2 # SPDX-License-Identifier: GPL-2.0
4 # Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
6 # IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7 # for various permutations:
8 # 1. icmp, tcp, udp and netfilter
9 # 2. client, server, no-server
10 # 3. global address on interface
11 # 4. global address on 'lo'
12 # 5. remote and local traffic
13 # 6. VRF and non-VRF permutations
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
33 # 172.16.2.2/32, 2001:db8:2::2/128
35 # server / client nomenclature relative to ns-A
54 NS_NET6
=2001:db8
:1::/120
58 NSA_LO_IP6
=2001:db8
:2::1
59 NSB_LO_IP6
=2001:db8
:2::2
65 # set after namespace create
72 NSA_CMD
="ip netns exec ${NSA}"
73 NSB_CMD
="ip netns exec ${NSB}"
75 which ping6
> /dev
/null
2>&1 && ping6
=$
(which ping6
) || ping6
=$
(which ping)
77 ################################################################################
86 [ "${VERBOSE}" = "1" ] && echo
88 if [ ${rc} -eq ${expected} ]; then
89 nsuccess
=$
((nsuccess
+1))
90 printf "TEST: %-70s [ OK ]\n" "${msg}"
93 printf "TEST: %-70s [FAIL]\n" "${msg}"
94 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
96 echo "hit enter to continue, 'q' to quit"
98 [ "$a" = "q" ] && exit 1
102 if [ "${PAUSE}" = "yes" ]; then
104 echo "hit enter to continue, 'q' to quit"
106 [ "$a" = "q" ] && exit 1
120 astr
=$
(addr2str
${addr})
121 log_test
$rc $expected "$msg - ${astr}"
127 echo "###########################################################################"
129 echo "###########################################################################"
136 echo "#################################################################"
143 # make sure we have no test instances running
146 if [ "${VERBOSE}" = "1" ]; then
148 echo "#######################################################"
154 if [ "${VERBOSE}" = "1" ]; then
163 if [ "${VERBOSE}" = "1" ]; then
171 killall nettest
ping ping6
>/dev
/null
2>&1
180 if [ "$VERBOSE" = "1" ]; then
181 echo "COMMAND: ${cmd}"
186 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
195 do_run_cmd
${NSA_CMD} $
*
200 do_run_cmd
${NSB_CMD} $
*
210 if [ $rc -ne 0 ]; then
211 # show user the command if not done so already
212 if [ "$VERBOSE" = "0" ]; then
213 echo "setup command: $cmd"
215 echo "failed. stopping tests"
216 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
218 echo "hit enter to continue"
232 if [ $rc -ne 0 ]; then
233 # show user the command if not done so already
234 if [ "$VERBOSE" = "0" ]; then
235 echo "setup command: $cmd"
237 echo "failed. stopping tests"
238 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
240 echo "hit enter to continue"
247 # set sysctl values in NS-A
252 run_cmd sysctl
-q -w $
*
255 ################################################################################
261 127.0.0.1) echo "loopback";;
262 ::1) echo "IPv6 loopback";;
264 ${NSA_IP}) echo "ns-A IP";;
265 ${NSA_IP6}) echo "ns-A IPv6";;
266 ${NSA_LO_IP}) echo "ns-A loopback IP";;
267 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
268 ${NSA_LINKIP6}|
${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
270 ${NSB_IP}) echo "ns-B IP";;
271 ${NSB_IP6}) echo "ns-B IPv6";;
272 ${NSB_LO_IP}) echo "ns-B loopback IP";;
273 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
274 ${NSB_LINKIP6}|
${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
276 ${VRF_IP}) echo "VRF IP";;
277 ${VRF_IP6}) echo "VRF IPv6";;
279 ${MCAST}%*) echo "multicast IP";;
291 addr
=$
(ip
-netns ${ns} -6 -br addr show dev
${dev} | \
293 for (i = 3; i <= NF; ++i) {
301 [ -z "$addr" ] && return 1
308 ################################################################################
309 # create namespaces and vrf
319 ip
-netns ${ns} link add ${vrf} type vrf table ${table}
320 ip
-netns ${ns} link
set ${vrf} up
321 ip
-netns ${ns} route add vrf
${vrf} unreachable default metric
8192
322 ip
-netns ${ns} -6 route add vrf
${vrf} unreachable default metric
8192
324 ip
-netns ${ns} addr add
127.0.0.1/8 dev
${vrf}
325 ip
-netns ${ns} -6 addr add
::1 dev
${vrf} nodad
326 if [ "${addr}" != "-" ]; then
327 ip
-netns ${ns} addr add dev ${vrf} ${addr}
329 if [ "${addr6}" != "-" ]; then
330 ip
-netns ${ns} -6 addr add dev ${vrf} ${addr6}
333 ip
-netns ${ns} ru del pref
0
334 ip
-netns ${ns} ru add pref
32765 from all lookup
local
335 ip
-netns ${ns} -6 ru del pref
0
336 ip
-netns ${ns} -6 ru add pref
32765 from all lookup
local
347 ip
-netns ${ns} link
set lo up
348 if [ "${addr}" != "-" ]; then
349 ip
-netns ${ns} addr add dev lo
${addr}
351 if [ "${addr6}" != "-" ]; then
352 ip
-netns ${ns} -6 addr add dev lo
${addr6}
355 ip
-netns ${ns} ro add unreachable default metric
8192
356 ip
-netns ${ns} -6 ro add unreachable default metric
8192
358 ip netns
exec ${ns} sysctl
-qw net.ipv4.ip_forward
=1
359 ip netns
exec ${ns} sysctl
-qw net.ipv6.conf.all.keep_addr_on_down
=1
360 ip netns
exec ${ns} sysctl
-qw net.ipv6.conf.all.forwarding
=1
361 ip netns
exec ${ns} sysctl
-qw net.ipv6.conf.default.forwarding
=1
364 # create veth pair to connect namespaces and apply addresses.
376 ip
-netns ${ns1} li add
${ns1_dev} type veth peer name tmp
377 ip
-netns ${ns1} li
set ${ns1_dev} up
378 ip
-netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
379 ip
-netns ${ns2} li
set ${ns2_dev} up
381 if [ "${ns1_addr}" != "-" ]; then
382 ip
-netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
383 ip
-netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
386 if [ "${ns1_addr6}" != "-" ]; then
387 ip
-netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
388 ip
-netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
394 # explicit cleanups to check those code paths
395 ip netns |
grep -q ${NSA}
396 if [ $?
-eq 0 ]; then
397 ip
-netns ${NSA} link delete
${VRF}
398 ip
-netns ${NSA} ro flush table
${VRF_TABLE}
400 ip
-netns ${NSA} addr flush dev
${NSA_DEV}
401 ip
-netns ${NSA} -6 addr flush dev
${NSA_DEV}
402 ip
-netns ${NSA} link
set dev
${NSA_DEV} down
403 ip
-netns ${NSA} link del dev
${NSA_DEV}
415 # make sure we are starting with a clean slate
419 log_debug
"Configuring network namespaces"
422 create_ns
${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
423 create_ns
${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
424 connect_ns
${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
425 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
427 NSA_LINKIP6
=$
(get_linklocal
${NSA} ${NSA_DEV})
428 NSB_LINKIP6
=$
(get_linklocal
${NSB} ${NSB_DEV})
430 # tell ns-A how to get to remote addresses of ns-B
431 if [ "${with_vrf}" = "yes" ]; then
432 create_vrf
${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
434 ip
-netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
435 ip
-netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
436 ip
-netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
438 ip
-netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
439 ip
-netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
441 ip
-netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
442 ip
-netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
446 # tell ns-B how to get to remote addresses of ns-A
447 ip
-netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
448 ip
-netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
455 ################################################################################
465 for a
in ${NSB_IP} ${NSB_LO_IP}
468 run_cmd
ping -c1 -w1 ${a}
469 log_test_addr
${a} $?
0 "ping out"
472 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
473 log_test_addr
${a} $?
0 "ping out, device bind"
476 run_cmd
ping -c1 -w1 -I ${NSA_LO_IP} ${a}
477 log_test_addr
${a} $?
0 "ping out, address bind"
483 for a
in ${NSA_IP} ${NSA_LO_IP}
486 run_cmd_nsb
ping -c1 -w1 ${a}
487 log_test_addr
${a} $?
0 "ping in"
493 for a
in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
496 run_cmd
ping -c1 -w1 ${a}
497 log_test_addr
${a} $?
0 "ping local"
501 # local traffic, socket bound to device
506 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
507 log_test_addr
${a} $?
0 "ping local, device bind"
509 # loopback addresses not reachable from device bind
510 # fails in a really weird way though because ipv4 special cases
511 # route lookups with oif set.
512 for a
in ${NSA_LO_IP} 127.0.0.1
515 show_hint
"Fails since address on loopback device is out of device scope"
516 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
517 log_test_addr
${a} $?
1 "ping local, device bind"
521 # ip rule blocks reachability to remote address
524 setup_cmd ip rule add pref
32765 from all lookup
local
525 setup_cmd ip rule del pref
0 from all lookup
local
526 setup_cmd ip rule add pref
50 to
${NSB_LO_IP} prohibit
527 setup_cmd ip rule add pref
51 from
${NSB_IP} prohibit
530 run_cmd
ping -c1 -w1 ${a}
531 log_test_addr
${a} $?
2 "ping out, blocked by rule"
533 # NOTE: ipv4 actually allows the lookup to fail and yet still create
534 # a viable rtable if the oif (e.g., bind to device) is set, so this
535 # case succeeds despite the rule
536 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
540 show_hint
"Response generates ICMP (or arp request is ignored) due to ip rule"
541 run_cmd_nsb
ping -c1 -w1 ${a}
542 log_test_addr
${a} $?
1 "ping in, blocked by rule"
544 [ "$VERBOSE" = "1" ] && echo
545 setup_cmd ip rule del pref
32765 from all lookup
local
546 setup_cmd ip rule add pref
0 from all lookup
local
547 setup_cmd ip rule del pref
50 to
${NSB_LO_IP} prohibit
548 setup_cmd ip rule del pref
51 from
${NSB_IP} prohibit
551 # route blocks reachability to remote address
554 setup_cmd ip route replace unreachable
${NSB_LO_IP}
555 setup_cmd ip route replace unreachable
${NSB_IP}
558 run_cmd
ping -c1 -w1 ${a}
559 log_test_addr
${a} $?
2 "ping out, blocked by route"
561 # NOTE: ipv4 actually allows the lookup to fail and yet still create
562 # a viable rtable if the oif (e.g., bind to device) is set, so this
563 # case succeeds despite not having a route for the address
564 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
568 show_hint
"Response is dropped (or arp request is ignored) due to ip route"
569 run_cmd_nsb
ping -c1 -w1 ${a}
570 log_test_addr
${a} $?
1 "ping in, blocked by route"
573 # remove 'remote' routes; fallback to default
576 setup_cmd ip ro del
${NSB_LO_IP}
579 run_cmd
ping -c1 -w1 ${a}
580 log_test_addr
${a} $?
