[LTP] [PATCHv4 0/3] networking/stress: add ip xfrm ipsec support

[LTP] [PATCHv4 0/3] networking/stress: add ip xfrm ipsec support

[Hangbin Liu]

From: Hangbin Liu <liuhangbin@gmail.com>

As we know, most of the network stress tests have IPsec testing, and we use
setkey for configuration. But setkey[1] hasn't updated for a long time. And
some distros, RHEL7 for example, even don't have ipset-tools package. On
other hand, iproute2 is recommend for network configuration. And ip xfrm is
more powerful than setkey. So let's use ip xfrm for ipsec testing.

[1] http://ipsec-tools.sourceforge.net/

Change from V3:
1. use message size array in tst_ping
2. add tst_ipsec_cleanup in ipsec_lib
3. use lhost/rhost naming in ipsec_lib
4. add icmp-uni-basic in the upper icmp directory
5. some other small fixs.

Change from V2:
1. remove c2x and use hexdump directly.
2. remove indent after "case".
3. remove useless export and old scripts like check_env.
4. remove tst_init_iface.
5. remove return value check after setup ipsec env.
6. remove addr config as Alexey said, we assume the address already added.

Change from V1:
1. update tst_ping() to use default iface and addr. make ping from local side.
2. remove unused variables. add -s option when use tst_rhost_run. Use ROD
   before normal commands.
3. change all "tst_resm TBROK && exit" to "tst_brkm TBROK"
3. still keep tst_init_iface in test icmp4-uni-basic01 because we will
   set_ipv4/6addr each time.

Hangbin Liu (3):
  lib/test_net.sh: add tst_ping() to check icmp connectivity
  network/stress: add ipsec lib
  network/stress/icmp: use ip xfrm for icmp uni-basic ipsec testing

 runtest/network_stress.icmp                  |  28 +++---
 testcases/lib/test_net.sh                    |  31 +++++++
 testcases/network/stress/icmp/Makefile       |   3 +
 testcases/network/stress/icmp/icmp-uni-basic | 132 +++++++++++++++++++++++++++
 testcases/network/stress/ipsec/Makefile      |  28 ++++++
 testcases/network/stress/ipsec/ipsec_lib.sh  | 114 +++++++++++++++++++++++
 6 files changed, 322 insertions(+), 14 deletions(-)
 create mode 100755 testcases/network/stress/icmp/icmp-uni-basic
 create mode 100644 testcases/network/stress/ipsec/Makefile
 create mode 100644 testcases/network/stress/ipsec/ipsec_lib.sh

-- 
2.5.0

[LTP] [PATCHv4 1/3] lib/test_net.sh: add tst_ping() to check icmp connectivity

[Hangbin Liu]

From: Hangbin Liu <liuhangbin@gmail.com>

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
 testcases/lib/test_net.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/testcases/lib/test_net.sh b/testcases/lib/test_net.sh
index 418fed3..dd05f91 100644
--- a/testcases/lib/test_net.sh
+++ b/testcases/lib/test_net.sh
@@ -314,3 +314,34 @@ tst_netload()
 
 	return $ret
 }
+
+# tst_ping [IFACE] [SRC ADDR] [DST ADDR] [MESSAGE SIZE ARREY]
+# Check icmp connectivity
+# IFACE: source interface name
+# SRC ADDR: source IPv4 or IPv6 address
+# DST ADDR: destination IPv4 or IPv6 address
+# MESSAGE SIZE ARREY: message size arrey
+tst_ping()
+{
+	# The max number of ICMP echo request
+	PING_MAX=${PING_MAX:-"10"}
+
+	local src_iface=${1:-"$(tst_iface)"}
+	local dst_addr=${2:-"$(tst_ipaddr rhost)"}
+	local msg_sizes=${@:3}
+	local ret=0
+
+	# ping cmd use 56 as default message size
+	for size in ${msg_sizes:-"56"}; do
+		ping$TST_IPV6 -I $src_iface -c $PING_MAX $dst_addr \
+			-s $size > /dev/null 2>&1
+		ret=$?
+		if [ $ret -eq 0 ]; then
+			tst_resm TINFO "tst_ping IPv${TST_IPV6:-4} msg_size $size pass"
+		else
+			tst_resm TINFO "tst_ping IPv${TST_IPV6:-4} msg_size $size fail"
+			break
+		fi
+	done
+	return $ret
+}
-- 
2.5.0

