Lines Matching +full:0 +full:a
16 # ns-A | ns-B
23 # ns-A:
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
38 # server / client nomenclature relative to ns-A
44 VERBOSE=0
92 fips_enabled=0
198 echo "COMMAND: ${NSA_CMD} sysctl -q -w net.ipv4.ping_group_range='0 2147483647'"
201 ${NSA_CMD} sysctl -q -w net.ipv4.ping_group_range='0 2147483647'
215 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
244 if [ $rc -ne 0 ]; then
246 if [ "$VERBOSE" = "0" ]; then
253 read a
266 if [ $rc -ne 0 ]; then
268 if [ "$VERBOSE" = "0" ]; then
275 read a
288 if [ $rc -ne 0 ]; then
290 if [ "$VERBOSE" = "0" ]; then
297 read a
303 # set sysctl values in NS-A
311 # get sysctl values in NS-A
329 ${NSA_IP}) echo "ns-A IP";;
330 ${NSA_IP6}) echo "ns-A IPv6";;
331 ${NSA_LO_IP}) echo "ns-A loopback IP";;
332 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
333 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
373 return 0
401 ip -netns ${ns} ru del pref 0
403 ip -netns ${ns} -6 ru del pref 0
461 if [ $? -eq 0 ]; then
489 # ns-B but for a device NOT in the VRF
501 # make sure we are starting with a clean slate
520 # tell ns-A how to get to remote addresses of ns-B
536 # tell ns-B how to get to remote addresses of ns-A
547 # make sure we are starting with a clean slate
584 local a
589 for a in ${NSB_IP} ${NSB_LO_IP}
592 run_cmd ping -c1 -w1 ${a}
593 log_test_addr ${a} $? 0 "ping out"
596 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
597 log_test_addr ${a} $? 0 "ping out, device bind"
600 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
601 log_test_addr ${a} $? 0 "ping out, address bind"
607 a=${NSB_IP}
609 run_cmd ping -c 1 -w 1 -r ${a}
610 log_test_addr ${a} $? 0 "ping out (don't route), peer on link"
612 a=${NSB_LO_IP}
615 run_cmd ping -c 1 -w 1 -r ${a}
616 log_test_addr ${a} $? 1 "ping out (don't route), peer not on link"
621 for a in ${NSA_IP} ${NSA_LO_IP}
624 run_cmd_nsb ping -c1 -w1 ${a}
625 log_test_addr ${a} $? 0 "ping in"
631 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
634 run_cmd ping -c1 -w1 ${a}
635 log_test_addr ${a} $? 0 "ping local"
642 a=${NSA_IP}
644 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
645 log_test_addr ${a} $? 0 "ping local, device bind"
648 # fails in a really weird way though because ipv4 special cases
650 for a in ${NSA_LO_IP} 127.0.0.1
654 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
655 log_test_addr ${a} $? 1 "ping local, device bind"
663 setup_cmd ip rule del pref 0 from all lookup local
667 a=${NSB_LO_IP}
668 run_cmd ping -c1 -w1 ${a}
669 log_test_addr ${a} $? 2 "ping out, blocked by rule"
672 # a viable rtable if the oif (e.g., bind to device) is set, so this
674 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
676 a=${NSA_LO_IP}
679 run_cmd_nsb ping -c1 -w1 ${a}
680 log_test_addr ${a} $? 1 "ping in, blocked by rule"
684 setup_cmd ip rule add pref 0 from all lookup local
695 a=${NSB_LO_IP}
696 run_cmd ping -c1 -w1 ${a}
697 log_test_addr ${a} $? 2 "ping out, blocked by route"
700 # a viable rtable if the oif (e.g., bind to device) is set, so this
701 # case succeeds despite not having a route for the address
702 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
704 a=${NSA_LO_IP}
707 run_cmd_nsb ping -c1 -w1 ${a}
708 log_test_addr ${a} $? 1 "ping in, blocked by route"
716 a=${NSB_LO_IP}
717 run_cmd ping -c1 -w1 ${a}
718 log_test_addr ${a} $? 2 "ping out, unreachable default route"
721 # a viable rtable if the oif (e.g., bind to device) is set, so this
722 # case succeeds despite not having a route for the address
723 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
728 local a
736 for a in ${NSB_IP} ${NSB_LO_IP}
739 run_cmd ping -c1 -w1 -I ${VRF} ${a}
740 log_test_addr ${a} $? 0 "ping out, VRF bind"
743 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
744 log_test_addr ${a} $? 0 "ping out, device bind"
747 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
748 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
751 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
752 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
758 for a in ${NSA_IP} ${VRF_IP}
761 run_cmd_nsb ping -c1 -w1 ${a}
762 log_test_addr ${a} $? 0 "ping in"
768 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
771 show_hint "Source address should be ${a}"
772 run_cmd ping -c1 -w1 -I ${VRF} ${a}
773 log_test_addr ${a} $? 0 "ping local, VRF bind"
780 a=${NSA_IP}
782 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
783 log_test_addr ${a} $? 0 "ping local, device bind"
786 for a in ${VRF_IP} 127.0.0.1
790 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
