1#!/bin/bash 2# 3# This test is for checking rtnetlink callpaths, and get as much coverage as possible. 4# 5# set -e 6 7devdummy="test-dummy0" 8 9# Kselftest framework requirement - SKIP code is 4. 10ksft_skip=4 11 12# set global exit status, but never reset nonzero one. 13check_err() 14{ 15 if [ $ret -eq 0 ]; then 16 ret=$1 17 fi 18} 19 20# same but inverted -- used when command must fail for test to pass 21check_fail() 22{ 23 if [ $1 -eq 0 ]; then 24 ret=1 25 fi 26} 27 28kci_add_dummy() 29{ 30 ip link add name "$devdummy" type dummy 31 check_err $? 32 ip link set "$devdummy" up 33 check_err $? 34} 35 36kci_del_dummy() 37{ 38 ip link del dev "$devdummy" 39 check_err $? 40} 41 42kci_test_netconf() 43{ 44 dev="$1" 45 r=$ret 46 47 ip netconf show dev "$dev" > /dev/null 48 check_err $? 49 50 for f in 4 6; do 51 ip -$f netconf show dev "$dev" > /dev/null 52 check_err $? 53 done 54 55 if [ $ret -ne 0 ] ;then 56 echo "FAIL: ip netconf show $dev" 57 test $r -eq 0 && ret=0 58 return 1 59 fi 60} 61 62# add a bridge with vlans on top 63kci_test_bridge() 64{ 65 devbr="test-br0" 66 vlandev="testbr-vlan1" 67 68 local ret=0 69 ip link add name "$devbr" type bridge 70 check_err $? 71 72 ip link set dev "$devdummy" master "$devbr" 73 check_err $? 74 75 ip link set "$devbr" up 76 check_err $? 77 78 ip link add link "$devbr" name "$vlandev" type vlan id 1 79 check_err $? 80 ip addr add dev "$vlandev" 10.200.7.23/30 81 check_err $? 82 ip -6 addr add dev "$vlandev" dead:42::1234/64 83 check_err $? 84 ip -d link > /dev/null 85 check_err $? 86 ip r s t all > /dev/null 87 check_err $? 88 89 for name in "$devbr" "$vlandev" "$devdummy" ; do 90 kci_test_netconf "$name" 91 done 92 93 ip -6 addr del dev "$vlandev" dead:42::1234/64 94 check_err $? 95 96 ip link del dev "$vlandev" 97 check_err $? 98 ip link del dev "$devbr" 99 check_err $? 100 101 if [ $ret -ne 0 ];then 102 echo "FAIL: bridge setup" 103 return 1 104 fi 105 echo "PASS: bridge setup" 106 107} 108 109kci_test_gre() 110{ 111 gredev=neta 112 rem=10.42.42.1 113 loc=10.0.0.1 114 115 local ret=0 116 ip tunnel add $gredev mode gre remote $rem local $loc ttl 1 117 check_err $? 118 ip link set $gredev up 119 check_err $? 120 ip addr add 10.23.7.10 dev $gredev 121 check_err $? 122 ip route add 10.23.8.0/30 dev $gredev 123 check_err $? 124 ip addr add dev "$devdummy" 10.23.7.11/24 125 check_err $? 126 ip link > /dev/null 127 check_err $? 128 ip addr > /dev/null 129 check_err $? 130 131 kci_test_netconf "$gredev" 132 133 ip addr del dev "$devdummy" 10.23.7.11/24 134 check_err $? 135 136 ip link del $gredev 137 check_err $? 138 139 if [ $ret -ne 0 ];then 140 echo "FAIL: gre tunnel endpoint" 141 return 1 142 fi 143 echo "PASS: gre tunnel endpoint" 144} 145 146# tc uses rtnetlink too, for full tc testing 147# please see tools/testing/selftests/tc-testing. 148kci_test_tc() 149{ 150 dev=lo 151 local ret=0 152 153 tc qdisc add dev "$dev" root handle 1: htb 154 check_err $? 155 tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit 156 check_err $? 157 tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256 158 check_err $? 159 tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256 160 check_err $? 161 tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256 162 check_err $? 163 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10 164 check_err $? 165 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10 166 check_err $? 167 tc filter show dev "$dev" parent 1:0 > /dev/null 168 check_err $? 169 tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 170 check_err $? 171 tc filter show dev "$dev" parent 1:0 > /dev/null 172 check_err $? 173 tc qdisc del dev "$dev" root handle 1: htb 174 check_err $? 175 176 if [ $ret -ne 0 ];then 177 echo "FAIL: tc htb hierarchy" 178 return 1 179 fi 180 echo "PASS: tc htb hierarchy" 181 182} 183 184kci_test_polrouting() 185{ 186 local ret=0 187 ip rule add fwmark 1 lookup 100 188 check_err $? 189 ip route add local 0.0.0.0/0 dev lo table 100 190 check_err $? 