Back to home page

OSCL-LXR
 
 

     

0001 #!/bin/bash
0002 # SPDX-License-Identifier: GPL-2.0
0003 #
0004 # Various combinations of VRF with xfrms and qdisc.
0005 
0006 # Kselftest framework requirement - SKIP code is 4.
0007 ksft_skip=4
0008 
0009 PAUSE_ON_FAIL=no
0010 VERBOSE=0
0011 ret=0
0012 
0013 HOST1_4=192.168.1.1
0014 HOST2_4=192.168.1.2
0015 HOST1_6=2001:db8:1::1
0016 HOST2_6=2001:db8:1::2
0017 
0018 XFRM1_4=10.0.1.1
0019 XFRM2_4=10.0.1.2
0020 XFRM1_6=fc00:1000::1
0021 XFRM2_6=fc00:1000::2
0022 IF_ID=123
0023 
0024 VRF=red
0025 TABLE=300
0026 
0027 AUTH_1=0xd94fcfea65fddf21dc6e0d24a0253508
0028 AUTH_2=0xdc6e0d24a0253508d94fcfea65fddf21
0029 ENC_1=0xfc46c20f8048be9725930ff3fb07ac2a91f0347dffeacf62
0030 ENC_2=0x3fb07ac2a91f0347dffeacf62fc46c20f8048be9725930ff
0031 SPI_1=0x02122b77
0032 SPI_2=0x2b770212
0033 
0034 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
0035 
0036 ################################################################################
0037 #
0038 log_test()
0039 {
0040         local rc=$1
0041         local expected=$2
0042         local msg="$3"
0043 
0044         if [ ${rc} -eq ${expected} ]; then
0045                 printf "TEST: %-60s  [ OK ]\n" "${msg}"
0046                 nsuccess=$((nsuccess+1))
0047         else
0048                 ret=1
0049                 nfail=$((nfail+1))
0050                 printf "TEST: %-60s  [FAIL]\n" "${msg}"
0051                 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
0052                         echo
0053                         echo "hit enter to continue, 'q' to quit"
0054                         read a
0055                         [ "$a" = "q" ] && exit 1
0056                 fi
0057         fi
0058 }
0059 
0060 run_cmd_host1()
0061 {
0062         local cmd="$*"
0063         local out
0064         local rc
0065 
0066         if [ "$VERBOSE" = "1" ]; then
0067                 printf "    COMMAND: $cmd\n"
0068         fi
0069 
0070         out=$(eval ip netns exec host1 $cmd 2>&1)
0071         rc=$?
0072         if [ "$VERBOSE" = "1" ]; then
0073                 if [ -n "$out" ]; then
0074                         echo
0075                         echo "    $out"
0076                 fi
0077                 echo
0078         fi
0079 
0080         return $rc
0081 }
0082 
0083 ################################################################################
0084 # create namespaces for hosts and sws
0085 
0086 create_vrf()
0087 {
0088         local ns=$1
0089         local vrf=$2
0090         local table=$3
0091 
0092         if [ -n "${ns}" ]; then
0093                 ns="-netns ${ns}"
0094         fi
0095 
0096         ip ${ns} link add ${vrf} type vrf table ${table}
0097         ip ${ns} link set ${vrf} up
0098         ip ${ns} route add vrf ${vrf} unreachable default metric 8192
0099         ip ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
0100 
0101         ip ${ns} addr add 127.0.0.1/8 dev ${vrf}
0102         ip ${ns} -6 addr add ::1 dev ${vrf} nodad
0103 
0104         ip ${ns} ru del pref 0
0105         ip ${ns} ru add pref 32765 from all lookup local
0106         ip ${ns} -6 ru del pref 0
0107         ip ${ns} -6 ru add pref 32765 from all lookup local
0108 }
0109 
0110 create_ns()
0111 {
0112         local ns=$1
0113         local addr=$2
0114         local addr6=$3
0115 
0116         [ -z "${addr}" ] && addr="-"
0117         [ -z "${addr6}" ] && addr6="-"
0118 
0119         ip netns add ${ns}
0120 
0121         ip -netns ${ns} link set lo up
0122         if [ "${addr}" != "-" ]; then
0123                 ip -netns ${ns} addr add dev lo ${addr}
0124         fi
0125         if [ "${addr6}" != "-" ]; then
0126                 ip -netns ${ns} -6 addr add dev lo ${addr6}
0127         fi
0128 
0129         ip -netns ${ns} ro add unreachable default metric 8192
0130         ip -netns ${ns} -6 ro add unreachable default metric 8192
0131 
0132         ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
0133         ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
0134         ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
0135         ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
0136         ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.accept_dad=0
0137 }
0138 
0139 # create veth pair to connect namespaces and apply addresses.
