tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5#
6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7# for various permutations:
8# 1. icmp, tcp, udp and netfilter
9# 2. client, server, no-server
10# 3. global address on interface
11# 4. global address on 'lo'
12# 5. remote and local traffic
13# 6. VRF and non-VRF permutations
14#
15# Setup:
16# ns-A | ns-B
17# No VRF case:
18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
19# remote address
20# VRF case:
21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
22#
23# ns-A:
24# eth1: 172.16.1.1/24, 2001:db8:1::1/64
25# lo: 127.0.0.1/8, ::1/128
26# 172.16.2.1/32, 2001:db8:2::1/128
27# red: 127.0.0.1/8, ::1/128
28# 172.16.3.1/32, 2001:db8:3::1/128
29#
30# ns-B:
31# eth1: 172.16.1.2/24, 2001:db8:1::2/64
32# lo2: 127.0.0.1/8, ::1/128
33# 172.16.2.2/32, 2001:db8:2::2/128
34#
35# server / client nomenclature relative to ns-A
36
37VERBOSE=0
38
39NSA_DEV=eth1
40NSB_DEV=eth1
41VRF=red
42VRF_TABLE=1101
43
44# IPv4 config
45NSA_IP=172.16.1.1
46NSB_IP=172.16.1.2
47VRF_IP=172.16.3.1
48
49# IPv6 config
50NSA_IP6=2001:db8:1::1
51NSB_IP6=2001:db8:1::2
52VRF_IP6=2001:db8:3::1
53
54NSA_LO_IP=172.16.2.1
55NSB_LO_IP=172.16.2.2
56NSA_LO_IP6=2001:db8:2::1
57NSB_LO_IP6=2001:db8:2::2
58
59MCAST=ff02::1
60# set after namespace create
61NSA_LINKIP6=
62NSB_LINKIP6=
63
64NSA=ns-A
65NSB=ns-B
66
67NSA_CMD="ip netns exec ${NSA}"
68NSB_CMD="ip netns exec ${NSB}"
69
70which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
71
72################################################################################
73# utilities
74
75log_test()
76{
77 local rc=$1
78 local expected=$2
79 local msg="$3"
80
81 [ "${VERBOSE}" = "1" ] && echo
82
83 if [ ${rc} -eq ${expected} ]; then
84 nsuccess=$((nsuccess+1))
85 printf "TEST: %-70s [ OK ]\n" "${msg}"
86 else
87 nfail=$((nfail+1))
88 printf "TEST: %-70s [FAIL]\n" "${msg}"
89 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
90 echo
91 echo "hit enter to continue, 'q' to quit"
92 read a
93 [ "$a" = "q" ] && exit 1
94 fi
95 fi
96
97 if [ "${PAUSE}" = "yes" ]; then
98 echo
99 echo "hit enter to continue, 'q' to quit"
100 read a
101 [ "$a" = "q" ] && exit 1
102 fi
103
104 kill_procs
105}
106
107log_test_addr()
108{
109 local addr=$1
110 local rc=$2
111 local expected=$3
112 local msg="$4"
113 local astr
114
115 astr=$(addr2str ${addr})
116 log_test $rc $expected "$msg - ${astr}"
117}
118
119log_section()
120{
121 echo
122 echo "###########################################################################"
123 echo "$*"
124 echo "###########################################################################"
125 echo
126}
127
128log_subsection()
129{
130 echo
131 echo "#################################################################"
132 echo "$*"
133 echo
134}
135
136log_start()
137{
138 # make sure we have no test instances running
139 kill_procs
140
141 if [ "${VERBOSE}" = "1" ]; then
142 echo
143 echo "#######################################################"
144 fi
145}
146
147log_debug()
148{
149 if [ "${VERBOSE}" = "1" ]; then
150 echo
151 echo "$*"
152 echo
153 fi
154}
155
156show_hint()
157{
158 if [ "${VERBOSE}" = "1" ]; then
159 echo "HINT: $*"
160 echo
161 fi
162}
163
164kill_procs()
165{
166 killall nettest ping ping6 >/dev/null 2>&1
167 sleep 1
168}
169
170do_run_cmd()
171{
172 local cmd="$*"
173 local out
174
175 if [ "$VERBOSE" = "1" ]; then
176 echo "COMMAND: ${cmd}"
177 fi
178
179 out=$($cmd 2>&1)
180 rc=$?
181 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
182 echo "$out"
183 fi
184
185 return $rc
186}
187
188run_cmd()
189{
190 do_run_cmd ${NSA_CMD} $*
191}
192
193run_cmd_nsb()
194{
195 do_run_cmd ${NSB_CMD} $*
196}
197
198setup_cmd()
199{
200 local cmd="$*"
201 local rc
202
203 run_cmd ${cmd}
204 rc=$?
205 if [ $rc -ne 0 ]; then
206 # show user the command if not done so already
207 if [ "$VERBOSE" = "0" ]; then
208 echo "setup command: $cmd"
209 fi
210 echo "failed. stopping tests"
211 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
212 echo
213 echo "hit enter to continue"
214 read a
215 fi
216 exit $rc
217 fi
218}
219
220setup_cmd_nsb()
221{
222 local cmd="$*"
223 local rc
224
225 run_cmd_nsb ${cmd}
226 rc=$?
227 if [ $rc -ne 0 ]; then
228 # show user the command if not done so already
229 if [ "$VERBOSE" = "0" ]; then
230 echo "setup command: $cmd"
231 fi
232 echo "failed. stopping tests"
233 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
234 echo
235 echo "hit enter to continue"
236 read a
237 fi
238 exit $rc
239 fi
240}
241
242# set sysctl values in NS-A
243set_sysctl()
244{
245 echo "SYSCTL: $*"
246 echo
247 run_cmd sysctl -q -w $*
248}
249
250################################################################################
251# Setup for tests
252
253addr2str()
254{
255 case "$1" in
256 127.0.0.1) echo "loopback";;
257 ::1) echo "IPv6 loopback";;
258
259 ${NSA_IP}) echo "ns-A IP";;
260 ${NSA_IP6}) echo "ns-A IPv6";;
261 ${NSA_LO_IP}) echo "ns-A loopback IP";;
262 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
263 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
264
265 ${NSB_IP}) echo "ns-B IP";;
266 ${NSB_IP6}) echo "ns-B IPv6";;
267 ${NSB_LO_IP}) echo "ns-B loopback IP";;
268 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
269 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
270
271 ${VRF_IP}) echo "VRF IP";;
272 ${VRF_IP6}) echo "VRF IPv6";;
273
274 ${MCAST}%*) echo "multicast IP";;
275
276 *) echo "unknown";;
277 esac
278}
279
280get_linklocal()
281{
282 local ns=$1
283 local dev=$2
284 local addr
285
286 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
287 awk '{
288 for (i = 3; i <= NF; ++i) {
289 if ($i ~ /^fe80/)
290 print $i
291 }
292 }'
293 )
294 addr=${addr/\/*}
295
296 [ -z "$addr" ] && return 1
297
298 echo $addr
299
300 return 0
301}
302
303################################################################################
304# create namespaces and vrf
305
306create_vrf()
307{
308 local ns=$1
309 local vrf=$2
310 local table=$3
311 local addr=$4
312 local addr6=$5
313
314 ip -netns ${ns} link add ${vrf} type vrf table ${table}
315 ip -netns ${ns} link set ${vrf} up
316 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
317 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
318
319 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
320 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
321 if [ "${addr}" != "-" ]; then
322 ip -netns ${ns} addr add dev ${vrf} ${addr}
323 fi
324 if [ "${addr6}" != "-" ]; then
325 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
326 fi
327
328 ip -netns ${ns} ru del pref 0
329 ip -netns ${ns} ru add pref 32765 from all lookup local
330 ip -netns ${ns} -6 ru del pref 0
331 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
332}
333
334create_ns()
335{
336 local ns=$1
337 local addr=$2
338 local addr6=$3
339
340 ip netns add ${ns}
341
342 ip -netns ${ns} link set lo up
343 if [ "${addr}" != "-" ]; then
344 ip -netns ${ns} addr add dev lo ${addr}
345 fi
346 if [ "${addr6}" != "-" ]; then
347 ip -netns ${ns} -6 addr add dev lo ${addr6}
348 fi
349
350 ip -netns ${ns} ro add unreachable default metric 8192
351 ip -netns ${ns} -6 ro add unreachable default metric 8192
352
353 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
354 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
355 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
356 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
357}
358
359# create veth pair to connect namespaces and apply addresses.
360connect_ns()
361{
362 local ns1=$1
363 local ns1_dev=$2
364 local ns1_addr=$3
365 local ns1_addr6=$4
366 local ns2=$5
367 local ns2_dev=$6
368 local ns2_addr=$7
369 local ns2_addr6=$8
370
371 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
372 ip -netns ${ns1} li set ${ns1_dev} up
373 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
374 ip -netns ${ns2} li set ${ns2_dev} up
375
376 if [ "${ns1_addr}" != "-" ]; then
377 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
378 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
379 fi
380
381 if [ "${ns1_addr6}" != "-" ]; then
382 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
383 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
384 fi
385}
386
387cleanup()
388{
389 # explicit cleanups to check those code paths
390 ip netns | grep -q ${NSA}
391 if [ $? -eq 0 ]; then
392 ip -netns ${NSA} link delete ${VRF}
393 ip -netns ${NSA} ro flush table ${VRF_TABLE}
394
395 ip -netns ${NSA} addr flush dev ${NSA_DEV}
396 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
397 ip -netns ${NSA} link set dev ${NSA_DEV} down
398 ip -netns ${NSA} link del dev ${NSA_DEV}
399
400 ip netns del ${NSA}
401 fi
402
403 ip netns del ${NSB}
404}
405
406setup()
407{
408 local with_vrf=${1}
409
410 # make sure we are starting with a clean slate
411 kill_procs
412 cleanup 2>/dev/null
413
414 log_debug "Configuring network namespaces"
415 set -e
416
417 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
418 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
419 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
420 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
421
422 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
423 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
424
425 # tell ns-A how to get to remote addresses of ns-B
426 if [ "${with_vrf}" = "yes" ]; then
427 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
428
429 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
430 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
431 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
432
433 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
434 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
435 else
436 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
437 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
438 fi
439
440
441 # tell ns-B how to get to remote addresses of ns-A
442 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
443 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
444
445 set +e
446
447 sleep 1
448}
449
450################################################################################
451# IPv4
452
453ipv4_ping_novrf()
454{
455 local a
456
457 #
458 # out
459 #
460 for a in ${NSB_IP} ${NSB_LO_IP}
461 do
462 log_start
463 run_cmd ping -c1 -w1 ${a}
464 log_test_addr ${a} $? 0 "ping out"
465
466 log_start
467 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
468 log_test_addr ${a} $? 0 "ping out, device bind"
469
470 log_start
471 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
472 log_test_addr ${a} $? 0 "ping out, address bind"
473 done
474
475 #
476 # in
477 #
478 for a in ${NSA_IP} ${NSA_LO_IP}
479 do
480 log_start
481 run_cmd_nsb ping -c1 -w1 ${a}
482 log_test_addr ${a} $? 0 "ping in"
483 done
484
485 #
486 # local traffic
487 #
488 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
489 do
490 log_start
491 run_cmd ping -c1 -w1 ${a}
492 log_test_addr ${a} $? 0 "ping local"
493 done
494
495 #
496 # local traffic, socket bound to device
497 #
498 # address on device
499 a=${NSA_IP}
500 log_start
501 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
502 log_test_addr ${a} $? 0 "ping local, device bind"
503
504 # loopback addresses not reachable from device bind
505 # fails in a really weird way though because ipv4 special cases
506 # route lookups with oif set.
