xref: /linux/tools/testing/selftests/bpf/test_tunnel.sh (revision 6331b8765cd0634a4e4cdcc1a6f1a74196616b94)
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4# End-to-end eBPF tunnel test suite
5#   The script tests BPF network tunnel implementation.
6#
7# Topology:
8# ---------
9#     root namespace   |     at_ns0 namespace
10#                      |
11#      -----------     |     -----------
12#      | tnl dev |     |     | tnl dev |  (overlay network)
13#      -----------     |     -----------
14#      metadata-mode   |     native-mode
15#       with bpf       |
16#                      |
17#      ----------      |     ----------
18#      |  veth1  | --------- |  veth0  |  (underlay network)
19#      ----------    peer    ----------
20#
21#
22# Device Configuration
23# --------------------
24# Root namespace with metadata-mode tunnel + BPF
25# Device names and addresses:
26# 	veth1 IP: 172.16.1.200, IPv6: 00::22 (underlay)
27# 	tunnel dev <type>11, ex: gre11, IPv4: 10.1.1.200, IPv6: 1::22 (overlay)
28#
29# Namespace at_ns0 with native tunnel
30# Device names and addresses:
31# 	veth0 IPv4: 172.16.1.100, IPv6: 00::11 (underlay)
32# 	tunnel dev <type>00, ex: gre00, IPv4: 10.1.1.100, IPv6: 1::11 (overlay)
33#
34#
35# End-to-end ping packet flow
36# ---------------------------
37# Most of the tests start by namespace creation, device configuration,
38# then ping the underlay and overlay network.  When doing 'ping 10.1.1.100'
39# from root namespace, the following operations happen:
40# 1) Route lookup shows 10.1.1.100/24 belongs to tnl dev, fwd to tnl dev.
41# 2) Tnl device's egress BPF program is triggered and set the tunnel metadata,
42#    with remote_ip=172.16.1.200 and others.
43# 3) Outer tunnel header is prepended and route the packet to veth1's egress
44# 4) veth0's ingress queue receive the tunneled packet at namespace at_ns0
45# 5) Tunnel protocol handler, ex: vxlan_rcv, decap the packet
46# 6) Forward the packet to the overlay tnl dev
47
48PING_ARG="-c 3 -w 10 -q"
49ret=0
50GREEN='\033[0;92m'
51RED='\033[0;31m'
52NC='\033[0m' # No Color
53
54config_device()
55{
56	ip netns add at_ns0
57	ip link add veth0 type veth peer name veth1
58	ip link set veth0 netns at_ns0
59	ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0
60	ip netns exec at_ns0 ip link set dev veth0 up
61	ip link set dev veth1 up mtu 1500
62	ip addr add dev veth1 172.16.1.200/24
63}
64
65add_gre_tunnel()
66{
67	# at_ns0 namespace
68	ip netns exec at_ns0 \
69        ip link add dev $DEV_NS type $TYPE seq key 2 \
70		local 172.16.1.100 remote 172.16.1.200
71	ip netns exec at_ns0 ip link set dev $DEV_NS up
72	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
73
74	# root namespace
75	ip link add dev $DEV type $TYPE key 2 external
76	ip link set dev $DEV up
77	ip addr add dev $DEV 10.1.1.200/24
78}
79
80add_ip6gretap_tunnel()
81{
82
83	# assign ipv6 address
84	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
85	ip netns exec at_ns0 ip link set dev veth0 up
86	ip addr add dev veth1 ::22/96
87	ip link set dev veth1 up
88
89	# at_ns0 namespace
90	ip netns exec at_ns0 \
91		ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \
92		local ::11 remote ::22
93
94	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
95	ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
96	ip netns exec at_ns0 ip link set dev $DEV_NS up
97
98	# root namespace
99	ip link add dev $DEV type $TYPE external
100	ip addr add dev $DEV 10.1.1.200/24
101	ip addr add dev $DEV fc80::200/24
102	ip link set dev $DEV up
103}
104
105add_erspan_tunnel()
106{
107	# at_ns0 namespace
108	if [ "$1" == "v1" ]; then
109		ip netns exec at_ns0 \
110		ip link add dev $DEV_NS type $TYPE seq key 2 \
