2 # SPDX-License-Identifier: GPL-2.0
4 # Check that route PMTU values match expectations, and that initial device MTU
5 # values are assigned correctly
7 # Tests currently implemented:
10 # Set up two namespaces, A and B, with two paths between them over routers
11 # R1 and R2 (also implemented with namespaces), with different MTUs:
13 # segment a_r1 segment b_r1 a_r1: 2000
14 # .--------------R1--------------. a_r2: 1500
16 # '--------------R2--------------' a_r4: 1400
17 # segment a_r2 segment b_r2
19 # Check that PMTU exceptions with the correct PMTU are created. Then
20 # decrease and increase the MTU of the local link for one of the paths,
21 # A to R1, checking that route exception PMTU changes accordingly over
22 # this path. Also check that locked exceptions are created when an ICMP
23 # message advertising a PMTU smaller than net.ipv4.route.min_pmtu is
27 # Same as pmtu_ipv4, except for locked PMTU tests, using IPv6
29 # - pmtu_ipv4_vxlan4_exception
30 # Set up the same network topology as pmtu_ipv4, create a VXLAN tunnel
31 # over IPv4 between A and B, routed via R1. On the link between R1 and B,
32 # set a MTU lower than the VXLAN MTU and the MTU on the link between A and
33 # R1. Send IPv4 packets, exceeding the MTU between R1 and B, over VXLAN
34 # from A to B and check that the PMTU exception is created with the right
37 # - pmtu_ipv6_vxlan4_exception
38 # Same as pmtu_ipv4_vxlan4_exception, but send IPv6 packets from A to B
40 # - pmtu_ipv4_vxlan6_exception
41 # Same as pmtu_ipv4_vxlan4_exception, but use IPv6 transport from A to B
43 # - pmtu_ipv6_vxlan6_exception
44 # Same as pmtu_ipv4_vxlan6_exception, but send IPv6 packets from A to B
46 # - pmtu_vti4_exception
47 # Set up vti tunnel on top of veth, with xfrm states and policies, in two
48 # namespaces with matching endpoints. Check that route exception is not
49 # created if link layer MTU is not exceeded, then exceed it and check that
50 # exception is created with the expected PMTU. The approach described
51 # below for IPv6 doesn't apply here, because, on IPv4, administrative MTU
52 # changes alone won't affect PMTU
54 # - pmtu_vti6_exception
55 # Set up vti6 tunnel on top of veth, with xfrm states and policies, in two
56 # namespaces with matching endpoints. Check that route exception is
57 # created by exceeding link layer MTU with ping to other endpoint. Then
58 # decrease and increase MTU of tunnel, checking that route exception PMTU
61 # - pmtu_vti4_default_mtu
62 # Set up vti4 tunnel on top of veth, in two namespaces with matching
63 # endpoints. Check that MTU assigned to vti interface is the MTU of the
64 # lower layer (veth) minus additional lower layer headers (zero, for veth)
65 # minus IPv4 header length
67 # - pmtu_vti6_default_mtu
68 # Same as above, for IPv6
70 # - pmtu_vti4_link_add_mtu
71 # Set up vti4 interface passing MTU value at link creation, check MTU is
72 # configured, and that link is not created with invalid MTU values
74 # - pmtu_vti6_link_add_mtu
75 # Same as above, for IPv6
77 # - pmtu_vti6_link_change_mtu
78 # Set up two dummy interfaces with different MTUs, create a vti6 tunnel
79 # and check that configured MTU is used on link creation and changes, and
80 # that MTU is properly calculated instead when MTU is not configured from
83 # Kselftest framework requirement - SKIP code is 4.
