5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
28 set privkey(inside) test-example/inside.privkeys/
29 set privkey(outside) test-example/outside.privkeys/
31 proc sitesconf_hook {l} { return $l }
33 proc mkconf {location site} {
40 upvar #0 privkey($site) privkey
41 set pipefp $tmp/$site.netlink
43 file delete $pipefp.$tr
44 exec mkfifo -m600 $pipefp.$tr
45 set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
46 fconfigure $fh -blocking 0 -buffering none -translation binary
48 fileevent $netlinkfh($site.r) readable \
49 [list netlink-readable $location $site]
50 set fakeuf $tmp/$site.fake-userv
51 set fakeuh [open $fakeuf w 0755]
52 puts $fakeuh "#!/bin/sh
55 cat <&3 3<&- >$pipefp.r &
66 userv-path \"$fakeuf\";
69 buffer sysbuffer(2048);
70 interface \"secnet-test-[string range $site 0 0]\";
75 foreach port $ports($site) {
79 address \"::1\", \"127.0.0.1\";
80 buffer sysbuffer(4096);
86 local-name \"test-example/$location/$site\";
88 switch -glob $privkey {
90 set sitesconf sites.conf
92 key-cache priv-cache({
93 privkeys \"$builddir/${privkey}priv.\";
98 set sitesconf sites-nonego.conf
100 local-key rsa-private(\"$builddir/$privkey\");
104 set sitesconf $builddir/test-example/$sitesconf
106 append cfg $extra($site)
110 class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
119 random randomfile("/dev/urandom",no);
120 transform eax-serpent { }, serpent256-cbc { };
123 set pubkeys $tmp/$site.pubkeys
124 file delete -force $pubkeys
125 exec cp -rl $builddir/test-example/pubkeys $pubkeys
127 set f [open $sitesconf r]
128 while {[gets $f l] >= 0} {
129 regsub {\"[^\"]*test-example/pubkeys/} $l "\"$pubkeys/" l
130 set l [sitesconf_hook $l]
137 sites map(site,all-sites);
143 proc spawn-secnet {location site} {
150 upvar #0 pids($site) pid
151 set readbuf($site) {}
152 set cf $tmp/$site.conf
154 puts $ch [mkconf $location $site]
156 set argl [list $builddir/secnet -dvnc $cf]
157 set divertk SECNET_STEST_DIVERT_$site
158 puts -nonewline "spawn"
159 foreach k [array names env] {
161 SECNET_STEST_DIVERT_* -
162 SECNET_TEST_BUILDDIR { }
164 *PRELOAD* { puts -nonewline " $k=$env($k)" }
168 if {[info exists env($divertk)]} {
169 switch -glob $env($divertk) {
171 puts -nonewline "run ^ command, hit return "
179 set argl [split $env($divertk)]
183 if {[llength $argl]} {
185 set pidmap($pid) "secnet $location/$site"
187 execl [lindex $argl 0] [lrange $argl 1 end]
190 puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
193 proc netlink-readable {location site} {
195 upvar #0 readbuf($site) buf
196 upvar #0 netlinkfh($site.r) fh
199 set h [hbytes raw2h $x]
200 if {![hbytes length $h]} return
202 #puts "READABLE $site buf=$buf"
203 while {[regexp {^((?:..)*?)c0(.*)$} $buf dummy now buf]} {
204 #puts "READABLE $site now=$now (buf=$buf)"
205 regsub -all {^((?:..)*?)dbdc} $now {\1c0} now
206 regsub -all {^((?:..)*?)dbdd} $now {\1db} now
207 puts "netlink-got-packet $location $site $now"
208 netlink-got-packet $location $site $now
213 proc netlink-got-packet {location site data} {
214 if {![hbytes length $data]} return
215 switch -exact $site {
218 45000054ed9d4000fe0166d9ac12e802ac12e80900* {
223 error "unexpected $site $data"
233 proc bgerror {message} {
234 global errorInfo errorCode
237 ----------------------------------------
242 ----------------------------------------
251 4500 0054 ed9d 4000 4001 24da ac12 e809
252 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
253 0000 0000 507f 0b00 0000 0000 1011 1213
254 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
255 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
258 puts -nonewline $netlinkfh(inside.t) \
259 [hbytes h2raw c0[join $p ""]c0]
263 exec mkdir -p -m700 $socktmp
264 regsub {^(?!/|\./)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
266 proc prefix_preload {lib} { prefix_some_path LD_PRELOAD $lib }
268 set env(UDP_PRELOAD_DIR) $socktmp
269 prefix_preload $builddir/stest/udp-preload.so
271 proc finish {estatus} {
272 puts stderr "FINISHING $estatus"
273 signal default SIGCHLD
275 foreach pid [array names pidmap] {
284 foreach pid [array names pidmap] {
285 set got [wait -nohang $pid]
286 if {![llength $got]} continue
287 set info $pidmap($pid)
289 puts stderr "reaped $info: $got"
294 signal -restart trap SIGCHLD { after idle reap }
297 global socktmp udpsock
300 regsub {^(?!/)} $u {./} u
301 set udpsock [dgram-socket create $u]
302 dgram-socket on-receive $udpsock udp-relay
305 proc udp-relay {data src sock args} {
306 global udpsock socktmp
307 set headerlen [expr {52+1}]
310 set dst [hbytes range $data 0 $headerlen]
311 regsub {(?:00)*$} $dst {} dst
312 set dst [hbytes h2raw $dst]
314 hbytes overwrite data 0 [hbytes zeroes $headerlen]
315 regsub {.*/} $src {} src
316 set srch [hbytes raw2h $src]
317 hbytes append srch 00
319 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
320 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
321 hbytes overwrite data 0 $srch
322 dgram-socket transmit $udpsock $data $socktmp/$dst
324 puts stderr "$orgsrc -> $dst: $emsg"
330 spawn-secnet in inside
331 spawn-secnet out outside