search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
accel/qaic: Add AIC200 support
[drm/drm-misc.git] / tools / testing / selftests / net / vrf-xfrm-tests.sh
blobb64dd891699d3a4e1f915d0a3ea46dbc6371e156
1 #!/bin/bash
2 # SPDX-License-Identifier: GPL-2.0
3 #
4 # Various combinations of VRF with xfrms and qdisc.
5
6 source lib.sh
7 PAUSE_ON_FAIL=no
8 VERBOSE=0
9 ret=0
10
11 HOST1_4=192.168.1.1
12 HOST2_4=192.168.1.2
13 HOST1_6=2001:db8:1::1
14 HOST2_6=2001:db8:1::2
15
16 XFRM1_4=10.0.1.1
17 XFRM2_4=10.0.1.2
18 XFRM1_6=fc00:1000::1
19 XFRM2_6=fc00:1000::2
20 IF_ID=123
21
22 VRF=red
23 TABLE=300
24
25 AUTH_1=0xd94fcfea65fddf21dc6e0d24a0253508
26 AUTH_2=0xdc6e0d24a0253508d94fcfea65fddf21
27 ENC_1=0xfc46c20f8048be9725930ff3fb07ac2a91f0347dffeacf62
28 ENC_2=0x3fb07ac2a91f0347dffeacf62fc46c20f8048be9725930ff
29 SPI_1=0x02122b77
30 SPI_2=0x2b770212
31
32 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
33
34 ################################################################################
35 #
36 log_test()
37 {
38 local rc=$1
39 local expected=$2
40 local msg="$3"
41
42 if [ ${rc} -eq ${expected} ]; then
43 printf "TEST: %-60s [ OK ]\n" "${msg}"
44 nsuccess=$((nsuccess+1))
45 else
46 ret=1
47 nfail=$((nfail+1))
48 printf "TEST: %-60s [FAIL]\n" "${msg}"
49 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
50 echo
51 echo "hit enter to continue, 'q' to quit"
52 read a
53 [ "$a" = "q" ] && exit 1
54 fi
55 fi
56 }
57
58 run_cmd_host1()
59 {
60 local cmd="$*"
61 local out
62 local rc
63
64 if [ "$VERBOSE" = "1" ]; then
65 printf " COMMAND: $cmd\n"
66 fi
67
68 out=$(eval ip netns exec $host1 $cmd 2>&1)
69 rc=$?
70 if [ "$VERBOSE" = "1" ]; then
71 if [ -n "$out" ]; then
72 echo
73 echo " $out"
74 fi
75 echo
76 fi
77
78 return $rc
79 }
80
81 ################################################################################
82 # create namespaces for hosts and sws
83
84 create_vrf()
85 {
86 local ns=$1
87 local vrf=$2
88 local table=$3
89
90 if [ -n "${ns}" ]; then
91 ns="-netns ${ns}"
92 fi
93
94 ip ${ns} link add ${vrf} type vrf table ${table}
95 ip ${ns} link set ${vrf} up
96 ip ${ns} route add vrf ${vrf} unreachable default metric 8192
97 ip ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
98
99 ip ${ns} addr add 127.0.0.1/8 dev ${vrf}
100 ip ${ns} -6 addr add ::1 dev ${vrf} nodad
101
102 ip ${ns} ru del pref 0
103 ip ${ns} ru add pref 32765 from all lookup local
104 ip ${ns} -6 ru del pref 0
105 ip ${ns} -6 ru add pref 32765 from all lookup local
106 }
107
108 create_ns()
109 {
110 local ns=$1
111 local addr=$2
112 local addr6=$3
113
114 [ -z "${addr}" ] && addr="-"
115 [ -z "${addr6}" ] && addr6="-"
116
117 if [ "${addr}" != "-" ]; then
118 ip -netns ${ns} addr add dev lo ${addr}
119 fi
120 if [ "${addr6}" != "-" ]; then
121 ip -netns ${ns} -6 addr add dev lo ${addr6}
122 fi
123
124 ip -netns ${ns} ro add unreachable default metric 8192
125 ip -netns ${ns} -6 ro add unreachable default metric 8192
126
127 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
128 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
129 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
130 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
131 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.accept_dad=0
132 }
133
134 # create veth pair to connect namespaces and apply addresses.
