1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4# End-to-end eBPF tunnel test suite 5# The script tests BPF network tunnel implementation. 6# 7# Topology: 8# --------- 9# root namespace | at_ns0 namespace 10# | 11# ----------- | ----------- 12# | tnl dev | | | tnl dev | (overlay network) 13# ----------- | ----------- 14# metadata-mode | native-mode 15# with bpf | 16# | 17# ---------- | ---------- 18# | veth1 | --------- | veth0 | (underlay network) 19# ---------- peer ---------- 20# 21# 22# Device Configuration 23# -------------------- 24# Root namespace with metadata-mode tunnel + BPF 25# Device names and addresses: 26# veth1 IP: 172.16.1.200, IPv6: 00::22 (underlay) 27# tunnel dev <type>11, ex: gre11, IPv4: 10.1.1.200, IPv6: 1::22 (overlay) 28# 29# Namespace at_ns0 with native tunnel 30# Device names and addresses: 31# veth0 IPv4: 172.16.1.100, IPv6: 00::11 (underlay) 32# tunnel dev <type>00, ex: gre00, IPv4: 10.1.1.100, IPv6: 1::11 (overlay) 33# 34# 35# End-to-end ping packet flow 36# --------------------------- 37# Most of the tests start by namespace creation, device configuration, 38# then ping the underlay and overlay network. When doing 'ping 10.1.1.100' 39# from root namespace, the following operations happen: 40# 1) Route lookup shows 10.1.1.100/24 belongs to tnl dev, fwd to tnl dev. 41# 2) Tnl device's egress BPF program is triggered and set the tunnel metadata, 42# with remote_ip=172.16.1.100 and others. 43# 3) Outer tunnel header is prepended and route the packet to veth1's egress 44# 4) veth0's ingress queue receive the tunneled packet at namespace at_ns0 45# 5) Tunnel protocol handler, ex: vxlan_rcv, decap the packet 46# 6) Forward the packet to the overlay tnl dev 47 48PING_ARG="-c 3 -w 10 -q" 49ret=0 50GREEN='\033[0;92m' 51RED='\033[0;31m' 52NC='\033[0m' # No Color 53 54config_device() 55{ 56 ip netns add at_ns0 57 ip link add veth0 type veth peer name veth1 58 ip link set veth0 netns at_ns0 59 ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0 60 ip netns exec at_ns0 ip link set dev veth0 up 61 ip link set dev veth1 up mtu 1500 62 ip addr add dev veth1 172.16.1.200/24 63} 64 65add_gre_tunnel() 66{ 67 # at_ns0 namespace 68 ip netns exec at_ns0 \ 69 ip link add dev $DEV_NS type $TYPE seq key 2 \ 70 local 172.16.1.100 remote 172.16.1.200 71 ip netns exec at_ns0 ip link set dev $DEV_NS up 72 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 73 74 # root namespace 75 ip link add dev $DEV type $TYPE key 2 external 76 ip link set dev $DEV up 77 ip addr add dev $DEV 10.1.1.200/24 78} 79 80add_ip6gretap_tunnel() 81{ 82 83 # assign ipv6 address 84 ip netns exec at_ns0 ip addr add ::11/96 dev veth0 85 ip netns exec at_ns0 ip link set dev veth0 up 86 ip addr add dev veth1 ::22/96 87 ip link set dev veth1 up 88 89 # at_ns0 namespace 90 ip netns exec at_ns0 \ 91 ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \ 92 local ::11 remote ::22 93 94 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 95 ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96 96 ip netns exec at_ns0 ip link set dev $DEV_NS up 97 98 # root namespace 99 ip link add dev $DEV type $TYPE external 100 ip addr add dev $DEV 10.1.1.200/24 101 ip addr add dev $DEV fc80::200/24 102 ip link set dev $DEV up 103} 104 105add_erspan_tunnel() 106{ 107 # at_ns0 namespace 108 if [ "$1" == "v1" ]; then 109 ip netns exec at_ns0 \ 110 ip link add dev $DEV_NS type $TYPE seq key 2 \ 111 local 172.16.1.100 remote 172.16.1.200 \ 112 