Maximilian Bosch
b199005979
nixos/tests/systemd-networkd-vrf: fix eval
...
The `Metric`-values of routes defined via `networkd` must be integers.
2020-10-13 22:39:02 +02:00
Maximilian Bosch
04a10b3355
nixos/tests/systemd-networkd-vrf: add comment about trailing whitespaces in test script
...
For further context please read the discussion in https://github.com/NixOS/nixpkgs/pull/94607#issuecomment-668070029
2020-08-03 17:43:56 +02:00
Maximilian Bosch
5bd1fb2884
nixos/tests/systemd-networkd-vrf: fix test
...
Broken while fixing some `.editorconfig`-definitions[1], however this
test explicitly relies on the output of `iproute2`.
[1] 8ae7f8c35998a857f57512ecb7f0fa318ca88463
2020-08-03 16:47:40 +02:00
zowoq
8ae7f8c359
nixos/tests/*: editorconfig fixes
2020-08-04 00:23:54 +10:00
Maximilian Bosch
37e3cadb8b
nixos/systemd-networkd-vrf: implement working TCP test on a 5.x kernel
...
By design, VRFs allow route-leaking for forwarded packages, but not for
local processes using a socket. While it was possible to leak such TCP
traffic through a VRF on a 4.x kernel, this behavior was considered
wrong and got fixed in Linux 5.x[1].
From now on, local unix sockets must run in the VRF itself using
`ip vrf exec`[2] which basically injects a BPF program into the VRF and
drops elevated networking capabilities by default for the specified
command.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c82a21f4320c8d54cf6456b27c8d49e5ffb722e
[2] https://man7.org/linux/man-pages/man8/ip-vrf.8.html
2020-07-31 21:06:00 +02:00
Maximilian Bosch
58c7a952a1
nixos/networkd: disable vrf sub-test which tests the behavior of tcp-packets
...
The subtest was mainly written to demonstrate the VRF-issues with a
5.x-kernel. However this breaks the entire test now as we have 5.4 as
default kernel. Disabling the test for now, I still need to find some
time to investigate.
2020-02-25 19:54:57 +01:00
Maximilian Bosch
a0fd819a4a
nixos/networkd: add test for VRF configurations
2020-01-25 17:38:15 +01:00
