1#!/bin/bash
2#
3# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
4#
5# set -e
6
7devdummy="test-dummy0"
8
9# Kselftest framework requirement - SKIP code is 4.
10ksft_skip=4
11
12# set global exit status, but never reset nonzero one.
13check_err()
14{
15	if [ $ret -eq 0 ]; then
16		ret=$1
17	fi
18}
19
20# same but inverted -- used when command must fail for test to pass
21check_fail()
22{
23	if [ $1 -eq 0 ]; then
24		ret=1
25	fi
26}
27
28kci_add_dummy()
29{
30	ip link add name "$devdummy" type dummy
31	check_err $?
32	ip link set "$devdummy" up
33	check_err $?
34}
35
36kci_del_dummy()
37{
38	ip link del dev "$devdummy"
39	check_err $?
40}
41
42kci_test_netconf()
43{
44	dev="$1"
45	r=$ret
46
47	ip netconf show dev "$dev" > /dev/null
48	check_err $?
49
50	for f in 4 6; do
51		ip -$f netconf show dev "$dev" > /dev/null
52		check_err $?
53	done
54
55	if [ $ret -ne 0 ] ;then
56		echo "FAIL: ip netconf show $dev"
57		test $r -eq 0 && ret=0
58		return 1
59	fi
60}
61
62# add a bridge with vlans on top
63kci_test_bridge()
64{
65	devbr="test-br0"
66	vlandev="testbr-vlan1"
67
68	local ret=0
69	ip link add name "$devbr" type bridge
70	check_err $?
71
72	ip link set dev "$devdummy" master "$devbr"
73	check_err $?
74
75	ip link set "$devbr" up
76	check_err $?
77
78	ip link add link "$devbr" name "$vlandev" type vlan id 1
79	check_err $?
80	ip addr add dev "$vlandev" 10.200.7.23/30
81	check_err $?
82	ip -6 addr add dev "$vlandev" dead:42::1234/64
83	check_err $?
84	ip -d link > /dev/null
85	check_err $?
86	ip r s t all > /dev/null
87	check_err $?
88
89	for name in "$devbr" "$vlandev" "$devdummy" ; do
90		kci_test_netconf "$name"
91	done
92
93	ip -6 addr del dev "$vlandev" dead:42::1234/64
94	check_err $?
95
96	ip link del dev "$vlandev"
97	check_err $?
98	ip link del dev "$devbr"
99	check_err $?
100
101	if [ $ret -ne 0 ];then
102		echo "FAIL: bridge setup"
103		return 1
104	fi
105	echo "PASS: bridge setup"
106
107}
108
109kci_test_gre()
110{
111	gredev=neta
112	rem=10.42.42.1
113	loc=10.0.0.1
114
115	local ret=0
116	ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
117	check_err $?
118	ip link set $gredev up
119	check_err $?
120	ip addr add 10.23.7.10 dev $gredev
121	check_err $?
122	ip route add 10.23.8.0/30 dev $gredev
123	check_err $?
124	ip addr add dev "$devdummy" 10.23.7.11/24
125	check_err $?
126	ip link > /dev/null
127	check_err $?
128	ip addr > /dev/null
129	check_err $?
130
131	kci_test_netconf "$gredev"
132
133	ip addr del dev "$devdummy" 10.23.7.11/24
134	check_err $?
135
136	ip link del $gredev
137	check_err $?
138
139	if [ $ret -ne 0 ];then
140		echo "FAIL: gre tunnel endpoint"
141		return 1
142	fi
143	echo "PASS: gre tunnel endpoint"
144}
145
146# tc uses rtnetlink too, for full tc testing
147# please see tools/testing/selftests/tc-testing.
148kci_test_tc()
149{
150	dev=lo
151	local ret=0
152
153	tc qdisc add dev "$dev" root handle 1: htb
154	check_err $?
155	tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
156	check_err $?
157	tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
158	check_err $?
159	tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
160	check_err $?
161	tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
162	check_err $?
163	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
164	check_err $?
165	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
166	check_err $?
167	tc filter show dev "$dev" parent  1:0 > /dev/null
168	check_err $?
169	tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
170	check_err $?
171	tc filter show dev "$dev" parent  1:0 > /dev/null
172	check_err $?
173	tc qdisc del dev "$dev" root handle 1: htb
174	check_err $?
