From 97c06de158820fb4468592ca675cf2cdb3349838 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Wed, 25 Nov 2020 13:48:20 -0800 Subject: [PATCH] try running tests with *BSD-ish tools (ifconfig/route/netstat) for additional coverage Things that should be improved: * Need a better way to disable iproute2. Most likely the sanest way to do this will actually be to split the vpnc-script into two versions, rather than try to maintain its one-size-fits-all structure. * Need a better way to enable tracing in vpnc-script. This really should be added to OpenConnect itself (in part, by adding `-x` to the `sh /path/to/vpnc-script` exec) since we're frequently requesting it of real users for real issues. Signed-off-by: Daniel Lenski --- .gitlab-ci.yml | 5 ++++- tests/vpn-noroute | 16 +++++++++++++++- tests/vpn-routes | 16 +++++++++++++++- vpnc-script | 9 +++++++-- 4 files changed, 41 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b310a26..38bc220 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,8 +7,12 @@ resolv.conf-iproute/Centos7: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD before_script: - yum install -y ocserv openconnect which + net-tools script: + # Test with iproute2 - make -C tests check RESOLVCONF=1 + # Test with route/ifconfig/netstat (approximation of *BSD/macOS) + - make -C tests check RESOLVCONF=1 NO_IPROUTE2=1 TRACE_VPNC_SCRIPT=1 tags: - shared - linux @@ -18,4 +22,3 @@ resolv.conf-iproute/Centos7: expire_in: 1 week untracked: true when: on_failure - diff --git a/tests/vpn-noroute b/tests/vpn-noroute index 15d7124..18767dd 100755 --- a/tests/vpn-noroute +++ b/tests/vpn-noroute @@ -30,7 +30,15 @@ TUNDEV=oc-$$-tun0 eval "${GETPORT}" -if test -z "${IP}";then +if test "$TRACE_VPNC_SCRIPT" = 1;then + echo "Enabling detailed tracing in vpnc-script (env; set -x)." + sed -i.trace -e 's|^#TRACE#||' ${srcdir}/../vpnc-script || exit 1 +fi + +if test "$NO_IPROUTE2" = 1;then + echo "Disabling iproute2 support in vpnc-script." + sed -i.iproute2 -e 's|IPROUTE=....*|IPROUTE="" # disable|g' ${srcdir}/../vpnc-script || exit 1 +elif test -z "${IP}";then echo "no IP tool is present" exit 1 fi @@ -58,6 +66,12 @@ function finish { cp ${RESOLVCONFBAK} /etc/resolv.conf fi rm -f ${OUTFILE} ${ALLFILE} ${RESOLVCONFBAK} 2>&1 + if test "${NO_IPROUTE2}" = 1;then + mv -f ${srcdir}/../vpnc-script.iproute2 ${srcdir}/../vpnc-script 2>&1 + fi + if test "${TRACE_VPNC_SCRIPT}" = 1;then + mv -f ${srcdir}/../vpnc-script.trace ${srcdir}/../vpnc-script 2>&1 + fi } trap finish EXIT diff --git a/tests/vpn-routes b/tests/vpn-routes index b38734d..a76a898 100755 --- a/tests/vpn-routes +++ b/tests/vpn-routes @@ -29,7 +29,15 @@ TUNDEV=oc-$$-tun0 eval "${GETPORT}" -if test -z "${IP}";then +if test "$TRACE_VPNC_SCRIPT" = 1;then + echo "Enabling detailed tracing in vpnc-script (env; set -x)." + sed -i.trace -e 's|^#TRACE#||' ${srcdir}/../vpnc-script || exit 1 +fi + +if test "$NO_IPROUTE2" = 1;then + echo "Disabling iproute2 support in vpnc-script." + sed -i.iproute2 -e 's|IPROUTE=....*|IPROUTE="" # disable|' ${srcdir}/../vpnc-script || exit 1 +elif test -z "${IP}";then echo "no IP tool is present" exit 1 fi @@ -57,6 +65,12 @@ function finish { cp ${RESOLVCONFBAK} /etc/resolv.conf fi rm -f ${OUTFILE} ${RESOLVCONFBAK} 2>&1 + if test "${NO_IPROUTE2}" = 1;then + mv -f ${srcdir}/../vpnc-script.iproute2 ${srcdir}/../vpnc-script 2>&1 + fi + if test "${TRACE_VPNC_SCRIPT}" = 1;then + mv -f ${srcdir}/../vpnc-script.trace ${srcdir}/../vpnc-script 2>&1 + fi } trap finish EXIT diff --git a/vpnc-script b/vpnc-script index e789e5a..f981321 100755 --- a/vpnc-script +++ b/vpnc-script @@ -69,8 +69,13 @@ # 1) Maybe dnsmasq can do something like that # 2) Parse dns packets going out via tunnel and redirect them to original dns-server -#env | sort -#set -x +# ======== For test logging (CI/CD will uncomment automatically) ========= + +#TRACE# echo "------------------" +#TRACE# echo "vpnc-script environment:" +#TRACE# env | egrep '^(CISCO_|INTERNAL_IP|VPNGATEWAY|TUNDEV|reason)' | sort +#TRACE# echo "------------------" +#TRACE# set -x # =========== script (variable) setup ==================================== -- 2.49.0