xref: /kernel/linux/linux-6.6/tools/testing/selftests/wireguard/netns.sh

31 netns0="wg-test-$$-0"
32 netns1="wg-test-$$-1"
33 netns2="wg-test-$$-2"
82 key1="$(pp wg genkey)"
83 key2="$(pp wg genkey)"
84 key3="$(pp wg genkey)"
85 key4="$(pp wg genkey)"
86 pub1="$(pp wg pubkey <<<"$key1")"
87 pub2="$(pp wg pubkey <<<"$key2")"
88 pub3="$(pp wg pubkey <<<"$key3")"
89 pub4="$(pp wg pubkey <<<"$key4")"
90 psk="$(pp wg genpsk)"
100 	n1 wg set wg0 \
106 	n2 wg set wg0 \
163 n1 wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
164 n2 wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
171 read _ rx_bytes tx_bytes < <(n2 wg show wg0 transfer)
173 read _ rx_bytes tx_bytes < <(n1 wg show wg0 transfer)
175 read _ timestamp < <(n1 wg show wg0 latest-handshakes)
187 n1 wg set wg0 peer "$pub2" endpoint [::1]:2
188 n2 wg set wg0 peer "$pub1" endpoint [::1]:1
197 n1 wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
198 n2 wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
213 n1 wg set wg0 listen-port 9999
214 n1 wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
216 [[ $(n2 wg show wg0 endpoints) == "$pub1	127.212.121.99:9999" ]]
219 n1 wg set wg0 listen-port 9998
220 n1 wg set wg0 peer "$pub2" endpoint [::1]:2
222 [[ $(n2 wg show wg0 endpoints) == "$pub1	[::1]:9998" ]]
225 n1 wg set wg0 peer "$pub2" allowed-ips 192.168.241.0/24
232 more_specific_key="$(pp wg genkey | pp wg pubkey)"
233 n1 wg set wg0 peer "$more_specific_key" allowed-ips 192.168.241.2/32
234 n2 wg set wg0 listen-port 9997
241 n1 wg set wg0 peer "$more_specific_key" remove
242 [[ $(n1 wg show wg0 endpoints) == "$pub2	[::1]:9997" ]]
245 n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" preshared-key <(echo "$psk") allowed-ips 192.168.241.2/32 endpoint 127.0.0.1:2
246 n2 wg set wg0 private-key <(echo "$key2") listen-port 2 peer "$pub1" preshared-key <(echo "$psk") allowed-ips 192.168.241.1/32
248 n1 wg set wg0 private-key <(echo "$key3")
249 n2 wg set wg0 peer "$pub3" preshared-key <(echo "$psk") allowed-ips 192.168.241.1/32 peer "$pub1" remove
251 n2 wg set wg0 peer "$pub3" remove
253 # Test that we can route wg through wg
258 n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" preshared-key <(echo "$psk") allowed-ips fd00::5:2/128 endpoint 127.0.0.1:2
259 n2 wg set wg0 private-key <(echo "$key2") listen-port 2 peer "$pub1" preshared-key <(echo "$psk") allowed-ips fd00::5:1/128 endpoint 127.212.121.99:9998
268 n1 wg set wg1 listen-port 5 private-key <(echo "$key3") peer "$pub4" allowed-ips 192.168.241.2/32,fd00::2/128 endpoint [fd00::5:2]:5
269 n2 wg set wg1 listen-port 5 private-key <(echo "$key4") peer "$pub3" allowed-ips 192.168.241.1/32,fd00::1/128 endpoint [fd00::5:1]:5
276 n1 wg set wg0 peer "$pub2" endpoint 192.168.241.2:7
279 read _ _ tx_bytes_before < <(n0 wg show wg1 transfer)
282 read _ _ tx_bytes_after < <(n0 wg show wg1 transfer)
339 n1 wg set wg0 peer "$pub2" endpoint 10.0.0.100:2 persistent-keepalive 1
342 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.1:1" ]]
346 n1 wg set wg0 peer "$pub2" persistent-keepalive 0
357 n1 wg set wg0 peer "$pub3" allowed-ips 192.168.242.2/32 endpoint 192.168.241.2:5
361 n2 wg set wg1 private-key <(echo "$key3") listen-port 5 peer "$pub1" allowed-ips 192.168.242.1/32
365 n1 wg set wg0 peer "$pub3" endpoint 192.168.242.2:5
367 n1 wg set wg0 peer "$pub3" remove
370 # Do a wg-quick(8)-style policy routing for the default route, making sure vethc has a v6 address to tease out bugs.
