Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 1f83b835a3eaa5ae4bd825fb07182698bfc243ba / . / tools / testing / selftests / net / fcnal-test.sh
blob: 3313566ce9062e285a9872ac2ce6c2ab3c1bc652 [file] [log] [blame]
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5#
6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7# for various permutations:
8# 1. icmp, tcp, udp and netfilter
9# 2. client, server, no-server
10# 3. global address on interface
11# 4. global address on 'lo'
12# 5. remote and local traffic
13# 6. VRF and non-VRF permutations
14#
15# Setup:
16# ns-A | ns-B
17# No VRF case:
18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
19# remote address
20# VRF case:
21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
22#
23# ns-A:
24# eth1: 172.16.1.1/24, 2001:db8:1::1/64
25# lo: 127.0.0.1/8, ::1/128
26# 172.16.2.1/32, 2001:db8:2::1/128
27# red: 127.0.0.1/8, ::1/128
28# 172.16.3.1/32, 2001:db8:3::1/128
29#
30# ns-B:
31# eth1: 172.16.1.2/24, 2001:db8:1::2/64
32# lo2: 127.0.0.1/8, ::1/128
33# 172.16.2.2/32, 2001:db8:2::2/128
34#
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]35# ns-A to ns-C connection - only for VRF and same config
36# as ns-A to ns-B
37#
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]38# server / client nomenclature relative to ns-A
39
Po-Hsu Lin7844ec22021-08-23 16:58:54 +0800[diff] [blame]40# Kselftest framework requirement - SKIP code is 4.
41ksft_skip=4
42
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]43VERBOSE=0
44
45NSA_DEV=eth1
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]46NSA_DEV2=eth2
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]47NSB_DEV=eth1
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]48NSC_DEV=eth2
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]49VRF=red
50VRF_TABLE=1101
51
52# IPv4 config
53NSA_IP=172.16.1.1
54NSB_IP=172.16.1.2
55VRF_IP=172.16.3.1
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]56NS_NET=172.16.1.0/24
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]57
58# IPv6 config
59NSA_IP6=2001:db8:1::1
60NSB_IP6=2001:db8:1::2
61VRF_IP6=2001:db8:3::1
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]62NS_NET6=2001:db8:1::/120
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]63
64NSA_LO_IP=172.16.2.1
65NSB_LO_IP=172.16.2.2
66NSA_LO_IP6=2001:db8:2::1
67NSB_LO_IP6=2001:db8:2::2
68
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]69MD5_PW=abc123
70MD5_WRONG_PW=abc1234
71
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]72MCAST=ff02::1
73# set after namespace create
74NSA_LINKIP6=
75NSB_LINKIP6=
76
77NSA=ns-A
78NSB=ns-B
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]79NSC=ns-C
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]80
81NSA_CMD="ip netns exec ${NSA}"
82NSB_CMD="ip netns exec ${NSB}"
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]83NSC_CMD="ip netns exec ${NSC}"
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]84
85which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
86
87################################################################################
88# utilities
89
90log_test()
91{
92 local rc=$1
93 local expected=$2
94 local msg="$3"
95
96 [ "${VERBOSE}" = "1" ] && echo
97
98 if [ ${rc} -eq ${expected} ]; then
99 nsuccess=$((nsuccess+1))
100 printf "TEST: %-70s [ OK ]\n" "${msg}"
101 else
102 nfail=$((nfail+1))
103 printf "TEST: %-70s [FAIL]\n" "${msg}"
104 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
105 echo
106 echo "hit enter to continue, 'q' to quit"
107 read a
108 [ "$a" = "q" ] && exit 1
109 fi
110 fi
111
112 if [ "${PAUSE}" = "yes" ]; then
113 echo
114 echo "hit enter to continue, 'q' to quit"
115 read a
116 [ "$a" = "q" ] && exit 1
117 fi
118
119 kill_procs
120}
121
122log_test_addr()
123{
124 local addr=$1
125 local rc=$2
126 local expected=$3
127 local msg="$4"
128 local astr
129
130 astr=$(addr2str ${addr})
131 log_test $rc $expected "$msg - ${astr}"
132}
133
134log_section()
135{
136 echo
137 echo "###########################################################################"
138 echo "$*"
139 echo "###########################################################################"
140 echo
141}
142
143log_subsection()
144{
145 echo
146 echo "#################################################################"
147 echo "$*"
148 echo
149}
150
151log_start()
152{
153 # make sure we have no test instances running
154 kill_procs
155
156 if [ "${VERBOSE}" = "1" ]; then
157 echo
158 echo "#######################################################"
159 fi
160}
161
162log_debug()
163{
164 if [ "${VERBOSE}" = "1" ]; then
165 echo
166 echo "$*"
167 echo
168 fi
169}
170
171show_hint()
172{
173 if [ "${VERBOSE}" = "1" ]; then
174 echo "HINT: $*"
175 echo
176 fi
177}
178
179kill_procs()
180{
181 killall nettest ping ping6 >/dev/null 2>&1
182 sleep 1
183}
184
185do_run_cmd()
186{
187 local cmd="$*"
188 local out
189
190 if [ "$VERBOSE" = "1" ]; then
191 echo "COMMAND: ${cmd}"
192 fi
193
194 out=$($cmd 2>&1)
195 rc=$?
196 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
197 echo "$out"
198 fi
199
200 return $rc
201}
202
203run_cmd()
204{
205 do_run_cmd ${NSA_CMD} $*
206}
207
208run_cmd_nsb()
209{
210 do_run_cmd ${NSB_CMD} $*
211}
212
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]213run_cmd_nsc()
214{
215 do_run_cmd ${NSC_CMD} $*
216}
217
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]218setup_cmd()
219{
220 local cmd="$*"
221 local rc
222
223 run_cmd ${cmd}
224 rc=$?
225 if [ $rc -ne 0 ]; then
226 # show user the command if not done so already
227 if [ "$VERBOSE" = "0" ]; then
228 echo "setup command: $cmd"
229 fi
230 echo "failed. stopping tests"
231 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
232 echo
233 echo "hit enter to continue"
234 read a
235 fi
236 exit $rc
237 fi
238}
239
240setup_cmd_nsb()
241{
242 local cmd="$*"
243 local rc
244
245 run_cmd_nsb ${cmd}
246 rc=$?
247 if [ $rc -ne 0 ]; then
248 # show user the command if not done so already
249 if [ "$VERBOSE" = "0" ]; then
250 echo "setup command: $cmd"
251 fi
252 echo "failed. stopping tests"
253 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
254 echo
255 echo "hit enter to continue"
256 read a
257 fi
258 exit $rc
259 fi
260}
261
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]262setup_cmd_nsc()
263{
264 local cmd="$*"
265 local rc
266
267 run_cmd_nsc ${cmd}
268 rc=$?
269 if [ $rc -ne 0 ]; then
270 # show user the command if not done so already
271 if [ "$VERBOSE" = "0" ]; then
272 echo "setup command: $cmd"
273 fi
274 echo "failed. stopping tests"
275 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
276 echo
277 echo "hit enter to continue"
278 read a
279 fi
280 exit $rc
281 fi
282}
283
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]284# set sysctl values in NS-A
285set_sysctl()
286{
287 echo "SYSCTL: $*"
288 echo
289 run_cmd sysctl -q -w $*
290}
291
Leonard Crestez64e40172021-10-15 10:26:07 +0300[diff] [blame]292# get sysctl values in NS-A
293get_sysctl()
294{
295 ${NSA_CMD} sysctl -n $*
296}
297
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]298################################################################################
299# Setup for tests
300
301addr2str()
302{
303 case "$1" in
304 127.0.0.1) echo "loopback";;
305 ::1) echo "IPv6 loopback";;
306
307 ${NSA_IP}) echo "ns-A IP";;
308 ${NSA_IP6}) echo "ns-A IPv6";;
309 ${NSA_LO_IP}) echo "ns-A loopback IP";;
310 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
311 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
312
313 ${NSB_IP}) echo "ns-B IP";;
314 ${NSB_IP6}) echo "ns-B IPv6";;
315 ${NSB_LO_IP}) echo "ns-B loopback IP";;
316 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
317 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
318
319 ${VRF_IP}) echo "VRF IP";;
320 ${VRF_IP6}) echo "VRF IPv6";;
321
322 ${MCAST}%*) echo "multicast IP";;
323
324 *) echo "unknown";;
325 esac
326}
327
328get_linklocal()
329{
330 local ns=$1
331 local dev=$2
332 local addr
333
334 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
335 awk '{
336 for (i = 3; i <= NF; ++i) {
337 if ($i ~ /^fe80/)
338 print $i
339 }
340 }'
341 )
342 addr=${addr/\/*}
343
344 [ -z "$addr" ] && return 1
345
346 echo $addr
347
348 return 0
349}
350
351################################################################################
352# create namespaces and vrf
353
354create_vrf()
355{
356 local ns=$1
357 local vrf=$2
358 local table=$3
359 local addr=$4
360 local addr6=$5
361
362 ip -netns ${ns} link add ${vrf} type vrf table ${table}
363 ip -netns ${ns} link set ${vrf} up
364 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
365 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
366
367 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
368 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
369 if [ "${addr}" != "-" ]; then
370 ip -netns ${ns} addr add dev ${vrf} ${addr}
371 fi
372 if [ "${addr6}" != "-" ]; then
373 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
374 fi
375
376 ip -netns ${ns} ru del pref 0
377 ip -netns ${ns} ru add pref 32765 from all lookup local
378 ip -netns ${ns} -6 ru del pref 0
379 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
380}
381
382create_ns()
383{
384 local ns=$1
385 local addr=$2
386 local addr6=$3
387
388 ip netns add ${ns}
389
390 ip -netns ${ns} link set lo up
391 if [ "${addr}" != "-" ]; then
392 ip -netns ${ns} addr add dev lo ${addr}
393 fi
394 if [ "${addr6}" != "-" ]; then
395 ip -netns ${ns} -6 addr add dev lo ${addr6}
396 fi
397
398 ip -netns ${ns} ro add unreachable default metric 8192
399 ip -netns ${ns} -6 ro add unreachable default metric 8192
400
401 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
402 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
403 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
404 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
405}
406
407# create veth pair to connect namespaces and apply addresses.
408connect_ns()
409{
410 local ns1=$1
411 local ns1_dev=$2
412 local ns1_addr=$3
413 local ns1_addr6=$4
414 local ns2=$5
415 local ns2_dev=$6
416 local ns2_addr=$7
417 local ns2_addr6=$8
418
419 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
420 ip -netns ${ns1} li set ${ns1_dev} up
421 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
422 ip -netns ${ns2} li set ${ns2_dev} up
423
424 if [ "${ns1_addr}" != "-" ]; then
425 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
426 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
427 fi
428
429 if [ "${ns1_addr6}" != "-" ]; then
430 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
431 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
432 fi
433}
434
435cleanup()
436{
437 # explicit cleanups to check those code paths
438 ip netns | grep -q ${NSA}
439 if [ $? -eq 0 ]; then
440 ip -netns ${NSA} link delete ${VRF}
441 ip -netns ${NSA} ro flush table ${VRF_TABLE}
442
443 ip -netns ${NSA} addr flush dev ${NSA_DEV}
444 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
445 ip -netns ${NSA} link set dev ${NSA_DEV} down
446 ip -netns ${NSA} link del dev ${NSA_DEV}
447
Florian Westphal1f83b832021-10-21 16:02:47 +0200[diff] [blame^]448 ip netns pids ${NSA} | xargs kill 2>/dev/null
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]449 ip netns del ${NSA}
450 fi
451
Florian Westphal1f83b832021-10-21 16:02:47 +0200[diff] [blame^]452 ip netns pids ${NSB} | xargs kill 2>/dev/null
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]453 ip netns del ${NSB}
Florian Westphal1f83b832021-10-21 16:02:47 +0200[diff] [blame^]454 ip netns pids ${NSC} | xargs kill 2>/dev/null
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]455 ip netns del ${NSC} >/dev/null 2>&1
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]456}
457
458setup()
459{
460 local with_vrf=${1}
461
462 # make sure we are starting with a clean slate
463 kill_procs
464 cleanup 2>/dev/null
465
466 log_debug "Configuring network namespaces"
467 set -e
468
469 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
470 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
471 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
472 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
473
474 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
475 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
476
477 # tell ns-A how to get to remote addresses of ns-B
478 if [ "${with_vrf}" = "yes" ]; then
479 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
480
481 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
482 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
483 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
484
485 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
486 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]487
488 # some VRF tests use ns-C which has the same config as
489 # ns-B but for a device NOT in the VRF
490 create_ns ${NSC} "-" "-"
491 connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
492 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]493 else
494 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
495 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
496 fi
497
498
499 # tell ns-B how to get to remote addresses of ns-A
500 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
501 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
502
503 set +e
504
505 sleep 1
506}
507
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]508setup_lla_only()
509{
510 # make sure we are starting with a clean slate
511 kill_procs
512 cleanup 2>/dev/null
513
514 log_debug "Configuring network namespaces"
515 set -e
516
517 create_ns ${NSA} "-" "-"
518 create_ns ${NSB} "-" "-"
519 create_ns ${NSC} "-" "-"
520 connect_ns ${NSA} ${NSA_DEV} "-" "-" \
521 ${NSB} ${NSB_DEV} "-" "-"
522 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
523 ${NSC} ${NSC_DEV} "-" "-"
524
525 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
526 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
527 NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV})
528
529 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
530 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
531 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
532
533 set +e
534
535 sleep 1
536}
537
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]538################################################################################
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]539# IPv4
540
541ipv4_ping_novrf()
542{
543 local a
544
545 #
546 # out
547 #
548 for a in ${NSB_IP} ${NSB_LO_IP}
549 do
550 log_start
551 run_cmd ping -c1 -w1 ${a}
552 log_test_addr ${a} $? 0 "ping out"
553
554 log_start
555 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
556 log_test_addr ${a} $? 0 "ping out, device bind"
557
558 log_start
559 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
560 log_test_addr ${a} $? 0 "ping out, address bind"
561 done
562
563 #
564 # in
565 #
566 for a in ${NSA_IP} ${NSA_LO_IP}
567 do
568 log_start
569 run_cmd_nsb ping -c1 -w1 ${a}
570 log_test_addr ${a} $? 0 "ping in"
571 done
572
573 #
574 # local traffic
575 #
576 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
577 do
578 log_start
579 run_cmd ping -c1 -w1 ${a}
580 log_test_addr ${a} $? 0 "ping local"
581 done
582
583 #
584 # local traffic, socket bound to device
585 #
586 # address on device
587 a=${NSA_IP}
588 log_start
589 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
590 log_test_addr ${a} $? 0 "ping local, device bind"
591
592 # loopback addresses not reachable from device bind
593 # fails in a really weird way though because ipv4 special cases
594 # route lookups with oif set.