791 log_test_addr ${a} $? 2 "ping local, device bind"
801 a=${NSB_LO_IP}
802 run_cmd ping -c1 -w1 -I ${VRF} ${a}
803 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
806 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
807 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
809 a=${NSA_LO_IP}
812 run_cmd_nsb ping -c1 -w1 ${a}
813 log_test_addr ${a} $? 1 "ping in, blocked by rule"
825 a=${NSB_LO_IP}
826 run_cmd ping -c1 -w1 -I ${VRF} ${a}
827 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
830 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
831 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
833 a=${NSA_LO_IP}
836 run_cmd_nsb ping -c1 -w1 ${a}
837 log_test_addr ${a} $? 1 "ping in, unreachable route"
846 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
880 log_test $? 0 "MD5: Single address config"
915 log_test $? 0 "MD5: Prefix config"
948 log_test $? 0 "MD5: VRF: Single address config"
983 log_test $? 0 "MD5: VRF: Prefix config"
1002 # duplicate config between default VRF and a VRF
1010 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
1017 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
1040 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
1047 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
1070 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1074 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1087 log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
1094 log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
1108 log_test $? 2 "MD5: VRF: Global server, Key bound to ifindex=0 rejects VRF connection"
1114 log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
1120 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts VRF connection"
1126 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
1137 local a
1142 # on link (doesn't need to be routed through a gateway).
1152 a=${NSB_IP}
1154 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1155 log_test_addr ${a} $? 0 "SO_DONTROUTE client, syncookies=${syncookies}"
1157 a=${NSB_IP}
1159 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute
1160 log_test_addr ${a} $? 0 "SO_DONTROUTE server, syncookies=${syncookies}"
1167 # to respond to a routed address and not a link local one).
1169 a=${NSB_LO_IP}
1172 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute
1173 log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}"
1175 a=${NSB_LO_IP}
1178 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute
1179 log_test_addr ${a} $? 2 "SO_DONTROUTE server, syncookies=${syncookies}"
1187 local a
1192 for a in ${NSA_IP} ${NSA_LO_IP}
1197 run_cmd_nsb nettest -r ${a}
1198 log_test_addr ${a} $? 0 "Global server"
1201 a=${NSA_IP}
1205 run_cmd_nsb nettest -r ${a}
1206 log_test_addr ${a} $? 0 "Device server"
1209 for a in ${NSA_IP} ${NSA_LO_IP}
1213 run_cmd_nsb nettest -r ${a}
1214 log_test_addr ${a} $? 1 "No server"
1220 for a in ${NSB_IP} ${NSB_LO_IP}
1225 run_cmd nettest -r ${a} -0 ${NSA_IP}
1226 log_test_addr ${a} $? 0 "Client"
1231 run_cmd nettest -r ${a} -d ${NSA_DEV}
1232 log_test_addr ${a} $? 0 "Client, device bind"
1236 run_cmd nettest -r ${a}
1237 log_test_addr ${a} $? 1 "No server, unbound client"
1241 run_cmd nettest -r ${a} -d ${NSA_DEV}
1242 log_test_addr ${a} $? 1 "No server, device client"
1248 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1253 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1254 log_test_addr ${a} $? 0 "Global server, local connection"
1257 a=${NSA_IP}
1261 run_cmd nettest -r ${a} -0 ${a}
1262 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1264 for a in ${NSA_LO_IP} 127.0.0.1
1270 run_cmd nettest -r ${a}
1271 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1274 a=${NSA_IP}
1278 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1279 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1281 for a in ${NSA_LO_IP} 127.0.0.1
1287 run_cmd nettest -r ${a} -d ${NSA_DEV}
1288 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1291 a=${NSA_IP}
1295 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1296 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1300 run_cmd nettest -d ${NSA_DEV} -r ${a}
1301 log_test_addr ${a} $? 1 "No server, device client, local conn"
1305 ipv4_tcp_dontroute 0
1311 local a
1316 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1321 for a in ${NSA_IP} ${VRF_IP}
1327 run_cmd_nsb nettest -r ${a}
1328 log_test_addr ${a} $? 1 "Global server"
1333 run_cmd_nsb nettest -r ${a}
1334 log_test_addr ${a} $? 0 "VRF server"
1339 run_cmd_nsb nettest -r ${a}
1340 log_test_addr ${a} $? 0 "Device server"
1345 run_cmd_nsb nettest -r ${a}
