Lines Matching +full:1 +full:a
8 # 1. icmp, tcp, udp and netfilter
16 # ns-A | ns-B
23 # ns-A:
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
38 # server / client nomenclature relative to ns-A
59 NSA_IP6=2001:db8:1::1
60 NSB_IP6=2001:db8:1::2
61 VRF_IP6=2001:db8:3::1
62 NS_NET6=2001:db8:1::/120
66 NSA_LO_IP6=2001:db8:2::1
71 NL_IP6=2001:db8:4::1
80 MCAST=ff02::1
85 NSA=ns-A
93 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
107 local rc=$1
111 [ "${VERBOSE}" = "1" ] && echo
114 nsuccess=$((nsuccess+1))
117 nfail=$((nfail+1))
122 read a
123 [ "$a" = "q" ] && exit 1
130 read a
131 [ "$a" = "q" ] && exit 1
139 local addr=$1
171 if [ "${VERBOSE}" = "1" ]; then
179 if [ "${VERBOSE}" = "1" ]; then
188 if [ "${VERBOSE}" = "1" ]; then
196 killall nettest ping ping6 >/dev/null 2>&1
197 sleep 1
205 if [ "$VERBOSE" = "1" ]; then
209 out=$($cmd 2>&1)
211 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
249 read a
271 read a
293 read a
299 # set sysctl values in NS-A
307 # get sysctl values in NS-A
318 case "$1" in
320 ::1) echo "IPv6 loopback";;
325 ${NSA_IP}) echo "ns-A IP";;
326 ${NSA_IP6}) echo "ns-A IPv6";;
327 ${NSA_LO_IP}) echo "ns-A loopback IP";;
328 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
329 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
351 local ns=$1
365 [ -z "$addr" ] && return 1
377 local ns=$1
389 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
405 local ns=$1
422 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
423 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
424 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
425 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
431 local ns1=$1
476 ip netns del ${NSC} >/dev/null 2>&1
481 ip link del ${NSA_DEV2} >/dev/null 2>&1
483 ip netns del ${NSC} >/dev/null 2>&1
489 # ns-B but for a device NOT in the VRF
497 local with_vrf=${1}
499 # make sure we are starting with a clean slate
514 # tell ns-A how to get to remote addresses of ns-B
530 # tell ns-B how to get to remote addresses of ns-A
536 sleep 1
541 # make sure we are starting with a clean slate
566 sleep 1
574 local a
579 for a in ${NSB_IP} ${NSB_LO_IP}
582 run_cmd ping -c1 -w1 ${a}
583 log_test_addr ${a} $? 0 "ping out"
586 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
587 log_test_addr ${a} $? 0 "ping out, device bind"
590 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
591 log_test_addr ${a} $? 0 "ping out, address bind"
597 a=${NSB_IP}
599 run_cmd ping -c 1 -w 1 -r ${a}
600 log_test_addr ${a} $? 0 "ping out (don't route), peer on link"
602 a=${NSB_LO_IP}
605 run_cmd ping -c 1 -w 1 -r ${a}
606 log_test_addr ${a} $? 1 "ping out (don't route), peer not on link"
611 for a in ${NSA_IP} ${NSA_LO_IP}
614 run_cmd_nsb ping -c1 -w1 ${a}
615 log_test_addr ${a} $? 0 "ping in"
621 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
624 run_cmd ping -c1 -w1 ${a}
625 log_test_addr ${a} $? 0 "ping local"
632 a=${NSA_IP}
634 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
635 log_test_addr ${a} $? 0 "ping local, device bind"
638 # fails in a really weird way though because ipv4 special cases
640 for a in ${NSA_LO_IP} 127.0.0.1
644 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
645 log_test_addr ${a} $? 1 "ping local, device bind"
657 a=${NSB_LO_IP}
658 run_cmd ping -c1 -w1 ${a}
659 log_test_addr ${a} $? 2 "ping out, blocked by rule"
662 # a viable rtable if the oif (e.g., bind to device) is set, so this
664 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
666 a=${NSA_LO_IP}
669 run_cmd_nsb ping -c1 -w1 ${a}
670 log_test_addr ${a} $? 1 "ping in, blocked by rule"
672 [ "$VERBOSE" = "1" ] && echo
685 a=${NSB_LO_IP}
686 run_cmd ping -c1 -w1 ${a}
687 log_test_addr ${a} $? 2 "ping out, blocked by route"
690 # a viable rtable if the oif (e.g., bind to device) is set, so this
691 # case succeeds despite not having a route for the address
692 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
694 a=${NSA_LO_IP}
697 run_cmd_nsb ping -c1 -w1 ${a}
698 log_test_addr ${a} $? 1 "ping in, blocked by route"
706 a=${NSB_LO_IP}
707 run_cmd ping -c1 -w1 ${a}
708 log_test_addr ${a} $? 2 "ping out, unreachable default route"
711 # a viable rtable if the oif (e.g., bind to device) is set, so this
712 # case succeeds despite not having a route for the address
713 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
718 local a
721 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
726 for a in ${NSB_IP} ${NSB_LO_IP}
729 run_cmd ping -c1 -w1 -I ${VRF} ${a}
730 log_test_addr ${a} $? 0 "ping out, VRF bind"
733 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
734 log_test_addr ${a} $? 0 "ping out, device bind"
737 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
738 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
741 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
742 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
748 for a in ${NSA_IP} ${VRF_IP}
751 run_cmd_nsb ping -c1 -w1 ${a}
