]> git.proxmox.com Git - mirror_ubuntu-kernels.git/blob - tools/testing/selftests/net/fcnal-test.sh
projects / mirror_ubuntu-kernels.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
blk-mq-debugfs: Show active requests per queue for shared tags
[mirror_ubuntu-kernels.git] / tools / testing / selftests / net / fcnal-test.sh
1 #!/bin/bash
2 # SPDX-License-Identifier: GPL-2.0
3 #
4 # Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5 #
6 # IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7 # for various permutations:
8 # 1. icmp, tcp, udp and netfilter
9 # 2. client, server, no-server
10 # 3. global address on interface
11 # 4. global address on 'lo'
12 # 5. remote and local traffic
13 # 6. VRF and non-VRF permutations
14 #
15 # Setup:
16 # ns-A | ns-B
17 # No VRF case:
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
19 # remote address
20 # VRF case:
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
22 #
23 # ns-A:
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
29 #
30 # ns-B:
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
33 # 172.16.2.2/32, 2001:db8:2::2/128
34 #
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
37 #
38 # server / client nomenclature relative to ns-A
39
40 # Kselftest framework requirement - SKIP code is 4.
41 ksft_skip=4
42
43 VERBOSE=0
44
45 NSA_DEV=eth1
46 NSA_DEV2=eth2
47 NSB_DEV=eth1
48 NSC_DEV=eth2
49 VRF=red
50 VRF_TABLE=1101
51
52 # IPv4 config
53 NSA_IP=172.16.1.1
54 NSB_IP=172.16.1.2
55 VRF_IP=172.16.3.1
56 NS_NET=172.16.1.0/24
57
58 # IPv6 config
59 NSA_IP6=2001:db8:1::1
60 NSB_IP6=2001:db8:1::2
61 VRF_IP6=2001:db8:3::1
62 NS_NET6=2001:db8:1::/120
63
64 NSA_LO_IP=172.16.2.1
65 NSB_LO_IP=172.16.2.2
66 NSA_LO_IP6=2001:db8:2::1
67 NSB_LO_IP6=2001:db8:2::2
68
69 MD5_PW=abc123
70 MD5_WRONG_PW=abc1234
71
72 MCAST=ff02::1
73 # set after namespace create
74 NSA_LINKIP6=
75 NSB_LINKIP6=
76
77 NSA=ns-A
78 NSB=ns-B
79 NSC=ns-C
80
81 NSA_CMD="ip netns exec ${NSA}"
82 NSB_CMD="ip netns exec ${NSB}"
83 NSC_CMD="ip netns exec ${NSC}"
84
85 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
86
87 ################################################################################
88 # utilities
89
90 log_test()
91 {
92 local rc=$1
93 local expected=$2
94 local msg="$3"
95
96 [ "${VERBOSE}" = "1" ] && echo
97
98 if [ ${rc} -eq ${expected} ]; then
99 nsuccess=$((nsuccess+1))
100 printf "TEST: %-70s [ OK ]\n" "${msg}"
101 else
102 nfail=$((nfail+1))
103 printf "TEST: %-70s [FAIL]\n" "${msg}"
104 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
105 echo
106 echo "hit enter to continue, 'q' to quit"
107 read a
108 [ "$a" = "q" ] && exit 1
109 fi
110 fi
111
112 if [ "${PAUSE}" = "yes" ]; then
113 echo
114 echo "hit enter to continue, 'q' to quit"
115 read a
116 [ "$a" = "q" ] && exit 1
117 fi
118
119 kill_procs
120 }
121
122 log_test_addr()
123 {
124 local addr=$1
125 local rc=$2
126 local expected=$3
127 local msg="$4"
128 local astr
129
130 astr=$(addr2str ${addr})
131 log_test $rc $expected "$msg - ${astr}"
132 }
133
134 log_section()
135 {
136 echo
137 echo "###########################################################################"
138 echo "$*"
139 echo "###########################################################################"
140 echo
141 }
142
143 log_subsection()
144 {
145 echo
146 echo "#################################################################"
147 echo "$*"
148 echo
149 }
150
151 log_start()
152 {
153 # make sure we have no test instances running
154 kill_procs
155
156 if [ "${VERBOSE}" = "1" ]; then
157 echo
158 echo "#######################################################"
159 fi
160 }
161
162 log_debug()
163 {
164 if [ "${VERBOSE}" = "1" ]; then
165 echo
166 echo "$*"
167 echo
168 fi
169 }
170
171 show_hint()
172 {
173 if [ "${VERBOSE}" = "1" ]; then
174 echo "HINT: $*"
175 echo
176 fi
177 }
178
179 kill_procs()
180 {
181 killall nettest ping ping6 >/dev/null 2>&1
182 sleep 1
183 }
184
185 do_run_cmd()
186 {
187 local cmd="$*"
188 local out
189
190 if [ "$VERBOSE" = "1" ]; then
191 echo "COMMAND: ${cmd}"
192 fi
193
194 out=$($cmd 2>&1)
195 rc=$?
196 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
197 echo "$out"
198 fi
199
200 return $rc
201 }
202
203 run_cmd()
204 {
205 do_run_cmd ${NSA_CMD} $*
206 }
207
208 run_cmd_nsb()
209 {
210 do_run_cmd ${NSB_CMD} $*
211 }
212
213 run_cmd_nsc()
214 {
215 do_run_cmd ${NSC_CMD} $*
216 }
217
218 setup_cmd()
219 {
220 local cmd="$*"
221 local rc
222
223 run_cmd ${cmd}
224 rc=$?
225 if [ $rc -ne 0 ]; then
226 # show user the command if not done so already
227 if [ "$VERBOSE" = "0" ]; then
228 echo "setup command: $cmd"
229 fi
230 echo "failed. stopping tests"
231 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
232 echo
233 echo "hit enter to continue"
234 read a
235 fi
236 exit $rc
237 fi
238 }
239
240 setup_cmd_nsb()
241 {
242 local cmd="$*"
243 local rc
244
245 run_cmd_nsb ${cmd}
246 rc=$?
247 if [ $rc -ne 0 ]; then
248 # show user the command if not done so already
249 if [ "$VERBOSE" = "0" ]; then
250 echo "setup command: $cmd"
251 fi
252 echo "failed. stopping tests"
253 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
254 echo
255 echo "hit enter to continue"
256 read a
257 fi
258 exit $rc
259 fi
260 }
261
262 setup_cmd_nsc()
263 {
264 local cmd="$*"
265 local rc
266
267 run_cmd_nsc ${cmd}
268 rc=$?
269 if [ $rc -ne 0 ]; then
270 # show user the command if not done so already
271 if [ "$VERBOSE" = "0" ]; then
272 echo "setup command: $cmd"
273 fi
274 echo "failed. stopping tests"
275 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
276 echo
277 echo "hit enter to continue"
278 read a
279 fi
280 exit $rc
281 fi
282 }
283
284 # set sysctl values in NS-A
285 set_sysctl()
286 {
287 echo "SYSCTL: $*"
288 echo
289 run_cmd sysctl -q -w $*
290 }
291
292 ################################################################################
293 # Setup for tests
294
295 addr2str()
296 {
297 case "$1" in
298 127.0.0.1) echo "loopback";;
299 ::1) echo "IPv6 loopback";;
300
301 ${NSA_IP}) echo "ns-A IP";;
302 ${NSA_IP6}) echo "ns-A IPv6";;
303 ${NSA_LO_IP}) echo "ns-A loopback IP";;
304 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
305 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
306
307 ${NSB_IP}) echo "ns-B IP";;
308 ${NSB_IP6}) echo "ns-B IPv6";;
309 ${NSB_LO_IP}) echo "ns-B loopback IP";;
310 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
311 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
312
313 ${VRF_IP}) echo "VRF IP";;
314 ${VRF_IP6}) echo "VRF IPv6";;
315
316 ${MCAST}%*) echo "multicast IP";;
317
318 *) echo "unknown";;
319 esac
320 }
321
322 get_linklocal()
323 {
324 local ns=$1
325 local dev=$2
326 local addr
327
328 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
329 awk '{
330 for (i = 3; i <= NF; ++i) {
331 if ($i ~ /^fe80/)
332 print $i
333 }
334 }'
335 )
336 addr=${addr/\/*}
337
338 [ -z "$addr" ] && return 1
339
340 echo $addr
341
342 return 0
343 }
344
345 ################################################################################
346 # create namespaces and vrf
347
348 create_vrf()
349 {
350 local ns=$1
351 local vrf=$2
352 local table=$3
353 local addr=$4
354 local addr6=$5
355
356 ip -netns ${ns} link add ${vrf} type vrf table ${table}
357 ip -netns ${ns} link set ${vrf} up
358 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
359 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
360
361 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
362 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
363 if [ "${addr}" != "-" ]; then
364 ip -netns ${ns} addr add dev ${vrf} ${addr}
365 fi
366 if [ "${addr6}" != "-" ]; then
367 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
368 fi
369
370 ip -netns ${ns} ru del pref 0
371 ip -netns ${ns} ru add pref 32765 from all lookup local
372 ip -netns ${ns} -6 ru del pref 0
373 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
374 }
375
376 create_ns()
377 {
378 local ns=$1
379 local addr=$2
380 local addr6=$3
381
382 ip netns add ${ns}
383
384 ip -netns ${ns} link set lo up
385 if [ "${addr}" != "-" ]; then
386 ip -netns ${ns} addr add dev lo ${addr}
387 fi
388 if [ "${addr6}" != "-" ]; then
389 ip -netns ${ns} -6 addr add dev lo ${addr6}
390 fi
391
392 ip -netns ${ns} ro add unreachable default metric 8192
393 ip -netns ${ns} -6 ro add unreachable default metric 8192
394
395 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
396 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
397 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
398 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
399 }
400
401 # create veth pair to connect namespaces and apply addresses.
402 connect_ns()
403 {
404 local ns1=$1
405 local ns1_dev=$2
406 local ns1_addr=$3
407 local ns1_addr6=$4
408 local ns2=$5
409 local ns2_dev=$6
410 local ns2_addr=$7
411 local ns2_addr6=$8
412
413 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
414 ip -netns ${ns1} li set ${ns1_dev} up
415 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
416 ip -netns ${ns2} li set ${ns2_dev} up
417
418 if [ "${ns1_addr}" != "-" ]; then
419 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
420 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
421 fi
422
423 if [ "${ns1_addr6}" != "-" ]; then
424 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
425 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
426 fi
427 }
428
429 cleanup()
430 {
431 # explicit cleanups to check those code paths
432 ip netns | grep -q ${NSA}
433 if [ $? -eq 0 ]; then
434 ip -netns ${NSA} link delete ${VRF}
435 ip -netns ${NSA} ro flush table ${VRF_TABLE}
436
437 ip -netns ${NSA} addr flush dev ${NSA_DEV}
438 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
439 ip -netns ${NSA} link set dev ${NSA_DEV} down
440 ip -netns ${NSA} link del dev ${NSA_DEV}
441
442 ip netns del ${NSA}
443 fi
444
445 ip netns del ${NSB}
446 ip netns del ${NSC} >/dev/null 2>&1
447 }
448
449 setup()
450 {
451 local with_vrf=${1}
452
453 # make sure we are starting with a clean slate
454 kill_procs
455 cleanup 2>/dev/null
456
457 log_debug "Configuring network namespaces"
458 set -e
459
460 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
461 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
462 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
463 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
464
465 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
466 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
467
468 # tell ns-A how to get to remote addresses of ns-B
469 if [ "${with_vrf}" = "yes" ]; then
470 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
471
472 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
473 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
474 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
475
476 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
477 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
478
479 # some VRF tests use ns-C which has the same config as
480 # ns-B but for a device NOT in the VRF
481 create_ns ${NSC} "-" "-"
482 connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
483 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
484 else
485 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
486 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
487 fi
488
489
490 # tell ns-B how to get to remote addresses of ns-A
491 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
492 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
493
494 set +e
495
496 sleep 1
497 }
498
499 setup_lla_only()
500 {
501 # make sure we are starting with a clean slate
502 kill_procs
503 cleanup 2>/dev/null
504
505 log_debug "Configuring network namespaces"
506 set -e
507
508 create_ns ${NSA} "-" "-"
509 create_ns ${NSB} "-" "-"
510 create_ns ${NSC} "-" "-"
511 connect_ns ${NSA} ${NSA_DEV} "-" "-" \
512 ${NSB} ${NSB_DEV} "-" "-"
513 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
514 ${NSC} ${NSC_DEV} "-" "-"
515
516 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
517 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
518 NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV})
519
520 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
521 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
522 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
523
524 set +e
525
526 sleep 1
527 }
528
529 ################################################################################
530 # IPv4
531
532 ipv4_ping_novrf()
533 {
534 local a
535
536 #
537 # out
538 #
539 for a in ${NSB_IP} ${NSB_LO_IP}
540 do
541 log_start
542 run_cmd ping -c1 -w1 ${a}
543 log_test_addr ${a} $? 0 "ping out"
544
545 log_start
546 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
547 log_test_addr ${a} $? 0 "ping out, device bind"
548
549 log_start
550 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
551 log_test_addr ${a} $? 0 "ping out, address bind"
552 done
553
554 #
555 # in
556 #
557 for a in ${NSA_IP} ${NSA_LO_IP}
558 do
559 log_start
560 run_cmd_nsb ping -c1 -w1 ${a}
561 log_test_addr ${a} $? 0 "ping in"
562 done
563
564 #
565 # local traffic
566 #
567 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
568 do
569 log_start
570 run_cmd ping -c1 -w1 ${a}
571 log_test_addr ${a} $? 0 "ping local"
572 done
573
574 #
575 # local traffic, socket bound to device
576 #
577 # address on device
578 a=${NSA_IP}
579 log_start
580 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
581 log_test_addr ${a} $? 0 "ping local, device bind"
582
583 # loopback addresses not reachable from device bind
584 # fails in a really weird way though because ipv4 special cases
585 # route lookups with oif set.