2 "ping out, unreachable default route"
582 # NOTE: ipv4 actually allows the lookup to fail and yet still create
583 # a viable rtable if the oif (e.g., bind to device) is set, so this
584 # case succeeds despite not having a route for the address
585 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
592 # should default on; does not exist on older kernels
593 set_sysctl net.ipv4.raw_l3mdev_accept
=1 2>/dev
/null
598 for a
in ${NSB_IP} ${NSB_LO_IP}
601 run_cmd
ping -c1 -w1 -I ${VRF} ${a}
602 log_test_addr
${a} $?
0 "ping out, VRF bind"
605 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
606 log_test_addr
${a} $?
0 "ping out, device bind"
609 run_cmd ip vrf
exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
610 log_test_addr
${a} $?
0 "ping out, vrf device + dev address bind"
613 run_cmd ip vrf
exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
614 log_test_addr
${a} $?
0 "ping out, vrf device + vrf address bind"
620 for a
in ${NSA_IP} ${VRF_IP}
623 run_cmd_nsb
ping -c1 -w1 ${a}
624 log_test_addr
${a} $?
0 "ping in"
628 # local traffic, local address
630 for a
in ${NSA_IP} ${VRF_IP} 127.0.0.1
633 show_hint
"Source address should be ${a}"
634 run_cmd
ping -c1 -w1 -I ${VRF} ${a}
635 log_test_addr
${a} $?
0 "ping local, VRF bind"
639 # local traffic, socket bound to device
644 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
645 log_test_addr
${a} $?
0 "ping local, device bind"
647 # vrf device is out of scope
648 for a
in ${VRF_IP} 127.0.0.1
651 show_hint
"Fails since address on vrf device is out of device scope"
652 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
653 log_test_addr
${a} $?
1 "ping local, device bind"
657 # ip rule blocks address
660 setup_cmd ip rule add pref
50 to
${NSB_LO_IP} prohibit
661 setup_cmd ip rule add pref
51 from
${NSB_IP} prohibit
664 run_cmd
ping -c1 -w1 -I ${VRF} ${a}
665 log_test_addr
${a} $?
2 "ping out, vrf bind, blocked by rule"
668 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
669 log_test_addr
${a} $?
2 "ping out, device bind, blocked by rule"
673 show_hint
"Response lost due to ip rule"
674 run_cmd_nsb
ping -c1 -w1 ${a}
675 log_test_addr
${a} $?
1 "ping in, blocked by rule"
677 [ "$VERBOSE" = "1" ] && echo
678 setup_cmd ip rule del pref
50 to
${NSB_LO_IP} prohibit
679 setup_cmd ip rule del pref
51 from
${NSB_IP} prohibit
682 # remove 'remote' routes; fallback to default
685 setup_cmd ip ro del vrf
${VRF} ${NSB_LO_IP}
688 run_cmd
ping -c1 -w1 -I ${VRF} ${a}
689 log_test_addr
${a} $?
2 "ping out, vrf bind, unreachable route"
692 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
693 log_test_addr
${a} $?
2 "ping out, device bind, unreachable route"
697 show_hint
"Response lost by unreachable route"
698 run_cmd_nsb
ping -c1 -w1 ${a}
699 log_test_addr
${a} $?
1 "ping in, unreachable route"
704 log_section
"IPv4 ping"
706 log_subsection
"No VRF"
708 set_sysctl net.ipv4.raw_l3mdev_accept
=0 2>/dev
/null
711 set_sysctl net.ipv4.raw_l3mdev_accept
=1 2>/dev
/null
714 log_subsection
"With VRF"
719 ################################################################################
723 # MD5 tests without VRF
733 run_cmd nettest
-s -M ${MD5_PW} -r ${NSB_IP} &
735 run_cmd_nsb nettest
-r ${NSA_IP} -M ${MD5_PW}
736 log_test $?
0 "MD5: Single address config"
738 # client sends MD5, server not configured
740 show_hint
"Should timeout due to MD5 mismatch"
743 run_cmd_nsb nettest
-r ${NSA_IP} -M ${MD5_PW}
744 log_test $?
2 "MD5: Server no config, client uses password"
748 show_hint
"Should timeout since client uses wrong password"
749 run_cmd nettest
-s -M ${MD5_PW} -r ${NSB_IP} &
751 run_cmd_nsb nettest
-r ${NSA_IP} -M ${MD5_WRONG_PW}
752 log_test $?
2 "MD5: Client uses wrong password"
754 # client from different address
756 show_hint
"Should timeout due to MD5 mismatch"
757 run_cmd nettest
-s -M ${MD5_PW} -r ${NSB_LO_IP} &
759 run_cmd_nsb nettest
-r ${NSA_IP} -M ${MD5_PW}
760 log_test $?
2 "MD5: Client address does not match address configured with password"
763 # MD5 extension - prefix length
768 run_cmd nettest
-s -M ${MD5_PW} -m ${NS_NET} &
770 run_cmd_nsb nettest
-r ${NSA_IP} -M ${MD5_PW}
771 log_test $?
0 "MD5: Prefix config"
773 # client in prefix, wrong password
775 show_hint
"Should timeout since client uses wrong password"
776 run_cmd nettest
-s -M ${MD5_PW} -m ${NS_NET} &
778 run_cmd_nsb nettest
-r ${NSA_IP} -M ${MD5_WRONG_PW}
779 log_test $?
2 "MD5: Prefix config, client uses wrong password"
781 # client outside of prefix
783 show_hint
"Should timeout due to MD5 mismatch"
784 run_cmd nettest
-s -M ${MD5_PW} -m ${NS_NET} &
786 run_cmd_nsb nettest
-l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW}
787 log_test $?
2 "MD5: Prefix config, client address not in configured prefix"
797 for a
in ${NSA_IP} ${NSA_LO_IP}
802 run_cmd_nsb nettest
-r ${a}
803 log_test_addr
${a} $?
0 "Global server"
808 run_cmd nettest
-s -d ${NSA_DEV} &
810 run_cmd_nsb nettest
-r ${a}
811 log_test_addr
${a} $?
0 "Device server"
813 # verify TCP reset sent and received
814 for a
in ${NSA_IP} ${NSA_LO_IP}
817 show_hint
"Should fail 'Connection refused' since there is no server"
818 run_cmd_nsb nettest
-r ${a}
819 log_test_addr
${a} $?
1 "No server"
825 for a
in ${NSB_IP} ${NSB_LO_IP}
828 run_cmd_nsb nettest
-s &
830 run_cmd nettest
-r ${a} -0 ${NSA_IP}
831 log_test_addr
${a} $?
0 "Client"
834 run_cmd_nsb nettest
-s &
836 run_cmd nettest
-r ${a} -d ${NSA_DEV}
837 log_test_addr
${a} $?
0 "Client, device bind"
840 show_hint
"Should fail 'Connection refused'"
841 run_cmd nettest
-r ${a}
842 log_test_addr
${a} $?
1 "No server, unbound client"
845 show_hint
"Should fail 'Connection refused'"
846 run_cmd nettest
-r ${a} -d ${NSA_DEV}
847 log_test_addr
${a} $?
1 "No server, device client"
851 # local address tests
853 for a
in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
858 run_cmd nettest
-r ${a} -0 ${a} -1 ${a}
859 log_test_addr
${a} $?
0 "Global server, local connection"
864 run_cmd nettest
-s -d ${NSA_DEV} &
866 run_cmd nettest
-r ${a} -0 ${a}
867 log_test_addr
${a} $?
0 "Device server, unbound client, local connection"
869 for a
in ${NSA_LO_IP} 127.0.0.1
872 show_hint
"Should fail 'Connection refused' since addresses on loopback are out of device scope"
873 run_cmd nettest
-s -d ${NSA_DEV} &
875 run_cmd nettest
-r ${a}
876 log_test_addr
${a} $?
1 "Device server, unbound client, local connection"
883 run_cmd nettest
-r ${a} -0 ${a} -d ${NSA_DEV}
884 log_test_addr
${a} $?
0 "Global server, device client, local connection"
886 for a
in ${NSA_LO_IP} 127.0.0.1
889 show_hint
"Should fail 'No route to host' since addresses on loopback are out of device scope"
892 run_cmd nettest
-r ${a} -d ${NSA_DEV}
893 log_test_addr
${a} $?
1 "Global server, device client, local connection"
898 run_cmd nettest
-s -d ${NSA_DEV} -2 ${NSA_DEV} &
900 run_cmd nettest
-d ${NSA_DEV} -r ${a} -0 ${a}
901 log_test_addr
${a} $?
0 "Device server, device client, local connection"
904 show_hint
"Should fail 'Connection refused'"
905 run_cmd nettest
-d ${NSA_DEV} -r ${a}
906 log_test_addr
${a} $?
1 "No server, device client, local conn"
915 # disable global server
916 log_subsection
"Global server disabled"
918 set_sysctl net.ipv4.tcp_l3mdev_accept
=0
923 for a
in ${NSA_IP} ${VRF_IP}
926 show_hint
"Should fail 'Connection refused' since global server with VRF is disabled"
929 run_cmd_nsb nettest
-r ${a}
930 log_test_addr
${a} $?
1 "Global server"
933 run_cmd nettest
-s -d ${VRF} -2 ${VRF} &
935 run_cmd_nsb nettest
-r ${a}
936 log_test_addr
${a} $?
0 "VRF server"
939 run_cmd nettest
-s -d ${NSA_DEV} -2 ${NSA_DEV} &
941 run_cmd_nsb nettest
-r ${a}
942 log_test_addr
${a} $?
0 "Device server"
944 # verify TCP reset received
946 show_hint
"Should fail 'Connection refused' since there is no server"
947 run_cmd_nsb nettest
-r ${a}
948 log_test_addr
${a} $?
1 "No server"
951 # local address tests
952 # (${VRF_IP} and 127.0.0.1 both timeout)
955 show_hint
"Should fail 'Connection refused' since global server with VRF is disabled"
958 run_cmd nettest
-r ${a} -d ${NSA_DEV}
959 log_test_addr
${a} $?
1 "Global server, local connection"
962 # enable VRF global server
964 log_subsection
"VRF Global server enabled"
965 set_sysctl net.ipv4.tcp_l3mdev_accept
=1
967 for a
in ${NSA_IP} ${VRF_IP}
970 show_hint
"client socket should be bound to VRF"
971 run_cmd nettest
-s -2 ${VRF} &
973 run_cmd_nsb nettest
-r ${a}
974 log_test_addr
${a} $?
0 "Global server"
977 show_hint
"client socket should be bound to VRF"
978 run_cmd nettest
-s -d ${VRF} -2 ${VRF} &
980 run_cmd_nsb nettest
-r ${a}
981 log_test_addr
${a} $?
0 "VRF server"
983 # verify TCP reset received
985 show_hint
"Should fail 'Connection refused'"
986 run_cmd_nsb nettest
-r ${a}
987 log_test_addr
${a} $?
1 "No server"
992 show_hint
"client socket should be bound to device"
993 run_cmd nettest
-s -d ${NSA_DEV} -2 ${NSA_DEV} &
995 run_cmd_nsb nettest
-r ${a}
996 log_test_addr
${a} $?
0 "Device server"
998 # local address tests
999 for a
in ${NSA_IP} ${VRF_IP}
1002 show_hint
"Should fail 'No route to host' since client is not bound to VRF"
1003 run_cmd nettest
-s -2 ${VRF} &
1005 run_cmd nettest
-r ${a}
1006 log_test_addr
${a} $?
