From 1a64438b21836df64f5236809fc57b8cbbe83d1e Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 1 Jul 2016 23:36:59 +0200 Subject: [PATCH] contrib: remove extraneous cruft We don't want people packaging these or even using these scripts, which are only useful for limited development circumstances, so get rid of them. More widespread development testing techniques still exist in src/debug.mk and src/netns.sh Signed-off-by: Jason A. Donenfeld --- contrib/benchmarking/configs/other.conf | 8 ---- contrib/benchmarking/configs/thinkpad.conf | 8 ---- contrib/benchmarking/openvpn-config.txt | 2 - contrib/benchmarking/static.key | 21 --------- contrib/client-server-example/README | 16 +++++++ contrib/stress-testing/badpacket.c | 27 ------------ contrib/stress-testing/peg.c | 50 ---------------------- contrib/stress-testing/self-send.sh | 48 --------------------- contrib/stress-testing/threewayiperf.sh | 30 ------------- src/wg.8 | 4 +- 10 files changed, 19 insertions(+), 195 deletions(-) delete mode 100644 contrib/benchmarking/configs/other.conf delete mode 100644 contrib/benchmarking/configs/thinkpad.conf delete mode 100644 contrib/benchmarking/openvpn-config.txt delete mode 100644 contrib/benchmarking/static.key create mode 100644 contrib/client-server-example/README delete mode 100644 contrib/stress-testing/badpacket.c delete mode 100644 contrib/stress-testing/peg.c delete mode 100755 contrib/stress-testing/self-send.sh delete mode 100755 contrib/stress-testing/threewayiperf.sh diff --git a/contrib/benchmarking/configs/other.conf b/contrib/benchmarking/configs/other.conf deleted file mode 100644 index 4257914..0000000 --- a/contrib/benchmarking/configs/other.conf +++ /dev/null @@ -1,8 +0,0 @@ -[Interface] -ListenPort = 27183 -PrivateKey = oHilodMrwJSD1UUIkAkyCek2yqy1Frs5XuN47ShGFk0= - -[Peer] -PublicKey = S8hEvD+dam+PrwG4GrSPtE2Pl3ylO/oiUnUDXw3vnx0= -AllowedIPs = 192.168.2.2/32 -Endpoint = 10.10.10.100:38292 \ No newline at end of file diff --git a/contrib/benchmarking/configs/thinkpad.conf b/contrib/benchmarking/configs/thinkpad.conf deleted file mode 100644 index df02b2b..0000000 --- a/contrib/benchmarking/configs/thinkpad.conf +++ /dev/null @@ -1,8 +0,0 @@ -[Interface] -ListenPort = 38292 -PrivateKey = MPCo/WSBkm/DCkbEXUhtjc5u//IeD6wEeaw3Q2HxFGw= - -[Peer] -PublicKey = c5PwaIZcVZFDuoDdQJGnYe+fk+wt0qANARpnZDOvqhw= -AllowedIPs = 0.0.0.0/0 -Endpoint = 172.16.48.128:27183 diff --git a/contrib/benchmarking/openvpn-config.txt b/contrib/benchmarking/openvpn-config.txt deleted file mode 100644 index f51eabd..0000000 --- a/contrib/benchmarking/openvpn-config.txt +++ /dev/null @@ -1,2 +0,0 @@ -Server: openvpn --dev tun --ifconfig 192.168.3.1 192.168.3.2 --secret static.key --cipher AES-256-CBC --auth SHA256 --port 61721 -Client: openvpn --dev tun --ifconfig 192.168.3.2 192.168.3.1 --secret static.key --cipher AES-256-CBC --auth SHA256 --port 61721 --remote 10.10.10.1 diff --git a/contrib/benchmarking/static.key b/contrib/benchmarking/static.key deleted file mode 100644 index 53075fe..0000000 --- a/contrib/benchmarking/static.key +++ /dev/null @@ -1,21 +0,0 @@ -# -# 2048 bit OpenVPN static key -# ------BEGIN OpenVPN Static key V1----- -12abb34ac1cb716576642c7e4c9719af -b311929f6bb5a7b9082c9ac3a02dc77a -26fc65ba97e67d1dc5b273e72760caba -6c8a3321acdf89bfd0469528bfc9ed89 -1c9c3762d1e18786c8b6dd590456f158 -d1f625810da1225864c23d7e848ca5d7 -18a49c4b7e640f8e51001ace9222de75 -e05177fd01b32d702bd12b45b085678c -239e3927d98912174ac648d0e37a3247 -45cabcbea7cf70832f8800a8b863a35a -933c5921fd65882b050bd1096a0c6c60 -638fb22eafb9f49c13573236d0427441 -c98869ba8de30e597452237527e7dcc6 -519058a919de4432203dc1d7622fb4d0 -f8f20c5350256cdf17bb3b85c5c838fc -6ddeb4da9dae8b0b882cb043db483a9d ------END OpenVPN Static key V1----- diff --git a/contrib/client-server-example/README b/contrib/client-server-example/README new file mode 100644 index 0000000..fd3088a --- /dev/null +++ b/contrib/client-server-example/README @@ -0,0 +1,16 @@ + === IMPORTANT NOTE === + +Do not use these scripts in production. They are simply a +demonstration of how easy the `wg(8)` tool is at the command +line, but by no means should you actually attempt to use +these. They are horribly insecure and defeat the purpose +of WireGuard. + + STAY AWAY! + +Distros: do not distribute these with your packages. + + + +That all said, this is a pretty cool example of just how +darn easy WireGuard can be. diff --git a/contrib/stress-testing/badpacket.c b/contrib/stress-testing/badpacket.c deleted file mode 100644 index eee61fc..0000000 --- a/contrib/stress-testing/badpacket.c +++ /dev/null @@ -1,27 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -int main(int argc, char *argv[]) -{ - static const unsigned char handshake1[143] = { 1, 0 }; - int fd = socket(AF_INET, SOCK_DGRAM, 0); - struct sockaddr_in addr = { - .sin_family = AF_INET, - .sin_port = htons(atoi(argv[2])), - .sin_addr = inet_addr(argv[1]) - }; - connect(fd, (struct sockaddr *)&addr, sizeof(addr)); - - for (;;) - send(fd, handshake1, sizeof(handshake1), 0); - - close(fd); - - return 0; -} diff --git a/contrib/stress-testing/peg.c b/contrib/stress-testing/peg.c deleted file mode 100644 index 6b539fa..0000000 --- a/contrib/stress-testing/peg.c +++ /dev/null @@ -1,50 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -static unsigned long long interface_tx_bytes(const char *interface) -{ - char buf[PATH_MAX]; - FILE *f; - unsigned long long ret; - snprintf(buf, PATH_MAX - 1, "/sys/class/net/%s/statistics/tx_bytes", interface); - f = fopen(buf, "r"); - fscanf(f, "%llu", &ret); - fclose(f); - return ret; -} - -int main(int argc, char *argv[]) -{ - char buf[1500] = { 0 }; - unsigned long long before, after, i; - struct timespec begin, end; - double elapsed; - struct ifreq req; - int fd = socket(AF_INET, SOCK_DGRAM, 0); - struct sockaddr_in addr = { - .sin_family = AF_INET, - .sin_port = htons(7271), - .sin_addr = inet_addr(argv[3]) - }; - strcpy(req.ifr_name, argv[1]); - ioctl(fd, SIOCGIFMTU, &req); - - connect(fd, (struct sockaddr *)&addr, sizeof(addr)); - - before = interface_tx_bytes(argv[2]); - clock_gettime(CLOCK_MONOTONIC, &begin); - for (i = 0; i < 10000000; ++i) - send(fd, buf, req.ifr_mtu - 28, 0); - clock_gettime(CLOCK_MONOTONIC, &end); - after = interface_tx_bytes(argv[2]); - elapsed = end.tv_sec - begin.tv_sec + (end.tv_nsec - begin.tv_nsec) / 1000000000.0; - - printf("%.4f mbps\n", ((after - before) * 8) / elapsed / 1000000.0); - return 0; -} diff --git a/contrib/stress-testing/self-send.sh b/contrib/stress-testing/self-send.sh deleted file mode 100755 index eb7947b..0000000 --- a/contrib/stress-testing/self-send.