2 # SPDX-License-Identifier: GPL-2.0
4 # Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
6 # IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7 # for various permutations:
8 # 1. icmp, tcp, udp and netfilter
9 # 2. client, server, no-server
10 # 3. global address on interface
11 # 4. global address on 'lo'
12 # 5. remote and local traffic
13 # 6. VRF and non-VRF permutations
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
33 # 172.16.2.2/32, 2001:db8:2::2/128
35 # ns-A to ns-C connection - only for VRF and same config
38 # server / client nomenclature relative to ns-A
40 # Kselftest framework requirement - SKIP code is 4.
62 NS_NET6
=2001:db8
:1::/120
66 NSA_LO_IP6
=2001:db8
:2::1
67 NSB_LO_IP6
=2001:db8
:2::2
73 # set after namespace create
81 NSA_CMD
="ip netns exec ${NSA}"
82 NSB_CMD
="ip netns exec ${NSB}"
83 NSC_CMD
="ip netns exec ${NSC}"
85 which ping6
> /dev
/null
2>&1 && ping6
=$
(which ping6
) || ping6
=$
(which ping)
87 ################################################################################
96 [ "${VERBOSE}" = "1" ] && echo
98 if [ ${rc} -eq ${expected} ]; then
99 nsuccess
=$
((nsuccess
+1))
100 printf "TEST: %-70s [ OK ]\n" "${msg}"
103 printf "TEST: %-70s [FAIL]\n" "${msg}"
104 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
106 echo "hit enter to continue, 'q' to quit"
108 [ "$a" = "q" ] && exit 1
112 if [ "${PAUSE}" = "yes" ]; then
114 echo "hit enter to continue, 'q' to quit"
116 [ "$a" = "q" ] && exit 1
130 astr
=$
(addr2str
${addr})
131 log_test
$rc $expected "$msg - ${astr}"
137 echo "###########################################################################"
139 echo "###########################################################################"
146 echo "#################################################################"
153 # make sure we have no test instances running
156 if [ "${VERBOSE}" = "1" ]; then
158 echo "#######################################################"
164 if [ "${VERBOSE}" = "1" ]; then
173 if [ "${VERBOSE}" = "1" ]; then
181 killall nettest
ping ping6
>/dev
/null
2>&1
190 if [ "$VERBOSE" = "1" ]; then
191 echo "COMMAND: ${cmd}"
196 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
205 do_run_cmd
${NSA_CMD} $
*
210 do_run_cmd
${NSB_CMD} $
*
215 do_run_cmd
${NSC_CMD} $
*
225 if [ $rc -ne 0 ]; then
226 # show user the command if not done so already
227 if [ "$VERBOSE" = "0" ]; then
228 echo "setup command: $cmd"
230 echo "failed. stopping tests"
231 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
233 echo "hit enter to continue"
247 if [ $rc -ne 0 ]; then
248 # show user the command if not done so already
249 if [ "$VERBOSE" = "0" ]; then
250 echo "setup command: $cmd"
252 echo "failed. stopping tests"
253 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
255 echo "hit enter to continue"
269 if [ $rc -ne 0 ]; then
270 # show user the command if not done so already
271 if [ "$VERBOSE" = "0" ]; then
272 echo "setup command: $cmd"
274 echo "failed. stopping tests"
275 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
277 echo "hit enter to continue"
284 # set sysctl values in NS-A
289 run_cmd sysctl
-q -w $
*
292 ################################################################################
298 127.0.0.1) echo "loopback";;
299 ::1) echo "IPv6 loopback";;
301 ${NSA_IP}) echo "ns-A IP";;
302 ${NSA_IP6}) echo "ns-A IPv6";;
303 ${NSA_LO_IP}) echo "ns-A loopback IP";;
304 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
305 ${NSA_LINKIP6}|
${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
307 ${NSB_IP}) echo "ns-B IP";;
308 ${NSB_IP6}) echo "ns-B IPv6";;
309 ${NSB_LO_IP}) echo "ns-B loopback IP";;
310 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
311 ${NSB_LINKIP6}|
${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
313 ${VRF_IP}) echo "VRF IP";;
314 ${VRF_IP6}) echo "VRF IPv6";;
316 ${MCAST}%*) echo "multicast IP";;
328 addr
=$
(ip
-netns ${ns} -6 -br addr show dev
${dev} | \
330 for (i = 3; i <= NF; ++i) {
338 [ -z "$addr" ] && return 1
345 ################################################################################
346 # create namespaces and vrf
356 ip
-netns ${ns} link add ${vrf} type vrf table ${table}
357 ip
-netns ${ns} link
set ${vrf} up
358 ip
-netns ${ns} route add vrf
${vrf} unreachable default metric
8192
359 ip
-netns ${ns} -6 route add vrf
${vrf} unreachable default metric
8192
361 ip
-netns ${ns} addr add
127.0.0.1/8 dev
${vrf}
362 ip
-netns ${ns} -6 addr add
::1 dev
${vrf} nodad
363 if [ "${addr}" != "-" ]; then
364 ip
-netns ${ns} addr add dev ${vrf} ${addr}
366 if [ "${addr6}" != "-" ]; then
367 ip
-netns ${ns} -6 addr add dev ${vrf} ${addr6}
370 ip
-netns ${ns} ru del pref
0
371 ip
-netns ${ns} ru add pref
32765 from all lookup
local
372 ip
-netns ${ns} -6 ru del pref
0
373 ip
-netns ${ns} -6 ru add pref
32765 from all lookup
local
384 ip
-netns ${ns} link
set lo up
385 if [ "${addr}" != "-" ]; then
386 ip
-netns ${ns} addr add dev lo
${addr}
388 if [ "${addr6}" != "-" ]; then
389 ip
-netns ${ns} -6 addr add dev lo
${addr6}
392 ip
-netns ${ns} ro add unreachable default metric
8192
393 ip
-netns ${ns} -6 ro add unreachable default metric
8192
395 ip netns
exec ${ns} sysctl
-qw net.ipv4.ip_forward
=1
396 ip netns
exec ${ns} sysctl
-qw net.ipv6.conf.all.keep_addr_on_down
=1
397 ip netns
exec ${ns} sysctl
-qw net.ipv6.conf.all.forwarding
=1
398 ip netns
exec ${ns} sysctl
-qw net.ipv6.conf.default.forwarding
=1
401 # create veth pair to connect namespaces and apply addresses.
413 ip
-netns ${ns1} li add
${ns1_dev} type veth peer name tmp
414 ip
-netns ${ns1} li
set ${ns1_dev} up
415 ip
-netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
416 ip
-netns ${ns2} li
set ${ns2_dev} up
418 if [ "${ns1_addr}" != "-" ]; then
419 ip
-netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
420 ip
-netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
423 if [ "${ns1_addr6}" != "-" ]; then
424 ip
-netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
425 ip
-netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
431 # explicit cleanups to check those code paths
432 ip netns |
grep -q ${NSA}
433 if [ $?
-eq 0 ]; then
434 ip
-netns ${NSA} link delete
${VRF}
435 ip
-netns ${NSA} ro flush table
${VRF_TABLE}
437 ip
-netns ${NSA} addr flush dev
${NSA_DEV}
438 ip
-netns ${NSA} -6 addr flush dev
${NSA_DEV}
439 ip
-netns ${NSA} link
set dev
${NSA_DEV} down
440 ip
-netns ${NSA} link del dev
${NSA_DEV}
446 ip netns del
${NSC} >/dev
/null
2>&1
453 # make sure we are starting with a clean slate
457 log_debug
"Configuring network namespaces"
460 create_ns
${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
461 create_ns
${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
462 connect_ns
${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
463 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
465 NSA_LINKIP6
=$
(get_linklocal
${NSA} ${NSA_DEV})
466 NSB_LINKIP6
=$
(get_linklocal
${NSB} ${NSB_DEV})
468 # tell ns-A how to get to remote addresses of ns-B
469 if [ "${with_vrf}" = "yes" ]; then
470 create_vrf
${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
472 ip
-netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
473 ip
-netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
474 ip
-netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
476 ip
-netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
477 ip
-netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
479 # some VRF tests use ns-C which has the same config as
480 # ns-B but for a device NOT in the VRF
481 create_ns
${NSC} "-" "-"
482 connect_ns
${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
483 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
485 ip
-netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
486 ip
-netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
490 # tell ns-B how to get to remote addresses of ns-A
491 ip
-netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
492 ip
-netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
501 # make sure we are starting with a clean slate
505 log_debug
"Configuring network namespaces"
508 create_ns
${NSA} "-" "-"
509 create_ns
${NSB} "-" "-"
510 create_ns
${NSC} "-" "-"
511 connect_ns
${NSA} ${NSA_DEV} "-" "-" \
512 ${NSB} ${NSB_DEV} "-" "-"
513 connect_ns
${NSA} ${NSA_DEV2} "-" "-" \
514 ${NSC} ${NSC_DEV} "-" "-"
516 NSA_LINKIP6
=$
(get_linklocal
${NSA} ${NSA_DEV})
517 NSB_LINKIP6
=$
(get_linklocal
${NSB} ${NSB_DEV})
518 NSC_LINKIP6
=$
(get_linklocal
${NSC} ${NSC_DEV})
520 create_vrf
${NSA} ${VRF} ${VRF_TABLE} "-" "-"
521 ip
-netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
522 ip
-netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
529 ################################################################################
539 for a
in ${NSB_IP} ${NSB_LO_IP}
542 run_cmd
ping -c1 -w1 ${a}
543 log_test_addr
${a} $?
0 "ping out"
546 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
547 log_test_addr
${a} $?
0 "ping out, device bind"
550 run_cmd
ping -c1 -w1 -I ${NSA_LO_IP} ${a}
551 log_test_addr
${a} $?
0 "ping out, address bind"
557 for a
in ${NSA_IP} ${NSA_LO_IP}
560 run_cmd_nsb
ping -c1 -w1 ${a}
561 log_test_addr
${a} $?
0 "ping in"
567 for a
in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
570 run_cmd
ping -c1 -w1 ${a}
571 log_test_addr
${a} $?
0 "ping local"
575 # local traffic, socket bound to device
580 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
581 log_test_addr
${a} $?
0 "ping local, device bind"
583 # loopback addresses not reachable from device bind
584 # fails in a really weird way though because ipv4 special cases
585 # route lookups with oif set.
586 for a
in ${NSA_LO_IP} 127.0.0.1
589 show_hint
"Fails since address on loopback device is out of device scope"
590 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
591 log_test_addr
${a} $?
1 "ping local, device bind"
595 # ip rule blocks reachability to remote address
598 setup_cmd ip rule add pref
32765 from all lookup
local
599 setup_cmd ip rule del pref
0 from all lookup
local
600 setup_cmd ip rule add pref
50 to
${NSB_LO_IP} prohibit
601 setup_cmd ip rule add pref
51 from
${NSB_IP} prohibit
604 run_cmd
ping -c1 -w1 ${a}
605 log_test_addr
${a} $?
2 "ping out, blocked by rule"
607 # NOTE: ipv4 actually allows the lookup to fail and yet still create
608 # a viable rtable if the oif (e.g., bind to device) is set, so this
609 # case succeeds despite the rule
610 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
614 show_hint
"Response generates ICMP (or arp request is ignored) due to ip rule"
615 run_cmd_nsb
ping -c1 -w1 ${a}
616 log_test_addr
${a} $?
1 "ping in, blocked by rule"
618 [ "$VERBOSE" = "1" ] && echo
619 setup_cmd ip rule del pref
32765 from all lookup
local
620 setup_cmd ip rule add pref
0 from all lookup
local
621 setup_cmd ip rule del pref
50 to
${NSB_LO_IP} prohibit
622 setup_cmd ip rule del pref
51 from
${NSB_IP} prohibit
625 # route blocks reachability to remote address
628 setup_cmd ip route replace unreachable
${NSB_LO_IP}
629 setup_cmd ip route replace unreachable
${NSB_IP}
632 run_cmd
ping -c1 -w1 ${a}
633 log_test_addr
${a} $?
2 "ping out, blocked by route"
635 # NOTE: ipv4 actually allows the lookup to fail and yet still create
636 # a viable rtable if the oif (e.g., bind to device) is set, so this
637 # case succeeds despite not having a route for the address
638 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
642 show_hint
"Response is dropped (or arp request is ignored) due to ip route"
643 run_cmd_nsb
ping -c1 -w1 ${a}
644 log_test_addr
${a} $?
1 "ping in, blocked by route"
647 # remove 'remote' routes; fallback to default
650 setup_cmd ip ro del
${NSB_LO_IP}
653 run_cmd
ping -c1 -w1 ${a}
654 log_test_addr
${a} $?
