• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2#
3# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
4#
5# set -e
6
7devdummy="test-dummy0"
8ret=0
9
10# Kselftest framework requirement - SKIP code is 4.
11ksft_skip=4
12
13# set global exit status, but never reset nonzero one.
14check_err()
15{
16	if [ $ret -eq 0 ]; then
17		ret=$1
18	fi
19}
20
21# same but inverted -- used when command must fail for test to pass
22check_fail()
23{
24	if [ $1 -eq 0 ]; then
25		ret=1
26	fi
27}
28
29kci_add_dummy()
30{
31	ip link add name "$devdummy" type dummy
32	check_err $?
33	ip link set "$devdummy" up
34	check_err $?
35}
36
37kci_del_dummy()
38{
39	ip link del dev "$devdummy"
40	check_err $?
41}
42
43kci_test_netconf()
44{
45	dev="$1"
46	r=$ret
47
48	ip netconf show dev "$dev" > /dev/null
49	check_err $?
50
51	for f in 4 6; do
52		ip -$f netconf show dev "$dev" > /dev/null
53		check_err $?
54	done
55
56	if [ $ret -ne 0 ] ;then
57		echo "FAIL: ip netconf show $dev"
58		test $r -eq 0 && ret=0
59		return 1
60	fi
61}
62
63# add a bridge with vlans on top
64kci_test_bridge()
65{
66	devbr="test-br0"
67	vlandev="testbr-vlan1"
68
69	ret=0
70	ip link add name "$devbr" type bridge
71	check_err $?
72
73	ip link set dev "$devdummy" master "$devbr"
74	check_err $?
75
76	ip link set "$devbr" up
77	check_err $?
78
79	ip link add link "$devbr" name "$vlandev" type vlan id 1
80	check_err $?
81	ip addr add dev "$vlandev" 10.200.7.23/30
82	check_err $?
83	ip -6 addr add dev "$vlandev" dead:42::1234/64
84	check_err $?
85	ip -d link > /dev/null
86	check_err $?
87	ip r s t all > /dev/null
88	check_err $?
89
90	for name in "$devbr" "$vlandev" "$devdummy" ; do
91		kci_test_netconf "$name"
92	done
93
94	ip -6 addr del dev "$vlandev" dead:42::1234/64
95	check_err $?
96
97	ip link del dev "$vlandev"
98	check_err $?
99	ip link del dev "$devbr"
100	check_err $?
101
102	if [ $ret -ne 0 ];then
103		echo "FAIL: bridge setup"
104		return 1
105	fi
106	echo "PASS: bridge setup"
107
108}
109
110kci_test_gre()
111{
112	gredev=neta
113	rem=10.42.42.1
114	loc=10.0.0.1
115
116	ret=0
117	ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
118	check_err $?
119	ip link set $gredev up
120	check_err $?
121	ip addr add 10.23.7.10 dev $gredev
122	check_err $?
123	ip route add 10.23.8.0/30 dev $gredev
124	check_err $?
125	ip addr add dev "$devdummy" 10.23.7.11/24
126	check_err $?
127	ip link > /dev/null
128	check_err $?
129	ip addr > /dev/null
130	check_err $?
131
132	kci_test_netconf "$gredev"
133
134	ip addr del dev "$devdummy" 10.23.7.11/24
135	check_err $?
136
137	ip link del $gredev
138	check_err $?
139
140	if [ $ret -ne 0 ];then
141		echo "FAIL: gre tunnel endpoint"
142		return 1
143	fi
144	echo "PASS: gre tunnel endpoint"
145}
146
147# tc uses rtnetlink too, for full tc testing
148# please see tools/testing/selftests/tc-testing.
149kci_test_tc()
150{
151	dev=lo
152	ret=0
153
154	tc qdisc add dev "$dev" root handle 1: htb
155	check_err $?
156	tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
157	check_err $?
158	tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
159	check_err $?
160	tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
161	check_err $?
162	tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
163	check_err $?
164	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
165	check_err $?
166	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
167	check_err $?
168	tc filter show dev "$dev" parent  1:0 > /dev/null
169	check_err $?
170	tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
171	check_err $?
