0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016 VERBOSE=0
0017 PAUSE_ON_FAIL=no
0018
0019 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
0020
0021
0022
0023 log_test()
0024 {
0025 local rc=$1
0026 local expected=$2
0027 local msg="$3"
0028
0029 if [ ${rc} -eq ${expected} ]; then
0030 printf "TEST: %-60s [ OK ]\n" "${msg}"
0031 nsuccess=$((nsuccess+1))
0032 else
0033 ret=1
0034 nfail=$((nfail+1))
0035 printf "TEST: %-60s [FAIL]\n" "${msg}"
0036 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
0037 echo
0038 echo "hit enter to continue, 'q' to quit"
0039 read a
0040 [ "$a" = "q" ] && exit 1
0041 fi
0042 fi
0043 }
0044
0045 run_cmd()
0046 {
0047 local ns
0048 local cmd
0049 local out
0050 local rc
0051
0052 ns="$1"
0053 shift
0054 cmd="$*"
0055
0056 if [ "$VERBOSE" = "1" ]; then
0057 printf " COMMAND: $cmd\n"
0058 fi
0059
0060 out=$(eval ip netns exec ${ns} ${cmd} 2>&1)
0061 rc=$?
0062 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
0063 echo " $out"
0064 fi
0065
0066 [ "$VERBOSE" = "1" ] && echo
0067
0068 return $rc
0069 }
0070
0071
0072
0073
0074 create_ns()
0075 {
0076 local ns=$1
0077 local addr=$2
0078 local addr6=$3
0079
0080 [ -z "${addr}" ] && addr="-"
0081 [ -z "${addr6}" ] && addr6="-"
0082
0083 ip netns add ${ns}
0084
0085 ip -netns ${ns} link set lo up
0086 if [ "${addr}" != "-" ]; then
0087 ip -netns ${ns} addr add dev lo ${addr}
0088 fi
0089 if [ "${addr6}" != "-" ]; then
0090 ip -netns ${ns} -6 addr add dev lo ${addr6}
0091 fi
0092
0093 ip -netns ${ns} ro add unreachable default metric 8192
0094 ip -netns ${ns} -6 ro add unreachable default metric 8192
0095
0096 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
0097 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
0098 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
0099 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
0100 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.accept_dad=0
0101 }
0102
0103
0104 connect_ns()
0105 {
0106 local ns1=$1
0107 local ns1_dev=$2
0108 local ns1_addr=$3
0109 local ns1_addr6=$4
0110 local ns2=$5
0111 local ns2_dev=$6
0112 local ns2_addr=$7
0113 local ns2_addr6=$8
0114
0115 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
0116 ip -netns ${ns1} li set ${ns1_dev} up
0117 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
0118 ip -netns ${ns2} li set ${ns2_dev} up
0119
0120 if [ "${ns1_addr}" != "-" ]; then
0121 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
0122 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
0123 fi
0124
0125 if [ "${ns1_addr6}" != "-" ]; then
0126 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
0127 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
0128 fi
0129 }
0130
0131
0132
0133
0134 cleanup()
0135 {
0136 local ns
0137
0138 for ns in host-1 host-2 router
0139 do
0140 ip netns del ${ns} 2>/dev/null
0141 done
0142 }
0143
0144 setup_l2tp_ipv4()
0145 {
0146
0147
0148
0149 ip -netns host-1 l2tp add tunnel tunnel_id 1041 peer_tunnel_id 1042 \
0150 encap ip local 10.1.1.1 remote 10.1.2.1
0151 ip -netns host-1 l2tp add session name l2tp4 tunnel_id 1041 \
0152 session_id 1041 peer_session_id 1042
0153 ip -netns host-1 link set dev l2tp4 up
0154 ip -netns host-1 addr add dev l2tp4 172.16.1.1 peer 172.16.1.2
0155
0156
0157
0158