2 "ping out, unreachable default route"
656 # NOTE: ipv4 actually allows the lookup to fail and yet still create
657 # a viable rtable if the oif (e.g., bind to device) is set, so this
658 # case succeeds despite not having a route for the address
659 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
666 # should default on; does not exist on older kernels
667 set_sysctl net.ipv4.raw_l3mdev_accept
=1 2>/dev
/null
672 for a
in ${NSB_IP} ${NSB_LO_IP}
675 run_cmd
ping -c1 -w1 -I ${VRF} ${a}
676 log_test_addr
${a} $?
0 "ping out, VRF bind"
679 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
680 log_test_addr
${a} $?
0 "ping out, device bind"
683 run_cmd ip vrf
exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
684 log_test_addr
${a} $?
0 "ping out, vrf device + dev address bind"
687 run_cmd ip vrf
exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
688 log_test_addr
${a} $?
0 "ping out, vrf device + vrf address bind"
694 for a
in ${NSA_IP} ${VRF_IP}
697 run_cmd_nsb
ping -c1 -w1 ${a}
698 log_test_addr
${a} $?
0 "ping in"
702 # local traffic, local address
704 for a
in ${NSA_IP} ${VRF_IP} 127.0.0.1
707 show_hint
"Source address should be ${a}"
708 run_cmd
ping -c1 -w1 -I ${VRF} ${a}
709 log_test_addr
${a} $?
0 "ping local, VRF bind"
713 # local traffic, socket bound to device
718 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
719 log_test_addr
${a} $?
0 "ping local, device bind"
721 # vrf device is out of scope
722 for a
in ${VRF_IP} 127.0.0.1
725 show_hint
"Fails since address on vrf device is out of device scope"
726 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
727 log_test_addr
${a} $?
1 "ping local, device bind"
731 # ip rule blocks address
734 setup_cmd ip rule add pref
50 to
${NSB_LO_IP} prohibit
735 setup_cmd ip rule add pref
51 from
${NSB_IP} prohibit
738 run_cmd
ping -c1 -w1 -I ${VRF} ${a}
739 log_test_addr
${a} $?
2 "ping out, vrf bind, blocked by rule"
742 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
743 log_test_addr
${a} $?
2 "ping out, device bind, blocked by rule"
747 show_hint
"Response lost due to ip rule"
748 run_cmd_nsb
ping -c1 -w1 ${a}
749 log_test_addr
${a} $?
1 "ping in, blocked by rule"
751 [ "$VERBOSE" = "1" ] && echo
752 setup_cmd ip rule del pref
50 to
${NSB_LO_IP} prohibit
753 setup_cmd ip rule del pref
51 from
${NSB_IP} prohibit
756 # remove 'remote' routes; fallback to default
759 setup_cmd ip ro del vrf
${VRF} ${NSB_LO_IP}
762 run_cmd
ping -c1 -w1 -I ${VRF} ${a}
763 log_test_addr
${a} $?
2 "ping out, vrf bind, unreachable route"
766 run_cmd
ping -c1 -w1 -I ${NSA_DEV} ${a}
767 log_test_addr
${a} $?
2 "ping out, device bind, unreachable route"
771 show_hint
"Response lost by unreachable route"
772 run_cmd_nsb
ping -c1 -w1 ${a}
773 log_test_addr
${a} $?
1 "ping in, unreachable route"
778 log_section
"IPv4 ping"
780 log_subsection
"No VRF"
782 set_sysctl net.ipv4.raw_l3mdev_accept
=0 2>/dev
/null
785 set_sysctl net.ipv4.raw_l3mdev_accept
=1 2>/dev
/null
788 log_subsection
"With VRF"
793 ################################################################################
797 # MD5 tests without VRF
807 run_cmd nettest
-s -M ${MD5_PW} -m ${NSB_IP} &
809 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
810 log_test $?
0 "MD5: Single address config"
812 # client sends MD5, server not configured
814 show_hint
"Should timeout due to MD5 mismatch"
817 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
818 log_test $?
2 "MD5: Server no config, client uses password"
822 show_hint
"Should timeout since client uses wrong password"
823 run_cmd nettest
-s -M ${MD5_PW} -m ${NSB_IP} &
825 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_WRONG_PW}
826 log_test $?
2 "MD5: Client uses wrong password"
828 # client from different address
830 show_hint
"Should timeout due to MD5 mismatch"
831 run_cmd nettest
-s -M ${MD5_PW} -m ${NSB_LO_IP} &
833 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
834 log_test $?
2 "MD5: Client address does not match address configured with password"
837 # MD5 extension - prefix length
842 run_cmd nettest
-s -M ${MD5_PW} -m ${NS_NET} &
844 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
845 log_test $?
0 "MD5: Prefix config"
847 # client in prefix, wrong password
849 show_hint
"Should timeout since client uses wrong password"
850 run_cmd nettest
-s -M ${MD5_PW} -m ${NS_NET} &
852 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_WRONG_PW}
853 log_test $?
2 "MD5: Prefix config, client uses wrong password"
855 # client outside of prefix
857 show_hint
"Should timeout due to MD5 mismatch"
858 run_cmd nettest
-s -M ${MD5_PW} -m ${NS_NET} &
860 run_cmd_nsb nettest
-c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
861 log_test $?
2 "MD5: Prefix config, client address not in configured prefix"
875 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
877 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
878 log_test $?
0 "MD5: VRF: Single address config"
880 # client sends MD5, server not configured
882 show_hint
"Should timeout since server does not have MD5 auth"
883 run_cmd nettest
-s -I ${VRF} &
885 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
886 log_test $?
2 "MD5: VRF: Server no config, client uses password"
890 show_hint
"Should timeout since client uses wrong password"
891 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
893 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_WRONG_PW}
894 log_test $?
2 "MD5: VRF: Client uses wrong password"
896 # client from different address
898 show_hint
"Should timeout since server config differs from client"
899 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
901 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
902 log_test $?
2 "MD5: VRF: Client address does not match address configured with password"
905 # MD5 extension - prefix length
910 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
912 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
913 log_test $?
0 "MD5: VRF: Prefix config"
915 # client in prefix, wrong password
917 show_hint
"Should timeout since client uses wrong password"
918 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
920 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_WRONG_PW}
921 log_test $?
2 "MD5: VRF: Prefix config, client uses wrong password"
923 # client outside of prefix
925 show_hint
"Should timeout since client address is outside of prefix"
926 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
928 run_cmd_nsb nettest
-c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
929 log_test $?
2 "MD5: VRF: Prefix config, client address not in configured prefix"
932 # duplicate config between default VRF and a VRF
936 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
937 run_cmd nettest
-s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
939 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
940 log_test $?
0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
943 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
944 run_cmd nettest
-s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
946 run_cmd_nsc nettest
-r ${NSA_IP} -X ${MD5_WRONG_PW}
947 log_test $?
0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
950 show_hint
"Should timeout since client in default VRF uses VRF password"
951 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
952 run_cmd nettest
-s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
954 run_cmd_nsc nettest
-r ${NSA_IP} -X ${MD5_PW}
955 log_test $?
2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
958 show_hint
"Should timeout since client in VRF uses default VRF password"
959 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
960 run_cmd nettest
-s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
962 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_WRONG_PW}
963 log_test $?
2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
966 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
967 run_cmd nettest
-s -M ${MD5_WRONG_PW} -m ${NS_NET} &
969 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_PW}
970 log_test $?
0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
973 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
974 run_cmd nettest
-s -M ${MD5_WRONG_PW} -m ${NS_NET} &
976 run_cmd_nsc nettest
-r ${NSA_IP} -X ${MD5_WRONG_PW}
977 log_test $?
0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
980 show_hint
"Should timeout since client in default VRF uses VRF password"
981 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
982 run_cmd nettest
-s -M ${MD5_WRONG_PW} -m ${NS_NET} &
984 run_cmd_nsc nettest
-r ${NSA_IP} -X ${MD5_PW}
985 log_test $?
2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
988 show_hint
"Should timeout since client in VRF uses default VRF password"
989 run_cmd nettest
-s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
990 run_cmd nettest
-s -M ${MD5_WRONG_PW} -m ${NS_NET} &
992 run_cmd_nsb nettest
-r ${NSA_IP} -X ${MD5_WRONG_PW}
993 log_test $?
2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
999 run_cmd nettest
-s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
1000 log_test $?
1 "MD5: VRF: Device must be a VRF - single address"
1003 run_cmd nettest
-s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
1004 log_test $?
1 "MD5: VRF: Device must be a VRF - prefix"
1015 for a
in ${NSA_IP} ${NSA_LO_IP}
1018 run_cmd nettest
-s &
1020 run_cmd_nsb nettest
-r ${a}
1021 log_test_addr
${a} $?
0 "Global server"
1026 run_cmd nettest
-s -I ${NSA_DEV} &
1028 run_cmd_nsb nettest
-r ${a}
1029 log_test_addr
${a} $?
0 "Device server"
1031 # verify TCP reset sent and received
1032 for a
in ${NSA_IP} ${NSA_LO_IP}
1035 show_hint
"Should fail 'Connection refused' since there is no server"
1036 run_cmd_nsb nettest
-r ${a}
1037 log_test_addr
${a} $?
1 "No server"
1043 for a
in ${NSB_IP} ${NSB_LO_IP}
1046 run_cmd_nsb nettest
-s &
1048 run_cmd nettest
-r ${a} -0 ${NSA_IP}
1049 log_test_addr
${a} $?
0 "Client"
1052 run_cmd_nsb nettest
-s &
1054 run_cmd nettest
-r ${a} -d ${NSA_DEV}
1055 log_test_addr
${a} $?
0 "Client, device bind"
1058 show_hint
"Should fail 'Connection refused'"
1059 run_cmd nettest
-r ${a}
1060 log_test_addr
${a} $?
1 "No server, unbound client"
1063 show_hint
"Should fail 'Connection refused'"
1064 run_cmd nettest
-r ${a} -d ${NSA_DEV}
1065 log_test_addr
${a} $?
1 "No server, device client"
1069 # local address tests
1071 for a
in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1074 run_cmd nettest
-s &
1076 run_cmd nettest
-r ${a} -0 ${a} -1 ${a}
1077 log_test_addr
${a} $?
0 "Global server, local connection"
1082 run_cmd nettest
-s -I ${NSA_DEV} &
1084 run_cmd nettest
-r ${a} -0 ${a}
1085 log_test_addr
${a} $?
0 "Device server, unbound client, local connection"
1087 for a
in ${NSA_LO_IP} 127.0.0.1
1090 show_hint
"Should fail 'Connection refused' since addresses on loopback are out of device scope"
1091 run_cmd nettest
-s -I ${NSA_DEV} &
1093 run_cmd nettest
-r ${a}
1094 log_test_addr
${a} $?
1 "Device server, unbound client, local connection"
1099 run_cmd nettest
-s &
1101 run_cmd nettest
-r ${a} -0 ${a} -d ${NSA_DEV}
1102 log_test_addr
${a} $?
0 "Global server, device client, local connection"
1104 for a
in ${NSA_LO_IP} 127.0.0.1
1107 show_hint
"Should fail 'No route to host' since addresses on loopback are out of device scope"
1108 run_cmd nettest
-s &
1110 run_cmd nettest
-r ${a} -d ${NSA_DEV}
1111 log_test_addr
${a} $?
1 "Global server, device client, local connection"
1116 run_cmd nettest
-s -I ${NSA_DEV} -3 ${NSA_DEV} &
1118 run_cmd nettest
-d ${NSA_DEV} -r ${a} -0 ${a}
1119 log_test_addr
${a} $?
0 "Device server, device client, local connection"
1122 show_hint
"Should fail 'Connection refused'"
1123 run_cmd nettest
-d ${NSA_DEV} -r ${a}
1124 log_test_addr
${a} $?
1 "No server, device client, local conn"
1133 # disable global server
1134 log_subsection
"Global server disabled"
1136 set_sysctl net.ipv4.tcp_l3mdev_accept
=0
1141 for a
in ${NSA_IP} ${VRF_IP}
1144 show_hint
"Should fail 'Connection refused' since global server with VRF is disabled"
1145 run_cmd nettest
-s &
1147 run_cmd_nsb nettest
-r ${a}
1148 log_test_addr
${a} $?
1 "Global server"
1151 run_cmd nettest
-s -I ${VRF} -3 ${VRF} &
1153 run_cmd_nsb nettest
-r ${a}
1154 log_test_addr
${a} $?
