contrib: remove extraneous cruft
We don't want people packaging these or even using these scripts, which are only useful for limited development circumstances, so get rid of them. More widespread development testing techniques still exist in src/debug.mk and src/netns.sh Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
abb1128785
commit
1a64438b21
|
@ -1,8 +0,0 @@
|
|||
[Interface]
|
||||
ListenPort = 27183
|
||||
PrivateKey = oHilodMrwJSD1UUIkAkyCek2yqy1Frs5XuN47ShGFk0=
|
||||
|
||||
[Peer]
|
||||
PublicKey = S8hEvD+dam+PrwG4GrSPtE2Pl3ylO/oiUnUDXw3vnx0=
|
||||
AllowedIPs = 192.168.2.2/32
|
||||
Endpoint = 10.10.10.100:38292
|
|
@ -1,8 +0,0 @@
|
|||
[Interface]
|
||||
ListenPort = 38292
|
||||
PrivateKey = MPCo/WSBkm/DCkbEXUhtjc5u//IeD6wEeaw3Q2HxFGw=
|
||||
|
||||
[Peer]
|
||||
PublicKey = c5PwaIZcVZFDuoDdQJGnYe+fk+wt0qANARpnZDOvqhw=
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
Endpoint = 172.16.48.128:27183
|
|
@ -1,2 +0,0 @@
|
|||
Server: openvpn --dev tun --ifconfig 192.168.3.1 192.168.3.2 --secret static.key --cipher AES-256-CBC --auth SHA256 --port 61721
|
||||
Client: openvpn --dev tun --ifconfig 192.168.3.2 192.168.3.1 --secret static.key --cipher AES-256-CBC --auth SHA256 --port 61721 --remote 10.10.10.1
|
|
@ -1,21 +0,0 @@
|
|||
#
|
||||
# 2048 bit OpenVPN static key
|
||||
#
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
12abb34ac1cb716576642c7e4c9719af
|
||||
b311929f6bb5a7b9082c9ac3a02dc77a
|
||||
26fc65ba97e67d1dc5b273e72760caba
|
||||
6c8a3321acdf89bfd0469528bfc9ed89
|
||||
1c9c3762d1e18786c8b6dd590456f158
|
||||
d1f625810da1225864c23d7e848ca5d7
|
||||
18a49c4b7e640f8e51001ace9222de75
|
||||
e05177fd01b32d702bd12b45b085678c
|
||||
239e3927d98912174ac648d0e37a3247
|
||||
45cabcbea7cf70832f8800a8b863a35a
|
||||
933c5921fd65882b050bd1096a0c6c60
|
||||
638fb22eafb9f49c13573236d0427441
|
||||
c98869ba8de30e597452237527e7dcc6
|
||||
519058a919de4432203dc1d7622fb4d0
|
||||
f8f20c5350256cdf17bb3b85c5c838fc
|
||||
6ddeb4da9dae8b0b882cb043db483a9d
|
||||
-----END OpenVPN Static key V1-----
|
|
@ -0,0 +1,16 @@
|
|||
=== IMPORTANT NOTE ===
|
||||
|
||||
Do not use these scripts in production. They are simply a
|
||||
demonstration of how easy the `wg(8)` tool is at the command
|
||||
line, but by no means should you actually attempt to use
|
||||
these. They are horribly insecure and defeat the purpose
|
||||
of WireGuard.
|
||||
|
||||
STAY AWAY!
|
||||
|
||||
Distros: do not distribute these with your packages.
|
||||
|
||||
|
||||
|
||||
That all said, this is a pretty cool example of just how
|
||||
darn easy WireGuard can be.
|
|
@ -1,27 +0,0 @@
|
|||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
#include <linux/limits.h>
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
static const unsigned char handshake1[143] = { 1, 0 };
|
||||
int fd = socket(AF_INET, SOCK_DGRAM, 0);
|
||||
struct sockaddr_in addr = {
|
||||
.sin_family = AF_INET,
|
||||
.sin_port = htons(atoi(argv[2])),
|
||||
.sin_addr = inet_addr(argv[1])
|
||||
};
|
||||
connect(fd, (struct sockaddr *)&addr, sizeof(addr));
|
||||
|
||||
for (;;)
|
||||
send(fd, handshake1, sizeof(handshake1), 0);
|
||||
|
||||
close(fd);
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
#include <sys/socket.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
#include <linux/limits.h>
|
||||
#include <time.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
static unsigned long long interface_tx_bytes(const char *interface)
|
||||
{
|
||||
char buf[PATH_MAX];
|
||||
FILE *f;
|
||||
unsigned long long ret;
|
||||
snprintf(buf, PATH_MAX - 1, "/sys/class/net/%s/statistics/tx_bytes", interface);
|
||||
f = fopen(buf, "r");
|
||||
fscanf(f, "%llu", &ret);
|
||||
fclose(f);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
char buf[1500] = { 0 };
|
||||
unsigned long long before, after, i;
|
||||
struct timespec begin, end;
