Lines Matching +full:1 +full:- +full:d
2 # SPDX-License-Identifier: GPL-2.0
8 # 1. icmp, tcp, udp and netfilter
9 # 2. client, server, no-server
13 # 6. VRF and non-VRF permutations
16 # ns-A | ns-B
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
23 # ns-A:
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
30 # ns-B:
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
38 # server / client nomenclature relative to ns-A
60 NSA_IP6=2001:db8:1::1
61 NSB_IP6=2001:db8:1::2
62 VRF_IP6=2001:db8:3::1
63 NS_NET6=2001:db8:1::/120
67 NSA_LO_IP6=2001:db8:2::1
70 # non-local addresses for freebind tests
72 NL_IP6=2001:db8:4::1
81 MCAST=ff02::1
86 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
89 if [ -f /proc/sys/crypto/fips_enabled ]; then
100 local rc=$1
105 [ "${VERBOSE}" = "1" ] && echo
107 if [ ${rc} -eq ${expected} ]; then
108 nsuccess=$((nsuccess+1))
109 printf "TEST: %-70s [ OK ]\n" "${msg}"
111 nfail=$((nfail+1))
112 printf "TEST: %-70s [FAIL]\n" "${msg}"
118 [ "$ans" = "q" ] && exit 1
126 [ "$ans" = "q" ] && exit 1
134 local addr=$1
141 log_test $rc $expected "$msg - ${astr}"
166 if [ "${VERBOSE}" = "1" ]; then
174 if [ "${VERBOSE}" = "1" ]; then
183 if [ "${VERBOSE}" = "1" ]; then
191 killall nettest ping ping6 >/dev/null 2>&1
192 slowwait 2 sh -c 'test -z "$(pgrep '"'^(nettest|ping|ping6)$'"')"'
197 if [ "$VERBOSE" = "1" ]; then
198 echo "COMMAND: ${NSA_CMD} sysctl -q -w net.ipv4.ping_group_range='0 2147483647'"
201 ${NSA_CMD} sysctl -q -w net.ipv4.ping_group_range='0 2147483647'
209 if [ "$VERBOSE" = "1" ]; then
213 out=$($cmd 2>&1)
215 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
244 if [ $rc -ne 0 ]; then
266 if [ $rc -ne 0 ]; then
288 if [ $rc -ne 0 ]; then
303 # set sysctl values in NS-A
308 run_cmd sysctl -q -w $*
311 # get sysctl values in NS-A
314 ${NSA_CMD} sysctl -n $*
322 case "$1" in
324 ::1) echo "IPv6 loopback";;
329 ${NSA_IP}) echo "ns-A IP";;
330 ${NSA_IP6}) echo "ns-A IPv6";;
331 ${NSA_LO_IP}) echo "ns-A loopback IP";;
332 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
333 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
335 ${NSB_IP}) echo "ns-B IP";;
336 ${NSB_IP6}) echo "ns-B IPv6";;
337 ${NSB_LO_IP}) echo "ns-B loopback IP";;
338 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
339 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
355 local ns=$1
359 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
369 [ -z "$addr" ] && return 1
381 local ns=$1
387 ip -netns ${ns} link add ${vrf} type vrf table ${table}
388 ip -netns ${ns} link set ${vrf} up
389 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
390 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
392 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
393 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
394 if [ "${addr}" != "-" ]; then
395 ip -netns ${ns} addr add dev ${vrf} ${addr}
397 if [ "${addr6}" != "-" ]; then
398 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
401 ip -netns ${ns} ru del pref 0
402 ip -netns ${ns} ru add pref 32765 from all lookup local
403 ip -netns ${ns} -6 ru del pref 0
404 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
409 local ns=$1
413 if [ "${addr}" != "-" ]; then
414 ip -netns ${ns} addr add dev lo ${addr}
416 if [ "${addr6}" != "-" ]; then
417 ip -netns ${ns} -6 addr add dev lo ${addr6}
420 ip -netns ${ns} ro add unreachable default metric 8192
421 ip -netns ${ns} -6 ro add unreachable default metric 8192
423 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
424 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
425 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
426 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
427 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.accept_dad=0
428 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.accept_dad=0
434 local ns1=$1
443 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
444 ip -netns ${ns1} li set ${ns1_dev} up
445 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
446 ip -netns ${ns2} li set ${ns2_dev} up
448 if [ "${ns1_addr}" != "-" ]; then
449 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
450 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
453 if [ "${ns1_addr6}" != "-" ]; then
454 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
455 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
462 ip netns | grep -q ${NSA}
463 if [ $? -eq 0 ]; then
464 ip -netns ${NSA} link delete ${VRF}
465 ip -netns ${NSA} ro flush table ${VRF_TABLE}
467 ip -netns ${NSA} addr flush dev ${NSA_DEV}
468 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
469 ip -netns ${NSA} link set dev ${NSA_DEV} down
470 ip -netns ${NSA} link del dev ${NSA_DEV}
483 ip link del ${NSA_DEV2} >/dev/null 2>&1
485 ip netns del ${NSC} >/dev/null 2>&1
490 # some VRF tests use ns-C which has the same config as
491 # ns-B but for a device NOT in the VRF
494 create_ns ${NSC} "-" "-"
501 local with_vrf=${1}
508 set -e
522 # tell ns-A how to get to remote addresses of ns-B
526 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
527 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
528 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
530 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
531 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
533 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
534 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
538 # tell ns-B how to get to remote addresses of ns-A
539 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
540 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
544 sleep 1
554 set -e
560 create_ns ${NSA} "-" "-"
561 create_ns ${NSB} "-" "-"
562 create_ns ${NSC} "-" "-"
563 connect_ns ${NSA} ${NSA_DEV} "-" "-" \
564 ${NSB} ${NSB_DEV} "-" "-"
565 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
566 ${NSC} ${NSC_DEV} "-" "-"
572 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
573 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
574 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
578 sleep 1
594 run_cmd ping -c1 -w1 ${a}
598 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
602 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
611 run_cmd ping -c 1 -w 1 -r ${a}
617 run_cmd ping -c 1 -w 1 -r ${a}
618 log_test_addr ${a} $? 1 "ping out (don't route), peer not on link"
626 run_cmd_nsb ping -c1 -w1 ${a}
636 run_cmd ping -c1 -w1 ${a}
