selftests/net: convert vrf-xfrm-tests.sh to run it in unique namespace

Here is the test result after conversion.

]# ./vrf-xfrm-tests.sh

No qdisc on VRF device
TEST: IPv4 no xfrm policy [ OK ]
TEST: IPv6 no xfrm policy [ OK ]
TEST: IPv4 xfrm policy based on address [ OK ]
TEST: IPv6 xfrm policy based on address [ OK ]
TEST: IPv6 xfrm policy with VRF in selector [ OK ]
TEST: IPv4 xfrm policy with xfrm device [ OK ]
TEST: IPv6 xfrm policy with xfrm device [ OK ]

netem qdisc on VRF device
TEST: IPv4 no xfrm policy [ OK ]
TEST: IPv6 no xfrm policy [ OK ]
TEST: IPv4 xfrm policy based on address [ OK ]
TEST: IPv6 xfrm policy based on address [ OK ]
TEST: IPv6 xfrm policy with VRF in selector [ OK ]
TEST: IPv4 xfrm policy with xfrm device [ OK ]
TEST: IPv6 xfrm policy with xfrm device [ OK ]

Tests passed: 14
Tests failed: 0

Acked-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

selftests: net: vrf-xfrm-tests: change authentication and encryption algos

The vrf-xfrm-tests tests use the hmac(md5) and cbc(des3_ede)
algorithms for performing authentication and encryption, respectively.
This causes the tests to fail when fips=1 is set, since these algorithms
are not allowed in FIPS mode. Therefore, switch from hmac(md5) and
cbc(des3_ede) to hmac(sha1) and cbc(aes), which are FIPS compliant.

Fixes: 3f251d741150 ("selftests: Add tests for vrf and xfrms")
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Magali Lemes <magali.lemes@canonical.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

selftests: Add tests for vrf and xfrms

Add tests for vrf and xfrms with a second round after adding a
qdisc. There are a few known problems documented with the test
cases that fail. The fix is non-trivial; will come back to it
when time allows.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>