1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved. 5# 6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups 7# for various permutations: 8# 1. icmp, tcp, udp and netfilter 9# 2. client, server, no-server 10# 3. global address on interface 11# 4. global address on 'lo' 12# 5. remote and local traffic 13# 6. VRF and non-VRF permutations 14# 15# Setup: 16# ns-A | ns-B 17# No VRF case: 18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ] 19# remote address 20# VRF case: 21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ] 22# 23# ns-A: 24# eth1: 172.16.1.1/24, 2001:db8:1::1/64 25# lo: 127.0.0.1/8, ::1/128 26# 172.16.2.1/32, 2001:db8:2::1/128 27# red: 127.0.0.1/8, ::1/128 28# 172.16.3.1/32, 2001:db8:3::1/128 29# 30# ns-B: 31# eth1: 172.16.1.2/24, 2001:db8:1::2/64 32# lo2: 127.0.0.1/8, ::1/128 33# 172.16.2.2/32, 2001:db8:2::2/128 34# 35# ns-A to ns-C connection - only for VRF and same config 36# as ns-A to ns-B 37# 38# server / client nomenclature relative to ns-A 39 40VERBOSE=0 41 42NSA_DEV=eth1 43NSA_DEV2=eth2 44NSB_DEV=eth1 45NSC_DEV=eth2 46VRF=red 47VRF_TABLE=1101 48 49# IPv4 config 50NSA_IP=172.16.1.1 51NSB_IP=172.16.1.2 52VRF_IP=172.16.3.1 53NS_NET=172.16.1.0/24 54 55# IPv6 config 56NSA_IP6=2001:db8:1::1 57NSB_IP6=2001:db8:1::2 58VRF_IP6=2001:db8:3::1 59NS_NET6=2001:db8:1::/120 60 61NSA_LO_IP=172.16.2.1 62NSB_LO_IP=172.16.2.2 63NSA_LO_IP6=2001:db8:2::1 64NSB_LO_IP6=2001:db8:2::2 65 66MD5_PW=abc123 67MD5_WRONG_PW=abc1234 68 69MCAST=ff02::1 70# set after namespace create 71NSA_LINKIP6= 72NSB_LINKIP6= 73 74NSA=ns-A 75NSB=ns-B 76NSC=ns-C 77 78NSA_CMD="ip netns exec ${NSA}" 79NSB_CMD="ip netns exec ${NSB}" 80NSC_CMD="ip netns exec ${NSC}" 81 82which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) 83 84################################################################################ 85# utilities 86 87log_test() 88{ 89 local rc=$1 90 local expected=$2 91 local msg="$3" 92 93 [ "${VERBOSE}" = "1" ] && echo 94 95 if [ ${rc} -eq ${expected} ]; then 96 nsuccess=$((nsuccess+1)) 97 printf "TEST: %-70s [ OK ]\n" "${msg}" 98 else 99 nfail=$((nfail+1)) 100 printf "TEST: %-70s [FAIL]\n" "${msg}" 101 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 102 echo 103 echo "hit enter to continue, 'q' to quit" 104 read a 105 [ "$a" = "q" ] && exit 1 106 fi 107 fi 108 109 if [ "${PAUSE}" = "yes" ]; then 110 echo 111 echo "hit enter to continue, 'q' to quit" 112 read a 113 [ "$a" = "q" ] && exit 1 114 fi 115 116 kill_procs 117} 118 119log_test_addr() 120{ 121 local addr=$1 122 local rc=$2 123 local expected=$3 124 local msg="$4" 125 local astr 126 127 astr=$(addr2str ${addr}) 128 log_test $rc $expected "$msg - ${astr}" 129} 130 131log_section() 132{ 133 echo 134 echo "###########################################################################" 135 echo "$*" 136 echo "###########################################################################" 137 echo 138} 139 140log_subsection() 141{ 142 echo 143 echo "#################################################################" 144 echo "$*" 145 echo 146} 147 148log_start() 149{ 150 # make sure we have no test instances running 151 kill_procs 152 153 if [ "${VERBOSE}" = "1" ]; then 154 echo 155 echo "#######################################################" 156 fi 157} 158 159log_debug() 160{ 161 if [ "${VERBOSE}" = "1" ]; then 162 echo 163 echo "$*" 164 echo 165 fi 166} 167 168show_hint() 169{ 170 if [ "${VERBOSE}" = "1" ]; then 171 echo "HINT: $*" 172 echo 173 fi 174} 175 176kill_procs() 177{ 178 killall nettest ping ping6 >/dev/null 2>&1 179 sleep 1 180} 181 182do_run_cmd() 183{ 184 local cmd="$*" 185 local out 186 187 if [ "$VERBOSE" = "1" ]; then 188 echo "COMMAND: ${cmd}" 189 fi 190 191 out=$($cmd 2>&1) 192 rc=$? 193 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 194 echo "$out" 195 fi 196 197 return $rc 198} 199 200run_cmd() 201{ 202 do_run_cmd ${NSA_CMD} $* 203} 204 205run_cmd_nsb() 206{ 207 do_run_cmd ${NSB_CMD} $* 208} 209 210run_cmd_nsc() 211{ 212 do_run_cmd ${NSC_CMD} $* 213} 214 215setup_cmd() 216{ 217 local cmd="$*" 218 local rc 219 220 run_cmd ${cmd} 221 rc=$? 222 if [ $rc -ne 0 ]; then 223 # show user the command if not done so already 224 if [ "$VERBOSE" = "0" ]; then 225 echo "setup command: $cmd" 226 fi 227 echo "failed. stopping tests" 228 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 229 echo 230 echo "hit enter to continue" 231 read a 232 fi 233 exit $rc 234 fi 235} 236 237setup_cmd_nsb() 238{ 239 local cmd="$*" 240 local rc 241 242 run_cmd_nsb ${cmd} 243 rc=$? 244 if [ $rc -ne 0 ]; then 245 # show user the command if not done so already 246 if [ "$VERBOSE" = "0" ]; then 247 echo "setup command: $cmd" 248 fi 249 echo "failed. stopping tests" 250 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 251 echo 252 echo "hit enter to continue" 253 read a 254 fi 255 exit $rc 256 fi 257} 258 259setup_cmd_nsc() 260{ 261 local cmd="$*" 262 local rc 263 264 run_cmd_nsc ${cmd} 265 rc=$? 266 if [ $rc -ne 0 ]; then 267 # show user the command if not done so already 268 if [ "$VERBOSE" = "0" ]; then 269 echo "setup command: $cmd" 270 fi 271 echo "failed. stopping tests" 272 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 273 echo 274 echo "hit enter to continue" 275 read a 276 fi 277 exit $rc 278 fi 279} 280 281# set sysctl values in NS-A 282set_sysctl() 283{ 284 echo "SYSCTL: $*" 285 echo 286 run_cmd sysctl -q -w $* 287} 288 289################################################################################ 290# Setup for tests 291 292addr2str() 293{ 294 case "$1" in 295 127.0.0.1) echo "loopback";; 296 ::1) echo "IPv6 loopback";; 297 298 ${NSA_IP}) echo "ns-A IP";; 299 ${NSA_IP6}) echo "ns-A IPv6";; 300 ${NSA_LO_IP}) echo "ns-A loopback IP";; 301 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";; 302 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";; 303 304 ${NSB_IP}) echo "ns-B IP";; 305 ${NSB_IP6}) echo "ns-B IPv6";; 306 ${NSB_LO_IP}) echo "ns-B loopback IP";; 307 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";; 308 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";; 309 310 ${VRF_IP}) echo "VRF IP";; 311 ${VRF_IP6}) echo "VRF IPv6";; 312 313 ${MCAST}%*) echo "multicast IP";; 314 315 *) echo "unknown";; 316 esac 317} 318 319get_linklocal() 320{ 321 local ns=$1 322 local dev=$2 323 local addr 324 325 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \ 326 awk '{ 327 for (i = 3; i <= NF; ++i) { 328 if ($i ~ /^fe80/) 329 print $i 330 } 331 }' 332 ) 333 addr=${addr/\/*} 334 335 [ -z "$addr" ] && return 1 336 337 echo $addr 338 339 return 0 340} 341 342################################################################################ 343# create namespaces and vrf 344 345create_vrf() 346{ 347 local ns=$1 348 local vrf=$2 349 local table=$3 350 local addr=$4 351 local addr6=$5 352 353 ip -netns ${ns} link add ${vrf} type vrf table ${table} 354 ip -netns ${ns} link set ${vrf} up 355 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192 356 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192 357 358 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf} 359 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad 360 if [ "${addr}" != "-" ]; then 361 ip -netns ${ns} addr add dev ${vrf} ${addr} 362 fi 363 if [ "${addr6}" != "-" ]; then 364 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6} 365 fi 366 367 ip -netns ${ns} ru del pref 0 368 ip -netns ${ns} ru add pref 32765 from all lookup local 369 ip -netns ${ns} -6 ru del pref 0 370 ip -netns ${ns} -6 ru add pref 32765 from all lookup local 371} 372 373create_ns() 374{ 375 local ns=$1 376 local addr=$2 377 local addr6=$3 378 379 ip netns add ${ns} 380 381 ip -netns ${ns} link set lo up 382 if [ "${addr}" != "-" ]; then 383 ip -netns ${ns} addr add dev lo ${addr} 384 fi 385 if [ "${addr6}" != "-" ]; then 386 ip -netns ${ns} -6 addr add dev lo ${addr6} 387 fi 388 389 ip -netns ${ns} ro add unreachable default metric 8192 390 ip -netns ${ns} -6 ro add unreachable default metric 8192 391 392 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1 393 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 394 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1 395 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1 396} 397 398# create veth pair to connect namespaces and apply addresses. 399connect_ns() 400{ 401 local ns1=$1 402 local ns1_dev=$2 403 local ns1_addr=$3 404 local ns1_addr6=$4 405 local ns2=$5 406 local ns2_dev=$6 407 local ns2_addr=$7 408 local ns2_addr6=$8 409 410 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp 411 ip -netns ${ns1} li set ${ns1_dev} up 412 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev} 413 ip -netns ${ns2} li set ${ns2_dev} up 414 415 if [ "${ns1_addr}" != "-" ]; then 416 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr} 417 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr} 418 fi 419 420 if [ "${ns1_addr6}" != "-" ]; then 421 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6} 422 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6} 423 fi 424} 425 426cleanup() 427{ 428 # explicit cleanups to check those code paths 429 ip netns | grep -q ${NSA} 430 if [ $? -eq 0 ]; then 431 ip -netns ${NSA} link delete ${VRF} 432 ip -netns ${NSA} ro flush table ${VRF_TABLE} 433 434 ip -netns ${NSA} addr flush dev ${NSA_DEV} 435 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV} 436 ip -netns ${NSA} link set dev ${NSA_DEV} down 437 ip -netns ${NSA} link del dev ${NSA_DEV} 438 439 ip netns del ${NSA} 440 fi 441 442 ip netns del ${NSB} 443 ip netns del ${NSC} >/dev/null 2>&1 444} 445 446setup() 447{ 448 local with_vrf=${1} 449 450 # make sure we are starting with a clean slate 451 kill_procs 452 cleanup 2>/dev/null 453 454 log_debug "Configuring network namespaces" 455 set -e 456 457 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128 458 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128 459 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \ 460 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64 461 462 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV}) 463 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV}) 464 465 # tell ns-A how to get to remote addresses of ns-B 466 if [ "${with_vrf}" = "yes" ]; then 467 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6} 468 469 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF} 470 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 471 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 472 473 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 474 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 475 476 # some VRF tests use ns-C which has the same config as 477 # ns-B but for a device NOT in the VRF 478 create_ns ${NSC} "-" "-" 479 connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \ 480 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64 481 else 482 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 483 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 484 fi 485 486 487 # tell ns-B how to get to remote addresses of ns-A 488 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 489 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 490 491 set +e 492 493 sleep 1 494} 495 496setup_lla_only() 497{ 498 # make sure we are starting with a clean slate 499 kill_procs 500 cleanup 2>/dev/null 501 502 log_debug "Configuring network namespaces" 503 set -e 504 505 create_ns ${NSA} "-" "-" 506 create_ns ${NSB} "-" "-" 507 create_ns ${NSC} "-" "-" 508 connect_ns ${NSA} ${NSA_DEV} "-" "-" \ 509 ${NSB} ${NSB_DEV} "-" "-" 510 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \ 511 ${NSC} ${NSC_DEV} "-" "-" 512 513 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV}) 514 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV}) 515 NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV}) 516 517 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-" 518 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF} 519 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF} 520 521 set +e 522 523 sleep 1 524} 525 526################################################################################ 527# IPv4 528 529ipv4_ping_novrf() 530{ 531 local a 532 533 # 534 # out 535 # 536 for a in ${NSB_IP} ${NSB_LO_IP} 537 do 538 log_start 539 run_cmd ping -c1 -w1 ${a} 540 log_test_addr ${a} $? 0 "ping out" 541 542 log_start 543 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 544 log_test_addr ${a} $? 0 "ping out, device bind" 545 546 log_start 547 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a} 548 log_test_addr ${a} $? 0 "ping out, address bind" 549 done 550 551 # 552 # in 553 # 554 for a in ${NSA_IP} ${NSA_LO_IP} 555 do 556 log_start 557 run_cmd_nsb ping -c1 -w1 ${a} 558 log_test_addr ${a} $? 0 "ping in" 559 done 560 561 # 562 # local traffic 563 # 564 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 565 do 566 log_start 567 run_cmd ping -c1 -w1 ${a} 568 log_test_addr ${a} $? 0 "ping local" 569 done 570 571 # 572 # local traffic, socket bound to device 573 # 574 # address on device 575 a=${NSA_IP} 576 log_start 577 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 578 log_test_addr ${a} $? 0 "ping local, device bind" 579 580 # loopback addresses not reachable from device bind 581 # fails in a really weird way though because ipv4 special cases 582 # route lookups with oif set. 583 for a in ${NSA_LO_IP} 127.0.0.1 584 do 585 log_start 586 show_hint "Fails since address on loopback device is out of device scope" 587 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 588 log_test_addr ${a} $? 