172	tc filter show dev "$dev" parent  1:0 > /dev/null
173	check_err $?
174	tc qdisc del dev "$dev" root handle 1: htb
175	check_err $?
176
177	if [ $ret -ne 0 ];then
178		echo "FAIL: tc htb hierarchy"
179		return 1
180	fi
181	echo "PASS: tc htb hierarchy"
182
183}
184
185kci_test_polrouting()
186{
187	ret=0
188	ip rule add fwmark 1 lookup 100
189	check_err $?
190	ip route add local 0.0.0.0/0 dev lo table 100
191	check_err $?
192	ip r s t all > /dev/null
193	check_err $?
194	ip rule del fwmark 1 lookup 100
195	check_err $?
196	ip route del local 0.0.0.0/0 dev lo table 100
197	check_err $?
198
199	if [ $ret -ne 0 ];then
200		echo "FAIL: policy route test"
201		return 1
202	fi
203	echo "PASS: policy routing"
204}
205
206kci_test_route_get()
207{
208	local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy)
209
210	ret=0
211
212	ip route get 127.0.0.1 > /dev/null
213	check_err $?
214	ip route get 127.0.0.1 dev "$devdummy" > /dev/null
215	check_err $?
216	ip route get ::1 > /dev/null
217	check_err $?
218	ip route get fe80::1 dev "$devdummy" > /dev/null
219	check_err $?
220	ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null
221	check_err $?
222	ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null
223	check_err $?
224	ip addr add dev "$devdummy" 10.23.7.11/24
225	check_err $?
226	ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
227	check_err $?
228	ip route add 10.23.8.0/24 \
229		nexthop via 10.23.7.13 dev "$devdummy" \
230		nexthop via 10.23.7.14 dev "$devdummy"
231	check_err $?
232	sysctl -wq net.ipv4.fib_multipath_hash_policy=0
233	ip route get 10.23.8.11 > /dev/null
234	check_err $?
235	sysctl -wq net.ipv4.fib_multipath_hash_policy=1
236	ip route get 10.23.8.11 > /dev/null
237	check_err $?
238	sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy"
239	ip route del 10.23.8.0/24
240	check_err $?
241	ip addr del dev "$devdummy" 10.23.7.11/24
242	check_err $?
243
244	if [ $ret -ne 0 ];then
245		echo "FAIL: route get"
246		return 1
247	fi
248
249	echo "PASS: route get"
250}
251
252kci_test_addrlft()
253{
254	for i in $(seq 10 100) ;do
255		lft=$(((RANDOM%3) + 1))
256		ip addr add 10.23.11.$i/32 dev "$devdummy" preferred_lft $lft valid_lft $((lft+1))
257		check_err $?
258	done
259
260	sleep 5
261
262	ip addr show dev "$devdummy" | grep "10.23.11."
263	if [ $? -eq 0 ]; then
264		echo "FAIL: preferred_lft addresses remaining"
265		check_err 1
266		return
267	fi
268
269	echo "PASS: preferred_lft addresses have expired"
270}
271
272kci_test_promote_secondaries()
273{
274	promote=$(sysctl -n net.ipv4.conf.$devdummy.promote_secondaries)
275
276	sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=1
277
278	for i in $(seq 2 254);do
279		IP="10.23.11.$i"
280		ip -f inet addr add $IP/16 brd + dev "$devdummy"
281		ifconfig "$devdummy" $IP netmask 255.255.0.0
282	done
283
284	ip addr flush dev "$devdummy"
285
286	[ $promote -eq 0 ] && sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=0
287
288	echo "PASS: promote_secondaries complete"
289}
290
291kci_test_addrlabel()
292{
293	ret=0
294
295	ip addrlabel add prefix dead::/64 dev lo label 1
296	check_err $?
297
298	ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
299	check_err $?
300
301	ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
302	check_err $?
303
304	ip addrlabel add prefix dead::/64 label 1 2> /dev/null
305	check_err $?
306
307	ip addrlabel del prefix dead::/64 label 1 2> /dev/null
308	check_err $?
