Merge tag 'amd-drm-next-6.5-2023-06-09' of https://gitlab.freedesktop.org/agd5f/linux...

[J-linux.git] / tools / testing / selftests / net / rtnetlink.sh

#!/bin/bash
#
# This test is for checking rtnetlink callpaths, and get as much coverage as possible.
#
# set -e

ALL_TESTS="
        kci_test_polrouting
        kci_test_route_get
        kci_test_addrlft
        kci_test_promote_secondaries
        kci_test_tc
        kci_test_gre
        kci_test_gretap
        kci_test_ip6gretap
        kci_test_erspan
        kci_test_ip6erspan
        kci_test_bridge
        kci_test_addrlabel
        kci_test_ifalias
        kci_test_vrf
        kci_test_encap
        kci_test_macsec
        kci_test_ipsec
        kci_test_ipsec_offload
        kci_test_fdb_get
        kci_test_neigh_get
        kci_test_bridge_parent_id
        kci_test_address_proto
"

devdummy="test-dummy0"

# Kselftest framework requirement - SKIP code is 4.
ksft_skip=4

# set global exit status, but never reset nonzero one.
check_err()
{
        if [ $ret -eq 0 ]; then
                ret=$1
        fi
}

# same but inverted -- used when command must fail for test to pass
check_fail()
{
        if [ $1 -eq 0 ]; then
                ret=1
        fi
}

kci_add_dummy()
{
        ip link add name "$devdummy" type dummy
        check_err $?
        ip link set "$devdummy" up
        check_err $?
}

kci_del_dummy()
{
        ip link del dev "$devdummy"
        check_err $?
}

kci_test_netconf()
{
        dev="$1"
        r=$ret

        ip netconf show dev "$dev" > /dev/null
        check_err $?

        for f in 4 6; do
                ip -$f netconf show dev "$dev" > /dev/null
                check_err $?
        done

        if [ $ret -ne 0 ] ;then
                echo "FAIL: ip netconf show $dev"
                test $r -eq 0 && ret=0
                return 1
        fi
}

# add a bridge with vlans on top
kci_test_bridge()
{
        devbr="test-br0"
        vlandev="testbr-vlan1"

        local ret=0
        ip link add name "$devbr" type bridge
        check_err $?

        ip link set dev "$devdummy" master "$devbr"
        check_err $?

        ip link set "$devbr" up
        check_err $?

        ip link add link "$devbr" name "$vlandev" type vlan id 1
        check_err $?
        ip addr add dev "$vlandev" 10.200.7.23/30
        check_err $?
        ip -6 addr add dev "$vlandev" dead:42::1234/64
        check_err $?
        ip -d link > /dev/null
        check_err $?
        ip r s t all > /dev/null
        check_err $?

        for name in "$devbr" "$vlandev" "$devdummy" ; do
                kci_test_netconf "$name"
        done

        ip -6 addr del dev "$vlandev" dead:42::1234/64
        check_err $?

        ip link del dev "$vlandev"
        check_err $?
        ip link del dev "$devbr"
        check_err $?

        if [ $ret -ne 0 ];then
                echo "FAIL: bridge setup"
                return 1
        fi
        echo "PASS: bridge setup"

}

kci_test_gre()
{
        gredev=neta
        rem=10.42.42.1
        loc=10.0.0.1

        local ret=0
        ip tunnel add $gredev mode gre remote $rem local $loc ttl 1
        check_err $?
        ip link set $gredev up
        check_err $?
        ip addr add 10.23.7.10 dev $gredev
        check_err $?
        ip route add 10.23.8.0/30 dev $gredev
        check_err $?
        ip addr add dev "$devdummy" 10.23.7.11/24
        check_err $?
        ip link > /dev/null
        check_err $?
        ip addr > /dev/null
        check_err $?

        kci_test_netconf "$gredev"

        ip addr del dev "$devdummy" 10.23.7.11/24
        check_err $?

        ip link del $gredev
        check_err $?

        if [ $ret -ne 0 ];then
                echo "FAIL: gre tunnel endpoint"
                return 1
        fi
        echo "PASS: gre tunnel endpoint"
}