0140 connect_ns()
0141 {
0142         local ns1=$1
0143         local ns1_dev=$2
0144         local ns1_addr=$3
0145         local ns1_addr6=$4
0146         local ns2=$5
0147         local ns2_dev=$6
0148         local ns2_addr=$7
0149         local ns2_addr6=$8
0150         local ns1arg
0151         local ns2arg
0152 
0153         if [ -n "${ns1}" ]; then
0154                 ns1arg="-netns ${ns1}"
0155         fi
0156         if [ -n "${ns2}" ]; then
0157                 ns2arg="-netns ${ns2}"
0158         fi
0159 
0160         ip ${ns1arg} li add ${ns1_dev} type veth peer name tmp
0161         ip ${ns1arg} li set ${ns1_dev} up
0162         ip ${ns1arg} li set tmp netns ${ns2} name ${ns2_dev}
0163         ip ${ns2arg} li set ${ns2_dev} up
0164 
0165         if [ "${ns1_addr}" != "-" ]; then
0166                 ip ${ns1arg} addr add dev ${ns1_dev} ${ns1_addr}
0167                 ip ${ns2arg} addr add dev ${ns2_dev} ${ns2_addr}
0168         fi
0169 
0170         if [ "${ns1_addr6}" != "-" ]; then
0171                 ip ${ns1arg} addr add dev ${ns1_dev} ${ns1_addr6} nodad
0172                 ip ${ns2arg} addr add dev ${ns2_dev} ${ns2_addr6} nodad
0173         fi
0174 }
0175 
0176 ################################################################################
0177 
0178 cleanup()
0179 {
0180         ip netns del host1
0181         ip netns del host2
0182 }
0183 
0184 setup()
0185 {
0186         create_ns "host1"
0187         create_ns "host2"
0188 
0189         connect_ns "host1" eth0 ${HOST1_4}/24 ${HOST1_6}/64 \
0190                    "host2" eth0 ${HOST2_4}/24 ${HOST2_6}/64
0191 
0192         create_vrf "host1" ${VRF} ${TABLE}
0193         ip -netns host1 link set dev eth0 master ${VRF}
0194 }
0195 
0196 cleanup_xfrm()
0197 {
0198         for ns in host1 host2
0199         do
0200                 for x in state policy
0201                 do
0202                         ip -netns ${ns} xfrm ${x} flush
0203                         ip -6 -netns ${ns} xfrm ${x} flush
0204                 done
0205         done
0206 }
0207 
0208 setup_xfrm()
0209 {
0210         local h1_4=$1
0211         local h2_4=$2
0212         local h1_6=$3
0213         local h2_6=$4
0214         local devarg="$5"
0215 
0216         #
0217         # policy
0218         #
0219 
0220         # host1 - IPv4 out
0221         ip -netns host1 xfrm policy add \
0222           src ${h1_4} dst ${h2_4} ${devarg} dir out \
0223           tmpl src ${HOST1_4} dst ${HOST2_4} proto esp mode tunnel
0224 
0225         # host2 - IPv4 in
0226         ip -netns host2 xfrm policy add \
0227           src ${h1_4} dst ${h2_4} dir in \
0228           tmpl src ${HOST1_4} dst ${HOST2_4} proto esp mode tunnel
0229 
0230         # host1 - IPv4 in
0231         ip -netns host1 xfrm policy add \
0232           src ${h2_4} dst ${h1_4} ${devarg} dir in \
0233           tmpl src ${HOST2_4} dst ${HOST1_4} proto esp mode tunnel
0234 
0235         # host2 - IPv4 out
0236         ip -netns host2 xfrm policy add \
0237           src ${h2_4} dst ${h1_4} dir out \
0238           tmpl src ${HOST2_4} dst ${HOST1_4} proto esp mode tunnel
0239 
0240 
0241         # host1 - IPv6 out
0242         ip -6 -netns host1 xfrm policy add \
0243           src ${h1_6} dst ${h2_6} ${devarg} dir out \
0244           tmpl src ${HOST1_6} dst ${HOST2_6} proto esp mode tunnel
0245 
0246         # host2 - IPv6 in
0247         ip -6 -netns host2 xfrm policy add \
0248           src ${h1_6} dst ${h2_6} dir in \
0249           tmpl src ${HOST1_6} dst ${HOST2_6} proto esp mode tunnel
0250 
0251         # host1 - IPv6 in
0252         ip -6 -netns host1 xfrm policy add \
