xref: /linux/tools/testing/selftests/drivers/net/bonding/bond_ipsec_offload.sh (revision ec2e0fb07d789976c601bec19ecced7a501c3705) 
1*99e4c35eSHangbin Liu#!/bin/bash
2*99e4c35eSHangbin Liu# SPDX-License-Identifier: GPL-2.0
3*99e4c35eSHangbin Liu
4*99e4c35eSHangbin Liu# IPsec over bonding offload test:
5*99e4c35eSHangbin Liu#
6*99e4c35eSHangbin Liu#  +----------------+
7*99e4c35eSHangbin Liu#  |     bond0      |
8*99e4c35eSHangbin Liu#  |       |        |
9*99e4c35eSHangbin Liu#  |  eth0    eth1  |
10*99e4c35eSHangbin Liu#  +---+-------+----+
11*99e4c35eSHangbin Liu#
12*99e4c35eSHangbin Liu# We use netdevsim instead of physical interfaces
13*99e4c35eSHangbin Liu#-------------------------------------------------------------------
14*99e4c35eSHangbin Liu# Example commands
15*99e4c35eSHangbin Liu#   ip x s add proto esp src 192.0.2.1 dst 192.0.2.2 \
16*99e4c35eSHangbin Liu#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
17*99e4c35eSHangbin Liu#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
18*99e4c35eSHangbin Liu#            sel src 192.0.2.1/24 dst 192.0.2.2/24
19*99e4c35eSHangbin Liu#            offload dev bond0 dir out
20*99e4c35eSHangbin Liu#   ip x p add dir out src 192.0.2.1/24 dst 192.0.2.2/24 \
21*99e4c35eSHangbin Liu#            tmpl proto esp src 192.0.2.1 dst 192.0.2.2 \
22*99e4c35eSHangbin Liu#            spi 0x07 mode transport reqid 0x07
23*99e4c35eSHangbin Liu#
24*99e4c35eSHangbin Liu#-------------------------------------------------------------------
25*99e4c35eSHangbin Liu
26*99e4c35eSHangbin Liulib_dir=$(dirname "$0")
27*99e4c35eSHangbin Liu# shellcheck disable=SC1091
28*99e4c35eSHangbin Liusource "$lib_dir"/../../../net/lib.sh
29*99e4c35eSHangbin Liusrcip=192.0.2.1
30*99e4c35eSHangbin Liudstip=192.0.2.2
31*99e4c35eSHangbin Liuipsec0=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
32*99e4c35eSHangbin Liuipsec1=/sys/kernel/debug/netdevsim/netdevsim0/ports/1/ipsec
33*99e4c35eSHangbin Liuactive_slave=""
34*99e4c35eSHangbin Liu
35*99e4c35eSHangbin Liu# shellcheck disable=SC2317
36*99e4c35eSHangbin Liuactive_slave_changed()
37*99e4c35eSHangbin Liu{
38*99e4c35eSHangbin Liu	local old_active_slave=$1
39*99e4c35eSHangbin Liu	local new_active_slave
40*99e4c35eSHangbin Liu
41*99e4c35eSHangbin Liu	# shellcheck disable=SC2154
42*99e4c35eSHangbin Liu	new_active_slave=$(ip -n "${ns}" -d -j link show bond0 | \
43*99e4c35eSHangbin Liu		jq -r ".[].linkinfo.info_data.active_slave")
44*99e4c35eSHangbin Liu	[ "$new_active_slave" != "$old_active_slave" ] && [ "$new_active_slave" != "null" ]
45*99e4c35eSHangbin Liu}
46*99e4c35eSHangbin Liu
47*99e4c35eSHangbin Liutest_offload()
48*99e4c35eSHangbin Liu{
49*99e4c35eSHangbin Liu	# use ping to exercise the Tx path
50*99e4c35eSHangbin Liu	ip netns exec "$ns" ping -I bond0 -c 3 -W 1 -i 0 "$dstip" >/dev/null
51*99e4c35eSHangbin Liu
