1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved. 5# 6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups 7# for various permutations: 8# 1. icmp, tcp, udp and netfilter 9# 2. client, server, no-server 10# 3. global address on interface 11# 4. global address on 'lo' 12# 5. remote and local traffic 13# 6. VRF and non-VRF permutations 14# 15# Setup: 16# ns-A | ns-B 17# No VRF case: 18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ] 19# remote address 20# VRF case: 21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ] 22# 23# ns-A: 24# eth1: 172.16.1.1/24, 2001:db8:1::1/64 25# lo: 127.0.0.1/8, ::1/128 26# 172.16.2.1/32, 2001:db8:2::1/128 27# red: 127.0.0.1/8, ::1/128 28# 172.16.3.1/32, 2001:db8:3::1/128 29# 30# ns-B: 31# eth1: 172.16.1.2/24, 2001:db8:1::2/64 32# lo2: 127.0.0.1/8, ::1/128 33# 172.16.2.2/32, 2001:db8:2::2/128 34# 35# ns-A to ns-C connection - only for VRF and same config 36# as ns-A to ns-B 37# 38# server / client nomenclature relative to ns-A 39 40VERBOSE=0 41 42NSA_DEV=eth1 43NSA_DEV2=eth2 44NSB_DEV=eth1 45NSC_DEV=eth2 46VRF=red 47VRF_TABLE=1101 48 49# IPv4 config 50NSA_IP=172.16.1.1 51NSB_IP=172.16.1.2 52VRF_IP=172.16.3.1 53NS_NET=172.16.1.0/24 54 55# IPv6 config 56NSA_IP6=2001:db8:1::1 57NSB_IP6=2001:db8:1::2 58VRF_IP6=2001:db8:3::1 59NS_NET6=2001:db8:1::/120 60 61NSA_LO_IP=172.16.2.1 62NSB_LO_IP=172.16.2.2 63NSA_LO_IP6=2001:db8:2::1 64NSB_LO_IP6=2001:db8:2::2 65 66MD5_PW=abc123 67MD5_WRONG_PW=abc1234 68 69MCAST=ff02::1 70# set after namespace create 71NSA_LINKIP6= 72NSB_LINKIP6= 73 74NSA=ns-A 75NSB=ns-B 76NSC=ns-C 77 78NSA_CMD="ip netns exec ${NSA}" 79NSB_CMD="ip netns exec ${NSB}" 80NSC_CMD="ip netns exec ${NSC}" 81 82which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) 83 84################################################################################ 85# utilities 86 87log_test() 88{ 89 local rc=$1 90 local expected=$2 91 local msg="$3" 92 93 [ "${VERBOSE}" = "1" ] && echo 94 95 if [ ${rc} -eq ${expected} ]; then 96 nsuccess=$((nsuccess+1)) 97 printf "TEST: %-70s [ OK ]\n" "${msg}" 98 else 99 nfail=$((nfail+1)) 100 printf "TEST: %-70s [FAIL]\n" "${msg}" 101 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 102 echo 103 echo "hit enter to continue, 'q' to quit" 104 read a 105 [ "$a" = "q" ] && exit 1 106 fi 107 fi 108 109 if [ "${PAUSE}" = "yes" ]; then 110 echo 111 echo "hit enter to continue, 'q' to quit" 112 read a 113 [ "$a" = "q" ] && exit 1 114 fi 115 116 kill_procs 117} 118 119log_test_addr() 120{ 121 local addr=$1 122 local rc=$2 123 local expected=$3 124 local msg="$4" 125 local astr 126 127 astr=$(addr2str ${addr}) 128 log_test $rc $expected "$msg - ${astr}" 129} 130 131log_section() 132{ 133 echo 134 echo "###########################################################################" 135 echo "$*" 136 echo "###########################################################################" 137 echo 138} 139 140log_subsection() 141{ 142 echo 143 echo "#################################################################" 144 echo "$*" 145 echo 146} 147 148log_start() 149{ 150 # make sure we have no test instances running 151 kill_procs 152 153 if [ "${VERBOSE}" = "1" ]; then 154 echo 155 echo "#######################################################" 156 fi 157} 158 159log_debug() 160{ 161 if [ "${VERBOSE}" = "1" ]; then 162 echo 163 echo "$*" 164 echo 165 fi 166} 167 168show_hint() 169{ 170 if [ "${VERBOSE}" = "1" ]; then 171 echo "HINT: $*" 172 echo 173 fi 174} 175 176kill_procs() 177{ 178 killall nettest ping ping6 >/dev/null 2>&1 179 sleep 1 180} 181 182do_run_cmd() 183{ 184 local cmd="$*" 185 local out 186 187 if [ "$VERBOSE" = "1" ]; then 188 echo "COMMAND: ${cmd}" 189 fi 190 191 out=$($cmd 2>&1) 192 rc=$? 193 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 194 echo "$out" 195 fi 196 197 return $rc 198} 199 200run_cmd() 201{ 202 do_run_cmd ${NSA_CMD} $* 203} 204 205run_cmd_nsb() 206{ 207 do_run_cmd ${NSB_CMD} $* 208} 209 210run_cmd_nsc() 211{ 212 do_run_cmd ${NSC_CMD} $* 213} 214 215setup_cmd() 216{ 217 local cmd="$*" 218 local rc 219 220 run_cmd ${cmd} 221 rc=$? 222 if [ $rc -ne 0 ]; then 223 # show user the command if not done so already 224 if [ "$VERBOSE" = "0" ]; then 225 echo "setup command: $cmd" 226 fi 227 echo "failed. stopping tests" 228 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 229 echo 230 echo "hit enter to continue" 231 read a 232 fi 233 exit $rc 234 fi 235} 236 237setup_cmd_nsb() 238{ 239 local cmd="$*" 240 local rc 241 242 run_cmd_nsb ${cmd} 243 rc=$? 244 if [ $rc -ne 0 ]; then 245 # show user the command if not done so already 246 if [ "$VERBOSE" = "0" ]; then 247 echo "setup command: $cmd" 248 fi 249 echo "failed. stopping tests" 250 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 251 echo 252 echo "hit enter to continue" 253 read a 254 fi 255 exit $rc 256 fi 257} 258 259setup_cmd_nsc() 260{ 261 local cmd="$*" 262 local rc 263 264 run_cmd_nsc ${cmd} 265 rc=$? 266 if [ $rc -ne 0 ]; then 267 # show user the command if not done so already 268 if [ "$VERBOSE" = "0" ]; then 269 echo "setup command: $cmd" 270 fi 271 echo "failed. stopping tests" 272 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 273 echo 274 echo "hit enter to continue" 275 read a 276 fi 277 exit $rc 278 fi 279} 280 281# set sysctl values in NS-A 282set_sysctl() 283{ 284 echo "SYSCTL: $*" 285 echo 286 run_cmd sysctl -q -w $* 287} 288 289################################################################################ 290# Setup for tests 291 292addr2str() 293{ 294 case "$1" in 295 127.0.0.1) echo "loopback";; 296 ::1) echo "IPv6 loopback";; 297 298 ${NSA_IP}) echo "ns-A IP";; 299 ${NSA_IP6}) echo "ns-A IPv6";; 300 ${NSA_LO_IP}) echo "ns-A loopback IP";; 301 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";; 302 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";; 303 304 ${NSB_IP}) echo "ns-B IP";; 305 ${NSB_IP6}) echo "ns-B IPv6";; 306 ${NSB_LO_IP}) echo "ns-B loopback IP";; 307 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";; 308 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";; 309 310 ${VRF_IP}) echo "VRF IP";; 311 ${VRF_IP6}) echo "VRF IPv6";; 312 313 ${MCAST}%*) echo "multicast IP";; 314 315 *) echo "unknown";; 316 esac 317} 318 319get_linklocal() 320{ 321 local ns=$1 322 local dev=$2 323 local addr 324 325 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \ 326 awk '{ 327 for (i = 3; i <= NF; ++i) { 328 if ($i ~ /^fe80/) 329 print $i 330 } 331 }' 332 ) 333 addr=${addr/\/*} 334 335 [ -z "$addr" ] && return 1 336 337 echo $addr 338 339 return 0 340} 341 342################################################################################ 343# create namespaces and vrf 344 345create_vrf() 346{ 347 local ns=$1 348 local vrf=$2 349 local table=$3 350 local addr=$4 351 local addr6=$5 352 353 ip -netns ${ns} link add ${vrf} type vrf table ${table} 354 ip -netns ${ns} link set ${vrf} up 355 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192 356 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192 357 358 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf} 359 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad 360 if [ "${addr}" != "-" ]; then 361 ip -netns ${ns} addr add dev ${vrf} ${addr} 362 fi 363 if [ "${addr6}" != "-" ]; then 364 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6} 365 fi 366 367 ip -netns ${ns} ru del pref 0 368 ip -netns ${ns} ru add pref 32765 from all lookup local 369 ip -netns ${ns} -6 ru del pref 0 370 ip -netns ${ns} -6 ru add pref 32765 from all lookup local 371} 372 373create_ns() 374{ 375 local ns=$1 376 local addr=$2 377 local addr6=$3 378 379 ip netns add ${ns} 380 381 ip -netns ${ns} link set lo up 382 if [ "${addr}" != "-" ]; then 383 ip -netns ${ns} addr add dev lo ${addr} 384 fi 385 if [ "${addr6}" != "-" ]; then 386 ip -netns ${ns} -6 addr add dev lo ${addr6} 387 fi 388 389 ip -netns ${ns} ro add unreachable default metric 8192 390 ip -netns ${ns} -6 ro add unreachable default metric 8192 391 392 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1 393 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 394 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1 395 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1 396} 397 398# create veth pair to connect namespaces and apply addresses. 399connect_ns() 400{ 401 local ns1=$1 402 local ns1_dev=$2 403 local ns1_addr=$3 404 local ns1_addr6=$4 405 local ns2=$5 406 local ns2_dev=$6 407 local ns2_addr=$7 408 local ns2_addr6=$8 409 410 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp 411 ip -netns ${ns1} li set ${ns1_dev} up 412 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev} 413 ip -netns ${ns2} li set ${ns2_dev} up 414 415 if [ "${ns1_addr}" != "-" ]; then 416 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr} 417 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr} 418 fi 419 420 if [ "${ns1_addr6}" != "-" ]; then 421 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6} 422 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6} 423 fi 424} 425 426cleanup() 427{ 428 # explicit cleanups to check those code paths 429 ip netns | grep -q ${NSA} 430 if [ $? -eq 0 ]; then 431 ip -netns ${NSA} link delete ${VRF} 432 ip -netns ${NSA} ro flush table ${VRF_TABLE} 433 434 ip -netns ${NSA} addr flush dev ${NSA_DEV} 435 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV} 436 ip -netns ${NSA} link set dev ${NSA_DEV} down 437 ip -netns ${NSA} link del dev ${NSA_DEV} 438 439 ip netns pids ${NSA} | xargs kill 2>/dev/null 440 ip netns del ${NSA} 441 fi 442 443 ip netns pids ${NSB} | xargs kill 2>/dev/null 444 ip netns del ${NSB} 445 ip netns pids ${NSC} | xargs kill 2>/dev/null 446 ip netns del ${NSC} >/dev/null 2>&1 447} 448 449cleanup_vrf_dup() 450{ 451 ip link del ${NSA_DEV2} >/dev/null 2>&1 452 ip netns pids ${NSC} | xargs kill 2>/dev/null 453 ip netns del ${NSC} >/dev/null 2>&1 454} 455 456setup_vrf_dup() 457{ 458 # some VRF tests use ns-C which has the same config as 459 # ns-B but for a device NOT in the VRF 460 create_ns ${NSC} "-" "-" 461 connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \ 462 ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64 463} 464 465setup() 466{ 467 local with_vrf=${1} 468 469 # make sure we are starting with a clean slate 470 kill_procs 471 cleanup 2>/dev/null 472 473 log_debug "Configuring network namespaces" 474 set -e 475 476 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128 477 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128 478 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \ 479 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64 480 481 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV}) 482 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV}) 483 484 # tell ns-A how to get to remote addresses of ns-B 485 if [ "${with_vrf}" = "yes" ]; then 486 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6} 487 488 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF} 489 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 490 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 491 492 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 493 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 494 else 495 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 496 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 497 fi 498 499 500 # tell ns-B how to get to remote addresses of ns-A 501 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 502 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 503 504 set +e 505 506 sleep 1 507} 508 509setup_lla_only() 510{ 511 # make sure we are starting with a clean slate 512 kill_procs 513 cleanup 2>/dev/null 514 515 log_debug "Configuring network namespaces" 516 set -e 517 518 create_ns ${NSA} "-" "-" 519 create_ns ${NSB} "-" "-" 520 create_ns ${NSC} "-" "-" 521 connect_ns ${NSA} ${NSA_DEV} "-" "-" \ 522 ${NSB} ${NSB_DEV} "-" "-" 523 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \ 524 ${NSC} ${NSC_DEV} "-" "-" 525 526 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV}) 527 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV}) 528 NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV}) 529 530 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-" 531 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF} 532 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF} 533 534 set +e 535 536 sleep 1 537} 538 539################################################################################ 540# IPv4 541 542ipv4_ping_novrf() 543{ 544 local a 545 546 # 547 # out 548 # 549 for a in ${NSB_IP} ${NSB_LO_IP} 550 do 551 log_start 552 run_cmd ping -c1 -w1 ${a} 553 log_test_addr ${a} $? 0 "ping out" 554 555 log_start 556 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 557 log_test_addr ${a} $? 0 "ping out, device bind" 558 559 log_start 560 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a} 561 log_test_addr ${a} $? 0 "ping out, address bind" 562 done 563 564 # 565 # in 566 # 567 for a in ${NSA_IP} ${NSA_LO_IP} 568 do 569 log_start 570 run_cmd_nsb ping -c1 -w1 ${a} 571 log_test_addr ${a} $? 0 "ping in" 572 done 573 574 # 575 # local traffic 576 # 577 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 578 do 579 log_start 580 run_cmd ping -c1 -w1 ${a} 581 log_test_addr ${a} $? 0 "ping local" 582 done 583 584 # 585 # local traffic, socket bound to device 586 # 587 # address on device 588 a=${NSA_IP} 589 log_start 590 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 591 log_test_addr ${a} $? 0 "ping local, device bind" 592 593 # loopback addresses not reachable from device bind 594 # fails in a really weird way though because ipv4 special cases 595 # route lookups with oif set. 596 for a in ${NSA_LO_IP} 127.0.0.1 597 do 598 log_start 599 show_hint "Fails since address on loopback device is out of device scope" 600 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 601 log_test_addr ${a} $? 