xref: /linux/tools/testing/selftests/net/rtnetlink.sh (revision d2912cb15bdda8ba4a5dd73396ad62641af2f520) 
1#!/bin/bash
2#
3# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
4#
5# set -e
6
7devdummy="test-dummy0"
8ret=0
9
10# Kselftest framework requirement - SKIP code is 4.
11ksft_skip=4
12
13# set global exit status, but never reset nonzero one.
14check_err()
15{
16	if [ $ret -eq 0 ]; then
17		ret=$1
18	fi
19}
20
21# same but inverted -- used when command must fail for test to pass
22check_fail()
23{
24	if [ $1 -eq 0 ]; then
25		ret=1
26	fi
27}
28
29kci_add_dummy()
30{
31	ip link add name "$devdummy" type dummy
32	check_err $?
33	ip link set "$devdummy" up
34	check_err $?
35}
36
37kci_del_dummy()
38{
39	ip link del dev "$devdummy"
40	check_err $?
41}
42
43kci_test_netconf()
44{
45	dev="$1"
46	r=$ret
47
48	ip netconf show dev "$dev" > /dev/null
49	check_err $?
50
51	for f in 4 6; do
52		ip -$f netconf show dev "$dev" > /dev/null
53		check_err $?
54	done
55
56	if [ $ret -ne 0 ] ;then
57		echo "FAIL: ip netconf show $dev"
58		test $r -eq 0 && ret=0
59		return 1
60	fi
61}
62
63# add a bridge with vlans on top
64kci_test_bridge()
65{
66	devbr="test-br0"
67	vlandev="testbr-vlan1"
68
69	ret=0
70	ip link add name "$devbr" type bridge
71	check_err $?
72
73	ip link set dev "$devdummy" master "$devbr"
74	check_err $?
75
76	ip link set "$devbr" up
77	check_err $?
78
79	ip link add link "$devbr" name "$vlandev" type vlan id 1
80	check_err $?
81	ip addr add dev "$vlandev" 10.200.7.23/30
82	check_err $?
83	ip -6 addr add dev "$vlandev" dead:42::1234/64
84	check_err $?
85	ip -d link > /dev/null
86	check_err $?
87	ip r s t all > /dev/null
88	check_err $?
89
90	for name in "$devbr" "$vlandev" "$devdummy" ; do
91		kci_test_netconf "$name"
92	done
93
94	ip -6 addr del dev "$vlandev" dead:42::1234/64
95	check_err $?
96
97	ip link del dev "$vlandev"
98	check_err $?
99	ip link del dev "$devbr"
100	check_err $?
101
102	if [ $ret -ne 0 ];then
103		echo "FAIL: bridge setup"
104		return 1
105	fi
106	echo "PASS: bridge setup"
107
108}
109
110kci_test_gre()
111{
112	gredev=neta
113	rem=10.42.42.1
114	loc=10.0.0.1
115
116	ret=0
117	ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
118	check_err $?
119	ip link set $gredev up
120	check_err $?
121	ip addr add 10.23.7.10 dev $gredev
122	check_err $?
123	ip route add 10.23.8.0/30 dev $gredev
124	check_err $?
125	ip addr add dev "$devdummy" 10.23.7.11/24
126	check_err $?
127	ip link > /dev/null
128	check_err $?
129	ip addr > /dev/null
130	check_err $?
131
132	kci_test_netconf "$gredev"
133
134	ip addr del dev "$devdummy" 10.23.7.11/24
135	check_err $?
136
137	ip link del $gredev
138	check_err $?
139
140	if [ $ret -ne 0 ];then
141		echo "FAIL: gre tunnel endpoint"
142		return 1
143	fi
144	echo "PASS: gre tunnel endpoint"
145}
146
147# tc uses rtnetlink too, for full tc testing
148# please see tools/testing/selftests/tc-testing.
149kci_test_tc()
150{
151	dev=lo
152	ret=0
153
154	tc qdisc add dev "$dev" root handle 1: htb
155	check_err $?
