From c742d7e801e4688c9848e442324fb592b0315f07 Mon Sep 17 00:00:00 2001 From: Topi Miettinen Date: Wed, 9 Aug 2023 23:16:24 +0300 Subject: [PATCH] test: testing for networkd NFTSet feature --- .../conf/25-address-static.network | 1 + .../conf/25-dhcp-client-ipv4-only.network | 1 + .../25-dhcp-pd-downstream-dummy98.network | 1 + .../conf/25-ipv6-prefix-veth.network | 1 + test/test-network/systemd-networkd-tests.py | 72 +++++++++++++++++++ 5 files changed, 76 insertions(+) diff --git a/test/test-network/conf/25-address-static.network b/test/test-network/conf/25-address-static.network index a406aab7e48..67ea6aa088b 100644 --- a/test/test-network/conf/25-address-static.network +++ b/test/test-network/conf/25-address-static.network @@ -177,3 +177,4 @@ Address=::/73 Address=10.10.1.1/24 # just a random label which should exist NetLabel=system_u:object_r:root_t:s0 +NFTSet=address:inet:sd_test:addr4 prefix:inet:sd_test:network4 ifindex:inet:sd_test:ifindex diff --git a/test/test-network/conf/25-dhcp-client-ipv4-only.network b/test/test-network/conf/25-dhcp-client-ipv4-only.network index 80d6bdc1d42..653d7aa661b 100644 --- a/test/test-network/conf/25-dhcp-client-ipv4-only.network +++ b/test/test-network/conf/25-dhcp-client-ipv4-only.network @@ -28,6 +28,7 @@ AllowList=192.168.5.0/24 192.168.6.0/24 DenyList=192.168.5.0/24 # just a random label which should exist NetLabel=system_u:object_r:root_t:s0 +NFTSet=address:inet:sd_test:addr4 prefix:inet:sd_test:network4 ifindex:inet:sd_test:ifindex [Route] Destination=192.168.5.0/24 diff --git a/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network b/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network index 2babc432035..077b29c5d9e 100644 --- a/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network +++ b/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network @@ -16,3 +16,4 @@ Token=eui64 Token=::1a:2b:3c:4d # just a random label which should exist NetLabel=system_u:object_r:root_t:s0 +NFTSet=address:inet:sd_test:addr6 prefix:inet:sd_test:network6 ifindex:inet:sd_test:ifindex diff --git a/test/test-network/conf/25-ipv6-prefix-veth.network b/test/test-network/conf/25-ipv6-prefix-veth.network index 905e2fd2c86..80f1b8512e0 100644 --- a/test/test-network/conf/25-ipv6-prefix-veth.network +++ b/test/test-network/conf/25-ipv6-prefix-veth.network @@ -9,3 +9,4 @@ IPv6AcceptRA=true UseDomains=yes # just a random label which should exist NetLabel=system_u:object_r:root_t:s0 +NFTSet=address:inet:sd_test:addr6 prefix:inet:sd_test:network6 ifindex:inet:sd_test:ifindex diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index 7f922b46f6c..9ab7233a5df 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -947,6 +947,37 @@ class Utilities(): print(output) self.assertRegex(output, f'interface:{interface},address:{address},label:"{label}"') + def setup_nftset(self, filter_name, filter_type, flags=''): + if not shutil.which('nft'): + print('## Setting up NFT sets skipped: nft command not found.') + else: + if call(f'nft add table inet sd_test') != 0: + print('## Setting up NFT table failed.') + self.fail() + if call(f'nft add set inet sd_test {filter_name} {{ type {filter_type}; {flags} }}') != 0: + print('## Setting up NFT sets failed.') + self.fail() + + def teardown_nftset(self, *filters): + if not shutil.which('nft'): + print('## Tearing down NFT sets skipped: nft command not found.') + else: + for filter_name in filters: + if call(f'nft delete set inet sd_test {filter_name}') != 0: + print('## Tearing down NFT sets failed.') + self.fail() + if call(f'nft delete table inet sd_test') != 0: + print('## Tearing down NFT table failed.') + self.fail() + + def check_nftset(self, filter_name, contents): + if not shutil.which('nft'): + print('## Checking NFT sets skipped: nft command not found.') + else: + output = check_output(f'nft list set inet sd_test {filter_name}') + print(output) + self.assertRegex(output, r'.*elements = { [^}]*' + contents + r'[^}]* }.