test-network: add tests for [DHCPv4] AllowList= and DenyList=

We have not tested if the settings actually filter DHCP servers. Let's add a test case for the settings. Note, the .network file used here has been unused since 0730e3767d91e020985dc5c7c2178460f627581a. So, we can freely reuse it without changing other test cases. Closes #30107.
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2023-11-21 19:35:21 +0100
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2023-11-21 21:37:04 +0100
commit: b65c539088a2ab4cb977d6bd7adba2e8a4c4c90f (patch)
tree: 61374453dc2a0ad2143bc34515007e0f4812b4bd /test
parent: systemctl: fix typo (diff)
download: systemd-b65c539088a2ab4cb977d6bd7adba2e8a4c4c90f.tar.xz
systemd-b65c539088a2ab4cb977d6bd7adba2e8a4c4c90f.zip
4 files changed, 59 insertions, 3 deletions
diff --git a/test/test-network/conf/25-dhcp-client-allow-list.network b/test/test-network/conf/25-dhcp-client-allow-list.network
index b8a49a0378..904e18a81b 100644
--- a/test/test-network/conf/25-dhcp-client-allow-list.network
+++ b/test/test-network/conf/25-dhcp-client-allow-list.network
@@ -8,5 +8,5 @@ IPv6AcceptRA=false
 
 [DHCPv4]
 # DenyList= will be ignored
-AllowList=192.168.5.0/24 192.168.6.0/24
+AllowList=192.168.6.0/24
 DenyList=192.168.5.0/24
diff --git a/test/test-network/conf/25-dhcp-client-allow-list.network.d/00-allow-list.conf b/test/test-network/conf/25-dhcp-client-allow-list.network.d/00-allow-list.conf
new file mode 100644
index 0000000000..9204d14c15
--- /dev/null
+++ b/test/test-network/conf/25-dhcp-client-allow-list.network.d/00-allow-list.conf
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[DHCPv4]
+# test without prefix length
+AllowList=
+AllowList=192.168.6.1
diff --git a/test/test-network/conf/25-dhcp-client-allow-list.network.d/10-deny-list.conf b/test/test-network/conf/25-dhcp-client-allow-list.network.d/10-deny-list.conf
new file mode 100644
index 0000000000..0c15d23e8e
--- /dev/null
+++ b/test/test-network/conf/25-dhcp-client-allow-list.network.d/10-deny-list.conf
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[DHCPv4]
+# Unset AllowList= to make DenyList= will be used.
+AllowList=
diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
index 041dfd313b..f49438ecd1 100755
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -6,6 +6,7 @@
 # simply run this file which can be found in the VM at /usr/lib/systemd/tests/testdata/test-network/systemd-networkd-tests.py.
 
 import argparse
+import datetime
 import errno
 import itertools
 import json
@@ -699,10 +700,16 @@ def radvd_check_config(config_file):
 def networkd_invocation_id():
     return check_output('systemctl show --value -p InvocationID systemd-networkd.service')
 
-def read_networkd_log(invocation_id=None):
+def read_networkd_log(invocation_id=None, since=None):
     if not invocation_id:
         invocation_id = networkd_invocation_id()
-    return check_output('journalctl _SYSTEMD_INVOCATION_ID=' + invocation_id)
+    command = [
+        'journalctl',
+        f'_SYSTEMD_INVOCATION_ID={invocation_id}',
+    ]
+    if since:
+        command.append(f'--since={since}')
+    return check_output(*command)
 
 def stop_networkd(show_logs=True):
     if show_logs:
@@ -5590,6 +5597,46 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
         print(f"State = {state}")
         self.assertEqual(state, 'bound')
 
+    def test_dhcp_client_allow_list(self):
+        copy_network_unit('25-veth.netdev', '25-dhcp-server-veth-peer.network', '25-dhcp-client-allow-list.network', copy_dropins=False)
+
+        start_networkd()
+        self.wait_online(['veth-peer:carrier'])
+        since = datetime.datetime.now()
+        start_dnsmasq()
+
+        expect = 'veth99: DHCPv4 server IP address 192.168.5.1 not found in allow-list, ignoring offer.'
+        for _ in range(20):
+            if expect in read_networkd_log(since=since):
+                break
+            time.sleep(0.5)
+        else:
+            self.fail()
+
+        copy_network_unit('25-dhcp-client-allow-list.network.d/00-allow-list.conf')
+        since = datetime.datetime.now()
+        networkctl_reload()
+
+        expect = 'veth99: DHCPv4 server IP address 192.168.5.1 not found in allow-list, ignoring offer.'
+        for _ in range(20):
+            if expect in read_networkd_log(since=since):
+                break
+            time.sleep(0.5)
+        else:
+            self.fail()
+
+        copy_network_unit('25-dhcp-client-allow-list.network.d/10-deny-list.conf')
+        since = datetime.datetime.now()
+        networkctl_reload()
+
+        expect = 'veth99: DHCPv4 server IP address 192.168.5.1 found in deny-list, ignoring offer.'
+        for _ in range(20):
+            if expect in read_networkd_log(since=since):
+                break
+            time.sleep(0.5)
+        else:
+            self.fail()
+
     @unittest.skipUnless("--dhcp-rapid-commit" in run("dnsmasq --help").stdout, reason="dnsmasq is missing dhcp-rapid-commit support")
     def test_dhcp_client_rapid_commit(self):
         copy_network_unit('25-veth.netdev', '25-dhcp-server-veth-peer.network', '25-dhcp-client.network')
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2023-11-21 19:35:21 +0100
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2023-11-21 21:37:04 +0100
commit	b65c539088a2ab4cb977d6bd7adba2e8a4c4c90f (patch)
tree	61374453dc2a0ad2143bc34515007e0f4812b4bd /test
parent	systemctl: fix typo (diff)
download	systemd-b65c539088a2ab4cb977d6bd7adba2e8a4c4c90f.tar.xz systemd-b65c539088a2ab4cb977d6bd7adba2e8a4c4c90f.zip