586 for a in ${NSA_LO_IP} 127.0.0.1
587 do
588 log_start
589 show_hint "Fails since address on loopback device is out of device scope"
590 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
591 log_test_addr ${a} $? 1 "ping local, device bind"
592 done
593
594 #
595 # ip rule blocks reachability to remote address
596 #
597 log_start
598 setup_cmd ip rule add pref 32765 from all lookup local
599 setup_cmd ip rule del pref 0 from all lookup local
600 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
601 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
602
603 a=${NSB_LO_IP}
604 run_cmd ping -c1 -w1 ${a}
605 log_test_addr ${a} $? 2 "ping out, blocked by rule"
606
607 # NOTE: ipv4 actually allows the lookup to fail and yet still create
608 # a viable rtable if the oif (e.g., bind to device) is set, so this
609 # case succeeds despite the rule
610 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
611
612 a=${NSA_LO_IP}
613 log_start
614 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
615 run_cmd_nsb ping -c1 -w1 ${a}
616 log_test_addr ${a} $? 1 "ping in, blocked by rule"
617
618 [ "$VERBOSE" = "1" ] && echo
619 setup_cmd ip rule del pref 32765 from all lookup local
620 setup_cmd ip rule add pref 0 from all lookup local
621 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
622 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
623
624 #
625 # route blocks reachability to remote address
626 #
627 log_start
628 setup_cmd ip route replace unreachable ${NSB_LO_IP}
629 setup_cmd ip route replace unreachable ${NSB_IP}
630
631 a=${NSB_LO_IP}
632 run_cmd ping -c1 -w1 ${a}
633 log_test_addr ${a} $? 2 "ping out, blocked by route"
634
635 # NOTE: ipv4 actually allows the lookup to fail and yet still create
636 # a viable rtable if the oif (e.g., bind to device) is set, so this
637 # case succeeds despite not having a route for the address
638 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
639
640 a=${NSA_LO_IP}
641 log_start
642 show_hint "Response is dropped (or arp request is ignored) due to ip route"
643 run_cmd_nsb ping -c1 -w1 ${a}
644 log_test_addr ${a} $? 1 "ping in, blocked by route"
645
646 #
647 # remove 'remote' routes; fallback to default
648 #
649 log_start
650 setup_cmd ip ro del ${NSB_LO_IP}
651
652 a=${NSB_LO_IP}
653 run_cmd ping -c1 -w1 ${a}
654 log_test_addr ${a} $? 2 "ping out, unreachable default route"
655
656 # NOTE: ipv4 actually allows the lookup to fail and yet still create
657 # a viable rtable if the oif (e.g., bind to device) is set, so this
658 # case succeeds despite not having a route for the address
659 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
660 }
661
662 ipv4_ping_vrf()
663 {
664 local a
665
666 # should default on; does not exist on older kernels
667 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
668
669 #
670 # out
671 #
672 for a in ${NSB_IP} ${NSB_LO_IP}
673 do
674 log_start
675 run_cmd ping -c1 -w1 -I ${VRF} ${a}
676 log_test_addr ${a} $? 0 "ping out, VRF bind"
677
678 log_start
679 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
680 log_test_addr ${a} $? 0 "ping out, device bind"
681
682 log_start
683 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
684 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
685
686 log_start
687 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
688 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
689 done
690
691 #
692 # in
693 #
694 for a in ${NSA_IP} ${VRF_IP}
695 do
696 log_start
697 run_cmd_nsb ping -c1 -w1 ${a}
698 log_test_addr ${a} $? 0 "ping in"
699 done
700
701 #
702 # local traffic, local address
703 #
704 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
705 do
706 log_start
707 show_hint "Source address should be ${a}"
708 run_cmd ping -c1 -w1 -I ${VRF} ${a}
709 log_test_addr ${a} $? 0 "ping local, VRF bind"
710 done
711
712 #
713 # local traffic, socket bound to device
714 #
715 # address on device
716 a=${NSA_IP}
717 log_start
718 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
719 log_test_addr ${a} $? 0 "ping local, device bind"
720
721 # vrf device is out of scope
722 for a in ${VRF_IP} 127.0.0.1
723 do
724 log_start
725 show_hint "Fails since address on vrf device is out of device scope"
726 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
727 log_test_addr ${a} $? 1 "ping local, device bind"
728 done
729
730 #
731 # ip rule blocks address
732 #
733 log_start
734 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
735 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
736
737 a=${NSB_LO_IP}
738 run_cmd ping -c1 -w1 -I ${VRF} ${a}
739 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
740
741 log_start
742 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
743 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
744
745 a=${NSA_LO_IP}
746 log_start
747 show_hint "Response lost due to ip rule"
748 run_cmd_nsb ping -c1 -w1 ${a}
749 log_test_addr ${a} $? 1 "ping in, blocked by rule"
750
751 [ "$VERBOSE" = "1" ] && echo
752 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
753 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
754
755 #
756 # remove 'remote' routes; fallback to default
757 #
758 log_start
759 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
760
761 a=${NSB_LO_IP}
762 run_cmd ping -c1 -w1 -I ${VRF} ${a}
763 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
764
765 log_start
766 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
767 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
768
769 a=${NSA_LO_IP}
770 log_start
771 show_hint "Response lost by unreachable route"
772 run_cmd_nsb ping -c1 -w1 ${a}
773 log_test_addr ${a} $? 1 "ping in, unreachable route"
774 }
775
776 ipv4_ping()
777 {
778 log_section "IPv4 ping"
779
780 log_subsection "No VRF"
781 setup
782 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
783 ipv4_ping_novrf
784 setup
785 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
786 ipv4_ping_novrf
787
788 log_subsection "With VRF"
789 setup "yes"
790 ipv4_ping_vrf
791 }
792
793 ################################################################################
794 # IPv4 TCP
795
796 #
797 # MD5 tests without VRF
798 #
799 ipv4_tcp_md5_novrf()
800 {
801 #
802 # single address
803 #
804
805 # basic use case
806 log_start
807 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
808 sleep 1
809 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
810 log_test $? 0 "MD5: Single address config"
811
812 # client sends MD5, server not configured
813 log_start
814 show_hint "Should timeout due to MD5 mismatch"
815 run_cmd nettest -s &
816 sleep 1
817 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
818 log_test $? 2 "MD5: Server no config, client uses password"
819
820 # wrong password
821 log_start
822 show_hint "Should timeout since client uses wrong password"
823 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
824 sleep 1
825 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
826 log_test $? 2 "MD5: Client uses wrong password"
827
828 # client from different address
829 log_start
830 show_hint "Should timeout due to MD5 mismatch"
831 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
832 sleep 1
833 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
834 log_test $? 2 "MD5: Client address does not match address configured with password"
835
836 #
837 # MD5 extension - prefix length
838 #
839
840 # client in prefix
841 log_start
842 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
843 sleep 1
844 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
845 log_test $? 0 "MD5: Prefix config"
846
847 # client in prefix, wrong password
848 log_start
849 show_hint "Should timeout since client uses wrong password"
850 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
851 sleep 1
852 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
853 log_test $? 2 "MD5: Prefix config, client uses wrong password"
854
855 # client outside of prefix
856 log_start
857 show_hint "Should timeout due to MD5 mismatch"
858 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
859 sleep 1
860 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
861 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
862 }
863
864 #
865 # MD5 tests with VRF
866 #
867 ipv4_tcp_md5()
868 {
869 #
870 # single address
871 #
872
873 # basic use case
874 log_start
875 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
876 sleep 1
877 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
878 log_test $? 0 "MD5: VRF: Single address config"
879
880 # client sends MD5, server not configured
881 log_start
882 show_hint "Should timeout since server does not have MD5 auth"
883 run_cmd nettest -s -I ${VRF} &
884 sleep 1
885 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
886 log_test $? 2 "MD5: VRF: Server no config, client uses password"
887
888 # wrong password
889 log_start
890 show_hint "Should timeout since client uses wrong password"
891 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
892 sleep 1
893 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
894 log_test $? 2 "MD5: VRF: Client uses wrong password"
895
896 # client from different address
897 log_start
898 show_hint "Should timeout since server config differs from client"
899 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
900 sleep 1
901 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
902 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
903
904 #
905 # MD5 extension - prefix length
906 #
907
908 # client in prefix
909 log_start
910 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
911 sleep 1
912 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
913 log_test $? 0 "MD5: VRF: Prefix config"
914
915 # client in prefix, wrong password
916 log_start
917 show_hint "Should timeout since client uses wrong password"
918 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
919 sleep 1
920 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
921 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
922
923 # client outside of prefix
924 log_start
925 show_hint "Should timeout since client address is outside of prefix"
926 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
927 sleep 1
928 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
929 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
930
931 #
932 # duplicate config between default VRF and a VRF
933 #
934
935 log_start
936 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
937 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
938 sleep 1
939 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
940 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
941
942 log_start
943 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
944 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
945 sleep 1
946 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
947 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
948
949 log_start
950 show_hint "Should timeout since client in default VRF uses VRF password"
951 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
952 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
953 sleep 1
954 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
955 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
956
957 log_start
958 show_hint "Should timeout since client in VRF uses default VRF password"
959 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
960 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
961 sleep 1
962 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
963 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
964
965 log_start
966 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
967 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
968 sleep 1
969 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
970 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
971
972 log_start
973 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
974 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
975 sleep 1
976 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
977 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
978
979 log_start
980 show_hint "Should timeout since client in default VRF uses VRF password"
981 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
982 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
983 sleep 1
984 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
985 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
986
987 log_start
988 show_hint "Should timeout since client in VRF uses default VRF password"
989 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
990 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
991 sleep 1
992 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
993 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
994
995 #
996 # negative tests
997 #
998 log_start
999 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
1000 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1001
1002 log_start
1003 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
1004 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1005
1006 }
1007
1008 ipv4_tcp_novrf()
1009 {
1010 local a
1011
1012 #
1013 # server tests
1014 #
1015 for a in ${NSA_IP} ${NSA_LO_IP}
1016 do
1017 log_start
1018 run_cmd nettest -s &
1019 sleep 1
1020 run_cmd_nsb nettest -r ${a}
1021 log_test_addr ${a} $? 0 "Global server"
1022 done
1023
1024 a=${NSA_IP}
1025 log_start
1026 run_cmd nettest -s -I ${NSA_DEV} &
1027 sleep 1
1028 run_cmd_nsb nettest -r ${a}
1029 log_test_addr ${a} $? 0 "Device server"
1030
1031 # verify TCP reset sent and received
1032 for a in ${NSA_IP} ${NSA_LO_IP}
1033 do
1034 log_start
1035 show_hint "Should fail 'Connection refused' since there is no server"
1036 run_cmd_nsb nettest -r ${a}
1037 log_test_addr ${a} $? 1 "No server"
1038 done
1039
1040 #
1041 # client
1042 #
1043 for a in ${NSB_IP} ${NSB_LO_IP}
