]> git.ipfire.org Git - thirdparty/systemd.git/blame - test/networkd-test.py
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add SPDX indentifier to hwdb/parse_hwdb.py
[thirdparty/systemd.git] / test / networkd-test.py
CommitLineData
4ddb85b1
MP		 1#!/usr/bin/env python3
2#
3# networkd integration test
4# This uses temporary configuration in /run and temporary veth devices, and
5# does not write anything on disk or change any system configuration;
6# but it assumes (and checks at the beginning) that networkd is not currently
7# running.
daad34df
MP		 8#
9# This can be run on a normal installation, in QEMU, nspawn (with
10# --private-network), LXD (with "--config raw.lxc=lxc.aa_profile=unconfined"),
11# or LXC system containers. You need at least the "ip" tool from the iproute
12# package; it is recommended to install dnsmasq too to get full test coverage.
13#
4ddb85b1
MP		 14# ATTENTION: This uses the *installed* networkd, not the one from the built
15# source tree.
16#
17# (C) 2015 Canonical Ltd.
18# Author: Martin Pitt <martin.pitt@ubuntu.com>
19#
20# systemd is free software; you can redistribute it and/or modify it
21# under the terms of the GNU Lesser General Public License as published by
22# the Free Software Foundation; either version 2.1 of the License, or
23# (at your option) any later version.
24
25# systemd is distributed in the hope that it will be useful, but
26# WITHOUT ANY WARRANTY; without even the implied warranty of
27# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
28# Lesser General Public License for more details.
29#
30# You should have received a copy of the GNU Lesser General Public License
31# along with systemd; If not, see <http://www.gnu.org/licenses/>.
32
ec89276c 33import errno
4ddb85b1
MP		 34import os
35import sys
36import time
37import unittest
38import tempfile
39import subprocess
40import shutil
89748b0a 41import socket
4ddb85b1 42
ec89276c
DM		 43HAVE_DNSMASQ = shutil.which('dnsmasq') is not None
44
45NETWORK_UNITDIR = '/run/systemd/network'
46
47NETWORKD_WAIT_ONLINE = shutil.which('systemd-networkd-wait-online',
48 path='/usr/lib/systemd:/lib/systemd')
4ddb85b1 49
30b42a9a
MP		 50RESOLV_CONF = '/run/systemd/resolve/resolv.conf'
51
4ddb85b1 52
ec89276c
DM		 53def setUpModule():
54 """Initialize the environment, and perform sanity checks on it."""
55 if NETWORKD_WAIT_ONLINE is None:
56 raise OSError(errno.ENOENT, 'systemd-networkd-wait-online not found')
57
58 # Do not run any tests if the system is using networkd already.
59 if subprocess.call(['systemctl', 'is-active', '--quiet',
60 'systemd-networkd.service']) == 0:
61 raise unittest.SkipTest('networkd is already active')
62
63 # Avoid "Failed to open /dev/tty" errors in containers.
64 os.environ['SYSTEMD_LOG_TARGET'] = 'journal'
65
66 # Ensure the unit directory exists so tests can dump files into it.
67 os.makedirs(NETWORK_UNITDIR, exist_ok=True)
68
69
70class NetworkdTestingUtilities:
71 """Provide a set of utility functions to facilitate networkd tests.
72
73 This class must be inherited along with unittest.TestCase to define
74 some required methods.
75 """
76
618b196e
DM		 77 def add_veth_pair(self, veth, peer, veth_options=(), peer_options=()):
78 """Add a veth interface pair, and queue them to be removed."""
79 subprocess.check_call(['ip', 'link', 'add', 'name', veth] +
80 list(veth_options) +
81 ['type', 'veth', 'peer', 'name', peer] +
82 list(peer_options))
83 self.addCleanup(subprocess.call, ['ip', 'link', 'del', 'dev', peer])
84
ec89276c
DM		 85 def write_network(self, unit_name, contents):
86 """Write a network unit file, and queue it to be removed."""
87 unit_path = os.path.join(NETWORK_UNITDIR, unit_name)
88
89 with open(unit_path, 'w') as unit:
90 unit.write(contents)
91 self.addCleanup(os.remove, unit_path)
92
93 def write_network_dropin(self, unit_name, dropin_name, contents):
94 """Write a network unit drop-in, and queue it to be removed."""
95 dropin_dir = os.path.join(NETWORK_UNITDIR, "%s.d" % unit_name)
96 dropin_path = os.path.join(dropin_dir, "%s.conf" % dropin_name)
97
98 os.makedirs(dropin_dir, exist_ok=True)
b56be296 99 self.addCleanup(os.rmdir, dropin_dir)
ec89276c
DM		 100 with open(dropin_path, 'w') as dropin:
101 dropin.write(contents)
102 self.addCleanup(os.remove, dropin_path)
103
b56be296
DJL		 104 def read_attr(self, link, attribute):
105 """Read a link attributed from the sysfs."""
106 # Note we we don't want to check if interface `link' is managed, we
107 # want to evaluate link variable and pass the value of the link to
108 # assert_link_states e.g. eth0=managed.
109 self.assert_link_states(**{link:'managed'})
110 with open(os.path.join('/sys/class/net', link, attribute)) as f:
111 return f.readline().strip()
112
a09dc546
DM		 113 def assert_link_states(self, **kwargs):
114 """Match networkctl link states to the given ones.
115
116 Each keyword argument should be the name of a network interface
117 with its expected value of the "SETUP" column in output from
118 networkctl. The interfaces have five seconds to come online
119 before the check is performed. Every specified interface must
120 be present in the output, and any other interfaces found in the
121 output are ignored.
122
123 A special interface state "managed" is supported, which matches
124 any value in the "SETUP" column other than "unmanaged".