erspan_ver 1 erspan 123 113 else 114 ip netns exec at_ns0 \ 115 ip link add dev $DEV_NS type $TYPE seq key 2 \ 116 local 172.16.1.100 remote 172.16.1.200 \ 117 erspan_ver 2 erspan_dir egress erspan_hwid 3 118 fi 119 ip netns exec at_ns0 ip link set dev $DEV_NS up 120 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 121 122 # root namespace 123 ip link add dev $DEV type $TYPE external 124 ip link set dev $DEV up 125 ip addr add dev $DEV 10.1.1.200/24 126} 127 128add_ip6erspan_tunnel() 129{ 130 131 # assign ipv6 address 132 ip netns exec at_ns0 ip addr add ::11/96 dev veth0 133 ip netns exec at_ns0 ip link set dev veth0 up 134 ip addr add dev veth1 ::22/96 135 ip link set dev veth1 up 136 137 # at_ns0 namespace 138 if [ "$1" == "v1" ]; then 139 ip netns exec at_ns0 \ 140 ip link add dev $DEV_NS type $TYPE seq key 2 \ 141 local ::11 remote ::22 \ 142 erspan_ver 1 erspan 123 143 else 144 ip netns exec at_ns0 \ 145 ip link add dev $DEV_NS type $TYPE seq key 2 \ 146 local ::11 remote ::22 \ 147 erspan_ver 2 erspan_dir egress erspan_hwid 7 148 fi 149 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 150 ip netns exec at_ns0 ip link set dev $DEV_NS up 151 152 # root namespace 153 ip link add dev $DEV type $TYPE external 154 ip addr add dev $DEV 10.1.1.200/24 155 ip link set dev $DEV up 156} 157 158add_vxlan_tunnel() 159{ 160 # Set static ARP entry here because iptables set-mark works 161 # on L3 packet, as a result not applying to ARP packets, 162 # causing errors at get_tunnel_{key/opt}. 163 164 # at_ns0 namespace 165 ip netns exec at_ns0 \ 166 ip link add dev $DEV_NS type $TYPE \ 167 id 2 dstport 4789 gbp remote 172.16.1.200 168 ip netns exec at_ns0 \ 169 ip link set dev $DEV_NS address 52:54:00:d9:01:00 up 170 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 171 ip netns exec at_ns0 \ 172 ip neigh add 10.1.1.200 lladdr 52:54:00:d9:02:00 dev $DEV_NS 173 ip netns exec at_ns0 iptables -A OUTPUT -j MARK --set-mark 0x800FF 174 175 # root namespace 176 ip link add dev $DEV type $TYPE external gbp dstport 4789 177 ip link set dev $DEV address 52:54:00:d9:02:00 up 178 ip addr add dev $DEV 10.1.1.200/24 179 ip neigh add 10.1.1.100 lladdr 52:54:00:d9:01:00 dev $DEV 180} 181 182add_ip6vxlan_tunnel() 183{ 184 #ip netns exec at_ns0 ip -4 addr del 172.16.1.100 dev veth0 185 ip netns exec at_ns0 ip -6 addr add ::11/96 dev veth0 186 ip netns exec at_ns0 ip link set dev veth0 up 187 #ip -4 addr del 172.16.1.200 dev veth1 188 ip -6 addr add dev veth1 ::22/96 189 ip link set dev veth1 up 190 191 # at_ns0 namespace 192 ip netns exec at_ns0 \ 193 ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \ 194 local ::11 remote ::22 195 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 196 ip netns exec at_ns0 ip link set dev $DEV_NS up 197 198 # root namespace 199 ip link add dev $DEV type $TYPE external dstport 4789 200 ip addr add dev $DEV 10.1.1.200/24 201 ip link set dev $DEV up 202} 203 204add_geneve_tunnel() 205{ 206 # at_ns0 namespace 207 ip netns exec at_ns0 \ 208 ip link add dev $DEV_NS type $TYPE \ 209 id 2 dstport 6081 remote 172.16.1.200 210 ip netns exec at_ns0 ip link set dev $DEV_NS up 211 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 212 213 # root namespace 214 ip link add dev $DEV type $TYPE dstport 6081 external 215 ip link set dev $DEV up 216 ip addr add dev $DEV 10.1.1.200/24 217} 218 219add_ip6geneve_tunnel() 220{ 221 ip netns exec at_ns0 ip addr add ::11/96 dev veth0 222 ip netns exec at_ns0 