1#!/bin/sh 2# SPDX-License-Identifier: GPL-2.0 3# 4# Run a couple of IP defragmentation tests. 5 6set +x 7set -e 8 9readonly NETNS="ns-$(mktemp -u XXXXXX)" 10 11setup() { 12 ip netns add "${NETNS}" 13 ip -netns "${NETNS}" link set lo up 14 15 ip netns exec "${NETNS}" sysctl -w net.ipv4.ipfrag_high_thresh=9000000 >/dev/null 2>&1 16 ip netns exec "${NETNS}" sysctl -w net.ipv4.ipfrag_low_thresh=7000000 >/dev/null 2>&1 17 ip netns exec "${NETNS}" sysctl -w net.ipv4.ipfrag_time=1 >/dev/null 2>&1 18 19 ip netns exec "${NETNS}" sysctl -w net.ipv6.ip6frag_high_thresh=9000000 >/dev/null 2>&1 20 ip netns exec "${NETNS}" sysctl -w net.ipv6.ip6frag_low_thresh=7000000 >/dev/null 2>&1 21 ip netns exec "${NETNS}" sysctl -w net.ipv6.ip6frag_time=1 >/dev/null 2>&1 22 23 ip netns exec "${NETNS}" sysctl -w net.netfilter.nf_conntrack_frag6_high_thresh=9000000 >/dev/null 2>&1 24 ip netns exec "${NETNS}" sysctl -w net.netfilter.nf_conntrack_frag6_low_thresh=7000000 >/dev/null 2>&1 25 ip netns exec "${NETNS}" sysctl -w net.netfilter.nf_conntrack_frag6_timeout=1 >/dev/null 2>&1 26 27 # DST cache can get full with a lot of frags, with GC not keeping up with the test. 28 ip netns exec "${NETNS}" sysctl -w net.ipv6.route.max_size=65536 >/dev/null 2>&1 29} 30 31cleanup() { 32 ip netns del "${NETNS}" 33} 34 35trap cleanup EXIT 36setup 37 38echo "ipv4 defrag" 39ip netns exec "${NETNS}" ./ip_defrag -4 40 41echo "ipv4 defrag with overlaps" 42ip netns exec "${NETNS}" ./ip_defrag -4o 43 44echo "ipv6 defrag" 45ip netns exec "${NETNS}" ./ip_defrag -6 46 47echo "ipv6 defrag with overlaps" 48ip netns exec "${NETNS}" ./ip_defrag -6o 49 50# insert an nf_conntrack rule so that the codepath in nf_conntrack_reasm.c taken 51ip netns exec "${NETNS}" ip6tables -A INPUT -m conntrack --ctstate INVALID -j ACCEPT 52 53echo "ipv6 nf_conntrack defrag" 54ip netns exec "${NETNS}" ./ip_defrag -6 55 56echo "ipv6 nf_conntrack defrag with overlaps" 57# netfilter will drop some invalid packets, so we run the test in 58# permissive mode: i.e. pass the test if the packet is correctly assembled 59# even if we sent an overlap 60ip netns exec "${NETNS}" ./ip_defrag -6op 61 62echo "all tests done" 63