1 "ping local, device bind" 602 done 603 604 # 605 # ip rule blocks reachability to remote address 606 # 607 log_start 608 setup_cmd ip rule add pref 32765 from all lookup local 609 setup_cmd ip rule del pref 0 from all lookup local 610 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 611 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 612 613 a=${NSB_LO_IP} 614 run_cmd ping -c1 -w1 ${a} 615 log_test_addr ${a} $? 2 "ping out, blocked by rule" 616 617 # NOTE: ipv4 actually allows the lookup to fail and yet still create 618 # a viable rtable if the oif (e.g., bind to device) is set, so this 619 # case succeeds despite the rule 620 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 621 622 a=${NSA_LO_IP} 623 log_start 624 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule" 625 run_cmd_nsb ping -c1 -w1 ${a} 626 log_test_addr ${a} $? 1 "ping in, blocked by rule" 627 628 [ "$VERBOSE" = "1" ] && echo 629 setup_cmd ip rule del pref 32765 from all lookup local 630 setup_cmd ip rule add pref 0 from all lookup local 631 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 632 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 633 634 # 635 # route blocks reachability to remote address 636 # 637 log_start 638 setup_cmd ip route replace unreachable ${NSB_LO_IP} 639 setup_cmd ip route replace unreachable ${NSB_IP} 640 641 a=${NSB_LO_IP} 642 run_cmd ping -c1 -w1 ${a} 643 log_test_addr ${a} $? 2 "ping out, blocked by route" 644 645 # NOTE: ipv4 actually allows the lookup to fail and yet still create 646 # a viable rtable if the oif (e.g., bind to device) is set, so this 647 # case succeeds despite not having a route for the address 648 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 649 650 a=${NSA_LO_IP} 651 log_start 652 show_hint "Response is dropped (or arp request is ignored) due to ip route" 653 run_cmd_nsb ping -c1 -w1 ${a} 654 log_test_addr ${a} $? 1 "ping in, blocked by route" 655 656 # 657 # remove 'remote' routes; fallback to default 658 # 659 log_start 660 setup_cmd ip ro del ${NSB_LO_IP} 661 662 a=${NSB_LO_IP} 663 run_cmd ping -c1 -w1 ${a} 664 log_test_addr ${a} $? 2 "ping out, unreachable default route" 665 666 # NOTE: ipv4 actually allows the lookup to fail and yet still create 667 # a viable rtable if the oif (e.g., bind to device) is set, so this 668 # case succeeds despite not having a route for the address 669 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 670} 671 672ipv4_ping_vrf() 673{ 674 local a 675 676 # should default on; does not exist on older kernels 677 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 678 679 # 680 # out 681 # 682 for a in ${NSB_IP} ${NSB_LO_IP} 683 do 684 log_start 685 run_cmd ping -c1 -w1 -I ${VRF} ${a} 686 log_test_addr ${a} $? 0 "ping out, VRF bind" 687 688 log_start 689 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 690 log_test_addr ${a} $? 0 "ping out, device bind" 691 692 log_start 693 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a} 694 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind" 695 696 log_start 697 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a} 698 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind" 699 done 700 701 # 702 # in 703 # 704 for a in ${NSA_IP} ${VRF_IP} 705 do 706 log_start 707 run_cmd_nsb ping -c1 -w1 ${a} 708 log_test_addr ${a} $? 0 "ping in" 709 done 710 711 # 712 # local traffic, local address 713 # 714 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 715 do 716 log_start 717 show_hint "Source address should be ${a}" 718 run_cmd ping -c1 -w1 -I ${VRF} ${a} 719 log_test_addr ${a} $? 0 "ping local, VRF bind" 720 done 721 722 # 723 # local traffic, socket bound to device 724 # 725 # address on device 726 a=${NSA_IP} 727 log_start 728 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 729 log_test_addr ${a} $? 0 "ping local, device bind" 730 731 # vrf device is out of scope 732 for a in ${VRF_IP} 127.0.0.1 733 do 734 log_start 735 show_hint "Fails since address on vrf device is out of device scope" 736 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 737 log_test_addr ${a} $? 1 "ping local, device bind" 738 done 739 740 # 741 # ip rule blocks address 742 # 743 log_start 744 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 745 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 746 747 a=${NSB_LO_IP} 748 run_cmd ping -c1 -w1 -I ${VRF} ${a} 749 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule" 750 751 log_start 752 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 753 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 754 755 a=${NSA_LO_IP} 756 log_start 757 show_hint "Response lost due to ip rule" 758 run_cmd_nsb ping -c1 -w1 ${a} 759 log_test_addr ${a} $? 1 "ping in, blocked by rule" 760 761 [ "$VERBOSE" = "1" ] && echo 762 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 763 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 764 765 # 766 # remove 'remote' routes; fallback to default 767 # 768 log_start 769 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP} 770 771 a=${NSB_LO_IP} 772 run_cmd ping -c1 -w1 -I ${VRF} ${a} 773 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route" 774 775 log_start 776 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 777 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 778 779 a=${NSA_LO_IP} 780 log_start 781 show_hint "Response lost by unreachable route" 782 run_cmd_nsb ping -c1 -w1 ${a} 783 log_test_addr ${a} $? 1 "ping in, unreachable route" 784} 785 786ipv4_ping() 787{ 788 log_section "IPv4 ping" 789 790 log_subsection "No VRF" 791 setup 792 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 793 ipv4_ping_novrf 794 setup 795 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 796 ipv4_ping_novrf 797 798 log_subsection "With VRF" 799 setup "yes" 800 ipv4_ping_vrf 801} 802 803################################################################################ 804# IPv4 TCP 805 806# 807# MD5 tests without VRF 808# 809ipv4_tcp_md5_novrf() 810{ 811 # 812 # single address 813 # 814 815 # basic use case 816 log_start 817 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} & 818 sleep 1 819 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 820 log_test $? 0 "MD5: Single address config" 821 822 # client sends MD5, server not configured 823 log_start 824 show_hint "Should timeout due to MD5 mismatch" 825 run_cmd nettest -s & 826 sleep 1 827 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 828 log_test $? 2 "MD5: Server no config, client uses password" 829 830 # wrong password 831 log_start 832 show_hint "Should timeout since client uses wrong password" 833 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} & 834 sleep 1 835 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 836 log_test $? 2 "MD5: Client uses wrong password" 837 838 # client from different address 839 log_start 840 show_hint "Should timeout due to MD5 mismatch" 841 run_cmd nettest -s -M ${MD5_PW} -r ${NSB_LO_IP} & 842 sleep 1 843 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 844 log_test $? 2 "MD5: Client address does not match address configured with password" 845 846 # 847 # MD5 extension - prefix length 848 # 849 850 # client in prefix 851 log_start 852 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & 853 sleep 1 854 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 855 log_test $? 0 "MD5: Prefix config" 856 857 # client in prefix, wrong password 858 log_start 859 show_hint "Should timeout since client uses wrong password" 860 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & 861 sleep 1 862 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 863 log_test $? 2 "MD5: Prefix config, client uses wrong password" 864 865 # client outside of prefix 866 log_start 867 show_hint "Should timeout due to MD5 mismatch" 868 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & 869 sleep 1 870 run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW} 871 log_test $? 2 "MD5: Prefix config, client address not in configured prefix" 872} 873 874# 875# MD5 tests with VRF 876# 877ipv4_tcp_md5() 878{ 879 # 880 # single address 881 # 882 883 # basic use case 884 log_start 885 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 886 sleep 1 887 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 888 log_test $? 0 "MD5: VRF: Single address config" 889 890 # client sends MD5, server not configured 891 log_start 892 show_hint "Should timeout since server does not have MD5 auth" 893 run_cmd nettest -s -d ${VRF} & 894 sleep 1 895 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 896 log_test $? 2 "MD5: VRF: Server no config, client uses password" 897 898 # wrong password 899 log_start 900 show_hint "Should timeout since client uses wrong password" 901 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 902 sleep 1 903 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 904 log_test $? 2 "MD5: VRF: Client uses wrong password" 905 906 # client from different address 907 log_start 908 show_hint "Should timeout since server config differs from client" 909 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP} & 910 sleep 1 911 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 912 log_test $? 2 "MD5: VRF: Client address does not match address configured with password" 913 914 # 915 # MD5 extension - prefix length 916 # 917 918 # client in prefix 919 log_start 920 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 921 sleep 1 922 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 923 log_test $? 0 "MD5: VRF: Prefix config" 924 925 # client in prefix, wrong password 926 log_start 927 show_hint "Should timeout since client uses wrong password" 928 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 929 sleep 1 930 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 931 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password" 932 933 # client outside of prefix 934 log_start 935 show_hint "Should timeout since client address is outside of prefix" 936 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 937 sleep 1 938 run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW} 939 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix" 940 941 # 942 # duplicate config between default VRF and a VRF 943 # 944 945 log_start 946 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 947 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & 948 sleep 1 949 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 950 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" 951 952 log_start 953 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 954 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & 955 sleep 1 956 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 957 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" 958 959 log_start 960 show_hint "Should timeout since client in default VRF uses VRF password" 961 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 962 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & 963 sleep 1 964 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW} 965 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" 966 967 log_start 968 show_hint "Should timeout since client in VRF uses default VRF password" 969 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & 970 run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & 971 sleep 1 972 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 973 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" 974 975 log_start 976 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 977 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 978 sleep 1 979 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} 980 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF" 981 982 log_start 983 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 984 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 985 sleep 1 986 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 987 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF" 988 989 log_start 990 show_hint "Should timeout since client in default VRF uses VRF password" 991 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 992 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 993 sleep 1 994 run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW} 995 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw" 996 997 log_start 998 show_hint "Should timeout since client in VRF uses default VRF password" 999 run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} & 1000 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & 1001 sleep 1 1002 run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} 1003 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw" 1004 1005 # 1006 # negative tests 1007 # 1008 log_start 1009 run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP} 1010 log_test $? 1 "MD5: VRF: Device must be a VRF - single address" 1011 1012 log_start 1013 run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET} 1014 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix" 1015 1016} 1017 1018ipv4_tcp_novrf() 1019{ 1020 local a 1021 1022 # 1023 # server tests 1024 # 1025 for a in ${NSA_IP} ${NSA_LO_IP} 1026 do 1027 log_start 1028 run_cmd nettest -s & 1029 sleep 1 1030 run_cmd_nsb nettest -r ${a} 1031 log_test_addr ${a} $? 0 "Global server" 1032 done 1033 1034 a=${NSA_IP} 1035 log_start 1036 run_cmd nettest -s -d ${NSA_DEV} & 1037 sleep 1 1038 run_cmd_nsb nettest -r ${a} 1039 log_test_addr ${a} $? 0 "Device server" 1040 1041 # verify TCP reset sent and received 1042 for a in ${NSA_IP} ${NSA_LO_IP} 1043 do 1044 log_start 1045 show_hint "Should fail 'Connection refused' since there is no server" 1046 run_cmd_nsb nettest -r ${a} 1047 log_test_addr ${a} $? 1 "No server" 1048 done 1049 1050 # 1051 # client 1052 # 1053 for a in ${NSB_IP} ${NSB_LO_IP} 1054 do 1055 log_start 1056 run_cmd_nsb nettest -s & 1057 sleep 1 1058 run_cmd nettest -r ${a} -0 ${NSA_IP} 1059 log_test_addr ${a} $? 