xref: /openbmc/linux/tools/testing/selftests/net/rtnetlink.sh (revision 8631f940b81bf0da3d375fce166d381fa8c47bb2) 
1#!/bin/bash
2#
3# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
4#
5# set -e
6
7devdummy="test-dummy0"
8ret=0
9
10# Kselftest framework requirement - SKIP code is 4.
11ksft_skip=4
12
13# set global exit status, but never reset nonzero one.
14check_err()
15{
16	if [ $ret -eq 0 ]; then
17		ret=$1
18	fi
19}
20
21# same but inverted -- used when command must fail for test to pass
22check_fail()
23{
24	if [ $1 -eq 0 ]; then
25		ret=1
26	fi
27}
28
29kci_add_dummy()
30{
31	ip link add name "$devdummy" type dummy
32	check_err $?
33	ip link set "$devdummy" up
34	check_err $?
35}
36
37kci_del_dummy()
38{
39	ip link del dev "$devdummy"
40	check_err $?
41}
42
43kci_test_netconf()
44{
45	dev="$1"
46	r=$ret
47
48	ip netconf show dev "$dev" > /dev/null
49	check_err $?
50
51	for f in 4 6; do
52		ip -$f netconf show dev "$dev" > /dev/null
53		check_err $?
54	done
55
56	if [ $ret -ne 0 ] ;then
57		echo "FAIL: ip netconf show $dev"
58		test $r -eq 0 && ret=0
59		return 1
60	fi
61}
62
63# add a bridge with vlans on top
64kci_test_bridge()
65{
66	devbr="test-br0"
67	vlandev="testbr-vlan1"
68
69	ret=0
70	ip link add name "$devbr" type bridge
71	check_err $?
72
73	ip link set dev "$devdummy" master "$devbr"
74	check_err $?
75
76	ip link set "$devbr" up
77	check_err $?
78
79	ip link add link "$devbr" name "$vlandev" type vlan id 1
80	check_err $?
81	ip addr add dev "$vlandev" 10.200.7.23/30
82	check_err $?
83	ip -6 addr add dev "$vlandev" dead:42::1234/64
84	check_err $?
85	ip -d link > /dev/null
86	check_err $?
87	ip r s t all > /dev/null
88	check_err $?
89
90	for name in "$devbr" "$vlandev" "$devdummy" ; do
91		kci_test_netconf "$name"
92	done
93
94	ip -6 addr del dev "$vlandev" dead:42::1234/64
95	check_err $?
96
97	ip link del dev "$vlandev"
98	check_err $?
99	ip link del dev "$devbr"
100	check_err $?
101
102	if [ $ret -ne 0 ];then
103		echo "FAIL: bridge setup"
104		return 1
105	fi
106	echo "PASS: bridge setup"
107
108}
109
110kci_test_gre()
111{
112	gredev=neta
113	rem=10.42.42.1
114	loc=10.0.0.1
115
116	ret=0
117	ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
118	check_err $?
119	ip link set $gredev up
120	check_err $?
121	ip addr add 10.23.7.10 dev $gredev
122	check_err $?
123	ip route add 10.23.8.0/30 dev $gredev
124	check_err $?
125	ip addr add dev "$devdummy" 10.23.7.11/24
126	check_err $?
127	ip link > /dev/null
128	check_err $?
129	ip addr > /dev/null
130	check_err $?
131
132	kci_test_netconf "$gredev"
133
134	ip addr del dev "$devdummy" 10.23.7.11/24
135	check_err $?
136
137	ip link del $gredev
138	check_err $?
139
140	if [ $ret -ne 0 ];then
141		echo "FAIL: gre tunnel endpoint"
142		return 1
143	fi
144	echo "PASS: gre tunnel endpoint"
145}
146
147# tc uses rtnetlink too, for full tc testing
148# please see tools/testing/selftests/tc-testing.
