~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/net/vrf_strict_mode_test.sh

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 #!/bin/bash
  2 # SPDX-License-Identifier: GPL-2.0
  3 
  4 # This test is designed for testing the new VRF strict_mode functionality.
  5 
  6 source lib.sh
  7 ret=0
  8 
  9 # identifies the "init" network namespace which is often called root network
 10 # namespace.
 11 INIT_NETNS_NAME="init"
 12 
 13 PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
 14 
 15 TESTS="init testns mix"
 16 
 17 log_test()
 18 {
 19         local rc=$1
 20         local expected=$2
 21         local msg="$3"
 22 
 23         if [ ${rc} -eq ${expected} ]; then
 24                 nsuccess=$((nsuccess+1))
 25                 printf "\n    TEST: %-60s  [ OK ]\n" "${msg}"
 26         else
 27                 ret=1
 28                 nfail=$((nfail+1))
 29                 printf "\n    TEST: %-60s  [FAIL]\n" "${msg}"
 30                 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
 31                         echo
 32                         echo "hit enter to continue, 'q' to quit"
 33                         read a
 34                         [ "$a" = "q" ] && exit 1
 35                 fi
 36         fi
 37 }
 38 
 39 print_log_test_results()
 40 {
 41         if [ "$TESTS" != "none" ]; then
 42                 printf "\nTests passed: %3d\n" ${nsuccess}
 43                 printf "Tests failed: %3d\n"   ${nfail}
 44         fi
 45 }
 46 
 47 log_section()
 48 {
 49         echo
 50         echo "################################################################################"
 51         echo "TEST SECTION: $*"
 52         echo "################################################################################"
 53 }
 54 
 55 ip_expand_args()
 56 {
 57         local nsname=$1
 58         local nsarg=""
 59 
 60         if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then
 61                 nsarg="-netns ${nsname}"
 62         fi
 63 
 64         echo "${nsarg}"
 65 }
 66 
 67 vrf_count()
 68 {
 69         local nsname=$1
 70         local nsarg="$(ip_expand_args ${nsname})"
 71 
 72         ip ${nsarg} -o link show type vrf | wc -l
 73 }
 74 
 75 count_vrf_by_table_id()
 76 {
 77         local nsname=$1
 78         local tableid=$2
 79         local nsarg="$(ip_expand_args ${nsname})"
 80 
 81         ip ${nsarg} -d -o link show type vrf | grep "table ${tableid}" | wc -l
 82 }
 83 
 84 add_vrf()
 85 {
 86         local nsname=$1
 87         local vrfname=$2
 88         local vrftable=$3
 89         local nsarg="$(ip_expand_args ${nsname})"
 90 
 91         ip ${nsarg} link add ${vrfname} type vrf table ${vrftable} &>/dev/null
 92 }
 93 
 94 add_vrf_and_check()
 95 {
 96         local nsname=$1
 97         local vrfname=$2
 98         local vrftable=$3
 99         local cnt
100         local rc
101 
102         add_vrf ${nsname} ${vrfname} ${vrftable}; rc=$?
103 
104         cnt=$(count_vrf_by_table_id ${nsname} ${vrftable})
105 
106         log_test ${rc} 0 "${nsname}: add vrf ${vrfname}, ${cnt} vrfs for table ${vrftable}"
107 }
108 
109 add_vrf_and_check_fail()
110 {
111         local nsname=$1
112         local vrfname=$2
113         local vrftable=$3
114         local cnt
115         local rc
116 
117         add_vrf ${nsname} ${vrfname} ${vrftable}; rc=$?
