1#!/bin/bash 2# 3# This test is for checking rtnetlink callpaths, and get as much coverage as possible. 4# 5# set -e 6 7devdummy="test-dummy0" 8 9# Kselftest framework requirement - SKIP code is 4. 10ksft_skip=4 11 12# set global exit status, but never reset nonzero one. 13check_err() 14{ 15 if [ $ret -eq 0 ]; then 16 ret=$1 17 fi 18} 19 20# same but inverted -- used when command must fail for test to pass 21check_fail() 22{ 23 if [ $1 -eq 0 ]; then 24 ret=1 25 fi 26} 27 28kci_add_dummy() 29{ 30 ip link add name "$devdummy" type dummy 31 check_err $? 32 ip link set "$devdummy" up 33 check_err $? 34} 35 36kci_del_dummy() 37{ 38 ip link del dev "$devdummy" 39 check_err $? 40} 41 42kci_test_netconf() 43{ 44 dev="$1" 45 r=$ret 46 47 ip netconf show dev "$dev" > /dev/null 48 check_err $? 49 50 for f in 4 6; do 51 ip -$f netconf show dev "$dev" > /dev/null 52 check_err $? 53 done 54 55 if [ $ret -ne 0 ] ;then 56 echo "FAIL: ip netconf show $dev" 57 test $r -eq 0 && ret=0 58 return 1 59 fi 60} 61 62# add a bridge with vlans on top 63kci_test_bridge() 64{ 65 devbr="test-br0" 66 vlandev="testbr-vlan1" 67 68 local ret=0 69 ip link add name "$devbr" type bridge 70 check_err $? 71 72 ip link set dev "$devdummy" master "$devbr" 73 check_err $? 74 75 ip link set "$devbr" up 76 check_err $? 77 78 ip link add link "$devbr" name "$vlandev" type vlan id 1 79 check_err $? 80 ip addr add dev "$vlandev" 10.200.7.23/30 81 check_err $? 82 ip -6 addr add dev "$vlandev" dead:42::1234/64 83 check_err $? 84 ip -d link > /dev/null 85 check_err $? 86 ip r s t all > /dev/null 87 check_err $? 88 89 for name in "$devbr" "$vlandev" "$devdummy" ; do 90 kci_test_netconf "$name" 91 done 92 93 ip -6 addr del dev "$vlandev" dead:42::1234/64 94 check_err $? 95 96 ip link del dev "$vlandev" 97 check_err $? 98 ip link del dev "$devbr" 99 check_err $? 100 101 if [ $ret -ne 0 ];then 102 echo "FAIL: bridge setup" 103 return 1 104 fi 105 echo "PASS: bridge setup" 106 107} 108 109kci_test_gre() 110{ 111 gredev=neta 112 rem=10.42.42.1 113 loc=10.0.0.1 114 115 local ret=0 116 ip tunnel add $gredev mode gre remote $rem local $loc ttl 1 117 check_err $? 118 ip link set $gredev up 119 check_err $? 120 ip addr add 10.23.7.10 dev $gredev 121 check_err $? 122 ip route add 10.23.8.0/30 dev $gredev 123 check_err $? 124 ip addr add dev "$devdummy" 10.23.7.11/24 125 check_err $? 126 ip link > /dev/null 127 check_err $? 128 ip addr > /dev/null 129 check_err $? 130 131 kci_test_netconf "$gredev" 132 133 ip addr del dev "$devdummy" 10.23.7.11/24 134 check_err $? 135 136 ip link del $gredev 137 check_err $? 138 139 if [ $ret -ne 0 ];then 140 echo "FAIL: gre tunnel endpoint" 141 return 1 142 fi 143 echo "PASS: gre tunnel endpoint" 144} 145 146# tc uses rtnetlink too, for full tc testing 147# please see tools/testing/selftests/tc-testing. 148kci_test_tc() 149{ 150 dev=lo 151 local ret=0 152 153 tc qdisc add dev "$dev" root handle 1: htb 154 check_err $? 155 tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit 156 check_err $? 157 tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256 158 check_err $? 159 tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256 160 check_err $? 161 tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256 162 check_err $? 163 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10 164 check_err $? 165 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10 166 check_err $? 167 tc filter show dev "$dev" parent 1:0 > /dev/null 168 check_err $? 169 tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 170 check_err $? 171 tc filter show dev "$dev" parent 1:0 > /dev/null 172 check_err $? 173 tc qdisc del dev "$dev" root handle 1: htb 174 check_err $? 