Commit | Line | Data |
---|---|---|
2ad8dd37 MW |
1 | Local unprivileged testing machinery |
2 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
3 | ||
4 | This directory contains some random utilities I've found useful for | |
5 | testing Secnet. It lets me run two (or more) instances on a single | |
6 | machine, and get them to exchange keys and transmit packets, all as an | |
7 | unprivileged user. | |
8 | ||
9 | This isn't standalone: other tools are needed to make it work. | |
10 | Dependencies are described along with the tools they're needed by. | |
11 | ||
12 | * mk-sshv1-rsapriv KEYRING TAG OUT: converts a Catacomb format RSA | |
13 | private key, in the given KEYRING with the given TAG, writing a file | |
14 | OUT in the SSH v1 format wanted by Secnet. This needs my Catacomb | |
15 | library, https://git.distorted.org.uk/~mdw/catacomb/, and the Python | |
16 | bindings, https://git.distorted.org.uk/~mdw/catacomb-python/. If | |
17 | you have some other way of generating RSA private keys in the right | |
18 | format, then you don't need this stuff. | |
19 | ||
20 | * mkping FROM-NAME FROM-ADDR TO-NAME TO-ADDR OUT: formats an IPv4 ICMP | |
21 | echo request packet with source and destination addresses FROM-ADDR | |
22 | and TO-ADDR respectively, with payload a simple string containing | |
23 | FROM-NAME and TO-NAME, and writes it to OUT, which may be `-' for | |
24 | standard output. This requires the Python `ImpactPacket' library, | |
25 | available in Debian as `python-impacket'. | |
26 | ||
27 | * fake-userv-ipif: is a call-compatible drop-in for `userv', but uses | |
28 | the `tripe-uslip' program instead. To use it, configure a | |
29 | `userv-ipif' netlink with userv-path = "./fake-userv-ipif", and | |
30 | service-name = "SOCKET", where SOCKET names a Unix-domain socket to | |
31 | use as the fake network interface. Secnet will start `tripe-uslip' | |
32 | and use it as its tunnel device, and you can send and receive | |
33 | packets with tripe-uslip -p SOCKET <IN and tripe-uslip -g SOCKET | |
34 | >OUT respectively. I find this useful with `mkping' above to | |
35 | generate packets, and `xxd' to inspect them. `tripe-uslip' is part | |
36 | of TrIPE, https://git.distorted.org.uk/~mdw/tripe/. | |
37 | ||
38 | There are also pieces of configuration in a fairly random state. | |
39 | They'll need tweaking to set up your particular test. | |
40 | ||
41 | mdw, 2017-07-13 |