1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved. 5# 6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups 7# for various permutations: 8# 1. icmp, tcp, udp and netfilter 9# 2. client, server, no-server 10# 3. global address on interface 11# 4. global address on 'lo' 12# 5. remote and local traffic 13# 6. VRF and non-VRF permutations 14# 15# Setup: 16# ns-A | ns-B 17# No VRF case: 18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ] 19# remote address 20# VRF case: 21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ] 22# 23# ns-A: 24# eth1: 172.16.1.1/24, 2001:db8:1::1/64 25# lo: 127.0.0.1/8, ::1/128 26# 172.16.2.1/32, 2001:db8:2::1/128 27# red: 127.0.0.1/8, ::1/128 28# 172.16.3.1/32, 2001:db8:3::1/128 29# 30# ns-B: 31# eth1: 172.16.1.2/24, 2001:db8:1::2/64 32# lo2: 127.0.0.1/8, ::1/128 33# 172.16.2.2/32, 2001:db8:2::2/128 34# 35# ns-A to ns-C connection - only for VRF and same config 36# as ns-A to ns-B 37# 38# server / client nomenclature relative to ns-A 39 40VERBOSE=0 41 42NSA_DEV=eth1 43NSA_DEV2=eth2 44NSB_DEV=eth1 45NSC_DEV=eth2 46VRF=red 47VRF_TABLE=1101 48 49# IPv4 config 50NSA_IP=172.16.1.1 51NSB_IP=172.16.1.2 52VRF_IP=172.16.3.1 53NS_NET=172.16.1.0/24 54 55# IPv6 config 56NSA_IP6=2001:db8:1::1 57NSB_IP6=2001:db8:1::2 58VRF_IP6=2001:db8:3::1 59NS_NET6=2001:db8:1::/120 60 61NSA_LO_IP=172.16.2.1 62NSB_LO_IP=172.16.2.2 63NSA_LO_IP6=2001:db8:2::1 64NSB_LO_IP6=2001:db8:2::2 65 66MD5_PW=abc123 67MD5_WRONG_PW=abc1234 68 69MCAST=ff02::1 70# set after namespace create 71NSA_LINKIP6= 72NSB_LINKIP6= 73 74NSA=ns-A 75NSB=ns-B 76NSC=ns-C 77 78NSA_CMD="ip netns exec ${NSA}" 79NSB_CMD="ip netns exec ${NSB}" 80NSC_CMD="ip netns exec ${NSC}" 81 82which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) 83 84################################################################################ 85# utilities 86 87log_test() 88{ 89 local rc=$1 90 local expected=$2 91 local msg="$3" 92 93 [ "${VERBOSE}" = "1" ] && echo 94 95 if [ ${rc} -eq ${expected} ]; then 96 nsuccess=$((nsuccess+1)) 97 printf "TEST: %-70s [ OK ]\n" "${msg}" 98 else 99 nfail=$((nfail+1)) 100 printf "TEST: %-70s [FAIL]\n" "${msg}" 101 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 102 echo 103 echo "hit enter to continue, 'q' to quit" 104 read a 105 [ "$a" = "q" ] && exit 1 106 fi 107 fi 108 109 if [ "${PAUSE}" = "yes" ]; then 110 echo 111 echo "hit enter to continue, 'q' to quit" 112 read a 113 [ "$a" = "q" ] && exit 1 114 fi 115 116 kill_procs 117} 118 119log_test_addr() 120{ 121 local addr=$1 122 local rc=$2 123 local expected=$3 124 local msg="$4" 125 local astr 126 127 astr=$(addr2str ${addr}) 128 log_test $rc $expected "$msg - ${astr}" 129} 130 131log_section() 132{ 133 echo 134 echo "###########################################################################" 135 echo "$*" 136 echo "###########################################################################" 137 echo 138} 139 140log_subsection() 141{ 142 echo 143 echo "#################################################################" 144 echo "$*" 145 echo 146} 147 148log_start() 149{ 150 # make sure we have no test instances running 151 kill_procs 152 153 if [ "${VERBOSE}" = "1" ]; then 154 echo 155 echo "#######################################################" 156 fi 157} 158 159log_debug() 160{ 161 if [ "${VERBOSE}" = "1" ]; then 162 echo 163 echo "$*" 164 echo 165 fi 166} 167 168show_hint() 169{ 170 if [ "${VERBOSE}" = "1" ]; then 171 echo "HINT: $*" 172 echo 173 fi 174} 175 176kill_procs() 177{ 178 killall nettest ping ping6 >/dev/null 2>&1 179 sleep 1 180} 181 182do_run_cmd() 183{ 184 local cmd="$*" 185 local out 186 187 if [ "$VERBOSE" = "1" ]; then 188 echo "COMMAND: ${cmd}" 189 fi 190 191 out=$($cmd 2>&1) 192 rc=$? 193 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 194 echo "$out" 195 fi 196 197 return $rc 198} 199 200run_cmd() 201{ 202 do_run_cmd ${NSA_CMD} $* 203} 204 205run_cmd_nsb() 206{ 207 do_run_cmd ${NSB_CMD} $* 208} 209 210run_cmd_nsc() 211{ 212 do_run_cmd ${NSC_CMD} $* 213} 214 215setup_cmd() 216{ 217 local cmd="$*" 218 local rc 219 220 run_cmd ${cmd} 221 rc=$? 222 if [ $rc -ne 0 ]; then 223 # show user the command if not done so already 224 if [ "$VERBOSE" = "0" ]; then 225 echo "setup command: $cmd" 226 fi 227 echo "failed. stopping tests" 228 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 229 echo 230 echo "hit enter to continue" 231 read a 232 fi 233 exit $rc 234 fi 235} 236 237setup_cmd_nsb() 238{ 239 local cmd="$*" 240 local rc 241 242 run_cmd_nsb ${cmd} 243 rc=$? 244 if [ $rc -ne 0 ]; then 245 # show user the command if not done so already 246 if [ "$VERBOSE" = "0" ]; then 247 echo "setup command: $cmd" 248 fi 249 echo "failed. stopping tests" 250 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 251 echo 252 echo "hit enter to continue" 253 read a 254 fi 255 exit $rc 256 fi 257} 258 259# set sysctl values in NS-A 260set_sysctl() 261{ 262 echo "SYSCTL: $*" 263 echo 264 run_cmd sysctl -q -w $* 265} 266 267################################################################################ 268# Setup for tests 269 270addr2str() 271{ 272 case "$1" in 273 127.0.0.1) echo "loopback";; 274 ::1) echo "IPv6 loopback";; 275 276 ${NSA_IP}) echo "ns-A IP";; 277 ${NSA_IP6}) echo "ns-A IPv6";; 278 ${NSA_LO_IP}) echo "ns-A loopback IP";; 279 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";; 280 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";; 281 282 ${NSB_IP}) echo "ns-B IP";; 283 ${NSB_IP6}) echo "ns-B IPv6";; 284 ${NSB_LO_IP}) echo "ns-B loopback IP";; 285 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";; 286 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";; 287 288 ${VRF_IP}) echo "VRF IP";; 289 ${VRF_IP6}) echo "VRF IPv6";; 290 291 ${MCAST}%*) echo "multicast IP";; 292 293 *) echo "unknown";; 294 esac 295} 296 297get_linklocal() 298{ 299 local ns=$1 300 local dev=$2 301 local addr 302 303 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \ 304 awk '{ 305 for (i = 3; i <= NF; ++i) { 306 if ($i ~ /^fe80/) 307 print $i 308 } 309 }' 310 ) 311 addr=${addr/\/*} 312 313 [ -z "$addr" ] && return 1 314 315 echo $addr 316 317 return 0 318} 319 320################################################################################ 321# create namespaces and vrf 322 323create_vrf() 324{ 325 local ns=$1 326 local vrf=$2 327 local table=$3 328 local addr=$4 329 local addr6=$5 330 331 ip -netns ${ns} link add ${vrf} type vrf table ${table} 332 ip -netns ${ns} link set ${vrf} up 333 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192 334 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192 335 336 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf} 337 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad 338 if [ "${addr}" != "-" ]; then 339 ip -netns ${ns} addr add dev ${vrf} ${addr} 340 fi 341 if [ "${addr6}" != "-" ]; then 342 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6} 343 fi 344 345 ip -netns ${ns} ru del pref 0 346 ip -netns ${ns} ru add pref 32765 from all lookup local 347 ip -netns ${ns} -6 ru del pref 0 348 ip -netns ${ns} -6 ru add pref 32765 from all lookup local 349} 350 351create_ns() 352{ 353 local ns=$1 354 local addr=$2 355 local addr6=$3 356 357 ip netns add ${ns} 358 359 ip -netns ${ns} link set lo up 360 if [ "${addr}" != "-" ]; then 361 ip -netns ${ns} addr add dev lo ${addr} 362 fi 363 if [ "${addr6}" != "-" ]; then 364 ip -netns ${ns} -6 addr add dev lo ${addr6} 365 fi 366 367 ip -netns ${ns} ro add unreachable default metric 8192 368 ip -netns ${ns} -6 ro add unreachable default metric 8192 369 370 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1 371 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 372 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1 373 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1 374} 375 376# create veth pair to connect namespaces and apply addresses. 377connect_ns() 378{ 379 local ns1=$1 380 local ns1_dev=$2 381 local ns1_addr=$3 382 local ns1_addr6=$4 383 local ns2=$5 384 local ns2_dev=$6 385 local ns2_addr=$7 386 local ns2_addr6=$8 387 388 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp 389 ip -netns ${ns1} li set ${ns1_dev} up 390 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev} 391 ip -netns ${ns2} li set ${ns2_dev} up 392 393 if [ "${ns1_addr}" != "-" ]; then 394 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr} 395 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr} 396 fi 397 398 if [ "${ns1_addr6}" != "-" ]; then 399 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6} 400 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6} 401 fi 402} 403 404cleanup() 405{ 406 # explicit cleanups to check those code paths 407 ip netns | grep -q ${NSA} 408 if [ $? -eq 0 ]; then 409 ip -netns ${NSA} link delete ${VRF} 410 ip -netns ${NSA} ro flush table ${VRF_TABLE} 411 412 ip -netns ${NSA} addr flush dev ${NSA_DEV} 413 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV} 414 ip -netns ${NSA} link set dev ${NSA_DEV} down 415 ip -netns ${NSA} link del dev ${NSA_DEV} 416 417 ip netns del ${NSA} 418 fi 419 420 ip netns del ${NSB} 421 ip netns del ${NSC} >/dev/null 2>&1 422} 423 424setup() 425{ 426 local with_vrf=${1} 427 428 # make sure we are starting with a clean slate 429 kill_procs 430 cleanup 2>/dev/null 431 432 log_debug "Configuring network namespaces" 433 set -e 434 435 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128 436 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128 437 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \ 438 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64 439 440 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV}) 441 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV}) 442 443 # tell ns-A how to get to remote addresses of ns-B 444 if [ "${with_vrf}" = "yes" ]; then 445 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6} 446 447 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF} 448 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 449 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 450 451 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 452 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 453 454 # some VRF tests use ns-C which has the same config as 455 # ns-B but for a device NOT in the VRF 456 create_ns ${NSC} "-" "-" 457 connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \ 458 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64 459 else 460 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 461 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 462 fi 463 464 465 # tell ns-B how to get to remote addresses of ns-A 466 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 467 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 468 469 set +e 470 471 sleep 1 472} 473 474################################################################################ 475# IPv4 476 477ipv4_ping_novrf() 478{ 479 local a 480 481 # 482 # out 483 # 484 for a in ${NSB_IP} ${NSB_LO_IP} 485 do 486 log_start 487 run_cmd ping -c1 -w1 ${a} 488 log_test_addr ${a} $? 0 "ping out" 489 490 log_start 491 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 492 log_test_addr ${a} $? 0 "ping out, device bind" 493 494 log_start 495 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a} 496 log_test_addr ${a} $? 0 "ping out, address bind" 497 done 498 499 # 500 # in 501 # 502 for a in ${NSA_IP} ${NSA_LO_IP} 503 do 504 log_start 505 run_cmd_nsb ping -c1 -w1 ${a} 506 log_test_addr ${a} $? 0 "ping in" 507 done 508 509 # 510 # local traffic 511 # 512 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 513 do 514 log_start 515 run_cmd ping -c1 -w1 ${a} 516 log_test_addr ${a} $? 0 "ping local" 517 done 518 519 # 520 # local traffic, socket bound to device 521 # 522 # address on device 523 a=${NSA_IP} 524 log_start 525 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 526 log_test_addr ${a} $? 0 "ping local, device bind" 527 528 # loopback addresses not reachable from device bind 529 # fails in a really weird way though because ipv4 special cases 530 # route lookups with oif set. 531 for a in ${NSA_LO_IP} 127.0.0.1 532 do 533 log_start 534 show_hint "Fails since address on loopback device is out of device scope" 535 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 536 log_test_addr ${a} $? 1 "ping local, device bind" 537 done 538 539 # 540 # ip rule blocks reachability to remote address 541 # 542 log_start 543 setup_cmd ip rule add pref 32765 from all lookup local 544 setup_cmd ip rule del pref 0 from all lookup local 545 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 546 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 547 548 a=${NSB_LO_IP} 549 run_cmd ping -c1 -w1 ${a} 550 log_test_addr ${a} $? 2 "ping out, blocked by rule" 551 552 # NOTE: ipv4 actually allows the lookup to fail and yet still create 553 # a viable rtable if the oif (e.g., bind to device) is set, so this 554 # case succeeds despite the rule 555 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 556 557 a=${NSA_LO_IP} 558 log_start 559 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule" 560 run_cmd_nsb ping -c1 -w1 ${a} 561 log_test_addr ${a} $? 