forked from mirrors/linux
fcnal-test: Add TCP MD5 tests for VRF
Add tests for new TCP MD5 API for L3 domains (VRF). A new namespace is added to create a duplicate configuration between the VRF and default VRF to verify overlapping config is handled properly. Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Ahern
David S. Miller
parent
f0bee1ebb5
commit
5cad8bce26
1 changed files with 313 additions and 0 deletions
|
|
@ -32,12 +32,17 @@
|
|||
# lo2: 127.0.0.1/8, ::1/128
|
||||
# 172.16.2.2/32, 2001:db8:2::2/128
|
||||
#
|
||||
# ns-A to ns-C connection - only for VRF and same config
|
||||
# as ns-A to ns-B
|
||||
#
|
||||
# server / client nomenclature relative to ns-A
|
||||
|
||||
VERBOSE=0
|
||||
|
||||
NSA_DEV=eth1
|
||||
NSA_DEV2=eth2
|
||||
NSB_DEV=eth1
|
||||
NSC_DEV=eth2
|
||||
VRF=red
|
||||
VRF_TABLE=1101
|
||||
|
||||
|
|
@ -68,9 +73,11 @@ NSB_LINKIP6=
|
|||
|
||||
NSA=ns-A
|
||||
NSB=ns-B
|
||||
NSC=ns-C
|
||||
|
||||
NSA_CMD="ip netns exec ${NSA}"
|
||||
NSB_CMD="ip netns exec ${NSB}"
|
||||
NSC_CMD="ip netns exec ${NSC}"
|
||||
|
||||
which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
|
||||
|
||||
|
|
@ -200,6 +207,11 @@ run_cmd_nsb()
|
|||
do_run_cmd ${NSB_CMD} $*
|
||||
}
|
||||
|
||||
run_cmd_nsc()
|
||||
{
|
||||
do_run_cmd ${NSC_CMD} $*
|
||||
}
|
||||
|
||||
setup_cmd()
|
||||
{
|
||||
local cmd="$*"
|
||||
|
|
@ -406,6 +418,7 @@ cleanup()
|
|||
fi
|
||||
|
||||
ip netns del ${NSB}
|
||||
ip netns del ${NSC} >/dev/null 2>&1
|
||||
}
|
||||
|
||||
setup()
|
||||
|
|
@ -437,6 +450,12 @@ setup()
|
|||
|
||||
ip -netns ${NSB} ro add ${VRF_IP}/32 via ${NSA_IP} dev ${NSB_DEV}
|
||||
ip -netns ${NSB} -6 ro add ${VRF_IP6}/128 via ${NSA_IP6} dev ${NSB_DEV}
|
||||
|
||||
# some VRF tests use ns-C which has the same config as
|
||||
# ns-B but for a device NOT in the VRF
|
||||
create_ns ${NSC} "-" "-"
|
||||
connect_ns ${NSA} ${NSA_DEV2} ${NSA_IP}/24 ${NSA_IP6}/64 \
|
||||
${NSC} ${NSC_DEV} ${NSB_IP}/24 ${NSB_IP6}/64
|
||||
else
|
||||
ip -netns ${NSA} ro add ${NSB_LO_IP}/32 via ${NSB_IP} dev ${NSA_DEV}
|
||||
ip -netns ${NSA} ro add ${NSB_LO_IP6}/128 via ${NSB_IP6} dev ${NSA_DEV}
|
||||
|
|
@ -787,6 +806,150 @@ ipv4_tcp_md5_novrf()
|
|||
log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
|
||||
}
|
||||
|
||||
#
|
||||
# MD5 tests with VRF
|
||||
#
|
||||
ipv4_tcp_md5()
|
||||
{
|
||||
#
|
||||
# single address
|
||||
#
|
||||
|
||||
# basic use case
|
||||
log_start
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
|
||||
log_test $? 0 "MD5: VRF: Single address config"
|
||||
|
||||
# client sends MD5, server not configured
|
||||
log_start
|
||||
show_hint "Should timeout since server does not have MD5 auth"
|
||||
run_cmd nettest -s -d ${VRF} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Server no config, client uses password"
|
||||
|
||||
# wrong password
|
||||
log_start
|
||||
show_hint "Should timeout since client uses wrong password"
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
|
||||
log_test $? 2 "MD5: VRF: Client uses wrong password"
|
||||
|
||||
# client from different address
|
||||
log_start
|
||||
show_hint "Should timeout since server config differs from client"
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
|
||||
|
||||
#
|
||||
# MD5 extension - prefix length
|
||||
#
|
||||
|
||||
# client in prefix
|
||||
log_start
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
|
||||
log_test $? 0 "MD5: VRF: Prefix config"
|
||||
|
||||
# client in prefix, wrong password
|
||||
log_start
|
||||
show_hint "Should timeout since client uses wrong password"
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
|
||||
log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
|
||||
|
||||
# client outside of prefix
|
||||
log_start
|
||||
show_hint "Should timeout since client address is outside of prefix"
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
|
||||
|
||||
#
|
||||
# duplicate config between default VRF and a VRF
|
||||
#
|
||||
|
||||
log_start
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
|
||||
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
|
||||
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
|
||||
|
||||
log_start
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
|
||||
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
|
||||
sleep 1
|
||||
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
|
||||
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
|
||||
|
||||
log_start
|
||||
show_hint "Should timeout since client in default VRF uses VRF password"
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
|
||||
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
|
||||
sleep 1
|
||||
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
|
||||
|
||||
log_start
|
||||
show_hint "Should timeout since client in VRF uses default VRF password"
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
|
||||
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
|
||||
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
|
||||
|
||||
log_start
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
|
||||
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
|
||||
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
|
||||
|
||||
log_start
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
|
||||
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
|
||||
sleep 1
|
||||
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
|
||||
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
|
||||
|
||||
log_start
|
||||
show_hint "Should timeout since client in default VRF uses VRF password"
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
|
||||
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
|
||||
sleep 1
|
||||
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
|
||||
|
||||