646 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
656 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
657 log_test_addr ${a} $? 1 "ping local, device bind"
670 run_cmd ping -c1 -w1 ${a}
676 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
681 run_cmd_nsb ping -c1 -w1 ${a}
682 log_test_addr ${a} $? 1 "ping in, blocked by rule"
684 [ "$VERBOSE" = "1" ] && echo
698 run_cmd ping -c1 -w1 ${a}
704 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
709 run_cmd_nsb ping -c1 -w1 ${a}
710 log_test_addr ${a} $? 1 "ping in, blocked by route"
719 run_cmd ping -c1 -w1 ${a}
725 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
733 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
741 run_cmd ping -c1 -w1 -I ${VRF} ${a}
745 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
749 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
753 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
763 run_cmd_nsb ping -c1 -w1 ${a}
774 run_cmd ping -c1 -w1 -I ${VRF} ${a}
784 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
792 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
804 run_cmd ping -c1 -w1 -I ${VRF} ${a}
808 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
814 run_cmd_nsb ping -c1 -w1 ${a}
815 log_test_addr ${a} $? 1 "ping in, blocked by rule"
817 [ "$VERBOSE" = "1" ] && echo
828 run_cmd ping -c1 -w1 -I ${VRF} ${a}
832 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
838 run_cmd_nsb ping -c1 -w1 ${a}
839 log_test_addr ${a} $? 1 "ping in, unreachable route"
851 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
879 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
881 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
887 run_cmd nettest -s &
889 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
895 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
897 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
903 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
905 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
909 # MD5 extension - prefix length
914 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
916 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
922 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
924 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
930 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
932 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
947 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
949 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
955 run_cmd nettest -s -I ${VRF} &
957 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
963 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
965 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
971 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
973 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
977 # MD5 extension - prefix length
982 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
984 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
990 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
992 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
998 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1000 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
1008 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1009 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1011 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1015 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1016 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1018 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1023 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1024 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1026 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1031 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1032 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1034 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1038 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1039 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1041 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1045 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1046 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1048 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1053 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1054 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1056 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1061 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1062 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1064 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1071 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
1072 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1075 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
1076 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1086 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1088 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1089 log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
1093 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1095 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1096 log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
1101 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1104 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1107 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1109 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1113 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1115 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1116 log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
1119 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1121 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1125 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1127 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1128 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
1136 local syncookies=$1
1147 nsa_syncookies=$(ip netns exec "${NSA}" sysctl -n net.ipv4.tcp_syncookies)
1148 nsb_syncookies=$(ip netns exec "${NSB}" sysctl -n net.ipv4.tcp_syncookies)
1149 ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
1150 ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
1156 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1161 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute
1167 # Therefore, we need to use the -c option here, to force the use of the
