Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 0f108ae4452025fef529671998f6c7f1c4526790 / . / tools / testing / selftests / net / fcnal-test.sh
blob: 4340477863d3657724da1eecf0abe431c4d9ef60 [file] [log] [blame]
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5#
6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7# for various permutations:
8# 1. icmp, tcp, udp and netfilter
9# 2. client, server, no-server
10# 3. global address on interface
11# 4. global address on 'lo'
12# 5. remote and local traffic
13# 6. VRF and non-VRF permutations
14#
15# Setup:
16# ns-A | ns-B
17# No VRF case:
18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
19# remote address
20# VRF case:
21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
22#
23# ns-A:
24# eth1: 172.16.1.1/24, 2001:db8:1::1/64
25# lo: 127.0.0.1/8, ::1/128
26# 172.16.2.1/32, 2001:db8:2::1/128
27# red: 127.0.0.1/8, ::1/128
28# 172.16.3.1/32, 2001:db8:3::1/128
29#
30# ns-B:
31# eth1: 172.16.1.2/24, 2001:db8:1::2/64
32# lo2: 127.0.0.1/8, ::1/128
33# 172.16.2.2/32, 2001:db8:2::2/128
34#
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]35# ns-A to ns-C connection - only for VRF and same config
36# as ns-A to ns-B
37#
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]38# server / client nomenclature relative to ns-A
39
Po-Hsu Lin7844ec22021-08-23 16:58:54 +0800[diff] [blame]40# Kselftest framework requirement - SKIP code is 4.
41ksft_skip=4
42
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]43VERBOSE=0
44
45NSA_DEV=eth1
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]46NSA_DEV2=eth2
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]47NSB_DEV=eth1
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]48NSC_DEV=eth2
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]49VRF=red
50VRF_TABLE=1101
51
52# IPv4 config
53NSA_IP=172.16.1.1
54NSB_IP=172.16.1.2
55VRF_IP=172.16.3.1
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]56NS_NET=172.16.1.0/24
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]57
58# IPv6 config
59NSA_IP6=2001:db8:1::1
60NSB_IP6=2001:db8:1::2
61VRF_IP6=2001:db8:3::1
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]62NS_NET6=2001:db8:1::/120
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]63
64NSA_LO_IP=172.16.2.1
65NSB_LO_IP=172.16.2.2
66NSA_LO_IP6=2001:db8:2::1
67NSB_LO_IP6=2001:db8:2::2
68
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]69MD5_PW=abc123
70MD5_WRONG_PW=abc1234
71
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]72MCAST=ff02::1
73# set after namespace create
74NSA_LINKIP6=
75NSB_LINKIP6=
76
77NSA=ns-A
78NSB=ns-B
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]79NSC=ns-C
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]80
81NSA_CMD="ip netns exec ${NSA}"
82NSB_CMD="ip netns exec ${NSB}"
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]83NSC_CMD="ip netns exec ${NSC}"
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]84
85which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
86
87################################################################################
88# utilities
89
90log_test()
91{
92 local rc=$1
93 local expected=$2
94 local msg="$3"
95
96 [ "${VERBOSE}" = "1" ] && echo
97
98 if [ ${rc} -eq ${expected} ]; then
99 nsuccess=$((nsuccess+1))
100 printf "TEST: %-70s [ OK ]\n" "${msg}"
101 else
102 nfail=$((nfail+1))
103 printf "TEST: %-70s [FAIL]\n" "${msg}"
104 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
105 echo
106 echo "hit enter to continue, 'q' to quit"
107 read a
108 [ "$a" = "q" ] && exit 1
109 fi
110 fi
111
112 if [ "${PAUSE}" = "yes" ]; then
113 echo
114 echo "hit enter to continue, 'q' to quit"
115 read a
116 [ "$a" = "q" ] && exit 1
117 fi
118
119 kill_procs
120}
121
122log_test_addr()
123{
124 local addr=$1
125 local rc=$2
126 local expected=$3
127 local msg="$4"
128 local astr
129
130 astr=$(addr2str ${addr})
131 log_test $rc $expected "$msg - ${astr}"
132}
133
134log_section()
135{
136 echo
137 echo "###########################################################################"
138 echo "$*"
139 echo "###########################################################################"
140 echo
141}
142
143log_subsection()
144{
145 echo
146 echo "#################################################################"
147 echo "$*"
148 echo
149}
150
151log_start()
152{
153 # make sure we have no test instances running
154 kill_procs
155
156 if [ "${VERBOSE}" = "1" ]; then
157 echo
158 echo "#######################################################"
159 fi
160}
161
162log_debug()
163{
164 if [ "${VERBOSE}" = "1" ]; then
165 echo
166 echo "$*"
167 echo
168 fi
169}
170
171show_hint()
172{
173 if [ "${VERBOSE}" = "1" ]; then
174 echo "HINT: $*"
175 echo
176 fi
177}
178
179kill_procs()
180{
181 killall nettest ping ping6 >/dev/null 2>&1
182 sleep 1
183}
184
185do_run_cmd()
186{
187 local cmd="$*"
188 local out
189
190 if [ "$VERBOSE" = "1" ]; then
191 echo "COMMAND: ${cmd}"
192 fi
193
194 out=$($cmd 2>&1)
195 rc=$?
196 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
197 echo "$out"
198 fi
199
200 return $rc
201}
202
203run_cmd()
204{
205 do_run_cmd ${NSA_CMD} $*
206}
207
208run_cmd_nsb()
209{
210 do_run_cmd ${NSB_CMD} $*
211}
212
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]213run_cmd_nsc()
214{
215 do_run_cmd ${NSC_CMD} $*
216}
217
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]218setup_cmd()
219{
220 local cmd="$*"
221 local rc
222
223 run_cmd ${cmd}
224 rc=$?
225 if [ $rc -ne 0 ]; then
226 # show user the command if not done so already
227 if [ "$VERBOSE" = "0" ]; then
228 echo "setup command: $cmd"
229 fi
230 echo "failed. stopping tests"
231 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
232 echo
233 echo "hit enter to continue"
234 read a
235 fi
236 exit $rc
237 fi
238}
239
240setup_cmd_nsb()
241{
242 local cmd="$*"
243 local rc
244
245 run_cmd_nsb ${cmd}
246 rc=$?
247 if [ $rc -ne 0 ]; then
248 # show user the command if not done so already
249 if [ "$VERBOSE" = "0" ]; then
250 echo "setup command: $cmd"
251 fi
252 echo "failed. stopping tests"
253 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
254 echo
255 echo "hit enter to continue"
256 read a
257 fi
258 exit $rc
259 fi
260}
261
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]262setup_cmd_nsc()
263{
264 local cmd="$*"
265 local rc
266
267 run_cmd_nsc ${cmd}
268 rc=$?
269 if [ $rc -ne 0 ]; then
270 # show user the command if not done so already
271 if [ "$VERBOSE" = "0" ]; then
272 echo "setup command: $cmd"
273 fi
274 echo "failed. stopping tests"
275 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
276 echo
277 echo "hit enter to continue"
278 read a
279 fi
280 exit $rc
281 fi
282}
283
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]284# set sysctl values in NS-A
285set_sysctl()
286{
287 echo "SYSCTL: $*"
288 echo
289 run_cmd sysctl -q -w $*
290}
291
Leonard Crestez64e40172021-10-15 10:26:07 +0300[diff] [blame]292# get sysctl values in NS-A
293get_sysctl()
294{
295 ${NSA_CMD} sysctl -n $*
296}
297
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]298################################################################################
299# Setup for tests
300
301addr2str()
302{
303 case "$1" in
304 127.0.0.1) echo "loopback";;
305 ::1) echo "IPv6 loopback";;
306
307 ${NSA_IP}) echo "ns-A IP";;
308 ${NSA_IP6}) echo "ns-A IPv6";;
309 ${NSA_LO_IP}) echo "ns-A loopback IP";;
310 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
311 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
312
313 ${NSB_IP}) echo "ns-B IP";;
314 ${NSB_IP6}) echo "ns-B IPv6";;
315 ${NSB_LO_IP}) echo "ns-B loopback IP";;
316 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
317 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
318
319 ${VRF_IP}) echo "VRF IP";;
320 ${VRF_IP6}) echo "VRF IPv6";;
321
322 ${MCAST}%*) echo "multicast IP";;
323
324 *) echo "unknown";;
325 esac
326}
327
328get_linklocal()
329{
330 local ns=$1
331 local dev=$2
332 local addr
333
334 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
335 awk '{
336 for (i = 3; i <= NF; ++i) {
337 if ($i ~ /^fe80/)
338 print $i
339 }
340 }'
341 )
342 addr=${addr/\/*}
343
344 [ -z "$addr" ] && return 1
345
346 echo $addr
347
348 return 0
349}
350
351################################################################################
352# create namespaces and vrf
353
354create_vrf()
355{
356 local ns=$1
357 local vrf=$2
358 local table=$3
359 local addr=$4
360 local addr6=$5
361
362 ip -netns ${ns} link add ${vrf} type vrf table ${table}
363 ip -netns ${ns} link set ${vrf} up
364 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
365 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
366
367 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
368 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
369 if [ "${addr}" != "-" ]; then
370 ip -netns ${ns} addr add dev ${vrf} ${addr}
371 fi
372 if [ "${addr6}" != "-" ]; then
373 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
374 fi
375
376 ip -netns ${ns} ru del pref 0
377 ip -netns ${ns} ru add pref 32765 from all lookup local
378 ip -netns ${ns} -6 ru del pref 0
379 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
380}
381
382create_ns()
383{
384 local ns=$1
385 local addr=$2
386 local addr6=$3
387
388 ip netns add ${ns}
389
390 ip -netns ${ns} link set lo up
391 if [ "${addr}" != "-" ]; then
392 ip -netns ${ns} addr add dev lo ${addr}
393 fi
394 if [ "${addr6}" != "-" ]; then
395 ip -netns ${ns} -6 addr add dev lo ${addr6}
396 fi
397
398 ip -netns ${ns} ro add unreachable default metric 8192
399 ip -netns ${ns} -6 ro add unreachable default metric 8192
400
401 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
402 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
403 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
404 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
405}
406
407# create veth pair to connect namespaces and apply addresses.
408connect_ns()
409{
410 local ns1=$1
411 local ns1_dev=$2
412 local ns1_addr=$3
413 local ns1_addr6=$4
414 local ns2=$5
415 local ns2_dev=$6
416 local ns2_addr=$7
417 local ns2_addr6=$8
418
419 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
420 ip -netns ${ns1} li set ${ns1_dev} up
421 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
422 ip -netns ${ns2} li set ${ns2_dev} up
423
424 if [ "${ns1_addr}" != "-" ]; then
425 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
426 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
427 fi
428
429 if [ "${ns1_addr6}" != "-" ]; then
430 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
431 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
432 fi
433}
434
435cleanup()
436{
437 # explicit cleanups to check those code paths
438 ip netns | grep -q ${NSA}
439 if [ $? -eq 0 ]; then
440 ip -netns ${NSA} link delete ${VRF}
441 ip -netns ${NSA} ro flush table ${VRF_TABLE}
442
443 ip -netns ${NSA} addr flush dev ${NSA_DEV}
444 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
445 ip -netns ${NSA} link set dev ${NSA_DEV} down
446 ip -netns ${NSA} link del dev ${NSA_DEV}
447
Florian Westphal1f83b832021-10-21 16:02:47 +0200[diff] [blame]448 ip netns pids ${NSA} | xargs kill 2>/dev/null
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]449 ip netns del ${NSA}
450 fi
451
Florian Westphal1f83b832021-10-21 16:02:47 +0200[diff] [blame]452 ip netns pids ${NSB} | xargs kill 2>/dev/null
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]453 ip netns del ${NSB}
Florian Westphal1f83b832021-10-21 16:02:47 +0200[diff] [blame]454 ip netns pids ${NSC} | xargs kill 2>/dev/null
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]455 ip netns del ${NSC} >/dev/null 2>&1
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]456}
457
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]458cleanup_vrf_dup()
459{
460 ip link del ${NSA_DEV2} >/dev/null 2>&1
461 ip netns pids ${NSC} | xargs kill 2>/dev/null
462 ip netns del ${NSC} >/dev/null 2>&1
463}
464
465setup_vrf_dup()
466{
467 # some VRF tests use ns-C which has the same config as
468 # ns-B but for a device NOT in the VRF
469 create_ns ${NSC} "-" "-"
470 connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
471 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
472}
473
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]474setup()
475{
476 local with_vrf=${1}
477
478 # make sure we are starting with a clean slate
479 kill_procs
480 cleanup 2>/dev/null
481
482 log_debug "Configuring network namespaces"
483 set -e
484
485 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
486 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
487 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
488 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
489
490 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
491 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
492
493 # tell ns-A how to get to remote addresses of ns-B
494 if [ "${with_vrf}" = "yes" ]; then
495 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
496
497 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
498 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
499 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
500
501 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
502 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
503 else
504 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
505 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
506 fi
507
508
509 # tell ns-B how to get to remote addresses of ns-A
510 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
511 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
512
513 set +e
514
515 sleep 1
516}
517
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]518setup_lla_only()
519{
520 # make sure we are starting with a clean slate
521 kill_procs
522 cleanup 2>/dev/null
523
524 log_debug "Configuring network namespaces"
525 set -e
526
527 create_ns ${NSA} "-" "-"
528 create_ns ${NSB} "-" "-"
529 create_ns ${NSC} "-" "-"
530 connect_ns ${NSA} ${NSA_DEV} "-" "-" \
531 ${NSB} ${NSB_DEV} "-" "-"
532 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
533 ${NSC} ${NSC_DEV} "-" "-"
534
535 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
536 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
537 NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV})
538
539 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
540 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
541 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
542
543 set +e
544
545 sleep 1
546}
547
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]548################################################################################
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]549# IPv4
550
551ipv4_ping_novrf()
552{
553 local a
554
555 #
556 # out
557 #
558 for a in ${NSB_IP} ${NSB_LO_IP}
559 do
560 log_start
561 run_cmd ping -c1 -w1 ${a}
562 log_test_addr ${a} $? 0 "ping out"
563
564 log_start
565 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
566 log_test_addr ${a} $? 0 "ping out, device bind"
567
568 log_start
569 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
570 log_test_addr ${a} $? 0 "ping out, address bind"
571 done
572
573 #
574 # in
575 #
576 for a in ${NSA_IP} ${NSA_LO_IP}
577 do
578 log_start
579 run_cmd_nsb ping -c1 -w1 ${a}
580 log_test_addr ${a} $? 0 "ping in"
581 done
582
583 #
584 # local traffic
585 #
586 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
587 do
588 log_start
589 run_cmd ping -c1 -w1 ${a}
590 log_test_addr ${a} $? 0 "ping local"
591 done
592
593 #
594 # local traffic, socket bound to device
595 #
596 # address on device
597 a=${NSA_IP}
598 log_start
599 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
600 log_test_addr ${a} $? 0 "ping local, device bind"
601
602 # loopback addresses not reachable from device bind
603 # fails in a really weird way though because ipv4 special cases
604 # route lookups with oif set.