118 
119         cnt=$(count_vrf_by_table_id ${nsname} ${vrftable})
120 
121         log_test ${rc} 2 "${nsname}: CANNOT add vrf ${vrfname}, ${cnt} vrfs for table ${vrftable}"
122 }
123 
124 del_vrf_and_check()
125 {
126         local nsname=$1
127         local vrfname=$2
128         local nsarg="$(ip_expand_args ${nsname})"
129 
130         ip ${nsarg} link del ${vrfname}
131         log_test $? 0 "${nsname}: remove vrf ${vrfname}"
132 }
133 
134 config_vrf_and_check()
135 {
136         local nsname=$1
137         local addr=$2
138         local vrfname=$3
139         local nsarg="$(ip_expand_args ${nsname})"
140 
141         ip ${nsarg} link set dev ${vrfname} up && \
142                 ip ${nsarg} addr add ${addr} dev ${vrfname}
143         log_test $? 0 "${nsname}: vrf ${vrfname} up, addr ${addr}"
144 }
145 
146 read_strict_mode()
147 {
148         local nsname=$1
149         local rval
150         local rc=0
151         local nsexec=""
152 
153         if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then
154                 # a custom network namespace is provided
155                 nsexec="ip netns exec ${nsname}"
156         fi
157 
158         rval="$(${nsexec} bash -c "cat /proc/sys/net/vrf/strict_mode" | \
159                 grep -E "^[0-1]$")" &> /dev/null
160         if [ $? -ne 0 ]; then
161                 # set errors
162                 rval=255
163                 rc=1
164         fi
165 
166         # on success, rval can be only 0 or 1; on error, rval is equal to 255
167         echo ${rval}
168         return ${rc}
169 }
170 
171 read_strict_mode_compare_and_check()
172 {
173         local nsname=$1
174         local expected=$2
175         local res
176 
177         res="$(read_strict_mode ${nsname})"
178         log_test ${res} ${expected} "${nsname}: check strict_mode=${res}"
179 }
180 
181 set_strict_mode()
182 {
183         local nsname=$1
184         local val=$2
185         local nsexec=""
186 
187         if [ "${nsname}" != "${INIT_NETNS_NAME}" ]; then
188                 # a custom network namespace is provided
189                 nsexec="ip netns exec ${nsname}"
190         fi
191 
192         ${nsexec} bash -c "echo ${val} >/proc/sys/net/vrf/strict_mode" &>/dev/null
193 }
194 
195 enable_strict_mode()
196 {
197         local nsname=$1
198 
199         set_strict_mode ${nsname} 1
200 }
201 
202 disable_strict_mode()
203 {
204         local nsname=$1
205 
206         set_strict_mode ${nsname} 0
207 }
208 
209 disable_strict_mode_and_check()
210 {
211         local nsname=$1
212 
213         disable_strict_mode ${nsname}
214         log_test $? 0 "${nsname}: disable strict_mode (=0)"
215 }
216 
217 enable_strict_mode_and_check()
218 {
219         local nsname=$1
220 
221         enable_strict_mode ${nsname}
222         log_test $? 0 "${nsname}: enable strict_mode (=1)"
223 }
224 
225 enable_strict_mode_and_check_fail()
226 {
227         local nsname=$1
228 
229         enable_strict_mode ${nsname}
230         log_test $? 1 "${nsname}: CANNOT enable strict_mode"
231 }
232 
233 strict_mode_check_default()
234 {
235         local nsname=$1
236         local strictmode
237         local vrfcnt
238 
239         vrfcnt=$(vrf_count ${nsname})
240         strictmode=$(read_strict_mode ${nsname})
241         log_test ${strictmode} 0 "${nsname}: strict_mode=0 by default, ${vrfcnt} vrfs"
242 }
243 
244 setup()
245 {
246         modprobe vrf
247 
248         setup_ns testns
249 }
250 
251 cleanup()
252 {
253         ip netns del $testns 2>/dev/null
254 
255         ip link del vrf100 2>/dev/null
256         ip link del vrf101 2>/dev/null
257         ip link del vrf102 2>/dev/null
258 
259         echo 0 >/proc/sys/net/vrf/strict_mode 2>/dev/null
260 }
261 
262 vrf_strict_mode_tests_init()
263 {
264         log_section "VRF strict_mode test on init network namespace"
265 
266         vrf_strict_mode_check_support init
267 
268         strict_mode_check_default init
269 
270         add_vrf_and_check init vrf100 100
271         config_vrf_and_check init 172.16.100.1/24 vrf100
272 
273         enable_strict_mode_and_check init
274 
275         add_vrf_and_check_fail init vrf101 100
276 
277         disable_strict_mode_and_check init