1174 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute
1175 log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}"
1180 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute
1183 ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${nsb_syncookies}
1184 ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${nsa_syncookies}
1197 run_cmd nettest -s &
1199 run_cmd_nsb nettest -r ${a}
1205 run_cmd nettest -s -I ${NSA_DEV} &
1207 run_cmd_nsb nettest -r ${a}
1215 run_cmd_nsb nettest -r ${a}
1216 log_test_addr ${a} $? 1 "No server"
1225 run_cmd_nsb nettest -s &
1227 run_cmd nettest -r ${a} -0 ${NSA_IP}
1231 run_cmd_nsb nettest -s &
1233 run_cmd nettest -r ${a} -d ${NSA_DEV}
1238 run_cmd nettest -r ${a}
1239 log_test_addr ${a} $? 1 "No server, unbound client"
1243 run_cmd nettest -r ${a} -d ${NSA_DEV}
1244 log_test_addr ${a} $? 1 "No server, device client"
1253 run_cmd nettest -s &
1255 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1261 run_cmd nettest -s -I ${NSA_DEV} &
1263 run_cmd nettest -r ${a} -0 ${a}
1270 run_cmd nettest -s -I ${NSA_DEV} &
1272 run_cmd nettest -r ${a}
1273 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1278 run_cmd nettest -s &
1280 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1287 run_cmd nettest -s &
1289 run_cmd nettest -r ${a} -d ${NSA_DEV}
1290 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1295 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1297 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1302 run_cmd nettest -d ${NSA_DEV} -r ${a}
1303 log_test_addr ${a} $? 1 "No server, device client, local conn"
1305 [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf
1327 run_cmd nettest -s &
1329 run_cmd_nsb nettest -r ${a}
1330 log_test_addr ${a} $? 1 "Global server"
1333 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1335 run_cmd_nsb nettest -r ${a}
1339 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1341 run_cmd_nsb nettest -r ${a}
1347 run_cmd_nsb nettest -r ${a}
1348 log_test_addr ${a} $? 1 "No server"
1356 run_cmd nettest -s &
1358 run_cmd nettest -r ${a} -d ${NSA_DEV}
1359 log_test_addr ${a} $? 1 "Global server, local connection"
1372 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1378 run_cmd nettest -s -3 ${VRF} &
1380 run_cmd_nsb nettest -r ${a}
1385 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1387 run_cmd_nsb nettest -r ${a}
1393 run_cmd_nsb nettest -r ${a}
1394 log_test_addr ${a} $? 1 "No server"
1400 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1402 run_cmd_nsb nettest -r ${a}
1410 run_cmd nettest -s -I ${VRF} &
1412 run_cmd nettest -r ${a}
1413 log_test_addr ${a} $? 1 "Global server, local connection"
1422 run_cmd_nsb nettest -s &
1424 run_cmd nettest -r ${a} -d ${VRF}
1428 run_cmd_nsb nettest -s &
1430 run_cmd nettest -r ${a} -d ${NSA_DEV}
1435 run_cmd nettest -r ${a} -d ${VRF}
1436 log_test_addr ${a} $? 1 "No server, VRF client"
1440 run_cmd nettest -r ${a} -d ${NSA_DEV}
1441 log_test_addr ${a} $? 1 "No server, device client"
1447 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1449 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1455 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1457 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1462 run_cmd nettest -s -I ${VRF} &
1464 run_cmd nettest -r ${a}
1465 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1468 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1470 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1474 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1476 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1492 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1513 run_cmd nettest -D -s -3 ${NSA_DEV} &
1515 run_cmd_nsb nettest -D -r ${a}
1520 run_cmd_nsb nettest -D -r ${a}
1521 log_test_addr ${a} $? 1 "No server"
1526 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1528 run_cmd_nsb nettest -D -r ${a}
1537 run_cmd_nsb nettest -D -s &
1539 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1543 run_cmd_nsb nettest -D -s &
1545 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1549 run_cmd_nsb nettest -D -s &
1551 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1555 run_cmd_nsb nettest -D -s &
1557 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1561 run_cmd_nsb nettest -D -s &
1563 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
1569 run_cmd nettest -D -r ${a}
1570 log_test_addr ${a} $? 1 "No server, unbound client"
1574 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1575 log_test_addr ${a} $? 1 "No server, device client"
1584 run_cmd nettest -D -s &
1586 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1592 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1594 run_cmd nettest -D -r ${a}
1601 run_cmd nettest -s -D -I ${NSA_DEV} &
1603 run_cmd nettest -D -r ${a}
1604 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1609 run_cmd nettest -s -D &
1611 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1615 run_cmd nettest -s -D &
1617 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1621 run_cmd nettest -s -D &
1623 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1627 run_cmd nettest -s -D &
1629 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
1633 # IPv4 with device bind has really weird behavior - it overrides the
1640 run_cmd nettest -D -s &
1642 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1647 run_cmd nettest -D -s &
1649 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1650 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1654 run_cmd nettest -D -s &
1656 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1657 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1661 run_cmd nettest -D -s &
1663 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
1664 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
1671 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1673 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1677 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1688 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1694 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1695 log_test_addr ${a} $? 1 "SO_DONTROUTE client"
1713 run_cmd nettest -D -s &
1715 run_cmd_nsb nettest -D -r ${a}
1716 log_test_addr ${a} $? 1 "Global server"
1719 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1721 run_cmd_nsb nettest -D -r ${a}
