Lines Matching +full:1 +full:a
8 # 1. icmp, tcp, udp and netfilter
16 # ns-A | ns-B
23 # ns-A:
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
38 # server / client nomenclature relative to ns-A
57 NSA_IP6=2001:db8:1::1
58 NSB_IP6=2001:db8:1::2
59 VRF_IP6=2001:db8:3::1
60 NS_NET6=2001:db8:1::/120
64 NSA_LO_IP6=2001:db8:2::1
69 NL_IP6=2001:db8:4::1
78 MCAST=ff02::1
83 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
97 local rc=$1
101 [ "${VERBOSE}" = "1" ] && echo
104 nsuccess=$((nsuccess+1))
107 nfail=$((nfail+1))
112 read a
113 [ "$a" = "q" ] && exit 1
120 read a
121 [ "$a" = "q" ] && exit 1
129 local addr=$1
161 if [ "${VERBOSE}" = "1" ]; then
169 if [ "${VERBOSE}" = "1" ]; then
178 if [ "${VERBOSE}" = "1" ]; then
186 killall nettest ping ping6 >/dev/null 2>&1
187 sleep 1
195 if [ "$VERBOSE" = "1" ]; then
199 out=$($cmd 2>&1)
201 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
239 read a
261 read a
283 read a
289 # set sysctl values in NS-A
297 # get sysctl values in NS-A
308 case "$1" in
310 ::1) echo "IPv6 loopback";;
315 ${NSA_IP}) echo "ns-A IP";;
316 ${NSA_IP6}) echo "ns-A IPv6";;
317 ${NSA_LO_IP}) echo "ns-A loopback IP";;
318 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
319 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
341 local ns=$1
355 [ -z "$addr" ] && return 1
367 local ns=$1
379 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
395 local ns=$1
409 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
410 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
411 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
412 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
418 local ns1=$1
467 ip link del ${NSA_DEV2} >/dev/null 2>&1
469 ip netns del ${NSC} >/dev/null 2>&1
475 # ns-B but for a device NOT in the VRF
485 local with_vrf=${1}
487 # make sure we are starting with a clean slate
506 # tell ns-A how to get to remote addresses of ns-B
522 # tell ns-B how to get to remote addresses of ns-A
528 sleep 1
533 # make sure we are starting with a clean slate
562 sleep 1
570 local a
575 for a in ${NSB_IP} ${NSB_LO_IP}
578 run_cmd ping -c1 -w1 ${a}
579 log_test_addr ${a} $? 0 "ping out"
582 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
583 log_test_addr ${a} $? 0 "ping out, device bind"
586 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
587 log_test_addr ${a} $? 0 "ping out, address bind"
593 a=${NSB_IP}
595 run_cmd ping -c 1 -w 1 -r ${a}
596 log_test_addr ${a} $? 0 "ping out (don't route), peer on link"
598 a=${NSB_LO_IP}
601 run_cmd ping -c 1 -w 1 -r ${a}
602 log_test_addr ${a} $? 1 "ping out (don't route), peer not on link"
607 for a in ${NSA_IP} ${NSA_LO_IP}
610 run_cmd_nsb ping -c1 -w1 ${a}
611 log_test_addr ${a} $? 0 "ping in"
617 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
620 run_cmd ping -c1 -w1 ${a}
621 log_test_addr ${a} $? 0 "ping local"
628 a=${NSA_IP}
630 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
631 log_test_addr ${a} $? 0 "ping local, device bind"
634 # fails in a really weird way though because ipv4 special cases
636 for a in ${NSA_LO_IP} 127.0.0.1
640 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
641 log_test_addr ${a} $? 1 "ping local, device bind"
653 a=${NSB_LO_IP}
654 run_cmd ping -c1 -w1 ${a}
655 log_test_addr ${a} $? 2 "ping out, blocked by rule"
658 # a viable rtable if the oif (e.g., bind to device) is set, so this
660 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
662 a=${NSA_LO_IP}
665 run_cmd_nsb ping -c1 -w1 ${a}
666 log_test_addr ${a} $? 1 "ping in, blocked by rule"
668 [ "$VERBOSE" = "1" ] && echo
681 a=${NSB_LO_IP}
682 run_cmd ping -c1 -w1 ${a}
683 log_test_addr ${a} $? 2 "ping out, blocked by route"
686 # a viable rtable if the oif (e.g., bind to device) is set, so this
687 # case succeeds despite not having a route for the address
688 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
690 a=${NSA_LO_IP}
693 run_cmd_nsb ping -c1 -w1 ${a}
694 log_test_addr ${a} $? 1 "ping in, blocked by route"
702 a=${NSB_LO_IP}
703 run_cmd ping -c1 -w1 ${a}
704 log_test_addr ${a} $? 2 "ping out, unreachable default route"
707 # a viable rtable if the oif (e.g., bind to device) is set, so this
708 # case succeeds despite not having a route for the address
709 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
714 local a
717 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
722 for a in ${NSB_IP} ${NSB_LO_IP}
725 run_cmd ping -c1 -w1 -I ${VRF} ${a}
726 log_test_addr ${a} $? 0 "ping out, VRF bind"
729 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
730 log_test_addr ${a} $? 0 "ping out, device bind"
733 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
734 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
737 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
738 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
744 for a in ${NSA_IP} ${VRF_IP}
747 run_cmd_nsb ping -c1 -w1 ${a}
748 log_test_addr ${a} $? 0 "ping in"
