Lines Matching +full:1 +full:a
8 # 1. icmp, tcp, udp and netfilter
16 # ns-A | ns-B
23 # ns-A:
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
38 # server / client nomenclature relative to ns-A
56 NSA_IP6=2001:db8:1::1
57 NSB_IP6=2001:db8:1::2
58 VRF_IP6=2001:db8:3::1
59 NS_NET6=2001:db8:1::/120
63 NSA_LO_IP6=2001:db8:2::1
69 MCAST=ff02::1
74 NSA=ns-A
82 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
96 local rc=$1
100 [ "${VERBOSE}" = "1" ] && echo
103 nsuccess=$((nsuccess+1))
106 nfail=$((nfail+1))
111 read a
112 [ "$a" = "q" ] && exit 1
119 read a
120 [ "$a" = "q" ] && exit 1
128 local addr=$1
160 if [ "${VERBOSE}" = "1" ]; then
168 if [ "${VERBOSE}" = "1" ]; then
177 if [ "${VERBOSE}" = "1" ]; then
185 killall nettest ping ping6 >/dev/null 2>&1
186 sleep 1
194 if [ "$VERBOSE" = "1" ]; then
198 out=$($cmd 2>&1)
200 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
238 read a
260 read a
282 read a
288 # set sysctl values in NS-A
301 case "$1" in
303 ::1) echo "IPv6 loopback";;
305 ${NSA_IP}) echo "ns-A IP";;
306 ${NSA_IP6}) echo "ns-A IPv6";;
307 ${NSA_LO_IP}) echo "ns-A loopback IP";;
308 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
309 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
328 local ns=$1
342 [ -z "$addr" ] && return 1
354 local ns=$1
366 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
382 local ns=$1
399 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
400 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
401 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
402 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
408 local ns1=$1
453 ip netns del ${NSC} >/dev/null 2>&1
458 ip link del ${NSA_DEV2} >/dev/null 2>&1
460 ip netns del ${NSC} >/dev/null 2>&1
466 # ns-B but for a device NOT in the VRF
474 local with_vrf=${1}
476 # make sure we are starting with a clean slate
491 # tell ns-A how to get to remote addresses of ns-B
507 # tell ns-B how to get to remote addresses of ns-A
513 sleep 1
518 # make sure we are starting with a clean slate
543 sleep 1
551 local a
556 for a in ${NSB_IP} ${NSB_LO_IP}
559 run_cmd ping -c1 -w1 ${a}
560 log_test_addr ${a} $? 0 "ping out"
563 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
564 log_test_addr ${a} $? 0 "ping out, device bind"
567 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
568 log_test_addr ${a} $? 0 "ping out, address bind"
574 for a in ${NSA_IP} ${NSA_LO_IP}
577 run_cmd_nsb ping -c1 -w1 ${a}
578 log_test_addr ${a} $? 0 "ping in"
584 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
587 run_cmd ping -c1 -w1 ${a}
588 log_test_addr ${a} $? 0 "ping local"
595 a=${NSA_IP}
597 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
598 log_test_addr ${a} $? 0 "ping local, device bind"
601 # fails in a really weird way though because ipv4 special cases
603 for a in ${NSA_LO_IP} 127.0.0.1
607 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
608 log_test_addr ${a} $? 1 "ping local, device bind"
620 a=${NSB_LO_IP}
621 run_cmd ping -c1 -w1 ${a}
622 log_test_addr ${a} $? 2 "ping out, blocked by rule"
625 # a viable rtable if the oif (e.g., bind to device) is set, so this
627 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
629 a=${NSA_LO_IP}
632 run_cmd_nsb ping -c1 -w1 ${a}
633 log_test_addr ${a} $? 1 "ping in, blocked by rule"
635 [ "$VERBOSE" = "1" ] && echo
648 a=${NSB_LO_IP}
649 run_cmd ping -c1 -w1 ${a}
650 log_test_addr ${a} $? 2 "ping out, blocked by route"
653 # a viable rtable if the oif (e.g., bind to device) is set, so this
654 # case succeeds despite not having a route for the address
655 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
657 a=${NSA_LO_IP}
660 run_cmd_nsb ping -c1 -w1 ${a}
661 log_test_addr ${a} $? 1 "ping in, blocked by route"
669 a=${NSB_LO_IP}
670 run_cmd ping -c1 -w1 ${a}
671 log_test_addr ${a} $? 2 "ping out, unreachable default route"
674 # a viable rtable if the oif (e.g., bind to device) is set, so this
675 # case succeeds despite not having a route for the address
676 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
681 local a
684 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
689 for a in ${NSB_IP} ${NSB_LO_IP}
692 run_cmd ping -c1 -w1 -I ${VRF} ${a}
693 log_test_addr ${a} $? 0 "ping out, VRF bind"
696 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
697 log_test_addr ${a} $? 0 "ping out, device bind"
700 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
701 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
704 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
705 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
711 for a in ${NSA_IP} ${VRF_IP}
714 run_cmd_nsb ping -c1 -w1 ${a}
715 log_test_addr ${a} $? 0 "ping in"
721 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
724 show_hint "Source address should be ${a}"
725 run_cmd ping -c1 -w1 -I ${VRF} ${a}
726 log_test_addr ${a} $? 0 "ping local, VRF bind"
733 a=${NSA_IP}
735 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
736 log_test_addr ${a} $? 0 "ping local, device bind"
739 for a in ${VRF_IP} 127.0.0.1
743 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
744 log_test_addr ${a} $? 1 "ping local, device bind"
754 a=${NSB_LO_IP}