0253           src ${h2_6} dst ${h1_6} ${devarg} dir in \
0254           tmpl src ${HOST2_6} dst ${HOST1_6} proto esp mode tunnel
0255 
0256         # host2 - IPv6 out
0257         ip -6 -netns host2 xfrm policy add \
0258           src ${h2_6} dst ${h1_6} dir out \
0259           tmpl src ${HOST2_6} dst ${HOST1_6} proto esp mode tunnel
0260 
0261         #
0262         # state
0263         #
0264         ip -netns host1 xfrm state add src ${HOST1_4} dst ${HOST2_4} \
0265             proto esp spi ${SPI_1} reqid 0 mode tunnel \
0266             replay-window 4 replay-oseq 0x4 \
0267             auth-trunc 'hmac(md5)' ${AUTH_1} 96 \
0268             enc 'cbc(des3_ede)' ${ENC_1} \
0269             sel src ${h1_4} dst ${h2_4} ${devarg}
0270 
0271         ip -netns host2 xfrm state add src ${HOST1_4} dst ${HOST2_4} \
0272             proto esp spi ${SPI_1} reqid 0 mode tunnel \
0273             replay-window 4 replay-oseq 0x4 \
0274             auth-trunc 'hmac(md5)' ${AUTH_1} 96 \
0275             enc 'cbc(des3_ede)' ${ENC_1} \
0276             sel src ${h1_4} dst ${h2_4}
0277 
0278 
0279         ip -netns host1 xfrm state add src ${HOST2_4} dst ${HOST1_4} \
0280             proto esp spi ${SPI_2} reqid 0 mode tunnel \
0281             replay-window 4 replay-oseq 0x4 \
0282             auth-trunc 'hmac(md5)' ${AUTH_2} 96 \
0283             enc 'cbc(des3_ede)' ${ENC_2} \
0284             sel src ${h2_4} dst ${h1_4} ${devarg}
0285 
0286         ip -netns host2 xfrm state add src ${HOST2_4} dst ${HOST1_4} \
0287             proto esp spi ${SPI_2} reqid 0 mode tunnel \
0288             replay-window 4 replay-oseq 0x4 \
0289             auth-trunc 'hmac(md5)' ${AUTH_2} 96 \
0290             enc 'cbc(des3_ede)' ${ENC_2} \
0291             sel src ${h2_4} dst ${h1_4}
0292 
0293 
0294         ip -6 -netns host1 xfrm state add src ${HOST1_6} dst ${HOST2_6} \
0295             proto esp spi ${SPI_1} reqid 0 mode tunnel \
0296             replay-window 4 replay-oseq 0x4 \
0297             auth-trunc 'hmac(md5)' ${AUTH_1} 96 \
0298             enc 'cbc(des3_ede)' ${ENC_1} \
0299             sel src ${h1_6} dst ${h2_6} ${devarg}
0300 
0301         ip -6 -netns host2 xfrm state add src ${HOST1_6} dst ${HOST2_6} \
0302             proto esp spi ${SPI_1} reqid 0 mode tunnel \
0303             replay-window 4 replay-oseq 0x4 \
0304             auth-trunc 'hmac(md5)' ${AUTH_1} 96 \
0305             enc 'cbc(des3_ede)' ${ENC_1} \
0306             sel src ${h1_6} dst ${h2_6}
0307 
0308 
0309         ip -6 -netns host1 xfrm state add src ${HOST2_6} dst ${HOST1_6} \
0310             proto esp spi ${SPI_2} reqid 0 mode tunnel \
0311             replay-window 4 replay-oseq 0x4 \
0312             auth-trunc 'hmac(md5)' ${AUTH_2} 96 \
0313             enc 'cbc(des3_ede)' ${ENC_2} \
0314             sel src ${h2_6} dst ${h1_6} ${devarg}
0315 
0316         ip -6 -netns host2 xfrm state add src ${HOST2_6} dst ${HOST1_6} \
0317             proto esp spi ${SPI_2} reqid 0 mode tunnel \
0318             replay-window 4 replay-oseq 0x4 \
0319             auth-trunc 'hmac(md5)' ${AUTH_2} 96 \
0320             enc 'cbc(des3_ede)' ${ENC_2} \
0321             sel src ${h2_6} dst ${h1_6}
0322 }
0323 
0324 cleanup_xfrm_dev()
0325 {
0326         ip -netns host1 li del xfrm0
0327         ip -netns host2 addr del ${XFRM2_4}/24 dev eth0
0328         ip -netns host2 addr del ${XFRM2_6}/64 dev eth0
0329 }
0330 
0331 setup_xfrm_dev()
0332 {
0333         local vrfarg="vrf ${VRF}"
0334 
0335         ip -netns host1 li add type xfrm dev eth0 if_id ${IF_ID}
0336         ip -netns host1 li set xfrm0 ${vrfarg} up
0337         ip -netns host1 addr add ${XFRM1_4}/24 dev xfrm0