1725 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1727 run_cmd_nsb nettest -D -r ${a}
1732 run_cmd_nsb nettest -D -r ${a}
1733 log_test_addr ${a} $? 1 "No server"
1737 run_cmd nettest -D -s &
1739 run_cmd nettest -D -d ${VRF} -r ${a}
1740 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1745 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1747 run_cmd nettest -D -d ${VRF} -r ${a}
1751 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1753 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1758 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1760 run_cmd nettest -D -d ${VRF} -r ${a}
1764 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1766 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1771 set_sysctl net.ipv4.udp_l3mdev_accept=1
1779 run_cmd nettest -D -s -3 ${NSA_DEV} &
1781 run_cmd_nsb nettest -D -r ${a}
1785 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1787 run_cmd_nsb nettest -D -r ${a}
1791 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1793 run_cmd_nsb nettest -D -r ${a}
1798 run_cmd_nsb nettest -D -r ${a}
1799 log_test_addr ${a} $? 1 "No server"
1806 run_cmd_nsb nettest -D -s &
1808 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1812 run_cmd_nsb nettest -D -s &
1814 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1817 # negative test - should fail
1820 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1821 log_test $? 1 "No server, VRF client"
1825 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1826 log_test $? 1 "No server, enslaved device client"
1833 run_cmd nettest -D -s -3 ${NSA_DEV} &
1835 run_cmd nettest -D -d ${VRF} -r ${a}
1839 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1841 run_cmd nettest -D -d ${VRF} -r ${a}
1845 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1847 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1851 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1853 run_cmd nettest -D -d ${VRF} -r ${a}
1857 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1859 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1865 run_cmd nettest -D -s -3 ${VRF} &
1867 run_cmd nettest -D -d ${VRF} -r ${a}
1874 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
1876 run_cmd nettest -D -d ${VRF} -r ${a}
1880 # negative test - should fail
1886 run_cmd nettest -D -d ${VRF} -r ${a}
1887 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1904 set_sysctl net.ipv4.udp_l3mdev_accept=1
1925 run_cmd nettest -s -R -P icmp -l ${a} -b
1929 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1938 run_cmd nettest -s -R -f -l ${a} -b
1942 run_cmd nettest -s -f -l ${a} -b
1946 run_cmd nettest -s -D -P icmp -f -l ${a} -b
1954 run_cmd nettest -s -D -P icmp -l ${a} -b
1955 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
1959 run_cmd nettest -s -D -P icmp -l ${a} -b
1960 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
1967 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1971 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1981 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1982 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1994 run_cmd nettest -s -R -P icmp -l ${a} -b
1995 log_test_addr ${a} $? 1 "Raw socket bind to local address"
1998 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
2001 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
2008 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
2009 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
2016 run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
2020 run_cmd nettest -s -f -l ${a} -I ${VRF} -b
2024 run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
2032 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2033 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
2037 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2038 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
2046 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2050 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2057 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2058 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
2062 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2063 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
2086 local desc="$1"
2097 run_cmd nettest ${varg} -s &
2099 run_cmd_nsb nettest ${varg} -r ${a} &
2102 sleep 1
2111 run_cmd nettest ${varg} -s -I ${VRF} &
2113 run_cmd_nsb nettest ${varg} -r ${a} &
2116 sleep 1
2124 run_cmd nettest ${varg} -s -I ${NSA_DEV} &
2126 run_cmd_nsb nettest ${varg} -r ${a} &
2129 sleep 1
2138 run_cmd_nsb nettest ${varg} -s &
2140 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
2143 sleep 1
2149 run_cmd_nsb nettest ${varg} -s &
2151 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
2154 sleep 1
2165 run_cmd nettest ${varg} -s &
2167 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2170 sleep 1
2179 run_cmd nettest ${varg} -I ${VRF} -s &
2181 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2184 sleep 1
2193 run_cmd nettest ${varg} -s &
2195 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2198 sleep 1
2204 run_cmd nettest ${varg} -I ${VRF} -s &
2206 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2209 sleep 1
2215 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
2217 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2220 sleep 1
2232 run_cmd_nsb ping -f ${a} &
2235 sleep 1
2236 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2243 run_cmd ping -f -I ${VRF} ${a} &
2246 sleep 1
2247 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2252 log_section "Run time tests - ipv4"
2258 ipv4_rt "TCP active socket" "-n -1"
2261 ipv4_rt "TCP passive socket" "-i"
2280 run_cmd ${ping6} -c1 -w1 ${a}
2287 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2291 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2301 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2308 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2311 run_cmd ${ping6} -c1 -w1 ${a}
2318 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2322 for a in ${NSA_LO_IP6} ::1
2326 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2334 setup_cmd ip -6 rule add pref 32765 from all lookup local
2335 setup_cmd ip -6 rule del pref 0 from all lookup local
2336 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2337 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2340 run_cmd ${ping6} -c1 -w1 ${a}
