Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 4cd12f61b55bc6a670900d75806a2f0122fc6658 / . / tools / testing / selftests / net / fcnal-test.sh
blob: dcfe0b13dfe9703a99027f95e8996576eeaabf6c [file] [log] [blame]
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5#
6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7# for various permutations:
8# 1. icmp, tcp, udp and netfilter
9# 2. client, server, no-server
10# 3. global address on interface
11# 4. global address on 'lo'
12# 5. remote and local traffic
13# 6. VRF and non-VRF permutations
14#
15# Setup:
16# ns-A | ns-B
17# No VRF case:
18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
19# remote address
20# VRF case:
21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
22#
23# ns-A:
24# eth1: 172.16.1.1/24, 2001:db8:1::1/64
25# lo: 127.0.0.1/8, ::1/128
26# 172.16.2.1/32, 2001:db8:2::1/128
27# red: 127.0.0.1/8, ::1/128
28# 172.16.3.1/32, 2001:db8:3::1/128
29#
30# ns-B:
31# eth1: 172.16.1.2/24, 2001:db8:1::2/64
32# lo2: 127.0.0.1/8, ::1/128
33# 172.16.2.2/32, 2001:db8:2::2/128
34#
35# server / client nomenclature relative to ns-A
36
37VERBOSE=0
38
39NSA_DEV=eth1
40NSB_DEV=eth1
41VRF=red
42VRF_TABLE=1101
43
44# IPv4 config
45NSA_IP=172.16.1.1
46NSB_IP=172.16.1.2
47VRF_IP=172.16.3.1
48
49# IPv6 config
50NSA_IP6=2001:db8:1::1
51NSB_IP6=2001:db8:1::2
52VRF_IP6=2001:db8:3::1
53
54NSA_LO_IP=172.16.2.1
55NSB_LO_IP=172.16.2.2
56NSA_LO_IP6=2001:db8:2::1
57NSB_LO_IP6=2001:db8:2::2
58
59MCAST=ff02::1
60# set after namespace create
61NSA_LINKIP6=
62NSB_LINKIP6=
63
64NSA=ns-A
65NSB=ns-B
66
67NSA_CMD="ip netns exec ${NSA}"
68NSB_CMD="ip netns exec ${NSB}"
69
70which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
71
72################################################################################
73# utilities
74
75log_test()
76{
77 local rc=$1
78 local expected=$2
79 local msg="$3"
80
81 [ "${VERBOSE}" = "1" ] && echo
82
83 if [ ${rc} -eq ${expected} ]; then
84 nsuccess=$((nsuccess+1))
85 printf "TEST: %-70s [ OK ]\n" "${msg}"
86 else
87 nfail=$((nfail+1))
88 printf "TEST: %-70s [FAIL]\n" "${msg}"
89 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
90 echo
91 echo "hit enter to continue, 'q' to quit"
92 read a
93 [ "$a" = "q" ] && exit 1
94 fi
95 fi
96
97 if [ "${PAUSE}" = "yes" ]; then
98 echo
99 echo "hit enter to continue, 'q' to quit"
100 read a
101 [ "$a" = "q" ] && exit 1
102 fi
103
104 kill_procs
105}
106
107log_test_addr()
108{
109 local addr=$1
110 local rc=$2
111 local expected=$3
112 local msg="$4"
113 local astr
114
115 astr=$(addr2str ${addr})
116 log_test $rc $expected "$msg - ${astr}"
117}
118
119log_section()
120{
121 echo
122 echo "###########################################################################"
123 echo "$*"
124 echo "###########################################################################"
125 echo
126}
127
128log_subsection()
129{
130 echo
131 echo "#################################################################"
132 echo "$*"
133 echo
134}
135
136log_start()
137{
138 # make sure we have no test instances running
139 kill_procs
140
141 if [ "${VERBOSE}" = "1" ]; then
142 echo
143 echo "#######################################################"
144 fi
145}
146
147log_debug()
148{
149 if [ "${VERBOSE}" = "1" ]; then
150 echo
151 echo "$*"
152 echo
153 fi
154}
155
156show_hint()
157{
158 if [ "${VERBOSE}" = "1" ]; then
159 echo "HINT: $*"
160 echo
161 fi
162}
163
164kill_procs()
165{
166 killall nettest ping ping6 >/dev/null 2>&1
167 sleep 1
168}
169
170do_run_cmd()
171{
172 local cmd="$*"
173 local out
174
175 if [ "$VERBOSE" = "1" ]; then
176 echo "COMMAND: ${cmd}"
177 fi
178
179 out=$($cmd 2>&1)
180 rc=$?
181 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
182 echo "$out"
183 fi
184
185 return $rc
186}
187
188run_cmd()
189{
190 do_run_cmd ${NSA_CMD} $*
191}
192
193run_cmd_nsb()
194{
195 do_run_cmd ${NSB_CMD} $*
196}
197
198setup_cmd()
199{
200 local cmd="$*"
201 local rc
202
203 run_cmd ${cmd}
204 rc=$?
205 if [ $rc -ne 0 ]; then
206 # show user the command if not done so already
207 if [ "$VERBOSE" = "0" ]; then
208 echo "setup command: $cmd"
209 fi
210 echo "failed. stopping tests"
211 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
212 echo
213 echo "hit enter to continue"
214 read a
215 fi
216 exit $rc
217 fi
218}
219
220setup_cmd_nsb()
221{
222 local cmd="$*"
223 local rc
224
225 run_cmd_nsb ${cmd}
226 rc=$?
227 if [ $rc -ne 0 ]; then
228 # show user the command if not done so already
229 if [ "$VERBOSE" = "0" ]; then
230 echo "setup command: $cmd"
231 fi
232 echo "failed. stopping tests"
233 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
234 echo
235 echo "hit enter to continue"
236 read a
237 fi
238 exit $rc
239 fi
240}
241
242# set sysctl values in NS-A
243set_sysctl()
244{
245 echo "SYSCTL: $*"
246 echo
247 run_cmd sysctl -q -w $*
248}
249
250################################################################################
251# Setup for tests
252
253addr2str()
254{
255 case "$1" in
256 127.0.0.1) echo "loopback";;
257 ::1) echo "IPv6 loopback";;
258
259 ${NSA_IP}) echo "ns-A IP";;
260 ${NSA_IP6}) echo "ns-A IPv6";;
261 ${NSA_LO_IP}) echo "ns-A loopback IP";;
262 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
263 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
264
265 ${NSB_IP}) echo "ns-B IP";;
266 ${NSB_IP6}) echo "ns-B IPv6";;
267 ${NSB_LO_IP}) echo "ns-B loopback IP";;
268 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
269 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
270
271 ${VRF_IP}) echo "VRF IP";;
272 ${VRF_IP6}) echo "VRF IPv6";;
273
274 ${MCAST}%*) echo "multicast IP";;
275
276 *) echo "unknown";;
277 esac
278}
279
280get_linklocal()
281{
282 local ns=$1
283 local dev=$2
284 local addr
285
286 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
287 awk '{
288 for (i = 3; i <= NF; ++i) {
289 if ($i ~ /^fe80/)
290 print $i
291 }
292 }'
293 )
294 addr=${addr/\/*}
295
296 [ -z "$addr" ] && return 1
297
298 echo $addr
299
300 return 0
301}
302
303################################################################################
304# create namespaces and vrf
305
306create_vrf()
307{
308 local ns=$1
309 local vrf=$2
310 local table=$3
311 local addr=$4
312 local addr6=$5
313
314 ip -netns ${ns} link add ${vrf} type vrf table ${table}
315 ip -netns ${ns} link set ${vrf} up
316 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
317 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
318
319 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
320 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
321 if [ "${addr}" != "-" ]; then
322 ip -netns ${ns} addr add dev ${vrf} ${addr}
323 fi
324 if [ "${addr6}" != "-" ]; then
325 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
326 fi
327
328 ip -netns ${ns} ru del pref 0
329 ip -netns ${ns} ru add pref 32765 from all lookup local
330 ip -netns ${ns} -6 ru del pref 0
331 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
332}
333
334create_ns()
335{
336 local ns=$1
337 local addr=$2
338 local addr6=$3
339
340 ip netns add ${ns}
341
342 ip -netns ${ns} link set lo up
343 if [ "${addr}" != "-" ]; then
344 ip -netns ${ns} addr add dev lo ${addr}
345 fi
346 if [ "${addr6}" != "-" ]; then
347 ip -netns ${ns} -6 addr add dev lo ${addr6}
348 fi
349
350 ip -netns ${ns} ro add unreachable default metric 8192
351 ip -netns ${ns} -6 ro add unreachable default metric 8192
352
353 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
354 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
355 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
356 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
357}
358
359# create veth pair to connect namespaces and apply addresses.
360connect_ns()
361{
362 local ns1=$1
363 local ns1_dev=$2
364 local ns1_addr=$3
365 local ns1_addr6=$4
366 local ns2=$5
367 local ns2_dev=$6
368 local ns2_addr=$7
369 local ns2_addr6=$8
370
371 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
372 ip -netns ${ns1} li set ${ns1_dev} up
373 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
374 ip -netns ${ns2} li set ${ns2_dev} up
375
376 if [ "${ns1_addr}" != "-" ]; then
377 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
378 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
379 fi
380
381 if [ "${ns1_addr6}" != "-" ]; then
382 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
383 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
384 fi
385}
386
387cleanup()
388{
389 # explicit cleanups to check those code paths
390 ip netns | grep -q ${NSA}
391 if [ $? -eq 0 ]; then
392 ip -netns ${NSA} link delete ${VRF}
393 ip -netns ${NSA} ro flush table ${VRF_TABLE}
394
395 ip -netns ${NSA} addr flush dev ${NSA_DEV}
396 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
397 ip -netns ${NSA} link set dev ${NSA_DEV} down
398 ip -netns ${NSA} link del dev ${NSA_DEV}
399
400 ip netns del ${NSA}
401 fi
402
403 ip netns del ${NSB}
404}
405
406setup()
407{
408 local with_vrf=${1}
409
410 # make sure we are starting with a clean slate
411 kill_procs
412 cleanup 2>/dev/null
413
414 log_debug "Configuring network namespaces"
415 set -e
416
417 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
418 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
419 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
420 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
421
422 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
423 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
424
425 # tell ns-A how to get to remote addresses of ns-B
426 if [ "${with_vrf}" = "yes" ]; then
427 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
428
429 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
430 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
431 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
432
433 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
434 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
435 else
436 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
437 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
438 fi
439
440
441 # tell ns-B how to get to remote addresses of ns-A
442 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
443 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
444
445 set +e
446
447 sleep 1
448}
449
450################################################################################
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]451# IPv4
452
453ipv4_ping_novrf()
454{
455 local a
456
457 #
458 # out
459 #
460 for a in ${NSB_IP} ${NSB_LO_IP}
461 do
462 log_start
463 run_cmd ping -c1 -w1 ${a}
464 log_test_addr ${a} $? 0 "ping out"
465
466 log_start
467 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
468 log_test_addr ${a} $? 0 "ping out, device bind"
469
470 log_start
471 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
472 log_test_addr ${a} $? 0 "ping out, address bind"
473 done
474
475 #
476 # in
477 #
478 for a in ${NSA_IP} ${NSA_LO_IP}
479 do
480 log_start
481 run_cmd_nsb ping -c1 -w1 ${a}
482 log_test_addr ${a} $? 0 "ping in"
483 done
484
485 #
486 # local traffic
487 #
488 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
489 do
490 log_start
491 run_cmd ping -c1 -w1 ${a}
492 log_test_addr ${a} $? 0 "ping local"
493 done
494
495 #
496 # local traffic, socket bound to device
497 #
498 # address on device
499 a=${NSA_IP}
500 log_start
501 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
502 log_test_addr ${a} $? 0 "ping local, device bind"
503
504 # loopback addresses not reachable from device bind
505 # fails in a really weird way though because ipv4 special cases
506 # route lookups with oif set.
