xref: /linux/tools/testing/selftests/bpf/test_tunnel.sh (revision dec1c62e91ba268ab2a6e339d4d7a59287d5eba1)
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4# End-to-end eBPF tunnel test suite
5#   The script tests BPF network tunnel implementation.
6#
7# Topology:
8# ---------
9#     root namespace   |     at_ns0 namespace
10#                      |
11#      -----------     |     -----------
12#      | tnl dev |     |     | tnl dev |  (overlay network)
13#      -----------     |     -----------
14#      metadata-mode   |     native-mode
15#       with bpf       |
16#                      |
17#      ----------      |     ----------
18#      |  veth1  | --------- |  veth0  |  (underlay network)
19#      ----------    peer    ----------
20#
21#
22# Device Configuration
23# --------------------
24# Root namespace with metadata-mode tunnel + BPF
25# Device names and addresses:
26# 	veth1 IP: 172.16.1.200, IPv6: 00::22 (underlay)
27# 	tunnel dev <type>11, ex: gre11, IPv4: 10.1.1.200, IPv6: 1::22 (overlay)
28#
29# Namespace at_ns0 with native tunnel
30# Device names and addresses:
31# 	veth0 IPv4: 172.16.1.100, IPv6: 00::11 (underlay)
32# 	tunnel dev <type>00, ex: gre00, IPv4: 10.1.1.100, IPv6: 1::11 (overlay)
33#
34#
35# End-to-end ping packet flow
36# ---------------------------
37# Most of the tests start by namespace creation, device configuration,
38# then ping the underlay and overlay network.  When doing 'ping 10.1.1.100'
39# from root namespace, the following operations happen:
40# 1) Route lookup shows 10.1.1.100/24 belongs to tnl dev, fwd to tnl dev.
41# 2) Tnl device's egress BPF program is triggered and set the tunnel metadata,
42#    with remote_ip=172.16.1.100 and others.
43# 3) Outer tunnel header is prepended and route the packet to veth1's egress
44# 4) veth0's ingress queue receive the tunneled packet at namespace at_ns0
45# 5) Tunnel protocol handler, ex: vxlan_rcv, decap the packet
46# 6) Forward the packet to the overlay tnl dev
47
48BPF_PIN_TUNNEL_DIR="/sys/fs/bpf/tc/tunnel"
49PING_ARG="-c 3 -w 10 -q"
50ret=0
51GREEN='\033[0;92m'
52RED='\033[0;31m'
53NC='\033[0m' # No Color
54
55config_device()
56{
57	ip netns add at_ns0
58	ip link add veth0 type veth peer name veth1
59	ip link set veth0 netns at_ns0
60	ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0
61	ip netns exec at_ns0 ip link set dev veth0 up
62	ip link set dev veth1 up mtu 1500
63	ip addr add dev veth1 172.16.1.200/24
64}
65
66add_gre_tunnel()
67{
68	# at_ns0 namespace
69	ip netns exec at_ns0 \
70        ip link add dev $DEV_NS type $TYPE seq key 2 \
71		local 172.16.1.100 remote 172.16.1.200
72	ip netns exec at_ns0 ip link set dev $DEV_NS up
73	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
74
75	# root namespace
76	ip link add dev $DEV type $TYPE key 2 external
77	ip link set dev $DEV up
78	ip addr add dev $DEV 10.1.1.200/24
79}
80
81add_ip6gretap_tunnel()
82{
83
84	# assign ipv6 address
85	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
86	ip netns exec at_ns0 ip link set dev veth0 up
87	ip addr add dev veth1 ::22/96
88	ip link set dev veth1 up
89
90	# at_ns0 namespace
91	ip netns exec at_ns0 \
92		ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \
93		local ::11 remote ::22
94
95	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
96	ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
97	ip netns exec at_ns0 ip link set dev $DEV_NS up
98
99	# root namespace
100	ip link add dev $DEV type $TYPE external
101	ip addr add dev $DEV 10.1.1.200/24
102	ip addr add dev $DEV fc80::200/24
103	ip link set dev $DEV up
104}
105
106add_erspan_tunnel()
107{
108	# at_ns0 namespace
109	if [ "$1" == "v1" ]; then
110		ip netns exec at_ns0 \
111		ip link add dev $DEV_NS type $TYPE seq key 2 \
