#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# +------------------+
# | H1 (v$h1) |
# | 2001:db8:1::2/64 |
# | 198.51.100.2/28 |
# | $h1 + |
# +-------------|----+
# |
# +-------------|-------------------------------+
# | SW1 | |
# | $rp1 + |
# | 198.51.100.1/28 |
# | 2001:db8:1::1/64 |
# | |
# | 2001:db8:2::1/64 2001:db8:3::1/64 |
# | 198.51.100.17/28 198.51.100.33/28 |
# | $rp2 + $rp3 + |
# +--------------|--------------------------|---+
# | |
# | |
# +--------------|---+ +--------------|---+
# | H2 (v$h2) | | | H3 (v$h3) | |
# | $h2 + | | $h3 + |
# | 198.51.100.18/28 | | 198.51.100.34/28 |
# | 2001:db8:2::2/64 | | 2001:db8:3::2/64 |
# +------------------+ +------------------+
#
ALL_TESTS="mcast_v4 mcast_v6 rpf_v4 rpf_v6"
NUM_NETIFS=6
source lib.sh
source tc_common.sh
require_command $MCD
require_command $MC_CLI
table_name=selftests
h1_create()
{
simple_if_init $h1 198.51.100.2/28 2001:db8:1::2/64
ip route add 198.51.100.16/28 vrf v$h1 nexthop via 198.51.100.1
ip route add 198.51.100.32/28 vrf v$h1 nexthop via 198.51.100.1
ip route add 2001:db8:2::/64 vrf v$h1 nexthop via 2001:db8:1::1
ip route add 2001:db8:3::/64 vrf v$h1 nexthop via 2001:db8:1::1
tc qdisc add dev $h1 ingress
}
h1_destroy()
{
tc qdisc del dev $h1 ingress
ip route del 2001:db8:3::/64 vrf v$h1
ip route del 2001:db8:2::/64 vrf v$h1
ip route del 198.51.100.32/28 vrf v$h1
ip route del 198.51.100.16/28 vrf v$h1
simple_if_fini $h1 198.51.100.2/28 2001:db8:1::2/64
}
h2_create()
{
simple_if_init $h2 198.51.100.18/28 2001:db8:2::2/64
ip route add 198.51.100.0/28 vrf v$h2 nexthop via 198.51.100.17
ip route add 198.51.100.32/28 vrf v$h2 nexthop via 198.51.100.17
ip route add 2001:db8:1::/64 vrf v$h2 nexthop via 2001:db8:2::1
ip route add 2001:db8:3::/64 vrf v$h2 nexthop via 2001:db8:2::1
tc qdisc add dev $h2 ingress
}
h2_destroy()
{
tc qdisc del dev $h2 ingress
ip route del 2001:db8:3::/64 vrf v$h2
ip route del 2001:db8:1::/64 vrf v$h2
ip route del 198.51.100.32/28 vrf v$h2
ip route del 198.51.100.0/28 vrf v$h2
simple_if_fini $h2 198.51.100.18/28 2001:db8:2::2/64
}
h3_create()
{
simple_if_init $h3 198.51.100.34/28 2001:db8:3::2/64
ip route add 198.51.100.0/28 vrf v$h3 nexthop via 198.51.100.33
ip route add 198.51.100.16/28 vrf v$h3 nexthop via 198.51.100.33
ip route add 2001:db8:1::/64 vrf v$h3 nexthop via 2001:db8:3::1
ip route add 2001:db8:2::/64 vrf v$h3 nexthop via 2001:db8:3::1
tc qdisc add dev $h3 ingress
}
h3_destroy()
{
tc qdisc del dev $h3 ingress
ip route del 2001:db8:2::/64 vrf v$h3
ip route del 2001:db8:1::/64 vrf v$h3
ip route del 198.51.100.16/28 vrf v$h3
ip route del 198.51.100.0/28 vrf v$h3
simple_if_fini $h3 198.51.100.34/28 2001:db8:3::2/64
}
router_create()
{
ip link set dev $rp1 up
ip link set dev $rp2 up
ip link set dev $rp3 up
ip address add 198.51.100.1/28 dev $rp1
ip address add 198.51.100.17/28 dev $rp2
