| #!/bin/bash |
| # SPDX-License-Identifier: GPL-2.0 |
| |
| # +--------------------+ +----------------------+ |
| # | H1 | | H2 | |
| # | | | | |
| # | $h1 + | | + $h2 | |
| # | 192.0.2.2/24 | | | | 198.51.100.2/24 | |
| # | 2001:db8:1::2/64 | | | | 2001:db8:2::2/64 | |
| # | | | | | | |
| # +------------------|-+ +-|--------------------+ |
| # | | |
| # +------------------|-------------------------|--------------------+ |
| # | SW | | | |
| # | | | | |
| # | $rp1 + + $rp2 | |
| # | 192.0.2.1/24 198.51.100.1/24 | |
| # | 2001:db8:1::1/64 2001:db8:2::1/64 | |
| # | | |
| # +-----------------------------------------------------------------+ |
| |
| ALL_TESTS=" |
| ping_ipv4 |
| ping_ipv6 |
| sip_in_class_e |
| mc_mac_mismatch |
| ipv4_sip_equal_dip |
| ipv6_sip_equal_dip |
| ipv4_dip_link_local |
| " |
| |
| NUM_NETIFS=4 |
| source lib.sh |
| source tc_common.sh |
| |
| require_command $MCD |
| require_command $MC_CLI |
| table_name=selftests |
| |
| h1_create() |
| { |
| vrf_create "vrf-h1" |
| ip link set dev $h1 master vrf-h1 |
| |
| ip link set dev vrf-h1 up |
| ip link set dev $h1 up |
| |
| ip address add 192.0.2.2/24 dev $h1 |
| ip address add 2001:db8:1::2/64 dev $h1 |
| |
| ip route add 198.51.100.0/24 vrf vrf-h1 nexthop via 192.0.2.1 |
| ip route add 2001:db8:2::/64 vrf vrf-h1 nexthop via 2001:db8:1::1 |
| } |
| |
| h1_destroy() |
| { |
| ip route del 2001:db8:2::/64 vrf vrf-h1 |
| ip route del 198.51.100.0/24 vrf vrf-h1 |
| |
| ip address del 2001:db8:1::2/64 dev $h1 |
| ip address del 192.0.2.2/24 dev $h1 |
| |
| ip link set dev $h1 down |
| vrf_destroy "vrf-h1" |
| } |
| |
| h2_create() |
| { |
| vrf_create "vrf-h2" |
| ip link set dev $h2 master vrf-h2 |
| |
| ip link set dev vrf-h2 up |
| ip link set dev $h2 up |
| |
| ip address add 198.51.100.2/24 dev $h2 |
| ip address add 2001:db8:2::2/64 dev $h2 |
| |
| ip route add 192.0.2.0/24 vrf vrf-h2 nexthop via 198.51.100.1 |
| ip route add 2001:db8:1::/64 vrf vrf-h2 nexthop via 2001:db8:2::1 |
| } |
| |
| h2_destroy() |
| { |
| ip route del 2001:db8:1::/64 vrf vrf-h2 |
| ip route del 192.0.2.0/24 vrf vrf-h2 |
| |
| ip address del 2001:db8:2::2/64 dev $h2 |
| ip address del 198.51.100.2/24 dev $h2 |
| |
| ip link set dev $h2 down |
| vrf_destroy "vrf-h2" |
| } |
| |
| router_create() |
| { |
| ip link set dev $rp1 up |
| ip link set dev $rp2 up |
| |
| tc qdisc add dev $rp2 clsact |
| |
| ip address add 192.0.2.1/24 dev $rp1 |
| ip address add 2001:db8:1::1/64 dev $rp1 |
| |
| ip address add 198.51.100.1/24 dev $rp2 |
| ip address add 2001:db8:2::1/64 dev $rp2 |
| } |
| |
| router_destroy() |
| { |
| ip address del 2001:db8:2::1/64 dev $rp2 |
| ip address del 198.51.100.1/24 dev $rp2 |
| |
| ip address del 2001:db8:1::1/64 dev $rp1 |
| ip address del 192.0.2.1/24 dev $rp1 |
| |
| tc qdisc del dev $rp2 clsact |
| |
| ip link set dev $rp2 down |
| ip link set dev $rp1 down |
| } |
| |
| start_mcd() |
| { |
| SMCROUTEDIR="$(mktemp -d)" |
| |
| for ((i = 1; i <= $NUM_NETIFS; ++i)); do |
| echo "phyint ${NETIFS[p$i]} enable" >> \ |
| $SMCROUTEDIR/$table_name.conf |
| done |
| |
| $MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \ |
| -P $SMCROUTEDIR/$table_name.pid |
| } |
| |
| kill_mcd() |
| { |
| pkill $MCD |
| rm -rf $SMCROUTEDIR |
| } |
| |
| setup_prepare() |
| { |
| h1=${NETIFS[p1]} |
| rp1=${NETIFS[p2]} |
| |
| rp2=${NETIFS[p3]} |
| h2=${NETIFS[p4]} |
| |
| rp1mac=$(mac_get $rp1) |
| |
| start_mcd |
| |
| vrf_prepare |
| |
| h1_create |
| h2_create |
| |
| router_create |
| |
| forwarding_enable |
| } |
| |
| cleanup() |
| { |
| pre_cleanup |
| |
| forwarding_restore |
| |
| router_destroy |
| |
| h2_destroy |
| h1_destroy |
| |
| vrf_cleanup |
| |
| kill_mcd |
| } |
| |
| ping_ipv4() |
| { |
| ping_test $h1 198.51.100.2 |
| } |
| |
| ping_ipv6() |
| { |
| ping6_test $h1 2001:db8:2::2 |
| } |
| |
| sip_in_class_e() |
| { |
| RET=0 |
| |
| # Disable rpfilter to prevent packets to be dropped because of it. |
| sysctl_set net.ipv4.conf.all.rp_filter 0 |