# tc uses rtnetlink too, for full tc testing
# please see tools/testing/selftests/tc-testing.
kci_test_tc()
{
        dev=lo
        local ret=0

        tc qdisc add dev "$dev" root handle 1: htb
        check_err $?
        tc class add dev "$dev" parent 1: classid 1:10 htb rate 1mbit
        check_err $?
        tc filter add dev "$dev" parent 1:0 prio 5 handle ffe: protocol ip u32 divisor 256
        check_err $?
        tc filter add dev "$dev" parent 1:0 prio 5 handle ffd: protocol ip u32 divisor 256
        check_err $?
        tc filter add dev "$dev" parent 1:0 prio 5 handle ffc: protocol ip u32 divisor 256
        check_err $?
        tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32 ht ffe:2: match ip src 10.0.0.3 flowid 1:10
        check_err $?
        tc filter add dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:2 u32 ht ffe:2: match ip src 10.0.0.2 flowid 1:10
        check_err $?
        tc filter show dev "$dev" parent  1:0 > /dev/null
        check_err $?
        tc filter del dev "$dev" protocol ip parent 1: prio 5 handle ffe:2:3 u32
        check_err $?
        tc filter show dev "$dev" parent  1:0 > /dev/null
        check_err $?
        tc qdisc del dev "$dev" root handle 1: htb
        check_err $?

        if [ $ret -ne 0 ];then
                echo "FAIL: tc htb hierarchy"
                return 1
        fi
        echo "PASS: tc htb hierarchy"

}

kci_test_polrouting()
{
        local ret=0
        ip rule add fwmark 1 lookup 100
        check_err $?
        ip route add local 0.0.0.0/0 dev lo table 100
        check_err $?
        ip r s t all > /dev/null
        check_err $?
        ip rule del fwmark 1 lookup 100
        check_err $?
        ip route del local 0.0.0.0/0 dev lo table 100
        check_err $?

        if [ $ret -ne 0 ];then
                echo "FAIL: policy route test"
                return 1
        fi
        echo "PASS: policy routing"
}

kci_test_route_get()
{
        local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy)

        local ret=0

        ip route get 127.0.0.1 > /dev/null
        check_err $?
        ip route get 127.0.0.1 dev "$devdummy" > /dev/null
        check_err $?
        ip route get ::1 > /dev/null
        check_err $?
        ip route get fe80::1 dev "$devdummy" > /dev/null
        check_err $?
        ip route get 127.0.0.1 from 127.0.0.1 oif lo tos 0x10 mark 0x1 > /dev/null
        check_err $?
        ip route get ::1 from ::1 iif lo oif lo tos 0x10 mark 0x1 > /dev/null
        check_err $?
        ip addr add dev "$devdummy" 10.23.7.11/24
        check_err $?
        ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null
        check_err $?
        ip route add 10.23.8.0/24 \
                nexthop via 10.23.7.13 dev "$devdummy" \
                nexthop via 10.23.7.14 dev "$devdummy"
        check_err $?
        sysctl -wq net.ipv4.fib_multipath_hash_policy=0
        ip route get 10.23.8.11 > /dev/null
        check_err $?
        sysctl -wq net.ipv4.fib_multipath_hash_policy=1
        ip route get 10.23.8.11 > /dev/null
        check_err $?
        sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy"
        ip route del 10.23.8.0/24
        check_err $?
        ip addr del dev "$devdummy" 10.23.7.11/24
        check_err $?

        if [ $ret -ne 0 ];then
                echo "FAIL: route get"
                return 1
        fi

        echo "PASS: route get"
}

kci_test_addrlft()
{
        for i in $(seq 10 100) ;do
                lft=$(((RANDOM%3) + 1))
                ip addr add 10.23.11.$i/32 dev "$devdummy" preferred_lft $lft valid_lft $((lft+1))
                check_err $?
        done

        sleep 5

        ip addr show dev "$devdummy" | grep "10.23.11."
        if [ $? -eq 0 ]; then
                echo "FAIL: preferred_lft addresses remaining"
                check_err 1
                return
        fi

        echo "PASS: preferred_lft addresses have expired"
}

kci_test_promote_secondaries()
{
        promote=$(sysctl -n net.ipv4.conf.$devdummy.promote_secondaries)

        sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=1

        for i in $(seq 2 254);do
                IP="10.23.11.$i"
                ip -f inet addr add $IP/16 brd + dev "$devdummy"
                ifconfig "$devdummy" $IP netmask 255.255.0.0
        done

        ip addr flush dev "$devdummy"

        [ $promote -eq 0 ] && sysctl -q net.ipv4.conf.$devdummy.promote_secondaries=0

        echo "PASS: promote_secondaries complete"
}

kci_test_addrlabel()
{
        local ret=0

        ip addrlabel add prefix dead::/64 dev lo label 1
        check_err $?

        ip addrlabel list |grep -q "prefix dead::/64 dev lo label 1"
        check_err $?

        ip addrlabel del prefix dead::/64 dev lo label 1 2> /dev/null
        check_err $?

        ip addrlabel add prefix dead::/64 label 1 2> /dev/null
        check_err $?

        ip addrlabel del prefix dead::/64 label 1 2> /dev/null
        check_err $?

