1#!/bin/bash
2#
3# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
4#
5# set -e
6
7devdummy="test-dummy0"
8ret=0
9
10# Kselftest framework requirement - SKIP code is 4.
11ksft_skip=4
12
13# set global exit status, but never reset nonzero one.
14check_err()
15{
16	if [ $ret -eq 0 ]; then
17		ret=$1
18	fi
19}
20
21# same but inverted -- used when command must fail for test to pass
22check_fail()
23{
24	if [ $1 -eq 0 ]; then
25		ret=1
26	fi
27}
28
29kci_add_dummy()
30{
31	ip link add name "$devdummy" type dummy
32	check_err $?
33	ip link set "$devdummy" up
34	check_err $?
35}
36
37kci_del_dummy()
38{
39	ip link del dev "$devdummy"
40	check_err $?
41}
42
43kci_test_netconf()
44{
45	dev="$1"
46	r=$ret
47
48	ip netconf show dev "$dev" > /dev/null
49	check_err $?
50
51	for f in 4 6; do
52		ip -$f netconf show dev "$dev" > /dev/null
53		check_err $?
54	done
55
56	if [ $ret -ne 0 ] ;then
57		echo "FAIL: ip netconf show $dev"
58		test $r -eq 0 && ret=0
59		return 1
60	fi
61}
62
63# add a bridge with vlans on top
64kci_test_bridge()
65{
66	devbr="test-br0"
67	vlandev="testbr-vlan1"
68
69	ret=0
70	ip link add name "$devbr" type bridge
71	check_err $?
72
73	ip link set dev "$devdummy" master "$devbr"
74	check_err $?
75
76	ip link set "$devbr" up
77	check_err $?
78
79	ip link add link "$devbr" name "$vlandev" type vlan id 1
80	check_err $?
81	ip addr add dev "$vlandev" 10.200.7.23/30
82	check_err $?
83	ip -6 addr add dev "$vlandev" dead:42::1234/64
84	check_err $?
85	ip -d link > /dev/null
86	check_err $?
87	ip r s t all > /dev/null
88	check_err $?
89
90	for name in "$devbr" "$vlandev" "$devdummy" ; do
91		kci_test_netconf "$name"
92	done
93
94	ip -6 addr del dev "$vlandev" dead:42::1234/64
95	check_err $?
96
97	ip link del dev "$vlandev"
98	check_err $?
99	ip link del dev "$devbr"
100	check_err $?
101
102	if [ $ret -ne 0 ];then
103		echo "FAIL: bridge setup"
104		return 1
105	fi
106	echo "PASS: bridge setup"
107
108}
109
110kci_test_gre()
111{
112	gredev=neta
113	rem=10.42.42.1
114	loc=10.0.0.1
115
116	ret=0
117	ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
118	check_err $?
119	ip link set $gredev up
120	check_err $?
121	ip addr add 10.23.7.10 dev $gredev
122	check_err $?
123	ip route add 10.23.8.0/30 dev $gredev
124	check_err $?
125	ip addr add dev "$devdummy" 10.23.7.11/24
126	check_err $?
127	ip link > /dev/null
128	check_err $?
129	ip addr > /dev/null
130	check_err $?
131
132	kci_test_netconf "$gredev"
133
134	ip addr del dev "$devdummy" 10.23.7.11/24
135	check_err $?
136
137	ip link del $gredev
138	check_err $?
139
140	if [ $ret -ne 0 ];then
141		echo "FAIL: gre tunnel endpoint"
142		return 1
143	fi
144	echo "PASS: gre tunnel endpoint"
145}
146
147# tc uses rtnetlink too, for full tc testing
148# please see tools/testing/selftests/tc-testing.
149kci_test_tc()
150{
151	dev=lo
152	ret=0
153
154	tc qdisc add dev "$dev" root handle 1: htb
155	check_err $?
156	tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
157	check_err $?
158	tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
159	check_err $?
160	tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
161	check_err $?
162	tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
163	check_err $?
164	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
165	check_err $?
166	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
167	check_err $?
168	tc filter show dev "$dev" parent  1:0 > /dev/null
169	check_err $?
