xref: /linux/tools/testing/selftests/net/rtnetlink.sh (revision 13091aa30535b719e269f20a7bc34002bf5afae5) 
1#!/bin/bash
2#
3# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
4#
5# set -e
6
7devdummy="test-dummy0"
8ret=0
9
10# Kselftest framework requirement - SKIP code is 4.
11ksft_skip=4
12
13# set global exit status, but never reset nonzero one.
14check_err()
15{
16	if [ $ret -eq 0 ]; then
17		ret=$1
18	fi
19}
20
21# same but inverted -- used when command must fail for test to pass
22check_fail()
23{
24	if [ $1 -eq 0 ]; then
25		ret=1
26	fi
27}
28
29kci_add_dummy()
30{
31	ip link add name "$devdummy" type dummy
32	check_err $?
33	ip link set "$devdummy" up
34	check_err $?
35}
36
37kci_del_dummy()
38{
39	ip link del dev "$devdummy"
40	check_err $?
41}
42
43kci_test_netconf()
44{
45	dev="$1"
46	r=$ret
47
48	ip netconf show dev "$dev" > /dev/null
49	check_err $?
50
51	for f in 4 6; do
52		ip -$f netconf show dev "$dev" > /dev/null
53		check_err $?
54	done
55
56	if [ $ret -ne 0 ] ;then
57		echo "FAIL: ip netconf show $dev"
58		test $r -eq 0 && ret=0
59		return 1
60	fi
61}
62
63# add a bridge with vlans on top
64kci_test_bridge()
65{
66	devbr="test-br0"
67	vlandev="testbr-vlan1"
68
69	ret=0
70	ip link add name "$devbr" type bridge
71	check_err $?
72
73	ip link set dev "$devdummy" master "$devbr"
74	check_err $?
75
76	ip link set "$devbr" up
77	check_err $?
78
79	ip link add link "$devbr" name "$vlandev" type vlan id 1
80	check_err $?
81	ip addr add dev "$vlandev" 10.200.7.23/30
82	check_err $?
83	ip -6 addr add dev "$vlandev" dead:42::1234/64
84	check_err $?
85	ip -d link > /dev/null
86	check_err $?
87	ip r s t all > /dev/null
88	check_err $?
89
90	for name in "$devbr" "$vlandev" "$devdummy" ; do
91		kci_test_netconf "$name"
92	done
93
94	ip -6 addr del dev "$vlandev" dead:42::1234/64
95	check_err $?
96
97	ip link del dev "$vlandev"
98	check_err $?
99	ip link del dev "$devbr"
100	check_err $?
101
102	if [ $ret -ne 0 ];then
103		echo "FAIL: bridge setup"
104		return 1
105	fi
106	echo "PASS: bridge setup"
107
108}
109
110kci_test_gre()
111{
112	gredev=neta
113	rem=10.42.42.1
114	loc=10.0.0.1
115
116	ret=0
117	ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
118	check_err $?
119	ip link set $gredev up
120	check_err $?
121	ip addr add 10.23.7.10 dev $gredev
122	check_err $?
123	ip route add 10.23.8.0/30 dev $gredev
124	check_err $?
125	ip addr add dev "$devdummy" 10.23.7.11/24
126	check_err $?
127	ip link > /dev/null
128	check_err $?
129	ip addr > /dev/null
130	check_err $?
131
132	kci_test_netconf "$gredev"
133
134	ip addr del dev "$devdummy" 10.23.7.11/24
135	check_err $?
136
137	ip link del $gredev
138	check_err $?
139
140	if [ $ret -ne 0 ];then
141		echo "FAIL: gre tunnel endpoint"
142		return 1
143	fi
144	echo "PASS: gre tunnel endpoint"
145}
146
147# tc uses rtnetlink too, for full tc testing
148# please see tools/testing/selftests/tc-testing.
149kci_test_tc()
150{
151	dev=lo
152	ret=0
153
154	tc qdisc add dev "$dev" root handle 1: htb
155	check_err $?
156	tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
157	check_err $?
