Linux/tools/testing/selftests/net/l2tp.sh

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 #!/bin/bash 2 # SPDX-License-Identifier: GPL-2.0 3 # 4 # L2TPv3 tunnel between 2 hosts 5 # 6 # host-1 | router | host-2 7 # | | 8 # lo l2tp | | l2tp lo 9 # 172.16.101.1 172.16.1.1 | | 172.16.1.2 172.16.101.2 10 # fc00:101::1 fc00:1::1 | | fc00:1::2 fc00:101::2 11 # | | 12 # eth0 | | eth0 13 # 10.1.1.1 | | 10.1.2.1 14 # 2001:db8:1::1 | | 2001:db8:2::1 15 16 source lib.sh 17 VERBOSE=0 18 PAUSE_ON_FAIL=no 19 20 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) 21 22 ################################################################################ 23 # 24 log_test() 25 { 26 local rc=$1 27 local expected=$2 28 local msg="$3" 29 30 if [ ${rc} -eq ${expected} ]; then 31 printf "TEST: %-60s [ OK ]\n" "${msg}" 32 nsuccess=$((nsuccess+1)) 33 else 34 ret=1 35 nfail=$((nfail+1)) 36 printf "TEST: %-60s [FAIL]\n" "${msg}" 37 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 38 echo 39 echo "hit enter to continue, 'q' to quit" 40 read a 41 [ "$a" = "q" ] && exit 1 42 fi 43 fi 44 } 45 46 run_cmd() 47 { 48 local ns 49 local cmd 50 local out 51 local rc 52 53 ns="$1" 54 shift 55 cmd="$*" 56 57 if [ "$VERBOSE" = "1" ]; then 58 printf " COMMAND: $cmd\n" 59 fi 60 61 out=$(eval ip netns exec ${ns} ${cmd} 2>&1) 62 rc=$? 63 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 64 echo " $out" 65 fi 66 67 [ "$VERBOSE" = "1" ] && echo 68 69 return $rc 70 } 71 72 ################################################################################ 73 # create namespaces and interconnects 74 75 create_ns() 76 { 77 local ns=$1 78 local addr=$2 79 local addr6=$3 80 81 [ -z "${addr}" ] && addr="-" 82 [ -z "${addr6}" ] && addr6="-" 83 84 if [ "${addr}" != "-" ]; then 85 ip -netns ${ns} addr add dev lo ${addr} 86 fi 87 if [ "${addr6}" != "-" ]; then 88 ip -netns ${ns} -6 addr add dev lo ${addr6} 89 fi 90 91 ip -netns ${ns} ro add unreachable default metric 8192 92 ip -netns ${ns} -6 ro add unreachable default metric 8192 93 94 ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1 95 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 96 ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1 97 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1 98 ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.accept_dad=0 99 } 100 101 # create veth pair to connect namespaces and apply addresses. 102 connect_ns() 103 { 104 local ns1=$1 105 local ns1_dev=$2 106 local ns1_addr=$3 107 local ns1_addr6=$4 108 local ns2=$5 109 local ns2_dev=$6 110 local ns2_addr=$7 111 local ns2_addr6=$8 112 113 ip -netns ${ns1} li add ${ns1_dev} type veth peer name tmp 114 ip -netns ${ns1} li set ${ns1_dev} up 115 ip -netns ${ns1} li set tmp netns ${ns2} name ${ns2_dev} 116 ip -netns ${ns2} li set ${ns2_dev} up 117 118 if [ "${ns1_addr}" != "-" ]; then 119 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr} 120 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr} 121 fi 122 123 if [ "${ns1_addr6}" != "-" ]; then 124 ip -netns ${ns1} addr add dev ${ns1_dev} ${ns1_addr6} 125 ip -netns ${ns2} addr add dev ${ns2_dev} ${ns2_addr6} 126 fi 127 } 128 129 ################################################################################ 130 # test setup 131 132 cleanup() 133 { 134 cleanup_ns $host_1 $host_2 $router 135 } 136 137 setup_l2tp_ipv4() 138 { 139 # 140 # configure l2tpv3 tunnel on host-1 141 # 142 ip -netns $host_1 l2tp add tunnel tunnel_id 1041 peer_tunnel_id 1042 \ 143 encap ip local 10.1.1.1 remote 10.1.2.1 144 ip -netns $host_1 l2tp add session name l2tp4 tunnel_id 1041 \ 145 session_id 1041 peer_session_id 