        # concurrent add/delete
        for i in $(seq 1 1000); do
                ip addrlabel add prefix 1c3::/64 label 12345 2>/dev/null
        done &

        for i in $(seq 1 1000); do
                ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null
        done

        wait

        ip addrlabel del prefix 1c3::/64 label 12345 2>/dev/null

        if [ $ret -ne 0 ];then
                echo "FAIL: ipv6 addrlabel"
                return 1
        fi

        echo "PASS: ipv6 addrlabel"
}

kci_test_ifalias()
{
        local ret=0
        namewant=$(uuidgen)
        syspathname="/sys/class/net/$devdummy/ifalias"

        ip link set dev "$devdummy" alias "$namewant"
        check_err $?

        if [ $ret -ne 0 ]; then
                echo "FAIL: cannot set interface alias of $devdummy to $namewant"
                return 1
        fi

        ip link show "$devdummy" | grep -q "alias $namewant"
        check_err $?

        if [ -r "$syspathname" ] ; then
                read namehave < "$syspathname"
                if [ "$namewant" != "$namehave" ]; then
                        echo "FAIL: did set ifalias $namewant but got $namehave"
                        return 1
                fi

                namewant=$(uuidgen)
                echo "$namewant" > "$syspathname"
                ip link show "$devdummy" | grep -q "alias $namewant"
                check_err $?

                # sysfs interface allows to delete alias again
                echo "" > "$syspathname"

                ip link show "$devdummy" | grep -q "alias $namewant"
                check_fail $?

                for i in $(seq 1 100); do
                        uuidgen > "$syspathname" &
                done

                wait

                # re-add the alias -- kernel should free mem when dummy dev is removed
                ip link set dev "$devdummy" alias "$namewant"
                check_err $?
        fi

        if [ $ret -ne 0 ]; then
                echo "FAIL: set interface alias $devdummy to $namewant"
                return 1
        fi

        echo "PASS: set ifalias $namewant for $devdummy"
}

kci_test_vrf()
{
        vrfname="test-vrf"
        local ret=0

        ip link show type vrf 2>/dev/null
        if [ $? -ne 0 ]; then
                echo "SKIP: vrf: iproute2 too old"
                return $ksft_skip
        fi

        ip link add "$vrfname" type vrf table 10
        check_err $?
        if [ $ret -ne 0 ];then
                echo "FAIL: can't add vrf interface, skipping test"
                return 0
        fi

        ip -br link show type vrf | grep -q "$vrfname"
        check_err $?
        if [ $ret -ne 0 ];then
                echo "FAIL: created vrf device not found"
                return 1
        fi

        ip link set dev "$vrfname" up
        check_err $?

        ip link set dev "$devdummy" master "$vrfname"
        check_err $?
        ip link del dev "$vrfname"
        check_err $?

        if [ $ret -ne 0 ];then
                echo "FAIL: vrf"
                return 1
        fi

        echo "PASS: vrf"
}

kci_test_encap_vxlan()
{
        local ret=0
        vxlan="test-vxlan0"
        vlan="test-vlan0"
        testns="$1"

        ip -netns "$testns" link add "$vxlan" type vxlan id 42 group 239.1.1.1 \
                dev "$devdummy" dstport 4789 2>/dev/null
        if [ $? -ne 0 ]; then
                echo "FAIL: can't add vxlan interface, skipping test"
                return 0
        fi
        check_err $?

        ip -netns "$testns" addr add 10.2.11.49/24 dev "$vxlan"
        check_err $?

        ip -netns "$testns" link set up dev "$vxlan"
        check_err $?

        ip -netns "$testns" link add link "$vxlan" name "$vlan" type vlan id 1
        check_err $?

        # changelink testcases
        ip -netns "$testns" link set dev "$vxlan" type vxlan vni 43 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan group ffe5::5 dev "$devdummy" 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan ttl inherit 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan ttl 64
        check_err $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan nolearning
        check_err $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan proxy 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan norsc 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan l2miss 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan l3miss 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan external 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan udpcsum 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumtx 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan udp6zerocsumrx 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumtx 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan remcsumrx 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan gbp 2>/dev/null
        check_fail $?

        ip -netns "$testns" link set dev "$vxlan" type vxlan gpe 2>/dev/null
        check_fail $?

        ip -netns "$testns" link del "$vxlan"
        check_err $?

