1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4# End-to-end eBPF tunnel test suite 5# The script tests BPF network tunnel implementation. 6# 7# Topology: 8# --------- 9# root namespace | at_ns0 namespace 10# | 11# ----------- | ----------- 12# | tnl dev | | | tnl dev | (overlay network) 13# ----------- | ----------- 14# metadata-mode | native-mode 15# with bpf | 16# | 17# ---------- | ---------- 18# | veth1 | --------- | veth0 | (underlay network) 19# ---------- peer ---------- 20# 21# 22# Device Configuration 23# -------------------- 24# Root namespace with metadata-mode tunnel + BPF 25# Device names and addresses: 26# veth1 IP: 172.16.1.200, IPv6: 00::22 (underlay) 27# tunnel dev <type>11, ex: gre11, IPv4: 10.1.1.200 (overlay) 28# 29# Namespace at_ns0 with native tunnel 30# Device names and addresses: 31# veth0 IPv4: 172.16.1.100, IPv6: 00::11 (underlay) 32# tunnel dev <type>00, ex: gre00, IPv4: 10.1.1.100 (overlay) 33# 34# 35# End-to-end ping packet flow 36# --------------------------- 37# Most of the tests start by namespace creation, device configuration, 38# then ping the underlay and overlay network. When doing 'ping 10.1.1.100' 39# from root namespace, the following operations happen: 40# 1) Route lookup shows 10.1.1.100/24 belongs to tnl dev, fwd to tnl dev. 41# 2) Tnl device's egress BPF program is triggered and set the tunnel metadata, 42# with remote_ip=172.16.1.200 and others. 43# 3) Outer tunnel header is prepended and route the packet to veth1's egress 44# 4) veth0's ingress queue receive the tunneled packet at namespace at_ns0 45# 5) Tunnel protocol handler, ex: vxlan_rcv, decap the packet 46# 6) Forward the packet to the overlay tnl dev 47 48PING_ARG="-c 3 -w 10 -q" 49ret=0 50GREEN='\033[0;92m' 51RED='\033[0;31m' 52NC='\033[0m' # No Color 53 54config_device() 55{ 56 ip netns add at_ns0 57 ip link add veth0 type veth peer name veth1 58 ip link set veth0 netns at_ns0 59 ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0 60 ip netns exec at_ns0 ip link set dev veth0 up 61 ip link set dev veth1 up mtu 1500 62 ip addr add dev veth1 172.16.1.200/24 63} 64 65add_gre_tunnel() 66{ 67 # at_ns0 namespace 68 ip netns exec at_ns0 \ 69 ip link add dev $DEV_NS type $TYPE seq key 2 \ 70 local 172.16.1.100 remote 172.16.1.200 71 ip netns exec at_ns0 ip link set dev $DEV_NS up 72 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 73 74 # root namespace 75 ip link add dev $DEV type $TYPE key 2 external 76 ip link set dev $DEV up 77 ip addr add dev $DEV 10.1.1.200/24 78} 79 80add_ip6gretap_tunnel() 81{ 82 83 # assign ipv6 address 84 ip netns exec at_ns0 ip addr add ::11/96 dev veth0 85 ip netns exec at_ns0 ip link set dev veth0 up 86 ip addr add dev veth1 ::22/96 87 ip link set dev veth1 up 88 89 # at_ns0 namespace 90 ip netns exec at_ns0 \ 91 ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \ 92 local ::11 remote ::22 93 94 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 95 ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96 96 ip netns exec at_ns0 ip link set dev $DEV_NS up 97 98 # root namespace 99 ip link add dev $DEV type $TYPE external 100 ip addr add dev $DEV 10.1.1.200/24 101 ip addr add dev $DEV fc80::200/24 102 ip link set dev $DEV up 103} 104 105add_erspan_tunnel() 106{ 107 # at_ns0 namespace 108 if [ "$1" == "v1" ]; then 109 ip