1#!/bin/bash 2# 3# This test is for checking rtnetlink callpaths, and get as much coverage as possible. 4# 5# set -e 6 7devdummy="test-dummy0" 8 9# Kselftest framework requirement - SKIP code is 4. 10ksft_skip=4 11 12# set global exit status, but never reset nonzero one. 13check_err() 14{ 15 if [ $ret -eq 0 ]; then 16 ret=$1 17 fi 18} 19 20# same but inverted -- used when command must fail for test to pass 21check_fail() 22{ 23 if [ $1 -eq 0 ]; then 24 ret=1 25 fi 26} 27 28kci_add_dummy() 29{ 30 ip link add name "$devdummy" type dummy 31 check_err $? 32 ip link set "$devdummy" up 33 check_err $? 34} 35 36kci_del_dummy() 37{ 38 ip link del dev "$devdummy" 39 check_err $? 40} 41 42kci_test_netconf() 43{ 44 dev="$1" 45 r=$ret 46 47 ip netconf show dev "$dev" > /dev/null 48 check_err $? 49 50 for f in 4 6; do 51 ip -$f netconf show dev "$dev" > /dev/null 52 check_err $? 53 done 54 55 if [ $ret -ne 0 ] ;then 56 echo "FAIL: ip netconf show $dev" 57 test $r -eq 0 && ret=0 58 return 1 59 fi 60} 61 62# add a bridge with vlans on top 63kci_test_bridge() 64{ 65 devbr="test-br0" 66 vlandev="testbr-vlan1" 67 68 local ret=0 69 ip link add name "$devbr" type bridge 70 check_err $? 71 72 ip link set dev "$devdummy" master "$devbr" 73 check_err $? 74 75 ip link set "$devbr" up 76 check_err $? 77 78 ip link add link "$devbr" name "$vlandev" type vlan id 1 79 check_err $? 80 ip addr add dev "$vlandev" 10.200.7.23/30 81 check_err $? 82 ip -6 addr add dev "$vlandev" dead:42::1234/64 83 check_err $? 84 ip -d link > /dev/null 85 check_err $? 86 ip r s t all > /dev/null 87 check_err $? 88 89 for name in "$devbr" "$vlandev" "$devdummy" ; do 90 kci_test_netconf "$name" 91 done 92 93 ip -6 addr del dev "$vlandev" dead:42::1234/64 94 check_err $? 95 96 ip link del dev "$vlandev" 97 check_err $? 98 ip link del dev "$devbr" 99 check_err $? 100 101 if [ $ret -ne 0 ];then 102 echo "FAIL: bridge setup" 103 return 1 104 fi 105 echo "PASS: bridge setup" 106 107} 108 109kci_test_gre() 110{ 111 gredev=neta 112 rem=10.42.42.1 113 loc=10.0.0.1 114 115 local ret=0 116 ip tunnel add $gredev mode gre remote $rem local $loc ttl 1 117 check_err $? 118 ip link set $gredev up 119 check_err $? 120 ip addr add 10.23.7.10 dev $gredev 121 check_err $? 122 ip route add 10.23.8.0/30 dev $gredev 123 check_err $? 124 ip addr add dev "$devdummy" 10.23.7.11/24 125 check_err $? 126 ip link > /dev/null 127 check_err $? 128 ip addr > /dev/null 129 check_err $? 130 131 kci_test_netconf "$gredev" 132 133 ip addr del dev "$devdummy" 10.23.7.11/24 134 check_err $? 135 136 ip link del $gredev 137 check_err $? 138 139 if [ $ret -ne 0 ];then 140 echo "FAIL: gre tunnel endpoint" 141 return 1 142 fi 143 echo "PASS: gre tunnel endpoint" 144} 145 146# tc uses rtnetlink too, for full tc testing 147# please see tools/testing/selftests/tc-testing. 148kci_test_tc() 149{ 150 dev=lo 151 local ret=0 152 153 tc qdisc add dev "$dev" root handle 1: htb 154 check_err $? 155 tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit 156 check_err $? 157 tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256 158 check_err $? 159 tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256 160 check_err $? 161 tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256 162 check_err $? 163 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10 164 check_err $? 165 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10 166 check_err $? 167 tc filter show dev "$dev" parent 1:0 > /dev/null 168 check_err $? 169 tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 170 check_err $? 171 tc filter show dev "$dev" parent 1:0 > /dev/null 172 check_err $? 173 tc qdisc del dev "$dev" root handle 1: htb 174 check_err $? 175 176 if [ $ret -ne 0 ];then 177 echo "FAIL: tc htb hierarchy" 178 return 1 179 fi 180 echo "PASS: tc htb hierarchy" 181 182} 183 184kci_test_polrouting() 185{ 186 local ret=0 187 ip rule add fwmark 1 lookup 100 188 check_err $? 189 ip route add local 0.0.0.0/0 dev lo table 100 190 check_err $? 