1346 log_test_addr ${a} $? 1 "No server"
1351 a=${NSA_IP}
1356 run_cmd nettest -r ${a} -d ${NSA_DEV}
1357 log_test_addr ${a} $? 1 "Global server, local connection"
1360 if [ "$fips_enabled" = "0" ]; then
1372 for a in ${NSA_IP} ${VRF_IP}
1378 run_cmd_nsb nettest -r ${a}
1379 log_test_addr ${a} $? 0 "Global server"
1385 run_cmd_nsb nettest -r ${a}
1386 log_test_addr ${a} $? 0 "VRF server"
1391 run_cmd_nsb nettest -r ${a}
1392 log_test_addr ${a} $? 1 "No server"
1395 a=${NSA_IP}
1400 run_cmd_nsb nettest -r ${a}
1401 log_test_addr ${a} $? 0 "Device server"
1404 for a in ${NSA_IP} ${VRF_IP}
1410 run_cmd nettest -r ${a}
1411 log_test_addr ${a} $? 1 "Global server, local connection"
1417 for a in ${NSB_IP} ${NSB_LO_IP}
1422 run_cmd nettest -r ${a} -d ${VRF}
1423 log_test_addr ${a} $? 0 "Client, VRF bind"
1428 run_cmd nettest -r ${a} -d ${NSA_DEV}
1429 log_test_addr ${a} $? 0 "Client, device bind"
1433 run_cmd nettest -r ${a} -d ${VRF}
1434 log_test_addr ${a} $? 1 "No server, VRF client"
1438 run_cmd nettest -r ${a} -d ${NSA_DEV}
1439 log_test_addr ${a} $? 1 "No server, device client"
1442 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1447 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1448 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1451 a=${NSA_IP}
1455 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1456 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1462 run_cmd nettest -r ${a}
1463 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1468 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1469 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1474 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1475 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1487 set_sysctl net.ipv4.tcp_l3mdev_accept=0
1503 local a
1508 for a in ${NSA_IP} ${NSA_LO_IP}
1513 run_cmd_nsb nettest -D -r ${a}
1514 log_test_addr ${a} $? 0 "Global server"
1518 run_cmd_nsb nettest -D -r ${a}
1519 log_test_addr ${a} $? 1 "No server"
1522 a=${NSA_IP}
1526 run_cmd_nsb nettest -D -r ${a}
1527 log_test_addr ${a} $? 0 "Device server"
1532 for a in ${NSB_IP} ${NSB_LO_IP}
1537 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1538 log_test_addr ${a} $? 0 "Client"
1543 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1544 log_test_addr ${a} $? 0 "Client, device bind"
1549 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1550 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1555 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1556 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1561 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
1562 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF, with connect()"
1567 run_cmd nettest -D -r ${a}
1568 log_test_addr ${a} $? 1 "No server, unbound client"
1572 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1573 log_test_addr ${a} $? 1 "No server, device client"
1579 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1584 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1585 log_test_addr ${a} $? 0 "Global server, local connection"
1588 a=${NSA_IP}
1592 run_cmd nettest -D -r ${a}
1593 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1595 for a in ${NSA_LO_IP} 127.0.0.1
1601 run_cmd nettest -D -r ${a}
1602 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1605 a=${NSA_IP}
1609 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1610 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1615 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1616 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1621 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1622 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1627 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
1628 …log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1634 for a in ${NSA_LO_IP} 127.0.0.1
1640 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1641 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1647 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1648 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1654 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1655 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1661 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
1662 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1667 a=${NSA_IP}
1671 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1672 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1675 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1676 log_test_addr ${a} $? 2 "No server, device client, local conn"
1681 # on link (doesn't need to be routed through a gateway).
