xref: /linux/tools/testing/selftests/net/rtnetlink.sh (revision 1f2367a39f17bd553a75e179a747f9b257bc9478) 
1#!/bin/bash
2#
3# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
4#
5# set -e
6
7devdummy="test-dummy0"
8ret=0
9
10# Kselftest framework requirement - SKIP code is 4.
11ksft_skip=4
12
13# set global exit status, but never reset nonzero one.
14check_err()
15{
16	if [ $ret -eq 0 ]; then
17		ret=$1
18	fi
19}
20
21# same but inverted -- used when command must fail for test to pass
22check_fail()
23{
24	if [ $1 -eq 0 ]; then
25		ret=1
26	fi
27}
28
29kci_add_dummy()
30{
31	ip link add name "$devdummy" type dummy
32	check_err $?
33	ip link set "$devdummy" up
34	check_err $?
35}
36
37kci_del_dummy()
38{
39	ip link del dev "$devdummy"
40	check_err $?
41}
42
43kci_test_netconf()
44{
45	dev="$1"
46	r=$ret
47
48	ip netconf show dev "$dev" > /dev/null
49	check_err $?
50
51	for f in 4 6; do
52		ip -$f netconf show dev "$dev" > /dev/null
53		check_err $?
54	done
55
56	if [ $ret -ne 0 ] ;then
57		echo "FAIL: ip netconf show $dev"
58		test $r -eq 0 && ret=0
59		return 1
60	fi
61}
62
63# add a bridge with vlans on top
64kci_test_bridge()
65{
66	devbr="test-br0"
67	vlandev="testbr-vlan1"
68
69	ret=0
70	ip link add name "$devbr" type bridge
71	check_err $?
72
73	ip link set dev "$devdummy" master "$devbr"
74	check_err $?
75
76	ip link set "$devbr" up
77	check_err $?
78
79	ip link add link "$devbr" name "$vlandev" type vlan id 1
80	check_err $?
81	ip addr add dev "$vlandev" 10.200.7.23/30
82	check_err $?
83	ip -6 addr add dev "$vlandev" dead:42::1234/64
84	check_err $?
85	ip -d link > /dev/null
86	check_err $?
87	ip r s t all > /dev/null
88	check_err $?
89
90	for name in "$devbr" "$vlandev" "$devdummy" ; do
91		kci_test_netconf "$name"
92	done
93
94	ip -6 addr del dev "$vlandev" dead:42::1234/64
95	check_err $?
96
97	ip link del dev "$vlandev"
98	check_err $?
99	ip link del dev "$devbr"
100	check_err $?
101
102	if [ $ret -ne 0 ];then
103		echo "FAIL: bridge setup"
104		return 1
105	fi
106	echo "PASS: bridge setup"
107
108}
109
110kci_test_gre()
111{
112	gredev=neta
113	rem=10.42.42.1
114	loc=10.0.0.1
115
116	ret=0
117	ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
118	check_err $?
119	ip link set $gredev up
120	check_err $?
121	ip addr add 10.23.7.10 dev $gredev
122	check_err $?
123	ip route add 10.23.8.0/30 dev $gredev
124	check_err $?
125	ip addr add dev "$devdummy" 10.23.7.11/24
126	check_err $?
127	ip link > /dev/null
128	check_err $?
129	ip addr > /dev/null
130	check_err $?
131
132	kci_test_netconf "$gredev"
133
134	ip addr del dev "$devdummy" 10.23.7.11/24
135	check_err $?
136
137	ip link del $gredev
138	check_err $?
139
140	if [ $ret -ne 0 ];then
141		echo "FAIL: gre tunnel endpoint"
142		return 1
143	fi
144	echo "PASS: gre tunnel endpoint"
145}
146
147# tc uses rtnetlink too, for full tc testing
148# please see tools/testing/selftests/tc-testing.