175 176 if [ $ret -ne 0 ];then 177 echo "FAIL: tc htb hierarchy" 178 return 1 179 fi 180 echo "PASS: tc htb hierarchy" 181 182} 183 184kci_test_polrouting() 185{ 186 local ret=0 187 ip rule add fwmark 1 lookup 100 188 check_err $? 189 ip route add local 0.0.0.0/0 dev lo table 100 190 check_err $? 191 ip r s t all > /dev/null 192 check_err $? 193 ip rule del fwmark 1 lookup 100 194 check_err $? 195 ip route del local 0.0.0.0/0 dev lo table 100 196 check_err $? 197 198 if [ $ret -ne 0 ];then 199 echo "FAIL: policy route test" 200 return 1 201 fi 202 echo "PASS: policy routing" 203} 204 205kci_test_route_get() 206{ 207 local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy) 208 209 local ret=0 210 211 ip route get 127.0.0.1 > /dev/null 212 check_err $? 213 ip route get 127.0.0.1 dev "$devdummy" > /dev/null 214 check_err $? 215 ip route get ::1 > /dev/null 216 check_err $? 217 ip route get fe80::1 dev "$devdummy" > /dev/null 218 check_err $? 219 ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null 220 check_err $? 221 ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null 222 check_err $? 223 ip addr add dev "$devdummy" 10.23.7.11/24 224 check_err $? 225 ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null 226 check_err $? 227 ip route add 10.23.8.0/24 \ 228 nexthop via 10.23.7.13 dev "$devdummy" \ 229 nexthop via 10.23.7.14 dev "$devdummy" 230 check_err $? 231 sysctl -wq net.ipv4.fib_multipath_hash_policy=0 232 ip route get 10.23.8.11 > /dev/null 233 check_err $? 234 sysctl -wq net.ipv4.fib_multipath_hash_policy=1 235 ip route get 10.23.8.11 > /dev/null 236 check_err $? 237 sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy" 238 ip route del 10.23.8.0/24 239 check_err $? 240 ip addr del dev "$devdummy" 10.23.7.11/24 241 check_err $? 242 243 if [ $ret -ne 0 ];then 244 echo "FAIL: route get" 245 return 1 246 fi 247 248 echo "PASS: route get" 249} 250 251kci_test_addrlft() 252{ 253 for i in $(seq 10 100) ;do 254 lft=$(((RANDOM%3) + 1)) 255 ip addr add 10.23.11.$i/32 dev "$devdummy" preferred_lft $lft valid_lft $((lft+1)) 256 check_err $? 257 done 258 259 sleep 5 260 261 ip addr show dev "$devdummy" | grep "10.23.11." 262 if [ $? -eq 0 ]; then 263 echo "FAIL: preferred_lft addresses remaining" 264 check_err 1 265 return 266 fi 267 268 echo "PASS: preferred_lft addresses have expired" 269} 270 271kci_test_promote_secondaries() 272{ 273 promote=$(sysctl -n net.ipv4.conf.$devdummy.promote_secondaries) 274 275 sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=1 276 277 for i in $(seq 2 254);do 278 IP="10.23.11.$i" 279 ip -f inet addr add $IP/16 brd + dev "$devdummy" 280 ifconfig "$devdummy" $IP netmask 255.255.0.0 281 done 282 283 ip addr flush dev "$devdummy" 284 285 [ $promote -eq 0 ] && sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=0 286 287 echo "PASS: promote_secondaries complete" 288} 289 290kci_test_addrlabel() 291{ 292 local ret=0 293 294 ip addrlabel add prefix dead::/64 dev lo label 1 295 check_err $? 296 297 ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1" 298 check_err $? 299 300 ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null 301 check_err $? 302 303 ip addrlabel add prefix dead::/64 label 1 2> /dev/null 304 check_err $? 305 306 ip addrlabel del prefix dead::/64 label 1 2> /dev/null 307 check_err $? 308 309 # concurrent add/delete 310 for i in $(seq 1 1000); do 311 ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null 312 done & 313 314 for i in $(seq 1 1000); do 315 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null 316 done 317 318 wait 319 320 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null 321 322 if [ $ret -ne 0 ];then 323 echo "FAIL: ipv6 addrlabel" 324 return 1 325 fi 326 327 echo "PASS: ipv6 addrlabel" 328} 329 330kci_test_ifalias() 331{ 332 local ret=0 333 namewant=$(uuidgen) 334 syspathname="/sys/class/net/$devdummy/ifalias" 335 336 ip link set dev "$devdummy" alias "$namewant" 337 check_err $? 