]> git.ipfire.org Git - thirdparty/kernel/stable.git/blob - tools/testing/selftests/net/fcnal-test.sh
projects / thirdparty / kernel / stable.git / blob
? search:


e630c6a7ee7213d9387a6ec3e4636d6079f244e6
[thirdparty/kernel/stable.git] / tools / testing / selftests / net / fcnal-test.sh
1 #!/bin/bash
2 # SPDX-License-Identifier: GPL-2.0
3 #
4 # Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5 #
6 # IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7 # for various permutations:
8 # 1. icmp, tcp, udp and netfilter
9 # 2. client, server, no-server
10 # 3. global address on interface
11 # 4. global address on 'lo'
12 # 5. remote and local traffic
13 # 6. VRF and non-VRF permutations
14 #
15 # Setup:
16 # ns-A | ns-B
17 # No VRF case:
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
19 # remote address
20 # VRF case:
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
22 #
23 # ns-A:
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
29 #
30 # ns-B:
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
33 # 172.16.2.2/32, 2001:db8:2::2/128
34 #
35 # server / client nomenclature relative to ns-A
36
37 VERBOSE=0
38
39 NSA_DEV=eth1
40 NSB_DEV=eth1
41 VRF=red
42 VRF_TABLE=1101
43
44 # IPv4 config
45 NSA_IP=172.16.1.1
46 NSB_IP=172.16.1.2
47 VRF_IP=172.16.3.1
48 NS_NET=172.16.1.0/24
49
50 # IPv6 config
51 NSA_IP6=2001:db8:1::1
52 NSB_IP6=2001:db8:1::2
53 VRF_IP6=2001:db8:3::1
54 NS_NET6=2001:db8:1::/120
55
56 NSA_LO_IP=172.16.2.1
57 NSB_LO_IP=172.16.2.2
58 NSA_LO_IP6=2001:db8:2::1
59 NSB_LO_IP6=2001:db8:2::2
60
61 MD5_PW=abc123
62 MD5_WRONG_PW=abc1234
63
64 MCAST=ff02::1
65 # set after namespace create
66 NSA_LINKIP6=
67 NSB_LINKIP6=
68
69 NSA=ns-A
70 NSB=ns-B
71
72 NSA_CMD="ip netns exec ${NSA}"
73 NSB_CMD="ip netns exec ${NSB}"
74
75 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
76
77 ################################################################################
78 # utilities
79
80 log_test()
81 {
82 local rc=$1
83 local expected=$2
84 local msg="$3"
85
86 [ "${VERBOSE}" = "1" ] && echo
87
88 if [ ${rc} -eq ${expected} ]; then
89 nsuccess=$((nsuccess+1))
90 printf "TEST: %-70s [ OK ]\n" "${msg}"
91 else
92 nfail=$((nfail+1))
93 printf "TEST: %-70s [FAIL]\n" "${msg}"
94 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
95 echo
96 echo "hit enter to continue, 'q' to quit"
97 read a
98 [ "$a" = "q" ] && exit 1
99 fi
100 fi
101
102 if [ "${PAUSE}" = "yes" ]; then
103 echo
104 echo "hit enter to continue, 'q' to quit"
105 read a
106 [ "$a" = "q" ] && exit 1
107 fi
108
109 kill_procs
110 }
111
112 log_test_addr()
113 {
114 local addr=$1
115 local rc=$2
116 local expected=$3
117 local msg="$4"
118 local astr
119
120 astr=$(addr2str ${addr})
121 log_test $rc $expected "$msg - ${astr}"
122 }
123
124 log_section()
125 {
126 echo
127 echo "###########################################################################"
128 echo "$*"
129 echo "###########################################################################"
130 echo
131 }
132
133 log_subsection()
134 {
135 echo
136 echo "#################################################################"
137 echo "$*"
138 echo
139 }
140
141 log_start()
142 {
143 # make sure we have no test instances running
144 kill_procs
145
146 if [ "${VERBOSE}" = "1" ]; then
147 echo
148 echo "#######################################################"
149 fi
150 }
151
152 log_debug()
153 {
154 if [ "${VERBOSE}" = "1" ]; then
155 echo
156 echo "$*"
157 echo
158 fi
159 }
160
161 show_hint()
162 {
163 if [ "${VERBOSE}" = "1" ]; then
164 echo "HINT: $*"
165 echo
166 fi
167 }
168
169 kill_procs()
170 {
171 killall nettest ping ping6 >/dev/null 2>&1
172 sleep 1
173 }
174
175 do_run_cmd()
176 {
177 local cmd="$*"
178 local out
179
180 if [ "$VERBOSE" = "1" ]; then
181 echo "COMMAND: ${cmd}"
182 fi
183
184 out=$($cmd 2>&1)
185 rc=$?
186 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
187 echo "$out"
188 fi
189
190 return $rc
191 }
192
193 run_cmd()
194 {
195 do_run_cmd ${NSA_CMD} $*
196 }
197
198 run_cmd_nsb()
199 {
200 do_run_cmd ${NSB_CMD} $*
201 }
202
203 setup_cmd()
204 {
205 local cmd="$*"
206 local rc
207
208 run_cmd ${cmd}
209 rc=$?
210 if [ $rc -ne 0 ]; then
211 # show user the command if not done so already
212 if [ "$VERBOSE" = "0" ]; then
213 echo "setup command: $cmd"
214 fi
215 echo "failed. stopping tests"
216 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
217 echo
218 echo "hit enter to continue"
219 read a
220 fi
221 exit $rc
222 fi
223 }
224
225 setup_cmd_nsb()
226 {
227 local cmd="$*"
228 local rc
229
230 run_cmd_nsb ${cmd}
231 rc=$?
232 if [ $rc -ne 0 ]; then
233 # show user the command if not done so already
234 if [ "$VERBOSE" = "0" ]; then
235 echo "setup command: $cmd"
236 fi
237 echo "failed. stopping tests"
238 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
239 echo
240 echo "hit enter to continue"
241 read a
242 fi
243 exit $rc
244 fi
245 }
246
247 # set sysctl values in NS-A
248 set_sysctl()
249 {
250 echo "SYSCTL: $*"
251 echo
252 run_cmd sysctl -q -w $*
253 }
254
255 ################################################################################
256 # Setup for tests
257
258 addr2str()
259 {
260 case "$1" in
261 127.0.0.1) echo "loopback";;
262 ::1) echo "IPv6 loopback";;
263
264 ${NSA_IP}) echo "ns-A IP";;
265 ${NSA_IP6}) echo "ns-A IPv6";;
266 ${NSA_LO_IP}) echo "ns-A loopback IP";;
267 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
268 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
269
270 ${NSB_IP}) echo "ns-B IP";;
271 ${NSB_IP6}) echo "ns-B IPv6";;
272 ${NSB_LO_IP}) echo "ns-B loopback IP";;
273 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
274 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
275
276 ${VRF_IP}) echo "VRF IP";;
277 ${VRF_IP6}) echo "VRF IPv6";;
278
279 ${MCAST}%*) echo "multicast IP";;
280
281 *) echo "unknown";;
282 esac
283 }
284
285 get_linklocal()
286 {
287 local ns=$1
288 local dev=$2
289 local addr
290
291 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
292 awk '{
293 for (i = 3; i <= NF; ++i) {
294 if ($i ~ /^fe80/)
295 print $i
296 }
297 }'
298 )
299 addr=${addr/\/*}
300
301 [ -z "$addr" ] && return 1
302
303 echo $addr
304
305 return 0
306 }
307
308 ################################################################################
309 # create namespaces and vrf
310
311 create_vrf()
312 {
313 local ns=$1
314 local vrf=$2
315 local table=$3
316 local addr=$4
317 local addr6=$5
318
319 ip -netns ${ns} link add ${vrf} type vrf table ${table}
320 ip -netns ${ns} link set ${vrf} up
321 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
322 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
323
324 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
325 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
326 if [ "${addr}" != "-" ]; then
327 ip -netns ${ns} addr add dev ${vrf} ${addr}
328 fi
329 if [ "${addr6}" != "-" ]; then
330 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
331 fi
332
333 ip -netns ${ns} ru del pref 0
334 ip -netns ${ns} ru add pref 32765 from all lookup local
335 ip -netns ${ns} -6 ru del pref 0
336 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
337 }
338
339 create_ns()
340 {
341 local ns=$1
342 local addr=$2
343 local addr6=$3
344
345 ip netns add ${ns}
346
347 ip -netns ${ns} link set lo up
348 if [ "${addr}" != "-" ]; then
349 ip -netns ${ns} addr add dev lo ${addr}
350 fi
351 if [ "${addr6}" != "-" ]; then
352 ip -netns ${ns} -6 addr add dev lo ${addr6}
353 fi
354
355 ip -netns ${ns} ro add unreachable default metric 8192
356 ip -netns ${ns} -6 ro add unreachable default metric 8192
357
358 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
359 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
360 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
361 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
362 }
363
364 # create veth pair to connect namespaces and apply addresses.
365 connect_ns()
366 {
367 local ns1=$1
368 local ns1_dev=$2
369 local ns1_addr=$3
370 local ns1_addr6=$4
371 local ns2=$5
372 local ns2_dev=$6
373 local ns2_addr=$7
374 local ns2_addr6=$8
375
376 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
377 ip -netns ${ns1} li set ${ns1_dev} up
378 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
379 ip -netns ${ns2} li set ${ns2_dev} up
380
381 if [ "${ns1_addr}" != "-" ]; then
382 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
383 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
384 fi
385
386 if [ "${ns1_addr6}" != "-" ]; then
387 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
388 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
389 fi
390 }
391
392 cleanup()
393 {
394 # explicit cleanups to check those code paths
395 ip netns | grep -q ${NSA}
396 if [ $? -eq 0 ]; then
397 ip -netns ${NSA} link delete ${VRF}
398 ip -netns ${NSA} ro flush table ${VRF_TABLE}
399
400 ip -netns ${NSA} addr flush dev ${NSA_DEV}
401 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
402 ip -netns ${NSA} link set dev ${NSA_DEV} down
403 ip -netns ${NSA} link del dev ${NSA_DEV}
404
405 ip netns del ${NSA}
406 fi
407
408 ip netns del ${NSB}
409 }
410
411 setup()
412 {
413 local with_vrf=${1}
414
415 # make sure we are starting with a clean slate
416 kill_procs
417 cleanup 2>/dev/null
418
419 log_debug "Configuring network namespaces"
420 set -e
421
422 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
423 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
424 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
425 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
426
427 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
428 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
429
430 # tell ns-A how to get to remote addresses of ns-B
431 if [ "${with_vrf}" = "yes" ]; then
432 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
433
434 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
435 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
436 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
437
438 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
439 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
440 else
441 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
442 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
443 fi
444
445
446 # tell ns-B how to get to remote addresses of ns-A
447 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
448 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
449
450 set +e
451
452 sleep 1
453 }
454
455 ################################################################################
456 # IPv4
457
458 ipv4_ping_novrf()
459 {
460 local a
461
462 #
463 # out
464 #
465 for a in ${NSB_IP} ${NSB_LO_IP}
466 do
467 log_start
468 run_cmd ping -c1 -w1 ${a}
469 log_test_addr ${a} $? 0 "ping out"
470
471 log_start
472 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
473 log_test_addr ${a} $? 0 "ping out, device bind"
474
475 log_start
476 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
477 log_test_addr ${a} $? 0 "ping out, address bind"
478 done
479
480 #
481 # in
482 #
483 for a in ${NSA_IP} ${NSA_LO_IP}
484 do
485 log_start
486 run_cmd_nsb ping -c1 -w1 ${a}
487 log_test_addr ${a} $? 0 "ping in"
488 done
489
490 #
491 # local traffic
492 #
493 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
494 do
495 log_start
496 run_cmd ping -c1 -w1 ${a}
497 log_test_addr ${a} $? 0 "ping local"
498 done
499
500 #
501 # local traffic, socket bound to device
502 #
503 # address on device
504 a=${NSA_IP}
505 log_start
506 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
507 log_test_addr ${a} $? 0 "ping local, device bind"
508
509 # loopback addresses not reachable from device bind
510 # fails in a really weird way though because ipv4 special cases
511 # route lookups with oif set.
