1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved. 5# 6# IPv4 and IPv6 functional tests focusing on VRF and routing lookups 7# for various permutations: 8# 1. icmp, tcp, udp and netfilter 9# 2. client, server, no-server 10# 3. global address on interface 11# 4. global address on 'lo' 12# 5. remote and local traffic 13# 6. VRF and non-VRF permutations 14# 15# Setup: 16# ns-A | ns-B 17# No VRF case: 18# [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ] 19# remote address 20# VRF case: 21# [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ] 22# 23# ns-A: 24# eth1: 172.16.1.1/24, 2001:db8:1::1/64 25# lo: 127.0.0.1/8, ::1/128 26# 172.16.2.1/32, 2001:db8:2::1/128 27# red: 127.0.0.1/8, ::1/128 28# 172.16.3.1/32, 2001:db8:3::1/128 29# 30# ns-B: 31# eth1: 172.16.1.2/24, 2001:db8:1::2/64 32# lo2: 127.0.0.1/8, ::1/128 33# 172.16.2.2/32, 2001:db8:2::2/128 34# 35# server / client nomenclature relative to ns-A 36 37VERBOSE=0 38 39NSA_DEV=eth1 40NSB_DEV=eth1 41VRF=red 42VRF_TABLE=1101 43 44# IPv4 config 45NSA_IP=172.16.1.1 46NSB_IP=172.16.1.2 47VRF_IP=172.16.3.1 48 49# IPv6 config 50NSA_IP6=2001:db8:1::1 51NSB_IP6=2001:db8:1::2 52VRF_IP6=2001:db8:3::1 53 54NSA_LO_IP=172.16.2.1 55NSB_LO_IP=172.16.2.2 56NSA_LO_IP6=2001:db8:2::1 57NSB_LO_IP6=2001:db8:2::2 58 59MCAST=ff02::1 60# set after namespace create 61NSA_LINKIP6= 62NSB_LINKIP6= 63 64NSA=ns-A 65NSB=ns-B 66 67NSA_CMD="ip netns exec ${NSA}" 68NSB_CMD="ip netns exec ${NSB}" 69 70which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) 71 72################################################################################ 73# utilities 74 75log_test() 76{ 77 local rc=$1 78 local expected=$2 79 local msg="$3" 80 81 [ "${VERBOSE}" = "1" ] && echo 82 83 if [ ${rc} -eq ${expected} ]; then 84 nsuccess=$((nsuccess+1)) 85 printf "TEST: %-70s [ OK ]\n" "${msg}" 86 else 87 nfail=$((nfail+1)) 88 printf "TEST: %-70s [FAIL]\n" "${msg}" 89 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 90 echo 91 echo "hit enter to continue, 'q' to quit" 92 read a 93 [ "$a" = "q" ] && exit 1 94 fi 95 fi 96 97 if [ "${PAUSE}" = "yes" ]; then 98 echo 99 echo "hit enter to continue, 'q' to quit" 100 read a 101 [ "$a" = "q" ] && exit 1 102 fi 103 104 kill_procs 105} 106 107log_test_addr() 108{ 109 local addr=$1 110 local rc=$2 111 local expected=$3 112 local msg="$4" 113 local astr 114 115 astr=$(addr2str ${addr}) 116 log_test $rc $expected "$msg - ${astr}" 117} 118 119log_section() 120{ 121 echo 122 echo "###########################################################################" 123 echo "$*" 124 echo "###########################################################################" 125 echo 126} 127 128log_subsection() 129{ 130 echo 131 echo "#################################################################" 132 echo "$*" 133 echo 134} 135 136log_start() 137{ 138 # make sure we have no test instances running 139 kill_procs 140 141 if [ "${VERBOSE}" = "1" ]; then 142 echo 143 echo "#######################################################" 144 fi 145} 146 147log_debug() 148{ 149 if [ "${VERBOSE}" = "1" ]; then 150 echo 151 echo "$*" 152 echo 153 fi 154} 155 156show_hint() 157{ 158 if [ "${VERBOSE}" = "1" ]; then 159 echo "HINT: $*" 160 echo 161 fi 162} 163 164kill_procs() 165{ 166 killall nettest ping ping6 >/dev/null 2>&1 167 sleep 1 168} 169 170do_run_cmd() 171{ 172 local cmd="$*" 173 local out 174 175 if [ "$VERBOSE" = "1" ]; then 176 echo "COMMAND: ${cmd}" 177 fi 178 179 out=$($cmd 2>&1) 180 rc=$? 181 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 182 echo "$out" 183 fi 184 185 return $rc 186} 187 188run_cmd() 189{ 190 do_run_cmd ${NSA_CMD} $* 191} 192 193run_cmd_nsb() 194{ 195 do_run_cmd ${NSB_CMD} $* 196} 197 198setup_cmd() 199{ 200 local cmd="$*" 201 local rc 202 203 run_cmd ${cmd} 204 rc=$? 205 if [ $rc -ne 0 ]; then 206 # show user the command if not done so already 207 if [ "$VERBOSE" = "0" ]; then 208 echo "setup command: $cmd" 209 fi 210 echo "failed. stopping tests" 211 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 212 echo 213 echo "hit enter to continue" 214 read a 215 fi 216 exit $rc 217 fi 218} 219 220setup_cmd_nsb() 221{ 222 local cmd="$*" 223 local rc 224 225 run_cmd_nsb ${cmd} 226 rc=$? 227 if [ $rc -ne 0 ]; then 228 # show user the command if not done so already 229 if [ "$VERBOSE" = "0" ]; then 230 echo "setup command: $cmd" 231 fi 232 echo "failed. stopping tests" 233 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 234 echo 235 echo "hit enter to continue" 236 read a 237 fi 238 exit $rc 239 fi 240} 241 242setup_cmd_nsc() 243{ 244 local cmd="$*" 245 local rc 246 247 run_cmd_nsc ${cmd} 248 rc=$? 249 if [ $rc -ne 0 ]; then 250 # show user the command if not done so already 251 if [ "$VERBOSE" = "0" ]; then 252 echo "setup command: $cmd" 253 fi 254 echo "failed. stopping tests" 255 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 256 echo 257 echo "hit enter to continue" 258 read a 259 fi 260 exit $rc 261 fi 262} 263 264# set sysctl values in NS-A 265set_sysctl() 266{ 267 echo "SYSCTL: $*" 268 echo 269 run_cmd sysctl -q -w $* 270} 271 272################################################################################ 273# Setup for tests 274 275addr2str() 276{ 277 case "$1" in 278 127.0.0.1) echo "loopback";; 279 ::1) echo "IPv6 loopback";; 280 281 ${NSA_IP}) echo "ns-A IP";; 282 ${NSA_IP6}) echo "ns-A IPv6";; 283 ${NSA_LO_IP}) echo "ns-A loopback IP";; 284 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";; 285 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";; 286 287 ${NSB_IP}) echo "ns-B IP";; 288 ${NSB_IP6}) echo "ns-B IPv6";; 289 ${NSB_LO_IP}) echo "ns-B loopback IP";; 290 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";; 291 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";; 292 293 ${VRF_IP}) echo "VRF IP";; 294 ${VRF_IP6}) echo "VRF IPv6";; 295 296 ${MCAST}%*) echo "multicast IP";; 297 298 *) echo "unknown";; 299 esac 300} 301 302get_linklocal() 303{ 304 local ns=$1 305 local dev=$2 306 local addr 307 308 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \ 309 awk '{ 310 for (i = 3; i <= NF; ++i) { 311 if ($i ~ /^fe80/) 312 print $i 313 } 314 }' 315 ) 316 addr=${addr/\/*} 317 318 [ -z "$addr" ] && return 1 319 320 echo $addr 321 322 return 0 323} 324 325################################################################################ 326# create namespaces and vrf 327 328create_vrf() 329{ 330 local ns=$1 331 local vrf=$2 332 local table=$3 333 local addr=$4 334 local addr6=$5 335 336 ip -netns ${ns} link add ${vrf} type vrf table ${table} 337 ip -netns ${ns} link set ${vrf} up 338 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192 339 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192 340 341 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf} 342 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad 343 if [ "${addr}" != "-" ]; then 344 ip -netns ${ns} addr add dev ${vrf} ${addr} 345 fi 346 if [ "${addr6}" != "-" ]; then 347 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6} 348 fi 349 350 ip -netns ${ns} ru del pref 0 351 ip -netns ${ns} ru add pref 32765 from all lookup local 352 ip -netns ${ns} -6 ru del pref 0 353 ip -netns ${ns} -6 ru add pref 32765 from all lookup local 354} 355 356create_ns() 357{ 358 local ns=$1 359 local addr=$2 360 local addr6=$3 361 362 ip netns add ${ns} 363 364 ip -netns ${ns} link set lo up 365 if [ "${addr}" != "-" ]; then 366 ip -netns ${ns} addr add dev lo ${addr} 367 fi 368 if [ "${addr6}" != "-" ]; then 369 ip -netns ${ns} -6 addr add dev lo ${addr6} 370 fi 371 372 ip -netns ${ns} ro add unreachable default metric 8192 373 ip -netns ${ns} -6 ro add unreachable default metric 8192 374 375 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1 376 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 377 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1 378 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1 379} 380 381# create veth pair to connect namespaces and apply addresses. 382connect_ns() 383{ 384 local ns1=$1 385 local ns1_dev=$2 386 local ns1_addr=$3 387 local ns1_addr6=$4 388 local ns2=$5 389 local ns2_dev=$6 390 local ns2_addr=$7 391 local ns2_addr6=$8 392 393 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp 394 ip -netns ${ns1} li set ${ns1_dev} up 395 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev} 396 ip -netns ${ns2} li set ${ns2_dev} up 397 398 if [ "${ns1_addr}" != "-" ]; then 399 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr} 400 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr} 401 fi 402 403 if [ "${ns1_addr6}" != "-" ]; then 404 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6} 405 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6} 406 fi 407} 408 409cleanup() 410{ 411 # explicit cleanups to check those code paths 412 ip netns | grep -q ${NSA} 413 if [ $? -eq 0 ]; then 414 ip -netns ${NSA} link delete ${VRF} 415 ip -netns ${NSA} ro flush table ${VRF_TABLE} 416 417 ip -netns ${NSA} addr flush dev ${NSA_DEV} 418 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV} 419 ip -netns ${NSA} link set dev ${NSA_DEV} down 420 ip -netns ${NSA} link del dev ${NSA_DEV} 421 422 ip netns del ${NSA} 423 fi 424 425 ip netns del ${NSB} 426} 427 428setup() 429{ 430 local with_vrf=${1} 431 432 # make sure we are starting with a clean slate 433 kill_procs 434 cleanup 2>/dev/null 435 436 log_debug "Configuring network namespaces" 437 set -e 438 439 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128 440 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128 441 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \ 442 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64 443 444 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV}) 445 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV}) 446 447 # tell ns-A how to get to remote addresses of ns-B 448 if [ "${with_vrf}" = "yes" ]; then 449 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6} 450 451 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF} 452 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 453 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 454 455 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 456 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 457 else 458 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} 459 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} 460 fi 461 462 463 # tell ns-B how to get to remote addresses of ns-A 464 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV} 465 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} 466 467 set +e 468 469 sleep 1 470} 471 472setup_lla_only() 473{ 474 # make sure we are starting with a clean slate 475 kill_procs 476 cleanup 2>/dev/null 477 478 log_debug "Configuring network namespaces" 479 set -e 480 481 create_ns ${NSA} "-" "-" 482 create_ns ${NSB} "-" "-" 483 create_ns ${NSC} "-" "-" 484 connect_ns ${NSA} ${NSA_DEV} "-" "-" \ 485 ${NSB} ${NSB_DEV} "-" "-" 486 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \ 487 ${NSC} ${NSC_DEV} "-" "-" 488 489 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV}) 490 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV}) 491 NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV}) 492 493 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-" 494 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF} 495 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF} 496 497 set +e 498 499 sleep 1 500} 501 502################################################################################ 503# IPv4 504 505ipv4_ping_novrf() 506{ 507 local a 508 509 # 510 # out 511 # 512 for a in ${NSB_IP} ${NSB_LO_IP} 513 do 514 log_start 515 run_cmd ping -c1 -w1 ${a} 516 log_test_addr ${a} $? 0 "ping out" 517 518 log_start 519 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 520 log_test_addr ${a} $? 0 "ping out, device bind" 521 522 log_start 523 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a} 524 log_test_addr ${a} $? 