338 339 if [ $ret -ne 0 ]; then 340 echo "FAIL: cannot set interface alias of $devdummy to $namewant" 341 return 1 342 fi 343 344 ip link show "$devdummy" | grep -q "alias $namewant" 345 check_err $? 346 347 if [ -r "$syspathname" ] ; then 348 read namehave < "$syspathname" 349 if [ "$namewant" != "$namehave" ]; then 350 echo "FAIL: did set ifalias $namewant but got $namehave" 351 return 1 352 fi 353 354 namewant=$(uuidgen) 355 echo "$namewant" > "$syspathname" 356 ip link show "$devdummy" | grep -q "alias $namewant" 357 check_err $? 358 359 # sysfs interface allows to delete alias again 360 echo "" > "$syspathname" 361 362 ip link show "$devdummy" | grep -q "alias $namewant" 363 check_fail $? 364 365 for i in $(seq 1 100); do 366 uuidgen > "$syspathname" & 367 done 368 369 wait 370 371 # re-add the alias -- kernel should free mem when dummy dev is removed 372 ip link set dev "$devdummy" alias "$namewant" 373 check_err $? 374 fi 375 376 if [ $ret -ne 0 ]; then 377 echo "FAIL: set interface alias $devdummy to $namewant" 378 return 1 379 fi 380 381 echo "PASS: set ifalias $namewant for $devdummy" 382} 383 384kci_test_vrf() 385{ 386 vrfname="test-vrf" 387 local ret=0 388 389 ip link show type vrf 2>/dev/null 390 if [ $? -ne 0 ]; then 391 echo "SKIP: vrf: iproute2 too old" 392 return $ksft_skip 393 fi 394 395 ip link add "$vrfname" type vrf table 10 396 check_err $? 397 if [ $ret -ne 0 ];then 398 echo "FAIL: can't add vrf interface, skipping test" 399 return 0 400 fi 401 402 ip -br link show type vrf | grep -q "$vrfname" 403 check_err $? 404 if [ $ret -ne 0 ];then 405 echo "FAIL: created vrf device not found" 406 return 1 407 fi 408 409 ip link set dev "$vrfname" up 410 check_err $? 411 412 ip link set dev "$devdummy" master "$vrfname" 413 check_err $? 414 ip link del dev "$vrfname" 415 check_err $? 416 417 if [ $ret -ne 0 ];then 418 echo "FAIL: vrf" 419 return 1 420 fi 421 422 echo "PASS: vrf" 423} 424 425kci_test_encap_vxlan() 426{ 427 local ret=0 428 vxlan="test-vxlan0" 429 vlan="test-vlan0" 430 testns="$1" 431 432 ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \ 433 dev "$devdummy" dstport 4789 2>/dev/null 434 if [ $? -ne 0 ]; then 435 echo "FAIL: can't add vxlan interface, skipping test" 436 return 0 437 fi 438 check_err $? 439 440 ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan" 441 check_err $? 442 443 ip -netns "$testns" link set up dev "$vxlan" 444 check_err $? 445 446 ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1 447 check_err $? 448 449 # changelink testcases 450 ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null 451 check_fail $? 452 453 ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null 454 check_fail $? 455 456 ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null 457 check_fail $? 458 459 ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64 460 check_err $? 461 462 ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning 463 check_err $? 464 465 ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null 466 check_fail $? 467 468 ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null 469 check_fail $? 470 471 ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null 472 check_fail $? 473 474 ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null 475 check_fail $? 476 477 ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null 478 check_fail $? 479 480 ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null 481 check_fail $? 482 483 ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null 484 check_fail $? 485 486 ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null 487 check_fail $? 488 489 ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null 490 check_fail $? 