Ziele Untersuchung
mit Columbo Integrität von
Datenbanken Interaktion und
Portierbarkeit Ergonomie der
Schnittstellen

Angebot Produkte Projekt Beratung

Mittel Analytik Modellierung Sprachen Algebra Logik Hardware Denken Kreativität

Zusammenhänge Gesellschaft Wirtschaft Branche Firma


products/sources/formale Sprachen/C/Linux/tools/testing/selftests/net/ (Open Source Betriebssystem Version 6.17.9^©) Datei vom 24.10.2025 mit Größe 10 kB

Quelle vrf-xfrm-tests.sh Sprache: Shell

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# Various combinations of VRF with xfrms and qdisc.

source lib.sh
PAUSE_ON_FAIL=no
VERBOSE=0
ret=0

HOST1_4=192.168.1.1
HOST2_4=192.168.1.2
HOST1_6=2001:db8:1::1
HOST2_6=2001:db8:1::2

XFRM1_4=10.0.1.1
XFRM2_4=10.0.1.2
XFRM1_6=fc00:1000::1
XFRM2_6=fc00:1000::2
IF_ID=123

VRF=red
TABLE=300

AUTH_1=0xd94fcfea65fddf21dc6e0d24a0253508
AUTH_2=0xdc6e0d24a0253508d94fcfea65fddf21
ENC_1=0xfc46c20f8048be9725930ff3fb07ac2a91f0347dffeacf62
ENC_2=0x3fb07ac2a91f0347dffeacf62fc46c20f8048be9725930ff
SPI_1=0x02122b77
SPI_2=0x2b770212

which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)

################################################################################
#
log_test()
{
local rc=$1
local expected=$2
local msg="$3"

if [ ${rc} -eq ${expected} ]; then
  printf "TEST: %-60s [ OK ]\n" "${msg}"
  nsuccess=$((nsuccess+1))
else
  ret=1
  nfail=$((nfail+1))
  printf "TEST: %-60s [FAIL]\n" "${msg}"
  if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
   echo
   echo "hit enter to continue, 'q' to quit"
   read a
   [ "$a" = "q" ] && exit 1
  fi
fi
}

run_cmd_host1()
{
local cmd="$*"
local out
local rc

if [ "$VERBOSE" = "1" ]; then
  printf " COMMAND: $cmd\n"
fi

out=$(eval ip netns exec $host1 $cmd 2>&1)
rc=$?
if [ "$VERBOSE" = "1" ]; then
  if [ -n "$out" ]; then
   echo
   echo " $out"
  fi
  echo
fi

return $rc
}

################################################################################
# create namespaces for hosts and sws

create_vrf()
{
local ns=$1
local vrf=$2
local table=$3

if [ -n "${ns}" ]; then
  ns="-netns ${ns}"
fi

ip ${ns} link add ${vrf} type vrf table ${table}
ip ${ns} link set ${vrf} up
ip ${ns} route add vrf ${vrf} unreachable default metric 8192
ip ${ns} -6 route add vrf ${vrf} unreachable default metric 8192

ip ${ns} addr add 127.0.0.1/8 dev ${vrf}
ip ${ns} -6 addr add ::1 dev ${vrf} nodad

ip ${ns} ru del pref 0
ip ${ns} ru add pref 32765 from all lookup local
ip ${ns} -6 ru del pref 0
ip ${ns} -6 ru add pref 32765 from all lookup local
}

create_ns()
{
local ns=$1
local addr=$2
local addr6=$3

[ -z "${addr}" ] && addr="-"
[ -z "${addr6}" ] && addr6="-"

if [ "${addr}" != "-" ]; then
  ip -netns ${ns} addr add dev lo ${addr}
fi
if [ "${addr6}" != "-" ]; then
  ip -netns ${ns} -6 addr add dev lo ${addr6}
fi

ip -netns ${ns} ro add unreachable default metric 8192
ip -netns ${ns} -6 ro add unreachable default metric 8192

ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1
ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.accept_dad=0
}

# create veth pair to connect namespaces and apply addresses.
connect_ns()
{
local ns1=$1
local ns1_dev=$2
local ns1_addr=$3
local ns1_addr6=$4
local ns2=$5
local ns2_dev=$6
local ns2_addr=$7
local ns2_addr6=$8
local ns1arg
local ns2arg

if [ -n "${ns1}" ]; then
  ns1arg="-netns ${ns1}"
fi
if [ -n "${ns2}" ]; then
  ns2arg="-netns ${ns2}"
fi

ip ${ns1arg} li add ${ns1_dev} type veth peer name tmp
ip ${ns1arg} li set ${ns1_dev} up
ip ${ns1arg} li set tmp netns ${ns2} name ${ns2_dev}
ip ${ns2arg} li set ${ns2_dev} up

if [ "${ns1_addr}" != "-" ]; then
  ip ${ns1arg} addr add dev ${ns1_dev} ${ns1_addr}
  ip ${ns2arg} addr add dev ${ns2_dev} ${ns2_addr}
fi

if [ "${ns1_addr6}" != "-" ]; then
  ip ${ns1arg} addr add dev ${ns1_dev} ${ns1_addr6} nodad
  ip ${ns2arg} addr add dev ${ns2_dev} ${ns2_addr6} nodad
fi
}

