3 # This test is for checking rtnetlink callpaths, and get as much coverage as possible.
10 # Kselftest framework requirement - SKIP code is 4.
13 # set global exit status, but never reset nonzero one.
16 if [ $ret -eq 0 ]; then
21 # same but inverted -- used when command must fail for test to pass
31 ip link add name "$devdummy" type dummy
33 ip link set "$devdummy" up
39 ip link del dev "$devdummy"
48 ip netconf show dev "$dev" > /dev/null
52 ip -$f netconf show dev "$dev" > /dev/null
56 if [ $ret -ne 0 ] ;then
57 echo "FAIL: ip netconf show $dev"
58 test $r -eq 0 && ret=0
63 # add a bridge with vlans on top
67 vlandev="testbr-vlan1"
70 ip link add name "$devbr" type bridge
73 ip link set dev "$devdummy" master "$devbr"
76 ip link set "$devbr" up
79 ip link add link "$devbr" name "$vlandev" type vlan id 1
81 ip addr add dev "$vlandev" 10.200.7.23/30
83 ip -6 addr add dev "$vlandev" dead:42::1234/64
85 ip -d link > /dev/null
87 ip r s t all > /dev/null
90 for name in "$devbr" "$vlandev" "$devdummy" ; do
91 kci_test_netconf "$name"
94 ip -6 addr del dev "$vlandev" dead:42::1234/64
97 ip link del dev "$vlandev"
99 ip link del dev "$devbr"
102 if [ $ret -ne 0 ];then
103 echo "FAIL: bridge setup"
106 echo "PASS: bridge setup"
117 ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
119 ip link set $gredev up
121 ip addr add 10.23.7.10 dev $gredev
123 ip route add 10.23.8.0/30 dev $gredev
125 ip addr add dev "$devdummy" 10.23.7.11/24
132 kci_test_netconf "$gredev"
134 ip addr del dev "$devdummy" 10.23.7.11/24
140 if [ $ret -ne 0 ];then
141 echo "FAIL: gre tunnel endpoint"
144 echo "PASS: gre tunnel endpoint"
147 # tc uses rtnetlink too, for full tc testing
148 # please see tools/testing/selftests/tc-testing.
154 tc qdisc add dev "$dev" root handle 1: htb
156 tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
158 tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
160 tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
162 tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
164 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
166 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
168 tc filter show dev "$dev" parent 1:0 > /dev/null
170 tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
172 tc filter show dev "$dev" parent 1:0 > /dev/null
174 tc qdisc del dev "$dev" root handle 1: htb
177 if [ $ret -ne 0 ];then
178 echo "FAIL: tc htb hierarchy"
181 echo "PASS: tc htb hierarchy"
185 kci_test_polrouting()
188 ip rule add fwmark 1 lookup 100
190 ip route add local 0.0.0.0/0 dev lo table 100
192 ip r s t all > /dev/null
194 ip rule del fwmark 1 lookup 100
196 ip route del local 0.0.0.0/0 dev lo table 100
199 if [ $ret -ne 0 ];then
200 echo "FAIL: policy route test"
203 echo "PASS: policy routing"
210 ip route get 127.0.0.1 > /dev/null
212 ip route get 127.0.0.1 dev "$devdummy" > /dev/null
214 ip route get ::1 > /dev/null
216 ip route get fe80::1 dev "$devdummy" > /dev/null
218 ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null
220 ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null
222 ip addr add dev "$devdummy" 10.23.7.11/24
224 ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
226 ip addr del dev "$devdummy" 10.23.7.11/24
229 if [ $ret -ne 0 ];then
230 echo "FAIL: route get"
234 echo "PASS: route get"
241 ip addrlabel add prefix dead::/64 dev lo label 1
244 ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
247 ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
250 ip addrlabel add prefix dead::/64 label 1 2> /dev/null
253 ip addrlabel del prefix dead::/64 label 1 2> /dev/null
256 # concurrent add/delete
257 for i in $(seq 1 1000); do
258 ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
261 for i in $(seq 1 1000); do
262 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
267 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
269 if [ $ret -ne 0 ];then
270 echo "FAIL: ipv6 addrlabel"
274 echo "PASS: ipv6 addrlabel"
281 syspathname="/sys/class/net/$devdummy/ifalias"
283 ip link set dev "$devdummy" alias "$namewant"
286 if [ $ret -ne 0 ]; then