0159 ip -netns host-2 l2tp add tunnel tunnel_id 1042 peer_tunnel_id 1041 \
0160 encap ip local 10.1.2.1 remote 10.1.1.1
0161 ip -netns host-2 l2tp add session name l2tp4 tunnel_id 1042 \
0162 session_id 1042 peer_session_id 1041
0163 ip -netns host-2 link set dev l2tp4 up
0164 ip -netns host-2 addr add dev l2tp4 172.16.1.2 peer 172.16.1.1
0165
0166
0167
0168
0169 ip -netns host-1 ro add 172.16.101.2/32 via 172.16.1.2
0170 ip -netns host-2 ro add 172.16.101.1/32 via 172.16.1.1
0171 }
0172
0173 setup_l2tp_ipv6()
0174 {
0175
0176
0177
0178 ip -netns host-1 l2tp add tunnel tunnel_id 1061 peer_tunnel_id 1062 \
0179 encap ip local 2001:db8:1::1 remote 2001:db8:2::1
0180 ip -netns host-1 l2tp add session name l2tp6 tunnel_id 1061 \
0181 session_id 1061 peer_session_id 1062
0182 ip -netns host-1 link set dev l2tp6 up
0183 ip -netns host-1 addr add dev l2tp6 fc00:1::1 peer fc00:1::2
0184
0185
0186
0187
0188 ip -netns host-2 l2tp add tunnel tunnel_id 1062 peer_tunnel_id 1061 \
0189 encap ip local 2001:db8:2::1 remote 2001:db8:1::1
0190 ip -netns host-2 l2tp add session name l2tp6 tunnel_id 1062 \
0191 session_id 1062 peer_session_id 1061
0192 ip -netns host-2 link set dev l2tp6 up
0193 ip -netns host-2 addr add dev l2tp6 fc00:1::2 peer fc00:1::1
0194
0195
0196
0197
0198 ip -netns host-1 -6 ro add fc00:101::2/128 via fc00:1::2
0199 ip -netns host-2 -6 ro add fc00:101::1/128 via fc00:1::1
0200 }
0201
0202 setup()
0203 {
0204
0205 cleanup
0206
0207 set -e
0208 create_ns host-1 172.16.101.1/32 fc00:101::1/128
0209 create_ns host-2 172.16.101.2/32 fc00:101::2/128
0210 create_ns router
0211
0212 connect_ns host-1 eth0 10.1.1.1/24 2001:db8:1::1/64 \
0213 router eth1 10.1.1.2/24 2001:db8:1::2/64
0214
0215 connect_ns host-2 eth0 10.1.2.1/24 2001:db8:2::1/64 \
0216 router eth2 10.1.2.2/24 2001:db8:2::2/64
0217
0218 ip -netns host-1 ro add 10.1.2.0/24 via 10.1.1.2
0219 ip -netns host-1 -6 ro add 2001:db8:2::/64 via 2001:db8:1::2
0220
0221 ip -netns host-2 ro add 10.1.1.0/24 via 10.1.2.2
0222 ip -netns host-2 -6 ro add 2001:db8:1::/64 via 2001:db8:2::2
0223
0224 setup_l2tp_ipv4
0225 setup_l2tp_ipv6
0226 set +e
0227 }
0228
0229 setup_ipsec()
0230 {
0231
0232
0233
0234 run_cmd host-1 ip xfrm policy add \
0235 src 10.1.1.1 dst 10.1.2.1 dir out \
0236 tmpl proto esp mode transport
0237
0238 run_cmd host-1 ip xfrm policy add \
0239 src 10.1.2.1 dst 10.1.1.1 dir in \
0240 tmpl proto esp mode transport
0241
0242 run_cmd host-2 ip xfrm policy add \
0243 src 10.1.1.1 dst 10.1.2.1 dir in \
0244 tmpl proto esp mode transport
0245
0246 run_cmd host-2 ip xfrm policy add \
0247 src 10.1.2.1 dst 10.1.1.1 dir out \
0248 tmpl proto esp mode transport
0249
0250 ip -netns host-1 xfrm state add \
0251 src 10.1.1.1 dst 10.1.2.1 \
0252 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
0253 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport
0254
0255 ip -netns host-1 xfrm state add \
0256 src 10.1.2.1 dst 10.1.1.1 \
0257 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
0258 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport
0259
0260 ip -netns host-2 xfrm state add \
0261 src 10.1.1.1 dst 10.1.2.1 \
0262 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
0263 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport
0264
0265 ip -netns host-2 xfrm state add \
0266 src 10.1.2.1 dst 10.1.1.1 \