170	tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
171	check_err $?
172	tc filter show dev "$dev" parent  1:0 > /dev/null
173	check_err $?
174	tc qdisc del dev "$dev" root handle 1: htb
175	check_err $?
176
177	if [ $ret -ne 0 ];then
178		echo "FAIL: tc htb hierarchy"
179		return 1
180	fi
181	echo "PASS: tc htb hierarchy"
182
183}
184
185kci_test_polrouting()
186{
187	ret=0
188	ip rule add fwmark 1 lookup 100
189	check_err $?
190	ip route add local 0.0.0.0/0 dev lo table 100
191	check_err $?
192	ip r s t all > /dev/null
193	check_err $?
194	ip rule del fwmark 1 lookup 100
195	check_err $?
196	ip route del local 0.0.0.0/0 dev lo table 100
197	check_err $?
198
199	if [ $ret -ne 0 ];then
200		echo "FAIL: policy route test"
201		return 1
202	fi
203	echo "PASS: policy routing"
204}
205
206kci_test_route_get()
207{
208	local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy)
209
210	ret=0
211
212	ip route get 127.0.0.1 > /dev/null
213	check_err $?
214	ip route get 127.0.0.1 dev "$devdummy" > /dev/null
215	check_err $?
216	ip route get ::1 > /dev/null
217	check_err $?
218	ip route get fe80::1 dev "$devdummy" > /dev/null
219	check_err $?
220	ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null
221	check_err $?
222	ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null
223	check_err $?
224	ip addr add dev "$devdummy" 10.23.7.11/24
225	check_err $?
226	ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
227	check_err $?
228	ip route add 10.23.8.0/24 \
229		nexthop via 10.23.7.13 dev "$devdummy" \
230		nexthop via 10.23.7.14 dev "$devdummy"
231	check_err $?
232	sysctl -wq net.ipv4.fib_multipath_hash_policy=0
233	ip route get 10.23.8.11 > /dev/null
234	check_err $?
235	sysctl -wq net.ipv4.fib_multipath_hash_policy=1
236	ip route get 10.23.8.11 > /dev/null
237	check_err $?
238	sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy"
239	ip route del 10.23.8.0/24
240	check_err $?
241	ip addr del dev "$devdummy" 10.23.7.11/24
242	check_err $?
243
244	if [ $ret -ne 0 ];then
245		echo "FAIL: route get"
246		return 1
247	fi
248
249	echo "PASS: route get"
250}
251
252kci_test_addrlft()
253{
254	for i in $(seq 10 100) ;do
255		lft=$(((RANDOM%3) + 1))
256		ip addr add 10.23.11.$i/32 dev "$devdummy" preferred_lft $lft valid_lft $((lft+1))
257		check_err $?
258	done
259
260	sleep 5
261
262	ip addr show dev "$devdummy" | grep "10.23.11."
263	if [ $? -eq 0 ]; then
264		echo "FAIL: preferred_lft addresses remaining"
265		check_err 1
266		return
267	fi
268
269	echo "PASS: preferred_lft addresses have expired"
270}
271
272kci_test_promote_secondaries()
273{
274	promote=$(sysctl -n net.ipv4.conf.$devdummy.promote_secondaries)
275
276	sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=1
277
278	for i in $(seq 2 254);do
279		IP="10.23.11.$i"
280		ip -f inet addr add $IP/16 brd + dev "$devdummy"
281		ifconfig "$devdummy" $IP netmask 255.255.0.0
282	done
283
284	ip addr flush dev "$devdummy"
285
286	[ $promote -eq 0 ] && sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=0
287
288	echo "PASS: promote_secondaries complete"
289}
290
291kci_test_addrlabel()
292{
293	ret=0
294
295	ip addrlabel add prefix dead::/64 dev lo label 1
296	check_err $?
297
298	ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
299	check_err $?
300
301	ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
302	check_err $?
303
304	ip addrlabel add prefix dead::/64 label 1 2> /dev/null
305	check_err $?
306
307	ip addrlabel del prefix dead::/64 label 1 2> /dev/null
308	check_err $?
