Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / marvell / linux / tools / testing / selftests / net / rtnetlink.sh
blob: 3b929e031f59cff92b894d84e5cb6bf237df07e0 [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame^]1#!/bin/bash
2#
3# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
4#
5# set -e
6
7devdummy="test-dummy0"
8ret=0
9
10# Kselftest framework requirement - SKIP code is 4.
11ksft_skip=4
12
13# set global exit status, but never reset nonzero one.
14check_err()
15{
16 if [ $ret -eq 0 ]; then
17 ret=$1
18 fi
19}
20
21# same but inverted -- used when command must fail for test to pass
22check_fail()
23{
24 if [ $1 -eq 0 ]; then
25 ret=1
26 fi
27}
28
29kci_add_dummy()
30{
31 ip link add name "$devdummy" type dummy
32 check_err $?
33 ip link set "$devdummy" up
34 check_err $?
35}
36
37kci_del_dummy()
38{
39 ip link del dev "$devdummy"
40 check_err $?
41}
42
43kci_test_netconf()
44{
45 dev="$1"
46 r=$ret
47
48 ip netconf show dev "$dev" > /dev/null
49 check_err $?
50
51 for f in 4 6; do
52 ip -$f netconf show dev "$dev" > /dev/null
53 check_err $?
54 done
55
56 if [ $ret -ne 0 ] ;then
57 echo "FAIL: ip netconf show $dev"
58 test $r -eq 0 && ret=0
59 return 1
60 fi
61}
62
63# add a bridge with vlans on top
64kci_test_bridge()
65{
66 devbr="test-br0"
67 vlandev="testbr-vlan1"
68
69 ret=0
70 ip link add name "$devbr" type bridge
71 check_err $?
72
73 ip link set dev "$devdummy" master "$devbr"
74 check_err $?
75
76 ip link set "$devbr" up
77 check_err $?
78
79 ip link add link "$devbr" name "$vlandev" type vlan id 1
80 check_err $?
81 ip addr add dev "$vlandev" 10.200.7.23/30
82 check_err $?
83 ip -6 addr add dev "$vlandev" dead:42::1234/64
84 check_err $?
85 ip -d link > /dev/null
86 check_err $?
87 ip r s t all > /dev/null
88 check_err $?
89
90 for name in "$devbr" "$vlandev" "$devdummy" ; do
91 kci_test_netconf "$name"
92 done
93
94 ip -6 addr del dev "$vlandev" dead:42::1234/64
95 check_err $?
96
97 ip link del dev "$vlandev"
98 check_err $?
99 ip link del dev "$devbr"
100 check_err $?
101
102 if [ $ret -ne 0 ];then
103 echo "FAIL: bridge setup"
104 return 1
105 fi
106 echo "PASS: bridge setup"
107
108}
109
110kci_test_gre()
111{
112 gredev=neta
113 rem=10.42.42.1
114 loc=10.0.0.1
115
116 ret=0
117 ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
118 check_err $?
119 ip link set $gredev up
120 check_err $?
121 ip addr add 10.23.7.10 dev $gredev
122 check_err $?
123 ip route add 10.23.8.0/30 dev $gredev
124 check_err $?
125 ip addr add dev "$devdummy" 10.23.7.11/24
126 check_err $?
127 ip link > /dev/null
128 check_err $?
129 ip addr > /dev/null
130 check_err $?
131
132 kci_test_netconf "$gredev"
133
134 ip addr del dev "$devdummy" 10.23.7.11/24
135 check_err $?
136
137 ip link del $gredev
138 check_err $?
139
140 if [ $ret -ne 0 ];then
141 echo "FAIL: gre tunnel endpoint"
142 return 1
143 fi
144 echo "PASS: gre tunnel endpoint"
145}
146
147# tc uses rtnetlink too, for full tc testing
148# please see tools/testing/selftests/tc-testing.
149kci_test_tc()
150{
151 dev=lo
152 ret=0
153
154 tc qdisc add dev "$dev" root handle 1: htb
155 check_err $?
156 tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
157 check_err $?
158 tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
159 check_err $?
160 tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
161 check_err $?
162 tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
163 check_err $?
164 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
165 check_err $?
166 tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
167 check_err $?