605 for a in ${NSA_LO_IP} 127.0.0.1
606 do
607 log_start
608 show_hint "Fails since address on loopback device is out of device scope"
609 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
610 log_test_addr ${a} $? 1 "ping local, device bind"
611 done
612
613 #
614 # ip rule blocks reachability to remote address
615 #
616 log_start
617 setup_cmd ip rule add pref 32765 from all lookup local
618 setup_cmd ip rule del pref 0 from all lookup local
619 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
620 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
621
622 a=${NSB_LO_IP}
623 run_cmd ping -c1 -w1 ${a}
624 log_test_addr ${a} $? 2 "ping out, blocked by rule"
625
626 # NOTE: ipv4 actually allows the lookup to fail and yet still create
627 # a viable rtable if the oif (e.g., bind to device) is set, so this
628 # case succeeds despite the rule
629 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
630
631 a=${NSA_LO_IP}
632 log_start
633 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
634 run_cmd_nsb ping -c1 -w1 ${a}
635 log_test_addr ${a} $? 1 "ping in, blocked by rule"
636
637 [ "$VERBOSE" = "1" ] && echo
638 setup_cmd ip rule del pref 32765 from all lookup local
639 setup_cmd ip rule add pref 0 from all lookup local
640 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
641 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
642
643 #
644 # route blocks reachability to remote address
645 #
646 log_start
647 setup_cmd ip route replace unreachable ${NSB_LO_IP}
648 setup_cmd ip route replace unreachable ${NSB_IP}
649
650 a=${NSB_LO_IP}
651 run_cmd ping -c1 -w1 ${a}
652 log_test_addr ${a} $? 2 "ping out, blocked by route"
653
654 # NOTE: ipv4 actually allows the lookup to fail and yet still create
655 # a viable rtable if the oif (e.g., bind to device) is set, so this
656 # case succeeds despite not having a route for the address
657 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
658
659 a=${NSA_LO_IP}
660 log_start
661 show_hint "Response is dropped (or arp request is ignored) due to ip route"
662 run_cmd_nsb ping -c1 -w1 ${a}
663 log_test_addr ${a} $? 1 "ping in, blocked by route"
664
665 #
666 # remove 'remote' routes; fallback to default
667 #
668 log_start
669 setup_cmd ip ro del ${NSB_LO_IP}
670
671 a=${NSB_LO_IP}
672 run_cmd ping -c1 -w1 ${a}
673 log_test_addr ${a} $? 2 "ping out, unreachable default route"
674
675 # NOTE: ipv4 actually allows the lookup to fail and yet still create
676 # a viable rtable if the oif (e.g., bind to device) is set, so this
677 # case succeeds despite not having a route for the address
678 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
679}
680
681ipv4_ping_vrf()
682{
683 local a
684
685 # should default on; does not exist on older kernels
686 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
687
688 #
689 # out
690 #
691 for a in ${NSB_IP} ${NSB_LO_IP}
692 do
693 log_start
694 run_cmd ping -c1 -w1 -I ${VRF} ${a}
695 log_test_addr ${a} $? 0 "ping out, VRF bind"
696
697 log_start
698 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
699 log_test_addr ${a} $? 0 "ping out, device bind"
700
701 log_start
702 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
703 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
704
705 log_start
706 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
707 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
708 done
709
710 #
711 # in
712 #
713 for a in ${NSA_IP} ${VRF_IP}
714 do
715 log_start
716 run_cmd_nsb ping -c1 -w1 ${a}
717 log_test_addr ${a} $? 0 "ping in"
718 done
719
720 #
721 # local traffic, local address
722 #
723 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
724 do
725 log_start
726 show_hint "Source address should be ${a}"
727 run_cmd ping -c1 -w1 -I ${VRF} ${a}
728 log_test_addr ${a} $? 0 "ping local, VRF bind"
729 done
730
731 #
732 # local traffic, socket bound to device
733 #
734 # address on device
735 a=${NSA_IP}
736 log_start
737 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
738 log_test_addr ${a} $? 0 "ping local, device bind"
739
740 # vrf device is out of scope
741 for a in ${VRF_IP} 127.0.0.1
742 do
743 log_start
744 show_hint "Fails since address on vrf device is out of device scope"
745 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
746 log_test_addr ${a} $? 1 "ping local, device bind"
747 done
748
749 #
750 # ip rule blocks address
751 #
752 log_start
753 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
754 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
755
756 a=${NSB_LO_IP}
757 run_cmd ping -c1 -w1 -I ${VRF} ${a}
758 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
759
760 log_start
761 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
762 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
763
764 a=${NSA_LO_IP}
765 log_start
766 show_hint "Response lost due to ip rule"
767 run_cmd_nsb ping -c1 -w1 ${a}
768 log_test_addr ${a} $? 1 "ping in, blocked by rule"
769
770 [ "$VERBOSE" = "1" ] && echo
771 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
772 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
773
774 #
775 # remove 'remote' routes; fallback to default
776 #
777 log_start
778 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
779
780 a=${NSB_LO_IP}
781 run_cmd ping -c1 -w1 -I ${VRF} ${a}
782 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
783
784 log_start
785 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
786 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
787
788 a=${NSA_LO_IP}
789 log_start
790 show_hint "Response lost by unreachable route"
791 run_cmd_nsb ping -c1 -w1 ${a}
792 log_test_addr ${a} $? 1 "ping in, unreachable route"
793}
794
795ipv4_ping()
796{
797 log_section "IPv4 ping"
798
799 log_subsection "No VRF"
800 setup
801 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
802 ipv4_ping_novrf
803 setup
804 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
805 ipv4_ping_novrf
806
807 log_subsection "With VRF"
808 setup "yes"
809 ipv4_ping_vrf
810}
811
812################################################################################
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]813# IPv4 TCP
814
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]815#
816# MD5 tests without VRF
817#
818ipv4_tcp_md5_novrf()
819{
820 #
821 # single address
822 #
823
824 # basic use case
825 log_start
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]826 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]827 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]828 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]829 log_test $? 0 "MD5: Single address config"
830
831 # client sends MD5, server not configured
832 log_start
833 show_hint "Should timeout due to MD5 mismatch"
834 run_cmd nettest -s &
835 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]836 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]837 log_test $? 2 "MD5: Server no config, client uses password"
838
839 # wrong password
840 log_start
841 show_hint "Should timeout since client uses wrong password"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]842 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]843 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]844 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]845 log_test $? 2 "MD5: Client uses wrong password"
846
847 # client from different address
848 log_start
849 show_hint "Should timeout due to MD5 mismatch"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]850 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]851 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]852 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]853 log_test $? 2 "MD5: Client address does not match address configured with password"
854
855 #
856 # MD5 extension - prefix length
857 #
858
859 # client in prefix
860 log_start
861 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
862 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]863 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]864 log_test $? 0 "MD5: Prefix config"
865
866 # client in prefix, wrong password
867 log_start
868 show_hint "Should timeout since client uses wrong password"
869 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
870 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]871 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]872 log_test $? 2 "MD5: Prefix config, client uses wrong password"
873
874 # client outside of prefix
875 log_start
876 show_hint "Should timeout due to MD5 mismatch"
877 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
878 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]879 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]880 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
881}
882
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]883#
884# MD5 tests with VRF
885#
886ipv4_tcp_md5()
887{
888 #
889 # single address
890 #
891
892 # basic use case
893 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]894 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]895 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]896 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]897 log_test $? 0 "MD5: VRF: Single address config"
898
899 # client sends MD5, server not configured
900 log_start
901 show_hint "Should timeout since server does not have MD5 auth"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]902 run_cmd nettest -s -I ${VRF} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]903 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]904 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]905 log_test $? 2 "MD5: VRF: Server no config, client uses password"
906
907 # wrong password
908 log_start
909 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]910 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]911 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]912 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]913 log_test $? 2 "MD5: VRF: Client uses wrong password"
914
915 # client from different address
916 log_start
917 show_hint "Should timeout since server config differs from client"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]918 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]919 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]920 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]921 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
922
923 #
924 # MD5 extension - prefix length
925 #
926
927 # client in prefix
928 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]929 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]930 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]931 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]932 log_test $? 0 "MD5: VRF: Prefix config"
933
934 # client in prefix, wrong password
935 log_start
936 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]937 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]938 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]939 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]940 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
941
942 # client outside of prefix
943 log_start
944 show_hint "Should timeout since client address is outside of prefix"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]945 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]946 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]947 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]948 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
949
950 #
951 # duplicate config between default VRF and a VRF
952 #
953
954 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]955 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]956 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]957 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]958 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]959 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
960
961 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]962 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]963 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]964 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]965 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]966 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
967
968 log_start
969 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]970 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]971 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]972 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]973 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]974 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
975
976 log_start
977 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]978 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]979 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]980 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]981 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]982 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
983
984 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]985 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]986 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
987 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]988 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]989 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
990
991 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]992 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]993 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
994 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]995 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]996 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
997
998 log_start
999 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1000 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1001 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1002 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]1003 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1004 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
1005
1006 log_start
1007 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1008 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1009 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1010 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]1011 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1012 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
1013
1014 #
1015 # negative tests
1016 #
1017 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1018 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1019 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1020
1021 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1022 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1023 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1024
Leonard Crestez64e40172021-10-15 10:26:07 +0300[diff] [blame]1025 test_ipv4_md5_vrf__vrf_server__no_bind_ifindex
1026 test_ipv4_md5_vrf__global_server__bind_ifindex0
1027}
1028
1029test_ipv4_md5_vrf__vrf_server__no_bind_ifindex()
1030{
1031 log_start
1032 show_hint "Simulates applications using VRF without TCP_MD5SIG_FLAG_IFINDEX"
1033 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1034 sleep 1
1035 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1036 log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
1037
1038 log_start
1039 show_hint "Binding both the socket and the key is not required but it works"
1040 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1041 sleep 1
1042 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1043 log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
1044}
1045
1046test_ipv4_md5_vrf__global_server__bind_ifindex0()
1047{
1048 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1049 local old_tcp_l3mdev_accept
1050 old_tcp_l3mdev_accept=$(get_sysctl net.ipv4.tcp_l3mdev_accept)
1051 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1052
1053 log_start
1054 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1055 sleep 1
1056 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1057 log_test $? 2 "MD5: VRF: Global server, Key bound to ifindex=0 rejects VRF connection"
1058
1059 log_start
1060 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1061 sleep 1
1062 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1063 log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
1064 log_start
1065
1066 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1067 sleep 1
1068 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1069 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts VRF connection"
1070
1071 log_start
1072 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1073 sleep 1
1074 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1075 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
1076
1077 # restore value
1078 set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept"