175
176	if [ $ret -ne 0 ];then
177		echo "FAIL: tc htb hierarchy"
178		return 1
179	fi
180	echo "PASS: tc htb hierarchy"
181
182}
183
184kci_test_polrouting()
185{
186	local ret=0
187	ip rule add fwmark 1 lookup 100
188	check_err $?
189	ip route add local 0.0.0.0/0 dev lo table 100
190	check_err $?
191	ip r s t all > /dev/null
192	check_err $?
193	ip rule del fwmark 1 lookup 100
194	check_err $?
195	ip route del local 0.0.0.0/0 dev lo table 100
196	check_err $?
197
198	if [ $ret -ne 0 ];then
199		echo "FAIL: policy route test"
200		return 1
201	fi
202	echo "PASS: policy routing"
203}
204
205kci_test_route_get()
206{
207	local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy)
208
209	local ret=0
210
211	ip route get 127.0.0.1 > /dev/null
212	check_err $?
213	ip route get 127.0.0.1 dev "$devdummy" > /dev/null
214	check_err $?
215	ip route get ::1 > /dev/null
216	check_err $?
217	ip route get fe80::1 dev "$devdummy" > /dev/null
218	check_err $?
219	ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x10 mark 0x1 > /dev/null
220	check_err $?
221	ip route get ::1 from ::1 iif lo oif lo tos 0x10 mark 0x1 > /dev/null
222	check_err $?
223	ip addr add dev "$devdummy" 10.23.7.11/24
224	check_err $?
225	ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
226	check_err $?
227	ip route add 10.23.8.0/24 \
228		nexthop via 10.23.7.13 dev "$devdummy" \
229		nexthop via 10.23.7.14 dev "$devdummy"
230	check_err $?
231	sysctl -wq net.ipv4.fib_multipath_hash_policy=0
232	ip route get 10.23.8.11 > /dev/null
233	check_err $?
234	sysctl -wq net.ipv4.fib_multipath_hash_policy=1
235	ip route get 10.23.8.11 > /dev/null
236	check_err $?
237	sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy"
238	ip route del 10.23.8.0/24
239	check_err $?
240	ip addr del dev "$devdummy" 10.23.7.11/24
241	check_err $?
242
243	if [ $ret -ne 0 ];then
244		echo "FAIL: route get"
245		return 1
246	fi
247
248	echo "PASS: route get"
249}
250
251kci_test_addrlft()
252{
253	for i in $(seq 10 100) ;do
254		lft=$(((RANDOM%3) + 1))
255		ip addr add 10.23.11.$i/32 dev "$devdummy" preferred_lft $lft valid_lft $((lft+1))
256		check_err $?
257	done
258
259	sleep 5
260
261	ip addr show dev "$devdummy" | grep "10.23.11."
262	if [ $? -eq 0 ]; then
263		echo "FAIL: preferred_lft addresses remaining"
264		check_err 1
265		return
266	fi
267
268	echo "PASS: preferred_lft addresses have expired"
269}
270
271kci_test_promote_secondaries()
272{
273	promote=$(sysctl -n net.ipv4.conf.$devdummy.promote_secondaries)
274
275	sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=1
276
277	for i in $(seq 2 254);do
278		IP="10.23.11.$i"
279		ip -f inet addr add $IP/16 brd + dev "$devdummy"
280		ifconfig "$devdummy" $IP netmask 255.255.0.0
281	done
282
283	ip addr flush dev "$devdummy"
284
285	[ $promote -eq 0 ] && sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=0
286
287	echo "PASS: promote_secondaries complete"
288}
289
290kci_test_addrlabel()
291{
292	local ret=0
293
294	ip addrlabel add prefix dead::/64 dev lo label 1
295	check_err $?
296
297	ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
298	check_err $?
299
300	ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
301	check_err $?
302
303	ip addrlabel add prefix dead::/64 label 1 2> /dev/null
304	check_err $?
305
306	ip addrlabel del prefix dead::/64 label 1 2> /dev/null
307	check_err $?
308
309	# concurrent add/delete
310	for i in $(seq 1 1000); do
311		ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
312	done &
313
314	for i in $(seq 1 1000); do
315		ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
316	done
317
318	wait
319
320	ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
321
322	if [ $ret -ne 0 ];then
323		echo "FAIL: ipv6 addrlabel"
324		return 1
325	fi
326
327	echo "PASS: ipv6 addrlabel"
328}
329
330kci_test_ifalias()
331{
332	local ret=0
333	namewant=$(uuidgen)
334	syspathname="/sys/class/net/$devdummy/ifalias"
335
336	ip link set dev "$devdummy" alias "$namewant"
337	check_err $?