netns exec at_ns0 \ 110 ip link add dev $DEV_NS type $TYPE seq key 2 \ 111 local 172.16.1.100 remote 172.16.1.200 \ 112 erspan_ver 1 erspan 123 113 else 114 ip netns exec at_ns0 \ 115 ip link add dev $DEV_NS type $TYPE seq key 2 \ 116 local 172.16.1.100 remote 172.16.1.200 \ 117 erspan_ver 2 erspan_dir egress erspan_hwid 3 118 fi 119 ip netns exec at_ns0 ip link set dev $DEV_NS up 120 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 121 122 # root namespace 123 ip link add dev $DEV type $TYPE external 124 ip link set dev $DEV up 125 ip addr add dev $DEV 10.1.1.200/24 126} 127 128add_ip6erspan_tunnel() 129{ 130 131 # assign ipv6 address 132 ip netns exec at_ns0 ip addr add ::11/96 dev veth0 133 ip netns exec at_ns0 ip link set dev veth0 up 134 ip addr add dev veth1 ::22/96 135 ip link set dev veth1 up 136 137 # at_ns0 namespace 138 if [ "$1" == "v1" ]; then 139 ip netns exec at_ns0 \ 140 ip link add dev $DEV_NS type $TYPE seq key 2 \ 141 local ::11 remote ::22 \ 142 erspan_ver 1 erspan 123 143 else 144 ip netns exec at_ns0 \ 145 ip link add dev $DEV_NS type $TYPE seq key 2 \ 146 local ::11 remote ::22 \ 147 erspan_ver 2 erspan_dir egress erspan_hwid 7 148 fi 149 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 150 ip netns exec at_ns0 ip link set dev $DEV_NS up 151 152 # root namespace 153 ip link add dev $DEV type $TYPE external 154 ip addr add dev $DEV 10.1.1.200/24 155 ip link set dev $DEV up 156} 157 158add_vxlan_tunnel() 159{ 160 # Set static ARP entry here because iptables set-mark works 161 # on L3 packet, as a result not applying to ARP packets, 162 # causing errors at get_tunnel_{key/opt}. 163 164 # at_ns0 namespace 165 ip netns exec at_ns0 \ 166 ip link add dev $DEV_NS type $TYPE \ 167 id 2 dstport 4789 gbp remote 172.16.1.200 168 ip netns exec at_ns0 \ 169 ip link set dev $DEV_NS address 52:54:00:d9:01:00 up 170 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 171 ip netns exec at_ns0 arp -s 10.1.1.200 52:54:00:d9:02:00 172 ip netns exec at_ns0 iptables -A OUTPUT -j MARK --set-mark 0x800FF 173 174 # root namespace 175 ip link add dev $DEV type $TYPE external gbp dstport 4789 176 ip link set dev $DEV address 52:54:00:d9:02:00 up 177 ip addr add dev $DEV 10.1.1.200/24 178 arp -s 10.1.1.100 52:54:00:d9:01:00 179} 180 181add_ip6vxlan_tunnel() 182{ 183 #ip netns exec at_ns0 ip -4 addr del 172.16.1.100 dev veth0 184 ip netns exec at_ns0 ip -6 addr add ::11/96 dev veth0 185 ip netns exec at_ns0 ip link set dev veth0 up 186 #ip -4 addr del 172.16.1.200 dev veth1 187 ip -6 addr add dev veth1 ::22/96 188 ip link set dev veth1 up 189 190 # at_ns0 namespace 191 ip netns exec at_ns0 \ 192 ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \ 193 local ::11 remote ::22 194 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 195 ip netns exec at_ns0 ip link set dev $DEV_NS up 196 197 # root namespace 198 ip link add dev $DEV type $TYPE external dstport 4789 199 ip addr add dev $DEV 10.1.1.200/24 200 ip link set dev $DEV up 201} 202 203add_geneve_tunnel() 204{ 205 # at_ns0 namespace 206 ip netns exec at_ns0 \ 207 ip link add dev $DEV_NS type $TYPE \ 208 id 2 dstport 6081 remote 172.16.1.200 209 ip netns exec at_ns0 ip link set dev $DEV_NS up 210 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 211 212 # root namespace 213 ip link add dev $DEV type $TYPE