Lines Matching +full:1 +full:- +full:6
2 # SPDX-License-Identifier: GPL-2.0
8 # 1. icmp, tcp, udp and netfilter
9 # 2. client, server, no-server
13 # 6. VRF and non-VRF permutations
16 # ns-A | ns-B
18 # [ lo ] [ eth1 ]---|---[ eth1 ] [ lo ]
21 # [ red ]---[ eth1 ]---|---[ eth1 ] [ lo ]
23 # ns-A:
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
30 # ns-B:
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
38 # server / client nomenclature relative to ns-A
60 NSA_IP6=2001:db8:1::1
61 NSB_IP6=2001:db8:1::2
62 VRF_IP6=2001:db8:3::1
63 NS_NET6=2001:db8:1::/120
67 NSA_LO_IP6=2001:db8:2::1
70 # non-local addresses for freebind tests
72 NL_IP6=2001:db8:4::1
81 MCAST=ff02::1
86 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
89 if [ -f /proc/sys/crypto/fips_enabled ]; then
100 local rc=$1
105 [ "${VERBOSE}" = "1" ] && echo
107 if [ ${rc} -eq ${expected} ]; then
108 nsuccess=$((nsuccess+1))
109 printf "TEST: %-70s [ OK ]\n" "${msg}"
111 nfail=$((nfail+1))
112 printf "TEST: %-70s [FAIL]\n" "${msg}"
118 [ "$ans" = "q" ] && exit 1
126 [ "$ans" = "q" ] && exit 1
134 local addr=$1
141 log_test $rc $expected "$msg - ${astr}"
166 if [ "${VERBOSE}" = "1" ]; then
174 if [ "${VERBOSE}" = "1" ]; then
183 if [ "${VERBOSE}" = "1" ]; then
191 killall nettest ping ping6 >/dev/null 2>&1
192 sleep 1
197 if [ "$VERBOSE" = "1" ]; then
198 echo "COMMAND: ${NSA_CMD} sysctl -q -w net.ipv4.ping_group_range='0 2147483647'"
201 ${NSA_CMD} sysctl -q -w net.ipv4.ping_group_range='0 2147483647'
209 if [ "$VERBOSE" = "1" ]; then
213 out=$($cmd 2>&1)
215 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
244 if [ $rc -ne 0 ]; then
266 if [ $rc -ne 0 ]; then
288 if [ $rc -ne 0 ]; then
303 # set sysctl values in NS-A
308 run_cmd sysctl -q -w $*
311 # get sysctl values in NS-A
314 ${NSA_CMD} sysctl -n $*
322 case "$1" in
324 ::1) echo "IPv6 loopback";;
329 ${NSA_IP}) echo "ns-A IP";;
330 ${NSA_IP6}) echo "ns-A IPv6";;
331 ${NSA_LO_IP}) echo "ns-A loopback IP";;
332 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
333 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
335 ${NSB_IP}) echo "ns-B IP";;
336 ${NSB_IP6}) echo "ns-B IPv6";;
337 ${NSB_LO_IP}) echo "ns-B loopback IP";;
338 ${NSB_LO_IP6}) echo "ns-B loopback IPv6";;
339 ${NSB_LINKIP6}|${NSB_LINKIP6}%*) echo "ns-B IPv6 LLA";;
355 local ns=$1
359 addr=$(ip -netns ${ns} -6 -br addr show dev ${dev} | \
369 [ -z "$addr" ] && return 1
381 local ns=$1
387 ip -netns ${ns} link add ${vrf} type vrf table ${table}
388 ip -netns ${ns} link set ${vrf} up
389 ip -netns ${ns} route add vrf ${vrf} unreachable default metric 8192
390 ip -netns ${ns} -6 route add vrf ${vrf} unreachable default metric 8192
392 ip -netns ${ns} addr add 127.0.0.1/8 dev ${vrf}
393 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
394 if [ "${addr}" != "-" ]; then
395 ip -netns ${ns} addr add dev ${vrf} ${addr}
397 if [ "${addr6}" != "-" ]; then
398 ip -netns ${ns} -6 addr add dev ${vrf} ${addr6}
401 ip -netns ${ns} ru del pref 0
402 ip -netns ${ns} ru add pref 32765 from all lookup local
403 ip -netns ${ns} -6 ru del pref 0
404 ip -netns ${ns} -6 ru add pref 32765 from all lookup local
409 local ns=$1
413 if [ "${addr}" != "-" ]; then
414 ip -netns ${ns} addr add dev lo ${addr}
416 if [ "${addr6}" != "-" ]; then
417 ip -netns ${ns} -6 addr add dev lo ${addr6}
420 ip -netns ${ns} ro add unreachable default metric 8192
421 ip -netns ${ns} -6 ro add unreachable default metric 8192
423 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
424 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
425 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
426 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
432 local ns1=$1
437 local ns2_dev=$6
441 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp
442 ip -netns ${ns1} li set ${ns1_dev} up
443 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev}
444 ip -netns ${ns2} li set ${ns2_dev} up
446 if [ "${ns1_addr}" != "-" ]; then
447 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr}
448 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr}
451 if [ "${ns1_addr6}" != "-" ]; then
452 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6}
453 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6}
460 ip netns | grep -q ${NSA}
461 if [ $? -eq 0 ]; then
462 ip -netns ${NSA} link delete ${VRF}
463 ip -netns ${NSA} ro flush table ${VRF_TABLE}
465 ip -netns ${NSA} addr flush dev ${NSA_DEV}
466 ip -netns ${NSA} -6 addr flush dev ${NSA_DEV}
467 ip -netns ${NSA} link set dev ${NSA_DEV} down
468 ip -netns ${NSA} link del dev ${NSA_DEV}
481 ip link del ${NSA_DEV2} >/dev/null 2>&1
483 ip netns del ${NSC} >/dev/null 2>&1
488 # some VRF tests use ns-C which has the same config as
489 # ns-B but for a device NOT in the VRF
492 create_ns ${NSC} "-" "-"
499 local with_vrf=${1}
506 set -e
520 # tell ns-A how to get to remote addresses of ns-B
524 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
525 ip -netns ${NSA} ro add vrf ${VRF} ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
526 ip -netns ${NSA} -6 ro add vrf ${VRF} ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
528 ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
529 ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
531 ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
532 ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
536 # tell ns-B how to get to remote addresses of ns-A
537 ip -netns ${NSB} ro add ${NSA_LO_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
538 ip -netns ${NSB} ro add ${NSA_LO_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
542 sleep 1
552 set -e
558 create_ns ${NSA} "-" "-"
559 create_ns ${NSB} "-" "-"
560 create_ns ${NSC} "-" "-"
561 connect_ns ${NSA} ${NSA_DEV} "-" "-" \
562 ${NSB} ${NSB_DEV} "-" "-"
563 connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
564 ${NSC} ${NSC_DEV} "-" "-"
570 create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
571 ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
572 ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
576 sleep 1
592 run_cmd ping -c1 -w1 ${a}
596 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
600 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
609 run_cmd ping -c 1 -w 1 -r ${a}
615 run_cmd ping -c 1 -w 1 -r ${a}
616 log_test_addr ${a} $? 1 "ping out (don't route), peer not on link"
624 run_cmd_nsb ping -c1 -w1 ${a}
634 run_cmd ping -c1 -w1 ${a}
644 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
654 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
655 log_test_addr ${a} $? 1 "ping local, device bind"
668 run_cmd ping -c1 -w1 ${a}
674 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
679 run_cmd_nsb ping -c1 -w1 ${a}
680 log_test_addr ${a} $? 1 "ping in, blocked by rule"
