1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved. 5# 6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups 7# for various permutations: 8# 1. icmp, tcp, udp and netfilter 9# 2. client, server, no-server 10# 3. global address on interface 11# 4. global address on 'lo' 12# 5. remote and local traffic 13# 6. VRF and non-VRF permutations 14# 15# Setup: 16# ns-A | ns-B 17# No VRF case: 18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ] 19# remote address 20# VRF case: 21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ] 22# 23# ns-A: 24# eth1: 172.16.1.1/24, 2001:db8:1::1/64 25# lo: 127.0.0.1/8, ::1/128 26# 172.16.2.1/32, 2001:db8:2::1/128 27# red: 127.0.0.1/8, ::1/128 28# 172.16.3.1/32, 2001:db8:3::1/128 29# 30# ns-B: 31# eth1: 172.16.1.2/24, 2001:db8:1::2/64 32# lo2: 127.0.0.1/8, ::1/128 33# 172.16.2.2/32, 2001:db8:2::2/128 34# 35# server / client nomenclature relative to ns-A 36 37VERBOSE=0 38 39NSA_DEV=eth1 40NSB_DEV=eth1 41VRF=red 42VRF_TABLE=1101 43 44# IPv4 config 45NSA_IP=172.16.1.1 46NSB_IP=172.16.1.2 47VRF_IP=172.16.3.1 48 49# IPv6 config 50NSA_IP6=2001:db8:1::1 51NSB_IP6=2001:db8:1::2 52VRF_IP6=2001:db8:3::1 53 54NSA_LO_IP=172.16.2.1 55NSB_LO_IP=172.16.2.2 56NSA_LO_IP6=2001:db8:2::1 57NSB_LO_IP6=2001:db8:2::2 58 59MCAST=ff02::1 60# set after namespace create 61NSA_LINKIP6= 62NSB_LINKIP6= 63 64NSA=ns-A 65NSB=ns-B 66 67NSA_CMD="ip netns exec ${NSA}" 68NSB_CMD="ip netns exec ${NSB}" 69 70which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) 71 72################################################################################ 73# utilities 74 75log_test() 76{ 77 local rc=$1 78 local expected=$2 79 local msg="$3" 80 81 [ "${VERBOSE}" = "1" ] && echo 82 83 if [ ${rc} -eq ${expected} ]; then 84 nsuccess=$((nsuccess+1)) 85 printf "TEST: %-70s [ OK ]\n" "${msg}" 86 else 87 nfail=$((nfail+1)) 88 printf "TEST: %-70s [FAIL]\n" "${msg}" 89 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 90 echo 91 echo "hit enter to continue, 'q' to quit" 92 read a 93 [ "$a" = "q" ] && exit 1 94 fi 95 fi 96 97 if [ "${PAUSE}" = "yes" ]; then 98 echo 99 echo "hit enter to continue, 'q' to quit" 100 read a 101 [ "$a" = "q" ] && exit 1 102 fi 103 104 kill_procs 105} 106 107log_test_addr() 108{ 109 local addr=$1 110 local rc=$2 111 local expected=$3 112 local msg="$4" 113 local astr 114 115 astr=$(addr2str ${addr}) 116 log_test $rc $expected "$msg - ${astr}" 117} 118 119log_section() 120{ 121 echo 122 echo "###########################################################################" 123 echo "$*" 124 echo "###########################################################################" 125 echo 126} 127 128log_subsection() 129{ 130 echo 131 echo "#################################################################" 132 echo "$*" 133 echo 134} 135 136log_start() 137{ 138 # make sure we have no test instances running 139 kill_procs 140 141 if [ "${VERBOSE}" = "1" ]; then 142 echo 143 echo "#######################################################" 144 fi 145} 146 147log_debug() 148{ 149 if [ "${VERBOSE}" = "1" ]; then 150 echo 151 echo "$*" 152 echo 153 fi 154} 155 156show_hint() 157{ 158 if [ "${VERBOSE}" = "1" ]; then 159 echo "HINT: $*" 160 echo 161 fi 162} 163 164kill_procs() 165{ 166 killall nettest ping ping6 >/dev/null 2>&1 167 sleep 1 168} 169 170do_run_cmd() 171{ 172 local cmd="$*" 173 local out 174 175 if [ "$VERBOSE" = "1" ]; then 176 echo "COMMAND: ${cmd}" 177 fi 178 179 out=$($cmd 2>&1) 180 rc=$? 181 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 182 echo "$out" 183 fi 184 185 return $rc 186} 187 188run_cmd() 189{ 190 do_run_cmd ${NSA_CMD} $* 191} 192 193run_cmd_nsb() 194{ 195 do_run_cmd ${NSB_CMD} $* 196} 197 198setup_cmd() 199{ 200 local cmd="$*" 201 local rc 202 203 run_cmd ${cmd} 204 rc=$? 205 if [ $rc -ne 0 ]; then 206 # show user the command if not done so already 207 if [ "$VERBOSE" = "0" ]; then 208 echo "setup command: $cmd" 209 fi 210 echo "failed. stopping tests" 211 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 212 echo 213 echo "hit enter to continue" 214 read a 215 fi 216 exit $rc 217 fi 218} 219 220setup_cmd_nsb() 221{ 222 local cmd="$*" 223 local rc 224 225 run_cmd_nsb ${cmd} 226 rc=$? 227 if [ $rc -ne 0 ]; then 228 # show user the command if not done so already 229 if [ "$VERBOSE" = "0" ]; then 230 echo "setup command: $cmd" 231 fi 232 echo "failed. stopping tests" 233 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 234 echo 235 echo "hit enter to continue" 236 read a 237 fi 238 exit $rc 239 fi 240} 241 242# set sysctl values in NS-A 243set_sysctl() 244{ 245 echo "SYSCTL: $*" 246 echo 247 run_cmd sysctl -q -w $* 248} 249 250################################################################################ 251# Setup for tests 252 253addr2str() 254{ 255 case "$1" in 256 127.0.0.1) echo "loopback";; 257 ::1) echo "IPv6 loopback";; 258 259 ${NSA_IP}) echo "ns-A IP";; 260 ${NSA_IP6}) echo "ns-A IPv6";; 261 ${NSA_LO_IP}) echo "ns-A loopback IP";; 262 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";; 263 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";; 264 265 ${NSB_IP}) echo "ns-B IP";; 266 ${NSB_IP6}) echo "ns-B IPv6";; 267 ${NSB_LO_IP}) echo "ns-B loopback IP";; 268 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";; 269 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";; 270 271 ${VRF_IP}) echo "VRF IP";; 272 ${VRF_IP6}) echo "VRF IPv6";; 273 274 ${MCAST}%*) echo "multicast IP";; 275 276 *) echo "unknown";; 277 esac 278} 279 280get_linklocal() 281{ 282 local ns=$1 283 local dev=$2 284 local addr 285 286 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \ 287 awk '{ 288 for (i = 3; i <= NF; ++i) { 289 if ($i ~ /^fe80/) 290 print $i 291 } 292 }' 293 ) 294 addr=${addr/\/*} 295 296 [ -z "$addr" ] && return 1 297 298 echo $addr 299 300 return 0 301} 302 303################################################################################ 304# create namespaces and vrf 305 306create_vrf() 307{ 308 local ns=$1 309 local vrf=$2 310 local table=$3 311 local addr=$4 312 local addr6=$5 313 314 ip -netns ${ns} link add ${vrf} type vrf table ${table} 315 ip -netns ${ns} link set ${vrf} up 316 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192 317 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192 318 319 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf} 320 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad 321 if [ "${addr}" != "-" ]; then 322 ip -netns ${ns} addr add dev ${vrf} ${addr} 323 fi 324 if [ "${addr6}" != "-" ]; then 325 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6} 326 fi 327 328 ip -netns ${ns} ru del pref 0 329 ip -netns ${ns} ru add pref 32765 from all lookup local 330 ip -netns ${ns} -6 ru del pref 0 331 ip -netns ${ns} -6 ru add pref 32765 from all lookup local 332} 333 334create_ns() 335{ 336 local ns=$1 337 local addr=$2 338 local addr6=$3 339 340 ip netns add ${ns} 341 342 ip -netns ${ns} link set lo up 343 if [ "${addr}" != "-" ]; then 344 ip -netns ${ns} addr add dev lo ${addr} 345 fi 346 if [ "${addr6}" != "-" ]; then 347 ip -netns ${ns} -6 addr add dev lo ${addr6} 348 fi 349 350 ip -netns ${ns} ro add unreachable default metric 8192 351 ip -netns ${ns} -6 ro add unreachable default metric 8192 352 353 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1 354 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 355 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1 356 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1 357} 358 359# create veth pair to connect namespaces and apply addresses. 360connect_ns() 361{ 362 local ns1=$1 363 local ns1_dev=$2 364 local ns1_addr=$3 365 local ns1_addr6=$4 366 local ns2=$5 367 local ns2_dev=$6 368 local ns2_addr=$7 369 local ns2_addr6=$8 370 371 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp 372 ip -netns ${ns1} li set ${ns1_dev} up 373 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev} 374 ip -netns ${ns2} li set ${ns2_dev} up 375 376 if [ "${ns1_addr}" != "-" ]; then 377 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr} 378 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr} 379 fi 380 381 if [ "${ns1_addr6}" != "-" ]; then 382 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6} 383 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6} 384 fi 385} 386 387cleanup() 388{ 389 # explicit cleanups to check those code paths 390 ip netns | grep -q ${NSA} 391 if [ $? -eq 0 ]; then 392 ip -netns ${NSA} link delete ${VRF} 393 ip -netns ${NSA} ro flush table ${VRF_TABLE} 394 395 ip -netns ${NSA} addr flush dev ${NSA_DEV} 396 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV} 397 ip -netns ${NSA} link set dev ${NSA_DEV} down 398 ip -netns ${NSA} link del dev ${NSA_DEV} 399 400 ip netns del ${NSA} 401 fi 402 403 ip netns del ${NSB} 404} 405 406setup() 407{ 408 local with_vrf=${1} 409 410 # make sure we are starting with a clean slate 411 kill_procs 412 cleanup 2>/dev/null 413 414 log_debug "Configuring network namespaces" 415 set -e 416 417 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128 418 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128 419 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \ 420 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64 421 422 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV}) 423 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV}) 424 425 # tell ns-A how to get to remote addresses of ns-B 426 if [ "${with_vrf}" = "yes" ]; then 427 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6} 428 429 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF} 430 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 431 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 432 433 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 434 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 435 else 436 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 437 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 438 fi 439 440 441 # tell ns-B how to get to remote addresses of ns-A 442 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 443 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 444 445 set +e 446 447 sleep 1 448} 449 450################################################################################ 451# IPv4 452 453ipv4_ping_novrf() 454{ 455 local a 456 457 # 458 # out 459 # 460 for a in ${NSB_IP} ${NSB_LO_IP} 461 do 462 log_start 463 run_cmd ping -c1 -w1 ${a} 464 log_test_addr ${a} $? 0 "ping out" 465 466 log_start 467 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 468 log_test_addr ${a} $? 0 "ping out, device bind" 469 470 log_start 471 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a} 472 log_test_addr ${a} $? 0 "ping out, address bind" 473 done 474 475 # 476 # in 477 # 478 for a in ${NSA_IP} ${NSA_LO_IP} 479 do 480 log_start 481 run_cmd_nsb ping -c1 -w1 ${a} 482 log_test_addr ${a} $? 0 "ping in" 483 done 484 485 # 486 # local traffic 487 # 488 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 489 do 490 log_start 491 run_cmd ping -c1 -w1 ${a} 492 log_test_addr ${a} $? 0 "ping local" 493 done 494 495 # 496 # local traffic, socket bound to device 497 # 498 # address on device 499 a=${NSA_IP} 500 log_start 501 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 502 log_test_addr ${a} $? 