1 "ping in, blocked by rule" 562 563 [ "$VERBOSE" = "1" ] && echo 564 setup_cmd ip rule del pref 32765 from all lookup local 565 setup_cmd ip rule add pref 0 from all lookup local 566 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 567 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 568 569 # 570 # route blocks reachability to remote address 571 # 572 log_start 573 setup_cmd ip route replace unreachable ${NSB_LO_IP} 574 setup_cmd ip route replace unreachable ${NSB_IP} 575 576 a=${NSB_LO_IP} 577 run_cmd ping -c1 -w1 ${a} 578 log_test_addr ${a} $? 2 "ping out, blocked by route" 579 580 # NOTE: ipv4 actually allows the lookup to fail and yet still create 581 # a viable rtable if the oif (e.g., bind to device) is set, so this 582 # case succeeds despite not having a route for the address 583 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 584 585 a=${NSA_LO_IP} 586 log_start 587 show_hint "Response is dropped (or arp request is ignored) due to ip route" 588 run_cmd_nsb ping -c1 -w1 ${a} 589 log_test_addr ${a} $? 1 "ping in, blocked by route" 590 591 # 592 # remove 'remote' routes; fallback to default 593 # 594 log_start 595 setup_cmd ip ro del ${NSB_LO_IP} 596 597 a=${NSB_LO_IP} 598 run_cmd ping -c1 -w1 ${a} 599 log_test_addr ${a} $? 2 "ping out, unreachable default route" 600 601 # NOTE: ipv4 actually allows the lookup to fail and yet still create 602 # a viable rtable if the oif (e.g., bind to device) is set, so this 603 # case succeeds despite not having a route for the address 604 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 605} 606 607ipv4_ping_vrf() 608{ 609 local a 610 611 # should default on; does not exist on older kernels 612 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 613 614 # 615 # out 616 # 617 for a in ${NSB_IP} ${NSB_LO_IP} 618 do 619 log_start 620 run_cmd ping -c1 -w1 -I ${VRF} ${a} 621 log_test_addr ${a} $? 0 "ping out, VRF bind" 622 623 log_start 624 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 625 log_test_addr ${a} $? 0 "ping out, device bind" 626 627 log_start 628 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a} 629 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind" 630 631 log_start 632 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a} 633 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind" 634 done 635 636 # 637 # in 638 # 639 for a in ${NSA_IP} ${VRF_IP} 640 do 641 log_start 642 run_cmd_nsb ping -c1 -w1 ${a} 643 log_test_addr ${a} $? 0 "ping in" 644 done 645 646 # 647 # local traffic, local address 648 # 649 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 650 do 651 log_start 652 show_hint "Source address should be ${a}" 653 run_cmd ping -c1 -w1 -I ${VRF} ${a} 654 log_test_addr ${a} $? 0 "ping local, VRF bind" 655 done 656 657 # 658 # local traffic, socket bound to device 659 # 660 # address on device 661 a=${NSA_IP} 662 log_start 663 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 664 log_test_addr ${a} $? 0 "ping local, device bind" 665 666 # vrf device is out of scope 667 for a in ${VRF_IP} 127.0.0.1 668 do 669 log_start 670 show_hint "Fails since address on vrf device is out of device scope" 671 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 672 log_test_addr ${a} $? 1 "ping local, device bind" 673 done 674 675 # 676 # ip rule blocks address 677 # 678 log_start 679 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 680 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 681 682 a=${NSB_LO_IP} 683 run_cmd ping -c1 -w1 -I ${VRF} ${a} 684 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule" 685 686 log_start 687 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 688 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 689 690 a=${NSA_LO_IP} 691 log_start 692 show_hint "Response lost due to ip rule" 693 run_cmd_nsb ping -c1 -w1 ${a} 694 log_test_addr ${a} $? 1 "ping in, blocked by rule" 695 696 [ "$VERBOSE" = "1" ] && echo 697 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 698 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 699 700 # 701 # remove 'remote' routes; fallback to default 702 # 703 log_start 704 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP} 705 706 a=${NSB_LO_IP} 707 run_cmd ping -c1 -w1 -I ${VRF} ${a} 708 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route" 709 710 log_start 711 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 712 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 713 714 a=${NSA_LO_IP} 715 log_start 716 show_hint "Response lost by unreachable route" 717 run_cmd_nsb ping -c1 -w1 ${a} 718 log_test_addr ${a} $? 1 "ping in, unreachable route" 719} 720 721ipv4_ping() 722{ 723 log_section "IPv4 ping" 724 725 log_subsection "No VRF" 726 setup 727 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 728 ipv4_ping_novrf 729 setup 730 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 731 ipv4_ping_novrf 732 733 log_subsection "With VRF" 734 setup "yes" 735 ipv4_ping_vrf 736} 737 738################################################################################ 739# IPv4 TCP 740 741# 742# MD5 tests without VRF 743# 744ipv4_tcp_md5_novrf() 745{ 746 # 747 # single address 748 # 749 750 # basic use case 751 log_start 752 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} & 753 sleep 1 754 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 755 log_test $? 0 "MD5: Single address config" 756 757 # client sends MD5, server not configured 758 log_start 759 show_hint "Should timeout due to MD5 mismatch" 760 run_cmd nettest -s & 761 sleep 1 762 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 763 log_test $? 2 "MD5: Server no config, client uses password" 764 765 # wrong password 766 log_start 767 show_hint "Should timeout since client uses wrong password" 768 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} & 769 sleep 1 770 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 771 log_test $? 2 "MD5: Client uses wrong password" 772 773 # client from different address 774 log_start 775 show_hint "Should timeout due to MD5 mismatch" 776 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_LO_IP} & 777 sleep 1 778 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 779 log_test $? 2 "MD5: Client address does not match address configured with password" 780 781 # 782 # MD5 extension - prefix length 783 # 784 785 # client in prefix 786 log_start 787 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & 788 sleep 1 789 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 790 log_test $? 0 "MD5: Prefix config" 791 792 # client in prefix, wrong password 793 log_start 794 show_hint "Should timeout since client uses wrong password" 795 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & 796 sleep 1 797 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 798 log_test $? 2 "MD5: Prefix config, client uses wrong password" 799 800 # client outside of prefix 801 log_start 802 show_hint "Should timeout due to MD5 mismatch" 803 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & 804 sleep 1 805 run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW} 806 log_test $? 2 "MD5: Prefix config, client address not in configured prefix" 807} 808 809# 810# MD5 tests with VRF 811# 812ipv4_tcp_md5() 813{ 814 # 815 # single address 816 # 817 818 # basic use case 819 log_start 820 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 821 sleep 1 822 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 823 log_test $? 0 "MD5: VRF: Single address config" 824 825 # client sends MD5, server not configured 826 log_start 827 show_hint "Should timeout since server does not have MD5 auth" 828 run_cmd nettest -s -d ${VRF} & 829 sleep 1 830 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 831 log_test $? 2 "MD5: VRF: Server no config, client uses password" 832 833 # wrong password 834 log_start 835 show_hint "Should timeout since client uses wrong password" 836 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 837 sleep 1 838 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 839 log_test $? 2 "MD5: VRF: Client uses wrong password" 840 841 # client from different address 842 log_start 843 show_hint "Should timeout since server config differs from client" 844 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP} & 845 sleep 1 846 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 847 log_test $? 2 "MD5: VRF: Client address does not match address configured with password" 848 849 # 850 # MD5 extension - prefix length 851 # 852 853 # client in prefix 854 log_start 855 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 856 sleep 1 857 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 858 log_test $? 0 "MD5: VRF: Prefix config" 859 860 # client in prefix, wrong password 861 log_start 862 show_hint "Should timeout since client uses wrong password" 863 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 864 sleep 1 865 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 866 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password" 867 868 # client outside of prefix 869 log_start 870 show_hint "Should timeout since client address is outside of prefix" 871 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 872 sleep 1 873 run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW} 874 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix" 875 876 # 877 # duplicate config between default VRF and a VRF 878 # 879 880 log_start 881 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 882 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & 883 sleep 1 884 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 885 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" 886 887 log_start 888 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 889 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & 890 sleep 1 891 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 892 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" 893 894 log_start 895 show_hint "Should timeout since client in default VRF uses VRF password" 896 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 897 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & 898 sleep 1 899 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW} 900 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" 901 902 log_start 903 show_hint "Should timeout since client in VRF uses default VRF password" 904 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 905 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & 906 sleep 1 907 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 908 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" 909 910 log_start 911 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 912 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 913 sleep 1 914 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 915 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF" 916 917 log_start 918 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 919 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 920 sleep 1 921 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 922 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF" 923 924 log_start 925 show_hint "Should timeout since client in default VRF uses VRF password" 926 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 927 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 928 sleep 1 929 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW} 930 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw" 931 932 log_start 933 show_hint "Should timeout since client in VRF uses default VRF password" 934 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 935 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 936 sleep 1 937 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 938 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw" 939 940 # 941 # negative tests 942 # 943 log_start 944 run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP} 945 log_test $? 1 "MD5: VRF: Device must be a VRF - single address" 946 947 log_start 948 run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET} 949 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix" 950 951} 952 953ipv4_tcp_novrf() 954{ 955 local a 956 957 # 958 # server tests 959 # 960 for a in ${NSA_IP} ${NSA_LO_IP} 961 do 962 log_start 963 run_cmd nettest -s & 964 sleep 1 965 run_cmd_nsb nettest -r ${a} 966 log_test_addr ${a} $? 0 "Global server" 967 done 968 969 a=${NSA_IP} 970 log_start 971 run_cmd nettest -s -d ${NSA_DEV} & 972 sleep 1 973 run_cmd_nsb nettest -r ${a} 974 log_test_addr ${a} $? 0 "Device server" 975 976 # verify TCP reset sent and received 977 for a in ${NSA_IP} ${NSA_LO_IP} 978 do 979 log_start 980 show_hint "Should fail 'Connection refused' since there is no server" 981 run_cmd_nsb nettest -r ${a} 982 log_test_addr ${a} $? 1 "No server" 983 done 984 985 # 986 # client 987 # 988 for a in ${NSB_IP} ${NSB_LO_IP} 989 do 990 log_start 991 run_cmd_nsb nettest -s & 992 sleep 1 993 run_cmd nettest -r ${a} -0 ${NSA_IP} 994 log_test_addr ${a} $? 0 "Client" 995 996 log_start 997 run_cmd_nsb nettest -s & 998 sleep 1 999 run_cmd nettest -r ${a} -d ${NSA_DEV} 1000 log_test_addr ${a} $? 0 "Client, device bind" 1001 1002 log_start 1003 show_hint "Should fail 'Connection refused'" 1004 run_cmd nettest -r ${a} 1005 log_test_addr ${a} $? 1 "No server, unbound client" 1006 1007 log_start 1008 show_hint "Should fail 'Connection refused'" 1009 run_cmd nettest -r ${a} -d ${NSA_DEV} 1010 log_test_addr ${a} $? 1 "No server, device client" 1011 done 1012 1013 # 1014 # local address tests 1015 # 1016 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 1017 do 1018 log_start 1019 run_cmd nettest -s & 1020 sleep 1 1021 run_cmd nettest -r ${a} -0 ${a} -1 ${a} 1022 log_test_addr ${a} $? 