1#	$NetBSD: t_basic.sh,v 1.4 2021/03/02 07:16:24 simonb Exp $
2#
3# Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com>
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25# POSSIBILITY OF SUCH DAMAGE.
26#
27
28BUS=bus
29SOCK_LOCAL=unix://wg_local
30SOCK_PEER=unix://wg_peer
31SOCK_PEER2=unix://wg_peer2
32
33
34check_ping_payload()
35{
36	local proto=$1
37	local ip=$2
38	local ping= size=
39
40	if [ $proto = inet ]; then
41		ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1"
42	else
43		ping="atf_check -s exit:0 -o ignore rump.ping6 -n -c 1 -X 1"
44	fi
45
46	for size in $(seq 1 100) $(seq 450 550) $(seq 1400 1500); do
47		$ping -s $size $ip
48	done
49}
50
51test_common()
52{
53	local type=$1
54	local outer_proto=$2
55	local inner_proto=$3
56	local ifconfig="atf_check -s exit:0 rump.ifconfig"
57	local port=51820
58	local ip_local= ip_peer=
59	local ip_wg_local= ip_wg_peer=
60	local outer_prefix= outer_prefixall=
61	local inner_prefix= inner_prefixall=
62
63	if [ $outer_proto = inet ]; then
64		ip_local=192.168.1.1
65		ip_peer=192.168.1.2
66		outer_prefix=24
67		outer_prefixall=32
68	else
69		ip_local=fc00::1
70		ip_peer=fc00::2
71		outer_prefix=64
72		outer_prefixall=128
73	fi
74
75	if [ $inner_proto = inet ]; then
76		ip_wg_local=10.0.0.1
77		ip_wg_peer=10.0.0.2
78		inner_prefix=24
79		inner_prefixall=32
80	else
81		ip_wg_local=fd00::1
82		ip_wg_peer=fd00::2
83		inner_prefix=64
84		inner_prefixall=128
85	fi
86
87	setup_servers
88
89	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
90	generate_keys
91
92	export RUMP_SERVER=$SOCK_LOCAL
93	setup_common shmif0 $outer_proto $ip_local $outer_prefix
94	setup_wg_common wg0 $inner_proto $ip_wg_local $inner_prefix $port "$key_priv_local"
95	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/$inner_prefixall
96	$ifconfig -w 10
97
98	export RUMP_SERVER=$SOCK_PEER
99	setup_common shmif0 $outer_proto $ip_peer $outer_prefix
100	setup_wg_common wg0 $inner_proto $ip_wg_peer $inner_prefix $port "$key_priv_peer"
101	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/$inner_prefixall
102	$ifconfig -w 10
103
104	if [ $type = basic ]; then
105		export RUMP_SERVER=$SOCK_LOCAL
106		check_ping $inner_proto $ip_wg_peer
107	elif [ $type = payload ]; then
108		export RUMP_SERVER=$SOCK_LOCAL
109		check_ping_payload $inner_proto $ip_wg_peer
110	fi
111
112	destroy_wg_interfaces
113}
114
115atf_test_case wg_create_destroy cleanup
116wg_create_destroy_head()
117{
118
119	atf_set "descr" "tests to create/destroy wg(4) interfaces"
120	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
121}
122
123wg_create_destroy_body()
124{
125
126	rump_server_crypto_start $SOCK_LOCAL netinet6 wg
127
128	test_create_destroy_common $SOCK_LOCAL wg0 true
129}
130
131wg_create_destroy_cleanup()
132{
133
134	$DEBUG && dump
135	cleanup
136}
137
138wg_create_destroy_peers_common()
139{
140	local proto=$1
141	local ifconfig="atf_check -s exit:0 rump.ifconfig"
142	local port=51820
143	local ip_local= ip_peer=
144	local ip_wg_local= ip_wg_peer=
145	local outer_prefix= outer_prefixall=
146	local inner_prefix= inner_prefixall=
147
148	if [ $proto = inet ]; then
149		ip_local=192.168.1.1
150		ip_peer=192.168.1.2
151		outer_prefix=24
152		outer_prefixall=32
153		ip_wg_local=10.0.0.1
154		ip_wg_peer=10.0.0.2
155		inner_prefix=24
156		inner_prefixall=32
157	else
158		ip_local=fc00::1
159		ip_peer=fc00::2
160		outer_prefix=64
161		outer_prefixall=128
162		ip_wg_local=fd00::1
163		ip_wg_peer=fd00::2
164		inner_prefix=64
165		inner_prefixall=128
166	fi
167
168	rump_server_crypto_start $SOCK_LOCAL netinet6 wg
169	rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
170
171	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
172	generate_keys
173
174	export RUMP_SERVER=$SOCK_LOCAL
175	setup_common shmif0 $proto $ip_local $outer_prefix
176	setup_wg_common wg0 $proto $ip_wg_local $inner_prefix $port "$key_priv_local"