156	tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
157	check_err $?
158	tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
159	check_err $?
160	tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
161	check_err $?
162	tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
163	check_err $?
164	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
165	check_err $?
166	tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
167	check_err $?
168	tc filter show dev "$dev" parent  1:0 > /dev/null
169	check_err $?
170	tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
171	check_err $?
172	tc filter show dev "$dev" parent  1:0 > /dev/null
173	check_err $?
174	tc qdisc del dev "$dev" root handle 1: htb
175	check_err $?
176
177	if [ $ret -ne 0 ];then
178		echo "FAIL: tc htb hierarchy"
179		return 1
180	fi
181	echo "PASS: tc htb hierarchy"
182
183}
184
185kci_test_polrouting()
186{
187	ret=0
188	ip rule add fwmark 1 lookup 100
189	check_err $?
190	ip route add local 0.0.0.0/0 dev lo table 100
191	check_err $?
192	ip r s t all > /dev/null
193	check_err $?
194	ip rule del fwmark 1 lookup 100
195	check_err $?
196	ip route del local 0.0.0.0/0 dev lo table 100
197	check_err $?
198
199	if [ $ret -ne 0 ];then
200		echo "FAIL: policy route test"
201		return 1
202	fi
203	echo "PASS: policy routing"
204}
205
206kci_test_route_get()
207{
208	local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy)
209
210	ret=0
211
212	ip route get 127.0.0.1 > /dev/null
213	check_err $?
214	ip route get 127.0.0.1 dev "$devdummy" > /dev/null
215	check_err $?
216	ip route get ::1 > /dev/null
217	check_err $?
218	ip route get fe80::1 dev "$devdummy" > /dev/null
219	check_err $?
220	ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null
221	check_err $?
222	ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null
223	check_err $?
224	ip addr add dev "$devdummy" 10.23.7.11/24
225	check_err $?
226	ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
227	check_err $?
228	ip route add 10.23.8.0/24 \
229		nexthop via 10.23.7.13 dev "$devdummy" \
230		nexthop via 10.23.7.14 dev "$devdummy"
231	check_err $?
232	sysctl -wq net.ipv4.fib_multipath_hash_policy=0
233	ip route get 10.23.8.11 > /dev/null
234	check_err $?
235	sysctl -wq net.ipv4.fib_multipath_hash_policy=1
236	ip route get 10.23.8.11 > /dev/null
237	check_err $?
238	sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy"
239	ip route del 10.23.8.0/24
240	check_err $?
241	ip addr del dev "$devdummy" 10.23.7.11/24
242	check_err $?
243
244	if [ $ret -ne 0 ];then
245		echo "FAIL: route get"
246		return 1
247	fi
248
249	echo "PASS: route get"
250}
251
252kci_test_addrlabel()
253{
254	ret=0
255
256	ip addrlabel add prefix dead::/64 dev lo label 1
257	check_err $?
258
259	ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
260	check_err $?
261
262	ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
263	check_err $?
264
265	ip addrlabel add prefix dead::/64 label 1 2> /dev/null
266	check_err $?
267
268	ip addrlabel del prefix dead::/64 label 1 2> /dev/null
269	check_err $?
270
271	# concurrent add/delete
272	for i in $(seq 1 1000); do
273		ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
274	done &
275
276	for i in $(seq 1 1000); do
277		ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
278	done
279
280	wait
281
282	ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
283
284	if [ $ret -ne 0 ];then
285		echo "FAIL: ipv6 addrlabel"
286		return 1
287	fi
288
289	echo "PASS: ipv6 addrlabel"
290}
291
292kci_test_ifalias()
293{
294	ret=0
295	namewant=$(uuidgen)
296	syspathname="/sys/class/net/$devdummy/ifalias"
297
298	ip link set dev "$devdummy" alias "$namewant"
299	check_err $?
