2 # SPDX-License-Identifier: GPL-2.0
4 # Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved.
6 # IPv4 and IPv6 functional tests focusing on VRF and routing lookups
7 # for various permutations:
8 # 1. icmp, tcp, udp and netfilter
9 # 2. client, server, no-server
10 # 3. global address on interface
11 # 4. global address on 'lo'
12 # 5. remote and local traffic
13 # 6. VRF and non-VRF permutations
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
33 # 172.16.2.2/32, 2001:db8:2::2/128
35 # server / client nomenclature relative to ns-A
56 NSA_LO_IP6=2001:db8:2::1
57 NSB_LO_IP6=2001:db8:2::2
60 # set after namespace create
67 NSA_CMD="ip netns exec ${NSA}"
68 NSB_CMD="ip netns exec ${NSB}"
70 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
72 ################################################################################
81 [ "${VERBOSE}" = "1" ] && echo
83 if [ ${rc} -eq ${expected} ]; then
84 nsuccess=$((nsuccess+1))
85 printf "TEST: %-70s [ OK ]\n" "${msg}"
88 printf "TEST: %-70s [FAIL]\n" "${msg}"
89 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
91 echo "hit enter to continue, 'q' to quit"
93 [ "$a" = "q" ] && exit 1
97 if [ "${PAUSE}" = "yes" ]; then
99 echo "hit enter to continue, 'q' to quit"
101 [ "$a" = "q" ] && exit 1
115 astr=$(addr2str ${addr})
116 log_test $rc $expected "$msg - ${astr}"
122 echo "###########################################################################"
124 echo "###########################################################################"
131 echo "#################################################################"
138 # make sure we have no test instances running
141 if [ "${VERBOSE}" = "1" ]; then
143 echo "#######################################################"
149 if [ "${VERBOSE}" = "1" ]; then
158 if [ "${VERBOSE}" = "1" ]; then
166 killall nettest ping ping6 >/dev/null 2>&1
175 if [ "$VERBOSE" = "1" ]; then
176 echo "COMMAND: ${cmd}"
181 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
190 do_run_cmd ${NSA_CMD} $*
195 do_run_cmd ${NSB_CMD} $*
205 if [ $rc -ne 0 ]; then
206 # show user the command if not done so already
207 if [ "$VERBOSE" = "0" ]; then
208 echo "setup command: $cmd"
210 echo "failed. stopping tests"
211 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
213 echo "hit enter to continue"
227 if [ $rc -ne 0 ]; then
228 # show user the command if not done so already
229 if [ "$VERBOSE" = "0" ]; then
230 echo "setup command: $cmd"
232 echo "failed. stopping tests"
233 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
235 echo "hit enter to continue"
242 # set sysctl values in NS-A
247 run_cmd sysctl -q -w $*
250 ################################################################################
256 127.0.0.1) echo "loopback";;
257 ::1) echo "IPv6 loopback";;
259 ${NSA_IP}) echo "ns-A IP";;
260 ${NSA_IP6}) echo "ns-A IPv6";;
261 ${NSA_LO_IP}) echo "ns-A loopback IP";;
262 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
263 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
265 ${NSB_IP}) echo "ns-B IP";;
266 ${NSB_IP6}) echo "ns-B IPv6";;
267 ${NSB_LO_IP}) echo "ns-B loopback IP";;
268 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
269 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
271 ${VRF_IP}) echo "VRF IP";;
272 ${VRF_IP6}) echo "VRF IPv6";;
274 ${MCAST}%*) echo "multicast IP";;
286 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
288 for (i = 3; i <= NF; ++i) {
296 [ -z "$addr" ] && return 1
303 ################################################################################
304 # create namespaces and vrf
314 ip -netns ${ns} link add ${vrf} type vrf table ${table}
315 ip -netns ${ns} link set ${vrf} up
316 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
317 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
319 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
320 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
321 if [ "${addr}" != "-" ]; then
322 ip -netns ${ns} addr add dev ${vrf} ${addr}
324 if [ "${addr6}" != "-" ]; then
325 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
328 ip -netns ${ns} ru del pref 0
329 ip -netns ${ns} ru add pref 32765 from all lookup local
330 ip -netns ${ns} -6 ru del pref 0
331 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
342 ip -netns ${ns} link set lo up
343 if [ "${addr}" != "-" ]; then
344 ip -netns ${ns} addr add dev lo ${addr}
346 if [ "${addr6}" != "-" ]; then
347 ip -netns ${ns} -6 addr add dev lo ${addr6}
350 ip -netns ${ns} ro add unreachable default metric 8192
351 ip -netns ${ns} -6 ro add unreachable default metric 8192
353 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
354 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
355 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
356 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
359 # create veth pair to connect namespaces and apply addresses.