191 ip r s t all > /dev/null 192 check_err $? 193 ip rule del fwmark 1 lookup 100 194 check_err $? 195 ip route del local 0.0.0.0/0 dev lo table 100 196 check_err $? 197 198 if [ $ret -ne 0 ];then 199 echo "FAIL: policy route test" 200 return 1 201 fi 202 echo "PASS: policy routing" 203} 204 205kci_test_route_get() 206{ 207 local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy) 208 209 local ret=0 210 211 ip route get 127.0.0.1 > /dev/null 212 check_err $? 213 ip route get 127.0.0.1 dev "$devdummy" > /dev/null 214 check_err $? 215 ip route get ::1 > /dev/null 216 check_err $? 217 ip route get fe80::1 dev "$devdummy" > /dev/null 218 check_err $? 219 ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null 220 check_err $? 221 ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null 222 check_err $? 223 ip addr add dev "$devdummy" 10.23.7.11/24 224 check_err $? 225 ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null 226 check_err $? 227 ip route add 10.23.8.0/24 \ 228 nexthop via 10.23.7.13 dev "$devdummy" \ 229 nexthop via 10.23.7.14 dev "$devdummy" 230 check_err $? 231 sysctl -wq net.ipv4.fib_multipath_hash_policy=0 232 ip route get 10.23.8.11 > /dev/null 233 check_err $? 234 sysctl -wq net.ipv4.fib_multipath_hash_policy=1 235 ip route get 10.23.8.11 > /dev/null 236 check_err $? 237 sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy" 238 ip route del 10.23.8.0/24 239 check_err $? 240 ip addr del dev "$devdummy" 10.23.7.11/24 241 check_err $? 242 243 if [ $ret -ne 0 ];then 244 echo "FAIL: route get" 245 return 1 246 fi 247 248 echo "PASS: route get" 249} 250 251kci_test_addrlft() 252{ 253 for i in $(seq 10 100) ;do 254 lft=$(((RANDOM%3) + 1)) 255 ip addr add 10.23.11.$i/32 dev "$devdummy" preferred_lft $lft valid_lft $((lft+1)) 256 check_err $? 257 done 258 259 sleep 5 260 261 ip addr show dev "$devdummy" | grep "10.23.11." 262 if [ $? -eq 0 ]; then 263 echo "FAIL: preferred_lft addresses remaining" 264 check_err 1 265 return 266 fi 267 268 echo "PASS: preferred_lft addresses have expired" 269} 270 271kci_test_promote_secondaries() 272{ 273 promote=$(sysctl -n net.ipv4.conf.$devdummy.promote_secondaries) 274 275 sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=1 276 277 for i in $(seq 2 254);do 278 IP="10.23.11.$i" 279 ip -f inet addr add $IP/16 brd + dev "$devdummy" 280 ifconfig "$devdummy" $IP netmask 255.255.0.0 281 done 282 283 ip addr flush dev "$devdummy" 284 285 [ $promote -eq 0 ] && sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=0 286 287 echo "PASS: promote_secondaries complete" 288} 289 290kci_test_addrlabel() 291{ 292 local ret=0 293 294 ip addrlabel add prefix dead::/64 dev lo label 1 295 check_err $? 296 297 ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1" 298 check_err $? 299 300 ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null 301 check_err $? 302 303 ip addrlabel add prefix dead::/64 label 1 2> /dev/null 304 check_err $? 305 306 ip addrlabel del prefix dead::/64 label 1 2> /dev/null 307 check_err $? 308 309 # concurrent add/delete 310 for i in $(seq 1 1000); do 311 ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null 312 done & 313 314 for i in $(seq 1 1000); do 315 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null 316 done 317 318 wait 319 320 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null 321 322 if [ $ret -ne 0 ];then 323 echo "FAIL: ipv6 addrlabel" 324 return 1 325 fi 326 327 echo "PASS: ipv6 addrlabel" 328} 329 330kci_test_ifalias() 331{ 332 local ret=0 333 namewant=$(uuidgen) 334 syspathname="/sys/class/net/$devdummy/ifalias" 335 336 ip link set dev "$devdummy" alias "$namewant" 337 check_err $? 338 339 if [ $ret -ne 0 ]; then 340 echo "FAIL: cannot set interface alias of $devdummy to $namewant" 341 return 1 342 fi 343 344 ip link show "$devdummy" | grep -q "alias $namewant" 345 check_err $? 