1684 a=${NSB_IP}
1686 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1687 log_test_addr ${a} $? 0 "SO_DONTROUTE client"
1689 a=${NSB_LO_IP}
1692 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1693 log_test_addr ${a} $? 1 "SO_DONTROUTE client"
1698 local a
1702 set_sysctl net.ipv4.udp_l3mdev_accept=0
1707 for a in ${NSA_IP} ${VRF_IP}
1710 show_hint "Fails because ingress is in a VRF and global server is disabled"
1713 run_cmd_nsb nettest -D -r ${a}
1714 log_test_addr ${a} $? 1 "Global server"
1719 run_cmd_nsb nettest -D -r ${a}
1720 log_test_addr ${a} $? 0 "VRF server"
1725 run_cmd_nsb nettest -D -r ${a}
1726 log_test_addr ${a} $? 0 "Enslaved device server"
1730 run_cmd_nsb nettest -D -r ${a}
1731 log_test_addr ${a} $? 1 "No server"
1737 run_cmd nettest -D -d ${VRF} -r ${a}
1738 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1741 a=${NSA_IP}
1745 run_cmd nettest -D -d ${VRF} -r ${a}
1746 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1751 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1752 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1754 a=${NSA_IP}
1758 run_cmd nettest -D -d ${VRF} -r ${a}
1759 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1764 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1765 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1774 for a in ${NSA_IP} ${VRF_IP}
1779 run_cmd_nsb nettest -D -r ${a}
1780 log_test_addr ${a} $? 0 "Global server"
1785 run_cmd_nsb nettest -D -r ${a}
1786 log_test_addr ${a} $? 0 "VRF server"
1791 run_cmd_nsb nettest -D -r ${a}
1792 log_test_addr ${a} $? 0 "Enslaved device server"
1796 run_cmd_nsb nettest -D -r ${a}
1797 log_test_addr ${a} $? 1 "No server"
1807 log_test $? 0 "VRF client"
1813 log_test $? 0 "Enslaved device client"
1829 a=${NSA_IP}
1833 run_cmd nettest -D -d ${VRF} -r ${a}
1834 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1839 run_cmd nettest -D -d ${VRF} -r ${a}
1840 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1845 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1846 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1851 run_cmd nettest -D -d ${VRF} -r ${a}
1852 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1857 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1858 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1860 for a in ${VRF_IP} 127.0.0.1
1865 run_cmd nettest -D -d ${VRF} -r ${a}
1866 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1869 for a in ${VRF_IP} 127.0.0.1
1874 run_cmd nettest -D -d ${VRF} -r ${a}
1875 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1880 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1884 run_cmd nettest -D -d ${VRF} -r ${a}
1885 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1899 set_sysctl net.ipv4.udp_l3mdev_accept=0
1920 for a in ${NSA_IP} ${NSA_LO_IP}
1923 run_cmd nettest -s -R -P icmp -l ${a} -b
1924 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1927 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1928 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1934 a=${NL_IP}
1936 run_cmd nettest -s -R -f -l ${a} -b
1937 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
1940 run_cmd nettest -s -f -l ${a} -b
1941 log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address"
1944 run_cmd nettest -s -D -P icmp -f -l ${a} -b
1945 log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address"
1950 a=${BCAST_IP}
1952 run_cmd nettest -s -D -P icmp -l ${a} -b
1953 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
1955 a=${MCAST_IP}
1957 run_cmd nettest -s -D -P icmp -l ${a} -b
1958 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
1963 a=${NSA_IP}
1965 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1966 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1969 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1970 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1972 # Sadly, the kernel allows binding a socket to a device and then
1976 #a=${NSA_LO_IP}
1979 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1980 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1988 for a in ${NSA_IP} ${VRF_IP}
1992 run_cmd nettest -s -R -P icmp -l ${a} -b
1993 log_test_addr ${a} $? 1 "Raw socket bind to local address"
1996 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1997 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1999 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
2000 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
2003 a=${NSA_LO_IP}
2006 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
2007 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
2012 a=${NL_IP}
2014 run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
2015 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
2018 run_cmd nettest -s -f -l ${a} -I ${VRF} -b
2019 log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address after VRF bind"
2022 run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
2023 log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address after VRF bind"
2028 a=${BCAST_IP}
2030 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2031 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
2033 a=${MCAST_IP}
2035 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2036 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
2041 for a in ${NSA_IP} ${VRF_IP}
2044 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2045 log_test_addr ${a} $? 0 "TCP socket bind to local address"
2048 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2049 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
2052 a=${NSA_LO_IP}
2055 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2056 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
2060 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2061 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
2087 local a
2092 for a in ${NSA_IP} ${VRF_IP}
2097 run_cmd_nsb nettest ${varg} -r ${a} &
2101 log_test_addr ${a} 0 0 "${desc}, global server"
2106 for a in ${NSA_IP} ${VRF_IP}
2111 run_cmd_nsb nettest ${varg} -r ${a} &
