2017-03-06 13:23:45 +01:00
|
|
|
{ system ? builtins.currentSystem
|
2018-11-11 17:41:11 +09:00
|
|
|
, config ? {}
|
2018-11-12 16:18:58 +01:00
|
|
|
, pkgs ? import ../.. { inherit system config; }
|
2017-03-06 13:23:45 +01:00
|
|
|
# bool: whether to use networkd in the tests
|
|
|
|
|
, networkd }:
|
2016-02-29 20:06:55 +01:00
|
|
|
|
2018-11-11 17:41:11 +09:00
|
|
|
with import ../lib/testing.nix { inherit system pkgs; };
|
2016-02-29 20:06:55 +01:00
|
|
|
with pkgs.lib;
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
router = { config, pkgs, ... }:
|
|
|
|
|
with pkgs.lib;
|
|
|
|
|
let
|
|
|
|
|
vlanIfs = range 1 (length config.virtualisation.vlans);
|
|
|
|
|
in {
|
2018-09-02 12:13:06 +02:00
|
|
|
environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules
|
2016-02-29 20:06:55 +01:00
|
|
|
virtualisation.vlans = [ 1 2 3 ];
|
2017-01-14 19:01:46 +03:00
|
|
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
|
2016-02-29 20:06:55 +01:00
|
|
|
networking = {
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
useNetworkd = networkd;
|
2017-01-14 19:01:46 +03:00
|
|
|
firewall.checkReversePath = true;
|
|
|
|
|
firewall.allowedUDPPorts = [ 547 ];
|
2016-02-29 20:06:55 +01:00
|
|
|
interfaces = mkOverride 0 (listToAttrs (flip map vlanIfs (n:
|
|
|
|
|
nameValuePair "eth${toString n}" {
|
2017-12-03 05:14:54 +01:00
|
|
|
ipv4.addresses = [ { address = "192.168.${toString n}.1"; prefixLength = 24; } ];
|
|
|
|
|
ipv6.addresses = [ { address = "fd00:1234:5678:${toString n}::1"; prefixLength = 64; } ];
|
2016-02-29 20:06:55 +01:00
|
|
|
})));
|
|
|
|
|
};
|
2017-01-14 19:01:46 +03:00
|
|
|
services.dhcpd4 = {
|
2016-02-29 20:06:55 +01:00
|
|
|
enable = true;
|
|
|
|
|
interfaces = map (n: "eth${toString n}") vlanIfs;
|
|
|
|
|
extraConfig = ''
|
2017-01-14 19:01:46 +03:00
|
|
|
authoritative;
|
2016-02-29 20:06:55 +01:00
|
|
|
'' + flip concatMapStrings vlanIfs (n: ''
|
|
|
|
|
subnet 192.168.${toString n}.0 netmask 255.255.255.0 {
|
|
|
|
|
option routers 192.168.${toString n}.1;