512 for a in ${NSA_LO_IP} 127.0.0.1
513 do
514 log_start
515 show_hint "Fails since address on loopback device is out of device scope"
516 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
517 log_test_addr ${a} $? 1 "ping local, device bind"
518 done
519
520 #
521 # ip rule blocks reachability to remote address
522 #
523 log_start
524 setup_cmd ip rule add pref 32765 from all lookup local
525 setup_cmd ip rule del pref 0 from all lookup local
526 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
527 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
528
529 a=${NSB_LO_IP}
530 run_cmd ping -c1 -w1 ${a}
531 log_test_addr ${a} $? 2 "ping out, blocked by rule"
532
533 # NOTE: ipv4 actually allows the lookup to fail and yet still create
534 # a viable rtable if the oif (e.g., bind to device) is set, so this
535 # case succeeds despite the rule
536 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
537
538 a=${NSA_LO_IP}
539 log_start
540 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
541 run_cmd_nsb ping -c1 -w1 ${a}
542 log_test_addr ${a} $? 1 "ping in, blocked by rule"
543
544 [ "$VERBOSE" = "1" ] && echo
545 setup_cmd ip rule del pref 32765 from all lookup local
546 setup_cmd ip rule add pref 0 from all lookup local
547 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
548 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
549
550 #
551 # route blocks reachability to remote address
552 #
553 log_start
554 setup_cmd ip route replace unreachable ${NSB_LO_IP}
555 setup_cmd ip route replace unreachable ${NSB_IP}
556
557 a=${NSB_LO_IP}
558 run_cmd ping -c1 -w1 ${a}
559 log_test_addr ${a} $? 2 "ping out, blocked by route"
560
561 # NOTE: ipv4 actually allows the lookup to fail and yet still create
562 # a viable rtable if the oif (e.g., bind to device) is set, so this
563 # case succeeds despite not having a route for the address
564 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
565
566 a=${NSA_LO_IP}
567 log_start
568 show_hint "Response is dropped (or arp request is ignored) due to ip route"
569 run_cmd_nsb ping -c1 -w1 ${a}
570 log_test_addr ${a} $? 1 "ping in, blocked by route"
571
572 #
573 # remove 'remote' routes; fallback to default
574 #
575 log_start
576 setup_cmd ip ro del ${NSB_LO_IP}
577
578 a=${NSB_LO_IP}
579 run_cmd ping -c1 -w1 ${a}
580 log_test_addr ${a} $? 2 "ping out, unreachable default route"
581
582 # NOTE: ipv4 actually allows the lookup to fail and yet still create
583 # a viable rtable if the oif (e.g., bind to device) is set, so this
584 # case succeeds despite not having a route for the address
585 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
586 }
587
588 ipv4_ping_vrf()
589 {
590 local a
591
592 # should default on; does not exist on older kernels
593 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
594
595 #
596 # out
597 #
598 for a in ${NSB_IP} ${NSB_LO_IP}
599 do
600 log_start
601 run_cmd ping -c1 -w1 -I ${VRF} ${a}
602 log_test_addr ${a} $? 0 "ping out, VRF bind"
603
604 log_start
605 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
606 log_test_addr ${a} $? 0 "ping out, device bind"
607
608 log_start
609 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
610 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
611
612 log_start
613 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
614 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
615 done
616
617 #
618 # in
619 #
620 for a in ${NSA_IP} ${VRF_IP}
621 do
622 log_start
623 run_cmd_nsb ping -c1 -w1 ${a}
624 log_test_addr ${a} $? 0 "ping in"
625 done
626
627 #
628 # local traffic, local address
629 #
630 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
631 do
632 log_start
633 show_hint "Source address should be ${a}"
634 run_cmd ping -c1 -w1 -I ${VRF} ${a}
635 log_test_addr ${a} $? 0 "ping local, VRF bind"
636 done
637
638 #
639 # local traffic, socket bound to device
640 #
641 # address on device
642 a=${NSA_IP}
643 log_start
644 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
645 log_test_addr ${a} $? 0 "ping local, device bind"
646
647 # vrf device is out of scope
648 for a in ${VRF_IP} 127.0.0.1
649 do
650 log_start
651 show_hint "Fails since address on vrf device is out of device scope"
652 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
653 log_test_addr ${a} $? 1 "ping local, device bind"
654 done
655
656 #
657 # ip rule blocks address
658 #
659 log_start
660 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
661 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
662
663 a=${NSB_LO_IP}
664 run_cmd ping -c1 -w1 -I ${VRF} ${a}
665 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
666
667 log_start
668 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
669 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
670
671 a=${NSA_LO_IP}
672 log_start
673 show_hint "Response lost due to ip rule"
674 run_cmd_nsb ping -c1 -w1 ${a}
675 log_test_addr ${a} $? 1 "ping in, blocked by rule"
676
677 [ "$VERBOSE" = "1" ] && echo
678 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
679 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
680
681 #
682 # remove 'remote' routes; fallback to default
683 #
684 log_start
685 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
686
687 a=${NSB_LO_IP}
688 run_cmd ping -c1 -w1 -I ${VRF} ${a}
689 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
690
691 log_start
692 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
693 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
694
695 a=${NSA_LO_IP}
696 log_start
697 show_hint "Response lost by unreachable route"
698 run_cmd_nsb ping -c1 -w1 ${a}
699 log_test_addr ${a} $? 1 "ping in, unreachable route"
700 }
701
702 ipv4_ping()
703 {
704 log_section "IPv4 ping"
705
706 log_subsection "No VRF"
707 setup
708 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
709 ipv4_ping_novrf
710 setup
711 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
712 ipv4_ping_novrf
713
714 log_subsection "With VRF"
715 setup "yes"
716 ipv4_ping_vrf
717 }
718
719 ################################################################################
720 # IPv4 TCP
721
722 #
723 # MD5 tests without VRF
724 #
725 ipv4_tcp_md5_novrf()
726 {
727 #
728 # single address
729 #
730
731 # basic use case
732 log_start
733 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} &
734 sleep 1
735 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
736 log_test $? 0 "MD5: Single address config"
737
738 # client sends MD5, server not configured
739 log_start
740 show_hint "Should timeout due to MD5 mismatch"
741 run_cmd nettest -s &
742 sleep 1
743 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
744 log_test $? 2 "MD5: Server no config, client uses password"
745
746 # wrong password
747 log_start
748 show_hint "Should timeout since client uses wrong password"
749 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} &
750 sleep 1
751 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
752 log_test $? 2 "MD5: Client uses wrong password"
753
754 # client from different address
755 log_start
756 show_hint "Should timeout due to MD5 mismatch"
757 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_LO_IP} &
758 sleep 1
759 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
760 log_test $? 2 "MD5: Client address does not match address configured with password"
761
762 #
763 # MD5 extension - prefix length
764 #
765
766 # client in prefix
767 log_start
768 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
769 sleep 1
770 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
771 log_test $? 0 "MD5: Prefix config"
772
773 # client in prefix, wrong password
774 log_start
775 show_hint "Should timeout since client uses wrong password"
776 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
777 sleep 1
778 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
779 log_test $? 2 "MD5: Prefix config, client uses wrong password"
780
781 # client outside of prefix
782 log_start
783 show_hint "Should timeout due to MD5 mismatch"
784 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
785 sleep 1
786 run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW}
787 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
788 }
789
790 ipv4_tcp_novrf()
791 {
792 local a
793
794 #
795 # server tests
796 #
797 for a in ${NSA_IP} ${NSA_LO_IP}
798 do
799 log_start
800 run_cmd nettest -s &
801 sleep 1
802 run_cmd_nsb nettest -r ${a}
803 log_test_addr ${a} $? 0 "Global server"
804 done
805
806 a=${NSA_IP}
807 log_start
808 run_cmd nettest -s -d ${NSA_DEV} &
809 sleep 1
810 run_cmd_nsb nettest -r ${a}
811 log_test_addr ${a} $? 0 "Device server"
812
813 # verify TCP reset sent and received
814 for a in ${NSA_IP} ${NSA_LO_IP}
815 do
816 log_start
817 show_hint "Should fail 'Connection refused' since there is no server"
818 run_cmd_nsb nettest -r ${a}
819 log_test_addr ${a} $? 1 "No server"
820 done
821
822 #
823 # client
824 #
825 for a in ${NSB_IP} ${NSB_LO_IP}
826 do
827 log_start
828 run_cmd_nsb nettest -s &
829 sleep 1
830 run_cmd nettest -r ${a} -0 ${NSA_IP}
831 log_test_addr ${a} $? 0 "Client"
832
833 log_start
834 run_cmd_nsb nettest -s &
835 sleep 1
836 run_cmd nettest -r ${a} -d ${NSA_DEV}
837 log_test_addr ${a} $? 0 "Client, device bind"
838
839 log_start
840 show_hint "Should fail 'Connection refused'"
841 run_cmd nettest -r ${a}
842 log_test_addr ${a} $? 1 "No server, unbound client"
843
844 log_start
845 show_hint "Should fail 'Connection refused'"
846 run_cmd nettest -r ${a} -d ${NSA_DEV}
847 log_test_addr ${a} $? 1 "No server, device client"
848 done
849
850 #
851 # local address tests
852 #
853 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
854 do
855 log_start
856 run_cmd nettest -s &
857 sleep 1
858 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
859 log_test_addr ${a} $? 0 "Global server, local connection"
860 done
861
862 a=${NSA_IP}
863 log_start
864 run_cmd nettest -s -d ${NSA_DEV} &
865 sleep 1
866 run_cmd nettest -r ${a} -0 ${a}
867 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
868
869 for a in ${NSA_LO_IP} 127.0.0.1
870 do
871 log_start
872 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
873 run_cmd nettest -s -d ${NSA_DEV} &
874 sleep 1
875 run_cmd nettest -r ${a}
876 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
877 done
878
879 a=${NSA_IP}
880 log_start
881 run_cmd nettest -s &
882 sleep 1
883 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
884 log_test_addr ${a} $? 0 "Global server, device client, local connection"
885
886 for a in ${NSA_LO_IP} 127.0.0.1
887 do
888 log_start
889 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
890 run_cmd nettest -s &
891 sleep 1
892 run_cmd nettest -r ${a} -d ${NSA_DEV}
893 log_test_addr ${a} $? 1 "Global server, device client, local connection"
894 done
895
896 a=${NSA_IP}
897 log_start
898 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
899 sleep 1
900 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
901 log_test_addr ${a} $? 0 "Device server, device client, local connection"
902
903 log_start
904 show_hint "Should fail 'Connection refused'"
905 run_cmd nettest -d ${NSA_DEV} -r ${a}
906 log_test_addr ${a} $? 1 "No server, device client, local conn"
907
908 ipv4_tcp_md5_novrf
909 }
910
911 ipv4_tcp_vrf()
912 {
913 local a
914
915 # disable global server
916 log_subsection "Global server disabled"
917
918 set_sysctl net.ipv4.tcp_l3mdev_accept=0
919
920 #
921 # server tests
922 #
923 for a in ${NSA_IP} ${VRF_IP}
924 do
925 log_start
926 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
927 run_cmd nettest -s &
928 sleep 1
929 run_cmd_nsb nettest -r ${a}
930 log_test_addr ${a} $? 1 "Global server"
931
932 log_start
933 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
934 sleep 1
935 run_cmd_nsb nettest -r ${a}
936 log_test_addr ${a} $? 0 "VRF server"
937
938 log_start
939 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
940 sleep 1
941 run_cmd_nsb nettest -r ${a}
942 log_test_addr ${a} $? 0 "Device server"
943
944 # verify TCP reset received
945 log_start