149kci_test_tc()
150{
151	dev=lo
152	ret=0
153
154	tc qdisc add dev "$dev" root handle 1: htb
155	check_err $?
156	tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
157	check_err $?
158	tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
159	check_err $?
160	tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
161	check_err $?
162	tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
163	check_err $?
164	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
165	check_err $?
166	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
167	check_err $?
168	tc filter show dev "$dev" parent  1:0 > /dev/null
169	check_err $?
170	tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
171	check_err $?
172	tc filter show dev "$dev" parent  1:0 > /dev/null
173	check_err $?
174	tc qdisc del dev "$dev" root handle 1: htb
175	check_err $?
176
177	if [ $ret -ne 0 ];then
178		echo "FAIL: tc htb hierarchy"
179		return 1
180	fi
181	echo "PASS: tc htb hierarchy"
182
183}
184
185kci_test_polrouting()
186{
187	ret=0
188	ip rule add fwmark 1 lookup 100
189	check_err $?
190	ip route add local 0.0.0.0/0 dev lo table 100
191	check_err $?
192	ip r s t all > /dev/null
193	check_err $?
194	ip rule del fwmark 1 lookup 100
195	check_err $?
196	ip route del local 0.0.0.0/0 dev lo table 100
197	check_err $?
198
199	if [ $ret -ne 0 ];then
200		echo "FAIL: policy route test"
201		return 1
202	fi
203	echo "PASS: policy routing"
204}
205
206kci_test_route_get()
207{
208	local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy)
209
210	ret=0
211
212	ip route get 127.0.0.1 > /dev/null
213	check_err $?
214	ip route get 127.0.0.1 dev "$devdummy" > /dev/null
215	check_err $?
216	ip route get ::1 > /dev/null
217	check_err $?
218	ip route get fe80::1 dev "$devdummy" > /dev/null
219	check_err $?
220	ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null
221	check_err $?
222	ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null
223	check_err $?
224	ip addr add dev "$devdummy" 10.23.7.11/24
225	check_err $?
226	ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
227	check_err $?
228	ip route add 10.23.8.0/24 \
229		nexthop via 10.23.7.13 dev "$devdummy" \
230		nexthop via 10.23.7.14 dev "$devdummy"
231	check_err $?
232	sysctl -wq net.ipv4.fib_multipath_hash_policy=0
233	ip route get 10.23.8.11 > /dev/null
234	check_err $?
235	sysctl -wq net.ipv4.fib_multipath_hash_policy=1
236	ip route get 10.23.8.11 > /dev/null
237	check_err $?
238	sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy"
239	ip route del 10.23.8.0/24
240	check_err $?
241	ip addr del dev "$devdummy" 10.23.7.11/24
242	check_err $?
243
244	if [ $ret -ne 0 ];then
245		echo "FAIL: route get"
246		return 1
247	fi
248
249	echo "PASS: route get"
250}
251
252kci_test_addrlabel()
253{
254	ret=0
255
256	ip addrlabel add prefix dead::/64 dev lo label 1
257	check_err $?
258
259	ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
260	check_err $?
261
262	ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
263	check_err $?
264
265	ip addrlabel add prefix dead::/64 label 1 2> /dev/null
266	check_err $?
267
268	ip addrlabel del prefix dead::/64 label 1 2> /dev/null
269	check_err $?
270
271	# concurrent add/delete
272	for i in $(seq 1 1000); do
273		ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
274	done &
275
276	for i in $(seq 1 1000); do
277		ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
278	done
279
280	wait
281
282	ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
283
284	if [ $ret -ne 0 ];then
285		echo "FAIL: ipv6 addrlabel"
286		return 1
287	fi
288
289	echo "PASS: ipv6 addrlabel"
290}
291
292kci_test_ifalias()
293{
294	ret=0
295	namewant=$(uuidgen)
296	syspathname="/sys/class/net/$devdummy/ifalias"
297
298	ip link set dev "$devdummy" alias "$namewant"
299	check_err $?
