xref: /linux/tools/testing/selftests/net/rtnetlink.sh (revision 4ab5a5d2a4a2289c2af07accbec7170ca5671f41)
1#!/bin/bash
2#
3# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
4#
5# set -e
6
7devdummy="test-dummy0"
8ret=0
9
10# Kselftest framework requirement - SKIP code is 4.
11ksft_skip=4
12
13# set global exit status, but never reset nonzero one.
14check_err()
15{
16	if [ $ret -eq 0 ]; then
17		ret=$1
18	fi
19}
20
21# same but inverted -- used when command must fail for test to pass
22check_fail()
23{
24	if [ $1 -eq 0 ]; then
25		ret=1
26	fi
27}
28
29kci_add_dummy()
30{
31	ip link add name "$devdummy" type dummy
32	check_err $?
33	ip link set "$devdummy" up
34	check_err $?
35}
36
37kci_del_dummy()
38{
39	ip link del dev "$devdummy"
40	check_err $?
41}
42
43kci_test_netconf()
44{
45	dev="$1"
46	r=$ret
47
48	ip netconf show dev "$dev" > /dev/null
49	check_err $?
50
51	for f in 4 6; do
52		ip -$f netconf show dev "$dev" > /dev/null
53		check_err $?
54	done
55
56	if [ $ret -ne 0 ] ;then
57		echo "FAIL: ip netconf show $dev"
58		test $r -eq 0 && ret=0
59		return 1
60	fi
61}
62
63# add a bridge with vlans on top
64kci_test_bridge()
65{
66	devbr="test-br0"
67	vlandev="testbr-vlan1"
68
69	ret=0
70	ip link add name "$devbr" type bridge
71	check_err $?
72
73	ip link set dev "$devdummy" master "$devbr"
74	check_err $?
75
76	ip link set "$devbr" up
77	check_err $?
78
79	ip link add link "$devbr" name "$vlandev" type vlan id 1
80	check_err $?
81	ip addr add dev "$vlandev" 10.200.7.23/30
82	check_err $?
83	ip -6 addr add dev "$vlandev" dead:42::1234/64
84	check_err $?
85	ip -d link > /dev/null
86	check_err $?
87	ip r s t all > /dev/null
88	check_err $?
89
90	for name in "$devbr" "$vlandev" "$devdummy" ; do
91		kci_test_netconf "$name"
92	done
93
94	ip -6 addr del dev "$vlandev" dead:42::1234/64
95	check_err $?
96
97	ip link del dev "$vlandev"
98	check_err $?
99	ip link del dev "$devbr"
100	check_err $?
101
102	if [ $ret -ne 0 ];then
103		echo "FAIL: bridge setup"
104		return 1
105	fi
106	echo "PASS: bridge setup"
107
108}
109
110kci_test_gre()
111{
112	gredev=neta
113	rem=10.42.42.1
114	loc=10.0.0.1
115
116	ret=0
117	ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
118	check_err $?
119	ip link set $gredev up
120	check_err $?
121	ip addr add 10.23.7.10 dev $gredev
122	check_err $?
123	ip route add 10.23.8.0/30 dev $gredev
124	check_err $?
125	ip addr add dev "$devdummy" 10.23.7.11/24
126	check_err $?
127	ip link > /dev/null
128	check_err $?
129	ip addr > /dev/null
130	check_err $?
131
132	kci_test_netconf "$gredev"
133
134	ip addr del dev "$devdummy" 10.23.7.11/24
135	check_err $?
136
137	ip link del $gredev
138	check_err $?
139
140	if [ $ret -ne 0 ];then
141		echo "FAIL: gre tunnel endpoint"
142		return 1
143	fi
144	echo "PASS: gre tunnel endpoint"
145}
146
147# tc uses rtnetlink too, for full tc testing
148# please see tools/testing/selftests/tc-testing.
149kci_test_tc()
150{
151	dev=lo
152	ret=0
153
154	tc qdisc add dev "$dev" root handle 1: htb
155	check_err $?
