5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
28 proc mkconf {location site} {
35 set pipefp $tmp/$site.netlink
37 file delete $pipefp.$tr
38 exec mkfifo -m600 $pipefp.$tr
39 set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
40 fconfigure $fh -blocking 0 -buffering none -translation binary
42 fileevent $netlinkfh($site.r) readable \
43 [list netlink-readable $location $site]
44 set fakeuf $tmp/$site.fake-userv
45 set fakeuh [open $fakeuf w 0755]
46 puts $fakeuh "#!/bin/sh
49 cat <&3 3<&- >$pipefp.r &
59 userv-path \"$fakeuf\";
62 buffer sysbuffer(2048);
63 interface \"secnet-test-[string range $site 0 0]\";
68 foreach port $ports($site) {
72 address \"::1\", \"127.0.0.1\";
73 buffer sysbuffer(4096);
79 local-name \"test-example/$location/$site\";
80 local-key rsa-private(\"$builddir/test-example/$site.key\");
82 append cfg $extra($site)
86 class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
95 random randomfile("/dev/urandom",no);
96 transform eax-serpent { }, serpent256-cbc { };
99 set f [open $builddir/test-example/sites.conf r]
104 sites map(site,all-sites);
109 proc spawn-secnet {location site} {
115 upvar #0 pids($site) pid
116 set cf $tmp/$site.conf
118 puts $ch [mkconf $location $site]
120 set argl [list $builddir/secnet -dvnc $cf]
121 set divertk SECNET_STEST_DIVERT_$site
122 puts -nonewline "spawn"
123 foreach k [array names env] {
125 SECNET_STEST_DIVERT_* -
126 SECNET_TEST_BUILDDIR { }
128 *PRELOAD* { puts -nonewline " $k=$env($k)" }
132 if {[info exists env($divertk)]} {
133 switch -glob $env($divertk) {
135 puts -nonewline "run ^ command, hit return "
143 set argl [split $env($divertk)]
147 if {[llength $argl]} {
149 set pidmap($pid) "secnet $location/$site"
151 execl [lindex $argl 0] [lrange $argl 1 end]
154 puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
157 proc netlink-readable {location site} {
159 upvar #0 netlinkfh($site.r) fh
160 read $fh; # empty the buffer
161 switch -exact $site {
164 set ok 1; # what a bodge
173 proc bgerror {message} {
174 global errorInfo errorCode
177 ----------------------------------------
182 ----------------------------------------
191 4500 0054 ed9d 4000 4001 24da ac12 e809
192 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
193 0000 0000 507f 0b00 0000 0000 1011 1213
194 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
195 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
198 puts -nonewline $netlinkfh(inside.t) \
199 [hbytes h2raw c0[join $p ""]c0]
203 exec mkdir -p -m700 $socktmp
204 regsub {^(?!/|\./)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
206 proc prefix_preload {lib} { prefix_some_path LD_PRELOAD $lib }
208 set env(UDP_PRELOAD_DIR) $socktmp
209 prefix_preload $builddir/stest/udp-preload.so
211 proc finish {estatus} {
212 puts stderr "FINISHING $estatus"
217 global socktmp udpsock
220 regsub {^(?!/)} $u {./} u
221 set udpsock [dgram-socket create $u]
222 dgram-socket on-receive $udpsock udp-relay
225 proc udp-relay {data src sock args} {
226 global udpsock socktmp
227 set headerlen [expr {52+1}]
230 set dst [hbytes range $data 0 $headerlen]
231 regsub {(?:00)*$} $dst {} dst
232 set dst [hbytes h2raw $dst]
234 hbytes overwrite data 0 [hbytes zeroes $headerlen]
235 regsub {.*/} $src {} src
236 set srch [hbytes raw2h $src]
237 hbytes append srch 00
239 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
240 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
241 hbytes overwrite data 0 $srch
242 dgram-socket transmit $udpsock $data $socktmp/$dst
244 puts stderr "$orgsrc -> $dst: $emsg"
250 spawn-secnet in inside
251 spawn-secnet out outside