125 """
126 if not kwargs:
127 return
128 interfaces = set(kwargs)
129
130 # Wait for the requested interfaces, but don't fail for them.
131 subprocess.call([NETWORKD_WAIT_ONLINE, '--timeout=5'] +
132 ['--interface=%s' % iface for iface in kwargs])
133
134 # Validate each link state found in the networkctl output.
135 out = subprocess.check_output(['networkctl', '--no-legend']).rstrip()
136 for line in out.decode('utf-8').split('\n'):
137 fields = line.split()
138 if len(fields) >= 5 and fields[1] in kwargs:
139 iface = fields[1]
140 expected = kwargs[iface]
141 actual = fields[-1]
142 if (actual != expected and
143 not (expected == 'managed' and actual != 'unmanaged')):
144 self.fail("Link %s expects state %s, found %s" %
145 (iface, expected, actual))
146 interfaces.remove(iface)
147
148 # Ensure that all requested interfaces have been covered.
149 if interfaces:
150 self.fail("Missing links in status output: %s" % interfaces)
151
ec89276c 152
b56be296
DJL		 153class BridgeTest(NetworkdTestingUtilities, unittest.TestCase):
154 """Provide common methods for testing networkd against servers."""
155
156 def setUp(self):
157 self.write_network('port1.netdev', '''\
158[NetDev]
159Name=port1
160Kind=dummy
161MACAddress=12:34:56:78:9a:bc''')
162 self.write_network('port2.netdev', '''\
163[NetDev]
164Name=port2
165Kind=dummy
166MACAddress=12:34:56:78:9a:bd''')
167 self.write_network('mybridge.netdev', '''\
168[NetDev]
169Name=mybridge
170Kind=bridge''')
171 self.write_network('port1.network', '''\
172[Match]
173Name=port1
174[Network]
175Bridge=mybridge''')
176 self.write_network('port2.network', '''\
177[Match]
178Name=port2
179[Network]
180Bridge=mybridge''')
181 self.write_network('mybridge.network', '''\
182[Match]
183Name=mybridge
184[Network]
185DNS=192.168.250.1
186Address=192.168.250.33/24
187Gateway=192.168.250.1''')
188 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
189
190 def tearDown(self):
191 subprocess.check_call(['systemctl', 'stop', 'systemd-networkd'])
192 subprocess.check_call(['ip', 'link', 'del', 'mybridge'])
193 subprocess.check_call(['ip', 'link', 'del', 'port1'])
194 subprocess.check_call(['ip', 'link', 'del', 'port2'])
195
196 def test_bridge_init(self):
197 self.assert_link_states(
198 port1='managed',
199 port2='managed',
200 mybridge='managed')
201
202 def test_bridge_port_priority(self):
203 self.assertEqual(self.read_attr('port1', 'brport/priority'), '32')
204 self.write_network_dropin('port1.network', 'priority', '''\
205[Bridge]
206Priority=28
207''')
208 subprocess.check_call(['systemctl', 'restart', 'systemd-networkd'])
209 self.assertEqual(self.read_attr('port1', 'brport/priority'), '28')
210
211 def test_bridge_port_priority_set_zero(self):
212 """It should be possible to set the bridge port priority to 0"""
213 self.assertEqual(self.read_attr('port2', 'brport/priority'), '32')
214 self.write_network_dropin('port2.network', 'priority', '''\
215[Bridge]
216Priority=0
217''')
218 subprocess.check_call(['systemctl', 'restart', 'systemd-networkd'])
219 self.assertEqual(self.read_attr('port2', 'brport/priority'), '0')
220
ec89276c
DM		 221class ClientTestBase(NetworkdTestingUtilities):
222 """Provide common methods for testing networkd against servers."""
223
fd0cec03
MP		 224 @classmethod
225 def setUpClass(klass):
226 klass.orig_log_level = subprocess.check_output(
227 ['systemctl', 'show', '--value', '--property', 'LogLevel'],
228 universal_newlines=True).strip()
229 subprocess.check_call(['systemd-analyze', 'set-log-level', 'debug'])
230
231 @classmethod
232 def tearDownClass(klass):
233 subprocess.check_call(['systemd-analyze', 'set-log-level', klass.orig_log_level])
234
4ddb85b1
MP		 235 def setUp(self):
236 self.iface = 'test_eth42'
237 self.if_router = 'router_eth42'
238 self.workdir_obj = tempfile.TemporaryDirectory()
239 self.workdir = self.workdir_obj.name
ec89276c 240 self.config = 'test_eth42.network'
4ddb85b1
MP		 241
242 # get current journal cursor
fd0cec03 243 subprocess.check_output(['journalctl', '--sync'])
4ddb85b1
MP		 244 out = subprocess.check_output(['journalctl', '-b', '--quiet',
245 '--no-pager', '-n0', '--show-cursor'],
246 universal_newlines=True)
247 self.assertTrue(out.startswith('-- cursor:'))
248 self.journal_cursor = out.split()[-1]
249
250 def tearDown(self):
251 self.shutdown_iface()
4ddb85b1 252 subprocess.call(['systemctl', 'stop', 'systemd-networkd'])
9e0c296a
MP		 253 subprocess.call(['ip', 'link', 'del', 'dummy0'],
254 stderr=subprocess.DEVNULL)
4ddb85b1
MP		 255
256 def show_journal(self, unit):
257 '''Show journal of given unit since start of the test'''
258
259 print('---- %s ----' % unit)
fd0cec03 260 subprocess.check_output(['journalctl', '--sync'])
4ddb85b1
MP		 261 sys.stdout.flush()
262 subprocess.call(['journalctl', '-b', '--no-pager', '--quiet',
263 '--cursor', self.journal_cursor, '-u', unit])
264
265 def create_iface(self, ipv6=False):
266 '''Create test interface with DHCP server behind it'''
267
268 raise NotImplementedError('must be implemented by a subclass')