300
301	if [ $ret -ne 0 ]; then
302		echo "FAIL: cannot set interface alias of $devdummy to $namewant"
303		return 1
304	fi
305
306	ip link show "$devdummy" | grep -q "alias $namewant"
307	check_err $?
308
309	if [ -r "$syspathname" ] ; then
310		read namehave < "$syspathname"
311		if [ "$namewant" != "$namehave" ]; then
312			echo "FAIL: did set ifalias $namewant but got $namehave"
313			return 1
314		fi
315
316		namewant=$(uuidgen)
317		echo "$namewant" > "$syspathname"
318	        ip link show "$devdummy" | grep -q "alias $namewant"
319		check_err $?
320
321		# sysfs interface allows to delete alias again
322		echo "" > "$syspathname"
323
324	        ip link show "$devdummy" | grep -q "alias $namewant"
325		check_fail $?
326
327		for i in $(seq 1 100); do
328			uuidgen > "$syspathname" &
329		done
330
331		wait
332
333		# re-add the alias -- kernel should free mem when dummy dev is removed
334		ip link set dev "$devdummy" alias "$namewant"
335		check_err $?
336	fi
337
338	if [ $ret -ne 0 ]; then
339		echo "FAIL: set interface alias $devdummy to $namewant"
340		return 1
341	fi
342
343	echo "PASS: set ifalias $namewant for $devdummy"
344}
345
346kci_test_vrf()
347{
348	vrfname="test-vrf"
349	ret=0
350
351	ip link show type vrf 2>/dev/null
352	if [ $? -ne 0 ]; then
353		echo "SKIP: vrf: iproute2 too old"
354		return $ksft_skip
355	fi
356
357	ip link add "$vrfname" type vrf table 10
358	check_err $?
359	if [ $ret -ne 0 ];then
360		echo "FAIL: can't add vrf interface, skipping test"
361		return 0
362	fi
363
364	ip -br link show type vrf | grep -q "$vrfname"
365	check_err $?
366	if [ $ret -ne 0 ];then
367		echo "FAIL: created vrf device not found"
368		return 1
369	fi
370
371	ip link set dev "$vrfname" up
372	check_err $?
373
374	ip link set dev "$devdummy" master "$vrfname"
375	check_err $?
376	ip link del dev "$vrfname"
377	check_err $?
378
379	if [ $ret -ne 0 ];then
380		echo "FAIL: vrf"
381		return 1
382	fi
383
384	echo "PASS: vrf"
385}
386
387kci_test_encap_vxlan()
388{
389	ret=0
390	vxlan="test-vxlan0"
391	vlan="test-vlan0"
392	testns="$1"
393
394	ip netns exec "$testns" ip link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
395		dev "$devdummy" dstport 4789 2>/dev/null
396	if [ $? -ne 0 ]; then
397		echo "FAIL: can't add vxlan interface, skipping test"
398		return 0
399	fi
400	check_err $?
401
402	ip netns exec "$testns" ip addr add 10.2.11.49/24 dev "$vxlan"
403	check_err $?
404
405	ip netns exec "$testns" ip link set up dev "$vxlan"
406	check_err $?
407
408	ip netns exec "$testns" ip link add link "$vxlan" name "$vlan" type vlan id 1
409	check_err $?
410
411	ip netns exec "$testns" ip link del "$vxlan"
412	check_err $?
413
414	if [ $ret -ne 0 ]; then
415		echo "FAIL: vxlan"
416		return 1
417	fi
418	echo "PASS: vxlan"
419}
420
421kci_test_encap_fou()
422{
423	ret=0
424	name="test-fou"
425	testns="$1"
426
427	ip fou help 2>&1 |grep -q 'Usage: ip fou'
428	if [ $? -ne 0 ];then
429		echo "SKIP: fou: iproute2 too old"
430		return $ksft_skip
431	fi
432
433	ip netns exec "$testns" ip fou add port 7777 ipproto 47 2>/dev/null
434	if [ $? -ne 0 ];then
435		echo "FAIL: can't add fou port 7777, skipping test"
436		return 1
437	fi
438
439	ip netns exec "$testns" ip fou add port 8888 ipproto 4
440	check_err $?