0 "ping local, device bind" 503 504 # loopback addresses not reachable from device bind 505 # fails in a really weird way though because ipv4 special cases 506 # route lookups with oif set. 507 for a in ${NSA_LO_IP} 127.0.0.1 508 do 509 log_start 510 show_hint "Fails since address on loopback device is out of device scope" 511 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 512 log_test_addr ${a} $? 1 "ping local, device bind" 513 done 514 515 # 516 # ip rule blocks reachability to remote address 517 # 518 log_start 519 setup_cmd ip rule add pref 32765 from all lookup local 520 setup_cmd ip rule del pref 0 from all lookup local 521 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 522 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 523 524 a=${NSB_LO_IP} 525 run_cmd ping -c1 -w1 ${a} 526 log_test_addr ${a} $? 2 "ping out, blocked by rule" 527 528 # NOTE: ipv4 actually allows the lookup to fail and yet still create 529 # a viable rtable if the oif (e.g., bind to device) is set, so this 530 # case succeeds despite the rule 531 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 532 533 a=${NSA_LO_IP} 534 log_start 535 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule" 536 run_cmd_nsb ping -c1 -w1 ${a} 537 log_test_addr ${a} $? 1 "ping in, blocked by rule" 538 539 [ "$VERBOSE" = "1" ] && echo 540 setup_cmd ip rule del pref 32765 from all lookup local 541 setup_cmd ip rule add pref 0 from all lookup local 542 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 543 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 544 545 # 546 # route blocks reachability to remote address 547 # 548 log_start 549 setup_cmd ip route replace unreachable ${NSB_LO_IP} 550 setup_cmd ip route replace unreachable ${NSB_IP} 551 552 a=${NSB_LO_IP} 553 run_cmd ping -c1 -w1 ${a} 554 log_test_addr ${a} $? 2 "ping out, blocked by route" 555 556 # NOTE: ipv4 actually allows the lookup to fail and yet still create 557 # a viable rtable if the oif (e.g., bind to device) is set, so this 558 # case succeeds despite not having a route for the address 559 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 560 561 a=${NSA_LO_IP} 562 log_start 563 show_hint "Response is dropped (or arp request is ignored) due to ip route" 564 run_cmd_nsb ping -c1 -w1 ${a} 565 log_test_addr ${a} $? 1 "ping in, blocked by route" 566 567 # 568 # remove 'remote' routes; fallback to default 569 # 570 log_start 571 setup_cmd ip ro del ${NSB_LO_IP} 572 573 a=${NSB_LO_IP} 574 run_cmd ping -c1 -w1 ${a} 575 log_test_addr ${a} $? 2 "ping out, unreachable default route" 576 577 # NOTE: ipv4 actually allows the lookup to fail and yet still create 578 # a viable rtable if the oif (e.g., bind to device) is set, so this 579 # case succeeds despite not having a route for the address 580 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 581} 582 583ipv4_ping_vrf() 584{ 585 local a 586 587 # should default on; does not exist on older kernels 588 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 589 590 # 591 # out 592 # 593 for a in ${NSB_IP} ${NSB_LO_IP} 594 do 595 log_start 596 run_cmd ping -c1 -w1 -I ${VRF} ${a} 597 log_test_addr ${a} $? 0 "ping out, VRF bind" 598 599 log_start 600 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 601 log_test_addr ${a} $? 0 "ping out, device bind" 602 603 log_start 604 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a} 605 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind" 606 607 log_start 608 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a} 609 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind" 610 done 611 612 # 613 # in 614 # 615 for a in ${NSA_IP} ${VRF_IP} 616 do 617 log_start 618 run_cmd_nsb ping -c1 -w1 ${a} 619 log_test_addr ${a} $? 0 "ping in" 620 done 621 622 # 623 # local traffic, local address 624 # 625 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 626 do 627 log_start 628 show_hint "Source address should be ${a}" 629 run_cmd ping -c1 -w1 -I ${VRF} ${a} 630 log_test_addr ${a} $? 0 "ping local, VRF bind" 631 done 632 633 # 634 # local traffic, socket bound to device 635 # 636 # address on device 637 a=${NSA_IP} 638 log_start 639 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 640 log_test_addr ${a} $? 0 "ping local, device bind" 641 642 # vrf device is out of scope 643 for a in ${VRF_IP} 127.0.0.1 644 do 645 log_start 646 show_hint "Fails since address on vrf device is out of device scope" 647 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 648 log_test_addr ${a} $? 1 "ping local, device bind" 649 done 650 651 # 652 # ip rule blocks address 653 # 654 log_start 655 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 656 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 657 658 a=${NSB_LO_IP} 659 run_cmd ping -c1 -w1 -I ${VRF} ${a} 660 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule" 661 662 log_start 663 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 664 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 665 666 a=${NSA_LO_IP} 667 log_start 668 show_hint "Response lost due to ip rule" 669 run_cmd_nsb ping -c1 -w1 ${a} 670 log_test_addr ${a} $? 1 "ping in, blocked by rule" 671 672 [ "$VERBOSE" = "1" ] && echo 673 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 674 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 675 676 # 677 # remove 'remote' routes; fallback to default 678 # 679 log_start 680 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP} 681 682 a=${NSB_LO_IP} 683 run_cmd ping -c1 -w1 -I ${VRF} ${a} 684 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route" 685 686 log_start 687 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 688 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 689 690 a=${NSA_LO_IP} 691 log_start 692 show_hint "Response lost by unreachable route" 693 run_cmd_nsb ping -c1 -w1 ${a} 694 log_test_addr ${a} $? 1 "ping in, unreachable route" 695} 696 697ipv4_ping() 698{ 699 log_section "IPv4 ping" 700 701 log_subsection "No VRF" 702 setup 703 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 704 ipv4_ping_novrf 705 setup 706 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 707 ipv4_ping_novrf 708 709 log_subsection "With VRF" 710 setup "yes" 711 ipv4_ping_vrf 712} 713 714################################################################################ 715# IPv4 TCP 716 717ipv4_tcp_novrf() 718{ 719 local a 720 721 # 722 # server tests 723 # 724 for a in ${NSA_IP} ${NSA_LO_IP} 725 do 726 log_start 727 run_cmd nettest -s & 728 sleep 1 729 run_cmd_nsb nettest -r ${a} 730 log_test_addr ${a} $? 0 "Global server" 731 done 732 733 a=${NSA_IP} 734 log_start 735 run_cmd nettest -s -d ${NSA_DEV} & 736 sleep 1 737 run_cmd_nsb nettest -r ${a} 738 log_test_addr ${a} $? 0 "Device server" 739 740 # verify TCP reset sent and received 741 for a in ${NSA_IP} ${NSA_LO_IP} 742 do 743 log_start 744 show_hint "Should fail 'Connection refused' since there is no server" 745 run_cmd_nsb nettest -r ${a} 746 log_test_addr ${a} $? 1 "No server" 747 done 748 749 # 750 # client 751 # 752 for a in ${NSB_IP} ${NSB_LO_IP} 753 do 754 log_start 755 run_cmd_nsb nettest -s & 756 sleep 1 757 run_cmd nettest -r ${a} -0 ${NSA_IP} 758 log_test_addr ${a} $? 0 "Client" 759 760 log_start 761 run_cmd_nsb nettest -s & 762 sleep 1 763 run_cmd nettest -r ${a} -d ${NSA_DEV} 764 log_test_addr ${a} $? 0 "Client, device bind" 765 766 log_start 767 show_hint "Should fail 'Connection refused'" 768 run_cmd nettest -r ${a} 769 log_test_addr ${a} $? 1 "No server, unbound client" 770 771 log_start 772 show_hint "Should fail 'Connection refused'" 773 run_cmd nettest -r ${a} -d ${NSA_DEV} 774 log_test_addr ${a} $? 1 "No server, device client" 775 done 776 777 # 778 # local address tests 779 # 780 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 781 do 782 log_start 783 run_cmd nettest -s & 784 sleep 1 785 run_cmd nettest -r ${a} -0 ${a} -1 ${a} 786 log_test_addr ${a} $? 0 "Global server, local connection" 787 done 788 789 a=${NSA_IP} 790 log_start 791 run_cmd nettest -s -d ${NSA_DEV} & 792 sleep 1 793 run_cmd nettest -r ${a} -0 ${a} 794 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 795 796 for a in ${NSA_LO_IP} 127.0.0.1 797 do 798 log_start 799 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 800 run_cmd nettest -s -d ${NSA_DEV} & 801 sleep 1 802 run_cmd nettest -r ${a} 803 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 804 done 805 806 a=${NSA_IP} 807 log_start 808 run_cmd nettest -s & 809 sleep 1 810 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV} 811 log_test_addr ${a} $? 0 "Global server, device client, local connection" 812 813 for a in ${NSA_LO_IP} 127.0.0.1 814 do 815 log_start 816 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 817 run_cmd nettest -s & 818 sleep 1 819 run_cmd nettest -r ${a} -d ${NSA_DEV} 820 log_test_addr ${a} $? 1 "Global server, device client, local connection" 821 done 822 823 a=${NSA_IP} 824 log_start 825 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 826 sleep 1 827 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a} 828 log_test_addr ${a} $? 0 "Device server, device client, local connection" 829 830 log_start 831 show_hint "Should fail 'Connection refused'" 832 run_cmd nettest -d ${NSA_DEV} -r ${a} 833 log_test_addr ${a} $? 1 "No server, device client, local conn" 834} 835 836ipv4_tcp_vrf() 837{ 838 local a 839 840 # disable global server 841 log_subsection "Global server disabled" 842 843 set_sysctl net.ipv4.tcp_l3mdev_accept=0 844 845 # 846 # server tests 847 # 848 for a in ${NSA_IP} ${VRF_IP} 849 do 850 log_start 851 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 852 run_cmd nettest -s & 853 sleep 1 854 run_cmd_nsb nettest -r ${a} 855 log_test_addr ${a} $? 1 "Global server" 856 857 log_start 858 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 859 sleep 1 860 run_cmd_nsb nettest -r ${a} 861 log_test_addr ${a} $? 0 "VRF server" 862 863 log_start 864 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 865 sleep 1 866 run_cmd_nsb nettest -r ${a} 867 log_test_addr ${a} $? 0 "Device server" 868 869 # verify TCP reset received 870 log_start 871 show_hint "Should fail 'Connection refused' since there is no server" 872 run_cmd_nsb nettest -r ${a} 873 log_test_addr ${a} $? 1 "No server" 874 done 875 876 # local address tests 877 # (${VRF_IP} and 127.0.0.1 both timeout) 878 a=${NSA_IP} 879 log_start 880 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 881 run_cmd nettest -s & 882 sleep 1 883 run_cmd nettest -r ${a} -d ${NSA_DEV} 884 log_test_addr ${a} $? 1 "Global server, local connection" 885 886 # 887 # enable VRF global server 888 # 889 log_subsection "VRF Global server enabled" 890 set_sysctl net.ipv4.tcp_l3mdev_accept=1 891 892 for a in ${NSA_IP} ${VRF_IP} 893 do 894 log_start 895 show_hint "client socket should be bound to VRF" 896 run_cmd nettest -s -2 ${VRF} & 897 sleep 1 898 run_cmd_nsb nettest -r ${a} 899 log_test_addr ${a} $? 0 "Global server" 900 901 log_start 902 show_hint "client socket should be bound to VRF" 903 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 904 sleep 1 905 run_cmd_nsb nettest -r ${a} 906 log_test_addr ${a} $? 0 "VRF server" 907 908 # verify TCP reset received 909 log_start 910 show_hint "Should fail 'Connection refused'" 911 run_cmd_nsb nettest -r ${a} 912 log_test_addr ${a} $? 1 "No server" 913 done 914 915 a=${NSA_IP} 916 log_start 917 show_hint "client socket should be bound to device" 918 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 919 sleep 1 920 run_cmd_nsb nettest -r ${a} 921 log_test_addr ${a} $? 