309
310	# concurrent add/delete
311	for i in $(seq 1 1000); do
312		ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
313	done &
314
315	for i in $(seq 1 1000); do
316		ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
317	done
318
319	wait
320
321	ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
322
323	if [ $ret -ne 0 ];then
324		echo "FAIL: ipv6 addrlabel"
325		return 1
326	fi
327
328	echo "PASS: ipv6 addrlabel"
329}
330
331kci_test_ifalias()
332{
333	ret=0
334	namewant=$(uuidgen)
335	syspathname="/sys/class/net/$devdummy/ifalias"
336
337	ip link set dev "$devdummy" alias "$namewant"
338	check_err $?
339
340	if [ $ret -ne 0 ]; then
341		echo "FAIL: cannot set interface alias of $devdummy to $namewant"
342		return 1
343	fi
344
345	ip link show "$devdummy" | grep -q "alias $namewant"
346	check_err $?
347
348	if [ -r "$syspathname" ] ; then
349		read namehave < "$syspathname"
350		if [ "$namewant" != "$namehave" ]; then
351			echo "FAIL: did set ifalias $namewant but got $namehave"
352			return 1
353		fi
354
355		namewant=$(uuidgen)
356		echo "$namewant" > "$syspathname"
357	        ip link show "$devdummy" | grep -q "alias $namewant"
358		check_err $?
359
360		# sysfs interface allows to delete alias again
361		echo "" > "$syspathname"
362
363	        ip link show "$devdummy" | grep -q "alias $namewant"
364		check_fail $?
365
366		for i in $(seq 1 100); do
367			uuidgen > "$syspathname" &
368		done
369
370		wait
371
372		# re-add the alias -- kernel should free mem when dummy dev is removed
373		ip link set dev "$devdummy" alias "$namewant"
374		check_err $?
375	fi
376
377	if [ $ret -ne 0 ]; then
378		echo "FAIL: set interface alias $devdummy to $namewant"
379		return 1
380	fi
381
382	echo "PASS: set ifalias $namewant for $devdummy"
383}
384
385kci_test_vrf()
386{
387	vrfname="test-vrf"
388	ret=0
389
390	ip link show type vrf 2>/dev/null
391	if [ $? -ne 0 ]; then
392		echo "SKIP: vrf: iproute2 too old"
393		return $ksft_skip
394	fi
395
396	ip link add "$vrfname" type vrf table 10
397	check_err $?
398	if [ $ret -ne 0 ];then
399		echo "FAIL: can't add vrf interface, skipping test"
400		return 0
401	fi
402
403	ip -br link show type vrf | grep -q "$vrfname"
404	check_err $?
405	if [ $ret -ne 0 ];then
406		echo "FAIL: created vrf device not found"
407		return 1
408	fi
409
410	ip link set dev "$vrfname" up
411	check_err $?
412
413	ip link set dev "$devdummy" master "$vrfname"
414	check_err $?
415	ip link del dev "$vrfname"
416	check_err $?
417
418	if [ $ret -ne 0 ];then
419		echo "FAIL: vrf"
420		return 1
421	fi
422
423	echo "PASS: vrf"
424}
425
426kci_test_encap_vxlan()
427{
428	ret=0
429	vxlan="test-vxlan0"
430	vlan="test-vlan0"
431	testns="$1"
432
433	ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
434		dev "$devdummy" dstport 4789 2>/dev/null
435	if [ $? -ne 0 ]; then
436		echo "FAIL: can't add vxlan interface, skipping test"
437		return 0
438	fi
439	check_err $?
440
441	ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan"
442	check_err $?
443
444	ip -netns "$testns" link set up dev "$vxlan"
445	check_err $?
446
447	ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1
448	check_err $?
449
450	# changelink testcases
451	ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null
452	check_fail $?
453
454	ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null
455	check_fail $?
456
457	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null
458	check_fail $?
459
460	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64
461	check_err $?
462
463	ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning
464	check_err $?
465
466	ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null
467	check_fail $?
468
469	ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null
470	check_fail $?
471
472	ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null
473	check_fail $?
474
475	ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null
476	check_fail $?
477
478	ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null
479	check_fail $?
480
481	ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null
482	check_fail $?
483
484	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null
485	check_fail $?