dstport 6081 external 214 ip link set dev $DEV up 215 ip addr add dev $DEV 10.1.1.200/24 216} 217 218add_ip6geneve_tunnel() 219{ 220 ip netns exec at_ns0 ip addr add ::11/96 dev veth0 221 ip netns exec at_ns0 ip link set dev veth0 up 222 ip addr add dev veth1 ::22/96 223 ip link set dev veth1 up 224 225 # at_ns0 namespace 226 ip netns exec at_ns0 \ 227 ip link add dev $DEV_NS type $TYPE id 22 \ 228 remote ::22 # geneve has no local option 229 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 230 ip netns exec at_ns0 ip link set dev $DEV_NS up 231 232 # root namespace 233 ip link add dev $DEV type $TYPE external 234 ip addr add dev $DEV 10.1.1.200/24 235 ip link set dev $DEV up 236} 237 238add_ipip_tunnel() 239{ 240 # at_ns0 namespace 241 ip netns exec at_ns0 \ 242 ip link add dev $DEV_NS type $TYPE \ 243 local 172.16.1.100 remote 172.16.1.200 244 ip netns exec at_ns0 ip link set dev $DEV_NS up 245 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 246 247 # root namespace 248 ip link add dev $DEV type $TYPE external 249 ip link set dev $DEV up 250 ip addr add dev $DEV 10.1.1.200/24 251} 252 253add_ipip6tnl_tunnel() 254{ 255 ip netns exec at_ns0 ip addr add ::11/96 dev veth0 256 ip netns exec at_ns0 ip link set dev veth0 up 257 ip addr add dev veth1 ::22/96 258 ip link set dev veth1 up 259 260 # at_ns0 namespace 261 ip netns exec at_ns0 \ 262 ip link add dev $DEV_NS type $TYPE \ 263 local ::11 remote ::22 264 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 265 ip netns exec at_ns0 ip link set dev $DEV_NS up 266 267 # root namespace 268 ip link add dev $DEV type $TYPE external 269 ip addr add dev $DEV 10.1.1.200/24 270 ip link set dev $DEV up 271} 272 273test_gre() 274{ 275 TYPE=gretap 276 DEV_NS=gretap00 277 DEV=gretap11 278 ret=0 279 280 check $TYPE 281 config_device 282 add_gre_tunnel 283 attach_bpf $DEV gre_set_tunnel gre_get_tunnel 284 ping $PING_ARG 10.1.1.100 285 check_err $? 286 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 287 check_err $? 288 cleanup 289 290 if [ $ret -ne 0 ]; then 291 echo -e ${RED}"FAIL: $TYPE"${NC} 292 return 1 293 fi 294 echo -e ${GREEN}"PASS: $TYPE"${NC} 295} 296 297test_ip6gre() 298{ 299 TYPE=ip6gre 300 DEV_NS=ip6gre00 301 DEV=ip6gre11 302 ret=0 303 304 check $TYPE 305 config_device 306 # reuse the ip6gretap function 307 add_ip6gretap_tunnel 308 attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel 309 # underlay 310 ping6 $PING_ARG ::11 311 # overlay: ipv4 over ipv6 312 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 313 ping $PING_ARG 10.1.1.100 314 check_err $? 315 # overlay: ipv6 over ipv6 316 ip netns exec at_ns0 ping6 $PING_ARG fc80::200 317 check_err $? 318 cleanup 319 320 if [ $ret -ne 0 ]; then 321 echo -e ${RED}"FAIL: $TYPE"${NC} 322 return 1 323 fi 324 echo -e ${GREEN}"PASS: $TYPE"${NC} 325} 326 327test_ip6gretap() 328{ 329 TYPE=ip6gretap 330 DEV_NS=ip6gretap00 331 DEV=ip6gretap11 332 ret=0 333 334 check $TYPE 335 config_device 336 add_ip6gretap_tunnel 337 attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel 338 # underlay 339 ping6 $PING_ARG ::11 340 # overlay: ipv4 over ipv6 341 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 342 ping $PING_ARG 10.1.1.100 343 check_err $? 344 # overlay: ipv6 over ipv6 345 ip netns exec at_ns0 ping6 $PING_ARG fc80::200 346 check_err $? 