Lines Matching +full:1 +full:- +full:6
2 # SPDX-License-Identifier: GPL-2.0
8 # 1. icmp, tcp, udp and netfilter
9 # 2. client, server, no-server
13 # 6. VRF and non-VRF permutations
16 # ns-A | ns-B
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
23 # ns-A:
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
30 # ns-B:
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
38 # server / client nomenclature relative to ns-A
57 NSA_IP6=2001:db8:1::1
58 NSB_IP6=2001:db8:1::2
59 VRF_IP6=2001:db8:3::1
60 NS_NET6=2001:db8:1::/120
64 NSA_LO_IP6=2001:db8:2::1
67 # non-local addresses for freebind tests
69 NL_IP6=2001:db8:4::1
78 MCAST=ff02::1
83 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
86 if [ -f /proc/sys/crypto/fips_enabled ]; then
97 local rc=$1
101 [ "${VERBOSE}" = "1" ] && echo
103 if [ ${rc} -eq ${expected} ]; then
104 nsuccess=$((nsuccess+1))
105 printf "TEST: %-70s [ OK ]\n" "${msg}"
107 nfail=$((nfail+1))
108 printf "TEST: %-70s [FAIL]\n" "${msg}"
113 [ "$a" = "q" ] && exit 1
121 [ "$a" = "q" ] && exit 1
129 local addr=$1
136 log_test $rc $expected "$msg - ${astr}"
161 if [ "${VERBOSE}" = "1" ]; then
169 if [ "${VERBOSE}" = "1" ]; then
178 if [ "${VERBOSE}" = "1" ]; then
186 killall nettest ping ping6 >/dev/null 2>&1
187 sleep 1
195 if [ "$VERBOSE" = "1" ]; then
199 out=$($cmd 2>&1)
201 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
230 if [ $rc -ne 0 ]; then
252 if [ $rc -ne 0 ]; then
274 if [ $rc -ne 0 ]; then
289 # set sysctl values in NS-A
294 run_cmd sysctl -q -w $*
297 # get sysctl values in NS-A
300 ${NSA_CMD} sysctl -n $*
308 case "$1" in
310 ::1) echo "IPv6 loopback";;
315 ${NSA_IP}) echo "ns-A IP";;
316 ${NSA_IP6}) echo "ns-A IPv6";;
317 ${NSA_LO_IP}) echo "ns-A loopback IP";;
318 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
319 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
321 ${NSB_IP}) echo "ns-B IP";;
322 ${NSB_IP6}) echo "ns-B IPv6";;
323 ${NSB_LO_IP}) echo "ns-B loopback IP";;
324 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
325 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
341 local ns=$1
345 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
355 [ -z "$addr" ] && return 1
367 local ns=$1
373 ip -netns ${ns} link add ${vrf} type vrf table ${table}
374 ip -netns ${ns} link set ${vrf} up
375 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
376 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
378 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
379 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
380 if [ "${addr}" != "-" ]; then
381 ip -netns ${ns} addr add dev ${vrf} ${addr}
383 if [ "${addr6}" != "-" ]; then
384 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
387 ip -netns ${ns} ru del pref 0
388 ip -netns ${ns} ru add pref 32765 from all lookup local
389 ip -netns ${ns} -6 ru del pref 0
390 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
395 local ns=$1
399 if [ "${addr}" != "-" ]; then
400 ip -netns ${ns} addr add dev lo ${addr}
402 if [ "${addr6}" != "-" ]; then
403 ip -netns ${ns} -6 addr add dev lo ${addr6}
406 ip -netns ${ns} ro add unreachable default metric 8192
407 ip -netns ${ns} -6 ro add unreachable default metric 8192
409 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
410 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
411 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
412 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
418 local ns1=$1
423 local ns2_dev=$6
427 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
428 ip -netns ${ns1} li set ${ns1_dev} up
429 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
430 ip -netns ${ns2} li set ${ns2_dev} up
432 if [ "${ns1_addr}" != "-" ]; then
433 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
434 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
437 if [ "${ns1_addr6}" != "-" ]; then
438 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
439 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
446 ip netns | grep -q ${NSA}
447 if [ $? -eq 0 ]; then
448 ip -netns ${NSA} link delete ${VRF}
449 ip -netns ${NSA} ro flush table ${VRF_TABLE}
451 ip -netns ${NSA} addr flush dev ${NSA_DEV}
452 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
453 ip -netns ${NSA} link set dev ${NSA_DEV} down
454 ip -netns ${NSA} link del dev ${NSA_DEV}
467 ip link del ${NSA_DEV2} >/dev/null 2>&1
469 ip netns del ${NSC} >/dev/null 2>&1
474 # some VRF tests use ns-C which has the same config as
475 # ns-B but for a device NOT in the VRF
478 create_ns ${NSC} "-" "-"
485 local with_vrf=${1}
492 set -e
506 # tell ns-A how to get to remote addresses of ns-B
510 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
511 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
512 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
514 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
515 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
517 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
518 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
522 # tell ns-B how to get to remote addresses of ns-A
523 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
524 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
528 sleep 1
538 set -e
544 create_ns ${NSA} "-" "-"
545 create_ns ${NSB} "-" "-"
546 create_ns ${NSC} "-" "-"
547 connect_ns ${NSA} ${NSA_DEV} "-" "-" \
548 ${NSB} ${NSB_DEV} "-" "-"
549 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
550 ${NSC} ${NSC_DEV} "-" "-"
556 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
557 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
558 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
562 sleep 1
578 run_cmd ping -c1 -w1 ${a}
582 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
586 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
595 run_cmd ping -c 1 -w 1 -r ${a}
601 run_cmd ping -c 1 -w 1 -r ${a}
602 log_test_addr ${a} $? 1 "ping out (don't route), peer not on link"
610 run_cmd_nsb ping -c1 -w1 ${a}
620 run_cmd ping -c1 -w1 ${a}
630 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
640 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
641 log_test_addr ${a} $? 1 "ping local, device bind"
654 run_cmd ping -c1 -w1 ${a}
660 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
665 run_cmd_nsb ping -c1 -w1 ${a}
666 log_test_addr ${a} $? 1 "ping in, blocked by rule"
668 [ "$VERBOSE" = "1" ] && echo
682 run_cmd ping -c1 -w1 ${a}
688 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
693 run_cmd_nsb ping -c1 -w1 ${a}
694 log_test_addr ${a} $? 1 "ping in, blocked by route"
703 run_cmd ping -c1 -w1 ${a}
709 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