156	tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
157	check_err $?
158	tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
159	check_err $?
160	tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
161	check_err $?
162	tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
163	check_err $?
164	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
165	check_err $?
166	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
167	check_err $?
168	tc filter show dev "$dev" parent  1:0 > /dev/null
169	check_err $?
170	tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
171	check_err $?
172	tc filter show dev "$dev" parent  1:0 > /dev/null
173	check_err $?
174	tc qdisc del dev "$dev" root handle 1: htb
175	check_err $?
176
177	if [ $ret -ne 0 ];then
178		echo "FAIL: tc htb hierarchy"
179		return 1
180	fi
181	echo "PASS: tc htb hierarchy"
182
183}
184
185kci_test_polrouting()
186{
187	ret=0
188	ip rule add fwmark 1 lookup 100
189	check_err $?
190	ip route add local 0.0.0.0/0 dev lo table 100
191	check_err $?
192	ip r s t all > /dev/null
193	check_err $?
194	ip rule del fwmark 1 lookup 100
195	check_err $?
196	ip route del local 0.0.0.0/0 dev lo table 100
197	check_err $?
198
199	if [ $ret -ne 0 ];then
200		echo "FAIL: policy route test"
201		return 1
202	fi
203	echo "PASS: policy routing"
204}
205
206kci_test_route_get()
207{
208	ret=0
209
210	ip route get 127.0.0.1 > /dev/null
211	check_err $?
212	ip route get 127.0.0.1 dev "$devdummy" > /dev/null
213	check_err $?
214	ip route get ::1 > /dev/null
215	check_err $?
216	ip route get fe80::1 dev "$devdummy" > /dev/null
217	check_err $?
218	ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null
219	check_err $?
220	ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null
221	check_err $?
222	ip addr add dev "$devdummy" 10.23.7.11/24
223	check_err $?
224	ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
225	check_err $?
226	ip addr del dev "$devdummy" 10.23.7.11/24
227	check_err $?
228
229	if [ $ret -ne 0 ];then
230		echo "FAIL: route get"
231		return 1
232	fi
233
234	echo "PASS: route get"
235}
236
237kci_test_addrlabel()
238{
239	ret=0
240
241	ip addrlabel add prefix dead::/64 dev lo label 1
242	check_err $?
243
244	ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
245	check_err $?
246
247	ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
248	check_err $?
249
250	ip addrlabel add prefix dead::/64 label 1 2> /dev/null
251	check_err $?
252
253	ip addrlabel del prefix dead::/64 label 1 2> /dev/null
254	check_err $?
255
256	# concurrent add/delete
257	for i in $(seq 1 1000); do
258		ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
259	done &
260
261	for i in $(seq 1 1000); do
262		ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
263	done
264
265	wait
266
267	ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
268
269	if [ $ret -ne 0 ];then
270		echo "FAIL: ipv6 addrlabel"
271		return 1
272	fi
273
274	echo "PASS: ipv6 addrlabel"
275}
276
277kci_test_ifalias()
278{
279	ret=0
280	namewant=$(uuidgen)
281	syspathname="/sys/class/net/$devdummy/ifalias"
282
283	ip link set dev "$devdummy" alias "$namewant"
284	check_err $?
285
286	if [ $ret -ne 0 ]; then
287		echo "FAIL: cannot set interface alias of $devdummy to $namewant"
288		return 1
289	fi
290
291	ip link show "$devdummy" | grep -q "alias $namewant"
292	check_err $?
293
294	if [ -r "$syspathname" ] ; then
295		read namehave < "$syspathname"
296		if [ "$namewant" != "$namehave" ]; then
297			echo "FAIL: did set ifalias $namewant but got $namehave"
298			return 1
299		fi
300
301		namewant=$(uuidgen)
302		echo "$namewant" > "$syspathname"
303	        ip link show "$devdummy" | grep -q "alias $namewant"
304		check_err $?
