[NOMERGE] net: selftests: Add xfrm encryption for vxlan

[NOMERGE] net: selftests: Add xfrm encryption for vxlan

[Briana Oursler]

Extend existing test by adding xfrm encryption on vxlan tunnel in
namespaces a and b.

Signed-off-by: Briana Oursler <briana.oursler@gmail.com>
---

 tools/testing/selftests/net/pmtu.sh | 31 ++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 tools/testing/selftests/net/pmtu.sh

diff --git a/tools/testing/selftests/net/pmtu.sh b/tools/testing/selftests/net/pmtu.sh
old mode 100755
new mode 100644
index 71a62e7e35b1..824823470bc2
--- a/tools/testing/selftests/net/pmtu.sh
+++ b/tools/testing/selftests/net/pmtu.sh
@@ -122,6 +122,7 @@
 
 
 # Kselftest framework requirement - SKIP code is 4.
+
 ksft_skip=4
 
 PAUSE_ON_FAIL=no
@@ -161,7 +162,8 @@ tests="
 	cleanup_ipv4_exception		ipv4: cleanup of cached exceptions	1
 	cleanup_ipv6_exception		ipv6: cleanup of cached exceptions	1
 	list_flush_ipv4_exception	ipv4: list and flush cached exceptions	1
-	list_flush_ipv6_exception	ipv6: list and flush cached exceptions	1"
+	list_flush_ipv6_exception	ipv6: list and flush cached exceptions	1
+	xfrm_vxlan			ipv6: xfrm policy on vxlan		0"
 
 NS_A="ns-A"
 NS_B="ns-B"
@@ -451,6 +453,26 @@ setup_vxlan4() {
 	setup_vxlan_or_geneve vxlan  ${prefix4}.${a_r1}.1  ${prefix4}.${b_r1}.1  "df set"
 }
 
+setup_xfrm_sec() {
+	a_addr="${1}"
+	b_addr="${2}"
+	spi1='0x100'
+	spi2='0x101'
+	proto="proto esp"
+	alg="aead rfc4106(gcm(aes)) 0x8a60673197134fca0959564327a61f943accde0a 128"
+	ipsec_mode="tunnel"
+
+	run_cmd ${ns_a} ip xfrm state add src ${a_addr} dst ${b_addr} spi ${spi1} ${proto} ${alg} mode ${ipsec_mode} sel src ${a_addr} dst ${b_addr}
+	run_cmd ${ns_a} ip xfrm state add src ${b_addr} dst ${a_addr} spi ${spi2} ${proto} ${alg} mode ${ipsec_mode} sel src ${b_addr} dst ${a_addr}
+	run_cmd ${ns_a} ip xfrm policy add dir out src ${a_addr} dst ${b_addr} tmpl src ${a_addr} dst ${b_addr} ${proto} mode ${ipsec_mode}
+	run_cmd ${ns_a} ip xfrm policy add dir in  src ${b_addr} dst ${a_addr} tmpl src ${b_addr} dst ${a_addr} ${proto} mode ${ipsec_mode} level use
+
+	run_cmd ${ns_b} ip xfrm state add src ${b_addr} dst ${a_addr} spi ${spi2} ${proto} ${alg} mode ${ipsec_mode} sel src ${b_addr} dst ${a_addr}
+	run_cmd ${ns_b} ip xfrm state add src ${a_addr} dst ${b_addr} spi ${spi1} ${proto} ${alg} mode ${ipsec_mode} sel src ${a_addr} dst ${b_addr}
+	run_cmd ${ns_b} ip xfrm policy add dir out src ${b_addr} dst ${a_addr} tmpl src ${b_addr} dst ${a_addr} ${proto} mode ${ipsec_mode}
+	run_cmd ${ns_b} ip xfrm policy add dir in  src ${a_addr} dst ${b_addr} tmpl src ${a_addr} dst ${b_addr} ${proto} mode ${ipsec_mode} level use
+}
+
 setup_geneve6() {
 	setup_vxlan_or_geneve geneve ${prefix6}:${a_r1}::1 ${prefix6}:${b_r1}::1
 }
@@ -659,6 +681,13 @@ check_pmtu_value() {
 	return 1
 }
 
