tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5#
6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7# for various permutations:
8# 1. icmp, tcp, udp and netfilter
9# 2. client, server, no-server
10# 3. global address on interface
11# 4. global address on 'lo'
12# 5. remote and local traffic
13# 6. VRF and non-VRF permutations
14#
15# Setup:
16# ns-A | ns-B
17# No VRF case:
18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
19# remote address
20# VRF case:
21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
22#
23# ns-A:
24# eth1: 172.16.1.1/24, 2001:db8:1::1/64
25# lo: 127.0.0.1/8, ::1/128
26# 172.16.2.1/32, 2001:db8:2::1/128
27# red: 127.0.0.1/8, ::1/128
28# 172.16.3.1/32, 2001:db8:3::1/128
29#
30# ns-B:
31# eth1: 172.16.1.2/24, 2001:db8:1::2/64
32# lo2: 127.0.0.1/8, ::1/128
33# 172.16.2.2/32, 2001:db8:2::2/128
34#
35# ns-A to ns-C connection - only for VRF and same config
36# as ns-A to ns-B
37#
38# server / client nomenclature relative to ns-A
39
40VERBOSE=0
41
42NSA_DEV=eth1
43NSA_DEV2=eth2
44NSB_DEV=eth1
45NSC_DEV=eth2
46VRF=red
47VRF_TABLE=1101
48
49# IPv4 config
50NSA_IP=172.16.1.1
51NSB_IP=172.16.1.2
52VRF_IP=172.16.3.1
53NS_NET=172.16.1.0/24
54
55# IPv6 config
56NSA_IP6=2001:db8:1::1
57NSB_IP6=2001:db8:1::2
58VRF_IP6=2001:db8:3::1
59NS_NET6=2001:db8:1::/120
60
61NSA_LO_IP=172.16.2.1
62NSB_LO_IP=172.16.2.2
63NSA_LO_IP6=2001:db8:2::1
64NSB_LO_IP6=2001:db8:2::2
65
66MD5_PW=abc123
67MD5_WRONG_PW=abc1234
68
69MCAST=ff02::1
70# set after namespace create
71NSA_LINKIP6=
72NSB_LINKIP6=
73
74NSA=ns-A
75NSB=ns-B
76NSC=ns-C
77
78NSA_CMD="ip netns exec ${NSA}"
79NSB_CMD="ip netns exec ${NSB}"
80NSC_CMD="ip netns exec ${NSC}"
81
82which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
83
84################################################################################
85# utilities
86
87log_test()
88{
89 local rc=$1
90 local expected=$2
91 local msg="$3"
92
93 [ "${VERBOSE}" = "1" ] && echo
94
95 if [ ${rc} -eq ${expected} ]; then
96 nsuccess=$((nsuccess+1))
97 printf "TEST: %-70s [ OK ]\n" "${msg}"
98 else
99 nfail=$((nfail+1))
100 printf "TEST: %-70s [FAIL]\n" "${msg}"
101 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
102 echo
103 echo "hit enter to continue, 'q' to quit"
104 read a
105 [ "$a" = "q" ] && exit 1
106 fi
107 fi
108
109 if [ "${PAUSE}" = "yes" ]; then
110 echo
111 echo "hit enter to continue, 'q' to quit"
112 read a
113 [ "$a" = "q" ] && exit 1
114 fi
115
116 kill_procs
117}
118
119log_test_addr()
120{
121 local addr=$1
122 local rc=$2
123 local expected=$3
124 local msg="$4"
125 local astr
126
127 astr=$(addr2str ${addr})
128 log_test $rc $expected "$msg - ${astr}"
129}
130
131log_section()
132{
133 echo
134 echo "###########################################################################"
135 echo "$*"
136 echo "###########################################################################"
137 echo
138}
139
140log_subsection()
141{
142 echo
143 echo "#################################################################"
144 echo "$*"
145 echo
146}
147
148log_start()
149{
150 # make sure we have no test instances running
151 kill_procs
152
153 if [ "${VERBOSE}" = "1" ]; then
154 echo
155 echo "#######################################################"
156 fi
157}
158
159log_debug()
160{
161 if [ "${VERBOSE}" = "1" ]; then
162 echo
163 echo "$*"
164 echo
165 fi
166}
167
168show_hint()
169{
170 if [ "${VERBOSE}" = "1" ]; then
171 echo "HINT: $*"
172 echo
173 fi
174}
175
176kill_procs()
177{
178 killall nettest ping ping6 >/dev/null 2>&1
179 sleep 1
180}
181
182do_run_cmd()
183{
184 local cmd="$*"
185 local out
186
187 if [ "$VERBOSE" = "1" ]; then
188 echo "COMMAND: ${cmd}"
189 fi
190
191 out=$($cmd 2>&1)
192 rc=$?
193 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
194 echo "$out"
195 fi
196
197 return $rc
198}
199
200run_cmd()
201{
202 do_run_cmd ${NSA_CMD} $*
203}
204
205run_cmd_nsb()
206{
207 do_run_cmd ${NSB_CMD} $*
208}
209
210run_cmd_nsc()
211{
212 do_run_cmd ${NSC_CMD} $*
213}
214
215setup_cmd()
216{
217 local cmd="$*"
218 local rc
219
220 run_cmd ${cmd}
221 rc=$?
222 if [ $rc -ne 0 ]; then
223 # show user the command if not done so already
224 if [ "$VERBOSE" = "0" ]; then
225 echo "setup command: $cmd"
226 fi
227 echo "failed. stopping tests"
228 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
229 echo
230 echo "hit enter to continue"
231 read a
232 fi
233 exit $rc
234 fi
235}
236
237setup_cmd_nsb()
238{
239 local cmd="$*"
240 local rc
241
242 run_cmd_nsb ${cmd}
243 rc=$?
244 if [ $rc -ne 0 ]; then
245 # show user the command if not done so already
246 if [ "$VERBOSE" = "0" ]; then
247 echo "setup command: $cmd"
248 fi
249 echo "failed. stopping tests"
250 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
251 echo
252 echo "hit enter to continue"
253 read a
254 fi
255 exit $rc
256 fi
257}
258
259setup_cmd_nsc()
260{
261 local cmd="$*"
262 local rc
263
264 run_cmd_nsc ${cmd}
265 rc=$?
266 if [ $rc -ne 0 ]; then
267 # show user the command if not done so already
268 if [ "$VERBOSE" = "0" ]; then
269 echo "setup command: $cmd"
270 fi
271 echo "failed. stopping tests"
272 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
273 echo
274 echo "hit enter to continue"
275 read a
276 fi
277 exit $rc
278 fi
279}
280
281# set sysctl values in NS-A
282set_sysctl()
283{
284 echo "SYSCTL: $*"
285 echo
286 run_cmd sysctl -q -w $*
287}
288
289################################################################################
290# Setup for tests
291
292addr2str()
293{
294 case "$1" in
295 127.0.0.1) echo "loopback";;
296 ::1) echo "IPv6 loopback";;
297
298 ${NSA_IP}) echo "ns-A IP";;
299 ${NSA_IP6}) echo "ns-A IPv6";;
300 ${NSA_LO_IP}) echo "ns-A loopback IP";;
301 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
302 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
303
304 ${NSB_IP}) echo "ns-B IP";;
305 ${NSB_IP6}) echo "ns-B IPv6";;
306 ${NSB_LO_IP}) echo "ns-B loopback IP";;
307 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
308 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
309
310 ${VRF_IP}) echo "VRF IP";;
311 ${VRF_IP6}) echo "VRF IPv6";;
312
313 ${MCAST}%*) echo "multicast IP";;
314
315 *) echo "unknown";;
316 esac
317}
318
319get_linklocal()
320{
321 local ns=$1
322 local dev=$2
323 local addr
324
325 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
326 awk '{
327 for (i = 3; i <= NF; ++i) {
328 if ($i ~ /^fe80/)
329 print $i
330 }
331 }'
332 )
333 addr=${addr/\/*}
334
335 [ -z "$addr" ] && return 1
336
337 echo $addr
338
339 return 0
340}
341
342################################################################################
343# create namespaces and vrf
344
345create_vrf()
346{
347 local ns=$1
348 local vrf=$2
349 local table=$3
350 local addr=$4
351 local addr6=$5
352
353 ip -netns ${ns} link add ${vrf} type vrf table ${table}
354 ip -netns ${ns} link set ${vrf} up
355 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
356 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
357
358 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
359 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
360 if [ "${addr}" != "-" ]; then
361 ip -netns ${ns} addr add dev ${vrf} ${addr}
362 fi
363 if [ "${addr6}" != "-" ]; then
364 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
365 fi
366
367 ip -netns ${ns} ru del pref 0
368 ip -netns ${ns} ru add pref 32765 from all lookup local
369 ip -netns ${ns} -6 ru del pref 0
370 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
371}
372
373create_ns()
374{
375 local ns=$1
376 local addr=$2
377 local addr6=$3
378
379 ip netns add ${ns}
380
381 ip -netns ${ns} link set lo up
382 if [ "${addr}" != "-" ]; then
383 ip -netns ${ns} addr add dev lo ${addr}
384 fi
385 if [ "${addr6}" != "-" ]; then
386 ip -netns ${ns} -6 addr add dev lo ${addr6}
387 fi
388
389 ip -netns ${ns} ro add unreachable default metric 8192
390 ip -netns ${ns} -6 ro add unreachable default metric 8192
391
392 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
393 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
394 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
395 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
396}
397
398# create veth pair to connect namespaces and apply addresses.
399connect_ns()
400{
401 local ns1=$1
402 local ns1_dev=$2
403 local ns1_addr=$3
404 local ns1_addr6=$4
405 local ns2=$5
406 local ns2_dev=$6
407 local ns2_addr=$7
408 local ns2_addr6=$8
409
410 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
411 ip -netns ${ns1} li set ${ns1_dev} up
412 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
413 ip -netns ${ns2} li set ${ns2_dev} up
414
415 if [ "${ns1_addr}" != "-" ]; then
416 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
417 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
418 fi
419
420 if [ "${ns1_addr6}" != "-" ]; then
421 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
422 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
423 fi
424}
425
426cleanup()
427{
428 # explicit cleanups to check those code paths
429 ip netns | grep -q ${NSA}
430 if [ $? -eq 0 ]; then
431 ip -netns ${NSA} link delete ${VRF}
432 ip -netns ${NSA} ro flush table ${VRF_TABLE}
433
434 ip -netns ${NSA} addr flush dev ${NSA_DEV}
435 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
436 ip -netns ${NSA} link set dev ${NSA_DEV} down
437 ip -netns ${NSA} link del dev ${NSA_DEV}
438
439 ip netns del ${NSA}
440 fi
441
442 ip netns del ${NSB}
443 ip netns del ${NSC} >/dev/null 2>&1
444}
445
446setup()
447{
448 local with_vrf=${1}
449
450 # make sure we are starting with a clean slate
451 kill_procs
452 cleanup 2>/dev/null
453
454 log_debug "Configuring network namespaces"
455 set -e
456
457 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
458 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
459 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
460 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
461
462 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
463 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
464
465 # tell ns-A how to get to remote addresses of ns-B
466 if [ "${with_vrf}" = "yes" ]; then
467 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
468
469 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
470 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
471 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
472
473 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
474 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
475
476 # some VRF tests use ns-C which has the same config as
477 # ns-B but for a device NOT in the VRF
478 create_ns ${NSC} "-" "-"
479 connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
480 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
481 else
482 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
483 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
484 fi
485
486
487 # tell ns-B how to get to remote addresses of ns-A
488 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
489 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
490
491 set +e
492
493 sleep 1
494}
495
496setup_lla_only()
497{
498 # make sure we are starting with a clean slate
499 kill_procs
500 cleanup 2>/dev/null
501
502 log_debug "Configuring network namespaces"
503 set -e
504
505 create_ns ${NSA} "-" "-"
506 create_ns ${NSB} "-" "-"
507 create_ns ${NSC} "-" "-"
508 connect_ns ${NSA} ${NSA_DEV} "-" "-" \
509 ${NSB} ${NSB_DEV} "-" "-"
510 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
511 ${NSC} ${NSC_DEV} "-" "-"
512
513 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
514 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
515 NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV})
516
517 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
518 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
519 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
520
521 set +e
522
523 sleep 1
524}
525
526################################################################################
527# IPv4
528
529ipv4_ping_novrf()
530{
531 local a
532
533 #
534 # out
535 #
536 for a in ${NSB_IP} ${NSB_LO_IP}
537 do
538 log_start
539 run_cmd ping -c1 -w1 ${a}
540 log_test_addr ${a} $? 0 "ping out"
541
542 log_start
543 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
544 log_test_addr ${a} $? 0 "ping out, device bind"
545
546 log_start
547 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
548 log_test_addr ${a} $? 0 "ping out, address bind"
549 done
550
551 #
552 # in
553 #
554 for a in ${NSA_IP} ${NSA_LO_IP}
555 do
556 log_start
557 run_cmd_nsb ping -c1 -w1 ${a}
558 log_test_addr ${a} $? 0 "ping in"
559 done
560
561 #
562 # local traffic
563 #
564 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
565 do
566 log_start
567 run_cmd ping -c1 -w1 ${a}
568 log_test_addr ${a} $? 0 "ping local"
569 done
570
571 #
572 # local traffic, socket bound to device
573 #
574 # address on device
575 a=${NSA_IP}
576 log_start
577 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
578 log_test_addr ${a} $? 0 "ping local, device bind"
579
580 # loopback addresses not reachable from device bind
581 # fails in a really weird way though because ipv4 special cases
582 # route lookups with oif set.
