2 # SPDX-License-Identifier: GPL-2.0
4 # Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
6 # IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7 # for various permutations:
8 # 1. icmp, tcp, udp and netfilter
9 # 2. client, server, no-server
10 # 3. global address on interface
11 # 4. global address on 'lo'
12 # 5. remote and local traffic
13 # 6. VRF and non-VRF permutations
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
33 # 172.16.2.2/32, 2001:db8:2::2/128
35 # server / client nomenclature relative to ns-A
56 NSA_LO_IP6=2001:db8:2::1
57 NSB_LO_IP6=2001:db8:2::2
60 # set after namespace create
67 NSA_CMD="ip netns exec ${NSA}"
68 NSB_CMD="ip netns exec ${NSB}"
70 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
72 ################################################################################
81 [ "${VERBOSE}" = "1" ] && echo
83 if [ ${rc} -eq ${expected} ]; then
84 nsuccess=$((nsuccess+1))
85 printf "TEST: %-70s [ OK ]\n" "${msg}"
88 printf "TEST: %-70s [FAIL]\n" "${msg}"
89 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
91 echo "hit enter to continue, 'q' to quit"
93 [ "$a" = "q" ] && exit 1
97 if [ "${PAUSE}" = "yes" ]; then
99 echo "hit enter to continue, 'q' to quit"
101 [ "$a" = "q" ] && exit 1
115 astr=$(addr2str ${addr})
116 log_test $rc $expected "$msg - ${astr}"
122 echo "###########################################################################"
124 echo "###########################################################################"
131 echo "#################################################################"
138 # make sure we have no test instances running
141 if [ "${VERBOSE}" = "1" ]; then
143 echo "#######################################################"
149 if [ "${VERBOSE}" = "1" ]; then
158 if [ "${VERBOSE}" = "1" ]; then
166 killall nettest ping ping6 >/dev/null 2>&1
175 if [ "$VERBOSE" = "1" ]; then
176 echo "COMMAND: ${cmd}"
181 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
190 do_run_cmd ${NSA_CMD} $*
195 do_run_cmd ${NSB_CMD} $*
205 if [ $rc -ne 0 ]; then
206 # show user the command if not done so already
207 if [ "$VERBOSE" = "0" ]; then
208 echo "setup command: $cmd"
210 echo "failed. stopping tests"
211 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
213 echo "hit enter to continue"
227 if [ $rc -ne 0 ]; then
228 # show user the command if not done so already
229 if [ "$VERBOSE" = "0" ]; then
230 echo "setup command: $cmd"
232 echo "failed. stopping tests"
233 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
235 echo "hit enter to continue"
242 # set sysctl values in NS-A
247 run_cmd sysctl -q -w $*
250 ################################################################################
256 127.0.0.1) echo "loopback";;
257 ::1) echo "IPv6 loopback";;
259 ${NSA_IP}) echo "ns-A IP";;
260 ${NSA_IP6}) echo "ns-A IPv6";;
261 ${NSA_LO_IP}) echo "ns-A loopback IP";;
262 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
263 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
265 ${NSB_IP}) echo "ns-B IP";;
266 ${NSB_IP6}) echo "ns-B IPv6";;
267 ${NSB_LO_IP}) echo "ns-B loopback IP";;
268 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
269 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
271 ${VRF_IP}) echo "VRF IP";;
272 ${VRF_IP6}) echo "VRF IPv6";;
274 ${MCAST}%*) echo "multicast IP";;
286 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
288 for (i = 3; i <= NF; ++i) {
296 [ -z "$addr" ] && return 1
303 ################################################################################
304 # create namespaces and vrf
314 ip -netns ${ns} link add ${vrf} type vrf table ${table}
315 ip -netns ${ns} link set ${vrf} up
316 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
317 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
319 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
320 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
321 if [ "${addr}" != "-" ]; then
322 ip -netns ${ns} addr add dev ${vrf} ${addr}
324 if [ "${addr6}" != "-" ]; then
325 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
328 ip -netns ${ns} ru del pref 0
329 ip -netns ${ns} ru add pref 32765 from all lookup local
330 ip -netns ${ns} -6 ru del pref 0
331 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
342 ip -netns ${ns} link set lo up
343 if [ "${addr}" != "-" ]; then
344 ip -netns ${ns} addr add dev lo ${addr}
346 if [ "${addr6}" != "-" ]; then
347 ip -netns ${ns} -6 addr add dev lo ${addr6}
350 ip -netns ${ns} ro add unreachable default metric 8192
351 ip -netns ${ns} -6 ro add unreachable default metric 8192
353 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
354 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
355 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
356 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
359 # create veth pair to connect namespaces and apply addresses.