86 # Some systems don't have a ping6 binary anymore
87 which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
90 pmtu_ipv4_exception ipv4: PMTU exceptions
91 pmtu_ipv6_exception ipv6: PMTU exceptions
92 pmtu_ipv4_vxlan4_exception IPv4 over vxlan4: PMTU exceptions
93 pmtu_ipv6_vxlan4_exception IPv6 over vxlan4: PMTU exceptions
94 pmtu_ipv4_vxlan6_exception IPv4 over vxlan6: PMTU exceptions
95 pmtu_ipv6_vxlan6_exception IPv6 over vxlan6: PMTU exceptions
96 pmtu_vti6_exception vti6: PMTU exceptions
97 pmtu_vti4_exception vti4: PMTU exceptions
98 pmtu_vti4_default_mtu vti4: default MTU assignment
99 pmtu_vti6_default_mtu vti6: default MTU assignment
100 pmtu_vti4_link_add_mtu vti4: MTU setting on link creation
101 pmtu_vti6_link_add_mtu vti6: MTU setting on link creation
102 pmtu_vti6_link_change_mtu vti6: MTU changes on link changes"
104 NS_A="ns-$(mktemp -u XXXXXX)"
105 NS_B="ns-$(mktemp -u XXXXXX)"
106 NS_R1="ns-$(mktemp -u XXXXXX)"
107 NS_R2="ns-$(mktemp -u XXXXXX)"
108 ns_a="ip netns exec ${NS_A}"
109 ns_b="ip netns exec ${NS_B}"
110 ns_r1="ip netns exec ${NS_R1}"
111 ns_r2="ip netns exec ${NS_R2}"
113 # Addressing and routing for tests with routers: four network segments, with
114 # index SEGMENT between 1 and 4, a common prefix (PREFIX4 or PREFIX6) and an
115 # identifier ID, which is 1 for hosts (A and B), 2 for routers (R1 and R2).
117 # - IPv4: PREFIX4.SEGMENT.ID (/24)
118 # - IPv6: PREFIX6:SEGMENT::ID (/64)
132 # Traffic from A to B goes through R1 by default, and through R2, if destined to
133 # B's address on the b_r2 segment.
134 # Traffic from B to A goes through R1.
135 # ns destination gateway
137 A default ${prefix4}.${a_r1}.2
138 A ${prefix4}.${b_r2}.1 ${prefix4}.${a_r2}.2
139 B default ${prefix4}.${b_r1}.2
141 A default ${prefix6}:${a_r1}::2
142 A ${prefix6}:${b_r2}::1 ${prefix6}:${a_r2}::2
143 B default ${prefix6}:${b_r1}::2
146 veth4_a_addr="192.168.1.1"
147 veth4_b_addr="192.168.1.2"
149 veth6_a_addr="fd00:1::a"
150 veth6_b_addr="fd00:1::b"
153 tunnel4_a_addr="192.168.2.1"
154 tunnel4_b_addr="192.168.2.2"
156 tunnel6_a_addr="fd00:2::a"
157 tunnel6_b_addr="fd00:2::b"
160 dummy6_0_addr="fc00:1000::0"
161 dummy6_1_addr="fc00:1001::0"
169 err_buf="${err_buf}${1}
178 # Find the auto-generated name for this namespace
184 for n in ${NS_A} ${NS_B} ${NS_R1} ${NS_R2}; do
185 ip netns add ${n} || return 1
190 ${ns_a} ip link add veth_a type veth peer name veth_b || return 1
191 ${ns_a} ip link set veth_b netns ${NS_B}
193 ${ns_a} ip addr add ${veth4_a_addr}/${veth4_mask} dev veth_a
194 ${ns_b} ip addr add ${veth4_b_addr}/${veth4_mask} dev veth_b
196 ${ns_a} ip addr add ${veth6_a_addr}/${veth6_mask} dev veth_a
197 ${ns_b} ip addr add ${veth6_b_addr}/${veth6_mask} dev veth_b
199 ${ns_a} ip link set veth_a up
200 ${ns_b} ip link set veth_b up
211 [ ${proto} -eq 6 ] && vti_type="vti6" || vti_type="vti"
213 ${ns_a} ip link add vti${proto}_a type ${vti_type} local ${veth_a_addr} remote ${veth_b_addr} key 10 || return 1