491 492 ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null 493 check_fail $? 494 495 ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null 496 check_fail $? 497 498 ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null 499 check_fail $? 500 501 ip -netns "$testns" link del "$vxlan" 502 check_err $? 503 504 if [ $ret -ne 0 ]; then 505 echo "FAIL: vxlan" 506 return 1 507 fi 508 echo "PASS: vxlan" 509} 510 511kci_test_encap_fou() 512{ 513 local ret=0 514 name="test-fou" 515 testns="$1" 516 517 ip fou help 2>&1 |grep -q 'Usage: ip fou' 518 if [ $? -ne 0 ];then 519 echo "SKIP: fou: iproute2 too old" 520 return $ksft_skip 521 fi 522 523 ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null 524 if [ $? -ne 0 ];then 525 echo "FAIL: can't add fou port 7777, skipping test" 526 return 1 527 fi 528 529 ip -netns "$testns" fou add port 8888 ipproto 4 530 check_err $? 531 532 ip -netns "$testns" fou del port 9999 2>/dev/null 533 check_fail $? 534 535 ip -netns "$testns" fou del port 7777 536 check_err $? 537 538 if [ $ret -ne 0 ]; then 539 echo "FAIL: fou" 540 return 1 541 fi 542 543 echo "PASS: fou" 544} 545 546# test various encap methods, use netns to avoid unwanted interference 547kci_test_encap() 548{ 549 testns="testns" 550 local ret=0 551 552 ip netns add "$testns" 553 if [ $? -ne 0 ]; then 554 echo "SKIP encap tests: cannot add net namespace $testns" 555 return $ksft_skip 556 fi 557 558 ip -netns "$testns" link set lo up 559 check_err $? 560 561 ip -netns "$testns" link add name "$devdummy" type dummy 562 check_err $? 563 ip -netns "$testns" link set "$devdummy" up 564 check_err $? 565 566 kci_test_encap_vxlan "$testns" 567 check_err $? 568 kci_test_encap_fou "$testns" 569 check_err $? 570 571 ip netns del "$testns" 572 return $ret 573} 574 575kci_test_macsec() 576{ 577 msname="test_macsec0" 578 local ret=0 579 580 ip macsec help 2>&1 | grep -q "^Usage: ip macsec" 581 if [ $? -ne 0 ]; then 582 echo "SKIP: macsec: iproute2 too old" 583 return $ksft_skip 584 fi 585 586 ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on 587 check_err $? 588 if [ $ret -ne 0 ];then 589 echo "FAIL: can't add macsec interface, skipping test" 590 return 1 591 fi 592 593 ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012 594 check_err $? 595 596 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" 597 check_err $? 598 599 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef 600 check_err $? 601 602 ip macsec show > /dev/null 603 check_err $? 604 605 ip link del dev "$msname" 606 check_err $? 607 608 if [ $ret -ne 0 ];then 609 echo "FAIL: macsec" 610 return 1 611 fi 612 613 echo "PASS: macsec" 614} 615 616#------------------------------------------------------------------- 617# Example commands 618# ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ 619# spi 0x07 mode transport reqid 0x07 replay-window 32 \ 620# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ 621# sel src 14.0.0.52/24 dst 14.0.0.70/24 622# ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ 623# tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ 624# spi 0x07 mode transport reqid 0x07 625# 626# Subcommands not tested 627# ip x s update 628# ip x s allocspi 629# ip x s deleteall 630# ip x p update 631# ip x p deleteall 632# ip x p set 633#------------------------------------------------------------------- 634kci_test_ipsec() 635{ 636 local ret=0 637 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" 638 srcip=192.168.123.1 639 dstip=192.168.123.2 640 spi=7 641 642 ip addr add $srcip dev $devdummy 643 644 # flush to be sure there's nothing configured 645 ip x s flush ; ip x p flush 646 check_err $? 