149kci_test_tc()
150{
151	dev=lo
152	ret=0
153
154	tc qdisc add dev "$dev" root handle 1: htb
155	check_err $?
156	tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
157	check_err $?
158	tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
159	check_err $?
160	tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
161	check_err $?
162	tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
163	check_err $?
164	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
165	check_err $?
166	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
167	check_err $?
168	tc filter show dev "$dev" parent  1:0 > /dev/null
169	check_err $?
170	tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
171	check_err $?
172	tc filter show dev "$dev" parent  1:0 > /dev/null
173	check_err $?
174	tc qdisc del dev "$dev" root handle 1: htb
175	check_err $?
176
177	if [ $ret -ne 0 ];then
178		echo "FAIL: tc htb hierarchy"
179		return 1
180	fi
181	echo "PASS: tc htb hierarchy"
182
183}
184
185kci_test_polrouting()
186{
187	ret=0
188	ip rule add fwmark 1 lookup 100
189	check_err $?
190	ip route add local 0.0.0.0/0 dev lo table 100
191	check_err $?
192	ip r s t all > /dev/null
193	check_err $?
194	ip rule del fwmark 1 lookup 100
195	check_err $?
196	ip route del local 0.0.0.0/0 dev lo table 100
197	check_err $?
198
199	if [ $ret -ne 0 ];then
200		echo "FAIL: policy route test"
201		return 1
202	fi
203	echo "PASS: policy routing"
204}
205
206kci_test_route_get()
207{
208	local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy)
209
210	ret=0
211
212	ip route get 127.0.0.1 > /dev/null
213	check_err $?
214	ip route get 127.0.0.1 dev "$devdummy" > /dev/null
215	check_err $?
216	ip route get ::1 > /dev/null
217	check_err $?
218	ip route get fe80::1 dev "$devdummy" > /dev/null
219	check_err $?
220	ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null
221	check_err $?
222	ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null
223	check_err $?
224	ip addr add dev "$devdummy" 10.23.7.11/24
225	check_err $?
226	ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
227	check_err $?
228	ip route add 10.23.8.0/24 \
229		nexthop via 10.23.7.13 dev "$devdummy" \
230		nexthop via 10.23.7.14 dev "$devdummy"
231	check_err $?
232	sysctl -wq net.ipv4.fib_multipath_hash_policy=0
233	ip route get 10.23.8.11 > /dev/null
234	check_err $?
235	sysctl -wq net.ipv4.fib_multipath_hash_policy=1
236	ip route get 10.23.8.11 > /dev/null
237	check_err $?
238	sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy"
239	ip route del 10.23.8.0/24
240	check_err $?
241	ip addr del dev "$devdummy" 10.23.7.11/24
242	check_err $?
243
244	if [ $ret -ne 0 ];then
245		echo "FAIL: route get"
246		return 1
247	fi
248
249	echo "PASS: route get"
250}
251
252kci_test_addrlabel()
253{
254	ret=0
255
256	ip addrlabel add prefix dead::/64 dev lo label 1
257	check_err $?
258
259	ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
260	check_err $?
261
262	ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
263	check_err $?
264
265	ip addrlabel add prefix dead::/64 label 1 2> /dev/null
266	check_err $?
267
268	ip addrlabel del prefix dead::/64 label 1 2> /dev/null
269	check_err $?
270
271	# concurrent add/delete
272	for i in $(seq 1 1000); do
273		ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
274	done &
275
276	for i in $(seq 1 1000); do
277		ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
278	done
279
280	wait
281
282	ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
283
284	if [ $ret -ne 0 ];then
285		echo "FAIL: ipv6 addrlabel"
286		return 1
287	fi
288
289	echo "PASS: ipv6 addrlabel"
290}
291
292kci_test_ifalias()
293{
294	ret=0
295	namewant=$(uuidgen)
296	syspathname="/sys/class/net/$devdummy/ifalias"
297
298	ip link set dev "$devdummy" alias "$namewant"
299	check_err $?
