[LTP] [PATCH v6 0/3] networking/stress/icmp: add ip xfrm ipsec support

[LTP] [PATCH v6 0/3] networking/stress/icmp: add ip xfrm ipsec support

[Hangbin Liu]

As we know, most of the network stress tests have IPsec testing, and we use
setkey for configuration. But setkey[1] hasn't updated for a long time. And
some distros, RHEL7 for example, even don't have ipset-tools package. On
other hand, iproute2 is recommend for network configuration. And ip xfrm is
more powerful than setkey. So let's use ip xfrm for ipsec testing.

[1] http://ipsec-tools.sourceforge.net/

Change from V5:
1. remove useless description
2. use same command substitution syntax in script
3. set TFAIL in the end

Hangbin Liu (3):
  lib/test_net.sh: add tst_ping() to check icmp connectivity
  network/stress: add ipsec lib
  network/stress/icmp: add icmp-uni-basic to implement all icmp basic
    stress test

 runtest/network_stress.icmp                  |  46 +++++++----
 testcases/lib/test_net.sh                    |  30 ++++++++
 testcases/network/stress/icmp/Makefile       |   3 +
 testcases/network/stress/icmp/icmp-uni-basic |  91 ++++++++++++++++++++++
 testcases/network/stress/ipsec/Makefile      |  28 +++++++
 testcases/network/stress/ipsec/ipsec_lib.sh  | 110 +++++++++++++++++++++++++++
 6 files changed, 294 insertions(+), 14 deletions(-)
 create mode 100755 testcases/network/stress/icmp/icmp-uni-basic
 create mode 100644 testcases/network/stress/ipsec/Makefile
 create mode 100644 testcases/network/stress/ipsec/ipsec_lib.sh

-- 
2.5.0

[LTP] [PATCH v6 1/3] lib/test_net.sh: add tst_ping() to check icmp connectivity

[Hangbin Liu]

Signed-off-by: Hangbin Liu <haliu@redhat.com>
---
 testcases/lib/test_net.sh | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/testcases/lib/test_net.sh b/testcases/lib/test_net.sh
index 418fed3..57728c9 100644
--- a/testcases/lib/test_net.sh
+++ b/testcases/lib/test_net.sh
@@ -314,3 +314,33 @@ tst_netload()
 
 	return $ret
 }
+
+# tst_ping [IFACE] [DST ADDR] [MESSAGE SIZE ARREY]
+# Check icmp connectivity
+# IFACE: source interface name
+# DST ADDR: destination IPv4 or IPv6 address
+# MESSAGE SIZE ARREY: message size arrey
+tst_ping()
+{
+	# The max number of ICMP echo request
+	PING_MAX=${PING_MAX:-"10"}
+
+	local src_iface=${1:-"$(tst_iface)"}
+	local dst_addr=${2:-"$(tst_ipaddr rhost)"}
+	local msg_sizes=${@:3}
+	local ret=0
+
+	# ping cmd use 56 as default message size
+	for size in ${msg_sizes:-"56"}; do
+		ping$TST_IPV6 -I $src_iface -c $PING_MAX $dst_addr \
+			-s $size > /dev/null 2>&1
+		ret=$?
+		if [ $ret -eq 0 ]; then
+			tst_resm TINFO "tst_ping IPv${TST_IPV6:-4} msg_size $size pass"
+		else
+			tst_resm TINFO "tst_ping IPv${TST_IPV6:-4} msg_size $size fail"
+			break
+		fi
+	done
+	return $ret
+}
-- 
2.5.0

[LTP] [PATCH v6 2/3] network/stress: add ipsec lib

[Hangbin Liu]