755 run_cmd ping -c1 -w1 -I ${VRF} ${a}
756 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
759 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
760 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
762 a=${NSA_LO_IP}
765 run_cmd_nsb ping -c1 -w1 ${a}
766 log_test_addr ${a} $? 1 "ping in, blocked by rule"
768 [ "$VERBOSE" = "1" ] && echo
778 a=${NSB_LO_IP}
779 run_cmd ping -c1 -w1 -I ${VRF} ${a}
780 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
783 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
784 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
786 a=${NSA_LO_IP}
789 run_cmd_nsb ping -c1 -w1 ${a}
790 log_test_addr ${a} $? 1 "ping in, unreachable route"
802 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
831 sleep 1
839 sleep 1
847 sleep 1
855 sleep 1
866 sleep 1
874 sleep 1
882 sleep 1
899 sleep 1
907 sleep 1
915 sleep 1
923 sleep 1
934 sleep 1
942 sleep 1
950 sleep 1
955 # duplicate config between default VRF and a VRF
961 sleep 1
968 sleep 1
976 sleep 1
984 sleep 1
991 sleep 1
998 sleep 1
1006 sleep 1
1014 sleep 1
1023 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1027 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1033 local a
1038 for a in ${NSA_IP} ${NSA_LO_IP}
1042 sleep 1
1043 run_cmd_nsb nettest -r ${a}
1044 log_test_addr ${a} $? 0 "Global server"
1047 a=${NSA_IP}
1050 sleep 1
1051 run_cmd_nsb nettest -r ${a}
1052 log_test_addr ${a} $? 0 "Device server"
1055 for a in ${NSA_IP} ${NSA_LO_IP}
1059 run_cmd_nsb nettest -r ${a}
1060 log_test_addr ${a} $? 1 "No server"
1066 for a in ${NSB_IP} ${NSB_LO_IP}
1070 sleep 1
1071 run_cmd nettest -r ${a} -0 ${NSA_IP}
1072 log_test_addr ${a} $? 0 "Client"
1076 sleep 1
1077 run_cmd nettest -r ${a} -d ${NSA_DEV}
1078 log_test_addr ${a} $? 0 "Client, device bind"
1082 run_cmd nettest -r ${a}
1083 log_test_addr ${a} $? 1 "No server, unbound client"
1087 run_cmd nettest -r ${a} -d ${NSA_DEV}
1088 log_test_addr ${a} $? 1 "No server, device client"
1094 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1098 sleep 1
1099 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1100 log_test_addr ${a} $? 0 "Global server, local connection"
1103 a=${NSA_IP}
1106 sleep 1
1107 run_cmd nettest -r ${a} -0 ${a}
1108 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1110 for a in ${NSA_LO_IP} 127.0.0.1
1115 sleep 1
1116 run_cmd nettest -r ${a}
1117 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1120 a=${NSA_IP}
1123 sleep 1
1124 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1125 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1127 for a in ${NSA_LO_IP} 127.0.0.1
1132 sleep 1
1133 run_cmd nettest -r ${a} -d ${NSA_DEV}
1134 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1137 a=${NSA_IP}
1140 sleep 1
1141 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1142 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1146 run_cmd nettest -d ${NSA_DEV} -r ${a}
1147 log_test_addr ${a} $? 1 "No server, device client, local conn"
1149 [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf
1154 local a
1164 for a in ${NSA_IP} ${VRF_IP}
1169 sleep 1
1170 run_cmd_nsb nettest -r ${a}
1171 log_test_addr ${a} $? 1 "Global server"
1175 sleep 1
1176 run_cmd_nsb nettest -r ${a}
1177 log_test_addr ${a} $? 0 "VRF server"
1181 sleep 1
1182 run_cmd_nsb nettest -r ${a}
1183 log_test_addr ${a} $? 0 "Device server"
1188 run_cmd_nsb nettest -r ${a}
1189 log_test_addr ${a} $? 1 "No server"
1194 a=${NSA_IP}
1198 sleep 1
1199 run_cmd nettest -r ${a} -d ${NSA_DEV}
1200 log_test_addr ${a} $? 1 "Global server, local connection"
1213 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1215 for a in ${NSA_IP} ${VRF_IP}
1220 sleep 1
1221 run_cmd_nsb nettest -r ${a}
1222 log_test_addr ${a} $? 0 "Global server"
1227 sleep 1
1228 run_cmd_nsb nettest -r ${a}
1229 log_test_addr ${a} $? 0 "VRF server"
1234 run_cmd_nsb nettest -r ${a}
1235 log_test_addr ${a} $? 1 "No server"
1238 a=${NSA_IP}
1242 sleep 1
1243 run_cmd_nsb nettest -r ${a}
1244 log_test_addr ${a} $? 0 "Device server"
1247 for a in ${NSA_IP} ${VRF_IP}
1252 sleep 1
1253 run_cmd nettest -r ${a}
1254 log_test_addr ${a} $? 1 "Global server, local connection"
1260 for a in ${NSB_IP} ${NSB_LO_IP}
1264 sleep 1
1265 run_cmd nettest -r ${a} -d ${VRF}
1266 log_test_addr ${a} $? 0 "Client, VRF bind"
1270 sleep 1
1271 run_cmd nettest -r ${a} -d ${NSA_DEV}
1272 log_test_addr ${a} $? 0 "Client, device bind"
1276 run_cmd nettest -r ${a} -d ${VRF}
1277 log_test_addr ${a} $? 1 "No server, VRF client"
1281 run_cmd nettest -r ${a} -d ${NSA_DEV}
1282 log_test_addr ${a} $? 1 "No server, device client"
1285 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1289 sleep 1
1290 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1291 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1294 a=${NSA_IP}
1297 sleep 1
1298 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1299 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1304 sleep 1
1305 run_cmd nettest -r ${a}
1306 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1310 sleep 1
1311 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1312 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1316 sleep 1