946 show_hint "Should fail 'Connection refused' since there is no server"
947 run_cmd_nsb nettest -r ${a}
948 log_test_addr ${a} $? 1 "No server"
949 done
950
951 # local address tests
952 # (${VRF_IP} and 127.0.0.1 both timeout)
953 a=${NSA_IP}
954 log_start
955 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
956 run_cmd nettest -s &
957 sleep 1
958 run_cmd nettest -r ${a} -d ${NSA_DEV}
959 log_test_addr ${a} $? 1 "Global server, local connection"
960
961 #
962 # enable VRF global server
963 #
964 log_subsection "VRF Global server enabled"
965 set_sysctl net.ipv4.tcp_l3mdev_accept=1
966
967 for a in ${NSA_IP} ${VRF_IP}
968 do
969 log_start
970 show_hint "client socket should be bound to VRF"
971 run_cmd nettest -s -2 ${VRF} &
972 sleep 1
973 run_cmd_nsb nettest -r ${a}
974 log_test_addr ${a} $? 0 "Global server"
975
976 log_start
977 show_hint "client socket should be bound to VRF"
978 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
979 sleep 1
980 run_cmd_nsb nettest -r ${a}
981 log_test_addr ${a} $? 0 "VRF server"
982
983 # verify TCP reset received
984 log_start
985 show_hint "Should fail 'Connection refused'"
986 run_cmd_nsb nettest -r ${a}
987 log_test_addr ${a} $? 1 "No server"
988 done
989
990 a=${NSA_IP}
991 log_start
992 show_hint "client socket should be bound to device"
993 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
994 sleep 1
995 run_cmd_nsb nettest -r ${a}
996 log_test_addr ${a} $? 0 "Device server"
997
998 # local address tests
999 for a in ${NSA_IP} ${VRF_IP}
1000 do
1001 log_start
1002 show_hint "Should fail 'No route to host' since client is not bound to VRF"
1003 run_cmd nettest -s -2 ${VRF} &
1004 sleep 1
1005 run_cmd nettest -r ${a}
1006 log_test_addr ${a} $? 1 "Global server, local connection"
1007 done
1008
1009 #
1010 # client
1011 #
1012 for a in ${NSB_IP} ${NSB_LO_IP}
1013 do
1014 log_start
1015 run_cmd_nsb nettest -s &
1016 sleep 1
1017 run_cmd nettest -r ${a} -d ${VRF}
1018 log_test_addr ${a} $? 0 "Client, VRF bind"
1019
1020 log_start
1021 run_cmd_nsb nettest -s &
1022 sleep 1
1023 run_cmd nettest -r ${a} -d ${NSA_DEV}
1024 log_test_addr ${a} $? 0 "Client, device bind"
1025
1026 log_start
1027 show_hint "Should fail 'Connection refused'"
1028 run_cmd nettest -r ${a} -d ${VRF}
1029 log_test_addr ${a} $? 1 "No server, VRF client"
1030
1031 log_start
1032 show_hint "Should fail 'Connection refused'"
1033 run_cmd nettest -r ${a} -d ${NSA_DEV}
1034 log_test_addr ${a} $? 1 "No server, device client"
1035 done
1036
1037 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1038 do
1039 log_start
1040 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
1041 sleep 1
1042 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1043 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1044 done
1045
1046 a=${NSA_IP}
1047 log_start
1048 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
1049 sleep 1
1050 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1051 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1052
1053 log_start
1054 show_hint "Should fail 'No route to host' since client is out of VRF scope"
1055 run_cmd nettest -s -d ${VRF} &
1056 sleep 1
1057 run_cmd nettest -r ${a}
1058 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1059
1060 log_start
1061 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1062 sleep 1
1063 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1064 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1065
1066 log_start
1067 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1068 sleep 1
1069 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1070 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1071 }
1072
1073 ipv4_tcp()
1074 {
1075 log_section "IPv4/TCP"
1076 log_subsection "No VRF"
1077 setup
1078
1079 # tcp_l3mdev_accept should have no affect without VRF;
1080 # run tests with it enabled and disabled to verify
1081 log_subsection "tcp_l3mdev_accept disabled"
1082 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1083 ipv4_tcp_novrf
1084 log_subsection "tcp_l3mdev_accept enabled"
1085 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1086 ipv4_tcp_novrf
1087
1088 log_subsection "With VRF"
1089 setup "yes"
1090 ipv4_tcp_vrf
1091 }
1092
1093 ################################################################################
1094 # IPv4 UDP
1095
1096 ipv4_udp_novrf()
1097 {
1098 local a
1099
1100 #
1101 # server tests
1102 #
1103 for a in ${NSA_IP} ${NSA_LO_IP}
1104 do
1105 log_start
1106 run_cmd nettest -D -s -2 ${NSA_DEV} &
1107 sleep 1
1108 run_cmd_nsb nettest -D -r ${a}
1109 log_test_addr ${a} $? 0 "Global server"
1110
1111 log_start
1112 show_hint "Should fail 'Connection refused' since there is no server"
1113 run_cmd_nsb nettest -D -r ${a}
1114 log_test_addr ${a} $? 1 "No server"
1115 done
1116
1117 a=${NSA_IP}
1118 log_start
1119 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1120 sleep 1
1121 run_cmd_nsb nettest -D -r ${a}
1122 log_test_addr ${a} $? 0 "Device server"
1123
1124 #
1125 # client
1126 #
1127 for a in ${NSB_IP} ${NSB_LO_IP}
1128 do
1129 log_start
1130 run_cmd_nsb nettest -D -s &
1131 sleep 1
1132 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1133 log_test_addr ${a} $? 0 "Client"
1134
1135 log_start
1136 run_cmd_nsb nettest -D -s &
1137 sleep 1
1138 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1139 log_test_addr ${a} $? 0 "Client, device bind"
1140
1141 log_start
1142 run_cmd_nsb nettest -D -s &
1143 sleep 1
1144 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1145 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1146
1147 log_start
1148 run_cmd_nsb nettest -D -s &
1149 sleep 1
1150 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1151 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1152
1153 log_start
1154 show_hint "Should fail 'Connection refused'"
1155 run_cmd nettest -D -r ${a}
1156 log_test_addr ${a} $? 1 "No server, unbound client"
1157
1158 log_start
1159 show_hint "Should fail 'Connection refused'"
1160 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1161 log_test_addr ${a} $? 1 "No server, device client"
1162 done
1163
1164 #
1165 # local address tests
1166 #
1167 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1168 do
1169 log_start
1170 run_cmd nettest -D -s &
1171 sleep 1
1172 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1173 log_test_addr ${a} $? 0 "Global server, local connection"
1174 done
1175
1176 a=${NSA_IP}
1177 log_start
1178 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1179 sleep 1
1180 run_cmd nettest -D -r ${a}
1181 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1182
1183 for a in ${NSA_LO_IP} 127.0.0.1
1184 do
1185 log_start
1186 show_hint "Should fail 'Connection refused' since address is out of device scope"
1187 run_cmd nettest -s -D -d ${NSA_DEV} &
1188 sleep 1
1189 run_cmd nettest -D -r ${a}
1190 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1191 done
1192
1193 a=${NSA_IP}
1194 log_start
1195 run_cmd nettest -s -D &
1196 sleep 1
1197 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1198 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1199
1200 log_start
1201 run_cmd nettest -s -D &
1202 sleep 1
1203 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1204 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1205
1206 log_start
1207 run_cmd nettest -s -D &
1208 sleep 1
1209 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1210 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1211
1212 # IPv4 with device bind has really weird behavior - it overrides the
1213 # fib lookup, generates an rtable and tries to send the packet. This
1214 # causes failures for local traffic at different places
1215 for a in ${NSA_LO_IP} 127.0.0.1
1216 do
1217 log_start
1218 show_hint "Should fail since addresses on loopback are out of device scope"
1219 run_cmd nettest -D -s &
1220 sleep 1
1221 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1222 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1223
1224 log_start
1225 show_hint "Should fail since addresses on loopback are out of device scope"
1226 run_cmd nettest -D -s &
1227 sleep 1
1228 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1229 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1230
1231 log_start
1232 show_hint "Should fail since addresses on loopback are out of device scope"
1233 run_cmd nettest -D -s &
1234 sleep 1
1235 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1236 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1237 done
1238
1239 a=${NSA_IP}
1240 log_start
1241 run_cmd nettest -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1242 sleep 1
1243 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1244 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1245
1246 log_start
1247 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1248 log_test_addr ${a} $? 2 "No server, device client, local conn"
1249 }
1250
1251 ipv4_udp_vrf()
1252 {
1253 local a
1254
1255 # disable global server
1256 log_subsection "Global server disabled"
1257 set_sysctl net.ipv4.udp_l3mdev_accept=0
1258
1259 #
1260 # server tests
1261 #
1262 for a in ${NSA_IP} ${VRF_IP}
1263 do
1264 log_start
1265 show_hint "Fails because ingress is in a VRF and global server is disabled"
1266 run_cmd nettest -D -s &
1267 sleep 1
1268 run_cmd_nsb nettest -D -r ${a}
1269 log_test_addr ${a} $? 1 "Global server"
1270
1271 log_start
1272 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1273 sleep 1
1274 run_cmd_nsb nettest -D -r ${a}
1275 log_test_addr ${a} $? 0 "VRF server"
1276
1277 log_start
1278 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1279 sleep 1
1280 run_cmd_nsb nettest -D -r ${a}
1281 log_test_addr ${a} $? 0 "Enslaved device server"
1282
1283 log_start
1284 show_hint "Should fail 'Connection refused' since there is no server"
1285 run_cmd_nsb nettest -D -r ${a}
1286 log_test_addr ${a} $? 1 "No server"
1287
1288 log_start
1289 show_hint "Should fail 'Connection refused' since global server is out of scope"
1290 run_cmd nettest -D -s &
1291 sleep 1
1292 run_cmd nettest -D -d ${VRF} -r ${a}
1293 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1294 done
1295
1296 a=${NSA_IP}
1297 log_start
1298 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1299 sleep 1
1300 run_cmd nettest -D -d ${VRF} -r ${a}
1301 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1302
1303 log_start
1304 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1305 sleep 1
1306 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1307 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1308
1309 a=${NSA_IP}
1310 log_start
1311 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1312 sleep 1
1313 run_cmd nettest -D -d ${VRF} -r ${a}
1314 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1315
1316 log_start
1317 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1318 sleep 1
1319 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1320 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1321
1322 # enable global server
1323 log_subsection "Global server enabled"
1324 set_sysctl net.ipv4.udp_l3mdev_accept=1
1325
1326 #
1327 # server tests
1328 #
1329 for a in ${NSA_IP} ${VRF_IP}
1330 do
1331 log_start
1332 run_cmd nettest -D -s -2 ${NSA_DEV} &
1333 sleep 1
1334 run_cmd_nsb nettest -D -r ${a}
1335 log_test_addr ${a} $? 0 "Global server"
1336
1337 log_start
1338 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1339 sleep 1
1340 run_cmd_nsb nettest -D -r ${a}
1341 log_test_addr ${a} $? 0 "VRF server"
1342
1343 log_start
1344 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1345 sleep 1
1346 run_cmd_nsb nettest -D -r ${a}
1347 log_test_addr ${a} $? 0 "Enslaved device server"
1348
1349 log_start
1350 show_hint "Should fail 'Connection refused'"
1351 run_cmd_nsb nettest -D -r ${a}
1352 log_test_addr ${a} $? 1 "No server"
1353 done
1354
1355 #
1356 # client tests
1357 #
1358 log_start
1359 run_cmd_nsb nettest -D -s &
1360 sleep 1
1361 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1362 log_test $? 0 "VRF client"
1363
1364 log_start
1365 run_cmd_nsb nettest -D -s &
1366 sleep 1