309
310	# concurrent add/delete
311	for i in $(seq 1 1000); do
312		ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
313	done &
314
315	for i in $(seq 1 1000); do
316		ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
317	done
318
319	wait
320
321	ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
322
323	if [ $ret -ne 0 ];then
324		echo "FAIL: ipv6 addrlabel"
325		return 1
326	fi
327
328	echo "PASS: ipv6 addrlabel"
329}
330
331kci_test_ifalias()
332{
333	ret=0
334	namewant=$(uuidgen)
335	syspathname="/sys/class/net/$devdummy/ifalias"
336
337	ip link set dev "$devdummy" alias "$namewant"
338	check_err $?
339
340	if [ $ret -ne 0 ]; then
341		echo "FAIL: cannot set interface alias of $devdummy to $namewant"
342		return 1
343	fi
344
345	ip link show "$devdummy" | grep -q "alias $namewant"
346	check_err $?
347
348	if [ -r "$syspathname" ] ; then
349		read namehave < "$syspathname"
350		if [ "$namewant" != "$namehave" ]; then
351			echo "FAIL: did set ifalias $namewant but got $namehave"
352			return 1
353		fi
354
355		namewant=$(uuidgen)
356		echo "$namewant" > "$syspathname"
357	        ip link show "$devdummy" | grep -q "alias $namewant"
358		check_err $?
359
360		# sysfs interface allows to delete alias again
361		echo "" > "$syspathname"
362
363	        ip link show "$devdummy" | grep -q "alias $namewant"
364		check_fail $?
365
366		for i in $(seq 1 100); do
367			uuidgen > "$syspathname" &
368		done
369
370		wait
371
372		# re-add the alias -- kernel should free mem when dummy dev is removed
373		ip link set dev "$devdummy" alias "$namewant"
374		check_err $?
375	fi
376
377	if [ $ret -ne 0 ]; then
378		echo "FAIL: set interface alias $devdummy to $namewant"
379		return 1
380	fi
381
382	echo "PASS: set ifalias $namewant for $devdummy"
383}
384
385kci_test_vrf()
386{
387	vrfname="test-vrf"
388	ret=0
389
390	ip link show type vrf 2>/dev/null
391	if [ $? -ne 0 ]; then
392		echo "SKIP: vrf: iproute2 too old"
393		return $ksft_skip
394	fi
395
396	ip link add "$vrfname" type vrf table 10
397	check_err $?
398	if [ $ret -ne 0 ];then
399		echo "FAIL: can't add vrf interface, skipping test"
400		return 0
401	fi
402
403	ip -br link show type vrf | grep -q "$vrfname"
404	check_err $?
405	if [ $ret -ne 0 ];then
406		echo "FAIL: created vrf device not found"
407		return 1
408	fi
409
410	ip link set dev "$vrfname" up
411	check_err $?
412
413	ip link set dev "$devdummy" master "$vrfname"
414	check_err $?
415	ip link del dev "$vrfname"
416	check_err $?
417
418	if [ $ret -ne 0 ];then
419		echo "FAIL: vrf"
420		return 1
421	fi
422
423	echo "PASS: vrf"
424}
425
426kci_test_encap_vxlan()
427{
428	ret=0
429	vxlan="test-vxlan0"
430	vlan="test-vlan0"
431	testns="$1"
432
433	ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
434		dev "$devdummy" dstport 4789 2>/dev/null
435	if [ $? -ne 0 ]; then
436		echo "FAIL: can't add vxlan interface, skipping test"
437		return 0
438	fi
439	check_err $?
440
441	ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan"
442	check_err $?
443
444	ip -netns "$testns" link set up dev "$vxlan"
445	check_err $?
446
447	ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1
448	check_err $?
449
450	# changelink testcases
451	ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null
452	check_fail $?
453
454	ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null
455	check_fail $?
456
457	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null
458	check_fail $?
459
460	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64
461	check_err $?
462
463	ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning
464	check_err $?
465
466	ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null
467	check_fail $?
468
469	ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null
470	check_fail $?
471
472	ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null
473	check_fail $?
474
475	ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null
476	check_fail $?
