[linux-2.6-block.git] / tools / testing / selftests / net / pmtu.sh

#!/bin/sh
# SPDX-License-Identifier: GPL-2.0
#
# Check that route PMTU values match expectations, and that initial device MTU
# values are assigned correctly
#
# Tests currently implemented:
#
# - pmtu_vti4_exception
#	Set up vti tunnel on top of veth, with xfrm states and policies, in two
#	namespaces with matching endpoints. Check that route exception is not
#	created if link layer MTU is not exceeded, then exceed it and check that
#	exception is created with the expected PMTU. The approach described
#	below for IPv6 doesn't apply here, because, on IPv4, administrative MTU
#	changes alone won't affect PMTU
#
# - pmtu_vti6_exception
#	Set up vti6 tunnel on top of veth, with xfrm states and policies, in two
#	namespaces with matching endpoints. Check that route exception is
#	created by exceeding link layer MTU with ping to other endpoint. Then
#	decrease and increase MTU of tunnel, checking that route exception PMTU
#	changes accordingly
#
# - pmtu_vti4_default_mtu
#	Set up vti4 tunnel on top of veth, in two namespaces with matching
#	endpoints. Check that MTU assigned to vti interface is the MTU of the
#	lower layer (veth) minus additional lower layer headers (zero, for veth)
#	minus IPv4 header length
#
# - pmtu_vti6_default_mtu
#	Same as above, for IPv6
#
# - pmtu_vti4_link_add_mtu
#	Set up vti4 interface passing MTU value at link creation, check MTU is
#	configured, and that link is not created with invalid MTU values
#
# - pmtu_vti6_link_add_mtu
#	Same as above, for IPv6
#
# - pmtu_vti6_link_change_mtu
#	Set up two dummy interfaces with different MTUs, create a vti6 tunnel
#	and check that configured MTU is used on link creation and changes, and
#	that MTU is properly calculated instead when MTU is not configured from
#	userspace

# Kselftest framework requirement - SKIP code is 4.
ksft_skip=4

tests="
	pmtu_vti6_exception		vti6: PMTU exceptions
	pmtu_vti4_exception		vti4: PMTU exceptions
	pmtu_vti4_default_mtu		vti4: default MTU assignment
	pmtu_vti6_default_mtu		vti6: default MTU assignment
	pmtu_vti4_link_add_mtu		vti4: MTU setting on link creation
	pmtu_vti6_link_add_mtu		vti6: MTU setting on link creation
	pmtu_vti6_link_change_mtu	vti6: MTU changes on link changes"

NS_A="ns-$(mktemp -u XXXXXX)"
NS_B="ns-$(mktemp -u XXXXXX)"
ns_a="ip netns exec ${NS_A}"
ns_b="ip netns exec ${NS_B}"

veth4_a_addr="192.168.1.1"
veth4_b_addr="192.168.1.2"
veth4_mask="24"
veth6_a_addr="fd00:1::a"
veth6_b_addr="fd00:1::b"
veth6_mask="64"

vti4_a_addr="192.168.2.1"
vti4_b_addr="192.168.2.2"
vti4_mask="24"
vti6_a_addr="fd00:2::a"
vti6_b_addr="fd00:2::b"
vti6_mask="64"

dummy6_0_addr="fc00:1000::0"
dummy6_1_addr="fc00:1001::0"
dummy6_mask="64"

cleanup_done=1
err_buf=

err() {
	err_buf="${err_buf}${1}
"
}

err_flush() {
	echo -n "${err_buf}"
	err_buf=
}

setup_namespaces() {
	ip netns add ${NS_A} || return 1
	ip netns add ${NS_B}
}

setup_veth() {
	${ns_a} ip link add veth_a type veth peer name veth_b || return 1
	${ns_a} ip link set veth_b netns ${NS_B}

	${ns_a} ip addr add ${veth4_a_addr}/${veth4_mask} dev veth_a
	${ns_b} ip addr add ${veth4_b_addr}/${veth4_mask} dev veth_b

	${ns_a} ip addr add ${veth6_a_addr}/${veth6_mask} dev veth_a
	${ns_b} ip addr add ${veth6_b_addr}/${veth6_mask} dev veth_b

	${ns_a} ip link set veth_a up
	${ns_b} ip link set veth_b up
}

setup_vti() {
	proto=${1}
	veth_a_addr="${2}"
	veth_b_addr="${3}"
	vti_a_addr="${4}"
	vti_b_addr="${5}"
	vti_mask=${6}

	[ ${proto} -eq 6 ] && vti_type="vti6" || vti_type="vti"

	${ns_a} ip link add vti${proto}_a type ${vti_type} local ${veth_a_addr} remote ${veth_b_addr} key 10 || return 1
	${ns_b} ip link add vti${proto}_b type ${vti_type} local ${veth_b_addr} remote ${veth_a_addr} key 10

	${ns_a} ip addr add ${vti_a_addr}/${vti_mask} dev vti${proto}_a
	${ns_b} ip addr add ${vti_b_addr}/${vti_mask} dev vti${proto}_b

