contrib: remove extraneous cruft

We don't want people packaging these or even using these scripts, which
are only useful for limited development circumstances, so get rid of
them. More widespread development testing techniques still exist in
src/debug.mk and src/netns.sh

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2016-07-01 23:36:59 +02:00
parent abb1128785
commit 1a64438b21
10 changed files with 19 additions and 195 deletions

View file

@ -1,8 +0,0 @@
[Interface]
ListenPort = 27183
PrivateKey = oHilodMrwJSD1UUIkAkyCek2yqy1Frs5XuN47ShGFk0=
[Peer]
PublicKey = S8hEvD+dam+PrwG4GrSPtE2Pl3ylO/oiUnUDXw3vnx0=
AllowedIPs = 192.168.2.2/32
Endpoint = 10.10.10.100:38292

View file

@ -1,8 +0,0 @@
[Interface]
ListenPort = 38292
PrivateKey = MPCo/WSBkm/DCkbEXUhtjc5u//IeD6wEeaw3Q2HxFGw=
[Peer]
PublicKey = c5PwaIZcVZFDuoDdQJGnYe+fk+wt0qANARpnZDOvqhw=
AllowedIPs = 0.0.0.0/0
Endpoint = 172.16.48.128:27183

View file

@ -1,2 +0,0 @@
Server: openvpn --dev tun --ifconfig 192.168.3.1 192.168.3.2 --secret static.key --cipher AES-256-CBC --auth SHA256 --port 61721
Client: openvpn --dev tun --ifconfig 192.168.3.2 192.168.3.1 --secret static.key --cipher AES-256-CBC --auth SHA256 --port 61721 --remote 10.10.10.1

View file

@ -1,21 +0,0 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
12abb34ac1cb716576642c7e4c9719af
b311929f6bb5a7b9082c9ac3a02dc77a
26fc65ba97e67d1dc5b273e72760caba
6c8a3321acdf89bfd0469528bfc9ed89
1c9c3762d1e18786c8b6dd590456f158
d1f625810da1225864c23d7e848ca5d7
18a49c4b7e640f8e51001ace9222de75
e05177fd01b32d702bd12b45b085678c
239e3927d98912174ac648d0e37a3247
45cabcbea7cf70832f8800a8b863a35a
933c5921fd65882b050bd1096a0c6c60
638fb22eafb9f49c13573236d0427441
c98869ba8de30e597452237527e7dcc6
519058a919de4432203dc1d7622fb4d0
f8f20c5350256cdf17bb3b85c5c838fc
6ddeb4da9dae8b0b882cb043db483a9d
-----END OpenVPN Static key V1-----

View file

@ -0,0 +1,16 @@
=== IMPORTANT NOTE ===
Do not use these scripts in production. They are simply a
demonstration of how easy the `wg(8)` tool is at the command
line, but by no means should you actually attempt to use
these. They are horribly insecure and defeat the purpose
of WireGuard.
STAY AWAY!
Distros: do not distribute these with your packages.
That all said, this is a pretty cool example of just how
darn easy WireGuard can be.

View file

@ -1,27 +0,0 @@
#include <stdlib.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <linux/limits.h>
int main(int argc, char *argv[])
{
static const unsigned char handshake1[143] = { 1, 0 };
int fd = socket(AF_INET, SOCK_DGRAM, 0);
struct sockaddr_in addr = {
.sin_family = AF_INET,
.sin_port = htons(atoi(argv[2])),
.sin_addr = inet_addr(argv[1])
};
connect(fd, (struct sockaddr *)&addr, sizeof(addr));
for (;;)
send(fd, handshake1, sizeof(handshake1), 0);
close(fd);
return 0;
}

