5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
28 set privkey(inside) test-example/inside.key
29 set privkey(outside) test-example/outside.key
31 proc mkconf {location site} {
38 upvar #0 privkey($site) privkey
39 set pipefp $tmp/$site.netlink
41 file delete $pipefp.$tr
42 exec mkfifo -m600 $pipefp.$tr
43 set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
44 fconfigure $fh -blocking 0 -buffering none -translation binary
46 fileevent $netlinkfh($site.r) readable \
47 [list netlink-readable $location $site]
48 set fakeuf $tmp/$site.fake-userv
49 set fakeuh [open $fakeuf w 0755]
50 puts $fakeuh "#!/bin/sh
53 cat <&3 3<&- >$pipefp.r &
64 userv-path \"$fakeuf\";
67 buffer sysbuffer(2048);
68 interface \"secnet-test-[string range $site 0 0]\";
73 foreach port $ports($site) {
77 address \"::1\", \"127.0.0.1\";
78 buffer sysbuffer(4096);
84 local-name \"test-example/$location/$site\";
86 switch -glob $privkey {
89 key-cache priv-cache({
90 privkeys \"$builddir/${privkey}priv.\";
96 local-key rsa-private(\"$builddir/$privkey\");
101 append cfg $extra($site)
105 class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
114 random randomfile("/dev/urandom",no);
115 transform eax-serpent { }, serpent256-cbc { };
118 set pubkeys $tmp/$site.pubkeys
119 file delete -force $pubkeys
120 exec cp -rl $builddir/test-example/pubkeys $pubkeys
122 set f [open $builddir/test-example/sites.conf r]
123 while {[gets $f l] >= 0} {
124 regsub {\"[^\"]*test-example/pubkeys/} $l "\"$pubkeys/" l
131 sites map(site,all-sites);
137 proc spawn-secnet {location site} {
144 upvar #0 pids($site) pid
145 set readbuf($site) {}
146 set cf $tmp/$site.conf
148 puts $ch [mkconf $location $site]
150 set argl [list $builddir/secnet -dvnc $cf]
151 set divertk SECNET_STEST_DIVERT_$site
152 puts -nonewline "spawn"
153 foreach k [array names env] {
155 SECNET_STEST_DIVERT_* -
156 SECNET_TEST_BUILDDIR { }
158 *PRELOAD* { puts -nonewline " $k=$env($k)" }
162 if {[info exists env($divertk)]} {
163 switch -glob $env($divertk) {
165 puts -nonewline "run ^ command, hit return "
173 set argl [split $env($divertk)]
177 if {[llength $argl]} {
179 set pidmap($pid) "secnet $location/$site"
181 execl [lindex $argl 0] [lrange $argl 1 end]
184 puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
187 proc netlink-readable {location site} {
189 upvar #0 readbuf($site) buf
190 upvar #0 netlinkfh($site.r) fh
193 set h [hbytes raw2h $x]
194 if {![hbytes length $h]} return
196 #puts "READABLE $site buf=$buf"
197 while {[regexp {^((?:..)*?)c0(.*)$} $buf dummy now buf]} {
198 #puts "READABLE $site now=$now (buf=$buf)"
199 regsub -all {^((?:..)*?)dbdc} $now {\1c0} now
200 regsub -all {^((?:..)*?)dbdd} $now {\1db} now
201 puts "netlink-got-packet $location $site $now"
202 netlink-got-packet $location $site $now
207 proc netlink-got-packet {location site data} {
208 if {![hbytes length $data]} return
209 switch -exact $site {
212 45000054ed9d4000fe0166d9ac12e802ac12e80900* {
217 error "unexpected $site $data"
227 proc bgerror {message} {
228 global errorInfo errorCode
231 ----------------------------------------
236 ----------------------------------------
245 4500 0054 ed9d 4000 4001 24da ac12 e809
246 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
247 0000 0000 507f 0b00 0000 0000 1011 1213
248 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
249 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
252 puts -nonewline $netlinkfh(inside.t) \
253 [hbytes h2raw c0[join $p ""]c0]
257 exec mkdir -p -m700 $socktmp
258 regsub {^(?!/|\./)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
260 proc prefix_preload {lib} { prefix_some_path LD_PRELOAD $lib }
262 set env(UDP_PRELOAD_DIR) $socktmp
263 prefix_preload $builddir/stest/udp-preload.so
265 proc finish {estatus} {
266 puts stderr "FINISHING $estatus"
267 signal default SIGCHLD
269 foreach pid [array names pidmap] {
278 foreach pid [array names pidmap] {
279 set got [wait -nohang $pid]
280 if {![llength $got]} continue
281 set info $pidmap($pid)
283 puts stderr "reaped $info: $got"
288 signal -restart trap SIGCHLD { after idle reap }
291 global socktmp udpsock
294 regsub {^(?!/)} $u {./} u
295 set udpsock [dgram-socket create $u]
296 dgram-socket on-receive $udpsock udp-relay
299 proc udp-relay {data src sock args} {
300 global udpsock socktmp
301 set headerlen [expr {52+1}]
304 set dst [hbytes range $data 0 $headerlen]
305 regsub {(?:00)*$} $dst {} dst
306 set dst [hbytes h2raw $dst]
308 hbytes overwrite data 0 [hbytes zeroes $headerlen]
309 regsub {.*/} $src {} src
310 set srch [hbytes raw2h $src]
311 hbytes append srch 00
313 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
314 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
315 hbytes overwrite data 0 $srch
316 dgram-socket transmit $udpsock $data $socktmp/$dst
318 puts stderr "$orgsrc -> $dst: $emsg"
324 spawn-secnet in inside
325 spawn-secnet out outside