	${ns_a} ip link set vti${proto}_a up
	${ns_b} ip link set vti${proto}_b up

	sleep 1
}

setup_vti4() {
	setup_vti 4 ${veth4_a_addr} ${veth4_b_addr} ${vti4_a_addr} ${vti4_b_addr} ${vti4_mask}
}

setup_vti6() {
	setup_vti 6 ${veth6_a_addr} ${veth6_b_addr} ${vti6_a_addr} ${vti6_b_addr} ${vti6_mask}
}

setup_xfrm() {
	proto=${1}
	veth_a_addr="${2}"
	veth_b_addr="${3}"

	${ns_a} ip -${proto} xfrm state add src ${veth_a_addr} dst ${veth_b_addr} spi 0x1000 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel || return 1
	${ns_a} ip -${proto} xfrm state add src ${veth_b_addr} dst ${veth_a_addr} spi 0x1001 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
	${ns_a} ip -${proto} xfrm policy add dir out mark 10 tmpl src ${veth_a_addr} dst ${veth_b_addr} proto esp mode tunnel
	${ns_a} ip -${proto} xfrm policy add dir in mark 10 tmpl src ${veth_b_addr} dst ${veth_a_addr} proto esp mode tunnel

	${ns_b} ip -${proto} xfrm state add src ${veth_a_addr} dst ${veth_b_addr} spi 0x1000 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
	${ns_b} ip -${proto} xfrm state add src ${veth_b_addr} dst ${veth_a_addr} spi 0x1001 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
	${ns_b} ip -${proto} xfrm policy add dir out mark 10 tmpl src ${veth_b_addr} dst ${veth_a_addr} proto esp mode tunnel
	${ns_b} ip -${proto} xfrm policy add dir in mark 10 tmpl src ${veth_a_addr} dst ${veth_b_addr} proto esp mode tunnel
}

setup_xfrm4() {
	setup_xfrm 4 ${veth4_a_addr} ${veth4_b_addr}
}

setup_xfrm6() {
	setup_xfrm 6 ${veth6_a_addr} ${veth6_b_addr}
}

setup() {
	[ "$(id -u)" -ne 0 ] && echo "  need to run as root" && return $ksft_skip

	cleanup_done=0
	for arg do
		eval setup_${arg} || { echo "  ${arg} not supported"; return 1; }
	done
}

cleanup() {
	[ ${cleanup_done} -eq 1 ] && return
	ip netns del ${NS_A} 2 > /dev/null
	ip netns del ${NS_B} 2 > /dev/null
	cleanup_done=1
}

mtu() {
	ns_cmd="${1}"
	dev="${2}"
	mtu="${3}"

	${ns_cmd} ip link set dev ${dev} mtu ${mtu}
}

mtu_parse() {
	input="${1}"

	next=0
	for i in ${input}; do
		[ ${next} -eq 1 ] && echo "${i}" && return
		[ "${i}" = "mtu" ] && next=1
	done
}

link_get() {
	ns_cmd="${1}"
	name="${2}"

	${ns_cmd} ip link show dev "${name}"
}

link_get_mtu() {
	ns_cmd="${1}"
	name="${2}"

	mtu_parse "$(link_get "${ns_cmd}" ${name})"
}

route_get_dst_exception() {
	ns_cmd="${1}"
	dst="${2}"

	${ns_cmd} ip route get "${dst}"
}

route_get_dst_pmtu_from_exception() {
	ns_cmd="${1}"
	dst="${2}"

	mtu_parse "$(route_get_dst_exception "${ns_cmd}" ${dst})"
}

test_pmtu_vti4_exception() {
	setup namespaces veth vti4 xfrm4 || return 2

	veth_mtu=1500
	vti_mtu=$((veth_mtu - 20))

	#                                SPI   SN   IV  ICV   pad length   next header
	esp_payload_rfc4106=$((vti_mtu - 4   - 4  - 8 - 16  - 1          - 1))
	ping_payload=$((esp_payload_rfc4106 - 28))

	mtu "${ns_a}" veth_a ${veth_mtu}
	mtu "${ns_b}" veth_b ${veth_mtu}
	mtu "${ns_a}" vti4_a ${vti_mtu}
	mtu "${ns_b}" vti4_b ${vti_mtu}

	# Send DF packet without exceeding link layer MTU, check that no
	# exception is created
	${ns_a} ping -q -M want -i 0.1 -w 2 -s ${ping_payload} ${vti4_b_addr} > /dev/null
	pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti4_b_addr})"
	if [ "${pmtu}" != "" ]; then
		err "  unexpected exception created with PMTU ${pmtu} for IP payload length ${esp_payload_rfc4106}"
		return 1
	fi

	# Now exceed link layer MTU by one byte, check that exception is created
	${ns_a} ping -q -M want -i 0.1 -w 2 -s $((ping_payload + 1)) ${vti4_b_addr} > /dev/null
	pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti4_b_addr})"
	if [ "${pmtu}" = "" ]; then
		err "  exception not created for IP payload length $((esp_payload_rfc4106 + 1))"
		return 1
	fi

	# ...with the right PMTU value
	if [ ${pmtu} -ne ${esp_payload_rfc4106} ]; then
		err "  wrong PMTU ${pmtu} in exception, expected: ${esp_payload_rfc4106}"
		return 1
	fi
}

test_pmtu_vti6_exception() {
	setup namespaces veth vti6 xfrm6 || return 2
	fail=0