168 tc filter show dev "$dev" parent 1:0 > /dev/null
169 check_err $?
170 tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
171 check_err $?
172 tc filter show dev "$dev" parent 1:0 > /dev/null
173 check_err $?
174 tc qdisc del dev "$dev" root handle 1: htb
175 check_err $?
176
177 if [ $ret -ne 0 ];then
178 echo "FAIL: tc htb hierarchy"
179 return 1
180 fi
181 echo "PASS: tc htb hierarchy"
182
183}
184
185kci_test_polrouting()
186{
187 ret=0
188 ip rule add fwmark 1 lookup 100
189 check_err $?
190 ip route add local 0.0.0.0/0 dev lo table 100
191 check_err $?
192 ip r s t all > /dev/null
193 check_err $?
194 ip rule del fwmark 1 lookup 100
195 check_err $?
196 ip route del local 0.0.0.0/0 dev lo table 100
197 check_err $?
198
199 if [ $ret -ne 0 ];then
200 echo "FAIL: policy route test"
201 return 1
202 fi
203 echo "PASS: policy routing"
204}
205
206kci_test_route_get()
207{
208 local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy)
209
210 ret=0
211
212 ip route get 127.0.0.1 > /dev/null
213 check_err $?
214 ip route get 127.0.0.1 dev "$devdummy" > /dev/null
215 check_err $?
216 ip route get ::1 > /dev/null
217 check_err $?
218 ip route get fe80::1 dev "$devdummy" > /dev/null
219 check_err $?
220 ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x1 mark 0x1 > /dev/null
221 check_err $?
222 ip route get ::1 from ::1 iif lo oif lo tos 0x1 mark 0x1 > /dev/null
223 check_err $?
224 ip addr add dev "$devdummy" 10.23.7.11/24
225 check_err $?
226 ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
227 check_err $?
228 ip route add 10.23.8.0/24 \
229 nexthop via 10.23.7.13 dev "$devdummy" \
230 nexthop via 10.23.7.14 dev "$devdummy"
231 check_err $?
232 sysctl -wq net.ipv4.fib_multipath_hash_policy=0
233 ip route get 10.23.8.11 > /dev/null
234 check_err $?
235 sysctl -wq net.ipv4.fib_multipath_hash_policy=1
236 ip route get 10.23.8.11 > /dev/null
237 check_err $?
238 sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy"
239 ip route del 10.23.8.0/24
240 check_err $?
241 ip addr del dev "$devdummy" 10.23.7.11/24
242 check_err $?
243
244 if [ $ret -ne 0 ];then
245 echo "FAIL: route get"
246 return 1
247 fi
248
249 echo "PASS: route get"
250}
251
252kci_test_addrlft()
253{
254 for i in $(seq 10 100) ;do
255 lft=$(((RANDOM%3) + 1))
256 ip addr add 10.23.11.$i/32 dev "$devdummy" preferred_lft $lft valid_lft $((lft+1))
257 check_err $?
258 done
259
260 sleep 5
261
262 ip addr show dev "$devdummy" | grep "10.23.11."
263 if [ $? -eq 0 ]; then
264 echo "FAIL: preferred_lft addresses remaining"
265 check_err 1
266 return
267 fi
268
269 echo "PASS: preferred_lft addresses have expired"
270}
271
272kci_test_promote_secondaries()
273{
274 promote=$(sysctl -n net.ipv4.conf.$devdummy.promote_secondaries)
275
276 sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=1
277
278 for i in $(seq 2 254);do
279 IP="10.23.11.$i"
280 ip -f inet addr add $IP/16 brd + dev "$devdummy"
281 ifconfig "$devdummy" $IP netmask 255.255.0.0
282 done
283
284 ip addr flush dev "$devdummy"
285
286 [ $promote -eq 0 ] && sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=0
287
288 echo "PASS: promote_secondaries complete"
289}
290
291kci_test_addrlabel()
292{
293 ret=0
294
295 ip addrlabel add prefix dead::/64 dev lo label 1
296 check_err $?
297
298 ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
299 check_err $?
300
301 ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
302 check_err $?
303
304 ip addrlabel add prefix dead::/64 label 1 2> /dev/null
305 check_err $?
