]> git.ipfire.org Git - thirdparty/kernel/stable.git/blame - tools/testing/selftests/net/fcnal-test.sh
projects / thirdparty / kernel / stable.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fcnal-test: Add TCP MD5 tests for VRF
[thirdparty/kernel/stable.git] / tools / testing / selftests / net / fcnal-test.sh
CommitLineData
6f9d5cac
DA		 1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5#
6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7# for various permutations:
8# 1. icmp, tcp, udp and netfilter
9# 2. client, server, no-server
10# 3. global address on interface
11# 4. global address on 'lo'
12# 5. remote and local traffic
13# 6. VRF and non-VRF permutations
14#
15# Setup:
16# ns-A | ns-B
17# No VRF case:
18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
19# remote address
20# VRF case:
21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
22#
23# ns-A:
24# eth1: 172.16.1.1/24, 2001:db8:1::1/64
25# lo: 127.0.0.1/8, ::1/128
26# 172.16.2.1/32, 2001:db8:2::1/128
27# red: 127.0.0.1/8, ::1/128
28# 172.16.3.1/32, 2001:db8:3::1/128
29#
30# ns-B:
31# eth1: 172.16.1.2/24, 2001:db8:1::2/64
32# lo2: 127.0.0.1/8, ::1/128
33# 172.16.2.2/32, 2001:db8:2::2/128
34#
5cad8bce
DA		 35# ns-A to ns-C connection - only for VRF and same config
36# as ns-A to ns-B
37#
6f9d5cac
DA		 38# server / client nomenclature relative to ns-A
39
40VERBOSE=0
41
42NSA_DEV=eth1
5cad8bce 43NSA_DEV2=eth2
6f9d5cac 44NSB_DEV=eth1
5cad8bce 45NSC_DEV=eth2
6f9d5cac
DA		 46VRF=red
47VRF_TABLE=1101
48
49# IPv4 config
50NSA_IP=172.16.1.1
51NSB_IP=172.16.1.2
52VRF_IP=172.16.3.1
f0bee1eb 53NS_NET=172.16.1.0/24
6f9d5cac
DA		 54
55# IPv6 config
56NSA_IP6=2001:db8:1::1
57NSB_IP6=2001:db8:1::2
58VRF_IP6=2001:db8:3::1
f0bee1eb 59NS_NET6=2001:db8:1::/120
6f9d5cac
DA		 60
61NSA_LO_IP=172.16.2.1
62NSB_LO_IP=172.16.2.2
63NSA_LO_IP6=2001:db8:2::1
64NSB_LO_IP6=2001:db8:2::2
65
f0bee1eb
DA		 66MD5_PW=abc123
67MD5_WRONG_PW=abc1234
68
6f9d5cac
DA		 69MCAST=ff02::1
70# set after namespace create
71NSA_LINKIP6=
72NSB_LINKIP6=
73
74NSA=ns-A
75NSB=ns-B
5cad8bce 76NSC=ns-C
6f9d5cac
DA		 77
78NSA_CMD="ip netns exec ${NSA}"
79NSB_CMD="ip netns exec ${NSB}"
5cad8bce 80NSC_CMD="ip netns exec ${NSC}"
6f9d5cac
DA		 81
82which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
83
84################################################################################
85# utilities
86
87log_test()
88{
89 local rc=$1
90 local expected=$2
91 local msg="$3"
92
93 [ "${VERBOSE}" = "1" ] && echo
94
95 if [ ${rc} -eq ${expected} ]; then
96 nsuccess=$((nsuccess+1))
97 printf "TEST: %-70s [ OK ]\n" "${msg}"
98 else
99 nfail=$((nfail+1))
100 printf "TEST: %-70s [FAIL]\n" "${msg}"
101 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
102 echo
103 echo "hit enter to continue, 'q' to quit"
104 read a
105 [ "$a" = "q" ] && exit 1
106 fi
107 fi
108
109 if [ "${PAUSE}" = "yes" ]; then
110 echo
111 echo "hit enter to continue, 'q' to quit"
112 read a
113 [ "$a" = "q" ] && exit 1
114 fi
115
116 kill_procs
117}
118
119log_test_addr()
120{
121 local addr=$1
122 local rc=$2
123 local expected=$3
124 local msg="$4"
125 local astr
126
127 astr=$(addr2str ${addr})
128 log_test $rc $expected "$msg - ${astr}"
129}
130
131log_section()
132{
133 echo
134 echo "###########################################################################"
135 echo "$*"
136 echo "###########################################################################"
137 echo
138}
139
140log_subsection()
141{
142 echo
143 echo "#################################################################"
144 echo "$*"
145 echo
146}
147
148log_start()
149{
150 # make sure we have no test instances running
151 kill_procs
152
153 if [ "${VERBOSE}" = "1" ]; then
154 echo
155 echo "#######################################################"
156 fi
157}
158
159log_debug()
160{
161 if [ "${VERBOSE}" = "1" ]; then
162 echo
163 echo "$*"
164 echo
165 fi
166}
167
168show_hint()
169{
170 if [ "${VERBOSE}" = "1" ]; then
171 echo "HINT: $*"
172 echo
173 fi
174}
175
176kill_procs()
177{
178 killall nettest ping ping6 >/dev/null 2>&1
179 sleep 1
180}
181
182do_run_cmd()
183{
184 local cmd="$*"
185 local out
186
187 if [ "$VERBOSE" = "1" ]; then
188 echo "COMMAND: ${cmd}"
189 fi
190
191 out=$($cmd 2>&1)
192 rc=$?
193 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
194 echo "$out"
195 fi
196
197 return $rc
198}
199
200run_cmd()
201{
202 do_run_cmd ${NSA_CMD} $*
203}
204
205run_cmd_nsb()
206{
207 do_run_cmd ${NSB_CMD} $*
208}
209
5cad8bce
DA		 210run_cmd_nsc()
211{
212 do_run_cmd ${NSC_CMD} $*
213}
214
6f9d5cac
DA		 215setup_cmd()
216{
217 local cmd="$*"
218 local rc
219
220 run_cmd ${cmd}
221 rc=$?
222 if [ $rc -ne 0 ]; then
223 # show user the command if not done so already
224 if [ "$VERBOSE" = "0" ]; then
225 echo "setup command: $cmd"
226 fi
227 echo "failed. stopping tests"
228 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
229 echo
230 echo "hit enter to continue"
231 read a
232 fi
233 exit $rc
234 fi
235}
236
237setup_cmd_nsb()
238{
239 local cmd="$*"
240 local rc
241
242 run_cmd_nsb ${cmd}
243 rc=$?
244 if [ $rc -ne 0 ]; then
245 # show user the command if not done so already
246 if [ "$VERBOSE" = "0" ]; then
247 echo "setup command: $cmd"
248 fi
249 echo "failed. stopping tests"
250 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
251 echo
252 echo "hit enter to continue"
253 read a
254 fi
255 exit $rc
256 fi
257}
258
259# set sysctl values in NS-A
260set_sysctl()
261{
262 echo "SYSCTL: $*"
263 echo
264 run_cmd sysctl -q -w $*
265}
266
267################################################################################
268# Setup for tests
269
270addr2str()
271{
272 case "$1" in
273 127.0.0.1) echo "loopback";;
274 ::1) echo "IPv6 loopback";;
275
276 ${NSA_IP}) echo "ns-A IP";;
277 ${NSA_IP6}) echo "ns-A IPv6";;
278 ${NSA_LO_IP}) echo "ns-A loopback IP";;
279 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
280 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
281
282 ${NSB_IP}) echo "ns-B IP";;
283 ${NSB_IP6}) echo "ns-B IPv6";;
284 ${NSB_LO_IP}) echo "ns-B loopback IP";;
285 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
286 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
287
288 ${VRF_IP}) echo "VRF IP";;
289 ${VRF_IP6}) echo "VRF IPv6";;
290
291 ${MCAST}%*) echo "multicast IP";;
292
293 *) echo "unknown";;
294 esac
295}
296
297get_linklocal()
298{
299 local ns=$1
300 local dev=$2
301 local addr
302
303 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
304 awk '{
305 for (i = 3; i <= NF; ++i) {
306 if ($i ~ /^fe80/)
307 print $i
308 }
309 }'
310 )
311 addr=${addr/\/*}
312
313 [ -z "$addr" ] && return 1
314
315 echo $addr
316
317 return 0
318}
319
320################################################################################
321# create namespaces and vrf
322
323create_vrf()
324{
325 local ns=$1
326 local vrf=$2
327 local table=$3
328 local addr=$4
329 local addr6=$5
330
331 ip -netns ${ns} link add ${vrf} type vrf table ${table}
332 ip -netns ${ns} link set ${vrf} up
333 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
334 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
335
336 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
337 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
338 if [ "${addr}" != "-" ]; then
339 ip -netns ${ns} addr add dev ${vrf} ${addr}
340 fi
341 if [ "${addr6}" != "-" ]; then
342 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
343 fi
344
345 ip -netns ${ns} ru del pref 0
346 ip -netns ${ns} ru add pref 32765 from all lookup local
347 ip -netns ${ns} -6 ru del pref 0
348 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
349}
350
351create_ns()
352{
353 local ns=$1
354 local addr=$2
355 local addr6=$3
356
357 ip netns add ${ns}
358
359 ip -netns ${ns} link set lo up
360 if [ "${addr}" != "-" ]; then
361 ip -netns ${ns} addr add dev lo ${addr}
362 fi
363 if [ "${addr6}" != "-" ]; then
364 ip -netns ${ns} -6 addr add dev lo ${addr6}
365 fi
366
367 ip -netns ${ns} ro add unreachable default metric 8192
368 ip -netns ${ns} -6 ro add unreachable default metric 8192
369
370 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
371 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
372 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
373 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
374}
375
376# create veth pair to connect namespaces and apply addresses.
377connect_ns()
378{
379 local ns1=$1
380 local ns1_dev=$2
381 local ns1_addr=$3
382 local ns1_addr6=$4
383 local ns2=$5
384 local ns2_dev=$6
385 local ns2_addr=$7
386 local ns2_addr6=$8
387
388 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
389 ip -netns ${ns1} li set ${ns1_dev} up
390 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
391 ip -netns ${ns2} li set ${ns2_dev} up
392
393 if [ "${ns1_addr}" != "-" ]; then
394 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
395 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
396 fi
397
398 if [ "${ns1_addr6}" != "-" ]; then
399 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
400 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
401 fi
402}
403
404cleanup()
405{
406 # explicit cleanups to check those code paths
407 ip netns | grep -q ${NSA}
408 if [ $? -eq 0 ]; then
409 ip -netns ${NSA} link delete ${VRF}
410 ip -netns ${NSA} ro flush table ${VRF_TABLE}
411
412 ip -netns ${NSA} addr flush dev ${NSA_DEV}
413 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
414 ip -netns ${NSA} link set dev ${NSA_DEV} down
415 ip -netns ${NSA} link del dev ${NSA_DEV}
416
417 ip netns del ${NSA}
418 fi
419
420 ip netns del ${NSB}
5cad8bce 421 ip netns del ${NSC} >/dev/null 2>&1
6f9d5cac
DA		 422}
423
424setup()
425{
426 local with_vrf=${1}
427
428 # make sure we are starting with a clean slate
429 kill_procs
430 cleanup 2>/dev/null
431
432 log_debug "Configuring network namespaces"
433 set -e
434
435 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
436 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
437 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
438 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
439
440 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
441 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
442
443 # tell ns-A how to get to remote addresses of ns-B
444 if [ "${with_vrf}" = "yes" ]; then
445 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
446
447 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
448 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
449 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
450
451 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
452 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
5cad8bce
DA		 453
454 # some VRF tests use ns-C which has the same config as
455 # ns-B but for a device NOT in the VRF
456 create_ns ${NSC} "-" "-"
457 connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
458 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
6f9d5cac
DA		 459 else
460 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
461 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
462 fi
463
464
465 # tell ns-B how to get to remote addresses of ns-A
466 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
467 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
468
469 set +e
470
471 sleep 1
472}
473
c032dd8c
DA		 474################################################################################
475# IPv4
476
477ipv4_ping_novrf()
478{
479 local a
480
481 #
482 # out
483 #
484 for a in ${NSB_IP} ${NSB_LO_IP}
485 do
486 log_start
487 run_cmd ping -c1 -w1 ${a}
488 log_test_addr ${a} $? 0 "ping out"
489
490 log_start
491 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
492 log_test_addr ${a} $? 0 "ping out, device bind"
493
494 log_start
495 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
496 log_test_addr ${a} $? 0 "ping out, address bind"
497 done
498
499 #
500 # in
501 #
502 for a in ${NSA_IP} ${NSA_LO_IP}
503 do
504 log_start
505 run_cmd_nsb ping -c1 -w1 ${a}
506 log_test_addr ${a} $? 0 "ping in"
507 done
508
509 #
510 # local traffic
511 #
512 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
513 do
514 log_start
515 run_cmd ping -c1 -w1 ${a}
516 log_test_addr ${a} $? 0 "ping local"
517 done
518
519 #
520 # local traffic, socket bound to device
521 #
522 # address on device
523 a=${NSA_IP}
524 log_start
525 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
526 log_test_addr ${a} $? 0 "ping local, device bind"
527
528 # loopback addresses not reachable from device bind
529 # fails in a really weird way though because ipv4 special cases
530 # route lookups with oif set.
