Lines Matching +full:no +full:- +full:loopback +full:- +full:test
2 # SPDX-License-Identifier: GPL-2.0
9 # 2. client, server, no-server
13 # 6. VRF and non-VRF permutations
16 # ns-A | ns-B
17 # No VRF case:
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
23 # ns-A:
30 # ns-B:
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
38 # server / client nomenclature relative to ns-A
40 # Kselftest framework requirement - SKIP code is 4.
69 # non-local addresses for freebind tests
85 NSA=ns-A
86 NSB=ns-B
87 NSC=ns-C
106 if [ ${rc} -eq ${expected} ]; then
108 printf "TEST: %-70s [ OK ]\n" "${msg}"
111 printf "TEST: %-70s [FAIL]\n" "${msg}"
139 log_test $rc $expected "$msg - ${astr}"
161 # make sure we have no test instances running
204 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
233 if [ $rc -ne 0 ]; then
255 if [ $rc -ne 0 ]; then
277 if [ $rc -ne 0 ]; then
292 # set sysctl values in NS-A
297 run_cmd sysctl -q -w $*
300 # get sysctl values in NS-A
303 ${NSA_CMD} sysctl -n $*
312 127.0.0.1) echo "loopback";;
313 ::1) echo "IPv6 loopback";;
318 ${NSA_IP}) echo "ns-A IP";;
319 ${NSA_IP6}) echo "ns-A IPv6";;
320 ${NSA_LO_IP}) echo "ns-A loopback IP";;
321 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
322 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
324 ${NSB_IP}) echo "ns-B IP";;
325 ${NSB_IP6}) echo "ns-B IPv6";;
326 ${NSB_LO_IP}) echo "ns-B loopback IP";;
327 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
328 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
348 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
358 [ -z "$addr" ] && return 1
376 ip -netns ${ns} link add ${vrf} type vrf table ${table}
377 ip -netns ${ns} link set ${vrf} up
378 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
379 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
381 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
382 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
383 if [ "${addr}" != "-" ]; then
384 ip -netns ${ns} addr add dev ${vrf} ${addr}
386 if [ "${addr6}" != "-" ]; then
387 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
390 ip -netns ${ns} ru del pref 0
391 ip -netns ${ns} ru add pref 32765 from all lookup local
392 ip -netns ${ns} -6 ru del pref 0
393 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
404 ip -netns ${ns} link set lo up
405 if [ "${addr}" != "-" ]; then
406 ip -netns ${ns} addr add dev lo ${addr}
408 if [ "${addr6}" != "-" ]; then
409 ip -netns ${ns} -6 addr add dev lo ${addr6}
412 ip -netns ${ns} ro add unreachable default metric 8192
413 ip -netns ${ns} -6 ro add unreachable default metric 8192
415 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
416 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
417 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
418 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
433 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
434 ip -netns ${ns1} li set ${ns1_dev} up
435 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
436 ip -netns ${ns2} li set ${ns2_dev} up
438 if [ "${ns1_addr}" != "-" ]; then
439 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
440 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
443 if [ "${ns1_addr6}" != "-" ]; then
444 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
445 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
452 ip netns | grep -q ${NSA}
453 if [ $? -eq 0 ]; then
454 ip -netns ${NSA} link delete ${VRF}
455 ip -netns ${NSA} ro flush table ${VRF_TABLE}
457 ip -netns ${NSA} addr flush dev ${NSA_DEV}
458 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
459 ip -netns ${NSA} link set dev ${NSA_DEV} down
460 ip -netns ${NSA} link del dev ${NSA_DEV}
481 # some VRF tests use ns-C which has the same config as
482 # ns-B but for a device NOT in the VRF
483 create_ns ${NSC} "-" "-"
497 set -e
507 # tell ns-A how to get to remote addresses of ns-B
511 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
512 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
513 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
515 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
516 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
518 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
519 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
523 # tell ns-B how to get to remote addresses of ns-A
524 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
525 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
539 set -e
541 create_ns ${NSA} "-" "-"
542 create_ns ${NSB} "-" "-"
543 create_ns ${NSC} "-" "-"
544 connect_ns ${NSA} ${NSA_DEV} "-" "-" \
545 ${NSB} ${NSB_DEV} "-" "-"
546 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
547 ${NSC} ${NSC_DEV} "-" "-"
553 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
554 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
555 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
575 run_cmd ping -c1 -w1 ${a}
579 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
583 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
593 run_cmd_nsb ping -c1 -w1 ${a}
603 run_cmd ping -c1 -w1 ${a}
613 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
616 # loopback addresses not reachable from device bind
622 show_hint "Fails since address on loopback device is out of device scope"
623 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
637 run_cmd ping -c1 -w1 ${a}
643 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
648 run_cmd_nsb ping -c1 -w1 ${a}
665 run_cmd ping -c1 -w1 ${a}
671 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
676 run_cmd_nsb ping -c1 -w1 ${a}
686 run_cmd ping -c1 -w1 ${a}
692 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
708 run_cmd ping -c1 -w1 -I ${VRF} ${a}
712 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
716 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
720 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
