tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernel / tools / testing / selftests / net / vrf_strict_mode_test.sh
at v5.17-rc2 399 lines 7.7 kB view raw
1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4# This test is designed for testing the new VRF strict_mode functionality. 5 6# Kselftest framework requirement - SKIP code is 4. 7ksft_skip=4 8 9ret=0 10 11# identifies the "init" network namespace which is often called root network 12# namespace. 13INIT_NETNS_NAME="init" 14 15PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no} 16 17log_test() 18{ 19 local rc=$1 20 local expected=$2 21 local msg="$3" 22 23 if [ ${rc} -eq ${expected} ]; then 24 nsuccess=$((nsuccess+1)) 25 printf "\n TEST: %-60s [ OK ]\n" "${msg}" 26 else 27 ret=1 28 nfail=$((nfail+1)) 29 printf "\n TEST: %-60s [FAIL]\n" "${msg}" 30 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 31 echo 32 echo "hit enter to continue, 'q' to quit" 33 read a 34 [ "$a" = "q" ] && exit 1 35 fi 36 fi 37} 38 39print_log_test_results() 40{ 41 if [ "$TESTS" != "none" ]; then 42 printf "\nTests passed: %3d\n" ${nsuccess} 43 printf "Tests failed: %3d\n" ${nfail} 44 fi 45} 46 47log_section() 48{ 49 echo 50 echo "################################################################################" 51 echo "TEST SECTION: $*" 52 echo "################################################################################" 53} 54 55ip_expand_args() 56{ 57 local nsname=$1 58 local nsarg="" 59 60 if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then 61 nsarg="-netns ${nsname}" 62 fi 63 64 echo "${nsarg}" 65} 66 67vrf_count() 68{ 69 local nsname=$1 70 local nsarg="$(ip_expand_args ${nsname})" 71 72 ip ${nsarg} -o link show type vrf | wc -l 73} 74 75count_vrf_by_table_id() 76{ 77 local nsname=$1 78 local tableid=$2 79 local nsarg="$(ip_expand_args ${nsname})" 80 81 ip ${nsarg} -d -o link show type vrf | grep "table ${tableid}" | wc -l 82} 83 84add_vrf() 85{ 86 local nsname=$1 87 local vrfname=$2 88 local vrftable=$3 89 local nsarg="$(ip_expand_args ${nsname})" 90 91 ip ${nsarg} link add ${vrfname} type vrf table ${vrftable} &>/dev/null 92} 93 94add_vrf_and_check() 95{ 96 local nsname=$1 97 local vrfname=$2 98 local vrftable=$3 99 local cnt 100 local rc 101 102 add_vrf ${nsname} ${vrfname} ${vrftable}; rc=$? 103 104 cnt=$(count_vrf_by_table_id ${nsname} ${vrftable}) 105 106 log_test ${rc} 0 "${nsname}: add vrf ${vrfname}, ${cnt} vrfs for table ${vrftable}" 107} 108 109add_vrf_and_check_fail() 110{ 111 local nsname=$1 112 local vrfname=$2 113 local vrftable=$3 114 local cnt 115 local rc 116 117 add_vrf ${nsname} ${vrfname} ${vrftable}; rc=$? 118 119 cnt=$(count_vrf_by_table_id ${nsname} ${vrftable}) 120 121 log_test ${rc} 2 "${nsname}: CANNOT add vrf ${vrfname}, ${cnt} vrfs for table ${vrftable}" 122} 123 124del_vrf_and_check() 125{ 126 local nsname=$1 127 local vrfname=$2 128 local nsarg="$(ip_expand_args ${nsname})" 129 130 ip ${nsarg} link del ${vrfname} 131 log_test $? 0 "${nsname}: remove vrf ${vrfname}" 132} 133 134config_vrf_and_check() 135{ 136 local nsname=$1 137 local addr=$2 138 local vrfname=$3 139 local nsarg="$(ip_expand_args ${nsname})" 140 141 ip ${nsarg} link set dev ${vrfname} up && \ 142 ip ${nsarg} addr add ${addr} dev ${vrfname} 143 log_test $? 0 "${nsname}: vrf ${vrfname} up, addr ${addr}" 144} 145 146read_strict_mode() 147{ 148 local nsname=$1 149 local rval 150 local rc=0 151 local nsexec="" 152 153 if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then 154 # a custom network namespace is provided 155 nsexec="ip netns exec ${nsname}" 156 fi 157 158 rval="$(${nsexec} bash -c "cat /proc/sys/net/vrf/strict_mode" | \ 159 grep -E "^[0-1]$")" &> /dev/null 160 if [ $? -ne 0 ]; then 161 # set errors 162 rval=255 163 rc=1 164 fi 165 166 # on success, rval can be only 0 or 1; on error, rval is equal to 255 167 echo ${rval} 168 return ${rc} 169} 170 171read_strict_mode_compare_and_check() 172{ 173 local nsname=$1 174 local expected=$2 175 local res 176 177 res="$(read_strict_mode ${nsname})" 178 log_test ${res} ${expected} "${nsname}: check strict_mode=${res}" 179} 180 181set_strict_mode() 182{ 183 local nsname=$1 184 local val=$2 185 local nsexec="" 186 187 if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then 188 # a custom network namespace is provided 189 nsexec="ip netns exec ${nsname}" 190 fi 191 192 ${nsexec} bash -c "echo ${val} >/proc/sys/net/vrf/strict_mode" &>/dev/null 193} 194 195enable_strict_mode() 196{ 197 local nsname=$1 198 199 set_strict_mode ${nsname} 1 200} 201 202disable_strict_mode() 203{ 204 local nsname=$1 205 206 set_strict_mode ${nsname} 0 207} 208 209disable_strict_mode_and_check() 210{ 211 local nsname=$1 212 213 disable_strict_mode ${nsname} 214 log_test $? 