531 for a in ${NSA_LO_IP} 127.0.0.1
532 do
533 log_start
534 show_hint "Fails since address on loopback device is out of device scope"
535 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
536 log_test_addr ${a} $? 1 "ping local, device bind"
537 done
538
539 #
540 # ip rule blocks reachability to remote address
541 #
542 log_start
543 setup_cmd ip rule add pref 32765 from all lookup local
544 setup_cmd ip rule del pref 0 from all lookup local
545 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
546 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
547
548 a=${NSB_LO_IP}
549 run_cmd ping -c1 -w1 ${a}
550 log_test_addr ${a} $? 2 "ping out, blocked by rule"
551
552 # NOTE: ipv4 actually allows the lookup to fail and yet still create
553 # a viable rtable if the oif (e.g., bind to device) is set, so this
554 # case succeeds despite the rule
555 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
556
557 a=${NSA_LO_IP}
558 log_start
559 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
560 run_cmd_nsb ping -c1 -w1 ${a}
561 log_test_addr ${a} $? 1 "ping in, blocked by rule"
562
563 [ "$VERBOSE" = "1" ] && echo
564 setup_cmd ip rule del pref 32765 from all lookup local
565 setup_cmd ip rule add pref 0 from all lookup local
566 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
567 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
568
569 #
570 # route blocks reachability to remote address
571 #
572 log_start
573 setup_cmd ip route replace unreachable ${NSB_LO_IP}
574 setup_cmd ip route replace unreachable ${NSB_IP}
575
576 a=${NSB_LO_IP}
577 run_cmd ping -c1 -w1 ${a}
578 log_test_addr ${a} $? 2 "ping out, blocked by route"
579
580 # NOTE: ipv4 actually allows the lookup to fail and yet still create
581 # a viable rtable if the oif (e.g., bind to device) is set, so this
582 # case succeeds despite not having a route for the address
583 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
584
585 a=${NSA_LO_IP}
586 log_start
587 show_hint "Response is dropped (or arp request is ignored) due to ip route"
588 run_cmd_nsb ping -c1 -w1 ${a}
589 log_test_addr ${a} $? 1 "ping in, blocked by route"
590
591 #
592 # remove 'remote' routes; fallback to default
593 #
594 log_start
595 setup_cmd ip ro del ${NSB_LO_IP}
596
597 a=${NSB_LO_IP}
598 run_cmd ping -c1 -w1 ${a}
599 log_test_addr ${a} $? 2 "ping out, unreachable default route"
600
601 # NOTE: ipv4 actually allows the lookup to fail and yet still create
602 # a viable rtable if the oif (e.g., bind to device) is set, so this
603 # case succeeds despite not having a route for the address
604 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
605}
606
607ipv4_ping_vrf()
608{
609 local a
610
611 # should default on; does not exist on older kernels
612 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
613
614 #
615 # out
616 #
617 for a in ${NSB_IP} ${NSB_LO_IP}
618 do
619 log_start
620 run_cmd ping -c1 -w1 -I ${VRF} ${a}
621 log_test_addr ${a} $? 0 "ping out, VRF bind"
622
623 log_start
624 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
625 log_test_addr ${a} $? 0 "ping out, device bind"
626
627 log_start
628 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
629 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
630
631 log_start
632 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
633 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
634 done
635
636 #
637 # in
638 #
639 for a in ${NSA_IP} ${VRF_IP}
640 do
641 log_start
642 run_cmd_nsb ping -c1 -w1 ${a}
643 log_test_addr ${a} $? 0 "ping in"
644 done
645
646 #
647 # local traffic, local address
648 #
649 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
650 do
651 log_start
652 show_hint "Source address should be ${a}"
653 run_cmd ping -c1 -w1 -I ${VRF} ${a}
654 log_test_addr ${a} $? 0 "ping local, VRF bind"
655 done
656
657 #
658 # local traffic, socket bound to device
659 #
660 # address on device
661 a=${NSA_IP}
662 log_start
663 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
664 log_test_addr ${a} $? 0 "ping local, device bind"
665
666 # vrf device is out of scope
667 for a in ${VRF_IP} 127.0.0.1
668 do
669 log_start
670 show_hint "Fails since address on vrf device is out of device scope"
671 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
672 log_test_addr ${a} $? 1 "ping local, device bind"
673 done
674
675 #
676 # ip rule blocks address
677 #
678 log_start
679 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
680 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
681
682 a=${NSB_LO_IP}
683 run_cmd ping -c1 -w1 -I ${VRF} ${a}
684 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
685
686 log_start
687 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
688 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
689
690 a=${NSA_LO_IP}
691 log_start
692 show_hint "Response lost due to ip rule"
693 run_cmd_nsb ping -c1 -w1 ${a}
694 log_test_addr ${a} $? 1 "ping in, blocked by rule"
695
696 [ "$VERBOSE" = "1" ] && echo
697 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
698 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
699
700 #
701 # remove 'remote' routes; fallback to default
702 #
703 log_start
704 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
705
706 a=${NSB_LO_IP}
707 run_cmd ping -c1 -w1 -I ${VRF} ${a}
708 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
709
710 log_start
711 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
712 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
713
714 a=${NSA_LO_IP}
715 log_start
716 show_hint "Response lost by unreachable route"
717 run_cmd_nsb ping -c1 -w1 ${a}
718 log_test_addr ${a} $? 1 "ping in, unreachable route"
719}
720
721ipv4_ping()
722{
723 log_section "IPv4 ping"
724
725 log_subsection "No VRF"
726 setup
727 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
728 ipv4_ping_novrf
729 setup
730 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
731 ipv4_ping_novrf
732
733 log_subsection "With VRF"
734 setup "yes"
735 ipv4_ping_vrf
736}
737
bbd7c764
DA		 738################################################################################
739# IPv4 TCP
740
f0bee1eb
DA		 741#
742# MD5 tests without VRF
743#
744ipv4_tcp_md5_novrf()
745{
746 #
747 # single address
748 #
749
750 # basic use case
751 log_start
752 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} &
753 sleep 1
754 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
755 log_test $? 0 "MD5: Single address config"
756
757 # client sends MD5, server not configured
758 log_start
759 show_hint "Should timeout due to MD5 mismatch"
760 run_cmd nettest -s &
761 sleep 1
762 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
763 log_test $? 2 "MD5: Server no config, client uses password"
764
765 # wrong password
766 log_start
767 show_hint "Should timeout since client uses wrong password"
768 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} &
769 sleep 1
770 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
771 log_test $? 2 "MD5: Client uses wrong password"
772
773 # client from different address
774 log_start
775 show_hint "Should timeout due to MD5 mismatch"
776 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_LO_IP} &
777 sleep 1
778 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
779 log_test $? 2 "MD5: Client address does not match address configured with password"
780
781 #
782 # MD5 extension - prefix length
783 #
784
785 # client in prefix
786 log_start
787 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
788 sleep 1
789 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
790 log_test $? 0 "MD5: Prefix config"
791
792 # client in prefix, wrong password
793 log_start
794 show_hint "Should timeout since client uses wrong password"
795 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
796 sleep 1
797 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
798 log_test $? 2 "MD5: Prefix config, client uses wrong password"
799
800 # client outside of prefix
801 log_start
802 show_hint "Should timeout due to MD5 mismatch"
803 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
804 sleep 1
805 run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW}
806 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
807}
808
5cad8bce
DA		 809#
810# MD5 tests with VRF
811#
812ipv4_tcp_md5()
813{
814 #
815 # single address
816 #
817
818 # basic use case
819 log_start
820 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
821 sleep 1
822 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
823 log_test $? 0 "MD5: VRF: Single address config"
824
825 # client sends MD5, server not configured
826 log_start
827 show_hint "Should timeout since server does not have MD5 auth"
828 run_cmd nettest -s -d ${VRF} &
829 sleep 1
830 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
831 log_test $? 2 "MD5: VRF: Server no config, client uses password"
832
833 # wrong password
834 log_start
835 show_hint "Should timeout since client uses wrong password"
836 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
837 sleep 1
838 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
839 log_test $? 2 "MD5: VRF: Client uses wrong password"
840
841 # client from different address
842 log_start
843 show_hint "Should timeout since server config differs from client"
844 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP} &
845 sleep 1
846 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
847 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
848
849 #
850 # MD5 extension - prefix length
851 #
852
853 # client in prefix
854 log_start
855 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
856 sleep 1
857 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
858 log_test $? 0 "MD5: VRF: Prefix config"
859
860 # client in prefix, wrong password
861 log_start
862 show_hint "Should timeout since client uses wrong password"
863 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
864 sleep 1
865 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
866 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
867
868 # client outside of prefix
869 log_start
870 show_hint "Should timeout since client address is outside of prefix"
871 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
872 sleep 1
873 run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW}
874 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
875
876 #
877 # duplicate config between default VRF and a VRF
878 #
879
880 log_start
881 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
882 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
883 sleep 1
884 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
885 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
886
887 log_start
888 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
889 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
890 sleep 1
891 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
892 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
893
894 log_start
895 show_hint "Should timeout since client in default VRF uses VRF password"
896 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
897 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
898 sleep 1
899 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW}
900 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
901
902 log_start
903 show_hint "Should timeout since client in VRF uses default VRF password"
904 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
905 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
906 sleep 1
907 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
908 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
909
910 log_start
911 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
912 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
913 sleep 1
914 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
915 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
916
917 log_start
918 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
919 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
920 sleep 1
921 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
922 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
923
924 log_start
925 show_hint "Should timeout since client in default VRF uses VRF password"
926 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
927 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
928 sleep 1
929 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW}
930 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
931
932 log_start
933 show_hint "Should timeout since client in VRF uses default VRF password"
934 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
935 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
936 sleep 1
937 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
938 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
939
940 #
941 # negative tests
942 #
943 log_start
944 run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP}
945 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
946
947 log_start
948 run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