730 run_cmd_nsb ping -c1 -w1 ${a}
741 run_cmd ping -c1 -w1 -I ${VRF} ${a}
751 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
759 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
771 run_cmd ping -c1 -w1 -I ${VRF} ${a}
775 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
781 run_cmd_nsb ping -c1 -w1 ${a}
795 run_cmd ping -c1 -w1 -I ${VRF} ${a}
799 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
805 run_cmd_nsb ping -c1 -w1 ${a}
813 log_subsection "No VRF"
846 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
848 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
854 run_cmd nettest -s &
856 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
857 log_test $? 2 "MD5: Server no config, client uses password"
862 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
864 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
870 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
872 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
876 # MD5 extension - prefix length
881 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
883 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
889 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
891 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
897 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
899 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
914 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
916 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
922 run_cmd nettest -s -I ${VRF} &
924 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
925 log_test $? 2 "MD5: VRF: Server no config, client uses password"
930 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
932 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
938 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
940 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
944 # MD5 extension - prefix length
949 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
951 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
957 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
959 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
965 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
967 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
975 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
976 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
978 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
982 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
983 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
985 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
990 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
991 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
993 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
998 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
999 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1001 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1005 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1006 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1008 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1012 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1013 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1015 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1020 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1021 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1023 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1028 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1029 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1031 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1038 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
1039 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1042 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
1043 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1053 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1055 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1056 log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
1060 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1062 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1063 log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
1068 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1074 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1076 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1080 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1082 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1083 log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
1086 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1088 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1092 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1094 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1095 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
1111 run_cmd nettest -s &
1113 run_cmd_nsb nettest -r ${a}
1119 run_cmd nettest -s -I ${NSA_DEV} &
1121 run_cmd_nsb nettest -r ${a}
1128 show_hint "Should fail 'Connection refused' since there is no server"
1129 run_cmd_nsb nettest -r ${a}
1130 log_test_addr ${a} $? 1 "No server"
1139 run_cmd_nsb nettest -s &
1141 run_cmd nettest -r ${a} -0 ${NSA_IP}
1145 run_cmd_nsb nettest -s &
1147 run_cmd nettest -r ${a} -d ${NSA_DEV}
1152 run_cmd nettest -r ${a}
1153 log_test_addr ${a} $? 1 "No server, unbound client"
1157 run_cmd nettest -r ${a} -d ${NSA_DEV}
1158 log_test_addr ${a} $? 1 "No server, device client"
1167 run_cmd nettest -s &
1169 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1175 run_cmd nettest -s -I ${NSA_DEV} &
1177 run_cmd nettest -r ${a} -0 ${a}
1183 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
1184 run_cmd nettest -s -I ${NSA_DEV} &
1186 run_cmd nettest -r ${a}
1192 run_cmd nettest -s &
1194 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1200 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