338
339	if [ $ret -ne 0 ]; then
340		echo "FAIL: cannot set interface alias of $devdummy to $namewant"
341		return 1
342	fi
343
344	ip link show "$devdummy" | grep -q "alias $namewant"
345	check_err $?
346
347	if [ -r "$syspathname" ] ; then
348		read namehave < "$syspathname"
349		if [ "$namewant" != "$namehave" ]; then
350			echo "FAIL: did set ifalias $namewant but got $namehave"
351			return 1
352		fi
353
354		namewant=$(uuidgen)
355		echo "$namewant" > "$syspathname"
356	        ip link show "$devdummy" | grep -q "alias $namewant"
357		check_err $?
358
359		# sysfs interface allows to delete alias again
360		echo "" > "$syspathname"
361
362	        ip link show "$devdummy" | grep -q "alias $namewant"
363		check_fail $?
364
365		for i in $(seq 1 100); do
366			uuidgen > "$syspathname" &
367		done
368
369		wait
370
371		# re-add the alias -- kernel should free mem when dummy dev is removed
372		ip link set dev "$devdummy" alias "$namewant"
373		check_err $?
374	fi
375
376	if [ $ret -ne 0 ]; then
377		echo "FAIL: set interface alias $devdummy to $namewant"
378		return 1
379	fi
380
381	echo "PASS: set ifalias $namewant for $devdummy"
382}
383
384kci_test_vrf()
385{
386	vrfname="test-vrf"
387	local ret=0
388
389	ip link show type vrf 2>/dev/null
390	if [ $? -ne 0 ]; then
391		echo "SKIP: vrf: iproute2 too old"
392		return $ksft_skip
393	fi
394
395	ip link add "$vrfname" type vrf table 10
396	check_err $?
397	if [ $ret -ne 0 ];then
398		echo "FAIL: can't add vrf interface, skipping test"
399		return 0
400	fi
401
402	ip -br link show type vrf | grep -q "$vrfname"
403	check_err $?
404	if [ $ret -ne 0 ];then
405		echo "FAIL: created vrf device not found"
406		return 1
407	fi
408
409	ip link set dev "$vrfname" up
410	check_err $?
411
412	ip link set dev "$devdummy" master "$vrfname"
413	check_err $?
414	ip link del dev "$vrfname"
415	check_err $?
416
417	if [ $ret -ne 0 ];then
418		echo "FAIL: vrf"
419		return 1
420	fi
421
422	echo "PASS: vrf"
423}
424
425kci_test_encap_vxlan()
426{
427	local ret=0
428	vxlan="test-vxlan0"
429	vlan="test-vlan0"
430	testns="$1"
431
432	ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
433		dev "$devdummy" dstport 4789 2>/dev/null
434	if [ $? -ne 0 ]; then
435		echo "FAIL: can't add vxlan interface, skipping test"
436		return 0
437	fi
438	check_err $?
439
440	ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan"
441	check_err $?
442
443	ip -netns "$testns" link set up dev "$vxlan"
444	check_err $?
445
446	ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1
447	check_err $?
448
449	# changelink testcases
450	ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null
451	check_fail $?
452
453	ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null
454	check_fail $?
455
456	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null
457	check_fail $?
458
459	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64
460	check_err $?
461
462	ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning
463	check_err $?
464
465	ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null
466	check_fail $?
467
468	ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null
469	check_fail $?
470
471	ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null
472	check_fail $?
473
474	ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null
475	check_fail $?
476
477	ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null
478	check_fail $?
479
480	ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null
481	check_fail $?
482
483	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null
484	check_fail $?
485
486	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null
487	check_fail $?
488
489	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null
490	check_fail $?
491
492	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null
493	check_fail $?
494
495	ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null
496	check_fail $?
497
498	ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null
499	check_fail $?
500
501	ip -netns "$testns" link del "$vxlan"
502	check_err $?
503
504	if [ $ret -ne 0 ]; then
505		echo "FAIL: vxlan"
506		return 1
507	fi
508	echo "PASS: vxlan"
509}
510
511kci_test_encap_fou()
512{
513	local ret=0
514	name="test-fou"
515	testns="$1"
516
517	ip fou help 2>&1 |grep -q 'Usage: ip fou'
518	if [ $? -ne 0 ];then
519		echo "SKIP: fou: iproute2 too old"
520		return $ksft_skip
521	fi
522
523	if ! /sbin/modprobe -q -n fou; then
524		echo "SKIP: module fou is not found"
525		return $ksft_skip
526	fi
527	/sbin/modprobe -q fou
528	ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null
529	if [ $? -ne 0 ];then
530		echo "FAIL: can't add fou port 7777, skipping test"
531		return 1
532	fi
533
534	ip -netns "$testns" fou add port 8888 ipproto 4
535	check_err $?
