ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2024-12-19 05:37:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Re-connect test for wireguard

Browse Source 
Issue genodelabs/genode#4957
This commit is contained in:
Pirmin Duss 2023-07-06 15:24:06 +02:00 committed by Christian Helmuth
parent 37a7119eb3
commit b53a630592
7 changed files with 512 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
repos/dde_linux/recipes/raw/test-wg_reconnect/content.mk Normal file
View File

@ -0,0 +1,8 @@
CONTENT = index.html
CONTENT += example.pem lighttpd.conf
CONTENT += dynamic.config
content: $(CONTENT)
$(CONTENT):
cp $(REP_DIR)/recipes/raw/test-wg_reconnect/$@ $@

74
repos/dde_linux/recipes/raw/test-wg_reconnect/dynamic.config Normal file
View File

@ -0,0 +1,74 @@
<config verbose="yes">
<rom name="config">
<inline description="fetchurl">
<config>
<parent-provides>
<service name="CPU"/>
<service name="LOG"/>
<service name="Nic"/>
<service name="PD"/>
<service name="ROM"/>
<service name="Rtc"/>
<service name="Timer"/>
<service name="Uplink"/>
</parent-provides>
<default-route>
<any-service> <parent/> </any-service>
</default-route>
<start name="wg_client" caps="100">
<binary name="wireguard"/>
<resource name="RAM" quantum="10M"/>
<config private_key="0CtU34qsl97IGiYKSO4tMaF/SJvy04zzeQkhZEbZSk0="
listen_port="49001" use_rtc="yes">
<peer public_key="GrvyALPZ3PQ2AWM+ovxJqnxSqKpmTyqUui5jH+C8I0E="
endpoint_ip="10.10.0.2"
endpoint_port="49002"
allowed_ip="10.10.10.0/24"/>
</config>
</start>
<start name="fetchurl" caps="200">
<resource name="RAM" quantum="10M"/>
<config>
<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc" socket="/socket"/>
<vfs>
<dir name="dev">
<log/>
<rtc/>
<jitterentropy name="random"/>
</dir>
<dir name="socket">
<lwip dhcp="yes"/>
</dir>
<dir name="out">
<ram/>
</dir>
</vfs>
<fetch url="10.10.10.2" path="/out/index.html" retry="3"/>
</config>
</start>
</config>
</inline>
<sleep milliseconds="8000"/>
<inline description="empty">
<config>
<parent-provides>
<service name="CPU"/>
<service name="LOG"/>
<service name="Nic"/>
<service name="PD"/>
<service name="ROM"/>
<service name="Rtc"/>
<service name="Timer"/>
<service name="Uplink"/>
</parent-provides>
</config>
</inline>
<sleep milliseconds="100"/>
</rom>
</config>

49
repos/dde_linux/recipes/raw/test-wg_reconnect/example.pem Normal file
View File

