search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WIP FPC-III support
[linux/fpc-iii.git] / tools / testing / selftests / bpf / test_tunnel.sh
blob1ccbe804e8e1cbd0db34b2a68fbd3b996cd98c2c
1 #!/bin/bash
2 # SPDX-License-Identifier: GPL-2.0
3
4 # End-to-end eBPF tunnel test suite
5 # The script tests BPF network tunnel implementation.
6 #
7 # Topology:
8 # ---------
9 # root namespace | at_ns0 namespace
10 # |
11 # ----------- | -----------
12 # | tnl dev | | | tnl dev | (overlay network)
13 # ----------- | -----------
14 # metadata-mode | native-mode
15 # with bpf |
16 # |
17 # ---------- | ----------
18 # | veth1 | --------- | veth0 | (underlay network)
19 # ---------- peer ----------
20 #
21 #
22 # Device Configuration
23 # --------------------
24 # Root namespace with metadata-mode tunnel + BPF
25 # Device names and addresses:
26 # veth1 IP: 172.16.1.200, IPv6: 00::22 (underlay)
27 # tunnel dev <type>11, ex: gre11, IPv4: 10.1.1.200, IPv6: 1::22 (overlay)
28 #
29 # Namespace at_ns0 with native tunnel
30 # Device names and addresses:
31 # veth0 IPv4: 172.16.1.100, IPv6: 00::11 (underlay)
32 # tunnel dev <type>00, ex: gre00, IPv4: 10.1.1.100, IPv6: 1::11 (overlay)
33 #
34 #
35 # End-to-end ping packet flow
36 # ---------------------------
37 # Most of the tests start by namespace creation, device configuration,
38 # then ping the underlay and overlay network. When doing 'ping 10.1.1.100'
39 # from root namespace, the following operations happen:
40 # 1) Route lookup shows 10.1.1.100/24 belongs to tnl dev, fwd to tnl dev.
41 # 2) Tnl device's egress BPF program is triggered and set the tunnel metadata,
42 # with remote_ip=172.16.1.200 and others.
43 # 3) Outer tunnel header is prepended and route the packet to veth1's egress
44 # 4) veth0's ingress queue receive the tunneled packet at namespace at_ns0
45 # 5) Tunnel protocol handler, ex: vxlan_rcv, decap the packet
46 # 6) Forward the packet to the overlay tnl dev
47
48 PING_ARG="-c 3 -w 10 -q"
49 ret=0
50 GREEN='\033[0;92m'
51 RED='\033[0;31m'
52 NC='\033[0m' # No Color
53
54 config_device()
55 {
56 ip netns add at_ns0
57 ip link add veth0 type veth peer name veth1
58 ip link set veth0 netns at_ns0
59 ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0
60 ip netns exec at_ns0 ip link set dev veth0 up
61 ip link set dev veth1 up mtu 1500
62 ip addr add dev veth1 172.16.1.200/24
63 }
64
65 add_gre_tunnel()
66 {
67 # at_ns0 namespace
68 ip netns exec at_ns0 \
69 ip link add dev $DEV_NS type $TYPE seq key 2 \
70 local 172.16.1.100 remote 172.16.1.200
71 ip netns exec at_ns0 ip link set dev $DEV_NS up
72 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
73
74 # root namespace
75 ip link add dev $DEV type $TYPE key 2 external
76 ip link set dev $DEV up
77 ip addr add dev $DEV 10.1.1.200/24
78 }
79
80 add_ip6gretap_tunnel()
81 {
82
83 # assign ipv6 address
84 ip netns exec at_ns0 ip addr add ::11/96 dev veth0
85 ip netns exec at_ns0 ip link set dev veth0 up
86 ip addr add dev veth1 ::22/96
87 ip link set dev veth1 up
88
89 # at_ns0 namespace
90 ip netns exec at_ns0 \
91 ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \
92 local ::11 remote ::22
93
94 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