717 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
725 run_cmd ping -c1 -w1 -I ${VRF} ${a}
729 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
733 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
737 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
747 run_cmd_nsb ping -c1 -w1 ${a}
758 run_cmd ping -c1 -w1 -I ${VRF} ${a}
768 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
776 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
788 run_cmd ping -c1 -w1 -I ${VRF} ${a}
792 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
798 run_cmd_nsb ping -c1 -w1 ${a}
799 log_test_addr ${a} $? 1 "ping in, blocked by rule"
801 [ "$VERBOSE" = "1" ] && echo
812 run_cmd ping -c1 -w1 -I ${VRF} ${a}
816 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
822 run_cmd_nsb ping -c1 -w1 ${a}
823 log_test_addr ${a} $? 1 "ping in, unreachable route"
835 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
863 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
864 sleep 1
865 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
871 run_cmd nettest -s &
872 sleep 1
873 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
879 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
880 sleep 1
881 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
887 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
888 sleep 1
889 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
893 # MD5 extension - prefix length
898 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
899 sleep 1
900 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
906 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
907 sleep 1
908 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
914 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
915 sleep 1
916 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
931 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
932 sleep 1
933 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
939 run_cmd nettest -s -I ${VRF} &
940 sleep 1
941 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
947 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
948 sleep 1
949 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
955 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
956 sleep 1
957 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
961 # MD5 extension - prefix length
966 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
967 sleep 1
968 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
974 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
975 sleep 1
976 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
982 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
983 sleep 1
984 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
992 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
993 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
994 sleep 1
995 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
999 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1000 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1001 sleep 1
1002 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1007 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1008 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1009 sleep 1
1010 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1015 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1016 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1017 sleep 1
1018 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1022 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1023 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1024 sleep 1
1025 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1029 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1030 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1031 sleep 1
1032 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1037 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1038 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1039 sleep 1
1040 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1045 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1046 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1047 sleep 1
1048 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1055 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
1056 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1059 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
1060 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1070 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1071 sleep 1
1072 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1073 log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
1077 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1078 sleep 1
1079 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1080 log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
1085 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1088 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1091 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1092 sleep 1
1093 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1097 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1098 sleep 1
1099 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1100 log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
1103 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1104 sleep 1
1105 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1109 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1110 sleep 1
1111 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1112 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
1120 local syncookies=$1
1131 nsa_syncookies=$(ip netns exec "${NSA}" sysctl -n net.ipv4.tcp_syncookies)
1132 nsb_syncookies=$(ip netns exec "${NSB}" sysctl -n net.ipv4.tcp_syncookies)
1133 ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
1134 ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
1140 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1145 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute
1151 # Therefore, we need to use the -c option here, to force the use of the
1158 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute
1159 log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}"
1164 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute
1167 ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${nsb_syncookies}
1168 ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${nsa_syncookies}
1181 run_cmd nettest -s &
1182 sleep 1
1183 run_cmd_nsb nettest -r ${a}
1189 run_cmd nettest -s -I ${NSA_DEV} &
1190 sleep 1
1191 run_cmd_nsb nettest -r ${a}
1199 run_cmd_nsb nettest -r ${a}
1200 log_test_addr ${a} $? 1 "No server"