Signed-off-by: Hangbin Liu <haliu@redhat.com>
---
 testcases/network/stress/ipsec/Makefile     |  28 +++++++
 testcases/network/stress/ipsec/ipsec_lib.sh | 110 ++++++++++++++++++++++++++++
 2 files changed, 138 insertions(+)
 create mode 100644 testcases/network/stress/ipsec/Makefile
 create mode 100644 testcases/network/stress/ipsec/ipsec_lib.sh

diff --git a/testcases/network/stress/ipsec/Makefile b/testcases/network/stress/ipsec/Makefile
new file mode 100644
index 0000000..43352cc
--- /dev/null
+++ b/testcases/network/stress/ipsec/Makefile
@@ -0,0 +1,28 @@
+#!/bin/sh
+# Copyright (c) 2016 Red Hat Inc.,  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Author: Hangbin Liu <haliu@redhat.com>
+#
+#######################################################################
+
+
+top_srcdir		?= ../../../..
+
+include $(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_TARGETS		:= *.sh
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/network/stress/ipsec/ipsec_lib.sh b/testcases/network/stress/ipsec/ipsec_lib.sh
new file mode 100644
index 0000000..434f5c9
--- /dev/null
+++ b/testcases/network/stress/ipsec/ipsec_lib.sh
@@ -0,0 +1,110 @@
+#!/bin/sh
+# Copyright (c) 2016 Red Hat Inc.,  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Author: Hangbin Liu <haliu@redhat.com>
+#
+#######################################################################
+
+. test_net.sh
+
+# tst_ipsec_cleanup: flush ipsec state and policy rules
+tst_ipsec_cleanup()
+{
+	ROD ip xfrm state flush
+	ROD ip xfrm policy flush
+	tst_rhost_run -s -c "ip xfrm state flush && ip xfrm policy flush"
+}
+
+# tst_ipsec target protocol mode spi src_addr dst_addr: config ipsec with
+# supplied protocol and mode.
+#
+# target: target of the configuration host ( lhost / rhost )
+# protocol: ah / esp / ipcomp
+# mode: transport / tunnel
+# spi: the first spi value
+# src_addr: source IP address
+# dst_addr: destination IP address
+tst_ipsec()
+{
+	if [ $# -ne 6 ]; then
+		tst_brkm TCONF "tst_ipsec parameter mismatch"
+	fi
+	tst_check_cmds hexdump
+
+	local target=$1
+	local protocol=$2
+	local mode=$3
+	local spi=$4
+	local src=$5
+	local dst=$6
+
+	# Encryption algorithm
+	local EALGO="des3_ede"
+	local EALGO_KEY=0x$(printf _I_want_to_have_chicken_ | hexdump -ve '/1 "%x"')
+
+	# Authentication algorithm
+	local AALGO="sha1"
+	local AALGO_KEY=0x$(printf beef_fish_pork_salad | hexdump -ve '/1 "%x"')
+
+	# Compression algorithm
+	local CALGO="deflate"
+	# Algorithm options for each protocol
+	local algo_line=
+	local proto=
+	case $protocol in
+	ah)
+		algo_line="auth $AALGO $AALGO_KEY"
+		proto="ah"
+		;;
+	esp)
+		algo_line="enc $EALGO $EALGO_KEY auth $AALGO $AALGO_KEY"
+		proto="esp"
+		;;
+	ipcomp)
+		algo_line="comp $CALGO"
+		proto="comp"
+		;;
+	*)
+		tst_brkm TCONF "tst_ipsec protocol mismatch"
+		;;
+	esac
+
+	if [ $target = lhost ]; then
+		local spi_1="0x$spi"
+		local spi_2="0x$(( $spi + 1 ))"
+		ROD ip xfrm state add src $src dst $dst spi $spi_1 proto $proto \
+			$algo_line mode $mode sel src $src dst $dst
+		ROD ip xfrm state add src $dst dst $src spi $spi_2 proto $proto \
+			$algo_line mode $mode sel src $dst dst $src
+
+		ROD ip xfrm policy add src $src dst $dst dir out tmpl src $src \
+			dst $dst proto $proto mode $mode
+		ROD ip xfrm policy add src $dst dst $src dir in tmpl src $dst \
+			dst $src proto $proto mode $mode level use
+	elif [ $target = rhost ]; then
+		local spi_1="0x$(( $spi + 1 ))"
+		local spi_2="0x$spi"
+		tst_rhost_run -s -c "ip xfrm state add src $src dst $dst spi $spi_1 \
+			proto $proto $algo_line mode $mode sel src $src dst $dst"
+		tst_rhost_run -s -c "ip xfrm state add src $dst dst $src spi $spi_2 \
+			proto $proto $algo_line mode $mode sel src $dst dst $src"
+
+		tst_rhost_run -s -c "ip xfrm policy add src $src dst $dst dir out \
+			tmpl src $src dst $dst proto $proto mode $mode"
+		tst_rhost_run -s -c "ip xfrm policy add src $dst dst $src dir in \
+			tmpl src $dst dst $src proto $proto mode $mode level use"
+	fi
+}
-- 
2.5.0

