fcnal-test.sh 114 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360
  1. #!/bin/bash
  2. # SPDX-License-Identifier: GPL-2.0
  3. #
  4. # Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
  5. #
  6. # IPv4 and IPv6 functional tests focusing on VRF and routing lookups
  7. # for various permutations:
  8. # 1. icmp, tcp, udp and netfilter
  9. # 2. client, server, no-server
  10. # 3. global address on interface
  11. # 4. global address on 'lo'
  12. # 5. remote and local traffic
  13. # 6. VRF and non-VRF permutations
  14. #
  15. # Setup:
  16. # ns-A | ns-B
  17. # No VRF case:
  18. # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
  19. # remote address
  20. # VRF case:
  21. # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
  22. #
  23. # ns-A:
  24. # eth1: 172.16.1.1/24, 2001:db8:1::1/64
  25. # lo: 127.0.0.1/8, ::1/128
  26. # 172.16.2.1/32, 2001:db8:2::1/128
  27. # red: 127.0.0.1/8, ::1/128
  28. # 172.16.3.1/32, 2001:db8:3::1/128
  29. #
  30. # ns-B:
  31. # eth1: 172.16.1.2/24, 2001:db8:1::2/64
  32. # lo2: 127.0.0.1/8, ::1/128
  33. # 172.16.2.2/32, 2001:db8:2::2/128
  34. #
  35. # ns-A to ns-C connection - only for VRF and same config
  36. # as ns-A to ns-B
  37. #
  38. # server / client nomenclature relative to ns-A
  39. source lib.sh
  40. PATH=$PWD:$PWD/tools/testing/selftests/net:$PATH
  41. VERBOSE=0
  42. NSA_DEV=eth1
  43. NSA_DEV2=eth2
  44. NSB_DEV=eth1
  45. NSC_DEV=eth2
  46. VRF=red
  47. VRF_TABLE=1101
  48. # IPv4 config
  49. NSA_IP=172.16.1.1
  50. NSB_IP=172.16.1.2
  51. VRF_IP=172.16.3.1
  52. NS_NET=172.16.1.0/24
  53. # IPv6 config
  54. NSA_IP6=2001:db8:1::1
  55. NSB_IP6=2001:db8:1::2
  56. VRF_IP6=2001:db8:3::1
  57. NS_NET6=2001:db8:1::/120
  58. NSA_LO_IP=172.16.2.1
  59. NSB_LO_IP=172.16.2.2
  60. NSA_LO_IP6=2001:db8:2::1
  61. NSB_LO_IP6=2001:db8:2::2
  62. # non-local addresses for freebind tests
  63. NL_IP=172.17.1.1
  64. NL_IP6=2001:db8:4::1
  65. # multicast and broadcast addresses
  66. MCAST_IP=224.0.0.1
  67. BCAST_IP=255.255.255.255
  68. MD5_PW=abc123
  69. MD5_WRONG_PW=abc1234
  70. MCAST=ff02::1
  71. # set after namespace create
  72. NSA_LINKIP6=
  73. NSB_LINKIP6=
  74. which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
  75. # Check if FIPS mode is enabled
  76. if [ -f /proc/sys/crypto/fips_enabled ]; then
  77. fips_enabled=`cat /proc/sys/crypto/fips_enabled`
  78. else
  79. fips_enabled=0
  80. fi
  81. ################################################################################
  82. # utilities
  83. log_test()
  84. {
  85. local rc=$1
  86. local expected=$2
  87. local msg="$3"
  88. local ans
  89. [ "${VERBOSE}" = "1" ] && echo
  90. if [ ${rc} -eq ${expected} ]; then
  91. nsuccess=$((nsuccess+1))
  92. printf "TEST: %-70s [ OK ]\n" "${msg}"
  93. else
  94. nfail=$((nfail+1))
  95. printf "TEST: %-70s [FAIL]\n" "${msg}"
  96. echo " expected rc $expected; actual rc $rc"
  97. if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
  98. echo
  99. echo "hit enter to continue, 'q' to quit"
  100. read ans
  101. [ "$ans" = "q" ] && exit 1
  102. fi
  103. fi
  104. if [ "${PAUSE}" = "yes" ]; then
  105. echo
  106. echo "hit enter to continue, 'q' to quit"
  107. read ans
  108. [ "$ans" = "q" ] && exit 1
  109. fi
  110. kill_procs
  111. }
  112. log_test_addr()
  113. {
  114. local addr=$1
  115. local rc=$2
  116. local expected=$3
  117. local msg="$4"
  118. local astr
  119. astr=$(addr2str ${addr})
  120. log_test $rc $expected "$msg - ${astr}"
  121. }
  122. log_section()
  123. {
  124. echo
  125. echo "###########################################################################"
  126. echo "$*"
  127. echo "###########################################################################"
  128. echo
  129. }
  130. log_subsection()
  131. {
  132. echo
  133. echo "#################################################################"
  134. echo "$*"
  135. echo
  136. }
  137. log_start()
  138. {
  139. # make sure we have no test instances running
  140. kill_procs
  141. if [ "${VERBOSE}" = "1" ]; then
  142. echo
  143. echo "#######################################################"
  144. fi
  145. }
  146. log_debug()
  147. {
  148. if [ "${VERBOSE}" = "1" ]; then
  149. echo
  150. echo "$*"
  151. echo
  152. fi
  153. }
  154. show_hint()
  155. {
  156. if [ "${VERBOSE}" = "1" ]; then
  157. echo "HINT: $*"
  158. echo
  159. fi
  160. }
  161. kill_procs()
  162. {
  163. killall nettest ping ping6 >/dev/null 2>&1
  164. slowwait 2 sh -c 'test -z "$(pgrep '"'^(nettest|ping|ping6)$'"')"'
  165. }
  166. set_ping_group()
  167. {
  168. if [ "$VERBOSE" = "1" ]; then
  169. echo "COMMAND: ${NSA_CMD} sysctl -q -w net.ipv4.ping_group_range='0 2147483647'"
  170. fi
  171. ${NSA_CMD} sysctl -q -w net.ipv4.ping_group_range='0 2147483647'
  172. }
  173. do_run_cmd()
  174. {
  175. local cmd="$*"
  176. local out
  177. if [ "$VERBOSE" = "1" ]; then
  178. echo "COMMAND: ${cmd}"
  179. fi
  180. out=$($cmd 2>&1)
  181. rc=$?
  182. if [ "$VERBOSE" = "1" -a -n "$out" ]; then
  183. echo "$out"
  184. fi
  185. return $rc
  186. }
  187. run_cmd()
  188. {
  189. do_run_cmd ${NSA_CMD} $*
  190. }
  191. run_cmd_nsb()
  192. {
  193. do_run_cmd ${NSB_CMD} $*
  194. }
  195. run_cmd_nsc()
  196. {
  197. do_run_cmd ${NSC_CMD} $*
  198. }
  199. setup_cmd()
  200. {
  201. local cmd="$*"
  202. local rc
  203. run_cmd ${cmd}
  204. rc=$?
  205. if [ $rc -ne 0 ]; then
  206. # show user the command if not done so already
  207. if [ "$VERBOSE" = "0" ]; then
  208. echo "setup command: $cmd"
  209. fi
  210. echo "failed. stopping tests"
  211. if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
  212. echo
  213. echo "hit enter to continue"
  214. read a
  215. fi
  216. exit $rc
  217. fi
  218. }
  219. setup_cmd_nsb()
  220. {
  221. local cmd="$*"
  222. local rc
  223. run_cmd_nsb ${cmd}
  224. rc=$?
  225. if [ $rc -ne 0 ]; then
  226. # show user the command if not done so already
  227. if [ "$VERBOSE" = "0" ]; then
  228. echo "setup command: $cmd"
  229. fi
  230. echo "failed. stopping tests"
  231. if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
  232. echo
  233. echo "hit enter to continue"
  234. read a
  235. fi
  236. exit $rc
  237. fi
  238. }
  239. setup_cmd_nsc()
  240. {
  241. local cmd="$*"
  242. local rc
  243. run_cmd_nsc ${cmd}
  244. rc=$?
  245. if [ $rc -ne 0 ]; then
  246. # show user the command if not done so already
  247. if [ "$VERBOSE" = "0" ]; then
  248. echo "setup command: $cmd"
  249. fi
  250. echo "failed. stopping tests"
  251. if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
  252. echo
  253. echo "hit enter to continue"
  254. read a
  255. fi
  256. exit $rc
  257. fi
  258. }
  259. # set sysctl values in NS-A
  260. set_sysctl()
  261. {
  262. echo "SYSCTL: $*"
  263. echo
  264. run_cmd sysctl -q -w $*
  265. }
  266. # get sysctl values in NS-A
  267. get_sysctl()
  268. {
  269. ${NSA_CMD} sysctl -n $*
  270. }
  271. ################################################################################
  272. # Setup for tests
  273. addr2str()
  274. {
  275. case "$1" in
  276. 127.0.0.1) echo "loopback";;
  277. ::1) echo "IPv6 loopback";;
  278. ${BCAST_IP}) echo "broadcast";;
  279. ${MCAST_IP}) echo "multicast";;
  280. ${NSA_IP}) echo "ns-A IP";;
  281. ${NSA_IP6}) echo "ns-A IPv6";;
  282. ${NSA_LO_IP}) echo "ns-A loopback IP";;
  283. ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
  284. ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
  285. ${NSB_IP}) echo "ns-B IP";;
  286. ${NSB_IP6}) echo "ns-B IPv6";;
  287. ${NSB_LO_IP}) echo "ns-B loopback IP";;
  288. ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
  289. ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
  290. ${NL_IP}) echo "nonlocal IP";;
  291. ${NL_IP6}) echo "nonlocal IPv6";;
  292. ${VRF_IP}) echo "VRF IP";;
  293. ${VRF_IP6}) echo "VRF IPv6";;
  294. ${MCAST}%*) echo "multicast IP";;
  295. *) echo "unknown";;
  296. esac
  297. }
  298. get_linklocal()
  299. {
  300. local ns=$1
  301. local dev=$2
  302. local addr
  303. addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
  304. awk '{
  305. for (i = 3; i <= NF; ++i) {
  306. if ($i ~ /^fe80/)
  307. print $i
  308. }
  309. }'
  310. )
  311. addr=${addr/\/*}
  312. [ -z "$addr" ] && return 1
  313. echo $addr
  314. return 0
  315. }
  316. ################################################################################
  317. # create namespaces and vrf
  318. create_vrf()
  319. {
  320. local ns=$1
  321. local vrf=$2
  322. local table=$3
  323. local addr=$4
  324. local addr6=$5
  325. ip -netns ${ns} link add ${vrf} type vrf table ${table}
  326. ip -netns ${ns} link set ${vrf} up
  327. ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
  328. ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
  329. ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
  330. ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
  331. if [ "${addr}" != "-" ]; then
  332. ip -netns ${ns} addr add dev ${vrf} ${addr}
  333. fi
  334. if [ "${addr6}" != "-" ]; then
  335. ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
  336. fi
  337. ip -netns ${ns} ru del pref 0
  338. ip -netns ${ns} ru add pref 32765 from all lookup local
  339. ip -netns ${ns} -6 ru del pref 0
  340. ip -netns ${ns} -6 ru add pref 32765 from all lookup local
  341. }
  342. create_ns()
  343. {
  344. local ns=$1
  345. local addr=$2
  346. local addr6=$3
  347. if [ "${addr}" != "-" ]; then
  348. ip -netns ${ns} addr add dev lo ${addr}
  349. fi
  350. if [ "${addr6}" != "-" ]; then
  351. ip -netns ${ns} -6 addr add dev lo ${addr6}
  352. fi
  353. ip -netns ${ns} ro add unreachable default metric 8192
  354. ip -netns ${ns} -6 ro add unreachable default metric 8192
  355. ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
  356. ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
  357. ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
  358. ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
  359. ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.accept_dad=0
  360. ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.accept_dad=0
  361. }
  362. # create veth pair to connect namespaces and apply addresses.
  363. connect_ns()
  364. {
  365. local ns1=$1
  366. local ns1_dev=$2
  367. local ns1_addr=$3
  368. local ns1_addr6=$4
  369. local ns2=$5
  370. local ns2_dev=$6
  371. local ns2_addr=$7
  372. local ns2_addr6=$8
  373. ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
  374. ip -netns ${ns1} li set ${ns1_dev} up
  375. ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
  376. ip -netns ${ns2} li set ${ns2_dev} up
  377. if [ "${ns1_addr}" != "-" ]; then
  378. ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
  379. ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
  380. fi
  381. if [ "${ns1_addr6}" != "-" ]; then
  382. ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
  383. ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
  384. fi
  385. }
  386. cleanup()
  387. {
  388. # explicit cleanups to check those code paths
  389. ip netns | grep -q ${NSA}
  390. if [ $? -eq 0 ]; then
  391. ip -netns ${NSA} link delete ${VRF}
  392. ip -netns ${NSA} ro flush table ${VRF_TABLE}
  393. ip -netns ${NSA} addr flush dev ${NSA_DEV}
  394. ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
  395. ip -netns ${NSA} link set dev ${NSA_DEV} down
  396. ip -netns ${NSA} link del dev ${NSA_DEV}
  397. ip netns pids ${NSA} | xargs kill 2>/dev/null
  398. cleanup_ns ${NSA}
  399. fi
  400. ip netns pids ${NSB} | xargs kill 2>/dev/null
  401. ip netns pids ${NSC} | xargs kill 2>/dev/null
  402. cleanup_ns ${NSB} ${NSC}
  403. }
  404. cleanup_vrf_dup()
  405. {
  406. ip link del ${NSA_DEV2} >/dev/null 2>&1
  407. ip netns pids ${NSC} | xargs kill 2>/dev/null
  408. ip netns del ${NSC} >/dev/null 2>&1
  409. }
  410. setup_vrf_dup()
  411. {
  412. # some VRF tests use ns-C which has the same config as
  413. # ns-B but for a device NOT in the VRF
  414. setup_ns NSC
  415. NSC_CMD="ip netns exec ${NSC}"
  416. create_ns ${NSC} "-" "-"
  417. connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
  418. ${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
  419. }
  420. setup()
  421. {
  422. local with_vrf=${1}
  423. # make sure we are starting with a clean slate
  424. kill_procs
  425. cleanup 2>/dev/null
  426. log_debug "Configuring network namespaces"
  427. set -e
  428. setup_ns NSA NSB
  429. NSA_CMD="ip netns exec ${NSA}"
  430. NSB_CMD="ip netns exec ${NSB}"
  431. create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
  432. create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
  433. connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
  434. ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
  435. NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
  436. NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
  437. # tell ns-A how to get to remote addresses of ns-B
  438. if [ "${with_vrf}" = "yes" ]; then
  439. create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
  440. ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
  441. ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
  442. ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
  443. ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
  444. ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
  445. else
  446. ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
  447. ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
  448. fi
  449. # tell ns-B how to get to remote addresses of ns-A
  450. ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
  451. ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
  452. set +e
  453. sleep 1
  454. }
  455. setup_lla_only()
  456. {
  457. # make sure we are starting with a clean slate
  458. kill_procs
  459. cleanup 2>/dev/null
  460. log_debug "Configuring network namespaces"
  461. set -e
  462. setup_ns NSA NSB NSC
  463. NSA_CMD="ip netns exec ${NSA}"
  464. NSB_CMD="ip netns exec ${NSB}"
  465. NSC_CMD="ip netns exec ${NSC}"
  466. create_ns ${NSA} "-" "-"
  467. create_ns ${NSB} "-" "-"
  468. create_ns ${NSC} "-" "-"
  469. connect_ns ${NSA} ${NSA_DEV} "-" "-" \
  470. ${NSB} ${NSB_DEV} "-" "-"
  471. connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
  472. ${NSC} ${NSC_DEV} "-" "-"
  473. NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
  474. NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
  475. NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV})
  476. create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
  477. ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
  478. ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
  479. set +e
  480. sleep 1
  481. }
  482. ################################################################################
  483. # IPv4
  484. ipv4_ping_novrf()
  485. {
  486. local a
  487. #
  488. # out
  489. #
  490. for a in ${NSB_IP} ${NSB_LO_IP}
  491. do
  492. log_start
  493. run_cmd ping -c1 -w1 ${a}
  494. log_test_addr ${a} $? 0 "ping out"
  495. log_start
  496. run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  497. log_test_addr ${a} $? 0 "ping out, device bind"
  498. log_start
  499. run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
  500. log_test_addr ${a} $? 0 "ping out, address bind"
  501. done
  502. #
  503. # out, but don't use gateway if peer is not on link
  504. #
  505. a=${NSB_IP}
  506. log_start
  507. run_cmd ping -c 1 -w 1 -r ${a}
  508. log_test_addr ${a} $? 0 "ping out (don't route), peer on link"
  509. a=${NSB_LO_IP}
  510. log_start
  511. show_hint "Fails since peer is not on link"
  512. run_cmd ping -c 1 -w 1 -r ${a}
  513. log_test_addr ${a} $? 1 "ping out (don't route), peer not on link"
  514. #
  515. # in
  516. #
  517. for a in ${NSA_IP} ${NSA_LO_IP}
  518. do
  519. log_start
  520. run_cmd_nsb ping -c1 -w1 ${a}
  521. log_test_addr ${a} $? 0 "ping in"
  522. done
  523. #
  524. # local traffic
  525. #
  526. for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
  527. do
  528. log_start
  529. run_cmd ping -c1 -w1 ${a}
  530. log_test_addr ${a} $? 0 "ping local"
  531. done
  532. #
  533. # local traffic, socket bound to device
  534. #
  535. # address on device
  536. a=${NSA_IP}
  537. log_start
  538. run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  539. log_test_addr ${a} $? 0 "ping local, device bind"
  540. # loopback addresses not reachable from device bind
  541. # fails in a really weird way though because ipv4 special cases
  542. # route lookups with oif set.