1209 run_cmd_nsb nettest -s &
1210 sleep 1
1211 run_cmd nettest -r ${a} -0 ${NSA_IP}
1215 run_cmd_nsb nettest -s &
1216 sleep 1
1217 run_cmd nettest -r ${a} -d ${NSA_DEV}
1222 run_cmd nettest -r ${a}
1223 log_test_addr ${a} $? 1 "No server, unbound client"
1227 run_cmd nettest -r ${a} -d ${NSA_DEV}
1228 log_test_addr ${a} $? 1 "No server, device client"
1237 run_cmd nettest -s &
1238 sleep 1
1239 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1245 run_cmd nettest -s -I ${NSA_DEV} &
1246 sleep 1
1247 run_cmd nettest -r ${a} -0 ${a}
1254 run_cmd nettest -s -I ${NSA_DEV} &
1255 sleep 1
1256 run_cmd nettest -r ${a}
1257 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1262 run_cmd nettest -s &
1263 sleep 1
1264 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1271 run_cmd nettest -s &
1272 sleep 1
1273 run_cmd nettest -r ${a} -d ${NSA_DEV}
1274 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1279 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1280 sleep 1
1281 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1286 run_cmd nettest -d ${NSA_DEV} -r ${a}
1287 log_test_addr ${a} $? 1 "No server, device client, local conn"
1289 [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf
1311 run_cmd nettest -s &
1312 sleep 1
1313 run_cmd_nsb nettest -r ${a}
1314 log_test_addr ${a} $? 1 "Global server"
1317 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1318 sleep 1
1319 run_cmd_nsb nettest -r ${a}
1323 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1324 sleep 1
1325 run_cmd_nsb nettest -r ${a}
1331 run_cmd_nsb nettest -r ${a}
1332 log_test_addr ${a} $? 1 "No server"
1340 run_cmd nettest -s &
1341 sleep 1
1342 run_cmd nettest -r ${a} -d ${NSA_DEV}
1343 log_test_addr ${a} $? 1 "Global server, local connection"
1356 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1362 run_cmd nettest -s -3 ${VRF} &
1363 sleep 1
1364 run_cmd_nsb nettest -r ${a}
1369 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1370 sleep 1
1371 run_cmd_nsb nettest -r ${a}
1377 run_cmd_nsb nettest -r ${a}
1378 log_test_addr ${a} $? 1 "No server"
1384 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1385 sleep 1
1386 run_cmd_nsb nettest -r ${a}
1394 run_cmd nettest -s -I ${VRF} &
1395 sleep 1
1396 run_cmd nettest -r ${a}
1397 log_test_addr ${a} $? 1 "Global server, local connection"
1406 run_cmd_nsb nettest -s &
1407 sleep 1
1408 run_cmd nettest -r ${a} -d ${VRF}
1412 run_cmd_nsb nettest -s &
1413 sleep 1
1414 run_cmd nettest -r ${a} -d ${NSA_DEV}
1419 run_cmd nettest -r ${a} -d ${VRF}
1420 log_test_addr ${a} $? 1 "No server, VRF client"
1424 run_cmd nettest -r ${a} -d ${NSA_DEV}
1425 log_test_addr ${a} $? 1 "No server, device client"
1431 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1432 sleep 1
1433 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1439 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1440 sleep 1
1441 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1446 run_cmd nettest -s -I ${VRF} &
1447 sleep 1
1448 run_cmd nettest -r ${a}
1449 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1452 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1453 sleep 1
1454 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1458 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1459 sleep 1
1460 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1476 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1497 run_cmd nettest -D -s -3 ${NSA_DEV} &
1498 sleep 1
1499 run_cmd_nsb nettest -D -r ${a}
1504 run_cmd_nsb nettest -D -r ${a}
1505 log_test_addr ${a} $? 1 "No server"
1510 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1511 sleep 1
1512 run_cmd_nsb nettest -D -r ${a}
1521 run_cmd_nsb nettest -D -s &
1522 sleep 1
1523 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1527 run_cmd_nsb nettest -D -s &
1528 sleep 1
1529 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1533 run_cmd_nsb nettest -D -s &
1534 sleep 1
1535 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1539 run_cmd_nsb nettest -D -s &
1540 sleep 1
1541 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1545 run_cmd_nsb nettest -D -s &
1546 sleep 1
1547 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
1553 run_cmd nettest -D -r ${a}
1554 log_test_addr ${a} $? 1 "No server, unbound client"
1558 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1559 log_test_addr ${a} $? 1 "No server, device client"
1568 run_cmd nettest -D -s &
1569 sleep 1
1570 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1576 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1577 sleep 1
1578 run_cmd nettest -D -r ${a}
1585 run_cmd nettest -s -D -I ${NSA_DEV} &
1586 sleep 1
1587 run_cmd nettest -D -r ${a}
1588 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1593 run_cmd nettest -s -D &
1594 sleep 1
1595 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1599 run_cmd nettest -s -D &
1600 sleep 1
1601 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1605 run_cmd nettest -s -D &
1606 sleep 1
1607 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1611 run_cmd nettest -s -D &
1612 sleep 1
1613 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
1617 # IPv4 with device bind has really weird behavior - it overrides the
1624 run_cmd nettest -D -s &
1625 sleep 1
1626 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1631 run_cmd nettest -D -s &
1632 sleep 1
1633 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1634 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1638 run_cmd nettest -D -s &
1639 sleep 1
1640 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1641 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1645 run_cmd nettest -D -s &
1646 sleep 1
1647 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
1648 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1655 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1656 sleep 1
1657 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1661 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1672 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1678 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1679 log_test_addr ${a} $? 1 "SO_DONTROUTE client"
1697 run_cmd nettest -D -s &
1698 sleep 1
1699 run_cmd_nsb nettest -D -r ${a}
1700 log_test_addr ${a} $? 1 "Global server"
1703 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1704 sleep 1
1705 run_cmd_nsb nettest -D -r ${a}
1709 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1710 sleep 1
1711 run_cmd_nsb nettest -D -r ${a}
1716 run_cmd_nsb nettest -D -r ${a}
1717 log_test_addr ${a} $? 1 "No server"
1721 run_cmd nettest -D -s &
1722 sleep 1
1723 run_cmd nettest -D -d ${VRF} -r ${a}