507 for a in ${NSA_LO_IP} 127.0.0.1
508 do
509 log_start
510 show_hint "Fails since address on loopback device is out of device scope"
511 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
512 log_test_addr ${a} $? 1 "ping local, device bind"
513 done
514
515 #
516 # ip rule blocks reachability to remote address
517 #
518 log_start
519 setup_cmd ip rule add pref 32765 from all lookup local
520 setup_cmd ip rule del pref 0 from all lookup local
521 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
522 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
523
524 a=${NSB_LO_IP}
525 run_cmd ping -c1 -w1 ${a}
526 log_test_addr ${a} $? 2 "ping out, blocked by rule"
527
528 # NOTE: ipv4 actually allows the lookup to fail and yet still create
529 # a viable rtable if the oif (e.g., bind to device) is set, so this
530 # case succeeds despite the rule
531 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
532
533 a=${NSA_LO_IP}
534 log_start
535 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
536 run_cmd_nsb ping -c1 -w1 ${a}
537 log_test_addr ${a} $? 1 "ping in, blocked by rule"
538
539 [ "$VERBOSE" = "1" ] && echo
540 setup_cmd ip rule del pref 32765 from all lookup local
541 setup_cmd ip rule add pref 0 from all lookup local
542 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
543 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
544
545 #
546 # route blocks reachability to remote address
547 #
548 log_start
549 setup_cmd ip route replace unreachable ${NSB_LO_IP}
550 setup_cmd ip route replace unreachable ${NSB_IP}
551
552 a=${NSB_LO_IP}
553 run_cmd ping -c1 -w1 ${a}
554 log_test_addr ${a} $? 2 "ping out, blocked by route"
555
556 # NOTE: ipv4 actually allows the lookup to fail and yet still create
557 # a viable rtable if the oif (e.g., bind to device) is set, so this
558 # case succeeds despite not having a route for the address
559 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
560
561 a=${NSA_LO_IP}
562 log_start
563 show_hint "Response is dropped (or arp request is ignored) due to ip route"
564 run_cmd_nsb ping -c1 -w1 ${a}
565 log_test_addr ${a} $? 1 "ping in, blocked by route"
566
567 #
568 # remove 'remote' routes; fallback to default
569 #
570 log_start
571 setup_cmd ip ro del ${NSB_LO_IP}
572
573 a=${NSB_LO_IP}
574 run_cmd ping -c1 -w1 ${a}
575 log_test_addr ${a} $? 2 "ping out, unreachable default route"
576
577 # NOTE: ipv4 actually allows the lookup to fail and yet still create
578 # a viable rtable if the oif (e.g., bind to device) is set, so this
579 # case succeeds despite not having a route for the address
580 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
581}
582
583ipv4_ping_vrf()
584{
585 local a
586
587 # should default on; does not exist on older kernels
588 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
589
590 #
591 # out
592 #
593 for a in ${NSB_IP} ${NSB_LO_IP}
594 do
595 log_start
596 run_cmd ping -c1 -w1 -I ${VRF} ${a}
597 log_test_addr ${a} $? 0 "ping out, VRF bind"
598
599 log_start
600 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
601 log_test_addr ${a} $? 0 "ping out, device bind"
602
603 log_start
604 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
605 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
606
607 log_start
608 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
609 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
610 done
611
612 #
613 # in
614 #
615 for a in ${NSA_IP} ${VRF_IP}
616 do
617 log_start
618 run_cmd_nsb ping -c1 -w1 ${a}
619 log_test_addr ${a} $? 0 "ping in"
620 done
621
622 #
623 # local traffic, local address
624 #
625 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
626 do
627 log_start
628 show_hint "Source address should be ${a}"
629 run_cmd ping -c1 -w1 -I ${VRF} ${a}
630 log_test_addr ${a} $? 0 "ping local, VRF bind"
631 done
632
633 #
634 # local traffic, socket bound to device
635 #
636 # address on device
637 a=${NSA_IP}
638 log_start
639 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
640 log_test_addr ${a} $? 0 "ping local, device bind"
641
642 # vrf device is out of scope
643 for a in ${VRF_IP} 127.0.0.1
644 do
645 log_start
646 show_hint "Fails since address on vrf device is out of device scope"
647 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
648 log_test_addr ${a} $? 1 "ping local, device bind"
649 done
650
651 #
652 # ip rule blocks address
653 #
654 log_start
655 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
656 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
657
658 a=${NSB_LO_IP}
659 run_cmd ping -c1 -w1 -I ${VRF} ${a}
660 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
661
662 log_start
663 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
664 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
665
666 a=${NSA_LO_IP}
667 log_start
668 show_hint "Response lost due to ip rule"
669 run_cmd_nsb ping -c1 -w1 ${a}
670 log_test_addr ${a} $? 1 "ping in, blocked by rule"
671
672 [ "$VERBOSE" = "1" ] && echo
673 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
674 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
675
676 #
677 # remove 'remote' routes; fallback to default
678 #
679 log_start
680 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
681
682 a=${NSB_LO_IP}
683 run_cmd ping -c1 -w1 -I ${VRF} ${a}
684 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
685
686 log_start
687 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
688 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
689
690 a=${NSA_LO_IP}
691 log_start
692 show_hint "Response lost by unreachable route"
693 run_cmd_nsb ping -c1 -w1 ${a}
694 log_test_addr ${a} $? 1 "ping in, unreachable route"
695}
696
697ipv4_ping()
698{
699 log_section "IPv4 ping"
700
701 log_subsection "No VRF"
702 setup
703 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
704 ipv4_ping_novrf
705 setup
706 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
707 ipv4_ping_novrf
708
709 log_subsection "With VRF"
710 setup "yes"
711 ipv4_ping_vrf
712}
713
714################################################################################
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]715# IPv4 TCP
716
717ipv4_tcp_novrf()
718{
719 local a
720
721 #
722 # server tests
723 #
724 for a in ${NSA_IP} ${NSA_LO_IP}
725 do
726 log_start
727 run_cmd nettest -s &
728 sleep 1
729 run_cmd_nsb nettest -r ${a}
730 log_test_addr ${a} $? 0 "Global server"
731 done
732
733 a=${NSA_IP}
734 log_start
735 run_cmd nettest -s -d ${NSA_DEV} &
736 sleep 1
737 run_cmd_nsb nettest -r ${a}
738 log_test_addr ${a} $? 0 "Device server"
739
740 # verify TCP reset sent and received
741 for a in ${NSA_IP} ${NSA_LO_IP}
742 do
743 log_start
744 show_hint "Should fail 'Connection refused' since there is no server"
745 run_cmd_nsb nettest -r ${a}
746 log_test_addr ${a} $? 1 "No server"
747 done
748
749 #
750 # client
751 #
752 for a in ${NSB_IP} ${NSB_LO_IP}
753 do
754 log_start
755 run_cmd_nsb nettest -s &
756 sleep 1
757 run_cmd nettest -r ${a} -0 ${NSA_IP}
758 log_test_addr ${a} $? 0 "Client"
759
760 log_start
761 run_cmd_nsb nettest -s &
762 sleep 1
763 run_cmd nettest -r ${a} -d ${NSA_DEV}
764 log_test_addr ${a} $? 0 "Client, device bind"
765
766 log_start
767 show_hint "Should fail 'Connection refused'"
768 run_cmd nettest -r ${a}
769 log_test_addr ${a} $? 1 "No server, unbound client"
770
771 log_start
772 show_hint "Should fail 'Connection refused'"
773 run_cmd nettest -r ${a} -d ${NSA_DEV}
774 log_test_addr ${a} $? 1 "No server, device client"
775 done
776
777 #
778 # local address tests
779 #
780 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
781 do
782 log_start
783 run_cmd nettest -s &
784 sleep 1
785 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
786 log_test_addr ${a} $? 0 "Global server, local connection"
787 done
788
789 a=${NSA_IP}
790 log_start
791 run_cmd nettest -s -d ${NSA_DEV} &
792 sleep 1
793 run_cmd nettest -r ${a} -0 ${a}
794 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
795
796 for a in ${NSA_LO_IP} 127.0.0.1
797 do
798 log_start
799 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
800 run_cmd nettest -s -d ${NSA_DEV} &
801 sleep 1
802 run_cmd nettest -r ${a}
803 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
804 done
805
806 a=${NSA_IP}
807 log_start
808 run_cmd nettest -s &
809 sleep 1
810 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
811 log_test_addr ${a} $? 0 "Global server, device client, local connection"
812
813 for a in ${NSA_LO_IP} 127.0.0.1
814 do
815 log_start
816 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
817 run_cmd nettest -s &
818 sleep 1
819 run_cmd nettest -r ${a} -d ${NSA_DEV}
820 log_test_addr ${a} $? 1 "Global server, device client, local connection"
821 done
822
823 a=${NSA_IP}
824 log_start
825 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
826 sleep 1
827 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
828 log_test_addr ${a} $? 0 "Device server, device client, local connection"
829
830 log_start
831 show_hint "Should fail 'Connection refused'"
832 run_cmd nettest -d ${NSA_DEV} -r ${a}
833 log_test_addr ${a} $? 1 "No server, device client, local conn"
834}
835
836ipv4_tcp_vrf()
837{
838 local a
839
840 # disable global server
841 log_subsection "Global server disabled"
842
843 set_sysctl net.ipv4.tcp_l3mdev_accept=0
844
845 #
846 # server tests
847 #
848 for a in ${NSA_IP} ${VRF_IP}
849 do
850 log_start
851 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
852 run_cmd nettest -s &
853 sleep 1
854 run_cmd_nsb nettest -r ${a}
855 log_test_addr ${a} $? 1 "Global server"
856
857 log_start
858 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
859 sleep 1
860 run_cmd_nsb nettest -r ${a}
861 log_test_addr ${a} $? 0 "VRF server"
862
863 log_start
864 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
865 sleep 1
866 run_cmd_nsb nettest -r ${a}
867 log_test_addr ${a} $? 0 "Device server"
868
869 # verify TCP reset received
870 log_start
871 show_hint "Should fail 'Connection refused' since there is no server"
872 run_cmd_nsb nettest -r ${a}
873 log_test_addr ${a} $? 1 "No server"
874 done
875
876 # local address tests
877 # (${VRF_IP} and 127.0.0.1 both timeout)
878 a=${NSA_IP}
879 log_start
880 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
881 run_cmd nettest -s &