1 "ping local, device bind" 589 done 590 591 # 592 # ip rule blocks reachability to remote address 593 # 594 log_start 595 setup_cmd ip rule add pref 32765 from all lookup local 596 setup_cmd ip rule del pref 0 from all lookup local 597 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 598 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 599 600 a=${NSB_LO_IP} 601 run_cmd ping -c1 -w1 ${a} 602 log_test_addr ${a} $? 2 "ping out, blocked by rule" 603 604 # NOTE: ipv4 actually allows the lookup to fail and yet still create 605 # a viable rtable if the oif (e.g., bind to device) is set, so this 606 # case succeeds despite the rule 607 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 608 609 a=${NSA_LO_IP} 610 log_start 611 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule" 612 run_cmd_nsb ping -c1 -w1 ${a} 613 log_test_addr ${a} $? 1 "ping in, blocked by rule" 614 615 [ "$VERBOSE" = "1" ] && echo 616 setup_cmd ip rule del pref 32765 from all lookup local 617 setup_cmd ip rule add pref 0 from all lookup local 618 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 619 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 620 621 # 622 # route blocks reachability to remote address 623 # 624 log_start 625 setup_cmd ip route replace unreachable ${NSB_LO_IP} 626 setup_cmd ip route replace unreachable ${NSB_IP} 627 628 a=${NSB_LO_IP} 629 run_cmd ping -c1 -w1 ${a} 630 log_test_addr ${a} $? 2 "ping out, blocked by route" 631 632 # NOTE: ipv4 actually allows the lookup to fail and yet still create 633 # a viable rtable if the oif (e.g., bind to device) is set, so this 634 # case succeeds despite not having a route for the address 635 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 636 637 a=${NSA_LO_IP} 638 log_start 639 show_hint "Response is dropped (or arp request is ignored) due to ip route" 640 run_cmd_nsb ping -c1 -w1 ${a} 641 log_test_addr ${a} $? 1 "ping in, blocked by route" 642 643 # 644 # remove 'remote' routes; fallback to default 645 # 646 log_start 647 setup_cmd ip ro del ${NSB_LO_IP} 648 649 a=${NSB_LO_IP} 650 run_cmd ping -c1 -w1 ${a} 651 log_test_addr ${a} $? 2 "ping out, unreachable default route" 652 653 # NOTE: ipv4 actually allows the lookup to fail and yet still create 654 # a viable rtable if the oif (e.g., bind to device) is set, so this 655 # case succeeds despite not having a route for the address 656 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 657} 658 659ipv4_ping_vrf() 660{ 661 local a 662 663 # should default on; does not exist on older kernels 664 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 665 666 # 667 # out 668 # 669 for a in ${NSB_IP} ${NSB_LO_IP} 670 do 671 log_start 672 run_cmd ping -c1 -w1 -I ${VRF} ${a} 673 log_test_addr ${a} $? 0 "ping out, VRF bind" 674 675 log_start 676 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 677 log_test_addr ${a} $? 0 "ping out, device bind" 678 679 log_start 680 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a} 681 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind" 682 683 log_start 684 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a} 685 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind" 686 done 687 688 # 689 # in 690 # 691 for a in ${NSA_IP} ${VRF_IP} 692 do 693 log_start 694 run_cmd_nsb ping -c1 -w1 ${a} 695 log_test_addr ${a} $? 0 "ping in" 696 done 697 698 # 699 # local traffic, local address 700 # 701 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 702 do 703 log_start 704 show_hint "Source address should be ${a}" 705 run_cmd ping -c1 -w1 -I ${VRF} ${a} 706 log_test_addr ${a} $? 0 "ping local, VRF bind" 707 done 708 709 # 710 # local traffic, socket bound to device 711 # 712 # address on device 713 a=${NSA_IP} 714 log_start 715 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 716 log_test_addr ${a} $? 0 "ping local, device bind" 717 718 # vrf device is out of scope 719 for a in ${VRF_IP} 127.0.0.1 720 do 721 log_start 722 show_hint "Fails since address on vrf device is out of device scope" 723 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 724 log_test_addr ${a} $? 1 "ping local, device bind" 725 done 726 727 # 728 # ip rule blocks address 729 # 730 log_start 731 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 732 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 733 734 a=${NSB_LO_IP} 735 run_cmd ping -c1 -w1 -I ${VRF} ${a} 736 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule" 737 738 log_start 739 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 740 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 741 742 a=${NSA_LO_IP} 743 log_start 744 show_hint "Response lost due to ip rule" 745 run_cmd_nsb ping -c1 -w1 ${a} 746 log_test_addr ${a} $? 1 "ping in, blocked by rule" 747 748 [ "$VERBOSE" = "1" ] && echo 749 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 750 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 751 752 # 753 # remove 'remote' routes; fallback to default 754 # 755 log_start 756 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP} 757 758 a=${NSB_LO_IP} 759 run_cmd ping -c1 -w1 -I ${VRF} ${a} 760 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route" 761 762 log_start 763 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 764 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 765 766 a=${NSA_LO_IP} 767 log_start 768 show_hint "Response lost by unreachable route" 769 run_cmd_nsb ping -c1 -w1 ${a} 770 log_test_addr ${a} $? 1 "ping in, unreachable route" 771} 772 773ipv4_ping() 774{ 775 log_section "IPv4 ping" 776 777 log_subsection "No VRF" 778 setup 779 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 780 ipv4_ping_novrf 781 setup 782 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 783 ipv4_ping_novrf 784 785 log_subsection "With VRF" 786 setup "yes" 787 ipv4_ping_vrf 788} 789 790################################################################################ 791# IPv4 TCP 792 793# 794# MD5 tests without VRF 795# 796ipv4_tcp_md5_novrf() 797{ 798 # 799 # single address 800 # 801 802 # basic use case 803 log_start 804 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} & 805 sleep 1 806 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 807 log_test $? 0 "MD5: Single address config" 808 809 # client sends MD5, server not configured 810 log_start 811 show_hint "Should timeout due to MD5 mismatch" 812 run_cmd nettest -s & 813 sleep 1 814 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 815 log_test $? 2 "MD5: Server no config, client uses password" 816 817 # wrong password 818 log_start 819 show_hint "Should timeout since client uses wrong password" 820 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} & 821 sleep 1 822 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} 823 log_test $? 2 "MD5: Client uses wrong password" 824 825 # client from different address 826 log_start 827 show_hint "Should timeout due to MD5 mismatch" 828 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} & 829 sleep 1 830 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 831 log_test $? 2 "MD5: Client address does not match address configured with password" 832 833 # 834 # MD5 extension - prefix length 835 # 836 837 # client in prefix 838 log_start 839 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & 840 sleep 1 841 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 842 log_test $? 0 "MD5: Prefix config" 843 844 # client in prefix, wrong password 845 log_start 846 show_hint "Should timeout since client uses wrong password" 847 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & 848 sleep 1 849 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} 850 log_test $? 2 "MD5: Prefix config, client uses wrong password" 851 852 # client outside of prefix 853 log_start 854 show_hint "Should timeout due to MD5 mismatch" 855 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & 856 sleep 1 857 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW} 858 log_test $? 2 "MD5: Prefix config, client address not in configured prefix" 859} 860 861# 862# MD5 tests with VRF 863# 864ipv4_tcp_md5() 865{ 866 # 867 # single address 868 # 869 870 # basic use case 871 log_start 872 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & 873 sleep 1 874 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 875 log_test $? 0 "MD5: VRF: Single address config" 876 877 # client sends MD5, server not configured 878 log_start 879 show_hint "Should timeout since server does not have MD5 auth" 880 run_cmd nettest -s -I ${VRF} & 881 sleep 1 882 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 883 log_test $? 2 "MD5: VRF: Server no config, client uses password" 884 885 # wrong password 886 log_start 887 show_hint "Should timeout since client uses wrong password" 888 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & 889 sleep 1 890 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} 891 log_test $? 2 "MD5: VRF: Client uses wrong password" 892 893 # client from different address 894 log_start 895 show_hint "Should timeout since server config differs from client" 896 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} & 897 sleep 1 898 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 899 log_test $? 2 "MD5: VRF: Client address does not match address configured with password" 900 901 # 902 # MD5 extension - prefix length 903 # 904 905 # client in prefix 906 log_start 907 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & 908 sleep 1 909 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 910 log_test $? 0 "MD5: VRF: Prefix config" 911 912 # client in prefix, wrong password 913 log_start 914 show_hint "Should timeout since client uses wrong password" 915 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & 916 sleep 1 917 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} 918 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password" 919 920 # client outside of prefix 921 log_start 922 show_hint "Should timeout since client address is outside of prefix" 923 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & 924 sleep 1 925 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW} 926 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix" 927 928 # 929 # duplicate config between default VRF and a VRF 930 # 931 932 log_start 933 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & 934 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} & 935 sleep 1 936 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 937 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" 938 939 log_start 940 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & 941 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} & 942 sleep 1 943 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} 944 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" 945 946 log_start 947 show_hint "Should timeout since client in default VRF uses VRF password" 948 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & 949 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} & 950 sleep 1 951 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW} 952 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" 953 954 log_start 955 show_hint "Should timeout since client in VRF uses default VRF password" 956 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & 957 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} & 958 sleep 1 959 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} 960 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" 961 962 log_start 963 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & 964 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 965 sleep 1 966 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} 967 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF" 968 969 log_start 970 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & 971 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 972 sleep 1 973 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} 974 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF" 975 976 log_start 977 show_hint "Should timeout since client in default VRF uses VRF password" 978 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & 979 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 980 sleep 1 981 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW} 982 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw" 983 984 log_start 985 show_hint "Should timeout since client in VRF uses default VRF password" 986 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & 987 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 988 sleep 1 989 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} 990 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw" 991 992 # 993 # negative tests 994 # 995 log_start 996 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP} 997 log_test $? 1 "MD5: VRF: Device must be a VRF - single address" 998 999 log_start 1000 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET} 1001 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix" 1002 1003} 1004 1005ipv4_tcp_novrf() 1006{ 1007 local a 1008 1009 # 1010 # server tests 1011 # 1012 for a in ${NSA_IP} ${NSA_LO_IP} 1013 do 1014 log_start 1015 run_cmd nettest -s & 1016 sleep 1 1017 run_cmd_nsb nettest -r ${a} 1018 log_test_addr ${a} $? 0 "Global server" 1019 done 1020 1021 a=${NSA_IP} 1022 log_start 1023 run_cmd nettest -s -I ${NSA_DEV} & 1024 sleep 1 1025 run_cmd_nsb nettest -r ${a} 1026 log_test_addr ${a} $? 0 "Device server" 1027 1028 # verify TCP reset sent and received 1029 for a in ${NSA_IP} ${NSA_LO_IP} 1030 do 1031 log_start 1032 show_hint "Should fail 'Connection refused' since there is no server" 1033 run_cmd_nsb nettest -r ${a} 1034 log_test_addr ${a} $? 1 "No server" 1035 done 1036 1037 # 1038 # client 1039 # 1040 for a in ${NSB_IP} ${NSB_LO_IP} 1041 do 1042 log_start 1043 run_cmd_nsb nettest -s & 1044 sleep 1 1045 run_cmd nettest -r ${a} -0 ${NSA_IP} 1046 log_test_addr ${a} $? 