Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / a254a9da455c171441ab3a76ed8f5d1e9412e15f / . / tools / testing / selftests / net / fcnal-test.sh
blob: 3f4c8cfe7aca84f92012cdb92e3040c137a74e31 [file] [log] [blame]
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5#
6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7# for various permutations:
8# 1. icmp, tcp, udp and netfilter
9# 2. client, server, no-server
10# 3. global address on interface
11# 4. global address on 'lo'
12# 5. remote and local traffic
13# 6. VRF and non-VRF permutations
14#
15# Setup:
16# ns-A | ns-B
17# No VRF case:
18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
19# remote address
20# VRF case:
21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
22#
23# ns-A:
24# eth1: 172.16.1.1/24, 2001:db8:1::1/64
25# lo: 127.0.0.1/8, ::1/128
26# 172.16.2.1/32, 2001:db8:2::1/128
27# red: 127.0.0.1/8, ::1/128
28# 172.16.3.1/32, 2001:db8:3::1/128
29#
30# ns-B:
31# eth1: 172.16.1.2/24, 2001:db8:1::2/64
32# lo2: 127.0.0.1/8, ::1/128
33# 172.16.2.2/32, 2001:db8:2::2/128
34#
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]35# ns-A to ns-C connection - only for VRF and same config
36# as ns-A to ns-B
37#
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]38# server / client nomenclature relative to ns-A
39
Po-Hsu Lin7844ec22021-08-23 16:58:54 +0800[diff] [blame]40# Kselftest framework requirement - SKIP code is 4.
41ksft_skip=4
42
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]43VERBOSE=0
44
45NSA_DEV=eth1
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]46NSA_DEV2=eth2
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]47NSB_DEV=eth1
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]48NSC_DEV=eth2
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]49VRF=red
50VRF_TABLE=1101
51
52# IPv4 config
53NSA_IP=172.16.1.1
54NSB_IP=172.16.1.2
55VRF_IP=172.16.3.1
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]56NS_NET=172.16.1.0/24
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]57
58# IPv6 config
59NSA_IP6=2001:db8:1::1
60NSB_IP6=2001:db8:1::2
61VRF_IP6=2001:db8:3::1
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]62NS_NET6=2001:db8:1::/120
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]63
64NSA_LO_IP=172.16.2.1
65NSB_LO_IP=172.16.2.2
66NSA_LO_IP6=2001:db8:2::1
67NSB_LO_IP6=2001:db8:2::2
68
Riccardo Paolo Bestetti8ff978b2021-11-17 10:00:11 +0100[diff] [blame]69# non-local addresses for freebind tests
70NL_IP=172.17.1.1
71NL_IP6=2001:db8:4::1
72
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]73MD5_PW=abc123
74MD5_WRONG_PW=abc1234
75
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]76MCAST=ff02::1
77# set after namespace create
78NSA_LINKIP6=
79NSB_LINKIP6=
80
81NSA=ns-A
82NSB=ns-B
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]83NSC=ns-C
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]84
85NSA_CMD="ip netns exec ${NSA}"
86NSB_CMD="ip netns exec ${NSB}"
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]87NSC_CMD="ip netns exec ${NSC}"
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]88
89which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
90
91################################################################################
92# utilities
93
94log_test()
95{
96 local rc=$1
97 local expected=$2
98 local msg="$3"
99
100 [ "${VERBOSE}" = "1" ] && echo
101
102 if [ ${rc} -eq ${expected} ]; then
103 nsuccess=$((nsuccess+1))
104 printf "TEST: %-70s [ OK ]\n" "${msg}"
105 else
106 nfail=$((nfail+1))
107 printf "TEST: %-70s [FAIL]\n" "${msg}"
108 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
109 echo
110 echo "hit enter to continue, 'q' to quit"
111 read a
112 [ "$a" = "q" ] && exit 1
113 fi
114 fi
115
116 if [ "${PAUSE}" = "yes" ]; then
117 echo
118 echo "hit enter to continue, 'q' to quit"
119 read a
120 [ "$a" = "q" ] && exit 1
121 fi
122
123 kill_procs
124}
125
126log_test_addr()
127{
128 local addr=$1
129 local rc=$2
130 local expected=$3
131 local msg="$4"
132 local astr
133
134 astr=$(addr2str ${addr})
135 log_test $rc $expected "$msg - ${astr}"
136}
137
138log_section()
139{
140 echo
141 echo "###########################################################################"
142 echo "$*"
143 echo "###########################################################################"
144 echo
145}
146
147log_subsection()
148{
149 echo
150 echo "#################################################################"
151 echo "$*"
152 echo
153}
154
155log_start()
156{
157 # make sure we have no test instances running
158 kill_procs
159
160 if [ "${VERBOSE}" = "1" ]; then
161 echo
162 echo "#######################################################"
163 fi
164}
165
166log_debug()
167{
168 if [ "${VERBOSE}" = "1" ]; then
169 echo
170 echo "$*"
171 echo
172 fi
173}
174
175show_hint()
176{
177 if [ "${VERBOSE}" = "1" ]; then
178 echo "HINT: $*"
179 echo
180 fi
181}
182
183kill_procs()
184{
185 killall nettest ping ping6 >/dev/null 2>&1
186 sleep 1
187}
188
189do_run_cmd()
190{
191 local cmd="$*"
192 local out
193
194 if [ "$VERBOSE" = "1" ]; then
195 echo "COMMAND: ${cmd}"
196 fi
197
198 out=$($cmd 2>&1)
199 rc=$?
200 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
201 echo "$out"
202 fi
203
204 return $rc
205}
206
207run_cmd()
208{
209 do_run_cmd ${NSA_CMD} $*
210}
211
212run_cmd_nsb()
213{
214 do_run_cmd ${NSB_CMD} $*
215}
216
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]217run_cmd_nsc()
218{
219 do_run_cmd ${NSC_CMD} $*
220}
221
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]222setup_cmd()
223{
224 local cmd="$*"
225 local rc
226
227 run_cmd ${cmd}
228 rc=$?
229 if [ $rc -ne 0 ]; then
230 # show user the command if not done so already
231 if [ "$VERBOSE" = "0" ]; then
232 echo "setup command: $cmd"
233 fi
234 echo "failed. stopping tests"
235 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
236 echo
237 echo "hit enter to continue"
238 read a
239 fi
240 exit $rc
241 fi
242}
243
244setup_cmd_nsb()
245{
246 local cmd="$*"
247 local rc
248
249 run_cmd_nsb ${cmd}
250 rc=$?
251 if [ $rc -ne 0 ]; then
252 # show user the command if not done so already
253 if [ "$VERBOSE" = "0" ]; then
254 echo "setup command: $cmd"
255 fi
256 echo "failed. stopping tests"
257 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
258 echo
259 echo "hit enter to continue"
260 read a
261 fi
262 exit $rc
263 fi
264}
265
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]266setup_cmd_nsc()
267{
268 local cmd="$*"
269 local rc
270
271 run_cmd_nsc ${cmd}
272 rc=$?
273 if [ $rc -ne 0 ]; then
274 # show user the command if not done so already
275 if [ "$VERBOSE" = "0" ]; then
276 echo "setup command: $cmd"
277 fi
278 echo "failed. stopping tests"
279 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
280 echo
281 echo "hit enter to continue"
282 read a
283 fi
284 exit $rc
285 fi
286}
287
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]288# set sysctl values in NS-A
289set_sysctl()
290{
291 echo "SYSCTL: $*"
292 echo
293 run_cmd sysctl -q -w $*
294}
295
Leonard Crestez64e40172021-10-15 10:26:07 +0300[diff] [blame]296# get sysctl values in NS-A
297get_sysctl()
298{
299 ${NSA_CMD} sysctl -n $*
300}
301
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]302################################################################################
303# Setup for tests
304
305addr2str()
306{
307 case "$1" in
308 127.0.0.1) echo "loopback";;
309 ::1) echo "IPv6 loopback";;
310
311 ${NSA_IP}) echo "ns-A IP";;
312 ${NSA_IP6}) echo "ns-A IPv6";;
313 ${NSA_LO_IP}) echo "ns-A loopback IP";;
314 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
315 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
316
317 ${NSB_IP}) echo "ns-B IP";;
318 ${NSB_IP6}) echo "ns-B IPv6";;
319 ${NSB_LO_IP}) echo "ns-B loopback IP";;
320 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
321 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
322
Riccardo Paolo Bestetti8ff978b2021-11-17 10:00:11 +0100[diff] [blame]323 ${NL_IP}) echo "nonlocal IP";;
324 ${NL_IP6}) echo "nonlocal IPv6";;
325
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]326 ${VRF_IP}) echo "VRF IP";;
327 ${VRF_IP6}) echo "VRF IPv6";;
328
329 ${MCAST}%*) echo "multicast IP";;
330
331 *) echo "unknown";;
332 esac
333}
334
335get_linklocal()
336{
337 local ns=$1
338 local dev=$2
339 local addr
340
341 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
342 awk '{
343 for (i = 3; i <= NF; ++i) {
344 if ($i ~ /^fe80/)
345 print $i
346 }
347 }'
348 )
349 addr=${addr/\/*}
350
351 [ -z "$addr" ] && return 1
352
353 echo $addr
354
355 return 0
356}
357
358################################################################################
359# create namespaces and vrf
360
361create_vrf()
362{
363 local ns=$1
364 local vrf=$2
365 local table=$3
366 local addr=$4
367 local addr6=$5
368
369 ip -netns ${ns} link add ${vrf} type vrf table ${table}
370 ip -netns ${ns} link set ${vrf} up
371 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
372 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
373
374 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
375 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
376 if [ "${addr}" != "-" ]; then
377 ip -netns ${ns} addr add dev ${vrf} ${addr}
378 fi
379 if [ "${addr6}" != "-" ]; then
380 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
381 fi
382
383 ip -netns ${ns} ru del pref 0
384 ip -netns ${ns} ru add pref 32765 from all lookup local
385 ip -netns ${ns} -6 ru del pref 0
386 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
387}
388
389create_ns()
390{
391 local ns=$1
392 local addr=$2
393 local addr6=$3
394
395 ip netns add ${ns}
396
397 ip -netns ${ns} link set lo up
398 if [ "${addr}" != "-" ]; then
399 ip -netns ${ns} addr add dev lo ${addr}
400 fi
401 if [ "${addr6}" != "-" ]; then
402 ip -netns ${ns} -6 addr add dev lo ${addr6}
403 fi
404
405 ip -netns ${ns} ro add unreachable default metric 8192
406 ip -netns ${ns} -6 ro add unreachable default metric 8192
407
408 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
409 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
410 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
411 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
412}
413
414# create veth pair to connect namespaces and apply addresses.
415connect_ns()
416{
417 local ns1=$1
418 local ns1_dev=$2
419 local ns1_addr=$3
420 local ns1_addr6=$4
421 local ns2=$5
422 local ns2_dev=$6
423 local ns2_addr=$7
424 local ns2_addr6=$8
425
426 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
427 ip -netns ${ns1} li set ${ns1_dev} up
428 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
429 ip -netns ${ns2} li set ${ns2_dev} up
430
431 if [ "${ns1_addr}" != "-" ]; then
432 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
433 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
434 fi
435
436 if [ "${ns1_addr6}" != "-" ]; then
437 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
438 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
439 fi
440}
441
442cleanup()
443{
444 # explicit cleanups to check those code paths
445 ip netns | grep -q ${NSA}
446 if [ $? -eq 0 ]; then
447 ip -netns ${NSA} link delete ${VRF}
448 ip -netns ${NSA} ro flush table ${VRF_TABLE}
449
450 ip -netns ${NSA} addr flush dev ${NSA_DEV}
451 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
452 ip -netns ${NSA} link set dev ${NSA_DEV} down
453 ip -netns ${NSA} link del dev ${NSA_DEV}
454
Florian Westphal1f83b832021-10-21 16:02:47 +0200[diff] [blame]455 ip netns pids ${NSA} | xargs kill 2>/dev/null
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]456 ip netns del ${NSA}
457 fi
458
Florian Westphal1f83b832021-10-21 16:02:47 +0200[diff] [blame]459 ip netns pids ${NSB} | xargs kill 2>/dev/null
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]460 ip netns del ${NSB}
Florian Westphal1f83b832021-10-21 16:02:47 +0200[diff] [blame]461 ip netns pids ${NSC} | xargs kill 2>/dev/null
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]462 ip netns del ${NSC} >/dev/null 2>&1
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]463}
464
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]465cleanup_vrf_dup()
466{
467 ip link del ${NSA_DEV2} >/dev/null 2>&1
468 ip netns pids ${NSC} | xargs kill 2>/dev/null
469 ip netns del ${NSC} >/dev/null 2>&1
470}
471
472setup_vrf_dup()
473{
474 # some VRF tests use ns-C which has the same config as
475 # ns-B but for a device NOT in the VRF
476 create_ns ${NSC} "-" "-"
477 connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
478 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
479}
480
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]481setup()
482{
483 local with_vrf=${1}
484
485 # make sure we are starting with a clean slate
486 kill_procs
487 cleanup 2>/dev/null
488
489 log_debug "Configuring network namespaces"
490 set -e
491
492 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
493 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
494 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
495 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
496
497 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
498 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
499
500 # tell ns-A how to get to remote addresses of ns-B
501 if [ "${with_vrf}" = "yes" ]; then
502 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
503
504 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
505 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
506 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
507
508 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
509 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
510 else
511 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
512 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
513 fi
514
515
516 # tell ns-B how to get to remote addresses of ns-A
517 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
518 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
519
520 set +e
521
522 sleep 1
523}
524
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]525setup_lla_only()
526{
527 # make sure we are starting with a clean slate
528 kill_procs
529 cleanup 2>/dev/null
530
531 log_debug "Configuring network namespaces"
532 set -e
533
534 create_ns ${NSA} "-" "-"
535 create_ns ${NSB} "-" "-"
536 create_ns ${NSC} "-" "-"
537 connect_ns ${NSA} ${NSA_DEV} "-" "-" \
538 ${NSB} ${NSB_DEV} "-" "-"
539 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
540 ${NSC} ${NSC_DEV} "-" "-"
541
542 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
543 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
544 NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV})
545
546 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
547 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
548 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
549
550 set +e
551
552 sleep 1
553}
554
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]555################################################################################
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]556# IPv4
557
558ipv4_ping_novrf()
559{
560 local a
561
562 #
563 # out
564 #
565 for a in ${NSB_IP} ${NSB_LO_IP}
566 do
567 log_start
568 run_cmd ping -c1 -w1 ${a}
569 log_test_addr ${a} $? 0 "ping out"
570
571 log_start
572 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
573 log_test_addr ${a} $? 0 "ping out, device bind"
574
575 log_start
576 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
577 log_test_addr ${a} $? 0 "ping out, address bind"
578 done
579
580 #
581 # in
582 #
583 for a in ${NSA_IP} ${NSA_LO_IP}
584 do
585 log_start
586 run_cmd_nsb ping -c1 -w1 ${a}
587 log_test_addr ${a} $? 0 "ping in"
588 done
589
590 #
591 # local traffic
592 #
593 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
594 do
595 log_start
596 run_cmd ping -c1 -w1 ${a}
597 log_test_addr ${a} $? 0 "ping local"
598 done
599
600 #
601 # local traffic, socket bound to device
602 #
603 # address on device
604 a=${NSA_IP}
605 log_start
606 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
607 log_test_addr ${a} $? 0 "ping local, device bind"
608
609 # loopback addresses not reachable from device bind
610 # fails in a really weird way though because ipv4 special cases
611 # route lookups with oif set.