ip link set dev veth0 up 223 ip addr add dev veth1 ::22/96 224 ip link set dev veth1 up 225 226 # at_ns0 namespace 227 ip netns exec at_ns0 \ 228 ip link add dev $DEV_NS type $TYPE id 22 \ 229 remote ::22 # geneve has no local option 230 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 231 ip netns exec at_ns0 ip link set dev $DEV_NS up 232 233 # root namespace 234 ip link add dev $DEV type $TYPE external 235 ip addr add dev $DEV 10.1.1.200/24 236 ip link set dev $DEV up 237} 238 239add_ipip_tunnel() 240{ 241 # at_ns0 namespace 242 ip netns exec at_ns0 \ 243 ip link add dev $DEV_NS type $TYPE \ 244 local 172.16.1.100 remote 172.16.1.200 245 ip netns exec at_ns0 ip link set dev $DEV_NS up 246 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 247 248 # root namespace 249 ip link add dev $DEV type $TYPE external 250 ip link set dev $DEV up 251 ip addr add dev $DEV 10.1.1.200/24 252} 253 254add_ip6tnl_tunnel() 255{ 256 ip netns exec at_ns0 ip addr add ::11/96 dev veth0 257 ip netns exec at_ns0 ip link set dev veth0 up 258 ip addr add dev veth1 ::22/96 259 ip link set dev veth1 up 260 261 # at_ns0 namespace 262 ip netns exec at_ns0 \ 263 ip link add dev $DEV_NS type $TYPE \ 264 local ::11 remote ::22 265 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 266 ip netns exec at_ns0 ip addr add dev $DEV_NS 1::11/96 267 ip netns exec at_ns0 ip link set dev $DEV_NS up 268 269 # root namespace 270 ip link add dev $DEV type $TYPE external 271 ip addr add dev $DEV 10.1.1.200/24 272 ip addr add dev $DEV 1::22/96 273 ip link set dev $DEV up 274} 275 276test_gre() 277{ 278 TYPE=gretap 279 DEV_NS=gretap00 280 DEV=gretap11 281 ret=0 282 283 check $TYPE 284 config_device 285 add_gre_tunnel 286 attach_bpf $DEV gre_set_tunnel gre_get_tunnel 287 ping $PING_ARG 10.1.1.100 288 check_err $? 289 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 290 check_err $? 291 cleanup 292 293 if [ $ret -ne 0 ]; then 294 echo -e ${RED}"FAIL: $TYPE"${NC} 295 return 1 296 fi 297 echo -e ${GREEN}"PASS: $TYPE"${NC} 298} 299 300test_ip6gre() 301{ 302 TYPE=ip6gre 303 DEV_NS=ip6gre00 304 DEV=ip6gre11 305 ret=0 306 307 check $TYPE 308 config_device 309 # reuse the ip6gretap function 310 add_ip6gretap_tunnel 311 attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel 312 # underlay 313 ping6 $PING_ARG ::11 314 # overlay: ipv4 over ipv6 315 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 316 ping $PING_ARG 10.1.1.100 317 check_err $? 318 # overlay: ipv6 over ipv6 319 ip netns exec at_ns0 ping6 $PING_ARG fc80::200 320 check_err $? 321 cleanup 322 323 if [ $ret -ne 0 ]; then 324 echo -e ${RED}"FAIL: $TYPE"${NC} 325 return 1 326 fi 327 echo -e ${GREEN}"PASS: $TYPE"${NC} 328} 329 330test_ip6gretap() 331{ 332 TYPE=ip6gretap 333 DEV_NS=ip6gretap00 334 DEV=ip6gretap11 335 ret=0 336 337 check $TYPE 338 config_device 339 add_ip6gretap_tunnel 340 attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel 341 # underlay 342 ping6 $PING_ARG ::11 343 # overlay: ipv4 over ipv6 344 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 345 ping $PING_ARG 10.1.1.100 346 check_err $? 347 # overlay: ipv6 over ipv6 348 ip netns exec at_ns0 ping6 $PING_ARG fc80::200 349 check_err $? 350 cleanup 351 352 if [ $ret -ne 0 ]; then 353 echo -e ${RED}"FAIL: $TYPE"${NC} 354 return 1 355 fi 356 echo -e ${GREEN}"PASS: $TYPE"${NC} 357} 358 359test_erspan() 360{ 361 TYPE=erspan 362 DEV_NS=erspan00 363 DEV=erspan11 364 ret=0 365 366 check $TYPE 367 config_device 368 add_erspan_tunnel $1 369 attach_bpf $DEV erspan_set_tunnel erspan_get_tunnel 370 ping $PING_ARG 10.1.1.100 371 check_err $? 