1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4# End-to-end eBPF tunnel test suite
5#   The script tests BPF network tunnel implementation.
6#
7# Topology:
8# ---------
9#     root namespace   |     at_ns0 namespace
10#                      |
11#      -----------     |     -----------
12#      | tnl dev |     |     | tnl dev |  (overlay network)
13#      -----------     |     -----------
14#      metadata-mode   |     native-mode
15#       with bpf       |
16#                      |
17#      ----------      |     ----------
18#      |  veth1  | --------- |  veth0  |  (underlay network)
19#      ----------    peer    ----------
20#
21#
22# Device Configuration
23# --------------------
24# Root namespace with metadata-mode tunnel + BPF
25# Device names and addresses:
26# 	veth1 IP: 172.16.1.200, IPv6: 00::22 (underlay)
27# 	tunnel dev <type>11, ex: gre11, IPv4: 10.1.1.200 (overlay)
28#
29# Namespace at_ns0 with native tunnel
30# Device names and addresses:
31# 	veth0 IPv4: 172.16.1.100, IPv6: 00::11 (underlay)
32# 	tunnel dev <type>00, ex: gre00, IPv4: 10.1.1.100 (overlay)
33#
34#
35# End-to-end ping packet flow
36# ---------------------------
37# Most of the tests start by namespace creation, device configuration,
38# then ping the underlay and overlay network.  When doing 'ping 10.1.1.100'
39# from root namespace, the following operations happen:
40# 1) Route lookup shows 10.1.1.100/24 belongs to tnl dev, fwd to tnl dev.
41# 2) Tnl device's egress BPF program is triggered and set the tunnel metadata,
42#    with remote_ip=172.16.1.200 and others.
43# 3) Outer tunnel header is prepended and route the packet to veth1's egress
44# 4) veth0's ingress queue receive the tunneled packet at namespace at_ns0
45# 5) Tunnel protocol handler, ex: vxlan_rcv, decap the packet
46# 6) Forward the packet to the overlay tnl dev
47
48PING_ARG="-c 3 -w 10 -q"
49ret=0
50GREEN='\033[0;92m'
51RED='\033[0;31m'
52NC='\033[0m' # No Color
53
54config_device()
55{
56	ip netns add at_ns0
57	ip link add veth0 type veth peer name veth1
58	ip link set veth0 netns at_ns0
59	ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0
60	ip netns exec at_ns0 ip link set dev veth0 up
61	ip link set dev veth1 up mtu 1500
62	ip addr add dev veth1 172.16.1.200/24
63}
64
65add_gre_tunnel()
66{
67	# at_ns0 namespace
68	ip netns exec at_ns0 \
69        ip link add dev $DEV_NS type $TYPE seq key 2 \
70		local 172.16.1.100 remote 172.16.1.200
71	ip netns exec at_ns0 ip link set dev $DEV_NS up
72	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
73
74	# root namespace
75	ip link add dev $DEV type $TYPE key 2 external
76	ip link set dev $DEV up
77	ip addr add dev $DEV 10.1.1.200/24
78}
79
80add_ip6gretap_tunnel()
81{
82
83	# assign ipv6 address
84	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
85	ip netns exec at_ns0 ip link set dev veth0 up
86	ip addr add dev veth1 ::22/96
87	ip link set dev veth1 up
88
89	# at_ns0 namespace
90	ip netns exec at_ns0 \
91		ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \
92		local ::11 remote ::22
93
94	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
95	ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
96	ip netns exec at_ns0 ip link set dev $DEV_NS up
97
98	# root namespace
99	ip link add dev $DEV type $TYPE external
100	ip addr add dev $DEV 10.1.1.200/24
101	ip addr add dev $DEV fc80::200/24
102	ip link set dev $DEV up
103}
104
105add_erspan_tunnel()
106{
107	# at_ns0 namespace
108	if [ "$1" == "v1" ]; then
109		ip netns exec at_ns0 \
110		ip link add dev $DEV_NS type $TYPE seq key 2 \