191 ip r s t all > /dev/null 192 check_err $? 193 ip rule del fwmark 1 lookup 100 194 check_err $? 195 ip route del local 0.0.0.0/0 dev lo table 100 196 check_err $? 197 198 if [ $ret -ne 0 ];then 199 echo "FAIL: policy route test" 200 return 1 201 fi 202 echo "PASS: policy routing" 203} 204 205kci_test_route_get() 206{ 207 local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy) 208 209 local ret=0 210 211 ip route get 127.0.0.1 > /dev/null 212 check_err $? 213 ip route get 127.0.0.1 dev "$devdummy" > /dev/null 214 check_err $? 215 ip route get ::1 > /dev/null 216 check_err $? 217 ip route get fe80::1 dev "$devdummy" > /dev/null 218 check_err $? 219 ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x10 mark 0x1 > /dev/null 220 check_err $? 221 ip route get ::1 from ::1 iif lo oif lo tos 0x10 mark 0x1 > /dev/null 222 check_err $? 223 ip addr add dev "$devdummy" 10.23.7.11/24 224 check_err $? 225 ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null 226 check_err $? 227 ip route add 10.23.8.0/24 \ 228 nexthop via 10.23.7.13 dev "$devdummy" \ 229 nexthop via 10.23.7.14 dev "$devdummy" 230 check_err $? 231 sysctl -wq net.ipv4.fib_multipath_hash_policy=0 232 ip route get 10.23.8.11 > /dev/null 233 check_err $? 234 sysctl -wq net.ipv4.fib_multipath_hash_policy=1 235 ip route get 10.23.8.11 > /dev/null 236 check_err $? 237 sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy" 238 ip route del 10.23.8.0/24 239 check_err $? 240 ip addr del dev "$devdummy" 10.23.7.11/24 241 check_err $? 242 243 if [ $ret -ne 0 ];then 244 echo "FAIL: route get" 245 return 1 246 fi 247 248 echo "PASS: route get" 249} 250 251kci_test_addrlft() 252{ 253 for i in $(seq 10 100) ;do 254 lft=$(((RANDOM%3) + 1)) 255 ip addr add 10.23.11.$i/32 dev "$devdummy" preferred_lft $lft valid_lft $((lft+1)) 256 check_err $? 257 done 258 259 sleep 5 260 261 ip addr show dev "$devdummy" | grep "10.23.11." 262 if [ $? -eq 0 ]; then 263 echo "FAIL: preferred_lft addresses remaining" 264 check_err 1 265 return 266 fi 267 268 echo "PASS: preferred_lft addresses have expired" 269} 270 271kci_test_promote_secondaries() 272{ 273 promote=$(sysctl -n net.ipv4.conf.$devdummy.promote_secondaries) 274 275 sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=1 276 277 for i in $(seq 2 254);do 278 IP="10.23.11.$i" 279 ip -f inet addr add $IP/16 brd + dev "$devdummy" 280 ifconfig "$devdummy" $IP netmask 255.255.0.0 281 done 282 283 ip addr flush dev "$devdummy" 284 285 [ $promote -eq 0 ] && sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=0 286 287 echo "PASS: promote_secondaries complete" 288} 289 290kci_test_addrlabel() 291{ 292 local ret=0 293 294 ip addrlabel add prefix dead::/64 dev lo label 1 295 check_err $? 296 297 ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1" 298 check_err $? 299 300 ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null 301 check_err $? 302 303 ip addrlabel add prefix dead::/64 label 1 2> /dev/null 304 check_err $? 305 306 ip addrlabel del prefix dead::/64 label 1 2> /dev/null 307 check_err $? 308 309 # concurrent add/delete 310 for i in $(seq 1 1000); do 311 ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null 312 done & 313 314 for i in $(seq 1 1000); do 315 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null 316 done 317 318 wait 319 320 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null 321 322 if [ $ret -ne 0 ];then 323 echo "FAIL: ipv6 addrlabel" 324 return 1 325 fi 326 327 echo "PASS: ipv6 addrlabel" 328} 329 330kci_test_ifalias() 331{ 332 local ret=0 333 namewant=$(uuidgen) 334 syspathname="/sys/class/net/$devdummy/ifalias" 335 336 ip link set dev "$devdummy" alias "$namewant" 337 check_err $? 338 339 if [ $ret -ne 0 ]; then 340 echo "FAIL: cannot set interface alias of $devdummy to $namewant" 341 return 1 342 fi 343 344 ip link show "$devdummy" | grep -q "alias $namewant" 345 check_err $? 