583 for a in ${NSA_LO_IP} 127.0.0.1
584 do
585 log_start
586 show_hint "Fails since address on loopback device is out of device scope"
587 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
588 log_test_addr ${a} $? 1 "ping local, device bind"
589 done
590
591 #
592 # ip rule blocks reachability to remote address
593 #
594 log_start
595 setup_cmd ip rule add pref 32765 from all lookup local
596 setup_cmd ip rule del pref 0 from all lookup local
597 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
598 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
599
600 a=${NSB_LO_IP}
601 run_cmd ping -c1 -w1 ${a}
602 log_test_addr ${a} $? 2 "ping out, blocked by rule"
603
604 # NOTE: ipv4 actually allows the lookup to fail and yet still create
605 # a viable rtable if the oif (e.g., bind to device) is set, so this
606 # case succeeds despite the rule
607 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
608
609 a=${NSA_LO_IP}
610 log_start
611 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
612 run_cmd_nsb ping -c1 -w1 ${a}
613 log_test_addr ${a} $? 1 "ping in, blocked by rule"
614
615 [ "$VERBOSE" = "1" ] && echo
616 setup_cmd ip rule del pref 32765 from all lookup local
617 setup_cmd ip rule add pref 0 from all lookup local
618 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
619 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
620
621 #
622 # route blocks reachability to remote address
623 #
624 log_start
625 setup_cmd ip route replace unreachable ${NSB_LO_IP}
626 setup_cmd ip route replace unreachable ${NSB_IP}
627
628 a=${NSB_LO_IP}
629 run_cmd ping -c1 -w1 ${a}
630 log_test_addr ${a} $? 2 "ping out, blocked by route"
631
632 # NOTE: ipv4 actually allows the lookup to fail and yet still create
633 # a viable rtable if the oif (e.g., bind to device) is set, so this
634 # case succeeds despite not having a route for the address
635 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
636
637 a=${NSA_LO_IP}
638 log_start
639 show_hint "Response is dropped (or arp request is ignored) due to ip route"
640 run_cmd_nsb ping -c1 -w1 ${a}
641 log_test_addr ${a} $? 1 "ping in, blocked by route"
642
643 #
644 # remove 'remote' routes; fallback to default
645 #
646 log_start
647 setup_cmd ip ro del ${NSB_LO_IP}
648
649 a=${NSB_LO_IP}
650 run_cmd ping -c1 -w1 ${a}
651 log_test_addr ${a} $? 2 "ping out, unreachable default route"
652
653 # NOTE: ipv4 actually allows the lookup to fail and yet still create
654 # a viable rtable if the oif (e.g., bind to device) is set, so this
655 # case succeeds despite not having a route for the address
656 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
657}
658
659ipv4_ping_vrf()
660{
661 local a
662
663 # should default on; does not exist on older kernels
664 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
665
666 #
667 # out
668 #
669 for a in ${NSB_IP} ${NSB_LO_IP}
670 do
671 log_start
672 run_cmd ping -c1 -w1 -I ${VRF} ${a}
673 log_test_addr ${a} $? 0 "ping out, VRF bind"
674
675 log_start
676 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
677 log_test_addr ${a} $? 0 "ping out, device bind"
678
679 log_start
680 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
681 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
682
683 log_start
684 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
685 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
686 done
687
688 #
689 # in
690 #
691 for a in ${NSA_IP} ${VRF_IP}
692 do
693 log_start
694 run_cmd_nsb ping -c1 -w1 ${a}
695 log_test_addr ${a} $? 0 "ping in"
696 done
697
698 #
699 # local traffic, local address
700 #
701 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
702 do
703 log_start
704 show_hint "Source address should be ${a}"
705 run_cmd ping -c1 -w1 -I ${VRF} ${a}
706 log_test_addr ${a} $? 0 "ping local, VRF bind"
707 done
708
709 #
710 # local traffic, socket bound to device
711 #
712 # address on device
713 a=${NSA_IP}
714 log_start
715 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
716 log_test_addr ${a} $? 0 "ping local, device bind"
717
718 # vrf device is out of scope
719 for a in ${VRF_IP} 127.0.0.1
720 do
721 log_start
722 show_hint "Fails since address on vrf device is out of device scope"
723 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
724 log_test_addr ${a} $? 1 "ping local, device bind"
725 done
726
727 #
728 # ip rule blocks address
729 #
730 log_start
731 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
732 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
733
734 a=${NSB_LO_IP}
735 run_cmd ping -c1 -w1 -I ${VRF} ${a}
736 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
737
738 log_start
739 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
740 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
741
742 a=${NSA_LO_IP}
743 log_start
744 show_hint "Response lost due to ip rule"
745 run_cmd_nsb ping -c1 -w1 ${a}
746 log_test_addr ${a} $? 1 "ping in, blocked by rule"
747
748 [ "$VERBOSE" = "1" ] && echo
749 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
750 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
751
752 #
753 # remove 'remote' routes; fallback to default
754 #
755 log_start
756 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
757
758 a=${NSB_LO_IP}
759 run_cmd ping -c1 -w1 -I ${VRF} ${a}
760 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
761
762 log_start
763 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
764 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
765
766 a=${NSA_LO_IP}
767 log_start
768 show_hint "Response lost by unreachable route"
769 run_cmd_nsb ping -c1 -w1 ${a}
770 log_test_addr ${a} $? 1 "ping in, unreachable route"
771}
772
773ipv4_ping()
774{
775 log_section "IPv4 ping"
776
777 log_subsection "No VRF"
778 setup
779 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
780 ipv4_ping_novrf
781 setup
782 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
783 ipv4_ping_novrf
784
785 log_subsection "With VRF"
786 setup "yes"
787 ipv4_ping_vrf
788}
789
790################################################################################
791# IPv4 TCP
792
793#
794# MD5 tests without VRF
795#
796ipv4_tcp_md5_novrf()
797{
798 #
799 # single address
800 #
801
802 # basic use case
803 log_start
804 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
805 sleep 1
806 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
807 log_test $? 0 "MD5: Single address config"
808
809 # client sends MD5, server not configured
810 log_start
811 show_hint "Should timeout due to MD5 mismatch"
812 run_cmd nettest -s &
813 sleep 1
814 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
815 log_test $? 2 "MD5: Server no config, client uses password"
816
817 # wrong password
818 log_start
819 show_hint "Should timeout since client uses wrong password"
820 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
821 sleep 1
822 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
823 log_test $? 2 "MD5: Client uses wrong password"
824
825 # client from different address
826 log_start
827 show_hint "Should timeout due to MD5 mismatch"
828 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
829 sleep 1
830 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
831 log_test $? 2 "MD5: Client address does not match address configured with password"
832
833 #
834 # MD5 extension - prefix length
835 #
836
837 # client in prefix
838 log_start
839 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
840 sleep 1
841 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
842 log_test $? 0 "MD5: Prefix config"
843
844 # client in prefix, wrong password
845 log_start
846 show_hint "Should timeout since client uses wrong password"
847 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
848 sleep 1
849 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
850 log_test $? 2 "MD5: Prefix config, client uses wrong password"
851
852 # client outside of prefix
853 log_start
854 show_hint "Should timeout due to MD5 mismatch"
855 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
856 sleep 1
857 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
858 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
859}
860
861#
862# MD5 tests with VRF
863#
864ipv4_tcp_md5()
865{
866 #
867 # single address
868 #
869
870 # basic use case
871 log_start
872 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
873 sleep 1
874 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
875 log_test $? 0 "MD5: VRF: Single address config"
876
877 # client sends MD5, server not configured
878 log_start
879 show_hint "Should timeout since server does not have MD5 auth"
880 run_cmd nettest -s -I ${VRF} &
881 sleep 1
882 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
883 log_test $? 2 "MD5: VRF: Server no config, client uses password"
884
885 # wrong password
886 log_start
887 show_hint "Should timeout since client uses wrong password"
888 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
889 sleep 1
890 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
891 log_test $? 2 "MD5: VRF: Client uses wrong password"
892
893 # client from different address
894 log_start
895 show_hint "Should timeout since server config differs from client"
896 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
897 sleep 1
898 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
899 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
900
901 #
902 # MD5 extension - prefix length
903 #
904
905 # client in prefix
906 log_start
907 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
908 sleep 1
909 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
910 log_test $? 0 "MD5: VRF: Prefix config"
911
912 # client in prefix, wrong password
913 log_start
914 show_hint "Should timeout since client uses wrong password"
915 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
916 sleep 1
917 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
918 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
919
920 # client outside of prefix
921 log_start
922 show_hint "Should timeout since client address is outside of prefix"
923 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
924 sleep 1
925 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
926 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
927
928 #
929 # duplicate config between default VRF and a VRF
930 #
931
932 log_start
933 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
934 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
935 sleep 1
936 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
937 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
938
939 log_start
940 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
941 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
942 sleep 1
943 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
944 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
945
946 log_start
947 show_hint "Should timeout since client in default VRF uses VRF password"
948 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
949 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
950 sleep 1
951 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
952 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
953
954 log_start
955 show_hint "Should timeout since client in VRF uses default VRF password"
956 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
957 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
958 sleep 1
959 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
960 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
961
962 log_start
963 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
964 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
965 sleep 1
966 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
967 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
968
969 log_start
970 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
971 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
972 sleep 1
973 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
974 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
975
976 log_start
977 show_hint "Should timeout since client in default VRF uses VRF password"
978 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
979 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
980 sleep 1
981 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
982 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
983
984 log_start
985 show_hint "Should timeout since client in VRF uses default VRF password"
986 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
987 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
988 sleep 1
989 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
990 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
991
992 #
993 # negative tests
994 #
995 log_start
996 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
997 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
998
999 log_start
1000 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