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -set -e - -PRIVATE_KEYS=("") -PUBLIC_KEYS=("") - -resetwg() { - for i in {1..64}; do - ip link delete dev wg${i} 2>/dev/null >/dev/null || true - done -} - -for i in {1..64}; do - next_key="$(wg genkey)" - PRIVATE_KEYS+=("$next_key") - PUBLIC_KEYS+=($(wg pubkey <<<"$next_key")) -done - -resetwg -trap resetwg INT TERM EXIT - -for i in {1..64}; do - { echo "[Interface]" - echo "ListenPort = $(( $i + 31222 ))" - echo "PrivateKey = ${PRIVATE_KEYS[$i]}" - - for j in {1..64}; do - [[ $i == $j ]] && continue - echo "[Peer]" - echo "PublicKey = ${PUBLIC_KEYS[$j]}" - echo "AllowedIPs = 192.168.8.${j}/32" - echo "Endpoint = 127.0.0.1:$(( $j + 31222 ))" - done - } > "/tmp/deviceload.conf" - - ip link add dev wg${i} type wireguard - wg setconf wg${i} "/tmp/deviceload.conf" - ip link set up dev wg${i} - rm "/tmp/deviceload.conf" -done - -ip address add dev wg1 192.168.8.1/24 - -while true; do - for i in {2..64}; do - echo hello | ncat -u 192.168.8.${i} 1234 - done -done diff --git a/contrib/stress-testing/threewayiperf.sh b/contrib/stress-testing/threewayiperf.sh deleted file mode 100755 index 932d666..0000000 --- a/contrib/stress-testing/threewayiperf.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -set -e - -if [[ $(hostname) == "thinkpad" ]]; then - make -C "$(dirname "$0")/../../src" remote-run - for i in 128 129 130; do - scp "$0" root@172.16.48.${i}: - done - for i in 128 129 130; do - konsole --new-tab -e ssh -t root@172.16.48.${i} "./$(basename "$0")" - done - exit -fi - -# perf top -U --dsos '[wireguard]' - -tmux new-session -s bigtest -d -tmux new-window -n "server 6000" -t bigtest "iperf3 -p 6000 -s" -tmux new-window -n "server 6001" -t bigtest "iperf3 -p 6001 -s" -sleep 5 -me=$(ip -o -4 address show dev wg0 | sed 's/.*inet \([^ ]*\)\/.*/\1/' | cut -d . -f 4) -for i in 1 2 3; do - [[ $i == $me ]] && continue - [[ $me == "1" ]] && port=6000 - [[ $me == "3" ]] && port=6001 - [[ $me == "2" && $i == "1" ]] && port=6000 - [[ $me == "2" && $i == "3" ]] && port=6001 - tmux new-window -n "client 192.168.2.${i}" -t bigtest "iperf3 -n 300000G -i 1 -p $port -c 192.168.2.${i}" -done -tmux attach -t bigtest diff --git a/src/wg.8 b/src/wg.8 index 67b4cf7..eee6d7b 100644 --- a/src/wg.8 +++ b/src/wg.8 @@ -131,7 +131,9 @@ to which outgoing traffic for this peer is directed. The catch-all \fI::/0\fP may be specified for matching all IPv6 addresses. Required. .IP \(bu Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a -port number. Optional. +port number. This endpoint will be updated automatically to the most recent +source IP address and port of correctly authenticated packets from the peer. +Optional. .SH CONFIGURATION FILE FORMAT EXAMPLE This example may be used as a model for writing configuration files.