diff options
Diffstat (limited to 'nixpkgs/nixos/tests/systemd-networkd-vrf.nix')
-rw-r--r-- | nixpkgs/nixos/tests/systemd-networkd-vrf.nix | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/nixpkgs/nixos/tests/systemd-networkd-vrf.nix b/nixpkgs/nixos/tests/systemd-networkd-vrf.nix index af7813a2e60..bd4751f8e43 100644 --- a/nixpkgs/nixos/tests/systemd-networkd-vrf.nix +++ b/nixpkgs/nixos/tests/systemd-networkd-vrf.nix @@ -159,6 +159,8 @@ in { node2.wait_for_unit("network.target") node3.wait_for_unit("network.target") + # NOTE: please keep in mind that the trailing whitespaces in the following strings + # are intentional as the output is compared against the raw `iproute2`-output. client_ipv4_table = """ 192.168.1.2 dev vrf1 proto static metric 100 192.168.2.3 dev vrf2 proto static metric 100 @@ -194,18 +196,16 @@ in { client.succeed("ping -c5 192.168.1.2") client.succeed("ping -c5 192.168.2.3") - # Test whether SSH through a VRF IP is possible. - # (Note: this seems to be an issue on Linux 5.x, so I decided to add this to - # ensure that we catch this when updating the default kernel). - # with subtest("tcp traffic through vrf works"): - # node1.wait_for_open_port(22) - # client.succeed( - # "cat ${snakeOilPrivateKey} > privkey.snakeoil" - # ) - # client.succeed("chmod 600 privkey.snakeoil") - # client.succeed( - # "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil root@192.168.1.2 true" - # ) + # Test whether TCP through a VRF IP is possible. + with subtest("tcp traffic through vrf works"): + node1.wait_for_open_port(22) + client.succeed( + "cat ${snakeOilPrivateKey} > privkey.snakeoil" + ) + client.succeed("chmod 600 privkey.snakeoil") + client.succeed( + "ulimit -l 2048; ip vrf exec vrf1 ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil root@192.168.1.2 true" + ) # Only configured routes through the VRF from the main routing table should # work. Additional IPs are only reachable when binding to the vrf interface. |