507 for a in ${NSA_LO_IP} 127.0.0.1
508 do
509 log_start
510 show_hint "Fails since address on loopback device is out of device scope"
511 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
512 log_test_addr ${a} $? 1 "ping local, device bind"
513 done
514
515 #
516 # ip rule blocks reachability to remote address
517 #
518 log_start
519 setup_cmd ip rule add pref 32765 from all lookup local
520 setup_cmd ip rule del pref 0 from all lookup local
521 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
522 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
523
524 a=${NSB_LO_IP}
525 run_cmd ping -c1 -w1 ${a}
526 log_test_addr ${a} $? 2 "ping out, blocked by rule"
527
528 # NOTE: ipv4 actually allows the lookup to fail and yet still create
529 # a viable rtable if the oif (e.g., bind to device) is set, so this
530 # case succeeds despite the rule
531 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
532
533 a=${NSA_LO_IP}
534 log_start
535 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
536 run_cmd_nsb ping -c1 -w1 ${a}
537 log_test_addr ${a} $? 1 "ping in, blocked by rule"
538
539 [ "$VERBOSE" = "1" ] && echo
540 setup_cmd ip rule del pref 32765 from all lookup local
541 setup_cmd ip rule add pref 0 from all lookup local
542 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
543 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
544
545 #
546 # route blocks reachability to remote address
547 #
548 log_start
549 setup_cmd ip route replace unreachable ${NSB_LO_IP}
550 setup_cmd ip route replace unreachable ${NSB_IP}
551
552 a=${NSB_LO_IP}
553 run_cmd ping -c1 -w1 ${a}
554 log_test_addr ${a} $? 2 "ping out, blocked by route"
555
556 # NOTE: ipv4 actually allows the lookup to fail and yet still create
557 # a viable rtable if the oif (e.g., bind to device) is set, so this
558 # case succeeds despite not having a route for the address
559 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
560
561 a=${NSA_LO_IP}
562 log_start
563 show_hint "Response is dropped (or arp request is ignored) due to ip route"
564 run_cmd_nsb ping -c1 -w1 ${a}
565 log_test_addr ${a} $? 1 "ping in, blocked by route"
566
567 #
568 # remove 'remote' routes; fallback to default
569 #
570 log_start
571 setup_cmd ip ro del ${NSB_LO_IP}
572
573 a=${NSB_LO_IP}
574 run_cmd ping -c1 -w1 ${a}
575 log_test_addr ${a} $? 2 "ping out, unreachable default route"
576
577 # NOTE: ipv4 actually allows the lookup to fail and yet still create
578 # a viable rtable if the oif (e.g., bind to device) is set, so this
579 # case succeeds despite not having a route for the address
580 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
581}
582
583ipv4_ping_vrf()
584{
585 local a
586
587 # should default on; does not exist on older kernels
588 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
589
590 #
591 # out
592 #
593 for a in ${NSB_IP} ${NSB_LO_IP}
594 do
595 log_start
596 run_cmd ping -c1 -w1 -I ${VRF} ${a}
597 log_test_addr ${a} $? 0 "ping out, VRF bind"
598
599 log_start
600 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
601 log_test_addr ${a} $? 0 "ping out, device bind"
602
603 log_start
604 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
605 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
606
607 log_start
608 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
609 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
610 done
611
612 #
613 # in
614 #
615 for a in ${NSA_IP} ${VRF_IP}
616 do
617 log_start
618 run_cmd_nsb ping -c1 -w1 ${a}
619 log_test_addr ${a} $? 0 "ping in"
620 done
621
622 #
623 # local traffic, local address
624 #
625 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
626 do
627 log_start
628 show_hint "Source address should be ${a}"
629 run_cmd ping -c1 -w1 -I ${VRF} ${a}
630 log_test_addr ${a} $? 0 "ping local, VRF bind"
631 done
632
633 #
634 # local traffic, socket bound to device
635 #
636 # address on device
637 a=${NSA_IP}
638 log_start
639 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
640 log_test_addr ${a} $? 0 "ping local, device bind"
641
642 # vrf device is out of scope
643 for a in ${VRF_IP} 127.0.0.1
644 do
645 log_start
646 show_hint "Fails since address on vrf device is out of device scope"
647 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
648 log_test_addr ${a} $? 1 "ping local, device bind"
649 done
650
651 #
652 # ip rule blocks address
653 #
654 log_start
655 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
656 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
657
658 a=${NSB_LO_IP}
659 run_cmd ping -c1 -w1 -I ${VRF} ${a}
660 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
661
662 log_start
663 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
664 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
665
666 a=${NSA_LO_IP}
667 log_start
668 show_hint "Response lost due to ip rule"
669 run_cmd_nsb ping -c1 -w1 ${a}
670 log_test_addr ${a} $? 1 "ping in, blocked by rule"
671
672 [ "$VERBOSE" = "1" ] && echo
673 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
674 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
675
676 #
677 # remove 'remote' routes; fallback to default
678 #
679 log_start
680 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
681
682 a=${NSB_LO_IP}
683 run_cmd ping -c1 -w1 -I ${VRF} ${a}
684 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
685
686 log_start
687 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
688 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
689
690 a=${NSA_LO_IP}
691 log_start
692 show_hint "Response lost by unreachable route"
693 run_cmd_nsb ping -c1 -w1 ${a}
694 log_test_addr ${a} $? 1 "ping in, unreachable route"
695}
696
697ipv4_ping()
698{
699 log_section "IPv4 ping"
700
701 log_subsection "No VRF"
702 setup
703 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
704 ipv4_ping_novrf
705 setup
706 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
707 ipv4_ping_novrf
708
709 log_subsection "With VRF"
710 setup "yes"
711 ipv4_ping_vrf
712}
713
714################################################################################
715# IPv4 TCP
716
717ipv4_tcp_novrf()
718{
719 local a
720
721 #
722 # server tests
723 #
724 for a in ${NSA_IP} ${NSA_LO_IP}
725 do
726 log_start
727 run_cmd nettest -s &
728 sleep 1
729 run_cmd_nsb nettest -r ${a}
730 log_test_addr ${a} $? 0 "Global server"
731 done
732
733 a=${NSA_IP}
734 log_start
735 run_cmd nettest -s -d ${NSA_DEV} &
736 sleep 1
737 run_cmd_nsb nettest -r ${a}
738 log_test_addr ${a} $? 0 "Device server"
739
740 # verify TCP reset sent and received
741 for a in ${NSA_IP} ${NSA_LO_IP}
742 do
743 log_start
744 show_hint "Should fail 'Connection refused' since there is no server"
745 run_cmd_nsb nettest -r ${a}
746 log_test_addr ${a} $? 1 "No server"
747 done
748
749 #
750 # client
751 #
752 for a in ${NSB_IP} ${NSB_LO_IP}
753 do
754 log_start
755 run_cmd_nsb nettest -s &
756 sleep 1
757 run_cmd nettest -r ${a} -0 ${NSA_IP}
758 log_test_addr ${a} $? 0 "Client"
759
760 log_start
761 run_cmd_nsb nettest -s &
762 sleep 1
763 run_cmd nettest -r ${a} -d ${NSA_DEV}
764 log_test_addr ${a} $? 0 "Client, device bind"
765
766 log_start
767 show_hint "Should fail 'Connection refused'"
768 run_cmd nettest -r ${a}
769 log_test_addr ${a} $? 1 "No server, unbound client"
770
771 log_start
772 show_hint "Should fail 'Connection refused'"
773 run_cmd nettest -r ${a} -d ${NSA_DEV}
774 log_test_addr ${a} $? 1 "No server, device client"
775 done
776
777 #
778 # local address tests
779 #
780 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
781 do
782 log_start
783 run_cmd nettest -s &
784 sleep 1
785 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
786 log_test_addr ${a} $? 0 "Global server, local connection"
787 done
788
789 a=${NSA_IP}
790 log_start
791 run_cmd nettest -s -d ${NSA_DEV} &
792 sleep 1
793 run_cmd nettest -r ${a} -0 ${a}
794 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
795
796 for a in ${NSA_LO_IP} 127.0.0.1
797 do
798 log_start
799 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
800 run_cmd nettest -s -d ${NSA_DEV} &
801 sleep 1
802 run_cmd nettest -r ${a}
803 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
804 done
805
806 a=${NSA_IP}
807 log_start
808 run_cmd nettest -s &
809 sleep 1
810 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
811 log_test_addr ${a} $? 0 "Global server, device client, local connection"
812
813 for a in ${NSA_LO_IP} 127.0.0.1
814 do
815 log_start
816 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
817 run_cmd nettest -s &
818 sleep 1
819 run_cmd nettest -r ${a} -d ${NSA_DEV}
820 log_test_addr ${a} $? 1 "Global server, device client, local connection"
821 done
822
823 a=${NSA_IP}
824 log_start
825 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
826 sleep 1
827 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
828 log_test_addr ${a} $? 0 "Device server, device client, local connection"
829
830 log_start
831 show_hint "Should fail 'Connection refused'"
832 run_cmd nettest -d ${NSA_DEV} -r ${a}
833 log_test_addr ${a} $? 1 "No server, device client, local conn"
834}
835
836ipv4_tcp_vrf()
837{
838 local a
839
840 # disable global server
841 log_subsection "Global server disabled"
842
843 set_sysctl net.ipv4.tcp_l3mdev_accept=0
844
845 #
846 # server tests
847 #
848 for a in ${NSA_IP} ${VRF_IP}
849 do
850 log_start
851 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
852 run_cmd nettest -s &
853 sleep 1
854 run_cmd_nsb nettest -r ${a}
855 log_test_addr ${a} $? 1 "Global server"
856
857 log_start
858 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
859 sleep 1
860 run_cmd_nsb nettest -r ${a}
861 log_test_addr ${a} $? 0 "VRF server"
862
863 log_start
864 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
865 sleep 1
866 run_cmd_nsb nettest -r ${a}
867 log_test_addr ${a} $? 0 "Device server"
868
869 # verify TCP reset received
870 log_start
871 show_hint "Should fail 'Connection refused' since there is no server"
872 run_cmd_nsb nettest -r ${a}
873 log_test_addr ${a} $? 1 "No server"
874 done
875
876 # local address tests
877 # (${VRF_IP} and 127.0.0.1 both timeout)
878 a=${NSA_IP}
879 log_start
880 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
881 run_cmd nettest -s &
882 sleep 1
883 run_cmd nettest -r ${a} -d ${NSA_DEV}
884 log_test_addr ${a} $? 1 "Global server, local connection"
885
886 #
887 # enable VRF global server
888 #
889 log_subsection "VRF Global server enabled"
890 set_sysctl net.ipv4.tcp_l3mdev_accept=1
891
892 for a in ${NSA_IP} ${VRF_IP}
893 do
894 log_start
895 show_hint "client socket should be bound to VRF"
896 run_cmd nettest -s -2 ${VRF} &
897 sleep 1
898 run_cmd_nsb nettest -r ${a}
899 log_test_addr ${a} $? 0 "Global server"
900
901 log_start
902 show_hint "client socket should be bound to VRF"
903 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
904 sleep 1
905 run_cmd_nsb nettest -r ${a}
906 log_test_addr ${a} $? 0 "VRF server"
907
908 # verify TCP reset received
909 log_start
910 show_hint "Should fail 'Connection refused'"
911 run_cmd_nsb nettest -r ${a}
912 log_test_addr ${a} $? 1 "No server"
913 done
914
915 a=${NSA_IP}
916 log_start
917 show_hint "client socket should be bound to device"
918 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
919 sleep 1
920 run_cmd_nsb nettest -r ${a}
921 log_test_addr ${a} $? 0 "Device server"
922
923 # local address tests
924 for a in ${NSA_IP} ${VRF_IP}