882 sleep 1
883 run_cmd nettest -r ${a} -d ${NSA_DEV}
884 log_test_addr ${a} $? 1 "Global server, local connection"
885
886 #
887 # enable VRF global server
888 #
889 log_subsection "VRF Global server enabled"
890 set_sysctl net.ipv4.tcp_l3mdev_accept=1
891
892 for a in ${NSA_IP} ${VRF_IP}
893 do
894 log_start
895 show_hint "client socket should be bound to VRF"
896 run_cmd nettest -s -2 ${VRF} &
897 sleep 1
898 run_cmd_nsb nettest -r ${a}
899 log_test_addr ${a} $? 0 "Global server"
900
901 log_start
902 show_hint "client socket should be bound to VRF"
903 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
904 sleep 1
905 run_cmd_nsb nettest -r ${a}
906 log_test_addr ${a} $? 0 "VRF server"
907
908 # verify TCP reset received
909 log_start
910 show_hint "Should fail 'Connection refused'"
911 run_cmd_nsb nettest -r ${a}
912 log_test_addr ${a} $? 1 "No server"
913 done
914
915 a=${NSA_IP}
916 log_start
917 show_hint "client socket should be bound to device"
918 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
919 sleep 1
920 run_cmd_nsb nettest -r ${a}
921 log_test_addr ${a} $? 0 "Device server"
922
923 # local address tests
924 for a in ${NSA_IP} ${VRF_IP}
925 do
926 log_start
927 show_hint "Should fail 'No route to host' since client is not bound to VRF"
928 run_cmd nettest -s -2 ${VRF} &
929 sleep 1
930 run_cmd nettest -r ${a}
931 log_test_addr ${a} $? 1 "Global server, local connection"
932 done
933
934 #
935 # client
936 #
937 for a in ${NSB_IP} ${NSB_LO_IP}
938 do
939 log_start
940 run_cmd_nsb nettest -s &
941 sleep 1
942 run_cmd nettest -r ${a} -d ${VRF}
943 log_test_addr ${a} $? 0 "Client, VRF bind"
944
945 log_start
946 run_cmd_nsb nettest -s &
947 sleep 1
948 run_cmd nettest -r ${a} -d ${NSA_DEV}
949 log_test_addr ${a} $? 0 "Client, device bind"
950
951 log_start
952 show_hint "Should fail 'Connection refused'"
953 run_cmd nettest -r ${a} -d ${VRF}
954 log_test_addr ${a} $? 1 "No server, VRF client"
955
956 log_start
957 show_hint "Should fail 'Connection refused'"
958 run_cmd nettest -r ${a} -d ${NSA_DEV}
959 log_test_addr ${a} $? 1 "No server, device client"
960 done
961
962 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
963 do
964 log_start
965 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
966 sleep 1
967 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
968 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
969 done
970
971 a=${NSA_IP}
972 log_start
973 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
974 sleep 1
975 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
976 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
977
978 log_start
979 show_hint "Should fail 'No route to host' since client is out of VRF scope"
980 run_cmd nettest -s -d ${VRF} &
981 sleep 1
982 run_cmd nettest -r ${a}
983 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
984
985 log_start
986 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
987 sleep 1
988 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
989 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
990
991 log_start
992 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
993 sleep 1
994 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
995 log_test_addr ${a} $? 0 "Device server, device client, local connection"
996}
997
998ipv4_tcp()
999{
1000 log_section "IPv4/TCP"
1001
1002 which nettest >/dev/null
1003 if [ $? -ne 0 ]; then
1004 log_error "nettest not found; skipping tests"
1005 return
1006 fi
1007
1008 log_subsection "No VRF"
1009 setup
1010
1011 # tcp_l3mdev_accept should have no affect without VRF;
1012 # run tests with it enabled and disabled to verify
1013 log_subsection "tcp_l3mdev_accept disabled"
1014 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1015 ipv4_tcp_novrf
1016 log_subsection "tcp_l3mdev_accept enabled"
1017 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1018 ipv4_tcp_novrf
1019
1020 log_subsection "With VRF"
1021 setup "yes"
1022 ipv4_tcp_vrf
1023}
1024
1025################################################################################
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1026# IPv4 UDP
1027
1028ipv4_udp_novrf()
1029{
1030 local a
1031
1032 #
1033 # server tests
1034 #
1035 for a in ${NSA_IP} ${NSA_LO_IP}
1036 do
1037 log_start
1038 run_cmd nettest -D -s -2 ${NSA_DEV} &
1039 sleep 1
1040 run_cmd_nsb nettest -D -r ${a}
1041 log_test_addr ${a} $? 0 "Global server"
1042
1043 log_start
1044 show_hint "Should fail 'Connection refused' since there is no server"
1045 run_cmd_nsb nettest -D -r ${a}
1046 log_test_addr ${a} $? 1 "No server"
1047 done
1048
1049 a=${NSA_IP}
1050 log_start
1051 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1052 sleep 1
1053 run_cmd_nsb nettest -D -r ${a}
1054 log_test_addr ${a} $? 0 "Device server"
1055
1056 #
1057 # client
1058 #
1059 for a in ${NSB_IP} ${NSB_LO_IP}
1060 do
1061 log_start
1062 run_cmd_nsb nettest -D -s &
1063 sleep 1
1064 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1065 log_test_addr ${a} $? 0 "Client"
1066
1067 log_start
1068 run_cmd_nsb nettest -D -s &
1069 sleep 1
1070 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1071 log_test_addr ${a} $? 0 "Client, device bind"
1072
1073 log_start
1074 run_cmd_nsb nettest -D -s &
1075 sleep 1
1076 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1077 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1078
1079 log_start
1080 run_cmd_nsb nettest -D -s &
1081 sleep 1
1082 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1083 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1084
1085 log_start
1086 show_hint "Should fail 'Connection refused'"
1087 run_cmd nettest -D -r ${a}
1088 log_test_addr ${a} $? 1 "No server, unbound client"
1089
1090 log_start
1091 show_hint "Should fail 'Connection refused'"
1092 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1093 log_test_addr ${a} $? 1 "No server, device client"
1094 done
1095
1096 #
1097 # local address tests
1098 #
1099 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1100 do
1101 log_start
1102 run_cmd nettest -D -s &
1103 sleep 1
1104 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1105 log_test_addr ${a} $? 0 "Global server, local connection"
1106 done
1107
1108 a=${NSA_IP}
1109 log_start
1110 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1111 sleep 1
1112 run_cmd nettest -D -r ${a}
1113 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1114
1115 for a in ${NSA_LO_IP} 127.0.0.1
1116 do
1117 log_start
1118 show_hint "Should fail 'Connection refused' since address is out of device scope"
1119 run_cmd nettest -s -D -d ${NSA_DEV} &
1120 sleep 1
1121 run_cmd nettest -D -r ${a}
1122 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1123 done
1124
1125 a=${NSA_IP}
1126 log_start
1127 run_cmd nettest -s -D &
1128 sleep 1
1129 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1130 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1131
1132 log_start
1133 run_cmd nettest -s -D &
1134 sleep 1
1135 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1136 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1137
1138 log_start
1139 run_cmd nettest -s -D &
1140 sleep 1
1141 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1142 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1143
1144 # IPv4 with device bind has really weird behavior - it overrides the
1145 # fib lookup, generates an rtable and tries to send the packet. This
1146 # causes failures for local traffic at different places
1147 for a in ${NSA_LO_IP} 127.0.0.1
1148 do
1149 log_start
1150 show_hint "Should fail since addresses on loopback are out of device scope"
1151 run_cmd nettest -D -s &
1152 sleep 1
1153 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1154 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1155
1156 log_start
1157 show_hint "Should fail since addresses on loopback are out of device scope"
1158 run_cmd nettest -D -s &
1159 sleep 1
1160 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1161 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1162
1163 log_start
1164 show_hint "Should fail since addresses on loopback are out of device scope"
1165 run_cmd nettest -D -s &
1166 sleep 1
1167 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1168 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1169 done
1170
1171 a=${NSA_IP}
1172 log_start
1173 run_cmd nettest -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1174 sleep 1
1175 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1176 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1177
1178 log_start
1179 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1180 log_test_addr ${a} $? 2 "No server, device client, local conn"
1181}
1182
1183ipv4_udp_vrf()
1184{
1185 local a
1186
1187 # disable global server
1188 log_subsection "Global server disabled"
1189 set_sysctl net.ipv4.udp_l3mdev_accept=0
1190
1191 #
1192 # server tests
1193 #
1194 for a in ${NSA_IP} ${VRF_IP}
1195 do
1196 log_start
1197 show_hint "Fails because ingress is in a VRF and global server is disabled"
1198 run_cmd nettest -D -s &
1199 sleep 1
1200 run_cmd_nsb nettest -D -r ${a}
1201 log_test_addr ${a} $? 1 "Global server"
1202
1203 log_start
1204 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1205 sleep 1
1206 run_cmd_nsb nettest -D -r ${a}
1207 log_test_addr ${a} $? 0 "VRF server"
1208
1209 log_start
1210 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1211 sleep 1
1212 run_cmd_nsb nettest -D -r ${a}
1213 log_test_addr ${a} $? 0 "Enslaved device server"
1214
1215 log_start
1216 show_hint "Should fail 'Connection refused' since there is no server"
1217 run_cmd_nsb nettest -D -r ${a}
1218 log_test_addr ${a} $? 1 "No server"
1219
1220 log_start
1221 show_hint "Should fail 'Connection refused' since global server is out of scope"
1222 run_cmd nettest -D -s &
1223 sleep 1
1224 run_cmd nettest -D -d ${VRF} -r ${a}
1225 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1226 done
1227
1228 a=${NSA_IP}
1229 log_start
1230 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1231 sleep 1
1232 run_cmd nettest -D -d ${VRF} -r ${a}
1233 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1234
1235 log_start
1236 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1237 sleep 1