612 for a in ${NSA_LO_IP} 127.0.0.1
613 do
614 log_start
615 show_hint "Fails since address on loopback device is out of device scope"
616 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
617 log_test_addr ${a} $? 1 "ping local, device bind"
618 done
619
620 #
621 # ip rule blocks reachability to remote address
622 #
623 log_start
624 setup_cmd ip rule add pref 32765 from all lookup local
625 setup_cmd ip rule del pref 0 from all lookup local
626 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
627 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
628
629 a=${NSB_LO_IP}
630 run_cmd ping -c1 -w1 ${a}
631 log_test_addr ${a} $? 2 "ping out, blocked by rule"
632
633 # NOTE: ipv4 actually allows the lookup to fail and yet still create
634 # a viable rtable if the oif (e.g., bind to device) is set, so this
635 # case succeeds despite the rule
636 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
637
638 a=${NSA_LO_IP}
639 log_start
640 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
641 run_cmd_nsb ping -c1 -w1 ${a}
642 log_test_addr ${a} $? 1 "ping in, blocked by rule"
643
644 [ "$VERBOSE" = "1" ] && echo
645 setup_cmd ip rule del pref 32765 from all lookup local
646 setup_cmd ip rule add pref 0 from all lookup local
647 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
648 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
649
650 #
651 # route blocks reachability to remote address
652 #
653 log_start
654 setup_cmd ip route replace unreachable ${NSB_LO_IP}
655 setup_cmd ip route replace unreachable ${NSB_IP}
656
657 a=${NSB_LO_IP}
658 run_cmd ping -c1 -w1 ${a}
659 log_test_addr ${a} $? 2 "ping out, blocked by route"
660
661 # NOTE: ipv4 actually allows the lookup to fail and yet still create
662 # a viable rtable if the oif (e.g., bind to device) is set, so this
663 # case succeeds despite not having a route for the address
664 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
665
666 a=${NSA_LO_IP}
667 log_start
668 show_hint "Response is dropped (or arp request is ignored) due to ip route"
669 run_cmd_nsb ping -c1 -w1 ${a}
670 log_test_addr ${a} $? 1 "ping in, blocked by route"
671
672 #
673 # remove 'remote' routes; fallback to default
674 #
675 log_start
676 setup_cmd ip ro del ${NSB_LO_IP}
677
678 a=${NSB_LO_IP}
679 run_cmd ping -c1 -w1 ${a}
680 log_test_addr ${a} $? 2 "ping out, unreachable default route"
681
682 # NOTE: ipv4 actually allows the lookup to fail and yet still create
683 # a viable rtable if the oif (e.g., bind to device) is set, so this
684 # case succeeds despite not having a route for the address
685 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
686}
687
688ipv4_ping_vrf()
689{
690 local a
691
692 # should default on; does not exist on older kernels
693 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
694
695 #
696 # out
697 #
698 for a in ${NSB_IP} ${NSB_LO_IP}
699 do
700 log_start
701 run_cmd ping -c1 -w1 -I ${VRF} ${a}
702 log_test_addr ${a} $? 0 "ping out, VRF bind"
703
704 log_start
705 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
706 log_test_addr ${a} $? 0 "ping out, device bind"
707
708 log_start
709 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
710 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
711
712 log_start
713 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
714 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
715 done
716
717 #
718 # in
719 #
720 for a in ${NSA_IP} ${VRF_IP}
721 do
722 log_start
723 run_cmd_nsb ping -c1 -w1 ${a}
724 log_test_addr ${a} $? 0 "ping in"
725 done
726
727 #
728 # local traffic, local address
729 #
730 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
731 do
732 log_start
733 show_hint "Source address should be ${a}"
734 run_cmd ping -c1 -w1 -I ${VRF} ${a}
735 log_test_addr ${a} $? 0 "ping local, VRF bind"
736 done
737
738 #
739 # local traffic, socket bound to device
740 #
741 # address on device
742 a=${NSA_IP}
743 log_start
744 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
745 log_test_addr ${a} $? 0 "ping local, device bind"
746
747 # vrf device is out of scope
748 for a in ${VRF_IP} 127.0.0.1
749 do
750 log_start
751 show_hint "Fails since address on vrf device is out of device scope"
752 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
753 log_test_addr ${a} $? 1 "ping local, device bind"
754 done
755
756 #
757 # ip rule blocks address
758 #
759 log_start
760 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
761 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
762
763 a=${NSB_LO_IP}
764 run_cmd ping -c1 -w1 -I ${VRF} ${a}
765 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
766
767 log_start
768 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
769 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
770
771 a=${NSA_LO_IP}
772 log_start
773 show_hint "Response lost due to ip rule"
774 run_cmd_nsb ping -c1 -w1 ${a}
775 log_test_addr ${a} $? 1 "ping in, blocked by rule"
776
777 [ "$VERBOSE" = "1" ] && echo
778 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
779 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
780
781 #
782 # remove 'remote' routes; fallback to default
783 #
784 log_start
785 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
786
787 a=${NSB_LO_IP}
788 run_cmd ping -c1 -w1 -I ${VRF} ${a}
789 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
790
791 log_start
792 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
793 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
794
795 a=${NSA_LO_IP}
796 log_start
797 show_hint "Response lost by unreachable route"
798 run_cmd_nsb ping -c1 -w1 ${a}
799 log_test_addr ${a} $? 1 "ping in, unreachable route"
800}
801
802ipv4_ping()
803{
804 log_section "IPv4 ping"
805
806 log_subsection "No VRF"
807 setup
808 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
809 ipv4_ping_novrf
810 setup
811 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
812 ipv4_ping_novrf
813
814 log_subsection "With VRF"
815 setup "yes"
816 ipv4_ping_vrf
817}
818
819################################################################################
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]820# IPv4 TCP
821
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]822#
823# MD5 tests without VRF
824#
825ipv4_tcp_md5_novrf()
826{
827 #
828 # single address
829 #
830
831 # basic use case
832 log_start
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]833 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]834 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]835 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]836 log_test $? 0 "MD5: Single address config"
837
838 # client sends MD5, server not configured
839 log_start
840 show_hint "Should timeout due to MD5 mismatch"
841 run_cmd nettest -s &
842 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]843 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]844 log_test $? 2 "MD5: Server no config, client uses password"
845
846 # wrong password
847 log_start
848 show_hint "Should timeout since client uses wrong password"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]849 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]850 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]851 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]852 log_test $? 2 "MD5: Client uses wrong password"
853
854 # client from different address
855 log_start
856 show_hint "Should timeout due to MD5 mismatch"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]857 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]858 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]859 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]860 log_test $? 2 "MD5: Client address does not match address configured with password"
861
862 #
863 # MD5 extension - prefix length
864 #
865
866 # client in prefix
867 log_start
868 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
869 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]870 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]871 log_test $? 0 "MD5: Prefix config"
872
873 # client in prefix, wrong password
874 log_start
875 show_hint "Should timeout since client uses wrong password"
876 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
877 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]878 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]879 log_test $? 2 "MD5: Prefix config, client uses wrong password"
880
881 # client outside of prefix
882 log_start
883 show_hint "Should timeout due to MD5 mismatch"
884 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
885 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]886 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]887 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
888}
889
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]890#
891# MD5 tests with VRF
892#
893ipv4_tcp_md5()
894{
895 #
896 # single address
897 #
898
899 # basic use case
900 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]901 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]902 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]903 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]904 log_test $? 0 "MD5: VRF: Single address config"
905
906 # client sends MD5, server not configured
907 log_start
908 show_hint "Should timeout since server does not have MD5 auth"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]909 run_cmd nettest -s -I ${VRF} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]910 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]911 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]912 log_test $? 2 "MD5: VRF: Server no config, client uses password"
913
914 # wrong password
915 log_start
916 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]917 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]918 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]919 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]920 log_test $? 2 "MD5: VRF: Client uses wrong password"
921
922 # client from different address
923 log_start
924 show_hint "Should timeout since server config differs from client"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]925 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]926 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]927 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]928 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
929
930 #
931 # MD5 extension - prefix length
932 #
933
934 # client in prefix
935 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]936 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]937 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]938 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]939 log_test $? 0 "MD5: VRF: Prefix config"
940
941 # client in prefix, wrong password
942 log_start
943 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]944 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]945 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]946 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]947 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
948
949 # client outside of prefix
950 log_start
951 show_hint "Should timeout since client address is outside of prefix"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]952 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]953 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]954 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]955 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
956
957 #
958 # duplicate config between default VRF and a VRF
959 #
960
961 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]962 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]963 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]964 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]965 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]966 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
967
968 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]969 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]970 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]971 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]972 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]973 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
974
975 log_start
976 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]977 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]978 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]979 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]980 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]981 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
982
983 log_start
984 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]985 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]986 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]987 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]988 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]989 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
990
991 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]992 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]993 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
994 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]995 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]996 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
997
998 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]999 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1000 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1001 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]1002 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1003 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
1004
1005 log_start
1006 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1007 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1008 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1009 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]1010 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1011 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
1012
1013 log_start
1014 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1015 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1016 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1017 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]1018 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1019 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
1020
1021 #
1022 # negative tests
1023 #
1024 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1025 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1026 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1027
1028 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1029 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1030 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1031
Leonard Crestez64e40172021-10-15 10:26:07 +0300[diff] [blame]1032 test_ipv4_md5_vrf__vrf_server__no_bind_ifindex
1033 test_ipv4_md5_vrf__global_server__bind_ifindex0
1034}
1035
1036test_ipv4_md5_vrf__vrf_server__no_bind_ifindex()
1037{
1038 log_start
1039 show_hint "Simulates applications using VRF without TCP_MD5SIG_FLAG_IFINDEX"
1040 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1041 sleep 1
1042 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1043 log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
1044
1045 log_start
1046 show_hint "Binding both the socket and the key is not required but it works"
1047 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1048 sleep 1
1049 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1050 log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
1051}
1052
1053test_ipv4_md5_vrf__global_server__bind_ifindex0()
1054{
1055 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1056 local old_tcp_l3mdev_accept
1057 old_tcp_l3mdev_accept=$(get_sysctl net.ipv4.tcp_l3mdev_accept)
1058 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1059
1060 log_start
1061 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1062 sleep 1
1063 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1064 log_test $? 2 "MD5: VRF: Global server, Key bound to ifindex=0 rejects VRF connection"
1065
1066 log_start
1067 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1068 sleep 1
1069 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1070 log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
1071 log_start
1072
1073 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1074 sleep 1
1075 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1076 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts VRF connection"
1077
1078 log_start
1079 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1080 sleep 1
1081 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1082 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
1083
1084 # restore value
1085 set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept"
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1086}
1087
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1088ipv4_tcp_novrf()
1089{
1090 local a
1091
1092 #
1093 # server tests
1094 #
1095 for a in ${NSA_IP} ${NSA_LO_IP}
1096 do
1097 log_start
1098 run_cmd nettest -s &
1099 sleep 1
1100 run_cmd_nsb nettest -r ${a}
1101 log_test_addr ${a} $? 0 "Global server"
1102 done
1103
1104 a=${NSA_IP}
1105 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1106 run_cmd nettest -s -I ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1107 sleep 1
