Mon Aug 31 20:32:58 2020 UTC ()
tests/net/if_wg: Allow one second of leeway for rekey.


(riastradh)
diff -r1.4 -r1.5 src/tests/net/if_wg/t_misc.sh
cvs diff -r1.4 -r1.5 src/tests/net/if_wg/t_misc.sh (switch to unified diff)

--- src/tests/net/if_wg/t_misc.sh 2020/08/29 07:22:49 1.4
+++ src/tests/net/if_wg/t_misc.sh 2020/08/31 20:32:58 1.5
@@ -1,672 +1,672 @@ @@ -1,672 +1,672 @@
1# $NetBSD: t_misc.sh,v 1.4 2020/08/29 07:22:49 tih Exp $ 1# $NetBSD: t_misc.sh,v 1.5 2020/08/31 20:32:58 riastradh Exp $
2# 2#
3# Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com> 3# Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com>
4# All rights reserved. 4# All rights reserved.
5# 5#
6# Redistribution and use in source and binary forms, with or without 6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions 7# modification, are permitted provided that the following conditions
8# are met: 8# are met:
9# 1. Redistributions of source code must retain the above copyright 9# 1. Redistributions of source code must retain the above copyright
10# notice, this list of conditions and the following disclaimer. 10# notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright 11# 2. Redistributions in binary form must reproduce the above copyright
12# notice, this list of conditions and the following disclaimer in the 12# notice, this list of conditions and the following disclaimer in the
13# documentation and/or other materials provided with the distribution. 13# documentation and/or other materials provided with the distribution.
14# 14#
15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25# POSSIBILITY OF SUCH DAMAGE. 25# POSSIBILITY OF SUCH DAMAGE.
26# 26#
27 27
28BUS=bus 28BUS=bus
29SOCK_LOCAL=unix://wg_local 29SOCK_LOCAL=unix://wg_local
30SOCK_PEER=unix://wg_peer 30SOCK_PEER=unix://wg_peer
31 31
32 32
33atf_test_case wg_rekey cleanup 33atf_test_case wg_rekey cleanup
34wg_rekey_head() 34wg_rekey_head()
35{ 35{
36 36
37 atf_set "descr" "tests of rekeying of wg(4)" 37 atf_set "descr" "tests of rekeying of wg(4)"
38 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 38 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
39} 39}
40 40
41wg_rekey_body() 41wg_rekey_body()
42{ 42{
43 local ifconfig="atf_check -s exit:0 rump.ifconfig" 43 local ifconfig="atf_check -s exit:0 rump.ifconfig"
44 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1" 44 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1"
45 local ip_local=192.168.1.1 45 local ip_local=192.168.1.1
46 local ip_peer=192.168.1.2 46 local ip_peer=192.168.1.2
47 local ip_wg_local=10.0.0.1 47 local ip_wg_local=10.0.0.1
48 local ip_wg_peer=10.0.0.2 48 local ip_wg_peer=10.0.0.2
49 local port=51820 49 local port=51820
50 local rekey_after_time=3 50 local rekey_after_time=3
51 local latest_handshake= 51 local latest_handshake=
52 52
53 setup_servers 53 setup_servers
54 54
55 export RUMP_SERVER=$SOCK_LOCAL 55 export RUMP_SERVER=$SOCK_LOCAL
56 atf_check -s exit:0 -o ignore \ 56 atf_check -s exit:0 -o ignore \
57 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 57 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
58 export RUMP_SERVER=$SOCK_PEER 58 export RUMP_SERVER=$SOCK_PEER
59 atf_check -s exit:0 -o ignore \ 59 atf_check -s exit:0 -o ignore \
60 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 60 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
61 61
62 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 62 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
63 generate_keys 63 generate_keys
64 64
65 export RUMP_SERVER=$SOCK_LOCAL 65 export RUMP_SERVER=$SOCK_LOCAL
66 setup_common shmif0 inet $ip_local 24 66 setup_common shmif0 inet $ip_local 24
67 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 67 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
68 68
69 export RUMP_SERVER=$SOCK_PEER 69 export RUMP_SERVER=$SOCK_PEER
70 setup_common shmif0 inet $ip_peer 24 70 setup_common shmif0 inet $ip_peer 24
71 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 71 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
72 72
73 export RUMP_SERVER=$SOCK_LOCAL 73 export RUMP_SERVER=$SOCK_LOCAL
74 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 74 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
75 75
76 export RUMP_SERVER=$SOCK_PEER 76 export RUMP_SERVER=$SOCK_PEER
77 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 77 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
78 78
79 export RUMP_SERVER=$SOCK_LOCAL 79 export RUMP_SERVER=$SOCK_LOCAL
80 80
81 $ping $ip_wg_peer 81 $ping $ip_wg_peer
82 82
83 latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \ 83 latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \
84 | awk -F ': ' '/latest-handshake/ {print $2;}') 84 | awk -F ': ' '/latest-handshake/ {print $2;}')
85 $DEBUG && echo $latest_handshake 85 $DEBUG && echo $latest_handshake
86 86
87 sleep 1 87 sleep 1
88 88
89 $ping $ip_wg_peer 89 $ping $ip_wg_peer
90 90
91 # No reinitiation is performed 91 # No reinitiation is performed
92 atf_check -s exit:0 -o match:"$latest_handshake" \ 92 atf_check -s exit:0 -o match:"$latest_handshake" \
93 $HIJACKING wgconfig wg0 show peer peer0 93 $HIJACKING wgconfig wg0 show peer peer0
94 94
95 # Wait for a reinitiation to be performed 95 # Wait for a reinitiation to be performed
96 sleep $rekey_after_time 96 sleep $rekey_after_time
97 97
98 $ping $ip_wg_peer 98 $ping $ip_wg_peer
99 99
100 # A reinitiation should be performed 100 # A reinitiation should be performed
101 atf_check -s exit:0 -o not-match:"$latest_handshake" \ 101 atf_check -s exit:0 -o not-match:"$latest_handshake" \
102 $HIJACKING wgconfig wg0 show peer peer0 102 $HIJACKING wgconfig wg0 show peer peer0
103 103
104 latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \ 104 latest_handshake=$($HIJACKING wgconfig wg0 show peer peer0 \
105 | awk -F ': ' '/latest-handshake/ {print $2;}') 105 | awk -F ': ' '/latest-handshake/ {print $2;}')
106 $DEBUG && echo $latest_handshake 106 $DEBUG && echo $latest_handshake
107 107
108 # Wait for a reinitiation to be performed again 108 # Wait for a reinitiation to be performed again
109 sleep $rekey_after_time 109 sleep $((rekey_after_time+1))
110 110
111 $ping $ip_wg_peer 111 $ping $ip_wg_peer
112 112
113 # A reinitiation should be performed 113 # A reinitiation should be performed
114 atf_check -s exit:0 -o not-match:"$latest_handshake" \ 114 atf_check -s exit:0 -o not-match:"$latest_handshake" \
115 $HIJACKING wgconfig wg0 show peer peer0 115 $HIJACKING wgconfig wg0 show peer peer0
116 116
117 destroy_wg_interfaces 117 destroy_wg_interfaces
118} 118}
119 119
120wg_rekey_cleanup() 120wg_rekey_cleanup()
121{ 121{
122 122
123 $DEBUG && dump 123 $DEBUG && dump
124 cleanup 124 cleanup
125} 125}
126 126
127atf_test_case wg_handshake_timeout cleanup 127atf_test_case wg_handshake_timeout cleanup
128wg_handshake_timeout_head() 128wg_handshake_timeout_head()
129{ 129{
130 130
131 atf_set "descr" "tests of handshake timeout of wg(4)" 131 atf_set "descr" "tests of handshake timeout of wg(4)"
132 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 132 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
133} 133}
134 134
135wg_handshake_timeout_body() 135wg_handshake_timeout_body()
136{ 136{
137 local ifconfig="atf_check -s exit:0 rump.ifconfig" 137 local ifconfig="atf_check -s exit:0 rump.ifconfig"
138 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1" 138 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1"
139 local ip_local=192.168.1.1 139 local ip_local=192.168.1.1
140 local ip_peer=192.168.1.2 140 local ip_peer=192.168.1.2
141 local ip_wg_local=10.0.0.1 141 local ip_wg_local=10.0.0.1
142 local ip_wg_peer=10.0.0.2 142 local ip_wg_peer=10.0.0.2
143 local port=51820 143 local port=51820
144 local rekey_after_time=3 144 local rekey_after_time=3
145 local outfile=./out 145 local outfile=./out
146 local rekey_timeout=3 146 local rekey_timeout=3
147 local rekey_attempt_time=8 147 local rekey_attempt_time=8
148 local n= 148 local n=
149 149
150 setup_servers 150 setup_servers
151 151
152 export RUMP_SERVER=$SOCK_LOCAL 152 export RUMP_SERVER=$SOCK_LOCAL
153 atf_check -s exit:0 -o ignore \ 153 atf_check -s exit:0 -o ignore \
154 rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout 154 rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout
155 atf_check -s exit:0 -o ignore \ 155 atf_check -s exit:0 -o ignore \
156 rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time 156 rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time
157 export RUMP_SERVER=$SOCK_PEER 157 export RUMP_SERVER=$SOCK_PEER
158 atf_check -s exit:0 -o ignore \ 158 atf_check -s exit:0 -o ignore \
159 rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout 159 rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout
160 atf_check -s exit:0 -o ignore \ 160 atf_check -s exit:0 -o ignore \
161 rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time 161 rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time
162 162
163 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 163 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
164 generate_keys 164 generate_keys
165 165
166 export RUMP_SERVER=$SOCK_LOCAL 166 export RUMP_SERVER=$SOCK_LOCAL
167 setup_common shmif0 inet $ip_local 24 167 setup_common shmif0 inet $ip_local 24
