xref: /openbmc/linux/tools/testing/selftests/net/icmp.sh (revision 8be98d2f2a0a262f8bf8a0bc1fdf522b3c7aab17) 
1*7e9838b7SToke Høiland-Jørgensen#!/bin/bash
2*7e9838b7SToke Høiland-Jørgensen# SPDX-License-Identifier: GPL-2.0
3*7e9838b7SToke Høiland-Jørgensen
4*7e9838b7SToke Høiland-Jørgensen# Test for checking ICMP response with dummy address instead of 0.0.0.0.
5*7e9838b7SToke Høiland-Jørgensen# Sets up two namespaces like:
6*7e9838b7SToke Høiland-Jørgensen# +----------------------+                          +--------------------+
7*7e9838b7SToke Høiland-Jørgensen# | ns1                  |    v4-via-v6 routes:     | ns2                |
8*7e9838b7SToke Høiland-Jørgensen# |                      |                  '       |                    |
9*7e9838b7SToke Høiland-Jørgensen# |             +--------+   -> 172.16.1.0/24 ->    +--------+           |
10*7e9838b7SToke Høiland-Jørgensen# |             | veth0  +--------------------------+  veth0 |           |
11*7e9838b7SToke Høiland-Jørgensen# |             +--------+   <- 172.16.0.0/24 <-    +--------+           |
12*7e9838b7SToke Høiland-Jørgensen# |           172.16.0.1 |                          | 2001:db8:1::2/64   |
13*7e9838b7SToke Høiland-Jørgensen# |     2001:db8:1::2/64 |                          |                    |
14*7e9838b7SToke Høiland-Jørgensen# +----------------------+                          +--------------------+
15*7e9838b7SToke Høiland-Jørgensen#
16*7e9838b7SToke Høiland-Jørgensen# And then tries to ping 172.16.1.1 from ns1. This results in a "net
17*7e9838b7SToke Høiland-Jørgensen# unreachable" message being sent from ns2, but there is no IPv4 address set in
18*7e9838b7SToke Høiland-Jørgensen# that address space, so the kernel should substitute the dummy address
19*7e9838b7SToke Høiland-Jørgensen# 192.0.0.8 defined in RFC7600.
20*7e9838b7SToke Høiland-Jørgensen
21*7e9838b7SToke Høiland-JørgensenNS1=ns1
22*7e9838b7SToke Høiland-JørgensenNS2=ns2
23*7e9838b7SToke Høiland-JørgensenH1_IP=172.16.0.1/32
24*7e9838b7SToke Høiland-JørgensenH1_IP6=2001:db8:1::1
25*7e9838b7SToke Høiland-JørgensenRT1=172.16.1.0/24
26*7e9838b7SToke Høiland-JørgensenPINGADDR=172.16.1.1
27*7e9838b7SToke Høiland-JørgensenRT2=172.16.0.0/24
28*7e9838b7SToke Høiland-JørgensenH2_IP6=2001:db8:1::2
29*7e9838b7SToke Høiland-Jørgensen
30*7e9838b7SToke Høiland-JørgensenTMPFILE=$(mktemp)
31*7e9838b7SToke Høiland-Jørgensen
32*7e9838b7SToke Høiland-Jørgensencleanup()
33*7e9838b7SToke Høiland-Jørgensen{
34*7e9838b7SToke Høiland-Jørgensen    rm -f "$TMPFILE"
35*7e9838b7SToke Høiland-Jørgensen    ip netns del $NS1
36*7e9838b7SToke Høiland-Jørgensen    ip netns del $NS2
37*7e9838b7SToke Høiland-Jørgensen}
38*7e9838b7SToke Høiland-Jørgensen
39*7e9838b7SToke Høiland-Jørgensentrap cleanup EXIT
40*7e9838b7SToke Høiland-Jørgensen
41*7e9838b7SToke Høiland-Jørgensen# Namespaces
42*7e9838b7SToke Høiland-Jørgensenip netns add $NS1
43*7e9838b7SToke Høiland-Jørgensenip netns add $NS2
44*7e9838b7SToke Høiland-Jørgensen
45*7e9838b7SToke Høiland-Jørgensen# Connectivity
46*7e9838b7SToke Høiland-Jørgensenip -netns $NS1 link add veth0 type veth peer name veth0 netns $NS2
47*7e9838b7SToke Høiland-Jørgensenip -netns $NS1 link set dev veth0 up
48*7e9838b7SToke Høiland-Jørgensenip -netns $NS2 link set dev veth0 up
49*7e9838b7SToke Høiland-Jørgensenip -netns $NS1 addr add $H1_IP dev veth0
50*7e9838b7SToke Høiland-Jørgensenip -netns $NS1 addr add $H1_IP6/64 dev veth0 nodad
51*7e9838b7SToke Høiland-Jørgensenip -netns $NS2 addr add $H2_IP6/64 dev veth0 nodad
52*7e9838b7SToke Høiland-Jørgensenip -netns $NS1 route add $RT1 via inet6 $H2_IP6
53*7e9838b7SToke Høiland-Jørgensenip -netns $NS2 route add $RT2 via inet6 $H1_IP6
54*7e9838b7SToke Høiland-Jørgensen
55*7e9838b7SToke Høiland-Jørgensen# Make sure ns2 will respond with ICMP unreachable
56*7e9838b7SToke Høiland-Jørgensenip netns exec $NS2 sysctl -qw net.ipv4.icmp_ratelimit=0 net.ipv4.ip_forward=1
57*7e9838b7SToke Høiland-Jørgensen
58*7e9838b7SToke Høiland-Jørgensen# Run the test - a ping runs in the background, and we capture ICMP responses
59*7e9838b7SToke Høiland-Jørgensen# with tcpdump; -c 1 means it should exit on the first ping, but add a timeout
60*7e9838b7SToke Høiland-Jørgensen# in case something goes wrong
61*7e9838b7SToke Høiland-Jørgensenip netns exec $NS1 ping -w 3 -i 0.5 $PINGADDR >/dev/null &
62*7e9838b7SToke Høiland-Jørgensenip netns exec $NS1 timeout 10 tcpdump -tpni veth0 -c 1 'icmp and icmp[icmptype] != icmp-echo' > $TMPFILE 2>/dev/null
63*7e9838b7SToke Høiland-Jørgensen
64*7e9838b7SToke Høiland-Jørgensen# Parse response and check for dummy address
65*7e9838b7SToke Høiland-Jørgensen# tcpdump output looks like:
66*7e9838b7SToke Høiland-Jørgensen# IP 192.0.0.8 > 172.16.0.1: ICMP net 172.16.1.1 unreachable, length 92
67*7e9838b7SToke Høiland-JørgensenRESP_IP=$(awk '{print $2}' < $TMPFILE)
68*7e9838b7SToke Høiland-Jørgensenif [[ "$RESP_IP" != "192.0.0.8" ]]; then
69*7e9838b7SToke Høiland-Jørgensen    echo "FAIL - got ICMP response from $RESP_IP, should be 192.0.0.8"
70*7e9838b7SToke Høiland-Jørgensen    exit 1
71*7e9838b7SToke Høiland-Jørgensenelse
72*7e9838b7SToke Høiland-Jørgensen    echo "OK"
73*7e9838b7SToke Høiland-Jørgensen    exit 0
74*7e9838b7SToke Høiland-Jørgensenfi
75