0 "VRF server"
1157 run_cmd nettest
-s -I ${NSA_DEV} -3 ${NSA_DEV} &
1159 run_cmd_nsb nettest
-r ${a}
1160 log_test_addr
${a} $?
0 "Device server"
1162 # verify TCP reset received
1164 show_hint
"Should fail 'Connection refused' since there is no server"
1165 run_cmd_nsb nettest
-r ${a}
1166 log_test_addr
${a} $?
1 "No server"
1169 # local address tests
1170 # (${VRF_IP} and 127.0.0.1 both timeout)
1173 show_hint
"Should fail 'Connection refused' since global server with VRF is disabled"
1174 run_cmd nettest
-s &
1176 run_cmd nettest
-r ${a} -d ${NSA_DEV}
1177 log_test_addr
${a} $?
1 "Global server, local connection"
1183 # enable VRF global server
1185 log_subsection
"VRF Global server enabled"
1186 set_sysctl net.ipv4.tcp_l3mdev_accept
=1
1188 for a
in ${NSA_IP} ${VRF_IP}
1191 show_hint
"client socket should be bound to VRF"
1192 run_cmd nettest
-s -3 ${VRF} &
1194 run_cmd_nsb nettest
-r ${a}
1195 log_test_addr
${a} $?
0 "Global server"
1198 show_hint
"client socket should be bound to VRF"
1199 run_cmd nettest
-s -I ${VRF} -3 ${VRF} &
1201 run_cmd_nsb nettest
-r ${a}
1202 log_test_addr
${a} $?
0 "VRF server"
1204 # verify TCP reset received
1206 show_hint
"Should fail 'Connection refused'"
1207 run_cmd_nsb nettest
-r ${a}
1208 log_test_addr
${a} $?
1 "No server"
1213 show_hint
"client socket should be bound to device"
1214 run_cmd nettest
-s -I ${NSA_DEV} -3 ${NSA_DEV} &
1216 run_cmd_nsb nettest
-r ${a}
1217 log_test_addr
${a} $?
0 "Device server"
1219 # local address tests
1220 for a
in ${NSA_IP} ${VRF_IP}
1223 show_hint
"Should fail 'Connection refused' since client is not bound to VRF"
1224 run_cmd nettest
-s -I ${VRF} &
1226 run_cmd nettest
-r ${a}
1227 log_test_addr
${a} $?
1 "Global server, local connection"
1233 for a
in ${NSB_IP} ${NSB_LO_IP}
1236 run_cmd_nsb nettest
-s &
1238 run_cmd nettest
-r ${a} -d ${VRF}
1239 log_test_addr
${a} $?
0 "Client, VRF bind"
1242 run_cmd_nsb nettest
-s &
1244 run_cmd nettest
-r ${a} -d ${NSA_DEV}
1245 log_test_addr
${a} $?
0 "Client, device bind"
1248 show_hint
"Should fail 'Connection refused'"
1249 run_cmd nettest
-r ${a} -d ${VRF}
1250 log_test_addr
${a} $?
1 "No server, VRF client"
1253 show_hint
"Should fail 'Connection refused'"
1254 run_cmd nettest
-r ${a} -d ${NSA_DEV}
1255 log_test_addr
${a} $?
1 "No server, device client"
1258 for a
in ${NSA_IP} ${VRF_IP} 127.0.0.1
1261 run_cmd nettest
-s -I ${VRF} -3 ${VRF} &
1263 run_cmd nettest
-r ${a} -d ${VRF} -0 ${a}
1264 log_test_addr
${a} $?
0 "VRF server, VRF client, local connection"
1269 run_cmd nettest
-s -I ${VRF} -3 ${VRF} &
1271 run_cmd nettest
-r ${a} -d ${NSA_DEV} -0 ${a}
1272 log_test_addr
${a} $?
0 "VRF server, device client, local connection"
1275 show_hint
"Should fail 'No route to host' since client is out of VRF scope"
1276 run_cmd nettest
-s -I ${VRF} &
1278 run_cmd nettest
-r ${a}
1279 log_test_addr
${a} $?
1 "VRF server, unbound client, local connection"
1282 run_cmd nettest
-s -I ${NSA_DEV} -3 ${NSA_DEV} &
1284 run_cmd nettest
-r ${a} -d ${VRF} -0 ${a}
1285 log_test_addr
${a} $?
0 "Device server, VRF client, local connection"
1288 run_cmd nettest
-s -I ${NSA_DEV} -3 ${NSA_DEV} &
1290 run_cmd nettest
-r ${a} -d ${NSA_DEV} -0 ${a}
1291 log_test_addr
${a} $?
0 "Device server, device client, local connection"
1296 log_section
"IPv4/TCP"
1297 log_subsection
"No VRF"
1300 # tcp_l3mdev_accept should have no affect without VRF;
1301 # run tests with it enabled and disabled to verify
1302 log_subsection
"tcp_l3mdev_accept disabled"
1303 set_sysctl net.ipv4.tcp_l3mdev_accept
=0
1305 log_subsection
"tcp_l3mdev_accept enabled"
1306 set_sysctl net.ipv4.tcp_l3mdev_accept
=1
1309 log_subsection
"With VRF"
1314 ################################################################################
1324 for a
in ${NSA_IP} ${NSA_LO_IP}
1327 run_cmd nettest
-D -s -3 ${NSA_DEV} &
1329 run_cmd_nsb nettest
-D -r ${a}
1330 log_test_addr
${a} $?
0 "Global server"
1333 show_hint
"Should fail 'Connection refused' since there is no server"
1334 run_cmd_nsb nettest
-D -r ${a}
1335 log_test_addr
${a} $?
1 "No server"
1340 run_cmd nettest
-D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1342 run_cmd_nsb nettest
-D -r ${a}
1343 log_test_addr
${a} $?
0 "Device server"
1348 for a
in ${NSB_IP} ${NSB_LO_IP}
1351 run_cmd_nsb nettest
-D -s &
1353 run_cmd nettest
-D -r ${a} -0 ${NSA_IP}
1354 log_test_addr
${a} $?
0 "Client"
1357 run_cmd_nsb nettest
-D -s &
1359 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1360 log_test_addr
${a} $?
0 "Client, device bind"
1363 run_cmd_nsb nettest
-D -s &
1365 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1366 log_test_addr
${a} $?
0 "Client, device send via cmsg"
1369 run_cmd_nsb nettest
-D -s &
1371 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1372 log_test_addr
${a} $?
0 "Client, device bind via IP_UNICAST_IF"
1375 show_hint
"Should fail 'Connection refused'"
1376 run_cmd nettest
-D -r ${a}
1377 log_test_addr
${a} $?
1 "No server, unbound client"
1380 show_hint
"Should fail 'Connection refused'"
1381 run_cmd nettest
-D -r ${a} -d ${NSA_DEV}
1382 log_test_addr
${a} $?
1 "No server, device client"
1386 # local address tests
1388 for a
in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1391 run_cmd nettest
-D -s &
1393 run_cmd nettest
-D -r ${a} -0 ${a} -1 ${a}
1394 log_test_addr
${a} $?
0 "Global server, local connection"
1399 run_cmd nettest
-s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1401 run_cmd nettest
-D -r ${a}
1402 log_test_addr
${a} $?
0 "Device server, unbound client, local connection"
1404 for a
in ${NSA_LO_IP} 127.0.0.1
1407 show_hint
"Should fail 'Connection refused' since address is out of device scope"
1408 run_cmd nettest
-s -D -I ${NSA_DEV} &
1410 run_cmd nettest
-D -r ${a}
1411 log_test_addr
${a} $?
1 "Device server, unbound client, local connection"
1416 run_cmd nettest
-s -D &
1418 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1419 log_test_addr
${a} $?
0 "Global server, device client, local connection"
1422 run_cmd nettest
-s -D &
1424 run_cmd nettest
-D -d ${NSA_DEV} -C -r ${a}
1425 log_test_addr
${a} $?
0 "Global server, device send via cmsg, local connection"
1428 run_cmd nettest
-s -D &
1430 run_cmd nettest
-D -d ${NSA_DEV} -S -r ${a}
1431 log_test_addr
${a} $?
0 "Global server, device client via IP_UNICAST_IF, local connection"
1433 # IPv4 with device bind has really weird behavior - it overrides the
1434 # fib lookup, generates an rtable and tries to send the packet. This
1435 # causes failures for local traffic at different places
1436 for a
in ${NSA_LO_IP} 127.0.0.1
1439 show_hint
"Should fail since addresses on loopback are out of device scope"
1440 run_cmd nettest
-D -s &
1442 run_cmd nettest
-D -r ${a} -d ${NSA_DEV}
1443 log_test_addr
${a} $?
2 "Global server, device client, local connection"
1446 show_hint
"Should fail since addresses on loopback are out of device scope"
1447 run_cmd nettest
-D -s &
1449 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -C
1450 log_test_addr
${a} $?
1 "Global server, device send via cmsg, local connection"
1453 show_hint
"Should fail since addresses on loopback are out of device scope"
1454 run_cmd nettest
-D -s &
1456 run_cmd nettest
-D -r ${a} -d ${NSA_DEV} -S
1457 log_test_addr
${a} $?
1 "Global server, device client via IP_UNICAST_IF, local connection"
1462 run_cmd nettest
-D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1464 run_cmd nettest
-D -d ${NSA_DEV} -r ${a} -0 ${a}
1465 log_test_addr
${a} $?
0 "Device server, device client, local conn"
1468 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1469 log_test_addr
${a} $?
2 "No server, device client, local conn"
1476 # disable global server
1477 log_subsection
"Global server disabled"
1478 set_sysctl net.ipv4.udp_l3mdev_accept
=0
1483 for a
in ${NSA_IP} ${VRF_IP}
1486 show_hint
"Fails because ingress is in a VRF and global server is disabled"
1487 run_cmd nettest
-D -s &
1489 run_cmd_nsb nettest
-D -r ${a}
1490 log_test_addr
${a} $?
1 "Global server"
1493 run_cmd nettest
-D -I ${VRF} -s -3 ${NSA_DEV} &
1495 run_cmd_nsb nettest
-D -r ${a}
1496 log_test_addr
${a} $?
0 "VRF server"
1499 run_cmd nettest
-D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1501 run_cmd_nsb nettest
-D -r ${a}
1502 log_test_addr
${a} $?
0 "Enslaved device server"
1505 show_hint
"Should fail 'Connection refused' since there is no server"
1506 run_cmd_nsb nettest
-D -r ${a}
1507 log_test_addr
${a} $?
1 "No server"
1510 show_hint
"Should fail 'Connection refused' since global server is out of scope"
1511 run_cmd nettest
-D -s &
1513 run_cmd nettest
-D -d ${VRF} -r ${a}
1514 log_test_addr
${a} $?
1 "Global server, VRF client, local connection"
1519 run_cmd nettest
-s -D -I ${VRF} -3 ${NSA_DEV} &
1521 run_cmd nettest
-D -d ${VRF} -r ${a}
1522 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
1525 run_cmd nettest
-s -D -I ${VRF} -3 ${NSA_DEV} &
1527 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1528 log_test_addr
${a} $?
0 "VRF server, enslaved device client, local connection"
1532 run_cmd nettest
-s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1534 run_cmd nettest
-D -d ${VRF} -r ${a}
1535 log_test_addr
${a} $?
0 "Enslaved device server, VRF client, local conn"
1538 run_cmd nettest
-s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1540 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1541 log_test_addr
${a} $?
0 "Enslaved device server, device client, local conn"
1543 # enable global server
1544 log_subsection
"Global server enabled"
1545 set_sysctl net.ipv4.udp_l3mdev_accept
=1
1550 for a
in ${NSA_IP} ${VRF_IP}
1553 run_cmd nettest
-D -s -3 ${NSA_DEV} &
1555 run_cmd_nsb nettest
-D -r ${a}
1556 log_test_addr
${a} $?
0 "Global server"
1559 run_cmd nettest
-D -I ${VRF} -s -3 ${NSA_DEV} &
1561 run_cmd_nsb nettest
-D -r ${a}
1562 log_test_addr
${a} $?
0 "VRF server"
1565 run_cmd nettest
-D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1567 run_cmd_nsb nettest
-D -r ${a}
1568 log_test_addr
${a} $?
0 "Enslaved device server"
1571 show_hint
"Should fail 'Connection refused'"
1572 run_cmd_nsb nettest
-D -r ${a}
1573 log_test_addr
${a} $?
1 "No server"
1580 run_cmd_nsb nettest
-D -s &
1582 run_cmd nettest
-d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1583 log_test $?
0 "VRF client"
1586 run_cmd_nsb nettest
-D -s &
1588 run_cmd nettest
-d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1589 log_test $?
