add ppp testsuite#596
Open
tridge wants to merge 7 commits into
Open
Conversation
Add an end-to-end testsuite that brings up pairs of pppd processes back-to-back and verifies real behaviour on the wire: LCP/IPCP link negotiation, IP routing between the instances, bulk data integrity, PAP/CHAP authentication (accept and reject), and MRU negotiation. Each test joins two pppd processes with an AF_UNIX socketpair on stdin/stdout (notty mode). Every pppd runs in its own network namespace, so the only path between the two negotiated addresses is the ppp link itself and a ping between them genuinely traverses the link. A private mount namespace bind-mounts a per-peer configuration directory over the binary's compiled-in one, keeping tests hermetic without touching the host's /etc/ppp; secrets files are staged in a root-owned tmpfs to satisfy pppd's secrets-path safety checks. Tests are testsuite/NAME_test.py scripts run by runtests.py, with autotools-convention exit codes (0/1/2/77/78). The runner supports globs, parallel runs (-j), per-test scratch directories with automatic pppd log capture on failure, --fail-on-skip for CI, and --pppd-bin2 to run the far side of every link with a different pppd binary for cross-version interoperability testing (with an optional --expect-result manifest). pppd needs root, so privileged commands use passwordless sudo when not run as root; the link tests SKIP when neither is available or the kernel lacks ppp support. Each pppd runs under a timeout(1) watchdog so no root process outlives a killed test run. Signed-off-by: Andrew Tridgell <andrew@tridgell.net>
Distribute runtests.py and testsuite/, and add a check-integration target. It is deliberately not part of "make check": the link tests need root (or passwordless sudo) and kernel ppp support. Signed-off-by: Andrew Tridgell <andrew@tridgell.net>
GitHub runners have passwordless sudo and the ppp modules available, so the new runtests.py suite can run as a separate job alongside the existing unit-test jobs. --fail-on-skip ensures the job goes red rather than silently skipping if a runner loses a prerequisite. Signed-off-by: Andrew Tridgell <andrew@tridgell.net>
d1deb32 to
e4f6f53
Compare
Network namespaces are Linux-only, so the IP routing tests (ping, data-transfer) now declare routing=True and skip elsewhere: without namespaces both negotiated addresses are local to one stack and the traffic would short-circuit via loopback rather than traverse the ppp link. The protocol-level tests (link-up, PAP/CHAP auth, MRU negotiation) run on non-Linux hosts too, using a mode that stages the server's secrets in the binary's real configuration directory. Since that touches host state it is gated behind PPPD_TEST_GLOBAL_CONF=1, meant for disposable CI VMs; existing secrets files are never overwritten, and per-process IP addresses avoid collisions. The auth-test clients now supply their secret with the "password" option instead of a private secrets file, since without namespaces both sides share one confdir and only the server can own the secrets file there. The wrong-secret cases also accept the hangup exit codes for the client: its exact code races between its own auth-failed path and the hangup from the exiting server; the strict assertions are the server's rejection and that the link never comes up. Interface checks fall back from ip(8) to ifconfig, and the timeout(1) watchdog becomes optional (required on Linux, used elsewhere when available) with stop() signalling pppd directly when it is absent. Signed-off-by: Andrew Tridgell <andrew@tridgell.net>
The vmactions VM runs as root and is disposable, so the testsuite runs with PPPD_TEST_GLOBAL_CONF=1 after make install, as a separate Test step driven over the action's ssh access (the VM can only be booted by one vmactions step per job). Note that Oracle removed kernel PPP from Solaris 11.4 (the sppp driver packages are obsolete stubs since SRU 24), so /dev/ppp cannot exist in the VM: the link tests skip and the run verifies the build and that the pppd binary executes. The routing tests would skip regardless, as Solaris has no network namespaces. Signed-off-by: Andrew Tridgell <andrew@tridgell.net>
Static-check the workflow YAML with rhysd/actionlint on changes under .github/workflows/. Signed-off-by: Andrew Tridgell <andrew@tridgell.net>
OmniOS (illumos) still ships the sppp kernel driver that Oracle removed from Solaris 11.4, so this job gives the Solaris-family code paths real link-level testing: the protocol tests (link-up, PAP/CHAP auth, MRU negotiation) run against /dev/ppp, with only the namespace-dependent IP routing tests skipping. Signed-off-by: Andrew Tridgell <andrew@tridgell.net>
Member
|
@paulusmack, @jkroonza: What do you think about this PR? |
Contributor
|
I like the direction, would need to dig into details to say yes/no, but I'm definitely pro any/all improvement in testing. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
modeled on the rsync 3.5 test framework