1724 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1729 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1730 sleep 1
1731 run_cmd nettest -D -d ${VRF} -r ${a}
1735 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1736 sleep 1
1737 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1742 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1743 sleep 1
1744 run_cmd nettest -D -d ${VRF} -r ${a}
1748 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1749 sleep 1
1750 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1755 set_sysctl net.ipv4.udp_l3mdev_accept=1
1763 run_cmd nettest -D -s -3 ${NSA_DEV} &
1764 sleep 1
1765 run_cmd_nsb nettest -D -r ${a}
1769 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1770 sleep 1
1771 run_cmd_nsb nettest -D -r ${a}
1775 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1776 sleep 1
1777 run_cmd_nsb nettest -D -r ${a}
1782 run_cmd_nsb nettest -D -r ${a}
1783 log_test_addr ${a} $? 1 "No server"
1790 run_cmd_nsb nettest -D -s &
1791 sleep 1
1792 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1796 run_cmd_nsb nettest -D -s &
1797 sleep 1
1798 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1801 # negative test - should fail
1804 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1805 log_test $? 1 "No server, VRF client"
1809 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1810 log_test $? 1 "No server, enslaved device client"
1817 run_cmd nettest -D -s -3 ${NSA_DEV} &
1818 sleep 1
1819 run_cmd nettest -D -d ${VRF} -r ${a}
1823 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1824 sleep 1
1825 run_cmd nettest -D -d ${VRF} -r ${a}
1829 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1830 sleep 1
1831 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1835 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1836 sleep 1
1837 run_cmd nettest -D -d ${VRF} -r ${a}
1841 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1842 sleep 1
1843 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1849 run_cmd nettest -D -s -3 ${VRF} &
1850 sleep 1
1851 run_cmd nettest -D -d ${VRF} -r ${a}
1858 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
1859 sleep 1
1860 run_cmd nettest -D -d ${VRF} -r ${a}
1864 # negative test - should fail
1870 run_cmd nettest -D -d ${VRF} -r ${a}
1871 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1888 set_sysctl net.ipv4.udp_l3mdev_accept=1
1909 run_cmd nettest -s -R -P icmp -l ${a} -b
1913 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1922 run_cmd nettest -s -R -f -l ${a} -b
1926 run_cmd nettest -s -f -l ${a} -b
1930 run_cmd nettest -s -D -P icmp -f -l ${a} -b
1938 run_cmd nettest -s -D -P icmp -l ${a} -b
1939 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
1943 run_cmd nettest -s -D -P icmp -l ${a} -b
1944 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
1951 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1955 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1965 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1966 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1978 run_cmd nettest -s -R -P icmp -l ${a} -b
1979 log_test_addr ${a} $? 1 "Raw socket bind to local address"
1982 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1985 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1992 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1993 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
2000 run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
2004 run_cmd nettest -s -f -l ${a} -I ${VRF} -b
2008 run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
2016 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2017 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
2021 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2022 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
2030 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2034 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2041 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2042 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
2046 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2047 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
2070 local desc="$1"
2081 run_cmd nettest ${varg} -s &
2082 sleep 1
2083 run_cmd_nsb nettest ${varg} -r ${a} &
2086 sleep 1
2095 run_cmd nettest ${varg} -s -I ${VRF} &
2096 sleep 1
2097 run_cmd_nsb nettest ${varg} -r ${a} &
2100 sleep 1
2108 run_cmd nettest ${varg} -s -I ${NSA_DEV} &
2109 sleep 1
2110 run_cmd_nsb nettest ${varg} -r ${a} &
2113 sleep 1
2122 run_cmd_nsb nettest ${varg} -s &
2123 sleep 1
2124 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
2127 sleep 1
2133 run_cmd_nsb nettest ${varg} -s &
2134 sleep 1
2135 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
2138 sleep 1
2149 run_cmd nettest ${varg} -s &
2150 sleep 1
2151 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2154 sleep 1
2163 run_cmd nettest ${varg} -I ${VRF} -s &
2164 sleep 1
2165 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2168 sleep 1
2177 run_cmd nettest ${varg} -s &
2178 sleep 1
2179 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2182 sleep 1
2188 run_cmd nettest ${varg} -I ${VRF} -s &
2189 sleep 1
2190 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2193 sleep 1
2199 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
2200 sleep 1
2201 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2204 sleep 1
2216 run_cmd_nsb ping -f ${a} &
2219 sleep 1
2220 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2227 run_cmd ping -f -I ${VRF} ${a} &
2230 sleep 1
2231 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2236 log_section "Run time tests - ipv4"
2242 ipv4_rt "TCP active socket" "-n -1"
2245 ipv4_rt "TCP passive socket" "-i"
2264 run_cmd ${ping6} -c1 -w1 ${a}
2271 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2275 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2285 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2292 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2295 run_cmd ${ping6} -c1 -w1 ${a}
2302 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2306 for a in ${NSA_LO_IP6} ::1
2310 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2318 setup_cmd ip -6 rule add pref 32765 from all lookup local
2319 setup_cmd ip -6 rule del pref 0 from all lookup local
2320 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2321 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2324 run_cmd ${ping6} -c1 -w1 ${a}
2328 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2334 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2335 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2337 setup_cmd ip -6 rule add pref 0 from all lookup local