346 347 if [ -r "$syspathname" ] ; then 348 read namehave < "$syspathname" 349 if [ "$namewant" != "$namehave" ]; then 350 echo "FAIL: did set ifalias $namewant but got $namehave" 351 return 1 352 fi 353 354 namewant=$(uuidgen) 355 echo "$namewant" > "$syspathname" 356 ip link show "$devdummy" | grep -q "alias $namewant" 357 check_err $? 358 359 # sysfs interface allows to delete alias again 360 echo "" > "$syspathname" 361 362 ip link show "$devdummy" | grep -q "alias $namewant" 363 check_fail $? 364 365 for i in $(seq 1 100); do 366 uuidgen > "$syspathname" & 367 done 368 369 wait 370 371 # re-add the alias -- kernel should free mem when dummy dev is removed 372 ip link set dev "$devdummy" alias "$namewant" 373 check_err $? 374 fi 375 376 if [ $ret -ne 0 ]; then 377 echo "FAIL: set interface alias $devdummy to $namewant" 378 return 1 379 fi 380 381 echo "PASS: set ifalias $namewant for $devdummy" 382} 383 384kci_test_vrf() 385{ 386 vrfname="test-vrf" 387 local ret=0 388 389 ip link show type vrf 2>/dev/null 390 if [ $? -ne 0 ]; then 391 echo "SKIP: vrf: iproute2 too old" 392 return $ksft_skip 393 fi 394 395 ip link add "$vrfname" type vrf table 10 396 check_err $? 397 if [ $ret -ne 0 ];then 398 echo "FAIL: can't add vrf interface, skipping test" 399 return 0 400 fi 401 402 ip -br link show type vrf | grep -q "$vrfname" 403 check_err $? 404 if [ $ret -ne 0 ];then 405 echo "FAIL: created vrf device not found" 406 return 1 407 fi 408 409 ip link set dev "$vrfname" up 410 check_err $? 411 412 ip link set dev "$devdummy" master "$vrfname" 413 check_err $? 414 ip link del dev "$vrfname" 415 check_err $? 416 417 if [ $ret -ne 0 ];then 418 echo "FAIL: vrf" 419 return 1 420 fi 421 422 echo "PASS: vrf" 423} 424 425kci_test_encap_vxlan() 426{ 427 local ret=0 428 vxlan="test-vxlan0" 429 vlan="test-vlan0" 430 testns="$1" 431 432 ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \ 433 dev "$devdummy" dstport 4789 2>/dev/null 434 if [ $? -ne 0 ]; then 435 echo "FAIL: can't add vxlan interface, skipping test" 436 return 0 437 fi 438 check_err $? 439 440 ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan" 441 check_err $? 442 443 ip -netns "$testns" link set up dev "$vxlan" 444 check_err $? 445 446 ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1 447 check_err $? 448 449 # changelink testcases 450 ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null 451 check_fail $? 452 453 ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null 454 check_fail $? 455 456 ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null 457 check_fail $? 458 459 ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64 460 check_err $? 461 462 ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning 463 check_err $? 464 465 ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null 466 check_fail $? 467 468 ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null 469 check_fail $? 470 471 ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null 472 check_fail $? 473 474 ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null 475 check_fail $? 476 477 ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null 478 check_fail $? 479 480 ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null 481 check_fail $? 482 483 ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null 484 check_fail $? 485 486 ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null 487 check_fail $? 488 489 ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null 490 check_fail $? 491 492 ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null 493 check_fail $? 494 495 ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null 496 check_fail $? 497 498 ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null 499 check_fail $? 500 501 ip -netns "$testns" link del "$vxlan" 502 check_err $? 