647 648 # start the monitor in the background 649 tmpfile=`mktemp /var/run/ipsectestXXX` 650 mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null` 651 sleep 0.2 652 653 ipsecid="proto esp src $srcip dst $dstip spi 0x07" 654 ip x s add $ipsecid \ 655 mode transport reqid 0x07 replay-window 32 \ 656 $algo sel src $srcip/24 dst $dstip/24 657 check_err $? 658 659 lines=`ip x s list | grep $srcip | grep $dstip | wc -l` 660 test $lines -eq 2 661 check_err $? 662 663 ip x s count | grep -q "SAD count 1" 664 check_err $? 665 666 lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l` 667 test $lines -eq 2 668 check_err $? 669 670 ip x s delete $ipsecid 671 check_err $? 672 673 lines=`ip x s list | wc -l` 674 test $lines -eq 0 675 check_err $? 676 677 ipsecsel="dir out src $srcip/24 dst $dstip/24" 678 ip x p add $ipsecsel \ 679 tmpl proto esp src $srcip dst $dstip \ 680 spi 0x07 mode transport reqid 0x07 681 check_err $? 682 683 lines=`ip x p list | grep $srcip | grep $dstip | wc -l` 684 test $lines -eq 2 685 check_err $? 686 687 ip x p count | grep -q "SPD IN 0 OUT 1 FWD 0" 688 check_err $? 689 690 lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l` 691 test $lines -eq 2 692 check_err $? 693 694 ip x p delete $ipsecsel 695 check_err $? 696 697 lines=`ip x p list | wc -l` 698 test $lines -eq 0 699 check_err $? 700 701 # check the monitor results 702 kill $mpid 703 lines=`wc -l $tmpfile | cut "-d " -f1` 704 test $lines -eq 20 705 check_err $? 706 rm -rf $tmpfile 707 708 # clean up any leftovers 709 ip x s flush 710 check_err $? 711 ip x p flush 712 check_err $? 713 ip addr del $srcip/32 dev $devdummy 714 715 if [ $ret -ne 0 ]; then 716 echo "FAIL: ipsec" 717 return 1 718 fi 719 echo "PASS: ipsec" 720} 721 722#------------------------------------------------------------------- 723# Example commands 724# ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ 725# spi 0x07 mode transport reqid 0x07 replay-window 32 \ 726# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ 727# sel src 14.0.0.52/24 dst 14.0.0.70/24 728# offload dev sim1 dir out 729# ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ 730# tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ 731# spi 0x07 mode transport reqid 0x07 732# 733#------------------------------------------------------------------- 734kci_test_ipsec_offload() 735{ 736 local ret=0 737 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" 738 srcip=192.168.123.3 739 dstip=192.168.123.4 740 sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/ 741 sysfsf=$sysfsd/ipsec 742 sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/ 743 probed=false 744 745 # setup netdevsim since dummydev doesn't have offload support 746 if [ ! -w /sys/bus/netdevsim/new_device ] ; then 747 modprobe -q netdevsim 748 check_err $? 749 if [ $ret -ne 0 ]; then 750 echo "SKIP: ipsec_offload can't load netdevsim" 751 return $ksft_skip 752 fi 753 probed=true 754 fi 755 756 echo "0" > /sys/bus/netdevsim/new_device 757 while [ ! -d $sysfsnet ] ; do :; done 758 udevadm settle 759 dev=`ls $sysfsnet` 760 761 ip addr add $srcip dev $dev 762 ip link set $dev up 763 if [ ! -d $sysfsd ] ; then 764 echo "FAIL: ipsec_offload can't create device $dev" 765 return 1 766 fi 767 if [ ! -f $sysfsf ] ; then 768 echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload" 769 return 1 770 fi 771 772 # flush to be sure there's nothing configured 773 ip x s flush ; ip x p flush 774 775 # create offloaded SAs, both in and out 776 ip x p add dir out src $srcip/24 dst $dstip/24 \ 777 tmpl proto esp src $srcip dst $dstip spi 9 \ 778 mode transport reqid 42 779 check_err $? 780 ip x p add dir out src $dstip/24 dst $srcip/24 \ 781 tmpl proto esp src $dstip dst $srcip spi 9 \ 782 mode transport reqid 42 783 check_err $? 784 785 ip x s add proto esp src $srcip dst $dstip spi 9 \ 786 mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \ 787 offload dev $dev dir out 788 check_err $? 