375 n1 wg set wg0 fwmark 51820 peer "$pub2" allowed-ips 192.168.99.7,abab::1111
392 n2 wg set wg0 peer "$pub1" remove
435 n1 wg set wg0 peer "$pub2" endpoint 10.0.0.2:2
440 n1 wg set wg0 peer "$pub2" endpoint [fd00:aa::2]:2
461 n2 wg set wg0 peer "$pub1" endpoint 10.0.0.1:1
463 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.1:1" ]]
464 n2 wg set wg0 peer "$pub1" endpoint [fd00:aa::1]:1
466 [[ $(n2 wg show wg0 endpoints) == "$pub1	[fd00:aa::1]:1" ]]
467 n2 wg set wg0 peer "$pub1" endpoint 10.0.0.2:1
469 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.2:1" ]]
470 n2 wg set wg0 peer "$pub1" endpoint [fd00:aa::2]:1
472 [[ $(n2 wg show wg0 endpoints) == "$pub1	[fd00:aa::2]:1" ]]
479 n2 wg set wg0 peer "$pub1" endpoint 10.50.0.1:1
481 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.50.0.1:1" ]]
506 n1 wg set wg0 peer "$pub2" endpoint 10.0.0.2:2
508 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.1:1" ]]
515 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.3:1" ]]
523 n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
524 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
527 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
532 n1 wg set wg0 peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
533 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
536 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
538 n1 wg set wg0 private-key <(echo "$key1")
539 read _ _ tx_bytes < <(n1 wg show wg0 transfer)
546 config=( "[Interface]" "PrivateKey=$(wg genkey)" "[Peer]" "PublicKey=$(wg genkey)" )
552 n0 wg setconf wg0 <(printf '%s\n' "${config[@]}")
554 for ip in $(n0 wg show wg0 allowed-ips); do
560 config=( "[Interface]" "PrivateKey=$(wg genkey)" )
562 	config+=( "[Peer]" "PublicKey=$(wg genkey)" )
567 n0 wg setconf wg0 <(printf '%s\n' "${config[@]}")
576 done < <(n0 wg show wg0 allowed-ips)
582 	config+=( "[Peer]" "PublicKey=$(wg genkey)" )
584 config+=( "[Peer]" "PublicKey=$(wg genkey)" "AllowedIPs=255.2.3.4/32,abcd::255/128" )
585 n0 wg setconf wg0 <(printf '%s\n' "${config[@]}")
586 n0 wg showconf wg0 > /dev/null
598 n0 wg set wg0 peer "$pub1"
599 n0 wg set wg0 peer "$pub2" allowed-ips "$allowedips"
610 } < <(n0 wg show wg0 allowed-ips)
613 ! n0 wg show doesnotexist || false
616 n0 wg set wg0 private-key <(echo "$key1") peer "$pub2" preshared-key <(echo "$psk")
617 [[ $(n0 wg show wg0 private-key) == "$key1" ]]
618 [[ $(n0 wg show wg0 preshared-keys) == "$pub2	$psk" ]]
619 n0 wg set wg0 private-key /dev/null peer "$pub2" preshared-key /dev/null
620 [[ $(n0 wg show wg0 private-key) == "(none)" ]]
621 [[ $(n0 wg show wg0 preshared-keys) == "$pub2	(none)" ]]
622 n0 wg set wg0 peer "$pub2"
623 n0 wg set wg0 private-key <(echo "$key2")
624 [[ $(n0 wg show wg0 public-key) == "$pub2" ]]
625 [[ -z $(n0 wg show wg0 peers) ]]
626 n0 wg set wg0 peer "$pub2"
627 [[ -z $(n0 wg show wg0 peers) ]]
628 n0 wg set wg0 private-key <(echo "$key1")
629 n0 wg set wg0 peer "$pub2"
630 [[ $(n0 wg show wg0 peers) == "$pub2" ]]
631 n0 wg set wg0 private-key <(echo "/${key1:1}")
632 [[ $(n0 wg show wg0 private-key) == "+${key1:1}" ]]
633 n0 wg set wg0 peer "$pub2" allowed-ips 0.0.0.0/0,10.0.0.0/8,100.0.0.0/10,172.16.0.0/12,192.168.0.0/16
634 n0 wg set wg0 peer "$pub2" allowed-ips 0.0.0.0/0
635 n0 wg set wg0 peer "$pub2" allowed-ips ::/0,1700::/111,5000::/4,e000::/37,9000::/75
636 n0 wg set wg0 peer "$pub2" allowed-ips ::/0
637 n0 wg set wg0 peer "$pub2" remove
639 	n0 wg set wg0 peer "$low_order_point" persistent-keepalive 1 endpoint 127.0.0.1:1111
641 [[ -n $(n0 wg show wg0 peers) ]]
664 n1 wg set wg0 peer "$pub2" endpoint [fd00:aa::2]:2
665 n2 wg set wg0 peer "$pub1" endpoint [fd00:aa::1]:1
685 	[[ $line =~ .*(wg[0-9]+:\ [A-Z][a-z]+\ ?[0-9]*)\ .*(created|destroyed).* ]] || continue

Indexes created Thu Nov 07 10:32:03 CST 2024