371 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
372 ip -netns ${ns1} li set ${ns1_dev} up
373 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
374 ip -netns ${ns2} li set ${ns2_dev} up
376 if [ "${ns1_addr}" != "-" ]; then
377 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
378 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
381 if [ "${ns1_addr6}" != "-" ]; then
382 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
383 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
389 # explicit cleanups to check those code paths
390 ip netns | grep -q ${NSA}
391 if [ $? -eq 0 ]; then
392 ip -netns ${NSA} link delete ${VRF}
393 ip -netns ${NSA} ro flush table ${VRF_TABLE}
395 ip -netns ${NSA} addr flush dev ${NSA_DEV}
396 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
397 ip -netns ${NSA} link set dev ${NSA_DEV} down
398 ip -netns ${NSA} link del dev ${NSA_DEV}
410 # make sure we are starting with a clean slate
414 log_debug "Configuring network namespaces"
417 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
418 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
419 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
420 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
422 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
423 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
425 # tell ns-A how to get to remote addresses of ns-B
426 if [ "${with_vrf}" = "yes" ]; then
427 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
429 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
430 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
431 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
433 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
434 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
436 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
437 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
441 # tell ns-B how to get to remote addresses of ns-A
442 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
443 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
450 ################################################################################
460 for a in ${NSB_IP} ${NSB_LO_IP}
463 run_cmd ping -c1 -w1 ${a}
464 log_test_addr ${a} $? 0 "ping out"
467 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
468 log_test_addr ${a} $? 0 "ping out, device bind"
471 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
472 log_test_addr ${a} $? 0 "ping out, address bind"
478 for a in ${NSA_IP} ${NSA_LO_IP}
481 run_cmd_nsb ping -c1 -w1 ${a}
482 log_test_addr ${a} $? 0 "ping in"
488 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
491 run_cmd ping -c1 -w1 ${a}
492 log_test_addr ${a} $? 0 "ping local"
496 # local traffic, socket bound to device
501 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
502 log_test_addr ${a} $? 0 "ping local, device bind"
504 # loopback addresses not reachable from device bind
505 # fails in a really weird way though because ipv4 special cases
506 # route lookups with oif set.
507 for a in ${NSA_LO_IP} 127.0.0.1
510 show_hint "Fails since address on loopback device is out of device scope"
511 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
512 log_test_addr ${a} $? 1 "ping local, device bind"
516 # ip rule blocks reachability to remote address
519 setup_cmd ip rule add pref 32765 from all lookup local
520 setup_cmd ip rule del pref 0 from all lookup local
521 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
522 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
525 run_cmd ping -c1 -w1 ${a}
526 log_test_addr ${a} $? 2 "ping out, blocked by rule"
528 # NOTE: ipv4 actually allows the lookup to fail and yet still create
529 # a viable rtable if the oif (e.g., bind to device) is set, so this
530 # case succeeds despite the rule
531 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
535 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
536 run_cmd_nsb ping -c1 -w1 ${a}
537 log_test_addr ${a} $? 1 "ping in, blocked by rule"
539 [ "$VERBOSE" = "1" ] && echo
540 setup_cmd ip rule del pref 32765 from all lookup local
541 setup_cmd ip rule add pref 0 from all lookup local
542 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
543 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
546 # route blocks reachability to remote address
549 setup_cmd ip route replace unreachable ${NSB_LO_IP}
550 setup_cmd ip route replace unreachable ${NSB_IP}
553 run_cmd ping -c1 -w1 ${a}
554 log_test_addr ${a} $? 2 "ping out, blocked by route"
556 # NOTE: ipv4 actually allows the lookup to fail and yet still create
557 # a viable rtable if the oif (e.g., bind to device) is set, so this
558 # case succeeds despite not having a route for the address
559 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
563 show_hint "Response is dropped (or arp request is ignored) due to ip route"
564 run_cmd_nsb ping -c1 -w1 ${a}
565 log_test_addr ${a} $? 1 "ping in, blocked by route"
568 # remove 'remote' routes; fallback to default
571 setup_cmd ip ro del ${NSB_LO_IP}
574 run_cmd ping -c1 -w1 ${a}
575 log_test_addr ${a} $? 2 "ping out, unreachable default route"
