5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
28 set privkey(inside) test-example/inside.privkeys/
29 set privkey(outside) test-example/outside.privkeys/
31 proc mkconf {location site} {
38 upvar #0 privkey($site) privkey
39 set pipefp $tmp/$site.netlink
41 file delete $pipefp.$tr
42 exec mkfifo -m600 $pipefp.$tr
43 set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
44 fconfigure $fh -blocking 0 -buffering none -translation binary
46 fileevent $netlinkfh($site.r) readable \
47 [list netlink-readable $location $site]
48 set fakeuf $tmp/$site.fake-userv
49 set fakeuh [open $fakeuf w 0755]
50 puts $fakeuh "#!/bin/sh
53 cat <&3 3<&- >$pipefp.r &
64 userv-path \"$fakeuf\";
67 buffer sysbuffer(2048);
68 interface \"secnet-test-[string range $site 0 0]\";
73 foreach port $ports($site) {
77 address \"::1\", \"127.0.0.1\";
78 buffer sysbuffer(4096);
84 local-name \"test-example/$location/$site\";
86 switch -glob $privkey {
88 set sitesconf sites.conf
90 key-cache priv-cache({
91 privkeys \"$builddir/${privkey}priv.\";
96 set sitesconf sites-nonego.conf
98 local-key rsa-private(\"$builddir/$privkey\");
102 set sitesconf $builddir/test-example/$sitesconf
104 append cfg $extra($site)
108 class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
117 random randomfile("/dev/urandom",no);
118 transform eax-serpent { }, serpent256-cbc { };
121 set pubkeys $tmp/$site.pubkeys
122 file delete -force $pubkeys
123 exec cp -rl $builddir/test-example/pubkeys $pubkeys
125 set f [open $sitesconf r]
126 while {[gets $f l] >= 0} {
127 regsub {\"[^\"]*test-example/pubkeys/} $l "\"$pubkeys/" l
134 sites map(site,all-sites);
140 proc spawn-secnet {location site} {
147 upvar #0 pids($site) pid
148 set readbuf($site) {}
149 set cf $tmp/$site.conf
151 puts $ch [mkconf $location $site]
153 set argl [list $builddir/secnet -dvnc $cf]
154 set divertk SECNET_STEST_DIVERT_$site
155 puts -nonewline "spawn"
156 foreach k [array names env] {
158 SECNET_STEST_DIVERT_* -
159 SECNET_TEST_BUILDDIR { }
161 *PRELOAD* { puts -nonewline " $k=$env($k)" }
165 if {[info exists env($divertk)]} {
166 switch -glob $env($divertk) {
168 puts -nonewline "run ^ command, hit return "
176 set argl [split $env($divertk)]
180 if {[llength $argl]} {
182 set pidmap($pid) "secnet $location/$site"
184 execl [lindex $argl 0] [lrange $argl 1 end]
187 puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
190 proc netlink-readable {location site} {
192 upvar #0 readbuf($site) buf
193 upvar #0 netlinkfh($site.r) fh
196 set h [hbytes raw2h $x]
197 if {![hbytes length $h]} return
199 #puts "READABLE $site buf=$buf"
200 while {[regexp {^((?:..)*?)c0(.*)$} $buf dummy now buf]} {
201 #puts "READABLE $site now=$now (buf=$buf)"
202 regsub -all {^((?:..)*?)dbdc} $now {\1c0} now
203 regsub -all {^((?:..)*?)dbdd} $now {\1db} now
204 puts "netlink-got-packet $location $site $now"
205 netlink-got-packet $location $site $now
210 proc netlink-got-packet {location site data} {
211 if {![hbytes length $data]} return
212 switch -exact $site {
215 45000054ed9d4000fe0166d9ac12e802ac12e80900* {
220 error "unexpected $site $data"
230 proc bgerror {message} {
231 global errorInfo errorCode
234 ----------------------------------------
239 ----------------------------------------
248 4500 0054 ed9d 4000 4001 24da ac12 e809
249 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
250 0000 0000 507f 0b00 0000 0000 1011 1213
251 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
252 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
255 puts -nonewline $netlinkfh(inside.t) \
256 [hbytes h2raw c0[join $p ""]c0]
260 exec mkdir -p -m700 $socktmp
261 regsub {^(?!/|\./)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
263 proc prefix_preload {lib} { prefix_some_path LD_PRELOAD $lib }
265 set env(UDP_PRELOAD_DIR) $socktmp
266 prefix_preload $builddir/stest/udp-preload.so
268 proc finish {estatus} {
269 puts stderr "FINISHING $estatus"
270 signal default SIGCHLD
272 foreach pid [array names pidmap] {
281 foreach pid [array names pidmap] {
282 set got [wait -nohang $pid]
283 if {![llength $got]} continue
284 set info $pidmap($pid)
286 puts stderr "reaped $info: $got"
291 signal -restart trap SIGCHLD { after idle reap }
294 global socktmp udpsock
297 regsub {^(?!/)} $u {./} u
298 set udpsock [dgram-socket create $u]
299 dgram-socket on-receive $udpsock udp-relay
302 proc udp-relay {data src sock args} {
303 global udpsock socktmp
304 set headerlen [expr {52+1}]
307 set dst [hbytes range $data 0 $headerlen]
308 regsub {(?:00)*$} $dst {} dst
309 set dst [hbytes h2raw $dst]
311 hbytes overwrite data 0 [hbytes zeroes $headerlen]
312 regsub {.*/} $src {} src
313 set srch [hbytes raw2h $src]
314 hbytes append srch 00
316 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
317 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
318 hbytes overwrite data 0 $srch
319 dgram-socket transmit $udpsock $data $socktmp/$dst
321 puts stderr "$orgsrc -> $dst: $emsg"
327 spawn-secnet in inside
328 spawn-secnet out outside