5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
35 set pipefp $tmp/$which.netlink
37 file delete $pipefp.$tr
38 exec mkfifo -m600 $pipefp.$tr
39 set netlinkfh($which.$tr) [set fh [open $pipefp.$tr r+]]
40 fconfigure $fh -blocking 0 -buffering none -translation binary
42 fileevent $netlinkfh($which.r) readable [list netlink-readable $which]
43 set fakeuf $tmp/$which.fake-userv
44 set fakeuh [open $fakeuf w 0755]
45 puts $fakeuh "#!/bin/sh
48 cat <&3 3<&- >$pipefp.r &
58 userv-path \"$fakeuf\";
61 buffer sysbuffer(2048);
62 interface \"secnet-test-[string range $which 0 0]\";
67 foreach port $ports($which) {
71 address \"::1\", \"127.0.0.1\";
72 buffer sysbuffer(4096);
78 local-name \"test-example/$which/$which\";
79 local-key rsa-private(\"$builddir/test-example/$which.key\");
81 append cfg $extra($which)
85 class "info","notice","warning","error","security","fatal";
92 random randomfile("/dev/urandom",no);
93 transform eax-serpent { }, serpent256-cbc { };
96 set f [open $builddir/test-example/sites.conf r]
101 sites map(site,vpn/test-example/all-sites);
106 proc spawn-secnet {which} {
110 upvar #0 pids($which) pid
111 set cf $tmp/$which.conf
113 puts $ch [mkconf $which]
115 set argl [list $builddir/secnet -dvnc $cf]
118 execl [lindex $argl 0] [lrange $argl 1 end]
120 puts -nonewline $netlinkfh($which.t) [hbytes h2raw c0]
123 proc netlink-readable {which} {
125 upvar #0 netlinkfh($which.r) fh
126 read $fh; # empty the buffer
127 switch -exact $which {
130 set ok 1; # what a bodge
139 proc bgerror {message} {
140 global errorInfo errorCode
143 ----------------------------------------
148 ----------------------------------------
157 4500 0054 ed9d 4000 4001 24da ac12 e809
158 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
159 0000 0000 507f 0b00 0000 0000 1011 1213
160 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
161 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
164 puts -nonewline $netlinkfh(inside.t) \
165 [hbytes h2raw c0[join $p ""]c0]
169 exec mkdir -p -m700 $socktmp
170 regsub {^(?!/)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
172 proc prefix_preload {lib} {
175 catch { set l [split $env(PRELOAD) :] }
176 set l [concat [list $lib] $l]
177 set env(LD_PRELOAD) [join $l :]
180 set env(UDP_PRELOAD_DIR) $socktmp
181 prefix_preload $builddir/stest/udp-preload.so
184 global socktmp udpsock
187 regsub {^(?!/)} $u {./} u
188 set udpsock [dgram-socket create $u]
189 dgram-socket on-receive $udpsock udp-relay
192 proc udp-relay {data src sock args} {
193 global udpsock socktmp
194 set headerlen [expr {52+1}]
197 set dst [hbytes range $data 0 $headerlen]
198 regsub {(?:00)*$} $dst {} dst
199 set dst [hbytes h2raw $dst]
201 hbytes overwrite data 0 [hbytes zeroes $headerlen]
202 regsub {.*/} $src {} src
203 set srch [hbytes raw2h $src]
204 hbytes append srch 00
206 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
207 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
208 hbytes overwrite data 0 $srch
209 dgram-socket transmit $udpsock $data $socktmp/$dst
211 puts stderr "$orgsrc -> $dst: $emsg"