503 504 if [ $ret -ne 0 ]; then 505 echo "FAIL: vxlan" 506 return 1 507 fi 508 echo "PASS: vxlan" 509} 510 511kci_test_encap_fou() 512{ 513 local ret=0 514 name="test-fou" 515 testns="$1" 516 517 ip fou help 2>&1 |grep -q 'Usage: ip fou' 518 if [ $? -ne 0 ];then 519 echo "SKIP: fou: iproute2 too old" 520 return $ksft_skip 521 fi 522 523 if ! /sbin/modprobe -q -n fou; then 524 echo "SKIP: module fou is not found" 525 return $ksft_skip 526 fi 527 /sbin/modprobe -q fou 528 ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null 529 if [ $? -ne 0 ];then 530 echo "FAIL: can't add fou port 7777, skipping test" 531 return 1 532 fi 533 534 ip -netns "$testns" fou add port 8888 ipproto 4 535 check_err $? 536 537 ip -netns "$testns" fou del port 9999 2>/dev/null 538 check_fail $? 539 540 ip -netns "$testns" fou del port 7777 541 check_err $? 542 543 if [ $ret -ne 0 ]; then 544 echo "FAIL: fou" 545 return 1 546 fi 547 548 echo "PASS: fou" 549} 550 551# test various encap methods, use netns to avoid unwanted interference 552kci_test_encap() 553{ 554 testns="testns" 555 local ret=0 556 557 ip netns add "$testns" 558 if [ $? -ne 0 ]; then 559 echo "SKIP encap tests: cannot add net namespace $testns" 560 return $ksft_skip 561 fi 562 563 ip -netns "$testns" link set lo up 564 check_err $? 565 566 ip -netns "$testns" link add name "$devdummy" type dummy 567 check_err $? 568 ip -netns "$testns" link set "$devdummy" up 569 check_err $? 570 571 kci_test_encap_vxlan "$testns" 572 check_err $? 573 kci_test_encap_fou "$testns" 574 check_err $? 575 576 ip netns del "$testns" 577 return $ret 578} 579 580kci_test_macsec() 581{ 582 msname="test_macsec0" 583 local ret=0 584 585 ip macsec help 2>&1 | grep -q "^Usage: ip macsec" 586 if [ $? -ne 0 ]; then 587 echo "SKIP: macsec: iproute2 too old" 588 return $ksft_skip 589 fi 590 591 ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on 592 check_err $? 593 if [ $ret -ne 0 ];then 594 echo "FAIL: can't add macsec interface, skipping test" 595 return 1 596 fi 597 598 ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012 599 check_err $? 600 601 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" 602 check_err $? 603 604 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef 605 check_err $? 606 607 ip macsec show > /dev/null 608 check_err $? 609 610 ip link del dev "$msname" 611 check_err $? 612 613 if [ $ret -ne 0 ];then 614 echo "FAIL: macsec" 615 return 1 616 fi 617 618 echo "PASS: macsec" 619} 620 621#------------------------------------------------------------------- 622# Example commands 623# ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ 624# spi 0x07 mode transport reqid 0x07 replay-window 32 \ 625# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ 626# sel src 14.0.0.52/24 dst 14.0.0.70/24 627# ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ 628# tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ 629# spi 0x07 mode transport reqid 0x07 630# 631# Subcommands not tested 632# ip x s update 633# ip x s allocspi 634# ip x s deleteall 635# ip x p update 636# ip x p deleteall 637# ip x p set 638#------------------------------------------------------------------- 639kci_test_ipsec() 640{ 641 local ret=0 642 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" 643 srcip=192.168.123.1 644 dstip=192.168.123.2 645 spi=7 646 647 ip addr add $srcip dev $devdummy 648 649 # flush to be sure there's nothing configured 650 ip x s flush ; ip x p flush 651 check_err $? 652 653 # start the monitor in the background 654 tmpfile=`mktemp /var/run/ipsectestXXX` 655 mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null` 656 sleep 0.2 657 658 ipsecid="proto esp src $srcip dst $dstip spi 0x07" 659 ip x s add $ipsecid \ 660 mode transport reqid 0x07 replay-window 32 \ 661 $algo sel src $srcip/24 dst $dstip/24 662 check_err $? 663 664 lines=`ip x s list | grep $srcip | grep $dstip | wc -l` 665 test $lines -eq 2 666 check_err $? 667 668 ip x s count | grep -q "SAD count 1" 669 check_err $? 670 671 lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l` 672 test $lines -eq 2 673 check_err $? 674 675 ip x s delete $ipsecid 676 check_err $? 