372 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 373 check_err $? 374 cleanup 375 376 if [ $ret -ne 0 ]; then 377 echo -e ${RED}"FAIL: $TYPE"${NC} 378 return 1 379 fi 380 echo -e ${GREEN}"PASS: $TYPE"${NC} 381} 382 383test_ip6erspan() 384{ 385 TYPE=ip6erspan 386 DEV_NS=ip6erspan00 387 DEV=ip6erspan11 388 ret=0 389 390 check $TYPE 391 config_device 392 add_ip6erspan_tunnel $1 393 attach_bpf $DEV ip4ip6erspan_set_tunnel ip4ip6erspan_get_tunnel 394 ping6 $PING_ARG ::11 395 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 396 check_err $? 397 cleanup 398 399 if [ $ret -ne 0 ]; then 400 echo -e ${RED}"FAIL: $TYPE"${NC} 401 return 1 402 fi 403 echo -e ${GREEN}"PASS: $TYPE"${NC} 404} 405 406test_vxlan() 407{ 408 TYPE=vxlan 409 DEV_NS=vxlan00 410 DEV=vxlan11 411 ret=0 412 413 check $TYPE 414 config_device 415 add_vxlan_tunnel 416 attach_bpf $DEV vxlan_set_tunnel vxlan_get_tunnel 417 ping $PING_ARG 10.1.1.100 418 check_err $? 419 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 420 check_err $? 421 cleanup 422 423 if [ $ret -ne 0 ]; then 424 echo -e ${RED}"FAIL: $TYPE"${NC} 425 return 1 426 fi 427 echo -e ${GREEN}"PASS: $TYPE"${NC} 428} 429 430test_ip6vxlan() 431{ 432 TYPE=vxlan 433 DEV_NS=ip6vxlan00 434 DEV=ip6vxlan11 435 ret=0 436 437 check $TYPE 438 config_device 439 add_ip6vxlan_tunnel 440 ip link set dev veth1 mtu 1500 441 attach_bpf $DEV ip6vxlan_set_tunnel ip6vxlan_get_tunnel 442 # underlay 443 ping6 $PING_ARG ::11 444 # ip4 over ip6 445 ping $PING_ARG 10.1.1.100 446 check_err $? 447 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 448 check_err $? 449 cleanup 450 451 if [ $ret -ne 0 ]; then 452 echo -e ${RED}"FAIL: ip6$TYPE"${NC} 453 return 1 454 fi 455 echo -e ${GREEN}"PASS: ip6$TYPE"${NC} 456} 457 458test_geneve() 459{ 460 TYPE=geneve 461 DEV_NS=geneve00 462 DEV=geneve11 463 ret=0 464 465 check $TYPE 466 config_device 467 add_geneve_tunnel 468 attach_bpf $DEV geneve_set_tunnel geneve_get_tunnel 469 ping $PING_ARG 10.1.1.100 470 check_err $? 471 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 472 check_err $? 473 cleanup 474 475 if [ $ret -ne 0 ]; then 476 echo -e ${RED}"FAIL: $TYPE"${NC} 477 return 1 478 fi 479 echo -e ${GREEN}"PASS: $TYPE"${NC} 480} 481 482test_ip6geneve() 483{ 484 TYPE=geneve 485 DEV_NS=ip6geneve00 486 DEV=ip6geneve11 487 ret=0 488 489 check $TYPE 490 config_device 491 add_ip6geneve_tunnel 492 attach_bpf $DEV ip6geneve_set_tunnel ip6geneve_get_tunnel 493 ping $PING_ARG 10.1.1.100 494 check_err $? 495 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 496 check_err $? 497 cleanup 498 499 if [ $ret -ne 0 ]; then 500 echo -e ${RED}"FAIL: ip6$TYPE"${NC} 501 return 1 502 fi 503 echo -e ${GREEN}"PASS: ip6$TYPE"${NC} 504} 505 506test_ipip() 507{ 508 TYPE=ipip 509 DEV_NS=ipip00 510 DEV=ipip11 511 ret=0 512 513 check $TYPE 514 config_device 515 add_ipip_tunnel 516 ip link set dev veth1 mtu 1500 517 attach_bpf $DEV ipip_set_tunnel ipip_get_tunnel 518 ping $PING_ARG 10.1.1.100 519 check_err $? 520 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 521 check_err $? 522 cleanup 523 524 if [ $ret -ne 0 ]; then 525 echo -e ${RED}"FAIL: $TYPE"${NC} 526 return 1 527 fi 528 echo -e ${GREEN}"PASS: $TYPE"${NC} 529} 530 531test_ipip6() 532{ 533 TYPE=ip6tnl 534 DEV_NS=ipip6tnl00 535 DEV=ipip6tnl11 536 ret=0 537 538 check $TYPE 539 config_device 540 add_ip6tnl_tunnel 541 ip link set dev veth1 mtu 1500 542 attach_bpf $DEV ipip6_set_tunnel ipip6_get_tunnel 543 # underlay 544 ping6 $PING_ARG ::11 545 # ip4 over ip6 546 ping $PING_ARG 10.1.1.100 547 check_err $? 