1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4# This test is for checking IPv4 and IPv6 FIB behavior in response to 5# different events. 6source lib.sh 7ret=0 8 9# all tests in this script. Can be overridden with -t option 10TESTS="unregister down carrier nexthop suppress ipv6_notify ipv4_notify \ 11 ipv6_rt ipv4_rt ipv6_addr_metric ipv4_addr_metric ipv6_route_metrics \ 12 ipv4_route_metrics ipv4_route_v6_gw rp_filter ipv4_del_addr \ 13 ipv6_del_addr ipv4_mangle ipv6_mangle ipv4_bcast_neigh fib6_gc_test \ 14 ipv4_mpath_list ipv6_mpath_list ipv4_mpath_balance ipv6_mpath_balance \ 15 fib6_ra_to_static" 16 17VERBOSE=0 18PAUSE_ON_FAIL=no 19PAUSE=no 20 21which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) 22 23log_test() 24{ 25 local rc=$1 26 local expected=$2 27 local msg="$3" 28 29 if [ ${rc} -eq ${expected} ]; then 30 printf " TEST: %-60s [ OK ]\n" "${msg}" 31 nsuccess=$((nsuccess+1)) 32 else 33 ret=1 34 nfail=$((nfail+1)) 35 printf " TEST: %-60s [FAIL]\n" "${msg}" 36 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 37 echo 38 echo "hit enter to continue, 'q' to quit" 39 read a 40 [ "$a" = "q" ] && exit 1 41 fi 42 fi 43 44 if [ "${PAUSE}" = "yes" ]; then 45 echo 46 echo "hit enter to continue, 'q' to quit" 47 read a 48 [ "$a" = "q" ] && exit 1 49 fi 50} 51 52setup() 53{ 54 set -e 55 setup_ns ns1 56 IP="$(which ip) -netns $ns1" 57 NS_EXEC="$(which ip) netns exec $ns1" 58 ip netns exec $ns1 sysctl -qw net.ipv4.ip_forward=1 59 ip netns exec $ns1 sysctl -qw net.ipv6.conf.all.forwarding=1 60 61 $IP link add dummy0 type dummy 62 $IP link set dev dummy0 up 63 $IP address add 198.51.100.1/24 dev dummy0 64 $IP -6 address add 2001:db8:1::1/64 dev dummy0 65 set +e 66 67} 68 69cleanup() 70{ 71 $IP link del dev dummy0 &> /dev/null 72 cleanup_ns $ns1 $ns2 73} 74 75get_linklocal() 76{ 77 local dev=$1 78 local addr 79 80 addr=$($IP -6 -br addr show dev ${dev} | \ 81 awk '{ 82 for (i = 3; i <= NF; ++i) { 83 if ($i ~ /^fe80/) 84 print $i 85 } 86 }' 87 ) 88 addr=${addr/\/*} 89 90 [ -z "$addr" ] && return 1 91 92 echo $addr 93 94 return 0 95} 96 97fib_unreg_unicast_test() 98{ 99 echo 100 echo "Single path route test" 101 102 setup 103 104 echo " Start point" 105 $IP route get fibmatch 198.51.100.2 &> /dev/null 106 log_test $? 0 "IPv4 fibmatch" 107 $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null 108 log_test $? 0 "IPv6 fibmatch" 109 110 set -e 111 $IP link del dev dummy0 112 set +e 113 114 echo " Nexthop device deleted" 115 $IP route get fibmatch 198.51.100.2 &> /dev/null 116 log_test $? 2 "IPv4 fibmatch - no route" 117 $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null 118 log_test $? 2 "IPv6 fibmatch - no route" 119 120 cleanup 121} 122 123fib_unreg_multipath_test() 124{ 125 126 echo 127 echo "Multipath route test" 128 129 setup 130 131 set -e 132 $IP link add dummy1 type dummy 133 $IP link set dev dummy1 up 134 $IP address add 192.0.2.1/24 dev dummy1 135 $IP -6 address add 2001:db8:2::1/64 dev dummy1 136 137 $IP route add 203.0.113.0/24 \ 138 nexthop via 198.51.100.2 dev dummy0 \ 139 nexthop via 192.0.2.2 dev dummy1 140 $IP -6 route add 2001:db8:3::/64 \ 141 nexthop via 2001:db8:1::2 dev dummy0 \ 142 nexthop via 2001:db8:2::2 dev dummy1 143 set +e 144 145 echo " Start point" 146 $IP route get fibmatch 203.0.113.1 &> /dev/null 147 log_test $? 