52*99e4c35eSHangbin Liu	active_slave=$(ip -n "${ns}" -d -j link show bond0 | \
53*99e4c35eSHangbin Liu		       jq -r ".[].linkinfo.info_data.active_slave")
54*99e4c35eSHangbin Liu
55*99e4c35eSHangbin Liu	if [ "$active_slave" = "$nic0" ]; then
56*99e4c35eSHangbin Liu		sysfs=$ipsec0
57*99e4c35eSHangbin Liu	elif [ "$active_slave" = "$nic1" ]; then
58*99e4c35eSHangbin Liu		sysfs=$ipsec1
59*99e4c35eSHangbin Liu	else
60*99e4c35eSHangbin Liu		check_err 1 "bond_ipsec_offload invalid active_slave $active_slave"
61*99e4c35eSHangbin Liu	fi
62*99e4c35eSHangbin Liu
63*99e4c35eSHangbin Liu	# The tx/rx order in sysfs may changed after failover
64*99e4c35eSHangbin Liu	grep -q "SA count=2 tx=3" "$sysfs" && grep -q "tx ipaddr=$dstip" "$sysfs"
65*99e4c35eSHangbin Liu	check_err $? "incorrect tx count with link ${active_slave}"
66*99e4c35eSHangbin Liu
67*99e4c35eSHangbin Liu	log_test bond_ipsec_offload "active_slave ${active_slave}"
68*99e4c35eSHangbin Liu}
69*99e4c35eSHangbin Liu
70*99e4c35eSHangbin Liusetup_env()
71*99e4c35eSHangbin Liu{
72*99e4c35eSHangbin Liu	if ! mount | grep -q debugfs; then
73*99e4c35eSHangbin Liu		mount -t debugfs none /sys/kernel/debug/ &> /dev/null
74*99e4c35eSHangbin Liu		defer umount /sys/kernel/debug/
75*99e4c35eSHangbin Liu
76*99e4c35eSHangbin Liu	fi
77*99e4c35eSHangbin Liu
78*99e4c35eSHangbin Liu	# setup netdevsim since dummy/veth dev doesn't have offload support
79*99e4c35eSHangbin Liu	if [ ! -w /sys/bus/netdevsim/new_device ] ; then
80*99e4c35eSHangbin Liu		if ! modprobe -q netdevsim; then
81*99e4c35eSHangbin Liu			echo "SKIP: can't load netdevsim for ipsec offload"
82*99e4c35eSHangbin Liu			# shellcheck disable=SC2154
83*99e4c35eSHangbin Liu			exit "$ksft_skip"
84*99e4c35eSHangbin Liu		fi
85*99e4c35eSHangbin Liu		defer modprobe -r netdevsim
86*99e4c35eSHangbin Liu	fi
87*99e4c35eSHangbin Liu
88*99e4c35eSHangbin Liu	setup_ns ns
89*99e4c35eSHangbin Liu	defer cleanup_ns "$ns"
90*99e4c35eSHangbin Liu}
91*99e4c35eSHangbin Liu
92*99e4c35eSHangbin Liusetup_bond()
93*99e4c35eSHangbin Liu{
94*99e4c35eSHangbin Liu	ip -n "$ns" link add bond0 type bond mode active-backup miimon 100
95*99e4c35eSHangbin Liu	ip -n "$ns" addr add "$srcip/24" dev bond0
96*99e4c35eSHangbin Liu	ip -n "$ns" link set bond0 up
97*99e4c35eSHangbin Liu
98*99e4c35eSHangbin Liu	echo "0 2" | ip netns exec "$ns" tee /sys/bus/netdevsim/new_device >/dev/null
99*99e4c35eSHangbin Liu	nic0=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | head -n 1)
100*99e4c35eSHangbin Liu	nic1=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | tail -n 1)
101*99e4c35eSHangbin Liu	ip -n "$ns" link set "$nic0" master bond0
102*99e4c35eSHangbin Liu	ip -n "$ns" link set "$nic1" master bond0
103*99e4c35eSHangbin Liu
104*99e4c35eSHangbin Liu	# we didn't create a peer, make sure we can Tx by adding a permanent
105*99e4c35eSHangbin Liu	# neighbour this need to be added after enslave