677 678 lines=`ip x s list | wc -l` 679 test $lines -eq 0 680 check_err $? 681 682 ipsecsel="dir out src $srcip/24 dst $dstip/24" 683 ip x p add $ipsecsel \ 684 tmpl proto esp src $srcip dst $dstip \ 685 spi 0x07 mode transport reqid 0x07 686 check_err $? 687 688 lines=`ip x p list | grep $srcip | grep $dstip | wc -l` 689 test $lines -eq 2 690 check_err $? 691 692 ip x p count | grep -q "SPD IN 0 OUT 1 FWD 0" 693 check_err $? 694 695 lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l` 696 test $lines -eq 2 697 check_err $? 698 699 ip x p delete $ipsecsel 700 check_err $? 701 702 lines=`ip x p list | wc -l` 703 test $lines -eq 0 704 check_err $? 705 706 # check the monitor results 707 kill $mpid 708 lines=`wc -l $tmpfile | cut "-d " -f1` 709 test $lines -eq 20 710 check_err $? 711 rm -rf $tmpfile 712 713 # clean up any leftovers 714 ip x s flush 715 check_err $? 716 ip x p flush 717 check_err $? 718 ip addr del $srcip/32 dev $devdummy 719 720 if [ $ret -ne 0 ]; then 721 echo "FAIL: ipsec" 722 return 1 723 fi 724 echo "PASS: ipsec" 725} 726 727#------------------------------------------------------------------- 728# Example commands 729# ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ 730# spi 0x07 mode transport reqid 0x07 replay-window 32 \ 731# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ 732# sel src 14.0.0.52/24 dst 14.0.0.70/24 733# offload dev sim1 dir out 734# ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ 735# tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ 736# spi 0x07 mode transport reqid 0x07 737# 738#------------------------------------------------------------------- 739kci_test_ipsec_offload() 740{ 741 local ret=0 742 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" 743 srcip=192.168.123.3 744 dstip=192.168.123.4 745 sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/ 746 sysfsf=$sysfsd/ipsec 747 sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/ 748 probed=false 749 750 # setup netdevsim since dummydev doesn't have offload support 751 if [ ! -w /sys/bus/netdevsim/new_device ] ; then 752 modprobe -q netdevsim 753 check_err $? 754 if [ $ret -ne 0 ]; then 755 echo "SKIP: ipsec_offload can't load netdevsim" 756 return $ksft_skip 757 fi 758 probed=true 759 fi 760 761 echo "0" > /sys/bus/netdevsim/new_device 762 while [ ! -d $sysfsnet ] ; do :; done 763 udevadm settle 764 dev=`ls $sysfsnet` 765 766 ip addr add $srcip dev $dev 767 ip link set $dev up 768 if [ ! -d $sysfsd ] ; then 769 echo "FAIL: ipsec_offload can't create device $dev" 770 return 1 771 fi 772 if [ ! -f $sysfsf ] ; then 773 echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload" 774 return 1 775 fi 776 777 # flush to be sure there's nothing configured 778 ip x s flush ; ip x p flush 779 780 # create offloaded SAs, both in and out 781 ip x p add dir out src $srcip/24 dst $dstip/24 \ 782 tmpl proto esp src $srcip dst $dstip spi 9 \ 783 mode transport reqid 42 784 check_err $? 785 ip x p add dir in src $dstip/24 dst $srcip/24 \ 786 tmpl proto esp src $dstip dst $srcip spi 9 \ 787 mode transport reqid 42 788 check_err $? 789 790 ip x s add proto esp src $srcip dst $dstip spi 9 \ 791 mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \ 792 offload dev $dev dir out 793 check_err $? 794 ip x s add proto esp src $dstip dst $srcip spi 9 \ 795 mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \ 796 offload dev $dev dir in 797 check_err $? 