1238 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1239 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1240
1241 a=${NSA_IP}
1242 log_start
1243 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1244 sleep 1
1245 run_cmd nettest -D -d ${VRF} -r ${a}
1246 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1247
1248 log_start
1249 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1250 sleep 1
1251 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1252 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1253
1254 # enable global server
1255 log_subsection "Global server enabled"
1256 set_sysctl net.ipv4.udp_l3mdev_accept=1
1257
1258 #
1259 # server tests
1260 #
1261 for a in ${NSA_IP} ${VRF_IP}
1262 do
1263 log_start
1264 run_cmd nettest -D -s -2 ${NSA_DEV} &
1265 sleep 1
1266 run_cmd_nsb nettest -D -r ${a}
1267 log_test_addr ${a} $? 0 "Global server"
1268
1269 log_start
1270 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1271 sleep 1
1272 run_cmd_nsb nettest -D -r ${a}
1273 log_test_addr ${a} $? 0 "VRF server"
1274
1275 log_start
1276 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1277 sleep 1
1278 run_cmd_nsb nettest -D -r ${a}
1279 log_test_addr ${a} $? 0 "Enslaved device server"
1280
1281 log_start
1282 show_hint "Should fail 'Connection refused'"
1283 run_cmd_nsb nettest -D -r ${a}
1284 log_test_addr ${a} $? 1 "No server"
1285 done
1286
1287 #
1288 # client tests
1289 #
1290 log_start
1291 run_cmd_nsb nettest -D -s &
1292 sleep 1
1293 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1294 log_test $? 0 "VRF client"
1295
1296 log_start
1297 run_cmd_nsb nettest -D -s &
1298 sleep 1
1299 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1300 log_test $? 0 "Enslaved device client"
1301
1302 # negative test - should fail
1303 log_start
1304 show_hint "Should fail 'Connection refused'"
1305 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1306 log_test $? 1 "No server, VRF client"
1307
1308 log_start
1309 show_hint "Should fail 'Connection refused'"
1310 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1311 log_test $? 1 "No server, enslaved device client"
1312
1313 #
1314 # local address tests
1315 #
1316 a=${NSA_IP}
1317 log_start
1318 run_cmd nettest -D -s -2 ${NSA_DEV} &
1319 sleep 1
1320 run_cmd nettest -D -d ${VRF} -r ${a}
1321 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1322
1323 log_start
1324 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1325 sleep 1
1326 run_cmd nettest -D -d ${VRF} -r ${a}
1327 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1328
1329 log_start
1330 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1331 sleep 1
1332 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1333 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1334
1335 log_start
1336 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1337 sleep 1
1338 run_cmd nettest -D -d ${VRF} -r ${a}
1339 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1340
1341 log_start
1342 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1343 sleep 1
1344 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1345 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1346
1347 for a in ${VRF_IP} 127.0.0.1
1348 do
1349 log_start
1350 run_cmd nettest -D -s -2 ${VRF} &
1351 sleep 1
1352 run_cmd nettest -D -d ${VRF} -r ${a}
1353 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1354 done
1355
1356 for a in ${VRF_IP} 127.0.0.1
1357 do
1358 log_start
1359 run_cmd nettest -s -D -d ${VRF} -2 ${VRF} &
1360 sleep 1
1361 run_cmd nettest -D -d ${VRF} -r ${a}
1362 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1363 done
1364
1365 # negative test - should fail
1366 # verifies ECONNREFUSED
1367 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1368 do
1369 log_start
1370 show_hint "Should fail 'Connection refused'"
1371 run_cmd nettest -D -d ${VRF} -r ${a}
1372 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1373 done
1374}
1375
1376ipv4_udp()
1377{
1378 which nettest >/dev/null
1379 if [ $? -ne 0 ]; then
1380 log_error "nettest not found; skipping tests"
1381 return
1382 fi
1383
1384 log_section "IPv4/UDP"
1385 log_subsection "No VRF"
1386
1387 setup
1388
1389 # udp_l3mdev_accept should have no affect without VRF;
1390 # run tests with it enabled and disabled to verify
1391 log_subsection "udp_l3mdev_accept disabled"
1392 set_sysctl net.ipv4.udp_l3mdev_accept=0
1393 ipv4_udp_novrf
1394 log_subsection "udp_l3mdev_accept enabled"
1395 set_sysctl net.ipv4.udp_l3mdev_accept=1
1396 ipv4_udp_novrf
1397
1398 log_subsection "With VRF"
1399 setup "yes"
1400 ipv4_udp_vrf
1401}
1402
1403################################################################################
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1404# IPv4 address bind
1405#
1406# verifies ability or inability to bind to an address / device
1407
1408ipv4_addr_bind_novrf()
1409{
1410 #
1411 # raw socket
1412 #
1413 for a in ${NSA_IP} ${NSA_LO_IP}
1414 do
1415 log_start
1416 run_cmd nettest -s -R -P icmp -l ${a} -b
1417 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1418
1419 log_start
1420 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1421 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1422 done
1423
1424 #
1425 # tcp sockets
1426 #
1427 a=${NSA_IP}
1428 log_start
1429 run_cmd nettest -l ${a} -r ${NSB_IP} -t1 -b
1430 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1431
1432 log_start
1433 run_cmd nettest -l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1434 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1435
1436 # Sadly, the kernel allows binding a socket to a device and then
1437 # binding to an address not on the device. The only restriction
1438 # is that the address is valid in the L3 domain. So this test
1439 # passes when it really should not
1440 #a=${NSA_LO_IP}
1441 #log_start
1442 #show_hint "Should fail with 'Cannot assign requested address'"
1443 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1444 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1445}
1446
1447ipv4_addr_bind_vrf()
1448{
1449 #
1450 # raw socket
1451 #
1452 for a in ${NSA_IP} ${VRF_IP}
1453 do
1454 log_start
1455 run_cmd nettest -s -R -P icmp -l ${a} -b
1456 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1457
1458 log_start
1459 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1460 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1461 log_start
1462 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1463 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1464 done
1465
1466 a=${NSA_LO_IP}
1467 log_start
1468 show_hint "Address on loopback is out of VRF scope"
1469 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1470 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1471
1472 #
1473 # tcp sockets
1474 #
1475 for a in ${NSA_IP} ${VRF_IP}
1476 do
1477 log_start
1478 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1479 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1480
1481 log_start
1482 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1483 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1484 done
1485
1486 a=${NSA_LO_IP}
1487 log_start
1488 show_hint "Address on loopback out of scope for VRF"
1489 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1490 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1491
1492 log_start
1493 show_hint "Address on loopback out of scope for device in VRF"
1494 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1495 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1496}
1497
1498ipv4_addr_bind()
1499{
1500 log_section "IPv4 address binds"
1501
1502 log_subsection "No VRF"
1503 setup
1504 ipv4_addr_bind_novrf
1505
1506 log_subsection "With VRF"
1507 setup "yes"
1508 ipv4_addr_bind_vrf
1509}
1510
1511################################################################################
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1512# IPv4 runtime tests
1513
1514ipv4_rt()
1515{
1516 local desc="$1"
1517 local varg="$2"
1518 local with_vrf="yes"
1519 local a
1520
1521 #
1522 # server tests
1523 #
1524 for a in ${NSA_IP} ${VRF_IP}
1525 do
1526 log_start
1527 run_cmd nettest ${varg} -s &
1528 sleep 1
1529 run_cmd_nsb nettest ${varg} -r ${a} &
1530 sleep 3
1531 run_cmd ip link del ${VRF}
1532 sleep 1
1533 log_test_addr ${a} 0 0 "${desc}, global server"
1534
1535 setup ${with_vrf}
1536 done
1537
1538 for a in ${NSA_IP} ${VRF_IP}
1539 do
1540 log_start
1541 run_cmd nettest ${varg} -s -d ${VRF} &
1542 sleep 1
1543 run_cmd_nsb nettest ${varg} -r ${a} &
1544 sleep 3
1545 run_cmd ip link del ${VRF}
1546 sleep 1
1547 log_test_addr ${a} 0 0 "${desc}, VRF server"
1548
1549 setup ${with_vrf}
1550 done
1551
1552 a=${NSA_IP}
1553 log_start
1554 run_cmd nettest ${varg} -s -d ${NSA_DEV} &
1555 sleep 1
1556 run_cmd_nsb nettest ${varg} -r ${a} &
1557 sleep 3
1558 run_cmd ip link del ${VRF}
1559 sleep 1
1560 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1561
1562 setup ${with_vrf}
1563
1564 #
1565 # client test
1566 #
1567 log_start
1568 run_cmd_nsb nettest ${varg} -s &
1569 sleep 1
1570 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
1571 sleep 3
1572 run_cmd ip link del ${VRF}
1573 sleep 1
1574 log_test_addr ${a} 0 0 "${desc}, VRF client"
1575
1576 setup ${with_vrf}
1577
1578 log_start
1579 run_cmd_nsb nettest ${varg} -s &
1580 sleep 1
1581 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1582 sleep 3
1583 run_cmd ip link del ${VRF}
1584 sleep 1
1585 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1586
1587 setup ${with_vrf}
1588
1589 #
1590 # local address tests
1591 #
1592 for a in ${NSA_IP} ${VRF_IP}
1593 do
1594 log_start
1595 run_cmd nettest ${varg} -s &
1596 sleep 1
1597 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1598 sleep 3
1599 run_cmd ip link del ${VRF}
1600 sleep 1
1601 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1602
1603 setup ${with_vrf}
1604 done
1605
1606 for a in ${NSA_IP} ${VRF_IP}
1607 do
1608 log_start
1609 run_cmd nettest ${varg} -d ${VRF} -s &
1610 sleep 1
1611 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1612 sleep 3
1613 run_cmd ip link del ${VRF}
1614 sleep 1
1615 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1616
1617 setup ${with_vrf}
1618 done
1619
1620 a=${NSA_IP}
1621 log_start
1622 run_cmd nettest ${varg} -s &
1623 sleep 1