0 "Device server" 922 923 # local address tests 924 for a in ${NSA_IP} ${VRF_IP} 925 do 926 log_start 927 show_hint "Should fail 'No route to host' since client is not bound to VRF" 928 run_cmd nettest -s -2 ${VRF} & 929 sleep 1 930 run_cmd nettest -r ${a} 931 log_test_addr ${a} $? 1 "Global server, local connection" 932 done 933 934 # 935 # client 936 # 937 for a in ${NSB_IP} ${NSB_LO_IP} 938 do 939 log_start 940 run_cmd_nsb nettest -s & 941 sleep 1 942 run_cmd nettest -r ${a} -d ${VRF} 943 log_test_addr ${a} $? 0 "Client, VRF bind" 944 945 log_start 946 run_cmd_nsb nettest -s & 947 sleep 1 948 run_cmd nettest -r ${a} -d ${NSA_DEV} 949 log_test_addr ${a} $? 0 "Client, device bind" 950 951 log_start 952 show_hint "Should fail 'Connection refused'" 953 run_cmd nettest -r ${a} -d ${VRF} 954 log_test_addr ${a} $? 1 "No server, VRF client" 955 956 log_start 957 show_hint "Should fail 'Connection refused'" 958 run_cmd nettest -r ${a} -d ${NSA_DEV} 959 log_test_addr ${a} $? 1 "No server, device client" 960 done 961 962 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 963 do 964 log_start 965 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 966 sleep 1 967 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 968 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 969 done 970 971 a=${NSA_IP} 972 log_start 973 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 974 sleep 1 975 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 976 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 977 978 log_start 979 show_hint "Should fail 'No route to host' since client is out of VRF scope" 980 run_cmd nettest -s -d ${VRF} & 981 sleep 1 982 run_cmd nettest -r ${a} 983 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 984 985 log_start 986 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 987 sleep 1 988 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 989 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 990 991 log_start 992 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 993 sleep 1 994 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 995 log_test_addr ${a} $? 0 "Device server, device client, local connection" 996} 997 998ipv4_tcp() 999{ 1000 log_section "IPv4/TCP" 1001 log_subsection "No VRF" 1002 setup 1003 1004 # tcp_l3mdev_accept should have no affect without VRF; 1005 # run tests with it enabled and disabled to verify 1006 log_subsection "tcp_l3mdev_accept disabled" 1007 set_sysctl net.ipv4.tcp_l3mdev_accept=0 1008 ipv4_tcp_novrf 1009 log_subsection "tcp_l3mdev_accept enabled" 1010 set_sysctl net.ipv4.tcp_l3mdev_accept=1 1011 ipv4_tcp_novrf 1012 1013 log_subsection "With VRF" 1014 setup "yes" 1015 ipv4_tcp_vrf 1016} 1017 1018################################################################################ 1019# IPv4 UDP 1020 1021ipv4_udp_novrf() 1022{ 1023 local a 1024 1025 # 1026 # server tests 1027 # 1028 for a in ${NSA_IP} ${NSA_LO_IP} 1029 do 1030 log_start 1031 run_cmd nettest -D -s -2 ${NSA_DEV} & 1032 sleep 1 1033 run_cmd_nsb nettest -D -r ${a} 1034 log_test_addr ${a} $? 0 "Global server" 1035 1036 log_start 1037 show_hint "Should fail 'Connection refused' since there is no server" 1038 run_cmd_nsb nettest -D -r ${a} 1039 log_test_addr ${a} $? 1 "No server" 1040 done 1041 1042 a=${NSA_IP} 1043 log_start 1044 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1045 sleep 1 1046 run_cmd_nsb nettest -D -r ${a} 1047 log_test_addr ${a} $? 0 "Device server" 1048 1049 # 1050 # client 1051 # 1052 for a in ${NSB_IP} ${NSB_LO_IP} 1053 do 1054 log_start 1055 run_cmd_nsb nettest -D -s & 1056 sleep 1 1057 run_cmd nettest -D -r ${a} -0 ${NSA_IP} 1058 log_test_addr ${a} $? 0 "Client" 1059 1060 log_start 1061 run_cmd_nsb nettest -D -s & 1062 sleep 1 1063 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP} 1064 log_test_addr ${a} $? 0 "Client, device bind" 1065 1066 log_start 1067 run_cmd_nsb nettest -D -s & 1068 sleep 1 1069 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP} 1070 log_test_addr ${a} $? 0 "Client, device send via cmsg" 1071 1072 log_start 1073 run_cmd_nsb nettest -D -s & 1074 sleep 1 1075 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} 1076 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF" 1077 1078 log_start 1079 show_hint "Should fail 'Connection refused'" 1080 run_cmd nettest -D -r ${a} 1081 log_test_addr ${a} $? 1 "No server, unbound client" 1082 1083 log_start 1084 show_hint "Should fail 'Connection refused'" 1085 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1086 log_test_addr ${a} $? 1 "No server, device client" 1087 done 1088 1089 # 1090 # local address tests 1091 # 1092 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 1093 do 1094 log_start 1095 run_cmd nettest -D -s & 1096 sleep 1 1097 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a} 1098 log_test_addr ${a} $? 0 "Global server, local connection" 1099 done 1100 1101 a=${NSA_IP} 1102 log_start 1103 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1104 sleep 1 1105 run_cmd nettest -D -r ${a} 1106 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 1107 1108 for a in ${NSA_LO_IP} 127.0.0.1 1109 do 1110 log_start 1111 show_hint "Should fail 'Connection refused' since address is out of device scope" 1112 run_cmd nettest -s -D -d ${NSA_DEV} & 1113 sleep 1 1114 run_cmd nettest -D -r ${a} 1115 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 1116 done 1117 1118 a=${NSA_IP} 1119 log_start 1120 run_cmd nettest -s -D & 1121 sleep 1 1122 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1123 log_test_addr ${a} $? 0 "Global server, device client, local connection" 1124 1125 log_start 1126 run_cmd nettest -s -D & 1127 sleep 1 1128 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a} 1129 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 1130 1131 log_start 1132 run_cmd nettest -s -D & 1133 sleep 1 1134 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} 1135 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection" 1136 1137 # IPv4 with device bind has really weird behavior - it overrides the 1138 # fib lookup, generates an rtable and tries to send the packet. This 1139 # causes failures for local traffic at different places 1140 for a in ${NSA_LO_IP} 127.0.0.1 1141 do 1142 log_start 1143 show_hint "Should fail since addresses on loopback are out of device scope" 1144 run_cmd nettest -D -s & 1145 sleep 1 1146 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1147 log_test_addr ${a} $? 2 "Global server, device client, local connection" 1148 1149 log_start 1150 show_hint "Should fail since addresses on loopback are out of device scope" 1151 run_cmd nettest -D -s & 1152 sleep 1 1153 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C 1154 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 1155 1156 log_start 1157 show_hint "Should fail since addresses on loopback are out of device scope" 1158 run_cmd nettest -D -s & 1159 sleep 1 1160 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S 1161 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 1162 done 1163 1164 a=${NSA_IP} 1165 log_start 1166 run_cmd nettest -D -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1167 sleep 1 1168 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a} 1169 log_test_addr ${a} $? 0 "Device server, device client, local conn" 1170 1171 log_start 1172 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1173 log_test_addr ${a} $? 2 "No server, device client, local conn" 1174} 1175 1176ipv4_udp_vrf() 1177{ 1178 local a 1179 1180 # disable global server 1181 log_subsection "Global server disabled" 1182 set_sysctl net.ipv4.udp_l3mdev_accept=0 1183 1184 # 1185 # server tests 1186 # 1187 for a in ${NSA_IP} ${VRF_IP} 1188 do 1189 log_start 1190 show_hint "Fails because ingress is in a VRF and global server is disabled" 1191 run_cmd nettest -D -s & 1192 sleep 1 1193 run_cmd_nsb nettest -D -r ${a} 1194 log_test_addr ${a} $? 1 "Global server" 1195 1196 log_start 1197 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} & 1198 sleep 1 1199 run_cmd_nsb nettest -D -r ${a} 1200 log_test_addr ${a} $? 0 "VRF server" 1201 1202 log_start 1203 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1204 sleep 1 1205 run_cmd_nsb nettest -D -r ${a} 1206 log_test_addr ${a} $? 0 "Enslaved device server" 1207 1208 log_start 1209 show_hint "Should fail 'Connection refused' since there is no server" 1210 run_cmd_nsb nettest -D -r ${a} 1211 log_test_addr ${a} $? 1 "No server" 1212 1213 log_start 1214 show_hint "Should fail 'Connection refused' since global server is out of scope" 1215 run_cmd nettest -D -s & 1216 sleep 1 1217 run_cmd nettest -D -d ${VRF} -r ${a} 1218 log_test_addr ${a} $? 1 "Global server, VRF client, local connection" 1219 done 1220 1221 a=${NSA_IP} 1222 log_start 1223 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1224 sleep 1 1225 run_cmd nettest -D -d ${VRF} -r ${a} 1226 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1227 1228 log_start 1229 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1230 sleep 1 1231 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1232 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection" 1233 1234 a=${NSA_IP} 1235 log_start 1236 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1237 sleep 1 1238 run_cmd nettest -D -d ${VRF} -r ${a} 1239 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1240 1241 log_start 1242 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1243 sleep 1 1244 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1245 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1246 1247 # enable global server 1248 log_subsection "Global server enabled" 1249 set_sysctl net.ipv4.udp_l3mdev_accept=1 1250 1251 # 1252 # server tests 1253 # 1254 for a in ${NSA_IP} ${VRF_IP} 1255 do 1256 log_start 1257 run_cmd nettest -D -s -2 ${NSA_DEV} & 1258 sleep 1 1259 run_cmd_nsb nettest -D -r ${a} 1260 log_test_addr ${a} $? 0 "Global server" 1261 1262 log_start 1263 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} & 1264 sleep 1 1265 run_cmd_nsb nettest -D -r ${a} 1266 log_test_addr ${a} $? 0 "VRF server" 1267 1268 log_start 1269 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1270 sleep 1 1271 run_cmd_nsb nettest -D -r ${a} 1272 log_test_addr ${a} $? 0 "Enslaved device server" 1273 1274 log_start 1275 show_hint "Should fail 'Connection refused'" 1276 run_cmd_nsb nettest -D -r ${a} 1277 log_test_addr ${a} $? 1 "No server" 1278 done 1279 1280 # 1281 # client tests 1282 # 1283 log_start 1284 run_cmd_nsb nettest -D -s & 1285 sleep 1 1286 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP} 1287 log_test $? 0 "VRF client" 1288 1289 log_start 1290 run_cmd_nsb nettest -D -s & 1291 sleep 1 1292 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP} 1293 log_test $? 0 "Enslaved device client" 1294 1295 # negative test - should fail 1296 log_start 1297 show_hint "Should fail 'Connection refused'" 1298 run_cmd nettest -D -d ${VRF} -r ${NSB_IP} 1299 log_test $? 1 "No server, VRF client" 1300 1301 log_start 1302 show_hint "Should fail 'Connection refused'" 1303 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP} 1304 log_test $? 