300
301	if [ $ret -ne 0 ]; then
302		echo "FAIL: cannot set interface alias of $devdummy to $namewant"
303		return 1
304	fi
305
306	ip link show "$devdummy" | grep -q "alias $namewant"
307	check_err $?
308
309	if [ -r "$syspathname" ] ; then
310		read namehave < "$syspathname"
311		if [ "$namewant" != "$namehave" ]; then
312			echo "FAIL: did set ifalias $namewant but got $namehave"
313			return 1
314		fi
315
316		namewant=$(uuidgen)
317		echo "$namewant" > "$syspathname"
318	        ip link show "$devdummy" | grep -q "alias $namewant"
319		check_err $?
320
321		# sysfs interface allows to delete alias again
322		echo "" > "$syspathname"
323
324	        ip link show "$devdummy" | grep -q "alias $namewant"
325		check_fail $?
326
327		for i in $(seq 1 100); do
328			uuidgen > "$syspathname" &
329		done
330
331		wait
332
333		# re-add the alias -- kernel should free mem when dummy dev is removed
334		ip link set dev "$devdummy" alias "$namewant"
335		check_err $?
336	fi
337
338	if [ $ret -ne 0 ]; then
339		echo "FAIL: set interface alias $devdummy to $namewant"
340		return 1
341	fi
342
343	echo "PASS: set ifalias $namewant for $devdummy"
344}
345
346kci_test_vrf()
347{
348	vrfname="test-vrf"
349	ret=0
350
351	ip link show type vrf 2>/dev/null
352	if [ $? -ne 0 ]; then
353		echo "SKIP: vrf: iproute2 too old"
354		return $ksft_skip
355	fi
356
357	ip link add "$vrfname" type vrf table 10
358	check_err $?
359	if [ $ret -ne 0 ];then
360		echo "FAIL: can't add vrf interface, skipping test"
361		return 0
362	fi
363
364	ip -br link show type vrf | grep -q "$vrfname"
365	check_err $?
366	if [ $ret -ne 0 ];then
367		echo "FAIL: created vrf device not found"
368		return 1
369	fi
370
371	ip link set dev "$vrfname" up
372	check_err $?
373
374	ip link set dev "$devdummy" master "$vrfname"
375	check_err $?
376	ip link del dev "$vrfname"
377	check_err $?
378
379	if [ $ret -ne 0 ];then
380		echo "FAIL: vrf"
381		return 1
382	fi
383
384	echo "PASS: vrf"
385}
386
387kci_test_encap_vxlan()
388{
389	ret=0
390	vxlan="test-vxlan0"
391	vlan="test-vlan0"
392	testns="$1"
393
394	ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
395		dev "$devdummy" dstport 4789 2>/dev/null
396	if [ $? -ne 0 ]; then
397		echo "FAIL: can't add vxlan interface, skipping test"
398		return 0
399	fi
400	check_err $?
401
402	ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan"
403	check_err $?
404
405	ip -netns "$testns" link set up dev "$vxlan"
406	check_err $?
407
408	ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1
409	check_err $?
410
411	# changelink testcases
412	ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null
413	check_fail $?
414
415	ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null
416	check_fail $?
417
418	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null
419	check_fail $?
420
421	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64
422	check_err $?
423
424	ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning
425	check_err $?
426
427	ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null
428	check_fail $?
429
430	ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null
431	check_fail $?
432
433	ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null
434	check_fail $?
435
436	ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null
437	check_fail $?
438
439	ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null
440	check_fail $?
441
442	ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null
443	check_fail $?
444
445	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null
446	check_fail $?
447
448	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null
449	check_fail $?
450
451	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null
452	check_fail $?
453
454	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null
455	check_fail $?
456
457	ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null
458	check_fail $?
459
460	ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null
461	check_fail $?
462
463	ip -netns "$testns" link del "$vxlan"
464	check_err $?