300
301	if [ $ret -ne 0 ]; then
302		echo "FAIL: cannot set interface alias of $devdummy to $namewant"
303		return 1
304	fi
305
306	ip link show "$devdummy" | grep -q "alias $namewant"
307	check_err $?
308
309	if [ -r "$syspathname" ] ; then
310		read namehave < "$syspathname"
311		if [ "$namewant" != "$namehave" ]; then
312			echo "FAIL: did set ifalias $namewant but got $namehave"
313			return 1
314		fi
315
316		namewant=$(uuidgen)
317		echo "$namewant" > "$syspathname"
318	        ip link show "$devdummy" | grep -q "alias $namewant"
319		check_err $?
320
321		# sysfs interface allows to delete alias again
322		echo "" > "$syspathname"
323
324	        ip link show "$devdummy" | grep -q "alias $namewant"
325		check_fail $?
326
327		for i in $(seq 1 100); do
328			uuidgen > "$syspathname" &
329		done
330
331		wait
332
333		# re-add the alias -- kernel should free mem when dummy dev is removed
334		ip link set dev "$devdummy" alias "$namewant"
335		check_err $?
336	fi
337
338	if [ $ret -ne 0 ]; then
339		echo "FAIL: set interface alias $devdummy to $namewant"
340		return 1
341	fi
342
343	echo "PASS: set ifalias $namewant for $devdummy"
344}
345
346kci_test_vrf()
347{
348	vrfname="test-vrf"
349	ret=0
350
351	ip link show type vrf 2>/dev/null
352	if [ $? -ne 0 ]; then
353		echo "SKIP: vrf: iproute2 too old"
354		return $ksft_skip
355	fi
356
357	ip link add "$vrfname" type vrf table 10
358	check_err $?
359	if [ $ret -ne 0 ];then
360		echo "FAIL: can't add vrf interface, skipping test"
361		return 0
362	fi
363
364	ip -br link show type vrf | grep -q "$vrfname"
365	check_err $?
366	if [ $ret -ne 0 ];then
367		echo "FAIL: created vrf device not found"
368		return 1
369	fi
370
371	ip link set dev "$vrfname" up
372	check_err $?
373
374	ip link set dev "$devdummy" master "$vrfname"
375	check_err $?
376	ip link del dev "$vrfname"
377	check_err $?
378
379	if [ $ret -ne 0 ];then
380		echo "FAIL: vrf"
381		return 1
382	fi
383
384	echo "PASS: vrf"
385}
386
387kci_test_encap_vxlan()
388{
389	ret=0
390	vxlan="test-vxlan0"
391	vlan="test-vlan0"
392	testns="$1"
393
394	ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
395		dev "$devdummy" dstport 4789 2>/dev/null
396	if [ $? -ne 0 ]; then
397		echo "FAIL: can't add vxlan interface, skipping test"
398		return 0
399	fi
400	check_err $?
401
402	ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan"
403	check_err $?
404
405	ip -netns "$testns" link set up dev "$vxlan"
406	check_err $?
407
408	ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1
409	check_err $?
410
411	# changelink testcases
412	ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null
413	check_fail $?
414
415	ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null
416	check_fail $?
417
418	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null
419	check_fail $?
420
421	ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64
422	check_err $?
423
424	ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning
425	check_err $?
426
427	ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null
428	check_fail $?
429
430	ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null
431	check_fail $?
432
433	ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null
434	check_fail $?
435
436	ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null
437	check_fail $?
438
439	ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null
440	check_fail $?
441
442	ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null
443	check_fail $?
444
445	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null
446	check_fail $?
447
448	ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null
449	check_fail $?
450
451	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null
452	check_fail $?
453
454	ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null
455	check_fail $?
456
457	ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null
458	check_fail $?
459
460	ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null
461	check_fail $?
462
463	ip -netns "$testns" link del "$vxlan"
464	check_err $?