925 do
926 log_start
927 show_hint "Should fail 'No route to host' since client is not bound to VRF"
928 run_cmd nettest -s -2 ${VRF} &
929 sleep 1
930 run_cmd nettest -r ${a}
931 log_test_addr ${a} $? 1 "Global server, local connection"
932 done
933
934 #
935 # client
936 #
937 for a in ${NSB_IP} ${NSB_LO_IP}
938 do
939 log_start
940 run_cmd_nsb nettest -s &
941 sleep 1
942 run_cmd nettest -r ${a} -d ${VRF}
943 log_test_addr ${a} $? 0 "Client, VRF bind"
944
945 log_start
946 run_cmd_nsb nettest -s &
947 sleep 1
948 run_cmd nettest -r ${a} -d ${NSA_DEV}
949 log_test_addr ${a} $? 0 "Client, device bind"
950
951 log_start
952 show_hint "Should fail 'Connection refused'"
953 run_cmd nettest -r ${a} -d ${VRF}
954 log_test_addr ${a} $? 1 "No server, VRF client"
955
956 log_start
957 show_hint "Should fail 'Connection refused'"
958 run_cmd nettest -r ${a} -d ${NSA_DEV}
959 log_test_addr ${a} $? 1 "No server, device client"
960 done
961
962 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
963 do
964 log_start
965 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
966 sleep 1
967 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
968 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
969 done
970
971 a=${NSA_IP}
972 log_start
973 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
974 sleep 1
975 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
976 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
977
978 log_start
979 show_hint "Should fail 'No route to host' since client is out of VRF scope"
980 run_cmd nettest -s -d ${VRF} &
981 sleep 1
982 run_cmd nettest -r ${a}
983 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
984
985 log_start
986 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
987 sleep 1
988 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
989 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
990
991 log_start
992 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
993 sleep 1
994 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
995 log_test_addr ${a} $? 0 "Device server, device client, local connection"
996}
997
998ipv4_tcp()
999{
1000 log_section "IPv4/TCP"
1001 log_subsection "No VRF"
1002 setup
1003
1004 # tcp_l3mdev_accept should have no affect without VRF;
1005 # run tests with it enabled and disabled to verify
1006 log_subsection "tcp_l3mdev_accept disabled"
1007 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1008 ipv4_tcp_novrf
1009 log_subsection "tcp_l3mdev_accept enabled"
1010 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1011 ipv4_tcp_novrf
1012
1013 log_subsection "With VRF"
1014 setup "yes"
1015 ipv4_tcp_vrf
1016}
1017
1018################################################################################
1019# IPv4 UDP
1020
1021ipv4_udp_novrf()
1022{
1023 local a
1024
1025 #
1026 # server tests
1027 #
1028 for a in ${NSA_IP} ${NSA_LO_IP}
1029 do
1030 log_start
1031 run_cmd nettest -D -s -2 ${NSA_DEV} &
1032 sleep 1
1033 run_cmd_nsb nettest -D -r ${a}
1034 log_test_addr ${a} $? 0 "Global server"
1035
1036 log_start
1037 show_hint "Should fail 'Connection refused' since there is no server"
1038 run_cmd_nsb nettest -D -r ${a}
1039 log_test_addr ${a} $? 1 "No server"
1040 done
1041
1042 a=${NSA_IP}
1043 log_start
1044 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1045 sleep 1
1046 run_cmd_nsb nettest -D -r ${a}
1047 log_test_addr ${a} $? 0 "Device server"
1048
1049 #
1050 # client
1051 #
1052 for a in ${NSB_IP} ${NSB_LO_IP}
1053 do
1054 log_start
1055 run_cmd_nsb nettest -D -s &
1056 sleep 1
1057 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1058 log_test_addr ${a} $? 0 "Client"
1059
1060 log_start
1061 run_cmd_nsb nettest -D -s &
1062 sleep 1
1063 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1064 log_test_addr ${a} $? 0 "Client, device bind"
1065
1066 log_start
1067 run_cmd_nsb nettest -D -s &
1068 sleep 1
1069 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1070 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1071
1072 log_start
1073 run_cmd_nsb nettest -D -s &
1074 sleep 1
1075 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1076 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1077
1078 log_start
1079 show_hint "Should fail 'Connection refused'"
1080 run_cmd nettest -D -r ${a}
1081 log_test_addr ${a} $? 1 "No server, unbound client"
1082
1083 log_start
1084 show_hint "Should fail 'Connection refused'"
1085 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1086 log_test_addr ${a} $? 1 "No server, device client"
1087 done
1088
1089 #
1090 # local address tests
1091 #
1092 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1093 do
1094 log_start
1095 run_cmd nettest -D -s &
1096 sleep 1
1097 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1098 log_test_addr ${a} $? 0 "Global server, local connection"
1099 done
1100
1101 a=${NSA_IP}
1102 log_start
1103 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1104 sleep 1
1105 run_cmd nettest -D -r ${a}
1106 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1107
1108 for a in ${NSA_LO_IP} 127.0.0.1
1109 do
1110 log_start
1111 show_hint "Should fail 'Connection refused' since address is out of device scope"
1112 run_cmd nettest -s -D -d ${NSA_DEV} &
1113 sleep 1
1114 run_cmd nettest -D -r ${a}
1115 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1116 done
1117
1118 a=${NSA_IP}
1119 log_start
1120 run_cmd nettest -s -D &
1121 sleep 1
1122 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1123 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1124
1125 log_start
1126 run_cmd nettest -s -D &
1127 sleep 1
1128 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1129 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1130
1131 log_start
1132 run_cmd nettest -s -D &
1133 sleep 1
1134 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1135 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1136
1137 # IPv4 with device bind has really weird behavior - it overrides the
1138 # fib lookup, generates an rtable and tries to send the packet. This
1139 # causes failures for local traffic at different places
1140 for a in ${NSA_LO_IP} 127.0.0.1
1141 do
1142 log_start
1143 show_hint "Should fail since addresses on loopback are out of device scope"
1144 run_cmd nettest -D -s &
1145 sleep 1
1146 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1147 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1148
1149 log_start
1150 show_hint "Should fail since addresses on loopback are out of device scope"
1151 run_cmd nettest -D -s &
1152 sleep 1
1153 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1154 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1155
1156 log_start
1157 show_hint "Should fail since addresses on loopback are out of device scope"
1158 run_cmd nettest -D -s &
1159 sleep 1
1160 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1161 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1162 done
1163
1164 a=${NSA_IP}
1165 log_start
1166 run_cmd nettest -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1167 sleep 1
1168 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1169 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1170
1171 log_start
1172 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1173 log_test_addr ${a} $? 2 "No server, device client, local conn"
1174}
1175
1176ipv4_udp_vrf()
1177{
1178 local a
1179
1180 # disable global server
1181 log_subsection "Global server disabled"
1182 set_sysctl net.ipv4.udp_l3mdev_accept=0
1183
1184 #
1185 # server tests
1186 #
1187 for a in ${NSA_IP} ${VRF_IP}
1188 do
1189 log_start
1190 show_hint "Fails because ingress is in a VRF and global server is disabled"
1191 run_cmd nettest -D -s &
1192 sleep 1
1193 run_cmd_nsb nettest -D -r ${a}
1194 log_test_addr ${a} $? 1 "Global server"
1195
1196 log_start
1197 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1198 sleep 1
1199 run_cmd_nsb nettest -D -r ${a}
1200 log_test_addr ${a} $? 0 "VRF server"
1201
1202 log_start
1203 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1204 sleep 1
1205 run_cmd_nsb nettest -D -r ${a}
1206 log_test_addr ${a} $? 0 "Enslaved device server"
1207
1208 log_start
1209 show_hint "Should fail 'Connection refused' since there is no server"
1210 run_cmd_nsb nettest -D -r ${a}
1211 log_test_addr ${a} $? 1 "No server"
1212
1213 log_start
1214 show_hint "Should fail 'Connection refused' since global server is out of scope"
1215 run_cmd nettest -D -s &
1216 sleep 1
1217 run_cmd nettest -D -d ${VRF} -r ${a}
1218 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1219 done
1220
1221 a=${NSA_IP}
1222 log_start
1223 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1224 sleep 1
1225 run_cmd nettest -D -d ${VRF} -r ${a}
1226 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1227
1228 log_start
1229 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1230 sleep 1
1231 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1232 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1233
1234 a=${NSA_IP}
1235 log_start
1236 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1237 sleep 1
1238 run_cmd nettest -D -d ${VRF} -r ${a}
1239 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1240
1241 log_start
1242 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1243 sleep 1
1244 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1245 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1246
1247 # enable global server
1248 log_subsection "Global server enabled"
1249 set_sysctl net.ipv4.udp_l3mdev_accept=1
1250
1251 #
1252 # server tests
1253 #
1254 for a in ${NSA_IP} ${VRF_IP}
1255 do
1256 log_start
1257 run_cmd nettest -D -s -2 ${NSA_DEV} &
1258 sleep 1
1259 run_cmd_nsb nettest -D -r ${a}
1260 log_test_addr ${a} $? 0 "Global server"
1261
1262 log_start
1263 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1264 sleep 1
1265 run_cmd_nsb nettest -D -r ${a}
1266 log_test_addr ${a} $? 0 "VRF server"
1267
1268 log_start
1269 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1270 sleep 1
1271 run_cmd_nsb nettest -D -r ${a}
1272 log_test_addr ${a} $? 0 "Enslaved device server"
1273
1274 log_start
1275 show_hint "Should fail 'Connection refused'"
1276 run_cmd_nsb nettest -D -r ${a}
1277 log_test_addr ${a} $? 1 "No server"
1278 done
1279
1280 #
1281 # client tests
1282 #
1283 log_start
1284 run_cmd_nsb nettest -D -s &
1285 sleep 1
1286 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1287 log_test $? 0 "VRF client"
1288
1289 log_start
1290 run_cmd_nsb nettest -D -s &
1291 sleep 1
1292 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1293 log_test $? 0 "Enslaved device client"
1294
1295 # negative test - should fail
1296 log_start
1297 show_hint "Should fail 'Connection refused'"
1298 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1299 log_test $? 1 "No server, VRF client"
1300
1301 log_start
1302 show_hint "Should fail 'Connection refused'"
1303 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1304 log_test $? 1 "No server, enslaved device client"
1305
1306 #
1307 # local address tests
1308 #
1309 a=${NSA_IP}
1310 log_start
1311 run_cmd nettest -D -s -2 ${NSA_DEV} &
1312 sleep 1
1313 run_cmd nettest -D -d ${VRF} -r ${a}
1314 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1315
1316 log_start
1317 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1318 sleep 1
1319 run_cmd nettest -D -d ${VRF} -r ${a}