111		local 172.16.1.100 remote 172.16.1.200 \
112		erspan_ver 1 erspan 123
113	else
114		ip netns exec at_ns0 \
115		ip link add dev $DEV_NS type $TYPE seq key 2 \
116		local 172.16.1.100 remote 172.16.1.200 \
117		erspan_ver 2 erspan_dir egress erspan_hwid 3
118	fi
119	ip netns exec at_ns0 ip link set dev $DEV_NS up
120	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
121
122	# root namespace
123	ip link add dev $DEV type $TYPE external
124	ip link set dev $DEV up
125	ip addr add dev $DEV 10.1.1.200/24
126}
127
128add_ip6erspan_tunnel()
129{
130
131	# assign ipv6 address
132	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
133	ip netns exec at_ns0 ip link set dev veth0 up
134	ip addr add dev veth1 ::22/96
135	ip link set dev veth1 up
136
137	# at_ns0 namespace
138	if [ "$1" == "v1" ]; then
139		ip netns exec at_ns0 \
140		ip link add dev $DEV_NS type $TYPE seq key 2 \
141		local ::11 remote ::22 \
142		erspan_ver 1 erspan 123
143	else
144		ip netns exec at_ns0 \
145		ip link add dev $DEV_NS type $TYPE seq key 2 \
146		local ::11 remote ::22 \
147		erspan_ver 2 erspan_dir egress erspan_hwid 7
148	fi
149	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
150	ip netns exec at_ns0 ip link set dev $DEV_NS up
151
152	# root namespace
153	ip link add dev $DEV type $TYPE external
154	ip addr add dev $DEV 10.1.1.200/24
155	ip link set dev $DEV up
156}
157
158add_vxlan_tunnel()
159{
160	# Set static ARP entry here because iptables set-mark works
161	# on L3 packet, as a result not applying to ARP packets,
162	# causing errors at get_tunnel_{key/opt}.
163
164	# at_ns0 namespace
165	ip netns exec at_ns0 \
166		ip link add dev $DEV_NS type $TYPE \
167		id 2 dstport 4789 gbp remote 172.16.1.200
168	ip netns exec at_ns0 \
169		ip link set dev $DEV_NS address 52:54:00:d9:01:00 up
170	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
171	ip netns exec at_ns0 arp -s 10.1.1.200 52:54:00:d9:02:00
172	ip netns exec at_ns0 iptables -A OUTPUT -j MARK --set-mark 0x800FF
173
174	# root namespace
175	ip link add dev $DEV type $TYPE external gbp dstport 4789
176	ip link set dev $DEV address 52:54:00:d9:02:00 up
177	ip addr add dev $DEV 10.1.1.200/24
178	arp -s 10.1.1.100 52:54:00:d9:01:00
179}
180
181add_ip6vxlan_tunnel()
182{
183	#ip netns exec at_ns0 ip -4 addr del 172.16.1.100 dev veth0
184	ip netns exec at_ns0 ip -6 addr add ::11/96 dev veth0
185	ip netns exec at_ns0 ip link set dev veth0 up
186	#ip -4 addr del 172.16.1.200 dev veth1
187	ip -6 addr add dev veth1 ::22/96
188	ip link set dev veth1 up
189
190	# at_ns0 namespace
191	ip netns exec at_ns0 \
192		ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \
193		local ::11 remote ::22
194	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
195	ip netns exec at_ns0 ip link set dev $DEV_NS up
196
197	# root namespace
198	ip link add dev $DEV type $TYPE external dstport 4789
199	ip addr add dev $DEV 10.1.1.200/24
200	ip link set dev $DEV up
201}
202
203add_geneve_tunnel()
204{
205	# at_ns0 namespace
206	ip netns exec at_ns0 \
207		ip link add dev $DEV_NS type $TYPE \
208		id 2 dstport 6081 remote 172.16.1.200
209	ip netns exec at_ns0 ip link set dev $DEV_NS up
210	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
211
212	# root namespace
213	ip link add dev $DEV type $TYPE dstport 6081 external
214	ip link set dev $DEV up
215	ip addr add dev $DEV 10.1.1.200/24
216}
217
218add_ip6geneve_tunnel()
219{
220	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
221	ip netns exec at_ns0 ip link set dev veth0 up
222	ip addr add dev veth1 ::22/96
223	ip link set dev veth1 up