1 "No server, enslaved device client" 1305 1306 # 1307 # local address tests 1308 # 1309 a=${NSA_IP} 1310 log_start 1311 run_cmd nettest -D -s -2 ${NSA_DEV} & 1312 sleep 1 1313 run_cmd nettest -D -d ${VRF} -r ${a} 1314 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1315 1316 log_start 1317 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1318 sleep 1 1319 run_cmd nettest -D -d ${VRF} -r ${a} 1320 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1321 1322 log_start 1323 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1324 sleep 1 1325 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1326 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 1327 1328 log_start 1329 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1330 sleep 1 1331 run_cmd nettest -D -d ${VRF} -r ${a} 1332 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1333 1334 log_start 1335 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1336 sleep 1 1337 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1338 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1339 1340 for a in ${VRF_IP} 127.0.0.1 1341 do 1342 log_start 1343 run_cmd nettest -D -s -2 ${VRF} & 1344 sleep 1 1345 run_cmd nettest -D -d ${VRF} -r ${a} 1346 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1347 done 1348 1349 for a in ${VRF_IP} 127.0.0.1 1350 do 1351 log_start 1352 run_cmd nettest -s -D -d ${VRF} -2 ${VRF} & 1353 sleep 1 1354 run_cmd nettest -D -d ${VRF} -r ${a} 1355 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1356 done 1357 1358 # negative test - should fail 1359 # verifies ECONNREFUSED 1360 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 1361 do 1362 log_start 1363 show_hint "Should fail 'Connection refused'" 1364 run_cmd nettest -D -d ${VRF} -r ${a} 1365 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 1366 done 1367} 1368 1369ipv4_udp() 1370{ 1371 log_section "IPv4/UDP" 1372 log_subsection "No VRF" 1373 1374 setup 1375 1376 # udp_l3mdev_accept should have no affect without VRF; 1377 # run tests with it enabled and disabled to verify 1378 log_subsection "udp_l3mdev_accept disabled" 1379 set_sysctl net.ipv4.udp_l3mdev_accept=0 1380 ipv4_udp_novrf 1381 log_subsection "udp_l3mdev_accept enabled" 1382 set_sysctl net.ipv4.udp_l3mdev_accept=1 1383 ipv4_udp_novrf 1384 1385 log_subsection "With VRF" 1386 setup "yes" 1387 ipv4_udp_vrf 1388} 1389 1390################################################################################ 1391# IPv4 address bind 1392# 1393# verifies ability or inability to bind to an address / device 1394 1395ipv4_addr_bind_novrf() 1396{ 1397 # 1398 # raw socket 1399 # 1400 for a in ${NSA_IP} ${NSA_LO_IP} 1401 do 1402 log_start 1403 run_cmd nettest -s -R -P icmp -l ${a} -b 1404 log_test_addr ${a} $? 0 "Raw socket bind to local address" 1405 1406 log_start 1407 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b 1408 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1409 done 1410 1411 # 1412 # tcp sockets 1413 # 1414 a=${NSA_IP} 1415 log_start 1416 run_cmd nettest -l ${a} -r ${NSB_IP} -t1 -b 1417 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1418 1419 log_start 1420 run_cmd nettest -l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b 1421 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1422 1423 # Sadly, the kernel allows binding a socket to a device and then 1424 # binding to an address not on the device. The only restriction 1425 # is that the address is valid in the L3 domain. So this test 1426 # passes when it really should not 1427 #a=${NSA_LO_IP} 1428 #log_start 1429 #show_hint "Should fail with 'Cannot assign requested address'" 1430 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1431 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address" 1432} 1433 1434ipv4_addr_bind_vrf() 1435{ 1436 # 1437 # raw socket 1438 # 1439 for a in ${NSA_IP} ${VRF_IP} 1440 do 1441 log_start 1442 run_cmd nettest -s -R -P icmp -l ${a} -b 1443 log_test_addr ${a} $? 0 "Raw socket bind to local address" 1444 1445 log_start 1446 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b 1447 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1448 log_start 1449 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b 1450 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind" 1451 done 1452 1453 a=${NSA_LO_IP} 1454 log_start 1455 show_hint "Address on loopback is out of VRF scope" 1456 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b 1457 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind" 1458 1459 # 1460 # tcp sockets 1461 # 1462 for a in ${NSA_IP} ${VRF_IP} 1463 do 1464 log_start 1465 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b 1466 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1467 1468 log_start 1469 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1470 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1471 done 1472 1473 a=${NSA_LO_IP} 1474 log_start 1475 show_hint "Address on loopback out of scope for VRF" 1476 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b 1477 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 1478 1479 log_start 1480 show_hint "Address on loopback out of scope for device in VRF" 1481 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1482 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 1483} 1484 1485ipv4_addr_bind() 1486{ 1487 log_section "IPv4 address binds" 1488 1489 log_subsection "No VRF" 1490 setup 1491 ipv4_addr_bind_novrf 1492 1493 log_subsection "With VRF" 1494 setup "yes" 1495 ipv4_addr_bind_vrf 1496} 1497 1498################################################################################ 1499# IPv4 runtime tests 1500 1501ipv4_rt() 1502{ 1503 local desc="$1" 1504 local varg="$2" 1505 local with_vrf="yes" 1506 local a 1507 1508 # 1509 # server tests 1510 # 1511 for a in ${NSA_IP} ${VRF_IP} 1512 do 1513 log_start 1514 run_cmd nettest ${varg} -s & 1515 sleep 1 1516 run_cmd_nsb nettest ${varg} -r ${a} & 1517 sleep 3 1518 run_cmd ip link del ${VRF} 1519 sleep 1 1520 log_test_addr ${a} 0 0 "${desc}, global server" 1521 1522 setup ${with_vrf} 1523 done 1524 1525 for a in ${NSA_IP} ${VRF_IP} 1526 do 1527 log_start 1528 run_cmd nettest ${varg} -s -d ${VRF} & 1529 sleep 1 1530 run_cmd_nsb nettest ${varg} -r ${a} & 1531 sleep 3 1532 run_cmd ip link del ${VRF} 1533 sleep 1 1534 log_test_addr ${a} 0 0 "${desc}, VRF server" 1535 1536 setup ${with_vrf} 1537 done 1538 1539 a=${NSA_IP} 1540 log_start 1541 run_cmd nettest ${varg} -s -d ${NSA_DEV} & 1542 sleep 1 1543 run_cmd_nsb nettest ${varg} -r ${a} & 1544 sleep 3 1545 run_cmd ip link del ${VRF} 1546 sleep 1 1547 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 1548 1549 setup ${with_vrf} 1550 1551 # 1552 # client test 1553 # 1554 log_start 1555 run_cmd_nsb nettest ${varg} -s & 1556 sleep 1 1557 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} & 1558 sleep 3 1559 run_cmd ip link del ${VRF} 1560 sleep 1 1561 log_test_addr ${a} 0 0 "${desc}, VRF client" 1562 1563 setup ${with_vrf} 1564 1565 log_start 1566 run_cmd_nsb nettest ${varg} -s & 1567 sleep 1 1568 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} & 1569 sleep 3 1570 run_cmd ip link del ${VRF} 1571 sleep 1 1572 log_test_addr ${a} 0 0 "${desc}, enslaved device client" 1573 1574 setup ${with_vrf} 1575 1576 # 1577 # local address tests 1578 # 1579 for a in ${NSA_IP} ${VRF_IP} 1580 do 1581 log_start 1582 run_cmd nettest ${varg} -s & 1583 sleep 1 1584 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1585 sleep 3 1586 run_cmd ip link del ${VRF} 1587 sleep 1 1588 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local" 1589 1590 setup ${with_vrf} 1591 done 1592 1593 for a in ${NSA_IP} ${VRF_IP} 1594 do 1595 log_start 1596 run_cmd nettest ${varg} -d ${VRF} -s & 1597 sleep 1 1598 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1599 sleep 3 1600 run_cmd ip link del ${VRF} 1601 sleep 1 1602 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local" 1603 1604 setup ${with_vrf} 1605 done 1606 1607 a=${NSA_IP} 1608 log_start 1609 run_cmd nettest ${varg} -s & 1610 sleep 1 1611 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1612 sleep 3 1613 run_cmd ip link del ${VRF} 1614 sleep 1 1615 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local" 1616 1617 setup ${with_vrf} 1618 1619 log_start 1620 run_cmd nettest ${varg} -d ${VRF} -s & 1621 sleep 1 1622 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1623 sleep 3 1624 run_cmd ip link del ${VRF} 1625 sleep 1 1626 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local" 1627 1628 setup ${with_vrf} 1629 1630 log_start 1631 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 1632 sleep 1 1633 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1634 sleep 3 1635 run_cmd ip link del ${VRF} 1636 sleep 1 1637 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local" 1638} 1639 1640ipv4_ping_rt() 1641{ 1642 local with_vrf="yes" 1643 local a 1644 1645 for a in ${NSA_IP} ${VRF_IP} 1646 do 1647 log_start 1648 run_cmd_nsb ping -f ${a} & 1649 sleep 3 1650 run_cmd ip link del ${VRF} 1651 sleep 1 1652 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 1653 1654 setup ${with_vrf} 1655 done 1656 1657 a=${NSB_IP} 1658 log_start 1659 run_cmd ping -f -I ${VRF} ${a} & 1660 sleep 3 1661 run_cmd ip link del ${VRF} 1662 sleep 1 1663 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 1664} 1665 1666ipv4_runtime() 1667{ 1668 log_section "Run time tests - ipv4" 1669 1670 setup "yes" 1671 ipv4_ping_rt 1672 1673 setup "yes" 1674 ipv4_rt "TCP active socket" "-n -1" 1675 1676 setup "yes" 1677 ipv4_rt "TCP passive socket" "-i" 1678} 1679 1680################################################################################ 1681# IPv6 1682 1683ipv6_ping_novrf() 1684{ 1685 local a 1686 1687 # should not have an impact, but make a known state 1688 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 1689 1690 # 1691 # out 1692 # 1693 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1694 do 1695 log_start 1696 run_cmd ${ping6} -c1 -w1 ${a} 1697 log_test_addr ${a} $? 0 "ping out" 1698 done 1699 1700 for a in ${NSB_IP6} ${NSB_LO_IP6} 1701 do 1702 log_start 1703 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1704 log_test_addr ${a} $? 0 "ping out, device bind" 1705 1706 log_start 1707 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a} 1708 log_test_addr ${a} $? 0 "ping out, loopback address bind" 1709 done 1710 1711 # 1712 # in 1713 # 1714 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 1715 do 1716 log_start 1717 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1718 log_test_addr ${a} $? 0 "ping in" 1719 done 1720 1721 # 1722 # local traffic, local address 1723 # 1724 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1725 do 1726 log_start 1727 run_cmd ${ping6} -c1 -w1 ${a} 1728 log_test_addr ${a} $? 0 "ping local, no bind" 1729 done 1730 1731 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1732 do 1733 log_start 1734 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1735 log_test_addr ${a} $? 0 "ping local, device bind" 1736 done 1737 1738 for a in ${NSA_LO_IP6} ::1 1739 do 1740 log_start 1741 show_hint "Fails since address on loopback is out of device scope" 1742 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1743 log_test_addr ${a} $? 2 "ping local, device bind" 1744 done 1745 1746 # 1747 # ip rule blocks address 1748 # 1749 log_start 1750 setup_cmd ip -6 rule add pref 32765 from all lookup local 1751 setup_cmd ip -6 rule del pref 0 from all lookup local 1752 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 1753 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 1754 1755 a=${NSB_LO_IP6} 1756 run_cmd ${ping6} -c1 -w1 ${a} 1757 log_test_addr ${a} $? 2 "ping out, blocked by rule" 1758 1759 log_start 1760 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1761 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 1762 1763 a=${NSA_LO_IP6} 1764 log_start 1765 show_hint "Response lost due to ip rule" 1766 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1767 log_test_addr ${a} $? 