305
306		# sysfs interface allows to delete alias again
307		echo "" > "$syspathname"
308
309	        ip link show "$devdummy" | grep -q "alias $namewant"
310		check_fail $?
311
312		for i in $(seq 1 100); do
313			uuidgen > "$syspathname" &
314		done
315
316		wait
317
318		# re-add the alias -- kernel should free mem when dummy dev is removed
319		ip link set dev "$devdummy" alias "$namewant"
320		check_err $?
321	fi
322
323	if [ $ret -ne 0 ]; then
324		echo "FAIL: set interface alias $devdummy to $namewant"
325		return 1
326	fi
327
328	echo "PASS: set ifalias $namewant for $devdummy"
329}
330
331kci_test_vrf()
332{
333	vrfname="test-vrf"
334	ret=0
335
336	ip link show type vrf 2>/dev/null
337	if [ $? -ne 0 ]; then
338		echo "SKIP: vrf: iproute2 too old"
339		return $ksft_skip
340	fi
341
342	ip link add "$vrfname" type vrf table 10
343	check_err $?
344	if [ $ret -ne 0 ];then
345		echo "FAIL: can't add vrf interface, skipping test"
346		return 0
347	fi
348
349	ip -br link show type vrf | grep -q "$vrfname"
350	check_err $?
351	if [ $ret -ne 0 ];then
352		echo "FAIL: created vrf device not found"
353		return 1
354	fi
355
356	ip link set dev "$vrfname" up
357	check_err $?
358
359	ip link set dev "$devdummy" master "$vrfname"
360	check_err $?
361	ip link del dev "$vrfname"
362	check_err $?
363
364	if [ $ret -ne 0 ];then
365		echo "FAIL: vrf"
366		return 1
367	fi
368
369	echo "PASS: vrf"
370}
371
372kci_test_encap_vxlan()
373{
374	ret=0
375	vxlan="test-vxlan0"
376	vlan="test-vlan0"
377	testns="$1"
378
379	ip netns exec "$testns" ip link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
380		dev "$devdummy" dstport 4789 2>/dev/null
381	if [ $? -ne 0 ]; then
382		echo "FAIL: can't add vxlan interface, skipping test"
383		return 0
384	fi
385	check_err $?
386
387	ip netns exec "$testns" ip addr add 10.2.11.49/24 dev "$vxlan"
388	check_err $?
389
390	ip netns exec "$testns" ip link set up dev "$vxlan"
391	check_err $?
392
393	ip netns exec "$testns" ip link add link "$vxlan" name "$vlan" type vlan id 1
394	check_err $?
395
396	ip netns exec "$testns" ip link del "$vxlan"
397	check_err $?
398
399	if [ $ret -ne 0 ]; then
400		echo "FAIL: vxlan"
401		return 1
402	fi
403	echo "PASS: vxlan"
404}
405
406kci_test_encap_fou()
407{
408	ret=0
409	name="test-fou"
410	testns="$1"
411
412	ip fou help 2>&1 |grep -q 'Usage: ip fou'
413	if [ $? -ne 0 ];then
414		echo "SKIP: fou: iproute2 too old"
415		return $ksft_skip
416	fi
417
418	ip netns exec "$testns" ip fou add port 7777 ipproto 47 2>/dev/null
419	if [ $? -ne 0 ];then
420		echo "FAIL: can't add fou port 7777, skipping test"
421		return 1
422	fi
423
424	ip netns exec "$testns" ip fou add port 8888 ipproto 4
425	check_err $?
426
427	ip netns exec "$testns" ip fou del port 9999 2>/dev/null
428	check_fail $?
429
430	ip netns exec "$testns" ip fou del port 7777
431	check_err $?
432
433	if [ $ret -ne 0 ]; then
434		echo "FAIL: fou"
435		return 1
436	fi
437
438	echo "PASS: fou"
439}
440
441# test various encap methods, use netns to avoid unwanted interference
442kci_test_encap()
443{
444	testns="testns"
445	ret=0
446
447	ip netns add "$testns"
448	if [ $? -ne 0 ]; then
449		echo "SKIP encap tests: cannot add net namespace $testns"
450		return $ksft_skip
451	fi
452
453	ip netns exec "$testns" ip link set lo up
454	check_err $?