949 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
950
951}
952
bbd7c764
DA		 953ipv4_tcp_novrf()
954{
955 local a
956
957 #
958 # server tests
959 #
960 for a in ${NSA_IP} ${NSA_LO_IP}
961 do
962 log_start
963 run_cmd nettest -s &
964 sleep 1
965 run_cmd_nsb nettest -r ${a}
966 log_test_addr ${a} $? 0 "Global server"
967 done
968
969 a=${NSA_IP}
970 log_start
971 run_cmd nettest -s -d ${NSA_DEV} &
972 sleep 1
973 run_cmd_nsb nettest -r ${a}
974 log_test_addr ${a} $? 0 "Device server"
975
976 # verify TCP reset sent and received
977 for a in ${NSA_IP} ${NSA_LO_IP}
978 do
979 log_start
980 show_hint "Should fail 'Connection refused' since there is no server"
981 run_cmd_nsb nettest -r ${a}
982 log_test_addr ${a} $? 1 "No server"
983 done
984
985 #
986 # client
987 #
988 for a in ${NSB_IP} ${NSB_LO_IP}
989 do
990 log_start
991 run_cmd_nsb nettest -s &
992 sleep 1
993 run_cmd nettest -r ${a} -0 ${NSA_IP}
994 log_test_addr ${a} $? 0 "Client"
995
996 log_start
997 run_cmd_nsb nettest -s &
998 sleep 1
999 run_cmd nettest -r ${a} -d ${NSA_DEV}
1000 log_test_addr ${a} $? 0 "Client, device bind"
1001
1002 log_start
1003 show_hint "Should fail 'Connection refused'"
1004 run_cmd nettest -r ${a}
1005 log_test_addr ${a} $? 1 "No server, unbound client"
1006
1007 log_start
1008 show_hint "Should fail 'Connection refused'"
1009 run_cmd nettest -r ${a} -d ${NSA_DEV}
1010 log_test_addr ${a} $? 1 "No server, device client"
1011 done
1012
1013 #
1014 # local address tests
1015 #
1016 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1017 do
1018 log_start
1019 run_cmd nettest -s &
1020 sleep 1
1021 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1022 log_test_addr ${a} $? 0 "Global server, local connection"
1023 done
1024
1025 a=${NSA_IP}
1026 log_start
1027 run_cmd nettest -s -d ${NSA_DEV} &
1028 sleep 1
1029 run_cmd nettest -r ${a} -0 ${a}
1030 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1031
1032 for a in ${NSA_LO_IP} 127.0.0.1
1033 do
1034 log_start
1035 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
1036 run_cmd nettest -s -d ${NSA_DEV} &
1037 sleep 1
1038 run_cmd nettest -r ${a}
1039 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1040 done
1041
1042 a=${NSA_IP}
1043 log_start
1044 run_cmd nettest -s &
1045 sleep 1
1046 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1047 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1048
1049 for a in ${NSA_LO_IP} 127.0.0.1
1050 do
1051 log_start
1052 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
1053 run_cmd nettest -s &
1054 sleep 1
1055 run_cmd nettest -r ${a} -d ${NSA_DEV}
1056 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1057 done
1058
1059 a=${NSA_IP}
1060 log_start
1061 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1062 sleep 1
1063 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1064 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1065
1066 log_start
1067 show_hint "Should fail 'Connection refused'"
1068 run_cmd nettest -d ${NSA_DEV} -r ${a}
1069 log_test_addr ${a} $? 1 "No server, device client, local conn"
f0bee1eb
DA		 1070
1071 ipv4_tcp_md5_novrf
bbd7c764
DA		 1072}
1073
1074ipv4_tcp_vrf()
1075{
1076 local a
1077
1078 # disable global server
1079 log_subsection "Global server disabled"
1080
1081 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1082
1083 #
1084 # server tests
1085 #
1086 for a in ${NSA_IP} ${VRF_IP}
1087 do
1088 log_start
1089 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1090 run_cmd nettest -s &
1091 sleep 1
1092 run_cmd_nsb nettest -r ${a}
1093 log_test_addr ${a} $? 1 "Global server"
1094
1095 log_start
1096 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
1097 sleep 1
1098 run_cmd_nsb nettest -r ${a}
1099 log_test_addr ${a} $? 0 "VRF server"
1100
1101 log_start
1102 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1103 sleep 1
1104 run_cmd_nsb nettest -r ${a}
1105 log_test_addr ${a} $? 0 "Device server"
1106
1107 # verify TCP reset received
1108 log_start
1109 show_hint "Should fail 'Connection refused' since there is no server"
1110 run_cmd_nsb nettest -r ${a}
1111 log_test_addr ${a} $? 1 "No server"
1112 done
1113
1114 # local address tests
1115 # (${VRF_IP} and 127.0.0.1 both timeout)
1116 a=${NSA_IP}
1117 log_start
1118 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1119 run_cmd nettest -s &
1120 sleep 1
1121 run_cmd nettest -r ${a} -d ${NSA_DEV}
1122 log_test_addr ${a} $? 1 "Global server, local connection"
1123
5cad8bce
DA		 1124 # run MD5 tests
1125 ipv4_tcp_md5
1126
bbd7c764
DA		 1127 #
1128 # enable VRF global server
1129 #
1130 log_subsection "VRF Global server enabled"
1131 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1132
1133 for a in ${NSA_IP} ${VRF_IP}
1134 do
1135 log_start
1136 show_hint "client socket should be bound to VRF"
1137 run_cmd nettest -s -2 ${VRF} &
1138 sleep 1
1139 run_cmd_nsb nettest -r ${a}
1140 log_test_addr ${a} $? 0 "Global server"
1141
1142 log_start
1143 show_hint "client socket should be bound to VRF"
1144 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
1145 sleep 1
1146 run_cmd_nsb nettest -r ${a}
1147 log_test_addr ${a} $? 0 "VRF server"
1148
1149 # verify TCP reset received
1150 log_start
1151 show_hint "Should fail 'Connection refused'"
1152 run_cmd_nsb nettest -r ${a}
1153 log_test_addr ${a} $? 1 "No server"
1154 done
1155
1156 a=${NSA_IP}
1157 log_start
1158 show_hint "client socket should be bound to device"
1159 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1160 sleep 1
1161 run_cmd_nsb nettest -r ${a}
1162 log_test_addr ${a} $? 0 "Device server"
1163
1164 # local address tests
1165 for a in ${NSA_IP} ${VRF_IP}
1166 do
1167 log_start
1168 show_hint "Should fail 'No route to host' since client is not bound to VRF"
1169 run_cmd nettest -s -2 ${VRF} &
1170 sleep 1
1171 run_cmd nettest -r ${a}
1172 log_test_addr ${a} $? 1 "Global server, local connection"
1173 done
1174
1175 #
1176 # client
1177 #
1178 for a in ${NSB_IP} ${NSB_LO_IP}
1179 do
1180 log_start
1181 run_cmd_nsb nettest -s &
1182 sleep 1
1183 run_cmd nettest -r ${a} -d ${VRF}
1184 log_test_addr ${a} $? 0 "Client, VRF bind"
1185
1186 log_start
1187 run_cmd_nsb nettest -s &
1188 sleep 1
1189 run_cmd nettest -r ${a} -d ${NSA_DEV}
1190 log_test_addr ${a} $? 0 "Client, device bind"
1191
1192 log_start
1193 show_hint "Should fail 'Connection refused'"
1194 run_cmd nettest -r ${a} -d ${VRF}
1195 log_test_addr ${a} $? 1 "No server, VRF client"
1196
1197 log_start
1198 show_hint "Should fail 'Connection refused'"
1199 run_cmd nettest -r ${a} -d ${NSA_DEV}
1200 log_test_addr ${a} $? 1 "No server, device client"
1201 done
1202
1203 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1204 do
1205 log_start
1206 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
1207 sleep 1
1208 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1209 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1210 done
1211
1212 a=${NSA_IP}
1213 log_start
1214 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
1215 sleep 1
1216 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1217 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1218
1219 log_start
1220 show_hint "Should fail 'No route to host' since client is out of VRF scope"
1221 run_cmd nettest -s -d ${VRF} &
1222 sleep 1
1223 run_cmd nettest -r ${a}
1224 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1225
1226 log_start
1227 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1228 sleep 1
1229 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1230 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1231
1232 log_start
1233 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1234 sleep 1
1235 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1236 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1237}
1238
1239ipv4_tcp()
1240{
1241 log_section "IPv4/TCP"
bbd7c764
DA		 1242 log_subsection "No VRF"
1243 setup
1244
1245 # tcp_l3mdev_accept should have no affect without VRF;
1246 # run tests with it enabled and disabled to verify
1247 log_subsection "tcp_l3mdev_accept disabled"
1248 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1249 ipv4_tcp_novrf
1250 log_subsection "tcp_l3mdev_accept enabled"
1251 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1252 ipv4_tcp_novrf
1253
1254 log_subsection "With VRF"
1255 setup "yes"
1256 ipv4_tcp_vrf
1257}
1258
a4368be9
DA		 1259################################################################################
1260# IPv4 UDP
1261
1262ipv4_udp_novrf()
1263{
1264 local a
1265
1266 #
1267 # server tests
1268 #
1269 for a in ${NSA_IP} ${NSA_LO_IP}
1270 do
1271 log_start
1272 run_cmd nettest -D -s -2 ${NSA_DEV} &
1273 sleep 1
1274 run_cmd_nsb nettest -D -r ${a}
1275 log_test_addr ${a} $? 0 "Global server"
1276
1277 log_start
1278 show_hint "Should fail 'Connection refused' since there is no server"
1279 run_cmd_nsb nettest -D -r ${a}
1280 log_test_addr ${a} $? 1 "No server"
1281 done
1282
1283 a=${NSA_IP}
1284 log_start
1285 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1286 sleep 1
1287 run_cmd_nsb nettest -D -r ${a}
1288 log_test_addr ${a} $? 0 "Device server"
1289
1290 #
1291 # client
1292 #
1293 for a in ${NSB_IP} ${NSB_LO_IP}
1294 do
1295 log_start
1296 run_cmd_nsb nettest -D -s &
1297 sleep 1
1298 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1299 log_test_addr ${a} $? 0 "Client"
1300
1301 log_start
1302 run_cmd_nsb nettest -D -s &
1303 sleep 1
1304 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1305 log_test_addr ${a} $? 0 "Client, device bind"
1306
1307 log_start
1308 run_cmd_nsb nettest -D -s &
1309 sleep 1
1310 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1311 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1312
1313 log_start
1314 run_cmd_nsb nettest -D -s &
1315 sleep 1
1316 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1317 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1318
1319 log_start
1320 show_hint "Should fail 'Connection refused'"
1321 run_cmd nettest -D -r ${a}
1322 log_test_addr ${a} $? 1 "No server, unbound client"
1323
1324 log_start
1325 show_hint "Should fail 'Connection refused'"
1326 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1327 log_test_addr ${a} $? 1 "No server, device client"
1328 done
1329
1330 #
1331 # local address tests
1332 #
1333 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1334 do
1335 log_start
1336 run_cmd nettest -D -s &
1337 sleep 1
1338 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1339 log_test_addr ${a} $? 0 "Global server, local connection"
1340 done
1341
1342 a=${NSA_IP}
1343 log_start
1344 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1345 sleep 1
1346 run_cmd nettest -D -r ${a}
1347 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1348
1349 for a in ${NSA_LO_IP} 127.0.0.1
1350 do
1351 log_start
1352 show_hint "Should fail 'Connection refused' since address is out of device scope"
1353 run_cmd nettest -s -D -d ${NSA_DEV} &
1354 sleep 1
1355 run_cmd nettest -D -r ${a}
1356 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1357 done
1358
1359 a=${NSA_IP}
1360 log_start
1361 run_cmd nettest -s -D &
1362 sleep 1
1363 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1364 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1365
1366 log_start
1367 run_cmd nettest -s -D &
1368 sleep 1
1369 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1370 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1371
1372 log_start
1373 run_cmd nettest -s -D &
1374 sleep 1
1375 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1376 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1377
1378 # IPv4 with device bind has really weird behavior - it overrides the
1379 # fib lookup, generates an rtable and tries to send the packet. This
1380 # causes failures for local traffic at different places
1381 for a in ${NSA_LO_IP} 127.0.0.1
1382 do
1383 log_start
1384 show_hint "Should fail since addresses on loopback are out of device scope"
1385 run_cmd nettest -D -s &
1386 sleep 1
1387 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1388 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1389
1390 log_start
1391 show_hint "Should fail since addresses on loopback are out of device scope"
1392 run_cmd nettest -D -s &
1393 sleep 1
1394 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1395 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1396
1397 log_start
1398 show_hint "Should fail since addresses on loopback are out of device scope"
1399 run_cmd nettest -D -s &
1400 sleep 1
1401 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1402 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1403 done
1404
1405 a=${NSA_IP}
1406 log_start
1407 run_cmd nettest -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1408 sleep 1
1409 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1410 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1411
1412 log_start
1413 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1414 log_test_addr ${a} $? 2 "No server, device client, local conn"
1415}
1416
1417ipv4_udp_vrf()
1418{
1419 local a
1420
1421 # disable global server
