1 #!/bin/bash
2 # SPDX-License-Identifier: GPL-2.0
3
4 # +--------------------+ +----------------------+
5 # | H1 | | H2 |
6 # | | | |
7 # | $h1 + | | + $h2 |
8 # | 192.0.2.2/24 | | | | 198.51.100.2/24 |
9 # | 2001:db8:1::2/64 | | | | 2001:db8:2::2/64 |
10 # | | | | | |
11 # +------------------|-+ +-|--------------------+
12 # | |
13 # +------------------|-------------------------|--------------------+
14 # | SW | | |
15 # | | | |
16 # | $rp1 + + $rp2 |
17 # | 192.0.2.1/24 198.51.100.1/24 |
18 # | 2001:db8:1::1/64 2001:db8:2::1/64 |
19 # | |
20 # +-----------------------------------------------------------------+
21
22 ALL_TESTS="
23 ping_ipv4
24 ping_ipv6
25 sip_in_class_e
26 mc_mac_mismatch
27 ipv4_sip_equal_dip
28 ipv6_sip_equal_dip
29 ipv4_dip_link_local
30 "
31
32 NUM_NETIFS=4
33 source lib.sh
34 source tc_common.sh
35
36 require_command $MCD
37 require_command $MC_CLI
38 table_name=selftests
39
40 h1_create()
41 {
42 vrf_create "vrf-h1"
43 ip link set dev $h1 master vrf-h1
44
45 ip link set dev vrf-h1 up
46 ip link set dev $h1 up
47
48 ip address add 192.0.2.2/24 dev $h1
49 ip address add 2001:db8:1::2/64 dev $h1
50
51 ip route add 198.51.100.0/24 vrf vrf-h1 nexthop via 192.0.2.1
52 ip route add 2001:db8:2::/64 vrf vrf-h1 nexthop via 2001:db8:1::1
53 }
54
55 h1_destroy()
56 {
57 ip route del 2001:db8:2::/64 vrf vrf-h1
58 ip route del 198.51.100.0/24 vrf vrf-h1
59
60 ip address del 2001:db8:1::2/64 dev $h1
61 ip address del 192.0.2.2/24 dev $h1
62
63 ip link set dev $h1 down
64 vrf_destroy "vrf-h1"
65 }
66
67 h2_create()
68 {
69 vrf_create "vrf-h2"
70 ip link set dev $h2 master vrf-h2
71
72 ip link set dev vrf-h2 up
73 ip link set dev $h2 up
74
75 ip address add 198.51.100.2/24 dev $h2
76 ip address add 2001:db8:2::2/64 dev $h2
77
78 ip route add 192.0.2.0/24 vrf vrf-h2 nexthop via 198.51.100.1
79 ip route add 2001:db8:1::/64 vrf vrf-h2 nexthop via 2001:db8:2::1
80 }
81
82 h2_destroy()
83 {
84 ip route del 2001:db8:1::/64 vrf vrf-h2
85 ip route del 192.0.2.0/24 vrf vrf-h2
86
87 ip address del 2001:db8:2::2/64 dev $h2
88 ip address del 198.51.100.2/24 dev $h2
89
90 ip link set dev $h2 down
91 vrf_destroy "vrf-h2"
92 }
93
94 router_create()
95 {
96 ip link set dev $rp1 up
97 ip link set dev $rp2 up
98
99 tc qdisc add dev $rp2 clsact
100
101 ip address add 192.0.2.1/24 dev $rp1
102 ip address add 2001:db8:1::1/64 dev $rp1
103
104 ip address add 198.51.100.1/24 dev $rp2
105 ip address add 2001:db8:2::1/64 dev $rp2
106 }
107
108 router_destroy()
109 {
110 ip address del 2001:db8:2::1/64 dev $rp2
111 ip address del 198.51.100.1/24 dev $rp2
112
113 ip address del 2001:db8:1::1/64 dev $rp1
114 ip address del 192.0.2.1/24 dev $rp1
115
116 tc qdisc del dev $rp2 clsact
117
118 ip link set dev $rp2 down
119 ip link set dev $rp1 down
120 }
121
122 start_mcd()
123 {
124 SMCROUTEDIR="$(mktemp -d)"
125
126 for ((i = 1; i <= $NUM_NETIFS; ++i)); do
127 echo "phyint ${NETIFS[p$i]} enable" >> \
128 $SMCROUTEDIR/$table_name.conf
129 done
130
131 $MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \
132 -P $SMCROUTEDIR/$table_name.pid
133 }
134
135 kill_mcd()
136 {
137 pkill $MCD
138 rm -rf $SMCROUTEDIR
139 }
140
141 setup_prepare()
142 {
143 h1=${NETIFS[p1]}
144 rp1=${NETIFS[p2]}
145
146 rp2=${NETIFS[p3]}
147 h2=${NETIFS[p4]}
148
149 rp1mac=$(mac_get $rp1)
150
151 start_mcd
152
153 vrf_prepare
154
155 h1_create
156 h2_create
157
158 router_create
159
160 forwarding_enable
161 }
162
163 cleanup()
164 {
165 pre_cleanup
166
167 forwarding_restore
168
169 router_destroy
170
171 h2_destroy
172 h1_destroy
173
174 vrf_cleanup
175
176 kill_mcd
177 }
178
179 ping_ipv4()
180 {
181 ping_test $h1 198.51.100.2
182 }
183
184 ping_ipv6()
185 {
186 ping6_test $h1 2001:db8:2::2
187 }
188
189 sip_in_class_e()
190 {
191 RET=0
192
193 # Disable rpfilter to prevent packets to be dropped because of it.