0 "Global server, local connection" 1023 done 1024 1025 a=${NSA_IP} 1026 log_start 1027 run_cmd nettest -s -d ${NSA_DEV} & 1028 sleep 1 1029 run_cmd nettest -r ${a} -0 ${a} 1030 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 1031 1032 for a in ${NSA_LO_IP} 127.0.0.1 1033 do 1034 log_start 1035 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 1036 run_cmd nettest -s -d ${NSA_DEV} & 1037 sleep 1 1038 run_cmd nettest -r ${a} 1039 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 1040 done 1041 1042 a=${NSA_IP} 1043 log_start 1044 run_cmd nettest -s & 1045 sleep 1 1046 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV} 1047 log_test_addr ${a} $? 0 "Global server, device client, local connection" 1048 1049 for a in ${NSA_LO_IP} 127.0.0.1 1050 do 1051 log_start 1052 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 1053 run_cmd nettest -s & 1054 sleep 1 1055 run_cmd nettest -r ${a} -d ${NSA_DEV} 1056 log_test_addr ${a} $? 1 "Global server, device client, local connection" 1057 done 1058 1059 a=${NSA_IP} 1060 log_start 1061 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1062 sleep 1 1063 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a} 1064 log_test_addr ${a} $? 0 "Device server, device client, local connection" 1065 1066 log_start 1067 show_hint "Should fail 'Connection refused'" 1068 run_cmd nettest -d ${NSA_DEV} -r ${a} 1069 log_test_addr ${a} $? 1 "No server, device client, local conn" 1070 1071 ipv4_tcp_md5_novrf 1072} 1073 1074ipv4_tcp_vrf() 1075{ 1076 local a 1077 1078 # disable global server 1079 log_subsection "Global server disabled" 1080 1081 set_sysctl net.ipv4.tcp_l3mdev_accept=0 1082 1083 # 1084 # server tests 1085 # 1086 for a in ${NSA_IP} ${VRF_IP} 1087 do 1088 log_start 1089 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 1090 run_cmd nettest -s & 1091 sleep 1 1092 run_cmd_nsb nettest -r ${a} 1093 log_test_addr ${a} $? 1 "Global server" 1094 1095 log_start 1096 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1097 sleep 1 1098 run_cmd_nsb nettest -r ${a} 1099 log_test_addr ${a} $? 0 "VRF server" 1100 1101 log_start 1102 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1103 sleep 1 1104 run_cmd_nsb nettest -r ${a} 1105 log_test_addr ${a} $? 0 "Device server" 1106 1107 # verify TCP reset received 1108 log_start 1109 show_hint "Should fail 'Connection refused' since there is no server" 1110 run_cmd_nsb nettest -r ${a} 1111 log_test_addr ${a} $? 1 "No server" 1112 done 1113 1114 # local address tests 1115 # (${VRF_IP} and 127.0.0.1 both timeout) 1116 a=${NSA_IP} 1117 log_start 1118 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 1119 run_cmd nettest -s & 1120 sleep 1 1121 run_cmd nettest -r ${a} -d ${NSA_DEV} 1122 log_test_addr ${a} $? 1 "Global server, local connection" 1123 1124 # run MD5 tests 1125 ipv4_tcp_md5 1126 1127 # 1128 # enable VRF global server 1129 # 1130 log_subsection "VRF Global server enabled" 1131 set_sysctl net.ipv4.tcp_l3mdev_accept=1 1132 1133 for a in ${NSA_IP} ${VRF_IP} 1134 do 1135 log_start 1136 show_hint "client socket should be bound to VRF" 1137 run_cmd nettest -s -2 ${VRF} & 1138 sleep 1 1139 run_cmd_nsb nettest -r ${a} 1140 log_test_addr ${a} $? 0 "Global server" 1141 1142 log_start 1143 show_hint "client socket should be bound to VRF" 1144 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1145 sleep 1 1146 run_cmd_nsb nettest -r ${a} 1147 log_test_addr ${a} $? 0 "VRF server" 1148 1149 # verify TCP reset received 1150 log_start 1151 show_hint "Should fail 'Connection refused'" 1152 run_cmd_nsb nettest -r ${a} 1153 log_test_addr ${a} $? 1 "No server" 1154 done 1155 1156 a=${NSA_IP} 1157 log_start 1158 show_hint "client socket should be bound to device" 1159 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1160 sleep 1 1161 run_cmd_nsb nettest -r ${a} 1162 log_test_addr ${a} $? 0 "Device server" 1163 1164 # local address tests 1165 for a in ${NSA_IP} ${VRF_IP} 1166 do 1167 log_start 1168 show_hint "Should fail 'Connection refused' since client is not bound to VRF" 1169 run_cmd nettest -s -d ${VRF} & 1170 sleep 1 1171 run_cmd nettest -r ${a} 1172 log_test_addr ${a} $? 1 "Global server, local connection" 1173 done 1174 1175 # 1176 # client 1177 # 1178 for a in ${NSB_IP} ${NSB_LO_IP} 1179 do 1180 log_start 1181 run_cmd_nsb nettest -s & 1182 sleep 1 1183 run_cmd nettest -r ${a} -d ${VRF} 1184 log_test_addr ${a} $? 0 "Client, VRF bind" 1185 1186 log_start 1187 run_cmd_nsb nettest -s & 1188 sleep 1 1189 run_cmd nettest -r ${a} -d ${NSA_DEV} 1190 log_test_addr ${a} $? 0 "Client, device bind" 1191 1192 log_start 1193 show_hint "Should fail 'Connection refused'" 1194 run_cmd nettest -r ${a} -d ${VRF} 1195 log_test_addr ${a} $? 1 "No server, VRF client" 1196 1197 log_start 1198 show_hint "Should fail 'Connection refused'" 1199 run_cmd nettest -r ${a} -d ${NSA_DEV} 1200 log_test_addr ${a} $? 1 "No server, device client" 1201 done 1202 1203 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 1204 do 1205 log_start 1206 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1207 sleep 1 1208 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 1209 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 1210 done 1211 1212 a=${NSA_IP} 1213 log_start 1214 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1215 sleep 1 1216 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 1217 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 1218 1219 log_start 1220 show_hint "Should fail 'No route to host' since client is out of VRF scope" 1221 run_cmd nettest -s -d ${VRF} & 1222 sleep 1 1223 run_cmd nettest -r ${a} 1224 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 1225 1226 log_start 1227 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1228 sleep 1 1229 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 1230 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 1231 1232 log_start 1233 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1234 sleep 1 1235 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 1236 log_test_addr ${a} $? 0 "Device server, device client, local connection" 1237} 1238 1239ipv4_tcp() 1240{ 1241 log_section "IPv4/TCP" 1242 log_subsection "No VRF" 1243 setup 1244 1245 # tcp_l3mdev_accept should have no affect without VRF; 1246 # run tests with it enabled and disabled to verify 1247 log_subsection "tcp_l3mdev_accept disabled" 1248 set_sysctl net.ipv4.tcp_l3mdev_accept=0 1249 ipv4_tcp_novrf 1250 log_subsection "tcp_l3mdev_accept enabled" 1251 set_sysctl net.ipv4.tcp_l3mdev_accept=1 1252 ipv4_tcp_novrf 1253 1254 log_subsection "With VRF" 1255 setup "yes" 1256 ipv4_tcp_vrf 1257} 1258 1259################################################################################ 1260# IPv4 UDP 1261 1262ipv4_udp_novrf() 1263{ 1264 local a 1265 1266 # 1267 # server tests 1268 # 1269 for a in ${NSA_IP} ${NSA_LO_IP} 1270 do 1271 log_start 1272 run_cmd nettest -D -s -2 ${NSA_DEV} & 1273 sleep 1 1274 run_cmd_nsb nettest -D -r ${a} 1275 log_test_addr ${a} $? 0 "Global server" 1276 1277 log_start 1278 show_hint "Should fail 'Connection refused' since there is no server" 1279 run_cmd_nsb nettest -D -r ${a} 1280 log_test_addr ${a} $? 1 "No server" 1281 done 1282 1283 a=${NSA_IP} 1284 log_start 1285 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1286 sleep 1 1287 run_cmd_nsb nettest -D -r ${a} 1288 log_test_addr ${a} $? 0 "Device server" 1289 1290 # 1291 # client 1292 # 1293 for a in ${NSB_IP} ${NSB_LO_IP} 1294 do 1295 log_start 1296 run_cmd_nsb nettest -D -s & 1297 sleep 1 1298 run_cmd nettest -D -r ${a} -0 ${NSA_IP} 1299 log_test_addr ${a} $? 0 "Client" 1300 1301 log_start 1302 run_cmd_nsb nettest -D -s & 1303 sleep 1 1304 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP} 1305 log_test_addr ${a} $? 0 "Client, device bind" 1306 1307 log_start 1308 run_cmd_nsb nettest -D -s & 1309 sleep 1 1310 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP} 1311 log_test_addr ${a} $? 0 "Client, device send via cmsg" 1312 1313 log_start 1314 run_cmd_nsb nettest -D -s & 1315 sleep 1 1316 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} 1317 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF" 1318 1319 log_start 1320 show_hint "Should fail 'Connection refused'" 1321 run_cmd nettest -D -r ${a} 1322 log_test_addr ${a} $? 1 "No server, unbound client" 1323 1324 log_start 1325 show_hint "Should fail 'Connection refused'" 1326 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1327 log_test_addr ${a} $? 1 "No server, device client" 1328 done 1329 1330 # 1331 # local address tests 1332 # 1333 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 1334 do 1335 log_start 1336 run_cmd nettest -D -s & 1337 sleep 1 1338 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a} 1339 log_test_addr ${a} $? 0 "Global server, local connection" 1340 done 1341 1342 a=${NSA_IP} 1343 log_start 1344 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1345 sleep 1 1346 run_cmd nettest -D -r ${a} 1347 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 1348 1349 for a in ${NSA_LO_IP} 127.0.0.1 1350 do 1351 log_start 1352 show_hint "Should fail 'Connection refused' since address is out of device scope" 1353 run_cmd nettest -s -D -d ${NSA_DEV} & 1354 sleep 1 1355 run_cmd nettest -D -r ${a} 1356 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 1357 done 1358 1359 a=${NSA_IP} 1360 log_start 1361 run_cmd nettest -s -D & 1362 sleep 1 1363 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1364 log_test_addr ${a} $? 0 "Global server, device client, local connection" 1365 1366 log_start 1367 run_cmd nettest -s -D & 1368 sleep 1 1369 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a} 1370 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 1371 1372 log_start 1373 run_cmd nettest -s -D & 1374 sleep 1 1375 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} 1376 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection" 1377 1378 # IPv4 with device bind has really weird behavior - it overrides the 1379 # fib lookup, generates an rtable and tries to send the packet. This 1380 # causes failures for local traffic at different places 1381 for a in ${NSA_LO_IP} 127.0.0.1 1382 do 1383 log_start 1384 show_hint "Should fail since addresses on loopback are out of device scope" 1385 run_cmd nettest -D -s & 1386 sleep 1 1387 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1388 log_test_addr ${a} $? 2 "Global server, device client, local connection" 1389 1390 log_start 1391 show_hint "Should fail since addresses on loopback are out of device scope" 1392 run_cmd nettest -D -s & 1393 sleep 1 1394 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C 1395 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 1396 1397 log_start 1398 show_hint "Should fail since addresses on loopback are out of device scope" 1399 run_cmd nettest -D -s & 1400 sleep 1 1401 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S 1402 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 1403 done 1404 1405 a=${NSA_IP} 1406 log_start 1407 run_cmd nettest -D -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1408 sleep 1 1409 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a} 1410 log_test_addr ${a} $? 0 "Device server, device client, local conn" 1411 1412 log_start 1413 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1414 log_test_addr ${a} $? 2 "No server, device client, local conn" 1415} 1416 1417ipv4_udp_vrf() 1418{ 1419 local a 1420 1421 # disable global server 1422 log_subsection "Global server disabled" 1423 set_sysctl net.ipv4.udp_l3mdev_accept=0 1424 1425 # 1426 # server tests 1427 # 1428 for a in ${NSA_IP} ${VRF_IP} 1429 do 1430 log_start 1431 show_hint "Fails because ingress is in a VRF and global server is disabled" 1432 run_cmd nettest -D -s & 1433 sleep 1 1434 run_cmd_nsb nettest -D -r ${a} 1435 log_test_addr ${a} $? 1 "Global server" 1436 1437 log_start 1438 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} & 1439 sleep 1 1440 run_cmd_nsb nettest -D -r ${a} 1441 log_test_addr ${a} $? 0 "VRF server" 1442 1443 log_start 1444 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1445 sleep 1 1446 run_cmd_nsb nettest -D -r ${a} 1447 log_test_addr ${a} $? 0 "Enslaved device server" 1448 1449 log_start 1450 show_hint "Should fail 'Connection refused' since there is no server" 1451 run_cmd_nsb nettest -D -r ${a} 1452 log_test_addr ${a} $? 1 "No server" 1453 1454 log_start 1455 show_hint "Should fail 'Connection refused' since global server is out of scope" 1456 run_cmd nettest -D -s & 1457 sleep 1 1458 run_cmd nettest -D -d ${VRF} -r ${a} 1459 log_test_addr ${a} $? 1 "Global server, VRF client, local connection" 1460 done 1461 1462 a=${NSA_IP} 1463 log_start 1464 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1465 sleep 1 1466 run_cmd nettest -D -d ${VRF} -r ${a} 1467 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1468 1469 log_start 1470 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1471 sleep 1 1472 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1473 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection" 1474 1475 a=${NSA_IP} 1476 log_start 1477 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1478 sleep 1 1479 run_cmd nettest -D -d ${VRF} -r ${a} 1480 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1481 1482 log_start 1483 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1484 sleep 1 1485 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1486 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1487 1488 # enable global server 1489 log_subsection "Global server enabled" 1490 set_sysctl net.ipv4.udp_l3mdev_accept=1 1491 1492 # 1493 # server tests 1494 # 1495 for a in ${NSA_IP} ${VRF_IP} 1496 do 1497 log_start 1498 run_cmd nettest -D -s -2 ${NSA_DEV} & 1499 sleep 1 1500 run_cmd_nsb nettest -D -r ${a} 1501 log_test_addr ${a} $? 