1044 do
1045 log_start
1046 run_cmd_nsb nettest -s &
1047 sleep 1
1048 run_cmd nettest -r ${a} -0 ${NSA_IP}
1049 log_test_addr ${a} $? 0 "Client"
1050
1051 log_start
1052 run_cmd_nsb nettest -s &
1053 sleep 1
1054 run_cmd nettest -r ${a} -d ${NSA_DEV}
1055 log_test_addr ${a} $? 0 "Client, device bind"
1056
1057 log_start
1058 show_hint "Should fail 'Connection refused'"
1059 run_cmd nettest -r ${a}
1060 log_test_addr ${a} $? 1 "No server, unbound client"
1061
1062 log_start
1063 show_hint "Should fail 'Connection refused'"
1064 run_cmd nettest -r ${a} -d ${NSA_DEV}
1065 log_test_addr ${a} $? 1 "No server, device client"
1066 done
1067
1068 #
1069 # local address tests
1070 #
1071 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1072 do
1073 log_start
1074 run_cmd nettest -s &
1075 sleep 1
1076 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1077 log_test_addr ${a} $? 0 "Global server, local connection"
1078 done
1079
1080 a=${NSA_IP}
1081 log_start
1082 run_cmd nettest -s -I ${NSA_DEV} &
1083 sleep 1
1084 run_cmd nettest -r ${a} -0 ${a}
1085 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1086
1087 for a in ${NSA_LO_IP} 127.0.0.1
1088 do
1089 log_start
1090 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
1091 run_cmd nettest -s -I ${NSA_DEV} &
1092 sleep 1
1093 run_cmd nettest -r ${a}
1094 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1095 done
1096
1097 a=${NSA_IP}
1098 log_start
1099 run_cmd nettest -s &
1100 sleep 1
1101 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1102 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1103
1104 for a in ${NSA_LO_IP} 127.0.0.1
1105 do
1106 log_start
1107 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
1108 run_cmd nettest -s &
1109 sleep 1
1110 run_cmd nettest -r ${a} -d ${NSA_DEV}
1111 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1112 done
1113
1114 a=${NSA_IP}
1115 log_start
1116 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1117 sleep 1
1118 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1119 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1120
1121 log_start
1122 show_hint "Should fail 'Connection refused'"
1123 run_cmd nettest -d ${NSA_DEV} -r ${a}
1124 log_test_addr ${a} $? 1 "No server, device client, local conn"
1125
1126 ipv4_tcp_md5_novrf
1127 }
1128
1129 ipv4_tcp_vrf()
1130 {
1131 local a
1132
1133 # disable global server
1134 log_subsection "Global server disabled"
1135
1136 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1137
1138 #
1139 # server tests
1140 #
1141 for a in ${NSA_IP} ${VRF_IP}
1142 do
1143 log_start
1144 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1145 run_cmd nettest -s &
1146 sleep 1
1147 run_cmd_nsb nettest -r ${a}
1148 log_test_addr ${a} $? 1 "Global server"
1149
1150 log_start
1151 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1152 sleep 1
1153 run_cmd_nsb nettest -r ${a}
1154 log_test_addr ${a} $? 0 "VRF server"
1155
1156 log_start
1157 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1158 sleep 1
1159 run_cmd_nsb nettest -r ${a}
1160 log_test_addr ${a} $? 0 "Device server"
1161
1162 # verify TCP reset received
1163 log_start
1164 show_hint "Should fail 'Connection refused' since there is no server"
1165 run_cmd_nsb nettest -r ${a}
1166 log_test_addr ${a} $? 1 "No server"
1167 done
1168
1169 # local address tests
1170 # (${VRF_IP} and 127.0.0.1 both timeout)
1171 a=${NSA_IP}
1172 log_start
1173 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1174 run_cmd nettest -s &
1175 sleep 1
1176 run_cmd nettest -r ${a} -d ${NSA_DEV}
1177 log_test_addr ${a} $? 1 "Global server, local connection"
1178
1179 # run MD5 tests
1180 ipv4_tcp_md5
1181
1182 #
1183 # enable VRF global server
1184 #
1185 log_subsection "VRF Global server enabled"
1186 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1187
1188 for a in ${NSA_IP} ${VRF_IP}
1189 do
1190 log_start
1191 show_hint "client socket should be bound to VRF"
1192 run_cmd nettest -s -3 ${VRF} &
1193 sleep 1
1194 run_cmd_nsb nettest -r ${a}
1195 log_test_addr ${a} $? 0 "Global server"
1196
1197 log_start
1198 show_hint "client socket should be bound to VRF"
1199 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1200 sleep 1
1201 run_cmd_nsb nettest -r ${a}
1202 log_test_addr ${a} $? 0 "VRF server"
1203
1204 # verify TCP reset received
1205 log_start
1206 show_hint "Should fail 'Connection refused'"
1207 run_cmd_nsb nettest -r ${a}
1208 log_test_addr ${a} $? 1 "No server"
1209 done
1210
1211 a=${NSA_IP}
1212 log_start
1213 show_hint "client socket should be bound to device"
1214 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1215 sleep 1
1216 run_cmd_nsb nettest -r ${a}
1217 log_test_addr ${a} $? 0 "Device server"
1218
1219 # local address tests
1220 for a in ${NSA_IP} ${VRF_IP}
1221 do
1222 log_start
1223 show_hint "Should fail 'Connection refused' since client is not bound to VRF"
1224 run_cmd nettest -s -I ${VRF} &
1225 sleep 1
1226 run_cmd nettest -r ${a}
1227 log_test_addr ${a} $? 1 "Global server, local connection"
1228 done
1229
1230 #
1231 # client
1232 #
1233 for a in ${NSB_IP} ${NSB_LO_IP}
1234 do
1235 log_start
1236 run_cmd_nsb nettest -s &
1237 sleep 1
1238 run_cmd nettest -r ${a} -d ${VRF}
1239 log_test_addr ${a} $? 0 "Client, VRF bind"
1240
1241 log_start
1242 run_cmd_nsb nettest -s &
1243 sleep 1
1244 run_cmd nettest -r ${a} -d ${NSA_DEV}
1245 log_test_addr ${a} $? 0 "Client, device bind"
1246
1247 log_start
1248 show_hint "Should fail 'Connection refused'"
1249 run_cmd nettest -r ${a} -d ${VRF}
1250 log_test_addr ${a} $? 1 "No server, VRF client"
1251
1252 log_start
1253 show_hint "Should fail 'Connection refused'"
1254 run_cmd nettest -r ${a} -d ${NSA_DEV}
1255 log_test_addr ${a} $? 1 "No server, device client"
1256 done
1257
1258 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1259 do
1260 log_start
1261 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1262 sleep 1
1263 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1264 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1265 done
1266
1267 a=${NSA_IP}
1268 log_start
1269 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1270 sleep 1
1271 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1272 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1273
1274 log_start
1275 show_hint "Should fail 'No route to host' since client is out of VRF scope"
1276 run_cmd nettest -s -I ${VRF} &
1277 sleep 1
1278 run_cmd nettest -r ${a}
1279 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1280
1281 log_start
1282 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1283 sleep 1
1284 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1285 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1286
1287 log_start
1288 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1289 sleep 1
1290 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1291 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1292 }
1293
1294 ipv4_tcp()
1295 {
1296 log_section "IPv4/TCP"
1297 log_subsection "No VRF"
1298 setup
1299
1300 # tcp_l3mdev_accept should have no affect without VRF;
1301 # run tests with it enabled and disabled to verify
1302 log_subsection "tcp_l3mdev_accept disabled"
1303 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1304 ipv4_tcp_novrf
1305 log_subsection "tcp_l3mdev_accept enabled"
1306 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1307 ipv4_tcp_novrf
1308
1309 log_subsection "With VRF"
1310 setup "yes"
1311 ipv4_tcp_vrf
1312 }
1313
1314 ################################################################################
1315 # IPv4 UDP
1316
1317 ipv4_udp_novrf()
1318 {
1319 local a
1320
1321 #
1322 # server tests
1323 #
1324 for a in ${NSA_IP} ${NSA_LO_IP}
1325 do
1326 log_start
1327 run_cmd nettest -D -s -3 ${NSA_DEV} &
1328 sleep 1
1329 run_cmd_nsb nettest -D -r ${a}
1330 log_test_addr ${a} $? 0 "Global server"
1331
1332 log_start
1333 show_hint "Should fail 'Connection refused' since there is no server"
1334 run_cmd_nsb nettest -D -r ${a}
1335 log_test_addr ${a} $? 1 "No server"
1336 done
1337
1338 a=${NSA_IP}
1339 log_start
1340 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1341 sleep 1
1342 run_cmd_nsb nettest -D -r ${a}
1343 log_test_addr ${a} $? 0 "Device server"
1344
1345 #
1346 # client
1347 #
1348 for a in ${NSB_IP} ${NSB_LO_IP}
1349 do
1350 log_start
1351 run_cmd_nsb nettest -D -s &
1352 sleep 1
1353 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1354 log_test_addr ${a} $? 0 "Client"
1355
1356 log_start
1357 run_cmd_nsb nettest -D -s &
1358 sleep 1
1359 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1360 log_test_addr ${a} $? 0 "Client, device bind"
1361
1362 log_start
1363 run_cmd_nsb nettest -D -s &
1364 sleep 1
1365 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1366 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1367
1368 log_start
1369 run_cmd_nsb nettest -D -s &
1370 sleep 1
1371 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1372 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1373
1374 log_start
1375 show_hint "Should fail 'Connection refused'"
1376 run_cmd nettest -D -r ${a}
1377 log_test_addr ${a} $? 1 "No server, unbound client"
1378
1379 log_start
1380 show_hint "Should fail 'Connection refused'"
1381 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1382 log_test_addr ${a} $? 1 "No server, device client"
1383 done
1384
1385 #
1386 # local address tests
1387 #
1388 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1389 do
1390 log_start
1391 run_cmd nettest -D -s &
1392 sleep 1
1393 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1394 log_test_addr ${a} $? 0 "Global server, local connection"
1395 done
1396
1397 a=${NSA_IP}
1398 log_start
1399 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1400 sleep 1
1401 run_cmd nettest -D -r ${a}
1402 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1403
1404 for a in ${NSA_LO_IP} 127.0.0.1
1405 do
1406 log_start
1407 show_hint "Should fail 'Connection refused' since address is out of device scope"
1408 run_cmd nettest -s -D -I ${NSA_DEV} &
1409 sleep 1
1410 run_cmd nettest -D -r ${a}
1411 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1412 done
1413
1414 a=${NSA_IP}
1415 log_start
1416 run_cmd nettest -s -D &
1417 sleep 1
1418 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1419 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1420
1421 log_start
1422 run_cmd nettest -s -D &
1423 sleep 1
1424 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1425 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1426
1427 log_start
1428 run_cmd nettest -s -D &
1429 sleep 1
1430 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1431 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1432
1433 # IPv4 with device bind has really weird behavior - it overrides the
1434 # fib lookup, generates an rtable and tries to send the packet. This
1435 # causes failures for local traffic at different places
1436 for a in ${NSA_LO_IP} 127.0.0.1
1437 do
1438 log_start
1439 show_hint "Should fail since addresses on loopback are out of device scope"
1440 run_cmd nettest -D -s &
1441 sleep 1
1442 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1443 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1444
1445 log_start
1446 show_hint "Should fail since addresses on loopback are out of device scope"
1447 run_cmd nettest -D -s &
1448 sleep 1
1449 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1450 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1451
1452 log_start
1453 show_hint "Should fail since addresses on loopback are out of device scope"
1454 run_cmd nettest -D -s &
1455 sleep 1
1456 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1457 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1458 done
1459
1460 a=${NSA_IP}
1461 log_start
1462 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1463 sleep 1
1464 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1465 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1466
1467 log_start
1468 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1469 log_test_addr ${a} $? 2 "No server, device client, local conn"
1470 }
1471
1472 ipv4_udp_vrf()
1473 {
1474 local a
1475
1476 # disable global server
1477 log_subsection "Global server disabled"
1478 set_sysctl net.ipv4.udp_l3mdev_accept=0
1479
1480 #
1481 # server tests
1482 #
1483 for a in ${NSA_IP} ${VRF_IP}
1484 do
1485 log_start
1486 show_hint "Fails because ingress is in a VRF and global server is disabled"
1487 run_cmd nettest -D -s &
1488 sleep 1
1489 run_cmd_nsb nettest -D -r ${a}
1490 log_test_addr ${a} $? 1 "Global server"
1491
1492 log_start
1493 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1494 sleep 1
1495 run_cmd_nsb nettest -D -r ${a}
1496 log_test_addr ${a} $? 0 "VRF server"
1497
1498 log_start
1499 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1500 sleep 1
1501 run_cmd_nsb nettest -D -r ${a}
1502 log_test_addr ${a} $? 0 "Enslaved device server"
1503
1504 log_start
1505 show_hint "Should fail 'Connection refused' since there is no server"
1506 run_cmd_nsb nettest -D -r ${a}
1507 log_test_addr ${a} $? 1 "No server"
1508
1509 log_start
1510 show_hint "Should fail 'Connection refused' since global server is out of scope"
1511 run_cmd nettest -D -s &
1512 sleep 1
1513 run_cmd nettest -D -d ${VRF} -r ${a}
1514 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1515 done
1516
1517 a=${NSA_IP}
1518 log_start
1519 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1520 sleep 1
1521 run_cmd nettest -D -d ${VRF} -r ${a}
1522 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1523
1524 log_start
1525 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1526 sleep 1
1527 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1528 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1529
1530 a=${NSA_IP}