168 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 168 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
169 169
170 export RUMP_SERVER=$SOCK_PEER 170 export RUMP_SERVER=$SOCK_PEER
171 setup_common shmif0 inet $ip_peer 24 171 setup_common shmif0 inet $ip_peer 24
172 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 172 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
173 173
174 export RUMP_SERVER=$SOCK_LOCAL 174 export RUMP_SERVER=$SOCK_LOCAL
175 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 175 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
176 176
177 export RUMP_SERVER=$SOCK_PEER 177 export RUMP_SERVER=$SOCK_PEER
178 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 178 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
179 179
180 # Resolve arp 180 # Resolve arp
181 export RUMP_SERVER=$SOCK_LOCAL 181 export RUMP_SERVER=$SOCK_LOCAL
182 $ping $ip_peer 182 $ping $ip_peer
183 183
184 export RUMP_SERVER=$SOCK_PEER 184 export RUMP_SERVER=$SOCK_PEER
185 $ifconfig shmif0 down 185 $ifconfig shmif0 down
186 export RUMP_SERVER=$SOCK_LOCAL 186 export RUMP_SERVER=$SOCK_LOCAL
187 187
188 extract_new_packets $BUS > $outfile 188 extract_new_packets $BUS > $outfile
189 189
190 # Should fail 190 # Should fail
191 atf_check -s not-exit:0 -o match:'100.0% packet loss' \ 191 atf_check -s not-exit:0 -o match:'100.0% packet loss' \
192 rump.ping -n -c 1 -w 1 $ip_wg_peer 192 rump.ping -n -c 1 -w 1 $ip_wg_peer
193 193
194 sleep $((rekey_attempt_time + rekey_timeout)) 194 sleep $((rekey_attempt_time + rekey_timeout))
195 195
196 extract_new_packets $BUS > $outfile 196 extract_new_packets $BUS > $outfile
197 $DEBUG && cat $outfile 197 $DEBUG && cat $outfile
198 198
199 n=$(grep "$ip_local.$port > $ip_peer.$port" $outfile |wc -l) 199 n=$(grep "$ip_local.$port > $ip_peer.$port" $outfile |wc -l)
200 200
201 # Give up handshaking after three attempts 201 # Give up handshaking after three attempts
202 atf_check_equal $n 3 202 atf_check_equal $n 3
203 203
204 export RUMP_SERVER=$SOCK_PEER 204 export RUMP_SERVER=$SOCK_PEER
205 $ifconfig shmif0 up 205 $ifconfig shmif0 up
206 export RUMP_SERVER=$SOCK_LOCAL 206 export RUMP_SERVER=$SOCK_LOCAL
207 207
208 destroy_wg_interfaces 208 destroy_wg_interfaces
209} 209}
210 210
211wg_handshake_timeout_cleanup() 211wg_handshake_timeout_cleanup()
212{ 212{
213 213
214 $DEBUG && dump 214 $DEBUG && dump
215 cleanup 215 cleanup
216} 216}
217 217
218atf_test_case wg_cookie cleanup 218atf_test_case wg_cookie cleanup
219wg_cookie_head() 219wg_cookie_head()
220{ 220{
221 221
222 atf_set "descr" "tests of cookie messages of the wg(4) protocol" 222 atf_set "descr" "tests of cookie messages of the wg(4) protocol"
223 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 223 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
224} 224}
225 225
226wg_cookie_body() 226wg_cookie_body()
227{ 227{
228 local ifconfig="atf_check -s exit:0 rump.ifconfig" 228 local ifconfig="atf_check -s exit:0 rump.ifconfig"
229 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 229 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
230 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 230 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
231 local ip_local=192.168.1.1 231 local ip_local=192.168.1.1
232 local ip_peer=192.168.1.2 232 local ip_peer=192.168.1.2
233 local ip_wg_local=10.0.0.1 233 local ip_wg_local=10.0.0.1
234 local ip_wg_peer=10.0.0.2 234 local ip_wg_peer=10.0.0.2
235 local port=51820 235 local port=51820
236 local outfile=./out 236 local outfile=./out
237 local rekey_timeout=5 237 local rekey_timeout=5
238 238
239 setup_servers 239 setup_servers
240 240
241 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 241 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
242 generate_keys 242 generate_keys
243 243
244 export RUMP_SERVER=$SOCK_LOCAL 244 export RUMP_SERVER=$SOCK_LOCAL
245 setup_common shmif0 inet $ip_local 24 245 setup_common shmif0 inet $ip_local 24
246 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 246 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
247 247
248 export RUMP_SERVER=$SOCK_PEER 248 export RUMP_SERVER=$SOCK_PEER
249 setup_common shmif0 inet $ip_peer 24 249 setup_common shmif0 inet $ip_peer 24
250 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 250 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
251 251
252 export RUMP_SERVER=$SOCK_LOCAL 252 export RUMP_SERVER=$SOCK_LOCAL
253 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 253 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
254 254
255 export RUMP_SERVER=$SOCK_PEER 255 export RUMP_SERVER=$SOCK_PEER