  543. for a in ${NSA_LO_IP} 127.0.0.1
  544. do
  545. log_start
  546. show_hint "Fails since address on loopback device is out of device scope"
  547. run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  548. log_test_addr ${a} $? 1 "ping local, device bind"
  549. done
  550. #
  551. # ip rule blocks reachability to remote address
  552. #
  553. log_start
  554. setup_cmd ip rule add pref 32765 from all lookup local
  555. setup_cmd ip rule del pref 0 from all lookup local
  556. setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
  557. setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
  558. a=${NSB_LO_IP}
  559. run_cmd ping -c1 -w1 ${a}
  560. log_test_addr ${a} $? 2 "ping out, blocked by rule"
  561. # NOTE: ipv4 actually allows the lookup to fail and yet still create
  562. # a viable rtable if the oif (e.g., bind to device) is set, so this
  563. # case succeeds despite the rule
  564. # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  565. a=${NSA_LO_IP}
  566. log_start
  567. show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
  568. run_cmd_nsb ping -c1 -w1 ${a}
  569. log_test_addr ${a} $? 1 "ping in, blocked by rule"
  570. [ "$VERBOSE" = "1" ] && echo
  571. setup_cmd ip rule del pref 32765 from all lookup local
  572. setup_cmd ip rule add pref 0 from all lookup local
  573. setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
  574. setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
  575. #
  576. # route blocks reachability to remote address
  577. #
  578. log_start
  579. setup_cmd ip route replace unreachable ${NSB_LO_IP}
  580. setup_cmd ip route replace unreachable ${NSB_IP}
  581. a=${NSB_LO_IP}
  582. run_cmd ping -c1 -w1 ${a}
  583. log_test_addr ${a} $? 2 "ping out, blocked by route"
  584. # NOTE: ipv4 actually allows the lookup to fail and yet still create
  585. # a viable rtable if the oif (e.g., bind to device) is set, so this
  586. # case succeeds despite not having a route for the address
  587. # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  588. a=${NSA_LO_IP}
  589. log_start
  590. show_hint "Response is dropped (or arp request is ignored) due to ip route"
  591. run_cmd_nsb ping -c1 -w1 ${a}
  592. log_test_addr ${a} $? 1 "ping in, blocked by route"
  593. #
  594. # remove 'remote' routes; fallback to default
  595. #
  596. log_start
  597. setup_cmd ip ro del ${NSB_LO_IP}
  598. a=${NSB_LO_IP}
  599. run_cmd ping -c1 -w1 ${a}
  600. log_test_addr ${a} $? 2 "ping out, unreachable default route"
  601. # NOTE: ipv4 actually allows the lookup to fail and yet still create
  602. # a viable rtable if the oif (e.g., bind to device) is set, so this
  603. # case succeeds despite not having a route for the address
  604. # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  605. }
  606. ipv4_ping_vrf()
  607. {
  608. local a
  609. # should default on; does not exist on older kernels
  610. set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
  611. #
  612. # out
  613. #
  614. for a in ${NSB_IP} ${NSB_LO_IP}
  615. do
  616. log_start
  617. run_cmd ping -c1 -w1 -I ${VRF} ${a}
  618. log_test_addr ${a} $? 0 "ping out, VRF bind"
  619. log_start
  620. run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  621. log_test_addr ${a} $? 0 "ping out, device bind"
  622. log_start
  623. run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
  624. log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
  625. log_start
  626. run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
  627. log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
  628. done
  629. #
  630. # in
  631. #
  632. for a in ${NSA_IP} ${VRF_IP}
  633. do
  634. log_start
  635. run_cmd_nsb ping -c1 -w1 ${a}
  636. log_test_addr ${a} $? 0 "ping in"
  637. done
  638. #
  639. # local traffic, local address
  640. #
  641. for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
  642. do
  643. log_start
  644. show_hint "Source address should be ${a}"
  645. run_cmd ping -c1 -w1 -I ${VRF} ${a}
  646. log_test_addr ${a} $? 0 "ping local, VRF bind"
  647. done
  648. #
  649. # local traffic, socket bound to device
  650. #
  651. # address on device
  652. a=${NSA_IP}
  653. log_start
  654. run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  655. log_test_addr ${a} $? 0 "ping local, device bind"
  656. # vrf device is out of scope
  657. for a in ${VRF_IP} 127.0.0.1
  658. do
  659. log_start
  660. show_hint "Fails since address on vrf device is out of device scope"
  661. run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  662. log_test_addr ${a} $? 2 "ping local, device bind"
  663. done
  664. #
  665. # ip rule blocks address
  666. #
  667. log_start
  668. setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
  669. setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
  670. a=${NSB_LO_IP}
  671. run_cmd ping -c1 -w1 -I ${VRF} ${a}
  672. log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
  673. log_start
  674. run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  675. log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
  676. a=${NSA_LO_IP}
  677. log_start
  678. show_hint "Response lost due to ip rule"
  679. run_cmd_nsb ping -c1 -w1 ${a}
  680. log_test_addr ${a} $? 1 "ping in, blocked by rule"
  681. [ "$VERBOSE" = "1" ] && echo
  682. setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
  683. setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
  684. #
  685. # remove 'remote' routes; fallback to default
  686. #
  687. log_start
  688. setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
  689. a=${NSB_LO_IP}
  690. run_cmd ping -c1 -w1 -I ${VRF} ${a}
  691. log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
  692. log_start
  693. run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
  694. log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
  695. a=${NSA_LO_IP}
  696. log_start
  697. show_hint "Response lost by unreachable route"
  698. run_cmd_nsb ping -c1 -w1 ${a}
  699. log_test_addr ${a} $? 1 "ping in, unreachable route"
  700. }
  701. ipv4_ping()
  702. {
  703. log_section "IPv4 ping"
  704. log_subsection "No VRF"
  705. setup
  706. set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
  707. ipv4_ping_novrf
  708. setup
  709. set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
  710. ipv4_ping_novrf
  711. setup
  712. set_ping_group
  713. ipv4_ping_novrf
  714. log_subsection "With VRF"
  715. setup "yes"
  716. ipv4_ping_vrf
  717. setup "yes"
  718. set_ping_group
  719. ipv4_ping_vrf
  720. }
  721. ################################################################################
  722. # IPv4 TCP
  723. #
  724. # MD5 tests without VRF
  725. #
  726. ipv4_tcp_md5_novrf()
  727. {
  728. #
  729. # single address
  730. #
  731. # basic use case
  732. log_start
  733. run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
  734. wait_local_port_listen ${NSA} 12345 tcp
  735. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  736. log_test $? 0 "MD5: Single address config"
  737. # client sends MD5, server not configured
  738. log_start
  739. show_hint "Should timeout due to MD5 mismatch"
  740. run_cmd nettest -s &
  741. wait_local_port_listen ${NSA} 12345 tcp
  742. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  743. log_test $? 2 "MD5: Server no config, client uses password"
  744. # wrong password
  745. log_start
  746. show_hint "Should timeout since client uses wrong password"
  747. run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
  748. wait_local_port_listen ${NSA} 12345 tcp
  749. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
  750. log_test $? 2 "MD5: Client uses wrong password"
  751. # client from different address
  752. log_start
  753. show_hint "Should timeout due to MD5 mismatch"
  754. run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
  755. wait_local_port_listen ${NSA} 12345 tcp
  756. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  757. log_test $? 2 "MD5: Client address does not match address configured with password"
  758. #
  759. # MD5 extension - prefix length
  760. #
  761. # client in prefix
  762. log_start
  763. run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
  764. wait_local_port_listen ${NSA} 12345 tcp
  765. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  766. log_test $? 0 "MD5: Prefix config"
  767. # client in prefix, wrong password
  768. log_start
  769. show_hint "Should timeout since client uses wrong password"
  770. run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
  771. wait_local_port_listen ${NSA} 12345 tcp
  772. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
  773. log_test $? 2 "MD5: Prefix config, client uses wrong password"
  774. # client outside of prefix
  775. log_start
  776. show_hint "Should timeout due to MD5 mismatch"
  777. run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
  778. wait_local_port_listen ${NSA} 12345 tcp
  779. run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
  780. log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
  781. }
  782. #
  783. # MD5 tests with VRF
  784. #
  785. ipv4_tcp_md5()
  786. {
  787. #
  788. # single address
  789. #
  790. # basic use case
  791. log_start
  792. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
  793. wait_local_port_listen ${NSA} 12345 tcp
  794. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  795. log_test $? 0 "MD5: VRF: Single address config"
  796. # client sends MD5, server not configured
  797. log_start
  798. show_hint "Should timeout since server does not have MD5 auth"
  799. run_cmd nettest -s -I ${VRF} &
  800. wait_local_port_listen ${NSA} 12345 tcp
  801. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  802. log_test $? 2 "MD5: VRF: Server no config, client uses password"
  803. # wrong password
  804. log_start
  805. show_hint "Should timeout since client uses wrong password"
  806. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
  807. wait_local_port_listen ${NSA} 12345 tcp
  808. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
  809. log_test $? 2 "MD5: VRF: Client uses wrong password"
  810. # client from different address
  811. log_start
  812. show_hint "Should timeout since server config differs from client"
  813. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
  814. wait_local_port_listen ${NSA} 12345 tcp
  815. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  816. log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
  817. #
  818. # MD5 extension - prefix length
  819. #
  820. # client in prefix
  821. log_start
  822. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
  823. wait_local_port_listen ${NSA} 12345 tcp
  824. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  825. log_test $? 0 "MD5: VRF: Prefix config"
  826. # client in prefix, wrong password
  827. log_start
  828. show_hint "Should timeout since client uses wrong password"
  829. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
  830. wait_local_port_listen ${NSA} 12345 tcp
  831. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
  832. log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
  833. # client outside of prefix
  834. log_start
  835. show_hint "Should timeout since client address is outside of prefix"
  836. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
  837. wait_local_port_listen ${NSA} 12345 tcp
  838. run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
  839. log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
  840. #
  841. # duplicate config between default VRF and a VRF
  842. #
  843. log_start
  844. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
  845. run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
  846. wait_local_port_listen ${NSA} 12345 tcp
  847. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  848. log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
  849. log_start
  850. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
  851. run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
  852. wait_local_port_listen ${NSA} 12345 tcp
  853. run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
  854. log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
  855. log_start
  856. show_hint "Should timeout since client in default VRF uses VRF password"
  857. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
  858. run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
  859. wait_local_port_listen ${NSA} 12345 tcp
  860. run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
  861. log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
  862. log_start
  863. show_hint "Should timeout since client in VRF uses default VRF password"
  864. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
  865. run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
  866. wait_local_port_listen ${NSA} 12345 tcp
  867. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
  868. log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
  869. log_start
  870. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
  871. run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
  872. wait_local_port_listen ${NSA} 12345 tcp
  873. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  874. log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
  875. log_start
  876. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
  877. run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
  878. wait_local_port_listen ${NSA} 12345 tcp
  879. run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
  880. log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
  881. log_start
  882. show_hint "Should timeout since client in default VRF uses VRF password"
  883. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
  884. run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
  885. wait_local_port_listen ${NSA} 12345 tcp
  886. run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
  887. log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
  888. log_start
  889. show_hint "Should timeout since client in VRF uses default VRF password"
  890. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
  891. run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
  892. wait_local_port_listen ${NSA} 12345 tcp
  893. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
  894. log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
  895. #
  896. # negative tests
  897. #
  898. log_start
  899. run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
  900. log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
  901. log_start
  902. run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
  903. log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
  904. test_ipv4_md5_vrf__vrf_server__no_bind_ifindex
  905. test_ipv4_md5_vrf__global_server__bind_ifindex0
  906. }
  907. test_ipv4_md5_vrf__vrf_server__no_bind_ifindex()
  908. {
  909. log_start
  910. show_hint "Simulates applications using VRF without TCP_MD5SIG_FLAG_IFINDEX"
  911. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
  912. wait_local_port_listen ${NSA} 12345 tcp
  913. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  914. log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
  915. log_start
  916. show_hint "Binding both the socket and the key is not required but it works"
  917. run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
  918. wait_local_port_listen ${NSA} 12345 tcp
  919. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  920. log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
  921. }
  922. test_ipv4_md5_vrf__global_server__bind_ifindex0()
  923. {
  924. # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
  925. local old_tcp_l3mdev_accept
  926. old_tcp_l3mdev_accept=$(get_sysctl net.ipv4.tcp_l3mdev_accept)
  927. set_sysctl net.ipv4.tcp_l3mdev_accept=1
  928. log_start
  929. run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
  930. wait_local_port_listen ${NSA} 12345 tcp
  931. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  932. log_test $? 2 "MD5: VRF: Global server, Key bound to ifindex=0 rejects VRF connection"
  933. log_start
  934. run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
  935. wait_local_port_listen ${NSA} 12345 tcp
  936. run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
  937. log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
  938. log_start
  939. run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
  940. wait_local_port_listen ${NSA} 12345 tcp
  941. run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
  942. log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts VRF connection"
  943. log_start
  944. run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
  945. wait_local_port_listen ${NSA} 12345 tcp
  946. run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
  947. log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
  948. # restore value
  949. set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept"
  950. }
  951. ipv4_tcp_dontroute()
  952. {
  953. local syncookies=$1
  954. local nsa_syncookies
  955. local nsb_syncookies
  956. local a
  957. #
  958. # Link local connection tests (SO_DONTROUTE).
  959. # Connections should succeed only when the remote IP address is
  960. # on link (doesn't need to be routed through a gateway).
  961. #
  962. nsa_syncookies=$(ip netns exec "${NSA}" sysctl -n net.ipv4.tcp_syncookies)
  963. nsb_syncookies=$(ip netns exec "${NSB}" sysctl -n net.ipv4.tcp_syncookies)
  964. ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
  965. ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
  966. # Test with eth1 address (on link).
  967. a=${NSB_IP}
  968. log_start
  969. do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
  970. log_test_addr ${a} $? 0 "SO_DONTROUTE client, syncookies=${syncookies}"
  971. a=${NSB_IP}
  972. log_start
  973. do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute
  974. log_test_addr ${a} $? 0 "SO_DONTROUTE server, syncookies=${syncookies}"
  975. # Test with loopback address (routed).
  976. #
  977. # The client would use the eth1 address as source IP by default.
  978. # Therefore, we need to use the -c option here, to force the use of the
  979. # routed (loopback) address as source IP (so that the server will try
  980. # to respond to a routed address and not a link local one).