0 "Enslaved device client"
1591 # negative test - should fail
1593 show_hint
"Should fail 'Connection refused'"
1594 run_cmd nettest
-D -d ${VRF} -r ${NSB_IP}
1595 log_test $?
1 "No server, VRF client"
1598 show_hint
"Should fail 'Connection refused'"
1599 run_cmd nettest
-D -d ${NSA_DEV} -r ${NSB_IP}
1600 log_test $?
1 "No server, enslaved device client"
1603 # local address tests
1607 run_cmd nettest
-D -s -3 ${NSA_DEV} &
1609 run_cmd nettest
-D -d ${VRF} -r ${a}
1610 log_test_addr
${a} $?
0 "Global server, VRF client, local conn"
1613 run_cmd nettest
-s -D -I ${VRF} -3 ${NSA_DEV} &
1615 run_cmd nettest
-D -d ${VRF} -r ${a}
1616 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
1619 run_cmd nettest
-s -D -I ${VRF} -3 ${NSA_DEV} &
1621 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1622 log_test_addr
${a} $?
0 "VRF server, device client, local conn"
1625 run_cmd nettest
-s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1627 run_cmd nettest
-D -d ${VRF} -r ${a}
1628 log_test_addr
${a} $?
0 "Enslaved device server, VRF client, local conn"
1631 run_cmd nettest
-s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1633 run_cmd nettest
-D -d ${NSA_DEV} -r ${a}
1634 log_test_addr
${a} $?
0 "Enslaved device server, device client, local conn"
1636 for a
in ${VRF_IP} 127.0.0.1
1639 run_cmd nettest
-D -s -3 ${VRF} &
1641 run_cmd nettest
-D -d ${VRF} -r ${a}
1642 log_test_addr
${a} $?
0 "Global server, VRF client, local conn"
1645 for a
in ${VRF_IP} 127.0.0.1
1648 run_cmd nettest
-s -D -I ${VRF} -3 ${VRF} &
1650 run_cmd nettest
-D -d ${VRF} -r ${a}
1651 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
1654 # negative test - should fail
1655 # verifies ECONNREFUSED
1656 for a
in ${NSA_IP} ${VRF_IP} 127.0.0.1
1659 show_hint
"Should fail 'Connection refused'"
1660 run_cmd nettest
-D -d ${VRF} -r ${a}
1661 log_test_addr
${a} $?
1 "No server, VRF client, local conn"
1667 log_section
"IPv4/UDP"
1668 log_subsection
"No VRF"
1672 # udp_l3mdev_accept should have no affect without VRF;
1673 # run tests with it enabled and disabled to verify
1674 log_subsection
"udp_l3mdev_accept disabled"
1675 set_sysctl net.ipv4.udp_l3mdev_accept
=0
1677 log_subsection
"udp_l3mdev_accept enabled"
1678 set_sysctl net.ipv4.udp_l3mdev_accept
=1
1681 log_subsection
"With VRF"
1686 ################################################################################
1689 # verifies ability or inability to bind to an address / device
1691 ipv4_addr_bind_novrf
()
1696 for a
in ${NSA_IP} ${NSA_LO_IP}
1699 run_cmd nettest
-s -R -P icmp
-l ${a} -b
1700 log_test_addr
${a} $?
0 "Raw socket bind to local address"
1703 run_cmd nettest
-s -R -P icmp
-l ${a} -I ${NSA_DEV} -b
1704 log_test_addr
${a} $?
0 "Raw socket bind to local address after device bind"
1712 run_cmd nettest
-c ${a} -r ${NSB_IP} -t1 -b
1713 log_test_addr
${a} $?
0 "TCP socket bind to local address"
1716 run_cmd nettest
-c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1717 log_test_addr
${a} $?
0 "TCP socket bind to local address after device bind"
1719 # Sadly, the kernel allows binding a socket to a device and then
1720 # binding to an address not on the device. The only restriction
1721 # is that the address is valid in the L3 domain. So this test
1722 # passes when it really should not
1725 #show_hint "Should fail with 'Cannot assign requested address'"
1726 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1727 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1730 ipv4_addr_bind_vrf
()
1735 for a
in ${NSA_IP} ${VRF_IP}
1738 run_cmd nettest
-s -R -P icmp
-l ${a} -b
1739 log_test_addr
${a} $?
0 "Raw socket bind to local address"
1742 run_cmd nettest
-s -R -P icmp
-l ${a} -I ${NSA_DEV} -b
1743 log_test_addr
${a} $?
0 "Raw socket bind to local address after device bind"
1745 run_cmd nettest
-s -R -P icmp
-l ${a} -I ${VRF} -b
1746 log_test_addr
${a} $?
0 "Raw socket bind to local address after VRF bind"
1751 show_hint
"Address on loopback is out of VRF scope"
1752 run_cmd nettest
-s -R -P icmp
-l ${a} -I ${VRF} -b
1753 log_test_addr
${a} $?
1 "Raw socket bind to out of scope address after VRF bind"
1758 for a
in ${NSA_IP} ${VRF_IP}
1761 run_cmd nettest
-s -l ${a} -I ${VRF} -t1 -b
1762 log_test_addr
${a} $?
0 "TCP socket bind to local address"
1765 run_cmd nettest
-s -l ${a} -I ${NSA_DEV} -t1 -b
1766 log_test_addr
${a} $?
0 "TCP socket bind to local address after device bind"
1771 show_hint
"Address on loopback out of scope for VRF"
1772 run_cmd nettest
-s -l ${a} -I ${VRF} -t1 -b
1773 log_test_addr
${a} $?
1 "TCP socket bind to invalid local address for VRF"
1776 show_hint
"Address on loopback out of scope for device in VRF"
1777 run_cmd nettest
-s -l ${a} -I ${NSA_DEV} -t1 -b
1778 log_test_addr
${a} $?
1 "TCP socket bind to invalid local address for device bind"
1783 log_section
"IPv4 address binds"
1785 log_subsection
"No VRF"
1787 ipv4_addr_bind_novrf
1789 log_subsection
"With VRF"
1794 ################################################################################
1795 # IPv4 runtime tests
1801 local with_vrf
="yes"
1807 for a
in ${NSA_IP} ${VRF_IP}
1810 run_cmd nettest
${varg} -s &
1812 run_cmd_nsb nettest
${varg} -r ${a} &
1814 run_cmd ip link del
${VRF}
1816 log_test_addr
${a} 0 0 "${desc}, global server"
1821 for a
in ${NSA_IP} ${VRF_IP}
1824 run_cmd nettest
${varg} -s -I ${VRF} &
1826 run_cmd_nsb nettest
${varg} -r ${a} &
1828 run_cmd ip link del
${VRF}
1830 log_test_addr
${a} 0 0 "${desc}, VRF server"
1837 run_cmd nettest
${varg} -s -I ${NSA_DEV} &
1839 run_cmd_nsb nettest
${varg} -r ${a} &
1841 run_cmd ip link del
${VRF}
1843 log_test_addr
${a} 0 0 "${desc}, enslaved device server"
1851 run_cmd_nsb nettest
${varg} -s &
1853 run_cmd nettest
${varg} -d ${VRF} -r ${NSB_IP} &
1855 run_cmd ip link del
${VRF}
1857 log_test_addr
${a} 0 0 "${desc}, VRF client"
1862 run_cmd_nsb nettest
${varg} -s &
1864 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1866 run_cmd ip link del
${VRF}
1868 log_test_addr
${a} 0 0 "${desc}, enslaved device client"
1873 # local address tests
1875 for a
in ${NSA_IP} ${VRF_IP}
1878 run_cmd nettest
${varg} -s &
1880 run_cmd nettest
${varg} -d ${VRF} -r ${a} &
1882 run_cmd ip link del
${VRF}
1884 log_test_addr
${a} 0 0 "${desc}, global server, VRF client, local"
1889 for a
in ${NSA_IP} ${VRF_IP}
1892 run_cmd nettest
${varg} -I ${VRF} -s &
1894 run_cmd nettest
${varg} -d ${VRF} -r ${a} &
1896 run_cmd ip link del
${VRF}
1898 log_test_addr
${a} 0 0 "${desc}, VRF server and client, local"
1905 run_cmd nettest
${varg} -s &
1907 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
1909 run_cmd ip link del
${VRF}
1911 log_test_addr
${a} 0 0 "${desc}, global server, enslaved device client, local"
1916 run_cmd nettest
${varg} -I ${VRF} -s &
1918 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
1920 run_cmd ip link del
${VRF}
1922 log_test_addr
${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1927 run_cmd nettest
${varg} -I ${NSA_DEV} -s &
1929 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
1931 run_cmd ip link del
${VRF}
1933 log_test_addr
${a} 0 0 "${desc}, enslaved device server and client, local"
1938 local with_vrf
="yes"
1941 for a
in ${NSA_IP} ${VRF_IP}
1944 run_cmd_nsb
ping -f ${a} &
1946 run_cmd ip link del
${VRF}
1948 log_test_addr
${a} 0 0 "Device delete with active traffic - ping in"
1955 run_cmd
ping -f -I ${VRF} ${a} &
1957 run_cmd ip link del
${VRF}
1959 log_test_addr
${a} 0 0 "Device delete with active traffic - ping out"
1964 log_section
"Run time tests - ipv4"
1970 ipv4_rt
"TCP active socket" "-n -1"
1973 ipv4_rt
"TCP passive socket" "-i"
1976 ################################################################################
1983 # should not have an impact, but make a known state
1984 set_sysctl net.ipv4.raw_l3mdev_accept
=0 2>/dev
/null
1989 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1992 run_cmd
${ping6} -c1 -w1 ${a}
1993 log_test_addr
${a} $?
0 "ping out"
1996 for a
in ${NSB_IP6} ${NSB_LO_IP6}
1999 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2000 log_test_addr
${a} $?
0 "ping out, device bind"
2003 run_cmd
${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2004 log_test_addr
${a} $?
0 "ping out, loopback address bind"
2010 for a
in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2013 run_cmd_nsb
${ping6} -c1 -w1 ${a}
2014 log_test_addr
${a} $?
0 "ping in"
2018 # local traffic, local address
2020 for a
in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2023 run_cmd
${ping6} -c1 -w1 ${a}
2024 log_test_addr
${a} $?
0 "ping local, no bind"
2027 for a
in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2030 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2031 log_test_addr
${a} $?
0 "ping local, device bind"
2034 for a
in ${NSA_LO_IP6} ::1
2037 show_hint
"Fails since address on loopback is out of device scope"
2038 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2039 log_test_addr
${a} $?
2 "ping local, device bind"
2043 # ip rule blocks address
2046 setup_cmd ip
-6 rule add pref
32765 from all lookup
local
2047 setup_cmd ip
-6 rule del pref
0 from all lookup
local
2048 setup_cmd ip
-6 rule add pref
50 to
${NSB_LO_IP6} prohibit
2049 setup_cmd ip
-6 rule add pref
51 from
${NSB_IP6} prohibit
2052 run_cmd
${ping6} -c1 -w1 ${a}
2053 log_test_addr
${a} $?
2 "ping out, blocked by rule"
2056 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2057 log_test_addr
${a} $?
2 "ping out, device bind, blocked by rule"
2061 show_hint
"Response lost due to ip rule"
2062 run_cmd_nsb
${ping6} -c1 -w1 ${a}
2063 log_test_addr
${a} $?
1 "ping in, blocked by rule"
2065 setup_cmd ip
-6 rule add pref
0 from all lookup
local
2066 setup_cmd ip
-6 rule del pref
32765 from all lookup
local
2067 setup_cmd ip
-6 rule del pref
50 to
${NSB_LO_IP6} prohibit
2068 setup_cmd ip
-6 rule del pref
51 from
${NSB_IP6} prohibit
2071 # route blocks reachability to remote address
2074 setup_cmd ip
-6 route del
${NSB_LO_IP6}
2075 setup_cmd ip
-6 route add unreachable
${NSB_LO_IP6} metric
10
2076 setup_cmd ip
-6 route add unreachable
${NSB_IP6} metric
10
2079 run_cmd
${ping6} -c1 -w1 ${a}
2080 log_test_addr
${a} $?
2 "ping out, blocked by route"
2083 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2084 log_test_addr
${a} $?
2 "ping out, device bind, blocked by route"
2088 show_hint
"Response lost due to ip route"
2089 run_cmd_nsb
${ping6} -c1 -w1 ${a}
2090 log_test_addr
${a} $?
