1 files changed, 142 insertions, 0 deletions

diff --git a/src/tests/netns.sh b/src/tests/netns.sh
new file mode 100755
index 0000000..901ec36
--- /dev/null
+++ b/src/tests/netns.sh
@@ -0,0 +1,142 @@
+#!/bin/bash
+
+# This is a simple test suite for WireGuard. At some point it might be
+# nice to transition this to Sharness, like git, cgit, and pass, but
+# it's possible that kernel upstream won't like the bulkiness of that
+# very much. So for now we'll leave it to a single simple file like
+# this one here.
+#
+# The exit code is 0 when this is successful.
+
+[[ $UID != 0 ]] && exec sudo bash "$(readlink -f "$0")" "$@"
+[[ $1 == --no-module-insert ]] && no_module=1 || no_module=0
+set -ex
+date
+cd "$(dirname "$(readlink -f "$0")")/.."
+
+unset netns0 netns1 netns2
+while [[ $netns1 == "$netns2" || $netns0 == "$netns1" || $netns0 == "$netns2" ]]; do
+	netns0="wgtestns$RANDOM"
+	netns1="wgtestns$RANDOM"
+	netns2="wgtestns$RANDOM"
+done
+
+n0() { ip netns exec $netns0 "$@"; }
+n1() { ip netns exec $netns1 "$@"; }
+n2() { ip netns exec $netns2 "$@"; }
+ip0() { ip -n $netns0 "$@"; }
+ip1() { ip -n $netns1 "$@"; }
+ip2() { ip -n $netns2 "$@"; }
+
+cleanup() {
+	set +e
+	ip0 link del dev wg0
+	ip1 link del dev wg0
+	ip2 link del dev wg0
+	[[ $no_module -ne 1 ]] && rmmod wireguard
+	killall iperf3
+	ip netns del $netns1
+	ip netns del $netns2
+	ip netns del $netns0
+	exit
+}
+
+trap cleanup EXIT
+
+if [[ $no_module -ne 1 ]]; then
+	rmmod wireguard 2>/dev/null || true
+	# We consider insertion part of the tests because when compiled in debug mode,
+	# the module will fail to insert if the internal kernel self-tests fail.
+	insmod wireguard.ko
+fi
+
+ip netns del $netns0 2>/dev/null || true
+ip netns del $netns1 2>/dev/null || true
+ip netns del $netns2 2>/dev/null || true
+ip netns add $netns0
+ip netns add $netns1
+ip netns add $netns2
+
+ip0 link set up dev lo
+ip0 link add dev wg0 type wireguard
+ip0 link set wg0 netns $netns1
+ip0 link add dev wg0 type wireguard
+ip0 link set wg0 netns $netns2
+
+ip1 addr add 192.168.241.1/24 dev wg0
+ip1 addr add abcd::1/24 dev wg0
+ip2 addr add 192.168.241.2/24 dev wg0
+ip2 addr add abcd::2/24 dev wg0
+
+key1="$(tools/wg genkey)"
+key2="$(tools/wg genkey)"
+pub1="$(tools/wg pubkey <<<"$key1")"
+pub2="$(tools/wg pubkey <<<"$key2")"
+psk="$(tools/wg genpsk)"
+[[ -n $key1 && -n $key2 && -n $psk ]]
+
+n1 tools/wg set wg0 \
+	private-key <(echo "$key1") \
+	preshared-key <(echo "$psk") \
+	listen-port 1 \
+	peer "$pub2" \
+		allowed-ips 192.168.241.2/32,abcd::2/128
+n2 tools/wg set wg0 \
+	private-key <(echo "$key2") \
+	preshared-key <(echo "$psk") \
+	listen-port 2 \
+	peer "$pub1" \
+		allowed-ips 192.168.241.1/32,abcd::1/128
+
+ip1 link set up dev wg0
+ip2 link set up dev wg0
+
+tests() {
+	# Status before
+	n1 tools/wg
+	n2 tools/wg
+
+	# Ping over IPv4
+	n2 ping -c 10 -f -W 1 192.168.241.1
+	n1 ping -c 10 -f -W 1 192.168.241.2
+
+	# Ping over IPv6
+	n2 ping6 -c 10 -f -W 1 abcd::1
+	n1 ping6 -c 10 -f -W 1 abcd::2
+
+	# TCP over IPv4
+	n2 iperf3 -s -D -B 192.168.241.2
+	while ! ss -N $netns2 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
+	n1 iperf3 -Z -i 1 -n 1G "$@" -c 192.168.241.2
+
+	# TCP over IPv6
+	n1 iperf3 -s -D -B abcd::1
+	while ! ss -N $netns1 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
+	n2 iperf3 -Z -i 1 -n 1G "$@" -c abcd::1
+
+	# UDP over IPv4
+	n1 iperf3 -s -D -B 192.168.241.1
+	while ! ss -N $netns1 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
+	n2 iperf3 -Z -i 1 -n 1G "$@" -b 0 -u -c 192.168.241.1
+
+	# UDP over IPv6
+	n2 iperf3 -s -D -B abcd::2
+	while ! ss -N $netns2 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
+	n1 iperf3 -Z -i 1 -n 1G "$@" -b 0 -u -c abcd::2
+
+	# Status after
+	n1 tools/wg
+	n2 tools/wg
+}
+
+# Test using IPv4 as outer transport
+n1 tools/wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
+n2 tools/wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
+tests
+
+# Test using IPv6 as outer transport
+n1 tools/wg set wg0 peer "$pub2" endpoint [::1]:2
+n2 tools/wg set wg0 peer "$pub1" endpoint [::1]:1
+tests
+
+date