1367 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1368 log_test $? 0 "Enslaved device client"
1369
1370 # negative test - should fail
1371 log_start
1372 show_hint "Should fail 'Connection refused'"
1373 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1374 log_test $? 1 "No server, VRF client"
1375
1376 log_start
1377 show_hint "Should fail 'Connection refused'"
1378 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1379 log_test $? 1 "No server, enslaved device client"
1380
1381 #
1382 # local address tests
1383 #
1384 a=${NSA_IP}
1385 log_start
1386 run_cmd nettest -D -s -2 ${NSA_DEV} &
1387 sleep 1
1388 run_cmd nettest -D -d ${VRF} -r ${a}
1389 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1390
1391 log_start
1392 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1393 sleep 1
1394 run_cmd nettest -D -d ${VRF} -r ${a}
1395 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1396
1397 log_start
1398 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1399 sleep 1
1400 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1401 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1402
1403 log_start
1404 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1405 sleep 1
1406 run_cmd nettest -D -d ${VRF} -r ${a}
1407 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1408
1409 log_start
1410 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1411 sleep 1
1412 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1413 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1414
1415 for a in ${VRF_IP} 127.0.0.1
1416 do
1417 log_start
1418 run_cmd nettest -D -s -2 ${VRF} &
1419 sleep 1
1420 run_cmd nettest -D -d ${VRF} -r ${a}
1421 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1422 done
1423
1424 for a in ${VRF_IP} 127.0.0.1
1425 do
1426 log_start
1427 run_cmd nettest -s -D -d ${VRF} -2 ${VRF} &
1428 sleep 1
1429 run_cmd nettest -D -d ${VRF} -r ${a}
1430 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1431 done
1432
1433 # negative test - should fail
1434 # verifies ECONNREFUSED
1435 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1436 do
1437 log_start
1438 show_hint "Should fail 'Connection refused'"
1439 run_cmd nettest -D -d ${VRF} -r ${a}
1440 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1441 done
1442 }
1443
1444 ipv4_udp()
1445 {
1446 log_section "IPv4/UDP"
1447 log_subsection "No VRF"
1448
1449 setup
1450
1451 # udp_l3mdev_accept should have no affect without VRF;
1452 # run tests with it enabled and disabled to verify
1453 log_subsection "udp_l3mdev_accept disabled"
1454 set_sysctl net.ipv4.udp_l3mdev_accept=0
1455 ipv4_udp_novrf
1456 log_subsection "udp_l3mdev_accept enabled"
1457 set_sysctl net.ipv4.udp_l3mdev_accept=1
1458 ipv4_udp_novrf
1459
1460 log_subsection "With VRF"
1461 setup "yes"
1462 ipv4_udp_vrf
1463 }
1464
1465 ################################################################################
1466 # IPv4 address bind
1467 #
1468 # verifies ability or inability to bind to an address / device
1469
1470 ipv4_addr_bind_novrf()
1471 {
1472 #
1473 # raw socket
1474 #
1475 for a in ${NSA_IP} ${NSA_LO_IP}
1476 do
1477 log_start
1478 run_cmd nettest -s -R -P icmp -l ${a} -b
1479 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1480
1481 log_start
1482 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1483 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1484 done
1485
1486 #
1487 # tcp sockets
1488 #
1489 a=${NSA_IP}
1490 log_start
1491 run_cmd nettest -l ${a} -r ${NSB_IP} -t1 -b
1492 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1493
1494 log_start
1495 run_cmd nettest -l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1496 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1497
1498 # Sadly, the kernel allows binding a socket to a device and then
1499 # binding to an address not on the device. The only restriction
1500 # is that the address is valid in the L3 domain. So this test
1501 # passes when it really should not
1502 #a=${NSA_LO_IP}
1503 #log_start
1504 #show_hint "Should fail with 'Cannot assign requested address'"
1505 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1506 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1507 }
1508
1509 ipv4_addr_bind_vrf()
1510 {
1511 #
1512 # raw socket
1513 #
1514 for a in ${NSA_IP} ${VRF_IP}
1515 do
1516 log_start
1517 run_cmd nettest -s -R -P icmp -l ${a} -b
1518 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1519
1520 log_start
1521 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1522 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1523 log_start
1524 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1525 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1526 done
1527
1528 a=${NSA_LO_IP}
1529 log_start
1530 show_hint "Address on loopback is out of VRF scope"
1531 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1532 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1533
1534 #
1535 # tcp sockets
1536 #
1537 for a in ${NSA_IP} ${VRF_IP}
1538 do
1539 log_start
1540 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1541 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1542
1543 log_start
1544 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1545 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1546 done
1547
1548 a=${NSA_LO_IP}
1549 log_start
1550 show_hint "Address on loopback out of scope for VRF"
1551 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1552 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1553
1554 log_start
1555 show_hint "Address on loopback out of scope for device in VRF"
1556 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1557 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1558 }
1559
1560 ipv4_addr_bind()
1561 {
1562 log_section "IPv4 address binds"
1563
1564 log_subsection "No VRF"
1565 setup
1566 ipv4_addr_bind_novrf
1567
1568 log_subsection "With VRF"
1569 setup "yes"
1570 ipv4_addr_bind_vrf
1571 }
1572
1573 ################################################################################
1574 # IPv4 runtime tests
1575
1576 ipv4_rt()
1577 {
1578 local desc="$1"
1579 local varg="$2"
1580 local with_vrf="yes"
1581 local a
1582
1583 #
1584 # server tests
1585 #
1586 for a in ${NSA_IP} ${VRF_IP}
1587 do
1588 log_start
1589 run_cmd nettest ${varg} -s &
1590 sleep 1
1591 run_cmd_nsb nettest ${varg} -r ${a} &
1592 sleep 3
1593 run_cmd ip link del ${VRF}
1594 sleep 1
1595 log_test_addr ${a} 0 0 "${desc}, global server"
1596
1597 setup ${with_vrf}
1598 done
1599
1600 for a in ${NSA_IP} ${VRF_IP}
1601 do
1602 log_start
1603 run_cmd nettest ${varg} -s -d ${VRF} &
1604 sleep 1
1605 run_cmd_nsb nettest ${varg} -r ${a} &
1606 sleep 3
1607 run_cmd ip link del ${VRF}
1608 sleep 1
1609 log_test_addr ${a} 0 0 "${desc}, VRF server"
1610
1611 setup ${with_vrf}
1612 done
1613
1614 a=${NSA_IP}
1615 log_start
1616 run_cmd nettest ${varg} -s -d ${NSA_DEV} &
1617 sleep 1
1618 run_cmd_nsb nettest ${varg} -r ${a} &
1619 sleep 3
1620 run_cmd ip link del ${VRF}
1621 sleep 1
1622 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1623
1624 setup ${with_vrf}
1625
1626 #
1627 # client test
1628 #
1629 log_start
1630 run_cmd_nsb nettest ${varg} -s &
1631 sleep 1
1632 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
1633 sleep 3
1634 run_cmd ip link del ${VRF}
1635 sleep 1
1636 log_test_addr ${a} 0 0 "${desc}, VRF client"
1637
1638 setup ${with_vrf}
1639
1640 log_start
1641 run_cmd_nsb nettest ${varg} -s &
1642 sleep 1
1643 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1644 sleep 3
1645 run_cmd ip link del ${VRF}
1646 sleep 1
1647 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1648
1649 setup ${with_vrf}
1650
1651 #
1652 # local address tests
1653 #
1654 for a in ${NSA_IP} ${VRF_IP}
1655 do
1656 log_start
1657 run_cmd nettest ${varg} -s &
1658 sleep 1
1659 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1660 sleep 3
1661 run_cmd ip link del ${VRF}
1662 sleep 1
1663 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1664
1665 setup ${with_vrf}
1666 done
1667
1668 for a in ${NSA_IP} ${VRF_IP}
1669 do
1670 log_start
1671 run_cmd nettest ${varg} -d ${VRF} -s &
1672 sleep 1
1673 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1674 sleep 3
1675 run_cmd ip link del ${VRF}
1676 sleep 1
1677 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1678
1679 setup ${with_vrf}
1680 done
1681
1682 a=${NSA_IP}
1683 log_start
1684 run_cmd nettest ${varg} -s &
1685 sleep 1
1686 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1687 sleep 3
1688 run_cmd ip link del ${VRF}
1689 sleep 1
1690 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
1691
1692 setup ${with_vrf}
1693
1694 log_start
1695 run_cmd nettest ${varg} -d ${VRF} -s &
1696 sleep 1
1697 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1698 sleep 3
1699 run_cmd ip link del ${VRF}
1700 sleep 1
1701 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1702
1703 setup ${with_vrf}
1704
1705 log_start
1706 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
1707 sleep 1
1708 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1709 sleep 3
1710 run_cmd ip link del ${VRF}
1711 sleep 1
1712 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
1713 }
1714
1715 ipv4_ping_rt()
1716 {
1717 local with_vrf="yes"
1718 local a
1719
1720 for a in ${NSA_IP} ${VRF_IP}
1721 do
1722 log_start
1723 run_cmd_nsb ping -f ${a} &
1724 sleep 3
1725 run_cmd ip link del ${VRF}
1726 sleep 1
1727 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
1728
1729 setup ${with_vrf}
1730 done
1731
1732 a=${NSB_IP}
1733 log_start
1734 run_cmd ping -f -I ${VRF} ${a} &
1735 sleep 3
1736 run_cmd ip link del ${VRF}
1737 sleep 1
1738 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
1739 }
1740
1741 ipv4_runtime()
1742 {
1743 log_section "Run time tests - ipv4"
1744
1745 setup "yes"
1746 ipv4_ping_rt
1747
1748 setup "yes"
1749 ipv4_rt "TCP active socket" "-n -1"
1750
1751 setup "yes"
1752 ipv4_rt "TCP passive socket" "-i"
1753 }
1754
1755 ################################################################################
1756 # IPv6
1757
1758 ipv6_ping_novrf()
1759 {
1760 local a
1761
1762 # should not have an impact, but make a known state
1763 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
1764
1765 #
1766 # out
1767 #
1768 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1769 do
1770 log_start
1771 run_cmd ${ping6} -c1 -w1 ${a}
1772 log_test_addr ${a} $? 0 "ping out"
1773 done
1774
1775 for a in ${NSB_IP6} ${NSB_LO_IP6}
1776 do
1777 log_start
1778 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1779 log_test_addr ${a} $? 0 "ping out, device bind"
1780
1781 log_start
1782 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
1783 log_test_addr ${a} $? 0 "ping out, loopback address bind"
1784 done
1785
1786 #
1787 # in
1788 #
1789 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1790 do
1791 log_start
1792 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1793 log_test_addr ${a} $? 0 "ping in"
1794 done
1795
1796 #
1797 # local traffic, local address
1798 #
1799 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1800 do
1801 log_start
1802 run_cmd ${ping6} -c1 -w1 ${a}
1803 log_test_addr ${a} $? 0 "ping local, no bind"
1804 done
1805
1806 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1807 do
1808 log_start
1809 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1810 log_test_addr ${a} $? 0 "ping local, device bind"
1811 done
1812
1813 for a in ${NSA_LO_IP6} ::1
1814 do
1815 log_start
1816 show_hint "Fails since address on loopback is out of device scope"
1817 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1818 log_test_addr ${a} $? 2 "ping local, device bind"
1819 done
1820
1821 #
1822 # ip rule blocks address
1823 #
1824 log_start
1825 setup_cmd ip -6 rule add pref 32765 from all lookup local
1826 setup_cmd ip -6 rule del pref 0 from all lookup local
1827 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
1828 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
1829
1830 a=${NSB_LO_IP6}
1831 run_cmd ${ping6} -c1 -w1 ${a}
1832 log_test_addr ${a} $? 2 "ping out, blocked by rule"