0 "${nsname}: disable strict_mode (=0)" 215} 216 217enable_strict_mode_and_check() 218{ 219 local nsname=$1 220 221 enable_strict_mode ${nsname} 222 log_test $? 0 "${nsname}: enable strict_mode (=1)" 223} 224 225enable_strict_mode_and_check_fail() 226{ 227 local nsname=$1 228 229 enable_strict_mode ${nsname} 230 log_test $? 1 "${nsname}: CANNOT enable strict_mode" 231} 232 233strict_mode_check_default() 234{ 235 local nsname=$1 236 local strictmode 237 local vrfcnt 238 239 vrfcnt=$(vrf_count ${nsname}) 240 strictmode=$(read_strict_mode ${nsname}) 241 log_test ${strictmode} 0 "${nsname}: strict_mode=0 by default, ${vrfcnt} vrfs" 242} 243 244setup() 245{ 246 modprobe vrf 247 248 ip netns add testns 249 ip netns exec testns ip link set lo up 250} 251 252cleanup() 253{ 254 ip netns del testns 2>/dev/null 255 256 ip link del vrf100 2>/dev/null 257 ip link del vrf101 2>/dev/null 258 ip link del vrf102 2>/dev/null 259 260 echo 0 >/proc/sys/net/vrf/strict_mode 2>/dev/null 261} 262 263vrf_strict_mode_tests_init() 264{ 265 vrf_strict_mode_check_support init 266 267 strict_mode_check_default init 268 269 add_vrf_and_check init vrf100 100 270 config_vrf_and_check init 172.16.100.1/24 vrf100 271 272 enable_strict_mode_and_check init 273 274 add_vrf_and_check_fail init vrf101 100 275 276 disable_strict_mode_and_check init 277 278 add_vrf_and_check init vrf101 100 279 config_vrf_and_check init 172.16.101.1/24 vrf101 280 281 enable_strict_mode_and_check_fail init 282 283 del_vrf_and_check init vrf101 284 285 enable_strict_mode_and_check init 286 287 add_vrf_and_check init vrf102 102 288 config_vrf_and_check init 172.16.102.1/24 vrf102 289 290 # the strict_modle is enabled in the init 291} 292 293vrf_strict_mode_tests_testns() 294{ 295 vrf_strict_mode_check_support testns 296 297 strict_mode_check_default testns 298 299 enable_strict_mode_and_check testns 300 301 add_vrf_and_check testns vrf100 100 302 config_vrf_and_check testns 10.0.100.1/24 vrf100 303 304 add_vrf_and_check_fail testns vrf101 100 305 306 add_vrf_and_check_fail testns vrf102 100 307 308 add_vrf_and_check testns vrf200 200 309 310 disable_strict_mode_and_check testns 311 312 add_vrf_and_check testns vrf101 100 313 314 add_vrf_and_check testns vrf102 100 315 316 #the strict_mode is disabled in the testns 317} 318 319vrf_strict_mode_tests_mix() 320{ 321 read_strict_mode_compare_and_check init 1 322 323 read_strict_mode_compare_and_check testns 0 324 325 del_vrf_and_check testns vrf101 326 327 del_vrf_and_check testns vrf102 328 329 disable_strict_mode_and_check init 330 331 enable_strict_mode_and_check testns 332 333 enable_strict_mode_and_check init 334 enable_strict_mode_and_check init 335 336 disable_strict_mode_and_check testns 337 disable_strict_mode_and_check testns 338 339 read_strict_mode_compare_and_check init 1 340 341 read_strict_mode_compare_and_check testns 0 342} 343 344vrf_strict_mode_tests() 345{ 346 log_section "VRF strict_mode test on init network namespace" 347 vrf_strict_mode_tests_init 348 349 log_section "VRF strict_mode test on testns network namespace" 350 vrf_strict_mode_tests_testns 351 352 log_section "VRF strict_mode test mixing init and testns network namespaces" 353 vrf_strict_mode_tests_mix 354} 355 356vrf_strict_mode_check_support() 357{ 358 local nsname=$1 359 local output 360 local rc 361 362 output="$(lsmod | grep '^vrf' | awk '{print $1}')" 363 if [ -z "${output}" ]; then 364 modinfo vrf || return $? 365 fi 366 367 # we do not care about the value of the strict_mode; we only check if 368 # the strict_mode parameter is available or not. 369 read_strict_mode ${nsname} &>/dev/null; rc=$? 370 log_test ${rc} 0 "${nsname}: net.vrf.strict_mode is available" 371 372 return ${rc} 373} 374 375if [ "$(id -u)" -ne 0 ];then 376 echo "SKIP: Need root privileges" 377 exit $ksft_skip 378fi 379 380if [ ! -x "$(command -v ip)" ]; then 381 echo "SKIP: Could not run test without ip tool" 382 exit $ksft_skip 383fi 384 385modprobe vrf &>/dev/null 386if [ ! -e /proc/sys/net/vrf/strict_mode ]; then 387 echo "SKIP: vrf sysctl does not exist" 388 exit $ksft_skip 389fi 390 391cleanup &> /dev/null 392 393setup 394vrf_strict_mode_tests 395cleanup 396 397print_log_test_results 398 399exit $ret