441
442	ip netns exec "$testns" ip fou del port 9999 2>/dev/null
443	check_fail $?
444
445	ip netns exec "$testns" ip fou del port 7777
446	check_err $?
447
448	if [ $ret -ne 0 ]; then
449		echo "FAIL: fou"
450		return 1
451	fi
452
453	echo "PASS: fou"
454}
455
456# test various encap methods, use netns to avoid unwanted interference
457kci_test_encap()
458{
459	testns="testns"
460	ret=0
461
462	ip netns add "$testns"
463	if [ $? -ne 0 ]; then
464		echo "SKIP encap tests: cannot add net namespace $testns"
465		return $ksft_skip
466	fi
467
468	ip netns exec "$testns" ip link set lo up
469	check_err $?
470
471	ip netns exec "$testns" ip link add name "$devdummy" type dummy
472	check_err $?
473	ip netns exec "$testns" ip link set "$devdummy" up
474	check_err $?
475
476	kci_test_encap_vxlan "$testns"
477	kci_test_encap_fou "$testns"
478
479	ip netns del "$testns"
480}
481
482kci_test_macsec()
483{
484	msname="test_macsec0"
485	ret=0
486
487	ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
488	if [ $? -ne 0 ]; then
489		echo "SKIP: macsec: iproute2 too old"
490		return $ksft_skip
491	fi
492
493	ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
494	check_err $?
495	if [ $ret -ne 0 ];then
496		echo "FAIL: can't add macsec interface, skipping test"
497		return 1
498	fi
499
500	ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
501	check_err $?
502
503	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
504	check_err $?
505
506	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
507	check_err $?
508
509	ip macsec show > /dev/null
510	check_err $?
511
512	ip link del dev "$msname"
513	check_err $?
514
515	if [ $ret -ne 0 ];then
516		echo "FAIL: macsec"
517		return 1
518	fi
519
520	echo "PASS: macsec"
521}
522
523#-------------------------------------------------------------------
524# Example commands
525#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
526#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
527#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
528#            sel src 14.0.0.52/24 dst 14.0.0.70/24
529#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
530#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
531#            spi 0x07 mode transport reqid 0x07
532#
533# Subcommands not tested
534#    ip x s update
535#    ip x s allocspi
536#    ip x s deleteall
537#    ip x p update
538#    ip x p deleteall
539#    ip x p set
540#-------------------------------------------------------------------
541kci_test_ipsec()
542{
543	ret=0
544	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
545	srcip=192.168.123.1
546	dstip=192.168.123.2
547	spi=7
548
549	ip addr add $srcip dev $devdummy
550
551	# flush to be sure there's nothing configured
552	ip x s flush ; ip x p flush
553	check_err $?
554
555	# start the monitor in the background
556	tmpfile=`mktemp /var/run/ipsectestXXX`
557	mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
558	sleep 0.2
559
560	ipsecid="proto esp src $srcip dst $dstip spi 0x07"
561	ip x s add $ipsecid \
562            mode transport reqid 0x07 replay-window 32 \
563            $algo sel src $srcip/24 dst $dstip/24
564	check_err $?
565
566	lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
567	test $lines -eq 2
568	check_err $?
569
570	ip x s count | grep -q "SAD count 1"
571	check_err $?
572
573	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
574	test $lines -eq 2
575	check_err $?
576
577	ip x s delete $ipsecid
578	check_err $?
579
580	lines=`ip x s list | wc -l`
581	test $lines -eq 0
582	check_err $?
583
584	ipsecsel="dir out src $srcip/24 dst $dstip/24"
585	ip x p add $ipsecsel \
586		    tmpl proto esp src $srcip dst $dstip \
587		    spi 0x07 mode transport reqid 0x07
588	check_err $?