536
537	ip -netns "$testns" fou del port 9999 2>/dev/null
538	check_fail $?
539
540	ip -netns "$testns" fou del port 7777
541	check_err $?
542
543	if [ $ret -ne 0 ]; then
544		echo "FAIL: fou"
545		return 1
546	fi
547
548	echo "PASS: fou"
549}
550
551# test various encap methods, use netns to avoid unwanted interference
552kci_test_encap()
553{
554	testns="testns"
555	local ret=0
556
557	ip netns add "$testns"
558	if [ $? -ne 0 ]; then
559		echo "SKIP encap tests: cannot add net namespace $testns"
560		return $ksft_skip
561	fi
562
563	ip -netns "$testns" link set lo up
564	check_err $?
565
566	ip -netns "$testns" link add name "$devdummy" type dummy
567	check_err $?
568	ip -netns "$testns" link set "$devdummy" up
569	check_err $?
570
571	kci_test_encap_vxlan "$testns"
572	check_err $?
573	kci_test_encap_fou "$testns"
574	check_err $?
575
576	ip netns del "$testns"
577	return $ret
578}
579
580kci_test_macsec()
581{
582	msname="test_macsec0"
583	local ret=0
584
585	ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
586	if [ $? -ne 0 ]; then
587		echo "SKIP: macsec: iproute2 too old"
588		return $ksft_skip
589	fi
590
591	ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
592	check_err $?
593	if [ $ret -ne 0 ];then
594		echo "FAIL: can't add macsec interface, skipping test"
595		return 1
596	fi
597
598	ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
599	check_err $?
600
601	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
602	check_err $?
603
604	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
605	check_err $?
606
607	ip macsec show > /dev/null
608	check_err $?
609
610	ip link del dev "$msname"
611	check_err $?
612
613	if [ $ret -ne 0 ];then
614		echo "FAIL: macsec"
615		return 1
616	fi
617
618	echo "PASS: macsec"
619}
620
621#-------------------------------------------------------------------
622# Example commands
623#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
624#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
625#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
626#            sel src 14.0.0.52/24 dst 14.0.0.70/24
627#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
628#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
629#            spi 0x07 mode transport reqid 0x07
630#
631# Subcommands not tested
632#    ip x s update
633#    ip x s allocspi
634#    ip x s deleteall
635#    ip x p update
636#    ip x p deleteall
637#    ip x p set
638#-------------------------------------------------------------------
639kci_test_ipsec()
640{
641	local ret=0
642	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
643	srcip=192.168.123.1
644	dstip=192.168.123.2
645	spi=7
646
647	ip addr add $srcip dev $devdummy
648
649	# flush to be sure there's nothing configured
650	ip x s flush ; ip x p flush
651	check_err $?
652
653	# start the monitor in the background
654	tmpfile=`mktemp /var/run/ipsectestXXX`
655	mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
656	sleep 0.2
657
658	ipsecid="proto esp src $srcip dst $dstip spi 0x07"
659	ip x s add $ipsecid \
660            mode transport reqid 0x07 replay-window 32 \
661            $algo sel src $srcip/24 dst $dstip/24
662	check_err $?
663
664	lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
665	test $lines -eq 2
666	check_err $?
667
668	ip x s count | grep -q "SAD count 1"
669	check_err $?
670
671	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
672	test $lines -eq 2
673	check_err $?
674
675	ip x s delete $ipsecid
676	check_err $?
677
678	lines=`ip x s list | wc -l`
679	test $lines -eq 0
680	check_err $?
681
682	ipsecsel="dir out src $srcip/24 dst $dstip/24"
683	ip x p add $ipsecsel \
684		    tmpl proto esp src $srcip dst $dstip \
685		    spi 0x07 mode transport reqid 0x07
686	check_err $?
687
688	lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
689	test $lines -eq 2
690	check_err $?
691
692	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
693	check_err $?
694
695	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
696	test $lines -eq 2
697	check_err $?
698
699	ip x p delete $ipsecsel
700	check_err $?