595 for a in ${NSA_LO_IP} 127.0.0.1
596 do
597 log_start
598 show_hint "Fails since address on loopback device is out of device scope"
599 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
600 log_test_addr ${a} $? 1 "ping local, device bind"
601 done
602
603 #
604 # ip rule blocks reachability to remote address
605 #
606 log_start
607 setup_cmd ip rule add pref 32765 from all lookup local
608 setup_cmd ip rule del pref 0 from all lookup local
609 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
610 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
611
612 a=${NSB_LO_IP}
613 run_cmd ping -c1 -w1 ${a}
614 log_test_addr ${a} $? 2 "ping out, blocked by rule"
615
616 # NOTE: ipv4 actually allows the lookup to fail and yet still create
617 # a viable rtable if the oif (e.g., bind to device) is set, so this
618 # case succeeds despite the rule
619 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
620
621 a=${NSA_LO_IP}
622 log_start
623 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
624 run_cmd_nsb ping -c1 -w1 ${a}
625 log_test_addr ${a} $? 1 "ping in, blocked by rule"
626
627 [ "$VERBOSE" = "1" ] && echo
628 setup_cmd ip rule del pref 32765 from all lookup local
629 setup_cmd ip rule add pref 0 from all lookup local
630 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
631 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
632
633 #
634 # route blocks reachability to remote address
635 #
636 log_start
637 setup_cmd ip route replace unreachable ${NSB_LO_IP}
638 setup_cmd ip route replace unreachable ${NSB_IP}
639
640 a=${NSB_LO_IP}
641 run_cmd ping -c1 -w1 ${a}
642 log_test_addr ${a} $? 2 "ping out, blocked by route"
643
644 # NOTE: ipv4 actually allows the lookup to fail and yet still create
645 # a viable rtable if the oif (e.g., bind to device) is set, so this
646 # case succeeds despite not having a route for the address
647 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
648
649 a=${NSA_LO_IP}
650 log_start
651 show_hint "Response is dropped (or arp request is ignored) due to ip route"
652 run_cmd_nsb ping -c1 -w1 ${a}
653 log_test_addr ${a} $? 1 "ping in, blocked by route"
654
655 #
656 # remove 'remote' routes; fallback to default
657 #
658 log_start
659 setup_cmd ip ro del ${NSB_LO_IP}
660
661 a=${NSB_LO_IP}
662 run_cmd ping -c1 -w1 ${a}
663 log_test_addr ${a} $? 2 "ping out, unreachable default route"
664
665 # NOTE: ipv4 actually allows the lookup to fail and yet still create
666 # a viable rtable if the oif (e.g., bind to device) is set, so this
667 # case succeeds despite not having a route for the address
668 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
669}
670
671ipv4_ping_vrf()
672{
673 local a
674
675 # should default on; does not exist on older kernels
676 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
677
678 #
679 # out
680 #
681 for a in ${NSB_IP} ${NSB_LO_IP}
682 do
683 log_start
684 run_cmd ping -c1 -w1 -I ${VRF} ${a}
685 log_test_addr ${a} $? 0 "ping out, VRF bind"
686
687 log_start
688 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
689 log_test_addr ${a} $? 0 "ping out, device bind"
690
691 log_start
692 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
693 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
694
695 log_start
696 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
697 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
698 done
699
700 #
701 # in
702 #
703 for a in ${NSA_IP} ${VRF_IP}
704 do
705 log_start
706 run_cmd_nsb ping -c1 -w1 ${a}
707 log_test_addr ${a} $? 0 "ping in"
708 done
709
710 #
711 # local traffic, local address
712 #
713 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
714 do
715 log_start
716 show_hint "Source address should be ${a}"
717 run_cmd ping -c1 -w1 -I ${VRF} ${a}
718 log_test_addr ${a} $? 0 "ping local, VRF bind"
719 done
720
721 #
722 # local traffic, socket bound to device
723 #
724 # address on device
725 a=${NSA_IP}
726 log_start
727 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
728 log_test_addr ${a} $? 0 "ping local, device bind"
729
730 # vrf device is out of scope
731 for a in ${VRF_IP} 127.0.0.1
732 do
733 log_start
734 show_hint "Fails since address on vrf device is out of device scope"
735 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
736 log_test_addr ${a} $? 1 "ping local, device bind"
737 done
738
739 #
740 # ip rule blocks address
741 #
742 log_start
743 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
744 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
745
746 a=${NSB_LO_IP}
747 run_cmd ping -c1 -w1 -I ${VRF} ${a}
748 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
749
750 log_start
751 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
752 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
753
754 a=${NSA_LO_IP}
755 log_start
756 show_hint "Response lost due to ip rule"
757 run_cmd_nsb ping -c1 -w1 ${a}
758 log_test_addr ${a} $? 1 "ping in, blocked by rule"
759
760 [ "$VERBOSE" = "1" ] && echo
761 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
762 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
763
764 #
765 # remove 'remote' routes; fallback to default
766 #
767 log_start
768 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
769
770 a=${NSB_LO_IP}
771 run_cmd ping -c1 -w1 -I ${VRF} ${a}
772 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
773
774 log_start
775 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
776 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
777
778 a=${NSA_LO_IP}
779 log_start
780 show_hint "Response lost by unreachable route"
781 run_cmd_nsb ping -c1 -w1 ${a}
782 log_test_addr ${a} $? 1 "ping in, unreachable route"
783}
784
785ipv4_ping()
786{
787 log_section "IPv4 ping"
788
789 log_subsection "No VRF"
790 setup
791 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
792 ipv4_ping_novrf
793 setup
794 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
795 ipv4_ping_novrf
796
797 log_subsection "With VRF"
798 setup "yes"
799 ipv4_ping_vrf
800}
801
802################################################################################
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]803# IPv4 TCP
804
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]805#
806# MD5 tests without VRF
807#
808ipv4_tcp_md5_novrf()
809{
810 #
811 # single address
812 #
813
814 # basic use case
815 log_start
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]816 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]817 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]818 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]819 log_test $? 0 "MD5: Single address config"
820
821 # client sends MD5, server not configured
822 log_start
823 show_hint "Should timeout due to MD5 mismatch"
824 run_cmd nettest -s &
825 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]826 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]827 log_test $? 2 "MD5: Server no config, client uses password"
828
829 # wrong password
830 log_start
831 show_hint "Should timeout since client uses wrong password"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]832 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]833 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]834 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]835 log_test $? 2 "MD5: Client uses wrong password"
836
837 # client from different address
838 log_start
839 show_hint "Should timeout due to MD5 mismatch"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]840 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]841 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]842 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]843 log_test $? 2 "MD5: Client address does not match address configured with password"
844
845 #
846 # MD5 extension - prefix length
847 #
848
849 # client in prefix
850 log_start
851 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
852 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]853 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]854 log_test $? 0 "MD5: Prefix config"
855
856 # client in prefix, wrong password
857 log_start
858 show_hint "Should timeout since client uses wrong password"
859 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
860 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]861 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]862 log_test $? 2 "MD5: Prefix config, client uses wrong password"
863
864 # client outside of prefix
865 log_start
866 show_hint "Should timeout due to MD5 mismatch"
867 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
868 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]869 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]870 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
871}
872
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]873#
874# MD5 tests with VRF
875#
876ipv4_tcp_md5()
877{
878 #
879 # single address
880 #
881
882 # basic use case
883 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]884 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]885 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]886 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]887 log_test $? 0 "MD5: VRF: Single address config"
888
889 # client sends MD5, server not configured
890 log_start
891 show_hint "Should timeout since server does not have MD5 auth"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]892 run_cmd nettest -s -I ${VRF} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]893 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]894 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]895 log_test $? 2 "MD5: VRF: Server no config, client uses password"
896
897 # wrong password
898 log_start
899 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]900 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]901 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]902 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]903 log_test $? 2 "MD5: VRF: Client uses wrong password"
904
905 # client from different address
906 log_start
907 show_hint "Should timeout since server config differs from client"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]908 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]909 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]910 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]911 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
912
913 #
914 # MD5 extension - prefix length
915 #
916
917 # client in prefix
918 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]919 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]920 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]921 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]922 log_test $? 0 "MD5: VRF: Prefix config"
923
924 # client in prefix, wrong password
925 log_start
926 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]927 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]928 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]929 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]930 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
931
932 # client outside of prefix
933 log_start
934 show_hint "Should timeout since client address is outside of prefix"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]935 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]936 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]937 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]938 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
939
940 #
941 # duplicate config between default VRF and a VRF
942 #
943
944 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]945 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]946 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]947 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]948 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]949 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
950
951 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]952 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]953 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]954 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]955 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]956 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
957
958 log_start
959 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]960 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]961 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]962 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]963 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]964 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
965
966 log_start
967 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]968 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]969 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]970 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]971 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]972 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
973
974 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]975 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]976 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
977 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]978 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]979 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
980
981 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]982 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]983 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
984 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]985 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]986 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
987
988 log_start
989 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]990 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]991 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
992 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]993 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]994 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
995
996 log_start
997 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]998 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]999 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1000 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]1001 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1002 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
1003
1004 #
1005 # negative tests
1006 #
1007 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1008 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1009 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1010
1011 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1012 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1013 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1014
Leonard Crestez64e40172021-10-15 10:26:07 +0300[diff] [blame]1015 test_ipv4_md5_vrf__vrf_server__no_bind_ifindex
1016 test_ipv4_md5_vrf__global_server__bind_ifindex0
1017}
1018
1019test_ipv4_md5_vrf__vrf_server__no_bind_ifindex()
1020{
1021 log_start
1022 show_hint "Simulates applications using VRF without TCP_MD5SIG_FLAG_IFINDEX"
1023 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1024 sleep 1
1025 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1026 log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
1027
1028 log_start
1029 show_hint "Binding both the socket and the key is not required but it works"
1030 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1031 sleep 1
1032 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1033 log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
1034}
1035
1036test_ipv4_md5_vrf__global_server__bind_ifindex0()
1037{
1038 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1039 local old_tcp_l3mdev_accept
1040 old_tcp_l3mdev_accept=$(get_sysctl net.ipv4.tcp_l3mdev_accept)