111		local 172.16.1.100 remote 172.16.1.200 \
112		erspan_ver 1 erspan 123
113	else
114		ip netns exec at_ns0 \
115		ip link add dev $DEV_NS type $TYPE seq key 2 \
116		local 172.16.1.100 remote 172.16.1.200 \
117		erspan_ver 2 erspan_dir egress erspan_hwid 3
118	fi
119	ip netns exec at_ns0 ip link set dev $DEV_NS up
120	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
121
122	# root namespace
123	ip link add dev $DEV type $TYPE external
124	ip link set dev $DEV up
125	ip addr add dev $DEV 10.1.1.200/24
126}
127
128add_ip6erspan_tunnel()
129{
130
131	# assign ipv6 address
132	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
133	ip netns exec at_ns0 ip link set dev veth0 up
134	ip addr add dev veth1 ::22/96
135	ip link set dev veth1 up
136
137	# at_ns0 namespace
138	if [ "$1" == "v1" ]; then
139		ip netns exec at_ns0 \
140		ip link add dev $DEV_NS type $TYPE seq key 2 \
141		local ::11 remote ::22 \
142		erspan_ver 1 erspan 123
143	else
144		ip netns exec at_ns0 \
145		ip link add dev $DEV_NS type $TYPE seq key 2 \
146		local ::11 remote ::22 \
147		erspan_ver 2 erspan_dir egress erspan_hwid 7
148	fi
149	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
150	ip netns exec at_ns0 ip link set dev $DEV_NS up
151
152	# root namespace
153	ip link add dev $DEV type $TYPE external
154	ip addr add dev $DEV 10.1.1.200/24
155	ip link set dev $DEV up
156}
157
158add_vxlan_tunnel()
159{
160	# Set static ARP entry here because iptables set-mark works
161	# on L3 packet, as a result not applying to ARP packets,
162	# causing errors at get_tunnel_{key/opt}.
163
164	# at_ns0 namespace
165	ip netns exec at_ns0 \
166		ip link add dev $DEV_NS type $TYPE \
167		id 2 dstport 4789 gbp remote 172.16.1.200
168	ip netns exec at_ns0 \
169		ip link set dev $DEV_NS address 52:54:00:d9:01:00 up
170	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
171	ip netns exec at_ns0 \
172		ip neigh add 10.1.1.200 lladdr 52:54:00:d9:02:00 dev $DEV_NS
173	ip netns exec at_ns0 iptables -A OUTPUT -j MARK --set-mark 0x800FF
174
175	# root namespace
176	ip link add dev $DEV type $TYPE external gbp dstport 4789
177	ip link set dev $DEV address 52:54:00:d9:02:00 up
178	ip addr add dev $DEV 10.1.1.200/24
179	ip neigh add 10.1.1.100 lladdr 52:54:00:d9:01:00 dev $DEV
180}
181
182add_ip6vxlan_tunnel()
183{
184	#ip netns exec at_ns0 ip -4 addr del 172.16.1.100 dev veth0
185	ip netns exec at_ns0 ip -6 addr add ::11/96 dev veth0
186	ip netns exec at_ns0 ip link set dev veth0 up
187	#ip -4 addr del 172.16.1.200 dev veth1
188	ip -6 addr add dev veth1 ::22/96
189	ip link set dev veth1 up
190
191	# at_ns0 namespace
192	ip netns exec at_ns0 \
193		ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \
194		local ::11 remote ::22
195	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
196	ip netns exec at_ns0 ip link set dev $DEV_NS up
197
198	# root namespace
199	ip link add dev $DEV type $TYPE external dstport 4789
200	ip addr add dev $DEV 10.1.1.200/24
201	ip link set dev $DEV up
202}
203
204add_geneve_tunnel()
205{
206	# at_ns0 namespace
207	ip netns exec at_ns0 \
208		ip link add dev $DEV_NS type $TYPE \
209		id 2 dstport 6081 remote 172.16.1.200
210	ip netns exec at_ns0 ip link set dev $DEV_NS up
211	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
212
213	# root namespace
214	ip link add dev $DEV type $TYPE dstport 6081 external
215	ip link set dev $DEV up
216	ip addr add dev $DEV 10.1.1.200/24
217}
218
219add_ip6geneve_tunnel()
220{
221	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
222	ip netns exec at_ns0 ip link set dev veth0 up
223	ip addr add dev veth1 ::22/96
224	ip link set dev veth1 up
225
226	# at_ns0 namespace
227	ip netns exec at_ns0 \
