github.com/containers/podman/v5@v5.1.0-rc1/test/system/505-networking-pasta.bats (about) 1 #!/usr/bin/env bats -*- bats -*- 2 # 3 # SPDX-License-Identifier: Apache-2.0 4 # 5 # Networking with pasta(1) 6 # 7 # Copyright (c) 2022 Red Hat GmbH 8 # Author: Stefano Brivio <sbrivio@redhat.com> 9 10 load helpers 11 load helpers.network 12 13 function setup() { 14 basic_setup 15 skip_if_not_rootless "pasta networking only available in rootless mode" 16 skip_if_no_pasta "pasta not found: install pasta(1) to run these tests" 17 18 XFER_FILE="${PODMAN_TMPDIR}/pasta.bin" 19 } 20 21 # _set_opt() - meta-helper for pasta_test_do. 22 # 23 # Sets an option, but panics if option is already set (e.g. UDP+TCP, IPv4/v6) 24 function _set_opt() { 25 local opt_name=$1 26 local -n opt_ref=$1 27 local newval=$2 28 29 if [[ -n "$opt_ref" ]]; then 30 # $kw sneakily inherited from caller 31 die "'$kw' in test name sets $opt_name='$newval', but $opt_name has already been set to '$opt_ref'" 32 fi 33 opt_ref=$newval 34 } 35 36 # pasta_test_do() - Run tests involving clients and servers 37 # 38 # This helper function is invoked without arguments; it determines what to do 39 # based on the @test name. 40 function pasta_test_do() { 41 local ip_ver iftype proto range delta bind_type bytes 42 43 # Normalize test name back to human-readable form. BATS gives us a 44 # sanitized string with non-alnum converted to '-XX' (dash-hexbyte) 45 # and spaces converted to underscores. Convert all of those to spaces. 46 # This then gives us only the important (mutable) part of the test: 47 # 48 # test_TCP_translated_..._forwarding-2c_IPv4-2c_loopback 49 # -> TCP translated ... forwarding IPv4 loopback 50 # -> TCP translated forwarding IPv4 loopback 51 local test_name=$(printf "$(sed \ 52 -e 's/^test_//' \ 53 -e 's/-\([0-9a-f]\{2\}\)/ /gI' \ 54 -e 's/_/ /g' \ 55 <<<"${BATS_TEST_NAME}")") 56 57 # We now have the @test name as specified in the script, minus punctuation. 58 # From each of the name components, determine an action. 59 # 60 # TCP translated port range forwarding IPv4 loopback 61 # | | | | | | \__ iftype=loopback 62 # | | | | | \________ ip_ver=4 63 # | | | | \____________________ bytes=1 64 # | | | \__________________________ range=3 65 # | | \_______________________________ (ignored) 66 # | \__________________________________________ delta=1 67 # \______________________________________________ proto=tcp 68 # 69 # Each keyword maps to one option. Conflicts ("TCP ... UDP") are fatal 70 # errors, as are unknown keywords. 71 for kw in $test_name; do 72 case $kw in 73 TCP|UDP) _set_opt proto ${kw,,} ;; 74 IPv*) _set_opt ip_ver $(expr "$kw" : "IPv\(.\)") ;; 75 Single) _set_opt range 1 ;; 76 range) _set_opt range 3 ;; 77 Address|Interface) _set_opt bind_type ${kw,,} ;; 78 bound) assert "$bind_type" != "" "WHAT-bound???" ;; 79 [Tt]ranslated) _set_opt delta 1 ;; 80 loopback|tap) _set_opt iftype $kw ;; 81 port) ;; # always occurs with 'forwarding'; ignore 82 forwarding) _set_opt bytes 1 ;; 83 large|small) _set_opt bytes $kw ;; 84 transfer) assert "$bytes" != "" "'transfer' must be preceded by 'large' or 'small'" ;; 85 *) die "cannot grok '$kw' in test name" ;; 86 esac 87 done 88 89 # Sanity checks: all test names must include IPv4/6 and TCP/UDP 90 test -n "$ip_ver" || die "Test name must include IPv4 or IPv6" 91 test -n "$proto" || die "Test name must include TCP or UDP" 92 test -n "$bytes" || die "Test name must include 'forwarding' or 'large/small transfer'" 93 94 # Major decision point: simple forwarding test, or multi-byte transfer? 