1201 run_cmd nettest -s &
1203 run_cmd nettest -r ${a} -d ${NSA_DEV}
1209 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1211 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1216 run_cmd nettest -d ${NSA_DEV} -r ${a}
1217 log_test_addr ${a} $? 1 "No server, device client, local conn"
1238 run_cmd nettest -s &
1240 run_cmd_nsb nettest -r ${a}
1244 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1246 run_cmd_nsb nettest -r ${a}
1250 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1252 run_cmd_nsb nettest -r ${a}
1257 show_hint "Should fail 'Connection refused' since there is no server"
1258 run_cmd_nsb nettest -r ${a}
1259 log_test_addr ${a} $? 1 "No server"
1267 run_cmd nettest -s &
1269 run_cmd nettest -r ${a} -d ${NSA_DEV}
1287 run_cmd nettest -s -3 ${VRF} &
1289 run_cmd_nsb nettest -r ${a}
1294 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1296 run_cmd_nsb nettest -r ${a}
1302 run_cmd_nsb nettest -r ${a}
1303 log_test_addr ${a} $? 1 "No server"
1309 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1311 run_cmd_nsb nettest -r ${a}
1319 run_cmd nettest -s -I ${VRF} &
1321 run_cmd nettest -r ${a}
1331 run_cmd_nsb nettest -s &
1333 run_cmd nettest -r ${a} -d ${VRF}
1337 run_cmd_nsb nettest -s &
1339 run_cmd nettest -r ${a} -d ${NSA_DEV}
1344 run_cmd nettest -r ${a} -d ${VRF}
1345 log_test_addr ${a} $? 1 "No server, VRF client"
1349 run_cmd nettest -r ${a} -d ${NSA_DEV}
1350 log_test_addr ${a} $? 1 "No server, device client"
1356 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1358 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1364 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1366 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1370 show_hint "Should fail 'No route to host' since client is out of VRF scope"
1371 run_cmd nettest -s -I ${VRF} &
1373 run_cmd nettest -r ${a}
1377 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1379 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1383 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1385 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1392 log_subsection "No VRF"
1395 # tcp_l3mdev_accept should have no affect without VRF;
1422 run_cmd nettest -D -s -3 ${NSA_DEV} &
1424 run_cmd_nsb nettest -D -r ${a}
1428 show_hint "Should fail 'Connection refused' since there is no server"
1429 run_cmd_nsb nettest -D -r ${a}
1430 log_test_addr ${a} $? 1 "No server"
1435 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1437 run_cmd_nsb nettest -D -r ${a}
1446 run_cmd_nsb nettest -D -s &
1448 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1452 run_cmd_nsb nettest -D -s &
1454 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1458 run_cmd_nsb nettest -D -s &
1460 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1464 run_cmd_nsb nettest -D -s &
1466 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1470 run_cmd_nsb nettest -D -s &
1472 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
1478 run_cmd nettest -D -r ${a}
1479 log_test_addr ${a} $? 1 "No server, unbound client"
1483 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1484 log_test_addr ${a} $? 1 "No server, device client"
1493 run_cmd nettest -D -s &
1495 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1501 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1503 run_cmd nettest -D -r ${a}
1510 run_cmd nettest -s -D -I ${NSA_DEV} &
1512 run_cmd nettest -D -r ${a}
1518 run_cmd nettest -s -D &
1520 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1524 run_cmd nettest -s -D &
1526 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1530 run_cmd nettest -s -D &
1532 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1536 run_cmd nettest -s -D &
1538 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
1542 # IPv4 with device bind has really weird behavior - it overrides the
1548 show_hint "Should fail since addresses on loopback are out of device scope"
1549 run_cmd nettest -D -s &
1551 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1555 show_hint "Should fail since addresses on loopback are out of device scope"
1556 run_cmd nettest -D -s &
1558 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1562 show_hint "Should fail since addresses on loopback are out of device scope"
1563 run_cmd nettest -D -s &
1565 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1569 show_hint "Should fail since addresses on loopback are out of device scope"
1570 run_cmd nettest -D -s &
1572 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
1580 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1582 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1586 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1587 log_test_addr ${a} $? 2 "No server, device client, local conn"
1605 run_cmd nettest -D -s &
1607 run_cmd_nsb nettest -D -r ${a}
1611 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1613 run_cmd_nsb nettest -D -r ${a}
1617 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1619 run_cmd_nsb nettest -D -r ${a}
1623 show_hint "Should fail 'Connection refused' since there is no server"
1624 run_cmd_nsb nettest -D -r ${a}
1625 log_test_addr ${a} $? 1 "No server"
1629 run_cmd nettest -D -s &
1631 run_cmd nettest -D -d ${VRF} -r ${a}
1637 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1639 run_cmd nettest -D -d ${VRF} -r ${a}
1643 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1645 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1650 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1652 run_cmd nettest -D -d ${VRF} -r ${a}
1656 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1658 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1671 run_cmd nettest -D -s -3 ${NSA_DEV} &
1673 run_cmd_nsb nettest -D -r ${a}
1677 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1679 run_cmd_nsb nettest -D -r ${a}
1683 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1685 run_cmd_nsb nettest -D -r ${a}