1001 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1002
1003}
1004
1005ipv4_tcp_novrf()
1006{
1007 local a
1008
1009 #
1010 # server tests
1011 #
1012 for a in ${NSA_IP} ${NSA_LO_IP}
1013 do
1014 log_start
1015 run_cmd nettest -s &
1016 sleep 1
1017 run_cmd_nsb nettest -r ${a}
1018 log_test_addr ${a} $? 0 "Global server"
1019 done
1020
1021 a=${NSA_IP}
1022 log_start
1023 run_cmd nettest -s -I ${NSA_DEV} &
1024 sleep 1
1025 run_cmd_nsb nettest -r ${a}
1026 log_test_addr ${a} $? 0 "Device server"
1027
1028 # verify TCP reset sent and received
1029 for a in ${NSA_IP} ${NSA_LO_IP}
1030 do
1031 log_start
1032 show_hint "Should fail 'Connection refused' since there is no server"
1033 run_cmd_nsb nettest -r ${a}
1034 log_test_addr ${a} $? 1 "No server"
1035 done
1036
1037 #
1038 # client
1039 #
1040 for a in ${NSB_IP} ${NSB_LO_IP}
1041 do
1042 log_start
1043 run_cmd_nsb nettest -s &
1044 sleep 1
1045 run_cmd nettest -r ${a} -0 ${NSA_IP}
1046 log_test_addr ${a} $? 0 "Client"
1047
1048 log_start
1049 run_cmd_nsb nettest -s &
1050 sleep 1
1051 run_cmd nettest -r ${a} -d ${NSA_DEV}
1052 log_test_addr ${a} $? 0 "Client, device bind"
1053
1054 log_start
1055 show_hint "Should fail 'Connection refused'"
1056 run_cmd nettest -r ${a}
1057 log_test_addr ${a} $? 1 "No server, unbound client"
1058
1059 log_start
1060 show_hint "Should fail 'Connection refused'"
1061 run_cmd nettest -r ${a} -d ${NSA_DEV}
1062 log_test_addr ${a} $? 1 "No server, device client"
1063 done
1064
1065 #
1066 # local address tests
1067 #
1068 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1069 do
1070 log_start
1071 run_cmd nettest -s &
1072 sleep 1
1073 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1074 log_test_addr ${a} $? 0 "Global server, local connection"
1075 done
1076
1077 a=${NSA_IP}
1078 log_start
1079 run_cmd nettest -s -I ${NSA_DEV} &
1080 sleep 1
1081 run_cmd nettest -r ${a} -0 ${a}
1082 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1083
1084 for a in ${NSA_LO_IP} 127.0.0.1
1085 do
1086 log_start
1087 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
1088 run_cmd nettest -s -I ${NSA_DEV} &
1089 sleep 1
1090 run_cmd nettest -r ${a}
1091 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1092 done
1093
1094 a=${NSA_IP}
1095 log_start
1096 run_cmd nettest -s &
1097 sleep 1
1098 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1099 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1100
1101 for a in ${NSA_LO_IP} 127.0.0.1
1102 do
1103 log_start
1104 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
1105 run_cmd nettest -s &
1106 sleep 1
1107 run_cmd nettest -r ${a} -d ${NSA_DEV}
1108 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1109 done
1110
1111 a=${NSA_IP}
1112 log_start
1113 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1114 sleep 1
1115 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1116 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1117
1118 log_start
1119 show_hint "Should fail 'Connection refused'"
1120 run_cmd nettest -d ${NSA_DEV} -r ${a}
1121 log_test_addr ${a} $? 1 "No server, device client, local conn"
1122
1123 ipv4_tcp_md5_novrf
1124}
1125
1126ipv4_tcp_vrf()
1127{
1128 local a
1129
1130 # disable global server
1131 log_subsection "Global server disabled"
1132
1133 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1134
1135 #
1136 # server tests
1137 #
1138 for a in ${NSA_IP} ${VRF_IP}
1139 do
1140 log_start
1141 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1142 run_cmd nettest -s &
1143 sleep 1
1144 run_cmd_nsb nettest -r ${a}
1145 log_test_addr ${a} $? 1 "Global server"
1146
1147 log_start
1148 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1149 sleep 1
1150 run_cmd_nsb nettest -r ${a}
1151 log_test_addr ${a} $? 0 "VRF server"
1152
1153 log_start
1154 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1155 sleep 1
1156 run_cmd_nsb nettest -r ${a}
1157 log_test_addr ${a} $? 0 "Device server"
1158
1159 # verify TCP reset received
1160 log_start
1161 show_hint "Should fail 'Connection refused' since there is no server"
1162 run_cmd_nsb nettest -r ${a}
1163 log_test_addr ${a} $? 1 "No server"
1164 done
1165
1166 # local address tests
1167 # (${VRF_IP} and 127.0.0.1 both timeout)
1168 a=${NSA_IP}
1169 log_start
1170 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1171 run_cmd nettest -s &
1172 sleep 1
1173 run_cmd nettest -r ${a} -d ${NSA_DEV}
1174 log_test_addr ${a} $? 1 "Global server, local connection"
1175
1176 # run MD5 tests
1177 ipv4_tcp_md5
1178
1179 #
1180 # enable VRF global server
1181 #
1182 log_subsection "VRF Global server enabled"
1183 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1184
1185 for a in ${NSA_IP} ${VRF_IP}
1186 do
1187 log_start
1188 show_hint "client socket should be bound to VRF"
1189 run_cmd nettest -s -3 ${VRF} &
1190 sleep 1
1191 run_cmd_nsb nettest -r ${a}
1192 log_test_addr ${a} $? 0 "Global server"
1193
1194 log_start
1195 show_hint "client socket should be bound to VRF"
1196 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1197 sleep 1
1198 run_cmd_nsb nettest -r ${a}
1199 log_test_addr ${a} $? 0 "VRF server"
1200
1201 # verify TCP reset received
1202 log_start
1203 show_hint "Should fail 'Connection refused'"
1204 run_cmd_nsb nettest -r ${a}
1205 log_test_addr ${a} $? 1 "No server"
1206 done
1207
1208 a=${NSA_IP}
1209 log_start
1210 show_hint "client socket should be bound to device"
1211 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1212 sleep 1
1213 run_cmd_nsb nettest -r ${a}
1214 log_test_addr ${a} $? 0 "Device server"
1215
1216 # local address tests
1217 for a in ${NSA_IP} ${VRF_IP}
1218 do
1219 log_start
1220 show_hint "Should fail 'Connection refused' since client is not bound to VRF"
1221 run_cmd nettest -s -I ${VRF} &
1222 sleep 1
1223 run_cmd nettest -r ${a}
1224 log_test_addr ${a} $? 1 "Global server, local connection"
1225 done
1226
1227 #
1228 # client
1229 #
1230 for a in ${NSB_IP} ${NSB_LO_IP}
1231 do
1232 log_start
1233 run_cmd_nsb nettest -s &
1234 sleep 1
1235 run_cmd nettest -r ${a} -d ${VRF}
1236 log_test_addr ${a} $? 0 "Client, VRF bind"
1237
1238 log_start
1239 run_cmd_nsb nettest -s &
1240 sleep 1
1241 run_cmd nettest -r ${a} -d ${NSA_DEV}
1242 log_test_addr ${a} $? 0 "Client, device bind"
1243
1244 log_start
1245 show_hint "Should fail 'Connection refused'"
1246 run_cmd nettest -r ${a} -d ${VRF}
1247 log_test_addr ${a} $? 1 "No server, VRF client"
1248
1249 log_start
1250 show_hint "Should fail 'Connection refused'"
1251 run_cmd nettest -r ${a} -d ${NSA_DEV}
1252 log_test_addr ${a} $? 1 "No server, device client"
1253 done
1254
1255 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1256 do
1257 log_start
1258 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1259 sleep 1
1260 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1261 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1262 done
1263
1264 a=${NSA_IP}
1265 log_start
1266 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1267 sleep 1
1268 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1269 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1270
1271 log_start
1272 show_hint "Should fail 'No route to host' since client is out of VRF scope"
1273 run_cmd nettest -s -I ${VRF} &
1274 sleep 1
1275 run_cmd nettest -r ${a}
1276 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1277
1278 log_start
1279 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1280 sleep 1
1281 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1282 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1283
1284 log_start
1285 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1286 sleep 1
1287 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1288 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1289}
1290
1291ipv4_tcp()
1292{
1293 log_section "IPv4/TCP"
1294 log_subsection "No VRF"
1295 setup
1296
1297 # tcp_l3mdev_accept should have no affect without VRF;
1298 # run tests with it enabled and disabled to verify
1299 log_subsection "tcp_l3mdev_accept disabled"
1300 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1301 ipv4_tcp_novrf
1302 log_subsection "tcp_l3mdev_accept enabled"
1303 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1304 ipv4_tcp_novrf
1305
1306 log_subsection "With VRF"
1307 setup "yes"
1308 ipv4_tcp_vrf
1309}
1310
1311################################################################################
1312# IPv4 UDP
1313
1314ipv4_udp_novrf()
1315{
1316 local a
1317
1318 #
1319 # server tests
1320 #
1321 for a in ${NSA_IP} ${NSA_LO_IP}
1322 do
1323 log_start
1324 run_cmd nettest -D -s -3 ${NSA_DEV} &
1325 sleep 1
1326 run_cmd_nsb nettest -D -r ${a}
1327 log_test_addr ${a} $? 0 "Global server"
1328
1329 log_start
1330 show_hint "Should fail 'Connection refused' since there is no server"
1331 run_cmd_nsb nettest -D -r ${a}
1332 log_test_addr ${a} $? 1 "No server"
1333 done
1334
1335 a=${NSA_IP}
1336 log_start
1337 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1338 sleep 1
1339 run_cmd_nsb nettest -D -r ${a}
1340 log_test_addr ${a} $? 0 "Device server"
1341
1342 #
1343 # client
1344 #
1345 for a in ${NSB_IP} ${NSB_LO_IP}
1346 do
1347 log_start
1348 run_cmd_nsb nettest -D -s &
1349 sleep 1
1350 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1351 log_test_addr ${a} $? 0 "Client"
1352
1353 log_start
1354 run_cmd_nsb nettest -D -s &
1355 sleep 1
1356 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1357 log_test_addr ${a} $? 0 "Client, device bind"
1358
1359 log_start
1360 run_cmd_nsb nettest -D -s &
1361 sleep 1
1362 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1363 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1364
1365 log_start
1366 run_cmd_nsb nettest -D -s &
1367 sleep 1
1368 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1369 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1370
1371 log_start
1372 show_hint "Should fail 'Connection refused'"
1373 run_cmd nettest -D -r ${a}
1374 log_test_addr ${a} $? 1 "No server, unbound client"
1375
1376 log_start
1377 show_hint "Should fail 'Connection refused'"
1378 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1379 log_test_addr ${a} $? 1 "No server, device client"
1380 done
1381
1382 #
1383 # local address tests
1384 #
1385 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1386 do
1387 log_start
1388 run_cmd nettest -D -s &
1389 sleep 1
1390 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1391 log_test_addr ${a} $? 0 "Global server, local connection"
1392 done
1393
1394 a=${NSA_IP}
1395 log_start
1396 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1397 sleep 1
1398 run_cmd nettest -D -r ${a}
1399 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1400
1401 for a in ${NSA_LO_IP} 127.0.0.1
1402 do
1403 log_start
1404 show_hint "Should fail 'Connection refused' since address is out of device scope"
1405 run_cmd nettest -s -D -I ${NSA_DEV} &
1406 sleep 1
1407 run_cmd nettest -D -r ${a}
1408 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1409 done
1410
1411 a=${NSA_IP}
1412 log_start
1413 run_cmd nettest -s -D &
1414 sleep 1
1415 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1416 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1417
1418 log_start
1419 run_cmd nettest -s -D &
1420 sleep 1
1421 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1422 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1423
1424 log_start
1425 run_cmd nettest -s -D &
1426 sleep 1
1427 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1428 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1429
1430 # IPv4 with device bind has really weird behavior - it overrides the
1431 # fib lookup, generates an rtable and tries to send the packet. This
1432 # causes failures for local traffic at different places
1433 for a in ${NSA_LO_IP} 127.0.0.1
1434 do
1435 log_start
1436 show_hint "Should fail since addresses on loopback are out of device scope"
1437 run_cmd nettest -D -s &
1438 sleep 1
1439 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1440 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1441
1442 log_start
1443 show_hint "Should fail since addresses on loopback are out of device scope"
1444 run_cmd nettest -D -s &
1445 sleep 1
1446 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1447 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1448
1449 log_start
1450 show_hint "Should fail since addresses on loopback are out of device scope"
1451 run_cmd nettest -D -s &
1452 sleep 1
1453 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1454 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1455 done
1456
1457 a=${NSA_IP}
1458 log_start
1459 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1460 sleep 1
1461 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1462 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1463
1464 log_start
1465 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1466 log_test_addr ${a} $? 2 "No server, device client, local conn"
1467}
1468
1469ipv4_udp_vrf()
1470{
1471 local a
1472
1473 # disable global server