1 "ping in, blocked by rule" 1768 1769 setup_cmd ip -6 rule add pref 0 from all lookup local 1770 setup_cmd ip -6 rule del pref 32765 from all lookup local 1771 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 1772 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 1773 1774 # 1775 # route blocks reachability to remote address 1776 # 1777 log_start 1778 setup_cmd ip -6 route del ${NSB_LO_IP6} 1779 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10 1780 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10 1781 1782 a=${NSB_LO_IP6} 1783 run_cmd ${ping6} -c1 -w1 ${a} 1784 log_test_addr ${a} $? 2 "ping out, blocked by route" 1785 1786 log_start 1787 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1788 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route" 1789 1790 a=${NSA_LO_IP6} 1791 log_start 1792 show_hint "Response lost due to ip route" 1793 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1794 log_test_addr ${a} $? 1 "ping in, blocked by route" 1795 1796 1797 # 1798 # remove 'remote' routes; fallback to default 1799 # 1800 log_start 1801 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6} 1802 setup_cmd ip -6 ro del unreachable ${NSB_IP6} 1803 1804 a=${NSB_LO_IP6} 1805 run_cmd ${ping6} -c1 -w1 ${a} 1806 log_test_addr ${a} $? 2 "ping out, unreachable route" 1807 1808 log_start 1809 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1810 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 1811} 1812 1813ipv6_ping_vrf() 1814{ 1815 local a 1816 1817 # should default on; does not exist on older kernels 1818 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 1819 1820 # 1821 # out 1822 # 1823 for a in ${NSB_IP6} ${NSB_LO_IP6} 1824 do 1825 log_start 1826 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 1827 log_test_addr ${a} $? 0 "ping out, VRF bind" 1828 done 1829 1830 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF} 1831 do 1832 log_start 1833 show_hint "Fails since VRF device does not support linklocal or multicast" 1834 run_cmd ${ping6} -c1 -w1 ${a} 1835 log_test_addr ${a} $? 2 "ping out, VRF bind" 1836 done 1837 1838 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1839 do 1840 log_start 1841 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1842 log_test_addr ${a} $? 0 "ping out, device bind" 1843 done 1844 1845 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 1846 do 1847 log_start 1848 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a} 1849 log_test_addr ${a} $? 0 "ping out, vrf device+address bind" 1850 done 1851 1852 # 1853 # in 1854 # 1855 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 1856 do 1857 log_start 1858 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1859 log_test_addr ${a} $? 0 "ping in" 1860 done 1861 1862 a=${NSA_LO_IP6} 1863 log_start 1864 show_hint "Fails since loopback address is out of VRF scope" 1865 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1866 log_test_addr ${a} $? 1 "ping in" 1867 1868 # 1869 # local traffic, local address 1870 # 1871 for a in ${NSA_IP6} ${VRF_IP6} ::1 1872 do 1873 log_start 1874 show_hint "Source address should be ${a}" 1875 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 1876 log_test_addr ${a} $? 0 "ping local, VRF bind" 1877 done 1878 1879 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1880 do 1881 log_start 1882 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1883 log_test_addr ${a} $? 0 "ping local, device bind" 1884 done 1885 1886 # LLA to GUA - remove ipv6 global addresses from ns-B 1887 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 1888 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo 1889 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 1890 1891 for a in ${NSA_IP6} ${VRF_IP6} 1892 do 1893 log_start 1894 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 1895 log_test_addr ${a} $? 0 "ping in, LLA to GUA" 1896 done 1897 1898 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 1899 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} 1900 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo 1901 1902 # 1903 # ip rule blocks address 1904 # 1905 log_start 1906 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 1907 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 1908 1909 a=${NSB_LO_IP6} 1910 run_cmd ${ping6} -c1 -w1 ${a} 1911 log_test_addr ${a} $? 2 "ping out, blocked by rule" 1912 1913 log_start 1914 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1915 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 1916 1917 a=${NSA_LO_IP6} 1918 log_start 1919 show_hint "Response lost due to ip rule" 1920 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1921 log_test_addr ${a} $? 1 "ping in, blocked by rule" 1922 1923 log_start 1924 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 1925 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 1926 1927 # 1928 # remove 'remote' routes; fallback to default 1929 # 1930 log_start 1931 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF} 1932 1933 a=${NSB_LO_IP6} 1934 run_cmd ${ping6} -c1 -w1 ${a} 1935 log_test_addr ${a} $? 2 "ping out, unreachable route" 1936 1937 log_start 1938 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1939 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 1940 1941 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6} 1942 a=${NSA_LO_IP6} 1943 log_start 1944 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1945 log_test_addr ${a} $? 2 "ping in, unreachable route" 1946} 1947 1948ipv6_ping() 1949{ 1950 log_section "IPv6 ping" 1951 1952 log_subsection "No VRF" 1953 setup 1954 ipv6_ping_novrf 1955 1956 log_subsection "With VRF" 1957 setup "yes" 1958 ipv6_ping_vrf 1959} 1960 1961################################################################################ 1962# IPv6 TCP 1963 1964ipv6_tcp_novrf() 1965{ 1966 local a 1967 1968 # 1969 # server tests 1970 # 1971 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 1972 do 1973 log_start 1974 run_cmd nettest -6 -s & 1975 sleep 1 1976 run_cmd_nsb nettest -6 -r ${a} 1977 log_test_addr ${a} $? 0 "Global server" 1978 done 1979 1980 # verify TCP reset received 1981 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 1982 do 1983 log_start 1984 show_hint "Should fail 'Connection refused'" 1985 run_cmd_nsb nettest -6 -r ${a} 1986 log_test_addr ${a} $? 1 "No server" 1987 done 1988 1989 # 1990 # client 1991 # 1992 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 1993 do 1994 log_start 1995 run_cmd_nsb nettest -6 -s & 1996 sleep 1 1997 run_cmd nettest -6 -r ${a} 1998 log_test_addr ${a} $? 0 "Client" 1999 done 2000 2001 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2002 do 2003 log_start 2004 run_cmd_nsb nettest -6 -s & 2005 sleep 1 2006 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2007 log_test_addr ${a} $? 0 "Client, device bind" 2008 done 2009 2010 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2011 do 2012 log_start 2013 show_hint "Should fail 'Connection refused'" 2014 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2015 log_test_addr ${a} $? 1 "No server, device client" 2016 done 2017 2018 # 2019 # local address tests 2020 # 2021 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2022 do 2023 log_start 2024 run_cmd nettest -6 -s & 2025 sleep 1 2026 run_cmd nettest -6 -r ${a} 2027 log_test_addr ${a} $? 0 "Global server, local connection" 2028 done 2029 2030 a=${NSA_IP6} 2031 log_start 2032 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2033 sleep 1 2034 run_cmd nettest -6 -r ${a} -0 ${a} 2035 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2036 2037 for a in ${NSA_LO_IP6} ::1 2038 do 2039 log_start 2040 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2041 run_cmd nettest -6 -s -d ${NSA_DEV} & 2042 sleep 1 2043 run_cmd nettest -6 -r ${a} 2044 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 2045 done 2046 2047 a=${NSA_IP6} 2048 log_start 2049 run_cmd nettest -6 -s & 2050 sleep 1 2051 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2052 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2053 2054 for a in ${NSA_LO_IP6} ::1 2055 do 2056 log_start 2057 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2058 run_cmd nettest -6 -s & 2059 sleep 1 2060 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2061 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2062 done 2063 2064 for a in ${NSA_IP6} ${NSA_LINKIP6} 2065 do 2066 log_start 2067 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2068 sleep 1 2069 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2070 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2071 done 2072 2073 for a in ${NSA_IP6} ${NSA_LINKIP6} 2074 do 2075 log_start 2076 show_hint "Should fail 'Connection refused'" 2077 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2078 log_test_addr ${a} $? 1 "No server, device client, local conn" 2079 done 2080} 2081 2082ipv6_tcp_vrf() 2083{ 2084 local a 2085 2086 # disable global server 2087 log_subsection "Global server disabled" 2088 2089 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2090 2091 # 2092 # server tests 2093 # 2094 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2095 do 2096 log_start 2097 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2098 run_cmd nettest -6 -s & 2099 sleep 1 2100 run_cmd_nsb nettest -6 -r ${a} 2101 log_test_addr ${a} $? 1 "Global server" 2102 done 2103 2104 for a in ${NSA_IP6} ${VRF_IP6} 2105 do 2106 log_start 2107 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2108 sleep 1 2109 run_cmd_nsb nettest -6 -r ${a} 2110 log_test_addr ${a} $? 0 "VRF server" 2111 done 2112 2113 # link local is always bound to ingress device 2114 a=${NSA_LINKIP6}%${NSB_DEV} 2115 log_start 2116 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} & 2117 sleep 1 2118 run_cmd_nsb nettest -6 -r ${a} 2119 log_test_addr ${a} $? 0 "VRF server" 2120 2121 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2122 do 2123 log_start 2124 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2125 sleep 1 2126 run_cmd_nsb nettest -6 -r ${a} 2127 log_test_addr ${a} $? 0 "Device server" 2128 done 2129 2130 # verify TCP reset received 2131 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2132 do 2133 log_start 2134 show_hint "Should fail 'Connection refused'" 2135 run_cmd_nsb nettest -6 -r ${a} 2136 log_test_addr ${a} $? 1 "No server" 2137 done 2138 2139 # local address tests 2140 a=${NSA_IP6} 2141 log_start 2142 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2143 run_cmd nettest -6 -s & 2144 sleep 1 2145 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2146 log_test_addr ${a} $? 1 "Global server, local connection" 2147 2148 # 2149 # enable VRF global server 2150 # 2151 log_subsection "VRF Global server enabled" 2152 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2153 2154 for a in ${NSA_IP6} ${VRF_IP6} 2155 do 2156 log_start 2157 run_cmd nettest -6 -s -2 ${VRF} & 2158 sleep 1 2159 run_cmd_nsb nettest -6 -r ${a} 2160 log_test_addr ${a} $? 0 "Global server" 2161 done 2162 2163 for a in ${NSA_IP6} ${VRF_IP6} 2164 do 2165 log_start 2166 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2167 sleep 1 2168 run_cmd_nsb nettest -6 -r ${a} 2169 log_test_addr ${a} $? 0 "VRF server" 2170 done 2171 2172 # For LLA, child socket is bound to device 2173 a=${NSA_LINKIP6}%${NSB_DEV} 2174 log_start 2175 run_cmd nettest -6 -s -2 ${NSA_DEV} & 2176 sleep 1 2177 run_cmd_nsb nettest -6 -r ${a} 2178 log_test_addr ${a} $? 