135 connect_ns()
136 {
137 local ns1=$1
138 local ns1_dev=$2
139 local ns1_addr=$3
140 local ns1_addr6=$4
141 local ns2=$5
142 local ns2_dev=$6
143 local ns2_addr=$7
144 local ns2_addr6=$8
145 local ns1arg
146 local ns2arg
147
148 if [ -n "${ns1}" ]; then
149 ns1arg="-netns ${ns1}"
150 fi
151 if [ -n "${ns2}" ]; then
152 ns2arg="-netns ${ns2}"
153 fi
154
155 ip ${ns1arg} li add ${ns1_dev} type veth peer name tmp
156 ip ${ns1arg} li set ${ns1_dev} up
157 ip ${ns1arg} li set tmp netns ${ns2} name ${ns2_dev}
158 ip ${ns2arg} li set ${ns2_dev} up
159
160 if [ "${ns1_addr}" != "-" ]; then
161 ip ${ns1arg} addr add dev ${ns1_dev} ${ns1_addr}
162 ip ${ns2arg} addr add dev ${ns2_dev} ${ns2_addr}
163 fi
164
165 if [ "${ns1_addr6}" != "-" ]; then
166 ip ${ns1arg} addr add dev ${ns1_dev} ${ns1_addr6} nodad
167 ip ${ns2arg} addr add dev ${ns2_dev} ${ns2_addr6} nodad
168 fi
169 }
170
171 ################################################################################
172
173 cleanup()
174 {
175 cleanup_ns $host1 $host2
176 }
177
178 setup()
179 {
180 setup_ns host1 host2
181 create_ns "$host1"
182 create_ns "$host2"
183
184 connect_ns "$host1" eth0 ${HOST1_4}/24 ${HOST1_6}/64 \
185 "$host2" eth0 ${HOST2_4}/24 ${HOST2_6}/64
186
187 create_vrf "$host1" ${VRF} ${TABLE}
188 ip -netns $host1 link set dev eth0 master ${VRF}
189 }
190
191 cleanup_xfrm()
192 {
193 for ns in $host1 $host2
194 do
195 for x in state policy
196 do
197 ip -netns ${ns} xfrm ${x} flush
198 ip -6 -netns ${ns} xfrm ${x} flush
199 done
200 done
201 }
202
203 setup_xfrm()
204 {
205 local h1_4=$1
206 local h2_4=$2
207 local h1_6=$3
208 local h2_6=$4
209 local devarg="$5"
210
211 #
212 # policy
213 #
214
215 # host1 - IPv4 out
216 ip -netns $host1 xfrm policy add \
217 src ${h1_4} dst ${h2_4} ${devarg} dir out \
218 tmpl src ${HOST1_4} dst ${HOST2_4} proto esp mode tunnel
219
220 # host2 - IPv4 in
221 ip -netns $host2 xfrm policy add \
222 src ${h1_4} dst ${h2_4} dir in \
223 tmpl src ${HOST1_4} dst ${HOST2_4} proto esp mode tunnel
224
225 # host1 - IPv4 in
226 ip -netns $host1 xfrm policy add \
227 src ${h2_4} dst ${h1_4} ${devarg} dir in \
228 tmpl src ${HOST2_4} dst ${HOST1_4} proto esp mode tunnel
229
230 # host2 - IPv4 out
231 ip -netns $host2 xfrm policy add \
232 src ${h2_4} dst ${h1_4} dir out \
233 tmpl src ${HOST2_4} dst ${HOST1_4} proto esp mode tunnel
234
235
236 # host1 - IPv6 out
237 ip -6 -netns $host1 xfrm policy add \
238 src ${h1_6} dst ${h2_6} ${devarg} dir out \
239 tmpl src ${HOST1_6} dst ${HOST2_6} proto esp mode tunnel
240
241 # host2 - IPv6 in
242 ip -6 -netns $host2 xfrm policy add \
243 src ${h1_6} dst ${h2_6} dir in \
244 tmpl src ${HOST1_6} dst ${HOST2_6} proto esp mode tunnel
245
246 # host1 - IPv6 in
247 ip -6 -netns $host1 xfrm policy add \
248 src ${h2_6} dst ${h1_6} ${devarg} dir in \
249 tmpl src ${HOST2_6} dst ${HOST1_6} proto esp mode tunnel
250
251 # host2 - IPv6 out
252 ip -6 -netns $host2 xfrm policy add \
253 src ${h2_6} dst ${h1_6} dir out \