228		ip link add dev $DEV_NS type $TYPE id 22 \
229		remote ::22     # geneve has no local option
230	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
231	ip netns exec at_ns0 ip link set dev $DEV_NS up
232
233	# root namespace
234	ip link add dev $DEV type $TYPE external
235	ip addr add dev $DEV 10.1.1.200/24
236	ip link set dev $DEV up
237}
238
239add_ipip_tunnel()
240{
241	# at_ns0 namespace
242	ip netns exec at_ns0 \
243		ip link add dev $DEV_NS type $TYPE \
244		local 172.16.1.100 remote 172.16.1.200
245	ip netns exec at_ns0 ip link set dev $DEV_NS up
246	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
247
248	# root namespace
249	ip link add dev $DEV type $TYPE external
250	ip link set dev $DEV up
251	ip addr add dev $DEV 10.1.1.200/24
252}
253
254add_ip6tnl_tunnel()
255{
256	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
257	ip netns exec at_ns0 ip link set dev veth0 up
258	ip addr add dev veth1 ::22/96
259	ip link set dev veth1 up
260
261	# at_ns0 namespace
262	ip netns exec at_ns0 \
263		ip link add dev $DEV_NS type $TYPE \
264		local ::11 remote ::22
265	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
266	ip netns exec at_ns0 ip addr add dev $DEV_NS 1::11/96
267	ip netns exec at_ns0 ip link set dev $DEV_NS up
268
269	# root namespace
270	ip link add dev $DEV type $TYPE external
271	ip addr add dev $DEV 10.1.1.200/24
272	ip addr add dev $DEV 1::22/96
273	ip link set dev $DEV up
274}
275
276test_gre()
277{
278	TYPE=gretap
279	DEV_NS=gretap00
280	DEV=gretap11
281	ret=0
282
283	check $TYPE
284	config_device
285	add_gre_tunnel
286	attach_bpf $DEV gre_set_tunnel gre_get_tunnel
287	ping $PING_ARG 10.1.1.100
288	check_err $?
289	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
290	check_err $?
291	cleanup
292
293        if [ $ret -ne 0 ]; then
294                echo -e ${RED}"FAIL: $TYPE"${NC}
295                return 1
296        fi
297        echo -e ${GREEN}"PASS: $TYPE"${NC}
298}
299
300test_ip6gre()
301{
302	TYPE=ip6gre
303	DEV_NS=ip6gre00
304	DEV=ip6gre11
305	ret=0
306
307	check $TYPE
308	config_device
309	# reuse the ip6gretap function
310	add_ip6gretap_tunnel
311	attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
312	# underlay
313	ping6 $PING_ARG ::11
314	# overlay: ipv4 over ipv6
315	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
316	ping $PING_ARG 10.1.1.100
317	check_err $?
318	# overlay: ipv6 over ipv6
319	ip netns exec at_ns0 ping6 $PING_ARG fc80::200
320	check_err $?
321	cleanup
322
323        if [ $ret -ne 0 ]; then
324                echo -e ${RED}"FAIL: $TYPE"${NC}
325                return 1
326        fi
327        echo -e ${GREEN}"PASS: $TYPE"${NC}
328}
329
330test_ip6gretap()
331{
332	TYPE=ip6gretap
333	DEV_NS=ip6gretap00
334	DEV=ip6gretap11
335	ret=0
336
337	check $TYPE
338	config_device
339	add_ip6gretap_tunnel
340	attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
341	# underlay
342	ping6 $PING_ARG ::11
343	# overlay: ipv4 over ipv6
344	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
345	ping $PING_ARG 10.1.1.100
346	check_err $?
347	# overlay: ipv6 over ipv6
348	ip netns exec at_ns0 ping6 $PING_ARG fc80::200
349	check_err $?
350	cleanup
351
352	if [ $ret -ne 0 ]; then
353                echo -e ${RED}"FAIL: $TYPE"${NC}
354                return 1
355        fi
356        echo -e ${GREEN}"PASS: $TYPE"${NC}
357}
358
359test_erspan()
360{
361	TYPE=erspan
362	DEV_NS=erspan00
363	DEV=erspan11
364	ret=0
365
366	check $TYPE
367	config_device
368	add_erspan_tunnel $1
369	attach_bpf $DEV erspan_set_tunnel erspan_get_tunnel
370	ping $PING_ARG 10.1.1.100
371	check_err $?
372	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
373	check_err $?