1690 run_cmd_nsb nettest -D -r ${a}
1691 log_test_addr ${a} $? 1 "No server"
1698 run_cmd_nsb nettest -D -s &
1700 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1704 run_cmd_nsb nettest -D -s &
1706 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1709 # negative test - should fail
1712 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1713 log_test $? 1 "No server, VRF client"
1717 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1718 log_test $? 1 "No server, enslaved device client"
1725 run_cmd nettest -D -s -3 ${NSA_DEV} &
1727 run_cmd nettest -D -d ${VRF} -r ${a}
1731 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1733 run_cmd nettest -D -d ${VRF} -r ${a}
1737 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1739 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1743 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1745 run_cmd nettest -D -d ${VRF} -r ${a}
1749 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1751 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1757 run_cmd nettest -D -s -3 ${VRF} &
1759 run_cmd nettest -D -d ${VRF} -r ${a}
1766 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
1768 run_cmd nettest -D -d ${VRF} -r ${a}
1772 # negative test - should fail
1778 run_cmd nettest -D -d ${VRF} -r ${a}
1779 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1786 log_subsection "No VRF"
1790 # udp_l3mdev_accept should have no affect without VRF;
1817 run_cmd nettest -s -R -P icmp -l ${a} -b
1821 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1830 run_cmd nettest -s -R -f -l ${a} -b
1834 run_cmd nettest -s -f -l ${a} -b
1838 run_cmd nettest -s -D -P icmp -f -l ${a} -b
1846 run_cmd nettest -s -D -P icmp -l ${a} -b
1851 run_cmd nettest -s -D -P icmp -l ${a} -b
1859 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1863 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1868 # is that the address is valid in the L3 domain. So this test
1873 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1886 run_cmd nettest -s -R -P icmp -l ${a} -b
1890 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1893 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1899 show_hint "Address on loopback is out of VRF scope"
1900 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
1908 run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
1912 run_cmd nettest -s -f -l ${a} -I ${VRF} -b
1916 run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
1924 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
1929 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
1938 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
1942 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1948 show_hint "Address on loopback out of scope for VRF"
1949 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
1953 show_hint "Address on loopback out of scope for device in VRF"
1954 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1962 log_subsection "No VRF"
1989 run_cmd nettest ${varg} -s &
1991 run_cmd_nsb nettest ${varg} -r ${a} &
2003 run_cmd nettest ${varg} -s -I ${VRF} &
2005 run_cmd_nsb nettest ${varg} -r ${a} &
2016 run_cmd nettest ${varg} -s -I ${NSA_DEV} &
2018 run_cmd_nsb nettest ${varg} -r ${a} &
2027 # client test
2030 run_cmd_nsb nettest ${varg} -s &
2032 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
2041 run_cmd_nsb nettest ${varg} -s &
2043 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
2057 run_cmd nettest ${varg} -s &
2059 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2071 run_cmd nettest ${varg} -I ${VRF} -s &
2073 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2085 run_cmd nettest ${varg} -s &
2087 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2096 run_cmd nettest ${varg} -I ${VRF} -s &
2098 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2107 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
2109 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2124 run_cmd_nsb ping -f ${a} &
2128 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2135 run_cmd ping -f -I ${VRF} ${a} &
2139 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2144 log_section "Run time tests - ipv4"
2150 ipv4_rt "TCP active socket" "-n -1"
2153 ipv4_rt "TCP passive socket" "-i"
2172 run_cmd ${ping6} -c1 -w1 ${a}
2179 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2183 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2184 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2193 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2203 run_cmd ${ping6} -c1 -w1 ${a}
2204 log_test_addr ${a} $? 0 "ping local, no bind"
2210 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2217 show_hint "Fails since address on loopback is out of device scope"
2218 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2226 setup_cmd ip -6 rule add pref 32765 from all lookup local
2227 setup_cmd ip -6 rule del pref 0 from all lookup local
2228 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2229 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2232 run_cmd ${ping6} -c1 -w1 ${a}
2236 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2242 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2245 setup_cmd ip -6 rule add pref 0 from all lookup local
2246 setup_cmd ip -6 rule del pref 32765 from all lookup local
2247 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2248 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2254 setup_cmd ip -6 route del ${NSB_LO_IP6}
2255 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2256 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2259 run_cmd ${ping6} -c1 -w1 ${a}
2263 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2269 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2277 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2278 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2281 run_cmd ${ping6} -c1 -w1 ${a}