346 347 if [ -r "$syspathname" ] ; then 348 read namehave < "$syspathname" 349 if [ "$namewant" != "$namehave" ]; then 350 echo "FAIL: did set ifalias $namewant but got $namehave" 351 return 1 352 fi 353 354 namewant=$(uuidgen) 355 echo "$namewant" > "$syspathname" 356 ip link show "$devdummy" | grep -q "alias $namewant" 357 check_err $? 358 359 # sysfs interface allows to delete alias again 360 echo "" > "$syspathname" 361 362 ip link show "$devdummy" | grep -q "alias $namewant" 363 check_fail $? 364 365 for i in $(seq 1 100); do 366 uuidgen > "$syspathname" & 367 done 368 369 wait 370 371 # re-add the alias -- kernel should free mem when dummy dev is removed 372 ip link set dev "$devdummy" alias "$namewant" 373 check_err $? 374 fi 375 376 if [ $ret -ne 0 ]; then 377 echo "FAIL: set interface alias $devdummy to $namewant" 378 return 1 379 fi 380 381 echo "PASS: set ifalias $namewant for $devdummy" 382} 383 384kci_test_vrf() 385{ 386 vrfname="test-vrf" 387 local ret=0 388 389 ip link show type vrf 2>/dev/null 390 if [ $? -ne 0 ]; then 391 echo "SKIP: vrf: iproute2 too old" 392 return $ksft_skip 393 fi 394 395 ip link add "$vrfname" type vrf table 10 396 check_err $? 397 if [ $ret -ne 0 ];then 398 echo "FAIL: can't add vrf interface, skipping test" 399 return 0 400 fi 401 402 ip -br link show type vrf | grep -q "$vrfname" 403 check_err $? 404 if [ $ret -ne 0 ];then 405 echo "FAIL: created vrf device not found" 406 return 1 407 fi 408 409 ip link set dev "$vrfname" up 410 check_err $? 411 412 ip link set dev "$devdummy" master "$vrfname" 413 check_err $? 414 ip link del dev "$vrfname" 415 check_err $? 416 417 if [ $ret -ne 0 ];then 418 echo "FAIL: vrf" 419 return 1 420 fi 421 422 echo "PASS: vrf" 423} 424 425kci_test_encap_vxlan() 426{ 427 local ret=0 428 vxlan="test-vxlan0" 429 vlan="test-vlan0" 430 testns="$1" 431 432 ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \ 433 dev "$devdummy" dstport 4789 2>/dev/null 434 if [ $? -ne 0 ]; then 435 echo "FAIL: can't add vxlan interface, skipping test" 436 return 0 437 fi 438 check_err $? 439 440 ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan" 441 check_err $? 442 443 ip -netns "$testns" link set up dev "$vxlan" 444 check_err $? 445 446 ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1 447 check_err $? 448 449 # changelink testcases 450 ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null 451 check_fail $? 452 453 ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null 454 check_fail $? 455 456 ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null 457 check_fail $? 458 459 ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64 460 check_err $? 461 462 ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning 463 check_err $? 464 465 ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null 466 check_fail $? 467 468 ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null 469 check_fail $? 470 471 ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null 472 check_fail $? 473 474 ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null 475 check_fail $? 476 477 ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null 478 check_fail $? 479 480 ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null 481 check_fail $? 482 483 ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null 484 check_fail $? 485 486 ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null 487 check_fail $? 488 489 ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null 490 check_fail $? 491 492 ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null 493 check_fail $? 494 495 ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null 496 check_fail $? 497 498 ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null 499 check_fail $? 500 501 ip -netns "$testns" link del "$vxlan" 502 check_err $? 