306
307 ip addrlabel del prefix dead::/64 label 1 2> /dev/null
308 check_err $?
309
310 # concurrent add/delete
311 for i in $(seq 1 1000); do
312 ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
313 done &
314
315 for i in $(seq 1 1000); do
316 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
317 done
318
319 wait
320
321 ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
322
323 if [ $ret -ne 0 ];then
324 echo "FAIL: ipv6 addrlabel"
325 return 1
326 fi
327
328 echo "PASS: ipv6 addrlabel"
329}
330
331kci_test_ifalias()
332{
333 ret=0
334 namewant=$(uuidgen)
335 syspathname="/sys/class/net/$devdummy/ifalias"
336
337 ip link set dev "$devdummy" alias "$namewant"
338 check_err $?
339
340 if [ $ret -ne 0 ]; then
341 echo "FAIL: cannot set interface alias of $devdummy to $namewant"
342 return 1
343 fi
344
345 ip link show "$devdummy" | grep -q "alias $namewant"
346 check_err $?
347
348 if [ -r "$syspathname" ] ; then
349 read namehave < "$syspathname"
350 if [ "$namewant" != "$namehave" ]; then
351 echo "FAIL: did set ifalias $namewant but got $namehave"
352 return 1
353 fi
354
355 namewant=$(uuidgen)
356 echo "$namewant" > "$syspathname"
357 ip link show "$devdummy" | grep -q "alias $namewant"
358 check_err $?
359
360 # sysfs interface allows to delete alias again
361 echo "" > "$syspathname"
362
363 ip link show "$devdummy" | grep -q "alias $namewant"
364 check_fail $?
365
366 for i in $(seq 1 100); do
367 uuidgen > "$syspathname" &
368 done
369
370 wait
371
372 # re-add the alias -- kernel should free mem when dummy dev is removed
373 ip link set dev "$devdummy" alias "$namewant"
374 check_err $?
375 fi
376
377 if [ $ret -ne 0 ]; then
378 echo "FAIL: set interface alias $devdummy to $namewant"
379 return 1
380 fi
381
382 echo "PASS: set ifalias $namewant for $devdummy"
383}
384
385kci_test_vrf()
386{
387 vrfname="test-vrf"
388 ret=0
389
390 ip link show type vrf 2>/dev/null
391 if [ $? -ne 0 ]; then
392 echo "SKIP: vrf: iproute2 too old"
393 return $ksft_skip
394 fi
395
396 ip link add "$vrfname" type vrf table 10
397 check_err $?
398 if [ $ret -ne 0 ];then
399 echo "FAIL: can't add vrf interface, skipping test"
400 return 0
401 fi
402
403 ip -br link show type vrf | grep -q "$vrfname"
404 check_err $?
405 if [ $ret -ne 0 ];then
406 echo "FAIL: created vrf device not found"
407 return 1
408 fi
409
410 ip link set dev "$vrfname" up
411 check_err $?
412
413 ip link set dev "$devdummy" master "$vrfname"
414 check_err $?
415 ip link del dev "$vrfname"
416 check_err $?
417
418 if [ $ret -ne 0 ];then
419 echo "FAIL: vrf"
420 return 1
421 fi
422
423 echo "PASS: vrf"
424}
425
426kci_test_encap_vxlan()
427{
428 ret=0
429 vxlan="test-vxlan0"
430 vlan="test-vlan0"
431 testns="$1"
432
433 ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
434 dev "$devdummy" dstport 4789 2>/dev/null
435 if [ $? -ne 0 ]; then
436 echo "FAIL: can't add vxlan interface, skipping test"
437 return 0
438 fi
439 check_err $?
440
441 ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan"
442 check_err $?
443
444 ip -netns "$testns" link set up dev "$vxlan"
445 check_err $?
446
447 ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1
448 check_err $?
449
450 # changelink testcases
451 ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null
452 check_fail $?
453
454 ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null
455 check_fail $?
456
457 ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null
458 check_fail $?
459
460 ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64
461 check_err $?
462
463 ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning
464 check_err $?
465
466 ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null
467 check_fail $?
468
469 ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null
470 check_fail $?
471
472 ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null
473 check_fail $?
474
475 ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null
476 check_fail $?
477
478 ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null
479 check_fail $?
480
481 ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null
482 check_fail $?