214 ${ns_b} ip link add vti${proto}_b type ${vti_type} local ${veth_b_addr} remote ${veth_a_addr} key 10
216 ${ns_a} ip addr add ${vti_a_addr}/${vti_mask} dev vti${proto}_a
217 ${ns_b} ip addr add ${vti_b_addr}/${vti_mask} dev vti${proto}_b
219 ${ns_a} ip link set vti${proto}_a up
220 ${ns_b} ip link set vti${proto}_b up
226 setup_vti 4 ${veth4_a_addr} ${veth4_b_addr} ${tunnel4_a_addr} ${tunnel4_b_addr} ${tunnel4_mask}
230 setup_vti 6 ${veth6_a_addr} ${veth6_b_addr} ${tunnel6_a_addr} ${tunnel6_b_addr} ${tunnel6_mask}
238 ${ns_a} ip link add vxlan_a type vxlan id 1 local ${a_addr} remote ${b_addr} ttl 64 dstport 4789 ${opts} || return 1
239 ${ns_b} ip link add vxlan_b type vxlan id 1 local ${b_addr} remote ${a_addr} ttl 64 dstport 4789 ${opts}
241 ${ns_a} ip addr add ${tunnel4_a_addr}/${tunnel4_mask} dev vxlan_a
242 ${ns_b} ip addr add ${tunnel4_b_addr}/${tunnel4_mask} dev vxlan_b
244 ${ns_a} ip addr add ${tunnel6_a_addr}/${tunnel6_mask} dev vxlan_a
245 ${ns_b} ip addr add ${tunnel6_b_addr}/${tunnel6_mask} dev vxlan_b
247 ${ns_a} ip link set vxlan_a up
248 ${ns_b} ip link set vxlan_b up
254 setup_vxlan ${prefix4}.${a_r1}.1 ${prefix4}.${b_r1}.1 "df set"
258 setup_vxlan ${prefix6}:${a_r1}::1 ${prefix6}:${b_r1}::1 ""
266 ${ns_a} ip -${proto} xfrm state add src ${veth_a_addr} dst ${veth_b_addr} spi 0x1000 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel || return 1
267 ${ns_a} ip -${proto} xfrm state add src ${veth_b_addr} dst ${veth_a_addr} spi 0x1001 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
268 ${ns_a} ip -${proto} xfrm policy add dir out mark 10 tmpl src ${veth_a_addr} dst ${veth_b_addr} proto esp mode tunnel
269 ${ns_a} ip -${proto} xfrm policy add dir in mark 10 tmpl src ${veth_b_addr} dst ${veth_a_addr} proto esp mode tunnel
271 ${ns_b} ip -${proto} xfrm state add src ${veth_a_addr} dst ${veth_b_addr} spi 0x1000 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
272 ${ns_b} ip -${proto} xfrm state add src ${veth_b_addr} dst ${veth_a_addr} spi 0x1001 proto esp aead "rfc4106(gcm(aes))" 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel
273 ${ns_b} ip -${proto} xfrm policy add dir out mark 10 tmpl src ${veth_b_addr} dst ${veth_a_addr} proto esp mode tunnel
274 ${ns_b} ip -${proto} xfrm policy add dir in mark 10 tmpl src ${veth_a_addr} dst ${veth_b_addr} proto esp mode tunnel
278 setup_xfrm 4 ${veth4_a_addr} ${veth4_b_addr}
282 setup_xfrm 6 ${veth6_a_addr} ${veth6_b_addr}
286 for i in ${NS_R1} ${NS_R2}; do
287 ip netns exec ${i} sysctl -q net/ipv4/ip_forward=1
288 ip netns exec ${i} sysctl -q net/ipv6/conf/all/forwarding=1
291 for i in ${routing_addrs}; do
292 [ "${ns}" = "" ] && ns="${i}" && continue
293 [ "${peer}" = "" ] && peer="${i}" && continue
294 [ "${segment}" = "" ] && segment="${i}"
296 ns_name="$(nsname ${ns})"
297 peer_name="$(nsname ${peer})"
298 if="veth_${ns}-${peer}"
299 ifpeer="veth_${peer}-${ns}"