log_start
|
||||
show_hint "Should timeout since client in VRF uses default VRF password"
|
||||
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET} &
|
||||
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
|
||||
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
|
||||
|
||||
#
|
||||
# negative tests
|
||||
#
|
||||
log_start
|
||||
run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP}
|
||||
log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
|
||||
|
||||
log_start
|
||||
run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET}
|
||||
log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
|
||||
|
||||
}
|
||||
|
||||
ipv4_tcp_novrf()
|
||||
{
|
||||
local a
|
||||
|
|
@ -958,6 +1121,9 @@ ipv4_tcp_vrf()
|
|||
run_cmd nettest -r ${a} -d ${NSA_DEV}
|
||||
log_test_addr ${a} $? 1 "Global server, local connection"
|
||||
|
||||
# run MD5 tests
|
||||
ipv4_tcp_md5
|
||||
|
||||
#
|
||||
# enable VRF global server
|
||||
#
|
||||
|
|
@ -2104,6 +2270,150 @@ ipv6_tcp_md5_novrf()
|
|||
log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
|
||||
}
|
||||
|
||||
#
|
||||
# MD5 tests with VRF
|
||||
#
|
||||
ipv6_tcp_md5()
|
||||
{
|
||||
#
|
||||
# single address
|
||||
#
|
||||
|
||||
# basic use case
|
||||
log_start
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
|
||||
log_test $? 0 "MD5: VRF: Single address config"
|
||||
|
||||
# client sends MD5, server not configured
|
||||
log_start
|
||||
show_hint "Should timeout since server does not have MD5 auth"
|
||||
run_cmd nettest -6 -s -d ${VRF} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Server no config, client uses password"
|
||||
|
||||
# wrong password
|
||||
log_start
|
||||
show_hint "Should timeout since client uses wrong password"
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
|
||||
log_test $? 2 "MD5: VRF: Client uses wrong password"
|
||||
|
||||
# client from different address
|
||||
log_start
|
||||
show_hint "Should timeout since server config differs from client"
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
|
||||
|
||||
#
|
||||
# MD5 extension - prefix length
|
||||
#
|
||||
|
||||
# client in prefix
|
||||
log_start
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
|
||||
log_test $? 0 "MD5: VRF: Prefix config"
|
||||
|
||||
# client in prefix, wrong password
|
||||
log_start
|
||||
show_hint "Should timeout since client uses wrong password"
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
|
||||
log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
|
||||
|
||||
# client outside of prefix
|
||||
log_start
|
||||
show_hint "Should timeout since client address is outside of prefix"
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
|
||||
|
||||
#
|
||||
# duplicate config between default VRF and a VRF
|
||||
#
|
||||
|
||||
log_start
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
|
||||
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
|
||||
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
|
||||
|
||||
log_start
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
|
||||
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
|
||||
sleep 1
|
||||
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
|
||||
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
|
||||
|
||||
log_start
|
||||
show_hint "Should timeout since client in default VRF uses VRF password"
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
|
||||
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
|
||||
sleep 1
|
||||
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
|
||||
|
||||
log_start
|
||||
show_hint "Should timeout since client in VRF uses default VRF password"
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
|
||||
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
|
||||
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
|
||||
|
||||
log_start
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
|
||||
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
|
||||
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
|
||||
|
||||
log_start
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
|
||||
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
|
||||
sleep 1
|
||||
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
|
||||
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
|
||||
|
||||
log_start
|
||||
show_hint "Should timeout since client in default VRF uses VRF password"
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
|
||||
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
|
||||
sleep 1
|
||||
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
|
||||
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
|
||||
|
||||
log_start
|
||||
show_hint "Should timeout since client in VRF uses default VRF password"
|
||||
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
|
||||
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
|
||||
sleep 1
|
||||
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
|
||||
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
|
||||
|
||||
#
|
||||
# negative tests
|
||||
#
|
||||
log_start
|
||||
run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP6}
|
||||
log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
|
||||
|
||||
log_start
|
||||
run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6}
|
||||
log_test $? 1 "MD5: VRF: Device must be a VRF - prefix"
|
||||
|
||||
}
|
||||
|
||||
ipv6_tcp_novrf()
|
||||
{
|
||||
local a
|
||||
|
|
@ -2290,6 +2600,9 @@ ipv6_tcp_vrf()
|
|||
run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
|
||||
log_test_addr ${a} $? 1 "Global server, local connection"
|
||||
|
||||
# run MD5 tests
|
||||
ipv6_tcp_md5
|
||||
|
||||
#
|
||||
# enable VRF global server
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in a new issue