0 "Global server" 2179 2180 log_start 2181 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} & 2182 sleep 1 2183 run_cmd_nsb nettest -6 -r ${a} 2184 log_test_addr ${a} $? 0 "VRF server" 2185 2186 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2187 do 2188 log_start 2189 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2190 sleep 1 2191 run_cmd_nsb nettest -6 -r ${a} 2192 log_test_addr ${a} $? 0 "Device server" 2193 done 2194 2195 # verify TCP reset received 2196 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2197 do 2198 log_start 2199 show_hint "Should fail 'Connection refused'" 2200 run_cmd_nsb nettest -6 -r ${a} 2201 log_test_addr ${a} $? 1 "No server" 2202 done 2203 2204 # local address tests 2205 for a in ${NSA_IP6} ${VRF_IP6} 2206 do 2207 log_start 2208 show_hint "Fails 'No route to host' since client is not in VRF" 2209 run_cmd nettest -6 -s -2 ${VRF} & 2210 sleep 1 2211 run_cmd nettest -6 -r ${a} 2212 log_test_addr ${a} $? 1 "Global server, local connection" 2213 done 2214 2215 2216 # 2217 # client 2218 # 2219 for a in ${NSB_IP6} ${NSB_LO_IP6} 2220 do 2221 log_start 2222 run_cmd_nsb nettest -6 -s & 2223 sleep 1 2224 run_cmd nettest -6 -r ${a} -d ${VRF} 2225 log_test_addr ${a} $? 0 "Client, VRF bind" 2226 done 2227 2228 a=${NSB_LINKIP6} 2229 log_start 2230 show_hint "Fails since VRF device does not allow linklocal addresses" 2231 run_cmd_nsb nettest -6 -s & 2232 sleep 1 2233 run_cmd nettest -6 -r ${a} -d ${VRF} 2234 log_test_addr ${a} $? 1 "Client, VRF bind" 2235 2236 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2237 do 2238 log_start 2239 run_cmd_nsb nettest -6 -s & 2240 sleep 1 2241 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2242 log_test_addr ${a} $? 0 "Client, device bind" 2243 done 2244 2245 for a in ${NSB_IP6} ${NSB_LO_IP6} 2246 do 2247 log_start 2248 show_hint "Should fail 'Connection refused'" 2249 run_cmd nettest -6 -r ${a} -d ${VRF} 2250 log_test_addr ${a} $? 1 "No server, VRF client" 2251 done 2252 2253 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2254 do 2255 log_start 2256 show_hint "Should fail 'Connection refused'" 2257 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2258 log_test_addr ${a} $? 1 "No server, device client" 2259 done 2260 2261 for a in ${NSA_IP6} ${VRF_IP6} ::1 2262 do 2263 log_start 2264 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2265 sleep 1 2266 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2267 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 2268 done 2269 2270 a=${NSA_IP6} 2271 log_start 2272 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2273 sleep 1 2274 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2275 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 2276 2277 a=${NSA_IP6} 2278 log_start 2279 show_hint "Should fail since unbound client is out of VRF scope" 2280 run_cmd nettest -6 -s -d ${VRF} & 2281 sleep 1 2282 run_cmd nettest -6 -r ${a} 2283 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 2284 2285 log_start 2286 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2287 sleep 1 2288 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2289 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 2290 2291 for a in ${NSA_IP6} ${NSA_LINKIP6} 2292 do 2293 log_start 2294 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2295 sleep 1 2296 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2297 log_test_addr ${a} $? 0 "Device server, device client, local connection" 2298 done 2299} 2300 2301ipv6_tcp() 2302{ 2303 log_section "IPv6/TCP" 2304 log_subsection "No VRF" 2305 setup 2306 2307 # tcp_l3mdev_accept should have no affect without VRF; 2308 # run tests with it enabled and disabled to verify 2309 log_subsection "tcp_l3mdev_accept disabled" 2310 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2311 ipv6_tcp_novrf 2312 log_subsection "tcp_l3mdev_accept enabled" 2313 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2314 ipv6_tcp_novrf 2315 2316 log_subsection "With VRF" 2317 setup "yes" 2318 ipv6_tcp_vrf 2319} 2320 2321################################################################################ 2322# IPv6 UDP 2323 2324ipv6_udp_novrf() 2325{ 2326 local a 2327 2328 # 2329 # server tests 2330 # 2331 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2332 do 2333 log_start 2334 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2335 sleep 1 2336 run_cmd_nsb nettest -6 -D -r ${a} 2337 log_test_addr ${a} $? 0 "Global server" 2338 2339 log_start 2340 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2341 sleep 1 2342 run_cmd_nsb nettest -6 -D -r ${a} 2343 log_test_addr ${a} $? 0 "Device server" 2344 done 2345 2346 a=${NSA_LO_IP6} 2347 log_start 2348 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2349 sleep 1 2350 run_cmd_nsb nettest -6 -D -r ${a} 2351 log_test_addr ${a} $? 0 "Global server" 2352 2353 # should fail since loopback address is out of scope for a device 2354 # bound server, but it does not - hence this is more documenting 2355 # behavior. 2356 #log_start 2357 #show_hint "Should fail since loopback address is out of scope" 2358 #run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2359 #sleep 1 2360 #run_cmd_nsb nettest -6 -D -r ${a} 2361 #log_test_addr ${a} $? 1 "Device server" 2362 2363 # negative test - should fail 2364 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2365 do 2366 log_start 2367 show_hint "Should fail 'Connection refused' since there is no server" 2368 run_cmd_nsb nettest -6 -D -r ${a} 2369 log_test_addr ${a} $? 1 "No server" 2370 done 2371 2372 # 2373 # client 2374 # 2375 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2376 do 2377 log_start 2378 run_cmd_nsb nettest -6 -D -s & 2379 sleep 1 2380 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6} 2381 log_test_addr ${a} $? 0 "Client" 2382 2383 log_start 2384 run_cmd_nsb nettest -6 -D -s & 2385 sleep 1 2386 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6} 2387 log_test_addr ${a} $? 0 "Client, device bind" 2388 2389 log_start 2390 run_cmd_nsb nettest -6 -D -s & 2391 sleep 1 2392 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6} 2393 log_test_addr ${a} $? 0 "Client, device send via cmsg" 2394 2395 log_start 2396 run_cmd_nsb nettest -6 -D -s & 2397 sleep 1 2398 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6} 2399 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF" 2400 2401 log_start 2402 show_hint "Should fail 'Connection refused'" 2403 run_cmd nettest -6 -D -r ${a} 2404 log_test_addr ${a} $? 1 "No server, unbound client" 2405 2406 log_start 2407 show_hint "Should fail 'Connection refused'" 2408 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2409 log_test_addr ${a} $? 1 "No server, device client" 2410 done 2411 2412 # 2413 # local address tests 2414 # 2415 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2416 do 2417 log_start 2418 run_cmd nettest -6 -D -s & 2419 sleep 1 2420 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a} 2421 log_test_addr ${a} $? 0 "Global server, local connection" 2422 done 2423 2424 a=${NSA_IP6} 2425 log_start 2426 run_cmd nettest -6 -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 2427 sleep 1 2428 run_cmd nettest -6 -D -r ${a} 2429 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2430 2431 for a in ${NSA_LO_IP6} ::1 2432 do 2433 log_start 2434 show_hint "Should fail 'Connection refused' since address is out of device scope" 2435 run_cmd nettest -6 -s -D -d ${NSA_DEV} & 2436 sleep 1 2437 run_cmd nettest -6 -D -r ${a} 2438 log_test_addr ${a} $? 1 "Device server, local connection" 2439 done 2440 2441 a=${NSA_IP6} 2442 log_start 2443 run_cmd nettest -6 -s -D & 2444 sleep 1 2445 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2446 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2447 2448 log_start 2449 run_cmd nettest -6 -s -D & 2450 sleep 1 2451 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a} 2452 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 2453 2454 log_start 2455 run_cmd nettest -6 -s -D & 2456 sleep 1 2457 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a} 2458 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection" 2459 2460 for a in ${NSA_LO_IP6} ::1 2461 do 2462 log_start 2463 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2464 run_cmd nettest -6 -D -s & 2465 sleep 1 2466 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2467 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2468 2469 log_start 2470 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2471 run_cmd nettest -6 -D -s & 2472 sleep 1 2473 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C 2474 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 2475 2476 log_start 2477 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2478 run_cmd nettest -6 -D -s & 2479 sleep 1 2480 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S 2481 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 2482 done 2483 2484 a=${NSA_IP6} 2485 log_start 2486 run_cmd nettest -6 -D -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2487 sleep 1 2488 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a} 2489 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2490 2491 log_start 2492 show_hint "Should fail 'Connection refused'" 2493 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2494 log_test_addr ${a} $? 1 "No server, device client, local conn" 2495 2496 # LLA to GUA 2497 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 2498 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 2499 log_start 2500 run_cmd nettest -6 -s -D & 2501 sleep 1 2502 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 2503 log_test $? 0 "UDP in - LLA to GUA" 2504 2505 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 2506 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 2507} 2508 2509ipv6_udp_vrf() 2510{ 2511 local a 2512 2513 # disable global server 2514 log_subsection "Global server disabled" 2515 set_sysctl net.ipv4.udp_l3mdev_accept=0 2516 2517 # 2518 # server tests 2519 # 2520 for a in ${NSA_IP6} ${VRF_IP6} 2521 do 2522 log_start 2523 show_hint "Should fail 'Connection refused' since global server is disabled" 2524 run_cmd nettest -6 -D -s & 2525 sleep 1 2526 run_cmd_nsb nettest -6 -D -r ${a} 2527 log_test_addr ${a} $? 1 "Global server" 2528 done 2529 2530 for a in ${NSA_IP6} ${VRF_IP6} 2531 do 2532 log_start 2533 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2534 sleep 1 2535 run_cmd_nsb nettest -6 -D -r ${a} 2536 log_test_addr ${a} $? 0 "VRF server" 2537 done 2538 2539 for a in ${NSA_IP6} ${VRF_IP6} 2540 do 2541 log_start 2542 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2543 sleep 1 2544 run_cmd_nsb nettest -6 -D -r ${a} 2545 log_test_addr ${a} $? 0 "Enslaved device server" 2546 done 2547 2548 # negative test - should fail 2549 for a in ${NSA_IP6} ${VRF_IP6} 2550 do 2551 log_start 2552 show_hint "Should fail 'Connection refused' since there is no server" 2553 run_cmd_nsb nettest -6 -D -r ${a} 2554 log_test_addr ${a} $? 1 "No server" 2555 done 2556 2557 # 2558 # local address tests 2559 # 2560 for a in ${NSA_IP6} ${VRF_IP6} 2561 do 2562 log_start 2563 show_hint "Should fail 'Connection refused' since global server is disabled" 2564 run_cmd nettest -6 -D -s & 2565 sleep 1 2566 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2567 log_test_addr ${a} $? 