1108 run_cmd_nsb nettest -r ${a}
1109 log_test_addr ${a} $? 0 "Device server"
1110
1111 # verify TCP reset sent and received
1112 for a in ${NSA_IP} ${NSA_LO_IP}
1113 do
1114 log_start
1115 show_hint "Should fail 'Connection refused' since there is no server"
1116 run_cmd_nsb nettest -r ${a}
1117 log_test_addr ${a} $? 1 "No server"
1118 done
1119
1120 #
1121 # client
1122 #
1123 for a in ${NSB_IP} ${NSB_LO_IP}
1124 do
1125 log_start
1126 run_cmd_nsb nettest -s &
1127 sleep 1
1128 run_cmd nettest -r ${a} -0 ${NSA_IP}
1129 log_test_addr ${a} $? 0 "Client"
1130
1131 log_start
1132 run_cmd_nsb nettest -s &
1133 sleep 1
1134 run_cmd nettest -r ${a} -d ${NSA_DEV}
1135 log_test_addr ${a} $? 0 "Client, device bind"
1136
1137 log_start
1138 show_hint "Should fail 'Connection refused'"
1139 run_cmd nettest -r ${a}
1140 log_test_addr ${a} $? 1 "No server, unbound client"
1141
1142 log_start
1143 show_hint "Should fail 'Connection refused'"
1144 run_cmd nettest -r ${a} -d ${NSA_DEV}
1145 log_test_addr ${a} $? 1 "No server, device client"
1146 done
1147
1148 #
1149 # local address tests
1150 #
1151 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1152 do
1153 log_start
1154 run_cmd nettest -s &
1155 sleep 1
1156 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1157 log_test_addr ${a} $? 0 "Global server, local connection"
1158 done
1159
1160 a=${NSA_IP}
1161 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1162 run_cmd nettest -s -I ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1163 sleep 1
1164 run_cmd nettest -r ${a} -0 ${a}
1165 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1166
1167 for a in ${NSA_LO_IP} 127.0.0.1
1168 do
1169 log_start
1170 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1171 run_cmd nettest -s -I ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1172 sleep 1
1173 run_cmd nettest -r ${a}
1174 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1175 done
1176
1177 a=${NSA_IP}
1178 log_start
1179 run_cmd nettest -s &
1180 sleep 1
1181 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1182 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1183
1184 for a in ${NSA_LO_IP} 127.0.0.1
1185 do
1186 log_start
1187 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
1188 run_cmd nettest -s &
1189 sleep 1
1190 run_cmd nettest -r ${a} -d ${NSA_DEV}
1191 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1192 done
1193
1194 a=${NSA_IP}
1195 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1196 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1197 sleep 1
1198 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1199 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1200
1201 log_start
1202 show_hint "Should fail 'Connection refused'"
1203 run_cmd nettest -d ${NSA_DEV} -r ${a}
1204 log_test_addr ${a} $? 1 "No server, device client, local conn"
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]1205
1206 ipv4_tcp_md5_novrf
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1207}
1208
1209ipv4_tcp_vrf()
1210{
1211 local a
1212
1213 # disable global server
1214 log_subsection "Global server disabled"
1215
1216 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1217
1218 #
1219 # server tests
1220 #
1221 for a in ${NSA_IP} ${VRF_IP}
1222 do
1223 log_start
1224 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1225 run_cmd nettest -s &
1226 sleep 1
1227 run_cmd_nsb nettest -r ${a}
1228 log_test_addr ${a} $? 1 "Global server"
1229
1230 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1231 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1232 sleep 1
1233 run_cmd_nsb nettest -r ${a}
1234 log_test_addr ${a} $? 0 "VRF server"
1235
1236 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1237 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1238 sleep 1
1239 run_cmd_nsb nettest -r ${a}
1240 log_test_addr ${a} $? 0 "Device server"
1241
1242 # verify TCP reset received
1243 log_start
1244 show_hint "Should fail 'Connection refused' since there is no server"
1245 run_cmd_nsb nettest -r ${a}
1246 log_test_addr ${a} $? 1 "No server"
1247 done
1248
1249 # local address tests
1250 # (${VRF_IP} and 127.0.0.1 both timeout)
1251 a=${NSA_IP}
1252 log_start
1253 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1254 run_cmd nettest -s &
1255 sleep 1
1256 run_cmd nettest -r ${a} -d ${NSA_DEV}
1257 log_test_addr ${a} $? 1 "Global server, local connection"
1258
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1259 # run MD5 tests
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]1260 setup_vrf_dup
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1261 ipv4_tcp_md5
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]1262 cleanup_vrf_dup
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]1263
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1264 #
1265 # enable VRF global server
1266 #
1267 log_subsection "VRF Global server enabled"
1268 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1269
1270 for a in ${NSA_IP} ${VRF_IP}
1271 do
1272 log_start
1273 show_hint "client socket should be bound to VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1274 run_cmd nettest -s -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1275 sleep 1
1276 run_cmd_nsb nettest -r ${a}
1277 log_test_addr ${a} $? 0 "Global server"
1278
1279 log_start
1280 show_hint "client socket should be bound to VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1281 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1282 sleep 1
1283 run_cmd_nsb nettest -r ${a}
1284 log_test_addr ${a} $? 0 "VRF server"
1285
1286 # verify TCP reset received
1287 log_start
1288 show_hint "Should fail 'Connection refused'"
1289 run_cmd_nsb nettest -r ${a}
1290 log_test_addr ${a} $? 1 "No server"
1291 done
1292
1293 a=${NSA_IP}
1294 log_start
1295 show_hint "client socket should be bound to device"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1296 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1297 sleep 1
1298 run_cmd_nsb nettest -r ${a}
1299 log_test_addr ${a} $? 0 "Device server"
1300
1301 # local address tests
1302 for a in ${NSA_IP} ${VRF_IP}
1303 do
1304 log_start
David Ahern17aa23e2020-01-05 20:02:05 -0800[diff] [blame]1305 show_hint "Should fail 'Connection refused' since client is not bound to VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1306 run_cmd nettest -s -I ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1307 sleep 1
1308 run_cmd nettest -r ${a}
1309 log_test_addr ${a} $? 1 "Global server, local connection"
1310 done
1311
1312 #
1313 # client
1314 #
1315 for a in ${NSB_IP} ${NSB_LO_IP}
1316 do
1317 log_start
1318 run_cmd_nsb nettest -s &
1319 sleep 1
1320 run_cmd nettest -r ${a} -d ${VRF}
1321 log_test_addr ${a} $? 0 "Client, VRF bind"
1322
1323 log_start
1324 run_cmd_nsb nettest -s &
1325 sleep 1
1326 run_cmd nettest -r ${a} -d ${NSA_DEV}
1327 log_test_addr ${a} $? 0 "Client, device bind"
1328
1329 log_start
1330 show_hint "Should fail 'Connection refused'"
1331 run_cmd nettest -r ${a} -d ${VRF}
1332 log_test_addr ${a} $? 1 "No server, VRF client"
1333
1334 log_start
1335 show_hint "Should fail 'Connection refused'"
1336 run_cmd nettest -r ${a} -d ${NSA_DEV}
1337 log_test_addr ${a} $? 1 "No server, device client"
1338 done
1339
1340 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1341 do
1342 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1343 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1344 sleep 1
1345 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1346 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1347 done
1348
1349 a=${NSA_IP}
1350 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1351 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1352 sleep 1
1353 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1354 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1355
1356 log_start
1357 show_hint "Should fail 'No route to host' since client is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1358 run_cmd nettest -s -I ${VRF} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1359 sleep 1
1360 run_cmd nettest -r ${a}
1361 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1362
1363 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1364 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1365 sleep 1
1366 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1367 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1368
1369 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1370 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1371 sleep 1
1372 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1373 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1374}
1375
1376ipv4_tcp()
1377{
1378 log_section "IPv4/TCP"
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]1379 log_subsection "No VRF"
1380 setup
1381
1382 # tcp_l3mdev_accept should have no affect without VRF;
1383 # run tests with it enabled and disabled to verify
1384 log_subsection "tcp_l3mdev_accept disabled"
1385 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1386 ipv4_tcp_novrf
1387 log_subsection "tcp_l3mdev_accept enabled"
1388 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1389 ipv4_tcp_novrf
1390
1391 log_subsection "With VRF"
1392 setup "yes"
1393 ipv4_tcp_vrf
1394}
1395
1396################################################################################
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1397# IPv4 UDP
1398
1399ipv4_udp_novrf()
1400{
1401 local a
1402
1403 #
1404 # server tests
1405 #
1406 for a in ${NSA_IP} ${NSA_LO_IP}
1407 do
1408 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1409 run_cmd nettest -D -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1410 sleep 1
1411 run_cmd_nsb nettest -D -r ${a}
1412 log_test_addr ${a} $? 0 "Global server"
1413
1414 log_start
1415 show_hint "Should fail 'Connection refused' since there is no server"
1416 run_cmd_nsb nettest -D -r ${a}
1417 log_test_addr ${a} $? 1 "No server"
1418 done
1419
1420 a=${NSA_IP}
1421 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1422 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1423 sleep 1
1424 run_cmd_nsb nettest -D -r ${a}
1425 log_test_addr ${a} $? 0 "Device server"
1426
1427 #
1428 # client
1429 #
1430 for a in ${NSB_IP} ${NSB_LO_IP}
1431 do
1432 log_start
1433 run_cmd_nsb nettest -D -s &
1434 sleep 1
1435 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1436 log_test_addr ${a} $? 0 "Client"
1437
1438 log_start
1439 run_cmd_nsb nettest -D -s &
1440 sleep 1
1441 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1442 log_test_addr ${a} $? 0 "Client, device bind"
1443
1444 log_start
1445 run_cmd_nsb nettest -D -s &
1446 sleep 1
1447 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1448 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1449
1450 log_start
1451 run_cmd_nsb nettest -D -s &
1452 sleep 1
1453 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1454 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1455
1456 log_start
1457 show_hint "Should fail 'Connection refused'"
1458 run_cmd nettest -D -r ${a}
1459 log_test_addr ${a} $? 1 "No server, unbound client"
1460
1461 log_start
1462 show_hint "Should fail 'Connection refused'"
1463 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1464 log_test_addr ${a} $? 1 "No server, device client"
1465 done
1466
1467 #
1468 # local address tests
1469 #
1470 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1471 do
1472 log_start
1473 run_cmd nettest -D -s &
1474 sleep 1
1475 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1476 log_test_addr ${a} $? 0 "Global server, local connection"
1477 done
1478
1479 a=${NSA_IP}
1480 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1481 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1482 sleep 1
1483 run_cmd nettest -D -r ${a}
1484 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1485
1486 for a in ${NSA_LO_IP} 127.0.0.1
1487 do
1488 log_start
1489 show_hint "Should fail 'Connection refused' since address is out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1490 run_cmd nettest -s -D -I ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1491 sleep 1
1492 run_cmd nettest -D -r ${a}
1493 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1494 done
1495
1496 a=${NSA_IP}
1497 log_start
1498 run_cmd nettest -s -D &
1499 sleep 1
1500 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1501 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1502
1503 log_start
1504 run_cmd nettest -s -D &
1505 sleep 1
1506 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1507 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1508
1509 log_start
1510 run_cmd nettest -s -D &
1511 sleep 1
1512 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1513 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1514
1515 # IPv4 with device bind has really weird behavior - it overrides the
1516 # fib lookup, generates an rtable and tries to send the packet. This
1517 # causes failures for local traffic at different places
1518 for a in ${NSA_LO_IP} 127.0.0.1
1519 do
1520 log_start
1521 show_hint "Should fail since addresses on loopback are out of device scope"
1522 run_cmd nettest -D -s &
1523 sleep 1
1524 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1525 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1526
1527 log_start
1528 show_hint "Should fail since addresses on loopback are out of device scope"
1529 run_cmd nettest -D -s &
1530 sleep 1
1531 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1532 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1533
1534 log_start
1535 show_hint "Should fail since addresses on loopback are out of device scope"
1536 run_cmd nettest -D -s &
1537 sleep 1
1538 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1539 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1540 done
1541
1542 a=${NSA_IP}
1543 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1544 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1545 sleep 1
1546 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1547 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1548
1549 log_start
1550 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1551 log_test_addr ${a} $? 2 "No server, device client, local conn"
1552}
1553
1554ipv4_udp_vrf()
1555{
1556 local a
1557
1558 # disable global server
1559 log_subsection "Global server disabled"
1560 set_sysctl net.ipv4.udp_l3mdev_accept=0
1561
1562 #
1563 # server tests
1564 #
1565 for a in ${NSA_IP} ${VRF_IP}
1566 do
1567 log_start
1568 show_hint "Fails because ingress is in a VRF and global server is disabled"
1569 run_cmd nettest -D -s &
1570 sleep 1
1571 run_cmd_nsb nettest -D -r ${a}
1572 log_test_addr ${a} $? 1 "Global server"
1573
1574 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1575 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1576 sleep 1
1577 run_cmd_nsb nettest -D -r ${a}
1578 log_test_addr ${a} $? 0 "VRF server"
1579
1580 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1581 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1582 sleep 1
1583 run_cmd_nsb nettest -D -r ${a}
1584 log_test_addr ${a} $? 0 "Enslaved device server"
1585
1586 log_start
1587 show_hint "Should fail 'Connection refused' since there is no server"
1588 run_cmd_nsb nettest -D -r ${a}
1589 log_test_addr ${a} $? 1 "No server"
1590
1591 log_start
1592 show_hint "Should fail 'Connection refused' since global server is out of scope"
1593 run_cmd nettest -D -s &
1594 sleep 1
1595 run_cmd nettest -D -d ${VRF} -r ${a}
1596 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1597 done
1598
1599 a=${NSA_IP}
1600 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1601 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1602 sleep 1
1603 run_cmd nettest -D -d ${VRF} -r ${a}
1604 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1605
1606 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1607 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1608 sleep 1
1609 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1610 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1611
1612 a=${NSA_IP}
1613 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1614 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1615 sleep 1
1616 run_cmd nettest -D -d ${VRF} -r ${a}
1617 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1618
1619 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1620 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1621 sleep 1
1622 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1623 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1624
1625 # enable global server
1626 log_subsection "Global server enabled"
1627 set_sysctl net.ipv4.udp_l3mdev_accept=1
1628
1629 #
1630 # server tests
1631 #
1632 for a in ${NSA_IP} ${VRF_IP}
1633 do
1634 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1635 run_cmd nettest -D -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1636 sleep 1
1637 run_cmd_nsb nettest -D -r ${a}
1638 log_test_addr ${a} $? 0 "Global server"
1639
1640 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1641 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1642 sleep 1
1643 run_cmd_nsb nettest -D -r ${a}
1644 log_test_addr ${a} $? 0 "VRF server"
1645
1646 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1647 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1648 sleep 1