0 "Client" 1060 1061 log_start 1062 run_cmd_nsb nettest -s & 1063 sleep 1 1064 run_cmd nettest -r ${a} -d ${NSA_DEV} 1065 log_test_addr ${a} $? 0 "Client, device bind" 1066 1067 log_start 1068 show_hint "Should fail 'Connection refused'" 1069 run_cmd nettest -r ${a} 1070 log_test_addr ${a} $? 1 "No server, unbound client" 1071 1072 log_start 1073 show_hint "Should fail 'Connection refused'" 1074 run_cmd nettest -r ${a} -d ${NSA_DEV} 1075 log_test_addr ${a} $? 1 "No server, device client" 1076 done 1077 1078 # 1079 # local address tests 1080 # 1081 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 1082 do 1083 log_start 1084 run_cmd nettest -s & 1085 sleep 1 1086 run_cmd nettest -r ${a} -0 ${a} -1 ${a} 1087 log_test_addr ${a} $? 0 "Global server, local connection" 1088 done 1089 1090 a=${NSA_IP} 1091 log_start 1092 run_cmd nettest -s -d ${NSA_DEV} & 1093 sleep 1 1094 run_cmd nettest -r ${a} -0 ${a} 1095 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 1096 1097 for a in ${NSA_LO_IP} 127.0.0.1 1098 do 1099 log_start 1100 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 1101 run_cmd nettest -s -d ${NSA_DEV} & 1102 sleep 1 1103 run_cmd nettest -r ${a} 1104 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 1105 done 1106 1107 a=${NSA_IP} 1108 log_start 1109 run_cmd nettest -s & 1110 sleep 1 1111 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV} 1112 log_test_addr ${a} $? 0 "Global server, device client, local connection" 1113 1114 for a in ${NSA_LO_IP} 127.0.0.1 1115 do 1116 log_start 1117 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 1118 run_cmd nettest -s & 1119 sleep 1 1120 run_cmd nettest -r ${a} -d ${NSA_DEV} 1121 log_test_addr ${a} $? 1 "Global server, device client, local connection" 1122 done 1123 1124 a=${NSA_IP} 1125 log_start 1126 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1127 sleep 1 1128 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a} 1129 log_test_addr ${a} $? 0 "Device server, device client, local connection" 1130 1131 log_start 1132 show_hint "Should fail 'Connection refused'" 1133 run_cmd nettest -d ${NSA_DEV} -r ${a} 1134 log_test_addr ${a} $? 1 "No server, device client, local conn" 1135 1136 ipv4_tcp_md5_novrf 1137} 1138 1139ipv4_tcp_vrf() 1140{ 1141 local a 1142 1143 # disable global server 1144 log_subsection "Global server disabled" 1145 1146 set_sysctl net.ipv4.tcp_l3mdev_accept=0 1147 1148 # 1149 # server tests 1150 # 1151 for a in ${NSA_IP} ${VRF_IP} 1152 do 1153 log_start 1154 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 1155 run_cmd nettest -s & 1156 sleep 1 1157 run_cmd_nsb nettest -r ${a} 1158 log_test_addr ${a} $? 1 "Global server" 1159 1160 log_start 1161 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1162 sleep 1 1163 run_cmd_nsb nettest -r ${a} 1164 log_test_addr ${a} $? 0 "VRF server" 1165 1166 log_start 1167 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1168 sleep 1 1169 run_cmd_nsb nettest -r ${a} 1170 log_test_addr ${a} $? 0 "Device server" 1171 1172 # verify TCP reset received 1173 log_start 1174 show_hint "Should fail 'Connection refused' since there is no server" 1175 run_cmd_nsb nettest -r ${a} 1176 log_test_addr ${a} $? 1 "No server" 1177 done 1178 1179 # local address tests 1180 # (${VRF_IP} and 127.0.0.1 both timeout) 1181 a=${NSA_IP} 1182 log_start 1183 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 1184 run_cmd nettest -s & 1185 sleep 1 1186 run_cmd nettest -r ${a} -d ${NSA_DEV} 1187 log_test_addr ${a} $? 1 "Global server, local connection" 1188 1189 # run MD5 tests 1190 setup_vrf_dup 1191 ipv4_tcp_md5 1192 cleanup_vrf_dup 1193 1194 # 1195 # enable VRF global server 1196 # 1197 log_subsection "VRF Global server enabled" 1198 set_sysctl net.ipv4.tcp_l3mdev_accept=1 1199 1200 for a in ${NSA_IP} ${VRF_IP} 1201 do 1202 log_start 1203 show_hint "client socket should be bound to VRF" 1204 run_cmd nettest -s -2 ${VRF} & 1205 sleep 1 1206 run_cmd_nsb nettest -r ${a} 1207 log_test_addr ${a} $? 0 "Global server" 1208 1209 log_start 1210 show_hint "client socket should be bound to VRF" 1211 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1212 sleep 1 1213 run_cmd_nsb nettest -r ${a} 1214 log_test_addr ${a} $? 0 "VRF server" 1215 1216 # verify TCP reset received 1217 log_start 1218 show_hint "Should fail 'Connection refused'" 1219 run_cmd_nsb nettest -r ${a} 1220 log_test_addr ${a} $? 1 "No server" 1221 done 1222 1223 a=${NSA_IP} 1224 log_start 1225 show_hint "client socket should be bound to device" 1226 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1227 sleep 1 1228 run_cmd_nsb nettest -r ${a} 1229 log_test_addr ${a} $? 0 "Device server" 1230 1231 # local address tests 1232 for a in ${NSA_IP} ${VRF_IP} 1233 do 1234 log_start 1235 show_hint "Should fail 'Connection refused' since client is not bound to VRF" 1236 run_cmd nettest -s -d ${VRF} & 1237 sleep 1 1238 run_cmd nettest -r ${a} 1239 log_test_addr ${a} $? 1 "Global server, local connection" 1240 done 1241 1242 # 1243 # client 1244 # 1245 for a in ${NSB_IP} ${NSB_LO_IP} 1246 do 1247 log_start 1248 run_cmd_nsb nettest -s & 1249 sleep 1 1250 run_cmd nettest -r ${a} -d ${VRF} 1251 log_test_addr ${a} $? 0 "Client, VRF bind" 1252 1253 log_start 1254 run_cmd_nsb nettest -s & 1255 sleep 1 1256 run_cmd nettest -r ${a} -d ${NSA_DEV} 1257 log_test_addr ${a} $? 0 "Client, device bind" 1258 1259 log_start 1260 show_hint "Should fail 'Connection refused'" 1261 run_cmd nettest -r ${a} -d ${VRF} 1262 log_test_addr ${a} $? 1 "No server, VRF client" 1263 1264 log_start 1265 show_hint "Should fail 'Connection refused'" 1266 run_cmd nettest -r ${a} -d ${NSA_DEV} 1267 log_test_addr ${a} $? 1 "No server, device client" 1268 done 1269 1270 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 1271 do 1272 log_start 1273 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1274 sleep 1 1275 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 1276 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 1277 done 1278 1279 a=${NSA_IP} 1280 log_start 1281 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1282 sleep 1 1283 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 1284 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 1285 1286 log_start 1287 show_hint "Should fail 'No route to host' since client is out of VRF scope" 1288 run_cmd nettest -s -d ${VRF} & 1289 sleep 1 1290 run_cmd nettest -r ${a} 1291 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 1292 1293 log_start 1294 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1295 sleep 1 1296 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 1297 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 1298 1299 log_start 1300 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1301 sleep 1 1302 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 1303 log_test_addr ${a} $? 0 "Device server, device client, local connection" 1304} 1305 1306ipv4_tcp() 1307{ 1308 log_section "IPv4/TCP" 1309 log_subsection "No VRF" 1310 setup 1311 1312 # tcp_l3mdev_accept should have no affect without VRF; 1313 # run tests with it enabled and disabled to verify 1314 log_subsection "tcp_l3mdev_accept disabled" 1315 set_sysctl net.ipv4.tcp_l3mdev_accept=0 1316 ipv4_tcp_novrf 1317 log_subsection "tcp_l3mdev_accept enabled" 1318 set_sysctl net.ipv4.tcp_l3mdev_accept=1 1319 ipv4_tcp_novrf 1320 1321 log_subsection "With VRF" 1322 setup "yes" 1323 ipv4_tcp_vrf 1324} 1325 1326################################################################################ 1327# IPv4 UDP 1328 1329ipv4_udp_novrf() 1330{ 1331 local a 1332 1333 # 1334 # server tests 1335 # 1336 for a in ${NSA_IP} ${NSA_LO_IP} 1337 do 1338 log_start 1339 run_cmd nettest -D -s -2 ${NSA_DEV} & 1340 sleep 1 1341 run_cmd_nsb nettest -D -r ${a} 1342 log_test_addr ${a} $? 0 "Global server" 1343 1344 log_start 1345 show_hint "Should fail 'Connection refused' since there is no server" 1346 run_cmd_nsb nettest -D -r ${a} 1347 log_test_addr ${a} $? 1 "No server" 1348 done 1349 1350 a=${NSA_IP} 1351 log_start 1352 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1353 sleep 1 1354 run_cmd_nsb nettest -D -r ${a} 1355 log_test_addr ${a} $? 0 "Device server" 1356 1357 # 1358 # client 1359 # 1360 for a in ${NSB_IP} ${NSB_LO_IP} 1361 do 1362 log_start 1363 run_cmd_nsb nettest -D -s & 1364 sleep 1 1365 run_cmd nettest -D -r ${a} -0 ${NSA_IP} 1366 log_test_addr ${a} $? 0 "Client" 1367 1368 log_start 1369 run_cmd_nsb nettest -D -s & 1370 sleep 1 1371 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP} 1372 log_test_addr ${a} $? 0 "Client, device bind" 1373 1374 log_start 1375 run_cmd_nsb nettest -D -s & 1376 sleep 1 1377 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP} 1378 log_test_addr ${a} $? 0 "Client, device send via cmsg" 1379 1380 log_start 1381 run_cmd_nsb nettest -D -s & 1382 sleep 1 1383 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} 1384 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF" 1385 1386 log_start 1387 show_hint "Should fail 'Connection refused'" 1388 run_cmd nettest -D -r ${a} 1389 log_test_addr ${a} $? 1 "No server, unbound client" 1390 1391 log_start 1392 show_hint "Should fail 'Connection refused'" 1393 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1394 log_test_addr ${a} $? 1 "No server, device client" 1395 done 1396 1397 # 1398 # local address tests 1399 # 1400 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 1401 do 1402 log_start 1403 run_cmd nettest -D -s & 1404 sleep 1 1405 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a} 1406 log_test_addr ${a} $? 0 "Global server, local connection" 1407 done 1408 1409 a=${NSA_IP} 1410 log_start 1411 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1412 sleep 1 1413 run_cmd nettest -D -r ${a} 1414 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 1415 1416 for a in ${NSA_LO_IP} 127.0.0.1 1417 do 1418 log_start 1419 show_hint "Should fail 'Connection refused' since address is out of device scope" 1420 run_cmd nettest -s -D -d ${NSA_DEV} & 1421 sleep 1 1422 run_cmd nettest -D -r ${a} 1423 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 1424 done 1425 1426 a=${NSA_IP} 1427 log_start 1428 run_cmd nettest -s -D & 1429 sleep 1 1430 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1431 log_test_addr ${a} $? 0 "Global server, device client, local connection" 1432 1433 log_start 1434 run_cmd nettest -s -D & 1435 sleep 1 1436 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a} 1437 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 1438 1439 log_start 1440 run_cmd nettest -s -D & 1441 sleep 1 1442 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} 1443 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection" 1444 1445 # IPv4 with device bind has really weird behavior - it overrides the 1446 # fib lookup, generates an rtable and tries to send the packet. This 1447 # causes failures for local traffic at different places 1448 for a in ${NSA_LO_IP} 127.0.0.1 1449 do 1450 log_start 1451 show_hint "Should fail since addresses on loopback are out of device scope" 1452 run_cmd nettest -D -s & 1453 sleep 1 1454 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1455 log_test_addr ${a} $? 2 "Global server, device client, local connection" 1456 1457 log_start 1458 show_hint "Should fail since addresses on loopback are out of device scope" 1459 run_cmd nettest -D -s & 1460 sleep 1 1461 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C 1462 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 1463 1464 log_start 1465 show_hint "Should fail since addresses on loopback are out of device scope" 1466 run_cmd nettest -D -s & 1467 sleep 1 1468 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S 1469 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 1470 done 1471 1472 a=${NSA_IP} 1473 log_start 1474 run_cmd nettest -D -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1475 sleep 1 1476 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a} 1477 log_test_addr ${a} $? 0 "Device server, device client, local conn" 1478 1479 log_start 1480 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1481 log_test_addr ${a} $? 2 "No server, device client, local conn" 1482} 1483 1484ipv4_udp_vrf() 1485{ 1486 local a 1487 1488 # disable global server 1489 log_subsection "Global server disabled" 1490 set_sysctl net.ipv4.udp_l3mdev_accept=0 1491 1492 # 1493 # server tests 1494 # 1495 for a in ${NSA_IP} ${VRF_IP} 1496 do 1497 log_start 1498 show_hint "Fails because ingress is in a VRF and global server is disabled" 1499 run_cmd nettest -D -s & 1500 sleep 1 1501 run_cmd_nsb nettest -D -r ${a} 1502 log_test_addr ${a} $? 1 "Global server" 1503 1504 log_start 1505 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} & 1506 sleep 1 1507 run_cmd_nsb nettest -D -r ${a} 1508 log_test_addr ${a} $? 0 "VRF server" 1509 1510 log_start 1511 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1512 sleep 1 1513 run_cmd_nsb nettest -D -r ${a} 1514 log_test_addr ${a} $? 0 "Enslaved device server" 1515 1516 log_start 1517 show_hint "Should fail 'Connection refused' since there is no server" 1518 run_cmd_nsb nettest -D -r ${a} 1519 log_test_addr ${a} $? 1 "No server" 1520 1521 log_start 1522 show_hint "Should fail 'Connection refused' since global server is out of scope" 1523 run_cmd nettest -D -s & 1524 sleep 1 1525 run_cmd nettest -D -d ${VRF} -r ${a} 1526 log_test_addr ${a} $? 