112		local 172.16.1.100 remote 172.16.1.200 \
113		erspan_ver 1 erspan 123
114	else
115		ip netns exec at_ns0 \
116		ip link add dev $DEV_NS type $TYPE seq key 2 \
117		local 172.16.1.100 remote 172.16.1.200 \
118		erspan_ver 2 erspan_dir egress erspan_hwid 3
119	fi
120	ip netns exec at_ns0 ip link set dev $DEV_NS up
121	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
122
123	# root namespace
124	ip link add dev $DEV type $TYPE external
125	ip link set dev $DEV up
126	ip addr add dev $DEV 10.1.1.200/24
127}
128
129add_ip6erspan_tunnel()
130{
131
132	# assign ipv6 address
133	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
134	ip netns exec at_ns0 ip link set dev veth0 up
135	ip addr add dev veth1 ::22/96
136	ip link set dev veth1 up
137
138	# at_ns0 namespace
139	if [ "$1" == "v1" ]; then
140		ip netns exec at_ns0 \
141		ip link add dev $DEV_NS type $TYPE seq key 2 \
142		local ::11 remote ::22 \
143		erspan_ver 1 erspan 123
144	else
145		ip netns exec at_ns0 \
146		ip link add dev $DEV_NS type $TYPE seq key 2 \
147		local ::11 remote ::22 \
148		erspan_ver 2 erspan_dir egress erspan_hwid 7
149	fi
150	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
151	ip netns exec at_ns0 ip link set dev $DEV_NS up
152
153	# root namespace
154	ip link add dev $DEV type $TYPE external
155	ip addr add dev $DEV 10.1.1.200/24
156	ip link set dev $DEV up
157}
158
159add_geneve_tunnel()
160{
161	# at_ns0 namespace
162	ip netns exec at_ns0 \
163		ip link add dev $DEV_NS type $TYPE \
164		id 2 dstport 6081 remote 172.16.1.200
165	ip netns exec at_ns0 ip link set dev $DEV_NS up
166	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
167
168	# root namespace
169	ip link add dev $DEV type $TYPE dstport 6081 external
170	ip link set dev $DEV up
171	ip addr add dev $DEV 10.1.1.200/24
172}
173
174add_ip6geneve_tunnel()
175{
176	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
177	ip netns exec at_ns0 ip link set dev veth0 up
178	ip addr add dev veth1 ::22/96
179	ip link set dev veth1 up
180
181	# at_ns0 namespace
182	ip netns exec at_ns0 \
183		ip link add dev $DEV_NS type $TYPE id 22 \
184		remote ::22     # geneve has no local option
185	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
186	ip netns exec at_ns0 ip link set dev $DEV_NS up
187
188	# root namespace
189	ip link add dev $DEV type $TYPE external
190	ip addr add dev $DEV 10.1.1.200/24
191	ip link set dev $DEV up
192}
193
194add_ipip_tunnel()
195{
196	# at_ns0 namespace
197	ip netns exec at_ns0 \
198		ip link add dev $DEV_NS type $TYPE \
199		local 172.16.1.100 remote 172.16.1.200
200	ip netns exec at_ns0 ip link set dev $DEV_NS up
201	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
202
203	# root namespace
204	ip link add dev $DEV type $TYPE external
205	ip link set dev $DEV up
206	ip addr add dev $DEV 10.1.1.200/24
207}
208
209add_ip6tnl_tunnel()
210{
211	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
212	ip netns exec at_ns0 ip link set dev veth0 up
213	ip addr add dev veth1 ::22/96
214	ip link set dev veth1 up
215
216	# at_ns0 namespace
217	ip netns exec at_ns0 \
218		ip link add dev $DEV_NS type $TYPE \
219		local ::11 remote ::22
220	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
221	ip netns exec at_ns0 ip addr add dev $DEV_NS 1::11/96
222	ip netns exec at_ns0 ip link set dev $DEV_NS up
223
224	# root namespace
225	ip link add dev $DEV type $TYPE external
226	ip addr add dev $DEV 10.1.1.200/24
227	ip addr add dev $DEV 1::22/96
228	ip link set dev $DEV up
229}
230
231test_gre()
232{
233	TYPE=gretap
234	DEV_NS=gretap00
235	DEV=gretap11
236	ret=0
237
238	check $TYPE
239	config_device
240	add_gre_tunnel
241	attach_bpf $DEV gre_set_tunnel gre_get_tunnel
242	ping $PING_ARG 10.1.1.100
243	check_err $?