455
456	ip netns exec "$testns" ip link add name "$devdummy" type dummy
457	check_err $?
458	ip netns exec "$testns" ip link set "$devdummy" up
459	check_err $?
460
461	kci_test_encap_vxlan "$testns"
462	kci_test_encap_fou "$testns"
463
464	ip netns del "$testns"
465}
466
467kci_test_macsec()
468{
469	msname="test_macsec0"
470	ret=0
471
472	ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
473	if [ $? -ne 0 ]; then
474		echo "SKIP: macsec: iproute2 too old"
475		return $ksft_skip
476	fi
477
478	ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
479	check_err $?
480	if [ $ret -ne 0 ];then
481		echo "FAIL: can't add macsec interface, skipping test"
482		return 1
483	fi
484
485	ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
486	check_err $?
487
488	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
489	check_err $?
490
491	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
492	check_err $?
493
494	ip macsec show > /dev/null
495	check_err $?
496
497	ip link del dev "$msname"
498	check_err $?
499
500	if [ $ret -ne 0 ];then
501		echo "FAIL: macsec"
502		return 1
503	fi
504
505	echo "PASS: macsec"
506}
507
508#-------------------------------------------------------------------
509# Example commands
510#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
511#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
512#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
513#            sel src 14.0.0.52/24 dst 14.0.0.70/24
514#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
515#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
516#            spi 0x07 mode transport reqid 0x07
517#
518# Subcommands not tested
519#    ip x s update
520#    ip x s allocspi
521#    ip x s deleteall
522#    ip x p update
523#    ip x p deleteall
524#    ip x p set
525#-------------------------------------------------------------------
526kci_test_ipsec()
527{
528	ret=0
529	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
530	srcip=192.168.123.1
531	dstip=192.168.123.2
532	spi=7
533
534	ip addr add $srcip dev $devdummy
535
536	# flush to be sure there's nothing configured
537	ip x s flush ; ip x p flush
538	check_err $?
539
540	# start the monitor in the background
541	tmpfile=`mktemp /var/run/ipsectestXXX`
542	mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
543	sleep 0.2
544
545	ipsecid="proto esp src $srcip dst $dstip spi 0x07"
546	ip x s add $ipsecid \
547            mode transport reqid 0x07 replay-window 32 \
548            $algo sel src $srcip/24 dst $dstip/24
549	check_err $?
550
551	lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
552	test $lines -eq 2
553	check_err $?
554
555	ip x s count | grep -q "SAD count 1"
556	check_err $?
557
558	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
559	test $lines -eq 2
560	check_err $?
561
562	ip x s delete $ipsecid
563	check_err $?
564
565	lines=`ip x s list | wc -l`
566	test $lines -eq 0
567	check_err $?
568
569	ipsecsel="dir out src $srcip/24 dst $dstip/24"
570	ip x p add $ipsecsel \
571		    tmpl proto esp src $srcip dst $dstip \
572		    spi 0x07 mode transport reqid 0x07
573	check_err $?
574
575	lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
576	test $lines -eq 2
577	check_err $?
578
579	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
580	check_err $?
581
582	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
583	test $lines -eq 2
584	check_err $?
585
586	ip x p delete $ipsecsel
587	check_err $?
588
589	lines=`ip x p list | wc -l`
590	test $lines -eq 0
591	check_err $?
592
593	# check the monitor results
594	kill $mpid
595	lines=`wc -l $tmpfile | cut "-d " -f1`
596	test $lines -eq 20
597	check_err $?
598	rm -rf $tmpfile
599
600	# clean up any leftovers
601	ip x s flush
602	check_err $?
603	ip x p flush
604	check_err $?
