diff --git a/tests/sanity-tests/Makefile b/tests/sanity-tests/Makefile index b22add4..bbe8403 100644 --- a/tests/sanity-tests/Makefile +++ b/tests/sanity-tests/Makefile @@ -9,7 +9,7 @@ export TEST=/CoreOS/ipset export TESTVERSION=1.0 BUILT_FILES= -FILES=$(METADATA) runtest.sh Makefile +FILES=$(METADATA) runtest.sh Makefile iperf3d.service .PHONY: all install download clean run: $(FILES) build ./runtest.sh @@ -27,10 +27,10 @@ $(METADATA): Makefile @echo "Type: Sanity" >> $(METADATA) @echo "TestTime: 5m" >> $(METADATA) @echo "RunFor: ipset " >> $(METADATA) - @echo "Requires: ipset iperf3 python3 systemd python3-pyroute2 iptables kernel-modules-extra" >> $(METADATA) + @echo "Requires: ipset iperf3 systemd iptables kernel-modules-extra" >> $(METADATA) @echo "Priority: Normal" >> $(METADATA) @echo "License: GPLv2" >> $(METADATA) @echo "Confidential: no" >> $(METADATA) @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -Fedora 29" >> $(METADATA) + @echo "Releases: -Fedora29" >> $(METADATA) rhts-lint $(METADATA) diff --git a/tests/sanity-tests/ipset-tests.py b/tests/sanity-tests/ipset-tests.py deleted file mode 100755 index 9eccd06..0000000 --- a/tests/sanity-tests/ipset-tests.py +++ /dev/null @@ -1,228 +0,0 @@ -#!/usr/bin/env python3 -# SPDX-License-Identifier: LGPL-2.1+ -# ~~~ -# Description: Tests for ipset -# -# Author: Susant Sahani -# Copyright (c) 2018 Red Hat, Inc. -# ~~~ - -import errno -import os -import sys -import time -import unittest -import subprocess -import signal -import shutil -import socket -from pyroute2 import IPRoute - -def setUpModule(): - - if shutil.which('ipset') is None: - raise OSError(errno.ENOENT, 'ipset not found') - - if shutil.which('iperf3') is None: - raise OSError(errno.ENOENT, 'iperf3 not found') - -def tearDownModule(): - pass - -class GenericUtilities(): - - def SetupVethInterface(self): - - ip = IPRoute() - - ip.link('add', ifname='veth-test', peer='veth-peer', kind='veth') - idx_veth_test = ip.link_lookup(ifname='veth-test')[0] - idx_veth_peer = ip.link_lookup(ifname='veth-peer')[0] - - ip.link('set', index=idx_veth_test, address='02:01:02:03:04:08') - ip.link('set', index=idx_veth_peer, address='02:01:02:03:04:09') - - ip.addr('add', index=idx_veth_test, address='192.168.225.32', mask=24) - ip.addr('add', index=idx_veth_peer, address='192.168.225.33', mask=24) - - ip.link('set', index=idx_veth_test, state='up') - ip.link('set', index=idx_veth_peer, state='up') - - ip.close() - - def TearDownVethInterface(self): - - ip = IPRoute() - ip.link('del', index=ip.link_lookup(ifname='veth-test')[0]) - ip.close() - - def AddAddress(self, interface, address): - ip = IPRoute() - - idx_veth_peer = ip.link_lookup(ifname=interface)[0] - ip.close() - - def IPSetAdd(self, hashset, address): - subprocess.check_output(['ipset', 'add', hashset, address]) - - def IPSetRemove(self, hashset, address): - subprocess.check_output(['ipset', 'del', hashset, address]) - - def IPSetCreateHashSet(self, hashset, hashtype): - subprocess.check_output(['ipset', 'create', hashset, hashtype]) - - def IPSetDestroyHashSet(self, hashset): - subprocess.check_output(['ipset', 'destroy', hashset]) - -class IpsetTests(unittest.TestCase, GenericUtilities): - - def setUp(self): - self.SetupVethInterface() - - def tearDown(self): - self.TearDownVethInterface() - - def test_ipset_bitmap_ip_netfilter(self): - - self.IPSetCreateHashSet('testnetiperf', 