2285 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2302 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2310 run_cmd ${ping6} -c1 -w1 ${a}
2317 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2324 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2334 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2340 show_hint "Fails since loopback address is out of VRF scope"
2341 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2351 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2358 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2362 # LLA to GUA - remove ipv6 global addresses from ns-B
2363 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2364 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2365 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2370 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2374 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2375 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2376 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2382 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2383 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2386 run_cmd ${ping6} -c1 -w1 ${a}
2390 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2396 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2400 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2401 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2407 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2410 run_cmd ${ping6} -c1 -w1 ${a}
2414 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2417 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2420 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2428 log_subsection "No VRF"
2457 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2459 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2465 run_cmd nettest -6 -s &
2467 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2468 log_test $? 2 "MD5: Server no config, client uses password"
2473 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2475 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2481 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
2483 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2487 # MD5 extension - prefix length
2492 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2494 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2500 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2502 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2508 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2510 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2525 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2527 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2533 run_cmd nettest -6 -s -I ${VRF} &
2535 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2536 log_test $? 2 "MD5: VRF: Server no config, client uses password"
2541 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2543 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2549 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
2551 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2555 # MD5 extension - prefix length
2560 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2562 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2568 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2570 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2576 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2578 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2586 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2587 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2589 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2593 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2594 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2596 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2601 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2602 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2604 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2609 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2610 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2612 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2616 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2617 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2619 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2623 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2624 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2626 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2631 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2632 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2634 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2639 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2640 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2642 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2649 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
2650 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2653 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
2654 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2668 run_cmd nettest -6 -s &
2670 run_cmd_nsb nettest -6 -r ${a}
2679 run_cmd_nsb nettest -6 -r ${a}
2680 log_test_addr ${a} $? 1 "No server"
2689 run_cmd_nsb nettest -6 -s &
2691 run_cmd nettest -6 -r ${a}
2698 run_cmd_nsb nettest -6 -s &
2700 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2708 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2709 log_test_addr ${a} $? 1 "No server, device client"
2718 run_cmd nettest -6 -s &
2720 run_cmd nettest -6 -r ${a}
2726 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2728 run_cmd nettest -6 -r ${a} -0 ${a}
2734 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2735 run_cmd nettest -6 -s -I ${NSA_DEV} &
2737 run_cmd nettest -6 -r ${a}
2743 run_cmd nettest -6 -s &
2745 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2751 show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
