nixos/tests/ulogd.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / ulogd.nix
at 23.11-pre 2.9 kB view raw
 1import ./make-test-python.nix ({ pkgs, lib, ... }: {
 2  name = "ulogd";
 3
 4  meta.maintainers = with lib.maintainers; [ p-h ];
 5
 6  nodes.machine = { ... }: {
 7    networking.firewall.enable = false;
 8    networking.nftables.enable = true;
 9    networking.nftables.ruleset = ''
10      table inet filter {
11        chain input {
12          type filter hook input priority 0;
13          log group 2 accept
14        }
15
16        chain output {
17          type filter hook output priority 0; policy accept;
18          log group 2 accept
19        }
20
21        chain forward {
22          type filter hook forward priority 0; policy drop;
23          log group 2 accept
24        }
25
26      }
27    '';
28    services.ulogd = {
29      enable = true;
30      settings = {
31        global = {
32          logfile = "/var/log/ulogd.log";
33          stack = "log1:NFLOG,base1:BASE,pcap1:PCAP";
34        };
35
36        log1.group = 2;
37
38        pcap1 = {
39          file = "/var/log/ulogd.pcap";
40          sync = 1;
41        };
42      };
43    };
44
45    environment.systemPackages = with pkgs; [
46      tcpdump
47    ];
48  };
49
50  testScript = ''
51    start_all()
52    machine.wait_for_unit("ulogd.service")
53    machine.wait_for_unit("network-online.target")
54
55    with subtest("Ulogd is running"):
56        machine.succeed("pgrep ulogd >&2")
57
58    # All packets show up twice in the logs
59    with subtest("Logs are collected"):
60        machine.succeed("ping -f 127.0.0.1 -c 5 >&2")
61        machine.succeed("sleep 2")
62        machine.wait_until_succeeds("du /var/log/ulogd.pcap >&2")
63        _, echo_request_packets = machine.execute("tcpdump -r /var/log/ulogd.pcap icmp[0] == 8 and host 127.0.0.1")
64        expected, actual = 5*2, len(echo_request_packets.splitlines())
65        assert expected == actual, f"Expected {expected} packets, got: {actual}"
66        _, echo_reply_packets = machine.execute("tcpdump -r /var/log/ulogd.pcap icmp[0] == 0 and host 127.0.0.1")
67        expected, actual = 5*2, len(echo_reply_packets.splitlines())
68        assert expected == actual, f"Expected {expected} packets, got: {actual}"
69
70    with subtest("Reloading service reopens log file"):
71        machine.succeed("mv /var/log/ulogd.pcap /var/log/old_ulogd.pcap")
72        machine.succeed("systemctl reload ulogd.service")
73        machine.succeed("ping -f 127.0.0.1 -c 5 >&2")
74        machine.succeed("sleep 2")
75        _, echo_request_packets = machine.execute("tcpdump -r /var/log/ulogd.pcap icmp[0] == 8 and host 127.0.0.1")
76        expected, actual = 5*2, len(echo_request_packets.splitlines())
77        assert expected == actual, f"Expected {expected} packets, got: {actual}"
78        _, echo_reply_packets = machine.execute("tcpdump -r /var/log/ulogd.pcap icmp[0] == 0 and host 127.0.0.1")
79        expected, actual = 5*2, len(echo_reply_packets.splitlines())
80        assert expected == actual, f"Expected {expected} packets, got: {actual}"
81  '';
82})