vrf_strict_mode_test.sh 8.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426
  1. #!/bin/bash
  2. # SPDX-License-Identifier: GPL-2.0
  3. # This test is designed for testing the new VRF strict_mode functionality.
  4. source lib.sh
  5. ret=0
  6. # identifies the "init" network namespace which is often called root network
  7. # namespace.
  8. INIT_NETNS_NAME="init"
  9. PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
  10. TESTS="init testns mix"
  11. log_test()
  12. {
  13. local rc=$1
  14. local expected=$2
  15. local msg="$3"
  16. if [ ${rc} -eq ${expected} ]; then
  17. nsuccess=$((nsuccess+1))
  18. printf "\n TEST: %-60s [ OK ]\n" "${msg}"
  19. else
  20. ret=1
  21. nfail=$((nfail+1))
  22. printf "\n TEST: %-60s [FAIL]\n" "${msg}"
  23. if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
  24. echo
  25. echo "hit enter to continue, 'q' to quit"
  26. read a
  27. [ "$a" = "q" ] && exit 1
  28. fi
  29. fi
  30. }
  31. print_log_test_results()
  32. {
  33. if [ "$TESTS" != "none" ]; then
  34. printf "\nTests passed: %3d\n" ${nsuccess}
  35. printf "Tests failed: %3d\n" ${nfail}
  36. fi
  37. }
  38. log_section()
  39. {
  40. echo
  41. echo "################################################################################"
  42. echo "TEST SECTION: $*"
  43. echo "################################################################################"
  44. }
  45. ip_expand_args()
  46. {
  47. local nsname=$1
  48. local nsarg=""
  49. if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then
  50. nsarg="-netns ${nsname}"
  51. fi
  52. echo "${nsarg}"
  53. }
  54. vrf_count()
  55. {
  56. local nsname=$1
  57. local nsarg="$(ip_expand_args ${nsname})"
  58. ip ${nsarg} -o link show type vrf | wc -l
  59. }
  60. count_vrf_by_table_id()
  61. {
  62. local nsname=$1
  63. local tableid=$2
  64. local nsarg="$(ip_expand_args ${nsname})"
  65. ip ${nsarg} -d -o link show type vrf | grep "table ${tableid}" | wc -l
  66. }
  67. add_vrf()
  68. {
  69. local nsname=$1
  70. local vrfname=$2
  71. local vrftable=$3
  72. local nsarg="$(ip_expand_args ${nsname})"
  73. ip ${nsarg} link add ${vrfname} type vrf table ${vrftable} &>/dev/null
  74. }
  75. add_vrf_and_check()
  76. {
  77. local nsname=$1
  78. local vrfname=$2
  79. local vrftable=$3
  80. local cnt
  81. local rc
  82. add_vrf ${nsname} ${vrfname} ${vrftable}; rc=$?
  83. cnt=$(count_vrf_by_table_id ${nsname} ${vrftable})
  84. log_test ${rc} 0 "${nsname}: add vrf ${vrfname}, ${cnt} vrfs for table ${vrftable}"
  85. }
  86. add_vrf_and_check_fail()
  87. {
  88. local nsname=$1
  89. local vrfname=$2
  90. local vrftable=$3
  91. local cnt
  92. local rc
  93. add_vrf ${nsname} ${vrfname} ${vrftable}; rc=$?