503 504 if [ $ret -ne 0 ]; then 505 echo "FAIL: vxlan" 506 return 1 507 fi 508 echo "PASS: vxlan" 509} 510 511kci_test_encap_fou() 512{ 513 local ret=0 514 name="test-fou" 515 testns="$1" 516 517 ip fou help 2>&1 |grep -q 'Usage: ip fou' 518 if [ $? -ne 0 ];then 519 echo "SKIP: fou: iproute2 too old" 520 return $ksft_skip 521 fi 522 523 if ! /sbin/modprobe -q -n fou; then 524 echo "SKIP: module fou is not found" 525 return $ksft_skip 526 fi 527 /sbin/modprobe -q fou 528 ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null 529 if [ $? -ne 0 ];then 530 echo "FAIL: can't add fou port 7777, skipping test" 531 return 1 532 fi 533 534 ip -netns "$testns" fou add port 8888 ipproto 4 535 check_err $? 536 537 ip -netns "$testns" fou del port 9999 2>/dev/null 538 check_fail $? 539 540 ip -netns "$testns" fou del port 7777 541 check_err $? 542 543 if [ $ret -ne 0 ]; then 544 echo "FAIL: fou" 545 return 1 546 fi 547 548 echo "PASS: fou" 549} 550 551# test various encap methods, use netns to avoid unwanted interference 552kci_test_encap() 553{ 554 testns="testns" 555 local ret=0 556 557 ip netns add "$testns" 558 if [ $? -ne 0 ]; then 559 echo "SKIP encap tests: cannot add net namespace $testns" 560 return $ksft_skip 561 fi 562 563 ip -netns "$testns" link set lo up 564 check_err $? 565 566 ip -netns "$testns" link add name "$devdummy" type dummy 567 check_err $? 568 ip -netns "$testns" link set "$devdummy" up 569 check_err $? 570 571 kci_test_encap_vxlan "$testns" 572 check_err $? 573 kci_test_encap_fou "$testns" 574 check_err $? 575 576 ip netns del "$testns" 577 return $ret 578} 579 580kci_test_macsec() 581{ 582 msname="test_macsec0" 583 local ret=0 584 585 ip macsec help 2>&1 | grep -q "^Usage: ip macsec" 586 if [ $? -ne 0 ]; then 587 echo "SKIP: macsec: iproute2 too old" 588 return $ksft_skip 589 fi 590 591 ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on 592 check_err $? 593 if [ $ret -ne 0 ];then 594 echo "FAIL: can't add macsec interface, skipping test" 595 return 1 596 fi 597 598 ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012 599 check_err $? 600 601 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" 602 check_err $? 603 604 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef 605 check_err $? 606 607 ip macsec show > /dev/null 608 check_err $? 609 610 ip link del dev "$msname" 611 check_err $? 612 613 if [ $ret -ne 0 ];then 614 echo "FAIL: macsec" 615 return 1 616 fi 617 618 echo "PASS: macsec" 619} 620 621#------------------------------------------------------------------- 622# Example commands 623# ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ 624# spi 0x07 mode transport reqid 0x07 replay-window 32 \ 625# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ 626# sel src 14.0.0.52/24 dst 14.0.0.70/24 627# ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ 628# tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ 629# spi 0x07 mode transport reqid 0x07 630# 631# Subcommands not tested 632# ip x s update 633# ip x s allocspi 634# ip x s deleteall 635# ip x p update 636# ip x p deleteall 637# ip x p set 638#------------------------------------------------------------------- 639kci_test_ipsec() 640{ 641 local ret=0 642 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" 643 srcip=192.168.123.1 644 dstip=192.168.123.2 645 spi=7 646 647 ip addr add $srcip dev $devdummy 648 649 # flush to be sure there's nothing configured 650 ip x s flush ; ip x p flush 651 check_err $? 652 653 # start the monitor in the background 654 tmpfile=`mktemp /var/run/ipsectestXXX` 655 mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null` 656 sleep 0.2 657 658 ipsecid="proto esp src $srcip dst $dstip spi 0x07" 659 ip x s add $ipsecid \ 660 mode transport reqid 0x07 replay-window 32 \ 661 $algo sel src $srcip/24 dst $dstip/24 662 check_err $? 663 664 lines=`ip x s list | grep $srcip | grep $dstip | wc -l` 665 test $lines -eq 2 666 check_err $? 667 668 ip x s count | grep -q "SAD count 1" 669 check_err $? 670 671 lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l` 672 test $lines -eq 2 673 check_err $? 674 675 ip x s delete $ipsecid 676 check_err $? 677 678 lines=`ip x s list | wc -l` 679 test $lines -eq 0 680 check_err $? 