1833
1834 log_start
1835 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1836 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
1837
1838 a=${NSA_LO_IP6}
1839 log_start
1840 show_hint "Response lost due to ip rule"
1841 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1842 log_test_addr ${a} $? 1 "ping in, blocked by rule"
1843
1844 setup_cmd ip -6 rule add pref 0 from all lookup local
1845 setup_cmd ip -6 rule del pref 32765 from all lookup local
1846 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
1847 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
1848
1849 #
1850 # route blocks reachability to remote address
1851 #
1852 log_start
1853 setup_cmd ip -6 route del ${NSB_LO_IP6}
1854 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
1855 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
1856
1857 a=${NSB_LO_IP6}
1858 run_cmd ${ping6} -c1 -w1 ${a}
1859 log_test_addr ${a} $? 2 "ping out, blocked by route"
1860
1861 log_start
1862 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1863 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
1864
1865 a=${NSA_LO_IP6}
1866 log_start
1867 show_hint "Response lost due to ip route"
1868 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1869 log_test_addr ${a} $? 1 "ping in, blocked by route"
1870
1871
1872 #
1873 # remove 'remote' routes; fallback to default
1874 #
1875 log_start
1876 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
1877 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
1878
1879 a=${NSB_LO_IP6}
1880 run_cmd ${ping6} -c1 -w1 ${a}
1881 log_test_addr ${a} $? 2 "ping out, unreachable route"
1882
1883 log_start
1884 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1885 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
1886 }
1887
1888 ipv6_ping_vrf()
1889 {
1890 local a
1891
1892 # should default on; does not exist on older kernels
1893 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
1894
1895 #
1896 # out
1897 #
1898 for a in ${NSB_IP6} ${NSB_LO_IP6}
1899 do
1900 log_start
1901 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
1902 log_test_addr ${a} $? 0 "ping out, VRF bind"
1903 done
1904
1905 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
1906 do
1907 log_start
1908 show_hint "Fails since VRF device does not support linklocal or multicast"
1909 run_cmd ${ping6} -c1 -w1 ${a}
1910 log_test_addr ${a} $? 2 "ping out, VRF bind"
1911 done
1912
1913 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1914 do
1915 log_start
1916 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1917 log_test_addr ${a} $? 0 "ping out, device bind"
1918 done
1919
1920 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
1921 do
1922 log_start
1923 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
1924 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
1925 done
1926
1927 #
1928 # in
1929 #
1930 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1931 do
1932 log_start
1933 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1934 log_test_addr ${a} $? 0 "ping in"
1935 done
1936
1937 a=${NSA_LO_IP6}
1938 log_start
1939 show_hint "Fails since loopback address is out of VRF scope"
1940 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1941 log_test_addr ${a} $? 1 "ping in"
1942
1943 #
1944 # local traffic, local address
1945 #
1946 for a in ${NSA_IP6} ${VRF_IP6} ::1
1947 do
1948 log_start
1949 show_hint "Source address should be ${a}"
1950 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
1951 log_test_addr ${a} $? 0 "ping local, VRF bind"
1952 done
1953
1954 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1955 do
1956 log_start
1957 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1958 log_test_addr ${a} $? 0 "ping local, device bind"
1959 done
1960
1961 # LLA to GUA - remove ipv6 global addresses from ns-B
1962 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
1963 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
1964 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1965
1966 for a in ${NSA_IP6} ${VRF_IP6}
1967 do
1968 log_start
1969 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
1970 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
1971 done
1972
1973 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1974 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
1975 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
1976
1977 #
1978 # ip rule blocks address
1979 #
1980 log_start
1981 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
1982 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
1983
1984 a=${NSB_LO_IP6}
1985 run_cmd ${ping6} -c1 -w1 ${a}
1986 log_test_addr ${a} $? 2 "ping out, blocked by rule"
1987
1988 log_start
1989 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1990 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
1991
1992 a=${NSA_LO_IP6}
1993 log_start
1994 show_hint "Response lost due to ip rule"
1995 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1996 log_test_addr ${a} $? 1 "ping in, blocked by rule"
1997
1998 log_start
1999 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2000 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2001
2002 #
2003 # remove 'remote' routes; fallback to default
2004 #
2005 log_start
2006 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2007
2008 a=${NSB_LO_IP6}
2009 run_cmd ${ping6} -c1 -w1 ${a}
2010 log_test_addr ${a} $? 2 "ping out, unreachable route"
2011
2012 log_start
2013 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2014 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2015
2016 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2017 a=${NSA_LO_IP6}
2018 log_start
2019 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2020 log_test_addr ${a} $? 2 "ping in, unreachable route"
2021 }
2022
2023 ipv6_ping()
2024 {
2025 log_section "IPv6 ping"
2026
2027 log_subsection "No VRF"
2028 setup
2029 ipv6_ping_novrf
2030
2031 log_subsection "With VRF"
2032 setup "yes"
2033 ipv6_ping_vrf
2034 }
2035
2036 ################################################################################
2037 # IPv6 TCP
2038
2039 #
2040 # MD5 tests without VRF
2041 #
2042 ipv6_tcp_md5_novrf()
2043 {
2044 #
2045 # single address
2046 #
2047
2048 # basic use case
2049 log_start
2050 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} &
2051 sleep 1
2052 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2053 log_test $? 0 "MD5: Single address config"
2054
2055 # client sends MD5, server not configured
2056 log_start
2057 show_hint "Should timeout due to MD5 mismatch"
2058 run_cmd nettest -6 -s &
2059 sleep 1
2060 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2061 log_test $? 2 "MD5: Server no config, client uses password"
2062
2063 # wrong password
2064 log_start
2065 show_hint "Should timeout since client uses wrong password"
2066 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} &
2067 sleep 1
2068 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2069 log_test $? 2 "MD5: Client uses wrong password"
2070
2071 # client from different address
2072 log_start
2073 show_hint "Should timeout due to MD5 mismatch"
2074 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_LO_IP6} &
2075 sleep 1
2076 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2077 log_test $? 2 "MD5: Client address does not match address configured with password"
2078
2079 #
2080 # MD5 extension - prefix length
2081 #
2082
2083 # client in prefix
2084 log_start
2085 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2086 sleep 1
2087 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
2088 log_test $? 0 "MD5: Prefix config"
2089
2090 # client in prefix, wrong password
2091 log_start
2092 show_hint "Should timeout since client uses wrong password"
2093 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2094 sleep 1
2095 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
2096 log_test $? 2 "MD5: Prefix config, client uses wrong password"
2097
2098 # client outside of prefix
2099 log_start
2100 show_hint "Should timeout due to MD5 mismatch"
2101 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2102 sleep 1
2103 run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW}
2104 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
2105 }
2106
2107 ipv6_tcp_novrf()
2108 {
2109 local a
2110
2111 #
2112 # server tests
2113 #
2114 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2115 do
2116 log_start
2117 run_cmd nettest -6 -s &
2118 sleep 1
2119 run_cmd_nsb nettest -6 -r ${a}
2120 log_test_addr ${a} $? 0 "Global server"
2121 done
2122
2123 # verify TCP reset received
2124 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2125 do
2126 log_start
2127 show_hint "Should fail 'Connection refused'"
2128 run_cmd_nsb nettest -6 -r ${a}
2129 log_test_addr ${a} $? 1 "No server"
2130 done
2131
2132 #
2133 # client
2134 #
2135 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2136 do
2137 log_start
2138 run_cmd_nsb nettest -6 -s &
2139 sleep 1
2140 run_cmd nettest -6 -r ${a}
2141 log_test_addr ${a} $? 0 "Client"
2142 done
2143
2144 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2145 do
2146 log_start
2147 run_cmd_nsb nettest -6 -s &
2148 sleep 1
2149 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2150 log_test_addr ${a} $? 0 "Client, device bind"
2151 done
2152
2153 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2154 do
2155 log_start
2156 show_hint "Should fail 'Connection refused'"
2157 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2158 log_test_addr ${a} $? 1 "No server, device client"
2159 done
2160
2161 #
2162 # local address tests
2163 #
2164 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2165 do
2166 log_start
2167 run_cmd nettest -6 -s &
2168 sleep 1
2169 run_cmd nettest -6 -r ${a}
2170 log_test_addr ${a} $? 0 "Global server, local connection"
2171 done
2172
2173 a=${NSA_IP6}
2174 log_start
2175 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2176 sleep 1
2177 run_cmd nettest -6 -r ${a} -0 ${a}
2178 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2179
2180 for a in ${NSA_LO_IP6} ::1
2181 do
2182 log_start
2183 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2184 run_cmd nettest -6 -s -d ${NSA_DEV} &
2185 sleep 1
2186 run_cmd nettest -6 -r ${a}
2187 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2188 done
2189
2190 a=${NSA_IP6}
2191 log_start
2192 run_cmd nettest -6 -s &
2193 sleep 1
2194 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2195 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2196
2197 for a in ${NSA_LO_IP6} ::1
2198 do
2199 log_start
2200 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2201 run_cmd nettest -6 -s &
2202 sleep 1
2203 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2204 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2205 done
2206
2207 for a in ${NSA_IP6} ${NSA_LINKIP6}
2208 do
2209 log_start
2210 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2211 sleep 1
2212 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2213 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2214 done
2215
2216 for a in ${NSA_IP6} ${NSA_LINKIP6}
2217 do
2218 log_start
2219 show_hint "Should fail 'Connection refused'"
2220 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2221 log_test_addr ${a} $? 1 "No server, device client, local conn"
2222 done
2223
2224 ipv6_tcp_md5_novrf
2225 }
2226
2227 ipv6_tcp_vrf()
2228 {
2229 local a
2230
2231 # disable global server
2232 log_subsection "Global server disabled"
2233
2234 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2235
2236 #
2237 # server tests
2238 #
2239 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2240 do
2241 log_start
2242 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2243 run_cmd nettest -6 -s &
2244 sleep 1
2245 run_cmd_nsb nettest -6 -r ${a}
2246 log_test_addr ${a} $? 1 "Global server"
2247 done
2248
2249 for a in ${NSA_IP6} ${VRF_IP6}
2250 do
2251 log_start
2252 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2253 sleep 1
2254 run_cmd_nsb nettest -6 -r ${a}
2255 log_test_addr ${a} $? 0 "VRF server"
2256 done
2257