1041 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1042
1043 log_start
1044 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1045 sleep 1
1046 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1047 log_test $? 2 "MD5: VRF: Global server, Key bound to ifindex=0 rejects VRF connection"
1048
1049 log_start
1050 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1051 sleep 1
1052 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1053 log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
1054 log_start
1055
1056 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1057 sleep 1
1058 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1059 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts VRF connection"
1060
1061 log_start
1062 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1063 sleep 1
1064 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1065 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
1066
1067 # restore value
1068 set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept"
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1069}
1070
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1071ipv4_tcp_novrf()
1072{
1073 local a
1074
1075 #
1076 # server tests
1077 #
1078 for a in ${NSA_IP} ${NSA_LO_IP}
1079 do
1080 log_start
1081 run_cmd nettest -s &
1082 sleep 1
1083 run_cmd_nsb nettest -r ${a}
1084 log_test_addr ${a} $? 0 "Global server"
1085 done
1086
1087 a=${NSA_IP}
1088 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1089 run_cmd nettest -s -I ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1090 sleep 1
1091 run_cmd_nsb nettest -r ${a}
1092 log_test_addr ${a} $? 0 "Device server"
1093
1094 # verify TCP reset sent and received
1095 for a in ${NSA_IP} ${NSA_LO_IP}
1096 do
1097 log_start
1098 show_hint "Should fail 'Connection refused' since there is no server"
1099 run_cmd_nsb nettest -r ${a}
1100 log_test_addr ${a} $? 1 "No server"
1101 done
1102
1103 #
1104 # client
1105 #
1106 for a in ${NSB_IP} ${NSB_LO_IP}
1107 do
1108 log_start
1109 run_cmd_nsb nettest -s &
1110 sleep 1
1111 run_cmd nettest -r ${a} -0 ${NSA_IP}
1112 log_test_addr ${a} $? 0 "Client"
1113
1114 log_start
1115 run_cmd_nsb nettest -s &
1116 sleep 1
1117 run_cmd nettest -r ${a} -d ${NSA_DEV}
1118 log_test_addr ${a} $? 0 "Client, device bind"
1119
1120 log_start
1121 show_hint "Should fail 'Connection refused'"
1122 run_cmd nettest -r ${a}
1123 log_test_addr ${a} $? 1 "No server, unbound client"
1124
1125 log_start
1126 show_hint "Should fail 'Connection refused'"
1127 run_cmd nettest -r ${a} -d ${NSA_DEV}
1128 log_test_addr ${a} $? 1 "No server, device client"
1129 done
1130
1131 #
1132 # local address tests
1133 #
1134 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1135 do
1136 log_start
1137 run_cmd nettest -s &
1138 sleep 1
1139 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1140 log_test_addr ${a} $? 0 "Global server, local connection"
1141 done
1142
1143 a=${NSA_IP}
1144 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1145 run_cmd nettest -s -I ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1146 sleep 1
1147 run_cmd nettest -r ${a} -0 ${a}
1148 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1149
1150 for a in ${NSA_LO_IP} 127.0.0.1
1151 do
1152 log_start
1153 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1154 run_cmd nettest -s -I ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1155 sleep 1
1156 run_cmd nettest -r ${a}
1157 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1158 done
1159
1160 a=${NSA_IP}
1161 log_start
1162 run_cmd nettest -s &
1163 sleep 1
1164 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1165 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1166
1167 for a in ${NSA_LO_IP} 127.0.0.1
1168 do
1169 log_start
1170 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
1171 run_cmd nettest -s &
1172 sleep 1
1173 run_cmd nettest -r ${a} -d ${NSA_DEV}
1174 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1175 done
1176
1177 a=${NSA_IP}
1178 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1179 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1180 sleep 1
1181 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1182 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1183
1184 log_start
1185 show_hint "Should fail 'Connection refused'"
1186 run_cmd nettest -d ${NSA_DEV} -r ${a}
1187 log_test_addr ${a} $? 1 "No server, device client, local conn"
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]1188
1189 ipv4_tcp_md5_novrf
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1190}
1191
1192ipv4_tcp_vrf()
1193{
1194 local a
1195
1196 # disable global server
1197 log_subsection "Global server disabled"
1198
1199 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1200
1201 #
1202 # server tests
1203 #
1204 for a in ${NSA_IP} ${VRF_IP}
1205 do
1206 log_start
1207 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1208 run_cmd nettest -s &
1209 sleep 1
1210 run_cmd_nsb nettest -r ${a}
1211 log_test_addr ${a} $? 1 "Global server"
1212
1213 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1214 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1215 sleep 1
1216 run_cmd_nsb nettest -r ${a}
1217 log_test_addr ${a} $? 0 "VRF server"
1218
1219 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1220 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1221 sleep 1
1222 run_cmd_nsb nettest -r ${a}
1223 log_test_addr ${a} $? 0 "Device server"
1224
1225 # verify TCP reset received
1226 log_start
1227 show_hint "Should fail 'Connection refused' since there is no server"
1228 run_cmd_nsb nettest -r ${a}
1229 log_test_addr ${a} $? 1 "No server"
1230 done
1231
1232 # local address tests
1233 # (${VRF_IP} and 127.0.0.1 both timeout)
1234 a=${NSA_IP}
1235 log_start
1236 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1237 run_cmd nettest -s &
1238 sleep 1
1239 run_cmd nettest -r ${a} -d ${NSA_DEV}
1240 log_test_addr ${a} $? 1 "Global server, local connection"
1241
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1242 # run MD5 tests
1243 ipv4_tcp_md5
1244
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1245 #
1246 # enable VRF global server
1247 #
1248 log_subsection "VRF Global server enabled"
1249 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1250
1251 for a in ${NSA_IP} ${VRF_IP}
1252 do
1253 log_start
1254 show_hint "client socket should be bound to VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1255 run_cmd nettest -s -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1256 sleep 1
1257 run_cmd_nsb nettest -r ${a}
1258 log_test_addr ${a} $? 0 "Global server"
1259
1260 log_start
1261 show_hint "client socket should be bound to VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1262 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1263 sleep 1
1264 run_cmd_nsb nettest -r ${a}
1265 log_test_addr ${a} $? 0 "VRF server"
1266
1267 # verify TCP reset received
1268 log_start
1269 show_hint "Should fail 'Connection refused'"
1270 run_cmd_nsb nettest -r ${a}
1271 log_test_addr ${a} $? 1 "No server"
1272 done
1273
1274 a=${NSA_IP}
1275 log_start
1276 show_hint "client socket should be bound to device"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1277 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1278 sleep 1
1279 run_cmd_nsb nettest -r ${a}
1280 log_test_addr ${a} $? 0 "Device server"
1281
1282 # local address tests
1283 for a in ${NSA_IP} ${VRF_IP}
1284 do
1285 log_start
David Ahern17aa23e2020-01-05 20:02:05 -0800[diff] [blame]1286 show_hint "Should fail 'Connection refused' since client is not bound to VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1287 run_cmd nettest -s -I ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1288 sleep 1
1289 run_cmd nettest -r ${a}
1290 log_test_addr ${a} $? 1 "Global server, local connection"
1291 done
1292
1293 #
1294 # client
1295 #
1296 for a in ${NSB_IP} ${NSB_LO_IP}
1297 do
1298 log_start
1299 run_cmd_nsb nettest -s &
1300 sleep 1
1301 run_cmd nettest -r ${a} -d ${VRF}
1302 log_test_addr ${a} $? 0 "Client, VRF bind"
1303
1304 log_start
1305 run_cmd_nsb nettest -s &
1306 sleep 1
1307 run_cmd nettest -r ${a} -d ${NSA_DEV}
1308 log_test_addr ${a} $? 0 "Client, device bind"
1309
1310 log_start
1311 show_hint "Should fail 'Connection refused'"
1312 run_cmd nettest -r ${a} -d ${VRF}
1313 log_test_addr ${a} $? 1 "No server, VRF client"
1314
1315 log_start
1316 show_hint "Should fail 'Connection refused'"
1317 run_cmd nettest -r ${a} -d ${NSA_DEV}
1318 log_test_addr ${a} $? 1 "No server, device client"
1319 done
1320
1321 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1322 do
1323 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1324 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1325 sleep 1
1326 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1327 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1328 done
1329
1330 a=${NSA_IP}
1331 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1332 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1333 sleep 1
1334 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1335 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1336
1337 log_start
1338 show_hint "Should fail 'No route to host' since client is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1339 run_cmd nettest -s -I ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1340 sleep 1
1341 run_cmd nettest -r ${a}
1342 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1343
1344 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1345 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1346 sleep 1
1347 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1348 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1349
1350 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1351 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1352 sleep 1
1353 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1354 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1355}
1356
1357ipv4_tcp()
1358{
1359 log_section "IPv4/TCP"
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1360 log_subsection "No VRF"
1361 setup
1362
1363 # tcp_l3mdev_accept should have no affect without VRF;
1364 # run tests with it enabled and disabled to verify
1365 log_subsection "tcp_l3mdev_accept disabled"
1366 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1367 ipv4_tcp_novrf
1368 log_subsection "tcp_l3mdev_accept enabled"
1369 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1370 ipv4_tcp_novrf
1371
1372 log_subsection "With VRF"
1373 setup "yes"
1374 ipv4_tcp_vrf
1375}
1376
1377################################################################################
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1378# IPv4 UDP
1379
1380ipv4_udp_novrf()
1381{
1382 local a
1383
1384 #
1385 # server tests
1386 #
1387 for a in ${NSA_IP} ${NSA_LO_IP}
1388 do
1389 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1390 run_cmd nettest -D -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1391 sleep 1
1392 run_cmd_nsb nettest -D -r ${a}
1393 log_test_addr ${a} $? 0 "Global server"
1394
1395 log_start
1396 show_hint "Should fail 'Connection refused' since there is no server"
1397 run_cmd_nsb nettest -D -r ${a}
1398 log_test_addr ${a} $? 1 "No server"
1399 done
1400
1401 a=${NSA_IP}
1402 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1403 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1404 sleep 1
1405 run_cmd_nsb nettest -D -r ${a}
1406 log_test_addr ${a} $? 0 "Device server"
1407
1408 #
1409 # client
1410 #
1411 for a in ${NSB_IP} ${NSB_LO_IP}
1412 do
1413 log_start
1414 run_cmd_nsb nettest -D -s &
1415 sleep 1
1416 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1417 log_test_addr ${a} $? 0 "Client"
1418
1419 log_start
1420 run_cmd_nsb nettest -D -s &
1421 sleep 1
1422 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1423 log_test_addr ${a} $? 0 "Client, device bind"
1424
1425 log_start
1426 run_cmd_nsb nettest -D -s &
1427 sleep 1
1428 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1429 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1430
1431 log_start
1432 run_cmd_nsb nettest -D -s &
1433 sleep 1
1434 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1435 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1436
1437 log_start
1438 show_hint "Should fail 'Connection refused'"
1439 run_cmd nettest -D -r ${a}
1440 log_test_addr ${a} $? 1 "No server, unbound client"
1441
1442 log_start
1443 show_hint "Should fail 'Connection refused'"
1444 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1445 log_test_addr ${a} $? 1 "No server, device client"
1446 done
1447
1448 #
1449 # local address tests
1450 #
1451 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1452 do
1453 log_start
1454 run_cmd nettest -D -s &
1455 sleep 1
1456 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1457 log_test_addr ${a} $? 0 "Global server, local connection"
1458 done
1459
1460 a=${NSA_IP}
1461 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1462 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1463 sleep 1
1464 run_cmd nettest -D -r ${a}
1465 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1466
1467 for a in ${NSA_LO_IP} 127.0.0.1
1468 do
1469 log_start
1470 show_hint "Should fail 'Connection refused' since address is out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1471 run_cmd nettest -s -D -I ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1472 sleep 1
1473 run_cmd nettest -D -r ${a}
1474 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1475 done
1476
1477 a=${NSA_IP}
1478 log_start
1479 run_cmd nettest -s -D &
1480 sleep 1
1481 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1482 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1483
1484 log_start
1485 run_cmd nettest -s -D &
1486 sleep 1
1487 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1488 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1489
1490 log_start
1491 run_cmd nettest -s -D &
1492 sleep 1
1493 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1494 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1495
1496 # IPv4 with device bind has really weird behavior - it overrides the
1497 # fib lookup, generates an rtable and tries to send the packet. This
1498 # causes failures for local traffic at different places
1499 for a in ${NSA_LO_IP} 127.0.0.1
1500 do
1501 log_start
1502 show_hint "Should fail since addresses on loopback are out of device scope"
1503 run_cmd nettest -D -s &
1504 sleep 1
1505 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1506 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1507
1508 log_start
1509 show_hint "Should fail since addresses on loopback are out of device scope"
1510 run_cmd nettest -D -s &
1511 sleep 1
1512 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1513 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1514
1515 log_start
1516 show_hint "Should fail since addresses on loopback are out of device scope"
1517 run_cmd nettest -D -s &
1518 sleep 1
1519 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1520 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1521 done
1522
1523 a=${NSA_IP}
1524 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1525 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1526 sleep 1
1527 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1528 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1529
1530 log_start
1531 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1532 log_test_addr ${a} $? 2 "No server, device client, local conn"
1533}
1534
1535ipv4_udp_vrf()
1536{
1537 local a
1538
1539 # disable global server
1540 log_subsection "Global server disabled"
1541 set_sysctl net.ipv4.udp_l3mdev_accept=0
1542
1543 #
1544 # server tests
1545 #
1546 for a in ${NSA_IP} ${VRF_IP}
1547 do
1548 log_start
1549 show_hint "Fails because ingress is in a VRF and global server is disabled"