0 "IPv4 fibmatch" 148 $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null 149 log_test $? 0 "IPv6 fibmatch" 150 151 set -e 152 $IP link del dev dummy0 153 set +e 154 155 echo " One nexthop device deleted" 156 $IP route get fibmatch 203.0.113.1 &> /dev/null 157 log_test $? 2 "IPv4 - multipath route removed on delete" 158 159 $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null 160 # In IPv6 we do not flush the entire multipath route. 161 log_test $? 0 "IPv6 - multipath down to single path" 162 163 set -e 164 $IP link del dev dummy1 165 set +e 166 167 echo " Second nexthop device deleted" 168 $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null 169 log_test $? 2 "IPv6 - no route" 170 171 cleanup 172} 173 174fib_unreg_test() 175{ 176 fib_unreg_unicast_test 177 fib_unreg_multipath_test 178} 179 180fib_down_unicast_test() 181{ 182 echo 183 echo "Single path, admin down" 184 185 setup 186 187 echo " Start point" 188 $IP route get fibmatch 198.51.100.2 &> /dev/null 189 log_test $? 0 "IPv4 fibmatch" 190 $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null 191 log_test $? 0 "IPv6 fibmatch" 192 193 set -e 194 $IP link set dev dummy0 down 195 set +e 196 197 echo " Route deleted on down" 198 $IP route get fibmatch 198.51.100.2 &> /dev/null 199 log_test $? 2 "IPv4 fibmatch" 200 $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null 201 log_test $? 2 "IPv6 fibmatch" 202 203 cleanup 204} 205 206fib_down_multipath_test_do() 207{ 208 local down_dev=$1 209 local up_dev=$2 210 211 $IP route get fibmatch 203.0.113.1 \ 212 oif $down_dev &> /dev/null 213 log_test $? 2 "IPv4 fibmatch on down device" 214 $IP -6 route get fibmatch 2001:db8:3::1 \ 215 oif $down_dev &> /dev/null 216 log_test $? 2 "IPv6 fibmatch on down device" 217 218 $IP route get fibmatch 203.0.113.1 \ 219 oif $up_dev &> /dev/null 220 log_test $? 0 "IPv4 fibmatch on up device" 221 $IP -6 route get fibmatch 2001:db8:3::1 \ 222 oif $up_dev &> /dev/null 223 log_test $? 0 "IPv6 fibmatch on up device" 224 225 $IP route get fibmatch 203.0.113.1 | \ 226 grep $down_dev | grep -q "dead linkdown" 227 log_test $? 0 "IPv4 flags on down device" 228 $IP -6 route get fibmatch 2001:db8:3::1 | \ 229 grep $down_dev | grep -q "dead linkdown" 230 log_test $? 0 "IPv6 flags on down device" 231 232 $IP route get fibmatch 203.0.113.1 | \ 233 grep $up_dev | grep -q "dead linkdown" 234 log_test $? 1 "IPv4 flags on up device" 235 $IP -6 route get fibmatch 2001:db8:3::1 | \ 236 grep $up_dev | grep -q "dead linkdown" 237 log_test $? 1 "IPv6 flags on up device" 238} 239 240fib_down_multipath_test() 241{ 242 echo 243 echo "Admin down multipath" 244 245 setup 246 247 set -e 248 $IP link add dummy1 type dummy 249 $IP link set dev dummy1 up 250 251 $IP address add 192.0.2.1/24 dev dummy1 252 $IP -6 address add 2001:db8:2::1/64 dev dummy1 253 254 $IP route add 203.0.113.0/24 \ 255 nexthop via 198.51.100.2 dev dummy0 \ 256 nexthop via 192.0.2.2 dev dummy1 257 $IP -6 route add 2001:db8:3::/64 \ 258 nexthop via 2001:db8:1::2 dev dummy0 \ 259 nexthop via 2001:db8:2::2 dev dummy1 260 set +e 261 262 echo " Verify start point" 263 $IP route get fibmatch 203.0.113.1 &> /dev/null 264 log_test $? 