681 682 ipsecsel="dir out src $srcip/24 dst $dstip/24" 683 ip x p add $ipsecsel \ 684 tmpl proto esp src $srcip dst $dstip \ 685 spi 0x07 mode transport reqid 0x07 686 check_err $? 687 688 lines=`ip x p list | grep $srcip | grep $dstip | wc -l` 689 test $lines -eq 2 690 check_err $? 691 692 ip x p count | grep -q "SPD IN 0 OUT 1 FWD 0" 693 check_err $? 694 695 lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l` 696 test $lines -eq 2 697 check_err $? 698 699 ip x p delete $ipsecsel 700 check_err $? 701 702 lines=`ip x p list | wc -l` 703 test $lines -eq 0 704 check_err $? 705 706 # check the monitor results 707 kill $mpid 708 lines=`wc -l $tmpfile | cut "-d " -f1` 709 test $lines -eq 20 710 check_err $? 711 rm -rf $tmpfile 712 713 # clean up any leftovers 714 ip x s flush 715 check_err $? 716 ip x p flush 717 check_err $? 718 ip addr del $srcip/32 dev $devdummy 719 720 if [ $ret -ne 0 ]; then 721 echo "FAIL: ipsec" 722 return 1 723 fi 724 echo "PASS: ipsec" 725} 726 727#------------------------------------------------------------------- 728# Example commands 729# ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ 730# spi 0x07 mode transport reqid 0x07 replay-window 32 \ 731# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ 732# sel src 14.0.0.52/24 dst 14.0.0.70/24 733# offload dev sim1 dir out 734# ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ 735# tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ 736# spi 0x07 mode transport reqid 0x07 737# 738#------------------------------------------------------------------- 739kci_test_ipsec_offload() 740{ 741 local ret=0 742 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" 743 srcip=192.168.123.3 744 dstip=192.168.123.4 745 sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/ 746 sysfsf=$sysfsd/ipsec 747 sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/ 748 probed=false 749 750 # setup netdevsim since dummydev doesn't have offload support 751 if [ ! -w /sys/bus/netdevsim/new_device ] ; then 752 modprobe -q netdevsim 753 check_err $? 754 if [ $ret -ne 0 ]; then 755 echo "SKIP: ipsec_offload can't load netdevsim" 756 return $ksft_skip 757 fi 758 probed=true 759 fi 760 761 echo "0" > /sys/bus/netdevsim/new_device 762 while [ ! -d $sysfsnet ] ; do :; done 763 udevadm settle 764 dev=`ls $sysfsnet` 765 766 ip addr add $srcip dev $dev 767 ip link set $dev up 768 if [ ! -d $sysfsd ] ; then 769 echo "FAIL: ipsec_offload can't create device $dev" 770 return 1 771 fi 772 if [ ! -f $sysfsf ] ; then 773 echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload" 774 return 1 775 fi 776 777 # flush to be sure there's nothing configured 778 ip x s flush ; ip x p flush 779 780 # create offloaded SAs, both in and out 781 ip x p add dir out src $srcip/24 dst $dstip/24 \ 782 tmpl proto esp src $srcip dst $dstip spi 9 \ 783 mode transport reqid 42 784 check_err $? 785 ip x p add dir in src $dstip/24 dst $srcip/24 \ 786 tmpl proto esp src $dstip dst $srcip spi 9 \ 787 mode transport reqid 42 788 check_err $? 789 790 ip x s add proto esp src $srcip dst $dstip spi 9 \ 791 mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \ 792 offload dev $dev dir out 793 check_err $? 794 ip x s add proto esp src $dstip dst $srcip spi 9 \ 795 mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \ 796 offload dev $dev dir in 797 check_err $? 798 if [ $ret -ne 0 ]; then 799 echo "FAIL: ipsec_offload can't create SA" 800 return 1 801 fi 802 803 # does offload show up in ip output 804 lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"` 805 if [ $lines -ne 2 ] ; then 806 echo "FAIL: ipsec_offload SA offload missing from list output" 807 check_err 1 808 fi 809 810 # use ping to exercise the Tx path 811 ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null 812 813 # does driver have correct offload info 814 diff $sysfsf - << EOF 815SA count=2 tx=3 816sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000 817sa[0] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1 