302 ip link add ${if} up netns ${ns_name} type veth peer name ${ifpeer} netns ${peer_name} || return 1
303 ip -n ${peer_name} link set dev ${ifpeer} up
306 ip -n ${ns_name} addr add ${prefix4}.${segment}.1/24 dev ${if}
307 ip -n ${ns_name} addr add ${prefix6}:${segment}::1/64 dev ${if}
309 ip -n ${peer_name} addr add ${prefix4}.${segment}.2/24 dev ${ifpeer}
310 ip -n ${peer_name} addr add ${prefix6}:${segment}::2/64 dev ${ifpeer}
312 ns=""; peer=""; segment=""
315 for i in ${routes}; do
316 [ "${ns}" = "" ] && ns="${i}" && continue
317 [ "${addr}" = "" ] && addr="${i}" && continue
318 [ "${gw}" = "" ] && gw="${i}"
320 ns_name="$(nsname ${ns})"
322 ip -n ${ns_name} route add ${addr} via ${gw}
324 ns=""; addr=""; gw=""
329 [ "$(id -u)" -ne 0 ] && echo " need to run as root" && return $ksft_skip
333 eval setup_${arg} || { echo " ${arg} not supported"; return 1; }
338 [ $tracing -eq 0 ] && return
341 [ "${ns_cmd}" = "" ] && ns_cmd="${arg}" && continue
342 ${ns_cmd} tcpdump -s 0 -i "${arg}" -w "${name}_${arg}.pcap" 2> /dev/null &
343 tcpdump_pids="${tcpdump_pids} $!"
350 for pid in ${tcpdump_pids}; do
355 [ ${cleanup_done} -eq 1 ] && return
356 for n in ${NS_A} ${NS_B} ${NS_R1} ${NS_R2}; do
357 ip netns del ${n} 2> /dev/null
367 ${ns_cmd} ip link set dev ${dev} mtu ${mtu}
374 for i in ${input}; do
375 [ ${next} -eq 1 -a "${i}" = "lock" ] && next=2 && continue
376 [ ${next} -eq 1 ] && echo "${i}" && return
377 [ ${next} -eq 2 ] && echo "lock ${i}" && return
378 [ "${i}" = "mtu" ] && next=1
386 ${ns_cmd} ip link show dev "${name}"
393 mtu_parse "$(link_get "${ns_cmd}" ${name})"
396 route_get_dst_exception() {
400 ${ns_cmd} ip route get "${dst}"
403 route_get_dst_pmtu_from_exception() {
407 mtu_parse "$(route_get_dst_exception "${ns_cmd}" ${dst})"
415 [ "${expected}" = "any" ] && [ -n "${value}" ] && return 0
416 [ "${value}" = "${expected}" ] && return 0
417 [ -z "${value}" ] && err " PMTU exception wasn't created after ${event}" && return 1
418 [ -z "${expected}" ] && err " PMTU exception shouldn't exist after ${event}" && return 1
419 err " found PMTU exception with incorrect MTU ${value}, expected ${expected}, after ${event}"
426 setup namespaces routing || return 2
427 trace "${ns_a}" veth_A-R1 "${ns_r1}" veth_R1-A \
428 "${ns_r1}" veth_R1-B "${ns_b}" veth_B-R1 \
429 "${ns_a}" veth_A-R2 "${ns_r2}" veth_R2-A \
430 "${ns_r2}" veth_R2-B "${ns_b}" veth_B-R2
432 if [ ${family} -eq 4 ]; then
434 dst1="${prefix4}.${b_r1}.1"
435 dst2="${prefix4}.${b_r2}.1"
438 dst1="${prefix6}:${b_r1}::1"
439 dst2="${prefix6}:${b_r2}::1"
442 # Set up initial MTU values
443 mtu "${ns_a}" veth_A-R1 2000
444 mtu "${ns_r1}" veth_R1-A 2000
445 mtu "${ns_r1}" veth_R1-B 1400
446 mtu "${ns_b}" veth_B-R1 1400
448 mtu "${ns_a}" veth_A-R2 2000
449 mtu "${ns_r2}" veth_R2-A 2000
450 mtu "${ns_r2}" veth_R2-B 1500
451 mtu "${ns_b}" veth_B-R2 1500
453 # Create route exceptions
454 ${ns_a} ${ping} -q -M want -i 0.1 -w 2 -s 1800 ${dst1} > /dev/null
