linux/tools/testing/selftests/net/forwarding/router.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0

# +--------------------+                     +----------------------+
# | H1                 |                     |                   H2 |
# |                    |                     |                      |
# |              $h1 + |                     | + $h2                |
# |     192.0.2.2/24 | |                     | | 198.51.100.2/24    |
# | 2001:db8:1::2/64 | |                     | | 2001:db8:2::2/64   |
# |                  | |                     | |                    |
# +------------------|-+                     +-|--------------------+
#                    |                         |
# +------------------|-------------------------|--------------------+
# | SW               |                         |                    |
# |                  |                         |                    |
# |             $rp1 +                         + $rp2               |
# |     192.0.2.1/24                             198.51.100.1/24    |
# | 2001:db8:1::1/64                             2001:db8:2::1/64   |
# |                                                                 |
# +-----------------------------------------------------------------+

ALL_TESTS="
	ping_ipv4
	ping_ipv6
	sip_in_class_e
	mc_mac_mismatch
	ipv4_sip_equal_dip
	ipv6_sip_equal_dip
	ipv4_dip_link_local
"

NUM_NETIFS=4
source lib.sh
source tc_common.sh

require_command $MCD
require_command $MC_CLI
table_name=selftests

h1_create()
{
	vrf_create "vrf-h1"
	ip link set dev $h1 master vrf-h1

	ip link set dev vrf-h1 up
	ip link set dev $h1 up

	ip address add 192.0.2.2/24 dev $h1
	ip address add 2001:db8:1::2/64 dev $h1

	ip route add 198.51.100.0/24 vrf vrf-h1 nexthop via 192.0.2.1
	ip route add 2001:db8:2::/64 vrf vrf-h1 nexthop via 2001:db8:1::1
}

h1_destroy()
{
	ip route del 2001:db8:2::/64 vrf vrf-h1
	ip route del 198.51.100.0/24 vrf vrf-h1

	ip address del 2001:db8:1::2/64 dev $h1
	ip address del 192.0.2.2/24 dev $h1

	ip link set dev $h1 down
	vrf_destroy "vrf-h1"
}

h2_create()
{
	vrf_create "vrf-h2"
	ip link set dev $h2 master vrf-h2

	ip link set dev vrf-h2 up
	ip link set dev $h2 up

	ip address add 198.51.100.2/24 dev $h2
	ip address add 2001:db8:2::2/64 dev $h2

	ip route add 192.0.2.0/24 vrf vrf-h2 nexthop via 198.51.100.1
	ip route add 2001:db8:1::/64 vrf vrf-h2 nexthop via 2001:db8:2::1
}

h2_destroy()
{
	ip route del 2001:db8:1::/64 vrf vrf-h2
	ip route del 192.0.2.0/24 vrf vrf-h2

	ip address del 2001:db8:2::2/64 dev $h2
	ip address del 198.51.100.2/24 dev $h2

	ip link set dev $h2 down
	vrf_destroy "vrf-h2"
}

router_create()
{
	ip link set dev $rp1 up
	ip link set dev $rp2 up

	tc qdisc add dev $rp2 clsact

	ip address add 192.0.2.1/24 dev $rp1
	ip address add 2001:db8:1::1/64 dev $rp1

	ip address add 198.51.100.1/24 dev $rp2
	ip address add 2001:db8:2::1/64 dev $rp2
}

router_destroy()
{
	ip address del 2001:db8:2::1/64 dev $rp2
	ip address del 198.51.100.1/24 dev $rp2

	ip address del 2001:db8:1::1/64 dev $rp1
	ip address del 192.0.2.1/24 dev $rp1

	tc qdisc del dev $rp2 clsact

	ip link set dev $rp2 down
	ip link set dev $rp1 down
}

start_mcd()
{
	SMCROUTEDIR="$(mktemp -d)"

	for ((i = 1; i <= $NUM_NETIFS; ++i)); do
		echo "phyint ${NETIFS[p$i]} enable" >> \
			$SMCROUTEDIR/$table_name.conf
	done