754 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
757 show_hint "Source address should be ${a}"
758 run_cmd ping -c1 -w1 -I ${VRF} ${a}
759 log_test_addr ${a} $? 0 "ping local, VRF bind"
766 a=${NSA_IP}
768 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
769 log_test_addr ${a} $? 0 "ping local, device bind"
772 for a in ${VRF_IP} 127.0.0.1
776 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
777 log_test_addr ${a} $? 2 "ping local, device bind"
787 a=${NSB_LO_IP}
788 run_cmd ping -c1 -w1 -I ${VRF} ${a}
789 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
792 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
793 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
795 a=${NSA_LO_IP}
798 run_cmd_nsb ping -c1 -w1 ${a}
799 log_test_addr ${a} $? 1 "ping in, blocked by rule"
801 [ "$VERBOSE" = "1" ] && echo
811 a=${NSB_LO_IP}
812 run_cmd ping -c1 -w1 -I ${VRF} ${a}
813 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
816 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
817 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
819 a=${NSA_LO_IP}
822 run_cmd_nsb ping -c1 -w1 ${a}
823 log_test_addr ${a} $? 1 "ping in, unreachable route"
835 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
864 sleep 1
872 sleep 1
880 sleep 1
888 sleep 1
899 sleep 1
907 sleep 1
915 sleep 1
932 sleep 1
940 sleep 1
948 sleep 1
956 sleep 1
967 sleep 1
975 sleep 1
983 sleep 1
988 # duplicate config between default VRF and a VRF
994 sleep 1
1001 sleep 1
1009 sleep 1
1017 sleep 1
1024 sleep 1
1031 sleep 1
1039 sleep 1
1047 sleep 1
1056 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1060 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1071 sleep 1
1078 sleep 1
1085 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1088 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1092 sleep 1
1098 sleep 1
1104 sleep 1
1110 sleep 1
1120 local syncookies=$1
1123 local a
1128 # on link (doesn't need to be routed through a gateway).
1138 a=${NSB_IP}
1140 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1141 log_test_addr ${a} $? 0 "SO_DONTROUTE client, syncookies=${syncookies}"
1143 a=${NSB_IP}
1145 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute
1146 log_test_addr ${a} $? 0 "SO_DONTROUTE server, syncookies=${syncookies}"
1153 # to respond to a routed address and not a link local one).
1155 a=${NSB_LO_IP}
1158 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute
1159 log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}"
1161 a=${NSB_LO_IP}
1164 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute
1165 log_test_addr ${a} $? 2 "SO_DONTROUTE server, syncookies=${syncookies}"
1173 local a
1178 for a in ${NSA_IP} ${NSA_LO_IP}
1182 sleep 1
1183 run_cmd_nsb nettest -r ${a}
1184 log_test_addr ${a} $? 0 "Global server"
1187 a=${NSA_IP}
1190 sleep 1
1191 run_cmd_nsb nettest -r ${a}
1192 log_test_addr ${a} $? 0 "Device server"
1195 for a in ${NSA_IP} ${NSA_LO_IP}
1199 run_cmd_nsb nettest -r ${a}
1200 log_test_addr ${a} $? 1 "No server"
1206 for a in ${NSB_IP} ${NSB_LO_IP}
1210 sleep 1
1211 run_cmd nettest -r ${a} -0 ${NSA_IP}
1212 log_test_addr ${a} $? 0 "Client"
1216 sleep 1
1217 run_cmd nettest -r ${a} -d ${NSA_DEV}
1218 log_test_addr ${a} $? 0 "Client, device bind"
1222 run_cmd nettest -r ${a}
1223 log_test_addr ${a} $? 1 "No server, unbound client"
1227 run_cmd nettest -r ${a} -d ${NSA_DEV}
1228 log_test_addr ${a} $? 1 "No server, device client"
1234 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1238 sleep 1
1239 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1240 log_test_addr ${a} $? 0 "Global server, local connection"
1243 a=${NSA_IP}
1246 sleep 1
1247 run_cmd nettest -r ${a} -0 ${a}
1248 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1250 for a in ${NSA_LO_IP} 127.0.0.1
1255 sleep 1
1256 run_cmd nettest -r ${a}
1257 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1260 a=${NSA_IP}
1263 sleep 1
1264 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1265 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1267 for a in ${NSA_LO_IP} 127.0.0.1
1272 sleep 1
1273 run_cmd nettest -r ${a} -d ${NSA_DEV}
1274 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1277 a=${NSA_IP}
1280 sleep 1
1281 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1282 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1286 run_cmd nettest -d ${NSA_DEV} -r ${a}
1287 log_test_addr ${a} $? 1 "No server, device client, local conn"
1289 [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf
1297 local a
1307 for a in ${NSA_IP} ${VRF_IP}
1312 sleep 1
1313 run_cmd_nsb nettest -r ${a}
1314 log_test_addr ${a} $? 1 "Global server"
1318 sleep 1
1319 run_cmd_nsb nettest -r ${a}
1320 log_test_addr ${a} $? 0 "VRF server"
1324 sleep 1
1325 run_cmd_nsb nettest -r ${a}
1326 log_test_addr ${a} $? 0 "Device server"
1331 run_cmd_nsb nettest -r ${a}
1332 log_test_addr ${a} $? 1 "No server"
1337 a=${NSA_IP}
1341 sleep 1
