summary refs log tree commit diff
path: root/nixos/tests/ipv6.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/tests/ipv6.nix')
-rw-r--r--nixos/tests/ipv6.nix87
1 files changed, 63 insertions, 24 deletions
diff --git a/nixos/tests/ipv6.nix b/nixos/tests/ipv6.nix
index ba464b57447..75faa6f6020 100644
--- a/nixos/tests/ipv6.nix
+++ b/nixos/tests/ipv6.nix
@@ -3,17 +3,39 @@
 
 import ./make-test-python.nix ({ pkgs, lib, ...} : {
   name = "ipv6";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
     maintainers = [ eelco ];
   };
 
   nodes =
-    # Remove the interface configuration provided by makeTest so that the
-    # interfaces are all configured implicitly
-    { client = { ... }: { networking.interfaces = lib.mkForce {}; };
+    {
+      # We use lib.mkForce here to remove the interface configuration
+      # provided by makeTest, so that the interfaces are all configured
+      # implicitly.
+
+      # This client should use privacy extensions fully, having a
+      # completely-default network configuration.
+      client_defaults.networking.interfaces = lib.mkForce {};
+
+      # Both of these clients should obtain temporary addresses, but
+      # not use them as the default source IP. We thus run the same
+      # checks against them — but the configuration resulting in this
+      # behaviour is different.
+
+      # Here, by using an altered default value for the global setting...
+      client_global_setting = {
+        networking.interfaces = lib.mkForce {};
+        networking.tempAddresses = "enabled";
+      };
+      # and here, by setting this on the interface explicitly.
+      client_interface_setting = {
+        networking.tempAddresses = "disabled";
+        networking.interfaces = lib.mkForce {
+          eth1.tempAddress = "enabled";
+        };
+      };
 
       server =
-        { ... }:
         { services.httpd.enable = true;
           services.httpd.adminAddr = "foo@example.org";
           networking.firewall.allowedTCPPorts = [ 80 ];
@@ -40,9 +62,12 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
       # Start the router first so that it respond to router solicitations.
       router.wait_for_unit("radvd")
 
+      clients = [client_defaults, client_global_setting, client_interface_setting]
+
       start_all()
 
-      client.wait_for_unit("network.target")
+      for client in clients:
+          client.wait_for_unit("network.target")
       server.wait_for_unit("network.target")
       server.wait_for_unit("httpd.service")
 
@@ -64,28 +89,42 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
 
 
       with subtest("Loopback address can be pinged"):
-          client.succeed("ping -c 1 ::1 >&2")
-          client.fail("ping -c 1 ::2 >&2")
+          client_defaults.succeed("ping -c 1 ::1 >&2")
+          client_defaults.fail("ping -c 1 2001:db8:: >&2")
 
       with subtest("Local link addresses can be obtained and pinged"):
-          client_ip = wait_for_address(client, "eth1", "link")
-          server_ip = wait_for_address(server, "eth1", "link")
-          client.succeed(f"ping -c 1 {client_ip}%eth1 >&2")
-          client.succeed(f"ping -c 1 {server_ip}%eth1 >&2")
+          for client in clients:
+              client_ip = wait_for_address(client, "eth1", "link")
+              server_ip = wait_for_address(server, "eth1", "link")
+              client.succeed(f"ping -c 1 {client_ip}%eth1 >&2")
+              client.succeed(f"ping -c 1 {server_ip}%eth1 >&2")
 
       with subtest("Global addresses can be obtained, pinged, and reached via http"):
-          client_ip = wait_for_address(client, "eth1", "global")
-          server_ip = wait_for_address(server, "eth1", "global")
-          client.succeed(f"ping -c 1 {client_ip} >&2")
-          client.succeed(f"ping -c 1 {server_ip} >&2")
-          client.succeed(f"curl --fail -g http://[{server_ip}]")
-          client.fail(f"curl --fail -g http://[{client_ip}]")
-
-      with subtest("Privacy extensions: Global temporary address can be obtained and pinged"):
-          ip = wait_for_address(client, "eth1", "global", temporary=True)
+          for client in clients:
+              client_ip = wait_for_address(client, "eth1", "global")
+              server_ip = wait_for_address(server, "eth1", "global")
+              client.succeed(f"ping -c 1 {client_ip} >&2")
+              client.succeed(f"ping -c 1 {server_ip} >&2")
+              client.succeed(f"curl --fail -g http://[{server_ip}]")
+              client.fail(f"curl --fail -g http://[{client_ip}]")
+
+      with subtest(
+          "Privacy extensions: Global temporary address is used as default source address"
+      ):
+          ip = wait_for_address(client_defaults, "eth1", "global", temporary=True)
           # Default route should have "src <temporary address>" in it
-          client.succeed(f"ip r g ::2 | grep {ip}")
-
-      # TODO: test reachability of a machine on another network.
+          client_defaults.succeed(f"ip route get 2001:db8:: | grep 'src {ip}'")
+
+      for client, setting_desc in (
+          (client_global_setting, "global"),
+          (client_interface_setting, "interface"),
+      ):
+          with subtest(f'Privacy extensions: "enabled" through {setting_desc} setting)'):
+              # We should be obtaining both a temporary address and an EUI-64 address...
+              ip = wait_for_address(client, "eth1", "global")
+              assert "ff:fe" in ip
+              ip_temp = wait_for_address(client, "eth1", "global", temporary=True)
+              # But using the EUI-64 one.
+              client.succeed(f"ip route get 2001:db8:: | grep 'src {ip}'")
     '';
 })
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-23 18:57:07 +0000