Lines Matching +full:1 +full:a
8 # 1. icmp, tcp, udp and netfilter
16 # ns-A | ns-B
23 # ns-A:
24 # eth1: 172.16.1.1/24, 2001:db8:1::1/64
25 # lo: 127.0.0.1/8, ::1/128
26 # 172.16.2.1/32, 2001:db8:2::1/128
27 # red: 127.0.0.1/8, ::1/128
28 # 172.16.3.1/32, 2001:db8:3::1/128
31 # eth1: 172.16.1.2/24, 2001:db8:1::2/64
32 # lo2: 127.0.0.1/8, ::1/128
35 # ns-A to ns-C connection - only for VRF and same config
36 # as ns-A to ns-B
38 # server / client nomenclature relative to ns-A
60 NSA_IP6=2001:db8:1::1
61 NSB_IP6=2001:db8:1::2
62 VRF_IP6=2001:db8:3::1
63 NS_NET6=2001:db8:1::/120
67 NSA_LO_IP6=2001:db8:2::1
72 NL_IP6=2001:db8:4::1
81 MCAST=ff02::1
86 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
100 local rc=$1
105 [ "${VERBOSE}" = "1" ] && echo
108 nsuccess=$((nsuccess+1))
111 nfail=$((nfail+1))
118 [ "$ans" = "q" ] && exit 1
126 [ "$ans" = "q" ] && exit 1
134 local addr=$1
166 if [ "${VERBOSE}" = "1" ]; then
174 if [ "${VERBOSE}" = "1" ]; then
183 if [ "${VERBOSE}" = "1" ]; then
191 killall nettest ping ping6 >/dev/null 2>&1
192 sleep 1
197 if [ "$VERBOSE" = "1" ]; then
209 if [ "$VERBOSE" = "1" ]; then
213 out=$($cmd 2>&1)
215 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
253 read a
275 read a
297 read a
303 # set sysctl values in NS-A
311 # get sysctl values in NS-A
322 case "$1" in
324 ::1) echo "IPv6 loopback";;
329 ${NSA_IP}) echo "ns-A IP";;
330 ${NSA_IP6}) echo "ns-A IPv6";;
331 ${NSA_LO_IP}) echo "ns-A loopback IP";;
332 ${NSA_LO_IP6}) echo "ns-A loopback IPv6";;
333 ${NSA_LINKIP6}|${NSA_LINKIP6}%*) echo "ns-A IPv6 LLA";;
355 local ns=$1
369 [ -z "$addr" ] && return 1
381 local ns=$1
393 ip -netns ${ns} -6 addr add ::1 dev ${vrf} nodad
409 local ns=$1
423 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
424 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
425 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
426 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
432 local ns1=$1
481 ip link del ${NSA_DEV2} >/dev/null 2>&1
483 ip netns del ${NSC} >/dev/null 2>&1
489 # ns-B but for a device NOT in the VRF
499 local with_vrf=${1}
501 # make sure we are starting with a clean slate
520 # tell ns-A how to get to remote addresses of ns-B
536 # tell ns-B how to get to remote addresses of ns-A
542 sleep 1
547 # make sure we are starting with a clean slate
576 sleep 1
584 local a
589 for a in ${NSB_IP} ${NSB_LO_IP}
592 run_cmd ping -c1 -w1 ${a}
593 log_test_addr ${a} $? 0 "ping out"
596 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
597 log_test_addr ${a} $? 0 "ping out, device bind"
600 run_cmd ping -c1 -w1 -I ${NSA_LO_IP} ${a}
601 log_test_addr ${a} $? 0 "ping out, address bind"
607 a=${NSB_IP}
609 run_cmd ping -c 1 -w 1 -r ${a}
610 log_test_addr ${a} $? 0 "ping out (don't route), peer on link"
612 a=${NSB_LO_IP}
615 run_cmd ping -c 1 -w 1 -r ${a}
616 log_test_addr ${a} $? 1 "ping out (don't route), peer not on link"
621 for a in ${NSA_IP} ${NSA_LO_IP}
624 run_cmd_nsb ping -c1 -w1 ${a}
625 log_test_addr ${a} $? 0 "ping in"
631 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
634 run_cmd ping -c1 -w1 ${a}
635 log_test_addr ${a} $? 0 "ping local"
642 a=${NSA_IP}
644 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
645 log_test_addr ${a} $? 0 "ping local, device bind"
648 # fails in a really weird way though because ipv4 special cases
650 for a in ${NSA_LO_IP} 127.0.0.1
654 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
655 log_test_addr ${a} $? 1 "ping local, device bind"
667 a=${NSB_LO_IP}
668 run_cmd ping -c1 -w1 ${a}
669 log_test_addr ${a} $? 2 "ping out, blocked by rule"
672 # a viable rtable if the oif (e.g., bind to device) is set, so this
674 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
676 a=${NSA_LO_IP}
679 run_cmd_nsb ping -c1 -w1 ${a}
680 log_test_addr ${a} $? 1 "ping in, blocked by rule"
682 [ "$VERBOSE" = "1" ] && echo
695 a=${NSB_LO_IP}
696 run_cmd ping -c1 -w1 ${a}
697 log_test_addr ${a} $? 2 "ping out, blocked by route"
700 # a viable rtable if the oif (e.g., bind to device) is set, so this
701 # case succeeds despite not having a route for the address
702 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
704 a=${NSA_LO_IP}
707 run_cmd_nsb ping -c1 -w1 ${a}
708 log_test_addr ${a} $? 1 "ping in, blocked by route"
716 a=${NSB_LO_IP}
717 run_cmd ping -c1 -w1 ${a}
718 log_test_addr ${a} $? 2 "ping out, unreachable default route"
721 # a viable rtable if the oif (e.g., bind to device) is set, so this
722 # case succeeds despite not having a route for the address
723 # run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
728 local a
731 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
736 for a in ${NSB_IP} ${NSB_LO_IP}
739 run_cmd ping -c1 -w1 -I ${VRF} ${a}
740 log_test_addr ${a} $? 0 "ping out, VRF bind"
743 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
744 log_test_addr ${a} $? 0 "ping out, device bind"
747 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${NSA_IP} ${a}
748 log_test_addr ${a} $? 0 "ping out, vrf device + dev address bind"
751 run_cmd ip vrf exec ${VRF} ping -c1 -w1 -I ${VRF_IP} ${a}