486
487	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null
488	check_fail $?
489
490	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null
491	check_fail $?
492
493	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null
494	check_fail $?
495
496	ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null
497	check_fail $?
498
499	ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null
500	check_fail $?
501
502	ip -netns "$testns" link del "$vxlan"
503	check_err $?
504
505	if [ $ret -ne 0 ]; then
506		echo "FAIL: vxlan"
507		return 1
508	fi
509	echo "PASS: vxlan"
510}
511
512kci_test_encap_fou()
513{
514	ret=0
515	name="test-fou"
516	testns="$1"
517
518	ip fou help 2>&1 |grep -q 'Usage: ip fou'
519	if [ $? -ne 0 ];then
520		echo "SKIP: fou: iproute2 too old"
521		return $ksft_skip
522	fi
523
524	if ! /sbin/modprobe -q -n fou; then
525		echo "SKIP: module fou is not found"
526		return $ksft_skip
527	fi
528	/sbin/modprobe -q fou
529	ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null
530	if [ $? -ne 0 ];then
531		echo "FAIL: can't add fou port 7777, skipping test"
532		return 1
533	fi
534
535	ip -netns "$testns" fou add port 8888 ipproto 4
536	check_err $?
537
538	ip -netns "$testns" fou del port 9999 2>/dev/null
539	check_fail $?
540
541	ip -netns "$testns" fou del port 7777
542	check_err $?
543
544	if [ $ret -ne 0 ]; then
545		echo "FAIL: fou"
546		return 1
547	fi
548
549	echo "PASS: fou"
550}
551
552# test various encap methods, use netns to avoid unwanted interference
553kci_test_encap()
554{
555	testns="testns"
556	ret=0
557
558	ip netns add "$testns"
559	if [ $? -ne 0 ]; then
560		echo "SKIP encap tests: cannot add net namespace $testns"
561		return $ksft_skip
562	fi
563
564	ip -netns "$testns" link set lo up
565	check_err $?
566
567	ip -netns "$testns" link add name "$devdummy" type dummy
568	check_err $?
569	ip -netns "$testns" link set "$devdummy" up
570	check_err $?
571
572	kci_test_encap_vxlan "$testns"
573	kci_test_encap_fou "$testns"
574
575	ip netns del "$testns"
576}
577
578kci_test_macsec()
579{
580	msname="test_macsec0"
581	ret=0
582
583	ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
584	if [ $? -ne 0 ]; then
585		echo "SKIP: macsec: iproute2 too old"
586		return $ksft_skip
587	fi
588
589	ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
590	check_err $?
591	if [ $ret -ne 0 ];then
592		echo "FAIL: can't add macsec interface, skipping test"
593		return 1
594	fi
595
596	ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
597	check_err $?
598
599	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
600	check_err $?
601
602	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
603	check_err $?
604
605	ip macsec show > /dev/null
606	check_err $?
607
608	ip link del dev "$msname"
609	check_err $?
610
611	if [ $ret -ne 0 ];then
612		echo "FAIL: macsec"
613		return 1
614	fi
615
616	echo "PASS: macsec"
617}
618
619#-------------------------------------------------------------------
620# Example commands
621#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
622#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
623#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
624#            sel src 14.0.0.52/24 dst 14.0.0.70/24
625#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
626#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
627#            spi 0x07 mode transport reqid 0x07
628#
629# Subcommands not tested
630#    ip x s update
631#    ip x s allocspi
632#    ip x s deleteall
633#    ip x p update
634#    ip x p deleteall
635#    ip x p set
636#-------------------------------------------------------------------
637kci_test_ipsec()
638{
639	ret=0
640	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
641	srcip=192.168.123.1
642	dstip=192.168.123.2
643	spi=7
644
645	ip addr add $srcip dev $devdummy
646
647	# flush to be sure there's nothing configured
648	ip x s flush ; ip x p flush
649	check_err $?
650
651	# start the monitor in the background
652	tmpfile=`mktemp /var/run/ipsectestXXX`
653	mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
654	sleep 0.2
655
656	ipsecid="proto esp src $srcip dst $dstip spi 0x07"
657	ip x s add $ipsecid \
658            mode transport reqid 0x07 replay-window 32 \
659            $algo sel src $srcip/24 dst $dstip/24
660	check_err $?