798 if [ $ret -ne 0 ]; then 799 echo "FAIL: ipsec_offload can't create SA" 800 return 1 801 fi 802 803 # does offload show up in ip output 804 lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"` 805 if [ $lines -ne 2 ] ; then 806 echo "FAIL: ipsec_offload SA offload missing from list output" 807 check_err 1 808 fi 809 810 # use ping to exercise the Tx path 811 ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null 812 813 # does driver have correct offload info 814 diff $sysfsf - << EOF 815SA count=2 tx=3 816sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000 817sa[0] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1 818sa[0] key=0x34333231 38373635 32313039 36353433 819sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0 820sa[1] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1 821sa[1] key=0x34333231 38373635 32313039 36353433 822EOF 823 if [ $? -ne 0 ] ; then 824 echo "FAIL: ipsec_offload incorrect driver data" 825 check_err 1 826 fi 827 828 # does offload get removed from driver 829 ip x s flush 830 ip x p flush 831 lines=`grep -c "SA count=0" $sysfsf` 832 if [ $lines -ne 1 ] ; then 833 echo "FAIL: ipsec_offload SA not removed from driver" 834 check_err 1 835 fi 836 837 # clean up any leftovers 838 $probed && rmmod netdevsim 839 840 if [ $ret -ne 0 ]; then 841 echo "FAIL: ipsec_offload" 842 return 1 843 fi 844 echo "PASS: ipsec_offload" 845} 846 847kci_test_gretap() 848{ 849 testns="testns" 850 DEV_NS=gretap00 851 local ret=0 852 853 ip netns add "$testns" 854 if [ $? -ne 0 ]; then 855 echo "SKIP gretap tests: cannot add net namespace $testns" 856 return $ksft_skip 857 fi 858 859 ip link help gretap 2>&1 | grep -q "^Usage:" 860 if [ $? -ne 0 ];then 861 echo "SKIP: gretap: iproute2 too old" 862 ip netns del "$testns" 863 return $ksft_skip 864 fi 865 866 # test native tunnel 867 ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \ 868 key 102 local 172.16.1.100 remote 172.16.1.200 869 check_err $? 870 871 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 872 check_err $? 873 874 ip -netns "$testns" link set dev $DEV_NS up 875 check_err $? 876 877 ip -netns "$testns" link del "$DEV_NS" 878 check_err $? 879 880 # test external mode 881 ip -netns "$testns" link add dev "$DEV_NS" type gretap external 882 check_err $? 883 884 ip -netns "$testns" link del "$DEV_NS" 885 check_err $? 886 887 if [ $ret -ne 0 ]; then 888 echo "FAIL: gretap" 889 ip netns del "$testns" 890 return 1 891 fi 892 echo "PASS: gretap" 893 894 ip netns del "$testns" 895} 896 897kci_test_ip6gretap() 898{ 899 testns="testns" 900 DEV_NS=ip6gretap00 901 local ret=0 902 903 ip netns add "$testns" 904 if [ $? -ne 0 ]; then 905 echo "SKIP ip6gretap tests: cannot add net namespace $testns" 906 return $ksft_skip 907 fi 908 909 ip link help ip6gretap 2>&1 | grep -q "^Usage:" 910 if [ $? -ne 0 ];then 911 echo "SKIP: ip6gretap: iproute2 too old" 912 ip netns del "$testns" 913 return $ksft_skip 914 fi 915 916 # test native tunnel 917 ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \ 918 key 102 local fc00:100::1 remote fc00:100::2 919 check_err $? 920 921 ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96 922 check_err $? 923 924 ip -netns "$testns" link set dev $DEV_NS up 925 check_err $? 926 927 ip -netns "$testns" link del "$DEV_NS" 928 check_err $? 929 930 # test external mode 931 ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external 932 check_err $? 933 934 ip -netns "$testns" link del "$DEV_NS" 935 check_err $? 936 937 if [ $ret -ne 0 ]; then 938 echo "FAIL: ip6gretap" 939 ip netns del "$testns" 940 return 1 941 fi 942 echo "PASS: ip6gretap" 943 944 ip netns del "$testns" 945} 946 947kci_test_erspan() 948{ 949 testns="testns" 950 DEV_NS=erspan00 951 local ret=0 952 953 ip link help erspan 2>&1 | grep -q "^Usage:" 954 if [ $? -ne 0 ];then 955 echo "SKIP: erspan: iproute2 too old" 956 return $ksft_skip 957 fi 958 959 ip netns add "$testns" 960 if [ $? -ne 0 ]; then 961 echo "SKIP erspan tests: cannot add net namespace $testns" 962 return $ksft_skip 963 fi 964 965 # test native tunnel erspan v1 966 ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \ 967 key 102 local 172.16.1.100 remote 172.16.1.200 \ 968 erspan_ver 1 erspan 488 969 check_err $? 970 971 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 972 check_err $? 973 974 ip -netns "$testns" link set dev $DEV_NS up 975 check_err $? 976 977 ip -netns "$testns" link del "$DEV_NS" 978 check_err $? 