0 "ping out, address bind" 525 done 526 527 # 528 # in 529 # 530 for a in ${NSA_IP} ${NSA_LO_IP} 531 do 532 log_start 533 run_cmd_nsb ping -c1 -w1 ${a} 534 log_test_addr ${a} $? 0 "ping in" 535 done 536 537 # 538 # local traffic 539 # 540 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 541 do 542 log_start 543 run_cmd ping -c1 -w1 ${a} 544 log_test_addr ${a} $? 0 "ping local" 545 done 546 547 # 548 # local traffic, socket bound to device 549 # 550 # address on device 551 a=${NSA_IP} 552 log_start 553 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 554 log_test_addr ${a} $? 0 "ping local, device bind" 555 556 # loopback addresses not reachable from device bind 557 # fails in a really weird way though because ipv4 special cases 558 # route lookups with oif set. 559 for a in ${NSA_LO_IP} 127.0.0.1 560 do 561 log_start 562 show_hint "Fails since address on loopback device is out of device scope" 563 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 564 log_test_addr ${a} $? 1 "ping local, device bind" 565 done 566 567 # 568 # ip rule blocks reachability to remote address 569 # 570 log_start 571 setup_cmd ip rule add pref 32765 from all lookup local 572 setup_cmd ip rule del pref 0 from all lookup local 573 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 574 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 575 576 a=${NSB_LO_IP} 577 run_cmd ping -c1 -w1 ${a} 578 log_test_addr ${a} $? 2 "ping out, blocked by rule" 579 580 # NOTE: ipv4 actually allows the lookup to fail and yet still create 581 # a viable rtable if the oif (e.g., bind to device) is set, so this 582 # case succeeds despite the rule 583 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 584 585 a=${NSA_LO_IP} 586 log_start 587 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule" 588 run_cmd_nsb ping -c1 -w1 ${a} 589 log_test_addr ${a} $? 1 "ping in, blocked by rule" 590 591 [ "$VERBOSE" = "1" ] && echo 592 setup_cmd ip rule del pref 32765 from all lookup local 593 setup_cmd ip rule add pref 0 from all lookup local 594 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 595 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 596 597 # 598 # route blocks reachability to remote address 599 # 600 log_start 601 setup_cmd ip route replace unreachable ${NSB_LO_IP} 602 setup_cmd ip route replace unreachable ${NSB_IP} 603 604 a=${NSB_LO_IP} 605 run_cmd ping -c1 -w1 ${a} 606 log_test_addr ${a} $? 2 "ping out, blocked by route" 607 608 # NOTE: ipv4 actually allows the lookup to fail and yet still create 609 # a viable rtable if the oif (e.g., bind to device) is set, so this 610 # case succeeds despite not having a route for the address 611 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 612 613 a=${NSA_LO_IP} 614 log_start 615 show_hint "Response is dropped (or arp request is ignored) due to ip route" 616 run_cmd_nsb ping -c1 -w1 ${a} 617 log_test_addr ${a} $? 1 "ping in, blocked by route" 618 619 # 620 # remove 'remote' routes; fallback to default 621 # 622 log_start 623 setup_cmd ip ro del ${NSB_LO_IP} 624 625 a=${NSB_LO_IP} 626 run_cmd ping -c1 -w1 ${a} 627 log_test_addr ${a} $? 2 "ping out, unreachable default route" 628 629 # NOTE: ipv4 actually allows the lookup to fail and yet still create 630 # a viable rtable if the oif (e.g., bind to device) is set, so this 631 # case succeeds despite not having a route for the address 632 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 633} 634 635ipv4_ping_vrf() 636{ 637 local a 638 639 # should default on; does not exist on older kernels 640 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 641 642 # 643 # out 644 # 645 for a in ${NSB_IP} ${NSB_LO_IP} 646 do 647 log_start 648 run_cmd ping -c1 -w1 -I ${VRF} ${a} 649 log_test_addr ${a} $? 0 "ping out, VRF bind" 650 651 log_start 652 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 653 log_test_addr ${a} $? 0 "ping out, device bind" 654 655 log_start 656 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a} 657 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind" 658 659 log_start 660 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a} 661 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind" 662 done 663 664 # 665 # in 666 # 667 for a in ${NSA_IP} ${VRF_IP} 668 do 669 log_start 670 run_cmd_nsb ping -c1 -w1 ${a} 671 log_test_addr ${a} $? 0 "ping in" 672 done 673 674 # 675 # local traffic, local address 676 # 677 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 678 do 679 log_start 680 show_hint "Source address should be ${a}" 681 run_cmd ping -c1 -w1 -I ${VRF} ${a} 682 log_test_addr ${a} $? 0 "ping local, VRF bind" 683 done 684 685 # 686 # local traffic, socket bound to device 687 # 688 # address on device 689 a=${NSA_IP} 690 log_start 691 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 692 log_test_addr ${a} $? 0 "ping local, device bind" 693 694 # vrf device is out of scope 695 for a in ${VRF_IP} 127.0.0.1 696 do 697 log_start 698 show_hint "Fails since address on vrf device is out of device scope" 699 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 700 log_test_addr ${a} $? 1 "ping local, device bind" 701 done 702 703 # 704 # ip rule blocks address 705 # 706 log_start 707 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit 708 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit 709 710 a=${NSB_LO_IP} 711 run_cmd ping -c1 -w1 -I ${VRF} ${a} 712 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule" 713 714 log_start 715 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 716 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 717 718 a=${NSA_LO_IP} 719 log_start 720 show_hint "Response lost due to ip rule" 721 run_cmd_nsb ping -c1 -w1 ${a} 722 log_test_addr ${a} $? 1 "ping in, blocked by rule" 723 724 [ "$VERBOSE" = "1" ] && echo 725 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit 726 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit 727 728 # 729 # remove 'remote' routes; fallback to default 730 # 731 log_start 732 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP} 733 734 a=${NSB_LO_IP} 735 run_cmd ping -c1 -w1 -I ${VRF} ${a} 736 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route" 737 738 log_start 739 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} 740 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 741 742 a=${NSA_LO_IP} 743 log_start 744 show_hint "Response lost by unreachable route" 745 run_cmd_nsb ping -c1 -w1 ${a} 746 log_test_addr ${a} $? 1 "ping in, unreachable route" 747} 748 749ipv4_ping() 750{ 751 log_section "IPv4 ping" 752 753 log_subsection "No VRF" 754 setup 755 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 756 ipv4_ping_novrf 757 setup 758 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 759 ipv4_ping_novrf 760 setup 761 set_sysctl net.ipv4.ping_group_range='0 2147483647' 2>/dev/null 762 ipv4_ping_novrf 763 764 log_subsection "With VRF" 765 setup "yes" 766 ipv4_ping_vrf 767 setup "yes" 768 set_sysctl net.ipv4.ping_group_range='0 2147483647' 2>/dev/null 769 ipv4_ping_vrf 770} 771 772################################################################################ 773# IPv4 TCP 774 775ipv4_tcp_novrf() 776{ 777 local a 778 779 # 780 # server tests 781 # 782 for a in ${NSA_IP} ${NSA_LO_IP} 783 do 784 log_start 785 run_cmd nettest -s & 786 sleep 1 787 run_cmd_nsb nettest -r ${a} 788 log_test_addr ${a} $? 0 "Global server" 789 done 790 791 a=${NSA_IP} 792 log_start 793 run_cmd nettest -s -d ${NSA_DEV} & 794 sleep 1 795 run_cmd_nsb nettest -r ${a} 796 log_test_addr ${a} $? 0 "Device server" 797 798 # verify TCP reset sent and received 799 for a in ${NSA_IP} ${NSA_LO_IP} 800 do 801 log_start 802 show_hint "Should fail 'Connection refused' since there is no server" 803 run_cmd_nsb nettest -r ${a} 804 log_test_addr ${a} $? 1 "No server" 805 done 806 807 # 808 # client 809 # 810 for a in ${NSB_IP} ${NSB_LO_IP} 811 do 812 log_start 813 run_cmd_nsb nettest -s & 814 sleep 1 815 run_cmd nettest -r ${a} -0 ${NSA_IP} 816 log_test_addr ${a} $? 0 "Client" 817 818 log_start 819 run_cmd_nsb nettest -s & 820 sleep 1 821 run_cmd nettest -r ${a} -d ${NSA_DEV} 822 log_test_addr ${a} $? 0 "Client, device bind" 823 824 log_start 825 show_hint "Should fail 'Connection refused'" 826 run_cmd nettest -r ${a} 827 log_test_addr ${a} $? 1 "No server, unbound client" 828 829 log_start 830 show_hint "Should fail 'Connection refused'" 831 run_cmd nettest -r ${a} -d ${NSA_DEV} 832 log_test_addr ${a} $? 1 "No server, device client" 833 done 834 835 # 836 # local address tests 837 # 838 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 839 do 840 log_start 841 run_cmd nettest -s & 842 sleep 1 843 run_cmd nettest -r ${a} -0 ${a} -1 ${a} 844 log_test_addr ${a} $? 0 "Global server, local connection" 845 done 846 847 a=${NSA_IP} 848 log_start 849 run_cmd nettest -s -d ${NSA_DEV} & 850 sleep 1 851 run_cmd nettest -r ${a} -0 ${a} 852 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 853 854 for a in ${NSA_LO_IP} 127.0.0.1 855 do 856 log_start 857 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 858 run_cmd nettest -s -d ${NSA_DEV} & 859 sleep 1 860 run_cmd nettest -r ${a} 861 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 862 done 863 864 a=${NSA_IP} 865 log_start 866 run_cmd nettest -s & 867 sleep 1 868 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV} 869 log_test_addr ${a} $? 0 "Global server, device client, local connection" 870 871 for a in ${NSA_LO_IP} 127.0.0.1 872 do 873 log_start 874 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 875 run_cmd nettest -s & 876 sleep 1 877 run_cmd nettest -r ${a} -d ${NSA_DEV} 878 log_test_addr ${a} $? 1 "Global server, device client, local connection" 879 done 880 881 a=${NSA_IP} 882 log_start 883 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 884 sleep 1 885 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a} 886 log_test_addr ${a} $? 0 "Device server, device client, local connection" 887 888 log_start 889 show_hint "Should fail 'Connection refused'" 890 run_cmd nettest -d ${NSA_DEV} -r ${a} 891 log_test_addr ${a} $? 1 "No server, device client, local conn" 892} 893 894ipv4_tcp_vrf() 895{ 896 local a 897 898 # disable global server 899 log_subsection "Global server disabled" 900 901 set_sysctl net.ipv4.tcp_l3mdev_accept=0 902 903 # 904 # server tests 905 # 906 for a in ${NSA_IP} ${VRF_IP} 907 do 908 log_start 909 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 910 run_cmd nettest -s & 911 sleep 1 912 run_cmd_nsb nettest -r ${a} 913 log_test_addr ${a} $? 1 "Global server" 914 915 log_start 916 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 917 sleep 1 918 run_cmd_nsb nettest -r ${a} 919 log_test_addr ${a} $? 0 "VRF server" 920 921 log_start 922 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 923 sleep 1 924 run_cmd_nsb nettest -r ${a} 925 log_test_addr ${a} $? 0 "Device server" 926 927 # verify TCP reset received 928 log_start 929 show_hint "Should fail 'Connection refused' since there is no server" 930 run_cmd_nsb nettest -r ${a} 931 log_test_addr ${a} $? 1 "No server" 932 done 933 934 # local address tests 935 # (${VRF_IP} and 127.0.0.1 both timeout) 936 a=${NSA_IP} 937 log_start 938 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 939 run_cmd nettest -s & 940 sleep 1 941 run_cmd nettest -r ${a} -d ${NSA_DEV} 942 log_test_addr ${a} $? 1 "Global server, local connection" 943 944 # 945 # enable VRF global server 946 # 947 log_subsection "VRF Global server enabled" 948 set_sysctl net.ipv4.tcp_l3mdev_accept=1 949 950 for a in ${NSA_IP} ${VRF_IP} 951 do 952 log_start 953 show_hint "client socket should be bound to VRF" 954 run_cmd nettest -s -2 ${VRF} & 955 sleep 1 956 run_cmd_nsb nettest -r ${a} 957 log_test_addr ${a} $? 0 "Global server" 958 959 log_start 960 show_hint "client socket should be bound to VRF" 961 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 962 sleep 1 963 run_cmd_nsb nettest -r ${a} 964 log_test_addr ${a} $? 