set ports(inside) {16913 16910}
set ports(outside) 16900
+set defnet_v4 198.51.100
+set defnet_v6 2001:db8:ff00
+set defaddr_v4 ${defnet_v4}.1
+set defaddr_v6 ${defnet_v6}::1
+
set extra(inside) {
local-mobile True;
mtu-target 1260;
}
set extra(outside) {}
+set privkey(inside) test-example/inside.privkeys/
+set privkey(outside) test-example/outside.privkeys/
+
+set initiator inside
+
+proc sitesconf_hook {l} { return $l }
+
+proc oldsecnet {site} {
+ upvar #0 oldsecnet($site) oldsecnet
+ expr {[info exists oldsecnet] && [set oldsecnet]}
+}
+
proc mkconf {location site} {
global tmp
global builddir
global ports
global extra
global netlinkfh
+ global defaddr_v4 defaddr_v6
+ upvar #0 privkey($site) privkey
set pipefp $tmp/$site.netlink
foreach tr {t r} {
file delete $pipefp.$tr
"
close $fakeuh
set cfg "
+ hash sha1;
netlink userv-ipif {
name \"netlink\";
userv-path \"$fakeuf\";
append cfg "$delim
udp {
port $port;
- address \"::1\", \"127.0.0.1\";
+ address \"$defaddr_v6\", \"$defaddr_v4\";
buffer sysbuffer(4096);
}
"
}
append cfg ";
local-name \"test-example/$location/$site\";
- local-key rsa-private(\"$builddir/test-example/$site.key\");
"
+ switch -glob $privkey {
+ */ {
+ set sitesconf sites.conf
+ append cfg "
+ key-cache priv-cache({
+ privkeys \"$builddir/${privkey}priv.\";
+ });
+"
+ }
+ {load-private *} {
+ set sitesconf sites-nonego.conf
+ append cfg "
+ local-key load-private(\"[lindex $privkey 1]\",\"$builddir/[lindex $privkey 2]\");
+"
+ }
+ * {
+ set sitesconf sites-nonego.conf
+ append cfg "
+ local-key rsa-private(\"$builddir/$privkey\");
+"
+ }
+ }
+ set sitesconf $builddir/test-example/$sitesconf
+
append cfg $extra($site)
append cfg "
log logfile {
prefix \"$site\";
class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
+ "
+ if {[oldsecnet $site]} { append cfg "
+ filename \"/dev/stderr\";
+ " }
+ append cfg "
};
"
append cfg {
transform eax-serpent { }, serpent256-cbc { };
}
- set f [open $builddir/test-example/sites.conf r]
+ set pubkeys $tmp/$site.pubkeys
+ file delete -force $pubkeys
+ exec cp -rl $builddir/test-example/pubkeys $pubkeys
+
+ set f [open $sitesconf r]
+ while {[gets $f l] >= 0} {
+ regsub {\"[^\"]*test-example/pubkeys/} $l "\"$pubkeys/" l
+ regsub -all {\"\[127\.0\.0\.1\]\"} $l "\"\[$defaddr_v4\]\"" l
+ regsub -all {\"\[::1]\"} $l "\"\[$defaddr_v6\]\"" l
+ set l [sitesconf_hook $l]
+ append cfg $l "\n"
+ }
set sites [read $f]
close $f
append cfg $sites
append cfg {
sites map(site,all-sites);
}
+
return $cfg
}
set ch [open $cf w]
puts $ch [mkconf $location $site]
close $ch
- set argl [list $builddir/secnet -dvnc $cf]
+ set secnet $builddir/secnet
+ if {[oldsecnet $site]} {
+ set secnet $env(OLD_SECNET_DIR)/secnet
+ }
+ set argl [list $secnet -dvnc $cf]
set divertk SECNET_STEST_DIVERT_$site
- puts -nonewline "spawn"
+ puts "spawn:"
foreach k [array names env] {
switch -glob $k {
SECNET_STEST_DIVERT_* -
- SECNET_TEST_BUILDDIR { }
+ SECNET_TEST_BUILDDIR - OLD_SECNET_DIR { }
*SECNET* -
*PRELOAD* { puts -nonewline " $k=$env($k)" }
}
}
- puts " $argl"
if {[info exists env($divertk)]} {
switch -glob $env($divertk) {
- i {
+ i - {i *} {
+ regsub {^i} $env($divertk) {} divert_prefix
+ puts "$divert_prefix $argl"
puts -nonewline "run ^ command, hit return "
flush stdout
gets stdin
set argl {}
}
0 - "" {
+ puts " $argl"
}
- * {
+ /* - ./* {
+ puts " $argl"
set argl [split $env($divertk)]
+ puts "... $argl"
+ }
+ * {
+ error "$divertk not understood"
}
}
}
}
proc netlink-got-packet {location site data} {
+ global initiator
if {![hbytes length $data]} return
- switch -exact $site {
- inside {
+ switch -exact $site!$initiator {
+ inside!inside - outside!outside {
switch -glob $data {
45000054ed9d4000fe0166d9ac12e802ac12e80900* {
puts "OK $data"
}
}
}
- outside {
- error "inside rx'd!"
+ default {
+ error "$site rx'd! (initiator $initiator)"
}
}
}
proc sendpkt {} {
global netlinkfh
+ global initiator
set p {
4500 0054 ed9d 4000 4001 24da ac12 e809
ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
}
- puts -nonewline $netlinkfh(inside.t) \
+ puts -nonewline $netlinkfh($initiator.t) \
[hbytes h2raw c0[join $p ""]c0]
}
}
}
+proc adj-after {timeout args} {
+ upvar #0 env(SECNET_STEST_TIMEOUT_MUL) mul
+ if {[info exists mul]} { set timeout [expr {$timeout * $mul}] }
+ eval after $timeout $args
+}
+
proc test-kex {} {
udp-proxy
spawn-secnet in inside
spawn-secnet out outside
- after 500 sendpkt
- after 1000 sendpkt
- after 5000 timed-out
+ adj-after 500 sendpkt
+ adj-after 1000 sendpkt
+ adj-after 5000 timed-out
vwait ok
}