5 load chiark_tcl_hbytes-1.so
6 load chiark_tcl_dgram-1.so
9 local-address "172.18.232.9";
10 secnet-address "172.18.232.10";
11 remote-networks "172.18.232.0/28";
13 set netlink(outside) {
14 local-address "172.18.232.1";
15 secnet-address "172.18.232.2";
16 remote-networks "172.18.232.0/28";
19 set ports(inside) {16913 16910}
20 set ports(outside) 16900
22 set defnet_v4 198.51.100
23 set defnet_v6 2001:db8:ff00
24 set defaddr_v4 ${defnet_v4}.1
25 set defaddr_v6 ${defnet_v6}::1
33 set privkey(inside) test-example/inside.privkeys/
34 set privkey(outside) test-example/outside.privkeys/
38 proc sitesconf_hook {l} { return $l }
40 proc oldsecnet {site} {
41 upvar #0 oldsecnet($site) oldsecnet
42 expr {[info exists oldsecnet] && [set oldsecnet]}
45 proc mkconf {location site} {
52 global defaddr_v4 defaddr_v6
53 upvar #0 privkey($site) privkey
54 set pipefp $tmp/$site.netlink
56 file delete $pipefp.$tr
57 exec mkfifo -m600 $pipefp.$tr
58 set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
59 fconfigure $fh -blocking 0 -buffering none -translation binary
61 fileevent $netlinkfh($site.r) readable \
62 [list netlink-readable $location $site]
63 set fakeuf $tmp/$site.fake-userv
64 set fakeuh [open $fakeuf w 0755]
65 puts $fakeuh "#!/bin/sh
68 cat <&3 3<&- >$pipefp.r &
79 userv-path \"$fakeuf\";
82 buffer sysbuffer(2048);
83 interface \"secnet-test-[string range $site 0 0]\";
88 foreach port $ports($site) {
92 address \"$defaddr_v6\", \"$defaddr_v4\";
93 buffer sysbuffer(4096);
99 local-name \"test-example/$location/$site\";
101 switch -glob $privkey {
103 set sitesconf sites.conf
105 key-cache priv-cache({
106 privkeys \"$builddir/${privkey}priv.\";
111 set sitesconf sites-nonego.conf
113 local-key load-private(\"[lindex $privkey 1]\",\"$builddir/[lindex $privkey 2]\");
117 set sitesconf sites-nonego.conf
119 local-key rsa-private(\"$builddir/$privkey\");
123 set sitesconf $builddir/test-example/$sitesconf
125 append cfg $extra($site)
129 class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
131 if {[oldsecnet $site]} { append cfg "
132 filename \"/dev/stderr\";
143 random randomfile("/dev/urandom",no);
144 transform eax-serpent { }, serpent256-cbc { };
147 set pubkeys $tmp/$site.pubkeys
148 file delete -force $pubkeys
149 exec cp -rl $builddir/test-example/pubkeys $pubkeys
151 set f [open $sitesconf r]
152 while {[gets $f l] >= 0} {
153 regsub {\"[^\"]*test-example/pubkeys/} $l "\"$pubkeys/" l
154 regsub -all {\"\[127\.0\.0\.1\]\"} $l "\"\[$defaddr_v4\]\"" l
155 regsub -all {\"\[::1]\"} $l "\"\[$defaddr_v6\]\"" l
156 set l [sitesconf_hook $l]
163 sites map(site,all-sites);
169 proc spawn-secnet {location site} {
176 upvar #0 pids($site) pid
177 set readbuf($site) {}
178 set cf $tmp/$site.conf
180 puts $ch [mkconf $location $site]
182 set secnet $builddir/secnet
183 if {[oldsecnet $site]} {
184 set secnet $env(OLD_SECNET_DIR)/secnet
186 set argl [list $secnet -dvnc $cf]
187 set divertk SECNET_STEST_DIVERT_$site
189 foreach k [array names env] {
191 SECNET_STEST_DIVERT_* -
192 SECNET_TEST_BUILDDIR - OLD_SECNET_DIR { }
194 *PRELOAD* { puts -nonewline " $k=$env($k)" }
197 if {[info exists env($divertk)]} {
198 switch -glob $env($divertk) {
200 regsub {^i} $env($divertk) {} divert_prefix
201 puts "$divert_prefix $argl"