1342 run_cmd nettest -r ${a} -d ${NSA_DEV}
1343 log_test_addr ${a} $? 1 "Global server, local connection"
1356 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1358 for a in ${NSA_IP} ${VRF_IP}
1363 sleep 1
1364 run_cmd_nsb nettest -r ${a}
1365 log_test_addr ${a} $? 0 "Global server"
1370 sleep 1
1371 run_cmd_nsb nettest -r ${a}
1372 log_test_addr ${a} $? 0 "VRF server"
1377 run_cmd_nsb nettest -r ${a}
1378 log_test_addr ${a} $? 1 "No server"
1381 a=${NSA_IP}
1385 sleep 1
1386 run_cmd_nsb nettest -r ${a}
1387 log_test_addr ${a} $? 0 "Device server"
1390 for a in ${NSA_IP} ${VRF_IP}
1395 sleep 1
1396 run_cmd nettest -r ${a}
1397 log_test_addr ${a} $? 1 "Global server, local connection"
1403 for a in ${NSB_IP} ${NSB_LO_IP}
1407 sleep 1
1408 run_cmd nettest -r ${a} -d ${VRF}
1409 log_test_addr ${a} $? 0 "Client, VRF bind"
1413 sleep 1
1414 run_cmd nettest -r ${a} -d ${NSA_DEV}
1415 log_test_addr ${a} $? 0 "Client, device bind"
1419 run_cmd nettest -r ${a} -d ${VRF}
1420 log_test_addr ${a} $? 1 "No server, VRF client"
1424 run_cmd nettest -r ${a} -d ${NSA_DEV}
1425 log_test_addr ${a} $? 1 "No server, device client"
1428 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1432 sleep 1
1433 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1434 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1437 a=${NSA_IP}
1440 sleep 1
1441 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1442 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1447 sleep 1
1448 run_cmd nettest -r ${a}
1449 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1453 sleep 1
1454 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1455 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1459 sleep 1
1460 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1461 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1476 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1489 local a
1494 for a in ${NSA_IP} ${NSA_LO_IP}
1498 sleep 1
1499 run_cmd_nsb nettest -D -r ${a}
1500 log_test_addr ${a} $? 0 "Global server"
1504 run_cmd_nsb nettest -D -r ${a}
1505 log_test_addr ${a} $? 1 "No server"
1508 a=${NSA_IP}
1511 sleep 1
1512 run_cmd_nsb nettest -D -r ${a}
1513 log_test_addr ${a} $? 0 "Device server"
1518 for a in ${NSB_IP} ${NSB_LO_IP}
1522 sleep 1
1523 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1524 log_test_addr ${a} $? 0 "Client"
1528 sleep 1
1529 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1530 log_test_addr ${a} $? 0 "Client, device bind"
1534 sleep 1
1535 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1536 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1540 sleep 1
1541 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1542 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1546 sleep 1
1547 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
1548 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF, with connect()"
1553 run_cmd nettest -D -r ${a}
1554 log_test_addr ${a} $? 1 "No server, unbound client"
1558 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1559 log_test_addr ${a} $? 1 "No server, device client"
1565 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1569 sleep 1
1570 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1571 log_test_addr ${a} $? 0 "Global server, local connection"
1574 a=${NSA_IP}
1577 sleep 1
1578 run_cmd nettest -D -r ${a}
1579 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1581 for a in ${NSA_LO_IP} 127.0.0.1
1586 sleep 1
1587 run_cmd nettest -D -r ${a}
1588 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1591 a=${NSA_IP}
1594 sleep 1
1595 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1596 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1600 sleep 1
1601 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1602 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1606 sleep 1
1607 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1608 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1612 sleep 1
1613 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
1614 …log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1620 for a in ${NSA_LO_IP} 127.0.0.1
1625 sleep 1
1626 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1627 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1632 sleep 1
1633 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1634 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1639 sleep 1
1640 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1641 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1646 sleep 1
1647 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
1648 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1653 a=${NSA_IP}
1656 sleep 1
1657 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1658 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1661 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1662 log_test_addr ${a} $? 2 "No server, device client, local conn"
1667 # on link (doesn't need to be routed through a gateway).