1317 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1318 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1333 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1346 local a
1351 for a in ${NSA_IP} ${NSA_LO_IP}
1355 sleep 1
1356 run_cmd_nsb nettest -D -r ${a}
1357 log_test_addr ${a} $? 0 "Global server"
1361 run_cmd_nsb nettest -D -r ${a}
1362 log_test_addr ${a} $? 1 "No server"
1365 a=${NSA_IP}
1368 sleep 1
1369 run_cmd_nsb nettest -D -r ${a}
1370 log_test_addr ${a} $? 0 "Device server"
1375 for a in ${NSB_IP} ${NSB_LO_IP}
1379 sleep 1
1380 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1381 log_test_addr ${a} $? 0 "Client"
1385 sleep 1
1386 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1387 log_test_addr ${a} $? 0 "Client, device bind"
1391 sleep 1
1392 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1393 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1397 sleep 1
1398 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1399 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1403 run_cmd nettest -D -r ${a}
1404 log_test_addr ${a} $? 1 "No server, unbound client"
1408 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1409 log_test_addr ${a} $? 1 "No server, device client"
1415 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1419 sleep 1
1420 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1421 log_test_addr ${a} $? 0 "Global server, local connection"
1424 a=${NSA_IP}
1427 sleep 1
1428 run_cmd nettest -D -r ${a}
1429 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1431 for a in ${NSA_LO_IP} 127.0.0.1
1436 sleep 1
1437 run_cmd nettest -D -r ${a}
1438 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1441 a=${NSA_IP}
1444 sleep 1
1445 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1446 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1450 sleep 1
1451 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1452 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1456 sleep 1
1457 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1458 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1463 for a in ${NSA_LO_IP} 127.0.0.1
1468 sleep 1
1469 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1470 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1475 sleep 1
1476 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1477 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1482 sleep 1
1483 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1484 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1487 a=${NSA_IP}
1490 sleep 1
1491 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1492 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1495 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1496 log_test_addr ${a} $? 2 "No server, device client, local conn"
1501 local a
1510 for a in ${NSA_IP} ${VRF_IP}
1513 show_hint "Fails because ingress is in a VRF and global server is disabled"
1515 sleep 1
1516 run_cmd_nsb nettest -D -r ${a}
1517 log_test_addr ${a} $? 1 "Global server"
1521 sleep 1
1522 run_cmd_nsb nettest -D -r ${a}
1523 log_test_addr ${a} $? 0 "VRF server"
1527 sleep 1
1528 run_cmd_nsb nettest -D -r ${a}
1529 log_test_addr ${a} $? 0 "Enslaved device server"
1533 run_cmd_nsb nettest -D -r ${a}
1534 log_test_addr ${a} $? 1 "No server"
1539 sleep 1
1540 run_cmd nettest -D -d ${VRF} -r ${a}
1541 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1544 a=${NSA_IP}
1547 sleep 1
1548 run_cmd nettest -D -d ${VRF} -r ${a}
1549 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1553 sleep 1
1554 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1555 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1557 a=${NSA_IP}
1560 sleep 1
1561 run_cmd nettest -D -d ${VRF} -r ${a}
1562 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1566 sleep 1
1567 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1568 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1572 set_sysctl net.ipv4.udp_l3mdev_accept=1
1577 for a in ${NSA_IP} ${VRF_IP}
1581 sleep 1
1582 run_cmd_nsb nettest -D -r ${a}
1583 log_test_addr ${a} $? 0 "Global server"
1587 sleep 1
1588 run_cmd_nsb nettest -D -r ${a}
1589 log_test_addr ${a} $? 0 "VRF server"
1593 sleep 1
1594 run_cmd_nsb nettest -D -r ${a}
1595 log_test_addr ${a} $? 0 "Enslaved device server"
1599 run_cmd_nsb nettest -D -r ${a}
1600 log_test_addr ${a} $? 1 "No server"
1608 sleep 1
1609 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1614 sleep 1
1615 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1622 log_test $? 1 "No server, VRF client"
1627 log_test $? 1 "No server, enslaved device client"
1632 a=${NSA_IP}
1635 sleep 1
1636 run_cmd nettest -D -d ${VRF} -r ${a}
1637 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1641 sleep 1
1642 run_cmd nettest -D -d ${VRF} -r ${a}
1643 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1647 sleep 1
1648 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1649 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1653 sleep 1
1654 run_cmd nettest -D -d ${VRF} -r ${a}
1655 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1659 sleep 1
1660 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1661 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1663 for a in ${VRF_IP} 127.0.0.1
1667 sleep 1