2258 # link local is always bound to ingress device
2259 a=${NSA_LINKIP6}%${NSB_DEV}
2260 log_start
2261 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
2262 sleep 1
2263 run_cmd_nsb nettest -6 -r ${a}
2264 log_test_addr ${a} $? 0 "VRF server"
2265
2266 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2267 do
2268 log_start
2269 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2270 sleep 1
2271 run_cmd_nsb nettest -6 -r ${a}
2272 log_test_addr ${a} $? 0 "Device server"
2273 done
2274
2275 # verify TCP reset received
2276 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2277 do
2278 log_start
2279 show_hint "Should fail 'Connection refused'"
2280 run_cmd_nsb nettest -6 -r ${a}
2281 log_test_addr ${a} $? 1 "No server"
2282 done
2283
2284 # local address tests
2285 a=${NSA_IP6}
2286 log_start
2287 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2288 run_cmd nettest -6 -s &
2289 sleep 1
2290 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2291 log_test_addr ${a} $? 1 "Global server, local connection"
2292
2293 #
2294 # enable VRF global server
2295 #
2296 log_subsection "VRF Global server enabled"
2297 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2298
2299 for a in ${NSA_IP6} ${VRF_IP6}
2300 do
2301 log_start
2302 run_cmd nettest -6 -s -2 ${VRF} &
2303 sleep 1
2304 run_cmd_nsb nettest -6 -r ${a}
2305 log_test_addr ${a} $? 0 "Global server"
2306 done
2307
2308 for a in ${NSA_IP6} ${VRF_IP6}
2309 do
2310 log_start
2311 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2312 sleep 1
2313 run_cmd_nsb nettest -6 -r ${a}
2314 log_test_addr ${a} $? 0 "VRF server"
2315 done
2316
2317 # For LLA, child socket is bound to device
2318 a=${NSA_LINKIP6}%${NSB_DEV}
2319 log_start
2320 run_cmd nettest -6 -s -2 ${NSA_DEV} &
2321 sleep 1
2322 run_cmd_nsb nettest -6 -r ${a}
2323 log_test_addr ${a} $? 0 "Global server"
2324
2325 log_start
2326 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
2327 sleep 1
2328 run_cmd_nsb nettest -6 -r ${a}
2329 log_test_addr ${a} $? 0 "VRF server"
2330
2331 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2332 do
2333 log_start
2334 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2335 sleep 1
2336 run_cmd_nsb nettest -6 -r ${a}
2337 log_test_addr ${a} $? 0 "Device server"
2338 done
2339
2340 # verify TCP reset received
2341 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2342 do
2343 log_start
2344 show_hint "Should fail 'Connection refused'"
2345 run_cmd_nsb nettest -6 -r ${a}
2346 log_test_addr ${a} $? 1 "No server"
2347 done
2348
2349 # local address tests
2350 for a in ${NSA_IP6} ${VRF_IP6}
2351 do
2352 log_start
2353 show_hint "Fails 'No route to host' since client is not in VRF"
2354 run_cmd nettest -6 -s -2 ${VRF} &
2355 sleep 1
2356 run_cmd nettest -6 -r ${a}
2357 log_test_addr ${a} $? 1 "Global server, local connection"
2358 done
2359
2360
2361 #
2362 # client
2363 #
2364 for a in ${NSB_IP6} ${NSB_LO_IP6}
2365 do
2366 log_start
2367 run_cmd_nsb nettest -6 -s &
2368 sleep 1
2369 run_cmd nettest -6 -r ${a} -d ${VRF}
2370 log_test_addr ${a} $? 0 "Client, VRF bind"
2371 done
2372
2373 a=${NSB_LINKIP6}
2374 log_start
2375 show_hint "Fails since VRF device does not allow linklocal addresses"
2376 run_cmd_nsb nettest -6 -s &
2377 sleep 1
2378 run_cmd nettest -6 -r ${a} -d ${VRF}
2379 log_test_addr ${a} $? 1 "Client, VRF bind"
2380
2381 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2382 do
2383 log_start
2384 run_cmd_nsb nettest -6 -s &
2385 sleep 1
2386 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2387 log_test_addr ${a} $? 0 "Client, device bind"
2388 done
2389
2390 for a in ${NSB_IP6} ${NSB_LO_IP6}
2391 do
2392 log_start
2393 show_hint "Should fail 'Connection refused'"
2394 run_cmd nettest -6 -r ${a} -d ${VRF}
2395 log_test_addr ${a} $? 1 "No server, VRF client"
2396 done
2397
2398 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2399 do
2400 log_start
2401 show_hint "Should fail 'Connection refused'"
2402 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2403 log_test_addr ${a} $? 1 "No server, device client"
2404 done
2405
2406 for a in ${NSA_IP6} ${VRF_IP6} ::1
2407 do
2408 log_start
2409 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2410 sleep 1
2411 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2412 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2413 done
2414
2415 a=${NSA_IP6}
2416 log_start
2417 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2418 sleep 1
2419 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2420 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2421
2422 a=${NSA_IP6}
2423 log_start
2424 show_hint "Should fail since unbound client is out of VRF scope"
2425 run_cmd nettest -6 -s -d ${VRF} &
2426 sleep 1
2427 run_cmd nettest -6 -r ${a}
2428 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2429
2430 log_start
2431 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2432 sleep 1
2433 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2434 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2435
2436 for a in ${NSA_IP6} ${NSA_LINKIP6}
2437 do
2438 log_start
2439 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2440 sleep 1
2441 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2442 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2443 done
2444 }
2445
2446 ipv6_tcp()
2447 {
2448 log_section "IPv6/TCP"
2449 log_subsection "No VRF"
2450 setup
2451
2452 # tcp_l3mdev_accept should have no affect without VRF;
2453 # run tests with it enabled and disabled to verify
2454 log_subsection "tcp_l3mdev_accept disabled"
2455 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2456 ipv6_tcp_novrf
2457 log_subsection "tcp_l3mdev_accept enabled"
2458 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2459 ipv6_tcp_novrf
2460
2461 log_subsection "With VRF"
2462 setup "yes"
2463 ipv6_tcp_vrf
2464 }
2465
2466 ################################################################################
2467 # IPv6 UDP
2468
2469 ipv6_udp_novrf()
2470 {
2471 local a
2472
2473 #
2474 # server tests
2475 #
2476 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2477 do
2478 log_start
2479 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2480 sleep 1
2481 run_cmd_nsb nettest -6 -D -r ${a}
2482 log_test_addr ${a} $? 0 "Global server"
2483
2484 log_start
2485 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2486 sleep 1
2487 run_cmd_nsb nettest -6 -D -r ${a}
2488 log_test_addr ${a} $? 0 "Device server"
2489 done
2490
2491 a=${NSA_LO_IP6}
2492 log_start
2493 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2494 sleep 1
2495 run_cmd_nsb nettest -6 -D -r ${a}
2496 log_test_addr ${a} $? 0 "Global server"
2497
2498 # should fail since loopback address is out of scope for a device
2499 # bound server, but it does not - hence this is more documenting
2500 # behavior.
2501 #log_start
2502 #show_hint "Should fail since loopback address is out of scope"
2503 #run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2504 #sleep 1
2505 #run_cmd_nsb nettest -6 -D -r ${a}
2506 #log_test_addr ${a} $? 1 "Device server"
2507
2508 # negative test - should fail
2509 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2510 do
2511 log_start
2512 show_hint "Should fail 'Connection refused' since there is no server"
2513 run_cmd_nsb nettest -6 -D -r ${a}
2514 log_test_addr ${a} $? 1 "No server"
2515 done
2516
2517 #
2518 # client
2519 #
2520 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2521 do
2522 log_start
2523 run_cmd_nsb nettest -6 -D -s &
2524 sleep 1
2525 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2526 log_test_addr ${a} $? 0 "Client"
2527
2528 log_start
2529 run_cmd_nsb nettest -6 -D -s &
2530 sleep 1
2531 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2532 log_test_addr ${a} $? 0 "Client, device bind"
2533
2534 log_start
2535 run_cmd_nsb nettest -6 -D -s &
2536 sleep 1
2537 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2538 log_test_addr ${a} $? 0 "Client, device send via cmsg"
2539
2540 log_start
2541 run_cmd_nsb nettest -6 -D -s &
2542 sleep 1
2543 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2544 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
2545
2546 log_start
2547 show_hint "Should fail 'Connection refused'"
2548 run_cmd nettest -6 -D -r ${a}
2549 log_test_addr ${a} $? 1 "No server, unbound client"
2550
2551 log_start
2552 show_hint "Should fail 'Connection refused'"
2553 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2554 log_test_addr ${a} $? 1 "No server, device client"
2555 done
2556
2557 #
2558 # local address tests
2559 #
2560 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2561 do
2562 log_start
2563 run_cmd nettest -6 -D -s &
2564 sleep 1
2565 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
2566 log_test_addr ${a} $? 0 "Global server, local connection"
2567 done
2568
2569 a=${NSA_IP6}
2570 log_start
2571 run_cmd nettest -6 -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
2572 sleep 1
2573 run_cmd nettest -6 -D -r ${a}
2574 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2575
2576 for a in ${NSA_LO_IP6} ::1
2577 do
2578 log_start
2579 show_hint "Should fail 'Connection refused' since address is out of device scope"
2580 run_cmd nettest -6 -s -D -d ${NSA_DEV} &
2581 sleep 1
2582 run_cmd nettest -6 -D -r ${a}
2583 log_test_addr ${a} $? 1 "Device server, local connection"
2584 done
2585
2586 a=${NSA_IP6}
2587 log_start
2588 run_cmd nettest -6 -s -D &
2589 sleep 1
2590 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2591 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2592
2593 log_start
2594 run_cmd nettest -6 -s -D &
2595 sleep 1
2596 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
2597 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
2598
2599 log_start
2600 run_cmd nettest -6 -s -D &
2601 sleep 1
2602 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
2603 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
2604
2605 for a in ${NSA_LO_IP6} ::1
2606 do
2607 log_start
2608 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2609 run_cmd nettest -6 -D -s &
2610 sleep 1
2611 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2612 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2613
2614 log_start
2615 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2616 run_cmd nettest -6 -D -s &
2617 sleep 1
2618 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
2619 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
2620
2621 log_start
2622 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2623 run_cmd nettest -6 -D -s &
2624 sleep 1
2625 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
2626 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
2627 done
2628
2629 a=${NSA_IP6}
2630 log_start
2631 run_cmd nettest -6 -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2632 sleep 1
2633 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
2634 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2635
2636 log_start
2637 show_hint "Should fail 'Connection refused'"
2638 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2639 log_test_addr ${a} $? 1 "No server, device client, local conn"
2640
2641 # LLA to GUA
2642 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2643 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
2644 log_start
2645 run_cmd nettest -6 -s -D &
2646 sleep 1
2647 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
2648 log_test $? 0 "UDP in - LLA to GUA"
2649
2650 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
2651 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
2652 }
2653
2654 ipv6_udp_vrf()
2655 {
2656 local a
2657
2658 # disable global server
2659 log_subsection "Global server disabled"
2660 set_sysctl net.ipv4.udp_l3mdev_accept=0
2661
2662 #
2663 # server tests
2664 #
2665 for a in ${NSA_IP6} ${VRF_IP6}
2666 do
2667 log_start
2668 show_hint "Should fail 'Connection refused' since global server is disabled"
2669 run_cmd nettest -6 -D -s &
2670 sleep 1
2671 run_cmd_nsb nettest -6 -D -r ${a}
2672 log_test_addr ${a} $? 1 "Global server"
2673 done
2674