455 ${ns_a} ${ping} -q -M want -i 0.1 -w 2 -s 1800 ${dst2} > /dev/null
457 # Check that exceptions have been created with the correct PMTU
458 pmtu_1="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst1})"
459 check_pmtu_value "1400" "${pmtu_1}" "exceeding MTU" || return 1
460 pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst2})"
461 check_pmtu_value "1500" "${pmtu_2}" "exceeding MTU" || return 1
463 # Decrease local MTU below PMTU, check for PMTU decrease in route exception
464 mtu "${ns_a}" veth_A-R1 1300
465 mtu "${ns_r1}" veth_R1-A 1300
466 pmtu_1="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst1})"
467 check_pmtu_value "1300" "${pmtu_1}" "decreasing local MTU" || return 1
468 # Second exception shouldn't be modified
469 pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst2})"
470 check_pmtu_value "1500" "${pmtu_2}" "changing local MTU on a link not on this path" || return 1
472 # Increase MTU, check for PMTU increase in route exception
473 mtu "${ns_a}" veth_A-R1 1700
474 mtu "${ns_r1}" veth_R1-A 1700
475 pmtu_1="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst1})"
476 check_pmtu_value "1700" "${pmtu_1}" "increasing local MTU" || return 1
477 # Second exception shouldn't be modified
478 pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst2})"
479 check_pmtu_value "1500" "${pmtu_2}" "changing local MTU on a link not on this path" || return 1
481 # Skip PMTU locking tests for IPv6
482 [ $family -eq 6 ] && return 0
484 # Decrease remote MTU on path via R2, get new exception
485 mtu "${ns_r2}" veth_R2-B 400
486 mtu "${ns_b}" veth_B-R2 400
487 ${ns_a} ${ping} -q -M want -i 0.1 -w 2 -s 1400 ${dst2} > /dev/null
488 pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst2})"
489 check_pmtu_value "lock 552" "${pmtu_2}" "exceeding MTU, with MTU < min_pmtu" || return 1
491 # Decrease local MTU below PMTU
492 mtu "${ns_a}" veth_A-R2 500
493 mtu "${ns_r2}" veth_R2-A 500
494 pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst2})"
495 check_pmtu_value "500" "${pmtu_2}" "decreasing local MTU" || return 1
498 mtu "${ns_a}" veth_A-R2 1500
499 mtu "${ns_r2}" veth_R2-A 1500
500 pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst2})"
501 check_pmtu_value "1500" "${pmtu_2}" "increasing local MTU" || return 1
504 ${ns_a} ${ping} -q -M want -i 0.1 -w 2 -s 1400 ${dst2} > /dev/null
505 pmtu_2="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst2})"
506 check_pmtu_value "lock 552" "${pmtu_2}" "exceeding MTU, with MTU < min_pmtu" || return 1
509 test_pmtu_ipv4_exception() {
513 test_pmtu_ipv6_exception() {
517 test_pmtu_ipvX_over_vxlanY_exception() {
522 if [ ${outer_family} -eq 4 ]; then
523 setup namespaces routing vxlan4 || return 2
524 # IPv4 header UDP header VXLAN header Ethernet header
525 exp_mtu=$((${ll_mtu} - 20 - 8 - 8 - 14))
527 setup namespaces routing vxlan6 || return 2
528 # IPv6 header UDP header VXLAN header Ethernet header
529 exp_mtu=$((${ll_mtu} - 40 - 8 - 8 - 14))