0 "Global server" 1502 1503 log_start 1504 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} & 1505 sleep 1 1506 run_cmd_nsb nettest -D -r ${a} 1507 log_test_addr ${a} $? 0 "VRF server" 1508 1509 log_start 1510 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1511 sleep 1 1512 run_cmd_nsb nettest -D -r ${a} 1513 log_test_addr ${a} $? 0 "Enslaved device server" 1514 1515 log_start 1516 show_hint "Should fail 'Connection refused'" 1517 run_cmd_nsb nettest -D -r ${a} 1518 log_test_addr ${a} $? 1 "No server" 1519 done 1520 1521 # 1522 # client tests 1523 # 1524 log_start 1525 run_cmd_nsb nettest -D -s & 1526 sleep 1 1527 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP} 1528 log_test $? 0 "VRF client" 1529 1530 log_start 1531 run_cmd_nsb nettest -D -s & 1532 sleep 1 1533 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP} 1534 log_test $? 0 "Enslaved device client" 1535 1536 # negative test - should fail 1537 log_start 1538 show_hint "Should fail 'Connection refused'" 1539 run_cmd nettest -D -d ${VRF} -r ${NSB_IP} 1540 log_test $? 1 "No server, VRF client" 1541 1542 log_start 1543 show_hint "Should fail 'Connection refused'" 1544 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP} 1545 log_test $? 1 "No server, enslaved device client" 1546 1547 # 1548 # local address tests 1549 # 1550 a=${NSA_IP} 1551 log_start 1552 run_cmd nettest -D -s -2 ${NSA_DEV} & 1553 sleep 1 1554 run_cmd nettest -D -d ${VRF} -r ${a} 1555 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1556 1557 log_start 1558 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1559 sleep 1 1560 run_cmd nettest -D -d ${VRF} -r ${a} 1561 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1562 1563 log_start 1564 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1565 sleep 1 1566 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1567 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 1568 1569 log_start 1570 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1571 sleep 1 1572 run_cmd nettest -D -d ${VRF} -r ${a} 1573 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1574 1575 log_start 1576 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1577 sleep 1 1578 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1579 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1580 1581 for a in ${VRF_IP} 127.0.0.1 1582 do 1583 log_start 1584 run_cmd nettest -D -s -2 ${VRF} & 1585 sleep 1 1586 run_cmd nettest -D -d ${VRF} -r ${a} 1587 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1588 done 1589 1590 for a in ${VRF_IP} 127.0.0.1 1591 do 1592 log_start 1593 run_cmd nettest -s -D -d ${VRF} -2 ${VRF} & 1594 sleep 1 1595 run_cmd nettest -D -d ${VRF} -r ${a} 1596 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1597 done 1598 1599 # negative test - should fail 1600 # verifies ECONNREFUSED 1601 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 1602 do 1603 log_start 1604 show_hint "Should fail 'Connection refused'" 1605 run_cmd nettest -D -d ${VRF} -r ${a} 1606 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 1607 done 1608} 1609 1610ipv4_udp() 1611{ 1612 log_section "IPv4/UDP" 1613 log_subsection "No VRF" 1614 1615 setup 1616 1617 # udp_l3mdev_accept should have no affect without VRF; 1618 # run tests with it enabled and disabled to verify 1619 log_subsection "udp_l3mdev_accept disabled" 1620 set_sysctl net.ipv4.udp_l3mdev_accept=0 1621 ipv4_udp_novrf 1622 log_subsection "udp_l3mdev_accept enabled" 1623 set_sysctl net.ipv4.udp_l3mdev_accept=1 1624 ipv4_udp_novrf 1625 1626 log_subsection "With VRF" 1627 setup "yes" 1628 ipv4_udp_vrf 1629} 1630 1631################################################################################ 1632# IPv4 address bind 1633# 1634# verifies ability or inability to bind to an address / device 1635 1636ipv4_addr_bind_novrf() 1637{ 1638 # 1639 # raw socket 1640 # 1641 for a in ${NSA_IP} ${NSA_LO_IP} 1642 do 1643 log_start 1644 run_cmd nettest -s -R -P icmp -l ${a} -b 1645 log_test_addr ${a} $? 0 "Raw socket bind to local address" 1646 1647 log_start 1648 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b 1649 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1650 done 1651 1652 # 1653 # tcp sockets 1654 # 1655 a=${NSA_IP} 1656 log_start 1657 run_cmd nettest -l ${a} -r ${NSB_IP} -t1 -b 1658 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1659 1660 log_start 1661 run_cmd nettest -l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b 1662 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1663 1664 # Sadly, the kernel allows binding a socket to a device and then 1665 # binding to an address not on the device. The only restriction 1666 # is that the address is valid in the L3 domain. So this test 1667 # passes when it really should not 1668 #a=${NSA_LO_IP} 1669 #log_start 1670 #show_hint "Should fail with 'Cannot assign requested address'" 1671 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1672 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address" 1673} 1674 1675ipv4_addr_bind_vrf() 1676{ 1677 # 1678 # raw socket 1679 # 1680 for a in ${NSA_IP} ${VRF_IP} 1681 do 1682 log_start 1683 run_cmd nettest -s -R -P icmp -l ${a} -b 1684 log_test_addr ${a} $? 0 "Raw socket bind to local address" 1685 1686 log_start 1687 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b 1688 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1689 log_start 1690 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b 1691 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind" 1692 done 1693 1694 a=${NSA_LO_IP} 1695 log_start 1696 show_hint "Address on loopback is out of VRF scope" 1697 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b 1698 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind" 1699 1700 # 1701 # tcp sockets 1702 # 1703 for a in ${NSA_IP} ${VRF_IP} 1704 do 1705 log_start 1706 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b 1707 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1708 1709 log_start 1710 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1711 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1712 done 1713 1714 a=${NSA_LO_IP} 1715 log_start 1716 show_hint "Address on loopback out of scope for VRF" 1717 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b 1718 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 1719 1720 log_start 1721 show_hint "Address on loopback out of scope for device in VRF" 1722 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1723 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 1724} 1725 1726ipv4_addr_bind() 1727{ 1728 log_section "IPv4 address binds" 1729 1730 log_subsection "No VRF" 1731 setup 1732 ipv4_addr_bind_novrf 1733 1734 log_subsection "With VRF" 1735 setup "yes" 1736 ipv4_addr_bind_vrf 1737} 1738 1739################################################################################ 1740# IPv4 runtime tests 1741 1742ipv4_rt() 1743{ 1744 local desc="$1" 1745 local varg="$2" 1746 local with_vrf="yes" 1747 local a 1748 1749 # 1750 # server tests 1751 # 1752 for a in ${NSA_IP} ${VRF_IP} 1753 do 1754 log_start 1755 run_cmd nettest ${varg} -s & 1756 sleep 1 1757 run_cmd_nsb nettest ${varg} -r ${a} & 1758 sleep 3 1759 run_cmd ip link del ${VRF} 1760 sleep 1 1761 log_test_addr ${a} 0 0 "${desc}, global server" 1762 1763 setup ${with_vrf} 1764 done 1765 1766 for a in ${NSA_IP} ${VRF_IP} 1767 do 1768 log_start 1769 run_cmd nettest ${varg} -s -d ${VRF} & 1770 sleep 1 1771 run_cmd_nsb nettest ${varg} -r ${a} & 1772 sleep 3 1773 run_cmd ip link del ${VRF} 1774 sleep 1 1775 log_test_addr ${a} 0 0 "${desc}, VRF server" 1776 1777 setup ${with_vrf} 1778 done 1779 1780 a=${NSA_IP} 1781 log_start 1782 run_cmd nettest ${varg} -s -d ${NSA_DEV} & 1783 sleep 1 1784 run_cmd_nsb nettest ${varg} -r ${a} & 1785 sleep 3 1786 run_cmd ip link del ${VRF} 1787 sleep 1 1788 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 1789 1790 setup ${with_vrf} 1791 1792 # 1793 # client test 1794 # 1795 log_start 1796 run_cmd_nsb nettest ${varg} -s & 1797 sleep 1 1798 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} & 1799 sleep 3 1800 run_cmd ip link del ${VRF} 1801 sleep 1 1802 log_test_addr ${a} 0 0 "${desc}, VRF client" 1803 1804 setup ${with_vrf} 1805 1806 log_start 1807 run_cmd_nsb nettest ${varg} -s & 1808 sleep 1 1809 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} & 1810 sleep 3 1811 run_cmd ip link del ${VRF} 1812 sleep 1 1813 log_test_addr ${a} 0 0 "${desc}, enslaved device client" 1814 1815 setup ${with_vrf} 1816 1817 # 1818 # local address tests 1819 # 1820 for a in ${NSA_IP} ${VRF_IP} 1821 do 1822 log_start 1823 run_cmd nettest ${varg} -s & 1824 sleep 1 1825 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1826 sleep 3 1827 run_cmd ip link del ${VRF} 1828 sleep 1 1829 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local" 1830 1831 setup ${with_vrf} 1832 done 1833 1834 for a in ${NSA_IP} ${VRF_IP} 1835 do 1836 log_start 1837 run_cmd nettest ${varg} -d ${VRF} -s & 1838 sleep 1 1839 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1840 sleep 3 1841 run_cmd ip link del ${VRF} 1842 sleep 1 1843 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local" 1844 1845 setup ${with_vrf} 1846 done 1847 1848 a=${NSA_IP} 1849 log_start 1850 run_cmd nettest ${varg} -s & 1851 sleep 1 1852 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1853 sleep 3 1854 run_cmd ip link del ${VRF} 1855 sleep 1 1856 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local" 1857 1858 setup ${with_vrf} 1859 1860 log_start 1861 run_cmd nettest ${varg} -d ${VRF} -s & 1862 sleep 1 1863 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1864 sleep 3 1865 run_cmd ip link del ${VRF} 1866 sleep 1 1867 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local" 1868 1869 setup ${with_vrf} 1870 1871 log_start 1872 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 1873 sleep 1 1874 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1875 sleep 3 1876 run_cmd ip link del ${VRF} 1877 sleep 1 1878 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local" 1879} 1880 1881ipv4_ping_rt() 1882{ 1883 local with_vrf="yes" 1884 local a 1885 1886 for a in ${NSA_IP} ${VRF_IP} 1887 do 1888 log_start 1889 run_cmd_nsb ping -f ${a} & 1890 sleep 3 1891 run_cmd ip link del ${VRF} 1892 sleep 1 1893 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 1894 1895 setup ${with_vrf} 1896 done 1897 1898 a=${NSB_IP} 1899 log_start 1900 run_cmd ping -f -I ${VRF} ${a} & 1901 sleep 3 1902 run_cmd ip link del ${VRF} 1903 sleep 1 1904 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 1905} 1906 1907ipv4_runtime() 1908{ 1909 log_section "Run time tests - ipv4" 1910 1911 setup "yes" 1912 ipv4_ping_rt 1913 1914 setup "yes" 1915 ipv4_rt "TCP active socket" "-n -1" 1916 1917 setup "yes" 1918 ipv4_rt "TCP passive socket" "-i" 1919} 1920 1921################################################################################ 1922# IPv6 1923 1924ipv6_ping_novrf() 1925{ 1926 local a 1927 1928 # should not have an impact, but make a known state 1929 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 1930 1931 # 1932 # out 1933 # 1934 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1935 do 1936 log_start 1937 run_cmd ${ping6} -c1 -w1 ${a} 1938 log_test_addr ${a} $? 0 "ping out" 1939 done 1940 1941 for a in ${NSB_IP6} ${NSB_LO_IP6} 1942 do 1943 log_start 1944 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1945 log_test_addr ${a} $? 0 "ping out, device bind" 1946 1947 log_start 1948 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a} 1949 log_test_addr ${a} $? 0 "ping out, loopback address bind" 1950 done 1951 1952 # 1953 # in 1954 # 1955 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 1956 do 1957 log_start 1958 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1959 log_test_addr ${a} $? 0 "ping in" 1960 done 1961 1962 # 1963 # local traffic, local address 1964 # 1965 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1966 do 1967 log_start 1968 run_cmd ${ping6} -c1 -w1 ${a} 1969 log_test_addr ${a} $? 0 "ping local, no bind" 1970 done 1971 1972 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1973 do 1974 log_start 1975 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1976 log_test_addr ${a} $? 0 "ping local, device bind" 1977 done 1978 1979 for a in ${NSA_LO_IP6} ::1 1980 do 1981 log_start 1982 show_hint "Fails since address on loopback is out of device scope" 1983 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1984 log_test_addr ${a} $? 2 "ping local, device bind" 1985 done 1986 1987 # 1988 # ip rule blocks address 1989 # 1990 log_start 1991 setup_cmd ip -6 rule add pref 32765 from all lookup local 1992 setup_cmd ip -6 rule del pref 0 from all lookup local 1993 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 1994 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 1995 1996 a=${NSB_LO_IP6} 1997 run_cmd ${ping6} -c1 -w1 ${a} 1998 log_test_addr ${a} $? 