+test_xfrm_vxlan() {
+	setup namespaces routing vxlan6 || return 2
+	setup_xfrm_sec ${tunnel6_a_addr} ${tunnel6_b_addr} || return 1
+	sleep 1
+	run_cmd ${ns_a} ping -6 -c 5 ${tunnel6_b_addr} || return 1
+}
+
 test_pmtu_ipvX() {
 	family=${1}
 
-- 
2.24.1

Re: [NOMERGE] net: selftests: Add xfrm encryption for vxlan

[Briana Oursler]

On Mon, 2020-04-06 at 23:44 -0700, Briana Oursler wrote:
> Extend existing test by adding xfrm encryption on vxlan tunnel in
> namespaces a and b.
> 
> Signed-off-by: Briana Oursler <briana.oursler@gmail.com>
> ---

I additionally wanted to give credit that this change was made based on
starter code provided by Stefano Brivio but not sure if that goes in
the patch description or not. I will resend if recommended.

Thanks,

Briana

>  tools/testing/selftests/net/pmtu.sh | 31
> ++++++++++++++++++++++++++++-
>  1 file changed, 30 insertions(+), 1 deletion(-)
>  mode change 100755 => 100644 tools/testing/selftests/net/pmtu.sh
> 
> diff --git a/tools/testing/selftests/net/pmtu.sh
> b/tools/testing/selftests/net/pmtu.sh
> old mode 100755
> new mode 100644
> index 71a62e7e35b1..824823470bc2
> --- a/tools/testing/selftests/net/pmtu.sh
> +++ b/tools/testing/selftests/net/pmtu.sh
> @@ -122,6 +122,7 @@
>  
>  
>  # Kselftest framework requirement - SKIP code is 4.
> +
>  ksft_skip=4
>  
>  PAUSE_ON_FAIL=no
> @@ -161,7 +162,8 @@ tests="
>  	cleanup_ipv4_exception		ipv4: cleanup of cached
> exceptions	1
>  	cleanup_ipv6_exception		ipv6: cleanup of cached
> exceptions	1
>  	list_flush_ipv4_exception	ipv4: list and flush cached
> exceptions	1
> -	list_flush_ipv6_exception	ipv6: list and flush cached
> exceptions	1"
> +	list_flush_ipv6_exception	ipv6: list and flush cached
> exceptions	1
> +	xfrm_vxlan			ipv6: xfrm policy on vxlan	
> 	0"
>  
>  NS_A="ns-A"
>  NS_B="ns-B"
> @@ -451,6 +453,26 @@ setup_vxlan4() {
>  	setup_vxlan_or_geneve
> vxlan  ${prefix4}.${a_r1}.1  ${prefix4}.${b_r1}.1  "df set"
>  }
>  
> +setup_xfrm_sec() {
> +	a_addr="${1}"
> +	b_addr="${2}"
> +	spi1='0x100'
> +	spi2='0x101'
> +	proto="proto esp"
> +	alg="aead rfc4106(gcm(aes))
> 0x8a60673197134fca0959564327a61f943accde0a 128"
> +	ipsec_mode="tunnel"
> +
> +	run_cmd ${ns_a} ip xfrm state add src ${a_addr} dst ${b_addr}
> spi ${spi1} ${proto} ${alg} mode ${ipsec_mode} sel src ${a_addr} dst
> ${b_addr}
> +	run_cmd ${ns_a} ip xfrm state add src ${b_addr} dst ${a_addr}
> spi ${spi2} ${proto} ${alg} mode ${ipsec_mode} sel src ${b_addr} dst
> ${a_addr}
> +	run_cmd ${ns_a} ip xfrm policy add dir out src ${a_addr} dst
> ${b_addr} tmpl src ${a_addr} dst ${b_addr} ${proto} mode
> ${ipsec_mode}
> +	run_cmd ${ns_a} ip xfrm policy add dir in  src ${b_addr} dst
> ${a_addr} tmpl src ${b_addr} dst ${a_addr} ${proto} mode
> ${ipsec_mode} level use
> +
> +	run_cmd ${ns_b} ip xfrm state add src ${b_addr} dst ${a_addr}
> spi ${spi2} ${proto} ${alg} mode ${ipsec_mode} sel src ${b_addr} dst
> ${a_addr}
> +	run_cmd ${ns_b} ip xfrm state add src ${a_addr} dst ${b_addr}
> spi ${spi1} ${proto} ${alg} mode ${ipsec_mode} sel src ${a_addr} dst
> ${b_addr}
> +	run_cmd ${ns_b} ip xfrm policy add dir out src ${b_addr} dst
> ${a_addr} tmpl src ${b_addr} dst ${a_addr} ${proto} mode
> ${ipsec_mode}
> +	run_cmd ${ns_b} ip xfrm policy add dir in  src ${a_addr} dst
> ${b_addr} tmpl src ${a_addr} dst ${b_addr} ${proto} mode
> ${ipsec_mode} level use
> +}
> +
>  setup_geneve6() {
>  	setup_vxlan_or_geneve geneve ${prefix6}:${a_r1}::1
> ${prefix6}:${b_r1}::1
>  }
> @@ -659,6 +681,13 @@ check_pmtu_value() {
>  	return 1
>  }
>  
> +test_xfrm_vxlan() {
> +	setup namespaces routing vxlan6 || return 2
> +	setup_xfrm_sec ${tunnel6_a_addr} ${tunnel6_b_addr} || return 1
> +	sleep 1
> +	run_cmd ${ns_a} ping -6 -c 5 ${tunnel6_b_addr} || return 1
> +}
> +
>  test_pmtu_ipvX() {
>  	family=${1}
>  