1 "Global server, local connection"
1012 for a
in ${NSB_IP} ${NSB_LO_IP}
1015 run_cmd_nsb nettest
-s &
1017 run_cmd nettest
-r ${a} -d ${VRF}
1018 log_test_addr
${a} $?
0 "Client, VRF bind"
1021 run_cmd_nsb nettest
-s &
1023 run_cmd nettest
-r ${a} -d ${NSA_DEV}
1024 log_test_addr
${a} $?
0 "Client, device bind"
1027 show_hint
"Should fail 'Connection refused'"
1028 run_cmd nettest
-r ${a} -d ${VRF}
1029 log_test_addr
${a} $?
1 "No server, VRF client"
1032 show_hint
"Should fail 'Connection refused'"
1033 run_cmd nettest
-r ${a} -d ${NSA_DEV}
1034 log_test_addr
${a} $?
1 "No server, device client"
1037 for a
in ${NSA_IP} ${VRF_IP} 127.0.0.1
1040 run_cmd nettest
-s -d ${VRF} -2 ${VRF} &
1042 run_cmd nettest
-r ${a} -d ${VRF} -0 ${a}
1043 log_test_addr
${a} $?
0 "VRF server, VRF client, local connection"
1048 run_cmd nettest
-s -d ${VRF} -2 ${VRF} &
1050 run_cmd nettest
-r ${a} -d ${NSA_DEV} -0 ${a}
1051 log_test_addr
${a} $?
0 "VRF server, device client, local connection"
1054 show_hint
"Should fail 'No route to host' since client is out of VRF scope"
1055 run_cmd nettest
-s -d ${VRF} &
1057 run_cmd nettest
-r ${a}
1058 log_test_addr
${a} $?
1 "VRF server, unbound client, local connection"
1061 run_cmd nettest
-s -d ${NSA_DEV} -2 ${NSA_DEV} &
1063 run_cmd nettest
-r ${a} -d ${VRF} -0 ${a}
1064 log_test_addr
${a} $?
0 "Device server, VRF client, local connection"
1067 run_cmd nettest
-s -d ${NSA_DEV} -2 ${NSA_DEV} &
1069 run_cmd nettest
-r ${a} -d ${NSA_DEV} -0 ${a}
1070 log_test_addr
${a} $?
0 "Device server, device client, local connection"
1075 log_section
"IPv4/TCP"
1076 log_subsection
"No VRF"
1079 # tcp_l3mdev_accept should have no affect without VRF;
1080 # run tests with it enabled and disabled to verify
1081 log_subsection
"tcp_l3mdev_accept disabled"
1082 set_sysctl net.ipv4.tcp_l3mdev_accept
=0
1084 log_subsection
"tcp_l3mdev_accept enabled"
1085 set_sysctl net.ipv4.tcp_l3mdev_accept
=1
1088 log_subsection
"With VRF"
1093 ################################################################################
1103 for a
in ${NSA_IP} ${NSA_LO_IP}
1106 run_cmd nettest
-D -s -2 ${NSA_DEV} &
1108 run_cmd_nsb nettest
-D -r ${a}
1109 log_test_addr
${a} $?
0 "Global server"
1112 show_hint
"Should fail 'Connection refused' since there is no server"
1113 run_cmd_nsb nettest
-D -r ${a}
1114 log_test_addr
${a} $?
1 "No server"
1119 run_cmd nettest
-D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1121 run_cmd_nsb nettest
-D -r ${a}
1122 log_test_addr
${a} $?
0 "Device server"
1127 for a
in ${NSB_IP} ${NSB_LO_IP}
1130 run_cmd_nsb nettest
-D -s &
1132 run_cmd nettest
-D -r ${a} -0 ${NSA_IP}
1133 log_test_addr
${a} $?
0 "Client"
1136 run_cmd_nsb nettest
-D -s &
1138 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1139 log_test_addr
${a} $?
0 "Client, device bind"
1142 run_cmd_nsb nettest
-D -s &
1144 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1145 log_test_addr
${a} $?
0 "Client, device send via cmsg"
1148 run_cmd_nsb nettest
-D -s &
1150 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1151 log_test_addr
${a} $?
0 "Client, device bind via IP_UNICAST_IF"
1154 show_hint
"Should fail 'Connection refused'"
1155 run_cmd nettest
-D -r ${a}
1156 log_test_addr
${a} $?
1 "No server, unbound client"
1159 show_hint
"Should fail 'Connection refused'"
1160 run_cmd nettest
-D -r ${a} -d ${NSA_DEV}
1161 log_test_addr
${a} $?
1 "No server, device client"
1165 # local address tests
1167 for a
in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1170 run_cmd nettest
-D -s &
1172 run_cmd nettest
-D -r ${a} -0 ${a} -1 ${a}
1173 log_test_addr
${a} $?
0 "Global server, local connection"
1178 run_cmd nettest
-s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1180 run_cmd nettest
-D -r ${a}
1181 log_test_addr
${a} $?
0 "Device server, unbound client, local connection"
1183 for a
in ${NSA_LO_IP} 127.0.0.1
1186 show_hint
"Should fail 'Connection refused' since address is out of device scope"
1187 run_cmd nettest
-s -D -d ${NSA_DEV} &
1189 run_cmd nettest
-D -r ${a}
1190 log_test_addr
${a} $?
1 "Device server, unbound client, local connection"
1195 run_cmd nettest
-s -D &
1197 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1198 log_test_addr
${a} $?
0 "Global server, device client, local connection"
1201 run_cmd nettest
-s -D &
1203 run_cmd nettest
-D -d ${NSA_DEV} -C -r ${a}
1204 log_test_addr
${a} $?
0 "Global server, device send via cmsg, local connection"
1207 run_cmd nettest
-s -D &
1209 run_cmd nettest
-D -d ${NSA_DEV} -S -r ${a}
1210 log_test_addr
${a} $?
0 "Global server, device client via IP_UNICAST_IF, local connection"
1212 # IPv4 with device bind has really weird behavior - it overrides the
1213 # fib lookup, generates an rtable and tries to send the packet. This
1214 # causes failures for local traffic at different places
1215 for a
in ${NSA_LO_IP} 127.0.0.1
1218 show_hint
"Should fail since addresses on loopback are out of device scope"
1219 run_cmd nettest
-D -s &
1221 run_cmd nettest
-D -r ${a} -d ${NSA_DEV}
1222 log_test_addr
${a} $?
2 "Global server, device client, local connection"
1225 show_hint
"Should fail since addresses on loopback are out of device scope"
1226 run_cmd nettest
-D -s &
1228 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -C
1229 log_test_addr
${a} $?
1 "Global server, device send via cmsg, local connection"
1232 show_hint
"Should fail since addresses on loopback are out of device scope"
1233 run_cmd nettest
-D -s &
1235 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -S
1236 log_test_addr
${a} $?
1 "Global server, device client via IP_UNICAST_IF, local connection"
1241 run_cmd nettest
-D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1243 run_cmd nettest
-D -d ${NSA_DEV} -r ${a} -0 ${a}
1244 log_test_addr
${a} $?
0 "Device server, device client, local conn"
1247 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1248 log_test_addr
${a} $?
2 "No server, device client, local conn"
1255 # disable global server
1256 log_subsection
"Global server disabled"
1257 set_sysctl net.ipv4.udp_l3mdev_accept
=0
1262 for a
in ${NSA_IP} ${VRF_IP}
1265 show_hint
"Fails because ingress is in a VRF and global server is disabled"
1266 run_cmd nettest
-D -s &
1268 run_cmd_nsb nettest
-D -r ${a}
1269 log_test_addr
${a} $?
1 "Global server"
1272 run_cmd nettest
-D -d ${VRF} -s -2 ${NSA_DEV} &
1274 run_cmd_nsb nettest
-D -r ${a}
1275 log_test_addr
${a} $?
0 "VRF server"
1278 run_cmd nettest
-D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1280 run_cmd_nsb nettest
-D -r ${a}
1281 log_test_addr
${a} $?
0 "Enslaved device server"
1284 show_hint
"Should fail 'Connection refused' since there is no server"
1285 run_cmd_nsb nettest
-D -r ${a}
1286 log_test_addr
${a} $?
1 "No server"
1289 show_hint
"Should fail 'Connection refused' since global server is out of scope"
1290 run_cmd nettest
-D -s &
1292 run_cmd nettest
-D -d ${VRF} -r ${a}
1293 log_test_addr
${a} $?
1 "Global server, VRF client, local connection"
1298 run_cmd nettest
-s -D -d ${VRF} -2 ${NSA_DEV} &
1300 run_cmd nettest
-D -d ${VRF} -r ${a}
1301 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
1304 run_cmd nettest
-s -D -d ${VRF} -2 ${NSA_DEV} &
1306 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1307 log_test_addr
${a} $?
0 "VRF server, enslaved device client, local connection"
1311 run_cmd nettest
-s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1313 run_cmd nettest
-D -d ${VRF} -r ${a}
1314 log_test_addr
${a} $?
0 "Enslaved device server, VRF client, local conn"
1317 run_cmd nettest
-s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1319 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1320 log_test_addr
${a} $?
0 "Enslaved device server, device client, local conn"
1322 # enable global server
1323 log_subsection
"Global server enabled"
1324 set_sysctl net.ipv4.udp_l3mdev_accept
=1
1329 for a
in ${NSA_IP} ${VRF_IP}
1332 run_cmd nettest
-D -s -2 ${NSA_DEV} &
1334 run_cmd_nsb nettest
-D -r ${a}
1335 log_test_addr
${a} $?
0 "Global server"
1338 run_cmd nettest
-D -d ${VRF} -s -2 ${NSA_DEV} &
1340 run_cmd_nsb nettest
-D -r ${a}
1341 log_test_addr
${a} $?
0 "VRF server"
1344 run_cmd nettest
-D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1346 run_cmd_nsb nettest
-D -r ${a}
1347 log_test_addr
${a} $?
0 "Enslaved device server"
1350 show_hint
"Should fail 'Connection refused'"
1351 run_cmd_nsb nettest
-D -r ${a}
1352 log_test_addr
${a} $?
1 "No server"
1359 run_cmd_nsb nettest
-D -s &
1361 run_cmd nettest
-d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1362 log_test $?
0 "VRF client"
1365 run_cmd_nsb nettest
-D -s &
1367 run_cmd nettest
-d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1368 log_test $?
0 "Enslaved device client"
1370 # negative test - should fail
1372 show_hint
"Should fail 'Connection refused'"
1373 run_cmd nettest
-D -d ${VRF} -r ${NSB_IP}
1374 log_test $?
1 "No server, VRF client"
1377 show_hint
"Should fail 'Connection refused'"
1378 run_cmd nettest
-D -d ${NSA_DEV} -r ${NSB_IP}
1379 log_test $?
1 "No server, enslaved device client"
1382 # local address tests
1386 run_cmd nettest
-D -s -2 ${NSA_DEV} &
1388 run_cmd nettest
-D -d ${VRF} -r ${a}
1389 log_test_addr
${a} $?
0 "Global server, VRF client, local conn"
1392 run_cmd nettest
-s -D -d ${VRF} -2 ${NSA_DEV} &
1394 run_cmd nettest
-D -d ${VRF} -r ${a}
1395 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
1398 run_cmd nettest
-s -D -d ${VRF} -2 ${NSA_DEV} &
1400 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1401 log_test_addr
${a} $?