548 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 549 check_err $? 550 cleanup 551 552 if [ $ret -ne 0 ]; then 553 echo -e ${RED}"FAIL: $TYPE"${NC} 554 return 1 555 fi 556 echo -e ${GREEN}"PASS: $TYPE"${NC} 557} 558 559test_ip6ip6() 560{ 561 TYPE=ip6tnl 562 DEV_NS=ip6ip6tnl00 563 DEV=ip6ip6tnl11 564 ret=0 565 566 check $TYPE 567 config_device 568 add_ip6tnl_tunnel 569 ip link set dev veth1 mtu 1500 570 attach_bpf $DEV ip6ip6_set_tunnel ip6ip6_get_tunnel 571 # underlay 572 ping6 $PING_ARG ::11 573 # ip6 over ip6 574 ping6 $PING_ARG 1::11 575 check_err $? 576 ip netns exec at_ns0 ping6 $PING_ARG 1::22 577 check_err $? 578 cleanup 579 580 if [ $ret -ne 0 ]; then 581 echo -e ${RED}"FAIL: ip6$TYPE"${NC} 582 return 1 583 fi 584 echo -e ${GREEN}"PASS: ip6$TYPE"${NC} 585} 586 587setup_xfrm_tunnel() 588{ 589 auth=0x$(printf '1%.0s' {1..40}) 590 enc=0x$(printf '2%.0s' {1..32}) 591 spi_in_to_out=0x1 592 spi_out_to_in=0x2 593 # at_ns0 namespace 594 # at_ns0 -> root 595 ip netns exec at_ns0 \ 596 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \ 597 spi $spi_in_to_out reqid 1 mode tunnel \ 598 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc 599 ip netns exec at_ns0 \ 600 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \ 601 tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \ 602 mode tunnel 603 # root -> at_ns0 604 ip netns exec at_ns0 \ 605 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \ 606 spi $spi_out_to_in reqid 2 mode tunnel \ 607 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc 608 ip netns exec at_ns0 \ 609 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \ 610 tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \ 611 mode tunnel 612 # address & route 613 ip netns exec at_ns0 \ 614 ip addr add dev veth0 10.1.1.100/32 615 ip netns exec at_ns0 \ 616 ip route add 10.1.1.200 dev veth0 via 172.16.1.200 \ 617 src 10.1.1.100 618 619 # root namespace 620 # at_ns0 -> root 621 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \ 622 spi $spi_in_to_out reqid 1 mode tunnel \ 623 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc 624 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \ 625 tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \ 626 mode tunnel 627 # root -> at_ns0 628 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \ 629 spi $spi_out_to_in reqid 2 mode tunnel \ 630 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc 631 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \ 632 tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \ 633 mode tunnel 634 # address & route 635 ip addr add dev veth1 10.1.1.200/32 636 ip route add 10.1.1.100 dev veth1 via 172.16.1.100 src 10.1.1.200 637} 638 639test_xfrm_tunnel() 640{ 641 config_device 642 > /sys/kernel/debug/tracing/trace 643 setup_xfrm_tunnel 644 tc qdisc add dev veth1 clsact 645 tc filter add dev veth1 proto ip ingress bpf da obj test_tunnel_kern.o \ 646 sec xfrm_get_state 647 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 648 sleep 1 649 grep "reqid 1" /sys/kernel/debug/tracing/trace 650 check_err $? 651 grep "spi 0x1" /sys/kernel/debug/tracing/trace 652 check_err $? 653 grep "remote ip 0xac100164" /sys/kernel/debug/tracing/trace 654 check_err $? 