661
662	lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
663	test $lines -eq 2
664	check_err $?
665
666	ip x s count | grep -q "SAD count 1"
667	check_err $?
668
669	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
670	test $lines -eq 2
671	check_err $?
672
673	ip x s delete $ipsecid
674	check_err $?
675
676	lines=`ip x s list | wc -l`
677	test $lines -eq 0
678	check_err $?
679
680	ipsecsel="dir out src $srcip/24 dst $dstip/24"
681	ip x p add $ipsecsel \
682		    tmpl proto esp src $srcip dst $dstip \
683		    spi 0x07 mode transport reqid 0x07
684	check_err $?
685
686	lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
687	test $lines -eq 2
688	check_err $?
689
690	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
691	check_err $?
692
693	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
694	test $lines -eq 2
695	check_err $?
696
697	ip x p delete $ipsecsel
698	check_err $?
699
700	lines=`ip x p list | wc -l`
701	test $lines -eq 0
702	check_err $?
703
704	# check the monitor results
705	kill $mpid
706	lines=`wc -l $tmpfile | cut "-d " -f1`
707	test $lines -eq 20
708	check_err $?
709	rm -rf $tmpfile
710
711	# clean up any leftovers
712	ip x s flush
713	check_err $?
714	ip x p flush
715	check_err $?
716	ip addr del $srcip/32 dev $devdummy
717
718	if [ $ret -ne 0 ]; then
719		echo "FAIL: ipsec"
720		return 1
721	fi
722	echo "PASS: ipsec"
723}
724
725#-------------------------------------------------------------------
726# Example commands
727#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
728#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
729#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
730#            sel src 14.0.0.52/24 dst 14.0.0.70/24
731#            offload dev sim1 dir out
732#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
733#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
734#            spi 0x07 mode transport reqid 0x07
735#
736#-------------------------------------------------------------------
737kci_test_ipsec_offload()
738{
739	ret=0
740	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
741	srcip=192.168.123.3
742	dstip=192.168.123.4
743	sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/
744	sysfsf=$sysfsd/ipsec
745	sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/
746	probed=false
747
748	# setup netdevsim since dummydev doesn't have offload support
749	if [ ! -w /sys/bus/netdevsim/new_device ] ; then
750		modprobe -q netdevsim
751		check_err $?
752		if [ $ret -ne 0 ]; then
753			echo "SKIP: ipsec_offload can't load netdevsim"
754			return $ksft_skip
755		fi
756		probed=true
757	fi
758
759	echo "0" > /sys/bus/netdevsim/new_device
760	while [ ! -d $sysfsnet ] ; do :; done
761	udevadm settle
762	dev=`ls $sysfsnet`
763
764	ip addr add $srcip dev $dev
765	ip link set $dev up
766	if [ ! -d $sysfsd ] ; then
767		echo "FAIL: ipsec_offload can't create device $dev"
768		return 1
769	fi
770	if [ ! -f $sysfsf ] ; then
771		echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
772		return 1
773	fi
774
775	# flush to be sure there's nothing configured
776	ip x s flush ; ip x p flush
777
778	# create offloaded SAs, both in and out
779	ip x p add dir out src $srcip/24 dst $dstip/24 \
780	    tmpl proto esp src $srcip dst $dstip spi 9 \
781	    mode transport reqid 42
782	check_err $?
783	ip x p add dir in src $dstip/24 dst $srcip/24 \
784	    tmpl proto esp src $dstip dst $srcip spi 9 \
785	    mode transport reqid 42
786	check_err $?
787
788	ip x s add proto esp src $srcip dst $dstip spi 9 \
789	    mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
790	    offload dev $dev dir out
791	check_err $?
792	ip x s add proto esp src $dstip dst $srcip spi 9 \
793	    mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
794	    offload dev $dev dir in
795	check_err $?