465
466	if [ $ret -ne 0 ]; then
467		echo "FAIL: vxlan"
468		return 1
469	fi
470	echo "PASS: vxlan"
471}
472
473kci_test_encap_fou()
474{
475	ret=0
476	name="test-fou"
477	testns="$1"
478
479	ip fou help 2>&1 |grep -q 'Usage: ip fou'
480	if [ $? -ne 0 ];then
481		echo "SKIP: fou: iproute2 too old"
482		return $ksft_skip
483	fi
484
485	ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null
486	if [ $? -ne 0 ];then
487		echo "FAIL: can't add fou port 7777, skipping test"
488		return 1
489	fi
490
491	ip -netns "$testns" fou add port 8888 ipproto 4
492	check_err $?
493
494	ip -netns "$testns" fou del port 9999 2>/dev/null
495	check_fail $?
496
497	ip -netns "$testns" fou del port 7777
498	check_err $?
499
500	if [ $ret -ne 0 ]; then
501		echo "FAIL: fou"
502		return 1
503	fi
504
505	echo "PASS: fou"
506}
507
508# test various encap methods, use netns to avoid unwanted interference
509kci_test_encap()
510{
511	testns="testns"
512	ret=0
513
514	ip netns add "$testns"
515	if [ $? -ne 0 ]; then
516		echo "SKIP encap tests: cannot add net namespace $testns"
517		return $ksft_skip
518	fi
519
520	ip -netns "$testns" link set lo up
521	check_err $?
522
523	ip -netns "$testns" link add name "$devdummy" type dummy
524	check_err $?
525	ip -netns "$testns" link set "$devdummy" up
526	check_err $?
527
528	kci_test_encap_vxlan "$testns"
529	kci_test_encap_fou "$testns"
530
531	ip netns del "$testns"
532}
533
534kci_test_macsec()
535{
536	msname="test_macsec0"
537	ret=0
538
539	ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
540	if [ $? -ne 0 ]; then
541		echo "SKIP: macsec: iproute2 too old"
542		return $ksft_skip
543	fi
544
545	ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
546	check_err $?
547	if [ $ret -ne 0 ];then
548		echo "FAIL: can't add macsec interface, skipping test"
549		return 1
550	fi
551
552	ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
553	check_err $?
554
555	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
556	check_err $?
557
558	ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
559	check_err $?
560
561	ip macsec show > /dev/null
562	check_err $?
563
564	ip link del dev "$msname"
565	check_err $?
566
567	if [ $ret -ne 0 ];then
568		echo "FAIL: macsec"
569		return 1
570	fi
571
572	echo "PASS: macsec"
573}
574
575#-------------------------------------------------------------------
576# Example commands
577#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
578#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
579#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
580#            sel src 14.0.0.52/24 dst 14.0.0.70/24
581#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
582#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
583#            spi 0x07 mode transport reqid 0x07
584#
585# Subcommands not tested
586#    ip x s update
587#    ip x s allocspi
588#    ip x s deleteall
589#    ip x p update
590#    ip x p deleteall
591#    ip x p set
592#-------------------------------------------------------------------
593kci_test_ipsec()
594{
595	ret=0
596	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
597	srcip=192.168.123.1
598	dstip=192.168.123.2
599	spi=7
600
601	ip addr add $srcip dev $devdummy
602
603	# flush to be sure there's nothing configured
604	ip x s flush ; ip x p flush
605	check_err $?
606
607	# start the monitor in the background
608	tmpfile=`mktemp /var/run/ipsectestXXX`
609	mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
610	sleep 0.2
611
612	ipsecid="proto esp src $srcip dst $dstip spi 0x07"
613	ip x s add $ipsecid \
614            mode transport reqid 0x07 replay-window 32 \
615            $algo sel src $srcip/24 dst $dstip/24
616	check_err $?
617
618	lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
619	test $lines -eq 2
620	check_err $?
621
622	ip x s count | grep -q "SAD count 1"
623	check_err $?
624
625	lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
626	test $lines -eq 2
627	check_err $?