682 [ "$VERBOSE" = "1" ] && echo
696 run_cmd ping -c1 -w1 ${a}
702 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
707 run_cmd_nsb ping -c1 -w1 ${a}
708 log_test_addr ${a} $? 1 "ping in, blocked by route"
717 run_cmd ping -c1 -w1 ${a}
723 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
731 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
739 run_cmd ping -c1 -w1 -I ${VRF} ${a}
743 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
747 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
751 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
761 run_cmd_nsb ping -c1 -w1 ${a}
772 run_cmd ping -c1 -w1 -I ${VRF} ${a}
782 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
790 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
802 run_cmd ping -c1 -w1 -I ${VRF} ${a}
806 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
812 run_cmd_nsb ping -c1 -w1 ${a}
813 log_test_addr ${a} $? 1 "ping in, blocked by rule"
815 [ "$VERBOSE" = "1" ] && echo
826 run_cmd ping -c1 -w1 -I ${VRF} ${a}
830 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
836 run_cmd_nsb ping -c1 -w1 ${a}
837 log_test_addr ${a} $? 1 "ping in, unreachable route"
849 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
877 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
878 sleep 1
879 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
885 run_cmd nettest -s &
886 sleep 1
887 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
893 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
894 sleep 1
895 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
901 run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
902 sleep 1
903 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
907 # MD5 extension - prefix length
912 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
913 sleep 1
914 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
920 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
921 sleep 1
922 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
928 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
929 sleep 1
930 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
945 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
946 sleep 1
947 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
953 run_cmd nettest -s -I ${VRF} &
954 sleep 1
955 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
961 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
962 sleep 1
963 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
969 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
970 sleep 1
971 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
975 # MD5 extension - prefix length
980 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
981 sleep 1
982 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
988 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
989 sleep 1
990 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
996 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
997 sleep 1
998 run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
1006 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1007 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1008 sleep 1
1009 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1013 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1014 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1015 sleep 1
1016 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1021 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1022 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1023 sleep 1
1024 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1029 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
1030 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
1031 sleep 1
1032 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1036 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1037 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1038 sleep 1
1039 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1043 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1044 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1045 sleep 1
1046 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1051 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1052 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1053 sleep 1
1054 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1059 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
1060 run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
1061 sleep 1
1062 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
1069 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
1070 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1073 run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
1074 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1084 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1085 sleep 1
1086 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1087 log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
1091 run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1092 sleep 1
1093 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1094 log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
1099 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1102 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1105 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1106 sleep 1
1107 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1111 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
1112 sleep 1
1113 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1114 log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
1117 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1118 sleep 1
1119 run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
1123 run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
1124 sleep 1
1125 run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
1126 log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
1134 local syncookies=$1
1145 nsa_syncookies=$(ip netns exec "${NSA}" sysctl -n net.ipv4.tcp_syncookies)
1146 nsb_syncookies=$(ip netns exec "${NSB}" sysctl -n net.ipv4.tcp_syncookies)
1147 ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
1148 ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
1154 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1159 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute
1165 # Therefore, we need to use the -c option here, to force the use of the
1172 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute
1173 log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}"
1178 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute
1181 ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${nsb_syncookies}