1649 run_cmd_nsb nettest -D -r ${a}
1650 log_test_addr ${a} $? 0 "Enslaved device server"
1651
1652 log_start
1653 show_hint "Should fail 'Connection refused'"
1654 run_cmd_nsb nettest -D -r ${a}
1655 log_test_addr ${a} $? 1 "No server"
1656 done
1657
1658 #
1659 # client tests
1660 #
1661 log_start
1662 run_cmd_nsb nettest -D -s &
1663 sleep 1
1664 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1665 log_test $? 0 "VRF client"
1666
1667 log_start
1668 run_cmd_nsb nettest -D -s &
1669 sleep 1
1670 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1671 log_test $? 0 "Enslaved device client"
1672
1673 # negative test - should fail
1674 log_start
1675 show_hint "Should fail 'Connection refused'"
1676 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1677 log_test $? 1 "No server, VRF client"
1678
1679 log_start
1680 show_hint "Should fail 'Connection refused'"
1681 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1682 log_test $? 1 "No server, enslaved device client"
1683
1684 #
1685 # local address tests
1686 #
1687 a=${NSA_IP}
1688 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1689 run_cmd nettest -D -s -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1690 sleep 1
1691 run_cmd nettest -D -d ${VRF} -r ${a}
1692 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1693
1694 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1695 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1696 sleep 1
1697 run_cmd nettest -D -d ${VRF} -r ${a}
1698 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1699
1700 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1701 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1702 sleep 1
1703 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1704 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1705
1706 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1707 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1708 sleep 1
1709 run_cmd nettest -D -d ${VRF} -r ${a}
1710 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1711
1712 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1713 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1714 sleep 1
1715 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1716 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1717
1718 for a in ${VRF_IP} 127.0.0.1
1719 do
1720 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1721 run_cmd nettest -D -s -3 ${VRF} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1722 sleep 1
1723 run_cmd nettest -D -d ${VRF} -r ${a}
1724 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1725 done
1726
1727 for a in ${VRF_IP} 127.0.0.1
1728 do
1729 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1730 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1731 sleep 1
1732 run_cmd nettest -D -d ${VRF} -r ${a}
1733 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1734 done
1735
1736 # negative test - should fail
1737 # verifies ECONNREFUSED
1738 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1739 do
1740 log_start
1741 show_hint "Should fail 'Connection refused'"
1742 run_cmd nettest -D -d ${VRF} -r ${a}
1743 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1744 done
1745}
1746
1747ipv4_udp()
1748{
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]1749 log_section "IPv4/UDP"
1750 log_subsection "No VRF"
1751
1752 setup
1753
1754 # udp_l3mdev_accept should have no affect without VRF;
1755 # run tests with it enabled and disabled to verify
1756 log_subsection "udp_l3mdev_accept disabled"
1757 set_sysctl net.ipv4.udp_l3mdev_accept=0
1758 ipv4_udp_novrf
1759 log_subsection "udp_l3mdev_accept enabled"
1760 set_sysctl net.ipv4.udp_l3mdev_accept=1
1761 ipv4_udp_novrf
1762
1763 log_subsection "With VRF"
1764 setup "yes"
1765 ipv4_udp_vrf
1766}
1767
1768################################################################################
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1769# IPv4 address bind
1770#
1771# verifies ability or inability to bind to an address / device
1772
1773ipv4_addr_bind_novrf()
1774{
1775 #
1776 # raw socket
1777 #
1778 for a in ${NSA_IP} ${NSA_LO_IP}
1779 do
1780 log_start
1781 run_cmd nettest -s -R -P icmp -l ${a} -b
1782 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1783
1784 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1785 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1786 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1787 done
1788
1789 #
Riccardo Paolo Bestetti8ff978b2021-11-17 10:00:11 +0100[diff] [blame]1790 # raw socket with nonlocal bind
1791 #
1792 a=${NL_IP}
1793 log_start
1794 run_cmd nettest -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
1795 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after device bind"
1796
1797 #
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1798 # tcp sockets
1799 #
1800 a=${NSA_IP}
1801 log_start
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]1802 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1803 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1804
1805 log_start
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]1806 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1807 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1808
1809 # Sadly, the kernel allows binding a socket to a device and then
1810 # binding to an address not on the device. The only restriction
1811 # is that the address is valid in the L3 domain. So this test
1812 # passes when it really should not
1813 #a=${NSA_LO_IP}
1814 #log_start
1815 #show_hint "Should fail with 'Cannot assign requested address'"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1816 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1817 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1818}
1819
1820ipv4_addr_bind_vrf()
1821{
1822 #
1823 # raw socket
1824 #
1825 for a in ${NSA_IP} ${VRF_IP}
1826 do
1827 log_start
David Ahern0f108ae2021-12-11 10:21:08 -0700[diff] [blame]1828 show_hint "Socket not bound to VRF, but address is in VRF"
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1829 run_cmd nettest -s -R -P icmp -l ${a} -b
David Ahern0f108ae2021-12-11 10:21:08 -0700[diff] [blame]1830 log_test_addr ${a} $? 1 "Raw socket bind to local address"
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1831
1832 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1833 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1834 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1835 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1836 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1837 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1838 done
1839
1840 a=${NSA_LO_IP}
1841 log_start
1842 show_hint "Address on loopback is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1843 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1844 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1845
1846 #
Riccardo Paolo Bestetti8ff978b2021-11-17 10:00:11 +0100[diff] [blame]1847 # raw socket with nonlocal bind
1848 #
1849 a=${NL_IP}
1850 log_start
1851 run_cmd nettest -s -R -P icmp -f -l ${a} -I ${VRF} -b
1852 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
1853
1854 #
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1855 # tcp sockets
1856 #
1857 for a in ${NSA_IP} ${VRF_IP}
1858 do
1859 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1860 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1861 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1862
1863 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1864 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1865 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1866 done
1867
1868 a=${NSA_LO_IP}
1869 log_start
1870 show_hint "Address on loopback out of scope for VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1871 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1872 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1873
1874 log_start
1875 show_hint "Address on loopback out of scope for device in VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1876 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]1877 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1878}
1879
1880ipv4_addr_bind()
1881{
1882 log_section "IPv4 address binds"
1883
1884 log_subsection "No VRF"
1885 setup
1886 ipv4_addr_bind_novrf
1887
1888 log_subsection "With VRF"
1889 setup "yes"
1890 ipv4_addr_bind_vrf
1891}
1892
1893################################################################################
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1894# IPv4 runtime tests
1895
1896ipv4_rt()
1897{
1898 local desc="$1"
1899 local varg="$2"
1900 local with_vrf="yes"
1901 local a
1902
1903 #
1904 # server tests
1905 #
1906 for a in ${NSA_IP} ${VRF_IP}
1907 do
1908 log_start
1909 run_cmd nettest ${varg} -s &
1910 sleep 1
1911 run_cmd_nsb nettest ${varg} -r ${a} &
1912 sleep 3
1913 run_cmd ip link del ${VRF}
1914 sleep 1
1915 log_test_addr ${a} 0 0 "${desc}, global server"
1916
1917 setup ${with_vrf}
1918 done
1919
1920 for a in ${NSA_IP} ${VRF_IP}
1921 do
1922 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1923 run_cmd nettest ${varg} -s -I ${VRF} &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1924 sleep 1
1925 run_cmd_nsb nettest ${varg} -r ${a} &
1926 sleep 3
1927 run_cmd ip link del ${VRF}
1928 sleep 1
1929 log_test_addr ${a} 0 0 "${desc}, VRF server"
1930
1931 setup ${with_vrf}
1932 done
1933
1934 a=${NSA_IP}
1935 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1936 run_cmd nettest ${varg} -s -I ${NSA_DEV} &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1937 sleep 1
1938 run_cmd_nsb nettest ${varg} -r ${a} &
1939 sleep 3
1940 run_cmd ip link del ${VRF}
1941 sleep 1
1942 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1943
1944 setup ${with_vrf}
1945
1946 #
1947 # client test
1948 #
1949 log_start
1950 run_cmd_nsb nettest ${varg} -s &
1951 sleep 1
1952 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
1953 sleep 3
1954 run_cmd ip link del ${VRF}
1955 sleep 1
1956 log_test_addr ${a} 0 0 "${desc}, VRF client"
1957
1958 setup ${with_vrf}
1959
1960 log_start
1961 run_cmd_nsb nettest ${varg} -s &
1962 sleep 1
1963 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1964 sleep 3
1965 run_cmd ip link del ${VRF}
1966 sleep 1
1967 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1968
1969 setup ${with_vrf}
1970
1971 #
1972 # local address tests
1973 #
1974 for a in ${NSA_IP} ${VRF_IP}
1975 do
1976 log_start
1977 run_cmd nettest ${varg} -s &
1978 sleep 1
1979 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1980 sleep 3
1981 run_cmd ip link del ${VRF}
1982 sleep 1
1983 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1984
1985 setup ${with_vrf}
1986 done
1987
1988 for a in ${NSA_IP} ${VRF_IP}
1989 do
1990 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]1991 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]1992 sleep 1
1993 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1994 sleep 3
1995 run_cmd ip link del ${VRF}
1996 sleep 1
1997 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1998
1999 setup ${with_vrf}
2000 done
2001
2002 a=${NSA_IP}
2003 log_start
Riccardo Paolo Bestetti8ff978b2021-11-17 10:00:11 +0100[diff] [blame]2004
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]2005 run_cmd nettest ${varg} -s &
2006 sleep 1
2007 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2008 sleep 3
2009 run_cmd ip link del ${VRF}
2010 sleep 1
2011 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
2012
2013 setup ${with_vrf}
2014
2015 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2016 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]2017 sleep 1
2018 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2019 sleep 3
2020 run_cmd ip link del ${VRF}
2021 sleep 1
2022 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
2023
2024 setup ${with_vrf}
2025
2026 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2027 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]2028 sleep 1
2029 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2030 sleep 3
2031 run_cmd ip link del ${VRF}
2032 sleep 1
2033 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
2034}
2035
2036ipv4_ping_rt()
2037{
2038 local with_vrf="yes"
2039 local a
2040
2041 for a in ${NSA_IP} ${VRF_IP}
2042 do
2043 log_start
2044 run_cmd_nsb ping -f ${a} &
2045 sleep 3
2046 run_cmd ip link del ${VRF}
2047 sleep 1
2048 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2049
2050 setup ${with_vrf}
2051 done
2052
2053 a=${NSB_IP}
2054 log_start
2055 run_cmd ping -f -I ${VRF} ${a} &
2056 sleep 3
2057 run_cmd ip link del ${VRF}
2058 sleep 1
2059 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2060}
2061
2062ipv4_runtime()
2063{
2064 log_section "Run time tests - ipv4"
2065
2066 setup "yes"
2067 ipv4_ping_rt
2068
2069 setup "yes"
2070 ipv4_rt "TCP active socket" "-n -1"
2071
2072 setup "yes"
2073 ipv4_rt "TCP passive socket" "-i"
2074}
2075
2076################################################################################
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]2077# IPv6
2078
2079ipv6_ping_novrf()
2080{
2081 local a
2082
2083 # should not have an impact, but make a known state
2084 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
2085
2086 #
2087 # out
2088 #
2089 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2090 do
2091 log_start
2092 run_cmd ${ping6} -c1 -w1 ${a}
2093 log_test_addr ${a} $? 0 "ping out"
2094 done
2095
2096 for a in ${NSB_IP6} ${NSB_LO_IP6}
2097 do
2098 log_start
2099 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2100 log_test_addr ${a} $? 0 "ping out, device bind"
2101
2102 log_start
2103 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2104 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2105 done
2106
2107 #
2108 # in
2109 #
2110 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2111 do
2112 log_start
2113 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2114 log_test_addr ${a} $? 0 "ping in"
2115 done
2116
2117 #
2118 # local traffic, local address
2119 #
2120 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2121 do
2122 log_start
2123 run_cmd ${ping6} -c1 -w1 ${a}
2124 log_test_addr ${a} $? 0 "ping local, no bind"
2125 done
2126
2127 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2128 do
2129 log_start
2130 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2131 log_test_addr ${a} $? 0 "ping local, device bind"
2132 done
2133
2134 for a in ${NSA_LO_IP6} ::1
2135 do
2136 log_start
2137 show_hint "Fails since address on loopback is out of device scope"
2138 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2139 log_test_addr ${a} $? 2 "ping local, device bind"
2140 done
2141
2142 #
2143 # ip rule blocks address
2144 #
2145 log_start
2146 setup_cmd ip -6 rule add pref 32765 from all lookup local
2147 setup_cmd ip -6 rule del pref 0 from all lookup local
2148 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2149 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2150
2151 a=${NSB_LO_IP6}
2152 run_cmd ${ping6} -c1 -w1 ${a}
2153 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2154
2155 log_start
2156 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2157 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2158
2159 a=${NSA_LO_IP6}
2160 log_start
2161 show_hint "Response lost due to ip rule"
2162 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2163 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2164
2165 setup_cmd ip -6 rule add pref 0 from all lookup local
2166 setup_cmd ip -6 rule del pref 32765 from all lookup local
2167 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2168 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2169
2170 #
2171 # route blocks reachability to remote address
2172 #
2173 log_start
2174 setup_cmd ip -6 route del ${NSB_LO_IP6}
2175 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2176 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2177
2178 a=${NSB_LO_IP6}
2179 run_cmd ${ping6} -c1 -w1 ${a}
2180 log_test_addr ${a} $? 2 "ping out, blocked by route"
2181
2182 log_start
2183 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2184 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2185
2186 a=${NSA_LO_IP6}
2187 log_start
2188 show_hint "Response lost due to ip route"
2189 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2190 log_test_addr ${a} $? 1 "ping in, blocked by route"
2191
2192
2193 #
2194 # remove 'remote' routes; fallback to default
2195 #
2196 log_start
2197 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2198 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2199
2200 a=${NSB_LO_IP6}
2201 run_cmd ${ping6} -c1 -w1 ${a}
2202 log_test_addr ${a} $? 2 "ping out, unreachable route"
2203
2204 log_start
2205 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2206 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2207}
2208
2209ipv6_ping_vrf()
2210{
2211 local a
2212
2213 # should default on; does not exist on older kernels
2214 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2215
2216 #
2217 # out
2218 #
2219 for a in ${NSB_IP6} ${NSB_LO_IP6}
2220 do
2221 log_start
2222 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2223 log_test_addr ${a} $? 0 "ping out, VRF bind"
2224 done
2225
2226 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2227 do
2228 log_start
2229 show_hint "Fails since VRF device does not support linklocal or multicast"
2230 run_cmd ${ping6} -c1 -w1 ${a}
