wolfip/.github/workflows/linux.yml at f9982fd6bad25df11457bcb2b47dd979bbff7f4b · wolfSSL/wolfip · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Linux interop tests

on:
  push:
    branches: [ 'master', 'main', 'release/**' ]
  pull_request:
    branches: [ '*' ]

jobs:
  linux_test:
    runs-on: ubuntu-latest
    timeout-minutes: 15

    steps:
      - uses: actions/checkout@v4
        with:
          submodules: true

      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y build-essential autoconf automake libtool pkg-config
          sudo modprobe tun

      - name: Clone and build wolfSSL from nightly-snapshot
        run: |
          git clone --depth=1 https://github.com/wolfssl/wolfssl --branch nightly-snapshot /tmp/wolfssl
          cd /tmp/wolfssl
          ./autogen.sh
          ./configure --enable-all --enable-md5
          make -j$(nproc)
          sudo make install
          sudo ldconfig

      - name: Build linux tests
        run: |
          mkdir -p build/port
          make EXTRA_CFLAGS="-DWOLFIP_RAWSOCKETS=1 -DWOLFIP_PACKET_SOCKETS=1"
          make EXTRA_CFLAGS="-DWOLFIP_RAWSOCKETS=1 -DWOLFIP_PACKET_SOCKETS=1" build/raw_ping build/packet_ping

      - name: Run standalone "event loop" test
        timeout-minutes: 5
        run: |
          set -euo pipefail
          timeout --preserve-status 5m sudo ./build/test-evloop
          sudo killall tcpdump || true

      - name: Run standalone "event loop" TUN test
        timeout-minutes: 5
        run: |
          set -euo pipefail
          timeout --preserve-status 5m sudo ./build/test-evloop-tun
          sudo killall tcpdump || true

      - name: Run standalone "IPsec esp" test
        timeout-minutes: 7
        run: |
          set -euo pipefail
          sudo ./tools/ip-xfrm/delete_all || true
          timeout --preserve-status 7m sudo ./tools/ip-xfrm/rfc4106 128
          timeout --preserve-status 7m sudo ./build/test-esp -m 0
          sudo killall tcpdump || true
          sudo ./tools/ip-xfrm/delete_all || true
          timeout --preserve-status 7m sudo ./tools/ip-xfrm/cbc_auth sha256 128
          timeout --preserve-status 7m sudo ./build/test-esp -m 1
          sudo killall tcpdump || true
          sudo ./tools/ip-xfrm/delete_all || true

      - name: Run standalone wolfssl test
        timeout-minutes: 5
        run: |
          set -euo pipefail
          timeout --preserve-status 5m sudo ./build/test-wolfssl
          sudo killall tcpdump || true

      - name: Run standalone forwarding test
        timeout-minutes: 5
        run: |
          set -euo pipefail
          timeout --preserve-status 5m sudo ./build/test-wolfssl-forwarding

      - name: Run standalone TTL expired test
        timeout-minutes: 5
        run: |
          set -euo pipefail
          timeout --preserve-status 5m ./build/test-ttl-expired

      - name: Testing ICMP socket by stealing system calls in ping
        timeout-minutes: 2
        run: |
          set -euo pipefail
          timeout --preserve-status 2m sudo LD_PRELOAD=$PWD/libwolfip.so ping -c 5 10.10.10.1

      - name: Rebuild libwolfip.so with loopback enabled
        run: |
          set -euo pipefail
          rm -f libwolfip.so build/pie/wolfip.o
          make libwolfip.so EXTRA_CFLAGS="-DWOLFIP_ENABLE_LOOPBACK=1"

      - name: Testing ICMP loopback smoke (no TUN/TAP)
        timeout-minutes: 2
        run: |
          set -euo pipefail
          timeout --preserve-status 2m sudo LD_PRELOAD=$PWD/libwolfip.so ping -4 -n -c 5 127.0.0.1

      - name: Testing raw sockets with raw_ping
        timeout-minutes: 2
        run: |
          set -euo pipefail
          timeout --preserve-status 2m sudo ./build/raw_ping 10.10.10.1

      - name: Testing packet sockets with packet_ping
        timeout-minutes: 2
        run: |
          set -euo pipefail
          timeout --preserve-status 2m sudo ./build/packet_ping wtcp0 10.10.10.1

      - name: Install check
        run: |
          sudo apt-get install -y check

      - name: Build unit tests
        run: |
          make unit

      - name: Run unit tests
        timeout-minutes: 5
        run: |
          set -euo pipefail
          timeout --preserve-status 5m build/test/unit

      - name: Build ESP unit tests
        run: |
          make unit-esp

      - name: Run ESP unit tests
        timeout-minutes: 5
        run: |
          set -euo pipefail
          timeout --preserve-status 5m ./build/test/unit-esp

      - name: Cleanup IPsec state
        if: always()
        run: |
          sudo ./tools/ip-xfrm/delete_all || true
          sudo killall tcpdump || true