tools/testing/selftests/net/icmp.sh

   1 #!/bin/bash
   2 # SPDX-License-Identifier: GPL-2.0
   3
   4 # Test for checking ICMP response with dummy address instead of 0.0.0.0.
   5 # Sets up two namespaces like:
   6 # +----------------------+                          +--------------------+
   7 # | ns1                  |    v4-via-v6 routes:     | ns2                |
   8 # |                      |                  '       |                    |
   9 # |             +--------+   -> 172.16.1.0/24 ->    +--------+           |
  10 # |             | veth0  +--------------------------+  veth0 |           |
  11 # |             +--------+   <- 172.16.0.0/24 <-    +--------+           |
  12 # |           172.16.0.1 |                          | 2001:db8:1::2/64   |
  13 # |     2001:db8:1::2/64 |                          |                    |
  14 # +----------------------+                          +--------------------+
  15 #
  16 # And then tries to ping 172.16.1.1 from ns1. This results in a "net
  17 # unreachable" message being sent from ns2, but there is no IPv4 address set in
  18 # that address space, so the kernel should substitute the dummy address
  19 # 192.0.0.8 defined in RFC7600.
  20
  21 source lib.sh
  22
  23 H1_IP=172.16.0.1/32
  24 H1_IP6=2001:db8:1::1
  25 RT1=172.16.1.0/24
  26 PINGADDR=172.16.1.1
  27 RT2=172.16.0.0/24
  28 H2_IP6=2001:db8:1::2
  29
  30 TMPFILE=$(mktemp)
  31
  32 cleanup()
  33 {
  34     rm -f "$TMPFILE"
  35     cleanup_ns $NS1 $NS2
  36 }
  37
  38 trap cleanup EXIT
  39
  40 # Namespaces
  41 setup_ns NS1 NS2
  42
  43 # Connectivity
  44 ip -netns $NS1 link add veth0 type veth peer name veth0 netns $NS2
  45 ip -netns $NS1 link set dev veth0 up
  46 ip -netns $NS2 link set dev veth0 up
  47 ip -netns $NS1 addr add $H1_IP dev veth0
  48 ip -netns $NS1 addr add $H1_IP6/64 dev veth0 nodad
  49 ip -netns $NS2 addr add $H2_IP6/64 dev veth0 nodad
  50 ip -netns $NS1 route add $RT1 via inet6 $H2_IP6
  51 ip -netns $NS2 route add $RT2 via inet6 $H1_IP6
  52
  53 # Make sure ns2 will respond with ICMP unreachable
  54 ip netns exec $NS2 sysctl -qw net.ipv4.icmp_ratelimit=0 net.ipv4.ip_forward=1
  55
  56 # Run the test - a ping runs in the background, and we capture ICMP responses
  57 # with tcpdump; -c 1 means it should exit on the first ping, but add a timeout
  58 # in case something goes wrong
  59 ip netns exec $NS1 ping -w 3 -i 0.5 $PINGADDR >/dev/null &
  60 ip netns exec $NS1 timeout 10 tcpdump -tpni veth0 -c 1 'icmp and icmp[icmptype] != icmp-echo' > $TMPFILE 2>/dev/null
  61
  62 # Parse response and check for dummy address
  63 # tcpdump output looks like:
  64 # IP 192.0.0.8 > 172.16.0.1: ICMP net 172.16.1.1 unreachable, length 92
  65 RESP_IP=$(awk '{print $2}' < $TMPFILE)
  66 if [[ "$RESP_IP" != "192.0.0.8" ]]; then
  67     echo "FAIL - got ICMP response from $RESP_IP, should be 192.0.0.8"
  68     exit 1
  69 else
  70     echo "OK"
  71     exit 0
  72 fi