256 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 256 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
257 257
258 export RUMP_SERVER=$SOCK_PEER 258 export RUMP_SERVER=$SOCK_PEER
259 # Emulate load on the peer 259 # Emulate load on the peer
260 atf_check -s exit:0 -o ignore \ 260 atf_check -s exit:0 -o ignore \
261 rump.sysctl -w net.wg.force_underload=1 261 rump.sysctl -w net.wg.force_underload=1
262 262
263 export RUMP_SERVER=$SOCK_LOCAL 263 export RUMP_SERVER=$SOCK_LOCAL
264 264
265 extract_new_packets $BUS > $outfile 265 extract_new_packets $BUS > $outfile
266 $DEBUG && cat $outfile 266 $DEBUG && cat $outfile
267 267
268 # The peer doesn't return a response message but a cookie message 268 # The peer doesn't return a response message but a cookie message
269 # and a session doesn't start 269 # and a session doesn't start
270 $ping_fail $ip_wg_peer 270 $ping_fail $ip_wg_peer
271 271
272 extract_new_packets $BUS > $outfile 272 extract_new_packets $BUS > $outfile
273 $DEBUG && cat $outfile 273 $DEBUG && cat $outfile
274 # XXX length 64 indicates the message is a cookie message 274 # XXX length 64 indicates the message is a cookie message
275 atf_check -s exit:0 \ 275 atf_check -s exit:0 \
276 -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 64" \ 276 -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 64" \
277 cat $outfile 277 cat $outfile
278 278
279 $DEBUG && $HIJACKING wgconfig wg0 show all 279 $DEBUG && $HIJACKING wgconfig wg0 show all
280 atf_check -s exit:0 -o match:"latest-handshake: \(never\)" \ 280 atf_check -s exit:0 -o match:"latest-handshake: \(never\)" \
281 $HIJACKING wgconfig wg0 281 $HIJACKING wgconfig wg0
282 282
283 # Wait for restarting a session 283 # Wait for restarting a session
284 sleep $rekey_timeout 284 sleep $rekey_timeout
285 285
286 # The second attempt should be success because the init message has 286 # The second attempt should be success because the init message has
287 # a valid cookie. 287 # a valid cookie.
288 $ping $ip_wg_peer 288 $ping $ip_wg_peer
289 289
290 $DEBUG && $HIJACKING wgconfig wg0 show all 290 $DEBUG && $HIJACKING wgconfig wg0 show all
291 atf_check -s exit:0 -o not-match:"latest-handshake: \(never\)" \ 291 atf_check -s exit:0 -o not-match:"latest-handshake: \(never\)" \
292 $HIJACKING wgconfig wg0 292 $HIJACKING wgconfig wg0
293 293
294 destroy_wg_interfaces 294 destroy_wg_interfaces
295} 295}
296 296
297wg_cookie_cleanup() 297wg_cookie_cleanup()
298{ 298{
299 299
300 $DEBUG && dump 300 $DEBUG && dump
301 cleanup 301 cleanup
302} 302}
303 303
304atf_test_case wg_mobility cleanup 304atf_test_case wg_mobility cleanup
305wg_mobility_head() 305wg_mobility_head()
306{ 306{
307 307
308 atf_set "descr" "tests of the mobility of wg(4)" 308 atf_set "descr" "tests of the mobility of wg(4)"
309 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 309 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
310} 310}
311 311
312wg_mobility_body() 312wg_mobility_body()
313{ 313{
314 local ifconfig="atf_check -s exit:0 rump.ifconfig" 314 local ifconfig="atf_check -s exit:0 rump.ifconfig"
315 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 315 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
316 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 316 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
317 local ip_local=192.168.1.1 317 local ip_local=192.168.1.1
318 local ip_peer=192.168.1.2 318 local ip_peer=192.168.1.2
319 local ip_peer_new=192.168.1.3 319 local ip_peer_new=192.168.1.3
320 local ip_wg_local=10.0.0.1 320 local ip_wg_local=10.0.0.1
321 local ip_wg_peer=10.0.0.2 321 local ip_wg_peer=10.0.0.2
322 local port=51820 322 local port=51820
323 local outfile=./out 323 local outfile=./out
324 324
325 setup_servers 325 setup_servers
326 326
327 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 327 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
328 generate_keys 328 generate_keys
329 329
330 export RUMP_SERVER=$SOCK_LOCAL 330 export RUMP_SERVER=$SOCK_LOCAL
331 setup_common shmif0 inet $ip_local 24 331 setup_common shmif0 inet $ip_local 24
332 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 332 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
333 333
334 export RUMP_SERVER=$SOCK_PEER 334 export RUMP_SERVER=$SOCK_PEER
335 setup_common shmif0 inet $ip_peer 24 335 setup_common shmif0 inet $ip_peer 24
336 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 336 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
337 337
338 export RUMP_SERVER=$SOCK_LOCAL 338 export RUMP_SERVER=$SOCK_LOCAL