0 "VRF server, device client, local conn"
1404 run_cmd nettest
-s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1406 run_cmd nettest
-D -d ${VRF} -r ${a}
1407 log_test_addr
${a} $?
0 "Enslaved device server, VRF client, local conn"
1410 run_cmd nettest
-s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1412 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1413 log_test_addr
${a} $?
0 "Enslaved device server, device client, local conn"
1415 for a
in ${VRF_IP} 127.0.0.1
1418 run_cmd nettest
-D -s -2 ${VRF} &
1420 run_cmd nettest
-D -d ${VRF} -r ${a}
1421 log_test_addr
${a} $?
0 "Global server, VRF client, local conn"
1424 for a
in ${VRF_IP} 127.0.0.1
1427 run_cmd nettest
-s -D -d ${VRF} -2 ${VRF} &
1429 run_cmd nettest
-D -d ${VRF} -r ${a}
1430 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
1433 # negative test - should fail
1434 # verifies ECONNREFUSED
1435 for a
in ${NSA_IP} ${VRF_IP} 127.0.0.1
1438 show_hint
"Should fail 'Connection refused'"
1439 run_cmd nettest
-D -d ${VRF} -r ${a}
1440 log_test_addr
${a} $?
1 "No server, VRF client, local conn"
1446 log_section
"IPv4/UDP"
1447 log_subsection
"No VRF"
1451 # udp_l3mdev_accept should have no affect without VRF;
1452 # run tests with it enabled and disabled to verify
1453 log_subsection
"udp_l3mdev_accept disabled"
1454 set_sysctl net.ipv4.udp_l3mdev_accept
=0
1456 log_subsection
"udp_l3mdev_accept enabled"
1457 set_sysctl net.ipv4.udp_l3mdev_accept
=1
1460 log_subsection
"With VRF"
1465 ################################################################################
1468 # verifies ability or inability to bind to an address / device
1470 ipv4_addr_bind_novrf
()
1475 for a
in ${NSA_IP} ${NSA_LO_IP}
1478 run_cmd nettest
-s -R -P icmp
-l ${a} -b
1479 log_test_addr
${a} $?
0 "Raw socket bind to local address"
1482 run_cmd nettest
-s -R -P icmp
-l ${a} -d ${NSA_DEV} -b
1483 log_test_addr
${a} $?
0 "Raw socket bind to local address after device bind"
1491 run_cmd nettest
-l ${a} -r ${NSB_IP} -t1 -b
1492 log_test_addr
${a} $?
0 "TCP socket bind to local address"
1495 run_cmd nettest
-l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1496 log_test_addr
${a} $?
0 "TCP socket bind to local address after device bind"
1498 # Sadly, the kernel allows binding a socket to a device and then
1499 # binding to an address not on the device. The only restriction
1500 # is that the address is valid in the L3 domain. So this test
1501 # passes when it really should not
1504 #show_hint "Should fail with 'Cannot assign requested address'"
1505 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1506 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1509 ipv4_addr_bind_vrf
()
1514 for a
in ${NSA_IP} ${VRF_IP}
1517 run_cmd nettest
-s -R -P icmp
-l ${a} -b
1518 log_test_addr
${a} $?
0 "Raw socket bind to local address"
1521 run_cmd nettest
-s -R -P icmp
-l ${a} -d ${NSA_DEV} -b
1522 log_test_addr
${a} $?
0 "Raw socket bind to local address after device bind"
1524 run_cmd nettest
-s -R -P icmp
-l ${a} -d ${VRF} -b
1525 log_test_addr
${a} $?
0 "Raw socket bind to local address after VRF bind"
1530 show_hint
"Address on loopback is out of VRF scope"
1531 run_cmd nettest
-s -R -P icmp
-l ${a} -d ${VRF} -b
1532 log_test_addr
${a} $?
1 "Raw socket bind to out of scope address after VRF bind"
1537 for a
in ${NSA_IP} ${VRF_IP}
1540 run_cmd nettest
-s -l ${a} -d ${VRF} -t1 -b
1541 log_test_addr
${a} $?
0 "TCP socket bind to local address"
1544 run_cmd nettest
-s -l ${a} -d ${NSA_DEV} -t1 -b
1545 log_test_addr
${a} $?
0 "TCP socket bind to local address after device bind"
1550 show_hint
"Address on loopback out of scope for VRF"
1551 run_cmd nettest
-s -l ${a} -d ${VRF} -t1 -b
1552 log_test_addr
${a} $?
1 "TCP socket bind to invalid local address for VRF"
1555 show_hint
"Address on loopback out of scope for device in VRF"
1556 run_cmd nettest
-s -l ${a} -d ${NSA_DEV} -t1 -b
1557 log_test_addr
${a} $?
1 "TCP socket bind to invalid local address for device bind"
1562 log_section
"IPv4 address binds"
1564 log_subsection
"No VRF"
1566 ipv4_addr_bind_novrf
1568 log_subsection
"With VRF"
1573 ################################################################################
1574 # IPv4 runtime tests
1580 local with_vrf
="yes"
1586 for a
in ${NSA_IP} ${VRF_IP}
1589 run_cmd nettest
${varg} -s &
1591 run_cmd_nsb nettest
${varg} -r ${a} &
1593 run_cmd ip link del
${VRF}
1595 log_test_addr
${a} 0 0 "${desc}, global server"
1600 for a
in ${NSA_IP} ${VRF_IP}
1603 run_cmd nettest
${varg} -s -d ${VRF} &
1605 run_cmd_nsb nettest
${varg} -r ${a} &
1607 run_cmd ip link del
${VRF}
1609 log_test_addr
${a} 0 0 "${desc}, VRF server"
1616 run_cmd nettest
${varg} -s -d ${NSA_DEV} &
1618 run_cmd_nsb nettest
${varg} -r ${a} &
1620 run_cmd ip link del
${VRF}
1622 log_test_addr
${a} 0 0 "${desc}, enslaved device server"
1630 run_cmd_nsb nettest
${varg} -s &
1632 run_cmd nettest
${varg} -d ${VRF} -r ${NSB_IP} &
1634 run_cmd ip link del
${VRF}
1636 log_test_addr
${a} 0 0 "${desc}, VRF client"
1641 run_cmd_nsb nettest
${varg} -s &
1643 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1645 run_cmd ip link del
${VRF}
1647 log_test_addr
${a} 0 0 "${desc}, enslaved device client"
1652 # local address tests
1654 for a
in ${NSA_IP} ${VRF_IP}
1657 run_cmd nettest
${varg} -s &
1659 run_cmd nettest
${varg} -d ${VRF} -r ${a} &
1661 run_cmd ip link del
${VRF}
1663 log_test_addr
${a} 0 0 "${desc}, global server, VRF client, local"
1668 for a
in ${NSA_IP} ${VRF_IP}
1671 run_cmd nettest
${varg} -d ${VRF} -s &
1673 run_cmd nettest
${varg} -d ${VRF} -r ${a} &
1675 run_cmd ip link del
${VRF}
1677 log_test_addr
${a} 0 0 "${desc}, VRF server and client, local"
1684 run_cmd nettest
${varg} -s &
1686 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
1688 run_cmd ip link del
${VRF}
1690 log_test_addr
${a} 0 0 "${desc}, global server, enslaved device client, local"
1695 run_cmd nettest
${varg} -d ${VRF} -s &
1697 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
1699 run_cmd ip link del
${VRF}
1701 log_test_addr
${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1706 run_cmd nettest
${varg} -d ${NSA_DEV} -s &
1708 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
1710 run_cmd ip link del
${VRF}
1712 log_test_addr
${a} 0 0 "${desc}, enslaved device server and client, local"
1717 local with_vrf
="yes"
1720 for a
in ${NSA_IP} ${VRF_IP}
1723 run_cmd_nsb
ping -f ${a} &
1725 run_cmd ip link del
${VRF}
1727 log_test_addr
${a} 0 0 "Device delete with active traffic - ping in"
1734 run_cmd
ping -f -I ${VRF} ${a} &
1736 run_cmd ip link del
${VRF}
1738 log_test_addr
${a} 0 0 "Device delete with active traffic - ping out"
1743 log_section
"Run time tests - ipv4"
1749 ipv4_rt
"TCP active socket" "-n -1"
1752 ipv4_rt
"TCP passive socket" "-i"
1755 ################################################################################
1762 # should not have an impact, but make a known state
1763 set_sysctl net.ipv4.raw_l3mdev_accept
=0 2>/dev
/null
1768 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1771 run_cmd
${ping6} -c1 -w1 ${a}
1772 log_test_addr
${a} $?
0 "ping out"
1775 for a
in ${NSB_IP6} ${NSB_LO_IP6}
1778 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1779 log_test_addr
${a} $?
0 "ping out, device bind"
1782 run_cmd
${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
1783 log_test_addr
${a} $?
0 "ping out, loopback address bind"
1789 for a
in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1792 run_cmd_nsb
${ping6} -c1 -w1 ${a}
1793 log_test_addr
${a} $?
0 "ping in"
1797 # local traffic, local address
1799 for a
in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1802 run_cmd
${ping6} -c1 -w1 ${a}
1803 log_test_addr
${a} $?
0 "ping local, no bind"
1806 for a
in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1809 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1810 log_test_addr
${a} $?
0 "ping local, device bind"
1813 for a
in ${NSA_LO_IP6} ::1
1816 show_hint
"Fails since address on loopback is out of device scope"
1817 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1818 log_test_addr
${a} $?
2 "ping local, device bind"
1822 # ip rule blocks address
1825 setup_cmd ip
-6 rule add pref
32765 from all lookup
local
1826 setup_cmd ip
-6 rule del pref
0 from all lookup
local
1827 setup_cmd ip
-6 rule add pref
50 to
${NSB_LO_IP6} prohibit
1828 setup_cmd ip
-6 rule add pref
51 from
${NSB_IP6} prohibit
1831 run_cmd
${ping6} -c1 -w1 ${a}
1832 log_test_addr
${a} $?
2 "ping out, blocked by rule"
1835 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1836 log_test_addr
${a} $?
2 "ping out, device bind, blocked by rule"
1840 show_hint
"Response lost due to ip rule"
1841 run_cmd_nsb
${ping6} -c1 -w1 ${a}
1842 log_test_addr
${a} $?
1 "ping in, blocked by rule"
1844 setup_cmd ip
-6 rule add pref
0 from all lookup
local
1845 setup_cmd ip
-6 rule del pref
32765 from all lookup
local
1846 setup_cmd ip
-6 rule del pref
50 to
${NSB_LO_IP6} prohibit
1847 setup_cmd ip
-6 rule del pref
51 from
${NSB_IP6} prohibit
1850 # route blocks reachability to remote address
1853 setup_cmd ip
-6 route del
${NSB_LO_IP6}
1854 setup_cmd ip
-6 route add unreachable
${NSB_LO_IP6} metric
10
1855 setup_cmd ip
-6 route add unreachable
${NSB_IP6} metric
10
1858 run_cmd
${ping6} -c1 -w1 ${a}
1859 log_test_addr
${a} $?
2 "ping out, blocked by route"
1862 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1863 log_test_addr
${a} $?
