test: add test case that 'nspawn --network-veth' enables IP forwarding

author Yu Watanabe <watanabe.yu+github@gmail.com>

Fri, 16 Aug 2024 16:48:50 +0000 (01:48 +0900)

committer Daan De Meyer <daan.j.demeyer@gmail.com>

Tue, 10 Sep 2024 12:56:05 +0000 (14:56 +0200)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Fri, 16 Aug 2024 16:48:50 +0000 (01:48 +0900)
committer Daan De Meyer <daan.j.demeyer@gmail.com>
Tue, 10 Sep 2024 12:56:05 +0000 (14:56 +0200)
diff --git a/test/TEST-13-NSPAWN/test.sh b/test/TEST-13-NSPAWN/test.sh

index 5c85b0c5dc81038b61f3251d0d80133114b6adc1..3ab52d0eee2acdb2c3b3d34b1165a9d185a088e7 100755 (executable)
--- a/test/TEST-13-NSPAWN/test.sh
+++ b/test/TEST-13-NSPAWN/test.sh
@@ -17,6 +17,8 @@ test_append_files() {
  
      # For virtual wlan interface.
      instmods mac80211_hwsim
+    # for IPMasquerade=
+    instmods "=net/netfilter"
      generate_module_dependencies
  
      # Create a dummy container "template" with a minimal toolset, which we can
diff --git a/test/test-functions b/test/test-functions

index 04fe20f5478c963f26a7f913accb191689d9062f..69a0e5842d95f9709bd50432a3e81a878d1f919a 100644 (file)
--- a/test/test-functions
+++ b/test/test-functions
@@ -1453,10 +1453,31 @@ install_missing_libraries() {
          [[ -e "$libgcc_s" ]] && inst_library "$libgcc_s"
      done < <(ldconfig -p | awk '/\/libgcc_s.so.1$/ { print $4 }')
  
-    local lib path
+    local lib path libs
      # A number of dependencies is now optional via dlopen, so the install
      # script will not pick them up, since it looks at linkage.
-    for lib in libcryptsetup libidn libidn2 pwquality libqrencode tss2-esys tss2-rc tss2-mu tss2-tcti-device libfido2 libbpf libelf libdw xkbcommon p11-kit-1 libarchive libgcrypt libkmod; do
+    libs=(
+        libarchive
+        libbpf
+        libcryptsetup
+        libdw
+        libelf
+        libfido2
+        libgcrypt
+        libidn
+        libidn2
+        libip4tc
+        libkmod
+        libqrencode
+        p11-kit-1
+        pwquality
+        tss2-esys
+        tss2-mu
+        tss2-rc
+        tss2-tcti-device
+        xkbcommon
+    )
+    for lib in "${libs[@]}"; do
          ddebug "Searching for $lib via pkg-config"
          if pkg-config --exists "$lib"; then
                  path="$(pkg-config --variable=libdir "$lib")"
diff --git a/test/units/TEST-13-NSPAWN.nspawn.sh b/test/units/TEST-13-NSPAWN.nspawn.sh

index 08992cf91ab5da934163b42e50d85701f27f4c50..ad11468886f147a427cc924c0a8b053a1763c502 100755 (executable)
--- a/test/units/TEST-13-NSPAWN.nspawn.sh
+++ b/test/units/TEST-13-NSPAWN.nspawn.sh
@@ -984,4 +984,46 @@ testcase_check_os_release() {
      rm -fr "$root" "$base"
  }
  
+testcase_ip_masquerade() {
+    local root
+
+    if ! command -v networkctl >/dev/null; then
+        echo "This test requires systemd-networkd, skipping..."
+        return 0
+    fi
+
+    systemctl unmask systemd-networkd.service
+    systemctl edit --runtime --stdin systemd-networkd.service --drop-in=debug.conf <<EOF
+[Service]
+Environment=SYSTEMD_LOG_LEVEL=debug
+EOF
+    systemctl start systemd-networkd.service
+
+    root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.ip_masquerade.XXX)"
+    create_dummy_container "$root"
+
+    systemd-run --unit=nspawn-hoge.service \
+                systemd-nspawn \
+                --register=no \
+                --directory="$root" \
+                --ephemeral \
+                --machine=hoge \
+                --network-veth \
+                bash -x -c "ip link set host0 up; sleep 30s"
+
+    /usr/lib/systemd/systemd-networkd-wait-online -i ve-hoge --timeout 30s
+
+    # Check IPMasquerade= for ve-* and friends enabled IP forwarding.
+    [[ "$(cat /proc/sys/net/ipv4/conf/all/forwarding)" == "1" ]]
+    [[ "$(cat /proc/sys/net/ipv4/conf/default/forwarding)" == "1" ]]
+    [[ "$(cat /proc/sys/net/ipv6/conf/all/forwarding)" == "1" ]]
+    [[ "$(cat /proc/sys/net/ipv6/conf/default/forwarding)" == "1" ]]
+
+    systemctl stop nspawn-hoge.service || :
+    systemctl stop systemd-networkd.service
+    systemctl mask systemd-networkd.service
+
+    rm -fr "$root"
+}
+
  run_testcases
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Fri, 16 Aug 2024 16:48:50 +0000 (01:48 +0900)
committer	Daan De Meyer <daan.j.demeyer@gmail.com>
	Tue, 10 Sep 2024 12:56:05 +0000 (14:56 +0200)
test/TEST-13-NSPAWN/test.sh		patch \| blob \| history
test/test-functions		patch \| blob \| history
test/units/TEST-13-NSPAWN.nspawn.sh		patch \| blob \| history