224
225	# at_ns0 namespace
226	ip netns exec at_ns0 \
227		ip link add dev $DEV_NS type $TYPE id 22 \
228		remote ::22     # geneve has no local option
229	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
230	ip netns exec at_ns0 ip link set dev $DEV_NS up
231
232	# root namespace
233	ip link add dev $DEV type $TYPE external
234	ip addr add dev $DEV 10.1.1.200/24
235	ip link set dev $DEV up
236}
237
238add_ipip_tunnel()
239{
240	# at_ns0 namespace
241	ip netns exec at_ns0 \
242		ip link add dev $DEV_NS type $TYPE \
243		local 172.16.1.100 remote 172.16.1.200
244	ip netns exec at_ns0 ip link set dev $DEV_NS up
245	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
246
247	# root namespace
248	ip link add dev $DEV type $TYPE external
249	ip link set dev $DEV up
250	ip addr add dev $DEV 10.1.1.200/24
251}
252
253add_ipip6tnl_tunnel()
254{
255	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
256	ip netns exec at_ns0 ip link set dev veth0 up
257	ip addr add dev veth1 ::22/96
258	ip link set dev veth1 up
259
260	# at_ns0 namespace
261	ip netns exec at_ns0 \
262		ip link add dev $DEV_NS type $TYPE \
263		local ::11 remote ::22
264	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
265	ip netns exec at_ns0 ip link set dev $DEV_NS up
266
267	# root namespace
268	ip link add dev $DEV type $TYPE external
269	ip addr add dev $DEV 10.1.1.200/24
270	ip link set dev $DEV up
271}
272
273test_gre()
274{
275	TYPE=gretap
276	DEV_NS=gretap00
277	DEV=gretap11
278	ret=0
279
280	check $TYPE
281	config_device
282	add_gre_tunnel
283	attach_bpf $DEV gre_set_tunnel gre_get_tunnel
284	ping $PING_ARG 10.1.1.100
285	check_err $?
286	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
287	check_err $?
288	cleanup
289
290        if [ $ret -ne 0 ]; then
291                echo -e ${RED}"FAIL: $TYPE"${NC}
292                return 1
293        fi
294        echo -e ${GREEN}"PASS: $TYPE"${NC}
295}
296
297test_ip6gre()
298{
299	TYPE=ip6gre
300	DEV_NS=ip6gre00
301	DEV=ip6gre11
302	ret=0
303
304	check $TYPE
305	config_device
306	# reuse the ip6gretap function
307	add_ip6gretap_tunnel
308	attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
309	# underlay
310	ping6 $PING_ARG ::11
311	# overlay: ipv4 over ipv6
312	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
313	ping $PING_ARG 10.1.1.100
314	check_err $?
315	# overlay: ipv6 over ipv6
316	ip netns exec at_ns0 ping6 $PING_ARG fc80::200
317	check_err $?
318	cleanup
319
320        if [ $ret -ne 0 ]; then
321                echo -e ${RED}"FAIL: $TYPE"${NC}
322                return 1
323        fi
324        echo -e ${GREEN}"PASS: $TYPE"${NC}
325}
326
327test_ip6gretap()
328{
329	TYPE=ip6gretap
330	DEV_NS=ip6gretap00
331	DEV=ip6gretap11
332	ret=0
333
334	check $TYPE
335	config_device
336	add_ip6gretap_tunnel
337	attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
338	# underlay
339	ping6 $PING_ARG ::11
340	# overlay: ipv4 over ipv6
341	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
342	ping $PING_ARG 10.1.1.100
343	check_err $?
344	# overlay: ipv6 over ipv6
345	ip netns exec at_ns0 ping6 $PING_ARG fc80::200
346	check_err $?
347	cleanup
348
349	if [ $ret -ne 0 ]; then
350                echo -e ${RED}"FAIL: $TYPE"${NC}
351                return 1
352        fi
353        echo -e ${GREEN}"PASS: $TYPE"${NC}
354}
355
356test_erspan()
357{
358	TYPE=erspan
359	DEV_NS=erspan00
360	DEV=erspan11
361	ret=0
362
363	check $TYPE
364	config_device
365	add_erspan_tunnel $1
366	attach_bpf $DEV erspan_set_tunnel erspan_get_tunnel
367	ping $PING_ARG 10.1.1.100
368	check_err $?