158	tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
159	check_err $?
160	tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
161	check_err $?
162	tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
163	check_err $?
164	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
165	check_err $?
166	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
167	check_err $?
168	tc filter show dev "$dev" parent  1:0 > /dev/null
169	check_err $?
170	tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
171	check_err $?
172	tc filter show dev "$dev" parent  1:0 > /dev/null
173	check_err $?
174	tc qdisc del dev "$dev" root handle 1: htb
175	check_err $?
176
177	if [ $ret -ne 0 ];then
178		echo "FAIL: tc htb hierarchy"
179		return 1
180	fi
181	echo "PASS: tc htb hierarchy"
182
183}
184
185kci_test_polrouting()
186{
187	ret=0
188	ip rule add fwmark 1 lookup 100
189	check_err $?
190	ip route add local 0.0.0.0/0 dev lo table 100
191	check_err $?
192	ip r s t all > /dev/null
193	check_err $?
194	ip rule del fwmark 1 lookup 100
195	check_err $?
196	ip route del local 0.0.0.0/0 dev lo table 100
197	check_err $?
198
199	if [ $ret -ne 0 ];then
200		echo "FAIL: policy route test"
201		return 1
202	fi
203	echo "PASS: policy routing"
204}
205
206kci_test_route_get()
207{
208	local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy)
209
210	ret=0
211
212	ip route get 127.0.0.1 > /dev/null
213	check_err $?
214	ip route get 127.0.0.1 dev "$devdummy" > /dev/null
215	check_err $?
216	ip route get ::1 > /dev/null
217	check_err $?
218	ip route get fe80::1 dev "$devdummy" > /dev/null
219	check_err $?
220	ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null
221	check_err $?
222	ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null
223	check_err $?
224	ip addr add dev "$devdummy" 10.23.7.11/24
225	check_err $?
226	ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
227	check_err $?
228	ip route add 10.23.8.0/24 \
229		nexthop via 10.23.7.13 dev "$devdummy" \
230		nexthop via 10.23.7.14 dev "$devdummy"
231	check_err $?
232	sysctl -wq net.ipv4.fib_multipath_hash_policy=0
233	ip route get 10.23.8.11 > /dev/null
234	check_err $?
235	sysctl -wq net.ipv4.fib_multipath_hash_policy=1
236	ip route get 10.23.8.11 > /dev/null
237	check_err $?
238	sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy"
239	ip route del 10.23.8.0/24
240	check_err $?
241	ip addr del dev "$devdummy" 10.23.7.11/24
242	check_err $?
243
244	if [ $ret -ne 0 ];then
245		echo "FAIL: route get"
246		return 1
247	fi
248
249	echo "PASS: route get"
250}
251
252kci_test_addrlft()
253{
254	for i in $(seq 10 100) ;do
255		lft=$(((RANDOM%3) + 1))
256		ip addr add 10.23.11.$i/32 dev "$devdummy" preferred_lft $lft valid_lft $((lft+1))
257		check_err $?
258	done
259
260	sleep 5
261
262	ip addr show dev "$devdummy" | grep "10.23.11."
263	if [ $? -eq 0 ]; then
264		echo "FAIL: preferred_lft addresses remaining"
265		check_err 1
266		return
267	fi
268
269	echo "PASS: preferred_lft addresses have expired"
270}
271
272kci_test_addrlabel()
273{
274	ret=0
275
276	ip addrlabel add prefix dead::/64 dev lo label 1
277	check_err $?
278
279	ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
280	check_err $?
281
282	ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
283	check_err $?
284
285	ip addrlabel add prefix dead::/64 label 1 2> /dev/null
286	check_err $?
287
288	ip addrlabel del prefix dead::/64 label 1 2> /dev/null
289	check_err $?