0 "Client" 1047 1048 log_start 1049 run_cmd_nsb nettest -s & 1050 sleep 1 1051 run_cmd nettest -r ${a} -d ${NSA_DEV} 1052 log_test_addr ${a} $? 0 "Client, device bind" 1053 1054 log_start 1055 show_hint "Should fail 'Connection refused'" 1056 run_cmd nettest -r ${a} 1057 log_test_addr ${a} $? 1 "No server, unbound client" 1058 1059 log_start 1060 show_hint "Should fail 'Connection refused'" 1061 run_cmd nettest -r ${a} -d ${NSA_DEV} 1062 log_test_addr ${a} $? 1 "No server, device client" 1063 done 1064 1065 # 1066 # local address tests 1067 # 1068 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 1069 do 1070 log_start 1071 run_cmd nettest -s & 1072 sleep 1 1073 run_cmd nettest -r ${a} -0 ${a} -1 ${a} 1074 log_test_addr ${a} $? 0 "Global server, local connection" 1075 done 1076 1077 a=${NSA_IP} 1078 log_start 1079 run_cmd nettest -s -I ${NSA_DEV} & 1080 sleep 1 1081 run_cmd nettest -r ${a} -0 ${a} 1082 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 1083 1084 for a in ${NSA_LO_IP} 127.0.0.1 1085 do 1086 log_start 1087 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 1088 run_cmd nettest -s -I ${NSA_DEV} & 1089 sleep 1 1090 run_cmd nettest -r ${a} 1091 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 1092 done 1093 1094 a=${NSA_IP} 1095 log_start 1096 run_cmd nettest -s & 1097 sleep 1 1098 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV} 1099 log_test_addr ${a} $? 0 "Global server, device client, local connection" 1100 1101 for a in ${NSA_LO_IP} 127.0.0.1 1102 do 1103 log_start 1104 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 1105 run_cmd nettest -s & 1106 sleep 1 1107 run_cmd nettest -r ${a} -d ${NSA_DEV} 1108 log_test_addr ${a} $? 1 "Global server, device client, local connection" 1109 done 1110 1111 a=${NSA_IP} 1112 log_start 1113 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} & 1114 sleep 1 1115 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a} 1116 log_test_addr ${a} $? 0 "Device server, device client, local connection" 1117 1118 log_start 1119 show_hint "Should fail 'Connection refused'" 1120 run_cmd nettest -d ${NSA_DEV} -r ${a} 1121 log_test_addr ${a} $? 1 "No server, device client, local conn" 1122 1123 ipv4_tcp_md5_novrf 1124} 1125 1126ipv4_tcp_vrf() 1127{ 1128 local a 1129 1130 # disable global server 1131 log_subsection "Global server disabled" 1132 1133 set_sysctl net.ipv4.tcp_l3mdev_accept=0 1134 1135 # 1136 # server tests 1137 # 1138 for a in ${NSA_IP} ${VRF_IP} 1139 do 1140 log_start 1141 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 1142 run_cmd nettest -s & 1143 sleep 1 1144 run_cmd_nsb nettest -r ${a} 1145 log_test_addr ${a} $? 1 "Global server" 1146 1147 log_start 1148 run_cmd nettest -s -I ${VRF} -3 ${VRF} & 1149 sleep 1 1150 run_cmd_nsb nettest -r ${a} 1151 log_test_addr ${a} $? 0 "VRF server" 1152 1153 log_start 1154 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} & 1155 sleep 1 1156 run_cmd_nsb nettest -r ${a} 1157 log_test_addr ${a} $? 0 "Device server" 1158 1159 # verify TCP reset received 1160 log_start 1161 show_hint "Should fail 'Connection refused' since there is no server" 1162 run_cmd_nsb nettest -r ${a} 1163 log_test_addr ${a} $? 1 "No server" 1164 done 1165 1166 # local address tests 1167 # (${VRF_IP} and 127.0.0.1 both timeout) 1168 a=${NSA_IP} 1169 log_start 1170 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 1171 run_cmd nettest -s & 1172 sleep 1 1173 run_cmd nettest -r ${a} -d ${NSA_DEV} 1174 log_test_addr ${a} $? 1 "Global server, local connection" 1175 1176 # run MD5 tests 1177 ipv4_tcp_md5 1178 1179 # 1180 # enable VRF global server 1181 # 1182 log_subsection "VRF Global server enabled" 1183 set_sysctl net.ipv4.tcp_l3mdev_accept=1 1184 1185 for a in ${NSA_IP} ${VRF_IP} 1186 do 1187 log_start 1188 show_hint "client socket should be bound to VRF" 1189 run_cmd nettest -s -3 ${VRF} & 1190 sleep 1 1191 run_cmd_nsb nettest -r ${a} 1192 log_test_addr ${a} $? 0 "Global server" 1193 1194 log_start 1195 show_hint "client socket should be bound to VRF" 1196 run_cmd nettest -s -I ${VRF} -3 ${VRF} & 1197 sleep 1 1198 run_cmd_nsb nettest -r ${a} 1199 log_test_addr ${a} $? 0 "VRF server" 1200 1201 # verify TCP reset received 1202 log_start 1203 show_hint "Should fail 'Connection refused'" 1204 run_cmd_nsb nettest -r ${a} 1205 log_test_addr ${a} $? 1 "No server" 1206 done 1207 1208 a=${NSA_IP} 1209 log_start 1210 show_hint "client socket should be bound to device" 1211 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} & 1212 sleep 1 1213 run_cmd_nsb nettest -r ${a} 1214 log_test_addr ${a} $? 0 "Device server" 1215 1216 # local address tests 1217 for a in ${NSA_IP} ${VRF_IP} 1218 do 1219 log_start 1220 show_hint "Should fail 'Connection refused' since client is not bound to VRF" 1221 run_cmd nettest -s -I ${VRF} & 1222 sleep 1 1223 run_cmd nettest -r ${a} 1224 log_test_addr ${a} $? 1 "Global server, local connection" 1225 done 1226 1227 # 1228 # client 1229 # 1230 for a in ${NSB_IP} ${NSB_LO_IP} 1231 do 1232 log_start 1233 run_cmd_nsb nettest -s & 1234 sleep 1 1235 run_cmd nettest -r ${a} -d ${VRF} 1236 log_test_addr ${a} $? 0 "Client, VRF bind" 1237 1238 log_start 1239 run_cmd_nsb nettest -s & 1240 sleep 1 1241 run_cmd nettest -r ${a} -d ${NSA_DEV} 1242 log_test_addr ${a} $? 0 "Client, device bind" 1243 1244 log_start 1245 show_hint "Should fail 'Connection refused'" 1246 run_cmd nettest -r ${a} -d ${VRF} 1247 log_test_addr ${a} $? 1 "No server, VRF client" 1248 1249 log_start 1250 show_hint "Should fail 'Connection refused'" 1251 run_cmd nettest -r ${a} -d ${NSA_DEV} 1252 log_test_addr ${a} $? 1 "No server, device client" 1253 done 1254 1255 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 1256 do 1257 log_start 1258 run_cmd nettest -s -I ${VRF} -3 ${VRF} & 1259 sleep 1 1260 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 1261 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 1262 done 1263 1264 a=${NSA_IP} 1265 log_start 1266 run_cmd nettest -s -I ${VRF} -3 ${VRF} & 1267 sleep 1 1268 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 1269 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 1270 1271 log_start 1272 show_hint "Should fail 'No route to host' since client is out of VRF scope" 1273 run_cmd nettest -s -I ${VRF} & 1274 sleep 1 1275 run_cmd nettest -r ${a} 1276 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 1277 1278 log_start 1279 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} & 1280 sleep 1 1281 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 1282 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 1283 1284 log_start 1285 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} & 1286 sleep 1 1287 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 1288 log_test_addr ${a} $? 0 "Device server, device client, local connection" 1289} 1290 1291ipv4_tcp() 1292{ 1293 log_section "IPv4/TCP" 1294 log_subsection "No VRF" 1295 setup 1296 1297 # tcp_l3mdev_accept should have no affect without VRF; 1298 # run tests with it enabled and disabled to verify 1299 log_subsection "tcp_l3mdev_accept disabled" 1300 set_sysctl net.ipv4.tcp_l3mdev_accept=0 1301 ipv4_tcp_novrf 1302 log_subsection "tcp_l3mdev_accept enabled" 1303 set_sysctl net.ipv4.tcp_l3mdev_accept=1 1304 ipv4_tcp_novrf 1305 1306 log_subsection "With VRF" 1307 setup "yes" 1308 ipv4_tcp_vrf 1309} 1310 1311################################################################################ 1312# IPv4 UDP 1313 1314ipv4_udp_novrf() 1315{ 1316 local a 1317 1318 # 1319 # server tests 1320 # 1321 for a in ${NSA_IP} ${NSA_LO_IP} 1322 do 1323 log_start 1324 run_cmd nettest -D -s -3 ${NSA_DEV} & 1325 sleep 1 1326 run_cmd_nsb nettest -D -r ${a} 1327 log_test_addr ${a} $? 0 "Global server" 1328 1329 log_start 1330 show_hint "Should fail 'Connection refused' since there is no server" 1331 run_cmd_nsb nettest -D -r ${a} 1332 log_test_addr ${a} $? 1 "No server" 1333 done 1334 1335 a=${NSA_IP} 1336 log_start 1337 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 1338 sleep 1 1339 run_cmd_nsb nettest -D -r ${a} 1340 log_test_addr ${a} $? 0 "Device server" 1341 1342 # 1343 # client 1344 # 1345 for a in ${NSB_IP} ${NSB_LO_IP} 1346 do 1347 log_start 1348 run_cmd_nsb nettest -D -s & 1349 sleep 1 1350 run_cmd nettest -D -r ${a} -0 ${NSA_IP} 1351 log_test_addr ${a} $? 0 "Client" 1352 1353 log_start 1354 run_cmd_nsb nettest -D -s & 1355 sleep 1 1356 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP} 1357 log_test_addr ${a} $? 0 "Client, device bind" 1358 1359 log_start 1360 run_cmd_nsb nettest -D -s & 1361 sleep 1 1362 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP} 1363 log_test_addr ${a} $? 0 "Client, device send via cmsg" 1364 1365 log_start 1366 run_cmd_nsb nettest -D -s & 1367 sleep 1 1368 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} 1369 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF" 1370 1371 log_start 1372 show_hint "Should fail 'Connection refused'" 1373 run_cmd nettest -D -r ${a} 1374 log_test_addr ${a} $? 1 "No server, unbound client" 1375 1376 log_start 1377 show_hint "Should fail 'Connection refused'" 1378 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1379 log_test_addr ${a} $? 1 "No server, device client" 1380 done 1381 1382 # 1383 # local address tests 1384 # 1385 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 1386 do 1387 log_start 1388 run_cmd nettest -D -s & 1389 sleep 1 1390 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a} 1391 log_test_addr ${a} $? 0 "Global server, local connection" 1392 done 1393 1394 a=${NSA_IP} 1395 log_start 1396 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} & 1397 sleep 1 1398 run_cmd nettest -D -r ${a} 1399 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 1400 1401 for a in ${NSA_LO_IP} 127.0.0.1 1402 do 1403 log_start 1404 show_hint "Should fail 'Connection refused' since address is out of device scope" 1405 run_cmd nettest -s -D -I ${NSA_DEV} & 1406 sleep 1 1407 run_cmd nettest -D -r ${a} 1408 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 1409 done 1410 1411 a=${NSA_IP} 1412 log_start 1413 run_cmd nettest -s -D & 1414 sleep 1 1415 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1416 log_test_addr ${a} $? 0 "Global server, device client, local connection" 1417 1418 log_start 1419 run_cmd nettest -s -D & 1420 sleep 1 1421 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a} 1422 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 1423 1424 log_start 1425 run_cmd nettest -s -D & 1426 sleep 1 1427 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} 1428 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection" 1429 1430 # IPv4 with device bind has really weird behavior - it overrides the 1431 # fib lookup, generates an rtable and tries to send the packet. This 1432 # causes failures for local traffic at different places 1433 for a in ${NSA_LO_IP} 127.0.0.1 1434 do 1435 log_start 1436 show_hint "Should fail since addresses on loopback are out of device scope" 1437 run_cmd nettest -D -s & 1438 sleep 1 1439 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1440 log_test_addr ${a} $? 2 "Global server, device client, local connection" 1441 1442 log_start 1443 show_hint "Should fail since addresses on loopback are out of device scope" 1444 run_cmd nettest -D -s & 1445 sleep 1 1446 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C 1447 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 1448 1449 log_start 1450 show_hint "Should fail since addresses on loopback are out of device scope" 1451 run_cmd nettest -D -s & 1452 sleep 1 1453 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S 1454 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 1455 done 1456 1457 a=${NSA_IP} 1458 log_start 1459 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} & 1460 sleep 1 1461 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a} 1462 log_test_addr ${a} $? 0 "Device server, device client, local conn" 1463 1464 log_start 1465 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1466 log_test_addr ${a} $? 2 "No server, device client, local conn" 1467} 1468 1469ipv4_udp_vrf() 1470{ 1471 local a 1472 1473 # disable global server 1474 log_subsection "Global server disabled" 1475 set_sysctl net.ipv4.udp_l3mdev_accept=0 1476 1477 # 1478 # server tests 1479 # 1480 for a in ${NSA_IP} ${VRF_IP} 1481 do 1482 log_start 1483 show_hint "Fails because ingress is in a VRF and global server is disabled" 1484 run_cmd nettest -D -s & 1485 sleep 1 1486 run_cmd_nsb nettest -D -r ${a} 1487 log_test_addr ${a} $? 1 "Global server" 1488 1489 log_start 1490 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} & 1491 sleep 1 1492 run_cmd_nsb nettest -D -r ${a} 1493 log_test_addr ${a} $? 0 "VRF server" 1494 1495 log_start 1496 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 1497 sleep 1 1498 run_cmd_nsb nettest -D -r ${a} 1499 log_test_addr ${a} $? 0 "Enslaved device server" 1500 1501 log_start 1502 show_hint "Should fail 'Connection refused' since there is no server" 1503 run_cmd_nsb nettest -D -r ${a} 1504 log_test_addr ${a} $? 1 "No server" 1505 1506 log_start 1507 show_hint "Should fail 'Connection refused' since global server is out of scope" 1508 run_cmd nettest -D -s & 1509 sleep 1 1510 run_cmd nettest -D -d ${VRF} -r ${a} 1511 log_test_addr ${a} $? 