605	ip addr del $srcip/32 dev $devdummy
606
607	if [ $ret -ne 0 ]; then
608		echo "FAIL: ipsec"
609		return 1
610	fi
611	echo "PASS: ipsec"
612}
613
614#-------------------------------------------------------------------
615# Example commands
616#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
617#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
618#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
619#            sel src 14.0.0.52/24 dst 14.0.0.70/24
620#            offload dev sim1 dir out
621#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
622#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
623#            spi 0x07 mode transport reqid 0x07
624#
625#-------------------------------------------------------------------
626kci_test_ipsec_offload()
627{
628	ret=0
629	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
630	srcip=192.168.123.3
631	dstip=192.168.123.4
632	dev=simx1
633	sysfsd=/sys/kernel/debug/netdevsim/$dev
634	sysfsf=$sysfsd/ipsec
635
636	# setup netdevsim since dummydev doesn't have offload support
637	modprobe netdevsim
638	check_err $?
639	if [ $ret -ne 0 ]; then
640		echo "FAIL: ipsec_offload can't load netdevsim"
641		return 1
642	fi
643
644	ip link add $dev type netdevsim
645	ip addr add $srcip dev $dev
646	ip link set $dev up
647	if [ ! -d $sysfsd ] ; then
648		echo "FAIL: ipsec_offload can't create device $dev"
649		return 1
650	fi
651	if [ ! -f $sysfsf ] ; then
652		echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
653		return 1
654	fi
655
656	# flush to be sure there's nothing configured
657	ip x s flush ; ip x p flush
658
659	# create offloaded SAs, both in and out
660	ip x p add dir out src $srcip/24 dst $dstip/24 \
661	    tmpl proto esp src $srcip dst $dstip spi 9 \
662	    mode transport reqid 42
663	check_err $?
664	ip x p add dir out src $dstip/24 dst $srcip/24 \
665	    tmpl proto esp src $dstip dst $srcip spi 9 \
666	    mode transport reqid 42
667	check_err $?
668
669	ip x s add proto esp src $srcip dst $dstip spi 9 \
670	    mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
671	    offload dev $dev dir out
672	check_err $?
673	ip x s add proto esp src $dstip dst $srcip spi 9 \
674	    mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
675	    offload dev $dev dir in
676	check_err $?
677	if [ $ret -ne 0 ]; then
678		echo "FAIL: ipsec_offload can't create SA"
679		return 1
680	fi
681
682	# does offload show up in ip output
683	lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
684	if [ $lines -ne 2 ] ; then
685		echo "FAIL: ipsec_offload SA offload missing from list output"
686		check_err 1
687	fi
688
689	# use ping to exercise the Tx path
690	ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
691
692	# does driver have correct offload info
693	diff $sysfsf - << EOF
694SA count=2 tx=3
695sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
696sa[0]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
697sa[0]    key=0x34333231 38373635 32313039 36353433
698sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
699sa[1]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
700sa[1]    key=0x34333231 38373635 32313039 36353433
701EOF
702	if [ $? -ne 0 ] ; then
703		echo "FAIL: ipsec_offload incorrect driver data"
704		check_err 1
705	fi
706
707	# does offload get removed from driver
708	ip x s flush
709	ip x p flush
710	lines=`grep -c "SA count=0" $sysfsf`
711	if [ $lines -ne 1 ] ; then
712		echo "FAIL: ipsec_offload SA not removed from driver"
713		check_err 1
714	fi
715
716	# clean up any leftovers
717	ip link del $dev
718	rmmod netdevsim
719
720	if [ $ret -ne 0 ]; then
721		echo "FAIL: ipsec_offload"
722		return 1
723	fi
724	echo "PASS: ipsec_offload"
725}
726
727kci_test_gretap()
728{
729	testns="testns"
730	DEV_NS=gretap00
731	ret=0
732
733	ip netns add "$testns"
734	if [ $? -ne 0 ]; then
735		echo "SKIP gretap tests: cannot add net namespace $testns"
736		return $ksft_skip
737	fi
738
739	ip link help gretap 2>&1 | grep -q "^Usage:"
740	if [ $? -ne 0 ];then
741		echo "SKIP: gretap: iproute2 too old"
742		ip netns del "$testns"
743		return $ksft_skip
744	fi
745
746	# test native tunnel
747	ip netns exec "$testns" ip link add dev "$DEV_NS" type gretap seq \
748		key 102 local 172.16.1.100 remote 172.16.1.200
749	check_err $?