347 cleanup 348 349 if [ $ret -ne 0 ]; then 350 echo -e ${RED}"FAIL: $TYPE"${NC} 351 return 1 352 fi 353 echo -e ${GREEN}"PASS: $TYPE"${NC} 354} 355 356test_erspan() 357{ 358 TYPE=erspan 359 DEV_NS=erspan00 360 DEV=erspan11 361 ret=0 362 363 check $TYPE 364 config_device 365 add_erspan_tunnel $1 366 attach_bpf $DEV erspan_set_tunnel erspan_get_tunnel 367 ping $PING_ARG 10.1.1.100 368 check_err $? 369 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 370 check_err $? 371 cleanup 372 373 if [ $ret -ne 0 ]; then 374 echo -e ${RED}"FAIL: $TYPE"${NC} 375 return 1 376 fi 377 echo -e ${GREEN}"PASS: $TYPE"${NC} 378} 379 380test_ip6erspan() 381{ 382 TYPE=ip6erspan 383 DEV_NS=ip6erspan00 384 DEV=ip6erspan11 385 ret=0 386 387 check $TYPE 388 config_device 389 add_ip6erspan_tunnel $1 390 attach_bpf $DEV ip4ip6erspan_set_tunnel ip4ip6erspan_get_tunnel 391 ping6 $PING_ARG ::11 392 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 393 check_err $? 394 cleanup 395 396 if [ $ret -ne 0 ]; then 397 echo -e ${RED}"FAIL: $TYPE"${NC} 398 return 1 399 fi 400 echo -e ${GREEN}"PASS: $TYPE"${NC} 401} 402 403test_vxlan() 404{ 405 TYPE=vxlan 406 DEV_NS=vxlan00 407 DEV=vxlan11 408 ret=0 409 410 check $TYPE 411 config_device 412 add_vxlan_tunnel 413 attach_bpf $DEV vxlan_set_tunnel vxlan_get_tunnel 414 ping $PING_ARG 10.1.1.100 415 check_err $? 416 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 417 check_err $? 418 cleanup 419 420 if [ $ret -ne 0 ]; then 421 echo -e ${RED}"FAIL: $TYPE"${NC} 422 return 1 423 fi 424 echo -e ${GREEN}"PASS: $TYPE"${NC} 425} 426 427test_ip6vxlan() 428{ 429 TYPE=vxlan 430 DEV_NS=ip6vxlan00 431 DEV=ip6vxlan11 432 ret=0 433 434 check $TYPE 435 config_device 436 add_ip6vxlan_tunnel 437 ip link set dev veth1 mtu 1500 438 attach_bpf $DEV ip6vxlan_set_tunnel ip6vxlan_get_tunnel 439 # underlay 440 ping6 $PING_ARG ::11 441 # ip4 over ip6 442 ping $PING_ARG 10.1.1.100 443 check_err $? 444 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 445 check_err $? 446 cleanup 447 448 if [ $ret -ne 0 ]; then 449 echo -e ${RED}"FAIL: ip6$TYPE"${NC} 450 return 1 451 fi 452 echo -e ${GREEN}"PASS: ip6$TYPE"${NC} 453} 454 455test_geneve() 456{ 457 TYPE=geneve 458 DEV_NS=geneve00 459 DEV=geneve11 460 ret=0 461 462 check $TYPE 463 config_device 464 add_geneve_tunnel 465 attach_bpf $DEV geneve_set_tunnel geneve_get_tunnel 466 ping $PING_ARG 10.1.1.100 467 check_err $? 468 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 469 check_err $? 470 cleanup 471 472 if [ $ret -ne 0 ]; then 473 echo -e ${RED}"FAIL: $TYPE"${NC} 474 return 1 475 fi 476 echo -e ${GREEN}"PASS: $TYPE"${NC} 477} 478 479test_ip6geneve() 480{ 481 TYPE=geneve 482 DEV_NS=ip6geneve00 483 DEV=ip6geneve11 484 ret=0 485 486 check $TYPE 487 config_device 488 add_ip6geneve_tunnel 489 attach_bpf $DEV ip6geneve_set_tunnel ip6geneve_get_tunnel 490 ping $PING_ARG 10.1.1.100 491 check_err $? 492 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 493 check_err $? 494 cleanup 495 496 if [ $ret -ne 0 ]; then 497 echo -e ${RED}"FAIL: ip6$TYPE"${NC} 498 return 1 499 fi 500 echo -e ${GREEN}"PASS: ip6$TYPE"${NC} 501} 502 503test_ipip() 504{ 505 TYPE=ipip 506 DEV_NS=ipip00 507 DEV=ipip11 508 ret=0 509 510 check $TYPE 511 config_device 512 add_ipip_tunnel 513 ip link set dev veth1 mtu 1500 514 attach_bpf $DEV ipip_set_tunnel ipip_get_tunnel 515 ping $PING_ARG 10.1.1.100 516 check_err $? 