752 log_test_addr ${a} $? 0 "ping out, vrf device + vrf address bind"
758 for a in ${NSA_IP} ${VRF_IP}
761 run_cmd_nsb ping -c1 -w1 ${a}
762 log_test_addr ${a} $? 0 "ping in"
768 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
771 show_hint "Source address should be ${a}"
772 run_cmd ping -c1 -w1 -I ${VRF} ${a}
773 log_test_addr ${a} $? 0 "ping local, VRF bind"
780 a=${NSA_IP}
782 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
783 log_test_addr ${a} $? 0 "ping local, device bind"
786 for a in ${VRF_IP} 127.0.0.1
790 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
791 log_test_addr ${a} $? 2 "ping local, device bind"
801 a=${NSB_LO_IP}
802 run_cmd ping -c1 -w1 -I ${VRF} ${a}
803 log_test_addr ${a} $? 2 "ping out, vrf bind, blocked by rule"
806 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
807 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
809 a=${NSA_LO_IP}
812 run_cmd_nsb ping -c1 -w1 ${a}
813 log_test_addr ${a} $? 1 "ping in, blocked by rule"
815 [ "$VERBOSE" = "1" ] && echo
825 a=${NSB_LO_IP}
826 run_cmd ping -c1 -w1 -I ${VRF} ${a}
827 log_test_addr ${a} $? 2 "ping out, vrf bind, unreachable route"
830 run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
831 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
833 a=${NSA_LO_IP}
836 run_cmd_nsb ping -c1 -w1 ${a}
837 log_test_addr ${a} $? 1 "ping in, unreachable route"
849 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
878 sleep 1
886 sleep 1
894 sleep 1
902 sleep 1
913 sleep 1
921 sleep 1
929 sleep 1
946 sleep 1
954 sleep 1
962 sleep 1
970 sleep 1
981 sleep 1
989 sleep 1
997 sleep 1
1002 # duplicate config between default VRF and a VRF
1008 sleep 1
1015 sleep 1
1023 sleep 1
1031 sleep 1
1038 sleep 1
1045 sleep 1
1053 sleep 1
1061 sleep 1
1070 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
1074 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
1085 sleep 1
1092 sleep 1
1099 # This particular test needs tcp_l3mdev_accept=1 for Global server to accept VRF connections
1102 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1106 sleep 1
1112 sleep 1
1118 sleep 1
1124 sleep 1
1134 local syncookies=$1
1137 local a
1142 # on link (doesn't need to be routed through a gateway).
1152 a=${NSB_IP}
1154 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1155 log_test_addr ${a} $? 0 "SO_DONTROUTE client, syncookies=${syncookies}"
1157 a=${NSB_IP}
1159 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute
1160 log_test_addr ${a} $? 0 "SO_DONTROUTE server, syncookies=${syncookies}"
1167 # to respond to a routed address and not a link local one).
1169 a=${NSB_LO_IP}
1172 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute
1173 log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}"
1175 a=${NSB_LO_IP}
1178 do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute
1179 log_test_addr ${a} $? 2 "SO_DONTROUTE server, syncookies=${syncookies}"
1187 local a
1192 for a in ${NSA_IP} ${NSA_LO_IP}
1196 sleep 1
1197 run_cmd_nsb nettest -r ${a}
1198 log_test_addr ${a} $? 0 "Global server"
1201 a=${NSA_IP}
1204 sleep 1
1205 run_cmd_nsb nettest -r ${a}
1206 log_test_addr ${a} $? 0 "Device server"
1209 for a in ${NSA_IP} ${NSA_LO_IP}
1213 run_cmd_nsb nettest -r ${a}
1214 log_test_addr ${a} $? 1 "No server"
1220 for a in ${NSB_IP} ${NSB_LO_IP}
1224 sleep 1
1225 run_cmd nettest -r ${a} -0 ${NSA_IP}
1226 log_test_addr ${a} $? 0 "Client"
1230 sleep 1
1231 run_cmd nettest -r ${a} -d ${NSA_DEV}
1232 log_test_addr ${a} $? 0 "Client, device bind"
1236 run_cmd nettest -r ${a}
1237 log_test_addr ${a} $? 1 "No server, unbound client"
1241 run_cmd nettest -r ${a} -d ${NSA_DEV}
1242 log_test_addr ${a} $? 1 "No server, device client"
1248 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1252 sleep 1
1253 run_cmd nettest -r ${a} -0 ${a} -1 ${a}
1254 log_test_addr ${a} $? 0 "Global server, local connection"
1257 a=${NSA_IP}
1260 sleep 1
1261 run_cmd nettest -r ${a} -0 ${a}
1262 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1264 for a in ${NSA_LO_IP} 127.0.0.1
1269 sleep 1
1270 run_cmd nettest -r ${a}
1271 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1274 a=${NSA_IP}
1277 sleep 1
1278 run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
1279 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1281 for a in ${NSA_LO_IP} 127.0.0.1
1286 sleep 1
1287 run_cmd nettest -r ${a} -d ${NSA_DEV}
1288 log_test_addr ${a} $? 1 "Global server, device client, local connection"
1291 a=${NSA_IP}
1294 sleep 1
1295 run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
1296 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1300 run_cmd nettest -d ${NSA_DEV} -r ${a}
1301 log_test_addr ${a} $? 1 "No server, device client, local conn"
1303 [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf
1311 local a
1321 for a in ${NSA_IP} ${VRF_IP}
1326 sleep 1
1327 run_cmd_nsb nettest -r ${a}
1328 log_test_addr ${a} $? 1 "Global server"
1332 sleep 1
1333 run_cmd_nsb nettest -r ${a}
1334 log_test_addr ${a} $? 0 "VRF server"
1338 sleep 1
1339 run_cmd_nsb nettest -r ${a}
1340 log_test_addr ${a} $? 0 "Device server"
1345 run_cmd_nsb nettest -r ${a}