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1079}
1080
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1081ipv4_tcp_novrf()
1082{
1083 local a
1084
1085 #
1086 # server tests
1087 #
1088 for a in ${NSA_IP} ${NSA_LO_IP}
1089 do
1090 log_start
1091 run_cmd nettest -s &
1092 sleep 1
1093 run_cmd_nsb nettest -r ${a}
1094 log_test_addr ${a} $? 0 "Global server"
1095 done
1096
1097 a=${NSA_IP}
1098 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1099 run_cmd nettest -s -I ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1100 sleep 1
1101 run_cmd_nsb nettest -r ${a}
1102 log_test_addr ${a} $? 0 "Device server"
1103
1104 # verify TCP reset sent and received
1105 for a in ${NSA_IP} ${NSA_LO_IP}
1106 do
1107 log_start
1108 show_hint "Should fail 'Connection refused' since there is no server"
1109 run_cmd_nsb nettest -r ${a}
1110 log_test_addr ${a} $? 1 "No server"
1111 done
1112
1113 #
1114 # client
1115 #
1116 for a in ${NSB_IP} ${NSB_LO_IP}
1117 do
1118 log_start
1119 run_cmd_nsb nettest -s &
1120 sleep 1
1121 run_cmd nettest -r ${a} -0 ${NSA_IP}
1122 log_test_addr ${a} $? 0 "Client"
1123
1124 log_start
1125 run_cmd_nsb nettest -s &
1126 sleep 1
1127 run_cmd nettest -r ${a} -d ${NSA_DEV}
1128 log_test_addr ${a} $? 0 "Client, device bind"
1129
1130 log_start
1131 show_hint "Should fail 'Connection refused'"
1132 run_cmd nettest -r ${a}
1133 log_test_addr ${a} $? 1 "No server, unbound client"
1134
1135 log_start
1136 show_hint "Should fail 'Connection refused'"
1137 run_cmd nettest -r ${a} -d ${NSA_DEV}
1138 log_test_addr ${a} $? 1 "No server, device client"
1139 done
1140
1141 #
1142 # local address tests
1143 #
1144 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1145 do
1146 log_start
1147 run_cmd nettest -s &
1148 sleep 1
1149 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1150 log_test_addr ${a} $? 0 "Global server, local connection"
1151 done
1152
1153 a=${NSA_IP}
1154 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1155 run_cmd nettest -s -I ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1156 sleep 1
1157 run_cmd nettest -r ${a} -0 ${a}
1158 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1159
1160 for a in ${NSA_LO_IP} 127.0.0.1
1161 do
1162 log_start
1163 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1164 run_cmd nettest -s -I ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1165 sleep 1
1166 run_cmd nettest -r ${a}
1167 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1168 done
1169
1170 a=${NSA_IP}
1171 log_start
1172 run_cmd nettest -s &
1173 sleep 1
1174 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1175 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1176
1177 for a in ${NSA_LO_IP} 127.0.0.1
1178 do
1179 log_start
1180 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
1181 run_cmd nettest -s &
1182 sleep 1
1183 run_cmd nettest -r ${a} -d ${NSA_DEV}
1184 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1185 done
1186
1187 a=${NSA_IP}
1188 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1189 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1190 sleep 1
1191 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1192 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1193
1194 log_start
1195 show_hint "Should fail 'Connection refused'"
1196 run_cmd nettest -d ${NSA_DEV} -r ${a}
1197 log_test_addr ${a} $? 1 "No server, device client, local conn"
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]1198
1199 ipv4_tcp_md5_novrf
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1200}
1201
1202ipv4_tcp_vrf()
1203{
1204 local a
1205
1206 # disable global server
1207 log_subsection "Global server disabled"
1208
1209 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1210
1211 #
1212 # server tests
1213 #
1214 for a in ${NSA_IP} ${VRF_IP}
1215 do
1216 log_start
1217 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1218 run_cmd nettest -s &
1219 sleep 1
1220 run_cmd_nsb nettest -r ${a}
1221 log_test_addr ${a} $? 1 "Global server"
1222
1223 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1224 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1225 sleep 1
1226 run_cmd_nsb nettest -r ${a}
1227 log_test_addr ${a} $? 0 "VRF server"
1228
1229 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1230 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1231 sleep 1
1232 run_cmd_nsb nettest -r ${a}
1233 log_test_addr ${a} $? 0 "Device server"
1234
1235 # verify TCP reset received
1236 log_start
1237 show_hint "Should fail 'Connection refused' since there is no server"
1238 run_cmd_nsb nettest -r ${a}
1239 log_test_addr ${a} $? 1 "No server"
1240 done
1241
1242 # local address tests
1243 # (${VRF_IP} and 127.0.0.1 both timeout)
1244 a=${NSA_IP}
1245 log_start
1246 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1247 run_cmd nettest -s &
1248 sleep 1
1249 run_cmd nettest -r ${a} -d ${NSA_DEV}
1250 log_test_addr ${a} $? 1 "Global server, local connection"
1251
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1252 # run MD5 tests
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]1253 setup_vrf_dup
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1254 ipv4_tcp_md5
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]1255 cleanup_vrf_dup
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1256
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1257 #
1258 # enable VRF global server
1259 #
1260 log_subsection "VRF Global server enabled"
1261 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1262
1263 for a in ${NSA_IP} ${VRF_IP}
1264 do
1265 log_start
1266 show_hint "client socket should be bound to VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1267 run_cmd nettest -s -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1268 sleep 1
1269 run_cmd_nsb nettest -r ${a}
1270 log_test_addr ${a} $? 0 "Global server"
1271
1272 log_start
1273 show_hint "client socket should be bound to VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1274 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1275 sleep 1
1276 run_cmd_nsb nettest -r ${a}
1277 log_test_addr ${a} $? 0 "VRF server"
1278
1279 # verify TCP reset received
1280 log_start
1281 show_hint "Should fail 'Connection refused'"
1282 run_cmd_nsb nettest -r ${a}
1283 log_test_addr ${a} $? 1 "No server"
1284 done
1285
1286 a=${NSA_IP}
1287 log_start
1288 show_hint "client socket should be bound to device"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1289 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1290 sleep 1
1291 run_cmd_nsb nettest -r ${a}
1292 log_test_addr ${a} $? 0 "Device server"
1293
1294 # local address tests
1295 for a in ${NSA_IP} ${VRF_IP}
1296 do
1297 log_start
David Ahern17aa23e2020-01-05 20:02:05 -0800[diff] [blame]1298 show_hint "Should fail 'Connection refused' since client is not bound to VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1299 run_cmd nettest -s -I ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1300 sleep 1
1301 run_cmd nettest -r ${a}
1302 log_test_addr ${a} $? 1 "Global server, local connection"
1303 done
1304
1305 #
1306 # client
1307 #
1308 for a in ${NSB_IP} ${NSB_LO_IP}
1309 do
1310 log_start
1311 run_cmd_nsb nettest -s &
1312 sleep 1
1313 run_cmd nettest -r ${a} -d ${VRF}
1314 log_test_addr ${a} $? 0 "Client, VRF bind"
1315
1316 log_start
1317 run_cmd_nsb nettest -s &
1318 sleep 1
1319 run_cmd nettest -r ${a} -d ${NSA_DEV}
1320 log_test_addr ${a} $? 0 "Client, device bind"
1321
1322 log_start
1323 show_hint "Should fail 'Connection refused'"
1324 run_cmd nettest -r ${a} -d ${VRF}
1325 log_test_addr ${a} $? 1 "No server, VRF client"
1326
1327 log_start
1328 show_hint "Should fail 'Connection refused'"
1329 run_cmd nettest -r ${a} -d ${NSA_DEV}
1330 log_test_addr ${a} $? 1 "No server, device client"
1331 done
1332
1333 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1334 do
1335 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1336 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1337 sleep 1
1338 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1339 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1340 done
1341
1342 a=${NSA_IP}
1343 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1344 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1345 sleep 1
1346 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1347 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1348
1349 log_start
1350 show_hint "Should fail 'No route to host' since client is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1351 run_cmd nettest -s -I ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1352 sleep 1
1353 run_cmd nettest -r ${a}
1354 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1355
1356 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1357 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1358 sleep 1
1359 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1360 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1361
1362 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1363 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1364 sleep 1
1365 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1366 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1367}
1368
1369ipv4_tcp()
1370{
1371 log_section "IPv4/TCP"
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1372 log_subsection "No VRF"
1373 setup
1374
1375 # tcp_l3mdev_accept should have no affect without VRF;
1376 # run tests with it enabled and disabled to verify
1377 log_subsection "tcp_l3mdev_accept disabled"
1378 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1379 ipv4_tcp_novrf
1380 log_subsection "tcp_l3mdev_accept enabled"
1381 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1382 ipv4_tcp_novrf
1383
1384 log_subsection "With VRF"
1385 setup "yes"
1386 ipv4_tcp_vrf
1387}
1388
1389################################################################################
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1390# IPv4 UDP
1391
1392ipv4_udp_novrf()
1393{
1394 local a
1395
1396 #
1397 # server tests
1398 #
1399 for a in ${NSA_IP} ${NSA_LO_IP}
1400 do
1401 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1402 run_cmd nettest -D -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1403 sleep 1
1404 run_cmd_nsb nettest -D -r ${a}
1405 log_test_addr ${a} $? 0 "Global server"
1406
1407 log_start
1408 show_hint "Should fail 'Connection refused' since there is no server"
1409 run_cmd_nsb nettest -D -r ${a}
1410 log_test_addr ${a} $? 1 "No server"
1411 done
1412
1413 a=${NSA_IP}
1414 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1415 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1416 sleep 1
1417 run_cmd_nsb nettest -D -r ${a}
1418 log_test_addr ${a} $? 0 "Device server"
1419
1420 #
1421 # client
1422 #
1423 for a in ${NSB_IP} ${NSB_LO_IP}
1424 do
1425 log_start
1426 run_cmd_nsb nettest -D -s &
1427 sleep 1
1428 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1429 log_test_addr ${a} $? 0 "Client"
1430
1431 log_start
1432 run_cmd_nsb nettest -D -s &
1433 sleep 1
1434 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1435 log_test_addr ${a} $? 0 "Client, device bind"
1436
1437 log_start
1438 run_cmd_nsb nettest -D -s &
1439 sleep 1
1440 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1441 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1442
1443 log_start
1444 run_cmd_nsb nettest -D -s &
1445 sleep 1
1446 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1447 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1448
1449 log_start
1450 show_hint "Should fail 'Connection refused'"
1451 run_cmd nettest -D -r ${a}
1452 log_test_addr ${a} $? 1 "No server, unbound client"
1453
1454 log_start
1455 show_hint "Should fail 'Connection refused'"
1456 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1457 log_test_addr ${a} $? 1 "No server, device client"
1458 done
1459
1460 #
1461 # local address tests
1462 #
1463 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1464 do
1465 log_start
1466 run_cmd nettest -D -s &
1467 sleep 1
1468 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1469 log_test_addr ${a} $? 0 "Global server, local connection"
1470 done
1471
1472 a=${NSA_IP}
1473 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1474 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1475 sleep 1
1476 run_cmd nettest -D -r ${a}
1477 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1478
1479 for a in ${NSA_LO_IP} 127.0.0.1
1480 do
1481 log_start
1482 show_hint "Should fail 'Connection refused' since address is out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1483 run_cmd nettest -s -D -I ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1484 sleep 1
1485 run_cmd nettest -D -r ${a}
1486 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1487 done
1488
1489 a=${NSA_IP}
1490 log_start
1491 run_cmd nettest -s -D &
1492 sleep 1
1493 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1494 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1495
1496 log_start
1497 run_cmd nettest -s -D &
1498 sleep 1
1499 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1500 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1501
1502 log_start
1503 run_cmd nettest -s -D &
1504 sleep 1
1505 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1506 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1507
1508 # IPv4 with device bind has really weird behavior - it overrides the
1509 # fib lookup, generates an rtable and tries to send the packet. This
1510 # causes failures for local traffic at different places
1511 for a in ${NSA_LO_IP} 127.0.0.1
1512 do
1513 log_start
1514 show_hint "Should fail since addresses on loopback are out of device scope"
1515 run_cmd nettest -D -s &
1516 sleep 1
1517 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1518 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1519
1520 log_start
1521 show_hint "Should fail since addresses on loopback are out of device scope"
1522 run_cmd nettest -D -s &
1523 sleep 1
1524 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1525 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1526
1527 log_start
1528 show_hint "Should fail since addresses on loopback are out of device scope"
1529 run_cmd nettest -D -s &
1530 sleep 1
1531 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1532 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1533 done
1534
1535 a=${NSA_IP}
1536 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1537 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1538 sleep 1
1539 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1540 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1541
1542 log_start
1543 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1544 log_test_addr ${a} $? 2 "No server, device client, local conn"
1545}
1546
1547ipv4_udp_vrf()
1548{
1549 local a
1550
1551 # disable global server
1552 log_subsection "Global server disabled"
1553 set_sysctl net.ipv4.udp_l3mdev_accept=0
1554
1555 #
1556 # server tests
1557 #
1558 for a in ${NSA_IP} ${VRF_IP}
1559 do
1560 log_start
1561 show_hint "Fails because ingress is in a VRF and global server is disabled"
1562 run_cmd nettest -D -s &
1563 sleep 1
1564 run_cmd_nsb nettest -D -r ${a}
1565 log_test_addr ${a} $? 1 "Global server"
1566
1567 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1568 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1569 sleep 1
1570 run_cmd_nsb nettest -D -r ${a}
1571 log_test_addr ${a} $? 0 "VRF server"
1572
1573 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1574 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1575 sleep 1
1576 run_cmd_nsb nettest -D -r ${a}
1577 log_test_addr ${a} $? 0 "Enslaved device server"
1578
1579 log_start
1580 show_hint "Should fail 'Connection refused' since there is no server"
1581 run_cmd_nsb nettest -D -r ${a}
1582 log_test_addr ${a} $? 1 "No server"
1583
1584 log_start
1585 show_hint "Should fail 'Connection refused' since global server is out of scope"
1586 run_cmd nettest -D -s &
1587 sleep 1
1588 run_cmd nettest -D -d ${VRF} -r ${a}
1589 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1590 done
1591
1592 a=${NSA_IP}
1593 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1594 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1595 sleep 1
1596 run_cmd nettest -D -d ${VRF} -r ${a}
1597 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1598
1599 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1600 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1601 sleep 1
1602 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1603 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1604
1605 a=${NSA_IP}
1606 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1607 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1608 sleep 1
1609 run_cmd nettest -D -d ${VRF} -r ${a}
1610 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1611