1 "ping in, blocked by route"
2094 # remove 'remote' routes; fallback to default
2097 setup_cmd ip
-6 ro del unreachable
${NSB_LO_IP6}
2098 setup_cmd ip
-6 ro del unreachable
${NSB_IP6}
2101 run_cmd
${ping6} -c1 -w1 ${a}
2102 log_test_addr
${a} $?
2 "ping out, unreachable route"
2105 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2106 log_test_addr
${a} $?
2 "ping out, device bind, unreachable route"
2113 # should default on; does not exist on older kernels
2114 set_sysctl net.ipv4.raw_l3mdev_accept
=1 2>/dev
/null
2119 for a
in ${NSB_IP6} ${NSB_LO_IP6}
2122 run_cmd
${ping6} -c1 -w1 -I ${VRF} ${a}
2123 log_test_addr
${a} $?
0 "ping out, VRF bind"
2126 for a
in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2129 show_hint
"Fails since VRF device does not support linklocal or multicast"
2130 run_cmd
${ping6} -c1 -w1 ${a}
2131 log_test_addr
${a} $?
2 "ping out, VRF bind"
2134 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2137 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2138 log_test_addr
${a} $?
0 "ping out, device bind"
2141 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2144 run_cmd ip vrf
exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2145 log_test_addr
${a} $?
0 "ping out, vrf device+address bind"
2151 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2154 run_cmd_nsb
${ping6} -c1 -w1 ${a}
2155 log_test_addr
${a} $?
0 "ping in"
2160 show_hint
"Fails since loopback address is out of VRF scope"
2161 run_cmd_nsb
${ping6} -c1 -w1 ${a}
2162 log_test_addr
${a} $?
1 "ping in"
2165 # local traffic, local address
2167 for a
in ${NSA_IP6} ${VRF_IP6} ::1
2170 show_hint
"Source address should be ${a}"
2171 run_cmd
${ping6} -c1 -w1 -I ${VRF} ${a}
2172 log_test_addr
${a} $?
0 "ping local, VRF bind"
2175 for a
in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2178 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2179 log_test_addr
${a} $?
0 "ping local, device bind"
2182 # LLA to GUA - remove ipv6 global addresses from ns-B
2183 setup_cmd_nsb ip
-6 addr del
${NSB_IP6}/64 dev
${NSB_DEV}
2184 setup_cmd_nsb ip
-6 addr del
${NSB_LO_IP6}/128 dev lo
2185 setup_cmd_nsb ip
-6 ro add
${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2187 for a
in ${NSA_IP6} ${VRF_IP6}
2190 run_cmd_nsb
${ping6} -c1 -w1 ${NSA_IP6}
2191 log_test_addr
${a} $?
0 "ping in, LLA to GUA"
2194 setup_cmd_nsb ip
-6 ro del
${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2195 setup_cmd_nsb ip
-6 addr add
${NSB_IP6}/64 dev
${NSB_DEV}
2196 setup_cmd_nsb ip
-6 addr add
${NSB_LO_IP6}/128 dev lo
2199 # ip rule blocks address
2202 setup_cmd ip
-6 rule add pref
50 to
${NSB_LO_IP6} prohibit
2203 setup_cmd ip
-6 rule add pref
51 from
${NSB_IP6} prohibit
2206 run_cmd
${ping6} -c1 -w1 ${a}
2207 log_test_addr
${a} $?
2 "ping out, blocked by rule"
2210 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2211 log_test_addr
${a} $?
2 "ping out, device bind, blocked by rule"
2215 show_hint
"Response lost due to ip rule"
2216 run_cmd_nsb
${ping6} -c1 -w1 ${a}
2217 log_test_addr
${a} $?
1 "ping in, blocked by rule"
2220 setup_cmd ip
-6 rule del pref
50 to
${NSB_LO_IP6} prohibit
2221 setup_cmd ip
-6 rule del pref
51 from
${NSB_IP6} prohibit
2224 # remove 'remote' routes; fallback to default
2227 setup_cmd ip
-6 ro del
${NSB_LO_IP6} vrf
${VRF}
2230 run_cmd
${ping6} -c1 -w1 ${a}
2231 log_test_addr
${a} $?
2 "ping out, unreachable route"
2234 run_cmd
${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2235 log_test_addr
${a} $?
2 "ping out, device bind, unreachable route"
2237 ip
-netns ${NSB} -6 ro del
${NSA_LO_IP6}
2240 run_cmd_nsb
${ping6} -c1 -w1 ${a}
2241 log_test_addr
${a} $?
2 "ping in, unreachable route"
2246 log_section
"IPv6 ping"
2248 log_subsection
"No VRF"
2252 log_subsection
"With VRF"
2257 ################################################################################
2261 # MD5 tests without VRF
2263 ipv6_tcp_md5_novrf
()
2271 run_cmd nettest
-6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2273 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2274 log_test $?
0 "MD5: Single address config"
2276 # client sends MD5, server not configured
2278 show_hint
"Should timeout due to MD5 mismatch"
2279 run_cmd nettest
-6 -s &
2281 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2282 log_test $?
2 "MD5: Server no config, client uses password"
2286 show_hint
"Should timeout since client uses wrong password"
2287 run_cmd nettest
-6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2289 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2290 log_test $?
2 "MD5: Client uses wrong password"
2292 # client from different address
2294 show_hint
"Should timeout due to MD5 mismatch"
2295 run_cmd nettest
-6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
2297 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2298 log_test $?
2 "MD5: Client address does not match address configured with password"
2301 # MD5 extension - prefix length
2306 run_cmd nettest
-6 -s -M ${MD5_PW} -m ${NS_NET6} &
2308 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2309 log_test $?
0 "MD5: Prefix config"
2311 # client in prefix, wrong password
2313 show_hint
"Should timeout since client uses wrong password"
2314 run_cmd nettest
-6 -s -M ${MD5_PW} -m ${NS_NET6} &
2316 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2317 log_test $?
2 "MD5: Prefix config, client uses wrong password"
2319 # client outside of prefix
2321 show_hint
"Should timeout due to MD5 mismatch"
2322 run_cmd nettest
-6 -s -M ${MD5_PW} -m ${NS_NET6} &
2324 run_cmd_nsb nettest
-6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2325 log_test $?
2 "MD5: Prefix config, client address not in configured prefix"
2329 # MD5 tests with VRF
2339 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2341 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2342 log_test $?
0 "MD5: VRF: Single address config"
2344 # client sends MD5, server not configured
2346 show_hint
"Should timeout since server does not have MD5 auth"
2347 run_cmd nettest
-6 -s -I ${VRF} &
2349 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2350 log_test $?
2 "MD5: VRF: Server no config, client uses password"
2354 show_hint
"Should timeout since client uses wrong password"
2355 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2357 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2358 log_test $?
2 "MD5: VRF: Client uses wrong password"
2360 # client from different address
2362 show_hint
"Should timeout since server config differs from client"
2363 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
2365 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2366 log_test $?
2 "MD5: VRF: Client address does not match address configured with password"
2369 # MD5 extension - prefix length
2374 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2376 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2377 log_test $?
0 "MD5: VRF: Prefix config"
2379 # client in prefix, wrong password
2381 show_hint
"Should timeout since client uses wrong password"
2382 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2384 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2385 log_test $?
2 "MD5: VRF: Prefix config, client uses wrong password"
2387 # client outside of prefix
2389 show_hint
"Should timeout since client address is outside of prefix"
2390 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2392 run_cmd_nsb nettest
-6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2393 log_test $?
2 "MD5: VRF: Prefix config, client address not in configured prefix"
2396 # duplicate config between default VRF and a VRF
2400 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2401 run_cmd nettest
-6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2403 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2404 log_test $?
0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
2407 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2408 run_cmd nettest
-6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2410 run_cmd_nsc nettest
-6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2411 log_test $?
0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
2414 show_hint
"Should timeout since client in default VRF uses VRF password"
2415 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2416 run_cmd nettest
-6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2418 run_cmd_nsc nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2419 log_test $?
2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
2422 show_hint
"Should timeout since client in VRF uses default VRF password"
2423 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2424 run_cmd nettest
-6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2426 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2427 log_test $?
2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
2430 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2431 run_cmd nettest
-6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2433 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2434 log_test $?
0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
2437 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2438 run_cmd nettest
-6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2440 run_cmd_nsc nettest
-6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2441 log_test $?
0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
2444 show_hint
"Should timeout since client in default VRF uses VRF password"
2445 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2446 run_cmd nettest
-6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2448 run_cmd_nsc nettest
-6 -r ${NSA_IP6} -X ${MD5_PW}
2449 log_test $?
2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
2452 show_hint
"Should timeout since client in VRF uses default VRF password"
2453 run_cmd nettest
-6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2454 run_cmd nettest
-6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2456 run_cmd_nsb nettest
-6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2457 log_test $?
2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
2463 run_cmd nettest
-6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
2464 log_test $?
1 "MD5: VRF: Device must be a VRF - single address"
2467 run_cmd nettest
-6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
2468 log_test $?
1 "MD5: VRF: Device must be a VRF - prefix"
2479 for a
in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2482 run_cmd nettest
-6 -s &
2484 run_cmd_nsb nettest
-6 -r ${a}
2485 log_test_addr
${a} $?
0 "Global server"
2488 # verify TCP reset received
2489 for a
in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2492 show_hint
"Should fail 'Connection refused'"
2493 run_cmd_nsb nettest
-6 -r ${a}
2494 log_test_addr
${a} $?
1 "No server"
2500 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2503 run_cmd_nsb nettest
-6 -s &
2505 run_cmd nettest
-6 -r ${a}
2506 log_test_addr
${a} $?
0 "Client"
2509 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2512 run_cmd_nsb nettest
-6 -s &
2514 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2515 log_test_addr
${a} $?
0 "Client, device bind"
2518 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2521 show_hint
"Should fail 'Connection refused'"
2522 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2523 log_test_addr
${a} $?
1 "No server, device client"
2527 # local address tests
2529 for a
in ${NSA_IP6} ${NSA_LO_IP6} ::1
2532 run_cmd nettest
-6 -s &
2534 run_cmd nettest
-6 -r ${a}
2535 log_test_addr
${a} $?
0 "Global server, local connection"
2540 run_cmd nettest
-6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2542 run_cmd nettest
-6 -r ${a} -0 ${a}
2543 log_test_addr
${a} $?
0 "Device server, unbound client, local connection"
2545 for a
in ${NSA_LO_IP6} ::1
2548 show_hint
"Should fail 'Connection refused' since addresses on loopback are out of device scope"
2549 run_cmd nettest
-6 -s -I ${NSA_DEV} &
2551 run_cmd nettest
-6 -r ${a}
2552 log_test_addr
${a} $?
1 "Device server, unbound client, local connection"
2557 run_cmd nettest
-6 -s &
2559 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV} -0 ${a}
2560 log_test_addr
${a} $?
0 "Global server, device client, local connection"
2562 for a
in ${NSA_LO_IP6} ::1
2565 show_hint
"Should fail 'Connection refused' since addresses on loopback are out of device scope"
2566 run_cmd nettest
-6 -s &
2568 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2569 log_test_addr
${a} $?
1 "Global server, device client, local connection"
2572 for a
in ${NSA_IP6} ${NSA_LINKIP6}
2575 run_cmd nettest
-6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2577 run_cmd nettest
-6 -d ${NSA_DEV} -r ${a}
2578 log_test_addr
${a} $?
0 "Device server, device client, local conn"
2581 for a
in ${NSA_IP6} ${NSA_LINKIP6}
2584 show_hint
"Should fail 'Connection refused'"
2585 run_cmd nettest
-6 -d ${NSA_DEV} -r ${a}
2586 log_test_addr
${a} $?
1 "No server, device client, local conn"
2596 # disable global server
2597 log_subsection
"Global server disabled"
2599 set_sysctl net.ipv4.tcp_l3mdev_accept
=0
2604 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2607 show_hint
"Should fail 'Connection refused' since global server with VRF is disabled"
2608 run_cmd nettest
-6 -s &
2610 run_cmd_nsb nettest
-6 -r ${a}
2611 log_test_addr
${a} $?
1 "Global server"
2614 for a
in ${NSA_IP6} ${VRF_IP6}
2617 run_cmd nettest
-6 -s -I ${VRF} -3 ${VRF} &
2619 run_cmd_nsb nettest
-6 -r ${a}
2620 log_test_addr
${a} $?
0 "VRF server"
2623 # link local is always bound to ingress device
2624 a
=${NSA_LINKIP6}%${NSB_DEV}
2626 run_cmd nettest
-6 -s -I ${VRF} -3 ${NSA_DEV} &
2628 run_cmd_nsb nettest
-6 -r ${a}
2629 log_test_addr
${a} $?