339 # Initially, the local doesn't know the endpoint of the peer 339 # Initially, the local doesn't know the endpoint of the peer
340 add_peer wg0 peer0 $key_pub_peer "" $ip_wg_peer/32 340 add_peer wg0 peer0 $key_pub_peer "" $ip_wg_peer/32
341 341
342 export RUMP_SERVER=$SOCK_PEER 342 export RUMP_SERVER=$SOCK_PEER
343 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 343 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
344 344
345 extract_new_packets $BUS > $outfile 345 extract_new_packets $BUS > $outfile
346 $DEBUG && cat $outfile 346 $DEBUG && cat $outfile
347 347
348 # Ping from the local to the peer doesn't work because the local 348 # Ping from the local to the peer doesn't work because the local
349 # doesn't know the endpoint of the peer 349 # doesn't know the endpoint of the peer
350 export RUMP_SERVER=$SOCK_LOCAL 350 export RUMP_SERVER=$SOCK_LOCAL
351 $ping_fail $ip_wg_peer 351 $ping_fail $ip_wg_peer
352 352
353 extract_new_packets $BUS > $outfile 353 extract_new_packets $BUS > $outfile
354 $DEBUG && cat $outfile 354 $DEBUG && cat $outfile
355 355
356 export RUMP_SERVER=$SOCK_PEER 356 export RUMP_SERVER=$SOCK_PEER
357 $ping $ip_wg_local 357 $ping $ip_wg_local
358 358
359 extract_new_packets $BUS > $outfile 359 extract_new_packets $BUS > $outfile
360 $DEBUG && cat $outfile 360 $DEBUG && cat $outfile
361 361
362 atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile 362 atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile
363 363
364 # Change the IP address of the peer 364 # Change the IP address of the peer
365 setup_common shmif0 inet $ip_peer_new 24 365 setup_common shmif0 inet $ip_peer_new 24
366 atf_check -s exit:0 rump.ifconfig -w 10 366 atf_check -s exit:0 rump.ifconfig -w 10
367 367
368 # Ping from the local to the peer doesn't work because the local 368 # Ping from the local to the peer doesn't work because the local
369 # doesn't know the change of the IP address of the peer 369 # doesn't know the change of the IP address of the peer
370 export RUMP_SERVER=$SOCK_LOCAL 370 export RUMP_SERVER=$SOCK_LOCAL
371 $ping_fail $ip_wg_peer 371 $ping_fail $ip_wg_peer
372 372
373 extract_new_packets $BUS > $outfile 373 extract_new_packets $BUS > $outfile
374 $DEBUG && cat $outfile 374 $DEBUG && cat $outfile
375 375
376 atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile 376 atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer.$port" cat $outfile
377 377
378 # Ping from the peer to the local works because the local notices 378 # Ping from the peer to the local works because the local notices
379 # the change and updates the IP address of the peer 379 # the change and updates the IP address of the peer
380 export RUMP_SERVER=$SOCK_PEER 380 export RUMP_SERVER=$SOCK_PEER
381 $ping $ip_wg_local 381 $ping $ip_wg_local
382 382
383 extract_new_packets $BUS > $outfile 383 extract_new_packets $BUS > $outfile
384 $DEBUG && cat $outfile 384 $DEBUG && cat $outfile
385 385
386 atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer_new.$port" cat $outfile 386 atf_check -s exit:0 -o match:"$ip_local.$port > $ip_peer_new.$port" cat $outfile
387 atf_check -s exit:0 -o match:"$ip_peer_new.$port > $ip_local.$port" cat $outfile 387 atf_check -s exit:0 -o match:"$ip_peer_new.$port > $ip_local.$port" cat $outfile
388 atf_check -s exit:0 -o not-match:"$ip_local.$port > $ip_peer.$port" cat $outfile 388 atf_check -s exit:0 -o not-match:"$ip_local.$port > $ip_peer.$port" cat $outfile
389 389
390 destroy_wg_interfaces 390 destroy_wg_interfaces
391} 391}
392 392
393wg_mobility_cleanup() 393wg_mobility_cleanup()
394{ 394{
395 395
396 $DEBUG && dump 396 $DEBUG && dump
397 cleanup 397 cleanup
398} 398}
399 399
400atf_test_case wg_keepalive cleanup 400atf_test_case wg_keepalive cleanup
401wg_keepalive_head() 401wg_keepalive_head()
402{ 402{
403 403
404 atf_set "descr" "tests keepalive messages" 404 atf_set "descr" "tests keepalive messages"
405 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 405 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
406} 406}
407 407
408wg_keepalive_body() 408wg_keepalive_body()
409{ 409{
410 local ifconfig="atf_check -s exit:0 rump.ifconfig" 410 local ifconfig="atf_check -s exit:0 rump.ifconfig"
411 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 411 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
412 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 412 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
413 local ip_local=192.168.1.1 413 local ip_local=192.168.1.1
414 local ip_peer=192.168.1.2 414 local ip_peer=192.168.1.2
415 local ip_peer_new=192.168.1.3 415 local ip_peer_new=192.168.1.3
416 local ip_wg_local=10.0.0.1 416 local ip_wg_local=10.0.0.1