2 "ping out, device bind, blocked by route"
1867 show_hint
"Response lost due to ip route"
1868 run_cmd_nsb
${ping6} -c1 -w1 ${a}
1869 log_test_addr
${a} $?
1 "ping in, blocked by route"
1873 # remove 'remote' routes; fallback to default
1876 setup_cmd ip
-6 ro del unreachable
${NSB_LO_IP6}
1877 setup_cmd ip
-6 ro del unreachable
${NSB_IP6}
1880 run_cmd
${ping6} -c1 -w1 ${a}
1881 log_test_addr
${a} $?
2 "ping out, unreachable route"
1884 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1885 log_test_addr
${a} $?
2 "ping out, device bind, unreachable route"
1892 # should default on; does not exist on older kernels
1893 set_sysctl net.ipv4.raw_l3mdev_accept
=1 2>/dev
/null
1898 for a
in ${NSB_IP6} ${NSB_LO_IP6}
1901 run_cmd
${ping6} -c1 -w1 -I ${VRF} ${a}
1902 log_test_addr
${a} $?
0 "ping out, VRF bind"
1905 for a
in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
1908 show_hint
"Fails since VRF device does not support linklocal or multicast"
1909 run_cmd
${ping6} -c1 -w1 ${a}
1910 log_test_addr
${a} $?
2 "ping out, VRF bind"
1913 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1916 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1917 log_test_addr
${a} $?
0 "ping out, device bind"
1920 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
1923 run_cmd ip vrf
exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
1924 log_test_addr
${a} $?
0 "ping out, vrf device+address bind"
1930 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1933 run_cmd_nsb
${ping6} -c1 -w1 ${a}
1934 log_test_addr
${a} $?
0 "ping in"
1939 show_hint
"Fails since loopback address is out of VRF scope"
1940 run_cmd_nsb
${ping6} -c1 -w1 ${a}
1941 log_test_addr
${a} $?
1 "ping in"
1944 # local traffic, local address
1946 for a
in ${NSA_IP6} ${VRF_IP6} ::1
1949 show_hint
"Source address should be ${a}"
1950 run_cmd
${ping6} -c1 -w1 -I ${VRF} ${a}
1951 log_test_addr
${a} $?
0 "ping local, VRF bind"
1954 for a
in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1957 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1958 log_test_addr
${a} $?
0 "ping local, device bind"
1961 # LLA to GUA - remove ipv6 global addresses from ns-B
1962 setup_cmd_nsb ip
-6 addr del
${NSB_IP6}/64 dev
${NSB_DEV}
1963 setup_cmd_nsb ip
-6 addr del
${NSB_LO_IP6}/128 dev lo
1964 setup_cmd_nsb ip
-6 ro add
${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1966 for a
in ${NSA_IP6} ${VRF_IP6}
1969 run_cmd_nsb
${ping6} -c1 -w1 ${NSA_IP6}
1970 log_test_addr
${a} $?
0 "ping in, LLA to GUA"
1973 setup_cmd_nsb ip
-6 ro del
${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1974 setup_cmd_nsb ip
-6 addr add
${NSB_IP6}/64 dev
${NSB_DEV}
1975 setup_cmd_nsb ip
-6 addr add
${NSB_LO_IP6}/128 dev lo
1978 # ip rule blocks address
1981 setup_cmd ip
-6 rule add pref
50 to
${NSB_LO_IP6} prohibit
1982 setup_cmd ip
-6 rule add pref
51 from
${NSB_IP6} prohibit
1985 run_cmd
${ping6} -c1 -w1 ${a}
1986 log_test_addr
${a} $?
2 "ping out, blocked by rule"
1989 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1990 log_test_addr
${a} $?
2 "ping out, device bind, blocked by rule"
1994 show_hint
"Response lost due to ip rule"
1995 run_cmd_nsb
${ping6} -c1 -w1 ${a}
1996 log_test_addr
${a} $?
1 "ping in, blocked by rule"
1999 setup_cmd ip
-6 rule del pref
50 to
${NSB_LO_IP6} prohibit
2000 setup_cmd ip
-6 rule del pref
51 from
${NSB_IP6} prohibit
2003 # remove 'remote' routes; fallback to default
2006 setup_cmd ip
-6 ro del
${NSB_LO_IP6} vrf
${VRF}
2009 run_cmd
${ping6} -c1 -w1 ${a}
2010 log_test_addr
${a} $?
2 "ping out, unreachable route"
2013 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2014 log_test_addr
${a} $?
2 "ping out, device bind, unreachable route"
2016 ip
-netns ${NSB} -6 ro del
${NSA_LO_IP6}
2019 run_cmd_nsb
${ping6} -c1 -w1 ${a}
2020 log_test_addr
${a} $?
2 "ping in, unreachable route"
2025 log_section
"IPv6 ping"
2027 log_subsection
"No VRF"
2031 log_subsection
"With VRF"
2036 ################################################################################
2040 # MD5 tests without VRF
2042 ipv6_tcp_md5_novrf
()
2050 run_cmd nettest
-6 -s -M ${MD5_PW} -r ${NSB_IP6} &
2052 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -M ${MD5_PW}
2053 log_test $?
0 "MD5: Single address config"
2055 # client sends MD5, server not configured
2057 show_hint
"Should timeout due to MD5 mismatch"
2058 run_cmd nettest
-6 -s &
2060 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -M ${MD5_PW}
2061 log_test $?
2 "MD5: Server no config, client uses password"
2065 show_hint
"Should timeout since client uses wrong password"
2066 run_cmd nettest
-6 -s -M ${MD5_PW} -r ${NSB_IP6} &
2068 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2069 log_test $?
2 "MD5: Client uses wrong password"
2071 # client from different address
2073 show_hint
"Should timeout due to MD5 mismatch"
2074 run_cmd nettest
-6 -s -M ${MD5_PW} -r ${NSB_LO_IP6} &
2076 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -M ${MD5_PW}
2077 log_test $?
2 "MD5: Client address does not match address configured with password"
2080 # MD5 extension - prefix length
2085 run_cmd nettest
-6 -s -M ${MD5_PW} -m ${NS_NET6} &
2087 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -M ${MD5_PW}
2088 log_test $?
0 "MD5: Prefix config"
2090 # client in prefix, wrong password
2092 show_hint
"Should timeout since client uses wrong password"
2093 run_cmd nettest
-6 -s -M ${MD5_PW} -m ${NS_NET6} &
2095 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2096 log_test $?
2 "MD5: Prefix config, client uses wrong password"
2098 # client outside of prefix
2100 show_hint
"Should timeout due to MD5 mismatch"
2101 run_cmd nettest
-6 -s -M ${MD5_PW} -m ${NS_NET6} &
2103 run_cmd_nsb nettest
-6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW}
2104 log_test $?
2 "MD5: Prefix config, client address not in configured prefix"
2114 for a
in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2117 run_cmd nettest
-6 -s &
2119 run_cmd_nsb nettest
-6 -r ${a}
2120 log_test_addr
${a} $?
0 "Global server"
2123 # verify TCP reset received
2124 for a
in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2127 show_hint
"Should fail 'Connection refused'"
2128 run_cmd_nsb nettest
-6 -r ${a}
2129 log_test_addr
${a} $?
1 "No server"
2135 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2138 run_cmd_nsb nettest
-6 -s &
2140 run_cmd nettest
-6 -r ${a}
2141 log_test_addr
${a} $?
0 "Client"
2144 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2147 run_cmd_nsb nettest
-6 -s &
2149 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2150 log_test_addr
${a} $?
0 "Client, device bind"
2153 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2156 show_hint
"Should fail 'Connection refused'"
2157 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2158 log_test_addr
${a} $?
1 "No server, device client"
2162 # local address tests
2164 for a
in ${NSA_IP6} ${NSA_LO_IP6} ::1
2167 run_cmd nettest
-6 -s &
2169 run_cmd nettest
-6 -r ${a}
2170 log_test_addr
${a} $?
0 "Global server, local connection"
2175 run_cmd nettest
-6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2177 run_cmd nettest
-6 -r ${a} -0 ${a}
2178 log_test_addr
${a} $?
0 "Device server, unbound client, local connection"
2180 for a
in ${NSA_LO_IP6} ::1
2183 show_hint
"Should fail 'Connection refused' since addresses on loopback are out of device scope"
2184 run_cmd nettest
-6 -s -d ${NSA_DEV} &
2186 run_cmd nettest
-6 -r ${a}
2187 log_test_addr
${a} $?
1 "Device server, unbound client, local connection"
2192 run_cmd nettest
-6 -s &
2194 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV} -0 ${a}
2195 log_test_addr
${a} $?
0 "Global server, device client, local connection"
2197 for a
in ${NSA_LO_IP6} ::1
2200 show_hint
"Should fail 'Connection refused' since addresses on loopback are out of device scope"
2201 run_cmd nettest
-6 -s &
2203 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2204 log_test_addr
${a} $?
1 "Global server, device client, local connection"
2207 for a
in ${NSA_IP6} ${NSA_LINKIP6}
2210 run_cmd nettest
-6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2212 run_cmd nettest
-6 -d ${NSA_DEV} -r ${a}
2213 log_test_addr
${a} $?
0 "Device server, device client, local conn"
2216 for a
in ${NSA_IP6} ${NSA_LINKIP6}
2219 show_hint
"Should fail 'Connection refused'"
2220 run_cmd nettest
-6 -d ${NSA_DEV} -r ${a}
2221 log_test_addr
${a} $?
1 "No server, device client, local conn"
2231 # disable global server
2232 log_subsection
"Global server disabled"
2234 set_sysctl net.ipv4.tcp_l3mdev_accept
=0
2239 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2242 show_hint
"Should fail 'Connection refused' since global server with VRF is disabled"
2243 run_cmd nettest
-6 -s &
2245 run_cmd_nsb nettest
-6 -r ${a}
2246 log_test_addr
${a} $?
1 "Global server"
2249 for a
in ${NSA_IP6} ${VRF_IP6}
2252 run_cmd nettest
-6 -s -d ${VRF} -2 ${VRF} &
2254 run_cmd_nsb nettest
-6 -r ${a}
2255 log_test_addr
${a} $?
0 "VRF server"
2258 # link local is always bound to ingress device
2259 a
=${NSA_LINKIP6}%${NSB_DEV}
2261 run_cmd nettest
-6 -s -d ${VRF} -2 ${NSA_DEV} &
2263 run_cmd_nsb nettest
-6 -r ${a}
2264 log_test_addr
${a} $?
0 "VRF server"
2266 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2269 run_cmd nettest
-6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2271 run_cmd_nsb nettest
-6 -r ${a}
2272 log_test_addr
${a} $?
0 "Device server"
2275 # verify TCP reset received
2276 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2279 show_hint
"Should fail 'Connection refused'"
2280 run_cmd_nsb nettest
-6 -r ${a}
2281 log_test_addr
${a} $?
1 "No server"
2284 # local address tests
2287 show_hint
"Should fail 'Connection refused' since global server with VRF is disabled"
2288 run_cmd nettest
-6 -s &
2290 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2291 log_test_addr
${a} $?