532 trace "${ns_a}" vxlan_a "${ns_b}" vxlan_b \
533 "${ns_a}" veth_A-R1 "${ns_r1}" veth_R1-A \
534 "${ns_b}" veth_B-R1 "${ns_r1}" veth_R1-B
536 if [ ${family} -eq 4 ]; then
538 dst=${tunnel4_b_addr}
541 dst=${tunnel6_b_addr}
544 # Create route exception by exceeding link layer MTU
545 mtu "${ns_a}" veth_A-R1 $((${ll_mtu} + 1000))
546 mtu "${ns_r1}" veth_R1-A $((${ll_mtu} + 1000))
547 mtu "${ns_b}" veth_B-R1 ${ll_mtu}
548 mtu "${ns_r1}" veth_R1-B ${ll_mtu}
550 mtu "${ns_a}" vxlan_a $((${ll_mtu} + 1000))
551 mtu "${ns_b}" vxlan_b $((${ll_mtu} + 1000))
552 ${ns_a} ${ping} -q -M want -i 0.1 -w 2 -s $((${ll_mtu} + 500)) ${dst} > /dev/null
554 # Check that exception was created
555 pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst})"
556 check_pmtu_value ${exp_mtu} "${pmtu}" "exceeding link layer MTU on VXLAN interface"
559 test_pmtu_ipv4_vxlan4_exception() {
560 test_pmtu_ipvX_over_vxlanY_exception 4 4
563 test_pmtu_ipv6_vxlan4_exception() {
564 test_pmtu_ipvX_over_vxlanY_exception 6 4
567 test_pmtu_ipv4_vxlan6_exception() {
568 test_pmtu_ipvX_over_vxlanY_exception 4 6
571 test_pmtu_ipv6_vxlan6_exception() {
572 test_pmtu_ipvX_over_vxlanY_exception 6 6
575 test_pmtu_vti4_exception() {
576 setup namespaces veth vti4 xfrm4 || return 2
577 trace "${ns_a}" veth_a "${ns_b}" veth_b \
578 "${ns_a}" vti4_a "${ns_b}" vti4_b
581 vti_mtu=$((veth_mtu - 20))
583 # SPI SN IV ICV pad length next header
584 esp_payload_rfc4106=$((vti_mtu - 4 - 4 - 8 - 16 - 1 - 1))
585 ping_payload=$((esp_payload_rfc4106 - 28))
587 mtu "${ns_a}" veth_a ${veth_mtu}
588 mtu "${ns_b}" veth_b ${veth_mtu}
589 mtu "${ns_a}" vti4_a ${vti_mtu}
590 mtu "${ns_b}" vti4_b ${vti_mtu}
592 # Send DF packet without exceeding link layer MTU, check that no
593 # exception is created
594 ${ns_a} ping -q -M want -i 0.1 -w 2 -s ${ping_payload} ${tunnel4_b_addr} > /dev/null
595 pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${tunnel4_b_addr})"
596 check_pmtu_value "" "${pmtu}" "sending packet smaller than PMTU (IP payload length ${esp_payload_rfc4106})" || return 1
598 # Now exceed link layer MTU by one byte, check that exception is created
599 # with the right PMTU value
600 ${ns_a} ping -q -M want -i 0.1 -w 2 -s $((ping_payload + 1)) ${tunnel4_b_addr} > /dev/null
601 pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${tunnel4_b_addr})"
602 check_pmtu_value "${esp_payload_rfc4106}" "${pmtu}" "exceeding PMTU (IP payload length $((esp_payload_rfc4106 + 1)))"
605 test_pmtu_vti6_exception() {
606 setup namespaces veth vti6 xfrm6 || return 2
607 trace "${ns_a}" veth_a "${ns_b}" veth_b \
608 "${ns_a}" vti6_a "${ns_b}" vti6_b
611 # Create route exception by exceeding link layer MTU
612 mtu "${ns_a}" veth_a 4000
613 mtu "${ns_b}" veth_b 4000
614 mtu "${ns_a}" vti6_a 5000
615 mtu "${ns_b}" vti6_b 5000
616 ${ns_a} ${ping6} -q -i 0.1 -w 2 -s 60000 ${tunnel6_b_addr} > /dev/null
618 # Check that exception was created