1182 ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${nsa_syncookies}
1195 run_cmd nettest -s &
1196 sleep 1
1197 run_cmd_nsb nettest -r ${a}
1203 run_cmd nettest -s -I ${NSA_DEV} &
1204 sleep 1
1205 run_cmd_nsb nettest -r ${a}
1213 run_cmd_nsb nettest -r ${a}
1214 log_test_addr ${a} $? 1 "No server"
1223 run_cmd_nsb nettest -s &
1224 sleep 1
1225 run_cmd nettest -r ${a} -0 ${NSA_IP}
1229 run_cmd_nsb nettest -s &
1230 sleep 1
1231 run_cmd nettest -r ${a} -d ${NSA_DEV}
1236 run_cmd nettest -r ${a}
1237 log_test_addr ${a} $? 1 "No server, unbound client"
1241 run_cmd nettest -r ${a} -d ${NSA_DEV}
1242 log_test_addr ${a} $? 1 "No server, device client"
1251 run_cmd nettest -s &
1252 sleep 1
1253 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1259 run_cmd nettest -s -I ${NSA_DEV} &
1260 sleep 1
1261 run_cmd nettest -r ${a} -0 ${a}
1268 run_cmd nettest -s -I ${NSA_DEV} &
1269 sleep 1
1270 run_cmd nettest -r ${a}
1271 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1276 run_cmd nettest -s &
1277 sleep 1
1278 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1285 run_cmd nettest -s &
1286 sleep 1
1287 run_cmd nettest -r ${a} -d ${NSA_DEV}
1288 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1293 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1294 sleep 1
1295 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1300 run_cmd nettest -d ${NSA_DEV} -r ${a}
1301 log_test_addr ${a} $? 1 "No server, device client, local conn"
1303 [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf
1325 run_cmd nettest -s &
1326 sleep 1
1327 run_cmd_nsb nettest -r ${a}
1328 log_test_addr ${a} $? 1 "Global server"
1331 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1332 sleep 1
1333 run_cmd_nsb nettest -r ${a}
1337 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1338 sleep 1
1339 run_cmd_nsb nettest -r ${a}
1345 run_cmd_nsb nettest -r ${a}
1346 log_test_addr ${a} $? 1 "No server"
1354 run_cmd nettest -s &
1355 sleep 1
1356 run_cmd nettest -r ${a} -d ${NSA_DEV}
1357 log_test_addr ${a} $? 1 "Global server, local connection"
1370 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1376 run_cmd nettest -s -3 ${VRF} &
1377 sleep 1
1378 run_cmd_nsb nettest -r ${a}
1383 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1384 sleep 1
1385 run_cmd_nsb nettest -r ${a}
1391 run_cmd_nsb nettest -r ${a}
1392 log_test_addr ${a} $? 1 "No server"
1398 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1399 sleep 1
1400 run_cmd_nsb nettest -r ${a}
1408 run_cmd nettest -s -I ${VRF} &
1409 sleep 1
1410 run_cmd nettest -r ${a}
1411 log_test_addr ${a} $? 1 "Global server, local connection"
1420 run_cmd_nsb nettest -s &
1421 sleep 1
1422 run_cmd nettest -r ${a} -d ${VRF}
1426 run_cmd_nsb nettest -s &
1427 sleep 1
1428 run_cmd nettest -r ${a} -d ${NSA_DEV}
1433 run_cmd nettest -r ${a} -d ${VRF}
1434 log_test_addr ${a} $? 1 "No server, VRF client"
1438 run_cmd nettest -r ${a} -d ${NSA_DEV}
1439 log_test_addr ${a} $? 1 "No server, device client"
1445 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1446 sleep 1
1447 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1453 run_cmd nettest -s -I ${VRF} -3 ${VRF} &
1454 sleep 1
1455 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1460 run_cmd nettest -s -I ${VRF} &
1461 sleep 1
1462 run_cmd nettest -r ${a}
1463 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1466 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1467 sleep 1
1468 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1472 run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1473 sleep 1
1474 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1490 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1511 run_cmd nettest -D -s -3 ${NSA_DEV} &
1512 sleep 1
1513 run_cmd_nsb nettest -D -r ${a}
1518 run_cmd_nsb nettest -D -r ${a}
1519 log_test_addr ${a} $? 1 "No server"
1524 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1525 sleep 1
1526 run_cmd_nsb nettest -D -r ${a}
1535 run_cmd_nsb nettest -D -s &
1536 sleep 1
1537 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1541 run_cmd_nsb nettest -D -s &
1542 sleep 1
1543 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1547 run_cmd_nsb nettest -D -s &
1548 sleep 1
1549 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1553 run_cmd_nsb nettest -D -s &
1554 sleep 1
1555 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1559 run_cmd_nsb nettest -D -s &
1560 sleep 1
1561 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
1567 run_cmd nettest -D -r ${a}
1568 log_test_addr ${a} $? 1 "No server, unbound client"
1572 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1573 log_test_addr ${a} $? 1 "No server, device client"
1582 run_cmd nettest -D -s &
1583 sleep 1
1584 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1590 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1591 sleep 1
1592 run_cmd nettest -D -r ${a}
1599 run_cmd nettest -s -D -I ${NSA_DEV} &
1600 sleep 1
1601 run_cmd nettest -D -r ${a}
1602 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1607 run_cmd nettest -s -D &
1608 sleep 1
1609 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1613 run_cmd nettest -s -D &
1614 sleep 1
1615 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1619 run_cmd nettest -s -D &
1620 sleep 1
1621 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1625 run_cmd nettest -s -D &
1626 sleep 1
1627 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
1631 # IPv4 with device bind has really weird behavior - it overrides the
1638 run_cmd nettest -D -s &
1639 sleep 1
1640 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1645 run_cmd nettest -D -s &
1646 sleep 1
1647 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1648 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1652 run_cmd nettest -D -s &
1653 sleep 1
1654 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1655 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1659 run_cmd nettest -D -s &
1660 sleep 1
1661 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
1662 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1669 run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
1670 sleep 1
1671 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1675 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1686 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1692 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1693 log_test_addr ${a} $? 1 "SO_DONTROUTE client"
1711 run_cmd nettest -D -s &
1712 sleep 1
1713 run_cmd_nsb nettest -D -r ${a}
1714 log_test_addr ${a} $? 1 "Global server"
1717 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1718 sleep 1
1719 run_cmd_nsb nettest -D -r ${a}
1723 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1724 sleep 1