483
484 ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null
485 check_fail $?
486
487 ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null
488 check_fail $?
489
490 ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null
491 check_fail $?
492
493 ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null
494 check_fail $?
495
496 ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null
497 check_fail $?
498
499 ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null
500 check_fail $?
501
502 ip -netns "$testns" link del "$vxlan"
503 check_err $?
504
505 if [ $ret -ne 0 ]; then
506 echo "FAIL: vxlan"
507 return 1
508 fi
509 echo "PASS: vxlan"
510}
511
512kci_test_encap_fou()
513{
514 ret=0
515 name="test-fou"
516 testns="$1"
517
518 ip fou help 2>&1 |grep -q 'Usage: ip fou'
519 if [ $? -ne 0 ];then
520 echo "SKIP: fou: iproute2 too old"
521 return $ksft_skip
522 fi
523
524 if ! /sbin/modprobe -q -n fou; then
525 echo "SKIP: module fou is not found"
526 return $ksft_skip
527 fi
528 /sbin/modprobe -q fou
529 ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null
530 if [ $? -ne 0 ];then
531 echo "FAIL: can't add fou port 7777, skipping test"
532 return 1
533 fi
534
535 ip -netns "$testns" fou add port 8888 ipproto 4
536 check_err $?
537
538 ip -netns "$testns" fou del port 9999 2>/dev/null
539 check_fail $?
540
541 ip -netns "$testns" fou del port 7777
542 check_err $?
543
544 if [ $ret -ne 0 ]; then
545 echo "FAIL: fou"
546 return 1
547 fi
548
549 echo "PASS: fou"
550}
551
552# test various encap methods, use netns to avoid unwanted interference
553kci_test_encap()
554{
555 testns="testns"
556 ret=0
557
558 ip netns add "$testns"
559 if [ $? -ne 0 ]; then
560 echo "SKIP encap tests: cannot add net namespace $testns"
561 return $ksft_skip
562 fi
563
564 ip -netns "$testns" link set lo up
565 check_err $?
566
567 ip -netns "$testns" link add name "$devdummy" type dummy
568 check_err $?
569 ip -netns "$testns" link set "$devdummy" up
570 check_err $?
571
572 kci_test_encap_vxlan "$testns"
573 kci_test_encap_fou "$testns"
574
575 ip netns del "$testns"
576}
577
578kci_test_macsec()
579{
580 msname="test_macsec0"
581 ret=0
582
583 ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
584 if [ $? -ne 0 ]; then
585 echo "SKIP: macsec: iproute2 too old"
586 return $ksft_skip
587 fi
588
589 ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
590 check_err $?
591 if [ $ret -ne 0 ];then
592 echo "FAIL: can't add macsec interface, skipping test"
593 return 1
594 fi
595
596 ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
597 check_err $?
598
599 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
600 check_err $?
601
602 ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
603 check_err $?
604
605 ip macsec show > /dev/null
606 check_err $?
607
608 ip link del dev "$msname"
609 check_err $?
610
611 if [ $ret -ne 0 ];then
612 echo "FAIL: macsec"
613 return 1
614 fi
615
616 echo "PASS: macsec"
617}
618
619#-------------------------------------------------------------------
620# Example commands
621# ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
622# spi 0x07 mode transport reqid 0x07 replay-window 32 \
623# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
624# sel src 14.0.0.52/24 dst 14.0.0.70/24
625# ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
626# tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
627# spi 0x07 mode transport reqid 0x07
628#
629# Subcommands not tested
630# ip x s update
631# ip x s allocspi
632# ip x s deleteall
633# ip x p update
634# ip x p deleteall
635# ip x p set
636#-------------------------------------------------------------------
637kci_test_ipsec()
638{
639 ret=0
640 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
641 srcip=192.168.123.1
642 dstip=192.168.123.2
643 spi=7
644
645 ip addr add $srcip dev $devdummy
646
647 # flush to be sure there's nothing configured
648 ip x s flush ; ip x p flush
649 check_err $?
650
651 # start the monitor in the background
652 tmpfile=`mktemp /var/run/ipsectestXXX`
653 mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
654 sleep 0.2
655
656 ipsecid="proto esp src $srcip dst $dstip spi 0x07"
657 ip x s add $ipsecid \
658 mode transport reqid 0x07 replay-window 32 \
659 $algo sel src $srcip/24 dst $dstip/24
660 check_err $?
