diff options
Diffstat (limited to 'tests/netns.sh')
-rwxr-xr-x | tests/netns.sh | 111 |
1 files changed, 101 insertions, 10 deletions
diff --git a/tests/netns.sh b/tests/netns.sh index 85a3c51..94eb16f 100755 --- a/tests/netns.sh +++ b/tests/netns.sh @@ -1,7 +1,8 @@ #!/bin/bash - -# Copyright (C) 2015-2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. - +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. +# # This script tests the below topology: # # ┌─────────────────────┐ ┌──────────────────────────────────┐ ┌─────────────────────┐ @@ -131,9 +132,6 @@ configure_peers() { preshared-key <(echo "$psk") \ allowed-ips 192.168.241.1/32,fd00::1/128 - n0 wg showconf wg1 - n0 wg showconf wg2 - ip1 link set up dev wg1 ip2 link set up dev wg2 sleep 1 @@ -148,6 +146,26 @@ tests() { # Ping over IPv6 n2 ping6 -c 10 -f -W 1 fd00::1 n1 ping6 -c 10 -f -W 1 fd00::2 + + # # TCP over IPv4 + # n2 iperf3 -s -1 -B 192.168.241.2 & + # waitiperf $netns2 + # n1 iperf3 -Z -t 3 -c 192.168.241.2 + + # # TCP over IPv6 + # n1 iperf3 -s -1 -B fd00::1 & + # waitiperf $netns1 + # n2 iperf3 -Z -t 3 -c fd00::1 + + # # UDP over IPv4 + # n1 iperf3 -s -1 -B 192.168.241.1 & + # waitiperf $netns1 + # n2 iperf3 -Z -t 3 -b 0 -u -c 192.168.241.1 + + # # UDP over IPv6 + # n2 iperf3 -s -1 -B fd00::2 & + # waitiperf $netns2 + # n1 iperf3 -Z -t 3 -b 0 -u -c fd00::2 } [[ $(ip1 link show dev wg1) =~ mtu\ ([0-9]+) ]] && orig_mtu="${BASH_REMATCH[1]}" @@ -179,11 +197,22 @@ n0 wg set wg1 peer "$pub2" endpoint [::1]:20000 n0 wg set wg2 peer "$pub1" endpoint [::1]:10000 tests - ip1 link set wg1 mtu $big_mtu ip2 link set wg2 mtu $big_mtu tests +# Test that route MTUs work with the padding +ip1 link set wg1 mtu 1300 +ip2 link set wg2 mtu 1300 +n0 wg set wg1 peer "$pub2" endpoint 127.0.0.1:20000 +n0 wg set wg2 peer "$pub1" endpoint 127.0.0.1:10000 +n0 iptables -A INPUT -m length --length 1360 -j DROP +ip1 route add 192.168.241.2/32 dev wg1 mtu 1299 +ip2 route add 192.168.241.1/32 dev wg2 mtu 1299 +n2 ping -c 1 -W 1 -s 1269 192.168.241.1 +ip2 route delete 192.168.241.1/32 dev wg2 mtu 1299 +ip1 route delete 192.168.241.2/32 dev wg1 mtu 1299 +n0 iptables -F INPUT ip1 link set wg1 mtu $orig_mtu ip2 link set wg2 mtu $orig_mtu @@ -301,9 +330,10 @@ n1 $program wg1 n2 $program wg2 configure_peers - ip1 link add veth1 type veth peer name veth2 ip1 link set veth2 netns $netns2 +n1 bash -c 'printf 0 > /proc/sys/net/ipv6/conf/all/accept_dad' +n2 bash -c 'printf 0 > /proc/sys/net/ipv6/conf/all/accept_dad' n1 bash -c 'printf 0 > /proc/sys/net/ipv6/conf/veth1/accept_dad' n2 bash -c 'printf 0 > /proc/sys/net/ipv6/conf/veth2/accept_dad' n1 bash -c 'printf 1 > /proc/sys/net/ipv4/conf/veth1/promote_secondaries' @@ -357,7 +387,52 @@ n0 wg set wg2 peer "$pub1" endpoint [fd00:aa::2]:10000 n2 ping -W 1 -c 1 192.168.241.1 [[ $(n0 wg show wg2 endpoints) == "$pub1 [fd00:aa::2]:10000" ]] +# What happens if the inbound destination address belongs to a different interface as the default route? +ip1 link add dummy0 type dummy +ip1 addr add 10.50.0.1/24 