1 "Global server, VRF client, local conn" 2568 done 2569 2570 for a in ${NSA_IP6} ${VRF_IP6} 2571 do 2572 log_start 2573 run_cmd nettest -6 -D -d ${VRF} -s & 2574 sleep 1 2575 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2576 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 2577 done 2578 2579 a=${NSA_IP6} 2580 log_start 2581 show_hint "Should fail 'Connection refused' since global server is disabled" 2582 run_cmd nettest -6 -D -s & 2583 sleep 1 2584 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2585 log_test_addr ${a} $? 1 "Global server, device client, local conn" 2586 2587 log_start 2588 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2589 sleep 1 2590 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2591 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 2592 2593 log_start 2594 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2595 sleep 1 2596 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2597 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 2598 2599 log_start 2600 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2601 sleep 1 2602 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2603 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 2604 2605 # disable global server 2606 log_subsection "Global server enabled" 2607 set_sysctl net.ipv4.udp_l3mdev_accept=1 2608 2609 # 2610 # server tests 2611 # 2612 for a in ${NSA_IP6} ${VRF_IP6} 2613 do 2614 log_start 2615 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2616 sleep 1 2617 run_cmd_nsb nettest -6 -D -r ${a} 2618 log_test_addr ${a} $? 0 "Global server" 2619 done 2620 2621 for a in ${NSA_IP6} ${VRF_IP6} 2622 do 2623 log_start 2624 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2625 sleep 1 2626 run_cmd_nsb nettest -6 -D -r ${a} 2627 log_test_addr ${a} $? 0 "VRF server" 2628 done 2629 2630 for a in ${NSA_IP6} ${VRF_IP6} 2631 do 2632 log_start 2633 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2634 sleep 1 2635 run_cmd_nsb nettest -6 -D -r ${a} 2636 log_test_addr ${a} $? 0 "Enslaved device server" 2637 done 2638 2639 # negative test - should fail 2640 for a in ${NSA_IP6} ${VRF_IP6} 2641 do 2642 log_start 2643 run_cmd_nsb nettest -6 -D -r ${a} 2644 log_test_addr ${a} $? 1 "No server" 2645 done 2646 2647 # 2648 # client tests 2649 # 2650 log_start 2651 run_cmd_nsb nettest -6 -D -s & 2652 sleep 1 2653 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 2654 log_test $? 0 "VRF client" 2655 2656 # negative test - should fail 2657 log_start 2658 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 2659 log_test $? 1 "No server, VRF client" 2660 2661 log_start 2662 run_cmd_nsb nettest -6 -D -s & 2663 sleep 1 2664 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 2665 log_test $? 0 "Enslaved device client" 2666 2667 # negative test - should fail 2668 log_start 2669 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 2670 log_test $? 1 "No server, enslaved device client" 2671 2672 # 2673 # local address tests 2674 # 2675 a=${NSA_IP6} 2676 log_start 2677 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2678 sleep 1 2679 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2680 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 2681 2682 #log_start 2683 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2684 sleep 1 2685 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2686 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 2687 2688 2689 a=${VRF_IP6} 2690 log_start 2691 run_cmd nettest -6 -D -s -2 ${VRF} & 2692 sleep 1 2693 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2694 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 2695 2696 log_start 2697 run_cmd nettest -6 -D -d ${VRF} -s -2 ${VRF} & 2698 sleep 1 2699 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2700 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 2701 2702 # negative test - should fail 2703 for a in ${NSA_IP6} ${VRF_IP6} 2704 do 2705 log_start 2706 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2707 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 2708 done 2709 2710 # device to global IP 2711 a=${NSA_IP6} 2712 log_start 2713 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2714 sleep 1 2715 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2716 log_test_addr ${a} $? 0 "Global server, device client, local conn" 2717 2718 log_start 2719 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2720 sleep 1 2721 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2722 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 2723 2724 log_start 2725 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2726 sleep 1 2727 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2728 log_test_addr ${a} $? 0 "Device server, VRF client, local conn" 2729 2730 log_start 2731 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2732 sleep 1 2733 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2734 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2735 2736 log_start 2737 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2738 log_test_addr ${a} $? 1 "No server, device client, local conn" 2739 2740 2741 # link local addresses 2742 log_start 2743 run_cmd nettest -6 -D -s & 2744 sleep 1 2745 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 2746 log_test $? 0 "Global server, linklocal IP" 2747 2748 log_start 2749 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 2750 log_test $? 1 "No server, linklocal IP" 2751 2752 2753 log_start 2754 run_cmd_nsb nettest -6 -D -s & 2755 sleep 1 2756 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 2757 log_test $? 0 "Enslaved device client, linklocal IP" 2758 2759 log_start 2760 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 2761 log_test $? 1 "No server, device client, peer linklocal IP" 2762 2763 2764 log_start 2765 run_cmd nettest -6 -D -s & 2766 sleep 1 2767 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 2768 log_test $? 0 "Enslaved device client, local conn - linklocal IP" 2769 2770 log_start 2771 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 2772 log_test $? 1 "No server, device client, local conn - linklocal IP" 2773 2774 # LLA to GUA 2775 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 2776 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 2777 log_start 2778 run_cmd nettest -6 -s -D & 2779 sleep 1 2780 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 2781 log_test $? 0 "UDP in - LLA to GUA" 2782 2783 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 2784 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 2785} 2786 2787ipv6_udp() 2788{ 2789 # should not matter, but set to known state 2790 set_sysctl net.ipv4.udp_early_demux=1 2791 2792 log_section "IPv6/UDP" 2793 log_subsection "No VRF" 2794 setup 2795 2796 # udp_l3mdev_accept should have no affect without VRF; 2797 # run tests with it enabled and disabled to verify 2798 log_subsection "udp_l3mdev_accept disabled" 2799 set_sysctl net.ipv4.udp_l3mdev_accept=0 2800 ipv6_udp_novrf 2801 log_subsection "udp_l3mdev_accept enabled" 2802 set_sysctl net.ipv4.udp_l3mdev_accept=1 2803 ipv6_udp_novrf 2804 2805 log_subsection "With VRF" 2806 setup "yes" 2807 ipv6_udp_vrf 2808} 2809 2810################################################################################ 2811# IPv6 address bind 2812 2813ipv6_addr_bind_novrf() 2814{ 2815 # 2816 # raw socket 2817 # 2818 for a in ${NSA_IP6} ${NSA_LO_IP6} 2819 do 2820 log_start 2821 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b 2822 log_test_addr ${a} $? 0 "Raw socket bind to local address" 2823 2824 log_start 2825 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b 2826 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 2827 done 2828 2829 # 2830 # tcp sockets 2831 # 2832 a=${NSA_IP6} 2833 log_start 2834 run_cmd nettest -6 -s -l ${a} -t1 -b 2835 log_test_addr ${a} $? 0 "TCP socket bind to local address" 2836 2837 log_start 2838 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 2839 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 2840 2841 a=${NSA_LO_IP6} 2842 log_start 2843 show_hint "Should fail with 'Cannot assign requested address'" 2844 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 2845 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address" 2846} 2847 2848ipv6_addr_bind_vrf() 2849{ 2850 # 2851 # raw socket 2852 # 2853 for a in ${NSA_IP6} ${VRF_IP6} 2854 do 2855 log_start 2856 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b 2857 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind" 2858 2859 log_start 2860 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b 2861 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 2862 done 2863 2864 a=${NSA_LO_IP6} 2865 log_start 2866 show_hint "Address on loopback is out of VRF scope" 2867 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b 2868 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind" 2869 2870 # 2871 # tcp sockets 2872 # 2873 # address on enslaved device is valid for the VRF or device in a VRF 2874 for a in ${NSA_IP6} ${VRF_IP6} 2875 do 2876 log_start 2877 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b 2878 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind" 2879 done 2880 2881 a=${NSA_IP6} 2882 log_start 2883 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 2884 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind" 2885 2886 a=${VRF_IP6} 2887 log_start 2888 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 2889 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind" 2890 2891 a=${NSA_LO_IP6} 2892 log_start 2893 show_hint "Address on loopback out of scope for VRF" 2894 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b 2895 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 2896 2897 log_start 2898 show_hint "Address on loopback out of scope for device in VRF" 2899 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 2900 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 2901 2902} 2903 2904ipv6_addr_bind() 2905{ 2906 log_section "IPv6 address binds" 2907 2908 log_subsection "No VRF" 2909 setup 2910 ipv6_addr_bind_novrf 2911 2912 log_subsection "With VRF" 2913 setup "yes" 2914 ipv6_addr_bind_vrf 2915} 2916 2917################################################################################ 2918# IPv6 runtime tests 2919 2920ipv6_rt() 2921{ 2922 local desc="$1" 2923 local varg="-6 $2" 2924 local with_vrf="yes" 2925 local a 2926 2927 # 2928 # server tests 2929 # 2930 for a in ${NSA_IP6} ${VRF_IP6} 2931 do 2932 log_start 2933 run_cmd nettest ${varg} -s & 2934 sleep 1 2935 run_cmd_nsb nettest ${varg} -r ${a} & 2936 sleep 3 2937 run_cmd ip link del ${VRF} 2938 sleep 1 2939 log_test_addr ${a} 0 0 "${desc}, global server" 2940 2941 setup ${with_vrf} 2942 done 2943 2944 for a in ${NSA_IP6} ${VRF_IP6} 2945 do 2946 log_start 2947 run_cmd nettest ${varg} -d ${VRF} -s & 2948 sleep 1 2949 run_cmd_nsb nettest ${varg} -r ${a} & 2950 sleep 3 2951 run_cmd ip link del ${VRF} 2952 sleep 1 2953 log_test_addr ${a} 0 0 "${desc}, VRF server" 2954 2955 setup ${with_vrf} 2956 done 2957 2958 for a in ${NSA_IP6} ${VRF_IP6} 2959 do 2960 log_start 2961 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 2962 sleep 1 2963 run_cmd_nsb nettest ${varg} -r ${a} & 2964 sleep 3 2965 run_cmd ip link del ${VRF} 2966 sleep 1 2967 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 2968 2969 setup ${with_vrf} 2970 done 2971 2972 # 2973 # client test 2974 # 2975 log_start 2976 run_cmd_nsb nettest ${varg} -s & 2977 sleep 1 2978 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} & 2979 sleep 3 2980 run_cmd ip link del ${VRF} 2981 sleep 1 2982 log_test 0 0 "${desc}, VRF client" 2983 2984 setup ${with_vrf} 2985 