477
478	ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null
479	check_fail $?
480
481	ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null
482	check_fail $?
483
484	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null
485	check_fail $?
486
487	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null
488	check_fail $?
489
490	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null
491	check_fail $?
492
493	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null
494	check_fail $?
495
496	ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null
497	check_fail $?
498
499	ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null
500	check_fail $?
501
502	ip -netns "$testns" link del "$vxlan"
503	check_err $?
504
505	if [ $ret -ne 0 ]; then
506		echo "FAIL: vxlan"
507		return 1
508	fi
509	echo "PASS: vxlan"
510}
511
512kci_test_encap_fou()
513{
514	ret=0
515	name="test-fou"
516	testns="$1"
517
518	ip fou help 2>&1 |grep -q 'Usage: ip fou'
519	if [ $? -ne 0 ];then
520		echo "SKIP: fou: iproute2 too old"
521		return $ksft_skip
522	fi
523
524	ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null
525	if [ $? -ne 0 ];then
526		echo "FAIL: can't add fou port 7777, skipping test"
527		return 1
528	fi
529
530	ip -netns "$testns" fou add port 8888 ipproto 4
531	check_err $?
532
533	ip -netns "$testns" fou del port 9999 2>/dev/null
534	check_fail $?
535
536	ip -netns "$testns" fou del port 7777
537	check_err $?
538
539	if [ $ret -ne 0 ]; then
540		echo "FAIL: fou"
541		return 1
542	fi
543
544	echo "PASS: fou"
545}
546
547# test various encap methods, use netns to avoid unwanted interference
548kci_test_encap()
549{
550	testns="testns"
551	ret=0
552
553	ip netns add "$testns"
554	if [ $? -ne 0 ]; then
555		echo "SKIP encap tests: cannot add net namespace $testns"
556		return $ksft_skip
557	fi
558
559	ip -netns "$testns" link set lo up
560	check_err $?
561
562	ip -netns "$testns" link add name "$devdummy" type dummy
563	check_err $?
564	ip -netns "$testns" link set "$devdummy" up
565	check_err $?
566
567	kci_test_encap_vxlan "$testns"
568	kci_test_encap_fou "$testns"
569
570	ip netns del "$testns"
571}
572
573kci_test_macsec()
574{
575	msname="test_macsec0"
576	ret=0
577
578	ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
579	if [ $? -ne 0 ]; then
580		echo "SKIP: macsec: iproute2 too old"
581		return $ksft_skip
582	fi
583
584	ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
585	check_err $?
586	if [ $ret -ne 0 ];then
587		echo "FAIL: can't add macsec interface, skipping test"
588		return 1
589	fi
590
591	ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
592	check_err $?
593
594	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
595	check_err $?
596
597	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
598	check_err $?
599
600	ip macsec show > /dev/null
601	check_err $?
602
603	ip link del dev "$msname"
604	check_err $?
605
606	if [ $ret -ne 0 ];then
607		echo "FAIL: macsec"
608		return 1
609	fi
610
611	echo "PASS: macsec"
612}
613
614#-------------------------------------------------------------------
615# Example commands
616#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
617#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
618#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
619#            sel src 14.0.0.52/24 dst 14.0.0.70/24
620#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
621#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
622#            spi 0x07 mode transport reqid 0x07
623#
624# Subcommands not tested
625#    ip x s update
626#    ip x s allocspi
627#    ip x s deleteall
628#    ip x p update
629#    ip x p deleteall
630#    ip x p set
631#-------------------------------------------------------------------
632kci_test_ipsec()
633{
634	ret=0
635	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
636	srcip=192.168.123.1
637	dstip=192.168.123.2
638	spi=7
639
640	ip addr add $srcip dev $devdummy
641
642	# flush to be sure there's nothing configured
643	ip x s flush ; ip x p flush
644	check_err $?
645
646	# start the monitor in the background
647	tmpfile=`mktemp /var/run/ipsectestXXX`
648	mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
649	sleep 0.2
650
651	ipsecid="proto esp src $srcip dst $dstip spi 0x07"
652	ip x s add $ipsecid \
653            mode transport reqid 0x07 replay-window 32 \
654            $algo sel src $srcip/24 dst $dstip/24
655	check_err $?