0267 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
0268 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport
0269
0270
0271
0272
0273 run_cmd host-1 ip -6 xfrm policy add \
0274 src 2001:db8:1::1 dst 2001:db8:2::1 dir out \
0275 tmpl proto esp mode transport
0276
0277 run_cmd host-1 ip -6 xfrm policy add \
0278 src 2001:db8:2::1 dst 2001:db8:1::1 dir in \
0279 tmpl proto esp mode transport
0280
0281 run_cmd host-2 ip -6 xfrm policy add \
0282 src 2001:db8:1::1 dst 2001:db8:2::1 dir in \
0283 tmpl proto esp mode transport
0284
0285 run_cmd host-2 ip -6 xfrm policy add \
0286 src 2001:db8:2::1 dst 2001:db8:1::1 dir out \
0287 tmpl proto esp mode transport
0288
0289 ip -netns host-1 -6 xfrm state add \
0290 src 2001:db8:1::1 dst 2001:db8:2::1 \
0291 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
0292 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport
0293
0294 ip -netns host-1 -6 xfrm state add \
0295 src 2001:db8:2::1 dst 2001:db8:1::1 \
0296 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
0297 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport
0298
0299 ip -netns host-2 -6 xfrm state add \
0300 src 2001:db8:1::1 dst 2001:db8:2::1 \
0301 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \
0302 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport
0303
0304 ip -netns host-2 -6 xfrm state add \
0305 src 2001:db8:2::1 dst 2001:db8:1::1 \
0306 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \
0307 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport
0308 }
0309
0310 teardown_ipsec()
0311 {
0312 run_cmd host-1 ip xfrm state flush
0313 run_cmd host-1 ip xfrm policy flush
0314 run_cmd host-2 ip xfrm state flush
0315 run_cmd host-2 ip xfrm policy flush
0316 }
0317
0318
0319
0320
0321 run_ping()
0322 {
0323 local desc="$1"
0324
0325 run_cmd host-1 ping -c1 -w1 172.16.1.2
0326 log_test $? 0 "IPv4 basic L2TP tunnel ${desc}"
0327
0328 run_cmd host-1 ping -c1 -w1 -I 172.16.101.1 172.16.101.2
0329 log_test $? 0 "IPv4 route through L2TP tunnel ${desc}"
0330
0331 run_cmd host-1 ${ping6} -c1 -w1 fc00:1::2
0332 log_test $? 0 "IPv6 basic L2TP tunnel ${desc}"
0333
0334 run_cmd host-1 ${ping6} -c1 -w1 -I fc00:101::1 fc00:101::2
0335 log_test $? 0 "IPv6 route through L2TP tunnel ${desc}"
0336 }
0337
0338 run_tests()
0339 {
0340 local desc
0341
0342 setup
0343 run_ping
0344
0345 setup_ipsec
0346 run_ping "- with IPsec"
0347 run_cmd host-1 ping -c1 -w1 172.16.1.2
0348 log_test $? 0 "IPv4 basic L2TP tunnel ${desc}"
0349
0350 run_cmd host-1 ping -c1 -w1 -I 172.16.101.1 172.16.101.2
0351 log_test $? 0 "IPv4 route through L2TP tunnel ${desc}"
0352
0353 run_cmd host-1 ${ping6} -c1 -w1 fc00:1::2
0354 log_test $? 0 "IPv6 basic L2TP tunnel - with IPsec"
0355
0356 run_cmd host-1 ${ping6} -c1 -w1 -I fc00:101::1 fc00:101::2
0357 log_test $? 0 "IPv6 route through L2TP tunnel - with IPsec"
0358
0359 teardown_ipsec
0360 run_ping "- after IPsec teardown"
0361 }
0362
0363
0364
0365
0366 declare -i nfail=0
0367 declare -i nsuccess=0
0368
0369 while getopts :pv o
0370 do
0371 case $o in
0372 p) PAUSE_ON_FAIL=yes;;
0373 v) VERBOSE=$(($VERBOSE + 1));;
0374 *) exit 1;;
0375 esac
0376 done
0377
0378 run_tests
0379 cleanup
0380
0381 printf "\nTests passed: %3d\n" ${nsuccess}
0382 printf "Tests failed: %3d\n" ${nfail}
