path: root/src/tests/netns.sh

#!/bin/bash

# This is a simple test suite for WireGuard. At some point it might be
# nice to transition this to Sharness, like git, cgit, and pass, but
# it's possible that kernel upstream won't like the bulkiness of that
# very much. So for now we'll leave it to a single simple file like
# this one here.
#
# The exit code is 0 when this is successful.

[[ $UID != 0 ]] && exec sudo bash "$(readlink -f "$0")" "$@"
[[ $1 == --no-module-insert ]] && no_module=1 || no_module=0
set -ex
date
cd "$(dirname "$(readlink -f "$0")")/.."

unset netns0 netns1 netns2
while [[ $netns1 == "$netns2" || $netns0 == "$netns1" || $netns0 == "$netns2" ]]; do
	netns0="wgtestns$RANDOM"
	netns1="wgtestns$RANDOM"
	netns2="wgtestns$RANDOM"
done

n0() { ip netns exec $netns0 "$@"; }
n1() { ip netns exec $netns1 "$@"; }
n2() { ip netns exec $netns2 "$@"; }
ip0() { ip -n $netns0 "$@"; }
ip1() { ip -n $netns1 "$@"; }
ip2() { ip -n $netns2 "$@"; }

cleanup() {
	set +e
	ip0 link del dev wg0
	ip1 link del dev wg0
	ip2 link del dev wg0
	[[ $no_module -ne 1 ]] && rmmod wireguard
	killall iperf3
	ip netns del $netns1
	ip netns del $netns2
	ip netns del $netns0
	exit
}

trap cleanup EXIT

if [[ $no_module -ne 1 ]]; then
	rmmod wireguard 2>/dev/null || true
	# We consider insertion part of the tests because when compiled in debug mode,
	# the module will fail to insert if the internal kernel self-tests fail.
	insmod wireguard.ko
fi

ip netns del $netns0 2>/dev/null || true
ip netns del $netns1 2>/dev/null || true
ip netns del $netns2 2>/dev/null || true
ip netns add $netns0
ip netns add $netns1
ip netns add $netns2

ip0 link set up dev lo
ip0 link add dev wg0 type wireguard
ip0 link set wg0 netns $netns1
ip0 link add dev wg0 type wireguard
ip0 link set wg0 netns $netns2

ip1 addr add 192.168.241.1/24 dev wg0
ip1 addr add abcd::1/24 dev wg0
ip2 addr add 192.168.241.2/24 dev wg0
ip2 addr add abcd::2/24 dev wg0

key1="$(tools/wg genkey)"
key2="$(tools/wg genkey)"
pub1="$(tools/wg pubkey <<<"$key1")"
pub2="$(tools/wg pubkey <<<"$key2")"
psk="$(tools/wg genpsk)"
[[ -n $key1 && -n $key2 && -n $psk ]]

n1 tools/wg set wg0 \
	private-key <(echo "$key1") \
	preshared-key <(echo "$psk") \
	listen-port 1 \
	peer "$pub2" \
		allowed-ips 192.168.241.2/32,abcd::2/128
n2 tools/wg set wg0 \
	private-key <(echo "$key2") \
	preshared-key <(echo "$psk") \
	listen-port 2 \
	peer "$pub1" \
		allowed-ips 192.168.241.1/32,abcd::1/128

ip1 link set up dev wg0
ip2 link set up dev wg0

tests() {
	# Status before
	n1 tools/wg
	n2 tools/wg

	# Ping over IPv4
	n2 ping -c 10 -f -W 1 192.168.241.1
	n1 ping -c 10 -f -W 1 192.168.241.2

	# Ping over IPv6
	n2 ping6 -c 10 -f -W 1 abcd::1
	n1 ping6 -c 10 -f -W 1 abcd::2

	# TCP over IPv4
	n2 iperf3 -s -D -B 192.168.241.2
	while ! ss -N $netns2 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
	n1 iperf3 -Z -i 1 -n 1G "$@" -c 192.168.241.2

	# TCP over IPv6
	n1 iperf3 -s -D -B abcd::1
	while ! ss -N $netns1 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
	n2 iperf3 -Z -i 1 -n 1G "$@" -c abcd::1

	# UDP over IPv4
	n1 iperf3 -s -D -B 192.168.241.1
	while ! ss -N $netns1 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
	n2 iperf3 -Z -i 1 -n 1G "$@" -b 0 -u -c 192.168.241.1

	# UDP over IPv6
	n2 iperf3 -s -D -B abcd::2
	while ! ss -N $netns2 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
	n1 iperf3 -Z -i 1 -n 1G "$@" -b 0 -u -c abcd::2

	# Status after
	n1 tools/wg
	n2 tools/wg
}

# Test using IPv4 as outer transport
n1 tools/wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
n2 tools/wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
tests

# Test using IPv6 as outer transport
n1 tools/wg set wg0 peer "$pub2" endpoint [::1]:2
n2 tools/wg set wg0 peer "$pub1" endpoint [::1]:1
tests

date