1531 log_start
1532 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1533 sleep 1
1534 run_cmd nettest -D -d ${VRF} -r ${a}
1535 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1536
1537 log_start
1538 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1539 sleep 1
1540 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1541 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1542
1543 # enable global server
1544 log_subsection "Global server enabled"
1545 set_sysctl net.ipv4.udp_l3mdev_accept=1
1546
1547 #
1548 # server tests
1549 #
1550 for a in ${NSA_IP} ${VRF_IP}
1551 do
1552 log_start
1553 run_cmd nettest -D -s -3 ${NSA_DEV} &
1554 sleep 1
1555 run_cmd_nsb nettest -D -r ${a}
1556 log_test_addr ${a} $? 0 "Global server"
1557
1558 log_start
1559 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1560 sleep 1
1561 run_cmd_nsb nettest -D -r ${a}
1562 log_test_addr ${a} $? 0 "VRF server"
1563
1564 log_start
1565 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1566 sleep 1
1567 run_cmd_nsb nettest -D -r ${a}
1568 log_test_addr ${a} $? 0 "Enslaved device server"
1569
1570 log_start
1571 show_hint "Should fail 'Connection refused'"
1572 run_cmd_nsb nettest -D -r ${a}
1573 log_test_addr ${a} $? 1 "No server"
1574 done
1575
1576 #
1577 # client tests
1578 #
1579 log_start
1580 run_cmd_nsb nettest -D -s &
1581 sleep 1
1582 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1583 log_test $? 0 "VRF client"
1584
1585 log_start
1586 run_cmd_nsb nettest -D -s &
1587 sleep 1
1588 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1589 log_test $? 0 "Enslaved device client"
1590
1591 # negative test - should fail
1592 log_start
1593 show_hint "Should fail 'Connection refused'"
1594 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1595 log_test $? 1 "No server, VRF client"
1596
1597 log_start
1598 show_hint "Should fail 'Connection refused'"
1599 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1600 log_test $? 1 "No server, enslaved device client"
1601
1602 #
1603 # local address tests
1604 #
1605 a=${NSA_IP}
1606 log_start
1607 run_cmd nettest -D -s -3 ${NSA_DEV} &
1608 sleep 1
1609 run_cmd nettest -D -d ${VRF} -r ${a}
1610 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1611
1612 log_start
1613 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1614 sleep 1
1615 run_cmd nettest -D -d ${VRF} -r ${a}
1616 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1617
1618 log_start
1619 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1620 sleep 1
1621 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1622 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1623
1624 log_start
1625 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1626 sleep 1
1627 run_cmd nettest -D -d ${VRF} -r ${a}
1628 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1629
1630 log_start
1631 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1632 sleep 1
1633 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1634 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1635
1636 for a in ${VRF_IP} 127.0.0.1
1637 do
1638 log_start
1639 run_cmd nettest -D -s -3 ${VRF} &
1640 sleep 1
1641 run_cmd nettest -D -d ${VRF} -r ${a}
1642 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1643 done
1644
1645 for a in ${VRF_IP} 127.0.0.1
1646 do
1647 log_start
1648 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
1649 sleep 1
1650 run_cmd nettest -D -d ${VRF} -r ${a}
1651 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1652 done
1653
1654 # negative test - should fail
1655 # verifies ECONNREFUSED
1656 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1657 do
1658 log_start
1659 show_hint "Should fail 'Connection refused'"
1660 run_cmd nettest -D -d ${VRF} -r ${a}
1661 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1662 done
1663 }
1664
1665 ipv4_udp()
1666 {
1667 log_section "IPv4/UDP"
1668 log_subsection "No VRF"
1669
1670 setup
1671
1672 # udp_l3mdev_accept should have no affect without VRF;
1673 # run tests with it enabled and disabled to verify
1674 log_subsection "udp_l3mdev_accept disabled"
1675 set_sysctl net.ipv4.udp_l3mdev_accept=0
1676 ipv4_udp_novrf
1677 log_subsection "udp_l3mdev_accept enabled"
1678 set_sysctl net.ipv4.udp_l3mdev_accept=1
1679 ipv4_udp_novrf
1680
1681 log_subsection "With VRF"
1682 setup "yes"
1683 ipv4_udp_vrf
1684 }
1685
1686 ################################################################################
1687 # IPv4 address bind
1688 #
1689 # verifies ability or inability to bind to an address / device
1690
1691 ipv4_addr_bind_novrf()
1692 {
1693 #
1694 # raw socket
1695 #
1696 for a in ${NSA_IP} ${NSA_LO_IP}
1697 do
1698 log_start
1699 run_cmd nettest -s -R -P icmp -l ${a} -b
1700 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1701
1702 log_start
1703 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1704 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1705 done
1706
1707 #
1708 # tcp sockets
1709 #
1710 a=${NSA_IP}
1711 log_start
1712 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1713 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1714
1715 log_start
1716 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1717 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1718
1719 # Sadly, the kernel allows binding a socket to a device and then
1720 # binding to an address not on the device. The only restriction
1721 # is that the address is valid in the L3 domain. So this test
1722 # passes when it really should not
1723 #a=${NSA_LO_IP}
1724 #log_start
1725 #show_hint "Should fail with 'Cannot assign requested address'"
1726 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1727 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1728 }
1729
1730 ipv4_addr_bind_vrf()
1731 {
1732 #
1733 # raw socket
1734 #
1735 for a in ${NSA_IP} ${VRF_IP}
1736 do
1737 log_start
1738 run_cmd nettest -s -R -P icmp -l ${a} -b
1739 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1740
1741 log_start
1742 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1743 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1744 log_start
1745 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1746 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1747 done
1748
1749 a=${NSA_LO_IP}
1750 log_start
1751 show_hint "Address on loopback is out of VRF scope"
1752 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1753 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1754
1755 #
1756 # tcp sockets
1757 #
1758 for a in ${NSA_IP} ${VRF_IP}
1759 do
1760 log_start
1761 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
1762 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1763
1764 log_start
1765 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1766 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1767 done
1768
1769 a=${NSA_LO_IP}
1770 log_start
1771 show_hint "Address on loopback out of scope for VRF"
1772 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
1773 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1774
1775 log_start
1776 show_hint "Address on loopback out of scope for device in VRF"
1777 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1778 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1779 }
1780
1781 ipv4_addr_bind()
1782 {
1783 log_section "IPv4 address binds"
1784
1785 log_subsection "No VRF"
1786 setup
1787 ipv4_addr_bind_novrf
1788
1789 log_subsection "With VRF"
1790 setup "yes"
1791 ipv4_addr_bind_vrf
1792 }
1793
1794 ################################################################################
1795 # IPv4 runtime tests
1796
1797 ipv4_rt()
1798 {
1799 local desc="$1"
1800 local varg="$2"
1801 local with_vrf="yes"
1802 local a
1803
1804 #
1805 # server tests
1806 #
1807 for a in ${NSA_IP} ${VRF_IP}
1808 do
1809 log_start
1810 run_cmd nettest ${varg} -s &
1811 sleep 1
1812 run_cmd_nsb nettest ${varg} -r ${a} &
1813 sleep 3
1814 run_cmd ip link del ${VRF}
1815 sleep 1
1816 log_test_addr ${a} 0 0 "${desc}, global server"
1817
1818 setup ${with_vrf}
1819 done
1820
1821 for a in ${NSA_IP} ${VRF_IP}
1822 do
1823 log_start
1824 run_cmd nettest ${varg} -s -I ${VRF} &
1825 sleep 1
1826 run_cmd_nsb nettest ${varg} -r ${a} &
1827 sleep 3
1828 run_cmd ip link del ${VRF}
1829 sleep 1
1830 log_test_addr ${a} 0 0 "${desc}, VRF server"
1831
1832 setup ${with_vrf}
1833 done
1834
1835 a=${NSA_IP}
1836 log_start
1837 run_cmd nettest ${varg} -s -I ${NSA_DEV} &
1838 sleep 1
1839 run_cmd_nsb nettest ${varg} -r ${a} &
1840 sleep 3
1841 run_cmd ip link del ${VRF}
1842 sleep 1
1843 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1844
1845 setup ${with_vrf}
1846
1847 #
1848 # client test
1849 #
1850 log_start
1851 run_cmd_nsb nettest ${varg} -s &
1852 sleep 1
1853 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
1854 sleep 3
1855 run_cmd ip link del ${VRF}
1856 sleep 1
1857 log_test_addr ${a} 0 0 "${desc}, VRF client"
1858
1859 setup ${with_vrf}
1860
1861 log_start
1862 run_cmd_nsb nettest ${varg} -s &
1863 sleep 1
1864 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1865 sleep 3
1866 run_cmd ip link del ${VRF}
1867 sleep 1
1868 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1869
1870 setup ${with_vrf}
1871
1872 #
1873 # local address tests
1874 #
1875 for a in ${NSA_IP} ${VRF_IP}
1876 do
1877 log_start
1878 run_cmd nettest ${varg} -s &
1879 sleep 1
1880 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1881 sleep 3
1882 run_cmd ip link del ${VRF}
1883 sleep 1
1884 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1885
1886 setup ${with_vrf}
1887 done
1888
1889 for a in ${NSA_IP} ${VRF_IP}
1890 do
1891 log_start
1892 run_cmd nettest ${varg} -I ${VRF} -s &
1893 sleep 1
1894 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1895 sleep 3
1896 run_cmd ip link del ${VRF}
1897 sleep 1
1898 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1899
1900 setup ${with_vrf}
1901 done
1902
1903 a=${NSA_IP}
1904 log_start
1905 run_cmd nettest ${varg} -s &
1906 sleep 1
1907 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1908 sleep 3
1909 run_cmd ip link del ${VRF}
1910 sleep 1
1911 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
1912
1913 setup ${with_vrf}
1914
1915 log_start
1916 run_cmd nettest ${varg} -I ${VRF} -s &
1917 sleep 1
1918 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1919 sleep 3
1920 run_cmd ip link del ${VRF}
1921 sleep 1
1922 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1923
1924 setup ${with_vrf}
1925
1926 log_start
1927 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
1928 sleep 1
1929 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1930 sleep 3
1931 run_cmd ip link del ${VRF}
1932 sleep 1
1933 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
1934 }
1935
1936 ipv4_ping_rt()
1937 {
1938 local with_vrf="yes"
1939 local a
1940
1941 for a in ${NSA_IP} ${VRF_IP}
1942 do
1943 log_start
1944 run_cmd_nsb ping -f ${a} &
1945 sleep 3
1946 run_cmd ip link del ${VRF}
1947 sleep 1
1948 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
1949
1950 setup ${with_vrf}
1951 done
1952
1953 a=${NSB_IP}
1954 log_start
1955 run_cmd ping -f -I ${VRF} ${a} &
1956 sleep 3
1957 run_cmd ip link del ${VRF}
1958 sleep 1
1959 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
1960 }
1961
1962 ipv4_runtime()
1963 {
1964 log_section "Run time tests - ipv4"
1965
1966 setup "yes"
1967 ipv4_ping_rt
1968
1969 setup "yes"
1970 ipv4_rt "TCP active socket" "-n -1"
1971
1972 setup "yes"
1973 ipv4_rt "TCP passive socket" "-i"
1974 }
1975
1976 ################################################################################
1977 # IPv6
1978
1979 ipv6_ping_novrf()
1980 {
1981 local a
1982
1983 # should not have an impact, but make a known state
1984 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
1985
1986 #
1987 # out
1988 #
1989 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1990 do
1991 log_start
1992 run_cmd ${ping6} -c1 -w1 ${a}
1993 log_test_addr ${a} $? 0 "ping out"
1994 done
1995
1996 for a in ${NSB_IP6} ${NSB_LO_IP6}
1997 do
1998 log_start
1999 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2000 log_test_addr ${a} $? 0 "ping out, device bind"
2001
2002 log_start
2003 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2004 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2005 done
2006
2007 #
2008 # in
2009 #
2010 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2011 do
2012 log_start
2013 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2014 log_test_addr ${a} $? 0 "ping in"
2015 done
2016
2017 #
2018 # local traffic, local address
2019 #
2020 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2021 do
2022 log_start
2023 run_cmd ${ping6} -c1 -w1 ${a}
2024 log_test_addr ${a} $? 0 "ping local, no bind"
2025 done
2026
2027 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2028 do
2029 log_start
2030 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2031 log_test_addr ${a} $? 0 "ping local, device bind"
2032 done
2033
2034 for a in ${NSA_LO_IP6} ::1
2035 do
2036 log_start
2037 show_hint "Fails since address on loopback is out of device scope"
2038 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2039 log_test_addr ${a} $? 2 "ping local, device bind"
2040 done
2041
2042 #
2043 # ip rule blocks address
2044 #
2045 log_start
2046 setup_cmd ip -6 rule add pref 32765 from all lookup local
2047 setup_cmd ip -6 rule del pref 0 from all lookup local
2048 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2049 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2050
2051 a=${NSB_LO_IP6}
2052 run_cmd ${ping6} -c1 -w1 ${a}
2053 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2054
2055 log_start
2056 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2057 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2058
2059 a=${NSA_LO_IP6}
2060 log_start
2061 show_hint "Response lost due to ip rule"