[LTP] [PATCHv4 2/3] network/stress: add ipsec lib

[Hangbin Liu]

From: Hangbin Liu <liuhangbin@gmail.com>

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
 testcases/network/stress/ipsec/Makefile     |  28 +++++++
 testcases/network/stress/ipsec/ipsec_lib.sh | 114 ++++++++++++++++++++++++++++
 2 files changed, 142 insertions(+)
 create mode 100644 testcases/network/stress/ipsec/Makefile
 create mode 100644 testcases/network/stress/ipsec/ipsec_lib.sh

diff --git a/testcases/network/stress/ipsec/Makefile b/testcases/network/stress/ipsec/Makefile
new file mode 100644
index 0000000..43352cc
--- /dev/null
+++ b/testcases/network/stress/ipsec/Makefile
@@ -0,0 +1,28 @@
+#!/bin/sh
+# Copyright (c) 2016 Red Hat Inc.,  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Author: Hangbin Liu <haliu@redhat.com>
+#
+#######################################################################
+
+
+top_srcdir		?= ../../../..
+
+include $(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_TARGETS		:= *.sh
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/network/stress/ipsec/ipsec_lib.sh b/testcases/network/stress/ipsec/ipsec_lib.sh
new file mode 100644
index 0000000..0802375
--- /dev/null
+++ b/testcases/network/stress/ipsec/ipsec_lib.sh
@@ -0,0 +1,114 @@
+#!/bin/sh
+# Copyright (c) 2016 Red Hat Inc.,  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Author: Hangbin Liu <haliu@redhat.com>
+#
+#######################################################################
+
+. test_net.sh
+
+# tst_ipsec_cleanup: flush ipsec state and policy rules
+tst_ipsec_cleanup()
+{
+	ROD ip xfrm state flush
+	ROD ip xfrm policy flush
+	tst_rhost_run -s -c "ip xfrm state flush && ip xfrm policy flush"
+}
+
+# tst_ipsec target protocol mode spi src_addr dst_addr: config ipsec with
+# supplied protocol and mode.
+#
+# target: target of the configuration host ( lhost / rhost )
+# protocol: ah / esp / ipcomp
+# mode: transport / tunnel
+# spi: the first spi value
+# src_addr: source IP address
+# dst_addr: destination IP address
+tst_ipsec()
+{
+	if [ $# -ne 6 ]; then
+		tst_brkm TCONF "tst_ipsec parameter mismatch"
+	fi
+	tst_check_cmds hexdump
+
+	local target=$1
+	local protocol=$2
+	local mode=$3
+	local spi=$4
+	local src=$5
+	local dst=$6
+
+	# Encryption algorithm
+	local EALGO="des3_ede"
+	local EALGO_KEY=0x$(printf _I_want_to_have_chicken_ | hexdump -ve '/1 "%x"')
+
+	# Authentication algorithm
+	local AALGO="sha1"
+	local AALGO_KEY=0x$(printf beef_fish_pork_salad | hexdump -ve '/1 "%x"')
+
+	# Compression algorithm
+	local CALGO="deflate"
+	# Algorithm options for each protocol
+	local algo_line=
+	local proto=
+	case $protocol in
+	ah)
+		algo_line="auth $AALGO $AALGO_KEY"
+		proto="ah"
+		;;
+	esp)
+		algo_line="enc $EALGO $EALGO_KEY auth $AALGO $AALGO_KEY"
+		proto="esp"
+		;;
+	ipcomp)
+		algo_line="comp $CALGO"
+		proto="comp"
+		;;
+	*)
+		tst_brkm TCONF "tst_ipsec protocol mismatch"
+		;;
+	esac
+
+	if [ $target = lhost ]; then
+		local spi_1="0x$spi"
+		local spi_2="0x$(( $spi + 1 ))"
+		ROD ip xfrm state add src $src dst $dst spi $spi_1 proto $proto \
+			$algo_line mode $mode sel src $src dst $dst
+		ROD ip xfrm state add src $dst dst $src spi $spi_2 proto $proto \
+			$algo_line mode $mode sel src $dst dst $src
+		ROD ip xfrm state
+
+		ROD ip xfrm policy add src $src dst $dst dir out tmpl src $src \
+			dst $dst proto $proto mode $mode
+		ROD ip xfrm policy add src $dst dst $src dir in tmpl src $dst \
+			dst $src proto $proto mode $mode level use
+		ROD ip xfrm policy
+	elif [ $target = rhost ]; then
+		local spi_1="0x$(( $spi + 1 ))"
+		local spi_2="0x$spi"
+		tst_rhost_run -s -c "ip xfrm state add src $src dst $dst spi $spi_1 \
+			proto $proto $algo_line mode $mode sel src $src dst $dst"
+		tst_rhost_run -s -c "ip xfrm state add src $dst dst $src spi $spi_2 \
+			proto $proto $algo_line mode $mode sel src $dst dst $src"
+		tst_rhost_run -s -c "ip xfrm state"
+
+		tst_rhost_run -s -c "ip xfrm policy add src $src dst $dst dir out \
+			tmpl src $src dst $dst proto $proto mode $mode"
+		tst_rhost_run -s -c "ip xfrm policy add src $dst dst $src dir in \
+			tmpl src $dst dst $src proto $proto mode $mode level use"
+		tst_rhost_run -s -c "ip xfrm policy"
+	fi
+}
-- 
2.5.0

