xref: /kernel/linux/linux-5.10/tools/testing/selftests/wireguard/netns.sh

29 netns0="wg-test-$$-0"
30 netns1="wg-test-$$-1"
31 netns2="wg-test-$$-2"
80 key1="$(pp wg genkey)"
81 key2="$(pp wg genkey)"
82 key3="$(pp wg genkey)"
83 key4="$(pp wg genkey)"
84 pub1="$(pp wg pubkey <<<"$key1")"
85 pub2="$(pp wg pubkey <<<"$key2")"
86 pub3="$(pp wg pubkey <<<"$key3")"
87 pub4="$(pp wg pubkey <<<"$key4")"
88 psk="$(pp wg genpsk)"
98 	n1 wg set wg0 \
104 	n2 wg set wg0 \
163 n1 wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
164 n2 wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
171 read _ rx_bytes tx_bytes < <(n2 wg show wg0 transfer)
173 read _ rx_bytes tx_bytes < <(n1 wg show wg0 transfer)
175 read _ timestamp < <(n1 wg show wg0 latest-handshakes)
187 n1 wg set wg0 peer "$pub2" endpoint [::1]:2
188 n2 wg set wg0 peer "$pub1" endpoint [::1]:1
197 n1 wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
198 n2 wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
213 n1 wg set wg0 listen-port 9999
214 n1 wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
216 [[ $(n2 wg show wg0 endpoints) == "$pub1	127.212.121.99:9999" ]]
219 n1 wg set wg0 listen-port 9998
220 n1 wg set wg0 peer "$pub2" endpoint [::1]:2
222 [[ $(n2 wg show wg0 endpoints) == "$pub1	[::1]:9998" ]]
225 n1 wg set wg0 peer "$pub2" allowed-ips 192.168.241.0/24
232 more_specific_key="$(pp wg genkey | pp wg pubkey)"
233 n1 wg set wg0 peer "$more_specific_key" allowed-ips 192.168.241.2/32
234 n2 wg set wg0 listen-port 9997
241 n1 wg set wg0 peer "$more_specific_key" remove
242 [[ $(n1 wg show wg0 endpoints) == "$pub2	[::1]:9997" ]]
245 n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" preshared-key <(echo "$psk") allowed-ips 192.168.241.2/32 endpoint 127.0.0.1:2
246 n2 wg set wg0 private-key <(echo "$key2") listen-port 2 peer "$pub1" preshared-key <(echo "$psk") allowed-ips 192.168.241.1/32
248 n1 wg set wg0 private-key <(echo "$key3")
249 n2 wg set wg0 peer "$pub3" preshared-key <(echo "$psk") allowed-ips 192.168.241.1/32 peer "$pub1" remove
251 n2 wg set wg0 peer "$pub3" remove
253 # Test that we can route wg through wg
258 n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" preshared-key <(echo "$psk") allowed-ips fd00::5:2/128 endpoint 127.0.0.1:2
259 n2 wg set wg0 private-key <(echo "$key2") listen-port 2 peer "$pub1" preshared-key <(echo "$psk") allowed-ips fd00::5:1/128 endpoint 127.212.121.99:9998
268 n1 wg set wg1 listen-port 5 private-key <(echo "$key3") peer "$pub4" allowed-ips 192.168.241.2/32,fd00::2/128 endpoint [fd00::5:2]:5
269 n2 wg set wg1 listen-port 5 private-key <(echo "$key4") peer "$pub3" allowed-ips 192.168.241.1/32,fd00::1/128 endpoint [fd00::5:1]:5
276 n1 wg set wg0 peer "$pub2" endpoint 192.168.241.2:7
279 read _ _ tx_bytes_before < <(n0 wg show wg1 transfer)
282 read _ _ tx_bytes_after < <(n0 wg show wg1 transfer)
327 n1 wg set wg0 peer "$pub2" endpoint 10.0.0.100:2 persistent-keepalive 1
330 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.1:1" ]]
334 n1 wg set wg0 peer "$pub2" persistent-keepalive 0
345 n1 wg set wg0 peer "$pub3" allowed-ips 192.168.242.2/32 endpoint 192.168.241.2:5
349 n2 wg set wg1 private-key <(echo "$key3") listen-port 5 peer "$pub1" allowed-ips 192.168.242.1/32
353 n1 wg set wg0 peer "$pub3" endpoint 192.168.242.2:5
355 n1 wg set wg0 peer "$pub3" remove
358 # Do a wg-quick(8)-style policy routing for the default route, making sure vethc has a v6 address to tease out bugs.