	$MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \
		-P $SMCROUTEDIR/$table_name.pid
}

kill_mcd()
{
	pkill $MCD
	rm -rf $SMCROUTEDIR
}

setup_prepare()
{
	h1=${NETIFS[p1]}
	rp1=${NETIFS[p2]}

	rp2=${NETIFS[p3]}
	h2=${NETIFS[p4]}

	rp1mac=$(mac_get $rp1)

	start_mcd

	vrf_prepare

	h1_create
	h2_create

	router_create

	forwarding_enable
}

cleanup()
{
	pre_cleanup

	forwarding_restore

	router_destroy

	h2_destroy
	h1_destroy

	vrf_cleanup

	kill_mcd
}

ping_ipv4()
{
	ping_test $h1 198.51.100.2
}

ping_ipv6()
{
	ping6_test $h1 2001:db8:2::2
}

sip_in_class_e()
{
	RET=0

	# Disable rpfilter to prevent packets to be dropped because of it.
	sysctl_set net.ipv4.conf.all.rp_filter 0
	sysctl_set net.ipv4.conf.$rp1.rp_filter 0

	tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
		flower src_ip 240.0.0.1 ip_proto udp action pass

	$MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
		-A 240.0.0.1 -b $rp1mac -B 198.51.100.2 -q

	tc_check_packets "dev $rp2 egress" 101 5
	check_err $? "Packets were dropped"

	log_test "Source IP in class E"

	tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
	sysctl_restore net.ipv4.conf.$rp1.rp_filter
	sysctl_restore net.ipv4.conf.all.rp_filter
}

create_mcast_sg()
{
	local if_name=$1; shift
	local s_addr=$1; shift
	local mcast=$1; shift
	local dest_ifs=${@}

	$MC_CLI -I $table_name add $if_name $s_addr $mcast $dest_ifs
}

delete_mcast_sg()
{
	local if_name=$1; shift
	local s_addr=$1; shift
	local mcast=$1; shift
	local dest_ifs=${@}

	$MC_CLI -I $table_name remove $if_name $s_addr $mcast $dest_ifs
}

__mc_mac_mismatch()
{
	local desc=$1; shift
	local proto=$1; shift
	local sip=$1; shift
	local dip=$1; shift
	local flags=${1:-""}; shift
	local dmac=01:02:03:04:05:06

	RET=0

	tc filter add dev $rp2 egress protocol $proto pref 1 handle 101 \
		flower dst_ip $dip action pass

	create_mcast_sg $rp1 $sip $dip $rp2

	$MZ $flags $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $dmac \
		-B $dip -q

	tc_check_packets "dev $rp2 egress" 101 5
	check_err $? "Packets were dropped"

	log_test "Multicast MAC mismatch: $desc"

	delete_mcast_sg $rp1 $sip $dip $rp2
	tc filter del dev $rp2 egress protocol $proto pref 1 handle 101 flower
}

mc_mac_mismatch()
{
	__mc_mac_mismatch "IPv4" "ip" 192.0.2.2 225.1.2.3
	__mc_mac_mismatch "IPv6" "ipv6" 2001:db8:1::2 ff0e::3 "-6"
}

ipv4_sip_equal_dip()
{
	RET=0

	# Disable rpfilter to prevent packets to be dropped because of it.
	sysctl_set net.ipv4.conf.all.rp_filter 0
	sysctl_set net.ipv4.conf.$rp1.rp_filter 0

	tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
		flower src_ip 198.51.100.2  action pass

	$MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
		-A 198.51.100.2 -b $rp1mac -B 198.51.100.2 -q

	tc_check_packets "dev $rp2 egress" 101 5
	check_err $? "Packets were dropped"

	log_test "Source IP is equal to destination IP: IPv4"

	tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
	sysctl_restore net.ipv4.conf.$rp1.rp_filter
	sysctl_restore net.ipv4.conf.all.rp_filter
}

ipv6_sip_equal_dip()
{
	RET=0

	tc filter add dev $rp2 egress protocol ipv6 pref 1 handle 101 \
		flower src_ip 2001:db8:2::2 action pass

	$MZ -6 $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
		-A 2001:db8:2::2 -b $rp1mac -B 2001:db8:2::2 -q

	tc_check_packets "dev $rp2 egress" 101 5
	check_err $? "Packets were dropped"

	log_test "Source IP is equal to destination IP: IPv6"

	tc filter del dev $rp2 egress protocol ipv6 pref 1 handle 101 flower
}

ipv4_dip_link_local()
{
	local dip=169.254.1.1

	RET=0

	tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
		flower dst_ip $dip action pass

	ip neigh add 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
	ip route add 169.254.1.0/24 dev $rp2

	$MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $rp1mac -B $dip -q

	tc_check_packets "dev $rp2 egress" 101 5
	check_err $? "Packets were dropped"

	log_test "IPv4 destination IP is link-local"

	ip route del 169.254.1.0/24 dev $rp2
	ip neigh del 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
	tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
}

trap cleanup EXIT

setup_prepare
setup_wait

tests_run

exit $EXIT_STATUS