[LTP] [PATCHv4 3/3] network/stress/icmp: use ip xfrm for icmp uni-basic ipsec testing

[Hangbin Liu]

From: Hangbin Liu <liuhangbin@gmail.com>

Add icmp-uni-basic to implements the test case and define each test case in
"runtests/" and use parameters. Also use ip xfrm instead of setkey for ipsec
testing.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
 runtest/network_stress.icmp                  |  28 +++---
 testcases/network/stress/icmp/Makefile       |   3 +
 testcases/network/stress/icmp/icmp-uni-basic | 132 +++++++++++++++++++++++++++
 3 files changed, 149 insertions(+), 14 deletions(-)
 create mode 100755 testcases/network/stress/icmp/icmp-uni-basic

diff --git a/runtest/network_stress.icmp b/runtest/network_stress.icmp
index 29b52d1..1803b21 100644
--- a/runtest/network_stress.icmp
+++ b/runtest/network_stress.icmp
@@ -2,21 +2,21 @@
 # Stress test for TCP/IP protocol stack (ICMP)
 #
 
-icmp4-uni-basic01 icmp4-uni-basic01
-icmp4-uni-basic02 icmp4-uni-basic02
-icmp4-uni-basic03 icmp4-uni-basic03
-icmp4-uni-basic04 icmp4-uni-basic04
-icmp4-uni-basic05 icmp4-uni-basic05
-icmp4-uni-basic06 icmp4-uni-basic06
-icmp4-uni-basic07 icmp4-uni-basic07
+icmp4-uni-basic01 icmp-uni-basic -s "10 100 1000 10000 65503"
+icmp4-uni-basic02 icmp-uni-basic -p ah -m transport -s "10 100 1000 10000 65483"
+icmp4-uni-basic03 icmp-uni-basic -p ah -m tunnel -s "10 100 1000 10000 65463"
+icmp4-uni-basic04 icmp-uni-basic -p esp -m transport -s "10 100 1000 10000 65470"
+icmp4-uni-basic05 icmp-uni-basic -p esp -m tunnel -s "10 100 1000 10000 65450"
+icmp4-uni-basic06 icmp-uni-basic -p ipcomp -m transport -s "1000 10000 65000"
+icmp4-uni-basic07 icmp-uni-basic -p ipcomp -m tunnel -s "1000 10000 65000"
 