1346 log_test_addr ${a} $? 1 "No server"
1351 a=${NSA_IP}
1355 sleep 1
1356 run_cmd nettest -r ${a} -d ${NSA_DEV}
1357 log_test_addr ${a} $? 1 "Global server, local connection"
1370 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1372 for a in ${NSA_IP} ${VRF_IP}
1377 sleep 1
1378 run_cmd_nsb nettest -r ${a}
1379 log_test_addr ${a} $? 0 "Global server"
1384 sleep 1
1385 run_cmd_nsb nettest -r ${a}
1386 log_test_addr ${a} $? 0 "VRF server"
1391 run_cmd_nsb nettest -r ${a}
1392 log_test_addr ${a} $? 1 "No server"
1395 a=${NSA_IP}
1399 sleep 1
1400 run_cmd_nsb nettest -r ${a}
1401 log_test_addr ${a} $? 0 "Device server"
1404 for a in ${NSA_IP} ${VRF_IP}
1409 sleep 1
1410 run_cmd nettest -r ${a}
1411 log_test_addr ${a} $? 1 "Global server, local connection"
1417 for a in ${NSB_IP} ${NSB_LO_IP}
1421 sleep 1
1422 run_cmd nettest -r ${a} -d ${VRF}
1423 log_test_addr ${a} $? 0 "Client, VRF bind"
1427 sleep 1
1428 run_cmd nettest -r ${a} -d ${NSA_DEV}
1429 log_test_addr ${a} $? 0 "Client, device bind"
1433 run_cmd nettest -r ${a} -d ${VRF}
1434 log_test_addr ${a} $? 1 "No server, VRF client"
1438 run_cmd nettest -r ${a} -d ${NSA_DEV}
1439 log_test_addr ${a} $? 1 "No server, device client"
1442 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1446 sleep 1
1447 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1448 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
1451 a=${NSA_IP}
1454 sleep 1
1455 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1456 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
1461 sleep 1
1462 run_cmd nettest -r ${a}
1463 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
1467 sleep 1
1468 run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
1469 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
1473 sleep 1
1474 run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
1475 log_test_addr ${a} $? 0 "Device server, device client, local connection"
1490 set_sysctl net.ipv4.tcp_l3mdev_accept=1
1503 local a
1508 for a in ${NSA_IP} ${NSA_LO_IP}
1512 sleep 1
1513 run_cmd_nsb nettest -D -r ${a}
1514 log_test_addr ${a} $? 0 "Global server"
1518 run_cmd_nsb nettest -D -r ${a}
1519 log_test_addr ${a} $? 1 "No server"
1522 a=${NSA_IP}
1525 sleep 1
1526 run_cmd_nsb nettest -D -r ${a}
1527 log_test_addr ${a} $? 0 "Device server"
1532 for a in ${NSB_IP} ${NSB_LO_IP}
1536 sleep 1
1537 run_cmd nettest -D -r ${a} -0 ${NSA_IP}
1538 log_test_addr ${a} $? 0 "Client"
1542 sleep 1
1543 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
1544 log_test_addr ${a} $? 0 "Client, device bind"
1548 sleep 1
1549 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
1550 log_test_addr ${a} $? 0 "Client, device send via cmsg"
1554 sleep 1
1555 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
1556 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
1560 sleep 1
1561 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
1562 log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF, with connect()"
1567 run_cmd nettest -D -r ${a}
1568 log_test_addr ${a} $? 1 "No server, unbound client"
1572 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1573 log_test_addr ${a} $? 1 "No server, device client"
1579 for a in ${NSA_IP} ${NSA_LO_IP} 127.0.0.1
1583 sleep 1
1584 run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
1585 log_test_addr ${a} $? 0 "Global server, local connection"
1588 a=${NSA_IP}
1591 sleep 1
1592 run_cmd nettest -D -r ${a}
1593 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
1595 for a in ${NSA_LO_IP} 127.0.0.1
1600 sleep 1
1601 run_cmd nettest -D -r ${a}
1602 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
1605 a=${NSA_IP}
1608 sleep 1
1609 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1610 log_test_addr ${a} $? 0 "Global server, device client, local connection"
1614 sleep 1
1615 run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
1616 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
1620 sleep 1
1621 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
1622 log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
1626 sleep 1
1627 run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
1628 …log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1634 for a in ${NSA_LO_IP} 127.0.0.1
1639 sleep 1
1640 run_cmd nettest -D -r ${a} -d ${NSA_DEV}
1641 log_test_addr ${a} $? 2 "Global server, device client, local connection"
1646 sleep 1
1647 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
1648 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
1653 sleep 1
1654 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
1655 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
1660 sleep 1
1661 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
1662 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
1667 a=${NSA_IP}
1670 sleep 1
1671 run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
1672 log_test_addr ${a} $? 0 "Device server, device client, local conn"
1675 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1676 log_test_addr ${a} $? 2 "No server, device client, local conn"
1681 # on link (doesn't need to be routed through a gateway).