789 ip x s add proto esp src $dstip dst $srcip spi 9 \ 790 mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \ 791 offload dev $dev dir in 792 check_err $? 793 if [ $ret -ne 0 ]; then 794 echo "FAIL: ipsec_offload can't create SA" 795 return 1 796 fi 797 798 # does offload show up in ip output 799 lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"` 800 if [ $lines -ne 2 ] ; then 801 echo "FAIL: ipsec_offload SA offload missing from list output" 802 check_err 1 803 fi 804 805 # use ping to exercise the Tx path 806 ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null 807 808 # does driver have correct offload info 809 diff $sysfsf - << EOF 810SA count=2 tx=3 811sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000 812sa[0] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1 813sa[0] key=0x34333231 38373635 32313039 36353433 814sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0 815sa[1] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1 816sa[1] key=0x34333231 38373635 32313039 36353433 817EOF 818 if [ $? -ne 0 ] ; then 819 echo "FAIL: ipsec_offload incorrect driver data" 820 check_err 1 821 fi 822 823 # does offload get removed from driver 824 ip x s flush 825 ip x p flush 826 lines=`grep -c "SA count=0" $sysfsf` 827 if [ $lines -ne 1 ] ; then 828 echo "FAIL: ipsec_offload SA not removed from driver" 829 check_err 1 830 fi 831 832 # clean up any leftovers 833 $probed && rmmod netdevsim 834 835 if [ $ret -ne 0 ]; then 836 echo "FAIL: ipsec_offload" 837 return 1 838 fi 839 echo "PASS: ipsec_offload" 840} 841 842kci_test_gretap() 843{ 844 testns="testns" 845 DEV_NS=gretap00 846 local ret=0 847 848 ip netns add "$testns" 849 if [ $? -ne 0 ]; then 850 echo "SKIP gretap tests: cannot add net namespace $testns" 851 return $ksft_skip 852 fi 853 854 ip link help gretap 2>&1 | grep -q "^Usage:" 855 if [ $? -ne 0 ];then 856 echo "SKIP: gretap: iproute2 too old" 857 ip netns del "$testns" 858 return $ksft_skip 859 fi 860 861 # test native tunnel 862 ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \ 863 key 102 local 172.16.1.100 remote 172.16.1.200 864 check_err $? 865 866 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 867 check_err $? 868 869 ip -netns "$testns" link set dev $DEV_NS up 870 check_err $? 871 872 ip -netns "$testns" link del "$DEV_NS" 873 check_err $? 874 875 # test external mode 876 ip -netns "$testns" link add dev "$DEV_NS" type gretap external 877 check_err $? 878 879 ip -netns "$testns" link del "$DEV_NS" 880 check_err $? 881 882 if [ $ret -ne 0 ]; then 883 echo "FAIL: gretap" 884 ip netns del "$testns" 885 return 1 886 fi 887 echo "PASS: gretap" 888 889 ip netns del "$testns" 890} 891 892kci_test_ip6gretap() 893{ 894 testns="testns" 895 DEV_NS=ip6gretap00 896 local ret=0 897 898 ip netns add "$testns" 899 if [ $? -ne 0 ]; then 900 echo "SKIP ip6gretap tests: cannot add net namespace $testns" 901 return $ksft_skip 902 fi 903 904 ip link help ip6gretap 2>&1 | grep -q "^Usage:" 905 if [ $? -ne 0 ];then 906 echo "SKIP: ip6gretap: iproute2 too old" 907 ip netns del "$testns" 908 return $ksft_skip 909 fi 910 911 # test native tunnel 912 ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \ 913 key 102 local fc00:100::1 remote fc00:100::2 914 check_err $? 915 916 ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96 917 check_err $? 918 919 ip -netns "$testns" link set dev $DEV_NS up 920 check_err $? 921 922 ip -netns "$testns" link del "$DEV_NS" 923 check_err $? 924 925 # test external mode 926 ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external 927 check_err $? 928 929 ip -netns "$testns" link del "$DEV_NS" 930 check_err $? 