1474 log_subsection "Global server disabled"
1475 set_sysctl net.ipv4.udp_l3mdev_accept=0
1476
1477 #
1478 # server tests
1479 #
1480 for a in ${NSA_IP} ${VRF_IP}
1481 do
1482 log_start
1483 show_hint "Fails because ingress is in a VRF and global server is disabled"
1484 run_cmd nettest -D -s &
1485 sleep 1
1486 run_cmd_nsb nettest -D -r ${a}
1487 log_test_addr ${a} $? 1 "Global server"
1488
1489 log_start
1490 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1491 sleep 1
1492 run_cmd_nsb nettest -D -r ${a}
1493 log_test_addr ${a} $? 0 "VRF server"
1494
1495 log_start
1496 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1497 sleep 1
1498 run_cmd_nsb nettest -D -r ${a}
1499 log_test_addr ${a} $? 0 "Enslaved device server"
1500
1501 log_start
1502 show_hint "Should fail 'Connection refused' since there is no server"
1503 run_cmd_nsb nettest -D -r ${a}
1504 log_test_addr ${a} $? 1 "No server"
1505
1506 log_start
1507 show_hint "Should fail 'Connection refused' since global server is out of scope"
1508 run_cmd nettest -D -s &
1509 sleep 1
1510 run_cmd nettest -D -d ${VRF} -r ${a}
1511 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1512 done
1513
1514 a=${NSA_IP}
1515 log_start
1516 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1517 sleep 1
1518 run_cmd nettest -D -d ${VRF} -r ${a}
1519 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1520
1521 log_start
1522 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1523 sleep 1
1524 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1525 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1526
1527 a=${NSA_IP}
1528 log_start
1529 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1530 sleep 1
1531 run_cmd nettest -D -d ${VRF} -r ${a}
1532 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1533
1534 log_start
1535 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1536 sleep 1
1537 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1538 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1539
1540 # enable global server
1541 log_subsection "Global server enabled"
1542 set_sysctl net.ipv4.udp_l3mdev_accept=1
1543
1544 #
1545 # server tests
1546 #
1547 for a in ${NSA_IP} ${VRF_IP}
1548 do
1549 log_start
1550 run_cmd nettest -D -s -3 ${NSA_DEV} &
1551 sleep 1
1552 run_cmd_nsb nettest -D -r ${a}
1553 log_test_addr ${a} $? 0 "Global server"
1554
1555 log_start
1556 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1557 sleep 1
1558 run_cmd_nsb nettest -D -r ${a}
1559 log_test_addr ${a} $? 0 "VRF server"
1560
1561 log_start
1562 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1563 sleep 1
1564 run_cmd_nsb nettest -D -r ${a}
1565 log_test_addr ${a} $? 0 "Enslaved device server"
1566
1567 log_start
1568 show_hint "Should fail 'Connection refused'"
1569 run_cmd_nsb nettest -D -r ${a}
1570 log_test_addr ${a} $? 1 "No server"
1571 done
1572
1573 #
1574 # client tests
1575 #
1576 log_start
1577 run_cmd_nsb nettest -D -s &
1578 sleep 1
1579 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1580 log_test $? 0 "VRF client"
1581
1582 log_start
1583 run_cmd_nsb nettest -D -s &
1584 sleep 1
1585 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1586 log_test $? 0 "Enslaved device client"
1587
1588 # negative test - should fail
1589 log_start
1590 show_hint "Should fail 'Connection refused'"
1591 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1592 log_test $? 1 "No server, VRF client"
1593
1594 log_start
1595 show_hint "Should fail 'Connection refused'"
1596 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1597 log_test $? 1 "No server, enslaved device client"
1598
1599 #
1600 # local address tests
1601 #
1602 a=${NSA_IP}
1603 log_start
1604 run_cmd nettest -D -s -3 ${NSA_DEV} &
1605 sleep 1
1606 run_cmd nettest -D -d ${VRF} -r ${a}
1607 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1608
1609 log_start
1610 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1611 sleep 1
1612 run_cmd nettest -D -d ${VRF} -r ${a}
1613 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1614
1615 log_start
1616 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1617 sleep 1
1618 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1619 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1620
1621 log_start
1622 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1623 sleep 1
1624 run_cmd nettest -D -d ${VRF} -r ${a}
1625 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1626
1627 log_start
1628 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1629 sleep 1
1630 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1631 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1632
1633 for a in ${VRF_IP} 127.0.0.1
1634 do
1635 log_start
1636 run_cmd nettest -D -s -3 ${VRF} &
1637 sleep 1
1638 run_cmd nettest -D -d ${VRF} -r ${a}
1639 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1640 done
1641
1642 for a in ${VRF_IP} 127.0.0.1
1643 do
1644 log_start
1645 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
1646 sleep 1
1647 run_cmd nettest -D -d ${VRF} -r ${a}
1648 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1649 done
1650
1651 # negative test - should fail
1652 # verifies ECONNREFUSED
1653 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1654 do
1655 log_start
1656 show_hint "Should fail 'Connection refused'"
1657 run_cmd nettest -D -d ${VRF} -r ${a}
1658 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1659 done
1660}
1661
1662ipv4_udp()
1663{
1664 log_section "IPv4/UDP"
1665 log_subsection "No VRF"
1666
1667 setup
1668
1669 # udp_l3mdev_accept should have no affect without VRF;
1670 # run tests with it enabled and disabled to verify
1671 log_subsection "udp_l3mdev_accept disabled"
1672 set_sysctl net.ipv4.udp_l3mdev_accept=0
1673 ipv4_udp_novrf
1674 log_subsection "udp_l3mdev_accept enabled"
1675 set_sysctl net.ipv4.udp_l3mdev_accept=1
1676 ipv4_udp_novrf
1677
1678 log_subsection "With VRF"
1679 setup "yes"
1680 ipv4_udp_vrf
1681}
1682
1683################################################################################
1684# IPv4 address bind
1685#
1686# verifies ability or inability to bind to an address / device
1687
1688ipv4_addr_bind_novrf()
1689{
1690 #
1691 # raw socket
1692 #
1693 for a in ${NSA_IP} ${NSA_LO_IP}
1694 do
1695 log_start
1696 run_cmd nettest -s -R -P icmp -l ${a} -b
1697 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1698
1699 log_start
1700 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1701 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1702 done
1703
1704 #
1705 # tcp sockets
1706 #
1707 a=${NSA_IP}
1708 log_start
1709 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1710 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1711
1712 log_start
1713 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1714 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1715
1716 # Sadly, the kernel allows binding a socket to a device and then
1717 # binding to an address not on the device. The only restriction
1718 # is that the address is valid in the L3 domain. So this test
1719 # passes when it really should not
1720 #a=${NSA_LO_IP}
1721 #log_start
1722 #show_hint "Should fail with 'Cannot assign requested address'"
1723 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1724 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1725}
1726
1727ipv4_addr_bind_vrf()
1728{
1729 #
1730 # raw socket
1731 #
1732 for a in ${NSA_IP} ${VRF_IP}
1733 do
1734 log_start
1735 run_cmd nettest -s -R -P icmp -l ${a} -b
1736 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1737
1738 log_start
1739 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1740 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1741 log_start
1742 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1743 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1744 done
1745
1746 a=${NSA_LO_IP}
1747 log_start
1748 show_hint "Address on loopback is out of VRF scope"
1749 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1750 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1751
1752 #
1753 # tcp sockets
1754 #
1755 for a in ${NSA_IP} ${VRF_IP}
1756 do
1757 log_start
1758 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
1759 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1760
1761 log_start
1762 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1763 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1764 done
1765
1766 a=${NSA_LO_IP}
1767 log_start
1768 show_hint "Address on loopback out of scope for VRF"
1769 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
1770 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1771
1772 log_start
1773 show_hint "Address on loopback out of scope for device in VRF"
1774 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1775 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1776}
1777
1778ipv4_addr_bind()
1779{
1780 log_section "IPv4 address binds"
1781
1782 log_subsection "No VRF"
1783 setup
1784 ipv4_addr_bind_novrf
1785
1786 log_subsection "With VRF"
1787 setup "yes"
1788 ipv4_addr_bind_vrf
1789}
1790
1791################################################################################
1792# IPv4 runtime tests
1793
1794ipv4_rt()
1795{
1796 local desc="$1"
1797 local varg="$2"
1798 local with_vrf="yes"
1799 local a
1800
1801 #
1802 # server tests
1803 #
1804 for a in ${NSA_IP} ${VRF_IP}
1805 do
1806 log_start
1807 run_cmd nettest ${varg} -s &
1808 sleep 1
1809 run_cmd_nsb nettest ${varg} -r ${a} &
1810 sleep 3
1811 run_cmd ip link del ${VRF}
1812 sleep 1
1813 log_test_addr ${a} 0 0 "${desc}, global server"
1814
1815 setup ${with_vrf}
1816 done
1817
1818 for a in ${NSA_IP} ${VRF_IP}
1819 do
1820 log_start
1821 run_cmd nettest ${varg} -s -I ${VRF} &
1822 sleep 1
1823 run_cmd_nsb nettest ${varg} -r ${a} &
1824 sleep 3
1825 run_cmd ip link del ${VRF}
1826 sleep 1
1827 log_test_addr ${a} 0 0 "${desc}, VRF server"
1828
1829 setup ${with_vrf}
1830 done
1831
1832 a=${NSA_IP}
1833 log_start
1834 run_cmd nettest ${varg} -s -I ${NSA_DEV} &
1835 sleep 1
1836 run_cmd_nsb nettest ${varg} -r ${a} &
1837 sleep 3
1838 run_cmd ip link del ${VRF}
1839 sleep 1
1840 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1841
1842 setup ${with_vrf}
1843
1844 #
1845 # client test
1846 #
1847 log_start
1848 run_cmd_nsb nettest ${varg} -s &
1849 sleep 1
1850 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
1851 sleep 3
1852 run_cmd ip link del ${VRF}
1853 sleep 1
1854 log_test_addr ${a} 0 0 "${desc}, VRF client"
1855
1856 setup ${with_vrf}
1857
1858 log_start
1859 run_cmd_nsb nettest ${varg} -s &
1860 sleep 1
1861 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1862 sleep 3
1863 run_cmd ip link del ${VRF}
1864 sleep 1
1865 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1866
1867 setup ${with_vrf}
1868
1869 #
1870 # local address tests
1871 #
1872 for a in ${NSA_IP} ${VRF_IP}
1873 do
1874 log_start
1875 run_cmd nettest ${varg} -s &
1876 sleep 1
1877 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1878 sleep 3
1879 run_cmd ip link del ${VRF}
1880 sleep 1
1881 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1882
1883 setup ${with_vrf}
1884 done
1885
1886 for a in ${NSA_IP} ${VRF_IP}
1887 do
1888 log_start
1889 run_cmd nettest ${varg} -I ${VRF} -s &
1890 sleep 1
1891 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1892 sleep 3
1893 run_cmd ip link del ${VRF}
1894 sleep 1
1895 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1896
1897 setup ${with_vrf}
1898 done
1899
1900 a=${NSA_IP}
1901 log_start
1902 run_cmd nettest ${varg} -s &
1903 sleep 1
1904 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1905 sleep 3
1906 run_cmd ip link del ${VRF}
1907 sleep 1
1908 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
1909
1910 setup ${with_vrf}
1911
1912 log_start
1913 run_cmd nettest ${varg} -I ${VRF} -s &
1914 sleep 1
1915 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1916 sleep 3
1917 run_cmd ip link del ${VRF}
1918 sleep 1
1919 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1920
1921 setup ${with_vrf}
1922
1923 log_start
1924 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
1925 sleep 1
1926 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1927 sleep 3
1928 run_cmd ip link del ${VRF}
1929 sleep 1
1930 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
1931}
1932
1933ipv4_ping_rt()
1934{
1935 local with_vrf="yes"
1936 local a
1937
1938 for a in ${NSA_IP} ${VRF_IP}
1939 do
1940 log_start
1941 run_cmd_nsb ping -f ${a} &
1942 sleep 3
1943 run_cmd ip link del ${VRF}
1944 sleep 1
1945 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
1946
1947 setup ${with_vrf}
1948 done
1949
1950 a=${NSB_IP}
1951 log_start
1952 run_cmd ping -f -I ${VRF} ${a} &
1953 sleep 3
1954 run_cmd ip link del ${VRF}
1955 sleep 1
1956 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
1957}
1958
1959ipv4_runtime()
1960{
1961 log_section "Run time tests - ipv4"
1962
1963 setup "yes"
1964 ipv4_ping_rt
1965
1966 setup "yes"
1967 ipv4_rt "TCP active socket" "-n -1"
1968