1550 run_cmd nettest -D -s &
1551 sleep 1
1552 run_cmd_nsb nettest -D -r ${a}
1553 log_test_addr ${a} $? 1 "Global server"
1554
1555 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1556 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1557 sleep 1
1558 run_cmd_nsb nettest -D -r ${a}
1559 log_test_addr ${a} $? 0 "VRF server"
1560
1561 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1562 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1563 sleep 1
1564 run_cmd_nsb nettest -D -r ${a}
1565 log_test_addr ${a} $? 0 "Enslaved device server"
1566
1567 log_start
1568 show_hint "Should fail 'Connection refused' since there is no server"
1569 run_cmd_nsb nettest -D -r ${a}
1570 log_test_addr ${a} $? 1 "No server"
1571
1572 log_start
1573 show_hint "Should fail 'Connection refused' since global server is out of scope"
1574 run_cmd nettest -D -s &
1575 sleep 1
1576 run_cmd nettest -D -d ${VRF} -r ${a}
1577 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1578 done
1579
1580 a=${NSA_IP}
1581 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1582 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1583 sleep 1
1584 run_cmd nettest -D -d ${VRF} -r ${a}
1585 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1586
1587 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1588 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1589 sleep 1
1590 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1591 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1592
1593 a=${NSA_IP}
1594 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1595 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1596 sleep 1
1597 run_cmd nettest -D -d ${VRF} -r ${a}
1598 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1599
1600 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1601 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1602 sleep 1
1603 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1604 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1605
1606 # enable global server
1607 log_subsection "Global server enabled"
1608 set_sysctl net.ipv4.udp_l3mdev_accept=1
1609
1610 #
1611 # server tests
1612 #
1613 for a in ${NSA_IP} ${VRF_IP}
1614 do
1615 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1616 run_cmd nettest -D -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1617 sleep 1
1618 run_cmd_nsb nettest -D -r ${a}
1619 log_test_addr ${a} $? 0 "Global server"
1620
1621 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1622 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1623 sleep 1
1624 run_cmd_nsb nettest -D -r ${a}
1625 log_test_addr ${a} $? 0 "VRF server"
1626
1627 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1628 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1629 sleep 1
1630 run_cmd_nsb nettest -D -r ${a}
1631 log_test_addr ${a} $? 0 "Enslaved device server"
1632
1633 log_start
1634 show_hint "Should fail 'Connection refused'"
1635 run_cmd_nsb nettest -D -r ${a}
1636 log_test_addr ${a} $? 1 "No server"
1637 done
1638
1639 #
1640 # client tests
1641 #
1642 log_start
1643 run_cmd_nsb nettest -D -s &
1644 sleep 1
1645 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1646 log_test $? 0 "VRF client"
1647
1648 log_start
1649 run_cmd_nsb nettest -D -s &
1650 sleep 1
1651 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1652 log_test $? 0 "Enslaved device client"
1653
1654 # negative test - should fail
1655 log_start
1656 show_hint "Should fail 'Connection refused'"
1657 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1658 log_test $? 1 "No server, VRF client"
1659
1660 log_start
1661 show_hint "Should fail 'Connection refused'"
1662 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1663 log_test $? 1 "No server, enslaved device client"
1664
1665 #
1666 # local address tests
1667 #
1668 a=${NSA_IP}
1669 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1670 run_cmd nettest -D -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1671 sleep 1
1672 run_cmd nettest -D -d ${VRF} -r ${a}
1673 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1674
1675 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1676 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1677 sleep 1
1678 run_cmd nettest -D -d ${VRF} -r ${a}
1679 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1680
1681 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1682 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1683 sleep 1
1684 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1685 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1686
1687 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1688 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1689 sleep 1
1690 run_cmd nettest -D -d ${VRF} -r ${a}
1691 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1692
1693 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1694 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1695 sleep 1
1696 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1697 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1698
1699 for a in ${VRF_IP} 127.0.0.1
1700 do
1701 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1702 run_cmd nettest -D -s -3 ${VRF} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1703 sleep 1
1704 run_cmd nettest -D -d ${VRF} -r ${a}
1705 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1706 done
1707
1708 for a in ${VRF_IP} 127.0.0.1
1709 do
1710 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1711 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1712 sleep 1
1713 run_cmd nettest -D -d ${VRF} -r ${a}
1714 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1715 done
1716
1717 # negative test - should fail
1718 # verifies ECONNREFUSED
1719 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1720 do
1721 log_start
1722 show_hint "Should fail 'Connection refused'"
1723 run_cmd nettest -D -d ${VRF} -r ${a}
1724 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1725 done
1726}
1727
1728ipv4_udp()
1729{
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1730 log_section "IPv4/UDP"
1731 log_subsection "No VRF"
1732
1733 setup
1734
1735 # udp_l3mdev_accept should have no affect without VRF;
1736 # run tests with it enabled and disabled to verify
1737 log_subsection "udp_l3mdev_accept disabled"
1738 set_sysctl net.ipv4.udp_l3mdev_accept=0
1739 ipv4_udp_novrf
1740 log_subsection "udp_l3mdev_accept enabled"
1741 set_sysctl net.ipv4.udp_l3mdev_accept=1
1742 ipv4_udp_novrf
1743
1744 log_subsection "With VRF"
1745 setup "yes"
1746 ipv4_udp_vrf
1747}
1748
1749################################################################################
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1750# IPv4 address bind
1751#
1752# verifies ability or inability to bind to an address / device
1753
1754ipv4_addr_bind_novrf()
1755{
1756 #
1757 # raw socket
1758 #
1759 for a in ${NSA_IP} ${NSA_LO_IP}
1760 do
1761 log_start
1762 run_cmd nettest -s -R -P icmp -l ${a} -b
1763 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1764
1765 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1766 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1767 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1768 done
1769
1770 #
1771 # tcp sockets
1772 #
1773 a=${NSA_IP}
1774 log_start
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]1775 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1776 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1777
1778 log_start
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]1779 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1780 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1781
1782 # Sadly, the kernel allows binding a socket to a device and then
1783 # binding to an address not on the device. The only restriction
1784 # is that the address is valid in the L3 domain. So this test
1785 # passes when it really should not
1786 #a=${NSA_LO_IP}
1787 #log_start
1788 #show_hint "Should fail with 'Cannot assign requested address'"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1789 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1790 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1791}
1792
1793ipv4_addr_bind_vrf()
1794{
1795 #
1796 # raw socket
1797 #
1798 for a in ${NSA_IP} ${VRF_IP}
1799 do
1800 log_start
1801 run_cmd nettest -s -R -P icmp -l ${a} -b
1802 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1803
1804 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1805 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1806 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1807 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1808 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1809 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1810 done
1811
1812 a=${NSA_LO_IP}
1813 log_start
1814 show_hint "Address on loopback is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1815 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1816 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1817
1818 #
1819 # tcp sockets
1820 #
1821 for a in ${NSA_IP} ${VRF_IP}
1822 do
1823 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1824 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1825 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1826
1827 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1828 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1829 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1830 done
1831
1832 a=${NSA_LO_IP}
1833 log_start
1834 show_hint "Address on loopback out of scope for VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1835 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1836 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1837
1838 log_start
1839 show_hint "Address on loopback out of scope for device in VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1840 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1841 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1842}
1843
1844ipv4_addr_bind()
1845{
1846 log_section "IPv4 address binds"
1847
1848 log_subsection "No VRF"
1849 setup
1850 ipv4_addr_bind_novrf
1851
1852 log_subsection "With VRF"
1853 setup "yes"
1854 ipv4_addr_bind_vrf
1855}
1856
1857################################################################################
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1858# IPv4 runtime tests
1859
1860ipv4_rt()
1861{
1862 local desc="$1"
1863 local varg="$2"
1864 local with_vrf="yes"
1865 local a
1866
1867 #
1868 # server tests
1869 #
1870 for a in ${NSA_IP} ${VRF_IP}
1871 do
1872 log_start
1873 run_cmd nettest ${varg} -s &
1874 sleep 1
1875 run_cmd_nsb nettest ${varg} -r ${a} &
1876 sleep 3
1877 run_cmd ip link del ${VRF}
1878 sleep 1
1879 log_test_addr ${a} 0 0 "${desc}, global server"
1880
1881 setup ${with_vrf}
1882 done
1883
1884 for a in ${NSA_IP} ${VRF_IP}
1885 do
1886 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1887 run_cmd nettest ${varg} -s -I ${VRF} &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1888 sleep 1
1889 run_cmd_nsb nettest ${varg} -r ${a} &
1890 sleep 3
1891 run_cmd ip link del ${VRF}
1892 sleep 1
1893 log_test_addr ${a} 0 0 "${desc}, VRF server"
1894
1895 setup ${with_vrf}
1896 done
1897
1898 a=${NSA_IP}
1899 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1900 run_cmd nettest ${varg} -s -I ${NSA_DEV} &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1901 sleep 1
1902 run_cmd_nsb nettest ${varg} -r ${a} &
1903 sleep 3
1904 run_cmd ip link del ${VRF}
1905 sleep 1
1906 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1907
1908 setup ${with_vrf}
1909
1910 #
1911 # client test
1912 #
1913 log_start
1914 run_cmd_nsb nettest ${varg} -s &
1915 sleep 1
1916 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
1917 sleep 3
1918 run_cmd ip link del ${VRF}
1919 sleep 1
1920 log_test_addr ${a} 0 0 "${desc}, VRF client"
1921
1922 setup ${with_vrf}
1923
1924 log_start
1925 run_cmd_nsb nettest ${varg} -s &
1926 sleep 1
1927 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1928 sleep 3
1929 run_cmd ip link del ${VRF}
1930 sleep 1
1931 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1932
1933 setup ${with_vrf}
1934
1935 #
1936 # local address tests
1937 #
1938 for a in ${NSA_IP} ${VRF_IP}
1939 do
1940 log_start
1941 run_cmd nettest ${varg} -s &
1942 sleep 1
1943 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1944 sleep 3
1945 run_cmd ip link del ${VRF}
1946 sleep 1
1947 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1948
1949 setup ${with_vrf}
1950 done
1951
1952 for a in ${NSA_IP} ${VRF_IP}
1953 do
1954 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1955 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1956 sleep 1
1957 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1958 sleep 3
1959 run_cmd ip link del ${VRF}
1960 sleep 1
1961 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1962
1963 setup ${with_vrf}
1964 done
1965
1966 a=${NSA_IP}
1967 log_start
1968 run_cmd nettest ${varg} -s &
1969 sleep 1
1970 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1971 sleep 3
1972 run_cmd ip link del ${VRF}
1973 sleep 1
1974 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
1975
1976 setup ${with_vrf}
1977
1978 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1979 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1980 sleep 1
1981 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1982 sleep 3
1983 run_cmd ip link del ${VRF}
1984 sleep 1
1985 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1986
1987 setup ${with_vrf}
1988
1989 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1990 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1991 sleep 1
1992 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1993 sleep 3
1994 run_cmd ip link del ${VRF}
1995 sleep 1
1996 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
1997}
1998
1999ipv4_ping_rt()
2000{
2001 local with_vrf="yes"
2002 local a
2003
2004 for a in ${NSA_IP} ${VRF_IP}
2005 do
2006 log_start
2007 run_cmd_nsb ping -f ${a} &
2008 sleep 3
2009 run_cmd ip link del ${VRF}
2010 sleep 1
2011 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2012
2013 setup ${with_vrf}
2014 done
2015
2016 a=${NSB_IP}
2017 log_start
2018 run_cmd ping -f -I ${VRF} ${a} &
2019 sleep 3
2020 run_cmd ip link del ${VRF}
2021 sleep 1
2022 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2023}
2024
2025ipv4_runtime()
2026{
2027 log_section "Run time tests - ipv4"
2028
2029 setup "yes"
2030 ipv4_ping_rt
2031
2032 setup "yes"
2033 ipv4_rt "TCP active socket" "-n -1"
2034
2035 setup "yes"
2036 ipv4_rt "TCP passive socket" "-i"
2037}
2038
2039################################################################################
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]2040# IPv6
2041
2042ipv6_ping_novrf()
2043{
2044 local a
2045
2046 # should not have an impact, but make a known state
2047 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
2048
2049 #
2050 # out
2051 #
2052 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2053 do
2054 log_start
2055 run_cmd ${ping6} -c1 -w1 ${a}
2056 log_test_addr ${a} $? 0 "ping out"
2057 done
2058
2059 for a in ${NSB_IP6} ${NSB_LO_IP6}
2060 do
2061 log_start
2062 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2063 log_test_addr ${a} $? 0 "ping out, device bind"
2064
2065 log_start
2066 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2067 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2068 done
2069
2070 #
2071 # in
2072 #
2073 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2074 do
2075 log_start
2076 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2077 log_test_addr ${a} $? 0 "ping in"
2078 done
2079
2080 #
2081 # local traffic, local address
2082 #
2083 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2084 do
2085 log_start
2086 run_cmd ${ping6} -c1 -w1 ${a}
2087 log_test_addr ${a} $? 0 "ping local, no bind"