1612 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1613 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1614 sleep 1
1615 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1616 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1617
1618 # enable global server
1619 log_subsection "Global server enabled"
1620 set_sysctl net.ipv4.udp_l3mdev_accept=1
1621
1622 #
1623 # server tests
1624 #
1625 for a in ${NSA_IP} ${VRF_IP}
1626 do
1627 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1628 run_cmd nettest -D -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1629 sleep 1
1630 run_cmd_nsb nettest -D -r ${a}
1631 log_test_addr ${a} $? 0 "Global server"
1632
1633 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1634 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1635 sleep 1
1636 run_cmd_nsb nettest -D -r ${a}
1637 log_test_addr ${a} $? 0 "VRF server"
1638
1639 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1640 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1641 sleep 1
1642 run_cmd_nsb nettest -D -r ${a}
1643 log_test_addr ${a} $? 0 "Enslaved device server"
1644
1645 log_start
1646 show_hint "Should fail 'Connection refused'"
1647 run_cmd_nsb nettest -D -r ${a}
1648 log_test_addr ${a} $? 1 "No server"
1649 done
1650
1651 #
1652 # client tests
1653 #
1654 log_start
1655 run_cmd_nsb nettest -D -s &
1656 sleep 1
1657 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1658 log_test $? 0 "VRF client"
1659
1660 log_start
1661 run_cmd_nsb nettest -D -s &
1662 sleep 1
1663 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1664 log_test $? 0 "Enslaved device client"
1665
1666 # negative test - should fail
1667 log_start
1668 show_hint "Should fail 'Connection refused'"
1669 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1670 log_test $? 1 "No server, VRF client"
1671
1672 log_start
1673 show_hint "Should fail 'Connection refused'"
1674 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1675 log_test $? 1 "No server, enslaved device client"
1676
1677 #
1678 # local address tests
1679 #
1680 a=${NSA_IP}
1681 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1682 run_cmd nettest -D -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1683 sleep 1
1684 run_cmd nettest -D -d ${VRF} -r ${a}
1685 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1686
1687 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1688 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1689 sleep 1
1690 run_cmd nettest -D -d ${VRF} -r ${a}
1691 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1692
1693 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1694 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1695 sleep 1
1696 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1697 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1698
1699 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1700 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1701 sleep 1
1702 run_cmd nettest -D -d ${VRF} -r ${a}
1703 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1704
1705 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1706 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1707 sleep 1
1708 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1709 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1710
1711 for a in ${VRF_IP} 127.0.0.1
1712 do
1713 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1714 run_cmd nettest -D -s -3 ${VRF} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1715 sleep 1
1716 run_cmd nettest -D -d ${VRF} -r ${a}
1717 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1718 done
1719
1720 for a in ${VRF_IP} 127.0.0.1
1721 do
1722 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1723 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1724 sleep 1
1725 run_cmd nettest -D -d ${VRF} -r ${a}
1726 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1727 done
1728
1729 # negative test - should fail
1730 # verifies ECONNREFUSED
1731 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1732 do
1733 log_start
1734 show_hint "Should fail 'Connection refused'"
1735 run_cmd nettest -D -d ${VRF} -r ${a}
1736 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1737 done
1738}
1739
1740ipv4_udp()
1741{
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1742 log_section "IPv4/UDP"
1743 log_subsection "No VRF"
1744
1745 setup
1746
1747 # udp_l3mdev_accept should have no affect without VRF;
1748 # run tests with it enabled and disabled to verify
1749 log_subsection "udp_l3mdev_accept disabled"
1750 set_sysctl net.ipv4.udp_l3mdev_accept=0
1751 ipv4_udp_novrf
1752 log_subsection "udp_l3mdev_accept enabled"
1753 set_sysctl net.ipv4.udp_l3mdev_accept=1
1754 ipv4_udp_novrf
1755
1756 log_subsection "With VRF"
1757 setup "yes"
1758 ipv4_udp_vrf
1759}
1760
1761################################################################################
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1762# IPv4 address bind
1763#
1764# verifies ability or inability to bind to an address / device
1765
1766ipv4_addr_bind_novrf()
1767{
1768 #
1769 # raw socket
1770 #
1771 for a in ${NSA_IP} ${NSA_LO_IP}
1772 do
1773 log_start
1774 run_cmd nettest -s -R -P icmp -l ${a} -b
1775 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1776
1777 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1778 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1779 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1780 done
1781
1782 #
1783 # tcp sockets
1784 #
1785 a=${NSA_IP}
1786 log_start
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]1787 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1788 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1789
1790 log_start
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]1791 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1792 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1793
1794 # Sadly, the kernel allows binding a socket to a device and then
1795 # binding to an address not on the device. The only restriction
1796 # is that the address is valid in the L3 domain. So this test
1797 # passes when it really should not
1798 #a=${NSA_LO_IP}
1799 #log_start
1800 #show_hint "Should fail with 'Cannot assign requested address'"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1801 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1802 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1803}
1804
1805ipv4_addr_bind_vrf()
1806{
1807 #
1808 # raw socket
1809 #
1810 for a in ${NSA_IP} ${VRF_IP}
1811 do
1812 log_start
David Ahern0f108ae2021-12-11 10:21:08 -0700[diff] [blame^]1813 show_hint "Socket not bound to VRF, but address is in VRF"
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1814 run_cmd nettest -s -R -P icmp -l ${a} -b
David Ahern0f108ae2021-12-11 10:21:08 -0700[diff] [blame^]1815 log_test_addr ${a} $? 1 "Raw socket bind to local address"
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1816
1817 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1818 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1819 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1820 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1821 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1822 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1823 done
1824
1825 a=${NSA_LO_IP}
1826 log_start
1827 show_hint "Address on loopback is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1828 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1829 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1830
1831 #
1832 # tcp sockets
1833 #
1834 for a in ${NSA_IP} ${VRF_IP}
1835 do
1836 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1837 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1838 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1839
1840 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1841 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1842 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1843 done
1844
1845 a=${NSA_LO_IP}
1846 log_start
1847 show_hint "Address on loopback out of scope for VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1848 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1849 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1850
1851 log_start
1852 show_hint "Address on loopback out of scope for device in VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1853 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1854 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1855}
1856
1857ipv4_addr_bind()
1858{
1859 log_section "IPv4 address binds"
1860
1861 log_subsection "No VRF"
1862 setup
1863 ipv4_addr_bind_novrf
1864
1865 log_subsection "With VRF"
1866 setup "yes"
1867 ipv4_addr_bind_vrf
1868}
1869
1870################################################################################
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1871# IPv4 runtime tests
1872
1873ipv4_rt()
1874{
1875 local desc="$1"
1876 local varg="$2"
1877 local with_vrf="yes"
1878 local a
1879
1880 #
1881 # server tests
1882 #
1883 for a in ${NSA_IP} ${VRF_IP}
1884 do
1885 log_start
1886 run_cmd nettest ${varg} -s &
1887 sleep 1
1888 run_cmd_nsb nettest ${varg} -r ${a} &
1889 sleep 3
1890 run_cmd ip link del ${VRF}
1891 sleep 1
1892 log_test_addr ${a} 0 0 "${desc}, global server"
1893
1894 setup ${with_vrf}
1895 done
1896
1897 for a in ${NSA_IP} ${VRF_IP}
1898 do
1899 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1900 run_cmd nettest ${varg} -s -I ${VRF} &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1901 sleep 1
1902 run_cmd_nsb nettest ${varg} -r ${a} &
1903 sleep 3
1904 run_cmd ip link del ${VRF}
1905 sleep 1
1906 log_test_addr ${a} 0 0 "${desc}, VRF server"
1907
1908 setup ${with_vrf}
1909 done
1910
1911 a=${NSA_IP}
1912 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1913 run_cmd nettest ${varg} -s -I ${NSA_DEV} &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1914 sleep 1
1915 run_cmd_nsb nettest ${varg} -r ${a} &
1916 sleep 3
1917 run_cmd ip link del ${VRF}
1918 sleep 1
1919 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1920
1921 setup ${with_vrf}
1922
1923 #
1924 # client test
1925 #
1926 log_start
1927 run_cmd_nsb nettest ${varg} -s &
1928 sleep 1
1929 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
1930 sleep 3
1931 run_cmd ip link del ${VRF}
1932 sleep 1
1933 log_test_addr ${a} 0 0 "${desc}, VRF client"
1934
1935 setup ${with_vrf}
1936
1937 log_start
1938 run_cmd_nsb nettest ${varg} -s &
1939 sleep 1
1940 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1941 sleep 3
1942 run_cmd ip link del ${VRF}
1943 sleep 1
1944 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1945
1946 setup ${with_vrf}
1947
1948 #
1949 # local address tests
1950 #
1951 for a in ${NSA_IP} ${VRF_IP}
1952 do
1953 log_start
1954 run_cmd nettest ${varg} -s &
1955 sleep 1
1956 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1957 sleep 3
1958 run_cmd ip link del ${VRF}
1959 sleep 1
1960 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1961
1962 setup ${with_vrf}
1963 done
1964
1965 for a in ${NSA_IP} ${VRF_IP}
1966 do
1967 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1968 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1969 sleep 1
1970 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1971 sleep 3
1972 run_cmd ip link del ${VRF}
1973 sleep 1
1974 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1975
1976 setup ${with_vrf}
1977 done
1978
1979 a=${NSA_IP}
1980 log_start
1981 run_cmd nettest ${varg} -s &
1982 sleep 1
1983 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1984 sleep 3
1985 run_cmd ip link del ${VRF}
1986 sleep 1
1987 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
1988
1989 setup ${with_vrf}
1990
1991 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1992 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1993 sleep 1
1994 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1995 sleep 3
1996 run_cmd ip link del ${VRF}
1997 sleep 1
1998 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1999
2000 setup ${with_vrf}
2001
2002 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2003 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]2004 sleep 1
2005 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2006 sleep 3
2007 run_cmd ip link del ${VRF}
2008 sleep 1
2009 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
2010}
2011
2012ipv4_ping_rt()
2013{
2014 local with_vrf="yes"
2015 local a
2016
2017 for a in ${NSA_IP} ${VRF_IP}
2018 do
2019 log_start
2020 run_cmd_nsb ping -f ${a} &
2021 sleep 3
2022 run_cmd ip link del ${VRF}
2023 sleep 1
2024 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2025
2026 setup ${with_vrf}
2027 done
2028
2029 a=${NSB_IP}
2030 log_start
2031 run_cmd ping -f -I ${VRF} ${a} &
2032 sleep 3
2033 run_cmd ip link del ${VRF}
2034 sleep 1
2035 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2036}
2037
2038ipv4_runtime()
2039{
2040 log_section "Run time tests - ipv4"
2041
2042 setup "yes"
2043 ipv4_ping_rt
2044
2045 setup "yes"
2046 ipv4_rt "TCP active socket" "-n -1"
2047
2048 setup "yes"
2049 ipv4_rt "TCP passive socket" "-i"
2050}
2051
2052################################################################################
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]2053# IPv6
2054
2055ipv6_ping_novrf()
2056{
2057 local a
2058
2059 # should not have an impact, but make a known state
2060 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
2061
2062 #
2063 # out
2064 #
2065 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2066 do
2067 log_start
2068 run_cmd ${ping6} -c1 -w1 ${a}
2069 log_test_addr ${a} $? 0 "ping out"
2070 done
2071
2072 for a in ${NSB_IP6} ${NSB_LO_IP6}
2073 do
2074 log_start
2075 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2076 log_test_addr ${a} $? 0 "ping out, device bind"
2077
2078 log_start
2079 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2080 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2081 done
2082
2083 #
2084 # in
2085 #
2086 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2087 do
2088 log_start
2089 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2090 log_test_addr ${a} $? 0 "ping in"
2091 done
2092
2093 #
2094 # local traffic, local address
2095 #
2096 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2097 do
2098 log_start
2099 run_cmd ${ping6} -c1 -w1 ${a}
2100 log_test_addr ${a} $? 0 "ping local, no bind"
2101 done
2102
2103 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2104 do
2105 log_start
2106 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2107 log_test_addr ${a} $? 0 "ping local, device bind"
2108 done
2109
2110 for a in ${NSA_LO_IP6} ::1
2111 do
2112 log_start
2113 show_hint "Fails since address on loopback is out of device scope"
2114 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2115 log_test_addr ${a} $? 2 "ping local, device bind"
2116 done
2117
2118 #
2119 # ip rule blocks address
2120 #
2121 log_start
2122 setup_cmd ip -6 rule add pref 32765 from all lookup local
2123 setup_cmd ip -6 rule del pref 0 from all lookup local
2124 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2125 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2126
2127 a=${NSB_LO_IP6}
2128 run_cmd ${ping6} -c1 -w1 ${a}
2129 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2130
2131 log_start
2132 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2133 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2134
2135 a=${NSA_LO_IP6}
2136 log_start
2137 show_hint "Response lost due to ip rule"
2138 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2139 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2140
2141 setup_cmd ip -6 rule add pref 0 from all lookup local
2142 setup_cmd ip -6 rule del pref 32765 from all lookup local
2143 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2144 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2145
2146 #
2147 # route blocks reachability to remote address
2148 #
2149 log_start
2150 setup_cmd ip -6 route del ${NSB_LO_IP6}
2151 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2152 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2153
2154 a=${NSB_LO_IP6}
2155 run_cmd ${ping6} -c1 -w1 ${a}
2156 log_test_addr ${a} $? 2 "ping out, blocked by route"
2157
2158 log_start
2159 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2160 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2161
2162 a=${NSA_LO_IP6}
2163 log_start
2164 show_hint "Response lost due to ip route"
2165 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2166 log_test_addr ${a} $? 1 "ping in, blocked by route"
2167
2168
2169 #
2170 # remove 'remote' routes; fallback to default
2171 #
2172 log_start
2173 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2174 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2175
2176 a=${NSB_LO_IP6}
2177 run_cmd ${ping6} -c1 -w1 ${a}
2178 log_test_addr ${a} $? 2 "ping out, unreachable route"
2179
2180 log_start