ip address add 198.51.100.33/28 dev $rp3
ip address add 2001:db8:1::1/64 dev $rp1
ip address add 2001:db8:2::1/64 dev $rp2
ip address add 2001:db8:3::1/64 dev $rp3
tc qdisc add dev $rp3 ingress
}
router_destroy()
{
tc qdisc del dev $rp3 ingress
ip address del 2001:db8:3::1/64 dev $rp3
ip address del 2001:db8:2::1/64 dev $rp2
ip address del 2001:db8:1::1/64 dev $rp1
ip address del 198.51.100.33/28 dev $rp3
ip address del 198.51.100.17/28 dev $rp2
ip address del 198.51.100.1/28 dev $rp1
ip link set dev $rp3 down
ip link set dev $rp2 down
ip link set dev $rp1 down
}
start_mcd()
{
SMCROUTEDIR="$(mktemp -d)"
for ((i = 1; i <= $NUM_NETIFS; ++i)); do
echo "phyint ${NETIFS[p$i]} enable" >> \
$SMCROUTEDIR/$table_name.conf
done
$MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \
-P $SMCROUTEDIR/$table_name.pid
}
kill_mcd()
{
pkill $MCD
rm -rf $SMCROUTEDIR
}
setup_prepare()
{
h1=${NETIFS[p1]}
rp1=${NETIFS[p2]}
rp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
rp3=${NETIFS[p5]}
h3=${NETIFS[p6]}
start_mcd
vrf_prepare
h1_create
h2_create
h3_create
router_create
forwarding_enable
}
cleanup()
{
pre_cleanup
forwarding_restore
router_destroy
h3_destroy
h2_destroy
h1_destroy
vrf_cleanup
kill_mcd
}
create_mcast_sg()
{
local if_name=$1; shift
local s_addr=$1; shift
local mcast=$1; shift
local dest_ifs=${@}
$MC_CLI -I $table_name add $if_name $s_addr $mcast $dest_ifs
}
delete_mcast_sg()
{
local if_name=$1; shift
local s_addr=$1; shift
local mcast=$1; shift
local dest_ifs=${@}
$MC_CLI -I $table_name remove $if_name $s_addr $mcast $dest_ifs
}
mcast_v4()
{
# Add two interfaces to an MC group, send a packet to the MC group and
# verify packets are received on both. Then delete the route and verify
# packets are no longer received.
RET=0
tc filter add dev $h2 ingress protocol ip pref 1 handle 122 flower \
dst_ip 225.1.2.3 action drop
tc filter add dev $h3 ingress protocol ip pref 1 handle 133 flower \
dst_ip 225.1.2.3 action drop
create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
# Send frames with the corresponding L2 destination address.
$MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
-A 198.51.100.2 -B 225.1.2.3 -q
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast not received on first host"
tc_check_packets "dev $h3 ingress" 133 5
check_err $? "Multicast not received on second host"
delete_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
$MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
-A 198.51.100.2 -B 225.1.2.3 -q
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast received on host although deleted"
tc_check_packets "dev $h3 ingress" 133 5
check_err $? "Multicast received on second host although deleted"
tc filter del dev $h3 ingress protocol ip pref 1 handle 133 flower
tc filter del dev $h2 ingress protocol ip pref 1 handle 122 flower
log_test "mcast IPv4"
}
mcast_v6()