1668 run_cmd nettest -D -d ${VRF} -r ${a}
1669 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1672 for a in ${VRF_IP} 127.0.0.1
1676 sleep 1
1677 run_cmd nettest -D -d ${VRF} -r ${a}
1678 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1683 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1687 run_cmd nettest -D -d ${VRF} -r ${a}
1688 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1705 set_sysctl net.ipv4.udp_l3mdev_accept=1
1723 for a in ${NSA_IP} ${NSA_LO_IP}
1726 run_cmd nettest -s -R -P icmp -l ${a} -b
1727 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1730 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1731 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1737 a=${NSA_IP}
1739 run_cmd nettest -l ${a} -r ${NSB_IP} -t1 -b
1740 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1743 run_cmd nettest -l ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1744 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1746 # Sadly, the kernel allows binding a socket to a device and then
1750 #a=${NSA_LO_IP}
1753 #run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1754 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1762 for a in ${NSA_IP} ${VRF_IP}
1766 run_cmd nettest -s -R -P icmp -l ${a} -b
1767 log_test_addr ${a} $? 1 "Raw socket bind to local address"
1770 run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b
1771 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1773 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1774 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1777 a=${NSA_LO_IP}
1780 run_cmd nettest -s -R -P icmp -l ${a} -d ${VRF} -b
1781 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1786 for a in ${NSA_IP} ${VRF_IP}
1789 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1790 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1793 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1794 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1797 a=${NSA_LO_IP}
1800 run_cmd nettest -s -l ${a} -d ${VRF} -t1 -b
1801 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
1805 run_cmd nettest -s -l ${a} -d ${NSA_DEV} -t1 -b
1806 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
1827 local desc="$1"
1830 local a
1835 for a in ${NSA_IP} ${VRF_IP}
1839 sleep 1
1840 run_cmd_nsb nettest ${varg} -r ${a} &
1843 sleep 1
1844 log_test_addr ${a} 0 0 "${desc}, global server"
1849 for a in ${NSA_IP} ${VRF_IP}
1853 sleep 1
1854 run_cmd_nsb nettest ${varg} -r ${a} &
1857 sleep 1
1858 log_test_addr ${a} 0 0 "${desc}, VRF server"
1863 a=${NSA_IP}
1866 sleep 1
1867 run_cmd_nsb nettest ${varg} -r ${a} &
1870 sleep 1
1871 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
1880 sleep 1
1884 sleep 1
1885 log_test_addr ${a} 0 0 "${desc}, VRF client"
1891 sleep 1
1895 sleep 1
1896 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
1903 for a in ${NSA_IP} ${VRF_IP}
1907 sleep 1
1908 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1911 sleep 1
1912 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
1917 for a in ${NSA_IP} ${VRF_IP}
1921 sleep 1
1922 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
1925 sleep 1
1926 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
1931 a=${NSA_IP}
1934 sleep 1
1935 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1938 sleep 1
1939 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
1945 sleep 1
1946 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1949 sleep 1
1950 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
1956 sleep 1
1957 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
1960 sleep 1
1961 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
1967 local a
1969 for a in ${NSA_IP} ${VRF_IP}
1972 run_cmd_nsb ping -f ${a} &
1975 sleep 1
1976 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
1981 a=${NSB_IP}
1983 run_cmd ping -f -I ${VRF} ${a} &
1986 sleep 1
1987 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
1998 ipv4_rt "TCP active socket" "-n -1"
2009 local a
2011 # should not have an impact, but make a known state
2017 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2020 run_cmd ${ping6} -c1 -w1 ${a}
2021 log_test_addr ${a} $? 0 "ping out"
2024 for a in ${NSB_IP6} ${NSB_LO_IP6}
2027 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2028 log_test_addr ${a} $? 0 "ping out, device bind"
2031 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2032 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2038 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2041 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2042 log_test_addr ${a} $? 0 "ping in"
2048 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2051 run_cmd ${ping6} -c1 -w1 ${a}
2052 log_test_addr ${a} $? 0 "ping local, no bind"
2055 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2058 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2059 log_test_addr ${a} $? 0 "ping local, device bind"
2062 for a in ${NSA_LO_IP6} ::1
2066 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2067 log_test_addr ${a} $? 2 "ping local, device bind"
2079 a=${NSB_LO_IP6}
2080 run_cmd ${ping6} -c1 -w1 ${a}
2081 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2084 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2085 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2087 a=${NSA_LO_IP6}