1320 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1321
1322 log_start
1323 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1324 sleep 1
1325 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1326 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1327
1328 log_start
1329 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1330 sleep 1
1331 run_cmd nettest -D -d ${VRF} -r ${a}
1332 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1333
1334 log_start
1335 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1336 sleep 1
1337 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1338 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1339
1340 for a in ${VRF_IP} 127.0.0.1
1341 do
1342 log_start
1343 run_cmd nettest -D -s -2 ${VRF} &
1344 sleep 1
1345 run_cmd nettest -D -d ${VRF} -r ${a}
1346 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1347 done
1348
1349 for a in ${VRF_IP} 127.0.0.1
1350 do
1351 log_start
1352 run_cmd nettest -s -D -d ${VRF} -2 ${VRF} &
1353 sleep 1
1354 run_cmd nettest -D -d ${VRF} -r ${a}
1355 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1356 done
1357
1358 # negative test - should fail
1359 # verifies ECONNREFUSED
1360 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1361 do
1362 log_start
1363 show_hint "Should fail 'Connection refused'"
1364 run_cmd nettest -D -d ${VRF} -r ${a}
1365 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1366 done
1367}
1368
1369ipv4_udp()
1370{
1371 log_section "IPv4/UDP"
1372 log_subsection "No VRF"
1373
1374 setup
1375
1376 # udp_l3mdev_accept should have no affect without VRF;
1377 # run tests with it enabled and disabled to verify
1378 log_subsection "udp_l3mdev_accept disabled"
1379 set_sysctl net.ipv4.udp_l3mdev_accept=0
1380 ipv4_udp_novrf
1381 log_subsection "udp_l3mdev_accept enabled"
1382 set_sysctl net.ipv4.udp_l3mdev_accept=1
1383 ipv4_udp_novrf
1384
1385 log_subsection "With VRF"
1386 setup "yes"
1387 ipv4_udp_vrf
1388}
1389
1390################################################################################
1391# IPv4 address bind
1392#
1393# verifies ability or inability to bind to an address / device
1394
1395ipv4_addr_bind_novrf()
1396{
1397 #
1398 # raw socket
1399 #
1400 for a in ${NSA_IP} ${NSA_LO_IP}
1401 do
1402 log_start
1403 run_cmd nettest -s -R -P icmp -l ${a} -b
1404 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1405
1406 log_start
1407 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1408 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1409 done
1410
1411 #
1412 # tcp sockets
1413 #
1414 a=${NSA_IP}
1415 log_start
1416 run_cmd nettest -l ${a} -r ${NSB_IP} -t1 -b
1417 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1418
1419 log_start
1420 run_cmd nettest -l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1421 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1422
1423 # Sadly, the kernel allows binding a socket to a device and then
1424 # binding to an address not on the device. The only restriction
1425 # is that the address is valid in the L3 domain. So this test
1426 # passes when it really should not
1427 #a=${NSA_LO_IP}
1428 #log_start
1429 #show_hint "Should fail with 'Cannot assign requested address'"
1430 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1431 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1432}
1433
1434ipv4_addr_bind_vrf()
1435{
1436 #
1437 # raw socket
1438 #
1439 for a in ${NSA_IP} ${VRF_IP}
1440 do
1441 log_start
1442 run_cmd nettest -s -R -P icmp -l ${a} -b
1443 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1444
1445 log_start
1446 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1447 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1448 log_start
1449 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1450 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1451 done
1452
1453 a=${NSA_LO_IP}
1454 log_start
1455 show_hint "Address on loopback is out of VRF scope"
1456 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1457 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1458
1459 #
1460 # tcp sockets
1461 #
1462 for a in ${NSA_IP} ${VRF_IP}
1463 do
1464 log_start
1465 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1466 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1467
1468 log_start
1469 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1470 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1471 done
1472
1473 a=${NSA_LO_IP}
1474 log_start
1475 show_hint "Address on loopback out of scope for VRF"
1476 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1477 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1478
1479 log_start
1480 show_hint "Address on loopback out of scope for device in VRF"
1481 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1482 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1483}
1484
1485ipv4_addr_bind()
1486{
1487 log_section "IPv4 address binds"
1488
1489 log_subsection "No VRF"
1490 setup
1491 ipv4_addr_bind_novrf
1492
1493 log_subsection "With VRF"
1494 setup "yes"
1495 ipv4_addr_bind_vrf
1496}
1497
1498################################################################################
1499# IPv4 runtime tests
1500
1501ipv4_rt()
1502{
1503 local desc="$1"
1504 local varg="$2"
1505 local with_vrf="yes"
1506 local a
1507
1508 #
1509 # server tests
1510 #
1511 for a in ${NSA_IP} ${VRF_IP}
1512 do
1513 log_start
1514 run_cmd nettest ${varg} -s &
1515 sleep 1
1516 run_cmd_nsb nettest ${varg} -r ${a} &
1517 sleep 3
1518 run_cmd ip link del ${VRF}
1519 sleep 1
1520 log_test_addr ${a} 0 0 "${desc}, global server"
1521
1522 setup ${with_vrf}
1523 done
1524
1525 for a in ${NSA_IP} ${VRF_IP}
1526 do
1527 log_start
1528 run_cmd nettest ${varg} -s -d ${VRF} &
1529 sleep 1
1530 run_cmd_nsb nettest ${varg} -r ${a} &
1531 sleep 3
1532 run_cmd ip link del ${VRF}
1533 sleep 1
1534 log_test_addr ${a} 0 0 "${desc}, VRF server"
1535
1536 setup ${with_vrf}
1537 done
1538
1539 a=${NSA_IP}
1540 log_start
1541 run_cmd nettest ${varg} -s -d ${NSA_DEV} &
1542 sleep 1
1543 run_cmd_nsb nettest ${varg} -r ${a} &
1544 sleep 3
1545 run_cmd ip link del ${VRF}
1546 sleep 1
1547 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1548
1549 setup ${with_vrf}
1550
1551 #
1552 # client test
1553 #
1554 log_start
1555 run_cmd_nsb nettest ${varg} -s &
1556 sleep 1
1557 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
1558 sleep 3
1559 run_cmd ip link del ${VRF}
1560 sleep 1
1561 log_test_addr ${a} 0 0 "${desc}, VRF client"
1562
1563 setup ${with_vrf}
1564
1565 log_start
1566 run_cmd_nsb nettest ${varg} -s &
1567 sleep 1
1568 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
1569 sleep 3
1570 run_cmd ip link del ${VRF}
1571 sleep 1
1572 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1573
1574 setup ${with_vrf}
1575
1576 #
1577 # local address tests
1578 #
1579 for a in ${NSA_IP} ${VRF_IP}
1580 do
1581 log_start
1582 run_cmd nettest ${varg} -s &
1583 sleep 1
1584 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1585 sleep 3
1586 run_cmd ip link del ${VRF}
1587 sleep 1
1588 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1589
1590 setup ${with_vrf}
1591 done
1592
1593 for a in ${NSA_IP} ${VRF_IP}
1594 do
1595 log_start
1596 run_cmd nettest ${varg} -d ${VRF} -s &
1597 sleep 1
1598 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1599 sleep 3
1600 run_cmd ip link del ${VRF}
1601 sleep 1
1602 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1603
1604 setup ${with_vrf}
1605 done
1606
1607 a=${NSA_IP}
1608 log_start
1609 run_cmd nettest ${varg} -s &
1610 sleep 1
1611 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1612 sleep 3
1613 run_cmd ip link del ${VRF}
1614 sleep 1
1615 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
1616
1617 setup ${with_vrf}
1618
1619 log_start
1620 run_cmd nettest ${varg} -d ${VRF} -s &
1621 sleep 1
1622 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1623 sleep 3
1624 run_cmd ip link del ${VRF}
1625 sleep 1
1626 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1627
1628 setup ${with_vrf}
1629
1630 log_start
1631 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
1632 sleep 1
1633 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1634 sleep 3
1635 run_cmd ip link del ${VRF}
1636 sleep 1
1637 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
1638}
1639
1640ipv4_ping_rt()
1641{
1642 local with_vrf="yes"
1643 local a
1644
1645 for a in ${NSA_IP} ${VRF_IP}
1646 do
1647 log_start
1648 run_cmd_nsb ping -f ${a} &
1649 sleep 3
1650 run_cmd ip link del ${VRF}
1651 sleep 1
1652 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
1653
1654 setup ${with_vrf}
1655 done
1656
1657 a=${NSB_IP}
1658 log_start
1659 run_cmd ping -f -I ${VRF} ${a} &
1660 sleep 3
1661 run_cmd ip link del ${VRF}
1662 sleep 1
1663 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
1664}
1665
1666ipv4_runtime()
1667{
1668 log_section "Run time tests - ipv4"
1669
1670 setup "yes"
1671 ipv4_ping_rt
1672
1673 setup "yes"
1674 ipv4_rt "TCP active socket" "-n -1"
1675
1676 setup "yes"
1677 ipv4_rt "TCP passive socket" "-i"
1678}
1679
1680################################################################################
1681# IPv6
1682
1683ipv6_ping_novrf()
1684{
1685 local a
1686
1687 # should not have an impact, but make a known state
1688 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
1689
1690 #
1691 # out
1692 #
1693 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1694 do
1695 log_start
1696 run_cmd ${ping6} -c1 -w1 ${a}
1697 log_test_addr ${a} $? 0 "ping out"
1698 done
1699
1700 for a in ${NSB_IP6} ${NSB_LO_IP6}
1701 do
1702 log_start
1703 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1704 log_test_addr ${a} $? 0 "ping out, device bind"
1705
1706 log_start
1707 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
1708 log_test_addr ${a} $? 0 "ping out, loopback address bind"
1709 done
1710
1711 #
1712 # in
1713 #
1714 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1715 do
1716 log_start
1717 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1718 log_test_addr ${a} $? 0 "ping in"
1719 done
1720
1721 #
1722 # local traffic, local address
1723 #
1724 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1725 do
1726 log_start
1727 run_cmd ${ping6} -c1 -w1 ${a}
1728 log_test_addr ${a} $? 0 "ping local, no bind"
1729 done
1730
1731 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1732 do
1733 log_start
1734 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1735 log_test_addr ${a} $? 0 "ping local, device bind"
1736 done
1737
1738 for a in ${NSA_LO_IP6} ::1
1739 do
1740 log_start
1741 show_hint "Fails since address on loopback is out of device scope"
1742 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1743 log_test_addr ${a} $? 2 "ping local, device bind"
1744 done
1745
1746 #
1747 # ip rule blocks address
1748 #
1749 log_start
1750 setup_cmd ip -6 rule add pref 32765 from all lookup local
1751 setup_cmd ip -6 rule del pref 0 from all lookup local
1752 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
1753 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
1754
1755 a=${NSB_LO_IP6}
1756 run_cmd ${ping6} -c1 -w1 ${a}
1757 log_test_addr ${a} $? 2 "ping out, blocked by rule"
1758
1759 log_start
1760 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1761 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
1762
1763 a=${NSA_LO_IP6}
1764 log_start
1765 show_hint "Response lost due to ip rule"