628
629	ip x s delete $ipsecid
630	check_err $?
631
632	lines=`ip x s list | wc -l`
633	test $lines -eq 0
634	check_err $?
635
636	ipsecsel="dir out src $srcip/24 dst $dstip/24"
637	ip x p add $ipsecsel \
638		    tmpl proto esp src $srcip dst $dstip \
639		    spi 0x07 mode transport reqid 0x07
640	check_err $?
641
642	lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
643	test $lines -eq 2
644	check_err $?
645
646	ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
647	check_err $?
648
649	lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
650	test $lines -eq 2
651	check_err $?
652
653	ip x p delete $ipsecsel
654	check_err $?
655
656	lines=`ip x p list | wc -l`
657	test $lines -eq 0
658	check_err $?
659
660	# check the monitor results
661	kill $mpid
662	lines=`wc -l $tmpfile | cut "-d " -f1`
663	test $lines -eq 20
664	check_err $?
665	rm -rf $tmpfile
666
667	# clean up any leftovers
668	ip x s flush
669	check_err $?
670	ip x p flush
671	check_err $?
672	ip addr del $srcip/32 dev $devdummy
673
674	if [ $ret -ne 0 ]; then
675		echo "FAIL: ipsec"
676		return 1
677	fi
678	echo "PASS: ipsec"
679}
680
681#-------------------------------------------------------------------
682# Example commands
683#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
684#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
685#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
686#            sel src 14.0.0.52/24 dst 14.0.0.70/24
687#            offload dev sim1 dir out
688#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
689#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
690#            spi 0x07 mode transport reqid 0x07
691#
692#-------------------------------------------------------------------
693kci_test_ipsec_offload()
694{
695	ret=0
696	algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
697	srcip=192.168.123.3
698	dstip=192.168.123.4
699	sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/
700	sysfsf=$sysfsd/ipsec
701	sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/
702
703	# setup netdevsim since dummydev doesn't have offload support
704	modprobe netdevsim
705	check_err $?
706	if [ $ret -ne 0 ]; then
707		echo "FAIL: ipsec_offload can't load netdevsim"
708		return 1
709	fi
710
711	echo "0" > /sys/bus/netdevsim/new_device
712	while [ ! -d $sysfsnet ] ; do :; done
713	udevadm settle
714	dev=`ls $sysfsnet`
715
716	ip addr add $srcip dev $dev
717	ip link set $dev up
718	if [ ! -d $sysfsd ] ; then
719		echo "FAIL: ipsec_offload can't create device $dev"
720		return 1
721	fi
722	if [ ! -f $sysfsf ] ; then
723		echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
724		return 1
725	fi
726
727	# flush to be sure there's nothing configured
728	ip x s flush ; ip x p flush
729
730	# create offloaded SAs, both in and out
731	ip x p add dir out src $srcip/24 dst $dstip/24 \
732	    tmpl proto esp src $srcip dst $dstip spi 9 \
733	    mode transport reqid 42
734	check_err $?
735	ip x p add dir out src $dstip/24 dst $srcip/24 \
736	    tmpl proto esp src $dstip dst $srcip spi 9 \
737	    mode transport reqid 42
738	check_err $?
739
740	ip x s add proto esp src $srcip dst $dstip spi 9 \
741	    mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
742	    offload dev $dev dir out
743	check_err $?
744	ip x s add proto esp src $dstip dst $srcip spi 9 \
745	    mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
746	    offload dev $dev dir in
747	check_err $?