1 "Global server, local connection"
2294 # enable VRF global server
2296 log_subsection
"VRF Global server enabled"
2297 set_sysctl net.ipv4.tcp_l3mdev_accept
=1
2299 for a
in ${NSA_IP6} ${VRF_IP6}
2302 run_cmd nettest
-6 -s -2 ${VRF} &
2304 run_cmd_nsb nettest
-6 -r ${a}
2305 log_test_addr
${a} $?
0 "Global server"
2308 for a
in ${NSA_IP6} ${VRF_IP6}
2311 run_cmd nettest
-6 -s -d ${VRF} -2 ${VRF} &
2313 run_cmd_nsb nettest
-6 -r ${a}
2314 log_test_addr
${a} $?
0 "VRF server"
2317 # For LLA, child socket is bound to device
2318 a
=${NSA_LINKIP6}%${NSB_DEV}
2320 run_cmd nettest
-6 -s -2 ${NSA_DEV} &
2322 run_cmd_nsb nettest
-6 -r ${a}
2323 log_test_addr
${a} $?
0 "Global server"
2326 run_cmd nettest
-6 -s -d ${VRF} -2 ${NSA_DEV} &
2328 run_cmd_nsb nettest
-6 -r ${a}
2329 log_test_addr
${a} $?
0 "VRF server"
2331 for a
in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2334 run_cmd nettest
-6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2336 run_cmd_nsb nettest
-6 -r ${a}
2337 log_test_addr
${a} $?
0 "Device server"
2340 # verify TCP reset received
2341 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2344 show_hint
"Should fail 'Connection refused'"
2345 run_cmd_nsb nettest
-6 -r ${a}
2346 log_test_addr
${a} $?
1 "No server"
2349 # local address tests
2350 for a
in ${NSA_IP6} ${VRF_IP6}
2353 show_hint
"Fails 'No route to host' since client is not in VRF"
2354 run_cmd nettest
-6 -s -2 ${VRF} &
2356 run_cmd nettest
-6 -r ${a}
2357 log_test_addr
${a} $?
1 "Global server, local connection"
2364 for a
in ${NSB_IP6} ${NSB_LO_IP6}
2367 run_cmd_nsb nettest
-6 -s &
2369 run_cmd nettest
-6 -r ${a} -d ${VRF}
2370 log_test_addr
${a} $?
0 "Client, VRF bind"
2375 show_hint
"Fails since VRF device does not allow linklocal addresses"
2376 run_cmd_nsb nettest
-6 -s &
2378 run_cmd nettest
-6 -r ${a} -d ${VRF}
2379 log_test_addr
${a} $?
1 "Client, VRF bind"
2381 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2384 run_cmd_nsb nettest
-6 -s &
2386 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2387 log_test_addr
${a} $?
0 "Client, device bind"
2390 for a
in ${NSB_IP6} ${NSB_LO_IP6}
2393 show_hint
"Should fail 'Connection refused'"
2394 run_cmd nettest
-6 -r ${a} -d ${VRF}
2395 log_test_addr
${a} $?
1 "No server, VRF client"
2398 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2401 show_hint
"Should fail 'Connection refused'"
2402 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2403 log_test_addr
${a} $?
1 "No server, device client"
2406 for a
in ${NSA_IP6} ${VRF_IP6} ::1
2409 run_cmd nettest
-6 -s -d ${VRF} -2 ${VRF} &
2411 run_cmd nettest
-6 -r ${a} -d ${VRF} -0 ${a}
2412 log_test_addr
${a} $?
0 "VRF server, VRF client, local connection"
2417 run_cmd nettest
-6 -s -d ${VRF} -2 ${VRF} &
2419 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV} -0 ${a}
2420 log_test_addr
${a} $?
0 "VRF server, device client, local connection"
2424 show_hint
"Should fail since unbound client is out of VRF scope"
2425 run_cmd nettest
-6 -s -d ${VRF} &
2427 run_cmd nettest
-6 -r ${a}
2428 log_test_addr
${a} $?
1 "VRF server, unbound client, local connection"
2431 run_cmd nettest
-6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2433 run_cmd nettest
-6 -r ${a} -d ${VRF} -0 ${a}
2434 log_test_addr
${a} $?
0 "Device server, VRF client, local connection"
2436 for a
in ${NSA_IP6} ${NSA_LINKIP6}
2439 run_cmd nettest
-6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2441 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV} -0 ${a}
2442 log_test_addr
${a} $?
0 "Device server, device client, local connection"
2448 log_section
"IPv6/TCP"
2449 log_subsection
"No VRF"
2452 # tcp_l3mdev_accept should have no affect without VRF;
2453 # run tests with it enabled and disabled to verify
2454 log_subsection
"tcp_l3mdev_accept disabled"
2455 set_sysctl net.ipv4.tcp_l3mdev_accept
=0
2457 log_subsection
"tcp_l3mdev_accept enabled"
2458 set_sysctl net.ipv4.tcp_l3mdev_accept
=1
2461 log_subsection
"With VRF"
2466 ################################################################################
2476 for a
in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2479 run_cmd nettest
-6 -D -s -2 ${NSA_DEV} &
2481 run_cmd_nsb nettest
-6 -D -r ${a}
2482 log_test_addr
${a} $?
0 "Global server"
2485 run_cmd nettest
-6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2487 run_cmd_nsb nettest
-6 -D -r ${a}
2488 log_test_addr
${a} $?
0 "Device server"
2493 run_cmd nettest
-6 -D -s -2 ${NSA_DEV} &
2495 run_cmd_nsb nettest
-6 -D -r ${a}
2496 log_test_addr
${a} $?
0 "Global server"
2498 # should fail since loopback address is out of scope for a device
2499 # bound server, but it does not - hence this is more documenting
2502 #show_hint "Should fail since loopback address is out of scope"
2503 #run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2505 #run_cmd_nsb nettest -6 -D -r ${a}
2506 #log_test_addr ${a} $? 1 "Device server"
2508 # negative test - should fail
2509 for a
in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2512 show_hint
"Should fail 'Connection refused' since there is no server"
2513 run_cmd_nsb nettest
-6 -D -r ${a}
2514 log_test_addr
${a} $?
1 "No server"
2520 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2523 run_cmd_nsb nettest
-6 -D -s &
2525 run_cmd nettest
-6 -D -r ${a} -0 ${NSA_IP6}
2526 log_test_addr
${a} $?
0 "Client"
2529 run_cmd_nsb nettest
-6 -D -s &
2531 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2532 log_test_addr
${a} $?
0 "Client, device bind"
2535 run_cmd_nsb nettest
-6 -D -s &
2537 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2538 log_test_addr
${a} $?
0 "Client, device send via cmsg"
2541 run_cmd_nsb nettest
-6 -D -s &
2543 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2544 log_test_addr
${a} $?
0 "Client, device bind via IPV6_UNICAST_IF"
2547 show_hint
"Should fail 'Connection refused'"
2548 run_cmd nettest
-6 -D -r ${a}
2549 log_test_addr
${a} $?
1 "No server, unbound client"
2552 show_hint
"Should fail 'Connection refused'"
2553 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV}
2554 log_test_addr
${a} $?
1 "No server, device client"
2558 # local address tests
2560 for a
in ${NSA_IP6} ${NSA_LO_IP6} ::1
2563 run_cmd nettest
-6 -D -s &
2565 run_cmd nettest
-6 -D -r ${a} -0 ${a} -1 ${a}
2566 log_test_addr
${a} $?
0 "Global server, local connection"
2571 run_cmd nettest
-6 -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
2573 run_cmd nettest
-6 -D -r ${a}
2574 log_test_addr
${a} $?
0 "Device server, unbound client, local connection"
2576 for a
in ${NSA_LO_IP6} ::1
2579 show_hint
"Should fail 'Connection refused' since address is out of device scope"
2580 run_cmd nettest
-6 -s -D -d ${NSA_DEV} &
2582 run_cmd nettest
-6 -D -r ${a}
2583 log_test_addr
${a} $?
1 "Device server, local connection"
2588 run_cmd nettest
-6 -s -D &
2590 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2591 log_test_addr
${a} $?
0 "Global server, device client, local connection"
2594 run_cmd nettest
-6 -s -D &
2596 run_cmd nettest
-6 -D -d ${NSA_DEV} -C -r ${a}
2597 log_test_addr
${a} $?
0 "Global server, device send via cmsg, local connection"
2600 run_cmd nettest
-6 -s -D &
2602 run_cmd nettest
-6 -D -d ${NSA_DEV} -S -r ${a}
2603 log_test_addr
${a} $?
0 "Global server, device client via IPV6_UNICAST_IF, local connection"
2605 for a
in ${NSA_LO_IP6} ::1
2608 show_hint
"Should fail 'No route to host' since addresses on loopback are out of device scope"
2609 run_cmd nettest
-6 -D -s &
2611 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV}
2612 log_test_addr
${a} $?
1 "Global server, device client, local connection"
2615 show_hint
"Should fail 'No route to host' since addresses on loopback are out of device scope"
2616 run_cmd nettest
-6 -D -s &
2618 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -C
2619 log_test_addr
${a} $?
1 "Global server, device send via cmsg, local connection"
2622 show_hint
"Should fail 'No route to host' since addresses on loopback are out of device scope"
2623 run_cmd nettest
-6 -D -s &
2625 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -S
2626 log_test_addr
${a} $?
1 "Global server, device client via IP_UNICAST_IF, local connection"
2631 run_cmd nettest
-6 -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2633 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
2634 log_test_addr
${a} $?
0 "Device server, device client, local conn"
2637 show_hint
"Should fail 'Connection refused'"
2638 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2639 log_test_addr
${a} $?
1 "No server, device client, local conn"
2642 run_cmd_nsb ip
-6 addr del
${NSB_IP6}/64 dev
${NSB_DEV}
2643 run_cmd_nsb ip
-6 ro add
${NSA_IP6}/128 dev
${NSB_DEV}
2645 run_cmd nettest
-6 -s -D &
2647 run_cmd_nsb nettest
-6 -D -r ${NSA_IP6}
2648 log_test $?
0 "UDP in - LLA to GUA"
2650 run_cmd_nsb ip
-6 ro del
${NSA_IP6}/128 dev
${NSB_DEV}
2651 run_cmd_nsb ip
-6 addr add
${NSB_IP6}/64 dev
${NSB_DEV} nodad
2658 # disable global server
2659 log_subsection
"Global server disabled"
2660 set_sysctl net.ipv4.udp_l3mdev_accept
=0
2665 for a
in ${NSA_IP6} ${VRF_IP6}
2668 show_hint
"Should fail 'Connection refused' since global server is disabled"
2669 run_cmd nettest
-6 -D -s &
2671 run_cmd_nsb nettest
-6 -D -r ${a}
2672 log_test_addr
${a} $?
1 "Global server"
2675 for a
in ${NSA_IP6} ${VRF_IP6}
2678 run_cmd nettest
-6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2680 run_cmd_nsb nettest
-6 -D -r ${a}
2681 log_test_addr
${a} $?
0 "VRF server"
2684 for a
in ${NSA_IP6} ${VRF_IP6}
2687 run_cmd nettest
-6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2689 run_cmd_nsb nettest
-6 -D -r ${a}
2690 log_test_addr
${a} $?
0 "Enslaved device server"
2693 # negative test - should fail
2694 for a
in ${NSA_IP6} ${VRF_IP6}
2697 show_hint
"Should fail 'Connection refused' since there is no server"
2698 run_cmd_nsb nettest
-6 -D -r ${a}
2699 log_test_addr
${a} $?
