0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022 ALL_TESTS="
0023 ping_ipv4
0024 ping_ipv6
0025 sip_in_class_e
0026 mc_mac_mismatch
0027 ipv4_sip_equal_dip
0028 ipv6_sip_equal_dip
0029 ipv4_dip_link_local
0030 "
0031
0032 NUM_NETIFS=4
0033 source lib.sh
0034 source tc_common.sh
0035
0036 require_command $MCD
0037 require_command $MC_CLI
0038 table_name=selftests
0039
0040 h1_create()
0041 {
0042 vrf_create "vrf-h1"
0043 ip link set dev $h1 master vrf-h1
0044
0045 ip link set dev vrf-h1 up
0046 ip link set dev $h1 up
0047
0048 ip address add 192.0.2.2/24 dev $h1
0049 ip address add 2001:db8:1::2/64 dev $h1
0050
0051 ip route add 198.51.100.0/24 vrf vrf-h1 nexthop via 192.0.2.1
0052 ip route add 2001:db8:2::/64 vrf vrf-h1 nexthop via 2001:db8:1::1
0053 }
0054
0055 h1_destroy()
0056 {
0057 ip route del 2001:db8:2::/64 vrf vrf-h1
0058 ip route del 198.51.100.0/24 vrf vrf-h1
0059
0060 ip address del 2001:db8:1::2/64 dev $h1
0061 ip address del 192.0.2.2/24 dev $h1
0062
0063 ip link set dev $h1 down
0064 vrf_destroy "vrf-h1"
0065 }
0066
0067 h2_create()
0068 {
0069 vrf_create "vrf-h2"
0070 ip link set dev $h2 master vrf-h2
0071
0072 ip link set dev vrf-h2 up
0073 ip link set dev $h2 up
0074
0075 ip address add 198.51.100.2/24 dev $h2
0076 ip address add 2001:db8:2::2/64 dev $h2
0077
0078 ip route add 192.0.2.0/24 vrf vrf-h2 nexthop via 198.51.100.1
0079 ip route add 2001:db8:1::/64 vrf vrf-h2 nexthop via 2001:db8:2::1
0080 }
0081
0082 h2_destroy()
0083 {
0084 ip route del 2001:db8:1::/64 vrf vrf-h2
0085 ip route del 192.0.2.0/24 vrf vrf-h2
0086
0087 ip address del 2001:db8:2::2/64 dev $h2
0088 ip address del 198.51.100.2/24 dev $h2
0089
0090 ip link set dev $h2 down
0091 vrf_destroy "vrf-h2"
0092 }
0093
0094 router_create()
0095 {
0096 ip link set dev $rp1 up
0097 ip link set dev $rp2 up
0098
0099 tc qdisc add dev $rp2 clsact
0100
0101 ip address add 192.0.2.1/24 dev $rp1
0102 ip address add 2001:db8:1::1/64 dev $rp1
0103
0104 ip address add 198.51.100.1/24 dev $rp2
0105 ip address add 2001:db8:2::1/64 dev $rp2
0106 }
0107
0108 router_destroy()
0109 {
0110 ip address del 2001:db8:2::1/64 dev $rp2
0111 ip address del 198.51.100.1/24 dev $rp2
0112
0113 ip address del 2001:db8:1::1/64 dev $rp1
0114 ip address del 192.0.2.1/24 dev $rp1
0115
0116 tc qdisc del dev $rp2 clsact
0117
0118 ip link set dev $rp2 down
0119 ip link set dev $rp1 down
0120 }
0121
0122 start_mcd()
0123 {
0124 SMCROUTEDIR="$(mktemp -d)"
0125
0126 for ((i = 1; i <= $NUM_NETIFS; ++i)); do
0127 echo "phyint ${NETIFS[p$i]} enable" >> \
0128 $SMCROUTEDIR/$table_name.conf
0129 done
0130
0131 $MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \
0132 -P $SMCROUTEDIR/$table_name.pid
0133 }
0134
0135 kill_mcd()
0136 {
0137 pkill $MCD
0138 rm -rf $SMCROUTEDIR
0139 }
0140
0141 setup_prepare()
0142 {
0143 h1=${NETIFS[p1]}
0144 rp1=${NETIFS[p2]}
0145
0146 rp2=${NETIFS[p3]}
0147 h2=${NETIFS[p4]}
0148
0149 rp1mac=$(mac_get $rp1)
0150
0151 start_mcd
0152
0153 vrf_prepare
0154
0155 h1_create
0156 h2_create
0157
0158 router_create
0159
0160 forwarding_enable
0161 }
0162
0163 cleanup()
0164 {
0165 pre_cleanup
0166
0167 forwarding_restore
0168
0169 router_destroy
0170
0171 h2_destroy
0172 h1_destroy
0173
0174 vrf_cleanup
0175
0176 kill_mcd
0177 }
0178
0179 ping_ipv4()
0180 {
0181 ping_test $h1 198.51.100.2
0182 }
0183
0184 ping_ipv6()
0185 {
0186 ping6_test $h1 2001:db8:2::2
0187 }
0188
0189 sip_in_class_e()
0190 {
0191 RET=0
0192
0193
0194 sysctl_set net.ipv4.conf.all.rp_filter 0
0195 sysctl_set net.ipv4.conf.$rp1.rp_filter 0
0196
0197 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
0198 flower src_ip 240.0.0.1 ip_proto udp action pass
0199
0200 $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
0201 -A 240.0.0.1 -b $rp1mac -B 198.51.100.2 -q
