summaryrefslogtreecommitdiffhomepage
path: root/tools/testing/selftests/net/ovpn/common.sh
diff options
context:
space:
mode:
Diffstat (limited to 'tools/testing/selftests/net/ovpn/common.sh')
-rw-r--r--tools/testing/selftests/net/ovpn/common.sh101
1 files changed, 88 insertions, 13 deletions
diff --git a/tools/testing/selftests/net/ovpn/common.sh b/tools/testing/selftests/net/ovpn/common.sh
index 88869c675d03..4c08f756e63a 100644
--- a/tools/testing/selftests/net/ovpn/common.sh
+++ b/tools/testing/selftests/net/ovpn/common.sh
@@ -7,12 +7,21 @@
UDP_PEERS_FILE=${UDP_PEERS_FILE:-udp_peers.txt}
TCP_PEERS_FILE=${TCP_PEERS_FILE:-tcp_peers.txt}
OVPN_CLI=${OVPN_CLI:-./ovpn-cli}
+YNL_CLI=${YNL_CLI:-../../../../net/ynl/pyynl/cli.py}
ALG=${ALG:-aes}
PROTO=${PROTO:-UDP}
FLOAT=${FLOAT:-0}
+SYMMETRIC_ID=${SYMMETRIC_ID:-0}
+export ID_OFFSET=$(( 9 * (SYMMETRIC_ID == 0) ))
+
+JQ_FILTER='map(select(.msg.peer | has("remote-ipv6") | not)) |
+ map(del(.msg.ifindex)) | sort_by(.msg.peer.id)[]'
LAN_IP="11.11.11.11"
+declare -A tmp_jsons=()
+declare -A listener_pids=()
+
create_ns() {
ip netns add peer${1}
}
@@ -48,27 +57,67 @@ setup_ns() {
ip -n peer${1} link set tun${1} up
}
+build_capture_filter() {
+ # match the first four bytes of the openvpn data payload
+ if [ "${PROTO}" == "UDP" ]; then
+ # For UDP, libpcap transport indexing only works for IPv4, so
+ # use an explicit IPv4 or IPv6 expression based on the peer
+ # address. The IPv6 branch assumes there are no extension
+ # headers in the outer packet.
+ if [[ "${2}" == *:* ]]; then
+ printf "ip6 and ip6[6] = 17 and ip6[48:4] = %s" "${1}"
+ else
+ printf "ip and udp[8:4] = %s" "${1}"
+ fi
+ else
+ # openvpn over TCP prepends a 2-byte packet length ahead of the
+ # DATA_V2 opcode, so skip it before matching the payload header
+ printf "ip and tcp[(((tcp[12] & 0xf0) >> 2) + 2):4] = %s" "${1}"
+ fi
+}
+
+setup_listener() {
+ file=$(mktemp)
+ PYTHONUNBUFFERED=1 ip netns exec peer${p} ${YNL_CLI} --family ovpn \
+ --subscribe peers --output-json --duration 40 > ${file} &
+ listener_pids[$1]=$!
+ tmp_jsons[$1]="${file}"
+}
+
add_peer() {
+ labels=("ASYMM" "SYMM")
+ M_ID=${labels[SYMMETRIC_ID]}
+
if [ "${PROTO}" == "UDP" ]; then
if [ ${1} -eq 0 ]; then
- ip netns exec peer0 ${OVPN_CLI} new_multi_peer tun0 1 ${UDP_PEERS_FILE}
+ ip netns exec peer0 ${OVPN_CLI} new_multi_peer tun0 1 \
+ ${M_ID} ${UDP_PEERS_FILE}
for p in $(seq 1 ${NUM_PEERS}); do
ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 ${ALG} 0 \
data64.key
done
else
- RADDR=$(awk "NR == ${1} {print \$2}" ${UDP_PEERS_FILE})
- RPORT=$(awk "NR == ${1} {print \$3}" ${UDP_PEERS_FILE})
- LPORT=$(awk "NR == ${1} {print \$5}" ${UDP_PEERS_FILE})
- ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} ${1} ${LPORT} \
- ${RADDR} ${RPORT}
- ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} ${1} 1 0 ${ALG} 1 \
- data64.key
+ if [ "${SYMMETRIC_ID}" -eq 1 ]; then
+ PEER_ID=${1}
+ TX_ID="none"
+ else
+ PEER_ID=$(awk "NR == ${1} {print \$2}" \
+ ${UDP_PEERS_FILE})
+ TX_ID=${1}
+ fi
+ RADDR=$(awk "NR == ${1} {print \$3}" ${UDP_PEERS_FILE})
+ RPORT=$(awk "NR == ${1} {print \$4}" ${UDP_PEERS_FILE})
+ LPORT=$(awk "NR == ${1} {print \$6}" ${UDP_PEERS_FILE})
+ ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} \
+ ${PEER_ID} ${TX_ID} ${LPORT} ${RADDR} ${RPORT}
+ ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} \
+ ${PEER_ID} 1 0 ${ALG} 1 data64.key
fi
else
if [ ${1} -eq 0 ]; then
- (ip netns exec peer0 ${OVPN_CLI} listen tun0 1 ${TCP_PEERS_FILE} && {
+ (ip netns exec peer0 ${OVPN_CLI} listen tun0 1 ${M_ID} \
+ ${TCP_PEERS_FILE} && {
for p in $(seq 1 ${NUM_PEERS}); do
ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 \
${ALG} 0 data64.key
@@ -76,9 +125,37 @@ add_peer() {
}) &
sleep 5
else
- ip netns exec peer${1} ${OVPN_CLI} connect tun${1} ${1} 10.10.${1}.1 1 \
- data64.key
+ if [ "${SYMMETRIC_ID}" -eq 1 ]; then
+ PEER_ID=${1}
+ TX_ID="none"
+ else
+ PEER_ID=$(awk "NR == ${1} {print \$2}" \
+ ${TCP_PEERS_FILE})
+ TX_ID=${1}
+ fi
+ ip netns exec peer${1} ${OVPN_CLI} connect tun${1} \
+ ${PEER_ID} ${TX_ID} 10.10.${1}.1 1 data64.key
+ fi
+ fi
+}
+
+compare_ntfs() {
+ if [ ${#tmp_jsons[@]} -gt 0 ]; then
+ suffix=""
+ [ "${SYMMETRIC_ID}" -eq 1 ] && suffix="${suffix}-symm"
+ [ "$FLOAT" == 1 ] && suffix="${suffix}-float"
+ expected="json/peer${1}${suffix}.json"
+ received="${tmp_jsons[$1]}"
+
+ kill -TERM ${listener_pids[$1]} || true
+ wait ${listener_pids[$1]} || true
+ printf "Checking notifications for peer ${1}... "
+ if diff <(jq -s "${JQ_FILTER}" ${expected}) \
+ <(jq -s "${JQ_FILTER}" ${received}); then
+ echo "OK"
fi
+
+ rm -f ${received} || true
fi
}
@@ -104,5 +181,3 @@ if [ "${PROTO}" == "UDP" ]; then
else
NUM_PEERS=${NUM_PEERS:-$(wc -l ${TCP_PEERS_FILE} | awk '{print $1}')}
fi
-
-
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.