2 "ping out, blocked by rule" 1999 2000 log_start 2001 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2002 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 2003 2004 a=${NSA_LO_IP6} 2005 log_start 2006 show_hint "Response lost due to ip rule" 2007 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2008 log_test_addr ${a} $? 1 "ping in, blocked by rule" 2009 2010 setup_cmd ip -6 rule add pref 0 from all lookup local 2011 setup_cmd ip -6 rule del pref 32765 from all lookup local 2012 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 2013 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 2014 2015 # 2016 # route blocks reachability to remote address 2017 # 2018 log_start 2019 setup_cmd ip -6 route del ${NSB_LO_IP6} 2020 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10 2021 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10 2022 2023 a=${NSB_LO_IP6} 2024 run_cmd ${ping6} -c1 -w1 ${a} 2025 log_test_addr ${a} $? 2 "ping out, blocked by route" 2026 2027 log_start 2028 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2029 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route" 2030 2031 a=${NSA_LO_IP6} 2032 log_start 2033 show_hint "Response lost due to ip route" 2034 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2035 log_test_addr ${a} $? 1 "ping in, blocked by route" 2036 2037 2038 # 2039 # remove 'remote' routes; fallback to default 2040 # 2041 log_start 2042 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6} 2043 setup_cmd ip -6 ro del unreachable ${NSB_IP6} 2044 2045 a=${NSB_LO_IP6} 2046 run_cmd ${ping6} -c1 -w1 ${a} 2047 log_test_addr ${a} $? 2 "ping out, unreachable route" 2048 2049 log_start 2050 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2051 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 2052} 2053 2054ipv6_ping_vrf() 2055{ 2056 local a 2057 2058 # should default on; does not exist on older kernels 2059 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 2060 2061 # 2062 # out 2063 # 2064 for a in ${NSB_IP6} ${NSB_LO_IP6} 2065 do 2066 log_start 2067 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 2068 log_test_addr ${a} $? 0 "ping out, VRF bind" 2069 done 2070 2071 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF} 2072 do 2073 log_start 2074 show_hint "Fails since VRF device does not support linklocal or multicast" 2075 run_cmd ${ping6} -c1 -w1 ${a} 2076 log_test_addr ${a} $? 2 "ping out, VRF bind" 2077 done 2078 2079 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2080 do 2081 log_start 2082 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2083 log_test_addr ${a} $? 0 "ping out, device bind" 2084 done 2085 2086 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2087 do 2088 log_start 2089 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a} 2090 log_test_addr ${a} $? 0 "ping out, vrf device+address bind" 2091 done 2092 2093 # 2094 # in 2095 # 2096 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 2097 do 2098 log_start 2099 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2100 log_test_addr ${a} $? 0 "ping in" 2101 done 2102 2103 a=${NSA_LO_IP6} 2104 log_start 2105 show_hint "Fails since loopback address is out of VRF scope" 2106 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2107 log_test_addr ${a} $? 1 "ping in" 2108 2109 # 2110 # local traffic, local address 2111 # 2112 for a in ${NSA_IP6} ${VRF_IP6} ::1 2113 do 2114 log_start 2115 show_hint "Source address should be ${a}" 2116 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 2117 log_test_addr ${a} $? 0 "ping local, VRF bind" 2118 done 2119 2120 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2121 do 2122 log_start 2123 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2124 log_test_addr ${a} $? 0 "ping local, device bind" 2125 done 2126 2127 # LLA to GUA - remove ipv6 global addresses from ns-B 2128 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 2129 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo 2130 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 2131 2132 for a in ${NSA_IP6} ${VRF_IP6} 2133 do 2134 log_start 2135 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 2136 log_test_addr ${a} $? 0 "ping in, LLA to GUA" 2137 done 2138 2139 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 2140 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} 2141 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo 2142 2143 # 2144 # ip rule blocks address 2145 # 2146 log_start 2147 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 2148 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 2149 2150 a=${NSB_LO_IP6} 2151 run_cmd ${ping6} -c1 -w1 ${a} 2152 log_test_addr ${a} $? 2 "ping out, blocked by rule" 2153 2154 log_start 2155 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2156 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 2157 2158 a=${NSA_LO_IP6} 2159 log_start 2160 show_hint "Response lost due to ip rule" 2161 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2162 log_test_addr ${a} $? 1 "ping in, blocked by rule" 2163 2164 log_start 2165 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 2166 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 2167 2168 # 2169 # remove 'remote' routes; fallback to default 2170 # 2171 log_start 2172 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF} 2173 2174 a=${NSB_LO_IP6} 2175 run_cmd ${ping6} -c1 -w1 ${a} 2176 log_test_addr ${a} $? 2 "ping out, unreachable route" 2177 2178 log_start 2179 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2180 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 2181 2182 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6} 2183 a=${NSA_LO_IP6} 2184 log_start 2185 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2186 log_test_addr ${a} $? 2 "ping in, unreachable route" 2187} 2188 2189ipv6_ping() 2190{ 2191 log_section "IPv6 ping" 2192 2193 log_subsection "No VRF" 2194 setup 2195 ipv6_ping_novrf 2196 2197 log_subsection "With VRF" 2198 setup "yes" 2199 ipv6_ping_vrf 2200} 2201 2202################################################################################ 2203# IPv6 TCP 2204 2205# 2206# MD5 tests without VRF 2207# 2208ipv6_tcp_md5_novrf() 2209{ 2210 # 2211 # single address 2212 # 2213 2214 # basic use case 2215 log_start 2216 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} & 2217 sleep 1 2218 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2219 log_test $? 0 "MD5: Single address config" 2220 2221 # client sends MD5, server not configured 2222 log_start 2223 show_hint "Should timeout due to MD5 mismatch" 2224 run_cmd nettest -6 -s & 2225 sleep 1 2226 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2227 log_test $? 2 "MD5: Server no config, client uses password" 2228 2229 # wrong password 2230 log_start 2231 show_hint "Should timeout since client uses wrong password" 2232 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} & 2233 sleep 1 2234 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2235 log_test $? 2 "MD5: Client uses wrong password" 2236 2237 # client from different address 2238 log_start 2239 show_hint "Should timeout due to MD5 mismatch" 2240 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_LO_IP6} & 2241 sleep 1 2242 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2243 log_test $? 2 "MD5: Client address does not match address configured with password" 2244 2245 # 2246 # MD5 extension - prefix length 2247 # 2248 2249 # client in prefix 2250 log_start 2251 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & 2252 sleep 1 2253 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2254 log_test $? 0 "MD5: Prefix config" 2255 2256 # client in prefix, wrong password 2257 log_start 2258 show_hint "Should timeout since client uses wrong password" 2259 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & 2260 sleep 1 2261 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2262 log_test $? 2 "MD5: Prefix config, client uses wrong password" 2263 2264 # client outside of prefix 2265 log_start 2266 show_hint "Should timeout due to MD5 mismatch" 2267 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & 2268 sleep 1 2269 run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW} 2270 log_test $? 2 "MD5: Prefix config, client address not in configured prefix" 2271} 2272 2273# 2274# MD5 tests with VRF 2275# 2276ipv6_tcp_md5() 2277{ 2278 # 2279 # single address 2280 # 2281 2282 # basic use case 2283 log_start 2284 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2285 sleep 1 2286 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2287 log_test $? 0 "MD5: VRF: Single address config" 2288 2289 # client sends MD5, server not configured 2290 log_start 2291 show_hint "Should timeout since server does not have MD5 auth" 2292 run_cmd nettest -6 -s -d ${VRF} & 2293 sleep 1 2294 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2295 log_test $? 2 "MD5: VRF: Server no config, client uses password" 2296 2297 # wrong password 2298 log_start 2299 show_hint "Should timeout since client uses wrong password" 2300 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2301 sleep 1 2302 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2303 log_test $? 2 "MD5: VRF: Client uses wrong password" 2304 2305 # client from different address 2306 log_start 2307 show_hint "Should timeout since server config differs from client" 2308 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP6} & 2309 sleep 1 2310 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2311 log_test $? 2 "MD5: VRF: Client address does not match address configured with password" 2312 2313 # 2314 # MD5 extension - prefix length 2315 # 2316 2317 # client in prefix 2318 log_start 2319 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2320 sleep 1 2321 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2322 log_test $? 0 "MD5: VRF: Prefix config" 2323 2324 # client in prefix, wrong password 2325 log_start 2326 show_hint "Should timeout since client uses wrong password" 2327 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2328 sleep 1 2329 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2330 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password" 2331 2332 # client outside of prefix 2333 log_start 2334 show_hint "Should timeout since client address is outside of prefix" 2335 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2336 sleep 1 2337 run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW} 2338 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix" 2339 2340 # 2341 # duplicate config between default VRF and a VRF 2342 # 2343 2344 log_start 2345 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2346 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & 2347 sleep 1 2348 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2349 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" 2350 2351 log_start 2352 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2353 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & 2354 sleep 1 2355 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2356 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" 2357 2358 log_start 2359 show_hint "Should timeout since client in default VRF uses VRF password" 2360 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2361 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & 2362 sleep 1 2363 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2364 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" 2365 2366 log_start 2367 show_hint "Should timeout since client in VRF uses default VRF password" 2368 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2369 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & 2370 sleep 1 2371 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2372 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" 2373 2374 log_start 2375 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2376 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2377 sleep 1 2378 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2379 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF" 2380 2381 log_start 2382 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2383 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2384 sleep 1 2385 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2386 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF" 2387 2388 log_start 2389 show_hint "Should timeout since client in default VRF uses VRF password" 2390 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2391 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2392 sleep 1 2393 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2394 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw" 2395 2396 log_start 2397 show_hint "Should timeout since client in VRF uses default VRF password" 2398 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2399 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2400 sleep 1 2401 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2402 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw" 2403 2404 # 2405 # negative tests 2406 # 2407 log_start 2408 run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP6} 2409 log_test $? 