@ -0,0 +1,49 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4KHUZjDRew89c
wDlYPz9XFigcMDnDlHzdg2ByrGZIOUNYC5LH1QUK0TDbPP45Xx455niA0QY85dMQ
4DQx0Qk6+TDpVD3F2MYQgbIX6YkX9kgqX+jiHgsNzRD4KamNYmfUY+dJhlZEXWAF
uNSnRLvg4EH72AVKLLKiruGwkisW/AYU6dNE8iFOYL8Q75bBUADiQSDdD8vkpeXg
1NqxNyHPR6YRbA+vqcK0kbC8btKR9wG6m99OhTR4x3M87vtFFLNtJNEf54fYxi+L
1rljSqHbaXD+XJsVKgX+UlI1ZlYW4KqlMciMemkBp0CovCxLfsbMmkXAW2RONpkm
+sdO3CXFAgMBAAECggEAIKv00nqAVAuzP0ZPJivaZe3lYdLgfKVcXcRQGSgi4U9f
dkBfYxqU0W15mHvCspUAfM85s8jhrW4suwK739axJ4hMOCkc6Hvj78vCt+FT1C96
cCIh4/PmjCVEjHJ/xTifKRwsTWwK5AgY4AsBl0dneabvremOTrGNY7VZDwVvpZz1
qXkSNjQ63tZKj9cESO5ceGLzuBAG6JDDpqJM5fmdsQ36/QVz9Gogr8bXEWFM1TOo
lWVAPB/l6nqKurfMv+5th354+owv9CGKxqLBE1fujwE2VogBz7mkR/rnABOPU5ev
wQVLXoUkO2bI8Uvc28lChaiG6ihfdmNCmwoi56HFRQKBgQDj0WoIxiY7H42KV7Hh
uQZv/0aoQyjXuqJ7Vq0HdxOAxZr0GpSYgo3MTZWooI2AnAstPHXo0BsQr+XVijWm
xiDxMM4p9nrBzjEIHwyDaf62Pz/6lIPdenynLiEIOUbocJ3r0/3tCrY3U7fgjzYY
f9PZmXKEOOKdbVPyXG0OIJ/ADwKBgQDO8GkCdVGy/YB0X7ntqcBG0xgmDnKRmYpQ
X7Tb377AT2lzvftxaRVrx+UXtvFdy4xdrxjqHJCgOHT/fsAfjJlo7v1+KhTvE0pt
jCdJPLbzXJRwaISaeEaMJ/N8Vv/j2/YuoS5M5vh4NlWeO16HtF7N9V9cMEZ5iRW1
9G/eWgOo6wKBgQCY6rn3xblnuhgxogd+ccmGZ50v2FST6WyiyV0/Q4hNyVXnP+g6
LneriPBJzertRtChvpGOghGIs+jb2veESD1YZ+Aafp2LdTGoN98YXo9gGTiCpCmX
Al6lgOsfMAMOhnkaEKPC9ou0u3cTPk2bSEIVL1CUu/IwpW/RoIR7FR7ltQKBgQDA
RAmsqQfhPzqL5SzALclhhFuZcC7uLDOf/WvyJW37C000pjzp3/JxE2Y8pFKZDLc7
i6WgTi3pTssVXtRt+5nFLtcC02Jjxg6OvXr6xphMf6XC0rjxM/KH4c6Npd9V+1Y9
eK+l76rHNeRSgWKQvvqebO3On2O7I6yyQ4t0kTl5RQKBgQCbX1cTtNmNr6HNleXL
zfclKESSYy57uq3fQxhRrEE2ZNbemLOxEuoBCFYoMwpZEjC1GZyICrM7o5673/Ih
I0oZerUBmt2l8noZCQoITEa97bCbp2vIdHYnCf/H3Nf2qM329fc00kAmm7vUVRgM
4BqXnuFcAOuY68sgp9JArzK+EQ==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUYPOYXijLmMjjlgRCGHuZeyP0iPEwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoM
BFRlc3QxEjAQBgNVBAMMCTEwLjAuMi41NTAeFw0yMDA1MTQxNDQ0MzlaFw00NzA5
MzAxNDQ0MzlaMEUxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0w
CwYDVQQKDARUZXN0MRIwEAYDVQQDDAkxMC4wLjIuNTUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC4KHUZjDRew89cwDlYPz9XFigcMDnDlHzdg2ByrGZI
OUNYC5LH1QUK0TDbPP45Xx455niA0QY85dMQ4DQx0Qk6+TDpVD3F2MYQgbIX6YkX
9kgqX+jiHgsNzRD4KamNYmfUY+dJhlZEXWAFuNSnRLvg4EH72AVKLLKiruGwkisW
/AYU6dNE8iFOYL8Q75bBUADiQSDdD8vkpeXg1NqxNyHPR6YRbA+vqcK0kbC8btKR
9wG6m99OhTR4x3M87vtFFLNtJNEf54fYxi+L1rljSqHbaXD+XJsVKgX+UlI1ZlYW
4KqlMciMemkBp0CovCxLfsbMmkXAW2RONpkm+sdO3CXFAgMBAAGjUzBRMB0GA1Ud
DgQWBBQvSHuosL/SDn/8sKl0dpyPeFvOfjAfBgNVHSMEGDAWgBQvSHuosL/SDn/8
sKl0dpyPeFvOfjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBR
sGYEuRwIU/tmAmTbniptItN9VE0NNj9QeKh+hKQ9cHvhxmlBlf5b7Vb2JaRZdy88
kRIFKiNkyjgQVg+5KuEIcg17mHSal7zG+jIZ3c1bIpVCM4AjUe7EXl8LM4+dJ5sX
Bwpd34tUk2edOiT8R/dU7uesxCdeIQ2FfvKyrXca73nj+UTvFGXUk/9mWY8KAaYc
F/PWBhiZhJD4/dkUHJnrVtjpcqW2Io8bFmrMq2vfqQv+W2FZGCsHgXkAZO2E0jyQ
5eOrwzgWRtMc5PvoGvqQfefseaLs0fvSQdcPqfv88Eqk5NGTOCIW8/KEsBwFJuwa
EpA5DBBklj8UE2CdONvN
-----END CERTIFICATE-----