2062 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2063 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2064
2065 setup_cmd ip -6 rule add pref 0 from all lookup local
2066 setup_cmd ip -6 rule del pref 32765 from all lookup local
2067 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2068 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2069
2070 #
2071 # route blocks reachability to remote address
2072 #
2073 log_start
2074 setup_cmd ip -6 route del ${NSB_LO_IP6}
2075 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2076 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2077
2078 a=${NSB_LO_IP6}
2079 run_cmd ${ping6} -c1 -w1 ${a}
2080 log_test_addr ${a} $? 2 "ping out, blocked by route"
2081
2082 log_start
2083 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2084 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2085
2086 a=${NSA_LO_IP6}
2087 log_start
2088 show_hint "Response lost due to ip route"
2089 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2090 log_test_addr ${a} $? 1 "ping in, blocked by route"
2091
2092
2093 #
2094 # remove 'remote' routes; fallback to default
2095 #
2096 log_start
2097 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2098 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2099
2100 a=${NSB_LO_IP6}
2101 run_cmd ${ping6} -c1 -w1 ${a}
2102 log_test_addr ${a} $? 2 "ping out, unreachable route"
2103
2104 log_start
2105 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2106 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2107 }
2108
2109 ipv6_ping_vrf()
2110 {
2111 local a
2112
2113 # should default on; does not exist on older kernels
2114 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2115
2116 #
2117 # out
2118 #
2119 for a in ${NSB_IP6} ${NSB_LO_IP6}
2120 do
2121 log_start
2122 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2123 log_test_addr ${a} $? 0 "ping out, VRF bind"
2124 done
2125
2126 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2127 do
2128 log_start
2129 show_hint "Fails since VRF device does not support linklocal or multicast"
2130 run_cmd ${ping6} -c1 -w1 ${a}
2131 log_test_addr ${a} $? 2 "ping out, VRF bind"
2132 done
2133
2134 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2135 do
2136 log_start
2137 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2138 log_test_addr ${a} $? 0 "ping out, device bind"
2139 done
2140
2141 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2142 do
2143 log_start
2144 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2145 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2146 done
2147
2148 #
2149 # in
2150 #
2151 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2152 do
2153 log_start
2154 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2155 log_test_addr ${a} $? 0 "ping in"
2156 done
2157
2158 a=${NSA_LO_IP6}
2159 log_start
2160 show_hint "Fails since loopback address is out of VRF scope"
2161 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2162 log_test_addr ${a} $? 1 "ping in"
2163
2164 #
2165 # local traffic, local address
2166 #
2167 for a in ${NSA_IP6} ${VRF_IP6} ::1
2168 do
2169 log_start
2170 show_hint "Source address should be ${a}"
2171 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2172 log_test_addr ${a} $? 0 "ping local, VRF bind"
2173 done
2174
2175 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2176 do
2177 log_start
2178 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2179 log_test_addr ${a} $? 0 "ping local, device bind"
2180 done
2181
2182 # LLA to GUA - remove ipv6 global addresses from ns-B
2183 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2184 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2185 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2186
2187 for a in ${NSA_IP6} ${VRF_IP6}
2188 do
2189 log_start
2190 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2191 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2192 done
2193
2194 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2195 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2196 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2197
2198 #
2199 # ip rule blocks address
2200 #
2201 log_start
2202 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2203 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2204
2205 a=${NSB_LO_IP6}
2206 run_cmd ${ping6} -c1 -w1 ${a}
2207 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2208
2209 log_start
2210 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2211 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2212
2213 a=${NSA_LO_IP6}
2214 log_start
2215 show_hint "Response lost due to ip rule"
2216 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2217 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2218
2219 log_start
2220 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2221 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2222
2223 #
2224 # remove 'remote' routes; fallback to default
2225 #
2226 log_start
2227 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2228
2229 a=${NSB_LO_IP6}
2230 run_cmd ${ping6} -c1 -w1 ${a}
2231 log_test_addr ${a} $? 2 "ping out, unreachable route"
2232
2233 log_start
2234 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2235 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2236
2237 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2238 a=${NSA_LO_IP6}
2239 log_start
2240 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2241 log_test_addr ${a} $? 2 "ping in, unreachable route"
2242 }
2243
2244 ipv6_ping()
2245 {
2246 log_section "IPv6 ping"
2247
2248 log_subsection "No VRF"
2249 setup
2250 ipv6_ping_novrf
2251
2252 log_subsection "With VRF"
2253 setup "yes"
2254 ipv6_ping_vrf
2255 }
2256
2257 ################################################################################
2258 # IPv6 TCP
2259
2260 #
2261 # MD5 tests without VRF
2262 #
2263 ipv6_tcp_md5_novrf()
2264 {
2265 #
2266 # single address
2267 #
2268
2269 # basic use case
2270 log_start
2271 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2272 sleep 1
2273 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2274 log_test $? 0 "MD5: Single address config"
2275
2276 # client sends MD5, server not configured
2277 log_start
2278 show_hint "Should timeout due to MD5 mismatch"
2279 run_cmd nettest -6 -s &
2280 sleep 1
2281 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2282 log_test $? 2 "MD5: Server no config, client uses password"
2283
2284 # wrong password
2285 log_start
2286 show_hint "Should timeout since client uses wrong password"
2287 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2288 sleep 1
2289 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2290 log_test $? 2 "MD5: Client uses wrong password"
2291
2292 # client from different address
2293 log_start
2294 show_hint "Should timeout due to MD5 mismatch"
2295 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
2296 sleep 1
2297 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2298 log_test $? 2 "MD5: Client address does not match address configured with password"
2299
2300 #
2301 # MD5 extension - prefix length
2302 #
2303
2304 # client in prefix
2305 log_start
2306 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2307 sleep 1
2308 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2309 log_test $? 0 "MD5: Prefix config"
2310
2311 # client in prefix, wrong password
2312 log_start
2313 show_hint "Should timeout since client uses wrong password"
2314 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2315 sleep 1
2316 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2317 log_test $? 2 "MD5: Prefix config, client uses wrong password"
2318
2319 # client outside of prefix
2320 log_start
2321 show_hint "Should timeout due to MD5 mismatch"
2322 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2323 sleep 1
2324 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2325 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
2326 }
2327
2328 #
2329 # MD5 tests with VRF
2330 #
2331 ipv6_tcp_md5()
2332 {
2333 #
2334 # single address
2335 #
2336
2337 # basic use case
2338 log_start
2339 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2340 sleep 1
2341 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2342 log_test $? 0 "MD5: VRF: Single address config"
2343
2344 # client sends MD5, server not configured
2345 log_start
2346 show_hint "Should timeout since server does not have MD5 auth"
2347 run_cmd nettest -6 -s -I ${VRF} &
2348 sleep 1
2349 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2350 log_test $? 2 "MD5: VRF: Server no config, client uses password"
2351
2352 # wrong password
2353 log_start
2354 show_hint "Should timeout since client uses wrong password"
2355 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2356 sleep 1
2357 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2358 log_test $? 2 "MD5: VRF: Client uses wrong password"
2359
2360 # client from different address
2361 log_start
2362 show_hint "Should timeout since server config differs from client"
2363 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
2364 sleep 1
2365 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2366 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
2367
2368 #
2369 # MD5 extension - prefix length
2370 #
2371
2372 # client in prefix
2373 log_start
2374 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2375 sleep 1
2376 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2377 log_test $? 0 "MD5: VRF: Prefix config"
2378
2379 # client in prefix, wrong password
2380 log_start
2381 show_hint "Should timeout since client uses wrong password"
2382 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2383 sleep 1
2384 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2385 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
2386
2387 # client outside of prefix
2388 log_start
2389 show_hint "Should timeout since client address is outside of prefix"
2390 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2391 sleep 1
2392 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2393 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
2394
2395 #
2396 # duplicate config between default VRF and a VRF
2397 #
2398
2399 log_start
2400 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2401 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2402 sleep 1
2403 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2404 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
2405
2406 log_start
2407 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2408 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2409 sleep 1
2410 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2411 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
2412
2413 log_start
2414 show_hint "Should timeout since client in default VRF uses VRF password"
2415 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2416 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2417 sleep 1
2418 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2419 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
2420
2421 log_start
2422 show_hint "Should timeout since client in VRF uses default VRF password"
2423 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2424 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2425 sleep 1
2426 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2427 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
2428
2429 log_start
2430 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2431 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2432 sleep 1
2433 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2434 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
2435
2436 log_start
2437 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2438 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2439 sleep 1
2440 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2441 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
2442
2443 log_start
2444 show_hint "Should timeout since client in default VRF uses VRF password"
2445 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2446 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2447 sleep 1
2448 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2449 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
2450
2451 log_start
2452 show_hint "Should timeout since client in VRF uses default VRF password"
2453 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2454 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2455 sleep 1
2456 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2457 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
2458
2459 #
2460 # negative tests
2461 #
2462 log_start
2463 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
2464 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2465
2466 log_start
2467 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
2468 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2469
2470 }
2471
2472 ipv6_tcp_novrf()
2473 {
2474 local a
2475
2476 #
2477 # server tests
2478 #
2479 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2480 do
2481 log_start
2482 run_cmd nettest -6 -s &
2483 sleep 1
2484 run_cmd_nsb nettest -6 -r ${a}
2485 log_test_addr ${a} $? 0 "Global server"
2486 done
2487
2488 # verify TCP reset received
2489 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2490 do
2491 log_start
2492 show_hint "Should fail 'Connection refused'"
2493 run_cmd_nsb nettest -6 -r ${a}
2494 log_test_addr ${a} $? 1 "No server"
2495 done
2496
2497 #
2498 # client
2499 #
2500 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2501 do
2502 log_start
2503 run_cmd_nsb nettest -6 -s &
2504 sleep 1
2505 run_cmd nettest -6 -r ${a}
2506 log_test_addr ${a} $? 0 "Client"
2507 done
2508
2509 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2510 do
2511 log_start
2512 run_cmd_nsb nettest -6 -s &