1969 setup "yes"
1970 ipv4_rt "TCP passive socket" "-i"
1971}
1972
1973################################################################################
1974# IPv6
1975
1976ipv6_ping_novrf()
1977{
1978 local a
1979
1980 # should not have an impact, but make a known state
1981 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
1982
1983 #
1984 # out
1985 #
1986 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1987 do
1988 log_start
1989 run_cmd ${ping6} -c1 -w1 ${a}
1990 log_test_addr ${a} $? 0 "ping out"
1991 done
1992
1993 for a in ${NSB_IP6} ${NSB_LO_IP6}
1994 do
1995 log_start
1996 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1997 log_test_addr ${a} $? 0 "ping out, device bind"
1998
1999 log_start
2000 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2001 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2002 done
2003
2004 #
2005 # in
2006 #
2007 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2008 do
2009 log_start
2010 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2011 log_test_addr ${a} $? 0 "ping in"
2012 done
2013
2014 #
2015 # local traffic, local address
2016 #
2017 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2018 do
2019 log_start
2020 run_cmd ${ping6} -c1 -w1 ${a}
2021 log_test_addr ${a} $? 0 "ping local, no bind"
2022 done
2023
2024 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2025 do
2026 log_start
2027 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2028 log_test_addr ${a} $? 0 "ping local, device bind"
2029 done
2030
2031 for a in ${NSA_LO_IP6} ::1
2032 do
2033 log_start
2034 show_hint "Fails since address on loopback is out of device scope"
2035 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2036 log_test_addr ${a} $? 2 "ping local, device bind"
2037 done
2038
2039 #
2040 # ip rule blocks address
2041 #
2042 log_start
2043 setup_cmd ip -6 rule add pref 32765 from all lookup local
2044 setup_cmd ip -6 rule del pref 0 from all lookup local
2045 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2046 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2047
2048 a=${NSB_LO_IP6}
2049 run_cmd ${ping6} -c1 -w1 ${a}
2050 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2051
2052 log_start
2053 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2054 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2055
2056 a=${NSA_LO_IP6}
2057 log_start
2058 show_hint "Response lost due to ip rule"
2059 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2060 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2061
2062 setup_cmd ip -6 rule add pref 0 from all lookup local
2063 setup_cmd ip -6 rule del pref 32765 from all lookup local
2064 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2065 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2066
2067 #
2068 # route blocks reachability to remote address
2069 #
2070 log_start
2071 setup_cmd ip -6 route del ${NSB_LO_IP6}
2072 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2073 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2074
2075 a=${NSB_LO_IP6}
2076 run_cmd ${ping6} -c1 -w1 ${a}
2077 log_test_addr ${a} $? 2 "ping out, blocked by route"
2078
2079 log_start
2080 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2081 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2082
2083 a=${NSA_LO_IP6}
2084 log_start
2085 show_hint "Response lost due to ip route"
2086 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2087 log_test_addr ${a} $? 1 "ping in, blocked by route"
2088
2089
2090 #
2091 # remove 'remote' routes; fallback to default
2092 #
2093 log_start
2094 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2095 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2096
2097 a=${NSB_LO_IP6}
2098 run_cmd ${ping6} -c1 -w1 ${a}
2099 log_test_addr ${a} $? 2 "ping out, unreachable route"
2100
2101 log_start
2102 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2103 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2104}
2105
2106ipv6_ping_vrf()
2107{
2108 local a
2109
2110 # should default on; does not exist on older kernels
2111 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2112
2113 #
2114 # out
2115 #
2116 for a in ${NSB_IP6} ${NSB_LO_IP6}
2117 do
2118 log_start
2119 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2120 log_test_addr ${a} $? 0 "ping out, VRF bind"
2121 done
2122
2123 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2124 do
2125 log_start
2126 show_hint "Fails since VRF device does not support linklocal or multicast"
2127 run_cmd ${ping6} -c1 -w1 ${a}
2128 log_test_addr ${a} $? 2 "ping out, VRF bind"
2129 done
2130
2131 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2132 do
2133 log_start
2134 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2135 log_test_addr ${a} $? 0 "ping out, device bind"
2136 done
2137
2138 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2139 do
2140 log_start
2141 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2142 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2143 done
2144
2145 #
2146 # in
2147 #
2148 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2149 do
2150 log_start
2151 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2152 log_test_addr ${a} $? 0 "ping in"
2153 done
2154
2155 a=${NSA_LO_IP6}
2156 log_start
2157 show_hint "Fails since loopback address is out of VRF scope"
2158 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2159 log_test_addr ${a} $? 1 "ping in"
2160
2161 #
2162 # local traffic, local address
2163 #
2164 for a in ${NSA_IP6} ${VRF_IP6} ::1
2165 do
2166 log_start
2167 show_hint "Source address should be ${a}"
2168 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2169 log_test_addr ${a} $? 0 "ping local, VRF bind"
2170 done
2171
2172 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2173 do
2174 log_start
2175 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2176 log_test_addr ${a} $? 0 "ping local, device bind"
2177 done
2178
2179 # LLA to GUA - remove ipv6 global addresses from ns-B
2180 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2181 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2182 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2183
2184 for a in ${NSA_IP6} ${VRF_IP6}
2185 do
2186 log_start
2187 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2188 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2189 done
2190
2191 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2192 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2193 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2194
2195 #
2196 # ip rule blocks address
2197 #
2198 log_start
2199 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2200 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2201
2202 a=${NSB_LO_IP6}
2203 run_cmd ${ping6} -c1 -w1 ${a}
2204 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2205
2206 log_start
2207 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2208 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2209
2210 a=${NSA_LO_IP6}
2211 log_start
2212 show_hint "Response lost due to ip rule"
2213 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2214 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2215
2216 log_start
2217 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2218 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2219
2220 #
2221 # remove 'remote' routes; fallback to default
2222 #
2223 log_start
2224 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2225
2226 a=${NSB_LO_IP6}
2227 run_cmd ${ping6} -c1 -w1 ${a}
2228 log_test_addr ${a} $? 2 "ping out, unreachable route"
2229
2230 log_start
2231 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2232 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2233
2234 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2235 a=${NSA_LO_IP6}
2236 log_start
2237 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2238 log_test_addr ${a} $? 2 "ping in, unreachable route"
2239}
2240
2241ipv6_ping()
2242{
2243 log_section "IPv6 ping"
2244
2245 log_subsection "No VRF"
2246 setup
2247 ipv6_ping_novrf
2248
2249 log_subsection "With VRF"
2250 setup "yes"
2251 ipv6_ping_vrf
2252}
2253
2254################################################################################
2255# IPv6 TCP
2256
2257#
2258# MD5 tests without VRF
2259#
2260ipv6_tcp_md5_novrf()
2261{
2262 #
2263 # single address
2264 #
2265
2266 # basic use case
2267 log_start
2268 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2269 sleep 1
2270 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2271 log_test $? 0 "MD5: Single address config"
2272
2273 # client sends MD5, server not configured
2274 log_start
2275 show_hint "Should timeout due to MD5 mismatch"
2276 run_cmd nettest -6 -s &
2277 sleep 1
2278 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2279 log_test $? 2 "MD5: Server no config, client uses password"
2280
2281 # wrong password
2282 log_start
2283 show_hint "Should timeout since client uses wrong password"
2284 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2285 sleep 1
2286 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2287 log_test $? 2 "MD5: Client uses wrong password"
2288
2289 # client from different address
2290 log_start
2291 show_hint "Should timeout due to MD5 mismatch"
2292 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
2293 sleep 1
2294 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2295 log_test $? 2 "MD5: Client address does not match address configured with password"
2296
2297 #
2298 # MD5 extension - prefix length
2299 #
2300
2301 # client in prefix
2302 log_start
2303 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2304 sleep 1
2305 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2306 log_test $? 0 "MD5: Prefix config"
2307
2308 # client in prefix, wrong password
2309 log_start
2310 show_hint "Should timeout since client uses wrong password"
2311 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2312 sleep 1
2313 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2314 log_test $? 2 "MD5: Prefix config, client uses wrong password"
2315
2316 # client outside of prefix
2317 log_start
2318 show_hint "Should timeout due to MD5 mismatch"
2319 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2320 sleep 1
2321 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2322 log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
2323}
2324
2325#
2326# MD5 tests with VRF
2327#
2328ipv6_tcp_md5()
2329{
2330 #
2331 # single address
2332 #
2333
2334 # basic use case
2335 log_start
2336 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2337 sleep 1
2338 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2339 log_test $? 0 "MD5: VRF: Single address config"
2340
2341 # client sends MD5, server not configured
2342 log_start
2343 show_hint "Should timeout since server does not have MD5 auth"
2344 run_cmd nettest -6 -s -I ${VRF} &
2345 sleep 1
2346 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2347 log_test $? 2 "MD5: VRF: Server no config, client uses password"
2348
2349 # wrong password
2350 log_start
2351 show_hint "Should timeout since client uses wrong password"
2352 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2353 sleep 1
2354 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2355 log_test $? 2 "MD5: VRF: Client uses wrong password"
2356
2357 # client from different address
2358 log_start
2359 show_hint "Should timeout since server config differs from client"
2360 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
2361 sleep 1
2362 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2363 log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
2364
2365 #
2366 # MD5 extension - prefix length
2367 #
2368
2369 # client in prefix
2370 log_start
2371 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2372 sleep 1
2373 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2374 log_test $? 0 "MD5: VRF: Prefix config"
2375
2376 # client in prefix, wrong password
2377 log_start
2378 show_hint "Should timeout since client uses wrong password"
2379 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2380 sleep 1
2381 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2382 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
2383
2384 # client outside of prefix
2385 log_start
2386 show_hint "Should timeout since client address is outside of prefix"
2387 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2388 sleep 1
2389 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2390 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
2391
2392 #
2393 # duplicate config between default VRF and a VRF
2394 #
2395
2396 log_start
2397 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2398 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2399 sleep 1
2400 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2401 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
2402
2403 log_start
2404 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2405 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2406 sleep 1