  981. a=${NSB_LO_IP}
  982. log_start
  983. show_hint "Should fail 'Network is unreachable' since server is not on link"
  984. do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute
  985. log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}"
  986. a=${NSB_LO_IP}
  987. log_start
  988. show_hint "Should timeout since server cannot respond (client is not on link)"
  989. do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute
  990. log_test_addr ${a} $? 2 "SO_DONTROUTE server, syncookies=${syncookies}"
  991. ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${nsb_syncookies}
  992. ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${nsa_syncookies}
  993. }
  994. ipv4_tcp_novrf()
  995. {
  996. local a
  997. #
  998. # server tests
  999. #
  1000. for a in ${NSA_IP} ${NSA_LO_IP}
  1001. do
  1002. log_start
  1003. run_cmd nettest -s &
  1004. wait_local_port_listen ${NSA} 12345 tcp
  1005. run_cmd_nsb nettest -r ${a}
  1006. log_test_addr ${a} $? 0 "Global server"
  1007. done
  1008. a=${NSA_IP}
  1009. log_start
  1010. run_cmd nettest -s -I ${NSA_DEV} &
  1011. wait_local_port_listen ${NSA} 12345 tcp
  1012. run_cmd_nsb nettest -r ${a}
  1013. log_test_addr ${a} $? 0 "Device server"
  1014. # verify TCP reset sent and received
  1015. for a in ${NSA_IP} ${NSA_LO_IP}
  1016. do
  1017. log_start
  1018. show_hint "Should fail 'Connection refused' since there is no server"
  1019. run_cmd_nsb nettest -r ${a}
  1020. log_test_addr ${a} $? 1 "No server"
  1021. done
  1022. #
  1023. # client
  1024. #
  1025. for a in ${NSB_IP} ${NSB_LO_IP}
  1026. do
  1027. log_start
  1028. run_cmd_nsb nettest -s &
  1029. wait_local_port_listen ${NSB} 12345 tcp
  1030. run_cmd nettest -r ${a} -0 ${NSA_IP}
  1031. log_test_addr ${a} $? 0 "Client"
  1032. log_start
  1033. run_cmd_nsb nettest -s &
  1034. wait_local_port_listen ${NSB} 12345 tcp
  1035. run_cmd nettest -r ${a} -d ${NSA_DEV}
  1036. log_test_addr ${a} $? 0 "Client, device bind"
  1037. log_start
  1038. show_hint "Should fail 'Connection refused'"
  1039. run_cmd nettest -r ${a}
  1040. log_test_addr ${a} $? 1 "No server, unbound client"
  1041. log_start
  1042. show_hint "Should fail 'Connection refused'"
  1043. run_cmd nettest -r ${a} -d ${NSA_DEV}
  1044. log_test_addr ${a} $? 1 "No server, device client"
  1045. done
  1046. #
  1047. # local address tests
  1048. #
  1049. for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
  1050. do
  1051. log_start
  1052. run_cmd nettest -s &
  1053. wait_local_port_listen ${NSA} 12345 tcp
  1054. run_cmd nettest -r ${a} -0 ${a} -1 ${a}
  1055. log_test_addr ${a} $? 0 "Global server, local connection"
  1056. done
  1057. a=${NSA_IP}
  1058. log_start
  1059. run_cmd nettest -s -I ${NSA_DEV} &
  1060. wait_local_port_listen ${NSA} 12345 tcp
  1061. run_cmd nettest -r ${a} -0 ${a}
  1062. log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
  1063. for a in ${NSA_LO_IP} 127.0.0.1
  1064. do
  1065. log_start
  1066. show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
  1067. run_cmd nettest -s -I ${NSA_DEV} &
  1068. wait_local_port_listen ${NSA} 12345 tcp
  1069. run_cmd nettest -r ${a}
  1070. log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
  1071. done
  1072. a=${NSA_IP}
  1073. log_start
  1074. run_cmd nettest -s &
  1075. wait_local_port_listen ${NSA} 12345 tcp
  1076. run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
  1077. log_test_addr ${a} $? 0 "Global server, device client, local connection"
  1078. for a in ${NSA_LO_IP} 127.0.0.1
  1079. do
  1080. log_start
  1081. show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
  1082. run_cmd nettest -s &
  1083. wait_local_port_listen ${NSA} 12345 tcp
  1084. run_cmd nettest -r ${a} -d ${NSA_DEV}
  1085. log_test_addr ${a} $? 1 "Global server, device client, local connection"
  1086. done
  1087. a=${NSA_IP}
  1088. log_start
  1089. run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  1090. wait_local_port_listen ${NSA} 12345 tcp
  1091. run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
  1092. log_test_addr ${a} $? 0 "Device server, device client, local connection"
  1093. log_start
  1094. show_hint "Should fail 'Connection refused'"
  1095. run_cmd nettest -d ${NSA_DEV} -r ${a}
  1096. log_test_addr ${a} $? 1 "No server, device client, local conn"
  1097. [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf
  1098. ipv4_tcp_dontroute 0
  1099. ipv4_tcp_dontroute 2
  1100. }
  1101. ipv4_tcp_vrf()
  1102. {
  1103. local a
  1104. # disable global server
  1105. log_subsection "Global server disabled"
  1106. set_sysctl net.ipv4.tcp_l3mdev_accept=0
  1107. #
  1108. # server tests
  1109. #
  1110. for a in ${NSA_IP} ${VRF_IP}
  1111. do
  1112. log_start
  1113. show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
  1114. run_cmd nettest -s &
  1115. wait_local_port_listen ${NSA} 12345 tcp
  1116. run_cmd_nsb nettest -r ${a}
  1117. log_test_addr ${a} $? 1 "Global server"
  1118. log_start
  1119. run_cmd nettest -s -I ${VRF} -3 ${VRF} &
  1120. wait_local_port_listen ${NSA} 12345 tcp
  1121. run_cmd_nsb nettest -r ${a}
  1122. log_test_addr ${a} $? 0 "VRF server"
  1123. log_start
  1124. run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  1125. wait_local_port_listen ${NSA} 12345 tcp
  1126. run_cmd_nsb nettest -r ${a}
  1127. log_test_addr ${a} $? 0 "Device server"
  1128. # verify TCP reset received
  1129. log_start
  1130. show_hint "Should fail 'Connection refused' since there is no server"
  1131. run_cmd_nsb nettest -r ${a}
  1132. log_test_addr ${a} $? 1 "No server"
  1133. done
  1134. # local address tests
  1135. # (${VRF_IP} and 127.0.0.1 both timeout)
  1136. a=${NSA_IP}
  1137. log_start
  1138. show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
  1139. run_cmd nettest -s &
  1140. wait_local_port_listen ${NSA} 12345 tcp
  1141. run_cmd nettest -r ${a} -d ${NSA_DEV}
  1142. log_test_addr ${a} $? 1 "Global server, local connection"
  1143. # run MD5 tests
  1144. if [ "$fips_enabled" = "0" ]; then
  1145. setup_vrf_dup
  1146. ipv4_tcp_md5
  1147. cleanup_vrf_dup
  1148. fi
  1149. #
  1150. # enable VRF global server
  1151. #
  1152. log_subsection "VRF Global server enabled"
  1153. set_sysctl net.ipv4.tcp_l3mdev_accept=1
  1154. for a in ${NSA_IP} ${VRF_IP}
  1155. do
  1156. log_start
  1157. show_hint "client socket should be bound to VRF"
  1158. run_cmd nettest -s -3 ${VRF} &
  1159. wait_local_port_listen ${NSA} 12345 tcp
  1160. run_cmd_nsb nettest -r ${a}
  1161. log_test_addr ${a} $? 0 "Global server"
  1162. log_start
  1163. show_hint "client socket should be bound to VRF"
  1164. run_cmd nettest -s -I ${VRF} -3 ${VRF} &
  1165. wait_local_port_listen ${NSA} 12345 tcp
  1166. run_cmd_nsb nettest -r ${a}
  1167. log_test_addr ${a} $? 0 "VRF server"
  1168. # verify TCP reset received
  1169. log_start
  1170. show_hint "Should fail 'Connection refused'"
  1171. run_cmd_nsb nettest -r ${a}
  1172. log_test_addr ${a} $? 1 "No server"
  1173. done
  1174. a=${NSA_IP}
  1175. log_start
  1176. show_hint "client socket should be bound to device"
  1177. run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  1178. wait_local_port_listen ${NSA} 12345 tcp
  1179. run_cmd_nsb nettest -r ${a}
  1180. log_test_addr ${a} $? 0 "Device server"
  1181. # local address tests
  1182. for a in ${NSA_IP} ${VRF_IP}
  1183. do
  1184. log_start
  1185. show_hint "Should fail 'Connection refused' since client is not bound to VRF"
  1186. run_cmd nettest -s -I ${VRF} &
  1187. wait_local_port_listen ${NSA} 12345 tcp
  1188. run_cmd nettest -r ${a}
  1189. log_test_addr ${a} $? 1 "Global server, local connection"
  1190. done
  1191. #
  1192. # client
  1193. #
  1194. for a in ${NSB_IP} ${NSB_LO_IP}
  1195. do
  1196. log_start
  1197. run_cmd_nsb nettest -s &
  1198. wait_local_port_listen ${NSB} 12345 tcp
  1199. run_cmd nettest -r ${a} -d ${VRF}
  1200. log_test_addr ${a} $? 0 "Client, VRF bind"
  1201. log_start
  1202. run_cmd_nsb nettest -s &
  1203. wait_local_port_listen ${NSB} 12345 tcp
  1204. run_cmd nettest -r ${a} -d ${NSA_DEV}
  1205. log_test_addr ${a} $? 0 "Client, device bind"
  1206. log_start
  1207. show_hint "Should fail 'Connection refused'"
  1208. run_cmd nettest -r ${a} -d ${VRF}
  1209. log_test_addr ${a} $? 1 "No server, VRF client"
  1210. log_start
  1211. show_hint "Should fail 'Connection refused'"
  1212. run_cmd nettest -r ${a} -d ${NSA_DEV}
  1213. log_test_addr ${a} $? 1 "No server, device client"
  1214. done
  1215. for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
  1216. do
  1217. log_start
  1218. run_cmd nettest -s -I ${VRF} -3 ${VRF} &
  1219. wait_local_port_listen ${NSA} 12345 tcp
  1220. run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
  1221. log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
  1222. done
  1223. a=${NSA_IP}
  1224. log_start
  1225. run_cmd nettest -s -I ${VRF} -3 ${VRF} &
  1226. wait_local_port_listen ${NSA} 12345 tcp
  1227. run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
  1228. log_test_addr ${a} $? 0 "VRF server, device client, local connection"
  1229. log_start
  1230. show_hint "Should fail 'No route to host' since client is out of VRF scope"
  1231. run_cmd nettest -s -I ${VRF} &
  1232. wait_local_port_listen ${NSA} 12345 tcp
  1233. run_cmd nettest -r ${a}
  1234. log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
  1235. log_start
  1236. run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  1237. wait_local_port_listen ${NSA} 12345 tcp
  1238. run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
  1239. log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
  1240. log_start
  1241. run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  1242. wait_local_port_listen ${NSA} 12345 tcp
  1243. run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
  1244. log_test_addr ${a} $? 0 "Device server, device client, local connection"
  1245. }
  1246. ipv4_tcp()
  1247. {
  1248. log_section "IPv4/TCP"
  1249. log_subsection "No VRF"
  1250. setup
  1251. # tcp_l3mdev_accept should have no affect without VRF;
  1252. # run tests with it enabled and disabled to verify
  1253. log_subsection "tcp_l3mdev_accept disabled"
  1254. set_sysctl net.ipv4.tcp_l3mdev_accept=0
  1255. ipv4_tcp_novrf
  1256. log_subsection "tcp_l3mdev_accept enabled"
  1257. set_sysctl net.ipv4.tcp_l3mdev_accept=1
  1258. ipv4_tcp_novrf
  1259. log_subsection "With VRF"
  1260. setup "yes"
  1261. ipv4_tcp_vrf
  1262. }
  1263. ################################################################################
  1264. # IPv4 UDP
  1265. ipv4_udp_novrf()
  1266. {
  1267. local a
  1268. #
  1269. # server tests
  1270. #
  1271. for a in ${NSA_IP} ${NSA_LO_IP}
  1272. do
  1273. log_start
  1274. run_cmd nettest -D -s -3 ${NSA_DEV} &
  1275. wait_local_port_listen ${NSA} 12345 udp
  1276. run_cmd_nsb nettest -D -r ${a}
  1277. log_test_addr ${a} $? 0 "Global server"
  1278. log_start
  1279. show_hint "Should fail 'Connection refused' since there is no server"
  1280. run_cmd_nsb nettest -D -r ${a}
  1281. log_test_addr ${a} $? 1 "No server"
  1282. done
  1283. a=${NSA_IP}
  1284. log_start
  1285. run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  1286. wait_local_port_listen ${NSA} 12345 udp
  1287. run_cmd_nsb nettest -D -r ${a}
  1288. log_test_addr ${a} $? 0 "Device server"
  1289. #
  1290. # client
  1291. #
  1292. for a in ${NSB_IP} ${NSB_LO_IP}
  1293. do
  1294. log_start
  1295. run_cmd_nsb nettest -D -s &
  1296. wait_local_port_listen ${NSB} 12345 udp
  1297. run_cmd nettest -D -r ${a} -0 ${NSA_IP}
  1298. log_test_addr ${a} $? 0 "Client"
  1299. log_start
  1300. run_cmd_nsb nettest -D -s &
  1301. wait_local_port_listen ${NSB} 12345 udp
  1302. run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
  1303. log_test_addr ${a} $? 0 "Client, device bind"
  1304. log_start
  1305. run_cmd_nsb nettest -D -s &
  1306. wait_local_port_listen ${NSB} 12345 udp
  1307. run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
  1308. log_test_addr ${a} $? 0 "Client, device send via cmsg"
  1309. log_start
  1310. run_cmd_nsb nettest -D -s &
  1311. wait_local_port_listen ${NSB} 12345 udp
  1312. run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
  1313. log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
  1314. log_start
  1315. run_cmd_nsb nettest -D -s &
  1316. wait_local_port_listen ${NSB} 12345 udp
  1317. run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
  1318. log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF, with connect()"
  1319. log_start
  1320. show_hint "Should fail 'Connection refused'"
  1321. run_cmd nettest -D -r ${a}
  1322. log_test_addr ${a} $? 1 "No server, unbound client"
  1323. log_start
  1324. show_hint "Should fail 'Connection refused'"
  1325. run_cmd nettest -D -r ${a} -d ${NSA_DEV}
  1326. log_test_addr ${a} $? 1 "No server, device client"
  1327. done
  1328. #
  1329. # local address tests
  1330. #
  1331. for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
  1332. do
  1333. log_start
  1334. run_cmd nettest -D -s &
  1335. wait_local_port_listen ${NSA} 12345 udp
  1336. run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
  1337. log_test_addr ${a} $? 0 "Global server, local connection"
  1338. done
  1339. a=${NSA_IP}
  1340. log_start
  1341. run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
  1342. wait_local_port_listen ${NSA} 12345 udp
  1343. run_cmd nettest -D -r ${a}
  1344. log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
  1345. for a in ${NSA_LO_IP} 127.0.0.1
  1346. do
  1347. log_start
  1348. show_hint "Should fail 'Connection refused' since address is out of device scope"
  1349. run_cmd nettest -s -D -I ${NSA_DEV} &
  1350. wait_local_port_listen ${NSA} 12345 udp
  1351. run_cmd nettest -D -r ${a}
  1352. log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
  1353. done
  1354. a=${NSA_IP}
  1355. log_start
  1356. run_cmd nettest -s -D &
  1357. wait_local_port_listen ${NSA} 12345 udp
  1358. run_cmd nettest -D -d ${NSA_DEV} -r ${a}
  1359. log_test_addr ${a} $? 0 "Global server, device client, local connection"
  1360. log_start
  1361. run_cmd nettest -s -D &
  1362. wait_local_port_listen ${NSA} 12345 udp
  1363. run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
  1364. log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
  1365. log_start
  1366. run_cmd nettest -s -D &
  1367. wait_local_port_listen ${NSA} 12345 udp
  1368. run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
  1369. log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
  1370. log_start
  1371. run_cmd nettest -s -D &
  1372. wait_local_port_listen ${NSA} 12345 udp
  1373. run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
  1374. log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
  1375. # IPv4 with device bind has really weird behavior - it overrides the
  1376. # fib lookup, generates an rtable and tries to send the packet. This
  1377. # causes failures for local traffic at different places
  1378. for a in ${NSA_LO_IP} 127.0.0.1
  1379. do
  1380. log_start
  1381. show_hint "Should fail since addresses on loopback are out of device scope"
  1382. run_cmd nettest -D -s &
  1383. wait_local_port_listen ${NSA} 12345 udp
  1384. run_cmd nettest -D -r ${a} -d ${NSA_DEV}
  1385. log_test_addr ${a} $? 2 "Global server, device client, local connection"
  1386. log_start
  1387. show_hint "Should fail since addresses on loopback are out of device scope"
  1388. run_cmd nettest -D -s &
  1389. wait_local_port_listen ${NSA} 12345 udp
  1390. run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
  1391. log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
  1392. log_start
  1393. show_hint "Should fail since addresses on loopback are out of device scope"
  1394. run_cmd nettest -D -s &
  1395. wait_local_port_listen ${NSA} 12345 udp
  1396. run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
  1397. log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
  1398. log_start
  1399. show_hint "Should fail since addresses on loopback are out of device scope"
  1400. run_cmd nettest -D -s &
  1401. wait_local_port_listen ${NSA} 12345 udp
  1402. run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
  1403. log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
  1404. done
  1405. a=${NSA_IP}
  1406. log_start
  1407. run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  1408. wait_local_port_listen ${NSA} 12345 udp
  1409. run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
  1410. log_test_addr ${a} $? 0 "Device server, device client, local conn"
  1411. log_start
  1412. run_cmd nettest -D -d ${NSA_DEV} -r ${a}
  1413. log_test_addr ${a} $? 2 "No server, device client, local conn"
  1414. #
  1415. # Link local connection tests (SO_DONTROUTE).