|
2017-01-14 19:01:46 +03:00
|
|
|
# XXX: technically it's _not guaranteed_ that IP addresses will be
|
|
|
|
|
# issued from the first item in range onwards! We assume that in
|
|
|
|
|
# our tests however.
|
2016-02-29 20:06:55 +01:00
|
|
|
range 192.168.${toString n}.2 192.168.${toString n}.254;
|
|
|
|
|
}
|
|
|
|
|
'');
|
|
|
|
|
};
|
2017-01-14 19:01:46 +03:00
|
|
|
services.radvd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
config = flip concatMapStrings vlanIfs (n: ''
|
|
|
|
|
interface eth${toString n} {
|
|
|
|
|
AdvSendAdvert on;
|
|
|
|
|
AdvManagedFlag on;
|
|
|
|
|
AdvOtherConfigFlag on;
|
|
|
|
|
|
|
|
|
|
prefix fd00:1234:5678:${toString n}::/64 {
|
|
|
|
|
AdvAutonomous off;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
'');
|
|
|
|
|
};
|
|
|
|
|
services.dhcpd6 = {
|
|
|
|
|
enable = true;
|
|
|
|
|
interfaces = map (n: "eth${toString n}") vlanIfs;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
authoritative;
|
|
|
|
|
'' + flip concatMapStrings vlanIfs (n: ''
|
|
|
|
|
subnet6 fd00:1234:5678:${toString n}::/64 {
|
|
|
|
|
range6 fd00:1234:5678:${toString n}::2 fd00:1234:5678:${toString n}::2;
|
|
|
|
|
}
|
|
|
|
|
'');
|
|
|
|
|
};
|
2016-02-29 20:06:55 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
testCases = {
|
|
|
|
|
loopback = {
|
|
|
|
|
name = "Loopback";
|
|
|
|
|
machine.networking.useNetworkd = networkd;
|
|
|
|
|
testScript = ''
|
|
|
|
|
startAll;
|
|
|
|
|
$machine->waitForUnit("network.target");
|
|
|
|
|
$machine->succeed("ip addr show lo | grep -q 'inet 127.0.0.1/8 '");
|
|
|
|
|
$machine->succeed("ip addr show lo | grep -q 'inet6 ::1/128 '");
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
static = {
|
|
|
|
|
name = "Static";
|
|
|
|
|
nodes.router = router;
|
2018-07-20 20:56:59 +00:00
|
|
|
nodes.client = { pkgs, ... }: with pkgs.lib; {
|
2016-02-29 20:06:55 +01:00
|
|
|
virtualisation.vlans = [ 1 2 ];
|
2014-11-25 15:40:49 -08:00
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
2016-02-29 20:06:55 +01:00
|
|
|
useDHCP = false;
|
|
|
|
|
defaultGateway = "192.168.1.1";
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.eth1.ipv4.addresses = mkOverride 0 [
|
2016-02-29 20:06:55 +01:00
|
|
|
{ address = "192.168.1.2"; prefixLength = 24; }
|
|
|
|
|
{ address = "192.168.1.3"; prefixLength = 32; }
|
|
|
|
|
{ address = "192.168.1.10"; prefixLength = 32; }
|
|
|
|
|
];
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.eth2.ipv4.addresses = mkOverride 0 [
|
2016-02-29 20:06:55 +01:00
|
|
|
{ address = "192.168.2.2"; prefixLength = 24; }
|
|
|
|
|
];
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
|
|
|
|
};
|
2018-07-20 20:56:59 +00:00
|
|
|
testScript = { ... }:
|
2016-02-29 20:06:55 +01:00
|
|
|
''
|
2015-12-18 07:09:42 +01:00
|
|
|
startAll;
|
2016-02-29 20:06:55 +01:00
|
|
|
|
|
|
|
|
$client->waitForUnit("network.target");
|
2017-09-18 14:46:37 +02:00
|
|
|
$router->waitForUnit("network-online.target");
|
2016-02-29 20:06:55 +01:00
|
|
|
|
|
|
|
|
# Make sure dhcpcd is not started
|
|
|
|
|
$client->fail("systemctl status dhcpcd.service");
|
|
|
|
|
|
|
|
|
|
# Test vlan 1
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.3");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.10");
|
|
|
|
|
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.3");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.10");
|
|
|
|
|
|
|
|
|
|
# Test vlan 2
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.2.1");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.2.2");
|
|
|
|
|
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.2.1");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.2.2");
|
|
|
|
|
|
|
|
|
|
# Test default gateway
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.3.1");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.3.1");
|
2015-12-18 07:09:42 +01:00
|
|
|
'';
|
2016-02-29 20:06:55 +01:00
|
|
|
};
|
|
|
|
|
dhcpSimple = {
|
|
|
|
|