2088 done
2089
2090 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2091 do
2092 log_start
2093 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2094 log_test_addr ${a} $? 0 "ping local, device bind"
2095 done
2096
2097 for a in ${NSA_LO_IP6} ::1
2098 do
2099 log_start
2100 show_hint "Fails since address on loopback is out of device scope"
2101 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2102 log_test_addr ${a} $? 2 "ping local, device bind"
2103 done
2104
2105 #
2106 # ip rule blocks address
2107 #
2108 log_start
2109 setup_cmd ip -6 rule add pref 32765 from all lookup local
2110 setup_cmd ip -6 rule del pref 0 from all lookup local
2111 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2112 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2113
2114 a=${NSB_LO_IP6}
2115 run_cmd ${ping6} -c1 -w1 ${a}
2116 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2117
2118 log_start
2119 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2120 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2121
2122 a=${NSA_LO_IP6}
2123 log_start
2124 show_hint "Response lost due to ip rule"
2125 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2126 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2127
2128 setup_cmd ip -6 rule add pref 0 from all lookup local
2129 setup_cmd ip -6 rule del pref 32765 from all lookup local
2130 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2131 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2132
2133 #
2134 # route blocks reachability to remote address
2135 #
2136 log_start
2137 setup_cmd ip -6 route del ${NSB_LO_IP6}
2138 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2139 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2140
2141 a=${NSB_LO_IP6}
2142 run_cmd ${ping6} -c1 -w1 ${a}
2143 log_test_addr ${a} $? 2 "ping out, blocked by route"
2144
2145 log_start
2146 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2147 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2148
2149 a=${NSA_LO_IP6}
2150 log_start
2151 show_hint "Response lost due to ip route"
2152 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2153 log_test_addr ${a} $? 1 "ping in, blocked by route"
2154
2155
2156 #
2157 # remove 'remote' routes; fallback to default
2158 #
2159 log_start
2160 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2161 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2162
2163 a=${NSB_LO_IP6}
2164 run_cmd ${ping6} -c1 -w1 ${a}
2165 log_test_addr ${a} $? 2 "ping out, unreachable route"
2166
2167 log_start
2168 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2169 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2170}
2171
2172ipv6_ping_vrf()
2173{
2174 local a
2175
2176 # should default on; does not exist on older kernels
2177 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2178
2179 #
2180 # out
2181 #
2182 for a in ${NSB_IP6} ${NSB_LO_IP6}
2183 do
2184 log_start
2185 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2186 log_test_addr ${a} $? 0 "ping out, VRF bind"
2187 done
2188
2189 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2190 do
2191 log_start
2192 show_hint "Fails since VRF device does not support linklocal or multicast"
2193 run_cmd ${ping6} -c1 -w1 ${a}
2194 log_test_addr ${a} $? 2 "ping out, VRF bind"
2195 done
2196
2197 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2198 do
2199 log_start
2200 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2201 log_test_addr ${a} $? 0 "ping out, device bind"
2202 done
2203
2204 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2205 do
2206 log_start
2207 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2208 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2209 done
2210
2211 #
2212 # in
2213 #
2214 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2215 do
2216 log_start
2217 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2218 log_test_addr ${a} $? 0 "ping in"
2219 done
2220
2221 a=${NSA_LO_IP6}
2222 log_start
2223 show_hint "Fails since loopback address is out of VRF scope"
2224 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2225 log_test_addr ${a} $? 1 "ping in"
2226
2227 #
2228 # local traffic, local address
2229 #
2230 for a in ${NSA_IP6} ${VRF_IP6} ::1
2231 do
2232 log_start
2233 show_hint "Source address should be ${a}"
2234 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2235 log_test_addr ${a} $? 0 "ping local, VRF bind"
2236 done
2237
2238 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2239 do
2240 log_start
2241 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2242 log_test_addr ${a} $? 0 "ping local, device bind"
2243 done
2244
2245 # LLA to GUA - remove ipv6 global addresses from ns-B
2246 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2247 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2248 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2249
2250 for a in ${NSA_IP6} ${VRF_IP6}
2251 do
2252 log_start
2253 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2254 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2255 done
2256
2257 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2258 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2259 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2260
2261 #
2262 # ip rule blocks address
2263 #
2264 log_start
2265 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2266 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2267
2268 a=${NSB_LO_IP6}
2269 run_cmd ${ping6} -c1 -w1 ${a}
2270 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2271
2272 log_start
2273 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2274 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2275
2276 a=${NSA_LO_IP6}
2277 log_start
2278 show_hint "Response lost due to ip rule"
2279 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2280 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2281
2282 log_start
2283 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2284 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2285
2286 #
2287 # remove 'remote' routes; fallback to default
2288 #
2289 log_start
2290 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2291
2292 a=${NSB_LO_IP6}
2293 run_cmd ${ping6} -c1 -w1 ${a}
2294 log_test_addr ${a} $? 2 "ping out, unreachable route"
2295
2296 log_start
2297 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2298 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2299
2300 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2301 a=${NSA_LO_IP6}
2302 log_start
2303 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2304 log_test_addr ${a} $? 2 "ping in, unreachable route"
2305}
2306
2307ipv6_ping()
2308{
2309 log_section "IPv6 ping"
2310
2311 log_subsection "No VRF"
2312 setup
2313 ipv6_ping_novrf
2314
2315 log_subsection "With VRF"
2316 setup "yes"
2317 ipv6_ping_vrf
2318}
2319
2320################################################################################
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2321# IPv6 TCP
2322
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2323#
2324# MD5 tests without VRF
2325#
2326ipv6_tcp_md5_novrf()
2327{
2328 #
2329 # single address
2330 #
2331
2332 # basic use case
2333 log_start
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2334 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2335 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2336 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2337 log_test $? 0 "MD5: Single address config"
2338
2339 # client sends MD5, server not configured
2340 log_start
2341 show_hint "Should timeout due to MD5 mismatch"
2342 run_cmd nettest -6 -s &
2343 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2344 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2345 log_test $? 2 "MD5: Server no config, client uses password"
2346
2347 # wrong password
2348 log_start
2349 show_hint "Should timeout since client uses wrong password"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2350 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2351 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2352 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2353 log_test $? 2 "MD5: Client uses wrong password"
2354
2355 # client from different address
2356 log_start
2357 show_hint "Should timeout due to MD5 mismatch"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2358 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2359 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2360 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2361 log_test $? 2 "MD5: Client address does not match address configured with password"
2362
2363 #
2364 # MD5 extension - prefix length
2365 #
2366
2367 # client in prefix
2368 log_start
2369 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2370 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2371 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2372 log_test $? 0 "MD5: Prefix config"
2373
2374 # client in prefix, wrong password
2375 log_start
2376 show_hint "Should timeout since client uses wrong password"
2377 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2378 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2379 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2380 log_test $? 2 "MD5: Prefix config, client uses wrong password"
2381
2382 # client outside of prefix
2383 log_start
2384 show_hint "Should timeout due to MD5 mismatch"
2385 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2386 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]2387 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2388 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
2389}
2390
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2391#
2392# MD5 tests with VRF
2393#
2394ipv6_tcp_md5()
2395{
2396 #
2397 # single address
2398 #
2399
2400 # basic use case
2401 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2402 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2403 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2404 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2405 log_test $? 0 "MD5: VRF: Single address config"
2406
2407 # client sends MD5, server not configured
2408 log_start
2409 show_hint "Should timeout since server does not have MD5 auth"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2410 run_cmd nettest -6 -s -I ${VRF} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2411 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2412 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2413 log_test $? 2 "MD5: VRF: Server no config, client uses password"
2414
2415 # wrong password
2416 log_start
2417 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2418 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2419 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2420 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2421 log_test $? 2 "MD5: VRF: Client uses wrong password"
2422
2423 # client from different address
2424 log_start
2425 show_hint "Should timeout since server config differs from client"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2426 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2427 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2428 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2429 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
2430
2431 #
2432 # MD5 extension - prefix length
2433 #
2434
2435 # client in prefix
2436 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2437 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2438 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2439 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2440 log_test $? 0 "MD5: VRF: Prefix config"
2441
2442 # client in prefix, wrong password
2443 log_start
2444 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2445 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2446 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2447 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2448 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
2449
2450 # client outside of prefix
2451 log_start
2452 show_hint "Should timeout since client address is outside of prefix"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2453 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2454 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]2455 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2456 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
2457
2458 #
2459 # duplicate config between default VRF and a VRF
2460 #
2461
2462 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2463 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2464 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2465 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2466 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2467 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
2468
2469 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2470 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2471 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2472 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2473 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2474 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
2475
2476 log_start
2477 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2478 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2479 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2480 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2481 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2482 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
2483
2484 log_start
2485 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2486 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2487 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2488 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2489 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2490 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
2491
2492 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2493 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2494 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2495 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2496 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2497 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
2498
2499 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2500 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2501 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2502 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2503 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2504 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
2505
2506 log_start
2507 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2508 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2509 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2510 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2511 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2512 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
2513
2514 log_start
2515 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2516 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2517 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2518 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2519 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2520 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
2521
2522 #
2523 # negative tests
2524 #
2525 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2526 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2527 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2528
2529 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2530 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2531 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2532
2533}
2534
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2535ipv6_tcp_novrf()