517 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 518 check_err $? 519 cleanup 520 521 if [ $ret -ne 0 ]; then 522 echo -e ${RED}"FAIL: $TYPE"${NC} 523 return 1 524 fi 525 echo -e ${GREEN}"PASS: $TYPE"${NC} 526} 527 528test_ipip6() 529{ 530 TYPE=ip6tnl 531 DEV_NS=ipip6tnl00 532 DEV=ipip6tnl11 533 ret=0 534 535 check $TYPE 536 config_device 537 add_ipip6tnl_tunnel 538 ip link set dev veth1 mtu 1500 539 attach_bpf $DEV ipip6_set_tunnel ipip6_get_tunnel 540 # underlay 541 ping6 $PING_ARG ::11 542 # ip4 over ip6 543 ping $PING_ARG 10.1.1.100 544 check_err $? 545 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 546 check_err $? 547 cleanup 548 549 if [ $ret -ne 0 ]; then 550 echo -e ${RED}"FAIL: $TYPE"${NC} 551 return 1 552 fi 553 echo -e ${GREEN}"PASS: $TYPE"${NC} 554} 555 556setup_xfrm_tunnel() 557{ 558 auth=0x$(printf '1%.0s' {1..40}) 559 enc=0x$(printf '2%.0s' {1..32}) 560 spi_in_to_out=0x1 561 spi_out_to_in=0x2 562 # at_ns0 namespace 563 # at_ns0 -> root 564 ip netns exec at_ns0 \ 565 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \ 566 spi $spi_in_to_out reqid 1 mode tunnel \ 567 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc 568 ip netns exec at_ns0 \ 569 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \ 570 tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \ 571 mode tunnel 572 # root -> at_ns0 573 ip netns exec at_ns0 \ 574 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \ 575 spi $spi_out_to_in reqid 2 mode tunnel \ 576 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc 577 ip netns exec at_ns0 \ 578 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \ 579 tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \ 580 mode tunnel 581 # address & route 582 ip netns exec at_ns0 \ 583 ip addr add dev veth0 10.1.1.100/32 584 ip netns exec at_ns0 \ 585 ip route add 10.1.1.200 dev veth0 via 172.16.1.200 \ 586 src 10.1.1.100 587 588 # root namespace 589 # at_ns0 -> root 590 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \ 591 spi $spi_in_to_out reqid 1 mode tunnel \ 592 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc 593 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \ 594 tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \ 595 mode tunnel 596 # root -> at_ns0 597 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \ 598 spi $spi_out_to_in reqid 2 mode tunnel \ 599 auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc 600 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \ 601 tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \ 602 mode tunnel 603 # address & route 604 ip addr add dev veth1 10.1.1.200/32 605 ip route add 10.1.1.100 dev veth1 via 172.16.1.100 src 10.1.1.200 606} 607 608test_xfrm_tunnel() 609{ 610 config_device 611 > /sys/kernel/debug/tracing/trace 612 setup_xfrm_tunnel 613 tc qdisc add dev veth1 clsact 614 tc filter add dev veth1 proto ip ingress bpf da obj test_tunnel_kern.o \ 615 sec xfrm_get_state 616 ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 617 sleep 1 618 grep "reqid 1" /sys/kernel/debug/tracing/trace 619 check_err $? 620 grep "spi 0x1" /sys/kernel/debug/tracing/trace 621 check_err $? 622 grep "remote ip 0xac100164" /sys/kernel/debug/tracing/trace 623 check_err $? 