2407 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2408 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
2409
2410 log_start
2411 show_hint "Should timeout since client in default VRF uses VRF password"
2412 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2413 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2414 sleep 1
2415 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2416 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
2417
2418 log_start
2419 show_hint "Should timeout since client in VRF uses default VRF password"
2420 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2421 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2422 sleep 1
2423 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2424 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
2425
2426 log_start
2427 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2428 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2429 sleep 1
2430 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2431 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
2432
2433 log_start
2434 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2435 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2436 sleep 1
2437 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2438 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
2439
2440 log_start
2441 show_hint "Should timeout since client in default VRF uses VRF password"
2442 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2443 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2444 sleep 1
2445 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2446 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
2447
2448 log_start
2449 show_hint "Should timeout since client in VRF uses default VRF password"
2450 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2451 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2452 sleep 1
2453 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2454 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
2455
2456 #
2457 # negative tests
2458 #
2459 log_start
2460 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
2461 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2462
2463 log_start
2464 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
2465 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2466
2467}
2468
2469ipv6_tcp_novrf()
2470{
2471 local a
2472
2473 #
2474 # server tests
2475 #
2476 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2477 do
2478 log_start
2479 run_cmd nettest -6 -s &
2480 sleep 1
2481 run_cmd_nsb nettest -6 -r ${a}
2482 log_test_addr ${a} $? 0 "Global server"
2483 done
2484
2485 # verify TCP reset received
2486 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2487 do
2488 log_start
2489 show_hint "Should fail 'Connection refused'"
2490 run_cmd_nsb nettest -6 -r ${a}
2491 log_test_addr ${a} $? 1 "No server"
2492 done
2493
2494 #
2495 # client
2496 #
2497 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2498 do
2499 log_start
2500 run_cmd_nsb nettest -6 -s &
2501 sleep 1
2502 run_cmd nettest -6 -r ${a}
2503 log_test_addr ${a} $? 0 "Client"
2504 done
2505
2506 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2507 do
2508 log_start
2509 run_cmd_nsb nettest -6 -s &
2510 sleep 1
2511 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2512 log_test_addr ${a} $? 0 "Client, device bind"
2513 done
2514
2515 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2516 do
2517 log_start
2518 show_hint "Should fail 'Connection refused'"
2519 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2520 log_test_addr ${a} $? 1 "No server, device client"
2521 done
2522
2523 #
2524 # local address tests
2525 #
2526 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2527 do
2528 log_start
2529 run_cmd nettest -6 -s &
2530 sleep 1
2531 run_cmd nettest -6 -r ${a}
2532 log_test_addr ${a} $? 0 "Global server, local connection"
2533 done
2534
2535 a=${NSA_IP6}
2536 log_start
2537 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2538 sleep 1
2539 run_cmd nettest -6 -r ${a} -0 ${a}
2540 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2541
2542 for a in ${NSA_LO_IP6} ::1
2543 do
2544 log_start
2545 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2546 run_cmd nettest -6 -s -I ${NSA_DEV} &
2547 sleep 1
2548 run_cmd nettest -6 -r ${a}
2549 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2550 done
2551
2552 a=${NSA_IP6}
2553 log_start
2554 run_cmd nettest -6 -s &
2555 sleep 1
2556 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2557 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2558
2559 for a in ${NSA_LO_IP6} ::1
2560 do
2561 log_start
2562 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2563 run_cmd nettest -6 -s &
2564 sleep 1
2565 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2566 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2567 done
2568
2569 for a in ${NSA_IP6} ${NSA_LINKIP6}
2570 do
2571 log_start
2572 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2573 sleep 1
2574 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2575 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2576 done
2577
2578 for a in ${NSA_IP6} ${NSA_LINKIP6}
2579 do
2580 log_start
2581 show_hint "Should fail 'Connection refused'"
2582 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2583 log_test_addr ${a} $? 1 "No server, device client, local conn"
2584 done
2585
2586 ipv6_tcp_md5_novrf
2587}
2588
2589ipv6_tcp_vrf()
2590{
2591 local a
2592
2593 # disable global server
2594 log_subsection "Global server disabled"
2595
2596 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2597
2598 #
2599 # server tests
2600 #
2601 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2602 do
2603 log_start
2604 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2605 run_cmd nettest -6 -s &
2606 sleep 1
2607 run_cmd_nsb nettest -6 -r ${a}
2608 log_test_addr ${a} $? 1 "Global server"
2609 done
2610
2611 for a in ${NSA_IP6} ${VRF_IP6}
2612 do
2613 log_start
2614 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2615 sleep 1
2616 run_cmd_nsb nettest -6 -r ${a}
2617 log_test_addr ${a} $? 0 "VRF server"
2618 done
2619
2620 # link local is always bound to ingress device
2621 a=${NSA_LINKIP6}%${NSB_DEV}
2622 log_start
2623 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2624 sleep 1
2625 run_cmd_nsb nettest -6 -r ${a}
2626 log_test_addr ${a} $? 0 "VRF server"
2627
2628 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2629 do
2630 log_start
2631 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2632 sleep 1
2633 run_cmd_nsb nettest -6 -r ${a}
2634 log_test_addr ${a} $? 0 "Device server"
2635 done
2636
2637 # verify TCP reset received
2638 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2639 do
2640 log_start
2641 show_hint "Should fail 'Connection refused'"
2642 run_cmd_nsb nettest -6 -r ${a}
2643 log_test_addr ${a} $? 1 "No server"
2644 done
2645
2646 # local address tests
2647 a=${NSA_IP6}
2648 log_start
2649 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2650 run_cmd nettest -6 -s &
2651 sleep 1
2652 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2653 log_test_addr ${a} $? 1 "Global server, local connection"
2654
2655 # run MD5 tests
2656 ipv6_tcp_md5
2657
2658 #
2659 # enable VRF global server
2660 #
2661 log_subsection "VRF Global server enabled"
2662 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2663
2664 for a in ${NSA_IP6} ${VRF_IP6}
2665 do
2666 log_start
2667 run_cmd nettest -6 -s -3 ${VRF} &
2668 sleep 1
2669 run_cmd_nsb nettest -6 -r ${a}
2670 log_test_addr ${a} $? 0 "Global server"
2671 done
2672
2673 for a in ${NSA_IP6} ${VRF_IP6}
2674 do
2675 log_start
2676 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2677 sleep 1
2678 run_cmd_nsb nettest -6 -r ${a}
2679 log_test_addr ${a} $? 0 "VRF server"
2680 done
2681
2682 # For LLA, child socket is bound to device
2683 a=${NSA_LINKIP6}%${NSB_DEV}
2684 log_start
2685 run_cmd nettest -6 -s -3 ${NSA_DEV} &
2686 sleep 1
2687 run_cmd_nsb nettest -6 -r ${a}
2688 log_test_addr ${a} $? 0 "Global server"
2689
2690 log_start
2691 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2692 sleep 1
2693 run_cmd_nsb nettest -6 -r ${a}
2694 log_test_addr ${a} $? 0 "VRF server"
2695
2696 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2697 do
2698 log_start
2699 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2700 sleep 1
2701 run_cmd_nsb nettest -6 -r ${a}
2702 log_test_addr ${a} $? 0 "Device server"
2703 done
2704
2705 # verify TCP reset received
2706 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2707 do
2708 log_start
2709 show_hint "Should fail 'Connection refused'"
2710 run_cmd_nsb nettest -6 -r ${a}
2711 log_test_addr ${a} $? 1 "No server"
2712 done
2713
2714 # local address tests
2715 for a in ${NSA_IP6} ${VRF_IP6}
2716 do
2717 log_start
2718 show_hint "Fails 'Connection refused' since client is not in VRF"
2719 run_cmd nettest -6 -s -I ${VRF} &
2720 sleep 1
2721 run_cmd nettest -6 -r ${a}
2722 log_test_addr ${a} $? 1 "Global server, local connection"
2723 done
2724
2725
2726 #
2727 # client
2728 #
2729 for a in ${NSB_IP6} ${NSB_LO_IP6}
2730 do
2731 log_start
2732 run_cmd_nsb nettest -6 -s &
2733 sleep 1
2734 run_cmd nettest -6 -r ${a} -d ${VRF}
2735 log_test_addr ${a} $? 0 "Client, VRF bind"
2736 done
2737
2738 a=${NSB_LINKIP6}
2739 log_start
2740 show_hint "Fails since VRF device does not allow linklocal addresses"
2741 run_cmd_nsb nettest -6 -s &
2742 sleep 1
2743 run_cmd nettest -6 -r ${a} -d ${VRF}
2744 log_test_addr ${a} $? 1 "Client, VRF bind"
2745
2746 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2747 do
2748 log_start
2749 run_cmd_nsb nettest -6 -s &
2750 sleep 1
2751 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2752 log_test_addr ${a} $? 0 "Client, device bind"
2753 done
2754
2755 for a in ${NSB_IP6} ${NSB_LO_IP6}
2756 do
2757 log_start
2758 show_hint "Should fail 'Connection refused'"
2759 run_cmd nettest -6 -r ${a} -d ${VRF}
2760 log_test_addr ${a} $? 1 "No server, VRF client"
2761 done
2762
2763 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2764 do
2765 log_start
2766 show_hint "Should fail 'Connection refused'"
2767 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2768 log_test_addr ${a} $? 1 "No server, device client"
2769 done
2770
2771 for a in ${NSA_IP6} ${VRF_IP6} ::1
2772 do
2773 log_start
2774 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2775 sleep 1
2776 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2777 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2778 done
2779
2780 a=${NSA_IP6}
2781 log_start
2782 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2783 sleep 1
2784 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2785 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2786
2787 a=${NSA_IP6}
2788 log_start
2789 show_hint "Should fail since unbound client is out of VRF scope"
2790 run_cmd nettest -6 -s -I ${VRF} &
2791 sleep 1
2792 run_cmd nettest -6 -r ${a}
2793 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2794
2795 log_start
2796 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2797 sleep 1
2798 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2799 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2800
2801 for a in ${NSA_IP6} ${NSA_LINKIP6}
2802 do
2803 log_start
2804 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2805 sleep 1
2806 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2807 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2808 done
2809}
2810
2811ipv6_tcp()
2812{
2813 log_section "IPv6/TCP"
2814 log_subsection "No VRF"
2815 setup
2816
2817 # tcp_l3mdev_accept should have no affect without VRF;
2818 # run tests with it enabled and disabled to verify
2819 log_subsection "tcp_l3mdev_accept disabled"
2820 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2821 ipv6_tcp_novrf
2822 log_subsection "tcp_l3mdev_accept enabled"
2823 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2824 ipv6_tcp_novrf
2825
2826 log_subsection "With VRF"
2827 setup "yes"
2828 ipv6_tcp_vrf
2829}
2830
2831################################################################################
2832# IPv6 UDP
2833
2834ipv6_udp_novrf()
2835{
2836 local a
2837
2838 #
2839 # server tests
2840 #
2841 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2842 do
2843 log_start
2844 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
2845 sleep 1
2846 run_cmd_nsb nettest -6 -D -r ${a}
2847 log_test_addr ${a} $? 0 "Global server"
2848
2849 log_start
2850 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
2851 sleep 1
2852 run_cmd_nsb nettest -6 -D -r ${a}
2853 log_test_addr ${a} $? 0 "Device server"
2854 done
2855
2856 a=${NSA_LO_IP6}
2857 log_start
2858 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
2859 sleep 1
2860 run_cmd_nsb nettest -6 -D -r ${a}
2861 log_test_addr ${a} $? 0 "Global server"
2862
2863 # should fail since loopback address is out of scope for a device
2864 # bound server, but it does not - hence this is more documenting
2865 # behavior.