2536{
2537 local a
2538
2539 #
2540 # server tests
2541 #
2542 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2543 do
2544 log_start
2545 run_cmd nettest -6 -s &
2546 sleep 1
2547 run_cmd_nsb nettest -6 -r ${a}
2548 log_test_addr ${a} $? 0 "Global server"
2549 done
2550
2551 # verify TCP reset received
2552 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2553 do
2554 log_start
2555 show_hint "Should fail 'Connection refused'"
2556 run_cmd_nsb nettest -6 -r ${a}
2557 log_test_addr ${a} $? 1 "No server"
2558 done
2559
2560 #
2561 # client
2562 #
2563 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2564 do
2565 log_start
2566 run_cmd_nsb nettest -6 -s &
2567 sleep 1
2568 run_cmd nettest -6 -r ${a}
2569 log_test_addr ${a} $? 0 "Client"
2570 done
2571
2572 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2573 do
2574 log_start
2575 run_cmd_nsb nettest -6 -s &
2576 sleep 1
2577 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2578 log_test_addr ${a} $? 0 "Client, device bind"
2579 done
2580
2581 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2582 do
2583 log_start
2584 show_hint "Should fail 'Connection refused'"
2585 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2586 log_test_addr ${a} $? 1 "No server, device client"
2587 done
2588
2589 #
2590 # local address tests
2591 #
2592 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2593 do
2594 log_start
2595 run_cmd nettest -6 -s &
2596 sleep 1
2597 run_cmd nettest -6 -r ${a}
2598 log_test_addr ${a} $? 0 "Global server, local connection"
2599 done
2600
2601 a=${NSA_IP6}
2602 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2603 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2604 sleep 1
2605 run_cmd nettest -6 -r ${a} -0 ${a}
2606 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2607
2608 for a in ${NSA_LO_IP6} ::1
2609 do
2610 log_start
2611 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2612 run_cmd nettest -6 -s -I ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2613 sleep 1
2614 run_cmd nettest -6 -r ${a}
2615 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2616 done
2617
2618 a=${NSA_IP6}
2619 log_start
2620 run_cmd nettest -6 -s &
2621 sleep 1
2622 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2623 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2624
2625 for a in ${NSA_LO_IP6} ::1
2626 do
2627 log_start
2628 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2629 run_cmd nettest -6 -s &
2630 sleep 1
2631 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2632 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2633 done
2634
2635 for a in ${NSA_IP6} ${NSA_LINKIP6}
2636 do
2637 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2638 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2639 sleep 1
2640 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2641 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2642 done
2643
2644 for a in ${NSA_IP6} ${NSA_LINKIP6}
2645 do
2646 log_start
2647 show_hint "Should fail 'Connection refused'"
2648 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2649 log_test_addr ${a} $? 1 "No server, device client, local conn"
2650 done
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2651
2652 ipv6_tcp_md5_novrf
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2653}
2654
2655ipv6_tcp_vrf()
2656{
2657 local a
2658
2659 # disable global server
2660 log_subsection "Global server disabled"
2661
2662 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2663
2664 #
2665 # server tests
2666 #
2667 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2668 do
2669 log_start
2670 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2671 run_cmd nettest -6 -s &
2672 sleep 1
2673 run_cmd_nsb nettest -6 -r ${a}
2674 log_test_addr ${a} $? 1 "Global server"
2675 done
2676
2677 for a in ${NSA_IP6} ${VRF_IP6}
2678 do
2679 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2680 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2681 sleep 1
2682 run_cmd_nsb nettest -6 -r ${a}
2683 log_test_addr ${a} $? 0 "VRF server"
2684 done
2685
2686 # link local is always bound to ingress device
2687 a=${NSA_LINKIP6}%${NSB_DEV}
2688 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2689 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2690 sleep 1
2691 run_cmd_nsb nettest -6 -r ${a}
2692 log_test_addr ${a} $? 0 "VRF server"
2693
2694 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2695 do
2696 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2697 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2698 sleep 1
2699 run_cmd_nsb nettest -6 -r ${a}
2700 log_test_addr ${a} $? 0 "Device server"
2701 done
2702
2703 # verify TCP reset received
2704 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2705 do
2706 log_start
2707 show_hint "Should fail 'Connection refused'"
2708 run_cmd_nsb nettest -6 -r ${a}
2709 log_test_addr ${a} $? 1 "No server"
2710 done
2711
2712 # local address tests
2713 a=${NSA_IP6}
2714 log_start
2715 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2716 run_cmd nettest -6 -s &
2717 sleep 1
2718 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2719 log_test_addr ${a} $? 1 "Global server, local connection"
2720
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2721 # run MD5 tests
2722 ipv6_tcp_md5
2723
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2724 #
2725 # enable VRF global server
2726 #
2727 log_subsection "VRF Global server enabled"
2728 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2729
2730 for a in ${NSA_IP6} ${VRF_IP6}
2731 do
2732 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2733 run_cmd nettest -6 -s -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2734 sleep 1
2735 run_cmd_nsb nettest -6 -r ${a}
2736 log_test_addr ${a} $? 0 "Global server"
2737 done
2738
2739 for a in ${NSA_IP6} ${VRF_IP6}
2740 do
2741 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2742 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2743 sleep 1
2744 run_cmd_nsb nettest -6 -r ${a}
2745 log_test_addr ${a} $? 0 "VRF server"
2746 done
2747
2748 # For LLA, child socket is bound to device
2749 a=${NSA_LINKIP6}%${NSB_DEV}
2750 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2751 run_cmd nettest -6 -s -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2752 sleep 1
2753 run_cmd_nsb nettest -6 -r ${a}
2754 log_test_addr ${a} $? 0 "Global server"
2755
2756 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2757 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2758 sleep 1
2759 run_cmd_nsb nettest -6 -r ${a}
2760 log_test_addr ${a} $? 0 "VRF server"
2761
2762 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2763 do
2764 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2765 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2766 sleep 1
2767 run_cmd_nsb nettest -6 -r ${a}
2768 log_test_addr ${a} $? 0 "Device server"
2769 done
2770
2771 # verify TCP reset received
2772 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2773 do
2774 log_start
2775 show_hint "Should fail 'Connection refused'"
2776 run_cmd_nsb nettest -6 -r ${a}
2777 log_test_addr ${a} $? 1 "No server"
2778 done
2779
2780 # local address tests
2781 for a in ${NSA_IP6} ${VRF_IP6}
2782 do
2783 log_start
David Ahern17aa23e2020-01-05 20:02:05 -0800[diff] [blame]2784 show_hint "Fails 'Connection refused' since client is not in VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2785 run_cmd nettest -6 -s -I ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2786 sleep 1
2787 run_cmd nettest -6 -r ${a}
2788 log_test_addr ${a} $? 1 "Global server, local connection"
2789 done
2790
2791
2792 #
2793 # client
2794 #
2795 for a in ${NSB_IP6} ${NSB_LO_IP6}
2796 do
2797 log_start
2798 run_cmd_nsb nettest -6 -s &
2799 sleep 1
2800 run_cmd nettest -6 -r ${a} -d ${VRF}
2801 log_test_addr ${a} $? 0 "Client, VRF bind"
2802 done
2803
2804 a=${NSB_LINKIP6}
2805 log_start
2806 show_hint "Fails since VRF device does not allow linklocal addresses"
2807 run_cmd_nsb nettest -6 -s &
2808 sleep 1
2809 run_cmd nettest -6 -r ${a} -d ${VRF}
2810 log_test_addr ${a} $? 1 "Client, VRF bind"
2811
2812 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2813 do
2814 log_start
2815 run_cmd_nsb nettest -6 -s &
2816 sleep 1
2817 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2818 log_test_addr ${a} $? 0 "Client, device bind"
2819 done
2820
2821 for a in ${NSB_IP6} ${NSB_LO_IP6}
2822 do
2823 log_start
2824 show_hint "Should fail 'Connection refused'"
2825 run_cmd nettest -6 -r ${a} -d ${VRF}
2826 log_test_addr ${a} $? 1 "No server, VRF client"
2827 done
2828
2829 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2830 do
2831 log_start
2832 show_hint "Should fail 'Connection refused'"
2833 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2834 log_test_addr ${a} $? 1 "No server, device client"
2835 done
2836
2837 for a in ${NSA_IP6} ${VRF_IP6} ::1
2838 do
2839 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2840 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2841 sleep 1
2842 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2843 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2844 done
2845
2846 a=${NSA_IP6}
2847 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2848 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2849 sleep 1
2850 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2851 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2852
2853 a=${NSA_IP6}
2854 log_start
2855 show_hint "Should fail since unbound client is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2856 run_cmd nettest -6 -s -I ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2857 sleep 1
2858 run_cmd nettest -6 -r ${a}
2859 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2860
2861 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2862 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2863 sleep 1
2864 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2865 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2866
2867 for a in ${NSA_IP6} ${NSA_LINKIP6}
2868 do
2869 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2870 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2871 sleep 1
2872 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2873 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2874 done
2875}
2876
2877ipv6_tcp()
2878{
2879 log_section "IPv6/TCP"
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2880 log_subsection "No VRF"
2881 setup
2882
2883 # tcp_l3mdev_accept should have no affect without VRF;
2884 # run tests with it enabled and disabled to verify
2885 log_subsection "tcp_l3mdev_accept disabled"
2886 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2887 ipv6_tcp_novrf
2888 log_subsection "tcp_l3mdev_accept enabled"
2889 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2890 ipv6_tcp_novrf
2891
2892 log_subsection "With VRF"
2893 setup "yes"
2894 ipv6_tcp_vrf
2895}
2896
2897################################################################################
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2898# IPv6 UDP
2899
2900ipv6_udp_novrf()
2901{
2902 local a
2903
2904 #
2905 # server tests
2906 #
2907 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2908 do
2909 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2910 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2911 sleep 1
2912 run_cmd_nsb nettest -6 -D -r ${a}
2913 log_test_addr ${a} $? 0 "Global server"
2914
2915 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2916 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2917 sleep 1
2918 run_cmd_nsb nettest -6 -D -r ${a}
2919 log_test_addr ${a} $? 0 "Device server"
2920 done
2921
2922 a=${NSA_LO_IP6}
2923 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2924 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2925 sleep 1
2926 run_cmd_nsb nettest -6 -D -r ${a}
2927 log_test_addr ${a} $? 0 "Global server"
2928
2929 # should fail since loopback address is out of scope for a device
2930 # bound server, but it does not - hence this is more documenting
2931 # behavior.
2932 #log_start
2933 #show_hint "Should fail since loopback address is out of scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2934 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2935 #sleep 1
2936 #run_cmd_nsb nettest -6 -D -r ${a}
2937 #log_test_addr ${a} $? 1 "Device server"
2938
2939 # negative test - should fail
2940 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2941 do
2942 log_start
2943 show_hint "Should fail 'Connection refused' since there is no server"
2944 run_cmd_nsb nettest -6 -D -r ${a}
2945 log_test_addr ${a} $? 1 "No server"
2946 done
2947
2948 #
2949 # client
2950 #
2951 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2952 do
2953 log_start
2954 run_cmd_nsb nettest -6 -D -s &
2955 sleep 1
2956 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2957 log_test_addr ${a} $? 0 "Client"
2958
2959 log_start
2960 run_cmd_nsb nettest -6 -D -s &
2961 sleep 1
2962 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2963 log_test_addr ${a} $? 0 "Client, device bind"
2964
2965 log_start
2966 run_cmd_nsb nettest -6 -D -s &
2967 sleep 1
2968 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2969 log_test_addr ${a} $? 0 "Client, device send via cmsg"
2970
2971 log_start
2972 run_cmd_nsb nettest -6 -D -s &
2973 sleep 1
2974 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2975 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
2976
2977 log_start
2978 show_hint "Should fail 'Connection refused'"
2979 run_cmd nettest -6 -D -r ${a}
2980 log_test_addr ${a} $? 1 "No server, unbound client"
2981
2982 log_start
2983 show_hint "Should fail 'Connection refused'"
2984 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2985 log_test_addr ${a} $? 1 "No server, device client"
2986 done
2987
2988 #
2989 # local address tests
2990 #
2991 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2992 do
2993 log_start
2994 run_cmd nettest -6 -D -s &
2995 sleep 1
2996 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
2997 log_test_addr ${a} $? 0 "Global server, local connection"
2998 done
2999
3000 a=${NSA_IP6}
3001 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3002 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3003 sleep 1
3004 run_cmd nettest -6 -D -r ${a}
3005 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
3006
3007 for a in ${NSA_LO_IP6} ::1
3008 do
3009 log_start
3010 show_hint "Should fail 'Connection refused' since address is out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3011 run_cmd nettest -6 -s -D -I ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3012 sleep 1
3013 run_cmd nettest -6 -D -r ${a}
3014 log_test_addr ${a} $? 1 "Device server, local connection"
3015 done
3016
3017 a=${NSA_IP6}
3018 log_start
3019 run_cmd nettest -6 -s -D &
3020 sleep 1
3021 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3022 log_test_addr ${a} $? 0 "Global server, device client, local connection"
3023
3024 log_start
3025 run_cmd nettest -6 -s -D &
3026 sleep 1
3027 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3028 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
3029
3030 log_start
3031 run_cmd nettest -6 -s -D &
3032 sleep 1
3033 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3034 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
3035
3036 for a in ${NSA_LO_IP6} ::1
3037 do
3038 log_start
3039 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3040 run_cmd nettest -6 -D -s &
3041 sleep 1
3042 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3043 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3044
3045 log_start
3046 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3047 run_cmd nettest -6 -D -s &
3048 sleep 1
3049 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3050 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3051
3052 log_start