818sa[0] key=0x34333231 38373635 32313039 36353433 819sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0 820sa[1] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1 821sa[1] key=0x34333231 38373635 32313039 36353433 822EOF 823 if [ $? -ne 0 ] ; then 824 echo "FAIL: ipsec_offload incorrect driver data" 825 check_err 1 826 fi 827 828 # does offload get removed from driver 829 ip x s flush 830 ip x p flush 831 lines=`grep -c "SA count=0" $sysfsf` 832 if [ $lines -ne 1 ] ; then 833 echo "FAIL: ipsec_offload SA not removed from driver" 834 check_err 1 835 fi 836 837 # clean up any leftovers 838 echo 0 > /sys/bus/netdevsim/del_device 839 $probed && rmmod netdevsim 840 841 if [ $ret -ne 0 ]; then 842 echo "FAIL: ipsec_offload" 843 return 1 844 fi 845 echo "PASS: ipsec_offload" 846} 847 848kci_test_gretap() 849{ 850 testns="testns" 851 DEV_NS=gretap00 852 local ret=0 853 854 ip netns add "$testns" 855 if [ $? -ne 0 ]; then 856 echo "SKIP gretap tests: cannot add net namespace $testns" 857 return $ksft_skip 858 fi 859 860 ip link help gretap 2>&1 | grep -q "^Usage:" 861 if [ $? -ne 0 ];then 862 echo "SKIP: gretap: iproute2 too old" 863 ip netns del "$testns" 864 return $ksft_skip 865 fi 866 867 # test native tunnel 868 ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \ 869 key 102 local 172.16.1.100 remote 172.16.1.200 870 check_err $? 871 872 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 873 check_err $? 874 875 ip -netns "$testns" link set dev $DEV_NS up 876 check_err $? 877 878 ip -netns "$testns" link del "$DEV_NS" 879 check_err $? 880 881 # test external mode 882 ip -netns "$testns" link add dev "$DEV_NS" type gretap external 883 check_err $? 884 885 ip -netns "$testns" link del "$DEV_NS" 886 check_err $? 887 888 if [ $ret -ne 0 ]; then 889 echo "FAIL: gretap" 890 ip netns del "$testns" 891 return 1 892 fi 893 echo "PASS: gretap" 894 895 ip netns del "$testns" 896} 897 898kci_test_ip6gretap() 899{ 900 testns="testns" 901 DEV_NS=ip6gretap00 902 local ret=0 903 904 ip netns add "$testns" 905 if [ $? -ne 0 ]; then 906 echo "SKIP ip6gretap tests: cannot add net namespace $testns" 907 return $ksft_skip 908 fi 909 910 ip link help ip6gretap 2>&1 | grep -q "^Usage:" 911 if [ $? -ne 0 ];then 912 echo "SKIP: ip6gretap: iproute2 too old" 913 ip netns del "$testns" 914 return $ksft_skip 915 fi 916 917 # test native tunnel 918 ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \ 919 key 102 local fc00:100::1 remote fc00:100::2 920 check_err $? 921 922 ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96 923 check_err $? 924 925 ip -netns "$testns" link set dev $DEV_NS up 926 check_err $? 927 928 ip -netns "$testns" link del "$DEV_NS" 929 check_err $? 930 931 # test external mode 932 ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external 933 check_err $? 934 935 ip -netns "$testns" link del "$DEV_NS" 936 check_err $? 937 938 if [ $ret -ne 0 ]; then 939 echo "FAIL: ip6gretap" 940 ip netns del "$testns" 941 return 1 942 fi 943 echo "PASS: ip6gretap" 944 945 ip netns del "$testns" 946} 947 948kci_test_erspan() 949{ 950 testns="testns" 951 DEV_NS=erspan00 952 local ret=0 953 954 ip link help erspan 2>&1 | grep -q "^Usage:" 955 if [ $? -ne 0 ];then 956 echo "SKIP: erspan: iproute2 too old" 957 return $ksft_skip 958 fi 959 960 ip netns add "$testns" 961 if [ $? -ne 0 ]; then 962 echo "SKIP erspan tests: cannot add net namespace $testns" 963 return $ksft_skip 964 fi 965 966 # test native tunnel erspan v1 967 ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \ 968 key 102 local 172.16.1.100 remote 172.16.1.200 \ 969 erspan_ver 1 erspan 488 970 check_err $? 971 972 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 973 check_err $? 974 975 ip -netns "$testns" link set dev $DEV_NS up 976 check_err $? 977 978 ip -netns "$testns" link del "$DEV_NS" 979 check_err $? 