106*99e4c35eSHangbin Liu	ip -n "$ns" neigh add "$dstip" dev bond0 lladdr 00:11:22:33:44:55
107*99e4c35eSHangbin Liu
108*99e4c35eSHangbin Liu	# create offloaded SAs, both in and out
109*99e4c35eSHangbin Liu	ip -n "$ns" x p add dir out src "$srcip/24" dst "$dstip/24" \
110*99e4c35eSHangbin Liu	    tmpl proto esp src "$srcip" dst "$dstip" spi 9 \
111*99e4c35eSHangbin Liu	    mode transport reqid 42
112*99e4c35eSHangbin Liu
113*99e4c35eSHangbin Liu	ip -n "$ns" x p add dir in src "$dstip/24" dst "$srcip/24" \
114*99e4c35eSHangbin Liu	    tmpl proto esp src "$dstip" dst "$srcip" spi 9 \
115*99e4c35eSHangbin Liu	    mode transport reqid 42
116*99e4c35eSHangbin Liu
117*99e4c35eSHangbin Liu	ip -n "$ns" x s add proto esp src "$srcip" dst "$dstip" spi 9 \
118*99e4c35eSHangbin Liu	    mode transport reqid 42 aead "rfc4106(gcm(aes))" \
119*99e4c35eSHangbin Liu	    0x3132333435363738393031323334353664636261 128 \
120*99e4c35eSHangbin Liu	    sel src "$srcip/24" dst "$dstip/24" \
121*99e4c35eSHangbin Liu	    offload dev bond0 dir out
122*99e4c35eSHangbin Liu
123*99e4c35eSHangbin Liu	ip -n "$ns" x s add proto esp src "$dstip" dst "$srcip" spi 9 \
124*99e4c35eSHangbin Liu	    mode transport reqid 42 aead "rfc4106(gcm(aes))" \
125*99e4c35eSHangbin Liu	    0x3132333435363738393031323334353664636261 128 \
126*99e4c35eSHangbin Liu	    sel src "$dstip/24" dst "$srcip/24" \
127*99e4c35eSHangbin Liu	    offload dev bond0 dir in
128*99e4c35eSHangbin Liu
129*99e4c35eSHangbin Liu	# does offload show up in ip output
130*99e4c35eSHangbin Liu	lines=$(ip -n "$ns" x s list | grep -c "crypto offload parameters: dev bond0 dir")
131*99e4c35eSHangbin Liu	if [ "$lines" -ne 2 ] ; then
132*99e4c35eSHangbin Liu		check_err 1 "bond_ipsec_offload SA offload missing from list output"
133*99e4c35eSHangbin Liu	fi
134*99e4c35eSHangbin Liu}
135*99e4c35eSHangbin Liu
136*99e4c35eSHangbin Liutrap defer_scopes_cleanup EXIT
137*99e4c35eSHangbin Liusetup_env
138*99e4c35eSHangbin Liusetup_bond
139*99e4c35eSHangbin Liu
140*99e4c35eSHangbin Liu# start Offload testing
141*99e4c35eSHangbin Liutest_offload
142*99e4c35eSHangbin Liu
143*99e4c35eSHangbin Liu# do failover and re-test
144*99e4c35eSHangbin Liuip -n "$ns" link set "$active_slave" down
145*99e4c35eSHangbin Liuslowwait 5 active_slave_changed "$active_slave"
146*99e4c35eSHangbin Liutest_offload
147*99e4c35eSHangbin Liu
148*99e4c35eSHangbin Liu# make sure offload get removed from driver
149*99e4c35eSHangbin Liuip -n "$ns" x s flush
150*99e4c35eSHangbin Liuip -n "$ns" x p flush
151*99e4c35eSHangbin Liuline0=$(grep -c "SA count=0" "$ipsec0")
152*99e4c35eSHangbin Liuline1=$(grep -c "SA count=0" "$ipsec1")
153*99e4c35eSHangbin Liu[ "$line0" -ne 1 ] || [ "$line1" -ne 1 ]
154*99e4c35eSHangbin Liucheck_fail $? "bond_ipsec_offload SA not removed from driver"
155*99e4c35eSHangbin Liu
156*99e4c35eSHangbin Liuexit "$EXIT_STATUS"
157