661
662 lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
663 test $lines -eq 2
664 check_err $?
665
666 ip x s count | grep -q "SAD count 1"
667 check_err $?
668
669 lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
670 test $lines -eq 2
671 check_err $?
672
673 ip x s delete $ipsecid
674 check_err $?
675
676 lines=`ip x s list | wc -l`
677 test $lines -eq 0
678 check_err $?
679
680 ipsecsel="dir out src $srcip/24 dst $dstip/24"
681 ip x p add $ipsecsel \
682 tmpl proto esp src $srcip dst $dstip \
683 spi 0x07 mode transport reqid 0x07
684 check_err $?
685
686 lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
687 test $lines -eq 2
688 check_err $?
689
690 ip x p count | grep -q "SPD IN 0 OUT 1 FWD 0"
691 check_err $?
692
693 lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
694 test $lines -eq 2
695 check_err $?
696
697 ip x p delete $ipsecsel
698 check_err $?
699
700 lines=`ip x p list | wc -l`
701 test $lines -eq 0
702 check_err $?
703
704 # check the monitor results
705 kill $mpid
706 lines=`wc -l $tmpfile | cut "-d " -f1`
707 test $lines -eq 20
708 check_err $?
709 rm -rf $tmpfile
710
711 # clean up any leftovers
712 ip x s flush
713 check_err $?
714 ip x p flush
715 check_err $?
716 ip addr del $srcip/32 dev $devdummy
717
718 if [ $ret -ne 0 ]; then
719 echo "FAIL: ipsec"
720 return 1
721 fi
722 echo "PASS: ipsec"
723}
724
725#-------------------------------------------------------------------
726# Example commands
727# ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
728# spi 0x07 mode transport reqid 0x07 replay-window 32 \
729# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
730# sel src 14.0.0.52/24 dst 14.0.0.70/24
731# offload dev sim1 dir out
732# ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
733# tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
734# spi 0x07 mode transport reqid 0x07
735#
736#-------------------------------------------------------------------
737kci_test_ipsec_offload()
738{
739 ret=0
740 algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
741 srcip=192.168.123.3
742 dstip=192.168.123.4
743 sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/
744 sysfsf=$sysfsd/ipsec
745 sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/
746 probed=false
747
748 # setup netdevsim since dummydev doesn't have offload support
749 if [ ! -w /sys/bus/netdevsim/new_device ] ; then
750 modprobe -q netdevsim
751 check_err $?
752 if [ $ret -ne 0 ]; then
753 echo "SKIP: ipsec_offload can't load netdevsim"
754 return $ksft_skip
755 fi
756 probed=true
757 fi
758
759 echo "0" > /sys/bus/netdevsim/new_device
760 while [ ! -d $sysfsnet ] ; do :; done
761 udevadm settle
762 dev=`ls $sysfsnet`
763
764 ip addr add $srcip dev $dev
765 ip link set $dev up
766 if [ ! -d $sysfsd ] ; then
767 echo "FAIL: ipsec_offload can't create device $dev"
768 return 1
769 fi
770 if [ ! -f $sysfsf ] ; then
771 echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
772 return 1
773 fi
774
775 # flush to be sure there's nothing configured
776 ip x s flush ; ip x p flush
777
778 # create offloaded SAs, both in and out
779 ip x p add dir out src $srcip/24 dst $dstip/24 \
780 tmpl proto esp src $srcip dst $dstip spi 9 \
781 mode transport reqid 42
782 check_err $?
783 ip x p add dir in src $dstip/24 dst $srcip/24 \
784 tmpl proto esp src $dstip dst $srcip spi 9 \
785 mode transport reqid 42
786 check_err $?
787
788 ip x s add proto esp src $srcip dst $dstip spi 9 \
789 mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
790 offload dev $dev dir out
791 check_err $?
792 ip x s add proto esp src $dstip dst $srcip spi 9 \
793 mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
794 offload dev $dev dir in
795 check_err $?