name = "SimpleDHCP";
|
|
|
|
|
nodes.router = router;
|
2018-07-20 20:56:59 +00:00
|
|
|
nodes.client = { pkgs, ... }: with pkgs.lib; {
|
2016-02-29 20:06:55 +01:00
|
|
|
virtualisation.vlans = [ 1 2 ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
|
|
|
|
useDHCP = true;
|
2017-01-14 19:01:46 +03:00
|
|
|
interfaces.eth1 = {
|
2017-12-03 05:13:14 +01:00
|
|
|
ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
ipv6.addresses = mkOverride 0 [ ];
|
2017-01-14 19:01:46 +03:00
|
|
|
};
|
|
|
|
|
interfaces.eth2 = {
|
2017-12-03 05:13:14 +01:00
|
|
|
ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
ipv6.addresses = mkOverride 0 [ ];
|
2017-01-14 19:01:46 +03:00
|
|
|
};
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
|
|
|
|
};
|
2018-07-20 20:56:59 +00:00
|
|
|
testScript = { ... }:
|
2016-02-29 20:06:55 +01:00
|
|
|
''
|
|
|
|
|
startAll;
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
$client->waitForUnit("network.target");
|
2017-09-18 14:46:37 +02:00
|
|
|
$router->waitForUnit("network-online.target");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
# Wait until we have an ip address on each interface
|
|
|
|
|
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
|
2017-01-14 19:01:46 +03:00
|
|
|
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'");
|
2016-02-29 20:06:55 +01:00
|
|
|
$client->waitUntilSucceeds("ip addr show dev eth2 | grep -q '192.168.2'");
|
2017-01-14 19:01:46 +03:00
|
|
|
$client->waitUntilSucceeds("ip addr show dev eth2 | grep -q 'fd00:1234:5678:2:'");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
# Test vlan 1
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
2017-02-15 11:05:50 +01:00
|
|
|
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::2");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
2017-02-15 11:05:50 +01:00
|
|
|
$router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::2");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
# Test vlan 2
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.2.1");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.2.2");
|
2017-02-15 11:05:50 +01:00
|
|
|
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::1");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::2");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.2.1");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.2.2");
|
2017-02-15 11:05:50 +01:00
|
|
|
$router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::1");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::2");
|
2016-02-29 20:06:55 +01:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
dhcpOneIf = {
|
|
|
|
|
name = "OneInterfaceDHCP";
|
|
|
|
|
nodes.router = router;
|
2018-07-20 20:56:59 +00:00
|
|
|
nodes.client = { pkgs, ... }: with pkgs.lib; {
|
2016-02-29 20:06:55 +01:00
|
|
|
virtualisation.vlans = [ 1 2 ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
interfaces.eth1 = {
|
2017-12-03 05:13:14 +01:00
|
|
|
ipv4.addresses = mkOverride 0 [ ];
|
2016-02-29 20:06:55 +01:00
|
|
|
useDHCP = true;
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.eth2.ipv4.addresses = mkOverride 0 [ ];
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
2016-02-29 20:06:55 +01:00
|
|
|
};
|
2018-07-20 20:56:59 +00:00
|
|
|
testScript = { ... }:
|
2016-02-29 20:06:55 +01:00
|
|
|
''
|
|
|
|
|
startAll;
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
# Wait for networking to come up
|
|
|
|
|
$client->waitForUnit("network.target");
|
|
|
|
|
$router->waitForUnit("network.target");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
# Wait until we have an ip address on each interface
|
|
|
|
|
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
# Test vlan 1
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
# Test vlan 2
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.2.1");
|
|
|
|
|
$client->fail("ping -c 1 192.168.2.2");
|
2014-11-25 15:40:49 -08:00
|
|
|
|
2016-02-29 20:06:55 +01:00