  94. cnt=$(count_vrf_by_table_id ${nsname} ${vrftable})
  95. log_test ${rc} 2 "${nsname}: CANNOT add vrf ${vrfname}, ${cnt} vrfs for table ${vrftable}"
  96. }
  97. del_vrf_and_check()
  98. {
  99. local nsname=$1
  100. local vrfname=$2
  101. local nsarg="$(ip_expand_args ${nsname})"
  102. ip ${nsarg} link del ${vrfname}
  103. log_test $? 0 "${nsname}: remove vrf ${vrfname}"
  104. }
  105. config_vrf_and_check()
  106. {
  107. local nsname=$1
  108. local addr=$2
  109. local vrfname=$3
  110. local nsarg="$(ip_expand_args ${nsname})"
  111. ip ${nsarg} link set dev ${vrfname} up && \
  112. ip ${nsarg} addr add ${addr} dev ${vrfname}
  113. log_test $? 0 "${nsname}: vrf ${vrfname} up, addr ${addr}"
  114. }
  115. read_strict_mode()
  116. {
  117. local nsname=$1
  118. local rval
  119. local rc=0
  120. local nsexec=""
  121. if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then
  122. # a custom network namespace is provided
  123. nsexec="ip netns exec ${nsname}"
  124. fi
  125. rval="$(${nsexec} bash -c "cat /proc/sys/net/vrf/strict_mode" | \
  126. grep -E "^[0-1]$")" &> /dev/null
  127. if [ $? -ne 0 ]; then
  128. # set errors
  129. rval=255
  130. rc=1
  131. fi
  132. # on success, rval can be only 0 or 1; on error, rval is equal to 255
  133. echo ${rval}
  134. return ${rc}
  135. }
  136. read_strict_mode_compare_and_check()
  137. {
  138. local nsname=$1
  139. local expected=$2
  140. local res
  141. res="$(read_strict_mode ${nsname})"
  142. log_test ${res} ${expected} "${nsname}: check strict_mode=${res}"
  143. }
  144. set_strict_mode()
  145. {
  146. local nsname=$1
  147. local val=$2
  148. local nsexec=""
  149. if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then
  150. # a custom network namespace is provided
  151. nsexec="ip netns exec ${nsname}"
  152. fi
  153. ${nsexec} bash -c "echo ${val} >/proc/sys/net/vrf/strict_mode" &>/dev/null
  154. }
  155. enable_strict_mode()
  156. {
  157. local nsname=$1
  158. set_strict_mode ${nsname} 1
  159. }
  160. disable_strict_mode()
  161. {
  162. local nsname=$1
  163. set_strict_mode ${nsname} 0
  164. }
  165. disable_strict_mode_and_check()
  166. {
  167. local nsname=$1
  168. disable_strict_mode ${nsname}
  169. log_test $? 0 "${nsname}: disable strict_mode (=0)"
  170. }
  171. enable_strict_mode_and_check()
  172. {
  173. local nsname=$1
  174. enable_strict_mode ${nsname}
  175. log_test $? 0 "${nsname}: enable strict_mode (=1)"
  176. }
  177. enable_strict_mode_and_check_fail()
  178. {
  179. local nsname=$1
  180. enable_strict_mode ${nsname}
  181. log_test $? 1 "${nsname}: CANNOT enable strict_mode"
  182. }
  183. strict_mode_check_default()
  184. {
  185. local nsname=$1
  186. local strictmode
  187. local vrfcnt
  188. vrfcnt=$(vrf_count ${nsname})
  189. strictmode=$(read_strict_mode ${nsname})
  190. log_test ${strictmode} 0 "${nsname}: strict_mode=0 by default, ${vrfcnt} vrfs"
  191. }
  192. setup()
  193. {
  194. modprobe vrf
  195. setup_ns testns
  196. }
  197. cleanup()
  198. {
  199. ip netns del $testns 2>/dev/null
  200. ip link del vrf100 2>/dev/null
  201. ip link del vrf101 2>/dev/null
  202. ip link del vrf102 2>/dev/null
  203. echo 0 >/proc/sys/net/vrf/strict_mode 2>/dev/null
  204. }
  205. vrf_strict_mode_tests_init()
  206. {
  207. log_section "VRF strict_mode test on init network namespace"
  208. vrf_strict_mode_check_support init
  209. strict_mode_check_default init
  210. add_vrf_and_check init vrf100 100
  211. config_vrf_and_check init 172.16.100.1/24 vrf100
  212. enable_strict_mode_and_check init
  213. add_vrf_and_check_fail init vrf101 100
