| OLD | NEW |
|---|
| 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
| 4 | 4 |
| 5 import common, datetime, fnmatch, logging, os, re, string, threading, time | 5 import common, datetime, fnmatch, logging, os, re, string, threading, time |
| 6 | 6 |
| 7 from autotest_lib.server import autotest, hosts, subcommand | 7 from autotest_lib.server import autotest, hosts, subcommand |
| 8 from autotest_lib.server import site_bsd_router | 8 from autotest_lib.server import site_bsd_router |
| 9 from autotest_lib.server import site_linux_router | 9 from autotest_lib.server import site_linux_router |
| 10 from autotest_lib.server import site_linux_server | 10 from autotest_lib.server import site_linux_server |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 136 self.server = hosts.create_host(server['addr']) | 136 self.server = hosts.create_host(server['addr']) |
| 137 self.server_at = autotest.Autotest(self.server) | 137 self.server_at = autotest.Autotest(self.server) |
| 138 # if not specified assume the same as the control address | 138 # if not specified assume the same as the control address |
| 139 self.server_wifi_ip = server.get('wifi_addr', self.server.ip) | 139 self.server_wifi_ip = server.get('wifi_addr', self.server.ip) |
| 140 self.__server_discover_commands(server) | 140 self.__server_discover_commands(server) |
| 141 else: | 141 else: |
| 142 self.server = None | 142 self.server = None |
| 143 # NB: wifi address must be set if not reachable from control | 143 # NB: wifi address must be set if not reachable from control |
| 144 self.server_wifi_ip = server['wifi_addr'] | 144 self.server_wifi_ip = server['wifi_addr'] |
| 145 | 145 |
| 146 # hosting_server is a machine which hosts network services, | 146 # The 'hosting_server' is a machine which hosts network |
| 147 # such as VPN. | 147 # services, such as OpenVPN or StrongSwan. |
| 148 self.hosting_server = site_linux_server.LinuxServer(self.server, server) | 148 self.hosting_server = site_linux_server.LinuxServer(self.server, server) |
| 149 | 149 |
| 150 # potential bg thread for ping untilstop | 150 # potential bg thread for ping untilstop |
| 151 self.ping_thread = None | 151 self.ping_thread = None |
| 152 | 152 |
| 153 # potential bg thread for client network monitoring | 153 # potential bg thread for client network monitoring |
| 154 self.client_netdump_thread = None | 154 self.client_netdump_thread = None |
| 155 self.__client_discover_commands(client) | 155 self.__client_discover_commands(client) |
| 156 self.profile_create({'name':'test'}) | 156 self.profile_create({'name':'test'}) |
| 157 self.profile_push({'name':'test'}) | 157 self.profile_push({'name':'test'}) |
| (...skipping 1073 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1231 'client-key' : path to client key file | 1231 'client-key' : path to client key file |
| 1232 | 1232 |
| 1233 'remote-cert-tls' : optional | 1233 'remote-cert-tls' : optional |
| 1234 If provided, this option can be 'server', 'client' or | 1234 If provided, this option can be 'server', 'client' or |
| 1235 'none'. | 1235 'none'. |
| 1236 If not specified, the default is 'none'. | 1236 If not specified, the default is 'none'. |
| 1237 The value provided is passed directly to 'connect-vpn'. | 1237 The value provided is passed directly to 'connect-vpn'. |
| 1238 """ | 1238 """ |
| 1239 self.vpn_client_kill({}) # Must be first. Relies on self.vpn_kind. | 1239 self.vpn_client_kill({}) # Must be first. Relies on self.vpn_kind. |
| 1240 self.vpn_kind = params.get('kind', None) | 1240 self.vpn_kind = params.get('kind', None) |
| 1241 vpn_host_ip = params.get('vpn-host-ip', self.server_wifi_ip) | |
| 1242 | |
| 1243 # Must get 'ca_certificate', 'client-certificate' and 'client-key'. | |
| 1244 cert_pathnames = params.get('files', {}) | |
| 1245 | 1241 |
| 1246 # Starting up the VPN client may cause the DUT's routing table (esp. | 1242 # Starting up the VPN client may cause the DUT's routing table (esp. |
| 1247 # the default route) to change. Set up a host route backwards so | 1243 # the default route) to change. Set up a host route backwards so |