2344 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2350 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2351 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2353 setup_cmd ip -6 rule add pref 0 from all lookup local
2354 setup_cmd ip -6 rule del pref 32765 from all lookup local
2355 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2356 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2362 setup_cmd ip -6 route del ${NSB_LO_IP6}
2363 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2364 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2367 run_cmd ${ping6} -c1 -w1 ${a}
2371 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2377 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2378 log_test_addr ${a} $? 1 "ping in, blocked by route"
2385 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2386 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2389 run_cmd ${ping6} -c1 -w1 ${a}
2393 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2402 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2410 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2418 run_cmd ${ping6} -c1 -w1 ${a}
2419 log_test_addr ${a} $? 1 "ping out, VRF bind"
2425 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2432 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2442 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2449 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2450 log_test_addr ${a} $? 1 "ping in"
2455 for a in ${NSA_IP6} ${VRF_IP6} ::1
2459 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2466 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2470 # LLA to GUA - remove ipv6 global addresses from ns-B
2471 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2472 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2473 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2478 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2482 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2483 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2484 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2490 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2491 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2494 run_cmd ${ping6} -c1 -w1 ${a}
2498 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2504 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2505 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2508 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2509 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2515 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2518 run_cmd ${ping6} -c1 -w1 ${a}
2522 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2525 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2528 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2565 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2567 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2573 run_cmd nettest -6 -s &
2575 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2581 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2583 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2589 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
2591 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2595 # MD5 extension - prefix length
2600 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2602 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2608 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2610 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2616 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2618 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2633 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2635 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2641 run_cmd nettest -6 -s -I ${VRF} &
2643 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2649 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2651 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2657 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
2659 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2663 # MD5 extension - prefix length
2668 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2670 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2676 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2678 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2684 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2686 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2694 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2695 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2697 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2701 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2702 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2704 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2709 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2710 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2712 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2717 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2718 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2720 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2724 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2725 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2727 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2731 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2732 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2734 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2739 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2740 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2742 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2747 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2748 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2750 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2757 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
2758 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2761 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
2762 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2776 run_cmd nettest -6 -s &
2778 run_cmd_nsb nettest -6 -r ${a}
2787 run_cmd_nsb nettest -6 -r ${a}
2788 log_test_addr ${a} $? 1 "No server"
2797 run_cmd_nsb nettest -6 -s &
2799 run_cmd nettest -6 -r ${a}
2806 run_cmd_nsb nettest -6 -s &