| sysctl_set net.ipv4.conf.$rp1.rp_filter 0 |
| |
| tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \ |
| flower src_ip 240.0.0.1 ip_proto udp action pass |
| |
| $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \ |
| -A 240.0.0.1 -b $rp1mac -B 198.51.100.2 -q |
| |
| tc_check_packets "dev $rp2 egress" 101 5 |
| check_err $? "Packets were dropped" |
| |
| log_test "Source IP in class E" |
| |
| tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower |
| sysctl_restore net.ipv4.conf.$rp1.rp_filter |
| sysctl_restore net.ipv4.conf.all.rp_filter |
| } |
| |
| create_mcast_sg() |
| { |
| local if_name=$1; shift |
| local s_addr=$1; shift |
| local mcast=$1; shift |
| local dest_ifs=${@} |
| |
| $MC_CLI -I $table_name add $if_name $s_addr $mcast $dest_ifs |
| } |
| |
| delete_mcast_sg() |
| { |
| local if_name=$1; shift |
| local s_addr=$1; shift |
| local mcast=$1; shift |
| local dest_ifs=${@} |
| |
| $MC_CLI -I $table_name remove $if_name $s_addr $mcast $dest_ifs |
| } |
| |
| __mc_mac_mismatch() |
| { |
| local desc=$1; shift |
| local proto=$1; shift |
| local sip=$1; shift |
| local dip=$1; shift |
| local flags=${1:-""}; shift |
| local dmac=01:02:03:04:05:06 |
| |
| RET=0 |
| |
| tc filter add dev $rp2 egress protocol $proto pref 1 handle 101 \ |
| flower dst_ip $dip action pass |
| |
| create_mcast_sg $rp1 $sip $dip $rp2 |
| |
| $MZ $flags $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $dmac \ |
| -B $dip -q |
| |
| tc_check_packets "dev $rp2 egress" 101 5 |
| check_err $? "Packets were dropped" |
| |
| log_test "Multicast MAC mismatch: $desc" |
| |
| delete_mcast_sg $rp1 $sip $dip $rp2 |
| tc filter del dev $rp2 egress protocol $proto pref 1 handle 101 flower |
| } |
| |
| mc_mac_mismatch() |
| { |
| __mc_mac_mismatch "IPv4" "ip" 192.0.2.2 225.1.2.3 |
| __mc_mac_mismatch "IPv6" "ipv6" 2001:db8:1::2 ff0e::3 "-6" |
| } |
| |
| ipv4_sip_equal_dip() |
| { |
| RET=0 |
| |
| # Disable rpfilter to prevent packets to be dropped because of it. |
| sysctl_set net.ipv4.conf.all.rp_filter 0 |
| sysctl_set net.ipv4.conf.$rp1.rp_filter 0 |
| |
| tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \ |
| flower src_ip 198.51.100.2 action pass |
| |
| $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \ |
| -A 198.51.100.2 -b $rp1mac -B 198.51.100.2 -q |
| |
| tc_check_packets "dev $rp2 egress" 101 5 |
| check_err $? "Packets were dropped" |
| |
| log_test "Source IP is equal to destination IP: IPv4" |
| |
| tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower |
| sysctl_restore net.ipv4.conf.$rp1.rp_filter |
| sysctl_restore net.ipv4.conf.all.rp_filter |
| } |
| |
| ipv6_sip_equal_dip() |
| { |
| RET=0 |
| |
| tc filter add dev $rp2 egress protocol ipv6 pref 1 handle 101 \ |
| flower src_ip 2001:db8:2::2 action pass |
| |
| $MZ -6 $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \ |
| -A 2001:db8:2::2 -b $rp1mac -B 2001:db8:2::2 -q |
| |
| tc_check_packets "dev $rp2 egress" 101 5 |
| check_err $? "Packets were dropped" |
| |
| log_test "Source IP is equal to destination IP: IPv6" |
| |
| tc filter del dev $rp2 egress protocol ipv6 pref 1 handle 101 flower |
| } |
| |
| ipv4_dip_link_local() |
| { |
| local dip=169.254.1.1 |
| |
| RET=0 |
| |
| tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \ |
| flower dst_ip $dip action pass |
| |
| ip neigh add 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2 |
| ip route add 169.254.1.0/24 dev $rp2 |
| |
| $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $rp1mac -B $dip -q |
| |
| tc_check_packets "dev $rp2 egress" 101 5 |
| check_err $? "Packets were dropped" |
| |
| log_test "IPv4 destination IP is link-local" |
| |
| ip route del 169.254.1.0/24 dev $rp2 |
| ip neigh del 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2 |
| tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower |
| } |
| |
| trap cleanup EXIT |
| |
| setup_prepare |
| setup_wait |
| |
| tests_run |
| |
| exit $EXIT_STATUS |