0 "VRF server" 965 966 # verify TCP reset received 967 log_start 968 show_hint "Should fail 'Connection refused'" 969 run_cmd_nsb nettest -r ${a} 970 log_test_addr ${a} $? 1 "No server" 971 done 972 973 a=${NSA_IP} 974 log_start 975 show_hint "client socket should be bound to device" 976 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 977 sleep 1 978 run_cmd_nsb nettest -r ${a} 979 log_test_addr ${a} $? 0 "Device server" 980 981 # local address tests 982 for a in ${NSA_IP} ${VRF_IP} 983 do 984 log_start 985 show_hint "Should fail 'No route to host' since client is not bound to VRF" 986 run_cmd nettest -s -2 ${VRF} & 987 sleep 1 988 run_cmd nettest -r ${a} 989 log_test_addr ${a} $? 1 "Global server, local connection" 990 done 991 992 # 993 # client 994 # 995 for a in ${NSB_IP} ${NSB_LO_IP} 996 do 997 log_start 998 run_cmd_nsb nettest -s & 999 sleep 1 1000 run_cmd nettest -r ${a} -d ${VRF} 1001 log_test_addr ${a} $? 0 "Client, VRF bind" 1002 1003 log_start 1004 run_cmd_nsb nettest -s & 1005 sleep 1 1006 run_cmd nettest -r ${a} -d ${NSA_DEV} 1007 log_test_addr ${a} $? 0 "Client, device bind" 1008 1009 log_start 1010 show_hint "Should fail 'Connection refused'" 1011 run_cmd nettest -r ${a} -d ${VRF} 1012 log_test_addr ${a} $? 1 "No server, VRF client" 1013 1014 log_start 1015 show_hint "Should fail 'Connection refused'" 1016 run_cmd nettest -r ${a} -d ${NSA_DEV} 1017 log_test_addr ${a} $? 1 "No server, device client" 1018 done 1019 1020 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 1021 do 1022 log_start 1023 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1024 sleep 1 1025 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 1026 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 1027 done 1028 1029 a=${NSA_IP} 1030 log_start 1031 run_cmd nettest -s -d ${VRF} -2 ${VRF} & 1032 sleep 1 1033 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 1034 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 1035 1036 log_start 1037 show_hint "Should fail 'No route to host' since client is out of VRF scope" 1038 run_cmd nettest -s -d ${VRF} & 1039 sleep 1 1040 run_cmd nettest -r ${a} 1041 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 1042 1043 log_start 1044 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1045 sleep 1 1046 run_cmd nettest -r ${a} -d ${VRF} -0 ${a} 1047 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 1048 1049 log_start 1050 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1051 sleep 1 1052 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a} 1053 log_test_addr ${a} $? 0 "Device server, device client, local connection" 1054} 1055 1056ipv4_tcp() 1057{ 1058 log_section "IPv4/TCP" 1059 log_subsection "No VRF" 1060 setup 1061 1062 # tcp_l3mdev_accept should have no affect without VRF; 1063 # run tests with it enabled and disabled to verify 1064 log_subsection "tcp_l3mdev_accept disabled" 1065 set_sysctl net.ipv4.tcp_l3mdev_accept=0 1066 ipv4_tcp_novrf 1067 log_subsection "tcp_l3mdev_accept enabled" 1068 set_sysctl net.ipv4.tcp_l3mdev_accept=1 1069 ipv4_tcp_novrf 1070 1071 log_subsection "With VRF" 1072 setup "yes" 1073 ipv4_tcp_vrf 1074} 1075 1076################################################################################ 1077# IPv4 UDP 1078 1079ipv4_udp_novrf() 1080{ 1081 local a 1082 1083 # 1084 # server tests 1085 # 1086 for a in ${NSA_IP} ${NSA_LO_IP} 1087 do 1088 log_start 1089 run_cmd nettest -D -s -2 ${NSA_DEV} & 1090 sleep 1 1091 run_cmd_nsb nettest -D -r ${a} 1092 log_test_addr ${a} $? 0 "Global server" 1093 1094 log_start 1095 show_hint "Should fail 'Connection refused' since there is no server" 1096 run_cmd_nsb nettest -D -r ${a} 1097 log_test_addr ${a} $? 1 "No server" 1098 done 1099 1100 a=${NSA_IP} 1101 log_start 1102 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1103 sleep 1 1104 run_cmd_nsb nettest -D -r ${a} 1105 log_test_addr ${a} $? 0 "Device server" 1106 1107 # 1108 # client 1109 # 1110 for a in ${NSB_IP} ${NSB_LO_IP} 1111 do 1112 log_start 1113 run_cmd_nsb nettest -D -s & 1114 sleep 1 1115 run_cmd nettest -D -r ${a} -0 ${NSA_IP} 1116 log_test_addr ${a} $? 0 "Client" 1117 1118 log_start 1119 run_cmd_nsb nettest -D -s & 1120 sleep 1 1121 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP} 1122 log_test_addr ${a} $? 0 "Client, device bind" 1123 1124 log_start 1125 run_cmd_nsb nettest -D -s & 1126 sleep 1 1127 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP} 1128 log_test_addr ${a} $? 0 "Client, device send via cmsg" 1129 1130 log_start 1131 run_cmd_nsb nettest -D -s & 1132 sleep 1 1133 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} 1134 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF" 1135 1136 log_start 1137 show_hint "Should fail 'Connection refused'" 1138 run_cmd nettest -D -r ${a} 1139 log_test_addr ${a} $? 1 "No server, unbound client" 1140 1141 log_start 1142 show_hint "Should fail 'Connection refused'" 1143 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1144 log_test_addr ${a} $? 1 "No server, device client" 1145 done 1146 1147 # 1148 # local address tests 1149 # 1150 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1 1151 do 1152 log_start 1153 run_cmd nettest -D -s & 1154 sleep 1 1155 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a} 1156 log_test_addr ${a} $? 0 "Global server, local connection" 1157 done 1158 1159 a=${NSA_IP} 1160 log_start 1161 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1162 sleep 1 1163 run_cmd nettest -D -r ${a} 1164 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 1165 1166 for a in ${NSA_LO_IP} 127.0.0.1 1167 do 1168 log_start 1169 show_hint "Should fail 'Connection refused' since address is out of device scope" 1170 run_cmd nettest -s -D -d ${NSA_DEV} & 1171 sleep 1 1172 run_cmd nettest -D -r ${a} 1173 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 1174 done 1175 1176 a=${NSA_IP} 1177 log_start 1178 run_cmd nettest -s -D & 1179 sleep 1 1180 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1181 log_test_addr ${a} $? 0 "Global server, device client, local connection" 1182 1183 log_start 1184 run_cmd nettest -s -D & 1185 sleep 1 1186 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a} 1187 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 1188 1189 log_start 1190 run_cmd nettest -s -D & 1191 sleep 1 1192 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} 1193 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection" 1194 1195 # IPv4 with device bind has really weird behavior - it overrides the 1196 # fib lookup, generates an rtable and tries to send the packet. This 1197 # causes failures for local traffic at different places 1198 for a in ${NSA_LO_IP} 127.0.0.1 1199 do 1200 log_start 1201 show_hint "Should fail since addresses on loopback are out of device scope" 1202 run_cmd nettest -D -s & 1203 sleep 1 1204 run_cmd nettest -D -r ${a} -d ${NSA_DEV} 1205 log_test_addr ${a} $? 2 "Global server, device client, local connection" 1206 1207 log_start 1208 show_hint "Should fail since addresses on loopback are out of device scope" 1209 run_cmd nettest -D -s & 1210 sleep 1 1211 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C 1212 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 1213 1214 log_start 1215 show_hint "Should fail since addresses on loopback are out of device scope" 1216 run_cmd nettest -D -s & 1217 sleep 1 1218 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S 1219 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 1220 done 1221 1222 a=${NSA_IP} 1223 log_start 1224 run_cmd nettest -D -s -d ${NSA_DEV} -2 ${NSA_DEV} & 1225 sleep 1 1226 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a} 1227 log_test_addr ${a} $? 0 "Device server, device client, local conn" 1228 1229 log_start 1230 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1231 log_test_addr ${a} $? 2 "No server, device client, local conn" 1232} 1233 1234ipv4_udp_vrf() 1235{ 1236 local a 1237 1238 # disable global server 1239 log_subsection "Global server disabled" 1240 set_sysctl net.ipv4.udp_l3mdev_accept=0 1241 1242 # 1243 # server tests 1244 # 1245 for a in ${NSA_IP} ${VRF_IP} 1246 do 1247 log_start 1248 show_hint "Fails because ingress is in a VRF and global server is disabled" 1249 run_cmd nettest -D -s & 1250 sleep 1 1251 run_cmd_nsb nettest -D -r ${a} 1252 log_test_addr ${a} $? 1 "Global server" 1253 1254 log_start 1255 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} & 1256 sleep 1 1257 run_cmd_nsb nettest -D -r ${a} 1258 log_test_addr ${a} $? 0 "VRF server" 1259 1260 log_start 1261 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1262 sleep 1 1263 run_cmd_nsb nettest -D -r ${a} 1264 log_test_addr ${a} $? 0 "Enslaved device server" 1265 1266 log_start 1267 show_hint "Should fail 'Connection refused' since there is no server" 1268 run_cmd_nsb nettest -D -r ${a} 1269 log_test_addr ${a} $? 1 "No server" 1270 1271 log_start 1272 show_hint "Should fail 'Connection refused' since global server is out of scope" 1273 run_cmd nettest -D -s & 1274 sleep 1 1275 run_cmd nettest -D -d ${VRF} -r ${a} 1276 log_test_addr ${a} $? 1 "Global server, VRF client, local connection" 1277 done 1278 1279 a=${NSA_IP} 1280 log_start 1281 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1282 sleep 1 1283 run_cmd nettest -D -d ${VRF} -r ${a} 1284 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1285 1286 log_start 1287 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1288 sleep 1 1289 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1290 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection" 1291 1292 a=${NSA_IP} 1293 log_start 1294 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1295 sleep 1 1296 run_cmd nettest -D -d ${VRF} -r ${a} 1297 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1298 1299 log_start 1300 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1301 sleep 1 1302 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1303 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1304 1305 # enable global server 1306 log_subsection "Global server enabled" 1307 set_sysctl net.ipv4.udp_l3mdev_accept=1 1308 1309 # 1310 # server tests 1311 # 1312 for a in ${NSA_IP} ${VRF_IP} 1313 do 1314 log_start 1315 run_cmd nettest -D -s -2 ${NSA_DEV} & 1316 sleep 1 1317 run_cmd_nsb nettest -D -r ${a} 1318 log_test_addr ${a} $? 0 "Global server" 1319 1320 log_start 1321 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} & 1322 sleep 1 1323 run_cmd_nsb nettest -D -r ${a} 1324 log_test_addr ${a} $? 0 "VRF server" 1325 1326 log_start 1327 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 1328 sleep 1 1329 run_cmd_nsb nettest -D -r ${a} 1330 log_test_addr ${a} $? 0 "Enslaved device server" 1331 1332 log_start 1333 show_hint "Should fail 'Connection refused'" 1334 run_cmd_nsb nettest -D -r ${a} 1335 log_test_addr ${a} $? 1 "No server" 1336 done 1337 1338 # 1339 # client tests 1340 # 1341 log_start 1342 run_cmd_nsb nettest -D -s & 1343 sleep 1 1344 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP} 1345 log_test $? 0 "VRF client" 1346 1347 log_start 1348 run_cmd_nsb nettest -D -s & 1349 sleep 1 1350 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP} 1351 log_test $? 0 "Enslaved device client" 1352 1353 # negative test - should fail 1354 log_start 1355 show_hint "Should fail 'Connection refused'" 1356 run_cmd nettest -D -d ${VRF} -r ${NSB_IP} 1357 log_test $? 1 "No server, VRF client" 1358 1359 log_start 1360 show_hint "Should fail 'Connection refused'" 1361 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP} 1362 log_test $? 