1 "Global server, VRF client, local connection" 1527 done 1528 1529 a=${NSA_IP} 1530 log_start 1531 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1532 sleep 1 1533 run_cmd nettest -D -d ${VRF} -r ${a} 1534 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1535 1536 log_start 1537 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1538 sleep 1 1539 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1540 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection" 1541 1542 a=${NSA_IP} 1543 log_start 1544 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1545 sleep 1 1546 run_cmd nettest -D -d ${VRF} -r ${a} 1547 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1548 1549 log_start 1550 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1551 sleep 1 1552 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1553 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1554 1555 # enable global server 1556 log_subsection "Global server enabled" 1557 set_sysctl net.ipv4.udp_l3mdev_accept=1 1558 1559 # 1560 # server tests 1561 # 1562 for a in ${NSA_IP} ${VRF_IP} 1563 do 1564 log_start 1565 run_cmd nettest -D -s -2 ${NSA_DEV} & 1566 sleep 1 1567 run_cmd_nsb nettest -D -r ${a} 1568 log_test_addr ${a} $? 0 "Global server" 1569 1570 log_start 1571 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} & 1572 sleep 1 1573 run_cmd_nsb nettest -D -r ${a} 1574 log_test_addr ${a} $? 0 "VRF server" 1575 1576 log_start 1577 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1578 sleep 1 1579 run_cmd_nsb nettest -D -r ${a} 1580 log_test_addr ${a} $? 0 "Enslaved device server" 1581 1582 log_start 1583 show_hint "Should fail 'Connection refused'" 1584 run_cmd_nsb nettest -D -r ${a} 1585 log_test_addr ${a} $? 1 "No server" 1586 done 1587 1588 # 1589 # client tests 1590 # 1591 log_start 1592 run_cmd_nsb nettest -D -s & 1593 sleep 1 1594 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP} 1595 log_test $? 0 "VRF client" 1596 1597 log_start 1598 run_cmd_nsb nettest -D -s & 1599 sleep 1 1600 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP} 1601 log_test $? 0 "Enslaved device client" 1602 1603 # negative test - should fail 1604 log_start 1605 show_hint "Should fail 'Connection refused'" 1606 run_cmd nettest -D -d ${VRF} -r ${NSB_IP} 1607 log_test $? 1 "No server, VRF client" 1608 1609 log_start 1610 show_hint "Should fail 'Connection refused'" 1611 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP} 1612 log_test $? 1 "No server, enslaved device client" 1613 1614 # 1615 # local address tests 1616 # 1617 a=${NSA_IP} 1618 log_start 1619 run_cmd nettest -D -s -2 ${NSA_DEV} & 1620 sleep 1 1621 run_cmd nettest -D -d ${VRF} -r ${a} 1622 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1623 1624 log_start 1625 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1626 sleep 1 1627 run_cmd nettest -D -d ${VRF} -r ${a} 1628 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1629 1630 log_start 1631 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1632 sleep 1 1633 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1634 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 1635 1636 log_start 1637 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1638 sleep 1 1639 run_cmd nettest -D -d ${VRF} -r ${a} 1640 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1641 1642 log_start 1643 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1644 sleep 1 1645 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1646 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1647 1648 for a in ${VRF_IP} 127.0.0.1 1649 do 1650 log_start 1651 run_cmd nettest -D -s -2 ${VRF} & 1652 sleep 1 1653 run_cmd nettest -D -d ${VRF} -r ${a} 1654 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1655 done 1656 1657 for a in ${VRF_IP} 127.0.0.1 1658 do 1659 log_start 1660 run_cmd nettest -s -D -d ${VRF} -2 ${VRF} & 1661 sleep 1 1662 run_cmd nettest -D -d ${VRF} -r ${a} 1663 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1664 done 1665 1666 # negative test - should fail 1667 # verifies ECONNREFUSED 1668 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 1669 do 1670 log_start 1671 show_hint "Should fail 'Connection refused'" 1672 run_cmd nettest -D -d ${VRF} -r ${a} 1673 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 1674 done 1675} 1676 1677ipv4_udp() 1678{ 1679 log_section "IPv4/UDP" 1680 log_subsection "No VRF" 1681 1682 setup 1683 1684 # udp_l3mdev_accept should have no affect without VRF; 1685 # run tests with it enabled and disabled to verify 1686 log_subsection "udp_l3mdev_accept disabled" 1687 set_sysctl net.ipv4.udp_l3mdev_accept=0 1688 ipv4_udp_novrf 1689 log_subsection "udp_l3mdev_accept enabled" 1690 set_sysctl net.ipv4.udp_l3mdev_accept=1 1691 ipv4_udp_novrf 1692 1693 log_subsection "With VRF" 1694 setup "yes" 1695 ipv4_udp_vrf 1696} 1697 1698################################################################################ 1699# IPv4 address bind 1700# 1701# verifies ability or inability to bind to an address / device 1702 1703ipv4_addr_bind_novrf() 1704{ 1705 # 1706 # raw socket 1707 # 1708 for a in ${NSA_IP} ${NSA_LO_IP} 1709 do 1710 log_start 1711 run_cmd nettest -s -R -P icmp -l ${a} -b 1712 log_test_addr ${a} $? 0 "Raw socket bind to local address" 1713 1714 log_start 1715 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b 1716 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1717 done 1718 1719 # 1720 # tcp sockets 1721 # 1722 a=${NSA_IP} 1723 log_start 1724 run_cmd nettest -l ${a} -r ${NSB_IP} -t1 -b 1725 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1726 1727 log_start 1728 run_cmd nettest -l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b 1729 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1730 1731 # Sadly, the kernel allows binding a socket to a device and then 1732 # binding to an address not on the device. The only restriction 1733 # is that the address is valid in the L3 domain. So this test 1734 # passes when it really should not 1735 #a=${NSA_LO_IP} 1736 #log_start 1737 #show_hint "Should fail with 'Cannot assign requested address'" 1738 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1739 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address" 1740} 1741 1742ipv4_addr_bind_vrf() 1743{ 1744 # 1745 # raw socket 1746 # 1747 for a in ${NSA_IP} ${VRF_IP} 1748 do 1749 log_start 1750 show_hint "Socket not bound to VRF, but address is in VRF" 1751 run_cmd nettest -s -R -P icmp -l ${a} -b 1752 log_test_addr ${a} $? 1 "Raw socket bind to local address" 1753 1754 log_start 1755 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b 1756 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1757 log_start 1758 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b 1759 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind" 1760 done 1761 1762 a=${NSA_LO_IP} 1763 log_start 1764 show_hint "Address on loopback is out of VRF scope" 1765 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b 1766 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind" 1767 1768 # 1769 # tcp sockets 1770 # 1771 for a in ${NSA_IP} ${VRF_IP} 1772 do 1773 log_start 1774 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b 1775 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1776 1777 log_start 1778 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1779 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1780 done 1781 1782 a=${NSA_LO_IP} 1783 log_start 1784 show_hint "Address on loopback out of scope for VRF" 1785 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b 1786 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 1787 1788 log_start 1789 show_hint "Address on loopback out of scope for device in VRF" 1790 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1791 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 1792} 1793 1794ipv4_addr_bind() 1795{ 1796 log_section "IPv4 address binds" 1797 1798 log_subsection "No VRF" 1799 setup 1800 ipv4_addr_bind_novrf 1801 1802 log_subsection "With VRF" 1803 setup "yes" 1804 ipv4_addr_bind_vrf 1805} 1806 1807################################################################################ 1808# IPv4 runtime tests 1809 1810ipv4_rt() 1811{ 1812 local desc="$1" 1813 local varg="$2" 1814 local with_vrf="yes" 1815 local a 1816 1817 # 1818 # server tests 1819 # 1820 for a in ${NSA_IP} ${VRF_IP} 1821 do 1822 log_start 1823 run_cmd nettest ${varg} -s & 1824 sleep 1 1825 run_cmd_nsb nettest ${varg} -r ${a} & 1826 sleep 3 1827 run_cmd ip link del ${VRF} 1828 sleep 1 1829 log_test_addr ${a} 0 0 "${desc}, global server" 1830 1831 setup ${with_vrf} 1832 done 1833 1834 for a in ${NSA_IP} ${VRF_IP} 1835 do 1836 log_start 1837 run_cmd nettest ${varg} -s -d ${VRF} & 1838 sleep 1 1839 run_cmd_nsb nettest ${varg} -r ${a} & 1840 sleep 3 1841 run_cmd ip link del ${VRF} 1842 sleep 1 1843 log_test_addr ${a} 0 0 "${desc}, VRF server" 1844 1845 setup ${with_vrf} 1846 done 1847 1848 a=${NSA_IP} 1849 log_start 1850 run_cmd nettest ${varg} -s -d ${NSA_DEV} & 1851 sleep 1 1852 run_cmd_nsb nettest ${varg} -r ${a} & 1853 sleep 3 1854 run_cmd ip link del ${VRF} 1855 sleep 1 1856 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 1857 1858 setup ${with_vrf} 1859 1860 # 1861 # client test 1862 # 1863 log_start 1864 run_cmd_nsb nettest ${varg} -s & 1865 sleep 1 1866 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} & 1867 sleep 3 1868 run_cmd ip link del ${VRF} 1869 sleep 1 1870 log_test_addr ${a} 0 0 "${desc}, VRF client" 1871 1872 setup ${with_vrf} 1873 1874 log_start 1875 run_cmd_nsb nettest ${varg} -s & 1876 sleep 1 1877 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} & 1878 sleep 3 1879 run_cmd ip link del ${VRF} 1880 sleep 1 1881 log_test_addr ${a} 0 0 "${desc}, enslaved device client" 1882 1883 setup ${with_vrf} 1884 1885 # 1886 # local address tests 1887 # 1888 for a in ${NSA_IP} ${VRF_IP} 1889 do 1890 log_start 1891 run_cmd nettest ${varg} -s & 1892 sleep 1 1893 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1894 sleep 3 1895 run_cmd ip link del ${VRF} 1896 sleep 1 1897 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local" 1898 1899 setup ${with_vrf} 1900 done 1901 1902 for a in ${NSA_IP} ${VRF_IP} 1903 do 1904 log_start 1905 run_cmd nettest ${varg} -d ${VRF} -s & 1906 sleep 1 1907 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1908 sleep 3 1909 run_cmd ip link del ${VRF} 1910 sleep 1 1911 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local" 1912 1913 setup ${with_vrf} 1914 done 1915 1916 a=${NSA_IP} 1917 log_start 1918 run_cmd nettest ${varg} -s & 1919 sleep 1 1920 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1921 sleep 3 1922 run_cmd ip link del ${VRF} 1923 sleep 1 1924 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local" 1925 1926 setup ${with_vrf} 1927 1928 log_start 1929 run_cmd nettest ${varg} -d ${VRF} -s & 1930 sleep 1 1931 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1932 sleep 3 1933 run_cmd ip link del ${VRF} 1934 sleep 1 1935 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local" 1936 1937 setup ${with_vrf} 1938 1939 log_start 1940 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 1941 sleep 1 1942 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1943 sleep 3 1944 run_cmd ip link del ${VRF} 1945 sleep 1 1946 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local" 1947} 1948 1949ipv4_ping_rt() 1950{ 1951 local with_vrf="yes" 1952 local a 1953 1954 for a in ${NSA_IP} ${VRF_IP} 1955 do 1956 log_start 1957 run_cmd_nsb ping -f ${a} & 1958 sleep 3 1959 run_cmd ip link del ${VRF} 1960 sleep 1 1961 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 1962 1963 setup ${with_vrf} 1964 done 1965 1966 a=${NSB_IP} 1967 log_start 1968 run_cmd ping -f -I ${VRF} ${a} & 1969 sleep 3 1970 run_cmd ip link del ${VRF} 1971 sleep 1 1972 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 1973} 1974 1975ipv4_runtime() 1976{ 1977 log_section "Run time tests - ipv4" 1978 1979 setup "yes" 1980 ipv4_ping_rt 1981 1982 setup "yes" 1983 ipv4_rt "TCP active socket" "-n -1" 1984 1985 setup "yes" 1986 ipv4_rt "TCP passive socket" "-i" 1987} 1988 1989################################################################################ 1990# IPv6 1991 1992ipv6_ping_novrf() 1993{ 1994 local a 1995 1996 # should not have an impact, but make a known state 1997 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 1998 1999 # 2000 # out 2001 # 2002 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2003 do 2004 log_start 2005 run_cmd ${ping6} -c1 -w1 ${a} 2006 log_test_addr ${a} $? 0 "ping out" 2007 done 2008 2009 for a in ${NSB_IP6} ${NSB_LO_IP6} 2010 do 2011 log_start 2012 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2013 log_test_addr ${a} $? 0 "ping out, device bind" 2014 2015 log_start 2016 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a} 2017 log_test_addr ${a} $? 0 "ping out, loopback address bind" 2018 done 2019 2020 # 2021 # in 2022 # 2023 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 2024 do 2025 log_start 2026 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2027 log_test_addr ${a} $? 0 "ping in" 2028 done 2029 2030 # 2031 # local traffic, local address 2032 # 2033 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2034 do 2035 log_start 2036 run_cmd ${ping6} -c1 -w1 ${a} 2037 log_test_addr ${a} $? 0 "ping local, no bind" 2038 done 2039 2040 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2041 do 2042 log_start 2043 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2044 log_test_addr ${a} $? 0 "ping local, device bind" 2045 done 2046 2047 for a in ${NSA_LO_IP6} ::1 2048 do 2049 log_start 2050 show_hint "Fails since address on loopback is out of device scope" 2051 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2052 log_test_addr ${a} $? 2 "ping local, device bind" 2053 done 2054 2055 # 2056 # ip rule blocks address 2057 # 2058 log_start 2059 setup_cmd ip -6 rule add pref 32765 from all lookup local 2060 setup_cmd ip -6 rule del pref 0 from all lookup local 2061 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 2062 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 2063 2064 a=${NSB_LO_IP6} 2065 run_cmd ${ping6} -c1 -w1 ${a} 2066 log_test_addr ${a} $? 