0 "IPv4 fibmatch" 265 266 $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null 267 log_test $? 0 "IPv6 fibmatch" 268 269 set -e 270 $IP link set dev dummy0 down 271 set +e 272 273 echo " One device down, one up" 274 fib_down_multipath_test_do "dummy0" "dummy1" 275 276 set -e 277 $IP link set dev dummy0 up 278 $IP link set dev dummy1 down 279 set +e 280 281 echo " Other device down and up" 282 fib_down_multipath_test_do "dummy1" "dummy0" 283 284 set -e 285 $IP link set dev dummy0 down 286 set +e 287 288 echo " Both devices down" 289 $IP route get fibmatch 203.0.113.1 &> /dev/null 290 log_test $? 2 "IPv4 fibmatch" 291 $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null 292 log_test $? 2 "IPv6 fibmatch" 293 294 $IP link del dev dummy1 295 cleanup 296} 297 298fib_down_test() 299{ 300 fib_down_unicast_test 301 fib_down_multipath_test 302} 303 304# Local routes should not be affected when carrier changes. 305fib_carrier_local_test() 306{ 307 echo 308 echo "Local carrier tests - single path" 309 310 setup 311 312 set -e 313 $IP link set dev dummy0 carrier on 314 set +e 315 316 echo " Start point" 317 $IP route get fibmatch 198.51.100.1 &> /dev/null 318 log_test $? 0 "IPv4 fibmatch" 319 $IP -6 route get fibmatch 2001:db8:1::1 &> /dev/null 320 log_test $? 0 "IPv6 fibmatch" 321 322 $IP route get fibmatch 198.51.100.1 | \ 323 grep -q "linkdown" 324 log_test $? 1 "IPv4 - no linkdown flag" 325 $IP -6 route get fibmatch 2001:db8:1::1 | \ 326 grep -q "linkdown" 327 log_test $? 1 "IPv6 - no linkdown flag" 328 329 set -e 330 $IP link set dev dummy0 carrier off 331 sleep 1 332 set +e 333 334 echo " Carrier off on nexthop" 335 $IP route get fibmatch 198.51.100.1 &> /dev/null 336 log_test $? 0 "IPv4 fibmatch" 337 $IP -6 route get fibmatch 2001:db8:1::1 &> /dev/null 338 log_test $? 0 "IPv6 fibmatch" 339 340 $IP route get fibmatch 198.51.100.1 | \ 341 grep -q "linkdown" 342 log_test $? 1 "IPv4 - linkdown flag set" 343 $IP -6 route get fibmatch 2001:db8:1::1 | \ 344 grep -q "linkdown" 345 log_test $? 1 "IPv6 - linkdown flag set" 346 347 set -e 348 $IP address add 192.0.2.1/24 dev dummy0 349 $IP -6 address add 2001:db8:2::1/64 dev dummy0 350 set +e 351 352 echo " Route to local address with carrier down" 353 $IP route get fibmatch 192.0.2.1 &> /dev/null 354 log_test $? 0 "IPv4 fibmatch" 355 $IP -6 route get fibmatch 2001:db8:2::1 &> /dev/null 356 log_test $? 0 "IPv6 fibmatch" 357 358 $IP route get fibmatch 192.0.2.1 | \ 359 grep -q "linkdown" 360 log_test $? 1 "IPv4 linkdown flag set" 361 $IP -6 route get fibmatch 2001:db8:2::1 | \ 362 grep -q "linkdown" 363 log_test $? 1 "IPv6 linkdown flag set" 364 365 cleanup 366} 367 368fib_carrier_unicast_test() 369{ 370 ret=0 371 372 echo 373 echo "Single path route carrier test" 374 375 setup 376 377 set -e 378 $IP link set dev dummy0 carrier on 379 set +e 380 381 echo " Start point" 382 $IP route get fibmatch 198.51.100.2 &> /dev/null 383 log_test $? 0 "IPv4 fibmatch" 384 $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null 385 log_test $? 