2115 log_test_addr ${a} 0 0 "${desc}, VRF server"
2120 a=${NSA_IP}
2124 run_cmd_nsb nettest ${varg} -r ${a} &
2128 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
2142 log_test_addr ${a} 0 0 "${desc}, VRF client"
2153 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
2160 for a in ${NSA_IP} ${VRF_IP}
2165 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2169 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
2174 for a in ${NSA_IP} ${VRF_IP}
2179 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2183 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
2188 a=${NSA_IP}
2193 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2197 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
2204 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2208 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
2215 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2219 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
2225 local a
2227 for a in ${NSA_IP} ${VRF_IP}
2230 run_cmd_nsb ping -f ${a} &
2234 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2239 a=${NSB_IP}
2241 run_cmd ping -f -I ${VRF} ${a} &
2245 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2267 local a
2269 # should not have an impact, but make a known state
2270 set_sysctl net.ipv4.raw_l3mdev_accept=0 2>/dev/null
2275 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2278 run_cmd ${ping6} -c1 -w1 ${a}
2279 log_test_addr ${a} $? 0 "ping out"
2282 for a in ${NSB_IP6} ${NSB_LO_IP6}
2285 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2286 log_test_addr ${a} $? 0 "ping out, device bind"
2289 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2290 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2296 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2299 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2300 log_test_addr ${a} $? 0 "ping in"
2306 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2309 run_cmd ${ping6} -c1 -w1 ${a}
2310 log_test_addr ${a} $? 0 "ping local, no bind"
2313 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2316 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2317 log_test_addr ${a} $? 0 "ping local, device bind"
2320 for a in ${NSA_LO_IP6} ::1
2324 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2325 log_test_addr ${a} $? 2 "ping local, device bind"
2333 setup_cmd ip -6 rule del pref 0 from all lookup local
2337 a=${NSB_LO_IP6}
2338 run_cmd ${ping6} -c1 -w1 ${a}
2339 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2342 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2343 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2345 a=${NSA_LO_IP6}
2348 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2349 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2351 setup_cmd ip -6 rule add pref 0 from all lookup local
2364 a=${NSB_LO_IP6}
2365 run_cmd ${ping6} -c1 -w1 ${a}
2366 log_test_addr ${a} $? 2 "ping out, blocked by route"
2369 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2370 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2372 a=${NSA_LO_IP6}
2375 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2376 log_test_addr ${a} $? 1 "ping in, blocked by route"
2386 a=${NSB_LO_IP6}
2387 run_cmd ${ping6} -c1 -w1 ${a}
2388 log_test_addr ${a} $? 2 "ping out, unreachable route"
2391 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2392 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2397 local a
2405 for a in ${NSB_IP6} ${NSB_LO_IP6}
2408 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2409 log_test_addr ${a} $? 0 "ping out, VRF bind"
2412 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2416 run_cmd ${ping6} -c1 -w1 ${a}
2417 log_test_addr ${a} $? 1 "ping out, VRF bind"
2420 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2423 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2424 log_test_addr ${a} $? 0 "ping out, device bind"
2427 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2430 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2431 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2437 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2440 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2441 log_test_addr ${a} $? 0 "ping in"
2444 a=${NSA_LO_IP6}
2447 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2448 log_test_addr ${a} $? 1 "ping in"
2453 for a in ${NSA_IP6} ${VRF_IP6} ::1
2456 show_hint "Source address should be ${a}"
2457 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2458 log_test_addr ${a} $? 0 "ping local, VRF bind"
2461 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2464 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2465 log_test_addr ${a} $? 0 "ping local, device bind"
2473 for a in ${NSA_IP6} ${VRF_IP6}
2477 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2491 a=${NSB_LO_IP6}
2492 run_cmd ${ping6} -c1 -w1 ${a}
2493 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2496 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2497 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2499 a=${NSA_LO_IP6}
2502 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2503 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2515 a=${NSB_LO_IP6}
2516 run_cmd ${ping6} -c1 -w1 ${a}
2517 log_test_addr ${a} $? 2 "ping out, unreachable route"
2520 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2521 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2524 a=${NSA_LO_IP6}
2526 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2527 log_test_addr ${a} $? 2 "ping in, unreachable route"
2566 log_test $? 0 "MD5: Single address config"
2601 log_test $? 0 "MD5: Prefix config"
2634 log_test $? 0 "MD5: VRF: Single address config"
2669 log_test $? 0 "MD5: VRF: Prefix config"
2688 # duplicate config between default VRF and a VRF
2696 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
2703 log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
2726 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
2733 log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