dev dummy0 +ip1 link set dummy0 up +ip2 route add 10.50.0.0/24 dev veth2 +n0 wg set wg2 peer "$pub1" endpoint 10.50.0.1:10000 +n2 ping -W 1 -c 1 192.168.241.1 +[[ $(n0 wg show wg2 endpoints) == "$pub1 10.50.0.1:10000" ]] + +ip1 link del dummy0 +ip1 addr flush dev veth1 +ip2 addr flush dev veth2 +ip1 route flush dev veth1 +ip2 route flush dev veth2 + +# Now we see what happens if another interface route takes precedence over an ongoing one +# ip1 link add veth3 type veth peer name veth4 +# ip1 link set veth4 netns $netns2 +# ip1 addr add 10.0.0.1/24 dev veth1 +# ip2 addr add 10.0.0.2/24 dev veth2 +# ip1 addr add 10.0.0.3/24 dev veth3 +# ip1 link set veth1 up +# ip2 link set veth2 up +# ip1 link set veth3 up +# ip2 link set veth4 up +# waitiface $netns1 veth1 +# waitiface $netns2 veth2 +# waitiface $netns1 veth3 +# waitiface $netns2 veth4 +# ip1 route flush dev veth1 +# ip1 route flush dev veth3 +# ip1 route add 10.0.0.0/24 dev veth1 src 10.0.0.1 metric 2 +# n1 wg set wg1 peer "$pub2" endpoint 10.0.0.2:20000 +# n1 ping -W 1 -c 1 192.168.241.2 +# [[ $(n2 wg show wg2 endpoints) == "$pub1 10.0.0.1:10000" ]] +# ip1 route add 10.0.0.0/24 dev veth3 src 10.0.0.3 metric 1 +# n1 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/veth1/rp_filter' +# n2 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/veth4/rp_filter' +# n1 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/all/rp_filter' +# n2 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/all/rp_filter' +# n1 ping -W 1 -c 1 192.168.241.2 +# n2 wg show wg2 endpoints +# [[ $(n2 wg show wg2 endpoints) == "$pub1 10.0.0.3:10000" ]] + ip1 link del veth1 +# ip1 link del veth3 ip1 link del wg1 ip2 link del wg2 @@ -379,7 +454,6 @@ for ip in $(n0 wg show wg0 allowed-ips); do done ((i == 255*256*2+1)) ip0 link del wg0 - n0 $program wg0 config=( "[Interface]" "PrivateKey=$(wg genkey)" ) for a in {1..40}; do @@ -400,7 +474,6 @@ while read -r line; do done < <(n0 wg show wg0 allowed-ips) ((i == 40)) ip0 link del wg0 - n0 $program wg0 config=( ) for i in {1..29}; do @@ -413,6 +486,24 @@ ip0 link del wg0 ! n0 wg show doesnotexist || false +n0 $program wg0 +n0 wg set wg0 private-key <(echo "$key1") peer "$pub2" preshared-key <(echo "$psk") +[[ $(n0 wg show wg0 private-key) == "$key1" ]] +[[ $(n0 wg show wg0 preshared-keys) == "$pub2 $psk" ]] +n0 wg set wg0 private-key /dev/null peer "$pub2" preshared-key /dev/null +[[ $(n0 wg show wg0 private-key) == "(none)" ]] +[[ $(n0 wg show wg0 preshared-keys) == "$pub2 (none)" ]] +n0 wg set wg0 peer "$pub2" +n0 wg set wg0 private-key <(echo "$key2") +[[ $(n0 wg show wg0 public-key) == "$pub2" ]] +[[ -z $(n0 wg show wg0 peers) ]] +n0 wg set wg0 peer "$pub2" +[[ -z $(n0 wg show wg0 peers) ]] +n0 wg set wg0 private-key <(echo "$key1") +n0 wg set wg0 peer "$pub2" +[[ $(n0 wg show wg0 peers) == "$pub2" ]] +ip0 link del wg0 + declare -A objects while read -t 0.1 -r line 2>/dev/null || [[ $? -ne 142 ]]; do [[ $line =~ .*(wg[0-9]+:\ [A-Z][a-z]+\ [0-9]+)\ .*(created|destroyed).* ]] || continue |