'hash:ip') - - self.IPSetAdd('testnetiperf', '192.168.225.32') - self.IPSetAdd('testnetiperf', '192.168.225.33') - - subprocess.check_output(['ipset', 'test','testnetiperf','192.168.225.32']) - subprocess.check_output(['ipset', 'test','testnetiperf','192.168.225.33']) - - subprocess.check_output(['systemctl', 'start', 'iperf3d.service']) - time.sleep(5) - - r = subprocess.call("iperf3" + " -c 192.168.225.32 -p 55555 --connect-timeout 5", shell=True) - self.assertEqual(r, 0) - - r = subprocess.call("iptables" + " -I INPUT -m set --match-set testnetiperf src -j DROP", shell=True) - self.assertEqual(r, 0) - - r = subprocess.call("iperf3" + " -c 192.168.225.32 -p 55555 --connect-timeout 5", shell=True) - self.assertNotEqual(r, 0) - - subprocess.check_output(['systemctl', 'stop', 'iperf3d.service']) - - subprocess.call("iptables" + " --delete INPUT -m set --match-set testnetiperf src -j DROP" , shell=True) - - self.IPSetDestroyHashSet('testnetiperf') - - def test_ipset_add_bitmap_ip(self): - - self.IPSetCreateHashSet('testnet', 'hash:ip') - - self.IPSetAdd('testnet', '192.168.11.12') - self.IPSetAdd('testnet', '192.168.11.13') - self.IPSetAdd('testnet', '192.168.11.14') - self.IPSetAdd('testnet', '192.168.11.15') - - subprocess.check_output(['ipset', 'test','testnet','192.168.11.12']) - subprocess.check_output(['ipset', 'test','testnet','192.168.11.13']) - subprocess.check_output(['ipset', 'test','testnet','192.168.11.14']) - subprocess.check_output(['ipset', 'test','testnet','192.168.11.15']) - - self.IPSetDestroyHashSet('testnet') - - def test_ipset_delete_bitmap_ip(self): - - self.IPSetCreateHashSet('testnet', 'hash:ip') - - self.IPSetAdd('testnet', '192.168.11.12') - self.IPSetAdd('testnet', '192.168.11.13') - - subprocess.check_output(['ipset', 'test','testnet','192.168.11.12']) - subprocess.check_output(['ipset', 'test','testnet','192.168.11.13']) - - self.IPSetRemove('testnet', '192.168.11.12') - - r = subprocess.call("ipset" + " test testnet 192.168.11.12", shell=True) - self.assertEqual(r, 1) - - self.IPSetDestroyHashSet('testnet') - - def test_ipset_hash_bitmap_mac(self): - - self.IPSetCreateHashSet('testmac', 'hash:mac') - - self.IPSetAdd('testmac', '02:01:02:03:04:09') - - subprocess.check_output(['ipset', 'test','testmac','02:01:02:03:04:09']) - - self.IPSetRemove('testmac', '02:01:02:03:04:09') - - r = subprocess.call("ipset" + " test testmac 02:01:02:03:04:09", shell=True) - self.assertEqual(r, 1) - - self.IPSetDestroyHashSet('testmac') - - def test_ipset_hash_bitmap_ipport(self): - - self.IPSetCreateHashSet('testipport', 'hash:ip,mac') - - self.IPSetAdd('testipport', '1.1.1.1,02:01:02:03:04:09') - - subprocess.check_output(['ipset', 'test','testipport','1.1.1.1,02:01:02:03:04:09']) - - self.IPSetRemove('testipport', '1.1.1.1,02:01:02:03:04:09') - - r = subprocess.call("ipset" + " test testipport 1.1.1.1,02:01:02:03:04:09", shell=True) - self.assertEqual(r, 1) - - self.IPSetDestroyHashSet('testipport') - - def test_ipset_hash_bitmap_ipport(self): - - self.IPSetCreateHashSet('testipport', 'hash:ip,port') - - self.IPSetAdd('testipport', '192.168.1.1,udp:53') - self.IPSetAdd('testipport', '192.168.1.1,5555') - - subprocess.check_output(['ipset', 'test','testipport','192.168.1.1,udp:53']) - subprocess.check_output(['ipset', 'test','testipport','192.168.1.1,5555']) - - self.IPSetRemove('testipport', '192.168.1.1,5555') - - r = subprocess.call("ipset" + " test