1 "MD5: VRF: Device must be a VRF - single address" 2410 2411 log_start 2412 run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6} 2413 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix" 2414 2415} 2416 2417ipv6_tcp_novrf() 2418{ 2419 local a 2420 2421 # 2422 # server tests 2423 # 2424 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2425 do 2426 log_start 2427 run_cmd nettest -6 -s & 2428 sleep 1 2429 run_cmd_nsb nettest -6 -r ${a} 2430 log_test_addr ${a} $? 0 "Global server" 2431 done 2432 2433 # verify TCP reset received 2434 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2435 do 2436 log_start 2437 show_hint "Should fail 'Connection refused'" 2438 run_cmd_nsb nettest -6 -r ${a} 2439 log_test_addr ${a} $? 1 "No server" 2440 done 2441 2442 # 2443 # client 2444 # 2445 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2446 do 2447 log_start 2448 run_cmd_nsb nettest -6 -s & 2449 sleep 1 2450 run_cmd nettest -6 -r ${a} 2451 log_test_addr ${a} $? 0 "Client" 2452 done 2453 2454 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2455 do 2456 log_start 2457 run_cmd_nsb nettest -6 -s & 2458 sleep 1 2459 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2460 log_test_addr ${a} $? 0 "Client, device bind" 2461 done 2462 2463 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2464 do 2465 log_start 2466 show_hint "Should fail 'Connection refused'" 2467 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2468 log_test_addr ${a} $? 1 "No server, device client" 2469 done 2470 2471 # 2472 # local address tests 2473 # 2474 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2475 do 2476 log_start 2477 run_cmd nettest -6 -s & 2478 sleep 1 2479 run_cmd nettest -6 -r ${a} 2480 log_test_addr ${a} $? 0 "Global server, local connection" 2481 done 2482 2483 a=${NSA_IP6} 2484 log_start 2485 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2486 sleep 1 2487 run_cmd nettest -6 -r ${a} -0 ${a} 2488 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2489 2490 for a in ${NSA_LO_IP6} ::1 2491 do 2492 log_start 2493 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2494 run_cmd nettest -6 -s -d ${NSA_DEV} & 2495 sleep 1 2496 run_cmd nettest -6 -r ${a} 2497 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 2498 done 2499 2500 a=${NSA_IP6} 2501 log_start 2502 run_cmd nettest -6 -s & 2503 sleep 1 2504 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2505 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2506 2507 for a in ${NSA_LO_IP6} ::1 2508 do 2509 log_start 2510 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2511 run_cmd nettest -6 -s & 2512 sleep 1 2513 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2514 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2515 done 2516 2517 for a in ${NSA_IP6} ${NSA_LINKIP6} 2518 do 2519 log_start 2520 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2521 sleep 1 2522 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2523 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2524 done 2525 2526 for a in ${NSA_IP6} ${NSA_LINKIP6} 2527 do 2528 log_start 2529 show_hint "Should fail 'Connection refused'" 2530 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2531 log_test_addr ${a} $? 1 "No server, device client, local conn" 2532 done 2533 2534 ipv6_tcp_md5_novrf 2535} 2536 2537ipv6_tcp_vrf() 2538{ 2539 local a 2540 2541 # disable global server 2542 log_subsection "Global server disabled" 2543 2544 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2545 2546 # 2547 # server tests 2548 # 2549 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2550 do 2551 log_start 2552 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2553 run_cmd nettest -6 -s & 2554 sleep 1 2555 run_cmd_nsb nettest -6 -r ${a} 2556 log_test_addr ${a} $? 1 "Global server" 2557 done 2558 2559 for a in ${NSA_IP6} ${VRF_IP6} 2560 do 2561 log_start 2562 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2563 sleep 1 2564 run_cmd_nsb nettest -6 -r ${a} 2565 log_test_addr ${a} $? 0 "VRF server" 2566 done 2567 2568 # link local is always bound to ingress device 2569 a=${NSA_LINKIP6}%${NSB_DEV} 2570 log_start 2571 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} & 2572 sleep 1 2573 run_cmd_nsb nettest -6 -r ${a} 2574 log_test_addr ${a} $? 0 "VRF server" 2575 2576 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2577 do 2578 log_start 2579 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2580 sleep 1 2581 run_cmd_nsb nettest -6 -r ${a} 2582 log_test_addr ${a} $? 0 "Device server" 2583 done 2584 2585 # verify TCP reset received 2586 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2587 do 2588 log_start 2589 show_hint "Should fail 'Connection refused'" 2590 run_cmd_nsb nettest -6 -r ${a} 2591 log_test_addr ${a} $? 1 "No server" 2592 done 2593 2594 # local address tests 2595 a=${NSA_IP6} 2596 log_start 2597 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2598 run_cmd nettest -6 -s & 2599 sleep 1 2600 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2601 log_test_addr ${a} $? 1 "Global server, local connection" 2602 2603 # run MD5 tests 2604 ipv6_tcp_md5 2605 2606 # 2607 # enable VRF global server 2608 # 2609 log_subsection "VRF Global server enabled" 2610 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2611 2612 for a in ${NSA_IP6} ${VRF_IP6} 2613 do 2614 log_start 2615 run_cmd nettest -6 -s -2 ${VRF} & 2616 sleep 1 2617 run_cmd_nsb nettest -6 -r ${a} 2618 log_test_addr ${a} $? 0 "Global server" 2619 done 2620 2621 for a in ${NSA_IP6} ${VRF_IP6} 2622 do 2623 log_start 2624 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2625 sleep 1 2626 run_cmd_nsb nettest -6 -r ${a} 2627 log_test_addr ${a} $? 0 "VRF server" 2628 done 2629 2630 # For LLA, child socket is bound to device 2631 a=${NSA_LINKIP6}%${NSB_DEV} 2632 log_start 2633 run_cmd nettest -6 -s -2 ${NSA_DEV} & 2634 sleep 1 2635 run_cmd_nsb nettest -6 -r ${a} 2636 log_test_addr ${a} $? 0 "Global server" 2637 2638 log_start 2639 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} & 2640 sleep 1 2641 run_cmd_nsb nettest -6 -r ${a} 2642 log_test_addr ${a} $? 0 "VRF server" 2643 2644 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2645 do 2646 log_start 2647 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2648 sleep 1 2649 run_cmd_nsb nettest -6 -r ${a} 2650 log_test_addr ${a} $? 0 "Device server" 2651 done 2652 2653 # verify TCP reset received 2654 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2655 do 2656 log_start 2657 show_hint "Should fail 'Connection refused'" 2658 run_cmd_nsb nettest -6 -r ${a} 2659 log_test_addr ${a} $? 1 "No server" 2660 done 2661 2662 # local address tests 2663 for a in ${NSA_IP6} ${VRF_IP6} 2664 do 2665 log_start 2666 show_hint "Fails 'Connection refused' since client is not in VRF" 2667 run_cmd nettest -6 -s -d ${VRF} & 2668 sleep 1 2669 run_cmd nettest -6 -r ${a} 2670 log_test_addr ${a} $? 1 "Global server, local connection" 2671 done 2672 2673 2674 # 2675 # client 2676 # 2677 for a in ${NSB_IP6} ${NSB_LO_IP6} 2678 do 2679 log_start 2680 run_cmd_nsb nettest -6 -s & 2681 sleep 1 2682 run_cmd nettest -6 -r ${a} -d ${VRF} 2683 log_test_addr ${a} $? 0 "Client, VRF bind" 2684 done 2685 2686 a=${NSB_LINKIP6} 2687 log_start 2688 show_hint "Fails since VRF device does not allow linklocal addresses" 2689 run_cmd_nsb nettest -6 -s & 2690 sleep 1 2691 run_cmd nettest -6 -r ${a} -d ${VRF} 2692 log_test_addr ${a} $? 1 "Client, VRF bind" 2693 2694 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2695 do 2696 log_start 2697 run_cmd_nsb nettest -6 -s & 2698 sleep 1 2699 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2700 log_test_addr ${a} $? 0 "Client, device bind" 2701 done 2702 2703 for a in ${NSB_IP6} ${NSB_LO_IP6} 2704 do 2705 log_start 2706 show_hint "Should fail 'Connection refused'" 2707 run_cmd nettest -6 -r ${a} -d ${VRF} 2708 log_test_addr ${a} $? 1 "No server, VRF client" 2709 done 2710 2711 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2712 do 2713 log_start 2714 show_hint "Should fail 'Connection refused'" 2715 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2716 log_test_addr ${a} $? 1 "No server, device client" 2717 done 2718 2719 for a in ${NSA_IP6} ${VRF_IP6} ::1 2720 do 2721 log_start 2722 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2723 sleep 1 2724 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2725 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 2726 done 2727 2728 a=${NSA_IP6} 2729 log_start 2730 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2731 sleep 1 2732 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2733 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 2734 2735 a=${NSA_IP6} 2736 log_start 2737 show_hint "Should fail since unbound client is out of VRF scope" 2738 run_cmd nettest -6 -s -d ${VRF} & 2739 sleep 1 2740 run_cmd nettest -6 -r ${a} 2741 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 2742 2743 log_start 2744 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2745 sleep 1 2746 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2747 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 2748 2749 for a in ${NSA_IP6} ${NSA_LINKIP6} 2750 do 2751 log_start 2752 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2753 sleep 1 2754 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2755 log_test_addr ${a} $? 0 "Device server, device client, local connection" 2756 done 2757} 2758 2759ipv6_tcp() 2760{ 2761 log_section "IPv6/TCP" 2762 log_subsection "No VRF" 2763 setup 2764 2765 # tcp_l3mdev_accept should have no affect without VRF; 2766 # run tests with it enabled and disabled to verify 2767 log_subsection "tcp_l3mdev_accept disabled" 2768 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2769 ipv6_tcp_novrf 2770 log_subsection "tcp_l3mdev_accept enabled" 2771 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2772 ipv6_tcp_novrf 2773 2774 log_subsection "With VRF" 2775 setup "yes" 2776 ipv6_tcp_vrf 2777} 2778 2779################################################################################ 2780# IPv6 UDP 2781 2782ipv6_udp_novrf() 2783{ 2784 local a 2785 2786 # 2787 # server tests 2788 # 2789 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2790 do 2791 log_start 2792 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2793 sleep 1 2794 run_cmd_nsb nettest -6 -D -r ${a} 2795 log_test_addr ${a} $? 0 "Global server" 2796 2797 log_start 2798 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2799 sleep 1 2800 run_cmd_nsb nettest -6 -D -r ${a} 2801 log_test_addr ${a} $? 0 "Device server" 2802 done 2803 2804 a=${NSA_LO_IP6} 2805 log_start 2806 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2807 sleep 1 2808 run_cmd_nsb nettest -6 -D -r ${a} 2809 log_test_addr ${a} $? 0 "Global server" 2810 2811 # should fail since loopback address is out of scope for a device 2812 # bound server, but it does not - hence this is more documenting 2813 # behavior. 2814 #log_start 2815 #show_hint "Should fail since loopback address is out of scope" 2816 #run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2817 #sleep 1 2818 #run_cmd_nsb nettest -6 -D -r ${a} 2819 #log_test_addr ${a} $? 1 "Device server" 2820 2821 # negative test - should fail 2822 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2823 do 2824 log_start 2825 show_hint "Should fail 'Connection refused' since there is no server" 2826 run_cmd_nsb nettest -6 -D -r ${a} 2827 log_test_addr ${a} $? 1 "No server" 2828 done 2829 2830 # 2831 # client 2832 # 2833 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2834 do 2835 log_start 2836 run_cmd_nsb nettest -6 -D -s & 2837 sleep 1 2838 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6} 2839 log_test_addr ${a} $? 0 "Client" 2840 2841 log_start 2842 run_cmd_nsb nettest -6 -D -s & 2843 sleep 1 2844 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6} 2845 log_test_addr ${a} $? 0 "Client, device bind" 2846 2847 log_start 2848 run_cmd_nsb nettest -6 -D -s & 2849 sleep 1 2850 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6} 2851 log_test_addr ${a} $? 0 "Client, device send via cmsg" 2852 2853 log_start 2854 run_cmd_nsb nettest -6 -D -s & 2855 sleep 1 2856 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6} 2857 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF" 2858 2859 log_start 2860 show_hint "Should fail 'Connection refused'" 2861 run_cmd nettest -6 -D -r ${a} 2862 log_test_addr ${a} $? 1 "No server, unbound client" 2863 2864 log_start 2865 show_hint "Should fail 'Connection refused'" 2866 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2867 log_test_addr ${a} $? 1 "No server, device client" 2868 done 2869 2870 # 2871 # local address tests 2872 # 2873 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2874 do 2875 log_start 2876 run_cmd nettest -6 -D -s & 2877 sleep 1 2878 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a} 2879 log_test_addr ${a} $? 0 "Global server, local connection" 2880 done 2881 2882 a=${NSA_IP6} 2883 log_start 2884 run_cmd nettest -6 -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 2885 sleep 1 2886 run_cmd nettest -6 -D -r ${a} 2887 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2888 2889 for a in ${NSA_LO_IP6} ::1 2890 do 2891 log_start 2892 show_hint "Should fail 'Connection refused' since address is out of device scope" 2893 run_cmd nettest -6 -s -D -d ${NSA_DEV} & 2894 sleep 1 2895 run_cmd nettest -6 -D -r ${a} 2896 log_test_addr ${a} $? 