371 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
372 ip -netns ${ns1} li set ${ns1_dev} up
373 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
374 ip -netns ${ns2} li set ${ns2_dev} up
376 if [ "${ns1_addr}" != "-" ]; then
377 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
378 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
381 if [ "${ns1_addr6}" != "-" ]; then
382 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
383 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
389 # explicit cleanups to check those code paths
390 ip netns | grep -q ${NSA}
391 if [ $? -eq 0 ]; then
392 ip -netns ${NSA} link delete ${VRF}
393 ip -netns ${NSA} ro flush table ${VRF_TABLE}
395 ip -netns ${NSA} addr flush dev ${NSA_DEV}
396 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
397 ip -netns ${NSA} link set dev ${NSA_DEV} down
398 ip -netns ${NSA} link del dev ${NSA_DEV}
410 # make sure we are starting with a clean slate
414 log_debug "Configuring network namespaces"
417 create_ns ${NSA} ${NSA_LO_IP}/32 ${NSA_LO_IP6}/128
418 create_ns ${NSB} ${NSB_LO_IP}/32 ${NSB_LO_IP6}/128
419 connect_ns ${NSA} ${NSA_DEV} ${NSA_IP}/24 ${NSA_IP6}/64 \
420 ${NSB} ${NSB_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
422 NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
423 NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
425 # tell ns-A how to get to remote addresses of ns-B
426 if [ "${with_vrf}" = "yes" ]; then
427 create_vrf ${NSA} ${VRF} ${VRF_TABLE} ${VRF_IP} ${VRF_IP6}
429 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
430 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
431 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
433 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
434 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
436 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
437 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
441 # tell ns-B how to get to remote addresses of ns-A
442 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
443 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
450 ################################################################################
460 for a in ${NSB_IP} ${NSB_LO_IP}
463 run_cmd ping -c1 -w1 ${a}
464 log_test_addr ${a} $? 0 "ping out"
467 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
468 log_test_addr ${a} $? 0 "ping out, device bind"
471 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
472 log_test_addr ${a} $? 0 "ping out, address bind"
478 for a in ${NSA_IP} ${NSA_LO_IP}
481 run_cmd_nsb ping -c1 -w1 ${a}
482 log_test_addr ${a} $? 0 "ping in"
488 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
491 run_cmd ping -c1 -w1 ${a}
492 log_test_addr ${a} $? 0 "ping local"
496 # local traffic, socket bound to device
501 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
502 log_test_addr ${a} $? 0 "ping local, device bind"
504 # loopback addresses not reachable from device bind
505 # fails in a really weird way though because ipv4 special cases
506 # route lookups with oif set.
507 for a in ${NSA_LO_IP} 127.0.0.1
510 show_hint "Fails since address on loopback device is out of device scope"
511 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
512 log_test_addr ${a} $? 1 "ping local, device bind"
516 # ip rule blocks reachability to remote address
519 setup_cmd ip rule add pref 32765 from all lookup local
520 setup_cmd ip rule del pref 0 from all lookup local
521 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
522 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
525 run_cmd ping -c1 -w1 ${a}
526 log_test_addr ${a} $? 2 "ping out, blocked by rule"
528 # NOTE: ipv4 actually allows the lookup to fail and yet still create
529 # a viable rtable if the oif (e.g., bind to device) is set, so this
530 # case succeeds despite the rule
531 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
535 show_hint "Response generates ICMP (or arp request is ignored) due to ip rule"
536 run_cmd_nsb ping -c1 -w1 ${a}
537 log_test_addr ${a} $? 1 "ping in, blocked by rule"
539 [ "$VERBOSE" = "1" ] && echo
540 setup_cmd ip rule del pref 32765 from all lookup local
541 setup_cmd ip rule add pref 0 from all lookup local
542 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
543 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
546 # route blocks reachability to remote address
549 setup_cmd ip route replace unreachable ${NSB_LO_IP}
550 setup_cmd ip route replace unreachable ${NSB_IP}
553 run_cmd ping -c1 -w1 ${a}
554 log_test_addr ${a} $? 2 "ping out, blocked by route"
556 # NOTE: ipv4 actually allows the lookup to fail and yet still create
557 # a viable rtable if the oif (e.g., bind to device) is set, so this
558 # case succeeds despite not having a route for the address
559 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
563 show_hint "Response is dropped (or arp request is ignored) due to ip route"
564 run_cmd_nsb ping -c1 -w1 ${a}
565 log_test_addr ${a} $? 1 "ping in, blocked by route"
568 # remove 'remote' routes; fallback to default
571 setup_cmd ip ro del ${NSB_LO_IP}
574 run_cmd ping -c1 -w1 ${a}
575 log_test_addr ${a} $? 2 "ping out, unreachable default route"
577 # NOTE: ipv4 actually allows the lookup to fail and yet still create
578 # a viable rtable if the oif (e.g., bind to device) is set, so this
579 # case succeeds despite not having a route for the address
580 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
587 # should default on; does not exist on older kernels