2808 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2816 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2817 log_test_addr ${a} $? 1 "No server, device client"
2823 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2826 run_cmd nettest -6 -s &
2828 run_cmd nettest -6 -r ${a}
2834 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2836 run_cmd nettest -6 -r ${a} -0 ${a}
2839 for a in ${NSA_LO_IP6} ::1
2843 run_cmd nettest -6 -s -I ${NSA_DEV} &
2845 run_cmd nettest -6 -r ${a}
2846 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2851 run_cmd nettest -6 -s &
2853 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2856 for a in ${NSA_LO_IP6} ::1
2860 run_cmd nettest -6 -s &
2862 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2863 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2869 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2871 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2879 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2880 log_test_addr ${a} $? 1 "No server, device client, local conn"
2883 [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf
2902 run_cmd nettest -6 -s &
2904 run_cmd_nsb nettest -6 -r ${a}
2905 log_test_addr ${a} $? 1 "Global server"
2911 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2913 run_cmd_nsb nettest -6 -r ${a}
2920 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2922 run_cmd_nsb nettest -6 -r ${a}
2928 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2930 run_cmd_nsb nettest -6 -r ${a}
2939 run_cmd_nsb nettest -6 -r ${a}
2940 log_test_addr ${a} $? 1 "No server"
2947 run_cmd nettest -6 -s &
2949 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2950 log_test_addr ${a} $? 1 "Global server, local connection"
2963 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2968 run_cmd nettest -6 -s -3 ${VRF} &
2970 run_cmd_nsb nettest -6 -r ${a}
2977 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2979 run_cmd_nsb nettest -6 -r ${a}
2986 run_cmd nettest -6 -s -3 ${NSA_DEV} &
2988 run_cmd_nsb nettest -6 -r ${a}
2992 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2994 run_cmd_nsb nettest -6 -r ${a}
3000 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3002 run_cmd_nsb nettest -6 -r ${a}
3011 run_cmd_nsb nettest -6 -r ${a}
3012 log_test_addr ${a} $? 1 "No server"
3020 run_cmd nettest -6 -s -I ${VRF} &
3022 run_cmd nettest -6 -r ${a}
3023 log_test_addr ${a} $? 1 "Global server, local connection"
3033 run_cmd_nsb nettest -6 -s &
3035 run_cmd nettest -6 -r ${a} -d ${VRF}
3042 run_cmd_nsb nettest -6 -s &
3044 run_cmd nettest -6 -r ${a} -d ${VRF}
3045 log_test_addr ${a} $? 1 "Client, VRF bind"
3050 run_cmd_nsb nettest -6 -s &
3052 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3060 run_cmd nettest -6 -r ${a} -d ${VRF}
3061 log_test_addr ${a} $? 1 "No server, VRF client"
3068 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3069 log_test_addr ${a} $? 1 "No server, device client"
3072 for a in ${NSA_IP6} ${VRF_IP6} ::1
3075 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
3077 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3083 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
3085 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3091 run_cmd nettest -6 -s -I ${VRF} &
3093 run_cmd nettest -6 -r ${a}
3094 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
3097 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3099 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3105 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3107 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3124 set_sysctl net.ipv4.tcp_l3mdev_accept=1
3145 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3147 run_cmd_nsb nettest -6 -D -r ${a}
3151 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3153 run_cmd_nsb nettest -6 -D -r ${a}
3159 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3161 run_cmd_nsb nettest -6 -D -r ${a}
3165 # bound server, but it does not - hence this is more documenting
3169 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3171 #run_cmd_nsb nettest -6 -D -r ${a}
3172 #log_test_addr ${a} $? 1 "Device server"
3174 # negative test - should fail
3179 run_cmd_nsb nettest -6 -D -r ${a}
3180 log_test_addr ${a} $? 1 "No server"
3189 run_cmd_nsb nettest -6 -D -s &
3191 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
3195 run_cmd_nsb nettest -6 -D -s &
3197 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
3201 run_cmd_nsb nettest -6 -D -s &
3203 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
3207 run_cmd_nsb nettest -6 -D -s &
3209 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
3214 run_cmd nettest -6 -D -r ${a}
3215 log_test_addr ${a} $? 1 "No server, unbound client"
3219 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3220 log_test_addr ${a} $? 1 "No server, device client"
3226 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
3229 run_cmd nettest -6 -D -s &
3231 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3237 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
3239 run_cmd nettest -6 -D -r ${a}
3242 for a in ${NSA_LO_IP6} ::1
3246 run_cmd nettest -6 -s -D -I ${NSA_DEV} &
3248 run_cmd nettest -6 -D -r ${a}
3249 log_test_addr ${a} $? 1 "Device server, local connection"
3254 run_cmd nettest -6 -s -D &
3256 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3260 run_cmd nettest -6 -s -D &
3262 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3266 run_cmd nettest -6 -s -D &
3268 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3271 for a in ${NSA_LO_IP6} ::1
3275 run_cmd nettest -6 -D -s &
3277 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3278 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3282 run_cmd nettest -6 -D -s &
3284 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3285 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3289 run_cmd nettest -6 -D -s &
3291 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3292 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3296 run_cmd nettest -6 -D -s &
3298 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
3299 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
3304 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3306 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3311 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3312 log_test_addr ${a} $? 1 "No server, device client, local conn"