589
590	lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
591	test $lines -eq 2
592	check_err $?
593
594	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
595	check_err $?
596
597	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
598	test $lines -eq 2
599	check_err $?
600
601	ip x p delete $ipsecsel
602	check_err $?
603
604	lines=`ip x p list | wc -l`
605	test $lines -eq 0
606	check_err $?
607
608	# check the monitor results
609	kill $mpid
610	lines=`wc -l $tmpfile | cut "-d " -f1`
611	test $lines -eq 20
612	check_err $?
613	rm -rf $tmpfile
614
615	# clean up any leftovers
616	ip x s flush
617	check_err $?
618	ip x p flush
619	check_err $?
620	ip addr del $srcip/32 dev $devdummy
621
622	if [ $ret -ne 0 ]; then
623		echo "FAIL: ipsec"
624		return 1
625	fi
626	echo "PASS: ipsec"
627}
628
629#-------------------------------------------------------------------
630# Example commands
631#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
632#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
633#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
634#            sel src 14.0.0.52/24 dst 14.0.0.70/24
635#            offload dev sim1 dir out
636#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
637#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
638#            spi 0x07 mode transport reqid 0x07
639#
640#-------------------------------------------------------------------
641kci_test_ipsec_offload()
642{
643	ret=0
644	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
645	srcip=192.168.123.3
646	dstip=192.168.123.4
647	dev=simx1
648	sysfsd=/sys/kernel/debug/netdevsim/$dev
649	sysfsf=$sysfsd/ipsec
650
651	# setup netdevsim since dummydev doesn't have offload support
652	modprobe netdevsim
653	check_err $?
654	if [ $ret -ne 0 ]; then
655		echo "FAIL: ipsec_offload can't load netdevsim"
656		return 1
657	fi
658
659	ip link add $dev type netdevsim
660	ip addr add $srcip dev $dev
661	ip link set $dev up
662	if [ ! -d $sysfsd ] ; then
663		echo "FAIL: ipsec_offload can't create device $dev"
664		return 1
665	fi
666	if [ ! -f $sysfsf ] ; then
667		echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
668		return 1
669	fi
670
671	# flush to be sure there's nothing configured
672	ip x s flush ; ip x p flush
673
674	# create offloaded SAs, both in and out
675	ip x p add dir out src $srcip/24 dst $dstip/24 \
676	    tmpl proto esp src $srcip dst $dstip spi 9 \
677	    mode transport reqid 42
678	check_err $?
679	ip x p add dir out src $dstip/24 dst $srcip/24 \
680	    tmpl proto esp src $dstip dst $srcip spi 9 \
681	    mode transport reqid 42
682	check_err $?
683
684	ip x s add proto esp src $srcip dst $dstip spi 9 \
685	    mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
686	    offload dev $dev dir out
687	check_err $?
688	ip x s add proto esp src $dstip dst $srcip spi 9 \
689	    mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
690	    offload dev $dev dir in
691	check_err $?