290
291	# concurrent add/delete
292	for i in $(seq 1 1000); do
293		ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
294	done &
295
296	for i in $(seq 1 1000); do
297		ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
298	done
299
300	wait
301
302	ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
303
304	if [ $ret -ne 0 ];then
305		echo "FAIL: ipv6 addrlabel"
306		return 1
307	fi
308
309	echo "PASS: ipv6 addrlabel"
310}
311
312kci_test_ifalias()
313{
314	ret=0
315	namewant=$(uuidgen)
316	syspathname="/sys/class/net/$devdummy/ifalias"
317
318	ip link set dev "$devdummy" alias "$namewant"
319	check_err $?
320
321	if [ $ret -ne 0 ]; then
322		echo "FAIL: cannot set interface alias of $devdummy to $namewant"
323		return 1
324	fi
325
326	ip link show "$devdummy" | grep -q "alias $namewant"
327	check_err $?
328
329	if [ -r "$syspathname" ] ; then
330		read namehave < "$syspathname"
331		if [ "$namewant" != "$namehave" ]; then
332			echo "FAIL: did set ifalias $namewant but got $namehave"
333			return 1
334		fi
335
336		namewant=$(uuidgen)
337		echo "$namewant" > "$syspathname"
338	        ip link show "$devdummy" | grep -q "alias $namewant"
339		check_err $?
340
341		# sysfs interface allows to delete alias again
342		echo "" > "$syspathname"
343
344	        ip link show "$devdummy" | grep -q "alias $namewant"
345		check_fail $?
346
347		for i in $(seq 1 100); do
348			uuidgen > "$syspathname" &
349		done
350
351		wait
352
353		# re-add the alias -- kernel should free mem when dummy dev is removed
354		ip link set dev "$devdummy" alias "$namewant"
355		check_err $?
356	fi
357
358	if [ $ret -ne 0 ]; then
359		echo "FAIL: set interface alias $devdummy to $namewant"
360		return 1
361	fi
362
363	echo "PASS: set ifalias $namewant for $devdummy"
364}
365
366kci_test_vrf()
367{
368	vrfname="test-vrf"
369	ret=0
370
371	ip link show type vrf 2>/dev/null
372	if [ $? -ne 0 ]; then
373		echo "SKIP: vrf: iproute2 too old"
374		return $ksft_skip
375	fi
376
377	ip link add "$vrfname" type vrf table 10
378	check_err $?
379	if [ $ret -ne 0 ];then
380		echo "FAIL: can't add vrf interface, skipping test"
381		return 0
382	fi
383
384	ip -br link show type vrf | grep -q "$vrfname"
385	check_err $?
386	if [ $ret -ne 0 ];then
387		echo "FAIL: created vrf device not found"
388		return 1
389	fi
390
391	ip link set dev "$vrfname" up
392	check_err $?
393
394	ip link set dev "$devdummy" master "$vrfname"
395	check_err $?
396	ip link del dev "$vrfname"
397	check_err $?
398
399	if [ $ret -ne 0 ];then
400		echo "FAIL: vrf"
401		return 1
402	fi
403
404	echo "PASS: vrf"
405}
406
407kci_test_encap_vxlan()
408{
409	ret=0
410	vxlan="test-vxlan0"
411	vlan="test-vlan0"
412	testns="$1"
413
414	ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
415		dev "$devdummy" dstport 4789 2>/dev/null
416	if [ $? -ne 0 ]; then
417		echo "FAIL: can't add vxlan interface, skipping test"
418		return 0
419	fi
420	check_err $?
421
422	ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan"
423	check_err $?
424
425	ip -netns "$testns" link set up dev "$vxlan"
426	check_err $?
427
428	ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1
429	check_err $?
430
431	# changelink testcases
432	ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null
433	check_fail $?
434
435	ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null
436	check_fail $?
437
438	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null
439	check_fail $?
440
441	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64
442	check_err $?
443
444	ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning
445	check_err $?
446
447	ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null
448	check_fail $?
449
450	ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null
451	check_fail $?
452
453	ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null
454	check_fail $?
455
456	ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null
457	check_fail $?
458
459	ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null
460	check_fail $?
461
462	ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null
463	check_fail $?
464
465	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null
466	check_fail $?
467
468	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null
469	check_fail $?