577 # NOTE: ipv4 actually allows the lookup to fail and yet still create
578 # a viable rtable if the oif (e.g., bind to device) is set, so this
579 # case succeeds despite not having a route for the address
580 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
587 # should default on; does not exist on older kernels
588 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
593 for a in ${NSB_IP} ${NSB_LO_IP}
596 run_cmd ping -c1 -w1 -I ${VRF} ${a}
597 log_test_addr ${a} $? 0 "ping out, VRF bind"
600 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
601 log_test_addr ${a} $? 0 "ping out, device bind"
604 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
605 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
608 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
609 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
615 for a in ${NSA_IP} ${VRF_IP}
618 run_cmd_nsb ping -c1 -w1 ${a}
619 log_test_addr ${a} $? 0 "ping in"
623 # local traffic, local address
625 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
628 show_hint "Source address should be ${a}"
629 run_cmd ping -c1 -w1 -I ${VRF} ${a}
630 log_test_addr ${a} $? 0 "ping local, VRF bind"
634 # local traffic, socket bound to device
639 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
640 log_test_addr ${a} $? 0 "ping local, device bind"
642 # vrf device is out of scope
643 for a in ${VRF_IP} 127.0.0.1
646 show_hint "Fails since address on vrf device is out of device scope"
647 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
648 log_test_addr ${a} $? 1 "ping local, device bind"
652 # ip rule blocks address
655 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
656 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
659 run_cmd ping -c1 -w1 -I ${VRF} ${a}
660 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
663 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
664 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
668 show_hint "Response lost due to ip rule"
669 run_cmd_nsb ping -c1 -w1 ${a}
670 log_test_addr ${a} $? 1 "ping in, blocked by rule"
672 [ "$VERBOSE" = "1" ] && echo
673 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
674 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
677 # remove 'remote' routes; fallback to default
680 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
683 run_cmd ping -c1 -w1 -I ${VRF} ${a}
684 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
687 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
688 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
692 show_hint "Response lost by unreachable route"
693 run_cmd_nsb ping -c1 -w1 ${a}
694 log_test_addr ${a} $? 1 "ping in, unreachable route"
699 log_section "IPv4 ping"
701 log_subsection "No VRF"
703 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
706 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
709 log_subsection "With VRF"
714 ################################################################################
721 # should not have an impact, but make a known state
722 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
727 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
730 run_cmd ${ping6} -c1 -w1 ${a}
731 log_test_addr ${a} $? 0 "ping out"
734 for a in ${NSB_IP6} ${NSB_LO_IP6}
737 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
738 log_test_addr ${a} $? 0 "ping out, device bind"
741 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
742 log_test_addr ${a} $? 0 "ping out, loopback address bind"
748 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
751 run_cmd_nsb ${ping6} -c1 -w1 ${a}
752 log_test_addr ${a} $? 0 "ping in"
756 # local traffic, local address
758 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
761 run_cmd ${ping6} -c1 -w1 ${a}
762 log_test_addr ${a} $? 0 "ping local, no bind"
765 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
768 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
769 log_test_addr ${a} $? 0 "ping local, device bind"
772 for a in ${NSA_LO_IP6} ::1
775 show_hint "Fails since address on loopback is out of device scope"
776 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
777 log_test_addr ${a} $? 2 "ping local, device bind"
781 # ip rule blocks address
784 setup_cmd ip -6 rule add pref 32765 from all lookup local
785 setup_cmd ip -6 rule del pref 0 from all lookup local
786 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
787 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
790 run_cmd ${ping6} -c1 -w1 ${a}
791 log_test_addr ${a} $? 2 "ping out, blocked by rule"
794 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
795 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
799 show_hint "Response lost due to ip rule"
800 run_cmd_nsb ${ping6} -c1 -w1 ${a}
801 log_test_addr ${a} $? 1 "ping in, blocked by rule"
803 setup_cmd ip -6 rule add pref 0 from all lookup local
804 setup_cmd ip -6 rule del pref 32765 from all lookup local
805 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
806 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
809 # route blocks reachability to remote address
