blob: 901ec36f6ce33726af538ce301a6d8c090b87972 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
#!/bin/bash
# This is a simple test suite for WireGuard. At some point it might be
# nice to transition this to Sharness, like git, cgit, and pass, but
# it's possible that kernel upstream won't like the bulkiness of that
# very much. So for now we'll leave it to a single simple file like
# this one here.
#
# The exit code is 0 when this is successful.
[[ $UID != 0 ]] && exec sudo bash "$(readlink -f "$0")" "$@"
[[ $1 == --no-module-insert ]] && no_module=1 || no_module=0
set -ex
date
cd "$(dirname "$(readlink -f "$0")")/.."
unset netns0 netns1 netns2
while [[ $netns1 == "$netns2" || $netns0 == "$netns1" || $netns0 == "$netns2" ]]; do
netns0="wgtestns$RANDOM"
netns1="wgtestns$RANDOM"
netns2="wgtestns$RANDOM"
done
n0() { ip netns exec $netns0 "$@"; }
n1() { ip netns exec $netns1 "$@"; }
n2() { ip netns exec $netns2 "$@"; }
ip0() { ip -n $netns0 "$@"; }
ip1() { ip -n $netns1 "$@"; }
ip2() { ip -n $netns2 "$@"; }
cleanup() {
set +e
ip0 link del dev wg0
ip1 link del dev wg0
ip2 link del dev wg0
[[ $no_module -ne 1 ]] && rmmod wireguard
killall iperf3
ip netns del $netns1
ip netns del $netns2
ip netns del $netns0
exit
}
trap cleanup EXIT
if [[ $no_module -ne 1 ]]; then
rmmod wireguard 2>/dev/null || true
# We consider insertion part of the tests because when compiled in debug mode,
# the module will fail to insert if the internal kernel self-tests fail.
insmod wireguard.ko
fi
ip netns del $netns0 2>/dev/null || true
ip netns del $netns1 2>/dev/null || true
ip netns del $netns2 2>/dev/null || true
ip netns add $netns0
ip netns add $netns1
ip netns add $netns2
ip0 link set up dev lo
ip0 link add dev wg0 type wireguard
ip0 link set wg0 netns $netns1
ip0 link add dev wg0 type wireguard
ip0 link set wg0 netns $netns2
ip1 addr add 192.168.241.1/24 dev wg0
ip1 addr add abcd::1/24 dev wg0
ip2 addr add 192.168.241.2/24 dev wg0
ip2 addr add abcd::2/24 dev wg0
key1="$(tools/wg genkey)"
key2="$(tools/wg genkey)"
pub1="$(tools/wg pubkey <<<"$key1")"
pub2="$(tools/wg pubkey <<<"$key2")"
psk="$(tools/wg genpsk)"
[[ -n $key1 && -n $key2 && -n $psk ]]
n1 tools/wg set wg0 \
private-key <(echo "$key1") \
preshared-key <(echo "$psk") \
listen-port 1 \
peer "$pub2" \
allowed-ips 192.168.241.2/32,abcd::2/128
n2 tools/wg set wg0 \
private-key <(echo "$key2") \
preshared-key <(echo "$psk") \
listen-port 2 \
peer "$pub1" \
allowed-ips 192.168.241.1/32,abcd::1/128
ip1 link set up dev wg0
ip2 link set up dev wg0
tests() {
# Status before
n1 tools/wg
n2 tools/wg
# Ping over IPv4
n2 ping -c 10 -f -W 1 192.168.241.1
n1 ping -c 10 -f -W 1 192.168.241.2
# Ping over IPv6
n2 ping6 -c 10 -f -W 1 abcd::1
n1 ping6 -c 10 -f -W 1 abcd::2
# TCP over IPv4
n2 iperf3 -s -D -B 192.168.241.2
while ! ss -N $netns2 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
n1 iperf3 -Z -i 1 -n 1G "$@" -c 192.168.241.2
# TCP over IPv6
n1 iperf3 -s -D -B abcd::1
while ! ss -N $netns1 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
n2 iperf3 -Z -i 1 -n 1G "$@" -c abcd::1
# UDP over IPv4
n1 iperf3 -s -D -B 192.168.241.1
while ! ss -N $netns1 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
n2 iperf3 -Z -i 1 -n 1G "$@" -b 0 -u -c 192.168.241.1
# UDP over IPv6
n2 iperf3 -s -D -B abcd::2
while ! ss -N $netns2 -tlp 'sport = 5201' | grep -q iperf3; do sleep 0.1; done
n1 iperf3 -Z -i 1 -n 1G "$@" -b 0 -u -c abcd::2
# Status after
n1 tools/wg
n2 tools/wg
}
# Test using IPv4 as outer transport
n1 tools/wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
n2 tools/wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
tests
# Test using IPv6 as outer transport
n1 tools/wg set wg0 peer "$pub2" endpoint [::1]:2
n2 tools/wg set wg0 peer "$pub1" endpoint [::1]:1
tests
date
|