diff options
| author | Félix Baylac-Jacqué <felix@alternativebit.fr> | 2020-02-29 19:34:48 +0100 |
|---|---|---|
| committer | Félix Baylac-Jacqué <felix@alternativebit.fr> | 2020-03-02 15:37:40 +0100 |
| commit | 9897d83f5863cbf19ac9eab621b3997ae463d756 (patch) | |
| tree | d9850669a515e2c49d1cf54219034a047387d57c /nixos/tests | |
| parent | 611d765b76d7e97f2618cb04a5d1c1604496cac9 (diff) | |
| download | nixpkgs-9897d83f5863cbf19ac9eab621b3997ae463d756.tar nixpkgs-9897d83f5863cbf19ac9eab621b3997ae463d756.tar.gz nixpkgs-9897d83f5863cbf19ac9eab621b3997ae463d756.tar.bz2 nixpkgs-9897d83f5863cbf19ac9eab621b3997ae463d756.tar.lz nixpkgs-9897d83f5863cbf19ac9eab621b3997ae463d756.tar.xz nixpkgs-9897d83f5863cbf19ac9eab621b3997ae463d756.tar.zst nixpkgs-9897d83f5863cbf19ac9eab621b3997ae463d756.zip | |
nixos/networkd: test routingPolicyRules with a nixos vm test
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/all-tests.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/systemd-networkd.nix (renamed from nixos/tests/systemd-networkd-wireguard.nix) | 35 |
2 files changed, 33 insertions, 4 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 893c2c423ef..b57a2e0b276 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -283,7 +283,7 @@ in systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {}; - systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {}; + systemd-networkd = handleTest ./systemd-networkd.nix {}; systemd-nspawn = handleTest ./systemd-nspawn.nix {}; pdns-recursor = handleTest ./pdns-recursor.nix {}; taskserver = handleTest ./taskserver.nix {}; diff --git a/nixos/tests/systemd-networkd-wireguard.nix b/nixos/tests/systemd-networkd.nix index be5c0da981d..319e5e94ece 100644 --- a/nixos/tests/systemd-networkd-wireguard.nix +++ b/nixos/tests/systemd-networkd.nix @@ -41,15 +41,25 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: { { routeConfig = { Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; }; } ]; }; - "90-eth1" = { + "30-eth1" = { matchConfig = { Name = "eth1"; }; - address = [ "192.168.1.${nodeId}/24" ]; + address = [ + "192.168.1.${nodeId}/24" + "fe80::${nodeId}/64" + ]; + routingPolicyRules = [ + { routingPolicyRuleConfig = { Table = 10; IncomingInterface = "eth1"; Family = "both"; };} + { routingPolicyRuleConfig = { Table = 20; OutgoingInterface = "eth1"; };} + { routingPolicyRuleConfig = { Table = 30; From = "192.168.1.1"; To = "192.168.1.2"; SourcePort = 666 ; DestinationPort = 667; };} + { routingPolicyRuleConfig = { Table = 40; IPProtocol = "tcp"; InvertRule = true; };} + { routingPolicyRuleConfig = { Table = 50; IncomingInterface = "eth1"; Family = "ipv4"; };} + ]; }; }; }; }; in import ./make-test-python.nix ({pkgs, ... }: { - name = "networkd-wireguard"; + name = "networkd"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ ninjatrappeur ]; }; @@ -76,9 +86,28 @@ testScript = '' start_all() node1.wait_for_unit("systemd-networkd-wait-online.service") node2.wait_for_unit("systemd-networkd-wait-online.service") + + # ================================ + # Wireguard + # ================================ node1.succeed("ping -c 5 10.0.0.2") node2.succeed("ping -c 5 10.0.0.1") # Is the fwmark set? node2.succeed("wg | grep -q 42") + + # ================================ + # Routing Policies + # ================================ + # Testing all the routingPolicyRuleConfig members: + # Table + IncomingInterface + node1.succeed("sudo ip rule | grep 'from all iif eth1 lookup 10'") + # OutgoingInterface + node1.succeed("sudo ip rule | grep 'from all oif eth1 lookup 20'") + # From + To + SourcePort + DestinationPort + node1.succeed( + "sudo ip rule | grep 'from 192.168.1.1 to 192.168.1.2 sport 666 dport 667 lookup 30'" + ) + # IPProtocol + InvertRule + node1.succeed("sudo ip rule | grep 'not from all ipproto tcp lookup 40'") ''; }) |