374	cleanup
375
376	if [ $ret -ne 0 ]; then
377                echo -e ${RED}"FAIL: $TYPE"${NC}
378                return 1
379        fi
380        echo -e ${GREEN}"PASS: $TYPE"${NC}
381}
382
383test_ip6erspan()
384{
385	TYPE=ip6erspan
386	DEV_NS=ip6erspan00
387	DEV=ip6erspan11
388	ret=0
389
390	check $TYPE
391	config_device
392	add_ip6erspan_tunnel $1
393	attach_bpf $DEV ip4ip6erspan_set_tunnel ip4ip6erspan_get_tunnel
394	ping6 $PING_ARG ::11
395	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
396	check_err $?
397	cleanup
398
399	if [ $ret -ne 0 ]; then
400                echo -e ${RED}"FAIL: $TYPE"${NC}
401                return 1
402        fi
403        echo -e ${GREEN}"PASS: $TYPE"${NC}
404}
405
406test_vxlan()
407{
408	TYPE=vxlan
409	DEV_NS=vxlan00
410	DEV=vxlan11
411	ret=0
412
413	check $TYPE
414	config_device
415	add_vxlan_tunnel
416	attach_bpf $DEV vxlan_set_tunnel vxlan_get_tunnel
417	ping $PING_ARG 10.1.1.100
418	check_err $?
419	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
420	check_err $?
421	cleanup
422
423	if [ $ret -ne 0 ]; then
424                echo -e ${RED}"FAIL: $TYPE"${NC}
425                return 1
426        fi
427        echo -e ${GREEN}"PASS: $TYPE"${NC}
428}
429
430test_ip6vxlan()
431{
432	TYPE=vxlan
433	DEV_NS=ip6vxlan00
434	DEV=ip6vxlan11
435	ret=0
436
437	check $TYPE
438	config_device
439	add_ip6vxlan_tunnel
440	ip link set dev veth1 mtu 1500
441	attach_bpf $DEV ip6vxlan_set_tunnel ip6vxlan_get_tunnel
442	# underlay
443	ping6 $PING_ARG ::11
444	# ip4 over ip6
445	ping $PING_ARG 10.1.1.100
446	check_err $?
447	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
448	check_err $?
449	cleanup
450
451	if [ $ret -ne 0 ]; then
452                echo -e ${RED}"FAIL: ip6$TYPE"${NC}
453                return 1
454        fi
455        echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
456}
457
458test_geneve()
459{
460	TYPE=geneve
461	DEV_NS=geneve00
462	DEV=geneve11
463	ret=0
464
465	check $TYPE
466	config_device
467	add_geneve_tunnel
468	attach_bpf $DEV geneve_set_tunnel geneve_get_tunnel
469	ping $PING_ARG 10.1.1.100
470	check_err $?
471	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
472	check_err $?
473	cleanup
474
475	if [ $ret -ne 0 ]; then
476                echo -e ${RED}"FAIL: $TYPE"${NC}
477                return 1
478        fi
479        echo -e ${GREEN}"PASS: $TYPE"${NC}
480}
481
482test_ip6geneve()
483{
484	TYPE=geneve
485	DEV_NS=ip6geneve00
486	DEV=ip6geneve11
487	ret=0
488
489	check $TYPE
490	config_device
491	add_ip6geneve_tunnel
492	attach_bpf $DEV ip6geneve_set_tunnel ip6geneve_get_tunnel
493	ping $PING_ARG 10.1.1.100
494	check_err $?
495	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
496	check_err $?
497	cleanup
498
499	if [ $ret -ne 0 ]; then
500                echo -e ${RED}"FAIL: ip6$TYPE"${NC}
501                return 1
502        fi
503        echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
504}
505
506test_ipip()
507{
508	TYPE=ipip
509	DEV_NS=ipip00
510	DEV=ipip11
511	ret=0
512
513	check $TYPE
514	config_device
515	add_ipip_tunnel
516	ip link set dev veth1 mtu 1500
517	attach_bpf $DEV ipip_set_tunnel ipip_get_tunnel
518	ping $PING_ARG 10.1.1.100
519	check_err $?
520	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
521	check_err $?
522	cleanup
523
524	if [ $ret -ne 0 ]; then
525                echo -e ${RED}"FAIL: $TYPE"${NC}
526                return 1
527        fi
528        echo -e ${GREEN}"PASS: $TYPE"${NC}
529}
530
531test_ipip6()
532{
533	TYPE=ip6tnl
534	DEV_NS=ipip6tnl00
535	DEV=ipip6tnl11
536	ret=0
537
538	check $TYPE
539	config_device
540	add_ip6tnl_tunnel
541	ip link set dev veth1 mtu 1500
542	attach_bpf $DEV ipip6_set_tunnel ipip6_get_tunnel
543	# underlay
544	ping6 $PING_ARG ::11
545	# ip4 over ip6
546	ping $PING_ARG 10.1.1.100
547	check_err $?
