36455bd1e9
Introduce list of tests and their descriptions, and loop on it in main body. Tests will now just take care of calling setup with a list of "units" they need, and return 0 on success, 1 on failure, 2 if the test had to be skipped. Main script body will take care of displaying results and cleaning up after every test. Introduce guard variable so that we don't clean up twice in case of interrupts or unexpected failures. The pmtu_vti6_exception test can now run its third step even if the previous one failed, as we can return values from it. Also introduce support to display test descriptions, and display aligned OK/FAIL/SKIP test outcomes. Buffer error strings so that in case of failure we can display them right under the outcome for each test. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
198 lines
5.1 KiB
Bash
Executable File
198 lines
5.1 KiB
Bash
Executable File
#!/bin/sh
|
|
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Check that route PMTU values match expectations
|
|
#
|
|
# Tests currently implemented:
|
|
#
|
|
# - pmtu_vti6_exception
|
|
# Set up vti6 tunnel on top of veth, with xfrm states and policies, in two
|
|
# namespaces with matching endpoints. Check that route exception is
|
|
# created by exceeding link layer MTU with ping to other endpoint. Then
|
|
# decrease and increase MTU of tunnel, checking that route exception PMTU
|
|
# changes accordingly
|
|
|
|
tests="
|
|
pmtu_vti6_exception vti6: PMTU exceptions"
|
|
|
|
NS_A="ns-$(mktemp -u XXXXXX)"
|
|
NS_B="ns-$(mktemp -u XXXXXX)"
|
|
ns_a="ip netns exec ${NS_A}"
|
|
ns_b="ip netns exec ${NS_B}"
|
|
|
|
veth6_a_addr="fd00:1::a"
|
|
veth6_b_addr="fd00:1::b"
|
|
veth6_mask="64"
|
|
|
|
vti6_a_addr="fd00:2::a"
|
|
vti6_b_addr="fd00:2::b"
|
|
vti6_mask="64"
|
|
|
|
cleanup_done=1
|
|
err_buf=
|
|
|
|
err() {
|
|
err_buf="${err_buf}${1}
|
|
"
|
|
}
|
|
|
|
err_flush() {
|
|
echo -n "${err_buf}"
|
|
err_buf=
|
|
}
|
|
|
|
setup_namespaces() {
|
|
ip netns add ${NS_A} || return 1
|
|
ip netns add ${NS_B}
|
|
}
|
|
|
|
setup_veth() {
|
|
${ns_a} ip link add veth_a type veth peer name veth_b || return 1
|
|
${ns_a} ip link set veth_b netns ${NS_B}
|
|
|
|
${ns_a} ip addr add ${veth6_a_addr}/${veth6_mask} dev veth_a
|
|
${ns_b} ip addr add ${veth6_b_addr}/${veth6_mask} dev veth_b
|
|
|
|
${ns_a} ip link set veth_a up
|
|
${ns_b} ip link set veth_b up
|
|
}
|
|
|
|
setup_vti6() {
|
|
${ns_a} ip link add vti_a type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10 || return 1
|
|
${ns_b} ip link add vti_b type vti6 local ${veth6_b_addr} remote ${veth6_a_addr} key 10
|
|
|
|
${ns_a} ip addr add ${vti6_a_addr}/${vti6_mask} dev vti_a
|
|
${ns_b} ip addr add ${vti6_b_addr}/${vti6_mask} dev vti_b
|
|
|
|
${ns_a} ip link set vti_a up
|
|
${ns_b} ip link set vti_b up
|
|
|
|
sleep 1
|
|
}
|
|
|
|
setup_xfrm() {
|
|
${ns_a} ip -6 xfrm state add src ${veth6_a_addr} dst ${veth6_b_addr} spi 0x1000 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel || return 1
|
|
${ns_a} ip -6 xfrm state add src ${veth6_b_addr} dst ${veth6_a_addr} spi 0x1001 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
|
|
${ns_a} ip -6 xfrm policy add dir out mark 10 tmpl src ${veth6_a_addr} dst ${veth6_b_addr} proto esp mode tunnel
|
|