692	if [ $ret -ne 0 ]; then
693		echo "FAIL: ipsec_offload can't create SA"
694		return 1
695	fi
696
697	# does offload show up in ip output
698	lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
699	if [ $lines -ne 2 ] ; then
700		echo "FAIL: ipsec_offload SA offload missing from list output"
701		check_err 1
702	fi
703
704	# use ping to exercise the Tx path
705	ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
706
707	# does driver have correct offload info
708	diff $sysfsf - << EOF
709SA count=2 tx=3
710sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
711sa[0]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
712sa[0]    key=0x34333231 38373635 32313039 36353433
713sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
714sa[1]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
715sa[1]    key=0x34333231 38373635 32313039 36353433
716EOF
717	if [ $? -ne 0 ] ; then
718		echo "FAIL: ipsec_offload incorrect driver data"
719		check_err 1
720	fi
721
722	# does offload get removed from driver
723	ip x s flush
724	ip x p flush
725	lines=`grep -c "SA count=0" $sysfsf`
726	if [ $lines -ne 1 ] ; then
727		echo "FAIL: ipsec_offload SA not removed from driver"
728		check_err 1
729	fi
730
731	# clean up any leftovers
732	ip link del $dev
733	rmmod netdevsim
734
735	if [ $ret -ne 0 ]; then
736		echo "FAIL: ipsec_offload"
737		return 1
738	fi
739	echo "PASS: ipsec_offload"
740}
741
742kci_test_gretap()
743{
744	testns="testns"
745	DEV_NS=gretap00
746	ret=0
747
748	ip netns add "$testns"
749	if [ $? -ne 0 ]; then
750		echo "SKIP gretap tests: cannot add net namespace $testns"
751		return $ksft_skip
752	fi
753
754	ip link help gretap 2>&1 | grep -q "^Usage:"
755	if [ $? -ne 0 ];then
756		echo "SKIP: gretap: iproute2 too old"
757		ip netns del "$testns"
758		return $ksft_skip
759	fi
760
761	# test native tunnel
762	ip netns exec "$testns" ip link add dev "$DEV_NS" type gretap seq \
763		key 102 local 172.16.1.100 remote 172.16.1.200
764	check_err $?
765
766	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
767	check_err $?
768
769	ip netns exec "$testns" ip link set dev $DEV_NS up
770	check_err $?
771
772	ip netns exec "$testns" ip link del "$DEV_NS"
773	check_err $?
774
775	# test external mode
776	ip netns exec "$testns" ip link add dev "$DEV_NS" type gretap external
777	check_err $?
778
779	ip netns exec "$testns" ip link del "$DEV_NS"
780	check_err $?
781
782	if [ $ret -ne 0 ]; then
783		echo "FAIL: gretap"
784		ip netns del "$testns"
785		return 1
786	fi
787	echo "PASS: gretap"
788
789	ip netns del "$testns"
790}
791
792kci_test_ip6gretap()
793{
794	testns="testns"
795	DEV_NS=ip6gretap00
796	ret=0
797
798	ip netns add "$testns"
799	if [ $? -ne 0 ]; then
800		echo "SKIP ip6gretap tests: cannot add net namespace $testns"
801		return $ksft_skip
802	fi
803
804	ip link help ip6gretap 2>&1 | grep -q "^Usage:"
805	if [ $? -ne 0 ];then
806		echo "SKIP: ip6gretap: iproute2 too old"
807		ip netns del "$testns"
808		return $ksft_skip
809	fi
810
811	# test native tunnel
812	ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6gretap seq \
813		key 102 local fc00:100::1 remote fc00:100::2
814	check_err $?
815
816	ip netns exec "$testns" ip addr add dev "$DEV_NS" fc00:200::1/96
817	check_err $?
818
819	ip netns exec "$testns" ip link set dev $DEV_NS up
820	check_err $?
821
822	ip netns exec "$testns" ip link del "$DEV_NS"
823	check_err $?
824
825	# test external mode
826	ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6gretap external
827	check_err $?
828
829	ip netns exec "$testns" ip link del "$DEV_NS"
830	check_err $?
831
832	if [ $ret -ne 0 ]; then
833		echo "FAIL: ip6gretap"
834		ip netns del "$testns"
835		return 1
836	fi
837	echo "PASS: ip6gretap"
838
839	ip netns del "$testns"
840}
841
842kci_test_erspan()
843{
844	testns="testns"
845	DEV_NS=erspan00
846	ret=0
847
848	ip link help erspan 2>&1 | grep -q "^Usage:"
849	if [ $? -ne 0 ];then
850		echo "SKIP: erspan: iproute2 too old"
851		return $ksft_skip
852	fi
853
854	ip netns add "$testns"
855	if [ $? -ne 0 ]; then
856		echo "SKIP erspan tests: cannot add net namespace $testns"
857		return $ksft_skip
858	fi
859
860	# test native tunnel erspan v1
861	ip netns exec "$testns" ip link add dev "$DEV_NS" type erspan seq \
862		key 102 local 172.16.1.100 remote 172.16.1.200 \
863		erspan_ver 1 erspan 488
864	check_err $?