1422 log_subsection "Global server disabled"
1423 set_sysctl net.ipv4.udp_l3mdev_accept=0
1424
1425 #
1426 # server tests
1427 #
1428 for a in ${NSA_IP} ${VRF_IP}
1429 do
1430 log_start
1431 show_hint "Fails because ingress is in a VRF and global server is disabled"
1432 run_cmd nettest -D -s &
1433 sleep 1
1434 run_cmd_nsb nettest -D -r ${a}
1435 log_test_addr ${a} $? 1 "Global server"
1436
1437 log_start
1438 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1439 sleep 1
1440 run_cmd_nsb nettest -D -r ${a}
1441 log_test_addr ${a} $? 0 "VRF server"
1442
1443 log_start
1444 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1445 sleep 1
1446 run_cmd_nsb nettest -D -r ${a}
1447 log_test_addr ${a} $? 0 "Enslaved device server"
1448
1449 log_start
1450 show_hint "Should fail 'Connection refused' since there is no server"
1451 run_cmd_nsb nettest -D -r ${a}
1452 log_test_addr ${a} $? 1 "No server"
1453
1454 log_start
1455 show_hint "Should fail 'Connection refused' since global server is out of scope"
1456 run_cmd nettest -D -s &
1457 sleep 1
1458 run_cmd nettest -D -d ${VRF} -r ${a}
1459 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1460 done
1461
1462 a=${NSA_IP}
1463 log_start
1464 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1465 sleep 1
1466 run_cmd nettest -D -d ${VRF} -r ${a}
1467 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1468
1469 log_start
1470 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1471 sleep 1
1472 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1473 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1474
1475 a=${NSA_IP}
1476 log_start
1477 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1478 sleep 1
1479 run_cmd nettest -D -d ${VRF} -r ${a}
1480 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1481
1482 log_start
1483 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1484 sleep 1
1485 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1486 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1487
1488 # enable global server
1489 log_subsection "Global server enabled"
1490 set_sysctl net.ipv4.udp_l3mdev_accept=1
1491
1492 #
1493 # server tests
1494 #
1495 for a in ${NSA_IP} ${VRF_IP}
1496 do
1497 log_start
1498 run_cmd nettest -D -s -2 ${NSA_DEV} &
1499 sleep 1
1500 run_cmd_nsb nettest -D -r ${a}
1501 log_test_addr ${a} $? 0 "Global server"
1502
1503 log_start
1504 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1505 sleep 1
1506 run_cmd_nsb nettest -D -r ${a}
1507 log_test_addr ${a} $? 0 "VRF server"
1508
1509 log_start
1510 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1511 sleep 1
1512 run_cmd_nsb nettest -D -r ${a}
1513 log_test_addr ${a} $? 0 "Enslaved device server"
1514
1515 log_start
1516 show_hint "Should fail 'Connection refused'"
1517 run_cmd_nsb nettest -D -r ${a}
1518 log_test_addr ${a} $? 1 "No server"
1519 done
1520
1521 #
1522 # client tests
1523 #
1524 log_start
1525 run_cmd_nsb nettest -D -s &
1526 sleep 1
1527 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1528 log_test $? 0 "VRF client"
1529
1530 log_start
1531 run_cmd_nsb nettest -D -s &
1532 sleep 1
1533 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1534 log_test $? 0 "Enslaved device client"
1535
1536 # negative test - should fail
1537 log_start
1538 show_hint "Should fail 'Connection refused'"
1539 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1540 log_test $? 1 "No server, VRF client"
1541
1542 log_start
1543 show_hint "Should fail 'Connection refused'"
1544 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1545 log_test $? 1 "No server, enslaved device client"
1546
1547 #
1548 # local address tests
1549 #
1550 a=${NSA_IP}
1551 log_start
1552 run_cmd nettest -D -s -2 ${NSA_DEV} &
1553 sleep 1
1554 run_cmd nettest -D -d ${VRF} -r ${a}
1555 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1556
1557 log_start
1558 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1559 sleep 1
1560 run_cmd nettest -D -d ${VRF} -r ${a}
1561 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1562
1563 log_start
1564 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1565 sleep 1
1566 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1567 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1568
1569 log_start
1570 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1571 sleep 1
1572 run_cmd nettest -D -d ${VRF} -r ${a}
1573 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1574
1575 log_start
1576 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1577 sleep 1
1578 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1579 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1580
1581 for a in ${VRF_IP} 127.0.0.1
1582 do
1583 log_start
1584 run_cmd nettest -D -s -2 ${VRF} &
1585 sleep 1
1586 run_cmd nettest -D -d ${VRF} -r ${a}
1587 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1588 done
1589
1590 for a in ${VRF_IP} 127.0.0.1
1591 do
1592 log_start
1593 run_cmd nettest -s -D -d ${VRF} -2 ${VRF} &
1594 sleep 1
1595 run_cmd nettest -D -d ${VRF} -r ${a}
1596 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1597 done
1598
1599 # negative test - should fail
1600 # verifies ECONNREFUSED
1601 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1602 do
1603 log_start
1604 show_hint "Should fail 'Connection refused'"
1605 run_cmd nettest -D -d ${VRF} -r ${a}
1606 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1607 done
1608}
1609
1610ipv4_udp()
1611{
a4368be9
DA		 1612 log_section "IPv4/UDP"
1613 log_subsection "No VRF"
1614
1615 setup
1616
1617 # udp_l3mdev_accept should have no affect without VRF;
1618 # run tests with it enabled and disabled to verify
1619 log_subsection "udp_l3mdev_accept disabled"
1620 set_sysctl net.ipv4.udp_l3mdev_accept=0
1621 ipv4_udp_novrf
1622 log_subsection "udp_l3mdev_accept enabled"
1623 set_sysctl net.ipv4.udp_l3mdev_accept=1
1624 ipv4_udp_novrf
1625
1626 log_subsection "With VRF"
1627 setup "yes"
1628 ipv4_udp_vrf
1629}
1630
75b2b2b3
DA		 1631################################################################################
1632# IPv4 address bind
1633#
1634# verifies ability or inability to bind to an address / device
1635
1636ipv4_addr_bind_novrf()
1637{
1638 #
1639 # raw socket
1640 #
1641 for a in ${NSA_IP} ${NSA_LO_IP}
1642 do
1643 log_start
1644 run_cmd nettest -s -R -P icmp -l ${a} -b
1645 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1646
1647 log_start
1648 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1649 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1650 done
1651
1652 #
1653 # tcp sockets
1654 #
1655 a=${NSA_IP}
1656 log_start
1657 run_cmd nettest -l ${a} -r ${NSB_IP} -t1 -b
1658 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1659
1660 log_start
1661 run_cmd nettest -l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1662 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1663
1664 # Sadly, the kernel allows binding a socket to a device and then
1665 # binding to an address not on the device. The only restriction
1666 # is that the address is valid in the L3 domain. So this test
1667 # passes when it really should not
1668 #a=${NSA_LO_IP}
1669 #log_start
1670 #show_hint "Should fail with 'Cannot assign requested address'"
1671 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1672 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1673}
1674
1675ipv4_addr_bind_vrf()
1676{
1677 #
1678 # raw socket
1679 #
1680 for a in ${NSA_IP} ${VRF_IP}
1681 do
1682 log_start
1683 run_cmd nettest -s -R -P icmp -l ${a} -b
1684 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1685
1686 log_start
1687 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1688 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1689 log_start
1690 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1691 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1692 done
1693
1694 a=${NSA_LO_IP}
1695 log_start
1696 show_hint "Address on loopback is out of VRF scope"
1697 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1698 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1699
1700 #
1701 # tcp sockets
1702 #
1703 for a in ${NSA_IP} ${VRF_IP}
1704 do
1705 log_start
1706 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1707 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1708
1709 log_start
1710 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1711 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1712 done
1713
1714 a=${NSA_LO_IP}
1715 log_start
1716 show_hint "Address on loopback out of scope for VRF"
1717 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1718 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1719
1720 log_start
1721 show_hint "Address on loopback out of scope for device in VRF"
1722 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1723 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1724}
1725
1726ipv4_addr_bind()
1727{
1728 log_section "IPv4 address binds"
1729
1730 log_subsection "No VRF"
1731 setup
1732 ipv4_addr_bind_novrf
1733
1734 log_subsection "With VRF"
1735 setup "yes"
1736 ipv4_addr_bind_vrf
1737}
1738
0113f726
DA		 1739################################################################################
1740# IPv4 runtime tests
1741
1742ipv4_rt()
1743{
1744 local desc="$1"
1745 local varg="$2"
1746 local with_vrf="yes"
1747 local a
1748
1749 #
1750 # server tests
1751 #
1752 for a in ${NSA_IP} ${VRF_IP}
1753 do
1754 log_start
1755 run_cmd nettest ${varg} -s &
1756 sleep 1
1757 run_cmd_nsb nettest ${varg} -r ${a} &
1758 sleep 3
1759 run_cmd ip link del ${VRF}
1760 sleep 1
1761 log_test_addr ${a} 0 0 "${desc}, global server"
1762
1763 setup ${with_vrf}
1764 done
1765
1766 for a in ${NSA_IP} ${VRF_IP}
1767 do
1768 log_start
1769 run_cmd nettest ${varg} -s -d ${VRF} &
1770 sleep 1
1771 run_cmd_nsb nettest ${varg} -r ${a} &
1772 sleep 3
1773 run_cmd ip link del ${VRF}
1774 sleep 1
1775 log_test_addr ${a} 0 0 "${desc}, VRF server"
1776
1777 setup ${with_vrf}
1778 done
1779
1780 a=${NSA_IP}
1781 log_start
1782 run_cmd nettest ${varg} -s -d ${NSA_DEV} &
1783 sleep 1
1784 run_cmd_nsb nettest ${varg} -r ${a} &
1785 sleep 3
1786 run_cmd ip link del ${VRF}
1787 sleep 1
1788 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1789
1790 setup ${with_vrf}
1791
1792 #
1793 # client test
1794 #
1795 log_start
1796 run_cmd_nsb nettest ${varg} -s &
1797 sleep 1
1798 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
1799 sleep 3
1800 run_cmd ip link del ${VRF}
1801 sleep 1
1802 log_test_addr ${a} 0 0 "${desc}, VRF client"
1803
1804 setup ${with_vrf}
1805
1806 log_start
1807 run_cmd_nsb nettest ${varg} -s &
1808 sleep 1
1809 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1810 sleep 3
1811 run_cmd ip link del ${VRF}
1812 sleep 1
1813 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1814
1815 setup ${with_vrf}
1816
1817 #
1818 # local address tests
1819 #
1820 for a in ${NSA_IP} ${VRF_IP}
1821 do
1822 log_start
1823 run_cmd nettest ${varg} -s &
1824 sleep 1
1825 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1826 sleep 3
1827 run_cmd ip link del ${VRF}
1828 sleep 1
1829 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1830
1831 setup ${with_vrf}
1832 done
1833
1834 for a in ${NSA_IP} ${VRF_IP}
1835 do
1836 log_start
1837 run_cmd nettest ${varg} -d ${VRF} -s &
1838 sleep 1
1839 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1840 sleep 3
1841 run_cmd ip link del ${VRF}
1842 sleep 1
1843 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1844
1845 setup ${with_vrf}
1846 done
1847
1848 a=${NSA_IP}
1849 log_start
1850 run_cmd nettest ${varg} -s &
1851 sleep 1
1852 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1853 sleep 3
1854 run_cmd ip link del ${VRF}
1855 sleep 1
1856 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
1857
1858 setup ${with_vrf}
1859
1860 log_start
1861 run_cmd nettest ${varg} -d ${VRF} -s &
1862 sleep 1
1863 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1864 sleep 3
1865 run_cmd ip link del ${VRF}
1866 sleep 1
1867 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1868
1869 setup ${with_vrf}
1870
1871 log_start
1872 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
1873 sleep 1
1874 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1875 sleep 3
1876 run_cmd ip link del ${VRF}
1877 sleep 1
1878 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
1879}
1880
1881ipv4_ping_rt()
1882{
1883 local with_vrf="yes"
1884 local a
1885
1886 for a in ${NSA_IP} ${VRF_IP}
1887 do
1888 log_start
1889 run_cmd_nsb ping -f ${a} &
1890 sleep 3
1891 run_cmd ip link del ${VRF}
1892 sleep 1
1893 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
1894
1895 setup ${with_vrf}
1896 done
1897
1898 a=${NSB_IP}
1899 log_start
1900 run_cmd ping -f -I ${VRF} ${a} &
1901 sleep 3
1902 run_cmd ip link del ${VRF}
1903 sleep 1
1904 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
1905}
1906
1907ipv4_runtime()
1908{
1909 log_section "Run time tests - ipv4"
1910
1911 setup "yes"
1912 ipv4_ping_rt
1913
1914 setup "yes"
1915 ipv4_rt "TCP active socket" "-n -1"
1916
1917 setup "yes"
1918 ipv4_rt "TCP passive socket" "-i"
