From 5be024a532b02973b3db360e07f74eddaec8f176 Mon Sep 17 00:00:00 2001 From: Eduard Drusa Date: Mon, 5 Jan 2026 01:38:43 +0100 Subject: [PATCH 1/3] Add support for CMake CMakeLists.txt is added trying to resemble the behavior of Makefile as close as possible, where it makes sense. mkcerts.sh updated to support customization of output directory in order to support separate source and binary directories. CMakeLists supports compiling static and shared WolfIP library and generates various test binaries. If -DBUILD_TESTING=ON is passed to CMake, then tests are build automatically and `test` target is available to run tests. Otherwise test binary targets are generated but are not built by default. If wolfssl is NOT found in the system, then tests relying on its presence are disabled completely. Same applies for xxd and openssl which are required for certificate generation step. CMakeLists will try to detect check library used by the unit test suite. If not found then unit tests driver build is disabled. If -DBUILD_TESTING is passed to CMake, then any of above missing will cause the build to fail as it is not possible to build all tests. Install step is provided that installs shared library. So far only native Linux build is tested. ASAN support is not implemented yet. --- CMakeLists.txt | 180 +++++++++++++++++++++++++++++++++++++++++ tools/certs/mkcerts.sh | 11 ++- 2 files changed, 187 insertions(+), 4 deletions(-) create mode 100644 CMakeLists.txt diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..96951c7 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,180 @@ +cmake_minimum_required(VERSION 3.16) + +include_directories(${CMAKE_CURRENT_SOURCE_DIR}) + +set(CMAKE_C_FLAGS "-Wall -Werror -Wextra -Wdeclaration-after-statement") +set(CMAKE_C_FLAGS_Debug "-g -ggdb") +set(CMAKE_C_FLAGS_Release "-O3") + +project(wolfip LANGUAGES C) + +if (BUILD_TESTING) + enable_testing() + set(TESTS_REQUIRED "REQUIRED") + set(EXCLUDE_TEST_BINARY ) +else() + set(EXCLUDE_TEST_BINARY EXCLUDE_FROM_ALL) +endif() + +find_package(wolfssl ${TESTS_REQUIRED}) +find_package(Check ${TESTS_REQUIRED}) +find_program(XXD_EXE xxd ${TESTS_REQUIRED}) +find_program(OPENSSL_EXE openssl ${TESTS_REQUIRED}) + +if (NOT wolfssl_FOUND) + message(STATUS "WolfSSL NOT found! Tests depending on WolfSSL are disabled") +endif() + +if (XXD_EXE STREQUAL "XXD_EXE-NOTFOUND") + message(STATUS "xxd NOT found! Tests depending on certificate support are disabled!") + set(XXD_FOUND FALSE) +else() + set(XXD_FOUND TRUE) +endif() + +if (OPENSSL_EXE STREQUAL "OPENSSL_EXE-NOTFOUND") + message(STATUS "openssl NOT found! Tests depending on certificate support are disabled!") + set(OPENSSL_FOUND FALSE) +else() + set(OPENSSL_FOUND TRUE) +endif() + +string(TOLOWER "${CMAKE_SYSTEM_NAME}" CMAKE_SYSTEM_NAME_LC) + +set(WOLFIP_TAP_SRC "${CMAKE_CURRENT_SOURCE_DIR}/src/port/posix/tap_${CMAKE_SYSTEM_NAME_LC}.c") + +if (NOT EXISTS "${WOLFIP_TAP_SRC}") + message(FATAL_ERROR "Unsupported platform: ${CMAKE_SYSTEM_NAME}") +endif() + +set(WOLFIP_SRCS src/wolfip.c ${WOLFIP_TAP_SRC}) + +set(CERT_SRCS + ${CMAKE_BINARY_DIR}/certs/server_cert.c + ${CMAKE_BINARY_DIR}/certs/server_key.c + ${CMAKE_BINARY_DIR}/certs/ca_cert.c + ) + +add_custom_command( + OUTPUT ${CERT_SRCS} + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/tools/certs/mkcerts.sh ${CMAKE_BINARY_DIR}/certs + BYPRODUCTS + ${CMAKE_BINARY_DIR}/certs/ca.crt + ${CMAKE_BINARY_DIR}/certs/ca.der + ${CMAKE_BINARY_DIR}/certs/ca.srl + ${CMAKE_BINARY_DIR}/certs/ca.key + ${CMAKE_BINARY_DIR}/certs/server.crt + ${CMAKE_BINARY_DIR}/certs/server.der + ${CMAKE_BINARY_DIR}/certs/server.csr + ${CMAKE_BINARY_DIR}/certs/server.key + ${CMAKE_BINARY_DIR}/certs/server.key.der + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} + ) + +add_library(wolfip SHARED ${WOLFIP_SRCS} src/port/posix/bsd_socket.c) +target_include_directories(wolfip PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) + +add_library(tcpip STATIC ${WOLFIP_SRCS}) +target_link_libraries(tcpip wolfip-core) +target_include_directories(tcpip PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) + +add_executable(test-evloop ${EXCLUDE_TEST_BINARY} + src/test/test_eventloop.c + ${WOLFIP_SRCS} + ) +add_test(NAME evloop COMMAND test-evloop) + +add_executable(test-dns ${EXCLUDE_TEST_BINARY} + src/test/test_dhcp_dns.c + ${WOLFIP_SRCS} + ) +add_test(NAME dns COMMAND test-dns) + +add_executable(tcpecho ${EXCLUDE_TEST_BINARY} + src/test/tcp_echo.c + src/port/posix/bsd_socket.c + ${WOLFIP_SRCS} + ) +add_test(NAME tcpecho COMMAND tcpecho) + +add_executable(tcp_netcat_poll ${EXCLUDE_TEST_BINARY} + src/test/tcp_netcat_poll.c + src/port/posix/bsd_socket.c + ${WOLFIP_SRCS} + ) +add_test(NAME tcp_netcat_poll COMMAND tcp_netcat_poll) + +add_executable(tcp_netcat_select ${EXCLUDE_TEST_BINARY} + src/test/tcp_netcat_select.c + src/port/posix/bsd_socket.c + ${WOLFIP_SRCS} + ) +add_test(NAME tcp_netcat_select COMMAND tcp_netcat_select) + + +if (wolfssl_FOUND AND XXD_FOUND AND OPENSSL_FOUND) + add_executable(test-wolfssl ${EXCLUDE_TEST_BINARY} + src/test/test_native_wolfssl.c + ${WOLFIP_SRCS} + src/port/wolfssl_io.c + ${CERT_SRCS} + ) + target_compile_definitions(test-wolfssl PRIVATE -DWOLFSSL_DEBUG -DWOLFSSL_WOLFIP) + target_compile_options(test-wolfssl PRIVATE -Wno-cpp) + target_link_libraries(test-wolfssl wolfssl) + add_test(NAME wolfssl COMMAND test-wolfssl) + + add_executable(ipfilter-logger ${EXCLUDE_TEST_BINARY} + ${WOLFIP_SRCS} + src/port/wolfssl_io.c + src/port/posix/bsd_socket.c + src/test/ipfilter_logger.c + ${CERT_SRCS} + ) + target_include_directories(ipfilter-logger PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) + target_compile_definitions(ipfilter-logger PRIVATE -DCONFIG_IPFILTER=1 -DWOLFSSL_WOLFIP) + target_link_libraries(ipfilter-logger wolfssl) + add_test(NAME ipfilter-logger COMMAND ipfilter-logger) + + add_executable(test-wolfssl-forwarding ${EXCLUDE_TEST_BINARY} + src/test/test_wolfssl_forwarding.c + ${WOLFIP_SRCS} + src/port/wolfssl_io.c + ${CERT_SRCS} + ) + target_compile_definitions(test-wolfssl-forwarding PRIVATE -DWOLFSSL_DEBUG -DWOLFSSL_WOLFIP -DWOLFIP_MAX_INTERFACES=2 -DWOLFIP_ENABLE_FORWARDING=1) + target_compile_options(test-wolfssl-forwarding PRIVATE -Wno-cpp) + target_link_libraries(test-wolfssl-forwarding wolfssl) + add_test(NAME wolfssl-forwarding COMMAND test-wolfssl-forwarding) + + add_executable(test-httpd ${EXCLUDE_TEST_BINARY} + src/test/test_httpd.c + ${WOLFIP_SRCS} + src/port/wolfssl_io.c + ${CMAKE_BINARY_DIR}/certs/server_key.c + ${CMAKE_BINARY_DIR}/certs/server_cert.c + src/http/httpd.c + ) + target_include_directories(test-httpd PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src/http) + target_compile_definitions(test-httpd PRIVATE -DWOLFSSL_DEBUG -DWOLFSSL_WOLFIP) + target_compile_options(test-httpd PRIVATE -Wno-cpp) + target_link_libraries(test-httpd wolfssl) + add_test(NAME httpd COMMAND test-httpd) +endif() + +add_executable(test-ttl-expired ${EXCLUDE_TEST_BINARY} + src/test/test_ttl_expired.c + src/wolfip.c + ) +target_compile_definitions(test-ttl-expired PRIVATE -DWOLFIP_MAX_INTERFACES=2 -DWOLFIP_ENABLE_FORWARDING=1) +add_test(NAME ttl-expired COMMAND test-ttl-expired) + +if (NOT Check_FOUND) + add_executable(unit ${EXCLUDE_TEST_BINARY} + src/test/unit/unit.c + ) + target_link_libraries(unit PRIVATE check) + add_test(NAME unit COMMAND unit) +endif() + +install(TARGETS wolfip RUNTIME DESTINATION bin) diff --git a/tools/certs/mkcerts.sh b/tools/certs/mkcerts.sh index be57804..2655305 100755 --- a/tools/certs/mkcerts.sh +++ b/tools/certs/mkcerts.sh @@ -1,6 +1,9 @@ #!