1 "No server, enslaved device client" 1363 1364 # 1365 # local address tests 1366 # 1367 a=${NSA_IP} 1368 log_start 1369 run_cmd nettest -D -s -2 ${NSA_DEV} & 1370 sleep 1 1371 run_cmd nettest -D -d ${VRF} -r ${a} 1372 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1373 1374 log_start 1375 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1376 sleep 1 1377 run_cmd nettest -D -d ${VRF} -r ${a} 1378 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1379 1380 log_start 1381 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} & 1382 sleep 1 1383 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1384 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 1385 1386 log_start 1387 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1388 sleep 1 1389 run_cmd nettest -D -d ${VRF} -r ${a} 1390 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 1391 1392 log_start 1393 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 1394 sleep 1 1395 run_cmd nettest -D -d ${NSA_DEV} -r ${a} 1396 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 1397 1398 for a in ${VRF_IP} 127.0.0.1 1399 do 1400 log_start 1401 run_cmd nettest -D -s -2 ${VRF} & 1402 sleep 1 1403 run_cmd nettest -D -d ${VRF} -r ${a} 1404 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 1405 done 1406 1407 for a in ${VRF_IP} 127.0.0.1 1408 do 1409 log_start 1410 run_cmd nettest -s -D -d ${VRF} -2 ${VRF} & 1411 sleep 1 1412 run_cmd nettest -D -d ${VRF} -r ${a} 1413 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 1414 done 1415 1416 # negative test - should fail 1417 # verifies ECONNREFUSED 1418 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1 1419 do 1420 log_start 1421 show_hint "Should fail 'Connection refused'" 1422 run_cmd nettest -D -d ${VRF} -r ${a} 1423 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 1424 done 1425} 1426 1427ipv4_udp() 1428{ 1429 log_section "IPv4/UDP" 1430 log_subsection "No VRF" 1431 1432 setup 1433 1434 # udp_l3mdev_accept should have no affect without VRF; 1435 # run tests with it enabled and disabled to verify 1436 log_subsection "udp_l3mdev_accept disabled" 1437 set_sysctl net.ipv4.udp_l3mdev_accept=0 1438 ipv4_udp_novrf 1439 log_subsection "udp_l3mdev_accept enabled" 1440 set_sysctl net.ipv4.udp_l3mdev_accept=1 1441 ipv4_udp_novrf 1442 1443 log_subsection "With VRF" 1444 setup "yes" 1445 ipv4_udp_vrf 1446} 1447 1448################################################################################ 1449# IPv4 address bind 1450# 1451# verifies ability or inability to bind to an address / device 1452 1453ipv4_addr_bind_novrf() 1454{ 1455 # 1456 # raw socket 1457 # 1458 for a in ${NSA_IP} ${NSA_LO_IP} 1459 do 1460 log_start 1461 run_cmd nettest -s -R -P icmp -l ${a} -b 1462 log_test_addr ${a} $? 0 "Raw socket bind to local address" 1463 1464 log_start 1465 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b 1466 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1467 done 1468 1469 # 1470 # tcp sockets 1471 # 1472 a=${NSA_IP} 1473 log_start 1474 run_cmd nettest -l ${a} -r ${NSB_IP} -t1 -b 1475 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1476 1477 log_start 1478 run_cmd nettest -l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b 1479 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1480 1481 # Sadly, the kernel allows binding a socket to a device and then 1482 # binding to an address not on the device. The only restriction 1483 # is that the address is valid in the L3 domain. So this test 1484 # passes when it really should not 1485 #a=${NSA_LO_IP} 1486 #log_start 1487 #show_hint "Should fail with 'Cannot assign requested address'" 1488 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1489 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address" 1490} 1491 1492ipv4_addr_bind_vrf() 1493{ 1494 # 1495 # raw socket 1496 # 1497 for a in ${NSA_IP} ${VRF_IP} 1498 do 1499 log_start 1500 show_hint "Socket not bound to VRF, but address is in VRF" 1501 run_cmd nettest -s -R -P icmp -l ${a} -b 1502 log_test_addr ${a} $? 1 "Raw socket bind to local address" 1503 1504 log_start 1505 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b 1506 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 1507 log_start 1508 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b 1509 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind" 1510 done 1511 1512 a=${NSA_LO_IP} 1513 log_start 1514 show_hint "Address on loopback is out of VRF scope" 1515 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b 1516 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind" 1517 1518 # 1519 # tcp sockets 1520 # 1521 for a in ${NSA_IP} ${VRF_IP} 1522 do 1523 log_start 1524 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b 1525 log_test_addr ${a} $? 0 "TCP socket bind to local address" 1526 1527 log_start 1528 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1529 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 1530 done 1531 1532 a=${NSA_LO_IP} 1533 log_start 1534 show_hint "Address on loopback out of scope for VRF" 1535 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b 1536 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 1537 1538 log_start 1539 show_hint "Address on loopback out of scope for device in VRF" 1540 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b 1541 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 1542} 1543 1544ipv4_addr_bind() 1545{ 1546 log_section "IPv4 address binds" 1547 1548 log_subsection "No VRF" 1549 setup 1550 ipv4_addr_bind_novrf 1551 1552 log_subsection "With VRF" 1553 setup "yes" 1554 ipv4_addr_bind_vrf 1555} 1556 1557################################################################################ 1558# IPv4 runtime tests 1559 1560ipv4_rt() 1561{ 1562 local desc="$1" 1563 local varg="$2" 1564 local with_vrf="yes" 1565 local a 1566 1567 # 1568 # server tests 1569 # 1570 for a in ${NSA_IP} ${VRF_IP} 1571 do 1572 log_start 1573 run_cmd nettest ${varg} -s & 1574 sleep 1 1575 run_cmd_nsb nettest ${varg} -r ${a} & 1576 sleep 3 1577 run_cmd ip link del ${VRF} 1578 sleep 1 1579 log_test_addr ${a} 0 0 "${desc}, global server" 1580 1581 setup ${with_vrf} 1582 done 1583 1584 for a in ${NSA_IP} ${VRF_IP} 1585 do 1586 log_start 1587 run_cmd nettest ${varg} -s -d ${VRF} & 1588 sleep 1 1589 run_cmd_nsb nettest ${varg} -r ${a} & 1590 sleep 3 1591 run_cmd ip link del ${VRF} 1592 sleep 1 1593 log_test_addr ${a} 0 0 "${desc}, VRF server" 1594 1595 setup ${with_vrf} 1596 done 1597 1598 a=${NSA_IP} 1599 log_start 1600 run_cmd nettest ${varg} -s -d ${NSA_DEV} & 1601 sleep 1 1602 run_cmd_nsb nettest ${varg} -r ${a} & 1603 sleep 3 1604 run_cmd ip link del ${VRF} 1605 sleep 1 1606 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 1607 1608 setup ${with_vrf} 1609 1610 # 1611 # client test 1612 # 1613 log_start 1614 run_cmd_nsb nettest ${varg} -s & 1615 sleep 1 1616 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} & 1617 sleep 3 1618 run_cmd ip link del ${VRF} 1619 sleep 1 1620 log_test_addr ${a} 0 0 "${desc}, VRF client" 1621 1622 setup ${with_vrf} 1623 1624 log_start 1625 run_cmd_nsb nettest ${varg} -s & 1626 sleep 1 1627 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} & 1628 sleep 3 1629 run_cmd ip link del ${VRF} 1630 sleep 1 1631 log_test_addr ${a} 0 0 "${desc}, enslaved device client" 1632 1633 setup ${with_vrf} 1634 1635 # 1636 # local address tests 1637 # 1638 for a in ${NSA_IP} ${VRF_IP} 1639 do 1640 log_start 1641 run_cmd nettest ${varg} -s & 1642 sleep 1 1643 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1644 sleep 3 1645 run_cmd ip link del ${VRF} 1646 sleep 1 1647 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local" 1648 1649 setup ${with_vrf} 1650 done 1651 1652 for a in ${NSA_IP} ${VRF_IP} 1653 do 1654 log_start 1655 run_cmd nettest ${varg} -d ${VRF} -s & 1656 sleep 1 1657 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 1658 sleep 3 1659 run_cmd ip link del ${VRF} 1660 sleep 1 1661 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local" 1662 1663 setup ${with_vrf} 1664 done 1665 1666 a=${NSA_IP} 1667 log_start 1668 run_cmd nettest ${varg} -s & 1669 sleep 1 1670 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1671 sleep 3 1672 run_cmd ip link del ${VRF} 1673 sleep 1 1674 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local" 1675 1676 setup ${with_vrf} 1677 1678 log_start 1679 run_cmd nettest ${varg} -d ${VRF} -s & 1680 sleep 1 1681 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1682 sleep 3 1683 run_cmd ip link del ${VRF} 1684 sleep 1 1685 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local" 1686 1687 setup ${with_vrf} 1688 1689 log_start 1690 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 1691 sleep 1 1692 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 1693 sleep 3 1694 run_cmd ip link del ${VRF} 1695 sleep 1 1696 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local" 1697} 1698 1699ipv4_ping_rt() 1700{ 1701 local with_vrf="yes" 1702 local a 1703 1704 for a in ${NSA_IP} ${VRF_IP} 1705 do 1706 log_start 1707 run_cmd_nsb ping -f ${a} & 1708 sleep 3 1709 run_cmd ip link del ${VRF} 1710 sleep 1 1711 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 1712 1713 setup ${with_vrf} 1714 done 1715 1716 a=${NSB_IP} 1717 log_start 1718 run_cmd ping -f -I ${VRF} ${a} & 1719 sleep 3 1720 run_cmd ip link del ${VRF} 1721 sleep 1 1722 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 1723} 1724 1725ipv4_runtime() 1726{ 1727 log_section "Run time tests - ipv4" 1728 1729 setup "yes" 1730 ipv4_ping_rt 1731 1732 setup "yes" 1733 ipv4_rt "TCP active socket" "-n -1" 1734 1735 setup "yes" 1736 ipv4_rt "TCP passive socket" "-i" 1737} 1738 1739################################################################################ 1740# IPv6 1741 1742ipv6_ping_novrf() 1743{ 1744 local a 1745 1746 # should not have an impact, but make a known state 1747 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null 1748 1749 # 1750 # out 1751 # 1752 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1753 do 1754 log_start 1755 run_cmd ${ping6} -c1 -w1 ${a} 1756 log_test_addr ${a} $? 0 "ping out" 1757 done 1758 1759 for a in ${NSB_IP6} ${NSB_LO_IP6} 1760 do 1761 log_start 1762 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1763 log_test_addr ${a} $? 0 "ping out, device bind" 1764 1765 log_start 1766 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a} 1767 log_test_addr ${a} $? 0 "ping out, loopback address bind" 1768 done 1769 1770 # 1771 # in 1772 # 1773 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 1774 do 1775 log_start 1776 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1777 log_test_addr ${a} $? 0 "ping in" 1778 done 1779 1780 # 1781 # local traffic, local address 1782 # 1783 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1784 do 1785 log_start 1786 run_cmd ${ping6} -c1 -w1 ${a} 1787 log_test_addr ${a} $? 0 "ping local, no bind" 1788 done 1789 1790 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1791 do 1792 log_start 1793 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1794 log_test_addr ${a} $? 0 "ping local, device bind" 1795 done 1796 1797 for a in ${NSA_LO_IP6} ::1 1798 do 1799 log_start 1800 show_hint "Fails since address on loopback is out of device scope" 1801 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1802 log_test_addr ${a} $? 2 "ping local, device bind" 1803 done 1804 1805 # 1806 # ip rule blocks address 1807 # 1808 log_start 1809 setup_cmd ip -6 rule add pref 32765 from all lookup local 1810 setup_cmd ip -6 rule del pref 0 from all lookup local 1811 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 1812 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 1813 1814 a=${NSB_LO_IP6} 1815 run_cmd ${ping6} -c1 -w1 ${a} 1816 log_test_addr ${a} $? 2 "ping out, blocked by rule" 1817 1818 log_start 1819 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1820 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 1821 1822 a=${NSA_LO_IP6} 1823 log_start 1824 show_hint "Response lost due to ip rule" 1825 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1826 log_test_addr ${a} $? 1 "ping in, blocked by rule" 1827 1828 setup_cmd ip -6 rule add pref 0 from all lookup local 1829 setup_cmd ip -6 rule del pref 32765 from all lookup local 1830 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 1831 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 1832 1833 # 1834 # route blocks reachability to remote address 1835 # 1836 log_start 1837 setup_cmd ip -6 route del ${NSB_LO_IP6} 1838 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10 1839 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10 1840 1841 a=${NSB_LO_IP6} 1842 run_cmd ${ping6} -c1 -w1 ${a} 1843 log_test_addr ${a} $? 