5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
28 proc mkconf {location site} {
35 set pipefp $tmp/$site.netlink
37 file delete $pipefp.$tr
38 exec mkfifo -m600 $pipefp.$tr
39 set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
40 fconfigure $fh -blocking 0 -buffering none -translation binary
42 fileevent $netlinkfh($site.r) readable \
43 [list netlink-readable $location $site]
44 set fakeuf $tmp/$site.fake-userv
45 set fakeuh [open $fakeuf w 0755]
46 puts $fakeuh "#!/bin/sh
49 cat <&3 3<&- >$pipefp.r &
59 userv-path \"$fakeuf\";
62 buffer sysbuffer(2048);
63 interface \"secnet-test-[string range $site 0 0]\";
68 foreach port $ports($site) {
72 address \"::1\", \"127.0.0.1\";
73 buffer sysbuffer(4096);
79 local-name \"test-example/$location/$site\";
80 local-key rsa-private(\"$builddir/test-example/$site.key\");
82 append cfg $extra($site)
86 class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
95 random randomfile("/dev/urandom",no);
96 transform eax-serpent { }, serpent256-cbc { };
99 set f [open $builddir/test-example/sites.conf r]
104 sites map(site,all-sites);
109 proc spawn-secnet {location site} {
114 upvar #0 pids($site) pid
115 set cf $tmp/$site.conf
117 puts $ch [mkconf $location $site]
119 set argl [list $builddir/secnet -dvnc $cf]
120 puts -nonewline "spawn"
121 foreach k [array names env] {
123 SECNET_TEST_BUILDDIR { }
125 *PRELOAD* { puts -nonewline " $k=$env($k)" }
131 execl [lindex $argl 0] [lrange $argl 1 end]
133 puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
136 proc netlink-readable {location site} {
138 upvar #0 netlinkfh($site.r) fh
139 read $fh; # empty the buffer
140 switch -exact $site {
143 set ok 1; # what a bodge
152 proc bgerror {message} {
153 global errorInfo errorCode
156 ----------------------------------------
161 ----------------------------------------
170 4500 0054 ed9d 4000 4001 24da ac12 e809
171 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
172 0000 0000 507f 0b00 0000 0000 1011 1213
173 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
174 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
177 puts -nonewline $netlinkfh(inside.t) \
178 [hbytes h2raw c0[join $p ""]c0]
182 exec mkdir -p -m700 $socktmp
183 regsub {^(?!/)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
185 proc prefix_preload {lib} { prefix_some_path LD_PRELOAD $lib }
187 set env(UDP_PRELOAD_DIR) $socktmp
188 prefix_preload $builddir/stest/udp-preload.so
191 global socktmp udpsock
194 regsub {^(?!/)} $u {./} u
195 set udpsock [dgram-socket create $u]
196 dgram-socket on-receive $udpsock udp-relay
199 proc udp-relay {data src sock args} {
200 global udpsock socktmp
201 set headerlen [expr {52+1}]
204 set dst [hbytes range $data 0 $headerlen]
205 regsub {(?:00)*$} $dst {} dst
206 set dst [hbytes h2raw $dst]
208 hbytes overwrite data 0 [hbytes zeroes $headerlen]
209 regsub {.*/} $src {} src
210 set srch [hbytes raw2h $src]
211 hbytes append srch 00
213 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
214 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
215 hbytes overwrite data 0 $srch
216 dgram-socket transmit $udpsock $data $socktmp/$dst
218 puts stderr "$orgsrc -> $dst: $emsg"
224 spawn-secnet in inside
225 spawn-secnet out outside