1919}
1920
c0644e71
DA		 1921################################################################################
1922# IPv6
1923
1924ipv6_ping_novrf()
1925{
1926 local a
1927
1928 # should not have an impact, but make a known state
1929 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
1930
1931 #
1932 # out
1933 #
1934 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1935 do
1936 log_start
1937 run_cmd ${ping6} -c1 -w1 ${a}
1938 log_test_addr ${a} $? 0 "ping out"
1939 done
1940
1941 for a in ${NSB_IP6} ${NSB_LO_IP6}
1942 do
1943 log_start
1944 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1945 log_test_addr ${a} $? 0 "ping out, device bind"
1946
1947 log_start
1948 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
1949 log_test_addr ${a} $? 0 "ping out, loopback address bind"
1950 done
1951
1952 #
1953 # in
1954 #
1955 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1956 do
1957 log_start
1958 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1959 log_test_addr ${a} $? 0 "ping in"
1960 done
1961
1962 #
1963 # local traffic, local address
1964 #
1965 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1966 do
1967 log_start
1968 run_cmd ${ping6} -c1 -w1 ${a}
1969 log_test_addr ${a} $? 0 "ping local, no bind"
1970 done
1971
1972 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1973 do
1974 log_start
1975 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1976 log_test_addr ${a} $? 0 "ping local, device bind"
1977 done
1978
1979 for a in ${NSA_LO_IP6} ::1
1980 do
1981 log_start
1982 show_hint "Fails since address on loopback is out of device scope"
1983 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1984 log_test_addr ${a} $? 2 "ping local, device bind"
1985 done
1986
1987 #
1988 # ip rule blocks address
1989 #
1990 log_start
1991 setup_cmd ip -6 rule add pref 32765 from all lookup local
1992 setup_cmd ip -6 rule del pref 0 from all lookup local
1993 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
1994 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
1995
1996 a=${NSB_LO_IP6}
1997 run_cmd ${ping6} -c1 -w1 ${a}
1998 log_test_addr ${a} $? 2 "ping out, blocked by rule"
1999
2000 log_start
2001 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2002 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2003
2004 a=${NSA_LO_IP6}
2005 log_start
2006 show_hint "Response lost due to ip rule"
2007 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2008 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2009
2010 setup_cmd ip -6 rule add pref 0 from all lookup local
2011 setup_cmd ip -6 rule del pref 32765 from all lookup local
2012 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2013 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2014
2015 #
2016 # route blocks reachability to remote address
2017 #
2018 log_start
2019 setup_cmd ip -6 route del ${NSB_LO_IP6}
2020 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2021 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2022
2023 a=${NSB_LO_IP6}
2024 run_cmd ${ping6} -c1 -w1 ${a}
2025 log_test_addr ${a} $? 2 "ping out, blocked by route"
2026
2027 log_start
2028 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2029 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2030
2031 a=${NSA_LO_IP6}
2032 log_start
2033 show_hint "Response lost due to ip route"
2034 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2035 log_test_addr ${a} $? 1 "ping in, blocked by route"
2036
2037
2038 #
2039 # remove 'remote' routes; fallback to default
2040 #
2041 log_start
2042 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2043 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2044
2045 a=${NSB_LO_IP6}
2046 run_cmd ${ping6} -c1 -w1 ${a}
2047 log_test_addr ${a} $? 2 "ping out, unreachable route"
2048
2049 log_start
2050 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2051 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2052}
2053
2054ipv6_ping_vrf()
2055{
2056 local a
2057
2058 # should default on; does not exist on older kernels
2059 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2060
2061 #
2062 # out
2063 #
2064 for a in ${NSB_IP6} ${NSB_LO_IP6}
2065 do
2066 log_start
2067 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2068 log_test_addr ${a} $? 0 "ping out, VRF bind"
2069 done
2070
2071 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2072 do
2073 log_start
2074 show_hint "Fails since VRF device does not support linklocal or multicast"
2075 run_cmd ${ping6} -c1 -w1 ${a}
2076 log_test_addr ${a} $? 2 "ping out, VRF bind"
2077 done
2078
2079 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2080 do
2081 log_start
2082 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2083 log_test_addr ${a} $? 0 "ping out, device bind"
2084 done
2085
2086 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2087 do
2088 log_start
2089 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2090 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2091 done
2092
2093 #
2094 # in
2095 #
2096 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2097 do
2098 log_start
2099 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2100 log_test_addr ${a} $? 0 "ping in"
2101 done
2102
2103 a=${NSA_LO_IP6}
2104 log_start
2105 show_hint "Fails since loopback address is out of VRF scope"
2106 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2107 log_test_addr ${a} $? 1 "ping in"
2108
2109 #
2110 # local traffic, local address
2111 #
2112 for a in ${NSA_IP6} ${VRF_IP6} ::1
2113 do
2114 log_start
2115 show_hint "Source address should be ${a}"
2116 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2117 log_test_addr ${a} $? 0 "ping local, VRF bind"
2118 done
2119
2120 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2121 do
2122 log_start
2123 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2124 log_test_addr ${a} $? 0 "ping local, device bind"
2125 done
2126
2127 # LLA to GUA - remove ipv6 global addresses from ns-B
2128 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2129 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2130 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2131
2132 for a in ${NSA_IP6} ${VRF_IP6}
2133 do
2134 log_start
2135 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2136 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2137 done
2138
2139 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2140 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2141 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2142
2143 #
2144 # ip rule blocks address
2145 #
2146 log_start
2147 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2148 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2149
2150 a=${NSB_LO_IP6}
2151 run_cmd ${ping6} -c1 -w1 ${a}
2152 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2153
2154 log_start
2155 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2156 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2157
2158 a=${NSA_LO_IP6}
2159 log_start
2160 show_hint "Response lost due to ip rule"
2161 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2162 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2163
2164 log_start
2165 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2166 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2167
2168 #
2169 # remove 'remote' routes; fallback to default
2170 #
2171 log_start
2172 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2173
2174 a=${NSB_LO_IP6}
2175 run_cmd ${ping6} -c1 -w1 ${a}
2176 log_test_addr ${a} $? 2 "ping out, unreachable route"
2177
2178 log_start
2179 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2180 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2181
2182 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2183 a=${NSA_LO_IP6}
2184 log_start
2185 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2186 log_test_addr ${a} $? 2 "ping in, unreachable route"
2187}
2188
2189ipv6_ping()
2190{
2191 log_section "IPv6 ping"
2192
2193 log_subsection "No VRF"
2194 setup
2195 ipv6_ping_novrf
2196
2197 log_subsection "With VRF"
2198 setup "yes"
2199 ipv6_ping_vrf
2200}
2201
a071bbf2
DA		 2202################################################################################
2203# IPv6 TCP
2204
f0bee1eb
DA		 2205#
2206# MD5 tests without VRF
2207#
2208ipv6_tcp_md5_novrf()
2209{
2210 #
2211 # single address
2212 #
2213
2214 # basic use case
2215 log_start
2216 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} &
2217 sleep 1
2218 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2219 log_test $? 0 "MD5: Single address config"
2220
2221 # client sends MD5, server not configured
2222 log_start
2223 show_hint "Should timeout due to MD5 mismatch"
2224 run_cmd nettest -6 -s &
2225 sleep 1
2226 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2227 log_test $? 2 "MD5: Server no config, client uses password"
2228
2229 # wrong password
2230 log_start
2231 show_hint "Should timeout since client uses wrong password"
2232 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} &
2233 sleep 1
2234 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2235 log_test $? 2 "MD5: Client uses wrong password"
2236
2237 # client from different address
2238 log_start
2239 show_hint "Should timeout due to MD5 mismatch"
2240 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_LO_IP6} &
2241 sleep 1
2242 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2243 log_test $? 2 "MD5: Client address does not match address configured with password"
2244
2245 #
2246 # MD5 extension - prefix length
2247 #
2248
2249 # client in prefix
2250 log_start
2251 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2252 sleep 1
2253 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2254 log_test $? 0 "MD5: Prefix config"
2255
2256 # client in prefix, wrong password
2257 log_start
2258 show_hint "Should timeout since client uses wrong password"
2259 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2260 sleep 1
2261 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2262 log_test $? 2 "MD5: Prefix config, client uses wrong password"
2263
2264 # client outside of prefix
2265 log_start
2266 show_hint "Should timeout due to MD5 mismatch"
2267 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2268 sleep 1
2269 run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW}
2270 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
2271}
2272
5cad8bce
DA		 2273#
2274# MD5 tests with VRF
2275#
2276ipv6_tcp_md5()
2277{
2278 #
2279 # single address
2280 #
2281
2282 # basic use case
2283 log_start
2284 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
2285 sleep 1
2286 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2287 log_test $? 0 "MD5: VRF: Single address config"
2288
2289 # client sends MD5, server not configured
2290 log_start
2291 show_hint "Should timeout since server does not have MD5 auth"
2292 run_cmd nettest -6 -s -d ${VRF} &
2293 sleep 1
2294 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2295 log_test $? 2 "MD5: VRF: Server no config, client uses password"
2296
2297 # wrong password
2298 log_start
2299 show_hint "Should timeout since client uses wrong password"
2300 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
2301 sleep 1
2302 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2303 log_test $? 2 "MD5: VRF: Client uses wrong password"
2304
2305 # client from different address
2306 log_start
2307 show_hint "Should timeout since server config differs from client"
2308 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP6} &
2309 sleep 1
2310 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2311 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
2312
2313 #
2314 # MD5 extension - prefix length
2315 #
2316
2317 # client in prefix
2318 log_start
2319 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2320 sleep 1
2321 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2322 log_test $? 0 "MD5: VRF: Prefix config"
2323
2324 # client in prefix, wrong password
2325 log_start
2326 show_hint "Should timeout since client uses wrong password"
2327 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2328 sleep 1
2329 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2330 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
2331
2332 # client outside of prefix
2333 log_start
2334 show_hint "Should timeout since client address is outside of prefix"
2335 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2336 sleep 1
2337 run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW}
2338 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
2339
2340 #
2341 # duplicate config between default VRF and a VRF
2342 #
2343
2344 log_start
2345 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
2346 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
2347 sleep 1
2348 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2349 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
2350
2351 log_start
2352 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
2353 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
2354 sleep 1