752 log_test_addr ${a} $? 0 "ping in"
758 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
761 show_hint "Source address should be ${a}"
762 run_cmd ping -c1 -w1 -I ${VRF} ${a}
763 log_test_addr ${a} $? 0 "ping local, VRF bind"
770 a=${NSA_IP}
772 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
773 log_test_addr ${a} $? 0 "ping local, device bind"
776 for a in ${VRF_IP} 127.0.0.1
780 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
781 log_test_addr ${a} $? 2 "ping local, device bind"
791 a=${NSB_LO_IP}
792 run_cmd ping -c1 -w1 -I ${VRF} ${a}
793 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
796 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
797 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
799 a=${NSA_LO_IP}
802 run_cmd_nsb ping -c1 -w1 ${a}
803 log_test_addr ${a} $? 1 "ping in, blocked by rule"
805 [ "$VERBOSE" = "1" ] && echo
815 a=${NSB_LO_IP}
816 run_cmd ping -c1 -w1 -I ${VRF} ${a}
817 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
820 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
821 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
823 a=${NSA_LO_IP}
826 run_cmd_nsb ping -c1 -w1 ${a}
827 log_test_addr ${a} $? 1 "ping in, unreachable route"
839 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
868 sleep 1
876 sleep 1
884 sleep 1
892 sleep 1
903 sleep 1
911 sleep 1
919 sleep 1
936 sleep 1
944 sleep 1
952 sleep 1
960 sleep 1
971 sleep 1
979 sleep 1
987 sleep 1
992 # duplicate config between default VRF and a VRF
998 sleep 1
1005 sleep 1
1013 sleep 1
1021 sleep 1
1028 sleep 1
1035 sleep 1
1043 sleep 1
1051 sleep 1
1060 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1064 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1075 sleep 1
1082 sleep 1
1089 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1092 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1096 sleep 1
1102 sleep 1
1108 sleep 1
1114 sleep 1
1124 local syncookies=$1
1127 local a
1132 # on link (doesn't need to be routed through a gateway).
1142 a=${NSB_IP}
1144 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1145 log_test_addr ${a} $? 0 "SO_DONTROUTE client, syncookies=${syncookies}"
1147 a=${NSB_IP}
1149 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute
1150 log_test_addr ${a} $? 0 "SO_DONTROUTE server, syncookies=${syncookies}"
1157 # to respond to a routed address and not a link local one).
1159 a=${NSB_LO_IP}
1162 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute
1163 log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}"
1165 a=${NSB_LO_IP}
1168 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute
1169 log_test_addr ${a} $? 2 "SO_DONTROUTE server, syncookies=${syncookies}"
1177 local a
1182 for a in ${NSA_IP} ${NSA_LO_IP}
1186 sleep 1
1187 run_cmd_nsb nettest -r ${a}
1188 log_test_addr ${a} $? 0 "Global server"
1191 a=${NSA_IP}
1194 sleep 1
1195 run_cmd_nsb nettest -r ${a}
1196 log_test_addr ${a} $? 0 "Device server"
1199 for a in ${NSA_IP} ${NSA_LO_IP}
1203 run_cmd_nsb nettest -r ${a}
1204 log_test_addr ${a} $? 1 "No server"
1210 for a in ${NSB_IP} ${NSB_LO_IP}
1214 sleep 1
1215 run_cmd nettest -r ${a} -0 ${NSA_IP}
1216 log_test_addr ${a} $? 0 "Client"
1220 sleep 1
1221 run_cmd nettest -r ${a} -d ${NSA_DEV}
1222 log_test_addr ${a} $? 0 "Client, device bind"
1226 run_cmd nettest -r ${a}
1227 log_test_addr ${a} $? 1 "No server, unbound client"
1231 run_cmd nettest -r ${a} -d ${NSA_DEV}
1232 log_test_addr ${a} $? 1 "No server, device client"
1238 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1242 sleep 1
1243 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1244 log_test_addr ${a} $? 0 "Global server, local connection"
1247 a=${NSA_IP}
1250 sleep 1
1251 run_cmd nettest -r ${a} -0 ${a}
1252 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1254 for a in ${NSA_LO_IP} 127.0.0.1
1259 sleep 1
1260 run_cmd nettest -r ${a}
1261 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1264 a=${NSA_IP}
1267 sleep 1
1268 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1269 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1271 for a in ${NSA_LO_IP} 127.0.0.1
1276 sleep 1
1277 run_cmd nettest -r ${a} -d ${NSA_DEV}
1278 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1281 a=${NSA_IP}
1284 sleep 1
1285 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1286 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1290 run_cmd nettest -d ${NSA_DEV} -r ${a}
1291 log_test_addr ${a} $? 1 "No server, device client, local conn"
1293 [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf
1301 local a
1311 for a in ${NSA_IP} ${VRF_IP}
1316 sleep 1
1317 run_cmd_nsb nettest -r ${a}
1318 log_test_addr ${a} $? 1 "Global server"
1322 sleep 1
1323 run_cmd_nsb nettest -r ${a}
1324 log_test_addr ${a} $? 0 "VRF server"
1328 sleep 1
1329 run_cmd_nsb nettest -r ${a}
1330 log_test_addr ${a} $? 0 "Device server"
1335 run_cmd_nsb nettest -r ${a}
1336 log_test_addr ${a} $? 1 "No server"
1341 a=${NSA_IP}
1345 sleep 1