  1416. # Connections should succeed only when the remote IP address is
  1417. # on link (doesn't need to be routed through a gateway).
  1418. #
  1419. a=${NSB_IP}
  1420. log_start
  1421. do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
  1422. log_test_addr ${a} $? 0 "SO_DONTROUTE client"
  1423. a=${NSB_LO_IP}
  1424. log_start
  1425. show_hint "Should fail 'Network is unreachable' since server is not on link"
  1426. do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
  1427. log_test_addr ${a} $? 1 "SO_DONTROUTE client"
  1428. }
  1429. ipv4_udp_vrf()
  1430. {
  1431. local a
  1432. # disable global server
  1433. log_subsection "Global server disabled"
  1434. set_sysctl net.ipv4.udp_l3mdev_accept=0
  1435. #
  1436. # server tests
  1437. #
  1438. for a in ${NSA_IP} ${VRF_IP}
  1439. do
  1440. log_start
  1441. show_hint "Fails because ingress is in a VRF and global server is disabled"
  1442. run_cmd nettest -D -s &
  1443. wait_local_port_listen ${NSA} 12345 udp
  1444. run_cmd_nsb nettest -D -r ${a}
  1445. log_test_addr ${a} $? 1 "Global server"
  1446. log_start
  1447. run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
  1448. wait_local_port_listen ${NSA} 12345 udp
  1449. run_cmd_nsb nettest -D -r ${a}
  1450. log_test_addr ${a} $? 0 "VRF server"
  1451. log_start
  1452. run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  1453. wait_local_port_listen ${NSA} 12345 udp
  1454. run_cmd_nsb nettest -D -r ${a}
  1455. log_test_addr ${a} $? 0 "Enslaved device server"
  1456. log_start
  1457. show_hint "Should fail 'Connection refused' since there is no server"
  1458. run_cmd_nsb nettest -D -r ${a}
  1459. log_test_addr ${a} $? 1 "No server"
  1460. log_start
  1461. show_hint "Should fail 'Connection refused' since global server is out of scope"
  1462. run_cmd nettest -D -s &
  1463. wait_local_port_listen ${NSA} 12345 udp
  1464. run_cmd nettest -D -d ${VRF} -r ${a}
  1465. log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
  1466. done
  1467. a=${NSA_IP}
  1468. log_start
  1469. run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
  1470. wait_local_port_listen ${NSA} 12345 udp
  1471. run_cmd nettest -D -d ${VRF} -r ${a}
  1472. log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
  1473. log_start
  1474. run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
  1475. wait_local_port_listen ${NSA} 12345 udp
  1476. run_cmd nettest -D -d ${NSA_DEV} -r ${a}
  1477. log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
  1478. a=${NSA_IP}
  1479. log_start
  1480. run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
  1481. wait_local_port_listen ${NSA} 12345 udp
  1482. run_cmd nettest -D -d ${VRF} -r ${a}
  1483. log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
  1484. log_start
  1485. run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
  1486. wait_local_port_listen ${NSA} 12345 udp
  1487. run_cmd nettest -D -d ${NSA_DEV} -r ${a}
  1488. log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
  1489. # enable global server
  1490. log_subsection "Global server enabled"
  1491. set_sysctl net.ipv4.udp_l3mdev_accept=1
  1492. #
  1493. # server tests
  1494. #
  1495. for a in ${NSA_IP} ${VRF_IP}
  1496. do
  1497. log_start
  1498. run_cmd nettest -D -s -3 ${NSA_DEV} &
  1499. wait_local_port_listen ${NSA} 12345 udp
  1500. run_cmd_nsb nettest -D -r ${a}
  1501. log_test_addr ${a} $? 0 "Global server"
  1502. log_start
  1503. run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
  1504. wait_local_port_listen ${NSA} 12345 udp
  1505. run_cmd_nsb nettest -D -r ${a}
  1506. log_test_addr ${a} $? 0 "VRF server"
  1507. log_start
  1508. run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  1509. wait_local_port_listen ${NSA} 12345 udp
  1510. run_cmd_nsb nettest -D -r ${a}
  1511. log_test_addr ${a} $? 0 "Enslaved device server"
  1512. log_start
  1513. show_hint "Should fail 'Connection refused'"
  1514. run_cmd_nsb nettest -D -r ${a}
  1515. log_test_addr ${a} $? 1 "No server"
  1516. done
  1517. #
  1518. # client tests
  1519. #
  1520. log_start
  1521. run_cmd_nsb nettest -D -s &
  1522. wait_local_port_listen ${NSB} 12345 udp
  1523. run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
  1524. log_test $? 0 "VRF client"
  1525. log_start
  1526. run_cmd_nsb nettest -D -s &
  1527. wait_local_port_listen ${NSB} 12345 udp
  1528. run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
  1529. log_test $? 0 "Enslaved device client"
  1530. # negative test - should fail
  1531. log_start
  1532. show_hint "Should fail 'Connection refused'"
  1533. run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
  1534. log_test $? 1 "No server, VRF client"
  1535. log_start
  1536. show_hint "Should fail 'Connection refused'"
  1537. run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
  1538. log_test $? 1 "No server, enslaved device client"
  1539. #
  1540. # local address tests
  1541. #
  1542. a=${NSA_IP}
  1543. log_start
  1544. run_cmd nettest -D -s -3 ${NSA_DEV} &
  1545. wait_local_port_listen ${NSA} 12345 udp
  1546. run_cmd nettest -D -d ${VRF} -r ${a}
  1547. log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
  1548. log_start
  1549. run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
  1550. wait_local_port_listen ${NSA} 12345 udp
  1551. run_cmd nettest -D -d ${VRF} -r ${a}
  1552. log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
  1553. log_start
  1554. run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
  1555. wait_local_port_listen ${NSA} 12345 udp
  1556. run_cmd nettest -D -d ${NSA_DEV} -r ${a}
  1557. log_test_addr ${a} $? 0 "VRF server, device client, local conn"
  1558. log_start
  1559. run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
  1560. wait_local_port_listen ${NSA} 12345 udp
  1561. run_cmd nettest -D -d ${VRF} -r ${a}
  1562. log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
  1563. log_start
  1564. run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
  1565. wait_local_port_listen ${NSA} 12345 udp
  1566. run_cmd nettest -D -d ${NSA_DEV} -r ${a}
  1567. log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
  1568. for a in ${VRF_IP} 127.0.0.1
  1569. do
  1570. log_start
  1571. run_cmd nettest -D -s -3 ${VRF} &
  1572. wait_local_port_listen ${NSA} 12345 udp
  1573. run_cmd nettest -D -d ${VRF} -r ${a}
  1574. log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
  1575. done
  1576. for a in ${VRF_IP} 127.0.0.1
  1577. do
  1578. log_start
  1579. run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
  1580. wait_local_port_listen ${NSA} 12345 udp
  1581. run_cmd nettest -D -d ${VRF} -r ${a}
  1582. log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
  1583. done
  1584. # negative test - should fail
  1585. # verifies ECONNREFUSED
  1586. for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
  1587. do
  1588. log_start
  1589. show_hint "Should fail 'Connection refused'"
  1590. run_cmd nettest -D -d ${VRF} -r ${a}
  1591. log_test_addr ${a} $? 1 "No server, VRF client, local conn"
  1592. done
  1593. }
  1594. ipv4_udp()
  1595. {
  1596. log_section "IPv4/UDP"
  1597. log_subsection "No VRF"
  1598. setup
  1599. # udp_l3mdev_accept should have no affect without VRF;
  1600. # run tests with it enabled and disabled to verify
  1601. log_subsection "udp_l3mdev_accept disabled"
  1602. set_sysctl net.ipv4.udp_l3mdev_accept=0
  1603. ipv4_udp_novrf
  1604. log_subsection "udp_l3mdev_accept enabled"
  1605. set_sysctl net.ipv4.udp_l3mdev_accept=1
  1606. ipv4_udp_novrf
  1607. log_subsection "With VRF"
  1608. setup "yes"
  1609. ipv4_udp_vrf
  1610. }
  1611. ################################################################################
  1612. # IPv4 address bind
  1613. #
  1614. # verifies ability or inability to bind to an address / device
  1615. ipv4_addr_bind_novrf()
  1616. {
  1617. #
  1618. # raw socket
  1619. #
  1620. for a in ${NSA_IP} ${NSA_LO_IP}
  1621. do
  1622. log_start
  1623. run_cmd nettest -s -R -P icmp -l ${a} -b
  1624. log_test_addr ${a} $? 0 "Raw socket bind to local address"
  1625. log_start
  1626. run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
  1627. log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
  1628. done
  1629. #
  1630. # tests for nonlocal bind
  1631. #
  1632. a=${NL_IP}
  1633. log_start
  1634. run_cmd nettest -s -R -f -l ${a} -b
  1635. log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
  1636. log_start
  1637. run_cmd nettest -s -f -l ${a} -b
  1638. log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address"
  1639. log_start
  1640. run_cmd nettest -s -D -P icmp -f -l ${a} -b
  1641. log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address"
  1642. #
  1643. # check that ICMP sockets cannot bind to broadcast and multicast addresses
  1644. #
  1645. a=${BCAST_IP}
  1646. log_start
  1647. run_cmd nettest -s -D -P icmp -l ${a} -b
  1648. log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
  1649. a=${MCAST_IP}
  1650. log_start
  1651. run_cmd nettest -s -D -P icmp -l ${a} -b
  1652. log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
  1653. #
  1654. # tcp sockets
  1655. #
  1656. a=${NSA_IP}
  1657. log_start
  1658. run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
  1659. log_test_addr ${a} $? 0 "TCP socket bind to local address"
  1660. log_start
  1661. run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
  1662. log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
  1663. # Sadly, the kernel allows binding a socket to a device and then
  1664. # binding to an address not on the device. The only restriction
  1665. # is that the address is valid in the L3 domain. So this test
  1666. # passes when it really should not
  1667. #a=${NSA_LO_IP}
  1668. #log_start
  1669. #show_hint "Should fail with 'Cannot assign requested address'"
  1670. #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
  1671. #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
  1672. }
  1673. ipv4_addr_bind_vrf()
  1674. {
  1675. #
  1676. # raw socket
  1677. #
  1678. for a in ${NSA_IP} ${VRF_IP}
  1679. do
  1680. log_start
  1681. show_hint "Socket not bound to VRF, but address is in VRF"
  1682. run_cmd nettest -s -R -P icmp -l ${a} -b
  1683. log_test_addr ${a} $? 1 "Raw socket bind to local address"
  1684. log_start
  1685. run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
  1686. log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
  1687. log_start
  1688. run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
  1689. log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
  1690. done
  1691. a=${NSA_LO_IP}
  1692. log_start
  1693. show_hint "Address on loopback is out of VRF scope"
  1694. run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
  1695. log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
  1696. #
  1697. # tests for nonlocal bind
  1698. #
  1699. a=${NL_IP}
  1700. log_start
  1701. run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
  1702. log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
  1703. log_start
  1704. run_cmd nettest -s -f -l ${a} -I ${VRF} -b
  1705. log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address after VRF bind"
  1706. log_start
  1707. run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
  1708. log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address after VRF bind"
  1709. #
  1710. # check that ICMP sockets cannot bind to broadcast and multicast addresses
  1711. #
  1712. a=${BCAST_IP}
  1713. log_start
  1714. run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
  1715. log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
  1716. a=${MCAST_IP}
  1717. log_start
  1718. run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
  1719. log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
  1720. #
  1721. # tcp sockets
  1722. #
  1723. for a in ${NSA_IP} ${VRF_IP}
  1724. do
  1725. log_start
  1726. run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
  1727. log_test_addr ${a} $? 0 "TCP socket bind to local address"
  1728. log_start
  1729. run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
  1730. log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
  1731. done
  1732. a=${NSA_LO_IP}
  1733. log_start
  1734. show_hint "Address on loopback out of scope for VRF"
  1735. run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
  1736. log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
  1737. log_start
  1738. show_hint "Address on loopback out of scope for device in VRF"
  1739. run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
  1740. log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
  1741. }
  1742. ipv4_addr_bind()
  1743. {
  1744. log_section "IPv4 address binds"
  1745. log_subsection "No VRF"
  1746. setup
  1747. set_ping_group
  1748. ipv4_addr_bind_novrf
  1749. log_subsection "With VRF"
  1750. setup "yes"
  1751. set_ping_group
  1752. ipv4_addr_bind_vrf
  1753. }
  1754. ################################################################################
  1755. # IPv4 runtime tests
  1756. ipv4_rt()
  1757. {
  1758. local desc="$1"
  1759. local varg="$2"
  1760. local with_vrf="yes"
  1761. local a
  1762. #
  1763. # server tests
  1764. #
  1765. for a in ${NSA_IP} ${VRF_IP}
  1766. do
  1767. log_start
  1768. run_cmd nettest ${varg} -s &
  1769. wait_local_port_listen ${NSA} 12345 tcp
  1770. run_cmd_nsb nettest ${varg} -r ${a} &
  1771. sleep 3
  1772. run_cmd ip link del ${VRF}
  1773. sleep 1
  1774. log_test_addr ${a} 0 0 "${desc}, global server"
  1775. setup ${with_vrf}
  1776. done
  1777. for a in ${NSA_IP} ${VRF_IP}
  1778. do
  1779. log_start
  1780. run_cmd nettest ${varg} -s -I ${VRF} &
  1781. wait_local_port_listen ${NSA} 12345 tcp
  1782. run_cmd_nsb nettest ${varg} -r ${a} &
  1783. sleep 3
  1784. run_cmd ip link del ${VRF}
  1785. sleep 1
  1786. log_test_addr ${a} 0 0 "${desc}, VRF server"
  1787. setup ${with_vrf}
  1788. done
  1789. a=${NSA_IP}
  1790. log_start
  1791. run_cmd nettest ${varg} -s -I ${NSA_DEV} &
  1792. wait_local_port_listen ${NSA} 12345 tcp
  1793. run_cmd_nsb nettest ${varg} -r ${a} &
  1794. sleep 3
  1795. run_cmd ip link del ${VRF}
  1796. sleep 1
  1797. log_test_addr ${a} 0 0 "${desc}, enslaved device server"
  1798. setup ${with_vrf}
  1799. #
  1800. # client test
  1801. #
  1802. log_start
  1803. run_cmd_nsb nettest ${varg} -s &
  1804. wait_local_port_listen ${NSB} 12345 tcp
  1805. run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
  1806. sleep 3
  1807. run_cmd ip link del ${VRF}
  1808. sleep 1
  1809. log_test_addr ${a} 0 0 "${desc}, VRF client"
  1810. setup ${with_vrf}
  1811. log_start
  1812. run_cmd_nsb nettest ${varg} -s &
  1813. wait_local_port_listen ${NSB} 12345 tcp
  1814. run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
  1815. sleep 3
  1816. run_cmd ip link del ${VRF}
  1817. sleep 1
  1818. log_test_addr ${a} 0 0 "${desc}, enslaved device client"
  1819. setup ${with_vrf}
  1820. #
  1821. # local address tests
  1822. #
  1823. for a in ${NSA_IP} ${VRF_IP}
  1824. do
  1825. log_start
  1826. run_cmd nettest ${varg} -s &
  1827. wait_local_port_listen ${NSA} 12345 tcp
  1828. run_cmd nettest ${varg} -d ${VRF} -r ${a} &
  1829. sleep 3
  1830. run_cmd ip link del ${VRF}
  1831. sleep 1
  1832. log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
  1833. setup ${with_vrf}
  1834. done
  1835. for a in ${NSA_IP} ${VRF_IP}
  1836. do
  1837. log_start
  1838. run_cmd nettest ${varg} -I ${VRF} -s &
  1839. wait_local_port_listen ${NSA} 12345 tcp
  1840. run_cmd nettest ${varg} -d ${VRF} -r ${a} &
  1841. sleep 3
  1842. run_cmd ip link del ${VRF}
  1843. sleep 1
  1844. log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
  1845. setup ${with_vrf}
  1846. done
  1847. a=${NSA_IP}
  1848. log_start