796 if [ $ret -ne 0 ]; then
797 echo "FAIL: ipsec_offload can't create SA"
798 return 1
799 fi
800
801 # does offload show up in ip output
802 lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
803 if [ $lines -ne 2 ] ; then
804 echo "FAIL: ipsec_offload SA offload missing from list output"
805 check_err 1
806 fi
807
808 # use ping to exercise the Tx path
809 ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null
810
811 # does driver have correct offload info
812 diff $sysfsf - << EOF
813SA count=2 tx=3
814sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
815sa[0] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
816sa[0] key=0x34333231 38373635 32313039 36353433
817sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
818sa[1] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
819sa[1] key=0x34333231 38373635 32313039 36353433
820EOF
821 if [ $? -ne 0 ] ; then
822 echo "FAIL: ipsec_offload incorrect driver data"
823 check_err 1
824 fi
825
826 # does offload get removed from driver
827 ip x s flush
828 ip x p flush
829 lines=`grep -c "SA count=0" $sysfsf`
830 if [ $lines -ne 1 ] ; then
831 echo "FAIL: ipsec_offload SA not removed from driver"
832 check_err 1
833 fi
834
835 # clean up any leftovers
836 echo 0 > /sys/bus/netdevsim/del_device
837 $probed && rmmod netdevsim
838
839 if [ $ret -ne 0 ]; then
840 echo "FAIL: ipsec_offload"
841 return 1
842 fi
843 echo "PASS: ipsec_offload"
844}
845
846kci_test_gretap()
847{
848 testns="testns"
849 DEV_NS=gretap00
850 ret=0
851
852 ip netns add "$testns"
853 if [ $? -ne 0 ]; then
854 echo "SKIP gretap tests: cannot add net namespace $testns"
855 return $ksft_skip
856 fi
857
858 ip link help gretap 2>&1 | grep -q "^Usage:"
859 if [ $? -ne 0 ];then
860 echo "SKIP: gretap: iproute2 too old"
861 ip netns del "$testns"
862 return $ksft_skip
863 fi
864
865 # test native tunnel
866 ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \
867 key 102 local 172.16.1.100 remote 172.16.1.200
868 check_err $?
869
870 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
871 check_err $?
872
873 ip -netns "$testns" link set dev $DEV_NS up
874 check_err $?
875
876 ip -netns "$testns" link del "$DEV_NS"
877 check_err $?
878
879 # test external mode
880 ip -netns "$testns" link add dev "$DEV_NS" type gretap external
881 check_err $?
882
883 ip -netns "$testns" link del "$DEV_NS"
884 check_err $?
885
886 if [ $ret -ne 0 ]; then
887 echo "FAIL: gretap"
888 ip netns del "$testns"
889 return 1
890 fi
891 echo "PASS: gretap"
892
893 ip netns del "$testns"
894}
895
896kci_test_ip6gretap()
897{
898 testns="testns"
899 DEV_NS=ip6gretap00
900 ret=0
901
902 ip netns add "$testns"
903 if [ $? -ne 0 ]; then
904 echo "SKIP ip6gretap tests: cannot add net namespace $testns"
905 return $ksft_skip
906 fi
907
908 ip link help ip6gretap 2>&1 | grep -q "^Usage:"
909 if [ $? -ne 0 ];then
910 echo "SKIP: ip6gretap: iproute2 too old"
911 ip netns del "$testns"
912 return $ksft_skip
913 fi
914
915 # test native tunnel
916 ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \
917 key 102 local fc00:100::1 remote fc00:100::2
918 check_err $?
919
920 ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96
921 check_err $?
922
923 ip -netns "$testns" link set dev $DEV_NS up
924 check_err $?
925
926 ip -netns "$testns" link del "$DEV_NS"
927 check_err $?
928
929 # test external mode
930 ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external
931 check_err $?
932
933 ip -netns "$testns" link del "$DEV_NS"
934 check_err $?