748	if [ $ret -ne 0 ]; then
749		echo "FAIL: ipsec_offload can't create SA"
750		return 1
751	fi
752
753	# does offload show up in ip output
754	lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
755	if [ $lines -ne 2 ] ; then
756		echo "FAIL: ipsec_offload SA offload missing from list output"
757		check_err 1
758	fi
759
760	# use ping to exercise the Tx path
761	ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
762
763	# does driver have correct offload info
764	diff $sysfsf - << EOF
765SA count=2 tx=3
766sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
767sa[0]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
768sa[0]    key=0x34333231 38373635 32313039 36353433
769sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
770sa[1]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
771sa[1]    key=0x34333231 38373635 32313039 36353433
772EOF
773	if [ $? -ne 0 ] ; then
774		echo "FAIL: ipsec_offload incorrect driver data"
775		check_err 1
776	fi
777
778	# does offload get removed from driver
779	ip x s flush
780	ip x p flush
781	lines=`grep -c "SA count=0" $sysfsf`
782	if [ $lines -ne 1 ] ; then
783		echo "FAIL: ipsec_offload SA not removed from driver"
784		check_err 1
785	fi
786
787	# clean up any leftovers
788	rmmod netdevsim
789
790	if [ $ret -ne 0 ]; then
791		echo "FAIL: ipsec_offload"
792		return 1
793	fi
794	echo "PASS: ipsec_offload"
795}
796
797kci_test_gretap()
798{
799	testns="testns"
800	DEV_NS=gretap00
801	ret=0
802
803	ip netns add "$testns"
804	if [ $? -ne 0 ]; then
805		echo "SKIP gretap tests: cannot add net namespace $testns"
806		return $ksft_skip
807	fi
808
809	ip link help gretap 2>&1 | grep -q "^Usage:"
810	if [ $? -ne 0 ];then
811		echo "SKIP: gretap: iproute2 too old"
812		ip netns del "$testns"
813		return $ksft_skip
814	fi
815
816	# test native tunnel
817	ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \
818		key 102 local 172.16.1.100 remote 172.16.1.200
819	check_err $?
820
821	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
822	check_err $?
823
824	ip -netns "$testns" link set dev $DEV_NS up
825	check_err $?
826
827	ip -netns "$testns" link del "$DEV_NS"
828	check_err $?
829
830	# test external mode
831	ip -netns "$testns" link add dev "$DEV_NS" type gretap external
832	check_err $?
833
834	ip -netns "$testns" link del "$DEV_NS"
835	check_err $?
836
837	if [ $ret -ne 0 ]; then
838		echo "FAIL: gretap"
839		ip netns del "$testns"
840		return 1
841	fi
842	echo "PASS: gretap"
843
844	ip netns del "$testns"
845}
846
847kci_test_ip6gretap()
848{
849	testns="testns"
850	DEV_NS=ip6gretap00
851	ret=0
852
853	ip netns add "$testns"
854	if [ $? -ne 0 ]; then
855		echo "SKIP ip6gretap tests: cannot add net namespace $testns"
856		return $ksft_skip
857	fi
858
859	ip link help ip6gretap 2>&1 | grep -q "^Usage:"
860	if [ $? -ne 0 ];then
861		echo "SKIP: ip6gretap: iproute2 too old"
862		ip netns del "$testns"
863		return $ksft_skip
864	fi
865
866	# test native tunnel
867	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \
868		key 102 local fc00:100::1 remote fc00:100::2
869	check_err $?
870
871	ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96
872	check_err $?
873
874	ip -netns "$testns" link set dev $DEV_NS up
875	check_err $?
876
877	ip -netns "$testns" link del "$DEV_NS"
878	check_err $?
879
880	# test external mode
881	ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external
882	check_err $?
883
884	ip -netns "$testns" link del "$DEV_NS"
885	check_err $?
886
887	if [ $ret -ne 0 ]; then
888		echo "FAIL: ip6gretap"
889		ip netns del "$testns"
890		return 1
891	fi
892	echo "PASS: ip6gretap"
893
894	ip netns del "$testns"
895}
896
897kci_test_erspan()
898{
899	testns="testns"
900	DEV_NS=erspan00
901	ret=0
902
903	ip link help erspan 2>&1 | grep -q "^Usage:"
904	if [ $? -ne 0 ];then
905		echo "SKIP: erspan: iproute2 too old"
906		return $ksft_skip
907	fi
908
909	ip netns add "$testns"
910	if [ $? -ne 0 ]; then
911		echo "SKIP erspan tests: cannot add net namespace $testns"
912		return $ksft_skip
913	fi
914
915	# test native tunnel erspan v1
916	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
917		key 102 local 172.16.1.100 remote 172.16.1.200 \
918		erspan_ver 1 erspan 488
919	check_err $?