2513 sleep 1
2514 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2515 log_test_addr ${a} $? 0 "Client, device bind"
2516 done
2517
2518 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2519 do
2520 log_start
2521 show_hint "Should fail 'Connection refused'"
2522 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2523 log_test_addr ${a} $? 1 "No server, device client"
2524 done
2525
2526 #
2527 # local address tests
2528 #
2529 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2530 do
2531 log_start
2532 run_cmd nettest -6 -s &
2533 sleep 1
2534 run_cmd nettest -6 -r ${a}
2535 log_test_addr ${a} $? 0 "Global server, local connection"
2536 done
2537
2538 a=${NSA_IP6}
2539 log_start
2540 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2541 sleep 1
2542 run_cmd nettest -6 -r ${a} -0 ${a}
2543 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2544
2545 for a in ${NSA_LO_IP6} ::1
2546 do
2547 log_start
2548 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2549 run_cmd nettest -6 -s -I ${NSA_DEV} &
2550 sleep 1
2551 run_cmd nettest -6 -r ${a}
2552 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2553 done
2554
2555 a=${NSA_IP6}
2556 log_start
2557 run_cmd nettest -6 -s &
2558 sleep 1
2559 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2560 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2561
2562 for a in ${NSA_LO_IP6} ::1
2563 do
2564 log_start
2565 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2566 run_cmd nettest -6 -s &
2567 sleep 1
2568 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2569 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2570 done
2571
2572 for a in ${NSA_IP6} ${NSA_LINKIP6}
2573 do
2574 log_start
2575 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2576 sleep 1
2577 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2578 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2579 done
2580
2581 for a in ${NSA_IP6} ${NSA_LINKIP6}
2582 do
2583 log_start
2584 show_hint "Should fail 'Connection refused'"
2585 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2586 log_test_addr ${a} $? 1 "No server, device client, local conn"
2587 done
2588
2589 ipv6_tcp_md5_novrf
2590 }
2591
2592 ipv6_tcp_vrf()
2593 {
2594 local a
2595
2596 # disable global server
2597 log_subsection "Global server disabled"
2598
2599 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2600
2601 #
2602 # server tests
2603 #
2604 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2605 do
2606 log_start
2607 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2608 run_cmd nettest -6 -s &
2609 sleep 1
2610 run_cmd_nsb nettest -6 -r ${a}
2611 log_test_addr ${a} $? 1 "Global server"
2612 done
2613
2614 for a in ${NSA_IP6} ${VRF_IP6}
2615 do
2616 log_start
2617 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2618 sleep 1
2619 run_cmd_nsb nettest -6 -r ${a}
2620 log_test_addr ${a} $? 0 "VRF server"
2621 done
2622
2623 # link local is always bound to ingress device
2624 a=${NSA_LINKIP6}%${NSB_DEV}
2625 log_start
2626 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2627 sleep 1
2628 run_cmd_nsb nettest -6 -r ${a}
2629 log_test_addr ${a} $? 0 "VRF server"
2630
2631 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2632 do
2633 log_start
2634 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2635 sleep 1
2636 run_cmd_nsb nettest -6 -r ${a}
2637 log_test_addr ${a} $? 0 "Device server"
2638 done
2639
2640 # verify TCP reset received
2641 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2642 do
2643 log_start
2644 show_hint "Should fail 'Connection refused'"
2645 run_cmd_nsb nettest -6 -r ${a}
2646 log_test_addr ${a} $? 1 "No server"
2647 done
2648
2649 # local address tests
2650 a=${NSA_IP6}
2651 log_start
2652 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2653 run_cmd nettest -6 -s &
2654 sleep 1
2655 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2656 log_test_addr ${a} $? 1 "Global server, local connection"
2657
2658 # run MD5 tests
2659 ipv6_tcp_md5
2660
2661 #
2662 # enable VRF global server
2663 #
2664 log_subsection "VRF Global server enabled"
2665 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2666
2667 for a in ${NSA_IP6} ${VRF_IP6}
2668 do
2669 log_start
2670 run_cmd nettest -6 -s -3 ${VRF} &
2671 sleep 1
2672 run_cmd_nsb nettest -6 -r ${a}
2673 log_test_addr ${a} $? 0 "Global server"
2674 done
2675
2676 for a in ${NSA_IP6} ${VRF_IP6}
2677 do
2678 log_start
2679 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2680 sleep 1
2681 run_cmd_nsb nettest -6 -r ${a}
2682 log_test_addr ${a} $? 0 "VRF server"
2683 done
2684
2685 # For LLA, child socket is bound to device
2686 a=${NSA_LINKIP6}%${NSB_DEV}
2687 log_start
2688 run_cmd nettest -6 -s -3 ${NSA_DEV} &
2689 sleep 1
2690 run_cmd_nsb nettest -6 -r ${a}
2691 log_test_addr ${a} $? 0 "Global server"
2692
2693 log_start
2694 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2695 sleep 1
2696 run_cmd_nsb nettest -6 -r ${a}
2697 log_test_addr ${a} $? 0 "VRF server"
2698
2699 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2700 do
2701 log_start
2702 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2703 sleep 1
2704 run_cmd_nsb nettest -6 -r ${a}
2705 log_test_addr ${a} $? 0 "Device server"
2706 done
2707
2708 # verify TCP reset received
2709 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2710 do
2711 log_start
2712 show_hint "Should fail 'Connection refused'"
2713 run_cmd_nsb nettest -6 -r ${a}
2714 log_test_addr ${a} $? 1 "No server"
2715 done
2716
2717 # local address tests
2718 for a in ${NSA_IP6} ${VRF_IP6}
2719 do
2720 log_start
2721 show_hint "Fails 'Connection refused' since client is not in VRF"
2722 run_cmd nettest -6 -s -I ${VRF} &
2723 sleep 1
2724 run_cmd nettest -6 -r ${a}
2725 log_test_addr ${a} $? 1 "Global server, local connection"
2726 done
2727
2728
2729 #
2730 # client
2731 #
2732 for a in ${NSB_IP6} ${NSB_LO_IP6}
2733 do
2734 log_start
2735 run_cmd_nsb nettest -6 -s &
2736 sleep 1
2737 run_cmd nettest -6 -r ${a} -d ${VRF}
2738 log_test_addr ${a} $? 0 "Client, VRF bind"
2739 done
2740
2741 a=${NSB_LINKIP6}
2742 log_start
2743 show_hint "Fails since VRF device does not allow linklocal addresses"
2744 run_cmd_nsb nettest -6 -s &
2745 sleep 1
2746 run_cmd nettest -6 -r ${a} -d ${VRF}
2747 log_test_addr ${a} $? 1 "Client, VRF bind"
2748
2749 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2750 do
2751 log_start
2752 run_cmd_nsb nettest -6 -s &
2753 sleep 1
2754 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2755 log_test_addr ${a} $? 0 "Client, device bind"
2756 done
2757
2758 for a in ${NSB_IP6} ${NSB_LO_IP6}
2759 do
2760 log_start
2761 show_hint "Should fail 'Connection refused'"
2762 run_cmd nettest -6 -r ${a} -d ${VRF}
2763 log_test_addr ${a} $? 1 "No server, VRF client"
2764 done
2765
2766 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2767 do
2768 log_start
2769 show_hint "Should fail 'Connection refused'"
2770 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2771 log_test_addr ${a} $? 1 "No server, device client"
2772 done
2773
2774 for a in ${NSA_IP6} ${VRF_IP6} ::1
2775 do
2776 log_start
2777 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2778 sleep 1
2779 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2780 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2781 done
2782
2783 a=${NSA_IP6}
2784 log_start
2785 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2786 sleep 1
2787 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2788 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2789
2790 a=${NSA_IP6}
2791 log_start
2792 show_hint "Should fail since unbound client is out of VRF scope"
2793 run_cmd nettest -6 -s -I ${VRF} &
2794 sleep 1
2795 run_cmd nettest -6 -r ${a}
2796 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2797
2798 log_start
2799 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2800 sleep 1
2801 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2802 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2803
2804 for a in ${NSA_IP6} ${NSA_LINKIP6}
2805 do
2806 log_start
2807 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2808 sleep 1
2809 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2810 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2811 done
2812 }
2813
2814 ipv6_tcp()
2815 {
2816 log_section "IPv6/TCP"
2817 log_subsection "No VRF"
2818 setup
2819
2820 # tcp_l3mdev_accept should have no affect without VRF;
2821 # run tests with it enabled and disabled to verify
2822 log_subsection "tcp_l3mdev_accept disabled"
2823 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2824 ipv6_tcp_novrf
2825 log_subsection "tcp_l3mdev_accept enabled"
2826 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2827 ipv6_tcp_novrf
2828
2829 log_subsection "With VRF"
2830 setup "yes"
2831 ipv6_tcp_vrf
2832 }
2833
2834 ################################################################################
2835 # IPv6 UDP
2836
2837 ipv6_udp_novrf()
2838 {
2839 local a
2840
2841 #
2842 # server tests
2843 #
2844 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2845 do
2846 log_start
2847 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
2848 sleep 1
2849 run_cmd_nsb nettest -6 -D -r ${a}
2850 log_test_addr ${a} $? 0 "Global server"
2851
2852 log_start
2853 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
2854 sleep 1
2855 run_cmd_nsb nettest -6 -D -r ${a}
2856 log_test_addr ${a} $? 0 "Device server"
2857 done
2858
2859 a=${NSA_LO_IP6}
2860 log_start
2861 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
2862 sleep 1
2863 run_cmd_nsb nettest -6 -D -r ${a}
2864 log_test_addr ${a} $? 0 "Global server"
2865
2866 # should fail since loopback address is out of scope for a device
2867 # bound server, but it does not - hence this is more documenting
2868 # behavior.
2869 #log_start
2870 #show_hint "Should fail since loopback address is out of scope"
2871 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
2872 #sleep 1
2873 #run_cmd_nsb nettest -6 -D -r ${a}
2874 #log_test_addr ${a} $? 1 "Device server"
2875
2876 # negative test - should fail
2877 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2878 do
2879 log_start
2880 show_hint "Should fail 'Connection refused' since there is no server"
2881 run_cmd_nsb nettest -6 -D -r ${a}
2882 log_test_addr ${a} $? 1 "No server"
2883 done
2884
2885 #
2886 # client
2887 #
2888 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2889 do
2890 log_start
2891 run_cmd_nsb nettest -6 -D -s &
2892 sleep 1
2893 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2894 log_test_addr ${a} $? 0 "Client"
2895
2896 log_start
2897 run_cmd_nsb nettest -6 -D -s &
2898 sleep 1
2899 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2900 log_test_addr ${a} $? 0 "Client, device bind"
2901
2902 log_start
2903 run_cmd_nsb nettest -6 -D -s &
2904 sleep 1
2905 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2906 log_test_addr ${a} $? 0 "Client, device send via cmsg"
2907
2908 log_start
2909 run_cmd_nsb nettest -6 -D -s &
2910 sleep 1
2911 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2912 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
2913
2914 log_start
2915 show_hint "Should fail 'Connection refused'"
2916 run_cmd nettest -6 -D -r ${a}
2917 log_test_addr ${a} $? 1 "No server, unbound client"
2918
2919 log_start
2920 show_hint "Should fail 'Connection refused'"
2921 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2922 log_test_addr ${a} $? 1 "No server, device client"
2923 done
2924
2925 #
2926 # local address tests
2927 #
2928 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2929 do
2930 log_start
2931 run_cmd nettest -6 -D -s &
2932 sleep 1
2933 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
2934 log_test_addr ${a} $? 0 "Global server, local connection"
2935 done
2936
2937 a=${NSA_IP6}
2938 log_start
2939 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
2940 sleep 1
2941 run_cmd nettest -6 -D -r ${a}
2942 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2943
2944 for a in ${NSA_LO_IP6} ::1
2945 do
2946 log_start
2947 show_hint "Should fail 'Connection refused' since address is out of device scope"
2948 run_cmd nettest -6 -s -D -I ${NSA_DEV} &
2949 sleep 1
2950 run_cmd nettest -6 -D -r ${a}
2951 log_test_addr ${a} $? 1 "Device server, local connection"
2952 done
2953
2954 a=${NSA_IP6}
2955 log_start
2956 run_cmd nettest -6 -s -D &
2957 sleep 1
2958 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2959 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2960
2961 log_start
2962 run_cmd nettest -6 -s -D &
2963 sleep 1
2964 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
2965 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
2966
2967 log_start
2968 run_cmd nettest -6 -s -D &
2969 sleep 1
2970 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
2971 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
2972
2973 for a in ${NSA_LO_IP6} ::1
2974 do
2975 log_start
2976 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2977 run_cmd nettest -6 -D -s &
2978 sleep 1
2979 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2980 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2981
2982 log_start
2983 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2984 run_cmd nettest -6 -D -s &
2985 sleep 1
2986 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
2987 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
2988
2989 log_start
2990 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2991 run_cmd nettest -6 -D -s &
2992 sleep 1
2993 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
2994 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
2995 done
2996
2997 a=${NSA_IP6}
2998 log_start
2999 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3000 sleep 1
3001 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3002 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3003