0338         ip -netns host1 addr add ${XFRM1_6}/64 dev xfrm0
0339 
0340         ip -netns host2 addr add ${XFRM2_4}/24 dev eth0
0341         ip -netns host2 addr add ${XFRM2_6}/64 dev eth0
0342 
0343         setup_xfrm ${XFRM1_4} ${XFRM2_4} ${XFRM1_6} ${XFRM2_6} "if_id ${IF_ID}"
0344 }
0345 
0346 run_tests()
0347 {
0348         cleanup_xfrm
0349 
0350         # no IPsec
0351         run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
0352         log_test $? 0 "IPv4 no xfrm policy"
0353         run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
0354         log_test $? 0 "IPv6 no xfrm policy"
0355 
0356         # xfrm without VRF in sel
0357         setup_xfrm ${HOST1_4} ${HOST2_4} ${HOST1_6} ${HOST2_6}
0358         run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
0359         log_test $? 0 "IPv4 xfrm policy based on address"
0360         run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
0361         log_test $? 0 "IPv6 xfrm policy based on address"
0362         cleanup_xfrm
0363 
0364         # xfrm with VRF in sel
0365         # Known failure: ipv4 resets the flow oif after the lookup. Fix is
0366         # not straightforward.
0367         # setup_xfrm ${HOST1_4} ${HOST2_4} ${HOST1_6} ${HOST2_6} "dev ${VRF}"
0368         # run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
0369         # log_test $? 0 "IPv4 xfrm policy with VRF in selector"
0370         run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
0371         log_test $? 0 "IPv6 xfrm policy with VRF in selector"
0372         cleanup_xfrm
0373 
0374         # xfrm with enslaved device in sel
0375         # Known failures: combined with the above, __xfrm{4,6}_selector_match
0376         # needs to consider both l3mdev and enslaved device index.
0377         # setup_xfrm ${HOST1_4} ${HOST2_4} ${HOST1_6} ${HOST2_6} "dev eth0"
0378         # run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
0379         # log_test $? 0 "IPv4 xfrm policy with enslaved device in selector"
0380         # run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
0381         # log_test $? 0 "IPv6 xfrm policy with enslaved device in selector"
0382         # cleanup_xfrm
0383 
0384         # xfrm device
0385         setup_xfrm_dev
0386         run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${XFRM2_4}
0387         log_test $? 0 "IPv4 xfrm policy with xfrm device"
0388         run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${XFRM2_6}
0389         log_test $? 0 "IPv6 xfrm policy with xfrm device"
0390         cleanup_xfrm_dev
0391 }
0392 
0393 ################################################################################
0394 # usage
0395 
0396 usage()
0397 {
0398         cat <<EOF
0399 usage: ${0##*/} OPTS
0400 
0401         -p          Pause on fail
0402         -v          verbose mode (show commands and output)
0403 
0404 done
0405 EOF
0406 }
0407 
0408 ################################################################################
0409 # main
0410 
0411 while getopts :pv o
0412 do
0413         case $o in
0414                 p) PAUSE_ON_FAIL=yes;;
0415                 v) VERBOSE=$(($VERBOSE + 1));;
0416                 h) usage; exit 0;;
0417                 *) usage; exit 1;;
0418         esac
0419 done
0420 
0421 cleanup 2>/dev/null
0422 setup
0423 
0424 echo
0425 echo "No qdisc on VRF device"
0426 run_tests
0427 
0428 run_cmd_host1 tc qdisc add dev ${VRF} root netem delay 100ms
0429 echo
0430 echo "netem qdisc on VRF device"
0431 run_tests
0432 
0433 printf "\nTests passed: %3d\n" ${nsuccess}
0434 printf "Tests failed: %3d\n"   ${nfail}
0435 
0436 exit $ret
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!