2 "ping out, blocked by route" 1844 1845 log_start 1846 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1847 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route" 1848 1849 a=${NSA_LO_IP6} 1850 log_start 1851 show_hint "Response lost due to ip route" 1852 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1853 log_test_addr ${a} $? 1 "ping in, blocked by route" 1854 1855 1856 # 1857 # remove 'remote' routes; fallback to default 1858 # 1859 log_start 1860 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6} 1861 setup_cmd ip -6 ro del unreachable ${NSB_IP6} 1862 1863 a=${NSB_LO_IP6} 1864 run_cmd ${ping6} -c1 -w1 ${a} 1865 log_test_addr ${a} $? 2 "ping out, unreachable route" 1866 1867 log_start 1868 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1869 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 1870} 1871 1872ipv6_ping_vrf() 1873{ 1874 local a 1875 1876 # should default on; does not exist on older kernels 1877 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null 1878 1879 # 1880 # out 1881 # 1882 for a in ${NSB_IP6} ${NSB_LO_IP6} 1883 do 1884 log_start 1885 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 1886 log_test_addr ${a} $? 0 "ping out, VRF bind" 1887 done 1888 1889 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF} 1890 do 1891 log_start 1892 show_hint "Fails since VRF device does not support linklocal or multicast" 1893 run_cmd ${ping6} -c1 -w1 ${a} 1894 log_test_addr ${a} $? 1 "ping out, VRF bind" 1895 done 1896 1897 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1898 do 1899 log_start 1900 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1901 log_test_addr ${a} $? 0 "ping out, device bind" 1902 done 1903 1904 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 1905 do 1906 log_start 1907 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a} 1908 log_test_addr ${a} $? 0 "ping out, vrf device+address bind" 1909 done 1910 1911 # 1912 # in 1913 # 1914 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV} 1915 do 1916 log_start 1917 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1918 log_test_addr ${a} $? 0 "ping in" 1919 done 1920 1921 a=${NSA_LO_IP6} 1922 log_start 1923 show_hint "Fails since loopback address is out of VRF scope" 1924 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1925 log_test_addr ${a} $? 1 "ping in" 1926 1927 # 1928 # local traffic, local address 1929 # 1930 for a in ${NSA_IP6} ${VRF_IP6} ::1 1931 do 1932 log_start 1933 show_hint "Source address should be ${a}" 1934 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a} 1935 log_test_addr ${a} $? 0 "ping local, VRF bind" 1936 done 1937 1938 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} 1939 do 1940 log_start 1941 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1942 log_test_addr ${a} $? 0 "ping local, device bind" 1943 done 1944 1945 # LLA to GUA - remove ipv6 global addresses from ns-B 1946 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 1947 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo 1948 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 1949 1950 for a in ${NSA_IP6} ${VRF_IP6} 1951 do 1952 log_start 1953 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 1954 log_test_addr ${a} $? 0 "ping in, LLA to GUA" 1955 done 1956 1957 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV} 1958 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} 1959 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo 1960 1961 # 1962 # ip rule blocks address 1963 # 1964 log_start 1965 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit 1966 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit 1967 1968 a=${NSB_LO_IP6} 1969 run_cmd ${ping6} -c1 -w1 ${a} 1970 log_test_addr ${a} $? 2 "ping out, blocked by rule" 1971 1972 log_start 1973 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1974 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule" 1975 1976 a=${NSA_LO_IP6} 1977 log_start 1978 show_hint "Response lost due to ip rule" 1979 run_cmd_nsb ${ping6} -c1 -w1 ${a} 1980 log_test_addr ${a} $? 1 "ping in, blocked by rule" 1981 1982 log_start 1983 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit 1984 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit 1985 1986 # 1987 # remove 'remote' routes; fallback to default 1988 # 1989 log_start 1990 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF} 1991 1992 a=${NSB_LO_IP6} 1993 run_cmd ${ping6} -c1 -w1 ${a} 1994 log_test_addr ${a} $? 2 "ping out, unreachable route" 1995 1996 log_start 1997 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a} 1998 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route" 1999 2000 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6} 2001 a=${NSA_LO_IP6} 2002 log_start 2003 run_cmd_nsb ${ping6} -c1 -w1 ${a} 2004 log_test_addr ${a} $? 2 "ping in, unreachable route" 2005} 2006 2007ipv6_ping() 2008{ 2009 log_section "IPv6 ping" 2010 2011 log_subsection "No VRF" 2012 setup 2013 ipv6_ping_novrf 2014 setup 2015 set_sysctl net.ipv4.ping_group_range='0 2147483647' 2>/dev/null 2016 ipv6_ping_novrf 2017 2018 log_subsection "With VRF" 2019 setup "yes" 2020 ipv6_ping_vrf 2021 setup "yes" 2022 set_sysctl net.ipv4.ping_group_range='0 2147483647' 2>/dev/null 2023 ipv6_ping_vrf 2024} 2025 2026################################################################################ 2027# IPv6 TCP 2028 2029ipv6_tcp_novrf() 2030{ 2031 local a 2032 2033 # 2034 # server tests 2035 # 2036 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2037 do 2038 log_start 2039 run_cmd nettest -6 -s & 2040 sleep 1 2041 run_cmd_nsb nettest -6 -r ${a} 2042 log_test_addr ${a} $? 0 "Global server" 2043 done 2044 2045 # verify TCP reset received 2046 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2047 do 2048 log_start 2049 show_hint "Should fail 'Connection refused'" 2050 run_cmd_nsb nettest -6 -r ${a} 2051 log_test_addr ${a} $? 1 "No server" 2052 done 2053 2054 # 2055 # client 2056 # 2057 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2058 do 2059 log_start 2060 run_cmd_nsb nettest -6 -s & 2061 sleep 1 2062 run_cmd nettest -6 -r ${a} 2063 log_test_addr ${a} $? 0 "Client" 2064 done 2065 2066 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2067 do 2068 log_start 2069 run_cmd_nsb nettest -6 -s & 2070 sleep 1 2071 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2072 log_test_addr ${a} $? 0 "Client, device bind" 2073 done 2074 2075 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2076 do 2077 log_start 2078 show_hint "Should fail 'Connection refused'" 2079 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2080 log_test_addr ${a} $? 1 "No server, device client" 2081 done 2082 2083 # 2084 # local address tests 2085 # 2086 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2087 do 2088 log_start 2089 run_cmd nettest -6 -s & 2090 sleep 1 2091 run_cmd nettest -6 -r ${a} 2092 log_test_addr ${a} $? 0 "Global server, local connection" 2093 done 2094 2095 a=${NSA_IP6} 2096 log_start 2097 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2098 sleep 1 2099 run_cmd nettest -6 -r ${a} -0 ${a} 2100 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2101 2102 for a in ${NSA_LO_IP6} ::1 2103 do 2104 log_start 2105 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2106 run_cmd nettest -6 -s -d ${NSA_DEV} & 2107 sleep 1 2108 run_cmd nettest -6 -r ${a} 2109 log_test_addr ${a} $? 1 "Device server, unbound client, local connection" 2110 done 2111 2112 a=${NSA_IP6} 2113 log_start 2114 run_cmd nettest -6 -s & 2115 sleep 1 2116 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2117 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2118 2119 for a in ${NSA_LO_IP6} ::1 2120 do 2121 log_start 2122 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope" 2123 run_cmd nettest -6 -s & 2124 sleep 1 2125 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2126 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2127 done 2128 2129 for a in ${NSA_IP6} ${NSA_LINKIP6} 2130 do 2131 log_start 2132 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2133 sleep 1 2134 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2135 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2136 done 2137 2138 for a in ${NSA_IP6} ${NSA_LINKIP6} 2139 do 2140 log_start 2141 show_hint "Should fail 'Connection refused'" 2142 run_cmd nettest -6 -d ${NSA_DEV} -r ${a} 2143 log_test_addr ${a} $? 1 "No server, device client, local conn" 2144 done 2145} 2146 2147ipv6_tcp_vrf() 2148{ 2149 local a 2150 2151 # disable global server 2152 log_subsection "Global server disabled" 2153 2154 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2155 2156 # 2157 # server tests 2158 # 2159 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2160 do 2161 log_start 2162 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2163 run_cmd nettest -6 -s & 2164 sleep 1 2165 run_cmd_nsb nettest -6 -r ${a} 2166 log_test_addr ${a} $? 1 "Global server" 2167 done 2168 2169 for a in ${NSA_IP6} ${VRF_IP6} 2170 do 2171 log_start 2172 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2173 sleep 1 2174 run_cmd_nsb nettest -6 -r ${a} 2175 log_test_addr ${a} $? 0 "VRF server" 2176 done 2177 2178 # link local is always bound to ingress device 2179 a=${NSA_LINKIP6}%${NSB_DEV} 2180 log_start 2181 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} & 2182 sleep 1 2183 run_cmd_nsb nettest -6 -r ${a} 2184 log_test_addr ${a} $? 0 "VRF server" 2185 2186 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2187 do 2188 log_start 2189 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2190 sleep 1 2191 run_cmd_nsb nettest -6 -r ${a} 2192 log_test_addr ${a} $? 0 "Device server" 2193 done 2194 2195 # verify TCP reset received 2196 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2197 do 2198 log_start 2199 show_hint "Should fail 'Connection refused'" 2200 run_cmd_nsb nettest -6 -r ${a} 2201 log_test_addr ${a} $? 1 "No server" 2202 done 2203 2204 # local address tests 2205 a=${NSA_IP6} 2206 log_start 2207 show_hint "Should fail 'Connection refused' since global server with VRF is disabled" 2208 run_cmd nettest -6 -s & 2209 sleep 1 2210 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2211 log_test_addr ${a} $? 1 "Global server, local connection" 2212 2213 # 2214 # enable VRF global server 2215 # 2216 log_subsection "VRF Global server enabled" 2217 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2218 2219 for a in ${NSA_IP6} ${VRF_IP6} 2220 do 2221 log_start 2222 run_cmd nettest -6 -s -2 ${VRF} & 2223 sleep 1 2224 run_cmd_nsb nettest -6 -r ${a} 2225 log_test_addr ${a} $? 0 "Global server" 2226 done 2227 2228 for a in ${NSA_IP6} ${VRF_IP6} 2229 do 2230 log_start 2231 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2232 sleep 1 2233 run_cmd_nsb nettest -6 -r ${a} 2234 log_test_addr ${a} $? 0 "VRF server" 2235 done 2236 2237 # For LLA, child socket is bound to device 2238 a=${NSA_LINKIP6}%${NSB_DEV} 2239 log_start 2240 run_cmd nettest -6 -s -2 ${NSA_DEV} & 2241 sleep 1 2242 run_cmd_nsb nettest -6 -r ${a} 2243 log_test_addr ${a} $? 0 "Global server" 2244 2245 log_start 2246 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} & 2247 sleep 1 2248 run_cmd_nsb nettest -6 -r ${a} 2249 log_test_addr ${a} $? 0 "VRF server" 2250 2251 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2252 do 2253 log_start 2254 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2255 sleep 1 2256 run_cmd_nsb nettest -6 -r ${a} 2257 log_test_addr ${a} $? 0 "Device server" 2258 done 2259 2260 # verify TCP reset received 2261 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2262 do 2263 log_start 2264 show_hint "Should fail 'Connection refused'" 2265 run_cmd_nsb nettest -6 -r ${a} 2266 log_test_addr ${a} $? 