3004 log_start
3005 show_hint "Should fail 'Connection refused'"
3006 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3007 log_test_addr ${a} $? 1 "No server, device client, local conn"
3008
3009 # LLA to GUA
3010 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3011 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3012 log_start
3013 run_cmd nettest -6 -s -D &
3014 sleep 1
3015 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3016 log_test $? 0 "UDP in - LLA to GUA"
3017
3018 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3019 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3020 }
3021
3022 ipv6_udp_vrf()
3023 {
3024 local a
3025
3026 # disable global server
3027 log_subsection "Global server disabled"
3028 set_sysctl net.ipv4.udp_l3mdev_accept=0
3029
3030 #
3031 # server tests
3032 #
3033 for a in ${NSA_IP6} ${VRF_IP6}
3034 do
3035 log_start
3036 show_hint "Should fail 'Connection refused' since global server is disabled"
3037 run_cmd nettest -6 -D -s &
3038 sleep 1
3039 run_cmd_nsb nettest -6 -D -r ${a}
3040 log_test_addr ${a} $? 1 "Global server"
3041 done
3042
3043 for a in ${NSA_IP6} ${VRF_IP6}
3044 do
3045 log_start
3046 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3047 sleep 1
3048 run_cmd_nsb nettest -6 -D -r ${a}
3049 log_test_addr ${a} $? 0 "VRF server"
3050 done
3051
3052 for a in ${NSA_IP6} ${VRF_IP6}
3053 do
3054 log_start
3055 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3056 sleep 1
3057 run_cmd_nsb nettest -6 -D -r ${a}
3058 log_test_addr ${a} $? 0 "Enslaved device server"
3059 done
3060
3061 # negative test - should fail
3062 for a in ${NSA_IP6} ${VRF_IP6}
3063 do
3064 log_start
3065 show_hint "Should fail 'Connection refused' since there is no server"
3066 run_cmd_nsb nettest -6 -D -r ${a}
3067 log_test_addr ${a} $? 1 "No server"
3068 done
3069
3070 #
3071 # local address tests
3072 #
3073 for a in ${NSA_IP6} ${VRF_IP6}
3074 do
3075 log_start
3076 show_hint "Should fail 'Connection refused' since global server is disabled"
3077 run_cmd nettest -6 -D -s &
3078 sleep 1
3079 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3080 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3081 done
3082
3083 for a in ${NSA_IP6} ${VRF_IP6}
3084 do
3085 log_start
3086 run_cmd nettest -6 -D -I ${VRF} -s &
3087 sleep 1
3088 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3089 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3090 done
3091
3092 a=${NSA_IP6}
3093 log_start
3094 show_hint "Should fail 'Connection refused' since global server is disabled"
3095 run_cmd nettest -6 -D -s &
3096 sleep 1
3097 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3098 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3099
3100 log_start
3101 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3102 sleep 1
3103 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3104 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3105
3106 log_start
3107 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3108 sleep 1
3109 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3110 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3111
3112 log_start
3113 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3114 sleep 1
3115 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3116 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3117
3118 # disable global server
3119 log_subsection "Global server enabled"
3120 set_sysctl net.ipv4.udp_l3mdev_accept=1
3121
3122 #
3123 # server tests
3124 #
3125 for a in ${NSA_IP6} ${VRF_IP6}
3126 do
3127 log_start
3128 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3129 sleep 1
3130 run_cmd_nsb nettest -6 -D -r ${a}
3131 log_test_addr ${a} $? 0 "Global server"
3132 done
3133
3134 for a in ${NSA_IP6} ${VRF_IP6}
3135 do
3136 log_start
3137 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3138 sleep 1
3139 run_cmd_nsb nettest -6 -D -r ${a}
3140 log_test_addr ${a} $? 0 "VRF server"
3141 done
3142
3143 for a in ${NSA_IP6} ${VRF_IP6}
3144 do
3145 log_start
3146 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3147 sleep 1
3148 run_cmd_nsb nettest -6 -D -r ${a}
3149 log_test_addr ${a} $? 0 "Enslaved device server"
3150 done
3151
3152 # negative test - should fail
3153 for a in ${NSA_IP6} ${VRF_IP6}
3154 do
3155 log_start
3156 run_cmd_nsb nettest -6 -D -r ${a}
3157 log_test_addr ${a} $? 1 "No server"
3158 done
3159
3160 #
3161 # client tests
3162 #
3163 log_start
3164 run_cmd_nsb nettest -6 -D -s &
3165 sleep 1
3166 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3167 log_test $? 0 "VRF client"
3168
3169 # negative test - should fail
3170 log_start
3171 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3172 log_test $? 1 "No server, VRF client"
3173
3174 log_start
3175 run_cmd_nsb nettest -6 -D -s &
3176 sleep 1
3177 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3178 log_test $? 0 "Enslaved device client"
3179
3180 # negative test - should fail
3181 log_start
3182 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3183 log_test $? 1 "No server, enslaved device client"
3184
3185 #
3186 # local address tests
3187 #
3188 a=${NSA_IP6}
3189 log_start
3190 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3191 sleep 1
3192 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3193 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3194
3195 #log_start
3196 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3197 sleep 1
3198 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3199 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3200
3201
3202 a=${VRF_IP6}
3203 log_start
3204 run_cmd nettest -6 -D -s -3 ${VRF} &
3205 sleep 1
3206 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3207 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3208
3209 log_start
3210 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
3211 sleep 1
3212 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3213 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3214
3215 # negative test - should fail
3216 for a in ${NSA_IP6} ${VRF_IP6}
3217 do
3218 log_start
3219 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3220 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3221 done
3222
3223 # device to global IP
3224 a=${NSA_IP6}
3225 log_start
3226 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3227 sleep 1
3228 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3229 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3230
3231 log_start
3232 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3233 sleep 1
3234 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3235 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3236
3237 log_start
3238 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3239 sleep 1
3240 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3241 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3242
3243 log_start
3244 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3245 sleep 1
3246 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3247 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3248
3249 log_start
3250 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3251 log_test_addr ${a} $? 1 "No server, device client, local conn"
3252
3253
3254 # link local addresses
3255 log_start
3256 run_cmd nettest -6 -D -s &
3257 sleep 1
3258 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3259 log_test $? 0 "Global server, linklocal IP"
3260
3261 log_start
3262 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3263 log_test $? 1 "No server, linklocal IP"
3264
3265
3266 log_start
3267 run_cmd_nsb nettest -6 -D -s &
3268 sleep 1
3269 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3270 log_test $? 0 "Enslaved device client, linklocal IP"
3271
3272 log_start
3273 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3274 log_test $? 1 "No server, device client, peer linklocal IP"
3275
3276
3277 log_start
3278 run_cmd nettest -6 -D -s &
3279 sleep 1
3280 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3281 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3282
3283 log_start
3284 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3285 log_test $? 1 "No server, device client, local conn - linklocal IP"
3286
3287 # LLA to GUA
3288 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3289 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3290 log_start
3291 run_cmd nettest -6 -s -D &
3292 sleep 1
3293 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3294 log_test $? 0 "UDP in - LLA to GUA"
3295
3296 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3297 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3298 }
3299
3300 ipv6_udp()
3301 {
3302 # should not matter, but set to known state
3303 set_sysctl net.ipv4.udp_early_demux=1
3304
3305 log_section "IPv6/UDP"
3306 log_subsection "No VRF"
3307 setup
3308
3309 # udp_l3mdev_accept should have no affect without VRF;
3310 # run tests with it enabled and disabled to verify
3311 log_subsection "udp_l3mdev_accept disabled"
3312 set_sysctl net.ipv4.udp_l3mdev_accept=0
3313 ipv6_udp_novrf
3314 log_subsection "udp_l3mdev_accept enabled"
3315 set_sysctl net.ipv4.udp_l3mdev_accept=1
3316 ipv6_udp_novrf
3317
3318 log_subsection "With VRF"
3319 setup "yes"
3320 ipv6_udp_vrf
3321 }
3322
3323 ################################################################################
3324 # IPv6 address bind
3325
3326 ipv6_addr_bind_novrf()
3327 {
3328 #
3329 # raw socket
3330 #
3331 for a in ${NSA_IP6} ${NSA_LO_IP6}
3332 do
3333 log_start
3334 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3335 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3336
3337 log_start
3338 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3339 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3340 done
3341
3342 #
3343 # tcp sockets
3344 #
3345 a=${NSA_IP6}
3346 log_start
3347 run_cmd nettest -6 -s -l ${a} -t1 -b
3348 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3349
3350 log_start
3351 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3352 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3353
3354 a=${NSA_LO_IP6}
3355 log_start
3356 show_hint "Should fail with 'Cannot assign requested address'"
3357 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3358 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
3359 }
3360
3361 ipv6_addr_bind_vrf()
3362 {
3363 #
3364 # raw socket
3365 #
3366 for a in ${NSA_IP6} ${VRF_IP6}
3367 do
3368 log_start
3369 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3370 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3371
3372 log_start
3373 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3374 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3375 done
3376
3377 a=${NSA_LO_IP6}
3378 log_start
3379 show_hint "Address on loopback is out of VRF scope"
3380 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3381 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3382
3383 #
3384 # tcp sockets
3385 #
3386 # address on enslaved device is valid for the VRF or device in a VRF
3387 for a in ${NSA_IP6} ${VRF_IP6}
3388 do
3389 log_start
3390 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3391 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3392 done
3393
3394 a=${NSA_IP6}
3395 log_start
3396 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3397 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3398
3399 a=${VRF_IP6}
3400 log_start
3401 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3402 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind"
3403
3404 a=${NSA_LO_IP6}
3405 log_start
3406 show_hint "Address on loopback out of scope for VRF"
3407 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3408 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3409
3410 log_start
3411 show_hint "Address on loopback out of scope for device in VRF"
3412 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3413 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3414
3415 }
3416
3417 ipv6_addr_bind()
3418 {
3419 log_section "IPv6 address binds"
3420
3421 log_subsection "No VRF"
3422 setup
3423 ipv6_addr_bind_novrf
3424
3425 log_subsection "With VRF"
3426 setup "yes"
3427 ipv6_addr_bind_vrf
3428 }
3429
3430 ################################################################################
3431 # IPv6 runtime tests
3432
3433 ipv6_rt()
3434 {
3435 local desc="$1"
3436 local varg="-6 $2"
3437 local with_vrf="yes"
3438 local a
3439
3440 #
3441 # server tests
3442 #
3443 for a in ${NSA_IP6} ${VRF_IP6}
3444 do
3445 log_start
3446 run_cmd nettest ${varg} -s &
3447 sleep 1
3448 run_cmd_nsb nettest ${varg} -r ${a} &
3449 sleep 3
3450 run_cmd ip link del ${VRF}
3451 sleep 1
3452 log_test_addr ${a} 0 0 "${desc}, global server"
3453
3454 setup ${with_vrf}
3455 done
3456
3457 for a in ${NSA_IP6} ${VRF_IP6}
3458 do
3459 log_start
3460 run_cmd nettest ${varg} -I ${VRF} -s &
3461 sleep 1
3462 run_cmd_nsb nettest ${varg} -r ${a} &
3463 sleep 3
3464 run_cmd ip link del ${VRF}
3465 sleep 1
3466 log_test_addr ${a} 0 0 "${desc}, VRF server"
3467
3468 setup ${with_vrf}
3469 done
3470
3471 for a in ${NSA_IP6} ${VRF_IP6}
3472 do
3473 log_start
3474 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3475 sleep 1
3476 run_cmd_nsb nettest ${varg} -r ${a} &
3477 sleep 3
3478 run_cmd ip link del ${VRF}
3479 sleep 1
3480 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3481
3482 setup ${with_vrf}
3483 done
3484
3485 #
3486 # client test
3487 #
3488 log_start
3489 run_cmd_nsb nettest ${varg} -s &
3490 sleep 1
3491 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3492 sleep 3
3493 run_cmd ip link del ${VRF}
3494 sleep 1
3495 log_test 0 0 "${desc}, VRF client"
3496
3497 setup ${with_vrf}
3498
3499 log_start
3500 run_cmd_nsb nettest ${varg} -s &
3501 sleep 1
3502 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3503 sleep 3