1
repos/dde_linux/recipes/raw/test-wg_reconnect/hash Normal file
View File

@ -0,0 +1 @@
2023-07-13 ea74be1d69e64b9f0a08e7bbf76c9e18960732ca

8
repos/dde_linux/recipes/raw/test-wg_reconnect/index.html Normal file
View File

@ -0,0 +1,8 @@
<html>
<head>
<title>Test site for wireguard</title>
</head>
<body>
Some content.
</body>
</html>

18
repos/dde_linux/recipes/raw/test-wg_reconnect/lighttpd.conf Normal file
View File

@ -0,0 +1,18 @@
# lighttpd configuration
server.port = 80
server.document-root = "/website"
server.event-handler = "select"
server.network-backend = "write"
server.upload-dirs = ( "/tmp" )
server.modules = ("mod_openssl")
index-file.names = (
"index.xhtml", "index.html", "index.htm"
)
mimetype.assign = (
".html" => "text/html",
".htm" => "text/html"
)
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/example.pem"
}

354
repos/dde_linux/run/wg_reconnect.run Normal file
View File

@ -0,0 +1,354 @@
# client restart tests for wireguard
#
# The run script sets up the following scenario:
#
# | 10.10.10.2/24 (DHCP) 10.10.10.1/24 (server_home)
# | ************ +++++++++++++++++++++++
# | * lighttpd * ----- + nic_router (server) +
# | ************ +++++++++++++++++++++++
# | 10.10.20.1/24 (vpn_inner) (no_arp)
# | |
# server init | |
# | 10.10.20.2/24 (DHCP)
# | %%%%%%%%%%%%%
# | % wg_server %
# | %%%%%%%%%%%%%
# | 10.10.0.2/24 (DHCP?)
# |
# |
# 10.10.0.1/24 (vpn_server)
# +++++++++++++++++++++++
# + nic_router (global) +
# +++++++++++++++++++++++
# 10.20.0.1/24 (vpn_client)
# |
# |
# | 10.20.0.2/24 (DHCP?)
# | %%%%%%%%%%%%%
# | % wg_client %
# | %%%%%%%%%%%%%
# | 10.20.20.2/24 (DHCP)
# | |
# client init | |
# | 10.20.20.1/24 (vpn_inner) (no_arp)
# | ************ +++++++++++++++++++++++
# | * fetchurl * ----- + nic_router (client) +
# | ************ +++++++++++++++++++++++
# | 10.20.10.2/24 (DHCP) 10.20.10.1/24 (client_home)
#
# The client side will be restarted two times to test reconnecting.
if { ![expr [have_board linux] || [have_board pc]] } {
puts "Run script is not supported on this platform."
exit 0
}
proc rtc_drv_binary_name { } {
switch [board] {
linux { return "linux_rtc_drv" }
pc { return "rtc_drv" }
}
}
proc rtc_drv_use_ld { } {
return [expr [have_board linux] ? "no" : "yes"]
}
create_boot_directory
set depot_archives { }
lappend depot_archives [depot_user]/raw/test-wg_reconnect
lappend depot_archives [depot_user]/src/[base_src]
lappend depot_archives [depot_user]/src/curl
lappend depot_archives [depot_user]/src/dynamic_rom
lappend depot_archives [depot_user]/src/fetchurl
lappend depot_archives [depot_user]/src/init
lappend depot_archives [depot_user]/src/libc
lappend depot_archives [depot_user]/src/libssh
lappend depot_archives [depot_user]/src/openssl
lappend depot_archives [depot_user]/src/lighttpd
lappend depot_archives [depot_user]/src/nic_router
lappend depot_archives [depot_user]/src/openssl
lappend depot_archives [depot_user]/src/posix
lappend depot_archives [depot_user]/src/report_rom
lappend depot_archives [depot_user]/src/[rtc_drv_binary_name]
lappend depot_archives [depot_user]/src/vfs
lappend depot_archives [depot_user]/src/vfs_jitterentropy
lappend depot_archives [depot_user]/src/vfs_lwip
lappend depot_archives [depot_user]/src/wireguard
lappend depot_archives [depot_user]/src/zlib
import_from_depot $depot_archives
set server_init_config {
<config>
<parent-provides>
<service name="CPU"/>
<service name="LOG"/>
<service name="Nic"/>
<service name="PD"/>