287 echo "FAIL: cannot set interface alias of $devdummy to $namewant"
291 ip link show "$devdummy" | grep -q "alias $namewant"
294 if [ -r "$syspathname" ] ; then
295 read namehave < "$syspathname"
296 if [ "$namewant" != "$namehave" ]; then
297 echo "FAIL: did set ifalias $namewant but got $namehave"
302 echo "$namewant" > "$syspathname"
303 ip link show "$devdummy" | grep -q "alias $namewant"
306 # sysfs interface allows to delete alias again
307 echo "" > "$syspathname"
309 ip link show "$devdummy" | grep -q "alias $namewant"
312 for i in $(seq 1 100); do
313 uuidgen > "$syspathname" &
318 # re-add the alias -- kernel should free mem when dummy dev is removed
319 ip link set dev "$devdummy" alias "$namewant"
323 if [ $ret -ne 0 ]; then
324 echo "FAIL: set interface alias $devdummy to $namewant"
328 echo "PASS: set ifalias $namewant for $devdummy"
336 ip link show type vrf 2>/dev/null
337 if [ $? -ne 0 ]; then
338 echo "SKIP: vrf: iproute2 too old"
342 ip link add "$vrfname" type vrf table 10
344 if [ $ret -ne 0 ];then
345 echo "FAIL: can't add vrf interface, skipping test"
349 ip -br link show type vrf | grep -q "$vrfname"
351 if [ $ret -ne 0 ];then
352 echo "FAIL: created vrf device not found"
356 ip link set dev "$vrfname" up
359 ip link set dev "$devdummy" master "$vrfname"
361 ip link del dev "$vrfname"
364 if [ $ret -ne 0 ];then
372 kci_test_encap_vxlan()
379 ip netns exec "$testns" ip link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
380 dev "$devdummy" dstport 4789 2>/dev/null
381 if [ $? -ne 0 ]; then
382 echo "FAIL: can't add vxlan interface, skipping test"
387 ip netns exec "$testns" ip addr add 10.2.11.49/24 dev "$vxlan"
390 ip netns exec "$testns" ip link set up dev "$vxlan"
393 ip netns exec "$testns" ip link add link "$vxlan" name "$vlan" type vlan id 1
396 ip netns exec "$testns" ip link del "$vxlan"
399 if [ $ret -ne 0 ]; then
412 ip fou help 2>&1 |grep -q 'Usage: ip fou'
414 echo "SKIP: fou: iproute2 too old"
418 ip netns exec "$testns" ip fou add port 7777 ipproto 47 2>/dev/null
420 echo "FAIL: can't add fou port 7777, skipping test"
424 ip netns exec "$testns" ip fou add port 8888 ipproto 4
427 ip netns exec "$testns" ip fou del port 9999 2>/dev/null
430 ip netns exec "$testns" ip fou del port 7777
433 if [ $ret -ne 0 ]; then
441 # test various encap methods, use netns to avoid unwanted interference
447 ip netns add "$testns"
448 if [ $? -ne 0 ]; then
449 echo "SKIP encap tests: cannot add net namespace $testns"
453 ip netns exec "$testns" ip link set lo up
456 ip netns exec "$testns" ip link add name "$devdummy" type dummy
458 ip netns exec "$testns" ip link set "$devdummy" up
461 kci_test_encap_vxlan "$testns"
462 kci_test_encap_fou "$testns"
464 ip netns del "$testns"
469 msname="test_macsec0"
472 ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
473 if [ $? -ne 0 ]; then
474 echo "SKIP: macsec: iproute2 too old"
478 ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
480 if [ $ret -ne 0 ];then
481 echo "FAIL: can't add macsec interface, skipping test"
485 ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
488 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
491 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
494 ip macsec show > /dev/null
497 ip link del dev "$msname"
500 if [ $ret -ne 0 ];then
508 #-------------------------------------------------------------------
510 # ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
511 # spi 0x07 mode transport reqid 0x07 replay-window 32 \
512 # aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
513 # sel src 14.0.0.52/24 dst 14.0.0.70/24
514 # ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
515 # tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
516 # spi 0x07 mode transport reqid 0x07
518 # Subcommands not tested
525 #-------------------------------------------------------------------
529 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
534 ip addr add $srcip dev $devdummy
536 # flush to be sure there's nothing configured
537 ip x s flush ; ip x p flush
540 # start the monitor in the background