796	if [ $ret -ne 0 ]; then
797		echo "FAIL: ipsec_offload can't create SA"
798		return 1
799	fi
800
801	# does offload show up in ip output
802	lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
803	if [ $lines -ne 2 ] ; then
804		echo "FAIL: ipsec_offload SA offload missing from list output"
805		check_err 1
806	fi
807
808	# use ping to exercise the Tx path
809	ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
810
811	# does driver have correct offload info
812	diff $sysfsf - << EOF
813SA count=2 tx=3
814sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
815sa[0]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
816sa[0]    key=0x34333231 38373635 32313039 36353433
817sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
818sa[1]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
819sa[1]    key=0x34333231 38373635 32313039 36353433
820EOF
821	if [ $? -ne 0 ] ; then
822		echo "FAIL: ipsec_offload incorrect driver data"
823		check_err 1
824	fi
825
826	# does offload get removed from driver
827	ip x s flush
828	ip x p flush
829	lines=`grep -c "SA count=0" $sysfsf`
830	if [ $lines -ne 1 ] ; then
831		echo "FAIL: ipsec_offload SA not removed from driver"
832		check_err 1
833	fi
834
835	# clean up any leftovers
836	echo 0 > /sys/bus/netdevsim/del_device
837	$probed && rmmod netdevsim
838
839	if [ $ret -ne 0 ]; then
840		echo "FAIL: ipsec_offload"
841		return 1
842	fi
843	echo "PASS: ipsec_offload"
844}
845
846kci_test_gretap()
847{
848	testns="testns"
849	DEV_NS=gretap00
850	ret=0
851
852	ip netns add "$testns"
853	if [ $? -ne 0 ]; then
854		echo "SKIP gretap tests: cannot add net namespace $testns"
855		return $ksft_skip
856	fi
857
858	ip link help gretap 2>&1 | grep -q "^Usage:"
859	if [ $? -ne 0 ];then
860		echo "SKIP: gretap: iproute2 too old"
861		ip netns del "$testns"
862		return $ksft_skip
863	fi
864
865	# test native tunnel
866	ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \
867		key 102 local 172.16.1.100 remote 172.16.1.200
868	check_err $?
869
870	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
871	check_err $?
872
873	ip -netns "$testns" link set dev $DEV_NS up
874	check_err $?
875
876	ip -netns "$testns" link del "$DEV_NS"
877	check_err $?
878
879	# test external mode
880	ip -netns "$testns" link add dev "$DEV_NS" type gretap external
881	check_err $?
882
883	ip -netns "$testns" link del "$DEV_NS"
884	check_err $?
885
886	if [ $ret -ne 0 ]; then
887		echo "FAIL: gretap"
888		ip netns del "$testns"
889		return 1
890	fi
891	echo "PASS: gretap"
892
893	ip netns del "$testns"
894}
895
896kci_test_ip6gretap()
897{
898	testns="testns"
899	DEV_NS=ip6gretap00
900	ret=0
901
902	ip netns add "$testns"
903	if [ $? -ne 0 ]; then
904		echo "SKIP ip6gretap tests: cannot add net namespace $testns"
905		return $ksft_skip
906	fi
907
908	ip link help ip6gretap 2>&1 | grep -q "^Usage:"
909	if [ $? -ne 0 ];then
910		echo "SKIP: ip6gretap: iproute2 too old"
911		ip netns del "$testns"
912		return $ksft_skip
913	fi
914
915	# test native tunnel
916	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \
917		key 102 local fc00:100::1 remote fc00:100::2
918	check_err $?
919
920	ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96
921	check_err $?
922
923	ip -netns "$testns" link set dev $DEV_NS up
924	check_err $?
925
926	ip -netns "$testns" link del "$DEV_NS"
927	check_err $?
928
929	# test external mode
930	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external
931	check_err $?
932
933	ip -netns "$testns" link del "$DEV_NS"
934	check_err $?