244	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
245	check_err $?
246	cleanup
247
248        if [ $ret -ne 0 ]; then
249                echo -e ${RED}"FAIL: $TYPE"${NC}
250                return 1
251        fi
252        echo -e ${GREEN}"PASS: $TYPE"${NC}
253}
254
255test_ip6gre()
256{
257	TYPE=ip6gre
258	DEV_NS=ip6gre00
259	DEV=ip6gre11
260	ret=0
261
262	check $TYPE
263	config_device
264	# reuse the ip6gretap function
265	add_ip6gretap_tunnel
266	attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
267	# underlay
268	ping6 $PING_ARG ::11
269	# overlay: ipv4 over ipv6
270	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
271	ping $PING_ARG 10.1.1.100
272	check_err $?
273	# overlay: ipv6 over ipv6
274	ip netns exec at_ns0 ping6 $PING_ARG fc80::200
275	check_err $?
276	cleanup
277
278        if [ $ret -ne 0 ]; then
279                echo -e ${RED}"FAIL: $TYPE"${NC}
280                return 1
281        fi
282        echo -e ${GREEN}"PASS: $TYPE"${NC}
283}
284
285test_ip6gretap()
286{
287	TYPE=ip6gretap
288	DEV_NS=ip6gretap00
289	DEV=ip6gretap11
290	ret=0
291
292	check $TYPE
293	config_device
294	add_ip6gretap_tunnel
295	attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
296	# underlay
297	ping6 $PING_ARG ::11
298	# overlay: ipv4 over ipv6
299	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
300	ping $PING_ARG 10.1.1.100
301	check_err $?
302	# overlay: ipv6 over ipv6
303	ip netns exec at_ns0 ping6 $PING_ARG fc80::200
304	check_err $?
305	cleanup
306
307	if [ $ret -ne 0 ]; then
308                echo -e ${RED}"FAIL: $TYPE"${NC}
309                return 1
310        fi
311        echo -e ${GREEN}"PASS: $TYPE"${NC}
312}
313
314test_erspan()
315{
316	TYPE=erspan
317	DEV_NS=erspan00
318	DEV=erspan11
319	ret=0
320
321	check $TYPE
322	config_device
323	add_erspan_tunnel $1
324	attach_bpf $DEV erspan_set_tunnel erspan_get_tunnel
325	ping $PING_ARG 10.1.1.100
326	check_err $?
327	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
328	check_err $?
329	cleanup
330
331	if [ $ret -ne 0 ]; then
332                echo -e ${RED}"FAIL: $TYPE"${NC}
333                return 1
334        fi
335        echo -e ${GREEN}"PASS: $TYPE"${NC}
336}
337
338test_ip6erspan()
339{
340	TYPE=ip6erspan
341	DEV_NS=ip6erspan00
342	DEV=ip6erspan11
343	ret=0
344
345	check $TYPE
346	config_device
347	add_ip6erspan_tunnel $1
348	attach_bpf $DEV ip4ip6erspan_set_tunnel ip4ip6erspan_get_tunnel
349	ping6 $PING_ARG ::11
350	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
351	check_err $?