[LTP] [PATCH v6 3/3] network/stress/icmp: add icmp-uni-basic to implement all icmp basic stress test

[Hangbin Liu]

Add icmp-uni-basic to implement the test case and define each test case in
"runtest/" and use parameters. Also use ip xfrm instead of setkey for ipsec
testing.

Signed-off-by: Hangbin Liu <haliu@redhat.com>
---
 runtest/network_stress.icmp                  | 46 +++++++++-----
 testcases/network/stress/icmp/Makefile       |  3 +
 testcases/network/stress/icmp/icmp-uni-basic | 91 ++++++++++++++++++++++++++++
 3 files changed, 126 insertions(+), 14 deletions(-)
 create mode 100755 testcases/network/stress/icmp/icmp-uni-basic

diff --git a/runtest/network_stress.icmp b/runtest/network_stress.icmp
index 29b52d1..ba30200 100644
--- a/runtest/network_stress.icmp
+++ b/runtest/network_stress.icmp
@@ -2,21 +2,39 @@
 # Stress test for TCP/IP protocol stack (ICMP)
 #
 
-icmp4-uni-basic01 icmp4-uni-basic01
-icmp4-uni-basic02 icmp4-uni-basic02
-icmp4-uni-basic03 icmp4-uni-basic03
-icmp4-uni-basic04 icmp4-uni-basic04
-icmp4-uni-basic05 icmp4-uni-basic05
-icmp4-uni-basic06 icmp4-uni-basic06
-icmp4-uni-basic07 icmp4-uni-basic07
+# MAX_LENGTH(65535) - IP(20) - ICMP(8) = MAX_SIZE(65507)
+icmp4-uni-basic01 icmp-uni-basic -s "10 100 1000 10000 65507"
+# MAX_LENGTH(65535) - IP(20) - AH(24) - ICMP(8) = MAX_SIZE(65483)
+icmp4-uni-basic02 icmp-uni-basic -p ah -m transport -s "10 100 1000 10000 65483"
+# MAX_LENGTH(65535) - IP(20) - AH(24) - Tunnel(IPv4 20) - ICMP(8) = MAX_SIZE(65463)
+icmp4-uni-basic03 icmp-uni-basic -p ah -m tunnel -s "10 100 1000 10000 65463"
+# MAX_LENGTH(65535) - IP(20) - ESP (37) - ICMP(8) = MAX_SIZE(65470)
+# ESP Header has pad payload, so the ESP length is variable
+icmp4-uni-basic04 icmp-uni-basic -p esp -m transport -s "10 100 1000 10000 65470"
+# MAX_LENGTH(65535) - IP(20) - ESP (37) - Tunnel(20) - ICMP(8) = MAX_SIZE(65450)
+icmp4-uni-basic05 icmp-uni-basic -p esp -m tunnel -s "10 100 1000 10000 65450"
+# Same message size but different content will result in different data size
+# after compression. So we just use a large enough message size(65000) for testing
+icmp4-uni-basic06 icmp-uni-basic -p ipcomp -m transport -s "10 100 1000 10000 65000"
+icmp4-uni-basic07 icmp-uni-basic -p ipcomp -m tunnel -s "10 100 1000 10000 65000"
 