935
936	if [ $ret -ne 0 ]; then
937		echo "FAIL: ip6gretap"
938		ip netns del "$testns"
939		return 1
940	fi
941	echo "PASS: ip6gretap"
942
943	ip netns del "$testns"
944}
945
946kci_test_erspan()
947{
948	testns="testns"
949	DEV_NS=erspan00
950	ret=0
951
952	ip link help erspan 2>&1 | grep -q "^Usage:"
953	if [ $? -ne 0 ];then
954		echo "SKIP: erspan: iproute2 too old"
955		return $ksft_skip
956	fi
957
958	ip netns add "$testns"
959	if [ $? -ne 0 ]; then
960		echo "SKIP erspan tests: cannot add net namespace $testns"
961		return $ksft_skip
962	fi
963
964	# test native tunnel erspan v1
965	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
966		key 102 local 172.16.1.100 remote 172.16.1.200 \
967		erspan_ver 1 erspan 488
968	check_err $?
969
970	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
971	check_err $?
972
973	ip -netns "$testns" link set dev $DEV_NS up
974	check_err $?
975
976	ip -netns "$testns" link del "$DEV_NS"
977	check_err $?
978
979	# test native tunnel erspan v2
980	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
981		key 102 local 172.16.1.100 remote 172.16.1.200 \
982		erspan_ver 2 erspan_dir ingress erspan_hwid 7
983	check_err $?
984
985	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
986	check_err $?
987
988	ip -netns "$testns" link set dev $DEV_NS up
989	check_err $?
990
991	ip -netns "$testns" link del "$DEV_NS"
992	check_err $?
993
994	# test external mode
995	ip -netns "$testns" link add dev "$DEV_NS" type erspan external
996	check_err $?
997
998	ip -netns "$testns" link del "$DEV_NS"
999	check_err $?
1000
1001	if [ $ret -ne 0 ]; then
1002		echo "FAIL: erspan"
1003		ip netns del "$testns"
1004		return 1
1005	fi
1006	echo "PASS: erspan"
1007
1008	ip netns del "$testns"
1009}
1010
1011kci_test_ip6erspan()
1012{
1013	testns="testns"
1014	DEV_NS=ip6erspan00
1015	ret=0
1016
1017	ip link help ip6erspan 2>&1 | grep -q "^Usage:"
1018	if [ $? -ne 0 ];then
1019		echo "SKIP: ip6erspan: iproute2 too old"
1020		return $ksft_skip
1021	fi
1022
1023	ip netns add "$testns"
1024	if [ $? -ne 0 ]; then
1025		echo "SKIP ip6erspan tests: cannot add net namespace $testns"
1026		return $ksft_skip
1027	fi
1028
1029	# test native tunnel ip6erspan v1
1030	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1031		key 102 local fc00:100::1 remote fc00:100::2 \
1032		erspan_ver 1 erspan 488
1033	check_err $?
1034
1035	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1036	check_err $?
1037
1038	ip -netns "$testns" link set dev $DEV_NS up
1039	check_err $?
1040
1041	ip -netns "$testns" link del "$DEV_NS"
1042	check_err $?
1043
1044	# test native tunnel ip6erspan v2
1045	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1046		key 102 local fc00:100::1 remote fc00:100::2 \
1047		erspan_ver 2 erspan_dir ingress erspan_hwid 7
1048	check_err $?
1049
1050	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1051	check_err $?
1052
1053	ip -netns "$testns" link set dev $DEV_NS up
1054	check_err $?
1055
1056	ip -netns "$testns" link del "$DEV_NS"
1057	check_err $?
1058
1059	# test external mode
1060	ip -netns "$testns" link add dev "$DEV_NS" \
1061		type ip6erspan external
1062	check_err $?
1063
1064	ip -netns "$testns" link del "$DEV_NS"
1065	check_err $?
1066
1067	if [ $ret -ne 0 ]; then
1068		echo "FAIL: ip6erspan"
1069		ip netns del "$testns"
1070		return 1
1071	fi
1072	echo "PASS: ip6erspan"
1073
1074	ip netns del "$testns"
1075}
1076
1077kci_test_fdb_get()
1078{
1079	IP="ip -netns testns"
1080	BRIDGE="bridge -netns testns"
1081	brdev="test-br0"
1082	vxlandev="vxlan10"
1083	test_mac=de:ad:be:ef:13:37
1084	localip="10.0.2.2"
1085	dstip="10.0.2.3"
1086	ret=0
1087
1088	bridge fdb help 2>&1 |grep -q 'bridge fdb get'
1089	if [ $? -ne 0 ];then
1090		echo "SKIP: fdb get tests: iproute2 too old"
1091		return $ksft_skip
1092	fi
1093
1094	ip netns add testns
1095	if [ $? -ne 0 ]; then
1096		echo "SKIP fdb get tests: cannot add net namespace $testns"
1097		return $ksft_skip
1098	fi
1099
1100	$IP link add "$vxlandev" type vxlan id 10 local $localip \
1101                dstport 4789 2>/dev/null
1102	check_err $?