<service name="ROM"/>
<service name="Rtc"/>
<service name="Timer"/>
</parent-provides>
<start name="nic_router" caps="100">
<resource name="RAM" quantum="10M"/>
<provides>
<service name="Nic"/>
<service name="Uplink"/>
</provides>
<config verbose_domain_state="yes"
verbose_packets="no">
<domain name="vpn_inner" interface="10.10.20.1/24" use_arp="no">
<tcp dst="10.10.10.0/24"> <permit-any domain="server_home"/> </tcp>
<udp dst="10.10.10.0/24"> <permit-any domain="server_home"/> </udp>
<icmp dst="10.10.10.0/24" domain="server_home"/>
</domain>
<domain name="server_home" interface="10.10.10.1/24">
<dhcp-server ip_first="10.10.10.2" ip_last="10.10.10.2"/>
<tcp dst="0.0.0.0/0"> <permit-any domain="vpn_inner"/> </tcp>
<udp dst="0.0.0.0/0"> <permit-any domain="vpn_inner"/> </udp>
<icmp dst="0.0.0.0/0" domain="vpn_inner"/>
</domain>
<policy label="vpn_inner" domain="vpn_inner"/>
<default-policy domain="server_home"/>
</config>
<route>
<any-service> <parent/> </any-service>
</route>
</start>
<!--
- the wireguard server doesn't need a Rtc session, which is only
- used to initiate handshakes by the client.
-->
<start name="wg_server" caps="100">
<binary name="wireguard"/>
<resource name="RAM" quantum="10M"/>
<config private_key="8GRSQZMgG1uuvz4APIBqrDmiLj8L886r++hzixjjHFc="
listen_port="49002" use_rtc="no">
<peer public_key="r1Gslnm82X8NaijsWzPoSFzDZGl2tTJoPa+EJL4gYQw="
allowed_ip="10.20.10.0/24"/>
</config>
<route>
<service name="Uplink"> <child name="nic_router" label="vpn_inner"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="lighttpd" caps="200">
<resource name="RAM" quantum="50M" />
<config>
<arg value="lighttpd" />
<arg value="-f" />
<arg value="/etc/lighttpd/lighttpd.conf" />
<arg value="-D" />
<libc stdin="/dev/null" stdout="/dev/log" stderr="/dev/log"
rtc="/dev/rtc" rng="/dev/random" socket="/socket"/>
<vfs>
<dir name="dev">
<log/>
<null/>
<rtc/>
<jitterentropy name="random"/>
</dir>
<dir name="socket">
<lwip dhcp="yes"/>
</dir>
<dir name="etc">
<dir name="lighttpd">
<rom name="lighttpd.conf"/>
<rom name="example.pem"/>
</dir>
</dir>
<dir name="website">
<rom name="index.html"/>
</dir>
<dir name="tmp"> <ram/> </dir>
</vfs>
</config>
<route>
<service name="Nic"> <child name="nic_router"/> </service>
<service name="Rtc"> <parent/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
</config> }
set client_init_config {
<config>
<parent-provides>
<service name="CPU"/>
<service name="LOG"/>
<service name="Nic"/>
<service name="PD"/>
<service name="ROM"/>
<service name="Rtc"/>
<service name="Timer"/>
</parent-provides>
<start name="nic_router" caps="100">
<resource name="RAM" quantum="10M"/>
<provides>
<service name="Nic"/>
<service name="Uplink"/>
</provides>
<config verbose_domain_state="yes"
verbose_packets="no">
<domain name="vpn_inner" interface="10.20.20.1/24" use_arp="no">
<tcp dst="10.20.10.0/24"> <permit-any domain="client_home"/> </tcp>
<udp dst="10.20.10.0/24"> <permit-any domain="client_home"/> </udp>
<icmp dst="10.20.10.0/24" domain="client_home"/>
</domain>
<domain name="client_home" interface="10.20.10.1/24">
<dhcp-server ip_first="10.20.10.2" ip_last="10.20.10.2"/>
<tcp dst="0.0.0.0/0"> <permit-any domain="vpn_inner"/> </tcp>
<udp dst="0.0.0.0/0"> <permit-any domain="vpn_inner"/> </udp>
<icmp dst="0.0.0.0/0" domain="vpn_inner"/>
</domain>
<policy label="vpn_inner" domain="vpn_inner"/>
<default-policy domain="client_home"/>
</config>