750
751	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
752	check_err $?
753
754	ip netns exec "$testns" ip link set dev $DEV_NS up
755	check_err $?
756
757	ip netns exec "$testns" ip link del "$DEV_NS"
758	check_err $?
759
760	# test external mode
761	ip netns exec "$testns" ip link add dev "$DEV_NS" type gretap external
762	check_err $?
763
764	ip netns exec "$testns" ip link del "$DEV_NS"
765	check_err $?
766
767	if [ $ret -ne 0 ]; then
768		echo "FAIL: gretap"
769		ip netns del "$testns"
770		return 1
771	fi
772	echo "PASS: gretap"
773
774	ip netns del "$testns"
775}
776
777kci_test_ip6gretap()
778{
779	testns="testns"
780	DEV_NS=ip6gretap00
781	ret=0
782
783	ip netns add "$testns"
784	if [ $? -ne 0 ]; then
785		echo "SKIP ip6gretap tests: cannot add net namespace $testns"
786		return $ksft_skip
787	fi
788
789	ip link help ip6gretap 2>&1 | grep -q "^Usage:"
790	if [ $? -ne 0 ];then
791		echo "SKIP: ip6gretap: iproute2 too old"
792		ip netns del "$testns"
793		return $ksft_skip
794	fi
795
796	# test native tunnel
797	ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6gretap seq \
798		key 102 local fc00:100::1 remote fc00:100::2
799	check_err $?
800
801	ip netns exec "$testns" ip addr add dev "$DEV_NS" fc00:200::1/96
802	check_err $?
803
804	ip netns exec "$testns" ip link set dev $DEV_NS up
805	check_err $?
806
807	ip netns exec "$testns" ip link del "$DEV_NS"
808	check_err $?
809
810	# test external mode
811	ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6gretap external
812	check_err $?
813
814	ip netns exec "$testns" ip link del "$DEV_NS"
815	check_err $?
816
817	if [ $ret -ne 0 ]; then
818		echo "FAIL: ip6gretap"
819		ip netns del "$testns"
820		return 1
821	fi
822	echo "PASS: ip6gretap"
823
824	ip netns del "$testns"
825}
826
827kci_test_erspan()
828{
829	testns="testns"
830	DEV_NS=erspan00
831	ret=0
832
833	ip link help erspan 2>&1 | grep -q "^Usage:"
834	if [ $? -ne 0 ];then
835		echo "SKIP: erspan: iproute2 too old"
836		return $ksft_skip
837	fi
838
839	ip netns add "$testns"
840	if [ $? -ne 0 ]; then
841		echo "SKIP erspan tests: cannot add net namespace $testns"
842		return $ksft_skip
843	fi
844
845	# test native tunnel erspan v1
846	ip netns exec "$testns" ip link add dev "$DEV_NS" type erspan seq \
847		key 102 local 172.16.1.100 remote 172.16.1.200 \
848		erspan_ver 1 erspan 488
849	check_err $?
850
851	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
852	check_err $?
853
854	ip netns exec "$testns" ip link set dev $DEV_NS up
855	check_err $?
856
857	ip netns exec "$testns" ip link del "$DEV_NS"
858	check_err $?
859
860	# test native tunnel erspan v2
861	ip netns exec "$testns" ip link add dev "$DEV_NS" type erspan seq \
862		key 102 local 172.16.1.100 remote 172.16.1.200 \
863		erspan_ver 2 erspan_dir ingress erspan_hwid 7
864	check_err $?
865
866	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
867	check_err $?