95 ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
96 ip netns exec at_ns0 ip link set dev $DEV_NS up
97
98 # root namespace
99 ip link add dev $DEV type $TYPE external
100 ip addr add dev $DEV 10.1.1.200/24
101 ip addr add dev $DEV fc80::200/24
102 ip link set dev $DEV up
103 }
104
105 add_erspan_tunnel()
106 {
107 # at_ns0 namespace
108 if [ "$1" == "v1" ]; then
109 ip netns exec at_ns0 \
110 ip link add dev $DEV_NS type $TYPE seq key 2 \
111 local 172.16.1.100 remote 172.16.1.200 \
112 erspan_ver 1 erspan 123
113 else
114 ip netns exec at_ns0 \
115 ip link add dev $DEV_NS type $TYPE seq key 2 \
116 local 172.16.1.100 remote 172.16.1.200 \
117 erspan_ver 2 erspan_dir egress erspan_hwid 3
118 fi
119 ip netns exec at_ns0 ip link set dev $DEV_NS up
120 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
121
122 # root namespace
123 ip link add dev $DEV type $TYPE external
124 ip link set dev $DEV up
125 ip addr add dev $DEV 10.1.1.200/24
126 }
127
128 add_ip6erspan_tunnel()
129 {
130
131 # assign ipv6 address
132 ip netns exec at_ns0 ip addr add ::11/96 dev veth0
133 ip netns exec at_ns0 ip link set dev veth0 up
134 ip addr add dev veth1 ::22/96
135 ip link set dev veth1 up
136
137 # at_ns0 namespace
138 if [ "$1" == "v1" ]; then
139 ip netns exec at_ns0 \
140 ip link add dev $DEV_NS type $TYPE seq key 2 \
141 local ::11 remote ::22 \
142 erspan_ver 1 erspan 123
143 else
144 ip netns exec at_ns0 \
145 ip link add dev $DEV_NS type $TYPE seq key 2 \
146 local ::11 remote ::22 \
147 erspan_ver 2 erspan_dir egress erspan_hwid 7
148 fi
149 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
150 ip netns exec at_ns0 ip link set dev $DEV_NS up
151
152 # root namespace
153 ip link add dev $DEV type $TYPE external
154 ip addr add dev $DEV 10.1.1.200/24
155 ip link set dev $DEV up
156 }
157
158 add_vxlan_tunnel()
159 {
160 # Set static ARP entry here because iptables set-mark works
161 # on L3 packet, as a result not applying to ARP packets,
162 # causing errors at get_tunnel_{key/opt}.
163
164 # at_ns0 namespace
165 ip netns exec at_ns0 \
166 ip link add dev $DEV_NS type $TYPE \
167 id 2 dstport 4789 gbp remote 172.16.1.200
168 ip netns exec at_ns0 \
169 ip link set dev $DEV_NS address 52:54:00:d9:01:00 up
170 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
171 ip netns exec at_ns0 arp -s 10.1.1.200 52:54:00:d9:02:00
172 ip netns exec at_ns0 iptables -A OUTPUT -j MARK --set-mark 0x800FF
173
174 # root namespace
175 ip link add dev $DEV type $TYPE external gbp dstport 4789
176 ip link set dev $DEV address 52:54:00:d9:02:00 up
177 ip addr add dev $DEV 10.1.1.200/24
178 arp -s 10.1.1.100 52:54:00:d9:01:00
179 }
180
181 add_ip6vxlan_tunnel()
182 {
183 #ip netns exec at_ns0 ip -4 addr del 172.16.1.100 dev veth0
184 ip netns exec at_ns0 ip -6 addr add ::11/96 dev veth0
185 ip netns exec at_ns0 ip link set dev veth0 up
186 #ip -4 addr del 172.16.1.200 dev veth1
187 ip -6 addr add dev veth1 ::22/96
188 ip link set dev veth1 up
189
190 # at_ns0 namespace
191 ip netns exec at_ns0 \
192 ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \
193 local ::11 remote ::22
194 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