177
178	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/$inner_prefixall
179
180	delete_peer wg0 peer0
181}
182
183atf_test_case wg_create_destroy_peers_ipv4 cleanup
184wg_create_destroy_peers_ipv4_head()
185{
186
187	atf_set "descr" "tests to create/destroy peers (IPv4)"
188	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
189}
190
191wg_create_destroy_peers_ipv4_body()
192{
193
194	wg_create_destroy_peers_common inet
195}
196
197wg_create_destroy_peers_ipv4_cleanup()
198{
199
200	$DEBUG && dump
201	cleanup
202}
203
204atf_test_case wg_create_destroy_peers_ipv6 cleanup
205wg_create_destroy_peers_ipv6_head()
206{
207
208	atf_set "descr" "tests to create/destroy peers (IPv6)"
209	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
210}
211
212wg_create_destroy_peers_ipv6_body()
213{
214
215	wg_create_destroy_peers_common inet6
216}
217
218wg_create_destroy_peers_ipv6_cleanup()
219{
220
221	$DEBUG && dump
222	cleanup
223}
224
225add_basic_test()
226{
227	local inner=$1
228	local outer=$2
229	local ipv4=inet
230	local ipv6=inet6
231
232	name="wg_basic_${inner}_over_${outer}"
233	fulldesc="Test wg(4) with ${inner} over ${outer}"
234
235	eval inner=\$$inner
236	eval outer=\$$outer
237
238	atf_test_case ${name} cleanup
239	eval "
240		${name}_head() {
241			atf_set descr \"${fulldesc}\"
242			atf_set require.progs rump_server wgconfig wg-keygen
243		}
244		${name}_body() {
245			test_common basic $outer $inner
246			rump_server_destroy_ifaces
247		}
248		${name}_cleanup() {
249			\$DEBUG && dump
250			cleanup
251		}"
252	atf_add_test_case ${name}
253}
254
255add_payload_sizes_test()
256{
257	local inner=$1
258	local outer=$2
259	local ipv4=inet
260	local ipv6=inet6
261
262	name="wg_payload_sizes_${inner}_over_${outer}"
263	fulldesc="Test wg(4) with ${inner} over ${outer} with various payload sizes"
264
265	eval inner=\$$inner
266	eval outer=\$$outer
267
268	atf_test_case ${name} cleanup
269	eval "
270		${name}_head() {
271			atf_set descr \"${fulldesc}\"
272			atf_set require.progs rump_server wgconfig wg-keygen
273		}
274		${name}_body() {
275			test_common payload $outer $inner
276			rump_server_destroy_ifaces
277		}
278		${name}_cleanup() {
279			\$DEBUG && dump
280			cleanup
281		}"
282	atf_add_test_case ${name}
283}
284
285atf_test_case wg_multiple_interfaces cleanup
286wg_multiple_interfaces_head()
287{
288
289	atf_set "descr" "tests multiple wg(4) interfaces"
290	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
291}
292
293wg_multiple_interfaces_body()
294{
295	local ifconfig="atf_check -s exit:0 rump.ifconfig"
296	local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
297	local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
298	local key_priv_peer2=
299	local key_pub_peer2=
300	local ip_local=192.168.1.1
301	local ip_local2=192.168.2.1
302	local ip_peer=192.168.1.2
303	local ip_peer2=192.168.2.2
304	local ip_wg_local=10.0.0.1
305	local ip_wg_local2=10.0.1.1
306	local ip_wg_peer=10.0.0.2
307	local ip_wg_peer2=10.0.1.2
308	local port=51820
309	local port2=51821
310	local outfile=./out
311
312	setup_servers
313	rump_server_add_iface $SOCK_LOCAL shmif1 $BUS
314
315	rump_server_crypto_start $SOCK_PEER2 netinet6 wg
316	rump_server_add_iface $SOCK_PEER2 shmif0 $BUS
317
318	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
319	generate_keys
320	key_priv_peer2=$(wg-keygen)
321	key_pub_peer2=$(echo $key_priv_peer2| wg-keygen --pub)
322
323	export RUMP_SERVER=$SOCK_LOCAL
324	setup_common shmif0 inet $ip_local 24
325	setup_common shmif1 inet $ip_local2 24
326	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
327	setup_wg_common wg1 inet $ip_wg_local2 24 $port2 "$key_priv_local"
328	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
329	add_peer wg1 peer0 $key_pub_peer2 $ip_peer2:$port2 $ip_wg_peer2/32
330	$ifconfig -w 10
331
332	export RUMP_SERVER=$SOCK_PEER
333	setup_common shmif0 inet $ip_peer 24