2181 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2182 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2183}
2184
2185ipv6_ping_vrf()
2186{
2187 local a
2188
2189 # should default on; does not exist on older kernels
2190 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2191
2192 #
2193 # out
2194 #
2195 for a in ${NSB_IP6} ${NSB_LO_IP6}
2196 do
2197 log_start
2198 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2199 log_test_addr ${a} $? 0 "ping out, VRF bind"
2200 done
2201
2202 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2203 do
2204 log_start
2205 show_hint "Fails since VRF device does not support linklocal or multicast"
2206 run_cmd ${ping6} -c1 -w1 ${a}
Jie2x Zhou92816e22021-12-09 10:02:30 +0800[diff] [blame]2207 log_test_addr ${a} $? 1 "ping out, VRF bind"
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]2208 done
2209
2210 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2211 do
2212 log_start
2213 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2214 log_test_addr ${a} $? 0 "ping out, device bind"
2215 done
2216
2217 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2218 do
2219 log_start
2220 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2221 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2222 done
2223
2224 #
2225 # in
2226 #
2227 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2228 do
2229 log_start
2230 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2231 log_test_addr ${a} $? 0 "ping in"
2232 done
2233
2234 a=${NSA_LO_IP6}
2235 log_start
2236 show_hint "Fails since loopback address is out of VRF scope"
2237 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2238 log_test_addr ${a} $? 1 "ping in"
2239
2240 #
2241 # local traffic, local address
2242 #
2243 for a in ${NSA_IP6} ${VRF_IP6} ::1
2244 do
2245 log_start
2246 show_hint "Source address should be ${a}"
2247 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2248 log_test_addr ${a} $? 0 "ping local, VRF bind"
2249 done
2250
2251 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2252 do
2253 log_start
2254 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2255 log_test_addr ${a} $? 0 "ping local, device bind"
2256 done
2257
2258 # LLA to GUA - remove ipv6 global addresses from ns-B
2259 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2260 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2261 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2262
2263 for a in ${NSA_IP6} ${VRF_IP6}
2264 do
2265 log_start
2266 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2267 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2268 done
2269
2270 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2271 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2272 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2273
2274 #
2275 # ip rule blocks address
2276 #
2277 log_start
2278 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2279 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2280
2281 a=${NSB_LO_IP6}
2282 run_cmd ${ping6} -c1 -w1 ${a}
2283 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2284
2285 log_start
2286 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2287 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2288
2289 a=${NSA_LO_IP6}
2290 log_start
2291 show_hint "Response lost due to ip rule"
2292 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2293 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2294
2295 log_start
2296 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2297 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2298
2299 #
2300 # remove 'remote' routes; fallback to default
2301 #
2302 log_start
2303 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2304
2305 a=${NSB_LO_IP6}
2306 run_cmd ${ping6} -c1 -w1 ${a}
2307 log_test_addr ${a} $? 2 "ping out, unreachable route"
2308
2309 log_start
2310 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2311 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2312
2313 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2314 a=${NSA_LO_IP6}
2315 log_start
2316 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2317 log_test_addr ${a} $? 2 "ping in, unreachable route"
2318}
2319
2320ipv6_ping()
2321{
2322 log_section "IPv6 ping"
2323
2324 log_subsection "No VRF"
2325 setup
2326 ipv6_ping_novrf
2327
2328 log_subsection "With VRF"
2329 setup "yes"
2330 ipv6_ping_vrf
2331}
2332
2333################################################################################
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2334# IPv6 TCP
2335
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2336#
2337# MD5 tests without VRF
2338#
2339ipv6_tcp_md5_novrf()
2340{
2341 #
2342 # single address
2343 #
2344
2345 # basic use case
2346 log_start
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2347 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2348 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2349 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2350 log_test $? 0 "MD5: Single address config"
2351
2352 # client sends MD5, server not configured
2353 log_start
2354 show_hint "Should timeout due to MD5 mismatch"
2355 run_cmd nettest -6 -s &
2356 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2357 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2358 log_test $? 2 "MD5: Server no config, client uses password"
2359
2360 # wrong password
2361 log_start
2362 show_hint "Should timeout since client uses wrong password"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2363 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2364 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2365 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2366 log_test $? 2 "MD5: Client uses wrong password"
2367
2368 # client from different address
2369 log_start
2370 show_hint "Should timeout due to MD5 mismatch"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2371 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2372 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2373 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2374 log_test $? 2 "MD5: Client address does not match address configured with password"
2375
2376 #
2377 # MD5 extension - prefix length
2378 #
2379
2380 # client in prefix
2381 log_start
2382 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2383 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2384 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2385 log_test $? 0 "MD5: Prefix config"
2386
2387 # client in prefix, wrong password
2388 log_start
2389 show_hint "Should timeout since client uses wrong password"
2390 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2391 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2392 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2393 log_test $? 2 "MD5: Prefix config, client uses wrong password"
2394
2395 # client outside of prefix
2396 log_start
2397 show_hint "Should timeout due to MD5 mismatch"
2398 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2399 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]2400 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2401 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
2402}
2403
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2404#
2405# MD5 tests with VRF
2406#
2407ipv6_tcp_md5()
2408{
2409 #
2410 # single address
2411 #
2412
2413 # basic use case
2414 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2415 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2416 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2417 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2418 log_test $? 0 "MD5: VRF: Single address config"
2419
2420 # client sends MD5, server not configured
2421 log_start
2422 show_hint "Should timeout since server does not have MD5 auth"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2423 run_cmd nettest -6 -s -I ${VRF} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2424 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2425 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2426 log_test $? 2 "MD5: VRF: Server no config, client uses password"
2427
2428 # wrong password
2429 log_start
2430 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2431 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2432 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2433 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2434 log_test $? 2 "MD5: VRF: Client uses wrong password"
2435
2436 # client from different address
2437 log_start
2438 show_hint "Should timeout since server config differs from client"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2439 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2440 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2441 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2442 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
2443
2444 #
2445 # MD5 extension - prefix length
2446 #
2447
2448 # client in prefix
2449 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2450 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2451 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2452 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2453 log_test $? 0 "MD5: VRF: Prefix config"
2454
2455 # client in prefix, wrong password
2456 log_start
2457 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2458 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2459 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2460 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2461 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
2462
2463 # client outside of prefix
2464 log_start
2465 show_hint "Should timeout since client address is outside of prefix"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2466 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2467 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]2468 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2469 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
2470
2471 #
2472 # duplicate config between default VRF and a VRF
2473 #
2474
2475 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2476 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2477 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2478 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2479 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2480 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
2481
2482 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2483 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2484 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2485 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2486 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2487 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
2488
2489 log_start
2490 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2491 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2492 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2493 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2494 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2495 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
2496
2497 log_start
2498 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2499 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2500 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2501 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2502 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2503 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
2504
2505 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2506 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2507 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2508 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2509 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2510 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
2511
2512 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2513 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2514 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2515 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2516 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2517 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
2518
2519 log_start
2520 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2521 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2522 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2523 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2524 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2525 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
2526
2527 log_start
2528 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2529 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2530 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2531 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2532 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2533 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
2534
2535 #
2536 # negative tests
2537 #
2538 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2539 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2540 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2541
2542 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2543 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2544 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2545
2546}
2547
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2548ipv6_tcp_novrf()
2549{
2550 local a
2551
2552 #
2553 # server tests
2554 #
2555 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2556 do
2557 log_start
2558 run_cmd nettest -6 -s &
2559 sleep 1
2560 run_cmd_nsb nettest -6 -r ${a}
2561 log_test_addr ${a} $? 0 "Global server"
2562 done
2563
2564 # verify TCP reset received
2565 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2566 do
2567 log_start
2568 show_hint "Should fail 'Connection refused'"
2569 run_cmd_nsb nettest -6 -r ${a}
2570 log_test_addr ${a} $? 1 "No server"
2571 done
2572
2573 #
2574 # client
2575 #
2576 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2577 do
2578 log_start
2579 run_cmd_nsb nettest -6 -s &
2580 sleep 1
2581 run_cmd nettest -6 -r ${a}
2582 log_test_addr ${a} $? 0 "Client"
2583 done
2584
2585 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2586 do
2587 log_start
2588 run_cmd_nsb nettest -6 -s &
2589 sleep 1
2590 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2591 log_test_addr ${a} $? 0 "Client, device bind"
2592 done
2593
2594 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2595 do
2596 log_start
2597 show_hint "Should fail 'Connection refused'"
2598 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2599 log_test_addr ${a} $? 1 "No server, device client"
2600 done
2601
2602 #
2603 # local address tests
2604 #
2605 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2606 do
2607 log_start
2608 run_cmd nettest -6 -s &
2609 sleep 1
2610 run_cmd nettest -6 -r ${a}
2611 log_test_addr ${a} $? 0 "Global server, local connection"
2612 done
2613
2614 a=${NSA_IP6}
2615 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2616 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2617 sleep 1
2618 run_cmd nettest -6 -r ${a} -0 ${a}
2619 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2620
2621 for a in ${NSA_LO_IP6} ::1
2622 do
2623 log_start
2624 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2625 run_cmd nettest -6 -s -I ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2626 sleep 1
2627 run_cmd nettest -6 -r ${a}
2628 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2629 done
2630
2631 a=${NSA_IP6}
2632 log_start
2633 run_cmd nettest -6 -s &
2634 sleep 1
2635 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2636 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2637
2638 for a in ${NSA_LO_IP6} ::1
2639 do
2640 log_start
2641 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2642 run_cmd nettest -6 -s &
2643 sleep 1
2644 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2645 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2646 done
2647
2648 for a in ${NSA_IP6} ${NSA_LINKIP6}
2649 do
2650 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2651 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2652 sleep 1
2653 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2654 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2655 done
2656
2657 for a in ${NSA_IP6} ${NSA_LINKIP6}
2658 do
2659 log_start
2660 show_hint "Should fail 'Connection refused'"
2661 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2662 log_test_addr ${a} $? 1 "No server, device client, local conn"
2663 done
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2664
2665 ipv6_tcp_md5_novrf
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2666}
2667
2668ipv6_tcp_vrf()
2669{
2670 local a
2671
2672 # disable global server
2673 log_subsection "Global server disabled"
2674
2675 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2676
2677 #
2678 # server tests
2679 #