1725 run_cmd_nsb nettest -D -r ${a}
1730 run_cmd_nsb nettest -D -r ${a}
1731 log_test_addr ${a} $? 1 "No server"
1735 run_cmd nettest -D -s &
1736 sleep 1
1737 run_cmd nettest -D -d ${VRF} -r ${a}
1738 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1743 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1744 sleep 1
1745 run_cmd nettest -D -d ${VRF} -r ${a}
1749 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1750 sleep 1
1751 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1756 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1757 sleep 1
1758 run_cmd nettest -D -d ${VRF} -r ${a}
1762 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1763 sleep 1
1764 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1769 set_sysctl net.ipv4.udp_l3mdev_accept=1
1777 run_cmd nettest -D -s -3 ${NSA_DEV} &
1778 sleep 1
1779 run_cmd_nsb nettest -D -r ${a}
1783 run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
1784 sleep 1
1785 run_cmd_nsb nettest -D -r ${a}
1789 run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
1790 sleep 1
1791 run_cmd_nsb nettest -D -r ${a}
1796 run_cmd_nsb nettest -D -r ${a}
1797 log_test_addr ${a} $? 1 "No server"
1804 run_cmd_nsb nettest -D -s &
1805 sleep 1
1806 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1810 run_cmd_nsb nettest -D -s &
1811 sleep 1
1812 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1815 # negative test - should fail
1818 run_cmd nettest -D -d ${VRF} -r ${NSB_IP}
1819 log_test $? 1 "No server, VRF client"
1823 run_cmd nettest -D -d ${NSA_DEV} -r ${NSB_IP}
1824 log_test $? 1 "No server, enslaved device client"
1831 run_cmd nettest -D -s -3 ${NSA_DEV} &
1832 sleep 1
1833 run_cmd nettest -D -d ${VRF} -r ${a}
1837 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1838 sleep 1
1839 run_cmd nettest -D -d ${VRF} -r ${a}
1843 run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
1844 sleep 1
1845 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1849 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1850 sleep 1
1851 run_cmd nettest -D -d ${VRF} -r ${a}
1855 run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
1856 sleep 1
1857 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1863 run_cmd nettest -D -s -3 ${VRF} &
1864 sleep 1
1865 run_cmd nettest -D -d ${VRF} -r ${a}
1872 run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
1873 sleep 1
1874 run_cmd nettest -D -d ${VRF} -r ${a}
1878 # negative test - should fail
1884 run_cmd nettest -D -d ${VRF} -r ${a}
1885 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1902 set_sysctl net.ipv4.udp_l3mdev_accept=1
1923 run_cmd nettest -s -R -P icmp -l ${a} -b
1927 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1936 run_cmd nettest -s -R -f -l ${a} -b
1940 run_cmd nettest -s -f -l ${a} -b
1944 run_cmd nettest -s -D -P icmp -f -l ${a} -b
1952 run_cmd nettest -s -D -P icmp -l ${a} -b
1953 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
1957 run_cmd nettest -s -D -P icmp -l ${a} -b
1958 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
1965 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1969 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1979 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1980 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1992 run_cmd nettest -s -R -P icmp -l ${a} -b
1993 log_test_addr ${a} $? 1 "Raw socket bind to local address"
1996 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1999 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
2006 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
2007 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
2014 run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
2018 run_cmd nettest -s -f -l ${a} -I ${VRF} -b
2022 run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
2030 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2031 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
2035 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2036 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
2044 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2048 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2055 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2056 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
2060 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2061 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
2084 local desc="$1"
2095 run_cmd nettest ${varg} -s &
2096 sleep 1
2097 run_cmd_nsb nettest ${varg} -r ${a} &
2100 sleep 1
2109 run_cmd nettest ${varg} -s -I ${VRF} &
2110 sleep 1
2111 run_cmd_nsb nettest ${varg} -r ${a} &
2114 sleep 1
2122 run_cmd nettest ${varg} -s -I ${NSA_DEV} &
2123 sleep 1
2124 run_cmd_nsb nettest ${varg} -r ${a} &
2127 sleep 1
2136 run_cmd_nsb nettest ${varg} -s &
2137 sleep 1
2138 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
2141 sleep 1
2147 run_cmd_nsb nettest ${varg} -s &
2148 sleep 1
2149 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
2152 sleep 1
2163 run_cmd nettest ${varg} -s &
2164 sleep 1
2165 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2168 sleep 1
2177 run_cmd nettest ${varg} -I ${VRF} -s &
2178 sleep 1
2179 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2182 sleep 1
2191 run_cmd nettest ${varg} -s &
2192 sleep 1
2193 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2196 sleep 1
2202 run_cmd nettest ${varg} -I ${VRF} -s &
2203 sleep 1
2204 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2207 sleep 1
2213 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
2214 sleep 1
2215 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2218 sleep 1
2230 run_cmd_nsb ping -f ${a} &
2233 sleep 1
2234 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2241 run_cmd ping -f -I ${VRF} ${a} &
2244 sleep 1
2245 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2250 log_section "Run time tests - ipv4"
2256 ipv4_rt "TCP active socket" "-n -1"
2259 ipv4_rt "TCP passive socket" "-i"
2278 run_cmd ${ping6} -c1 -w1 ${a}
2285 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2289 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2299 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2306 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2309 run_cmd ${ping6} -c1 -w1 ${a}
2316 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2320 for a in ${NSA_LO_IP6} ::1
2324 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2332 setup_cmd ip -6 rule add pref 32765 from all lookup local
2333 setup_cmd ip -6 rule del pref 0 from all lookup local
2334 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2335 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2338 run_cmd ${ping6} -c1 -w1 ${a}