352	cleanup
353
354	if [ $ret -ne 0 ]; then
355                echo -e ${RED}"FAIL: $TYPE"${NC}
356                return 1
357        fi
358        echo -e ${GREEN}"PASS: $TYPE"${NC}
359}
360
361test_geneve()
362{
363	TYPE=geneve
364	DEV_NS=geneve00
365	DEV=geneve11
366	ret=0
367
368	check $TYPE
369	config_device
370	add_geneve_tunnel
371	attach_bpf $DEV geneve_set_tunnel geneve_get_tunnel
372	ping $PING_ARG 10.1.1.100
373	check_err $?
374	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
375	check_err $?
376	cleanup
377
378	if [ $ret -ne 0 ]; then
379                echo -e ${RED}"FAIL: $TYPE"${NC}
380                return 1
381        fi
382        echo -e ${GREEN}"PASS: $TYPE"${NC}
383}
384
385test_ip6geneve()
386{
387	TYPE=geneve
388	DEV_NS=ip6geneve00
389	DEV=ip6geneve11
390	ret=0
391
392	check $TYPE
393	config_device
394	add_ip6geneve_tunnel
395	attach_bpf $DEV ip6geneve_set_tunnel ip6geneve_get_tunnel
396	ping $PING_ARG 10.1.1.100
397	check_err $?
398	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
399	check_err $?
400	cleanup
401
402	if [ $ret -ne 0 ]; then
403                echo -e ${RED}"FAIL: ip6$TYPE"${NC}
404                return 1
405        fi
406        echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
407}
408
409test_ipip()
410{
411	TYPE=ipip
412	DEV_NS=ipip00
413	DEV=ipip11
414	ret=0
415
416	check $TYPE
417	config_device
418	add_ipip_tunnel
419	ip link set dev veth1 mtu 1500
420	attach_bpf $DEV ipip_set_tunnel ipip_get_tunnel
421	ping $PING_ARG 10.1.1.100
422	check_err $?
423	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
424	check_err $?
425	cleanup
426
427	if [ $ret -ne 0 ]; then
428                echo -e ${RED}"FAIL: $TYPE"${NC}
429                return 1
430        fi
431        echo -e ${GREEN}"PASS: $TYPE"${NC}
432}
433
434test_ipip6()
435{
436	TYPE=ip6tnl
437	DEV_NS=ipip6tnl00
438	DEV=ipip6tnl11
439	ret=0
440
441	check $TYPE
442	config_device
443	add_ip6tnl_tunnel
444	ip link set dev veth1 mtu 1500
445	attach_bpf $DEV ipip6_set_tunnel ipip6_get_tunnel
446	# underlay
447	ping6 $PING_ARG ::11
448	# ip4 over ip6
449	ping $PING_ARG 10.1.1.100
450	check_err $?
451	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
452	check_err $?
453	cleanup
454
455	if [ $ret -ne 0 ]; then
456                echo -e ${RED}"FAIL: $TYPE"${NC}
457                return 1
458        fi
459        echo -e ${GREEN}"PASS: $TYPE"${NC}
460}
461
462test_ip6ip6()
463{
464	TYPE=ip6tnl
465	DEV_NS=ip6ip6tnl00
466	DEV=ip6ip6tnl11
467	ret=0
468
469	check $TYPE
470	config_device
471	add_ip6tnl_tunnel
472	ip link set dev veth1 mtu 1500
473	attach_bpf $DEV ip6ip6_set_tunnel ip6ip6_get_tunnel
474	# underlay
475	ping6 $PING_ARG ::11
476	# ip6 over ip6
477	ping6 $PING_ARG 1::11
478	check_err $?
479	ip netns exec at_ns0 ping6 $PING_ARG 1::22
480	check_err $?