1684 a=${NSB_IP}
1686 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1687 log_test_addr ${a} $? 0 "SO_DONTROUTE client"
1689 a=${NSB_LO_IP}
1692 do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
1693 log_test_addr ${a} $? 1 "SO_DONTROUTE client"
1698 local a
1707 for a in ${NSA_IP} ${VRF_IP}
1710 show_hint "Fails because ingress is in a VRF and global server is disabled"
1712 sleep 1
1713 run_cmd_nsb nettest -D -r ${a}
1714 log_test_addr ${a} $? 1 "Global server"
1718 sleep 1
1719 run_cmd_nsb nettest -D -r ${a}
1720 log_test_addr ${a} $? 0 "VRF server"
1724 sleep 1
1725 run_cmd_nsb nettest -D -r ${a}
1726 log_test_addr ${a} $? 0 "Enslaved device server"
1730 run_cmd_nsb nettest -D -r ${a}
1731 log_test_addr ${a} $? 1 "No server"
1736 sleep 1
1737 run_cmd nettest -D -d ${VRF} -r ${a}
1738 log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
1741 a=${NSA_IP}
1744 sleep 1
1745 run_cmd nettest -D -d ${VRF} -r ${a}
1746 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1750 sleep 1
1751 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1752 log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
1754 a=${NSA_IP}
1757 sleep 1
1758 run_cmd nettest -D -d ${VRF} -r ${a}
1759 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1763 sleep 1
1764 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1765 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1769 set_sysctl net.ipv4.udp_l3mdev_accept=1
1774 for a in ${NSA_IP} ${VRF_IP}
1778 sleep 1
1779 run_cmd_nsb nettest -D -r ${a}
1780 log_test_addr ${a} $? 0 "Global server"
1784 sleep 1
1785 run_cmd_nsb nettest -D -r ${a}
1786 log_test_addr ${a} $? 0 "VRF server"
1790 sleep 1
1791 run_cmd_nsb nettest -D -r ${a}
1792 log_test_addr ${a} $? 0 "Enslaved device server"
1796 run_cmd_nsb nettest -D -r ${a}
1797 log_test_addr ${a} $? 1 "No server"
1805 sleep 1
1806 run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
1811 sleep 1
1812 run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
1819 log_test $? 1 "No server, VRF client"
1824 log_test $? 1 "No server, enslaved device client"
1829 a=${NSA_IP}
1832 sleep 1
1833 run_cmd nettest -D -d ${VRF} -r ${a}
1834 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1838 sleep 1
1839 run_cmd nettest -D -d ${VRF} -r ${a}
1840 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1844 sleep 1
1845 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1846 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
1850 sleep 1
1851 run_cmd nettest -D -d ${VRF} -r ${a}
1852 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
1856 sleep 1
1857 run_cmd nettest -D -d ${NSA_DEV} -r ${a}
1858 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
1860 for a in ${VRF_IP} 127.0.0.1
1864 sleep 1
1865 run_cmd nettest -D -d ${VRF} -r ${a}
1866 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
1869 for a in ${VRF_IP} 127.0.0.1
1873 sleep 1
1874 run_cmd nettest -D -d ${VRF} -r ${a}
1875 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
1880 for a in ${NSA_IP} ${VRF_IP} 127.0.0.1
1884 run_cmd nettest -D -d ${VRF} -r ${a}
1885 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
1902 set_sysctl net.ipv4.udp_l3mdev_accept=1
1920 for a in ${NSA_IP} ${NSA_LO_IP}
1923 run_cmd nettest -s -R -P icmp -l ${a} -b
1924 log_test_addr ${a} $? 0 "Raw socket bind to local address"
1927 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1928 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1934 a=${NL_IP}
1936 run_cmd nettest -s -R -f -l ${a} -b
1937 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
1940 run_cmd nettest -s -f -l ${a} -b
1941 log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address"
1944 run_cmd nettest -s -D -P icmp -f -l ${a} -b
1945 log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address"
1950 a=${BCAST_IP}
1952 run_cmd nettest -s -D -P icmp -l ${a} -b
1953 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
1955 a=${MCAST_IP}
1957 run_cmd nettest -s -D -P icmp -l ${a} -b
1958 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
1963 a=${NSA_IP}
1965 run_cmd nettest -c ${a} -r ${NSB_IP} -t1 -b
1966 log_test_addr ${a} $? 0 "TCP socket bind to local address"
1969 run_cmd nettest -c ${a} -r ${NSB_IP} -d ${NSA_DEV} -t1 -b
1970 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
1972 # Sadly, the kernel allows binding a socket to a device and then
1976 #a=${NSA_LO_IP}
1979 #run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
1980 #log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address"
1988 for a in ${NSA_IP} ${VRF_IP}
1992 run_cmd nettest -s -R -P icmp -l ${a} -b
1993 log_test_addr ${a} $? 1 "Raw socket bind to local address"
1996 run_cmd nettest -s -R -P icmp -l ${a} -I ${NSA_DEV} -b
1997 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
1999 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
2000 log_test_addr ${a} $? 0 "Raw socket bind to local address after VRF bind"
2003 a=${NSA_LO_IP}
2006 run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
2007 log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
2012 a=${NL_IP}
2014 run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
2015 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
2018 run_cmd nettest -s -f -l ${a} -I ${VRF} -b
2019 log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address after VRF bind"
2022 run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
2023 log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address after VRF bind"
2028 a=${BCAST_IP}
2030 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2031 log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
2033 a=${MCAST_IP}
2035 run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
2036 log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
2041 for a in ${NSA_IP} ${VRF_IP}
2044 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2045 log_test_addr ${a} $? 0 "TCP socket bind to local address"
2048 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2049 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
2052 a=${NSA_LO_IP}
2055 run_cmd nettest -s -l ${a} -I ${VRF} -t1 -b
2056 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
2060 run_cmd nettest -s -l ${a} -I ${NSA_DEV} -t1 -b
2061 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
2084 local desc="$1"
2087 local a