2675 for a in ${NSA_IP6} ${VRF_IP6}
2676 do
2677 log_start
2678 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2679 sleep 1
2680 run_cmd_nsb nettest -6 -D -r ${a}
2681 log_test_addr ${a} $? 0 "VRF server"
2682 done
2683
2684 for a in ${NSA_IP6} ${VRF_IP6}
2685 do
2686 log_start
2687 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2688 sleep 1
2689 run_cmd_nsb nettest -6 -D -r ${a}
2690 log_test_addr ${a} $? 0 "Enslaved device server"
2691 done
2692
2693 # negative test - should fail
2694 for a in ${NSA_IP6} ${VRF_IP6}
2695 do
2696 log_start
2697 show_hint "Should fail 'Connection refused' since there is no server"
2698 run_cmd_nsb nettest -6 -D -r ${a}
2699 log_test_addr ${a} $? 1 "No server"
2700 done
2701
2702 #
2703 # local address tests
2704 #
2705 for a in ${NSA_IP6} ${VRF_IP6}
2706 do
2707 log_start
2708 show_hint "Should fail 'Connection refused' since global server is disabled"
2709 run_cmd nettest -6 -D -s &
2710 sleep 1
2711 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2712 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
2713 done
2714
2715 for a in ${NSA_IP6} ${VRF_IP6}
2716 do
2717 log_start
2718 run_cmd nettest -6 -D -d ${VRF} -s &
2719 sleep 1
2720 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2721 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
2722 done
2723
2724 a=${NSA_IP6}
2725 log_start
2726 show_hint "Should fail 'Connection refused' since global server is disabled"
2727 run_cmd nettest -6 -D -s &
2728 sleep 1
2729 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2730 log_test_addr ${a} $? 1 "Global server, device client, local conn"
2731
2732 log_start
2733 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2734 sleep 1
2735 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2736 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
2737
2738 log_start
2739 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2740 sleep 1
2741 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2742 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
2743
2744 log_start
2745 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2746 sleep 1
2747 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2748 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
2749
2750 # disable global server
2751 log_subsection "Global server enabled"
2752 set_sysctl net.ipv4.udp_l3mdev_accept=1
2753
2754 #
2755 # server tests
2756 #
2757 for a in ${NSA_IP6} ${VRF_IP6}
2758 do
2759 log_start
2760 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2761 sleep 1
2762 run_cmd_nsb nettest -6 -D -r ${a}
2763 log_test_addr ${a} $? 0 "Global server"
2764 done
2765
2766 for a in ${NSA_IP6} ${VRF_IP6}
2767 do
2768 log_start
2769 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2770 sleep 1
2771 run_cmd_nsb nettest -6 -D -r ${a}
2772 log_test_addr ${a} $? 0 "VRF server"
2773 done
2774
2775 for a in ${NSA_IP6} ${VRF_IP6}
2776 do
2777 log_start
2778 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2779 sleep 1
2780 run_cmd_nsb nettest -6 -D -r ${a}
2781 log_test_addr ${a} $? 0 "Enslaved device server"
2782 done
2783
2784 # negative test - should fail
2785 for a in ${NSA_IP6} ${VRF_IP6}
2786 do
2787 log_start
2788 run_cmd_nsb nettest -6 -D -r ${a}
2789 log_test_addr ${a} $? 1 "No server"
2790 done
2791
2792 #
2793 # client tests
2794 #
2795 log_start
2796 run_cmd_nsb nettest -6 -D -s &
2797 sleep 1
2798 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
2799 log_test $? 0 "VRF client"
2800
2801 # negative test - should fail
2802 log_start
2803 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
2804 log_test $? 1 "No server, VRF client"
2805
2806 log_start
2807 run_cmd_nsb nettest -6 -D -s &
2808 sleep 1
2809 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
2810 log_test $? 0 "Enslaved device client"
2811
2812 # negative test - should fail
2813 log_start
2814 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
2815 log_test $? 1 "No server, enslaved device client"
2816
2817 #
2818 # local address tests
2819 #
2820 a=${NSA_IP6}
2821 log_start
2822 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2823 sleep 1
2824 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2825 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
2826
2827 #log_start
2828 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2829 sleep 1
2830 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2831 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
2832
2833
2834 a=${VRF_IP6}
2835 log_start
2836 run_cmd nettest -6 -D -s -2 ${VRF} &
2837 sleep 1
2838 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2839 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
2840
2841 log_start
2842 run_cmd nettest -6 -D -d ${VRF} -s -2 ${VRF} &
2843 sleep 1
2844 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2845 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
2846
2847 # negative test - should fail
2848 for a in ${NSA_IP6} ${VRF_IP6}
2849 do
2850 log_start
2851 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2852 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
2853 done
2854
2855 # device to global IP
2856 a=${NSA_IP6}
2857 log_start
2858 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2859 sleep 1
2860 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2861 log_test_addr ${a} $? 0 "Global server, device client, local conn"
2862
2863 log_start
2864 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2865 sleep 1
2866 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2867 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
2868
2869 log_start
2870 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2871 sleep 1
2872 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2873 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
2874
2875 log_start
2876 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2877 sleep 1
2878 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2879 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2880
2881 log_start
2882 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2883 log_test_addr ${a} $? 1 "No server, device client, local conn"
2884
2885
2886 # link local addresses
2887 log_start
2888 run_cmd nettest -6 -D -s &
2889 sleep 1
2890 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
2891 log_test $? 0 "Global server, linklocal IP"
2892
2893 log_start
2894 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
2895 log_test $? 1 "No server, linklocal IP"
2896
2897
2898 log_start
2899 run_cmd_nsb nettest -6 -D -s &
2900 sleep 1
2901 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
2902 log_test $? 0 "Enslaved device client, linklocal IP"
2903
2904 log_start
2905 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
2906 log_test $? 1 "No server, device client, peer linklocal IP"
2907
2908
2909 log_start
2910 run_cmd nettest -6 -D -s &
2911 sleep 1
2912 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
2913 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
2914
2915 log_start
2916 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
2917 log_test $? 1 "No server, device client, local conn - linklocal IP"
2918
2919 # LLA to GUA
2920 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2921 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
2922 log_start
2923 run_cmd nettest -6 -s -D &
2924 sleep 1
2925 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
2926 log_test $? 0 "UDP in - LLA to GUA"
2927
2928 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
2929 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
2930 }
2931
2932 ipv6_udp()
2933 {
2934 # should not matter, but set to known state
2935 set_sysctl net.ipv4.udp_early_demux=1
2936
2937 log_section "IPv6/UDP"
2938 log_subsection "No VRF"
2939 setup
2940
2941 # udp_l3mdev_accept should have no affect without VRF;
2942 # run tests with it enabled and disabled to verify
2943 log_subsection "udp_l3mdev_accept disabled"
2944 set_sysctl net.ipv4.udp_l3mdev_accept=0
2945 ipv6_udp_novrf
2946 log_subsection "udp_l3mdev_accept enabled"
2947 set_sysctl net.ipv4.udp_l3mdev_accept=1
2948 ipv6_udp_novrf
2949
2950 log_subsection "With VRF"
2951 setup "yes"
2952 ipv6_udp_vrf
2953 }
2954
2955 ################################################################################
2956 # IPv6 address bind
2957
2958 ipv6_addr_bind_novrf()
2959 {
2960 #
2961 # raw socket
2962 #
2963 for a in ${NSA_IP6} ${NSA_LO_IP6}
2964 do
2965 log_start
2966 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
2967 log_test_addr ${a} $? 0 "Raw socket bind to local address"
2968
2969 log_start
2970 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
2971 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
2972 done
2973
2974 #
2975 # tcp sockets
2976 #
2977 a=${NSA_IP6}
2978 log_start
2979 run_cmd nettest -6 -s -l ${a} -t1 -b
2980 log_test_addr ${a} $? 0 "TCP socket bind to local address"
2981
2982 log_start
2983 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2984 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
2985
2986 a=${NSA_LO_IP6}
2987 log_start
2988 show_hint "Should fail with 'Cannot assign requested address'"
2989 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2990 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
2991 }
2992
2993 ipv6_addr_bind_vrf()
2994 {
2995 #
2996 # raw socket
2997 #
2998 for a in ${NSA_IP6} ${VRF_IP6}
2999 do
3000 log_start
3001 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
3002 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3003
3004 log_start
3005 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
3006 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3007 done
3008
3009 a=${NSA_LO_IP6}
3010 log_start
3011 show_hint "Address on loopback is out of VRF scope"
3012 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
3013 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3014
3015 #
3016 # tcp sockets
3017 #
3018 # address on enslaved device is valid for the VRF or device in a VRF
3019 for a in ${NSA_IP6} ${VRF_IP6}
3020 do
3021 log_start
3022 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
3023 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3024 done
3025
3026 a=${NSA_IP6}
3027 log_start
3028 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3029 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3030
3031 a=${VRF_IP6}
3032 log_start
3033 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3034 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind"
3035
3036 a=${NSA_LO_IP6}
3037 log_start
3038 show_hint "Address on loopback out of scope for VRF"
3039 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
3040 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3041
3042 log_start
3043 show_hint "Address on loopback out of scope for device in VRF"
3044 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3045 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3046
3047 }
3048
3049 ipv6_addr_bind()
3050 {
3051 log_section "IPv6 address binds"
3052
3053 log_subsection "No VRF"
3054 setup
3055 ipv6_addr_bind_novrf
3056
3057 log_subsection "With VRF"
3058 setup "yes"
3059 ipv6_addr_bind_vrf
3060 }
3061
3062 ################################################################################
3063 # IPv6 runtime tests
3064
3065 ipv6_rt()
3066 {
3067 local desc="$1"
3068 local varg="-6 $2"
3069 local with_vrf="yes"
3070 local a
3071
3072 #
3073 # server tests
3074 #
3075 for a in ${NSA_IP6} ${VRF_IP6}
3076 do
3077 log_start
3078 run_cmd nettest ${varg} -s &
3079 sleep 1
3080 run_cmd_nsb nettest ${varg} -r ${a} &
3081 sleep 3
3082 run_cmd ip link del ${VRF}
3083 sleep 1
3084 log_test_addr ${a} 0 0 "${desc}, global server"
3085
3086 setup ${with_vrf}
3087 done
3088
3089 for a in ${NSA_IP6} ${VRF_IP6}
3090 do
3091 log_start
3092 run_cmd nettest ${varg} -d ${VRF} -s &
3093 sleep 1
3094 run_cmd_nsb nettest ${varg} -r ${a} &
3095 sleep 3
3096 run_cmd ip link del ${VRF}
3097 sleep 1
3098 log_test_addr ${a} 0 0 "${desc}, VRF server"
3099
3100 setup ${with_vrf}
3101 done
3102
3103 for a in ${NSA_IP6} ${VRF_IP6}
3104 do
3105 log_start