1 "No server" 2267 done 2268 2269 # local address tests 2270 for a in ${NSA_IP6} ${VRF_IP6} 2271 do 2272 log_start 2273 show_hint "Fails 'No route to host' since client is not in VRF" 2274 run_cmd nettest -6 -s -2 ${VRF} & 2275 sleep 1 2276 run_cmd nettest -6 -r ${a} 2277 log_test_addr ${a} $? 1 "Global server, local connection" 2278 done 2279 2280 2281 # 2282 # client 2283 # 2284 for a in ${NSB_IP6} ${NSB_LO_IP6} 2285 do 2286 log_start 2287 run_cmd_nsb nettest -6 -s & 2288 sleep 1 2289 run_cmd nettest -6 -r ${a} -d ${VRF} 2290 log_test_addr ${a} $? 0 "Client, VRF bind" 2291 done 2292 2293 a=${NSB_LINKIP6} 2294 log_start 2295 show_hint "Fails since VRF device does not allow linklocal addresses" 2296 run_cmd_nsb nettest -6 -s & 2297 sleep 1 2298 run_cmd nettest -6 -r ${a} -d ${VRF} 2299 log_test_addr ${a} $? 1 "Client, VRF bind" 2300 2301 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2302 do 2303 log_start 2304 run_cmd_nsb nettest -6 -s & 2305 sleep 1 2306 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2307 log_test_addr ${a} $? 0 "Client, device bind" 2308 done 2309 2310 for a in ${NSB_IP6} ${NSB_LO_IP6} 2311 do 2312 log_start 2313 show_hint "Should fail 'Connection refused'" 2314 run_cmd nettest -6 -r ${a} -d ${VRF} 2315 log_test_addr ${a} $? 1 "No server, VRF client" 2316 done 2317 2318 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6} 2319 do 2320 log_start 2321 show_hint "Should fail 'Connection refused'" 2322 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} 2323 log_test_addr ${a} $? 1 "No server, device client" 2324 done 2325 2326 for a in ${NSA_IP6} ${VRF_IP6} ::1 2327 do 2328 log_start 2329 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2330 sleep 1 2331 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2332 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection" 2333 done 2334 2335 a=${NSA_IP6} 2336 log_start 2337 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} & 2338 sleep 1 2339 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2340 log_test_addr ${a} $? 0 "VRF server, device client, local connection" 2341 2342 a=${NSA_IP6} 2343 log_start 2344 show_hint "Should fail since unbound client is out of VRF scope" 2345 run_cmd nettest -6 -s -d ${VRF} & 2346 sleep 1 2347 run_cmd nettest -6 -r ${a} 2348 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection" 2349 2350 log_start 2351 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2352 sleep 1 2353 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a} 2354 log_test_addr ${a} $? 0 "Device server, VRF client, local connection" 2355 2356 for a in ${NSA_IP6} ${NSA_LINKIP6} 2357 do 2358 log_start 2359 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2360 sleep 1 2361 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a} 2362 log_test_addr ${a} $? 0 "Device server, device client, local connection" 2363 done 2364} 2365 2366ipv6_tcp() 2367{ 2368 log_section "IPv6/TCP" 2369 log_subsection "No VRF" 2370 setup 2371 2372 # tcp_l3mdev_accept should have no affect without VRF; 2373 # run tests with it enabled and disabled to verify 2374 log_subsection "tcp_l3mdev_accept disabled" 2375 set_sysctl net.ipv4.tcp_l3mdev_accept=0 2376 ipv6_tcp_novrf 2377 log_subsection "tcp_l3mdev_accept enabled" 2378 set_sysctl net.ipv4.tcp_l3mdev_accept=1 2379 ipv6_tcp_novrf 2380 2381 log_subsection "With VRF" 2382 setup "yes" 2383 ipv6_tcp_vrf 2384} 2385 2386################################################################################ 2387# IPv6 UDP 2388 2389ipv6_udp_novrf() 2390{ 2391 local a 2392 2393 # 2394 # server tests 2395 # 2396 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2397 do 2398 log_start 2399 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2400 sleep 1 2401 run_cmd_nsb nettest -6 -D -r ${a} 2402 log_test_addr ${a} $? 0 "Global server" 2403 2404 log_start 2405 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2406 sleep 1 2407 run_cmd_nsb nettest -6 -D -r ${a} 2408 log_test_addr ${a} $? 0 "Device server" 2409 done 2410 2411 a=${NSA_LO_IP6} 2412 log_start 2413 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2414 sleep 1 2415 run_cmd_nsb nettest -6 -D -r ${a} 2416 log_test_addr ${a} $? 0 "Global server" 2417 2418 # should fail since loopback address is out of scope for a device 2419 # bound server, but it does not - hence this is more documenting 2420 # behavior. 2421 #log_start 2422 #show_hint "Should fail since loopback address is out of scope" 2423 #run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2424 #sleep 1 2425 #run_cmd_nsb nettest -6 -D -r ${a} 2426 #log_test_addr ${a} $? 1 "Device server" 2427 2428 # negative test - should fail 2429 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} 2430 do 2431 log_start 2432 show_hint "Should fail 'Connection refused' since there is no server" 2433 run_cmd_nsb nettest -6 -D -r ${a} 2434 log_test_addr ${a} $? 1 "No server" 2435 done 2436 2437 # 2438 # client 2439 # 2440 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} 2441 do 2442 log_start 2443 run_cmd_nsb nettest -6 -D -s & 2444 sleep 1 2445 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6} 2446 log_test_addr ${a} $? 0 "Client" 2447 2448 log_start 2449 run_cmd_nsb nettest -6 -D -s & 2450 sleep 1 2451 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6} 2452 log_test_addr ${a} $? 0 "Client, device bind" 2453 2454 log_start 2455 run_cmd_nsb nettest -6 -D -s & 2456 sleep 1 2457 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6} 2458 log_test_addr ${a} $? 0 "Client, device send via cmsg" 2459 2460 log_start 2461 run_cmd_nsb nettest -6 -D -s & 2462 sleep 1 2463 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6} 2464 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF" 2465 2466 log_start 2467 show_hint "Should fail 'Connection refused'" 2468 run_cmd nettest -6 -D -r ${a} 2469 log_test_addr ${a} $? 1 "No server, unbound client" 2470 2471 log_start 2472 show_hint "Should fail 'Connection refused'" 2473 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2474 log_test_addr ${a} $? 1 "No server, device client" 2475 done 2476 2477 # 2478 # local address tests 2479 # 2480 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 2481 do 2482 log_start 2483 run_cmd nettest -6 -D -s & 2484 sleep 1 2485 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a} 2486 log_test_addr ${a} $? 0 "Global server, local connection" 2487 done 2488 2489 a=${NSA_IP6} 2490 log_start 2491 run_cmd nettest -6 -s -D -d ${NSA_DEV} -2 ${NSA_DEV} & 2492 sleep 1 2493 run_cmd nettest -6 -D -r ${a} 2494 log_test_addr ${a} $? 0 "Device server, unbound client, local connection" 2495 2496 for a in ${NSA_LO_IP6} ::1 2497 do 2498 log_start 2499 show_hint "Should fail 'Connection refused' since address is out of device scope" 2500 run_cmd nettest -6 -s -D -d ${NSA_DEV} & 2501 sleep 1 2502 run_cmd nettest -6 -D -r ${a} 2503 log_test_addr ${a} $? 1 "Device server, local connection" 2504 done 2505 2506 a=${NSA_IP6} 2507 log_start 2508 run_cmd nettest -6 -s -D & 2509 sleep 1 2510 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2511 log_test_addr ${a} $? 0 "Global server, device client, local connection" 2512 2513 log_start 2514 run_cmd nettest -6 -s -D & 2515 sleep 1 2516 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a} 2517 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection" 2518 2519 log_start 2520 run_cmd nettest -6 -s -D & 2521 sleep 1 2522 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a} 2523 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection" 2524 2525 for a in ${NSA_LO_IP6} ::1 2526 do 2527 log_start 2528 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2529 run_cmd nettest -6 -D -s & 2530 sleep 1 2531 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} 2532 log_test_addr ${a} $? 1 "Global server, device client, local connection" 2533 2534 log_start 2535 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2536 run_cmd nettest -6 -D -s & 2537 sleep 1 2538 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C 2539 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection" 2540 2541 log_start 2542 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" 2543 run_cmd nettest -6 -D -s & 2544 sleep 1 2545 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S 2546 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" 2547 done 2548 2549 a=${NSA_IP6} 2550 log_start 2551 run_cmd nettest -6 -D -s -d ${NSA_DEV} -2 ${NSA_DEV} & 2552 sleep 1 2553 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a} 2554 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2555 2556 log_start 2557 show_hint "Should fail 'Connection refused'" 2558 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2559 log_test_addr ${a} $? 1 "No server, device client, local conn" 2560 2561 # LLA to GUA 2562 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 2563 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 2564 log_start 2565 run_cmd nettest -6 -s -D & 2566 sleep 1 2567 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 2568 log_test $? 0 "UDP in - LLA to GUA" 2569 2570 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 2571 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 2572} 2573 2574ipv6_udp_vrf() 2575{ 2576 local a 2577 2578 # disable global server 2579 log_subsection "Global server disabled" 2580 set_sysctl net.ipv4.udp_l3mdev_accept=0 2581 2582 # 2583 # server tests 2584 # 2585 for a in ${NSA_IP6} ${VRF_IP6} 2586 do 2587 log_start 2588 show_hint "Should fail 'Connection refused' since global server is disabled" 2589 run_cmd nettest -6 -D -s & 2590 sleep 1 2591 run_cmd_nsb nettest -6 -D -r ${a} 2592 log_test_addr ${a} $? 1 "Global server" 2593 done 2594 2595 for a in ${NSA_IP6} ${VRF_IP6} 2596 do 2597 log_start 2598 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2599 sleep 1 2600 run_cmd_nsb nettest -6 -D -r ${a} 2601 log_test_addr ${a} $? 0 "VRF server" 2602 done 2603 2604 for a in ${NSA_IP6} ${VRF_IP6} 2605 do 2606 log_start 2607 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2608 sleep 1 2609 run_cmd_nsb nettest -6 -D -r ${a} 2610 log_test_addr ${a} $? 0 "Enslaved device server" 2611 done 2612 2613 # negative test - should fail 2614 for a in ${NSA_IP6} ${VRF_IP6} 2615 do 2616 log_start 2617 show_hint "Should fail 'Connection refused' since there is no server" 2618 run_cmd_nsb nettest -6 -D -r ${a} 2619 log_test_addr ${a} $? 1 "No server" 2620 done 2621 2622 # 2623 # local address tests 2624 # 2625 for a in ${NSA_IP6} ${VRF_IP6} 2626 do 2627 log_start 2628 show_hint "Should fail 'Connection refused' since global server is disabled" 2629 run_cmd nettest -6 -D -s & 2630 sleep 1 2631 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2632 log_test_addr ${a} $? 1 "Global server, VRF client, local conn" 2633 done 2634 2635 for a in ${NSA_IP6} ${VRF_IP6} 2636 do 2637 log_start 2638 run_cmd nettest -6 -D -d ${VRF} -s & 2639 sleep 1 2640 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2641 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 2642 done 2643 2644 a=${NSA_IP6} 2645 log_start 2646 show_hint "Should fail 'Connection refused' since global server is disabled" 2647 run_cmd nettest -6 -D -s & 2648 sleep 1 2649 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2650 log_test_addr ${a} $? 1 "Global server, device client, local conn" 2651 2652 log_start 2653 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2654 sleep 1 2655 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2656 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 2657 2658 log_start 2659 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2660 sleep 1 2661 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2662 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn" 2663 2664 log_start 2665 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2666 sleep 1 2667 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2668 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn" 2669 2670 # disable global server 2671 log_subsection "Global server enabled" 2672 set_sysctl net.ipv4.udp_l3mdev_accept=1 2673 2674 # 2675 # server tests 2676 # 2677 for a in ${NSA_IP6} ${VRF_IP6} 2678 do 2679 log_start 2680 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2681 sleep 1 2682 run_cmd_nsb nettest -6 -D -r ${a} 2683 log_test_addr ${a} $? 