1766 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1767 log_test_addr ${a} $? 1 "ping in, blocked by rule"
1768
1769 setup_cmd ip -6 rule add pref 0 from all lookup local
1770 setup_cmd ip -6 rule del pref 32765 from all lookup local
1771 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
1772 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
1773
1774 #
1775 # route blocks reachability to remote address
1776 #
1777 log_start
1778 setup_cmd ip -6 route del ${NSB_LO_IP6}
1779 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
1780 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
1781
1782 a=${NSB_LO_IP6}
1783 run_cmd ${ping6} -c1 -w1 ${a}
1784 log_test_addr ${a} $? 2 "ping out, blocked by route"
1785
1786 log_start
1787 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1788 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
1789
1790 a=${NSA_LO_IP6}
1791 log_start
1792 show_hint "Response lost due to ip route"
1793 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1794 log_test_addr ${a} $? 1 "ping in, blocked by route"
1795
1796
1797 #
1798 # remove 'remote' routes; fallback to default
1799 #
1800 log_start
1801 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
1802 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
1803
1804 a=${NSB_LO_IP6}
1805 run_cmd ${ping6} -c1 -w1 ${a}
1806 log_test_addr ${a} $? 2 "ping out, unreachable route"
1807
1808 log_start
1809 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1810 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
1811}
1812
1813ipv6_ping_vrf()
1814{
1815 local a
1816
1817 # should default on; does not exist on older kernels
1818 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
1819
1820 #
1821 # out
1822 #
1823 for a in ${NSB_IP6} ${NSB_LO_IP6}
1824 do
1825 log_start
1826 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
1827 log_test_addr ${a} $? 0 "ping out, VRF bind"
1828 done
1829
1830 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
1831 do
1832 log_start
1833 show_hint "Fails since VRF device does not support linklocal or multicast"
1834 run_cmd ${ping6} -c1 -w1 ${a}
1835 log_test_addr ${a} $? 2 "ping out, VRF bind"
1836 done
1837
1838 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1839 do
1840 log_start
1841 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1842 log_test_addr ${a} $? 0 "ping out, device bind"
1843 done
1844
1845 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
1846 do
1847 log_start
1848 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
1849 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
1850 done
1851
1852 #
1853 # in
1854 #
1855 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1856 do
1857 log_start
1858 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1859 log_test_addr ${a} $? 0 "ping in"
1860 done
1861
1862 a=${NSA_LO_IP6}
1863 log_start
1864 show_hint "Fails since loopback address is out of VRF scope"
1865 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1866 log_test_addr ${a} $? 1 "ping in"
1867
1868 #
1869 # local traffic, local address
1870 #
1871 for a in ${NSA_IP6} ${VRF_IP6} ::1
1872 do
1873 log_start
1874 show_hint "Source address should be ${a}"
1875 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
1876 log_test_addr ${a} $? 0 "ping local, VRF bind"
1877 done
1878
1879 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1880 do
1881 log_start
1882 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1883 log_test_addr ${a} $? 0 "ping local, device bind"
1884 done
1885
1886 # LLA to GUA - remove ipv6 global addresses from ns-B
1887 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
1888 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
1889 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1890
1891 for a in ${NSA_IP6} ${VRF_IP6}
1892 do
1893 log_start
1894 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
1895 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
1896 done
1897
1898 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1899 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
1900 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
1901
1902 #
1903 # ip rule blocks address
1904 #
1905 log_start
1906 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
1907 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
1908
1909 a=${NSB_LO_IP6}
1910 run_cmd ${ping6} -c1 -w1 ${a}
1911 log_test_addr ${a} $? 2 "ping out, blocked by rule"
1912
1913 log_start
1914 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1915 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
1916
1917 a=${NSA_LO_IP6}
1918 log_start
1919 show_hint "Response lost due to ip rule"
1920 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1921 log_test_addr ${a} $? 1 "ping in, blocked by rule"
1922
1923 log_start
1924 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
1925 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
1926
1927 #
1928 # remove 'remote' routes; fallback to default
1929 #
1930 log_start
1931 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
1932
1933 a=${NSB_LO_IP6}
1934 run_cmd ${ping6} -c1 -w1 ${a}
1935 log_test_addr ${a} $? 2 "ping out, unreachable route"
1936
1937 log_start
1938 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1939 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
1940
1941 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
1942 a=${NSA_LO_IP6}
1943 log_start
1944 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1945 log_test_addr ${a} $? 2 "ping in, unreachable route"
1946}
1947
1948ipv6_ping()
1949{
1950 log_section "IPv6 ping"
1951
1952 log_subsection "No VRF"
1953 setup
1954 ipv6_ping_novrf
1955
1956 log_subsection "With VRF"
1957 setup "yes"
1958 ipv6_ping_vrf
1959}
1960
1961################################################################################
1962# IPv6 TCP
1963
1964ipv6_tcp_novrf()
1965{
1966 local a
1967
1968 #
1969 # server tests
1970 #
1971 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1972 do
1973 log_start
1974 run_cmd nettest -6 -s &
1975 sleep 1
1976 run_cmd_nsb nettest -6 -r ${a}
1977 log_test_addr ${a} $? 0 "Global server"
1978 done
1979
1980 # verify TCP reset received
1981 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1982 do
1983 log_start
1984 show_hint "Should fail 'Connection refused'"
1985 run_cmd_nsb nettest -6 -r ${a}
1986 log_test_addr ${a} $? 1 "No server"
1987 done
1988
1989 #
1990 # client
1991 #
1992 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
1993 do
1994 log_start
1995 run_cmd_nsb nettest -6 -s &
1996 sleep 1
1997 run_cmd nettest -6 -r ${a}
1998 log_test_addr ${a} $? 0 "Client"
1999 done
2000
2001 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2002 do
2003 log_start
2004 run_cmd_nsb nettest -6 -s &
2005 sleep 1
2006 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2007 log_test_addr ${a} $? 0 "Client, device bind"
2008 done
2009
2010 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2011 do
2012 log_start
2013 show_hint "Should fail 'Connection refused'"
2014 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2015 log_test_addr ${a} $? 1 "No server, device client"
2016 done
2017
2018 #
2019 # local address tests
2020 #
2021 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2022 do
2023 log_start
2024 run_cmd nettest -6 -s &
2025 sleep 1
2026 run_cmd nettest -6 -r ${a}
2027 log_test_addr ${a} $? 0 "Global server, local connection"
2028 done
2029
2030 a=${NSA_IP6}
2031 log_start
2032 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2033 sleep 1
2034 run_cmd nettest -6 -r ${a} -0 ${a}
2035 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2036
2037 for a in ${NSA_LO_IP6} ::1
2038 do
2039 log_start
2040 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2041 run_cmd nettest -6 -s -d ${NSA_DEV} &
2042 sleep 1
2043 run_cmd nettest -6 -r ${a}
2044 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2045 done
2046
2047 a=${NSA_IP6}
2048 log_start
2049 run_cmd nettest -6 -s &
2050 sleep 1
2051 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2052 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2053
2054 for a in ${NSA_LO_IP6} ::1
2055 do
2056 log_start
2057 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2058 run_cmd nettest -6 -s &
2059 sleep 1
2060 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2061 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2062 done
2063
2064 for a in ${NSA_IP6} ${NSA_LINKIP6}
2065 do
2066 log_start
2067 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2068 sleep 1
2069 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2070 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2071 done
2072
2073 for a in ${NSA_IP6} ${NSA_LINKIP6}
2074 do
2075 log_start
2076 show_hint "Should fail 'Connection refused'"
2077 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2078 log_test_addr ${a} $? 1 "No server, device client, local conn"
2079 done
2080}
2081
2082ipv6_tcp_vrf()
2083{
2084 local a
2085
2086 # disable global server
2087 log_subsection "Global server disabled"
2088
2089 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2090
2091 #
2092 # server tests
2093 #
2094 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2095 do
2096 log_start
2097 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2098 run_cmd nettest -6 -s &
2099 sleep 1
2100 run_cmd_nsb nettest -6 -r ${a}
2101 log_test_addr ${a} $? 1 "Global server"
2102 done
2103
2104 for a in ${NSA_IP6} ${VRF_IP6}
2105 do
2106 log_start
2107 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2108 sleep 1
2109 run_cmd_nsb nettest -6 -r ${a}
2110 log_test_addr ${a} $? 0 "VRF server"
2111 done
2112
2113 # link local is always bound to ingress device
2114 a=${NSA_LINKIP6}%${NSB_DEV}
2115 log_start
2116 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
2117 sleep 1
2118 run_cmd_nsb nettest -6 -r ${a}
2119 log_test_addr ${a} $? 0 "VRF server"
2120
2121 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2122 do
2123 log_start
2124 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2125 sleep 1
2126 run_cmd_nsb nettest -6 -r ${a}
2127 log_test_addr ${a} $? 0 "Device server"
2128 done
2129
2130 # verify TCP reset received
2131 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2132 do
2133 log_start
2134 show_hint "Should fail 'Connection refused'"
2135 run_cmd_nsb nettest -6 -r ${a}
2136 log_test_addr ${a} $? 1 "No server"
2137 done
2138
2139 # local address tests
2140 a=${NSA_IP6}
2141 log_start
2142 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
2143 run_cmd nettest -6 -s &
2144 sleep 1
2145 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2146 log_test_addr ${a} $? 1 "Global server, local connection"
2147
2148 #
2149 # enable VRF global server
2150 #
2151 log_subsection "VRF Global server enabled"
2152 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2153
2154 for a in ${NSA_IP6} ${VRF_IP6}
2155 do
2156 log_start
2157 run_cmd nettest -6 -s -2 ${VRF} &
2158 sleep 1
2159 run_cmd_nsb nettest -6 -r ${a}
2160 log_test_addr ${a} $? 0 "Global server"
2161 done
2162
2163 for a in ${NSA_IP6} ${VRF_IP6}
2164 do
2165 log_start
2166 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2167 sleep 1
2168 run_cmd_nsb nettest -6 -r ${a}
2169 log_test_addr ${a} $? 0 "VRF server"
2170 done
2171
2172 # For LLA, child socket is bound to device
2173 a=${NSA_LINKIP6}%${NSB_DEV}
2174 log_start
2175 run_cmd nettest -6 -s -2 ${NSA_DEV} &
2176 sleep 1
2177 run_cmd_nsb nettest -6 -r ${a}