View file

@ -1,50 +0,0 @@
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <linux/limits.h>
#include <time.h>
#include <stdio.h>
#include <string.h>
static unsigned long long interface_tx_bytes(const char *interface)
{
char buf[PATH_MAX];
FILE *f;
unsigned long long ret;
snprintf(buf, PATH_MAX - 1, "/sys/class/net/%s/statistics/tx_bytes", interface);
f = fopen(buf, "r");
fscanf(f, "%llu", &ret);
fclose(f);
return ret;
}
int main(int argc, char *argv[])
{
char buf[1500] = { 0 };
unsigned long long before, after, i;
struct timespec begin, end;
double elapsed;
struct ifreq req;
int fd = socket(AF_INET, SOCK_DGRAM, 0);
struct sockaddr_in addr = {
.sin_family = AF_INET,
.sin_port = htons(7271),
.sin_addr = inet_addr(argv[3])
};
strcpy(req.ifr_name, argv[1]);
ioctl(fd, SIOCGIFMTU, &req);
connect(fd, (struct sockaddr *)&addr, sizeof(addr));
before = interface_tx_bytes(argv[2]);
clock_gettime(CLOCK_MONOTONIC, &begin);
for (i = 0; i < 10000000; ++i)
send(fd, buf, req.ifr_mtu - 28, 0);
clock_gettime(CLOCK_MONOTONIC, &end);
after = interface_tx_bytes(argv[2]);
elapsed = end.tv_sec - begin.tv_sec + (end.tv_nsec - begin.tv_nsec) / 1000000000.0;
printf("%.4f mbps\n", ((after - before) * 8) / elapsed / 1000000.0);
return 0;
}

View file

@ -1,48 +0,0 @@
#!/bin/bash
set -e
PRIVATE_KEYS=("")
PUBLIC_KEYS=("")
resetwg() {
for i in {1..64}; do
ip link delete dev wg${i} 2>/dev/null >/dev/null || true
done
}
for i in {1..64}; do
next_key="$(wg genkey)"
PRIVATE_KEYS+=("$next_key")
PUBLIC_KEYS+=($(wg pubkey <<<"$next_key"))
done
resetwg
trap resetwg INT TERM EXIT
for i in {1..64}; do
{ echo "[Interface]"
echo "ListenPort = $(( $i + 31222 ))"
echo "PrivateKey = ${PRIVATE_KEYS[$i]}"
for j in {1..64}; do
[[ $i == $j ]] && continue
echo "[Peer]"
echo "PublicKey = ${PUBLIC_KEYS[$j]}"
echo "AllowedIPs = 192.168.8.${j}/32"
echo "Endpoint = 127.0.0.1:$(( $j + 31222 ))"
done
} > "/tmp/deviceload.conf"
ip link add dev wg${i} type wireguard
wg setconf wg${i} "/tmp/deviceload.conf"
ip link set up dev wg${i}
rm "/tmp/deviceload.conf"
done
ip address add dev wg1 192.168.8.1/24
while true; do
for i in {2..64}; do
echo hello | ncat -u 192.168.8.${i} 1234
done
done

View file

@ -1,30 +0,0 @@
#!/bin/bash
set -e
if [[ $(hostname) == "thinkpad" ]]; then
make -C "$(dirname "$0")/../../src" remote-run
for i in 128 129 130; do
scp "$0" root@172.16.48.${i}:
done
for i in 128 129 130; do
konsole --new-tab -e ssh -t root@172.16.48.${i} "./$(basename "$0")"
done
exit
fi
# perf top -U --dsos '[wireguard]'
tmux new-session -s bigtest -d
tmux new-window -n "server 6000" -t bigtest "iperf3 -p 6000 -s"
tmux new-window -n "server 6001" -t bigtest "iperf3 -p 6001 -s"
sleep 5
me=$(ip -o -4 address show dev wg0 | sed 's/.*inet \([^ ]*\)\/.*/\1/' | cut -d . -f 4)
for i in 1 2 3; do
[[ $i == $me ]] && continue
[[ $me == "1" ]] && port=6000
[[ $me == "3" ]] && port=6001
[[ $me == "2" && $i == "1" ]] && port=6000
[[ $me == "2" && $i == "3" ]] && port=6001
tmux new-window -n "client 192.168.2.${i}" -t bigtest "iperf3 -n 300000G -i 1 -p $port -c 192.168.2.${i}"
done
tmux attach -t bigtest

View file

@ -131,7 +131,9 @@ to which outgoing traffic for this peer is directed. The catch-all
\fI::/0\fP may be specified for matching all IPv6 addresses. Required.
.IP \(bu
Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
port number. Optional.
port number. This endpoint will be updated automatically to the most recent
source IP address and port of correctly authenticated packets from the peer.
Optional.
.SH CONFIGURATION FILE FORMAT EXAMPLE
This example may be used as a model for writing configuration files.