	# Create route exception by exceeding link layer MTU
	mtu "${ns_a}" veth_a 4000
	mtu "${ns_b}" veth_b 4000
	mtu "${ns_a}" vti6_a 5000
	mtu "${ns_b}" vti6_b 5000
	${ns_a} ping6 -q -i 0.1 -w 2 -s 60000 ${vti6_b_addr} > /dev/null

	# Check that exception was created
	if [ "$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti6_b_addr})" = "" ]; then
		err "  tunnel exceeding link layer MTU didn't create route exception"
		return 1
	fi

	# Decrease tunnel MTU, check for PMTU decrease in route exception
	mtu "${ns_a}" vti6_a 3000

	if [ "$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti6_b_addr})" -ne 3000 ]; then
		err "  decreasing tunnel MTU didn't decrease route exception PMTU"
		fail=1
	fi

	# Increase tunnel MTU, check for PMTU increase in route exception
	mtu "${ns_a}" vti6_a 9000
	if [ "$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti6_b_addr})" -ne 9000 ]; then
		err "  increasing tunnel MTU didn't increase route exception PMTU"
		fail=1
	fi

	return ${fail}
}

test_pmtu_vti4_default_mtu() {
	setup namespaces veth vti4 || return 2

	# Check that MTU of vti device is MTU of veth minus IPv4 header length
	veth_mtu="$(link_get_mtu "${ns_a}" veth_a)"
	vti4_mtu="$(link_get_mtu "${ns_a}" vti4_a)"
	if [ $((veth_mtu - vti4_mtu)) -ne 20 ]; then
		err "  vti MTU ${vti4_mtu} is not veth MTU ${veth_mtu} minus IPv4 header length"
		return 1
	fi
}

test_pmtu_vti6_default_mtu() {
	setup namespaces veth vti6 || return 2

	# Check that MTU of vti device is MTU of veth minus IPv6 header length
	veth_mtu="$(link_get_mtu "${ns_a}" veth_a)"
	vti6_mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	if [ $((veth_mtu - vti6_mtu)) -ne 40 ]; then
		err "  vti MTU ${vti6_mtu} is not veth MTU ${veth_mtu} minus IPv6 header length"
		return 1
	fi
}

test_pmtu_vti4_link_add_mtu() {
	setup namespaces || return 2

	${ns_a} ip link add vti4_a type vti local ${veth4_a_addr} remote ${veth4_b_addr} key 10
	[ $? -ne 0 ] && err "  vti not supported" && return 2
	${ns_a} ip link del vti4_a

	fail=0

	min=68
	max=$((65535 - 20))
	# Check invalid values first
	for v in $((min - 1)) $((max + 1)); do
		${ns_a} ip link add vti4_a mtu ${v} type vti local ${veth4_a_addr} remote ${veth4_b_addr} key 10 2>/dev/null
		# This can fail, or MTU can be adjusted to a proper value
		[ $? -ne 0 ] && continue
		mtu="$(link_get_mtu "${ns_a}" vti4_a)"
		if [ ${mtu} -lt ${min} -o ${mtu} -gt ${max} ]; then
			err "  vti tunnel created with invalid MTU ${mtu}"
			fail=1
		fi
		${ns_a} ip link del vti4_a
	done

	# Now check valid values
	for v in ${min} 1300 ${max}; do
		${ns_a} ip link add vti4_a mtu ${v} type vti local ${veth4_a_addr} remote ${veth4_b_addr} key 10
		mtu="$(link_get_mtu "${ns_a}" vti4_a)"
		${ns_a} ip link del vti4_a
		if [ "${mtu}" != "${v}" ]; then
			err "  vti MTU ${mtu} doesn't match configured value ${v}"
			fail=1
		fi
	done

	return ${fail}
}

test_pmtu_vti6_link_add_mtu() {
	setup namespaces || return 2

	${ns_a} ip link add vti6_a type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10
	[ $? -ne 0 ] && err "  vti6 not supported" && return 2
	${ns_a} ip link del vti6_a

	fail=0

	min=68			# vti6 can carry IPv4 packets too
	max=$((65535 - 40))
	# Check invalid values first
	for v in $((min - 1)) $((max + 1)); do
		${ns_a} ip link add vti6_a mtu ${v} type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10 2>/dev/null
		# This can fail, or MTU can be adjusted to a proper value
		[ $? -ne 0 ] && continue
		mtu="$(link_get_mtu "${ns_a}" vti6_a)"
		if [ ${mtu} -lt ${min} -o ${mtu} -gt ${max} ]; then
			err "  vti6 tunnel created with invalid MTU ${v}"
			fail=1
		fi
		${ns_a} ip link del vti6_a
	done