470
471	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null
472	check_fail $?
473
474	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null
475	check_fail $?
476
477	ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null
478	check_fail $?
479
480	ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null
481	check_fail $?
482
483	ip -netns "$testns" link del "$vxlan"
484	check_err $?
485
486	if [ $ret -ne 0 ]; then
487		echo "FAIL: vxlan"
488		return 1
489	fi
490	echo "PASS: vxlan"
491}
492
493kci_test_encap_fou()
494{
495	ret=0
496	name="test-fou"
497	testns="$1"
498
499	ip fou help 2>&1 |grep -q 'Usage: ip fou'
500	if [ $? -ne 0 ];then
501		echo "SKIP: fou: iproute2 too old"
502		return $ksft_skip
503	fi
504
505	ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null
506	if [ $? -ne 0 ];then
507		echo "FAIL: can't add fou port 7777, skipping test"
508		return 1
509	fi
510
511	ip -netns "$testns" fou add port 8888 ipproto 4
512	check_err $?
513
514	ip -netns "$testns" fou del port 9999 2>/dev/null
515	check_fail $?
516
517	ip -netns "$testns" fou del port 7777
518	check_err $?
519
520	if [ $ret -ne 0 ]; then
521		echo "FAIL: fou"
522		return 1
523	fi
524
525	echo "PASS: fou"
526}
527
528# test various encap methods, use netns to avoid unwanted interference
529kci_test_encap()
530{
531	testns="testns"
532	ret=0
533
534	ip netns add "$testns"
535	if [ $? -ne 0 ]; then
536		echo "SKIP encap tests: cannot add net namespace $testns"
537		return $ksft_skip
538	fi
539
540	ip -netns "$testns" link set lo up
541	check_err $?
542
543	ip -netns "$testns" link add name "$devdummy" type dummy
544	check_err $?
545	ip -netns "$testns" link set "$devdummy" up
546	check_err $?
547
548	kci_test_encap_vxlan "$testns"
549	kci_test_encap_fou "$testns"
550
551	ip netns del "$testns"
552}
553
554kci_test_macsec()
555{
556	msname="test_macsec0"
557	ret=0
558
559	ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
560	if [ $? -ne 0 ]; then
561		echo "SKIP: macsec: iproute2 too old"
562		return $ksft_skip
563	fi
564
565	ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
566	check_err $?
567	if [ $ret -ne 0 ];then
568		echo "FAIL: can't add macsec interface, skipping test"
569		return 1
570	fi
571
572	ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
573	check_err $?
574
575	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
576	check_err $?
577
578	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
579	check_err $?
580
581	ip macsec show > /dev/null
582	check_err $?
583
584	ip link del dev "$msname"
585	check_err $?
586
587	if [ $ret -ne 0 ];then
588		echo "FAIL: macsec"
589		return 1
590	fi
591
592	echo "PASS: macsec"
593}
594
595#-------------------------------------------------------------------
596# Example commands
597#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
598#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
599#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
600#            sel src 14.0.0.52/24 dst 14.0.0.70/24
601#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
602#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
603#            spi 0x07 mode transport reqid 0x07
604#
605# Subcommands not tested
606#    ip x s update
607#    ip x s allocspi
608#    ip x s deleteall
609#    ip x p update
610#    ip x p deleteall
611#    ip x p set
612#-------------------------------------------------------------------
613kci_test_ipsec()
614{
615	ret=0
616	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
617	srcip=192.168.123.1
618	dstip=192.168.123.2
619	spi=7
620
621	ip addr add $srcip dev $devdummy
622
623	# flush to be sure there's nothing configured
624	ip x s flush ; ip x p flush
625	check_err $?
626
627	# start the monitor in the background
628	tmpfile=`mktemp /var/run/ipsectestXXX`
629	mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
630	sleep 0.2
631
632	ipsecid="proto esp src $srcip dst $dstip spi 0x07"
633	ip x s add $ipsecid \
634            mode transport reqid 0x07 replay-window 32 \
635            $algo sel src $srcip/24 dst $dstip/24
636	check_err $?