0 "Global server" 2684 done 2685 2686 for a in ${NSA_IP6} ${VRF_IP6} 2687 do 2688 log_start 2689 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2690 sleep 1 2691 run_cmd_nsb nettest -6 -D -r ${a} 2692 log_test_addr ${a} $? 0 "VRF server" 2693 done 2694 2695 for a in ${NSA_IP6} ${VRF_IP6} 2696 do 2697 log_start 2698 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2699 sleep 1 2700 run_cmd_nsb nettest -6 -D -r ${a} 2701 log_test_addr ${a} $? 0 "Enslaved device server" 2702 done 2703 2704 # negative test - should fail 2705 for a in ${NSA_IP6} ${VRF_IP6} 2706 do 2707 log_start 2708 run_cmd_nsb nettest -6 -D -r ${a} 2709 log_test_addr ${a} $? 1 "No server" 2710 done 2711 2712 # 2713 # client tests 2714 # 2715 log_start 2716 run_cmd_nsb nettest -6 -D -s & 2717 sleep 1 2718 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 2719 log_test $? 0 "VRF client" 2720 2721 # negative test - should fail 2722 log_start 2723 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6} 2724 log_test $? 1 "No server, VRF client" 2725 2726 log_start 2727 run_cmd_nsb nettest -6 -D -s & 2728 sleep 1 2729 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 2730 log_test $? 0 "Enslaved device client" 2731 2732 # negative test - should fail 2733 log_start 2734 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6} 2735 log_test $? 1 "No server, enslaved device client" 2736 2737 # 2738 # local address tests 2739 # 2740 a=${NSA_IP6} 2741 log_start 2742 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2743 sleep 1 2744 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2745 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 2746 2747 #log_start 2748 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2749 sleep 1 2750 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2751 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 2752 2753 2754 a=${VRF_IP6} 2755 log_start 2756 run_cmd nettest -6 -D -s -2 ${VRF} & 2757 sleep 1 2758 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2759 log_test_addr ${a} $? 0 "Global server, VRF client, local conn" 2760 2761 log_start 2762 run_cmd nettest -6 -D -d ${VRF} -s -2 ${VRF} & 2763 sleep 1 2764 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2765 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn" 2766 2767 # negative test - should fail 2768 for a in ${NSA_IP6} ${VRF_IP6} 2769 do 2770 log_start 2771 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2772 log_test_addr ${a} $? 1 "No server, VRF client, local conn" 2773 done 2774 2775 # device to global IP 2776 a=${NSA_IP6} 2777 log_start 2778 run_cmd nettest -6 -D -s -2 ${NSA_DEV} & 2779 sleep 1 2780 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2781 log_test_addr ${a} $? 0 "Global server, device client, local conn" 2782 2783 log_start 2784 run_cmd nettest -6 -D -d ${VRF} -s -2 ${NSA_DEV} & 2785 sleep 1 2786 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2787 log_test_addr ${a} $? 0 "VRF server, device client, local conn" 2788 2789 log_start 2790 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2791 sleep 1 2792 run_cmd nettest -6 -D -d ${VRF} -r ${a} 2793 log_test_addr ${a} $? 0 "Device server, VRF client, local conn" 2794 2795 log_start 2796 run_cmd nettest -6 -D -d ${NSA_DEV} -s -2 ${NSA_DEV} & 2797 sleep 1 2798 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2799 log_test_addr ${a} $? 0 "Device server, device client, local conn" 2800 2801 log_start 2802 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} 2803 log_test_addr ${a} $? 1 "No server, device client, local conn" 2804 2805 2806 # link local addresses 2807 log_start 2808 run_cmd nettest -6 -D -s & 2809 sleep 1 2810 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 2811 log_test $? 0 "Global server, linklocal IP" 2812 2813 log_start 2814 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6} 2815 log_test $? 1 "No server, linklocal IP" 2816 2817 2818 log_start 2819 run_cmd_nsb nettest -6 -D -s & 2820 sleep 1 2821 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 2822 log_test $? 0 "Enslaved device client, linklocal IP" 2823 2824 log_start 2825 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6} 2826 log_test $? 1 "No server, device client, peer linklocal IP" 2827 2828 2829 log_start 2830 run_cmd nettest -6 -D -s & 2831 sleep 1 2832 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 2833 log_test $? 0 "Enslaved device client, local conn - linklocal IP" 2834 2835 log_start 2836 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6} 2837 log_test $? 1 "No server, device client, local conn - linklocal IP" 2838 2839 # LLA to GUA 2840 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV} 2841 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV} 2842 log_start 2843 run_cmd nettest -6 -s -D & 2844 sleep 1 2845 run_cmd_nsb nettest -6 -D -r ${NSA_IP6} 2846 log_test $? 0 "UDP in - LLA to GUA" 2847 2848 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV} 2849 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad 2850} 2851 2852ipv6_udp() 2853{ 2854 # should not matter, but set to known state 2855 set_sysctl net.ipv4.udp_early_demux=1 2856 2857 log_section "IPv6/UDP" 2858 log_subsection "No VRF" 2859 setup 2860 2861 # udp_l3mdev_accept should have no affect without VRF; 2862 # run tests with it enabled and disabled to verify 2863 log_subsection "udp_l3mdev_accept disabled" 2864 set_sysctl net.ipv4.udp_l3mdev_accept=0 2865 ipv6_udp_novrf 2866 log_subsection "udp_l3mdev_accept enabled" 2867 set_sysctl net.ipv4.udp_l3mdev_accept=1 2868 ipv6_udp_novrf 2869 2870 log_subsection "With VRF" 2871 setup "yes" 2872 ipv6_udp_vrf 2873} 2874 2875################################################################################ 2876# IPv6 address bind 2877 2878ipv6_addr_bind_novrf() 2879{ 2880 # 2881 # raw socket 2882 # 2883 for a in ${NSA_IP6} ${NSA_LO_IP6} 2884 do 2885 log_start 2886 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b 2887 log_test_addr ${a} $? 0 "Raw socket bind to local address" 2888 2889 log_start 2890 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b 2891 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 2892 done 2893 2894 # 2895 # tcp sockets 2896 # 2897 a=${NSA_IP6} 2898 log_start 2899 run_cmd nettest -6 -s -l ${a} -t1 -b 2900 log_test_addr ${a} $? 0 "TCP socket bind to local address" 2901 2902 log_start 2903 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 2904 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" 2905 2906 # Sadly, the kernel allows binding a socket to a device and then 2907 # binding to an address not on the device. So this test passes 2908 # when it really should not 2909 a=${NSA_LO_IP6} 2910 log_start 2911 show_hint "Tecnically should fail since address is not on device but kernel allows" 2912 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b 2913 log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address" 2914} 2915 2916ipv6_addr_bind_vrf() 2917{ 2918 # 2919 # raw socket 2920 # 2921 for a in ${NSA_IP6} ${VRF_IP6} 2922 do 2923 log_start 2924 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b 2925 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind" 2926 2927 log_start 2928 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b 2929 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind" 2930 done 2931 2932 a=${NSA_LO_IP6} 2933 log_start 2934 show_hint "Address on loopback is out of VRF scope" 2935 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b 2936 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind" 2937 2938 # 2939 # tcp sockets 2940 # 2941 # address on enslaved device is valid for the VRF or device in a VRF 2942 for a in ${NSA_IP6} ${VRF_IP6} 2943 do 2944 log_start 2945 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b 2946 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind" 2947 done 2948 2949 a=${NSA_IP6} 2950 log_start 2951 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 2952 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind" 2953 2954 # Sadly, the kernel allows binding a socket to a device and then 2955 # binding to an address not on the device. The only restriction 2956 # is that the address is valid in the L3 domain. So this test 2957 # passes when it really should not 2958 a=${VRF_IP6} 2959 log_start 2960 show_hint "Tecnically should fail since address is not on device but kernel allows" 2961 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b 2962 log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind" 2963 2964 a=${NSA_LO_IP6} 2965 log_start 2966 show_hint "Address on loopback out of scope for VRF" 2967 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b 2968 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF" 2969 2970 log_start 2971 show_hint "Address on loopback out of scope for device in VRF" 2972 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b 2973 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind" 2974 2975} 2976 2977ipv6_addr_bind() 2978{ 2979 log_section "IPv6 address binds" 2980 2981 log_subsection "No VRF" 2982 setup 2983 ipv6_addr_bind_novrf 2984 2985 log_subsection "With VRF" 2986 setup "yes" 2987 ipv6_addr_bind_vrf 2988} 2989 2990################################################################################ 2991# IPv6 runtime tests 2992 2993ipv6_rt() 2994{ 2995 local desc="$1" 2996 local varg="-6 $2" 2997 local with_vrf="yes" 2998 local a 2999 3000 # 3001 # server tests 3002 # 3003 for a in ${NSA_IP6} ${VRF_IP6} 3004 do 3005 log_start 3006 run_cmd nettest ${varg} -s & 3007 sleep 1 3008 run_cmd_nsb nettest ${varg} -r ${a} & 3009 sleep 3 3010 run_cmd ip link del ${VRF} 3011 sleep 1 3012 log_test_addr ${a} 0 0 "${desc}, global server" 3013 3014 setup ${with_vrf} 3015 done 3016 3017 for a in ${NSA_IP6} ${VRF_IP6} 3018 do 3019 log_start 3020 run_cmd nettest ${varg} -d ${VRF} -s & 3021 sleep 1 3022 run_cmd_nsb nettest ${varg} -r ${a} & 3023 sleep 3 3024 run_cmd ip link del ${VRF} 3025 sleep 1 3026 log_test_addr ${a} 0 0 "${desc}, VRF server" 3027 3028 setup ${with_vrf} 3029 done 3030 3031 for a in ${NSA_IP6} ${VRF_IP6} 3032 do 3033 log_start 3034 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 3035 sleep 1 3036 run_cmd_nsb nettest ${varg} -r ${a} & 3037 sleep 3 3038 run_cmd ip link del ${VRF} 3039 sleep 1 3040 log_test_addr ${a} 0 0 "${desc}, enslaved device server" 3041 3042 setup ${with_vrf} 3043 done 3044 3045 # 3046 # client test 3047 # 3048 log_start 3049 run_cmd_nsb nettest ${varg} -s & 3050 sleep 1 3051 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} & 3052 sleep 3 3053 run_cmd ip link del ${VRF} 3054 sleep 1 3055 log_test 0 0 "${desc}, VRF client" 3056 3057 setup ${with_vrf} 3058 3059 log_start 3060 run_cmd_nsb nettest ${varg} -s & 3061 sleep 1 3062 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} & 3063 sleep 3 3064 run_cmd ip link del ${VRF} 3065 sleep 1 3066 log_test 0 0 "${desc}, enslaved device client" 3067 3068 setup ${with_vrf} 3069 3070 3071 # 3072 # local address tests 3073 # 3074 for a in ${NSA_IP6} ${VRF_IP6} 3075 do 3076 log_start 3077 run_cmd nettest ${varg} -s & 3078 sleep 1 3079 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3080 sleep 3 3081 run_cmd ip link del ${VRF} 3082 sleep 1 3083 log_test_addr ${a} 0 0 "${desc}, global server, VRF client" 3084 3085 setup ${with_vrf} 3086 done 3087 3088 for a in ${NSA_IP6} ${VRF_IP6} 3089 do 3090 log_start 3091 run_cmd nettest ${varg} -d ${VRF} -s & 3092 sleep 1 3093 run_cmd nettest ${varg} -d ${VRF} -r ${a} & 3094 sleep 3 3095 run_cmd ip link del ${VRF} 3096 sleep 1 3097 log_test_addr ${a} 0 0 "${desc}, VRF server and client" 3098 3099 setup ${with_vrf} 3100 done 3101 3102 a=${NSA_IP6} 3103 log_start 3104 run_cmd nettest ${varg} -s & 3105 sleep 1 3106 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3107 