	# Now check valid values
	for v in 68 1280 1300 $((65535 - 40)); do
		${ns_a} ip link add vti6_a mtu ${v} type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10
		mtu="$(link_get_mtu "${ns_a}" vti6_a)"
		${ns_a} ip link del vti6_a
		if [ "${mtu}" != "${v}" ]; then
			err "  vti6 MTU ${mtu} doesn't match configured value ${v}"
			fail=1
		fi
	done

	return ${fail}
}

test_pmtu_vti6_link_change_mtu() {
	setup namespaces || return 2

	${ns_a} ip link add dummy0 mtu 1500 type dummy
	[ $? -ne 0 ] && err "  dummy not supported" && return 2
	${ns_a} ip link add dummy1 mtu 3000 type dummy
	${ns_a} ip link set dummy0 up
	${ns_a} ip link set dummy1 up

	${ns_a} ip addr add ${dummy6_0_addr}/${dummy6_mask} dev dummy0
	${ns_a} ip addr add ${dummy6_1_addr}/${dummy6_mask} dev dummy1

	fail=0

	# Create vti6 interface bound to device, passing MTU, check it
	${ns_a} ip link add vti6_a mtu 1300 type vti6 remote ${dummy6_0_addr} local ${dummy6_0_addr}
	mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	if [ ${mtu} -ne 1300 ]; then
		err "  vti6 MTU ${mtu} doesn't match configured value 1300"
		fail=1
	fi

	# Move to another device with different MTU, without passing MTU, check
	# MTU is adjusted
	${ns_a} ip link set vti6_a type vti6 remote ${dummy6_1_addr} local ${dummy6_1_addr}
	mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	if [ ${mtu} -ne $((3000 - 40)) ]; then
		err "  vti MTU ${mtu} is not dummy MTU 3000 minus IPv6 header length"
		fail=1
	fi

	# Move it back, passing MTU, check MTU is not overridden
	${ns_a} ip link set vti6_a mtu 1280 type vti6 remote ${dummy6_0_addr} local ${dummy6_0_addr}
	mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	if [ ${mtu} -ne 1280 ]; then
		err "  vti6 MTU ${mtu} doesn't match configured value 1280"
		fail=1
	fi

	return ${fail}
}

trap cleanup EXIT

exitcode=0
desc=0
IFS="	
"
for t in ${tests}; do
	[ $desc -eq 0 ] && name="${t}" && desc=1 && continue || desc=0

	(
		unset IFS
		eval test_${name}
		ret=$?
		cleanup

		if [ $ret -eq 0 ]; then
			printf "TEST: %-60s  [ OK ]\n" "${t}"
		elif [ $ret -eq 1 ]; then
			printf "TEST: %-60s  [FAIL]\n" "${t}"
			err_flush
			exit 1
		elif [ $ret -eq 2 ]; then
			printf "TEST: %-60s  [SKIP]\n" "${t}"
			err_flush
		fi
	)
	[ $? -ne 0 ] && exitcode=1
done