637
638	lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
639	test $lines -eq 2
640	check_err $?
641
642	ip x s count | grep -q "SAD count 1"
643	check_err $?
644
645	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
646	test $lines -eq 2
647	check_err $?
648
649	ip x s delete $ipsecid
650	check_err $?
651
652	lines=`ip x s list | wc -l`
653	test $lines -eq 0
654	check_err $?
655
656	ipsecsel="dir out src $srcip/24 dst $dstip/24"
657	ip x p add $ipsecsel \
658		    tmpl proto esp src $srcip dst $dstip \
659		    spi 0x07 mode transport reqid 0x07
660	check_err $?
661
662	lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
663	test $lines -eq 2
664	check_err $?
665
666	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
667	check_err $?
668
669	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
670	test $lines -eq 2
671	check_err $?
672
673	ip x p delete $ipsecsel
674	check_err $?
675
676	lines=`ip x p list | wc -l`
677	test $lines -eq 0
678	check_err $?
679
680	# check the monitor results
681	kill $mpid
682	lines=`wc -l $tmpfile | cut "-d " -f1`
683	test $lines -eq 20
684	check_err $?
685	rm -rf $tmpfile
686
687	# clean up any leftovers
688	ip x s flush
689	check_err $?
690	ip x p flush
691	check_err $?
692	ip addr del $srcip/32 dev $devdummy
693
694	if [ $ret -ne 0 ]; then
695		echo "FAIL: ipsec"
696		return 1
697	fi
698	echo "PASS: ipsec"
699}
700
701#-------------------------------------------------------------------
702# Example commands
703#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
704#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
705#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
706#            sel src 14.0.0.52/24 dst 14.0.0.70/24
707#            offload dev sim1 dir out
708#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
709#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
710#            spi 0x07 mode transport reqid 0x07
711#
712#-------------------------------------------------------------------
713kci_test_ipsec_offload()
714{
715	ret=0
716	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
717	srcip=192.168.123.3
718	dstip=192.168.123.4
719	sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/
720	sysfsf=$sysfsd/ipsec
721	sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/
722
723	# setup netdevsim since dummydev doesn't have offload support
724	modprobe netdevsim
725	check_err $?
726	if [ $ret -ne 0 ]; then
727		echo "FAIL: ipsec_offload can't load netdevsim"
728		return 1
729	fi
730
731	echo "0" > /sys/bus/netdevsim/new_device
732	while [ ! -d $sysfsnet ] ; do :; done
733	udevadm settle
734	dev=`ls $sysfsnet`
735
736	ip addr add $srcip dev $dev
737	ip link set $dev up
738	if [ ! -d $sysfsd ] ; then
739		echo "FAIL: ipsec_offload can't create device $dev"
740		return 1
741	fi
742	if [ ! -f $sysfsf ] ; then
743		echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
744		return 1
745	fi
746
747	# flush to be sure there's nothing configured
748	ip x s flush ; ip x p flush
749
750	# create offloaded SAs, both in and out
751	ip x p add dir out src $srcip/24 dst $dstip/24 \
752	    tmpl proto esp src $srcip dst $dstip spi 9 \
753	    mode transport reqid 42
754	check_err $?
755	ip x p add dir out src $dstip/24 dst $srcip/24 \
756	    tmpl proto esp src $dstip dst $srcip spi 9 \
757	    mode transport reqid 42
758	check_err $?
759
760	ip x s add proto esp src $srcip dst $dstip spi 9 \
761	    mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
762	    offload dev $dev dir out
763	check_err $?
764	ip x s add proto esp src $dstip dst $srcip spi 9 \
765	    mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
766	    offload dev $dev dir in
767	check_err $?