541 tmpfile=`mktemp /var/run/ipsectestXXX`
542 mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
545 ipsecid="proto esp src $srcip dst $dstip spi 0x07"
546 ip x s add $ipsecid \
547 mode transport reqid 0x07 replay-window 32 \
548 $algo sel src $srcip/24 dst $dstip/24
551 lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
555 ip x s count | grep -q "SAD count 1"
558 lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
562 ip x s delete $ipsecid
565 lines=`ip x s list | wc -l`
569 ipsecsel="dir out src $srcip/24 dst $dstip/24"
570 ip x p add $ipsecsel \
571 tmpl proto esp src $srcip dst $dstip \
572 spi 0x07 mode transport reqid 0x07
575 lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
579 ip x p count | grep -q "SPD IN 0 OUT 1 FWD 0"
582 lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
586 ip x p delete $ipsecsel
589 lines=`ip x p list | wc -l`
593 # check the monitor results
595 lines=`wc -l $tmpfile | cut "-d " -f1`
600 # clean up any leftovers
605 ip addr del $srcip/32 dev $devdummy
607 if [ $ret -ne 0 ]; then
614 #-------------------------------------------------------------------
616 # ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
617 # spi 0x07 mode transport reqid 0x07 replay-window 32 \
618 # aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
619 # sel src 14.0.0.52/24 dst 14.0.0.70/24
620 # offload dev sim1 dir out
621 # ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
622 # tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
623 # spi 0x07 mode transport reqid 0x07
625 #-------------------------------------------------------------------
626 kci_test_ipsec_offload()
629 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
633 sysfsd=/sys/kernel/debug/netdevsim/$dev
636 # setup netdevsim since dummydev doesn't have offload support
639 if [ $ret -ne 0 ]; then
640 echo "FAIL: ipsec_offload can't load netdevsim"
644 ip link add $dev type netdevsim
645 ip addr add $srcip dev $dev
647 if [ ! -d $sysfsd ] ; then
648 echo "FAIL: ipsec_offload can't create device $dev"
651 if [ ! -f $sysfsf ] ; then
652 echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
656 # flush to be sure there's nothing configured
657 ip x s flush ; ip x p flush
659 # create offloaded SAs, both in and out
660 ip x p add dir out src $srcip/24 dst $dstip/24 \
661 tmpl proto esp src $srcip dst $dstip spi 9 \
662 mode transport reqid 42
664 ip x p add dir out src $dstip/24 dst $srcip/24 \
665 tmpl proto esp src $dstip dst $srcip spi 9 \
666 mode transport reqid 42
669 ip x s add proto esp src $srcip dst $dstip spi 9 \
670 mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
671 offload dev $dev dir out
673 ip x s add proto esp src $dstip dst $srcip spi 9 \
674 mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
675 offload dev $dev dir in
677 if [ $ret -ne 0 ]; then
678 echo "FAIL: ipsec_offload can't create SA"
682 # does offload show up in ip output
683 lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
684 if [ $lines -ne 2 ] ; then
685 echo "FAIL: ipsec_offload SA offload missing from list output"
689 # use ping to exercise the Tx path
690 ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
692 # does driver have correct offload info
693 diff $sysfsf - << EOF
695 sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
696 sa[0] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
697 sa[0] key=0x34333231 38373635 32313039 36353433
698 sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
699 sa[1] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
700 sa[1] key=0x34333231 38373635 32313039 36353433
702 if [ $? -ne 0 ] ; then
703 echo "FAIL: ipsec_offload incorrect driver data"
707 # does offload get removed from driver
710 lines=`grep -c "SA count=0" $sysfsf`
711 if [ $lines -ne 1 ] ; then
712 echo "FAIL: ipsec_offload SA not removed from driver"
716 # clean up any leftovers
720 if [ $ret -ne 0 ]; then
721 echo "FAIL: ipsec_offload"
724 echo "PASS: ipsec_offload"
733 ip netns add "$testns"
734 if [ $? -ne 0 ]; then
735 echo "SKIP gretap tests: cannot add net namespace $testns"