588 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
593 for a in ${NSB_IP} ${NSB_LO_IP}
596 run_cmd ping -c1 -w1 -I ${VRF} ${a}
597 log_test_addr ${a} $? 0 "ping out, VRF bind"
600 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
601 log_test_addr ${a} $? 0 "ping out, device bind"
604 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
605 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
608 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
609 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
615 for a in ${NSA_IP} ${VRF_IP}
618 run_cmd_nsb ping -c1 -w1 ${a}
619 log_test_addr ${a} $? 0 "ping in"
623 # local traffic, local address
625 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
628 show_hint "Source address should be ${a}"
629 run_cmd ping -c1 -w1 -I ${VRF} ${a}
630 log_test_addr ${a} $? 0 "ping local, VRF bind"
634 # local traffic, socket bound to device
639 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
640 log_test_addr ${a} $? 0 "ping local, device bind"
642 # vrf device is out of scope
643 for a in ${VRF_IP} 127.0.0.1
646 show_hint "Fails since address on vrf device is out of device scope"
647 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
648 log_test_addr ${a} $? 1 "ping local, device bind"
652 # ip rule blocks address
655 setup_cmd ip rule add pref 50 to ${NSB_LO_IP} prohibit
656 setup_cmd ip rule add pref 51 from ${NSB_IP} prohibit
659 run_cmd ping -c1 -w1 -I ${VRF} ${a}
660 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
663 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
664 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
668 show_hint "Response lost due to ip rule"
669 run_cmd_nsb ping -c1 -w1 ${a}
670 log_test_addr ${a} $? 1 "ping in, blocked by rule"
672 [ "$VERBOSE" = "1" ] && echo
673 setup_cmd ip rule del pref 50 to ${NSB_LO_IP} prohibit
674 setup_cmd ip rule del pref 51 from ${NSB_IP} prohibit
677 # remove 'remote' routes; fallback to default
680 setup_cmd ip ro del vrf ${VRF} ${NSB_LO_IP}
683 run_cmd ping -c1 -w1 -I ${VRF} ${a}
684 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
687 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
688 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
692 show_hint "Response lost by unreachable route"
693 run_cmd_nsb ping -c1 -w1 ${a}
694 log_test_addr ${a} $? 1 "ping in, unreachable route"
699 log_section "IPv4 ping"
701 log_subsection "No VRF"
703 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
706 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
709 log_subsection "With VRF"
714 ################################################################################
724 for a in ${NSA_IP} ${NSA_LO_IP}
729 run_cmd_nsb nettest -r ${a}
730 log_test_addr ${a} $? 0 "Global server"
735 run_cmd nettest -s -d ${NSA_DEV} &
737 run_cmd_nsb nettest -r ${a}
738 log_test_addr ${a} $? 0 "Device server"
740 # verify TCP reset sent and received
741 for a in ${NSA_IP} ${NSA_LO_IP}
744 show_hint "Should fail 'Connection refused' since there is no server"
745 run_cmd_nsb nettest -r ${a}
746 log_test_addr ${a} $? 1 "No server"
752 for a in ${NSB_IP} ${NSB_LO_IP}
755 run_cmd_nsb nettest -s &
757 run_cmd nettest -r ${a} -0 ${NSA_IP}
758 log_test_addr ${a} $? 0 "Client"
761 run_cmd_nsb nettest -s &
763 run_cmd nettest -r ${a} -d ${NSA_DEV}
764 log_test_addr ${a} $? 0 "Client, device bind"
767 show_hint "Should fail 'Connection refused'"
768 run_cmd nettest -r ${a}
769 log_test_addr ${a} $? 1 "No server, unbound client"
772 show_hint "Should fail 'Connection refused'"
773 run_cmd nettest -r ${a} -d ${NSA_DEV}
774 log_test_addr ${a} $? 1 "No server, device client"
778 # local address tests
780 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
785 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
786 log_test_addr ${a} $? 0 "Global server, local connection"
791 run_cmd nettest -s -d ${NSA_DEV} &
793 run_cmd nettest -r ${a} -0 ${a}
794 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
796 for a in ${NSA_LO_IP} 127.0.0.1
799 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
800 run_cmd nettest -s -d ${NSA_DEV} &
802 run_cmd nettest -r ${a}
803 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
810 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
811 log_test_addr ${a} $? 0 "Global server, device client, local connection"
813 for a in ${NSA_LO_IP} 127.0.0.1
816 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
819 run_cmd nettest -r ${a} -d ${NSA_DEV}
820 log_test_addr ${a} $? 1 "Global server, device client, local connection"
825 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
827 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
828 log_test_addr ${a} $? 0 "Device server, device client, local connection"
831 show_hint "Should fail 'Connection refused'"
832 run_cmd nettest -d ${NSA_DEV} -r ${a}
833 log_test_addr ${a} $? 1 "No server, device client, local conn"
840 # disable global server
841 log_subsection "Global server disabled"
843 set_sysctl net.ipv4.tcp_l3mdev_accept=0
848 for a in ${NSA_IP} ${VRF_IP}
851 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
854 run_cmd_nsb nettest -r ${a}
855 log_test_addr ${a} $? 1 "Global server"
858 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
860 run_cmd_nsb nettest -r ${a}
861 log_test_addr ${a} $? 0 "VRF server"
864 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
866 run_cmd_nsb nettest -r ${a}
867 log_test_addr ${a} $? 0 "Device server"
869 # verify TCP reset received
871 show_hint "Should fail 'Connection refused' since there is no server"