3053 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3054 run_cmd nettest -6 -D -s &
3055 sleep 1
3056 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3057 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3058 done
3059
3060 a=${NSA_IP6}
3061 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3062 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3063 sleep 1
3064 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3065 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3066
3067 log_start
3068 show_hint "Should fail 'Connection refused'"
3069 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3070 log_test_addr ${a} $? 1 "No server, device client, local conn"
3071
3072 # LLA to GUA
3073 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3074 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3075 log_start
3076 run_cmd nettest -6 -s -D &
3077 sleep 1
3078 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3079 log_test $? 0 "UDP in - LLA to GUA"
3080
3081 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3082 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3083}
3084
3085ipv6_udp_vrf()
3086{
3087 local a
3088
3089 # disable global server
3090 log_subsection "Global server disabled"
3091 set_sysctl net.ipv4.udp_l3mdev_accept=0
3092
3093 #
3094 # server tests
3095 #
3096 for a in ${NSA_IP6} ${VRF_IP6}
3097 do
3098 log_start
3099 show_hint "Should fail 'Connection refused' since global server is disabled"
3100 run_cmd nettest -6 -D -s &
3101 sleep 1
3102 run_cmd_nsb nettest -6 -D -r ${a}
3103 log_test_addr ${a} $? 1 "Global server"
3104 done
3105
3106 for a in ${NSA_IP6} ${VRF_IP6}
3107 do
3108 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3109 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3110 sleep 1
3111 run_cmd_nsb nettest -6 -D -r ${a}
3112 log_test_addr ${a} $? 0 "VRF server"
3113 done
3114
3115 for a in ${NSA_IP6} ${VRF_IP6}
3116 do
3117 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3118 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3119 sleep 1
3120 run_cmd_nsb nettest -6 -D -r ${a}
3121 log_test_addr ${a} $? 0 "Enslaved device server"
3122 done
3123
3124 # negative test - should fail
3125 for a in ${NSA_IP6} ${VRF_IP6}
3126 do
3127 log_start
3128 show_hint "Should fail 'Connection refused' since there is no server"
3129 run_cmd_nsb nettest -6 -D -r ${a}
3130 log_test_addr ${a} $? 1 "No server"
3131 done
3132
3133 #
3134 # local address tests
3135 #
3136 for a in ${NSA_IP6} ${VRF_IP6}
3137 do
3138 log_start
3139 show_hint "Should fail 'Connection refused' since global server is disabled"
3140 run_cmd nettest -6 -D -s &
3141 sleep 1
3142 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3143 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3144 done
3145
3146 for a in ${NSA_IP6} ${VRF_IP6}
3147 do
3148 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3149 run_cmd nettest -6 -D -I ${VRF} -s &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3150 sleep 1
3151 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3152 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3153 done
3154
3155 a=${NSA_IP6}
3156 log_start
3157 show_hint "Should fail 'Connection refused' since global server is disabled"
3158 run_cmd nettest -6 -D -s &
3159 sleep 1
3160 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3161 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3162
3163 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3164 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3165 sleep 1
3166 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3167 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3168
3169 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3170 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3171 sleep 1
3172 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3173 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3174
3175 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3176 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3177 sleep 1
3178 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3179 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3180
3181 # disable global server
3182 log_subsection "Global server enabled"
3183 set_sysctl net.ipv4.udp_l3mdev_accept=1
3184
3185 #
3186 # server tests
3187 #
3188 for a in ${NSA_IP6} ${VRF_IP6}
3189 do
3190 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3191 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3192 sleep 1
3193 run_cmd_nsb nettest -6 -D -r ${a}
3194 log_test_addr ${a} $? 0 "Global server"
3195 done
3196
3197 for a in ${NSA_IP6} ${VRF_IP6}
3198 do
3199 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3200 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3201 sleep 1
3202 run_cmd_nsb nettest -6 -D -r ${a}
3203 log_test_addr ${a} $? 0 "VRF server"
3204 done
3205
3206 for a in ${NSA_IP6} ${VRF_IP6}
3207 do
3208 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3209 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3210 sleep 1
3211 run_cmd_nsb nettest -6 -D -r ${a}
3212 log_test_addr ${a} $? 0 "Enslaved device server"
3213 done
3214
3215 # negative test - should fail
3216 for a in ${NSA_IP6} ${VRF_IP6}
3217 do
3218 log_start
3219 run_cmd_nsb nettest -6 -D -r ${a}
3220 log_test_addr ${a} $? 1 "No server"
3221 done
3222
3223 #
3224 # client tests
3225 #
3226 log_start
3227 run_cmd_nsb nettest -6 -D -s &
3228 sleep 1
3229 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3230 log_test $? 0 "VRF client"
3231
3232 # negative test - should fail
3233 log_start
3234 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3235 log_test $? 1 "No server, VRF client"
3236
3237 log_start
3238 run_cmd_nsb nettest -6 -D -s &
3239 sleep 1
3240 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3241 log_test $? 0 "Enslaved device client"
3242
3243 # negative test - should fail
3244 log_start
3245 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3246 log_test $? 1 "No server, enslaved device client"
3247
3248 #
3249 # local address tests
3250 #
3251 a=${NSA_IP6}
3252 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3253 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3254 sleep 1
3255 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3256 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3257
3258 #log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3259 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3260 sleep 1
3261 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3262 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3263
3264
3265 a=${VRF_IP6}
3266 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3267 run_cmd nettest -6 -D -s -3 ${VRF} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3268 sleep 1
3269 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3270 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3271
3272 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3273 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3274 sleep 1
3275 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3276 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3277
3278 # negative test - should fail
3279 for a in ${NSA_IP6} ${VRF_IP6}
3280 do
3281 log_start
3282 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3283 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3284 done
3285
3286 # device to global IP
3287 a=${NSA_IP6}
3288 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3289 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3290 sleep 1
3291 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3292 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3293
3294 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3295 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3296 sleep 1
3297 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3298 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3299
3300 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3301 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3302 sleep 1
3303 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3304 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3305
3306 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3307 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3308 sleep 1
3309 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3310 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3311
3312 log_start
3313 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3314 log_test_addr ${a} $? 1 "No server, device client, local conn"
3315
3316
3317 # link local addresses
3318 log_start
3319 run_cmd nettest -6 -D -s &
3320 sleep 1
3321 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3322 log_test $? 0 "Global server, linklocal IP"
3323
3324 log_start
3325 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3326 log_test $? 1 "No server, linklocal IP"
3327
3328
3329 log_start
3330 run_cmd_nsb nettest -6 -D -s &
3331 sleep 1
3332 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3333 log_test $? 0 "Enslaved device client, linklocal IP"
3334
3335 log_start
3336 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3337 log_test $? 1 "No server, device client, peer linklocal IP"
3338
3339
3340 log_start
3341 run_cmd nettest -6 -D -s &
3342 sleep 1
3343 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3344 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3345
3346 log_start
3347 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3348 log_test $? 1 "No server, device client, local conn - linklocal IP"
3349
3350 # LLA to GUA
3351 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3352 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3353 log_start
3354 run_cmd nettest -6 -s -D &
3355 sleep 1
3356 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3357 log_test $? 0 "UDP in - LLA to GUA"
3358
3359 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3360 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3361}
3362
3363ipv6_udp()
3364{
3365 # should not matter, but set to known state
3366 set_sysctl net.ipv4.udp_early_demux=1
3367
3368 log_section "IPv6/UDP"
3369 log_subsection "No VRF"
3370 setup
3371
3372 # udp_l3mdev_accept should have no affect without VRF;
3373 # run tests with it enabled and disabled to verify
3374 log_subsection "udp_l3mdev_accept disabled"
3375 set_sysctl net.ipv4.udp_l3mdev_accept=0
3376 ipv6_udp_novrf
3377 log_subsection "udp_l3mdev_accept enabled"
3378 set_sysctl net.ipv4.udp_l3mdev_accept=1
3379 ipv6_udp_novrf
3380
3381 log_subsection "With VRF"
3382 setup "yes"
3383 ipv6_udp_vrf
3384}
3385
3386################################################################################
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3387# IPv6 address bind
3388
3389ipv6_addr_bind_novrf()
3390{
3391 #
3392 # raw socket
3393 #
3394 for a in ${NSA_IP6} ${NSA_LO_IP6}
3395 do
3396 log_start
3397 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3398 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3399
3400 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3401 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3402 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3403 done
3404
3405 #
3406 # tcp sockets
3407 #
3408 a=${NSA_IP6}
3409 log_start
3410 run_cmd nettest -6 -s -l ${a} -t1 -b
3411 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3412
3413 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3414 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3415 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3416
3417 a=${NSA_LO_IP6}
3418 log_start
3419 show_hint "Should fail with 'Cannot assign requested address'"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3420 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3421 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
3422}
3423
3424ipv6_addr_bind_vrf()
3425{
3426 #
3427 # raw socket
3428 #
3429 for a in ${NSA_IP6} ${VRF_IP6}
3430 do
3431 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3432 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3433 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3434
3435 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3436 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3437 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3438 done
3439
3440 a=${NSA_LO_IP6}
3441 log_start
3442 show_hint "Address on loopback is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3443 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3444 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3445
3446 #
3447 # tcp sockets
3448 #
3449 # address on enslaved device is valid for the VRF or device in a VRF
3450 for a in ${NSA_IP6} ${VRF_IP6}
3451 do
3452 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3453 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3454 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3455 done
3456
3457 a=${NSA_IP6}
3458 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3459 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3460 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3461
3462 a=${VRF_IP6}
3463 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3464 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3465 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind"
3466
3467 a=${NSA_LO_IP6}
3468 log_start
3469 show_hint "Address on loopback out of scope for VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3470 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3471 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3472
3473 log_start
3474 show_hint "Address on loopback out of scope for device in VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3475 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3476 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3477
3478}
3479
3480ipv6_addr_bind()
3481{
3482 log_section "IPv6 address binds"
3483
3484 log_subsection "No VRF"
3485 setup
3486 ipv6_addr_bind_novrf
3487
3488 log_subsection "With VRF"
3489 setup "yes"
3490 ipv6_addr_bind_vrf
3491}
3492
3493################################################################################
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3494# IPv6 runtime tests
3495
3496ipv6_rt()
3497{
3498 local desc="$1"
3499 local varg="-6 $2"
3500 local with_vrf="yes"
3501 local a
3502
3503 #
3504 # server tests
3505 #
3506 for a in ${NSA_IP6} ${VRF_IP6}
3507 do
3508 log_start
3509 run_cmd nettest ${varg} -s &
3510 sleep 1
3511 run_cmd_nsb nettest ${varg} -r ${a} &
3512 sleep 3
3513 run_cmd ip link del ${VRF}
3514 sleep 1
3515 log_test_addr ${a} 0 0 "${desc}, global server"
3516
3517 setup ${with_vrf}
3518 done
3519
3520 for a in ${NSA_IP6} ${VRF_IP6}
3521 do
3522 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3523 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3524 sleep 1
3525 run_cmd_nsb nettest ${varg} -r ${a} &
3526 sleep 3
3527 run_cmd ip link del ${VRF}
3528 sleep 1
3529 log_test_addr ${a} 0 0 "${desc}, VRF server"
3530
3531 setup ${with_vrf}
3532 done
3533
3534 for a in ${NSA_IP6} ${VRF_IP6}
3535 do
3536 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3537 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3538 sleep 1
3539 run_cmd_nsb nettest ${varg} -r ${a} &
3540 sleep 3
3541 run_cmd ip link del ${VRF}
3542 sleep 1
3543 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3544
3545 setup ${with_vrf}
3546 done
3547
3548 #
3549 # client test
3550 #
3551 log_start
3552 run_cmd_nsb nettest ${varg} -s &
3553 sleep 1
3554 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3555 sleep 3
3556 run_cmd ip link del ${VRF}
3557 sleep 1
3558 log_test 0 0 "${desc}, VRF client"
3559
3560 setup ${with_vrf}
3561
3562 log_start
3563 run_cmd_nsb nettest ${varg} -s &
3564 sleep 1
3565 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3566 sleep 3
3567 run_cmd ip link del ${VRF}
3568 sleep 1
3569 log_test 0 0 "${desc}, enslaved device client"
3570
3571 setup ${with_vrf}