1 "Global server, VRF client, local connection" 1512 done 1513 1514 a=${NSA_IP} 1515 log_start 1516 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} & 1517 sleep 1 1518 run_cmd nettest -D -d ${VRF} -r ${a} 1519 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1520 1521 log_start 1522 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} & 1523 sleep 1 1524 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1525 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection" 1526 1527 a=${NSA_IP} 1528 log_start 1529 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} & 1530 sleep 1 1531 run_cmd nettest -D -d ${VRF} -r ${a} 1532 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1533 1534 log_start 1535 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} & 1536 sleep 1 1537 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1538 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1539 1540 # enable global server 1541 log_subsection "Global server enabled" 1542 set_sysctl net.ipv4.udp_l3mdev_accept=1 1543 1544 # 1545 # server tests 1546 # 1547 for a in ${NSA_IP} ${VRF_IP} 1548 do 1549 log_start 1550 run_cmd nettest -D -s -3 ${NSA_DEV} & 1551 sleep 1 1552 run_cmd_nsb nettest -D -r ${a} 1553 log_test_addr ${a} $? 0 "Global server" 1554 1555 log_start 1556 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} & 1557 sleep 1 1558 run_cmd_nsb nettest -D -r ${a} 1559 log_test_addr ${a} $? 0 "VRF server" 1560 1561 log_start 1562 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 1563 sleep 1 1564 run_cmd_nsb nettest -D -r ${a} 1565 log_test_addr ${a} $? 0 "Enslaved device server" 1566 1567 log_start 1568 show_hint "Should fail 'Connection refused'" 1569 run_cmd_nsb nettest -D -r ${a} 1570 log_test_addr ${a} $? 1 "No server" 1571 done 1572 1573 # 1574 # client tests 1575 # 1576 log_start 1577 run_cmd_nsb nettest -D -s & 1578 sleep 1 1579 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP} 1580 log_test $? 0 "VRF client" 1581 1582 log_start 1583 run_cmd_nsb nettest -D -s & 1584 sleep 1 1585 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP} 1586 log_test $? 0 "Enslaved device client" 1587 1588 # negative test - should fail 1589 log_start 1590 show_hint "Should fail 'Connection refused'" 1591 run_cmd nettest -D -d ${VRF} -r ${NSB_IP} 1592 log_test $? 1 "No server, VRF client" 1593 1594 log_start 1595 show_hint "Should fail 'Connection refused'" 1596 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP} 1597 log_test $? 1 "No server, enslaved device client" 1598 1599 # 1600 # local address tests 1601 # 1602 a=${NSA_IP} 1603 log_start 1604 run_cmd nettest -D -s -3 ${NSA_DEV} & 1605 sleep 1 1606 run_cmd nettest -D -d ${VRF} -r ${a} 1607 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1608 1609 log_start 1610 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} & 1611 sleep 1 1612 run_cmd nettest -D -d ${VRF} -r ${a} 1613 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1614 1615 log_start 1616 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} & 1617 sleep 1 1618 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1619 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 1620 1621 log_start 1622 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} & 1623 sleep 1 1624 run_cmd nettest -D -d ${VRF} -r ${a} 1625 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1626 1627 log_start 1628 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} & 1629 sleep 1 1630 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1631 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1632 1633 for a in ${VRF_IP} 127.0.0.1 1634 do 1635 log_start 1636 run_cmd nettest -D -s -3 ${VRF} & 1637 sleep 1 1638 run_cmd nettest -D -d ${VRF} -r ${a} 1639 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1640 done 1641 1642 for a in ${VRF_IP} 127.0.0.1 1643 do 1644 log_start 1645 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} & 1646 sleep 1 1647 run_cmd nettest -D -d ${VRF} -r ${a} 1648 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1649 done 1650 1651 # negative test - should fail 1652 # verifies ECONNREFUSED 1653 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 1654 do 1655 log_start 1656 show_hint "Should fail 'Connection refused'" 1657 run_cmd nettest -D -d ${VRF} -r ${a} 1658 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 1659 done 1660} 1661 1662ipv4_udp() 1663{ 1664 log_section "IPv4/UDP" 1665 log_subsection "No VRF" 1666 1667 setup 1668 1669 # udp_l3mdev_accept should have no affect without VRF; 1670 # run tests with it enabled and disabled to verify 1671 log_subsection "udp_l3mdev_accept disabled" 1672 set_sysctl net.ipv4.udp_l3mdev_accept=0 1673 ipv4_udp_novrf 1674 log_subsection "udp_l3mdev_accept enabled" 1675 set_sysctl net.ipv4.udp_l3mdev_accept=1 1676 ipv4_udp_novrf 1677 1678 log_subsection "With VRF" 1679 setup "yes" 1680 ipv4_udp_vrf 1681} 1682 1683################################################################################ 1684# IPv4 address bind 1685# 1686# verifies ability or inability to bind to an address / device 1687 1688ipv4_addr_bind_novrf() 1689{ 1690 # 1691 # raw socket 1692 # 1693 for a in ${NSA_IP} ${NSA_LO_IP} 1694 do 1695 log_start 1696 run_cmd nettest -s -R -P icmp -l ${a} -b 1697 log_test_addr ${a} $? 0 "Raw socket bind to local address" 1698 1699 log_start 1700 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b 1701 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1702 done 1703 1704 # 1705 # tcp sockets 1706 # 1707 a=${NSA_IP} 1708 log_start 1709 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b 1710 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1711 1712 log_start 1713 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b 1714 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1715 1716 # Sadly, the kernel allows binding a socket to a device and then 1717 # binding to an address not on the device. The only restriction 1718 # is that the address is valid in the L3 domain. So this test 1719 # passes when it really should not 1720 #a=${NSA_LO_IP} 1721 #log_start 1722 #show_hint "Should fail with 'Cannot assign requested address'" 1723 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b 1724 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address" 1725} 1726 1727ipv4_addr_bind_vrf() 1728{ 1729 # 1730 # raw socket 1731 # 1732 for a in ${NSA_IP} ${VRF_IP} 1733 do 1734 log_start 1735 run_cmd nettest -s -R -P icmp -l ${a} -b 1736 log_test_addr ${a} $? 0 "Raw socket bind to local address" 1737 1738 log_start 1739 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b 1740 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1741 log_start 1742 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b 1743 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind" 1744 done 1745 1746 a=${NSA_LO_IP} 1747 log_start 1748 show_hint "Address on loopback is out of VRF scope" 1749 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b 1750 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind" 1751 1752 # 1753 # tcp sockets 1754 # 1755 for a in ${NSA_IP} ${VRF_IP} 1756 do 1757 log_start 1758 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b 1759 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1760 1761 log_start 1762 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b 1763 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1764 done 1765 1766 a=${NSA_LO_IP} 1767 log_start 1768 show_hint "Address on loopback out of scope for VRF" 1769 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b 1770 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 1771 1772 log_start 1773 show_hint "Address on loopback out of scope for device in VRF" 1774 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b 1775 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 1776} 1777 1778ipv4_addr_bind() 1779{ 1780 log_section "IPv4 address binds" 1781 1782 log_subsection "No VRF" 1783 setup 1784 ipv4_addr_bind_novrf 1785 1786 log_subsection "With VRF" 1787 setup "yes" 1788 ipv4_addr_bind_vrf 1789} 1790 1791################################################################################ 1792# IPv4 runtime tests 1793 1794ipv4_rt() 1795{ 1796 local desc="$1" 1797 local varg="$2" 1798 local with_vrf="yes" 1799 local a 1800 1801 # 1802 # server tests 1803 # 1804 for a in ${NSA_IP} ${VRF_IP} 1805 do 1806 log_start 1807 run_cmd nettest ${varg} -s & 1808 sleep 1 1809 run_cmd_nsb nettest ${varg} -r ${a} & 1810 sleep 3 1811 run_cmd ip link del ${VRF} 1812 sleep 1 1813 log_test_addr ${a} 0 0 "${desc}, global server" 1814 1815 setup ${with_vrf} 1816 done 1817 1818 for a in ${NSA_IP} ${VRF_IP} 1819 do 1820 log_start 1821 run_cmd nettest ${varg} -s -I ${VRF} & 1822 sleep 1 1823 run_cmd_nsb nettest ${varg} -r ${a} & 1824 sleep 3 1825 run_cmd ip link del ${VRF} 1826 sleep 1 1827 log_test_addr ${a} 0 0 "${desc}, VRF server" 1828 1829 setup ${with_vrf} 1830 done 1831 1832 a=${NSA_IP} 1833 log_start 1834 run_cmd nettest ${varg} -s -I ${NSA_DEV} & 1835 sleep 1 1836 run_cmd_nsb nettest ${varg} -r ${a} & 1837 sleep 3 1838 run_cmd ip link del ${VRF} 1839 sleep 1 1840 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 1841 1842 setup ${with_vrf} 1843 1844 # 1845 # client test 1846 # 1847 log_start 1848 run_cmd_nsb nettest ${varg} -s & 1849 sleep 1 1850 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} & 1851 sleep 3 1852 run_cmd ip link del ${VRF} 1853 sleep 1 1854 log_test_addr ${a} 0 0 "${desc}, VRF client" 1855 1856 setup ${with_vrf} 1857 1858 log_start 1859 run_cmd_nsb nettest ${varg} -s & 1860 sleep 1 1861 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} & 1862 sleep 3 1863 run_cmd ip link del ${VRF} 1864 sleep 1 1865 log_test_addr ${a} 0 0 "${desc}, enslaved device client" 1866 1867 setup ${with_vrf} 1868 1869 # 1870 # local address tests 1871 # 1872 for a in ${NSA_IP} ${VRF_IP} 1873 do 1874 log_start 1875 run_cmd nettest ${varg} -s & 1876 sleep 1 1877 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1878 sleep 3 1879 run_cmd ip link del ${VRF} 1880 sleep 1 1881 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local" 1882 1883 setup ${with_vrf} 1884 done 1885 1886 for a in ${NSA_IP} ${VRF_IP} 1887 do 1888 log_start 1889 run_cmd nettest ${varg} -I ${VRF} -s & 1890 sleep 1 1891 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1892 sleep 3 1893 run_cmd ip link del ${VRF} 1894 sleep 1 1895 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local" 1896 1897 setup ${with_vrf} 1898 done 1899 1900 a=${NSA_IP} 1901 log_start 1902 run_cmd nettest ${varg} -s & 1903 sleep 1 1904 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1905 sleep 3 1906 run_cmd ip link del ${VRF} 1907 sleep 1 1908 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local" 1909 1910 setup ${with_vrf} 1911 1912 log_start 1913 run_cmd nettest ${varg} -I ${VRF} -s & 1914 sleep 1 1915 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1916 sleep 3 1917 run_cmd ip link del ${VRF} 1918 sleep 1 1919 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local" 1920 1921 setup ${with_vrf} 1922 1923 log_start 1924 run_cmd nettest ${varg} -I ${NSA_DEV} -s & 1925 sleep 1 1926 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1927 sleep 3 1928 run_cmd ip link del ${VRF} 1929 sleep 1 1930 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local" 1931} 1932 1933ipv4_ping_rt() 1934{ 1935 local with_vrf="yes" 1936 local a 1937 1938 for a in ${NSA_IP} ${VRF_IP} 1939 do 1940 log_start 1941 run_cmd_nsb ping -f ${a} & 1942 sleep 3 1943 run_cmd ip link del ${VRF} 1944 sleep 1 1945 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 1946 1947 setup ${with_vrf} 1948 done 1949 1950 a=${NSB_IP} 1951 log_start 1952 run_cmd ping -f -I ${VRF} ${a} & 1953 sleep 3 1954 run_cmd ip link del ${VRF} 1955 sleep 1 1956 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 1957} 1958 1959ipv4_runtime() 1960{ 1961 log_section "Run time tests - ipv4" 1962 1963 setup "yes" 1964 ipv4_ping_rt 1965 1966 setup "yes" 1967 ipv4_rt "TCP active socket" "-n -1" 1968 1969 setup "yes" 1970 ipv4_rt "TCP passive socket" "-i" 1971} 1972 1973################################################################################ 1974# IPv6 1975 1976ipv6_ping_novrf() 1977{ 1978 local a 1979 1980 # should not have an impact, but make a known state 1981 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 1982 1983 # 1984 # out 1985 # 1986 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1987 do 1988 log_start 1989 run_cmd ${ping6} -c1 -w1 ${a} 1990 log_test_addr ${a} $? 0 "ping out" 1991 done 1992 1993 for a in ${NSB_IP6} ${NSB_LO_IP6} 1994 do 1995 log_start 1996 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1997 log_test_addr ${a} $? 0 "ping out, device bind" 1998 1999 log_start 2000 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a} 2001 log_test_addr ${a} $? 0 "ping out, loopback address bind" 2002 done 2003 2004 # 2005 # in 2006 # 2007 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 2008 do 2009 log_start 2010 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2011 log_test_addr ${a} $? 0 "ping in" 2012 done 2013 2014 # 2015 # local traffic, local address 2016 # 2017 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2018 do 2019 log_start 2020 run_cmd ${ping6} -c1 -w1 ${a} 2021 log_test_addr ${a} $? 0 "ping local, no bind" 2022 done 2023 2024 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2025 do 2026 log_start 2027 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2028 log_test_addr ${a} $? 0 "ping local, device bind" 2029 done 2030 2031 for a in ${NSA_LO_IP6} ::1 2032 do 2033 log_start 2034 show_hint "Fails since address on loopback is out of device scope" 2035 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2036 log_test_addr ${a} $? 2 "ping local, device bind" 2037 done 2038 2039 # 2040 # ip rule blocks address 2041 # 2042 log_start 2043 setup_cmd ip -6 rule add pref 32765 from all lookup local 2044 setup_cmd ip -6 rule del pref 0 from all lookup local 2045 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 2046 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 2047 2048 a=${NSB_LO_IP6} 2049 run_cmd ${ping6} -c1 -w1 ${a} 2050 log_test_addr ${a} $? 