| #!/bin/bash |
| # SPDX-License-Identifier: GPL-2.0 |
| # |
| # 2 namespaces: one host and one router. Use arping from the host to send a |
| # garp to the router. Router accepts or ignores based on its arp_accept |
| # or accept_untracked_na configuration. |
| |
| TESTS="arp ndisc" |
| |
| ROUTER_NS="ns-router" |
| ROUTER_NS_V6="ns-router-v6" |
| ROUTER_INTF="veth-router" |
| ROUTER_ADDR="10.0.10.1" |
| ROUTER_ADDR_V6="2001:db8:abcd:0012::1" |
| |
| HOST_NS="ns-host" |
| HOST_NS_V6="ns-host-v6" |
| HOST_INTF="veth-host" |
| HOST_ADDR="10.0.10.2" |
| HOST_ADDR_V6="2001:db8:abcd:0012::2" |
| |
| SUBNET_WIDTH=24 |
| PREFIX_WIDTH_V6=64 |
| |
| cleanup() { |
| ip netns del ${HOST_NS} |
| ip netns del ${ROUTER_NS} |
| } |
| |
| cleanup_v6() { |
| ip netns del ${HOST_NS_V6} |
| ip netns del ${ROUTER_NS_V6} |
| } |
| |
| setup() { |
| set -e |
| local arp_accept=$1 |
| |
| # Set up two namespaces |
| ip netns add ${ROUTER_NS} |
| ip netns add ${HOST_NS} |
| |
| # Set up interfaces veth0 and veth1, which are pairs in separate |
| # namespaces. veth0 is veth-router, veth1 is veth-host. |
| # first, set up the inteface's link to the namespace |
| # then, set the interface "up" |
| ip netns exec ${ROUTER_NS} ip link add name ${ROUTER_INTF} \ |
| type veth peer name ${HOST_INTF} |
| |
| ip netns exec ${ROUTER_NS} ip link set dev ${ROUTER_INTF} up |
| ip netns exec ${ROUTER_NS} ip link set dev ${HOST_INTF} netns ${HOST_NS} |
| |
| ip netns exec ${HOST_NS} ip link set dev ${HOST_INTF} up |
| ip netns exec ${ROUTER_NS} ip addr add ${ROUTER_ADDR}/${SUBNET_WIDTH} \ |
| dev ${ROUTER_INTF} |
| |
| ip netns exec ${HOST_NS} ip addr add ${HOST_ADDR}/${SUBNET_WIDTH} \ |
| dev ${HOST_INTF} |
| ip netns exec ${HOST_NS} ip route add default via ${HOST_ADDR} \ |
| dev ${HOST_INTF} |
| ip netns exec ${ROUTER_NS} ip route add default via ${ROUTER_ADDR} \ |
| dev ${ROUTER_INTF} |
| |
| ROUTER_CONF=net.ipv4.conf.${ROUTER_INTF} |
| ip netns exec ${ROUTER_NS} sysctl -w \ |
| ${ROUTER_CONF}.arp_accept=${arp_accept} >/dev/null 2>&1 |
| set +e |
| } |
| |
| setup_v6() { |
| set -e |
| local accept_untracked_na=$1 |
| |
| # Set up two namespaces |
| ip netns add ${ROUTER_NS_V6} |
| ip netns add ${HOST_NS_V6} |
| |
| # Set up interfaces veth0 and veth1, which are pairs in separate |
| # namespaces. veth0 is veth-router, veth1 is veth-host. |
| # first, set up the inteface's link to the namespace |
| # then, set the interface "up" |
| ip -6 -netns ${ROUTER_NS_V6} link add name ${ROUTER_INTF} \ |
| type veth peer name ${HOST_INTF} |
| |
| ip -6 -netns ${ROUTER_NS_V6} link set dev ${ROUTER_INTF} up |
| ip -6 -netns ${ROUTER_NS_V6} link set dev ${HOST_INTF} netns \ |
| ${HOST_NS_V6} |
| |
| ip -6 -netns ${HOST_NS_V6} link set dev ${HOST_INTF} up |
| ip -6 -netns ${ROUTER_NS_V6} addr add \ |