2338 setup_cmd ip -6 rule del pref 32765 from all lookup local
2339 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2340 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2346 setup_cmd ip -6 route del ${NSB_LO_IP6}
2347 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2348 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2351 run_cmd ${ping6} -c1 -w1 ${a}
2355 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2361 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2362 log_test_addr ${a} $? 1 "ping in, blocked by route"
2369 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2370 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2373 run_cmd ${ping6} -c1 -w1 ${a}
2377 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2386 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2394 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2402 run_cmd ${ping6} -c1 -w1 ${a}
2403 log_test_addr ${a} $? 1 "ping out, VRF bind"
2409 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2416 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2426 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2433 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2434 log_test_addr ${a} $? 1 "ping in"
2439 for a in ${NSA_IP6} ${VRF_IP6} ::1
2443 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2450 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2454 # LLA to GUA - remove ipv6 global addresses from ns-B
2455 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2456 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2457 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2462 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2466 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2467 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2468 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2474 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2475 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2478 run_cmd ${ping6} -c1 -w1 ${a}
2482 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2488 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2489 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2492 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2493 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2499 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2502 run_cmd ${ping6} -c1 -w1 ${a}
2506 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2509 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2512 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2549 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2550 sleep 1
2551 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2557 run_cmd nettest -6 -s &
2558 sleep 1
2559 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2565 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2566 sleep 1
2567 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2573 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
2574 sleep 1
2575 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2579 # MD5 extension - prefix length
2584 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2585 sleep 1
2586 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2592 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2593 sleep 1
2594 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2600 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2601 sleep 1
2602 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2617 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2618 sleep 1
2619 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2625 run_cmd nettest -6 -s -I ${VRF} &
2626 sleep 1
2627 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2633 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2634 sleep 1
2635 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2641 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
2642 sleep 1
2643 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2647 # MD5 extension - prefix length
2652 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2653 sleep 1
2654 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2660 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2661 sleep 1
2662 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2668 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2669 sleep 1
2670 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2678 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2679 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2680 sleep 1
2681 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2685 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2686 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2687 sleep 1
2688 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2693 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2694 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2695 sleep 1
2696 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2701 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2702 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2703 sleep 1
2704 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2708 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2709 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2710 sleep 1
2711 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2715 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2716 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2717 sleep 1
2718 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2723 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2724 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2725 sleep 1
2726 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2731 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2732 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2733 sleep 1
2734 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2741 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
2742 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2745 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
2746 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2760 run_cmd nettest -6 -s &
2761 sleep 1
2762 run_cmd_nsb nettest -6 -r ${a}
2771 run_cmd_nsb nettest -6 -r ${a}
2772 log_test_addr ${a} $? 1 "No server"
2781 run_cmd_nsb nettest -6 -s &
2782 sleep 1
2783 run_cmd nettest -6 -r ${a}
2790 run_cmd_nsb nettest -6 -s &
2791 sleep 1
2792 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2800 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2801 log_test_addr ${a} $? 1 "No server, device client"