1346 run_cmd nettest -r ${a} -d ${NSA_DEV}
1347 log_test_addr ${a} $? 1 "Global server, local connection"
1360 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1362 for a in ${NSA_IP} ${VRF_IP}
1367 sleep 1
1368 run_cmd_nsb nettest -r ${a}
1369 log_test_addr ${a} $? 0 "Global server"
1374 sleep 1
1375 run_cmd_nsb nettest -r ${a}
1376 log_test_addr ${a} $? 0 "VRF server"
1381 run_cmd_nsb nettest -r ${a}
1382 log_test_addr ${a} $? 1 "No server"
1385 a=${NSA_IP}
1389 sleep 1
1390 run_cmd_nsb nettest -r ${a}
1391 log_test_addr ${a} $? 0 "Device server"
1394 for a in ${NSA_IP} ${VRF_IP}
1399 sleep 1
1400 run_cmd nettest -r ${a}
1401 log_test_addr ${a} $? 1 "Global server, local connection"
1407 for a in ${NSB_IP} ${NSB_LO_IP}
1411 sleep 1
1412 run_cmd nettest -r ${a} -d ${VRF}
1413 log_test_addr ${a} $? 0 "Client, VRF bind"
1417 sleep 1
1418 run_cmd nettest -r ${a} -d ${NSA_DEV}
1419 log_test_addr ${a} $? 0 "Client, device bind"
1423 run_cmd nettest -r ${a} -d ${VRF}
1424 log_test_addr ${a} $? 1 "No server, VRF client"
1428 run_cmd nettest -r ${a} -d ${NSA_DEV}
1429 log_test_addr ${a} $? 1 "No server, device client"
1432 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1436 sleep 1
1437 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1438 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1441 a=${NSA_IP}
1444 sleep 1
1445 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1446 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1451 sleep 1
1452 run_cmd nettest -r ${a}
1453 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1457 sleep 1
1458 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1459 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1463 sleep 1
1464 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1465 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1480 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1493 local a
1498 for a in ${NSA_IP} ${NSA_LO_IP}
1502 sleep 1
1503 run_cmd_nsb nettest -D -r ${a}
1504 log_test_addr ${a} $? 0 "Global server"
1508 run_cmd_nsb nettest -D -r ${a}
1509 log_test_addr ${a} $? 1 "No server"
1512 a=${NSA_IP}
1515 sleep 1
1516 run_cmd_nsb nettest -D -r ${a}
1517 log_test_addr ${a} $? 0 "Device server"
1522 for a in ${NSB_IP} ${NSB_LO_IP}
1526 sleep 1
1527 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1528 log_test_addr ${a} $? 0 "Client"
1532 sleep 1
1533 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1534 log_test_addr ${a} $? 0 "Client, device bind"
1538 sleep 1
1539 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1540 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1544 sleep 1
1545 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1546 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1550 sleep 1
1551 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
1552 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF, with connect()"
1557 run_cmd nettest -D -r ${a}
1558 log_test_addr ${a} $? 1 "No server, unbound client"
1562 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1563 log_test_addr ${a} $? 1 "No server, device client"
1569 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1573 sleep 1
1574 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1575 log_test_addr ${a} $? 0 "Global server, local connection"
1578 a=${NSA_IP}
1581 sleep 1
1582 run_cmd nettest -D -r ${a}
1583 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1585 for a in ${NSA_LO_IP} 127.0.0.1
1590 sleep 1
1591 run_cmd nettest -D -r ${a}
1592 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1595 a=${NSA_IP}
1598 sleep 1
1599 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1600 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1604 sleep 1
1605 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1606 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1610 sleep 1
1611 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1612 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1616 sleep 1
1617 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
1618 …log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1624 for a in ${NSA_LO_IP} 127.0.0.1
1629 sleep 1
1630 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1631 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1636 sleep 1
1637 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1638 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1643 sleep 1
1644 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1645 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1650 sleep 1
1651 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
1652 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1657 a=${NSA_IP}
1660 sleep 1
1661 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1662 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1665 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1666 log_test_addr ${a} $? 2 "No server, device client, local conn"
1671 # on link (doesn't need to be routed through a gateway).