202 puts -nonewline "run ^ command, hit return "
212 set argl [split $env($divertk)]
216 error "$divertk not understood"
220 if {[llength $argl]} {
222 set pidmap($pid) "secnet $location/$site"
224 execl [lindex $argl 0] [lrange $argl 1 end]
227 puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
230 proc netlink-readable {location site} {
232 upvar #0 readbuf($site) buf
233 upvar #0 netlinkfh($site.r) fh
236 set h [hbytes raw2h $x]
237 if {![hbytes length $h]} return
239 #puts "READABLE $site buf=$buf"
240 while {[regexp {^((?:..)*?)c0(.*)$} $buf dummy now buf]} {
241 #puts "READABLE $site now=$now (buf=$buf)"
242 regsub -all {^((?:..)*?)dbdc} $now {\1c0} now
243 regsub -all {^((?:..)*?)dbdd} $now {\1db} now
244 puts "netlink-got-packet $location $site $now"
245 netlink-got-packet $location $site $now
250 proc netlink-got-packet {location site data} {
252 if {![hbytes length $data]} return
253 switch -exact $site!$initiator {
254 inside!inside - outside!outside {
256 45000054ed9d4000fe0166d9ac12e802ac12e80900* {
261 error "unexpected $site $data"
266 error "$site rx'd! (initiator $initiator)"
271 proc bgerror {message} {
272 global errorInfo errorCode
275 ----------------------------------------
280 ----------------------------------------
290 4500 0054 ed9d 4000 4001 24da ac12 e809
291 ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
292 0000 0000 507f 0b00 0000 0000 1011 1213
293 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
294 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
297 puts -nonewline $netlinkfh($initiator.t) \
298 [hbytes h2raw c0[join $p ""]c0]
302 exec mkdir -p -m700 $socktmp
303 regsub {^(?!/|\./)} $socktmp {./} socktmp ;# dgram-socket wants ./ or /
305 proc prefix_preload {lib} { prefix_some_path LD_PRELOAD $lib }
307 set env(UDP_PRELOAD_DIR) $socktmp
308 prefix_preload $builddir/stest/udp-preload.so
310 proc finish {estatus} {
311 puts stderr "FINISHING $estatus"
312 signal default SIGCHLD
314 foreach pid [array names pidmap] {
323 foreach pid [array names pidmap] {
324 set got [wait -nohang $pid]
325 if {![llength $got]} continue
326 set info $pidmap($pid)
328 puts stderr "reaped $info: $got"
333 signal -restart trap SIGCHLD { after idle reap }
336 global socktmp udpsock
339 regsub {^(?!/)} $u {./} u
340 set udpsock [dgram-socket create $u]
341 dgram-socket on-receive $udpsock udp-relay
344 proc udp-relay {data src sock args} {
345 global udpsock socktmp
346 set headerlen [expr {52+1}]
349 set dst [hbytes range $data 0 $headerlen]
350 regsub {(?:00)*$} $dst {} dst
351 set dst [hbytes h2raw $dst]
353 hbytes overwrite data 0 [hbytes zeroes $headerlen]
354 regsub {.*/} $src {} src
355 set srch [hbytes raw2h $src]
356 hbytes append srch 00
358 if {[regexp {[^.,:0-9a-f]} $dst c]} { error "bad dst" }
359 if {[hbytes length $srch] > $headerlen} { error "src addr too long" }
360 hbytes overwrite data 0 $srch
361 dgram-socket transmit $udpsock $data $socktmp/$dst
363 puts stderr "$orgsrc -> $dst: $emsg"
367 proc adj-after {timeout args} {
368 upvar #0 env(SECNET_STEST_TIMEOUT_MUL) mul
369 if {[info exists mul]} { set timeout [expr {$timeout * $mul}] }
370 eval after $timeout $args
375 spawn-secnet in inside
376 spawn-secnet out outside
378 adj-after 500 sendpkt
379 adj-after 1000 sendpkt
380 adj-after 5000 timed-out