739 ip link help gretap 2>&1 | grep -q "^Usage:"
741 echo "SKIP: gretap: iproute2 too old"
742 ip netns del "$testns"
747 ip netns exec "$testns" ip link add dev "$DEV_NS" type gretap seq \
748 key 102 local 172.16.1.100 remote 172.16.1.200
751 ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
754 ip netns exec "$testns" ip link set dev $DEV_NS up
757 ip netns exec "$testns" ip link del "$DEV_NS"
761 ip netns exec "$testns" ip link add dev "$DEV_NS" type gretap external
764 ip netns exec "$testns" ip link del "$DEV_NS"
767 if [ $ret -ne 0 ]; then
769 ip netns del "$testns"
774 ip netns del "$testns"
783 ip netns add "$testns"
784 if [ $? -ne 0 ]; then
785 echo "SKIP ip6gretap tests: cannot add net namespace $testns"
789 ip link help ip6gretap 2>&1 | grep -q "^Usage:"
791 echo "SKIP: ip6gretap: iproute2 too old"
792 ip netns del "$testns"
797 ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6gretap seq \
798 key 102 local fc00:100::1 remote fc00:100::2
801 ip netns exec "$testns" ip addr add dev "$DEV_NS" fc00:200::1/96
804 ip netns exec "$testns" ip link set dev $DEV_NS up
807 ip netns exec "$testns" ip link del "$DEV_NS"
811 ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6gretap external
814 ip netns exec "$testns" ip link del "$DEV_NS"
817 if [ $ret -ne 0 ]; then
818 echo "FAIL: ip6gretap"
819 ip netns del "$testns"
822 echo "PASS: ip6gretap"
824 ip netns del "$testns"
833 ip link help erspan 2>&1 | grep -q "^Usage:"
835 echo "SKIP: erspan: iproute2 too old"
839 ip netns add "$testns"
840 if [ $? -ne 0 ]; then
841 echo "SKIP erspan tests: cannot add net namespace $testns"
845 # test native tunnel erspan v1
846 ip netns exec "$testns" ip link add dev "$DEV_NS" type erspan seq \
847 key 102 local 172.16.1.100 remote 172.16.1.200 \
848 erspan_ver 1 erspan 488
851 ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
854 ip netns exec "$testns" ip link set dev $DEV_NS up
857 ip netns exec "$testns" ip link del "$DEV_NS"
860 # test native tunnel erspan v2
861 ip netns exec "$testns" ip link add dev "$DEV_NS" type erspan seq \
862 key 102 local 172.16.1.100 remote 172.16.1.200 \
863 erspan_ver 2 erspan_dir ingress erspan_hwid 7
866 ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
869 ip netns exec "$testns" ip link set dev $DEV_NS up
872 ip netns exec "$testns" ip link del "$DEV_NS"
876 ip netns exec "$testns" ip link add dev "$DEV_NS" type erspan external
879 ip netns exec "$testns" ip link del "$DEV_NS"
882 if [ $ret -ne 0 ]; then
884 ip netns del "$testns"
889 ip netns del "$testns"
898 ip link help ip6erspan 2>&1 | grep -q "^Usage:"
900 echo "SKIP: ip6erspan: iproute2 too old"
904 ip netns add "$testns"
905 if [ $? -ne 0 ]; then
906 echo "SKIP ip6erspan tests: cannot add net namespace $testns"
910 # test native tunnel ip6erspan v1
911 ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6erspan seq \
912 key 102 local fc00:100::1 remote fc00:100::2 \
913 erspan_ver 1 erspan 488
916 ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
919 ip netns exec "$testns" ip link set dev $DEV_NS up
922 ip netns exec "$testns" ip link del "$DEV_NS"
925 # test native tunnel ip6erspan v2
926 ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6erspan seq \
927 key 102 local fc00:100::1 remote fc00:100::2 \
928 erspan_ver 2 erspan_dir ingress erspan_hwid 7
931 ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
934 ip netns exec "$testns" ip link set dev $DEV_NS up
937 ip netns exec "$testns" ip link del "$DEV_NS"
941 ip netns exec "$testns" ip link add dev "$DEV_NS" \
942 type ip6erspan external
945 ip netns exec "$testns" ip link del "$DEV_NS"
948 if [ $ret -ne 0 ]; then
949 echo "FAIL: ip6erspan"
950 ip netns del "$testns"
953 echo "PASS: ip6erspan"
955 ip netns del "$testns"
961 if [ $ret -ne 0 ];then
962 echo "FAIL: cannot add dummy interface"
981 kci_test_ipsec_offload
986 #check for needed privileges
987 if [ "$(id -u)" -ne 0 ];then
988 echo "SKIP: Need root privileges"
993 $x -Version 2>/dev/null >/dev/null
995 echo "SKIP: Could not run test without the $x tool"