2090 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2091 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2106 a=${NSB_LO_IP6}
2107 run_cmd ${ping6} -c1 -w1 ${a}
2108 log_test_addr ${a} $? 2 "ping out, blocked by route"
2111 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2112 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2114 a=${NSA_LO_IP6}
2117 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2118 log_test_addr ${a} $? 1 "ping in, blocked by route"
2128 a=${NSB_LO_IP6}
2129 run_cmd ${ping6} -c1 -w1 ${a}
2130 log_test_addr ${a} $? 2 "ping out, unreachable route"
2133 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2134 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2139 local a
2142 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2147 for a in ${NSB_IP6} ${NSB_LO_IP6}
2150 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2151 log_test_addr ${a} $? 0 "ping out, VRF bind"
2154 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2158 run_cmd ${ping6} -c1 -w1 ${a}
2159 log_test_addr ${a} $? 1 "ping out, VRF bind"
2162 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2165 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2166 log_test_addr ${a} $? 0 "ping out, device bind"
2169 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2172 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2173 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2179 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2182 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2183 log_test_addr ${a} $? 0 "ping in"
2186 a=${NSA_LO_IP6}
2189 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2190 log_test_addr ${a} $? 1 "ping in"
2195 for a in ${NSA_IP6} ${VRF_IP6} ::1
2198 show_hint "Source address should be ${a}"
2199 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2200 log_test_addr ${a} $? 0 "ping local, VRF bind"
2203 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2206 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2207 log_test_addr ${a} $? 0 "ping local, device bind"
2215 for a in ${NSA_IP6} ${VRF_IP6}
2219 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2233 a=${NSB_LO_IP6}
2234 run_cmd ${ping6} -c1 -w1 ${a}
2235 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2238 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2239 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2241 a=${NSA_LO_IP6}
2244 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2245 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2257 a=${NSB_LO_IP6}
2258 run_cmd ${ping6} -c1 -w1 ${a}
2259 log_test_addr ${a} $? 2 "ping out, unreachable route"
2262 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2263 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2266 a=${NSA_LO_IP6}
2268 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2269 log_test_addr ${a} $? 2 "ping in, unreachable route"
2306 sleep 1
2314 sleep 1
2322 sleep 1
2330 sleep 1
2341 sleep 1
2349 sleep 1
2357 sleep 1
2374 sleep 1
2382 sleep 1
2390 sleep 1
2398 sleep 1
2409 sleep 1
2417 sleep 1
2425 sleep 1
2430 # duplicate config between default VRF and a VRF
2436 sleep 1
2443 sleep 1
2451 sleep 1
2459 sleep 1
2466 sleep 1
2473 sleep 1
2481 sleep 1
2489 sleep 1
2498 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2502 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2508 local a
2513 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2517 sleep 1
2518 run_cmd_nsb nettest -6 -r ${a}
2519 log_test_addr ${a} $? 0 "Global server"
2523 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2527 run_cmd_nsb nettest -6 -r ${a}
2528 log_test_addr ${a} $? 1 "No server"
2534 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2538 sleep 1
2539 run_cmd nettest -6 -r ${a}
2540 log_test_addr ${a} $? 0 "Client"
2543 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2547 sleep 1
2548 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2549 log_test_addr ${a} $? 0 "Client, device bind"
2552 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2556 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2557 log_test_addr ${a} $? 1 "No server, device client"
2563 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2567 sleep 1
2568 run_cmd nettest -6 -r ${a}
2569 log_test_addr ${a} $? 0 "Global server, local connection"
2572 a=${NSA_IP6}
2575 sleep 1
2576 run_cmd nettest -6 -r ${a} -0 ${a}
2577 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2579 for a in ${NSA_LO_IP6} ::1
2584 sleep 1
2585 run_cmd nettest -6 -r ${a}
2586 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2589 a=${NSA_IP6}
2592 sleep 1
2593 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2594 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2596 for a in ${NSA_LO_IP6} ::1
2601 sleep 1
2602 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2603 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2606 for a in ${NSA_IP6} ${NSA_LINKIP6}
2610 sleep 1
2611 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2612 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2615 for a in ${NSA_IP6} ${NSA_LINKIP6}