0 "IPv6 fibmatch" 386 387 $IP route get fibmatch 198.51.100.2 | \ 388 grep -q "linkdown" 389 log_test $? 1 "IPv4 no linkdown flag" 390 $IP -6 route get fibmatch 2001:db8:1::2 | \ 391 grep -q "linkdown" 392 log_test $? 1 "IPv6 no linkdown flag" 393 394 set -e 395 $IP link set dev dummy0 carrier off 396 sleep 1 397 set +e 398 399 echo " Carrier down" 400 $IP route get fibmatch 198.51.100.2 &> /dev/null 401 log_test $? 0 "IPv4 fibmatch" 402 $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null 403 log_test $? 0 "IPv6 fibmatch" 404 405 $IP route get fibmatch 198.51.100.2 | \ 406 grep -q "linkdown" 407 log_test $? 0 "IPv4 linkdown flag set" 408 $IP -6 route get fibmatch 2001:db8:1::2 | \ 409 grep -q "linkdown" 410 log_test $? 0 "IPv6 linkdown flag set" 411 412 set -e 413 $IP address add 192.0.2.1/24 dev dummy0 414 $IP -6 address add 2001:db8:2::1/64 dev dummy0 415 set +e 416 417 echo " Second address added with carrier down" 418 $IP route get fibmatch 192.0.2.2 &> /dev/null 419 log_test $? 0 "IPv4 fibmatch" 420 $IP -6 route get fibmatch 2001:db8:2::2 &> /dev/null 421 log_test $? 0 "IPv6 fibmatch" 422 423 $IP route get fibmatch 192.0.2.2 | \ 424 grep -q "linkdown" 425 log_test $? 0 "IPv4 linkdown flag set" 426 $IP -6 route get fibmatch 2001:db8:2::2 | \ 427 grep -q "linkdown" 428 log_test $? 0 "IPv6 linkdown flag set" 429 430 cleanup 431} 432 433fib_carrier_test() 434{ 435 fib_carrier_local_test 436 fib_carrier_unicast_test 437} 438 439fib_rp_filter_test() 440{ 441 echo 442 echo "IPv4 rp_filter tests" 443 444 setup 445 446 set -e 447 setup_ns ns2 448 449 $IP link add name veth1 type veth peer name veth2 450 $IP link set dev veth2 netns $ns2 451 $IP address add 192.0.2.1/24 dev veth1 452 ip -netns $ns2 address add 192.0.2.1/24 dev veth2 453 $IP link set dev veth1 up 454 ip -netns $ns2 link set dev veth2 up 455 456 $IP link set dev lo address 52:54:00:6a:c7:5e 457 $IP link set dev veth1 address 52:54:00:6a:c7:5e 458 ip -netns $ns2 link set dev lo address 52:54:00:6a:c7:5e 459 ip -netns $ns2 link set dev veth2 address 52:54:00:6a:c7:5e 460 461 # 1. (ns2) redirect lo's egress to veth2's egress 462 ip netns exec $ns2 tc qdisc add dev lo parent root handle 1: fq_codel 463 ip netns exec $ns2 tc filter add dev lo parent 1: protocol arp basic \ 464 action mirred egress redirect dev veth2 465 ip netns exec $ns2 tc filter add dev lo parent 1: protocol ip basic \ 466 action mirred egress redirect dev veth2 467 468 # 2. (ns1) redirect veth1's ingress to lo's ingress 469 $NS_EXEC tc qdisc add dev veth1 ingress 470 $NS_EXEC tc filter add dev veth1 ingress protocol arp basic \ 471 action mirred ingress redirect dev lo 472 $NS_EXEC tc filter add dev veth1 ingress protocol ip basic \ 473 action mirred ingress redirect dev lo 474 475 # 3. (ns1) redirect lo's egress to veth1's egress 476 $NS_EXEC tc qdisc add dev lo parent root handle 1: fq_codel 477 $NS_EXEC tc filter add dev lo parent 1: protocol arp basic \ 478 action mirred egress redirect dev veth1 479 $NS_EXEC tc filter add dev lo parent 1: protocol ip basic \ 480 action mirred egress redirect dev veth1 481 482 # 4. (ns2) redirect