blob: c899b446acb624735b6dcb08fd8d415a049d6ed3 [file] [log] [blame]
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# 2 namespaces: one host and one router. Use arping from the host to send a
# garp to the router. Router accepts or ignores based on its arp_accept
# or accept_untracked_na configuration.
TESTS="arp ndisc"
ROUTER_NS="ns-router"
ROUTER_NS_V6="ns-router-v6"
ROUTER_INTF="veth-router"
ROUTER_ADDR="10.0.10.1"
ROUTER_ADDR_V6="2001:db8:abcd:0012::1"
HOST_NS="ns-host"
HOST_NS_V6="ns-host-v6"
HOST_INTF="veth-host"
HOST_ADDR="10.0.10.2"
HOST_ADDR_V6="2001:db8:abcd:0012::2"
SUBNET_WIDTH=24
PREFIX_WIDTH_V6=64
cleanup() {
ip netns del ${HOST_NS}
ip netns del ${ROUTER_NS}
}
cleanup_v6() {
ip netns del ${HOST_NS_V6}
ip netns del ${ROUTER_NS_V6}
}
setup() {
set -e
local arp_accept=$1
# Set up two namespaces
ip netns add ${ROUTER_NS}
ip netns add ${HOST_NS}
# Set up interfaces veth0 and veth1, which are pairs in separate
# namespaces. veth0 is veth-router, veth1 is veth-host.
# first, set up the inteface's link to the namespace
# then, set the interface "up"
ip netns exec ${ROUTER_NS} ip link add name ${ROUTER_INTF} \
type veth peer name ${HOST_INTF}
ip netns exec ${ROUTER_NS} ip link set dev ${ROUTER_INTF} up
ip netns exec ${ROUTER_NS} ip link set dev ${HOST_INTF} netns ${HOST_NS}
ip netns exec ${HOST_NS} ip link set dev ${HOST_INTF} up
ip netns exec ${ROUTER_NS} ip addr add ${ROUTER_ADDR}/${SUBNET_WIDTH} \
dev ${ROUTER_INTF}
ip netns exec ${HOST_NS} ip addr add ${HOST_ADDR}/${SUBNET_WIDTH} \
dev ${HOST_INTF}
ip netns exec ${HOST_NS} ip route add default via ${HOST_ADDR} \
dev ${HOST_INTF}
ip netns exec ${ROUTER_NS} ip route add default via ${ROUTER_ADDR} \
dev ${ROUTER_INTF}
ROUTER_CONF=net.ipv4.conf.${ROUTER_INTF}
ip netns exec ${ROUTER_NS} sysctl -w \
${ROUTER_CONF}.arp_accept=${arp_accept} >/dev/null 2>&1
set +e
}
setup_v6() {
set -e
local accept_untracked_na=$1
# Set up two namespaces
ip netns add ${ROUTER_NS_V6}
ip netns add ${HOST_NS_V6}
# Set up interfaces veth0 and veth1, which are pairs in separate
# namespaces. veth0 is veth-router, veth1 is veth-host.
# first, set up the inteface's link to the namespace
# then, set the interface "up"
ip -6 -netns ${ROUTER_NS_V6} link add name ${ROUTER_INTF} \
type veth peer name ${HOST_INTF}
ip -6 -netns ${ROUTER_NS_V6} link set dev ${ROUTER_INTF} up
ip -6 -netns ${ROUTER_NS_V6} link set dev ${HOST_INTF} netns \
${HOST_NS_V6}
ip -6 -netns ${HOST_NS_V6} link set dev ${HOST_INTF} up
ip -6 -netns ${ROUTER_NS_V6} addr add \
${ROUTER_ADDR_V6}/${PREFIX_WIDTH_V6} dev ${ROUTER_INTF} nodad
HOST_CONF=net.ipv6.conf.${HOST_INTF}
ip netns exec ${HOST_NS_V6} sysctl -qw ${HOST_CONF}.ndisc_notify=1
ip netns exec ${HOST_NS_V6} sysctl -qw ${HOST_CONF}.disable_ipv6=0
ip -6 -netns ${HOST_NS_V6} addr add ${HOST_ADDR_V6}/${PREFIX_WIDTH_V6} \
dev ${HOST_INTF}
ROUTER_CONF=net.ipv6.conf.${ROUTER_INTF}
ip netns exec ${ROUTER_NS_V6} sysctl -w \
${ROUTER_CONF}.forwarding=1 >/dev/null 2>&1
ip netns exec ${ROUTER_NS_V6} sysctl -w \
${ROUTER_CONF}.drop_unsolicited_na=0 >/dev/null 2>&1
ip netns exec ${ROUTER_NS_V6} sysctl -w \
${ROUTER_CONF}.accept_untracked_na=${accept_untracked_na} \
>/dev/null 2>&1
set +e
}
verify_arp() {
local arp_accept=$1
local same_subnet=$2
neigh_show_output=$(ip netns exec ${ROUTER_NS} ip neigh get \
${HOST_ADDR} dev ${ROUTER_INTF} 2>/dev/null)
if [ ${arp_accept} -eq 1 ]; then
# Neighbor entries expected
[[ ${neigh_show_output} ]]
elif [ ${arp_accept} -eq 2 ]; then
if [ ${same_subnet} -eq 1 ]; then
# Neighbor entries expected
[[ ${neigh_show_output} ]]
else
[[ -z "${neigh_show_output}" ]]
fi
else
[[ -z "${neigh_show_output}" ]]