980 981 # test native tunnel erspan v2 982 ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \ 983 key 102 local 172.16.1.100 remote 172.16.1.200 \ 984 erspan_ver 2 erspan_dir ingress erspan_hwid 7 985 check_err $? 986 987 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 988 check_err $? 989 990 ip -netns "$testns" link set dev $DEV_NS up 991 check_err $? 992 993 ip -netns "$testns" link del "$DEV_NS" 994 check_err $? 995 996 # test external mode 997 ip -netns "$testns" link add dev "$DEV_NS" type erspan external 998 check_err $? 999 1000 ip -netns "$testns" link del "$DEV_NS" 1001 check_err $? 1002 1003 if [ $ret -ne 0 ]; then 1004 echo "FAIL: erspan" 1005 ip netns del "$testns" 1006 return 1 1007 fi 1008 echo "PASS: erspan" 1009 1010 ip netns del "$testns" 1011} 1012 1013kci_test_ip6erspan() 1014{ 1015 testns="testns" 1016 DEV_NS=ip6erspan00 1017 local ret=0 1018 1019 ip link help ip6erspan 2>&1 | grep -q "^Usage:" 1020 if [ $? -ne 0 ];then 1021 echo "SKIP: ip6erspan: iproute2 too old" 1022 return $ksft_skip 1023 fi 1024 1025 ip netns add "$testns" 1026 if [ $? -ne 0 ]; then 1027 echo "SKIP ip6erspan tests: cannot add net namespace $testns" 1028 return $ksft_skip 1029 fi 1030 1031 # test native tunnel ip6erspan v1 1032 ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \ 1033 key 102 local fc00:100::1 remote fc00:100::2 \ 1034 erspan_ver 1 erspan 488 1035 check_err $? 1036 1037 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 1038 check_err $? 1039 1040 ip -netns "$testns" link set dev $DEV_NS up 1041 check_err $? 1042 1043 ip -netns "$testns" link del "$DEV_NS" 1044 check_err $? 1045 1046 # test native tunnel ip6erspan v2 1047 ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \ 1048 key 102 local fc00:100::1 remote fc00:100::2 \ 1049 erspan_ver 2 erspan_dir ingress erspan_hwid 7 1050 check_err $? 1051 1052 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24 1053 check_err $? 1054 1055 ip -netns "$testns" link set dev $DEV_NS up 1056 check_err $? 1057 1058 ip -netns "$testns" link del "$DEV_NS" 1059 check_err $? 1060 1061 # test external mode 1062 ip -netns "$testns" link add dev "$DEV_NS" \ 1063 type ip6erspan external 1064 check_err $? 1065 1066 ip -netns "$testns" link del "$DEV_NS" 1067 check_err $? 1068 1069 if [ $ret -ne 0 ]; then 1070 echo "FAIL: ip6erspan" 1071 ip netns del "$testns" 1072 return 1 1073 fi 1074 echo "PASS: ip6erspan" 1075 1076 ip netns del "$testns" 1077} 1078 1079kci_test_fdb_get() 1080{ 1081 IP="ip -netns testns" 1082 BRIDGE="bridge -netns testns" 1083 brdev="test-br0" 1084 vxlandev="vxlan10" 1085 test_mac=de:ad:be:ef:13:37 1086 localip="10.0.2.2" 1087 dstip="10.0.2.3" 1088 local ret=0 1089 1090 bridge fdb help 2>&1 |grep -q 'bridge fdb get' 1091 if [ $? -ne 0 ];then 1092 echo "SKIP: fdb get tests: iproute2 too old" 1093 return $ksft_skip 1094 fi 1095 1096 ip netns add testns 1097 if [ $? -ne 0 ]; then 1098 echo "SKIP fdb get tests: cannot add net namespace $testns" 1099 return $ksft_skip 1100 fi 1101 1102 $IP link add "$vxlandev" type vxlan id 10 local $localip \ 1103 dstport 4789 2>/dev/null 1104 check_err $? 1105 $IP link add name "$brdev" type bridge &>/dev/null 1106 check_err $? 1107 $IP link set dev "$vxlandev" master "$brdev" &>/dev/null 1108 check_err $? 1109 $BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null 1110 check_err $? 1111 $BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null 1112 check_err $? 1113 1114 $BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev" 1115 check_err $? 1116 $BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev" 1117 check_err $? 1118 $BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip" 1119 check_err $? 1120 1121 ip netns del testns &>/dev/null 1122 1123 if [ $ret -ne 0 ]; then 1124 echo "FAIL: bridge fdb get" 1125 return 1 1126 fi 1127 1128 echo "PASS: bridge fdb get" 1129} 1130 1131kci_test_neigh_get() 1132{ 1133 dstmac=de:ad:be:ef:13:37 1134 dstip=10.0.2.4 1135 dstip6=dead::2 1136 local ret=0 1137 1138 ip neigh help 2>&1 |grep -q 'ip neigh get' 1139 if [ $? -ne 0 ];then 1140 echo "SKIP: fdb get tests: iproute2 too old" 1141 return $ksft_skip 1142 fi 1143 1144 # ipv4 1145 ip neigh add $dstip lladdr $dstmac dev "$devdummy" > /dev/null 1146 check_err $? 