Re: [Outreachy kernel] Re: [NOMERGE] net: selftests: Add xfrm encryption for vxlan

[Julia Lawall]

On Tue, 7 Apr 2020, Briana Oursler wrote:

> On Mon, 2020-04-06 at 23:44 -0700, Briana Oursler wrote:
> > Extend existing test by adding xfrm encryption on vxlan tunnel in
> > namespaces a and b.
> >
> > Signed-off-by: Briana Oursler <briana.oursler@gmail.com>
> > ---
>
> I additionally wanted to give credit that this change was made based on
> starter code provided by Stefano Brivio but not sure if that goes in
> the patch description or not. I will resend if recommended.

Maybe Suggested-by?

julia

>
> Thanks,
>
> Briana
>
> >  tools/testing/selftests/net/pmtu.sh | 31
> > ++++++++++++++++++++++++++++-
> >  1 file changed, 30 insertions(+), 1 deletion(-)
> >  mode change 100755 => 100644 tools/testing/selftests/net/pmtu.sh
> >
> > diff --git a/tools/testing/selftests/net/pmtu.sh
> > b/tools/testing/selftests/net/pmtu.sh
> > old mode 100755
> > new mode 100644
> > index 71a62e7e35b1..824823470bc2
> > --- a/tools/testing/selftests/net/pmtu.sh
> > +++ b/tools/testing/selftests/net/pmtu.sh
> > @@ -122,6 +122,7 @@
> >
> >
> >  # Kselftest framework requirement - SKIP code is 4.
> > +
> >  ksft_skip=4
> >
> >  PAUSE_ON_FAIL=no
> > @@ -161,7 +162,8 @@ tests="
> >  	cleanup_ipv4_exception		ipv4: cleanup of cached
> > exceptions	1
> >  	cleanup_ipv6_exception		ipv6: cleanup of cached
> > exceptions	1
> >  	list_flush_ipv4_exception	ipv4: list and flush cached
> > exceptions	1
> > -	list_flush_ipv6_exception	ipv6: list and flush cached
> > exceptions	1"
> > +	list_flush_ipv6_exception	ipv6: list and flush cached
> > exceptions	1
> > +	xfrm_vxlan			ipv6: xfrm policy on vxlan
> > 	0"
> >
> >  NS_A="ns-A"
> >  NS_B="ns-B"
> > @@ -451,6 +453,26 @@ setup_vxlan4() {
> >  	setup_vxlan_or_geneve
> > vxlan  ${prefix4}.${a_r1}.1  ${prefix4}.${b_r1}.1  "df set"
> >  }
> >
> > +setup_xfrm_sec() {
> > +	a_addr="${1}"
> > +	b_addr="${2}"
> > +	spi1='0x100'
> > +	spi2='0x101'
> > +	proto="proto esp"
> > +	alg="aead rfc4106(gcm(aes))
> > 0x8a60673197134fca0959564327a61f943accde0a 128"
> > +	ipsec_mode="tunnel"
> > +
> > +	run_cmd ${ns_a} ip xfrm state add src ${a_addr} dst ${b_addr}
> > spi ${spi1} ${proto} ${alg} mode ${ipsec_mode} sel src ${a_addr} dst
> > ${b_addr}
> > +	run_cmd ${ns_a} ip xfrm state add src ${b_addr} dst ${a_addr}
> > spi ${spi2} ${proto} ${alg} mode ${ipsec_mode} sel src ${b_addr} dst
> > ${a_addr}
> > +	run_cmd ${ns_a} ip xfrm policy add dir out src ${a_addr} dst
