mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 10:40:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fcnal-test: Add TCP MD5 tests for VRF

Browse source 
Add tests for new TCP MD5 API for L3 domains (VRF).

A new namespace is added to create a duplicate configuration between
the VRF and default VRF to verify overlapping config is handled properly.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Ahern 2019-12-30 14:14:33 -08:00 committed by David S. Miller
parent f0bee1ebb5
commit 5cad8bce26
1 changed files with 313 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

313
tools/testing/selftests/net/fcnal-test.sh
View file

@ -32,12 +32,17 @@
# lo2: 127.0.0.1/8, ::1/128 # lo2: 127.0.0.1/8, ::1/128
# 172.16.2.2/32, 2001:db8:2::2/128 # 172.16.2.2/32, 2001:db8:2::2/128
# #
# ns-A to ns-C connection - only for VRF and same config
# as ns-A to ns-B
#
# server / client nomenclature relative to ns-A # server / client nomenclature relative to ns-A
VERBOSE=0 VERBOSE=0
NSA_DEV=eth1 NSA_DEV=eth1
NSA_DEV2=eth2
NSB_DEV=eth1 NSB_DEV=eth1
NSC_DEV=eth2
VRF=red VRF=red
VRF_TABLE=1101 VRF_TABLE=1101
@ -68,9 +73,11 @@ NSB_LINKIP6=
NSA=ns-A NSA=ns-A
NSB=ns-B NSB=ns-B
NSC=ns-C
NSA_CMD="ip netns exec ${NSA}" NSA_CMD="ip netns exec ${NSA}"
NSB_CMD="ip netns exec ${NSB}" NSB_CMD="ip netns exec ${NSB}"
NSC_CMD="ip netns exec ${NSC}"
which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
@ -200,6 +207,11 @@ run_cmd_nsb()
do_run_cmd ${NSB_CMD} $* do_run_cmd ${NSB_CMD} $*
} }
run_cmd_nsc()
{
do_run_cmd ${NSC_CMD} $*
}
setup_cmd() setup_cmd()
{ {
local cmd="$*" local cmd="$*"
@ -406,6 +418,7 @@ cleanup()
fi fi
ip netns del ${NSB} ip netns del ${NSB}
ip netns del ${NSC} >/dev/null 2>&1
} }
setup() setup()
@ -437,6 +450,12 @@ setup()
ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV} ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV} ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
# some VRF tests use ns-C which has the same config as
# ns-B but for a device NOT in the VRF
create_ns ${NSC} "-" "-"
connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
else else
ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV} ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV} ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
@ -787,6 +806,150 @@ ipv4_tcp_md5_novrf()
log_test $? 2 "MD5: Prefix config, client address not in configured prefix" log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
} }
#
# MD5 tests with VRF
#
ipv4_tcp_md5()
{
#
# single address
#
# basic use case
log_start
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config"
# client sends MD5, server not configured
log_start
show_hint "Should timeout since server does not have MD5 auth"
run_cmd nettest -s -d ${VRF} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Server no config, client uses password"
# wrong password
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Client uses wrong password"
# client from different address
log_start
show_hint "Should timeout since server config differs from client"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
#
# MD5 extension - prefix length
#
# client in prefix
log_start
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Prefix config"
# client in prefix, wrong password
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
# client outside of prefix
log_start
show_hint "Should timeout since client address is outside of prefix"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
#
# duplicate config between default VRF and a VRF
#
log_start
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
log_start
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
sleep 1
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
log_start
show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
sleep 1
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
log_start
show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
log_start
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
log_start
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
log_start
show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
log_start
show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
#
# negative tests
#
log_start
run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP}
log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
log_start
run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
}
ipv4_tcp_novrf() ipv4_tcp_novrf()
{ {
local a local a
@ -958,6 +1121,9 @@ ipv4_tcp_vrf()
run_cmd nettest -r ${a} -d ${NSA_DEV} run_cmd nettest -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 1 "Global server, local connection" log_test_addr ${a} $? 1 "Global server, local connection"
# run MD5 tests
ipv4_tcp_md5
# #
# enable VRF global server # enable VRF global server
# #
@ -2104,6 +2270,150 @@ ipv6_tcp_md5_novrf()
log_test $? 2 "MD5: Prefix config, client address not in configured prefix" log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
} }
#
# MD5 tests with VRF
#
ipv6_tcp_md5()
{
#
# single address
#
# basic use case
log_start
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config"
# client sends MD5, server not configured
log_start
show_hint "Should timeout since server does not have MD5 auth"
run_cmd nettest -6 -s -d ${VRF} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Server no config, client uses password"
# wrong password
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Client uses wrong password"
# client from different address
log_start
show_hint "Should timeout since server config differs from client"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
#
# MD5 extension - prefix length
#
# client in prefix
log_start
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Prefix config"
# client in prefix, wrong password
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
# client outside of prefix
log_start
show_hint "Should timeout since client address is outside of prefix"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
#
# duplicate config between default VRF and a VRF
#
log_start
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
log_start
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
sleep 1
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
log_start
show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
sleep 1
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
log_start
show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
log_start
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
log_start
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
log_start
show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
log_start
show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
#
# negative tests
#
log_start
run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP6}
log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
log_start
run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
}
ipv6_tcp_novrf() ipv6_tcp_novrf()
{ {
local a local a
@ -2290,6 +2600,9 @@ ipv6_tcp_vrf()
run_cmd nettest -6 -r ${a} -d ${NSA_DEV} run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 1 "Global server, local connection" log_test_addr ${a} $? 1 "Global server, local connection"
# run MD5 tests
ipv6_tcp_md5
# #
# enable VRF global server # enable VRF global server
# #