2178 log_test_addr ${a} $? 0 "Global server"
2179
2180 log_start
2181 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
2182 sleep 1
2183 run_cmd_nsb nettest -6 -r ${a}
2184 log_test_addr ${a} $? 0 "VRF server"
2185
2186 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2187 do
2188 log_start
2189 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2190 sleep 1
2191 run_cmd_nsb nettest -6 -r ${a}
2192 log_test_addr ${a} $? 0 "Device server"
2193 done
2194
2195 # verify TCP reset received
2196 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2197 do
2198 log_start
2199 show_hint "Should fail 'Connection refused'"
2200 run_cmd_nsb nettest -6 -r ${a}
2201 log_test_addr ${a} $? 1 "No server"
2202 done
2203
2204 # local address tests
2205 for a in ${NSA_IP6} ${VRF_IP6}
2206 do
2207 log_start
2208 show_hint "Fails 'No route to host' since client is not in VRF"
2209 run_cmd nettest -6 -s -2 ${VRF} &
2210 sleep 1
2211 run_cmd nettest -6 -r ${a}
2212 log_test_addr ${a} $? 1 "Global server, local connection"
2213 done
2214
2215
2216 #
2217 # client
2218 #
2219 for a in ${NSB_IP6} ${NSB_LO_IP6}
2220 do
2221 log_start
2222 run_cmd_nsb nettest -6 -s &
2223 sleep 1
2224 run_cmd nettest -6 -r ${a} -d ${VRF}
2225 log_test_addr ${a} $? 0 "Client, VRF bind"
2226 done
2227
2228 a=${NSB_LINKIP6}
2229 log_start
2230 show_hint "Fails since VRF device does not allow linklocal addresses"
2231 run_cmd_nsb nettest -6 -s &
2232 sleep 1
2233 run_cmd nettest -6 -r ${a} -d ${VRF}
2234 log_test_addr ${a} $? 1 "Client, VRF bind"
2235
2236 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2237 do
2238 log_start
2239 run_cmd_nsb nettest -6 -s &
2240 sleep 1
2241 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2242 log_test_addr ${a} $? 0 "Client, device bind"
2243 done
2244
2245 for a in ${NSB_IP6} ${NSB_LO_IP6}
2246 do
2247 log_start
2248 show_hint "Should fail 'Connection refused'"
2249 run_cmd nettest -6 -r ${a} -d ${VRF}
2250 log_test_addr ${a} $? 1 "No server, VRF client"
2251 done
2252
2253 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2254 do
2255 log_start
2256 show_hint "Should fail 'Connection refused'"
2257 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2258 log_test_addr ${a} $? 1 "No server, device client"
2259 done
2260
2261 for a in ${NSA_IP6} ${VRF_IP6} ::1
2262 do
2263 log_start
2264 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2265 sleep 1
2266 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2267 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2268 done
2269
2270 a=${NSA_IP6}
2271 log_start
2272 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
2273 sleep 1
2274 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2275 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2276
2277 a=${NSA_IP6}
2278 log_start
2279 show_hint "Should fail since unbound client is out of VRF scope"
2280 run_cmd nettest -6 -s -d ${VRF} &
2281 sleep 1
2282 run_cmd nettest -6 -r ${a}
2283 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2284
2285 log_start
2286 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2287 sleep 1
2288 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2289 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2290
2291 for a in ${NSA_IP6} ${NSA_LINKIP6}
2292 do
2293 log_start
2294 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2295 sleep 1
2296 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2297 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2298 done
2299}
2300
2301ipv6_tcp()
2302{
2303 log_section "IPv6/TCP"
2304 log_subsection "No VRF"
2305 setup
2306
2307 # tcp_l3mdev_accept should have no affect without VRF;
2308 # run tests with it enabled and disabled to verify
2309 log_subsection "tcp_l3mdev_accept disabled"
2310 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2311 ipv6_tcp_novrf
2312 log_subsection "tcp_l3mdev_accept enabled"
2313 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2314 ipv6_tcp_novrf
2315
2316 log_subsection "With VRF"
2317 setup "yes"
2318 ipv6_tcp_vrf
2319}
2320
2321################################################################################
2322# IPv6 UDP
2323
2324ipv6_udp_novrf()
2325{
2326 local a
2327
2328 #
2329 # server tests
2330 #
2331 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2332 do
2333 log_start
2334 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2335 sleep 1
2336 run_cmd_nsb nettest -6 -D -r ${a}
2337 log_test_addr ${a} $? 0 "Global server"
2338
2339 log_start
2340 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2341 sleep 1
2342 run_cmd_nsb nettest -6 -D -r ${a}
2343 log_test_addr ${a} $? 0 "Device server"
2344 done
2345
2346 a=${NSA_LO_IP6}
2347 log_start
2348 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2349 sleep 1
2350 run_cmd_nsb nettest -6 -D -r ${a}
2351 log_test_addr ${a} $? 0 "Global server"
2352
2353 # should fail since loopback address is out of scope for a device
2354 # bound server, but it does not - hence this is more documenting
2355 # behavior.
2356 #log_start
2357 #show_hint "Should fail since loopback address is out of scope"
2358 #run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2359 #sleep 1
2360 #run_cmd_nsb nettest -6 -D -r ${a}
2361 #log_test_addr ${a} $? 1 "Device server"
2362
2363 # negative test - should fail
2364 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2365 do
2366 log_start
2367 show_hint "Should fail 'Connection refused' since there is no server"
2368 run_cmd_nsb nettest -6 -D -r ${a}
2369 log_test_addr ${a} $? 1 "No server"
2370 done
2371
2372 #
2373 # client
2374 #
2375 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2376 do
2377 log_start
2378 run_cmd_nsb nettest -6 -D -s &
2379 sleep 1
2380 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2381 log_test_addr ${a} $? 0 "Client"
2382
2383 log_start
2384 run_cmd_nsb nettest -6 -D -s &
2385 sleep 1
2386 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2387 log_test_addr ${a} $? 0 "Client, device bind"
2388
2389 log_start
2390 run_cmd_nsb nettest -6 -D -s &
2391 sleep 1
2392 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2393 log_test_addr ${a} $? 0 "Client, device send via cmsg"
2394
2395 log_start
2396 run_cmd_nsb nettest -6 -D -s &
2397 sleep 1
2398 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2399 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
2400
2401 log_start
2402 show_hint "Should fail 'Connection refused'"
2403 run_cmd nettest -6 -D -r ${a}
2404 log_test_addr ${a} $? 1 "No server, unbound client"
2405
2406 log_start
2407 show_hint "Should fail 'Connection refused'"
2408 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2409 log_test_addr ${a} $? 1 "No server, device client"
2410 done
2411
2412 #
2413 # local address tests
2414 #
2415 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2416 do
2417 log_start
2418 run_cmd nettest -6 -D -s &
2419 sleep 1
2420 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
2421 log_test_addr ${a} $? 0 "Global server, local connection"
2422 done
2423
2424 a=${NSA_IP6}
2425 log_start
2426 run_cmd nettest -6 -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
2427 sleep 1
2428 run_cmd nettest -6 -D -r ${a}
2429 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2430
2431 for a in ${NSA_LO_IP6} ::1
2432 do
2433 log_start
2434 show_hint "Should fail 'Connection refused' since address is out of device scope"
2435 run_cmd nettest -6 -s -D -d ${NSA_DEV} &
2436 sleep 1
2437 run_cmd nettest -6 -D -r ${a}
2438 log_test_addr ${a} $? 1 "Device server, local connection"
2439 done
2440
2441 a=${NSA_IP6}
2442 log_start
2443 run_cmd nettest -6 -s -D &
2444 sleep 1
2445 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2446 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2447
2448 log_start
2449 run_cmd nettest -6 -s -D &
2450 sleep 1
2451 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
2452 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
2453
2454 log_start
2455 run_cmd nettest -6 -s -D &
2456 sleep 1
2457 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
2458 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
2459
2460 for a in ${NSA_LO_IP6} ::1
2461 do
2462 log_start
2463 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2464 run_cmd nettest -6 -D -s &
2465 sleep 1
2466 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2467 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2468
2469 log_start
2470 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2471 run_cmd nettest -6 -D -s &
2472 sleep 1
2473 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
2474 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
2475
2476 log_start
2477 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
2478 run_cmd nettest -6 -D -s &
2479 sleep 1
2480 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
2481 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
2482 done
2483
2484 a=${NSA_IP6}
2485 log_start
2486 run_cmd nettest -6 -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2487 sleep 1
2488 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
2489 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2490
2491 log_start
2492 show_hint "Should fail 'Connection refused'"
2493 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2494 log_test_addr ${a} $? 1 "No server, device client, local conn"
2495
2496 # LLA to GUA
2497 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2498 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
2499 log_start
2500 run_cmd nettest -6 -s -D &
2501 sleep 1
2502 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
2503 log_test $? 0 "UDP in - LLA to GUA"
2504
2505 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
2506 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
2507}
2508
2509ipv6_udp_vrf()
2510{
2511 local a
2512
2513 # disable global server
2514 log_subsection "Global server disabled"
2515 set_sysctl net.ipv4.udp_l3mdev_accept=0
2516
2517 #
2518 # server tests
2519 #
2520 for a in ${NSA_IP6} ${VRF_IP6}
2521 do
2522 log_start
2523 show_hint "Should fail 'Connection refused' since global server is disabled"
2524 run_cmd nettest -6 -D -s &
2525 sleep 1
2526 run_cmd_nsb nettest -6 -D -r ${a}
2527 log_test_addr ${a} $? 1 "Global server"
2528 done
2529
2530 for a in ${NSA_IP6} ${VRF_IP6}
2531 do
2532 log_start
2533 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2534 sleep 1
2535 run_cmd_nsb nettest -6 -D -r ${a}
2536 log_test_addr ${a} $? 0 "VRF server"
2537 done
2538
2539 for a in ${NSA_IP6} ${VRF_IP6}
2540 do
2541 log_start
2542 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2543 sleep 1
2544 run_cmd_nsb nettest -6 -D -r ${a}
2545 log_test_addr ${a} $? 0 "Enslaved device server"
2546 done
2547
2548 # negative test - should fail
2549 for a in ${NSA_IP6} ${VRF_IP6}
2550 do
2551 log_start
2552 show_hint "Should fail 'Connection refused' since there is no server"
2553 run_cmd_nsb nettest -6 -D -r ${a}
2554 log_test_addr ${a} $? 1 "No server"
2555 done
2556
2557 #
2558 # local address tests
2559 #
2560 for a in ${NSA_IP6} ${VRF_IP6}
2561 do
2562 log_start
2563 show_hint "Should fail 'Connection refused' since global server is disabled"
2564 run_cmd nettest -6 -D -s &
2565 sleep 1
2566 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2567 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
2568 done
2569
2570 for a in ${NSA_IP6} ${VRF_IP6}
2571 do
2572 log_start