2680 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2681 do
2682 log_start
2683 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2684 run_cmd nettest -6 -s &
2685 sleep 1
2686 run_cmd_nsb nettest -6 -r ${a}
2687 log_test_addr ${a} $? 1 "Global server"
2688 done
2689
2690 for a in ${NSA_IP6} ${VRF_IP6}
2691 do
2692 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2693 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2694 sleep 1
2695 run_cmd_nsb nettest -6 -r ${a}
2696 log_test_addr ${a} $? 0 "VRF server"
2697 done
2698
2699 # link local is always bound to ingress device
2700 a=${NSA_LINKIP6}%${NSB_DEV}
2701 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2702 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2703 sleep 1
2704 run_cmd_nsb nettest -6 -r ${a}
2705 log_test_addr ${a} $? 0 "VRF server"
2706
2707 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2708 do
2709 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2710 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2711 sleep 1
2712 run_cmd_nsb nettest -6 -r ${a}
2713 log_test_addr ${a} $? 0 "Device server"
2714 done
2715
2716 # verify TCP reset received
2717 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2718 do
2719 log_start
2720 show_hint "Should fail 'Connection refused'"
2721 run_cmd_nsb nettest -6 -r ${a}
2722 log_test_addr ${a} $? 1 "No server"
2723 done
2724
2725 # local address tests
2726 a=${NSA_IP6}
2727 log_start
2728 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2729 run_cmd nettest -6 -s &
2730 sleep 1
2731 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2732 log_test_addr ${a} $? 1 "Global server, local connection"
2733
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2734 # run MD5 tests
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]2735 setup_vrf_dup
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2736 ipv6_tcp_md5
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]2737 cleanup_vrf_dup
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2738
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2739 #
2740 # enable VRF global server
2741 #
2742 log_subsection "VRF Global server enabled"
2743 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2744
2745 for a in ${NSA_IP6} ${VRF_IP6}
2746 do
2747 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2748 run_cmd nettest -6 -s -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2749 sleep 1
2750 run_cmd_nsb nettest -6 -r ${a}
2751 log_test_addr ${a} $? 0 "Global server"
2752 done
2753
2754 for a in ${NSA_IP6} ${VRF_IP6}
2755 do
2756 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2757 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2758 sleep 1
2759 run_cmd_nsb nettest -6 -r ${a}
2760 log_test_addr ${a} $? 0 "VRF server"
2761 done
2762
2763 # For LLA, child socket is bound to device
2764 a=${NSA_LINKIP6}%${NSB_DEV}
2765 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2766 run_cmd nettest -6 -s -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2767 sleep 1
2768 run_cmd_nsb nettest -6 -r ${a}
2769 log_test_addr ${a} $? 0 "Global server"
2770
2771 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2772 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2773 sleep 1
2774 run_cmd_nsb nettest -6 -r ${a}
2775 log_test_addr ${a} $? 0 "VRF server"
2776
2777 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2778 do
2779 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2780 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2781 sleep 1
2782 run_cmd_nsb nettest -6 -r ${a}
2783 log_test_addr ${a} $? 0 "Device server"
2784 done
2785
2786 # verify TCP reset received
2787 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2788 do
2789 log_start
2790 show_hint "Should fail 'Connection refused'"
2791 run_cmd_nsb nettest -6 -r ${a}
2792 log_test_addr ${a} $? 1 "No server"
2793 done
2794
2795 # local address tests
2796 for a in ${NSA_IP6} ${VRF_IP6}
2797 do
2798 log_start
David Ahern17aa23e2020-01-05 20:02:05 -0800[diff] [blame]2799 show_hint "Fails 'Connection refused' since client is not in VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2800 run_cmd nettest -6 -s -I ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2801 sleep 1
2802 run_cmd nettest -6 -r ${a}
2803 log_test_addr ${a} $? 1 "Global server, local connection"
2804 done
2805
2806
2807 #
2808 # client
2809 #
2810 for a in ${NSB_IP6} ${NSB_LO_IP6}
2811 do
2812 log_start
2813 run_cmd_nsb nettest -6 -s &
2814 sleep 1
2815 run_cmd nettest -6 -r ${a} -d ${VRF}
2816 log_test_addr ${a} $? 0 "Client, VRF bind"
2817 done
2818
2819 a=${NSB_LINKIP6}
2820 log_start
2821 show_hint "Fails since VRF device does not allow linklocal addresses"
2822 run_cmd_nsb nettest -6 -s &
2823 sleep 1
2824 run_cmd nettest -6 -r ${a} -d ${VRF}
2825 log_test_addr ${a} $? 1 "Client, VRF bind"
2826
2827 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2828 do
2829 log_start
2830 run_cmd_nsb nettest -6 -s &
2831 sleep 1
2832 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2833 log_test_addr ${a} $? 0 "Client, device bind"
2834 done
2835
2836 for a in ${NSB_IP6} ${NSB_LO_IP6}
2837 do
2838 log_start
2839 show_hint "Should fail 'Connection refused'"
2840 run_cmd nettest -6 -r ${a} -d ${VRF}
2841 log_test_addr ${a} $? 1 "No server, VRF client"
2842 done
2843
2844 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2845 do
2846 log_start
2847 show_hint "Should fail 'Connection refused'"
2848 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2849 log_test_addr ${a} $? 1 "No server, device client"
2850 done
2851
2852 for a in ${NSA_IP6} ${VRF_IP6} ::1
2853 do
2854 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2855 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2856 sleep 1
2857 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2858 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2859 done
2860
2861 a=${NSA_IP6}
2862 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2863 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2864 sleep 1
2865 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2866 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2867
2868 a=${NSA_IP6}
2869 log_start
2870 show_hint "Should fail since unbound client is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2871 run_cmd nettest -6 -s -I ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2872 sleep 1
2873 run_cmd nettest -6 -r ${a}
2874 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2875
2876 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2877 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2878 sleep 1
2879 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2880 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2881
2882 for a in ${NSA_IP6} ${NSA_LINKIP6}
2883 do
2884 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2885 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2886 sleep 1
2887 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2888 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2889 done
2890}
2891
2892ipv6_tcp()
2893{
2894 log_section "IPv6/TCP"
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2895 log_subsection "No VRF"
2896 setup
2897
2898 # tcp_l3mdev_accept should have no affect without VRF;
2899 # run tests with it enabled and disabled to verify
2900 log_subsection "tcp_l3mdev_accept disabled"
2901 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2902 ipv6_tcp_novrf
2903 log_subsection "tcp_l3mdev_accept enabled"
2904 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2905 ipv6_tcp_novrf
2906
2907 log_subsection "With VRF"
2908 setup "yes"
2909 ipv6_tcp_vrf
2910}
2911
2912################################################################################
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2913# IPv6 UDP
2914
2915ipv6_udp_novrf()
2916{
2917 local a
2918
2919 #
2920 # server tests
2921 #
2922 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2923 do
2924 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2925 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2926 sleep 1
2927 run_cmd_nsb nettest -6 -D -r ${a}
2928 log_test_addr ${a} $? 0 "Global server"
2929
2930 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2931 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2932 sleep 1
2933 run_cmd_nsb nettest -6 -D -r ${a}
2934 log_test_addr ${a} $? 0 "Device server"
2935 done
2936
2937 a=${NSA_LO_IP6}
2938 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2939 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2940 sleep 1
2941 run_cmd_nsb nettest -6 -D -r ${a}
2942 log_test_addr ${a} $? 0 "Global server"
2943
2944 # should fail since loopback address is out of scope for a device
2945 # bound server, but it does not - hence this is more documenting
2946 # behavior.
2947 #log_start
2948 #show_hint "Should fail since loopback address is out of scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2949 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2950 #sleep 1
2951 #run_cmd_nsb nettest -6 -D -r ${a}
2952 #log_test_addr ${a} $? 1 "Device server"
2953
2954 # negative test - should fail
2955 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2956 do
2957 log_start
2958 show_hint "Should fail 'Connection refused' since there is no server"
2959 run_cmd_nsb nettest -6 -D -r ${a}
2960 log_test_addr ${a} $? 1 "No server"
2961 done
2962
2963 #
2964 # client
2965 #
2966 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2967 do
2968 log_start
2969 run_cmd_nsb nettest -6 -D -s &
2970 sleep 1
2971 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2972 log_test_addr ${a} $? 0 "Client"
2973
2974 log_start
2975 run_cmd_nsb nettest -6 -D -s &
2976 sleep 1
2977 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2978 log_test_addr ${a} $? 0 "Client, device bind"
2979
2980 log_start
2981 run_cmd_nsb nettest -6 -D -s &
2982 sleep 1
2983 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2984 log_test_addr ${a} $? 0 "Client, device send via cmsg"
2985
2986 log_start
2987 run_cmd_nsb nettest -6 -D -s &
2988 sleep 1
2989 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2990 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
2991
2992 log_start
2993 show_hint "Should fail 'Connection refused'"
2994 run_cmd nettest -6 -D -r ${a}
2995 log_test_addr ${a} $? 1 "No server, unbound client"
2996
2997 log_start
2998 show_hint "Should fail 'Connection refused'"
2999 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3000 log_test_addr ${a} $? 1 "No server, device client"
3001 done
3002
3003 #
3004 # local address tests
3005 #
3006 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
3007 do
3008 log_start
3009 run_cmd nettest -6 -D -s &
3010 sleep 1
3011 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3012 log_test_addr ${a} $? 0 "Global server, local connection"
3013 done
3014
3015 a=${NSA_IP6}
3016 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3017 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3018 sleep 1
3019 run_cmd nettest -6 -D -r ${a}
3020 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
3021
3022 for a in ${NSA_LO_IP6} ::1
3023 do
3024 log_start
3025 show_hint "Should fail 'Connection refused' since address is out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3026 run_cmd nettest -6 -s -D -I ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3027 sleep 1
3028 run_cmd nettest -6 -D -r ${a}
3029 log_test_addr ${a} $? 1 "Device server, local connection"
3030 done
3031
3032 a=${NSA_IP6}
3033 log_start
3034 run_cmd nettest -6 -s -D &
3035 sleep 1
3036 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3037 log_test_addr ${a} $? 0 "Global server, device client, local connection"
3038
3039 log_start
3040 run_cmd nettest -6 -s -D &
3041 sleep 1
3042 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3043 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
3044
3045 log_start
3046 run_cmd nettest -6 -s -D &
3047 sleep 1
3048 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3049 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
3050
3051 for a in ${NSA_LO_IP6} ::1
3052 do
3053 log_start
3054 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3055 run_cmd nettest -6 -D -s &
3056 sleep 1
3057 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3058 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3059
3060 log_start
3061 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3062 run_cmd nettest -6 -D -s &
3063 sleep 1
3064 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3065 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3066
3067 log_start
3068 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3069 run_cmd nettest -6 -D -s &
3070 sleep 1
3071 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3072 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3073 done
3074
3075 a=${NSA_IP6}
3076 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3077 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3078 sleep 1
3079 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3080 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3081
3082 log_start
3083 show_hint "Should fail 'Connection refused'"
3084 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3085 log_test_addr ${a} $? 1 "No server, device client, local conn"
3086
3087 # LLA to GUA
3088 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3089 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3090 log_start
3091 run_cmd nettest -6 -s -D &
3092 sleep 1
3093 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3094 log_test $? 0 "UDP in - LLA to GUA"
3095
3096 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3097 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3098}
3099
3100ipv6_udp_vrf()
3101{
3102 local a
3103
3104 # disable global server
3105 log_subsection "Global server disabled"
3106 set_sysctl net.ipv4.udp_l3mdev_accept=0
3107
3108 #
3109 # server tests
3110 #
3111 for a in ${NSA_IP6} ${VRF_IP6}
3112 do
3113 log_start
3114 show_hint "Should fail 'Connection refused' since global server is disabled"
3115 run_cmd nettest -6 -D -s &
3116 sleep 1
3117 run_cmd_nsb nettest -6 -D -r ${a}
3118 log_test_addr ${a} $? 1 "Global server"
3119 done
3120
3121 for a in ${NSA_IP6} ${VRF_IP6}
3122 do
3123 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3124 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3125 sleep 1
3126 run_cmd_nsb nettest -6 -D -r ${a}
3127 log_test_addr ${a} $? 0 "VRF server"
3128 done
3129
3130 for a in ${NSA_IP6} ${VRF_IP6}
3131 do
3132 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3133 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3134 sleep 1
3135 run_cmd_nsb nettest -6 -D -r ${a}
3136 log_test_addr ${a} $? 0 "Enslaved device server"
3137 done
3138
3139 # negative test - should fail
3140 for a in ${NSA_IP6} ${VRF_IP6}
3141 do
3142 log_start
3143 show_hint "Should fail 'Connection refused' since there is no server"
3144 run_cmd_nsb nettest -6 -D -r ${a}
3145 log_test_addr ${a} $? 1 "No server"
3146 done
3147
3148 #
3149 # local address tests
3150 #
3151 for a in ${NSA_IP6} ${VRF_IP6}
3152 do
3153 log_start
3154 show_hint "Should fail 'Connection refused' since global server is disabled"
3155 run_cmd nettest -6 -D -s &
3156 sleep 1
3157 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3158 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3159 done
3160
3161 for a in ${NSA_IP6} ${VRF_IP6}
3162 do
3163 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3164 run_cmd nettest -6 -D -I ${VRF} -s &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3165 sleep 1
3166 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3167 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3168 done
3169
3170 a=${NSA_IP6}
3171 log_start
3172 show_hint "Should fail 'Connection refused' since global server is disabled"
3173 run_cmd nettest -6 -D -s &
3174 sleep 1
3175 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3176 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3177
3178 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3179 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3180 sleep 1
3181 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3182 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3183
3184 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3185 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3186 sleep 1
3187 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3188 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3189
3190 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3191 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3192 sleep 1
3193 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3194 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3195
3196 # disable global server
3197 log_subsection "Global server enabled"
3198 set_sysctl net.ipv4.udp_l3mdev_accept=1
3199
3200 #
3201 # server tests
3202 #
3203 for a in ${NSA_IP6} ${VRF_IP6}
3204 do