872 run_cmd_nsb nettest -r ${a}
873 log_test_addr ${a} $? 1 "No server"
876 # local address tests
877 # (${VRF_IP} and 127.0.0.1 both timeout)
880 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
883 run_cmd nettest -r ${a} -d ${NSA_DEV}
884 log_test_addr ${a} $? 1 "Global server, local connection"
887 # enable VRF global server
889 log_subsection "VRF Global server enabled"
890 set_sysctl net.ipv4.tcp_l3mdev_accept=1
892 for a in ${NSA_IP} ${VRF_IP}
895 show_hint "client socket should be bound to VRF"
896 run_cmd nettest -s -2 ${VRF} &
898 run_cmd_nsb nettest -r ${a}
899 log_test_addr ${a} $? 0 "Global server"
902 show_hint "client socket should be bound to VRF"
903 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
905 run_cmd_nsb nettest -r ${a}
906 log_test_addr ${a} $? 0 "VRF server"
908 # verify TCP reset received
910 show_hint "Should fail 'Connection refused'"
911 run_cmd_nsb nettest -r ${a}
912 log_test_addr ${a} $? 1 "No server"
917 show_hint "client socket should be bound to device"
918 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
920 run_cmd_nsb nettest -r ${a}
921 log_test_addr ${a} $? 0 "Device server"
923 # local address tests
924 for a in ${NSA_IP} ${VRF_IP}
927 show_hint "Should fail 'No route to host' since client is not bound to VRF"
928 run_cmd nettest -s -2 ${VRF} &
930 run_cmd nettest -r ${a}
931 log_test_addr ${a} $? 1 "Global server, local connection"
937 for a in ${NSB_IP} ${NSB_LO_IP}
940 run_cmd_nsb nettest -s &
942 run_cmd nettest -r ${a} -d ${VRF}
943 log_test_addr ${a} $? 0 "Client, VRF bind"
946 run_cmd_nsb nettest -s &
948 run_cmd nettest -r ${a} -d ${NSA_DEV}
949 log_test_addr ${a} $? 0 "Client, device bind"
952 show_hint "Should fail 'Connection refused'"
953 run_cmd nettest -r ${a} -d ${VRF}
954 log_test_addr ${a} $? 1 "No server, VRF client"
957 show_hint "Should fail 'Connection refused'"
958 run_cmd nettest -r ${a} -d ${NSA_DEV}
959 log_test_addr ${a} $? 1 "No server, device client"
962 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
965 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
967 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
968 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
973 run_cmd nettest -s -d ${VRF} -2 ${VRF} &
975 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
976 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
979 show_hint "Should fail 'No route to host' since client is out of VRF scope"
980 run_cmd nettest -s -d ${VRF} &
982 run_cmd nettest -r ${a}
983 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
986 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
988 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
989 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
992 run_cmd nettest -s -d ${NSA_DEV} -2 ${NSA_DEV} &
994 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
995 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1000 log_section "IPv4/TCP"
1002 which nettest >/dev/null
1003 if [ $? -ne 0 ]; then
1004 log_error "nettest not found; skipping tests"
1008 log_subsection "No VRF"
1011 # tcp_l3mdev_accept should have no affect without VRF;
1012 # run tests with it enabled and disabled to verify
1013 log_subsection "tcp_l3mdev_accept disabled"
1014 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1016 log_subsection "tcp_l3mdev_accept enabled"
1017 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1020 log_subsection "With VRF"
1025 ################################################################################
1035 for a in ${NSA_IP} ${NSA_LO_IP}
1038 run_cmd nettest -D -s -2 ${NSA_DEV} &
1040 run_cmd_nsb nettest -D -r ${a}
1041 log_test_addr ${a} $? 0 "Global server"
1044 show_hint "Should fail 'Connection refused' since there is no server"
1045 run_cmd_nsb nettest -D -r ${a}
1046 log_test_addr ${a} $? 1 "No server"
1051 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1053 run_cmd_nsb nettest -D -r ${a}
1054 log_test_addr ${a} $? 0 "Device server"
1059 for a in ${NSB_IP} ${NSB_LO_IP}
1062 run_cmd_nsb nettest -D -s &
1064 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1065 log_test_addr ${a} $? 0 "Client"
1068 run_cmd_nsb nettest -D -s &
1070 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1071 log_test_addr ${a} $? 0 "Client, device bind"
1074 run_cmd_nsb nettest -D -s &
1076 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1077 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1080 run_cmd_nsb nettest -D -s &
1082 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1083 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1086 show_hint "Should fail 'Connection refused'"
1087 run_cmd nettest -D -r ${a}
1088 log_test_addr ${a} $? 1 "No server, unbound client"
1091 show_hint "Should fail 'Connection refused'"
1092 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1093 log_test_addr ${a} $? 1 "No server, device client"
1097 # local address tests
1099 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1102 run_cmd nettest -D -s &
1104 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1105 log_test_addr ${a} $? 0 "Global server, local connection"
1110 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1112 run_cmd nettest -D -r ${a}
1113 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1115 for a in ${NSA_LO_IP} 127.0.0.1
1118 show_hint "Should fail 'Connection refused' since address is out of device scope"
1119 run_cmd nettest -s -D -d ${NSA_DEV} &
1121 run_cmd nettest -D -r ${a}