1 "No server"
2703 # local address tests
2705 for a
in ${NSA_IP6} ${VRF_IP6}
2708 show_hint
"Should fail 'Connection refused' since global server is disabled"
2709 run_cmd nettest
-6 -D -s &
2711 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
2712 log_test_addr
${a} $?
1 "Global server, VRF client, local conn"
2715 for a
in ${NSA_IP6} ${VRF_IP6}
2718 run_cmd nettest
-6 -D -d ${VRF} -s &
2720 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
2721 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
2726 show_hint
"Should fail 'Connection refused' since global server is disabled"
2727 run_cmd nettest
-6 -D -s &
2729 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2730 log_test_addr
${a} $?
1 "Global server, device client, local conn"
2733 run_cmd nettest
-6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2735 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2736 log_test_addr
${a} $?
0 "VRF server, device client, local conn"
2739 run_cmd nettest
-6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2741 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
2742 log_test_addr
${a} $?
0 "Enslaved device server, VRF client, local conn"
2745 run_cmd nettest
-6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2747 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2748 log_test_addr
${a} $?
0 "Enslaved device server, device client, local conn"
2750 # disable global server
2751 log_subsection
"Global server enabled"
2752 set_sysctl net.ipv4.udp_l3mdev_accept
=1
2757 for a
in ${NSA_IP6} ${VRF_IP6}
2760 run_cmd nettest
-6 -D -s -2 ${NSA_DEV} &
2762 run_cmd_nsb nettest
-6 -D -r ${a}
2763 log_test_addr
${a} $?
0 "Global server"
2766 for a
in ${NSA_IP6} ${VRF_IP6}
2769 run_cmd nettest
-6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2771 run_cmd_nsb nettest
-6 -D -r ${a}
2772 log_test_addr
${a} $?
0 "VRF server"
2775 for a
in ${NSA_IP6} ${VRF_IP6}
2778 run_cmd nettest
-6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2780 run_cmd_nsb nettest
-6 -D -r ${a}
2781 log_test_addr
${a} $?
0 "Enslaved device server"
2784 # negative test - should fail
2785 for a
in ${NSA_IP6} ${VRF_IP6}
2788 run_cmd_nsb nettest
-6 -D -r ${a}
2789 log_test_addr
${a} $?
1 "No server"
2796 run_cmd_nsb nettest
-6 -D -s &
2798 run_cmd nettest
-6 -D -d ${VRF} -r ${NSB_IP6}
2799 log_test $?
0 "VRF client"
2801 # negative test - should fail
2803 run_cmd nettest
-6 -D -d ${VRF} -r ${NSB_IP6}
2804 log_test $?
1 "No server, VRF client"
2807 run_cmd_nsb nettest
-6 -D -s &
2809 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSB_IP6}
2810 log_test $?
0 "Enslaved device client"
2812 # negative test - should fail
2814 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSB_IP6}
2815 log_test $?
1 "No server, enslaved device client"
2818 # local address tests
2822 run_cmd nettest
-6 -D -s -2 ${NSA_DEV} &
2824 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
2825 log_test_addr
${a} $?
0 "Global server, VRF client, local conn"
2828 run_cmd nettest
-6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2830 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
2831 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
2836 run_cmd nettest
-6 -D -s -2 ${VRF} &
2838 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
2839 log_test_addr
${a} $?
0 "Global server, VRF client, local conn"
2842 run_cmd nettest
-6 -D -d ${VRF} -s -2 ${VRF} &
2844 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
2845 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
2847 # negative test - should fail
2848 for a
in ${NSA_IP6} ${VRF_IP6}
2851 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
2852 log_test_addr
${a} $?
1 "No server, VRF client, local conn"
2855 # device to global IP
2858 run_cmd nettest
-6 -D -s -2 ${NSA_DEV} &
2860 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2861 log_test_addr
${a} $?
0 "Global server, device client, local conn"
2864 run_cmd nettest
-6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2866 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2867 log_test_addr
${a} $?
0 "VRF server, device client, local conn"
2870 run_cmd nettest
-6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2872 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
2873 log_test_addr
${a} $?
0 "Device server, VRF client, local conn"
2876 run_cmd nettest
-6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2878 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2879 log_test_addr
${a} $?
0 "Device server, device client, local conn"
2882 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2883 log_test_addr
${a} $?
1 "No server, device client, local conn"
2886 # link local addresses
2888 run_cmd nettest
-6 -D -s &
2890 run_cmd_nsb nettest
-6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
2891 log_test $?
0 "Global server, linklocal IP"
2894 run_cmd_nsb nettest
-6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
2895 log_test $?
1 "No server, linklocal IP"
2899 run_cmd_nsb nettest
-6 -D -s &
2901 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
2902 log_test $?
0 "Enslaved device client, linklocal IP"
2905 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
2906 log_test $?
1 "No server, device client, peer linklocal IP"
2910 run_cmd nettest
-6 -D -s &
2912 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
2913 log_test $?
0 "Enslaved device client, local conn - linklocal IP"
2916 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
2917 log_test $?
1 "No server, device client, local conn - linklocal IP"
2920 run_cmd_nsb ip
-6 addr del
${NSB_IP6}/64 dev
${NSB_DEV}
2921 run_cmd_nsb ip
-6 ro add
${NSA_IP6}/128 dev
${NSB_DEV}
2923 run_cmd nettest
-6 -s -D &
2925 run_cmd_nsb nettest
-6 -D -r ${NSA_IP6}
2926 log_test $?
0 "UDP in - LLA to GUA"
2928 run_cmd_nsb ip
-6 ro del
${NSA_IP6}/128 dev
${NSB_DEV}
2929 run_cmd_nsb ip
-6 addr add
${NSB_IP6}/64 dev
${NSB_DEV} nodad
2934 # should not matter, but set to known state
2935 set_sysctl net.ipv4.udp_early_demux
=1
2937 log_section
"IPv6/UDP"
2938 log_subsection
"No VRF"
2941 # udp_l3mdev_accept should have no affect without VRF;
2942 # run tests with it enabled and disabled to verify
2943 log_subsection
"udp_l3mdev_accept disabled"
2944 set_sysctl net.ipv4.udp_l3mdev_accept
=0
2946 log_subsection
"udp_l3mdev_accept enabled"
2947 set_sysctl net.ipv4.udp_l3mdev_accept
=1
2950 log_subsection
"With VRF"
2955 ################################################################################
2958 ipv6_addr_bind_novrf
()
2963 for a
in ${NSA_IP6} ${NSA_LO_IP6}
2966 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -b
2967 log_test_addr
${a} $?
0 "Raw socket bind to local address"
2970 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -d ${NSA_DEV} -b
2971 log_test_addr
${a} $?
0 "Raw socket bind to local address after device bind"
2979 run_cmd nettest
-6 -s -l ${a} -t1 -b
2980 log_test_addr
${a} $?
0 "TCP socket bind to local address"
2983 run_cmd nettest
-6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2984 log_test_addr
${a} $?
0 "TCP socket bind to local address after device bind"
2988 show_hint
"Should fail with 'Cannot assign requested address'"
2989 run_cmd nettest
-6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2990 log_test_addr
${a} $?
1 "TCP socket bind to out of scope local address"
2993 ipv6_addr_bind_vrf
()
2998 for a
in ${NSA_IP6} ${VRF_IP6}
3001 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -d ${VRF} -b
3002 log_test_addr
${a} $?
0 "Raw socket bind to local address after vrf bind"
3005 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -d ${NSA_DEV} -b
3006 log_test_addr
${a} $?
0 "Raw socket bind to local address after device bind"
3011 show_hint
"Address on loopback is out of VRF scope"
3012 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -d ${VRF} -b
3013 log_test_addr
${a} $?
1 "Raw socket bind to invalid local address after vrf bind"
3018 # address on enslaved device is valid for the VRF or device in a VRF
3019 for a
in ${NSA_IP6} ${VRF_IP6}
3022 run_cmd nettest
-6 -s -l ${a} -d ${VRF} -t1 -b
3023 log_test_addr
${a} $?
0 "TCP socket bind to local address with VRF bind"
3028 run_cmd nettest
-6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3029 log_test_addr
${a} $?
0 "TCP socket bind to local address with device bind"
3033 run_cmd nettest
-6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3034 log_test_addr
${a} $?
1 "TCP socket bind to VRF address with device bind"
3038 show_hint
"Address on loopback out of scope for VRF"
3039 run_cmd nettest
-6 -s -l ${a} -d ${VRF} -t1 -b
3040 log_test_addr
${a} $?
1 "TCP socket bind to invalid local address for VRF"
3043 show_hint
"Address on loopback out of scope for device in VRF"
3044 run_cmd nettest
-6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3045 log_test_addr
${a} $?
1 "TCP socket bind to invalid local address for device bind"
3051 log_section
"IPv6 address binds"
3053 log_subsection
"No VRF"
3055 ipv6_addr_bind_novrf
3057 log_subsection
"With VRF"
3062 ################################################################################
3063 # IPv6 runtime tests
3069 local with_vrf
="yes"
3075 for a
in ${NSA_IP6} ${VRF_IP6}
3078 run_cmd nettest
${varg} -s &
3080 run_cmd_nsb nettest
${varg} -r ${a} &
3082 run_cmd ip link del
${VRF}
3084 log_test_addr
${a} 0 0 "${desc}, global server"
3089 for a
in ${NSA_IP6} ${VRF_IP6}
3092 run_cmd nettest
${varg} -d ${VRF} -s &
3094 run_cmd_nsb nettest
${varg} -r ${a} &
3096 run_cmd ip link del
${VRF}
3098 log_test_addr
${a} 0 0 "${desc}, VRF server"
3103 for a
in ${NSA_IP6} ${VRF_IP6}
3106 run_cmd nettest
${varg} -d ${NSA_DEV} -s &
3108 run_cmd_nsb nettest
${varg} -r ${a} &
3110 run_cmd ip link del
${VRF}
3112 log_test_addr
${a} 0 0 "${desc}, enslaved device server"
3121 run_cmd_nsb nettest
${varg} -s &
3123 run_cmd nettest
${varg} -d ${VRF} -r ${NSB_IP6} &
3125 run_cmd ip link del
${VRF}
3127 log_test
0 0 "${desc}, VRF client"
3132 run_cmd_nsb nettest
${varg} -s &
3134 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3136 run_cmd ip link del
${VRF}
3138 log_test
0 0 "${desc}, enslaved device client"
3144 # local address tests
3146 for a
in ${NSA_IP6} ${VRF_IP6}
3149 run_cmd nettest
${varg} -s &
3151 run_cmd nettest
${varg} -d ${VRF} -r ${a} &
3153 run_cmd ip link del
${VRF}
3155 log_test_addr
${a} 0 0 "${desc}, global server, VRF client"
3160 for a
in ${NSA_IP6} ${VRF_IP6}
3163 run_cmd nettest
${varg} -d ${VRF} -s &
3165 run_cmd nettest
${varg} -d ${VRF} -r ${a} &
3167 run_cmd ip link del
${VRF}
3169 log_test_addr
${a} 0 0 "${desc}, VRF server and client"
3176 run_cmd nettest
${varg} -s &
3178 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
3180 run_cmd ip link del
${VRF}
3182 log_test_addr
${a} 0 0 "${desc}, global server, device client"
3187 run_cmd nettest
${varg} -d ${VRF} -s &
3189 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
3191 run_cmd ip link del
${VRF}
3193 log_test_addr
${a} 0 0 "${desc}, VRF server, device client"
3198 run_cmd nettest
${varg} -d ${NSA_DEV} -s &
3200 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
3202 run_cmd ip link del
${VRF}
3204 log_test_addr
${a} 0 0 "${desc}, device server, device client"
3209 local with_vrf
="yes"
3214 run_cmd_nsb
${ping6} -f ${a} &
3216 run_cmd ip link del
${VRF}
3218 log_test_addr
${a} 0 0 "Device delete with active traffic - ping in"
3223 run_cmd
${ping6} -f ${NSB_IP6} -I ${VRF} &
3225 run_cmd ip link del
${VRF}
3227 log_test_addr
${a} 0 0 "Device delete with active traffic - ping out"
3232 log_section
"Run time tests - ipv6"
3238 ipv6_rt
"TCP active socket" "-n -1"
3241 ipv6_rt
"TCP passive socket" "-i"
3244 ipv6_rt
"UDP active socket" "-D -n -1"
3247 ################################################################################
3248 # netfilter blocking connections
3250 netfilter_tcp_reset
()
3254 for a
in ${NSA_IP} ${VRF_IP}
3257 run_cmd nettest
-s &
3259 run_cmd_nsb nettest
-r ${a}
3260 log_test_addr
${a} $?
