OLD | NEW |
1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 import common, datetime, fnmatch, logging, os, re, string, threading, time | 5 import common, datetime, fnmatch, logging, os, re, string, threading, time |
6 | 6 |
7 from autotest_lib.server import autotest, hosts, subcommand | 7 from autotest_lib.server import autotest, hosts, subcommand |
8 from autotest_lib.server import site_bsd_router | 8 from autotest_lib.server import site_bsd_router |
9 from autotest_lib.server import site_linux_router | 9 from autotest_lib.server import site_linux_router |
10 from autotest_lib.server import site_linux_server | 10 from autotest_lib.server import site_linux_server |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
136 self.server = hosts.create_host(server['addr']) | 136 self.server = hosts.create_host(server['addr']) |
137 self.server_at = autotest.Autotest(self.server) | 137 self.server_at = autotest.Autotest(self.server) |
138 # if not specified assume the same as the control address | 138 # if not specified assume the same as the control address |
139 self.server_wifi_ip = server.get('wifi_addr', self.server.ip) | 139 self.server_wifi_ip = server.get('wifi_addr', self.server.ip) |
140 self.__server_discover_commands(server) | 140 self.__server_discover_commands(server) |
141 else: | 141 else: |
142 self.server = None | 142 self.server = None |
143 # NB: wifi address must be set if not reachable from control | 143 # NB: wifi address must be set if not reachable from control |
144 self.server_wifi_ip = server['wifi_addr'] | 144 self.server_wifi_ip = server['wifi_addr'] |
145 | 145 |
146 # hosting_server is a machine which hosts network services, | 146 # The 'hosting_server' is a machine which hosts network |
147 # such as VPN. | 147 # services, such as OpenVPN or StrongSwan. |
148 self.hosting_server = site_linux_server.LinuxServer(self.server, server) | 148 self.hosting_server = site_linux_server.LinuxServer(self.server, server) |
149 | 149 |
150 # potential bg thread for ping untilstop | 150 # potential bg thread for ping untilstop |
151 self.ping_thread = None | 151 self.ping_thread = None |
152 | 152 |
153 # potential bg thread for client network monitoring | 153 # potential bg thread for client network monitoring |
154 self.client_netdump_thread = None | 154 self.client_netdump_thread = None |
155 self.__client_discover_commands(client) | 155 self.__client_discover_commands(client) |
156 self.profile_create({'name':'test'}) | 156 self.profile_create({'name':'test'}) |
157 self.profile_push({'name':'test'}) | 157 self.profile_push({'name':'test'}) |
(...skipping 1073 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1231 'client-key' : path to client key file | 1231 'client-key' : path to client key file |
1232 | 1232 |
1233 'remote-cert-tls' : optional | 1233 'remote-cert-tls' : optional |
1234 If provided, this option can be 'server', 'client' or | 1234 If provided, this option can be 'server', 'client' or |
1235 'none'. | 1235 'none'. |
1236 If not specified, the default is 'none'. | 1236 If not specified, the default is 'none'. |
1237 The value provided is passed directly to 'connect-vpn'. | 1237 The value provided is passed directly to 'connect-vpn'. |
1238 """ | 1238 """ |
1239 self.vpn_client_kill({}) # Must be first. Relies on self.vpn_kind. | 1239 self.vpn_client_kill({}) # Must be first. Relies on self.vpn_kind. |
1240 self.vpn_kind = params.get('kind', None) | 1240 self.vpn_kind = params.get('kind', None) |
1241 vpn_host_ip = params.get('vpn-host-ip', self.server_wifi_ip) | |
1242 | |
1243 # Must get 'ca_certificate', 'client-certificate' and 'client-key'. | |
1244 cert_pathnames = params.get('files', {}) | |
1245 | 1241 |
1246 # Starting up the VPN client may cause the DUT's routing table (esp. | 1242 # Starting up the VPN client may cause the DUT's routing table (esp. |