920
921	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
922	check_err $?
923
924	ip -netns "$testns" link set dev $DEV_NS up
925	check_err $?
926
927	ip -netns "$testns" link del "$DEV_NS"
928	check_err $?
929
930	# test native tunnel erspan v2
931	ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
932		key 102 local 172.16.1.100 remote 172.16.1.200 \
933		erspan_ver 2 erspan_dir ingress erspan_hwid 7
934	check_err $?
935
936	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
937	check_err $?
938
939	ip -netns "$testns" link set dev $DEV_NS up
940	check_err $?
941
942	ip -netns "$testns" link del "$DEV_NS"
943	check_err $?
944
945	# test external mode
946	ip -netns "$testns" link add dev "$DEV_NS" type erspan external
947	check_err $?
948
949	ip -netns "$testns" link del "$DEV_NS"
950	check_err $?
951
952	if [ $ret -ne 0 ]; then
953		echo "FAIL: erspan"
954		ip netns del "$testns"
955		return 1
956	fi
957	echo "PASS: erspan"
958
959	ip netns del "$testns"
960}
961
962kci_test_ip6erspan()
963{
964	testns="testns"
965	DEV_NS=ip6erspan00
966	ret=0
967
968	ip link help ip6erspan 2>&1 | grep -q "^Usage:"
969	if [ $? -ne 0 ];then
970		echo "SKIP: ip6erspan: iproute2 too old"
971		return $ksft_skip
972	fi
973
974	ip netns add "$testns"
975	if [ $? -ne 0 ]; then
976		echo "SKIP ip6erspan tests: cannot add net namespace $testns"
977		return $ksft_skip
978	fi
979
980	# test native tunnel ip6erspan v1
981	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
982		key 102 local fc00:100::1 remote fc00:100::2 \
983		erspan_ver 1 erspan 488
984	check_err $?
985
986	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
987	check_err $?
988
989	ip -netns "$testns" link set dev $DEV_NS up
990	check_err $?
991
992	ip -netns "$testns" link del "$DEV_NS"
993	check_err $?
994
995	# test native tunnel ip6erspan v2
996	ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
997		key 102 local fc00:100::1 remote fc00:100::2 \
998		erspan_ver 2 erspan_dir ingress erspan_hwid 7
999	check_err $?
1000
1001	ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1002	check_err $?
1003
1004	ip -netns "$testns" link set dev $DEV_NS up
1005	check_err $?
1006
1007	ip -netns "$testns" link del "$DEV_NS"
1008	check_err $?
1009
1010	# test external mode
1011	ip -netns "$testns" link add dev "$DEV_NS" \
1012		type ip6erspan external
1013	check_err $?
1014
1015	ip -netns "$testns" link del "$DEV_NS"
1016	check_err $?
1017
1018	if [ $ret -ne 0 ]; then
1019		echo "FAIL: ip6erspan"
1020		ip netns del "$testns"
1021		return 1
1022	fi
1023	echo "PASS: ip6erspan"
1024
1025	ip netns del "$testns"
1026}
1027
1028kci_test_fdb_get()
1029{
1030	IP="ip -netns testns"
1031	BRIDGE="bridge -netns testns"
1032	brdev="test-br0"
1033	vxlandev="vxlan10"
1034	test_mac=de:ad:be:ef:13:37
1035	localip="10.0.2.2"
1036	dstip="10.0.2.3"
1037	ret=0
1038
1039	bridge fdb help 2>&1 |grep -q 'bridge fdb get'
1040	if [ $? -ne 0 ];then
1041		echo "SKIP: fdb get tests: iproute2 too old"
1042		return $ksft_skip
1043	fi
1044
1045	ip netns add testns
1046	if [ $? -ne 0 ]; then
1047		echo "SKIP fdb get tests: cannot add net namespace $testns"
1048		return $ksft_skip
1049	fi
1050
1051	$IP link add "$vxlandev" type vxlan id 10 local $localip \
1052                dstport 4789 2>/dev/null
1053	check_err $?