0 "VRF server"
2631 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2634 run_cmd nettest
-6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2636 run_cmd_nsb nettest
-6 -r ${a}
2637 log_test_addr
${a} $?
0 "Device server"
2640 # verify TCP reset received
2641 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2644 show_hint
"Should fail 'Connection refused'"
2645 run_cmd_nsb nettest
-6 -r ${a}
2646 log_test_addr
${a} $?
1 "No server"
2649 # local address tests
2652 show_hint
"Should fail 'Connection refused' since global server with VRF is disabled"
2653 run_cmd nettest
-6 -s &
2655 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2656 log_test_addr
${a} $?
1 "Global server, local connection"
2662 # enable VRF global server
2664 log_subsection
"VRF Global server enabled"
2665 set_sysctl net.ipv4.tcp_l3mdev_accept
=1
2667 for a
in ${NSA_IP6} ${VRF_IP6}
2670 run_cmd nettest
-6 -s -3 ${VRF} &
2672 run_cmd_nsb nettest
-6 -r ${a}
2673 log_test_addr
${a} $?
0 "Global server"
2676 for a
in ${NSA_IP6} ${VRF_IP6}
2679 run_cmd nettest
-6 -s -I ${VRF} -3 ${VRF} &
2681 run_cmd_nsb nettest
-6 -r ${a}
2682 log_test_addr
${a} $?
0 "VRF server"
2685 # For LLA, child socket is bound to device
2686 a
=${NSA_LINKIP6}%${NSB_DEV}
2688 run_cmd nettest
-6 -s -3 ${NSA_DEV} &
2690 run_cmd_nsb nettest
-6 -r ${a}
2691 log_test_addr
${a} $?
0 "Global server"
2694 run_cmd nettest
-6 -s -I ${VRF} -3 ${NSA_DEV} &
2696 run_cmd_nsb nettest
-6 -r ${a}
2697 log_test_addr
${a} $?
0 "VRF server"
2699 for a
in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2702 run_cmd nettest
-6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2704 run_cmd_nsb nettest
-6 -r ${a}
2705 log_test_addr
${a} $?
0 "Device server"
2708 # verify TCP reset received
2709 for a
in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2712 show_hint
"Should fail 'Connection refused'"
2713 run_cmd_nsb nettest
-6 -r ${a}
2714 log_test_addr
${a} $?
1 "No server"
2717 # local address tests
2718 for a
in ${NSA_IP6} ${VRF_IP6}
2721 show_hint
"Fails 'Connection refused' since client is not in VRF"
2722 run_cmd nettest
-6 -s -I ${VRF} &
2724 run_cmd nettest
-6 -r ${a}
2725 log_test_addr
${a} $?
1 "Global server, local connection"
2732 for a
in ${NSB_IP6} ${NSB_LO_IP6}
2735 run_cmd_nsb nettest
-6 -s &
2737 run_cmd nettest
-6 -r ${a} -d ${VRF}
2738 log_test_addr
${a} $?
0 "Client, VRF bind"
2743 show_hint
"Fails since VRF device does not allow linklocal addresses"
2744 run_cmd_nsb nettest
-6 -s &
2746 run_cmd nettest
-6 -r ${a} -d ${VRF}
2747 log_test_addr
${a} $?
1 "Client, VRF bind"
2749 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2752 run_cmd_nsb nettest
-6 -s &
2754 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2755 log_test_addr
${a} $?
0 "Client, device bind"
2758 for a
in ${NSB_IP6} ${NSB_LO_IP6}
2761 show_hint
"Should fail 'Connection refused'"
2762 run_cmd nettest
-6 -r ${a} -d ${VRF}
2763 log_test_addr
${a} $?
1 "No server, VRF client"
2766 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2769 show_hint
"Should fail 'Connection refused'"
2770 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV}
2771 log_test_addr
${a} $?
1 "No server, device client"
2774 for a
in ${NSA_IP6} ${VRF_IP6} ::1
2777 run_cmd nettest
-6 -s -I ${VRF} -3 ${VRF} &
2779 run_cmd nettest
-6 -r ${a} -d ${VRF} -0 ${a}
2780 log_test_addr
${a} $?
0 "VRF server, VRF client, local connection"
2785 run_cmd nettest
-6 -s -I ${VRF} -3 ${VRF} &
2787 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV} -0 ${a}
2788 log_test_addr
${a} $?
0 "VRF server, device client, local connection"
2792 show_hint
"Should fail since unbound client is out of VRF scope"
2793 run_cmd nettest
-6 -s -I ${VRF} &
2795 run_cmd nettest
-6 -r ${a}
2796 log_test_addr
${a} $?
1 "VRF server, unbound client, local connection"
2799 run_cmd nettest
-6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2801 run_cmd nettest
-6 -r ${a} -d ${VRF} -0 ${a}
2802 log_test_addr
${a} $?
0 "Device server, VRF client, local connection"
2804 for a
in ${NSA_IP6} ${NSA_LINKIP6}
2807 run_cmd nettest
-6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2809 run_cmd nettest
-6 -r ${a} -d ${NSA_DEV} -0 ${a}
2810 log_test_addr
${a} $?
0 "Device server, device client, local connection"
2816 log_section
"IPv6/TCP"
2817 log_subsection
"No VRF"
2820 # tcp_l3mdev_accept should have no affect without VRF;
2821 # run tests with it enabled and disabled to verify
2822 log_subsection
"tcp_l3mdev_accept disabled"
2823 set_sysctl net.ipv4.tcp_l3mdev_accept
=0
2825 log_subsection
"tcp_l3mdev_accept enabled"
2826 set_sysctl net.ipv4.tcp_l3mdev_accept
=1
2829 log_subsection
"With VRF"
2834 ################################################################################
2844 for a
in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2847 run_cmd nettest
-6 -D -s -3 ${NSA_DEV} &
2849 run_cmd_nsb nettest
-6 -D -r ${a}
2850 log_test_addr
${a} $?
0 "Global server"
2853 run_cmd nettest
-6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
2855 run_cmd_nsb nettest
-6 -D -r ${a}
2856 log_test_addr
${a} $?
0 "Device server"
2861 run_cmd nettest
-6 -D -s -3 ${NSA_DEV} &
2863 run_cmd_nsb nettest
-6 -D -r ${a}
2864 log_test_addr
${a} $?
0 "Global server"
2866 # should fail since loopback address is out of scope for a device
2867 # bound server, but it does not - hence this is more documenting
2870 #show_hint "Should fail since loopback address is out of scope"
2871 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
2873 #run_cmd_nsb nettest -6 -D -r ${a}
2874 #log_test_addr ${a} $? 1 "Device server"
2876 # negative test - should fail
2877 for a
in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2880 show_hint
"Should fail 'Connection refused' since there is no server"
2881 run_cmd_nsb nettest
-6 -D -r ${a}
2882 log_test_addr
${a} $?
1 "No server"
2888 for a
in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2891 run_cmd_nsb nettest
-6 -D -s &
2893 run_cmd nettest
-6 -D -r ${a} -0 ${NSA_IP6}
2894 log_test_addr
${a} $?
0 "Client"
2897 run_cmd_nsb nettest
-6 -D -s &
2899 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2900 log_test_addr
${a} $?
0 "Client, device bind"
2903 run_cmd_nsb nettest
-6 -D -s &
2905 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2906 log_test_addr
${a} $?
0 "Client, device send via cmsg"
2909 run_cmd_nsb nettest
-6 -D -s &
2911 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2912 log_test_addr
${a} $?
0 "Client, device bind via IPV6_UNICAST_IF"
2915 show_hint
"Should fail 'Connection refused'"
2916 run_cmd nettest
-6 -D -r ${a}
2917 log_test_addr
${a} $?
1 "No server, unbound client"
2920 show_hint
"Should fail 'Connection refused'"
2921 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV}
2922 log_test_addr
${a} $?
1 "No server, device client"
2926 # local address tests
2928 for a
in ${NSA_IP6} ${NSA_LO_IP6} ::1
2931 run_cmd nettest
-6 -D -s &
2933 run_cmd nettest
-6 -D -r ${a} -0 ${a} -1 ${a}
2934 log_test_addr
${a} $?
0 "Global server, local connection"
2939 run_cmd nettest
-6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
2941 run_cmd nettest
-6 -D -r ${a}
2942 log_test_addr
${a} $?
0 "Device server, unbound client, local connection"
2944 for a
in ${NSA_LO_IP6} ::1
2947 show_hint
"Should fail 'Connection refused' since address is out of device scope"
2948 run_cmd nettest
-6 -s -D -I ${NSA_DEV} &
2950 run_cmd nettest
-6 -D -r ${a}
2951 log_test_addr
${a} $?
1 "Device server, local connection"
2956 run_cmd nettest
-6 -s -D &
2958 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
2959 log_test_addr
${a} $?
0 "Global server, device client, local connection"
2962 run_cmd nettest
-6 -s -D &
2964 run_cmd nettest
-6 -D -d ${NSA_DEV} -C -r ${a}
2965 log_test_addr
${a} $?
0 "Global server, device send via cmsg, local connection"
2968 run_cmd nettest
-6 -s -D &
2970 run_cmd nettest
-6 -D -d ${NSA_DEV} -S -r ${a}
2971 log_test_addr
${a} $?
0 "Global server, device client via IPV6_UNICAST_IF, local connection"
2973 for a
in ${NSA_LO_IP6} ::1
2976 show_hint
"Should fail 'No route to host' since addresses on loopback are out of device scope"
2977 run_cmd nettest
-6 -D -s &
2979 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV}
2980 log_test_addr
${a} $?
1 "Global server, device client, local connection"
2983 show_hint
"Should fail 'No route to host' since addresses on loopback are out of device scope"
2984 run_cmd nettest
-6 -D -s &
2986 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -C
2987 log_test_addr
${a} $?
1 "Global server, device send via cmsg, local connection"
2990 show_hint
"Should fail 'No route to host' since addresses on loopback are out of device scope"
2991 run_cmd nettest
-6 -D -s &
2993 run_cmd nettest
-6 -D -r ${a} -d ${NSA_DEV} -S
2994 log_test_addr
${a} $?
1 "Global server, device client via IP_UNICAST_IF, local connection"
2999 run_cmd nettest
-6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3001 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3002 log_test_addr
${a} $?
0 "Device server, device client, local conn"
3005 show_hint
"Should fail 'Connection refused'"
3006 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
3007 log_test_addr
${a} $?
1 "No server, device client, local conn"
3010 run_cmd_nsb ip
-6 addr del
${NSB_IP6}/64 dev
${NSB_DEV}
3011 run_cmd_nsb ip
-6 ro add
${NSA_IP6}/128 dev
${NSB_DEV}
3013 run_cmd nettest
-6 -s -D &
3015 run_cmd_nsb nettest
-6 -D -r ${NSA_IP6}
3016 log_test $?
0 "UDP in - LLA to GUA"
3018 run_cmd_nsb ip
-6 ro del
${NSA_IP6}/128 dev
${NSB_DEV}
3019 run_cmd_nsb ip
-6 addr add
${NSB_IP6}/64 dev
${NSB_DEV} nodad
3026 # disable global server
3027 log_subsection
"Global server disabled"
3028 set_sysctl net.ipv4.udp_l3mdev_accept
=0
3033 for a
in ${NSA_IP6} ${VRF_IP6}
3036 show_hint
"Should fail 'Connection refused' since global server is disabled"
3037 run_cmd nettest
-6 -D -s &
3039 run_cmd_nsb nettest
-6 -D -r ${a}
3040 log_test_addr
${a} $?
1 "Global server"
3043 for a
in ${NSA_IP6} ${VRF_IP6}
3046 run_cmd nettest
-6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3048 run_cmd_nsb nettest
-6 -D -r ${a}
3049 log_test_addr
${a} $?
0 "VRF server"
3052 for a
in ${NSA_IP6} ${VRF_IP6}
3055 run_cmd nettest
-6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3057 run_cmd_nsb nettest
-6 -D -r ${a}
3058 log_test_addr
${a} $?
0 "Enslaved device server"
3061 # negative test - should fail
3062 for a
in ${NSA_IP6} ${VRF_IP6}
3065 show_hint
"Should fail 'Connection refused' since there is no server"
3066 run_cmd_nsb nettest
-6 -D -r ${a}
3067 log_test_addr
${a} $?
1 "No server"
3071 # local address tests
3073 for a
in ${NSA_IP6} ${VRF_IP6}
3076 show_hint
"Should fail 'Connection refused' since global server is disabled"
3077 run_cmd nettest
-6 -D -s &
3079 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
3080 log_test_addr
${a} $?