701
702	lines=`ip x p list | wc -l`
703	test $lines -eq 0
704	check_err $?
705
706	# check the monitor results
707	kill $mpid
708	lines=`wc -l $tmpfile | cut "-d " -f1`
709	test $lines -eq 20
710	check_err $?
711	rm -rf $tmpfile
712
713	# clean up any leftovers
714	ip x s flush
715	check_err $?
716	ip x p flush
717	check_err $?
718	ip addr del $srcip/32 dev $devdummy
719
720	if [ $ret -ne 0 ]; then
721		echo "FAIL: ipsec"
722		return 1
723	fi
724	echo "PASS: ipsec"
725}
726
727#-------------------------------------------------------------------
728# Example commands
729#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
730#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
731#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
732#            sel src 14.0.0.52/24 dst 14.0.0.70/24
733#            offload dev sim1 dir out
734#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
735#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
736#            spi 0x07 mode transport reqid 0x07
737#
738#-------------------------------------------------------------------
739kci_test_ipsec_offload()
740{
741	local ret=0
742	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
743	srcip=192.168.123.3
744	dstip=192.168.123.4
745	sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/
746	sysfsf=$sysfsd/ipsec
747	sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/
748	probed=false
749
750	# setup netdevsim since dummydev doesn't have offload support
751	if [ ! -w /sys/bus/netdevsim/new_device ] ; then
752		modprobe -q netdevsim
753		check_err $?
754		if [ $ret -ne 0 ]; then
755			echo "SKIP: ipsec_offload can't load netdevsim"
756			return $ksft_skip
757		fi
758		probed=true
759	fi
760
761	echo "0" > /sys/bus/netdevsim/new_device
762	while [ ! -d $sysfsnet ] ; do :; done
763	udevadm settle
764	dev=`ls $sysfsnet`
765
766	ip addr add $srcip dev $dev
767	ip link set $dev up
768	if [ ! -d $sysfsd ] ; then
769		echo "FAIL: ipsec_offload can't create device $dev"
770		return 1
771	fi
772	if [ ! -f $sysfsf ] ; then
773		echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
774		return 1
775	fi
776
777	# flush to be sure there's nothing configured
778	ip x s flush ; ip x p flush
779
780	# create offloaded SAs, both in and out
781	ip x p add dir out src $srcip/24 dst $dstip/24 \
782	    tmpl proto esp src $srcip dst $dstip spi 9 \
783	    mode transport reqid 42
784	check_err $?
785	ip x p add dir in src $dstip/24 dst $srcip/24 \
786	    tmpl proto esp src $dstip dst $srcip spi 9 \
787	    mode transport reqid 42
788	check_err $?
789
790	ip x s add proto esp src $srcip dst $dstip spi 9 \
791	    mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
792	    offload dev $dev dir out
793	check_err $?
794	ip x s add proto esp src $dstip dst $srcip spi 9 \
795	    mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
796	    offload dev $dev dir in
797	check_err $?
798	if [ $ret -ne 0 ]; then
799		echo "FAIL: ipsec_offload can't create SA"
800		return 1
801	fi
802
803	# does offload show up in ip output
804	lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
805	if [ $lines -ne 2 ] ; then
806		echo "FAIL: ipsec_offload SA offload missing from list output"
807		check_err 1
808	fi
809
810	# use ping to exercise the Tx path
811	ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
812
813	# does driver have correct offload info
814	diff $sysfsf - << EOF
815SA count=2 tx=3
816sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
817sa[0]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
818sa[0]    key=0x34333231 38373635 32313039 36353433
819sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
820sa[1]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
821sa[1]    key=0x34333231 38373635 32313039 36353433
822EOF
823	if [ $? -ne 0 ] ; then
824		echo "FAIL: ipsec_offload incorrect driver data"
825		check_err 1
826	fi
827
828	# does offload get removed from driver
829	ip x s flush
830	ip x p flush
831	lines=`grep -c "SA count=0" $sysfsf`
832	if [ $lines -ne 1 ] ; then
833		echo "FAIL: ipsec_offload SA not removed from driver"
834		check_err 1
835	fi
836
837	# clean up any leftovers
838	$probed && rmmod netdevsim
839
840	if [ $ret -ne 0 ]; then
841		echo "FAIL: ipsec_offload"
842		return 1
843	fi
844	echo "PASS: ipsec_offload"
845}
846
847kci_test_gretap()
848{
849	testns="testns"
850	DEV_NS=gretap00
851	local ret=0
852
853	ip netns add "$testns"
854	if [ $? -ne 0 ]; then
855		echo "SKIP gretap tests: cannot add net namespace $testns"
856		return $ksft_skip
857	fi
858
859	ip link help gretap 2>&1 | grep -q "^Usage:"
860	if [ $? -ne 0 ];then
861		echo "SKIP: gretap: iproute2 too old"
862		ip netns del "$testns"
863		return $ksft_skip
864	fi
865
866	# test native tunnel
867	ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \
868		key 102 local 172.16.1.100 remote 172.16.1.200
869	check_err $?