2807 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2810 run_cmd nettest -6 -s &
2811 sleep 1
2812 run_cmd nettest -6 -r ${a}
2818 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2819 sleep 1
2820 run_cmd nettest -6 -r ${a} -0 ${a}
2823 for a in ${NSA_LO_IP6} ::1
2827 run_cmd nettest -6 -s -I ${NSA_DEV} &
2828 sleep 1
2829 run_cmd nettest -6 -r ${a}
2830 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2835 run_cmd nettest -6 -s &
2836 sleep 1
2837 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2840 for a in ${NSA_LO_IP6} ::1
2844 run_cmd nettest -6 -s &
2845 sleep 1
2846 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2847 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2853 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2854 sleep 1
2855 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2863 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2864 log_test_addr ${a} $? 1 "No server, device client, local conn"
2867 [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf
2886 run_cmd nettest -6 -s &
2887 sleep 1
2888 run_cmd_nsb nettest -6 -r ${a}
2889 log_test_addr ${a} $? 1 "Global server"
2895 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2896 sleep 1
2897 run_cmd_nsb nettest -6 -r ${a}
2904 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2905 sleep 1
2906 run_cmd_nsb nettest -6 -r ${a}
2912 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2913 sleep 1
2914 run_cmd_nsb nettest -6 -r ${a}
2923 run_cmd_nsb nettest -6 -r ${a}
2924 log_test_addr ${a} $? 1 "No server"
2931 run_cmd nettest -6 -s &
2932 sleep 1
2933 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2934 log_test_addr ${a} $? 1 "Global server, local connection"
2947 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2952 run_cmd nettest -6 -s -3 ${VRF} &
2953 sleep 1
2954 run_cmd_nsb nettest -6 -r ${a}
2961 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2962 sleep 1
2963 run_cmd_nsb nettest -6 -r ${a}
2970 run_cmd nettest -6 -s -3 ${NSA_DEV} &
2971 sleep 1
2972 run_cmd_nsb nettest -6 -r ${a}
2976 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2977 sleep 1
2978 run_cmd_nsb nettest -6 -r ${a}
2984 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2985 sleep 1
2986 run_cmd_nsb nettest -6 -r ${a}
2995 run_cmd_nsb nettest -6 -r ${a}
2996 log_test_addr ${a} $? 1 "No server"
3004 run_cmd nettest -6 -s -I ${VRF} &
3005 sleep 1
3006 run_cmd nettest -6 -r ${a}
3007 log_test_addr ${a} $? 1 "Global server, local connection"
3017 run_cmd_nsb nettest -6 -s &
3018 sleep 1
3019 run_cmd nettest -6 -r ${a} -d ${VRF}
3026 run_cmd_nsb nettest -6 -s &
3027 sleep 1
3028 run_cmd nettest -6 -r ${a} -d ${VRF}
3029 log_test_addr ${a} $? 1 "Client, VRF bind"
3034 run_cmd_nsb nettest -6 -s &
3035 sleep 1
3036 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3044 run_cmd nettest -6 -r ${a} -d ${VRF}
3045 log_test_addr ${a} $? 1 "No server, VRF client"
3052 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3053 log_test_addr ${a} $? 1 "No server, device client"
3056 for a in ${NSA_IP6} ${VRF_IP6} ::1
3059 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
3060 sleep 1
3061 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3067 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
3068 sleep 1
3069 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3075 run_cmd nettest -6 -s -I ${VRF} &
3076 sleep 1
3077 run_cmd nettest -6 -r ${a}
3078 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
3081 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3082 sleep 1
3083 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3089 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3090 sleep 1
3091 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3108 set_sysctl net.ipv4.tcp_l3mdev_accept=1
3129 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3130 sleep 1
3131 run_cmd_nsb nettest -6 -D -r ${a}
3135 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3136 sleep 1
3137 run_cmd_nsb nettest -6 -D -r ${a}
3143 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3144 sleep 1
3145 run_cmd_nsb nettest -6 -D -r ${a}
3149 # bound server, but it does not - hence this is more documenting
3153 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3154 #sleep 1
3155 #run_cmd_nsb nettest -6 -D -r ${a}
3156 #log_test_addr ${a} $? 1 "Device server"
3158 # negative test - should fail
3163 run_cmd_nsb nettest -6 -D -r ${a}
3164 log_test_addr ${a} $? 1 "No server"
3173 run_cmd_nsb nettest -6 -D -s &
3174 sleep 1
3175 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
3179 run_cmd_nsb nettest -6 -D -s &
3180 sleep 1
3181 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
3185 run_cmd_nsb nettest -6 -D -s &
3186 sleep 1
3187 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
3191 run_cmd_nsb nettest -6 -D -s &
3192 sleep 1
3193 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
3198 run_cmd nettest -6 -D -r ${a}
3199 log_test_addr ${a} $? 1 "No server, unbound client"
3203 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3204 log_test_addr ${a} $? 1 "No server, device client"
3210 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
3213 run_cmd nettest -6 -D -s &
3214 sleep 1
3215 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3221 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
3222 sleep 1
3223 run_cmd nettest -6 -D -r ${a}
3226 for a in ${NSA_LO_IP6} ::1
3230 run_cmd nettest -6 -s -D -I ${NSA_DEV} &
3231 sleep 1
3232 run_cmd nettest -6 -D -r ${a}
3233 log_test_addr ${a} $? 1 "Device server, local connection"
3238 run_cmd nettest -6 -s -D &
3239 sleep 1
3240 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3244 run_cmd nettest -6 -s -D &
3245 sleep 1
3246 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3250 run_cmd nettest -6 -s -D &
3251 sleep 1
3252 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3255 for a in ${NSA_LO_IP6} ::1
3259 run_cmd nettest -6 -D -s &
3260 sleep 1
3261 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3262 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3266 run_cmd nettest -6 -D -s &
3267 sleep 1
3268 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3269 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3273 run_cmd nettest -6 -D -s &
3274 sleep 1
3275 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3276 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3280 run_cmd nettest -6 -D -s &
3281 sleep 1
3282 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
3283 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
3288 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3289 sleep 1