> > ${b_addr} tmpl src ${a_addr} dst ${b_addr} ${proto} mode
> > ${ipsec_mode}
> > +	run_cmd ${ns_a} ip xfrm policy add dir in  src ${b_addr} dst
> > ${a_addr} tmpl src ${b_addr} dst ${a_addr} ${proto} mode
> > ${ipsec_mode} level use
> > +
> > +	run_cmd ${ns_b} ip xfrm state add src ${b_addr} dst ${a_addr}
> > spi ${spi2} ${proto} ${alg} mode ${ipsec_mode} sel src ${b_addr} dst
> > ${a_addr}
> > +	run_cmd ${ns_b} ip xfrm state add src ${a_addr} dst ${b_addr}
> > spi ${spi1} ${proto} ${alg} mode ${ipsec_mode} sel src ${a_addr} dst
> > ${b_addr}
> > +	run_cmd ${ns_b} ip xfrm policy add dir out src ${b_addr} dst
> > ${a_addr} tmpl src ${b_addr} dst ${a_addr} ${proto} mode
> > ${ipsec_mode}
> > +	run_cmd ${ns_b} ip xfrm policy add dir in  src ${a_addr} dst
> > ${b_addr} tmpl src ${a_addr} dst ${b_addr} ${proto} mode
> > ${ipsec_mode} level use
> > +}
> > +
> >  setup_geneve6() {
> >  	setup_vxlan_or_geneve geneve ${prefix6}:${a_r1}::1
> > ${prefix6}:${b_r1}::1
> >  }
> > @@ -659,6 +681,13 @@ check_pmtu_value() {
> >  	return 1
> >  }
> >
> > +test_xfrm_vxlan() {
> > +	setup namespaces routing vxlan6 || return 2
> > +	setup_xfrm_sec ${tunnel6_a_addr} ${tunnel6_b_addr} || return 1
> > +	sleep 1
> > +	run_cmd ${ns_a} ping -6 -c 5 ${tunnel6_b_addr} || return 1
> > +}
> > +
> >  test_pmtu_ipvX() {
> >  	family=${1}
> >
>
> --
> You received this message because you are subscribed to the Google Groups "outreachy-kernel" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to outreachy-kernel+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/outreachy-kernel/06a59883fde977deb7fbc056a5381832e9356754.camel%40gmail.com.
>

Re: [Outreachy kernel] Re: [NOMERGE] net: selftests: Add xfrm encryption for vxlan

[Stefano Brivio]

On Tue, 7 Apr 2020 19:02:56 +0200 (CEST)
Julia Lawall <julia.lawall@inria.fr> wrote:

> On Tue, 7 Apr 2020, Briana Oursler wrote:
> 
> > On Mon, 2020-04-06 at 23:44 -0700, Briana Oursler wrote:  
> > > Extend existing test by adding xfrm encryption on vxlan tunnel in
> > > namespaces a and b.
> > >
> > > Signed-off-by: Briana Oursler <briana.oursler@gmail.com>
> > > ---  
> >
> > I additionally wanted to give credit that this change was made based on
> > starter code provided by Stefano Brivio but not sure if that goes in
> > the patch description or not. I will resend if recommended.  
> 
> Maybe Suggested-by?

Yes, thanks for the suggestion :)

Anyway, the patch is not functionally complete yet -- we can figure out
the details once it is.

-- 
Stefano