  1849. run_cmd nettest ${varg} -s &
  1850. wait_local_port_listen ${NSA} 12345 tcp
  1851. run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
  1852. sleep 3
  1853. run_cmd ip link del ${VRF}
  1854. sleep 1
  1855. log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
  1856. setup ${with_vrf}
  1857. log_start
  1858. run_cmd nettest ${varg} -I ${VRF} -s &
  1859. wait_local_port_listen ${NSA} 12345 tcp
  1860. run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
  1861. sleep 3
  1862. run_cmd ip link del ${VRF}
  1863. sleep 1
  1864. log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
  1865. setup ${with_vrf}
  1866. log_start
  1867. run_cmd nettest ${varg} -I ${NSA_DEV} -s &
  1868. wait_local_port_listen ${NSA} 12345 tcp
  1869. run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
  1870. sleep 3
  1871. run_cmd ip link del ${VRF}
  1872. sleep 1
  1873. log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
  1874. }
  1875. ipv4_ping_rt()
  1876. {
  1877. local with_vrf="yes"
  1878. local a
  1879. for a in ${NSA_IP} ${VRF_IP}
  1880. do
  1881. log_start
  1882. run_cmd_nsb ping -f ${a} &
  1883. sleep 3
  1884. run_cmd ip link del ${VRF}
  1885. sleep 1
  1886. log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
  1887. setup ${with_vrf}
  1888. done
  1889. a=${NSB_IP}
  1890. log_start
  1891. run_cmd ping -f -I ${VRF} ${a} &
  1892. sleep 3
  1893. run_cmd ip link del ${VRF}
  1894. sleep 1
  1895. log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
  1896. }
  1897. ipv4_runtime()
  1898. {
  1899. log_section "Run time tests - ipv4"
  1900. setup "yes"
  1901. ipv4_ping_rt
  1902. setup "yes"
  1903. ipv4_rt "TCP active socket" "-n -1"
  1904. setup "yes"
  1905. ipv4_rt "TCP passive socket" "-i"
  1906. }
  1907. ################################################################################
  1908. # IPv6
  1909. ipv6_ping_novrf()
  1910. {
  1911. local a
  1912. # should not have an impact, but make a known state
  1913. set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
  1914. #
  1915. # out
  1916. #
  1917. for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
  1918. do
  1919. log_start
  1920. run_cmd ${ping6} -c1 -w1 ${a}
  1921. log_test_addr ${a} $? 0 "ping out"
  1922. done
  1923. for a in ${NSB_IP6} ${NSB_LO_IP6}
  1924. do
  1925. log_start
  1926. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  1927. log_test_addr ${a} $? 0 "ping out, device bind"
  1928. log_start
  1929. run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
  1930. log_test_addr ${a} $? 0 "ping out, loopback address bind"
  1931. done
  1932. #
  1933. # in
  1934. #
  1935. for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
  1936. do
  1937. log_start
  1938. run_cmd_nsb ${ping6} -c1 -w1 ${a}
  1939. log_test_addr ${a} $? 0 "ping in"
  1940. done
  1941. #
  1942. # local traffic, local address
  1943. #
  1944. for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
  1945. do
  1946. log_start
  1947. run_cmd ${ping6} -c1 -w1 ${a}
  1948. log_test_addr ${a} $? 0 "ping local, no bind"
  1949. done
  1950. for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
  1951. do
  1952. log_start
  1953. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  1954. log_test_addr ${a} $? 0 "ping local, device bind"
  1955. done
  1956. for a in ${NSA_LO_IP6} ::1
  1957. do
  1958. log_start
  1959. show_hint "Fails since address on loopback is out of device scope"
  1960. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  1961. log_test_addr ${a} $? 2 "ping local, device bind"
  1962. done
  1963. for a in ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${NSA_IP6}
  1964. do
  1965. log_start
  1966. run_cmd ${ping6} -c1 -w1 -I ::1 ${a}
  1967. log_test_addr ${a} $? 0 "ping local, from localhost"
  1968. done
  1969. #
  1970. # ip rule blocks address
  1971. #
  1972. log_start
  1973. setup_cmd ip -6 rule add pref 32765 from all lookup local
  1974. setup_cmd ip -6 rule del pref 0 from all lookup local
  1975. setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
  1976. setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
  1977. a=${NSB_LO_IP6}
  1978. run_cmd ${ping6} -c1 -w1 ${a}
  1979. log_test_addr ${a} $? 2 "ping out, blocked by rule"
  1980. log_start
  1981. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  1982. log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
  1983. a=${NSA_LO_IP6}
  1984. log_start
  1985. show_hint "Response lost due to ip rule"
  1986. run_cmd_nsb ${ping6} -c1 -w1 ${a}
  1987. log_test_addr ${a} $? 1 "ping in, blocked by rule"
  1988. setup_cmd ip -6 rule add pref 0 from all lookup local
  1989. setup_cmd ip -6 rule del pref 32765 from all lookup local
  1990. setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
  1991. setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
  1992. #
  1993. # route blocks reachability to remote address
  1994. #
  1995. log_start
  1996. setup_cmd ip -6 route del ${NSB_LO_IP6}
  1997. setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
  1998. setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
  1999. a=${NSB_LO_IP6}
  2000. run_cmd ${ping6} -c1 -w1 ${a}
  2001. log_test_addr ${a} $? 2 "ping out, blocked by route"
  2002. log_start
  2003. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  2004. log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
  2005. a=${NSA_LO_IP6}
  2006. log_start
  2007. show_hint "Response lost due to ip route"
  2008. run_cmd_nsb ${ping6} -c1 -w1 ${a}
  2009. log_test_addr ${a} $? 1 "ping in, blocked by route"
  2010. #
  2011. # remove 'remote' routes; fallback to default
  2012. #
  2013. log_start
  2014. setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
  2015. setup_cmd ip -6 ro del unreachable ${NSB_IP6}
  2016. a=${NSB_LO_IP6}
  2017. run_cmd ${ping6} -c1 -w1 ${a}
  2018. log_test_addr ${a} $? 2 "ping out, unreachable route"
  2019. log_start
  2020. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  2021. log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
  2022. }
  2023. ipv6_ping_vrf()
  2024. {
  2025. local a
  2026. # should default on; does not exist on older kernels
  2027. set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
  2028. #
  2029. # out
  2030. #
  2031. for a in ${NSB_IP6} ${NSB_LO_IP6}
  2032. do
  2033. log_start
  2034. run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
  2035. log_test_addr ${a} $? 0 "ping out, VRF bind"
  2036. done
  2037. for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
  2038. do
  2039. log_start
  2040. show_hint "Fails since VRF device does not support linklocal or multicast"
  2041. run_cmd ${ping6} -c1 -w1 ${a}
  2042. log_test_addr ${a} $? 1 "ping out, VRF bind"
  2043. done
  2044. for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
  2045. do
  2046. log_start
  2047. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  2048. log_test_addr ${a} $? 0 "ping out, device bind"
  2049. done
  2050. for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
  2051. do
  2052. log_start
  2053. run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
  2054. log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
  2055. done
  2056. #
  2057. # in
  2058. #
  2059. for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
  2060. do
  2061. log_start
  2062. run_cmd_nsb ${ping6} -c1 -w1 ${a}
  2063. log_test_addr ${a} $? 0 "ping in"
  2064. done
  2065. a=${NSA_LO_IP6}
  2066. log_start
  2067. show_hint "Fails since loopback address is out of VRF scope"
  2068. run_cmd_nsb ${ping6} -c1 -w1 ${a}
  2069. log_test_addr ${a} $? 1 "ping in"
  2070. #
  2071. # local traffic, local address
  2072. #
  2073. for a in ${NSA_IP6} ${VRF_IP6} ::1
  2074. do
  2075. log_start
  2076. show_hint "Source address should be ${a}"
  2077. run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
  2078. log_test_addr ${a} $? 0 "ping local, VRF bind"
  2079. done
  2080. for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
  2081. do
  2082. log_start
  2083. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  2084. log_test_addr ${a} $? 0 "ping local, device bind"
  2085. done
  2086. # LLA to GUA - remove ipv6 global addresses from ns-B
  2087. setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
  2088. setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
  2089. setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
  2090. for a in ${NSA_IP6} ${VRF_IP6}
  2091. do
  2092. log_start
  2093. run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
  2094. log_test_addr ${a} $? 0 "ping in, LLA to GUA"
  2095. done
  2096. setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
  2097. setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
  2098. setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
  2099. #
  2100. # ip rule blocks address
  2101. #
  2102. log_start
  2103. setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
  2104. setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
  2105. a=${NSB_LO_IP6}
  2106. run_cmd ${ping6} -c1 -w1 ${a}
  2107. log_test_addr ${a} $? 2 "ping out, blocked by rule"
  2108. log_start
  2109. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  2110. log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
  2111. a=${NSA_LO_IP6}
  2112. log_start
  2113. show_hint "Response lost due to ip rule"
  2114. run_cmd_nsb ${ping6} -c1 -w1 ${a}
  2115. log_test_addr ${a} $? 1 "ping in, blocked by rule"
  2116. log_start
  2117. setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
  2118. setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
  2119. #
  2120. # remove 'remote' routes; fallback to default
  2121. #
  2122. log_start
  2123. setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
  2124. a=${NSB_LO_IP6}
  2125. run_cmd ${ping6} -c1 -w1 ${a}
  2126. log_test_addr ${a} $? 2 "ping out, unreachable route"
  2127. log_start
  2128. run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
  2129. log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
  2130. ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
  2131. a=${NSA_LO_IP6}
  2132. log_start
  2133. run_cmd_nsb ${ping6} -c1 -w1 ${a}
  2134. log_test_addr ${a} $? 2 "ping in, unreachable route"
  2135. }
  2136. ipv6_ping()
  2137. {
  2138. log_section "IPv6 ping"
  2139. log_subsection "No VRF"
  2140. setup
  2141. ipv6_ping_novrf
  2142. setup
  2143. set_ping_group
  2144. ipv6_ping_novrf
  2145. log_subsection "With VRF"
  2146. setup "yes"
  2147. ipv6_ping_vrf
  2148. setup "yes"
  2149. set_ping_group
  2150. ipv6_ping_vrf
  2151. }
  2152. ################################################################################
  2153. # IPv6 TCP
  2154. #
  2155. # MD5 tests without VRF
  2156. #
  2157. ipv6_tcp_md5_novrf()
  2158. {
  2159. #
  2160. # single address
  2161. #
  2162. # basic use case
  2163. log_start
  2164. run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
  2165. wait_local_port_listen ${NSA} 12345 tcp
  2166. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2167. log_test $? 0 "MD5: Single address config"
  2168. # client sends MD5, server not configured
  2169. log_start
  2170. show_hint "Should timeout due to MD5 mismatch"
  2171. run_cmd nettest -6 -s &
  2172. wait_local_port_listen ${NSA} 12345 tcp
  2173. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2174. log_test $? 2 "MD5: Server no config, client uses password"
  2175. # wrong password
  2176. log_start
  2177. show_hint "Should timeout since client uses wrong password"
  2178. run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
  2179. wait_local_port_listen ${NSA} 12345 tcp
  2180. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
  2181. log_test $? 2 "MD5: Client uses wrong password"
  2182. # client from different address
  2183. log_start
  2184. show_hint "Should timeout due to MD5 mismatch"
  2185. run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
  2186. wait_local_port_listen ${NSA} 12345 tcp
  2187. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2188. log_test $? 2 "MD5: Client address does not match address configured with password"
  2189. #
  2190. # MD5 extension - prefix length
  2191. #
  2192. # client in prefix
  2193. log_start
  2194. run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
  2195. wait_local_port_listen ${NSA} 12345 tcp
  2196. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2197. log_test $? 0 "MD5: Prefix config"
  2198. # client in prefix, wrong password
  2199. log_start
  2200. show_hint "Should timeout since client uses wrong password"
  2201. run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
  2202. wait_local_port_listen ${NSA} 12345 tcp
  2203. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
  2204. log_test $? 2 "MD5: Prefix config, client uses wrong password"
  2205. # client outside of prefix
  2206. log_start
  2207. show_hint "Should timeout due to MD5 mismatch"
  2208. run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
  2209. wait_local_port_listen ${NSA} 12345 tcp
  2210. run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
  2211. log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
  2212. }
  2213. #
  2214. # MD5 tests with VRF
  2215. #
  2216. ipv6_tcp_md5()
  2217. {
  2218. #
  2219. # single address
  2220. #
  2221. # basic use case
  2222. log_start
  2223. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
  2224. wait_local_port_listen ${NSA} 12345 tcp
  2225. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2226. log_test $? 0 "MD5: VRF: Single address config"
  2227. # client sends MD5, server not configured
  2228. log_start
  2229. show_hint "Should timeout since server does not have MD5 auth"
  2230. run_cmd nettest -6 -s -I ${VRF} &
  2231. wait_local_port_listen ${NSA} 12345 tcp
  2232. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2233. log_test $? 2 "MD5: VRF: Server no config, client uses password"
  2234. # wrong password
  2235. log_start
  2236. show_hint "Should timeout since client uses wrong password"
  2237. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
  2238. wait_local_port_listen ${NSA} 12345 tcp
  2239. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
  2240. log_test $? 2 "MD5: VRF: Client uses wrong password"
  2241. # client from different address
  2242. log_start
  2243. show_hint "Should timeout since server config differs from client"
  2244. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
  2245. wait_local_port_listen ${NSA} 12345 tcp
  2246. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2247. log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
  2248. #
  2249. # MD5 extension - prefix length
  2250. #
  2251. # client in prefix
  2252. log_start
  2253. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
  2254. wait_local_port_listen ${NSA} 12345 tcp
  2255. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2256. log_test $? 0 "MD5: VRF: Prefix config"
  2257. # client in prefix, wrong password
  2258. log_start
  2259. show_hint "Should timeout since client uses wrong password"
  2260. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
  2261. wait_local_port_listen ${NSA} 12345 tcp
  2262. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
  2263. log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
  2264. # client outside of prefix
  2265. log_start
  2266. show_hint "Should timeout since client address is outside of prefix"
  2267. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
  2268. wait_local_port_listen ${NSA} 12345 tcp
  2269. run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
  2270. log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
  2271. #
  2272. # duplicate config between default VRF and a VRF
  2273. #
  2274. log_start
  2275. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