1674 a=${NSB_IP}
1676 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1677 log_test_addr ${a} $? 0 "SO_DONTROUTE client"
1679 a=${NSB_LO_IP}
1682 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1683 log_test_addr ${a} $? 1 "SO_DONTROUTE client"
1688 local a
1697 for a in ${NSA_IP} ${VRF_IP}
1700 show_hint "Fails because ingress is in a VRF and global server is disabled"
1702 sleep 1
1703 run_cmd_nsb nettest -D -r ${a}
1704 log_test_addr ${a} $? 1 "Global server"
1708 sleep 1
1709 run_cmd_nsb nettest -D -r ${a}
1710 log_test_addr ${a} $? 0 "VRF server"
1714 sleep 1
1715 run_cmd_nsb nettest -D -r ${a}
1716 log_test_addr ${a} $? 0 "Enslaved device server"
1720 run_cmd_nsb nettest -D -r ${a}
1721 log_test_addr ${a} $? 1 "No server"
1726 sleep 1
1727 run_cmd nettest -D -d ${VRF} -r ${a}
1728 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1731 a=${NSA_IP}
1734 sleep 1
1735 run_cmd nettest -D -d ${VRF} -r ${a}
1736 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1740 sleep 1
1741 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1742 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1744 a=${NSA_IP}
1747 sleep 1
1748 run_cmd nettest -D -d ${VRF} -r ${a}
1749 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1753 sleep 1
1754 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1755 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1759 set_sysctl net.ipv4.udp_l3mdev_accept=1
1764 for a in ${NSA_IP} ${VRF_IP}
1768 sleep 1
1769 run_cmd_nsb nettest -D -r ${a}
1770 log_test_addr ${a} $? 0 "Global server"
1774 sleep 1
1775 run_cmd_nsb nettest -D -r ${a}
1776 log_test_addr ${a} $? 0 "VRF server"
1780 sleep 1
1781 run_cmd_nsb nettest -D -r ${a}
1782 log_test_addr ${a} $? 0 "Enslaved device server"
1786 run_cmd_nsb nettest -D -r ${a}
1787 log_test_addr ${a} $? 1 "No server"
1795 sleep 1
1796 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1801 sleep 1
1802 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1809 log_test $? 1 "No server, VRF client"
1814 log_test $? 1 "No server, enslaved device client"
1819 a=${NSA_IP}
1822 sleep 1
1823 run_cmd nettest -D -d ${VRF} -r ${a}
1824 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1828 sleep 1
1829 run_cmd nettest -D -d ${VRF} -r ${a}
1830 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1834 sleep 1
1835 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1836 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1840 sleep 1
1841 run_cmd nettest -D -d ${VRF} -r ${a}
1842 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1846 sleep 1
1847 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1848 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1850 for a in ${VRF_IP} 127.0.0.1
1854 sleep 1
1855 run_cmd nettest -D -d ${VRF} -r ${a}
1856 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1859 for a in ${VRF_IP} 127.0.0.1
1863 sleep 1
1864 run_cmd nettest -D -d ${VRF} -r ${a}
1865 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1870 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1874 run_cmd nettest -D -d ${VRF} -r ${a}
1875 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1892 set_sysctl net.ipv4.udp_l3mdev_accept=1
1910 for a in ${NSA_IP} ${NSA_LO_IP}
1913 run_cmd nettest -s -R -P icmp -l ${a} -b
1914 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1917 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1918 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1924 a=${NL_IP}
1926 run_cmd nettest -s -R -f -l ${a} -b
1927 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
1930 run_cmd nettest -s -f -l ${a} -b
1931 log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address"
1934 run_cmd nettest -s -D -P icmp -f -l ${a} -b
1935 log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address"
1940 a=${BCAST_IP}
1942 run_cmd nettest -s -D -P icmp -l ${a} -b
1943 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
1945 a=${MCAST_IP}
1947 run_cmd nettest -s -D -P icmp -l ${a} -b
1948 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
1953 a=${NSA_IP}
1955 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1956 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1959 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1960 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1962 # Sadly, the kernel allows binding a socket to a device and then
1966 #a=${NSA_LO_IP}
1969 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1970 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1978 for a in ${NSA_IP} ${VRF_IP}
1982 run_cmd nettest -s -R -P icmp -l ${a} -b
1983 log_test_addr ${a} $? 1 "Raw socket bind to local address"
1986 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1987 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1989 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1990 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1993 a=${NSA_LO_IP}
1996 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1997 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
2002 a=${NL_IP}
2004 run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
2005 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
2008 run_cmd nettest -s -f -l ${a} -I ${VRF} -b
2009 log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address after VRF bind"
2012 run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
2013 log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address after VRF bind"
2018 a=${BCAST_IP}
2020 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2021 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
2023 a=${MCAST_IP}
2025 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2026 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
2031 for a in ${NSA_IP} ${VRF_IP}
2034 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2035 log_test_addr ${a} $? 0 "TCP socket bind to local address"
2038 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2039 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
2042 a=${NSA_LO_IP}
2045 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2046 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