1 "Device server, local connection" 2897 done 2898 2899 a=${NSA_IP6} 2900 log_start 2901 run_cmd nettest -6 -s -D & 2902 sleep 1 2903 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2904 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2905 2906 log_start 2907 run_cmd nettest -6 -s -D & 2908 sleep 1 2909 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a} 2910 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 2911 2912 log_start 2913 run_cmd nettest -6 -s -D & 2914 sleep 1 2915 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a} 2916 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection" 2917 2918 for a in ${NSA_LO_IP6} ::1 2919 do 2920 log_start 2921 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2922 run_cmd nettest -6 -D -s & 2923 sleep 1 2924 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2925 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2926 2927 log_start 2928 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2929 run_cmd nettest -6 -D -s & 2930 sleep 1 2931 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C 2932 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 2933 2934 log_start 2935 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2936 run_cmd nettest -6 -D -s & 2937 sleep 1 2938 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S 2939 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 2940 done 2941 2942 a=${NSA_IP6} 2943 log_start 2944 run_cmd nettest -6 -D -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2945 sleep 1 2946 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a} 2947 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2948 2949 log_start 2950 show_hint "Should fail 'Connection refused'" 2951 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2952 log_test_addr ${a} $? 1 "No server, device client, local conn" 2953 2954 # LLA to GUA 2955 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 2956 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 2957 log_start 2958 run_cmd nettest -6 -s -D & 2959 sleep 1 2960 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 2961 log_test $? 0 "UDP in - LLA to GUA" 2962 2963 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 2964 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 2965} 2966 2967ipv6_udp_vrf() 2968{ 2969 local a 2970 2971 # disable global server 2972 log_subsection "Global server disabled" 2973 set_sysctl net.ipv4.udp_l3mdev_accept=0 2974 2975 # 2976 # server tests 2977 # 2978 for a in ${NSA_IP6} ${VRF_IP6} 2979 do 2980 log_start 2981 show_hint "Should fail 'Connection refused' since global server is disabled" 2982 run_cmd nettest -6 -D -s & 2983 sleep 1 2984 run_cmd_nsb nettest -6 -D -r ${a} 2985 log_test_addr ${a} $? 1 "Global server" 2986 done 2987 2988 for a in ${NSA_IP6} ${VRF_IP6} 2989 do 2990 log_start 2991 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2992 sleep 1 2993 run_cmd_nsb nettest -6 -D -r ${a} 2994 log_test_addr ${a} $? 0 "VRF server" 2995 done 2996 2997 for a in ${NSA_IP6} ${VRF_IP6} 2998 do 2999 log_start 3000 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3001 sleep 1 3002 run_cmd_nsb nettest -6 -D -r ${a} 3003 log_test_addr ${a} $? 0 "Enslaved device server" 3004 done 3005 3006 # negative test - should fail 3007 for a in ${NSA_IP6} ${VRF_IP6} 3008 do 3009 log_start 3010 show_hint "Should fail 'Connection refused' since there is no server" 3011 run_cmd_nsb nettest -6 -D -r ${a} 3012 log_test_addr ${a} $? 1 "No server" 3013 done 3014 3015 # 3016 # local address tests 3017 # 3018 for a in ${NSA_IP6} ${VRF_IP6} 3019 do 3020 log_start 3021 show_hint "Should fail 'Connection refused' since global server is disabled" 3022 run_cmd nettest -6 -D -s & 3023 sleep 1 3024 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3025 log_test_addr ${a} $? 1 "Global server, VRF client, local conn" 3026 done 3027 3028 for a in ${NSA_IP6} ${VRF_IP6} 3029 do 3030 log_start 3031 run_cmd nettest -6 -D -d ${VRF} -s & 3032 sleep 1 3033 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3034 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 3035 done 3036 3037 a=${NSA_IP6} 3038 log_start 3039 show_hint "Should fail 'Connection refused' since global server is disabled" 3040 run_cmd nettest -6 -D -s & 3041 sleep 1 3042 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3043 log_test_addr ${a} $? 1 "Global server, device client, local conn" 3044 3045 log_start 3046 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 3047 sleep 1 3048 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3049 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 3050 3051 log_start 3052 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3053 sleep 1 3054 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3055 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 3056 3057 log_start 3058 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3059 sleep 1 3060 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3061 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 3062 3063 # disable global server 3064 log_subsection "Global server enabled" 3065 set_sysctl net.ipv4.udp_l3mdev_accept=1 3066 3067 # 3068 # server tests 3069 # 3070 for a in ${NSA_IP6} ${VRF_IP6} 3071 do 3072 log_start 3073 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 3074 sleep 1 3075 run_cmd_nsb nettest -6 -D -r ${a} 3076 log_test_addr ${a} $? 0 "Global server" 3077 done 3078 3079 for a in ${NSA_IP6} ${VRF_IP6} 3080 do 3081 log_start 3082 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 3083 sleep 1 3084 run_cmd_nsb nettest -6 -D -r ${a} 3085 log_test_addr ${a} $? 0 "VRF server" 3086 done 3087 3088 for a in ${NSA_IP6} ${VRF_IP6} 3089 do 3090 log_start 3091 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3092 sleep 1 3093 run_cmd_nsb nettest -6 -D -r ${a} 3094 log_test_addr ${a} $? 0 "Enslaved device server" 3095 done 3096 3097 # negative test - should fail 3098 for a in ${NSA_IP6} ${VRF_IP6} 3099 do 3100 log_start 3101 run_cmd_nsb nettest -6 -D -r ${a} 3102 log_test_addr ${a} $? 1 "No server" 3103 done 3104 3105 # 3106 # client tests 3107 # 3108 log_start 3109 run_cmd_nsb nettest -6 -D -s & 3110 sleep 1 3111 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 3112 log_test $? 0 "VRF client" 3113 3114 # negative test - should fail 3115 log_start 3116 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 3117 log_test $? 1 "No server, VRF client" 3118 3119 log_start 3120 run_cmd_nsb nettest -6 -D -s & 3121 sleep 1 3122 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 3123 log_test $? 0 "Enslaved device client" 3124 3125 # negative test - should fail 3126 log_start 3127 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 3128 log_test $? 1 "No server, enslaved device client" 3129 3130 # 3131 # local address tests 3132 # 3133 a=${NSA_IP6} 3134 log_start 3135 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 3136 sleep 1 3137 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3138 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 3139 3140 #log_start 3141 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 3142 sleep 1 3143 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3144 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 3145 3146 3147 a=${VRF_IP6} 3148 log_start 3149 run_cmd nettest -6 -D -s -2 ${VRF} & 3150 sleep 1 3151 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3152 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 3153 3154 log_start 3155 run_cmd nettest -6 -D -d ${VRF} -s -2 ${VRF} & 3156 sleep 1 3157 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3158 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 3159 3160 # negative test - should fail 3161 for a in ${NSA_IP6} ${VRF_IP6} 3162 do 3163 log_start 3164 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3165 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 3166 done 3167 3168 # device to global IP 3169 a=${NSA_IP6} 3170 log_start 3171 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 3172 sleep 1 3173 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3174 log_test_addr ${a} $? 0 "Global server, device client, local conn" 3175 3176 log_start 3177 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 3178 sleep 1 3179 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3180 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 3181 3182 log_start 3183 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3184 sleep 1 3185 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3186 log_test_addr ${a} $? 0 "Device server, VRF client, local conn" 3187 3188 log_start 3189 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3190 sleep 1 3191 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3192 log_test_addr ${a} $? 0 "Device server, device client, local conn" 3193 3194 log_start 3195 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3196 log_test_addr ${a} $? 1 "No server, device client, local conn" 3197 3198 3199 # link local addresses 3200 log_start 3201 run_cmd nettest -6 -D -s & 3202 sleep 1 3203 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 3204 log_test $? 0 "Global server, linklocal IP" 3205 3206 log_start 3207 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 3208 log_test $? 1 "No server, linklocal IP" 3209 3210 3211 log_start 3212 run_cmd_nsb nettest -6 -D -s & 3213 sleep 1 3214 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 3215 log_test $? 0 "Enslaved device client, linklocal IP" 3216 3217 log_start 3218 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 3219 log_test $? 1 "No server, device client, peer linklocal IP" 3220 3221 3222 log_start 3223 run_cmd nettest -6 -D -s & 3224 sleep 1 3225 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 3226 log_test $? 0 "Enslaved device client, local conn - linklocal IP" 3227 3228 log_start 3229 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 3230 log_test $? 1 "No server, device client, local conn - linklocal IP" 3231 3232 # LLA to GUA 3233 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 3234 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 3235 log_start 3236 run_cmd nettest -6 -s -D & 3237 sleep 1 3238 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 3239 log_test $? 0 "UDP in - LLA to GUA" 3240 3241 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 3242 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 3243} 3244 3245ipv6_udp() 3246{ 3247 # should not matter, but set to known state 3248 set_sysctl net.ipv4.udp_early_demux=1 3249 3250 log_section "IPv6/UDP" 3251 log_subsection "No VRF" 3252 setup 3253 3254 # udp_l3mdev_accept should have no affect without VRF; 3255 # run tests with it enabled and disabled to verify 3256 log_subsection "udp_l3mdev_accept disabled" 3257 set_sysctl net.ipv4.udp_l3mdev_accept=0 3258 ipv6_udp_novrf 3259 log_subsection "udp_l3mdev_accept enabled" 3260 set_sysctl net.ipv4.udp_l3mdev_accept=1 3261 ipv6_udp_novrf 3262 3263 log_subsection "With VRF" 3264 setup "yes" 3265 ipv6_udp_vrf 3266} 3267 3268################################################################################ 3269# IPv6 address bind 3270 3271ipv6_addr_bind_novrf() 3272{ 3273 # 3274 # raw socket 3275 # 3276 for a in ${NSA_IP6} ${NSA_LO_IP6} 3277 do 3278 log_start 3279 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b 3280 log_test_addr ${a} $? 0 "Raw socket bind to local address" 3281 3282 log_start 3283 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b 3284 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 3285 done 3286 3287 # 3288 # tcp sockets 3289 # 3290 a=${NSA_IP6} 3291 log_start 3292 run_cmd nettest -6 -s -l ${a} -t1 -b 3293 log_test_addr ${a} $? 