2342 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2348 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2349 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2351 setup_cmd ip -6 rule add pref 0 from all lookup local
2352 setup_cmd ip -6 rule del pref 32765 from all lookup local
2353 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2354 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2360 setup_cmd ip -6 route del ${NSB_LO_IP6}
2361 setup_cmd ip -6 route add unreachable ${NSB_LO_IP6} metric 10
2362 setup_cmd ip -6 route add unreachable ${NSB_IP6} metric 10
2365 run_cmd ${ping6} -c1 -w1 ${a}
2369 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2375 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2376 log_test_addr ${a} $? 1 "ping in, blocked by route"
2383 setup_cmd ip -6 ro del unreachable ${NSB_LO_IP6}
2384 setup_cmd ip -6 ro del unreachable ${NSB_IP6}
2387 run_cmd ${ping6} -c1 -w1 ${a}
2391 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2400 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2408 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2416 run_cmd ${ping6} -c1 -w1 ${a}
2417 log_test_addr ${a} $? 1 "ping out, VRF bind"
2423 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2430 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2440 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2447 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2448 log_test_addr ${a} $? 1 "ping in"
2453 for a in ${NSA_IP6} ${VRF_IP6} ::1
2457 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2464 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2468 # LLA to GUA - remove ipv6 global addresses from ns-B
2469 setup_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
2470 setup_cmd_nsb ip -6 addr del ${NSB_LO_IP6}/128 dev lo
2471 setup_cmd_nsb ip -6 ro add ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2476 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
2480 setup_cmd_nsb ip -6 ro del ${NSA_IP6}/128 via ${NSA_LINKIP6} dev ${NSB_DEV}
2481 setup_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV}
2482 setup_cmd_nsb ip -6 addr add ${NSB_LO_IP6}/128 dev lo
2488 setup_cmd ip -6 rule add pref 50 to ${NSB_LO_IP6} prohibit
2489 setup_cmd ip -6 rule add pref 51 from ${NSB_IP6} prohibit
2492 run_cmd ${ping6} -c1 -w1 ${a}
2496 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2502 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2503 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2506 setup_cmd ip -6 rule del pref 50 to ${NSB_LO_IP6} prohibit
2507 setup_cmd ip -6 rule del pref 51 from ${NSB_IP6} prohibit
2513 setup_cmd ip -6 ro del ${NSB_LO_IP6} vrf ${VRF}
2516 run_cmd ${ping6} -c1 -w1 ${a}
2520 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2523 ip -netns ${NSB} -6 ro del ${NSA_LO_IP6}
2526 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2563 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2564 sleep 1
2565 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2571 run_cmd nettest -6 -s &
2572 sleep 1
2573 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2579 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
2580 sleep 1
2581 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2587 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
2588 sleep 1
2589 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2593 # MD5 extension - prefix length
2598 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2599 sleep 1
2600 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2606 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2607 sleep 1
2608 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2614 run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
2615 sleep 1
2616 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2631 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2632 sleep 1
2633 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2639 run_cmd nettest -6 -s -I ${VRF} &
2640 sleep 1
2641 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2647 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2648 sleep 1
2649 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2655 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
2656 sleep 1
2657 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2661 # MD5 extension - prefix length
2666 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2667 sleep 1
2668 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2674 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2675 sleep 1
2676 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2682 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2683 sleep 1
2684 run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
2692 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2693 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2694 sleep 1
2695 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2699 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2700 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2701 sleep 1
2702 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2707 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2708 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2709 sleep 1
2710 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2715 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
2716 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
2717 sleep 1
2718 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2722 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2723 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2724 sleep 1
2725 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2729 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2730 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2731 sleep 1
2732 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2737 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2738 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2739 sleep 1
2740 run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
2745 run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
2746 run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
2747 sleep 1
2748 run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
2755 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
2756 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2759 run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
2760 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2774 run_cmd nettest -6 -s &
2775 sleep 1
2776 run_cmd_nsb nettest -6 -r ${a}
2785 run_cmd_nsb nettest -6 -r ${a}
2786 log_test_addr ${a} $? 1 "No server"
2795 run_cmd_nsb nettest -6 -s &
2796 sleep 1
2797 run_cmd nettest -6 -r ${a}
2804 run_cmd_nsb nettest -6 -s &
2805 sleep 1