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.2.1");
|
|
|
|
|
$router->fail("ping -c 1 192.168.2.2");
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
bond = let
|
2018-07-20 20:56:59 +00:00
|
|
|
node = address: { pkgs, ... }: with pkgs.lib; {
|
2016-02-29 20:06:55 +01:00
|
|
|
virtualisation.vlans = [ 1 2 ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
bonds.bond = {
|
|
|
|
|
interfaces = [ "eth1" "eth2" ];
|
2017-02-02 22:21:03 +01:00
|
|
|
driverOptions.mode = "balance-rr";
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.eth1.ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
interfaces.eth2.ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
interfaces.bond.ipv4.addresses = mkOverride 0
|
2016-02-29 20:06:55 +01:00
|
|
|
[ { inherit address; prefixLength = 30; } ];
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
|
|
|
|
};
|
2016-02-29 20:06:55 +01:00
|
|
|
in {
|
|
|
|
|
name = "Bond";
|
|
|
|
|
nodes.client1 = node "192.168.1.1";
|
|
|
|
|
nodes.client2 = node "192.168.1.2";
|
2018-07-20 20:56:59 +00:00
|
|
|
testScript = { ... }:
|
2016-02-29 20:06:55 +01:00
|
|
|
''
|
|
|
|
|
startAll;
|
|
|
|
|
|
|
|
|
|
# Wait for networking to come up
|
|
|
|
|
$client1->waitForUnit("network.target");
|
|
|
|
|
$client2->waitForUnit("network.target");
|
|
|
|
|
|
|
|
|
|
# Test bonding
|
|
|
|
|
$client1->waitUntilSucceeds("ping -c 2 192.168.1.1");
|
|
|
|
|
$client1->waitUntilSucceeds("ping -c 2 192.168.1.2");
|
|
|
|
|
|
|
|
|
|
$client2->waitUntilSucceeds("ping -c 2 192.168.1.1");
|
|
|
|
|
$client2->waitUntilSucceeds("ping -c 2 192.168.1.2");
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
bridge = let
|
2018-07-20 20:56:59 +00:00
|
|
|
node = { address, vlan }: { pkgs, ... }: with pkgs.lib; {
|
2016-02-29 20:06:55 +01:00
|
|
|
virtualisation.vlans = [ vlan ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
|
|
|
|
useDHCP = false;
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.eth1.ipv4.addresses = mkOverride 0
|
2016-02-29 20:06:55 +01:00
|
|
|
[ { inherit address; prefixLength = 24; } ];
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
2016-02-29 20:06:55 +01:00
|
|
|
};
|
|
|
|
|
in {
|
|
|
|
|
name = "Bridge";
|
|
|
|
|
nodes.client1 = node { address = "192.168.1.2"; vlan = 1; };
|
|
|
|
|
nodes.client2 = node { address = "192.168.1.3"; vlan = 2; };
|
2018-07-20 20:56:59 +00:00
|
|
|
nodes.router = { pkgs, ... }: with pkgs.lib; {
|
2016-02-29 20:06:55 +01:00
|
|
|
virtualisation.vlans = [ 1 2 ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
bridges.bridge.interfaces = [ "eth1" "eth2" ];
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.eth1.ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
interfaces.eth2.ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
interfaces.bridge.ipv4.addresses = mkOverride 0
|
2016-02-29 20:06:55 +01:00
|
|
|
[ { address = "192.168.1.1"; prefixLength = 24; } ];
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
|
|
|
|
};
|
2018-07-20 20:56:59 +00:00
|
|
|
testScript = { ... }:
|
2016-02-29 20:06:55 +01:00
|
|
|
''
|
|
|
|
|
startAll;
|
|
|
|
|
|
|
|
|
|
# Wait for networking to come up
|
|
|
|
|
$client1->waitForUnit("network.target");
|
|
|
|
|
$client2->waitForUnit("network.target");
|
|
|
|
|
$router->waitForUnit("network.target");
|
|
|
|
|
|
|
|
|
|
# Test bridging
|
|
|
|
|
$client1->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$client1->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
|
|
|
|
$client1->waitUntilSucceeds("ping -c 1 192.168.1.3");
|
|
|
|
|
|
|
|
|
|
$client2->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$client2->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
|
|
|
|
$client2->waitUntilSucceeds("ping -c 1 192.168.1.3");
|
|
|
|
|
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.3");
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
macvlan = {
|
|
|
|
|
name = "MACVLAN";
|
|
|
|
|
nodes.router = router;