2619 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2620 log_test_addr ${a} $? 1 "No server, device client, local conn"
2623 [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf
2628 local a
2638 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2643 sleep 1
2644 run_cmd_nsb nettest -6 -r ${a}
2645 log_test_addr ${a} $? 1 "Global server"
2648 for a in ${NSA_IP6} ${VRF_IP6}
2652 sleep 1
2653 run_cmd_nsb nettest -6 -r ${a}
2654 log_test_addr ${a} $? 0 "VRF server"
2658 a=${NSA_LINKIP6}%${NSB_DEV}
2661 sleep 1
2662 run_cmd_nsb nettest -6 -r ${a}
2663 log_test_addr ${a} $? 0 "VRF server"
2665 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2669 sleep 1
2670 run_cmd_nsb nettest -6 -r ${a}
2671 log_test_addr ${a} $? 0 "Device server"
2675 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2679 run_cmd_nsb nettest -6 -r ${a}
2680 log_test_addr ${a} $? 1 "No server"
2684 a=${NSA_IP6}
2688 sleep 1
2689 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2690 log_test_addr ${a} $? 1 "Global server, local connection"
2703 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2705 for a in ${NSA_IP6} ${VRF_IP6}
2709 sleep 1
2710 run_cmd_nsb nettest -6 -r ${a}
2711 log_test_addr ${a} $? 0 "Global server"
2714 for a in ${NSA_IP6} ${VRF_IP6}
2718 sleep 1
2719 run_cmd_nsb nettest -6 -r ${a}
2720 log_test_addr ${a} $? 0 "VRF server"
2724 a=${NSA_LINKIP6}%${NSB_DEV}
2727 sleep 1
2728 run_cmd_nsb nettest -6 -r ${a}
2729 log_test_addr ${a} $? 0 "Global server"
2733 sleep 1
2734 run_cmd_nsb nettest -6 -r ${a}
2735 log_test_addr ${a} $? 0 "VRF server"
2737 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2741 sleep 1
2742 run_cmd_nsb nettest -6 -r ${a}
2743 log_test_addr ${a} $? 0 "Device server"
2747 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2751 run_cmd_nsb nettest -6 -r ${a}
2752 log_test_addr ${a} $? 1 "No server"
2756 for a in ${NSA_IP6} ${VRF_IP6}
2761 sleep 1
2762 run_cmd nettest -6 -r ${a}
2763 log_test_addr ${a} $? 1 "Global server, local connection"
2770 for a in ${NSB_IP6} ${NSB_LO_IP6}
2774 sleep 1
2775 run_cmd nettest -6 -r ${a} -d ${VRF}
2776 log_test_addr ${a} $? 0 "Client, VRF bind"
2779 a=${NSB_LINKIP6}
2783 sleep 1
2784 run_cmd nettest -6 -r ${a} -d ${VRF}
2785 log_test_addr ${a} $? 1 "Client, VRF bind"
2787 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2791 sleep 1
2792 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2793 log_test_addr ${a} $? 0 "Client, device bind"
2796 for a in ${NSB_IP6} ${NSB_LO_IP6}
2800 run_cmd nettest -6 -r ${a} -d ${VRF}
2801 log_test_addr ${a} $? 1 "No server, VRF client"
2804 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
2808 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2809 log_test_addr ${a} $? 1 "No server, device client"
2812 for a in ${NSA_IP6} ${VRF_IP6} ::1
2816 sleep 1
2817 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2818 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
2821 a=${NSA_IP6}
2824 sleep 1
2825 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2826 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2828 a=${NSA_IP6}
2832 sleep 1
2833 run_cmd nettest -6 -r ${a}
2834 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2838 sleep 1
2839 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2840 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2842 for a in ${NSA_IP6} ${NSA_LINKIP6}
2846 sleep 1
2847 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2848 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2864 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2877 local a
2882 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2886 sleep 1
2887 run_cmd_nsb nettest -6 -D -r ${a}
2888 log_test_addr ${a} $? 0 "Global server"
2892 sleep 1
2893 run_cmd_nsb nettest -6 -D -r ${a}
2894 log_test_addr ${a} $? 0 "Device server"
2897 a=${NSA_LO_IP6}
2900 sleep 1
2901 run_cmd_nsb nettest -6 -D -r ${a}
2902 log_test_addr ${a} $? 0 "Global server"
2904 # should fail since loopback address is out of scope for a device
2910 #sleep 1
2911 #run_cmd_nsb nettest -6 -D -r ${a}
2912 #log_test_addr ${a} $? 1 "Device server"
2915 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2919 run_cmd_nsb nettest -6 -D -r ${a}
2920 log_test_addr ${a} $? 1 "No server"
2926 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2930 sleep 1
2931 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
2932 log_test_addr ${a} $? 0 "Client"
2936 sleep 1
2937 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
2938 log_test_addr ${a} $? 0 "Client, device bind"
2942 sleep 1
2943 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
2944 log_test_addr ${a} $? 0 "Client, device send via cmsg"
2948 sleep 1
2949 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
2950 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
2954 run_cmd nettest -6 -D -r ${a}
2955 log_test_addr ${a} $? 1 "No server, unbound client"
2959 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
2960 log_test_addr ${a} $? 1 "No server, device client"
2966 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2970 sleep 1
2971 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
2972 log_test_addr ${a} $? 0 "Global server, local connection"
2975 a=${NSA_IP6}
2978 sleep 1
2979 run_cmd nettest -6 -D -r ${a}
