test: add test case that 'nspawn --network-veth' enables IP forwarding

(cherry picked from commit 08779d7c55)
2024-11-23 10:13:34 +08:00 · 2024-08-17 01:48:50 +09:00 · 2024-08-17 01:48:50 +09:00 · 44dc95690c
commit 44dc95690c
parent 93759103e6
3 changed files with 67 additions and 2 deletions
--- a/test/TEST-13-NSPAWN/test.sh
+++ b/test/TEST-13-NSPAWN/test.sh
@ -17,6 +17,8 @@ test_append_files() {

    # For virtual wlan interface.
    instmods mac80211_hwsim
+    # for IPMasquerade=
+    instmods "=net/netfilter"
    generate_module_dependencies

    # Create a dummy container "template" with a minimal toolset, which we can
--- a/test/test-functions
+++ b/test/test-functions
@ -1453,10 +1453,31 @@ install_missing_libraries() {
        [[ -e "$libgcc_s" ]] && inst_library "$libgcc_s"
    done < <(ldconfig -p | awk '/\/libgcc_s.so.1$/ { print $4 }')

-    local lib path
+    local lib path libs
    # A number of dependencies is now optional via dlopen, so the install
    # script will not pick them up, since it looks at linkage.
-    for lib in libcryptsetup libidn libidn2 pwquality libqrencode tss2-esys tss2-rc tss2-mu tss2-tcti-device libfido2 libbpf libelf libdw xkbcommon p11-kit-1 libarchive libgcrypt libkmod; do
+    libs=(
+        libarchive
+        libbpf
+        libcryptsetup
+        libdw
+        libelf
+        libfido2
+        libgcrypt
+        libidn
+        libidn2
+        libip4tc
+        libkmod
+        libqrencode
+        p11-kit-1
+        pwquality
+        tss2-esys
+        tss2-mu
+        tss2-rc
+        tss2-tcti-device
+        xkbcommon
+    )
+    for lib in "${libs[@]}"; do
        ddebug "Searching for $lib via pkg-config"
        if pkg-config --exists "$lib"; then
                path="$(pkg-config --variable=libdir "$lib")"
--- a/test/units/TEST-13-NSPAWN.nspawn.sh
+++ b/test/units/TEST-13-NSPAWN.nspawn.sh
@ -984,4 +984,46 @@ testcase_check_os_release() {
    rm -fr "$root" "$base"
 }

+testcase_ip_masquerade() {
+    local root
+
+    if ! command -v networkctl >/dev/null; then
+        echo "This test requires systemd-networkd, skipping..."
+        return 0
+    fi
+
+    systemctl unmask systemd-networkd.service
+    systemctl edit --runtime --stdin systemd-networkd.service --drop-in=debug.conf <<EOF
+[Service]
+Environment=SYSTEMD_LOG_LEVEL=debug
+EOF
+    systemctl start systemd-networkd.service
+
+    root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.ip_masquerade.XXX)"
+    create_dummy_container "$root"
+
+    systemd-run --unit=nspawn-hoge.service \
+                systemd-nspawn \
+                --register=no \
+                --directory="$root" \
+                --ephemeral \
+                --machine=hoge \
+                --network-veth \
+                bash -x -c "ip link set host0 up; sleep 30s"
+
+    /usr/lib/systemd/systemd-networkd-wait-online -i ve-hoge --timeout 30s
+
+    # Check IPMasquerade= for ve-* and friends enabled IP forwarding.
+    [[ "$(cat /proc/sys/net/ipv4/conf/all/forwarding)" == "1" ]]
+    [[ "$(cat /proc/sys/net/ipv4/conf/default/forwarding)" == "1" ]]
+    [[ "$(cat /proc/sys/net/ipv6/conf/all/forwarding)" == "1" ]]
+    [[ "$(cat /proc/sys/net/ipv6/conf/default/forwarding)" == "1" ]]
+
+    systemctl stop nspawn-hoge.service || :
+    systemctl stop systemd-networkd.service
+    systemctl mask systemd-networkd.service
+
+    rm -fr "$root"
+}
+
 run_testcases