269
270 def shutdown_iface(self):
271 '''Remove test interface and stop DHCP server'''
272
273 raise NotImplementedError('must be implemented by a subclass')
274
275 def print_server_log(self):
276 '''Print DHCP server log for debugging failures'''
277
278 raise NotImplementedError('must be implemented by a subclass')
279
280 def do_test(self, coldplug=True, ipv6=False, extra_opts='',
281 online_timeout=10, dhcp_mode='yes'):
d26fdaa2
MP		 282 try:
283 subprocess.check_call(['systemctl', 'start', 'systemd-resolved'])
284 except subprocess.CalledProcessError:
285 self.show_journal('systemd-resolved.service')
286 raise
ec89276c 287 self.write_network(self.config, '''\
38d78d1e 288[Match]
4ddb85b1
MP		 289Name=%s
290[Network]
291DHCP=%s
292%s''' % (self.iface, dhcp_mode, extra_opts))
293
294 if coldplug:
295 # create interface first, then start networkd
296 self.create_iface(ipv6=ipv6)
297 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
e8c0de91 298 elif coldplug is not None:
4ddb85b1
MP		 299 # start networkd first, then create interface
300 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
301 self.create_iface(ipv6=ipv6)
e8c0de91
MP		 302 else:
303 # "None" means test sets up interface by itself
304 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
4ddb85b1
MP		 305
306 try:
ec89276c 307 subprocess.check_call([NETWORKD_WAIT_ONLINE, '--interface',
4ddb85b1
MP		 308 self.iface, '--timeout=%i' % online_timeout])
309
310 if ipv6:
311 # check iface state and IP 6 address; FIXME: we need to wait a bit
312 # longer, as the iface is "configured" already with IPv4 *or*
313 # IPv6, but we want to wait for both
00d5eaaf 314 for _ in range(10):
4ddb85b1
MP		 315 out = subprocess.check_output(['ip', 'a', 'show', 'dev', self.iface])
316 if b'state UP' in out and b'inet6 2600' in out and b'inet 192.168' in out:
317 break
318 time.sleep(1)
319 else:
320 self.fail('timed out waiting for IPv6 configuration')
321
322 self.assertRegex(out, b'inet6 2600::.* scope global .*dynamic')
323 self.assertRegex(out, b'inet6 fe80::.* scope link')
324 else:
325 # should have link-local address on IPv6 only
326 out = subprocess.check_output(['ip', '-6', 'a', 'show', 'dev', self.iface])
cda39975 327 self.assertRegex(out, br'inet6 fe80::.* scope link')
4ddb85b1
MP		 328 self.assertNotIn(b'scope global', out)
329
330 # should have IPv4 address
331 out = subprocess.check_output(['ip', '-4', 'a', 'show', 'dev', self.iface])
332 self.assertIn(b'state UP', out)
cda39975 333 self.assertRegex(out, br'inet 192.168.5.\d+/.* scope global dynamic')
4ddb85b1
MP		 334
335 # check networkctl state
336 out = subprocess.check_output(['networkctl'])
23fa427d 337 self.assertRegex(out, (r'%s\s+ether\s+[a-z-]+\s+unmanaged' % self.if_router).encode())
cda39975 338 self.assertRegex(out, (r'%s\s+ether\s+routable\s+configured' % self.iface).encode())
4ddb85b1
MP		 339
340 out = subprocess.check_output(['networkctl', 'status', self.iface])
cda39975
ZJS		 341 self.assertRegex(out, br'Type:\s+ether')
342 self.assertRegex(out, br'State:\s+routable.*configured')
343 self.assertRegex(out, br'Address:\s+192.168.5.\d+')
4ddb85b1 344 if ipv6:
cda39975 345 self.assertRegex(out, br'2600::')
4ddb85b1 346 else:
cda39975
ZJS		 347 self.assertNotIn(br'2600::', out)
348 self.assertRegex(out, br'fe80::')
349 self.assertRegex(out, br'Gateway:\s+192.168.5.1')
350 self.assertRegex(out, br'DNS:\s+192.168.5.1')
4ddb85b1
MP		 351 except (AssertionError, subprocess.CalledProcessError):
352 # show networkd status, journal, and DHCP server log on failure
ec89276c 353 with open(os.path.join(NETWORK_UNITDIR, self.config)) as f:
4ddb85b1
MP		 354 print('\n---- %s ----\n%s' % (self.config, f.read()))
355 print('---- interface status ----')
356 sys.stdout.flush()
357 subprocess.call(['ip', 'a', 'show', 'dev', self.iface])
358 print('---- networkctl status %s ----' % self.iface)
359 sys.stdout.flush()
360 subprocess.call(['networkctl', 'status', self.iface])
361 self.show_journal('systemd-networkd.service')
362 self.print_server_log()
363 raise
364
30b42a9a
MP		 365 for timeout in range(50):
366 with open(RESOLV_CONF) as f:
367 contents = f.read()
368 if 'nameserver 192.168.5.1\n' in contents:
369 break
370 time.sleep(0.1)
371 else:
372 self.fail('nameserver 192.168.5.1 not found in ' + RESOLV_CONF)
4ddb85b1 373
e8c0de91 374 if coldplug is False:
4ddb85b1
MP		 375 # check post-down.d hook
376 self.shutdown_iface()
377
378 def test_coldplug_dhcp_yes_ip4(self):
379 # we have a 12s timeout on RA, so we need to wait longer
380 self.do_test(coldplug=True, ipv6=False, online_timeout=15)
381
382 def test_coldplug_dhcp_yes_ip4_no_ra(self):
383 # with disabling RA explicitly things should be fast
384 self.do_test(coldplug=True, ipv6=False,
f921f573 385 extra_opts='IPv6AcceptRA=False')
4ddb85b1
MP		 386
387 def test_coldplug_dhcp_ip4_only(self):
388 # we have a 12s timeout on RA, so we need to wait longer
389 self.do_test(coldplug=True, ipv6=False, dhcp_mode='ipv4',