*') + class NetworkctlTests(unittest.TestCase, Utilities): def setUp(self): @@ -2435,6 +2466,9 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities): def test_address_static(self): copy_network_unit('25-address-static.network', '12-dummy.netdev', copy_dropins=False) start_networkd() + self.setup_nftset('addr4', 'ipv4_addr') + self.setup_nftset('network4', 'ipv4_addr', 'flags interval;') + self.setup_nftset('ifindex', 'iface_index') self.wait_online(['dummy98:routable']) self.verify_address_static( @@ -2462,6 +2496,12 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities): flag3=' noprefixroute', flag4=' home mngtmpaddr', ) + # nft set + self.check_nftset('addr4', r'10\.10\.1\.1') + self.check_nftset('network4', r'10\.10\.1\.0/24') + self.check_nftset('ifindex', 'dummy98') + + self.teardown_nftset('addr4', 'network4', 'ifindex') copy_network_unit('25-address-static.network.d/10-override.conf') networkctl_reload() @@ -4703,6 +4743,9 @@ class NetworkdRATests(unittest.TestCase, Utilities): def test_ipv6_prefix_delegation(self): copy_network_unit('25-veth.netdev', '25-ipv6-prefix.network', '25-ipv6-prefix-veth.network') + self.setup_nftset('addr6', 'ipv6_addr') + self.setup_nftset('network6', 'ipv6_addr', 'flags interval;') + self.setup_nftset('ifindex', 'iface_index') start_networkd() self.wait_online(['veth99:routable', 'veth-peer:degraded']) @@ -4722,6 +4765,14 @@ class NetworkdRATests(unittest.TestCase, Utilities): self.check_netlabel('veth99', '2002:da8:1::/64') self.check_netlabel('veth99', '2002:da8:2::/64') + self.check_nftset('addr6', '2002:da8:1:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*') + self.check_nftset('addr6', '2002:da8:2:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*') + self.check_nftset('network6', '2002:da8:1::/64') + self.check_nftset('network6', '2002:da8:2::/64') + self.check_nftset('ifindex', 'veth99') + + self.teardown_nftset('addr6', 'network6', 'ifindex') + def test_ipv6_token_static(self): copy_network_unit('25-veth.netdev', '25-ipv6-prefix.network', '25-ipv6-prefix-veth-token-static.network') start_networkd() @@ -5024,6 +5075,10 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities): def test_dhcp_client_ipv4_only(self): copy_network_unit('25-veth.netdev', '25-dhcp-server-veth-peer.network', '25-dhcp-client-ipv4-only.network') + self.setup_nftset('addr4', 'ipv4_addr') + self.setup_nftset('network4', 'ipv4_addr', 'flags interval;') + self.setup_nftset('ifindex', 'iface_index') + start_networkd() self.wait_online(['veth-peer:carrier']) start_dnsmasq('--dhcp-option=option:dns-server,192.168.5.6,192.168.5.7', @@ -5139,6 +5194,12 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities): self.check_netlabel('veth99', r'192\.168\.5\.0/24') + self.check_nftset('addr4', r'192\.168\.5\.1') + self.check_nftset('network4', r'192\.168\.5\.0/24') + self.check_nftset('ifindex', 'veth99') + + self.teardown_nftset('addr4', 'network4', 'ifindex') + def test_dhcp_client_ipv4_use_routes_gateway(self): first = True for (routes, gateway, dns_and_ntp_routes, classless) in itertools.product([True, False], repeat=4): @@ -5595,6 +5656,10 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities): '12-dummy.netdev', '25-dhcp-pd-downstream-dummy98.network', '13-dummy.netdev', '25-dhcp-pd-downstream-dummy99.network') + self.setup_nftset('addr6', 'ipv6_addr') + self.setup_nftset('network6', 'ipv6_addr', 'flags interval;') + self.setup_nftset('ifindex', 'iface_index') + start_networkd() self.wait_online(['veth-peer:routable']) start_isc_dhcpd(conf_file='isc-dhcpd-dhcp6pd.conf', ipv='-6') @@ -5782,6 +5847,13 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities): self.check_netlabel('dummy98', '3ffe:501:ffff:[2-9a-f]00::/64') + self.check_nftset('addr6', '3ffe:501:ffff:[2-9a-f]00:1a:2b:3c:4d') + self.check_nftset('addr6', '3ffe:501:ffff:[2-9a-f]00:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*') + self.check_nftset('network6', '3ffe:501:ffff:[2-9a-f]00::/64') + self.check_nftset('ifindex', 'dummy98') + + self.teardown_nftset('addr6', 'network6', 'ifindex') + def verify_dhcp4_6rd(self, tunnel_name): print('### ip -4 address show dev veth-peer scope global') output = check_output('ip -4 address show dev veth-peer scope global')