################################################################################

cleanup()
{
cleanup_ns $host1 $host2
}

setup()
{
setup_ns host1 host2
create_ns "$host1"
create_ns "$host2"

connect_ns "$host1" eth0 ${HOST1_4}/24 ${HOST1_6}/64 \
            "$host2" eth0 ${HOST2_4}/24 ${HOST2_6}/64

create_vrf "$host1" ${VRF} ${TABLE}
ip -netns $host1 link set dev eth0 master ${VRF}
}

cleanup_xfrm()
{
for ns in $host1 $host2
do
  for x in state policy
  do
   ip -netns ${ns} xfrm ${x} flush
   ip -6 -netns ${ns} xfrm ${x} flush
  done
done
}

setup_xfrm()
{
local h1_4=$1
local h2_4=$2
local h1_6=$3
local h2_6=$4
local devarg="$5"

#
# policy
#

# host1 - IPv4 out
ip -netns $host1 xfrm policy add \
   src ${h1_4} dst ${h2_4} ${devarg} dir out \
   tmpl src ${HOST1_4} dst ${HOST2_4} proto esp mode tunnel

# host2 - IPv4 in
ip -netns $host2 xfrm policy add \
   src ${h1_4} dst ${h2_4} dir in \
   tmpl src ${HOST1_4} dst ${HOST2_4} proto esp mode tunnel

# host1 - IPv4 in
ip -netns $host1 xfrm policy add \
   src ${h2_4} dst ${h1_4} ${devarg} dir in \
   tmpl src ${HOST2_4} dst ${HOST1_4} proto esp mode tunnel

# host2 - IPv4 out
ip -netns $host2 xfrm policy add \
   src ${h2_4} dst ${h1_4} dir out \
   tmpl src ${HOST2_4} dst ${HOST1_4} proto esp mode tunnel

# host1 - IPv6 out
ip -6 -netns $host1 xfrm policy add \
   src ${h1_6} dst ${h2_6} ${devarg} dir out \
   tmpl src ${HOST1_6} dst ${HOST2_6} proto esp mode tunnel

# host2 - IPv6 in
ip -6 -netns $host2 xfrm policy add \
   src ${h1_6} dst ${h2_6} dir in \
   tmpl src ${HOST1_6} dst ${HOST2_6} proto esp mode tunnel

# host1 - IPv6 in
ip -6 -netns $host1 xfrm policy add \
   src ${h2_6} dst ${h1_6} ${devarg} dir in \
   tmpl src ${HOST2_6} dst ${HOST1_6} proto esp mode tunnel

# host2 - IPv6 out
ip -6 -netns $host2 xfrm policy add \
   src ${h2_6} dst ${h1_6} dir out \
   tmpl src ${HOST2_6} dst ${HOST1_6} proto esp mode tunnel

#
# state
#
ip -netns $host1 xfrm state add src ${HOST1_4} dst ${HOST2_4} \
     proto esp spi ${SPI_1} reqid 0 mode tunnel \
     replay-window 4 replay-oseq 0x4 \
     auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \
     enc 'cbc(aes)' ${ENC_1} \
     sel src ${h1_4} dst ${h2_4} ${devarg}

ip -netns $host2 xfrm state add src ${HOST1_4} dst ${HOST2_4} \
     proto esp spi ${SPI_1} reqid 0 mode tunnel \
     replay-window 4 replay-oseq 0x4 \
     auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \
     enc 'cbc(aes)' ${ENC_1} \
     sel src ${h1_4} dst ${h2_4}

ip -netns $host1 xfrm state add src ${HOST2_4} dst ${HOST1_4} \
     proto esp spi ${SPI_2} reqid 0 mode tunnel \
     replay-window 4 replay-oseq 0x4 \
     auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \
     enc 'cbc(aes)' ${ENC_2} \
     sel src ${h2_4} dst ${h1_4} ${devarg}

ip -netns $host2 xfrm state add src ${HOST2_4} dst ${HOST1_4} \
     proto esp spi ${SPI_2} reqid 0 mode tunnel \
     replay-window 4 replay-oseq 0x4 \
     auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \
     enc 'cbc(aes)' ${ENC_2} \
     sel src ${h2_4} dst ${h1_4}

ip -6 -netns $host1 xfrm state add src ${HOST1_6} dst ${HOST2_6} \
     proto esp spi ${SPI_1} reqid 0 mode tunnel \
     replay-window 4 replay-oseq 0x4 \
     auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \
     enc 'cbc(aes)' ${ENC_1} \
     sel src ${h1_6} dst ${h2_6} ${devarg}

