mirror of
https://github.com/genodelabs/genode.git
synced 2025-01-05 13:34:11 +00:00
a845dffa63
A userland component that ports the Linux WireGuard kernel module (originally from kernel version 5.14.21) and integrates it via a NIC session (public network side) and an Uplink session (private network side). The WireGuard-specific device configuration is done through the component configuration. The port is done using lx_emul, lx_kit and the virt_linux targets. The commit adds also 4 corresponding run scripts of which 3 are fully automated of which 1 is added to the autopilot. :Warning: Although in principal functioning, the WireGuard port has not been exposed to a sufficient amount of real-world testing, so far. Therefore, we strongly recommend not to use it in any security-critical scenarios! There is no guarantee that the port meets any of the security goals pursued by the WireGuard protocol or other WireGuard implementations! Ref #4397
162 lines
4.5 KiB
Plaintext
162 lines
4.5 KiB
Plaintext
#
|
|
# Let the host Linux ping a Genode in Qemu through a Wireguard tunnel.
|
|
#
|
|
|
|
source ${genode_dir}/repos/dde_linux/run/wg_qemu_tap_preamble.inc
|
|
|
|
create_boot_directory
|
|
|
|
import_from_depot [depot_user]/src/[base_src] \
|
|
[depot_user]/pkg/[drivers_nic_pkg] \
|
|
[depot_user]/src/init \
|
|
[depot_user]/src/nic_router
|
|
|
|
install_config {
|
|
|
|
<config>
|
|
|
|
<parent-provides>
|
|
<service name="ROM"/>
|
|
<service name="IRQ"/>
|
|
<service name="IO_MEM"/>
|
|
<service name="IO_PORT"/>
|
|
<service name="PD"/>
|
|
<service name="RM"/>
|
|
<service name="CPU"/>
|
|
<service name="LOG"/>
|
|
</parent-provides>
|
|
|
|
<start name="timer" caps="100">
|
|
<resource name="RAM" quantum="1M"/>
|
|
<provides> <service name="Timer"/> </provides>
|
|
<route>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="drivers" caps="1000" managing_system="yes">
|
|
<resource name="RAM" quantum="32M"/>
|
|
<binary name="init"/>
|
|
<route>
|
|
<service name="ROM" label="config">
|
|
<parent label="drivers.config"/>
|
|
</service>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="Uplink"> <child name="outer_router"/> </service>
|
|
<service name="IO_MEM"> <parent/> </service>
|
|
<service name="IO_PORT"> <parent/> </service>
|
|
<service name="IRQ"> <parent/> </service>
|
|
<service name="RM"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="outer_router" caps="200">
|
|
<binary name="nic_router"/>
|
|
<resource name="RAM" quantum="10M"/>
|
|
<provides>
|
|
<service name="Nic"/>
|
|
<service name="Uplink"/>
|
|
</provides>
|
|
<config verbose_domain_state="yes" dhcp_discover_timeout_sec="1">
|
|
|
|
<policy label_prefix="drivers" domain="uplink"/>
|
|
<policy label="wireguard -> nic_session" domain="downlink"/>
|
|
|
|
<domain name="uplink">
|
|
<udp-forward port="49002" domain="downlink" to="10.0.3.2"/>
|
|
</domain>
|
|
|
|
<domain name="downlink" interface="10.0.3.1/24"/>
|
|
|
|
</config>
|
|
<route>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="inner_router" caps="200">
|
|
<binary name="nic_router"/>
|
|
<resource name="RAM" quantum="10M"/>
|
|
<provides>
|
|
<service name="Nic"/>
|
|
<service name="Uplink"/>
|
|
</provides>
|
|
<config verbose_domain_state="yes" dhcp_discover_timeout_sec="1">
|
|
|
|
<policy label="wireguard -> uplink_session" domain="uplink"/>
|
|
|
|
<domain name="uplink"
|
|
interface="10.0.9.2/24"
|
|
use_arp="no"
|
|
icmp_echo_server="yes"/>
|
|
|
|
</config>
|
|
<route>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="wireguard" caps="200">
|
|
<resource name="RAM" quantum="10M"/>
|
|
<config private_key="8GRSQZMgG1uuvz4APIBqrDmiLj8L886r++hzixjjHFc="
|
|
interface="10.0.3.2/24"
|
|
listen_port="49002">
|
|
|
|
<peer public_key="r1Gslnm82X8NaijsWzPoSFzDZGl2tTJoPa+EJL4gYQw="
|
|
allowed_ip="10.0.9.1/32" />
|
|
|
|
</config>
|
|
<route>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="Nic"> <child name="outer_router"/> </service>
|
|
<service name="Uplink"> <child name="inner_router"/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
</config>
|
|
}
|
|
|
|
build { app/wireguard }
|
|
|
|
build_boot_image { wireguard }
|
|
|
|
run_genode_until "uplink\] dynamic IP config: interface 10.0.2.3" 10
|
|
|
|
set timeout 60
|
|
|
|
append wait_for_string "64 bytes from 10.0.9.2.*"
|
|
append wait_for_string "64 bytes from 10.0.9.2.*"
|
|
append wait_for_string "64 bytes from 10.0.9.2.*\n"
|
|
|
|
eval spawn ping 10.0.9.2
|
|
expect {
|
|
-re $wait_for_string { }
|
|
eof {
|
|
puts stderr "Error: Spawned process died unexpectedly";
|
|
exit -3
|
|
}
|
|
timeout {
|
|
puts stderr "Error: Test execution timed out";
|
|
exit -2
|
|
}
|
|
}
|