1670 a=${NSB_IP}
1672 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1673 log_test_addr ${a} $? 0 "SO_DONTROUTE client"
1675 a=${NSB_LO_IP}
1678 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1679 log_test_addr ${a} $? 1 "SO_DONTROUTE client"
1684 local a
1693 for a in ${NSA_IP} ${VRF_IP}
1696 show_hint "Fails because ingress is in a VRF and global server is disabled"
1698 sleep 1
1699 run_cmd_nsb nettest -D -r ${a}
1700 log_test_addr ${a} $? 1 "Global server"
1704 sleep 1
1705 run_cmd_nsb nettest -D -r ${a}
1706 log_test_addr ${a} $? 0 "VRF server"
1710 sleep 1
1711 run_cmd_nsb nettest -D -r ${a}
1712 log_test_addr ${a} $? 0 "Enslaved device server"
1716 run_cmd_nsb nettest -D -r ${a}
1717 log_test_addr ${a} $? 1 "No server"
1722 sleep 1
1723 run_cmd nettest -D -d ${VRF} -r ${a}
1724 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1727 a=${NSA_IP}
1730 sleep 1
1731 run_cmd nettest -D -d ${VRF} -r ${a}
1732 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1736 sleep 1
1737 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1738 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1740 a=${NSA_IP}
1743 sleep 1
1744 run_cmd nettest -D -d ${VRF} -r ${a}
1745 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1749 sleep 1
1750 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1751 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1755 set_sysctl net.ipv4.udp_l3mdev_accept=1
1760 for a in ${NSA_IP} ${VRF_IP}
1764 sleep 1
1765 run_cmd_nsb nettest -D -r ${a}
1766 log_test_addr ${a} $? 0 "Global server"
1770 sleep 1
1771 run_cmd_nsb nettest -D -r ${a}
1772 log_test_addr ${a} $? 0 "VRF server"
1776 sleep 1
1777 run_cmd_nsb nettest -D -r ${a}
1778 log_test_addr ${a} $? 0 "Enslaved device server"
1782 run_cmd_nsb nettest -D -r ${a}
1783 log_test_addr ${a} $? 1 "No server"
1791 sleep 1
1792 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1797 sleep 1
1798 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1805 log_test $? 1 "No server, VRF client"
1810 log_test $? 1 "No server, enslaved device client"
1815 a=${NSA_IP}
1818 sleep 1
1819 run_cmd nettest -D -d ${VRF} -r ${a}
1820 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1824 sleep 1
1825 run_cmd nettest -D -d ${VRF} -r ${a}
1826 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1830 sleep 1
1831 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1832 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1836 sleep 1
1837 run_cmd nettest -D -d ${VRF} -r ${a}
1838 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1842 sleep 1
1843 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1844 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1846 for a in ${VRF_IP} 127.0.0.1
1850 sleep 1
1851 run_cmd nettest -D -d ${VRF} -r ${a}
1852 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1855 for a in ${VRF_IP} 127.0.0.1
1859 sleep 1
1860 run_cmd nettest -D -d ${VRF} -r ${a}
1861 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1866 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1870 run_cmd nettest -D -d ${VRF} -r ${a}
1871 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1888 set_sysctl net.ipv4.udp_l3mdev_accept=1
1906 for a in ${NSA_IP} ${NSA_LO_IP}
1909 run_cmd nettest -s -R -P icmp -l ${a} -b
1910 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1913 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1914 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1920 a=${NL_IP}
1922 run_cmd nettest -s -R -f -l ${a} -b
1923 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
1926 run_cmd nettest -s -f -l ${a} -b
1927 log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address"
1930 run_cmd nettest -s -D -P icmp -f -l ${a} -b
1931 log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address"
1936 a=${BCAST_IP}
1938 run_cmd nettest -s -D -P icmp -l ${a} -b
1939 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
1941 a=${MCAST_IP}
1943 run_cmd nettest -s -D -P icmp -l ${a} -b
1944 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
1949 a=${NSA_IP}
1951 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1952 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1955 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1956 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1958 # Sadly, the kernel allows binding a socket to a device and then
1962 #a=${NSA_LO_IP}
1965 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1966 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1974 for a in ${NSA_IP} ${VRF_IP}
1978 run_cmd nettest -s -R -P icmp -l ${a} -b
1979 log_test_addr ${a} $? 1 "Raw socket bind to local address"
1982 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1983 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1985 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1986 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
1989 a=${NSA_LO_IP}
1992 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1993 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
1998 a=${NL_IP}
2000 run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
2001 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
2004 run_cmd nettest -s -f -l ${a} -I ${VRF} -b
2005 log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address after VRF bind"
2008 run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
2009 log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address after VRF bind"
2014 a=${BCAST_IP}
2016 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2017 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
2019 a=${MCAST_IP}
2021 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2022 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
2027 for a in ${NSA_IP} ${VRF_IP}
2030 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2031 log_test_addr ${a} $? 0 "TCP socket bind to local address"
2034 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2035 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
2038 a=${NSA_LO_IP}
2041 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2042 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