2092 for a in ${NSA_IP} ${VRF_IP}
2096 sleep 1
2097 run_cmd_nsb nettest ${varg} -r ${a} &
2100 sleep 1
2101 log_test_addr ${a} 0 0 "${desc}, global server"
2106 for a in ${NSA_IP} ${VRF_IP}
2110 sleep 1
2111 run_cmd_nsb nettest ${varg} -r ${a} &
2114 sleep 1
2115 log_test_addr ${a} 0 0 "${desc}, VRF server"
2120 a=${NSA_IP}
2123 sleep 1
2124 run_cmd_nsb nettest ${varg} -r ${a} &
2127 sleep 1
2128 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
2137 sleep 1
2141 sleep 1
2142 log_test_addr ${a} 0 0 "${desc}, VRF client"
2148 sleep 1
2152 sleep 1
2153 log_test_addr ${a} 0 0 "${desc}, enslaved device client"
2160 for a in ${NSA_IP} ${VRF_IP}
2164 sleep 1
2165 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2168 sleep 1
2169 log_test_addr ${a} 0 0 "${desc}, global server, VRF client, local"
2174 for a in ${NSA_IP} ${VRF_IP}
2178 sleep 1
2179 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
2182 sleep 1
2183 log_test_addr ${a} 0 0 "${desc}, VRF server and client, local"
2188 a=${NSA_IP}
2192 sleep 1
2193 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2196 sleep 1
2197 log_test_addr ${a} 0 0 "${desc}, global server, enslaved device client, local"
2203 sleep 1
2204 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2207 sleep 1
2208 log_test_addr ${a} 0 0 "${desc}, VRF server, enslaved device client, local"
2214 sleep 1
2215 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
2218 sleep 1
2219 log_test_addr ${a} 0 0 "${desc}, enslaved device server and client, local"
2225 local a
2227 for a in ${NSA_IP} ${VRF_IP}
2230 run_cmd_nsb ping -f ${a} &
2233 sleep 1
2234 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
2239 a=${NSB_IP}
2241 run_cmd ping -f -I ${VRF} ${a} &
2244 sleep 1
2245 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
2256 ipv4_rt "TCP active socket" "-n -1"
2267 local a
2269 # should not have an impact, but make a known state
2275 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2278 run_cmd ${ping6} -c1 -w1 ${a}
2279 log_test_addr ${a} $? 0 "ping out"
2282 for a in ${NSB_IP6} ${NSB_LO_IP6}
2285 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2286 log_test_addr ${a} $? 0 "ping out, device bind"
2289 run_cmd ${ping6} -c1 -w1 -I ${NSA_LO_IP6} ${a}
2290 log_test_addr ${a} $? 0 "ping out, loopback address bind"
2296 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2299 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2300 log_test_addr ${a} $? 0 "ping in"
2306 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1 ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2309 run_cmd ${ping6} -c1 -w1 ${a}
2310 log_test_addr ${a} $? 0 "ping local, no bind"
2313 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2316 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2317 log_test_addr ${a} $? 0 "ping local, device bind"
2320 for a in ${NSA_LO_IP6} ::1
2324 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2325 log_test_addr ${a} $? 2 "ping local, device bind"
2337 a=${NSB_LO_IP6}
2338 run_cmd ${ping6} -c1 -w1 ${a}
2339 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2342 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2343 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2345 a=${NSA_LO_IP6}
2348 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2349 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2364 a=${NSB_LO_IP6}
2365 run_cmd ${ping6} -c1 -w1 ${a}
2366 log_test_addr ${a} $? 2 "ping out, blocked by route"
2369 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2370 log_test_addr ${a} $? 2 "ping out, device bind, blocked by route"
2372 a=${NSA_LO_IP6}
2375 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2376 log_test_addr ${a} $? 1 "ping in, blocked by route"
2386 a=${NSB_LO_IP6}
2387 run_cmd ${ping6} -c1 -w1 ${a}
2388 log_test_addr ${a} $? 2 "ping out, unreachable route"
2391 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2392 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2397 local a
2400 set_sysctl net.ipv4.raw_l3mdev_accept=1 2>/dev/null
2405 for a in ${NSB_IP6} ${NSB_LO_IP6}
2408 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2409 log_test_addr ${a} $? 0 "ping out, VRF bind"
2412 for a in ${NSB_LINKIP6}%${VRF} ${MCAST}%${VRF}
2416 run_cmd ${ping6} -c1 -w1 ${a}
2417 log_test_addr ${a} $? 1 "ping out, VRF bind"
2420 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2423 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2424 log_test_addr ${a} $? 0 "ping out, device bind"
2427 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2430 run_cmd ip vrf exec ${VRF} ${ping6} -c1 -w1 -I ${VRF_IP6} ${a}
2431 log_test_addr ${a} $? 0 "ping out, vrf device+address bind"
2437 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV} ${MCAST}%${NSB_DEV}
2440 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2441 log_test_addr ${a} $? 0 "ping in"
2444 a=${NSA_LO_IP6}
2447 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2448 log_test_addr ${a} $? 1 "ping in"
2453 for a in ${NSA_IP6} ${VRF_IP6} ::1
2456 show_hint "Source address should be ${a}"
2457 run_cmd ${ping6} -c1 -w1 -I ${VRF} ${a}
2458 log_test_addr ${a} $? 0 "ping local, VRF bind"
2461 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV}
2464 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2465 log_test_addr ${a} $? 0 "ping local, device bind"
2473 for a in ${NSA_IP6} ${VRF_IP6}
2477 log_test_addr ${a} $? 0 "ping in, LLA to GUA"
2491 a=${NSB_LO_IP6}
2492 run_cmd ${ping6} -c1 -w1 ${a}
2493 log_test_addr ${a} $? 2 "ping out, blocked by rule"
2496 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2497 log_test_addr ${a} $? 2 "ping out, device bind, blocked by rule"
2499 a=${NSA_LO_IP6}
2502 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2503 log_test_addr ${a} $? 1 "ping in, blocked by rule"
2515 a=${NSB_LO_IP6}
2516 run_cmd ${ping6} -c1 -w1 ${a}
2517 log_test_addr ${a} $? 2 "ping out, unreachable route"
2520 run_cmd ${ping6} -c1 -w1 -I ${NSA_DEV} ${a}
2521 log_test_addr ${a} $? 2 "ping out, device bind, unreachable route"
2524 a=${NSA_LO_IP6}
2526 run_cmd_nsb ${ping6} -c1 -w1 ${a}
2527 log_test_addr ${a} $? 2 "ping in, unreachable route"
2564 sleep 1
2572 sleep 1
2580 sleep 1
2588 sleep 1
2599 sleep 1
2607 sleep 1
2615 sleep 1
2632 sleep 1
2640 sleep 1
2648 sleep 1
2656 sleep 1
2667 sleep 1
2675 sleep 1
2683 sleep 1