2 "ping out, blocked by rule" 2051 2052 log_start 2053 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2054 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 2055 2056 a=${NSA_LO_IP6} 2057 log_start 2058 show_hint "Response lost due to ip rule" 2059 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2060 log_test_addr ${a} $? 1 "ping in, blocked by rule" 2061 2062 setup_cmd ip -6 rule add pref 0 from all lookup local 2063 setup_cmd ip -6 rule del pref 32765 from all lookup local 2064 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 2065 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 2066 2067 # 2068 # route blocks reachability to remote address 2069 # 2070 log_start 2071 setup_cmd ip -6 route del ${NSB_LO_IP6} 2072 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10 2073 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10 2074 2075 a=${NSB_LO_IP6} 2076 run_cmd ${ping6} -c1 -w1 ${a} 2077 log_test_addr ${a} $? 2 "ping out, blocked by route" 2078 2079 log_start 2080 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2081 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route" 2082 2083 a=${NSA_LO_IP6} 2084 log_start 2085 show_hint "Response lost due to ip route" 2086 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2087 log_test_addr ${a} $? 1 "ping in, blocked by route" 2088 2089 2090 # 2091 # remove 'remote' routes; fallback to default 2092 # 2093 log_start 2094 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6} 2095 setup_cmd ip -6 ro del unreachable ${NSB_IP6} 2096 2097 a=${NSB_LO_IP6} 2098 run_cmd ${ping6} -c1 -w1 ${a} 2099 log_test_addr ${a} $? 2 "ping out, unreachable route" 2100 2101 log_start 2102 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2103 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 2104} 2105 2106ipv6_ping_vrf() 2107{ 2108 local a 2109 2110 # should default on; does not exist on older kernels 2111 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 2112 2113 # 2114 # out 2115 # 2116 for a in ${NSB_IP6} ${NSB_LO_IP6} 2117 do 2118 log_start 2119 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 2120 log_test_addr ${a} $? 0 "ping out, VRF bind" 2121 done 2122 2123 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF} 2124 do 2125 log_start 2126 show_hint "Fails since VRF device does not support linklocal or multicast" 2127 run_cmd ${ping6} -c1 -w1 ${a} 2128 log_test_addr ${a} $? 2 "ping out, VRF bind" 2129 done 2130 2131 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2132 do 2133 log_start 2134 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2135 log_test_addr ${a} $? 0 "ping out, device bind" 2136 done 2137 2138 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2139 do 2140 log_start 2141 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a} 2142 log_test_addr ${a} $? 0 "ping out, vrf device+address bind" 2143 done 2144 2145 # 2146 # in 2147 # 2148 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 2149 do 2150 log_start 2151 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2152 log_test_addr ${a} $? 0 "ping in" 2153 done 2154 2155 a=${NSA_LO_IP6} 2156 log_start 2157 show_hint "Fails since loopback address is out of VRF scope" 2158 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2159 log_test_addr ${a} $? 1 "ping in" 2160 2161 # 2162 # local traffic, local address 2163 # 2164 for a in ${NSA_IP6} ${VRF_IP6} ::1 2165 do 2166 log_start 2167 show_hint "Source address should be ${a}" 2168 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 2169 log_test_addr ${a} $? 0 "ping local, VRF bind" 2170 done 2171 2172 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2173 do 2174 log_start 2175 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2176 log_test_addr ${a} $? 0 "ping local, device bind" 2177 done 2178 2179 # LLA to GUA - remove ipv6 global addresses from ns-B 2180 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 2181 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo 2182 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 2183 2184 for a in ${NSA_IP6} ${VRF_IP6} 2185 do 2186 log_start 2187 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 2188 log_test_addr ${a} $? 0 "ping in, LLA to GUA" 2189 done 2190 2191 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 2192 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} 2193 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo 2194 2195 # 2196 # ip rule blocks address 2197 # 2198 log_start 2199 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 2200 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 2201 2202 a=${NSB_LO_IP6} 2203 run_cmd ${ping6} -c1 -w1 ${a} 2204 log_test_addr ${a} $? 2 "ping out, blocked by rule" 2205 2206 log_start 2207 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2208 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 2209 2210 a=${NSA_LO_IP6} 2211 log_start 2212 show_hint "Response lost due to ip rule" 2213 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2214 log_test_addr ${a} $? 1 "ping in, blocked by rule" 2215 2216 log_start 2217 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 2218 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 2219 2220 # 2221 # remove 'remote' routes; fallback to default 2222 # 2223 log_start 2224 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF} 2225 2226 a=${NSB_LO_IP6} 2227 run_cmd ${ping6} -c1 -w1 ${a} 2228 log_test_addr ${a} $? 2 "ping out, unreachable route" 2229 2230 log_start 2231 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2232 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 2233 2234 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6} 2235 a=${NSA_LO_IP6} 2236 log_start 2237 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2238 log_test_addr ${a} $? 2 "ping in, unreachable route" 2239} 2240 2241ipv6_ping() 2242{ 2243 log_section "IPv6 ping" 2244 2245 log_subsection "No VRF" 2246 setup 2247 ipv6_ping_novrf 2248 2249 log_subsection "With VRF" 2250 setup "yes" 2251 ipv6_ping_vrf 2252} 2253 2254################################################################################ 2255# IPv6 TCP 2256 2257# 2258# MD5 tests without VRF 2259# 2260ipv6_tcp_md5_novrf() 2261{ 2262 # 2263 # single address 2264 # 2265 2266 # basic use case 2267 log_start 2268 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} & 2269 sleep 1 2270 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2271 log_test $? 0 "MD5: Single address config" 2272 2273 # client sends MD5, server not configured 2274 log_start 2275 show_hint "Should timeout due to MD5 mismatch" 2276 run_cmd nettest -6 -s & 2277 sleep 1 2278 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2279 log_test $? 2 "MD5: Server no config, client uses password" 2280 2281 # wrong password 2282 log_start 2283 show_hint "Should timeout since client uses wrong password" 2284 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} & 2285 sleep 1 2286 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} 2287 log_test $? 2 "MD5: Client uses wrong password" 2288 2289 # client from different address 2290 log_start 2291 show_hint "Should timeout due to MD5 mismatch" 2292 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} & 2293 sleep 1 2294 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2295 log_test $? 2 "MD5: Client address does not match address configured with password" 2296 2297 # 2298 # MD5 extension - prefix length 2299 # 2300 2301 # client in prefix 2302 log_start 2303 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & 2304 sleep 1 2305 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2306 log_test $? 0 "MD5: Prefix config" 2307 2308 # client in prefix, wrong password 2309 log_start 2310 show_hint "Should timeout since client uses wrong password" 2311 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & 2312 sleep 1 2313 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} 2314 log_test $? 2 "MD5: Prefix config, client uses wrong password" 2315 2316 # client outside of prefix 2317 log_start 2318 show_hint "Should timeout due to MD5 mismatch" 2319 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & 2320 sleep 1 2321 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW} 2322 log_test $? 2 "MD5: Prefix config, client address not in configured prefix" 2323} 2324 2325# 2326# MD5 tests with VRF 2327# 2328ipv6_tcp_md5() 2329{ 2330 # 2331 # single address 2332 # 2333 2334 # basic use case 2335 log_start 2336 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & 2337 sleep 1 2338 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2339 log_test $? 0 "MD5: VRF: Single address config" 2340 2341 # client sends MD5, server not configured 2342 log_start 2343 show_hint "Should timeout since server does not have MD5 auth" 2344 run_cmd nettest -6 -s -I ${VRF} & 2345 sleep 1 2346 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2347 log_test $? 2 "MD5: VRF: Server no config, client uses password" 2348 2349 # wrong password 2350 log_start 2351 show_hint "Should timeout since client uses wrong password" 2352 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & 2353 sleep 1 2354 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} 2355 log_test $? 2 "MD5: VRF: Client uses wrong password" 2356 2357 # client from different address 2358 log_start 2359 show_hint "Should timeout since server config differs from client" 2360 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} & 2361 sleep 1 2362 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2363 log_test $? 2 "MD5: VRF: Client address does not match address configured with password" 2364 2365 # 2366 # MD5 extension - prefix length 2367 # 2368 2369 # client in prefix 2370 log_start 2371 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2372 sleep 1 2373 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2374 log_test $? 0 "MD5: VRF: Prefix config" 2375 2376 # client in prefix, wrong password 2377 log_start 2378 show_hint "Should timeout since client uses wrong password" 2379 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2380 sleep 1 2381 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} 2382 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password" 2383 2384 # client outside of prefix 2385 log_start 2386 show_hint "Should timeout since client address is outside of prefix" 2387 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2388 sleep 1 2389 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW} 2390 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix" 2391 2392 # 2393 # duplicate config between default VRF and a VRF 2394 # 2395 2396 log_start 2397 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & 2398 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} & 2399 sleep 1 2400 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2401 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" 2402 2403 log_start 2404 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & 2405 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} & 2406 sleep 1 2407 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} 2408 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" 2409 2410 log_start 2411 show_hint "Should timeout since client in default VRF uses VRF password" 2412 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & 2413 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} & 2414 sleep 1 2415 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2416 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" 2417 2418 log_start 2419 show_hint "Should timeout since client in VRF uses default VRF password" 2420 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & 2421 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} & 2422 sleep 1 2423 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} 2424 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" 2425 2426 log_start 2427 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2428 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2429 sleep 1 2430 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2431 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF" 2432 2433 log_start 2434 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2435 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2436 sleep 1 2437 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} 2438 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF" 2439 2440 log_start 2441 show_hint "Should timeout since client in default VRF uses VRF password" 2442 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2443 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2444 sleep 1 2445 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW} 2446 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw" 2447 2448 log_start 2449 show_hint "Should timeout since client in VRF uses default VRF password" 2450 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2451 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2452 sleep 1 2453 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} 2454 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw" 2455 2456 # 2457 # negative tests 2458 # 2459 log_start 2460 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6} 2461 log_test $? 1 "MD5: VRF: Device must be a VRF - single address" 2462 2463 log_start 2464 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6} 2465 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix" 2466 2467} 2468 2469ipv6_tcp_novrf() 2470{ 2471 local a 2472 2473 # 2474 # server tests 2475 # 2476 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2477 do 2478 log_start 2479 run_cmd nettest -6 -s & 2480 sleep 1 2481 run_cmd_nsb nettest -6 -r ${a} 2482 log_test_addr ${a} $? 0 "Global server" 2483 done 2484 2485 # verify TCP reset received 2486 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2487 do 2488 log_start 2489 show_hint "Should fail 'Connection refused'" 2490 run_cmd_nsb nettest -6 -r ${a} 2491 log_test_addr ${a} $? 