        if [ $ret -ne 0 ]; then
                echo "FAIL: vxlan"
                return 1
        fi
        echo "PASS: vxlan"
}

kci_test_encap_fou()
{
        local ret=0
        name="test-fou"
        testns="$1"

        ip fou help 2>&1 |grep -q 'Usage: ip fou'
        if [ $? -ne 0 ];then
                echo "SKIP: fou: iproute2 too old"
                return $ksft_skip
        fi

        if ! /sbin/modprobe -q -n fou; then
                echo "SKIP: module fou is not found"
                return $ksft_skip
        fi
        /sbin/modprobe -q fou
        ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null
        if [ $? -ne 0 ];then
                echo "FAIL: can't add fou port 7777, skipping test"
                return 1
        fi

        ip -netns "$testns" fou add port 8888 ipproto 4
        check_err $?

        ip -netns "$testns" fou del port 9999 2>/dev/null
        check_fail $?

        ip -netns "$testns" fou del port 7777
        check_err $?

        if [ $ret -ne 0 ]; then
                echo "FAIL: fou"
                return 1
        fi

        echo "PASS: fou"
}

# test various encap methods, use netns to avoid unwanted interference
kci_test_encap()
{
        testns="testns"
        local ret=0

        ip netns add "$testns"
        if [ $? -ne 0 ]; then
                echo "SKIP encap tests: cannot add net namespace $testns"
                return $ksft_skip
        fi

        ip -netns "$testns" link set lo up
        check_err $?

        ip -netns "$testns" link add name "$devdummy" type dummy
        check_err $?
        ip -netns "$testns" link set "$devdummy" up
        check_err $?

        kci_test_encap_vxlan "$testns"
        check_err $?
        kci_test_encap_fou "$testns"
        check_err $?

        ip netns del "$testns"
        return $ret
}

kci_test_macsec()
{
        msname="test_macsec0"
        local ret=0

        ip macsec help 2>&1 | grep -q "^Usage: ip macsec"
        if [ $? -ne 0 ]; then
                echo "SKIP: macsec: iproute2 too old"
                return $ksft_skip
        fi

        ip link add link "$devdummy" "$msname" type macsec port 42 encrypt on
        check_err $?
        if [ $ret -ne 0 ];then
                echo "FAIL: can't add macsec interface, skipping test"
                return 1
        fi

        ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012
        check_err $?

        ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef"
        check_err $?

        ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef
        check_err $?

        ip macsec show > /dev/null
        check_err $?

        ip link del dev "$msname"
        check_err $?

        if [ $ret -ne 0 ];then
                echo "FAIL: macsec"
                return 1
        fi

        echo "PASS: macsec"
}

#-------------------------------------------------------------------
# Example commands
#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
#            sel src 14.0.0.52/24 dst 14.0.0.70/24
#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
#            spi 0x07 mode transport reqid 0x07
#
# Subcommands not tested
#    ip x s update
#    ip x s allocspi
#    ip x s deleteall
#    ip x p update
#    ip x p deleteall
#    ip x p set
#-------------------------------------------------------------------
kci_test_ipsec()
{
        local ret=0
        algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
        srcip=192.168.123.1
        dstip=192.168.123.2
        spi=7

        ip addr add $srcip dev $devdummy

        # flush to be sure there's nothing configured
        ip x s flush ; ip x p flush
        check_err $?

        # start the monitor in the background
        tmpfile=`mktemp /var/run/ipsectestXXX`
        mpid=`(ip x m > $tmpfile & echo $!) 2>/dev/null`
        sleep 0.2

        ipsecid="proto esp src $srcip dst $dstip spi 0x07"
        ip x s add $ipsecid \
            mode transport reqid 0x07 replay-window 32 \
            $algo sel src $srcip/24 dst $dstip/24
        check_err $?

        lines=`ip x s list | grep $srcip | grep $dstip | wc -l`
        test $lines -eq 2
        check_err $?

        ip x s count | grep -q "SAD count 1"
        check_err $?

        lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l`
        test $lines -eq 2
        check_err $?

        ip x s delete $ipsecid
        check_err $?

        lines=`ip x s list | wc -l`
        test $lines -eq 0
        check_err $?

        ipsecsel="dir out src $srcip/24 dst $dstip/24"
        ip x p add $ipsecsel \
                    tmpl proto esp src $srcip dst $dstip \
                    spi 0x07 mode transport reqid 0x07
        check_err $?

        lines=`ip x p list | grep $srcip | grep $dstip | wc -l`
        test $lines -eq 2
        check_err $?

        ip x p count | grep -q "SPD IN  0 OUT 1 FWD 0"
        check_err $?

        lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l`
        test $lines -eq 2
        check_err $?

        ip x p delete $ipsecsel
        check_err $?

        lines=`ip x p list | wc -l`
        test $lines -eq 0
        check_err $?