2688 # duplicate config between default VRF and a VRF
2694 sleep 1
2701 sleep 1
2709 sleep 1
2717 sleep 1
2724 sleep 1
2731 sleep 1
2739 sleep 1
2747 sleep 1
2756 log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
2760 log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
2766 local a
2771 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2775 sleep 1
2776 run_cmd_nsb nettest -6 -r ${a}
2777 log_test_addr ${a} $? 0 "Global server"
2781 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2785 run_cmd_nsb nettest -6 -r ${a}
2786 log_test_addr ${a} $? 1 "No server"
2792 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2796 sleep 1
2797 run_cmd nettest -6 -r ${a}
2798 log_test_addr ${a} $? 0 "Client"
2801 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2805 sleep 1
2806 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2807 log_test_addr ${a} $? 0 "Client, device bind"
2810 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
2814 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2815 log_test_addr ${a} $? 1 "No server, device client"
2821 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
2825 sleep 1
2826 run_cmd nettest -6 -r ${a}
2827 log_test_addr ${a} $? 0 "Global server, local connection"
2830 a=${NSA_IP6}
2833 sleep 1
2834 run_cmd nettest -6 -r ${a} -0 ${a}
2835 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
2837 for a in ${NSA_LO_IP6} ::1
2842 sleep 1
2843 run_cmd nettest -6 -r ${a}
2844 log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
2847 a=${NSA_IP6}
2850 sleep 1
2851 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
2852 log_test_addr ${a} $? 0 "Global server, device client, local connection"
2854 for a in ${NSA_LO_IP6} ::1
2859 sleep 1
2860 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2861 log_test_addr ${a} $? 1 "Global server, device client, local connection"
2864 for a in ${NSA_IP6} ${NSA_LINKIP6}
2868 sleep 1
2869 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2870 log_test_addr ${a} $? 0 "Device server, device client, local conn"
2873 for a in ${NSA_IP6} ${NSA_LINKIP6}
2877 run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
2878 log_test_addr ${a} $? 1 "No server, device client, local conn"
2881 [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf
2886 local a
2896 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2901 sleep 1
2902 run_cmd_nsb nettest -6 -r ${a}
2903 log_test_addr ${a} $? 1 "Global server"
2906 for a in ${NSA_IP6} ${VRF_IP6}
2910 sleep 1
2911 run_cmd_nsb nettest -6 -r ${a}
2912 log_test_addr ${a} $? 0 "VRF server"
2916 a=${NSA_LINKIP6}%${NSB_DEV}
2919 sleep 1
2920 run_cmd_nsb nettest -6 -r ${a}
2921 log_test_addr ${a} $? 0 "VRF server"
2923 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2927 sleep 1
2928 run_cmd_nsb nettest -6 -r ${a}
2929 log_test_addr ${a} $? 0 "Device server"
2933 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2937 run_cmd_nsb nettest -6 -r ${a}
2938 log_test_addr ${a} $? 1 "No server"
2942 a=${NSA_IP6}
2946 sleep 1
2947 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
2948 log_test_addr ${a} $? 1 "Global server, local connection"
2961 set_sysctl net.ipv4.tcp_l3mdev_accept=1
2963 for a in ${NSA_IP6} ${VRF_IP6}
2967 sleep 1
2968 run_cmd_nsb nettest -6 -r ${a}
2969 log_test_addr ${a} $? 0 "Global server"
2972 for a in ${NSA_IP6} ${VRF_IP6}
2976 sleep 1
2977 run_cmd_nsb nettest -6 -r ${a}
2978 log_test_addr ${a} $? 0 "VRF server"
2982 a=${NSA_LINKIP6}%${NSB_DEV}
2985 sleep 1
2986 run_cmd_nsb nettest -6 -r ${a}
2987 log_test_addr ${a} $? 0 "Global server"
2991 sleep 1
2992 run_cmd_nsb nettest -6 -r ${a}
2993 log_test_addr ${a} $? 0 "VRF server"
2995 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
2999 sleep 1
3000 run_cmd_nsb nettest -6 -r ${a}
3001 log_test_addr ${a} $? 0 "Device server"
3005 for a in ${NSA_IP6} ${VRF_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3009 run_cmd_nsb nettest -6 -r ${a}
3010 log_test_addr ${a} $? 1 "No server"
3014 for a in ${NSA_IP6} ${VRF_IP6}
3019 sleep 1
3020 run_cmd nettest -6 -r ${a}
3021 log_test_addr ${a} $? 1 "Global server, local connection"
3028 for a in ${NSB_IP6} ${NSB_LO_IP6}
3032 sleep 1
3033 run_cmd nettest -6 -r ${a} -d ${VRF}
3034 log_test_addr ${a} $? 0 "Client, VRF bind"
3037 a=${NSB_LINKIP6}
3041 sleep 1
3042 run_cmd nettest -6 -r ${a} -d ${VRF}
3043 log_test_addr ${a} $? 1 "Client, VRF bind"
3045 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
3049 sleep 1
3050 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3051 log_test_addr ${a} $? 0 "Client, device bind"
3054 for a in ${NSB_IP6} ${NSB_LO_IP6}
3058 run_cmd nettest -6 -r ${a} -d ${VRF}
3059 log_test_addr ${a} $? 1 "No server, VRF client"
3062 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}
3066 run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
3067 log_test_addr ${a} $? 1 "No server, device client"
3070 for a in ${NSA_IP6} ${VRF_IP6} ::1
3074 sleep 1
3075 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3076 log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
3079 a=${NSA_IP6}
3082 sleep 1
3083 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3084 log_test_addr ${a} $? 0 "VRF server, device client, local connection"
3086 a=${NSA_IP6}
3090 sleep 1
3091 run_cmd nettest -6 -r ${a}
3092 log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
3096 sleep 1
3097 run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
3098 log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
3100 for a in ${NSA_IP6} ${NSA_LINKIP6}
3104 sleep 1
3105 run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
3106 log_test_addr ${a} $? 0 "Device server, device client, local connection"
3122 set_sysctl net.ipv4.tcp_l3mdev_accept=1
3135 local a
3140 for a in ${NSA_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3144 sleep 1
3145 run_cmd_nsb nettest -6 -D -r ${a}
3146 log_test_addr ${a} $? 0 "Global server"
3150 sleep 1
3151 run_cmd_nsb nettest -6 -D -r ${a}
3152 log_test_addr ${a} $? 0 "Device server"
3155 a=${NSA_LO_IP6}
3158 sleep 1
3159 run_cmd_nsb nettest -6 -D -r ${a}
3160 log_test_addr ${a} $? 0 "Global server"
3162 # should fail since loopback address is out of scope for a device
3168 #sleep 1
3169 #run_cmd_nsb nettest -6 -D -r ${a}
3170 #log_test_addr ${a} $? 1 "Device server"
3173 for a in ${NSA_IP6} ${NSA_LO_IP6} ${NSA_LINKIP6}%${NSB_DEV}