2866 #log_start
2867 #show_hint "Should fail since loopback address is out of scope"
2868 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
2869 #sleep 1
2870 #run_cmd_nsb nettest -6 -D -r ${a}
2871 #log_test_addr ${a} $? 1 "Device server"
2872
2873 # negative test - should fail
2874 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2875 do
2876 log_start
2877 show_hint "Should fail 'Connection refused' since there is no server"
2878 run_cmd_nsb nettest -6 -D -r ${a}
2879 log_test_addr ${a} $? 1 "No server"
2880 done
2881
2882 #
2883 # client
2884 #
2885 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2886 do
2887 log_start
2888 run_cmd_nsb nettest -6 -D -s &
2889 sleep 1
2890 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2891 log_test_addr ${a} $? 0 "Client"
2892
2893 log_start
2894 run_cmd_nsb nettest -6 -D -s &
2895 sleep 1
2896 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2897 log_test_addr ${a} $? 0 "Client, device bind"
2898
2899 log_start
2900 run_cmd_nsb nettest -6 -D -s &
2901 sleep 1
2902 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2903 log_test_addr ${a} $? 0 "Client, device send via cmsg"
2904
2905 log_start
2906 run_cmd_nsb nettest -6 -D -s &
2907 sleep 1
2908 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2909 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
2910
2911 log_start
2912 show_hint "Should fail 'Connection refused'"
2913 run_cmd nettest -6 -D -r ${a}
2914 log_test_addr ${a} $? 1 "No server, unbound client"
2915
2916 log_start
2917 show_hint "Should fail 'Connection refused'"
2918 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2919 log_test_addr ${a} $? 1 "No server, device client"
2920 done
2921
2922 #
2923 # local address tests
2924 #
2925 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2926 do
2927 log_start
2928 run_cmd nettest -6 -D -s &
2929 sleep 1
2930 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
2931 log_test_addr ${a} $? 0 "Global server, local connection"
2932 done
2933
2934 a=${NSA_IP6}
2935 log_start
2936 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
2937 sleep 1
2938 run_cmd nettest -6 -D -r ${a}
2939 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2940
2941 for a in ${NSA_LO_IP6} ::1
2942 do
2943 log_start
2944 show_hint "Should fail 'Connection refused' since address is out of device scope"
2945 run_cmd nettest -6 -s -D -I ${NSA_DEV} &
2946 sleep 1
2947 run_cmd nettest -6 -D -r ${a}
2948 log_test_addr ${a} $? 1 "Device server, local connection"
2949 done
2950
2951 a=${NSA_IP6}
2952 log_start
2953 run_cmd nettest -6 -s -D &
2954 sleep 1
2955 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2956 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2957
2958 log_start
2959 run_cmd nettest -6 -s -D &
2960 sleep 1
2961 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
2962 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
2963
2964 log_start
2965 run_cmd nettest -6 -s -D &
2966 sleep 1
2967 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
2968 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
2969
2970 for a in ${NSA_LO_IP6} ::1
2971 do
2972 log_start
2973 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2974 run_cmd nettest -6 -D -s &
2975 sleep 1
2976 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2977 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2978
2979 log_start
2980 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2981 run_cmd nettest -6 -D -s &
2982 sleep 1
2983 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
2984 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
2985
2986 log_start
2987 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2988 run_cmd nettest -6 -D -s &
2989 sleep 1
2990 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
2991 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
2992 done
2993
2994 a=${NSA_IP6}
2995 log_start
2996 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2997 sleep 1
2998 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
2999 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3000
3001 log_start
3002 show_hint "Should fail 'Connection refused'"
3003 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3004 log_test_addr ${a} $? 1 "No server, device client, local conn"
3005
3006 # LLA to GUA
3007 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3008 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3009 log_start
3010 run_cmd nettest -6 -s -D &
3011 sleep 1
3012 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3013 log_test $? 0 "UDP in - LLA to GUA"
3014
3015 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3016 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3017}
3018
3019ipv6_udp_vrf()
3020{
3021 local a
3022
3023 # disable global server
3024 log_subsection "Global server disabled"
3025 set_sysctl net.ipv4.udp_l3mdev_accept=0
3026
3027 #
3028 # server tests
3029 #
3030 for a in ${NSA_IP6} ${VRF_IP6}
3031 do
3032 log_start
3033 show_hint "Should fail 'Connection refused' since global server is disabled"
3034 run_cmd nettest -6 -D -s &
3035 sleep 1
3036 run_cmd_nsb nettest -6 -D -r ${a}
3037 log_test_addr ${a} $? 1 "Global server"
3038 done
3039
3040 for a in ${NSA_IP6} ${VRF_IP6}
3041 do
3042 log_start
3043 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3044 sleep 1
3045 run_cmd_nsb nettest -6 -D -r ${a}
3046 log_test_addr ${a} $? 0 "VRF server"
3047 done
3048
3049 for a in ${NSA_IP6} ${VRF_IP6}
3050 do
3051 log_start
3052 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3053 sleep 1
3054 run_cmd_nsb nettest -6 -D -r ${a}
3055 log_test_addr ${a} $? 0 "Enslaved device server"
3056 done
3057
3058 # negative test - should fail
3059 for a in ${NSA_IP6} ${VRF_IP6}
3060 do
3061 log_start
3062 show_hint "Should fail 'Connection refused' since there is no server"
3063 run_cmd_nsb nettest -6 -D -r ${a}
3064 log_test_addr ${a} $? 1 "No server"
3065 done
3066
3067 #
3068 # local address tests
3069 #
3070 for a in ${NSA_IP6} ${VRF_IP6}
3071 do
3072 log_start
3073 show_hint "Should fail 'Connection refused' since global server is disabled"
3074 run_cmd nettest -6 -D -s &
3075 sleep 1
3076 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3077 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3078 done
3079
3080 for a in ${NSA_IP6} ${VRF_IP6}
3081 do
3082 log_start
3083 run_cmd nettest -6 -D -I ${VRF} -s &
3084 sleep 1
3085 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3086 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3087 done
3088
3089 a=${NSA_IP6}
3090 log_start
3091 show_hint "Should fail 'Connection refused' since global server is disabled"
3092 run_cmd nettest -6 -D -s &
3093 sleep 1
3094 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3095 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3096
3097 log_start
3098 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3099 sleep 1
3100 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3101 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3102
3103 log_start
3104 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3105 sleep 1
3106 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3107 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3108
3109 log_start
3110 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3111 sleep 1
3112 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3113 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3114
3115 # disable global server
3116 log_subsection "Global server enabled"
3117 set_sysctl net.ipv4.udp_l3mdev_accept=1
3118
3119 #
3120 # server tests
3121 #
3122 for a in ${NSA_IP6} ${VRF_IP6}
3123 do
3124 log_start
3125 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3126 sleep 1
3127 run_cmd_nsb nettest -6 -D -r ${a}
3128 log_test_addr ${a} $? 0 "Global server"
3129 done
3130
3131 for a in ${NSA_IP6} ${VRF_IP6}
3132 do
3133 log_start
3134 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3135 sleep 1
3136 run_cmd_nsb nettest -6 -D -r ${a}
3137 log_test_addr ${a} $? 0 "VRF server"
3138 done
3139
3140 for a in ${NSA_IP6} ${VRF_IP6}
3141 do
3142 log_start
3143 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3144 sleep 1
3145 run_cmd_nsb nettest -6 -D -r ${a}
3146 log_test_addr ${a} $? 0 "Enslaved device server"
3147 done
3148
3149 # negative test - should fail
3150 for a in ${NSA_IP6} ${VRF_IP6}
3151 do
3152 log_start
3153 run_cmd_nsb nettest -6 -D -r ${a}
3154 log_test_addr ${a} $? 1 "No server"
3155 done
3156
3157 #
3158 # client tests
3159 #
3160 log_start
3161 run_cmd_nsb nettest -6 -D -s &
3162 sleep 1
3163 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3164 log_test $? 0 "VRF client"
3165
3166 # negative test - should fail
3167 log_start
3168 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3169 log_test $? 1 "No server, VRF client"
3170
3171 log_start
3172 run_cmd_nsb nettest -6 -D -s &
3173 sleep 1
3174 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3175 log_test $? 0 "Enslaved device client"
3176
3177 # negative test - should fail
3178 log_start
3179 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3180 log_test $? 1 "No server, enslaved device client"
3181
3182 #
3183 # local address tests
3184 #
3185 a=${NSA_IP6}
3186 log_start
3187 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3188 sleep 1
3189 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3190 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3191
3192 #log_start
3193 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3194 sleep 1
3195 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3196 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3197
3198
3199 a=${VRF_IP6}
3200 log_start
3201 run_cmd nettest -6 -D -s -3 ${VRF} &
3202 sleep 1
3203 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3204 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3205
3206 log_start
3207 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
3208 sleep 1
3209 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3210 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3211
3212 # negative test - should fail
3213 for a in ${NSA_IP6} ${VRF_IP6}
3214 do
3215 log_start
3216 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3217 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3218 done
3219
3220 # device to global IP
3221 a=${NSA_IP6}
3222 log_start
3223 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3224 sleep 1
3225 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3226 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3227
3228 log_start
3229 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3230 sleep 1
3231 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3232 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3233
3234 log_start
3235 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3236 sleep 1
3237 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3238 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3239
3240 log_start
3241 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3242 sleep 1
3243 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3244 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3245
3246 log_start
3247 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3248 log_test_addr ${a} $? 1 "No server, device client, local conn"
3249
3250
3251 # link local addresses
3252 log_start
3253 run_cmd nettest -6 -D -s &
3254 sleep 1
3255 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3256 log_test $? 0 "Global server, linklocal IP"
3257
3258 log_start
3259 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3260 log_test $? 1 "No server, linklocal IP"
3261
3262
3263 log_start
3264 run_cmd_nsb nettest -6 -D -s &
3265 sleep 1
3266 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3267 log_test $? 0 "Enslaved device client, linklocal IP"
3268
3269 log_start
3270 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3271 log_test $? 1 "No server, device client, peer linklocal IP"
3272
3273
3274 log_start
3275 run_cmd nettest -6 -D -s &
3276 sleep 1
3277 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3278 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3279
3280 log_start
3281 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3282 log_test $? 1 "No server, device client, local conn - linklocal IP"
3283
3284 # LLA to GUA
3285 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3286 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3287 log_start
3288 run_cmd nettest -6 -s -D &
3289 sleep 1
3290 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3291 log_test $? 0 "UDP in - LLA to GUA"
3292
3293 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3294 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3295}
3296
3297ipv6_udp()
3298{
3299 # should not matter, but set to known state
3300 set_sysctl net.ipv4.udp_early_demux=1
3301
3302 log_section "IPv6/UDP"
3303 log_subsection "No VRF"
3304 setup
3305
3306 # udp_l3mdev_accept should have no affect without VRF;
3307 # run tests with it enabled and disabled to verify
3308 log_subsection "udp_l3mdev_accept disabled"
3309 set_sysctl net.ipv4.udp_l3mdev_accept=0
3310 ipv6_udp_novrf
3311 log_subsection "udp_l3mdev_accept enabled"
3312 set_sysctl net.ipv4.udp_l3mdev_accept=1
3313 ipv6_udp_novrf
3314
3315 log_subsection "With VRF"
3316 setup "yes"
3317 ipv6_udp_vrf
3318}
3319
3320################################################################################
3321# IPv6 address bind
3322
3323ipv6_addr_bind_novrf()
3324{
3325 #
3326 # raw socket
3327 #
3328 for a in ${NSA_IP6} ${NSA_LO_IP6}
3329 do
3330 log_start
3331 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3332 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3333
3334 log_start
3335 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3336 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3337 done
3338
3339 #
3340 # tcp sockets
3341 #
3342 a=${NSA_IP6}
3343 log_start
3344 run_cmd nettest -6 -s -l ${a} -t1 -b
3345 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3346
3347 log_start
3348 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3349 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3350
3351 a=${NSA_LO_IP6}
3352 log_start
3353 show_hint "Should fail with 'Cannot assign requested address'"
3354 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3355 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
3356}
3357
3358ipv6_addr_bind_vrf()
3359{
3360 #
3361 # raw socket
3362 #
3363 for a in ${NSA_IP6} ${VRF_IP6}
3364 do
3365 log_start
3366 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3367 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3368
3369 log_start
3370 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3371 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3372 done
3373
3374 a=${NSA_LO_IP6}
3375 log_start
3376 show_hint "Address on loopback is out of VRF scope"
3377 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3378 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3379
3380 #
3381 # tcp sockets
3382 #
3383 # address on enslaved device is valid for the VRF or device in a VRF
3384 for a in ${NSA_IP6} ${VRF_IP6}
3385 do
3386 log_start
3387 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3388 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3389 done
3390
3391 a=${NSA_IP6}
3392 log_start