2046 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2047 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
2070 local desc="$1"
2073 local a
2078 for a in ${NSA_IP} ${VRF_IP}
2082 sleep 1
2083 run_cmd_nsb nettest ${varg} -r ${a} &
2086 sleep 1
2087 log_test_addr ${a} 0 0 "${desc}, global server"
2092 for a in ${NSA_IP} ${VRF_IP}
2096 sleep 1
2097 run_cmd_nsb nettest ${varg} -r ${a} &
2100 sleep 1
2101 log_test_addr ${a} 0 0 "${desc}, VRF server"
2106 a=${NSA_IP}
2109 sleep 1
2110 run_cmd_nsb nettest ${varg} -r ${a} &
2113 sleep 1
2114 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
2123 sleep 1
2127 sleep 1
2128 log_test_addr ${a} 0 0 "${desc}, VRF client"
2134 sleep 1
2138 sleep 1
2139 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
2146 for a in ${NSA_IP} ${VRF_IP}
2150 sleep 1
2151 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2154 sleep 1
2155 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
2160 for a in ${NSA_IP} ${VRF_IP}
2164 sleep 1
2165 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2168 sleep 1
2169 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
2174 a=${NSA_IP}
2178 sleep 1
2179 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2182 sleep 1
2183 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
2189 sleep 1
2190 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2193 sleep 1
2194 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
2200 sleep 1
2201 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2204 sleep 1
2205 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
2211 local a
2213 for a in ${NSA_IP} ${VRF_IP}
2216 run_cmd_nsb ping -f ${a} &
2219 sleep 1
2220 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2225 a=${NSB_IP}
2227 run_cmd ping -f -I ${VRF} ${a} &
2230 sleep 1
2231 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2242 ipv4_rt "TCP active socket" "-n -1"
2253 local a
2255 # should not have an impact, but make a known state
2261 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2264 run_cmd ${ping6} -c1 -w1 ${a}
2265 log_test_addr ${a} $? 0 "ping out"
2268 for a in ${NSB_IP6} ${NSB_LO_IP6}
2271 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2272 log_test_addr ${a} $? 0 "ping out, device bind"
2275 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2276 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2282 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2285 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2286 log_test_addr ${a} $? 0 "ping in"
2292 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2295 run_cmd ${ping6} -c1 -w1 ${a}
2296 log_test_addr ${a} $? 0 "ping local, no bind"
2299 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2302 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2303 log_test_addr ${a} $? 0 "ping local, device bind"
2306 for a in ${NSA_LO_IP6} ::1
2310 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2311 log_test_addr ${a} $? 2 "ping local, device bind"
2323 a=${NSB_LO_IP6}
2324 run_cmd ${ping6} -c1 -w1 ${a}
2325 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2328 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2329 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2331 a=${NSA_LO_IP6}
2334 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2335 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2350 a=${NSB_LO_IP6}
2351 run_cmd ${ping6} -c1 -w1 ${a}
2352 log_test_addr ${a} $? 2 "ping out, blocked by route"
2355 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2356 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2358 a=${NSA_LO_IP6}
2361 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2362 log_test_addr ${a} $? 1 "ping in, blocked by route"
2372 a=${NSB_LO_IP6}
2373 run_cmd ${ping6} -c1 -w1 ${a}
2374 log_test_addr ${a} $? 2 "ping out, unreachable route"
2377 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2378 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2383 local a
2386 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2391 for a in ${NSB_IP6} ${NSB_LO_IP6}
2394 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2395 log_test_addr ${a} $? 0 "ping out, VRF bind"
2398 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2402 run_cmd ${ping6} -c1 -w1 ${a}
2403 log_test_addr ${a} $? 1 "ping out, VRF bind"
2406 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2409 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2410 log_test_addr ${a} $? 0 "ping out, device bind"
2413 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2416 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2417 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2423 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2426 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2427 log_test_addr ${a} $? 0 "ping in"
2430 a=${NSA_LO_IP6}
2433 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2434 log_test_addr ${a} $? 1 "ping in"
2439 for a in ${NSA_IP6} ${VRF_IP6} ::1
2442 show_hint "Source address should be ${a}"
2443 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2444 log_test_addr ${a} $? 0 "ping local, VRF bind"
2447 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2450 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2451 log_test_addr ${a} $? 0 "ping local, device bind"
2459 for a in ${NSA_IP6} ${VRF_IP6}
2463 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2477 a=${NSB_LO_IP6}
2478 run_cmd ${ping6} -c1 -w1 ${a}
2479 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2482 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2483 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2485 a=${NSA_LO_IP6}
2488 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2489 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2501 a=${NSB_LO_IP6}
2502 run_cmd ${ping6} -c1 -w1 ${a}
2503 log_test_addr ${a} $? 2 "ping out, unreachable route"
2506 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2507 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2510 a=${NSA_LO_IP6}
2512 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2513 log_test_addr ${a} $? 2 "ping in, unreachable route"
2550 sleep 1
2558 sleep 1
2566 sleep 1
2574 sleep 1
2585 sleep 1
2593 sleep 1