870
871	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
872	check_err $?
873
874	ip -netns "$testns" link set dev $DEV_NS up
875	check_err $?
876
877	ip -netns "$testns" link del "$DEV_NS"
878	check_err $?
879
880	# test external mode
881	ip -netns "$testns" link add dev "$DEV_NS" type gretap external
882	check_err $?
883
884	ip -netns "$testns" link del "$DEV_NS"
885	check_err $?
886
887	if [ $ret -ne 0 ]; then
888		echo "FAIL: gretap"
889		ip netns del "$testns"
890		return 1
891	fi
892	echo "PASS: gretap"
893
894	ip netns del "$testns"
895}
896
897kci_test_ip6gretap()
898{
899	testns="testns"
900	DEV_NS=ip6gretap00
901	local ret=0
902
903	ip netns add "$testns"
904	if [ $? -ne 0 ]; then
905		echo "SKIP ip6gretap tests: cannot add net namespace $testns"
906		return $ksft_skip
907	fi
908
909	ip link help ip6gretap 2>&1 | grep -q "^Usage:"
910	if [ $? -ne 0 ];then
911		echo "SKIP: ip6gretap: iproute2 too old"
912		ip netns del "$testns"
913		return $ksft_skip
914	fi
915
916	# test native tunnel
917	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \
918		key 102 local fc00:100::1 remote fc00:100::2
919	check_err $?
920
921	ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96
922	check_err $?
923
924	ip -netns "$testns" link set dev $DEV_NS up
925	check_err $?
926
927	ip -netns "$testns" link del "$DEV_NS"
928	check_err $?
929
930	# test external mode
931	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external
932	check_err $?
933
934	ip -netns "$testns" link del "$DEV_NS"
935	check_err $?
936
937	if [ $ret -ne 0 ]; then
938		echo "FAIL: ip6gretap"
939		ip netns del "$testns"
940		return 1
941	fi
942	echo "PASS: ip6gretap"
943
944	ip netns del "$testns"
945}
946
947kci_test_erspan()
948{
949	testns="testns"
950	DEV_NS=erspan00
951	local ret=0
952
953	ip link help erspan 2>&1 | grep -q "^Usage:"
954	if [ $? -ne 0 ];then
955		echo "SKIP: erspan: iproute2 too old"
956		return $ksft_skip
957	fi
958
959	ip netns add "$testns"
960	if [ $? -ne 0 ]; then
961		echo "SKIP erspan tests: cannot add net namespace $testns"
962		return $ksft_skip
963	fi
964
965	# test native tunnel erspan v1
966	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
967		key 102 local 172.16.1.100 remote 172.16.1.200 \
968		erspan_ver 1 erspan 488
969	check_err $?
970
971	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
972	check_err $?
973
974	ip -netns "$testns" link set dev $DEV_NS up
975	check_err $?
976
977	ip -netns "$testns" link del "$DEV_NS"
978	check_err $?
979
980	# test native tunnel erspan v2
981	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
982		key 102 local 172.16.1.100 remote 172.16.1.200 \
983		erspan_ver 2 erspan_dir ingress erspan_hwid 7
984	check_err $?
985
986	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
987	check_err $?
988
989	ip -netns "$testns" link set dev $DEV_NS up
990	check_err $?
991
992	ip -netns "$testns" link del "$DEV_NS"
993	check_err $?
994
995	# test external mode
996	ip -netns "$testns" link add dev "$DEV_NS" type erspan external
997	check_err $?
998
999	ip -netns "$testns" link del "$DEV_NS"
1000	check_err $?
