From aa9256fe37cc9d4cff826a30c42fc55154d88032 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Mon, 8 Feb 2021 17:07:10 -0800 Subject: [PATCH] improve ppp-over-tls tests - Cleanup ugly pppd syntax - Always set 'nodefaultroute' and negotiate link-local IPv4 addresses - Don't rely on non-root to cause OpenConnect to terminate - More tests with HDLC, only one without Signed-off-by: Daniel Lenski --- tests/common.sh | 5 +-- tests/ppp-over-tls | 82 +++++++++++++++++++++++++++++++--------------- 2 files changed, 58 insertions(+), 29 deletions(-) diff --git a/tests/common.sh b/tests/common.sh index 96d52e5f..a9024dff 100644 --- a/tests/common.sh +++ b/tests/common.sh @@ -83,7 +83,8 @@ launch_simple_pppd() { # It would be preferable to invoke `pppd notty` directly using socat, but it seemingly cannot handle # being wrapped by libsocket_wrapper.so. # pppd's option parsing is notably brittle: it must have the actual PTY device node, not a symlink - $SUDO $PPPD $(readlink "$SOCKDIR/pppd.$$.pty") noauth local debug nodetach logfile "$LOGFILE" $* 2>&1 & + $SUDO $PPPD $(readlink "$SOCKDIR/pppd.$$.pty") noauth local debug nodetach nodefaultroute logfile "$LOGFILE" $* 2>&1 & + PID="$PID $!" # XX: Caller needs to use PID, rather than $! } @@ -105,7 +106,7 @@ cleanup() { } fail() { - PID=$1 + PID="$1" shift; echo "Failure: $1" >&2 kill $PID diff --git a/tests/ppp-over-tls b/tests/ppp-over-tls index 1556b8a8..0f26e0ff 100755 --- a/tests/ppp-over-tls +++ b/tests/ppp-over-tls @@ -22,75 +22,103 @@ top_builddir=${top_builddir:-..} . `dirname $0`/common.sh +FINGERPRINT="--servercert=d66b507ae074d03b02eafca40d35f87dd81049d3" +CLIPID=$SOCKDIR/oc-pid.$$.tmp CERT=$certdir/server-cert.pem KEY=$certdir/server-key.pem +IPV4_NO="noip" +IPV4_YES="169.254.1.1:169.254.128.128" +IPV6_NO="noipv6" +IPV6_YES="+ipv6" +OFFER_DNS="ms-dns 1.1.1.1 ms-dns 8.8.8.8" +NO_HDR_COMP="nopcomp noaccomp" +NO_JUNK_COMP="novj noccp" +HDLC_YES="" +HDLC_NO="sync" +IPV4_SUCCESS_1="rcvd [IPCP ConfAck " +IPV4_SUCCESS_2="sent [IPCP ConfAck " +IPV6_SUCCESS_1="rcvd [IPV6CP ConfAck " +IPV6_SUCCESS_2="sent [IPV6CP ConfAck " + echo "Testing PPP ... " echo -n "Connecting to PPP peer (HDLC/RFC1662, IPv4+IPv6, DNS, extraneous VJ and CCP)... " -launch_simple_pppd $CERT $KEY 10.0.0.1:10.0.0.101 ms-dns 1.1.1.1 ms-dns 8.8.8.8 +ipv6 2>&1 -wait_server $PID +launch_simple_pppd $CERT $KEY $HDLC_YES $IPV4_YES $OFFER_DNS $IPV6_YES 2>&1 +wait_server "$PID" start=$(date +%s) -LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookie "hdlc" >/dev/null 2>&1 +LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test $FINGERPRINT --cookie "hdlc" -b --pid-file=$CLIPID >/dev/null 2>&1 +kill $(cat $CLIPID) > /dev/null 2>&1 took=$(( $(date +%s) - start )) -if grep -qF "rcvd [IPCP ConfAck " $LOGFILE && grep -qF "sent [IPCP ConfAck " $LOGFILE && grep -qF "rcvd [IPV6CP ConfAck " $LOGFILE && grep -qF "sent [IPV6CP ConfAck " $LOGFILE; then +if grep -qF "$IPV4_SUCCESS_1" $LOGFILE && grep -qF "$IPV4_SUCCESS_2" $LOGFILE && grep -qF "$IPV6_SUCCESS_1" $LOGFILE && grep -qF "$IPV6_SUCCESS_2" $LOGFILE; then echo "ok (took $took seconds)" else - fail $PID "Did not negotiate IPCP and IP6CP successfully." + fail "$PID" "Did not negotiate IPCP and IP6CP successfully." + cat $LOGFILE fi cleanup echo -n "Connecting to PPP peer (HDLC/RFC1662, IPv4+IPv6, DNS, extraneous VJ and CCP, no header compression)... " -launch_simple_pppd $CERT $KEY 10.0.0.1:10.0.0.101 ms-dns 1.1.1.1 ms-dns 8.8.8.8 +ipv6 nopcomp noaccomp 2>&1 -wait_server $PID +launch_simple_pppd $CERT $KEY $HDLC_YES $IPV4_YES $OFFER_DNS $IPV6_YES $NO_HDR_COMP 2>&1 +wait_server "$PID" start=$(date +%s) -LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookie "hdlc" >/dev/null 2>&1 +LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test $FINGERPRINT --cookie "hdlc" -b --pid-file=$CLIPID >/dev/null 2>&1 +kill $(cat $CLIPID) > /dev/null 2>&1 took=$(( $(date +%s) - start )) -if grep -qF "rcvd [IPCP ConfAck " $LOGFILE && grep -qF "sent [IPCP ConfAck " $LOGFILE && grep -qF "rcvd [IPV6CP ConfAck " $LOGFILE && grep -qF "sent [IPV6CP ConfAck " $LOGFILE; then +if grep -qF "$IPV4_SUCCESS_1" $LOGFILE && grep -qF "$IPV4_SUCCESS_2" $LOGFILE && grep -qF "$IPV6_SUCCESS_1" $LOGFILE && grep -qF "$IPV6_SUCCESS_2" $LOGFILE; then echo "ok (took $took seconds)" else - fail $PID "Did not negotiate IPCP and IP6CP successfully." + fail "$PID" "Did not negotiate IPCP and IP6CP successfully." + cat $LOGFILE fi cleanup echo -n "Connecting to PPP peer (sync/no-HDLC, IPv4+IPv6, DNS, extraneous VJ and CCP)... " -launch_simple_pppd $CERT $KEY sync 10.0.0.1:10.0.0.101 ms-dns 1.1.1.1 ms-dns 8.8.8.8 +ipv6 2>&1 -wait_server $PID +launch_simple_pppd $CERT $KEY $HDLC_NO $IPV4_YES $OFFER_DNS $IPV6_YES 2>&1 +wait_server "$PID" start=$(date +%s) -LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 >/dev/null 2>&1 +LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test $FINGERPRINT -b --pid-file=$CLIPID >/dev/null 2>&1 +kill $(cat $CLIPID) > /dev/null 2>&1 took=$(( $(date +%s) - start )) -if grep -qF "rcvd [IPCP ConfAck " $LOGFILE && grep -qF "sent [IPCP ConfAck " $LOGFILE && grep -qF "rcvd [IPV6CP ConfAck " $LOGFILE && grep -qF "sent [IPV6CP ConfAck " $LOGFILE; then +if grep -qF "$IPV4_SUCCESS_1" $LOGFILE && grep -qF "$IPV4_SUCCESS_2" $LOGFILE && grep -qF "$IPV6_SUCCESS_1" $LOGFILE && grep -qF "$IPV6_SUCCESS_2" $LOGFILE; then echo "ok (took $took seconds)" else - fail $PID "Did not negotiate IPCP and IP6CP successfully." + fail "$PID" "Did not negotiate IPCP and IP6CP successfully." + cat $LOGFILE fi cleanup -echo -n "Connecting to PPP peer (sync/no-HDLC, IPv4 only)... " -launch_simple_pppd $CERT $KEY sync novj noccp 10.0.0.1:10.0.0.101 noipv6 2>&1 -wait_server $PID +echo -n "Connecting to PPP peer (HDLC/RFC1662, IPv4 only)... " +launch_simple_pppd $CERT $KEY $HDLC_YES $NO_JUNK_COMP $IPV4_YES $IPV6_NO 2>&1 +wait_server "$PID" start=$(date +%s) -LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 >/dev/null 2>&1 +LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test $FINGERPRINT --cookie "hdlc" -b --pid-file=$CLIPID >/dev/null 2>&1 +kill $(cat $CLIPID) > /dev/null 2>&2 took=$(( $(date +%s) - start )) -if grep -qF "rcvd [IPCP ConfAck " $LOGFILE && grep -qF "sent [IPCP ConfAck " $LOGFILE; then +if grep -qF "$IPV4_SUCCESS_1" $LOGFILE && grep -qF "$IPV4_SUCCESS_2" $LOGFILE; then echo "ok (took $took seconds)" else - fail $PID "Did not negotiate IPCP successfully." + fail "$PID" "Did not negotiate IPCP successfully." + cat $LOGFILE fi -echo -n "Connecting to PPP peer (sync/no-HDLC, IPv6 only)... " -launch_simple_pppd $CERT $KEY sync novj noccp noip +ipv6 2>&1 -wait_server $PID +cleanup + +echo -n "Connecting to PPP peer (HDLC/RFC1662, IPv6 only)... " +launch_simple_pppd $CERT $KEY $HDLC_YES $NO_JUNK_COMP $IPV4_NO $IPV6_YES 2>&1 +wait_server "$PID" start=$(date +%s) -LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 >/dev/null 2>&1 +LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q --protocol=nullppp $ADDRESS:443 -u test $FINGERPRINT --cookie "hdlc" -b --pid-file=$CLIPID >/dev/null 2>&1 +kill $(cat $CLIPID) > /dev/null 2>&2 took=$(( $(date +%s) - start )) -if grep -qF "rcvd [IPV6CP ConfAck " $LOGFILE && grep -qF "sent [IPV6CP ConfAck " $LOGFILE; then +if grep -qF "$IPV6_SUCCESS_1" $LOGFILE && grep -qF "$IPV6_SUCCESS_2" $LOGFILE; then echo "ok (took $took seconds)" else - fail $PID "Did not negotiate IP6CP successfully." + fail "$PID" "Did not negotiate IP6CP successfully." + cat $LOGFILE fi cleanup -- 2.49.0