1054	$IP link add name "$brdev" type bridge &>/dev/null
1055	check_err $?
1056	$IP link set dev "$vxlandev" master "$brdev" &>/dev/null
1057	check_err $?
1058	$BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null
1059	check_err $?
1060	$BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null
1061	check_err $?
1062
1063	$BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1064	check_err $?
1065	$BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1066	check_err $?
1067	$BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip"
1068	check_err $?
1069
1070	ip netns del testns &>/dev/null
1071
1072	if [ $ret -ne 0 ]; then
1073		echo "FAIL: bridge fdb get"
1074		return 1
1075	fi
1076
1077	echo "PASS: bridge fdb get"
1078}
1079
1080kci_test_neigh_get()
1081{
1082	dstmac=de:ad:be:ef:13:37
1083	dstip=10.0.2.4
1084	dstip6=dead::2
1085	ret=0
1086
1087	ip neigh help 2>&1 |grep -q 'ip neigh get'
1088	if [ $? -ne 0 ];then
1089		echo "SKIP: fdb get tests: iproute2 too old"
1090		return $ksft_skip
1091	fi
1092
1093	# ipv4
1094	ip neigh add $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1095	check_err $?
1096	ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1097	check_err $?
1098	ip neigh del $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
1099	check_err $?
1100
1101	# ipv4 proxy
1102	ip neigh add proxy $dstip dev "$devdummy" > /dev/null
1103	check_err $?
1104	ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip"
1105	check_err $?
1106	ip neigh del proxy $dstip dev "$devdummy" > /dev/null
1107	check_err $?
1108
1109	# ipv6
1110	ip neigh add $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1111	check_err $?
1112	ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1113	check_err $?
1114	ip neigh del $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
1115	check_err $?
1116
1117	# ipv6 proxy
1118	ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null
1119	check_err $?
1120	ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6"
1121	check_err $?
1122	ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null
1123	check_err $?
1124
1125	if [ $ret -ne 0 ];then
1126		echo "FAIL: neigh get"
1127		return 1
1128	fi
1129
1130	echo "PASS: neigh get"
1131}
1132
1133kci_test_rtnl()
1134{
1135	kci_add_dummy
1136	if [ $ret -ne 0 ];then
1137		echo "FAIL: cannot add dummy interface"
1138		return 1
1139	fi
1140
1141	kci_test_polrouting
1142	kci_test_route_get
1143	kci_test_tc
1144	kci_test_gre
1145	kci_test_gretap
1146	kci_test_ip6gretap
1147	kci_test_erspan
1148	kci_test_ip6erspan
1149	kci_test_bridge
1150	kci_test_addrlabel
1151	kci_test_ifalias
1152	kci_test_vrf
1153	kci_test_encap
1154	kci_test_macsec
1155	kci_test_ipsec
1156	kci_test_ipsec_offload
1157	kci_test_fdb_get
1158	kci_test_neigh_get
1159
1160	kci_del_dummy
1161}
1162
1163#check for needed privileges
1164if [ "$(id -u)" -ne 0 ];then
1165	echo "SKIP: Need root privileges"
1166	exit $ksft_skip
1167fi
1168
1169for x in ip tc;do
1170	$x -Version 2>/dev/null >/dev/null
1171	if [ $? -ne 0 ];then
1172		echo "SKIP: Could not run test without the $x tool"
1173		exit $ksft_skip
1174	fi
1175done
1176
1177kci_test_rtnl
1178
1179exit $ret
1180