-icmp6-uni-basic01 icmp6-uni-basic01
-icmp6-uni-basic02 icmp6-uni-basic02
-icmp6-uni-basic03 icmp6-uni-basic03
-icmp6-uni-basic04 icmp6-uni-basic04
-icmp6-uni-basic05 icmp6-uni-basic05
-icmp6-uni-basic06 icmp6-uni-basic06
-icmp6-uni-basic07 icmp6-uni-basic07
+icmp6-uni-basic01 icmp-uni-basic -6 -s "10 100 1000 10000 65527"
+icmp6-uni-basic02 icmp-uni-basic -6 -p ah -m transport -s "10 100 1000 10000 65503"
+icmp6-uni-basic03 icmp-uni-basic -6 -p ah -m tunnel -s "10 100 1000 10000 65527"
+icmp6-uni-basic04 icmp-uni-basic -6 -p esp -m transport -s "10 100 1000 10000 65494"
+icmp6-uni-basic05 icmp-uni-basic -6 -p esp -m tunnel -s "10 100 1000 10000 65495"
+icmp6-uni-basic06 icmp-uni-basic -6 -p ipcomp -m transport -s "1000 10000 65000"
+icmp6-uni-basic07 icmp-uni-basic -6 -p ipcomp -m tunnel -s "1000 10000 65000"
 
 icmp4-multi-diffip01 icmp4-multi-diffip01
 icmp4-multi-diffip02 icmp4-multi-diffip02
diff --git a/testcases/network/stress/icmp/Makefile b/testcases/network/stress/icmp/Makefile
index 0dad1d1..9310aa1 100644
--- a/testcases/network/stress/icmp/Makefile
+++ b/testcases/network/stress/icmp/Makefile
@@ -23,4 +23,7 @@
 top_srcdir		?= ../../../..
 
 include $(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_TARGETS		:= icmp*
+
 include $(top_srcdir)/include/mk/generic_trunk_target.mk
diff --git a/testcases/network/stress/icmp/icmp-uni-basic b/testcases/network/stress/icmp/icmp-uni-basic
new file mode 100755
index 0000000..de586d6
--- /dev/null
+++ b/testcases/network/stress/icmp/icmp-uni-basic
@@ -0,0 +1,132 @@
+#!/bin/sh
+# Copyright (c) 2016 Red Hat Inc.,  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Author: Hangbin Liu <haliu@redhat.com>
+#
+################################################################################
+#
+# File:
+#   icmp-uni-basic.sh
+#
+# Description:
+#   Verify that the kernel is not crashed with receiving and sending various
+#   size of ICMP message
+#
+#   *) This script may be read by the other test case
+#
+# Setup:
+#   See ltp-yyyymmdd/testcases/network/stress/README
+#
+#-----------------------------------------------------------------------
+# The test case ID, the test case count and the total number of test case
+TCID=${TCID:-icmp-uni-basic}
+TST_TOTAL=1
+TST_COUNT=1
+TST_CLEANUP="tst_ipsec_cleanup"
+
+. ipsec_lib.sh
+
+while getopts "hl:m:p:s:S:6" opt; do
+	case "$opt" in
+	h)
+		echo "Usage:"
+		echo "h        help"
+		echo "l n      n is the number of test link when tests run"
+		echo "m x      x is ipsec mode, could be transport / tunnel"
+		echo "p x      x is ipsec protcol, could be ah / esp / ipcomp"
+		echo "s x      x is icmp messge size array"
+		echo "S n      n is IPsec SPI value"
+		echo "6        run over IPv6"
+		exit 0
+	;;
+	l) LINK_NUM=$OPTARG ;;
+	m) IPSEC_MODE=$OPTARG ;;
+	p) IPSEC_PROTO=$OPTARG ;;
+	s) ICMP_SIZE_ARRAY=$OPTARG ;;
+	S) SPI=$OPTARG ;;
+	6) # skip, test_net library already processed it
+	;;
+	*) tst_brkm TBROK "unknown option: $opt" ;;
+	esac
+done
+
+SPI=${SPI:-1000}
+LINK_NUM=${LINK_NUM:-0}
+DO_IPSEC=${DO_IPSEC:-false}
+ICMP_SIZE_ARRAY=${ICMP_SIZE_ARRAY:-"10 100 1000 10000 65507"}
+[ -n "$IPSEC_MODE" -a -n "$IPSEC_PROTO" ] && DO_IPSEC=true || DO_IPSEC=false
+
+#-----------------------------------------------------------------------
+#
+# Setup
+#
+
+# Unset the maximum number of processes
+ulimit -u unlimited
+
+# Test description
+tst_resm TINFO "Verify that the kernel is not crashed with receiving and sending various size of ICMP message with the following conditions"
+tst_resm TINFO "- Version of IP is IPv${TST_IPV6:-4}"
+tst_resm TINFO "- Size of packets are ( $ICMP_SIZE_ARRAY )"
+
+if $DO_IPSEC; then
+	case $IPSEC_PROTO in
+	ah)	tst_resm TINFO "- IPsec [ AH / $IPSEC_MODE ]" ;;
+	esp)	tst_resm TINFO "- IPsec [ ESP / $IPSEC_MODE ]" ;;
+	ipcomp)	tst_resm TINFO "- IPcomp [ $IPSEC_MODE ]" ;;
+	esac
+fi
+
+# name of interface of the local/remote host
+lhost_ifname=`tst_iface lhost $LINK_NUM`
+rhost_ifname=`tst_iface rhost $LINK_NUM`
+
+# Initialize the system configuration
+tst_ipsec_cleanup
+
+# Call cleanup function before exit
+trap tst_ipsec_cleanup 0
+
+lhost_addr=$(tst_ipaddr)
+rhost_addr=$(tst_ipaddr rhost)
+
+# Configure SAD/SPD
+if $DO_IPSEC ; then
+	tst_ipsec lhost $IPSEC_PROTO $IPSEC_MODE $SPI $lhost_addr $rhost_addr
+	tst_ipsec rhost $IPSEC_PROTO $IPSEC_MODE $SPI $rhost_addr $lhost_addr
+fi
+
+#-----------------------------------------------------------------------
+#
+# Main
+#
+#
+
+# Make sure the connectvity
+tst_ping $lhost_ifname $rhost_addr $ICMP_SIZE_ARRAY
+if [ $? -ne 0 ]; then
+	tst_brkm TBROK "IPv${TST_IPV6:-4} $IPSEC_PROTO $IPSEC_MODE connectivity"
+else
+	tst_resm TPASS "IPv${TST_IPV6:-4} $IPSEC_PROTO $IPSEC_MODE connectivity"
+fi
+
+#-----------------------------------------------------------------------
+#
+# Clean up
+#
+
+tst_resm TPASS "Test is finished successfully."
+exit 0
-- 
2.5.0