3177 run_cmd_nsb nettest -6 -D -r ${a}
3178 log_test_addr ${a} $? 1 "No server"
3184 for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV}
3188 sleep 1
3189 run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
3190 log_test_addr ${a} $? 0 "Client"
3194 sleep 1
3195 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
3196 log_test_addr ${a} $? 0 "Client, device bind"
3200 sleep 1
3201 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
3202 log_test_addr ${a} $? 0 "Client, device send via cmsg"
3206 sleep 1
3207 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
3208 log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
3212 run_cmd nettest -6 -D -r ${a}
3213 log_test_addr ${a} $? 1 "No server, unbound client"
3217 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3218 log_test_addr ${a} $? 1 "No server, device client"
3224 for a in ${NSA_IP6} ${NSA_LO_IP6} ::1
3228 sleep 1
3229 run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
3230 log_test_addr ${a} $? 0 "Global server, local connection"
3233 a=${NSA_IP6}
3236 sleep 1
3237 run_cmd nettest -6 -D -r ${a}
3238 log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
3240 for a in ${NSA_LO_IP6} ::1
3245 sleep 1
3246 run_cmd nettest -6 -D -r ${a}
3247 log_test_addr ${a} $? 1 "Device server, local connection"
3250 a=${NSA_IP6}
3253 sleep 1
3254 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3255 log_test_addr ${a} $? 0 "Global server, device client, local connection"
3259 sleep 1
3260 run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
3261 log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
3265 sleep 1
3266 run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
3267 log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
3269 for a in ${NSA_LO_IP6} ::1
3274 sleep 1
3275 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
3276 log_test_addr ${a} $? 1 "Global server, device client, local connection"
3281 sleep 1
3282 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
3283 log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
3288 sleep 1
3289 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
3290 log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
3295 sleep 1
3296 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
3297 …log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with co…
3300 a=${NSA_IP6}
3303 sleep 1
3304 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
3305 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3309 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3310 log_test_addr ${a} $? 1 "No server, device client, local conn"
3317 sleep 1
3327 local a
3336 for a in ${NSA_IP6} ${VRF_IP6}
3341 sleep 1
3342 run_cmd_nsb nettest -6 -D -r ${a}
3343 log_test_addr ${a} $? 1 "Global server"
3346 for a in ${NSA_IP6} ${VRF_IP6}
3350 sleep 1
3351 run_cmd_nsb nettest -6 -D -r ${a}
3352 log_test_addr ${a} $? 0 "VRF server"
3355 for a in ${NSA_IP6} ${VRF_IP6}
3359 sleep 1
3360 run_cmd_nsb nettest -6 -D -r ${a}
3361 log_test_addr ${a} $? 0 "Enslaved device server"
3365 for a in ${NSA_IP6} ${VRF_IP6}
3369 run_cmd_nsb nettest -6 -D -r ${a}
3370 log_test_addr ${a} $? 1 "No server"
3376 for a in ${NSA_IP6} ${VRF_IP6}
3381 sleep 1
3382 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3383 log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
3386 for a in ${NSA_IP6} ${VRF_IP6}
3390 sleep 1
3391 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3392 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3395 a=${NSA_IP6}
3399 sleep 1
3400 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3401 log_test_addr ${a} $? 1 "Global server, device client, local conn"
3405 sleep 1
3406 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3407 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3411 sleep 1
3412 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3413 log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
3417 sleep 1
3418 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3419 log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
3423 set_sysctl net.ipv4.udp_l3mdev_accept=1
3428 for a in ${NSA_IP6} ${VRF_IP6}
3432 sleep 1
3433 run_cmd_nsb nettest -6 -D -r ${a}
3434 log_test_addr ${a} $? 0 "Global server"
3437 for a in ${NSA_IP6} ${VRF_IP6}
3441 sleep 1
3442 run_cmd_nsb nettest -6 -D -r ${a}
3443 log_test_addr ${a} $? 0 "VRF server"
3446 for a in ${NSA_IP6} ${VRF_IP6}
3450 sleep 1
3451 run_cmd_nsb nettest -6 -D -r ${a}
3452 log_test_addr ${a} $? 0 "Enslaved device server"
3456 for a in ${NSA_IP6} ${VRF_IP6}
3459 run_cmd_nsb nettest -6 -D -r ${a}
3460 log_test_addr ${a} $? 1 "No server"
3468 sleep 1
3475 log_test $? 1 "No server, VRF client"
3479 sleep 1
3486 log_test $? 1 "No server, enslaved device client"
3491 a=${NSA_IP6}
3494 sleep 1
3495 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3496 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3500 sleep 1
3501 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3502 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3505 a=${VRF_IP6}
3508 sleep 1
3509 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3510 log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
3514 sleep 1
3515 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3516 log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
3519 for a in ${NSA_IP6} ${VRF_IP6}
3522 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3523 log_test_addr ${a} $? 1 "No server, VRF client, local conn"
3527 a=${NSA_IP6}
3530 sleep 1
3531 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3532 log_test_addr ${a} $? 0 "Global server, device client, local conn"
3536 sleep 1
3537 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3538 log_test_addr ${a} $? 0 "VRF server, device client, local conn"
3542 sleep 1
3543 run_cmd nettest -6 -D -d ${VRF} -r ${a}
3544 log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
3548 sleep 1
3549 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3550 log_test_addr ${a} $? 0 "Device server, device client, local conn"
3553 run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
3554 log_test_addr ${a} $? 1 "No server, device client, local conn"
3560 sleep 1
3566 log_test $? 1 "No server, linklocal IP"
3571 sleep 1
3577 log_test $? 1 "No server, device client, peer linklocal IP"