656
657	lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
658	test $lines -eq 2
659	check_err $?
660
661	ip x s count | grep -q "SAD count 1"
662	check_err $?
663
664	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
665	test $lines -eq 2
666	check_err $?
667
668	ip x s delete $ipsecid
669	check_err $?
670
671	lines=`ip x s list | wc -l`
672	test $lines -eq 0
673	check_err $?
674
675	ipsecsel="dir out src $srcip/24 dst $dstip/24"
676	ip x p add $ipsecsel \
677		    tmpl proto esp src $srcip dst $dstip \
678		    spi 0x07 mode transport reqid 0x07
679	check_err $?
680
681	lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
682	test $lines -eq 2
683	check_err $?
684
685	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
686	check_err $?
687
688	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
689	test $lines -eq 2
690	check_err $?
691
692	ip x p delete $ipsecsel
693	check_err $?
694
695	lines=`ip x p list | wc -l`
696	test $lines -eq 0
697	check_err $?
698
699	# check the monitor results
700	kill $mpid
701	lines=`wc -l $tmpfile | cut "-d " -f1`
702	test $lines -eq 20
703	check_err $?
704	rm -rf $tmpfile
705
706	# clean up any leftovers
707	ip x s flush
708	check_err $?
709	ip x p flush
710	check_err $?
711	ip addr del $srcip/32 dev $devdummy
712
713	if [ $ret -ne 0 ]; then
714		echo "FAIL: ipsec"
715		return 1
716	fi
717	echo "PASS: ipsec"
718}
719
720#-------------------------------------------------------------------
721# Example commands
722#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
723#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
724#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
725#            sel src 14.0.0.52/24 dst 14.0.0.70/24
726#            offload dev sim1 dir out
727#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
728#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
729#            spi 0x07 mode transport reqid 0x07
730#
731#-------------------------------------------------------------------
732kci_test_ipsec_offload()
733{
734	ret=0
735	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
736	srcip=192.168.123.3
737	dstip=192.168.123.4
738	sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/
739	sysfsf=$sysfsd/ipsec
740	sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/
741	probed=false
742
743	# setup netdevsim since dummydev doesn't have offload support
744	if [ ! -w /sys/bus/netdevsim/new_device ] ; then
745		modprobe -q netdevsim
746		check_err $?
747		if [ $ret -ne 0 ]; then
748			echo "SKIP: ipsec_offload can't load netdevsim"
749			return $ksft_skip
750		fi
751		probed=true
752	fi
753
754	echo "0" > /sys/bus/netdevsim/new_device
755	while [ ! -d $sysfsnet ] ; do :; done
756	udevadm settle
757	dev=`ls $sysfsnet`
758
759	ip addr add $srcip dev $dev
760	ip link set $dev up
761	if [ ! -d $sysfsd ] ; then
762		echo "FAIL: ipsec_offload can't create device $dev"
763		return 1
764	fi
765	if [ ! -f $sysfsf ] ; then
766		echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
767		return 1
768	fi
769
770	# flush to be sure there's nothing configured
771	ip x s flush ; ip x p flush
772
773	# create offloaded SAs, both in and out
774	ip x p add dir out src $srcip/24 dst $dstip/24 \
775	    tmpl proto esp src $srcip dst $dstip spi 9 \
776	    mode transport reqid 42
777	check_err $?
778	ip x p add dir out src $dstip/24 dst $srcip/24 \
779	    tmpl proto esp src $dstip dst $srcip spi 9 \
780	    mode transport reqid 42
781	check_err $?
782
783	ip x s add proto esp src $srcip dst $dstip spi 9 \
784	    mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
785	    offload dev $dev dir out
786	check_err $?
787	ip x s add proto esp src $dstip dst $srcip spi 9 \
788	    mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
789	    offload dev $dev dir in
790	check_err $?