[LTP] [PATCHv4 0/3] networking/stress: add ip xfrm ipsec support

[Hangbin Liu]

Sorry, the signoff info is incorrect. Please ignore this patch set.

Thanks
Hangbin
On Fri, Apr 08, 2016 at 06:12:46PM +0800, Hangbin Liu wrote:
> From: Hangbin Liu <liuhangbin@gmail.com>
> 
> As we know, most of the network stress tests have IPsec testing, and we use
> setkey for configuration. But setkey[1] hasn't updated for a long time. And
> some distros, RHEL7 for example, even don't have ipset-tools package. On
> other hand, iproute2 is recommend for network configuration. And ip xfrm is
> more powerful than setkey. So let's use ip xfrm for ipsec testing.
> 
> [1] http://ipsec-tools.sourceforge.net/
> 
> Change from V3:
> 1. use message size array in tst_ping
> 2. add tst_ipsec_cleanup in ipsec_lib
> 3. use lhost/rhost naming in ipsec_lib
> 4. add icmp-uni-basic in the upper icmp directory
> 5. some other small fixs.
> 
> Change from V2:
> 1. remove c2x and use hexdump directly.
> 2. remove indent after "case".
> 3. remove useless export and old scripts like check_env.
> 4. remove tst_init_iface.
> 5. remove return value check after setup ipsec env.
> 6. remove addr config as Alexey said, we assume the address already added.
> 
> Change from V1:
> 1. update tst_ping() to use default iface and addr. make ping from local side.
> 2. remove unused variables. add -s option when use tst_rhost_run. Use ROD
>    before normal commands.
> 3. change all "tst_resm TBROK && exit" to "tst_brkm TBROK"
> 3. still keep tst_init_iface in test icmp4-uni-basic01 because we will
>    set_ipv4/6addr each time.
> 
> Hangbin Liu (3):
>   lib/test_net.sh: add tst_ping() to check icmp connectivity
>   network/stress: add ipsec lib
>   network/stress/icmp: use ip xfrm for icmp uni-basic ipsec testing
> 
>  runtest/network_stress.icmp                  |  28 +++---
>  testcases/lib/test_net.sh                    |  31 +++++++
>  testcases/network/stress/icmp/Makefile       |   3 +
>  testcases/network/stress/icmp/icmp-uni-basic | 132 +++++++++++++++++++++++++++
>  testcases/network/stress/ipsec/Makefile      |  28 ++++++
>  testcases/network/stress/ipsec/ipsec_lib.sh  | 114 +++++++++++++++++++++++
>  6 files changed, 322 insertions(+), 14 deletions(-)
>  create mode 100755 testcases/network/stress/icmp/icmp-uni-basic
>  create mode 100644 testcases/network/stress/ipsec/Makefile
>  create mode 100644 testcases/network/stress/ipsec/ipsec_lib.sh
> 
> -- 
> 2.5.0
> 