390 online_timeout=15)
391
392 def test_coldplug_dhcp_ip4_only_no_ra(self):
393 # with disabling RA explicitly things should be fast
394 self.do_test(coldplug=True, ipv6=False, dhcp_mode='ipv4',
f921f573 395 extra_opts='IPv6AcceptRA=False')
4ddb85b1
MP		 396
397 def test_coldplug_dhcp_ip6(self):
398 self.do_test(coldplug=True, ipv6=True)
399
400 def test_hotplug_dhcp_ip4(self):
401 # With IPv4 only we have a 12s timeout on RA, so we need to wait longer
402 self.do_test(coldplug=False, ipv6=False, online_timeout=15)
403
404 def test_hotplug_dhcp_ip6(self):
405 self.do_test(coldplug=False, ipv6=True)
406
94363cbb 407 def test_route_only_dns(self):
ec89276c 408 self.write_network('myvpn.netdev', '''\
38d78d1e 409[NetDev]
94363cbb
MP		 410Name=dummy0
411Kind=dummy
412MACAddress=12:34:56:78:9a:bc''')
ec89276c 413 self.write_network('myvpn.network', '''\
38d78d1e 414[Match]
94363cbb
MP		 415Name=dummy0
416[Network]
417Address=192.168.42.100
418DNS=192.168.42.1
419Domains= ~company''')
94363cbb
MP		 420
421 self.do_test(coldplug=True, ipv6=False,
422 extra_opts='IPv6AcceptRouterAdvertisements=False')
423
30b42a9a
MP		 424 with open(RESOLV_CONF) as f:
425 contents = f.read()
94363cbb
MP		 426 # ~company is not a search domain, only a routing domain
427 self.assertNotRegex(contents, 'search.*company')
30b42a9a
MP		 428 # our global server should appear
429 self.assertIn('nameserver 192.168.5.1\n', contents)
b9fe94ca
MP		 430 # should not have domain-restricted server as global server
431 self.assertNotIn('nameserver 192.168.42.1\n', contents)
432
433 def test_route_only_dns_all_domains(self):
ec89276c 434 self.write_network('myvpn.netdev', '''[NetDev]
b9fe94ca
MP		 435Name=dummy0
436Kind=dummy
437MACAddress=12:34:56:78:9a:bc''')
ec89276c 438 self.write_network('myvpn.network', '''[Match]
b9fe94ca
MP		 439Name=dummy0
440[Network]
441Address=192.168.42.100
442DNS=192.168.42.1
443Domains= ~company ~.''')
b9fe94ca
MP		 444
445 self.do_test(coldplug=True, ipv6=False,
446 extra_opts='IPv6AcceptRouterAdvertisements=False')
447
448 with open(RESOLV_CONF) as f:
449 contents = f.read()
450
451 # ~company is not a search domain, only a routing domain
452 self.assertNotRegex(contents, 'search.*company')
453
454 # our global server should appear
455 self.assertIn('nameserver 192.168.5.1\n', contents)
456 # should have company server as global server due to ~.
457 self.assertIn('nameserver 192.168.42.1\n', contents)
94363cbb 458
4ddb85b1 459
ec89276c 460@unittest.skipUnless(HAVE_DNSMASQ, 'dnsmasq not installed')
4ddb85b1
MP		 461class DnsmasqClientTest(ClientTestBase, unittest.TestCase):
462 '''Test networkd client against dnsmasq'''
463
464 def setUp(self):
465 super().setUp()
466 self.dnsmasq = None
e8c0de91 467 self.iface_mac = 'de:ad:be:ef:47:11'
4ddb85b1 468
b9fe94ca 469 def create_iface(self, ipv6=False, dnsmasq_opts=None):
4ddb85b1
MP		 470 '''Create test interface with DHCP server behind it'''
471
472 # add veth pair
e8c0de91
MP		 473 subprocess.check_call(['ip', 'link', 'add', 'name', self.iface,
474 'address', self.iface_mac,
475 'type', 'veth', 'peer', 'name', self.if_router])
4ddb85b1
MP		 476
477 # give our router an IP
478 subprocess.check_call(['ip', 'a', 'flush', 'dev', self.if_router])
479 subprocess.check_call(['ip', 'a', 'add', '192.168.5.1/24', 'dev', self.if_router])
480 if ipv6:
481 subprocess.check_call(['ip', 'a', 'add', '2600::1/64', 'dev', self.if_router])
482 subprocess.check_call(['ip', 'link', 'set', self.if_router, 'up'])
483
484 # add DHCP server
485 self.dnsmasq_log = os.path.join(self.workdir, 'dnsmasq.log')
486 lease_file = os.path.join(self.workdir, 'dnsmasq.leases')
487 if ipv6:
488 extra_opts = ['--enable-ra', '--dhcp-range=2600::10,2600::20']
489 else:
490 extra_opts = []
b9fe94ca
MP		 491 if dnsmasq_opts:
492 extra_opts += dnsmasq_opts
4ddb85b1
MP		 493 self.dnsmasq = subprocess.Popen(
494 ['dnsmasq', '--keep-in-foreground', '--log-queries',
495 '--log-facility=' + self.dnsmasq_log, '--conf-file=/dev/null',
496 '--dhcp-leasefile=' + lease_file, '--bind-interfaces',
497 '--interface=' + self.if_router, '--except-interface=lo',
498 '--dhcp-range=192.168.5.10,192.168.5.200'] + extra_opts)
499
500 def shutdown_iface(self):
501 '''Remove test interface and stop DHCP server'''
502
503 if self.if_router:
504 subprocess.check_call(['ip', 'link', 'del', 'dev', self.if_router])
505 self.if_router = None
506 if self.dnsmasq:
507 self.dnsmasq.kill()
508 self.dnsmasq.wait()
509 self.dnsmasq = None
510
511 def print_server_log(self):
512 '''Print DHCP server log for debugging failures'''
513
514 with open(self.dnsmasq_log) as f:
515 sys.stdout.write('\n\n---- dnsmasq log ----\n%s\n------\n\n' % f.read())
516
b9fe94ca
MP		 517 def test_resolved_domain_restricted_dns(self):
518 '''resolved: domain-restricted DNS servers'''
519
520 # create interface for generic connections; this will map all DNS names
521 # to 192.168.42.1
522 self.create_iface(dnsmasq_opts=['--address=/#/192.168.42.1'])
ec89276c 523 self.write_network('general.network', '''\