935
936 if [ $ret -ne 0 ]; then
937 echo "FAIL: ip6gretap"
938 ip netns del "$testns"
939 return 1
940 fi
941 echo "PASS: ip6gretap"
942
943 ip netns del "$testns"
944}
945
946kci_test_erspan()
947{
948 testns="testns"
949 DEV_NS=erspan00
950 ret=0
951
952 ip link help erspan 2>&1 | grep -q "^Usage:"
953 if [ $? -ne 0 ];then
954 echo "SKIP: erspan: iproute2 too old"
955 return $ksft_skip
956 fi
957
958 ip netns add "$testns"
959 if [ $? -ne 0 ]; then
960 echo "SKIP erspan tests: cannot add net namespace $testns"
961 return $ksft_skip
962 fi
963
964 # test native tunnel erspan v1
965 ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
966 key 102 local 172.16.1.100 remote 172.16.1.200 \
967 erspan_ver 1 erspan 488
968 check_err $?
969
970 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
971 check_err $?
972
973 ip -netns "$testns" link set dev $DEV_NS up
974 check_err $?
975
976 ip -netns "$testns" link del "$DEV_NS"
977 check_err $?
978
979 # test native tunnel erspan v2
980 ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
981 key 102 local 172.16.1.100 remote 172.16.1.200 \
982 erspan_ver 2 erspan_dir ingress erspan_hwid 7
983 check_err $?
984
985 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
986 check_err $?
987
988 ip -netns "$testns" link set dev $DEV_NS up
989 check_err $?
990
991 ip -netns "$testns" link del "$DEV_NS"
992 check_err $?
993
994 # test external mode
995 ip -netns "$testns" link add dev "$DEV_NS" type erspan external
996 check_err $?
997
998 ip -netns "$testns" link del "$DEV_NS"
999 check_err $?
1000
1001 if [ $ret -ne 0 ]; then
1002 echo "FAIL: erspan"
1003 ip netns del "$testns"
1004 return 1
1005 fi
1006 echo "PASS: erspan"
1007
1008 ip netns del "$testns"
1009}
1010
1011kci_test_ip6erspan()
1012{
1013 testns="testns"
1014 DEV_NS=ip6erspan00
1015 ret=0
1016
1017 ip link help ip6erspan 2>&1 | grep -q "^Usage:"
1018 if [ $? -ne 0 ];then
1019 echo "SKIP: ip6erspan: iproute2 too old"
1020 return $ksft_skip
1021 fi
1022
1023 ip netns add "$testns"
1024 if [ $? -ne 0 ]; then
1025 echo "SKIP ip6erspan tests: cannot add net namespace $testns"
1026 return $ksft_skip
1027 fi
1028
1029 # test native tunnel ip6erspan v1
1030 ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1031 key 102 local fc00:100::1 remote fc00:100::2 \
1032 erspan_ver 1 erspan 488
1033 check_err $?
1034
1035 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1036 check_err $?
1037
1038 ip -netns "$testns" link set dev $DEV_NS up
1039 check_err $?
1040
1041 ip -netns "$testns" link del "$DEV_NS"
1042 check_err $?
1043
1044 # test native tunnel ip6erspan v2
1045 ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
1046 key 102 local fc00:100::1 remote fc00:100::2 \
1047 erspan_ver 2 erspan_dir ingress erspan_hwid 7
1048 check_err $?
1049
1050 ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
1051 check_err $?
1052
1053 ip -netns "$testns" link set dev $DEV_NS up
1054 check_err $?
1055
1056 ip -netns "$testns" link del "$DEV_NS"
1057 check_err $?
1058
1059 # test external mode
1060 ip -netns "$testns" link add dev "$DEV_NS" \
1061 type ip6erspan external
1062 check_err $?
1063
1064 ip -netns "$testns" link del "$DEV_NS"
1065 check_err $?
1066
1067 if [ $ret -ne 0 ]; then
1068 echo "FAIL: ip6erspan"
1069 ip netns del "$testns"
1070 return 1
1071 fi
1072 echo "PASS: ip6erspan"
1073
1074 ip netns del "$testns"
1075}
1076
1077kci_test_fdb_get()
1078{
1079 IP="ip -netns testns"
1080 BRIDGE="bridge -netns testns"
1081 brdev="test-br0"
1082 vxlandev="vxlan10"
1083 test_mac=de:ad:be:ef:13:37
1084 localip="10.0.2.2"
1085 dstip="10.0.2.3"
1086 ret=0
1087
1088 bridge fdb help 2>&1 |grep -q 'bridge fdb get'
1089 if [ $? -ne 0 ];then
1090 echo "SKIP: fdb get tests: iproute2 too old"
1091 return $ksft_skip
1092 fi
1093
1094 ip netns add testns
1095 if [ $? -ne 0 ]; then
1096 echo "SKIP fdb get tests: cannot add net namespace $testns"
1097 return $ksft_skip
1098 fi
1099
1100 $IP link add "$vxlandev" type vxlan id 10 local $localip \
1101 dstport 4789 2>/dev/null
1102 check_err $?