1 "Global server, reject with TCP-reset on Rx"
3270 [ "${stype}" = "UDP" ] && arg
="-D"
3272 for a
in ${NSA_IP} ${VRF_IP}
3275 run_cmd nettest
${arg} -s &
3277 run_cmd_nsb nettest
${arg} -r ${a}
3278 log_test_addr
${a} $?
1 "Global ${stype} server, Rx reject icmp-port-unreach"
3284 log_section
"IPv4 Netfilter"
3285 log_subsection
"TCP reset"
3288 run_cmd iptables
-A INPUT
-p tcp
--dport 12345 -j REJECT
--reject-with tcp-reset
3293 log_subsection
"ICMP unreachable"
3297 run_cmd iptables
-A INPUT
-p tcp
--dport 12345 -j REJECT
--reject-with icmp-port-unreachable
3298 run_cmd iptables
-A INPUT
-p udp
--dport 12345 -j REJECT
--reject-with icmp-port-unreachable
3300 netfilter_icmp
"TCP"
3301 netfilter_icmp
"UDP"
3307 netfilter_tcp6_reset
()
3311 for a
in ${NSA_IP6} ${VRF_IP6}
3314 run_cmd nettest
-6 -s &
3316 run_cmd_nsb nettest
-6 -r ${a}
3317 log_test_addr
${a} $?
1 "Global server, reject with TCP-reset on Rx"
3327 [ "${stype}" = "UDP" ] && arg
="$arg -D"
3329 for a
in ${NSA_IP6} ${VRF_IP6}
3332 run_cmd nettest
-6 -s ${arg} &
3334 run_cmd_nsb nettest
-6 ${arg} -r ${a}
3335 log_test_addr
${a} $?
1 "Global ${stype} server, Rx reject icmp-port-unreach"
3341 log_section
"IPv6 Netfilter"
3342 log_subsection
"TCP reset"
3345 run_cmd ip6tables
-A INPUT
-p tcp
--dport 12345 -j REJECT
--reject-with tcp-reset
3347 netfilter_tcp6_reset
3349 log_subsection
"ICMP unreachable"
3352 run_cmd ip6tables
-F
3353 run_cmd ip6tables
-A INPUT
-p tcp
--dport 12345 -j REJECT
--reject-with icmp6-port-unreachable
3354 run_cmd ip6tables
-A INPUT
-p udp
--dport 12345 -j REJECT
--reject-with icmp6-port-unreachable
3356 netfilter_icmp6
"TCP"
3357 netfilter_icmp6
"UDP"
3363 ################################################################################
3364 # specific use cases
3367 # ns-A device enslaved to bridge. Verify traffic with and without
3368 # br_netfilter module loaded. Repeat with SVI on bridge.
3373 setup_cmd ip link
set ${NSA_DEV} down
3374 setup_cmd ip addr del dev
${NSA_DEV} ${NSA_IP}/24
3375 setup_cmd ip
-6 addr del dev
${NSA_DEV} ${NSA_IP6}/64
3377 setup_cmd ip link add br0
type bridge
3378 setup_cmd ip addr add dev br0
${NSA_IP}/24
3379 setup_cmd ip
-6 addr add dev br0
${NSA_IP6}/64 nodad
3381 setup_cmd ip li
set ${NSA_DEV} master br0
3382 setup_cmd ip li
set ${NSA_DEV} up
3383 setup_cmd ip li
set br0 up
3384 setup_cmd ip li
set br0 vrf
${VRF}
3386 rmmod br_netfilter
2>/dev
/null
3389 run_cmd ip neigh flush all
3390 run_cmd
ping -c1 -w1 -I br0
${NSB_IP}
3391 log_test $?
0 "Bridge into VRF - IPv4 ping out"
3393 run_cmd ip neigh flush all
3394 run_cmd
${ping6} -c1 -w1 -I br0
${NSB_IP6}
3395 log_test $?
0 "Bridge into VRF - IPv6 ping out"
3397 run_cmd ip neigh flush all
3398 run_cmd_nsb
ping -c1 -w1 ${NSA_IP}
3399 log_test $?
0 "Bridge into VRF - IPv4 ping in"
3401 run_cmd ip neigh flush all
3402 run_cmd_nsb
${ping6} -c1 -w1 ${NSA_IP6}
3403 log_test $?
0 "Bridge into VRF - IPv6 ping in"
3405 modprobe br_netfilter
3406 if [ $?
-eq 0 ]; then
3407 run_cmd ip neigh flush all
3408 run_cmd
ping -c1 -w1 -I br0
${NSB_IP}
3409 log_test $?
0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3411 run_cmd ip neigh flush all
3412 run_cmd
${ping6} -c1 -w1 -I br0
${NSB_IP6}
3413 log_test $?
0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3415 run_cmd ip neigh flush all
3416 run_cmd_nsb
ping -c1 -w1 ${NSA_IP}
3417 log_test $?
0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3419 run_cmd ip neigh flush all
3420 run_cmd_nsb
${ping6} -c1 -w1 ${NSA_IP6}
3421 log_test $?
0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3424 setup_cmd ip li
set br0 nomaster
3425 setup_cmd ip li add br0.100 link br0
type vlan id
100
3426 setup_cmd ip li
set br0.100 vrf
${VRF} up
3427 setup_cmd ip addr add dev br0.100
172.16.101.1/24
3428 setup_cmd ip
-6 addr add dev br0.100
2001:db8
:101::1/64 nodad
3430 setup_cmd_nsb ip li add vlan100 link
${NSB_DEV} type vlan id
100
3431 setup_cmd_nsb ip addr add dev vlan100
172.16.101.2/24
3432 setup_cmd_nsb ip
-6 addr add dev vlan100
2001:db8
:101::2/64 nodad
3433 setup_cmd_nsb ip li
set vlan100 up
3436 rmmod br_netfilter
2>/dev
/null
3438 run_cmd ip neigh flush all
3439 run_cmd
ping -c1 -w1 -I br0.100
172.16.101.2
3440 log_test $?
0 "Bridge vlan into VRF - IPv4 ping out"
3442 run_cmd ip neigh flush all
3443 run_cmd
${ping6} -c1 -w1 -I br0.100
2001:db8
:101::2
3444 log_test $?
0 "Bridge vlan into VRF - IPv6 ping out"
3446 run_cmd ip neigh flush all
3447 run_cmd_nsb
ping -c1 -w1 172.16.101.1
3448 log_test $?
0 "Bridge vlan into VRF - IPv4 ping in"
3450 run_cmd ip neigh flush all
3451 run_cmd_nsb
${ping6} -c1 -w1 2001:db8
:101::1
3452 log_test $?
0 "Bridge vlan into VRF - IPv6 ping in"
3454 modprobe br_netfilter
3455 if [ $?
-eq 0 ]; then
3456 run_cmd ip neigh flush all
3457 run_cmd
ping -c1 -w1 -I br0.100
172.16.101.2
3458 log_test $?
0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3460 run_cmd ip neigh flush all
3461 run_cmd
${ping6} -c1 -w1 -I br0.100
2001:db8
:101::2
3462 log_test $?
0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3464 run_cmd ip neigh flush all
3465 run_cmd_nsb
ping -c1 -w1 172.16.101.1
3466 log_test $?
0 "Bridge vlan into VRF - IPv4 ping in"
3468 run_cmd ip neigh flush all
3469 run_cmd_nsb
${ping6} -c1 -w1 2001:db8
:101::1
3470 log_test $?
0 "Bridge vlan into VRF - IPv6 ping in"
3473 setup_cmd ip li del br0
2>/dev
/null
3474 setup_cmd_nsb ip li del vlan100
2>/dev
/null
3479 log_section
"Use cases"
3483 ################################################################################
3489 usage: ${0##*/} OPTS
3493 -t <test> Test name/set to run
3495 -P Pause after each test
3500 ################################################################################
3503 TESTS_IPV4
="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter"
3504 TESTS_IPV6
="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter"
3505 TESTS_OTHER
="use_cases"
3510 while getopts :46t
:pPvh o
3516 p
) PAUSE_ON_FAIL
=yes;;
3524 # make sure we don't pause twice
3525 [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL
=no
3528 # show user test config
3530 if [ -z "$TESTS" ]; then
3531 TESTS
="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
3532 elif [ "$TESTS" = "ipv4" ]; then
3534 elif [ "$TESTS" = "ipv6" ]; then
3538 which nettest
>/dev
/null
3539 if [ $?
-ne 0 ]; then
3540 echo "'nettest' command not found; skipping tests"
3545 declare -i nsuccess
=0
3550 ipv4_ping|
ping) ipv4_ping
;;
3551 ipv4_tcp|tcp
) ipv4_tcp
;;
3552 ipv4_udp|udp
) ipv4_udp
;;
3553 ipv4_bind|
bind) ipv4_addr_bind
;;
3554 ipv4_runtime
) ipv4_runtime
;;
3555 ipv4_netfilter
) ipv4_netfilter
;;
3557 ipv6_ping|ping6
) ipv6_ping
;;
3558 ipv6_tcp|tcp6
) ipv6_tcp
;;
3559 ipv6_udp|udp6
) ipv6_udp
;;
3560 ipv6_bind|bind6
) ipv6_addr_bind
;;
3561 ipv6_runtime
) ipv6_runtime
;;
3562 ipv6_netfilter
) ipv6_netfilter
;;
3564 use_cases
) use_cases
;;
3566 # setup namespaces and config, but do not run any tests
3567 setup
) setup
; exit 0;;
3568 vrf_setup
) setup
"yes"; exit 0;;
3570 help) echo "Test names: $TESTS"; exit 0;;
3576 printf "\nTests passed: %3d\n" ${nsuccess}
3577 printf "Tests failed: %3d\n" ${nfail}