3315 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3316 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3318 run_cmd nettest -6 -s -D &
3320 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3321 log_test $? 0 "UDP in - LLA to GUA"
3323 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3324 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3342 run_cmd nettest -6 -D -s &
3344 run_cmd_nsb nettest -6 -D -r ${a}
3345 log_test_addr ${a} $? 1 "Global server"
3351 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3353 run_cmd_nsb nettest -6 -D -r ${a}
3360 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3362 run_cmd_nsb nettest -6 -D -r ${a}
3366 # negative test - should fail
3371 run_cmd_nsb nettest -6 -D -r ${a}
3372 log_test_addr ${a} $? 1 "No server"
3382 run_cmd nettest -6 -D -s &
3384 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3385 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3391 run_cmd nettest -6 -D -I ${VRF} -s &
3393 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3400 run_cmd nettest -6 -D -s &
3402 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3403 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3406 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3408 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3412 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3414 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3418 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3420 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3425 set_sysctl net.ipv4.udp_l3mdev_accept=1
3433 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3435 run_cmd_nsb nettest -6 -D -r ${a}
3442 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3444 run_cmd_nsb nettest -6 -D -r ${a}
3451 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3453 run_cmd_nsb nettest -6 -D -r ${a}
3457 # negative test - should fail
3461 run_cmd_nsb nettest -6 -D -r ${a}
3462 log_test_addr ${a} $? 1 "No server"
3469 run_cmd_nsb nettest -6 -D -s &
3471 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3474 # negative test - should fail
3476 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3477 log_test $? 1 "No server, VRF client"
3480 run_cmd_nsb nettest -6 -D -s &
3482 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3485 # negative test - should fail
3487 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3488 log_test $? 1 "No server, enslaved device client"
3495 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3497 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3501 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3503 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3509 run_cmd nettest -6 -D -s -3 ${VRF} &
3511 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3515 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
3517 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3520 # negative test - should fail
3524 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3525 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3531 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3533 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3537 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3539 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3543 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3545 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3549 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3551 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3555 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3556 log_test_addr ${a} $? 1 "No server, device client, local conn"
3561 run_cmd nettest -6 -D -s &
3563 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3567 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3568 log_test $? 1 "No server, linklocal IP"
3572 run_cmd_nsb nettest -6 -D -s &
3574 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3578 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3579 log_test $? 1 "No server, device client, peer linklocal IP"
3583 run_cmd nettest -6 -D -s &
3585 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3586 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3589 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3590 log_test $? 1 "No server, device client, local conn - linklocal IP"
3593 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3594 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3596 run_cmd nettest -6 -s -D &
3598 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3599 log_test $? 0 "UDP in - LLA to GUA"
3601 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3602 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3608 set_sysctl net.ipv4.udp_early_demux=1
3620 set_sysctl net.ipv4.udp_l3mdev_accept=1
3639 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3643 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3652 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
3660 run_cmd nettest -6 -s -l ${a} -t1 -b
3664 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3673 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3685 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3689 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3696 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3697 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3704 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
3714 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3720 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3730 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3736 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3737 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3741 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3742 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3764 local desc="$1"
3765 local varg="-6 $2"
3775 run_cmd nettest ${varg} -s &
3777 run_cmd_nsb nettest ${varg} -r ${a} &
3780 sleep 1
3789 run_cmd nettest ${varg} -I ${VRF} -s &
3791 run_cmd_nsb nettest ${varg} -r ${a} &
3794 sleep 1
3803 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3805 run_cmd_nsb nettest ${varg} -r ${a} &
3808 sleep 1
3818 run_cmd_nsb nettest ${varg} -s &
3820 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3823 sleep 1
3829 run_cmd_nsb nettest ${varg} -s &
3831 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3834 sleep 1
3846 run_cmd nettest ${varg} -s &