2355 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2356 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
2357
2358 log_start
2359 show_hint "Should timeout since client in default VRF uses VRF password"
2360 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
2361 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
2362 sleep 1
2363 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2364 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
2365
2366 log_start
2367 show_hint "Should timeout since client in VRF uses default VRF password"
2368 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
2369 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
2370 sleep 1
2371 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2372 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
2373
2374 log_start
2375 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2376 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2377 sleep 1
2378 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2379 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
2380
2381 log_start
2382 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2383 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2384 sleep 1
2385 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2386 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
2387
2388 log_start
2389 show_hint "Should timeout since client in default VRF uses VRF password"
2390 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2391 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2392 sleep 1
2393 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2394 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
2395
2396 log_start
2397 show_hint "Should timeout since client in VRF uses default VRF password"
2398 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2399 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2400 sleep 1
2401 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2402 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
2403
2404 #
2405 # negative tests
2406 #
2407 log_start
2408 run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP6}
2409 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2410
2411 log_start
2412 run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
2413 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2414
2415}
2416
a071bbf2
DA		 2417ipv6_tcp_novrf()
2418{
2419 local a
2420
2421 #
2422 # server tests
2423 #
2424 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2425 do
2426 log_start
2427 run_cmd nettest -6 -s &
2428 sleep 1
2429 run_cmd_nsb nettest -6 -r ${a}
2430 log_test_addr ${a} $? 0 "Global server"
2431 done
2432
2433 # verify TCP reset received
2434 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2435 do
2436 log_start
2437 show_hint "Should fail 'Connection refused'"
2438 run_cmd_nsb nettest -6 -r ${a}
2439 log_test_addr ${a} $? 1 "No server"
2440 done
2441
2442 #
2443 # client
2444 #
2445 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2446 do
2447 log_start
2448 run_cmd_nsb nettest -6 -s &
2449 sleep 1
2450 run_cmd nettest -6 -r ${a}
2451 log_test_addr ${a} $? 0 "Client"
2452 done
2453
2454 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2455 do
2456 log_start
2457 run_cmd_nsb nettest -6 -s &
2458 sleep 1
2459 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2460 log_test_addr ${a} $? 0 "Client, device bind"
2461 done
2462
2463 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2464 do
2465 log_start
2466 show_hint "Should fail 'Connection refused'"
2467 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2468 log_test_addr ${a} $? 1 "No server, device client"
2469 done
2470
2471 #
2472 # local address tests
2473 #
2474 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2475 do
2476 log_start
2477 run_cmd nettest -6 -s &
2478 sleep 1
2479 run_cmd nettest -6 -r ${a}
2480 log_test_addr ${a} $? 0 "Global server, local connection"
2481 done
2482
2483 a=${NSA_IP6}
2484 log_start
2485 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2486 sleep 1
2487 run_cmd nettest -6 -r ${a} -0 ${a}
2488 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2489
2490 for a in ${NSA_LO_IP6} ::1
2491 do
2492 log_start
2493 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2494 run_cmd nettest -6 -s -d ${NSA_DEV} &
2495 sleep 1
2496 run_cmd nettest -6 -r ${a}
2497 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2498 done
2499
2500 a=${NSA_IP6}
2501 log_start
2502 run_cmd nettest -6 -s &
2503 sleep 1
2504 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2505 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2506
2507 for a in ${NSA_LO_IP6} ::1
2508 do
2509 log_start
2510 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2511 run_cmd nettest -6 -s &
2512 sleep 1
2513 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2514 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2515 done
2516
2517 for a in ${NSA_IP6} ${NSA_LINKIP6}
2518 do
2519 log_start
2520 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2521 sleep 1
2522 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2523 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2524 done
2525
2526 for a in ${NSA_IP6} ${NSA_LINKIP6}
2527 do
2528 log_start
2529 show_hint "Should fail 'Connection refused'"
2530 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2531 log_test_addr ${a} $? 1 "No server, device client, local conn"
2532 done
f0bee1eb
DA		 2533
2534 ipv6_tcp_md5_novrf
a071bbf2
DA		 2535}
2536
2537ipv6_tcp_vrf()
2538{
2539 local a
2540
2541 # disable global server
2542 log_subsection "Global server disabled"
2543
2544 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2545
2546 #
2547 # server tests
2548 #
2549 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2550 do
2551 log_start
2552 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2553 run_cmd nettest -6 -s &
2554 sleep 1
2555 run_cmd_nsb nettest -6 -r ${a}
2556 log_test_addr ${a} $? 1 "Global server"
2557 done
2558
2559 for a in ${NSA_IP6} ${VRF_IP6}
2560 do
2561 log_start
2562 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2563 sleep 1
2564 run_cmd_nsb nettest -6 -r ${a}
2565 log_test_addr ${a} $? 0 "VRF server"
2566 done
2567
2568 # link local is always bound to ingress device
2569 a=${NSA_LINKIP6}%${NSB_DEV}
2570 log_start
2571 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
2572 sleep 1
2573 run_cmd_nsb nettest -6 -r ${a}
2574 log_test_addr ${a} $? 0 "VRF server"
2575
2576 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2577 do
2578 log_start
2579 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2580 sleep 1
2581 run_cmd_nsb nettest -6 -r ${a}
2582 log_test_addr ${a} $? 0 "Device server"
2583 done
2584
2585 # verify TCP reset received
2586 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2587 do
2588 log_start
2589 show_hint "Should fail 'Connection refused'"
2590 run_cmd_nsb nettest -6 -r ${a}
2591 log_test_addr ${a} $? 1 "No server"
2592 done
2593
2594 # local address tests
2595 a=${NSA_IP6}
2596 log_start
2597 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2598 run_cmd nettest -6 -s &
2599 sleep 1
2600 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2601 log_test_addr ${a} $? 1 "Global server, local connection"
2602
5cad8bce
DA		 2603 # run MD5 tests
2604 ipv6_tcp_md5
2605
a071bbf2
DA		 2606 #
2607 # enable VRF global server
2608 #
2609 log_subsection "VRF Global server enabled"
2610 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2611
2612 for a in ${NSA_IP6} ${VRF_IP6}
2613 do
2614 log_start
2615 run_cmd nettest -6 -s -2 ${VRF} &
2616 sleep 1
2617 run_cmd_nsb nettest -6 -r ${a}
2618 log_test_addr ${a} $? 0 "Global server"
2619 done
2620
2621 for a in ${NSA_IP6} ${VRF_IP6}
2622 do
2623 log_start
2624 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2625 sleep 1
2626 run_cmd_nsb nettest -6 -r ${a}
2627 log_test_addr ${a} $? 0 "VRF server"
2628 done
2629
2630 # For LLA, child socket is bound to device
2631 a=${NSA_LINKIP6}%${NSB_DEV}
2632 log_start
2633 run_cmd nettest -6 -s -2 ${NSA_DEV} &
2634 sleep 1
2635 run_cmd_nsb nettest -6 -r ${a}
2636 log_test_addr ${a} $? 0 "Global server"
2637
2638 log_start
2639 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
2640 sleep 1
2641 run_cmd_nsb nettest -6 -r ${a}
2642 log_test_addr ${a} $? 0 "VRF server"
2643
2644 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2645 do
2646 log_start
2647 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2648 sleep 1
2649 run_cmd_nsb nettest -6 -r ${a}
2650 log_test_addr ${a} $? 0 "Device server"
2651 done
2652
2653 # verify TCP reset received
2654 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2655 do
2656 log_start
2657 show_hint "Should fail 'Connection refused'"
2658 run_cmd_nsb nettest -6 -r ${a}
2659 log_test_addr ${a} $? 1 "No server"
2660 done
2661
2662 # local address tests
2663 for a in ${NSA_IP6} ${VRF_IP6}
2664 do
2665 log_start
2666 show_hint "Fails 'No route to host' since client is not in VRF"
2667 run_cmd nettest -6 -s -2 ${VRF} &
2668 sleep 1
2669 run_cmd nettest -6 -r ${a}
2670 log_test_addr ${a} $? 1 "Global server, local connection"
2671 done
2672
2673
2674 #
2675 # client
2676 #
2677 for a in ${NSB_IP6} ${NSB_LO_IP6}
2678 do
2679 log_start
2680 run_cmd_nsb nettest -6 -s &
2681 sleep 1
2682 run_cmd nettest -6 -r ${a} -d ${VRF}
2683 log_test_addr ${a} $? 0 "Client, VRF bind"
2684 done
2685
2686 a=${NSB_LINKIP6}
2687 log_start
2688 show_hint "Fails since VRF device does not allow linklocal addresses"
2689 run_cmd_nsb nettest -6 -s &
2690 sleep 1
2691 run_cmd nettest -6 -r ${a} -d ${VRF}
2692 log_test_addr ${a} $? 1 "Client, VRF bind"
2693
2694 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2695 do
2696 log_start
2697 run_cmd_nsb nettest -6 -s &
2698 sleep 1
2699 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2700 log_test_addr ${a} $? 0 "Client, device bind"
2701 done
2702
2703 for a in ${NSB_IP6} ${NSB_LO_IP6}
2704 do
2705 log_start
2706 show_hint "Should fail 'Connection refused'"
2707 run_cmd nettest -6 -r ${a} -d ${VRF}
2708 log_test_addr ${a} $? 1 "No server, VRF client"
2709 done
2710
2711 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2712 do
2713 log_start
2714 show_hint "Should fail 'Connection refused'"
2715 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2716 log_test_addr ${a} $? 1 "No server, device client"
2717 done
2718
2719 for a in ${NSA_IP6} ${VRF_IP6} ::1
2720 do
2721 log_start
2722 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2723 sleep 1
2724 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2725 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2726 done
2727
2728 a=${NSA_IP6}
2729 log_start
2730 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2731 sleep 1
2732 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2733 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2734
2735 a=${NSA_IP6}
2736 log_start
2737 show_hint "Should fail since unbound client is out of VRF scope"
2738 run_cmd nettest -6 -s -d ${VRF} &
2739 sleep 1
2740 run_cmd nettest -6 -r ${a}
2741 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2742
2743 log_start
2744 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2745 sleep 1
2746 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2747 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2748
2749 for a in ${NSA_IP6} ${NSA_LINKIP6}
2750 do
2751 log_start
2752 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2753 sleep 1
2754 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2755 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2756 done
2757}
2758
2759ipv6_tcp()
2760{
2761 log_section "IPv6/TCP"
a071bbf2
DA		 2762 log_subsection "No VRF"
2763 setup
2764
2765 # tcp_l3mdev_accept should have no affect without VRF;
2766 # run tests with it enabled and disabled to verify
2767 log_subsection "tcp_l3mdev_accept disabled"
2768 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2769 ipv6_tcp_novrf
2770 log_subsection "tcp_l3mdev_accept enabled"
2771 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2772 ipv6_tcp_novrf
2773
2774 log_subsection "With VRF"
2775 setup "yes"
2776 ipv6_tcp_vrf
2777}
2778
6abdb651
DA		 2779################################################################################
2780# IPv6 UDP
2781
2782ipv6_udp_novrf()
2783{
2784 local a
2785
2786 #
2787 # server tests
2788 #
2789 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2790 do
2791 log_start
2792 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2793 sleep 1
2794 run_cmd_nsb nettest -6 -D -r ${a}
2795 log_test_addr ${a} $? 0 "Global server"
2796
2797 log_start
2798 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2799 sleep 1
2800 run_cmd_nsb nettest -6 -D -r ${a}
2801 log_test_addr ${a} $? 0 "Device server"
2802 done
2803
2804 a=${NSA_LO_IP6}
2805 log_start
2806 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2807 sleep 1
2808 run_cmd_nsb nettest -6 -D -r ${a}
2809 log_test_addr ${a} $? 0 "Global server"
2810
2811 # should fail since loopback address is out of scope for a device
2812 # bound server, but it does not - hence this is more documenting
2813 # behavior.