2 "ping out, blocked by rule" 2067 2068 log_start 2069 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2070 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 2071 2072 a=${NSA_LO_IP6} 2073 log_start 2074 show_hint "Response lost due to ip rule" 2075 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2076 log_test_addr ${a} $? 1 "ping in, blocked by rule" 2077 2078 setup_cmd ip -6 rule add pref 0 from all lookup local 2079 setup_cmd ip -6 rule del pref 32765 from all lookup local 2080 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 2081 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 2082 2083 # 2084 # route blocks reachability to remote address 2085 # 2086 log_start 2087 setup_cmd ip -6 route del ${NSB_LO_IP6} 2088 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10 2089 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10 2090 2091 a=${NSB_LO_IP6} 2092 run_cmd ${ping6} -c1 -w1 ${a} 2093 log_test_addr ${a} $? 2 "ping out, blocked by route" 2094 2095 log_start 2096 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2097 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route" 2098 2099 a=${NSA_LO_IP6} 2100 log_start 2101 show_hint "Response lost due to ip route" 2102 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2103 log_test_addr ${a} $? 1 "ping in, blocked by route" 2104 2105 2106 # 2107 # remove 'remote' routes; fallback to default 2108 # 2109 log_start 2110 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6} 2111 setup_cmd ip -6 ro del unreachable ${NSB_IP6} 2112 2113 a=${NSB_LO_IP6} 2114 run_cmd ${ping6} -c1 -w1 ${a} 2115 log_test_addr ${a} $? 2 "ping out, unreachable route" 2116 2117 log_start 2118 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2119 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 2120} 2121 2122ipv6_ping_vrf() 2123{ 2124 local a 2125 2126 # should default on; does not exist on older kernels 2127 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 2128 2129 # 2130 # out 2131 # 2132 for a in ${NSB_IP6} ${NSB_LO_IP6} 2133 do 2134 log_start 2135 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 2136 log_test_addr ${a} $? 0 "ping out, VRF bind" 2137 done 2138 2139 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF} 2140 do 2141 log_start 2142 show_hint "Fails since VRF device does not support linklocal or multicast" 2143 run_cmd ${ping6} -c1 -w1 ${a} 2144 log_test_addr ${a} $? 1 "ping out, VRF bind" 2145 done 2146 2147 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2148 do 2149 log_start 2150 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2151 log_test_addr ${a} $? 0 "ping out, device bind" 2152 done 2153 2154 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2155 do 2156 log_start 2157 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a} 2158 log_test_addr ${a} $? 0 "ping out, vrf device+address bind" 2159 done 2160 2161 # 2162 # in 2163 # 2164 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 2165 do 2166 log_start 2167 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2168 log_test_addr ${a} $? 0 "ping in" 2169 done 2170 2171 a=${NSA_LO_IP6} 2172 log_start 2173 show_hint "Fails since loopback address is out of VRF scope" 2174 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2175 log_test_addr ${a} $? 1 "ping in" 2176 2177 # 2178 # local traffic, local address 2179 # 2180 for a in ${NSA_IP6} ${VRF_IP6} ::1 2181 do 2182 log_start 2183 show_hint "Source address should be ${a}" 2184 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 2185 log_test_addr ${a} $? 0 "ping local, VRF bind" 2186 done 2187 2188 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 2189 do 2190 log_start 2191 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2192 log_test_addr ${a} $? 0 "ping local, device bind" 2193 done 2194 2195 # LLA to GUA - remove ipv6 global addresses from ns-B 2196 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 2197 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo 2198 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 2199 2200 for a in ${NSA_IP6} ${VRF_IP6} 2201 do 2202 log_start 2203 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 2204 log_test_addr ${a} $? 0 "ping in, LLA to GUA" 2205 done 2206 2207 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 2208 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} 2209 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo 2210 2211 # 2212 # ip rule blocks address 2213 # 2214 log_start 2215 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 2216 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 2217 2218 a=${NSB_LO_IP6} 2219 run_cmd ${ping6} -c1 -w1 ${a} 2220 log_test_addr ${a} $? 2 "ping out, blocked by rule" 2221 2222 log_start 2223 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2224 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 2225 2226 a=${NSA_LO_IP6} 2227 log_start 2228 show_hint "Response lost due to ip rule" 2229 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2230 log_test_addr ${a} $? 1 "ping in, blocked by rule" 2231 2232 log_start 2233 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 2234 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 2235 2236 # 2237 # remove 'remote' routes; fallback to default 2238 # 2239 log_start 2240 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF} 2241 2242 a=${NSB_LO_IP6} 2243 run_cmd ${ping6} -c1 -w1 ${a} 2244 log_test_addr ${a} $? 2 "ping out, unreachable route" 2245 2246 log_start 2247 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 2248 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 2249 2250 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6} 2251 a=${NSA_LO_IP6} 2252 log_start 2253 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2254 log_test_addr ${a} $? 2 "ping in, unreachable route" 2255} 2256 2257ipv6_ping() 2258{ 2259 log_section "IPv6 ping" 2260 2261 log_subsection "No VRF" 2262 setup 2263 ipv6_ping_novrf 2264 2265 log_subsection "With VRF" 2266 setup "yes" 2267 ipv6_ping_vrf 2268} 2269 2270################################################################################ 2271# IPv6 TCP 2272 2273# 2274# MD5 tests without VRF 2275# 2276ipv6_tcp_md5_novrf() 2277{ 2278 # 2279 # single address 2280 # 2281 2282 # basic use case 2283 log_start 2284 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} & 2285 sleep 1 2286 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2287 log_test $? 0 "MD5: Single address config" 2288 2289 # client sends MD5, server not configured 2290 log_start 2291 show_hint "Should timeout due to MD5 mismatch" 2292 run_cmd nettest -6 -s & 2293 sleep 1 2294 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2295 log_test $? 2 "MD5: Server no config, client uses password" 2296 2297 # wrong password 2298 log_start 2299 show_hint "Should timeout since client uses wrong password" 2300 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} & 2301 sleep 1 2302 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2303 log_test $? 2 "MD5: Client uses wrong password" 2304 2305 # client from different address 2306 log_start 2307 show_hint "Should timeout due to MD5 mismatch" 2308 run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_LO_IP6} & 2309 sleep 1 2310 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2311 log_test $? 2 "MD5: Client address does not match address configured with password" 2312 2313 # 2314 # MD5 extension - prefix length 2315 # 2316 2317 # client in prefix 2318 log_start 2319 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & 2320 sleep 1 2321 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2322 log_test $? 0 "MD5: Prefix config" 2323 2324 # client in prefix, wrong password 2325 log_start 2326 show_hint "Should timeout since client uses wrong password" 2327 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & 2328 sleep 1 2329 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2330 log_test $? 2 "MD5: Prefix config, client uses wrong password" 2331 2332 # client outside of prefix 2333 log_start 2334 show_hint "Should timeout due to MD5 mismatch" 2335 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & 2336 sleep 1 2337 run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW} 2338 log_test $? 2 "MD5: Prefix config, client address not in configured prefix" 2339} 2340 2341# 2342# MD5 tests with VRF 2343# 2344ipv6_tcp_md5() 2345{ 2346 # 2347 # single address 2348 # 2349 2350 # basic use case 2351 log_start 2352 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2353 sleep 1 2354 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2355 log_test $? 0 "MD5: VRF: Single address config" 2356 2357 # client sends MD5, server not configured 2358 log_start 2359 show_hint "Should timeout since server does not have MD5 auth" 2360 run_cmd nettest -6 -s -d ${VRF} & 2361 sleep 1 2362 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2363 log_test $? 2 "MD5: VRF: Server no config, client uses password" 2364 2365 # wrong password 2366 log_start 2367 show_hint "Should timeout since client uses wrong password" 2368 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2369 sleep 1 2370 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2371 log_test $? 2 "MD5: VRF: Client uses wrong password" 2372 2373 # client from different address 2374 log_start 2375 show_hint "Should timeout since server config differs from client" 2376 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP6} & 2377 sleep 1 2378 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2379 log_test $? 2 "MD5: VRF: Client address does not match address configured with password" 2380 2381 # 2382 # MD5 extension - prefix length 2383 # 2384 2385 # client in prefix 2386 log_start 2387 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2388 sleep 1 2389 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2390 log_test $? 0 "MD5: VRF: Prefix config" 2391 2392 # client in prefix, wrong password 2393 log_start 2394 show_hint "Should timeout since client uses wrong password" 2395 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2396 sleep 1 2397 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2398 log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password" 2399 2400 # client outside of prefix 2401 log_start 2402 show_hint "Should timeout since client address is outside of prefix" 2403 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2404 sleep 1 2405 run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW} 2406 log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix" 2407 2408 # 2409 # duplicate config between default VRF and a VRF 2410 # 2411 2412 log_start 2413 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2414 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & 2415 sleep 1 2416 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2417 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" 2418 2419 log_start 2420 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2421 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & 2422 sleep 1 2423 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2424 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" 2425 2426 log_start 2427 show_hint "Should timeout since client in default VRF uses VRF password" 2428 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2429 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & 2430 sleep 1 2431 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2432 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" 2433 2434 log_start 2435 show_hint "Should timeout since client in VRF uses default VRF password" 2436 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & 2437 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & 2438 sleep 1 2439 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2440 log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" 2441 2442 log_start 2443 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2444 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2445 sleep 1 2446 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2447 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF" 2448 2449 log_start 2450 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2451 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2452 sleep 1 2453 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2454 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF" 2455 2456 log_start 2457 show_hint "Should timeout since client in default VRF uses VRF password" 2458 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2459 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2460 sleep 1 2461 run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW} 2462 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw" 2463 2464 log_start 2465 show_hint "Should timeout since client in VRF uses default VRF password" 2466 run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} & 2467 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & 2468 sleep 1 2469 run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} 2470 log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw" 2471 2472 # 2473 # negative tests 2474 # 2475 log_start 2476 run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP6} 2477 log_test $? 1 "MD5: VRF: Device must be a VRF - single address" 2478 2479 log_start 2480 run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6} 2481 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix" 2482 2483} 2484 2485ipv6_tcp_novrf() 2486{ 2487 local a 2488 2489 # 2490 # server tests 2491 # 2492 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2493 do 2494 log_start 2495 run_cmd nettest -6 -s & 2496 sleep 1 2497 run_cmd_nsb nettest -6 -r ${a} 2498 log_test_addr ${a} $? 0 "Global server" 2499 done 2500 2501 # verify TCP reset received 2502 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2503 do 2504 log_start 2505 show_hint "Should fail 'Connection refused'" 2506 run_cmd_nsb nettest -6 -r ${a} 2507 log_test_addr ${a} $? 1 "No server" 2508 done 2509 2510 # 2511 # client 2512 # 2513 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2514 do 2515 log_start 2516 run_cmd_nsb nettest -6 -s & 2517 sleep 1 2518 run_cmd nettest -6 -r ${a} 2519 log_test_addr ${a} $? 