2986 log_start 2987 run_cmd_nsb nettest ${varg} -s & 2988 sleep 1 2989 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} & 2990 sleep 3 2991 run_cmd ip link del ${VRF} 2992 sleep 1 2993 log_test 0 0 "${desc}, enslaved device client" 2994 2995 setup ${with_vrf} 2996 2997 2998 # 2999 # local address tests 3000 # 3001 for a in ${NSA_IP6} ${VRF_IP6} 3002 do 3003 log_start 3004 run_cmd nettest ${varg} -s & 3005 sleep 1 3006 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3007 sleep 3 3008 run_cmd ip link del ${VRF} 3009 sleep 1 3010 log_test_addr ${a} 0 0 "${desc}, global server, VRF client" 3011 3012 setup ${with_vrf} 3013 done 3014 3015 for a in ${NSA_IP6} ${VRF_IP6} 3016 do 3017 log_start 3018 run_cmd nettest ${varg} -d ${VRF} -s & 3019 sleep 1 3020 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3021 sleep 3 3022 run_cmd ip link del ${VRF} 3023 sleep 1 3024 log_test_addr ${a} 0 0 "${desc}, VRF server and client" 3025 3026 setup ${with_vrf} 3027 done 3028 3029 a=${NSA_IP6} 3030 log_start 3031 run_cmd nettest ${varg} -s & 3032 sleep 1 3033 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3034 sleep 3 3035 run_cmd ip link del ${VRF} 3036 sleep 1 3037 log_test_addr ${a} 0 0 "${desc}, global server, device client" 3038 3039 setup ${with_vrf} 3040 3041 log_start 3042 run_cmd nettest ${varg} -d ${VRF} -s & 3043 sleep 1 3044 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3045 sleep 3 3046 run_cmd ip link del ${VRF} 3047 sleep 1 3048 log_test_addr ${a} 0 0 "${desc}, VRF server, device client" 3049 3050 setup ${with_vrf} 3051 3052 log_start 3053 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 3054 sleep 1 3055 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3056 sleep 3 3057 run_cmd ip link del ${VRF} 3058 sleep 1 3059 log_test_addr ${a} 0 0 "${desc}, device server, device client" 3060} 3061 3062ipv6_ping_rt() 3063{ 3064 local with_vrf="yes" 3065 local a 3066 3067 a=${NSA_IP6} 3068 log_start 3069 run_cmd_nsb ${ping6} -f ${a} & 3070 sleep 3 3071 run_cmd ip link del ${VRF} 3072 sleep 1 3073 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 3074 3075 setup ${with_vrf} 3076 3077 log_start 3078 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} & 3079 sleep 1 3080 run_cmd ip link del ${VRF} 3081 sleep 1 3082 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 3083} 3084 3085ipv6_runtime() 3086{ 3087 log_section "Run time tests - ipv6" 3088 3089 setup "yes" 3090 ipv6_ping_rt 3091 3092 setup "yes" 3093 ipv6_rt "TCP active socket" "-n -1" 3094 3095 setup "yes" 3096 ipv6_rt "TCP passive socket" "-i" 3097 3098 setup "yes" 3099 ipv6_rt "UDP active socket" "-D -n -1" 3100} 3101 3102################################################################################ 3103# netfilter blocking connections 3104 3105netfilter_tcp_reset() 3106{ 3107 local a 3108 3109 for a in ${NSA_IP} ${VRF_IP} 3110 do 3111 log_start 3112 run_cmd nettest -s & 3113 sleep 1 3114 run_cmd_nsb nettest -r ${a} 3115 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3116 done 3117} 3118 3119netfilter_icmp() 3120{ 3121 local stype="$1" 3122 local arg 3123 local a 3124 3125 [ "${stype}" = "UDP" ] && arg="-D" 3126 3127 for a in ${NSA_IP} ${VRF_IP} 3128 do 3129 log_start 3130 run_cmd nettest ${arg} -s & 3131 sleep 1 3132 run_cmd_nsb nettest ${arg} -r ${a} 3133 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3134 done 3135} 3136 3137ipv4_netfilter() 3138{ 3139 log_section "IPv4 Netfilter" 3140 log_subsection "TCP reset" 3141 3142 setup "yes" 3143 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3144 3145 netfilter_tcp_reset 3146 3147 log_start 3148 log_subsection "ICMP unreachable" 3149 3150 log_start 3151 run_cmd iptables -F 3152 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3153 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3154 3155 netfilter_icmp "TCP" 3156 netfilter_icmp "UDP" 3157 3158 log_start 3159 iptables -F 3160} 3161 3162netfilter_tcp6_reset() 3163{ 3164 local a 3165 3166 for a in ${NSA_IP6} ${VRF_IP6} 3167 do 3168 log_start 3169 run_cmd nettest -6 -s & 3170 sleep 1 3171 run_cmd_nsb nettest -6 -r ${a} 3172 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3173 done 3174} 3175 3176netfilter_icmp6() 3177{ 3178 local stype="$1" 3179 local arg 3180 local a 3181 3182 [ "${stype}" = "UDP" ] && arg="$arg -D" 3183 3184 for a in ${NSA_IP6} ${VRF_IP6} 3185 do 3186 log_start 3187 run_cmd nettest -6 -s ${arg} & 3188 sleep 1 3189 run_cmd_nsb nettest -6 ${arg} -r ${a} 3190 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3191 done 3192} 3193 3194ipv6_netfilter() 3195{ 3196 log_section "IPv6 Netfilter" 3197 log_subsection "TCP reset" 3198 3199 setup "yes" 3200 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3201 3202 netfilter_tcp6_reset 3203 3204 log_subsection "ICMP unreachable" 3205 3206 log_start 3207 run_cmd ip6tables -F 3208 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3209 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3210 3211 netfilter_icmp6 "TCP" 3212 netfilter_icmp6 "UDP" 3213 3214 log_start 3215 ip6tables -F 3216} 3217 3218################################################################################ 3219# specific use cases 3220 3221# VRF only. 3222# ns-A device enslaved to bridge. Verify traffic with and without 3223# br_netfilter module loaded. Repeat with SVI on bridge. 3224use_case_br() 3225{ 3226 setup "yes" 3227 3228 setup_cmd ip link set ${NSA_DEV} down 3229 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24 3230 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64 3231 3232 setup_cmd ip link add br0 type bridge 3233 setup_cmd ip addr add dev br0 ${NSA_IP}/24 3234 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad 3235 3236 setup_cmd ip li set ${NSA_DEV} master br0 3237 setup_cmd ip li set ${NSA_DEV} up 3238 setup_cmd ip li set br0 up 3239 setup_cmd ip li set br0 vrf ${VRF} 3240 3241 rmmod br_netfilter 2>/dev/null 3242 sleep 5 # DAD 3243 3244 run_cmd ip neigh flush all 3245 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3246 log_test $? 0 "Bridge into VRF - IPv4 ping out" 3247 3248 run_cmd ip neigh flush all 3249 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3250 log_test $? 0 "Bridge into VRF - IPv6 ping out" 3251 3252 run_cmd ip neigh flush all 3253 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3254 log_test $? 0 "Bridge into VRF - IPv4 ping in" 3255 3256 run_cmd ip neigh flush all 3257 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3258 log_test $? 0 "Bridge into VRF - IPv6 ping in" 3259 3260 modprobe br_netfilter 3261 if [ $? -eq 0 ]; then 3262 run_cmd ip neigh flush all 3263 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3264 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out" 3265 3266 run_cmd ip neigh flush all 3267 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3268 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out" 3269 3270 run_cmd ip neigh flush all 3271 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3272 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in" 3273 3274 run_cmd ip neigh flush all 3275 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3276 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in" 3277 fi 3278 3279 setup_cmd ip li set br0 nomaster 3280 setup_cmd ip li add br0.100 link br0 type vlan id 100 3281 setup_cmd ip li set br0.100 vrf ${VRF} up 3282 setup_cmd ip addr add dev br0.100 172.16.101.1/24 3283 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad 3284 3285 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100 3286 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24 3287 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad 3288 setup_cmd_nsb ip li set vlan100 up 3289 sleep 1 3290 3291 rmmod br_netfilter 2>/dev/null 3292 3293 run_cmd ip neigh flush all 3294 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3295 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out" 3296 3297 run_cmd ip neigh flush all 3298 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3299 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out" 3300 3301 run_cmd ip neigh flush all 3302 run_cmd_nsb ping -c1 -w1 172.16.101.1 3303 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3304 3305 run_cmd ip neigh flush all 3306 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3307 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3308 3309 modprobe br_netfilter 3310 if [ $? -eq 0 ]; then 3311 run_cmd ip neigh flush all 3312 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3313 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out" 3314 3315 run_cmd ip neigh flush all 3316 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3317 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out" 3318 3319 run_cmd ip neigh flush all 3320 run_cmd_nsb ping -c1 -w1 172.16.101.1 3321 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3322 3323 run_cmd ip neigh flush all 3324 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3325 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3326 fi 3327 3328 setup_cmd ip li del br0 2>/dev/null 3329 setup_cmd_nsb ip li del vlan100 2>/dev/null 3330} 3331 3332use_cases() 3333{ 3334 log_section "Use cases" 3335 use_case_br 3336} 3337 3338################################################################################ 3339# usage 3340 3341usage() 3342{ 3343 cat <<EOF 3344usage: ${0##*/} OPTS 3345 3346 -4 IPv4 tests only 3347 -6 IPv6 tests only 3348 -t <test> Test name/set to run 3349 -p Pause on fail 3350 -P Pause after each test 3351 -v Be verbose 3352EOF 3353} 3354 3355################################################################################ 3356# main 3357 3358TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter" 3359TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter" 3360TESTS_OTHER="use_cases" 3361 3362PAUSE_ON_FAIL=no 3363PAUSE=no 3364 3365while getopts :46t:pPvh o 3366do 3367 case $o in 3368 4) TESTS=ipv4;; 3369 6) TESTS=ipv6;; 3370 t) TESTS=$OPTARG;; 3371 p) PAUSE_ON_FAIL=yes;; 3372 P) PAUSE=yes;; 3373 v) VERBOSE=1;; 3374 h) usage; exit 0;; 3375 *) usage; exit 1;; 3376 esac 3377done 3378 3379# make sure we don't pause twice 3380[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no 3381 3382# 3383# show user test config 3384# 3385if [ -z "$TESTS" ]; then 3386 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER" 3387elif [ "$TESTS" = "ipv4" ]; then 3388 TESTS="$TESTS_IPV4" 3389elif [ "$TESTS" = "ipv6" ]; then 3390 TESTS="$TESTS_IPV6" 3391fi 3392 3393which nettest >/dev/null 3394if [ $? -ne 0 ]; then 3395 echo "'nettest' command not found; skipping tests" 3396 exit 0 3397fi 3398 3399declare -i nfail=0 3400declare -i nsuccess=0 3401 3402for t in $TESTS 3403do 3404 case $t in 3405 ipv4_ping|ping) ipv4_ping;; 3406 ipv4_tcp|tcp) ipv4_tcp;; 3407 ipv4_udp|udp) ipv4_udp;; 3408 ipv4_bind|bind) ipv4_addr_bind;; 3409 ipv4_runtime) ipv4_runtime;; 3410 ipv4_netfilter) ipv4_netfilter;; 3411 3412 ipv6_ping|ping6) ipv6_ping;; 3413 ipv6_tcp|tcp6) ipv6_tcp;; 3414 ipv6_udp|udp6) ipv6_udp;; 3415 ipv6_bind|bind6) ipv6_addr_bind;; 3416 ipv6_runtime) ipv6_runtime;; 3417 ipv6_netfilter) ipv6_netfilter;; 3418 3419 use_cases) use_cases;; 3420 3421 # setup namespaces and config, but do not run any tests 3422 setup) setup; exit 0;; 3423 vrf_setup) setup "yes"; exit 0;; 3424 3425 help) echo "Test names: $TESTS"; exit 0;; 3426 esac 3427done 3428 3429cleanup 2>/dev/null 3430 3431printf "\nTests passed: %3d\n" ${nsuccess} 3432printf "Tests failed: %3d\n" ${nfail} 3433