0202
0203 tc_check_packets "dev $rp2 egress" 101 5
0204 check_err $? "Packets were dropped"
0205
0206 log_test "Source IP in class E"
0207
0208 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
0209 sysctl_restore net.ipv4.conf.$rp1.rp_filter
0210 sysctl_restore net.ipv4.conf.all.rp_filter
0211 }
0212
0213 create_mcast_sg()
0214 {
0215 local if_name=$1; shift
0216 local s_addr=$1; shift
0217 local mcast=$1; shift
0218 local dest_ifs=${@}
0219
0220 $MC_CLI -I $table_name add $if_name $s_addr $mcast $dest_ifs
0221 }
0222
0223 delete_mcast_sg()
0224 {
0225 local if_name=$1; shift
0226 local s_addr=$1; shift
0227 local mcast=$1; shift
0228 local dest_ifs=${@}
0229
0230 $MC_CLI -I $table_name remove $if_name $s_addr $mcast $dest_ifs
0231 }
0232
0233 __mc_mac_mismatch()
0234 {
0235 local desc=$1; shift
0236 local proto=$1; shift
0237 local sip=$1; shift
0238 local dip=$1; shift
0239 local flags=${1:-""}; shift
0240 local dmac=01:02:03:04:05:06
0241
0242 RET=0
0243
0244 tc filter add dev $rp2 egress protocol $proto pref 1 handle 101 \
0245 flower dst_ip $dip action pass
0246
0247 create_mcast_sg $rp1 $sip $dip $rp2
0248
0249 $MZ $flags $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $dmac \
0250 -B $dip -q
0251
0252 tc_check_packets "dev $rp2 egress" 101 5
0253 check_err $? "Packets were dropped"
0254
0255 log_test "Multicast MAC mismatch: $desc"
0256
0257 delete_mcast_sg $rp1 $sip $dip $rp2
0258 tc filter del dev $rp2 egress protocol $proto pref 1 handle 101 flower
0259 }
0260
0261 mc_mac_mismatch()
0262 {
0263 __mc_mac_mismatch "IPv4" "ip" 192.0.2.2 225.1.2.3
0264 __mc_mac_mismatch "IPv6" "ipv6" 2001:db8:1::2 ff0e::3 "-6"
0265 }
0266
0267 ipv4_sip_equal_dip()
0268 {
0269 RET=0
0270
0271
0272 sysctl_set net.ipv4.conf.all.rp_filter 0
0273 sysctl_set net.ipv4.conf.$rp1.rp_filter 0
0274
0275 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
0276 flower src_ip 198.51.100.2 action pass
0277
0278 $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
0279 -A 198.51.100.2 -b $rp1mac -B 198.51.100.2 -q
0280
0281 tc_check_packets "dev $rp2 egress" 101 5
0282 check_err $? "Packets were dropped"
0283
0284 log_test "Source IP is equal to destination IP: IPv4"
0285
0286 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
0287 sysctl_restore net.ipv4.conf.$rp1.rp_filter
0288 sysctl_restore net.ipv4.conf.all.rp_filter
0289 }
0290
0291 ipv6_sip_equal_dip()
0292 {
0293 RET=0
0294
0295 tc filter add dev $rp2 egress protocol ipv6 pref 1 handle 101 \
0296 flower src_ip 2001:db8:2::2 action pass
0297
0298 $MZ -6 $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
0299 -A 2001:db8:2::2 -b $rp1mac -B 2001:db8:2::2 -q
0300
0301 tc_check_packets "dev $rp2 egress" 101 5
0302 check_err $? "Packets were dropped"
0303
0304 log_test "Source IP is equal to destination IP: IPv6"
0305
0306 tc filter del dev $rp2 egress protocol ipv6 pref 1 handle 101 flower
0307 }
0308
0309 ipv4_dip_link_local()
0310 {
0311 local dip=169.254.1.1
0312
0313 RET=0
0314
0315 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
0316 flower dst_ip $dip action pass
0317
0318 ip neigh add 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
0319 ip route add 169.254.1.0/24 dev $rp2
0320
0321 $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $rp1mac -B $dip -q
0322
0323 tc_check_packets "dev $rp2 egress" 101 5
0324 check_err $? "Packets were dropped"
0325
0326 log_test "IPv4 destination IP is link-local"
0327
0328 ip route del 169.254.1.0/24 dev $rp2
0329 ip neigh del 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
0330 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
0331 }
0332
0333 trap cleanup EXIT
0334
0335 setup_prepare
0336 setup_wait
0337
0338 tests_run
0339
0340 exit $EXIT_STATUS