Jie2x Zhou92816e22021-12-09 10:02:30 +0800[diff] [blame]2231 log_test_addr ${a} $? 1 "ping out, VRF bind"
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]2232 done
2233
2234 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2235 do
2236 log_start
2237 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2238 log_test_addr ${a} $? 0 "ping out, device bind"
2239 done
2240
2241 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2242 do
2243 log_start
2244 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2245 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2246 done
2247
2248 #
2249 # in
2250 #
2251 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2252 do
2253 log_start
2254 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2255 log_test_addr ${a} $? 0 "ping in"
2256 done
2257
2258 a=${NSA_LO_IP6}
2259 log_start
2260 show_hint "Fails since loopback address is out of VRF scope"
2261 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2262 log_test_addr ${a} $? 1 "ping in"
2263
2264 #
2265 # local traffic, local address
2266 #
2267 for a in ${NSA_IP6} ${VRF_IP6} ::1
2268 do
2269 log_start
2270 show_hint "Source address should be ${a}"
2271 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2272 log_test_addr ${a} $? 0 "ping local, VRF bind"
2273 done
2274
2275 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2276 do
2277 log_start
2278 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2279 log_test_addr ${a} $? 0 "ping local, device bind"
2280 done
2281
2282 # LLA to GUA - remove ipv6 global addresses from ns-B
2283 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2284 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2285 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2286
2287 for a in ${NSA_IP6} ${VRF_IP6}
2288 do
2289 log_start
2290 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2291 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2292 done
2293
2294 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2295 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2296 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2297
2298 #
2299 # ip rule blocks address
2300 #
2301 log_start
2302 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2303 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2304
2305 a=${NSB_LO_IP6}
2306 run_cmd ${ping6} -c1 -w1 ${a}
2307 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2308
2309 log_start
2310 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2311 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2312
2313 a=${NSA_LO_IP6}
2314 log_start
2315 show_hint "Response lost due to ip rule"
2316 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2317 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2318
2319 log_start
2320 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2321 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2322
2323 #
2324 # remove 'remote' routes; fallback to default
2325 #
2326 log_start
2327 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2328
2329 a=${NSB_LO_IP6}
2330 run_cmd ${ping6} -c1 -w1 ${a}
2331 log_test_addr ${a} $? 2 "ping out, unreachable route"
2332
2333 log_start
2334 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2335 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2336
2337 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2338 a=${NSA_LO_IP6}
2339 log_start
2340 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2341 log_test_addr ${a} $? 2 "ping in, unreachable route"
2342}
2343
2344ipv6_ping()
2345{
2346 log_section "IPv6 ping"
2347
2348 log_subsection "No VRF"
2349 setup
2350 ipv6_ping_novrf
2351
2352 log_subsection "With VRF"
2353 setup "yes"
2354 ipv6_ping_vrf
2355}
2356
2357################################################################################
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2358# IPv6 TCP
2359
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2360#
2361# MD5 tests without VRF
2362#
2363ipv6_tcp_md5_novrf()
2364{
2365 #
2366 # single address
2367 #
2368
2369 # basic use case
2370 log_start
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2371 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2372 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2373 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2374 log_test $? 0 "MD5: Single address config"
2375
2376 # client sends MD5, server not configured
2377 log_start
2378 show_hint "Should timeout due to MD5 mismatch"
2379 run_cmd nettest -6 -s &
2380 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2381 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2382 log_test $? 2 "MD5: Server no config, client uses password"
2383
2384 # wrong password
2385 log_start
2386 show_hint "Should timeout since client uses wrong password"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2387 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2388 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2389 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2390 log_test $? 2 "MD5: Client uses wrong password"
2391
2392 # client from different address
2393 log_start
2394 show_hint "Should timeout due to MD5 mismatch"
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2395 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2396 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2397 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2398 log_test $? 2 "MD5: Client address does not match address configured with password"
2399
2400 #
2401 # MD5 extension - prefix length
2402 #
2403
2404 # client in prefix
2405 log_start
2406 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2407 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2408 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2409 log_test $? 0 "MD5: Prefix config"
2410
2411 # client in prefix, wrong password
2412 log_start
2413 show_hint "Should timeout since client uses wrong password"
2414 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2415 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2416 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2417 log_test $? 2 "MD5: Prefix config, client uses wrong password"
2418
2419 # client outside of prefix
2420 log_start
2421 show_hint "Should timeout due to MD5 mismatch"
2422 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2423 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]2424 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2425 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
2426}
2427
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2428#
2429# MD5 tests with VRF
2430#
2431ipv6_tcp_md5()
2432{
2433 #
2434 # single address
2435 #
2436
2437 # basic use case
2438 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2439 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2440 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2441 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2442 log_test $? 0 "MD5: VRF: Single address config"
2443
2444 # client sends MD5, server not configured
2445 log_start
2446 show_hint "Should timeout since server does not have MD5 auth"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2447 run_cmd nettest -6 -s -I ${VRF} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2448 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2449 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2450 log_test $? 2 "MD5: VRF: Server no config, client uses password"
2451
2452 # wrong password
2453 log_start
2454 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2455 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2456 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2457 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2458 log_test $? 2 "MD5: VRF: Client uses wrong password"
2459
2460 # client from different address
2461 log_start
2462 show_hint "Should timeout since server config differs from client"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2463 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2464 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2465 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2466 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
2467
2468 #
2469 # MD5 extension - prefix length
2470 #
2471
2472 # client in prefix
2473 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2474 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2475 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2476 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2477 log_test $? 0 "MD5: VRF: Prefix config"
2478
2479 # client in prefix, wrong password
2480 log_start
2481 show_hint "Should timeout since client uses wrong password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2482 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2483 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2484 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2485 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
2486
2487 # client outside of prefix
2488 log_start
2489 show_hint "Should timeout since client address is outside of prefix"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2490 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2491 sleep 1
David Ahern5265a012021-01-13 20:09:49 -0700[diff] [blame]2492 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2493 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
2494
2495 #
2496 # duplicate config between default VRF and a VRF
2497 #
2498
2499 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2500 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2501 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2502 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2503 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2504 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
2505
2506 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2507 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2508 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2509 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2510 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2511 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
2512
2513 log_start
2514 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2515 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2516 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2517 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2518 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2519 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
2520
2521 log_start
2522 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2523 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
David Aherna824e262021-01-13 20:09:45 -0700[diff] [blame]2524 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2525 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2526 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2527 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
2528
2529 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2530 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2531 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2532 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2533 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2534 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
2535
2536 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2537 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2538 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2539 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2540 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2541 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
2542
2543 log_start
2544 show_hint "Should timeout since client in default VRF uses VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2545 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2546 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2547 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2548 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2549 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
2550
2551 log_start
2552 show_hint "Should timeout since client in VRF uses default VRF password"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2553 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2554 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2555 sleep 1
David Ahernd3857b82021-01-13 20:09:46 -0700[diff] [blame]2556 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2557 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
2558
2559 #
2560 # negative tests
2561 #
2562 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2563 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2564 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2565
2566 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2567 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2568 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2569
2570}
2571
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2572ipv6_tcp_novrf()
2573{
2574 local a
2575
2576 #
2577 # server tests
2578 #
2579 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2580 do
2581 log_start
2582 run_cmd nettest -6 -s &
2583 sleep 1
2584 run_cmd_nsb nettest -6 -r ${a}
2585 log_test_addr ${a} $? 0 "Global server"
2586 done
2587
2588 # verify TCP reset received
2589 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2590 do
2591 log_start
2592 show_hint "Should fail 'Connection refused'"
2593 run_cmd_nsb nettest -6 -r ${a}
2594 log_test_addr ${a} $? 1 "No server"
2595 done
2596
2597 #
2598 # client
2599 #
2600 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2601 do
2602 log_start
2603 run_cmd_nsb nettest -6 -s &
2604 sleep 1
2605 run_cmd nettest -6 -r ${a}
2606 log_test_addr ${a} $? 0 "Client"
2607 done
2608
2609 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2610 do
2611 log_start
2612 run_cmd_nsb nettest -6 -s &
2613 sleep 1
2614 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2615 log_test_addr ${a} $? 0 "Client, device bind"
2616 done
2617
2618 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2619 do
2620 log_start
2621 show_hint "Should fail 'Connection refused'"
2622 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2623 log_test_addr ${a} $? 1 "No server, device client"
2624 done
2625
2626 #
2627 # local address tests
2628 #
2629 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2630 do
2631 log_start
2632 run_cmd nettest -6 -s &
2633 sleep 1
2634 run_cmd nettest -6 -r ${a}
2635 log_test_addr ${a} $? 0 "Global server, local connection"
2636 done
2637
2638 a=${NSA_IP6}
2639 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2640 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2641 sleep 1
2642 run_cmd nettest -6 -r ${a} -0 ${a}
2643 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2644
2645 for a in ${NSA_LO_IP6} ::1
2646 do
2647 log_start
2648 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2649 run_cmd nettest -6 -s -I ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2650 sleep 1
2651 run_cmd nettest -6 -r ${a}
2652 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2653 done
2654
2655 a=${NSA_IP6}
2656 log_start
2657 run_cmd nettest -6 -s &
2658 sleep 1
2659 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2660 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2661
2662 for a in ${NSA_LO_IP6} ::1
2663 do
2664 log_start
2665 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2666 run_cmd nettest -6 -s &
2667 sleep 1
2668 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2669 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2670 done
2671
2672 for a in ${NSA_IP6} ${NSA_LINKIP6}
2673 do
2674 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2675 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2676 sleep 1
2677 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2678 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2679 done
2680
2681 for a in ${NSA_IP6} ${NSA_LINKIP6}
2682 do
2683 log_start
2684 show_hint "Should fail 'Connection refused'"
2685 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2686 log_test_addr ${a} $? 1 "No server, device client, local conn"
2687 done
David Ahernf0bee1e2019-12-30 14:14:32 -0800[diff] [blame]2688
2689 ipv6_tcp_md5_novrf
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2690}
2691
2692ipv6_tcp_vrf()
2693{
2694 local a
2695
2696 # disable global server
2697 log_subsection "Global server disabled"
2698
2699 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2700
2701 #
2702 # server tests
2703 #
2704 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2705 do
2706 log_start
2707 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2708 run_cmd nettest -6 -s &
2709 sleep 1
2710 run_cmd_nsb nettest -6 -r ${a}
2711 log_test_addr ${a} $? 1 "Global server"
2712 done
2713
2714 for a in ${NSA_IP6} ${VRF_IP6}
2715 do
2716 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2717 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2718 sleep 1
2719 run_cmd_nsb nettest -6 -r ${a}
2720 log_test_addr ${a} $? 0 "VRF server"
2721 done
2722
2723 # link local is always bound to ingress device
2724 a=${NSA_LINKIP6}%${NSB_DEV}
2725 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2726 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2727 sleep 1
2728 run_cmd_nsb nettest -6 -r ${a}
2729 log_test_addr ${a} $? 0 "VRF server"
2730