2601 sleep 1
2618 sleep 1
2626 sleep 1
2634 sleep 1
2642 sleep 1
2653 sleep 1
2661 sleep 1
2669 sleep 1
2674 # duplicate config between default VRF and a VRF
2680 sleep 1
2687 sleep 1
2695 sleep 1
2703 sleep 1
2710 sleep 1
2717 sleep 1
2725 sleep 1
2733 sleep 1
2742 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2746 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2752 local a
2757 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2761 sleep 1
2762 run_cmd_nsb nettest -6 -r ${a}
2763 log_test_addr ${a} $? 0 "Global server"
2767 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2771 run_cmd_nsb nettest -6 -r ${a}
2772 log_test_addr ${a} $? 1 "No server"
2778 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2782 sleep 1
2783 run_cmd nettest -6 -r ${a}
2784 log_test_addr ${a} $? 0 "Client"
2787 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2791 sleep 1
2792 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2793 log_test_addr ${a} $? 0 "Client, device bind"
2796 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2800 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2801 log_test_addr ${a} $? 1 "No server, device client"
2807 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2811 sleep 1
2812 run_cmd nettest -6 -r ${a}
2813 log_test_addr ${a} $? 0 "Global server, local connection"
2816 a=${NSA_IP6}
2819 sleep 1
2820 run_cmd nettest -6 -r ${a} -0 ${a}
2821 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2823 for a in ${NSA_LO_IP6} ::1
2828 sleep 1
2829 run_cmd nettest -6 -r ${a}
2830 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2833 a=${NSA_IP6}
2836 sleep 1
2837 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2838 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2840 for a in ${NSA_LO_IP6} ::1
2845 sleep 1
2846 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2847 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2850 for a in ${NSA_IP6} ${NSA_LINKIP6}
2854 sleep 1
2855 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2856 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2859 for a in ${NSA_IP6} ${NSA_LINKIP6}
2863 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2864 log_test_addr ${a} $? 1 "No server, device client, local conn"
2867 [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf
2872 local a
2882 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2887 sleep 1
2888 run_cmd_nsb nettest -6 -r ${a}
2889 log_test_addr ${a} $? 1 "Global server"
2892 for a in ${NSA_IP6} ${VRF_IP6}
2896 sleep 1
2897 run_cmd_nsb nettest -6 -r ${a}
2898 log_test_addr ${a} $? 0 "VRF server"
2902 a=${NSA_LINKIP6}%${NSB_DEV}
2905 sleep 1
2906 run_cmd_nsb nettest -6 -r ${a}
2907 log_test_addr ${a} $? 0 "VRF server"
2909 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2913 sleep 1
2914 run_cmd_nsb nettest -6 -r ${a}
2915 log_test_addr ${a} $? 0 "Device server"
2919 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2923 run_cmd_nsb nettest -6 -r ${a}
2924 log_test_addr ${a} $? 1 "No server"
2928 a=${NSA_IP6}
2932 sleep 1
2933 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2934 log_test_addr ${a} $? 1 "Global server, local connection"
2947 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2949 for a in ${NSA_IP6} ${VRF_IP6}
2953 sleep 1
2954 run_cmd_nsb nettest -6 -r ${a}
2955 log_test_addr ${a} $? 0 "Global server"
2958 for a in ${NSA_IP6} ${VRF_IP6}
2962 sleep 1
2963 run_cmd_nsb nettest -6 -r ${a}
2964 log_test_addr ${a} $? 0 "VRF server"
2968 a=${NSA_LINKIP6}%${NSB_DEV}
2971 sleep 1
2972 run_cmd_nsb nettest -6 -r ${a}
2973 log_test_addr ${a} $? 0 "Global server"
2977 sleep 1
2978 run_cmd_nsb nettest -6 -r ${a}
2979 log_test_addr ${a} $? 0 "VRF server"
2981 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2985 sleep 1
2986 run_cmd_nsb nettest -6 -r ${a}
2987 log_test_addr ${a} $? 0 "Device server"
2991 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2995 run_cmd_nsb nettest -6 -r ${a}
2996 log_test_addr ${a} $? 1 "No server"
3000 for a in ${NSA_IP6} ${VRF_IP6}
3005 sleep 1
3006 run_cmd nettest -6 -r ${a}
3007 log_test_addr ${a} $? 1 "Global server, local connection"
3014 for a in ${NSB_IP6} ${NSB_LO_IP6}
3018 sleep 1
3019 run_cmd nettest -6 -r ${a} -d ${VRF}
3020 log_test_addr ${a} $? 0 "Client, VRF bind"
3023 a=${NSB_LINKIP6}
3027 sleep 1
3028 run_cmd nettest -6 -r ${a} -d ${VRF}
3029 log_test_addr ${a} $? 1 "Client, VRF bind"
3031 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
3035 sleep 1
3036 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3037 log_test_addr ${a} $? 0 "Client, device bind"
3040 for a in ${NSB_IP6} ${NSB_LO_IP6}
3044 run_cmd nettest -6 -r ${a} -d ${VRF}
3045 log_test_addr ${a} $? 1 "No server, VRF client"
3048 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
3052 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3053 log_test_addr ${a} $? 1 "No server, device client"
3056 for a in ${NSA_IP6} ${VRF_IP6} ::1
3060 sleep 1
3061 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3062 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
3065 a=${NSA_IP6}
3068 sleep 1
3069 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3070 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
3072 a=${NSA_IP6}
3076 sleep 1
3077 run_cmd nettest -6 -r ${a}
3078 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
3082 sleep 1
3083 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3084 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
3086 for a in ${NSA_IP6} ${NSA_LINKIP6}
3090 sleep 1
3091 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3092 log_test_addr ${a} $? 0 "Device server, device client, local connection"
3108 set_sysctl net.ipv4.tcp_l3mdev_accept=1
3121 local a
3126 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3130 sleep 1
3131 run_cmd_nsb nettest -6 -D -r ${a}
3132 log_test_addr ${a} $? 0 "Global server"
3136 sleep 1
3137 run_cmd_nsb nettest -6 -D -r ${a}
3138 log_test_addr ${a} $? 0 "Device server"
3141 a=${NSA_LO_IP6}
3144 sleep 1
3145 run_cmd_nsb nettest -6 -D -r ${a}
3146 log_test_addr ${a} $? 0 "Global server"
3148 # should fail since loopback address is out of scope for a device