465
466	if [ $ret -ne 0 ]; then
467		echo "FAIL: vxlan"
468		return 1
469	fi
470	echo "PASS: vxlan"
471}
472
473kci_test_encap_fou()
474{
475	ret=0
476	name="test-fou"
477	testns="$1"
478
479	ip fou help 2>&1 |grep -q 'Usage: ip fou'
480	if [ $? -ne 0 ];then
481		echo "SKIP: fou: iproute2 too old"
482		return $ksft_skip
483	fi
484
485	ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null
486	if [ $? -ne 0 ];then
487		echo "FAIL: can't add fou port 7777, skipping test"
488		return 1
489	fi
490
491	ip -netns "$testns" fou add port 8888 ipproto 4
492	check_err $?
493
494	ip -netns "$testns" fou del port 9999 2>/dev/null
495	check_fail $?
496
497	ip -netns "$testns" fou del port 7777
498	check_err $?
499
500	if [ $ret -ne 0 ]; then
501		echo "FAIL: fou"
502		return 1
503	fi
504
505	echo "PASS: fou"
506}
507
508# test various encap methods, use netns to avoid unwanted interference
509kci_test_encap()
510{
511	testns="testns"
512	ret=0
513
514	ip netns add "$testns"
515	if [ $? -ne 0 ]; then
516		echo "SKIP encap tests: cannot add net namespace $testns"
517		return $ksft_skip
518	fi
519
520	ip -netns "$testns" link set lo up
521	check_err $?
522
523	ip -netns "$testns" link add name "$devdummy" type dummy
524	check_err $?
525	ip -netns "$testns" link set "$devdummy" up
526	check_err $?
527
528	kci_test_encap_vxlan "$testns"
529	kci_test_encap_fou "$testns"
530
531	ip netns del "$testns"
532}
533
534kci_test_macsec()
535{
536	msname="test_macsec0"
537	ret=0
538
539	ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
540	if [ $? -ne 0 ]; then
541		echo "SKIP: macsec: iproute2 too old"
542		return $ksft_skip
543	fi
544
545	ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
546	check_err $?
547	if [ $ret -ne 0 ];then
548		echo "FAIL: can't add macsec interface, skipping test"
549		return 1
550	fi
551
552	ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
553	check_err $?
554
555	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
556	check_err $?
557
558	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
559	check_err $?
560
561	ip macsec show > /dev/null
562	check_err $?
563
564	ip link del dev "$msname"
565	check_err $?
566
567	if [ $ret -ne 0 ];then
568		echo "FAIL: macsec"
569		return 1
570	fi
571
572	echo "PASS: macsec"
573}
574
575#-------------------------------------------------------------------
576# Example commands
577#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
578#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
579#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
580#            sel src 14.0.0.52/24 dst 14.0.0.70/24
581#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
582#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
583#            spi 0x07 mode transport reqid 0x07
584#
585# Subcommands not tested
586#    ip x s update
587#    ip x s allocspi
588#    ip x s deleteall
589#    ip x p update
590#    ip x p deleteall
591#    ip x p set
592#-------------------------------------------------------------------
593kci_test_ipsec()
594{
595	ret=0
596	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
597	srcip=192.168.123.1
598	dstip=192.168.123.2
599	spi=7
600
601	ip addr add $srcip dev $devdummy
602
603	# flush to be sure there's nothing configured
604	ip x s flush ; ip x p flush
605	check_err $?
606
607	# start the monitor in the background
608	tmpfile=`mktemp /var/run/ipsectestXXX`
609	mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
610	sleep 0.2
611
612	ipsecid="proto esp src $srcip dst $dstip spi 0x07"
613	ip x s add $ipsecid \
614            mode transport reqid 0x07 replay-window 32 \
615            $algo sel src $srcip/24 dst $dstip/24
616	check_err $?
617
618	lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
619	test $lines -eq 2
620	check_err $?
621
622	ip x s count | grep -q "SAD count 1"
623	check_err $?
624
625	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
626	test $lines -eq 2
627	check_err $?