|
2018-07-20 20:56:59 +00:00
|
|
|
nodes.client = { pkgs, ... }: with pkgs.lib; {
|
2018-09-02 12:13:06 +02:00
|
|
|
environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules
|
2016-02-29 20:06:55 +01:00
|
|
|
virtualisation.vlans = [ 1 ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
2018-09-02 12:13:06 +02:00
|
|
|
firewall.logReversePathDrops = true; # to debug firewall rules
|
|
|
|
|
# reverse path filtering rules for the macvlan interface seem
|
|
|
|
|
# to be incorrect, causing the test to fail. Disable temporarily.
|
|
|
|
|
firewall.checkReversePath = false;
|
2016-02-29 20:06:55 +01:00
|
|
|
useDHCP = true;
|
|
|
|
|
macvlans.macvlan.interface = "eth1";
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.eth1.ipv4.addresses = mkOverride 0 [ ];
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
|
|
|
|
};
|
2018-07-20 20:56:59 +00:00
|
|
|
testScript = { ... }:
|
2016-02-29 20:06:55 +01:00
|
|
|
''
|
|
|
|
|
startAll;
|
|
|
|
|
|
|
|
|
|
# Wait for networking to come up
|
|
|
|
|
$client->waitForUnit("network.target");
|
|
|
|
|
$router->waitForUnit("network.target");
|
|
|
|
|
|
|
|
|
|
# Wait until we have an ip address on each interface
|
|
|
|
|
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
|
|
|
|
|
$client->waitUntilSucceeds("ip addr show dev macvlan | grep -q '192.168.1'");
|
|
|
|
|
|
2018-09-02 12:13:06 +02:00
|
|
|
# Print lots of diagnostic information
|
|
|
|
|
$router->log('**********************************************');
|
2016-02-29 20:06:55 +01:00
|
|
|
$router->succeed("ip addr >&2");
|
2018-09-02 12:13:06 +02:00
|
|
|
$router->succeed("ip route >&2");
|
|
|
|
|
$router->execute("iptables-save >&2");
|
|
|
|
|
$client->log('==============================================');
|
2016-02-29 20:06:55 +01:00
|
|
|
$client->succeed("ip addr >&2");
|
2018-09-02 12:13:06 +02:00
|
|
|
$client->succeed("ip route >&2");
|
|
|
|
|
$client->execute("iptables-save >&2");
|
|
|
|
|
$client->log('##############################################');
|
2016-02-29 20:06:55 +01:00
|
|
|
|
|
|
|
|
# Test macvlan creates routable ips
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
|
|
|
|
$client->waitUntilSucceeds("ping -c 1 192.168.1.3");
|
|
|
|
|
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.1");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.2");
|
|
|
|
|
$router->waitUntilSucceeds("ping -c 1 192.168.1.3");
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
sit = let
|
2018-07-20 20:56:59 +00:00
|
|
|
node = { address4, remote, address6 }: { pkgs, ... }: with pkgs.lib; {
|
2016-02-29 20:06:55 +01:00
|
|
|
virtualisation.vlans = [ 1 ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
|
|
|
|
firewall.enable = false;
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
sits.sit = {
|
|
|
|
|
inherit remote;
|
|
|
|
|
local = address4;
|
|
|
|
|
dev = "eth1";
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.eth1.ipv4.addresses = mkOverride 0
|
2016-02-29 20:06:55 +01:00
|
|
|
[ { address = address4; prefixLength = 24; } ];
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.sit.ipv6.addresses = mkOverride 0
|
2016-02-29 20:06:55 +01:00
|
|
|
[ { address = address6; prefixLength = 64; } ];
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
|
|
|
|
};
|
2016-02-29 20:06:55 +01:00
|
|
|
in {
|
|
|
|
|
name = "Sit";
|
|
|
|
|
nodes.client1 = node { address4 = "192.168.1.1"; remote = "192.168.1.2"; address6 = "fc00::1"; };
|
|
|
|
|