369	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
370	check_err $?
371	cleanup
372
373	if [ $ret -ne 0 ]; then
374                echo -e ${RED}"FAIL: $TYPE"${NC}
375                return 1
376        fi
377        echo -e ${GREEN}"PASS: $TYPE"${NC}
378}
379
380test_ip6erspan()
381{
382	TYPE=ip6erspan
383	DEV_NS=ip6erspan00
384	DEV=ip6erspan11
385	ret=0
386
387	check $TYPE
388	config_device
389	add_ip6erspan_tunnel $1
390	attach_bpf $DEV ip4ip6erspan_set_tunnel ip4ip6erspan_get_tunnel
391	ping6 $PING_ARG ::11
392	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
393	check_err $?
394	cleanup
395
396	if [ $ret -ne 0 ]; then
397                echo -e ${RED}"FAIL: $TYPE"${NC}
398                return 1
399        fi
400        echo -e ${GREEN}"PASS: $TYPE"${NC}
401}
402
403test_vxlan()
404{
405	TYPE=vxlan
406	DEV_NS=vxlan00
407	DEV=vxlan11
408	ret=0
409
410	check $TYPE
411	config_device
412	add_vxlan_tunnel
413	attach_bpf $DEV vxlan_set_tunnel vxlan_get_tunnel
414	ping $PING_ARG 10.1.1.100
415	check_err $?
416	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
417	check_err $?
418	cleanup
419
420	if [ $ret -ne 0 ]; then
421                echo -e ${RED}"FAIL: $TYPE"${NC}
422                return 1
423        fi
424        echo -e ${GREEN}"PASS: $TYPE"${NC}
425}
426
427test_ip6vxlan()
428{
429	TYPE=vxlan
430	DEV_NS=ip6vxlan00
431	DEV=ip6vxlan11
432	ret=0
433
434	check $TYPE
435	config_device
436	add_ip6vxlan_tunnel
437	ip link set dev veth1 mtu 1500
438	attach_bpf $DEV ip6vxlan_set_tunnel ip6vxlan_get_tunnel
439	# underlay
440	ping6 $PING_ARG ::11
441	# ip4 over ip6
442	ping $PING_ARG 10.1.1.100
443	check_err $?
444	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
445	check_err $?
446	cleanup
447
448	if [ $ret -ne 0 ]; then
449                echo -e ${RED}"FAIL: ip6$TYPE"${NC}
450                return 1
451        fi
452        echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
453}
454
455test_geneve()
456{
457	TYPE=geneve
458	DEV_NS=geneve00
459	DEV=geneve11
460	ret=0
461
462	check $TYPE
463	config_device
464	add_geneve_tunnel
465	attach_bpf $DEV geneve_set_tunnel geneve_get_tunnel
466	ping $PING_ARG 10.1.1.100
467	check_err $?
468	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
469	check_err $?
470	cleanup
471
472	if [ $ret -ne 0 ]; then
473                echo -e ${RED}"FAIL: $TYPE"${NC}
474                return 1
475        fi
476        echo -e ${GREEN}"PASS: $TYPE"${NC}
477}
478
479test_ip6geneve()
480{
481	TYPE=geneve
482	DEV_NS=ip6geneve00
483	DEV=ip6geneve11
484	ret=0
485
486	check $TYPE
487	config_device
488	add_ip6geneve_tunnel
489	attach_bpf $DEV ip6geneve_set_tunnel ip6geneve_get_tunnel
490	ping $PING_ARG 10.1.1.100
491	check_err $?
492	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
493	check_err $?
494	cleanup
495
496	if [ $ret -ne 0 ]; then
497                echo -e ${RED}"FAIL: ip6$TYPE"${NC}
498                return 1
499        fi
500        echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
501}
502
503test_ipip()
504{
505	TYPE=ipip
506	DEV_NS=ipip00
507	DEV=ipip11
508	ret=0
509
510	check $TYPE
511	config_device
512	add_ipip_tunnel
513	ip link set dev veth1 mtu 1500
514	attach_bpf $DEV ipip_set_tunnel ipip_get_tunnel
515	ping $PING_ARG 10.1.1.100
516	check_err $?