b9fe94ca
MP		 524[Match]
525Name=%s
526[Network]
527DHCP=ipv4
528IPv6AcceptRA=False''' % self.iface)
529
530 # create second device/dnsmasq for a .company/.lab VPN interface
531 # static IPs for simplicity
618b196e 532 self.add_veth_pair('testvpnclient', 'testvpnrouter')
b9fe94ca
MP		 533 subprocess.check_call(['ip', 'a', 'flush', 'dev', 'testvpnrouter'])
534 subprocess.check_call(['ip', 'a', 'add', '10.241.3.1/24', 'dev', 'testvpnrouter'])
535 subprocess.check_call(['ip', 'link', 'set', 'testvpnrouter', 'up'])
536
537 vpn_dnsmasq_log = os.path.join(self.workdir, 'dnsmasq-vpn.log')
538 vpn_dnsmasq = subprocess.Popen(
539 ['dnsmasq', '--keep-in-foreground', '--log-queries',
540 '--log-facility=' + vpn_dnsmasq_log, '--conf-file=/dev/null',
541 '--dhcp-leasefile=/dev/null', '--bind-interfaces',
542 '--interface=testvpnrouter', '--except-interface=lo',
543 '--address=/math.lab/10.241.3.3', '--address=/cantina.company/10.241.4.4'])
544 self.addCleanup(vpn_dnsmasq.wait)
545 self.addCleanup(vpn_dnsmasq.kill)
546
ec89276c 547 self.write_network('vpn.network', '''\
b9fe94ca
MP		 548[Match]
549Name=testvpnclient
550[Network]
551IPv6AcceptRA=False
552Address=10.241.3.2/24
553DNS=10.241.3.1
554Domains= ~company ~lab''')
555
556 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
ec89276c 557 subprocess.check_call([NETWORKD_WAIT_ONLINE, '--interface', self.iface,
b9fe94ca
MP		 558 '--interface=testvpnclient', '--timeout=20'])
559
560 # ensure we start fresh with every test
561 subprocess.check_call(['systemctl', 'restart', 'systemd-resolved'])
562
563 # test vpnclient specific domains; these should *not* be answered by
564 # the general DNS
565 out = subprocess.check_output(['systemd-resolve', 'math.lab'])
566 self.assertIn(b'math.lab: 10.241.3.3', out)
567 out = subprocess.check_output(['systemd-resolve', 'kettle.cantina.company'])
568 self.assertIn(b'kettle.cantina.company: 10.241.4.4', out)
569
570 # test general domains
571 out = subprocess.check_output(['systemd-resolve', 'megasearch.net'])
572 self.assertIn(b'megasearch.net: 192.168.42.1', out)
573
574 with open(self.dnsmasq_log) as f:
575 general_log = f.read()
576 with open(vpn_dnsmasq_log) as f:
577 vpn_log = f.read()
578
579 # VPN domains should only be sent to VPN DNS
580 self.assertRegex(vpn_log, 'query.*math.lab')
581 self.assertRegex(vpn_log, 'query.*cantina.company')
27e2e323
MP		 582 self.assertNotIn('.lab', general_log)
583 self.assertNotIn('.company', general_log)
b9fe94ca
MP		 584
585 # general domains should not be sent to the VPN DNS
586 self.assertRegex(general_log, 'query.*megasearch.net')
587 self.assertNotIn('megasearch.net', vpn_log)
588
4050e04b
MP		 589 def test_resolved_etc_hosts(self):
590 '''resolved queries to /etc/hosts'''
591
592 # FIXME: -t MX query fails with enabled DNSSEC (even when using
593 # the known negative trust anchor .internal instead of .example)
594 conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf'
595 os.makedirs(os.path.dirname(conf), exist_ok=True)
596 with open(conf, 'w') as f:
597 f.write('[Resolve]\nDNSSEC=no')
598 self.addCleanup(os.remove, conf)
599
600 # create /etc/hosts bind mount which resolves my.example for IPv4
601 hosts = os.path.join(self.workdir, 'hosts')
602 with open(hosts, 'w') as f:
603 f.write('172.16.99.99 my.example\n')
604 subprocess.check_call(['mount', '--bind', hosts, '/etc/hosts'])
605 self.addCleanup(subprocess.call, ['umount', '/etc/hosts'])
606 subprocess.check_call(['systemctl', 'stop', 'systemd-resolved.service'])
607
608 # note: different IPv4 address here, so that it's easy to tell apart
609 # what resolved the query
610 self.create_iface(dnsmasq_opts=['--host-record=my.example,172.16.99.1,2600::99:99',
611 '--host-record=other.example,172.16.0.42,2600::42',
612 '--mx-host=example,mail.example'],
613 ipv6=True)
614 self.do_test(coldplug=None, ipv6=True)
615
616 try:
617 # family specific queries
618 out = subprocess.check_output(['systemd-resolve', '-4', 'my.example'])
619 self.assertIn(b'my.example: 172.16.99.99', out)
620 # we don't expect an IPv6 answer; if /etc/hosts has any IP address,
621 # it's considered a sufficient source
622 self.assertNotEqual(subprocess.call(['systemd-resolve', '-6', 'my.example']), 0)
623 # "any family" query; IPv4 should come from /etc/hosts
624 out = subprocess.check_output(['systemd-resolve', 'my.example'])
625 self.assertIn(b'my.example: 172.16.99.99', out)
626 # IP → name lookup; again, takes the /etc/hosts one
627 out = subprocess.check_output(['systemd-resolve', '172.16.99.99'])
628 self.assertIn(b'172.16.99.99: my.example', out)
629
630 # non-address RRs should fall back to DNS
631 out = subprocess.check_output(['systemd-resolve', '--type=MX', 'example'])
632 self.assertIn(b'example IN MX 1 mail.example', out)
633
634 # other domains query DNS
635 out = subprocess.check_output(['systemd-resolve', 'other.example'])
636 self.assertIn(b'172.16.0.42', out)
637 out = subprocess.check_output(['systemd-resolve', '172.16.0.42'])