628
629	ip x s delete $ipsecid
630	check_err $?
631
632	lines=`ip x s list | wc -l`
633	test $lines -eq 0
634	check_err $?
635
636	ipsecsel="dir out src $srcip/24 dst $dstip/24"
637	ip x p add $ipsecsel \
638		    tmpl proto esp src $srcip dst $dstip \
639		    spi 0x07 mode transport reqid 0x07
640	check_err $?
641
642	lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
643	test $lines -eq 2
644	check_err $?
645
646	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
647	check_err $?
648
649	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
650	test $lines -eq 2
651	check_err $?
652
653	ip x p delete $ipsecsel
654	check_err $?
655
656	lines=`ip x p list | wc -l`
657	test $lines -eq 0
658	check_err $?
659
660	# check the monitor results
661	kill $mpid
662	lines=`wc -l $tmpfile | cut "-d " -f1`
663	test $lines -eq 20
664	check_err $?
665	rm -rf $tmpfile
666
667	# clean up any leftovers
668	ip x s flush
669	check_err $?
670	ip x p flush
671	check_err $?
672	ip addr del $srcip/32 dev $devdummy
673
674	if [ $ret -ne 0 ]; then
675		echo "FAIL: ipsec"
676		return 1
677	fi
678	echo "PASS: ipsec"
679}
680
681#-------------------------------------------------------------------
682# Example commands
683#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
684#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
685#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
686#            sel src 14.0.0.52/24 dst 14.0.0.70/24
687#            offload dev sim1 dir out
688#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
689#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
690#            spi 0x07 mode transport reqid 0x07
691#
692#-------------------------------------------------------------------
693kci_test_ipsec_offload()
694{
695	ret=0
696	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
697	srcip=192.168.123.3
698	dstip=192.168.123.4
699	dev=simx1
700	sysfsd=/sys/kernel/debug/netdevsim/$dev
701	sysfsf=$sysfsd/ipsec
702
703	# setup netdevsim since dummydev doesn't have offload support
704	modprobe netdevsim
705	check_err $?
706	if [ $ret -ne 0 ]; then
707		echo "FAIL: ipsec_offload can't load netdevsim"
708		return 1
709	fi
710
711	ip link add $dev type netdevsim
712	ip addr add $srcip dev $dev
713	ip link set $dev up
714	if [ ! -d $sysfsd ] ; then
715		echo "FAIL: ipsec_offload can't create device $dev"
716		return 1
717	fi
718	if [ ! -f $sysfsf ] ; then
719		echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
720		return 1
721	fi
722
723	# flush to be sure there's nothing configured
724	ip x s flush ; ip x p flush
725
726	# create offloaded SAs, both in and out
727	ip x p add dir out src $srcip/24 dst $dstip/24 \
728	    tmpl proto esp src $srcip dst $dstip spi 9 \
729	    mode transport reqid 42
730	check_err $?
731	ip x p add dir out src $dstip/24 dst $srcip/24 \
732	    tmpl proto esp src $dstip dst $srcip spi 9 \
733	    mode transport reqid 42
734	check_err $?
735
736	ip x s add proto esp src $srcip dst $dstip spi 9 \
737	    mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
738	    offload dev $dev dir out
739	check_err $?
740	ip x s add proto esp src $dstip dst $srcip spi 9 \
741	    mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
742	    offload dev $dev dir in
743	check_err $?