nodes.client2 = node { address4 = "192.168.1.2"; remote = "192.168.1.1"; address6 = "fc00::2"; };
|
2018-07-20 20:56:59 +00:00
|
|
|
testScript = { ... }:
|
2016-02-29 20:06:55 +01:00
|
|
|
''
|
|
|
|
|
startAll;
|
|
|
|
|
|
|
|
|
|
# Wait for networking to be configured
|
|
|
|
|
$client1->waitForUnit("network.target");
|
|
|
|
|
$client2->waitForUnit("network.target");
|
|
|
|
|
|
|
|
|
|
# Print diagnostic information
|
|
|
|
|
$client1->succeed("ip addr >&2");
|
|
|
|
|
$client2->succeed("ip addr >&2");
|
|
|
|
|
|
|
|
|
|
# Test ipv6
|
2017-02-15 11:05:50 +01:00
|
|
|
$client1->waitUntilSucceeds("ping -c 1 fc00::1");
|
|
|
|
|
$client1->waitUntilSucceeds("ping -c 1 fc00::2");
|
2016-02-29 20:06:55 +01:00
|
|
|
|
2017-02-15 11:05:50 +01:00
|
|
|
$client2->waitUntilSucceeds("ping -c 1 fc00::1");
|
|
|
|
|
$client2->waitUntilSucceeds("ping -c 1 fc00::2");
|
2016-02-29 20:06:55 +01:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
vlan = let
|
2018-07-20 20:56:59 +00:00
|
|
|
node = address: { pkgs, ... }: with pkgs.lib; {
|
2016-02-29 20:06:55 +01:00
|
|
|
#virtualisation.vlans = [ 1 ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
vlans.vlan = {
|
|
|
|
|
id = 1;
|
|
|
|
|
interface = "eth0";
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
2017-12-03 05:13:14 +01:00
|
|
|
interfaces.eth0.ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
interfaces.eth1.ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
interfaces.vlan.ipv4.addresses = mkOverride 0
|
2016-02-29 20:06:55 +01:00
|
|
|
[ { inherit address; prefixLength = 24; } ];
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
|
|
|
|
};
|
2016-02-29 20:06:55 +01:00
|
|
|
in {
|
|
|
|
|
name = "vlan";
|
|
|
|
|
nodes.client1 = node "192.168.1.1";
|
|
|
|
|
nodes.client2 = node "192.168.1.2";
|
2018-07-20 20:56:59 +00:00
|
|
|
testScript = { ... }:
|
2016-02-29 20:06:55 +01:00
|
|
|
''
|
|
|
|
|
startAll;
|
|
|
|
|
|
|
|
|
|
# Wait for networking to be configured
|
|
|
|
|
$client1->waitForUnit("network.target");
|
|
|
|
|
$client2->waitForUnit("network.target");
|
|
|
|
|
|
|
|
|
|
# Test vlan is setup
|
|
|
|
|
$client1->succeed("ip addr show dev vlan >&2");
|
|
|
|
|
$client2->succeed("ip addr show dev vlan >&2");
|
|
|
|
|
'';
|
2014-11-25 15:40:49 -08:00
|
|
|
};
|
2018-01-31 05:52:22 +01:00
|
|
|
virtual = {
|
|
|
|
|
name = "Virtual";
|
|
|
|
|
machine = {
|
|
|
|
|
networking.interfaces."tap0" = {
|
2017-12-03 05:14:54 +01:00
|
|
|
ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
|
|
|
|
|
ipv6.addresses = [ { address = "2001:1470:fffd:2096::"; prefixLength = 64; } ];
|
2018-01-31 05:52:22 +01:00
|
|
|
virtual = true;
|
|
|
|
|
};
|
|
|
|
|
networking.interfaces."tun0" = {
|
2017-12-03 05:14:54 +01:00
|
|
|
ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];
|
|
|
|
|
ipv6.addresses = [ { address = "2001:1470:fffd:2097::"; prefixLength = 64; } ];
|
2018-01-31 05:52:22 +01:00
|
|
|
virtual = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
testScript = ''
|
|
|
|
|
my $targetList = <<'END';
|
2018-08-26 14:24:07 +02:00
|
|
|
tap0: tap persist user 0
|
|
|
|
|
tun0: tun persist user 0
|
2018-01-31 05:52:22 +01:00
|
|
|
END
|
|
|
|
|
|
|
|
|
|
# Wait for networking to come up
|
|
|
|
|
$machine->start;
|
2018-09-20 13:20:12 +02:00
|
|
|
$machine->waitForUnit("network-online.target");
|
2018-01-31 05:52:22 +01:00
|
|
|
|
|
|
|
|
# Test interfaces set up
|
|
|
|
|
my $list = $machine->succeed("ip tuntap list | sort");
|
|
|
|
|
"$list" eq "$targetList" or die(
|
|
|
|
|