exit ${exitcode}
Commit	Line	Data
d1f1b9cb SB	1	#!/bin/sh
	2	# SPDX-License-Identifier: GPL-2.0
	3	#
a41c789b SB	4	# Check that route PMTU values match expectations, and that initial device MTU
a41c789b SB	5	# values are assigned correctly
d1f1b9cb SB	6	#
	7	# Tests currently implemented:
	8	#
5e84430b SB	9	# - pmtu_vti4_exception
	10	# Set up vti tunnel on top of veth, with xfrm states and policies, in two
	11	# namespaces with matching endpoints. Check that route exception is not
	12	# created if link layer MTU is not exceeded, then exceed it and check that
	13	# exception is created with the expected PMTU. The approach described
	14	# below for IPv6 doesn't apply here, because, on IPv4, administrative MTU
	15	# changes alone won't affect PMTU
	16	#
36455bd1	17	# - pmtu_vti6_exception
d1f1b9cb SB	18	# Set up vti6 tunnel on top of veth, with xfrm states and policies, in two
	19	# namespaces with matching endpoints. Check that route exception is
	20	# created by exceeding link layer MTU with ping to other endpoint. Then
	21	# decrease and increase MTU of tunnel, checking that route exception PMTU
	22	# changes accordingly
a41c789b SB	23	#
	24	# - pmtu_vti4_default_mtu
	25	# Set up vti4 tunnel on top of veth, in two namespaces with matching
	26	# endpoints. Check that MTU assigned to vti interface is the MTU of the
	27	# lower layer (veth) minus additional lower layer headers (zero, for veth)
	28	# minus IPv4 header length
35b49424 SB	29	#
	30	# - pmtu_vti6_default_mtu
	31	# Same as above, for IPv6
719e1215 SB	32	#
	33	# - pmtu_vti4_link_add_mtu
	34	# Set up vti4 interface passing MTU value at link creation, check MTU is
	35	# configured, and that link is not created with invalid MTU values
8b6022fc SB	36	#
	37	# - pmtu_vti6_link_add_mtu
	38	# Same as above, for IPv6
1fad59ea SB	39	#
	40	# - pmtu_vti6_link_change_mtu
	41	# Set up two dummy interfaces with different MTUs, create a vti6 tunnel
	42	# and check that configured MTU is used on link creation and changes, and
	43	# that MTU is properly calculated instead when MTU is not configured from
	44	# userspace
d1f1b9cb	45
57aefc7c SKSO	46	# Kselftest framework requirement - SKIP code is 4.
	47	ksft_skip=4
	48
36455bd1	49	tests="
1fad59ea SB	50	pmtu_vti6_exception vti6: PMTU exceptions
	51	pmtu_vti4_exception vti4: PMTU exceptions
	52	pmtu_vti4_default_mtu vti4: default MTU assignment
	53	pmtu_vti6_default_mtu vti6: default MTU assignment
	54	pmtu_vti4_link_add_mtu vti4: MTU setting on link creation
	55	pmtu_vti6_link_add_mtu vti6: MTU setting on link creation
	56	pmtu_vti6_link_change_mtu vti6: MTU changes on link changes"
36455bd1	57
d1f1b9cb SB	58	NS_A="ns-$(mktemp -u XXXXXX)"
	59	NS_B="ns-$(mktemp -u XXXXXX)"
	60	ns_a="ip netns exec ${NS_A}"
	61	ns_b="ip netns exec ${NS_B}"
	62
a41c789b SB	63	veth4_a_addr="192.168.1.1"
	64	veth4_b_addr="192.168.1.2"
	65	veth4_mask="24"
d1f1b9cb SB	66	veth6_a_addr="fd00:1::a"
	67	veth6_b_addr="fd00:1::b"
	68	veth6_mask="64"
	69
a41c789b SB	70	vti4_a_addr="192.168.2.1"
	71	vti4_b_addr="192.168.2.2"
	72	vti4_mask="24"
d1f1b9cb SB	73	vti6_a_addr="fd00:2::a"
	74	vti6_b_addr="fd00:2::b"
	75	vti6_mask="64"
	76
1fad59ea SB	77	dummy6_0_addr="fc00:1000::0"
	78	dummy6_1_addr="fc00:1001::0"
	79	dummy6_mask="64"
	80
36455bd1 SB	81	cleanup_done=1
	82	err_buf=
	83
	84	err() {
	85	err_buf="${err_buf}${1}
	86	"
	87	}
	88
	89	err_flush() {
	90	echo -n "${err_buf}"
	91	err_buf=
	92	}
	93
d1f1b9cb	94	setup_namespaces() {
380e29a6	95	ip netns add ${NS_A} \|\| return 1
d1f1b9cb	96	ip netns add ${NS_B}
d1f1b9cb SB	97	}
	98
	99	setup_veth() {
380e29a6	100	${ns_a} ip link add veth_a type veth peer name veth_b \|\| return 1
d1f1b9cb SB	101	${ns_a} ip link set veth_b netns ${NS_B}
d1f1b9cb SB	102
a41c789b SB	103	${ns_a} ip addr add ${veth4_a_addr}/${veth4_mask} dev veth_a
	104	${ns_b} ip addr add ${veth4_b_addr}/${veth4_mask} dev veth_b
	105
d1f1b9cb SB	106	${ns_a} ip addr add ${veth6_a_addr}/${veth6_mask} dev veth_a
	107	${ns_b} ip addr add ${veth6_b_addr}/${veth6_mask} dev veth_b
	108
	109	${ns_a} ip link set veth_a up
	110	${ns_b} ip link set veth_b up
d1f1b9cb SB	111	}
d1f1b9cb SB	112
a41c789b SB	113	setup_vti() {
	114	proto=${1}
	115	veth_a_addr="${2}"
