#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# +--------------------+ +----------------------+
# | H1 | | H2 |
# | | | |
# | $h1 + | | + $h2 |
# | 192.0.2.2/24 | | | | 198.51.100.2/24 |
# | 2001:db8:1::2/64 | | | | 2001:db8:2::2/64 |
# | | | | | |
# +------------------|-+ +-|--------------------+
# | |
# +------------------|-------------------------|--------------------+
# | SW | | |
# | | | |
# | $rp1 + + $rp2 |
# | 192.0.2.1/24 198.51.100.1/24 |
# | 2001:db8:1::1/64 2001:db8:2::1/64 |
# | |
# +-----------------------------------------------------------------+
ALL_TESTS="
ping_ipv4
ping_ipv6
sip_in_class_e
mc_mac_mismatch
ipv4_sip_equal_dip
ipv6_sip_equal_dip
ipv4_dip_link_local
"
NUM_NETIFS=4
source lib.sh
source tc_common.sh
require_command $MCD
require_command $MC_CLI
table_name=selftests
h1_create()
{
vrf_create "vrf-h1"
ip link set dev $h1 master vrf-h1
ip link set dev vrf-h1 up
ip link set dev $h1 up
ip address add 192.0.2.2/24 dev $h1
ip address add 2001:db8:1::2/64 dev $h1
ip route add 198.51.100.0/24 vrf vrf-h1 nexthop via 192.0.2.1
ip route add 2001:db8:2::/64 vrf vrf-h1 nexthop via 2001:db8:1::1
}
h1_destroy()
{
ip route del 2001:db8:2::/64 vrf vrf-h1
ip route del 198.51.100.0/24 vrf vrf-h1
ip address del 2001:db8:1::2/64 dev $h1
ip address del 192.0.2.2/24 dev $h1
ip link set dev $h1 down
vrf_destroy "vrf-h1"
}
h2_create()
{
vrf_create "vrf-h2"
ip link set dev $h2 master vrf-h2
ip link set dev vrf-h2 up
ip link set dev $h2 up
ip address add 198.51.100.2/24 dev $h2
ip address add 2001:db8:2::2/64 dev $h2
ip route add 192.0.2.0/24 vrf vrf-h2 nexthop via 198.51.100.1
ip route add 2001:db8:1::/64 vrf vrf-h2 nexthop via 2001:db8:2::1
}
h2_destroy()
{
ip route del 2001:db8:1::/64 vrf vrf-h2
ip route del 192.0.2.0/24 vrf vrf-h2
ip address del 2001:db8:2::2/64 dev $h2
ip address del 198.51.100.2/24 dev $h2
ip link set dev $h2 down
vrf_destroy "vrf-h2"
}
router_create()
{
ip link set dev $rp1 up
ip link set dev $rp2 up
tc qdisc add dev $rp2 clsact
ip address add 192.0.2.1/24 dev $rp1
ip address add 2001:db8:1::1/64 dev $rp1
ip address add 198.51.100.1/24 dev $rp2
ip address add 2001:db8:2::1/64 dev $rp2
}
router_destroy()
{
ip address del 2001:db8:2::1/64 dev $rp2
ip address del 198.51.100.1/24 dev $rp2
ip address del 2001:db8:1::1/64 dev $rp1
ip address del 192.0.2.1/24 dev $rp1
tc qdisc del dev $rp2 clsact
ip link set dev $rp2 down
ip link set dev $rp1 down
}
start_mcd()
{
SMCROUTEDIR="$(mktemp -d)"
for ((i = 1; i <= $NUM_NETIFS; ++i)); do
echo "phyint ${NETIFS[p$i]} enable" >> \
$SMCROUTEDIR/$table_name.conf
done
$MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \
-P $SMCROUTEDIR/$table_name.pid
}
kill_mcd()
{
pkill $MCD
rm -rf $SMCROUTEDIR
}
setup_prepare()
{
h1=${NETIFS[p1]}
rp1=${NETIFS[p2]}
rp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
rp1mac=$(mac_get $rp1)
start_mcd
vrf_prepare
h1_create
h2_create
router_create
forwarding_enable
}
cleanup()
{
pre_cleanup
forwarding_restore
router_destroy
h2_destroy
h1_destroy
vrf_cleanup
kill_mcd
}
ping_ipv4()
{
ping_test $h1 198.51.100.2
}
ping_ipv6()
{
ping6_test $h1 2001:db8:2::2
}
sip_in_class_e()
