Lines Matching +full:key +full:- +full:up
2 # SPDX-License-Identifier: BSD-2-Clause
44 kldload -n if_wg || atf_skip "This test requires if_wg and could not load it"
61 jexec wgtest1 ifconfig ${epair}a ${endpoint1}/24 up
62 jexec wgtest2 ifconfig ${epair}b ${endpoint2}/24 up
65 echo "$pri1" | jexec wgtest1 wg set $wg1 listen-port 12345 \
66 private-key /dev/stdin
67 pub1=$(jexec wgtest1 wg show $wg1 public-key)
69 echo "$pri2" | jexec wgtest2 wg set $wg2 listen-port 12345 \
70 private-key /dev/stdin
71 pub2=$(jexec wgtest2 wg show $wg2 public-key)
73 atf_check -s exit:0 -o ignore \
75 endpoint ${endpoint2}:12345 allowed-ips ${tunnel2}/32
76 atf_check -s exit:0 \
77 jexec wgtest1 ifconfig $wg1 inet ${tunnel1}/24 up
79 atf_check -s exit:0 -o ignore \
81 endpoint ${endpoint1}:12345 allowed-ips ${tunnel1}/32
82 atf_check -s exit:0 \
83 jexec wgtest2 ifconfig $wg2 inet ${tunnel2}/24 up
86 atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 -t 5 $tunnel2
87 atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1
108 kldload -n if_wg || atf_skip "This test requires if_wg and could not load it"
109 kldload -n netmap || atf_skip "This test requires netmap and could not load it"
128 jexec wgtest1 ifconfig ${epair}a ${endpoint1}/24 up
129 jexec wgtest2 ifconfig ${epair}b ${endpoint2}/24 up
132 echo "$pri1" | jexec wgtest1 wg set $wg1 listen-port 12345 \
133 private-key /dev/stdin
134 pub1=$(jexec wgtest1 wg show $wg1 public-key)
136 echo "$pri2" | jexec wgtest2 wg set $wg2 listen-port 12345 \
137 private-key /dev/stdin
138 pub2=$(jexec wgtest2 wg show $wg2 public-key)
140 atf_check -s exit:0 -o ignore \
142 endpoint ${endpoint2}:12345 allowed-ips ${tunnel2}/32,${tunnel4}/32
143 atf_check -s exit:0 \
144 jexec wgtest1 ifconfig $wg1 inet ${tunnel1}/24 up
146 atf_check -s exit:0 -o ignore \
148 endpoint ${endpoint1}:12345 allowed-ips ${tunnel1}/32,${tunnel3}/32
149 atf_check -s exit:0 \
150 jexec wgtest2 ifconfig $wg2 inet ${tunnel2}/24 up
152 atf_check -s exit:0 -o ignore \
154 atf_check -s exit:0 -o ignore \
157 jexec wgtest1 $(atf_get_srcdir)/bridge -w 0 -i netmap:wg0 -i netmap:wg0^ &
161 atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 -t 5 $tunnel2
162 atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1
164 # Verify that we cannot ping non-existent tunnel addresses. In general
166 atf_check -s exit:2 -o ignore jexec wgtest1 ping -c 1 -t 2 $tunnel4
167 atf_check -s exit:2 -o ignore jexec wgtest2 ping -c 1 -t 2 $tunnel3
170 atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 $tunnel2
171 atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1
173 atf_check -s exit:0 kill -TERM $pid
187 # public key identical to the host's.
200 kldload -n if_wg || atf_skip "This test requires if_wg and could not load it"
210 echo "$pri1" | jexec wgtest1 wg set $wg1 listen-port 12345 \
211 private-key /dev/stdin
212 pub1=$(jexec wgtest1 wg show $wg1 public-key)
214 atf_check -s exit:0 \
216 allowed-ips "${tunnel1}/32"
218 atf_check -o empty jexec wgtest1 wg show ${wg1} peers
226 # When a wg(8) interface has a private key reassigned that corresponds to the
227 # public key already on a peer, the kernel is expected to deconfigure the peer
232 atf_set descr 'Create a wg(4) interface and assign peer key to device'
241 kldload -n if_wg || atf_skip "This test requires if_wg and could not load it"
252 echo "$pri1" | jexec wgtest1 wg set $wg1 listen-port 12345 \
253 private-key /dev/stdin
254 pub1=$(jexec wgtest1 wg show $wg1 public-key)
256 echo "$pri2" | jexec wgtest1 wg set $wg2 listen-port 12345 \
257 private-key /dev/stdin
259 atf_check -s exit:0 -o ignore \
261 allowed-ips "${tunnel1}/32"
263 atf_check -o not-empty jexec wgtest1 wg show ${wg2} peers
265 jexec wgtest1 sh -c "echo '${pri1}' > pri1"
267 atf_check -s exit:0 \
268 jexec wgtest1 wg set ${wg2} private-key pri1
270 atf_check -o empty jexec wgtest1 wg show ${wg2} peers
293 kldload -n if_wg
309 echo "$pri1" | jexec wgtest1 wg set $wg1 listen-port 12345 \
310 private-key /dev/stdin
311 pub1=$(jexec wgtest1 wg show $wg1 public-key)
312 echo "$pri2" | jexec wgtest2 wg set $wg2 listen-port 12346 \
313 private-key /dev/stdin
314 pub2=$(jexec wgtest2 wg show $wg2 public-key)
316 atf_check -s exit:0 -o ignore \
318 endpoint 127.0.0.1:12346 allowed-ips ${tunnel2}/32
319 atf_check -s exit:0 \
320 jexec wgtest1 ifconfig $wg1 inet ${tunnel1}/24 up
322 atf_check -s exit:0 -o ignore \
324 endpoint 127.0.0.1:12345 allowed-ips ${tunnel1}/32
325 atf_check -s exit:0 \
326 jexec wgtest2 ifconfig $wg2 inet ${tunnel2}/24 up
331 atf_check -o not-match:"histogram" jexec wgtest1 netstat -s -p icmp
332 atf_check -o not-match:"histogram" jexec wgtest2 netstat -s -p icmp
335 atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 -t 5 $tunnel2
336 atf_check -o match:"echo reply: 1" jexec wgtest1 netstat -s -p icmp
337 atf_check -o match:"echo: 1" jexec wgtest2 netstat -s -p icmp
339 atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1
340 atf_check -o match:"echo reply: 1" jexec wgtest2 netstat -s -p icmp
341 atf_check -o match:"echo: 1" jexec wgtest1 netstat -s -p icmp