	116	veth_b_addr="${3}"
	117	vti_a_addr="${4}"
	118	vti_b_addr="${5}"
	119	vti_mask=${6}
d1f1b9cb	120
a41c789b	121	[ ${proto} -eq 6 ] && vti_type="vti6" \|\| vti_type="vti"
d1f1b9cb	122
a41c789b SB	123	${ns_a} ip link add vti${proto}_a type ${vti_type} local ${veth_a_addr} remote ${veth_b_addr} key 10 \|\| return 1
	124	${ns_b} ip link add vti${proto}_b type ${vti_type} local ${veth_b_addr} remote ${veth_a_addr} key 10
	125
	126	${ns_a} ip addr add ${vti_a_addr}/${vti_mask} dev vti${proto}_a
	127	${ns_b} ip addr add ${vti_b_addr}/${vti_mask} dev vti${proto}_b
	128
	129	${ns_a} ip link set vti${proto}_a up
	130	${ns_b} ip link set vti${proto}_b up
d1f1b9cb SB	131
d1f1b9cb SB	132	sleep 1
d1f1b9cb SB	133	}
d1f1b9cb SB	134
a41c789b SB	135	setup_vti4() {
	136	setup_vti 4 ${veth4_a_addr} ${veth4_b_addr} ${vti4_a_addr} ${vti4_b_addr} ${vti4_mask}
	137	}
	138
	139	setup_vti6() {
	140	setup_vti 6 ${veth6_a_addr} ${veth6_b_addr} ${vti6_a_addr} ${vti6_b_addr} ${vti6_mask}
	141	}
	142
d1f1b9cb	143	setup_xfrm() {
5e84430b SB	144	proto=${1}
	145	veth_a_addr="${2}"
	146	veth_b_addr="${3}"
	147
	148	${ns_a} ip -${proto} xfrm state add src ${veth_a_addr} dst ${veth_b_addr} spi 0x1000 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel \|\| return 1
	149	${ns_a} ip -${proto} xfrm state add src ${veth_b_addr} dst ${veth_a_addr} spi 0x1001 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
	150	${ns_a} ip -${proto} xfrm policy add dir out mark 10 tmpl src ${veth_a_addr} dst ${veth_b_addr} proto esp mode tunnel
	151	${ns_a} ip -${proto} xfrm policy add dir in mark 10 tmpl src ${veth_b_addr} dst ${veth_a_addr} proto esp mode tunnel
	152
	153	${ns_b} ip -${proto} xfrm state add src ${veth_a_addr} dst ${veth_b_addr} spi 0x1000 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
	154	${ns_b} ip -${proto} xfrm state add src ${veth_b_addr} dst ${veth_a_addr} spi 0x1001 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
	155	${ns_b} ip -${proto} xfrm policy add dir out mark 10 tmpl src ${veth_b_addr} dst ${veth_a_addr} proto esp mode tunnel
	156	${ns_b} ip -${proto} xfrm policy add dir in mark 10 tmpl src ${veth_a_addr} dst ${veth_b_addr} proto esp mode tunnel
	157	}
	158
	159	setup_xfrm4() {
	160	setup_xfrm 4 ${veth4_a_addr} ${veth4_b_addr}
	161	}
d1f1b9cb	162
5e84430b SB	163	setup_xfrm6() {
5e84430b SB	164	setup_xfrm 6 ${veth6_a_addr} ${veth6_b_addr}
d1f1b9cb SB	165	}
	166
	167	setup() {
57aefc7c	168	[ "$(id -u)" -ne 0 ] && echo " need to run as root" && return $ksft_skip
d1f1b9cb	169
36455bd1 SB	170	cleanup_done=0
	171	for arg do
	172	eval setup_${arg} \|\| { echo " ${arg} not supported"; return 1; }
	173	done
d1f1b9cb SB	174	}
	175
	176	cleanup() {
36455bd1	177	[ ${cleanup_done} -eq 1 ] && return
d1f1b9cb SB	178	ip netns del ${NS_A} 2 > /dev/null
d1f1b9cb SB	179	ip netns del ${NS_B} 2 > /dev/null
36455bd1	180	cleanup_done=1
d1f1b9cb SB	181	}
	182
	183	mtu() {
	184	ns_cmd="${1}"
	185	dev="${2}"
	186	mtu="${3}"
	187
	188	${ns_cmd} ip link set dev ${dev} mtu ${mtu}
	189	}
	190
f2c929fe SB	191	mtu_parse() {
	192	input="${1}"
	193
	194	next=0
	195	for i in ${input}; do
	196	[ ${next} -eq 1 ] && echo "${i}" && return
	197	[ "${i}" = "mtu" ] && next=1
	198	done
	199	}
	200
a41c789b SB	201	link_get() {
	202	ns_cmd="${1}"
	203	name="${2}"
	204
	205	${ns_cmd} ip link show dev "${name}"
	206	}
	207
	208	link_get_mtu() {
	209	ns_cmd="${1}"
	210	name="${2}"
	211
	212	mtu_parse "$(link_get "${ns_cmd}" ${name})"
	213	}
	214
d1f1b9cb	215	route_get_dst_exception() {
822d2f86 SB	216	ns_cmd="${1}"
822d2f86 SB	217	dst="${2}"
d1f1b9cb	218
822d2f86	219	${ns_cmd} ip route get "${dst}"
d1f1b9cb SB	220	}
	221
	222	route_get_dst_pmtu_from_exception() {
822d2f86 SB	223	ns_cmd="${1}"
822d2f86 SB	224	dst="${2}"
d1f1b9cb	225
f2c929fe	226	mtu_parse "$(route_get_dst_exception "${ns_cmd}" ${dst})"
d1f1b9cb SB	227	}
d1f1b9cb SB	228
5e84430b SB	229	test_pmtu_vti4_exception() {
	230	setup namespaces veth vti4 xfrm4 \|\| return 2
	231
	232	veth_mtu=1500
	233	vti_mtu=$((veth_mtu - 20))
	234
	235	# SPI SN IV ICV pad length next header
	236	esp_payload_rfc4106=$((vti_mtu - 4 - 4 - 8 - 16 - 1 - 1))
	237	ping_payload=$((esp_payload_rfc4106 - 28))
	238