2806 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2814 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2815 log_test_addr ${a} $? 1 "No server, device client"
2821 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2824 run_cmd nettest -6 -s &
2825 sleep 1
2826 run_cmd nettest -6 -r ${a}
2832 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2833 sleep 1
2834 run_cmd nettest -6 -r ${a} -0 ${a}
2837 for a in ${NSA_LO_IP6} ::1
2841 run_cmd nettest -6 -s -I ${NSA_DEV} &
2842 sleep 1
2843 run_cmd nettest -6 -r ${a}
2844 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2849 run_cmd nettest -6 -s &
2850 sleep 1
2851 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2854 for a in ${NSA_LO_IP6} ::1
2858 run_cmd nettest -6 -s &
2859 sleep 1
2860 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2861 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2867 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2868 sleep 1
2869 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2877 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2878 log_test_addr ${a} $? 1 "No server, device client, local conn"
2881 [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf
2900 run_cmd nettest -6 -s &
2901 sleep 1
2902 run_cmd_nsb nettest -6 -r ${a}
2903 log_test_addr ${a} $? 1 "Global server"
2909 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2910 sleep 1
2911 run_cmd_nsb nettest -6 -r ${a}
2918 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2919 sleep 1
2920 run_cmd_nsb nettest -6 -r ${a}
2926 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2927 sleep 1
2928 run_cmd_nsb nettest -6 -r ${a}
2937 run_cmd_nsb nettest -6 -r ${a}
2938 log_test_addr ${a} $? 1 "No server"
2945 run_cmd nettest -6 -s &
2946 sleep 1
2947 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2948 log_test_addr ${a} $? 1 "Global server, local connection"
2961 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2966 run_cmd nettest -6 -s -3 ${VRF} &
2967 sleep 1
2968 run_cmd_nsb nettest -6 -r ${a}
2975 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
2976 sleep 1
2977 run_cmd_nsb nettest -6 -r ${a}
2984 run_cmd nettest -6 -s -3 ${NSA_DEV} &
2985 sleep 1
2986 run_cmd_nsb nettest -6 -r ${a}
2990 run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
2991 sleep 1
2992 run_cmd_nsb nettest -6 -r ${a}
2998 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
2999 sleep 1
3000 run_cmd_nsb nettest -6 -r ${a}
3009 run_cmd_nsb nettest -6 -r ${a}
3010 log_test_addr ${a} $? 1 "No server"
3018 run_cmd nettest -6 -s -I ${VRF} &
3019 sleep 1
3020 run_cmd nettest -6 -r ${a}
3021 log_test_addr ${a} $? 1 "Global server, local connection"
3031 run_cmd_nsb nettest -6 -s &
3032 sleep 1
3033 run_cmd nettest -6 -r ${a} -d ${VRF}
3040 run_cmd_nsb nettest -6 -s &
3041 sleep 1
3042 run_cmd nettest -6 -r ${a} -d ${VRF}
3043 log_test_addr ${a} $? 1 "Client, VRF bind"
3048 run_cmd_nsb nettest -6 -s &
3049 sleep 1
3050 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3058 run_cmd nettest -6 -r ${a} -d ${VRF}
3059 log_test_addr ${a} $? 1 "No server, VRF client"
3066 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3067 log_test_addr ${a} $? 1 "No server, device client"
3070 for a in ${NSA_IP6} ${VRF_IP6} ::1
3073 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
3074 sleep 1
3075 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3081 run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
3082 sleep 1
3083 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3089 run_cmd nettest -6 -s -I ${VRF} &
3090 sleep 1
3091 run_cmd nettest -6 -r ${a}
3092 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
3095 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3096 sleep 1
3097 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3103 run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3104 sleep 1
3105 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3122 set_sysctl net.ipv4.tcp_l3mdev_accept=1
3143 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3144 sleep 1
3145 run_cmd_nsb nettest -6 -D -r ${a}
3149 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3150 sleep 1
3151 run_cmd_nsb nettest -6 -D -r ${a}
3157 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3158 sleep 1
3159 run_cmd_nsb nettest -6 -D -r ${a}
3163 # bound server, but it does not - hence this is more documenting
3167 #run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3168 #sleep 1
3169 #run_cmd_nsb nettest -6 -D -r ${a}
3170 #log_test_addr ${a} $? 1 "Device server"
3172 # negative test - should fail
3177 run_cmd_nsb nettest -6 -D -r ${a}
3178 log_test_addr ${a} $? 1 "No server"
3187 run_cmd_nsb nettest -6 -D -s &
3188 sleep 1
3189 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
3193 run_cmd_nsb nettest -6 -D -s &
3194 sleep 1
3195 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
3199 run_cmd_nsb nettest -6 -D -s &
3200 sleep 1
3201 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
3205 run_cmd_nsb nettest -6 -D -s &
3206 sleep 1
3207 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
3212 run_cmd nettest -6 -D -r ${a}
3213 log_test_addr ${a} $? 1 "No server, unbound client"
3217 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3218 log_test_addr ${a} $? 1 "No server, device client"
3224 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
3227 run_cmd nettest -6 -D -s &
3228 sleep 1
3229 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3235 run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
3236 sleep 1
3237 run_cmd nettest -6 -D -r ${a}
3240 for a in ${NSA_LO_IP6} ::1
3244 run_cmd nettest -6 -s -D -I ${NSA_DEV} &
3245 sleep 1
3246 run_cmd nettest -6 -D -r ${a}
3247 log_test_addr ${a} $? 1 "Device server, local connection"
3252 run_cmd nettest -6 -s -D &
3253 sleep 1
3254 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3258 run_cmd nettest -6 -s -D &
3259 sleep 1
3260 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3264 run_cmd nettest -6 -s -D &
3265 sleep 1
3266 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3269 for a in ${NSA_LO_IP6} ::1
3273 run_cmd nettest -6 -D -s &
3274 sleep 1
3275 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3276 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3280 run_cmd nettest -6 -D -s &
3281 sleep 1
3282 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3283 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3287 run_cmd nettest -6 -D -s &
3288 sleep 1
3289 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3290 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3294 run_cmd nettest -6 -D -s &
3295 sleep 1
3296 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
3297 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
3302 run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
3303 sleep 1