2814 #log_start
2815 #show_hint "Should fail since loopback address is out of scope"
2816 #run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2817 #sleep 1
2818 #run_cmd_nsb nettest -6 -D -r ${a}
2819 #log_test_addr ${a} $? 1 "Device server"
2820
2821 # negative test - should fail
2822 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2823 do
2824 log_start
2825 show_hint "Should fail 'Connection refused' since there is no server"
2826 run_cmd_nsb nettest -6 -D -r ${a}
2827 log_test_addr ${a} $? 1 "No server"
2828 done
2829
2830 #
2831 # client
2832 #
2833 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2834 do
2835 log_start
2836 run_cmd_nsb nettest -6 -D -s &
2837 sleep 1
2838 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2839 log_test_addr ${a} $? 0 "Client"
2840
2841 log_start
2842 run_cmd_nsb nettest -6 -D -s &
2843 sleep 1
2844 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2845 log_test_addr ${a} $? 0 "Client, device bind"
2846
2847 log_start
2848 run_cmd_nsb nettest -6 -D -s &
2849 sleep 1
2850 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2851 log_test_addr ${a} $? 0 "Client, device send via cmsg"
2852
2853 log_start
2854 run_cmd_nsb nettest -6 -D -s &
2855 sleep 1
2856 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2857 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
2858
2859 log_start
2860 show_hint "Should fail 'Connection refused'"
2861 run_cmd nettest -6 -D -r ${a}
2862 log_test_addr ${a} $? 1 "No server, unbound client"
2863
2864 log_start
2865 show_hint "Should fail 'Connection refused'"
2866 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2867 log_test_addr ${a} $? 1 "No server, device client"
2868 done
2869
2870 #
2871 # local address tests
2872 #
2873 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2874 do
2875 log_start
2876 run_cmd nettest -6 -D -s &
2877 sleep 1
2878 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
2879 log_test_addr ${a} $? 0 "Global server, local connection"
2880 done
2881
2882 a=${NSA_IP6}
2883 log_start
2884 run_cmd nettest -6 -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
2885 sleep 1
2886 run_cmd nettest -6 -D -r ${a}
2887 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2888
2889 for a in ${NSA_LO_IP6} ::1
2890 do
2891 log_start
2892 show_hint "Should fail 'Connection refused' since address is out of device scope"
2893 run_cmd nettest -6 -s -D -d ${NSA_DEV} &
2894 sleep 1
2895 run_cmd nettest -6 -D -r ${a}
2896 log_test_addr ${a} $? 1 "Device server, local connection"
2897 done
2898
2899 a=${NSA_IP6}
2900 log_start
2901 run_cmd nettest -6 -s -D &
2902 sleep 1
2903 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2904 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2905
2906 log_start
2907 run_cmd nettest -6 -s -D &
2908 sleep 1
2909 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
2910 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
2911
2912 log_start
2913 run_cmd nettest -6 -s -D &
2914 sleep 1
2915 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
2916 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
2917
2918 for a in ${NSA_LO_IP6} ::1
2919 do
2920 log_start
2921 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2922 run_cmd nettest -6 -D -s &
2923 sleep 1
2924 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2925 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2926
2927 log_start
2928 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2929 run_cmd nettest -6 -D -s &
2930 sleep 1
2931 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
2932 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
2933
2934 log_start
2935 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2936 run_cmd nettest -6 -D -s &
2937 sleep 1
2938 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
2939 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
2940 done
2941
2942 a=${NSA_IP6}
2943 log_start
2944 run_cmd nettest -6 -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2945 sleep 1
2946 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
2947 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2948
2949 log_start
2950 show_hint "Should fail 'Connection refused'"
2951 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2952 log_test_addr ${a} $? 1 "No server, device client, local conn"
2953
2954 # LLA to GUA
2955 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2956 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
2957 log_start
2958 run_cmd nettest -6 -s -D &
2959 sleep 1
2960 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
2961 log_test $? 0 "UDP in - LLA to GUA"
2962
2963 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
2964 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
2965}
2966
2967ipv6_udp_vrf()
2968{
2969 local a
2970
2971 # disable global server
2972 log_subsection "Global server disabled"
2973 set_sysctl net.ipv4.udp_l3mdev_accept=0
2974
2975 #
2976 # server tests
2977 #
2978 for a in ${NSA_IP6} ${VRF_IP6}
2979 do
2980 log_start
2981 show_hint "Should fail 'Connection refused' since global server is disabled"
2982 run_cmd nettest -6 -D -s &
2983 sleep 1
2984 run_cmd_nsb nettest -6 -D -r ${a}
2985 log_test_addr ${a} $? 1 "Global server"
2986 done
2987
2988 for a in ${NSA_IP6} ${VRF_IP6}
2989 do
2990 log_start
2991 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2992 sleep 1
2993 run_cmd_nsb nettest -6 -D -r ${a}
2994 log_test_addr ${a} $? 0 "VRF server"
2995 done
2996
2997 for a in ${NSA_IP6} ${VRF_IP6}
2998 do
2999 log_start
3000 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
3001 sleep 1
3002 run_cmd_nsb nettest -6 -D -r ${a}
3003 log_test_addr ${a} $? 0 "Enslaved device server"
3004 done
3005
3006 # negative test - should fail
3007 for a in ${NSA_IP6} ${VRF_IP6}
3008 do
3009 log_start
3010 show_hint "Should fail 'Connection refused' since there is no server"
3011 run_cmd_nsb nettest -6 -D -r ${a}
3012 log_test_addr ${a} $? 1 "No server"
3013 done
3014
3015 #
3016 # local address tests
3017 #
3018 for a in ${NSA_IP6} ${VRF_IP6}
3019 do
3020 log_start
3021 show_hint "Should fail 'Connection refused' since global server is disabled"
3022 run_cmd nettest -6 -D -s &
3023 sleep 1
3024 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3025 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3026 done
3027
3028 for a in ${NSA_IP6} ${VRF_IP6}
3029 do
3030 log_start
3031 run_cmd nettest -6 -D -d ${VRF} -s &
3032 sleep 1
3033 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3034 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3035 done
3036
3037 a=${NSA_IP6}
3038 log_start
3039 show_hint "Should fail 'Connection refused' since global server is disabled"
3040 run_cmd nettest -6 -D -s &
3041 sleep 1
3042 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3043 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3044
3045 log_start
3046 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
3047 sleep 1
3048 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3049 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3050
3051 log_start
3052 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
3053 sleep 1
3054 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3055 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3056
3057 log_start
3058 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
3059 sleep 1
3060 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3061 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3062
3063 # disable global server
3064 log_subsection "Global server enabled"
3065 set_sysctl net.ipv4.udp_l3mdev_accept=1
3066
3067 #
3068 # server tests
3069 #
3070 for a in ${NSA_IP6} ${VRF_IP6}
3071 do
3072 log_start
3073 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
3074 sleep 1
3075 run_cmd_nsb nettest -6 -D -r ${a}
3076 log_test_addr ${a} $? 0 "Global server"
3077 done
3078
3079 for a in ${NSA_IP6} ${VRF_IP6}
3080 do
3081 log_start
3082 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
3083 sleep 1
3084 run_cmd_nsb nettest -6 -D -r ${a}
3085 log_test_addr ${a} $? 0 "VRF server"
3086 done
3087
3088 for a in ${NSA_IP6} ${VRF_IP6}
3089 do
3090 log_start
3091 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
3092 sleep 1
3093 run_cmd_nsb nettest -6 -D -r ${a}
3094 log_test_addr ${a} $? 0 "Enslaved device server"
3095 done
3096
3097 # negative test - should fail
3098 for a in ${NSA_IP6} ${VRF_IP6}
3099 do
3100 log_start
3101 run_cmd_nsb nettest -6 -D -r ${a}
3102 log_test_addr ${a} $? 1 "No server"
3103 done
3104
3105 #
3106 # client tests
3107 #
3108 log_start
3109 run_cmd_nsb nettest -6 -D -s &
3110 sleep 1
3111 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3112 log_test $? 0 "VRF client"
3113
3114 # negative test - should fail
3115 log_start
3116 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3117 log_test $? 1 "No server, VRF client"
3118
3119 log_start
3120 run_cmd_nsb nettest -6 -D -s &
3121 sleep 1
3122 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3123 log_test $? 0 "Enslaved device client"
3124
3125 # negative test - should fail
3126 log_start
3127 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3128 log_test $? 1 "No server, enslaved device client"
3129
3130 #
3131 # local address tests
3132 #
3133 a=${NSA_IP6}
3134 log_start
3135 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
3136 sleep 1
3137 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3138 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3139
3140 #log_start
3141 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
3142 sleep 1
3143 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3144 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3145
3146
3147 a=${VRF_IP6}
3148 log_start
3149 run_cmd nettest -6 -D -s -2 ${VRF} &
3150 sleep 1
3151 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3152 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3153
3154 log_start
3155 run_cmd nettest -6 -D -d ${VRF} -s -2 ${VRF} &
3156 sleep 1
3157 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3158 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3159
3160 # negative test - should fail
3161 for a in ${NSA_IP6} ${VRF_IP6}
3162 do
3163 log_start
3164 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3165 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3166 done
3167
3168 # device to global IP
3169 a=${NSA_IP6}
3170 log_start
3171 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
3172 sleep 1
3173 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3174 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3175
3176 log_start
3177 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
3178 sleep 1
3179 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3180 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3181
3182 log_start
3183 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
3184 sleep 1
3185 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3186 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3187
3188 log_start
3189 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
3190 sleep 1
3191 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3192 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3193
3194 log_start
3195 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3196 log_test_addr ${a} $? 1 "No server, device client, local conn"
3197
3198
3199 # link local addresses
3200 log_start
3201 run_cmd nettest -6 -D -s &
3202 sleep 1
3203 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3204 log_test $? 0 "Global server, linklocal IP"
3205
3206 log_start
3207 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3208 log_test $? 1 "No server, linklocal IP"
3209
3210
3211 log_start
3212 run_cmd_nsb nettest -6 -D -s &
3213 sleep 1
3214 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3215 log_test $? 0 "Enslaved device client, linklocal IP"
3216
3217 log_start
3218 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3219 log_test $? 1 "No server, device client, peer linklocal IP"
3220
3221
3222 log_start
3223 run_cmd nettest -6 -D -s &
3224 sleep 1
3225 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3226 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3227
3228 log_start
3229 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3230 log_test $? 1 "No server, device client, local conn - linklocal IP"
3231
3232 # LLA to GUA
3233 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3234 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3235 log_start
3236 run_cmd nettest -6 -s -D &
3237 sleep 1
3238 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3239 log_test $? 0 "UDP in - LLA to GUA"
3240
3241 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3242 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3243}
3244
3245ipv6_udp()
3246{
3247 # should not matter, but set to known state
3248 set_sysctl net.ipv4.udp_early_demux=1
3249
3250 log_section "IPv6/UDP"
3251 log_subsection "No VRF"
3252 setup
3253
3254 # udp_l3mdev_accept should have no affect without VRF;
3255 # run tests with it enabled and disabled to verify
3256 log_subsection "udp_l3mdev_accept disabled"
3257 set_sysctl net.ipv4.udp_l3mdev_accept=0
3258 ipv6_udp_novrf
3259 log_subsection "udp_l3mdev_accept enabled"
3260 set_sysctl net.ipv4.udp_l3mdev_accept=1
3261 ipv6_udp_novrf
3262
3263 log_subsection "With VRF"
3264 setup "yes"
3265 ipv6_udp_vrf
3266}
3267
34d0302a
DA		 3268################################################################################
3269# IPv6 address bind
3270
3271ipv6_addr_bind_novrf()
3272{
3273 #
3274 # raw socket
3275 #
3276 for a in ${NSA_IP6} ${NSA_LO_IP6}
3277 do
3278 log_start
3279 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3280 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3281
3282 log_start
3283 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
3284 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3285 done
3286
3287 #
3288 # tcp sockets
3289 #
3290 a=${NSA_IP6}
3291 log_start
3292 run_cmd nettest -6 -s -l ${a} -t1 -b
3293 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3294
3295 log_start
3296 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3297 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3298
3299 a=${NSA_LO_IP6}
3300 log_start
3301 show_hint "Should fail with 'Cannot assign requested address'"
3302 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3303 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
3304}
3305
3306ipv6_addr_bind_vrf()
3307{
3308 #
3309 # raw socket
3310 #
3311 for a in ${NSA_IP6} ${VRF_IP6}
3312 do
3313 log_start
3314 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
3315 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3316
3317 log_start
3318 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