1103 $IP link add name "$brdev" type bridge &>/dev/null
1104 check_err $?
1105 $IP link set dev "$vxlandev" master "$brdev" &>/dev/null
1106 check_err $?
1107 $BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null
1108 check_err $?
1109 $BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null
1110 check_err $?
1111
1112 $BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1113 check_err $?
1114 $BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
1115 check_err $?
1116 $BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip"
1117 check_err $?
1118
1119 ip netns del testns &>/dev/null
1120
1121 if [ $ret -ne 0 ]; then
1122 echo "FAIL: bridge fdb get"
1123 return 1
1124 fi
1125
1126 echo "PASS: bridge fdb get"
1127}
1128
1129kci_test_neigh_get()
1130{
1131 dstmac=de:ad:be:ef:13:37
1132 dstip=10.0.2.4
1133 dstip6=dead::2
1134 ret=0
1135
1136 ip neigh help 2>&1 |grep -q 'ip neigh get'
1137 if [ $? -ne 0 ];then
1138 echo "SKIP: fdb get tests: iproute2 too old"
1139 return $ksft_skip
1140 fi
1141
1142 # ipv4
1143 ip neigh add $dstip lladdr $dstmac dev "$devdummy" > /dev/null
1144 check_err $?
1145 ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1146 check_err $?
1147 ip neigh del $dstip lladdr $dstmac dev "$devdummy" > /dev/null
1148 check_err $?
1149
1150 # ipv4 proxy
1151 ip neigh add proxy $dstip dev "$devdummy" > /dev/null
1152 check_err $?
1153 ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip"
1154 check_err $?
1155 ip neigh del proxy $dstip dev "$devdummy" > /dev/null
1156 check_err $?
1157
1158 # ipv6
1159 ip neigh add $dstip6 lladdr $dstmac dev "$devdummy" > /dev/null
1160 check_err $?
1161 ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
1162 check_err $?
1163 ip neigh del $dstip6 lladdr $dstmac dev "$devdummy" > /dev/null
1164 check_err $?
1165
1166 # ipv6 proxy
1167 ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null
1168 check_err $?
1169 ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6"
1170 check_err $?
1171 ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null
1172 check_err $?
1173
1174 if [ $ret -ne 0 ];then
1175 echo "FAIL: neigh get"
1176 return 1
1177 fi
1178
1179 echo "PASS: neigh get"
1180}
1181
1182kci_test_rtnl()
1183{
1184 kci_add_dummy
1185 if [ $ret -ne 0 ];then
1186 echo "FAIL: cannot add dummy interface"
1187 return 1
1188 fi
1189
1190 kci_test_polrouting
1191 kci_test_route_get
1192 kci_test_addrlft
1193 kci_test_promote_secondaries
1194 kci_test_tc
1195 kci_test_gre
1196 kci_test_gretap
1197 kci_test_ip6gretap
1198 kci_test_erspan
1199 kci_test_ip6erspan
1200 kci_test_bridge
1201 kci_test_addrlabel
1202 kci_test_ifalias
1203 kci_test_vrf
1204 kci_test_encap
1205 kci_test_macsec
1206 kci_test_ipsec
1207 kci_test_ipsec_offload
1208 kci_test_fdb_get
1209 kci_test_neigh_get
1210
1211 kci_del_dummy
1212}
1213
1214#check for needed privileges
1215if [ "$(id -u)" -ne 0 ];then
1216 echo "SKIP: Need root privileges"
1217 exit $ksft_skip
1218fi
1219
1220for x in ip tc;do
1221 $x -Version 2>/dev/null >/dev/null
1222 if [ $? -ne 0 ];then
1223 echo "SKIP: Could not run test without the $x tool"
1224 exit $ksft_skip
1225 fi
1226done
1227
1228kci_test_rtnl
1229
1230exit $ret