417 local ip_wg_peer=10.0.0.2 417 local ip_wg_peer=10.0.0.2
418 local port=51820 418 local port=51820
419 local outfile=./out 419 local outfile=./out
420 local keepalive_timeout=3 420 local keepalive_timeout=3
421 421
422 setup_servers 422 setup_servers
423 423
424 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 424 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
425 generate_keys 425 generate_keys
426 426
427 export RUMP_SERVER=$SOCK_LOCAL 427 export RUMP_SERVER=$SOCK_LOCAL
428 setup_common shmif0 inet $ip_local 24 428 setup_common shmif0 inet $ip_local 24
429 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 429 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
430 430
431 export RUMP_SERVER=$SOCK_PEER 431 export RUMP_SERVER=$SOCK_PEER
432 setup_common shmif0 inet $ip_peer 24 432 setup_common shmif0 inet $ip_peer 24
433 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 433 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
434 434
435 export RUMP_SERVER=$SOCK_LOCAL 435 export RUMP_SERVER=$SOCK_LOCAL
436 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 436 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
437 437
438 export RUMP_SERVER=$SOCK_PEER 438 export RUMP_SERVER=$SOCK_PEER
439 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 439 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
440 440
441 # Shorten keepalive_timeout of the peer 441 # Shorten keepalive_timeout of the peer
442 atf_check -s exit:0 -o ignore \ 442 atf_check -s exit:0 -o ignore \
443 rump.sysctl -w net.wg.keepalive_timeout=$keepalive_timeout 443 rump.sysctl -w net.wg.keepalive_timeout=$keepalive_timeout
444 444
445 export RUMP_SERVER=$SOCK_LOCAL 445 export RUMP_SERVER=$SOCK_LOCAL
446 446
447 extract_new_packets $BUS > $outfile 447 extract_new_packets $BUS > $outfile
448 $DEBUG && cat $outfile 448 $DEBUG && cat $outfile
449 449
450 $ping $ip_wg_peer 450 $ping $ip_wg_peer
451 451
452 extract_new_packets $BUS > $outfile 452 extract_new_packets $BUS > $outfile
453 $DEBUG && cat $outfile 453 $DEBUG && cat $outfile
454 454
455 sleep $((keepalive_timeout + 1)) 455 sleep $((keepalive_timeout + 1))
456 456
457 $ping $ip_wg_peer 457 $ping $ip_wg_peer
458 458
459 extract_new_packets $BUS > $outfile 459 extract_new_packets $BUS > $outfile
460 $DEBUG && cat $outfile 460 $DEBUG && cat $outfile
461 461
462 # XXX length 32 indicates the message is a keepalive (empty) message 462 # XXX length 32 indicates the message is a keepalive (empty) message
463 atf_check -s exit:0 -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 32" \ 463 atf_check -s exit:0 -o match:"$ip_peer.$port > $ip_local.$port: UDP, length 32" \
464 cat $outfile 464 cat $outfile
465 465
466 destroy_wg_interfaces 466 destroy_wg_interfaces
467} 467}
468 468
469wg_keepalive_cleanup() 469wg_keepalive_cleanup()
470{ 470{
471 471
472 $DEBUG && dump 472 $DEBUG && dump
473 cleanup 473 cleanup
474} 474}
475 475
476atf_test_case wg_psk cleanup 476atf_test_case wg_psk cleanup
477wg_psk_head() 477wg_psk_head()
478{ 478{
479 479
480 atf_set "descr" "tests preshared-key" 480 atf_set "descr" "tests preshared-key"
481 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 481 atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
482} 482}
483 483
484test_psk_common() 484test_psk_common()
485{ 485{
486} 486}
487 487
488wg_psk_body() 488wg_psk_body()
489{ 489{
490 local ifconfig="atf_check -s exit:0 rump.ifconfig" 490 local ifconfig="atf_check -s exit:0 rump.ifconfig"
491 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1" 491 local ping="atf_check -s exit:0 -o ignore rump.ping -n -i 0.1 -c 3 -w 1"
492 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1" 492 local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 1"
493 local ip_local=192.168.1.1 493 local ip_local=192.168.1.1
494 local ip_peer=192.168.1.2 494 local ip_peer=192.168.1.2
495 local ip_peer_new=192.168.1.3 495 local ip_peer_new=192.168.1.3
496 local ip_wg_local=10.0.0.1 496 local ip_wg_local=10.0.0.1
497 local ip_wg_peer=10.0.0.2 497 local ip_wg_peer=10.0.0.2
498 local port=51820 498 local port=51820
499 local outfile=./out 499 local outfile=./out
500 local pskfile=./psk 500 local pskfile=./psk
501 local rekey_after_time=3 501 local rekey_after_time=3
502 502
503 setup_servers 503 setup_servers
504 504
505 export RUMP_SERVER=$SOCK_LOCAL 505 export RUMP_SERVER=$SOCK_LOCAL
506 atf_check -s exit:0 -o ignore \ 506 atf_check -s exit:0 -o ignore \
507 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 507 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
508 export RUMP_SERVER=$SOCK_PEER 508 export RUMP_SERVER=$SOCK_PEER