195 ip netns exec at_ns0 ip link set dev $DEV_NS up
196
197 # root namespace
198 ip link add dev $DEV type $TYPE external dstport 4789
199 ip addr add dev $DEV 10.1.1.200/24
200 ip link set dev $DEV up
201 }
202
203 add_geneve_tunnel()
204 {
205 # at_ns0 namespace
206 ip netns exec at_ns0 \
207 ip link add dev $DEV_NS type $TYPE \
208 id 2 dstport 6081 remote 172.16.1.200
209 ip netns exec at_ns0 ip link set dev $DEV_NS up
210 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
211
212 # root namespace
213 ip link add dev $DEV type $TYPE dstport 6081 external
214 ip link set dev $DEV up
215 ip addr add dev $DEV 10.1.1.200/24
216 }
217
218 add_ip6geneve_tunnel()
219 {
220 ip netns exec at_ns0 ip addr add ::11/96 dev veth0
221 ip netns exec at_ns0 ip link set dev veth0 up
222 ip addr add dev veth1 ::22/96
223 ip link set dev veth1 up
224
225 # at_ns0 namespace
226 ip netns exec at_ns0 \
227 ip link add dev $DEV_NS type $TYPE id 22 \
228 remote ::22 # geneve has no local option
229 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
230 ip netns exec at_ns0 ip link set dev $DEV_NS up
231
232 # root namespace
233 ip link add dev $DEV type $TYPE external
234 ip addr add dev $DEV 10.1.1.200/24
235 ip link set dev $DEV up
236 }
237
238 add_ipip_tunnel()
239 {
240 # at_ns0 namespace
241 ip netns exec at_ns0 \
242 ip link add dev $DEV_NS type $TYPE \
243 local 172.16.1.100 remote 172.16.1.200
244 ip netns exec at_ns0 ip link set dev $DEV_NS up
245 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
246
247 # root namespace
248 ip link add dev $DEV type $TYPE external
249 ip link set dev $DEV up
250 ip addr add dev $DEV 10.1.1.200/24
251 }
252
253 add_ip6tnl_tunnel()
254 {
255 ip netns exec at_ns0 ip addr add ::11/96 dev veth0
256 ip netns exec at_ns0 ip link set dev veth0 up
257 ip addr add dev veth1 ::22/96
258 ip link set dev veth1 up
259
260 # at_ns0 namespace
261 ip netns exec at_ns0 \
262 ip link add dev $DEV_NS type $TYPE \
263 local ::11 remote ::22
264 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
265 ip netns exec at_ns0 ip addr add dev $DEV_NS 1::11/96
266 ip netns exec at_ns0 ip link set dev $DEV_NS up
267
268 # root namespace
269 ip link add dev $DEV type $TYPE external
270 ip addr add dev $DEV 10.1.1.200/24
271 ip addr add dev $DEV 1::22/96
272 ip link set dev $DEV up
273 }
274
275 test_gre()
276 {
277 TYPE=gretap
278 DEV_NS=gretap00
279 DEV=gretap11
280 ret=0
281
282 check $TYPE
283 config_device
284 add_gre_tunnel
285 attach_bpf $DEV gre_set_tunnel gre_get_tunnel
286 ping $PING_ARG 10.1.1.100
287 check_err $?
288 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
289 check_err $?
290 cleanup
291
292 if [ $ret -ne 0 ]; then
293 echo -e ${RED}"FAIL: $TYPE"${NC}
294 return 1
295 fi
296 echo -e ${GREEN}"PASS: $TYPE"${NC}
297 }
298
299 test_ip6gre()
300 {
301 TYPE=ip6gre
302 DEV_NS=ip6gre00
303 DEV=ip6gre11
304 ret=0
305
306 check $TYPE
307 config_device
308 # reuse the ip6gretap function
309 add_ip6gretap_tunnel
310 attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
311 # underlay
312 ping6 $PING_ARG ::11
313 # overlay: ipv4 over ipv6
314 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
315 ping $PING_ARG 10.1.1.100
316 check_err $?
