527	export RUMP_SERVER=$SOCK_PEER
528	setup_common shmif0 inet $ip_peer 24
529	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
530
531	echo "$key_psk" > $pskfile
532
533	export RUMP_SERVER=$SOCK_LOCAL
534
535	# The local always has the preshared key
536	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 \
537	    $pskfile "$key_psk"
538	$ifconfig -w 10
539
540	export RUMP_SERVER=$SOCK_PEER
541
542	# First, try the peer without the preshared key
543	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
544	$ifconfig -w 10
545
546	export RUMP_SERVER=$SOCK_LOCAL
547
548	extract_new_packets $BUS > $outfile
549	$DEBUG && cat $outfile
550
551	$ping_fail $ip_wg_peer
552
553	extract_new_packets $BUS > $outfile
554	$DEBUG && cat $outfile
555
556	# Next, try with the preshared key
557	export RUMP_SERVER=$SOCK_PEER
558	delete_peer wg0 peer0
559	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 \
560	    $pskfile "$key_psk"
561	$ifconfig -w 10
562
563	# Need a rekey
564	atf_check -s exit:0 sleep $((rekey_after_time + 1))
565
566	export RUMP_SERVER=$SOCK_LOCAL
567
568	extract_new_packets $BUS > $outfile
569	$DEBUG && cat $outfile
570
571	$ping $ip_wg_peer
572
573	extract_new_packets $BUS > $outfile
574	$DEBUG && cat $outfile
575
576	# Then, try again without the preshared key just in case
577	export RUMP_SERVER=$SOCK_PEER
578	delete_peer wg0 peer0
579	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
580	$ifconfig -w 10
581
582	# Need a rekey
583	atf_check -s exit:0 sleep $((rekey_after_time + 1))
584
585	export RUMP_SERVER=$SOCK_LOCAL
586	$ping_fail $ip_wg_peer
587
588	rm -f $pskfile
589
590	destroy_wg_interfaces
591}
592
593wg_psk_cleanup()
594{
595
596	$DEBUG && dump
597	cleanup
598}
599
600atf_test_case wg_malformed cleanup
601wg_malformed_head()
602{
603
604	atf_set "descr" "tests malformed packet headers"
605	atf_set "require.progs" "nc" "rump_server" "wgconfig" "wg-keygen"
606	atf_set "timeout" "100"
607}
608
609wg_malformed_body()
610{
611	local ifconfig="atf_check -s exit:0 rump.ifconfig"
612	local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1"
613	local ip_local=192.168.1.1
614	local ip_peer=192.168.1.2
615	local ip_wg_local=10.0.0.1
616	local ip_wg_peer=10.0.0.2
617	local port=51820
618	setup_servers
619
620	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
621	generate_keys
622
623	export RUMP_SERVER=$SOCK_LOCAL
624	setup_common shmif0 inet $ip_local 24
625	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
626	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
627	$ifconfig -w 10
628
629	export RUMP_SERVER=$SOCK_PEER
630	setup_common shmif0 inet $ip_peer 24
631	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
632	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
633	$ifconfig -w 10
634
635	export RUMP_SERVER=$SOCK_LOCAL
636
637	$ping $ip_wg_peer
638
639	printf 'send malformed packets\n'
640
641	$HIJACKING ping -c 1 -n $ip_peer
642
643	printf 'x' | $HIJACKING nc -Nu -w 0 $ip_peer $port
644	printf 'xy' | $HIJACKING nc -Nu -w 0 $ip_peer $port
645	printf 'xyz' | $HIJACKING nc -Nu -w 0 $ip_peer $port
646	printf 'xyzw' | $HIJACKING nc -Nu -w 0 $ip_peer $port
647	printf '\x00\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
648	printf '\x00\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
649	printf '\x01\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
650	printf '\x01\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
651	printf '\x02\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
652	printf '\x02\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
653	printf '\x03\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
654	printf '\x03\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
655	printf '\x04\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
656	printf '\x04\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
657
658	printf 'done sending malformed packets\n'
659
660	$ping $ip_wg_peer
661}
662
663wg_malformed_cleanup()
664{
665
666	$DEBUG && dump
667	cleanup
668}
669
670atf_init_test_cases()
671{
672
673	atf_add_test_case wg_rekey
674	atf_add_test_case wg_handshake_timeout
675	atf_add_test_case wg_cookie
676	atf_add_test_case wg_mobility
677	atf_add_test_case wg_keepalive
678	atf_add_test_case wg_psk
679	atf_add_test_case wg_malformed
680}
681