+# This file is part of secnet.
+# See LICENCE and this file CREDITS for full list of copyright holders.
+# SPDX-License-Identifier: GPL-3.0-or-later
+# There is NO WARRANTY.
+
source test-common.tcl
package require Tclx
set ports(inside) {16913 16910}
set ports(outside) 16900
+set defnet_v4 198.51.100
+set defnet_v6 2001:db8:ff00
+set defaddr_v4 ${defnet_v4}.1
+set defaddr_v6 ${defnet_v6}::1
+
set extra(inside) {
local-mobile True;
mtu-target 1260;
}
set extra(outside) {}
-set privkey(inside) test-example/inside.key
-set privkey(outside) test-example/outside.key
+set privkey(inside) test-example/inside.privkeys/
+set privkey(outside) test-example/outside.privkeys/
+
+set initiator inside
+
+proc sitesconf_hook {l} { return $l }
+
+proc oldsecnet {site} {
+ upvar #0 oldsecnet($site) oldsecnet
+ expr {[info exists oldsecnet] && [set oldsecnet]}
+}
proc mkconf {location site} {
global tmp
global ports
global extra
global netlinkfh
+ global defaddr_v4 defaddr_v6
upvar #0 privkey($site) privkey
set pipefp $tmp/$site.netlink
foreach tr {t r} {
append cfg "$delim
udp {
port $port;
- address \"::1\", \"127.0.0.1\";
+ address \"$defaddr_v6\", \"$defaddr_v4\";
buffer sysbuffer(4096);
}
"
key-cache priv-cache({
privkeys \"$builddir/${privkey}priv.\";
});
+"
+ }
+ {load-private *} {
+ set sitesconf sites-nonego.conf
+ append cfg "
+ local-key load-private(\"[lindex $privkey 1]\",\"$builddir/[lindex $privkey 2]\");
"
}
* {
- set sitesconf sites.conf
+ set sitesconf sites-nonego.conf
append cfg "
local-key rsa-private(\"$builddir/$privkey\");
"
log logfile {
prefix \"$site\";
class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
+ "
+ if {[oldsecnet $site]} { append cfg "
+ filename \"/dev/stderr\";
+ " }
+ append cfg "
};
"
append cfg {
set f [open $sitesconf r]
while {[gets $f l] >= 0} {
regsub {\"[^\"]*test-example/pubkeys/} $l "\"$pubkeys/" l
+ regsub -all {\"\[127\.0\.0\.1\]\"} $l "\"\[$defaddr_v4\]\"" l
+ regsub -all {\"\[::1]\"} $l "\"\[$defaddr_v6\]\"" l
+ set l [sitesconf_hook $l]
append cfg $l "\n"
}
set sites [read $f]
set ch [open $cf w]
puts $ch [mkconf $location $site]
close $ch
- set argl [list $builddir/secnet -dvnc $cf]
+ set secnet $builddir/secnet
+ if {[oldsecnet $site]} {
+ set secnet $env(OLD_SECNET_DIR)/secnet
+ }
+ set argl [list $secnet -dvnc $cf]
set divertk SECNET_STEST_DIVERT_$site
- puts -nonewline "spawn"
+ set spawn_info "spawn:"
foreach k [array names env] {
switch -glob $k {
SECNET_STEST_DIVERT_* -
- SECNET_TEST_BUILDDIR { }
+ SECNET_TEST_BUILDDIR - OLD_SECNET_DIR { }
*SECNET* -
- *PRELOAD* { puts -nonewline " $k=$env($k)" }
+ *PRELOAD* { append spawn_info " $k=$env($k)" }
}
}
- puts " $argl"
if {[info exists env($divertk)]} {
- switch -glob $env($divertk) {
- i {
- puts -nonewline "run ^ command, hit return "
- flush stdout
- gets stdin
- set argl {}
- }
- 0 - "" {
- }
- * {
- set argl [split $env($divertk)]
- }
+ set divert $env($divertk)
+ } else {
+ set divert {}
+ }
+ switch -glob $divert {
+ i - {i *} {
+ regsub {^i} $divert {} divert_prefix
+ puts "$spawn_info $divert_prefix $argl"
+ puts -nonewline "run ^ command, hit return "
+ flush stdout
+ gets stdin
+ set argl {}
+ }
+ 0 - "" {
+ puts "$spawn_info $argl"
+ }
+ /* - ./* {
+ puts "$spawn_info $argl"
+ set argl [split $divert]
+ puts "... $argl"
+ }
+ * {
+ error "$divertk not understood"
}
}
if {[llength $argl]} {
}
proc netlink-got-packet {location site data} {
+ global initiator
if {![hbytes length $data]} return
- switch -exact $site {
- inside {
+ switch -exact $site!$initiator {
+ inside!inside - outside!outside {
switch -glob $data {
45000054ed9d4000fe0166d9ac12e802ac12e80900* {
puts "OK $data"
}
}
}
- outside {
- error "inside rx'd!"
+ default {
+ error "$site rx'd! (initiator $initiator)"
}
}
}
proc sendpkt {} {
global netlinkfh
+ global initiator
set p {
4500 0054 ed9d 4000 4001 24da ac12 e809
ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
}
- puts -nonewline $netlinkfh(inside.t) \
+ puts -nonewline $netlinkfh($initiator.t) \
[hbytes h2raw c0[join $p ""]c0]
}
}
}
+proc adj-after {timeout args} {
+ upvar #0 env(SECNET_STEST_TIMEOUT_MUL) mul
+ if {[info exists mul]} { set timeout [expr {$timeout * $mul}] }
+ eval after $timeout $args
+}
+
proc test-kex {} {
udp-proxy
spawn-secnet in inside
spawn-secnet out outside
- after 500 sendpkt
- after 1000 sendpkt
- after 5000 timed-out
+ adj-after 500 sendpkt
+ adj-after 1000 sendpkt
+ adj-after 5000 timed-out
vwait ok
}
~ianmdlvl / secnet.git / blobdiff