-- 

Thanks & Best Regards
Hangbin Liu <haliu@redhat.com>
Leo on #kernel-qe, #kernel, #eng-china

[LTP] [PATCHv4 3/3] network/stress/icmp: use ip xfrm for icmp uni-basic ipsec testing

[Hangbin Liu]

Hi Alexey,

On Fri, Apr 08, 2016 at 06:12:49PM +0800, Hangbin Liu wrote:
> From: Hangbin Liu <liuhangbin@gmail.com>
> 
> Add icmp-uni-basic to implements the test case and define each test case in
> "runtests/" and use parameters. Also use ip xfrm instead of setkey for ipsec
> testing.
> 
> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
> ---
>  runtest/network_stress.icmp                  |  28 +++---
>  testcases/network/stress/icmp/Makefile       |   3 +
>  testcases/network/stress/icmp/icmp-uni-basic | 132 +++++++++++++++++++++++++++
>  3 files changed, 149 insertions(+), 14 deletions(-)
>  create mode 100755 testcases/network/stress/icmp/icmp-uni-basic
> 
> diff --git a/runtest/network_stress.icmp b/runtest/network_stress.icmp
> index 29b52d1..1803b21 100644
> --- a/runtest/network_stress.icmp
> +++ b/runtest/network_stress.icmp
> @@ -2,21 +2,21 @@
>  # Stress test for TCP/IP protocol stack (ICMP)
>  #
>  
> -icmp4-uni-basic01 icmp4-uni-basic01
> -icmp4-uni-basic02 icmp4-uni-basic02
> -icmp4-uni-basic03 icmp4-uni-basic03
> -icmp4-uni-basic04 icmp4-uni-basic04
> -icmp4-uni-basic05 icmp4-uni-basic05
> -icmp4-uni-basic06 icmp4-uni-basic06
> -icmp4-uni-basic07 icmp4-uni-basic07
> +icmp4-uni-basic01 icmp-uni-basic -s "10 100 1000 10000 65503"
                                                           ^^ typo here, should be 65507