517	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
518	check_err $?
519	cleanup
520
521	if [ $ret -ne 0 ]; then
522                echo -e ${RED}"FAIL: $TYPE"${NC}
523                return 1
524        fi
525        echo -e ${GREEN}"PASS: $TYPE"${NC}
526}
527
528test_ipip6()
529{
530	TYPE=ip6tnl
531	DEV_NS=ipip6tnl00
532	DEV=ipip6tnl11
533	ret=0
534
535	check $TYPE
536	config_device
537	add_ipip6tnl_tunnel
538	ip link set dev veth1 mtu 1500
539	attach_bpf $DEV ipip6_set_tunnel ipip6_get_tunnel
540	# underlay
541	ping6 $PING_ARG ::11
542	# ip4 over ip6
543	ping $PING_ARG 10.1.1.100
544	check_err $?
545	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
546	check_err $?
547	cleanup
548
549	if [ $ret -ne 0 ]; then
550                echo -e ${RED}"FAIL: $TYPE"${NC}
551                return 1
552        fi
553        echo -e ${GREEN}"PASS: $TYPE"${NC}
554}
555
556setup_xfrm_tunnel()
557{
558	auth=0x$(printf '1%.0s' {1..40})
559	enc=0x$(printf '2%.0s' {1..32})
560	spi_in_to_out=0x1
561	spi_out_to_in=0x2
562	# at_ns0 namespace
563	# at_ns0 -> root
564	ip netns exec at_ns0 \
565		ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
566			spi $spi_in_to_out reqid 1 mode tunnel \
567			auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
568	ip netns exec at_ns0 \
569		ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \
570		tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \
571		mode tunnel
572	# root -> at_ns0
573	ip netns exec at_ns0 \
574		ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
575			spi $spi_out_to_in reqid 2 mode tunnel \
576			auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
577	ip netns exec at_ns0 \
578		ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \
579		tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \
580		mode tunnel
581	# address & route
582	ip netns exec at_ns0 \
583		ip addr add dev veth0 10.1.1.100/32
584	ip netns exec at_ns0 \
585		ip route add 10.1.1.200 dev veth0 via 172.16.1.200 \
586			src 10.1.1.100
587
588	# root namespace
589	# at_ns0 -> root
590	ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
591		spi $spi_in_to_out reqid 1 mode tunnel \
592		auth-trunc 'hmac(sha1)' $auth 96  enc 'cbc(aes)' $enc
593	ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \
594		tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \
595		mode tunnel
596	# root -> at_ns0
597	ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
598		spi $spi_out_to_in reqid 2 mode tunnel \
599		auth-trunc 'hmac(sha1)' $auth 96  enc 'cbc(aes)' $enc
600	ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \
601		tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \
602		mode tunnel
603	# address & route
604	ip addr add dev veth1 10.1.1.200/32
605	ip route add 10.1.1.100 dev veth1 via 172.16.1.100 src 10.1.1.200
606}
607
608test_xfrm_tunnel()
609{
610	config_device
611	> /sys/kernel/debug/tracing/trace
612	setup_xfrm_tunnel
613	tc qdisc add dev veth1 clsact
614	tc filter add dev veth1 proto ip ingress bpf da obj test_tunnel_kern.o \
615		sec xfrm_get_state
616	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
617	sleep 1
618	grep "reqid 1" /sys/kernel/debug/tracing/trace
619	check_err $?
620	grep "spi 0x1" /sys/kernel/debug/tracing/trace
621	check_err $?
622	grep "remote ip 0xac100164" /sys/kernel/debug/tracing/trace
623	check_err $?