95 if [[ $bytes -eq 1 ]]; then 96 # Simple forwarding check 97 # We can't always determine these from the test name. Use sane defaults. 98 range=${range:-1} 99 delta=${delta:-0} 100 bind_type=${bind_type:-port} 101 else 102 # Data transfer. Translate small/large to dd-recognizable sizes 103 case "$bytes" in 104 small) bytes="2k" ;; 105 large) case "$proto" in 106 tcp) bytes="10M" ;; 107 udp) bytes=$(($(cat /proc/sys/net/core/wmem_default) / 4)) ;; 108 *) die "Internal error: unknown proto '$proto'" ;; 109 esac 110 ;; 111 *) die "Internal error: unknown transfer size '$bytes'" ;; 112 esac 113 114 # On data transfers, no other input args can be set in test name. 115 # Confirm that they are not defined, and set to a suitable default. 116 kw="something" 117 _set_opt range 1 118 _set_opt delta 0 119 _set_opt bind_type port 120 fi 121 122 # Dup check: make sure we haven't already run this combination of settings. 123 # This serves two purposes: 124 # 1) prevent developer from accidentally copy/pasting the same test 125 # 2) make sure our test-name-parsing code isn't missing anything important 126 local tests_run=${BATS_FILE_TMPDIR}/tests_run 127 touch ${tests_run} 128 local testid="IPv${ip_ver} $proto $iftype $bind_type range=$range delta=$delta bytes=$bytes" 129 if grep -q -F -- "$testid" ${tests_run}; then 130 die "Duplicate test! Have already run $testid" 131 fi 132 echo "$testid" >>${tests_run} 133 134 # Done figuring out test params. Now do the real work. 135 # Calculate and set addresses, 136 if [ ${ip_ver} -eq 4 ]; then 137 skip_if_no_ipv4 "IPv4 not routable on the host" 138 elif [ ${ip_ver} -eq 6 ]; then 139 skip_if_no_ipv6 "IPv6 not routable on the host" 140 else 141 skip "Unsupported IP version" 142 fi 143 144 if [ ${iftype} = "loopback" ]; then 145 local ifname="lo" 146 else 147 local ifname="$(default_ifname "${ip_ver}")" 148 fi 149 150 local addr="$(default_addr "${ip_ver}" "${ifname}")" 151 152 # ports, 153 if [ ${range} -gt 1 ]; then 154 local port="$(random_free_port_range ${range} ${addr} ${proto})" 155 local xport="$((${port%-*} + delta))-$((${port#*-} + delta))" 156 local seq="$(echo ${port} | tr '-' ' ')" 157 local xseq="$(echo ${xport} | tr '-' ' ')" 158 else 159 local port=$(random_free_port "" ${address} ${proto}) 160 local xport="$((port + delta))" 161 local seq="${port} ${port}" 162 local xseq="${xport} ${xport}" 163 fi 164 165 local proto_upper="$(echo "${proto}" | tr [:lower:] [:upper:])" 166 167 # socat options for first <address> in server ("LISTEN" address types), 168 local bind="${proto_upper}${ip_ver}-LISTEN:\${port}" 169 # For IPv6 via tap, we can pick either link-local or global unicast 170 if [ ${ip_ver} -eq 4 ] || [ ${iftype} = "loopback" ]; then 171 bind="${bind},bind=[${addr}]" 172 fi 173 if [ "${proto}" = "udp" ]; then 174 bind="${bind},null-eof" 175 fi 176 177 # socat options for second <address> in server ("STDOUT" or "EXEC"), 178 if [ "${bytes}" = "1" ]; then 179 recv="STDOUT" 180 else 181 recv="EXEC:md5sum" 182 fi 183 184 # and port forwarding configuration for Podman and pasta. 