1001
1002	if [ $ret -ne 0 ]; then
1003		echo "FAIL: erspan"
1004		ip netns del "$testns"
1005		return 1
1006	fi
1007	echo "PASS: erspan"
1008
1009	ip netns del "$testns"
1010}
1011
1012kci_test_ip6erspan()
1013{
1014	testns="testns"
1015	DEV_NS=ip6erspan00
1016	local ret=0
1017
1018	ip link help ip6erspan 2>&1 | grep -q "^Usage:"
1019	if [ $? -ne 0 ];then
1020		echo "SKIP: ip6erspan: iproute2 too old"
1021		return $ksft_skip
1022	fi
1023
1024	ip netns add "$testns"
1025	if [ $? -ne 0 ]; then
1026		echo "SKIP ip6erspan tests: cannot add net namespace $testns"
1027		return $ksft_skip
1028	fi
1029
1030	# test native tunnel ip6erspan v1
1031	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1032		key 102 local fc00:100::1 remote fc00:100::2 \
1033		erspan_ver 1 erspan 488
1034	check_err $?
1035
1036	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1037	check_err $?
1038
1039	ip -netns "$testns" link set dev $DEV_NS up
1040	check_err $?
1041
1042	ip -netns "$testns" link del "$DEV_NS"
1043	check_err $?
1044
1045	# test native tunnel ip6erspan v2
1046	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1047		key 102 local fc00:100::1 remote fc00:100::2 \
1048		erspan_ver 2 erspan_dir ingress erspan_hwid 7
1049	check_err $?
1050
1051	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1052	check_err $?
1053
1054	ip -netns "$testns" link set dev $DEV_NS up
1055	check_err $?
1056
1057	ip -netns "$testns" link del "$DEV_NS"
1058	check_err $?
1059
1060	# test external mode
1061	ip -netns "$testns" link add dev "$DEV_NS" \
1062		type ip6erspan external
1063	check_err $?
1064
1065	ip -netns "$testns" link del "$DEV_NS"
1066	check_err $?
1067
1068	if [ $ret -ne 0 ]; then
1069		echo "FAIL: ip6erspan"
1070		ip netns del "$testns"
1071		return 1
1072	fi
1073	echo "PASS: ip6erspan"
1074
1075	ip netns del "$testns"
1076}
1077
1078kci_test_fdb_get()
1079{
1080	IP="ip -netns testns"
1081	BRIDGE="bridge -netns testns"
1082	brdev="test-br0"
1083	vxlandev="vxlan10"
1084	test_mac=de:ad:be:ef:13:37
1085	localip="10.0.2.2"
1086	dstip="10.0.2.3"
1087	local ret=0
1088
1089	bridge fdb help 2>&1 |grep -q 'bridge fdb get'
1090	if [ $? -ne 0 ];then
1091		echo "SKIP: fdb get tests: iproute2 too old"
1092		return $ksft_skip
1093	fi
1094
1095	ip netns add testns
1096	if [ $? -ne 0 ]; then
1097		echo "SKIP fdb get tests: cannot add net namespace $testns"
1098		return $ksft_skip
1099	fi
1100
1101	$IP link add "$vxlandev" type vxlan id 10 local $localip \
1102                dstport 4789 2>/dev/null
1103	check_err $?
1104	$IP link add name "$brdev" type bridge &>/dev/null
1105	check_err $?
1106	$IP link set dev "$vxlandev" master "$brdev" &>/dev/null
1107	check_err $?
1108	$BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null
1109	check_err $?
1110	$BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null
1111	check_err $?
1112
1113	$BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1114	check_err $?
1115	$BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1116	check_err $?
1117	$BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip"
1118	check_err $?
1119
1120	ip netns del testns &>/dev/null
1121
1122	if [ $ret -ne 0 ]; then
1123		echo "FAIL: bridge fdb get"
1124		return 1
1125	fi
1126
1127	echo "PASS: bridge fdb get"
1128}
1129
1130kci_test_neigh_get()
1131{
1132	dstmac=de:ad:be:ef:13:37
1133	dstip=10.0.2.4
1134	dstip6=dead::2
1135	local ret=0
1136
1137	ip neigh help 2>&1 |grep -q 'ip neigh get'
1138	if [ $? -ne 0 ];then
1139		echo "SKIP: fdb get tests: iproute2 too old"
1140		return $ksft_skip
1141	fi
1142
1143	# ipv4
1144	ip neigh add $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1145	check_err $?
1146	ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1147	check_err $?
1148	ip neigh del $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1149	check_err $?
1150
1151	# ipv4 proxy
1152	ip neigh add proxy $dstip dev "$devdummy" > /dev/null
1153	check_err $?