| ${ROUTER_ADDR_V6}/${PREFIX_WIDTH_V6} dev ${ROUTER_INTF} nodad |
| |
| HOST_CONF=net.ipv6.conf.${HOST_INTF} |
| ip netns exec ${HOST_NS_V6} sysctl -qw ${HOST_CONF}.ndisc_notify=1 |
| ip netns exec ${HOST_NS_V6} sysctl -qw ${HOST_CONF}.disable_ipv6=0 |
| ip -6 -netns ${HOST_NS_V6} addr add ${HOST_ADDR_V6}/${PREFIX_WIDTH_V6} \ |
| dev ${HOST_INTF} |
| |
| ROUTER_CONF=net.ipv6.conf.${ROUTER_INTF} |
| |
| ip netns exec ${ROUTER_NS_V6} sysctl -w \ |
| ${ROUTER_CONF}.forwarding=1 >/dev/null 2>&1 |
| ip netns exec ${ROUTER_NS_V6} sysctl -w \ |
| ${ROUTER_CONF}.drop_unsolicited_na=0 >/dev/null 2>&1 |
| ip netns exec ${ROUTER_NS_V6} sysctl -w \ |
| ${ROUTER_CONF}.accept_untracked_na=${accept_untracked_na} \ |
| >/dev/null 2>&1 |
| set +e |
| } |
| |
| verify_arp() { |
| local arp_accept=$1 |
| local same_subnet=$2 |
| |
| neigh_show_output=$(ip netns exec ${ROUTER_NS} ip neigh get \ |
| ${HOST_ADDR} dev ${ROUTER_INTF} 2>/dev/null) |
| |
| if [ ${arp_accept} -eq 1 ]; then |
| # Neighbor entries expected |
| [[ ${neigh_show_output} ]] |
| elif [ ${arp_accept} -eq 2 ]; then |
| if [ ${same_subnet} -eq 1 ]; then |
| # Neighbor entries expected |
| [[ ${neigh_show_output} ]] |
| else |
| [[ -z "${neigh_show_output}" ]] |
| fi |
| else |
| [[ -z "${neigh_show_output}" ]] |
| fi |
| } |
| |
| arp_test_gratuitous() { |
| set -e |
| local arp_accept=$1 |
| local same_subnet=$2 |
| |
| if [ ${arp_accept} -eq 2 ]; then |
| test_msg=("test_arp: " |
| "accept_arp=$1 " |
| "same_subnet=$2") |
| if [ ${same_subnet} -eq 0 ]; then |
| HOST_ADDR=10.0.11.3 |
| else |
| HOST_ADDR=10.0.10.3 |
| fi |
| else |
| test_msg=("test_arp: " |
| "accept_arp=$1") |
| fi |
| # Supply arp_accept option to set up which sets it in sysctl |
| setup ${arp_accept} |
| ip netns exec ${HOST_NS} arping -A -U ${HOST_ADDR} -c1 2>&1 >/dev/null |
| |
| if verify_arp $1 $2; then |
| printf " TEST: %-60s [ OK ]\n" "${test_msg[*]}" |
| else |
| printf " TEST: %-60s [FAIL]\n" "${test_msg[*]}" |
| fi |
| cleanup |
| set +e |
| } |
| |
| arp_test_gratuitous_combinations() { |
| arp_test_gratuitous 0 |
| arp_test_gratuitous 1 |
| arp_test_gratuitous 2 0 # Second entry indicates subnet or not |
| arp_test_gratuitous 2 1 |
| } |
| |
| cleanup_tcpdump() { |
| set -e |
| [[ ! -z ${tcpdump_stdout} ]] && rm -f ${tcpdump_stdout} |
| [[ ! -z ${tcpdump_stderr} ]] && rm -f ${tcpdump_stderr} |
| tcpdump_stdout= |
| tcpdump_stderr= |
| set +e |
| } |
| |
| start_tcpdump() { |
| set -e |
| tcpdump_stdout=`mktemp` |
| tcpdump_stderr=`mktemp` |
| ip netns exec ${ROUTER_NS_V6} timeout 15s \ |
| tcpdump --immediate-mode -tpni ${ROUTER_INTF} -c 1 \ |
| "icmp6 && icmp6[0] == 136 && src ${HOST_ADDR_V6}" \ |
| > ${tcpdump_stdout} 2> /dev/null |
| set +e |
| } |
| |
| verify_ndisc() { |
| local accept_untracked_na=$1 |
| local same_subnet=$2 |
