Networking helper utilities for multimachine openQA tests involving IPsec, L2TP, routing, and general tunnel configuration.
get_net_prefix_len(net => '2001:db8::/64');Return the prefix length extracted from a address/prefix string. Returns undef if no prefix is present.
add_ipv6_addr(ip => '2001:db8::1', dev => 'eth0', plen => 64);Assign an IPv6 address with prefix length to an interface. Defaults: - dev: result of iface() - plen: 64
add_ipv6_route(dst => '2001:db8:2::/64', via => '2001:db8::1');Add an IPv6 route using ip -6 route add.
add_ipv4_addr(ip => '192.0.2.10', dev => 'eth0', plen => 24);Assign an IPv4 address with prefix length to an interface. Defaults: - dev: result of iface() - plen: 24
add_ipv4_route(dst => '192.0.2.0/24', via => '192.0.2.1');Add an IPv4 route using ip route add.
check_ipv6_addr();Wait until the system obtains a usable IPv6 address. The function checks for: - presence of a link-local fe80:: address - address no longer in tentative state
Waits up to 50 seconds (10 attempts * 5 seconds).
flush_xfrm();Flush all existing XFRM state and policy entries. Useful when resetting IPsec configuration between test phases.
my %params = build_ipsec_params(
aead => q('rfc4309(ccm(aes))'),
replay => 96,
);Return a hash of IPsec/XFRM configuration parameters (crypto algorithm, SPI, keys, replay tag size, etc.). Test authors may override any field.
install_ipsec_state(
%params,
local_ip => '2001:db8::1',
remote_ip => '2001:db8::2',
);Install ESP outbound and inbound Security Associations (SAs) using the provided IPsec parameters and tunnel endpoint IPs.
install_ipsec_policies(
%params,
local_ip => '2001:db8::1',
remote_ip => '2001:db8::2',
new_local_net => '2001:db8:100::/64',
new_remote_net => '2001:db8:200::/64',
);Install inbound and outbound XFRM policies that link traffic selectors (new_local_net -> new_remote_net) to the IPsec state installed earlier.
dump_ipsec_debug();Record detailed debugging information about IPsec state, policy, and IPv6 routing. Useful for post-failure diagnostics.
validate_ipsec_tcpdump($dump, $setup, $devname);Validate that tcpdump output on a given device contains ESP packets with the expected SPI.
validate_tcpdump(
dump => $dump,
check => 'esp' | ['esp','pmtud'],
spi => '0x12345678',
mtu => 1300,
dev => 'ens4'
);Validate tcpdump output for expected IPsec traffic patterns.
Supported checks:
- esp: Verify that ESP packets are present and match the expected SPI. - pmtud: Verify that ICMPv6 Packet Too Big messages appear with the expected MTU.
If multiple checks are requested, all of them must be found in the dump. Missing patterns cause the test to fail via record_info(..., result = 'fail')>.
capture_tcpdump($dev);
capture_tcpdump($dev, $timeout);Run tcpdump on the given network interface $dev for a limited duration (using the timeout command) and return the captured packet output as a string.
Arguments:
$dev - Network interface to capture on (e.g. eth0).
$timeout - Optional duration in seconds to run tcpdump (defaults to 10).
The function always uses tcpdump -n (numeric output) and sets proceed_on_failure = 1> so that failed or empty captures do not abort the test module.