| 1248 # we don't lose our control connection in that event. | 1244 # we don't lose our control connection in that event. |
| 1249 __add_host_route(self.client) | 1245 self.__add_host_route(self.client) |
| 1250 | 1246 |
| 1251 if self.vpn_kind is None: | 1247 if self.vpn_kind is None: |
| 1252 raise error.TestFail('No VPN kind specified for this test.') | 1248 raise error.TestFail('No VPN kind specified for this test.') |
| 1253 elif self.vpn_kind == 'openvpn': | 1249 elif self.vpn_kind == 'openvpn': |
| 1250 # 'ca_certificate', 'client-certificate' and 'client-key'. |
| 1251 vpn_host_ip = params.get('vpn-host-ip', |
| 1252 self.server_wifi_ip) |
| 1253 cert_pathnames = params.get('files', {}) |
| 1254 remote_cert_tls_option = "" | 1254 remote_cert_tls_option = "" |
| 1255 remote_cert_tls = params.get('remote-cert-tls', None) | 1255 remote_cert_tls = params.get('remote-cert-tls', None) |
| 1256 | 1256 |
| 1257 if remote_cert_tls is not None: | 1257 if remote_cert_tls is not None: |
| 1258 remote_cert_tls_option = "--remote-cert-tls " + remote_cert_tls | 1258 remote_cert_tls_option = "--remote-cert-tls " + remote_cert_tls |
| 1259 | 1259 |
| 1260 # connect-vpn openvpn [options] <name> <host-ip> <domain> \ | |
| 1261 # <cafile> <certfile> <key-file> | |
| 1262 result = self.client.run('%s/test/connect-vpn ' | 1260 result = self.client.run('%s/test/connect-vpn ' |
| 1263 '--verbose ' | 1261 '--verbose ' |
| 1264 '%s ' | 1262 '%s ' |
| 1265 'openvpn vpn-name %s vpn-domain ' | 1263 'openvpn vpn-name %s vpn-domain ' |
| 1266 '%s ' # ca certificate | 1264 '%s ' # ca certificate |
| 1267 '%s ' # client certificate | 1265 '%s ' # client certificate |
| 1268 '%s' % # client key | 1266 '%s' % # client key |
| 1269 (self.client_cmd_flimflam_lib, | 1267 (self.client_cmd_flimflam_lib, |
| 1270 remote_cert_tls_option, | 1268 remote_cert_tls_option, |
| 1271 vpn_host_ip, | 1269 vpn_host_ip, |
| 1272 cert_pathnames['ca-certificate'], | 1270 cert_pathnames['ca-certificate'], |
| 1273 cert_pathnames['client-certificate'], | 1271 cert_pathnames['client-certificate'], |
| 1274 cert_pathnames['client-key'])) | 1272 cert_pathnames['client-key'])) |
| 1273 elif self.vpn_kind == 'l2tpipsec-psk': |
| 1274 # vpn_host_ip is self.server.ip because that is the |
| 1275 # adapter that ipsec listens on. |
| 1276 vpn_host_ip = params.get('vpn-host-ip', self.server.ip) |
| 1277 password = params.get('password' , None) |
| 1278 chapuser = params.get('chapuser' , None) |
| 1279 chapsecret = params.get('chapsecret', None) |
| 1280 result = self.client.run('%s/test/connect-vpn ' |
| 1281 '--verbose ' |
| 1282 'l2tpipsec-psk vpn-name %s vpn-domain ' |
| 1283 '%s ' # password |
| 1284 '%s ' # chapuser |
| 1285 '%s' % # chapsecret |
| 1286 (self.client_cmd_flimflam_lib, |
| 1287 vpn_host_ip, |
| 1288 password, chapuser, chapsecret)) |
| 1289 elif self.vpn_kind == 'l2tpipsec-cert': |
| 1290 # 'ca_certificate', 'client-certificate' and 'client-key'. |
| 1291 cert_pathnames = params.get('files', {}) |
| 1292 # vpn_host_ip is self.server.ip because that is the |
| 1293 # adapter that ipsec listens on. |
| 1294 vpn_host_ip = params.get('vpn-host-ip', self.server.ip) |
| 1295 result = self.client.run('%s/test/connect-vpn ' |
| 1296 '--verbose ' |
| 1297 'l2tpipsec-cert vpn-name %s vpn-domain ' |
| 1298 '%s ' # ca certificate |
| 1299 '%s ' # client certificate |
| 1300 '%s' % # client key |
| 1301 (self.client_cmd_flimflam_lib, |
| 1302 vpn_host_ip, |
| 1303 cert_pathnames['ca-certificate'], |
| 1304 cert_pathnames['client-certificate'], |
| 1305 cert_pathnames['client-key'])) |
| 1275 else: | 1306 else: |
| 1276 raise error.TestFail('(internal error): No launch case ' | 1307 raise error.TestFail('(internal error): No launch case ' |
| 1277 'for VPN kind (%s)' % self.vpn_kind) | 1308 'for VPN kind (%s)' % self.vpn_kind) |
| 1278 | 1309 |
| 1279 def vpn_client_kill(self, params): | 1310 def vpn_client_kill(self, params): |
| 1280 """ Kill the VPN client if it's running. """ | 1311 """ Kill the VPN client if it's running. """ |
