1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4# This test is designed for testing the new VRF strict_mode functionality.
5
6# Kselftest framework requirement - SKIP code is 4.
7ksft_skip=4
8
9ret=0
10
11# identifies the "init" network namespace which is often called root network
12# namespace.
13INIT_NETNS_NAME="init"
14
15PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
16
17log_test()
18{
19	local rc=$1
20	local expected=$2
21	local msg="$3"
22
23	if [ ${rc} -eq ${expected} ]; then
24		nsuccess=$((nsuccess+1))
25		printf "\n    TEST: %-60s  [ OK ]\n" "${msg}"
26	else
27		ret=1
28		nfail=$((nfail+1))
29		printf "\n    TEST: %-60s  [FAIL]\n" "${msg}"
30		if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
31			echo
32			echo "hit enter to continue, 'q' to quit"
33			read a
34			[ "$a" = "q" ] && exit 1
35		fi
36	fi
37}
38
39print_log_test_results()
40{
41	if [ "$TESTS" != "none" ]; then
42		printf "\nTests passed: %3d\n" ${nsuccess}
43		printf "Tests failed: %3d\n"   ${nfail}
44	fi
45}
46
47log_section()
48{
49	echo
50	echo "################################################################################"
51	echo "TEST SECTION: $*"
52	echo "################################################################################"
53}
54
55ip_expand_args()
56{
57	local nsname=$1
58	local nsarg=""
59
60	if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then
61		nsarg="-netns ${nsname}"
62	fi
63
64	echo "${nsarg}"
65}
66
67vrf_count()
68{
69	local nsname=$1
70	local nsarg="$(ip_expand_args ${nsname})"
71
72	ip ${nsarg} -o link show type vrf | wc -l
73}
74
75count_vrf_by_table_id()
76{
77	local nsname=$1
78	local tableid=$2
79	local nsarg="$(ip_expand_args ${nsname})"
80
81	ip ${nsarg} -d -o link show type vrf | grep "table ${tableid}" | wc -l
82}
83
84add_vrf()
85{
86	local nsname=$1
87	local vrfname=$2
88	local vrftable=$3
89	local nsarg="$(ip_expand_args ${nsname})"
90
91	ip ${nsarg} link add ${vrfname} type vrf table ${vrftable} &>/dev/null
92}
93
94add_vrf_and_check()
95{
96	local nsname=$1
97	local vrfname=$2
98	local vrftable=$3
99	local cnt
100	local rc
101
102	add_vrf ${nsname} ${vrfname} ${vrftable}; rc=$?
103
104	cnt=$(count_vrf_by_table_id ${nsname} ${vrftable})
105
106	log_test ${rc} 0 "${nsname}: add vrf ${vrfname}, ${cnt} vrfs for table ${vrftable}"
107}
108
109add_vrf_and_check_fail()
110{
111	local nsname=$1
112	local vrfname=$2
113	local vrftable=$3
114	local cnt
115	local rc
116
117	add_vrf ${nsname} ${vrfname} ${vrftable}; rc=$?
118
119	cnt=$(count_vrf_by_table_id ${nsname} ${vrftable})
120
121	log_test ${rc} 2 "${nsname}: CANNOT add vrf ${vrfname}, ${cnt} vrfs for table ${vrftable}"
122}
123
124del_vrf_and_check()
125{
126	local nsname=$1
127	local vrfname=$2
128	local nsarg="$(ip_expand_args ${nsname})"
129
130	ip ${nsarg} link del ${vrfname}
131	log_test $? 0 "${nsname}: remove vrf ${vrfname}"
132}
133
134config_vrf_and_check()
135{
136	local nsname=$1
137	local addr=$2
138	local vrfname=$3
139	local nsarg="$(ip_expand_args ${nsname})"
140
141	ip ${nsarg} link set dev ${vrfname} up && \
142		ip ${nsarg} addr add ${addr} dev ${vrfname}
143	log_test $? 0 "${nsname}: vrf ${vrfname} up, addr ${addr}"
144}
145
146read_strict_mode()
147{
148	local nsname=$1
149	local rval
150	local rc=0
151	local nsexec=""
152
153	if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then
154		# a custom network namespace is provided
155		nsexec="ip netns exec ${nsname}"
156	fi
157
158	rval="$(${nsexec} bash -c "cat /proc/sys/net/vrf/strict_mode" | \
159		grep -E "^[0-1]$")" &> /dev/null
160	if [ $? -ne 0 ]; then
161		# set errors
162		rval=255
163		rc=1
164	fi
165
166	# on success, rval can be only 0 or 1; on error, rval is equal to 255
167	echo ${rval}
168	return ${rc}
169}
170
171read_strict_mode_compare_and_check()
172{
173	local nsname=$1
174	local expected=$2
175	local res
176
177	res="$(read_strict_mode ${nsname})"
178	log_test ${res} ${expected} "${nsname}: check strict_mode=${res}"
179}
180
181set_strict_mode()
182{
183	local nsname=$1
184	local val=$2
185	local nsexec=""
186
187	if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then
188		# a custom network namespace is provided
189		nsexec="ip netns exec ${nsname}"
190	fi
191
192	${nsexec} bash -c "echo ${val} >/proc/sys/net/vrf/strict_mode" &>/dev/null
193}
194
195enable_strict_mode()
196{
197	local nsname=$1
198
199	set_strict_mode ${nsname} 1
200}
201
202disable_strict_mode()