865
866	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
867	check_err $?
868
869	ip netns exec "$testns" ip link set dev $DEV_NS up
870	check_err $?
871
872	ip netns exec "$testns" ip link del "$DEV_NS"
873	check_err $?
874
875	# test native tunnel erspan v2
876	ip netns exec "$testns" ip link add dev "$DEV_NS" type erspan seq \
877		key 102 local 172.16.1.100 remote 172.16.1.200 \
878		erspan_ver 2 erspan_dir ingress erspan_hwid 7
879	check_err $?
880
881	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
882	check_err $?
883
884	ip netns exec "$testns" ip link set dev $DEV_NS up
885	check_err $?
886
887	ip netns exec "$testns" ip link del "$DEV_NS"
888	check_err $?
889
890	# test external mode
891	ip netns exec "$testns" ip link add dev "$DEV_NS" type erspan external
892	check_err $?
893
894	ip netns exec "$testns" ip link del "$DEV_NS"
895	check_err $?
896
897	if [ $ret -ne 0 ]; then
898		echo "FAIL: erspan"
899		ip netns del "$testns"
900		return 1
901	fi
902	echo "PASS: erspan"
903
904	ip netns del "$testns"
905}
906
907kci_test_ip6erspan()
908{
909	testns="testns"
910	DEV_NS=ip6erspan00
911	ret=0
912
913	ip link help ip6erspan 2>&1 | grep -q "^Usage:"
914	if [ $? -ne 0 ];then
915		echo "SKIP: ip6erspan: iproute2 too old"
916		return $ksft_skip
917	fi
918
919	ip netns add "$testns"
920	if [ $? -ne 0 ]; then
921		echo "SKIP ip6erspan tests: cannot add net namespace $testns"
922		return $ksft_skip
923	fi
924
925	# test native tunnel ip6erspan v1
926	ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6erspan seq \
927		key 102 local fc00:100::1 remote fc00:100::2 \
928		erspan_ver 1 erspan 488
929	check_err $?
930
931	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
932	check_err $?
933
934	ip netns exec "$testns" ip link set dev $DEV_NS up
935	check_err $?
936
937	ip netns exec "$testns" ip link del "$DEV_NS"
938	check_err $?
939
940	# test native tunnel ip6erspan v2
941	ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6erspan seq \
942		key 102 local fc00:100::1 remote fc00:100::2 \
943		erspan_ver 2 erspan_dir ingress erspan_hwid 7
944	check_err $?
945
946	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
947	check_err $?
948
949	ip netns exec "$testns" ip link set dev $DEV_NS up
950	check_err $?
951
952	ip netns exec "$testns" ip link del "$DEV_NS"
953	check_err $?
954
955	# test external mode
956	ip netns exec "$testns" ip link add dev "$DEV_NS" \
957		type ip6erspan external
958	check_err $?
959
960	ip netns exec "$testns" ip link del "$DEV_NS"
961	check_err $?
962
963	if [ $ret -ne 0 ]; then
964		echo "FAIL: ip6erspan"
965		ip netns del "$testns"
966		return 1
967	fi
968	echo "PASS: ip6erspan"
969
970	ip netns del "$testns"
971}
972
973kci_test_fdb_get()
974{
975	IP="ip -netns testns"
976	BRIDGE="bridge -netns testns"
977	brdev="test-br0"
978	vxlandev="vxlan10"
979	test_mac=de:ad:be:ef:13:37
980	localip="10.0.2.2"
981	dstip="10.0.2.3"
982	ret=0
983
984	bridge fdb help 2>&1 |grep -q 'bridge fdb get'
985	if [ $? -ne 0 ];then
986		echo "SKIP: fdb get tests: iproute2 too old"
987		return $ksft_skip
988	fi
989
990	ip netns add testns
991	if [ $? -ne 0 ]; then
992		echo "SKIP fdb get tests: cannot add net namespace $testns"
993		return $ksft_skip
994	fi
995
996	$IP link add "$vxlandev" type vxlan id 10 local $localip \
997                dstport 4789 2>/dev/null
998	check_err $?