/bin/sh # -OUT_DIR=build/certs +OUT_DIR=${1:=build/certs} +OUT_DIR_CVAR=$(echo $OUT_DIR | sed -e 's/\//_/g') + +echo ${OUT_DIR_CVAR} : "${COUNTRY:=US}" : "${STATE:=State}" @@ -26,7 +29,7 @@ openssl req -x509 -new -key "$OUT_DIR/ca.key" -sha256 -days "$DAYS_CA" -out "$OU # 3. Convert CA certificate to DER format openssl x509 -in "$OUT_DIR/ca.crt" -outform DER -out "$OUT_DIR/ca.der" -xxd -i "$OUT_DIR/ca.der" |sed -e "s/unsigned/const unsigned/g" | sed -e "s/build_certs_//g" > "$OUT_DIR/ca_cert.c" +xxd -i "$OUT_DIR/ca.der" |sed -e "s/unsigned/const unsigned/g" | sed -e "s/${OUT_DIR_CVAR}_//g" > "$OUT_DIR/ca_cert.c" echo "==== Generating server private key ====" @@ -37,7 +40,7 @@ openssl ecparam -name "$ECC_CURVE" -genkey -noout -out "$OUT_DIR/server.key" # 5. Convert server private key to DER format openssl pkcs8 -topk8 -nocrypt -in "$OUT_DIR/server.key" -outform DER -out "$OUT_DIR/server.key.der" -xxd -i "$OUT_DIR/server.key.der" |sed -e "s/unsigned/const unsigned/g" | sed -e "s/build_certs_//g" > "$OUT_DIR/server_key.c" +xxd -i "$OUT_DIR/server.key.der" |sed -e "s/unsigned/const unsigned/g" | sed -e "s/${OUT_DIR_CVAR}_//g" > "$OUT_DIR/server_key.c" echo "==== Generating server Certificate Signing Request (CSR) ====" @@ -55,6 +58,6 @@ openssl x509 -req -in "$OUT_DIR/server.csr" -CA "$OUT_DIR/ca.crt" -CAkey "$OUT_D # 8. Convert server certificate to DER format openssl x509 -in "$OUT_DIR/server.crt" -outform DER -out "$OUT_DIR/server.der" -xxd -i "$OUT_DIR/server.der" |sed -e "s/unsigned/const unsigned/g" | sed -e "s/build_certs_//g" > "$OUT_DIR/server_cert.c" +xxd -i "$OUT_DIR/server.der" |sed -e "s/unsigned/const unsigned/g" | sed -e "s/${OUT_DIR_CVAR}_//g" > "$OUT_DIR/server_cert.c" echo "==== Done ====" From e5b7480c6d64dc8041f6cddbc7d637749f715c47 Mon Sep 17 00:00:00 2001 From: Eduard Drusa Date: Sat, 17 Jan 2026 01:07:06 +0100 Subject: [PATCH 2/3] Fix: Use defaults correctly Use default path without attempt of overwriting $1. --- tools/certs/mkcerts.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/certs/mkcerts.sh b/tools/certs/mkcerts.sh index 2655305..40b47df 100755 --- a/tools/certs/mkcerts.sh +++ b/tools/certs/mkcerts.sh @@ -1,6 +1,6 @@ #!/bin/sh # -OUT_DIR=${1:=build/certs} +OUT_DIR=${1:-build/certs} OUT_DIR_CVAR=$(echo $OUT_DIR | sed -e 's/\//_/g') echo ${OUT_DIR_CVAR} From db3b39cc8845fc75a14363d1e5975f8bb0aea068 Mon Sep 17 00:00:00 2001 From: Eduard Drusa Date: Sat, 17 Jan 2026 01:09:40 +0100 Subject: [PATCH 3/3] CMake: Reject in-source build Check for in-source build and reject it. --- CMakeLists.txt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 96951c7..bd616c0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,14 @@ cmake_minimum_required(VERSION 3.16) +#--------------------------------------------------------------------------------------------- +# First, ensure no in-source build occurs. +#--------------------------------------------------------------------------------------------- +if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") + message(FATAL_ERROR + "In-source builds are not allowed for wolfIP.\ + Run cmake from a separate directory from where CMakeLists.txt lives.") +endif() + include_directories(${CMAKE_CURRENT_SOURCE_DIR}) set(CMAKE_C_FLAGS "-Wall -Werror -Wextra -Wdeclaration-after-statement")