768	if [ $ret -ne 0 ]; then
769		echo "FAIL: ipsec_offload can't create SA"
770		return 1
771	fi
772
773	# does offload show up in ip output
774	lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
775	if [ $lines -ne 2 ] ; then
776		echo "FAIL: ipsec_offload SA offload missing from list output"
777		check_err 1
778	fi
779
780	# use ping to exercise the Tx path
781	ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
782
783	# does driver have correct offload info
784	diff $sysfsf - << EOF
785SA count=2 tx=3
786sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
787sa[0]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
788sa[0]    key=0x34333231 38373635 32313039 36353433
789sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
790sa[1]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
791sa[1]    key=0x34333231 38373635 32313039 36353433
792EOF
793	if [ $? -ne 0 ] ; then
794		echo "FAIL: ipsec_offload incorrect driver data"
795		check_err 1
796	fi
797
798	# does offload get removed from driver
799	ip x s flush
800	ip x p flush
801	lines=`grep -c "SA count=0" $sysfsf`
802	if [ $lines -ne 1 ] ; then
803		echo "FAIL: ipsec_offload SA not removed from driver"
804		check_err 1
805	fi
806
807	# clean up any leftovers
808	rmmod netdevsim
809
810	if [ $ret -ne 0 ]; then
811		echo "FAIL: ipsec_offload"
812		return 1
813	fi
814	echo "PASS: ipsec_offload"
815}
816
817kci_test_gretap()
818{
819	testns="testns"
820	DEV_NS=gretap00
821	ret=0
822
823	ip netns add "$testns"
824	if [ $? -ne 0 ]; then
825		echo "SKIP gretap tests: cannot add net namespace $testns"
826		return $ksft_skip
827	fi
828
829	ip link help gretap 2>&1 | grep -q "^Usage:"
830	if [ $? -ne 0 ];then
831		echo "SKIP: gretap: iproute2 too old"
832		ip netns del "$testns"
833		return $ksft_skip
834	fi
835
836	# test native tunnel
837	ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \
838		key 102 local 172.16.1.100 remote 172.16.1.200
839	check_err $?
840
841	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
842	check_err $?
843
844	ip -netns "$testns" link set dev $DEV_NS up
845	check_err $?
846
847	ip -netns "$testns" link del "$DEV_NS"
848	check_err $?
849
850	# test external mode
851	ip -netns "$testns" link add dev "$DEV_NS" type gretap external
852	check_err $?
853
854	ip -netns "$testns" link del "$DEV_NS"
855	check_err $?
856
857	if [ $ret -ne 0 ]; then
858		echo "FAIL: gretap"
859		ip netns del "$testns"
860		return 1
861	fi
862	echo "PASS: gretap"
863
864	ip netns del "$testns"
865}
866
867kci_test_ip6gretap()
868{
869	testns="testns"
870	DEV_NS=ip6gretap00
871	ret=0
872
873	ip netns add "$testns"
874	if [ $? -ne 0 ]; then
875		echo "SKIP ip6gretap tests: cannot add net namespace $testns"
876		return $ksft_skip
877	fi
878
879	ip link help ip6gretap 2>&1 | grep -q "^Usage:"
880	if [ $? -ne 0 ];then
881		echo "SKIP: ip6gretap: iproute2 too old"
882		ip netns del "$testns"
883		return $ksft_skip
884	fi
885
886	# test native tunnel
887	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \
888		key 102 local fc00:100::1 remote fc00:100::2
889	check_err $?
890
891	ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96
892	check_err $?
893
894	ip -netns "$testns" link set dev $DEV_NS up
895	check_err $?
896
897	ip -netns "$testns" link del "$DEV_NS"
898	check_err $?
899
900	# test external mode
901	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external
902	check_err $?
903
904	ip -netns "$testns" link del "$DEV_NS"
905	check_err $?