278 
279         add_vrf_and_check init vrf101 100
280         config_vrf_and_check init 172.16.101.1/24 vrf101
281 
282         enable_strict_mode_and_check_fail init
283 
284         del_vrf_and_check init vrf101
285 
286         enable_strict_mode_and_check init
287 
288         add_vrf_and_check init vrf102 102
289         config_vrf_and_check init 172.16.102.1/24 vrf102
290 
291         # the strict_modle is enabled in the init
292 }
293 
294 vrf_strict_mode_tests_testns()
295 {
296         log_section "VRF strict_mode test on testns network namespace"
297 
298         vrf_strict_mode_check_support $testns
299 
300         strict_mode_check_default $testns
301 
302         enable_strict_mode_and_check $testns
303 
304         add_vrf_and_check $testns vrf100 100
305         config_vrf_and_check $testns 10.0.100.1/24 vrf100
306 
307         add_vrf_and_check_fail $testns vrf101 100
308 
309         add_vrf_and_check_fail $testns vrf102 100
310 
311         add_vrf_and_check $testns vrf200 200
312 
313         disable_strict_mode_and_check $testns
314 
315         add_vrf_and_check $testns vrf101 100
316 
317         add_vrf_and_check $testns vrf102 100
318 
319         #the strict_mode is disabled in the $testns
320 }
321 
322 vrf_strict_mode_tests_mix()
323 {
324         log_section "VRF strict_mode test mixing init and testns network namespaces"
325 
326         read_strict_mode_compare_and_check init 1
327 
328         read_strict_mode_compare_and_check $testns 0
329 
330         del_vrf_and_check $testns vrf101
331 
332         del_vrf_and_check $testns vrf102
333 
334         disable_strict_mode_and_check init
335 
336         enable_strict_mode_and_check $testns
337 
338         enable_strict_mode_and_check init
339         enable_strict_mode_and_check init
340 
341         disable_strict_mode_and_check $testns
342         disable_strict_mode_and_check $testns
343 
344         read_strict_mode_compare_and_check init 1
345 
346         read_strict_mode_compare_and_check $testns 0
347 }
348 
349 ################################################################################
350 # usage
351 
352 usage()
353 {
354         cat <<EOF
355 usage: ${0##*/} OPTS
356 
357         -t <test>       Test(s) to run (default: all)
358                         (options: $TESTS)
359 EOF
360 }
361 
362 ################################################################################
363 # main
364 
365 while getopts ":t:h" opt; do
366         case $opt in
367                 t) TESTS=$OPTARG;;
368                 h) usage; exit 0;;
369                 *) usage; exit 1;;
370         esac
371 done
372 
373 vrf_strict_mode_check_support()
374 {
375         local nsname=$1
376         local output
377         local rc
378 
379         output="$(lsmod | grep '^vrf' | awk '{print $1}')"
380         if [ -z "${output}" ]; then
381                 modinfo vrf || return $?
382         fi
383 
384         # we do not care about the value of the strict_mode; we only check if
385         # the strict_mode parameter is available or not.
386         read_strict_mode ${nsname} &>/dev/null; rc=$?
387         log_test ${rc} 0 "${nsname}: net.vrf.strict_mode is available"
388 
389         return ${rc}
390 }
391 
392 if [ "$(id -u)" -ne 0 ];then
393         echo "SKIP: Need root privileges"
394         exit $ksft_skip
395 fi
396 
397 if [ ! -x "$(command -v ip)" ]; then
398         echo "SKIP: Could not run test without ip tool"
399         exit $ksft_skip
400 fi
401 
402 modprobe vrf &>/dev/null
403 if [ ! -e /proc/sys/net/vrf/strict_mode ]; then
404         echo "SKIP: vrf sysctl does not exist"
405         exit $ksft_skip
406 fi
407 
408 cleanup &> /dev/null
409 
410 setup
411 for t in $TESTS
412 do
413         case $t in
414         vrf_strict_mode_tests_init|init) vrf_strict_mode_tests_init;;
415         vrf_strict_mode_tests_testns|testns) vrf_strict_mode_tests_testns;;
416         vrf_strict_mode_tests_mix|mix) vrf_strict_mode_tests_mix;;
417 
418         help) echo "Test names: $TESTS"; exit 0;;
419 
420         esac
421 done
422 cleanup
423 
424 print_log_test_results
425 
426 exit $ret
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php