744	if [ $ret -ne 0 ]; then
745		echo "FAIL: ipsec_offload can't create SA"
746		return 1
747	fi
748
749	# does offload show up in ip output
750	lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
751	if [ $lines -ne 2 ] ; then
752		echo "FAIL: ipsec_offload SA offload missing from list output"
753		check_err 1
754	fi
755
756	# use ping to exercise the Tx path
757	ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
758
759	# does driver have correct offload info
760	diff $sysfsf - << EOF
761SA count=2 tx=3
762sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
763sa[0]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
764sa[0]    key=0x34333231 38373635 32313039 36353433
765sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
766sa[1]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
767sa[1]    key=0x34333231 38373635 32313039 36353433
768EOF
769	if [ $? -ne 0 ] ; then
770		echo "FAIL: ipsec_offload incorrect driver data"
771		check_err 1
772	fi
773
774	# does offload get removed from driver
775	ip x s flush
776	ip x p flush
777	lines=`grep -c "SA count=0" $sysfsf`
778	if [ $lines -ne 1 ] ; then
779		echo "FAIL: ipsec_offload SA not removed from driver"
780		check_err 1
781	fi
782
783	# clean up any leftovers
784	ip link del $dev
785	rmmod netdevsim
786
787	if [ $ret -ne 0 ]; then
788		echo "FAIL: ipsec_offload"
789		return 1
790	fi
791	echo "PASS: ipsec_offload"
792}
793
794kci_test_gretap()
795{
796	testns="testns"
797	DEV_NS=gretap00
798	ret=0
799
800	ip netns add "$testns"
801	if [ $? -ne 0 ]; then
802		echo "SKIP gretap tests: cannot add net namespace $testns"
803		return $ksft_skip
804	fi
805
806	ip link help gretap 2>&1 | grep -q "^Usage:"
807	if [ $? -ne 0 ];then
808		echo "SKIP: gretap: iproute2 too old"
809		ip netns del "$testns"
810		return $ksft_skip
811	fi
812
813	# test native tunnel
814	ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \
815		key 102 local 172.16.1.100 remote 172.16.1.200
816	check_err $?
817
818	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
819	check_err $?
820
821	ip -netns "$testns" link set dev $DEV_NS up
822	check_err $?
823
824	ip -netns "$testns" link del "$DEV_NS"
825	check_err $?
826
827	# test external mode
828	ip -netns "$testns" link add dev "$DEV_NS" type gretap external
829	check_err $?
830
831	ip -netns "$testns" link del "$DEV_NS"
832	check_err $?
833
834	if [ $ret -ne 0 ]; then
835		echo "FAIL: gretap"
836		ip netns del "$testns"
837		return 1
838	fi
839	echo "PASS: gretap"
840
841	ip netns del "$testns"
842}
843
844kci_test_ip6gretap()
845{
846	testns="testns"
847	DEV_NS=ip6gretap00
848	ret=0
849
850	ip netns add "$testns"
851	if [ $? -ne 0 ]; then
852		echo "SKIP ip6gretap tests: cannot add net namespace $testns"
853		return $ksft_skip
854	fi
855
856	ip link help ip6gretap 2>&1 | grep -q "^Usage:"
857	if [ $? -ne 0 ];then
858		echo "SKIP: ip6gretap: iproute2 too old"
859		ip netns del "$testns"
860		return $ksft_skip
861	fi
862
863	# test native tunnel
864	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \
865		key 102 local fc00:100::1 remote fc00:100::2
866	check_err $?
867
868	ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96
869	check_err $?
870
871	ip -netns "$testns" link set dev $DEV_NS up
872	check_err $?
873
874	ip -netns "$testns" link del "$DEV_NS"
875	check_err $?
876
877	# test external mode
878	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external
879	check_err $?
880
881	ip -netns "$testns" link del "$DEV_NS"
882	check_err $?
883
884	if [ $ret -ne 0 ]; then
885		echo "FAIL: ip6gretap"
886		ip netns del "$testns"
887		return 1
888	fi
889	echo "PASS: ip6gretap"
890
891	ip netns del "$testns"
892}
893
894kci_test_erspan()
895{
896	testns="testns"
897	DEV_NS=erspan00
898	ret=0
899
900	ip link help erspan 2>&1 | grep -q "^Usage:"
901	if [ $? -ne 0 ];then
902		echo "SKIP: erspan: iproute2 too old"
903		return $ksft_skip
904	fi
905
906	ip netns add "$testns"
907	if [ $? -ne 0 ]; then
908		echo "SKIP erspan tests: cannot add net namespace $testns"
909		return $ksft_skip
910	fi
911
912	# test native tunnel erspan v1
913	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
914		key 102 local 172.16.1.100 remote 172.16.1.200 \
915		erspan_ver 1 erspan 488
916	check_err $?