3304 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3309 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3310 log_test_addr ${a} $? 1 "No server, device client, local conn"
3313 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3314 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3316 run_cmd nettest -6 -s -D &
3317 sleep 1
3318 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3319 log_test $? 0 "UDP in - LLA to GUA"
3321 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3322 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3340 run_cmd nettest -6 -D -s &
3341 sleep 1
3342 run_cmd_nsb nettest -6 -D -r ${a}
3343 log_test_addr ${a} $? 1 "Global server"
3349 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3350 sleep 1
3351 run_cmd_nsb nettest -6 -D -r ${a}
3358 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3359 sleep 1
3360 run_cmd_nsb nettest -6 -D -r ${a}
3364 # negative test - should fail
3369 run_cmd_nsb nettest -6 -D -r ${a}
3370 log_test_addr ${a} $? 1 "No server"
3380 run_cmd nettest -6 -D -s &
3381 sleep 1
3382 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3383 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3389 run_cmd nettest -6 -D -I ${VRF} -s &
3390 sleep 1
3391 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3398 run_cmd nettest -6 -D -s &
3399 sleep 1
3400 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3401 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3404 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3405 sleep 1
3406 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3410 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3411 sleep 1
3412 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3416 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3417 sleep 1
3418 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3423 set_sysctl net.ipv4.udp_l3mdev_accept=1
3431 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3432 sleep 1
3433 run_cmd_nsb nettest -6 -D -r ${a}
3440 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3441 sleep 1
3442 run_cmd_nsb nettest -6 -D -r ${a}
3449 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3450 sleep 1
3451 run_cmd_nsb nettest -6 -D -r ${a}
3455 # negative test - should fail
3459 run_cmd_nsb nettest -6 -D -r ${a}
3460 log_test_addr ${a} $? 1 "No server"
3467 run_cmd_nsb nettest -6 -D -s &
3468 sleep 1
3469 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3472 # negative test - should fail
3474 run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
3475 log_test $? 1 "No server, VRF client"
3478 run_cmd_nsb nettest -6 -D -s &
3479 sleep 1
3480 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3483 # negative test - should fail
3485 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
3486 log_test $? 1 "No server, enslaved device client"
3493 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3494 sleep 1
3495 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3499 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3500 sleep 1
3501 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3507 run_cmd nettest -6 -D -s -3 ${VRF} &
3508 sleep 1
3509 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3513 run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
3514 sleep 1
3515 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3518 # negative test - should fail
3522 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3523 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3529 run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
3530 sleep 1
3531 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3535 run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
3536 sleep 1
3537 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3541 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3542 sleep 1
3543 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3547 run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
3548 sleep 1
3549 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3553 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3554 log_test_addr ${a} $? 1 "No server, device client, local conn"
3559 run_cmd nettest -6 -D -s &
3560 sleep 1
3561 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3565 run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
3566 log_test $? 1 "No server, linklocal IP"
3570 run_cmd_nsb nettest -6 -D -s &
3571 sleep 1
3572 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3576 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
3577 log_test $? 1 "No server, device client, peer linklocal IP"
3581 run_cmd nettest -6 -D -s &
3582 sleep 1
3583 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3584 log_test $? 0 "Enslaved device client, local conn - linklocal IP"
3587 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
3588 log_test $? 1 "No server, device client, local conn - linklocal IP"
3591 run_cmd_nsb ip -6 addr del ${NSB_IP6}/64 dev ${NSB_DEV}
3592 run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
3594 run_cmd nettest -6 -s -D &
3595 sleep 1
3596 run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
3597 log_test $? 0 "UDP in - LLA to GUA"
3599 run_cmd_nsb ip -6 ro del ${NSA_IP6}/128 dev ${NSB_DEV}
3600 run_cmd_nsb ip -6 addr add ${NSB_IP6}/64 dev ${NSB_DEV} nodad
3606 set_sysctl net.ipv4.udp_early_demux=1
3618 set_sysctl net.ipv4.udp_l3mdev_accept=1
3637 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3641 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3650 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
3658 run_cmd nettest -6 -s -l ${a} -t1 -b
3662 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3671 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3683 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3687 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3694 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3695 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3702 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
3712 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3718 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3728 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3734 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3735 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3739 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3740 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3762 local desc="$1"
3763 local varg="-6 $2"
3773 run_cmd nettest ${varg} -s &
3774 sleep 1
3775 run_cmd_nsb nettest ${varg} -r ${a} &
3778 sleep 1
3787 run_cmd nettest ${varg} -I ${VRF} -s &
3788 sleep 1
3789 run_cmd_nsb nettest ${varg} -r ${a} &
3792 sleep 1
3801 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3802 sleep 1