2980 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2982 for a in ${NSA_LO_IP6} ::1
2987 sleep 1
2988 run_cmd nettest -6 -D -r ${a}
2989 log_test_addr ${a} $? 1 "Device server, local connection"
2992 a=${NSA_IP6}
2995 sleep 1
2996 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
2997 log_test_addr ${a} $? 0 "Global server, device client, local connection"
3001 sleep 1
3002 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3003 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
3007 sleep 1
3008 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3009 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
3011 for a in ${NSA_LO_IP6} ::1
3016 sleep 1
3017 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3018 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3023 sleep 1
3024 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3025 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3030 sleep 1
3031 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3032 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3035 a=${NSA_IP6}
3038 sleep 1
3039 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3040 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3044 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3045 log_test_addr ${a} $? 1 "No server, device client, local conn"
3052 sleep 1
3062 local a
3071 for a in ${NSA_IP6} ${VRF_IP6}
3076 sleep 1
3077 run_cmd_nsb nettest -6 -D -r ${a}
3078 log_test_addr ${a} $? 1 "Global server"
3081 for a in ${NSA_IP6} ${VRF_IP6}
3085 sleep 1
3086 run_cmd_nsb nettest -6 -D -r ${a}
3087 log_test_addr ${a} $? 0 "VRF server"
3090 for a in ${NSA_IP6} ${VRF_IP6}
3094 sleep 1
3095 run_cmd_nsb nettest -6 -D -r ${a}
3096 log_test_addr ${a} $? 0 "Enslaved device server"
3100 for a in ${NSA_IP6} ${VRF_IP6}
3104 run_cmd_nsb nettest -6 -D -r ${a}
3105 log_test_addr ${a} $? 1 "No server"
3111 for a in ${NSA_IP6} ${VRF_IP6}
3116 sleep 1
3117 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3118 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3121 for a in ${NSA_IP6} ${VRF_IP6}
3125 sleep 1
3126 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3127 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3130 a=${NSA_IP6}
3134 sleep 1
3135 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3136 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3140 sleep 1
3141 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3142 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3146 sleep 1
3147 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3148 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3152 sleep 1
3153 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3154 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3158 set_sysctl net.ipv4.udp_l3mdev_accept=1
3163 for a in ${NSA_IP6} ${VRF_IP6}
3167 sleep 1
3168 run_cmd_nsb nettest -6 -D -r ${a}
3169 log_test_addr ${a} $? 0 "Global server"
3172 for a in ${NSA_IP6} ${VRF_IP6}
3176 sleep 1
3177 run_cmd_nsb nettest -6 -D -r ${a}
3178 log_test_addr ${a} $? 0 "VRF server"
3181 for a in ${NSA_IP6} ${VRF_IP6}
3185 sleep 1
3186 run_cmd_nsb nettest -6 -D -r ${a}
3187 log_test_addr ${a} $? 0 "Enslaved device server"
3191 for a in ${NSA_IP6} ${VRF_IP6}
3194 run_cmd_nsb nettest -6 -D -r ${a}
3195 log_test_addr ${a} $? 1 "No server"
3203 sleep 1
3210 log_test $? 1 "No server, VRF client"
3214 sleep 1
3221 log_test $? 1 "No server, enslaved device client"
3226 a=${NSA_IP6}
3229 sleep 1
3230 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3231 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3235 sleep 1
3236 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3237 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3240 a=${VRF_IP6}
3243 sleep 1
3244 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3245 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3249 sleep 1
3250 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3251 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3254 for a in ${NSA_IP6} ${VRF_IP6}
3257 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3258 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3262 a=${NSA_IP6}
3265 sleep 1
3266 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3267 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3271 sleep 1
3272 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3273 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3277 sleep 1
3278 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3279 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3283 sleep 1
3284 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3285 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3288 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3289 log_test_addr ${a} $? 1 "No server, device client, local conn"
3295 sleep 1
3301 log_test $? 1 "No server, linklocal IP"
3306 sleep 1
3312 log_test $? 1 "No server, device client, peer linklocal IP"
3317 sleep 1
3323 log_test $? 1 "No server, device client, local conn - linklocal IP"
3330 sleep 1
3341 set_sysctl net.ipv4.udp_early_demux=1
3353 set_sysctl net.ipv4.udp_l3mdev_accept=1
3369 for a in ${NSA_IP6} ${NSA_LO_IP6}