3205 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3206 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3207 sleep 1
3208 run_cmd_nsb nettest -6 -D -r ${a}
3209 log_test_addr ${a} $? 0 "Global server"
3210 done
3211
3212 for a in ${NSA_IP6} ${VRF_IP6}
3213 do
3214 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3215 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3216 sleep 1
3217 run_cmd_nsb nettest -6 -D -r ${a}
3218 log_test_addr ${a} $? 0 "VRF server"
3219 done
3220
3221 for a in ${NSA_IP6} ${VRF_IP6}
3222 do
3223 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3224 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3225 sleep 1
3226 run_cmd_nsb nettest -6 -D -r ${a}
3227 log_test_addr ${a} $? 0 "Enslaved device server"
3228 done
3229
3230 # negative test - should fail
3231 for a in ${NSA_IP6} ${VRF_IP6}
3232 do
3233 log_start
3234 run_cmd_nsb nettest -6 -D -r ${a}
3235 log_test_addr ${a} $? 1 "No server"
3236 done
3237
3238 #
3239 # client tests
3240 #
3241 log_start
3242 run_cmd_nsb nettest -6 -D -s &
3243 sleep 1
3244 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3245 log_test $? 0 "VRF client"
3246
3247 # negative test - should fail
3248 log_start
3249 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3250 log_test $? 1 "No server, VRF client"
3251
3252 log_start
3253 run_cmd_nsb nettest -6 -D -s &
3254 sleep 1
3255 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3256 log_test $? 0 "Enslaved device client"
3257
3258 # negative test - should fail
3259 log_start
3260 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3261 log_test $? 1 "No server, enslaved device client"
3262
3263 #
3264 # local address tests
3265 #
3266 a=${NSA_IP6}
3267 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3268 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3269 sleep 1
3270 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3271 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3272
3273 #log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3274 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3275 sleep 1
3276 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3277 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3278
3279
3280 a=${VRF_IP6}
3281 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3282 run_cmd nettest -6 -D -s -3 ${VRF} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3283 sleep 1
3284 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3285 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3286
3287 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3288 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3289 sleep 1
3290 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3291 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3292
3293 # negative test - should fail
3294 for a in ${NSA_IP6} ${VRF_IP6}
3295 do
3296 log_start
3297 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3298 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3299 done
3300
3301 # device to global IP
3302 a=${NSA_IP6}
3303 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3304 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3305 sleep 1
3306 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3307 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3308
3309 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3310 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3311 sleep 1
3312 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3313 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3314
3315 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3316 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3317 sleep 1
3318 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3319 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3320
3321 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3322 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3323 sleep 1
3324 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3325 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3326
3327 log_start
3328 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3329 log_test_addr ${a} $? 1 "No server, device client, local conn"
3330
3331
3332 # link local addresses
3333 log_start
3334 run_cmd nettest -6 -D -s &
3335 sleep 1
3336 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3337 log_test $? 0 "Global server, linklocal IP"
3338
3339 log_start
3340 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3341 log_test $? 1 "No server, linklocal IP"
3342
3343
3344 log_start
3345 run_cmd_nsb nettest -6 -D -s &
3346 sleep 1
3347 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3348 log_test $? 0 "Enslaved device client, linklocal IP"
3349
3350 log_start
3351 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3352 log_test $? 1 "No server, device client, peer linklocal IP"
3353
3354
3355 log_start
3356 run_cmd nettest -6 -D -s &
3357 sleep 1
3358 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3359 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3360
3361 log_start
3362 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3363 log_test $? 1 "No server, device client, local conn - linklocal IP"
3364
3365 # LLA to GUA
3366 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3367 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3368 log_start
3369 run_cmd nettest -6 -s -D &
3370 sleep 1
3371 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3372 log_test $? 0 "UDP in - LLA to GUA"
3373
3374 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3375 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3376}
3377
3378ipv6_udp()
3379{
3380 # should not matter, but set to known state
3381 set_sysctl net.ipv4.udp_early_demux=1
3382
3383 log_section "IPv6/UDP"
3384 log_subsection "No VRF"
3385 setup
3386
3387 # udp_l3mdev_accept should have no affect without VRF;
3388 # run tests with it enabled and disabled to verify
3389 log_subsection "udp_l3mdev_accept disabled"
3390 set_sysctl net.ipv4.udp_l3mdev_accept=0
3391 ipv6_udp_novrf
3392 log_subsection "udp_l3mdev_accept enabled"
3393 set_sysctl net.ipv4.udp_l3mdev_accept=1
3394 ipv6_udp_novrf
3395
3396 log_subsection "With VRF"
3397 setup "yes"
3398 ipv6_udp_vrf
3399}
3400
3401################################################################################
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3402# IPv6 address bind
3403
3404ipv6_addr_bind_novrf()
3405{
3406 #
3407 # raw socket
3408 #
3409 for a in ${NSA_IP6} ${NSA_LO_IP6}
3410 do
3411 log_start
3412 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3413 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3414
3415 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3416 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3417 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3418 done
3419
3420 #
3421 # tcp sockets
3422 #
3423 a=${NSA_IP6}
3424 log_start
3425 run_cmd nettest -6 -s -l ${a} -t1 -b
3426 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3427
3428 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3429 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3430 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3431
3432 a=${NSA_LO_IP6}
3433 log_start
3434 show_hint "Should fail with 'Cannot assign requested address'"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3435 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3436 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
3437}
3438
3439ipv6_addr_bind_vrf()
3440{
3441 #
3442 # raw socket
3443 #
3444 for a in ${NSA_IP6} ${VRF_IP6}
3445 do
3446 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3447 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3448 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3449
3450 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3451 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3452 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3453 done
3454
3455 a=${NSA_LO_IP6}
3456 log_start
3457 show_hint "Address on loopback is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3458 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3459 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3460
3461 #
3462 # tcp sockets
3463 #
3464 # address on enslaved device is valid for the VRF or device in a VRF
3465 for a in ${NSA_IP6} ${VRF_IP6}
3466 do
3467 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3468 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3469 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3470 done
3471
3472 a=${NSA_IP6}
3473 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3474 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3475 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3476
3477 a=${VRF_IP6}
3478 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3479 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3480 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind"
3481
3482 a=${NSA_LO_IP6}
3483 log_start
3484 show_hint "Address on loopback out of scope for VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3485 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3486 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3487
3488 log_start
3489 show_hint "Address on loopback out of scope for device in VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3490 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3491 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3492
3493}
3494
3495ipv6_addr_bind()
3496{
3497 log_section "IPv6 address binds"
3498
3499 log_subsection "No VRF"
3500 setup
3501 ipv6_addr_bind_novrf
3502
3503 log_subsection "With VRF"
3504 setup "yes"
3505 ipv6_addr_bind_vrf
3506}
3507
3508################################################################################
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3509# IPv6 runtime tests
3510
3511ipv6_rt()
3512{
3513 local desc="$1"
3514 local varg="-6 $2"
3515 local with_vrf="yes"
3516 local a
3517
3518 #
3519 # server tests
3520 #
3521 for a in ${NSA_IP6} ${VRF_IP6}
3522 do
3523 log_start
3524 run_cmd nettest ${varg} -s &
3525 sleep 1
3526 run_cmd_nsb nettest ${varg} -r ${a} &
3527 sleep 3
3528 run_cmd ip link del ${VRF}
3529 sleep 1
3530 log_test_addr ${a} 0 0 "${desc}, global server"
3531
3532 setup ${with_vrf}
3533 done
3534
3535 for a in ${NSA_IP6} ${VRF_IP6}
3536 do
3537 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3538 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3539 sleep 1
3540 run_cmd_nsb nettest ${varg} -r ${a} &
3541 sleep 3
3542 run_cmd ip link del ${VRF}
3543 sleep 1
3544 log_test_addr ${a} 0 0 "${desc}, VRF server"
3545
3546 setup ${with_vrf}
3547 done
3548
3549 for a in ${NSA_IP6} ${VRF_IP6}
3550 do
3551 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3552 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3553 sleep 1
3554 run_cmd_nsb nettest ${varg} -r ${a} &
3555 sleep 3
3556 run_cmd ip link del ${VRF}
3557 sleep 1
3558 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3559
3560 setup ${with_vrf}
3561 done
3562
3563 #
3564 # client test
3565 #
3566 log_start
3567 run_cmd_nsb nettest ${varg} -s &
3568 sleep 1
3569 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3570 sleep 3
3571 run_cmd ip link del ${VRF}
3572 sleep 1
3573 log_test 0 0 "${desc}, VRF client"
3574
3575 setup ${with_vrf}
3576
3577 log_start
3578 run_cmd_nsb nettest ${varg} -s &
3579 sleep 1
3580 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3581 sleep 3
3582 run_cmd ip link del ${VRF}
3583 sleep 1
3584 log_test 0 0 "${desc}, enslaved device client"
3585
3586 setup ${with_vrf}
3587
3588
3589 #
3590 # local address tests
3591 #
3592 for a in ${NSA_IP6} ${VRF_IP6}
3593 do
3594 log_start
3595 run_cmd nettest ${varg} -s &
3596 sleep 1
3597 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3598 sleep 3
3599 run_cmd ip link del ${VRF}
3600 sleep 1
3601 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3602
3603 setup ${with_vrf}
3604 done
3605
3606 for a in ${NSA_IP6} ${VRF_IP6}
3607 do
3608 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3609 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3610 sleep 1
3611 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3612 sleep 3
3613 run_cmd ip link del ${VRF}
3614 sleep 1
3615 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3616
3617 setup ${with_vrf}
3618 done
3619
3620 a=${NSA_IP6}
3621 log_start
3622 run_cmd nettest ${varg} -s &
3623 sleep 1
3624 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3625 sleep 3
3626 run_cmd ip link del ${VRF}
3627 sleep 1
3628 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3629
3630 setup ${with_vrf}
3631
3632 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3633 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3634 sleep 1
3635 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3636 sleep 3
3637 run_cmd ip link del ${VRF}
3638 sleep 1
3639 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3640
3641 setup ${with_vrf}
3642
3643 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3644 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3645 sleep 1
3646 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3647 sleep 3
3648 run_cmd ip link del ${VRF}
3649 sleep 1
3650 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3651}
3652
3653ipv6_ping_rt()
3654{
3655 local with_vrf="yes"
3656 local a
3657
3658 a=${NSA_IP6}
3659 log_start
3660 run_cmd_nsb ${ping6} -f ${a} &
3661 sleep 3
3662 run_cmd ip link del ${VRF}
3663 sleep 1
3664 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3665
3666 setup ${with_vrf}
3667
3668 log_start
3669 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3670 sleep 1
3671 run_cmd ip link del ${VRF}
3672 sleep 1
3673 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3674}
3675
3676ipv6_runtime()
3677{
3678 log_section "Run time tests - ipv6"
3679
3680 setup "yes"
3681 ipv6_ping_rt
3682
3683 setup "yes"
3684 ipv6_rt "TCP active socket" "-n -1"
3685
3686 setup "yes"
3687 ipv6_rt "TCP passive socket" "-i"
3688
3689 setup "yes"
3690 ipv6_rt "UDP active socket" "-D -n -1"
3691}
3692
3693################################################################################
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]3694# netfilter blocking connections
3695
3696netfilter_tcp_reset()
3697{
3698 local a
3699
3700 for a in ${NSA_IP} ${VRF_IP}
3701 do
3702 log_start
3703 run_cmd nettest -s &
3704 sleep 1
3705 run_cmd_nsb nettest -r ${a}
3706 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3707 done
3708}
3709
3710netfilter_icmp()
3711{
3712 local stype="$1"
3713 local arg
3714 local a
3715
3716 [ "${stype}" = "UDP" ] && arg="-D"
3717
3718 for a in ${NSA_IP} ${VRF_IP}
3719 do
3720 log_start
3721 run_cmd nettest ${arg} -s &
3722 sleep 1
3723 run_cmd_nsb nettest ${arg} -r ${a}
3724 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3725 done
3726}
3727
3728ipv4_netfilter()
3729{
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]3730 log_section "IPv4 Netfilter"
3731 log_subsection "TCP reset"
3732
3733 setup "yes"
3734 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3735
3736 netfilter_tcp_reset
3737
3738 log_start
3739 log_subsection "ICMP unreachable"
3740
3741 log_start
3742 run_cmd iptables -F
3743 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3744 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3745
3746 netfilter_icmp "TCP"
3747 netfilter_icmp "UDP"
3748
3749 log_start
3750 iptables -F
3751}
3752
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]3753netfilter_tcp6_reset()
3754{
3755 local a
3756
3757 for a in ${NSA_IP6} ${VRF_IP6}
3758 do
3759 log_start
3760 run_cmd nettest -6 -s &
3761 sleep 1
3762 run_cmd_nsb nettest -6 -r ${a}
3763 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3764 done
3765}
3766
3767netfilter_icmp6()
3768{
3769 local stype="$1"
3770 local arg
3771 local a
3772
3773 [ "${stype}" = "UDP" ] && arg="$arg -D"
3774
3775 for a in ${NSA_IP6} ${VRF_IP6}
3776 do
3777 log_start
3778 run_cmd nettest -6 -s ${arg} &
3779 sleep 1
3780 run_cmd_nsb nettest -6 ${arg} -r ${a}
3781 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3782 done
3783}
3784
3785ipv6_netfilter()
3786{
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]3787 log_section "IPv6 Netfilter"
3788 log_subsection "TCP reset"
3789
3790 setup "yes"
3791 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3792
3793 netfilter_tcp6_reset
3794
3795 log_subsection "ICMP unreachable"
3796
3797 log_start
3798 run_cmd ip6tables -F
3799 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3800 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3801
3802 netfilter_icmp6 "TCP"
3803 netfilter_icmp6 "UDP"
3804
3805 log_start
3806 ip6tables -F
3807}
3808
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]3809################################################################################
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]3810# specific use cases
3811
3812# VRF only.