	239	mtu "${ns_a}" veth_a ${veth_mtu}
	240	mtu "${ns_b}" veth_b ${veth_mtu}
	241	mtu "${ns_a}" vti4_a ${vti_mtu}
	242	mtu "${ns_b}" vti4_b ${vti_mtu}
	243
	244	# Send DF packet without exceeding link layer MTU, check that no
	245	# exception is created
	246	${ns_a} ping -q -M want -i 0.1 -w 2 -s ${ping_payload} ${vti4_b_addr} > /dev/null
	247	pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti4_b_addr})"
	248	if [ "${pmtu}" != "" ]; then
	249	err " unexpected exception created with PMTU ${pmtu} for IP payload length ${esp_payload_rfc4106}"
	250	return 1
	251	fi
	252
	253	# Now exceed link layer MTU by one byte, check that exception is created
	254	${ns_a} ping -q -M want -i 0.1 -w 2 -s $((ping_payload + 1)) ${vti4_b_addr} > /dev/null
	255	pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti4_b_addr})"
	256	if [ "${pmtu}" = "" ]; then
	257	err " exception not created for IP payload length $((esp_payload_rfc4106 + 1))"
	258	return 1
	259	fi
	260
	261	# ...with the right PMTU value
	262	if [ ${pmtu} -ne ${esp_payload_rfc4106} ]; then
	263	err " wrong PMTU ${pmtu} in exception, expected: ${esp_payload_rfc4106}"
	264	return 1
	265	fi
	266	}
	267
d1f1b9cb	268	test_pmtu_vti6_exception() {
5e84430b	269	setup namespaces veth vti6 xfrm6 \|\| return 2
36455bd1	270	fail=0
d1f1b9cb SB	271
	272	# Create route exception by exceeding link layer MTU
	273	mtu "${ns_a}" veth_a 4000
	274	mtu "${ns_b}" veth_b 4000
a41c789b SB	275	mtu "${ns_a}" vti6_a 5000
a41c789b SB	276	mtu "${ns_b}" vti6_b 5000
d1f1b9cb SB	277	${ns_a} ping6 -q -i 0.1 -w 2 -s 60000 ${vti6_b_addr} > /dev/null
	278
	279	# Check that exception was created
822d2f86	280	if [ "$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti6_b_addr})" = "" ]; then
36455bd1 SB	281	err " tunnel exceeding link layer MTU didn't create route exception"
36455bd1 SB	282	return 1
d1f1b9cb SB	283	fi
	284
	285	# Decrease tunnel MTU, check for PMTU decrease in route exception
a41c789b	286	mtu "${ns_a}" vti6_a 3000
d1f1b9cb	287
822d2f86	288	if [ "$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti6_b_addr})" -ne 3000 ]; then
36455bd1 SB	289	err " decreasing tunnel MTU didn't decrease route exception PMTU"
36455bd1 SB	290	fail=1
d1f1b9cb SB	291	fi
	292
	293	# Increase tunnel MTU, check for PMTU increase in route exception
a41c789b	294	mtu "${ns_a}" vti6_a 9000
822d2f86	295	if [ "$(route_get_dst_pmtu_from_exception "${ns_a}" ${vti6_b_addr})" -ne 9000 ]; then
36455bd1 SB	296	err " increasing tunnel MTU didn't increase route exception PMTU"
36455bd1 SB	297	fail=1
d1f1b9cb SB	298	fi
d1f1b9cb SB	299
36455bd1	300	return ${fail}
d1f1b9cb SB	301	}
d1f1b9cb SB	302
a41c789b SB	303	test_pmtu_vti4_default_mtu() {
	304	setup namespaces veth vti4 \|\| return 2
	305
	306	# Check that MTU of vti device is MTU of veth minus IPv4 header length
	307	veth_mtu="$(link_get_mtu "${ns_a}" veth_a)"
	308	vti4_mtu="$(link_get_mtu "${ns_a}" vti4_a)"
	309	if [ $((veth_mtu - vti4_mtu)) -ne 20 ]; then
	310	err " vti MTU ${vti4_mtu} is not veth MTU ${veth_mtu} minus IPv4 header length"
	311	return 1
	312	fi
	313	}
	314
35b49424 SB	315	test_pmtu_vti6_default_mtu() {
	316	setup namespaces veth vti6 \|\| return 2
	317
	318	# Check that MTU of vti device is MTU of veth minus IPv6 header length
	319	veth_mtu="$(link_get_mtu "${ns_a}" veth_a)"
	320	vti6_mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	321	if [ $((veth_mtu - vti6_mtu)) -ne 40 ]; then
	322	err " vti MTU ${vti6_mtu} is not veth MTU ${veth_mtu} minus IPv6 header length"
	323	return 1
	324	fi
	325	}
	326
719e1215 SB	327	test_pmtu_vti4_link_add_mtu() {
	328	setup namespaces \|\| return 2
	329
	330	${ns_a} ip link add vti4_a type vti local ${veth4_a_addr} remote ${veth4_b_addr} key 10
	331	[ $? -ne 0 ] && err " vti not supported" && return 2
	332	${ns_a} ip link del vti4_a
	333
	334	fail=0
	335
	336	min=68
902b5417	337	max=$((65535 - 20))
719e1215 SB	338	# Check invalid values first
	339	for v in $((min - 1)) $((max + 1)); do
	340	${ns_a} ip link add vti4_a mtu ${v} type vti local ${veth4_a_addr} remote ${veth4_b_addr} key 10 2>/dev/null
	341	# This can fail, or MTU can be adjusted to a proper value
	342	[ $? -ne 0 ] && continue
	343	mtu="$(link_get_mtu "${ns_a}" vti4_a)"