1 "Global server, VRF client, local conn"
3083 for a
in ${NSA_IP6} ${VRF_IP6}
3086 run_cmd nettest
-6 -D -I ${VRF} -s &
3088 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
3089 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
3094 show_hint
"Should fail 'Connection refused' since global server is disabled"
3095 run_cmd nettest
-6 -D -s &
3097 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
3098 log_test_addr
${a} $?
1 "Global server, device client, local conn"
3101 run_cmd nettest
-6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3103 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
3104 log_test_addr
${a} $?
0 "VRF server, device client, local conn"
3107 run_cmd nettest
-6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3109 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
3110 log_test_addr
${a} $?
0 "Enslaved device server, VRF client, local conn"
3113 run_cmd nettest
-6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3115 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
3116 log_test_addr
${a} $?
0 "Enslaved device server, device client, local conn"
3118 # disable global server
3119 log_subsection
"Global server enabled"
3120 set_sysctl net.ipv4.udp_l3mdev_accept
=1
3125 for a
in ${NSA_IP6} ${VRF_IP6}
3128 run_cmd nettest
-6 -D -s -3 ${NSA_DEV} &
3130 run_cmd_nsb nettest
-6 -D -r ${a}
3131 log_test_addr
${a} $?
0 "Global server"
3134 for a
in ${NSA_IP6} ${VRF_IP6}
3137 run_cmd nettest
-6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3139 run_cmd_nsb nettest
-6 -D -r ${a}
3140 log_test_addr
${a} $?
0 "VRF server"
3143 for a
in ${NSA_IP6} ${VRF_IP6}
3146 run_cmd nettest
-6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3148 run_cmd_nsb nettest
-6 -D -r ${a}
3149 log_test_addr
${a} $?
0 "Enslaved device server"
3152 # negative test - should fail
3153 for a
in ${NSA_IP6} ${VRF_IP6}
3156 run_cmd_nsb nettest
-6 -D -r ${a}
3157 log_test_addr
${a} $?
1 "No server"
3164 run_cmd_nsb nettest
-6 -D -s &
3166 run_cmd nettest
-6 -D -d ${VRF} -r ${NSB_IP6}
3167 log_test $?
0 "VRF client"
3169 # negative test - should fail
3171 run_cmd nettest
-6 -D -d ${VRF} -r ${NSB_IP6}
3172 log_test $?
1 "No server, VRF client"
3175 run_cmd_nsb nettest
-6 -D -s &
3177 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3178 log_test $?
0 "Enslaved device client"
3180 # negative test - should fail
3182 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3183 log_test $?
1 "No server, enslaved device client"
3186 # local address tests
3190 run_cmd nettest
-6 -D -s -3 ${NSA_DEV} &
3192 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
3193 log_test_addr
${a} $?
0 "Global server, VRF client, local conn"
3196 run_cmd nettest
-6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3198 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
3199 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
3204 run_cmd nettest
-6 -D -s -3 ${VRF} &
3206 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
3207 log_test_addr
${a} $?
0 "Global server, VRF client, local conn"
3210 run_cmd nettest
-6 -D -I ${VRF} -s -3 ${VRF} &
3212 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
3213 log_test_addr
${a} $?
0 "VRF server, VRF client, local conn"
3215 # negative test - should fail
3216 for a
in ${NSA_IP6} ${VRF_IP6}
3219 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
3220 log_test_addr
${a} $?
1 "No server, VRF client, local conn"
3223 # device to global IP
3226 run_cmd nettest
-6 -D -s -3 ${NSA_DEV} &
3228 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
3229 log_test_addr
${a} $?
0 "Global server, device client, local conn"
3232 run_cmd nettest
-6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3234 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
3235 log_test_addr
${a} $?
0 "VRF server, device client, local conn"
3238 run_cmd nettest
-6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3240 run_cmd nettest
-6 -D -d ${VRF} -r ${a}
3241 log_test_addr
${a} $?
0 "Device server, VRF client, local conn"
3244 run_cmd nettest
-6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3246 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
3247 log_test_addr
${a} $?
0 "Device server, device client, local conn"
3250 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${a}
3251 log_test_addr
${a} $?
1 "No server, device client, local conn"
3254 # link local addresses
3256 run_cmd nettest
-6 -D -s &
3258 run_cmd_nsb nettest
-6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3259 log_test $?
0 "Global server, linklocal IP"
3262 run_cmd_nsb nettest
-6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3263 log_test $?
1 "No server, linklocal IP"
3267 run_cmd_nsb nettest
-6 -D -s &
3269 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3270 log_test $?
0 "Enslaved device client, linklocal IP"
3273 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3274 log_test $?
1 "No server, device client, peer linklocal IP"
3278 run_cmd nettest
-6 -D -s &
3280 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3281 log_test $?
0 "Enslaved device client, local conn - linklocal IP"
3284 run_cmd nettest
-6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3285 log_test $?
1 "No server, device client, local conn - linklocal IP"
3288 run_cmd_nsb ip
-6 addr del
${NSB_IP6}/64 dev
${NSB_DEV}
3289 run_cmd_nsb ip
-6 ro add
${NSA_IP6}/128 dev
${NSB_DEV}
3291 run_cmd nettest
-6 -s -D &
3293 run_cmd_nsb nettest
-6 -D -r ${NSA_IP6}
3294 log_test $?
0 "UDP in - LLA to GUA"
3296 run_cmd_nsb ip
-6 ro del
${NSA_IP6}/128 dev
${NSB_DEV}
3297 run_cmd_nsb ip
-6 addr add
${NSB_IP6}/64 dev
${NSB_DEV} nodad
3302 # should not matter, but set to known state
3303 set_sysctl net.ipv4.udp_early_demux
=1
3305 log_section
"IPv6/UDP"
3306 log_subsection
"No VRF"
3309 # udp_l3mdev_accept should have no affect without VRF;
3310 # run tests with it enabled and disabled to verify
3311 log_subsection
"udp_l3mdev_accept disabled"
3312 set_sysctl net.ipv4.udp_l3mdev_accept
=0
3314 log_subsection
"udp_l3mdev_accept enabled"
3315 set_sysctl net.ipv4.udp_l3mdev_accept
=1
3318 log_subsection
"With VRF"
3323 ################################################################################
3326 ipv6_addr_bind_novrf
()
3331 for a
in ${NSA_IP6} ${NSA_LO_IP6}
3334 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -b
3335 log_test_addr
${a} $?
0 "Raw socket bind to local address"
3338 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -I ${NSA_DEV} -b
3339 log_test_addr
${a} $?
0 "Raw socket bind to local address after device bind"
3347 run_cmd nettest
-6 -s -l ${a} -t1 -b
3348 log_test_addr
${a} $?
0 "TCP socket bind to local address"
3351 run_cmd nettest
-6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3352 log_test_addr
${a} $?
0 "TCP socket bind to local address after device bind"
3356 show_hint
"Should fail with 'Cannot assign requested address'"
3357 run_cmd nettest
-6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3358 log_test_addr
${a} $?
1 "TCP socket bind to out of scope local address"
3361 ipv6_addr_bind_vrf
()
3366 for a
in ${NSA_IP6} ${VRF_IP6}
3369 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -I ${VRF} -b
3370 log_test_addr
${a} $?
0 "Raw socket bind to local address after vrf bind"
3373 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -I ${NSA_DEV} -b
3374 log_test_addr
${a} $?
0 "Raw socket bind to local address after device bind"
3379 show_hint
"Address on loopback is out of VRF scope"
3380 run_cmd nettest
-6 -s -R -P ipv6-icmp
-l ${a} -I ${VRF} -b
3381 log_test_addr
${a} $?
1 "Raw socket bind to invalid local address after vrf bind"
3386 # address on enslaved device is valid for the VRF or device in a VRF
3387 for a
in ${NSA_IP6} ${VRF_IP6}
3390 run_cmd nettest
-6 -s -l ${a} -I ${VRF} -t1 -b
3391 log_test_addr
${a} $?
0 "TCP socket bind to local address with VRF bind"
3396 run_cmd nettest
-6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3397 log_test_addr
${a} $?
0 "TCP socket bind to local address with device bind"
3401 run_cmd nettest
-6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3402 log_test_addr
${a} $?
1 "TCP socket bind to VRF address with device bind"
3406 show_hint
"Address on loopback out of scope for VRF"
3407 run_cmd nettest
-6 -s -l ${a} -I ${VRF} -t1 -b
3408 log_test_addr
${a} $?
1 "TCP socket bind to invalid local address for VRF"
3411 show_hint
"Address on loopback out of scope for device in VRF"
3412 run_cmd nettest
-6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3413 log_test_addr
${a} $?
1 "TCP socket bind to invalid local address for device bind"
3419 log_section
"IPv6 address binds"
3421 log_subsection
"No VRF"
3423 ipv6_addr_bind_novrf
3425 log_subsection
"With VRF"
3430 ################################################################################
3431 # IPv6 runtime tests
3437 local with_vrf
="yes"
3443 for a
in ${NSA_IP6} ${VRF_IP6}
3446 run_cmd nettest
${varg} -s &
3448 run_cmd_nsb nettest
${varg} -r ${a} &
3450 run_cmd ip link del
${VRF}
3452 log_test_addr
${a} 0 0 "${desc}, global server"
3457 for a
in ${NSA_IP6} ${VRF_IP6}
3460 run_cmd nettest
${varg} -I ${VRF} -s &
3462 run_cmd_nsb nettest
${varg} -r ${a} &
3464 run_cmd ip link del
${VRF}
3466 log_test_addr
${a} 0 0 "${desc}, VRF server"
3471 for a
in ${NSA_IP6} ${VRF_IP6}
3474 run_cmd nettest
${varg} -I ${NSA_DEV} -s &
3476 run_cmd_nsb nettest
${varg} -r ${a} &
3478 run_cmd ip link del
${VRF}
3480 log_test_addr
${a} 0 0 "${desc}, enslaved device server"
3489 run_cmd_nsb nettest
${varg} -s &
3491 run_cmd nettest
${varg} -d ${VRF} -r ${NSB_IP6} &
3493 run_cmd ip link del
${VRF}
3495 log_test
0 0 "${desc}, VRF client"
3500 run_cmd_nsb nettest
${varg} -s &
3502 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3504 run_cmd ip link del
${VRF}
3506 log_test
0 0 "${desc}, enslaved device client"
3512 # local address tests
3514 for a
in ${NSA_IP6} ${VRF_IP6}
3517 run_cmd nettest
${varg} -s &
3519 run_cmd nettest
${varg} -d ${VRF} -r ${a} &
3521 run_cmd ip link del
${VRF}
3523 log_test_addr
${a} 0 0 "${desc}, global server, VRF client"
3528 for a
in ${NSA_IP6} ${VRF_IP6}
3531 run_cmd nettest
${varg} -I ${VRF} -s &
3533 run_cmd nettest
${varg} -d ${VRF} -r ${a} &
3535 run_cmd ip link del
${VRF}
3537 log_test_addr
${a} 0 0 "${desc}, VRF server and client"
3544 run_cmd nettest
${varg} -s &
3546 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
3548 run_cmd ip link del
${VRF}
3550 log_test_addr
${a} 0 0 "${desc}, global server, device client"
3555 run_cmd nettest
${varg} -I ${VRF} -s &
3557 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
3559 run_cmd ip link del
${VRF}
3561 log_test_addr
${a} 0 0 "${desc}, VRF server, device client"
3566 run_cmd nettest
${varg} -I ${NSA_DEV} -s &
3568 run_cmd nettest
${varg} -d ${NSA_DEV} -r ${a} &
3570 run_cmd ip link del
${VRF}
3572 log_test_addr
${a} 0 0 "${desc}, device server, device client"
3577 local with_vrf
="yes"
3582 run_cmd_nsb
${ping6} -f ${a} &
3584 run_cmd ip link del
${VRF}
3586 log_test_addr
${a} 0 0 "Device delete with active traffic - ping in"
3591 run_cmd
${ping6} -f ${NSB_IP6} -I ${VRF} &
3593 run_cmd ip link del
${VRF}
3595 log_test_addr
${a} 0 0 "Device delete with active traffic - ping out"
3600 log_section
"Run time tests - ipv6"
3606 ipv6_rt
"TCP active socket" "-n -1"
3609 ipv6_rt
"TCP passive socket" "-i"
3612 ipv6_rt
"UDP active socket" "-D -n -1"
3615 ################################################################################
3616 # netfilter blocking connections
3618 netfilter_tcp_reset
()
3622 for a
in ${NSA_IP} ${VRF_IP}
3625 run_cmd nettest
-s &
3627 run_cmd_nsb nettest
-r ${a}
3628 log_test_addr
${a} $?