638 self.assertIn(b'172.16.0.42: other.example', out)
639 except (AssertionError, subprocess.CalledProcessError):
640 self.show_journal('systemd-resolved.service')
641 self.print_server_log()
642 raise
643
e8c0de91
MP		 644 def test_transient_hostname(self):
645 '''networkd sets transient hostname from DHCP'''
646
89748b0a
MP		 647 orig_hostname = socket.gethostname()
648 self.addCleanup(socket.sethostname, orig_hostname)
649 # temporarily move /etc/hostname away; restart hostnamed to pick it up
650 if os.path.exists('/etc/hostname'):
651 subprocess.check_call(['mount', '--bind', '/dev/null', '/etc/hostname'])
652 self.addCleanup(subprocess.call, ['umount', '/etc/hostname'])
653 subprocess.check_call(['systemctl', 'stop', 'systemd-hostnamed.service'])
654
e8c0de91
MP		 655 self.create_iface(dnsmasq_opts=['--dhcp-host=%s,192.168.5.210,testgreen' % self.iface_mac])
656 self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=False', dhcp_mode='ipv4')
657
fd0cec03
MP		 658 try:
659 # should have received the fixed IP above
660 out = subprocess.check_output(['ip', '-4', 'a', 'show', 'dev', self.iface])
661 self.assertRegex(out, b'inet 192.168.5.210/24 .* scope global dynamic')
2926b130
MP		 662 # should have set transient hostname in hostnamed; this is
663 # sometimes a bit lagging (issue #4753), so retry a few times
664 for retry in range(1, 6):
665 out = subprocess.check_output(['hostnamectl'])
666 if b'testgreen' in out:
667 break
668 time.sleep(5)
669 sys.stdout.write('[retry %i] ' % retry)
670 sys.stdout.flush()
671 else:
672 self.fail('Transient hostname not found in hostnamectl:\n%s' % out.decode())
fd0cec03
MP		 673 # and also applied to the system
674 self.assertEqual(socket.gethostname(), 'testgreen')
675 except AssertionError:
676 self.show_journal('systemd-networkd.service')
677 self.show_journal('systemd-hostnamed.service')
678 self.print_server_log()
679 raise
89748b0a
MP		 680
681 def test_transient_hostname_with_static(self):
682 '''transient hostname is not applied if static hostname exists'''
683
684 orig_hostname = socket.gethostname()
685 self.addCleanup(socket.sethostname, orig_hostname)
686 if not os.path.exists('/etc/hostname'):
687 self.writeConfig('/etc/hostname', orig_hostname)
688 subprocess.check_call(['systemctl', 'stop', 'systemd-hostnamed.service'])
689
690 self.create_iface(dnsmasq_opts=['--dhcp-host=%s,192.168.5.210,testgreen' % self.iface_mac])
691 self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=False', dhcp_mode='ipv4')
692
fd0cec03
MP		 693 try:
694 # should have received the fixed IP above
695 out = subprocess.check_output(['ip', '-4', 'a', 'show', 'dev', self.iface])
696 self.assertRegex(out, b'inet 192.168.5.210/24 .* scope global dynamic')
697 # static hostname wins over transient one, thus *not* applied
698 self.assertEqual(socket.gethostname(), orig_hostname)
699 except AssertionError:
700 self.show_journal('systemd-networkd.service')
701 self.show_journal('systemd-hostnamed.service')
702 self.print_server_log()
703 raise
e8c0de91 704
4ddb85b1
MP		 705
706class NetworkdClientTest(ClientTestBase, unittest.TestCase):
707 '''Test networkd client against networkd server'''
708
709 def setUp(self):
710 super().setUp()
711 self.dnsmasq = None
712
2c99aba7 713 def create_iface(self, ipv6=False, dhcpserver_opts=None):
4ddb85b1
MP		 714 '''Create test interface with DHCP server behind it'''
715
716 # run "router-side" networkd in own mount namespace to shield it from
717 # "client-side" configuration and networkd
718 (fd, script) = tempfile.mkstemp(prefix='networkd-router.sh')
719 self.addCleanup(os.remove, script)
720 with os.fdopen(fd, 'w+') as f:
38d78d1e
ZJS		 721 f.write('''\
722#!/bin/sh -eu
4ddb85b1
MP		 723mkdir -p /run/systemd/network
724mkdir -p /run/systemd/netif
725mount -t tmpfs none /run/systemd/network
726mount -t tmpfs none /run/systemd/netif
727[ ! -e /run/dbus ] || mount -t tmpfs none /run/dbus
728# create router/client veth pair
729cat << EOF > /run/systemd/network/test.netdev
730[NetDev]
731Name=%(ifr)s
732Kind=veth
733
734[Peer]
735Name=%(ifc)s
736EOF
737
738cat << EOF > /run/systemd/network/test.network
739[Match]
740Name=%(ifr)s
741
742[Network]
743Address=192.168.5.1/24
744%(addr6)s
745DHCPServer=yes
746
747[DHCPServer]
748PoolOffset=10
749PoolSize=50
750DNS=192.168.5.1
2c99aba7 751%(dhopts)s
4ddb85b1
MP		 752EOF
753
754# run networkd as in systemd-networkd.service
5ed0dcf4 755exec $(systemctl cat systemd-networkd.service | sed -n '/^ExecStart=/ { s/^.*=//; s/^[@+-]//; s/^!*//; p}')
2c99aba7
MP		 756''' % {'ifr': self.if_router, 'ifc': self.iface, 'addr6': ipv6 and 'Address=2600::1/64' or '',
757 'dhopts': dhcpserver_opts or ''})
4ddb85b1
MP		 758
759 os.fchmod(fd, 0o755)
760
761 subprocess.check_call(['systemd-run', '--unit=networkd-test-router.service',
762 '-p', 'InaccessibleDirectories=-/etc/systemd/network',
763 '-p', 'InaccessibleDirectories=-/run/systemd/network',
764 '-p', 'InaccessibleDirectories=-/run/systemd/netif',
765 '--service-type=notify', script])