481	cleanup
482
483	if [ $ret -ne 0 ]; then
484                echo -e ${RED}"FAIL: ip6$TYPE"${NC}
485                return 1
486        fi
487        echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
488}
489
490setup_xfrm_tunnel()
491{
492	auth=0x$(printf '1%.0s' {1..40})
493	enc=0x$(printf '2%.0s' {1..32})
494	spi_in_to_out=0x1
495	spi_out_to_in=0x2
496	# at_ns0 namespace
497	# at_ns0 -> root
498	ip netns exec at_ns0 \
499		ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
500			spi $spi_in_to_out reqid 1 mode tunnel \
501			auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
502	ip netns exec at_ns0 \
503		ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \
504		tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \
505		mode tunnel
506	# root -> at_ns0
507	ip netns exec at_ns0 \
508		ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
509			spi $spi_out_to_in reqid 2 mode tunnel \
510			auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
511	ip netns exec at_ns0 \
512		ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \
513		tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \
514		mode tunnel
515	# address & route
516	ip netns exec at_ns0 \
517		ip addr add dev veth0 10.1.1.100/32
518	ip netns exec at_ns0 \
519		ip route add 10.1.1.200 dev veth0 via 172.16.1.200 \
520			src 10.1.1.100
521
522	# root namespace
523	# at_ns0 -> root
524	ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
525		spi $spi_in_to_out reqid 1 mode tunnel \
526		auth-trunc 'hmac(sha1)' $auth 96  enc 'cbc(aes)' $enc
527	ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \
528		tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \
529		mode tunnel
530	# root -> at_ns0
531	ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
532		spi $spi_out_to_in reqid 2 mode tunnel \
533		auth-trunc 'hmac(sha1)' $auth 96  enc 'cbc(aes)' $enc
534	ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \
535		tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \
536		mode tunnel
537	# address & route
538	ip addr add dev veth1 10.1.1.200/32
539	ip route add 10.1.1.100 dev veth1 via 172.16.1.100 src 10.1.1.200
540}
541
542test_xfrm_tunnel()
543{
544	config_device
545	> /sys/kernel/debug/tracing/trace
546	setup_xfrm_tunnel
547	mkdir -p ${BPF_PIN_TUNNEL_DIR}
548	bpftool prog loadall ./test_tunnel_kern.o ${BPF_PIN_TUNNEL_DIR}
549	tc qdisc add dev veth1 clsact
550	tc filter add dev veth1 proto ip ingress bpf da object-pinned \
551		${BPF_PIN_TUNNEL_DIR}/xfrm_get_state
552	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
553	sleep 1
554	grep "reqid 1" /sys/kernel/debug/tracing/trace
555	check_err $?
556	grep "spi 0x1" /sys/kernel/debug/tracing/trace
557	check_err $?
558	grep "remote ip 0xac100164" /sys/kernel/debug/tracing/trace
559	check_err $?