1042 146 ip -netns $host_1 link set dev l2tp4 up 147 ip -netns $host_1 addr add dev l2tp4 172.16.1.1 peer 172.16.1.2 148 149 # 150 # configure l2tpv3 tunnel on host-2 151 # 152 ip -netns $host_2 l2tp add tunnel tunnel_id 1042 peer_tunnel_id 1041 \ 153 encap ip local 10.1.2.1 remote 10.1.1.1 154 ip -netns $host_2 l2tp add session name l2tp4 tunnel_id 1042 \ 155 session_id 1042 peer_session_id 1041 156 ip -netns $host_2 link set dev l2tp4 up 157 ip -netns $host_2 addr add dev l2tp4 172.16.1.2 peer 172.16.1.1 158 159 # 160 # add routes to loopback addresses 161 # 162 ip -netns $host_1 ro add 172.16.101.2/32 via 172.16.1.2 163 ip -netns $host_2 ro add 172.16.101.1/32 via 172.16.1.1 164 } 165 166 setup_l2tp_ipv6() 167 { 168 # 169 # configure l2tpv3 tunnel on host-1 170 # 171 ip -netns $host_1 l2tp add tunnel tunnel_id 1061 peer_tunnel_id 1062 \ 172 encap ip local 2001:db8:1::1 remote 2001:db8:2::1 173 ip -netns $host_1 l2tp add session name l2tp6 tunnel_id 1061 \ 174 session_id 1061 peer_session_id 1062 175 ip -netns $host_1 link set dev l2tp6 up 176 ip -netns $host_1 addr add dev l2tp6 fc00:1::1 peer fc00:1::2 177 178 # 179 # configure l2tpv3 tunnel on host-2 180 # 181 ip -netns $host_2 l2tp add tunnel tunnel_id 1062 peer_tunnel_id 1061 \ 182 encap ip local 2001:db8:2::1 remote 2001:db8:1::1 183 ip -netns $host_2 l2tp add session name l2tp6 tunnel_id 1062 \ 184 session_id 1062 peer_session_id 1061 185 ip -netns $host_2 link set dev l2tp6 up 186 ip -netns $host_2 addr add dev l2tp6 fc00:1::2 peer fc00:1::1 187 188 # 189 # add routes to loopback addresses 190 # 191 ip -netns $host_1 -6 ro add fc00:101::2/128 via fc00:1::2 192 ip -netns $host_2 -6 ro add fc00:101::1/128 via fc00:1::1 193 } 194 195 setup() 196 { 197 # start clean 198 cleanup 199 200 set -e 201 setup_ns host_1 host_2 router 202 create_ns $host_1 172.16.101.1/32 fc00:101::1/128 203 create_ns $host_2 172.16.101.2/32 fc00:101::2/128 204 create_ns $router 205 206 connect_ns $host_1 eth0 10.1.1.1/24 2001:db8:1::1/64 \ 207 $router eth1 10.1.1.2/24 2001:db8:1::2/64 208 209 connect_ns $host_2 eth0 10.1.2.1/24 2001:db8:2::1/64 \ 210 $router eth2 10.1.2.2/24 2001:db8:2::2/64 211 212 ip -netns $host_1 ro add 10.1.2.0/24 via 10.1.1.2 213 ip -netns $host_1 -6 ro add 2001:db8:2::/64 via 2001:db8:1::2 214 215 ip -netns $host_2 ro add 10.1.1.0/24 via 10.1.2.2 216 ip -netns $host_2 -6 ro add 2001:db8:1::/64 via 2001:db8:2::2 217 218 setup_l2tp_ipv4 219 setup_l2tp_ipv6 220 set +e 221 } 222 223 setup_ipsec() 224 { 225 # 226 # IPv4 227 # 228 run_cmd $host_1 ip xfrm policy add \ 229 src 10.1.1.1 dst 10.1.2.1 dir out \ 230 tmpl proto esp mode transport 231 232 run_cmd $host_1 ip xfrm policy add \ 233 src 10.1.2.1 dst 10.1.1.1 dir in \ 234 tmpl proto esp mode transport 235 236 run_cmd $host_2 ip xfrm policy add \ 237 src 10.1.1.1 dst 10.1.2.1 dir in \ 238 tmpl proto esp mode transport 239 240 run_cmd $host_2 ip xfrm policy add \ 241 src 10.1.2.1 dst 10.1.1.1 dir out \ 242 tmpl proto esp mode transport 243 244 ip -netns $host_1 xfrm state add \ 245 src 10.1.1.1 dst 10.1.2.1 \ 246 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \ 247 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport 248 249 ip -netns $host_1 xfrm state add \ 250 src 10.1.2.1 dst 10.1.1.1 \ 251 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \ 252 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport 253 254 ip -netns $host_2 xfrm state add \ 255 src 10.1.1.1 dst 10.1.2.1 \ 256 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \ 257 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport 258 259 ip -netns $host_2 xfrm state add \ 260 