2573 run_cmd nettest -6 -D -d ${VRF} -s &
2574 sleep 1
2575 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2576 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
2577 done
2578
2579 a=${NSA_IP6}
2580 log_start
2581 show_hint "Should fail 'Connection refused' since global server is disabled"
2582 run_cmd nettest -6 -D -s &
2583 sleep 1
2584 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2585 log_test_addr ${a} $? 1 "Global server, device client, local conn"
2586
2587 log_start
2588 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2589 sleep 1
2590 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2591 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
2592
2593 log_start
2594 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2595 sleep 1
2596 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2597 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
2598
2599 log_start
2600 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2601 sleep 1
2602 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2603 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
2604
2605 # disable global server
2606 log_subsection "Global server enabled"
2607 set_sysctl net.ipv4.udp_l3mdev_accept=1
2608
2609 #
2610 # server tests
2611 #
2612 for a in ${NSA_IP6} ${VRF_IP6}
2613 do
2614 log_start
2615 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2616 sleep 1
2617 run_cmd_nsb nettest -6 -D -r ${a}
2618 log_test_addr ${a} $? 0 "Global server"
2619 done
2620
2621 for a in ${NSA_IP6} ${VRF_IP6}
2622 do
2623 log_start
2624 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2625 sleep 1
2626 run_cmd_nsb nettest -6 -D -r ${a}
2627 log_test_addr ${a} $? 0 "VRF server"
2628 done
2629
2630 for a in ${NSA_IP6} ${VRF_IP6}
2631 do
2632 log_start
2633 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2634 sleep 1
2635 run_cmd_nsb nettest -6 -D -r ${a}
2636 log_test_addr ${a} $? 0 "Enslaved device server"
2637 done
2638
2639 # negative test - should fail
2640 for a in ${NSA_IP6} ${VRF_IP6}
2641 do
2642 log_start
2643 run_cmd_nsb nettest -6 -D -r ${a}
2644 log_test_addr ${a} $? 1 "No server"
2645 done
2646
2647 #
2648 # client tests
2649 #
2650 log_start
2651 run_cmd_nsb nettest -6 -D -s &
2652 sleep 1
2653 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
2654 log_test $? 0 "VRF client"
2655
2656 # negative test - should fail
2657 log_start
2658 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
2659 log_test $? 1 "No server, VRF client"
2660
2661 log_start
2662 run_cmd_nsb nettest -6 -D -s &
2663 sleep 1
2664 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
2665 log_test $? 0 "Enslaved device client"
2666
2667 # negative test - should fail
2668 log_start
2669 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
2670 log_test $? 1 "No server, enslaved device client"
2671
2672 #
2673 # local address tests
2674 #
2675 a=${NSA_IP6}
2676 log_start
2677 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2678 sleep 1
2679 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2680 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
2681
2682 #log_start
2683 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2684 sleep 1
2685 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2686 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
2687
2688
2689 a=${VRF_IP6}
2690 log_start
2691 run_cmd nettest -6 -D -s -2 ${VRF} &
2692 sleep 1
2693 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2694 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
2695
2696 log_start
2697 run_cmd nettest -6 -D -d ${VRF} -s -2 ${VRF} &
2698 sleep 1
2699 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2700 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
2701
2702 # negative test - should fail
2703 for a in ${NSA_IP6} ${VRF_IP6}
2704 do
2705 log_start
2706 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2707 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
2708 done
2709
2710 # device to global IP
2711 a=${NSA_IP6}
2712 log_start
2713 run_cmd nettest -6 -D -s -2 ${NSA_DEV} &
2714 sleep 1
2715 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2716 log_test_addr ${a} $? 0 "Global server, device client, local conn"
2717
2718 log_start
2719 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} &
2720 sleep 1
2721 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2722 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
2723
2724 log_start
2725 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2726 sleep 1
2727 run_cmd nettest -6 -D -d ${VRF} -r ${a}
2728 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
2729
2730 log_start
2731 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
2732 sleep 1
2733 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2734 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2735
2736 log_start
2737 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2738 log_test_addr ${a} $? 1 "No server, device client, local conn"
2739
2740
2741 # link local addresses
2742 log_start
2743 run_cmd nettest -6 -D -s &
2744 sleep 1
2745 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
2746 log_test $? 0 "Global server, linklocal IP"
2747
2748 log_start
2749 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
2750 log_test $? 1 "No server, linklocal IP"
2751
2752
2753 log_start
2754 run_cmd_nsb nettest -6 -D -s &
2755 sleep 1
2756 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
2757 log_test $? 0 "Enslaved device client, linklocal IP"
2758
2759 log_start
2760 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
2761 log_test $? 1 "No server, device client, peer linklocal IP"
2762
2763
2764 log_start
2765 run_cmd nettest -6 -D -s &
2766 sleep 1
2767 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
2768 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
2769
2770 log_start
2771 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
2772 log_test $? 1 "No server, device client, local conn - linklocal IP"
2773
2774 # LLA to GUA
2775 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2776 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
2777 log_start
2778 run_cmd nettest -6 -s -D &
2779 sleep 1
2780 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
2781 log_test $? 0 "UDP in - LLA to GUA"
2782
2783 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
2784 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
2785}
2786
2787ipv6_udp()
2788{
2789 # should not matter, but set to known state
2790 set_sysctl net.ipv4.udp_early_demux=1
2791
2792 log_section "IPv6/UDP"
2793 log_subsection "No VRF"
2794 setup
2795
2796 # udp_l3mdev_accept should have no affect without VRF;
2797 # run tests with it enabled and disabled to verify
2798 log_subsection "udp_l3mdev_accept disabled"
2799 set_sysctl net.ipv4.udp_l3mdev_accept=0
2800 ipv6_udp_novrf
2801 log_subsection "udp_l3mdev_accept enabled"
2802 set_sysctl net.ipv4.udp_l3mdev_accept=1
2803 ipv6_udp_novrf
2804
2805 log_subsection "With VRF"
2806 setup "yes"
2807 ipv6_udp_vrf
2808}
2809
2810################################################################################
2811# IPv6 address bind
2812
2813ipv6_addr_bind_novrf()
2814{
2815 #
2816 # raw socket
2817 #
2818 for a in ${NSA_IP6} ${NSA_LO_IP6}
2819 do
2820 log_start
2821 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
2822 log_test_addr ${a} $? 0 "Raw socket bind to local address"
2823
2824 log_start
2825 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
2826 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
2827 done
2828
2829 #
2830 # tcp sockets
2831 #
2832 a=${NSA_IP6}
2833 log_start
2834 run_cmd nettest -6 -s -l ${a} -t1 -b
2835 log_test_addr ${a} $? 0 "TCP socket bind to local address"
2836
2837 log_start
2838 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2839 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
2840
2841 a=${NSA_LO_IP6}
2842 log_start
2843 show_hint "Should fail with 'Cannot assign requested address'"
2844 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2845 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
2846}
2847
2848ipv6_addr_bind_vrf()
2849{
2850 #
2851 # raw socket
2852 #
2853 for a in ${NSA_IP6} ${VRF_IP6}
2854 do
2855 log_start
2856 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
2857 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
2858
2859 log_start
2860 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
2861 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
2862 done
2863
2864 a=${NSA_LO_IP6}
2865 log_start
2866 show_hint "Address on loopback is out of VRF scope"
2867 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
2868 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
2869
2870 #
2871 # tcp sockets
2872 #
2873 # address on enslaved device is valid for the VRF or device in a VRF
2874 for a in ${NSA_IP6} ${VRF_IP6}
2875 do
2876 log_start
2877 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
2878 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
2879 done
2880
2881 a=${NSA_IP6}
2882 log_start
2883 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2884 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
2885
2886 a=${VRF_IP6}
2887 log_start
2888 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2889 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind"
2890
2891 a=${NSA_LO_IP6}
2892 log_start
2893 show_hint "Address on loopback out of scope for VRF"
2894 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
2895 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
2896
2897 log_start
2898 show_hint "Address on loopback out of scope for device in VRF"
2899 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
2900 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
2901
2902}
2903
2904ipv6_addr_bind()
2905{
2906 log_section "IPv6 address binds"
2907
2908 log_subsection "No VRF"
2909 setup
2910 ipv6_addr_bind_novrf
2911
2912 log_subsection "With VRF"
2913 setup "yes"
2914 ipv6_addr_bind_vrf
2915}
2916
2917################################################################################
2918# IPv6 runtime tests
2919
2920ipv6_rt()
2921{
2922 local desc="$1"
2923 local varg="-6 $2"
2924 local with_vrf="yes"
2925 local a
2926
2927 #
2928 # server tests
2929 #
2930 for a in ${NSA_IP6} ${VRF_IP6}
2931 do
2932 log_start
2933 run_cmd nettest ${varg} -s &
2934 sleep 1
2935 run_cmd_nsb nettest ${varg} -r ${a} &
2936 sleep 3
2937 run_cmd ip link del ${VRF}
2938 sleep 1
2939 log_test_addr ${a} 0 0 "${desc}, global server"
2940
2941 setup ${with_vrf}
2942 done
2943
2944 for a in ${NSA_IP6} ${VRF_IP6}
2945 do
2946 log_start
2947 run_cmd nettest ${varg} -d ${VRF} -s &
2948 sleep 1
2949 run_cmd_nsb nettest ${varg} -r ${a} &
2950 sleep 3
2951 run_cmd ip link del ${VRF}
2952 sleep 1
2953 log_test_addr ${a} 0 0 "${desc}, VRF server"
2954
2955 setup ${with_vrf}
2956 done
2957
2958 for a in ${NSA_IP6} ${VRF_IP6}
2959 do
2960 log_start
2961 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
2962 sleep 1
2963 run_cmd_nsb nettest ${varg} -r ${a} &
2964 sleep 3
2965 run_cmd ip link del ${VRF}
2966 sleep 1
2967 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
2968
2969 setup ${with_vrf}
2970 done
2971
2972 #
2973 # client test
2974 #
2975 log_start
2976 run_cmd_nsb nettest ${varg} -s &
2977 sleep 1
2978 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
2979 sleep 3
2980 run_cmd ip link del ${VRF}
2981 sleep 1
2982 log_test 0 0 "${desc}, VRF client"