2050 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2051 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
2074 local desc="$1"
2077 local a
2082 for a in ${NSA_IP} ${VRF_IP}
2086 sleep 1
2087 run_cmd_nsb nettest ${varg} -r ${a} &
2090 sleep 1
2091 log_test_addr ${a} 0 0 "${desc}, global server"
2096 for a in ${NSA_IP} ${VRF_IP}
2100 sleep 1
2101 run_cmd_nsb nettest ${varg} -r ${a} &
2104 sleep 1
2105 log_test_addr ${a} 0 0 "${desc}, VRF server"
2110 a=${NSA_IP}
2113 sleep 1
2114 run_cmd_nsb nettest ${varg} -r ${a} &
2117 sleep 1
2118 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
2127 sleep 1
2131 sleep 1
2132 log_test_addr ${a} 0 0 "${desc}, VRF client"
2138 sleep 1
2142 sleep 1
2143 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
2150 for a in ${NSA_IP} ${VRF_IP}
2154 sleep 1
2155 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2158 sleep 1
2159 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
2164 for a in ${NSA_IP} ${VRF_IP}
2168 sleep 1
2169 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2172 sleep 1
2173 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
2178 a=${NSA_IP}
2182 sleep 1
2183 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2186 sleep 1
2187 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
2193 sleep 1
2194 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2197 sleep 1
2198 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
2204 sleep 1
2205 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2208 sleep 1
2209 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
2215 local a
2217 for a in ${NSA_IP} ${VRF_IP}
2220 run_cmd_nsb ping -f ${a} &
2223 sleep 1
2224 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2229 a=${NSB_IP}
2231 run_cmd ping -f -I ${VRF} ${a} &
2234 sleep 1
2235 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2246 ipv4_rt "TCP active socket" "-n -1"
2257 local a
2259 # should not have an impact, but make a known state
2265 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2268 run_cmd ${ping6} -c1 -w1 ${a}
2269 log_test_addr ${a} $? 0 "ping out"
2272 for a in ${NSB_IP6} ${NSB_LO_IP6}
2275 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2276 log_test_addr ${a} $? 0 "ping out, device bind"
2279 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2280 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2286 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2289 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2290 log_test_addr ${a} $? 0 "ping in"
2296 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2299 run_cmd ${ping6} -c1 -w1 ${a}
2300 log_test_addr ${a} $? 0 "ping local, no bind"
2303 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2306 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2307 log_test_addr ${a} $? 0 "ping local, device bind"
2310 for a in ${NSA_LO_IP6} ::1
2314 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2315 log_test_addr ${a} $? 2 "ping local, device bind"
2327 a=${NSB_LO_IP6}
2328 run_cmd ${ping6} -c1 -w1 ${a}
2329 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2332 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2333 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2335 a=${NSA_LO_IP6}
2338 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2339 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2354 a=${NSB_LO_IP6}
2355 run_cmd ${ping6} -c1 -w1 ${a}
2356 log_test_addr ${a} $? 2 "ping out, blocked by route"
2359 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2360 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2362 a=${NSA_LO_IP6}
2365 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2366 log_test_addr ${a} $? 1 "ping in, blocked by route"
2376 a=${NSB_LO_IP6}
2377 run_cmd ${ping6} -c1 -w1 ${a}
2378 log_test_addr ${a} $? 2 "ping out, unreachable route"
2381 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2382 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2387 local a
2390 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2395 for a in ${NSB_IP6} ${NSB_LO_IP6}
2398 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2399 log_test_addr ${a} $? 0 "ping out, VRF bind"
2402 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2406 run_cmd ${ping6} -c1 -w1 ${a}
2407 log_test_addr ${a} $? 1 "ping out, VRF bind"
2410 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2413 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2414 log_test_addr ${a} $? 0 "ping out, device bind"
2417 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2420 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2421 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2427 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2430 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2431 log_test_addr ${a} $? 0 "ping in"
2434 a=${NSA_LO_IP6}
2437 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2438 log_test_addr ${a} $? 1 "ping in"
2443 for a in ${NSA_IP6} ${VRF_IP6} ::1
2446 show_hint "Source address should be ${a}"
2447 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2448 log_test_addr ${a} $? 0 "ping local, VRF bind"
2451 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2454 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2455 log_test_addr ${a} $? 0 "ping local, device bind"
2463 for a in ${NSA_IP6} ${VRF_IP6}
2467 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2481 a=${NSB_LO_IP6}
2482 run_cmd ${ping6} -c1 -w1 ${a}
2483 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2486 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2487 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2489 a=${NSA_LO_IP6}
2492 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2493 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2505 a=${NSB_LO_IP6}
2506 run_cmd ${ping6} -c1 -w1 ${a}
2507 log_test_addr ${a} $? 2 "ping out, unreachable route"
2510 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2511 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2514 a=${NSA_LO_IP6}
2516 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2517 log_test_addr ${a} $? 2 "ping in, unreachable route"
2554 sleep 1
2562 sleep 1
2570 sleep 1
2578 sleep 1
2589 sleep 1
2597 sleep 1