1122 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1127 run_cmd nettest -s -D &
1129 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1130 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1133 run_cmd nettest -s -D &
1135 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1136 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1139 run_cmd nettest -s -D &
1141 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1142 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1144 # IPv4 with device bind has really weird behavior - it overrides the
1145 # fib lookup, generates an rtable and tries to send the packet. This
1146 # causes failures for local traffic at different places
1147 for a in ${NSA_LO_IP} 127.0.0.1
1150 show_hint "Should fail since addresses on loopback are out of device scope"
1151 run_cmd nettest -D -s &
1153 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1154 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1157 show_hint "Should fail since addresses on loopback are out of device scope"
1158 run_cmd nettest -D -s &
1160 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1161 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1164 show_hint "Should fail since addresses on loopback are out of device scope"
1165 run_cmd nettest -D -s &
1167 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1168 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1173 run_cmd nettest -D -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1175 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1176 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1179 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1180 log_test_addr ${a} $? 2 "No server, device client, local conn"
1187 # disable global server
1188 log_subsection "Global server disabled"
1189 set_sysctl net.ipv4.udp_l3mdev_accept=0
1194 for a in ${NSA_IP} ${VRF_IP}
1197 show_hint "Fails because ingress is in a VRF and global server is disabled"
1198 run_cmd nettest -D -s &
1200 run_cmd_nsb nettest -D -r ${a}
1201 log_test_addr ${a} $? 1 "Global server"
1204 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1206 run_cmd_nsb nettest -D -r ${a}
1207 log_test_addr ${a} $? 0 "VRF server"
1210 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1212 run_cmd_nsb nettest -D -r ${a}
1213 log_test_addr ${a} $? 0 "Enslaved device server"
1216 show_hint "Should fail 'Connection refused' since there is no server"
1217 run_cmd_nsb nettest -D -r ${a}
1218 log_test_addr ${a} $? 1 "No server"
1221 show_hint "Should fail 'Connection refused' since global server is out of scope"
1222 run_cmd nettest -D -s &
1224 run_cmd nettest -D -d ${VRF} -r ${a}
1225 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1230 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1232 run_cmd nettest -D -d ${VRF} -r ${a}
1233 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1236 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1238 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1239 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1243 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1245 run_cmd nettest -D -d ${VRF} -r ${a}
1246 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1249 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1251 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1252 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1254 # enable global server
1255 log_subsection "Global server enabled"
1256 set_sysctl net.ipv4.udp_l3mdev_accept=1
1261 for a in ${NSA_IP} ${VRF_IP}
1264 run_cmd nettest -D -s -2 ${NSA_DEV} &
1266 run_cmd_nsb nettest -D -r ${a}
1267 log_test_addr ${a} $? 0 "Global server"
1270 run_cmd nettest -D -d ${VRF} -s -2 ${NSA_DEV} &
1272 run_cmd_nsb nettest -D -r ${a}
1273 log_test_addr ${a} $? 0 "VRF server"
1276 run_cmd nettest -D -d ${NSA_DEV} -s -2 ${NSA_DEV} &
1278 run_cmd_nsb nettest -D -r ${a}
1279 log_test_addr ${a} $? 0 "Enslaved device server"
1282 show_hint "Should fail 'Connection refused'"
1283 run_cmd_nsb nettest -D -r ${a}
1284 log_test_addr ${a} $? 1 "No server"
1291 run_cmd_nsb nettest -D -s &
1293 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1294 log_test $? 0 "VRF client"
1297 run_cmd_nsb nettest -D -s &
1299 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1300 log_test $? 0 "Enslaved device client"
1302 # negative test - should fail
1304 show_hint "Should fail 'Connection refused'"
1305 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1306 log_test $? 1 "No server, VRF client"
1309 show_hint "Should fail 'Connection refused'"
1310 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1311 log_test $? 1 "No server, enslaved device client"
1314 # local address tests
1318 run_cmd nettest -D -s -2 ${NSA_DEV} &
1320 run_cmd nettest -D -d ${VRF} -r ${a}
1321 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1324 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1326 run_cmd nettest -D -d ${VRF} -r ${a}
1327 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1330 run_cmd nettest -s -D -d ${VRF} -2 ${NSA_DEV} &
1332 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1333 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1336 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1338 run_cmd nettest -D -d ${VRF} -r ${a}
1339 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1342 run_cmd nettest -s -D -d ${NSA_DEV} -2 ${NSA_DEV} &
1344 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1345 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1347 for a in ${VRF_IP} 127.0.0.1
1350 run_cmd nettest -D -s -2 ${VRF} &