1 "No server" 2492 done 2493 2494 # 2495 # client 2496 # 2497 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2498 do 2499 log_start 2500 run_cmd_nsb nettest -6 -s & 2501 sleep 1 2502 run_cmd nettest -6 -r ${a} 2503 log_test_addr ${a} $? 0 "Client" 2504 done 2505 2506 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2507 do 2508 log_start 2509 run_cmd_nsb nettest -6 -s & 2510 sleep 1 2511 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2512 log_test_addr ${a} $? 0 "Client, device bind" 2513 done 2514 2515 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2516 do 2517 log_start 2518 show_hint "Should fail 'Connection refused'" 2519 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2520 log_test_addr ${a} $? 1 "No server, device client" 2521 done 2522 2523 # 2524 # local address tests 2525 # 2526 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2527 do 2528 log_start 2529 run_cmd nettest -6 -s & 2530 sleep 1 2531 run_cmd nettest -6 -r ${a} 2532 log_test_addr ${a} $? 0 "Global server, local connection" 2533 done 2534 2535 a=${NSA_IP6} 2536 log_start 2537 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} & 2538 sleep 1 2539 run_cmd nettest -6 -r ${a} -0 ${a} 2540 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2541 2542 for a in ${NSA_LO_IP6} ::1 2543 do 2544 log_start 2545 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2546 run_cmd nettest -6 -s -I ${NSA_DEV} & 2547 sleep 1 2548 run_cmd nettest -6 -r ${a} 2549 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 2550 done 2551 2552 a=${NSA_IP6} 2553 log_start 2554 run_cmd nettest -6 -s & 2555 sleep 1 2556 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2557 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2558 2559 for a in ${NSA_LO_IP6} ::1 2560 do 2561 log_start 2562 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2563 run_cmd nettest -6 -s & 2564 sleep 1 2565 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2566 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2567 done 2568 2569 for a in ${NSA_IP6} ${NSA_LINKIP6} 2570 do 2571 log_start 2572 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} & 2573 sleep 1 2574 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2575 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2576 done 2577 2578 for a in ${NSA_IP6} ${NSA_LINKIP6} 2579 do 2580 log_start 2581 show_hint "Should fail 'Connection refused'" 2582 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2583 log_test_addr ${a} $? 1 "No server, device client, local conn" 2584 done 2585 2586 ipv6_tcp_md5_novrf 2587} 2588 2589ipv6_tcp_vrf() 2590{ 2591 local a 2592 2593 # disable global server 2594 log_subsection "Global server disabled" 2595 2596 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2597 2598 # 2599 # server tests 2600 # 2601 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2602 do 2603 log_start 2604 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2605 run_cmd nettest -6 -s & 2606 sleep 1 2607 run_cmd_nsb nettest -6 -r ${a} 2608 log_test_addr ${a} $? 1 "Global server" 2609 done 2610 2611 for a in ${NSA_IP6} ${VRF_IP6} 2612 do 2613 log_start 2614 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} & 2615 sleep 1 2616 run_cmd_nsb nettest -6 -r ${a} 2617 log_test_addr ${a} $? 0 "VRF server" 2618 done 2619 2620 # link local is always bound to ingress device 2621 a=${NSA_LINKIP6}%${NSB_DEV} 2622 log_start 2623 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} & 2624 sleep 1 2625 run_cmd_nsb nettest -6 -r ${a} 2626 log_test_addr ${a} $? 0 "VRF server" 2627 2628 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2629 do 2630 log_start 2631 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} & 2632 sleep 1 2633 run_cmd_nsb nettest -6 -r ${a} 2634 log_test_addr ${a} $? 0 "Device server" 2635 done 2636 2637 # verify TCP reset received 2638 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2639 do 2640 log_start 2641 show_hint "Should fail 'Connection refused'" 2642 run_cmd_nsb nettest -6 -r ${a} 2643 log_test_addr ${a} $? 1 "No server" 2644 done 2645 2646 # local address tests 2647 a=${NSA_IP6} 2648 log_start 2649 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2650 run_cmd nettest -6 -s & 2651 sleep 1 2652 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2653 log_test_addr ${a} $? 1 "Global server, local connection" 2654 2655 # run MD5 tests 2656 ipv6_tcp_md5 2657 2658 # 2659 # enable VRF global server 2660 # 2661 log_subsection "VRF Global server enabled" 2662 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2663 2664 for a in ${NSA_IP6} ${VRF_IP6} 2665 do 2666 log_start 2667 run_cmd nettest -6 -s -3 ${VRF} & 2668 sleep 1 2669 run_cmd_nsb nettest -6 -r ${a} 2670 log_test_addr ${a} $? 0 "Global server" 2671 done 2672 2673 for a in ${NSA_IP6} ${VRF_IP6} 2674 do 2675 log_start 2676 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} & 2677 sleep 1 2678 run_cmd_nsb nettest -6 -r ${a} 2679 log_test_addr ${a} $? 0 "VRF server" 2680 done 2681 2682 # For LLA, child socket is bound to device 2683 a=${NSA_LINKIP6}%${NSB_DEV} 2684 log_start 2685 run_cmd nettest -6 -s -3 ${NSA_DEV} & 2686 sleep 1 2687 run_cmd_nsb nettest -6 -r ${a} 2688 log_test_addr ${a} $? 0 "Global server" 2689 2690 log_start 2691 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} & 2692 sleep 1 2693 run_cmd_nsb nettest -6 -r ${a} 2694 log_test_addr ${a} $? 0 "VRF server" 2695 2696 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2697 do 2698 log_start 2699 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} & 2700 sleep 1 2701 run_cmd_nsb nettest -6 -r ${a} 2702 log_test_addr ${a} $? 0 "Device server" 2703 done 2704 2705 # verify TCP reset received 2706 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2707 do 2708 log_start 2709 show_hint "Should fail 'Connection refused'" 2710 run_cmd_nsb nettest -6 -r ${a} 2711 log_test_addr ${a} $? 1 "No server" 2712 done 2713 2714 # local address tests 2715 for a in ${NSA_IP6} ${VRF_IP6} 2716 do 2717 log_start 2718 show_hint "Fails 'Connection refused' since client is not in VRF" 2719 run_cmd nettest -6 -s -I ${VRF} & 2720 sleep 1 2721 run_cmd nettest -6 -r ${a} 2722 log_test_addr ${a} $? 1 "Global server, local connection" 2723 done 2724 2725 2726 # 2727 # client 2728 # 2729 for a in ${NSB_IP6} ${NSB_LO_IP6} 2730 do 2731 log_start 2732 run_cmd_nsb nettest -6 -s & 2733 sleep 1 2734 run_cmd nettest -6 -r ${a} -d ${VRF} 2735 log_test_addr ${a} $? 0 "Client, VRF bind" 2736 done 2737 2738 a=${NSB_LINKIP6} 2739 log_start 2740 show_hint "Fails since VRF device does not allow linklocal addresses" 2741 run_cmd_nsb nettest -6 -s & 2742 sleep 1 2743 run_cmd nettest -6 -r ${a} -d ${VRF} 2744 log_test_addr ${a} $? 1 "Client, VRF bind" 2745 2746 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2747 do 2748 log_start 2749 run_cmd_nsb nettest -6 -s & 2750 sleep 1 2751 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2752 log_test_addr ${a} $? 0 "Client, device bind" 2753 done 2754 2755 for a in ${NSB_IP6} ${NSB_LO_IP6} 2756 do 2757 log_start 2758 show_hint "Should fail 'Connection refused'" 2759 run_cmd nettest -6 -r ${a} -d ${VRF} 2760 log_test_addr ${a} $? 1 "No server, VRF client" 2761 done 2762 2763 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2764 do 2765 log_start 2766 show_hint "Should fail 'Connection refused'" 2767 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2768 log_test_addr ${a} $? 1 "No server, device client" 2769 done 2770 2771 for a in ${NSA_IP6} ${VRF_IP6} ::1 2772 do 2773 log_start 2774 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} & 2775 sleep 1 2776 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2777 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 2778 done 2779 2780 a=${NSA_IP6} 2781 log_start 2782 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} & 2783 sleep 1 2784 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2785 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 2786 2787 a=${NSA_IP6} 2788 log_start 2789 show_hint "Should fail since unbound client is out of VRF scope" 2790 run_cmd nettest -6 -s -I ${VRF} & 2791 sleep 1 2792 run_cmd nettest -6 -r ${a} 2793 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 2794 2795 log_start 2796 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} & 2797 sleep 1 2798 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2799 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 2800 2801 for a in ${NSA_IP6} ${NSA_LINKIP6} 2802 do 2803 log_start 2804 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} & 2805 sleep 1 2806 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2807 log_test_addr ${a} $? 0 "Device server, device client, local connection" 2808 done 2809} 2810 2811ipv6_tcp() 2812{ 2813 log_section "IPv6/TCP" 2814 log_subsection "No VRF" 2815 setup 2816 2817 # tcp_l3mdev_accept should have no affect without VRF; 2818 # run tests with it enabled and disabled to verify 2819 log_subsection "tcp_l3mdev_accept disabled" 2820 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2821 ipv6_tcp_novrf 2822 log_subsection "tcp_l3mdev_accept enabled" 2823 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2824 ipv6_tcp_novrf 2825 2826 log_subsection "With VRF" 2827 setup "yes" 2828 ipv6_tcp_vrf 2829} 2830 2831################################################################################ 2832# IPv6 UDP 2833 2834ipv6_udp_novrf() 2835{ 2836 local a 2837 2838 # 2839 # server tests 2840 # 2841 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2842 do 2843 log_start 2844 run_cmd nettest -6 -D -s -3 ${NSA_DEV} & 2845 sleep 1 2846 run_cmd_nsb nettest -6 -D -r ${a} 2847 log_test_addr ${a} $? 0 "Global server" 2848 2849 log_start 2850 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 2851 sleep 1 2852 run_cmd_nsb nettest -6 -D -r ${a} 2853 log_test_addr ${a} $? 0 "Device server" 2854 done 2855 2856 a=${NSA_LO_IP6} 2857 log_start 2858 run_cmd nettest -6 -D -s -3 ${NSA_DEV} & 2859 sleep 1 2860 run_cmd_nsb nettest -6 -D -r ${a} 2861 log_test_addr ${a} $? 0 "Global server" 2862 2863 # should fail since loopback address is out of scope for a device 2864 # bound server, but it does not - hence this is more documenting 2865 # behavior. 2866 #log_start 2867 #show_hint "Should fail since loopback address is out of scope" 2868 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 2869 #sleep 1 2870 #run_cmd_nsb nettest -6 -D -r ${a} 2871 #log_test_addr ${a} $? 1 "Device server" 2872 2873 # negative test - should fail 2874 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2875 do 2876 log_start 2877 show_hint "Should fail 'Connection refused' since there is no server" 2878 run_cmd_nsb nettest -6 -D -r ${a} 2879 log_test_addr ${a} $? 1 "No server" 2880 done 2881 2882 # 2883 # client 2884 # 2885 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2886 do 2887 log_start 2888 run_cmd_nsb nettest -6 -D -s & 2889 sleep 1 2890 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6} 2891 log_test_addr ${a} $? 0 "Client" 2892 2893 log_start 2894 run_cmd_nsb nettest -6 -D -s & 2895 sleep 1 2896 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6} 2897 log_test_addr ${a} $? 0 "Client, device bind" 2898 2899 log_start 2900 run_cmd_nsb nettest -6 -D -s & 2901 sleep 1 2902 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6} 2903 log_test_addr ${a} $? 0 "Client, device send via cmsg" 2904 2905 log_start 2906 run_cmd_nsb nettest -6 -D -s & 2907 sleep 1 2908 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6} 2909 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF" 2910 2911 log_start 2912 show_hint "Should fail 'Connection refused'" 2913 run_cmd nettest -6 -D -r ${a} 2914 log_test_addr ${a} $? 1 "No server, unbound client" 2915 2916 log_start 2917 show_hint "Should fail 'Connection refused'" 2918 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2919 log_test_addr ${a} $? 1 "No server, device client" 2920 done 2921 2922 # 2923 # local address tests 2924 # 2925 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2926 do 2927 log_start 2928 run_cmd nettest -6 -D -s & 2929 sleep 1 2930 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a} 2931 log_test_addr ${a} $? 0 "Global server, local connection" 2932 done 2933 2934 a=${NSA_IP6} 2935 log_start 2936 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} & 2937 sleep 1 2938 run_cmd nettest -6 -D -r ${a} 2939 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2940 2941 for a in ${NSA_LO_IP6} ::1 2942 do 2943 log_start 2944 show_hint "Should fail 'Connection refused' since address is out of device scope" 2945 run_cmd nettest -6 -s -D -I ${NSA_DEV} & 2946 sleep 1 2947 run_cmd nettest -6 -D -r ${a} 2948 log_test_addr ${a} $? 1 "Device server, local connection" 2949 done 2950 2951 a=${NSA_IP6} 2952 log_start 2953 run_cmd nettest -6 -s -D & 2954 sleep 1 2955 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2956 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2957 2958 log_start 2959 run_cmd nettest -6 -s -D & 2960 sleep 1 2961 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a} 2962 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 2963 2964 log_start 2965 run_cmd nettest -6 -s -D & 2966 sleep 1 2967 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a} 2968 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection" 2969 2970 for a in ${NSA_LO_IP6} ::1 2971 do 2972 log_start 2973 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2974 run_cmd nettest -6 -D -s & 2975 sleep 1 2976 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2977 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2978 2979 log_start 2980 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2981 run_cmd nettest -6 -D -s & 2982 sleep 1 2983 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C 2984 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 2985 2986 log_start 2987 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2988 run_cmd nettest -6 -D -s & 2989 sleep 1 2990 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S 2991 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 2992 done 2993 2994 a=${NSA_IP6} 2995 log_start 2996 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} & 2997 sleep 1 2998 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a} 2999 log_test_addr ${a} $? 