3582 sleep 1
3588 log_test $? 1 "No server, device client, local conn - linklocal IP"
3595 sleep 1
3606 set_sysctl net.ipv4.udp_early_demux=1
3618 set_sysctl net.ipv4.udp_l3mdev_accept=1
3634 for a in ${NSA_IP6} ${NSA_LO_IP6}
3637 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -b
3638 log_test_addr ${a} $? 0 "Raw socket bind to local address"
3641 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3642 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3648 a=${NL_IP6}
3650 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
3651 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
3656 a=${NSA_IP6}
3658 run_cmd nettest -6 -s -l ${a} -t1 -b
3659 log_test_addr ${a} $? 0 "TCP socket bind to local address"
3662 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3663 log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind"
3665 # Sadly, the kernel allows binding a socket to a device and then
3668 a=${NSA_LO_IP6}
3671 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3672 log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address"
3680 for a in ${NSA_IP6} ${VRF_IP6}
3683 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3684 log_test_addr ${a} $? 0 "Raw socket bind to local address after vrf bind"
3687 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${NSA_DEV} -b
3688 log_test_addr ${a} $? 0 "Raw socket bind to local address after device bind"
3691 a=${NSA_LO_IP6}
3694 run_cmd nettest -6 -s -R -P ipv6-icmp -l ${a} -I ${VRF} -b
3695 log_test_addr ${a} $? 1 "Raw socket bind to invalid local address after vrf bind"
3700 a=${NL_IP6}
3702 run_cmd nettest -6 -s -R -P icmp -f -l ${a} -I ${VRF} -b
3703 log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
3708 # address on enslaved device is valid for the VRF or device in a VRF
3709 for a in ${NSA_IP6} ${VRF_IP6}
3712 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3713 log_test_addr ${a} $? 0 "TCP socket bind to local address with VRF bind"
3716 a=${NSA_IP6}
3718 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3719 log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind"
3721 # Sadly, the kernel allows binding a socket to a device and then
3725 a=${VRF_IP6}
3728 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3729 log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind"
3731 a=${NSA_LO_IP6}
3734 run_cmd nettest -6 -s -l ${a} -I ${VRF} -t1 -b
3735 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for VRF"
3739 run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b
3740 log_test_addr ${a} $? 1 "TCP socket bind to invalid local address for device bind"
3762 local desc="$1"
3765 local a
3770 for a in ${NSA_IP6} ${VRF_IP6}
3774 sleep 1
3775 run_cmd_nsb nettest ${varg} -r ${a} &
3778 sleep 1
3779 log_test_addr ${a} 0 0 "${desc}, global server"
3784 for a in ${NSA_IP6} ${VRF_IP6}
3788 sleep 1
3789 run_cmd_nsb nettest ${varg} -r ${a} &
3792 sleep 1
3793 log_test_addr ${a} 0 0 "${desc}, VRF server"
3798 for a in ${NSA_IP6} ${VRF_IP6}
3802 sleep 1
3803 run_cmd_nsb nettest ${varg} -r ${a} &
3806 sleep 1
3807 log_test_addr ${a} 0 0 "${desc}, enslaved device server"
3817 sleep 1
3821 sleep 1
3828 sleep 1
3832 sleep 1
3841 for a in ${NSA_IP6} ${VRF_IP6}
3845 sleep 1
3846 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3849 sleep 1
3850 log_test_addr ${a} 0 0 "${desc}, global server, VRF client"
3855 for a in ${NSA_IP6} ${VRF_IP6}
3859 sleep 1
3860 run_cmd nettest ${varg} -d ${VRF} -r ${a} &
3863 sleep 1
3864 log_test_addr ${a} 0 0 "${desc}, VRF server and client"
3869 a=${NSA_IP6}
3872 sleep 1
3873 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3876 sleep 1
3877 log_test_addr ${a} 0 0 "${desc}, global server, device client"
3883 sleep 1
3884 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3887 sleep 1
3888 log_test_addr ${a} 0 0 "${desc}, VRF server, device client"
3894 sleep 1
3895 run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
3898 sleep 1
3899 log_test_addr ${a} 0 0 "${desc}, device server, device client"
3905 local a
3907 a=${NSA_IP6}
3909 run_cmd_nsb ${ping6} -f ${a} &
3912 sleep 1
3913 log_test_addr ${a} 0 0 "Device delete with active traffic - ping in"
3919 sleep 1
3921 sleep 1
3922 log_test_addr ${a} 0 0 "Device delete with active traffic - ping out"
3933 ipv6_rt "TCP active socket" "-n -1"
3939 ipv6_rt "UDP active socket" "-D -n -1"
3947 local a
3949 for a in ${NSA_IP} ${VRF_IP}
3953 sleep 1
3954 run_cmd_nsb nettest -r ${a}
3955 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
3961 local stype="$1"
3963 local a
3967 for a in ${NSA_IP} ${VRF_IP}
3971 sleep 1
3972 run_cmd_nsb nettest ${arg} -r ${a}
3973 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
3983 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
3992 run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
3993 run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
4004 local a
4006 for a in ${NSA_IP6} ${VRF_IP6}
4010 sleep 1
4011 run_cmd_nsb nettest -6 -r ${a}
4012 log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
4018 local stype="$1"
4020 local a
4024 for a in ${NSA_IP6} ${VRF_IP6}
4028 sleep 1
4029 run_cmd_nsb nettest -6 ${arg} -r ${a}
4030 log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
4040 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
4048 run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4049 run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable
4062 # ns-A device enslaved to bridge. Verify traffic with and without
4123 setup_cmd ip -6 addr add dev br0.100 2001:db8:101::1/64 nodad
4129 sleep 1
4146 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4164 run_cmd_nsb ${ping6} -c1 -w1 2001:db8:101::1
4173 # ns-A device is connected to both ns-B and ns-C on a single VRF but only has
4178 # only want reply from ns-A
4179 setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4180 setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
4189 # cycle/flap the first ns-A interface
4192 sleep 1
4200 # cycle/flap the second ns-A interface
4203 sleep 1
4212 # Perform IPv{4,6} SNAT on ns-A, and verify TCP connection is successfully
4220 …run_cmd iptables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_…
4221 …run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO…
4224 sleep 1
4229 sleep 1
4287 v) VERBOSE=1;;
4289 *) usage; exit 1;;
4343 exit 1 # KSFT_FAIL