1352 run_cmd nettest -D -d ${VRF} -r ${a}
1353 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1356 for a in ${VRF_IP} 127.0.0.1
1359 run_cmd nettest -s -D -d ${VRF} -2 ${VRF} &
1361 run_cmd nettest -D -d ${VRF} -r ${a}
1362 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1365 # negative test - should fail
1366 # verifies ECONNREFUSED
1367 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1370 show_hint "Should fail 'Connection refused'"
1371 run_cmd nettest -D -d ${VRF} -r ${a}
1372 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1378 which nettest >/dev/null
1379 if [ $? -ne 0 ]; then
1380 log_error "nettest not found; skipping tests"
1384 log_section "IPv4/UDP"
1385 log_subsection "No VRF"
1389 # udp_l3mdev_accept should have no affect without VRF;
1390 # run tests with it enabled and disabled to verify
1391 log_subsection "udp_l3mdev_accept disabled"
1392 set_sysctl net.ipv4.udp_l3mdev_accept=0
1394 log_subsection "udp_l3mdev_accept enabled"
1395 set_sysctl net.ipv4.udp_l3mdev_accept=1
1398 log_subsection "With VRF"
1403 ################################################################################
1410 # should not have an impact, but make a known state
1411 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
1416 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1419 run_cmd ${ping6} -c1 -w1 ${a}
1420 log_test_addr ${a} $? 0 "ping out"
1423 for a in ${NSB_IP6} ${NSB_LO_IP6}
1426 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1427 log_test_addr ${a} $? 0 "ping out, device bind"
1430 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
1431 log_test_addr ${a} $? 0 "ping out, loopback address bind"
1437 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1440 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1441 log_test_addr ${a} $? 0 "ping in"
1445 # local traffic, local address
1447 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1450 run_cmd ${ping6} -c1 -w1 ${a}
1451 log_test_addr ${a} $? 0 "ping local, no bind"
1454 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1457 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1458 log_test_addr ${a} $? 0 "ping local, device bind"
1461 for a in ${NSA_LO_IP6} ::1
1464 show_hint "Fails since address on loopback is out of device scope"
1465 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1466 log_test_addr ${a} $? 2 "ping local, device bind"
1470 # ip rule blocks address
1473 setup_cmd ip -6 rule add pref 32765 from all lookup local
1474 setup_cmd ip -6 rule del pref 0 from all lookup local
1475 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
1476 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
1479 run_cmd ${ping6} -c1 -w1 ${a}
1480 log_test_addr ${a} $? 2 "ping out, blocked by rule"
1483 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1484 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
1488 show_hint "Response lost due to ip rule"
1489 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1490 log_test_addr ${a} $? 1 "ping in, blocked by rule"
1492 setup_cmd ip -6 rule add pref 0 from all lookup local
1493 setup_cmd ip -6 rule del pref 32765 from all lookup local
1494 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
1495 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
1498 # route blocks reachability to remote address
1501 setup_cmd ip -6 route del ${NSB_LO_IP6}
1502 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
1503 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
1506 run_cmd ${ping6} -c1 -w1 ${a}
1507 log_test_addr ${a} $? 2 "ping out, blocked by route"
1510 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1511 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
1515 show_hint "Response lost due to ip route"
1516 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1517 log_test_addr ${a} $? 1 "ping in, blocked by route"
1521 # remove 'remote' routes; fallback to default
1524 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
1525 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
1528 run_cmd ${ping6} -c1 -w1 ${a}
1529 log_test_addr ${a} $? 2 "ping out, unreachable route"
1532 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1533 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
1540 # should default on; does not exist on older kernels
1541 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
1546 for a in ${NSB_IP6} ${NSB_LO_IP6}
1549 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
1550 log_test_addr ${a} $? 0 "ping out, VRF bind"
1553 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
1556 show_hint "Fails since VRF device does not support linklocal or multicast"
1557 run_cmd ${ping6} -c1 -w1 ${a}
1558 log_test_addr ${a} $? 2 "ping out, VRF bind"
1561 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1564 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1565 log_test_addr ${a} $? 0 "ping out, device bind"
1568 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
1571 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
1572 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
1578 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
1581 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1582 log_test_addr ${a} $? 0 "ping in"
1587 show_hint "Fails since loopback address is out of VRF scope"
1588 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1589 log_test_addr ${a} $? 1 "ping in"
1592 # local traffic, local address
1594 for a in ${NSA_IP6} ${VRF_IP6} ::1
1597 show_hint "Source address should be ${a}"