185 # 186 # TODO: Use Podman options once/if 187 # https://github.com/containers/podman/issues/14425 is solved 188 case ${bind_type} in 189 "interface") 190 local pasta_spec=":--${proto}-ports,${addr}%${ifname}/${port}:${xport}" 191 local podman_spec= 192 ;; 193 "address") 194 local pasta_spec= 195 local podman_spec="[${addr}]:${port}:${xport}/${proto}" 196 ;; 197 *) 198 local pasta_spec= 199 local podman_spec="[${addr}]:${port}:${xport}/${proto}" 200 ;; 201 esac 202 203 # Fill in file for data transfer tests, and expected output strings 204 if [ "${bytes}" != "1" ]; then 205 dd if=/dev/urandom bs=${bytes} count=1 of="${XFER_FILE}" 206 local expect="$(cat "${XFER_FILE}" | md5sum)" 207 else 208 printf "x" > "${XFER_FILE}" 209 local expect="$(for i in $(seq ${seq}); do printf "x"; done)" 210 fi 211 212 # Set retry/initial delay for client to connect 213 local delay=1 214 if [ ${ip_ver} -eq 6 ] && [ "${addr}" != "::1" ]; then 215 # Duplicate Address Detection on link-local 216 delay=3 217 elif [ "${proto}" = "udp" ]; then 218 # With Podman up, and socat still starting, UDP clients send to nowhere 219 delay=2 220 fi 221 222 # Now actually run the test: client, 223 for one_port in $(seq ${seq}); do 224 local connect="${proto_upper}${ip_ver}:[${addr}]:${one_port}" 225 [ "${proto}" = "udp" ] && connect="${connect},shut-null" 226 227 local retries=10 228 (while sleep ${delay} && test $((retries--)) -gt 0 && ! timeout --foreground -v --kill=5 90 socat -u "OPEN:${XFER_FILE}" "${connect}"; do : 229 done) & 230 done 231 232 # and server, 233 run_podman run --net=pasta"${pasta_spec}" -p "${podman_spec}" "${IMAGE}" \ 234 sh -c 'for port in $(seq '"${xseq}"'); do '\ 235 ' socat -u '"${bind}"' '"${recv}"' & '\ 236 ' done; wait' 237 238 # which should give us the expected output back. 239 assert "${output}" = "${expect}" "Mismatch between data sent and received" 240 } 241 242 ### Addresses ################################################################## 243 244 @test "IPv4 default address assignment" { 245 skip_if_no_ipv4 "IPv4 not routable on the host" 246 247 run_podman run --net=pasta $IMAGE ip -j -4 address show 248 249 local container_address="$(ipv4_get_addr_global "${output}")" 250 local host_address="$(default_addr 4)" 251 252 assert "${container_address}" = "${host_address}" \ 253 "Container address not matching host" 254 } 255 256 @test "IPv4 address assignment" { 257 skip_if_no_ipv4 "IPv4 not routable on the host" 258 259 run_podman run --net=pasta:-a,192.0.2.1 $IMAGE ip -j -4 address show 260 261 local container_address="$(ipv4_get_addr_global "${output}")" 262 263 assert "${container_address}" = "192.0.2.1" \ 264 "Container address not matching configured value" 265 } 266 267 @test "No IPv4" { 268 skip_if_no_ipv4 "IPv4 not routable on the host" 269 skip_if_no_ipv6 "IPv6 not routable on the host" 270 271 run_podman run --net=pasta:-6 $IMAGE ip -j -4 address show 272 273 local container_address="$(ipv4_get_addr_global "${output}")" 274 275 assert "${container_address}" = "null" \ 276 "Container has IPv4 global address with IPv4 disabled" 277 } 278 279 @test "IPv6 default address assignment" { 280 skip_if_no_ipv6 "IPv6 not routable on the host" 281 282 run_podman run --net=pasta $IMAGE ip -j -6 address show 283 284 local container_address="$(ipv6_get_addr_global "${output}")" 285 local host_address="$(default_addr 6)" 286 287 assert "${container_address}" = "${host_address}" \ 288 "Container address not matching host" 289 } 290 291 @test "IPv6 address assignment" { 292 skip_if_no_ipv6 "IPv6 not routable on the host" 293 294 run_podman run --net=pasta:-a,2001:db8::1 $IMAGE ip -j -6 address show 295 296 local container_address="$(ipv6_get_addr_global "${output}")" 297 298 assert "${container_address}" = "2001:db8::1" \ 299 "Container address not matching configured value" 300 } 301 302 @test "No IPv6" { 303 skip_if_no_ipv6 "IPv6 not routable on the host" 304 skip_if_no_ipv4 "IPv4 not routable on the host" 305 306 run_podman run --net=pasta:-4 $IMAGE ip -j -6 address show 307 308 local container_address="$(ipv6_get_addr_global "${output}")" 309 310 assert "${container_address}" = "null" \ 311 "Container has IPv6 global address with IPv6 disabled" 312 } 313 314 @test "podman puts pasta IP in /etc/hosts" { 315 skip_if_no_ipv4 "IPv4 not routable on the host" 316 317 pname="p$(random_string 30)" 318 ip="$(default_addr 4)" 319 320 run_podman pod create --net=pasta --name "${pname}" 321 run_podman run --pod="${pname}" "${IMAGE}" getent hosts "${pname}" 322 323 assert "$(echo ${output} | cut -f1 -d' ')" = "${ip}" "Correct /etc/hosts entry missing" 324 325 run_podman pod rm "${pname}" 326 run_podman rmi $(pause_image) 327 } 328 329 ### Routes ##################################################################### 330 331 @test "IPv4 default route" { 332 skip_if_no_ipv4 "IPv4 not routable on the host" 333 334 run_podman run --net=pasta $IMAGE ip -j -4 route show 335 336 local container_route="$(ipv4_get_route_default "${output}")" 337 local host_route="$(ipv4_get_route_default)" 338 339 assert "${container_route}" = "${host_route}" \ 340 "Container route not matching host" 341 } 342 343 @test "IPv4 default route assignment" { 344 skip_if_no_ipv4 "IPv4 not routable on the host" 345 346 run_podman run --net=pasta:-a,192.0.2.2,-g,192.0.2.1 $IMAGE \ 347 ip -j -4 route show 348 349 local container_route="$(ipv4_get_route_default "${output}")" 350 351 assert "${container_route}" = "192.0.2.1" \ 352 "Container route not matching configured value" 353 } 354 355 @test "IPv6 default route" { 356 skip_if_no_ipv6 "IPv6 not routable on the host" 357 358 run_podman run --net=pasta $IMAGE ip -j -6 route show 359 360 local container_route="$(ipv6_get_route_default "${output}")" 361 local host_route="$(ipv6_get_route_default)" 362 363 assert "${container_route}" = "${host_route}" \ 364 "Container route not matching host" 365 } 366 367 @test "IPv6 default route assignment" { 368 skip_if_no_ipv6 "IPv6 not routable on the host" 369 370 run_podman run --net=pasta:-a,2001:db8::2,-g,2001:db8::1 $IMAGE \ 371 ip -j -6 route show 372 373 local container_route="$(ipv6_get_route_default "${output}")" 374 375 assert "${container_route}" = "2001:db8::1" \ 376 "Container route not matching configured value" 377 } 378 379 ### Interfaces ################################################################# 380 381 @test "Default MTU" { 382 run_podman run --net=pasta $IMAGE ip -j link show 383 384 container_tap_mtu="$(ether_get_mtu "${output}")" 385 386 assert "${container_tap_mtu}" = "65520" \ 387 "Container's default MTU not 65220 bytes by default" 388 } 389 390 @test "MTU assignment" { 391 run_podman run --net=pasta:-m,1280 $IMAGE ip -j link show 392 393 container_tap_mtu="$(ether_get_mtu "${output}")" 394 395 assert "${container_tap_mtu}" = "1280" \ 396 "Container's default MTU not matching configured 1280 bytes" 397 } 398 399 @test "Loopback interface state" { 400 run_podman run --net=pasta $IMAGE ip -j link show 401 402 local jq_expr='.