655 cleanup 656 657 if [ $ret -ne 0 ]; then 658 echo -e ${RED}"FAIL: xfrm tunnel"${NC} 659 return 1 660 fi 661 echo -e ${GREEN}"PASS: xfrm tunnel"${NC} 662} 663 664attach_bpf() 665{ 666 DEV=$1 667 SET=$2 668 GET=$3 669 tc qdisc add dev $DEV clsact 670 tc filter add dev $DEV egress bpf da obj test_tunnel_kern.o sec $SET 671 tc filter add dev $DEV ingress bpf da obj test_tunnel_kern.o sec $GET 672} 673 674cleanup() 675{ 676 ip netns delete at_ns0 2> /dev/null 677 ip link del veth1 2> /dev/null 678 ip link del ipip11 2> /dev/null 679 ip link del ipip6tnl11 2> /dev/null 680 ip link del ip6ip6tnl11 2> /dev/null 681 ip link del gretap11 2> /dev/null 682 ip link del ip6gre11 2> /dev/null 683 ip link del ip6gretap11 2> /dev/null 684 ip link del vxlan11 2> /dev/null 685 ip link del ip6vxlan11 2> /dev/null 686 ip link del geneve11 2> /dev/null 687 ip link del ip6geneve11 2> /dev/null 688 ip link del erspan11 2> /dev/null 689 ip link del ip6erspan11 2> /dev/null 690 ip xfrm policy delete dir out src 10.1.1.200/32 dst 10.1.1.100/32 2> /dev/null 691 ip xfrm policy delete dir in src 10.1.1.100/32 dst 10.1.1.200/32 2> /dev/null 692 ip xfrm state delete src 172.16.1.100 dst 172.16.1.200 proto esp spi 0x1 2> /dev/null 693 ip xfrm state delete src 172.16.1.200 dst 172.16.1.100 proto esp spi 0x2 2> /dev/null 694} 695 696cleanup_exit() 697{ 698 echo "CATCH SIGKILL or SIGINT, cleanup and exit" 699 cleanup 700 exit 0 701} 702 703check() 704{ 705 ip link help 2>&1 | grep -q "\s$1\s" 706 if [ $? -ne 0 ];then 707 echo "SKIP $1: iproute2 not support" 708 cleanup 709 return 1 710 fi 711} 712 713enable_debug() 714{ 715 echo 'file ip_gre.c +p' > /sys/kernel/debug/dynamic_debug/control 716 echo 'file ip6_gre.c +p' > /sys/kernel/debug/dynamic_debug/control 717 echo 'file vxlan.c +p' > /sys/kernel/debug/dynamic_debug/control 718 echo 'file geneve.c +p' > /sys/kernel/debug/dynamic_debug/control 719 echo 'file ipip.c +p' > /sys/kernel/debug/dynamic_debug/control 720} 721 722check_err() 723{ 724 if [ $ret -eq 0 ]; then 725 ret=$1 726 fi 727} 728 729bpf_tunnel_test() 730{ 731 local errors=0 732 733 echo "Testing GRE tunnel..." 734 test_gre 735 errors=$(( $errors + $? )) 736 737 echo "Testing IP6GRE tunnel..." 738 test_ip6gre 739 errors=$(( $errors + $? )) 740 741 echo "Testing IP6GRETAP tunnel..." 742 test_ip6gretap 743 errors=$(( $errors + $? )) 744 745 echo "Testing ERSPAN tunnel..." 746 test_erspan v2 747 errors=$(( $errors + $? )) 748 749 echo "Testing IP6ERSPAN tunnel..." 750 test_ip6erspan v2 751 errors=$(( $errors + $? )) 752 753 echo "Testing VXLAN tunnel..." 754 test_vxlan 755 errors=$(( $errors + $? )) 756 757 echo "Testing IP6VXLAN tunnel..." 758 test_ip6vxlan 759 errors=$(( $errors + $? )) 760 761 echo "Testing GENEVE tunnel..." 762 test_geneve 763 errors=$(( $errors + $? )) 764 765 echo "Testing IP6GENEVE tunnel..." 766 test_ip6geneve 767 errors=$(( $errors + $? )) 768 769 echo "Testing IPIP tunnel..." 770 test_ipip 771 errors=$(( $errors + $? )) 772 773 echo "Testing IPIP6 tunnel..." 774 test_ipip6 775 errors=$(( $errors + $? )) 776 777 echo "Testing IP6IP6 tunnel..." 778 test_ip6ip6 779 errors=$(( $errors + $? )) 780 781 echo "Testing IPSec tunnel..." 782 test_xfrm_tunnel 783 errors=$(( $errors + $? )) 784 785 return $errors 786} 787 788trap cleanup 0 3 6 789trap cleanup_exit 2 9 790 791cleanup 792bpf_tunnel_test 793 794if [ $? -ne 0 ]; then 795 echo -e "$(basename $0): ${RED}FAIL${NC}" 796 exit 1 797fi 798echo -e "$(basename $0): ${GREEN}PASS${NC}" 799exit 0 800