1154	ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip"
1155	check_err $?
1156	ip neigh del proxy $dstip dev "$devdummy" > /dev/null
1157	check_err $?
1158
1159	# ipv6
1160	ip neigh add $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1161	check_err $?
1162	ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1163	check_err $?
1164	ip neigh del $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1165	check_err $?
1166
1167	# ipv6 proxy
1168	ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null
1169	check_err $?
1170	ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6"
1171	check_err $?
1172	ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null
1173	check_err $?
1174
1175	if [ $ret -ne 0 ];then
1176		echo "FAIL: neigh get"
1177		return 1
1178	fi
1179
1180	echo "PASS: neigh get"
1181}
1182
1183kci_test_bridge_parent_id()
1184{
1185	local ret=0
1186	sysfsnet=/sys/bus/netdevsim/devices/netdevsim
1187	probed=false
1188
1189	if [ ! -w /sys/bus/netdevsim/new_device ] ; then
1190		modprobe -q netdevsim
1191		check_err $?
1192		if [ $ret -ne 0 ]; then
1193			echo "SKIP: bridge_parent_id can't load netdevsim"
1194			return $ksft_skip
1195		fi
1196		probed=true
1197	fi
1198
1199	echo "10 1" > /sys/bus/netdevsim/new_device
1200	while [ ! -d ${sysfsnet}10 ] ; do :; done
1201	echo "20 1" > /sys/bus/netdevsim/new_device
1202	while [ ! -d ${sysfsnet}20 ] ; do :; done
1203	udevadm settle
1204	dev10=`ls ${sysfsnet}10/net/`
1205	dev20=`ls ${sysfsnet}20/net/`
1206
1207	ip link add name test-bond0 type bond mode 802.3ad
1208	ip link set dev $dev10 master test-bond0
1209	ip link set dev $dev20 master test-bond0
1210	ip link add name test-br0 type bridge
1211	ip link set dev test-bond0 master test-br0
1212	check_err $?
1213
1214	# clean up any leftovers
1215	ip link del dev test-br0
1216	ip link del dev test-bond0
1217	echo 20 > /sys/bus/netdevsim/del_device
1218	echo 10 > /sys/bus/netdevsim/del_device
1219	$probed && rmmod netdevsim
1220
1221	if [ $ret -ne 0 ]; then
1222		echo "FAIL: bridge_parent_id"
1223		return 1
1224	fi
1225	echo "PASS: bridge_parent_id"
1226}
1227
1228kci_test_rtnl()
1229{
1230	local ret=0
1231	kci_add_dummy
1232	if [ $ret -ne 0 ];then
1233		echo "FAIL: cannot add dummy interface"
1234		return 1
1235	fi
1236
1237	kci_test_polrouting
1238	check_err $?
1239	kci_test_route_get
1240	check_err $?
1241	kci_test_addrlft
1242	check_err $?
1243	kci_test_promote_secondaries
1244	check_err $?
1245	kci_test_tc
1246	check_err $?
1247	kci_test_gre
1248	check_err $?
1249	kci_test_gretap
1250	check_err $?
1251	kci_test_ip6gretap
1252	check_err $?
1253	kci_test_erspan
1254	check_err $?
1255	kci_test_ip6erspan
1256	check_err $?
1257	kci_test_bridge
1258	check_err $?
1259	kci_test_addrlabel
1260	check_err $?
1261	kci_test_ifalias
1262	check_err $?
1263	kci_test_vrf
1264	check_err $?
1265	kci_test_encap
1266	check_err $?
1267	kci_test_macsec
1268	check_err $?
1269	kci_test_ipsec
1270	check_err $?
1271	kci_test_ipsec_offload
1272	check_err $?
1273	kci_test_fdb_get
1274	check_err $?
1275	kci_test_neigh_get
1276	check_err $?
1277	kci_test_bridge_parent_id
1278	check_err $?
1279
1280	kci_del_dummy
1281	return $ret
1282}
1283
1284#check for needed privileges
1285if [ "$(id -u)" -ne 0 ];then
1286	echo "SKIP: Need root privileges"
1287	exit $ksft_skip
1288fi
1289
1290for x in ip tc;do
1291	$x -Version 2>/dev/null >/dev/null
1292	if [ $? -ne 0 ];then
1293		echo "SKIP: Could not run test without the $x tool"
1294		exit $ksft_skip
1295	fi
1296done
1297
1298kci_test_rtnl
1299
1300exit $?
1301