5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
28 proc mkconf {location site} {
35 set pipefp $tmp/$site.netlink
37 file delete $pipefp.$tr
38 exec mkfifo -m600 $pipefp.$tr
39 set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
40 fconfigure $fh -blocking 0 -buffering none -translation binary
42 fileevent $netlinkfh($site.r) readable \
43 [list netlink-readable $location $site]
44 set fakeuf $tmp/$site.fake-userv
45 set fakeuh [open $fakeuf w 0755]
46 puts $fakeuh "#!/bin/sh
49 cat <&3 3<&- >$pipefp.r &
60 userv-path \"$fakeuf\";
63 buffer sysbuffer(2048);
64 interface \"secnet-test-[string range $site 0 0]\";
69 foreach port $ports($site) {
73 address \"::1\", \"127.0.0.1\";
74 buffer sysbuffer(4096);
80 local-name \"test-example/$location/$site\";
81 local-key rsa-private(\"$builddir/test-example/$site.key\");
83 append cfg $extra($site)
87 class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
96 random randomfile("/dev/urandom",no);
97 transform eax-serpent { }, serpent256-cbc { };
100 set pubkeys $tmp/$site.pubkeys
101 file delete -force $pubkeys
102 exec cp -rl $builddir/test-example/pubkeys $pubkeys
104 set f [open $builddir/test-example/sites.conf r]
105 while {[gets $f l] >= 0} {
106 regsub {\"[^\"]*test-example/pubkeys/} $l "\"$pubkeys/" l
113 sites map(site,all-sites);
119 proc spawn-secnet {location site} {
126 upvar #0 pids($site) pid
127 set readbuf($site) {}
128 set cf $tmp/$site.conf
130 puts $ch [mkconf $location $site]
132 set argl [list $builddir/secnet -dvnc $cf]
133 set divertk SECNET_STEST_DIVERT_$site
134 puts -nonewline "spawn"
135 foreach k [array names env] {
137 SECNET_STEST_DIVERT_* -
138 SECNET_TEST_BUILDDIR { }
140 *PRELOAD* { puts -nonewline " $k=$env($k)" }
144 if {[info exists env($divertk)]} {
145 switch -glob $env($divertk) {
147 puts -nonewline "run ^ command, hit return "
155 set argl [split $env($divertk)]
159 if {[llength $argl]} {
161 set pidmap($pid) "secnet $location/$site"
163 execl [lindex $argl 0] [lrange $argl 1 end]
166 puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
169 proc netlink-readable {location site} {
171 upvar #0 readbuf($site) buf
172 upvar #0 netlinkfh($site.r) fh
175 set h [hbytes raw2h $x]
176 if {![hbytes length $h]} return
178 #puts "READABLE $site buf=$buf"
179 while {[regexp {^((?:..)*?)c0(.*)$} $buf dummy now buf]} {
180 #puts "READABLE $site now=$now (buf=$buf)"
181 regsub -all {^((?:..)*?)dbdc} $now {\1c0} now
182 regsub -all {^((?:..)*?)dbdd} $now {\1db} now
183 puts "netlink-got-packet $location $site $now"
184 netlink-got-packet $location $site $now
189 proc netlink-got-packet {location site data} {
190 if {![hbytes length $data]} return
191 switch -exact $site {
194 45000054ed9d4000fe0166d9ac12e802ac12e80900* {
199 error "unexpected $site $data"
209 proc bgerror {message} {
210 global errorInfo errorCode
213 ----------------------------------------
218 ----------------------------------------
227 4500 0054 ed9d 4000 4001 24da ac12 e809
228 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
229 0000 0000 507f 0b00 0000 0000 1011 1213
230 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
231 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
234 puts -nonewline $netlinkfh(inside.t) \
235 [hbytes h2raw c0[join $p ""]c0]
239 exec mkdir -p -m700 $socktmp
240 regsub {^(?!/|\./)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
242 proc prefix_preload {lib} { prefix_some_path LD_PRELOAD $lib }
244 set env(UDP_PRELOAD_DIR) $socktmp
245 prefix_preload $builddir/stest/udp-preload.so
247 proc finish {estatus} {
248 puts stderr "FINISHING $estatus"
249 signal default SIGCHLD
251 foreach pid [array names pidmap] {
260 foreach pid [array names pidmap] {
261 set got [wait -nohang $pid]
262 if {![llength $got]} continue
263 set info $pidmap($pid)
265 puts stderr "reaped $info: $got"
270 signal -restart trap SIGCHLD { after idle reap }
273 global socktmp udpsock
276 regsub {^(?!/)} $u {./} u
277 set udpsock [dgram-socket create $u]
278 dgram-socket on-receive $udpsock udp-relay
281 proc udp-relay {data src sock args} {
282 global udpsock socktmp
283 set headerlen [expr {52+1}]
286 set dst [hbytes range $data 0 $headerlen]
287 regsub {(?:00)*$} $dst {} dst
288 set dst [hbytes h2raw $dst]
290 hbytes overwrite data 0 [hbytes zeroes $headerlen]
291 regsub {.*/} $src {} src
292 set srch [hbytes raw2h $src]
293 hbytes append srch 00
295 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
296 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
297 hbytes overwrite data 0 $srch
298 dgram-socket transmit $udpsock $data $socktmp/$dst
300 puts stderr "$orgsrc -> $dst: $emsg"
306 spawn-secnet in inside
307 spawn-secnet out outside