3504 run_cmd ip link del ${VRF}
3505 sleep 1
3506 log_test 0 0 "${desc}, enslaved device client"
3507
3508 setup ${with_vrf}
3509
3510
3511 #
3512 # local address tests
3513 #
3514 for a in ${NSA_IP6} ${VRF_IP6}
3515 do
3516 log_start
3517 run_cmd nettest ${varg} -s &
3518 sleep 1
3519 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3520 sleep 3
3521 run_cmd ip link del ${VRF}
3522 sleep 1
3523 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3524
3525 setup ${with_vrf}
3526 done
3527
3528 for a in ${NSA_IP6} ${VRF_IP6}
3529 do
3530 log_start
3531 run_cmd nettest ${varg} -I ${VRF} -s &
3532 sleep 1
3533 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3534 sleep 3
3535 run_cmd ip link del ${VRF}
3536 sleep 1
3537 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3538
3539 setup ${with_vrf}
3540 done
3541
3542 a=${NSA_IP6}
3543 log_start
3544 run_cmd nettest ${varg} -s &
3545 sleep 1
3546 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3547 sleep 3
3548 run_cmd ip link del ${VRF}
3549 sleep 1
3550 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3551
3552 setup ${with_vrf}
3553
3554 log_start
3555 run_cmd nettest ${varg} -I ${VRF} -s &
3556 sleep 1
3557 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3558 sleep 3
3559 run_cmd ip link del ${VRF}
3560 sleep 1
3561 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3562
3563 setup ${with_vrf}
3564
3565 log_start
3566 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3567 sleep 1
3568 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3569 sleep 3
3570 run_cmd ip link del ${VRF}
3571 sleep 1
3572 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3573 }
3574
3575 ipv6_ping_rt()
3576 {
3577 local with_vrf="yes"
3578 local a
3579
3580 a=${NSA_IP6}
3581 log_start
3582 run_cmd_nsb ${ping6} -f ${a} &
3583 sleep 3
3584 run_cmd ip link del ${VRF}
3585 sleep 1
3586 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3587
3588 setup ${with_vrf}
3589
3590 log_start
3591 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3592 sleep 1
3593 run_cmd ip link del ${VRF}
3594 sleep 1
3595 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3596 }
3597
3598 ipv6_runtime()
3599 {
3600 log_section "Run time tests - ipv6"
3601
3602 setup "yes"
3603 ipv6_ping_rt
3604
3605 setup "yes"
3606 ipv6_rt "TCP active socket" "-n -1"
3607
3608 setup "yes"
3609 ipv6_rt "TCP passive socket" "-i"
3610
3611 setup "yes"
3612 ipv6_rt "UDP active socket" "-D -n -1"
3613 }
3614
3615 ################################################################################
3616 # netfilter blocking connections
3617
3618 netfilter_tcp_reset()
3619 {
3620 local a
3621
3622 for a in ${NSA_IP} ${VRF_IP}
3623 do
3624 log_start
3625 run_cmd nettest -s &
3626 sleep 1
3627 run_cmd_nsb nettest -r ${a}
3628 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3629 done
3630 }
3631
3632 netfilter_icmp()
3633 {
3634 local stype="$1"
3635 local arg
3636 local a
3637
3638 [ "${stype}" = "UDP" ] && arg="-D"
3639
3640 for a in ${NSA_IP} ${VRF_IP}
3641 do
3642 log_start
3643 run_cmd nettest ${arg} -s &
3644 sleep 1
3645 run_cmd_nsb nettest ${arg} -r ${a}
3646 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3647 done
3648 }
3649
3650 ipv4_netfilter()
3651 {
3652 log_section "IPv4 Netfilter"
3653 log_subsection "TCP reset"
3654
3655 setup "yes"
3656 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3657
3658 netfilter_tcp_reset
3659
3660 log_start
3661 log_subsection "ICMP unreachable"
3662
3663 log_start
3664 run_cmd iptables -F
3665 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3666 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3667
3668 netfilter_icmp "TCP"
3669 netfilter_icmp "UDP"
3670
3671 log_start
3672 iptables -F
3673 }
3674
3675 netfilter_tcp6_reset()
3676 {
3677 local a
3678
3679 for a in ${NSA_IP6} ${VRF_IP6}
3680 do
3681 log_start
3682 run_cmd nettest -6 -s &
3683 sleep 1
3684 run_cmd_nsb nettest -6 -r ${a}
3685 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3686 done
3687 }
3688
3689 netfilter_icmp6()
3690 {
3691 local stype="$1"
3692 local arg
3693 local a
3694
3695 [ "${stype}" = "UDP" ] && arg="$arg -D"
3696
3697 for a in ${NSA_IP6} ${VRF_IP6}
3698 do
3699 log_start
3700 run_cmd nettest -6 -s ${arg} &
3701 sleep 1
3702 run_cmd_nsb nettest -6 ${arg} -r ${a}
3703 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3704 done
3705 }
3706
3707 ipv6_netfilter()
3708 {
3709 log_section "IPv6 Netfilter"
3710 log_subsection "TCP reset"
3711
3712 setup "yes"
3713 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3714
3715 netfilter_tcp6_reset
3716
3717 log_subsection "ICMP unreachable"
3718
3719 log_start
3720 run_cmd ip6tables -F
3721 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3722 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3723
3724 netfilter_icmp6 "TCP"
3725 netfilter_icmp6 "UDP"
3726
3727 log_start
3728 ip6tables -F
3729 }
3730
3731 ################################################################################
3732 # specific use cases
3733
3734 # VRF only.
3735 # ns-A device enslaved to bridge. Verify traffic with and without
3736 # br_netfilter module loaded. Repeat with SVI on bridge.
3737 use_case_br()
3738 {
3739 setup "yes"
3740
3741 setup_cmd ip link set ${NSA_DEV} down
3742 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24
3743 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
3744
3745 setup_cmd ip link add br0 type bridge
3746 setup_cmd ip addr add dev br0 ${NSA_IP}/24
3747 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
3748
3749 setup_cmd ip li set ${NSA_DEV} master br0
3750 setup_cmd ip li set ${NSA_DEV} up
3751 setup_cmd ip li set br0 up
3752 setup_cmd ip li set br0 vrf ${VRF}
3753
3754 rmmod br_netfilter 2>/dev/null
3755 sleep 5 # DAD
3756
3757 run_cmd ip neigh flush all
3758 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3759 log_test $? 0 "Bridge into VRF - IPv4 ping out"
3760
3761 run_cmd ip neigh flush all
3762 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3763 log_test $? 0 "Bridge into VRF - IPv6 ping out"
3764
3765 run_cmd ip neigh flush all
3766 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3767 log_test $? 0 "Bridge into VRF - IPv4 ping in"
3768
3769 run_cmd ip neigh flush all
3770 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3771 log_test $? 0 "Bridge into VRF - IPv6 ping in"
3772
3773 modprobe br_netfilter
3774 if [ $? -eq 0 ]; then
3775 run_cmd ip neigh flush all
3776 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3777 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3778
3779 run_cmd ip neigh flush all
3780 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3781 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3782
3783 run_cmd ip neigh flush all
3784 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3785 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3786
3787 run_cmd ip neigh flush all
3788 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3789 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3790 fi
3791
3792 setup_cmd ip li set br0 nomaster
3793 setup_cmd ip li add br0.100 link br0 type vlan id 100
3794 setup_cmd ip li set br0.100 vrf ${VRF} up
3795 setup_cmd ip addr add dev br0.100 172.16.101.1/24
3796 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
3797
3798 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100
3799 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24
3800 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
3801 setup_cmd_nsb ip li set vlan100 up
3802 sleep 1
3803
3804 rmmod br_netfilter 2>/dev/null
3805
3806 run_cmd ip neigh flush all
3807 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3808 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
3809
3810 run_cmd ip neigh flush all
3811 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3812 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
3813
3814 run_cmd ip neigh flush all
3815 run_cmd_nsb ping -c1 -w1 172.16.101.1
3816 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3817
3818 run_cmd ip neigh flush all
3819 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3820 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3821
3822 modprobe br_netfilter
3823 if [ $? -eq 0 ]; then
3824 run_cmd ip neigh flush all
3825 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3826 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3827
3828 run_cmd ip neigh flush all
3829 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3830 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3831
3832 run_cmd ip neigh flush all
3833 run_cmd_nsb ping -c1 -w1 172.16.101.1
3834 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3835
3836 run_cmd ip neigh flush all
3837 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3838 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3839 fi
3840
3841 setup_cmd ip li del br0 2>/dev/null
3842 setup_cmd_nsb ip li del vlan100 2>/dev/null
3843 }
3844
3845 # VRF only.
3846 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
3847 # LLA on the interfaces
3848 use_case_ping_lla_multi()
3849 {
3850 setup_lla_only
3851 # only want reply from ns-A
3852 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3853 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3854
3855 log_start
3856 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3857 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
3858
3859 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3860 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
3861
3862 # cycle/flap the first ns-A interface
3863 setup_cmd ip link set ${NSA_DEV} down
3864 setup_cmd ip link set ${NSA_DEV} up
3865 sleep 1
3866
3867 log_start
3868 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3869 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
3870 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3871 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
3872
3873 # cycle/flap the second ns-A interface
3874 setup_cmd ip link set ${NSA_DEV2} down
3875 setup_cmd ip link set ${NSA_DEV2} up
3876 sleep 1
3877
3878 log_start
3879 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3880 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
3881 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3882 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
3883 }
3884
3885 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
3886 # established with ns-B.
3887 use_case_snat_on_vrf()
3888 {
3889 setup "yes"
3890
3891 local port="12345"
3892
3893 run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
3894 run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
3895
3896 run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
3897 sleep 1
3898 run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
3899 log_test $? 0 "IPv4 TCP connection over VRF with SNAT"
3900
3901 run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
3902 sleep 1
3903 run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
3904 log_test $? 0 "IPv6 TCP connection over VRF with SNAT"
3905
3906 # Cleanup
3907 run_cmd iptables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
3908 run_cmd ip6tables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
3909 }
3910
3911 use_cases()
3912 {
3913 log_section "Use cases"
3914 log_subsection "Device enslaved to bridge"
3915 use_case_br
3916 log_subsection "Ping LLA with multiple interfaces"
3917 use_case_ping_lla_multi
3918 log_subsection "SNAT on VRF"
3919 use_case_snat_on_vrf
3920 }
3921
3922 ################################################################################
3923 # usage
3924
3925 usage()
3926 {
3927 cat <<EOF
3928 usage: ${0##*/} OPTS
3929
3930 -4 IPv4 tests only
3931 -6 IPv6 tests only
3932 -t <test> Test name/set to run
3933 -p Pause on fail
3934 -P Pause after each test
3935 -v Be verbose
3936 EOF
3937 }
3938
3939 ################################################################################
3940 # main
3941
3942 TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter"
3943 TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter"
3944 TESTS_OTHER="use_cases"
3945
3946 PAUSE_ON_FAIL=no
3947 PAUSE=no
3948
3949 while getopts :46t:pPvh o
3950 do
3951 case $o in
3952 4) TESTS=ipv4;;
3953 6) TESTS=ipv6;;
3954 t) TESTS=$OPTARG;;
3955 p) PAUSE_ON_FAIL=yes;;
3956 P) PAUSE=yes;;
3957 v) VERBOSE=1;;
3958 h) usage; exit 0;;
3959 *) usage; exit 1;;
3960 esac
3961 done
3962
3963 # make sure we don't pause twice
3964 [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
3965
3966 #
3967 # show user test config
3968 #
3969 if [ -z "$TESTS" ]; then
3970 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
3971 elif [ "$TESTS" = "ipv4" ]; then
3972 TESTS="$TESTS_IPV4"
3973 elif [ "$TESTS" = "ipv6" ]; then
3974 TESTS="$TESTS_IPV6"
3975 fi
3976
3977 which nettest >/dev/null
3978 if [ $? -ne 0 ]; then
3979 echo "'nettest' command not found; skipping tests"
3980 exit $ksft_skip
3981 fi
3982
3983 declare -i nfail=0
3984 declare -i nsuccess=0
3985
3986 for t in $TESTS
3987 do
3988 case $t in
3989 ipv4_ping|ping) ipv4_ping;;
3990 ipv4_tcp|tcp) ipv4_tcp;;
3991 ipv4_udp|udp) ipv4_udp;;
3992 ipv4_bind|bind) ipv4_addr_bind;;
3993 ipv4_runtime) ipv4_runtime;;
3994 ipv4_netfilter) ipv4_netfilter;;
3995
3996 ipv6_ping|ping6) ipv6_ping;;
3997 ipv6_tcp|tcp6) ipv6_tcp;;
3998 ipv6_udp|udp6) ipv6_udp;;
3999 ipv6_bind|bind6) ipv6_addr_bind;;
4000 ipv6_runtime) ipv6_runtime;;
4001 ipv6_netfilter) ipv6_netfilter;;
4002
4003 use_cases) use_cases;;
4004
4005 # setup namespaces and config, but do not run any tests
4006 setup) setup; exit 0;;
4007 vrf_setup) setup "yes"; exit 0;;
4008
4009 help) echo "Test names: $TESTS"; exit 0;;
4010 esac
4011 done
4012
4013 cleanup 2>/dev/null
4014
4015 printf "\nTests passed: %3d\n" ${nsuccess}
4016 printf "Tests failed: %3d\n" ${nfail}
Ubuntu combined Linux kernel mirror