[] | select(.link_type == "loopback").flags | '\ 403 ' contains(["UP"])' 404 405 container_loopback_up="$(printf '%s' "${output}" | jq -rM "${jq_expr}")" 406 407 assert "${container_loopback_up}" = "true" \ 408 "Container's loopback interface not up" 409 } 410 411 ### DNS ######################################################################## 412 413 @test "External resolver, IPv4" { 414 skip_if_no_ipv4 "IPv4 not routable on the host" 415 416 run_podman '?' run --net=pasta $IMAGE nslookup 127.0.0.1 417 418 assert "$output" =~ "1.0.0.127.in-addr.arpa" \ 419 "127.0.0.1 not resolved" 420 } 421 422 @test "External resolver, IPv6" { 423 skip_if_no_ipv6 "IPv6 not routable on the host" 424 425 run_podman run --net=pasta $IMAGE nslookup ::1 || : 426 427 assert "$output" =~ "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" \ 428 "::1 not resolved" 429 } 430 431 @test "Local forwarder, IPv4" { 432 skip_if_no_ipv4 "IPv4 not routable on the host" 433 434 # pasta is the default now so no need to set it 435 run_podman run --rm $IMAGE grep nameserver /etc/resolv.conf 436 assert "${lines[0]}" == "nameserver 169.254.0.1" "default dns forward server" 437 438 run_podman run --rm --net=pasta:--dns-forward,198.51.100.1 \ 439 $IMAGE nslookup 127.0.0.1 || : 440 assert "$output" =~ "1.0.0.127.in-addr.arpa" "No answer from resolver" 441 } 442 443 @test "Local forwarder, IPv6" { 444 skip_if_no_ipv6 "IPv6 not routable on the host" 445 446 # TODO: Two issues here: 447 skip "Currently unsupported" 448 # run_podman run --dns 2001:db8::1 \ 449 # --net=pasta:--dns-forward,2001:db8::1 $IMAGE nslookup ::1 450 # 451 # 1. With this, Podman writes "nameserver 2001:db8::1" to 452 # /etc/resolv.conf, without zone, and the query originates from ::1. 453 # Passing: 454 # --dns "2001:db8::2%eth0" 455 # results in: 456 # Error: 2001:db8::2%eth0 is not an ip address 457 # Fix the issue in Podman once we figure out 2. below. 458 # 459 # 460 # run_podman run --dns 2001:db8::1 \ 461 # --net=pasta:--dns-forward,2001:db8::1 $IMAGE \ 462 # sh -c 'echo 2001:db8::1%eth0 >/etc/resolv.conf; nslookup ::1' 463 # 464 # 2. This fixes the source address of the query, but the answer is 465 # discarded. Figure out if it's an issue in Busybox, in musl, if we 466 # should just include a full-fledged resolver in the test image, etc. 467 } 468 469 ### TCP/IPv4 Port Forwarding ################################################### 470 471 @test "Single TCP port forwarding, IPv4, tap" { 472 pasta_test_do 473 } 474 475 @test "Single TCP port forwarding, IPv4, loopback" { 476 pasta_test_do 477 } 478 479 @test "TCP port range forwarding, IPv4, tap" { 480 pasta_test_do 481 } 482 483 @test "TCP port range forwarding, IPv4, loopback" { 484 pasta_test_do 485 } 486 487 @test "Translated TCP port forwarding, IPv4, tap" { 488 pasta_test_do 489 } 490 491 @test "Translated TCP port forwarding, IPv4, loopback" { 492 pasta_test_do 493 } 494 495 @test "TCP translated port range forwarding, IPv4, tap" { 496 pasta_test_do 497 } 498 499 @test "TCP translated port range forwarding, IPv4, loopback" { 500 pasta_test_do 501 } 502 503 @test "Address-bound TCP port forwarding, IPv4, tap" { 504 pasta_test_do 505 } 506 507 @test "Address-bound TCP port forwarding, IPv4, loopback" { 508 pasta_test_do 509 } 510 511 @test "Interface-bound TCP port forwarding, IPv4, tap" { 512 pasta_test_do 513 } 514 515 @test "Interface-bound TCP port forwarding, IPv4, loopback" { 516 pasta_test_do 517 } 518 519 ### TCP/IPv6 Port Forwarding ################################################### 520 521 @test "Single TCP port forwarding, IPv6, tap" { 522 pasta_test_do 523 } 524 525 @test "Single TCP port forwarding, IPv6, loopback" { 526 pasta_test_do 