1598 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
1599 log_test_addr ${a} $? 0 "ping local, VRF bind"
1602 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
1605 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1606 log_test_addr ${a} $? 0 "ping local, device bind"
1609 # LLA to GUA - remove ipv6 global addresses from ns-B
1610 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
1611 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
1612 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1614 for a in ${NSA_IP6} ${VRF_IP6}
1617 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
1618 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
1621 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
1622 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
1623 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
1626 # ip rule blocks address
1629 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
1630 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
1633 run_cmd ${ping6} -c1 -w1 ${a}
1634 log_test_addr ${a} $? 2 "ping out, blocked by rule"
1637 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1638 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
1642 show_hint "Response lost due to ip rule"
1643 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1644 log_test_addr ${a} $? 1 "ping in, blocked by rule"
1647 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
1648 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
1651 # remove 'remote' routes; fallback to default
1654 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
1657 run_cmd ${ping6} -c1 -w1 ${a}
1658 log_test_addr ${a} $? 2 "ping out, unreachable route"
1661 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
1662 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
1664 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
1667 run_cmd_nsb ${ping6} -c1 -w1 ${a}
1668 log_test_addr ${a} $? 2 "ping in, unreachable route"
1673 log_section "IPv6 ping"
1675 log_subsection "No VRF"
1679 log_subsection "With VRF"
1684 ################################################################################
1694 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1697 run_cmd nettest -6 -s &
1699 run_cmd_nsb nettest -6 -r ${a}
1700 log_test_addr ${a} $? 0 "Global server"
1703 # verify TCP reset received
1704 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1707 show_hint "Should fail 'Connection refused'"
1708 run_cmd_nsb nettest -6 -r ${a}
1709 log_test_addr ${a} $? 1 "No server"
1715 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
1718 run_cmd_nsb nettest -6 -s &
1720 run_cmd nettest -6 -r ${a}
1721 log_test_addr ${a} $? 0 "Client"
1724 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
1727 run_cmd_nsb nettest -6 -s &
1729 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
1730 log_test_addr ${a} $? 0 "Client, device bind"
1733 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
1736 show_hint "Should fail 'Connection refused'"
1737 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
1738 log_test_addr ${a} $? 1 "No server, device client"
1742 # local address tests
1744 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
1747 run_cmd nettest -6 -s &
1749 run_cmd nettest -6 -r ${a}
1750 log_test_addr ${a} $? 0 "Global server, local connection"
1755 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1757 run_cmd nettest -6 -r ${a} -0 ${a}
1758 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1760 for a in ${NSA_LO_IP6} ::1
1763 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
1764 run_cmd nettest -6 -s -d ${NSA_DEV} &
1766 run_cmd nettest -6 -r ${a}
1767 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1772 run_cmd nettest -6 -s &
1774 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
1775 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1777 for a in ${NSA_LO_IP6} ::1
1780 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
1781 run_cmd nettest -6 -s &
1783 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
1784 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1787 for a in ${NSA_IP6} ${NSA_LINKIP6}
1790 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1792 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
1793 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1796 for a in ${NSA_IP6} ${NSA_LINKIP6}
1799 show_hint "Should fail 'Connection refused'"
1800 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
1801 log_test_addr ${a} $? 1 "No server, device client, local conn"
1809 # disable global server
1810 log_subsection "Global server disabled"
1812 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1817 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1820 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1821 run_cmd nettest -6 -s &
1823 run_cmd_nsb nettest -6 -r ${a}
1824 log_test_addr ${a} $? 1 "Global server"
1827 for a in ${NSA_IP6} ${VRF_IP6}
1830 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
1832 run_cmd_nsb nettest -6 -r ${a}
1833 log_test_addr ${a} $? 0 "VRF server"
1836 # link local is always bound to ingress device
1837 a=${NSA_LINKIP6}%${NSB_DEV}
1839 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
1841 run_cmd_nsb nettest -6 -r ${a}
1842 log_test_addr ${a} $? 0 "VRF server"
1844 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1847 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1849 run_cmd_nsb nettest -6 -r ${a}
1850 log_test_addr ${a} $? 0 "Device server"
1853 # verify TCP reset received