917
918	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
919	check_err $?
920
921	ip -netns "$testns" link set dev $DEV_NS up
922	check_err $?
923
924	ip -netns "$testns" link del "$DEV_NS"
925	check_err $?
926
927	# test native tunnel erspan v2
928	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
929		key 102 local 172.16.1.100 remote 172.16.1.200 \
930		erspan_ver 2 erspan_dir ingress erspan_hwid 7
931	check_err $?
932
933	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
934	check_err $?
935
936	ip -netns "$testns" link set dev $DEV_NS up
937	check_err $?
938
939	ip -netns "$testns" link del "$DEV_NS"
940	check_err $?
941
942	# test external mode
943	ip -netns "$testns" link add dev "$DEV_NS" type erspan external
944	check_err $?
945
946	ip -netns "$testns" link del "$DEV_NS"
947	check_err $?
948
949	if [ $ret -ne 0 ]; then
950		echo "FAIL: erspan"
951		ip netns del "$testns"
952		return 1
953	fi
954	echo "PASS: erspan"
955
956	ip netns del "$testns"
957}
958
959kci_test_ip6erspan()
960{
961	testns="testns"
962	DEV_NS=ip6erspan00
963	ret=0
964
965	ip link help ip6erspan 2>&1 | grep -q "^Usage:"
966	if [ $? -ne 0 ];then
967		echo "SKIP: ip6erspan: iproute2 too old"
968		return $ksft_skip
969	fi
970
971	ip netns add "$testns"
972	if [ $? -ne 0 ]; then
973		echo "SKIP ip6erspan tests: cannot add net namespace $testns"
974		return $ksft_skip
975	fi
976
977	# test native tunnel ip6erspan v1
978	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
979		key 102 local fc00:100::1 remote fc00:100::2 \
980		erspan_ver 1 erspan 488
981	check_err $?
982
983	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
984	check_err $?
985
986	ip -netns "$testns" link set dev $DEV_NS up
987	check_err $?
988
989	ip -netns "$testns" link del "$DEV_NS"
990	check_err $?
991
992	# test native tunnel ip6erspan v2
993	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
994		key 102 local fc00:100::1 remote fc00:100::2 \
995		erspan_ver 2 erspan_dir ingress erspan_hwid 7
996	check_err $?
997
998	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
999	check_err $?
1000
1001	ip -netns "$testns" link set dev $DEV_NS up
1002	check_err $?
1003
1004	ip -netns "$testns" link del "$DEV_NS"
1005	check_err $?
1006
1007	# test external mode
1008	ip -netns "$testns" link add dev "$DEV_NS" \
1009		type ip6erspan external
1010	check_err $?
1011
1012	ip -netns "$testns" link del "$DEV_NS"
1013	check_err $?
1014
1015	if [ $ret -ne 0 ]; then
1016		echo "FAIL: ip6erspan"
1017		ip netns del "$testns"
1018		return 1
1019	fi
1020	echo "PASS: ip6erspan"
1021
1022	ip netns del "$testns"
1023}
1024
1025kci_test_fdb_get()
1026{
1027	IP="ip -netns testns"
1028	BRIDGE="bridge -netns testns"
1029	brdev="test-br0"
1030	vxlandev="vxlan10"
1031	test_mac=de:ad:be:ef:13:37
1032	localip="10.0.2.2"
1033	dstip="10.0.2.3"
1034	ret=0
1035
1036	bridge fdb help 2>&1 |grep -q 'bridge fdb get'
1037	if [ $? -ne 0 ];then
1038		echo "SKIP: fdb get tests: iproute2 too old"
1039		return $ksft_skip
1040	fi
1041
1042	ip netns add testns
1043	if [ $? -ne 0 ]; then
1044		echo "SKIP fdb get tests: cannot add net namespace $testns"
1045		return $ksft_skip
1046	fi
1047
1048	$IP link add "$vxlandev" type vxlan id 10 local $localip \
1049                dstport 4789 2>/dev/null
1050	check_err $?