334	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
335	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
336	$ifconfig -w 10
337
338	export RUMP_SERVER=$SOCK_PEER2
339	setup_common shmif0 inet $ip_peer2 24
340	setup_wg_common wg0 inet $ip_wg_peer2 24 $port2 "$key_priv_peer2"
341	add_peer wg0 peer0 $key_pub_local $ip_local2:$port2 $ip_wg_local2/32
342	$ifconfig -w 10
343
344	export RUMP_SERVER=$SOCK_LOCAL
345
346	extract_new_packets $BUS > $outfile
347	$DEBUG && cat $outfile
348
349	$ping $ip_wg_peer
350
351	extract_new_packets $BUS > $outfile
352	$DEBUG && cat $outfile
353
354	$ping $ip_wg_peer2
355
356	extract_new_packets $BUS > $outfile
357	$DEBUG && cat $outfile
358
359	export RUMP_SERVER=$SOCK_LOCAL
360	$ifconfig wg0 destroy
361	$ifconfig wg1 destroy
362	export RUMP_SERVER=$SOCK_PEER
363	$ifconfig wg0 destroy
364	export RUMP_SERVER=$SOCK_PEER2
365	$ifconfig wg0 destroy
366}
367
368wg_multiple_interfaces_cleanup()
369{
370
371	$DEBUG && dump
372	cleanup
373}
374
375atf_test_case wg_multiple_peers cleanup
376wg_multiple_peers_head()
377{
378
379	atf_set "descr" "tests multiple wg(4) peers"
380	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
381}
382
383wg_multiple_peers_body()
384{
385	local ifconfig="atf_check -s exit:0 rump.ifconfig"
386	local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
387	local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
388	local key_priv_peer2=
389	local key_pub_peer2=
390	local ip_local=192.168.1.1
391	local ip_peer=192.168.1.2
392	local ip_peer2=192.168.1.3
393	local ip_wg_local=10.0.0.1
394	local ip_wg_peer=10.0.0.2
395	local ip_wg_peer2=10.0.0.3
396	local port=51820
397	local outfile=./out
398
399	setup_servers
400	rump_server_add_iface $SOCK_LOCAL shmif1 $BUS
401
402	rump_server_crypto_start $SOCK_PEER2 netinet6 wg
403	rump_server_add_iface $SOCK_PEER2 shmif0 $BUS
404
405	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
406	generate_keys
407	key_priv_peer2=$(wg-keygen)
408	key_pub_peer2=$(echo $key_priv_peer2| wg-keygen --pub)
409
410	export RUMP_SERVER=$SOCK_LOCAL
411	setup_common shmif0 inet $ip_local 24
412	setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
413	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
414	add_peer wg0 peer1 $key_pub_peer2 $ip_peer2:$port $ip_wg_peer2/32
415	$ifconfig -w 10
416
417	export RUMP_SERVER=$SOCK_PEER
418	setup_common shmif0 inet $ip_peer 24
419	setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
420	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
421	$ifconfig -w 10
422
423	export RUMP_SERVER=$SOCK_PEER2
424	setup_common shmif0 inet $ip_peer2 24
425	setup_wg_common wg0 inet $ip_wg_peer2 24 $port "$key_priv_peer2"
426	add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
427	$ifconfig -w 10
428
429	export RUMP_SERVER=$SOCK_LOCAL
430
431	extract_new_packets $BUS > $outfile
432	$DEBUG && cat $outfile
433
434	$ping $ip_wg_peer
435
436	extract_new_packets $BUS > $outfile
437	$DEBUG && cat $outfile
438
439	$ping $ip_wg_peer2
440
441	extract_new_packets $BUS > $outfile
442	$DEBUG && cat $outfile
443
444	export RUMP_SERVER=$SOCK_LOCAL
445	$ifconfig wg0 destroy
446	export RUMP_SERVER=$SOCK_PEER
447	$ifconfig wg0 destroy
448	export RUMP_SERVER=$SOCK_PEER2
449	$ifconfig wg0 destroy
450}
451
452wg_multiple_peers_cleanup()
453{
454
455	$DEBUG && dump
456	cleanup
457}
458
459atf_init_test_cases()
460{
461
462	add_basic_test ipv4 ipv4
463	add_basic_test ipv4 ipv6
464	add_basic_test ipv6 ipv4
465	add_basic_test ipv6 ipv6
466
467	add_payload_sizes_test ipv4 ipv4
468	add_payload_sizes_test ipv4 ipv6
469	add_payload_sizes_test ipv6 ipv4
470	add_payload_sizes_test ipv6 ipv6
471
472	atf_add_test_case wg_create_destroy
473	atf_add_test_case wg_create_destroy_peers_ipv4
474	atf_add_test_case wg_create_destroy_peers_ipv6
475	atf_add_test_case wg_multiple_interfaces
476	atf_add_test_case wg_multiple_peers
477}
478