summaryrefslogtreecommitdiffhomepage
path: root/src/tests/netns.sh
AgeCommit message (Collapse)Author
2017-12-09global: add SPDX tags to all filesGreg Kroah-Hartman
It's good to have SPDX identifiers in all files as the Linux kernel developers are working to add these identifiers to all files. Update all files with the correct SPDX license identifier based on the license text of the project or based on the license in the file itself. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Modified-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-23tools: fix removing preshared keysJason A. Donenfeld
Also clean up related logic quite a bit and add unit tests. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-10netlink: make sure we reserve space for NLMSG_DONEJason A. Donenfeld
Otherwise, if messages pack really close together, we'll exceed the size of the sk_buff and return ENOBUFS. I suspect this has been the cause of a lot of weird bugs that people just worked around by increasing the receive buffer size. This actually addresses the root cause. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31stats: more robust accountingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31netns: use time-based test instead of quantity-basedJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31netns: use read built-in instead of ncat hack for dmesgJason A. Donenfeld
This misses lines that are greater than 128 bytes -- read returns -EINVAL -- but the lines we care about anyway are less than that, so we simply keep looping and skip the bad reads when this happens. Not ideal, but probably the best we can do in pure bash. And, importantly, it's much better than streaming this over a TCP socket, which was an even uglier hack. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-17netns: disable accept_dad for all interfacesJason A. Donenfeld
Upstream's a2d3f3e33853ef52e5f66b41c3e8ee5710aa3305 broke things in strange and confusing ways. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-09routingtable: iterate progressivelyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-05send: put keypair referenceJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02netlink: switch from ioctl to netlink for configurationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-09-24netns: disable rp_filter for final testJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-08-23socket: improve reply-to-src algorithmJason A. Donenfeld
We store the destination IP of incoming packets as the source IP of outgoing packets. When we send outgoing packets, we then ask the routing table for which interface to use and which source address, given our inputs of the destination address and a suggested source address. This all is good and fine, since it means we'll successfully reply using the correct source address, correlating with the destination address for incoming packets. However, what happens when default routes change? Or when interface IP addresses change? Prior to this commit, after getting the response from the routing table of the source address, destination address, and interface, we would then make sure that the source address actually belonged to the outbound interface. If it didn't, we'd reset our source address to zero and re-ask the routing table, in which case the routing table would then give us the default IP address for sending that packet. This worked mostly fine for most purposes, but there was a problem: what if WireGuard legitimately accepted an inbound packet on a default interface using an IP of another interface? In this case, falling back to asking for the default source IP was not a good strategy, since it'd nearly always mean we'd fail to reply using the right source. So, this commit changes the algorithm slightly. Rather than falling back to using the default IP if the preferred source IP doesn't belong to the outbound interface, we have two checks: we make sure that the source IP address belongs to _some_ interface on the system, no matter which one (so long as it's within the network namespace), and we check whether or not the interface of an incoming packet matches the returned interface for the outbound traffic. If both these conditions are true, then we proceed with using this source IP address. If not, we fall back to the default IP address. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-08-03netns: work around linux 3.10 issuesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-08-03netns: explictly test reply to sender routingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-20global: wireguard.io --> wireguard.comJason A. Donenfeld
Due to concerns with the .io TLD, we are switching to using wireguard.com instead. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-01receive: trim incoming packets to IP header lengthJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17tests: check for stats counter increasesJason A. Donenfeld
The kernel API for this has changed a lot, so this test is important to ensure our compat layer is doing the right thing. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17noise: redesign preshared key modeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-14netns: cleanup and add diagramJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10Update copyrightJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-26compat: support 3.18, 3.19, 4.0Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-16tests: avoid non-strict writes via printfJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-04tests: directly kill nmapJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-04tests: make sure ncat gets killedJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-29tests: be sure we get all messagesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-21tests: veth does not come up immediatelyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-21headers: cleanup noticesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-15tests: trim outputJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-15tests: use private ipv6 addressesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-15socket: ensure that saddr routing can deal with interface removalJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-29netns: remove dangling $@Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-21tests: test jumbo frames with more transferJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-12tests: add crypto-RP filter testJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-08tests: use makefile and expand greatlyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-18tests: improve test suite and add qemu testerJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>