3154 #sleep 1
3155 #run_cmd_nsb nettest -6 -D -r ${a}
3156 #log_test_addr ${a} $? 1 "Device server"
3159 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3163 run_cmd_nsb nettest -6 -D -r ${a}
3164 log_test_addr ${a} $? 1 "No server"
3170 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
3174 sleep 1
3175 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
3176 log_test_addr ${a} $? 0 "Client"
3180 sleep 1
3181 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
3182 log_test_addr ${a} $? 0 "Client, device bind"
3186 sleep 1
3187 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
3188 log_test_addr ${a} $? 0 "Client, device send via cmsg"
3192 sleep 1
3193 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
3194 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
3198 run_cmd nettest -6 -D -r ${a}
3199 log_test_addr ${a} $? 1 "No server, unbound client"
3203 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3204 log_test_addr ${a} $? 1 "No server, device client"
3210 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
3214 sleep 1
3215 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3216 log_test_addr ${a} $? 0 "Global server, local connection"
3219 a=${NSA_IP6}
3222 sleep 1
3223 run_cmd nettest -6 -D -r ${a}
3224 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
3226 for a in ${NSA_LO_IP6} ::1
3231 sleep 1
3232 run_cmd nettest -6 -D -r ${a}
3233 log_test_addr ${a} $? 1 "Device server, local connection"
3236 a=${NSA_IP6}
3239 sleep 1
3240 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3241 log_test_addr ${a} $? 0 "Global server, device client, local connection"
3245 sleep 1
3246 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3247 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
3251 sleep 1
3252 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3253 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
3255 for a in ${NSA_LO_IP6} ::1
3260 sleep 1
3261 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3262 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3267 sleep 1
3268 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3269 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3274 sleep 1
3275 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3276 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3281 sleep 1
3282 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
3283 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
3286 a=${NSA_IP6}
3289 sleep 1
3290 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3291 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3295 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3296 log_test_addr ${a} $? 1 "No server, device client, local conn"
3303 sleep 1
3313 local a
3322 for a in ${NSA_IP6} ${VRF_IP6}
3327 sleep 1
3328 run_cmd_nsb nettest -6 -D -r ${a}
3329 log_test_addr ${a} $? 1 "Global server"
3332 for a in ${NSA_IP6} ${VRF_IP6}
3336 sleep 1
3337 run_cmd_nsb nettest -6 -D -r ${a}
3338 log_test_addr ${a} $? 0 "VRF server"
3341 for a in ${NSA_IP6} ${VRF_IP6}
3345 sleep 1
3346 run_cmd_nsb nettest -6 -D -r ${a}
3347 log_test_addr ${a} $? 0 "Enslaved device server"
3351 for a in ${NSA_IP6} ${VRF_IP6}
3355 run_cmd_nsb nettest -6 -D -r ${a}
3356 log_test_addr ${a} $? 1 "No server"
3362 for a in ${NSA_IP6} ${VRF_IP6}
3367 sleep 1
3368 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3369 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3372 for a in ${NSA_IP6} ${VRF_IP6}
3376 sleep 1
3377 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3378 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3381 a=${NSA_IP6}
3385 sleep 1
3386 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3387 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3391 sleep 1
3392 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3393 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3397 sleep 1
3398 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3399 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3403 sleep 1
3404 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3405 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3409 set_sysctl net.ipv4.udp_l3mdev_accept=1
3414 for a in ${NSA_IP6} ${VRF_IP6}
3418 sleep 1
3419 run_cmd_nsb nettest -6 -D -r ${a}
3420 log_test_addr ${a} $? 0 "Global server"
3423 for a in ${NSA_IP6} ${VRF_IP6}
3427 sleep 1
3428 run_cmd_nsb nettest -6 -D -r ${a}
3429 log_test_addr ${a} $? 0 "VRF server"
3432 for a in ${NSA_IP6} ${VRF_IP6}
3436 sleep 1
3437 run_cmd_nsb nettest -6 -D -r ${a}
3438 log_test_addr ${a} $? 0 "Enslaved device server"
3442 for a in ${NSA_IP6} ${VRF_IP6}
3445 run_cmd_nsb nettest -6 -D -r ${a}
3446 log_test_addr ${a} $? 1 "No server"
3454 sleep 1
3461 log_test $? 1 "No server, VRF client"
3465 sleep 1
3472 log_test $? 1 "No server, enslaved device client"
3477 a=${NSA_IP6}
3480 sleep 1
3481 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3482 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3486 sleep 1
3487 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3488 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3491 a=${VRF_IP6}
3494 sleep 1
3495 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3496 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3500 sleep 1
3501 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3502 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3505 for a in ${NSA_IP6} ${VRF_IP6}
3508 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3509 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3513 a=${NSA_IP6}
3516 sleep 1
3517 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3518 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3522 sleep 1
3523 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3524 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3528 sleep 1
3529 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3530 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3534 sleep 1
3535 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3536 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3539 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3540 log_test_addr ${a} $? 1 "No server, device client, local conn"