2756 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2760 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2766 local a
2771 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2776 run_cmd_nsb nettest -6 -r ${a}
2777 log_test_addr ${a} $? 0 "Global server"
2781 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2785 run_cmd_nsb nettest -6 -r ${a}
2786 log_test_addr ${a} $? 1 "No server"
2792 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2797 run_cmd nettest -6 -r ${a}
2798 log_test_addr ${a} $? 0 "Client"
2801 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2806 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2807 log_test_addr ${a} $? 0 "Client, device bind"
2810 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2814 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2815 log_test_addr ${a} $? 1 "No server, device client"
2821 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2826 run_cmd nettest -6 -r ${a}
2827 log_test_addr ${a} $? 0 "Global server, local connection"
2830 a=${NSA_IP6}
2834 run_cmd nettest -6 -r ${a} -0 ${a}
2835 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2837 for a in ${NSA_LO_IP6} ::1
2843 run_cmd nettest -6 -r ${a}
2844 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2847 a=${NSA_IP6}
2851 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2852 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2854 for a in ${NSA_LO_IP6} ::1
2860 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2861 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2864 for a in ${NSA_IP6} ${NSA_LINKIP6}
2869 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2870 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2873 for a in ${NSA_IP6} ${NSA_LINKIP6}
2877 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2878 log_test_addr ${a} $? 1 "No server, device client, local conn"
2886 local a
2891 set_sysctl net.ipv4.tcp_l3mdev_accept=0
2896 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2902 run_cmd_nsb nettest -6 -r ${a}
2903 log_test_addr ${a} $? 1 "Global server"
2906 for a in ${NSA_IP6} ${VRF_IP6}
2911 run_cmd_nsb nettest -6 -r ${a}
2912 log_test_addr ${a} $? 0 "VRF server"
2916 a=${NSA_LINKIP6}%${NSB_DEV}
2920 run_cmd_nsb nettest -6 -r ${a}
2921 log_test_addr ${a} $? 0 "VRF server"
2923 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2928 run_cmd_nsb nettest -6 -r ${a}
2929 log_test_addr ${a} $? 0 "Device server"
2933 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2937 run_cmd_nsb nettest -6 -r ${a}
2938 log_test_addr ${a} $? 1 "No server"
2942 a=${NSA_IP6}
2947 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2948 log_test_addr ${a} $? 1 "Global server, local connection"
2951 if [ "$fips_enabled" = "0" ]; then
2963 for a in ${NSA_IP6} ${VRF_IP6}
2968 run_cmd_nsb nettest -6 -r ${a}
2969 log_test_addr ${a} $? 0 "Global server"
2972 for a in ${NSA_IP6} ${VRF_IP6}
2977 run_cmd_nsb nettest -6 -r ${a}
2978 log_test_addr ${a} $? 0 "VRF server"
2982 a=${NSA_LINKIP6}%${NSB_DEV}
2986 run_cmd_nsb nettest -6 -r ${a}
2987 log_test_addr ${a} $? 0 "Global server"
2992 run_cmd_nsb nettest -6 -r ${a}
2993 log_test_addr ${a} $? 0 "VRF server"
2995 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3000 run_cmd_nsb nettest -6 -r ${a}
3001 log_test_addr ${a} $? 0 "Device server"
3005 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3009 run_cmd_nsb nettest -6 -r ${a}
3010 log_test_addr ${a} $? 1 "No server"
3014 for a in ${NSA_IP6} ${VRF_IP6}
3020 run_cmd nettest -6 -r ${a}
3021 log_test_addr ${a} $? 1 "Global server, local connection"
3028 for a in ${NSB_IP6} ${NSB_LO_IP6}
3033 run_cmd nettest -6 -r ${a} -d ${VRF}
3034 log_test_addr ${a} $? 0 "Client, VRF bind"
3037 a=${NSB_LINKIP6}
3042 run_cmd nettest -6 -r ${a} -d ${VRF}
3043 log_test_addr ${a} $? 1 "Client, VRF bind"
3045 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
3050 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3051 log_test_addr ${a} $? 0 "Client, device bind"
3054 for a in ${NSB_IP6} ${NSB_LO_IP6}
3058 run_cmd nettest -6 -r ${a} -d ${VRF}
3059 log_test_addr ${a} $? 1 "No server, VRF client"
3062 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
3066 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3067 log_test_addr ${a} $? 1 "No server, device client"
3070 for a in ${NSA_IP6} ${VRF_IP6} ::1
3075 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3076 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
3079 a=${NSA_IP6}
3083 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3084 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
3086 a=${NSA_IP6}
3091 run_cmd nettest -6 -r ${a}
3092 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
3097 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3098 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
3100 for a in ${NSA_IP6} ${NSA_LINKIP6}
3105 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3106 log_test_addr ${a} $? 0 "Device server, device client, local connection"
3119 set_sysctl net.ipv4.tcp_l3mdev_accept=0
3135 local a
3140 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3145 run_cmd_nsb nettest -6 -D -r ${a}
3146 log_test_addr ${a} $? 0 "Global server"
3151 run_cmd_nsb nettest -6 -D -r ${a}
3152 log_test_addr ${a} $? 0 "Device server"
3155 a=${NSA_LO_IP6}
3159 run_cmd_nsb nettest -6 -D -r ${a}
3160 log_test_addr ${a} $? 0 "Global server"
3162 # should fail since loopback address is out of scope for a device
3169 #run_cmd_nsb nettest -6 -D -r ${a}
3170 #log_test_addr ${a} $? 1 "Device server"
3173 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3177 run_cmd_nsb nettest -6 -D -r ${a}
3178 log_test_addr ${a} $? 1 "No server"
3184 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
3189 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
3190 log_test_addr ${a} $? 0 "Client"
3195 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
3196 log_test_addr ${a} $? 0 "Client, device bind"
3201 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