1247 # the default route) to change. Set up a host route backwards so | 1243 # the default route) to change. Set up a host route backwards so |
1248 # we don't lose our control connection in that event. | 1244 # we don't lose our control connection in that event. |
1249 __add_host_route(self.client) | 1245 self.__add_host_route(self.client) |
1250 | 1246 |
1251 if self.vpn_kind is None: | 1247 if self.vpn_kind is None: |
1252 raise error.TestFail('No VPN kind specified for this test.') | 1248 raise error.TestFail('No VPN kind specified for this test.') |
1253 elif self.vpn_kind == 'openvpn': | 1249 elif self.vpn_kind == 'openvpn': |
| 1250 # 'ca_certificate', 'client-certificate' and 'client-key'. |
| 1251 vpn_host_ip = params.get('vpn-host-ip', |
| 1252 self.server_wifi_ip) |
| 1253 cert_pathnames = params.get('files', {}) |
1254 remote_cert_tls_option = "" | 1254 remote_cert_tls_option = "" |
1255 remote_cert_tls = params.get('remote-cert-tls', None) | 1255 remote_cert_tls = params.get('remote-cert-tls', None) |
1256 | 1256 |
1257 if remote_cert_tls is not None: | 1257 if remote_cert_tls is not None: |
1258 remote_cert_tls_option = "--remote-cert-tls " + remote_cert_tls | 1258 remote_cert_tls_option = "--remote-cert-tls " + remote_cert_tls |
1259 | 1259 |
1260 # connect-vpn openvpn [options] <name> <host-ip> <domain> \ | |
1261 # <cafile> <certfile> <key-file> | |
1262 result = self.client.run('%s/test/connect-vpn ' | 1260 result = self.client.run('%s/test/connect-vpn ' |
1263 '--verbose ' | 1261 '--verbose ' |
1264 '%s ' | 1262 '%s ' |
1265 'openvpn vpn-name %s vpn-domain ' | 1263 'openvpn vpn-name %s vpn-domain ' |
1266 '%s ' # ca certificate | 1264 '%s ' # ca certificate |
1267 '%s ' # client certificate | 1265 '%s ' # client certificate |
1268 '%s' % # client key | 1266 '%s' % # client key |
1269 (self.client_cmd_flimflam_lib, | 1267 (self.client_cmd_flimflam_lib, |
1270 remote_cert_tls_option, | 1268 remote_cert_tls_option, |
1271 vpn_host_ip, | 1269 vpn_host_ip, |
1272 cert_pathnames['ca-certificate'], | 1270 cert_pathnames['ca-certificate'], |
1273 cert_pathnames['client-certificate'], | 1271 cert_pathnames['client-certificate'], |
1274 cert_pathnames['client-key'])) | 1272 cert_pathnames['client-key'])) |
| 1273 elif self.vpn_kind == 'l2tpipsec-psk': |
| 1274 # vpn_host_ip is self.server.ip because that is the |
| 1275 # adapter that ipsec listens on. |
| 1276 vpn_host_ip = params.get('vpn-host-ip', self.server.ip) |
| 1277 password = params.get('password' , None) |
| 1278 chapuser = params.get('chapuser' , None) |
| 1279 chapsecret = params.get('chapsecret', None) |
| 1280 result = self.client.run('%s/test/connect-vpn ' |
| 1281 '--verbose ' |
| 1282 'l2tpipsec-psk vpn-name %s vpn-domain ' |
| 1283 '%s ' # password |
| 1284 '%s ' # chapuser |
| 1285 '%s' % # chapsecret |
| 1286 (self.client_cmd_flimflam_lib, |
| 1287 vpn_host_ip, |
| 1288 password, chapuser, chapsecret)) |
| 1289 elif self.vpn_kind == 'l2tpipsec-cert': |
| 1290 # 'ca_certificate', 'client-certificate' and 'client-key'. |
| 1291 cert_pathnames = params.get('files', {}) |
| 1292 # vpn_host_ip is self.server.ip because that is the |
| 1293 # adapter that ipsec listens on. |
| 1294 vpn_host_ip = params.get('vpn-host-ip', self.server.ip) |
| 1295 result = self.client.run('%s/test/connect-vpn ' |
| 1296 '--verbose ' |
| 1297 'l2tpipsec-cert vpn-name %s vpn-domain ' |
| 1298 '%s ' # ca certificate |
| 1299 '%s ' # client certificate |
| 1300 '%s' % # client key |
| 1301 (self.client_cmd_flimflam_lib, |
| 1302 vpn_host_ip, |
| 1303 cert_pathnames['ca-certificate'], |
| 1304 cert_pathnames['client-certificate'], |
| 1305 cert_pathnames['client-key'])) |
1275 else: | 1306 else: |
1276 raise error.TestFail('(internal error): No launch case ' | 1307 raise error.TestFail('(internal error): No launch case ' |
1277 'for VPN kind (%s)' % self.vpn_kind) | 1308 'for VPN kind (%s)' % self.vpn_kind) |
1278 | 1309 |
1279 def vpn_client_kill(self, params): | 1310 def vpn_client_kill(self, params): |