sleep 3 3108 run_cmd ip link del ${VRF} 3109 sleep 1 3110 log_test_addr ${a} 0 0 "${desc}, global server, device client" 3111 3112 setup ${with_vrf} 3113 3114 log_start 3115 run_cmd nettest ${varg} -d ${VRF} -s & 3116 sleep 1 3117 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3118 sleep 3 3119 run_cmd ip link del ${VRF} 3120 sleep 1 3121 log_test_addr ${a} 0 0 "${desc}, VRF server, device client" 3122 3123 setup ${with_vrf} 3124 3125 log_start 3126 run_cmd nettest ${varg} -d ${NSA_DEV} -s & 3127 sleep 1 3128 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} & 3129 sleep 3 3130 run_cmd ip link del ${VRF} 3131 sleep 1 3132 log_test_addr ${a} 0 0 "${desc}, device server, device client" 3133} 3134 3135ipv6_ping_rt() 3136{ 3137 local with_vrf="yes" 3138 local a 3139 3140 a=${NSA_IP6} 3141 log_start 3142 run_cmd_nsb ${ping6} -f ${a} & 3143 sleep 3 3144 run_cmd ip link del ${VRF} 3145 sleep 1 3146 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in" 3147 3148 setup ${with_vrf} 3149 3150 log_start 3151 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} & 3152 sleep 1 3153 run_cmd ip link del ${VRF} 3154 sleep 1 3155 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out" 3156} 3157 3158ipv6_runtime() 3159{ 3160 log_section "Run time tests - ipv6" 3161 3162 setup "yes" 3163 ipv6_ping_rt 3164 3165 setup "yes" 3166 ipv6_rt "TCP active socket" "-n -1" 3167 3168 setup "yes" 3169 ipv6_rt "TCP passive socket" "-i" 3170 3171 setup "yes" 3172 ipv6_rt "UDP active socket" "-D -n -1" 3173} 3174 3175################################################################################ 3176# netfilter blocking connections 3177 3178netfilter_tcp_reset() 3179{ 3180 local a 3181 3182 for a in ${NSA_IP} ${VRF_IP} 3183 do 3184 log_start 3185 run_cmd nettest -s & 3186 sleep 1 3187 run_cmd_nsb nettest -r ${a} 3188 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3189 done 3190} 3191 3192netfilter_icmp() 3193{ 3194 local stype="$1" 3195 local arg 3196 local a 3197 3198 [ "${stype}" = "UDP" ] && arg="-D" 3199 3200 for a in ${NSA_IP} ${VRF_IP} 3201 do 3202 log_start 3203 run_cmd nettest ${arg} -s & 3204 sleep 1 3205 run_cmd_nsb nettest ${arg} -r ${a} 3206 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3207 done 3208} 3209 3210ipv4_netfilter() 3211{ 3212 log_section "IPv4 Netfilter" 3213 log_subsection "TCP reset" 3214 3215 setup "yes" 3216 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3217 3218 netfilter_tcp_reset 3219 3220 log_start 3221 log_subsection "ICMP unreachable" 3222 3223 log_start 3224 run_cmd iptables -F 3225 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3226 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable 3227 3228 netfilter_icmp "TCP" 3229 netfilter_icmp "UDP" 3230 3231 log_start 3232 iptables -F 3233} 3234 3235netfilter_tcp6_reset() 3236{ 3237 local a 3238 3239 for a in ${NSA_IP6} ${VRF_IP6} 3240 do 3241 log_start 3242 run_cmd nettest -6 -s & 3243 sleep 1 3244 run_cmd_nsb nettest -6 -r ${a} 3245 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" 3246 done 3247} 3248 3249netfilter_icmp6() 3250{ 3251 local stype="$1" 3252 local arg 3253 local a 3254 3255 [ "${stype}" = "UDP" ] && arg="$arg -D" 3256 3257 for a in ${NSA_IP6} ${VRF_IP6} 3258 do 3259 log_start 3260 run_cmd nettest -6 -s ${arg} & 3261 sleep 1 3262 run_cmd_nsb nettest -6 ${arg} -r ${a} 3263 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" 3264 done 3265} 3266 3267ipv6_netfilter() 3268{ 3269 log_section "IPv6 Netfilter" 3270 log_subsection "TCP reset" 3271 3272 setup "yes" 3273 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset 3274 3275 netfilter_tcp6_reset 3276 3277 log_subsection "ICMP unreachable" 3278 3279 log_start 3280 run_cmd ip6tables -F 3281 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3282 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable 3283 3284 netfilter_icmp6 "TCP" 3285 netfilter_icmp6 "UDP" 3286 3287 log_start 3288 ip6tables -F 3289} 3290 3291################################################################################ 3292# specific use cases 3293 3294# VRF only. 3295# ns-A device enslaved to bridge. Verify traffic with and without 3296# br_netfilter module loaded. Repeat with SVI on bridge. 3297use_case_br() 3298{ 3299 setup "yes" 3300 3301 setup_cmd ip link set ${NSA_DEV} down 3302 setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24 3303 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64 3304 3305 setup_cmd ip link add br0 type bridge 3306 setup_cmd ip addr add dev br0 ${NSA_IP}/24 3307 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad 3308 3309 setup_cmd ip li set ${NSA_DEV} master br0 3310 setup_cmd ip li set ${NSA_DEV} up 3311 setup_cmd ip li set br0 up 3312 setup_cmd ip li set br0 vrf ${VRF} 3313 3314 rmmod br_netfilter 2>/dev/null 3315 sleep 5 # DAD 3316 3317 run_cmd ip neigh flush all 3318 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3319 log_test $? 0 "Bridge into VRF - IPv4 ping out" 3320 3321 run_cmd ip neigh flush all 3322 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3323 log_test $? 0 "Bridge into VRF - IPv6 ping out" 3324 3325 run_cmd ip neigh flush all 3326 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3327 log_test $? 0 "Bridge into VRF - IPv4 ping in" 3328 3329 run_cmd ip neigh flush all 3330 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3331 log_test $? 0 "Bridge into VRF - IPv6 ping in" 3332 3333 modprobe br_netfilter 3334 if [ $? -eq 0 ]; then 3335 run_cmd ip neigh flush all 3336 run_cmd ping -c1 -w1 -I br0 ${NSB_IP} 3337 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out" 3338 3339 run_cmd ip neigh flush all 3340 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6} 3341 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out" 3342 3343 run_cmd ip neigh flush all 3344 run_cmd_nsb ping -c1 -w1 ${NSA_IP} 3345 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in" 3346 3347 run_cmd ip neigh flush all 3348 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6} 3349 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in" 3350 fi 3351 3352 setup_cmd ip li set br0 nomaster 3353 setup_cmd ip li add br0.100 link br0 type vlan id 100 3354 setup_cmd ip li set br0.100 vrf ${VRF} up 3355 setup_cmd ip addr add dev br0.100 172.16.101.1/24 3356 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad 3357 3358 setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100 3359 setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24 3360 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad 3361 setup_cmd_nsb ip li set vlan100 up 3362 sleep 1 3363 3364 rmmod br_netfilter 2>/dev/null 3365 3366 run_cmd ip neigh flush all 3367 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3368 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out" 3369 3370 run_cmd ip neigh flush all 3371 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3372 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out" 3373 3374 run_cmd ip neigh flush all 3375 run_cmd_nsb ping -c1 -w1 172.16.101.1 3376 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3377 3378 run_cmd ip neigh flush all 3379 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3380 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3381 3382 modprobe br_netfilter 3383 if [ $? -eq 0 ]; then 3384 run_cmd ip neigh flush all 3385 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2 3386 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out" 3387 3388 run_cmd ip neigh flush all 3389 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2 3390 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out" 3391 3392 run_cmd ip neigh flush all 3393 run_cmd_nsb ping -c1 -w1 172.16.101.1 3394 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in" 3395 3396 run_cmd ip neigh flush all 3397 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1 3398 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in" 3399 fi 3400 3401 setup_cmd ip li del br0 2>/dev/null 3402 setup_cmd_nsb ip li del vlan100 2>/dev/null 3403} 3404 3405# VRF only. 3406# ns-A device is connected to both ns-B and ns-C on a single VRF but only has 3407# LLA on the interfaces 3408use_case_ping_lla_multi() 3409{ 3410 setup_lla_only 3411 # only want reply from ns-A 3412 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1 3413 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1 3414 3415 log_start 3416 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV} 3417 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B" 3418 3419 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV} 3420 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C" 3421 3422 # cycle/flap the first ns-A interface 3423 setup_cmd ip link set ${NSA_DEV} down 3424 setup_cmd ip link set ${NSA_DEV} up 3425 sleep 1 3426 3427 log_start 3428 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV} 3429 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B" 3430 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV} 3431 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C" 3432 3433 # cycle/flap the second ns-A interface 3434 setup_cmd ip link set ${NSA_DEV2} down 3435 setup_cmd ip link set ${NSA_DEV2} up 3436 sleep 1 3437 3438 log_start 3439 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV} 3440 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B" 3441 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV} 3442 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C" 3443} 3444 3445use_cases() 3446{ 3447 log_section "Use cases" 3448 log_subsection "Device enslaved to bridge" 3449 use_case_br 3450 log_subsection "Ping LLA with multiple interfaces" 3451 use_case_ping_lla_multi 3452} 3453 3454################################################################################ 3455# usage 3456 3457usage() 3458{ 3459 cat <<EOF 3460usage: ${0##*/} OPTS 3461 3462 -4 IPv4 tests only 3463 -6 IPv6 tests only 3464 -t <test> Test name/set to run 3465 -p Pause on fail 3466 -P Pause after each test 3467 -v Be verbose 3468EOF 3469} 3470 3471################################################################################ 3472# main 3473 3474TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_bind ipv4_runtime ipv4_netfilter" 3475TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_bind ipv6_runtime ipv6_netfilter" 3476TESTS_OTHER="use_cases" 3477 3478PAUSE_ON_FAIL=no 3479PAUSE=no 3480 3481while getopts :46t:pPvh o 3482do 3483 case $o in 3484 4) TESTS=ipv4;; 3485 6) TESTS=ipv6;; 3486 t) TESTS=$OPTARG;; 3487 p) PAUSE_ON_FAIL=yes;; 3488 P) PAUSE=yes;; 3489 v) VERBOSE=1;; 3490 h) usage; exit 0;; 3491 *) usage; exit 1;; 3492 esac 3493done 3494 3495# make sure we don't pause twice 3496[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no 3497 3498# 3499# show user test config 3500# 3501if [ -z "$TESTS" ]; then 3502 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER" 3503elif [ "$TESTS" = "ipv4" ]; then 3504 TESTS="$TESTS_IPV4" 3505elif [ "$TESTS" = "ipv6" ]; then 3506 TESTS="$TESTS_IPV6" 3507fi 3508 3509which nettest >/dev/null 3510if [ $? -ne 0 ]; then 3511 echo "'nettest' command not found; skipping tests" 3512 exit 0 3513fi 3514 3515declare -i nfail=0 3516declare -i nsuccess=0 3517 3518for t in $TESTS 3519do 3520 case $t in 3521 ipv4_ping|ping) ipv4_ping;; 3522 ipv4_tcp|tcp) ipv4_tcp;; 3523 ipv4_udp|udp) ipv4_udp;; 3524 ipv4_bind|bind) ipv4_addr_bind;; 3525 ipv4_runtime) ipv4_runtime;; 3526 ipv4_netfilter) ipv4_netfilter;; 3527 3528 ipv6_ping|ping6) ipv6_ping;; 3529 ipv6_tcp|tcp6) ipv6_tcp;; 3530 ipv6_udp|udp6) ipv6_udp;; 3531 ipv6_bind|bind6) ipv6_addr_bind;; 3532 ipv6_runtime) ipv6_runtime;; 3533 ipv6_netfilter) ipv6_netfilter;; 3534 3535 use_cases) use_cases;; 3536 3537 # setup namespaces and config, but do not run any tests 3538 setup) setup; exit 0;; 3539 vrf_setup) setup "yes"; exit 0;; 3540 3541 help) echo "Test names: $TESTS"; exit 0;; 3542 esac 3543done 3544 3545cleanup 2>/dev/null 3546 3547printf "\nTests passed: %3d\n" ${nsuccess} 3548printf "Tests failed: %3d\n" ${nfail} 3549