| |
| neigh_show_output=$(ip -6 -netns ${ROUTER_NS_V6} neigh show \ |
| to ${HOST_ADDR_V6} dev ${ROUTER_INTF} nud stale) |
| |
| if [ ${accept_untracked_na} -eq 1 ]; then |
| # Neighbour entry expected to be present |
| [[ ${neigh_show_output} ]] |
| elif [ ${accept_untracked_na} -eq 2 ]; then |
| if [ ${same_subnet} -eq 1 ]; then |
| [[ ${neigh_show_output} ]] |
| else |
| [[ -z "${neigh_show_output}" ]] |
| fi |
| else |
| # Neighbour entry expected to be absent for all other cases |
| [[ -z "${neigh_show_output}" ]] |
| fi |
| } |
| |
| ndisc_test_untracked_advertisements() { |
| set -e |
| test_msg=("test_ndisc: " |
| "accept_untracked_na=$1") |
| |
| local accept_untracked_na=$1 |
| local same_subnet=$2 |
| if [ ${accept_untracked_na} -eq 2 ]; then |
| test_msg=("test_ndisc: " |
| "accept_untracked_na=$1 " |
| "same_subnet=$2") |
| if [ ${same_subnet} -eq 0 ]; then |
| # Not same subnet |
| HOST_ADDR_V6=2000:db8:abcd:0013::4 |
| else |
| HOST_ADDR_V6=2001:db8:abcd:0012::3 |
| fi |
| fi |
| setup_v6 $1 $2 |
| start_tcpdump |
| |
| if verify_ndisc $1 $2; then |
| printf " TEST: %-60s [ OK ]\n" "${test_msg[*]}" |
| else |
| printf " TEST: %-60s [FAIL]\n" "${test_msg[*]}" |
| fi |
| |
| cleanup_tcpdump |
| cleanup_v6 |
| set +e |
| } |
| |
| ndisc_test_untracked_combinations() { |
| ndisc_test_untracked_advertisements 0 |
| ndisc_test_untracked_advertisements 1 |
| ndisc_test_untracked_advertisements 2 0 |
| ndisc_test_untracked_advertisements 2 1 |
| } |
| |
| ################################################################################ |
| # usage |
| |
| usage() |
| { |
| cat <<EOF |
| usage: ${0##*/} OPTS |
| |
| -t <test> Test(s) to run (default: all) |
| (options: $TESTS) |
| EOF |
| } |
| |
| ################################################################################ |
| # main |
| |
| while getopts ":t:h" opt; do |
| case $opt in |
| t) TESTS=$OPTARG;; |
| h) usage; exit 0;; |
| *) usage; exit 1;; |
| esac |
| done |
| |
| if [ "$(id -u)" -ne 0 ];then |
| echo "SKIP: Need root privileges" |
| exit $ksft_skip; |
| fi |
| |
| if [ ! -x "$(command -v ip)" ]; then |
| echo "SKIP: Could not run test without ip tool" |
| exit $ksft_skip |
| fi |
| |
| if [ ! -x "$(command -v tcpdump)" ]; then |
| echo "SKIP: Could not run test without tcpdump tool" |
| exit $ksft_skip |
| fi |
| |
| if [ ! -x "$(command -v arping)" ]; then |
| echo "SKIP: Could not run test without arping tool" |
| exit $ksft_skip |
| fi |
| |
| # start clean |
| cleanup &> /dev/null |
| cleanup_v6 &> /dev/null |
| |
| for t in $TESTS |
| do |
| case $t in |
| arp_test_gratuitous_combinations|arp) arp_test_gratuitous_combinations;; |
| ndisc_test_untracked_combinations|ndisc) \ |
| ndisc_test_untracked_combinations;; |
| help) echo "Test names: $TESTS"; exit 0;; |
| esac |
| done |