509 atf_check -s exit:0 -o ignore \ 509 atf_check -s exit:0 -o ignore \
510 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time 510 rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
511 511
512 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 512 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
513 generate_keys 513 generate_keys
514 key_psk=$(wg-keygen --psk) 514 key_psk=$(wg-keygen --psk)
515 $DEBUG && echo $key_psk 515 $DEBUG && echo $key_psk
516 516
517 export RUMP_SERVER=$SOCK_LOCAL 517 export RUMP_SERVER=$SOCK_LOCAL
518 setup_common shmif0 inet $ip_local 24 518 setup_common shmif0 inet $ip_local 24
519 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 519 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
520 520
521 export RUMP_SERVER=$SOCK_PEER 521 export RUMP_SERVER=$SOCK_PEER
522 setup_common shmif0 inet $ip_peer 24 522 setup_common shmif0 inet $ip_peer 24
523 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 523 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
524 524
525 echo "$key_psk" > $pskfile 525 echo "$key_psk" > $pskfile
526 526
527 export RUMP_SERVER=$SOCK_LOCAL 527 export RUMP_SERVER=$SOCK_LOCAL
528 528
529 # The local always has the preshared key 529 # The local always has the preshared key
530 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 \ 530 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 \
531 $pskfile "$key_psk" 531 $pskfile "$key_psk"
532 532
533 export RUMP_SERVER=$SOCK_PEER 533 export RUMP_SERVER=$SOCK_PEER
534 534
535 # First, try the peer without the preshared key 535 # First, try the peer without the preshared key
536 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 536 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
537 537
538 export RUMP_SERVER=$SOCK_LOCAL 538 export RUMP_SERVER=$SOCK_LOCAL
539 539
540 extract_new_packets $BUS > $outfile 540 extract_new_packets $BUS > $outfile
541 $DEBUG && cat $outfile 541 $DEBUG && cat $outfile
542 542
543 $ping_fail $ip_wg_peer 543 $ping_fail $ip_wg_peer
544 544
545 extract_new_packets $BUS > $outfile 545 extract_new_packets $BUS > $outfile
546 $DEBUG && cat $outfile 546 $DEBUG && cat $outfile
547 547
548 # Next, try with the preshared key 548 # Next, try with the preshared key
549 export RUMP_SERVER=$SOCK_PEER 549 export RUMP_SERVER=$SOCK_PEER
550 delete_peer wg0 peer0 550 delete_peer wg0 peer0
551 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 \ 551 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 \
552 $pskfile "$key_psk" 552 $pskfile "$key_psk"
553 553
554 # Need a rekey 554 # Need a rekey
555 atf_check -s exit:0 sleep $((rekey_after_time + 1)) 555 atf_check -s exit:0 sleep $((rekey_after_time + 1))
556 556
557 export RUMP_SERVER=$SOCK_LOCAL 557 export RUMP_SERVER=$SOCK_LOCAL
558 558
559 extract_new_packets $BUS > $outfile 559 extract_new_packets $BUS > $outfile
560 $DEBUG && cat $outfile 560 $DEBUG && cat $outfile
561 561
562 $ping $ip_wg_peer 562 $ping $ip_wg_peer
563 563
564 extract_new_packets $BUS > $outfile 564 extract_new_packets $BUS > $outfile
565 $DEBUG && cat $outfile 565 $DEBUG && cat $outfile
566 566
567 # Then, try again without the preshared key just in case 567 # Then, try again without the preshared key just in case
568 export RUMP_SERVER=$SOCK_PEER 568 export RUMP_SERVER=$SOCK_PEER
569 delete_peer wg0 peer0 569 delete_peer wg0 peer0
570 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 570 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
571 571
572 # Need a rekey 572 # Need a rekey
573 atf_check -s exit:0 sleep $((rekey_after_time + 1)) 573 atf_check -s exit:0 sleep $((rekey_after_time + 1))
574 574
575 export RUMP_SERVER=$SOCK_LOCAL 575 export RUMP_SERVER=$SOCK_LOCAL
576 $ping_fail $ip_wg_peer 576 $ping_fail $ip_wg_peer
577 577
578 rm -f $pskfile 578 rm -f $pskfile
579 579
580 destroy_wg_interfaces 580 destroy_wg_interfaces
581} 581}
582 582
583wg_psk_cleanup() 583wg_psk_cleanup()
584{ 584{
585 585
586 $DEBUG && dump 586 $DEBUG && dump
587 cleanup 587 cleanup
588} 588}
589 589
590atf_test_case wg_malformed cleanup 590atf_test_case wg_malformed cleanup
591wg_malformed_head() 591wg_malformed_head()
592{ 592{
593 593
594 atf_set "descr" "tests malformed packet headers" 594 atf_set "descr" "tests malformed packet headers"
595 atf_set "require.progs" "nc" "rump_server" "wgconfig" "wg-keygen" 595 atf_set "require.progs" "nc" "rump_server" "wgconfig" "wg-keygen"
596 atf_set "timeout" "10" 596 atf_set "timeout" "10"
597} 597}
598 598
599wg_malformed_body() 599wg_malformed_body()
600{ 600{
601 local ifconfig="atf_check -s exit:0 rump.ifconfig" 601 local ifconfig="atf_check -s exit:0 rump.ifconfig"
