5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
34 set pipefp $tmp/$which.netlink
36 file delete $pipefp.$tr
37 exec mkfifo -m600 $pipefp.$tr
38 set netlinkfh($which.$tr) [set fh [open $pipefp.$tr r+]]
39 fconfigure $fh -blocking 0 -buffering none -translation binary
41 fileevent $netlinkfh($which.r) readable [list netlink-readable $which]
42 set fakeuf $tmp/$which.fake-userv
43 set fakeuh [open $fakeuf w 0755]
44 puts $fakeuh "#!/bin/sh
47 cat <&3 3<&- >$pipefp.r &
57 userv-path \"$fakeuf\";
60 buffer sysbuffer(2048);
61 interface \"secnet-test-[string range $which 0 0]\";
66 foreach port $ports($which) {
70 address \"::1\", \"127.0.0.1\";
71 buffer sysbuffer(4096);
77 local-name \"test-example/$which/$which\";
78 local-key rsa-private(\"test-example/$which.key\");
80 append cfg $extra($which)
84 class "info","notice","warning","error","security","fatal";
91 random randomfile("/dev/urandom",no);
92 transform eax-serpent { }, serpent256-cbc { };
93 include test-example/sites.conf
94 sites map(site,vpn/test-example/all-sites);
99 proc spawn-secnet {which} {
102 upvar #0 pids($which) pid
103 set cf $tmp/$which.conf
105 puts $ch [mkconf $which]
107 set argl [list strace -o$tmp/$which.strace ./secnet -dvnc $cf]
110 execl [lindex $argl 0] [lrange $argl 1 end]
112 puts -nonewline $netlinkfh($which.t) [hbytes h2raw c0]
115 proc netlink-readable {which} {
117 upvar #0 netlinkfh($which.r) fh
118 read $fh; # empty the buffer
119 switch -exact $which {
122 set ok 1; # what a bodge
131 proc bgerror {message} {
132 global errorInfo errorCode
135 ----------------------------------------
140 ----------------------------------------
149 4500 0054 ed9d 4000 4001 24da ac12 e809
150 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
151 0000 0000 507f 0b00 0000 0000 1011 1213
152 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
153 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
156 puts -nonewline $netlinkfh(inside.t) \
157 [hbytes h2raw c0[join $p ""]c0]
163 regsub {^(?!/)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
166 global socktmp udpsock
169 regsub {^(?!/)} $u {./} u
170 set udpsock [dgram-socket create $u]
171 dgram-socket on-receive $udpsock udp-relay
174 proc udp-relay {data src sock args} {
175 global udpsock socktmp
176 set headerlen [expr {52+1}]
179 set dst [hbytes range $data 0 $headerlen]
180 regsub {(?:00)*$} $dst {} dst
181 set dst [hbytes h2raw $dst]
183 hbytes overwrite data 0 [hbytes zeroes $headerlen]
184 regsub {.*/} $src {} src
185 set srch [hbytes raw2h $src]
186 hbytes append srch 00
188 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
189 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
190 hbytes overwrite data 0 $srch
191 dgram-socket transmit $udpsock $data $socktmp/$dst
193 puts stderr "$orgsrc -> $dst: $emsg"