0 "Client" 2520 done 2521 2522 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2523 do 2524 log_start 2525 run_cmd_nsb nettest -6 -s & 2526 sleep 1 2527 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2528 log_test_addr ${a} $? 0 "Client, device bind" 2529 done 2530 2531 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2532 do 2533 log_start 2534 show_hint "Should fail 'Connection refused'" 2535 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2536 log_test_addr ${a} $? 1 "No server, device client" 2537 done 2538 2539 # 2540 # local address tests 2541 # 2542 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2543 do 2544 log_start 2545 run_cmd nettest -6 -s & 2546 sleep 1 2547 run_cmd nettest -6 -r ${a} 2548 log_test_addr ${a} $? 0 "Global server, local connection" 2549 done 2550 2551 a=${NSA_IP6} 2552 log_start 2553 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2554 sleep 1 2555 run_cmd nettest -6 -r ${a} -0 ${a} 2556 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2557 2558 for a in ${NSA_LO_IP6} ::1 2559 do 2560 log_start 2561 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2562 run_cmd nettest -6 -s -d ${NSA_DEV} & 2563 sleep 1 2564 run_cmd nettest -6 -r ${a} 2565 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 2566 done 2567 2568 a=${NSA_IP6} 2569 log_start 2570 run_cmd nettest -6 -s & 2571 sleep 1 2572 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2573 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2574 2575 for a in ${NSA_LO_IP6} ::1 2576 do 2577 log_start 2578 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2579 run_cmd nettest -6 -s & 2580 sleep 1 2581 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2582 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2583 done 2584 2585 for a in ${NSA_IP6} ${NSA_LINKIP6} 2586 do 2587 log_start 2588 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2589 sleep 1 2590 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2591 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2592 done 2593 2594 for a in ${NSA_IP6} ${NSA_LINKIP6} 2595 do 2596 log_start 2597 show_hint "Should fail 'Connection refused'" 2598 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2599 log_test_addr ${a} $? 1 "No server, device client, local conn" 2600 done 2601 2602 ipv6_tcp_md5_novrf 2603} 2604 2605ipv6_tcp_vrf() 2606{ 2607 local a 2608 2609 # disable global server 2610 log_subsection "Global server disabled" 2611 2612 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2613 2614 # 2615 # server tests 2616 # 2617 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2618 do 2619 log_start 2620 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2621 run_cmd nettest -6 -s & 2622 sleep 1 2623 run_cmd_nsb nettest -6 -r ${a} 2624 log_test_addr ${a} $? 1 "Global server" 2625 done 2626 2627 for a in ${NSA_IP6} ${VRF_IP6} 2628 do 2629 log_start 2630 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2631 sleep 1 2632 run_cmd_nsb nettest -6 -r ${a} 2633 log_test_addr ${a} $? 0 "VRF server" 2634 done 2635 2636 # link local is always bound to ingress device 2637 a=${NSA_LINKIP6}%${NSB_DEV} 2638 log_start 2639 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} & 2640 sleep 1 2641 run_cmd_nsb nettest -6 -r ${a} 2642 log_test_addr ${a} $? 0 "VRF server" 2643 2644 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2645 do 2646 log_start 2647 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2648 sleep 1 2649 run_cmd_nsb nettest -6 -r ${a} 2650 log_test_addr ${a} $? 0 "Device server" 2651 done 2652 2653 # verify TCP reset received 2654 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2655 do 2656 log_start 2657 show_hint "Should fail 'Connection refused'" 2658 run_cmd_nsb nettest -6 -r ${a} 2659 log_test_addr ${a} $? 1 "No server" 2660 done 2661 2662 # local address tests 2663 a=${NSA_IP6} 2664 log_start 2665 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2666 run_cmd nettest -6 -s & 2667 sleep 1 2668 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2669 log_test_addr ${a} $? 1 "Global server, local connection" 2670 2671 # run MD5 tests 2672 setup_vrf_dup 2673 ipv6_tcp_md5 2674 cleanup_vrf_dup 2675 2676 # 2677 # enable VRF global server 2678 # 2679 log_subsection "VRF Global server enabled" 2680 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2681 2682 for a in ${NSA_IP6} ${VRF_IP6} 2683 do 2684 log_start 2685 run_cmd nettest -6 -s -2 ${VRF} & 2686 sleep 1 2687 run_cmd_nsb nettest -6 -r ${a} 2688 log_test_addr ${a} $? 0 "Global server" 2689 done 2690 2691 for a in ${NSA_IP6} ${VRF_IP6} 2692 do 2693 log_start 2694 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2695 sleep 1 2696 run_cmd_nsb nettest -6 -r ${a} 2697 log_test_addr ${a} $? 0 "VRF server" 2698 done 2699 2700 # For LLA, child socket is bound to device 2701 a=${NSA_LINKIP6}%${NSB_DEV} 2702 log_start 2703 run_cmd nettest -6 -s -2 ${NSA_DEV} & 2704 sleep 1 2705 run_cmd_nsb nettest -6 -r ${a} 2706 log_test_addr ${a} $? 0 "Global server" 2707 2708 log_start 2709 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} & 2710 sleep 1 2711 run_cmd_nsb nettest -6 -r ${a} 2712 log_test_addr ${a} $? 0 "VRF server" 2713 2714 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2715 do 2716 log_start 2717 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2718 sleep 1 2719 run_cmd_nsb nettest -6 -r ${a} 2720 log_test_addr ${a} $? 0 "Device server" 2721 done 2722 2723 # verify TCP reset received 2724 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2725 do 2726 log_start 2727 show_hint "Should fail 'Connection refused'" 2728 run_cmd_nsb nettest -6 -r ${a} 2729 log_test_addr ${a} $? 1 "No server" 2730 done 2731 2732 # local address tests 2733 for a in ${NSA_IP6} ${VRF_IP6} 2734 do 2735 log_start 2736 show_hint "Fails 'Connection refused' since client is not in VRF" 2737 run_cmd nettest -6 -s -d ${VRF} & 2738 sleep 1 2739 run_cmd nettest -6 -r ${a} 2740 log_test_addr ${a} $? 1 "Global server, local connection" 2741 done 2742 2743 2744 # 2745 # client 2746 # 2747 for a in ${NSB_IP6} ${NSB_LO_IP6} 2748 do 2749 log_start 2750 run_cmd_nsb nettest -6 -s & 2751 sleep 1 2752 run_cmd nettest -6 -r ${a} -d ${VRF} 2753 log_test_addr ${a} $? 0 "Client, VRF bind" 2754 done 2755 2756 a=${NSB_LINKIP6} 2757 log_start 2758 show_hint "Fails since VRF device does not allow linklocal addresses" 2759 run_cmd_nsb nettest -6 -s & 2760 sleep 1 2761 run_cmd nettest -6 -r ${a} -d ${VRF} 2762 log_test_addr ${a} $? 1 "Client, VRF bind" 2763 2764 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2765 do 2766 log_start 2767 run_cmd_nsb nettest -6 -s & 2768 sleep 1 2769 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2770 log_test_addr ${a} $? 0 "Client, device bind" 2771 done 2772 2773 for a in ${NSB_IP6} ${NSB_LO_IP6} 2774 do 2775 log_start 2776 show_hint "Should fail 'Connection refused'" 2777 run_cmd nettest -6 -r ${a} -d ${VRF} 2778 log_test_addr ${a} $? 1 "No server, VRF client" 2779 done 2780 2781 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2782 do 2783 log_start 2784 show_hint "Should fail 'Connection refused'" 2785 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2786 log_test_addr ${a} $? 1 "No server, device client" 2787 done 2788 2789 for a in ${NSA_IP6} ${VRF_IP6} ::1 2790 do 2791 log_start 2792 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2793 sleep 1 2794 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2795 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 2796 done 2797 2798 a=${NSA_IP6} 2799 log_start 2800 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2801 sleep 1 2802 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2803 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 2804 2805 a=${NSA_IP6} 2806 log_start 2807 show_hint "Should fail since unbound client is out of VRF scope" 2808 run_cmd nettest -6 -s -d ${VRF} & 2809 sleep 1 2810 run_cmd nettest -6 -r ${a} 2811 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 2812 2813 log_start 2814 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2815 sleep 1 2816 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2817 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 2818 2819 for a in ${NSA_IP6} ${NSA_LINKIP6} 2820 do 2821 log_start 2822 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2823 sleep 1 2824 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2825 log_test_addr ${a} $? 0 "Device server, device client, local connection" 2826 done 2827} 2828 2829ipv6_tcp() 2830{ 2831 log_section "IPv6/TCP" 2832 log_subsection "No VRF" 2833 setup 2834 2835 # tcp_l3mdev_accept should have no affect without VRF; 2836 # run tests with it enabled and disabled to verify 2837 log_subsection "tcp_l3mdev_accept disabled" 2838 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2839 ipv6_tcp_novrf 2840 log_subsection "tcp_l3mdev_accept enabled" 2841 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2842 ipv6_tcp_novrf 2843 2844 log_subsection "With VRF" 2845 setup "yes" 2846 ipv6_tcp_vrf 2847} 2848 2849################################################################################ 2850# IPv6 UDP 2851 2852ipv6_udp_novrf() 2853{ 2854 local a 2855 2856 # 2857 # server tests 2858 # 2859 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2860 do 2861 log_start 2862 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2863 sleep 1 2864 run_cmd_nsb nettest -6 -D -r ${a} 2865 log_test_addr ${a} $? 0 "Global server" 2866 2867 log_start 2868 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2869 sleep 1 2870 run_cmd_nsb nettest -6 -D -r ${a} 2871 log_test_addr ${a} $? 0 "Device server" 2872 done 2873 2874 a=${NSA_LO_IP6} 2875 log_start 2876 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2877 sleep 1 2878 run_cmd_nsb nettest -6 -D -r ${a} 2879 log_test_addr ${a} $? 0 "Global server" 2880 2881 # should fail since loopback address is out of scope for a device 2882 # bound server, but it does not - hence this is more documenting 2883 # behavior. 2884 #log_start 2885 #show_hint "Should fail since loopback address is out of scope" 2886 #run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2887 #sleep 1 2888 #run_cmd_nsb nettest -6 -D -r ${a} 2889 #log_test_addr ${a} $? 1 "Device server" 2890 2891 # negative test - should fail 2892 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2893 do 2894 log_start 2895 show_hint "Should fail 'Connection refused' since there is no server" 2896 run_cmd_nsb nettest -6 -D -r ${a} 2897 log_test_addr ${a} $? 1 "No server" 2898 done 2899 2900 # 2901 # client 2902 # 2903 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2904 do 2905 log_start 2906 run_cmd_nsb nettest -6 -D -s & 2907 sleep 1 2908 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6} 2909 log_test_addr ${a} $? 0 "Client" 2910 2911 log_start 2912 run_cmd_nsb nettest -6 -D -s & 2913 sleep 1 2914 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6} 2915 log_test_addr ${a} $? 0 "Client, device bind" 2916 2917 log_start 2918 run_cmd_nsb nettest -6 -D -s & 2919 sleep 1 2920 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6} 2921 log_test_addr ${a} $? 0 "Client, device send via cmsg" 2922 2923 log_start 2924 run_cmd_nsb nettest -6 -D -s & 2925 sleep 1 2926 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6} 2927 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF" 2928 2929 log_start 2930 show_hint "Should fail 'Connection refused'" 2931 run_cmd nettest -6 -D -r ${a} 2932 log_test_addr ${a} $? 1 "No server, unbound client" 2933 2934 log_start 2935 show_hint "Should fail 'Connection refused'" 2936 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2937 log_test_addr ${a} $? 1 "No server, device client" 2938 done 2939 2940 # 2941 # local address tests 2942 # 2943 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2944 do 2945 log_start 2946 run_cmd nettest -6 -D -s & 2947 sleep 1 2948 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a} 2949 log_test_addr ${a} $? 0 "Global server, local connection" 2950 done 2951 2952 a=${NSA_IP6} 2953 log_start 2954 run_cmd nettest -6 -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 2955 sleep 1 2956 run_cmd nettest -6 -D -r ${a} 2957 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2958 2959 for a in ${NSA_LO_IP6} ::1 2960 do 2961 log_start 2962 show_hint "Should fail 'Connection refused' since address is out of device scope" 2963 run_cmd nettest -6 -s -D -d ${NSA_DEV} & 2964 sleep 1 2965 run_cmd nettest -6 -D -r ${a} 2966 log_test_addr ${a} $? 1 "Device server, local connection" 2967 done 2968 2969 a=${NSA_IP6} 2970 log_start 2971 run_cmd nettest -6 -s -D & 2972 sleep 1 2973 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2974 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2975 2976 log_start 2977 run_cmd nettest -6 -s -D & 2978 sleep 1 2979 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a} 2980 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 2981 2982 log_start 2983 run_cmd nettest -6 -s -D & 2984 sleep 1 2985 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a} 2986 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection" 2987 2988 for a in ${NSA_LO_IP6} ::1 2989 do 2990 log_start 2991 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2992 run_cmd nettest -6 -D -s & 2993 sleep 1 2994 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2995 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2996 2997 log_start 2998 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2999 run_cmd nettest -6 -D -s & 3000 sleep 1 3001 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C 3002 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 3003 3004 log_start 3005 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 3006 run_cmd nettest -6 -D -s & 3007 sleep 1 3008 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S 3009 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 3010 done 3011 3012 a=${NSA_IP6} 3013 log_start 3014 run_cmd nettest -6 -D -s -d ${NSA_DEV} -2 ${NSA_DEV} & 3015 sleep 1 3016 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a} 3017 log_test_addr ${a} $? 