testing/selftests: add test tool and scripts for ovpn module

F:	Documentation/netlink/specs/ovpn.yaml

F:	drivers/net/ovpn/

F:	include/uapi/linux/ovpn.h

F:	tools/testing/selftests/net/ovpn/

OPENVSWITCH

M:	Aaron Conole <aconole@redhat.com>

TARGETS += net/mptcp

TARGETS += net/netfilter

TARGETS += net/openvswitch

TARGETS += net/ovpn

TARGETS += net/packetdrill

TARGETS += net/rds

TARGETS += net/tcp_ao

# SPDX-License-Identifier: GPL-2.0+

ovpn-cli

# SPDX-License-Identifier: GPL-2.0

# Copyright (C) 2020-2025 OpenVPN, Inc.

#

CFLAGS = -pedantic -Wextra -Wall -Wl,--no-as-needed -g -O0 -ggdb $(KHDR_INCLUDES)

VAR_CFLAGS = $(shell pkg-config --cflags libnl-3.0 libnl-genl-3.0 2>/dev/null)

ifeq ($(VAR_CFLAGS),)

VAR_CFLAGS = -I/usr/include/libnl3

endif

CFLAGS += $(VAR_CFLAGS)

LDLIBS = -lmbedtls -lmbedcrypto

VAR_LDLIBS = $(shell pkg-config --libs libnl-3.0 libnl-genl-3.0 2>/dev/null)

ifeq ($(VAR_LDLIBS),)

VAR_LDLIBS = -lnl-genl-3 -lnl-3

endif

LDLIBS += $(VAR_LDLIBS)

TEST_FILES = common.sh

TEST_PROGS = test.sh \

	test-chachapoly.sh \

	test-tcp.sh \

	test-float.sh \

	test-close-socket.sh \

	test-close-socket-tcp.sh

TEST_GEN_FILES := ovpn-cli

include ../../lib.mk

#!/bin/bash

# SPDX-License-Identifier: GPL-2.0

# Copyright (C) 2020-2025 OpenVPN, Inc.

#

#  Author:	Antonio Quartulli <antonio@openvpn.net>

UDP_PEERS_FILE=${UDP_PEERS_FILE:-udp_peers.txt}

TCP_PEERS_FILE=${TCP_PEERS_FILE:-tcp_peers.txt}

OVPN_CLI=${OVPN_CLI:-./ovpn-cli}

ALG=${ALG:-aes}

PROTO=${PROTO:-UDP}

FLOAT=${FLOAT:-0}

create_ns() {

	ip netns add peer${1}

}

setup_ns() {

	MODE="P2P"

	if [ ${1} -eq 0 ]; then

		MODE="MP"

		for p in $(seq 1 ${NUM_PEERS}); do

			ip link add veth${p} netns peer0 type veth peer name veth${p} netns peer${p}

			ip -n peer0 addr add 10.10.${p}.1/24 dev veth${p}

			ip -n peer0 link set veth${p} up

			ip -n peer${p} addr add 10.10.${p}.2/24 dev veth${p}

			ip -n peer${p} link set veth${p} up

		done

	fi

	ip netns exec peer${1} ${OVPN_CLI} new_iface tun${1} $MODE

	ip -n peer${1} addr add ${2} dev tun${1}

	ip -n peer${1} link set tun${1} up

}

add_peer() {

	if [ "${PROTO}" == "UDP" ]; then

		if [ ${1} -eq 0 ]; then

			ip netns exec peer0 ${OVPN_CLI} new_multi_peer tun0 1 ${UDP_PEERS_FILE}

			for p in $(seq 1 ${NUM_PEERS}); do

				ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 ${ALG} 0 \

					data64.key

			done

		else

			ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} ${1} 1 10.10.${1}.1 1

			ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} ${1} 1 0 ${ALG} 1 \

				data64.key

		fi

	else

		if [ ${1} -eq 0 ]; then

			(ip netns exec peer0 ${OVPN_CLI} listen tun0 1 ${TCP_PEERS_FILE} && {

				for p in $(seq 1 ${NUM_PEERS}); do

					ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 \

						${ALG} 0 data64.key

				done

			}) &

			sleep 5

		else

			ip netns exec peer${1} ${OVPN_CLI} connect tun${1} ${1} 10.10.${1}.1 1 \

				data64.key

		fi

	fi

}

cleanup() {

	# some ovpn-cli processes sleep in background so they need manual poking

	killall $(basename ${OVPN_CLI}) 2>/dev/null || true

	# netns peer0 is deleted without erasing ifaces first

	for p in $(seq 1 10); do

		ip -n peer${p} link set tun${p} down 2>/dev/null || true

		ip netns exec peer${p} ${OVPN_CLI} del_iface tun${p} 2>/dev/null || true

	done

	for p in $(seq 1 10); do

		ip -n peer0 link del veth${p} 2>/dev/null || true

	done

	for p in $(seq 0 10); do

		ip netns del peer${p} 2>/dev/null || true

	done

}

if [ "${PROTO}" == "UDP" ]; then

	NUM_PEERS=${NUM_PEERS:-$(wc -l ${UDP_PEERS_FILE} | awk '{print $1}')}

else

	NUM_PEERS=${NUM_PEERS:-$(wc -l ${TCP_PEERS_FILE} | awk '{print $1}')}

fi