979 980 # test native tunnel erspan v2 981 ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \ 982 key 102 local 172.16.1.100 remote 172.16.1.200 \ 983 erspan_ver 2 erspan_dir ingress erspan_hwid 7 984 check_err $? 985 986 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 987 check_err $? 988 989 ip -netns "$testns" link set dev $DEV_NS up 990 check_err $? 991 992 ip -netns "$testns" link del "$DEV_NS" 993 check_err $? 994 995 # test external mode 996 ip -netns "$testns" link add dev "$DEV_NS" type erspan external 997 check_err $? 998 999 ip -netns "$testns" link del "$DEV_NS" 1000 check_err $? 1001 1002 if [ $ret -ne 0 ]; then 1003 echo "FAIL: erspan" 1004 ip netns del "$testns" 1005 return 1 1006 fi 1007 echo "PASS: erspan" 1008 1009 ip netns del "$testns" 1010} 1011 1012kci_test_ip6erspan() 1013{ 1014 testns="testns" 1015 DEV_NS=ip6erspan00 1016 local ret=0 1017 1018 ip link help ip6erspan 2>&1 | grep -q "^Usage:" 1019 if [ $? -ne 0 ];then 1020 echo "SKIP: ip6erspan: iproute2 too old" 1021 return $ksft_skip 1022 fi 1023 1024 ip netns add "$testns" 1025 if [ $? -ne 0 ]; then 1026 echo "SKIP ip6erspan tests: cannot add net namespace $testns" 1027 return $ksft_skip 1028 fi 1029 1030 # test native tunnel ip6erspan v1 1031 ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \ 1032 key 102 local fc00:100::1 remote fc00:100::2 \ 1033 erspan_ver 1 erspan 488 1034 check_err $? 1035 1036 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 1037 check_err $? 1038 1039 ip -netns "$testns" link set dev $DEV_NS up 1040 check_err $? 1041 1042 ip -netns "$testns" link del "$DEV_NS" 1043 check_err $? 1044 1045 # test native tunnel ip6erspan v2 1046 ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \ 1047 key 102 local fc00:100::1 remote fc00:100::2 \ 1048 erspan_ver 2 erspan_dir ingress erspan_hwid 7 1049 check_err $? 1050 1051 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 1052 check_err $? 1053 1054 ip -netns "$testns" link set dev $DEV_NS up 1055 check_err $? 1056 1057 ip -netns "$testns" link del "$DEV_NS" 1058 check_err $? 1059 1060 # test external mode 1061 ip -netns "$testns" link add dev "$DEV_NS" \ 1062 type ip6erspan external 1063 check_err $? 1064 1065 ip -netns "$testns" link del "$DEV_NS" 1066 check_err $? 1067 1068 if [ $ret -ne 0 ]; then 1069 echo "FAIL: ip6erspan" 1070 ip netns del "$testns" 1071 return 1 1072 fi 1073 echo "PASS: ip6erspan" 1074 1075 ip netns del "$testns" 1076} 1077 1078kci_test_fdb_get() 1079{ 1080 IP="ip -netns testns" 1081 BRIDGE="bridge -netns testns" 1082 brdev="test-br0" 1083 vxlandev="vxlan10" 1084 test_mac=de:ad:be:ef:13:37 1085 localip="10.0.2.2" 1086 dstip="10.0.2.3" 1087 local ret=0 1088 1089 bridge fdb help 2>&1 |grep -q 'bridge fdb get' 1090 if [ $? -ne 0 ];then 1091 echo "SKIP: fdb get tests: iproute2 too old" 1092 return $ksft_skip 1093 fi 1094 1095 ip netns add testns 1096 if [ $? -ne 0 ]; then 1097 echo "SKIP fdb get tests: cannot add net namespace $testns" 1098 return $ksft_skip 1099 fi 1100 1101 $IP link add "$vxlandev" type vxlan id 10 local $localip \ 1102 dstport 4789 2>/dev/null 1103 check_err $? 1104 $IP link add name "$brdev" type bridge &>/dev/null 1105 check_err $? 1106 $IP link set dev "$vxlandev" master "$brdev" &>/dev/null 1107 check_err $? 1108 $BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null 1109 check_err $? 1110 $BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null 1111 check_err $? 1112 1113 $BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev" 1114 check_err $? 1115 $BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev" 1116 check_err $? 1117 $BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip" 1118 check_err $? 1119 1120 ip netns del testns &>/dev/null 1121 1122 if [ $ret -ne 0 ]; then 1123 echo "FAIL: bridge fdb get" 1124 return 1 1125 fi 1126 1127 echo "PASS: bridge fdb get" 1128} 1129 1130kci_test_neigh_get() 1131{ 1132 dstmac=de:ad:be:ef:13:37 1133 dstip=10.0.2.4 1134 dstip6=dead::2 1135 local ret=0 1136 1137 ip neigh help 2>&1 |grep -q 'ip neigh get' 1138 if [ $? -ne 0 ];then 1139 echo "SKIP: fdb get tests: iproute2 too old" 1140 return $ksft_skip 1141 fi 1142 1143 # ipv4 1144 ip neigh add $dstip lladdr $dstmac dev "$devdummy" > /dev/null 1145 check_err $? 