254 tmpl src ${HOST2_6} dst ${HOST1_6} proto esp mode tunnel
255
256 #
257 # state
258 #
259 ip -netns $host1 xfrm state add src ${HOST1_4} dst ${HOST2_4} \
260 proto esp spi ${SPI_1} reqid 0 mode tunnel \
261 replay-window 4 replay-oseq 0x4 \
262 auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \
263 enc 'cbc(aes)' ${ENC_1} \
264 sel src ${h1_4} dst ${h2_4} ${devarg}
265
266 ip -netns $host2 xfrm state add src ${HOST1_4} dst ${HOST2_4} \
267 proto esp spi ${SPI_1} reqid 0 mode tunnel \
268 replay-window 4 replay-oseq 0x4 \
269 auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \
270 enc 'cbc(aes)' ${ENC_1} \
271 sel src ${h1_4} dst ${h2_4}
272
273
274 ip -netns $host1 xfrm state add src ${HOST2_4} dst ${HOST1_4} \
275 proto esp spi ${SPI_2} reqid 0 mode tunnel \
276 replay-window 4 replay-oseq 0x4 \
277 auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \
278 enc 'cbc(aes)' ${ENC_2} \
279 sel src ${h2_4} dst ${h1_4} ${devarg}
280
281 ip -netns $host2 xfrm state add src ${HOST2_4} dst ${HOST1_4} \
282 proto esp spi ${SPI_2} reqid 0 mode tunnel \
283 replay-window 4 replay-oseq 0x4 \
284 auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \
285 enc 'cbc(aes)' ${ENC_2} \
286 sel src ${h2_4} dst ${h1_4}
287
288
289 ip -6 -netns $host1 xfrm state add src ${HOST1_6} dst ${HOST2_6} \
290 proto esp spi ${SPI_1} reqid 0 mode tunnel \
291 replay-window 4 replay-oseq 0x4 \
292 auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \
293 enc 'cbc(aes)' ${ENC_1} \
294 sel src ${h1_6} dst ${h2_6} ${devarg}
295
296 ip -6 -netns $host2 xfrm state add src ${HOST1_6} dst ${HOST2_6} \
297 proto esp spi ${SPI_1} reqid 0 mode tunnel \
298 replay-window 4 replay-oseq 0x4 \
299 auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \
300 enc 'cbc(aes)' ${ENC_1} \
301 sel src ${h1_6} dst ${h2_6}
302
303
304 ip -6 -netns $host1 xfrm state add src ${HOST2_6} dst ${HOST1_6} \
305 proto esp spi ${SPI_2} reqid 0 mode tunnel \
306 replay-window 4 replay-oseq 0x4 \
307 auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \
308 enc 'cbc(aes)' ${ENC_2} \
309 sel src ${h2_6} dst ${h1_6} ${devarg}
310
311 ip -6 -netns $host2 xfrm state add src ${HOST2_6} dst ${HOST1_6} \
312 proto esp spi ${SPI_2} reqid 0 mode tunnel \
313 replay-window 4 replay-oseq 0x4 \
314 auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \
315 enc 'cbc(aes)' ${ENC_2} \
316 sel src ${h2_6} dst ${h1_6}
317 }
318
319 cleanup_xfrm_dev()
320 {
321 ip -netns $host1 li del xfrm0
322 ip -netns $host2 addr del ${XFRM2_4}/24 dev eth0
323 ip -netns $host2 addr del ${XFRM2_6}/64 dev eth0
324 }
325
326 setup_xfrm_dev()
327 {
328 local vrfarg="vrf ${VRF}"
329
330 ip -netns $host1 li add type xfrm dev eth0 if_id ${IF_ID}
331 ip -netns $host1 li set xfrm0 ${vrfarg} up
332 ip -netns $host1 addr add ${XFRM1_4}/24 dev xfrm0
333 ip -netns $host1 addr add ${XFRM1_6}/64 dev xfrm0
334
335 ip -netns $host2 addr add ${XFRM2_4}/24 dev eth0