1280 """ Kill the VPN client if it's running. """ | 1311 """ Kill the VPN client if it's running. """ |
1281 if self.vpn_kind is not None: | 1312 if self.vpn_kind is not None: |
1282 if self.vpn_kind == 'openvpn': | 1313 if self.vpn_kind == 'openvpn': |
1283 self.client.run("pkill openvpn") | 1314 self.client.run("pkill openvpn") |
| 1315 elif (self.vpn_kind == 'l2tpipsec-psk' or |
| 1316 self.vpn_kind == 'l2tpipsec-cert'): |
| 1317 self.client.run("/usr/sbin/ipsec stop") |
1284 else: | 1318 else: |
1285 raise error.TestFail('(internal error): No kill case ' | 1319 raise error.TestFail('(internal error): No kill case ' |
1286 'for VPN kind (%s)' % self.vpn_kind) | 1320 'for VPN kind (%s)' % self.vpn_kind) |
1287 self.vpn_kind = None | 1321 self.vpn_kind = None |
1288 | 1322 |
1289 __del_host_route(self.client) | 1323 self.__del_host_route(self.client) |
1290 | 1324 |
1291 def __add_host_route(self, host): | 1325 def __add_host_route(self, host): |
1292 # What is the local address we use to get to the test host? | 1326 # What is the local address we use to get to the test host? |
1293 local_ip = site_host_route.LocalHostRoute(host.ip).route_info["src"] | 1327 local_ip = site_host_route.LocalHostRoute(host.ip).route_info["src"] |
1294 | 1328 |
1295 # How does the test host currently get to this local address? | 1329 # How does the test host currently get to this local address? |
1296 host_route = site_host_route.RemoteHostRoute(host, local_ip).route_info | 1330 host_route = site_host_route.RemoteHostRoute(host, local_ip).route_info |
1297 | 1331 |
1298 # Flatten the returned dict into a single string | 1332 # Flatten the returned dict into a single string |
1299 route_args = " ".join(" ".join(x) for x in host_route.iteritems()) | 1333 route_args = " ".join(" ".join(x) for x in host_route.iteritems()) |
1300 | 1334 |
1301 self.host_route_args[host.ip] = "%s %s" % (local_ip, route_args) | 1335 self.host_route_args[host.ip] = "%s %s" % (local_ip, route_args) |
1302 host.run("ip route add %s" % self.host_route_args[host.ip]) | 1336 host.run("ip route add %s" % self.host_route_args[host.ip]) |
1303 | 1337 |
1304 def __del_host_route(self, host): | 1338 def __del_host_route(self, host): |
1305 if host.ip not in self.host_route_args: | 1339 if host.ip in self.host_route_args: |
1306 return | 1340 host.run("ip route del %s" % self.host_route_args.pop(host.ip)) |
1307 | |
1308 host.run("ip route del %s" % self.host_route_args.pop(host.ip)) | |
1309 | 1341 |
1310 def host_route_cleanup(self, params): | 1342 def host_route_cleanup(self, params): |
1311 for host in (self.client, self.server, self.router): | 1343 for host in (self.client, self.server, self.router): |
1312 self.__del_host_route(host) | 1344 self.__del_host_route(host) |
1313 | 1345 |
1314 | 1346 |
1315 class HelperThread(threading.Thread): | 1347 class HelperThread(threading.Thread): |
1316 # Class that wraps a ping command in a thread so it can run in the bg. | 1348 # Class that wraps a ping command in a thread so it can run in the bg. |
1317 def __init__(self, client, cmd): | 1349 def __init__(self, client, cmd): |
1318 threading.Thread.__init__(self) | 1350 threading.Thread.__init__(self) |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1439 except error.TestFail: | 1471 except error.TestFail: |
1440 if 'expect_failure' in testcase: | 1472 if 'expect_failure' in testcase: |
1441 self.expect_failure(name, testcase['expect_failure']) | 1473 self.expect_failure(name, testcase['expect_failure']) |
1442 else: | 1474 else: |
1443 raise | 1475 raise |
1444 except Exception, e: | 1476 except Exception, e: |
1445 if 'expect_failure' in testcase: | 1477 if 'expect_failure' in testcase: |
1446 self.expect_failure(name, testcase['expect_failure']) | 1478 self.expect_failure(name, testcase['expect_failure']) |
1447 else: | 1479 else: |
1448 raise | 1480 raise |
OLD | NEW |