624	cleanup
625
626	if [ $ret -ne 0 ]; then
627		echo -e ${RED}"FAIL: xfrm tunnel"${NC}
628		return 1
629	fi
630	echo -e ${GREEN}"PASS: xfrm tunnel"${NC}
631}
632
633attach_bpf()
634{
635	DEV=$1
636	SET=$2
637	GET=$3
638	tc qdisc add dev $DEV clsact
639	tc filter add dev $DEV egress bpf da obj test_tunnel_kern.o sec $SET
640	tc filter add dev $DEV ingress bpf da obj test_tunnel_kern.o sec $GET
641}
642
643cleanup()
644{
645	ip netns delete at_ns0 2> /dev/null
646	ip link del veth1 2> /dev/null
647	ip link del ipip11 2> /dev/null
648	ip link del ipip6tnl11 2> /dev/null
649	ip link del gretap11 2> /dev/null
650	ip link del ip6gre11 2> /dev/null
651	ip link del ip6gretap11 2> /dev/null
652	ip link del vxlan11 2> /dev/null
653	ip link del ip6vxlan11 2> /dev/null
654	ip link del geneve11 2> /dev/null
655	ip link del ip6geneve11 2> /dev/null
656	ip link del erspan11 2> /dev/null
657	ip link del ip6erspan11 2> /dev/null
658	ip xfrm policy delete dir out src 10.1.1.200/32 dst 10.1.1.100/32 2> /dev/null
659	ip xfrm policy delete dir in src 10.1.1.100/32 dst 10.1.1.200/32 2> /dev/null
660	ip xfrm state delete src 172.16.1.100 dst 172.16.1.200 proto esp spi 0x1 2> /dev/null
661	ip xfrm state delete src 172.16.1.200 dst 172.16.1.100 proto esp spi 0x2 2> /dev/null
662}
663
664cleanup_exit()
665{
666	echo "CATCH SIGKILL or SIGINT, cleanup and exit"
667	cleanup
668	exit 0
669}
670
671check()
672{
673	ip link help 2>&1 | grep -q "\s$1\s"
674	if [ $? -ne 0 ];then
675		echo "SKIP $1: iproute2 not support"
676	cleanup
677	return 1
678	fi
679}
680
681enable_debug()
682{
683	echo 'file ip_gre.c +p' > /sys/kernel/debug/dynamic_debug/control
684	echo 'file ip6_gre.c +p' > /sys/kernel/debug/dynamic_debug/control
685	echo 'file vxlan.c +p' > /sys/kernel/debug/dynamic_debug/control
686	echo 'file geneve.c +p' > /sys/kernel/debug/dynamic_debug/control
687	echo 'file ipip.c +p' > /sys/kernel/debug/dynamic_debug/control
688}
689
690check_err()
691{
692	if [ $ret -eq 0 ]; then
693		ret=$1
694	fi
695}
696
697bpf_tunnel_test()
698{
699	local errors=0
700
701	echo "Testing GRE tunnel..."
702	test_gre
703	errors=$(( $errors + $? ))
704
705	echo "Testing IP6GRE tunnel..."
706	test_ip6gre
707	errors=$(( $errors + $? ))
708
709	echo "Testing IP6GRETAP tunnel..."
710	test_ip6gretap
711	errors=$(( $errors + $? ))
712
713	echo "Testing ERSPAN tunnel..."
714	test_erspan v2
715	errors=$(( $errors + $? ))
716
717	echo "Testing IP6ERSPAN tunnel..."
718	test_ip6erspan v2
719	errors=$(( $errors + $? ))
720
721	echo "Testing VXLAN tunnel..."
722	test_vxlan
723	errors=$(( $errors + $? ))
724
725	echo "Testing IP6VXLAN tunnel..."
726	test_ip6vxlan
727	errors=$(( $errors + $? ))
728
729	echo "Testing GENEVE tunnel..."
730	test_geneve
731	errors=$(( $errors + $? ))
732
733	echo "Testing IP6GENEVE tunnel..."
734	test_ip6geneve
735	errors=$(( $errors + $? ))
736
737	echo "Testing IPIP tunnel..."
738	test_ipip
739	errors=$(( $errors + $? ))
740
741	echo "Testing IPIP6 tunnel..."
742	test_ipip6
743	errors=$(( $errors + $? ))
744
745	echo "Testing IPSec tunnel..."
746	test_xfrm_tunnel
747	errors=$(( $errors + $? ))
748
749	return $errors
750}
751
752trap cleanup 0 3 6
753trap cleanup_exit 2 9
754
755cleanup
756bpf_tunnel_test
757
758if [ $? -ne 0 ]; then
759	echo -e "$(basename $0): ${RED}FAIL${NC}"
760	exit 1
761fi
762echo -e "$(basename $0): ${GREEN}PASS${NC}"
763exit 0
764