{
# Add two interfaces to an MC group, send a packet to the MC group and
# verify packets are received on both. Then delete the route and verify
# packets are no longer received.
RET=0
tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 122 flower \
dst_ip ff0e::3 action drop
tc filter add dev $h3 ingress protocol ipv6 pref 1 handle 133 flower \
dst_ip ff0e::3 action drop
create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
# Send frames with the corresponding L2 destination address.
$MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
-b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast not received on first host"
tc_check_packets "dev $h3 ingress" 133 5
check_err $? "Multicast not received on second host"
delete_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
$MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
-b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast received on first host although deleted"
tc_check_packets "dev $h3 ingress" 133 5
check_err $? "Multicast received on second host although deleted"
tc filter del dev $h3 ingress protocol ipv6 pref 1 handle 133 flower
tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 122 flower
log_test "mcast IPv6"
}
rpf_v4()
{
# Add a multicast route from first router port to the other two. Send
# matching packets and test that both hosts receive them. Then, send
# the same packets via the third router port and test that they do not
# reach any host due to RPF check. A filter with 'skip_hw' is added to
# test that devices capable of multicast routing offload trap those
# packets. The filter is essentialy a NOP in other scenarios.
RET=0
tc filter add dev $h1 ingress protocol ip pref 1 handle 1 flower \
dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
tc filter add dev $h2 ingress protocol ip pref 1 handle 1 flower \
dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
tc filter add dev $h3 ingress protocol ip pref 1 handle 1 flower \
dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
tc filter add dev $rp3 ingress protocol ip pref 1 handle 1 flower \
skip_hw dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action pass
create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
$MZ $h1 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
-A 198.51.100.2 -B 225.1.2.3 -q
tc_check_packets "dev $h2 ingress" 1 5
check_err $? "Multicast not received on first host"
tc_check_packets "dev $h3 ingress" 1 5
check_err $? "Multicast not received on second host"
$MZ $h3 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
-A 198.51.100.2 -B 225.1.2.3 -q
tc_check_packets "dev $h1 ingress" 1 0
check_err $? "Multicast received on first host when should not"
tc_check_packets "dev $h2 ingress" 1 5
check_err $? "Multicast received on second host when should not"
tc_check_packets "dev $rp3 ingress" 1 5
check_err $? "Packets not trapped due to RPF check"
delete_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
tc filter del dev $rp3 ingress protocol ip pref 1 handle 1 flower
tc filter del dev $h3 ingress protocol ip pref 1 handle 1 flower
tc filter del dev $h2 ingress protocol ip pref 1 handle 1 flower
tc filter del dev $h1 ingress protocol ip pref 1 handle 1 flower
log_test "RPF IPv4"
}
rpf_v6()
{
RET=0
tc filter add dev $h1 ingress protocol ipv6 pref 1 handle 1 flower \
dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 1 flower \
dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
tc filter add dev $h3 ingress protocol ipv6 pref 1 handle 1 flower \
dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
tc filter add dev $rp3 ingress protocol ipv6 pref 1 handle 1 flower \
skip_hw dst_ip ff0e::3 ip_proto udp dst_port 12345 action pass
create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
$MZ $h1 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
-A 2001:db8:1::2 -B ff0e::3 -q
tc_check_packets "dev $h2 ingress" 1 5
check_err $? "Multicast not received on first host"
tc_check_packets "dev $h3 ingress" 1 5
check_err $? "Multicast not received on second host"
$MZ $h3 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
-A 2001:db8:1::2 -B ff0e::3 -q
tc_check_packets "dev $h1 ingress" 1 0
check_err $? "Multicast received on first host when should not"
tc_check_packets "dev $h2 ingress" 1 5
check_err $? "Multicast received on second host when should not"
tc_check_packets "dev $rp3 ingress" 1 5
check_err $? "Packets not trapped due to RPF check"
delete_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
tc filter del dev $rp3 ingress protocol ipv6 pref 1 handle 1 flower
tc filter del dev $h3 ingress protocol ipv6 pref 1 handle 1 flower
tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 1 flower
tc filter del dev $h1 ingress protocol ipv6 pref 1 handle 1 flower
log_test "RPF IPv6"
}
trap cleanup EXIT
setup_prepare
setup_wait
tests_run
exit $EXIT_STATUS