5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
28 proc mkconf {location site} {
35 set pipefp $tmp/$site.netlink
37 file delete $pipefp.$tr
38 exec mkfifo -m600 $pipefp.$tr
39 set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
40 fconfigure $fh -blocking 0 -buffering none -translation binary
42 fileevent $netlinkfh($site.r) readable \
43 [list netlink-readable $location $site]
44 set fakeuf $tmp/$site.fake-userv
45 set fakeuh [open $fakeuf w 0755]
46 puts $fakeuh "#!/bin/sh
49 cat <&3 3<&- >$pipefp.r &
59 userv-path \"$fakeuf\";
62 buffer sysbuffer(2048);
63 interface \"secnet-test-[string range $site 0 0]\";
68 foreach port $ports($site) {
72 address \"::1\", \"127.0.0.1\";
73 buffer sysbuffer(4096);
79 local-name \"test-example/$location/$site\";
80 local-key rsa-private(\"$builddir/test-example/$site.key\");
82 append cfg $extra($site)
86 class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
95 random randomfile("/dev/urandom",no);
96 transform eax-serpent { }, serpent256-cbc { };
99 set pubkeys $tmp/$site.pubkeys
100 file delete -force $pubkeys
101 exec cp -rl $builddir/test-example/pubkeys $pubkeys
103 set f [open $builddir/test-example/sites.conf r]
104 while {[gets $f l] >= 0} {
105 regsub {\"[^\"]*test-example/pubkeys/} $l "\"$pubkeys/" l
112 sites map(site,all-sites);
118 proc spawn-secnet {location site} {
125 upvar #0 pids($site) pid
126 set readbuf($site) {}
127 set cf $tmp/$site.conf
129 puts $ch [mkconf $location $site]
131 set argl [list $builddir/secnet -dvnc $cf]
132 set divertk SECNET_STEST_DIVERT_$site
133 puts -nonewline "spawn"
134 foreach k [array names env] {
136 SECNET_STEST_DIVERT_* -
137 SECNET_TEST_BUILDDIR { }
139 *PRELOAD* { puts -nonewline " $k=$env($k)" }
143 if {[info exists env($divertk)]} {
144 switch -glob $env($divertk) {
146 puts -nonewline "run ^ command, hit return "
154 set argl [split $env($divertk)]
158 if {[llength $argl]} {
160 set pidmap($pid) "secnet $location/$site"
162 execl [lindex $argl 0] [lrange $argl 1 end]
165 puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
168 proc netlink-readable {location site} {
170 upvar #0 readbuf($site) buf
171 upvar #0 netlinkfh($site.r) fh
174 set h [hbytes raw2h $x]
175 if {![hbytes length $h]} return
177 #puts "READABLE $site buf=$buf"
178 while {[regexp {^((?:..)*?)c0(.*)$} $buf dummy now buf]} {
179 #puts "READABLE $site now=$now (buf=$buf)"
180 regsub -all {^((?:..)*?)dbdc} $now {\1c0} now
181 regsub -all {^((?:..)*?)dbdd} $now {\1db} now
182 puts "netlink-got-packet $location $site $now"
183 netlink-got-packet $location $site $now
188 proc netlink-got-packet {location site data} {
189 if {![hbytes length $data]} return
190 switch -exact $site {
193 45000054ed9d4000fe0166d9ac12e802ac12e80900* {
198 error "unexpected $site $data"
208 proc bgerror {message} {
209 global errorInfo errorCode
212 ----------------------------------------
217 ----------------------------------------
226 4500 0054 ed9d 4000 4001 24da ac12 e809
227 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
228 0000 0000 507f 0b00 0000 0000 1011 1213
229 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
230 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
233 puts -nonewline $netlinkfh(inside.t) \
234 [hbytes h2raw c0[join $p ""]c0]
238 exec mkdir -p -m700 $socktmp
239 regsub {^(?!/|\./)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
241 proc prefix_preload {lib} { prefix_some_path LD_PRELOAD $lib }
243 set env(UDP_PRELOAD_DIR) $socktmp
244 prefix_preload $builddir/stest/udp-preload.so
246 proc finish {estatus} {
247 puts stderr "FINISHING $estatus"
248 signal default SIGCHLD
250 foreach pid [array names pidmap] {
259 foreach pid [array names pidmap] {
260 set got [wait -nohang $pid]
261 if {![llength $got]} continue
262 set info $pidmap($pid)
264 puts stderr "reaped $info: $got"
269 signal -restart trap SIGCHLD { after idle reap }
272 global socktmp udpsock
275 regsub {^(?!/)} $u {./} u
276 set udpsock [dgram-socket create $u]
277 dgram-socket on-receive $udpsock udp-relay
280 proc udp-relay {data src sock args} {
281 global udpsock socktmp
282 set headerlen [expr {52+1}]
285 set dst [hbytes range $data 0 $headerlen]
286 regsub {(?:00)*$} $dst {} dst
287 set dst [hbytes h2raw $dst]
289 hbytes overwrite data 0 [hbytes zeroes $headerlen]
290 regsub {.*/} $src {} src
291 set srch [hbytes raw2h $src]
292 hbytes append srch 00
294 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
295 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
296 hbytes overwrite data 0 $srch
297 dgram-socket transmit $udpsock $data $socktmp/$dst
299 puts stderr "$orgsrc -> $dst: $emsg"
305 spawn-secnet in inside
306 spawn-secnet out outside