> +icmp4-uni-basic02 icmp-uni-basic -p ah -m transport -s "10 100 1000 10000 65483"
> +icmp4-uni-basic03 icmp-uni-basic -p ah -m tunnel -s "10 100 1000 10000 65463"
> +icmp4-uni-basic04 icmp-uni-basic -p esp -m transport -s "10 100 1000 10000 65470"
> +icmp4-uni-basic05 icmp-uni-basic -p esp -m tunnel -s "10 100 1000 10000 65450"
> +icmp4-uni-basic06 icmp-uni-basic -p ipcomp -m transport -s "1000 10000 65000"
> +icmp4-uni-basic07 icmp-uni-basic -p ipcomp -m tunnel -s "1000 10000 65000"
>  
> -icmp6-uni-basic01 icmp6-uni-basic01
> -icmp6-uni-basic02 icmp6-uni-basic02
> -icmp6-uni-basic03 icmp6-uni-basic03
> -icmp6-uni-basic04 icmp6-uni-basic04
> -icmp6-uni-basic05 icmp6-uni-basic05
> -icmp6-uni-basic06 icmp6-uni-basic06
> -icmp6-uni-basic07 icmp6-uni-basic07
> +icmp6-uni-basic01 icmp-uni-basic -6 -s "10 100 1000 10000 65527"
> +icmp6-uni-basic02 icmp-uni-basic -6 -p ah -m transport -s "10 100 1000 10000 65503"
> +icmp6-uni-basic03 icmp-uni-basic -6 -p ah -m tunnel -s "10 100 1000 10000 65527"
> +icmp6-uni-basic04 icmp-uni-basic -6 -p esp -m transport -s "10 100 1000 10000 65494"
> +icmp6-uni-basic05 icmp-uni-basic -6 -p esp -m tunnel -s "10 100 1000 10000 65495"
> +icmp6-uni-basic06 icmp-uni-basic -6 -p ipcomp -m transport -s "1000 10000 65000"
> +icmp6-uni-basic07 icmp-uni-basic -6 -p ipcomp -m tunnel -s "1000 10000 65000"

The max message size for ipv6 is incorrect.

The pure ipv4 icmp max message is 65535 - 20(ipv4 hdr) - 8(icmp hdr) = 65507,
IPv4 ah + transport max message is 65535 - 20 - 24(ah hdr) - 8 = 65483.
The pure ipv6 icmp max message is 65535 - 8 = 65527.

What I mean is each IPsec mode/protocol have different max message size.
Should we calculate each size and test them or just use a commom size like
65000? How do you think.

BTW, this patch set's signoff info is incorrect. I will send a new version.
But it would be good if you could help review this patch set and give advice
first so I can fix them in next version.