  2276. run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
  2277. wait_local_port_listen ${NSA} 12345 tcp
  2278. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2279. log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
  2280. log_start
  2281. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
  2282. run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
  2283. wait_local_port_listen ${NSA} 12345 tcp
  2284. run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
  2285. log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
  2286. log_start
  2287. show_hint "Should timeout since client in default VRF uses VRF password"
  2288. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
  2289. run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
  2290. wait_local_port_listen ${NSA} 12345 tcp
  2291. run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2292. log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
  2293. log_start
  2294. show_hint "Should timeout since client in VRF uses default VRF password"
  2295. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
  2296. run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
  2297. wait_local_port_listen ${NSA} 12345 tcp
  2298. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
  2299. log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
  2300. log_start
  2301. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
  2302. run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
  2303. wait_local_port_listen ${NSA} 12345 tcp
  2304. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2305. log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
  2306. log_start
  2307. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
  2308. run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
  2309. wait_local_port_listen ${NSA} 12345 tcp
  2310. run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
  2311. log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
  2312. log_start
  2313. show_hint "Should timeout since client in default VRF uses VRF password"
  2314. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
  2315. run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
  2316. wait_local_port_listen ${NSA} 12345 tcp
  2317. run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
  2318. log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
  2319. log_start
  2320. show_hint "Should timeout since client in VRF uses default VRF password"
  2321. run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
  2322. run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
  2323. wait_local_port_listen ${NSA} 12345 tcp
  2324. run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
  2325. log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
  2326. #
  2327. # negative tests
  2328. #
  2329. log_start
  2330. run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
  2331. log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
  2332. log_start
  2333. run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
  2334. log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
  2335. }
  2336. ipv6_tcp_novrf()
  2337. {
  2338. local a
  2339. #
  2340. # server tests
  2341. #
  2342. for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
  2343. do
  2344. log_start
  2345. run_cmd nettest -6 -s &
  2346. wait_local_port_listen ${NSA} 12345 tcp
  2347. run_cmd_nsb nettest -6 -r ${a}
  2348. log_test_addr ${a} $? 0 "Global server"
  2349. done
  2350. # verify TCP reset received
  2351. for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
  2352. do
  2353. log_start
  2354. show_hint "Should fail 'Connection refused'"
  2355. run_cmd_nsb nettest -6 -r ${a}
  2356. log_test_addr ${a} $? 1 "No server"
  2357. done
  2358. #
  2359. # client
  2360. #
  2361. for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
  2362. do
  2363. log_start
  2364. run_cmd_nsb nettest -6 -s &
  2365. wait_local_port_listen ${NSB} 12345 tcp
  2366. run_cmd nettest -6 -r ${a}
  2367. log_test_addr ${a} $? 0 "Client"
  2368. done
  2369. for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
  2370. do
  2371. log_start
  2372. run_cmd_nsb nettest -6 -s &
  2373. wait_local_port_listen ${NSB} 12345 tcp
  2374. run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
  2375. log_test_addr ${a} $? 0 "Client, device bind"
  2376. done
  2377. for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
  2378. do
  2379. log_start
  2380. show_hint "Should fail 'Connection refused'"
  2381. run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
  2382. log_test_addr ${a} $? 1 "No server, device client"
  2383. done
  2384. #
  2385. # local address tests
  2386. #
  2387. for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
  2388. do
  2389. log_start
  2390. run_cmd nettest -6 -s &
  2391. wait_local_port_listen ${NSA} 12345 tcp
  2392. run_cmd nettest -6 -r ${a}
  2393. log_test_addr ${a} $? 0 "Global server, local connection"
  2394. done
  2395. a=${NSA_IP6}
  2396. log_start
  2397. run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  2398. wait_local_port_listen ${NSA} 12345 tcp
  2399. run_cmd nettest -6 -r ${a} -0 ${a}
  2400. log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
  2401. for a in ${NSA_LO_IP6} ::1
  2402. do
  2403. log_start
  2404. show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
  2405. run_cmd nettest -6 -s -I ${NSA_DEV} &
  2406. wait_local_port_listen ${NSA} 12345 tcp
  2407. run_cmd nettest -6 -r ${a}
  2408. log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
  2409. done
  2410. a=${NSA_IP6}
  2411. log_start
  2412. run_cmd nettest -6 -s &
  2413. wait_local_port_listen ${NSA} 12345 tcp
  2414. run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
  2415. log_test_addr ${a} $? 0 "Global server, device client, local connection"
  2416. for a in ${NSA_LO_IP6} ::1
  2417. do
  2418. log_start
  2419. show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
  2420. run_cmd nettest -6 -s &
  2421. wait_local_port_listen ${NSA} 12345 tcp
  2422. run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
  2423. log_test_addr ${a} $? 1 "Global server, device client, local connection"
  2424. done
  2425. for a in ${NSA_IP6} ${NSA_LINKIP6}
  2426. do
  2427. log_start
  2428. run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  2429. wait_local_port_listen ${NSA} 12345 tcp
  2430. run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
  2431. log_test_addr ${a} $? 0 "Device server, device client, local conn"
  2432. done
  2433. for a in ${NSA_IP6} ${NSA_LINKIP6}
  2434. do
  2435. log_start
  2436. show_hint "Should fail 'Connection refused'"
  2437. run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
  2438. log_test_addr ${a} $? 1 "No server, device client, local conn"
  2439. done
  2440. [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf
  2441. }
  2442. ipv6_tcp_vrf()
  2443. {
  2444. local a
  2445. # disable global server
  2446. log_subsection "Global server disabled"
  2447. set_sysctl net.ipv4.tcp_l3mdev_accept=0
  2448. #
  2449. # server tests
  2450. #
  2451. for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
  2452. do
  2453. log_start
  2454. show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
  2455. run_cmd nettest -6 -s &
  2456. wait_local_port_listen ${NSA} 12345 tcp
  2457. run_cmd_nsb nettest -6 -r ${a}
  2458. log_test_addr ${a} $? 1 "Global server"
  2459. done
  2460. for a in ${NSA_IP6} ${VRF_IP6}
  2461. do
  2462. log_start
  2463. run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
  2464. wait_local_port_listen ${NSA} 12345 tcp
  2465. run_cmd_nsb nettest -6 -r ${a}
  2466. log_test_addr ${a} $? 0 "VRF server"
  2467. done
  2468. # link local is always bound to ingress device
  2469. a=${NSA_LINKIP6}%${NSB_DEV}
  2470. log_start
  2471. run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
  2472. wait_local_port_listen ${NSA} 12345 tcp
  2473. run_cmd_nsb nettest -6 -r ${a}
  2474. log_test_addr ${a} $? 0 "VRF server"
  2475. for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
  2476. do
  2477. log_start
  2478. run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  2479. wait_local_port_listen ${NSA} 12345 tcp
  2480. run_cmd_nsb nettest -6 -r ${a}
  2481. log_test_addr ${a} $? 0 "Device server"
  2482. done
  2483. # verify TCP reset received
  2484. for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
  2485. do
  2486. log_start
  2487. show_hint "Should fail 'Connection refused'"
  2488. run_cmd_nsb nettest -6 -r ${a}
  2489. log_test_addr ${a} $? 1 "No server"
  2490. done
  2491. # local address tests
  2492. a=${NSA_IP6}
  2493. log_start
  2494. show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
  2495. run_cmd nettest -6 -s &
  2496. wait_local_port_listen ${NSA} 12345 tcp
  2497. run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
  2498. log_test_addr ${a} $? 1 "Global server, local connection"
  2499. # run MD5 tests
  2500. if [ "$fips_enabled" = "0" ]; then
  2501. setup_vrf_dup
  2502. ipv6_tcp_md5
  2503. cleanup_vrf_dup
  2504. fi
  2505. #
  2506. # enable VRF global server
  2507. #
  2508. log_subsection "VRF Global server enabled"
  2509. set_sysctl net.ipv4.tcp_l3mdev_accept=1
  2510. for a in ${NSA_IP6} ${VRF_IP6}
  2511. do
  2512. log_start
  2513. run_cmd nettest -6 -s -3 ${VRF} &
  2514. wait_local_port_listen ${NSA} 12345 tcp
  2515. run_cmd_nsb nettest -6 -r ${a}
  2516. log_test_addr ${a} $? 0 "Global server"
  2517. done
  2518. for a in ${NSA_IP6} ${VRF_IP6}
  2519. do
  2520. log_start
  2521. run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
  2522. wait_local_port_listen ${NSA} 12345 tcp
  2523. run_cmd_nsb nettest -6 -r ${a}
  2524. log_test_addr ${a} $? 0 "VRF server"
  2525. done
  2526. # For LLA, child socket is bound to device
  2527. a=${NSA_LINKIP6}%${NSB_DEV}
  2528. log_start
  2529. run_cmd nettest -6 -s -3 ${NSA_DEV} &
  2530. wait_local_port_listen ${NSA} 12345 tcp
  2531. run_cmd_nsb nettest -6 -r ${a}
  2532. log_test_addr ${a} $? 0 "Global server"
  2533. log_start
  2534. run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
  2535. wait_local_port_listen ${NSA} 12345 tcp
  2536. run_cmd_nsb nettest -6 -r ${a}
  2537. log_test_addr ${a} $? 0 "VRF server"
  2538. for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
  2539. do
  2540. log_start
  2541. run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  2542. wait_local_port_listen ${NSA} 12345 tcp
  2543. run_cmd_nsb nettest -6 -r ${a}
  2544. log_test_addr ${a} $? 0 "Device server"
  2545. done
  2546. # verify TCP reset received
  2547. for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
  2548. do
  2549. log_start
  2550. show_hint "Should fail 'Connection refused'"
  2551. run_cmd_nsb nettest -6 -r ${a}
  2552. log_test_addr ${a} $? 1 "No server"
  2553. done
  2554. # local address tests
  2555. for a in ${NSA_IP6} ${VRF_IP6}
  2556. do
  2557. log_start
  2558. show_hint "Fails 'Connection refused' since client is not in VRF"
  2559. run_cmd nettest -6 -s -I ${VRF} &
  2560. wait_local_port_listen ${NSA} 12345 tcp
  2561. run_cmd nettest -6 -r ${a}
  2562. log_test_addr ${a} $? 1 "Global server, local connection"
  2563. done
  2564. #
  2565. # client
  2566. #
  2567. for a in ${NSB_IP6} ${NSB_LO_IP6}
  2568. do
  2569. log_start
  2570. run_cmd_nsb nettest -6 -s &
  2571. wait_local_port_listen ${NSB} 12345 tcp
  2572. run_cmd nettest -6 -r ${a} -d ${VRF}
  2573. log_test_addr ${a} $? 0 "Client, VRF bind"
  2574. done
  2575. a=${NSB_LINKIP6}
  2576. log_start
  2577. show_hint "Fails since VRF device does not allow linklocal addresses"
  2578. run_cmd_nsb nettest -6 -s &
  2579. wait_local_port_listen ${NSB} 12345 tcp
  2580. run_cmd nettest -6 -r ${a} -d ${VRF}
  2581. log_test_addr ${a} $? 1 "Client, VRF bind"
  2582. for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
  2583. do
  2584. log_start
  2585. run_cmd_nsb nettest -6 -s &
  2586. wait_local_port_listen ${NSB} 12345 tcp
  2587. run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
  2588. log_test_addr ${a} $? 0 "Client, device bind"
  2589. done
  2590. for a in ${NSB_IP6} ${NSB_LO_IP6}
  2591. do
  2592. log_start
  2593. show_hint "Should fail 'Connection refused'"
  2594. run_cmd nettest -6 -r ${a} -d ${VRF}
  2595. log_test_addr ${a} $? 1 "No server, VRF client"
  2596. done
  2597. for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
  2598. do
  2599. log_start
  2600. show_hint "Should fail 'Connection refused'"
  2601. run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
  2602. log_test_addr ${a} $? 1 "No server, device client"
  2603. done
  2604. for a in ${NSA_IP6} ${VRF_IP6} ::1
  2605. do
  2606. log_start
  2607. run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
  2608. wait_local_port_listen ${NSA} 12345 tcp
  2609. run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
  2610. log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
  2611. done
  2612. a=${NSA_IP6}
  2613. log_start
  2614. run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
  2615. wait_local_port_listen ${NSA} 12345 tcp
  2616. run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
  2617. log_test_addr ${a} $? 0 "VRF server, device client, local connection"
  2618. a=${NSA_IP6}
  2619. log_start
  2620. show_hint "Should fail since unbound client is out of VRF scope"
  2621. run_cmd nettest -6 -s -I ${VRF} &
  2622. wait_local_port_listen ${NSA} 12345 tcp
  2623. run_cmd nettest -6 -r ${a}
  2624. log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
  2625. log_start
  2626. run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  2627. wait_local_port_listen ${NSA} 12345 tcp
  2628. run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
  2629. log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
  2630. for a in ${NSA_IP6} ${NSA_LINKIP6}
  2631. do
  2632. log_start
  2633. run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  2634. wait_local_port_listen ${NSA} 12345 tcp
  2635. run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
  2636. log_test_addr ${a} $? 0 "Device server, device client, local connection"
  2637. done
  2638. }
  2639. ipv6_tcp()
  2640. {
  2641. log_section "IPv6/TCP"
  2642. log_subsection "No VRF"
  2643. setup
  2644. # tcp_l3mdev_accept should have no affect without VRF;
  2645. # run tests with it enabled and disabled to verify
  2646. log_subsection "tcp_l3mdev_accept disabled"
  2647. set_sysctl net.ipv4.tcp_l3mdev_accept=0
  2648. ipv6_tcp_novrf
  2649. log_subsection "tcp_l3mdev_accept enabled"
  2650. set_sysctl net.ipv4.tcp_l3mdev_accept=1
  2651. ipv6_tcp_novrf
  2652. log_subsection "With VRF"
  2653. setup "yes"
  2654. ipv6_tcp_vrf
  2655. }
  2656. ################################################################################
  2657. # IPv6 UDP
  2658. ipv6_udp_novrf()
  2659. {
  2660. local a
  2661. #
  2662. # server tests
  2663. #
  2664. for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
  2665. do
  2666. log_start
  2667. run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
  2668. wait_local_port_listen ${NSA} 12345 udp
  2669. run_cmd_nsb nettest -6 -D -r ${a}
  2670. log_test_addr ${a} $? 0 "Global server"
  2671. log_start
  2672. run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  2673. wait_local_port_listen ${NSA} 12345 udp
  2674. run_cmd_nsb nettest -6 -D -r ${a}
  2675. log_test_addr ${a} $? 0 "Device server"
  2676. done
  2677. a=${NSA_LO_IP6}
  2678. log_start
  2679. run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
  2680. wait_local_port_listen ${NSA} 12345 udp
  2681. run_cmd_nsb nettest -6 -D -r ${a}
  2682. log_test_addr ${a} $? 0 "Global server"
  2683. # should fail since loopback address is out of scope for a device
  2684. # bound server, but it does not - hence this is more documenting
  2685. # behavior.