{
RET=0
# Disable rpfilter to prevent packets to be dropped because of it.
sysctl_set net.ipv4.conf.all.rp_filter 0
sysctl_set net.ipv4.conf.$rp1.rp_filter 0
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
flower src_ip 240.0.0.1 ip_proto udp action pass
$MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
-A 240.0.0.1 -b $rp1mac -B 198.51.100.2 -q
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
log_test "Source IP in class E"
tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
sysctl_restore net.ipv4.conf.$rp1.rp_filter
sysctl_restore net.ipv4.conf.all.rp_filter
}
create_mcast_sg()
{
local if_name=$1; shift
local s_addr=$1; shift
local mcast=$1; shift
local dest_ifs=${@}
$MC_CLI -I $table_name add $if_name $s_addr $mcast $dest_ifs
}
delete_mcast_sg()
{
local if_name=$1; shift
local s_addr=$1; shift
local mcast=$1; shift
local dest_ifs=${@}
$MC_CLI -I $table_name remove $if_name $s_addr $mcast $dest_ifs
}
__mc_mac_mismatch()
{
local desc=$1; shift
local proto=$1; shift
local sip=$1; shift
local dip=$1; shift
local flags=${1:-""}; shift
local dmac=01:02:03:04:05:06
RET=0
tc filter add dev $rp2 egress protocol $proto pref 1 handle 101 \
flower dst_ip $dip action pass
create_mcast_sg $rp1 $sip $dip $rp2
$MZ $flags $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $dmac \
-B $dip -q
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
log_test "Multicast MAC mismatch: $desc"
delete_mcast_sg $rp1 $sip $dip $rp2
tc filter del dev $rp2 egress protocol $proto pref 1 handle 101 flower
}
mc_mac_mismatch()
{
__mc_mac_mismatch "IPv4" "ip" 192.0.2.2 225.1.2.3
__mc_mac_mismatch "IPv6" "ipv6" 2001:db8:1::2 ff0e::3 "-6"
}
ipv4_sip_equal_dip()
{
RET=0
# Disable rpfilter to prevent packets to be dropped because of it.
sysctl_set net.ipv4.conf.all.rp_filter 0
sysctl_set net.ipv4.conf.$rp1.rp_filter 0
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
flower src_ip 198.51.100.2 action pass
$MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
-A 198.51.100.2 -b $rp1mac -B 198.51.100.2 -q
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
log_test "Source IP is equal to destination IP: IPv4"
tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
sysctl_restore net.ipv4.conf.$rp1.rp_filter
sysctl_restore net.ipv4.conf.all.rp_filter
}
ipv6_sip_equal_dip()
{
RET=0
tc filter add dev $rp2 egress protocol ipv6 pref 1 handle 101 \
flower src_ip 2001:db8:2::2 action pass
$MZ -6 $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
-A 2001:db8:2::2 -b $rp1mac -B 2001:db8:2::2 -q
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
log_test "Source IP is equal to destination IP: IPv6"
tc filter del dev $rp2 egress protocol ipv6 pref 1 handle 101 flower
}
ipv4_dip_link_local()
{
local dip=169.254.1.1
RET=0
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
flower dst_ip $dip action pass
ip neigh add 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
ip route add 169.254.1.0/24 dev $rp2
$MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $rp1mac -B $dip -q
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
log_test "IPv4 destination IP is link-local"
ip route del 169.254.1.0/24 dev $rp2
ip neigh del 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
}
trap cleanup EXIT
setup_prepare
setup_wait
tests_run
exit $EXIT_STATUS