0 "Device server, device client, local conn" 3018 3019 log_start 3020 show_hint "Should fail 'Connection refused'" 3021 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3022 log_test_addr ${a} $? 1 "No server, device client, local conn" 3023 3024 # LLA to GUA 3025 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 3026 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 3027 log_start 3028 run_cmd nettest -6 -s -D & 3029 sleep 1 3030 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 3031 log_test $? 0 "UDP in - LLA to GUA" 3032 3033 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 3034 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 3035} 3036 3037ipv6_udp_vrf() 3038{ 3039 local a 3040 3041 # disable global server 3042 log_subsection "Global server disabled" 3043 set_sysctl net.ipv4.udp_l3mdev_accept=0 3044 3045 # 3046 # server tests 3047 # 3048 for a in ${NSA_IP6} ${VRF_IP6} 3049 do 3050 log_start 3051 show_hint "Should fail 'Connection refused' since global server is disabled" 3052 run_cmd nettest -6 -D -s & 3053 sleep 1 3054 run_cmd_nsb nettest -6 -D -r ${a} 3055 log_test_addr ${a} $? 1 "Global server" 3056 done 3057 3058 for a in ${NSA_IP6} ${VRF_IP6} 3059 do 3060 log_start 3061 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 3062 sleep 1 3063 run_cmd_nsb nettest -6 -D -r ${a} 3064 log_test_addr ${a} $? 0 "VRF server" 3065 done 3066 3067 for a in ${NSA_IP6} ${VRF_IP6} 3068 do 3069 log_start 3070 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3071 sleep 1 3072 run_cmd_nsb nettest -6 -D -r ${a} 3073 log_test_addr ${a} $? 0 "Enslaved device server" 3074 done 3075 3076 # negative test - should fail 3077 for a in ${NSA_IP6} ${VRF_IP6} 3078 do 3079 log_start 3080 show_hint "Should fail 'Connection refused' since there is no server" 3081 run_cmd_nsb nettest -6 -D -r ${a} 3082 log_test_addr ${a} $? 1 "No server" 3083 done 3084 3085 # 3086 # local address tests 3087 # 3088 for a in ${NSA_IP6} ${VRF_IP6} 3089 do 3090 log_start 3091 show_hint "Should fail 'Connection refused' since global server is disabled" 3092 run_cmd nettest -6 -D -s & 3093 sleep 1 3094 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3095 log_test_addr ${a} $? 1 "Global server, VRF client, local conn" 3096 done 3097 3098 for a in ${NSA_IP6} ${VRF_IP6} 3099 do 3100 log_start 3101 run_cmd nettest -6 -D -d ${VRF} -s & 3102 sleep 1 3103 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3104 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 3105 done 3106 3107 a=${NSA_IP6} 3108 log_start 3109 show_hint "Should fail 'Connection refused' since global server is disabled" 3110 run_cmd nettest -6 -D -s & 3111 sleep 1 3112 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3113 log_test_addr ${a} $? 1 "Global server, device client, local conn" 3114 3115 log_start 3116 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 3117 sleep 1 3118 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3119 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 3120 3121 log_start 3122 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3123 sleep 1 3124 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3125 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 3126 3127 log_start 3128 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3129 sleep 1 3130 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3131 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 3132 3133 # disable global server 3134 log_subsection "Global server enabled" 3135 set_sysctl net.ipv4.udp_l3mdev_accept=1 3136 3137 # 3138 # server tests 3139 # 3140 for a in ${NSA_IP6} ${VRF_IP6} 3141 do 3142 log_start 3143 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 3144 sleep 1 3145 run_cmd_nsb nettest -6 -D -r ${a} 3146 log_test_addr ${a} $? 0 "Global server" 3147 done 3148 3149 for a in ${NSA_IP6} ${VRF_IP6} 3150 do 3151 log_start 3152 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 3153 sleep 1 3154 run_cmd_nsb nettest -6 -D -r ${a} 3155 log_test_addr ${a} $? 0 "VRF server" 3156 done 3157 3158 for a in ${NSA_IP6} ${VRF_IP6} 3159 do 3160 log_start 3161 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3162 sleep 1 3163 run_cmd_nsb nettest -6 -D -r ${a} 3164 log_test_addr ${a} $? 0 "Enslaved device server" 3165 done 3166 3167 # negative test - should fail 3168 for a in ${NSA_IP6} ${VRF_IP6} 3169 do 3170 log_start 3171 run_cmd_nsb nettest -6 -D -r ${a} 3172 log_test_addr ${a} $? 1 "No server" 3173 done 3174 3175 # 3176 # client tests 3177 # 3178 log_start 3179 run_cmd_nsb nettest -6 -D -s & 3180 sleep 1 3181 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 3182 log_test $? 0 "VRF client" 3183 3184 # negative test - should fail 3185 log_start 3186 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 3187 log_test $? 1 "No server, VRF client" 3188 3189 log_start 3190 run_cmd_nsb nettest -6 -D -s & 3191 sleep 1 3192 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 3193 log_test $? 0 "Enslaved device client" 3194 3195 # negative test - should fail 3196 log_start 3197 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 3198 log_test $? 1 "No server, enslaved device client" 3199 3200 # 3201 # local address tests 3202 # 3203 a=${NSA_IP6} 3204 log_start 3205 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 3206 sleep 1 3207 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3208 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 3209 3210 #log_start 3211 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 3212 sleep 1 3213 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3214 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 3215 3216 3217 a=${VRF_IP6} 3218 log_start 3219 run_cmd nettest -6 -D -s -2 ${VRF} & 3220 sleep 1 3221 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3222 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 3223 3224 log_start 3225 run_cmd nettest -6 -D -d ${VRF} -s -2 ${VRF} & 3226 sleep 1 3227 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3228 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 3229 3230 # negative test - should fail 3231 for a in ${NSA_IP6} ${VRF_IP6} 3232 do 3233 log_start 3234 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3235 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 3236 done 3237 3238 # device to global IP 3239 a=${NSA_IP6} 3240 log_start 3241 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 3242 sleep 1 3243 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3244 log_test_addr ${a} $? 0 "Global server, device client, local conn" 3245 3246 log_start 3247 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 3248 sleep 1 3249 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3250 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 3251 3252 log_start 3253 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3254 sleep 1 3255 run_cmd nettest -6 -D -d ${VRF} -r ${a} 3256 log_test_addr ${a} $? 0 "Device server, VRF client, local conn" 3257 3258 log_start 3259 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 3260 sleep 1 3261 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3262 log_test_addr ${a} $? 0 "Device server, device client, local conn" 3263 3264 log_start 3265 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 3266 log_test_addr ${a} $? 1 "No server, device client, local conn" 3267 3268 3269 # link local addresses 3270 log_start 3271 run_cmd nettest -6 -D -s & 3272 sleep 1 3273 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 3274 log_test $? 0 "Global server, linklocal IP" 3275 3276 log_start 3277 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 3278 log_test $? 1 "No server, linklocal IP" 3279 3280 3281 log_start 3282 run_cmd_nsb nettest -6 -D -s & 3283 sleep 1 3284 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 3285 log_test $? 0 "Enslaved device client, linklocal IP" 3286 3287 log_start 3288 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 3289 log_test $? 1 "No server, device client, peer linklocal IP" 3290 3291 3292 log_start 3293 run_cmd nettest -6 -D -s & 3294 sleep 1 3295 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 3296 log_test $? 0 "Enslaved device client, local conn - linklocal IP" 3297 3298 log_start 3299 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 3300 log_test $? 1 "No server, device client, local conn - linklocal IP" 3301 3302 # LLA to GUA 3303 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 3304 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 3305 log_start 3306 run_cmd nettest -6 -s -D & 3307 sleep 1 3308 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 3309 log_test $? 0 "UDP in - LLA to GUA" 3310 3311 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 3312 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 3313} 3314 3315ipv6_udp() 3316{ 3317 # should not matter, but set to known state 3318 set_sysctl net.ipv4.udp_early_demux=1 3319 3320 log_section "IPv6/UDP" 3321 log_subsection "No VRF" 3322 setup 3323 3324 # udp_l3mdev_accept should have no affect without VRF; 3325 # run tests with it enabled and disabled to verify 3326 log_subsection "udp_l3mdev_accept disabled" 3327 set_sysctl net.ipv4.udp_l3mdev_accept=0 3328 ipv6_udp_novrf 3329 log_subsection "udp_l3mdev_accept enabled" 3330 set_sysctl net.ipv4.udp_l3mdev_accept=1 3331 ipv6_udp_novrf 3332 3333 log_subsection "With VRF" 3334 setup "yes" 3335 ipv6_udp_vrf 3336} 3337 3338################################################################################ 3339# IPv6 address bind 3340 3341ipv6_addr_bind_novrf() 3342{ 3343 # 3344 # raw socket 3345 # 3346 for a in ${NSA_IP6} ${NSA_LO_IP6} 3347 do 3348 log_start 3349 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b 3350 log_test_addr ${a} $? 0 "Raw socket bind to local address" 3351 3352 log_start 3353 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b 3354 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 3355 done 3356 3357 # 3358 # tcp sockets 3359 # 3360 a=${NSA_IP6} 3361 log_start 3362 run_cmd nettest -6 -s -l ${a} -t1 -b 3363 log_test_addr ${a} $? 0 "TCP socket bind to local address" 3364 3365 log_start 3366 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 3367 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 3368 3369 # Sadly, the kernel allows binding a socket to a device and then 3370 # binding to an address not on the device. So this test passes 3371 # when it really should not 3372 a=${NSA_LO_IP6} 3373 log_start 3374 show_hint "Tecnically should fail since address is not on device but kernel allows" 3375 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b 3376 log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address" 3377} 3378 3379ipv6_addr_bind_vrf() 3380{ 3381 # 3382 # raw socket 3383 # 3384 for a in ${NSA_IP6} ${VRF_IP6} 3385 do 3386 log_start 3387 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b 3388 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind" 3389 3390 log_start 3391 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b 3392 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 3393 done 3394 3395 a=${NSA_LO_IP6} 3396 log_start 3397 show_hint "Address on loopback is out of VRF scope" 3398 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b 3399 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind" 3400 3401 # 3402 # tcp sockets 3403 # 3404 # address on enslaved device is valid for the VRF or device in a VRF 3405 for a in ${NSA_IP6} ${VRF_IP6} 3406 do 3407 log_start 3408 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b 3409 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind" 3410 done 3411 3412 a=${NSA_IP6} 3413 log_start 3414 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 3415 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind" 3416 3417 # Sadly, the kernel allows binding a socket to a device and then 3418 # binding to an address not on the device. The only restriction 3419 # is that the address is valid in the L3 domain. So this test 3420 # passes when it really should not 3421 a=${VRF_IP6} 3422 log_start 3423 show_hint "Tecnically should fail since address is not on device but kernel allows" 3424 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b 3425 log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind" 3426 3427 a=${NSA_LO_IP6} 3428 log_start 3429 show_hint "Address on loopback out of scope for VRF" 3430 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b 3431 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 3432 3433 log_start 3434 show_hint "Address on loopback out of scope for device in VRF" 3435 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 3436 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 3437 3438} 3439 3440ipv6_addr_bind() 3441{ 3442 log_section "IPv6 address binds" 3443 3444 log_subsection "No VRF" 3445 setup 3446 ipv6_addr_bind_novrf 3447 3448 log_subsection "With VRF" 3449 setup "yes" 3450 ipv6_addr_bind_vrf 3451} 3452 3453################################################################################ 3454# IPv6 runtime tests 3455 3456ipv6_rt() 3457{ 3458 local desc="$1" 3459 local varg="-6 $2" 3460 local with_vrf="yes" 3461 local a 3462 3463 # 3464 # server tests 3465 # 3466 for a in ${NSA_IP6} ${VRF_IP6} 3467 do 3468 log_start 3469 run_cmd nettest ${varg} -s & 3470 sleep 1 3471 run_cmd_nsb nettest ${varg} -r ${a} & 3472 sleep 3 3473 run_cmd ip link del ${VRF} 3474 sleep 1 3475 log_test_addr ${a} 0 0 "${desc}, global server" 3476 3477 setup ${with_vrf} 3478 done 3479 3480 for a in ${NSA_IP6} ${VRF_IP6} 3481 do 3482 log_start 3483 run_cmd nettest ${varg} -d ${VRF} -s & 3484 sleep 1 3485 run_cmd_nsb nettest ${varg} -r ${a} & 3486 sleep 3 3487 run_cmd ip link del ${VRF} 3488 sleep 1 3489 log_test_addr ${a} 0 0 "${desc}, VRF server" 3490 3491 setup ${with_vrf} 3492 done 3493 3494 for a in ${NSA_IP6} ${VRF_IP6} 3495 do 3496 log_start 3497 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 3498 sleep 1 3499 run_cmd_nsb nettest ${varg} -r ${a} & 3500 sleep 3 3501 run_cmd ip link del ${VRF} 3502 sleep 1 3503 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 3504 3505 setup ${with_vrf} 3506 done 3507 3508 # 3509 # client test 3510 # 3511 log_start 3512 run_cmd_nsb nettest ${varg} -s & 3513 sleep 1 3514 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} & 3515 sleep 3 3516 run_cmd ip link del ${VRF} 3517 sleep 1 3518 log_test 0 0 "${desc}, VRF client" 3519 3520 setup ${with_vrf} 3521 3522 log_start 3523 run_cmd_nsb nettest ${varg} -s & 3524 sleep 1 3525 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} & 3526 sleep 3 3527 run_cmd ip link del ${VRF} 3528 sleep 1 3529 log_test 0 0 "${desc}, enslaved device client" 3530 3531 setup ${with_vrf} 3532 3533 3534 # 3535 # local address tests 3536 # 3537 for a in ${NSA_IP6} ${VRF_IP6} 3538 do 3539 log_start 3540 run_cmd nettest ${varg} -s & 3541 sleep 1 3542 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3543 sleep 3 3544 run_cmd ip link del ${VRF} 3545 sleep 1 3546 log_test_addr ${a} 0 0 "${desc}, global server, VRF client" 3547 3548 setup ${with_vrf} 3549 done 3550 3551 for a in ${NSA_IP6} ${VRF_IP6} 3552 do 3553 log_start 3554 run_cmd nettest ${varg} -d ${VRF} -s & 3555 sleep 1 3556 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3557 sleep 3 3558 run_cmd ip link del ${VRF} 3559 sleep 1 3560 log_test_addr ${a} 0 0 "${desc}, VRF server and client" 3561 3562 setup ${with_vrf} 3563 done 3564 3565 a=${NSA_IP6} 3566 log_start 3567 run_cmd nettest ${varg} -s & 3568 sleep 1 3569 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3570 sleep 3 3571 run_cmd ip link del ${VRF} 3572 sleep 1 3573 log_test_addr ${a} 0 0 "${desc}, global server, device client" 3574 3575 setup ${with_vrf} 3576 3577 log_start 3578 run_cmd nettest ${varg} -d ${VRF} -s & 3579 sleep 1 3580 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3581 sleep 3 3582 run_cmd ip link del ${VRF} 3583 sleep 1 3584 log_test_addr ${a} 0 0 "${desc}, VRF server, device client" 3585 3586 setup ${with_vrf} 3587 3588 log_start 3589 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 3590 sleep 1 3591 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3592 sleep 3 3593 run_cmd ip link del ${VRF} 3594 sleep 1 3595 log_test_addr ${a} 0 0 "${desc}, device server, device client" 3596} 3597 3598ipv6_ping_rt() 3599{ 3600 local with_vrf="yes" 3601 local a 3602 3603 a=${NSA_IP6} 3604 log_start 3605 run_cmd_nsb ${ping6} -f ${a} & 3606 sleep 3 3607 run_cmd ip link del ${VRF} 3608 sleep 1 3609 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 3610 3611 setup ${with_vrf} 3612 3613 log_start 3614 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} & 3615 sleep 1 3616 run_cmd ip link del ${VRF} 3617 sleep 1 3618 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 3619} 3620 3621ipv6_runtime() 3622{ 3623 log_section "Run time tests - ipv6" 3624 3625 setup "yes" 3626 ipv6_ping_rt 3627 3628 setup "yes" 3629 ipv6_rt "TCP active socket" "-n -1" 3630 3631 setup "yes" 3632 ipv6_rt "TCP passive socket" "-i" 3633 3634 setup "yes" 3635 ipv6_rt "UDP active socket" "-D -n -1" 3636} 3637 3638################################################################################ 3639# netfilter blocking connections 3640 3641netfilter_tcp_reset() 3642{ 3643 local a 3644 3645 for a in ${NSA_IP} ${VRF_IP} 3646 do 3647 log_start 3648 run_cmd nettest -s & 3649 sleep 1 3650 run_cmd_nsb nettest -r ${a} 3651 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3652 done 3653} 3654 3655netfilter_icmp() 3656{ 3657 local stype="$1" 3658 local arg 3659 local a 3660 3661 [ "${stype}" = "UDP" ] && arg="-D" 3662 3663 for a in ${NSA_IP} ${VRF_IP} 3664 do 3665 log_start 3666 run_cmd nettest ${arg} -s & 3667 sleep 1 3668 run_cmd_nsb nettest ${arg} -r ${a} 3669 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3670 done 3671} 3672 3673ipv4_netfilter() 3674{ 3675 log_section "IPv4 Netfilter" 3676 log_subsection "TCP reset" 3677 3678 setup "yes" 3679 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3680 3681 netfilter_tcp_reset 3682 3683 log_start 3684 log_subsection "ICMP unreachable" 3685 3686 log_start 3687 run_cmd iptables -F 3688 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3689 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3690 3691 netfilter_icmp "TCP" 3692 netfilter_icmp "UDP" 3693 3694 log_start 3695 iptables -F 3696} 3697 3698netfilter_tcp6_reset() 3699{ 3700 local a 3701 3702 for a in ${NSA_IP6} ${VRF_IP6} 3703 do 3704 log_start 3705 run_cmd nettest -6 -s & 3706 sleep 1 3707 run_cmd_nsb nettest -6 -r ${a} 3708 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3709 done 3710} 3711 3712netfilter_icmp6() 3713{ 3714 local stype="$1" 3715 local arg 3716 local a 3717 3718 [ "${stype}" = "UDP" ] && arg="$arg -D" 3719 3720 for a in ${NSA_IP6} ${VRF_IP6} 3721 do 3722 log_start 3723 run_cmd nettest -6 -s ${arg} & 3724 sleep 1 3725 run_cmd_nsb nettest -6 ${arg} -r ${a} 3726 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3727 done 3728} 3729 3730ipv6_netfilter() 3731{ 3732 log_section "IPv6 Netfilter" 3733 log_subsection "TCP reset" 3734 3735 setup "yes" 3736 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3737 3738 netfilter_tcp6_reset 3739 3740 log_subsection "ICMP unreachable" 3741 3742 log_start 3743 run_cmd ip6tables -F 3744 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3745 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3746 3747 netfilter_icmp6 "TCP" 3748 netfilter_icmp6 "UDP" 3749 3750 log_start 3751 ip6tables -F 3752} 3753 3754################################################################################ 3755# specific use cases 3756 3757# VRF only. 3758# ns-A device enslaved to bridge. Verify traffic with and without 3759# br_netfilter module loaded. Repeat with SVI on bridge. 3760use_case_br() 3761{ 3762 setup "yes" 3763 3764 setup_cmd ip link set ${NSA_DEV} down 3765 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24 3766 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64 3767 3768 setup_cmd ip link add br0 type bridge 3769 setup_cmd ip addr add dev br0 ${NSA_IP}/24 3770 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad 3771 3772 setup_cmd ip li set ${NSA_DEV} master br0 3773 setup_cmd ip li set ${NSA_DEV} up 3774 setup_cmd ip li set br0 up 3775 setup_cmd ip li set br0 vrf ${VRF} 3776 3777 rmmod br_netfilter 2>/dev/null 3778 sleep 5 # DAD 3779 3780 run_cmd ip neigh flush all 3781 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3782 log_test $? 0 "Bridge into VRF - IPv4 ping out" 3783 3784 run_cmd ip neigh flush all 3785 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3786 log_test $? 0 "Bridge into VRF - IPv6 ping out" 3787 3788 run_cmd ip neigh flush all 3789 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3790 log_test $? 0 "Bridge into VRF - IPv4 ping in" 3791 3792 run_cmd ip neigh flush all 3793 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3794 log_test $? 0 "Bridge into VRF - IPv6 ping in" 3795 3796 modprobe br_netfilter 3797 if [ $? -eq 0 ]; then 3798 run_cmd ip neigh flush all 3799 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3800 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out" 3801 3802 run_cmd ip neigh flush all 3803 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3804 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out" 3805 3806 run_cmd ip neigh flush all 3807 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3808 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in" 3809 3810 run_cmd ip neigh flush all 3811 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3812 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in" 3813 fi 3814 3815 setup_cmd ip li set br0 nomaster 3816 setup_cmd ip li add br0.100 link br0 type vlan id 100 3817 setup_cmd ip li set br0.100 vrf ${VRF} up 3818 setup_cmd ip addr add dev br0.100 172.16.101.1/24 3819 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad 3820 3821 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100 3822 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24 3823 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad 3824 setup_cmd_nsb ip li set vlan100 up 3825 sleep 1 3826 3827 rmmod br_netfilter 2>/dev/null 3828 3829 run_cmd ip neigh flush all 3830 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3831 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out" 3832 3833 run_cmd ip neigh flush all 3834 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3835 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out" 3836 3837 run_cmd ip neigh flush all 3838 run_cmd_nsb ping -c1 -w1 172.16.101.1 3839 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3840 3841 run_cmd ip neigh flush all 3842 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3843 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3844 3845 modprobe br_netfilter 3846 if [ $? -eq 0 ]; then 3847 run_cmd ip neigh flush all 3848 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3849 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out" 3850 3851 run_cmd ip neigh flush all 3852 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3853 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out" 3854 3855 run_cmd ip neigh flush all 3856 run_cmd_nsb ping -c1 -w1 172.16.101.1 3857 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3858 3859 run_cmd ip neigh flush all 3860 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3861 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3862 fi 3863 3864 setup_cmd ip li del br0 2>/dev/null 3865 setup_cmd_nsb ip li del vlan100 2>/dev/null 3866} 3867 3868# VRF only. 3869# ns-A device is connected to both ns-B and ns-C on a single VRF but only has 3870# LLA on the interfaces 3871use_case_ping_lla_multi() 3872{ 3873 setup_lla_only 3874 # only want reply from ns-A 3875 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1 3876 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1 3877 3878 log_start 3879 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV} 3880 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B" 3881 3882 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV} 3883 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C" 3884 3885 # cycle/flap the first ns-A interface 3886 setup_cmd ip link set ${NSA_DEV} down 3887 setup_cmd ip link set ${NSA_DEV} up 3888 sleep 1 3889 3890 log_start 3891 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV} 3892 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B" 3893 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV} 3894 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C" 3895 3896 # cycle/flap the second ns-A interface 3897 setup_cmd ip link set ${NSA_DEV2} down 3898 setup_cmd ip link set ${NSA_DEV2} up 3899 sleep 1 3900 3901 log_start 3902 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV} 3903 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B" 3904 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV} 3905 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C" 3906} 3907 3908use_cases() 3909{ 3910 log_section "Use cases" 3911 log_subsection "Device enslaved to bridge" 3912 use_case_br 3913 log_subsection "Ping LLA with multiple interfaces" 3914 use_case_ping_lla_multi 3915} 3916 3917################################################################################ 3918# usage 3919 3920usage() 3921{ 3922 cat <<EOF 3923usage: ${0##*/} OPTS 3924 3925 -4 IPv4 tests only 3926 -6 IPv6 tests only 3927 -t <test> Test name/set to run 3928 -p Pause on fail 3929 -P Pause after each test 3930 -v Be verbose 3931EOF 3932} 3933 3934################################################################################ 3935# main 3936 3937TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_bind ipv4_runtime ipv4_netfilter" 3938TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_bind ipv6_runtime ipv6_netfilter" 3939TESTS_OTHER="use_cases" 3940 3941PAUSE_ON_FAIL=no 3942PAUSE=no 3943 3944while getopts :46t:pPvh o 3945do 3946 case $o in 3947 4) TESTS=ipv4;; 3948 6) TESTS=ipv6;; 3949 t) TESTS=$OPTARG;; 3950 p) PAUSE_ON_FAIL=yes;; 3951 P) PAUSE=yes;; 3952 v) VERBOSE=1;; 3953 h) usage; exit 0;; 3954 *) usage; exit 1;; 3955 esac 3956done 3957 3958# make sure we don't pause twice 3959[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no 3960 3961# 3962# show user test config 3963# 3964if [ -z "$TESTS" ]; then 3965 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER" 3966elif [ "$TESTS" = "ipv4" ]; then 3967 TESTS="$TESTS_IPV4" 3968elif [ "$TESTS" = "ipv6" ]; then 3969 TESTS="$TESTS_IPV6" 3970fi 3971 3972which nettest >/dev/null 3973if [ $? -ne 0 ]; then 3974 echo "'nettest' command not found; skipping tests" 3975 exit 0 3976fi 3977 3978declare -i nfail=0 3979declare -i nsuccess=0 3980 3981for t in $TESTS 3982do 3983 case $t in 3984 ipv4_ping|ping) ipv4_ping;; 3985 ipv4_tcp|tcp) ipv4_tcp;; 3986 ipv4_udp|udp) ipv4_udp;; 3987 ipv4_bind|bind) ipv4_addr_bind;; 3988 ipv4_runtime) ipv4_runtime;; 3989 ipv4_netfilter) ipv4_netfilter;; 3990 3991 ipv6_ping|ping6) ipv6_ping;; 3992 ipv6_tcp|tcp6) ipv6_tcp;; 3993 ipv6_udp|udp6) ipv6_udp;; 3994 ipv6_bind|bind6) ipv6_addr_bind;; 3995 ipv6_runtime) ipv6_runtime;; 3996 ipv6_netfilter) ipv6_netfilter;; 3997 3998 use_cases) use_cases;; 3999 4000 # setup namespaces and config, but do not run any tests 4001 setup) setup; exit 0;; 4002 vrf_setup) setup "yes"; exit 0;; 4003 4004 help) echo "Test names: $TESTS"; exit 0;; 4005 esac 4006done 4007 4008cleanup 2>/dev/null 4009 4010printf "\nTests passed: %3d\n" ${nsuccess} 4011printf "Tests failed: %3d\n" ${nfail} 4012