1051	$IP link add name "$brdev" type bridge &>/dev/null
1052	check_err $?
1053	$IP link set dev "$vxlandev" master "$brdev" &>/dev/null
1054	check_err $?
1055	$BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null
1056	check_err $?
1057	$BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null
1058	check_err $?
1059
1060	$BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1061	check_err $?
1062	$BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1063	check_err $?
1064	$BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip"
1065	check_err $?
1066
1067	ip netns del testns &>/dev/null
1068
1069	if [ $ret -ne 0 ]; then
1070		echo "FAIL: bridge fdb get"
1071		return 1
1072	fi
1073
1074	echo "PASS: bridge fdb get"
1075}
1076
1077kci_test_neigh_get()
1078{
1079	dstmac=de:ad:be:ef:13:37
1080	dstip=10.0.2.4
1081	dstip6=dead::2
1082	ret=0
1083
1084	ip neigh help 2>&1 |grep -q 'ip neigh get'
1085	if [ $? -ne 0 ];then
1086		echo "SKIP: fdb get tests: iproute2 too old"
1087		return $ksft_skip
1088	fi
1089
1090	# ipv4
1091	ip neigh add $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1092	check_err $?
1093	ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1094	check_err $?
1095	ip neigh del $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1096	check_err $?
1097
1098	# ipv4 proxy
1099	ip neigh add proxy $dstip dev "$devdummy" > /dev/null
1100	check_err $?
1101	ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip"
1102	check_err $?
1103	ip neigh del proxy $dstip dev "$devdummy" > /dev/null
1104	check_err $?
1105
1106	# ipv6
1107	ip neigh add $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1108	check_err $?
1109	ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1110	check_err $?
1111	ip neigh del $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1112	check_err $?
1113
1114	# ipv6 proxy
1115	ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null
1116	check_err $?
1117	ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6"
1118	check_err $?
1119	ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null
1120	check_err $?
1121
1122	if [ $ret -ne 0 ];then
1123		echo "FAIL: neigh get"
1124		return 1
1125	fi
1126
1127	echo "PASS: neigh get"
1128}
1129
1130kci_test_rtnl()
1131{
1132	kci_add_dummy
1133	if [ $ret -ne 0 ];then
1134		echo "FAIL: cannot add dummy interface"
1135		return 1
1136	fi
1137
1138	kci_test_polrouting
1139	kci_test_route_get
1140	kci_test_tc
1141	kci_test_gre
1142	kci_test_gretap
1143	kci_test_ip6gretap
1144	kci_test_erspan
1145	kci_test_ip6erspan
1146	kci_test_bridge
1147	kci_test_addrlabel
1148	kci_test_ifalias
1149	kci_test_vrf
1150	kci_test_encap
1151	kci_test_macsec
1152	kci_test_ipsec
1153	kci_test_ipsec_offload
1154	kci_test_fdb_get
1155	kci_test_neigh_get
1156
1157	kci_del_dummy
1158}
1159
1160#check for needed privileges
1161if [ "$(id -u)" -ne 0 ];then
1162	echo "SKIP: Need root privileges"
1163	exit $ksft_skip
1164fi
1165
1166for x in ip tc;do
1167	$x -Version 2>/dev/null >/dev/null
1168	if [ $? -ne 0 ];then
1169		echo "SKIP: Could not run test without the $x tool"
1170		exit $ksft_skip
1171	fi
1172done
1173
1174kci_test_rtnl
1175
1176exit $ret
1177