xref: /linux/tools/testing/selftests/drivers/net/bonding/bond_ipsec_offload.sh (revision b615879dbfea6cf1236acbc3f2fb25ae84e07071) 
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4# IPsec over bonding offload test:
5#
6#  +----------------+
7#  |     bond0      |
8#  |       |        |
9#  |  eth0    eth1  |
10#  +---+-------+----+
11#
12# We use netdevsim instead of physical interfaces
13#-------------------------------------------------------------------
14# Example commands
15#   ip x s add proto esp src 192.0.2.1 dst 192.0.2.2 \
16#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
17#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
18#            sel src 192.0.2.1/24 dst 192.0.2.2/24
19#            offload dev bond0 dir out
20#   ip x p add dir out src 192.0.2.1/24 dst 192.0.2.2/24 \
21#            tmpl proto esp src 192.0.2.1 dst 192.0.2.2 \
22#            spi 0x07 mode transport reqid 0x07
23#
24#-------------------------------------------------------------------
25
26lib_dir=$(dirname "$0")
27# shellcheck disable=SC1091
28source "$lib_dir"/../../../net/lib.sh
29srcip=192.0.2.1
30dstip=192.0.2.2
31ipsec0=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
32ipsec1=/sys/kernel/debug/netdevsim/netdevsim0/ports/1/ipsec
33active_slave=""
34
35# shellcheck disable=SC2317
36active_slave_changed()
37{
38	local old_active_slave=$1
39	local new_active_slave
40
41	# shellcheck disable=SC2154
42	new_active_slave=$(ip -n "${ns}" -d -j link show bond0 | \
43		jq -r ".[].linkinfo.info_data.active_slave")
44	[ "$new_active_slave" != "$old_active_slave" ] && [ "$new_active_slave" != "null" ]
45}
46
47test_offload()
48{
49	# use ping to exercise the Tx path
50	ip netns exec "$ns" ping -I bond0 -c 3 -W 1 -i 0 "$dstip" >/dev/null
51
52	active_slave=$(ip -n "${ns}" -d -j link show bond0 | \
53		       jq -r ".[].linkinfo.info_data.active_slave")
54
55	if [ "$active_slave" = "$nic0" ]; then
56		sysfs=$ipsec0
57	elif [ "$active_slave" = "$nic1" ]; then
58		sysfs=$ipsec1
59	else
60		check_err 1 "bond_ipsec_offload invalid active_slave $active_slave"
61	fi
62
63	# The tx/rx order in sysfs may changed after failover
64	grep -q "SA count=2 tx=3" "$sysfs" && grep -q "tx ipaddr=$dstip" "$sysfs"
65	check_err $? "incorrect tx count with link ${active_slave}"
66
67	log_test bond_ipsec_offload "active_slave ${active_slave}"
68}
69
70setup_env()
71{
72	if ! mount | grep -q debugfs; then
73		mount -t debugfs none /sys/kernel/debug/ &> /dev/null
74		defer umount /sys/kernel/debug/
75
76	fi
77
78	# setup netdevsim since dummy/veth dev doesn't have offload support
79	if [ ! -w /sys/bus/netdevsim/new_device ] ; then
80		if ! modprobe -q netdevsim; then
81			echo "SKIP: can't load netdevsim for ipsec offload"
82			# shellcheck disable=SC2154
83			exit "$ksft_skip"
84		fi
85		defer modprobe -r netdevsim
86	fi
87
88	setup_ns ns
89	defer cleanup_ns "$ns"
90}
91
92setup_bond()
93{
94	ip -n "$ns" link add bond0 type bond mode active-backup miimon 100
95	ip -n "$ns" addr add "$srcip/24" dev bond0
96	ip -n "$ns" link set bond0 up
97
98	echo "0 2" | ip netns exec "$ns" tee /sys/bus/netdevsim/new_device >/dev/null
99	nic0=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | head -n 1)
100	nic1=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | tail -n 1)
101	ip -n "$ns" link set "$nic0" master bond0
102	ip -n "$ns" link set "$nic1" master bond0
103
104	# we didn't create a peer, make sure we can Tx by adding a permanent
105	# neighbour this need to be added after enslave
106	ip -n "$ns" neigh add "$dstip" dev bond0 lladdr 00:11:22:33:44:55
107
108	# create offloaded SAs, both in and out
109	ip -n "$ns" x p add dir out src "$srcip/24" dst "$dstip/24" \
110	    tmpl proto esp src "$srcip" dst "$dstip" spi 9 \
111	    mode transport reqid 42
112
113	ip -n "$ns" x p add dir in src "$dstip/24" dst "$srcip/24" \
114	    tmpl proto esp src "$dstip" dst "$srcip" spi 9 \
115	    mode transport reqid 42
116
117	ip -n "$ns" x s add proto esp src "$srcip" dst "$dstip" spi 9 \
118	    mode transport reqid 42 aead "rfc4106(gcm(aes))" \
119	    0x3132333435363738393031323334353664636261 128 \
120	    sel src "$srcip/24" dst "$dstip/24" \
121	    offload dev bond0 dir out
122
123	ip -n "$ns" x s add proto esp src "$dstip" dst "$srcip" spi 9 \
124	    mode transport reqid 42 aead "rfc4106(gcm(aes))" \
125	    0x3132333435363738393031323334353664636261 128 \
126	    sel src "$dstip/24" dst "$srcip/24" \
127	    offload dev bond0 dir in
128
129	# does offload show up in ip output
130	lines=$(ip -n "$ns" x s list | grep -c "crypto offload parameters: dev bond0 dir")
131	if [ "$lines" -ne 2 ] ; then
132		check_err 1 "bond_ipsec_offload SA offload missing from list output"
133	fi
134}
135
136trap defer_scopes_cleanup EXIT
137setup_env
138setup_bond
139
140# start Offload testing
141test_offload
142
143# do failover and re-test
144ip -n "$ns" link set "$active_slave" down
145slowwait 5 active_slave_changed "$active_slave"
146test_offload
147
148# make sure offload get removed from driver
149ip -n "$ns" x s flush
150ip -n "$ns" x p flush
151line0=$(grep -c "SA count=0" "$ipsec0")
152line1=$(grep -c "SA count=0" "$ipsec1")
153[ "$line0" -ne 1 ] || [ "$line1" -ne 1 ]
154check_fail $? "bond_ipsec_offload SA not removed from driver"
155
156exit "$EXIT_STATUS"
157