3319 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3320 done
3321
3322 a=${NSA_LO_IP6}
3323 log_start
3324 show_hint "Address on loopback is out of VRF scope"
3325 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
3326 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3327
3328 #
3329 # tcp sockets
3330 #
3331 # address on enslaved device is valid for the VRF or device in a VRF
3332 for a in ${NSA_IP6} ${VRF_IP6}
3333 do
3334 log_start
3335 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
3336 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3337 done
3338
3339 a=${NSA_IP6}
3340 log_start
3341 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3342 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3343
3344 a=${VRF_IP6}
3345 log_start
3346 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3347 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind"
3348
3349 a=${NSA_LO_IP6}
3350 log_start
3351 show_hint "Address on loopback out of scope for VRF"
3352 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
3353 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3354
3355 log_start
3356 show_hint "Address on loopback out of scope for device in VRF"
3357 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3358 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3359
3360}
3361
3362ipv6_addr_bind()
3363{
3364 log_section "IPv6 address binds"
3365
3366 log_subsection "No VRF"
3367 setup
3368 ipv6_addr_bind_novrf
3369
3370 log_subsection "With VRF"
3371 setup "yes"
3372 ipv6_addr_bind_vrf
3373}
3374
4cd12f61
DA		 3375################################################################################
3376# IPv6 runtime tests
3377
3378ipv6_rt()
3379{
3380 local desc="$1"
3381 local varg="-6 $2"
3382 local with_vrf="yes"
3383 local a
3384
3385 #
3386 # server tests
3387 #
3388 for a in ${NSA_IP6} ${VRF_IP6}
3389 do
3390 log_start
3391 run_cmd nettest ${varg} -s &
3392 sleep 1
3393 run_cmd_nsb nettest ${varg} -r ${a} &
3394 sleep 3
3395 run_cmd ip link del ${VRF}
3396 sleep 1
3397 log_test_addr ${a} 0 0 "${desc}, global server"
3398
3399 setup ${with_vrf}
3400 done
3401
3402 for a in ${NSA_IP6} ${VRF_IP6}
3403 do
3404 log_start
3405 run_cmd nettest ${varg} -d ${VRF} -s &
3406 sleep 1
3407 run_cmd_nsb nettest ${varg} -r ${a} &
3408 sleep 3
3409 run_cmd ip link del ${VRF}
3410 sleep 1
3411 log_test_addr ${a} 0 0 "${desc}, VRF server"
3412
3413 setup ${with_vrf}
3414 done
3415
3416 for a in ${NSA_IP6} ${VRF_IP6}
3417 do
3418 log_start
3419 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
3420 sleep 1
3421 run_cmd_nsb nettest ${varg} -r ${a} &
3422 sleep 3
3423 run_cmd ip link del ${VRF}
3424 sleep 1
3425 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3426
3427 setup ${with_vrf}
3428 done
3429
3430 #
3431 # client test
3432 #
3433 log_start
3434 run_cmd_nsb nettest ${varg} -s &
3435 sleep 1
3436 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3437 sleep 3
3438 run_cmd ip link del ${VRF}
3439 sleep 1
3440 log_test 0 0 "${desc}, VRF client"
3441
3442 setup ${with_vrf}
3443
3444 log_start
3445 run_cmd_nsb nettest ${varg} -s &
3446 sleep 1
3447 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3448 sleep 3
3449 run_cmd ip link del ${VRF}
3450 sleep 1
3451 log_test 0 0 "${desc}, enslaved device client"
3452
3453 setup ${with_vrf}
3454
3455
3456 #
3457 # local address tests
3458 #
3459 for a in ${NSA_IP6} ${VRF_IP6}
3460 do
3461 log_start
3462 run_cmd nettest ${varg} -s &
3463 sleep 1
3464 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3465 sleep 3
3466 run_cmd ip link del ${VRF}
3467 sleep 1
3468 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3469
3470 setup ${with_vrf}
3471 done
3472
3473 for a in ${NSA_IP6} ${VRF_IP6}
3474 do
3475 log_start
3476 run_cmd nettest ${varg} -d ${VRF} -s &
3477 sleep 1
3478 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3479 sleep 3
3480 run_cmd ip link del ${VRF}
3481 sleep 1
3482 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3483
3484 setup ${with_vrf}
3485 done
3486
3487 a=${NSA_IP6}
3488 log_start
3489 run_cmd nettest ${varg} -s &
3490 sleep 1
3491 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3492 sleep 3
3493 run_cmd ip link del ${VRF}
3494 sleep 1
3495 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3496
3497 setup ${with_vrf}
3498
3499 log_start
3500 run_cmd nettest ${varg} -d ${VRF} -s &
3501 sleep 1
3502 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3503 sleep 3
3504 run_cmd ip link del ${VRF}
3505 sleep 1
3506 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3507
3508 setup ${with_vrf}
3509
3510 log_start
3511 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
3512 sleep 1
3513 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3514 sleep 3
3515 run_cmd ip link del ${VRF}
3516 sleep 1
3517 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3518}
3519
3520ipv6_ping_rt()
3521{
3522 local with_vrf="yes"
3523 local a
3524
3525 a=${NSA_IP6}
3526 log_start
3527 run_cmd_nsb ${ping6} -f ${a} &
3528 sleep 3
3529 run_cmd ip link del ${VRF}
3530 sleep 1
3531 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3532
3533 setup ${with_vrf}
3534
3535 log_start
3536 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3537 sleep 1
3538 run_cmd ip link del ${VRF}
3539 sleep 1
3540 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3541}
3542
3543ipv6_runtime()
3544{
3545 log_section "Run time tests - ipv6"
3546
3547 setup "yes"
3548 ipv6_ping_rt
3549
3550 setup "yes"
3551 ipv6_rt "TCP active socket" "-n -1"
3552
3553 setup "yes"
3554 ipv6_rt "TCP passive socket" "-i"
3555
3556 setup "yes"
3557 ipv6_rt "UDP active socket" "-D -n -1"
3558}
3559
88f2b360
DA		 3560################################################################################
3561# netfilter blocking connections
3562
3563netfilter_tcp_reset()
3564{
3565 local a
3566
3567 for a in ${NSA_IP} ${VRF_IP}
3568 do
3569 log_start
3570 run_cmd nettest -s &
3571 sleep 1
3572 run_cmd_nsb nettest -r ${a}
3573 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3574 done
3575}
3576
3577netfilter_icmp()
3578{
3579 local stype="$1"
3580 local arg
3581 local a
3582
3583 [ "${stype}" = "UDP" ] && arg="-D"
3584
3585 for a in ${NSA_IP} ${VRF_IP}
3586 do
3587 log_start
3588 run_cmd nettest ${arg} -s &
3589 sleep 1
3590 run_cmd_nsb nettest ${arg} -r ${a}
3591 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3592 done
3593}
3594
3595ipv4_netfilter()
3596{
88f2b360
DA		 3597 log_section "IPv4 Netfilter"
3598 log_subsection "TCP reset"
3599
3600 setup "yes"
3601 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3602
3603 netfilter_tcp_reset
3604
3605 log_start
3606 log_subsection "ICMP unreachable"
3607
3608 log_start
3609 run_cmd iptables -F
3610 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3611 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3612
3613 netfilter_icmp "TCP"
3614 netfilter_icmp "UDP"
3615
3616 log_start
3617 iptables -F
3618}
3619
db6641ee
DA		 3620netfilter_tcp6_reset()
3621{
3622 local a
3623
3624 for a in ${NSA_IP6} ${VRF_IP6}
3625 do
3626 log_start
3627 run_cmd nettest -6 -s &
3628 sleep 1
3629 run_cmd_nsb nettest -6 -r ${a}
3630 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3631 done
3632}
3633
3634netfilter_icmp6()
3635{
3636 local stype="$1"
3637 local arg
3638 local a
3639
3640 [ "${stype}" = "UDP" ] && arg="$arg -D"
3641
3642 for a in ${NSA_IP6} ${VRF_IP6}
3643 do
3644 log_start
3645 run_cmd nettest -6 -s ${arg} &
3646 sleep 1
3647 run_cmd_nsb nettest -6 ${arg} -r ${a}
3648 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3649 done
3650}
3651
3652ipv6_netfilter()
3653{
db6641ee
DA		 3654 log_section "IPv6 Netfilter"
3655 log_subsection "TCP reset"
3656
3657 setup "yes"
3658 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3659
3660 netfilter_tcp6_reset
3661
3662 log_subsection "ICMP unreachable"
3663
3664 log_start
3665 run_cmd ip6tables -F
3666 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3667 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3668
3669 netfilter_icmp6 "TCP"
3670 netfilter_icmp6 "UDP"
3671
3672 log_start
3673 ip6tables -F
3674}
3675
56eba15d
DA		 3676################################################################################
3677# specific use cases
3678
3679# VRF only.
3680# ns-A device enslaved to bridge. Verify traffic with and without
3681# br_netfilter module loaded. Repeat with SVI on bridge.
3682use_case_br()
3683{
3684 setup "yes"
3685
3686 setup_cmd ip link set ${NSA_DEV} down
3687 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24
3688 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
3689
3690 setup_cmd ip link add br0 type bridge
3691 setup_cmd ip addr add dev br0 ${NSA_IP}/24
3692 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
3693
3694 setup_cmd ip li set ${NSA_DEV} master br0
3695 setup_cmd ip li set ${NSA_DEV} up
3696 setup_cmd ip li set br0 up
3697 setup_cmd ip li set br0 vrf ${VRF}
3698
3699 rmmod br_netfilter 2>/dev/null
3700 sleep 5 # DAD
3701
3702 run_cmd ip neigh flush all
3703 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3704 log_test $? 0 "Bridge into VRF - IPv4 ping out"
3705
3706 run_cmd ip neigh flush all
3707 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3708 log_test $? 0 "Bridge into VRF - IPv6 ping out"
3709
3710 run_cmd ip neigh flush all
3711 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3712 log_test $? 0 "Bridge into VRF - IPv4 ping in"
3713
3714 run_cmd ip neigh flush all
3715 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3716 log_test $? 0 "Bridge into VRF - IPv6 ping in"
3717
3718 modprobe br_netfilter
3719 if [ $? -eq 0 ]; then
3720 run_cmd ip neigh flush all
3721 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3722 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3723
3724 run_cmd ip neigh flush all
3725 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3726 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3727
3728 run_cmd ip neigh flush all
3729 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3730 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3731
3732 run_cmd ip neigh flush all
3733 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3734 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3735 fi
3736
3737 setup_cmd ip li set br0 nomaster
3738 setup_cmd ip li add br0.100 link br0 type vlan id 100
3739 setup_cmd ip li set br0.100 vrf ${VRF} up
3740 setup_cmd ip addr add dev br0.100 172.16.101.1/24
3741 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
3742
3743 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100
3744 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24
3745 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
3746 setup_cmd_nsb ip li set vlan100 up
3747 sleep 1
3748
3749 rmmod br_netfilter 2>/dev/null
3750
3751 run_cmd ip neigh flush all
3752 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3753 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
3754
3755 run_cmd ip neigh flush all
3756 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3757 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
3758
3759 run_cmd ip neigh flush all
3760 run_cmd_nsb ping -c1 -w1 172.16.101.1
3761 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3762
3763 run_cmd ip neigh flush all
3764 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3765 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3766
3767 modprobe br_netfilter
3768 if [ $? -eq 0 ]; then
3769 run_cmd ip neigh flush all
3770 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3771 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3772
3773 run_cmd ip neigh flush all
3774 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3775 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3776
3777 run_cmd ip neigh flush all
3778 run_cmd_nsb ping -c1 -w1 172.16.101.1
3779 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3780
3781 run_cmd ip neigh flush all
3782 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3783 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3784 fi
3785
3786 setup_cmd ip li del br0 2>/dev/null
3787 setup_cmd_nsb ip li del vlan100 2>/dev/null
3788}
3789
3790use_cases()
3791{
3792 log_section "Use cases"
3793 use_case_br
3794}
3795
6f9d5cac
DA		 3796################################################################################
3797# usage
3798
3799usage()
3800{
3801 cat <<EOF
3802usage: ${0##*/} OPTS
3803
3804 -4 IPv4 tests only
3805 -6 IPv6 tests only
3806 -t <test> Test name/set to run
3807 -p Pause on fail
3808 -P Pause after each test
3809 -v Be verbose
3810EOF
3811}
3812
3813################################################################################
3814# main
3815
88f2b360 3816TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter"
db6641ee 3817TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter"
56eba15d
DA		 3818TESTS_OTHER="use_cases"
3819
6f9d5cac
DA		 3820PAUSE_ON_FAIL=no
3821PAUSE=no
3822
3823while getopts :46t:pPvh o
3824do
3825 case $o in
3826 4) TESTS=ipv4;;
3827 6) TESTS=ipv6;;
3828 t) TESTS=$OPTARG;;
3829 p) PAUSE_ON_FAIL=yes;;
3830 P) PAUSE=yes;;
3831 v) VERBOSE=1;;
3832 h) usage; exit 0;;
3833 *) usage; exit 1;;
3834 esac
3835done
3836
3837# make sure we don't pause twice
3838[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
3839
3840#
3841# show user test config
3842#
3843if [ -z "$TESTS" ]; then
3844 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
3845elif [ "$TESTS" = "ipv4" ]; then
3846 TESTS="$TESTS_IPV4"
3847elif [ "$TESTS" = "ipv6" ]; then
3848 TESTS="$TESTS_IPV6"
3849fi
3850
f887427b
DA		 3851which nettest >/dev/null
3852if [ $? -ne 0 ]; then
3853 echo "'nettest' command not found; skipping tests"
3854 exit 0
3855fi
3856
6f9d5cac
DA		 3857declare -i nfail=0
3858declare -i nsuccess=0
3859
3860for t in $TESTS
3861do
3862 case $t in
c032dd8c 3863 ipv4_ping|ping) ipv4_ping;;
bbd7c764 3864 ipv4_tcp|tcp) ipv4_tcp;;
a4368be9 3865 ipv4_udp|udp) ipv4_udp;;
75b2b2b3 3866 ipv4_bind|bind) ipv4_addr_bind;;
0113f726 3867 ipv4_runtime) ipv4_runtime;;
88f2b360 3868 ipv4_netfilter) ipv4_netfilter;;
bbd7c764 3869
c0644e71 3870 ipv6_ping|ping6) ipv6_ping;;
a071bbf2 3871 ipv6_tcp|tcp6) ipv6_tcp;;
6abdb651 3872 ipv6_udp|udp6) ipv6_udp;;
34d0302a 3873 ipv6_bind|bind6) ipv6_addr_bind;;
4cd12f61 3874 ipv6_runtime) ipv6_runtime;;
db6641ee 3875 ipv6_netfilter) ipv6_netfilter;;
c032dd8c 3876
56eba15d
DA		 3877 use_cases) use_cases;;
3878
6f9d5cac
DA		 3879 # setup namespaces and config, but do not run any tests
3880 setup) setup; exit 0;;
3881 vrf_setup) setup "yes"; exit 0;;
3882
3883 help) echo "Test names: $TESTS"; exit 0;;
3884 esac
3885done
3886
3887cleanup 2>/dev/null
3888
3889printf "\nTests passed: %3d\n" ${nsuccess}
3890printf "Tests failed: %3d\n" ${nfail}
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git