1624 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1625 sleep 3
1626 run_cmd ip link del ${VRF}
1627 sleep 1
1628 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
1629
1630 setup ${with_vrf}
1631
1632 log_start
1633 run_cmd nettest ${varg} -d ${VRF} -s &
1634 sleep 1
1635 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1636 sleep 3
1637 run_cmd ip link del ${VRF}
1638 sleep 1
1639 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1640
1641 setup ${with_vrf}
1642
1643 log_start
1644 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
1645 sleep 1
1646 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1647 sleep 3
1648 run_cmd ip link del ${VRF}
1649 sleep 1
1650 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
1651}
1652
1653ipv4_ping_rt()
1654{
1655 local with_vrf="yes"
1656 local a
1657
1658 for a in ${NSA_IP} ${VRF_IP}
1659 do
1660 log_start
1661 run_cmd_nsb ping -f ${a} &
1662 sleep 3
1663 run_cmd ip link del ${VRF}
1664 sleep 1
1665 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
1666
1667 setup ${with_vrf}
1668 done
1669
1670 a=${NSB_IP}
1671 log_start
1672 run_cmd ping -f -I ${VRF} ${a} &
1673 sleep 3
1674 run_cmd ip link del ${VRF}
1675 sleep 1
1676 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
1677}
1678
1679ipv4_runtime()
1680{
1681 log_section "Run time tests - ipv4"
1682
1683 setup "yes"
1684 ipv4_ping_rt
1685
1686 setup "yes"
1687 ipv4_rt "TCP active socket" "-n -1"
1688
1689 setup "yes"
1690 ipv4_rt "TCP passive socket" "-i"
1691}
1692
1693################################################################################
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]1694# IPv6
1695
1696ipv6_ping_novrf()
1697{
1698 local a
1699
1700 # should not have an impact, but make a known state
1701 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
1702
1703 #
1704 # out
1705 #
1706 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1707 do
1708 log_start
1709 run_cmd ${ping6} -c1 -w1 ${a}
1710 log_test_addr ${a} $? 0 "ping out"
1711 done
1712
1713 for a in ${NSB_IP6} ${NSB_LO_IP6}
1714 do
1715 log_start
1716 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1717 log_test_addr ${a} $? 0 "ping out, device bind"
1718
1719 log_start
1720 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
1721 log_test_addr ${a} $? 0 "ping out, loopback address bind"
1722 done
1723
1724 #
1725 # in
1726 #
1727 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1728 do
1729 log_start
1730 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1731 log_test_addr ${a} $? 0 "ping in"
1732 done
1733
1734 #
1735 # local traffic, local address
1736 #
1737 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1738 do
1739 log_start
1740 run_cmd ${ping6} -c1 -w1 ${a}
1741 log_test_addr ${a} $? 0 "ping local, no bind"
1742 done
1743
1744 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1745 do
1746 log_start
1747 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1748 log_test_addr ${a} $? 0 "ping local, device bind"
1749 done
1750
1751 for a in ${NSA_LO_IP6} ::1
1752 do
1753 log_start
1754 show_hint "Fails since address on loopback is out of device scope"
1755 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1756 log_test_addr ${a} $? 2 "ping local, device bind"
1757 done
1758
1759 #
1760 # ip rule blocks address
1761 #
1762 log_start
1763 setup_cmd ip -6 rule add pref 32765 from all lookup local
1764 setup_cmd ip -6 rule del pref 0 from all lookup local
1765 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
1766 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
1767
1768 a=${NSB_LO_IP6}
1769 run_cmd ${ping6} -c1 -w1 ${a}
1770 log_test_addr ${a} $? 2 "ping out, blocked by rule"
1771
1772 log_start
1773 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1774 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
1775
1776 a=${NSA_LO_IP6}
1777 log_start
1778 show_hint "Response lost due to ip rule"
1779 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1780 log_test_addr ${a} $? 1 "ping in, blocked by rule"
1781
1782 setup_cmd ip -6 rule add pref 0 from all lookup local
1783 setup_cmd ip -6 rule del pref 32765 from all lookup local
1784 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
1785 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
1786
1787 #
1788 # route blocks reachability to remote address
1789 #
1790 log_start
1791 setup_cmd ip -6 route del ${NSB_LO_IP6}
1792 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
1793 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
1794
1795 a=${NSB_LO_IP6}
1796 run_cmd ${ping6} -c1 -w1 ${a}
1797 log_test_addr ${a} $? 2 "ping out, blocked by route"
1798
1799 log_start
1800 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1801 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
1802
1803 a=${NSA_LO_IP6}
1804 log_start
1805 show_hint "Response lost due to ip route"
1806 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1807 log_test_addr ${a} $? 1 "ping in, blocked by route"
1808
1809
1810 #
1811 # remove 'remote' routes; fallback to default
1812 #
1813 log_start
1814 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
1815 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
1816
1817 a=${NSB_LO_IP6}
1818 run_cmd ${ping6} -c1 -w1 ${a}
1819 log_test_addr ${a} $? 2 "ping out, unreachable route"
1820
1821 log_start
1822 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1823 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
1824}
1825
1826ipv6_ping_vrf()
1827{
1828 local a
1829
1830 # should default on; does not exist on older kernels
1831 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
1832
1833 #
1834 # out
1835 #
1836 for a in ${NSB_IP6} ${NSB_LO_IP6}
1837 do
1838 log_start
1839 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
1840 log_test_addr ${a} $? 0 "ping out, VRF bind"
1841 done
1842
1843 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
1844 do
1845 log_start
1846 show_hint "Fails since VRF device does not support linklocal or multicast"
1847 run_cmd ${ping6} -c1 -w1 ${a}
1848 log_test_addr ${a} $? 2 "ping out, VRF bind"
1849 done
1850
1851 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1852 do
1853 log_start
1854 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1855 log_test_addr ${a} $? 0 "ping out, device bind"
1856 done
1857
1858 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
1859 do
1860 log_start
1861 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
1862 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
1863 done
1864
1865 #
1866 # in
1867 #
1868 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1869 do
1870 log_start
1871 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1872 log_test_addr ${a} $? 0 "ping in"
1873 done
1874
1875 a=${NSA_LO_IP6}
1876 log_start
1877 show_hint "Fails since loopback address is out of VRF scope"
1878 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1879 log_test_addr ${a} $? 1 "ping in"
1880
1881 #
1882 # local traffic, local address
1883 #
1884 for a in ${NSA_IP6} ${VRF_IP6} ::1
1885 do
1886 log_start
1887 show_hint "Source address should be ${a}"
1888 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
1889 log_test_addr ${a} $? 0 "ping local, VRF bind"
1890 done
1891
1892 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1893 do
1894 log_start
1895 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1896 log_test_addr ${a} $? 0 "ping local, device bind"
1897 done
1898
1899 # LLA to GUA - remove ipv6 global addresses from ns-B
1900 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
1901 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
1902 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1903
1904 for a in ${NSA_IP6} ${VRF_IP6}
1905 do
1906 log_start
1907 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
1908 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
1909 done
1910
1911 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1912 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
1913 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
1914
1915 #
1916 # ip rule blocks address
1917 #
1918 log_start
1919 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
1920 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
1921
1922 a=${NSB_LO_IP6}
1923 run_cmd ${ping6} -c1 -w1 ${a}
1924 log_test_addr ${a} $? 2 "ping out, blocked by rule"
1925
1926 log_start
1927 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1928 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
1929
1930 a=${NSA_LO_IP6}
1931 log_start
1932 show_hint "Response lost due to ip rule"
1933 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1934 log_test_addr ${a} $? 1 "ping in, blocked by rule"
1935
1936 log_start
1937 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
1938 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
1939
1940 #
1941 # remove 'remote' routes; fallback to default
1942 #
1943 log_start
1944 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
1945
1946 a=${NSB_LO_IP6}
1947 run_cmd ${ping6} -c1 -w1 ${a}
1948 log_test_addr ${a} $? 2 "ping out, unreachable route"
1949
1950 log_start
1951 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1952 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
1953
1954 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
1955 a=${NSA_LO_IP6}
1956 log_start
1957 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1958 log_test_addr ${a} $? 2 "ping in, unreachable route"
1959}
1960
1961ipv6_ping()
1962{
1963 log_section "IPv6 ping"
1964
1965 log_subsection "No VRF"
1966 setup
1967 ipv6_ping_novrf
1968
1969 log_subsection "With VRF"
1970 setup "yes"
1971 ipv6_ping_vrf
1972}
1973
1974################################################################################
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]1975# IPv6 TCP
1976
1977ipv6_tcp_novrf()
1978{
1979 local a
1980
1981 #
1982 # server tests
1983 #
1984 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1985 do
1986 log_start
1987 run_cmd nettest -6 -s &
1988 sleep 1
1989 run_cmd_nsb nettest -6 -r ${a}
1990 log_test_addr ${a} $? 0 "Global server"
1991 done
1992
1993 # verify TCP reset received
1994 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1995 do
1996 log_start
1997 show_hint "Should fail 'Connection refused'"
1998 run_cmd_nsb nettest -6 -r ${a}
