5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
28 set privkey(inside) test-example/inside.privkeys/
29 set privkey(outside) test-example/outside.privkeys/
31 proc sitesconf_hook {l} { return $l }
33 proc oldsecnet {site} {
34 upvar #0 oldsecnet($site) oldsecnet
35 expr {[info exists oldsecnet] && [set oldsecnet]}
38 proc mkconf {location site} {
45 upvar #0 privkey($site) privkey
46 set pipefp $tmp/$site.netlink
48 file delete $pipefp.$tr
49 exec mkfifo -m600 $pipefp.$tr
50 set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
51 fconfigure $fh -blocking 0 -buffering none -translation binary
53 fileevent $netlinkfh($site.r) readable \
54 [list netlink-readable $location $site]
55 set fakeuf $tmp/$site.fake-userv
56 set fakeuh [open $fakeuf w 0755]
57 puts $fakeuh "#!/bin/sh
60 cat <&3 3<&- >$pipefp.r &
71 userv-path \"$fakeuf\";
74 buffer sysbuffer(2048);
75 interface \"secnet-test-[string range $site 0 0]\";
80 foreach port $ports($site) {
84 address \"::1\", \"127.0.0.1\";
85 buffer sysbuffer(4096);
91 local-name \"test-example/$location/$site\";
93 switch -glob $privkey {
95 set sitesconf sites.conf
97 key-cache priv-cache({
98 privkeys \"$builddir/${privkey}priv.\";
103 set sitesconf sites-nonego.conf
105 local-key rsa-private(\"$builddir/$privkey\");
109 set sitesconf $builddir/test-example/$sitesconf
111 append cfg $extra($site)
115 class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
117 if {[oldsecnet $site]} { append cfg "
118 filename \"/dev/stderr\";
129 random randomfile("/dev/urandom",no);
130 transform eax-serpent { }, serpent256-cbc { };
133 set pubkeys $tmp/$site.pubkeys
134 file delete -force $pubkeys
135 exec cp -rl $builddir/test-example/pubkeys $pubkeys
137 set f [open $sitesconf r]
138 while {[gets $f l] >= 0} {
139 regsub {\"[^\"]*test-example/pubkeys/} $l "\"$pubkeys/" l
140 set l [sitesconf_hook $l]
147 sites map(site,all-sites);
153 proc spawn-secnet {location site} {
160 upvar #0 pids($site) pid
161 set readbuf($site) {}
162 set cf $tmp/$site.conf
164 puts $ch [mkconf $location $site]
166 set secnet $builddir/secnet
167 if {[oldsecnet $site]} {
168 set secnet $env(OLD_SECNET_DIR)/secnet
170 set argl [list $secnet -dvnc $cf]
171 set divertk SECNET_STEST_DIVERT_$site
172 puts -nonewline "spawn"
173 foreach k [array names env] {
175 SECNET_STEST_DIVERT_* -
176 SECNET_TEST_BUILDDIR - OLD_SECNET_DIR { }
178 *PRELOAD* { puts -nonewline " $k=$env($k)" }
182 if {[info exists env($divertk)]} {
183 switch -glob $env($divertk) {
185 puts -nonewline "run ^ command, hit return "
193 set argl [split $env($divertk)]
197 if {[llength $argl]} {
199 set pidmap($pid) "secnet $location/$site"
201 execl [lindex $argl 0] [lrange $argl 1 end]
204 puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
207 proc netlink-readable {location site} {
209 upvar #0 readbuf($site) buf
210 upvar #0 netlinkfh($site.r) fh
213 set h [hbytes raw2h $x]
214 if {![hbytes length $h]} return
216 #puts "READABLE $site buf=$buf"
217 while {[regexp {^((?:..)*?)c0(.*)$} $buf dummy now buf]} {
218 #puts "READABLE $site now=$now (buf=$buf)"
219 regsub -all {^((?:..)*?)dbdc} $now {\1c0} now
220 regsub -all {^((?:..)*?)dbdd} $now {\1db} now
221 puts "netlink-got-packet $location $site $now"
222 netlink-got-packet $location $site $now
227 proc netlink-got-packet {location site data} {
228 if {![hbytes length $data]} return
229 switch -exact $site {
232 45000054ed9d4000fe0166d9ac12e802ac12e80900* {
237 error "unexpected $site $data"
247 proc bgerror {message} {
248 global errorInfo errorCode
251 ----------------------------------------
256 ----------------------------------------
265 4500 0054 ed9d 4000 4001 24da ac12 e809
266 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
267 0000 0000 507f 0b00 0000 0000 1011 1213
268 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
269 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
272 puts -nonewline $netlinkfh(inside.t) \
273 [hbytes h2raw c0[join $p ""]c0]
277 exec mkdir -p -m700 $socktmp
278 regsub {^(?!/|\./)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
280 proc prefix_preload {lib} { prefix_some_path LD_PRELOAD $lib }
282 set env(UDP_PRELOAD_DIR) $socktmp
283 prefix_preload $builddir/stest/udp-preload.so
285 proc finish {estatus} {
286 puts stderr "FINISHING $estatus"
287 signal default SIGCHLD
289 foreach pid [array names pidmap] {
298 foreach pid [array names pidmap] {
299 set got [wait -nohang $pid]
300 if {![llength $got]} continue
301 set info $pidmap($pid)
303 puts stderr "reaped $info: $got"
308 signal -restart trap SIGCHLD { after idle reap }
311 global socktmp udpsock
314 regsub {^(?!/)} $u {./} u
315 set udpsock [dgram-socket create $u]
316 dgram-socket on-receive $udpsock udp-relay
319 proc udp-relay {data src sock args} {
320 global udpsock socktmp
321 set headerlen [expr {52+1}]
324 set dst [hbytes range $data 0 $headerlen]
325 regsub {(?:00)*$} $dst {} dst
326 set dst [hbytes h2raw $dst]
328 hbytes overwrite data 0 [hbytes zeroes $headerlen]
329 regsub {.*/} $src {} src
330 set srch [hbytes raw2h $src]
331 hbytes append srch 00
333 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
334 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
335 hbytes overwrite data 0 $srch
336 dgram-socket transmit $udpsock $data $socktmp/$dst
338 puts stderr "$orgsrc -> $dst: $emsg"
344 spawn-secnet in inside
345 spawn-secnet out outside