317 # overlay: ipv6 over ipv6
318 ip netns exec at_ns0 ping6 $PING_ARG fc80::200
319 check_err $?
320 cleanup
321
322 if [ $ret -ne 0 ]; then
323 echo -e ${RED}"FAIL: $TYPE"${NC}
324 return 1
325 fi
326 echo -e ${GREEN}"PASS: $TYPE"${NC}
327 }
328
329 test_ip6gretap()
330 {
331 TYPE=ip6gretap
332 DEV_NS=ip6gretap00
333 DEV=ip6gretap11
334 ret=0
335
336 check $TYPE
337 config_device
338 add_ip6gretap_tunnel
339 attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
340 # underlay
341 ping6 $PING_ARG ::11
342 # overlay: ipv4 over ipv6
343 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
344 ping $PING_ARG 10.1.1.100
345 check_err $?
346 # overlay: ipv6 over ipv6
347 ip netns exec at_ns0 ping6 $PING_ARG fc80::200
348 check_err $?
349 cleanup
350
351 if [ $ret -ne 0 ]; then
352 echo -e ${RED}"FAIL: $TYPE"${NC}
353 return 1
354 fi
355 echo -e ${GREEN}"PASS: $TYPE"${NC}
356 }
357
358 test_erspan()
359 {
360 TYPE=erspan
361 DEV_NS=erspan00
362 DEV=erspan11
363 ret=0
364
365 check $TYPE
366 config_device
367 add_erspan_tunnel $1
368 attach_bpf $DEV erspan_set_tunnel erspan_get_tunnel
369 ping $PING_ARG 10.1.1.100
370 check_err $?
371 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
372 check_err $?
373 cleanup
374
375 if [ $ret -ne 0 ]; then
376 echo -e ${RED}"FAIL: $TYPE"${NC}
377 return 1
378 fi
379 echo -e ${GREEN}"PASS: $TYPE"${NC}
380 }
381
382 test_ip6erspan()
383 {
384 TYPE=ip6erspan
385 DEV_NS=ip6erspan00
386 DEV=ip6erspan11
387 ret=0
388
389 check $TYPE
390 config_device
391 add_ip6erspan_tunnel $1
392 attach_bpf $DEV ip4ip6erspan_set_tunnel ip4ip6erspan_get_tunnel
393 ping6 $PING_ARG ::11
394 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
395 check_err $?
396 cleanup
397
398 if [ $ret -ne 0 ]; then
399 echo -e ${RED}"FAIL: $TYPE"${NC}
400 return 1
401 fi
402 echo -e ${GREEN}"PASS: $TYPE"${NC}
403 }
404
405 test_vxlan()
406 {
407 TYPE=vxlan
408 DEV_NS=vxlan00
409 DEV=vxlan11
410 ret=0
411
412 check $TYPE
413 config_device
414 add_vxlan_tunnel
415 attach_bpf $DEV vxlan_set_tunnel vxlan_get_tunnel
416 ping $PING_ARG 10.1.1.100
417 check_err $?
418 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
419 check_err $?
420 cleanup
421
422 if [ $ret -ne 0 ]; then
423 echo -e ${RED}"FAIL: $TYPE"${NC}
424 return 1
425 fi
426 echo -e ${GREEN}"PASS: $TYPE"${NC}
427 }
428
429 test_ip6vxlan()
430 {
431 TYPE=vxlan
432 DEV_NS=ip6vxlan00
433 DEV=ip6vxlan11
434 ret=0
435
436 check $TYPE
437 config_device
438 add_ip6vxlan_tunnel
439 ip link set dev veth1 mtu 1500
440 attach_bpf $DEV ip6vxlan_set_tunnel ip6vxlan_get_tunnel
441 # underlay
442 ping6 $PING_ARG ::11
443 # ip4 over ip6
444 ping $PING_ARG 10.1.1.100
445 check_err $?