2605 sleep 1
2622 sleep 1
2630 sleep 1
2638 sleep 1
2646 sleep 1
2657 sleep 1
2665 sleep 1
2673 sleep 1
2678 # duplicate config between default VRF and a VRF
2684 sleep 1
2691 sleep 1
2699 sleep 1
2707 sleep 1
2714 sleep 1
2721 sleep 1
2729 sleep 1
2737 sleep 1
2746 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2750 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2756 local a
2761 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2765 sleep 1
2766 run_cmd_nsb nettest -6 -r ${a}
2767 log_test_addr ${a} $? 0 "Global server"
2771 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2775 run_cmd_nsb nettest -6 -r ${a}
2776 log_test_addr ${a} $? 1 "No server"
2782 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2786 sleep 1
2787 run_cmd nettest -6 -r ${a}
2788 log_test_addr ${a} $? 0 "Client"
2791 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2795 sleep 1
2796 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2797 log_test_addr ${a} $? 0 "Client, device bind"
2800 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2804 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2805 log_test_addr ${a} $? 1 "No server, device client"
2811 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2815 sleep 1
2816 run_cmd nettest -6 -r ${a}
2817 log_test_addr ${a} $? 0 "Global server, local connection"
2820 a=${NSA_IP6}
2823 sleep 1
2824 run_cmd nettest -6 -r ${a} -0 ${a}
2825 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2827 for a in ${NSA_LO_IP6} ::1
2832 sleep 1
2833 run_cmd nettest -6 -r ${a}
2834 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2837 a=${NSA_IP6}
2840 sleep 1
2841 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2842 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2844 for a in ${NSA_LO_IP6} ::1
2849 sleep 1
2850 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2851 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2854 for a in ${NSA_IP6} ${NSA_LINKIP6}
2858 sleep 1
2859 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2860 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2863 for a in ${NSA_IP6} ${NSA_LINKIP6}
2867 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2868 log_test_addr ${a} $? 1 "No server, device client, local conn"
2871 [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf
2876 local a
2886 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2891 sleep 1
2892 run_cmd_nsb nettest -6 -r ${a}
2893 log_test_addr ${a} $? 1 "Global server"
2896 for a in ${NSA_IP6} ${VRF_IP6}
2900 sleep 1
2901 run_cmd_nsb nettest -6 -r ${a}
2902 log_test_addr ${a} $? 0 "VRF server"
2906 a=${NSA_LINKIP6}%${NSB_DEV}
2909 sleep 1
2910 run_cmd_nsb nettest -6 -r ${a}
2911 log_test_addr ${a} $? 0 "VRF server"
2913 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2917 sleep 1
2918 run_cmd_nsb nettest -6 -r ${a}
2919 log_test_addr ${a} $? 0 "Device server"
2923 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2927 run_cmd_nsb nettest -6 -r ${a}
2928 log_test_addr ${a} $? 1 "No server"
2932 a=${NSA_IP6}
2936 sleep 1
2937 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2938 log_test_addr ${a} $? 1 "Global server, local connection"
2951 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2953 for a in ${NSA_IP6} ${VRF_IP6}
2957 sleep 1
2958 run_cmd_nsb nettest -6 -r ${a}
2959 log_test_addr ${a} $? 0 "Global server"
2962 for a in ${NSA_IP6} ${VRF_IP6}
2966 sleep 1
2967 run_cmd_nsb nettest -6 -r ${a}
2968 log_test_addr ${a} $? 0 "VRF server"
2972 a=${NSA_LINKIP6}%${NSB_DEV}
2975 sleep 1
2976 run_cmd_nsb nettest -6 -r ${a}
2977 log_test_addr ${a} $? 0 "Global server"
2981 sleep 1
2982 run_cmd_nsb nettest -6 -r ${a}
2983 log_test_addr ${a} $? 0 "VRF server"
2985 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2989 sleep 1
2990 run_cmd_nsb nettest -6 -r ${a}
2991 log_test_addr ${a} $? 0 "Device server"
2995 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2999 run_cmd_nsb nettest -6 -r ${a}
3000 log_test_addr ${a} $? 1 "No server"
3004 for a in ${NSA_IP6} ${VRF_IP6}
3009 sleep 1
3010 run_cmd nettest -6 -r ${a}
3011 log_test_addr ${a} $? 1 "Global server, local connection"
3018 for a in ${NSB_IP6} ${NSB_LO_IP6}
3022 sleep 1
3023 run_cmd nettest -6 -r ${a} -d ${VRF}
3024 log_test_addr ${a} $? 0 "Client, VRF bind"
3027 a=${NSB_LINKIP6}
3031 sleep 1
3032 run_cmd nettest -6 -r ${a} -d ${VRF}
3033 log_test_addr ${a} $? 1 "Client, VRF bind"
3035 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
3039 sleep 1
3040 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3041 log_test_addr ${a} $? 0 "Client, device bind"
3044 for a in ${NSB_IP6} ${NSB_LO_IP6}
3048 run_cmd nettest -6 -r ${a} -d ${VRF}
3049 log_test_addr ${a} $? 1 "No server, VRF client"
3052 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
3056 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3057 log_test_addr ${a} $? 1 "No server, device client"
3060 for a in ${NSA_IP6} ${VRF_IP6} ::1
3064 sleep 1
3065 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3066 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
3069 a=${NSA_IP6}
3072 sleep 1
3073 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3074 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
3076 a=${NSA_IP6}
3080 sleep 1
3081 run_cmd nettest -6 -r ${a}
3082 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
3086 sleep 1
3087 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3088 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
3090 for a in ${NSA_IP6} ${NSA_LINKIP6}
3094 sleep 1
3095 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3096 log_test_addr ${a} $? 0 "Device server, device client, local connection"
3112 set_sysctl net.ipv4.tcp_l3mdev_accept=1
3125 local a
3130 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3134 sleep 1
3135 run_cmd_nsb nettest -6 -D -r ${a}
3136 log_test_addr ${a} $? 0 "Global server"
3140 sleep 1
3141 run_cmd_nsb nettest -6 -D -r ${a}
3142 log_test_addr ${a} $? 0 "Device server"
3145 a=${NSA_LO_IP6}
3148 sleep 1
3149 run_cmd_nsb nettest -6 -D -r ${a}
3150 log_test_addr ${a} $? 0 "Global server"
3152 # should fail since loopback address is out of scope for a device