548	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
549	check_err $?
550	cleanup
551
552	if [ $ret -ne 0 ]; then
553                echo -e ${RED}"FAIL: $TYPE"${NC}
554                return 1
555        fi
556        echo -e ${GREEN}"PASS: $TYPE"${NC}
557}
558
559test_ip6ip6()
560{
561	TYPE=ip6tnl
562	DEV_NS=ip6ip6tnl00
563	DEV=ip6ip6tnl11
564	ret=0
565
566	check $TYPE
567	config_device
568	add_ip6tnl_tunnel
569	ip link set dev veth1 mtu 1500
570	attach_bpf $DEV ip6ip6_set_tunnel ip6ip6_get_tunnel
571	# underlay
572	ping6 $PING_ARG ::11
573	# ip6 over ip6
574	ping6 $PING_ARG 1::11
575	check_err $?
576	ip netns exec at_ns0 ping6 $PING_ARG 1::22
577	check_err $?
578	cleanup
579
580	if [ $ret -ne 0 ]; then
581                echo -e ${RED}"FAIL: ip6$TYPE"${NC}
582                return 1
583        fi
584        echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
585}
586
587setup_xfrm_tunnel()
588{
589	auth=0x$(printf '1%.0s' {1..40})
590	enc=0x$(printf '2%.0s' {1..32})
591	spi_in_to_out=0x1
592	spi_out_to_in=0x2
593	# at_ns0 namespace
594	# at_ns0 -> root
595	ip netns exec at_ns0 \
596		ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
597			spi $spi_in_to_out reqid 1 mode tunnel \
598			auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
599	ip netns exec at_ns0 \
600		ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \
601		tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \
602		mode tunnel
603	# root -> at_ns0
604	ip netns exec at_ns0 \
605		ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
606			spi $spi_out_to_in reqid 2 mode tunnel \
607			auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
608	ip netns exec at_ns0 \
609		ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \
610		tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \
611		mode tunnel
612	# address & route
613	ip netns exec at_ns0 \
614		ip addr add dev veth0 10.1.1.100/32
615	ip netns exec at_ns0 \
616		ip route add 10.1.1.200 dev veth0 via 172.16.1.200 \
617			src 10.1.1.100
618
619	# root namespace
620	# at_ns0 -> root
621	ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
622		spi $spi_in_to_out reqid 1 mode tunnel \
623		auth-trunc 'hmac(sha1)' $auth 96  enc 'cbc(aes)' $enc
624	ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \
625		tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \
626		mode tunnel
627	# root -> at_ns0
628	ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
629		spi $spi_out_to_in reqid 2 mode tunnel \
630		auth-trunc 'hmac(sha1)' $auth 96  enc 'cbc(aes)' $enc
631	ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \
632		tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \
633		mode tunnel
634	# address & route
635	ip addr add dev veth1 10.1.1.200/32
636	ip route add 10.1.1.100 dev veth1 via 172.16.1.100 src 10.1.1.200
637}
638
639test_xfrm_tunnel()
640{
641	config_device
642	> /sys/kernel/debug/tracing/trace
643	setup_xfrm_tunnel
644	tc qdisc add dev veth1 clsact
645	tc filter add dev veth1 proto ip ingress bpf da obj test_tunnel_kern.o \
646		sec xfrm_get_state
647	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
648	sleep 1
649	grep "reqid 1" /sys/kernel/debug/tracing/trace
650	check_err $?
651	grep "spi 0x1" /sys/kernel/debug/tracing/trace
652	check_err $?
653	grep "remote ip 0xac100164" /sys/kernel/debug/tracing/trace
654	check_err $?