624 cleanup 625 626 if [ $ret -ne 0 ]; then 627 echo -e ${RED}"FAIL: xfrm tunnel"${NC} 628 return 1 629 fi 630 echo -e ${GREEN}"PASS: xfrm tunnel"${NC} 631} 632 633attach_bpf() 634{ 635 DEV=$1 636 SET=$2 637 GET=$3 638 tc qdisc add dev $DEV clsact 639 tc filter add dev $DEV egress bpf da obj test_tunnel_kern.o sec $SET 640 tc filter add dev $DEV ingress bpf da obj test_tunnel_kern.o sec $GET 641} 642 643cleanup() 644{ 645 ip netns delete at_ns0 2> /dev/null 646 ip link del veth1 2> /dev/null 647 ip link del ipip11 2> /dev/null 648 ip link del ipip6tnl11 2> /dev/null 649 ip link del gretap11 2> /dev/null 650 ip link del ip6gre11 2> /dev/null 651 ip link del ip6gretap11 2> /dev/null 652 ip link del vxlan11 2> /dev/null 653 ip link del ip6vxlan11 2> /dev/null 654 ip link del geneve11 2> /dev/null 655 ip link del ip6geneve11 2> /dev/null 656 ip link del erspan11 2> /dev/null 657 ip link del ip6erspan11 2> /dev/null 658 ip xfrm policy delete dir out src 10.1.1.200/32 dst 10.1.1.100/32 2> /dev/null 659 ip xfrm policy delete dir in src 10.1.1.100/32 dst 10.1.1.200/32 2> /dev/null 660 ip xfrm state delete src 172.16.1.100 dst 172.16.1.200 proto esp spi 0x1 2> /dev/null 661 ip xfrm state delete src 172.16.1.200 dst 172.16.1.100 proto esp spi 0x2 2> /dev/null 662} 663 664cleanup_exit() 665{ 666 echo "CATCH SIGKILL or SIGINT, cleanup and exit" 667 cleanup 668 exit 0 669} 670 671check() 672{ 673 ip link help 2>&1 | grep -q "\s$1\s" 674 if [ $? -ne 0 ];then 675 echo "SKIP $1: iproute2 not support" 676 cleanup 677 return 1 678 fi 679} 680 681enable_debug() 682{ 683 echo 'file ip_gre.c +p' > /sys/kernel/debug/dynamic_debug/control 684 echo 'file ip6_gre.c +p' > /sys/kernel/debug/dynamic_debug/control 685 echo 'file vxlan.c +p' > /sys/kernel/debug/dynamic_debug/control 686 echo 'file geneve.c +p' > /sys/kernel/debug/dynamic_debug/control 687 echo 'file ipip.c +p' > /sys/kernel/debug/dynamic_debug/control 688} 689 690check_err() 691{ 692 if [ $ret -eq 0 ]; then 693 ret=$1 694 fi 695} 696 697bpf_tunnel_test() 698{ 699 local errors=0 700 701 echo "Testing GRE tunnel..." 702 test_gre 703 errors=$(( $errors + $? )) 704 705 echo "Testing IP6GRE tunnel..." 706 test_ip6gre 707 errors=$(( $errors + $? )) 708 709 echo "Testing IP6GRETAP tunnel..." 710 test_ip6gretap 711 errors=$(( $errors + $? )) 712 713 echo "Testing ERSPAN tunnel..." 714 test_erspan v2 715 errors=$(( $errors + $? )) 716 717 echo "Testing IP6ERSPAN tunnel..." 718 test_ip6erspan v2 719 errors=$(( $errors + $? )) 720 721 echo "Testing VXLAN tunnel..." 722 test_vxlan 723 errors=$(( $errors + $? )) 724 725 echo "Testing IP6VXLAN tunnel..." 726 test_ip6vxlan 727 errors=$(( $errors + $? )) 728 729 echo "Testing GENEVE tunnel..." 730 test_geneve 731 errors=$(( $errors + $? )) 732 733 echo "Testing IP6GENEVE tunnel..." 734 test_ip6geneve 735 errors=$(( $errors + $? )) 736 737 echo "Testing IPIP tunnel..." 738 test_ipip 739 errors=$(( $errors + $? )) 740 741 echo "Testing IPIP6 tunnel..." 742 test_ipip6 743 errors=$(( $errors + $? )) 744 745 echo "Testing IPSec tunnel..." 746 test_xfrm_tunnel 747 errors=$(( $errors + $? )) 748 749 return $errors 750} 751 752trap cleanup 0 3 6 753trap cleanup_exit 2 9 754 755cleanup 756bpf_tunnel_test 757 758if [ $? -ne 0 ]; then 759 echo -e "$(basename $0): ${RED}FAIL${NC}" 760 exit 1 761fi 762echo -e "$(basename $0): ${GREEN}PASS${NC}" 763exit 0 764