446 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
447 check_err $?
448 cleanup
449
450 if [ $ret -ne 0 ]; then
451 echo -e ${RED}"FAIL: ip6$TYPE"${NC}
452 return 1
453 fi
454 echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
455 }
456
457 test_geneve()
458 {
459 TYPE=geneve
460 DEV_NS=geneve00
461 DEV=geneve11
462 ret=0
463
464 check $TYPE
465 config_device
466 add_geneve_tunnel
467 attach_bpf $DEV geneve_set_tunnel geneve_get_tunnel
468 ping $PING_ARG 10.1.1.100
469 check_err $?
470 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
471 check_err $?
472 cleanup
473
474 if [ $ret -ne 0 ]; then
475 echo -e ${RED}"FAIL: $TYPE"${NC}
476 return 1
477 fi
478 echo -e ${GREEN}"PASS: $TYPE"${NC}
479 }
480
481 test_ip6geneve()
482 {
483 TYPE=geneve
484 DEV_NS=ip6geneve00
485 DEV=ip6geneve11
486 ret=0
487
488 check $TYPE
489 config_device
490 add_ip6geneve_tunnel
491 attach_bpf $DEV ip6geneve_set_tunnel ip6geneve_get_tunnel
492 ping $PING_ARG 10.1.1.100
493 check_err $?
494 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
495 check_err $?
496 cleanup
497
498 if [ $ret -ne 0 ]; then
499 echo -e ${RED}"FAIL: ip6$TYPE"${NC}
500 return 1
501 fi
502 echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
503 }
504
505 test_ipip()
506 {
507 TYPE=ipip
508 DEV_NS=ipip00
509 DEV=ipip11
510 ret=0
511
512 check $TYPE
513 config_device
514 add_ipip_tunnel
515 ip link set dev veth1 mtu 1500
516 attach_bpf $DEV ipip_set_tunnel ipip_get_tunnel
517 ping $PING_ARG 10.1.1.100
518 check_err $?
519 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
520 check_err $?
521 cleanup
522
523 if [ $ret -ne 0 ]; then
524 echo -e ${RED}"FAIL: $TYPE"${NC}
525 return 1
526 fi
527 echo -e ${GREEN}"PASS: $TYPE"${NC}
528 }
529
530 test_ipip6()
531 {
532 TYPE=ip6tnl
533 DEV_NS=ipip6tnl00
534 DEV=ipip6tnl11
535 ret=0
536
537 check $TYPE
538 config_device
539 add_ip6tnl_tunnel
540 ip link set dev veth1 mtu 1500
541 attach_bpf $DEV ipip6_set_tunnel ipip6_get_tunnel
542 # underlay
543 ping6 $PING_ARG ::11
544 # ip4 over ip6
545 ping $PING_ARG 10.1.1.100
546 check_err $?
547 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
548 check_err $?
549 cleanup
550
551 if [ $ret -ne 0 ]; then
552 echo -e ${RED}"FAIL: $TYPE"${NC}
553 return 1
554 fi
555 echo -e ${GREEN}"PASS: $TYPE"${NC}
556 }
557
558 test_ip6ip6()
559 {
560 TYPE=ip6tnl
561 DEV_NS=ip6ip6tnl00
562 DEV=ip6ip6tnl11
563 ret=0
564
565 check $TYPE
566 config_device
567 add_ip6tnl_tunnel
568 ip link set dev veth1 mtu 1500
569 attach_bpf $DEV ip6ip6_set_tunnel ip6ip6_get_tunnel
570 # underlay
571 ping6 $PING_ARG ::11
572 # ip6 over ip6
573 ping6 $PING_ARG 1::11
574 check_err $?