1 "Global server, reject with TCP-reset on Rx"
3638 [ "${stype}" = "UDP" ] && arg
="-D"
3640 for a
in ${NSA_IP} ${VRF_IP}
3643 run_cmd nettest
${arg} -s &
3645 run_cmd_nsb nettest
${arg} -r ${a}
3646 log_test_addr
${a} $?
1 "Global ${stype} server, Rx reject icmp-port-unreach"
3652 log_section
"IPv4 Netfilter"
3653 log_subsection
"TCP reset"
3656 run_cmd iptables
-A INPUT
-p tcp
--dport 12345 -j REJECT
--reject-with tcp-reset
3661 log_subsection
"ICMP unreachable"
3665 run_cmd iptables
-A INPUT
-p tcp
--dport 12345 -j REJECT
--reject-with icmp-port-unreachable
3666 run_cmd iptables
-A INPUT
-p udp
--dport 12345 -j REJECT
--reject-with icmp-port-unreachable
3668 netfilter_icmp
"TCP"
3669 netfilter_icmp
"UDP"
3675 netfilter_tcp6_reset
()
3679 for a
in ${NSA_IP6} ${VRF_IP6}
3682 run_cmd nettest
-6 -s &
3684 run_cmd_nsb nettest
-6 -r ${a}
3685 log_test_addr
${a} $?
1 "Global server, reject with TCP-reset on Rx"
3695 [ "${stype}" = "UDP" ] && arg
="$arg -D"
3697 for a
in ${NSA_IP6} ${VRF_IP6}
3700 run_cmd nettest
-6 -s ${arg} &
3702 run_cmd_nsb nettest
-6 ${arg} -r ${a}
3703 log_test_addr
${a} $?
1 "Global ${stype} server, Rx reject icmp-port-unreach"
3709 log_section
"IPv6 Netfilter"
3710 log_subsection
"TCP reset"
3713 run_cmd ip6tables
-A INPUT
-p tcp
--dport 12345 -j REJECT
--reject-with tcp-reset
3715 netfilter_tcp6_reset
3717 log_subsection
"ICMP unreachable"
3720 run_cmd ip6tables
-F
3721 run_cmd ip6tables
-A INPUT
-p tcp
--dport 12345 -j REJECT
--reject-with icmp6-port-unreachable
3722 run_cmd ip6tables
-A INPUT
-p udp
--dport 12345 -j REJECT
--reject-with icmp6-port-unreachable
3724 netfilter_icmp6
"TCP"
3725 netfilter_icmp6
"UDP"
3731 ################################################################################
3732 # specific use cases
3735 # ns-A device enslaved to bridge. Verify traffic with and without
3736 # br_netfilter module loaded. Repeat with SVI on bridge.
3741 setup_cmd ip link
set ${NSA_DEV} down
3742 setup_cmd ip addr del dev
${NSA_DEV} ${NSA_IP}/24
3743 setup_cmd ip
-6 addr del dev
${NSA_DEV} ${NSA_IP6}/64
3745 setup_cmd ip link add br0
type bridge
3746 setup_cmd ip addr add dev br0
${NSA_IP}/24
3747 setup_cmd ip
-6 addr add dev br0
${NSA_IP6}/64 nodad
3749 setup_cmd ip li
set ${NSA_DEV} master br0
3750 setup_cmd ip li
set ${NSA_DEV} up
3751 setup_cmd ip li
set br0 up
3752 setup_cmd ip li
set br0 vrf
${VRF}
3754 rmmod br_netfilter
2>/dev
/null
3757 run_cmd ip neigh flush all
3758 run_cmd
ping -c1 -w1 -I br0
${NSB_IP}
3759 log_test $?
0 "Bridge into VRF - IPv4 ping out"
3761 run_cmd ip neigh flush all
3762 run_cmd
${ping6} -c1 -w1 -I br0
${NSB_IP6}
3763 log_test $?
0 "Bridge into VRF - IPv6 ping out"
3765 run_cmd ip neigh flush all
3766 run_cmd_nsb
ping -c1 -w1 ${NSA_IP}
3767 log_test $?
0 "Bridge into VRF - IPv4 ping in"
3769 run_cmd ip neigh flush all
3770 run_cmd_nsb
${ping6} -c1 -w1 ${NSA_IP6}
3771 log_test $?
0 "Bridge into VRF - IPv6 ping in"
3773 modprobe br_netfilter
3774 if [ $?
-eq 0 ]; then
3775 run_cmd ip neigh flush all
3776 run_cmd
ping -c1 -w1 -I br0
${NSB_IP}
3777 log_test $?
0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3779 run_cmd ip neigh flush all
3780 run_cmd
${ping6} -c1 -w1 -I br0
${NSB_IP6}
3781 log_test $?
0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3783 run_cmd ip neigh flush all
3784 run_cmd_nsb
ping -c1 -w1 ${NSA_IP}
3785 log_test $?
0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3787 run_cmd ip neigh flush all
3788 run_cmd_nsb
${ping6} -c1 -w1 ${NSA_IP6}
3789 log_test $?
0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3792 setup_cmd ip li
set br0 nomaster
3793 setup_cmd ip li add br0.100 link br0
type vlan id
100
3794 setup_cmd ip li
set br0.100 vrf
${VRF} up
3795 setup_cmd ip addr add dev br0.100
172.16.101.1/24
3796 setup_cmd ip
-6 addr add dev br0.100
2001:db8
:101::1/64 nodad
3798 setup_cmd_nsb ip li add vlan100 link
${NSB_DEV} type vlan id
100
3799 setup_cmd_nsb ip addr add dev vlan100
172.16.101.2/24
3800 setup_cmd_nsb ip
-6 addr add dev vlan100
2001:db8
:101::2/64 nodad
3801 setup_cmd_nsb ip li
set vlan100 up
3804 rmmod br_netfilter
2>/dev
/null
3806 run_cmd ip neigh flush all
3807 run_cmd
ping -c1 -w1 -I br0.100
172.16.101.2
3808 log_test $?
0 "Bridge vlan into VRF - IPv4 ping out"
3810 run_cmd ip neigh flush all
3811 run_cmd
${ping6} -c1 -w1 -I br0.100
2001:db8
:101::2
3812 log_test $?
0 "Bridge vlan into VRF - IPv6 ping out"
3814 run_cmd ip neigh flush all
3815 run_cmd_nsb
ping -c1 -w1 172.16.101.1
3816 log_test $?
0 "Bridge vlan into VRF - IPv4 ping in"
3818 run_cmd ip neigh flush all
3819 run_cmd_nsb
${ping6} -c1 -w1 2001:db8
:101::1
3820 log_test $?
0 "Bridge vlan into VRF - IPv6 ping in"
3822 modprobe br_netfilter
3823 if [ $?
-eq 0 ]; then
3824 run_cmd ip neigh flush all
3825 run_cmd
ping -c1 -w1 -I br0.100
172.16.101.2
3826 log_test $?
0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3828 run_cmd ip neigh flush all
3829 run_cmd
${ping6} -c1 -w1 -I br0.100
2001:db8
:101::2
3830 log_test $?
0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3832 run_cmd ip neigh flush all
3833 run_cmd_nsb
ping -c1 -w1 172.16.101.1
3834 log_test $?
0 "Bridge vlan into VRF - IPv4 ping in"
3836 run_cmd ip neigh flush all
3837 run_cmd_nsb
${ping6} -c1 -w1 2001:db8
:101::1
3838 log_test $?
0 "Bridge vlan into VRF - IPv6 ping in"
3841 setup_cmd ip li del br0
2>/dev
/null
3842 setup_cmd_nsb ip li del vlan100
2>/dev
/null
3846 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
3847 # LLA on the interfaces
3848 use_case_ping_lla_multi
()
3851 # only want reply from ns-A
3852 setup_cmd_nsb sysctl
-qw net.ipv6.icmp.echo_ignore_multicast
=1
3853 setup_cmd_nsc sysctl
-qw net.ipv6.icmp.echo_ignore_multicast
=1
3856 run_cmd_nsb
ping -c1 -w1 ${MCAST}%${NSB_DEV}
3857 log_test_addr
${MCAST}%${NSB_DEV} $?
0 "Pre cycle, ping out ns-B"
3859 run_cmd_nsc
ping -c1 -w1 ${MCAST}%${NSC_DEV}
3860 log_test_addr
${MCAST}%${NSC_DEV} $?
0 "Pre cycle, ping out ns-C"
3862 # cycle/flap the first ns-A interface
3863 setup_cmd ip link
set ${NSA_DEV} down
3864 setup_cmd ip link
set ${NSA_DEV} up
3868 run_cmd_nsb
ping -c1 -w1 ${MCAST}%${NSB_DEV}
3869 log_test_addr
${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B
"
3870 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3871 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
3873 # cycle/flap the second ns-A interface
3874 setup_cmd ip link
set ${NSA_DEV2} down
3875 setup_cmd ip link
set ${NSA_DEV2} up
3879 run_cmd_nsb
ping -c1 -w1 ${MCAST}%${NSB_DEV}
3880 log_test_addr
${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B
"
3881 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3882 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
3885 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
3886 # established with ns-B.
3887 use_case_snat_on_vrf
()
3893 run_cmd iptables
-t nat
-A POSTROUTING
-p tcp
-m tcp
--dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
3894 run_cmd ip6tables
-t nat
-A POSTROUTING
-p tcp
-m tcp
--dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
3896 run_cmd_nsb nettest
-s -l ${NSB_IP} -p ${port} &
3898 run_cmd nettest
-d ${VRF} -r ${NSB_IP} -p ${port}
3899 log_test $?
0 "IPv4 TCP connection over VRF with SNAT"
3901 run_cmd_nsb nettest
-6 -s -l ${NSB_IP6} -p ${port} &
3903 run_cmd nettest
-6 -d ${VRF} -r ${NSB_IP6} -p ${port}
3904 log_test $?
0 "IPv6 TCP connection over VRF with SNAT"
3907 run_cmd iptables
-t nat
-D POSTROUTING
-p tcp
-m tcp
--dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
3908 run_cmd ip6tables
-t nat
-D POSTROUTING
-p tcp
-m tcp
--dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
3913 log_section
"Use cases"
3914 log_subsection
"Device enslaved to bridge"
3916 log_subsection
"Ping LLA with multiple interfaces"
3917 use_case_ping_lla_multi
3918 log_subsection
"SNAT on VRF"
3919 use_case_snat_on_vrf
3922 ################################################################################
3928 usage: ${0##*/} OPTS
3932 -t <test> Test name/set to run
3934 -P Pause after each test
3939 ################################################################################
3942 TESTS_IPV4
="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter"
3943 TESTS_IPV6
="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter"
3944 TESTS_OTHER
="use_cases"
3949 while getopts :46t
:pPvh o
3955 p
) PAUSE_ON_FAIL
=yes;;
3963 # make sure we don't pause twice
3964 [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL
=no
3967 # show user test config
3969 if [ -z "$TESTS" ]; then
3970 TESTS
="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
3971 elif [ "$TESTS" = "ipv4" ]; then
3973 elif [ "$TESTS" = "ipv6" ]; then
3977 which nettest
>/dev
/null
3978 if [ $?
-ne 0 ]; then
3979 echo "'nettest' command not found; skipping tests"
3984 declare -i nsuccess
=0
3989 ipv4_ping|
ping) ipv4_ping
;;
3990 ipv4_tcp|tcp
) ipv4_tcp
;;
3991 ipv4_udp|udp
) ipv4_udp
;;
3992 ipv4_bind|
bind) ipv4_addr_bind
;;
3993 ipv4_runtime
) ipv4_runtime
;;
3994 ipv4_netfilter
) ipv4_netfilter
;;
3996 ipv6_ping|ping6
) ipv6_ping
;;
3997 ipv6_tcp|tcp6
) ipv6_tcp
;;
3998 ipv6_udp|udp6
) ipv6_udp
;;
3999 ipv6_bind|bind6
) ipv6_addr_bind
;;
4000 ipv6_runtime
) ipv6_runtime
;;
4001 ipv6_netfilter
) ipv6_netfilter
;;
4003 use_cases
) use_cases
;;
4005 # setup namespaces and config, but do not run any tests
4006 setup
) setup
; exit 0;;
4007 vrf_setup
) setup
"yes"; exit 0;;
4009 help) echo "Test names: $TESTS"; exit 0;;
4015 printf "\nTests passed: %3d\n" ${nsuccess}
4016 printf "Tests failed: %3d\n" ${nfail}