"The list of virtual interfaces does not match the expected one:\n",
|
|
|
|
|
"Result:\n", "$list\n",
|
|
|
|
|
"Expected:\n", "$targetList\n"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
# Test interfaces clean up
|
|
|
|
|
$machine->succeed("systemctl stop network-addresses-tap0");
|
2018-09-20 13:20:12 +02:00
|
|
|
$machine->sleep(10);
|
2018-01-31 05:52:22 +01:00
|
|
|
$machine->succeed("systemctl stop network-addresses-tun0");
|
2018-09-20 13:20:12 +02:00
|
|
|
$machine->sleep(10);
|
2018-01-31 05:52:22 +01:00
|
|
|
my $residue = $machine->succeed("ip tuntap list");
|
|
|
|
|
$residue eq "" or die(
|
|
|
|
|
"Some virtual interface has not been properly cleaned:\n",
|
|
|
|
|
"$residue\n"
|
|
|
|
|
);
|
|
|
|
|
'';
|
|
|
|
|
};
|
2018-02-01 15:50:35 +01:00
|
|
|
privacy = {
|
|
|
|
|
name = "Privacy";
|
2018-07-20 20:56:59 +00:00
|
|
|
nodes.router = { ... }: {
|
2018-02-01 15:50:35 +01:00
|
|
|
virtualisation.vlans = [ 1 ];
|
|
|
|
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
2017-12-03 05:14:54 +01:00
|
|
|
interfaces.eth1.ipv6.addresses = singleton {
|
|
|
|
|
address = "fd00:1234:5678:1::1";
|
|
|
|
|
prefixLength = 64;
|
2018-02-01 15:50:35 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
services.radvd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
config = ''
|
|
|
|
|
interface eth1 {
|
|
|
|
|
AdvSendAdvert on;
|
|
|
|
|
AdvManagedFlag on;
|
|
|
|
|
AdvOtherConfigFlag on;
|
|
|
|
|
|
|
|
|
|
prefix fd00:1234:5678:1::/64 {
|
|
|
|
|
AdvAutonomous on;
|
|
|
|
|
AdvOnLink on;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2019-07-09 08:06:52 +02:00
|
|
|
nodes.clientWithPrivacy = { pkgs, ... }: with pkgs.lib; {
|
2018-02-01 15:50:35 +01:00
|
|
|
virtualisation.vlans = [ 1 ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
|
|
|
|
useDHCP = true;
|
|
|
|
|
interfaces.eth1 = {
|
|
|
|
|
preferTempAddress = true;
|
2017-12-03 05:14:54 +01:00
|
|
|
ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
ipv6.addresses = mkOverride 0 [ ];
|
2018-02-01 15:50:35 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2019-07-09 08:06:52 +02:00
|
|
|
nodes.client = { pkgs, ... }: with pkgs.lib; {
|
|
|
|
|
virtualisation.vlans = [ 1 ];
|
|
|
|
|
networking = {
|
|
|
|
|
useNetworkd = networkd;
|
|
|
|
|
useDHCP = true;
|
|
|
|
|
interfaces.eth1 = {
|
|
|
|
|
preferTempAddress = false;
|
|
|
|
|
ipv4.addresses = mkOverride 0 [ ];
|
|
|
|
|
ipv6.addresses = mkOverride 0 [ ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2018-07-20 20:56:59 +00:00
|
|
|
testScript = { ... }:
|
2018-02-01 15:50:35 +01:00
|
|
|
''
|
|
|
|
|
startAll;
|
|
|
|
|
|
|
|
|
|
$client->waitForUnit("network.target");
|
2019-07-09 08:06:52 +02:00
|
|
|
$clientWithPrivacy->waitForUnit("network.target");
|
2018-02-01 15:50:35 +01:00
|
|
|
$router->waitForUnit("network-online.target");
|
|
|
|
|
|
|
|
|
|
# Wait until we have an ip address
|
2019-07-09 08:06:52 +02:00
|
|
|
$clientWithPrivacy->waitUntilSucceeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'");
|
2018-02-01 15:50:35 +01:00
|
|
|
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'");
|
|
|
|
|
|
|
|
|
|
# Test vlan 1
|
2019-07-09 08:06:52 +02:00
|
|
|
$clientWithPrivacy->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1");
|
2018-02-01 15:50:35 +01:00
|
|
|
$client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1");
|
|
|
|
|
|
|
|
|
|
# Test address used is temporary
|
2019-07-09 08:06:52 +02:00
|
|
|
$clientWithPrivacy->waitUntilSucceeds("! ip route get fd00:1234:5678:1::1 | grep -q ':[a-f0-9]*ff:fe[a-f0-9]*:'");