766
767 # wait until devices got created
00d5eaaf 768 for _ in range(50):
4ddb85b1
MP		 769 out = subprocess.check_output(['ip', 'a', 'show', 'dev', self.if_router])
770 if b'state UP' in out and b'scope global' in out:
771 break
772 time.sleep(0.1)
773
774 def shutdown_iface(self):
775 '''Remove test interface and stop DHCP server'''
776
777 if self.if_router:
778 subprocess.check_call(['systemctl', 'stop', 'networkd-test-router.service'])
779 # ensure failed transient unit does not stay around
780 subprocess.call(['systemctl', 'reset-failed', 'networkd-test-router.service'])
781 subprocess.call(['ip', 'link', 'del', 'dev', self.if_router])
782 self.if_router = None
783
784 def print_server_log(self):
785 '''Print DHCP server log for debugging failures'''
786
787 self.show_journal('networkd-test-router.service')
788
789 @unittest.skip('networkd does not have DHCPv6 server support')
790 def test_hotplug_dhcp_ip6(self):
791 pass
792
793 @unittest.skip('networkd does not have DHCPv6 server support')
794 def test_coldplug_dhcp_ip6(self):
795 pass
796
d2bc1251
MP		 797 def test_search_domains(self):
798
799 # we don't use this interface for this test
800 self.if_router = None
801
ec89276c 802 self.write_network('test.netdev', '''\
38d78d1e 803[NetDev]
d2bc1251
MP		 804Name=dummy0
805Kind=dummy
806MACAddress=12:34:56:78:9a:bc''')
ec89276c 807 self.write_network('test.network', '''\
38d78d1e 808[Match]
d2bc1251
MP		 809Name=dummy0
810[Network]
811Address=192.168.42.100
812DNS=192.168.42.1
813Domains= one two three four five six seven eight nine ten''')
d2bc1251
MP		 814
815 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
816
30b42a9a
MP		 817 for timeout in range(50):
818 with open(RESOLV_CONF) as f:
819 contents = f.read()
820 if ' one' in contents:
821 break
822 time.sleep(0.1)
823 self.assertRegex(contents, 'search .*one two three four')
824 self.assertNotIn('seven\n', contents)
825 self.assertIn('# Too many search domains configured, remaining ones ignored.\n', contents)
d2bc1251
MP		 826
827 def test_search_domains_too_long(self):
828
829 # we don't use this interface for this test
830 self.if_router = None
831
832 name_prefix = 'a' * 60
833
ec89276c 834 self.write_network('test.netdev', '''\
38d78d1e 835[NetDev]
d2bc1251
MP		 836Name=dummy0
837Kind=dummy
838MACAddress=12:34:56:78:9a:bc''')
ec89276c 839 self.write_network('test.network', '''\
38d78d1e 840[Match]
d2bc1251
MP		 841Name=dummy0
842[Network]
843Address=192.168.42.100
844DNS=192.168.42.1
38d78d1e 845Domains={p}0 {p}1 {p}2 {p}3 {p}4'''.format(p=name_prefix))
d2bc1251
MP		 846
847 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
848
30b42a9a
MP		 849 for timeout in range(50):
850 with open(RESOLV_CONF) as f:
851 contents = f.read()
852 if ' one' in contents:
853 break
854 time.sleep(0.1)
38d78d1e 855 self.assertRegex(contents, 'search .*{p}0 {p}1 {p}2'.format(p=name_prefix))
30b42a9a 856 self.assertIn('# Total length of all search domains is too long, remaining ones ignored.', contents)
d2bc1251 857
047a0dac
JSB		 858 def test_dropin(self):
859 # we don't use this interface for this test
860 self.if_router = None
861
ec89276c 862 self.write_network('test.netdev', '''\
047a0dac
JSB		 863[NetDev]
864Name=dummy0
865Kind=dummy
866MACAddress=12:34:56:78:9a:bc''')
ec89276c 867 self.write_network('test.network', '''\
047a0dac
JSB		 868[Match]
869Name=dummy0
870[Network]
871Address=192.168.42.100
872DNS=192.168.42.1''')
ec89276c 873 self.write_network_dropin('test.network', 'dns', '''\
047a0dac
JSB		 874[Network]
875DNS=127.0.0.1''')
876
877 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
878
879 for timeout in range(50):
880 with open(RESOLV_CONF) as f:
881 contents = f.read()
882 if ' 127.0.0.1' in contents:
883 break
884 time.sleep(0.1)
885 self.assertIn('nameserver 192.168.42.1\n', contents)
886 self.assertIn('nameserver 127.0.0.1\n', contents)
887
2c99aba7
MP		 888 def test_dhcp_timezone(self):
889 '''networkd sets time zone from DHCP'''
890
891 def get_tz():
892 out = subprocess.check_output(['busctl', 'get-property', 'org.freedesktop.timedate1',
893 '/org/freedesktop/timedate1', 'org.freedesktop.timedate1', 'Timezone'])
894 assert out.startswith(b's "')
895 out = out.strip()
896 assert out.endswith(b'"')
897 return out[3:-1].decode()
898
899 orig_timezone = get_tz()
900 self.addCleanup(subprocess.call, ['timedatectl', 'set-timezone', orig_timezone])
901
902 self.create_iface(dhcpserver_opts='EmitTimezone=yes\nTimezone=Pacific/Honolulu')
903 self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=false\n[DHCP]\nUseTimezone=true', dhcp_mode='ipv4')
904
905 # should have applied the received timezone
906 try:
907 self.assertEqual(get_tz(), 'Pacific/Honolulu')
908 except AssertionError:
909 self.show_journal('systemd-networkd.service')
910 self.show_journal('systemd-hostnamed.service')
911 raise
912
913
618b196e
DM		 914class MatchClientTest(unittest.TestCase, NetworkdTestingUtilities):
915 """Test [Match] sections in .network files.