ip -6 -netns $host2 xfrm state add src ${HOST1_6} dst ${HOST2_6} \
     proto esp spi ${SPI_1} reqid 0 mode tunnel \
     replay-window 4 replay-oseq 0x4 \
     auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \
     enc 'cbc(aes)' ${ENC_1} \
     sel src ${h1_6} dst ${h2_6}

ip -6 -netns $host1 xfrm state add src ${HOST2_6} dst ${HOST1_6} \
     proto esp spi ${SPI_2} reqid 0 mode tunnel \
     replay-window 4 replay-oseq 0x4 \
     auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \
     enc 'cbc(aes)' ${ENC_2} \
     sel src ${h2_6} dst ${h1_6} ${devarg}

ip -6 -netns $host2 xfrm state add src ${HOST2_6} dst ${HOST1_6} \
     proto esp spi ${SPI_2} reqid 0 mode tunnel \
     replay-window 4 replay-oseq 0x4 \
     auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \
     enc 'cbc(aes)' ${ENC_2} \
     sel src ${h2_6} dst ${h1_6}
}

cleanup_xfrm_dev()
{
ip -netns $host1 li del xfrm0
ip -netns $host2 addr del ${XFRM2_4}/24 dev eth0
ip -netns $host2 addr del ${XFRM2_6}/64 dev eth0
}

setup_xfrm_dev()
{
local vrfarg="vrf ${VRF}"

ip -netns $host1 li add type xfrm dev eth0 if_id ${IF_ID}
ip -netns $host1 li set xfrm0 ${vrfarg} up
ip -netns $host1 addr add ${XFRM1_4}/24 dev xfrm0
ip -netns $host1 addr add ${XFRM1_6}/64 dev xfrm0

ip -netns $host2 addr add ${XFRM2_4}/24 dev eth0
ip -netns $host2 addr add ${XFRM2_6}/64 dev eth0

setup_xfrm ${XFRM1_4} ${XFRM2_4} ${XFRM1_6} ${XFRM2_6} "if_id ${IF_ID}"
}

run_tests()
{
cleanup_xfrm

# no IPsec
run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
log_test $? 0 "IPv4 no xfrm policy"
run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
log_test $? 0 "IPv6 no xfrm policy"

# xfrm without VRF in sel
setup_xfrm ${HOST1_4} ${HOST2_4} ${HOST1_6} ${HOST2_6}
run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
log_test $? 0 "IPv4 xfrm policy based on address"
run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
log_test $? 0 "IPv6 xfrm policy based on address"
cleanup_xfrm

# xfrm with VRF in sel
# Known failure: ipv4 resets the flow oif after the lookup. Fix is
# not straightforward.
# setup_xfrm ${HOST1_4} ${HOST2_4} ${HOST1_6} ${HOST2_6} "dev ${VRF}"
# run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
# log_test $? 0 "IPv4 xfrm policy with VRF in selector"
run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
log_test $? 0 "IPv6 xfrm policy with VRF in selector"
cleanup_xfrm

# xfrm with enslaved device in sel
# Known failures: combined with the above, __xfrm{4,6}_selector_match
# needs to consider both l3mdev and enslaved device index.
# setup_xfrm ${HOST1_4} ${HOST2_4} ${HOST1_6} ${HOST2_6} "dev eth0"
# run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${HOST2_4}
# log_test $? 0 "IPv4 xfrm policy with enslaved device in selector"
# run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${HOST2_6}
# log_test $? 0 "IPv6 xfrm policy with enslaved device in selector"
# cleanup_xfrm

# xfrm device
setup_xfrm_dev
run_cmd_host1 ip vrf exec ${VRF} ping -c1 -w1 ${XFRM2_4}
log_test $? 0 "IPv4 xfrm policy with xfrm device"
run_cmd_host1 ip vrf exec ${VRF} ${ping6} -c1 -w1 ${XFRM2_6}
log_test $? 0 "IPv6 xfrm policy with xfrm device"
cleanup_xfrm_dev
}

################################################################################
# usage

usage()
{
        cat <<EOF
usage: ${0##*/} OPTS

        -p          Pause on fail
        -v          verbose mode (show commands and output)

done
EOF
}

################################################################################
# main

while getopts :pv o
do
case $o in
  p) PAUSE_ON_FAIL=yes;;
  v) VERBOSE=$(($VERBOSE + 1));;
  h) usage; exit 0;;
  *) usage; exit 1;;
esac
done

cleanup 2>/dev/null
setup

echo
echo "No qdisc on VRF device"
run_tests

run_cmd_host1 tc qdisc add dev ${VRF} root netem delay 100ms
echo
echo "netem qdisc on VRF device"
run_tests

printf "\nTests passed: %3d\n" ${nsuccess}
printf "Tests failed: %3d\n"   ${nfail}

exit $ret

Messung V0.5

¤ Dauer der Verarbeitung: 0.27 Sekunden (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.