0 "Device server, device client, local conn" 3000 3001 log_start 3002 show_hint "Should fail 'Connection refused'" 3003 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3004 log_test_addr ${a} $? 1 "No server, device client, local conn" 3005 3006 # LLA to GUA 3007 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 3008 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 3009 log_start 3010 run_cmd nettest -6 -s -D & 3011 sleep 1 3012 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 3013 log_test $? 0 "UDP in - LLA to GUA" 3014 3015 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 3016 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 3017} 3018 3019ipv6_udp_vrf() 3020{ 3021 local a 3022 3023 # disable global server 3024 log_subsection "Global server disabled" 3025 set_sysctl net.ipv4.udp_l3mdev_accept=0 3026 3027 # 3028 # server tests 3029 # 3030 for a in ${NSA_IP6} ${VRF_IP6} 3031 do 3032 log_start 3033 show_hint "Should fail 'Connection refused' since global server is disabled" 3034 run_cmd nettest -6 -D -s & 3035 sleep 1 3036 run_cmd_nsb nettest -6 -D -r ${a} 3037 log_test_addr ${a} $? 1 "Global server" 3038 done 3039 3040 for a in ${NSA_IP6} ${VRF_IP6} 3041 do 3042 log_start 3043 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} & 3044 sleep 1 3045 run_cmd_nsb nettest -6 -D -r ${a} 3046 log_test_addr ${a} $? 0 "VRF server" 3047 done 3048 3049 for a in ${NSA_IP6} ${VRF_IP6} 3050 do 3051 log_start 3052 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 3053 sleep 1 3054 run_cmd_nsb nettest -6 -D -r ${a} 3055 log_test_addr ${a} $? 0 "Enslaved device server" 3056 done 3057 3058 # negative test - should fail 3059 for a in ${NSA_IP6} ${VRF_IP6} 3060 do 3061 log_start 3062 show_hint "Should fail 'Connection refused' since there is no server" 3063 run_cmd_nsb nettest -6 -D -r ${a} 3064 log_test_addr ${a} $? 1 "No server" 3065 done 3066 3067 # 3068 # local address tests 3069 # 3070 for a in ${NSA_IP6} ${VRF_IP6} 3071 do 3072 log_start 3073 show_hint "Should fail 'Connection refused' since global server is disabled" 3074 run_cmd nettest -6 -D -s & 3075 sleep 1 3076 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3077 log_test_addr ${a} $? 1 "Global server, VRF client, local conn" 3078 done 3079 3080 for a in ${NSA_IP6} ${VRF_IP6} 3081 do 3082 log_start 3083 run_cmd nettest -6 -D -I ${VRF} -s & 3084 sleep 1 3085 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3086 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 3087 done 3088 3089 a=${NSA_IP6} 3090 log_start 3091 show_hint "Should fail 'Connection refused' since global server is disabled" 3092 run_cmd nettest -6 -D -s & 3093 sleep 1 3094 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3095 log_test_addr ${a} $? 1 "Global server, device client, local conn" 3096 3097 log_start 3098 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} & 3099 sleep 1 3100 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3101 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 3102 3103 log_start 3104 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 3105 sleep 1 3106 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3107 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 3108 3109 log_start 3110 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 3111 sleep 1 3112 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3113 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 3114 3115 # disable global server 3116 log_subsection "Global server enabled" 3117 set_sysctl net.ipv4.udp_l3mdev_accept=1 3118 3119 # 3120 # server tests 3121 # 3122 for a in ${NSA_IP6} ${VRF_IP6} 3123 do 3124 log_start 3125 run_cmd nettest -6 -D -s -3 ${NSA_DEV} & 3126 sleep 1 3127 run_cmd_nsb nettest -6 -D -r ${a} 3128 log_test_addr ${a} $? 0 "Global server" 3129 done 3130 3131 for a in ${NSA_IP6} ${VRF_IP6} 3132 do 3133 log_start 3134 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} & 3135 sleep 1 3136 run_cmd_nsb nettest -6 -D -r ${a} 3137 log_test_addr ${a} $? 0 "VRF server" 3138 done 3139 3140 for a in ${NSA_IP6} ${VRF_IP6} 3141 do 3142 log_start 3143 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 3144 sleep 1 3145 run_cmd_nsb nettest -6 -D -r ${a} 3146 log_test_addr ${a} $? 0 "Enslaved device server" 3147 done 3148 3149 # negative test - should fail 3150 for a in ${NSA_IP6} ${VRF_IP6} 3151 do 3152 log_start 3153 run_cmd_nsb nettest -6 -D -r ${a} 3154 log_test_addr ${a} $? 1 "No server" 3155 done 3156 3157 # 3158 # client tests 3159 # 3160 log_start 3161 run_cmd_nsb nettest -6 -D -s & 3162 sleep 1 3163 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 3164 log_test $? 0 "VRF client" 3165 3166 # negative test - should fail 3167 log_start 3168 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 3169 log_test $? 1 "No server, VRF client" 3170 3171 log_start 3172 run_cmd_nsb nettest -6 -D -s & 3173 sleep 1 3174 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 3175 log_test $? 0 "Enslaved device client" 3176 3177 # negative test - should fail 3178 log_start 3179 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 3180 log_test $? 1 "No server, enslaved device client" 3181 3182 # 3183 # local address tests 3184 # 3185 a=${NSA_IP6} 3186 log_start 3187 run_cmd nettest -6 -D -s -3 ${NSA_DEV} & 3188 sleep 1 3189 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3190 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 3191 3192 #log_start 3193 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} & 3194 sleep 1 3195 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3196 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 3197 3198 3199 a=${VRF_IP6} 3200 log_start 3201 run_cmd nettest -6 -D -s -3 ${VRF} & 3202 sleep 1 3203 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3204 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 3205 3206 log_start 3207 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} & 3208 sleep 1 3209 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3210 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 3211 3212 # negative test - should fail 3213 for a in ${NSA_IP6} ${VRF_IP6} 3214 do 3215 log_start 3216 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3217 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 3218 done 3219 3220 # device to global IP 3221 a=${NSA_IP6} 3222 log_start 3223 run_cmd nettest -6 -D -s -3 ${NSA_DEV} & 3224 sleep 1 3225 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3226 log_test_addr ${a} $? 0 "Global server, device client, local conn" 3227 3228 log_start 3229 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} & 3230 sleep 1 3231 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3232 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 3233 3234 log_start 3235 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 3236 sleep 1 3237 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3238 log_test_addr ${a} $? 0 "Device server, VRF client, local conn" 3239 3240 log_start 3241 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} & 3242 sleep 1 3243 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3244 log_test_addr ${a} $? 0 "Device server, device client, local conn" 3245 3246 log_start 3247 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3248 log_test_addr ${a} $? 1 "No server, device client, local conn" 3249 3250 3251 # link local addresses 3252 log_start 3253 run_cmd nettest -6 -D -s & 3254 sleep 1 3255 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 3256 log_test $? 0 "Global server, linklocal IP" 3257 3258 log_start 3259 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 3260 log_test $? 1 "No server, linklocal IP" 3261 3262 3263 log_start 3264 run_cmd_nsb nettest -6 -D -s & 3265 sleep 1 3266 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 3267 log_test $? 0 "Enslaved device client, linklocal IP" 3268 3269 log_start 3270 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 3271 log_test $? 1 "No server, device client, peer linklocal IP" 3272 3273 3274 log_start 3275 run_cmd nettest -6 -D -s & 3276 sleep 1 3277 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 3278 log_test $? 0 "Enslaved device client, local conn - linklocal IP" 3279 3280 log_start 3281 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 3282 log_test $? 1 "No server, device client, local conn - linklocal IP" 3283 3284 # LLA to GUA 3285 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 3286 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 3287 log_start 3288 run_cmd nettest -6 -s -D & 3289 sleep 1 3290 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 3291 log_test $? 0 "UDP in - LLA to GUA" 3292 3293 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 3294 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 3295} 3296 3297ipv6_udp() 3298{ 3299 # should not matter, but set to known state 3300 set_sysctl net.ipv4.udp_early_demux=1 3301 3302 log_section "IPv6/UDP" 3303 log_subsection "No VRF" 3304 setup 3305 3306 # udp_l3mdev_accept should have no affect without VRF; 3307 # run tests with it enabled and disabled to verify 3308 log_subsection "udp_l3mdev_accept disabled" 3309 set_sysctl net.ipv4.udp_l3mdev_accept=0 3310 ipv6_udp_novrf 3311 log_subsection "udp_l3mdev_accept enabled" 3312 set_sysctl net.ipv4.udp_l3mdev_accept=1 3313 ipv6_udp_novrf 3314 3315 log_subsection "With VRF" 3316 setup "yes" 3317 ipv6_udp_vrf 3318} 3319 3320################################################################################ 3321# IPv6 address bind 3322 3323ipv6_addr_bind_novrf() 3324{ 3325 # 3326 # raw socket 3327 # 3328 for a in ${NSA_IP6} ${NSA_LO_IP6} 3329 do 3330 log_start 3331 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b 3332 log_test_addr ${a} $? 0 "Raw socket bind to local address" 3333 3334 log_start 3335 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b 3336 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 3337 done 3338 3339 # 3340 # tcp sockets 3341 # 3342 a=${NSA_IP6} 3343 log_start 3344 run_cmd nettest -6 -s -l ${a} -t1 -b 3345 log_test_addr ${a} $? 0 "TCP socket bind to local address" 3346 3347 log_start 3348 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b 3349 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 3350 3351 a=${NSA_LO_IP6} 3352 log_start 3353 show_hint "Should fail with 'Cannot assign requested address'" 3354 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b 3355 log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address" 3356} 3357 3358ipv6_addr_bind_vrf() 3359{ 3360 # 3361 # raw socket 3362 # 3363 for a in ${NSA_IP6} ${VRF_IP6} 3364 do 3365 log_start 3366 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b 3367 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind" 3368 3369 log_start 3370 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b 3371 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 3372 done 3373 3374 a=${NSA_LO_IP6} 3375 log_start 3376 show_hint "Address on loopback is out of VRF scope" 3377 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b 3378 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind" 3379 3380 # 3381 # tcp sockets 3382 # 3383 # address on enslaved device is valid for the VRF or device in a VRF 3384 for a in ${NSA_IP6} ${VRF_IP6} 3385 do 3386 log_start 3387 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b 3388 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind" 3389 done 3390 3391 a=${NSA_IP6} 3392 log_start 3393 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b 3394 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind" 3395 3396 a=${VRF_IP6} 3397 log_start 3398 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b 3399 log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind" 3400 3401 a=${NSA_LO_IP6} 3402 log_start 3403 show_hint "Address on loopback out of scope for VRF" 3404 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b 3405 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 3406 3407 log_start 3408 show_hint "Address on loopback out of scope for device in VRF" 3409 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b 3410 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 3411 3412} 3413 3414ipv6_addr_bind() 3415{ 3416 log_section "IPv6 address binds" 3417 3418 log_subsection "No VRF" 3419 setup 3420 ipv6_addr_bind_novrf 3421 3422 log_subsection "With VRF" 3423 setup "yes" 3424 ipv6_addr_bind_vrf 3425} 3426 3427################################################################################ 3428# IPv6 runtime tests 3429 3430ipv6_rt() 3431{ 3432 local desc="$1" 3433 local varg="-6 $2" 3434 local with_vrf="yes" 3435 local a 3436 3437 # 3438 # server tests 3439 # 3440 for a in ${NSA_IP6} ${VRF_IP6} 3441 do 3442 log_start 3443 run_cmd nettest ${varg} -s & 3444 sleep 1 3445 run_cmd_nsb nettest ${varg} -r ${a} & 3446 sleep 3 3447 run_cmd ip link del ${VRF} 3448 sleep 1 3449 log_test_addr ${a} 0 0 "${desc}, global server" 3450 3451 setup ${with_vrf} 3452 done 3453 3454 for a in ${NSA_IP6} ${VRF_IP6} 3455 do 3456 log_start 3457 run_cmd nettest ${varg} -I ${VRF} -s & 3458 sleep 1 3459 run_cmd_nsb nettest ${varg} -r ${a} & 3460 sleep 3 3461 run_cmd ip link del ${VRF} 