try running tests with *BSD-ish tools (ifconfig/route/netstat) for additional coverage

Things that should be improved:

* Need a better way to disable iproute2. Most likely the sanest way to
  do this will actually be to split the vpnc-script into two versions, rather than
  try to maintain its one-size-fits-all structure.
* Need a better way to enable tracing in vpnc-script. This really should be added
  to OpenConnect itself (in part, by adding `-x` to the `sh /path/to/vpnc-script`
  exec) since we're frequently requesting it of real users for real issues.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b310a2621a5cf363c39ee25dd0dd3ee0a58e60f4..38bc22021f7867b1e3ccc41cec2d6083fb5544a2 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,8 +7,12 @@ resolv.conf-iproute/Centos7:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
   before_script:
   - yum install -y ocserv openconnect which
+    net-tools
   script:
+  # Test with iproute2
   - make -C tests check RESOLVCONF=1
+  # Test with route/ifconfig/netstat (approximation of *BSD/macOS)
+  - make -C tests check RESOLVCONF=1 NO_IPROUTE2=1 TRACE_VPNC_SCRIPT=1
   tags:
   - shared
   - linux
@@ -18,4 +22,3 @@ resolv.conf-iproute/Centos7:
     expire_in: 1 week
     untracked: true
     when: on_failure
-

diff --git a/tests/vpn-noroute b/tests/vpn-noroute
index 15d7124c0b7681d5851899519ed7bf73b991ec33..18767dd4ad6264afffbc33d7876cad88143562ef 100755 (executable)
--- a/tests/vpn-noroute
+++ b/tests/vpn-noroute
@@ -30,7 +30,15 @@ TUNDEV=oc-$$-tun0
 
 eval "${GETPORT}"
 
-if test -z "${IP}";then
+if test "$TRACE_VPNC_SCRIPT" = 1;then
+       echo "Enabling detailed tracing in vpnc-script (env; set -x)."
+       sed -i.trace -e 's|^#TRACE#||' ${srcdir}/../vpnc-script || exit 1
+fi
+
+if test "$NO_IPROUTE2" = 1;then
+       echo "Disabling iproute2 support in vpnc-script."
+       sed -i.iproute2 -e 's|IPROUTE=....*|IPROUTE="" # disable|g' ${srcdir}/../vpnc-script || exit 1
+elif test -z "${IP}";then
        echo "no IP tool is present"
        exit 1
 fi
@@ -58,6 +66,12 @@ function finish {
     cp ${RESOLVCONFBAK} /etc/resolv.conf
   fi
   rm -f ${OUTFILE} ${ALLFILE} ${RESOLVCONFBAK} 2>&1
+  if test "${NO_IPROUTE2}" = 1;then
+    mv -f ${srcdir}/../vpnc-script.iproute2 ${srcdir}/../vpnc-script 2>&1
+  fi
+  if test "${TRACE_VPNC_SCRIPT}" = 1;then
+    mv -f ${srcdir}/../vpnc-script.trace ${srcdir}/../vpnc-script 2>&1
+  fi
 }
 trap finish EXIT
 

diff --git a/tests/vpn-routes b/tests/vpn-routes
index b38734d6473c3b15cafbb202f4f5074fb5fa73de..a76a898a6dcd72358bb79c4a5c886e7313f1f61a 100755 (executable)
--- a/tests/vpn-routes
+++ b/tests/vpn-routes
@@ -29,7 +29,15 @@ TUNDEV=oc-$$-tun0
 
 eval "${GETPORT}"
 
-if test -z "${IP}";then
+if test "$TRACE_VPNC_SCRIPT" = 1;then
+       echo "Enabling detailed tracing in vpnc-script (env; set -x)."
+       sed -i.trace -e 's|^#TRACE#||' ${srcdir}/../vpnc-script || exit 1
+fi
+
+if test "$NO_IPROUTE2" = 1;then
+       echo "Disabling iproute2 support in vpnc-script."
+       sed -i.iproute2 -e 's|IPROUTE=....*|IPROUTE="" # disable|' ${srcdir}/../vpnc-script || exit 1
+elif test -z "${IP}";then
        echo "no IP tool is present"
        exit 1
 fi
@@ -57,6 +65,12 @@ function finish {
     cp ${RESOLVCONFBAK} /etc/resolv.conf
   fi
   rm -f ${OUTFILE} ${RESOLVCONFBAK} 2>&1
+  if test "${NO_IPROUTE2}" = 1;then
+    mv -f ${srcdir}/../vpnc-script.iproute2 ${srcdir}/../vpnc-script 2>&1
+  fi
+  if test "${TRACE_VPNC_SCRIPT}" = 1;then
+    mv -f ${srcdir}/../vpnc-script.trace ${srcdir}/../vpnc-script 2>&1
+  fi
 }
 trap finish EXIT
 

diff --git a/vpnc-script b/vpnc-script
index e789e5a7ab5b28ac21684496d045259362ca52ad..f981321b2a0314b59344fd1e5a43ac69909be31e 100755 (executable)
--- a/vpnc-script
+++ b/vpnc-script
@@ -69,8 +69,13 @@
 # 1) Maybe dnsmasq can do something like that
 # 2) Parse dns packets going out via tunnel and redirect them to original dns-server
 
-#env | sort
-#set -x
+# ======== For test logging (CI/CD will uncomment automatically) =========
+
+#TRACE# echo "------------------"
+#TRACE# echo "vpnc-script environment:"
+#TRACE# env | egrep '^(CISCO_|INTERNAL_IP|VPNGATEWAY|TUNDEV|reason)' | sort
+#TRACE# echo "------------------"
+#TRACE# set -x
 
 # =========== script (variable) setup ====================================