3572
3573
3574 #
3575 # local address tests
3576 #
3577 for a in ${NSA_IP6} ${VRF_IP6}
3578 do
3579 log_start
3580 run_cmd nettest ${varg} -s &
3581 sleep 1
3582 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3583 sleep 3
3584 run_cmd ip link del ${VRF}
3585 sleep 1
3586 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3587
3588 setup ${with_vrf}
3589 done
3590
3591 for a in ${NSA_IP6} ${VRF_IP6}
3592 do
3593 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3594 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3595 sleep 1
3596 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3597 sleep 3
3598 run_cmd ip link del ${VRF}
3599 sleep 1
3600 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3601
3602 setup ${with_vrf}
3603 done
3604
3605 a=${NSA_IP6}
3606 log_start
3607 run_cmd nettest ${varg} -s &
3608 sleep 1
3609 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3610 sleep 3
3611 run_cmd ip link del ${VRF}
3612 sleep 1
3613 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3614
3615 setup ${with_vrf}
3616
3617 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3618 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3619 sleep 1
3620 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3621 sleep 3
3622 run_cmd ip link del ${VRF}
3623 sleep 1
3624 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3625
3626 setup ${with_vrf}
3627
3628 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3629 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3630 sleep 1
3631 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3632 sleep 3
3633 run_cmd ip link del ${VRF}
3634 sleep 1
3635 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3636}
3637
3638ipv6_ping_rt()
3639{
3640 local with_vrf="yes"
3641 local a
3642
3643 a=${NSA_IP6}
3644 log_start
3645 run_cmd_nsb ${ping6} -f ${a} &
3646 sleep 3
3647 run_cmd ip link del ${VRF}
3648 sleep 1
3649 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3650
3651 setup ${with_vrf}
3652
3653 log_start
3654 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3655 sleep 1
3656 run_cmd ip link del ${VRF}
3657 sleep 1
3658 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3659}
3660
3661ipv6_runtime()
3662{
3663 log_section "Run time tests - ipv6"
3664
3665 setup "yes"
3666 ipv6_ping_rt
3667
3668 setup "yes"
3669 ipv6_rt "TCP active socket" "-n -1"
3670
3671 setup "yes"
3672 ipv6_rt "TCP passive socket" "-i"
3673
3674 setup "yes"
3675 ipv6_rt "UDP active socket" "-D -n -1"
3676}
3677
3678################################################################################
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]3679# netfilter blocking connections
3680
3681netfilter_tcp_reset()
3682{
3683 local a
3684
3685 for a in ${NSA_IP} ${VRF_IP}
3686 do
3687 log_start
3688 run_cmd nettest -s &
3689 sleep 1
3690 run_cmd_nsb nettest -r ${a}
3691 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3692 done
3693}
3694
3695netfilter_icmp()
3696{
3697 local stype="$1"
3698 local arg
3699 local a
3700
3701 [ "${stype}" = "UDP" ] && arg="-D"
3702
3703 for a in ${NSA_IP} ${VRF_IP}
3704 do
3705 log_start
3706 run_cmd nettest ${arg} -s &
3707 sleep 1
3708 run_cmd_nsb nettest ${arg} -r ${a}
3709 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3710 done
3711}
3712
3713ipv4_netfilter()
3714{
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]3715 log_section "IPv4 Netfilter"
3716 log_subsection "TCP reset"
3717
3718 setup "yes"
3719 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3720
3721 netfilter_tcp_reset
3722
3723 log_start
3724 log_subsection "ICMP unreachable"
3725
3726 log_start
3727 run_cmd iptables -F
3728 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3729 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3730
3731 netfilter_icmp "TCP"
3732 netfilter_icmp "UDP"
3733
3734 log_start
3735 iptables -F
3736}
3737
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]3738netfilter_tcp6_reset()
3739{
3740 local a
3741
3742 for a in ${NSA_IP6} ${VRF_IP6}
3743 do
3744 log_start
3745 run_cmd nettest -6 -s &
3746 sleep 1
3747 run_cmd_nsb nettest -6 -r ${a}
3748 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3749 done
3750}
3751
3752netfilter_icmp6()
3753{
3754 local stype="$1"
3755 local arg
3756 local a
3757
3758 [ "${stype}" = "UDP" ] && arg="$arg -D"
3759
3760 for a in ${NSA_IP6} ${VRF_IP6}
3761 do
3762 log_start
3763 run_cmd nettest -6 -s ${arg} &
3764 sleep 1
3765 run_cmd_nsb nettest -6 ${arg} -r ${a}
3766 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3767 done
3768}
3769
3770ipv6_netfilter()
3771{
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]3772 log_section "IPv6 Netfilter"
3773 log_subsection "TCP reset"
3774
3775 setup "yes"
3776 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3777
3778 netfilter_tcp6_reset
3779
3780 log_subsection "ICMP unreachable"
3781
3782 log_start
3783 run_cmd ip6tables -F
3784 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3785 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3786
3787 netfilter_icmp6 "TCP"
3788 netfilter_icmp6 "UDP"
3789
3790 log_start
3791 ip6tables -F
3792}
3793
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]3794################################################################################
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]3795# specific use cases
3796
3797# VRF only.
3798# ns-A device enslaved to bridge. Verify traffic with and without
3799# br_netfilter module loaded. Repeat with SVI on bridge.
3800use_case_br()
3801{
3802 setup "yes"
3803
3804 setup_cmd ip link set ${NSA_DEV} down
3805 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24
3806 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
3807
3808 setup_cmd ip link add br0 type bridge
3809 setup_cmd ip addr add dev br0 ${NSA_IP}/24
3810 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
3811
3812 setup_cmd ip li set ${NSA_DEV} master br0
3813 setup_cmd ip li set ${NSA_DEV} up
3814 setup_cmd ip li set br0 up
3815 setup_cmd ip li set br0 vrf ${VRF}
3816
3817 rmmod br_netfilter 2>/dev/null
3818 sleep 5 # DAD
3819
3820 run_cmd ip neigh flush all
3821 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3822 log_test $? 0 "Bridge into VRF - IPv4 ping out"
3823
3824 run_cmd ip neigh flush all
3825 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3826 log_test $? 0 "Bridge into VRF - IPv6 ping out"
3827
3828 run_cmd ip neigh flush all
3829 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3830 log_test $? 0 "Bridge into VRF - IPv4 ping in"
3831
3832 run_cmd ip neigh flush all
3833 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3834 log_test $? 0 "Bridge into VRF - IPv6 ping in"
3835
3836 modprobe br_netfilter
3837 if [ $? -eq 0 ]; then
3838 run_cmd ip neigh flush all
3839 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3840 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3841
3842 run_cmd ip neigh flush all
3843 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3844 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3845
3846 run_cmd ip neigh flush all
3847 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3848 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3849
3850 run_cmd ip neigh flush all
3851 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3852 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3853 fi
3854
3855 setup_cmd ip li set br0 nomaster
3856 setup_cmd ip li add br0.100 link br0 type vlan id 100
3857 setup_cmd ip li set br0.100 vrf ${VRF} up
3858 setup_cmd ip addr add dev br0.100 172.16.101.1/24
3859 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
3860
3861 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100
3862 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24
3863 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
3864 setup_cmd_nsb ip li set vlan100 up
3865 sleep 1
3866
3867 rmmod br_netfilter 2>/dev/null
3868
3869 run_cmd ip neigh flush all
3870 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3871 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
3872
3873 run_cmd ip neigh flush all
3874 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3875 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
3876
3877 run_cmd ip neigh flush all
3878 run_cmd_nsb ping -c1 -w1 172.16.101.1
3879 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3880
3881 run_cmd ip neigh flush all
3882 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3883 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3884
3885 modprobe br_netfilter
3886 if [ $? -eq 0 ]; then
3887 run_cmd ip neigh flush all
3888 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3889 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3890
3891 run_cmd ip neigh flush all
3892 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3893 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3894
3895 run_cmd ip neigh flush all
3896 run_cmd_nsb ping -c1 -w1 172.16.101.1
3897 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3898
3899 run_cmd ip neigh flush all
3900 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3901 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3902 fi
3903
3904 setup_cmd ip li del br0 2>/dev/null
3905 setup_cmd_nsb ip li del vlan100 2>/dev/null
3906}
3907
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]3908# VRF only.
3909# ns-A device is connected to both ns-B and ns-C on a single VRF but only has
3910# LLA on the interfaces
3911use_case_ping_lla_multi()
3912{
3913 setup_lla_only
3914 # only want reply from ns-A
3915 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3916 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3917
3918 log_start
3919 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3920 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
3921
3922 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3923 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
3924
3925 # cycle/flap the first ns-A interface
3926 setup_cmd ip link set ${NSA_DEV} down
3927 setup_cmd ip link set ${NSA_DEV} up
3928 sleep 1
3929
3930 log_start
3931 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3932 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
3933 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3934 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
3935
3936 # cycle/flap the second ns-A interface
3937 setup_cmd ip link set ${NSA_DEV2} down
3938 setup_cmd ip link set ${NSA_DEV2} up
3939 sleep 1
3940
3941 log_start
3942 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3943 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
3944 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3945 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
3946}
3947
Lahav Schlesingerd3cec5c2021-08-18 08:52:12 +0000[diff] [blame]3948# Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
3949# established with ns-B.
3950use_case_snat_on_vrf()
3951{
3952 setup "yes"
3953
3954 local port="12345"
3955
3956 run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
3957 run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
3958
3959 run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
3960 sleep 1
3961 run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
3962 log_test $? 0 "IPv4 TCP connection over VRF with SNAT"
3963
3964 run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
3965 sleep 1
3966 run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
3967 log_test $? 0 "IPv6 TCP connection over VRF with SNAT"
3968
3969 # Cleanup
3970 run_cmd iptables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
3971 run_cmd ip6tables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
3972}
3973
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]3974use_cases()
3975{
3976 log_section "Use cases"
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]3977 log_subsection "Device enslaved to bridge"
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]3978 use_case_br
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]3979 log_subsection "Ping LLA with multiple interfaces"
3980 use_case_ping_lla_multi
Lahav Schlesingerd3cec5c2021-08-18 08:52:12 +0000[diff] [blame]3981 log_subsection "SNAT on VRF"
3982 use_case_snat_on_vrf
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]3983}
3984
3985################################################################################
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]3986# usage
3987
3988usage()
3989{
3990 cat <<EOF
3991usage: ${0##*/} OPTS
3992
3993 -4 IPv4 tests only
3994 -6 IPv6 tests only
3995 -t <test> Test name/set to run
3996 -p Pause on fail
3997 -P Pause after each test
3998 -v Be verbose
3999EOF
4000}
4001
4002################################################################################
4003# main
4004
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]4005TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter"
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]4006TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter"
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]4007TESTS_OTHER="use_cases"
4008
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4009PAUSE_ON_FAIL=no
4010PAUSE=no
4011
4012while getopts :46t:pPvh o
4013do
4014 case $o in
4015 4) TESTS=ipv4;;
4016 6) TESTS=ipv6;;
4017 t) TESTS=$OPTARG;;
4018 p) PAUSE_ON_FAIL=yes;;
4019 P) PAUSE=yes;;
4020 v) VERBOSE=1;;
4021 h) usage; exit 0;;
4022 *) usage; exit 1;;
4023 esac
4024done
4025
4026# make sure we don't pause twice
4027[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
4028
4029#
4030# show user test config
4031#
4032if [ -z "$TESTS" ]; then
4033 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
4034elif [ "$TESTS" = "ipv4" ]; then
4035 TESTS="$TESTS_IPV4"
4036elif [ "$TESTS" = "ipv6" ]; then
4037 TESTS="$TESTS_IPV6"
4038fi
4039
David Ahernf8874272019-08-09 16:13:38 -0700[diff] [blame]4040which nettest >/dev/null
4041if [ $? -ne 0 ]; then
4042 echo "'nettest' command not found; skipping tests"
Po-Hsu Lin7844ec22021-08-23 16:58:54 +0800[diff] [blame]4043 exit $ksft_skip
David Ahernf8874272019-08-09 16:13:38 -0700[diff] [blame]4044fi
4045
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4046declare -i nfail=0
4047declare -i nsuccess=0
4048
4049for t in $TESTS
4050do
4051 case $t in
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]4052 ipv4_ping|ping) ipv4_ping;;
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]4053 ipv4_tcp|tcp) ipv4_tcp;;
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]4054 ipv4_udp|udp) ipv4_udp;;
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]4055 ipv4_bind|bind) ipv4_addr_bind;;
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]4056 ipv4_runtime) ipv4_runtime;;
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]4057 ipv4_netfilter) ipv4_netfilter;;
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]4058
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]4059 ipv6_ping|ping6) ipv6_ping;;
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]4060 ipv6_tcp|tcp6) ipv6_tcp;;
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]4061 ipv6_udp|udp6) ipv6_udp;;
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]4062 ipv6_bind|bind6) ipv6_addr_bind;;
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]4063 ipv6_runtime) ipv6_runtime;;
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]4064 ipv6_netfilter) ipv6_netfilter;;
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]4065
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]4066 use_cases) use_cases;;
4067
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4068 # setup namespaces and config, but do not run any tests
4069 setup) setup; exit 0;;
4070 vrf_setup) setup "yes"; exit 0;;
4071
4072 help) echo "Test names: $TESTS"; exit 0;;
4073 esac
4074done
4075
4076cleanup 2>/dev/null
4077
4078printf "\nTests passed: %3d\n" ${nsuccess}
4079printf "Tests failed: %3d\n" ${nfail}