2731 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2732 do
2733 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2734 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2735 sleep 1
2736 run_cmd_nsb nettest -6 -r ${a}
2737 log_test_addr ${a} $? 0 "Device server"
2738 done
2739
2740 # verify TCP reset received
2741 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2742 do
2743 log_start
2744 show_hint "Should fail 'Connection refused'"
2745 run_cmd_nsb nettest -6 -r ${a}
2746 log_test_addr ${a} $? 1 "No server"
2747 done
2748
2749 # local address tests
2750 a=${NSA_IP6}
2751 log_start
2752 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2753 run_cmd nettest -6 -s &
2754 sleep 1
2755 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2756 log_test_addr ${a} $? 1 "Global server, local connection"
2757
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2758 # run MD5 tests
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]2759 setup_vrf_dup
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2760 ipv6_tcp_md5
David Ahern7e014752021-12-11 10:11:30 -0700[diff] [blame]2761 cleanup_vrf_dup
David Ahern5cad8bc2019-12-30 14:14:33 -0800[diff] [blame]2762
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2763 #
2764 # enable VRF global server
2765 #
2766 log_subsection "VRF Global server enabled"
2767 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2768
2769 for a in ${NSA_IP6} ${VRF_IP6}
2770 do
2771 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2772 run_cmd nettest -6 -s -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2773 sleep 1
2774 run_cmd_nsb nettest -6 -r ${a}
2775 log_test_addr ${a} $? 0 "Global server"
2776 done
2777
2778 for a in ${NSA_IP6} ${VRF_IP6}
2779 do
2780 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2781 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2782 sleep 1
2783 run_cmd_nsb nettest -6 -r ${a}
2784 log_test_addr ${a} $? 0 "VRF server"
2785 done
2786
2787 # For LLA, child socket is bound to device
2788 a=${NSA_LINKIP6}%${NSB_DEV}
2789 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2790 run_cmd nettest -6 -s -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2791 sleep 1
2792 run_cmd_nsb nettest -6 -r ${a}
2793 log_test_addr ${a} $? 0 "Global server"
2794
2795 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2796 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2797 sleep 1
2798 run_cmd_nsb nettest -6 -r ${a}
2799 log_test_addr ${a} $? 0 "VRF server"
2800
2801 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2802 do
2803 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2804 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2805 sleep 1
2806 run_cmd_nsb nettest -6 -r ${a}
2807 log_test_addr ${a} $? 0 "Device server"
2808 done
2809
2810 # verify TCP reset received
2811 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2812 do
2813 log_start
2814 show_hint "Should fail 'Connection refused'"
2815 run_cmd_nsb nettest -6 -r ${a}
2816 log_test_addr ${a} $? 1 "No server"
2817 done
2818
2819 # local address tests
2820 for a in ${NSA_IP6} ${VRF_IP6}
2821 do
2822 log_start
David Ahern17aa23e2020-01-05 20:02:05 -0800[diff] [blame]2823 show_hint "Fails 'Connection refused' since client is not in VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2824 run_cmd nettest -6 -s -I ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2825 sleep 1
2826 run_cmd nettest -6 -r ${a}
2827 log_test_addr ${a} $? 1 "Global server, local connection"
2828 done
2829
2830
2831 #
2832 # client
2833 #
2834 for a in ${NSB_IP6} ${NSB_LO_IP6}
2835 do
2836 log_start
2837 run_cmd_nsb nettest -6 -s &
2838 sleep 1
2839 run_cmd nettest -6 -r ${a} -d ${VRF}
2840 log_test_addr ${a} $? 0 "Client, VRF bind"
2841 done
2842
2843 a=${NSB_LINKIP6}
2844 log_start
2845 show_hint "Fails since VRF device does not allow linklocal addresses"
2846 run_cmd_nsb nettest -6 -s &
2847 sleep 1
2848 run_cmd nettest -6 -r ${a} -d ${VRF}
2849 log_test_addr ${a} $? 1 "Client, VRF bind"
2850
2851 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2852 do
2853 log_start
2854 run_cmd_nsb nettest -6 -s &
2855 sleep 1
2856 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2857 log_test_addr ${a} $? 0 "Client, device bind"
2858 done
2859
2860 for a in ${NSB_IP6} ${NSB_LO_IP6}
2861 do
2862 log_start
2863 show_hint "Should fail 'Connection refused'"
2864 run_cmd nettest -6 -r ${a} -d ${VRF}
2865 log_test_addr ${a} $? 1 "No server, VRF client"
2866 done
2867
2868 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2869 do
2870 log_start
2871 show_hint "Should fail 'Connection refused'"
2872 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2873 log_test_addr ${a} $? 1 "No server, device client"
2874 done
2875
2876 for a in ${NSA_IP6} ${VRF_IP6} ::1
2877 do
2878 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2879 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2880 sleep 1
2881 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2882 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2883 done
2884
2885 a=${NSA_IP6}
2886 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2887 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2888 sleep 1
2889 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2890 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2891
2892 a=${NSA_IP6}
2893 log_start
2894 show_hint "Should fail since unbound client is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2895 run_cmd nettest -6 -s -I ${VRF} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2896 sleep 1
2897 run_cmd nettest -6 -r ${a}
2898 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2899
2900 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2901 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2902 sleep 1
2903 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2904 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2905
2906 for a in ${NSA_IP6} ${NSA_LINKIP6}
2907 do
2908 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2909 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2910 sleep 1
2911 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2912 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2913 done
2914}
2915
2916ipv6_tcp()
2917{
2918 log_section "IPv6/TCP"
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]2919 log_subsection "No VRF"
2920 setup
2921
2922 # tcp_l3mdev_accept should have no affect without VRF;
2923 # run tests with it enabled and disabled to verify
2924 log_subsection "tcp_l3mdev_accept disabled"
2925 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2926 ipv6_tcp_novrf
2927 log_subsection "tcp_l3mdev_accept enabled"
2928 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2929 ipv6_tcp_novrf
2930
2931 log_subsection "With VRF"
2932 setup "yes"
2933 ipv6_tcp_vrf
2934}
2935
2936################################################################################
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2937# IPv6 UDP
2938
2939ipv6_udp_novrf()
2940{
2941 local a
2942
2943 #
2944 # server tests
2945 #
2946 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2947 do
2948 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2949 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2950 sleep 1
2951 run_cmd_nsb nettest -6 -D -r ${a}
2952 log_test_addr ${a} $? 0 "Global server"
2953
2954 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2955 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2956 sleep 1
2957 run_cmd_nsb nettest -6 -D -r ${a}
2958 log_test_addr ${a} $? 0 "Device server"
2959 done
2960
2961 a=${NSA_LO_IP6}
2962 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2963 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2964 sleep 1
2965 run_cmd_nsb nettest -6 -D -r ${a}
2966 log_test_addr ${a} $? 0 "Global server"
2967
2968 # should fail since loopback address is out of scope for a device
2969 # bound server, but it does not - hence this is more documenting
2970 # behavior.
2971 #log_start
2972 #show_hint "Should fail since loopback address is out of scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]2973 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]2974 #sleep 1
2975 #run_cmd_nsb nettest -6 -D -r ${a}
2976 #log_test_addr ${a} $? 1 "Device server"
2977
2978 # negative test - should fail
2979 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2980 do
2981 log_start
2982 show_hint "Should fail 'Connection refused' since there is no server"
2983 run_cmd_nsb nettest -6 -D -r ${a}
2984 log_test_addr ${a} $? 1 "No server"
2985 done
2986
2987 #
2988 # client
2989 #
2990 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2991 do
2992 log_start
2993 run_cmd_nsb nettest -6 -D -s &
2994 sleep 1
2995 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2996 log_test_addr ${a} $? 0 "Client"
2997
2998 log_start
2999 run_cmd_nsb nettest -6 -D -s &
3000 sleep 1
3001 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
3002 log_test_addr ${a} $? 0 "Client, device bind"
3003
3004 log_start
3005 run_cmd_nsb nettest -6 -D -s &
3006 sleep 1
3007 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
3008 log_test_addr ${a} $? 0 "Client, device send via cmsg"
3009
3010 log_start
3011 run_cmd_nsb nettest -6 -D -s &
3012 sleep 1
3013 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
3014 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
3015
3016 log_start
3017 show_hint "Should fail 'Connection refused'"
3018 run_cmd nettest -6 -D -r ${a}
3019 log_test_addr ${a} $? 1 "No server, unbound client"
3020
3021 log_start
3022 show_hint "Should fail 'Connection refused'"
3023 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3024 log_test_addr ${a} $? 1 "No server, device client"
3025 done
3026
3027 #
3028 # local address tests
3029 #
3030 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
3031 do
3032 log_start
3033 run_cmd nettest -6 -D -s &
3034 sleep 1
3035 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3036 log_test_addr ${a} $? 0 "Global server, local connection"
3037 done
3038
3039 a=${NSA_IP6}
3040 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3041 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3042 sleep 1
3043 run_cmd nettest -6 -D -r ${a}
3044 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
3045
3046 for a in ${NSA_LO_IP6} ::1
3047 do
3048 log_start
3049 show_hint "Should fail 'Connection refused' since address is out of device scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3050 run_cmd nettest -6 -s -D -I ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3051 sleep 1
3052 run_cmd nettest -6 -D -r ${a}
3053 log_test_addr ${a} $? 1 "Device server, local connection"
3054 done
3055
3056 a=${NSA_IP6}
3057 log_start
3058 run_cmd nettest -6 -s -D &
3059 sleep 1
3060 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3061 log_test_addr ${a} $? 0 "Global server, device client, local connection"
3062
3063 log_start
3064 run_cmd nettest -6 -s -D &
3065 sleep 1
3066 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3067 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
3068
3069 log_start
3070 run_cmd nettest -6 -s -D &
3071 sleep 1
3072 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3073 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
3074
3075 for a in ${NSA_LO_IP6} ::1
3076 do
3077 log_start
3078 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3079 run_cmd nettest -6 -D -s &
3080 sleep 1
3081 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3082 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3083
3084 log_start
3085 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3086 run_cmd nettest -6 -D -s &
3087 sleep 1
3088 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3089 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3090
3091 log_start
3092 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3093 run_cmd nettest -6 -D -s &
3094 sleep 1
3095 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3096 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3097 done
3098
3099 a=${NSA_IP6}
3100 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3101 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3102 sleep 1
3103 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3104 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3105
3106 log_start
3107 show_hint "Should fail 'Connection refused'"
3108 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3109 log_test_addr ${a} $? 1 "No server, device client, local conn"
3110
3111 # LLA to GUA
3112 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3113 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3114 log_start
3115 run_cmd nettest -6 -s -D &
3116 sleep 1
3117 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3118 log_test $? 0 "UDP in - LLA to GUA"
3119
3120 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3121 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3122}
3123
3124ipv6_udp_vrf()
3125{
3126 local a
3127
3128 # disable global server
3129 log_subsection "Global server disabled"
3130 set_sysctl net.ipv4.udp_l3mdev_accept=0
3131
3132 #
3133 # server tests
3134 #
3135 for a in ${NSA_IP6} ${VRF_IP6}
3136 do
3137 log_start
3138 show_hint "Should fail 'Connection refused' since global server is disabled"
3139 run_cmd nettest -6 -D -s &
3140 sleep 1
3141 run_cmd_nsb nettest -6 -D -r ${a}
3142 log_test_addr ${a} $? 1 "Global server"
3143 done
3144
3145 for a in ${NSA_IP6} ${VRF_IP6}
3146 do
3147 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3148 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3149 sleep 1
3150 run_cmd_nsb nettest -6 -D -r ${a}
3151 log_test_addr ${a} $? 0 "VRF server"
3152 done
3153
3154 for a in ${NSA_IP6} ${VRF_IP6}
3155 do
3156 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3157 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3158 sleep 1
3159 run_cmd_nsb nettest -6 -D -r ${a}
3160 log_test_addr ${a} $? 0 "Enslaved device server"
3161 done
3162
3163 # negative test - should fail
3164 for a in ${NSA_IP6} ${VRF_IP6}
3165 do
3166 log_start
3167 show_hint "Should fail 'Connection refused' since there is no server"
3168 run_cmd_nsb nettest -6 -D -r ${a}
3169 log_test_addr ${a} $? 1 "No server"
3170 done
3171
3172 #
3173 # local address tests
3174 #
3175 for a in ${NSA_IP6} ${VRF_IP6}
3176 do
3177 log_start
3178 show_hint "Should fail 'Connection refused' since global server is disabled"
3179 run_cmd nettest -6 -D -s &
3180 sleep 1
3181 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3182 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3183 done
3184
3185 for a in ${NSA_IP6} ${VRF_IP6}
3186 do
3187 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3188 run_cmd nettest -6 -D -I ${VRF} -s &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3189 sleep 1
3190 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3191 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3192 done
3193
3194 a=${NSA_IP6}
3195 log_start
3196 show_hint "Should fail 'Connection refused' since global server is disabled"
3197 run_cmd nettest -6 -D -s &
3198 sleep 1
3199 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3200 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3201
3202 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3203 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3204 sleep 1
3205 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3206 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3207
3208 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3209 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3210 sleep 1
3211 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3212 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3213
3214 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3215 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3216 sleep 1
3217 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3218 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3219
3220 # disable global server
3221 log_subsection "Global server enabled"
3222 set_sysctl net.ipv4.udp_l3mdev_accept=1
3223
3224 #
3225 # server tests
3226 #
3227 for a in ${NSA_IP6} ${VRF_IP6}
3228 do
3229 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3230 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3231 sleep 1
3232 run_cmd_nsb nettest -6 -D -r ${a}
3233 log_test_addr ${a} $? 0 "Global server"
3234 done
3235
3236 for a in ${NSA_IP6} ${VRF_IP6}
3237 do
3238 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3239 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3240 sleep 1
3241 run_cmd_nsb nettest -6 -D -r ${a}
3242 log_test_addr ${a} $? 0 "VRF server"
3243 done
3244
3245 for a in ${NSA_IP6} ${VRF_IP6}
3246 do
3247 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3248 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3249 sleep 1
3250 run_cmd_nsb nettest -6 -D -r ${a}
3251 log_test_addr ${a} $? 0 "Enslaved device server"
3252 done
3253
3254 # negative test - should fail
3255 for a in ${NSA_IP6} ${VRF_IP6}
3256 do
3257 log_start
3258 run_cmd_nsb nettest -6 -D -r ${a}
3259 log_test_addr ${a} $? 1 "No server"
3260 done
3261
3262 #
3263 # client tests
3264 #
3265 log_start
3266 run_cmd_nsb nettest -6 -D -s &
3267 sleep 1
3268 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3269 log_test $? 0 "VRF client"
3270
3271 # negative test - should fail
3272 log_start
3273 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3274 log_test $? 1 "No server, VRF client"
3275
3276 log_start