3848 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3851 sleep 1
3860 run_cmd nettest ${varg} -I ${VRF} -s &
3862 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3865 sleep 1
3873 run_cmd nettest ${varg} -s &
3875 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3878 sleep 1
3884 run_cmd nettest ${varg} -I ${VRF} -s &
3886 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3889 sleep 1
3895 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3897 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3900 sleep 1
3911 run_cmd_nsb ${ping6} -f ${a} &
3914 sleep 1
3915 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3920 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3921 sleep 1
3923 sleep 1
3924 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3929 log_section "Run time tests - ipv6"
3935 ipv6_rt "TCP active socket" "-n -1"
3938 ipv6_rt "TCP passive socket" "-i"
3941 ipv6_rt "UDP active socket" "-D -n -1"
3954 run_cmd nettest -s &
3956 run_cmd_nsb nettest -r ${a}
3957 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3963 local stype="$1"
3967 [ "${stype}" = "UDP" ] && arg="-D"
3972 run_cmd nettest ${arg} -s &
3974 run_cmd_nsb nettest ${arg} -r ${a}
3975 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3985 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3993 run_cmd iptables -F
3994 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3995 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
4001 iptables -F
4011 run_cmd nettest -6 -s &
4013 run_cmd_nsb nettest -6 -r ${a}
4014 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
4020 local stype="$1"
4024 [ "${stype}" = "UDP" ] && arg="$arg -D"
4029 run_cmd nettest -6 -s ${arg} &
4031 run_cmd_nsb nettest -6 ${arg} -r ${a}
4032 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
4042 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
4049 run_cmd ip6tables -F
4050 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4051 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4057 ip6tables -F
4064 # ns-A device enslaved to bridge. Verify traffic with and without
4072 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
4076 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
4087 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
4088 log_test $? 0 "Bridge into VRF - IPv4 ping out"
4091 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
4092 log_test $? 0 "Bridge into VRF - IPv6 ping out"
4095 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
4096 log_test $? 0 "Bridge into VRF - IPv4 ping in"
4099 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
4100 log_test $? 0 "Bridge into VRF - IPv6 ping in"
4103 if [ $? -eq 0 ]; then
4105 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
4106 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
4109 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
4110 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
4113 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
4114 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
4117 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
4118 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
4125 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
4129 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
4131 sleep 1
4136 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
4137 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
4140 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
4141 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
4144 run_cmd_nsb ping -c1 -w1 172.16.101.1
4145 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4148 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4149 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4152 if [ $? -eq 0 ]; then
4154 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
4155 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
4158 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
4159 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
4162 run_cmd_nsb ping -c1 -w1 172.16.101.1
4163 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4166 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4167 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4175 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
4180 # only want reply from ns-A
4181 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4182 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4185 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4186 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
4188 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4189 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
4191 # cycle/flap the first ns-A interface
4194 sleep 1
4197 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4198 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
4199 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4200 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
4202 # cycle/flap the second ns-A interface
4205 sleep 1
4208 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4209 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
4210 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4211 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
4214 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
4215 # established with ns-B.
4222 run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
4223 run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
4225 run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
4227 run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
4230 run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
4232 run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
4236 run_cmd iptables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP} -o ${VRF}
4237 run_cmd ip6tables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
4259 -4 IPv4 tests only
4260 -6 IPv6 tests only
4261 -t <test> Test name/set to run
4262 -p Pause on fail
4263 -P Pause after each test
4264 -v Be verbose
4277 # note: each TEST_ group needs a dedicated runner, e.g. fcnal-ipv4.sh
4290 v) VERBOSE=1;;
4292 *) usage; exit 1;;
4302 if [ -z "$TESTS" ]; then
4314 declare -i nfail=0
4315 declare -i nsuccess=0
4344 printf "\nTests passed: %3d\n" ${nsuccess}
4345 printf "Tests failed: %3d\n" ${nfail}
4347 if [ $nfail -ne 0 ]; then
4348 exit 1 # KSFT_FAIL
4349 elif [ $nsuccess -eq 0 ]; then