2752 run_cmd nettest -6 -s &
2754 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2761 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2763 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2771 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2772 log_test_addr ${a} $? 1 "No server, device client, local conn"
2794 run_cmd nettest -6 -s &
2796 run_cmd_nsb nettest -6 -r ${a}
2803 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2805 run_cmd_nsb nettest -6 -r ${a}
2812 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2814 run_cmd_nsb nettest -6 -r ${a}
2820 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2822 run_cmd_nsb nettest -6 -r ${a}
2831 run_cmd_nsb nettest -6 -r ${a}
2832 log_test_addr ${a} $? 1 "No server"
2839 run_cmd nettest -6 -s &
2841 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2858 run_cmd nettest -6 -s -3 ${VRF} &
2860 run_cmd_nsb nettest -6 -r ${a}
2867 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2869 run_cmd_nsb nettest -6 -r ${a}
2876 run_cmd nettest -6 -s -3 ${NSA_DEV} &
2878 run_cmd_nsb nettest -6 -r ${a}
2882 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2884 run_cmd_nsb nettest -6 -r ${a}
2890 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2892 run_cmd_nsb nettest -6 -r ${a}
2901 run_cmd_nsb nettest -6 -r ${a}
2902 log_test_addr ${a} $? 1 "No server"
2910 run_cmd nettest -6 -s -I ${VRF} &
2912 run_cmd nettest -6 -r ${a}
2923 run_cmd_nsb nettest -6 -s &
2925 run_cmd nettest -6 -r ${a} -d ${VRF}
2932 run_cmd_nsb nettest -6 -s &
2934 run_cmd nettest -6 -r ${a} -d ${VRF}
2940 run_cmd_nsb nettest -6 -s &
2942 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2950 run_cmd nettest -6 -r ${a} -d ${VRF}
2951 log_test_addr ${a} $? 1 "No server, VRF client"
2958 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2959 log_test_addr ${a} $? 1 "No server, device client"
2965 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2967 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2973 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2975 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2981 run_cmd nettest -6 -s -I ${VRF} &
2983 run_cmd nettest -6 -r ${a}
2987 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2989 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
2995 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2997 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3005 log_subsection "No VRF"
3008 # tcp_l3mdev_accept should have no affect without VRF;
3035 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3037 run_cmd_nsb nettest -6 -D -r ${a}
3041 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3043 run_cmd_nsb nettest -6 -D -r ${a}
3049 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3051 run_cmd_nsb nettest -6 -D -r ${a}
3054 # should fail since loopback address is out of scope for a device
3055 # bound server, but it does not - hence this is more documenting
3058 #show_hint "Should fail since loopback address is out of scope"
3059 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3061 #run_cmd_nsb nettest -6 -D -r ${a}
3064 # negative test - should fail
3068 show_hint "Should fail 'Connection refused' since there is no server"
3069 run_cmd_nsb nettest -6 -D -r ${a}
3070 log_test_addr ${a} $? 1 "No server"
3079 run_cmd_nsb nettest -6 -D -s &
3081 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
3085 run_cmd_nsb nettest -6 -D -s &
3087 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
3091 run_cmd_nsb nettest -6 -D -s &
3093 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
3097 run_cmd_nsb nettest -6 -D -s &
3099 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
3104 run_cmd nettest -6 -D -r ${a}
3105 log_test_addr ${a} $? 1 "No server, unbound client"
3109 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3110 log_test_addr ${a} $? 1 "No server, device client"
3119 run_cmd nettest -6 -D -s &
3121 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3127 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
3129 run_cmd nettest -6 -D -r ${a}
3136 run_cmd nettest -6 -s -D -I ${NSA_DEV} &
3138 run_cmd nettest -6 -D -r ${a}
3144 run_cmd nettest -6 -s -D &
3146 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3150 run_cmd nettest -6 -s -D &
3152 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3156 run_cmd nettest -6 -s -D &
3158 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3164 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3165 run_cmd nettest -6 -D -s &
3167 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3171 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3172 run_cmd nettest -6 -D -s &
3174 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3178 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3179 run_cmd nettest -6 -D -s &
3181 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3185 show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
3186 run_cmd nettest -6 -D -s &
3188 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
3194 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3196 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3201 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3202 log_test_addr ${a} $? 1 "No server, device client, local conn"
3205 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3206 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3208 run_cmd nettest -6 -s -D &
3210 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3211 log_test $? 0 "UDP in - LLA to GUA"
3213 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3214 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3232 run_cmd nettest -6 -D -s &
3234 run_cmd_nsb nettest -6 -D -r ${a}
3241 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3243 run_cmd_nsb nettest -6 -D -r ${a}
3250 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3252 run_cmd_nsb nettest -6 -D -r ${a}
3256 # negative test - should fail