1103	$IP link add name "$brdev" type bridge &>/dev/null
1104	check_err $?
1105	$IP link set dev "$vxlandev" master "$brdev" &>/dev/null
1106	check_err $?
1107	$BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null
1108	check_err $?
1109	$BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null
1110	check_err $?
1111
1112	$BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1113	check_err $?
1114	$BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1115	check_err $?
1116	$BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip"
1117	check_err $?
1118
1119	ip netns del testns &>/dev/null
1120
1121	if [ $ret -ne 0 ]; then
1122		echo "FAIL: bridge fdb get"
1123		return 1
1124	fi
1125
1126	echo "PASS: bridge fdb get"
1127}
1128
1129kci_test_neigh_get()
1130{
1131	dstmac=de:ad:be:ef:13:37
1132	dstip=10.0.2.4
1133	dstip6=dead::2
1134	ret=0
1135
1136	ip neigh help 2>&1 |grep -q 'ip neigh get'
1137	if [ $? -ne 0 ];then
1138		echo "SKIP: fdb get tests: iproute2 too old"
1139		return $ksft_skip
1140	fi
1141
1142	# ipv4
1143	ip neigh add $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1144	check_err $?
1145	ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1146	check_err $?
1147	ip neigh del $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1148	check_err $?
1149
1150	# ipv4 proxy
1151	ip neigh add proxy $dstip dev "$devdummy" > /dev/null
1152	check_err $?
1153	ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip"
1154	check_err $?
1155	ip neigh del proxy $dstip dev "$devdummy" > /dev/null
1156	check_err $?
1157
1158	# ipv6
1159	ip neigh add $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1160	check_err $?
1161	ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1162	check_err $?
1163	ip neigh del $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1164	check_err $?
1165
1166	# ipv6 proxy
1167	ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null
1168	check_err $?
1169	ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6"
1170	check_err $?
1171	ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null
1172	check_err $?
1173
1174	if [ $ret -ne 0 ];then
1175		echo "FAIL: neigh get"
1176		return 1
1177	fi
1178
1179	echo "PASS: neigh get"
1180}
1181
1182kci_test_rtnl()
1183{
1184	kci_add_dummy
1185	if [ $ret -ne 0 ];then
1186		echo "FAIL: cannot add dummy interface"
1187		return 1
1188	fi
1189
1190	kci_test_polrouting
1191	kci_test_route_get
1192	kci_test_addrlft
1193	kci_test_promote_secondaries
1194	kci_test_tc
1195	kci_test_gre
1196	kci_test_gretap
1197	kci_test_ip6gretap
1198	kci_test_erspan
1199	kci_test_ip6erspan
1200	kci_test_bridge
1201	kci_test_addrlabel
1202	kci_test_ifalias
1203	kci_test_vrf
1204	kci_test_encap
1205	kci_test_macsec
1206	kci_test_ipsec
1207	kci_test_ipsec_offload
1208	kci_test_fdb_get
1209	kci_test_neigh_get
1210
1211	kci_del_dummy
1212}
1213
1214#check for needed privileges
1215if [ "$(id -u)" -ne 0 ];then
1216	echo "SKIP: Need root privileges"
1217	exit $ksft_skip
1218fi
1219
1220for x in ip tc;do
1221	$x -Version 2>/dev/null >/dev/null
1222	if [ $? -ne 0 ];then
1223		echo "SKIP: Could not run test without the $x tool"
1224		exit $ksft_skip
1225	fi
1226done
1227
1228kci_test_rtnl
1229
1230exit $ret
1231