527 } 528 529 @test "TCP port range forwarding, IPv6, tap" { 530 pasta_test_do 531 } 532 533 @test "TCP port range forwarding, IPv6, loopback" { 534 pasta_test_do 535 } 536 537 @test "Translated TCP port forwarding, IPv6, tap" { 538 pasta_test_do 539 } 540 541 @test "Translated TCP port forwarding, IPv6, loopback" { 542 pasta_test_do 543 } 544 545 @test "TCP translated port range forwarding, IPv6, tap" { 546 pasta_test_do 547 } 548 549 @test "TCP translated port range forwarding, IPv6, loopback" { 550 pasta_test_do 551 } 552 553 @test "Address-bound TCP port forwarding, IPv6, tap" { 554 pasta_test_do 555 } 556 557 @test "Address-bound TCP port forwarding, IPv6, loopback" { 558 pasta_test_do 559 } 560 561 @test "Interface-bound TCP port forwarding, IPv6, tap" { 562 pasta_test_do 563 } 564 565 @test "Interface-bound TCP port forwarding, IPv6, loopback" { 566 pasta_test_do 567 } 568 569 ### UDP/IPv4 Port Forwarding ################################################### 570 571 @test "Single UDP port forwarding, IPv4, tap" { 572 pasta_test_do 573 } 574 575 @test "Single UDP port forwarding, IPv4, loopback" { 576 pasta_test_do 577 } 578 579 @test "UDP port range forwarding, IPv4, tap" { 580 pasta_test_do 581 } 582 583 @test "UDP port range forwarding, IPv4, loopback" { 584 pasta_test_do 585 } 586 587 @test "Translated UDP port forwarding, IPv4, tap" { 588 pasta_test_do 589 } 590 591 @test "Translated UDP port forwarding, IPv4, loopback" { 592 pasta_test_do 593 } 594 595 @test "UDP translated port range forwarding, IPv4, tap" { 596 pasta_test_do 597 } 598 599 @test "UDP translated port range forwarding, IPv4, loopback" { 600 pasta_test_do 601 } 602 603 @test "Address-bound UDP port forwarding, IPv4, tap" { 604 pasta_test_do 605 } 606 607 @test "Address-bound UDP port forwarding, IPv4, loopback" { 608 pasta_test_do 609 } 610 611 @test "Interface-bound UDP port forwarding, IPv4, tap" { 612 pasta_test_do 613 } 614 615 @test "Interface-bound UDP port forwarding, IPv4, loopback" { 616 pasta_test_do 617 } 618 619 ### UDP/IPv6 Port Forwarding ################################################### 620 621 @test "Single UDP port forwarding, IPv6, tap" { 622 pasta_test_do 623 } 624 625 @test "Single UDP port forwarding, IPv6, loopback" { 626 pasta_test_do 627 } 628 629 @test "UDP port range forwarding, IPv6, tap" { 630 pasta_test_do 631 } 632 633 @test "UDP port range forwarding, IPv6, loopback" { 634 pasta_test_do 635 } 636 637 @test "Translated UDP port forwarding, IPv6, tap" { 638 pasta_test_do 639 } 640 641 @test "Translated UDP port forwarding, IPv6, loopback" { 642 pasta_test_do 643 } 644 645 @test "UDP translated port range forwarding, IPv6, tap" { 646 pasta_test_do 647 } 648 649 @test "UDP translated port range forwarding, IPv6, loopback" { 650 pasta_test_do 651 } 652 653 @test "Address-bound UDP port forwarding, IPv6, tap" { 654 pasta_test_do 655 } 656 657 @test "Address-bound UDP port forwarding, IPv6, loopback" { 658 pasta_test_do 659 } 660 661 @test "Interface-bound UDP port forwarding, IPv6, tap" { 662 pasta_test_do 663 } 664 665 @test "Interface-bound UDP port forwarding, IPv6, loopback" { 666 pasta_test_do 667 } 668 669 ### TCP/IPv4 transfer ########################################################## 670 671 @test "TCP/IPv4 small transfer, tap" { 672 pasta_test_do 673 } 674 675 @test "TCP/IPv4 small transfer, loopback" { 676 pasta_test_do 677 } 678 679 @test "TCP/IPv4 large transfer, tap" { 680 pasta_test_do 681 } 682 683 @test "TCP/IPv4 large transfer, loopback" { 684 pasta_test_do 685 } 686 687 ### TCP/IPv6 transfer ########################################################## 688 689 @test "TCP/IPv6 small transfer, tap" { 690 pasta_test_do 691 } 692 693 @test "TCP/IPv6 small transfer, loopback" { 694 pasta_test_do 695 } 696 697 @test "TCP/IPv6 large transfer, tap" { 698 pasta_test_do 699 } 700 701 @test "TCP/IPv6 large transfer, loopback" { 702 pasta_test_do 703 } 704 705 ### UDP/IPv4 transfer ########################################################## 706 707 @test "UDP/IPv4 small transfer, tap" { 708 pasta_test_do 709 } 710 711 @test "UDP/IPv4 small transfer, loopback" { 712 pasta_test_do 713 } 714 715 @test "UDP/IPv4 large transfer, tap" { 716 pasta_test_do 717 } 718 719 @test "UDP/IPv4 large transfer, loopback" { 720 pasta_test_do 721 } 722 723 ### UDP/IPv6 transfer ########################################################## 724 725 @test "UDP/IPv6 small transfer, tap" { 726 pasta_test_do 727 } 728 729 @test "UDP/IPv6 small transfer, loopback" { 730 pasta_test_do 731 } 732 733 @test "UDP/IPv6 large transfer, tap" { 734 pasta_test_do 735 } 736 737 @test "UDP/IPv6 large transfer, loopback" { 738 pasta_test_do 739 } 740 741 ### Lifecycle ################################################################## 742 743 @test "pasta(1) quits when the namespace is gone" { 744 local pidfile="${PODMAN_TMPDIR}/pasta.pid" 745 746 run_podman run "--net=pasta:--pid,${pidfile}" $IMAGE true 747 sleep 1 748 ! ps -p $(cat "${pidfile}") && rm "${pidfile}" 749 } 750 751 ### Options #################################################################### 752 @test "Unsupported protocol in port forwarding" { 753 local port=$(random_free_port "" "" tcp) 754 755 run_podman 126 run --net=pasta -p "${port}:${port}/sctp" $IMAGE true 756 is "$output" "Error: .*can't forward protocol: sctp" 757 } 758 759 @test "Use options from containers.conf" { 760 skip_if_remote "containers.conf must be set for the server" 761 762 containersconf=$PODMAN_TMPDIR/containers.conf 763 mac="9a:dd:31:ea:92:98" 764 cat >$containersconf <<EOF 765 [network] 766 default_rootless_network_cmd = "pasta" 767 pasta_options = ["-I", "myname", "--ns-mac-addr", "$mac"] 768 EOF 769 770 # 2023-06-29 DO NOT INCLUDE "--net=pasta" on this line! 771 # This tests containers.conf:default_rootless_network_cmd (pr #19032) 772 CONTAINERS_CONF_OVERRIDE=$containersconf run_podman run $IMAGE ip link show myname 773 assert "$output" =~ "$mac" "mac address is set on custom interface" 774 775 # now, again but this time overwrite a option on the cli. 776 mac2="aa:bb:cc:dd:ee:ff" 777 CONTAINERS_CONF_OVERRIDE=$containersconf run_podman run --net=pasta:--ns-mac-addr,"$mac2" $IMAGE ip link show myname 778 assert "$output" =~ "$mac2" "mac address from cli is set on custom interface" 779 } 780 781 ### Rootless unshare testins 782 783 @test "Podman unshare --rootless-netns with Pasta" { 784 skip_if_remote "unshare is local-only" 785 786 pasta_iface=$(default_ifname) 787 788 # First let's force a setup error by making pasta be "false". 789 ln -s /usr/bin/false $PODMAN_TMPDIR/pasta 790 CONTAINERS_HELPER_BINARY_DIR="$PODMAN_TMPDIR" run_podman 125 unshare --rootless-netns ip addr 791 assert "$output" =~ "pasta failed with exit code 1" 792 793 # Now this should recover from the previous error and setup the netns correctly. 794 run_podman unshare --rootless-netns ip addr 795 is "$output" ".*${pasta_iface}.*" 796 }