916
917 Be aware that matching the test host's interfaces will wipe their
918 configuration, so as a precaution, all network files should have a
919 restrictive [Match] section to only ever interfere with the
920 temporary veth interfaces created here.
921 """
922
923 def tearDown(self):
924 """Stop networkd."""
925 subprocess.call(['systemctl', 'stop', 'systemd-networkd'])
926
927 def test_basic_matching(self):
928 """Verify the Name= line works throughout this class."""
929 self.add_veth_pair('test_if1', 'fake_if2')
930 self.write_network('test.network', "[Match]\nName=test_*\n[Network]")
931 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
932 self.assert_link_states(test_if1='managed', fake_if2='unmanaged')
933
934 def test_inverted_matching(self):
935 """Verify that a '!'-prefixed value inverts the match."""
936 # Use a MAC address as the interfaces' common matching attribute
937 # to avoid depending on udev, to support testing in containers.
938 mac = '00:01:02:03:98:99'
939 self.add_veth_pair('test_veth', 'test_peer',
940 ['addr', mac], ['addr', mac])
941 self.write_network('no-veth.network', """\
942[Match]
943MACAddress=%s
944Name=!nonexistent *peer*
945[Network]""" % mac)
946 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
947 self.assert_link_states(test_veth='managed', test_peer='unmanaged')
948
949
a09dc546
DM		 950class UnmanagedClientTest(unittest.TestCase, NetworkdTestingUtilities):
951 """Test if networkd manages the correct interfaces."""
952
953 def setUp(self):
954 """Write .network files to match the named veth devices."""
955 # Define the veth+peer pairs to be created.
956 # Their pairing doesn't actually matter, only their names do.
957 self.veths = {
958 'm1def': 'm0unm',
959 'm1man': 'm1unm',
960 }
961
962 # Define the contents of .network files to be read in order.
963 self.configs = (
964 "[Match]\nName=m1def\n",
965 "[Match]\nName=m1unm\n[Link]\nUnmanaged=yes\n",
966 "[Match]\nName=m1*\n[Link]\nUnmanaged=no\n",
967 )
968
969 # Write out the .network files to be cleaned up automatically.
970 for i, config in enumerate(self.configs):
971 self.write_network("%02d-test.network" % i, config)
972
973 def tearDown(self):
974 """Stop networkd."""
975 subprocess.call(['systemctl', 'stop', 'systemd-networkd'])
976
977 def create_iface(self):
978 """Create temporary veth pairs for interface matching."""
979 for veth, peer in self.veths.items():
618b196e 980 self.add_veth_pair(veth, peer)
a09dc546
DM		 981
982 def test_unmanaged_setting(self):
983 """Verify link states with Unmanaged= settings, hot-plug."""
984 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
985 self.create_iface()
986 self.assert_link_states(m1def='managed',
987 m1man='managed',
988 m1unm='unmanaged',
989 m0unm='unmanaged')
990
991 def test_unmanaged_setting_coldplug(self):
992 """Verify link states with Unmanaged= settings, cold-plug."""
993 self.create_iface()
994 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
995 self.assert_link_states(m1def='managed',
996 m1man='managed',
997 m1unm='unmanaged',
998 m0unm='unmanaged')
999
1000 def test_catchall_config(self):
1001 """Verify link states with a catch-all config, hot-plug."""
1002 # Don't actually catch ALL interfaces. It messes up the host.
1003 self.write_network('all.network', "[Match]\nName=m[01]???\n")
1004 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
1005 self.create_iface()
1006 self.assert_link_states(m1def='managed',
1007 m1man='managed',
1008 m1unm='unmanaged',
1009 m0unm='managed')
1010
1011 def test_catchall_config_coldplug(self):
1012 """Verify link states with a catch-all config, cold-plug."""
1013 # Don't actually catch ALL interfaces. It messes up the host.
1014 self.write_network('all.network', "[Match]\nName=m[01]???\n")
1015 self.create_iface()
1016 subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
1017 self.assert_link_states(m1def='managed',
1018 m1man='managed',
1019 m1unm='unmanaged',
1020 m0unm='managed')
1021
1022
4ddb85b1
MP		 1023if __name__ == '__main__':
1024 unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
1025 verbosity=2))
Unnamed repository; edit this file 'description' to name the repository.