812 setup_cmd ip -6 route del ${NSB_LO_IP6}
813 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
814 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
817 run_cmd ${ping6} -c1 -w1 ${a}
818 log_test_addr ${a} $? 2 "ping out, blocked by route"
821 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
822 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
826 show_hint "Response lost due to ip route"
827 run_cmd_nsb ${ping6} -c1 -w1 ${a}
828 log_test_addr ${a} $? 1 "ping in, blocked by route"
832 # remove 'remote' routes; fallback to default
835 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
836 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
839 run_cmd ${ping6} -c1 -w1 ${a}
840 log_test_addr ${a} $? 2 "ping out, unreachable route"
843 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
844 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
851 # should default on; does not exist on older kernels
852 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
857 for a in ${NSB_IP6} ${NSB_LO_IP6}
860 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
861 log_test_addr ${a} $? 0 "ping out, VRF bind"
864 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
867 show_hint "Fails since VRF device does not support linklocal or multicast"
868 run_cmd ${ping6} -c1 -w1 ${a}
869 log_test_addr ${a} $? 2 "ping out, VRF bind"
872 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
875 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
876 log_test_addr ${a} $? 0 "ping out, device bind"
879 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
882 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
883 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
889 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
892 run_cmd_nsb ${ping6} -c1 -w1 ${a}
893 log_test_addr ${a} $? 0 "ping in"
898 show_hint "Fails since loopback address is out of VRF scope"
899 run_cmd_nsb ${ping6} -c1 -w1 ${a}
900 log_test_addr ${a} $? 1 "ping in"
903 # local traffic, local address
905 for a in ${NSA_IP6} ${VRF_IP6} ::1
908 show_hint "Source address should be ${a}"
909 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
910 log_test_addr ${a} $? 0 "ping local, VRF bind"
913 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
916 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
917 log_test_addr ${a} $? 0 "ping local, device bind"
920 # LLA to GUA - remove ipv6 global addresses from ns-B
921 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
922 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
923 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
925 for a in ${NSA_IP6} ${VRF_IP6}
928 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
929 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
932 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
933 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
934 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
937 # ip rule blocks address
940 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
941 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
944 run_cmd ${ping6} -c1 -w1 ${a}
945 log_test_addr ${a} $? 2 "ping out, blocked by rule"
948 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
949 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
953 show_hint "Response lost due to ip rule"
954 run_cmd_nsb ${ping6} -c1 -w1 ${a}
955 log_test_addr ${a} $? 1 "ping in, blocked by rule"
958 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
959 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
962 # remove 'remote' routes; fallback to default
965 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
968 run_cmd ${ping6} -c1 -w1 ${a}
969 log_test_addr ${a} $? 2 "ping out, unreachable route"
972 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
973 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
975 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
978 run_cmd_nsb ${ping6} -c1 -w1 ${a}
979 log_test_addr ${a} $? 2 "ping in, unreachable route"
984 log_section "IPv6 ping"
986 log_subsection "No VRF"
990 log_subsection "With VRF"
995 ################################################################################
1001 usage: ${0##*/} OPTS
1005 -t <test> Test name/set to run
1007 -P Pause after each test
1012 ################################################################################
1015 TESTS_IPV4="ipv4_ping"
1016 TESTS_IPV6="ipv6_ping"
1020 while getopts :46t:pPvh o
1026 p) PAUSE_ON_FAIL=yes;;
1034 # make sure we don't pause twice
1035 [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
1038 # show user test config
1040 if [ -z "$TESTS" ]; then
1041 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
1042 elif [ "$TESTS" = "ipv4" ]; then
1044 elif [ "$TESTS" = "ipv6" ]; then
1049 declare -i nsuccess=0
1054 ipv4_ping|ping) ipv4_ping;;
1055 ipv6_ping|ping6) ipv6_ping;;
1057 # setup namespaces and config, but do not run any tests
1058 setup) setup; exit 0;;
1059 vrf_setup) setup "yes"; exit 0;;
1061 help) echo "Test names: $TESTS"; exit 0;;
1067 printf "\nTests passed: %3d\n" ${nsuccess}
1068 printf "Tests failed: %3d\n" ${nfail}