3158 #sleep 1
3159 #run_cmd_nsb nettest -6 -D -r ${a}
3160 #log_test_addr ${a} $? 1 "Device server"
3163 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3167 run_cmd_nsb nettest -6 -D -r ${a}
3168 log_test_addr ${a} $? 1 "No server"
3174 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
3178 sleep 1
3179 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
3180 log_test_addr ${a} $? 0 "Client"
3184 sleep 1
3185 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
3186 log_test_addr ${a} $? 0 "Client, device bind"
3190 sleep 1
3191 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
3192 log_test_addr ${a} $? 0 "Client, device send via cmsg"
3196 sleep 1
3197 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
3198 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
3202 run_cmd nettest -6 -D -r ${a}
3203 log_test_addr ${a} $? 1 "No server, unbound client"
3207 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3208 log_test_addr ${a} $? 1 "No server, device client"
3214 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
3218 sleep 1
3219 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3220 log_test_addr ${a} $? 0 "Global server, local connection"
3223 a=${NSA_IP6}
3226 sleep 1
3227 run_cmd nettest -6 -D -r ${a}
3228 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
3230 for a in ${NSA_LO_IP6} ::1
3235 sleep 1
3236 run_cmd nettest -6 -D -r ${a}
3237 log_test_addr ${a} $? 1 "Device server, local connection"
3240 a=${NSA_IP6}
3243 sleep 1
3244 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3245 log_test_addr ${a} $? 0 "Global server, device client, local connection"
3249 sleep 1
3250 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3251 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
3255 sleep 1
3256 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3257 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
3259 for a in ${NSA_LO_IP6} ::1
3264 sleep 1
3265 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3266 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3271 sleep 1
3272 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3273 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3278 sleep 1
3279 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3280 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3285 sleep 1
3286 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
3287 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
3290 a=${NSA_IP6}
3293 sleep 1
3294 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3295 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3299 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3300 log_test_addr ${a} $? 1 "No server, device client, local conn"
3307 sleep 1
3317 local a
3326 for a in ${NSA_IP6} ${VRF_IP6}
3331 sleep 1
3332 run_cmd_nsb nettest -6 -D -r ${a}
3333 log_test_addr ${a} $? 1 "Global server"
3336 for a in ${NSA_IP6} ${VRF_IP6}
3340 sleep 1
3341 run_cmd_nsb nettest -6 -D -r ${a}
3342 log_test_addr ${a} $? 0 "VRF server"
3345 for a in ${NSA_IP6} ${VRF_IP6}
3349 sleep 1
3350 run_cmd_nsb nettest -6 -D -r ${a}
3351 log_test_addr ${a} $? 0 "Enslaved device server"
3355 for a in ${NSA_IP6} ${VRF_IP6}
3359 run_cmd_nsb nettest -6 -D -r ${a}
3360 log_test_addr ${a} $? 1 "No server"
3366 for a in ${NSA_IP6} ${VRF_IP6}
3371 sleep 1
3372 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3373 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3376 for a in ${NSA_IP6} ${VRF_IP6}
3380 sleep 1
3381 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3382 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3385 a=${NSA_IP6}
3389 sleep 1
3390 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3391 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3395 sleep 1
3396 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3397 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3401 sleep 1
3402 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3403 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3407 sleep 1
3408 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3409 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3413 set_sysctl net.ipv4.udp_l3mdev_accept=1
3418 for a in ${NSA_IP6} ${VRF_IP6}
3422 sleep 1
3423 run_cmd_nsb nettest -6 -D -r ${a}
3424 log_test_addr ${a} $? 0 "Global server"
3427 for a in ${NSA_IP6} ${VRF_IP6}
3431 sleep 1
3432 run_cmd_nsb nettest -6 -D -r ${a}
3433 log_test_addr ${a} $? 0 "VRF server"
3436 for a in ${NSA_IP6} ${VRF_IP6}
3440 sleep 1
3441 run_cmd_nsb nettest -6 -D -r ${a}
3442 log_test_addr ${a} $? 0 "Enslaved device server"
3446 for a in ${NSA_IP6} ${VRF_IP6}
3449 run_cmd_nsb nettest -6 -D -r ${a}
3450 log_test_addr ${a} $? 1 "No server"
3458 sleep 1
3465 log_test $? 1 "No server, VRF client"
3469 sleep 1
3476 log_test $? 1 "No server, enslaved device client"
3481 a=${NSA_IP6}
3484 sleep 1
3485 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3486 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3490 sleep 1
3491 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3492 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3495 a=${VRF_IP6}
3498 sleep 1
3499 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3500 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3504 sleep 1
3505 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3506 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3509 for a in ${NSA_IP6} ${VRF_IP6}
3512 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3513 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3517 a=${NSA_IP6}
3520 sleep 1
3521 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3522 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3526 sleep 1
3527 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3528 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3532 sleep 1
3533 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3534 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3538 sleep 1
3539 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3540 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3543 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3544 log_test_addr ${a} $? 1 "No server, device client, local conn"