1999 log_test_addr ${a} $? 1 "No server"
2000 done
2001
2002 #
2003 # client
2004 #
2005 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2006 do
2007 log_start
2008 run_cmd_nsb nettest -6 -s &
2009 sleep 1
2010 run_cmd nettest -6 -r ${a}
2011 log_test_addr ${a} $? 0 "Client"
2012 done
2013
2014 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2015 do
2016 log_start
2017 run_cmd_nsb nettest -6 -s &
2018 sleep 1
2019 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2020 log_test_addr ${a} $? 0 "Client, device bind"
2021 done
2022
2023 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2024 do
2025 log_start
2026 show_hint "Should fail 'Connection refused'"
2027 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2028 log_test_addr ${a} $? 1 "No server, device client"
2029 done
2030
2031 #
2032 # local address tests
2033 #
2034 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2035 do
2036 log_start
2037 run_cmd nettest -6 -s &
2038 sleep 1
2039 run_cmd nettest -6 -r ${a}
2040 log_test_addr ${a} $? 0 "Global server, local connection"
2041 done
2042
2043 a=${NSA_IP6}
2044 log_start
2045 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2046 sleep 1
2047 run_cmd nettest -6 -r ${a} -0 ${a}
2048 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2049
2050 for a in ${NSA_LO_IP6} ::1
2051 do
2052 log_start
2053 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2054 run_cmd nettest -6 -s -d ${NSA_DEV} &
2055 sleep 1
2056 run_cmd nettest -6 -r ${a}
2057 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2058 done
2059
2060 a=${NSA_IP6}
2061 log_start
2062 run_cmd nettest -6 -s &
2063 sleep 1
2064 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2065 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2066
2067 for a in ${NSA_LO_IP6} ::1
2068 do
2069 log_start
2070 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2071 run_cmd nettest -6 -s &
2072 sleep 1
2073 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2074 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2075 done
2076
2077 for a in ${NSA_IP6} ${NSA_LINKIP6}
2078 do
2079 log_start
2080 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2081 sleep 1
2082 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2083 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2084 done
2085
2086 for a in ${NSA_IP6} ${NSA_LINKIP6}
2087 do
2088 log_start
2089 show_hint "Should fail 'Connection refused'"
2090 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2091 log_test_addr ${a} $? 1 "No server, device client, local conn"
2092 done
2093}
2094
2095ipv6_tcp_vrf()
2096{
2097 local a
2098
2099 # disable global server
2100 log_subsection "Global server disabled"
2101
2102 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2103
2104 #
2105 # server tests
2106 #
2107 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2108 do
2109 log_start
2110 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2111 run_cmd nettest -6 -s &
2112 sleep 1
2113 run_cmd_nsb nettest -6 -r ${a}
2114 log_test_addr ${a} $? 1 "Global server"
2115 done
2116
2117 for a in ${NSA_IP6} ${VRF_IP6}
2118 do
2119 log_start
2120 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2121 sleep 1
2122 run_cmd_nsb nettest -6 -r ${a}
2123 log_test_addr ${a} $? 0 "VRF server"
2124 done
2125
2126 # link local is always bound to ingress device
2127 a=${NSA_LINKIP6}%${NSB_DEV}
2128 log_start
2129 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
2130 sleep 1
2131 run_cmd_nsb nettest -6 -r ${a}
2132 log_test_addr ${a} $? 0 "VRF server"
2133
2134 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2135 do
2136 log_start
2137 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2138 sleep 1
2139 run_cmd_nsb nettest -6 -r ${a}
2140 log_test_addr ${a} $? 0 "Device server"
2141 done
2142
2143 # verify TCP reset received
2144 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2145 do
2146 log_start
2147 show_hint "Should fail 'Connection refused'"
2148 run_cmd_nsb nettest -6 -r ${a}
2149 log_test_addr ${a} $? 1 "No server"
2150 done
2151
2152 # local address tests
2153 a=${NSA_IP6}
2154 log_start
2155 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2156 run_cmd nettest -6 -s &
2157 sleep 1
2158 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2159 log_test_addr ${a} $? 1 "Global server, local connection"
2160
2161 #
2162 # enable VRF global server
2163 #
2164 log_subsection "VRF Global server enabled"
2165 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2166
2167 for a in ${NSA_IP6} ${VRF_IP6}
2168 do
2169 log_start
2170 run_cmd nettest -6 -s -2 ${VRF} &
2171 sleep 1
2172 run_cmd_nsb nettest -6 -r ${a}
2173 log_test_addr ${a} $? 0 "Global server"
2174 done
2175
2176 for a in ${NSA_IP6} ${VRF_IP6}
2177 do
2178 log_start
2179 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2180 sleep 1
2181 run_cmd_nsb nettest -6 -r ${a}
2182 log_test_addr ${a} $? 0 "VRF server"
2183 done
2184
2185 # For LLA, child socket is bound to device
2186 a=${NSA_LINKIP6}%${NSB_DEV}
2187 log_start
2188 run_cmd nettest -6 -s -2 ${NSA_DEV} &
2189 sleep 1
2190 run_cmd_nsb nettest -6 -r ${a}
2191 log_test_addr ${a} $? 0 "Global server"
2192
2193 log_start
2194 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
2195 sleep 1
2196 run_cmd_nsb nettest -6 -r ${a}
2197 log_test_addr ${a} $? 0 "VRF server"
2198
2199 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2200 do
2201 log_start
2202 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2203 sleep 1
2204 run_cmd_nsb nettest -6 -r ${a}
2205 log_test_addr ${a} $? 0 "Device server"
2206 done
2207
2208 # verify TCP reset received
2209 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2210 do
2211 log_start
2212 show_hint "Should fail 'Connection refused'"
2213 run_cmd_nsb nettest -6 -r ${a}
2214 log_test_addr ${a} $? 1 "No server"
2215 done
2216
2217 # local address tests
2218 for a in ${NSA_IP6} ${VRF_IP6}
2219 do
2220 log_start
2221 show_hint "Fails 'No route to host' since client is not in VRF"
2222 run_cmd nettest -6 -s -2 ${VRF} &
2223 sleep 1
2224 run_cmd nettest -6 -r ${a}
2225 log_test_addr ${a} $? 1 "Global server, local connection"
2226 done
2227
2228
2229 #
2230 # client
2231 #
2232 for a in ${NSB_IP6} ${NSB_LO_IP6}
2233 do
2234 log_start
2235 run_cmd_nsb nettest -6 -s &
2236 sleep 1
2237 run_cmd nettest -6 -r ${a} -d ${VRF}
2238 log_test_addr ${a} $? 0 "Client, VRF bind"
2239 done
2240
2241 a=${NSB_LINKIP6}
2242 log_start
2243 show_hint "Fails since VRF device does not allow linklocal addresses"
2244 run_cmd_nsb nettest -6 -s &
2245 sleep 1
2246 run_cmd nettest -6 -r ${a} -d ${VRF}
2247 log_test_addr ${a} $? 1 "Client, VRF bind"
2248
2249 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2250 do
2251 log_start
2252 run_cmd_nsb nettest -6 -s &
2253 sleep 1
2254 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2255 log_test_addr ${a} $? 0 "Client, device bind"
2256 done
2257
2258 for a in ${NSB_IP6} ${NSB_LO_IP6}
2259 do
2260 log_start
2261 show_hint "Should fail 'Connection refused'"
2262 run_cmd nettest -6 -r ${a} -d ${VRF}
2263 log_test_addr ${a} $? 1 "No server, VRF client"
2264 done
2265
2266 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2267 do
2268 log_start
2269 show_hint "Should fail 'Connection refused'"
2270 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2271 log_test_addr ${a} $? 1 "No server, device client"
2272 done
2273
2274 for a in ${NSA_IP6} ${VRF_IP6} ::1
2275 do
2276 log_start
2277 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2278 sleep 1
2279 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2280 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2281 done
2282
2283 a=${NSA_IP6}
2284 log_start
2285 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2286 sleep 1
2287 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2288 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2289
2290 a=${NSA_IP6}
2291 log_start
2292 show_hint "Should fail since unbound client is out of VRF scope"
2293 run_cmd nettest -6 -s -d ${VRF} &
2294 sleep 1
2295 run_cmd nettest -6 -r ${a}
2296 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2297
2298 log_start
2299 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2300 sleep 1
2301 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2302 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2303
2304 for a in ${NSA_IP6} ${NSA_LINKIP6}
2305 do
2306 log_start
2307 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2308 sleep 1
2309 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2310 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2311 done
2312}
2313
2314ipv6_tcp()
2315{
2316 log_section "IPv6/TCP"
2317
2318 which nettest >/dev/null
2319 if [ $? -ne 0 ]; then
2320 log_error "nettest not found; skipping tests"
2321 return
2322 fi
2323
2324 log_subsection "No VRF"
2325 setup
2326
2327 # tcp_l3mdev_accept should have no affect without VRF;
2328 # run tests with it enabled and disabled to verify
2329 log_subsection "tcp_l3mdev_accept disabled"
2330 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2331 ipv6_tcp_novrf
2332 log_subsection "tcp_l3mdev_accept enabled"
2333 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2334 ipv6_tcp_novrf
2335
2336 log_subsection "With VRF"
2337 setup "yes"
2338 ipv6_tcp_vrf
2339}
2340
2341################################################################################
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2342# IPv6 UDP
2343
2344ipv6_udp_novrf()
2345{
2346 local a
2347
2348 #
2349 # server tests
2350 #
2351 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2352 do
2353 log_start
2354 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2355 sleep 1
2356 run_cmd_nsb nettest -6 -D -r ${a}
2357 log_test_addr ${a} $? 0 "Global server"
2358
2359 log_start
2360 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2361 sleep 1
2362 run_cmd_nsb nettest -6 -D -r ${a}
2363 log_test_addr ${a} $? 0 "Device server"
2364 done
2365
2366 a=${NSA_LO_IP6}
2367 log_start
2368 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2369 sleep 1
2370 run_cmd_nsb nettest -6 -D -r ${a}
2371 log_test_addr ${a} $? 0 "Global server"
2372
2373 # should fail since loopback address is out of scope for a device
2374 # bound server, but it does not - hence this is more documenting
2375 # behavior.