791	if [ $ret -ne 0 ]; then
792		echo "FAIL: ipsec_offload can't create SA"
793		return 1
794	fi
795
796	# does offload show up in ip output
797	lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
798	if [ $lines -ne 2 ] ; then
799		echo "FAIL: ipsec_offload SA offload missing from list output"
800		check_err 1
801	fi
802
803	# use ping to exercise the Tx path
804	ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
805
806	# does driver have correct offload info
807	diff $sysfsf - << EOF
808SA count=2 tx=3
809sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
810sa[0]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
811sa[0]    key=0x34333231 38373635 32313039 36353433
812sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
813sa[1]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
814sa[1]    key=0x34333231 38373635 32313039 36353433
815EOF
816	if [ $? -ne 0 ] ; then
817		echo "FAIL: ipsec_offload incorrect driver data"
818		check_err 1
819	fi
820
821	# does offload get removed from driver
822	ip x s flush
823	ip x p flush
824	lines=`grep -c "SA count=0" $sysfsf`
825	if [ $lines -ne 1 ] ; then
826		echo "FAIL: ipsec_offload SA not removed from driver"
827		check_err 1
828	fi
829
830	# clean up any leftovers
831	$probed && rmmod netdevsim
832
833	if [ $ret -ne 0 ]; then
834		echo "FAIL: ipsec_offload"
835		return 1
836	fi
837	echo "PASS: ipsec_offload"
838}
839
840kci_test_gretap()
841{
842	testns="testns"
843	DEV_NS=gretap00
844	ret=0
845
846	ip netns add "$testns"
847	if [ $? -ne 0 ]; then
848		echo "SKIP gretap tests: cannot add net namespace $testns"
849		return $ksft_skip
850	fi
851
852	ip link help gretap 2>&1 | grep -q "^Usage:"
853	if [ $? -ne 0 ];then
854		echo "SKIP: gretap: iproute2 too old"
855		ip netns del "$testns"
856		return $ksft_skip
857	fi
858
859	# test native tunnel
860	ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \
861		key 102 local 172.16.1.100 remote 172.16.1.200
862	check_err $?
863
864	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
865	check_err $?
866
867	ip -netns "$testns" link set dev $DEV_NS up
868	check_err $?
869
870	ip -netns "$testns" link del "$DEV_NS"
871	check_err $?
872
873	# test external mode
874	ip -netns "$testns" link add dev "$DEV_NS" type gretap external
875	check_err $?
876
877	ip -netns "$testns" link del "$DEV_NS"
878	check_err $?
879
880	if [ $ret -ne 0 ]; then
881		echo "FAIL: gretap"
882		ip netns del "$testns"
883		return 1
884	fi
885	echo "PASS: gretap"
886
887	ip netns del "$testns"
888}
889
890kci_test_ip6gretap()
891{
892	testns="testns"
893	DEV_NS=ip6gretap00
894	ret=0
895
896	ip netns add "$testns"
897	if [ $? -ne 0 ]; then
898		echo "SKIP ip6gretap tests: cannot add net namespace $testns"
899		return $ksft_skip
900	fi
901
902	ip link help ip6gretap 2>&1 | grep -q "^Usage:"
903	if [ $? -ne 0 ];then
904		echo "SKIP: ip6gretap: iproute2 too old"
905		ip netns del "$testns"
906		return $ksft_skip
907	fi
908
909	# test native tunnel
910	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \
911		key 102 local fc00:100::1 remote fc00:100::2
912	check_err $?
913
914	ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96
915	check_err $?
916
917	ip -netns "$testns" link set dev $DEV_NS up
918	check_err $?
919
920	ip -netns "$testns" link del "$DEV_NS"
921	check_err $?
922
923	# test external mode
924	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external
925	check_err $?
926
927	ip -netns "$testns" link del "$DEV_NS"
928	check_err $?