931 932 if [ $ret -ne 0 ]; then 933 echo "FAIL: ip6gretap" 934 ip netns del "$testns" 935 return 1 936 fi 937 echo "PASS: ip6gretap" 938 939 ip netns del "$testns" 940} 941 942kci_test_erspan() 943{ 944 testns="testns" 945 DEV_NS=erspan00 946 local ret=0 947 948 ip link help erspan 2>&1 | grep -q "^Usage:" 949 if [ $? -ne 0 ];then 950 echo "SKIP: erspan: iproute2 too old" 951 return $ksft_skip 952 fi 953 954 ip netns add "$testns" 955 if [ $? -ne 0 ]; then 956 echo "SKIP erspan tests: cannot add net namespace $testns" 957 return $ksft_skip 958 fi 959 960 # test native tunnel erspan v1 961 ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \ 962 key 102 local 172.16.1.100 remote 172.16.1.200 \ 963 erspan_ver 1 erspan 488 964 check_err $? 965 966 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 967 check_err $? 968 969 ip -netns "$testns" link set dev $DEV_NS up 970 check_err $? 971 972 ip -netns "$testns" link del "$DEV_NS" 973 check_err $? 974 975 # test native tunnel erspan v2 976 ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \ 977 key 102 local 172.16.1.100 remote 172.16.1.200 \ 978 erspan_ver 2 erspan_dir ingress erspan_hwid 7 979 check_err $? 980 981 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 982 check_err $? 983 984 ip -netns "$testns" link set dev $DEV_NS up 985 check_err $? 986 987 ip -netns "$testns" link del "$DEV_NS" 988 check_err $? 989 990 # test external mode 991 ip -netns "$testns" link add dev "$DEV_NS" type erspan external 992 check_err $? 993 994 ip -netns "$testns" link del "$DEV_NS" 995 check_err $? 996 997 if [ $ret -ne 0 ]; then 998 echo "FAIL: erspan" 999 ip netns del "$testns" 1000 return 1 1001 fi 1002 echo "PASS: erspan" 1003 1004 ip netns del "$testns" 1005} 1006 1007kci_test_ip6erspan() 1008{ 1009 testns="testns" 1010 DEV_NS=ip6erspan00 1011 local ret=0 1012 1013 ip link help ip6erspan 2>&1 | grep -q "^Usage:" 1014 if [ $? -ne 0 ];then 1015 echo "SKIP: ip6erspan: iproute2 too old" 1016 return $ksft_skip 1017 fi 1018 1019 ip netns add "$testns" 1020 if [ $? -ne 0 ]; then 1021 echo "SKIP ip6erspan tests: cannot add net namespace $testns" 1022 return $ksft_skip 1023 fi 1024 1025 # test native tunnel ip6erspan v1 1026 ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \ 1027 key 102 local fc00:100::1 remote fc00:100::2 \ 1028 erspan_ver 1 erspan 488 1029 check_err $? 1030 1031 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 1032 check_err $? 1033 1034 ip -netns "$testns" link set dev $DEV_NS up 1035 check_err $? 1036 1037 ip -netns "$testns" link del "$DEV_NS" 1038 check_err $? 1039 1040 # test native tunnel ip6erspan v2 1041 ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \ 1042 key 102 local fc00:100::1 remote fc00:100::2 \ 1043 erspan_ver 2 erspan_dir ingress erspan_hwid 7 1044 check_err $? 1045 1046 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 1047 check_err $? 1048 1049 ip -netns "$testns" link set dev $DEV_NS up 1050 check_err $? 1051 1052 ip -netns "$testns" link del "$DEV_NS" 1053 check_err $? 1054 1055 # test external mode 1056 ip -netns "$testns" link add dev "$DEV_NS" \ 1057 type ip6erspan external 1058 check_err $? 1059 1060 ip -netns "$testns" link del "$DEV_NS" 1061 check_err $? 1062 1063 if [ $ret -ne 0 ]; then 1064 echo "FAIL: ip6erspan" 1065 ip netns del "$testns" 1066 return 1 1067 fi 1068 echo "PASS: ip6erspan" 1069 1070 ip netns del "$testns" 1071} 1072 1073kci_test_fdb_get() 1074{ 1075 IP="ip -netns testns" 1076 BRIDGE="bridge -netns testns" 1077 brdev="test-br0" 1078 vxlandev="vxlan10" 1079 test_mac=de:ad:be:ef:13:37 1080 localip="10.0.2.2" 1081 dstip="10.0.2.3" 1082 local ret=0 1083 1084 bridge fdb help 2>&1 |grep -q 'bridge fdb get' 1085 if [ $? -ne 0 ];then 1086 echo "SKIP: fdb get tests: iproute2 too old" 1087 return $ksft_skip 1088 fi 1089 1090 ip netns add testns 1091 if [ $? -ne 0 ]; then 1092 echo "SKIP fdb get tests: cannot add net namespace $testns" 1093 return $ksft_skip 1094 fi 1095 1096 $IP link add "$vxlandev" type vxlan id 10 local $localip \ 1097 dstport 4789 2>/dev/null 1098 check_err $? 