public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
blob d70c4ca578f56ba8c64ef53549a7c9e8854f19b9 4216 bytes (raw)

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
#!/bin/sh
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# PASST - Plug A Simple Socket Transport
#  for qemu/UNIX domain socket mode
#
# PASTA - Pack A Subtle Tap Abstraction
#  for network namespace/tap device mode
#
# test/lib/sandbox - Run test programs in an isolated, controlled network environment
#
# Copyright Red Hat
# Author: David Gibson <david@gibson.dropbear.id.au>

# DOC: Theory of Operation
#
# We want to run our tests in an isolated network environment so that:
#  * Bugs can't affect things beyond the test
#  * We have a known environment, independent of the host's network
#    configuration
#
# To do this, we set up 3 namespaces with nstool:
#
# SANDBOX - Parent namespace to isolate us from the host
#    This has no network, it's just for isolation, and to create the
#    other namespaces.
#
# SIMHOST - Namespace representing the host for passt/pasta tests
#    This is a network namespace representing the host where we run
#    passt or pasta.  It has a simple network configuration with both
#    IPv4 and IPv6 over a default route to ROUTER.
#
# ROUTER - Namespace representing SIMHOST's default router
#    This is a network namespace representing SIMHOST's router, and in
#    a sense, all hosts external to SIMHOST.  It acts as default
#    gateway for SIMHOST on both IPv4 and IPv6.

SANDBOX_CTL=sandbox.nstool
SANDBOX_CTL_HOST=sandbox-host.nstool
SANDBOX_CTL_ROUTER=sandbox-router.nstool

SANDBOX_IP4_BCAST=192.0.2.255
SANDBOX_IP4_MASK=24
SANDBOX_IP4_PREFIX=192.0.2.0/$IP4_MASK
SANDBOX_IP4_HOST=192.0.2.1
SANDBOX_IP4_ROUTER=192.0.2.2

SANDBOX_IP6_MASK=64
SANDBOX_IP6_PREFIX=2001:db8:9a55::/$IP6_MASK
SANDBOX_IP6_HOST=2001:db8:9a55::1
SANDBOX_IP6_ROUTER=2001:db8:9a55::2

sandbox_cleanup() {
        ${NSTOOL} stop "${SANDBOX_CTL_HOST}"
        ${NSTOOL} stop "${SANDBOX_CTL_ROUTER}"
        ${NSTOOL} stop "${SANDBOX_CTL}"
        rm -f "${SANDBOX_CTL}" "${SANDBOX_CTL_HOST}" "${SANDBOX_CTL_ROUTER}"
}

# Run command in SANDBOX with privilege
sb_priv() {
        ${NSTOOL} exec --keep-caps "${SANDBOX_CTL}" -- "$@"
}

# Run command in SIMHOST ns with privilege
sb_priv_host() {
        ${NSTOOL} exec --keep-caps "${SANDBOX_CTL_HOST}" -- "$@"
}

# Run command in SIMHOST without privilege
sb_uhost() {
        ${NSTOOL} exec "${SANDBOX_CTL_HOST}" -- "$@"
}

# Run command in ROUTER with privilege
sb_priv_router() {
        ${NSTOOL} exec --keep-caps "${SANDBOX_CTL_ROUTER}" -- "$@"
}

sandbox() {
        trap "sandbox_cleanup" EXIT

        # Create SANDBOX
        unshare -Ucnpfm --mount-proc $NSTOOL hold "${SANDBOX_CTL}" &
        $NSTOOL info -w "${SANDBOX_CTL}" >/dev/null

        # Create SIMHOST
        sb_priv unshare -n ${NSTOOL} hold "${SANDBOX_CTL_HOST}" &
        local host_rel_pid=$(${NSTOOL} exec "${SANDBOX_CTL}" -- ${NSTOOL} info -pw "${SANDBOX_CTL_HOST}")

        # Create ROUTER
        sb_priv unshare -n ${NSTOOL} hold "${SANDBOX_CTL_ROUTER}" &
        local router_rel_pid=$(${NSTOOL} exec "${SANDBOX_CTL}" -- ${NSTOOL} info -pw "${SANDBOX_CTL_ROUTER}")

        # Create veth between SIMHOST and ROUTER
        sb_priv ip link add type veth
        sb_priv ip link set veth0 netns $host_rel_pid
        sb_priv ip link set veth1 netns $router_rel_pid

        # Configure network in ROUTER
        sb_priv_router ip link set lo up
        sb_priv_router ip -4 addr add $SANDBOX_IP4_ROUTER/$SANDBOX_IP4_MASK dev veth1
        sb_priv_router ip -6 addr add $SANDBOX_IP6_ROUTER/$SANDBOX_IP6_MASK dev veth1
        sb_priv_router ip link set veth1 up

        # Configure network in SIMHOST
        sb_priv_host ip link set lo up
        sb_priv_host ip -4 addr add $SANDBOX_IP4_HOST/$SANDBOX_IP4_MASK dev veth0
        sb_priv_host ip -6 addr add $SANDBOX_IP6_HOST/$SANDBOX_IP6_MASK dev veth0
        sb_priv_host ip link set veth0 up

        # Configure SIMHOST's default gateway as ROUTER
        sleep 2 # Wait for SLAAC
        local ip6_ll_router=$(sb_priv_router ip -6 -j addr | jq -r '.[] | select(.ifname == "veth1") | .addr_info | .[] | select(.scope == "link") | .local')

        sb_priv_host ip -4 route add default via $SANDBOX_IP4_ROUTER
        sb_priv_host ip -6 route add default via $ip6_ll_router dev veth0

        sb_uhost "$@"
}

debug log:

solving d70c4ca5 ...
found d70c4ca5 in https://archives.passt.top/passt-dev/20240322023359.2746864-1-david@gibson.dropbear.id.au/

applying [1/1] https://archives.passt.top/passt-dev/20240322023359.2746864-1-david@gibson.dropbear.id.au/
diff --git a/test/lib/sandbox b/test/lib/sandbox
new file mode 100644
index 00000000..d70c4ca5

Checking patch test/lib/sandbox...
Applied patch test/lib/sandbox cleanly.

index at:
100644 d70c4ca578f56ba8c64ef53549a7c9e8854f19b9	test/lib/sandbox

Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).