Thanks
Hangbin

>  
>  icmp4-multi-diffip01 icmp4-multi-diffip01
>  icmp4-multi-diffip02 icmp4-multi-diffip02
> diff --git a/testcases/network/stress/icmp/Makefile b/testcases/network/stress/icmp/Makefile
> index 0dad1d1..9310aa1 100644
> --- a/testcases/network/stress/icmp/Makefile
> +++ b/testcases/network/stress/icmp/Makefile
> @@ -23,4 +23,7 @@
>  top_srcdir		?= ../../../..
>  
>  include $(top_srcdir)/include/mk/env_pre.mk
> +
> +INSTALL_TARGETS		:= icmp*
> +
>  include $(top_srcdir)/include/mk/generic_trunk_target.mk
> diff --git a/testcases/network/stress/icmp/icmp-uni-basic b/testcases/network/stress/icmp/icmp-uni-basic
> new file mode 100755
> index 0000000..de586d6
> --- /dev/null
> +++ b/testcases/network/stress/icmp/icmp-uni-basic
> @@ -0,0 +1,132 @@
> +#!/bin/sh
> +# Copyright (c) 2016 Red Hat Inc.,  All Rights Reserved.
> +#
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU General Public License as
> +# published by the Free Software Foundation; either version 2 of
> +# the License, or (at your option) any later version.
> +#
> +# This program is distributed in the hope that it would be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program; if not, see <http://www.gnu.org/licenses/>.
> +#
> +# Author: Hangbin Liu <haliu@redhat.com>
> +#
> +################################################################################
> +#
> +# File:
> +#   icmp-uni-basic.sh
> +#
> +# Description:
> +#   Verify that the kernel is not crashed with receiving and sending various
> +#   size of ICMP message
> +#
> +#   *) This script may be read by the other test case
> +#
> +# Setup:
> +#   See ltp-yyyymmdd/testcases/network/stress/README
> +#
> +#-----------------------------------------------------------------------
> +# The test case ID, the test case count and the total number of test case
> +TCID=${TCID:-icmp-uni-basic}
> +TST_TOTAL=1
> +TST_COUNT=1
> +TST_CLEANUP="tst_ipsec_cleanup"
> +
> +. ipsec_lib.sh
> +
> +while getopts "hl:m:p:s:S:6" opt; do
> +	case "$opt" in
> +	h)
> +		echo "Usage:"
> +		echo "h        help"
> +		echo "l n      n is the number of test link when tests run"
> +		echo "m x      x is ipsec mode, could be transport / tunnel"
> +		echo "p x      x is ipsec protcol, could be ah / esp / ipcomp"
> +		echo "s x      x is icmp messge size array"
> +		echo "S n      n is IPsec SPI value"
> +		echo "6        run over IPv6"
> +		exit 0
> +	;;
> +	l) LINK_NUM=$OPTARG ;;
> +	m) IPSEC_MODE=$OPTARG ;;
> +	p) IPSEC_PROTO=$OPTARG ;;
> +	s) ICMP_SIZE_ARRAY=$OPTARG ;;
> +	S) SPI=$OPTARG ;;
> +	6) # skip, test_net library already processed it
> +	;;
> +	*) tst_brkm TBROK "unknown option: $opt" ;;
> +	esac
> +done
> +
> +SPI=${SPI:-1000}
> +LINK_NUM=${LINK_NUM:-0}
> +DO_IPSEC=${DO_IPSEC:-false}
> +ICMP_SIZE_ARRAY=${ICMP_SIZE_ARRAY:-"10 100 1000 10000 65507"}
> +[ -n "$IPSEC_MODE" -a -n "$IPSEC_PROTO" ] && DO_IPSEC=true || DO_IPSEC=false
> +
> +#-----------------------------------------------------------------------
> +#
> +# Setup
> +#
> +
> +# Unset the maximum number of processes
> +ulimit -u unlimited
> +
> +# Test description
> +tst_resm TINFO "Verify that the kernel is not crashed with receiving and sending various size of ICMP message with the following conditions"
> +tst_resm TINFO "- Version of IP is IPv${TST_IPV6:-4}"
> +tst_resm TINFO "- Size of packets are ( $ICMP_SIZE_ARRAY )"
> +
> +if $DO_IPSEC; then
> +	case $IPSEC_PROTO in
> +	ah)	tst_resm TINFO "- IPsec [ AH / $IPSEC_MODE ]" ;;
> +	esp)	tst_resm TINFO "- IPsec [ ESP / $IPSEC_MODE ]" ;;
> +	ipcomp)	tst_resm TINFO "- IPcomp [ $IPSEC_MODE ]" ;;
> +	esac
> +fi
> +
> +# name of interface of the local/remote host
> +lhost_ifname=`tst_iface lhost $LINK_NUM`
> +rhost_ifname=`tst_iface rhost $LINK_NUM`
> +
> +# Initialize the system configuration
> +tst_ipsec_cleanup
> +
> +# Call cleanup function before exit
> +trap tst_ipsec_cleanup 0
> +
> +lhost_addr=$(tst_ipaddr)
> +rhost_addr=$(tst_ipaddr rhost)
> +
> +# Configure SAD/SPD
> +if $DO_IPSEC ; then
> +	tst_ipsec lhost $IPSEC_PROTO $IPSEC_MODE $SPI $lhost_addr $rhost_addr
> +	tst_ipsec rhost $IPSEC_PROTO $IPSEC_MODE $SPI $rhost_addr $lhost_addr
> +fi
> +
> +#-----------------------------------------------------------------------
> +#
> +# Main
> +#
> +#
> +
> +# Make sure the connectvity
> +tst_ping $lhost_ifname $rhost_addr $ICMP_SIZE_ARRAY
> +if [ $? -ne 0 ]; then
> +	tst_brkm TBROK "IPv${TST_IPV6:-4} $IPSEC_PROTO $IPSEC_MODE connectivity"
> +else
> +	tst_resm TPASS "IPv${TST_IPV6:-4} $IPSEC_PROTO $IPSEC_MODE connectivity"
> +fi
> +
> +#-----------------------------------------------------------------------
> +#
> +# Clean up
> +#
> +
> +tst_resm TPASS "Test is finished successfully."
> +exit 0
> -- 
> 2.5.0
> 

-- 

Thanks & Best Regards
Hangbin Liu <haliu@redhat.com>
Leo on #kernel-qe, #kernel, #eng-china