1146 ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac" 1147 check_err $? 1148 ip neigh del $dstip lladdr $dstmac dev "$devdummy" > /dev/null 1149 check_err $? 1150 1151 # ipv4 proxy 1152 ip neigh add proxy $dstip dev "$devdummy" > /dev/null 1153 check_err $? 1154 ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip" 1155 check_err $? 1156 ip neigh del proxy $dstip dev "$devdummy" > /dev/null 1157 check_err $? 1158 1159 # ipv6 1160 ip neigh add $dstip6 lladdr $dstmac dev "$devdummy" > /dev/null 1161 check_err $? 1162 ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac" 1163 check_err $? 1164 ip neigh del $dstip6 lladdr $dstmac dev "$devdummy" > /dev/null 1165 check_err $? 1166 1167 # ipv6 proxy 1168 ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null 1169 check_err $? 1170 ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6" 1171 check_err $? 1172 ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null 1173 check_err $? 1174 1175 if [ $ret -ne 0 ];then 1176 echo "FAIL: neigh get" 1177 return 1 1178 fi 1179 1180 echo "PASS: neigh get" 1181} 1182 1183kci_test_bridge_parent_id() 1184{ 1185 local ret=0 1186 sysfsnet=/sys/bus/netdevsim/devices/netdevsim 1187 probed=false 1188 1189 if [ ! -w /sys/bus/netdevsim/new_device ] ; then 1190 modprobe -q netdevsim 1191 check_err $? 1192 if [ $ret -ne 0 ]; then 1193 echo "SKIP: bridge_parent_id can't load netdevsim" 1194 return $ksft_skip 1195 fi 1196 probed=true 1197 fi 1198 1199 echo "10 1" > /sys/bus/netdevsim/new_device 1200 while [ ! -d ${sysfsnet}10 ] ; do :; done 1201 echo "20 1" > /sys/bus/netdevsim/new_device 1202 while [ ! -d ${sysfsnet}20 ] ; do :; done 1203 udevadm settle 1204 dev10=`ls ${sysfsnet}10/net/` 1205 dev20=`ls ${sysfsnet}20/net/` 1206 1207 ip link add name test-bond0 type bond mode 802.3ad 1208 ip link set dev $dev10 master test-bond0 1209 ip link set dev $dev20 master test-bond0 1210 ip link add name test-br0 type bridge 1211 ip link set dev test-bond0 master test-br0 1212 check_err $? 1213 1214 # clean up any leftovers 1215 ip link del dev test-br0 1216 ip link del dev test-bond0 1217 echo 20 > /sys/bus/netdevsim/del_device 1218 echo 10 > /sys/bus/netdevsim/del_device 1219 $probed && rmmod netdevsim 1220 1221 if [ $ret -ne 0 ]; then 1222 echo "FAIL: bridge_parent_id" 1223 return 1 1224 fi 1225 echo "PASS: bridge_parent_id" 1226} 1227 1228kci_test_rtnl() 1229{ 1230 local ret=0 1231 kci_add_dummy 1232 if [ $ret -ne 0 ];then 1233 echo "FAIL: cannot add dummy interface" 1234 return 1 1235 fi 1236 1237 kci_test_polrouting 1238 check_err $? 1239 kci_test_route_get 1240 check_err $? 1241 kci_test_addrlft 1242 check_err $? 1243 kci_test_promote_secondaries 1244 check_err $? 1245 kci_test_tc 1246 check_err $? 1247 kci_test_gre 1248 check_err $? 1249 kci_test_gretap 1250 check_err $? 1251 kci_test_ip6gretap 1252 check_err $? 1253 kci_test_erspan 1254 check_err $? 1255 kci_test_ip6erspan 1256 check_err $? 1257 kci_test_bridge 1258 check_err $? 1259 kci_test_addrlabel 1260 check_err $? 1261 kci_test_ifalias 1262 check_err $? 1263 kci_test_vrf 1264 check_err $? 1265 kci_test_encap 1266 check_err $? 1267 kci_test_macsec 1268 check_err $? 1269 kci_test_ipsec 1270 check_err $? 1271 kci_test_ipsec_offload 1272 check_err $? 1273 kci_test_fdb_get 1274 check_err $? 1275 kci_test_neigh_get 1276 check_err $? 1277 kci_test_bridge_parent_id 1278 check_err $? 1279 1280 kci_del_dummy 1281 return $ret 1282} 1283 1284#check for needed privileges 1285if [ "$(id -u)" -ne 0 ];then 1286 echo "SKIP: Need root privileges" 1287 exit $ksft_skip 1288fi 1289 1290for x in ip tc;do 1291 $x -Version 2>/dev/null >/dev/null 1292 if [ $? -ne 0 ];then 1293 echo "SKIP: Could not run test without the $x tool" 1294 exit $ksft_skip 1295 fi 1296done 1297 1298kci_test_rtnl 1299 1300exit $? 1301