Re: [RFC net-next 11/13] selftests: ovpn: add test for bound device

2025-11-21, 01:20:42 +0100, Antonio Quartulli wrote:

From: Ralf Lici ralf@mandelbit.com

Add a selftest to verify that when a socket is bound to a device, UDP traffic from ovpn is correctly routed through the specified interface.

The test sets up a P2P session between two peers in separate network namespaces, connected via two veth pairs. It binds to both veth interfaces and uses tcpdump to confirm that traffic flows through the expected paths.

The current setup doesn't really test that, since it would also work without SO_BINDTODEVICE (traffic still flows through the expected veth if I pass "any" instead of veth1/veth2 to the new_peer commands).

[...]

diff --git a/tools/testing/selftests/net/ovpn/common.sh b/tools/testing/selftests/net/ovpn/common.sh index d926413c9f16..c802e4e50054 100644 --- a/tools/testing/selftests/net/ovpn/common.sh +++ b/tools/testing/selftests/net/ovpn/common.sh @@ -66,9 +66,11 @@ setup_listener() { } add_peer() {

• dev=${2:-"any"}

nit: no user of add_peer is patched to pass this extra argument

diff --git a/tools/testing/selftests/net/ovpn/test-bind.sh b/tools/testing/selftests/net/ovpn/test-bind.sh new file mode 100755 index 000000000000..fd7c3c8fdf63 --- /dev/null +++ b/tools/testing/selftests/net/ovpn/test-bind.sh @@ -0,0 +1,103 @@

[...]

+run_bind_test() {

• dev1=${1}
• dev2=${2}
• raddr4_peer1=${3}
• raddr4_peer2=${4}
• touch /tmp/ovpn-bind1.log
• touch /tmp/ovpn-bind2.log
• ip netns exec peer1 ${OVPN_CLI} del_peer tun1 1 2>/dev/null || true
• ip netns exec peer2 ${OVPN_CLI} del_peer tun2 10 2>/dev/null || true
• # close any active socket
• killall $(basename ${OVPN_CLI}) 2>/dev/null || true
• ip netns exec peer1 ${OVPN_CLI} new_peer tun1 ${dev1} 1 10 1 ${raddr4_peer1} 1
• ip netns exec peer1 ${OVPN_CLI} new_key tun1 1 1 0 ${ALG} 0 data64.key
• ip netns exec peer2 ${OVPN_CLI} new_peer tun2 ${dev2} 10 1 1 ${raddr4_peer2} 1
• ip netns exec peer2 ${OVPN_CLI} new_key tun2 10 1 0 ${ALG} 1 data64.key
• ip netns exec peer1 ${OVPN_CLI} set_peer tun1 1 60 120
• ip netns exec peer2 ${OVPN_CLI} set_peer tun2 10 60 120
• timeout 2 ip netns exec peer1 tcpdump -i veth1 "${PROTO,,}" port 1 -n -q > /tmp/ovpn-bind1.log &

Maybe add 2> /dev/null to clean up a bit the script output?

• tcpdump1_pid=$!
• timeout 2 ip netns exec peer1 tcpdump -i veth2 "${PROTO,,}" port 1 -n -q > /tmp/ovpn-bind2.log &
• tcpdump2_pid=$!
• sleep 0.5
• ip netns exec peer1 ping -qfc 50 -w 1 5.5.5.2
• wait ${tcpdump1_pid} || true
• wait ${tcpdump2_pid} || true

+}

+run_bind_test veth1 any 10.10.10.2 10.10.10.1 +[ "$(grep -c -i udp /tmp/ovpn-bind1.log)" -ge 100 ] +[ "$(grep -c -i udp /tmp/ovpn-bind2.log)" -eq 0 ]

+run_bind_test veth2 any 20.20.20.2 20.20.20.1 +[ "$(grep -c -i udp /tmp/ovpn-bind2.log)" -ge 100 ] +[ "$(grep -c -i udp /tmp/ovpn-bind1.log)" -eq 0 ]

+run_bind_test any veth1 10.10.10.2 10.10.10.1 +[ "$(grep -c -i udp /tmp/ovpn-bind1.log)" -ge 100 ] +[ "$(grep -c -i udp /tmp/ovpn-bind2.log)" -eq 0 ]

+run_bind_test any veth2 20.20.20.2 20.20.20.1 +[ "$(grep -c -i udp /tmp/ovpn-bind2.log)" -ge 100 ] +[ "$(grep -c -i udp /tmp/ovpn-bind1.log)" -eq 0 ]

+cleanup

And also clean up the log files? (maybe via "trap <function> EXIT" so that they get removed as well if the test fails)