575 ip netns exec at_ns0 ping6 $PING_ARG 1::22
576 check_err $?
577 cleanup
578
579 if [ $ret -ne 0 ]; then
580 echo -e ${RED}"FAIL: ip6$TYPE"${NC}
581 return 1
582 fi
583 echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
584 }
585
586 setup_xfrm_tunnel()
587 {
588 auth=0x$(printf '1%.0s' {1..40})
589 enc=0x$(printf '2%.0s' {1..32})
590 spi_in_to_out=0x1
591 spi_out_to_in=0x2
592 # at_ns0 namespace
593 # at_ns0 -> root
594 ip netns exec at_ns0 \
595 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
596 spi $spi_in_to_out reqid 1 mode tunnel \
597 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
598 ip netns exec at_ns0 \
599 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \
600 tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \
601 mode tunnel
602 # root -> at_ns0
603 ip netns exec at_ns0 \
604 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
605 spi $spi_out_to_in reqid 2 mode tunnel \
606 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
607 ip netns exec at_ns0 \
608 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \
609 tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \
610 mode tunnel
611 # address & route
612 ip netns exec at_ns0 \
613 ip addr add dev veth0 10.1.1.100/32
614 ip netns exec at_ns0 \
615 ip route add 10.1.1.200 dev veth0 via 172.16.1.200 \
616 src 10.1.1.100
617
618 # root namespace
619 # at_ns0 -> root
620 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
621 spi $spi_in_to_out reqid 1 mode tunnel \
622 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
623 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \
624 tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \
625 mode tunnel
626 # root -> at_ns0
627 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
628 spi $spi_out_to_in reqid 2 mode tunnel \
629 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc
630 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \
631 tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \
632 mode tunnel
633 # address & route
634 ip addr add dev veth1 10.1.1.200/32
635 ip route add 10.1.1.100 dev veth1 via 172.16.1.100 src 10.1.1.200
636 }
637
638 test_xfrm_tunnel()
639 {
640 config_device
641 > /sys/kernel/debug/tracing/trace
642 setup_xfrm_tunnel
643 tc qdisc add dev veth1 clsact
644 tc filter add dev veth1 proto ip ingress bpf da obj test_tunnel_kern.o \
645 sec xfrm_get_state
646 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
647 sleep 1
648 grep "reqid 1" /sys/kernel/debug/tracing/trace
649 check_err $?
650 grep "spi 0x1" /sys/kernel/debug/tracing/trace
651 check_err $?
652 grep "remote ip 0xac100164" /sys/kernel/debug/tracing/trace
653 check_err $?
654 cleanup
655
656 if [ $ret -ne 0 ]; then
657 echo -e ${RED}"FAIL: xfrm tunnel"${NC}
658 return 1
659 fi
660 echo -e ${GREEN}"PASS: xfrm tunnel"${NC}
661 }
662
663 attach_bpf()
664 {
665 DEV=$1
666 SET=$2
667 GET=$3
668 tc qdisc add dev $DEV clsact
669 tc filter add dev $DEV egress bpf da obj test_tunnel_kern.o sec $SET
670 tc filter add dev $DEV ingress bpf da obj test_tunnel_kern.o sec $GET
671 }
672
673 cleanup()
674 {