906
907	if [ $ret -ne 0 ]; then
908		echo "FAIL: ip6gretap"
909		ip netns del "$testns"
910		return 1
911	fi
912	echo "PASS: ip6gretap"
913
914	ip netns del "$testns"
915}
916
917kci_test_erspan()
918{
919	testns="testns"
920	DEV_NS=erspan00
921	ret=0
922
923	ip link help erspan 2>&1 | grep -q "^Usage:"
924	if [ $? -ne 0 ];then
925		echo "SKIP: erspan: iproute2 too old"
926		return $ksft_skip
927	fi
928
929	ip netns add "$testns"
930	if [ $? -ne 0 ]; then
931		echo "SKIP erspan tests: cannot add net namespace $testns"
932		return $ksft_skip
933	fi
934
935	# test native tunnel erspan v1
936	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
937		key 102 local 172.16.1.100 remote 172.16.1.200 \
938		erspan_ver 1 erspan 488
939	check_err $?
940
941	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
942	check_err $?
943
944	ip -netns "$testns" link set dev $DEV_NS up
945	check_err $?
946
947	ip -netns "$testns" link del "$DEV_NS"
948	check_err $?
949
950	# test native tunnel erspan v2
951	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
952		key 102 local 172.16.1.100 remote 172.16.1.200 \
953		erspan_ver 2 erspan_dir ingress erspan_hwid 7
954	check_err $?
955
956	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
957	check_err $?
958
959	ip -netns "$testns" link set dev $DEV_NS up
960	check_err $?
961
962	ip -netns "$testns" link del "$DEV_NS"
963	check_err $?
964
965	# test external mode
966	ip -netns "$testns" link add dev "$DEV_NS" type erspan external
967	check_err $?
968
969	ip -netns "$testns" link del "$DEV_NS"
970	check_err $?
971
972	if [ $ret -ne 0 ]; then
973		echo "FAIL: erspan"
974		ip netns del "$testns"
975		return 1
976	fi
977	echo "PASS: erspan"
978
979	ip netns del "$testns"
980}
981
982kci_test_ip6erspan()
983{
984	testns="testns"
985	DEV_NS=ip6erspan00
986	ret=0
987
988	ip link help ip6erspan 2>&1 | grep -q "^Usage:"
989	if [ $? -ne 0 ];then
990		echo "SKIP: ip6erspan: iproute2 too old"
991		return $ksft_skip
992	fi
993
994	ip netns add "$testns"
995	if [ $? -ne 0 ]; then
996		echo "SKIP ip6erspan tests: cannot add net namespace $testns"
997		return $ksft_skip
998	fi
999
1000	# test native tunnel ip6erspan v1
1001	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1002		key 102 local fc00:100::1 remote fc00:100::2 \
1003		erspan_ver 1 erspan 488
1004	check_err $?
1005
1006	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1007	check_err $?
1008
1009	ip -netns "$testns" link set dev $DEV_NS up
1010	check_err $?
1011
1012	ip -netns "$testns" link del "$DEV_NS"
1013	check_err $?
1014
1015	# test native tunnel ip6erspan v2
1016	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1017		key 102 local fc00:100::1 remote fc00:100::2 \
1018		erspan_ver 2 erspan_dir ingress erspan_hwid 7
1019	check_err $?
1020
1021	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1022	check_err $?
1023
1024	ip -netns "$testns" link set dev $DEV_NS up
1025	check_err $?
1026
1027	ip -netns "$testns" link del "$DEV_NS"
1028	check_err $?
1029
1030	# test external mode
1031	ip -netns "$testns" link add dev "$DEV_NS" \
1032		type ip6erspan external
1033	check_err $?
1034
1035	ip -netns "$testns" link del "$DEV_NS"
1036	check_err $?
1037
1038	if [ $ret -ne 0 ]; then
1039		echo "FAIL: ip6erspan"
1040		ip netns del "$testns"
1041		return 1
1042	fi
1043	echo "PASS: ip6erspan"
1044
1045	ip netns del "$testns"
1046}
1047
1048kci_test_fdb_get()
1049{
1050	IP="ip -netns testns"
1051	BRIDGE="bridge -netns testns"
1052	brdev="test-br0"
1053	vxlandev="vxlan10"
1054	test_mac=de:ad:be:ef:13:37
1055	localip="10.0.2.2"
1056	dstip="10.0.2.3"
1057	ret=0
1058
1059	bridge fdb help 2>&1 |grep -q 'bridge fdb get'
1060	if [ $? -ne 0 ];then
1061		echo "SKIP: fdb get tests: iproute2 too old"
1062		return $ksft_skip
1063	fi
1064
1065	ip netns add testns
1066	if [ $? -ne 0 ]; then
1067		echo "SKIP fdb get tests: cannot add net namespace $testns"
1068		return $ksft_skip
1069	fi
1070
1071	$IP link add "$vxlandev" type vxlan id 10 local $localip \
1072                dstport 4789 2>/dev/null
1073	check_err $?