|
||||
double elapsed;
|
||||
struct ifreq req;
|
||||
int fd = socket(AF_INET, SOCK_DGRAM, 0);
|
||||
struct sockaddr_in addr = {
|
||||
.sin_family = AF_INET,
|
||||
.sin_port = htons(7271),
|
||||
.sin_addr = inet_addr(argv[3])
|
||||
};
|
||||
strcpy(req.ifr_name, argv[1]);
|
||||
ioctl(fd, SIOCGIFMTU, &req);
|
||||
|
||||
connect(fd, (struct sockaddr *)&addr, sizeof(addr));
|
||||
|
||||
before = interface_tx_bytes(argv[2]);
|
||||
clock_gettime(CLOCK_MONOTONIC, &begin);
|
||||
for (i = 0; i < 10000000; ++i)
|
||||
send(fd, buf, req.ifr_mtu - 28, 0);
|
||||
clock_gettime(CLOCK_MONOTONIC, &end);
|
||||
after = interface_tx_bytes(argv[2]);
|
||||
elapsed = end.tv_sec - begin.tv_sec + (end.tv_nsec - begin.tv_nsec) / 1000000000.0;
|
||||
|
||||
printf("%.4f mbps\n", ((after - before) * 8) / elapsed / 1000000.0);
|
||||
return 0;
|
||||
}
|
|
@ -1,48 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
PRIVATE_KEYS=("")
|
||||
PUBLIC_KEYS=("")
|
||||
|
||||
resetwg() {
|
||||
for i in {1..64}; do
|
||||
ip link delete dev wg${i} 2>/dev/null >/dev/null || true
|
||||
done
|
||||
}
|
||||
|
||||
for i in {1..64}; do
|
||||
next_key="$(wg genkey)"
|
||||
PRIVATE_KEYS+=("$next_key")
|
||||
PUBLIC_KEYS+=($(wg pubkey <<<"$next_key"))
|
||||
done
|
||||
|
||||
resetwg
|
||||
trap resetwg INT TERM EXIT
|
||||
|
||||
for i in {1..64}; do
|
||||
{ echo "[Interface]"
|
||||
echo "ListenPort = $(( $i + 31222 ))"
|
||||
echo "PrivateKey = ${PRIVATE_KEYS[$i]}"
|
||||
|
||||
for j in {1..64}; do
|
||||
[[ $i == $j ]] && continue
|
||||
echo "[Peer]"
|
||||
echo "PublicKey = ${PUBLIC_KEYS[$j]}"
|
||||
echo "AllowedIPs = 192.168.8.${j}/32"
|
||||
echo "Endpoint = 127.0.0.1:$(( $j + 31222 ))"
|
||||
done
|
||||
} > "/tmp/deviceload.conf"
|
||||
|
||||
ip link add dev wg${i} type wireguard
|
||||
wg setconf wg${i} "/tmp/deviceload.conf"
|
||||
ip link set up dev wg${i}
|
||||
rm "/tmp/deviceload.conf"
|
||||
done
|
||||
|
||||
ip address add dev wg1 192.168.8.1/24
|
||||
|
||||
while true; do
|
||||
for i in {2..64}; do
|
||||
echo hello | ncat -u 192.168.8.${i} 1234
|
||||
done
|
||||
done
|
|
@ -1,30 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
if [[ $(hostname) == "thinkpad" ]]; then
|
||||
make -C "$(dirname "$0")/../../src" remote-run
|
||||
for i in 128 129 130; do
|
||||
scp "$0" root@172.16.48.${i}:
|
||||
done
|
||||
for i in 128 129 130; do
|
||||
konsole --new-tab -e ssh -t root@172.16.48.${i} "./$(basename "$0")"
|
||||
done
|
||||
exit
|
||||
fi
|
||||
|
||||
# perf top -U --dsos '[wireguard]'
|
||||
|
||||
tmux new-session -s bigtest -d
|
||||
tmux new-window -n "server 6000" -t bigtest "iperf3 -p 6000 -s"
|
||||
tmux new-window -n "server 6001" -t bigtest "iperf3 -p 6001 -s"
|
||||
sleep 5
|
||||
me=$(ip -o -4 address show dev wg0 | sed 's/.*inet \([^ ]*\)\/.*/\1/' | cut -d . -f 4)
|
||||
for i in 1 2 3; do
|
||||
[[ $i == $me ]] && continue
|
||||
[[ $me == "1" ]] && port=6000
|
||||
[[ $me == "3" ]] && port=6001
|
||||
[[ $me == "2" && $i == "1" ]] && port=6000
|
||||
[[ $me == "2" && $i == "3" ]] && port=6001
|
||||
tmux new-window -n "client 192.168.2.${i}" -t bigtest "iperf3 -n 300000G -i 1 -p $port -c 192.168.2.${i}"
|
||||
done
|
||||
tmux attach -t bigtest
|
4
src/wg.8
4
src/wg.8
|
@ -131,7 +131,9 @@ to which outgoing traffic for this peer is directed. The catch-all
|
|||
\fI::/0\fP may be specified for matching all IPv6 addresses. Required.
|
||||
.IP \(bu
|
||||
Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
|
||||
port number. Optional.
|
||||
port number. This endpoint will be updated automatically to the most recent
|
||||
source IP address and port of correctly authenticated packets from the peer.
|
||||
Optional.
|
||||
|
||||
.SH CONFIGURATION FILE FORMAT EXAMPLE
|
||||
This example may be used as a model for writing configuration files.
|
||||
|
|
Reference in New Issue