3277 run_cmd_nsb nettest -6 -D -s &
3278 sleep 1
3279 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3280 log_test $? 0 "Enslaved device client"
3281
3282 # negative test - should fail
3283 log_start
3284 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3285 log_test $? 1 "No server, enslaved device client"
3286
3287 #
3288 # local address tests
3289 #
3290 a=${NSA_IP6}
3291 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3292 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3293 sleep 1
3294 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3295 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3296
3297 #log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3298 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3299 sleep 1
3300 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3301 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3302
3303
3304 a=${VRF_IP6}
3305 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3306 run_cmd nettest -6 -D -s -3 ${VRF} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3307 sleep 1
3308 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3309 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3310
3311 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3312 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3313 sleep 1
3314 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3315 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3316
3317 # negative test - should fail
3318 for a in ${NSA_IP6} ${VRF_IP6}
3319 do
3320 log_start
3321 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3322 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3323 done
3324
3325 # device to global IP
3326 a=${NSA_IP6}
3327 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3328 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3329 sleep 1
3330 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3331 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3332
3333 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3334 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3335 sleep 1
3336 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3337 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3338
3339 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3340 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3341 sleep 1
3342 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3343 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3344
3345 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3346 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]3347 sleep 1
3348 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3349 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3350
3351 log_start
3352 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3353 log_test_addr ${a} $? 1 "No server, device client, local conn"
3354
3355
3356 # link local addresses
3357 log_start
3358 run_cmd nettest -6 -D -s &
3359 sleep 1
3360 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3361 log_test $? 0 "Global server, linklocal IP"
3362
3363 log_start
3364 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3365 log_test $? 1 "No server, linklocal IP"
3366
3367
3368 log_start
3369 run_cmd_nsb nettest -6 -D -s &
3370 sleep 1
3371 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3372 log_test $? 0 "Enslaved device client, linklocal IP"
3373
3374 log_start
3375 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3376 log_test $? 1 "No server, device client, peer linklocal IP"
3377
3378
3379 log_start
3380 run_cmd nettest -6 -D -s &
3381 sleep 1
3382 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3383 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3384
3385 log_start
3386 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3387 log_test $? 1 "No server, device client, local conn - linklocal IP"
3388
3389 # LLA to GUA
3390 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3391 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3392 log_start
3393 run_cmd nettest -6 -s -D &
3394 sleep 1
3395 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3396 log_test $? 0 "UDP in - LLA to GUA"
3397
3398 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3399 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3400}
3401
3402ipv6_udp()
3403{
3404 # should not matter, but set to known state
3405 set_sysctl net.ipv4.udp_early_demux=1
3406
3407 log_section "IPv6/UDP"
3408 log_subsection "No VRF"
3409 setup
3410
3411 # udp_l3mdev_accept should have no affect without VRF;
3412 # run tests with it enabled and disabled to verify
3413 log_subsection "udp_l3mdev_accept disabled"
3414 set_sysctl net.ipv4.udp_l3mdev_accept=0
3415 ipv6_udp_novrf
3416 log_subsection "udp_l3mdev_accept enabled"
3417 set_sysctl net.ipv4.udp_l3mdev_accept=1
3418 ipv6_udp_novrf
3419
3420 log_subsection "With VRF"
3421 setup "yes"
3422 ipv6_udp_vrf
3423}
3424
3425################################################################################
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3426# IPv6 address bind
3427
3428ipv6_addr_bind_novrf()
3429{
3430 #
3431 # raw socket
3432 #
3433 for a in ${NSA_IP6} ${NSA_LO_IP6}
3434 do
3435 log_start
3436 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3437 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3438
3439 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3440 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3441 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3442 done
3443
3444 #
Riccardo Paolo Bestetti8ff978b2021-11-17 10:00:11 +0100[diff] [blame]3445 # raw socket with nonlocal bind
3446 #
3447 a=${NL_IP6}
3448 log_start
3449 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
3450 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
3451
3452 #
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3453 # tcp sockets
3454 #
3455 a=${NSA_IP6}
3456 log_start
3457 run_cmd nettest -6 -s -l ${a} -t1 -b
3458 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3459
3460 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3461 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3462 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3463
David Ahern28a26862021-12-11 11:26:16 -0700[diff] [blame]3464 # Sadly, the kernel allows binding a socket to a device and then
3465 # binding to an address not on the device. So this test passes
3466 # when it really should not
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3467 a=${NSA_LO_IP6}
3468 log_start
David Ahern28a26862021-12-11 11:26:16 -0700[diff] [blame]3469 show_hint "Tecnically should fail since address is not on device but kernel allows"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3470 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern28a26862021-12-11 11:26:16 -0700[diff] [blame]3471 log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address"
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3472}
3473
3474ipv6_addr_bind_vrf()
3475{
3476 #
3477 # raw socket
3478 #
3479 for a in ${NSA_IP6} ${VRF_IP6}
3480 do
3481 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3482 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3483 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3484
3485 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3486 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3487 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3488 done
3489
3490 a=${NSA_LO_IP6}
3491 log_start
3492 show_hint "Address on loopback is out of VRF scope"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3493 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3494 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3495
3496 #
Riccardo Paolo Bestetti8ff978b2021-11-17 10:00:11 +0100[diff] [blame]3497 # raw socket with nonlocal bind
3498 #
3499 a=${NL_IP6}
3500 log_start
3501 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
3502 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
3503
3504 #
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3505 # tcp sockets
3506 #
3507 # address on enslaved device is valid for the VRF or device in a VRF
3508 for a in ${NSA_IP6} ${VRF_IP6}
3509 do
3510 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3511 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3512 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3513 done
3514
3515 a=${NSA_IP6}
3516 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3517 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3518 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3519
David Ahern28a26862021-12-11 11:26:16 -0700[diff] [blame]3520 # Sadly, the kernel allows binding a socket to a device and then
3521 # binding to an address not on the device. The only restriction
3522 # is that the address is valid in the L3 domain. So this test
3523 # passes when it really should not
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3524 a=${VRF_IP6}
3525 log_start
David Ahern28a26862021-12-11 11:26:16 -0700[diff] [blame]3526 show_hint "Tecnically should fail since address is not on device but kernel allows"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3527 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern28a26862021-12-11 11:26:16 -0700[diff] [blame]3528 log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind"
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3529
3530 a=${NSA_LO_IP6}
3531 log_start
3532 show_hint "Address on loopback out of scope for VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3533 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3534 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3535
3536 log_start
3537 show_hint "Address on loopback out of scope for device in VRF"
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3538 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]3539 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3540
3541}
3542
3543ipv6_addr_bind()
3544{
3545 log_section "IPv6 address binds"
3546
3547 log_subsection "No VRF"
3548 setup
3549 ipv6_addr_bind_novrf
3550
3551 log_subsection "With VRF"
3552 setup "yes"
3553 ipv6_addr_bind_vrf
3554}
3555
3556################################################################################
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3557# IPv6 runtime tests
3558
3559ipv6_rt()
3560{
3561 local desc="$1"
3562 local varg="-6 $2"
3563 local with_vrf="yes"
3564 local a
3565
3566 #
3567 # server tests
3568 #
3569 for a in ${NSA_IP6} ${VRF_IP6}
3570 do
3571 log_start
3572 run_cmd nettest ${varg} -s &
3573 sleep 1
3574 run_cmd_nsb nettest ${varg} -r ${a} &
3575 sleep 3
3576 run_cmd ip link del ${VRF}
3577 sleep 1
3578 log_test_addr ${a} 0 0 "${desc}, global server"
3579
3580 setup ${with_vrf}
3581 done
3582
3583 for a in ${NSA_IP6} ${VRF_IP6}
3584 do
3585 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3586 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3587 sleep 1
3588 run_cmd_nsb nettest ${varg} -r ${a} &
3589 sleep 3
3590 run_cmd ip link del ${VRF}
3591 sleep 1
3592 log_test_addr ${a} 0 0 "${desc}, VRF server"
3593
3594 setup ${with_vrf}
3595 done
3596
3597 for a in ${NSA_IP6} ${VRF_IP6}
3598 do
3599 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3600 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3601 sleep 1
3602 run_cmd_nsb nettest ${varg} -r ${a} &
3603 sleep 3
3604 run_cmd ip link del ${VRF}
3605 sleep 1
3606 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3607
3608 setup ${with_vrf}
3609 done
3610
3611 #
3612 # client test
3613 #
3614 log_start
3615 run_cmd_nsb nettest ${varg} -s &
3616 sleep 1
3617 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3618 sleep 3
3619 run_cmd ip link del ${VRF}
3620 sleep 1
3621 log_test 0 0 "${desc}, VRF client"
3622
3623 setup ${with_vrf}
3624
3625 log_start
3626 run_cmd_nsb nettest ${varg} -s &
3627 sleep 1
3628 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3629 sleep 3
3630 run_cmd ip link del ${VRF}
3631 sleep 1
3632 log_test 0 0 "${desc}, enslaved device client"
3633
3634 setup ${with_vrf}
3635
3636
3637 #
3638 # local address tests
3639 #
3640 for a in ${NSA_IP6} ${VRF_IP6}
3641 do
3642 log_start
3643 run_cmd nettest ${varg} -s &
3644 sleep 1
3645 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3646 sleep 3
3647 run_cmd ip link del ${VRF}
3648 sleep 1
3649 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3650
3651 setup ${with_vrf}
3652 done
3653
3654 for a in ${NSA_IP6} ${VRF_IP6}
3655 do
3656 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3657 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3658 sleep 1
3659 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3660 sleep 3
3661 run_cmd ip link del ${VRF}
3662 sleep 1
3663 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3664
3665 setup ${with_vrf}
3666 done
3667
3668 a=${NSA_IP6}
3669 log_start
3670 run_cmd nettest ${varg} -s &
3671 sleep 1
3672 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3673 sleep 3
3674 run_cmd ip link del ${VRF}
3675 sleep 1
3676 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3677
3678 setup ${with_vrf}
3679
3680 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3681 run_cmd nettest ${varg} -I ${VRF} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3682 sleep 1
3683 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3684 sleep 3
3685 run_cmd ip link del ${VRF}
3686 sleep 1
3687 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3688
3689 setup ${with_vrf}
3690
3691 log_start
David Ahern8a909732021-01-13 20:09:47 -0700[diff] [blame]3692 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]3693 sleep 1
3694 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3695 sleep 3
3696 run_cmd ip link del ${VRF}
3697 sleep 1
3698 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3699}
3700
3701ipv6_ping_rt()
3702{
3703 local with_vrf="yes"
3704 local a
3705
3706 a=${NSA_IP6}
3707 log_start
3708 run_cmd_nsb ${ping6} -f ${a} &
3709 sleep 3
3710 run_cmd ip link del ${VRF}
3711 sleep 1
3712 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3713
3714 setup ${with_vrf}
3715
3716 log_start
3717 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3718 sleep 1
3719 run_cmd ip link del ${VRF}
3720 sleep 1
3721 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3722}
3723
3724ipv6_runtime()
3725{
3726 log_section "Run time tests - ipv6"
3727
3728 setup "yes"
3729 ipv6_ping_rt
3730
3731 setup "yes"
3732 ipv6_rt "TCP active socket" "-n -1"
3733
3734 setup "yes"
3735 ipv6_rt "TCP passive socket" "-i"
3736
3737 setup "yes"
3738 ipv6_rt "UDP active socket" "-D -n -1"
3739}
3740
3741################################################################################
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]3742# netfilter blocking connections
3743
3744netfilter_tcp_reset()
3745{
3746 local a
3747
3748 for a in ${NSA_IP} ${VRF_IP}
3749 do
3750 log_start
3751 run_cmd nettest -s &
3752 sleep 1
3753 run_cmd_nsb nettest -r ${a}
3754 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3755 done
3756}
3757
3758netfilter_icmp()
3759{
3760 local stype="$1"
3761 local arg
3762 local a
3763
3764 [ "${stype}" = "UDP" ] && arg="-D"
3765
3766 for a in ${NSA_IP} ${VRF_IP}
3767 do
3768 log_start
3769 run_cmd nettest ${arg} -s &
3770 sleep 1
3771 run_cmd_nsb nettest ${arg} -r ${a}
3772 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3773 done
3774}
3775
3776ipv4_netfilter()
3777{
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]3778 log_section "IPv4 Netfilter"
3779 log_subsection "TCP reset"
3780
3781 setup "yes"
3782 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3783
3784 netfilter_tcp_reset
3785
3786 log_start
3787 log_subsection "ICMP unreachable"
3788
3789 log_start
3790 run_cmd iptables -F
3791 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3792 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3793
3794 netfilter_icmp "TCP"
3795 netfilter_icmp "UDP"
3796
3797 log_start
3798 iptables -F
3799}
3800
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]3801netfilter_tcp6_reset()
3802{
3803 local a
3804
3805 for a in ${NSA_IP6} ${VRF_IP6}
3806 do
3807 log_start
3808 run_cmd nettest -6 -s &
3809 sleep 1
3810 run_cmd_nsb nettest -6 -r ${a}
3811 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3812 done
3813}
3814
3815netfilter_icmp6()
3816{
3817 local stype="$1"
3818 local arg
3819 local a
3820
3821 [ "${stype}" = "UDP" ] && arg="$arg -D"
3822
3823 for a in ${NSA_IP6} ${VRF_IP6}
3824 do
3825 log_start
3826 run_cmd nettest -6 -s ${arg} &
3827 sleep 1
3828 run_cmd_nsb nettest -6 ${arg} -r ${a}
3829 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3830 done
3831}
3832
3833ipv6_netfilter()
3834{
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]3835 log_section "IPv6 Netfilter"
3836 log_subsection "TCP reset"
3837
3838 setup "yes"
3839 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3840
3841 netfilter_tcp6_reset
3842
3843 log_subsection "ICMP unreachable"
3844
3845 log_start
3846 run_cmd ip6tables -F
3847 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3848 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3849
3850 netfilter_icmp6 "TCP"
3851 netfilter_icmp6 "UDP"
3852
3853 log_start
3854 ip6tables -F
3855}
3856
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]3857################################################################################
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]3858# specific use cases
3859
3860# VRF only.