1074	$IP link add name "$brdev" type bridge &>/dev/null
1075	check_err $?
1076	$IP link set dev "$vxlandev" master "$brdev" &>/dev/null
1077	check_err $?
1078	$BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null
1079	check_err $?
1080	$BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null
1081	check_err $?
1082
1083	$BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1084	check_err $?
1085	$BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1086	check_err $?
1087	$BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip"
1088	check_err $?
1089
1090	ip netns del testns &>/dev/null
1091
1092	if [ $ret -ne 0 ]; then
1093		echo "FAIL: bridge fdb get"
1094		return 1
1095	fi
1096
1097	echo "PASS: bridge fdb get"
1098}
1099
1100kci_test_neigh_get()
1101{
1102	dstmac=de:ad:be:ef:13:37
1103	dstip=10.0.2.4
1104	dstip6=dead::2
1105	ret=0
1106
1107	ip neigh help 2>&1 |grep -q 'ip neigh get'
1108	if [ $? -ne 0 ];then
1109		echo "SKIP: fdb get tests: iproute2 too old"
1110		return $ksft_skip
1111	fi
1112
1113	# ipv4
1114	ip neigh add $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1115	check_err $?
1116	ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1117	check_err $?
1118	ip neigh del $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1119	check_err $?
1120
1121	# ipv4 proxy
1122	ip neigh add proxy $dstip dev "$devdummy" > /dev/null
1123	check_err $?
1124	ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip"
1125	check_err $?
1126	ip neigh del proxy $dstip dev "$devdummy" > /dev/null
1127	check_err $?
1128
1129	# ipv6
1130	ip neigh add $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1131	check_err $?
1132	ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1133	check_err $?
1134	ip neigh del $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1135	check_err $?
1136
1137	# ipv6 proxy
1138	ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null
1139	check_err $?
1140	ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6"
1141	check_err $?
1142	ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null
1143	check_err $?
1144
1145	if [ $ret -ne 0 ];then
1146		echo "FAIL: neigh get"
1147		return 1
1148	fi
1149
1150	echo "PASS: neigh get"
1151}
1152
1153kci_test_rtnl()
1154{
1155	kci_add_dummy
1156	if [ $ret -ne 0 ];then
1157		echo "FAIL: cannot add dummy interface"
1158		return 1
1159	fi
1160
1161	kci_test_polrouting
1162	kci_test_route_get
1163	kci_test_addrlft
1164	kci_test_tc
1165	kci_test_gre
1166	kci_test_gretap
1167	kci_test_ip6gretap
1168	kci_test_erspan
1169	kci_test_ip6erspan
1170	kci_test_bridge
1171	kci_test_addrlabel
1172	kci_test_ifalias
1173	kci_test_vrf
1174	kci_test_encap
1175	kci_test_macsec
1176	kci_test_ipsec
1177	kci_test_ipsec_offload
1178	kci_test_fdb_get
1179	kci_test_neigh_get
1180
1181	kci_del_dummy
1182}
1183
1184#check for needed privileges
1185if [ "$(id -u)" -ne 0 ];then
1186	echo "SKIP: Need root privileges"
1187	exit $ksft_skip
1188fi
1189
1190for x in ip tc;do
1191	$x -Version 2>/dev/null >/dev/null
1192	if [ $? -ne 0 ];then
1193		echo "SKIP: Could not run test without the $x tool"
1194		exit $ksft_skip
1195	fi
1196done
1197
1198kci_test_rtnl
1199
1200exit $ret
1201