-icmp6-uni-basic01 icmp6-uni-basic01
-icmp6-uni-basic02 icmp6-uni-basic02
-icmp6-uni-basic03 icmp6-uni-basic03
-icmp6-uni-basic04 icmp6-uni-basic04
-icmp6-uni-basic05 icmp6-uni-basic05
-icmp6-uni-basic06 icmp6-uni-basic06
-icmp6-uni-basic07 icmp6-uni-basic07
+# MAX_LENGTH(65535) - ICMP(8) = MAX_SIZE(65527)
+icmp6-uni-basic01 icmp-uni-basic -6 -s "10 100 1000 10000 65527"
+# MAX_LENGTH(65535) - AH(24) - ICMP(8) = MAX_SIZE(65503)
+icmp6-uni-basic02 icmp-uni-basic -6 -p ah -m transport -s "10 100 1000 10000 65503"
+# MAX_LENGTH(65535) - ICMP(8) = MAX_SIZE(65527)
+# When receive, we drop the tunnel header first and only leave the inside IPv6
+# Header and icmp message. That's why we can have so large message size.
+icmp6-uni-basic03 icmp-uni-basic -6 -p ah -m tunnel -s "10 100 1000 10000 65527"
+# MAX_LENGTH(65535) - ESP (33) - ICMP(8) = MAX_SIZE(65494)
+# ESP Header has pad payload, so the ESP length is variable
+icmp6-uni-basic04 icmp-uni-basic -6 -p esp -m transport -s "10 100 1000 10000 65494"
+# MAX_LENGTH(65535) - ICMP(8) = MAX_SIZE(65527)
+icmp6-uni-basic05 icmp-uni-basic -6 -p esp -m tunnel -s "10 100 1000 10000 65527"
+# Same message size but different content will result in different data size
+# after compression. So we just use a large enough message size(65000) for testing
+icmp6-uni-basic06 icmp-uni-basic -6 -p ipcomp -m transport -s "10 100 1000 10000 65000"
+icmp6-uni-basic07 icmp-uni-basic -6 -p ipcomp -m tunnel -s "10 100 1000 10000 65000"
 
 icmp4-multi-diffip01 icmp4-multi-diffip01
 icmp4-multi-diffip02 icmp4-multi-diffip02
diff --git a/testcases/network/stress/icmp/Makefile b/testcases/network/stress/icmp/Makefile
index 0dad1d1..9310aa1 100644
--- a/testcases/network/stress/icmp/Makefile
+++ b/testcases/network/stress/icmp/Makefile
@@ -23,4 +23,7 @@
 top_srcdir		?= ../../../..
 