3813# ns-A device enslaved to bridge. Verify traffic with and without
3814# br_netfilter module loaded. Repeat with SVI on bridge.
3815use_case_br()
3816{
3817 setup "yes"
3818
3819 setup_cmd ip link set ${NSA_DEV} down
3820 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24
3821 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
3822
3823 setup_cmd ip link add br0 type bridge
3824 setup_cmd ip addr add dev br0 ${NSA_IP}/24
3825 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
3826
3827 setup_cmd ip li set ${NSA_DEV} master br0
3828 setup_cmd ip li set ${NSA_DEV} up
3829 setup_cmd ip li set br0 up
3830 setup_cmd ip li set br0 vrf ${VRF}
3831
3832 rmmod br_netfilter 2>/dev/null
3833 sleep 5 # DAD
3834
3835 run_cmd ip neigh flush all
3836 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3837 log_test $? 0 "Bridge into VRF - IPv4 ping out"
3838
3839 run_cmd ip neigh flush all
3840 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3841 log_test $? 0 "Bridge into VRF - IPv6 ping out"
3842
3843 run_cmd ip neigh flush all
3844 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3845 log_test $? 0 "Bridge into VRF - IPv4 ping in"
3846
3847 run_cmd ip neigh flush all
3848 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3849 log_test $? 0 "Bridge into VRF - IPv6 ping in"
3850
3851 modprobe br_netfilter
3852 if [ $? -eq 0 ]; then
3853 run_cmd ip neigh flush all
3854 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3855 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3856
3857 run_cmd ip neigh flush all
3858 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3859 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3860
3861 run_cmd ip neigh flush all
3862 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3863 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3864
3865 run_cmd ip neigh flush all
3866 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3867 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3868 fi
3869
3870 setup_cmd ip li set br0 nomaster
3871 setup_cmd ip li add br0.100 link br0 type vlan id 100
3872 setup_cmd ip li set br0.100 vrf ${VRF} up
3873 setup_cmd ip addr add dev br0.100 172.16.101.1/24
3874 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
3875
3876 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100
3877 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24
3878 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
3879 setup_cmd_nsb ip li set vlan100 up
3880 sleep 1
3881
3882 rmmod br_netfilter 2>/dev/null
3883
3884 run_cmd ip neigh flush all
3885 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3886 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
3887
3888 run_cmd ip neigh flush all
3889 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3890 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
3891
3892 run_cmd ip neigh flush all
3893 run_cmd_nsb ping -c1 -w1 172.16.101.1
3894 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3895
3896 run_cmd ip neigh flush all
3897 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3898 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3899
3900 modprobe br_netfilter
3901 if [ $? -eq 0 ]; then
3902 run_cmd ip neigh flush all
3903 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3904 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3905
3906 run_cmd ip neigh flush all
3907 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3908 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3909
3910 run_cmd ip neigh flush all
3911 run_cmd_nsb ping -c1 -w1 172.16.101.1
3912 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3913
3914 run_cmd ip neigh flush all
3915 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3916 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3917 fi
3918
3919 setup_cmd ip li del br0 2>/dev/null
3920 setup_cmd_nsb ip li del vlan100 2>/dev/null
3921}
3922
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]3923# VRF only.
3924# ns-A device is connected to both ns-B and ns-C on a single VRF but only has
3925# LLA on the interfaces
3926use_case_ping_lla_multi()
3927{
3928 setup_lla_only
3929 # only want reply from ns-A
3930 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3931 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3932
3933 log_start
3934 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3935 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
3936
3937 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3938 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
3939
3940 # cycle/flap the first ns-A interface
3941 setup_cmd ip link set ${NSA_DEV} down
3942 setup_cmd ip link set ${NSA_DEV} up
3943 sleep 1
3944
3945 log_start
3946 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3947 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
3948 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3949 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
3950
3951 # cycle/flap the second ns-A interface
3952 setup_cmd ip link set ${NSA_DEV2} down
3953 setup_cmd ip link set ${NSA_DEV2} up
3954 sleep 1
3955
3956 log_start
3957 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3958 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
3959 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3960 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
3961}
3962
Lahav Schlesingerd3cec5c2021-08-18 08:52:12 +0000[diff] [blame]3963# Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
3964# established with ns-B.
3965use_case_snat_on_vrf()
3966{
3967 setup "yes"
3968
3969 local port="12345"
3970
3971 run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
3972 run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
3973
3974 run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
3975 sleep 1
3976 run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
3977 log_test $? 0 "IPv4 TCP connection over VRF with SNAT"
3978
3979 run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
3980 sleep 1
3981 run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
3982 log_test $? 0 "IPv6 TCP connection over VRF with SNAT"
3983
3984 # Cleanup
3985 run_cmd iptables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
3986 run_cmd ip6tables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
3987}
3988
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]3989use_cases()
3990{
3991 log_section "Use cases"
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]3992 log_subsection "Device enslaved to bridge"
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]3993 use_case_br
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]3994 log_subsection "Ping LLA with multiple interfaces"
3995 use_case_ping_lla_multi
Lahav Schlesingerd3cec5c2021-08-18 08:52:12 +0000[diff] [blame]3996 log_subsection "SNAT on VRF"
3997 use_case_snat_on_vrf
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]3998}
3999
4000################################################################################
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4001# usage
4002
4003usage()
4004{
4005 cat <<EOF
4006usage: ${0##*/} OPTS
4007
4008 -4 IPv4 tests only
4009 -6 IPv6 tests only
4010 -t <test> Test name/set to run
4011 -p Pause on fail
4012 -P Pause after each test
4013 -v Be verbose
4014EOF
4015}
4016
4017################################################################################
4018# main
4019
Li Zhijiana05431b2021-12-02 10:28:41 +0800[diff] [blame]4020TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_bind ipv4_runtime ipv4_netfilter"
4021TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_bind ipv6_runtime ipv6_netfilter"
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]4022TESTS_OTHER="use_cases"
4023
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4024PAUSE_ON_FAIL=no
4025PAUSE=no
4026
4027while getopts :46t:pPvh o
4028do
4029 case $o in
4030 4) TESTS=ipv4;;
4031 6) TESTS=ipv6;;
4032 t) TESTS=$OPTARG;;
4033 p) PAUSE_ON_FAIL=yes;;
4034 P) PAUSE=yes;;
4035 v) VERBOSE=1;;
4036 h) usage; exit 0;;
4037 *) usage; exit 1;;
4038 esac
4039done
4040
4041# make sure we don't pause twice
4042[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
4043
4044#
4045# show user test config
4046#
4047if [ -z "$TESTS" ]; then
4048 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
4049elif [ "$TESTS" = "ipv4" ]; then
4050 TESTS="$TESTS_IPV4"
4051elif [ "$TESTS" = "ipv6" ]; then
4052 TESTS="$TESTS_IPV6"
4053fi
4054
David Ahernf8874272019-08-09 16:13:38 -0700[diff] [blame]4055which nettest >/dev/null
4056if [ $? -ne 0 ]; then
4057 echo "'nettest' command not found; skipping tests"
Po-Hsu Lin7844ec22021-08-23 16:58:54 +0800[diff] [blame]4058 exit $ksft_skip
David Ahernf8874272019-08-09 16:13:38 -0700[diff] [blame]4059fi
4060
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4061declare -i nfail=0
4062declare -i nsuccess=0
4063
4064for t in $TESTS
4065do
4066 case $t in
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]4067 ipv4_ping|ping) ipv4_ping;;
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]4068 ipv4_tcp|tcp) ipv4_tcp;;
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]4069 ipv4_udp|udp) ipv4_udp;;
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]4070 ipv4_bind|bind) ipv4_addr_bind;;
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]4071 ipv4_runtime) ipv4_runtime;;
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]4072 ipv4_netfilter) ipv4_netfilter;;
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]4073
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]4074 ipv6_ping|ping6) ipv6_ping;;
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]4075 ipv6_tcp|tcp6) ipv6_tcp;;
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]4076 ipv6_udp|udp6) ipv6_udp;;
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]4077 ipv6_bind|bind6) ipv6_addr_bind;;
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]4078 ipv6_runtime) ipv6_runtime;;
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]4079 ipv6_netfilter) ipv6_netfilter;;
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]4080
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]4081 use_cases) use_cases;;
4082
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4083 # setup namespaces and config, but do not run any tests
4084 setup) setup; exit 0;;
4085 vrf_setup) setup "yes"; exit 0;;
4086
4087 help) echo "Test names: $TESTS"; exit 0;;
4088 esac
4089done
4090
4091cleanup 2>/dev/null
4092
4093printf "\nTests passed: %3d\n" ${nsuccess}
4094printf "Tests failed: %3d\n" ${nfail}
Li Zhijian0f8a3b42021-12-03 10:32:13 +0800[diff] [blame]4095
4096if [ $nfail -ne 0 ]; then
4097 exit 1 # KSFT_FAIL
4098elif [ $nsuccess -eq 0 ]; then
4099 exit $ksft_skip
4100fi
4101
4102exit 0 # KSFT_PASS