1854 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1857 show_hint "Should fail 'Connection refused'"
1858 run_cmd_nsb nettest -6 -r ${a}
1859 log_test_addr ${a} $? 1 "No server"
1862 # local address tests
1865 show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
1866 run_cmd nettest -6 -s &
1868 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
1869 log_test_addr ${a} $? 1 "Global server, local connection"
1872 # enable VRF global server
1874 log_subsection "VRF Global server enabled"
1875 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1877 for a in ${NSA_IP6} ${VRF_IP6}
1880 run_cmd nettest -6 -s -2 ${VRF} &
1882 run_cmd_nsb nettest -6 -r ${a}
1883 log_test_addr ${a} $? 0 "Global server"
1886 for a in ${NSA_IP6} ${VRF_IP6}
1889 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
1891 run_cmd_nsb nettest -6 -r ${a}
1892 log_test_addr ${a} $? 0 "VRF server"
1895 # For LLA, child socket is bound to device
1896 a=${NSA_LINKIP6}%${NSB_DEV}
1898 run_cmd nettest -6 -s -2 ${NSA_DEV} &
1900 run_cmd_nsb nettest -6 -r ${a}
1901 log_test_addr ${a} $? 0 "Global server"
1904 run_cmd nettest -6 -s -d ${VRF} -2 ${NSA_DEV} &
1906 run_cmd_nsb nettest -6 -r ${a}
1907 log_test_addr ${a} $? 0 "VRF server"
1909 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1912 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
1914 run_cmd_nsb nettest -6 -r ${a}
1915 log_test_addr ${a} $? 0 "Device server"
1918 # verify TCP reset received
1919 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
1922 show_hint "Should fail 'Connection refused'"
1923 run_cmd_nsb nettest -6 -r ${a}
1924 log_test_addr ${a} $? 1 "No server"
1927 # local address tests
1928 for a in ${NSA_IP6} ${VRF_IP6}
1931 show_hint "Fails 'No route to host' since client is not in VRF"
1932 run_cmd nettest -6 -s -2 ${VRF} &
1934 run_cmd nettest -6 -r ${a}
1935 log_test_addr ${a} $? 1 "Global server, local connection"
1942 for a in ${NSB_IP6} ${NSB_LO_IP6}
1945 run_cmd_nsb nettest -6 -s &
1947 run_cmd nettest -6 -r ${a} -d ${VRF}
1948 log_test_addr ${a} $? 0 "Client, VRF bind"
1953 show_hint "Fails since VRF device does not allow linklocal addresses"
1954 run_cmd_nsb nettest -6 -s &
1956 run_cmd nettest -6 -r ${a} -d ${VRF}
1957 log_test_addr ${a} $? 1 "Client, VRF bind"
1959 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
1962 run_cmd_nsb nettest -6 -s &
1964 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
1965 log_test_addr ${a} $? 0 "Client, device bind"
1968 for a in ${NSB_IP6} ${NSB_LO_IP6}
1971 show_hint "Should fail 'Connection refused'"
1972 run_cmd nettest -6 -r ${a} -d ${VRF}
1973 log_test_addr ${a} $? 1 "No server, VRF client"
1976 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
1979 show_hint "Should fail 'Connection refused'"
1980 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
1981 log_test_addr ${a} $? 1 "No server, device client"
1984 for a in ${NSA_IP6} ${VRF_IP6} ::1
1987 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
1989 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
1990 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1995 run_cmd nettest -6 -s -d ${VRF} -2 ${VRF} &
1997 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
1998 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
2002 show_hint "Should fail since unbound client is out of VRF scope"
2003 run_cmd nettest -6 -s -d ${VRF} &
2005 run_cmd nettest -6 -r ${a}
2006 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
2009 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2011 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2012 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
2014 for a in ${NSA_IP6} ${NSA_LINKIP6}
2017 run_cmd nettest -6 -s -d ${NSA_DEV} -2 ${NSA_DEV} &
2019 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2020 log_test_addr ${a} $? 0 "Device server, device client, local connection"
2026 log_section "IPv6/TCP"
2028 which nettest >/dev/null
2029 if [ $? -ne 0 ]; then
2030 log_error "nettest not found; skipping tests"
2034 log_subsection "No VRF"
2037 # tcp_l3mdev_accept should have no affect without VRF;
2038 # run tests with it enabled and disabled to verify
2039 log_subsection "tcp_l3mdev_accept disabled"
2040 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2042 log_subsection "tcp_l3mdev_accept enabled"
2043 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2046 log_subsection "With VRF"
2051 ################################################################################
2057 usage: ${0##*/} OPTS
2061 -t <test> Test name/set to run
2063 -P Pause after each test
2068 ################################################################################
2071 TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp"
2072 TESTS_IPV6="ipv6_ping ipv6_tcp"
2076 while getopts :46t:pPvh o
2082 p) PAUSE_ON_FAIL=yes;;
2090 # make sure we don't pause twice
2091 [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
2094 # show user test config
2096 if [ -z "$TESTS" ]; then
2097 TESTS="$TESTS_IPV4 $TESTS_IPV6 $TESTS_OTHER"
2098 elif [ "$TESTS" = "ipv4" ]; then
2100 elif [ "$TESTS" = "ipv6" ]; then
2105 declare -i nsuccess=0
2110 ipv4_ping|ping) ipv4_ping;;
2111 ipv4_tcp|tcp) ipv4_tcp;;
2112 ipv4_udp|udp) ipv4_udp;;
2114 ipv6_ping|ping6) ipv6_ping;;
2115 ipv6_tcp|tcp6) ipv6_tcp;;
2117 # setup namespaces and config, but do not run any tests
2118 setup) setup; exit 0;;
2119 vrf_setup) setup "yes"; exit 0;;
2121 help) echo "Test names: $TESTS"; exit 0;;
2127 printf "\nTests passed: %3d\n" ${nsuccess}
2128 printf "Tests failed: %3d\n" ${nfail}