3550 sleep 1
3556 log_test $? 1 "No server, linklocal IP"
3561 sleep 1
3567 log_test $? 1 "No server, device client, peer linklocal IP"
3572 sleep 1
3578 log_test $? 1 "No server, device client, local conn - linklocal IP"
3585 sleep 1
3596 set_sysctl net.ipv4.udp_early_demux=1
3608 set_sysctl net.ipv4.udp_l3mdev_accept=1
3624 for a in ${NSA_IP6} ${NSA_LO_IP6}
3627 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3628 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3631 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3632 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3638 a=${NL_IP6}
3640 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
3641 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
3646 a=${NSA_IP6}
3648 run_cmd nettest -6 -s -l ${a} -t1 -b
3649 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3652 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3653 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3655 # Sadly, the kernel allows binding a socket to a device and then
3658 a=${NSA_LO_IP6}
3661 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3662 log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address"
3670 for a in ${NSA_IP6} ${VRF_IP6}
3673 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3674 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3677 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3678 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3681 a=${NSA_LO_IP6}
3684 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3685 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3690 a=${NL_IP6}
3692 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
3693 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
3698 # address on enslaved device is valid for the VRF or device in a VRF
3699 for a in ${NSA_IP6} ${VRF_IP6}
3702 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3703 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3706 a=${NSA_IP6}
3708 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3709 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3711 # Sadly, the kernel allows binding a socket to a device and then
3715 a=${VRF_IP6}
3718 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3719 log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind"
3721 a=${NSA_LO_IP6}
3724 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3725 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3729 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3730 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3752 local desc="$1"
3755 local a
3760 for a in ${NSA_IP6} ${VRF_IP6}
3764 sleep 1
3765 run_cmd_nsb nettest ${varg} -r ${a} &
3768 sleep 1
3769 log_test_addr ${a} 0 0 "${desc}, global server"
3774 for a in ${NSA_IP6} ${VRF_IP6}
3778 sleep 1
3779 run_cmd_nsb nettest ${varg} -r ${a} &
3782 sleep 1
3783 log_test_addr ${a} 0 0 "${desc}, VRF server"
3788 for a in ${NSA_IP6} ${VRF_IP6}
3792 sleep 1
3793 run_cmd_nsb nettest ${varg} -r ${a} &
3796 sleep 1
3797 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3807 sleep 1
3811 sleep 1
3818 sleep 1
3822 sleep 1
3831 for a in ${NSA_IP6} ${VRF_IP6}
3835 sleep 1
3836 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3839 sleep 1
3840 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3845 for a in ${NSA_IP6} ${VRF_IP6}
3849 sleep 1
3850 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3853 sleep 1
3854 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3859 a=${NSA_IP6}
3862 sleep 1
3863 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3866 sleep 1
3867 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3873 sleep 1
3874 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3877 sleep 1
3878 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3884 sleep 1
3885 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3888 sleep 1
3889 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3895 local a
3897 a=${NSA_IP6}
3899 run_cmd_nsb ${ping6} -f ${a} &
3902 sleep 1
3903 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3909 sleep 1
3911 sleep 1
3912 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3923 ipv6_rt "TCP active socket" "-n -1"
3929 ipv6_rt "UDP active socket" "-D -n -1"
3937 local a
3939 for a in ${NSA_IP} ${VRF_IP}
3943 sleep 1
3944 run_cmd_nsb nettest -r ${a}
3945 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3951 local stype="$1"
3953 local a
3957 for a in ${NSA_IP} ${VRF_IP}
3961 sleep 1
3962 run_cmd_nsb nettest ${arg} -r ${a}
3963 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3973 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3982 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3983 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3994 local a
3996 for a in ${NSA_IP6} ${VRF_IP6}
4000 sleep 1
4001 run_cmd_nsb nettest -6 -r ${a}
4002 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
4008 local stype="$1"
4010 local a
4014 for a in ${NSA_IP6} ${VRF_IP6}
4018 sleep 1
4019 run_cmd_nsb nettest -6 ${arg} -r ${a}
4020 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
4030 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
4038 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4039 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4052 # ns-A device enslaved to bridge. Verify traffic with and without
4113 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
4119 sleep 1
4136 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4154 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4163 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
4168 # only want reply from ns-A
4169 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4170 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4179 # cycle/flap the first ns-A interface
4182 sleep 1
4190 # cycle/flap the second ns-A interface
4193 sleep 1
4202 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
4210 …run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4211 …run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4214 sleep 1
4219 sleep 1
4277 v) VERBOSE=1;;
4279 *) usage; exit 1;;
4340 exit 1 # KSFT_FAIL