675 ip netns delete at_ns0 2> /dev/null
676 ip link del veth1 2> /dev/null
677 ip link del ipip11 2> /dev/null
678 ip link del ipip6tnl11 2> /dev/null
679 ip link del ip6ip6tnl11 2> /dev/null
680 ip link del gretap11 2> /dev/null
681 ip link del ip6gre11 2> /dev/null
682 ip link del ip6gretap11 2> /dev/null
683 ip link del vxlan11 2> /dev/null
684 ip link del ip6vxlan11 2> /dev/null
685 ip link del geneve11 2> /dev/null
686 ip link del ip6geneve11 2> /dev/null
687 ip link del erspan11 2> /dev/null
688 ip link del ip6erspan11 2> /dev/null
689 ip xfrm policy delete dir out src 10.1.1.200/32 dst 10.1.1.100/32 2> /dev/null
690 ip xfrm policy delete dir in src 10.1.1.100/32 dst 10.1.1.200/32 2> /dev/null
691 ip xfrm state delete src 172.16.1.100 dst 172.16.1.200 proto esp spi 0x1 2> /dev/null
692 ip xfrm state delete src 172.16.1.200 dst 172.16.1.100 proto esp spi 0x2 2> /dev/null
693 }
694
695 cleanup_exit()
696 {
697 echo "CATCH SIGKILL or SIGINT, cleanup and exit"
698 cleanup
699 exit 0
700 }
701
702 check()
703 {
704 ip link help 2>&1 | grep -q "\s$1\s"
705 if [ $? -ne 0 ];then
706 echo "SKIP $1: iproute2 not support"
707 cleanup
708 return 1
709 fi
710 }
711
712 enable_debug()
713 {
714 echo 'file ip_gre.c +p' > /sys/kernel/debug/dynamic_debug/control
715 echo 'file ip6_gre.c +p' > /sys/kernel/debug/dynamic_debug/control
716 echo 'file vxlan.c +p' > /sys/kernel/debug/dynamic_debug/control
717 echo 'file geneve.c +p' > /sys/kernel/debug/dynamic_debug/control
718 echo 'file ipip.c +p' > /sys/kernel/debug/dynamic_debug/control
719 }
720
721 check_err()
722 {
723 if [ $ret -eq 0 ]; then
724 ret=$1
725 fi
726 }
727
728 bpf_tunnel_test()
729 {
730 local errors=0
731
732 echo "Testing GRE tunnel..."
733 test_gre
734 errors=$(( $errors + $? ))
735
736 echo "Testing IP6GRE tunnel..."
737 test_ip6gre
738 errors=$(( $errors + $? ))
739
740 echo "Testing IP6GRETAP tunnel..."
741 test_ip6gretap
742 errors=$(( $errors + $? ))
743
744 echo "Testing ERSPAN tunnel..."
745 test_erspan v2
746 errors=$(( $errors + $? ))
747
748 echo "Testing IP6ERSPAN tunnel..."
749 test_ip6erspan v2
750 errors=$(( $errors + $? ))
751
752 echo "Testing VXLAN tunnel..."
753 test_vxlan
754 errors=$(( $errors + $? ))
755
756 echo "Testing IP6VXLAN tunnel..."
757 test_ip6vxlan
758 errors=$(( $errors + $? ))
759
760 echo "Testing GENEVE tunnel..."
761 test_geneve
762 errors=$(( $errors + $? ))
763
764 echo "Testing IP6GENEVE tunnel..."
765 test_ip6geneve
766 errors=$(( $errors + $? ))
767
768 echo "Testing IPIP tunnel..."
769 test_ipip
770 errors=$(( $errors + $? ))
771
772 echo "Testing IPIP6 tunnel..."
773 test_ipip6
774 errors=$(( $errors + $? ))
775
776 echo "Testing IP6IP6 tunnel..."
777 test_ip6ip6
778 errors=$(( $errors + $? ))
779
780 echo "Testing IPSec tunnel..."
781 test_xfrm_tunnel
782 errors=$(( $errors + $? ))
783
784 return $errors
785 }
786
787 trap cleanup 0 3 6
788 trap cleanup_exit 2 9
789
790 cleanup
791 bpf_tunnel_test
792
793 if [ $? -ne 0 ]; then
794 echo -e "$(basename $0): ${RED}FAIL${NC}"
795 exit 1
796 fi
797 echo -e "$(basename $0): ${GREEN}PASS${NC}"
798 exit 0
Linux with added FPC-III support