194 sysctl_set net.ipv4.conf.all.rp_filter 0
195 sysctl_set net.ipv4.conf.$rp1.rp_filter 0
196
197 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
198 flower src_ip 240.0.0.1 ip_proto udp action pass
199
200 $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
201 -A 240.0.0.1 -b $rp1mac -B 198.51.100.2 -q
202
203 tc_check_packets "dev $rp2 egress" 101 5
204 check_err $? "Packets were dropped"
205
206 log_test "Source IP in class E"
207
208 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
209 sysctl_restore net.ipv4.conf.$rp1.rp_filter
210 sysctl_restore net.ipv4.conf.all.rp_filter
211 }
212
213 create_mcast_sg()
214 {
215 local if_name=$1; shift
216 local s_addr=$1; shift
217 local mcast=$1; shift
218 local dest_ifs=${@}
219
220 $MC_CLI -I $table_name add $if_name $s_addr $mcast $dest_ifs
221 }
222
223 delete_mcast_sg()
224 {
225 local if_name=$1; shift
226 local s_addr=$1; shift
227 local mcast=$1; shift
228 local dest_ifs=${@}
229
230 $MC_CLI -I $table_name remove $if_name $s_addr $mcast $dest_ifs
231 }
232
233 __mc_mac_mismatch()
234 {
235 local desc=$1; shift
236 local proto=$1; shift
237 local sip=$1; shift
238 local dip=$1; shift
239 local flags=${1:-""}; shift
240 local dmac=01:02:03:04:05:06
241
242 RET=0
243
244 tc filter add dev $rp2 egress protocol $proto pref 1 handle 101 \
245 flower dst_ip $dip action pass
246
247 create_mcast_sg $rp1 $sip $dip $rp2
248
249 $MZ $flags $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $dmac \
250 -B $dip -q
251
252 tc_check_packets "dev $rp2 egress" 101 5
253 check_err $? "Packets were dropped"
254
255 log_test "Multicast MAC mismatch: $desc"
256
257 delete_mcast_sg $rp1 $sip $dip $rp2
258 tc filter del dev $rp2 egress protocol $proto pref 1 handle 101 flower
259 }
260
261 mc_mac_mismatch()
262 {
263 __mc_mac_mismatch "IPv4" "ip" 192.0.2.2 225.1.2.3
264 __mc_mac_mismatch "IPv6" "ipv6" 2001:db8:1::2 ff0e::3 "-6"
265 }
266
267 ipv4_sip_equal_dip()
268 {
269 RET=0
270
271 # Disable rpfilter to prevent packets to be dropped because of it.
272 sysctl_set net.ipv4.conf.all.rp_filter 0
273 sysctl_set net.ipv4.conf.$rp1.rp_filter 0
274
275 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
276 flower src_ip 198.51.100.2 action pass
277
278 $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
279 -A 198.51.100.2 -b $rp1mac -B 198.51.100.2 -q
280
281 tc_check_packets "dev $rp2 egress" 101 5
282 check_err $? "Packets were dropped"
283
284 log_test "Source IP is equal to destination IP: IPv4"
285
286 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
287 sysctl_restore net.ipv4.conf.$rp1.rp_filter
288 sysctl_restore net.ipv4.conf.all.rp_filter
289 }
290
291 ipv6_sip_equal_dip()
292 {
293 RET=0
294
295 tc filter add dev $rp2 egress protocol ipv6 pref 1 handle 101 \
296 flower src_ip 2001:db8:2::2 action pass
297
298 $MZ -6 $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
299 -A 2001:db8:2::2 -b $rp1mac -B 2001:db8:2::2 -q
300
301 tc_check_packets "dev $rp2 egress" 101 5
302 check_err $? "Packets were dropped"
303
304 log_test "Source IP is equal to destination IP: IPv6"
305
306 tc filter del dev $rp2 egress protocol ipv6 pref 1 handle 101 flower
307 }
308
309 ipv4_dip_link_local()
310 {
311 local dip=169.254.1.1
312
313 RET=0
314
315 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
316 flower dst_ip $dip action pass
317
318 ip neigh add 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
319 ip route add 169.254.1.0/24 dev $rp2
320
321 $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $rp1mac -B $dip -q
322
323 tc_check_packets "dev $rp2 egress" 101 5
324 check_err $? "Packets were dropped"
325
326 log_test "IPv4 destination IP is link-local"
327
328 ip route del 169.254.1.0/24 dev $rp2
329 ip neigh del 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
330 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
331 }
332
333 trap cleanup EXIT
334
335 setup_prepare
336 setup_wait
337
338 tests_run
339
340 exit $EXIT_STATUS
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.