fi
}
arp_test_gratuitous() {
set -e
local arp_accept=$1
local same_subnet=$2
if [ ${arp_accept} -eq 2 ]; then
test_msg=("test_arp: "
"accept_arp=$1 "
"same_subnet=$2")
if [ ${same_subnet} -eq 0 ]; then
HOST_ADDR=10.0.11.3
else
HOST_ADDR=10.0.10.3
fi
else
test_msg=("test_arp: "
"accept_arp=$1")
fi
# Supply arp_accept option to set up which sets it in sysctl
setup ${arp_accept}
ip netns exec ${HOST_NS} arping -A -U ${HOST_ADDR} -c1 2>&1 >/dev/null
if verify_arp $1 $2; then
printf " TEST: %-60s [ OK ]\n" "${test_msg[*]}"
else
printf " TEST: %-60s [FAIL]\n" "${test_msg[*]}"
fi
cleanup
set +e
}
arp_test_gratuitous_combinations() {
arp_test_gratuitous 0
arp_test_gratuitous 1
arp_test_gratuitous 2 0 # Second entry indicates subnet or not
arp_test_gratuitous 2 1
}
cleanup_tcpdump() {
set -e
[[ ! -z ${tcpdump_stdout} ]] && rm -f ${tcpdump_stdout}
[[ ! -z ${tcpdump_stderr} ]] && rm -f ${tcpdump_stderr}
tcpdump_stdout=
tcpdump_stderr=
set +e
}
start_tcpdump() {
set -e
tcpdump_stdout=`mktemp`
tcpdump_stderr=`mktemp`
ip netns exec ${ROUTER_NS_V6} timeout 15s \
tcpdump --immediate-mode -tpni ${ROUTER_INTF} -c 1 \
"icmp6 && icmp6[0] == 136 && src ${HOST_ADDR_V6}" \
> ${tcpdump_stdout} 2> /dev/null
set +e
}
verify_ndisc() {
local accept_untracked_na=$1
local same_subnet=$2
neigh_show_output=$(ip -6 -netns ${ROUTER_NS_V6} neigh show \
to ${HOST_ADDR_V6} dev ${ROUTER_INTF} nud stale)
if [ ${accept_untracked_na} -eq 1 ]; then
# Neighbour entry expected to be present
[[ ${neigh_show_output} ]]
elif [ ${accept_untracked_na} -eq 2 ]; then
if [ ${same_subnet} -eq 1 ]; then
[[ ${neigh_show_output} ]]
else
[[ -z "${neigh_show_output}" ]]
fi
else
# Neighbour entry expected to be absent for all other cases
[[ -z "${neigh_show_output}" ]]
fi
}
ndisc_test_untracked_advertisements() {
set -e
test_msg=("test_ndisc: "
"accept_untracked_na=$1")
local accept_untracked_na=$1
local same_subnet=$2
if [ ${accept_untracked_na} -eq 2 ]; then
test_msg=("test_ndisc: "
"accept_untracked_na=$1 "
"same_subnet=$2")
if [ ${same_subnet} -eq 0 ]; then
# Not same subnet
HOST_ADDR_V6=2000:db8:abcd:0013::4
else
HOST_ADDR_V6=2001:db8:abcd:0012::3
fi
fi
setup_v6 $1 $2
start_tcpdump
if verify_ndisc $1 $2; then
printf " TEST: %-60s [ OK ]\n" "${test_msg[*]}"
else
printf " TEST: %-60s [FAIL]\n" "${test_msg[*]}"
fi
cleanup_tcpdump
cleanup_v6
set +e
}
ndisc_test_untracked_combinations() {
ndisc_test_untracked_advertisements 0
ndisc_test_untracked_advertisements 1
ndisc_test_untracked_advertisements 2 0
ndisc_test_untracked_advertisements 2 1
}
################################################################################
# usage
usage()
{
cat <<EOF
usage: ${0##*/} OPTS
-t <test> Test(s) to run (default: all)
(options: $TESTS)
EOF
}
################################################################################
# main
while getopts ":t:h" opt; do
case $opt in
t) TESTS=$OPTARG;;
h) usage; exit 0;;
*) usage; exit 1;;
esac
done
if [ "$(id -u)" -ne 0 ];then
echo "SKIP: Need root privileges"
exit $ksft_skip;
fi
if [ ! -x "$(command -v ip)" ]; then
echo "SKIP: Could not run test without ip tool"
exit $ksft_skip
fi
if [ ! -x "$(command -v tcpdump)" ]; then
echo "SKIP: Could not run test without tcpdump tool"
exit $ksft_skip
fi
if [ ! -x "$(command -v arping)" ]; then
echo "SKIP: Could not run test without arping tool"
exit $ksft_skip
fi
# start clean
cleanup &> /dev/null
cleanup_v6 &> /dev/null
for t in $TESTS
do
case $t in
arp_test_gratuitous_combinations|arp) arp_test_gratuitous_combinations;;
ndisc_test_untracked_combinations|ndisc) \
ndisc_test_untracked_combinations;;
help) echo "Test names: $TESTS"; exit 0;;
esac
done