3393 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3394 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3395
3396 a=${VRF_IP6}
3397 log_start
3398 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3399 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind"
3400
3401 a=${NSA_LO_IP6}
3402 log_start
3403 show_hint "Address on loopback out of scope for VRF"
3404 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3405 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3406
3407 log_start
3408 show_hint "Address on loopback out of scope for device in VRF"
3409 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3410 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3411
3412}
3413
3414ipv6_addr_bind()
3415{
3416 log_section "IPv6 address binds"
3417
3418 log_subsection "No VRF"
3419 setup
3420 ipv6_addr_bind_novrf
3421
3422 log_subsection "With VRF"
3423 setup "yes"
3424 ipv6_addr_bind_vrf
3425}
3426
3427################################################################################
3428# IPv6 runtime tests
3429
3430ipv6_rt()
3431{
3432 local desc="$1"
3433 local varg="-6 $2"
3434 local with_vrf="yes"
3435 local a
3436
3437 #
3438 # server tests
3439 #
3440 for a in ${NSA_IP6} ${VRF_IP6}
3441 do
3442 log_start
3443 run_cmd nettest ${varg} -s &
3444 sleep 1
3445 run_cmd_nsb nettest ${varg} -r ${a} &
3446 sleep 3
3447 run_cmd ip link del ${VRF}
3448 sleep 1
3449 log_test_addr ${a} 0 0 "${desc}, global server"
3450
3451 setup ${with_vrf}
3452 done
3453
3454 for a in ${NSA_IP6} ${VRF_IP6}
3455 do
3456 log_start
3457 run_cmd nettest ${varg} -I ${VRF} -s &
3458 sleep 1
3459 run_cmd_nsb nettest ${varg} -r ${a} &
3460 sleep 3
3461 run_cmd ip link del ${VRF}
3462 sleep 1
3463 log_test_addr ${a} 0 0 "${desc}, VRF server"
3464
3465 setup ${with_vrf}
3466 done
3467
3468 for a in ${NSA_IP6} ${VRF_IP6}
3469 do
3470 log_start
3471 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3472 sleep 1
3473 run_cmd_nsb nettest ${varg} -r ${a} &
3474 sleep 3
3475 run_cmd ip link del ${VRF}
3476 sleep 1
3477 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3478
3479 setup ${with_vrf}
3480 done
3481
3482 #
3483 # client test
3484 #
3485 log_start
3486 run_cmd_nsb nettest ${varg} -s &
3487 sleep 1
3488 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3489 sleep 3
3490 run_cmd ip link del ${VRF}
3491 sleep 1
3492 log_test 0 0 "${desc}, VRF client"
3493
3494 setup ${with_vrf}
3495
3496 log_start
3497 run_cmd_nsb nettest ${varg} -s &
3498 sleep 1
3499 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3500 sleep 3
3501 run_cmd ip link del ${VRF}
3502 sleep 1
3503 log_test 0 0 "${desc}, enslaved device client"
3504
3505 setup ${with_vrf}
3506
3507
3508 #
3509 # local address tests
3510 #
3511 for a in ${NSA_IP6} ${VRF_IP6}
3512 do
3513 log_start
3514 run_cmd nettest ${varg} -s &
3515 sleep 1
3516 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3517 sleep 3
3518 run_cmd ip link del ${VRF}
3519 sleep 1
3520 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3521
3522 setup ${with_vrf}
3523 done
3524
3525 for a in ${NSA_IP6} ${VRF_IP6}
3526 do
3527 log_start
3528 run_cmd nettest ${varg} -I ${VRF} -s &
3529 sleep 1
3530 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3531 sleep 3
3532 run_cmd ip link del ${VRF}
3533 sleep 1
3534 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3535
3536 setup ${with_vrf}
3537 done
3538
3539 a=${NSA_IP6}
3540 log_start
3541 run_cmd nettest ${varg} -s &
3542 sleep 1
3543 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3544 sleep 3
3545 run_cmd ip link del ${VRF}
3546 sleep 1
3547 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3548
3549 setup ${with_vrf}
3550
3551 log_start
3552 run_cmd nettest ${varg} -I ${VRF} -s &
3553 sleep 1
3554 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3555 sleep 3
3556 run_cmd ip link del ${VRF}
3557 sleep 1
3558 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3559
3560 setup ${with_vrf}
3561
3562 log_start
3563 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3564 sleep 1
3565 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3566 sleep 3
3567 run_cmd ip link del ${VRF}
3568 sleep 1
3569 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3570}
3571
3572ipv6_ping_rt()
3573{
3574 local with_vrf="yes"
3575 local a
3576
3577 a=${NSA_IP6}
3578 log_start
3579 run_cmd_nsb ${ping6} -f ${a} &
3580 sleep 3
3581 run_cmd ip link del ${VRF}
3582 sleep 1
3583 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3584
3585 setup ${with_vrf}
3586
3587 log_start
3588 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3589 sleep 1
3590 run_cmd ip link del ${VRF}
3591 sleep 1
3592 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3593}
3594
3595ipv6_runtime()
3596{
3597 log_section "Run time tests - ipv6"
3598
3599 setup "yes"
3600 ipv6_ping_rt
3601
3602 setup "yes"
3603 ipv6_rt "TCP active socket" "-n -1"
3604
3605 setup "yes"
3606 ipv6_rt "TCP passive socket" "-i"
3607
3608 setup "yes"
3609 ipv6_rt "UDP active socket" "-D -n -1"
3610}
3611
3612################################################################################
3613# netfilter blocking connections
3614
3615netfilter_tcp_reset()
3616{
3617 local a
3618
3619 for a in ${NSA_IP} ${VRF_IP}
3620 do
3621 log_start
3622 run_cmd nettest -s &
3623 sleep 1
3624 run_cmd_nsb nettest -r ${a}
3625 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3626 done
3627}
3628
3629netfilter_icmp()
3630{
3631 local stype="$1"
3632 local arg
3633 local a
3634
3635 [ "${stype}" = "UDP" ] && arg="-D"
3636
3637 for a in ${NSA_IP} ${VRF_IP}
3638 do
3639 log_start
3640 run_cmd nettest ${arg} -s &
3641 sleep 1
3642 run_cmd_nsb nettest ${arg} -r ${a}
3643 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3644 done
3645}
3646
3647ipv4_netfilter()
3648{
3649 log_section "IPv4 Netfilter"
3650 log_subsection "TCP reset"
3651
3652 setup "yes"
3653 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3654
3655 netfilter_tcp_reset
3656
3657 log_start
3658 log_subsection "ICMP unreachable"
3659
3660 log_start
3661 run_cmd iptables -F
3662 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3663 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3664
3665 netfilter_icmp "TCP"
3666 netfilter_icmp "UDP"
3667
3668 log_start
3669 iptables -F
3670}
3671
3672netfilter_tcp6_reset()
3673{
3674 local a
3675
3676 for a in ${NSA_IP6} ${VRF_IP6}
3677 do
3678 log_start
3679 run_cmd nettest -6 -s &
3680 sleep 1
3681 run_cmd_nsb nettest -6 -r ${a}
3682 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3683 done
3684}
3685
3686netfilter_icmp6()
3687{
3688 local stype="$1"
3689 local arg
3690 local a
3691
3692 [ "${stype}" = "UDP" ] && arg="$arg -D"
3693
3694 for a in ${NSA_IP6} ${VRF_IP6}
3695 do
3696 log_start
3697 run_cmd nettest -6 -s ${arg} &
3698 sleep 1
3699 run_cmd_nsb nettest -6 ${arg} -r ${a}
3700 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3701 done
3702}
3703
3704ipv6_netfilter()
3705{
3706 log_section "IPv6 Netfilter"
3707 log_subsection "TCP reset"
3708
3709 setup "yes"
3710 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3711
3712 netfilter_tcp6_reset
3713
3714 log_subsection "ICMP unreachable"
3715
3716 log_start
3717 run_cmd ip6tables -F
3718 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3719 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3720
3721 netfilter_icmp6 "TCP"
3722 netfilter_icmp6 "UDP"
3723
3724 log_start
3725 ip6tables -F
3726}
3727
3728################################################################################
3729# specific use cases
3730
3731# VRF only.
3732# ns-A device enslaved to bridge. Verify traffic with and without
3733# br_netfilter module loaded. Repeat with SVI on bridge.
3734use_case_br()
3735{
3736 setup "yes"
3737
3738 setup_cmd ip link set ${NSA_DEV} down
3739 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24
3740 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
3741
3742 setup_cmd ip link add br0 type bridge
3743 setup_cmd ip addr add dev br0 ${NSA_IP}/24
3744 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
3745
3746 setup_cmd ip li set ${NSA_DEV} master br0
3747 setup_cmd ip li set ${NSA_DEV} up
3748 setup_cmd ip li set br0 up
3749 setup_cmd ip li set br0 vrf ${VRF}
3750
3751 rmmod br_netfilter 2>/dev/null
3752 sleep 5 # DAD
3753
3754 run_cmd ip neigh flush all
3755 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3756 log_test $? 0 "Bridge into VRF - IPv4 ping out"
3757
3758 run_cmd ip neigh flush all
3759 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3760 log_test $? 0 "Bridge into VRF - IPv6 ping out"
3761
3762 run_cmd ip neigh flush all
3763 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3764 log_test $? 0 "Bridge into VRF - IPv4 ping in"
3765
3766 run_cmd ip neigh flush all
3767 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3768 log_test $? 0 "Bridge into VRF - IPv6 ping in"
3769
3770 modprobe br_netfilter
3771 if [ $? -eq 0 ]; then
3772 run_cmd ip neigh flush all
3773 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3774 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3775
3776 run_cmd ip neigh flush all
3777 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3778 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3779
3780 run_cmd ip neigh flush all
3781 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3782 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3783
3784 run_cmd ip neigh flush all
3785 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3786 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3787 fi
3788
3789 setup_cmd ip li set br0 nomaster
3790 setup_cmd ip li add br0.100 link br0 type vlan id 100
3791 setup_cmd ip li set br0.100 vrf ${VRF} up
3792 setup_cmd ip addr add dev br0.100 172.16.101.1/24
3793 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
3794
3795 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100
3796 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24
3797 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
3798 setup_cmd_nsb ip li set vlan100 up
3799 sleep 1
3800
3801 rmmod br_netfilter 2>/dev/null
3802
3803 run_cmd ip neigh flush all
3804 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3805 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
3806
3807 run_cmd ip neigh flush all
3808 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3809 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
3810
3811 run_cmd ip neigh flush all
3812 run_cmd_nsb ping -c1 -w1 172.16.101.1
3813 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3814
3815 run_cmd ip neigh flush all
3816 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3817 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3818
3819 modprobe br_netfilter
3820 if [ $? -eq 0 ]; then
3821 run_cmd ip neigh flush all
3822 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3823 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3824
3825 run_cmd ip neigh flush all
3826 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3827 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3828
3829 run_cmd ip neigh flush all
3830 run_cmd_nsb ping -c1 -w1 172.16.101.1
3831 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3832
3833 run_cmd ip neigh flush all
3834 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3835 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3836 fi
3837
3838 setup_cmd ip li del br0 2>/dev/null
3839 setup_cmd_nsb ip li del vlan100 2>/dev/null
3840}
3841
3842# VRF only.
3843# ns-A device is connected to both ns-B and ns-C on a single VRF but only has
3844# LLA on the interfaces
3845use_case_ping_lla_multi()
3846{
3847 setup_lla_only
3848 # only want reply from ns-A
3849 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3850 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3851
3852 log_start
3853 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3854 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
3855
3856 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3857 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
3858
3859 # cycle/flap the first ns-A interface
3860 setup_cmd ip link set ${NSA_DEV} down
3861 setup_cmd ip link set ${NSA_DEV} up
3862 sleep 1
3863
3864 log_start
3865 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3866 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
3867 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3868 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
3869
3870 # cycle/flap the second ns-A interface
3871 setup_cmd ip link set ${NSA_DEV2} down
3872 setup_cmd ip link set ${NSA_DEV2} up
3873 sleep 1
3874
3875 log_start
3876 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
3877 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
3878 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
3879 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
3880}
3881
3882use_cases()
3883{
3884 log_section "Use cases"
3885 log_subsection "Device enslaved to bridge"
3886 use_case_br
3887 log_subsection "Ping LLA with multiple interfaces"
3888 use_case_ping_lla_multi
3889}
3890
3891################################################################################
3892# usage
3893
3894usage()
3895{
3896 cat <<EOF
3897usage: ${0##*/} OPTS
3898
3899 -4 IPv4 tests only
3900 -6 IPv6 tests only
3901 -t <test> Test name/set to run
3902 -p Pause on fail
3903 -P Pause after each test
3904 -v Be verbose
3905EOF
3906}
3907
3908################################################################################
3909# main
3910
3911TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter"
3912TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter"
3913TESTS_OTHER="use_cases"
3914
3915PAUSE_ON_FAIL=no
3916PAUSE=no
3917
3918while getopts :46t:pPvh o
3919do
3920 case $o in
3921 4) TESTS=ipv4;;
3922 6) TESTS=ipv6;;
3923 t) TESTS=$OPTARG;;
3924 p) PAUSE_ON_FAIL=yes;;
3925 P) PAUSE=yes;;
3926 v) VERBOSE=1;;
3927 h) usage; exit 0;;
3928 *) usage; exit 1;;
3929 esac
3930done
3931
3932# make sure we don't pause twice
3933[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
3934
3935#
3936# show user test config
3937#
3938if [ -z "$TESTS" ]; then
3939 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
3940elif [ "$TESTS" = "ipv4" ]; then
3941 TESTS="$TESTS_IPV4"
3942elif [ "$TESTS" = "ipv6" ]; then
3943 TESTS="$TESTS_IPV6"
3944fi
3945
3946which nettest >/dev/null
3947if [ $? -ne 0 ]; then
3948 echo "'nettest' command not found; skipping tests"
3949 exit 0
3950fi
3951
3952declare -i nfail=0
3953declare -i nsuccess=0
3954
3955for t in $TESTS
3956do
3957 case $t in
3958 ipv4_ping|ping) ipv4_ping;;
3959 ipv4_tcp|tcp) ipv4_tcp;;
3960 ipv4_udp|udp) ipv4_udp;;
3961 ipv4_bind|bind) ipv4_addr_bind;;
3962 ipv4_runtime) ipv4_runtime;;
3963 ipv4_netfilter) ipv4_netfilter;;
3964
3965 ipv6_ping|ping6) ipv6_ping;;
3966 ipv6_tcp|tcp6) ipv6_tcp;;
3967 ipv6_udp|udp6) ipv6_udp;;
3968 ipv6_bind|bind6) ipv6_addr_bind;;
3969 ipv6_runtime) ipv6_runtime;;
3970 ipv6_netfilter) ipv6_netfilter;;
3971
3972 use_cases) use_cases;;
3973
3974 # setup namespaces and config, but do not run any tests
3975 setup) setup; exit 0;;
3976 vrf_setup) setup "yes"; exit 0;;
3977
3978 help) echo "Test names: $TESTS"; exit 0;;
3979 esac
3980done
3981
3982cleanup 2>/dev/null
3983
3984printf "\nTests passed: %3d\n" ${nsuccess}
3985printf "Tests failed: %3d\n" ${nfail}