2 # SPDX-License-Identifier: GPL-2.0
4 # Run a couple of IP defragmentation tests.
9 modprobe
-q nf_defrag_ipv6
11 readonly NETNS
="ns-$(mktemp -u XXXXXX)"
14 ip netns add
"${NETNS}"
15 ip
-netns "${NETNS}" link
set lo up
17 ip netns
exec "${NETNS}" sysctl
-w net.ipv4.ipfrag_high_thresh
=9000000 >/dev
/null
2>&1
18 ip netns
exec "${NETNS}" sysctl
-w net.ipv4.ipfrag_low_thresh
=7000000 >/dev
/null
2>&1
19 ip netns
exec "${NETNS}" sysctl
-w net.ipv4.ipfrag_time
=1 >/dev
/null
2>&1
21 ip netns
exec "${NETNS}" sysctl
-w net.ipv6.ip6frag_high_thresh
=9000000 >/dev
/null
2>&1
22 ip netns
exec "${NETNS}" sysctl
-w net.ipv6.ip6frag_low_thresh
=7000000 >/dev
/null
2>&1
23 ip netns
exec "${NETNS}" sysctl
-w net.ipv6.ip6frag_time
=1 >/dev
/null
2>&1
25 ip netns
exec "${NETNS}" sysctl
-w net.netfilter.nf_conntrack_frag6_high_thresh
=9000000 >/dev
/null
2>&1
26 ip netns
exec "${NETNS}" sysctl
-w net.netfilter.nf_conntrack_frag6_low_thresh
=7000000 >/dev
/null
2>&1
27 ip netns
exec "${NETNS}" sysctl
-w net.netfilter.nf_conntrack_frag6_timeout
=1 >/dev
/null
2>&1
29 # DST cache can get full with a lot of frags, with GC not keeping up with the test.
30 ip netns
exec "${NETNS}" sysctl
-w net.ipv6.route.max_size
=65536 >/dev
/null
2>&1
34 ip netns del
"${NETNS}"
41 ip netns
exec "${NETNS}" .
/ip_defrag
-4
43 echo "ipv4 defrag with overlaps"
44 ip netns
exec "${NETNS}" .
/ip_defrag
-4o
47 ip netns
exec "${NETNS}" .
/ip_defrag
-6
49 echo "ipv6 defrag with overlaps"
50 ip netns
exec "${NETNS}" .
/ip_defrag
-6o
52 # insert an nf_conntrack rule so that the codepath in nf_conntrack_reasm.c taken
53 ip netns
exec "${NETNS}" ip6tables
-A INPUT
-m conntrack
--ctstate INVALID
-j ACCEPT
55 echo "ipv6 nf_conntrack defrag"
56 ip netns
exec "${NETNS}" .
/ip_defrag
-6
58 echo "ipv6 nf_conntrack defrag with overlaps"
59 # netfilter will drop some invalid packets, so we run the test in
60 # permissive mode: i.e. pass the test if the packet is correctly assembled
61 # even if we sent an overlap
62 ip netns
exec "${NETNS}" .
/ip_defrag
-6op