1147 ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac" 1148 check_err $? 1149 ip neigh del $dstip lladdr $dstmac dev "$devdummy" > /dev/null 1150 check_err $? 1151 1152 # ipv4 proxy 1153 ip neigh add proxy $dstip dev "$devdummy" > /dev/null 1154 check_err $? 1155 ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip" 1156 check_err $? 1157 ip neigh del proxy $dstip dev "$devdummy" > /dev/null 1158 check_err $? 1159 1160 # ipv6 1161 ip neigh add $dstip6 lladdr $dstmac dev "$devdummy" > /dev/null 1162 check_err $? 1163 ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac" 1164 check_err $? 1165 ip neigh del $dstip6 lladdr $dstmac dev "$devdummy" > /dev/null 1166 check_err $? 1167 1168 # ipv6 proxy 1169 ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null 1170 check_err $? 1171 ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6" 1172 check_err $? 1173 ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null 1174 check_err $? 1175 1176 if [ $ret -ne 0 ];then 1177 echo "FAIL: neigh get" 1178 return 1 1179 fi 1180 1181 echo "PASS: neigh get" 1182} 1183 1184kci_test_bridge_parent_id() 1185{ 1186 local ret=0 1187 sysfsnet=/sys/bus/netdevsim/devices/netdevsim 1188 probed=false 1189 1190 if [ ! -w /sys/bus/netdevsim/new_device ] ; then 1191 modprobe -q netdevsim 1192 check_err $? 1193 if [ $ret -ne 0 ]; then 1194 echo "SKIP: bridge_parent_id can't load netdevsim" 1195 return $ksft_skip 1196 fi 1197 probed=true 1198 fi 1199 1200 echo "10 1" > /sys/bus/netdevsim/new_device 1201 while [ ! -d ${sysfsnet}10 ] ; do :; done 1202 echo "20 1" > /sys/bus/netdevsim/new_device 1203 while [ ! -d ${sysfsnet}20 ] ; do :; done 1204 udevadm settle 1205 dev10=`ls ${sysfsnet}10/net/` 1206 dev20=`ls ${sysfsnet}20/net/` 1207 1208 ip link add name test-bond0 type bond mode 802.3ad 1209 ip link set dev $dev10 master test-bond0 1210 ip link set dev $dev20 master test-bond0 1211 ip link add name test-br0 type bridge 1212 ip link set dev test-bond0 master test-br0 1213 check_err $? 1214 1215 # clean up any leftovers 1216 ip link del dev test-br0 1217 ip link del dev test-bond0 1218 echo 20 > /sys/bus/netdevsim/del_device 1219 echo 10 > /sys/bus/netdevsim/del_device 1220 $probed && rmmod netdevsim 1221 1222 if [ $ret -ne 0 ]; then 1223 echo "FAIL: bridge_parent_id" 1224 return 1 1225 fi 1226 echo "PASS: bridge_parent_id" 1227} 1228 1229kci_test_rtnl() 1230{ 1231 local ret=0 1232 kci_add_dummy 1233 if [ $ret -ne 0 ];then 1234 echo "FAIL: cannot add dummy interface" 1235 return 1 1236 fi 1237 1238 kci_test_polrouting 1239 check_err $? 1240 kci_test_route_get 1241 check_err $? 1242 kci_test_addrlft 1243 check_err $? 1244 kci_test_promote_secondaries 1245 check_err $? 1246 kci_test_tc 1247 check_err $? 1248 kci_test_gre 1249 check_err $? 1250 kci_test_gretap 1251 check_err $? 1252 kci_test_ip6gretap 1253 check_err $? 1254 kci_test_erspan 1255 check_err $? 1256 kci_test_ip6erspan 1257 check_err $? 1258 kci_test_bridge 1259 check_err $? 1260 kci_test_addrlabel 1261 check_err $? 1262 kci_test_ifalias 1263 check_err $? 1264 kci_test_vrf 1265 check_err $? 1266 kci_test_encap 1267 check_err $? 1268 kci_test_macsec 1269 check_err $? 1270 kci_test_ipsec 1271 check_err $? 1272 kci_test_ipsec_offload 1273 check_err $? 1274 kci_test_fdb_get 1275 check_err $? 1276 kci_test_neigh_get 1277 check_err $? 1278 kci_test_bridge_parent_id 1279 check_err $? 1280 1281 kci_del_dummy 1282 return $ret 1283} 1284 1285#check for needed privileges 1286if [ "$(id -u)" -ne 0 ];then 1287 echo "SKIP: Need root privileges" 1288 exit $ksft_skip 1289fi 1290 1291for x in ip tc;do 1292 $x -Version 2>/dev/null >/dev/null 1293 if [ $? -ne 0 ];then 1294 echo "SKIP: Could not run test without the $x tool" 1295 exit $ksft_skip 1296 fi 1297done 1298 1299kci_test_rtnl 1300 1301exit $? 1302