Skip to content

Commit eaaf893

Browse files
committed
test: verify mDNS allow/deny interfaces
Signed-off-by: Joachim Wiberg <[email protected]>
1 parent 1148281 commit eaaf893

File tree

3 files changed

+200
-1
lines changed

3 files changed

+200
-1
lines changed

test/case/infix_services/infix_services.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,6 @@
66
# are transparent with respect to IEEE link-local multicast.
77
#- name: services_basic
88
# case: services_basic/test.py
9-
[]
9+
10+
- name: mdns_allow_deny
11+
case: mdns_allow_deny/test.py
Lines changed: 171 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,171 @@
1+
#!/usr/bin/env python3
2+
"""mDNS allow/deny interfaces
3+
4+
Verify the mDNS responder interface allow/deny configuration.
5+
6+
.---------------------------.
7+
| | DUT
8+
'--p1--------p2--------p3---'
9+
| | |
10+
| | | 10.0.p.0/24
11+
| | |
12+
.-eth1------eth2------eth3--.
13+
| | HOST
14+
'---------------------------'
15+
16+
Both settings can be used independently and in concert. We
17+
verify operation with three scenarios:
18+
19+
1. Allow p2, no mDNS traffic should be received on p1 and p3
20+
2. Deny p2, mDNS traffic should only be received on p1 and p3
21+
3. Allow p1 and p3, deny p2 and p3, traffic only on p1
22+
23+
"""
24+
25+
import time
26+
import infamy
27+
from infamy.util import parallel
28+
29+
30+
def mdns_scan(tgt):
31+
"""Trigger Avahi to send traffic on allowed interfaces"""
32+
time.sleep(2)
33+
tgt.runsh("logger -t scan 'calling avahi-browse ...'")
34+
tgt.runsh("avahi-browse -lat")
35+
36+
37+
def check(ns, expr, must):
38+
"""Wrap netns.must_receive() with common defaults"""
39+
return ns.must_receive(expr, timeout=3, must=must)
40+
41+
42+
with infamy.Test() as test:
43+
with test.step("Set up topology and attach to target DUT"):
44+
env = infamy.Env()
45+
dut = env.attach("dut", "mgmt")
46+
ssh = env.attach("dut", "mgmt", "ssh")
47+
_, p1 = env.ltop.xlate("dut", "p1")
48+
_, p2 = env.ltop.xlate("dut", "p2")
49+
_, p3 = env.ltop.xlate("dut", "p3")
50+
_, eth1 = env.ltop.xlate("host", "eth1")
51+
_, eth2 = env.ltop.xlate("host", "eth2")
52+
_, eth3 = env.ltop.xlate("host", "eth3")
53+
54+
with test.step("Configure device"):
55+
dut.put_config_dicts(
56+
{
57+
"ietf-interfaces": {
58+
"interfaces": {
59+
"interface": [
60+
{
61+
"name": p1,
62+
"enabled": True,
63+
"ipv4": {
64+
"address": [
65+
{
66+
"ip": "10.0.1.1",
67+
"prefix-length": 24
68+
}
69+
]
70+
}
71+
72+
},
73+
{
74+
"name": p2,
75+
"enabled": True,
76+
"ipv4": {
77+
"address": [
78+
{
79+
"ip": "10.0.2.1",
80+
"prefix-length": 24
81+
}
82+
]
83+
}
84+
85+
},
86+
{
87+
"name": p3,
88+
"enabled": True,
89+
"ipv4": {
90+
"address": [
91+
{
92+
"ip": "10.0.3.1",
93+
"prefix-length": 24
94+
}
95+
]
96+
}
97+
98+
},
99+
]
100+
}
101+
},
102+
"ietf-system": {
103+
"system": {
104+
"hostname": "dut"
105+
}
106+
},
107+
"infix-services": {
108+
"mdns": {
109+
"enabled": True
110+
}
111+
}
112+
}
113+
)
114+
115+
with infamy.IsolatedMacVlan(eth1) as ns1, \
116+
infamy.IsolatedMacVlan(eth2) as ns2, \
117+
infamy.IsolatedMacVlan(eth3) as ns3:
118+
ns1.addip("10.0.1.2")
119+
ns2.addip("10.0.2.2")
120+
ns3.addip("10.0.3.2")
121+
122+
EXPR1 = "host 10.0.1.1 and port 5353"
123+
EXPR2 = "host 10.0.2.1 and port 5353"
124+
EXPR3 = "host 10.0.3.1 and port 5353"
125+
126+
with test.step("Allow mDNS on a single interface: p2"):
127+
dut.put_config_dict("infix-services", {
128+
"mdns": {
129+
"interfaces": {
130+
"allow": [p2],
131+
}
132+
}
133+
})
134+
135+
parallel(lambda: mdns_scan(ssh),
136+
lambda: check(ns1, EXPR1, False),
137+
lambda: check(ns2, EXPR2, True),
138+
lambda: check(ns3, EXPR3, False))
139+
140+
with test.step("Deny mDNS on a single interface: p2"):
141+
dut.delete_xpath("/infix-services:mdns/interfaces")
142+
dut.put_config_dict("infix-services", {
143+
"mdns": {
144+
"interfaces": {
145+
"deny": [p2],
146+
}
147+
}
148+
})
149+
150+
parallel(lambda: mdns_scan(ssh),
151+
lambda: check(ns1, EXPR1, True),
152+
lambda: check(ns2, EXPR2, False),
153+
lambda: check(ns3, EXPR3, True))
154+
155+
with test.step("Allow mDNS on p1, p3 deny on p2, p3"):
156+
dut.delete_xpath("/infix-services:mdns/interfaces")
157+
dut.put_config_dict("infix-services", {
158+
"mdns": {
159+
"interfaces": {
160+
"allow": [p1, p3],
161+
"deny": [p2, p3],
162+
}
163+
}
164+
})
165+
166+
parallel(lambda: mdns_scan(ssh),
167+
lambda: check(ns1, EXPR1, True),
168+
lambda: check(ns2, EXPR2, False),
169+
lambda: check(ns3, EXPR3, False))
170+
171+
test.succeed()
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
graph "1x4" {
2+
layout="neato";
3+
overlap="false";
4+
esep="+80";
5+
6+
node [shape=record, fontname="DejaVu Sans Mono, Book"];
7+
edge [color="cornflowerblue", penwidth="2", fontname="DejaVu Serif, Book"];
8+
9+
host [
10+
label="host | { <mgmt> mgmt | <eth1> eth1 | <eth2> eth2 | <eth3> eth3 }",
11+
pos="0,12!",
12+
kind="controller",
13+
];
14+
15+
dut [
16+
label="{ <mgmt> mgmt | <p1> p1 | <p2> p2 | <p3> p3 } | dut \n\n(br0)\n10.0.p.1/24",
17+
pos="10,12!",
18+
19+
kind="infix",
20+
];
21+
22+
host:mgmt -- dut:mgmt [kind=mgmt, color="lightgray"]
23+
host:eth1 -- dut:p1 [color=black, fontcolor=black, taillabel="10.0.1.2/24"]
24+
host:eth2 -- dut:p2 [color=black, fontcolor=black, taillabel="10.0.2.2/24"]
25+
host:eth3 -- dut:p3 [color=black, fontcolor=black, taillabel="10.0.3.2/24"]
26+
}

0 commit comments

Comments
 (0)