3803 run_cmd_nsb nettest ${varg} -r ${a} &
3806 sleep 1
3816 run_cmd_nsb nettest ${varg} -s &
3817 sleep 1
3818 run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
3821 sleep 1
3827 run_cmd_nsb nettest ${varg} -s &
3828 sleep 1
3829 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
3832 sleep 1
3844 run_cmd nettest ${varg} -s &
3845 sleep 1
3846 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3849 sleep 1
3858 run_cmd nettest ${varg} -I ${VRF} -s &
3859 sleep 1
3860 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3863 sleep 1
3871 run_cmd nettest ${varg} -s &
3872 sleep 1
3873 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3876 sleep 1
3882 run_cmd nettest ${varg} -I ${VRF} -s &
3883 sleep 1
3884 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3887 sleep 1
3893 run_cmd nettest ${varg} -I ${NSA_DEV} -s &
3894 sleep 1
3895 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3898 sleep 1
3909 run_cmd_nsb ${ping6} -f ${a} &
3912 sleep 1
3913 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3918 run_cmd ${ping6} -f ${NSB_IP6} -I ${VRF} &
3919 sleep 1
3921 sleep 1
3922 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3927 log_section "Run time tests - ipv6"
3933 ipv6_rt "TCP active socket" "-n -1"
3936 ipv6_rt "TCP passive socket" "-i"
3939 ipv6_rt "UDP active socket" "-D -n -1"
3952 run_cmd nettest -s &
3953 sleep 1
3954 run_cmd_nsb nettest -r ${a}
3955 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3961 local stype="$1"
3965 [ "${stype}" = "UDP" ] && arg="-D"
3970 run_cmd nettest ${arg} -s &
3971 sleep 1
3972 run_cmd_nsb nettest ${arg} -r ${a}
3973 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3983 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3991 run_cmd iptables -F
3992 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3993 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3999 iptables -F
4009 run_cmd nettest -6 -s &
4010 sleep 1
4011 run_cmd_nsb nettest -6 -r ${a}
4012 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
4018 local stype="$1"
4022 [ "${stype}" = "UDP" ] && arg="$arg -D"
4027 run_cmd nettest -6 -s ${arg} &
4028 sleep 1
4029 run_cmd_nsb nettest -6 ${arg} -r ${a}
4030 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
4040 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
4047 run_cmd ip6tables -F
4048 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4049 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4055 ip6tables -F
4062 # ns-A device enslaved to bridge. Verify traffic with and without
4070 setup_cmd ip -6 addr del dev ${NSA_DEV} ${NSA_IP6}/64
4074 setup_cmd ip -6 addr add dev br0 ${NSA_IP6}/64 nodad
4085 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
4086 log_test $? 0 "Bridge into VRF - IPv4 ping out"
4089 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
4090 log_test $? 0 "Bridge into VRF - IPv6 ping out"
4093 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
4094 log_test $? 0 "Bridge into VRF - IPv4 ping in"
4097 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
4098 log_test $? 0 "Bridge into VRF - IPv6 ping in"
4101 if [ $? -eq 0 ]; then
4103 run_cmd ping -c1 -w1 -I br0 ${NSB_IP}
4104 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping out"
4107 run_cmd ${ping6} -c1 -w1 -I br0 ${NSB_IP6}
4108 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping out"
4111 run_cmd_nsb ping -c1 -w1 ${NSA_IP}
4112 log_test $? 0 "Bridge into VRF with br_netfilter - IPv4 ping in"
4115 run_cmd_nsb ${ping6} -c1 -w1 ${NSA_IP6}
4116 log_test $? 0 "Bridge into VRF with br_netfilter - IPv6 ping in"
4123 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
4127 setup_cmd_nsb ip -6 addr add dev vlan100 2001:db8:101::2/64 nodad
4129 sleep 1
4134 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
4135 log_test $? 0 "Bridge vlan into VRF - IPv4 ping out"
4138 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
4139 log_test $? 0 "Bridge vlan into VRF - IPv6 ping out"
4142 run_cmd_nsb ping -c1 -w1 172.16.101.1
4143 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4146 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4147 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4150 if [ $? -eq 0 ]; then
4152 run_cmd ping -c1 -w1 -I br0.100 172.16.101.2
4153 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv4 ping out"
4156 run_cmd ${ping6} -c1 -w1 -I br0.100 2001:db8:101::2
4157 log_test $? 0 "Bridge vlan into VRF with br_netfilter - IPv6 ping out"
4160 run_cmd_nsb ping -c1 -w1 172.16.101.1
4161 log_test $? 0 "Bridge vlan into VRF - IPv4 ping in"
4164 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4165 log_test $? 0 "Bridge vlan into VRF - IPv6 ping in"
4173 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
4178 # only want reply from ns-A
4179 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4180 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4183 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4184 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
4186 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4187 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
4189 # cycle/flap the first ns-A interface
4192 sleep 1
4195 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4196 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
4197 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4198 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
4200 # cycle/flap the second ns-A interface
4203 sleep 1
4206 run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
4207 log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
4208 run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
4209 log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
4212 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
4213 # established with ns-B.
4220 …run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4221 …run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4223 run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
4224 sleep 1
4225 run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
4228 run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
4229 sleep 1
4230 run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
4234 …run_cmd iptables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4235 …run_cmd ip6tables -t nat -D POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4257 -4 IPv4 tests only
4258 -6 IPv6 tests only
4259 -t <test> Test name/set to run
4260 -p Pause on fail
4261 -P Pause after each test
4262 -v Be verbose
4283 6) TESTS=ipv6;;
4287 v) VERBOSE=1;;
4289 *) usage; exit 1;;
4299 if [ -z "$TESTS" ]; then
4309 declare -i nfail=0
4310 declare -i nsuccess=0
4342 if [ $nfail -ne 0 ]; then
4343 exit 1 # KSFT_FAIL
4344 elif [ $nsuccess -eq 0 ]; then