1099 $IP link add name "$brdev" type bridge &>/dev/null 1100 check_err $? 1101 $IP link set dev "$vxlandev" master "$brdev" &>/dev/null 1102 check_err $? 1103 $BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null 1104 check_err $? 1105 $BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null 1106 check_err $? 1107 1108 $BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev" 1109 check_err $? 1110 $BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev" 1111 check_err $? 1112 $BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip" 1113 check_err $? 1114 1115 ip netns del testns &>/dev/null 1116 1117 if [ $ret -ne 0 ]; then 1118 echo "FAIL: bridge fdb get" 1119 return 1 1120 fi 1121 1122 echo "PASS: bridge fdb get" 1123} 1124 1125kci_test_neigh_get() 1126{ 1127 dstmac=de:ad:be:ef:13:37 1128 dstip=10.0.2.4 1129 dstip6=dead::2 1130 local ret=0 1131 1132 ip neigh help 2>&1 |grep -q 'ip neigh get' 1133 if [ $? -ne 0 ];then 1134 echo "SKIP: fdb get tests: iproute2 too old" 1135 return $ksft_skip 1136 fi 1137 1138 # ipv4 1139 ip neigh add $dstip lladdr $dstmac dev "$devdummy" > /dev/null 1140 check_err $? 1141 ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac" 1142 check_err $? 1143 ip neigh del $dstip lladdr $dstmac dev "$devdummy" > /dev/null 1144 check_err $? 1145 1146 # ipv4 proxy 1147 ip neigh add proxy $dstip dev "$devdummy" > /dev/null 1148 check_err $? 1149 ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip" 1150 check_err $? 1151 ip neigh del proxy $dstip dev "$devdummy" > /dev/null 1152 check_err $? 1153 1154 # ipv6 1155 ip neigh add $dstip6 lladdr $dstmac dev "$devdummy" > /dev/null 1156 check_err $? 1157 ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac" 1158 check_err $? 1159 ip neigh del $dstip6 lladdr $dstmac dev "$devdummy" > /dev/null 1160 check_err $? 1161 1162 # ipv6 proxy 1163 ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null 1164 check_err $? 1165 ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6" 1166 check_err $? 1167 ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null 1168 check_err $? 1169 1170 if [ $ret -ne 0 ];then 1171 echo "FAIL: neigh get" 1172 return 1 1173 fi 1174 1175 echo "PASS: neigh get" 1176} 1177 1178kci_test_rtnl() 1179{ 1180 local ret=0 1181 kci_add_dummy 1182 if [ $ret -ne 0 ];then 1183 echo "FAIL: cannot add dummy interface" 1184 return 1 1185 fi 1186 1187 kci_test_polrouting 1188 check_err $? 1189 kci_test_route_get 1190 check_err $? 1191 kci_test_addrlft 1192 check_err $? 1193 kci_test_promote_secondaries 1194 check_err $? 1195 kci_test_tc 1196 check_err $? 1197 kci_test_gre 1198 check_err $? 1199 kci_test_gretap 1200 check_err $? 1201 kci_test_ip6gretap 1202 check_err $? 1203 kci_test_erspan 1204 check_err $? 1205 kci_test_ip6erspan 1206 check_err $? 1207 kci_test_bridge 1208 check_err $? 1209 kci_test_addrlabel 1210 check_err $? 1211 kci_test_ifalias 1212 check_err $? 1213 kci_test_vrf 1214 check_err $? 1215 kci_test_encap 1216 check_err $? 1217 kci_test_macsec 1218 check_err $? 1219 kci_test_ipsec 1220 check_err $? 1221 kci_test_ipsec_offload 1222 check_err $? 1223 kci_test_fdb_get 1224 check_err $? 1225 kci_test_neigh_get 1226 check_err $? 1227 1228 kci_del_dummy 1229 return $ret 1230} 1231 1232#check for needed privileges 1233if [ "$(id -u)" -ne 0 ];then 1234 echo "SKIP: Need root privileges" 1235 exit $ksft_skip 1236fi 1237 1238for x in ip tc;do 1239 $x -Version 2>/dev/null >/dev/null 1240 if [ $? -ne 0 ];then 1241 echo "SKIP: Could not run test without the $x tool" 1242 exit $ksft_skip 1243 fi 1244done 1245 1246kci_test_rtnl 1247 1248exit $? 1249