0 "TCP socket bind to local address" 3294 3295 log_start 3296 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 3297 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 3298 3299 a=${NSA_LO_IP6} 3300 log_start 3301 show_hint "Should fail with 'Cannot assign requested address'" 3302 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 3303 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address" 3304} 3305 3306ipv6_addr_bind_vrf() 3307{ 3308 # 3309 # raw socket 3310 # 3311 for a in ${NSA_IP6} ${VRF_IP6} 3312 do 3313 log_start 3314 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b 3315 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind" 3316 3317 log_start 3318 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b 3319 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 3320 done 3321 3322 a=${NSA_LO_IP6} 3323 log_start 3324 show_hint "Address on loopback is out of VRF scope" 3325 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b 3326 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind" 3327 3328 # 3329 # tcp sockets 3330 # 3331 # address on enslaved device is valid for the VRF or device in a VRF 3332 for a in ${NSA_IP6} ${VRF_IP6} 3333 do 3334 log_start 3335 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b 3336 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind" 3337 done 3338 3339 a=${NSA_IP6} 3340 log_start 3341 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 3342 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind" 3343 3344 a=${VRF_IP6} 3345 log_start 3346 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 3347 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind" 3348 3349 a=${NSA_LO_IP6} 3350 log_start 3351 show_hint "Address on loopback out of scope for VRF" 3352 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b 3353 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 3354 3355 log_start 3356 show_hint "Address on loopback out of scope for device in VRF" 3357 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 3358 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 3359 3360} 3361 3362ipv6_addr_bind() 3363{ 3364 log_section "IPv6 address binds" 3365 3366 log_subsection "No VRF" 3367 setup 3368 ipv6_addr_bind_novrf 3369 3370 log_subsection "With VRF" 3371 setup "yes" 3372 ipv6_addr_bind_vrf 3373} 3374 3375################################################################################ 3376# IPv6 runtime tests 3377 3378ipv6_rt() 3379{ 3380 local desc="$1" 3381 local varg="-6 $2" 3382 local with_vrf="yes" 3383 local a 3384 3385 # 3386 # server tests 3387 # 3388 for a in ${NSA_IP6} ${VRF_IP6} 3389 do 3390 log_start 3391 run_cmd nettest ${varg} -s & 3392 sleep 1 3393 run_cmd_nsb nettest ${varg} -r ${a} & 3394 sleep 3 3395 run_cmd ip link del ${VRF} 3396 sleep 1 3397 log_test_addr ${a} 0 0 "${desc}, global server" 3398 3399 setup ${with_vrf} 3400 done 3401 3402 for a in ${NSA_IP6} ${VRF_IP6} 3403 do 3404 log_start 3405 run_cmd nettest ${varg} -d ${VRF} -s & 3406 sleep 1 3407 run_cmd_nsb nettest ${varg} -r ${a} & 3408 sleep 3 3409 run_cmd ip link del ${VRF} 3410 sleep 1 3411 log_test_addr ${a} 0 0 "${desc}, VRF server" 3412 3413 setup ${with_vrf} 3414 done 3415 3416 for a in ${NSA_IP6} ${VRF_IP6} 3417 do 3418 log_start 3419 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 3420 sleep 1 3421 run_cmd_nsb nettest ${varg} -r ${a} & 3422 sleep 3 3423 run_cmd ip link del ${VRF} 3424 sleep 1 3425 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 3426 3427 setup ${with_vrf} 3428 done 3429 3430 # 3431 # client test 3432 # 3433 log_start 3434 run_cmd_nsb nettest ${varg} -s & 3435 sleep 1 3436 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} & 3437 sleep 3 3438 run_cmd ip link del ${VRF} 3439 sleep 1 3440 log_test 0 0 "${desc}, VRF client" 3441 3442 setup ${with_vrf} 3443 3444 log_start 3445 run_cmd_nsb nettest ${varg} -s & 3446 sleep 1 3447 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} & 3448 sleep 3 3449 run_cmd ip link del ${VRF} 3450 sleep 1 3451 log_test 0 0 "${desc}, enslaved device client" 3452 3453 setup ${with_vrf} 3454 3455 3456 # 3457 # local address tests 3458 # 3459 for a in ${NSA_IP6} ${VRF_IP6} 3460 do 3461 log_start 3462 run_cmd nettest ${varg} -s & 3463 sleep 1 3464 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3465 sleep 3 3466 run_cmd ip link del ${VRF} 3467 sleep 1 3468 log_test_addr ${a} 0 0 "${desc}, global server, VRF client" 3469 3470 setup ${with_vrf} 3471 done 3472 3473 for a in ${NSA_IP6} ${VRF_IP6} 3474 do 3475 log_start 3476 run_cmd nettest ${varg} -d ${VRF} -s & 3477 sleep 1 3478 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3479 sleep 3 3480 run_cmd ip link del ${VRF} 3481 sleep 1 3482 log_test_addr ${a} 0 0 "${desc}, VRF server and client" 3483 3484 setup ${with_vrf} 3485 done 3486 3487 a=${NSA_IP6} 3488 log_start 3489 run_cmd nettest ${varg} -s & 3490 sleep 1 3491 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3492 sleep 3 3493 run_cmd ip link del ${VRF} 3494 sleep 1 3495 log_test_addr ${a} 0 0 "${desc}, global server, device client" 3496 3497 setup ${with_vrf} 3498 3499 log_start 3500 run_cmd nettest ${varg} -d ${VRF} -s & 3501 sleep 1 3502 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3503 sleep 3 3504 run_cmd ip link del ${VRF} 3505 sleep 1 3506 log_test_addr ${a} 0 0 "${desc}, VRF server, device client" 3507 3508 setup ${with_vrf} 3509 3510 log_start 3511 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 3512 sleep 1 3513 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3514 sleep 3 3515 run_cmd ip link del ${VRF} 3516 sleep 1 3517 log_test_addr ${a} 0 0 "${desc}, device server, device client" 3518} 3519 3520ipv6_ping_rt() 3521{ 3522 local with_vrf="yes" 3523 local a 3524 3525 a=${NSA_IP6} 3526 log_start 3527 run_cmd_nsb ${ping6} -f ${a} & 3528 sleep 3 3529 run_cmd ip link del ${VRF} 3530 sleep 1 3531 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 3532 3533 setup ${with_vrf} 3534 3535 log_start 3536 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} & 3537 sleep 1 3538 run_cmd ip link del ${VRF} 3539 sleep 1 3540 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 3541} 3542 3543ipv6_runtime() 3544{ 3545 log_section "Run time tests - ipv6" 3546 3547 setup "yes" 3548 ipv6_ping_rt 3549 3550 setup "yes" 3551 ipv6_rt "TCP active socket" "-n -1" 3552 3553 setup "yes" 3554 ipv6_rt "TCP passive socket" "-i" 3555 3556 setup "yes" 3557 ipv6_rt "UDP active socket" "-D -n -1" 3558} 3559 3560################################################################################ 3561# netfilter blocking connections 3562 3563netfilter_tcp_reset() 3564{ 3565 local a 3566 3567 for a in ${NSA_IP} ${VRF_IP} 3568 do 3569 log_start 3570 run_cmd nettest -s & 3571 sleep 1 3572 run_cmd_nsb nettest -r ${a} 3573 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3574 done 3575} 3576 3577netfilter_icmp() 3578{ 3579 local stype="$1" 3580 local arg 3581 local a 3582 3583 [ "${stype}" = "UDP" ] && arg="-D" 3584 3585 for a in ${NSA_IP} ${VRF_IP} 3586 do 3587 log_start 3588 run_cmd nettest ${arg} -s & 3589 sleep 1 3590 run_cmd_nsb nettest ${arg} -r ${a} 3591 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3592 done 3593} 3594 3595ipv4_netfilter() 3596{ 3597 log_section "IPv4 Netfilter" 3598 log_subsection "TCP reset" 3599 3600 setup "yes" 3601 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3602 3603 netfilter_tcp_reset 3604 3605 log_start 3606 log_subsection "ICMP unreachable" 3607 3608 log_start 3609 run_cmd iptables -F 3610 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3611 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3612 3613 netfilter_icmp "TCP" 3614 netfilter_icmp "UDP" 3615 3616 log_start 3617 iptables -F 3618} 3619 3620netfilter_tcp6_reset() 3621{ 3622 local a 3623 3624 for a in ${NSA_IP6} ${VRF_IP6} 3625 do 3626 log_start 3627 run_cmd nettest -6 -s & 3628 sleep 1 3629 run_cmd_nsb nettest -6 -r ${a} 3630 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3631 done 3632} 3633 3634netfilter_icmp6() 3635{ 3636 local stype="$1" 3637 local arg 3638 local a 3639 3640 [ "${stype}" = "UDP" ] && arg="$arg -D" 3641 3642 for a in ${NSA_IP6} ${VRF_IP6} 3643 do 3644 log_start 3645 run_cmd nettest -6 -s ${arg} & 3646 sleep 1 3647 run_cmd_nsb nettest -6 ${arg} -r ${a} 3648 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3649 done 3650} 3651 3652ipv6_netfilter() 3653{ 3654 log_section "IPv6 Netfilter" 3655 log_subsection "TCP reset" 3656 3657 setup "yes" 3658 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3659 3660 netfilter_tcp6_reset 3661 3662 log_subsection "ICMP unreachable" 3663 3664 log_start 3665 run_cmd ip6tables -F 3666 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3667 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3668 3669 netfilter_icmp6 "TCP" 3670 netfilter_icmp6 "UDP" 3671 3672 log_start 3673 ip6tables -F 3674} 3675 3676################################################################################ 3677# specific use cases 3678 3679# VRF only. 3680# ns-A device enslaved to bridge. Verify traffic with and without 3681# br_netfilter module loaded. Repeat with SVI on bridge. 3682use_case_br() 3683{ 3684 setup "yes" 3685 3686 setup_cmd ip link set ${NSA_DEV} down 3687 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24 3688 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64 3689 3690 setup_cmd ip link add br0 type bridge 3691 setup_cmd ip addr add dev br0 ${NSA_IP}/24 3692 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad 3693 3694 setup_cmd ip li set ${NSA_DEV} master br0 3695 setup_cmd ip li set ${NSA_DEV} up 3696 setup_cmd ip li set br0 up 3697 setup_cmd ip li set br0 vrf ${VRF} 3698 3699 rmmod br_netfilter 2>/dev/null 3700 sleep 5 # DAD 3701 3702 run_cmd ip neigh flush all 3703 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3704 log_test $? 0 "Bridge into VRF - IPv4 ping out" 3705 3706 run_cmd ip neigh flush all 3707 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3708 log_test $? 0 "Bridge into VRF - IPv6 ping out" 3709 3710 run_cmd ip neigh flush all 3711 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3712 log_test $? 0 "Bridge into VRF - IPv4 ping in" 3713 3714 run_cmd ip neigh flush all 3715 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3716 log_test $? 0 "Bridge into VRF - IPv6 ping in" 3717 3718 modprobe br_netfilter 3719 if [ $? -eq 0 ]; then 3720 run_cmd ip neigh flush all 3721 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3722 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out" 3723 3724 run_cmd ip neigh flush all 3725 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3726 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out" 3727 3728 run_cmd ip neigh flush all 3729 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3730 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in" 3731 3732 run_cmd ip neigh flush all 3733 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3734 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in" 3735 fi 3736 3737 setup_cmd ip li set br0 nomaster 3738 setup_cmd ip li add br0.100 link br0 type vlan id 100 3739 setup_cmd ip li set br0.100 vrf ${VRF} up 3740 setup_cmd ip addr add dev br0.100 172.16.101.1/24 3741 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad 3742 3743 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100 3744 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24 3745 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad 3746 setup_cmd_nsb ip li set vlan100 up 3747 sleep 1 3748 3749 rmmod br_netfilter 2>/dev/null 3750 3751 run_cmd ip neigh flush all 3752 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3753 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out" 3754 3755 run_cmd ip neigh flush all 3756 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3757 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out" 3758 3759 run_cmd ip neigh flush all 3760 run_cmd_nsb ping -c1 -w1 172.16.101.1 3761 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3762 3763 run_cmd ip neigh flush all 3764 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3765 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3766 3767 modprobe br_netfilter 3768 if [ $? -eq 0 ]; then 3769 run_cmd ip neigh flush all 3770 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3771 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out" 3772 3773 run_cmd ip neigh flush all 3774 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3775 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out" 3776 3777 run_cmd ip neigh flush all 3778 run_cmd_nsb ping -c1 -w1 172.16.101.1 3779 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3780 3781 run_cmd ip neigh flush all 3782 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3783 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3784 fi 3785 3786 setup_cmd ip li del br0 2>/dev/null 3787 setup_cmd_nsb ip li del vlan100 2>/dev/null 3788} 3789 3790use_cases() 3791{ 3792 log_section "Use cases" 3793 use_case_br 3794} 3795 3796################################################################################ 3797# usage 3798 3799usage() 3800{ 3801 cat <<EOF 3802usage: ${0##*/} OPTS 3803 3804 -4 IPv4 tests only 3805 -6 IPv6 tests only 3806 -t <test> Test name/set to run 3807 -p Pause on fail 3808 -P Pause after each test 3809 -v Be verbose 3810EOF 3811} 3812 3813################################################################################ 3814# main 3815 3816TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter" 3817TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter" 3818TESTS_OTHER="use_cases" 3819 3820PAUSE_ON_FAIL=no 3821PAUSE=no 3822 3823while getopts :46t:pPvh o 3824do 3825 case $o in 3826 4) TESTS=ipv4;; 3827 6) TESTS=ipv6;; 3828 t) TESTS=$OPTARG;; 3829 p) PAUSE_ON_FAIL=yes;; 3830 P) PAUSE=yes;; 3831 v) VERBOSE=1;; 3832 h) usage; exit 0;; 3833 *) usage; exit 1;; 3834 esac 3835done 3836 3837# make sure we don't pause twice 3838[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no 3839 3840# 3841# show user test config 3842# 3843if [ -z "$TESTS" ]; then 3844 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER" 3845elif [ "$TESTS" = "ipv4" ]; then 3846 TESTS="$TESTS_IPV4" 3847elif [ "$TESTS" = "ipv6" ]; then 3848 TESTS="$TESTS_IPV6" 3849fi 3850 3851which nettest >/dev/null 3852if [ $? -ne 0 ]; then 3853 echo "'nettest' command not found; skipping tests" 3854 exit 0 3855fi 3856 3857declare -i nfail=0 3858declare -i nsuccess=0 3859 3860for t in $TESTS 3861do 3862 case $t in 3863 ipv4_ping|ping) ipv4_ping;; 3864 ipv4_tcp|tcp) ipv4_tcp;; 3865 ipv4_udp|udp) ipv4_udp;; 3866 ipv4_bind|bind) ipv4_addr_bind;; 3867 ipv4_runtime) ipv4_runtime;; 3868 ipv4_netfilter) ipv4_netfilter;; 3869 3870 ipv6_ping|ping6) ipv6_ping;; 3871 ipv6_tcp|tcp6) ipv6_tcp;; 3872 ipv6_udp|udp6) ipv6_udp;; 3873 ipv6_bind|bind6) ipv6_addr_bind;; 3874 ipv6_runtime) ipv6_runtime;; 3875 ipv6_netfilter) ipv6_netfilter;; 3876 3877 use_cases) use_cases;; 3878 3879 # setup namespaces and config, but do not run any tests 3880 setup) setup; exit 0;; 3881 vrf_setup) setup "yes"; exit 0;; 3882 3883 help) echo "Test names: $TESTS"; exit 0;; 3884 esac 3885done 3886 3887cleanup 2>/dev/null 3888 3889printf "\nTests passed: %3d\n" ${nsuccess} 3890printf "Tests failed: %3d\n" ${nfail} 3891