3462 sleep 1 3463 log_test_addr ${a} 0 0 "${desc}, VRF server" 3464 3465 setup ${with_vrf} 3466 done 3467 3468 for a in ${NSA_IP6} ${VRF_IP6} 3469 do 3470 log_start 3471 run_cmd nettest ${varg} -I ${NSA_DEV} -s & 3472 sleep 1 3473 run_cmd_nsb nettest ${varg} -r ${a} & 3474 sleep 3 3475 run_cmd ip link del ${VRF} 3476 sleep 1 3477 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 3478 3479 setup ${with_vrf} 3480 done 3481 3482 # 3483 # client test 3484 # 3485 log_start 3486 run_cmd_nsb nettest ${varg} -s & 3487 sleep 1 3488 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} & 3489 sleep 3 3490 run_cmd ip link del ${VRF} 3491 sleep 1 3492 log_test 0 0 "${desc}, VRF client" 3493 3494 setup ${with_vrf} 3495 3496 log_start 3497 run_cmd_nsb nettest ${varg} -s & 3498 sleep 1 3499 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} & 3500 sleep 3 3501 run_cmd ip link del ${VRF} 3502 sleep 1 3503 log_test 0 0 "${desc}, enslaved device client" 3504 3505 setup ${with_vrf} 3506 3507 3508 # 3509 # local address tests 3510 # 3511 for a in ${NSA_IP6} ${VRF_IP6} 3512 do 3513 log_start 3514 run_cmd nettest ${varg} -s & 3515 sleep 1 3516 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3517 sleep 3 3518 run_cmd ip link del ${VRF} 3519 sleep 1 3520 log_test_addr ${a} 0 0 "${desc}, global server, VRF client" 3521 3522 setup ${with_vrf} 3523 done 3524 3525 for a in ${NSA_IP6} ${VRF_IP6} 3526 do 3527 log_start 3528 run_cmd nettest ${varg} -I ${VRF} -s & 3529 sleep 1 3530 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3531 sleep 3 3532 run_cmd ip link del ${VRF} 3533 sleep 1 3534 log_test_addr ${a} 0 0 "${desc}, VRF server and client" 3535 3536 setup ${with_vrf} 3537 done 3538 3539 a=${NSA_IP6} 3540 log_start 3541 run_cmd nettest ${varg} -s & 3542 sleep 1 3543 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3544 sleep 3 3545 run_cmd ip link del ${VRF} 3546 sleep 1 3547 log_test_addr ${a} 0 0 "${desc}, global server, device client" 3548 3549 setup ${with_vrf} 3550 3551 log_start 3552 run_cmd nettest ${varg} -I ${VRF} -s & 3553 sleep 1 3554 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3555 sleep 3 3556 run_cmd ip link del ${VRF} 3557 sleep 1 3558 log_test_addr ${a} 0 0 "${desc}, VRF server, device client" 3559 3560 setup ${with_vrf} 3561 3562 log_start 3563 run_cmd nettest ${varg} -I ${NSA_DEV} -s & 3564 sleep 1 3565 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3566 sleep 3 3567 run_cmd ip link del ${VRF} 3568 sleep 1 3569 log_test_addr ${a} 0 0 "${desc}, device server, device client" 3570} 3571 3572ipv6_ping_rt() 3573{ 3574 local with_vrf="yes" 3575 local a 3576 3577 a=${NSA_IP6} 3578 log_start 3579 run_cmd_nsb ${ping6} -f ${a} & 3580 sleep 3 3581 run_cmd ip link del ${VRF} 3582 sleep 1 3583 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 3584 3585 setup ${with_vrf} 3586 3587 log_start 3588 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} & 3589 sleep 1 3590 run_cmd ip link del ${VRF} 3591 sleep 1 3592 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 3593} 3594 3595ipv6_runtime() 3596{ 3597 log_section "Run time tests - ipv6" 3598 3599 setup "yes" 3600 ipv6_ping_rt 3601 3602 setup "yes" 3603 ipv6_rt "TCP active socket" "-n -1" 3604 3605 setup "yes" 3606 ipv6_rt "TCP passive socket" "-i" 3607 3608 setup "yes" 3609 ipv6_rt "UDP active socket" "-D -n -1" 3610} 3611 3612################################################################################ 3613# netfilter blocking connections 3614 3615netfilter_tcp_reset() 3616{ 3617 local a 3618 3619 for a in ${NSA_IP} ${VRF_IP} 3620 do 3621 log_start 3622 run_cmd nettest -s & 3623 sleep 1 3624 run_cmd_nsb nettest -r ${a} 3625 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3626 done 3627} 3628 3629netfilter_icmp() 3630{ 3631 local stype="$1" 3632 local arg 3633 local a 3634 3635 [ "${stype}" = "UDP" ] && arg="-D" 3636 3637 for a in ${NSA_IP} ${VRF_IP} 3638 do 3639 log_start 3640 run_cmd nettest ${arg} -s & 3641 sleep 1 3642 run_cmd_nsb nettest ${arg} -r ${a} 3643 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3644 done 3645} 3646 3647ipv4_netfilter() 3648{ 3649 log_section "IPv4 Netfilter" 3650 log_subsection "TCP reset" 3651 3652 setup "yes" 3653 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3654 3655 netfilter_tcp_reset 3656 3657 log_start 3658 log_subsection "ICMP unreachable" 3659 3660 log_start 3661 run_cmd iptables -F 3662 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3663 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3664 3665 netfilter_icmp "TCP" 3666 netfilter_icmp "UDP" 3667 3668 log_start 3669 iptables -F 3670} 3671 3672netfilter_tcp6_reset() 3673{ 3674 local a 3675 3676 for a in ${NSA_IP6} ${VRF_IP6} 3677 do 3678 log_start 3679 run_cmd nettest -6 -s & 3680 sleep 1 3681 run_cmd_nsb nettest -6 -r ${a} 3682 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3683 done 3684} 3685 3686netfilter_icmp6() 3687{ 3688 local stype="$1" 3689 local arg 3690 local a 3691 3692 [ "${stype}" = "UDP" ] && arg="$arg -D" 3693 3694 for a in ${NSA_IP6} ${VRF_IP6} 3695 do 3696 log_start 3697 run_cmd nettest -6 -s ${arg} & 3698 sleep 1 3699 run_cmd_nsb nettest -6 ${arg} -r ${a} 3700 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3701 done 3702} 3703 3704ipv6_netfilter() 3705{ 3706 log_section "IPv6 Netfilter" 3707 log_subsection "TCP reset" 3708 3709 setup "yes" 3710 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3711 3712 netfilter_tcp6_reset 3713 3714 log_subsection "ICMP unreachable" 3715 3716 log_start 3717 run_cmd ip6tables -F 3718 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3719 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3720 3721 netfilter_icmp6 "TCP" 3722 netfilter_icmp6 "UDP" 3723 3724 log_start 3725 ip6tables -F 3726} 3727 3728################################################################################ 3729# specific use cases 3730 3731# VRF only. 3732# ns-A device enslaved to bridge. Verify traffic with and without 3733# br_netfilter module loaded. Repeat with SVI on bridge. 3734use_case_br() 3735{ 3736 setup "yes" 3737 3738 setup_cmd ip link set ${NSA_DEV} down 3739 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24 3740 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64 3741 3742 setup_cmd ip link add br0 type bridge 3743 setup_cmd ip addr add dev br0 ${NSA_IP}/24 3744 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad 3745 3746 setup_cmd ip li set ${NSA_DEV} master br0 3747 setup_cmd ip li set ${NSA_DEV} up 3748 setup_cmd ip li set br0 up 3749 setup_cmd ip li set br0 vrf ${VRF} 3750 3751 rmmod br_netfilter 2>/dev/null 3752 sleep 5 # DAD 3753 3754 run_cmd ip neigh flush all 3755 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3756 log_test $? 0 "Bridge into VRF - IPv4 ping out" 3757 3758 run_cmd ip neigh flush all 3759 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3760 log_test $? 0 "Bridge into VRF - IPv6 ping out" 3761 3762 run_cmd ip neigh flush all 3763 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3764 log_test $? 0 "Bridge into VRF - IPv4 ping in" 3765 3766 run_cmd ip neigh flush all 3767 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3768 log_test $? 0 "Bridge into VRF - IPv6 ping in" 3769 3770 modprobe br_netfilter 3771 if [ $? -eq 0 ]; then 3772 run_cmd ip neigh flush all 3773 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3774 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out" 3775 3776 run_cmd ip neigh flush all 3777 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3778 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out" 3779 3780 run_cmd ip neigh flush all 3781 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3782 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in" 3783 3784 run_cmd ip neigh flush all 3785 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3786 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in" 3787 fi 3788 3789 setup_cmd ip li set br0 nomaster 3790 setup_cmd ip li add br0.100 link br0 type vlan id 100 3791 setup_cmd ip li set br0.100 vrf ${VRF} up 3792 setup_cmd ip addr add dev br0.100 172.16.101.1/24 3793 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad 3794 3795 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100 3796 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24 3797 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad 3798 setup_cmd_nsb ip li set vlan100 up 3799 sleep 1 3800 3801 rmmod br_netfilter 2>/dev/null 3802 3803 run_cmd ip neigh flush all 3804 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3805 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out" 3806 3807 run_cmd ip neigh flush all 3808 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3809 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out" 3810 3811 run_cmd ip neigh flush all 3812 run_cmd_nsb ping -c1 -w1 172.16.101.1 3813 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3814 3815 run_cmd ip neigh flush all 3816 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3817 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3818 3819 modprobe br_netfilter 3820 if [ $? -eq 0 ]; then 3821 run_cmd ip neigh flush all 3822 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3823 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out" 3824 3825 run_cmd ip neigh flush all 3826 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3827 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out" 3828 3829 run_cmd ip neigh flush all 3830 run_cmd_nsb ping -c1 -w1 172.16.101.1 3831 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3832 3833 run_cmd ip neigh flush all 3834 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3835 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3836 fi 3837 3838 setup_cmd ip li del br0 2>/dev/null 3839 setup_cmd_nsb ip li del vlan100 2>/dev/null 3840} 3841 3842# VRF only. 3843# ns-A device is connected to both ns-B and ns-C on a single VRF but only has 3844# LLA on the interfaces 3845use_case_ping_lla_multi() 3846{ 3847 setup_lla_only 3848 # only want reply from ns-A 3849 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1 3850 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1 3851 3852 log_start 3853 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV} 3854 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B" 3855 3856 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV} 3857 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C" 3858 3859 # cycle/flap the first ns-A interface 3860 setup_cmd ip link set ${NSA_DEV} down 3861 setup_cmd ip link set ${NSA_DEV} up 3862 sleep 1 3863 3864 log_start 3865 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV} 3866 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B" 3867 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV} 3868 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C" 3869 3870 # cycle/flap the second ns-A interface 3871 setup_cmd ip link set ${NSA_DEV2} down 3872 setup_cmd ip link set ${NSA_DEV2} up 3873 sleep 1 3874 3875 log_start 3876 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV} 3877 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B" 3878 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV} 3879 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C" 3880} 3881 3882use_cases() 3883{ 3884 log_section "Use cases" 3885 log_subsection "Device enslaved to bridge" 3886 use_case_br 3887 log_subsection "Ping LLA with multiple interfaces" 3888 use_case_ping_lla_multi 3889} 3890 3891################################################################################ 3892# usage 3893 3894usage() 3895{ 3896 cat <<EOF 3897usage: ${0##*/} OPTS 3898 3899 -4 IPv4 tests only 3900 -6 IPv6 tests only 3901 -t <test> Test name/set to run 3902 -p Pause on fail 3903 -P Pause after each test 3904 -v Be verbose 3905EOF 3906} 3907 3908################################################################################ 3909# main 3910 3911TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter" 3912TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter" 3913TESTS_OTHER="use_cases" 3914 3915PAUSE_ON_FAIL=no 3916PAUSE=no 3917 3918while getopts :46t:pPvh o 3919do 3920 case $o in 3921 4) TESTS=ipv4;; 3922 6) TESTS=ipv6;; 3923 t) TESTS=$OPTARG;; 3924 p) PAUSE_ON_FAIL=yes;; 3925 P) PAUSE=yes;; 3926 v) VERBOSE=1;; 3927 h) usage; exit 0;; 3928 *) usage; exit 1;; 3929 esac 3930done 3931 3932# make sure we don't pause twice 3933[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no 3934 3935# 3936# show user test config 3937# 3938if [ -z "$TESTS" ]; then 3939 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER" 3940elif [ "$TESTS" = "ipv4" ]; then 3941 TESTS="$TESTS_IPV4" 3942elif [ "$TESTS" = "ipv6" ]; then 3943 TESTS="$TESTS_IPV6" 3944fi 3945 3946which nettest >/dev/null 3947if [ $? -ne 0 ]; then 3948 echo "'nettest' command not found; skipping tests" 3949 exit 0 3950fi 3951 3952declare -i nfail=0 3953declare -i nsuccess=0 3954 3955for t in $TESTS 3956do 3957 case $t in 3958 ipv4_ping|ping) ipv4_ping;; 3959 ipv4_tcp|tcp) ipv4_tcp;; 3960 ipv4_udp|udp) ipv4_udp;; 3961 ipv4_bind|bind) ipv4_addr_bind;; 3962 ipv4_runtime) ipv4_runtime;; 3963 ipv4_netfilter) ipv4_netfilter;; 3964 3965 ipv6_ping|ping6) ipv6_ping;; 3966 ipv6_tcp|tcp6) ipv6_tcp;; 3967 ipv6_udp|udp6) ipv6_udp;; 3968 ipv6_bind|bind6) ipv6_addr_bind;; 3969 ipv6_runtime) ipv6_runtime;; 3970 ipv6_netfilter) ipv6_netfilter;; 3971 3972 use_cases) use_cases;; 3973 3974 # setup namespaces and config, but do not run any tests 3975 setup) setup; exit 0;; 3976 vrf_setup) setup "yes"; exit 0;; 3977 3978 help) echo "Test names: $TESTS"; exit 0;; 3979 esac 3980done 3981 3982cleanup 2>/dev/null 3983 3984printf "\nTests passed: %3d\n" ${nsuccess} 3985printf "Tests failed: %3d\n" ${nfail} 3986