 include $(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_TARGETS		:= icmp*
+
 include $(top_srcdir)/include/mk/generic_trunk_target.mk
diff --git a/testcases/network/stress/icmp/icmp-uni-basic b/testcases/network/stress/icmp/icmp-uni-basic
new file mode 100755
index 0000000..5d4aae3
--- /dev/null
+++ b/testcases/network/stress/icmp/icmp-uni-basic
@@ -0,0 +1,91 @@
+#!/bin/sh
+# Copyright (c) 2016 Red Hat Inc.,  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Author: Hangbin Liu <haliu@redhat.com>
+#
+################################################################################
+# The test case ID, the test case count and the total number of test case
+TCID=${TCID:-icmp-uni-basic}
+TST_TOTAL=1
+TST_COUNT=1
+TST_CLEANUP="tst_ipsec_cleanup"
+
+. ipsec_lib.sh
+
+while getopts "hl:m:p:s:S:6" opt; do
+	case "$opt" in
+	h)
+		echo "Usage:"
+		echo "h        help"
+		echo "l n      n is the number of test link when tests run"
+		echo "m x      x is ipsec mode, could be transport / tunnel"
+		echo "p x      x is ipsec protocol, could be ah / esp / ipcomp"
+		echo "s x      x is icmp messge size array"
+		echo "S n      n is IPsec SPI value"
+		echo "6        run over IPv6"
+		exit 0
+	;;
+	l) LINK_NUM=$OPTARG ;;
+	m) IPSEC_MODE=$OPTARG ;;
+	p) IPSEC_PROTO=$OPTARG ;;
+	s) ICMP_SIZE_ARRAY=$OPTARG ;;
+	S) SPI=$OPTARG ;;
+	6) # skip, test_net library already processed it
+	;;
+	*) tst_brkm TBROK "unknown option: $opt" ;;
+	esac
+done
+
+SPI=${SPI:-1000}
+LINK_NUM=${LINK_NUM:-0}
+DO_IPSEC=${DO_IPSEC:-false}
+ICMP_SIZE_ARRAY=${ICMP_SIZE_ARRAY:-"10 100 1000 10000 65507"}
+[ -n "$IPSEC_MODE" -a -n "$IPSEC_PROTO" ] && DO_IPSEC=true || DO_IPSEC=false
+
+# Test description
+tst_resm TINFO "Verify that the kernel is not crashed with receiving and sending various size of ICMP message with the following conditions"
+tst_resm TINFO "- Version of IP is IPv${TST_IPV6:-4}"
+tst_resm TINFO "- Size of packets are ( $ICMP_SIZE_ARRAY )"
+
+if $DO_IPSEC; then
+	case $IPSEC_PROTO in
+	ah)	tst_resm TINFO "- IPsec [ AH / $IPSEC_MODE ]" ;;
+	esp)	tst_resm TINFO "- IPsec [ ESP / $IPSEC_MODE ]" ;;
+	ipcomp)	tst_resm TINFO "- IPcomp [ $IPSEC_MODE ]" ;;
+	esac
+fi
+
+# name of interface of the local/remote host
+lhost_ifname=$(tst_iface lhost $LINK_NUM)
+rhost_ifname=$(tst_iface rhost $LINK_NUM)
+
+lhost_addr=$(tst_ipaddr)
+rhost_addr=$(tst_ipaddr rhost)
+
+# Configure SAD/SPD
+if $DO_IPSEC ; then
+	tst_ipsec lhost $IPSEC_PROTO $IPSEC_MODE $SPI $lhost_addr $rhost_addr
+	tst_ipsec rhost $IPSEC_PROTO $IPSEC_MODE $SPI $rhost_addr $lhost_addr
+fi
+
+tst_ping $lhost_ifname $rhost_addr $ICMP_SIZE_ARRAY
+if [ $? -ne 0 ]; then
+	tst_brkm TFAIL "Check IPv${TST_IPV6:-4} $IPSEC_PROTO $IPSEC_MODE connectivity "
+else
+	tst_resm TPASS "Check IPv${TST_IPV6:-4} $IPSEC_PROTO $IPSEC_MODE connectivity"
+fi
+
+tst_exit
-- 
2.5.0

[LTP] [PATCH v6 3/3] network/stress/icmp: add icmp-uni-basic to implement all icmp basic stress test

[Alexey Kodanev]

Hangbin,
On 04/25/2016 05:21 AM, Hangbin Liu wrote:
> ...
> +# The test case ID, the test case count and the total number of test case
I meant this particular line above :)
> ...
> +tst_ping $lhost_ifname $rhost_addr $ICMP_SIZE_ARRAY
> +if [ $? -ne 0 ]; then
> +	tst_brkm TFAIL "Check IPv${TST_IPV6:-4} $IPSEC_PROTO $IPSEC_MODE connectivity "

tst_brkm not needed here as well

> +else
> +	tst_resm TPASS "Check IPv${TST_IPV6:-4} $IPSEC_PROTO $IPSEC_MODE connectivity"
> +fi
> +
> +tst_exit

Cyril,

Do you have any objections to pushing the patch-set before release?

Thanks,
Alexey

[LTP] [PATCH v6 3/3] network/stress/icmp: add icmp-uni-basic to implement all icmp basic stress test

[Cyril Hrubis]

Hi!
> Do you have any objections to pushing the patch-set before release?

Apart from the typo and bashism I've pointed out it looks fine.

I'm ok with pushing it before release once you have tested that the
tests runs fine.

-- 
Cyril Hrubis
chrubis@suse.cz