  2686. #log_start
  2687. #show_hint "Should fail since loopback address is out of scope"
  2688. #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  2689. wait_local_port_listen ${NSA} 12345 udp
  2690. #run_cmd_nsb nettest -6 -D -r ${a}
  2691. #log_test_addr ${a} $? 1 "Device server"
  2692. # negative test - should fail
  2693. for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
  2694. do
  2695. log_start
  2696. show_hint "Should fail 'Connection refused' since there is no server"
  2697. run_cmd_nsb nettest -6 -D -r ${a}
  2698. log_test_addr ${a} $? 1 "No server"
  2699. done
  2700. #
  2701. # client
  2702. #
  2703. for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
  2704. do
  2705. log_start
  2706. run_cmd_nsb nettest -6 -D -s &
  2707. wait_local_port_listen ${NSB} 12345 udp
  2708. run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
  2709. log_test_addr ${a} $? 0 "Client"
  2710. log_start
  2711. run_cmd_nsb nettest -6 -D -s &
  2712. wait_local_port_listen ${NSB} 12345 udp
  2713. run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
  2714. log_test_addr ${a} $? 0 "Client, device bind"
  2715. log_start
  2716. run_cmd_nsb nettest -6 -D -s &
  2717. wait_local_port_listen ${NSB} 12345 udp
  2718. run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
  2719. log_test_addr ${a} $? 0 "Client, device send via cmsg"
  2720. log_start
  2721. run_cmd_nsb nettest -6 -D -s &
  2722. wait_local_port_listen ${NSB} 12345 udp
  2723. run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
  2724. log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
  2725. log_start
  2726. show_hint "Should fail 'Connection refused'"
  2727. run_cmd nettest -6 -D -r ${a}
  2728. log_test_addr ${a} $? 1 "No server, unbound client"
  2729. log_start
  2730. show_hint "Should fail 'Connection refused'"
  2731. run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
  2732. log_test_addr ${a} $? 1 "No server, device client"
  2733. done
  2734. #
  2735. # local address tests
  2736. #
  2737. for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
  2738. do
  2739. log_start
  2740. run_cmd nettest -6 -D -s &
  2741. wait_local_port_listen ${NSA} 12345 udp
  2742. run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
  2743. log_test_addr ${a} $? 0 "Global server, local connection"
  2744. done
  2745. a=${NSA_IP6}
  2746. log_start
  2747. run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
  2748. wait_local_port_listen ${NSA} 12345 udp
  2749. run_cmd nettest -6 -D -r ${a}
  2750. log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
  2751. for a in ${NSA_LO_IP6} ::1
  2752. do
  2753. log_start
  2754. show_hint "Should fail 'Connection refused' since address is out of device scope"
  2755. run_cmd nettest -6 -s -D -I ${NSA_DEV} &
  2756. wait_local_port_listen ${NSA} 12345 udp
  2757. run_cmd nettest -6 -D -r ${a}
  2758. log_test_addr ${a} $? 1 "Device server, local connection"
  2759. done
  2760. a=${NSA_IP6}
  2761. log_start
  2762. run_cmd nettest -6 -s -D &
  2763. wait_local_port_listen ${NSA} 12345 udp
  2764. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
  2765. log_test_addr ${a} $? 0 "Global server, device client, local connection"
  2766. log_start
  2767. run_cmd nettest -6 -s -D &
  2768. wait_local_port_listen ${NSA} 12345 udp
  2769. run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
  2770. log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
  2771. log_start
  2772. run_cmd nettest -6 -s -D &
  2773. wait_local_port_listen ${NSA} 12345 udp
  2774. run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
  2775. log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
  2776. for a in ${NSA_LO_IP6} ::1
  2777. do
  2778. log_start
  2779. show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
  2780. run_cmd nettest -6 -D -s &
  2781. wait_local_port_listen ${NSA} 12345 udp
  2782. run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
  2783. log_test_addr ${a} $? 1 "Global server, device client, local connection"
  2784. log_start
  2785. show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
  2786. run_cmd nettest -6 -D -s &
  2787. wait_local_port_listen ${NSA} 12345 udp
  2788. run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
  2789. log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
  2790. log_start
  2791. show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
  2792. run_cmd nettest -6 -D -s &
  2793. wait_local_port_listen ${NSA} 12345 udp
  2794. run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
  2795. log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
  2796. log_start
  2797. show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
  2798. run_cmd nettest -6 -D -s &
  2799. wait_local_port_listen ${NSA} 12345 udp
  2800. run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
  2801. log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
  2802. done
  2803. a=${NSA_IP6}
  2804. log_start
  2805. run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
  2806. wait_local_port_listen ${NSA} 12345 udp
  2807. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
  2808. log_test_addr ${a} $? 0 "Device server, device client, local conn"
  2809. log_start
  2810. show_hint "Should fail 'Connection refused'"
  2811. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
  2812. log_test_addr ${a} $? 1 "No server, device client, local conn"
  2813. # LLA to GUA
  2814. run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
  2815. run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
  2816. log_start
  2817. run_cmd nettest -6 -s -D &
  2818. wait_local_port_listen ${NSA} 12345 udp
  2819. run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
  2820. log_test $? 0 "UDP in - LLA to GUA"
  2821. run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
  2822. run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
  2823. }
  2824. ipv6_udp_vrf()
  2825. {
  2826. local a
  2827. # disable global server
  2828. log_subsection "Global server disabled"
  2829. set_sysctl net.ipv4.udp_l3mdev_accept=0
  2830. #
  2831. # server tests
  2832. #
  2833. for a in ${NSA_IP6} ${VRF_IP6}
  2834. do
  2835. log_start
  2836. show_hint "Should fail 'Connection refused' since global server is disabled"
  2837. run_cmd nettest -6 -D -s &
  2838. wait_local_port_listen ${NSA} 12345 udp
  2839. run_cmd_nsb nettest -6 -D -r ${a}
  2840. log_test_addr ${a} $? 1 "Global server"
  2841. done
  2842. for a in ${NSA_IP6} ${VRF_IP6}
  2843. do
  2844. log_start
  2845. run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
  2846. wait_local_port_listen ${NSA} 12345 udp
  2847. run_cmd_nsb nettest -6 -D -r ${a}
  2848. log_test_addr ${a} $? 0 "VRF server"
  2849. done
  2850. for a in ${NSA_IP6} ${VRF_IP6}
  2851. do
  2852. log_start
  2853. run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  2854. wait_local_port_listen ${NSA} 12345 udp
  2855. run_cmd_nsb nettest -6 -D -r ${a}
  2856. log_test_addr ${a} $? 0 "Enslaved device server"
  2857. done
  2858. # negative test - should fail
  2859. for a in ${NSA_IP6} ${VRF_IP6}
  2860. do
  2861. log_start
  2862. show_hint "Should fail 'Connection refused' since there is no server"
  2863. run_cmd_nsb nettest -6 -D -r ${a}
  2864. log_test_addr ${a} $? 1 "No server"
  2865. done
  2866. #
  2867. # local address tests
  2868. #
  2869. for a in ${NSA_IP6} ${VRF_IP6}
  2870. do
  2871. log_start
  2872. show_hint "Should fail 'Connection refused' since global server is disabled"
  2873. run_cmd nettest -6 -D -s &
  2874. wait_local_port_listen ${NSA} 12345 udp
  2875. run_cmd nettest -6 -D -d ${VRF} -r ${a}
  2876. log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
  2877. done
  2878. for a in ${NSA_IP6} ${VRF_IP6}
  2879. do
  2880. log_start
  2881. run_cmd nettest -6 -D -I ${VRF} -s &
  2882. wait_local_port_listen ${NSA} 12345 udp
  2883. run_cmd nettest -6 -D -d ${VRF} -r ${a}
  2884. log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
  2885. done
  2886. a=${NSA_IP6}
  2887. log_start
  2888. show_hint "Should fail 'Connection refused' since global server is disabled"
  2889. run_cmd nettest -6 -D -s &
  2890. wait_local_port_listen ${NSA} 12345 udp
  2891. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
  2892. log_test_addr ${a} $? 1 "Global server, device client, local conn"
  2893. log_start
  2894. run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
  2895. wait_local_port_listen ${NSA} 12345 udp
  2896. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
  2897. log_test_addr ${a} $? 0 "VRF server, device client, local conn"
  2898. log_start
  2899. run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  2900. wait_local_port_listen ${NSA} 12345 udp
  2901. run_cmd nettest -6 -D -d ${VRF} -r ${a}
  2902. log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
  2903. log_start
  2904. run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  2905. wait_local_port_listen ${NSA} 12345 udp
  2906. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
  2907. log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
  2908. # disable global server
  2909. log_subsection "Global server enabled"
  2910. set_sysctl net.ipv4.udp_l3mdev_accept=1
  2911. #
  2912. # server tests
  2913. #
  2914. for a in ${NSA_IP6} ${VRF_IP6}
  2915. do
  2916. log_start
  2917. run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
  2918. wait_local_port_listen ${NSA} 12345 udp
  2919. run_cmd_nsb nettest -6 -D -r ${a}
  2920. log_test_addr ${a} $? 0 "Global server"
  2921. done
  2922. for a in ${NSA_IP6} ${VRF_IP6}
  2923. do
  2924. log_start
  2925. run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
  2926. wait_local_port_listen ${NSA} 12345 udp
  2927. run_cmd_nsb nettest -6 -D -r ${a}
  2928. log_test_addr ${a} $? 0 "VRF server"
  2929. done
  2930. for a in ${NSA_IP6} ${VRF_IP6}
  2931. do
  2932. log_start
  2933. run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  2934. wait_local_port_listen ${NSA} 12345 udp
  2935. run_cmd_nsb nettest -6 -D -r ${a}
  2936. log_test_addr ${a} $? 0 "Enslaved device server"
  2937. done
  2938. # negative test - should fail
  2939. for a in ${NSA_IP6} ${VRF_IP6}
  2940. do
  2941. log_start
  2942. run_cmd_nsb nettest -6 -D -r ${a}
  2943. log_test_addr ${a} $? 1 "No server"
  2944. done
  2945. #
  2946. # client tests
  2947. #
  2948. log_start
  2949. run_cmd_nsb nettest -6 -D -s &
  2950. wait_local_port_listen ${NSB} 12345 udp
  2951. run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
  2952. log_test $? 0 "VRF client"
  2953. # negative test - should fail
  2954. log_start
  2955. run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
  2956. log_test $? 1 "No server, VRF client"
  2957. log_start
  2958. run_cmd_nsb nettest -6 -D -s &
  2959. wait_local_port_listen ${NSB} 12345 udp
  2960. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
  2961. log_test $? 0 "Enslaved device client"
  2962. # negative test - should fail
  2963. log_start
  2964. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
  2965. log_test $? 1 "No server, enslaved device client"
  2966. #
  2967. # local address tests
  2968. #
  2969. a=${NSA_IP6}
  2970. log_start
  2971. run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
  2972. wait_local_port_listen ${NSA} 12345 udp
  2973. run_cmd nettest -6 -D -d ${VRF} -r ${a}
  2974. log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
  2975. #log_start
  2976. run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
  2977. wait_local_port_listen ${NSA} 12345 udp
  2978. run_cmd nettest -6 -D -d ${VRF} -r ${a}
  2979. log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
  2980. a=${VRF_IP6}
  2981. log_start
  2982. run_cmd nettest -6 -D -s -3 ${VRF} &
  2983. wait_local_port_listen ${NSA} 12345 udp
  2984. run_cmd nettest -6 -D -d ${VRF} -r ${a}
  2985. log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
  2986. log_start
  2987. run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
  2988. wait_local_port_listen ${NSA} 12345 udp
  2989. run_cmd nettest -6 -D -d ${VRF} -r ${a}
  2990. log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
  2991. # negative test - should fail
  2992. for a in ${NSA_IP6} ${VRF_IP6}
  2993. do
  2994. log_start
  2995. run_cmd nettest -6 -D -d ${VRF} -r ${a}
  2996. log_test_addr ${a} $? 1 "No server, VRF client, local conn"
  2997. done
  2998. # device to global IP
  2999. a=${NSA_IP6}
  3000. log_start
  3001. run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
  3002. wait_local_port_listen ${NSA} 12345 udp
  3003. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
  3004. log_test_addr ${a} $? 0 "Global server, device client, local conn"
  3005. log_start
  3006. run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
  3007. wait_local_port_listen ${NSA} 12345 udp
  3008. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
  3009. log_test_addr ${a} $? 0 "VRF server, device client, local conn"
  3010. log_start
  3011. run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  3012. wait_local_port_listen ${NSA} 12345 udp
  3013. run_cmd nettest -6 -D -d ${VRF} -r ${a}
  3014. log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
  3015. log_start
  3016. run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
  3017. wait_local_port_listen ${NSA} 12345 udp
  3018. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
  3019. log_test_addr ${a} $? 0 "Device server, device client, local conn"
  3020. log_start
  3021. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
  3022. log_test_addr ${a} $? 1 "No server, device client, local conn"
  3023. # link local addresses
  3024. log_start
  3025. run_cmd nettest -6 -D -s &
  3026. wait_local_port_listen ${NSA} 12345 udp
  3027. run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
  3028. log_test $? 0 "Global server, linklocal IP"
  3029. log_start
  3030. run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
  3031. log_test $? 1 "No server, linklocal IP"
  3032. log_start
  3033. run_cmd_nsb nettest -6 -D -s &
  3034. wait_local_port_listen ${NSB} 12345 udp
  3035. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
  3036. log_test $? 0 "Enslaved device client, linklocal IP"
  3037. log_start
  3038. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
  3039. log_test $? 1 "No server, device client, peer linklocal IP"
  3040. log_start
  3041. run_cmd nettest -6 -D -s &
  3042. wait_local_port_listen ${NSA} 12345 udp
  3043. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
  3044. log_test $? 0 "Enslaved device client, local conn - linklocal IP"
  3045. log_start
  3046. run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
  3047. log_test $? 1 "No server, device client, local conn - linklocal IP"
  3048. # LLA to GUA
  3049. run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
  3050. run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
  3051. log_start
  3052. run_cmd nettest -6 -s -D &
  3053. wait_local_port_listen ${NSA} 12345 udp
  3054. run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
  3055. log_test $? 0 "UDP in - LLA to GUA"
  3056. run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
  3057. run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
  3058. }
  3059. ipv6_udp()
  3060. {
  3061. # should not matter, but set to known state
  3062. set_sysctl net.ipv4.udp_early_demux=1
  3063. log_section "IPv6/UDP"
  3064. log_subsection "No VRF"
  3065. setup
  3066. # udp_l3mdev_accept should have no affect without VRF;
  3067. # run tests with it enabled and disabled to verify
  3068. log_subsection "udp_l3mdev_accept disabled"
  3069. set_sysctl net.ipv4.udp_l3mdev_accept=0
  3070. ipv6_udp_novrf
  3071. log_subsection "udp_l3mdev_accept enabled"
  3072. set_sysctl net.ipv4.udp_l3mdev_accept=1
  3073. ipv6_udp_novrf
  3074. log_subsection "With VRF"
  3075. setup "yes"
  3076. ipv6_udp_vrf
  3077. }
  3078. ################################################################################
  3079. # IPv6 address bind
  3080. ipv6_addr_bind_novrf()
  3081. {
  3082. #
  3083. # raw socket
  3084. #
  3085. for a in ${NSA_IP6} ${NSA_LO_IP6}
  3086. do
  3087. log_start
  3088. run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
  3089. log_test_addr ${a} $? 0 "Raw socket bind to local address"
  3090. log_start
  3091. run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
  3092. log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
  3093. done
  3094. #
  3095. # raw socket with nonlocal bind
  3096. #
  3097. a=${NL_IP6}
  3098. log_start
  3099. run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
  3100. log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
  3101. #
  3102. # tcp sockets
  3103. #
  3104. a=${NSA_IP6}
  3105. log_start
  3106. run_cmd nettest -6 -s -l ${a} -t1 -b
  3107. log_test_addr ${a} $? 0 "TCP socket bind to local address"
  3108. log_start
  3109. run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
  3110. log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
  3111. # Sadly, the kernel allows binding a socket to a device and then
  3112. # binding to an address not on the device. So this test passes
  3113. # when it really should not
  3114. a=${NSA_LO_IP6}
  3115. log_start
  3116. show_hint "Technically should fail since address is not on device but kernel allows"
  3117. run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
  3118. log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address"
  3119. }
  3120. ipv6_addr_bind_vrf()
  3121. {
  3122. #
  3123. # raw socket
  3124. #
  3125. for a in ${NSA_IP6} ${VRF_IP6}
  3126. do
  3127. log_start
  3128. run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
  3129. log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
  3130. log_start
  3131. run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
  3132. log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
  3133. done
  3134. a=${NSA_LO_IP6}
  3135. log_start
  3136. show_hint "Address on loopback is out of VRF scope"
  3137. run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
  3138. log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
  3139. #
  3140. # raw socket with nonlocal bind
  3141. #
  3142. a=${NL_IP6}
  3143. log_start
  3144. run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
  3145. log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
  3146. #
  3147. # tcp sockets
  3148. #
  3149. # address on enslaved device is valid for the VRF or device in a VRF
  3150. for a in ${NSA_IP6} ${VRF_IP6}
  3151. do
  3152. log_start