3546 sleep 1
3552 log_test $? 1 "No server, linklocal IP"
3557 sleep 1
3563 log_test $? 1 "No server, device client, peer linklocal IP"
3568 sleep 1
3574 log_test $? 1 "No server, device client, local conn - linklocal IP"
3581 sleep 1
3592 set_sysctl net.ipv4.udp_early_demux=1
3604 set_sysctl net.ipv4.udp_l3mdev_accept=1
3620 for a in ${NSA_IP6} ${NSA_LO_IP6}
3623 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3624 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3627 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3628 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3634 a=${NL_IP6}
3636 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
3637 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
3642 a=${NSA_IP6}
3644 run_cmd nettest -6 -s -l ${a} -t1 -b
3645 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3648 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3649 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3651 # Sadly, the kernel allows binding a socket to a device and then
3654 a=${NSA_LO_IP6}
3657 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3658 log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address"
3666 for a in ${NSA_IP6} ${VRF_IP6}
3669 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3670 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3673 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3674 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3677 a=${NSA_LO_IP6}
3680 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3681 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3686 a=${NL_IP6}
3688 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
3689 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
3694 # address on enslaved device is valid for the VRF or device in a VRF
3695 for a in ${NSA_IP6} ${VRF_IP6}
3698 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3699 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3702 a=${NSA_IP6}
3704 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3705 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3707 # Sadly, the kernel allows binding a socket to a device and then
3711 a=${VRF_IP6}
3714 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3715 log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind"
3717 a=${NSA_LO_IP6}
3720 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3721 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3725 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3726 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3748 local desc="$1"
3751 local a
3756 for a in ${NSA_IP6} ${VRF_IP6}
3760 sleep 1
3761 run_cmd_nsb nettest ${varg} -r ${a} &
3764 sleep 1
3765 log_test_addr ${a} 0 0 "${desc}, global server"
3770 for a in ${NSA_IP6} ${VRF_IP6}
3774 sleep 1
3775 run_cmd_nsb nettest ${varg} -r ${a} &
3778 sleep 1
3779 log_test_addr ${a} 0 0 "${desc}, VRF server"
3784 for a in ${NSA_IP6} ${VRF_IP6}
3788 sleep 1
3789 run_cmd_nsb nettest ${varg} -r ${a} &
3792 sleep 1
3793 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3803 sleep 1
3807 sleep 1
3814 sleep 1
3818 sleep 1
3827 for a in ${NSA_IP6} ${VRF_IP6}
3831 sleep 1
3832 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3835 sleep 1
3836 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3841 for a in ${NSA_IP6} ${VRF_IP6}
3845 sleep 1
3846 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3849 sleep 1
3850 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3855 a=${NSA_IP6}
3858 sleep 1
3859 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3862 sleep 1
3863 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3869 sleep 1
3870 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3873 sleep 1
3874 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3880 sleep 1
3881 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3884 sleep 1
3885 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3891 local a
3893 a=${NSA_IP6}
3895 run_cmd_nsb ${ping6} -f ${a} &
3898 sleep 1
3899 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3905 sleep 1
3907 sleep 1
3908 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3919 ipv6_rt "TCP active socket" "-n -1"
3925 ipv6_rt "UDP active socket" "-D -n -1"
3933 local a
3935 for a in ${NSA_IP} ${VRF_IP}
3939 sleep 1
3940 run_cmd_nsb nettest -r ${a}
3941 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3947 local stype="$1"
3949 local a
3953 for a in ${NSA_IP} ${VRF_IP}
3957 sleep 1
3958 run_cmd_nsb nettest ${arg} -r ${a}
3959 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3969 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3978 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3979 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3990 local a
3992 for a in ${NSA_IP6} ${VRF_IP6}
3996 sleep 1
3997 run_cmd_nsb nettest -6 -r ${a}
3998 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
4004 local stype="$1"
4006 local a
4010 for a in ${NSA_IP6} ${VRF_IP6}
4014 sleep 1
4015 run_cmd_nsb nettest -6 ${arg} -r ${a}
4016 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
4026 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
4034 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4035 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4048 # ns-A device enslaved to bridge. Verify traffic with and without
4109 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
4115 sleep 1
4132 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4150 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4159 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
4164 # only want reply from ns-A
4165 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4166 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4175 # cycle/flap the first ns-A interface
4178 sleep 1
4186 # cycle/flap the second ns-A interface
4189 sleep 1
4198 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
4206 …run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4207 …run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4210 sleep 1
4215 sleep 1
4273 v) VERBOSE=1;;
4275 *) usage; exit 1;;
4336 exit 1 # KSFT_FAIL