3202 log_test_addr ${a} $? 0 "Client, device send via cmsg"
3207 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
3208 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
3212 run_cmd nettest -6 -D -r ${a}
3213 log_test_addr ${a} $? 1 "No server, unbound client"
3217 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3218 log_test_addr ${a} $? 1 "No server, device client"
3224 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
3229 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3230 log_test_addr ${a} $? 0 "Global server, local connection"
3233 a=${NSA_IP6}
3237 run_cmd nettest -6 -D -r ${a}
3238 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
3240 for a in ${NSA_LO_IP6} ::1
3246 run_cmd nettest -6 -D -r ${a}
3247 log_test_addr ${a} $? 1 "Device server, local connection"
3250 a=${NSA_IP6}
3254 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3255 log_test_addr ${a} $? 0 "Global server, device client, local connection"
3260 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3261 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
3266 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3267 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
3269 for a in ${NSA_LO_IP6} ::1
3275 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3276 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3282 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3283 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3289 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3290 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3296 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
3297 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
3300 a=${NSA_IP6}
3304 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3305 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3309 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3310 log_test_addr ${a} $? 1 "No server, device client, local conn"
3319 log_test $? 0 "UDP in - LLA to GUA"
3327 local a
3331 set_sysctl net.ipv4.udp_l3mdev_accept=0
3336 for a in ${NSA_IP6} ${VRF_IP6}
3342 run_cmd_nsb nettest -6 -D -r ${a}
3343 log_test_addr ${a} $? 1 "Global server"
3346 for a in ${NSA_IP6} ${VRF_IP6}
3351 run_cmd_nsb nettest -6 -D -r ${a}
3352 log_test_addr ${a} $? 0 "VRF server"
3355 for a in ${NSA_IP6} ${VRF_IP6}
3360 run_cmd_nsb nettest -6 -D -r ${a}
3361 log_test_addr ${a} $? 0 "Enslaved device server"
3365 for a in ${NSA_IP6} ${VRF_IP6}
3369 run_cmd_nsb nettest -6 -D -r ${a}
3370 log_test_addr ${a} $? 1 "No server"
3376 for a in ${NSA_IP6} ${VRF_IP6}
3382 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3383 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3386 for a in ${NSA_IP6} ${VRF_IP6}
3391 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3392 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3395 a=${NSA_IP6}
3400 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3401 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3406 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3407 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3412 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3413 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3418 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3419 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3428 for a in ${NSA_IP6} ${VRF_IP6}
3433 run_cmd_nsb nettest -6 -D -r ${a}
3434 log_test_addr ${a} $? 0 "Global server"
3437 for a in ${NSA_IP6} ${VRF_IP6}
3442 run_cmd_nsb nettest -6 -D -r ${a}
3443 log_test_addr ${a} $? 0 "VRF server"
3446 for a in ${NSA_IP6} ${VRF_IP6}
3451 run_cmd_nsb nettest -6 -D -r ${a}
3452 log_test_addr ${a} $? 0 "Enslaved device server"
3456 for a in ${NSA_IP6} ${VRF_IP6}
3459 run_cmd_nsb nettest -6 -D -r ${a}
3460 log_test_addr ${a} $? 1 "No server"
3470 log_test $? 0 "VRF client"
3481 log_test $? 0 "Enslaved device client"
3491 a=${NSA_IP6}
3495 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3496 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3501 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3502 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3505 a=${VRF_IP6}
3509 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3510 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3515 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3516 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3519 for a in ${NSA_IP6} ${VRF_IP6}
3522 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3523 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3527 a=${NSA_IP6}
3531 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3532 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3537 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3538 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3543 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3544 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3549 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3550 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3553 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3554 log_test_addr ${a} $? 1 "No server, device client, local conn"
3562 log_test $? 0 "Global server, linklocal IP"
3573 log_test $? 0 "Enslaved device client, linklocal IP"
3584 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3597 log_test $? 0 "UDP in - LLA to GUA"
3615 set_sysctl net.ipv4.udp_l3mdev_accept=0
3634 for a in ${NSA_IP6} ${NSA_LO_IP6}
3637 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3638 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3641 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3642 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3648 a=${NL_IP6}
3650 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
3651 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
3656 a=${NSA_IP6}
3658 run_cmd nettest -6 -s -l ${a} -t1 -b
3659 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3662 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3663 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3665 # Sadly, the kernel allows binding a socket to a device and then