3260 show_hint "Should fail 'Connection refused' since there is no server"
3261 run_cmd_nsb nettest -6 -D -r ${a}
3262 log_test_addr ${a} $? 1 "No server"
3272 run_cmd nettest -6 -D -s &
3274 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3281 run_cmd nettest -6 -D -I ${VRF} -s &
3283 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3290 run_cmd nettest -6 -D -s &
3292 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3296 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3298 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3302 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3304 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3308 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3310 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3323 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3325 run_cmd_nsb nettest -6 -D -r ${a}
3332 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3334 run_cmd_nsb nettest -6 -D -r ${a}
3341 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3343 run_cmd_nsb nettest -6 -D -r ${a}
3347 # negative test - should fail
3351 run_cmd_nsb nettest -6 -D -r ${a}
3352 log_test_addr ${a} $? 1 "No server"
3359 run_cmd_nsb nettest -6 -D -s &
3361 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3364 # negative test - should fail
3366 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3367 log_test $? 1 "No server, VRF client"
3370 run_cmd_nsb nettest -6 -D -s &
3372 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3375 # negative test - should fail
3377 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3378 log_test $? 1 "No server, enslaved device client"
3385 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3387 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3391 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3393 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3399 run_cmd nettest -6 -D -s -3 ${VRF} &
3401 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3405 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
3407 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3410 # negative test - should fail
3414 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3415 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3421 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3423 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3427 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3429 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3433 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3435 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3439 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3441 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3445 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3446 log_test_addr ${a} $? 1 "No server, device client, local conn"
3451 run_cmd nettest -6 -D -s &
3453 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3457 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3458 log_test $? 1 "No server, linklocal IP"
3462 run_cmd_nsb nettest -6 -D -s &
3464 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3468 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3469 log_test $? 1 "No server, device client, peer linklocal IP"
3473 run_cmd nettest -6 -D -s &
3475 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3476 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3479 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3480 log_test $? 1 "No server, device client, local conn - linklocal IP"
3483 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3484 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3486 run_cmd nettest -6 -s -D &
3488 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3489 log_test $? 0 "UDP in - LLA to GUA"
3491 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3492 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3501 log_subsection "No VRF"
3504 # udp_l3mdev_accept should have no affect without VRF;
3529 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3533 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3542 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
3550 run_cmd nettest -6 -s -l ${a} -t1 -b
3554 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3558 # binding to an address not on the device. So this test passes
3563 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3575 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3579 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3585 show_hint "Address on loopback is out of VRF scope"
3586 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3594 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
3604 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3610 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3615 # is that the address is valid in the L3 domain. So this test
3620 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3625 show_hint "Address on loopback out of scope for VRF"
3626 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3630 show_hint "Address on loopback out of scope for device in VRF"
3631 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3640 log_subsection "No VRF"
3655 local varg="-6 $2"
3665 run_cmd nettest ${varg} -s &
3667 run_cmd_nsb nettest ${varg} -r ${a} &
3679 run_cmd nettest ${varg} -I ${VRF} -s &
3681 run_cmd_nsb nettest ${varg} -r ${a} &
3693 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3695 run_cmd_nsb nettest ${varg} -r ${a} &
3705 # client test
3708 run_cmd_nsb nettest ${varg} -s &
3710 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3719 run_cmd_nsb nettest ${varg} -s &
3721 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3736 run_cmd nettest ${varg} -s &
3738 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3750 run_cmd nettest ${varg} -I ${VRF} -s &
3752 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3763 run_cmd nettest ${varg} -s &