619 pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${tunnel6_b_addr})"
620 check_pmtu_value any "${pmtu}" "creating tunnel exceeding link layer MTU" || return 1
622 # Decrease tunnel MTU, check for PMTU decrease in route exception
623 mtu "${ns_a}" vti6_a 3000
624 pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${tunnel6_b_addr})"
625 check_pmtu_value "3000" "${pmtu}" "decreasing tunnel MTU" || fail=1
627 # Increase tunnel MTU, check for PMTU increase in route exception
628 mtu "${ns_a}" vti6_a 9000
629 pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${tunnel6_b_addr})"
630 check_pmtu_value "9000" "${pmtu}" "increasing tunnel MTU" || fail=1
635 test_pmtu_vti4_default_mtu() {
636 setup namespaces veth vti4 || return 2
638 # Check that MTU of vti device is MTU of veth minus IPv4 header length
639 veth_mtu="$(link_get_mtu "${ns_a}" veth_a)"
640 vti4_mtu="$(link_get_mtu "${ns_a}" vti4_a)"
641 if [ $((veth_mtu - vti4_mtu)) -ne 20 ]; then
642 err " vti MTU ${vti4_mtu} is not veth MTU ${veth_mtu} minus IPv4 header length"
647 test_pmtu_vti6_default_mtu() {
648 setup namespaces veth vti6 || return 2
650 # Check that MTU of vti device is MTU of veth minus IPv6 header length
651 veth_mtu="$(link_get_mtu "${ns_a}" veth_a)"
652 vti6_mtu="$(link_get_mtu "${ns_a}" vti6_a)"
653 if [ $((veth_mtu - vti6_mtu)) -ne 40 ]; then
654 err " vti MTU ${vti6_mtu} is not veth MTU ${veth_mtu} minus IPv6 header length"
659 test_pmtu_vti4_link_add_mtu() {
660 setup namespaces || return 2
662 ${ns_a} ip link add vti4_a type vti local ${veth4_a_addr} remote ${veth4_b_addr} key 10
663 [ $? -ne 0 ] && err " vti not supported" && return 2
664 ${ns_a} ip link del vti4_a
670 # Check invalid values first
671 for v in $((min - 1)) $((max + 1)); do
672 ${ns_a} ip link add vti4_a mtu ${v} type vti local ${veth4_a_addr} remote ${veth4_b_addr} key 10 2>/dev/null
673 # This can fail, or MTU can be adjusted to a proper value
674 [ $? -ne 0 ] && continue
675 mtu="$(link_get_mtu "${ns_a}" vti4_a)"
676 if [ ${mtu} -lt ${min} -o ${mtu} -gt ${max} ]; then
677 err " vti tunnel created with invalid MTU ${mtu}"
680 ${ns_a} ip link del vti4_a
683 # Now check valid values
684 for v in ${min} 1300 ${max}; do
685 ${ns_a} ip link add vti4_a mtu ${v} type vti local ${veth4_a_addr} remote ${veth4_b_addr} key 10
686 mtu="$(link_get_mtu "${ns_a}" vti4_a)"
687 ${ns_a} ip link del vti4_a
688 if [ "${mtu}" != "${v}" ]; then
689 err " vti MTU ${mtu} doesn't match configured value ${v}"
697 test_pmtu_vti6_link_add_mtu() {
698 setup namespaces || return 2
700 ${ns_a} ip link add vti6_a type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10
701 [ $? -ne 0 ] && err " vti6 not supported" && return 2
702 ${ns_a} ip link del vti6_a
706 min=68 # vti6 can carry IPv4 packets too
708 # Check invalid values first
709 for v in $((min - 1)) $((max + 1)); do
710 ${ns_a} ip link add vti6_a mtu ${v} type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10 2>/dev/null