336 ip -netns $host2 addr add ${XFRM2_6}/64 dev eth0
337
338 setup_xfrm ${XFRM1_4} ${XFRM2_4} ${XFRM1_6} ${XFRM2_6} "if_id ${IF_ID}"
339 }
340
341 run_tests()
342 {
343 cleanup_xfrm
344
345 # no IPsec
346 run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
347 log_test $? 0 "IPv4 no xfrm policy"
348 run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
349 log_test $? 0 "IPv6 no xfrm policy"
350
351 # xfrm without VRF in sel
352 setup_xfrm ${HOST1_4} ${HOST2_4} ${HOST1_6} ${HOST2_6}
353 run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
354 log_test $? 0 "IPv4 xfrm policy based on address"
355 run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
356 log_test $? 0 "IPv6 xfrm policy based on address"
357 cleanup_xfrm
358
359 # xfrm with VRF in sel
360 # Known failure: ipv4 resets the flow oif after the lookup. Fix is
361 # not straightforward.
362 # setup_xfrm ${HOST1_4} ${HOST2_4} ${HOST1_6} ${HOST2_6} "dev ${VRF}"
363 # run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
364 # log_test $? 0 "IPv4 xfrm policy with VRF in selector"
365 run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
366 log_test $? 0 "IPv6 xfrm policy with VRF in selector"
367 cleanup_xfrm
368
369 # xfrm with enslaved device in sel
370 # Known failures: combined with the above, __xfrm{4,6}_selector_match
371 # needs to consider both l3mdev and enslaved device index.
372 # setup_xfrm ${HOST1_4} ${HOST2_4} ${HOST1_6} ${HOST2_6} "dev eth0"
373 # run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
374 # log_test $? 0 "IPv4 xfrm policy with enslaved device in selector"
375 # run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
376 # log_test $? 0 "IPv6 xfrm policy with enslaved device in selector"
377 # cleanup_xfrm
378
379 # xfrm device
380 setup_xfrm_dev
381 run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${XFRM2_4}
382 log_test $? 0 "IPv4 xfrm policy with xfrm device"
383 run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${XFRM2_6}
384 log_test $? 0 "IPv6 xfrm policy with xfrm device"
385 cleanup_xfrm_dev
386 }
387
388 ################################################################################
389 # usage
390
391 usage()
392 {
393 cat <<EOF
394 usage: ${0##*/} OPTS
395
396 -p Pause on fail
397 -v verbose mode (show commands and output)
398
399 done
400 EOF
401 }
402
403 ################################################################################
404 # main
405
406 while getopts :pv o
407 do
408 case $o in
409 p) PAUSE_ON_FAIL=yes;;
410 v) VERBOSE=$(($VERBOSE + 1));;
411 h) usage; exit 0;;
412 *) usage; exit 1;;
413 esac
414 done
415
416 cleanup 2>/dev/null
417 setup
418
419 echo
420 echo "No qdisc on VRF device"
421 run_tests
422
423 run_cmd_host1 tc qdisc add dev ${VRF} root netem delay 100ms
424 echo
425 echo "netem qdisc on VRF device"
426 run_tests
427
428 printf "\nTests passed: %3d\n" ${nsuccess}
429 printf "Tests failed: %3d\n" ${nfail}
430
431 exit $ret
Kernel DRM miscellaneous fixes and cross-tree changes