        # check the monitor results
        kill $mpid
        lines=`wc -l $tmpfile | cut "-d " -f1`
        test $lines -eq 20
        check_err $?
        rm -rf $tmpfile

        # clean up any leftovers
        ip x s flush
        check_err $?
        ip x p flush
        check_err $?
        ip addr del $srcip/32 dev $devdummy

        if [ $ret -ne 0 ]; then
                echo "FAIL: ipsec"
                return 1
        fi
        echo "PASS: ipsec"
}

#-------------------------------------------------------------------
# Example commands
#   ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
#            spi 0x07 mode transport reqid 0x07 replay-window 32 \
#            aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \
#            sel src 14.0.0.52/24 dst 14.0.0.70/24
#            offload dev sim1 dir out
#   ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \
#            tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \
#            spi 0x07 mode transport reqid 0x07
#
#-------------------------------------------------------------------
kci_test_ipsec_offload()
{
        local ret=0
        algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128"
        srcip=192.168.123.3
        dstip=192.168.123.4
        sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/
        sysfsf=$sysfsd/ipsec
        sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/
        probed=false

        # setup netdevsim since dummydev doesn't have offload support
        if [ ! -w /sys/bus/netdevsim/new_device ] ; then
                modprobe -q netdevsim
                check_err $?
                if [ $ret -ne 0 ]; then
                        echo "SKIP: ipsec_offload can't load netdevsim"
                        return $ksft_skip
                fi
                probed=true
        fi

        echo "0" > /sys/bus/netdevsim/new_device
        while [ ! -d $sysfsnet ] ; do :; done
        udevadm settle
        dev=`ls $sysfsnet`

        ip addr add $srcip dev $dev
        ip link set $dev up
        if [ ! -d $sysfsd ] ; then
                echo "FAIL: ipsec_offload can't create device $dev"
                return 1
        fi
        if [ ! -f $sysfsf ] ; then
                echo "FAIL: ipsec_offload netdevsim doesn't support IPsec offload"
                return 1
        fi

        # flush to be sure there's nothing configured
        ip x s flush ; ip x p flush

        # create offloaded SAs, both in and out
        ip x p add dir out src $srcip/24 dst $dstip/24 \
            tmpl proto esp src $srcip dst $dstip spi 9 \
            mode transport reqid 42
        check_err $?
        ip x p add dir in src $dstip/24 dst $srcip/24 \
            tmpl proto esp src $dstip dst $srcip spi 9 \
            mode transport reqid 42
        check_err $?

        ip x s add proto esp src $srcip dst $dstip spi 9 \
            mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \
            offload dev $dev dir out
        check_err $?
        ip x s add proto esp src $dstip dst $srcip spi 9 \
            mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \
            offload dev $dev dir in
        check_err $?
        if [ $ret -ne 0 ]; then
                echo "FAIL: ipsec_offload can't create SA"
                return 1
        fi

        # does offload show up in ip output
        lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"`
        if [ $lines -ne 2 ] ; then
                echo "FAIL: ipsec_offload SA offload missing from list output"
                check_err 1
        fi

        # use ping to exercise the Tx path
        ping -I $dev -c 3 -W 1 -i 0 $dstip >/dev/null

        # does driver have correct offload info
        diff $sysfsf - << EOF
SA count=2 tx=3
sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
sa[0]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
sa[0]    key=0x34333231 38373635 32313039 36353433
sa[1] rx ipaddr=0x00000000 00000000 00000000 037ba8c0
sa[1]    spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1
sa[1]    key=0x34333231 38373635 32313039 36353433
EOF
        if [ $? -ne 0 ] ; then
                echo "FAIL: ipsec_offload incorrect driver data"
                check_err 1
        fi

        # does offload get removed from driver
        ip x s flush
        ip x p flush
        lines=`grep -c "SA count=0" $sysfsf`
        if [ $lines -ne 1 ] ; then
                echo "FAIL: ipsec_offload SA not removed from driver"
                check_err 1
        fi

        # clean up any leftovers
        $probed && rmmod netdevsim

        if [ $ret -ne 0 ]; then
                echo "FAIL: ipsec_offload"
                return 1
        fi
        echo "PASS: ipsec_offload"
}

kci_test_gretap()
{
        testns="testns"
        DEV_NS=gretap00
        local ret=0

        ip netns add "$testns"
        if [ $? -ne 0 ]; then
                echo "SKIP gretap tests: cannot add net namespace $testns"
                return $ksft_skip
        fi

        ip link help gretap 2>&1 | grep -q "^Usage:"
        if [ $? -ne 0 ];then
                echo "SKIP: gretap: iproute2 too old"
                ip netns del "$testns"
                return $ksft_skip
        fi

        # test native tunnel
        ip -netns "$testns" link add dev "$DEV_NS" type gretap seq \
                key 102 local 172.16.1.100 remote 172.16.1.200
        check_err $?

        ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
        check_err $?

        ip -netns "$testns" link set dev $DEV_NS up
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        # test external mode
        ip -netns "$testns" link add dev "$DEV_NS" type gretap external
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        if [ $ret -ne 0 ]; then
                echo "FAIL: gretap"
                ip netns del "$testns"
                return 1
        fi
        echo "PASS: gretap"

        ip netns del "$testns"
}

kci_test_ip6gretap()
{
        testns="testns"
        DEV_NS=ip6gretap00
        local ret=0

        ip netns add "$testns"
        if [ $? -ne 0 ]; then
                echo "SKIP ip6gretap tests: cannot add net namespace $testns"
                return $ksft_skip
        fi

        ip link help ip6gretap 2>&1 | grep -q "^Usage:"
        if [ $? -ne 0 ];then
                echo "SKIP: ip6gretap: iproute2 too old"
                ip netns del "$testns"
                return $ksft_skip
        fi

        # test native tunnel
        ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap seq \
                key 102 local fc00:100::1 remote fc00:100::2
        check_err $?

        ip -netns "$testns" addr add dev "$DEV_NS" fc00:200::1/96
        check_err $?

        ip -netns "$testns" link set dev $DEV_NS up
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        # test external mode
        ip -netns "$testns" link add dev "$DEV_NS" type ip6gretap external
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        if [ $ret -ne 0 ]; then
                echo "FAIL: ip6gretap"
                ip netns del "$testns"
                return 1
        fi
        echo "PASS: ip6gretap"

        ip netns del "$testns"
}

kci_test_erspan()
{
        testns="testns"
        DEV_NS=erspan00
        local ret=0

        ip link help erspan 2>&1 | grep -q "^Usage:"
        if [ $? -ne 0 ];then
                echo "SKIP: erspan: iproute2 too old"
                return $ksft_skip
        fi

        ip netns add "$testns"
        if [ $? -ne 0 ]; then
                echo "SKIP erspan tests: cannot add net namespace $testns"
                return $ksft_skip
        fi

        # test native tunnel erspan v1
        ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
                key 102 local 172.16.1.100 remote 172.16.1.200 \
                erspan_ver 1 erspan 488
        check_err $?

        ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
        check_err $?

        ip -netns "$testns" link set dev $DEV_NS up
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        # test native tunnel erspan v2
        ip -netns "$testns" link add dev "$DEV_NS" type erspan seq \
                key 102 local 172.16.1.100 remote 172.16.1.200 \
                erspan_ver 2 erspan_dir ingress erspan_hwid 7
        check_err $?

        ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
        check_err $?

        ip -netns "$testns" link set dev $DEV_NS up
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        # test external mode
        ip -netns "$testns" link add dev "$DEV_NS" type erspan external
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        if [ $ret -ne 0 ]; then
                echo "FAIL: erspan"
                ip netns del "$testns"
                return 1
        fi
        echo "PASS: erspan"

        ip netns del "$testns"
}

kci_test_ip6erspan()
{
        testns="testns"
        DEV_NS=ip6erspan00
        local ret=0

        ip link help ip6erspan 2>&1 | grep -q "^Usage:"
        if [ $? -ne 0 ];then
                echo "SKIP: ip6erspan: iproute2 too old"
                return $ksft_skip
        fi

        ip netns add "$testns"
        if [ $? -ne 0 ]; then
                echo "SKIP ip6erspan tests: cannot add net namespace $testns"
                return $ksft_skip
        fi

        # test native tunnel ip6erspan v1
        ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
                key 102 local fc00:100::1 remote fc00:100::2 \
                erspan_ver 1 erspan 488
        check_err $?

        ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
        check_err $?

        ip -netns "$testns" link set dev $DEV_NS up
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        # test native tunnel ip6erspan v2
        ip -netns "$testns" link add dev "$DEV_NS" type ip6erspan seq \
                key 102 local fc00:100::1 remote fc00:100::2 \
                erspan_ver 2 erspan_dir ingress erspan_hwid 7
        check_err $?

        ip -netns "$testns" addr add dev "$DEV_NS" 10.1.1.100/24
        check_err $?

        ip -netns "$testns" link set dev $DEV_NS up
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        # test external mode
        ip -netns "$testns" link add dev "$DEV_NS" \
                type ip6erspan external
        check_err $?

        ip -netns "$testns" link del "$DEV_NS"
        check_err $?

        if [ $ret -ne 0 ]; then
                echo "FAIL: ip6erspan"
                ip netns del "$testns"
                return 1
        fi
        echo "PASS: ip6erspan"

        ip netns del "$testns"
}

kci_test_fdb_get()
{
        IP="ip -netns testns"
        BRIDGE="bridge -netns testns"
        brdev="test-br0"
        vxlandev="vxlan10"
        test_mac=de:ad:be:ef:13:37
        localip="10.0.2.2"
        dstip="10.0.2.3"
        local ret=0

        bridge fdb help 2>&1 |grep -q 'bridge fdb get'
        if [ $? -ne 0 ];then
                echo "SKIP: fdb get tests: iproute2 too old"
                return $ksft_skip
        fi

        ip netns add testns
        if [ $? -ne 0 ]; then
                echo "SKIP fdb get tests: cannot add net namespace $testns"
                return $ksft_skip
        fi

        $IP link add "$vxlandev" type vxlan id 10 local $localip \
                dstport 4789 2>/dev/null
        check_err $?
        $IP link add name "$brdev" type bridge &>/dev/null
        check_err $?
        $IP link set dev "$vxlandev" master "$brdev" &>/dev/null
        check_err $?
        $BRIDGE fdb add $test_mac dev "$vxlandev" master &>/dev/null
        check_err $?
        $BRIDGE fdb add $test_mac dev "$vxlandev" dst $dstip self &>/dev/null
        check_err $?

        $BRIDGE fdb get $test_mac brport "$vxlandev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
        check_err $?
        $BRIDGE fdb get $test_mac br "$brdev" 2>/dev/null | grep -q "dev $vxlandev master $brdev"
        check_err $?
        $BRIDGE fdb get $test_mac dev "$vxlandev" self 2>/dev/null | grep -q "dev $vxlandev dst $dstip"
        check_err $?

        ip netns del testns &>/dev/null

        if [ $ret -ne 0 ]; then
                echo "FAIL: bridge fdb get"
                return 1
        fi

        echo "PASS: bridge fdb get"
}

kci_test_neigh_get()
{
        dstmac=de:ad:be:ef:13:37
        dstip=10.0.2.4
        dstip6=dead::2
        local ret=0

        ip neigh help 2>&1 |grep -q 'ip neigh get'
        if [ $? -ne 0 ];then
                echo "SKIP: fdb get tests: iproute2 too old"
                return $ksft_skip
        fi

        # ipv4
        ip neigh add $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
        check_err $?
        ip neigh get $dstip dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
        check_err $?
        ip neigh del $dstip lladdr $dstmac dev "$devdummy"  > /dev/null
        check_err $?

        # ipv4 proxy
        ip neigh add proxy $dstip dev "$devdummy" > /dev/null
        check_err $?
        ip neigh get proxy $dstip dev "$devdummy" 2>/dev/null | grep -q "$dstip"
        check_err $?
        ip neigh del proxy $dstip dev "$devdummy" > /dev/null
        check_err $?

        # ipv6
        ip neigh add $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
        check_err $?
        ip neigh get $dstip6 dev "$devdummy" 2> /dev/null | grep -q "$dstmac"
        check_err $?
        ip neigh del $dstip6 lladdr $dstmac dev "$devdummy"  > /dev/null
        check_err $?

        # ipv6 proxy
        ip neigh add proxy $dstip6 dev "$devdummy" > /dev/null
        check_err $?
        ip neigh get proxy $dstip6 dev "$devdummy" 2>/dev/null | grep -q "$dstip6"
        check_err $?
        ip neigh del proxy $dstip6 dev "$devdummy" > /dev/null
        check_err $?

        if [ $ret -ne 0 ];then
                echo "FAIL: neigh get"
                return 1
        fi

        echo "PASS: neigh get"
}

kci_test_bridge_parent_id()
{
        local ret=0
        sysfsnet=/sys/bus/netdevsim/devices/netdevsim
        probed=false

        if [ ! -w /sys/bus/netdevsim/new_device ] ; then
                modprobe -q netdevsim
                check_err $?
                if [ $ret -ne 0 ]; then
                        echo "SKIP: bridge_parent_id can't load netdevsim"
                        return $ksft_skip
                fi
                probed=true
        fi

        echo "10 1" > /sys/bus/netdevsim/new_device
        while [ ! -d ${sysfsnet}10 ] ; do :; done
        echo "20 1" > /sys/bus/netdevsim/new_device
        while [ ! -d ${sysfsnet}20 ] ; do :; done
        udevadm settle
        dev10=`ls ${sysfsnet}10/net/`
        dev20=`ls ${sysfsnet}20/net/`

        ip link add name test-bond0 type bond mode 802.3ad
        ip link set dev $dev10 master test-bond0
        ip link set dev $dev20 master test-bond0
        ip link add name test-br0 type bridge
        ip link set dev test-bond0 master test-br0
        check_err $?