2983
2984 setup ${with_vrf}
2985
2986 log_start
2987 run_cmd_nsb nettest ${varg} -s &
2988 sleep 1
2989 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
2990 sleep 3
2991 run_cmd ip link del ${VRF}
2992 sleep 1
2993 log_test 0 0 "${desc}, enslaved device client"
2994
2995 setup ${with_vrf}
2996
2997
2998 #
2999 # local address tests
3000 #
3001 for a in ${NSA_IP6} ${VRF_IP6}
3002 do
3003 log_start
3004 run_cmd nettest ${varg} -s &
3005 sleep 1
3006 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3007 sleep 3
3008 run_cmd ip link del ${VRF}
3009 sleep 1
3010 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3011
3012 setup ${with_vrf}
3013 done
3014
3015 for a in ${NSA_IP6} ${VRF_IP6}
3016 do
3017 log_start
3018 run_cmd nettest ${varg} -d ${VRF} -s &
3019 sleep 1
3020 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3021 sleep 3
3022 run_cmd ip link del ${VRF}
3023 sleep 1
3024 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3025
3026 setup ${with_vrf}
3027 done
3028
3029 a=${NSA_IP6}
3030 log_start
3031 run_cmd nettest ${varg} -s &
3032 sleep 1
3033 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3034 sleep 3
3035 run_cmd ip link del ${VRF}
3036 sleep 1
3037 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3038
3039 setup ${with_vrf}
3040
3041 log_start
3042 run_cmd nettest ${varg} -d ${VRF} -s &
3043 sleep 1
3044 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3045 sleep 3
3046 run_cmd ip link del ${VRF}
3047 sleep 1
3048 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3049
3050 setup ${with_vrf}
3051
3052 log_start
3053 run_cmd nettest ${varg} -d ${NSA_DEV} -s &
3054 sleep 1
3055 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3056 sleep 3
3057 run_cmd ip link del ${VRF}
3058 sleep 1
3059 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3060}
3061
3062ipv6_ping_rt()
3063{
3064 local with_vrf="yes"
3065 local a
3066
3067 a=${NSA_IP6}
3068 log_start
3069 run_cmd_nsb ${ping6} -f ${a} &
3070 sleep 3
3071 run_cmd ip link del ${VRF}
3072 sleep 1
3073 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3074
3075 setup ${with_vrf}
3076
3077 log_start
3078 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3079 sleep 1
3080 run_cmd ip link del ${VRF}
3081 sleep 1
3082 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3083}
3084
3085ipv6_runtime()
3086{
3087 log_section "Run time tests - ipv6"
3088
3089 setup "yes"
3090 ipv6_ping_rt
3091
3092 setup "yes"
3093 ipv6_rt "TCP active socket" "-n -1"
3094
3095 setup "yes"
3096 ipv6_rt "TCP passive socket" "-i"
3097
3098 setup "yes"
3099 ipv6_rt "UDP active socket" "-D -n -1"
3100}
3101
3102################################################################################
3103# netfilter blocking connections
3104
3105netfilter_tcp_reset()
3106{
3107 local a
3108
3109 for a in ${NSA_IP} ${VRF_IP}
3110 do
3111 log_start
3112 run_cmd nettest -s &
3113 sleep 1
3114 run_cmd_nsb nettest -r ${a}
3115 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3116 done
3117}
3118
3119netfilter_icmp()
3120{
3121 local stype="$1"
3122 local arg
3123 local a
3124
3125 [ "${stype}" = "UDP" ] && arg="-D"
3126
3127 for a in ${NSA_IP} ${VRF_IP}
3128 do
3129 log_start
3130 run_cmd nettest ${arg} -s &
3131 sleep 1
3132 run_cmd_nsb nettest ${arg} -r ${a}
3133 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3134 done
3135}
3136
3137ipv4_netfilter()
3138{
3139 log_section "IPv4 Netfilter"
3140 log_subsection "TCP reset"
3141
3142 setup "yes"
3143 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3144
3145 netfilter_tcp_reset
3146
3147 log_start
3148 log_subsection "ICMP unreachable"
3149
3150 log_start
3151 run_cmd iptables -F
3152 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3153 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3154
3155 netfilter_icmp "TCP"
3156 netfilter_icmp "UDP"
3157
3158 log_start
3159 iptables -F
3160}
3161
3162netfilter_tcp6_reset()
3163{
3164 local a
3165
3166 for a in ${NSA_IP6} ${VRF_IP6}
3167 do
3168 log_start
3169 run_cmd nettest -6 -s &
3170 sleep 1
3171 run_cmd_nsb nettest -6 -r ${a}
3172 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3173 done
3174}
3175
3176netfilter_icmp6()
3177{
3178 local stype="$1"
3179 local arg
3180 local a
3181
3182 [ "${stype}" = "UDP" ] && arg="$arg -D"
3183
3184 for a in ${NSA_IP6} ${VRF_IP6}
3185 do
3186 log_start
3187 run_cmd nettest -6 -s ${arg} &
3188 sleep 1
3189 run_cmd_nsb nettest -6 ${arg} -r ${a}
3190 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3191 done
3192}
3193
3194ipv6_netfilter()
3195{
3196 log_section "IPv6 Netfilter"
3197 log_subsection "TCP reset"
3198
3199 setup "yes"
3200 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3201
3202 netfilter_tcp6_reset
3203
3204 log_subsection "ICMP unreachable"
3205
3206 log_start
3207 run_cmd ip6tables -F
3208 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3209 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3210
3211 netfilter_icmp6 "TCP"
3212 netfilter_icmp6 "UDP"
3213
3214 log_start
3215 ip6tables -F
3216}
3217
3218################################################################################
3219# specific use cases
3220
3221# VRF only.
3222# ns-A device enslaved to bridge. Verify traffic with and without
3223# br_netfilter module loaded. Repeat with SVI on bridge.
3224use_case_br()
3225{
3226 setup "yes"
3227
3228 setup_cmd ip link set ${NSA_DEV} down
3229 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24
3230 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
3231
3232 setup_cmd ip link add br0 type bridge
3233 setup_cmd ip addr add dev br0 ${NSA_IP}/24
3234 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
3235
3236 setup_cmd ip li set ${NSA_DEV} master br0
3237 setup_cmd ip li set ${NSA_DEV} up
3238 setup_cmd ip li set br0 up
3239 setup_cmd ip li set br0 vrf ${VRF}
3240
3241 rmmod br_netfilter 2>/dev/null
3242 sleep 5 # DAD
3243
3244 run_cmd ip neigh flush all
3245 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3246 log_test $? 0 "Bridge into VRF - IPv4 ping out"
3247
3248 run_cmd ip neigh flush all
3249 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3250 log_test $? 0 "Bridge into VRF - IPv6 ping out"
3251
3252 run_cmd ip neigh flush all
3253 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3254 log_test $? 0 "Bridge into VRF - IPv4 ping in"
3255
3256 run_cmd ip neigh flush all
3257 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3258 log_test $? 0 "Bridge into VRF - IPv6 ping in"
3259
3260 modprobe br_netfilter
3261 if [ $? -eq 0 ]; then
3262 run_cmd ip neigh flush all
3263 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3264 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3265
3266 run_cmd ip neigh flush all
3267 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3268 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
3269
3270 run_cmd ip neigh flush all
3271 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3272 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
3273
3274 run_cmd ip neigh flush all
3275 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3276 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
3277 fi
3278
3279 setup_cmd ip li set br0 nomaster
3280 setup_cmd ip li add br0.100 link br0 type vlan id 100
3281 setup_cmd ip li set br0.100 vrf ${VRF} up
3282 setup_cmd ip addr add dev br0.100 172.16.101.1/24
3283 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
3284
3285 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100
3286 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24
3287 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
3288 setup_cmd_nsb ip li set vlan100 up
3289 sleep 1
3290
3291 rmmod br_netfilter 2>/dev/null
3292
3293 run_cmd ip neigh flush all
3294 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3295 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
3296
3297 run_cmd ip neigh flush all
3298 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3299 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
3300
3301 run_cmd ip neigh flush all
3302 run_cmd_nsb ping -c1 -w1 172.16.101.1
3303 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3304
3305 run_cmd ip neigh flush all
3306 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3307 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3308
3309 modprobe br_netfilter
3310 if [ $? -eq 0 ]; then
3311 run_cmd ip neigh flush all
3312 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
3313 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
3314
3315 run_cmd ip neigh flush all
3316 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
3317 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
3318
3319 run_cmd ip neigh flush all
3320 run_cmd_nsb ping -c1 -w1 172.16.101.1
3321 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
3322
3323 run_cmd ip neigh flush all
3324 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3325 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
3326 fi
3327
3328 setup_cmd ip li del br0 2>/dev/null
3329 setup_cmd_nsb ip li del vlan100 2>/dev/null
3330}
3331
3332use_cases()
3333{
3334 log_section "Use cases"
3335 use_case_br
3336}
3337
3338################################################################################
3339# usage
3340
3341usage()
3342{
3343 cat <<EOF
3344usage: ${0##*/} OPTS
3345
3346 -4 IPv4 tests only
3347 -6 IPv6 tests only
3348 -t <test> Test name/set to run
3349 -p Pause on fail
3350 -P Pause after each test
3351 -v Be verbose
3352EOF
3353}
3354
3355################################################################################
3356# main
3357
3358TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter"
3359TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter"
3360TESTS_OTHER="use_cases"
3361
3362PAUSE_ON_FAIL=no
3363PAUSE=no
3364
3365while getopts :46t:pPvh o
3366do
3367 case $o in
3368 4) TESTS=ipv4;;
3369 6) TESTS=ipv6;;
3370 t) TESTS=$OPTARG;;
3371 p) PAUSE_ON_FAIL=yes;;
3372 P) PAUSE=yes;;
3373 v) VERBOSE=1;;
3374 h) usage; exit 0;;
3375 *) usage; exit 1;;
3376 esac
3377done
3378
3379# make sure we don't pause twice
3380[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
3381
3382#
3383# show user test config
3384#
3385if [ -z "$TESTS" ]; then
3386 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
3387elif [ "$TESTS" = "ipv4" ]; then
3388 TESTS="$TESTS_IPV4"
3389elif [ "$TESTS" = "ipv6" ]; then
3390 TESTS="$TESTS_IPV6"
3391fi
3392
3393which nettest >/dev/null
3394if [ $? -ne 0 ]; then
3395 echo "'nettest' command not found; skipping tests"
3396 exit 0
3397fi
3398
3399declare -i nfail=0
3400declare -i nsuccess=0
3401
3402for t in $TESTS
3403do
3404 case $t in
3405 ipv4_ping|ping) ipv4_ping;;
3406 ipv4_tcp|tcp) ipv4_tcp;;
3407 ipv4_udp|udp) ipv4_udp;;
3408 ipv4_bind|bind) ipv4_addr_bind;;
3409 ipv4_runtime) ipv4_runtime;;
3410 ipv4_netfilter) ipv4_netfilter;;
3411
3412 ipv6_ping|ping6) ipv6_ping;;
3413 ipv6_tcp|tcp6) ipv6_tcp;;
3414 ipv6_udp|udp6) ipv6_udp;;
3415 ipv6_bind|bind6) ipv6_addr_bind;;
3416 ipv6_runtime) ipv6_runtime;;
3417 ipv6_netfilter) ipv6_netfilter;;
3418
3419 use_cases) use_cases;;
3420
3421 # setup namespaces and config, but do not run any tests
3422 setup) setup; exit 0;;
3423 vrf_setup) setup "yes"; exit 0;;
3424
3425 help) echo "Test names: $TESTS"; exit 0;;
3426 esac
3427done
3428
3429cleanup 2>/dev/null
3430
3431printf "\nTests passed: %3d\n" ${nsuccess}
3432printf "Tests failed: %3d\n" ${nfail}