868
869	ip netns exec "$testns" ip link set dev $DEV_NS up
870	check_err $?
871
872	ip netns exec "$testns" ip link del "$DEV_NS"
873	check_err $?
874
875	# test external mode
876	ip netns exec "$testns" ip link add dev "$DEV_NS" type erspan external
877	check_err $?
878
879	ip netns exec "$testns" ip link del "$DEV_NS"
880	check_err $?
881
882	if [ $ret -ne 0 ]; then
883		echo "FAIL: erspan"
884		ip netns del "$testns"
885		return 1
886	fi
887	echo "PASS: erspan"
888
889	ip netns del "$testns"
890}
891
892kci_test_ip6erspan()
893{
894	testns="testns"
895	DEV_NS=ip6erspan00
896	ret=0
897
898	ip link help ip6erspan 2>&1 | grep -q "^Usage:"
899	if [ $? -ne 0 ];then
900		echo "SKIP: ip6erspan: iproute2 too old"
901		return $ksft_skip
902	fi
903
904	ip netns add "$testns"
905	if [ $? -ne 0 ]; then
906		echo "SKIP ip6erspan tests: cannot add net namespace $testns"
907		return $ksft_skip
908	fi
909
910	# test native tunnel ip6erspan v1
911	ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6erspan seq \
912		key 102 local fc00:100::1 remote fc00:100::2 \
913		erspan_ver 1 erspan 488
914	check_err $?
915
916	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
917	check_err $?
918
919	ip netns exec "$testns" ip link set dev $DEV_NS up
920	check_err $?
921
922	ip netns exec "$testns" ip link del "$DEV_NS"
923	check_err $?
924
925	# test native tunnel ip6erspan v2
926	ip netns exec "$testns" ip link add dev "$DEV_NS" type ip6erspan seq \
927		key 102 local fc00:100::1 remote fc00:100::2 \
928		erspan_ver 2 erspan_dir ingress erspan_hwid 7
929	check_err $?
930
931	ip netns exec "$testns" ip addr add dev "$DEV_NS" 10.1.1.100/24
932	check_err $?
933
934	ip netns exec "$testns" ip link set dev $DEV_NS up
935	check_err $?
936
937	ip netns exec "$testns" ip link del "$DEV_NS"
938	check_err $?
939
940	# test external mode
941	ip netns exec "$testns" ip link add dev "$DEV_NS" \
942		type ip6erspan external
943	check_err $?
944
945	ip netns exec "$testns" ip link del "$DEV_NS"
946	check_err $?
947
948	if [ $ret -ne 0 ]; then
949		echo "FAIL: ip6erspan"
950		ip netns del "$testns"
951		return 1
952	fi
953	echo "PASS: ip6erspan"
954
955	ip netns del "$testns"
956}
957
958kci_test_rtnl()
959{
960	kci_add_dummy
961	if [ $ret -ne 0 ];then
962		echo "FAIL: cannot add dummy interface"
963		return 1
964	fi
965
966	kci_test_polrouting
967	kci_test_route_get
968	kci_test_tc
969	kci_test_gre
970	kci_test_gretap
971	kci_test_ip6gretap
972	kci_test_erspan
973	kci_test_ip6erspan
974	kci_test_bridge
975	kci_test_addrlabel
976	kci_test_ifalias
977	kci_test_vrf
978	kci_test_encap
979	kci_test_macsec
980	kci_test_ipsec
981	kci_test_ipsec_offload
982
983	kci_del_dummy
984}
985
986#check for needed privileges
987if [ "$(id -u)" -ne 0 ];then
988	echo "SKIP: Need root privileges"
989	exit $ksft_skip
990fi
991
992for x in ip tc;do
993	$x -Version 2>/dev/null >/dev/null
994	if [ $? -ne 0 ];then
995		echo "SKIP: Could not run test without the $x tool"
996		exit $ksft_skip
997	fi
998done
999
1000kci_test_rtnl
1001
1002exit $ret
1003