3290 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3295 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3296 log_test_addr ${a} $? 1 "No server, device client, local conn"
3299 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3300 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3302 run_cmd nettest -6 -s -D &
3303 sleep 1
3304 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3305 log_test $? 0 "UDP in - LLA to GUA"
3307 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3308 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3326 run_cmd nettest -6 -D -s &
3327 sleep 1
3328 run_cmd_nsb nettest -6 -D -r ${a}
3329 log_test_addr ${a} $? 1 "Global server"
3335 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3336 sleep 1
3337 run_cmd_nsb nettest -6 -D -r ${a}
3344 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3345 sleep 1
3346 run_cmd_nsb nettest -6 -D -r ${a}
3350 # negative test - should fail
3355 run_cmd_nsb nettest -6 -D -r ${a}
3356 log_test_addr ${a} $? 1 "No server"
3366 run_cmd nettest -6 -D -s &
3367 sleep 1
3368 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3369 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3375 run_cmd nettest -6 -D -I ${VRF} -s &
3376 sleep 1
3377 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3384 run_cmd nettest -6 -D -s &
3385 sleep 1
3386 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3387 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3390 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3391 sleep 1
3392 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3396 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3397 sleep 1
3398 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3402 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3403 sleep 1
3404 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3409 set_sysctl net.ipv4.udp_l3mdev_accept=1
3417 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3418 sleep 1
3419 run_cmd_nsb nettest -6 -D -r ${a}
3426 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3427 sleep 1
3428 run_cmd_nsb nettest -6 -D -r ${a}
3435 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3436 sleep 1
3437 run_cmd_nsb nettest -6 -D -r ${a}
3441 # negative test - should fail
3445 run_cmd_nsb nettest -6 -D -r ${a}
3446 log_test_addr ${a} $? 1 "No server"
3453 run_cmd_nsb nettest -6 -D -s &
3454 sleep 1
3455 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3458 # negative test - should fail
3460 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3461 log_test $? 1 "No server, VRF client"
3464 run_cmd_nsb nettest -6 -D -s &
3465 sleep 1
3466 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3469 # negative test - should fail
3471 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3472 log_test $? 1 "No server, enslaved device client"
3479 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3480 sleep 1
3481 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3485 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3486 sleep 1
3487 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3493 run_cmd nettest -6 -D -s -3 ${VRF} &
3494 sleep 1
3495 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3499 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
3500 sleep 1
3501 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3504 # negative test - should fail
3508 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3509 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3515 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3516 sleep 1
3517 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3521 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3522 sleep 1
3523 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3527 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3528 sleep 1
3529 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3533 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3534 sleep 1
3535 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3539 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3540 log_test_addr ${a} $? 1 "No server, device client, local conn"
3545 run_cmd nettest -6 -D -s &
3546 sleep 1
3547 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3551 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3552 log_test $? 1 "No server, linklocal IP"
3556 run_cmd_nsb nettest -6 -D -s &
3557 sleep 1
3558 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3562 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3563 log_test $? 1 "No server, device client, peer linklocal IP"
3567 run_cmd nettest -6 -D -s &
3568 sleep 1
3569 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3570 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3573 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3574 log_test $? 1 "No server, device client, local conn - linklocal IP"
3577 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3578 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3580 run_cmd nettest -6 -s -D &
3581 sleep 1
3582 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3583 log_test $? 0 "UDP in - LLA to GUA"
3585 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3586 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3592 set_sysctl net.ipv4.udp_early_demux=1
3604 set_sysctl net.ipv4.udp_l3mdev_accept=1
3623 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3627 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3636 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
3644 run_cmd nettest -6 -s -l ${a} -t1 -b
3648 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3657 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3669 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3673 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3680 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3681 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3688 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
3698 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3704 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3714 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3720 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3721 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3725 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3726 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3748 local desc="$1"
3749 local varg="-6 $2"
3759 run_cmd nettest ${varg} -s &
3760 sleep 1
3761 run_cmd_nsb nettest ${varg} -r ${a} &
3764 sleep 1
3773 run_cmd nettest ${varg} -I ${VRF} -s &
3774 sleep 1
3775 run_cmd_nsb nettest ${varg} -r ${a} &
3778 sleep 1
3787 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3788 sleep 1
3789 run_cmd_nsb nettest ${varg} -r ${a} &
3792 sleep 1