3372 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3373 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3376 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
3377 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3383 a=${NSA_IP6}
3385 run_cmd nettest -6 -s -l ${a} -t1 -b
3386 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3389 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3390 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3392 # Sadly, the kernel allows binding a socket to a device and then
3395 a=${NSA_LO_IP6}
3398 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3399 log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address"
3407 for a in ${NSA_IP6} ${VRF_IP6}
3410 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
3411 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3414 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${NSA_DEV} -b
3415 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3418 a=${NSA_LO_IP6}
3421 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -d ${VRF} -b
3422 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3427 # address on enslaved device is valid for the VRF or device in a VRF
3428 for a in ${NSA_IP6} ${VRF_IP6}
3431 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
3432 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3435 a=${NSA_IP6}
3437 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3438 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3440 # Sadly, the kernel allows binding a socket to a device and then
3444 a=${VRF_IP6}
3447 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3448 log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind"
3450 a=${NSA_LO_IP6}
3453 run_cmd nettest -6 -s -l ${a} -d ${VRF} -t1 -b
3454 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3458 run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b
3459 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3481 local desc="$1"
3484 local a
3489 for a in ${NSA_IP6} ${VRF_IP6}
3493 sleep 1
3494 run_cmd_nsb nettest ${varg} -r ${a} &
3497 sleep 1
3498 log_test_addr ${a} 0 0 "${desc}, global server"
3503 for a in ${NSA_IP6} ${VRF_IP6}
3507 sleep 1
3508 run_cmd_nsb nettest ${varg} -r ${a} &
3511 sleep 1
3512 log_test_addr ${a} 0 0 "${desc}, VRF server"
3517 for a in ${NSA_IP6} ${VRF_IP6}
3521 sleep 1
3522 run_cmd_nsb nettest ${varg} -r ${a} &
3525 sleep 1
3526 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3536 sleep 1
3540 sleep 1
3547 sleep 1
3551 sleep 1
3560 for a in ${NSA_IP6} ${VRF_IP6}
3564 sleep 1
3565 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3568 sleep 1
3569 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3574 for a in ${NSA_IP6} ${VRF_IP6}
3578 sleep 1
3579 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3582 sleep 1
3583 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3588 a=${NSA_IP6}
3591 sleep 1
3592 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3595 sleep 1
3596 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3602 sleep 1
3603 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3606 sleep 1
3607 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3613 sleep 1
3614 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3617 sleep 1
3618 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3624 local a
3626 a=${NSA_IP6}
3628 run_cmd_nsb ${ping6} -f ${a} &
3631 sleep 1
3632 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3638 sleep 1
3640 sleep 1
3641 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3652 ipv6_rt "TCP active socket" "-n -1"
3658 ipv6_rt "UDP active socket" "-D -n -1"
3666 local a
3668 for a in ${NSA_IP} ${VRF_IP}
3672 sleep 1
3673 run_cmd_nsb nettest -r ${a}
3674 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3680 local stype="$1"
3682 local a
3686 for a in ${NSA_IP} ${VRF_IP}
3690 sleep 1
3691 run_cmd_nsb nettest ${arg} -r ${a}
3692 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3702 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3711 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3712 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3723 local a
3725 for a in ${NSA_IP6} ${VRF_IP6}
3729 sleep 1
3730 run_cmd_nsb nettest -6 -r ${a}
3731 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3737 local stype="$1"
3739 local a
3743 for a in ${NSA_IP6} ${VRF_IP6}
3747 sleep 1
3748 run_cmd_nsb nettest -6 ${arg} -r ${a}
3749 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3759 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3767 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3768 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3781 # ns-A device enslaved to bridge. Verify traffic with and without
3842 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
3848 sleep 1
3865 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3883 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
3892 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
3897 # only want reply from ns-A
3898 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3899 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
3908 # cycle/flap the first ns-A interface
3911 sleep 1
3919 # cycle/flap the second ns-A interface
3922 sleep 1
3975 v) VERBOSE=1;;
3977 *) usage; exit 1;;