2376 #log_start
2377 #show_hint "Should fail since loopback address is out of scope"
2378 #run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2379 #sleep 1
2380 #run_cmd_nsb nettest -6 -D -r ${a}
2381 #log_test_addr ${a} $? 1 "Device server"
2382
2383 # negative test - should fail
2384 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2385 do
2386 log_start
2387 show_hint "Should fail 'Connection refused' since there is no server"
2388 run_cmd_nsb nettest -6 -D -r ${a}
2389 log_test_addr ${a} $? 1 "No server"
2390 done
2391
2392 #
2393 # client
2394 #
2395 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2396 do
2397 log_start
2398 run_cmd_nsb nettest -6 -D -s &
2399 sleep 1
2400 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2401 log_test_addr ${a} $? 0 "Client"
2402
2403 log_start
2404 run_cmd_nsb nettest -6 -D -s &
2405 sleep 1
2406 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2407 log_test_addr ${a} $? 0 "Client, device bind"
2408
2409 log_start
2410 run_cmd_nsb nettest -6 -D -s &
2411 sleep 1
2412 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2413 log_test_addr ${a} $? 0 "Client, device send via cmsg"
2414
2415 log_start
2416 run_cmd_nsb nettest -6 -D -s &
2417 sleep 1
2418 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2419 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
2420
2421 log_start
2422 show_hint "Should fail 'Connection refused'"
2423 run_cmd nettest -6 -D -r ${a}
2424 log_test_addr ${a} $? 1 "No server, unbound client"
2425
2426 log_start
2427 show_hint "Should fail 'Connection refused'"
2428 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2429 log_test_addr ${a} $? 1 "No server, device client"
2430 done
2431
2432 #
2433 # local address tests
2434 #
2435 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2436 do
2437 log_start
2438 run_cmd nettest -6 -D -s &
2439 sleep 1
2440 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
2441 log_test_addr ${a} $? 0 "Global server, local connection"
2442 done
2443
2444 a=${NSA_IP6}
2445 log_start
2446 run_cmd nettest -6 -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
2447 sleep 1
2448 run_cmd nettest -6 -D -r ${a}
2449 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2450
2451 for a in ${NSA_LO_IP6} ::1
2452 do
2453 log_start
2454 show_hint "Should fail 'Connection refused' since address is out of device scope"
2455 run_cmd nettest -6 -s -D -d ${NSA_DEV} &
2456 sleep 1
2457 run_cmd nettest -6 -D -r ${a}
2458 log_test_addr ${a} $? 1 "Device server, local connection"
2459 done
2460
2461 a=${NSA_IP6}
2462 log_start
2463 run_cmd nettest -6 -s -D &
2464 sleep 1
2465 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2466 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2467
2468 log_start
2469 run_cmd nettest -6 -s -D &
2470 sleep 1
2471 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
2472 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
2473
2474 log_start
2475 run_cmd nettest -6 -s -D &
2476 sleep 1
2477 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
2478 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
2479
2480 for a in ${NSA_LO_IP6} ::1
2481 do
2482 log_start
2483 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2484 run_cmd nettest -6 -D -s &
2485 sleep 1
2486 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2487 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2488
2489 log_start
2490 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2491 run_cmd nettest -6 -D -s &
2492 sleep 1
2493 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
2494 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
2495
2496 log_start
2497 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2498 run_cmd nettest -6 -D -s &
2499 sleep 1
2500 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
2501 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
2502 done
2503
2504 a=${NSA_IP6}
2505 log_start
2506 run_cmd nettest -6 -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2507 sleep 1
2508 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
2509 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2510
2511 log_start
2512 show_hint "Should fail 'Connection refused'"
2513 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2514 log_test_addr ${a} $? 1 "No server, device client, local conn"
2515
2516 # LLA to GUA
2517 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2518 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
2519 log_start
2520 run_cmd nettest -6 -s -D &
2521 sleep 1
2522 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
2523 log_test $? 0 "UDP in - LLA to GUA"
2524
2525 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
2526 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
2527}
2528
2529ipv6_udp_vrf()
2530{
2531 local a
2532
2533 # disable global server
2534 log_subsection "Global server disabled"
2535 set_sysctl net.ipv4.udp_l3mdev_accept=0
2536
2537 #
2538 # server tests
2539 #
2540 for a in ${NSA_IP6} ${VRF_IP6}
2541 do
2542 log_start
2543 show_hint "Should fail 'Connection refused' since global server is disabled"
2544 run_cmd nettest -6 -D -s &
2545 sleep 1
2546 run_cmd_nsb nettest -6 -D -r ${a}
2547 log_test_addr ${a} $? 1 "Global server"
2548 done
2549
2550 for a in ${NSA_IP6} ${VRF_IP6}
2551 do
2552 log_start
2553 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2554 sleep 1
2555 run_cmd_nsb nettest -6 -D -r ${a}
2556 log_test_addr ${a} $? 0 "VRF server"
2557 done
2558
2559 for a in ${NSA_IP6} ${VRF_IP6}
2560 do
2561 log_start
2562 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2563 sleep 1
2564 run_cmd_nsb nettest -6 -D -r ${a}
2565 log_test_addr ${a} $? 0 "Enslaved device server"
2566 done
2567
2568 # negative test - should fail
2569 for a in ${NSA_IP6} ${VRF_IP6}
2570 do
2571 log_start
2572 show_hint "Should fail 'Connection refused' since there is no server"
2573 run_cmd_nsb nettest -6 -D -r ${a}
2574 log_test_addr ${a} $? 1 "No server"
2575 done
2576
2577 #
2578 # local address tests
2579 #
2580 for a in ${NSA_IP6} ${VRF_IP6}
2581 do
2582 log_start
2583 show_hint "Should fail 'Connection refused' since global server is disabled"
2584 run_cmd nettest -6 -D -s &
2585 sleep 1
2586 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2587 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
2588 done
2589
2590 for a in ${NSA_IP6} ${VRF_IP6}
2591 do
2592 log_start
2593 run_cmd nettest -6 -D -d ${VRF} -s &
2594 sleep 1
2595 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2596 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
2597 done
2598
2599 a=${NSA_IP6}
2600 log_start
2601 show_hint "Should fail 'Connection refused' since global server is disabled"
2602 run_cmd nettest -6 -D -s &
2603 sleep 1
2604 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2605 log_test_addr ${a} $? 1 "Global server, device client, local conn"
2606
2607 log_start
2608 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2609 sleep 1
2610 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2611 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
2612
2613 log_start
2614 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2615 sleep 1
2616 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2617 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
2618
2619 log_start
2620 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2621 sleep 1
2622 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2623 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
2624
2625 # disable global server
2626 log_subsection "Global server enabled"
2627 set_sysctl net.ipv4.udp_l3mdev_accept=1
2628
2629 #
2630 # server tests
2631 #
2632 for a in ${NSA_IP6} ${VRF_IP6}
2633 do
2634 log_start
2635 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2636 sleep 1
2637 run_cmd_nsb nettest -6 -D -r ${a}
2638 log_test_addr ${a} $? 0 "Global server"
2639 done
2640
2641 for a in ${NSA_IP6} ${VRF_IP6}
2642 do
2643 log_start
2644 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2645 sleep 1
2646 run_cmd_nsb nettest -6 -D -r ${a}
2647 log_test_addr ${a} $? 0 "VRF server"
2648 done
2649
2650 for a in ${NSA_IP6} ${VRF_IP6}
2651 do
2652 log_start
2653 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2654 sleep 1
2655 run_cmd_nsb nettest -6 -D -r ${a}
2656 log_test_addr ${a} $? 0 "Enslaved device server"
2657 done
2658
2659 # negative test - should fail
2660 for a in ${NSA_IP6} ${VRF_IP6}
2661 do
2662 log_start
2663 run_cmd_nsb nettest -6 -D -r ${a}
2664 log_test_addr ${a} $? 1 "No server"
2665 done
2666
2667 #
2668 # client tests
2669 #
2670 log_start
2671 run_cmd_nsb nettest -6 -D -s &
2672 sleep 1
2673 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
2674 log_test $? 0 "VRF client"
2675
2676 # negative test - should fail
2677 log_start
2678 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
2679 log_test $? 1 "No server, VRF client"
2680
2681 log_start
2682 run_cmd_nsb nettest -6 -D -s &
2683 sleep 1
2684 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
2685 log_test $? 0 "Enslaved device client"
2686
2687 # negative test - should fail
2688 log_start
2689 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
2690 log_test $? 1 "No server, enslaved device client"
2691
2692 #
2693 # local address tests
2694 #
2695 a=${NSA_IP6}
2696 log_start
2697 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2698 sleep 1
2699 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2700 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
2701
2702 #log_start
2703 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2704 sleep 1
2705 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2706 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
2707
2708
2709 a=${VRF_IP6}
2710 log_start
2711 run_cmd nettest -6 -D -s -2 ${VRF} &
2712 sleep 1
2713 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2714 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
2715
2716 log_start
2717 run_cmd nettest -6 -D -d ${VRF} -s -2 ${VRF} &
2718 sleep 1
2719 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2720 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
2721
2722 # negative test - should fail
2723 for a in ${NSA_IP6} ${VRF_IP6}
2724 do
2725 log_start
2726 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2727 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
2728 done
2729
2730 # device to global IP
2731 a=${NSA_IP6}
2732 log_start
2733 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2734 sleep 1
2735 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2736 log_test_addr ${a} $? 0 "Global server, device client, local conn"
2737
2738 log_start
2739 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2740 sleep 1
2741 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2742 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
2743
2744 log_start
2745 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2746 sleep 1
2747 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2748 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
2749
2750 log_start
2751 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2752 sleep 1
2753 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2754 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2755
2756 log_start
2757 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2758 log_test_addr ${a} $? 1 "No server, device client, local conn"
2759
2760
2761 # link local addresses
2762 log_start
2763 run_cmd nettest -6 -D -s &
2764 sleep 1
2765 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
2766 log_test $? 0 "Global server, linklocal IP"
2767
2768 log_start
2769 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
2770 log_test $? 1 "No server, linklocal IP"
2771
2772
2773 log_start
2774 run_cmd_nsb nettest -6 -D -s &
