selftest/net/ovpn: extend coverage with more test cases

To increase code coverage, extend the ovpn selftests with the following
cases:
* connect UDP peers using a mix of IPv6 and IPv4 at the transport layer
* run full test with tunnel MTU equal to transport MTU (exercising
  IP layer fragmentation)
* ping "LAN IP" served by VPN peer ("LAN behind a client" test case)

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>

diff --git a/tools/testing/selftests/net/ovpn/Makefile b/tools/testing/selftests/net/ovpn/Makefile
index 2d102878cb6ddf3dc7ac8e183068633ec72e5b95..e0926d76b4c80cad5c1f92a6ad03ce6cc676238d 100644 (file)
--- a/tools/testing/selftests/net/ovpn/Makefile
+++ b/tools/testing/selftests/net/ovpn/Makefile
@@ -20,6 +20,7 @@ LDLIBS += $(VAR_LDLIBS)
 TEST_FILES = common.sh
 
 TEST_PROGS = test.sh \
+       test-large-mtu.sh \
        test-chachapoly.sh \
        test-tcp.sh \
        test-float.sh \

diff --git a/tools/testing/selftests/net/ovpn/common.sh b/tools/testing/selftests/net/ovpn/common.sh
index 7502292a1ee037f8ff433bd4b468595acf1a81b3..88869c675d032eb003ab6d066bf3ce55a8b8b3bb 100644 (file)
--- a/tools/testing/selftests/net/ovpn/common.sh
+++ b/tools/testing/selftests/net/ovpn/common.sh
@@ -11,6 +11,8 @@ ALG=${ALG:-aes}
 PROTO=${PROTO:-UDP}
 FLOAT=${FLOAT:-0}
 
+LAN_IP="11.11.11.11"
+
 create_ns() {
        ip netns add peer${1}
 }
@@ -24,15 +26,25 @@ setup_ns() {
                        ip link add veth${p} netns peer0 type veth peer name veth${p} netns peer${p}
 
                        ip -n peer0 addr add 10.10.${p}.1/24 dev veth${p}
+                       ip -n peer0 addr add fd00:0:0:${p}::1/64 dev veth${p}
                        ip -n peer0 link set veth${p} up
 
                        ip -n peer${p} addr add 10.10.${p}.2/24 dev veth${p}
+                       ip -n peer${p} addr add fd00:0:0:${p}::2/64 dev veth${p}
                        ip -n peer${p} link set veth${p} up
                done
        fi
 
        ip netns exec peer${1} ${OVPN_CLI} new_iface tun${1} $MODE
        ip -n peer${1} addr add ${2} dev tun${1}
+       # add a secondary IP to peer 1, to test a LAN behind a client
+       if [ ${1} -eq 1 -a -n "${LAN_IP}" ]; then
+               ip -n peer${1} addr add ${LAN_IP} dev tun${1}
+               ip -n peer0 route add ${LAN_IP} via $(echo ${2} |sed -e s'!/.*!!') dev tun0
+       fi
+       if [ -n "${3}" ]; then
+               ip -n peer${1} link set mtu ${3} dev tun${1}
+       fi
        ip -n peer${1} link set tun${1} up
 }
 
@@ -46,7 +58,11 @@ add_peer() {
                                        data64.key
                        done
                else
-                       ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} ${1} 1 10.10.${1}.1 1
+                       RADDR=$(awk "NR == ${1} {print \$2}" ${UDP_PEERS_FILE})
+                       RPORT=$(awk "NR == ${1} {print \$3}" ${UDP_PEERS_FILE})
+                       LPORT=$(awk "NR == ${1} {print \$5}" ${UDP_PEERS_FILE})
+                       ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} ${1} ${LPORT} \
+                               ${RADDR} ${RPORT}
                        ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} ${1} 1 0 ${ALG} 1 \
                                data64.key
                fi

diff --git a/tools/testing/selftests/net/ovpn/ovpn-cli.c b/tools/testing/selftests/net/ovpn/ovpn-cli.c
index c6372a1b4728c0b9bb5266aa910ad1a0b8975579..de9c26f98b2e5ec828c823a5f255d43bf75c73a7 100644 (file)
--- a/tools/testing/selftests/net/ovpn/ovpn-cli.c
+++ b/tools/testing/selftests/net/ovpn/ovpn-cli.c
@@ -1934,7 +1934,8 @@ static void ovpn_waitbg(void)
 
 static int ovpn_run_cmd(struct ovpn_ctx *ovpn)
 {
-       char peer_id[10], vpnip[INET6_ADDRSTRLEN], raddr[128], rport[10];
+       char peer_id[10], vpnip[INET6_ADDRSTRLEN], laddr[128], lport[10];
+       char raddr[128], rport[10];
        int n, ret;
        FILE *fp;
 