        # clean up any leftovers
        ip link del dev test-br0
        ip link del dev test-bond0
        echo 20 > /sys/bus/netdevsim/del_device
        echo 10 > /sys/bus/netdevsim/del_device
        $probed && rmmod netdevsim

        if [ $ret -ne 0 ]; then
                echo "FAIL: bridge_parent_id"
                return 1
        fi
        echo "PASS: bridge_parent_id"
}

address_get_proto()
{
        local addr=$1; shift

        ip -N -j address show dev "$devdummy" |
            jq -e -r --arg addr "${addr%/*}" \
               '.[].addr_info[] | select(.local == $addr) | .protocol'
}

address_count()
{
        ip -N -j address show dev "$devdummy" "$@" |
            jq -e -r '[.[].addr_info[] | .local | select(. != null)] | length'
}

do_test_address_proto()
{
        local what=$1; shift
        local addr=$1; shift
        local addr2=${addr%/*}2/${addr#*/}
        local addr3=${addr%/*}3/${addr#*/}
        local proto
        local count
        local ret=0
        local err

        ip address add dev "$devdummy" "$addr3"
        check_err $?
        proto=$(address_get_proto "$addr3")
        [[ "$proto" == null ]]
        check_err $?

        ip address add dev "$devdummy" "$addr2" proto 0x99
        check_err $?
        proto=$(address_get_proto "$addr2")
        [[ "$proto" == 0x99 ]]
        check_err $?

        ip address add dev "$devdummy" "$addr" proto 0xab
        check_err $?
        proto=$(address_get_proto "$addr")
        [[ "$proto" == 0xab ]]
        check_err $?

        ip address replace dev "$devdummy" "$addr" proto 0x11
        proto=$(address_get_proto "$addr")
        check_err $?
        [[ "$proto" == 0x11 ]]
        check_err $?

        count=$(address_count)
        check_err $?
        (( count >= 3 )) # $addr, $addr2 and $addr3 plus any kernel addresses
        check_err $?

        count=$(address_count proto 0)
        check_err $?
        (( count == 1 )) # just $addr3
        check_err $?

        count=$(address_count proto 0x11)
        check_err $?
        (( count == 2 )) # $addr and $addr3
        check_err $?

        count=$(address_count proto 0xab)
        check_err $?
        (( count == 1 )) # just $addr3
        check_err $?

        ip address del dev "$devdummy" "$addr"
        ip address del dev "$devdummy" "$addr2"
        ip address del dev "$devdummy" "$addr3"

        if [ $ret -ne 0 ]; then
                echo "FAIL: address proto $what"
                return 1
        fi
        echo "PASS: address proto $what"
}

kci_test_address_proto()
{
        local ret=0

        do_test_address_proto IPv4 192.0.2.1/28
        check_err $?

        do_test_address_proto IPv6 2001:db8:1::1/64
        check_err $?

        return $ret
}

kci_test_rtnl()
{
        local current_test
        local ret=0

        kci_add_dummy
        if [ $ret -ne 0 ];then
                echo "FAIL: cannot add dummy interface"
                return 1
        fi

        for current_test in ${TESTS:-$ALL_TESTS}; do
                $current_test
                check_err $?
        done

        kci_del_dummy
        return $ret
}

usage()
{
        cat <<EOF
usage: ${0##*/} OPTS

        -t <test>   Test(s) to run (default: all)
                    (options: $(echo $ALL_TESTS))
EOF
}

#check for needed privileges
if [ "$(id -u)" -ne 0 ];then
        echo "SKIP: Need root privileges"
        exit $ksft_skip
fi

for x in ip tc;do
        $x -Version 2>/dev/null >/dev/null
        if [ $? -ne 0 ];then
                echo "SKIP: Could not run test without the $x tool"
                exit $ksft_skip
        fi
done

while getopts t:h o; do
        case $o in
                t) TESTS=$OPTARG;;
                h) usage; exit 0;;
                *) usage; exit 1;;
        esac
done

kci_test_rtnl

exit $?