From 0f3ceb4ae12cc0b2710671ad7d48ae42b888fe29 Mon Sep 17 00:00:00 2001 From: Jake McGinty Date: Tue, 8 May 2018 20:36:59 -0700 Subject: tests: add beginning of timers test. --- tests/timers.sh | 178 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100755 tests/timers.sh (limited to 'tests') diff --git a/tests/timers.sh b/tests/timers.sh new file mode 100755 index 0000000..98615f0 --- /dev/null +++ b/tests/timers.sh @@ -0,0 +1,178 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2018 Jason A. Donenfeld . All Rights Reserved. +# +# This script tests the below topology: +# +# ┌─────────────────────┐ ┌──────────────────────────────────────────┐ ┌─────────────────────┐ +# │ $ns1 namespace │ │ $ns0 namespace │ │ $ns2 namespace │ +# │ │ │ │ │ │ +# │┌────────┐ │ │ ┌────────┐ │ │ ┌────────┐│ +# ││ wg1 │───────────┼───┼────────────────│ lo │────────────────┼───┼───────────│ wg2 ││ +# │├────────┴──────────┐│ │ ┌───────────┴────────┴────────────┐ │ │┌──────────┴────────┤│ +# ││192.168.241.1/24 ││ │ │(ns1) (ns2) │ │ ││192.168.241.2/24 ││ +# ││fd00::1/24 ││ │ │127.0.0.1:10000 127.0.0.1:20000│ │ ││fd00::2/24 ││ +# │└───────────────────┘│ │ │[::]:10000 [::]:20000 │ │ │└───────────────────┘│ +# └─────────────────────┘ │ └─────────────────────────────────┘ │ └─────────────────────┘ +# └──────────────────────────────────────────┘ +# +# After the topology is prepared we run a series of tests and lightly analyze the +# packet captures from those tests to verify the right behavior occurs over the wire +# in a variety of scenarios, most of which involving the relatively difficult timer +# system. + +# Much of the boilerplate code is taken from the netns.sh tests. +# +# Please ensure that you have installed the newest version of the WireGuard +# tools from the WireGuard project and before running these tests as: +# +# ./timers.sh + +set -e + +exec 3>&1 +export WG_HIDE_KEYS=never +netns0="wg-test-$$-0" +netns1="wg-test-$$-1" +netns2="wg-test-$$-2" + +pretty() { echo -e "\x1b[32m\x1b[1m[+] ${1:+NS$1: }${2}\x1b[0m" >&3; } +info() { echo -e "\x1b[32m[~] "$@" \x1b[0m" >&3; } +warn() { echo -e "\x1b[31m\x1b[1m[!] "$@" \x1b[0m" >&3; } +section() { echo -e "\x1b[1m[*] SECTION: "$@" \x1b[0m" >&3; } +pp() { pretty "" "$*"; "$@"; } +maybe_exec() { if [[ $BASHPID -eq $$ ]]; then "$@"; else exec "$@"; fi; } +n0() { pretty 0 "$*"; maybe_exec ip netns exec $netns0 "$@"; } +n1() { pretty 1 "$*"; maybe_exec ip netns exec $netns1 "$@"; } +n2() { pretty 2 "$*"; maybe_exec ip netns exec $netns2 "$@"; } +ip0() { pretty 0 "ip $*"; ip -n $netns0 "$@"; } +ip1() { pretty 1 "ip $*"; ip -n $netns1 "$@"; } +ip2() { pretty 2 "ip $*"; ip -n $netns2 "$@"; } +sleep() { read -t "$1" -N 0 || true; } +waitiface() { pretty "${1//*-}" "wait for $2 to come up"; ip netns exec "$1" bash -c "while [[ \$(< \"/sys/class/net/$2/operstate\") != up ]]; do read -t .1 -N 0 || true; done;"; } + +for arg in "$@"; do + shift + case "$arg" in + "--iperf"|"--iperf3") use_iperf=1 ;; + *) program="$arg" + esac +done + +if [ $program ]; then + info "using $program as userspace wireguard." +fi + +create() { + if [ $program ]; then + echo "$program $1" + else + echo "ip link add dev $1 type wireguard" + fi +} + +cleanup() { + set +e + exec 2>/dev/null + printf "$orig_message_cost" > /proc/sys/net/core/message_cost + ip0 link del dev wg0 + ip1 link del dev wg1 + ip2 link del dev wg2 + local to_kill="$(ip netns pids $netns0) $(ip netns pids $netns1) $(ip netns pids $netns2)" + [[ -n $to_kill ]] && kill $to_kill + pp ip netns del $netns1 + pp ip netns del $netns2 + pp ip netns del $netns0 + exit +} + +error() { + local code="${3:-1}" + warn "Test failed at line $1." + exit "${code}" +} + +orig_message_cost="$(< /proc/sys/net/core/message_cost)" +trap 'error ${LINENO}' ERR +trap cleanup EXIT +printf 0 > /proc/sys/net/core/message_cost + +ip netns del $netns0 2>/dev/null || true +ip netns del $netns1 2>/dev/null || true +ip netns del $netns2 2>/dev/null || true +pp ip netns add $netns0 +pp ip netns add $netns1 +pp ip netns add $netns2 +ip0 link set up dev lo + +n0 $(create wg1) +sleep 0.5 +ip0 link set wg1 netns $netns1 + +n0 $(create wg2) +sleep 0.5 +ip0 link set wg2 netns $netns2 + +key1="$(pp wg genkey)" +key2="$(pp wg genkey)" +pub1="$(pp wg pubkey <<<"$key1")" +pub2="$(pp wg pubkey <<<"$key2")" +psk="$(pp wg genpsk)" +[[ -n $key1 && -n $key2 && -n $psk ]] + +configure_peers() { + ip1 addr add 192.168.241.1/24 dev wg1 + ip1 addr add fd00::1/24 dev wg1 + + ip2 addr add 192.168.241.2/24 dev wg2 + ip2 addr add fd00::2/24 dev wg2 + + n1 wg set wg1 \ + private-key <(echo "$key1") \ + listen-port 10000 \ + peer "$pub2" \ + preshared-key <(echo "$psk") \ + allowed-ips 192.168.241.2/32,fd00::2/128 + n2 wg set wg2 \ + private-key <(echo "$key2") \ + listen-port 20000 \ + peer "$pub1" \ + preshared-key <(echo "$psk") \ + allowed-ips 192.168.241.1/32,fd00::1/128 + + ip1 link set up dev wg1 + ip2 link set up dev wg2 + sleep 1 +} + +configure_peers + +pcap=`mktemp` +section $pcap +n0 tcpdump -U 'udp port 10000' -w $pcap &>/dev/null & +sleep 1 + +[[ $(ip1 link show dev wg1) =~ mtu\ ([0-9]+) ]] && orig_mtu="${BASH_REMATCH[1]}" + +# Test using IPv4 as outer transport +section "basic passive keepalive test" +n1 wg set wg1 peer "$pub2" endpoint 127.0.0.1:20000 +n2 wg set wg2 peer "$pub1" endpoint 127.0.0.1:10000 +n2 ping -c 10 -f -W 1 192.168.241.1 +n1 ping -c 10 -f -W 1 192.168.241.2 + +sleep 1 + +packets2to1=$(tcpdump -r $pcap 2>/dev/null | grep "localhost.20000 > " | wc -l) +packets1to2=$(tcpdump -r $pcap 2>/dev/null | grep "localhost.10000 > " | wc -l) +[[ $packets2to1 -eq 21 && $packets1to2 -eq 21 ]] + +section "sleeping 10 seconds for passive keepalive..." +sleep 10 + +packets2to1=$(tcpdump -r $pcap 2>/dev/null | grep "localhost.20000 > " | wc -l) +packets1to2=$(tcpdump -r $pcap 2>/dev/null | grep "localhost.10000 > " | wc -l) +[[ $packets2to1 -eq 21 && $packets1to2 -eq 22 ]] + +section "ALL TESTS PASSED!" -- cgit v1.2.3-59-g8ed1b