${ns_a} ip -6 xfrm policy add dir in mark 10 tmpl src ${veth6_b_addr} dst ${veth6_a_addr} proto esp mode tunnel
|
|
|
|
${ns_b} ip -6 xfrm state add src ${veth6_a_addr} dst ${veth6_b_addr} spi 0x1000 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
|
|
${ns_b} ip -6 xfrm state add src ${veth6_b_addr} dst ${veth6_a_addr} spi 0x1001 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
|
|
${ns_b} ip -6 xfrm policy add dir out mark 10 tmpl src ${veth6_b_addr} dst ${veth6_a_addr} proto esp mode tunnel
|
|
${ns_b} ip -6 xfrm policy add dir in mark 10 tmpl src ${veth6_a_addr} dst ${veth6_b_addr} proto esp mode tunnel
|
|
}
|
|
|
|
setup() {
|
|
[ "$(id -u)" -ne 0 ] && echo " need to run as root" && return 1
|
|
|
|
cleanup_done=0
|
|
for arg do
|
|
eval setup_${arg} || { echo " ${arg} not supported"; return 1; }
|
|
done
|
|
}
|
|
|
|
cleanup() {
|
|
[ ${cleanup_done} -eq 1 ] && return
|
|
ip netns del ${NS_A} 2 > /dev/null
|
|
ip netns del ${NS_B} 2 > /dev/null
|
|
cleanup_done=1
|
|
}
|
|
|
|
mtu() {
|
|
ns_cmd="${1}"
|
|
dev="${2}"
|
|
mtu="${3}"
|
|
|
|
${ns_cmd} ip link set dev ${dev} mtu ${mtu}
|
|
}
|
|
|
|
mtu_parse() {
|
|
input="${1}"
|
|
|
|
next=0
|
|
for i in ${input}; do
|
|
[ ${next} -eq 1 ] && echo "${i}" && return
|
|
[ "${i}" = "mtu" ] && next=1
|
|
done
|
|
}
|
|
|
|
route_get_dst_exception() {
|
|
ns_cmd="${1}"
|
|
dst="${2}"
|
|
|
|
${ns_cmd} ip route get "${dst}"
|
|
}
|
|
|
|
route_get_dst_pmtu_from_exception() {
|
|
ns_cmd="${1}"
|
|
dst="${2}"
|
|
|
|
mtu_parse "$(route_get_dst_exception "${ns_cmd}" ${dst})"
|
|
}
|
|
|
|
test_pmtu_vti6_exception() {
|
|
setup namespaces veth vti6 xfrm || return 2
|
|
fail=0
|
|
|
|
# Create route exception by exceeding link layer MTU
|
|
mtu "${ns_a}" veth_a 4000
|
|
mtu "${ns_b}" veth_b 4000
|
|
mtu "${ns_a}" vti_a 5000
|
|
mtu "${ns_b}" vti_b 5000
|
|
${ns_a} ping6 -q -i 0.1 -w 2 -s 60000 ${vti6_b_addr} > /dev/null
|
|
|
|
# Check that exception was created
|
|
if [ "$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti6_b_addr})" = "" ]; then
|
|
err " tunnel exceeding link layer MTU didn't create route exception"
|
|
return 1
|
|
fi
|
|
|
|
# Decrease tunnel MTU, check for PMTU decrease in route exception
|
|
mtu "${ns_a}" vti_a 3000
|
|
|
|
if [ "$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti6_b_addr})" -ne 3000 ]; then
|
|
err " decreasing tunnel MTU didn't decrease route exception PMTU"
|
|
fail=1
|
|
fi
|
|
|
|
# Increase tunnel MTU, check for PMTU increase in route exception
|
|
mtu "${ns_a}" vti_a 9000
|
|
if [ "$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti6_b_addr})" -ne 9000 ]; then
|
|
err " increasing tunnel MTU didn't increase route exception PMTU"
|
|
fail=1
|
|
fi
|
|
|
|
return ${fail}
|
|
}
|
|
|
|
trap cleanup EXIT
|
|
|
|
exitcode=0
|
|
desc=0
|
|
IFS="
|
|
"
|
|
for t in ${tests}; do
|
|
[ $desc -eq 0 ] && name="${t}" && desc=1 && continue || desc=0
|
|
|
|
(
|
|
unset IFS
|
|
eval test_${name}
|
|
ret=$?
|
|
cleanup
|
|
|
|
if [ $ret -eq 0 ]; then
|
|
printf "TEST: %-60s [ OK ]\n" "${t}"
|
|
elif [ $ret -eq 1 ]; then
|
|
printf "TEST: %-60s [FAIL]\n" "${t}"
|
|
err_flush
|
|
exit 1
|
|
elif [ $ret -eq 2 ]; then
|
|
printf "TEST: %-60s [SKIP]\n" "${t}"
|
|
err_flush
|
|
fi
|
|
)
|
|
[ $? -ne 0 ] && exitcode=1
|
|
done
|
|
|
|
exit ${exitcode}
|