|
|
|
|
|
|
|
|
|
|
# Test address used is EUI-64
|
|
|
|
|
$client->waitUntilSucceeds("ip route get fd00:1234:5678:1::1 | grep -q ':[a-f0-9]*ff:fe[a-f0-9]*:'");
|
2018-02-01 15:50:35 +01:00
|
|
|
'';
|
|
|
|
|
};
|
2017-07-28 16:45:58 +02:00
|
|
|
routes = {
|
|
|
|
|
name = "routes";
|
|
|
|
|
machine = {
|
|
|
|
|
networking.useDHCP = false;
|
|
|
|
|
networking.interfaces."eth0" = {
|
2017-12-03 05:13:14 +01:00
|
|
|
ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];
|
|
|
|
|
ipv6.addresses = [ { address = "2001:1470:fffd:2097::"; prefixLength = 64; } ];
|
|
|
|
|
ipv6.routes = [
|
2017-07-28 16:45:58 +02:00
|
|
|
{ address = "fdfd:b3f0::"; prefixLength = 48; }
|
|
|
|
|
{ address = "2001:1470:fffd:2098::"; prefixLength = 64; via = "fdfd:b3f0::1"; }
|
|
|
|
|
];
|
2017-12-03 05:13:14 +01:00
|
|
|
ipv4.routes = [
|
2017-07-28 16:45:58 +02:00
|
|
|
{ address = "10.0.0.0"; prefixLength = 16; options = { mtu = "1500"; }; }
|
|
|
|
|
{ address = "192.168.2.0"; prefixLength = 24; via = "192.168.1.1"; }
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
virtualisation.vlans = [ ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
testScript = ''
|
|
|
|
|
my $targetIPv4Table = <<'END';
|
2018-08-26 14:15:15 +02:00
|
|
|
10.0.0.0/16 proto static scope link mtu 1500
|
2017-07-28 16:45:58 +02:00
|
|
|
192.168.1.0/24 proto kernel scope link src 192.168.1.2
|
2018-08-26 14:15:15 +02:00
|
|
|
192.168.2.0/24 via 192.168.1.1 proto static
|
2017-07-28 16:45:58 +02:00
|
|
|
END
|
|
|
|
|
|
|
|
|
|
my $targetIPv6Table = <<'END';
|
|
|
|
|
2001:1470:fffd:2097::/64 proto kernel metric 256 pref medium
|
2018-08-26 14:15:15 +02:00
|
|
|
2001:1470:fffd:2098::/64 via fdfd:b3f0::1 proto static metric 1024 pref medium
|
|
|
|
|
fdfd:b3f0::/48 proto static metric 1024 pref medium
|
2017-07-28 16:45:58 +02:00
|
|
|
END
|
|
|
|
|
|
|
|
|
|
$machine->start;
|
|
|
|
|
$machine->waitForUnit("network.target");
|
|
|
|
|
|
|
|
|
|
# test routing tables
|
|
|
|
|
my $ipv4Table = $machine->succeed("ip -4 route list dev eth0 | head -n3");
|
|
|
|
|
my $ipv6Table = $machine->succeed("ip -6 route list dev eth0 | head -n3");
|
|
|
|
|
"$ipv4Table" eq "$targetIPv4Table" or die(
|
|
|
|
|
"The IPv4 routing table does not match the expected one:\n",
|
|
|
|
|
"Result:\n", "$ipv4Table\n",
|
|
|
|
|
"Expected:\n", "$targetIPv4Table\n"
|
|
|
|
|
);
|
|
|
|
|
"$ipv6Table" eq "$targetIPv6Table" or die(
|
|
|
|
|
"The IPv6 routing table does not match the expected one:\n",
|
|
|
|
|
"Result:\n", "$ipv6Table\n",
|
|
|
|
|
"Expected:\n", "$targetIPv6Table\n"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
# test clean-up of the tables
|
|
|
|
|
$machine->succeed("systemctl stop network-addresses-eth0");
|
|
|
|
|
my $ipv4Residue = $machine->succeed("ip -4 route list dev eth0 | head -n-3");
|
|
|
|
|
my $ipv6Residue = $machine->succeed("ip -6 route list dev eth0 | head -n-3");
|
|
|
|
|
$ipv4Residue eq "" or die(
|
|
|
|
|
"The IPv4 routing table has not been properly cleaned:\n",
|
|
|
|
|
"$ipv4Residue\n"
|
|
|
|
|
);
|
|
|
|
|
$ipv6Residue eq "" or die(
|
|
|
|
|
"The IPv6 routing table has not been properly cleaned:\n",
|
|
|
|
|
"$ipv6Residue\n"
|
|
|
|
|
);
|
|
|
|
|
'';
|
|
|
|
|
};
|
2016-02-29 20:06:55 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
in mapAttrs (const (attrs: makeTest (attrs // {
|
|
|
|
|
name = "${attrs.name}-Networking-${if networkd then "Networkd" else "Scripted"}";
|
|
|
|
|
}))) testCases
|
