From db6641ee6e9e728efb71bda93740559dc55f696c Mon Sep 17 00:00:00 2001 From: David Ahern Date: Thu, 1 Aug 2019 11:56:47 -0700 Subject: selftests: Add ipv6 netfilter tests to fcnal-test Add IPv6 netfilter tests to send tcp reset or icmp unreachable for a port. Initial tests are VRF only. Signed-off-by: David Ahern Signed-off-by: David S. Miller --- tools/testing/selftests/net/fcnal-test.sh | 65 ++++++++++++++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) (limited to 'tools/testing/selftests/net/fcnal-test.sh') diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 6f56c91e2d66..17eec10e06bf 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -3185,6 +3185,68 @@ ipv4_netfilter() iptables -F } +netfilter_tcp6_reset() +{ + local a + + for a in ${NSA_IP6} ${VRF_IP6} + do + log_start + run_cmd nettest -6 -s & + sleep 1 + run_cmd_nsb nettest -6 -r ${a} + log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx" + done +} + +netfilter_icmp6() +{ + local stype="$1" + local arg + local a + + [ "${stype}" = "UDP" ] && arg="$arg -D" + + for a in ${NSA_IP6} ${VRF_IP6} + do + log_start + run_cmd nettest -6 -s ${arg} & + sleep 1 + run_cmd_nsb nettest -6 ${arg} -r ${a} + log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach" + done +} + +ipv6_netfilter() +{ + which nettest >/dev/null + if [ $? -ne 0 ]; then + log_error "nettest not found; skipping tests" + return + fi + + log_section "IPv6 Netfilter" + log_subsection "TCP reset" + + setup "yes" + run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset + + netfilter_tcp6_reset + + log_subsection "ICMP unreachable" + + log_start + run_cmd ip6tables -F + run_cmd ip6tables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable + run_cmd ip6tables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp6-port-unreachable + + netfilter_icmp6 "TCP" + netfilter_icmp6 "UDP" + + log_start + ip6tables -F +} + ################################################################################ # usage @@ -3206,7 +3268,7 @@ EOF # main TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter" -TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime" +TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime ipv6_netfilter" PAUSE_ON_FAIL=no PAUSE=no @@ -3256,6 +3318,7 @@ do ipv6_udp|udp6) ipv6_udp;; ipv6_bind|bind6) ipv6_addr_bind;; ipv6_runtime) ipv6_runtime;; + ipv6_netfilter) ipv6_netfilter;; # setup namespaces and config, but do not run any tests setup) setup; exit 0;; -- cgit v1.2.3-59-g8ed1b