929
930	if [ $ret -ne 0 ]; then
931		echo "FAIL: ip6gretap"
932		ip netns del "$testns"
933		return 1
934	fi
935	echo "PASS: ip6gretap"
936
937	ip netns del "$testns"
938}
939
940kci_test_erspan()
941{
942	testns="testns"
943	DEV_NS=erspan00
944	ret=0
945
946	ip link help erspan 2>&1 | grep -q "^Usage:"
947	if [ $? -ne 0 ];then
948		echo "SKIP: erspan: iproute2 too old"
949		return $ksft_skip
950	fi
951
952	ip netns add "$testns"
953	if [ $? -ne 0 ]; then
954		echo "SKIP erspan tests: cannot add net namespace $testns"
955		return $ksft_skip
956	fi
957
958	# test native tunnel erspan v1
959	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
960		key 102 local 172.16.1.100 remote 172.16.1.200 \
961		erspan_ver 1 erspan 488
962	check_err $?
963
964	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
965	check_err $?
966
967	ip -netns "$testns" link set dev $DEV_NS up
968	check_err $?
969
970	ip -netns "$testns" link del "$DEV_NS"
971	check_err $?
972
973	# test native tunnel erspan v2
974	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
975		key 102 local 172.16.1.100 remote 172.16.1.200 \
976		erspan_ver 2 erspan_dir ingress erspan_hwid 7
977	check_err $?
978
979	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
980	check_err $?
981
982	ip -netns "$testns" link set dev $DEV_NS up
983	check_err $?
984
985	ip -netns "$testns" link del "$DEV_NS"
986	check_err $?
987
988	# test external mode
989	ip -netns "$testns" link add dev "$DEV_NS" type erspan external
990	check_err $?
991
992	ip -netns "$testns" link del "$DEV_NS"
993	check_err $?
994
995	if [ $ret -ne 0 ]; then
996		echo "FAIL: erspan"
997		ip netns del "$testns"
998		return 1
999	fi
1000	echo "PASS: erspan"
1001
1002	ip netns del "$testns"
1003}
1004
1005kci_test_ip6erspan()
1006{
1007	testns="testns"
1008	DEV_NS=ip6erspan00
1009	ret=0
1010
1011	ip link help ip6erspan 2>&1 | grep -q "^Usage:"
1012	if [ $? -ne 0 ];then
1013		echo "SKIP: ip6erspan: iproute2 too old"
1014		return $ksft_skip
1015	fi
1016
1017	ip netns add "$testns"
1018	if [ $? -ne 0 ]; then
1019		echo "SKIP ip6erspan tests: cannot add net namespace $testns"
1020		return $ksft_skip
1021	fi
1022
1023	# test native tunnel ip6erspan v1
1024	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1025		key 102 local fc00:100::1 remote fc00:100::2 \
1026		erspan_ver 1 erspan 488
1027	check_err $?
1028
1029	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1030	check_err $?
1031
1032	ip -netns "$testns" link set dev $DEV_NS up
1033	check_err $?
1034
1035	ip -netns "$testns" link del "$DEV_NS"
1036	check_err $?
1037
1038	# test native tunnel ip6erspan v2
1039	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1040		key 102 local fc00:100::1 remote fc00:100::2 \
1041		erspan_ver 2 erspan_dir ingress erspan_hwid 7
1042	check_err $?
1043
1044	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1045	check_err $?
1046
1047	ip -netns "$testns" link set dev $DEV_NS up
1048	check_err $?
1049
1050	ip -netns "$testns" link del "$DEV_NS"
1051	check_err $?
1052
1053	# test external mode
1054	ip -netns "$testns" link add dev "$DEV_NS" \
1055		type ip6erspan external
1056	check_err $?
1057
1058	ip -netns "$testns" link del "$DEV_NS"
1059	check_err $?
1060
1061	if [ $ret -ne 0 ]; then
1062		echo "FAIL: ip6erspan"
1063		ip netns del "$testns"
1064		return 1
1065	fi
1066	echo "PASS: ip6erspan"
1067
1068	ip netns del "$testns"
1069}
1070
1071kci_test_fdb_get()
1072{
1073	IP="ip -netns testns"
1074	BRIDGE="bridge -netns testns"
1075	brdev="test-br0"
1076	vxlandev="vxlan10"
1077	test_mac=de:ad:be:ef:13:37
1078	localip="10.0.2.2"
1079	dstip="10.0.2.3"
1080	ret=0
1081
1082	bridge fdb help 2>&1 |grep -q 'bridge fdb get'
1083	if [ $? -ne 0 ];then
1084		echo "SKIP: fdb get tests: iproute2 too old"
1085		return $ksft_skip
1086	fi
1087
1088	ip netns add testns
1089	if [ $? -ne 0 ]; then
1090		echo "SKIP fdb get tests: cannot add net namespace $testns"
1091		return $ksft_skip
1092	fi
1093
1094	$IP link add "$vxlandev" type vxlan id 10 local $localip \
1095                dstport 4789 2>/dev/null
1096	check_err $?