560	cleanup
561
562	if [ $ret -ne 0 ]; then
563		echo -e ${RED}"FAIL: xfrm tunnel"${NC}
564		return 1
565	fi
566	echo -e ${GREEN}"PASS: xfrm tunnel"${NC}
567}
568
569attach_bpf()
570{
571	DEV=$1
572	SET=$2
573	GET=$3
574	mkdir -p ${BPF_PIN_TUNNEL_DIR}
575	bpftool prog loadall ./test_tunnel_kern.o ${BPF_PIN_TUNNEL_DIR}/
576	tc qdisc add dev $DEV clsact
577	tc filter add dev $DEV egress bpf da object-pinned ${BPF_PIN_TUNNEL_DIR}/$SET
578	tc filter add dev $DEV ingress bpf da object-pinned ${BPF_PIN_TUNNEL_DIR}/$GET
579}
580
581cleanup()
582{
583        rm -rf ${BPF_PIN_TUNNEL_DIR}
584
585	ip netns delete at_ns0 2> /dev/null
586	ip link del veth1 2> /dev/null
587	ip link del ipip11 2> /dev/null
588	ip link del ipip6tnl11 2> /dev/null
589	ip link del ip6ip6tnl11 2> /dev/null
590	ip link del gretap11 2> /dev/null
591	ip link del ip6gre11 2> /dev/null
592	ip link del ip6gretap11 2> /dev/null
593	ip link del geneve11 2> /dev/null
594	ip link del ip6geneve11 2> /dev/null
595	ip link del erspan11 2> /dev/null
596	ip link del ip6erspan11 2> /dev/null
597	ip xfrm policy delete dir out src 10.1.1.200/32 dst 10.1.1.100/32 2> /dev/null
598	ip xfrm policy delete dir in src 10.1.1.100/32 dst 10.1.1.200/32 2> /dev/null
599	ip xfrm state delete src 172.16.1.100 dst 172.16.1.200 proto esp spi 0x1 2> /dev/null
600	ip xfrm state delete src 172.16.1.200 dst 172.16.1.100 proto esp spi 0x2 2> /dev/null
601}
602
603cleanup_exit()
604{
605	echo "CATCH SIGKILL or SIGINT, cleanup and exit"
606	cleanup
607	exit 0
608}
609
610check()
611{
612	ip link help 2>&1 | grep -q "\s$1\s"
613	if [ $? -ne 0 ];then
614		echo "SKIP $1: iproute2 not support"
615	cleanup
616	return 1
617	fi
618}
619
620enable_debug()
621{
622	echo 'file ip_gre.c +p' > /sys/kernel/debug/dynamic_debug/control
623	echo 'file ip6_gre.c +p' > /sys/kernel/debug/dynamic_debug/control
624	echo 'file geneve.c +p' > /sys/kernel/debug/dynamic_debug/control
625	echo 'file ipip.c +p' > /sys/kernel/debug/dynamic_debug/control
626}
627
628check_err()
629{
630	if [ $ret -eq 0 ]; then
631		ret=$1
632	fi
633}
634
635bpf_tunnel_test()
636{
637	local errors=0
638
639	echo "Testing GRE tunnel..."
640	test_gre
641	errors=$(( $errors + $? ))
642
643	echo "Testing IP6GRE tunnel..."
644	test_ip6gre
645	errors=$(( $errors + $? ))
646
647	echo "Testing IP6GRETAP tunnel..."
648	test_ip6gretap
649	errors=$(( $errors + $? ))
650
651	echo "Testing ERSPAN tunnel..."
652	test_erspan v2
653	errors=$(( $errors + $? ))
654
655	echo "Testing IP6ERSPAN tunnel..."
656	test_ip6erspan v2
657	errors=$(( $errors + $? ))
658
659	echo "Testing GENEVE tunnel..."
660	test_geneve
661	errors=$(( $errors + $? ))
662
663	echo "Testing IP6GENEVE tunnel..."
664	test_ip6geneve
665	errors=$(( $errors + $? ))
666
667	echo "Testing IPIP tunnel..."
668	test_ipip
669	errors=$(( $errors + $? ))
670
671	echo "Testing IPIP6 tunnel..."
672	test_ipip6
673	errors=$(( $errors + $? ))
674
675	echo "Testing IP6IP6 tunnel..."
676	test_ip6ip6
677	errors=$(( $errors + $? ))
678
679	echo "Testing IPSec tunnel..."
680	test_xfrm_tunnel
681	errors=$(( $errors + $? ))
682
683	return $errors
684}
685
686trap cleanup 0 3 6
687trap cleanup_exit 2 9
688
689cleanup
690bpf_tunnel_test
691
692if [ $? -ne 0 ]; then
693	echo -e "$(basename $0): ${RED}FAIL${NC}"
694	exit 1
695fi
696echo -e "$(basename $0): ${GREEN}PASS${NC}"
697exit 0
698