3668 a=${NSA_LO_IP6}
3671 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3672 log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address"
3680 for a in ${NSA_IP6} ${VRF_IP6}
3683 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3684 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3687 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3688 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3691 a=${NSA_LO_IP6}
3694 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3695 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3700 a=${NL_IP6}
3702 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
3703 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
3708 # address on enslaved device is valid for the VRF or device in a VRF
3709 for a in ${NSA_IP6} ${VRF_IP6}
3712 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3713 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3716 a=${NSA_IP6}
3718 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3719 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3721 # Sadly, the kernel allows binding a socket to a device and then
3725 a=${VRF_IP6}
3728 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3729 log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind"
3731 a=${NSA_LO_IP6}
3734 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3735 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3739 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3740 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3765 local a
3770 for a in ${NSA_IP6} ${VRF_IP6}
3775 run_cmd_nsb nettest ${varg} -r ${a} &
3779 log_test_addr ${a} 0 0 "${desc}, global server"
3784 for a in ${NSA_IP6} ${VRF_IP6}
3789 run_cmd_nsb nettest ${varg} -r ${a} &
3793 log_test_addr ${a} 0 0 "${desc}, VRF server"
3798 for a in ${NSA_IP6} ${VRF_IP6}
3803 run_cmd_nsb nettest ${varg} -r ${a} &
3807 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3822 log_test 0 0 "${desc}, VRF client"
3833 log_test 0 0 "${desc}, enslaved device client"
3841 for a in ${NSA_IP6} ${VRF_IP6}
3846 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3850 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3855 for a in ${NSA_IP6} ${VRF_IP6}
3860 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3864 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3869 a=${NSA_IP6}
3873 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3877 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3884 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3888 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3895 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3899 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3905 local a
3907 a=${NSA_IP6}
3909 run_cmd_nsb ${ping6} -f ${a} &
3913 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3922 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3947 local a
3949 for a in ${NSA_IP} ${VRF_IP}
3954 run_cmd_nsb nettest -r ${a}
3955 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3963 local a
3967 for a in ${NSA_IP} ${VRF_IP}
3972 run_cmd_nsb nettest ${arg} -r ${a}
3973 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3983 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3992 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3993 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
4004 local a
4006 for a in ${NSA_IP6} ${VRF_IP6}
4011 run_cmd_nsb nettest -6 -r ${a}
4012 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
4020 local a
4024 for a in ${NSA_IP6} ${VRF_IP6}
4029 run_cmd_nsb nettest -6 ${arg} -r ${a}
4030 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
4040 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
4048 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4049 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4062 # ns-A device enslaved to bridge. Verify traffic with and without
4086 log_test $? 0 "Bridge into VRF - IPv4 ping out"
4090 log_test $? 0 "Bridge into VRF - IPv6 ping out"
4094 log_test $? 0 "Bridge into VRF - IPv4 ping in"
4098 log_test $? 0 "Bridge into VRF - IPv6 ping in"
4101 if [ $? -eq 0 ]; then
4104 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
4108 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
4112 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
4116 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
4135 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
4139 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
4143 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4147 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4150 if [ $? -eq 0 ]; then
4153 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
4157 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
4161 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4165 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4173 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
4178 # only want reply from ns-A
4184 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
4187 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
4189 # cycle/flap the first ns-A interface
4196 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
4198 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
4200 # cycle/flap the second ns-A interface
4207 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
4209 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
4212 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
4220 …run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4221 …run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4226 log_test $? 0 "IPv4 TCP connection over VRF with SNAT"
4231 log_test $? 0 "IPv6 TCP connection over VRF with SNAT"
4255 usage: ${0##*/} OPTS
4288 h) usage; exit 0;;
4309 declare -i nfail=0
4310 declare -i nsuccess=0
4332 setup) setup; exit 0;;
4333 vrf_setup) setup "yes"; exit 0;;
4342 if [ $nfail -ne 0 ]; then
4344 elif [ $nsuccess -eq 0 ]; then
4348 exit 0 # KSFT_PASS