3106 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
3107 sleep 1
3108 run_cmd_nsb nettest ${varg} -r ${a} &
3109 sleep 3
3110 run_cmd ip link del ${VRF}
3111 sleep 1
3112 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3113
3114 setup ${with_vrf}
3115 done
3116
3117 #
3118 # client test
3119 #
3120 log_start
3121 run_cmd_nsb nettest ${varg} -s &
3122 sleep 1
3123 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3124 sleep 3
3125 run_cmd ip link del ${VRF}
3126 sleep 1
3127 log_test 0 0 "${desc}, VRF client"
3128
3129 setup ${with_vrf}
3130
3131 log_start
3132 run_cmd_nsb nettest ${varg} -s &
3133 sleep 1
3134 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3135 sleep 3
3136 run_cmd ip link del ${VRF}
3137 sleep 1
3138 log_test 0 0 "${desc}, enslaved device client"
3139
3140 setup ${with_vrf}
3141
3142
3143 #
3144 # local address tests
3145 #
3146 for a in ${NSA_IP6} ${VRF_IP6}
3147 do
3148 log_start
3149 run_cmd nettest ${varg} -s &
3150 sleep 1
3151 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3152 sleep 3
3153 run_cmd ip link del ${VRF}
3154 sleep 1
3155 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3156
3157 setup ${with_vrf}
3158 done
3159
3160 for a in ${NSA_IP6} ${VRF_IP6}
3161 do
3162 log_start
3163 run_cmd nettest ${varg} -d ${VRF} -s &
3164 sleep 1
3165 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3166 sleep 3
3167 run_cmd ip link del ${VRF}
3168 sleep 1
3169 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3170
3171 setup ${with_vrf}
3172 done
3173
3174 a=${NSA_IP6}
3175 log_start
3176 run_cmd nettest ${varg} -s &
3177 sleep 1
3178 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3179 sleep 3
3180 run_cmd ip link del ${VRF}
3181 sleep 1
3182 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3183
3184 setup ${with_vrf}
3185
3186 log_start
3187 run_cmd nettest ${varg} -d ${VRF} -s &
3188 sleep 1
3189 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3190 sleep 3
3191 run_cmd ip link del ${VRF}
3192 sleep 1
3193 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3194
3195 setup ${with_vrf}
3196
3197 log_start
3198 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
3199 sleep 1
3200 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3201 sleep 3
3202 run_cmd ip link del ${VRF}
3203 sleep 1
3204 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3205 }
3206
3207 ipv6_ping_rt()
3208 {
3209 local with_vrf="yes"
3210 local a
3211
3212 a=${NSA_IP6}
3213 log_start
3214 run_cmd_nsb ${ping6} -f ${a} &
3215 sleep 3
3216 run_cmd ip link del ${VRF}
3217 sleep 1
3218 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3219
3220 setup ${with_vrf}
3221
3222 log_start
3223 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3224 sleep 1
3225 run_cmd ip link del ${VRF}
3226 sleep 1
3227 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3228 }
3229
3230 ipv6_runtime()
3231 {
3232 log_section "Run time tests - ipv6"
3233
3234 setup "yes"
3235 ipv6_ping_rt
3236
3237 setup "yes"
3238 ipv6_rt "TCP active socket" "-n -1"
3239
3240 setup "yes"
3241 ipv6_rt "TCP passive socket" "-i"
3242
3243 setup "yes"
3244 ipv6_rt "UDP active socket" "-D -n -1"
3245 }
3246
3247 ################################################################################
3248 # netfilter blocking connections
3249
3250 netfilter_tcp_reset()
3251 {
3252 local a
3253
3254 for a in ${NSA_IP} ${VRF_IP}
3255 do
3256 log_start
3257 run_cmd nettest -s &
3258 sleep 1
3259 run_cmd_nsb nettest -r ${a}
3260 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3261 done
3262 }
3263
3264 netfilter_icmp()
3265 {
3266 local stype="$1"
3267 local arg
3268 local a
3269
3270 [ "${stype}" = "UDP" ] && arg="-D"
3271
3272 for a in ${NSA_IP} ${VRF_IP}
3273 do
3274 log_start
3275 run_cmd nettest ${arg} -s &
3276 sleep 1
3277 run_cmd_nsb nettest ${arg} -r ${a}
3278 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3279 done
3280 }
3281
3282 ipv4_netfilter()
3283 {
3284 log_section "IPv4 Netfilter"
3285 log_subsection "TCP reset"
3286
3287 setup "yes"
3288 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3289
3290 netfilter_tcp_reset
3291
3292 log_start
3293 log_subsection "ICMP unreachable"
3294
3295 log_start
3296 run_cmd iptables -F
3297 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3298 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3299
3300 netfilter_icmp "TCP"
3301 netfilter_icmp "UDP"
3302
3303 log_start
3304 iptables -F
3305 }
3306
3307 netfilter_tcp6_reset()
3308 {
3309 local a
3310
3311 for a in ${NSA_IP6} ${VRF_IP6}
3312 do
3313 log_start
3314 run_cmd nettest -6 -s &
3315 sleep 1
3316 run_cmd_nsb nettest -6 -r ${a}
3317 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3318 done
3319 }
3320
3321 netfilter_icmp6()
3322 {
3323 local stype="$1"
3324 local arg
3325 local a
3326
3327 [ "${stype}" = "UDP" ] && arg="$arg -D"
3328
3329 for a in ${NSA_IP6} ${VRF_IP6}
3330 do
3331 log_start
3332 run_cmd nettest -6 -s ${arg} &
3333 sleep 1
3334 run_cmd_nsb nettest -6 ${arg} -r ${a}
3335 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3336 done
3337 }
3338
3339 ipv6_netfilter()
3340 {
3341 log_section "IPv6 Netfilter"
3342 log_subsection "TCP reset"
3343
3344 setup "yes"
3345 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3346
3347 netfilter_tcp6_reset
3348
3349 log_subsection "ICMP unreachable"
3350
3351 log_start
3352 run_cmd ip6tables -F
3353 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3354 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3355
3356 netfilter_icmp6 "TCP"
3357 netfilter_icmp6 "UDP"
3358
3359 log_start
3360 ip6tables -F
3361 }
3362
3363 ################################################################################
3364 # specific use cases
3365
3366 # VRF only.
3367 # ns-A device enslaved to bridge. Verify traffic with and without
3368 # br_netfilter module loaded. Repeat with SVI on bridge.
3369 use_case_br()
3370 {
3371 setup "yes"
3372
3373 setup_cmd ip link set ${NSA_DEV} down
3374 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24
3375 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
3376
3377 setup_cmd ip link add br0 type bridge
3378 setup_cmd ip addr add dev br0 ${NSA_IP}/24
3379 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
3380
3381 setup_cmd ip li set ${NSA_DEV} master br0
3382 setup_cmd ip li set ${NSA_DEV} up
3383 setup_cmd ip li set br0 up
3384 setup_cmd ip li set br0 vrf ${VRF}
3385
3386 rmmod br_netfilter 2>/dev/null
3387 sleep 5 # DAD
3388
3389 run_cmd ip neigh flush all
3390 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3391 log_test $? 0 "Bridge into VRF - IPv4 ping out"
3392
3393 run_cmd ip neigh flush all
3394 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3395 log_test $? 0 "Bridge into VRF - IPv6 ping out"
3396
3397 run_cmd ip neigh flush all
3398 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3399 log_test $? 0 "Bridge into VRF - IPv4 ping in"
3400
3401 run_cmd ip neigh flush all
3402 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3403 log_test $? 0 "Bridge into VRF - IPv6 ping in"
3404
3405 modprobe br_netfilter
3406 if [ $? -eq 0 ]; then
3407 run_cmd ip neigh flush all
3408 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3409 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3410
3411 run_cmd ip neigh flush all
3412 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3413 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3414
3415 run_cmd ip neigh flush all
3416 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3417 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3418
3419 run_cmd ip neigh flush all
3420 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3421 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3422 fi
3423
3424 setup_cmd ip li set br0 nomaster
3425 setup_cmd ip li add br0.100 link br0 type vlan id 100
3426 setup_cmd ip li set br0.100 vrf ${VRF} up
3427 setup_cmd ip addr add dev br0.100 172.16.101.1/24
3428 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
3429
3430 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100
3431 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24
3432 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
3433 setup_cmd_nsb ip li set vlan100 up
3434 sleep 1
3435
3436 rmmod br_netfilter 2>/dev/null
3437
3438 run_cmd ip neigh flush all
3439 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3440 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
3441
3442 run_cmd ip neigh flush all
3443 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3444 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
3445
3446 run_cmd ip neigh flush all
3447 run_cmd_nsb ping -c1 -w1 172.16.101.1
3448 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3449
3450 run_cmd ip neigh flush all
3451 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3452 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3453
3454 modprobe br_netfilter
3455 if [ $? -eq 0 ]; then
3456 run_cmd ip neigh flush all
3457 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3458 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3459
3460 run_cmd ip neigh flush all
3461 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3462 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3463
3464 run_cmd ip neigh flush all
3465 run_cmd_nsb ping -c1 -w1 172.16.101.1
3466 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3467
3468 run_cmd ip neigh flush all
3469 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3470 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3471 fi
3472
3473 setup_cmd ip li del br0 2>/dev/null
3474 setup_cmd_nsb ip li del vlan100 2>/dev/null
3475 }
3476
3477 use_cases()
3478 {
3479 log_section "Use cases"
3480 use_case_br
3481 }
3482
3483 ################################################################################
3484 # usage
3485
3486 usage()
3487 {
3488 cat <<EOF
3489 usage: ${0##*/} OPTS
3490
3491 -4 IPv4 tests only
3492 -6 IPv6 tests only
3493 -t <test> Test name/set to run
3494 -p Pause on fail
3495 -P Pause after each test
3496 -v Be verbose
3497 EOF
3498 }
3499
3500 ################################################################################
3501 # main
3502
3503 TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter"
3504 TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter"
3505 TESTS_OTHER="use_cases"
3506
3507 PAUSE_ON_FAIL=no
3508 PAUSE=no
3509
3510 while getopts :46t:pPvh o
3511 do
3512 case $o in
3513 4) TESTS=ipv4;;
3514 6) TESTS=ipv6;;
3515 t) TESTS=$OPTARG;;
3516 p) PAUSE_ON_FAIL=yes;;
3517 P) PAUSE=yes;;
3518 v) VERBOSE=1;;
3519 h) usage; exit 0;;
3520 *) usage; exit 1;;
3521 esac
3522 done
3523
3524 # make sure we don't pause twice
3525 [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
3526
3527 #
3528 # show user test config
3529 #
3530 if [ -z "$TESTS" ]; then
3531 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
3532 elif [ "$TESTS" = "ipv4" ]; then
3533 TESTS="$TESTS_IPV4"
3534 elif [ "$TESTS" = "ipv6" ]; then
3535 TESTS="$TESTS_IPV6"
3536 fi
3537
3538 which nettest >/dev/null
3539 if [ $? -ne 0 ]; then
3540 echo "'nettest' command not found; skipping tests"
3541 exit 0
3542 fi
3543
3544 declare -i nfail=0
3545 declare -i nsuccess=0
3546
3547 for t in $TESTS
3548 do
3549 case $t in
3550 ipv4_ping|ping) ipv4_ping;;
3551 ipv4_tcp|tcp) ipv4_tcp;;
3552 ipv4_udp|udp) ipv4_udp;;
3553 ipv4_bind|bind) ipv4_addr_bind;;
3554 ipv4_runtime) ipv4_runtime;;
3555 ipv4_netfilter) ipv4_netfilter;;
3556
3557 ipv6_ping|ping6) ipv6_ping;;
3558 ipv6_tcp|tcp6) ipv6_tcp;;
3559 ipv6_udp|udp6) ipv6_udp;;
3560 ipv6_bind|bind6) ipv6_addr_bind;;
3561 ipv6_runtime) ipv6_runtime;;
3562 ipv6_netfilter) ipv6_netfilter;;
3563
3564 use_cases) use_cases;;
3565
3566 # setup namespaces and config, but do not run any tests
3567 setup) setup; exit 0;;
3568 vrf_setup) setup "yes"; exit 0;;
3569
3570 help) echo "Test names: $TESTS"; exit 0;;
3571 esac
3572 done
3573
3574 cleanup 2>/dev/null
3575
3576 printf "\nTests passed: %3d\n" ${nsuccess}
3577 printf "Tests failed: %3d\n" ${nfail}
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git