testipport 192.168.1.1,5555", shell=True) - self.assertEqual(r, 1) - - self.IPSetDestroyHashSet('testipport') - - def test_ipset_hash_bitmap_ipportip(self): - - self.IPSetCreateHashSet('testipportip', 'hash:ip,port,ip') - - self.IPSetAdd('testipportip', '192.168.1.1,80,10.0.0.1') - self.IPSetAdd('testipportip', '192.168.1.2,80,10.0.0.2') - - subprocess.check_output(['ipset', 'test','testipportip','192.168.1.1,80,10.0.0.1']) - subprocess.check_output(['ipset', 'test','testipportip','192.168.1.1,80,10.0.0.1']) - - self.IPSetRemove('testipportip', '192.168.1.1,80,10.0.0.1') - - r = subprocess.call("ipset" + " test testipportip 192.168.1.1,80,10.0.0.1", shell=True) - self.assertEqual(r, 1) - - self.IPSetDestroyHashSet('testipportip') - - def test_ipset_hash_bitmap_netiface(self): - - self.IPSetCreateHashSet('testnetiface', 'hash:net,iface') - - self.IPSetAdd('testnetiface', '192.168.0/24,veth-test') - self.IPSetAdd('testnetiface', '192.167.0/24,veth-peer') - - subprocess.check_output(['ipset', 'test','testnetiface','192.168.0/24,veth-test']) - subprocess.check_output(['ipset', 'test','testnetiface','192.167.0/24,veth-peer']) - - self.IPSetRemove('testnetiface', '192.168.0/24,veth-test') - - r = subprocess.call("ipset" + " test testnetiface 192.168.0/24,veth-test", shell=True) - self.assertEqual(r, 1) - - self.IPSetDestroyHashSet('testnetiface') - -if __name__ == '__main__': - unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, verbosity=3)) diff --git a/tests/sanity-tests/runtest.sh b/tests/sanity-tests/runtest.sh index 78f525d..8036266 100755 --- a/tests/sanity-tests/runtest.sh +++ b/tests/sanity-tests/runtest.sh @@ -18,30 +18,120 @@ SERVICE_UNITDIR="/var/run/systemd/system" rlJournalStart rlPhaseStartSetup rlAssertRpm $PACKAGE + rlAssertRpm kernel-modules-extra-$(uname -r) rlRun "systemctl stop firewalld" 0,5 - rlRun "setenforce 0" 0,1 rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1 rlRun "cp iperf3d.service $SERVICE_UNITDIR" - rlRun "cp ipset-tests.py /usr/bin/" - rlRun "systemctl daemon-reload" + + rlRun "ip link add veth-test type veth peer name veth-peer" + rlRun "ip link set veth-test addr 02:01:02:03:04:08" + rlRun "ip link set veth-peer addr 02:01:02:03:04:09" + rlRun "ip addr add 192.168.225.32/24 dev veth-test" + rlRun "ip addr add 192.168.225.33/24 dev veth-peer" + rlRun "ip link set veth-test up" + rlRun "ip link set veth-peer up" rlPhaseEnd - rlPhaseStartTest - rlLog "Starting ipset tests ..." - rlRun "/usr/bin/python3 /usr/bin/ipset-tests.py" + rlPhaseStartTest "test_ipset_bitmap_ip_netfilter" + rlRun "ipset create testnetiperf hash:ip" + rlRun "ipset add testnetiperf 192.168.225.32" + rlRun "ipset add testnetiperf 192.168.225.33" + rlRun "ipset test testnetiperf 192.168.225.32" + rlRun "ipset test testnetiperf 192.168.225.33" + rlRun "systemctl start iperf3d.service" + sleep 1 + rlRun "iperf3 -c 192.168.225.32 -p 55555 --connect-timeout 5" + rlRun "iptables -I INPUT -m set --match-set testnetiperf src -j DROP" + rlRun "iperf3 -c 192.168.225.32 -p 55555 --connect-timeout 5" 1 + rlRun "systemctl stop iperf3d.service" + rlRun "iptables --delete INPUT -m set --match-set testnetiperf src -j DROP" + rlRun "ipset destroy testnetiperf" + rlPhaseEnd + + rlPhaseStartTest "test_ipset_add_bitmap_ip" + rlRun "ipset create testnet hash:ip" + rlRun "ipset add testnet 192.168.11.12" + rlRun "ipset add testnet 192.168.11.13" + rlRun "ipset add testnet 192.168.11.14" + rlRun "ipset add testnet 192.168.11.15" + rlRun "ipset test testnet 192.168.11.12" + rlRun "ipset test testnet 192.168.11.13" + rlRun "ipset test testnet 192.168.11.14" + rlRun "ipset test testnet 192.168.11.15" + rlRun "ipset destroy testnet" + rlPhaseEnd + + rlPhaseStartTest "test_ipset_delete_bitmap_ip" + rlRun "ipset create testnet hash:ip" + rlRun "ipset add testnet 192.168.11.12" + rlRun "ipset add testnet 192.168.11.13" + rlRun "ipset test testnet 192.168.11.12" + rlRun "ipset test testnet 192.168.11.13" + rlRun "ipset del testnet 192.168.11.12" + rlRun "ipset test testnet 192.168.11.12" 1 + rlRun "ipset destroy testnet" + rlPhaseEnd + + rlPhaseStartTest "test_ipset_hash_bitmap_mac" + rlRun "ipset create testmac hash:mac" + rlRun "ipset add testmac 02:01:02:03:04:09" + rlRun "ipset test testmac 02:01:02:03:04:09" + rlRun "ipset del testmac 02:01:02:03:04:09" + rlRun "ipset test testmac 02:01:02:03:04:09" 1 + rlRun "ipset destroy testmac" + rlPhaseEnd + + rlPhaseStartTest "test_ipset_hash_bitmap_ipport" + rlRun "ipset create testipport hash:ip,mac" + rlRun "ipset add testipport 1.1.1.1,02:01:02:03:04:09" + rlRun "ipset test testipport 1.1.1.1,02:01:02:03:04:09" + rlRun "ipset del testipport 1.1.1.1,02:01:02:03:04:09" + rlRun "ipset test testipport 1.1.1.1,02:01:02:03:04:09" 1 + rlRun "ipset destroy testipport" + rlPhaseEnd + + rlPhaseStartTest "test_ipset_hash_bitmap_ipport" + rlRun "ipset create testipport hash:ip,port" + rlRun "ipset add testipport 192.168.1.1,udp:53" + rlRun "ipset add testipport 192.168.1.1,5555" + rlRun "ipset test testipport 192.168.1.1,udp:53" + rlRun "ipset test testipport 192.168.1.1,5555" + rlRun "ipset del testipport 192.168.1.1,5555" + rlRun "ipset test testipport 192.168.1.1,5555" 1 + rlRun "ipset destroy testipport" + rlPhaseEnd + + rlPhaseStartTest "test_ipset_hash_bitmap_ipportip" + rlRun "ipset create testipportip hash:ip,port,ip" + rlRun "ipset add testipportip 192.168.1.1,80,10.0.0.1" + rlRun "ipset add testipportip 192.168.1.2,80,10.0.0.2" + rlRun "ipset test testipportip 192.168.1.1,80,10.0.0.1" + rlRun "ipset test testipportip 192.168.1.1,80,10.0.0.1" + rlRun "ipset del testipportip 192.168.1.1,80,10.0.0.1" + rlRun "ipset test testipportip 192.168.1.1,80,10.0.0.1" 1 + rlRun "ipset destroy testipportip" + rlPhaseEnd + + rlPhaseStartTest "test_ipset_hash_bitmap_netiface" + rlRun "ipset create testnetiface hash:net,iface" + rlRun "ipset add testnetiface 192.168.0/24,veth-test" + rlRun "ipset add testnetiface 192.167.0/24,veth-peer" + rlRun "ipset test testnetiface 192.168.0/24,veth-test" + rlRun "ipset test testnetiface 192.167.0/24,veth-peer" + rlRun "ipset del testnetiface 192.168.0/24,veth-test" + rlRun "ipset test testnetiface 192.168.0/24,veth-test" 1 + rlRun "ipset destroy testnetiface" rlPhaseEnd rlPhaseStartCleanup - rlRun "rm /usr/bin/ipset-tests.py" - rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1 + rlRun "ip link del veth-test" rlRun "rm $SERVICE_UNITDIR/iperf3d.service" rlRun "systemctl daemon-reload" - rlRun "setenforce 1" 0,1 rlLog "ipset tests done" rlPhaseEnd rlJournalPrintText diff --git a/tests/tests.yml b/tests/tests.yml index 17d20d6..ea6bb11 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -8,8 +8,7 @@ required_packages: - ipset - iptables - - python3 - systemd - iproute - iperf3 - - python3-pyroute2 + - kernel-modules-extra