363 n1 wg set wg0 fwmark 51820 peer "$pub2" allowed-ips 192.168.99.7,abab::1111
380 n2 wg set wg0 peer "$pub1" remove
423 n1 wg set wg0 peer "$pub2" endpoint 10.0.0.2:2
428 n1 wg set wg0 peer "$pub2" endpoint [fd00:aa::2]:2
449 n2 wg set wg0 peer "$pub1" endpoint 10.0.0.1:1
451 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.1:1" ]]
452 n2 wg set wg0 peer "$pub1" endpoint [fd00:aa::1]:1
454 [[ $(n2 wg show wg0 endpoints) == "$pub1	[fd00:aa::1]:1" ]]
455 n2 wg set wg0 peer "$pub1" endpoint 10.0.0.2:1
457 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.2:1" ]]
458 n2 wg set wg0 peer "$pub1" endpoint [fd00:aa::2]:1
460 [[ $(n2 wg show wg0 endpoints) == "$pub1	[fd00:aa::2]:1" ]]
467 n2 wg set wg0 peer "$pub1" endpoint 10.50.0.1:1
469 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.50.0.1:1" ]]
494 n1 wg set wg0 peer "$pub2" endpoint 10.0.0.2:2
496 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.1:1" ]]
503 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.3:1" ]]
511 n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
512 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
515 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
520 n1 wg set wg0 peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
521 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
524 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
526 n1 wg set wg0 private-key <(echo "$key1")
527 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
534 config=( "[Interface]" "PrivateKey=$(wg genkey)" "[Peer]" "PublicKey=$(wg genkey)" )
540 n0 wg setconf wg0 <(printf '%s\n' "${config[@]}")
542 for ip in $(n0 wg show wg0 allowed-ips); do
548 config=( "[Interface]" "PrivateKey=$(wg genkey)" )
550 	config+=( "[Peer]" "PublicKey=$(wg genkey)" )
555 n0 wg setconf wg0 <(printf '%s\n' "${config[@]}")
564 done < <(n0 wg show wg0 allowed-ips)
570 	config+=( "[Peer]" "PublicKey=$(wg genkey)" )
572 config+=( "[Peer]" "PublicKey=$(wg genkey)" "AllowedIPs=255.2.3.4/32,abcd::255/128" )
573 n0 wg setconf wg0 <(printf '%s\n' "${config[@]}")
574 n0 wg showconf wg0 > /dev/null
586 n0 wg set wg0 peer "$pub1"
587 n0 wg set wg0 peer "$pub2" allowed-ips "$allowedips"
598 } < <(n0 wg show wg0 allowed-ips)
601 ! n0 wg show doesnotexist || false
604 n0 wg set wg0 private-key <(echo "$key1") peer "$pub2" preshared-key <(echo "$psk")
605 [[ $(n0 wg show wg0 private-key) == "$key1" ]]
606 [[ $(n0 wg show wg0 preshared-keys) == "$pub2	$psk" ]]
607 n0 wg set wg0 private-key /dev/null peer "$pub2" preshared-key /dev/null
608 [[ $(n0 wg show wg0 private-key) == "(none)" ]]
609 [[ $(n0 wg show wg0 preshared-keys) == "$pub2	(none)" ]]
610 n0 wg set wg0 peer "$pub2"
611 n0 wg set wg0 private-key <(echo "$key2")
612 [[ $(n0 wg show wg0 public-key) == "$pub2" ]]
613 [[ -z $(n0 wg show wg0 peers) ]]
614 n0 wg set wg0 peer "$pub2"
615 [[ -z $(n0 wg show wg0 peers) ]]
616 n0 wg set wg0 private-key <(echo "$key1")
617 n0 wg set wg0 peer "$pub2"
618 [[ $(n0 wg show wg0 peers) == "$pub2" ]]
619 n0 wg set wg0 private-key <(echo "/${key1:1}")
620 [[ $(n0 wg show wg0 private-key) == "+${key1:1}" ]]
621 n0 wg set wg0 peer "$pub2" allowed-ips 0.0.0.0/0,10.0.0.0/8,100.0.0.0/10,172.16.0.0/12,192.168.0.0/16
622 n0 wg set wg0 peer "$pub2" allowed-ips 0.0.0.0/0
623 n0 wg set wg0 peer "$pub2" allowed-ips ::/0,1700::/111,5000::/4,e000::/37,9000::/75
624 n0 wg set wg0 peer "$pub2" allowed-ips ::/0
625 n0 wg set wg0 peer "$pub2" remove
627 	n0 wg set wg0 peer "$low_order_point" persistent-keepalive 1 endpoint 127.0.0.1:1111
629 [[ -n $(n0 wg show wg0 peers) ]]
652 n1 wg set wg0 peer "$pub2" endpoint [fd00:aa::2]:2
653 n2 wg set wg0 peer "$pub1" endpoint [fd00:aa::1]:1
673 	[[ $line =~ .*(wg[0-9]+:\ [A-Z][a-z]+\ ?[0-9]*)\ .*(created|destroyed).* ]] || continue

Indexes created Thu Nov 07 10:32:03 CST 2024