203{
204	local nsname=$1
205
206	set_strict_mode ${nsname} 0
207}
208
209disable_strict_mode_and_check()
210{
211	local nsname=$1
212
213	disable_strict_mode ${nsname}
214	log_test $? 0 "${nsname}: disable strict_mode (=0)"
215}
216
217enable_strict_mode_and_check()
218{
219	local nsname=$1
220
221	enable_strict_mode ${nsname}
222	log_test $? 0 "${nsname}: enable strict_mode (=1)"
223}
224
225enable_strict_mode_and_check_fail()
226{
227	local nsname=$1
228
229	enable_strict_mode ${nsname}
230	log_test $? 1 "${nsname}: CANNOT enable strict_mode"
231}
232
233strict_mode_check_default()
234{
235	local nsname=$1
236	local strictmode
237	local vrfcnt
238
239	vrfcnt=$(vrf_count ${nsname})
240	strictmode=$(read_strict_mode ${nsname})
241	log_test ${strictmode} 0 "${nsname}: strict_mode=0 by default, ${vrfcnt} vrfs"
242}
243
244setup()
245{
246	modprobe vrf
247
248	ip netns add testns
249	ip netns exec testns ip link set lo up
250}
251
252cleanup()
253{
254	ip netns del testns 2>/dev/null
255
256	ip link del vrf100 2>/dev/null
257	ip link del vrf101 2>/dev/null
258	ip link del vrf102 2>/dev/null
259
260	echo 0 >/proc/sys/net/vrf/strict_mode 2>/dev/null
261}
262
263vrf_strict_mode_tests_init()
264{
265	vrf_strict_mode_check_support init
266
267	strict_mode_check_default init
268
269	add_vrf_and_check init vrf100 100
270	config_vrf_and_check init 172.16.100.1/24 vrf100
271
272	enable_strict_mode_and_check init
273
274	add_vrf_and_check_fail init vrf101 100
275
276	disable_strict_mode_and_check init
277
278	add_vrf_and_check init vrf101 100
279	config_vrf_and_check init 172.16.101.1/24 vrf101
280
281	enable_strict_mode_and_check_fail init
282
283	del_vrf_and_check init vrf101
284
285	enable_strict_mode_and_check init
286
287	add_vrf_and_check init vrf102 102
288	config_vrf_and_check init 172.16.102.1/24 vrf102
289
290	# the strict_modle is enabled in the init
291}
292
293vrf_strict_mode_tests_testns()
294{
295	vrf_strict_mode_check_support testns
296
297	strict_mode_check_default testns
298
299	enable_strict_mode_and_check testns
300
301	add_vrf_and_check testns vrf100 100
302	config_vrf_and_check testns 10.0.100.1/24 vrf100
303
304	add_vrf_and_check_fail testns vrf101 100
305
306	add_vrf_and_check_fail testns vrf102 100
307
308	add_vrf_and_check testns vrf200 200
309
310	disable_strict_mode_and_check testns
311
312	add_vrf_and_check testns vrf101 100
313
314	add_vrf_and_check testns vrf102 100
315
316	#the strict_mode is disabled in the testns
317}
318
319vrf_strict_mode_tests_mix()
320{
321	read_strict_mode_compare_and_check init 1
322
323	read_strict_mode_compare_and_check testns 0
324
325	del_vrf_and_check testns vrf101
326
327	del_vrf_and_check testns vrf102
328
329	disable_strict_mode_and_check init
330
331	enable_strict_mode_and_check testns
332
333	enable_strict_mode_and_check init
334	enable_strict_mode_and_check init
335
336	disable_strict_mode_and_check testns
337	disable_strict_mode_and_check testns
338
339	read_strict_mode_compare_and_check init 1
340
341	read_strict_mode_compare_and_check testns 0
342}
343
344vrf_strict_mode_tests()
345{
346	log_section "VRF strict_mode test on init network namespace"
347	vrf_strict_mode_tests_init
348
349	log_section "VRF strict_mode test on testns network namespace"
350	vrf_strict_mode_tests_testns
351
352	log_section "VRF strict_mode test mixing init and testns network namespaces"
353	vrf_strict_mode_tests_mix
354}
355
356vrf_strict_mode_check_support()
357{
358	local nsname=$1
359	local output
360	local rc
361
362	output="$(lsmod | grep '^vrf' | awk '{print $1}')"
363	if [ -z "${output}" ]; then
364		modinfo vrf || return $?
365	fi
366
367	# we do not care about the value of the strict_mode; we only check if
368	# the strict_mode parameter is available or not.
369	read_strict_mode ${nsname} &>/dev/null; rc=$?
370	log_test ${rc} 0 "${nsname}: net.vrf.strict_mode is available"
371
372	return ${rc}
373}
374
375if [ "$(id -u)" -ne 0 ];then
376	echo "SKIP: Need root privileges"
377	exit $ksft_skip
378fi
379
380if [ ! -x "$(command -v ip)" ]; then
381	echo "SKIP: Could not run test without ip tool"
382	exit $ksft_skip
383fi
384
385modprobe vrf &>/dev/null
386if [ ! -e /proc/sys/net/vrf/strict_mode ]; then
387	echo "SKIP: vrf sysctl does not exist"
388	exit $ksft_skip
389fi
390
391cleanup &> /dev/null
392
393setup
394vrf_strict_mode_tests
395cleanup
396
397print_log_test_results
398
399exit $ret
400