1097	$IP link add name "$brdev" type bridge &>/dev/null
1098	check_err $?
1099	$IP link set dev "$vxlandev" master "$brdev" &>/dev/null
1100	check_err $?
1101	$BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null
1102	check_err $?
1103	$BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null
1104	check_err $?
1105
1106	$BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1107	check_err $?
1108	$BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1109	check_err $?
1110	$BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip"
1111	check_err $?
1112
1113	ip netns del testns &>/dev/null
1114
1115	if [ $ret -ne 0 ]; then
1116		echo "FAIL: bridge fdb get"
1117		return 1
1118	fi
1119
1120	echo "PASS: bridge fdb get"
1121}
1122
1123kci_test_neigh_get()
1124{
1125	dstmac=de:ad:be:ef:13:37
1126	dstip=10.0.2.4
1127	dstip6=dead::2
1128	ret=0
1129
1130	ip neigh help 2>&1 |grep -q 'ip neigh get'
1131	if [ $? -ne 0 ];then
1132		echo "SKIP: fdb get tests: iproute2 too old"
1133		return $ksft_skip
1134	fi
1135
1136	# ipv4
1137	ip neigh add $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1138	check_err $?
1139	ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1140	check_err $?
1141	ip neigh del $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1142	check_err $?
1143
1144	# ipv4 proxy
1145	ip neigh add proxy $dstip dev "$devdummy" > /dev/null
1146	check_err $?
1147	ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip"
1148	check_err $?
1149	ip neigh del proxy $dstip dev "$devdummy" > /dev/null
1150	check_err $?
1151
1152	# ipv6
1153	ip neigh add $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1154	check_err $?
1155	ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1156	check_err $?
1157	ip neigh del $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1158	check_err $?
1159
1160	# ipv6 proxy
1161	ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null
1162	check_err $?
1163	ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6"
1164	check_err $?
1165	ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null
1166	check_err $?
1167
1168	if [ $ret -ne 0 ];then
1169		echo "FAIL: neigh get"
1170		return 1
1171	fi
1172
1173	echo "PASS: neigh get"
1174}
1175
1176kci_test_rtnl()
1177{
1178	kci_add_dummy
1179	if [ $ret -ne 0 ];then
1180		echo "FAIL: cannot add dummy interface"
1181		return 1
1182	fi
1183
1184	kci_test_polrouting
1185	kci_test_route_get
1186	kci_test_addrlft
1187	kci_test_promote_secondaries
1188	kci_test_tc
1189	kci_test_gre
1190	kci_test_gretap
1191	kci_test_ip6gretap
1192	kci_test_erspan
1193	kci_test_ip6erspan
1194	kci_test_bridge
1195	kci_test_addrlabel
1196	kci_test_ifalias
1197	kci_test_vrf
1198	kci_test_encap
1199	kci_test_macsec
1200	kci_test_ipsec
1201	kci_test_ipsec_offload
1202	kci_test_fdb_get
1203	kci_test_neigh_get
1204
1205	kci_del_dummy
1206}
1207
1208#check for needed privileges
1209if [ "$(id -u)" -ne 0 ];then
1210	echo "SKIP: Need root privileges"
1211	exit $ksft_skip
1212fi
1213
1214for x in ip tc;do
1215	$x -Version 2>/dev/null >/dev/null
1216	if [ $? -ne 0 ];then
1217		echo "SKIP: Could not run test without the $x tool"
1218		exit $ksft_skip
1219	fi
1220done
1221
1222kci_test_rtnl
1223
1224exit $ret
1225