2775 sleep 1
2776 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
2777 log_test $? 0 "Enslaved device client, linklocal IP"
2778
2779 log_start
2780 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
2781 log_test $? 1 "No server, device client, peer linklocal IP"
2782
2783
2784 log_start
2785 run_cmd nettest -6 -D -s &
2786 sleep 1
2787 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
2788 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
2789
2790 log_start
2791 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
2792 log_test $? 1 "No server, device client, local conn - linklocal IP"
2793
2794 # LLA to GUA
2795 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2796 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
2797 log_start
2798 run_cmd nettest -6 -s -D &
2799 sleep 1
2800 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
2801 log_test $? 0 "UDP in - LLA to GUA"
2802
2803 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
2804 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
2805}
2806
2807ipv6_udp()
2808{
2809 # should not matter, but set to known state
2810 set_sysctl net.ipv4.udp_early_demux=1
2811
2812 log_section "IPv6/UDP"
2813 log_subsection "No VRF"
2814 setup
2815
2816 # udp_l3mdev_accept should have no affect without VRF;
2817 # run tests with it enabled and disabled to verify
2818 log_subsection "udp_l3mdev_accept disabled"
2819 set_sysctl net.ipv4.udp_l3mdev_accept=0
2820 ipv6_udp_novrf
2821 log_subsection "udp_l3mdev_accept enabled"
2822 set_sysctl net.ipv4.udp_l3mdev_accept=1
2823 ipv6_udp_novrf
2824
2825 log_subsection "With VRF"
2826 setup "yes"
2827 ipv6_udp_vrf
2828}
2829
2830################################################################################
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]2831# IPv6 address bind
2832
2833ipv6_addr_bind_novrf()
2834{
2835 #
2836 # raw socket
2837 #
2838 for a in ${NSA_IP6} ${NSA_LO_IP6}
2839 do
2840 log_start
2841 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
2842 log_test_addr ${a} $? 0 "Raw socket bind to local address"
2843
2844 log_start
2845 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
2846 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
2847 done
2848
2849 #
2850 # tcp sockets
2851 #
2852 a=${NSA_IP6}
2853 log_start
2854 run_cmd nettest -6 -s -l ${a} -t1 -b
2855 log_test_addr ${a} $? 0 "TCP socket bind to local address"
2856
2857 log_start
2858 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2859 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
2860
2861 a=${NSA_LO_IP6}
2862 log_start
2863 show_hint "Should fail with 'Cannot assign requested address'"
2864 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2865 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
2866}
2867
2868ipv6_addr_bind_vrf()
2869{
2870 #
2871 # raw socket
2872 #
2873 for a in ${NSA_IP6} ${VRF_IP6}
2874 do
2875 log_start
2876 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
2877 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
2878
2879 log_start
2880 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
2881 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
2882 done
2883
2884 a=${NSA_LO_IP6}
2885 log_start
2886 show_hint "Address on loopback is out of VRF scope"
2887 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
2888 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
2889
2890 #
2891 # tcp sockets
2892 #
2893 # address on enslaved device is valid for the VRF or device in a VRF
2894 for a in ${NSA_IP6} ${VRF_IP6}
2895 do
2896 log_start
2897 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
2898 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
2899 done
2900
2901 a=${NSA_IP6}
2902 log_start
2903 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2904 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
2905
2906 a=${VRF_IP6}
2907 log_start
2908 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2909 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind"
2910
2911 a=${NSA_LO_IP6}
2912 log_start
2913 show_hint "Address on loopback out of scope for VRF"
2914 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
2915 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
2916
2917 log_start
2918 show_hint "Address on loopback out of scope for device in VRF"
2919 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2920 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
2921
2922}
2923
2924ipv6_addr_bind()
2925{
2926 log_section "IPv6 address binds"
2927
2928 log_subsection "No VRF"
2929 setup
2930 ipv6_addr_bind_novrf
2931
2932 log_subsection "With VRF"
2933 setup "yes"
2934 ipv6_addr_bind_vrf
2935}
2936
2937################################################################################
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame^]2938# IPv6 runtime tests
2939
2940ipv6_rt()
2941{
2942 local desc="$1"
2943 local varg="-6 $2"
2944 local with_vrf="yes"
2945 local a
2946
2947 #
2948 # server tests
2949 #
2950 for a in ${NSA_IP6} ${VRF_IP6}
2951 do
2952 log_start
2953 run_cmd nettest ${varg} -s &
2954 sleep 1
2955 run_cmd_nsb nettest ${varg} -r ${a} &
2956 sleep 3
2957 run_cmd ip link del ${VRF}
2958 sleep 1
2959 log_test_addr ${a} 0 0 "${desc}, global server"
2960
2961 setup ${with_vrf}
2962 done
2963
2964 for a in ${NSA_IP6} ${VRF_IP6}
2965 do
2966 log_start
2967 run_cmd nettest ${varg} -d ${VRF} -s &
2968 sleep 1
2969 run_cmd_nsb nettest ${varg} -r ${a} &
2970 sleep 3
2971 run_cmd ip link del ${VRF}
2972 sleep 1
2973 log_test_addr ${a} 0 0 "${desc}, VRF server"
2974
2975 setup ${with_vrf}
2976 done
2977
2978 for a in ${NSA_IP6} ${VRF_IP6}
2979 do
2980 log_start
2981 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
2982 sleep 1
2983 run_cmd_nsb nettest ${varg} -r ${a} &
2984 sleep 3
2985 run_cmd ip link del ${VRF}
2986 sleep 1
2987 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
2988
2989 setup ${with_vrf}
2990 done
2991
2992 #
2993 # client test
2994 #
2995 log_start
2996 run_cmd_nsb nettest ${varg} -s &
2997 sleep 1
2998 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
2999 sleep 3
3000 run_cmd ip link del ${VRF}
3001 sleep 1
3002 log_test 0 0 "${desc}, VRF client"
3003
3004 setup ${with_vrf}
3005
3006 log_start
3007 run_cmd_nsb nettest ${varg} -s &
3008 sleep 1
3009 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3010 sleep 3
3011 run_cmd ip link del ${VRF}
3012 sleep 1
3013 log_test 0 0 "${desc}, enslaved device client"
3014
3015 setup ${with_vrf}
3016
3017
3018 #
3019 # local address tests
3020 #
3021 for a in ${NSA_IP6} ${VRF_IP6}
3022 do
3023 log_start
3024 run_cmd nettest ${varg} -s &
3025 sleep 1
3026 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3027 sleep 3
3028 run_cmd ip link del ${VRF}
3029 sleep 1
3030 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3031
3032 setup ${with_vrf}
3033 done
3034
3035 for a in ${NSA_IP6} ${VRF_IP6}
3036 do
3037 log_start
3038 run_cmd nettest ${varg} -d ${VRF} -s &
3039 sleep 1
3040 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3041 sleep 3
3042 run_cmd ip link del ${VRF}
3043 sleep 1
3044 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3045
3046 setup ${with_vrf}
3047 done
3048
3049 a=${NSA_IP6}
3050 log_start
3051 run_cmd nettest ${varg} -s &
3052 sleep 1
3053 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3054 sleep 3
3055 run_cmd ip link del ${VRF}
3056 sleep 1
3057 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3058
3059 setup ${with_vrf}
3060
3061 log_start
3062 run_cmd nettest ${varg} -d ${VRF} -s &
3063 sleep 1
3064 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3065 sleep 3
3066 run_cmd ip link del ${VRF}
3067 sleep 1
3068 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3069
3070 setup ${with_vrf}
3071
3072 log_start
3073 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
3074 sleep 1
3075 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3076 sleep 3
3077 run_cmd ip link del ${VRF}
3078 sleep 1
3079 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3080}
3081
3082ipv6_ping_rt()
3083{
3084 local with_vrf="yes"
3085 local a
3086
3087 a=${NSA_IP6}
3088 log_start
3089 run_cmd_nsb ${ping6} -f ${a} &
3090 sleep 3
3091 run_cmd ip link del ${VRF}
3092 sleep 1
3093 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3094
3095 setup ${with_vrf}
3096
3097 log_start
3098 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3099 sleep 1
3100 run_cmd ip link del ${VRF}
3101 sleep 1
3102 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3103}
3104
3105ipv6_runtime()
3106{
3107 log_section "Run time tests - ipv6"
3108
3109 setup "yes"
3110 ipv6_ping_rt
3111
3112 setup "yes"
3113 ipv6_rt "TCP active socket" "-n -1"
3114
3115 setup "yes"
3116 ipv6_rt "TCP passive socket" "-i"
3117
3118 setup "yes"
3119 ipv6_rt "UDP active socket" "-D -n -1"
3120}
3121
3122################################################################################
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]3123# usage
3124
3125usage()
3126{
3127 cat <<EOF
3128usage: ${0##*/} OPTS
3129
3130 -4 IPv4 tests only
3131 -6 IPv6 tests only
3132 -t <test> Test name/set to run
3133 -p Pause on fail
3134 -P Pause after each test
3135 -v Be verbose
3136EOF
3137}
3138
3139################################################################################
3140# main
3141
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]3142TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime"
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame^]3143TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime"
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]3144PAUSE_ON_FAIL=no
3145PAUSE=no
3146
3147while getopts :46t:pPvh o
3148do
3149 case $o in
3150 4) TESTS=ipv4;;
3151 6) TESTS=ipv6;;
3152 t) TESTS=$OPTARG;;
3153 p) PAUSE_ON_FAIL=yes;;
3154 P) PAUSE=yes;;
3155 v) VERBOSE=1;;
3156 h) usage; exit 0;;
3157 *) usage; exit 1;;
3158 esac
3159done
3160
3161# make sure we don't pause twice
3162[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
3163
3164#
3165# show user test config
3166#
3167if [ -z "$TESTS" ]; then
3168 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
3169elif [ "$TESTS" = "ipv4" ]; then
3170 TESTS="$TESTS_IPV4"
3171elif [ "$TESTS" = "ipv6" ]; then
3172 TESTS="$TESTS_IPV6"
3173fi
3174
3175declare -i nfail=0
3176declare -i nsuccess=0
3177
3178for t in $TESTS
3179do
3180 case $t in
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]3181 ipv4_ping|ping) ipv4_ping;;
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]3182 ipv4_tcp|tcp) ipv4_tcp;;
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]3183 ipv4_udp|udp) ipv4_udp;;
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]3184 ipv4_bind|bind) ipv4_addr_bind;;
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]3185 ipv4_runtime) ipv4_runtime;;
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]3186
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]3187 ipv6_ping|ping6) ipv6_ping;;
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]3188 ipv6_tcp|tcp6) ipv6_tcp;;
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3189 ipv6_udp|udp6) ipv6_udp;;
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3190 ipv6_bind|bind6) ipv6_addr_bind;;
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame^]3191 ipv6_runtime) ipv6_runtime;;
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]3192
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]3193 # setup namespaces and config, but do not run any tests
3194 setup) setup; exit 0;;
3195 vrf_setup) setup "yes"; exit 0;;
3196
3197 help) echo "Test names: $TESTS"; exit 0;;
3198 esac
3199done
3200
3201cleanup 2>/dev/null
3202
3203printf "\nTests passed: %3d\n" ${nsuccess}
3204printf "Tests failed: %3d\n" ${nfail}