3765 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3774 run_cmd nettest ${varg} -I ${VRF} -s &
3776 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3785 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3787 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3801 run_cmd_nsb ${ping6} -f ${a} &
3805 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3810 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3814 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3819 log_section "Run time tests - ipv6"
3825 ipv6_rt "TCP active socket" "-n -1"
3828 ipv6_rt "TCP passive socket" "-i"
3831 ipv6_rt "UDP active socket" "-D -n -1"
3844 run_cmd nettest -s &
3846 run_cmd_nsb nettest -r ${a}
3847 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3857 [ "${stype}" = "UDP" ] && arg="-D"
3862 run_cmd nettest ${arg} -s &
3864 run_cmd_nsb nettest ${arg} -r ${a}
3865 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3875 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3883 run_cmd iptables -F
3884 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3885 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3891 iptables -F
3901 run_cmd nettest -6 -s &
3903 run_cmd_nsb nettest -6 -r ${a}
3904 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3914 [ "${stype}" = "UDP" ] && arg="$arg -D"
3919 run_cmd nettest -6 -s ${arg} &
3921 run_cmd_nsb nettest -6 ${arg} -r ${a}
3922 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3932 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3939 run_cmd ip6tables -F
3940 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3941 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
3947 ip6tables -F
3954 # ns-A device enslaved to bridge. Verify traffic with and without
3962 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
3966 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
3977 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3978 log_test $? 0 "Bridge into VRF - IPv4 ping out"
3981 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
3982 log_test $? 0 "Bridge into VRF - IPv6 ping out"
3985 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
3986 log_test $? 0 "Bridge into VRF - IPv4 ping in"
3989 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
3990 log_test $? 0 "Bridge into VRF - IPv6 ping in"
3993 if [ $? -eq 0 ]; then
3995 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
3996 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
3999 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
4000 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
4003 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
4004 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
4007 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
4008 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
4015 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
4019 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
4026 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
4027 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
4030 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
4031 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
4034 run_cmd_nsb ping -c1 -w1 172.16.101.1
4035 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4038 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4039 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4042 if [ $? -eq 0 ]; then
4044 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
4045 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
4048 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
4049 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
4052 run_cmd_nsb ping -c1 -w1 172.16.101.1
4053 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4056 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4057 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4065 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
4070 # only want reply from ns-A
4071 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4072 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4075 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4076 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
4078 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4079 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
4081 # cycle/flap the first ns-A interface
4087 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4088 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
4089 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4090 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
4092 # cycle/flap the second ns-A interface
4098 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4099 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
4100 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4101 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
4104 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
4105 # established with ns-B.
4112 …run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4113 …run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4115 run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
4117 run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
4120 run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
4122 run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
4126 …run_cmd iptables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4127 …run_cmd ip6tables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4149 -4 IPv4 tests only
4150 -6 IPv6 tests only
4151 -t <test> Test name/set to run
4152 -p Pause on fail
4153 -P Pause after each test
4154 -v Be verbose
4168 PAUSE_ON_FAIL=no
4169 PAUSE=no
4186 [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
4189 # show user test config
4191 if [ -z "$TESTS" ]; then
4208 declare -i nfail=0
4209 declare -i nsuccess=0
4241 if [ $nfail -ne 0 ]; then
4243 elif [ $nsuccess -eq 0 ]; then