| 1281 if self.vpn_kind is not None: | 1312 if self.vpn_kind is not None: |
| 1282 if self.vpn_kind == 'openvpn': | 1313 if self.vpn_kind == 'openvpn': |
| 1283 self.client.run("pkill openvpn") | 1314 self.client.run("pkill openvpn") |
| 1315 elif (self.vpn_kind == 'l2tpipsec-psk' or |
| 1316 self.vpn_kind == 'l2tpipsec-cert'): |
| 1317 self.client.run("/usr/sbin/ipsec stop") |
| 1284 else: | 1318 else: |
| 1285 raise error.TestFail('(internal error): No kill case ' | 1319 raise error.TestFail('(internal error): No kill case ' |
| 1286 'for VPN kind (%s)' % self.vpn_kind) | 1320 'for VPN kind (%s)' % self.vpn_kind) |
| 1287 self.vpn_kind = None | 1321 self.vpn_kind = None |
| 1288 | 1322 |
| 1289 __del_host_route(self.client) | 1323 self.__del_host_route(self.client) |
| 1290 | 1324 |
| 1291 def __add_host_route(self, host): | 1325 def __add_host_route(self, host): |
| 1292 # What is the local address we use to get to the test host? | 1326 # What is the local address we use to get to the test host? |
| 1293 local_ip = site_host_route.LocalHostRoute(host.ip).route_info["src"] | 1327 local_ip = site_host_route.LocalHostRoute(host.ip).route_info["src"] |
| 1294 | 1328 |
| 1295 # How does the test host currently get to this local address? | 1329 # How does the test host currently get to this local address? |
| 1296 host_route = site_host_route.RemoteHostRoute(host, local_ip).route_info | 1330 host_route = site_host_route.RemoteHostRoute(host, local_ip).route_info |
| 1297 | 1331 |
| 1298 # Flatten the returned dict into a single string | 1332 # Flatten the returned dict into a single string |
| 1299 route_args = " ".join(" ".join(x) for x in host_route.iteritems()) | 1333 route_args = " ".join(" ".join(x) for x in host_route.iteritems()) |
| 1300 | 1334 |
| 1301 self.host_route_args[host.ip] = "%s %s" % (local_ip, route_args) | 1335 self.host_route_args[host.ip] = "%s %s" % (local_ip, route_args) |
| 1302 host.run("ip route add %s" % self.host_route_args[host.ip]) | 1336 host.run("ip route add %s" % self.host_route_args[host.ip]) |
| 1303 | 1337 |
| 1304 def __del_host_route(self, host): | 1338 def __del_host_route(self, host): |
| 1305 if host.ip not in self.host_route_args: | 1339 if host.ip in self.host_route_args: |
| 1306 return | 1340 host.run("ip route del %s" % self.host_route_args.pop(host.ip)) |
| 1307 | |
| 1308 host.run("ip route del %s" % self.host_route_args.pop(host.ip)) | |
| 1309 | 1341 |
| 1310 def host_route_cleanup(self, params): | 1342 def host_route_cleanup(self, params): |
| 1311 for host in (self.client, self.server, self.router): | 1343 for host in (self.client, self.server, self.router): |
| 1312 self.__del_host_route(host) | 1344 self.__del_host_route(host) |
| 1313 | 1345 |
| 1314 | 1346 |
| 1315 class HelperThread(threading.Thread): | 1347 class HelperThread(threading.Thread): |
| 1316 # Class that wraps a ping command in a thread so it can run in the bg. | 1348 # Class that wraps a ping command in a thread so it can run in the bg. |
| 1317 def __init__(self, client, cmd): | 1349 def __init__(self, client, cmd): |
| 1318 threading.Thread.__init__(self) | 1350 threading.Thread.__init__(self) |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1439 except error.TestFail: | 1471 except error.TestFail: |
| 1440 if 'expect_failure' in testcase: | 1472 if 'expect_failure' in testcase: |
| 1441 self.expect_failure(name, testcase['expect_failure']) | 1473 self.expect_failure(name, testcase['expect_failure']) |
| 1442 else: | 1474 else: |
| 1443 raise | 1475 raise |
| 1444 except Exception, e: | 1476 except Exception, e: |
| 1445 if 'expect_failure' in testcase: | 1477 if 'expect_failure' in testcase: |
| 1446 self.expect_failure(name, testcase['expect_failure']) | 1478 self.expect_failure(name, testcase['expect_failure']) |
| 1447 else: | 1479 else: |
| 1448 raise | 1480 raise |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6765030:
Add automated StrongSwan test (Closed)
Base URL: ssh://gitrw.chromium.org:9222/autotest.git@master