3802 run_cmd_nsb nettest ${varg} -s &
3803 sleep 1
3804 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3807 sleep 1
3813 run_cmd_nsb nettest ${varg} -s &
3814 sleep 1
3815 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3818 sleep 1
3830 run_cmd nettest ${varg} -s &
3831 sleep 1
3832 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3835 sleep 1
3844 run_cmd nettest ${varg} -I ${VRF} -s &
3845 sleep 1
3846 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3849 sleep 1
3857 run_cmd nettest ${varg} -s &
3858 sleep 1
3859 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3862 sleep 1
3868 run_cmd nettest ${varg} -I ${VRF} -s &
3869 sleep 1
3870 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3873 sleep 1
3879 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3880 sleep 1
3881 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3884 sleep 1
3895 run_cmd_nsb ${ping6} -f ${a} &
3898 sleep 1
3899 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3904 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3905 sleep 1
3907 sleep 1
3908 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3913 log_section "Run time tests - ipv6"
3919 ipv6_rt "TCP active socket" "-n -1"
3922 ipv6_rt "TCP passive socket" "-i"
3925 ipv6_rt "UDP active socket" "-D -n -1"
3938 run_cmd nettest -s &
3939 sleep 1
3940 run_cmd_nsb nettest -r ${a}
3941 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3947 local stype="$1"
3951 [ "${stype}" = "UDP" ] && arg="-D"
3956 run_cmd nettest ${arg} -s &
3957 sleep 1
3958 run_cmd_nsb nettest ${arg} -r ${a}
3959 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3969 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3977 run_cmd iptables -F
3978 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3979 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3985 iptables -F
3995 run_cmd nettest -6 -s &
3996 sleep 1
3997 run_cmd_nsb nettest -6 -r ${a}
3998 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
4004 local stype="$1"
4008 [ "${stype}" = "UDP" ] && arg="$arg -D"
4013 run_cmd nettest -6 -s ${arg} &
4014 sleep 1
4015 run_cmd_nsb nettest -6 ${arg} -r ${a}
4016 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
4026 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
4033 run_cmd ip6tables -F
4034 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4035 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4041 ip6tables -F
4048 # ns-A device enslaved to bridge. Verify traffic with and without
4056 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
4060 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
4071 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
4072 log_test $? 0 "Bridge into VRF - IPv4 ping out"
4075 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
4076 log_test $? 0 "Bridge into VRF - IPv6 ping out"
4079 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
4080 log_test $? 0 "Bridge into VRF - IPv4 ping in"
4083 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
4084 log_test $? 0 "Bridge into VRF - IPv6 ping in"
4087 if [ $? -eq 0 ]; then
4089 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
4090 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
4093 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
4094 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
4097 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
4098 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
4101 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
4102 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
4109 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
4113 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
4115 sleep 1
4120 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
4121 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
4124 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
4125 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
4128 run_cmd_nsb ping -c1 -w1 172.16.101.1
4129 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4132 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4133 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4136 if [ $? -eq 0 ]; then
4138 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
4139 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
4142 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
4143 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
4146 run_cmd_nsb ping -c1 -w1 172.16.101.1
4147 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4150 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4151 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4159 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
4164 # only want reply from ns-A
4165 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4166 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4169 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4170 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
4172 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4173 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
4175 # cycle/flap the first ns-A interface
4178 sleep 1
4181 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4182 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
4183 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4184 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
4186 # cycle/flap the second ns-A interface
4189 sleep 1
4192 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4193 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
4194 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4195 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
4198 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
4199 # established with ns-B.
4206 …run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4207 …run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4209 run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
4210 sleep 1
4211 run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
4214 run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
4215 sleep 1
4216 run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
4220 …run_cmd iptables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4221 …run_cmd ip6tables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4243 -4 IPv4 tests only
4244 -6 IPv6 tests only
4245 -t <test> Test name/set to run
4246 -p Pause on fail
4247 -P Pause after each test
4248 -v Be verbose
4269 6) TESTS=ipv6;;
4273 v) VERBOSE=1;;
4275 *) usage; exit 1;;
4285 if [ -z "$TESTS" ]; then
4302 declare -i nfail=0
4303 declare -i nsuccess=0
4335 if [ $nfail -ne 0 ]; then
4336 exit 1 # KSFT_FAIL
4337 elif [ $nsuccess -eq 0 ]; then