602 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1" 602 local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 1 -w 1"
603 local ip_local=192.168.1.1 603 local ip_local=192.168.1.1
604 local ip_peer=192.168.1.2 604 local ip_peer=192.168.1.2
605 local ip_wg_local=10.0.0.1 605 local ip_wg_local=10.0.0.1
606 local ip_wg_peer=10.0.0.2 606 local ip_wg_peer=10.0.0.2
607 local port=51820 607 local port=51820
608 setup_servers 608 setup_servers
609 609
610 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer 610 # It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
611 generate_keys 611 generate_keys
612 612
613 export RUMP_SERVER=$SOCK_LOCAL 613 export RUMP_SERVER=$SOCK_LOCAL
614 setup_common shmif0 inet $ip_local 24 614 setup_common shmif0 inet $ip_local 24
615 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 615 setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local"
616 616
617 export RUMP_SERVER=$SOCK_PEER 617 export RUMP_SERVER=$SOCK_PEER
618 setup_common shmif0 inet $ip_peer 24 618 setup_common shmif0 inet $ip_peer 24
619 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer" 619 setup_wg_common wg0 inet $ip_wg_peer 24 $port "$key_priv_peer"
620 620
621 export RUMP_SERVER=$SOCK_LOCAL 621 export RUMP_SERVER=$SOCK_LOCAL
622 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 622 add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
623 623
624 export RUMP_SERVER=$SOCK_PEER 624 export RUMP_SERVER=$SOCK_PEER
625 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32 625 add_peer wg0 peer0 $key_pub_local $ip_local:$port $ip_wg_local/32
626 626
627 export RUMP_SERVER=$SOCK_LOCAL 627 export RUMP_SERVER=$SOCK_LOCAL
628 628
629 $ping $ip_wg_peer 629 $ping $ip_wg_peer
630 630
631 printf 'send malformed packets\n' 631 printf 'send malformed packets\n'
632 632
633 $HIJACKING ping -c 1 -n $ip_peer 633 $HIJACKING ping -c 1 -n $ip_peer
634 634
635 printf 'x' | $HIJACKING nc -Nu -w 0 $ip_peer $port 635 printf 'x' | $HIJACKING nc -Nu -w 0 $ip_peer $port
636 printf 'xy' | $HIJACKING nc -Nu -w 0 $ip_peer $port 636 printf 'xy' | $HIJACKING nc -Nu -w 0 $ip_peer $port
637 printf 'xyz' | $HIJACKING nc -Nu -w 0 $ip_peer $port 637 printf 'xyz' | $HIJACKING nc -Nu -w 0 $ip_peer $port
638 printf 'xyzw' | $HIJACKING nc -Nu -w 0 $ip_peer $port 638 printf 'xyzw' | $HIJACKING nc -Nu -w 0 $ip_peer $port
639 printf '\x00\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 639 printf '\x00\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
640 printf '\x00\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 640 printf '\x00\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
641 printf '\x01\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 641 printf '\x01\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
642 printf '\x01\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 642 printf '\x01\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
643 printf '\x02\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 643 printf '\x02\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
644 printf '\x02\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 644 printf '\x02\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
645 printf '\x03\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 645 printf '\x03\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
646 printf '\x03\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 646 printf '\x03\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
647 printf '\x04\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port 647 printf '\x04\x00\x00\x00' | $HIJACKING nc -Nu -w 0 $ip_peer $port
648 printf '\x04\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port 648 printf '\x04\x00\x00\x00z' | $HIJACKING nc -Nu -w 0 $ip_peer $port
649 649
650 printf 'done sending malformed packets\n' 650 printf 'done sending malformed packets\n'
651 651
652 $ping $ip_wg_peer 652 $ping $ip_wg_peer
653} 653}
654 654
655wg_malformed_cleanup() 655wg_malformed_cleanup()
656{ 656{
657 657
658 $DEBUG && dump 658 $DEBUG && dump
659 cleanup 659 cleanup
660} 660}
661 661
662atf_init_test_cases() 662atf_init_test_cases()
663{ 663{
664 664
665 atf_add_test_case wg_rekey 665 atf_add_test_case wg_rekey
666 atf_add_test_case wg_handshake_timeout 666 atf_add_test_case wg_handshake_timeout
667 atf_add_test_case wg_cookie 667 atf_add_test_case wg_cookie
668 atf_add_test_case wg_mobility 668 atf_add_test_case wg_mobility
669 atf_add_test_case wg_keepalive 669 atf_add_test_case wg_keepalive
670 atf_add_test_case wg_psk 670 atf_add_test_case wg_psk
671 atf_add_test_case wg_malformed 671 atf_add_test_case wg_malformed
672} 672}