  3153. run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
  3154. log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
  3155. done
  3156. a=${NSA_IP6}
  3157. log_start
  3158. run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
  3159. log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
  3160. # Sadly, the kernel allows binding a socket to a device and then
  3161. # binding to an address not on the device. The only restriction
  3162. # is that the address is valid in the L3 domain. So this test
  3163. # passes when it really should not
  3164. a=${VRF_IP6}
  3165. log_start
  3166. show_hint "Technically should fail since address is not on device but kernel allows"
  3167. run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
  3168. log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind"
  3169. a=${NSA_LO_IP6}
  3170. log_start
  3171. show_hint "Address on loopback out of scope for VRF"
  3172. run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
  3173. log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
  3174. log_start
  3175. show_hint "Address on loopback out of scope for device in VRF"
  3176. run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
  3177. log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
  3178. }
  3179. ipv6_addr_bind()
  3180. {
  3181. log_section "IPv6 address binds"
  3182. log_subsection "No VRF"
  3183. setup
  3184. ipv6_addr_bind_novrf
  3185. log_subsection "With VRF"
  3186. setup "yes"
  3187. ipv6_addr_bind_vrf
  3188. }
  3189. ################################################################################
  3190. # IPv6 runtime tests
  3191. ipv6_rt()
  3192. {
  3193. local desc="$1"
  3194. local varg="-6 $2"
  3195. local with_vrf="yes"
  3196. local a
  3197. #
  3198. # server tests
  3199. #
  3200. for a in ${NSA_IP6} ${VRF_IP6}
  3201. do
  3202. log_start
  3203. run_cmd nettest ${varg} -s &
  3204. wait_local_port_listen ${NSA} 12345 tcp
  3205. run_cmd_nsb nettest ${varg} -r ${a} &
  3206. sleep 3
  3207. run_cmd ip link del ${VRF}
  3208. sleep 1
  3209. log_test_addr ${a} 0 0 "${desc}, global server"
  3210. setup ${with_vrf}
  3211. done
  3212. for a in ${NSA_IP6} ${VRF_IP6}
  3213. do
  3214. log_start
  3215. run_cmd nettest ${varg} -I ${VRF} -s &
  3216. wait_local_port_listen ${NSA} 12345 tcp
  3217. run_cmd_nsb nettest ${varg} -r ${a} &
  3218. sleep 3
  3219. run_cmd ip link del ${VRF}
  3220. sleep 1
  3221. log_test_addr ${a} 0 0 "${desc}, VRF server"
  3222. setup ${with_vrf}
  3223. done
  3224. for a in ${NSA_IP6} ${VRF_IP6}
  3225. do
  3226. log_start
  3227. run_cmd nettest ${varg} -I ${NSA_DEV} -s &
  3228. wait_local_port_listen ${NSA} 12345 tcp
  3229. run_cmd_nsb nettest ${varg} -r ${a} &
  3230. sleep 3
  3231. run_cmd ip link del ${VRF}
  3232. sleep 1
  3233. log_test_addr ${a} 0 0 "${desc}, enslaved device server"
  3234. setup ${with_vrf}
  3235. done
  3236. #
  3237. # client test
  3238. #
  3239. log_start
  3240. run_cmd_nsb nettest ${varg} -s &
  3241. wait_local_port_listen ${NSB} 12345 tcp
  3242. run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
  3243. sleep 3
  3244. run_cmd ip link del ${VRF}
  3245. sleep 1
  3246. log_test 0 0 "${desc}, VRF client"
  3247. setup ${with_vrf}
  3248. log_start
  3249. run_cmd_nsb nettest ${varg} -s &
  3250. wait_local_port_listen ${NSB} 12345 tcp
  3251. run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
  3252. sleep 3
  3253. run_cmd ip link del ${VRF}
  3254. sleep 1
  3255. log_test 0 0 "${desc}, enslaved device client"
  3256. setup ${with_vrf}
  3257. #
  3258. # local address tests
  3259. #
  3260. for a in ${NSA_IP6} ${VRF_IP6}
  3261. do
  3262. log_start
  3263. run_cmd nettest ${varg} -s &
  3264. wait_local_port_listen ${NSA} 12345 tcp
  3265. run_cmd nettest ${varg} -d ${VRF} -r ${a} &
  3266. sleep 3
  3267. run_cmd ip link del ${VRF}
  3268. sleep 1
  3269. log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
  3270. setup ${with_vrf}
  3271. done
  3272. for a in ${NSA_IP6} ${VRF_IP6}
  3273. do
  3274. log_start
  3275. run_cmd nettest ${varg} -I ${VRF} -s &
  3276. wait_local_port_listen ${NSA} 12345 tcp
  3277. run_cmd nettest ${varg} -d ${VRF} -r ${a} &
  3278. sleep 3
  3279. run_cmd ip link del ${VRF}
  3280. sleep 1
  3281. log_test_addr ${a} 0 0 "${desc}, VRF server and client"
  3282. setup ${with_vrf}
  3283. done
  3284. a=${NSA_IP6}
  3285. log_start
  3286. run_cmd nettest ${varg} -s &
  3287. wait_local_port_listen ${NSA} 12345 tcp
  3288. run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
  3289. sleep 3
  3290. run_cmd ip link del ${VRF}
  3291. sleep 1
  3292. log_test_addr ${a} 0 0 "${desc}, global server, device client"
  3293. setup ${with_vrf}
  3294. log_start
  3295. run_cmd nettest ${varg} -I ${VRF} -s &
  3296. wait_local_port_listen ${NSA} 12345 tcp
  3297. run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
  3298. sleep 3
  3299. run_cmd ip link del ${VRF}
  3300. sleep 1
  3301. log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
  3302. setup ${with_vrf}
  3303. log_start
  3304. run_cmd nettest ${varg} -I ${NSA_DEV} -s &
  3305. wait_local_port_listen ${NSA} 12345 tcp
  3306. run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
  3307. sleep 3
  3308. run_cmd ip link del ${VRF}
  3309. sleep 1
  3310. log_test_addr ${a} 0 0 "${desc}, device server, device client"
  3311. }
  3312. ipv6_ping_rt()
  3313. {
  3314. local with_vrf="yes"
  3315. local a
  3316. a=${NSA_IP6}
  3317. log_start
  3318. run_cmd_nsb ${ping6} -f ${a} &
  3319. sleep 3
  3320. run_cmd ip link del ${VRF}
  3321. sleep 1
  3322. log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
  3323. setup ${with_vrf}
  3324. log_start
  3325. run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
  3326. sleep 1
  3327. run_cmd ip link del ${VRF}
  3328. sleep 1
  3329. log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
  3330. }
  3331. ipv6_runtime()
  3332. {
  3333. log_section "Run time tests - ipv6"
  3334. setup "yes"
  3335. ipv6_ping_rt
  3336. setup "yes"
  3337. ipv6_rt "TCP active socket" "-n -1"
  3338. setup "yes"
  3339. ipv6_rt "TCP passive socket" "-i"
  3340. setup "yes"
  3341. ipv6_rt "UDP active socket" "-D -n -1"
  3342. }
  3343. ################################################################################
  3344. # netfilter blocking connections
  3345. netfilter_tcp_reset()
  3346. {
  3347. local a
  3348. for a in ${NSA_IP} ${VRF_IP}
  3349. do
  3350. log_start
  3351. run_cmd nettest -s &
  3352. wait_local_port_listen ${NSA} 12345 tcp
  3353. run_cmd_nsb nettest -r ${a}
  3354. log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
  3355. done
  3356. }
  3357. netfilter_icmp()
  3358. {
  3359. local stype="$1"
  3360. local arg
  3361. local a
  3362. [ "${stype}" = "UDP" ] && arg="-D"
  3363. for a in ${NSA_IP} ${VRF_IP}
  3364. do
  3365. log_start
  3366. run_cmd nettest ${arg} -s &
  3367. wait_local_port_listen ${NSA} 12345 tcp
  3368. run_cmd_nsb nettest ${arg} -r ${a}
  3369. log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
  3370. done
  3371. }
  3372. ipv4_netfilter()
  3373. {
  3374. log_section "IPv4 Netfilter"
  3375. log_subsection "TCP reset"
  3376. setup "yes"
  3377. run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
  3378. netfilter_tcp_reset
  3379. log_start
  3380. log_subsection "ICMP unreachable"
  3381. log_start
  3382. run_cmd iptables -F
  3383. run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
  3384. run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
  3385. netfilter_icmp "TCP"
  3386. netfilter_icmp "UDP"
  3387. log_start
  3388. iptables -F
  3389. }
  3390. netfilter_tcp6_reset()
  3391. {
  3392. local a
  3393. for a in ${NSA_IP6} ${VRF_IP6}
  3394. do
  3395. log_start
  3396. run_cmd nettest -6 -s &
  3397. wait_local_port_listen ${NSA} 12345 tcp
  3398. run_cmd_nsb nettest -6 -r ${a}
  3399. log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
  3400. done
  3401. }
  3402. netfilter_icmp6()
  3403. {
  3404. local stype="$1"
  3405. local arg
  3406. local a
  3407. [ "${stype}" = "UDP" ] && arg="$arg -D"
  3408. for a in ${NSA_IP6} ${VRF_IP6}
  3409. do
  3410. log_start
  3411. run_cmd nettest -6 -s ${arg} &
  3412. wait_local_port_listen ${NSA} 12345 tcp
  3413. run_cmd_nsb nettest -6 ${arg} -r ${a}
  3414. log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
  3415. done
  3416. }
  3417. ipv6_netfilter()
  3418. {
  3419. log_section "IPv6 Netfilter"
  3420. log_subsection "TCP reset"
  3421. setup "yes"
  3422. run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
  3423. netfilter_tcp6_reset
  3424. log_subsection "ICMP unreachable"
  3425. log_start
  3426. run_cmd ip6tables -F
  3427. run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
  3428. run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
  3429. netfilter_icmp6 "TCP"
  3430. netfilter_icmp6 "UDP"
  3431. log_start
  3432. ip6tables -F
  3433. }
  3434. ################################################################################
  3435. # specific use cases
  3436. # VRF only.
  3437. # ns-A device enslaved to bridge. Verify traffic with and without
  3438. # br_netfilter module loaded. Repeat with SVI on bridge.
  3439. use_case_br()
  3440. {
  3441. setup "yes"
  3442. setup_cmd ip link set ${NSA_DEV} down
  3443. setup_cmd ip addr del dev ${NSA_DEV} ${NSA_IP}/24
  3444. setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
  3445. setup_cmd ip link add br0 type bridge
  3446. setup_cmd ip addr add dev br0 ${NSA_IP}/24
  3447. setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
  3448. setup_cmd ip li set ${NSA_DEV} master br0
  3449. setup_cmd ip li set ${NSA_DEV} up
  3450. setup_cmd ip li set br0 up
  3451. setup_cmd ip li set br0 vrf ${VRF}
  3452. rmmod br_netfilter 2>/dev/null
  3453. sleep 5 # DAD
  3454. run_cmd ip neigh flush all
  3455. run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
  3456. log_test $? 0 "Bridge into VRF - IPv4 ping out"
  3457. run_cmd ip neigh flush all
  3458. run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
  3459. log_test $? 0 "Bridge into VRF - IPv6 ping out"
  3460. run_cmd ip neigh flush all
  3461. run_cmd_nsb ping -c1 -w1 ${NSA_IP}
  3462. log_test $? 0 "Bridge into VRF - IPv4 ping in"
  3463. run_cmd ip neigh flush all
  3464. run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
  3465. log_test $? 0 "Bridge into VRF - IPv6 ping in"
  3466. modprobe br_netfilter
  3467. if [ $? -eq 0 ]; then
  3468. run_cmd ip neigh flush all
  3469. run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
  3470. log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
  3471. run_cmd ip neigh flush all
  3472. run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
  3473. log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
  3474. run_cmd ip neigh flush all
  3475. run_cmd_nsb ping -c1 -w1 ${NSA_IP}
  3476. log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
  3477. run_cmd ip neigh flush all
  3478. run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
  3479. log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
  3480. fi
  3481. setup_cmd ip li set br0 nomaster
  3482. setup_cmd ip li add br0.100 link br0 type vlan id 100
  3483. setup_cmd ip li set br0.100 vrf ${VRF} up
  3484. setup_cmd ip addr add dev br0.100 172.16.101.1/24
  3485. setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
  3486. setup_cmd_nsb ip li add vlan100 link ${NSB_DEV} type vlan id 100
  3487. setup_cmd_nsb ip addr add dev vlan100 172.16.101.2/24
  3488. setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
  3489. setup_cmd_nsb ip li set vlan100 up
  3490. sleep 1
  3491. rmmod br_netfilter 2>/dev/null
  3492. run_cmd ip neigh flush all
  3493. run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
  3494. log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
  3495. run_cmd ip neigh flush all
  3496. run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
  3497. log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
  3498. run_cmd ip neigh flush all
  3499. run_cmd_nsb ping -c1 -w1 172.16.101.1
  3500. log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
  3501. run_cmd ip neigh flush all
  3502. run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
  3503. log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
  3504. modprobe br_netfilter
  3505. if [ $? -eq 0 ]; then
  3506. run_cmd ip neigh flush all
  3507. run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
  3508. log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
  3509. run_cmd ip neigh flush all
  3510. run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
  3511. log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
  3512. run_cmd ip neigh flush all
  3513. run_cmd_nsb ping -c1 -w1 172.16.101.1
  3514. log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
  3515. run_cmd ip neigh flush all
  3516. run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
  3517. log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
  3518. fi
  3519. setup_cmd ip li del br0 2>/dev/null
  3520. setup_cmd_nsb ip li del vlan100 2>/dev/null
  3521. }
  3522. # VRF only.
  3523. # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
  3524. # LLA on the interfaces
  3525. use_case_ping_lla_multi()
  3526. {
  3527. setup_lla_only
  3528. # only want reply from ns-A
  3529. setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
  3530. setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
  3531. log_start
  3532. run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
  3533. log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
  3534. run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
  3535. log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
  3536. # cycle/flap the first ns-A interface
  3537. setup_cmd ip link set ${NSA_DEV} down
  3538. setup_cmd ip link set ${NSA_DEV} up
  3539. sleep 1
  3540. log_start
  3541. run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
  3542. log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
  3543. run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
  3544. log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
  3545. # cycle/flap the second ns-A interface
  3546. setup_cmd ip link set ${NSA_DEV2} down
  3547. setup_cmd ip link set ${NSA_DEV2} up
  3548. sleep 1
  3549. log_start
  3550. run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
  3551. log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
  3552. run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
  3553. log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
  3554. }
  3555. # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
  3556. # established with ns-B.
  3557. use_case_snat_on_vrf()
  3558. {
  3559. setup "yes"
  3560. local port="12345"
  3561. run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
  3562. run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
  3563. run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
  3564. wait_local_port_listen ${NSB} ${port} tcp
  3565. run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
  3566. log_test $? 0 "IPv4 TCP connection over VRF with SNAT"
  3567. run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
  3568. wait_local_port_listen ${NSB} ${port} tcp
  3569. run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
  3570. log_test $? 0 "IPv6 TCP connection over VRF with SNAT"
  3571. # Cleanup
  3572. run_cmd iptables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
  3573. run_cmd ip6tables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
  3574. }
  3575. use_cases()
  3576. {
  3577. log_section "Use cases"
  3578. log_subsection "Device enslaved to bridge"
  3579. use_case_br
  3580. log_subsection "Ping LLA with multiple interfaces"
  3581. use_case_ping_lla_multi
  3582. log_subsection "SNAT on VRF"
  3583. use_case_snat_on_vrf
  3584. }
  3585. ################################################################################
  3586. # usage
  3587. usage()
  3588. {
  3589. cat <<EOF
  3590. usage: ${0##*/} OPTS
  3591. -4 IPv4 tests only
  3592. -6 IPv6 tests only
  3593. -t <test> Test name/set to run
  3594. -p Pause on fail
  3595. -P Pause after each test
  3596. -v Be verbose
  3597. Tests:
  3598. $TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER
  3599. EOF
  3600. }
  3601. ################################################################################
  3602. # main
  3603. TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_bind ipv4_runtime ipv4_netfilter"
  3604. TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_bind ipv6_runtime ipv6_netfilter"
  3605. TESTS_OTHER="use_cases"
  3606. # note: each TEST_ group needs a dedicated runner, e.g. fcnal-ipv4.sh
  3607. PAUSE_ON_FAIL=no
  3608. PAUSE=no
  3609. while getopts :46t:pPvh o
  3610. do
  3611. case $o in
  3612. 4) TESTS=ipv4;;
  3613. 6) TESTS=ipv6;;
  3614. t) TESTS=$OPTARG;;
  3615. p) PAUSE_ON_FAIL=yes;;
  3616. P) PAUSE=yes;;
  3617. v) VERBOSE=1;;
  3618. h) usage; exit 0;;
  3619. *) usage; exit 1;;
  3620. esac
  3621. done
  3622. # make sure we don't pause twice
  3623. [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
  3624. #
  3625. # show user test config
  3626. #
  3627. if [ -z "$TESTS" ]; then
  3628. TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
  3629. elif [ "$TESTS" = "ipv4" ]; then
  3630. TESTS="$TESTS_IPV4"
  3631. elif [ "$TESTS" = "ipv6" ]; then
  3632. TESTS="$TESTS_IPV6"
  3633. elif [ "$TESTS" = "other" ]; then
  3634. TESTS="$TESTS_OTHER"
  3635. fi
  3636. check_gen_prog "nettest"
  3637. declare -i nfail=0
  3638. declare -i nsuccess=0
  3639. for t in $TESTS
  3640. do
  3641. case $t in
  3642. ipv4_ping|ping) ipv4_ping;;
  3643. ipv4_tcp|tcp) ipv4_tcp;;
  3644. ipv4_udp|udp) ipv4_udp;;
  3645. ipv4_bind|bind) ipv4_addr_bind;;
  3646. ipv4_runtime) ipv4_runtime;;
  3647. ipv4_netfilter) ipv4_netfilter;;
  3648. ipv6_ping|ping6) ipv6_ping;;
  3649. ipv6_tcp|tcp6) ipv6_tcp;;
  3650. ipv6_udp|udp6) ipv6_udp;;
  3651. ipv6_bind|bind6) ipv6_addr_bind;;
  3652. ipv6_runtime) ipv6_runtime;;
  3653. ipv6_netfilter) ipv6_netfilter;;
  3654. use_cases) use_cases;;
  3655. # setup namespaces and config, but do not run any tests
  3656. setup) setup; exit 0;;
  3657. vrf_setup) setup "yes"; exit 0;;
  3658. esac
  3659. done
  3660. cleanup 2>/dev/null
  3661. printf "\nTests passed: %3d\n" ${nsuccess}
  3662. printf "Tests failed: %3d\n" ${nfail}
  3663. if [ $nfail -ne 0 ]; then
  3664. exit 1 # KSFT_FAIL
  3665. elif [ $nsuccess -eq 0 ]; then
  3666. exit $ksft_skip
  3667. fi
  3668. exit 0 # KSFT_PASS