src 10.1.2.1 dst 10.1.1.1 \ 261 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \ 262 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport 263 264 # 265 # IPV6 266 # 267 run_cmd $host_1 ip -6 xfrm policy add \ 268 src 2001:db8:1::1 dst 2001:db8:2::1 dir out \ 269 tmpl proto esp mode transport 270 271 run_cmd $host_1 ip -6 xfrm policy add \ 272 src 2001:db8:2::1 dst 2001:db8:1::1 dir in \ 273 tmpl proto esp mode transport 274 275 run_cmd $host_2 ip -6 xfrm policy add \ 276 src 2001:db8:1::1 dst 2001:db8:2::1 dir in \ 277 tmpl proto esp mode transport 278 279 run_cmd $host_2 ip -6 xfrm policy add \ 280 src 2001:db8:2::1 dst 2001:db8:1::1 dir out \ 281 tmpl proto esp mode transport 282 283 ip -netns $host_1 -6 xfrm state add \ 284 src 2001:db8:1::1 dst 2001:db8:2::1 \ 285 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \ 286 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport 287 288 ip -netns $host_1 -6 xfrm state add \ 289 src 2001:db8:2::1 dst 2001:db8:1::1 \ 290 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \ 291 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport 292 293 ip -netns $host_2 -6 xfrm state add \ 294 src 2001:db8:1::1 dst 2001:db8:2::1 \ 295 spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' \ 296 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport 297 298 ip -netns $host_2 -6 xfrm state add \ 299 src 2001:db8:2::1 dst 2001:db8:1::1 \ 300 spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' \ 301 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode transport 302 } 303 304 teardown_ipsec() 305 { 306 run_cmd $host_1 ip xfrm state flush 307 run_cmd $host_1 ip xfrm policy flush 308 run_cmd $host_2 ip xfrm state flush 309 run_cmd $host_2 ip xfrm policy flush 310 } 311 312 ################################################################################ 313 # generate traffic through tunnel for various cases 314 315 run_ping() 316 { 317 local desc="$1" 318 319 run_cmd $host_1 ping -c1 -w1 172.16.1.2 320 log_test $? 0 "IPv4 basic L2TP tunnel ${desc}" 321 322 run_cmd $host_1 ping -c1 -w1 -I 172.16.101.1 172.16.101.2 323 log_test $? 0 "IPv4 route through L2TP tunnel ${desc}" 324 325 run_cmd $host_1 ${ping6} -c1 -w1 fc00:1::2 326 log_test $? 0 "IPv6 basic L2TP tunnel ${desc}" 327 328 run_cmd $host_1 ${ping6} -c1 -w1 -I fc00:101::1 fc00:101::2 329 log_test $? 0 "IPv6 route through L2TP tunnel ${desc}" 330 } 331 332 run_tests() 333 { 334 local desc 335 336 setup 337 run_ping 338 339 setup_ipsec 340 run_ping "- with IPsec" 341 run_cmd $host_1 ping -c1 -w1 172.16.1.2 342 log_test $? 0 "IPv4 basic L2TP tunnel ${desc}" 343 344 run_cmd $host_1 ping -c1 -w1 -I 172.16.101.1 172.16.101.2 345 log_test $? 0 "IPv4 route through L2TP tunnel ${desc}" 346 347 run_cmd $host_1 ${ping6} -c1 -w1 fc00:1::2 348 log_test $? 0 "IPv6 basic L2TP tunnel - with IPsec" 349 350 run_cmd $host_1 ${ping6} -c1 -w1 -I fc00:101::1 fc00:101::2 351 log_test $? 0 "IPv6 route through L2TP tunnel - with IPsec" 352 353 teardown_ipsec 354 run_ping "- after IPsec teardown" 355 } 356 357 ################################################################################ 358 # main 359 360 declare -i nfail=0 361 declare -i nsuccess=0 362 363 while getopts :pv o 364 do 365 case $o in 366 p) PAUSE_ON_FAIL=yes;; 367 v) VERBOSE=$(($VERBOSE + 1));; 368 *) exit 1;; 369 esac 370 done 371 372 run_tests 373 cleanup 374 375 printf "\nTests passed: %3d\n" ${nsuccess} 376 printf "Tests failed: %3d\n" ${nfail}

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/tools/testing/selftests/net/l2tp.sh

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/net/l2tp.sh