<route>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="dynamic_rom" caps="100">
<resource name="RAM" quantum="2M"/>
<provides>
<service name="ROM"/>
</provides>
<route>
<service name="ROM" label="config"> <parent label="dynamic.config"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="init" caps="700">
<resource name="RAM" quantum="25M"/>
<route>
<service name="Nic" label="fetchurl -> lwip"> <child name="nic_router"/> </service>
<service name="Nic"> <parent/> </service>
<service name="ROM" label="config"> <child name="dynamic_rom"/> </service>
<service name="Rtc"> <parent/> </service>
<service name="Uplink"> <child name="nic_router" label="vpn_inner"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
</config> }
append config {
<config>
<parent-provides>
<service name="CPU"/>
<service name="IO_PORT"/>
<service name="LOG"/>
<service name="PD"/>
<service name="ROM"/>
<service name="Timer"/>
</parent-provides>
<start name="timer" caps="100">
<resource name="RAM" quantum="1M"/>
<provides>
<service name="Timer"/>
</provides>
<route>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="rtc_drv" caps="100" ld="} [rtc_drv_use_ld] {">
<binary name="} [rtc_drv_binary_name] {"/>
<resource name="RAM" quantum="1M" />
<provides>
<service name="Rtc"/>
</provides>
<route>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="nic_router" caps="100">
<resource name="RAM" quantum="10M"/>
<provides>
<service name="Nic"/>
<service name="Uplink"/>
</provides>
<config verbose_domain_state="yes"
verbose_packets="no">
<domain name="vpn_server" interface="10.10.0.1/24">
<dhcp-server ip_first="10.10.0.2" ip_last="10.10.0.2"/>
<tcp dst="10.20.0.0/24"> <permit-any domain="vpn_client"/> </tcp>
<udp dst="10.20.0.0/24"> <permit-any domain="vpn_client"/> </udp>
<icmp dst="10.20.0.0/24" domain="vpn_client"/>
</domain>
<domain name="vpn_client" interface="10.20.0.1/24">
<dhcp-server ip_first="10.20.0.2" ip_last="10.20.0.2"/>
<tcp dst="10.10.0.0/24"> <permit-any domain="vpn_server"/> </tcp>
<udp dst="10.10.0.0/24"> <permit-any domain="vpn_server"/> </udp>
<icmp dst="10.10.0.0/24" domain="vpn_server"/>
</domain>
<policy label="client" domain="vpn_client"/>
<policy label="server" domain="vpn_server"/>
</config>
<route>
<service name="Timer"> <child name="timer"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="server" caps="1000">
<binary name="init"/>
<resource name="RAM" quantum="112M"/>
} $server_init_config {
<route>
<service name="Nic"> <child name="nic_router" label="server"/> </service>
<service name="Timer"> <child name="timer"/> </service>
<service name="Rtc"> <child name="rtc_drv"/> </service>
<service name="Uplink"> <child name="nic_router" label="server"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="client" caps="1000">
<binary name="init"/>
<resource name="RAM" quantum="40M"/>
} $client_init_config {
<route>
<service name="Nic"> <child name="nic_router" label="client"/> </service>
<service name="Timer"> <child name="timer"/> </service>
<service name="Rtc"> <child name="rtc_drv"/> </service>
<service name="Uplink"> <child name="nic_router" label="client"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
</config> }
install_config $config
build_boot_image [build_artifacts]
append qemu_args "-nographic "
run_genode_until "fetchurl. exited with exit value 0.*\n" 12
for {set i 1 } { $i <= 2 } { incr i } {
puts "Wireguard reconnect $i"
run_genode_until "fetchurl. exited with exit value 0.*\n" 12 [output_spawn_id]
}