999	$IP link add name "$brdev" type bridge &>/dev/null
1000	check_err $?
1001	$IP link set dev "$vxlandev" master "$brdev" &>/dev/null
1002	check_err $?
1003	$BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null
1004	check_err $?
1005	$BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null
1006	check_err $?
1007
1008	$BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1009	check_err $?
1010	$BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1011	check_err $?
1012	$BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip"
1013	check_err $?
1014
1015	ip netns del testns &>/dev/null
1016
1017	if [ $ret -ne 0 ]; then
1018		echo "FAIL: bridge fdb get"
1019		return 1
1020	fi
1021
1022	echo "PASS: bridge fdb get"
1023}
1024
1025kci_test_neigh_get()
1026{
1027	dstmac=de:ad:be:ef:13:37
1028	dstip=10.0.2.4
1029	dstip6=dead::2
1030	ret=0
1031
1032	ip neigh help 2>&1 |grep -q 'ip neigh get'
1033	if [ $? -ne 0 ];then
1034		echo "SKIP: fdb get tests: iproute2 too old"
1035		return $ksft_skip
1036	fi
1037
1038	# ipv4
1039	ip neigh add $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1040	check_err $?
1041	ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1042	check_err $?
1043	ip neigh del $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1044	check_err $?
1045
1046	# ipv4 proxy
1047	ip neigh add proxy $dstip dev "$devdummy" > /dev/null
1048	check_err $?
1049	ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip"
1050	check_err $?
1051	ip neigh del proxy $dstip dev "$devdummy" > /dev/null
1052	check_err $?
1053
1054	# ipv6
1055	ip neigh add $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1056	check_err $?
1057	ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1058	check_err $?
1059	ip neigh del $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1060	check_err $?
1061
1062	# ipv6 proxy
1063	ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null
1064	check_err $?
1065	ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6"
1066	check_err $?
1067	ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null
1068	check_err $?
1069
1070	if [ $ret -ne 0 ];then
1071		echo "FAIL: neigh get"
1072		return 1
1073	fi
1074
1075	echo "PASS: neigh get"
1076}
1077
1078kci_test_rtnl()
1079{
1080	kci_add_dummy
1081	if [ $ret -ne 0 ];then
1082		echo "FAIL: cannot add dummy interface"
1083		return 1
1084	fi
1085
1086	kci_test_polrouting
1087	kci_test_route_get
1088	kci_test_tc
1089	kci_test_gre
1090	kci_test_gretap
1091	kci_test_ip6gretap
1092	kci_test_erspan
1093	kci_test_ip6erspan
1094	kci_test_bridge
1095	kci_test_addrlabel
1096	kci_test_ifalias
1097	kci_test_vrf
1098	kci_test_encap
1099	kci_test_macsec
1100	kci_test_ipsec
1101	kci_test_ipsec_offload
1102	kci_test_fdb_get
1103	kci_test_neigh_get
1104
1105	kci_del_dummy
1106}
1107
1108#check for needed privileges
1109if [ "$(id -u)" -ne 0 ];then
1110	echo "SKIP: Need root privileges"
1111	exit $ksft_skip
1112fi
1113
1114for x in ip tc;do
1115	$x -Version 2>/dev/null >/dev/null
1116	if [ $? -ne 0 ];then
1117		echo "SKIP: Could not run test without the $x tool"
1118		exit $ksft_skip
1119	fi
1120done
1121
1122kci_test_rtnl
1123
1124exit $ret
1125