@@ -2050,8 +2051,8 @@ static int ovpn_run_cmd(struct ovpn_ctx *ovpn)
                        return -1;
                }
 
-               while ((n = fscanf(fp, "%s %s %s %s\n", peer_id, raddr, rport,
-                                  vpnip)) == 4) {
+               while ((n = fscanf(fp, "%s %s %s %s %s %s\n", peer_id, laddr,
+                                  lport, raddr, rport, vpnip)) == 6) {
                        struct ovpn_ctx peer_ctx = { 0 };
 
                        peer_ctx.ifindex = ovpn->ifindex;
@@ -2355,7 +2356,7 @@ int main(int argc, char *argv[])
        }
 
        memset(&ovpn, 0, sizeof(ovpn));
-       ovpn.sa_family = AF_INET;
+       ovpn.sa_family = AF_UNSPEC;
        ovpn.cipher = OVPN_CIPHER_ALG_NONE;
 
        ovpn.cmd = ovpn_parse_cmd(argv[1]);

diff --git a/tools/testing/selftests/net/ovpn/test.sh b/tools/testing/selftests/net/ovpn/test.sh
index 7b62897b024084a52e18e67be3b9ec1a736316e4..e8acdc30330704a1303c37a8b1c8d171b7371bbb 100755 (executable)
--- a/tools/testing/selftests/net/ovpn/test.sh
+++ b/tools/testing/selftests/net/ovpn/test.sh
@@ -18,7 +18,7 @@ for p in $(seq 0 ${NUM_PEERS}); do
 done
 
 for p in $(seq 0 ${NUM_PEERS}); do
-       setup_ns ${p} 5.5.5.$((${p} + 1))/24
+       setup_ns ${p} 5.5.5.$((${p} + 1))/24 ${MTU}
 done
 
 for p in $(seq 0 ${NUM_PEERS}); do
@@ -34,8 +34,12 @@ sleep 1
 
 for p in $(seq 1 ${NUM_PEERS}); do
        ip netns exec peer0 ping -qfc 500 -w 3 5.5.5.$((${p} + 1))
+       ip netns exec peer0 ping -qfc 500 -s 3000 -w 3 5.5.5.$((${p} + 1))
 done
 
+# ping LAN behind client 1
+ip netns exec peer0 ping -qfc 500 -w 3 ${LAN_IP}
+
 if [ "$FLOAT" == "1" ]; then
        # make clients float..
        for p in $(seq 1 ${NUM_PEERS}); do

diff --git a/tools/testing/selftests/net/ovpn/udp_peers.txt b/tools/testing/selftests/net/ovpn/udp_peers.txt
index 32f14bd9347a63e58438311b6d880b9fef768aa2..e9773ddf875c99e533fef0bbfd10a4f0da3f63cb 100644 (file)
--- a/tools/testing/selftests/net/ovpn/udp_peers.txt
+++ b/tools/testing/selftests/net/ovpn/udp_peers.txt
@@ -1,5 +1,6 @@
-1 10.10.1.2 1 5.5.5.2
-2 10.10.2.2 1 5.5.5.3
-3 10.10.3.2 1 5.5.5.4
-4 10.10.4.2 1 5.5.5.5
-5 10.10.5.2 1 5.5.5.6
+1 10.10.1.1 1 10.10.1.2 1 5.5.5.2
+2 10.10.2.1 1 10.10.2.2 1 5.5.5.3
+3 10.10.3.1 1 10.10.3.2 1 5.5.5.4
+4 fd00:0:0:4::1 1 fd00:0:0:4::2 1 5.5.5.5
+5 fd00:0:0:5::1 1 fd00:0:0:5::2 1 5.5.5.6
+6 fd00:0:0:6::1 1 fd00:0:0:6::2 1 5.5.5.7