655	cleanup
656
657	if [ $ret -ne 0 ]; then
658		echo -e ${RED}"FAIL: xfrm tunnel"${NC}
659		return 1
660	fi
661	echo -e ${GREEN}"PASS: xfrm tunnel"${NC}
662}
663
664attach_bpf()
665{
666	DEV=$1
667	SET=$2
668	GET=$3
669	tc qdisc add dev $DEV clsact
670	tc filter add dev $DEV egress bpf da obj test_tunnel_kern.o sec $SET
671	tc filter add dev $DEV ingress bpf da obj test_tunnel_kern.o sec $GET
672}
673
674cleanup()
675{
676	ip netns delete at_ns0 2> /dev/null
677	ip link del veth1 2> /dev/null
678	ip link del ipip11 2> /dev/null
679	ip link del ipip6tnl11 2> /dev/null
680	ip link del ip6ip6tnl11 2> /dev/null
681	ip link del gretap11 2> /dev/null
682	ip link del ip6gre11 2> /dev/null
683	ip link del ip6gretap11 2> /dev/null
684	ip link del vxlan11 2> /dev/null
685	ip link del ip6vxlan11 2> /dev/null
686	ip link del geneve11 2> /dev/null
687	ip link del ip6geneve11 2> /dev/null
688	ip link del erspan11 2> /dev/null
689	ip link del ip6erspan11 2> /dev/null
690	ip xfrm policy delete dir out src 10.1.1.200/32 dst 10.1.1.100/32 2> /dev/null
691	ip xfrm policy delete dir in src 10.1.1.100/32 dst 10.1.1.200/32 2> /dev/null
692	ip xfrm state delete src 172.16.1.100 dst 172.16.1.200 proto esp spi 0x1 2> /dev/null
693	ip xfrm state delete src 172.16.1.200 dst 172.16.1.100 proto esp spi 0x2 2> /dev/null
694}
695
696cleanup_exit()
697{
698	echo "CATCH SIGKILL or SIGINT, cleanup and exit"
699	cleanup
700	exit 0
701}
702
703check()
704{
705	ip link help 2>&1 | grep -q "\s$1\s"
706	if [ $? -ne 0 ];then
707		echo "SKIP $1: iproute2 not support"
708	cleanup
709	return 1
710	fi
711}
712
713enable_debug()
714{
715	echo 'file ip_gre.c +p' > /sys/kernel/debug/dynamic_debug/control
716	echo 'file ip6_gre.c +p' > /sys/kernel/debug/dynamic_debug/control
717	echo 'file vxlan.c +p' > /sys/kernel/debug/dynamic_debug/control
718	echo 'file geneve.c +p' > /sys/kernel/debug/dynamic_debug/control
719	echo 'file ipip.c +p' > /sys/kernel/debug/dynamic_debug/control
720}
721
722check_err()
723{
724	if [ $ret -eq 0 ]; then
725		ret=$1
726	fi
727}
728
729bpf_tunnel_test()
730{
731	local errors=0
732
733	echo "Testing GRE tunnel..."
734	test_gre
735	errors=$(( $errors + $? ))
736
737	echo "Testing IP6GRE tunnel..."
738	test_ip6gre
739	errors=$(( $errors + $? ))
740
741	echo "Testing IP6GRETAP tunnel..."
742	test_ip6gretap
743	errors=$(( $errors + $? ))
744
745	echo "Testing ERSPAN tunnel..."
746	test_erspan v2
747	errors=$(( $errors + $? ))
748
749	echo "Testing IP6ERSPAN tunnel..."
750	test_ip6erspan v2
751	errors=$(( $errors + $? ))
752
753	echo "Testing VXLAN tunnel..."
754	test_vxlan
755	errors=$(( $errors + $? ))
756
757	echo "Testing IP6VXLAN tunnel..."
758	test_ip6vxlan
759	errors=$(( $errors + $? ))
760
761	echo "Testing GENEVE tunnel..."
762	test_geneve
763	errors=$(( $errors + $? ))
764
765	echo "Testing IP6GENEVE tunnel..."
766	test_ip6geneve
767	errors=$(( $errors + $? ))
768
769	echo "Testing IPIP tunnel..."
770	test_ipip
771	errors=$(( $errors + $? ))
772
773	echo "Testing IPIP6 tunnel..."
774	test_ipip6
775	errors=$(( $errors + $? ))
776
777	echo "Testing IP6IP6 tunnel..."
778	test_ip6ip6
779	errors=$(( $errors + $? ))
780
781	echo "Testing IPSec tunnel..."
782	test_xfrm_tunnel
783	errors=$(( $errors + $? ))
784
785	return $errors
786}
787
788trap cleanup 0 3 6
789trap cleanup_exit 2 9
790
791cleanup
792bpf_tunnel_test
793
794if [ $? -ne 0 ]; then
795	echo -e "$(basename $0): ${RED}FAIL${NC}"
796	exit 1
797fi
798echo -e "$(basename $0): ${GREEN}PASS${NC}"
799exit 0
800