	344	if [ ${mtu} -lt ${min} -o ${mtu} -gt ${max} ]; then
	345	err " vti tunnel created with invalid MTU ${mtu}"
	346	fail=1
	347	fi
	348	${ns_a} ip link del vti4_a
	349	done
	350
	351	# Now check valid values
	352	for v in ${min} 1300 ${max}; do
	353	${ns_a} ip link add vti4_a mtu ${v} type vti local ${veth4_a_addr} remote ${veth4_b_addr} key 10
	354	mtu="$(link_get_mtu "${ns_a}" vti4_a)"
	355	${ns_a} ip link del vti4_a
	356	if [ "${mtu}" != "${v}" ]; then
	357	err " vti MTU ${mtu} doesn't match configured value ${v}"
	358	fail=1
	359	fi
	360	done
	361
	362	return ${fail}
	363	}
	364
8b6022fc SB	365	test_pmtu_vti6_link_add_mtu() {
	366	setup namespaces \|\| return 2
	367
	368	${ns_a} ip link add vti6_a type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10
	369	[ $? -ne 0 ] && err " vti6 not supported" && return 2
	370	${ns_a} ip link del vti6_a
	371
	372	fail=0
	373
5a643c86	374	min=68 # vti6 can carry IPv4 packets too
8b6022fc SB	375	max=$((65535 - 40))
	376	# Check invalid values first
	377	for v in $((min - 1)) $((max + 1)); do
	378	${ns_a} ip link add vti6_a mtu ${v} type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10 2>/dev/null
	379	# This can fail, or MTU can be adjusted to a proper value
	380	[ $? -ne 0 ] && continue
	381	mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	382	if [ ${mtu} -lt ${min} -o ${mtu} -gt ${max} ]; then
	383	err " vti6 tunnel created with invalid MTU ${v}"
	384	fail=1
	385	fi
	386	${ns_a} ip link del vti6_a
	387	done
	388
	389	# Now check valid values
5a643c86	390	for v in 68 1280 1300 $((65535 - 40)); do
8b6022fc SB	391	${ns_a} ip link add vti6_a mtu ${v} type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10
	392	mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	393	${ns_a} ip link del vti6_a
	394	if [ "${mtu}" != "${v}" ]; then
	395	err " vti6 MTU ${mtu} doesn't match configured value ${v}"
	396	fail=1
	397	fi
	398	done
	399
	400	return ${fail}
	401	}
	402
1fad59ea SB	403	test_pmtu_vti6_link_change_mtu() {
	404	setup namespaces \|\| return 2
	405
	406	${ns_a} ip link add dummy0 mtu 1500 type dummy
	407	[ $? -ne 0 ] && err " dummy not supported" && return 2
	408	${ns_a} ip link add dummy1 mtu 3000 type dummy
	409	${ns_a} ip link set dummy0 up
	410	${ns_a} ip link set dummy1 up
	411
	412	${ns_a} ip addr add ${dummy6_0_addr}/${dummy6_mask} dev dummy0
	413	${ns_a} ip addr add ${dummy6_1_addr}/${dummy6_mask} dev dummy1
	414
	415	fail=0
	416
	417	# Create vti6 interface bound to device, passing MTU, check it
	418	${ns_a} ip link add vti6_a mtu 1300 type vti6 remote ${dummy6_0_addr} local ${dummy6_0_addr}
	419	mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	420	if [ ${mtu} -ne 1300 ]; then
	421	err " vti6 MTU ${mtu} doesn't match configured value 1300"
	422	fail=1
	423	fi
	424
	425	# Move to another device with different MTU, without passing MTU, check
	426	# MTU is adjusted
1fad59ea SB	427	${ns_a} ip link set vti6_a type vti6 remote ${dummy6_1_addr} local ${dummy6_1_addr}
	428	mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	429	if [ ${mtu} -ne $((3000 - 40)) ]; then
	430	err " vti MTU ${mtu} is not dummy MTU 3000 minus IPv6 header length"
	431	fail=1
	432	fi
	433
	434	# Move it back, passing MTU, check MTU is not overridden
1fad59ea SB	435	${ns_a} ip link set vti6_a mtu 1280 type vti6 remote ${dummy6_0_addr} local ${dummy6_0_addr}
	436	mtu="$(link_get_mtu "${ns_a}" vti6_a)"
	437	if [ ${mtu} -ne 1280 ]; then
	438	err " vti6 MTU ${mtu} doesn't match configured value 1280"
	439	fail=1
	440	fi
	441
	442	return ${fail}
	443	}
	444
d1f1b9cb SB	445	trap cleanup EXIT
d1f1b9cb SB	446
36455bd1 SB	447	exitcode=0
	448	desc=0
	449	IFS="
	450	"
	451	for t in ${tests}; do
	452	[ $desc -eq 0 ] && name="${t}" && desc=1 && continue \|\| desc=0
	453
	454	(
	455	unset IFS
	456	eval test_${name}
	457	ret=$?
	458	cleanup
	459
	460	if [ $ret -eq 0 ]; then
	461	printf "TEST: %-60s [ OK ]\n" "${t}"
	462	elif [ $ret -eq 1 ]; then
	463	printf "TEST: %-60s [FAIL]\n" "${t}"
	464	err_flush
	465	exit 1
	466	elif [ $ret -eq 2 ]; then
	467	printf "TEST: %-60s [SKIP]\n" "${t}"
	468	err_flush
	469	fi
	470	)
	471	[ $? -ne 0 ] && exitcode=1
	472	done
	473
	474	exit ${exitcode}