3861# ns-A device enslaved to bridge. Verify traffic with and without
3862# br_netfilter module loaded. Repeat with SVI on bridge.
3863use_case_br()
3864{
3865 setup "yes"
3866
3867 setup_cmd ip link set ${NSA_DEV} down
3868 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24
3869 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
3870
3871 setup_cmd ip link add br0 type bridge
3872 setup_cmd ip addr add dev br0 ${NSA_IP}/24
3873 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
3874
3875 setup_cmd ip li set ${NSA_DEV} master br0
3876 setup_cmd ip li set ${NSA_DEV} up
3877 setup_cmd ip li set br0 up
3878 setup_cmd ip li set br0 vrf ${VRF}
3879
3880 rmmod br_netfilter 2>/dev/null
3881 sleep 5 # DAD
3882
3883 run_cmd ip neigh flush all
3884 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3885 log_test $? 0 "Bridge into VRF - IPv4 ping out"
3886
3887 run_cmd ip neigh flush all
3888 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3889 log_test $? 0 "Bridge into VRF - IPv6 ping out"
3890
3891 run_cmd ip neigh flush all
3892 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3893 log_test $? 0 "Bridge into VRF - IPv4 ping in"
3894
3895 run_cmd ip neigh flush all
3896 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3897 log_test $? 0 "Bridge into VRF - IPv6 ping in"
3898
3899 modprobe br_netfilter
3900 if [ $? -eq 0 ]; then
3901 run_cmd ip neigh flush all
3902 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3903 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3904
3905 run_cmd ip neigh flush all
3906 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3907 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3908
3909 run_cmd ip neigh flush all
3910 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3911 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3912
3913 run_cmd ip neigh flush all
3914 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3915 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3916 fi
3917
3918 setup_cmd ip li set br0 nomaster
3919 setup_cmd ip li add br0.100 link br0 type vlan id 100
3920 setup_cmd ip li set br0.100 vrf ${VRF} up
3921 setup_cmd ip addr add dev br0.100 172.16.101.1/24
3922 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
3923
3924 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100
3925 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24
3926 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
3927 setup_cmd_nsb ip li set vlan100 up
3928 sleep 1
3929
3930 rmmod br_netfilter 2>/dev/null
3931
3932 run_cmd ip neigh flush all
3933 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3934 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
3935
3936 run_cmd ip neigh flush all
3937 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3938 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
3939
3940 run_cmd ip neigh flush all
3941 run_cmd_nsb ping -c1 -w1 172.16.101.1
3942 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3943
3944 run_cmd ip neigh flush all
3945 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3946 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3947
3948 modprobe br_netfilter
3949 if [ $? -eq 0 ]; then
3950 run_cmd ip neigh flush all
3951 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3952 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3953
3954 run_cmd ip neigh flush all
3955 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3956 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3957
3958 run_cmd ip neigh flush all
3959 run_cmd_nsb ping -c1 -w1 172.16.101.1
3960 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3961
3962 run_cmd ip neigh flush all
3963 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3964 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3965 fi
3966
3967 setup_cmd ip li del br0 2>/dev/null
3968 setup_cmd_nsb ip li del vlan100 2>/dev/null
3969}
3970
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]3971# VRF only.
3972# ns-A device is connected to both ns-B and ns-C on a single VRF but only has
3973# LLA on the interfaces
3974use_case_ping_lla_multi()
3975{
3976 setup_lla_only
3977 # only want reply from ns-A
3978 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3979 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3980
3981 log_start
3982 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3983 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
3984
3985 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3986 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
3987
3988 # cycle/flap the first ns-A interface
3989 setup_cmd ip link set ${NSA_DEV} down
3990 setup_cmd ip link set ${NSA_DEV} up
3991 sleep 1
3992
3993 log_start
3994 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3995 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
3996 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3997 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
3998
3999 # cycle/flap the second ns-A interface
4000 setup_cmd ip link set ${NSA_DEV2} down
4001 setup_cmd ip link set ${NSA_DEV2} up
4002 sleep 1
4003
4004 log_start
4005 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4006 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
4007 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4008 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
4009}
4010
Lahav Schlesingerd3cec5c2021-08-18 08:52:12 +0000[diff] [blame]4011# Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
4012# established with ns-B.
4013use_case_snat_on_vrf()
4014{
4015 setup "yes"
4016
4017 local port="12345"
4018
4019 run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
4020 run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
4021
4022 run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
4023 sleep 1
4024 run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
4025 log_test $? 0 "IPv4 TCP connection over VRF with SNAT"
4026
4027 run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
4028 sleep 1
4029 run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
4030 log_test $? 0 "IPv6 TCP connection over VRF with SNAT"
4031
4032 # Cleanup
4033 run_cmd iptables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
4034 run_cmd ip6tables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
4035}
4036
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]4037use_cases()
4038{
4039 log_section "Use cases"
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]4040 log_subsection "Device enslaved to bridge"
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]4041 use_case_br
Stephen Suryaputra205704c2020-12-03 22:06:04 -0500[diff] [blame]4042 log_subsection "Ping LLA with multiple interfaces"
4043 use_case_ping_lla_multi
Lahav Schlesingerd3cec5c2021-08-18 08:52:12 +0000[diff] [blame]4044 log_subsection "SNAT on VRF"
4045 use_case_snat_on_vrf
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]4046}
4047
4048################################################################################
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4049# usage
4050
4051usage()
4052{
4053 cat <<EOF
4054usage: ${0##*/} OPTS
4055
4056 -4 IPv4 tests only
4057 -6 IPv6 tests only
4058 -t <test> Test name/set to run
4059 -p Pause on fail
4060 -P Pause after each test
4061 -v Be verbose
Li Zhijian22556342022-01-14 11:02:46 +0800[diff] [blame]4062
4063Tests:
4064 $TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4065EOF
4066}
4067
4068################################################################################
4069# main
4070
Li Zhijiana05431b2021-12-02 10:28:41 +0800[diff] [blame]4071TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_bind ipv4_runtime ipv4_netfilter"
4072TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_bind ipv6_runtime ipv6_netfilter"
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]4073TESTS_OTHER="use_cases"
4074
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4075PAUSE_ON_FAIL=no
4076PAUSE=no
4077
4078while getopts :46t:pPvh o
4079do
4080 case $o in
4081 4) TESTS=ipv4;;
4082 6) TESTS=ipv6;;
4083 t) TESTS=$OPTARG;;
4084 p) PAUSE_ON_FAIL=yes;;
4085 P) PAUSE=yes;;
4086 v) VERBOSE=1;;
4087 h) usage; exit 0;;
4088 *) usage; exit 1;;
4089 esac
4090done
4091
4092# make sure we don't pause twice
4093[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
4094
4095#
4096# show user test config
4097#
4098if [ -z "$TESTS" ]; then
4099 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
4100elif [ "$TESTS" = "ipv4" ]; then
4101 TESTS="$TESTS_IPV4"
4102elif [ "$TESTS" = "ipv6" ]; then
4103 TESTS="$TESTS_IPV6"
4104fi
4105
David Ahernf8874272019-08-09 16:13:38 -0700[diff] [blame]4106which nettest >/dev/null
4107if [ $? -ne 0 ]; then
4108 echo "'nettest' command not found; skipping tests"
Po-Hsu Lin7844ec22021-08-23 16:58:54 +0800[diff] [blame]4109 exit $ksft_skip
David Ahernf8874272019-08-09 16:13:38 -0700[diff] [blame]4110fi
4111
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4112declare -i nfail=0
4113declare -i nsuccess=0
4114
4115for t in $TESTS
4116do
4117 case $t in
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]4118 ipv4_ping|ping) ipv4_ping;;
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]4119 ipv4_tcp|tcp) ipv4_tcp;;
David Aherna4368be2019-08-01 11:56:40 -0700[diff] [blame]4120 ipv4_udp|udp) ipv4_udp;;
David Ahern75b2b2b2019-08-01 11:56:42 -0700[diff] [blame]4121 ipv4_bind|bind) ipv4_addr_bind;;
David Ahern0113f722019-08-01 11:56:44 -0700[diff] [blame]4122 ipv4_runtime) ipv4_runtime;;
David Ahern88f2b362019-08-01 11:56:46 -0700[diff] [blame]4123 ipv4_netfilter) ipv4_netfilter;;
David Ahernbbd7c762019-08-01 11:56:38 -0700[diff] [blame]4124
David Ahernc0644e72019-08-01 11:56:37 -0700[diff] [blame]4125 ipv6_ping|ping6) ipv6_ping;;
David Aherna071bbf2019-08-01 11:56:39 -0700[diff] [blame]4126 ipv6_tcp|tcp6) ipv6_tcp;;
David Ahern6abdb652019-08-01 11:56:41 -0700[diff] [blame]4127 ipv6_udp|udp6) ipv6_udp;;
David Ahern34d03022019-08-01 11:56:43 -0700[diff] [blame]4128 ipv6_bind|bind6) ipv6_addr_bind;;
David Ahern4cd12f62019-08-01 11:56:45 -0700[diff] [blame]4129 ipv6_runtime) ipv6_runtime;;
David Aherndb6641e2019-08-01 11:56:47 -0700[diff] [blame]4130 ipv6_netfilter) ipv6_netfilter;;
David Ahernc032dd82019-08-01 11:56:36 -0700[diff] [blame]4131
David Ahern56eba152019-08-01 11:56:48 -0700[diff] [blame]4132 use_cases) use_cases;;
4133
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4134 # setup namespaces and config, but do not run any tests
4135 setup) setup; exit 0;;
4136 vrf_setup) setup "yes"; exit 0;;
David Ahern6f9d5ca2019-08-01 11:56:35 -0700[diff] [blame]4137 esac
4138done
4139
4140cleanup 2>/dev/null
4141
4142printf "\nTests passed: %3d\n" ${nsuccess}
4143printf "Tests failed: %3d\n" ${nfail}
Li Zhijian0f8a3b42021-12-03 10:32:13 +0800[diff] [blame]4144
4145if [ $nfail -ne 0 ]; then
4146 exit 1 # KSFT_FAIL
4147elif [ $nsuccess -eq 0 ]; then
4148 exit $ksft_skip
4149fi
4150
4151exit 0 # KSFT_PASS