711 # This can fail, or MTU can be adjusted to a proper value
712 [ $? -ne 0 ] && continue
713 mtu="$(link_get_mtu "${ns_a}" vti6_a)"
714 if [ ${mtu} -lt ${min} -o ${mtu} -gt ${max} ]; then
715 err " vti6 tunnel created with invalid MTU ${v}"
718 ${ns_a} ip link del vti6_a
721 # Now check valid values
722 for v in 68 1280 1300 $((65535 - 40)); do
723 ${ns_a} ip link add vti6_a mtu ${v} type vti6 local ${veth6_a_addr} remote ${veth6_b_addr} key 10
724 mtu="$(link_get_mtu "${ns_a}" vti6_a)"
725 ${ns_a} ip link del vti6_a
726 if [ "${mtu}" != "${v}" ]; then
727 err " vti6 MTU ${mtu} doesn't match configured value ${v}"
735 test_pmtu_vti6_link_change_mtu() {
736 setup namespaces || return 2
738 ${ns_a} ip link add dummy0 mtu 1500 type dummy
739 [ $? -ne 0 ] && err " dummy not supported" && return 2
740 ${ns_a} ip link add dummy1 mtu 3000 type dummy
741 ${ns_a} ip link set dummy0 up
742 ${ns_a} ip link set dummy1 up
744 ${ns_a} ip addr add ${dummy6_0_addr}/${dummy6_mask} dev dummy0
745 ${ns_a} ip addr add ${dummy6_1_addr}/${dummy6_mask} dev dummy1
749 # Create vti6 interface bound to device, passing MTU, check it
750 ${ns_a} ip link add vti6_a mtu 1300 type vti6 remote ${dummy6_0_addr} local ${dummy6_0_addr}
751 mtu="$(link_get_mtu "${ns_a}" vti6_a)"
752 if [ ${mtu} -ne 1300 ]; then
753 err " vti6 MTU ${mtu} doesn't match configured value 1300"
757 # Move to another device with different MTU, without passing MTU, check
759 ${ns_a} ip link set vti6_a type vti6 remote ${dummy6_1_addr} local ${dummy6_1_addr}
760 mtu="$(link_get_mtu "${ns_a}" vti6_a)"
761 if [ ${mtu} -ne $((3000 - 40)) ]; then
762 err " vti MTU ${mtu} is not dummy MTU 3000 minus IPv6 header length"
766 # Move it back, passing MTU, check MTU is not overridden
767 ${ns_a} ip link set vti6_a mtu 1280 type vti6 remote ${dummy6_0_addr} local ${dummy6_0_addr}
768 mtu="$(link_get_mtu "${ns_a}" vti6_a)"
769 if [ ${mtu} -ne 1280 ]; then
770 err " vti6 MTU ${mtu} doesn't match configured value 1280"
779 echo "$0 [OPTIONS] [TEST]..."
780 echo "If no TEST argument is given, all tests will be run."
783 echo " --trace: capture traffic to TEST_INTERFACE.pcap"
785 echo "Available tests${tests}"
796 if [ "${arg}" != "${arg#--*}" ]; then
798 if [ "${opt}" = "trace" ]; then
799 if which tcpdump > /dev/null 2>&1; then
802 echo "=== tcpdump not available, tracing disabled"
808 # Check first that all requested tests are available before
810 command -v > /dev/null "test_${arg}" || { echo "=== Test ${arg} not found"; usage; }
816 for t in ${tests}; do
817 [ $desc -eq 0 ] && name="${t}" && desc=1 && continue || desc=0
821 [ "${arg}" != "${arg#--*}" ] && continue
822 [ "${arg}" = "${name}" ] && run_this=1 && break
825 [ $run_this -eq 0 ] && continue
833 if [ $ret -eq 0 ]; then
834 printf "TEST: %-60s [ OK ]\n" "${t}"
835 elif [ $ret -eq 1 ]; then
836 printf "TEST: %-60s [FAIL]\n" "${t}"
839 elif [ $ret -eq 2 ]; then
840 printf "TEST: %-60s [SKIP]\n" "${t}"
844 [ $? -ne 0 ] && exitcode=1