  214. disable_strict_mode_and_check init
  215. add_vrf_and_check init vrf101 100
  216. config_vrf_and_check init 172.16.101.1/24 vrf101
  217. enable_strict_mode_and_check_fail init
  218. del_vrf_and_check init vrf101
  219. enable_strict_mode_and_check init
  220. add_vrf_and_check init vrf102 102
  221. config_vrf_and_check init 172.16.102.1/24 vrf102
  222. # the strict_modle is enabled in the init
  223. }
  224. vrf_strict_mode_tests_testns()
  225. {
  226. log_section "VRF strict_mode test on testns network namespace"
  227. vrf_strict_mode_check_support $testns
  228. strict_mode_check_default $testns
  229. enable_strict_mode_and_check $testns
  230. add_vrf_and_check $testns vrf100 100
  231. config_vrf_and_check $testns 10.0.100.1/24 vrf100
  232. add_vrf_and_check_fail $testns vrf101 100
  233. add_vrf_and_check_fail $testns vrf102 100
  234. add_vrf_and_check $testns vrf200 200
  235. disable_strict_mode_and_check $testns
  236. add_vrf_and_check $testns vrf101 100
  237. add_vrf_and_check $testns vrf102 100
  238. #the strict_mode is disabled in the $testns
  239. }
  240. vrf_strict_mode_tests_mix()
  241. {
  242. log_section "VRF strict_mode test mixing init and testns network namespaces"
  243. read_strict_mode_compare_and_check init 1
  244. read_strict_mode_compare_and_check $testns 0
  245. del_vrf_and_check $testns vrf101
  246. del_vrf_and_check $testns vrf102
  247. disable_strict_mode_and_check init
  248. enable_strict_mode_and_check $testns
  249. enable_strict_mode_and_check init
  250. enable_strict_mode_and_check init
  251. disable_strict_mode_and_check $testns
  252. disable_strict_mode_and_check $testns
  253. read_strict_mode_compare_and_check init 1
  254. read_strict_mode_compare_and_check $testns 0
  255. }
  256. ################################################################################
  257. # usage
  258. usage()
  259. {
  260. cat <<EOF
  261. usage: ${0##*/} OPTS
  262. -t <test> Test(s) to run (default: all)
  263. (options: $TESTS)
  264. EOF
  265. }
  266. ################################################################################
  267. # main
  268. while getopts ":t:h" opt; do
  269. case $opt in
  270. t) TESTS=$OPTARG;;
  271. h) usage; exit 0;;
  272. *) usage; exit 1;;
  273. esac
  274. done
  275. vrf_strict_mode_check_support()
  276. {
  277. local nsname=$1
  278. local output
  279. local rc
  280. output="$(lsmod | grep '^vrf' | awk '{print $1}')"
  281. if [ -z "${output}" ]; then
  282. modinfo vrf || return $?
  283. fi
  284. # we do not care about the value of the strict_mode; we only check if
  285. # the strict_mode parameter is available or not.
  286. read_strict_mode ${nsname} &>/dev/null; rc=$?
  287. log_test ${rc} 0 "${nsname}: net.vrf.strict_mode is available"
  288. return ${rc}
  289. }
  290. if [ "$(id -u)" -ne 0 ];then
  291. echo "SKIP: Need root privileges"
  292. exit $ksft_skip
  293. fi
  294. if [ ! -x "$(command -v ip)" ]; then
  295. echo "SKIP: Could not run test without ip tool"
  296. exit $ksft_skip
  297. fi
  298. modprobe vrf &>/dev/null
  299. if [ ! -e /proc/sys/net/vrf/strict_mode ]; then
  300. echo "SKIP: vrf sysctl does not exist"
  301. exit $ksft_skip
  302. fi
  303. cleanup &> /dev/null
  304. setup
  305. for t in $TESTS
  306. do
  307. case $t in
  308. vrf_strict_mode_tests_init|init) vrf_strict_mode_tests_init;;
  309. vrf_strict_mode_tests_testns|testns) vrf_strict_mode_tests_testns;;
  310. vrf_strict_mode_tests_mix|mix) vrf_strict_mode_tests_mix;;
  311. help) echo "Test names: $TESTS"; exit 0;;
  312. esac
  313. done
  314. cleanup
  315. print_log_test_results
  316. exit $ret