veth2's ingress to lo's ingress 483 ip netns exec $ns2 tc qdisc add dev veth2 ingress 484 ip netns exec $ns2 tc filter add dev veth2 ingress protocol arp basic \ 485 action mirred ingress redirect dev lo 486 ip netns exec $ns2 tc filter add dev veth2 ingress protocol ip basic \ 487 action mirred ingress redirect dev lo 488 489 $NS_EXEC sysctl -qw net.ipv4.conf.all.rp_filter=1 490 $NS_EXEC sysctl -qw net.ipv4.conf.all.accept_local=1 491 $NS_EXEC sysctl -qw net.ipv4.conf.all.route_localnet=1 492 ip netns exec $ns2 sysctl -qw net.ipv4.conf.all.rp_filter=1 493 ip netns exec $ns2 sysctl -qw net.ipv4.conf.all.accept_local=1 494 ip netns exec $ns2 sysctl -qw net.ipv4.conf.all.route_localnet=1 495 set +e 496 497 run_cmd "ip netns exec $ns2 ping -w1 -c1 192.0.2.1" 498 log_test $? 0 "rp_filter passes local packets" 499 500 run_cmd "ip netns exec $ns2 ping -w1 -c1 127.0.0.1" 501 log_test $? 0 "rp_filter passes loopback packets" 502 503 cleanup 504} 505 506################################################################################ 507# Tests on nexthop spec 508 509# run 'ip route add' with given spec 510add_rt() 511{ 512 local desc="$1" 513 local erc=$2 514 local vrf=$3 515 local pfx=$4 516 local gw=$5 517 local dev=$6 518 local cmd out rc 519 520 [ "$vrf" = "-" ] && vrf="default" 521 [ -n "$gw" ] && gw="via $gw" 522 [ -n "$dev" ] && dev="dev $dev" 523 524 cmd="$IP route add vrf $vrf $pfx $gw $dev" 525 if [ "$VERBOSE" = "1" ]; then 526 printf "\n COMMAND: $cmd\n" 527 fi 528 529 out=$(eval $cmd 2>&1) 530 rc=$? 531 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 532 echo " $out" 533 fi 534 log_test $rc $erc "$desc" 535} 536 537fib4_nexthop() 538{ 539 echo 540 echo "IPv4 nexthop tests" 541 542 echo "<<< write me >>>" 543} 544 545fib6_nexthop() 546{ 547 local lldummy=$(get_linklocal dummy0) 548 local llv1=$(get_linklocal dummy0) 549 550 if [ -z "$lldummy" ]; then 551 echo "Failed to get linklocal address for dummy0" 552 return 1 553 fi 554 if [ -z "$llv1" ]; then 555 echo "Failed to get linklocal address for veth1" 556 return 1 557 fi 558 559 echo 560 echo "IPv6 nexthop tests" 561 562 add_rt "Directly connected nexthop, unicast address" 0 \ 563 - 2001:db8:101::/64 2001:db8:1::2 564 add_rt "Directly connected nexthop, unicast address with device" 0 \ 565 - 2001:db8:102::/64 2001:db8:1::2 "dummy0" 566 add_rt "Gateway is linklocal address" 0 \ 567 - 2001:db8:103::1/64 $llv1 "veth0" 568 569 # fails because LL address requires a device 570 add_rt "Gateway is linklocal address, no device" 2 \ 571 - 2001:db8:104::1/64 $llv1 572 573 # local address can not be a gateway 574 add_rt "Gateway can not be local unicast address" 2 \ 575 - 2001:db8:105::/64 2001:db8:1::1 576 add_rt "Gateway can not be local unicast address, with device" 2 \ 577 - 2001:db8:106::/64 2001:db8:1::1 "dummy0" 578 add_rt "Gateway can not be a local linklocal address" 2 \ 579 - 2001:db8:107::1/64 $lldummy "dummy0" 580 581 # VRF tests 582 add_rt "Gateway can be local address in a VRF" 0 \ 583 - 2001:db8:108::/64 2001:db8:51::2 584 add_rt "Gateway can be local address in a VRF, with device" 0 \ 585 - 2001:db8:109::/64 2001:db8:51::2 "veth0" 586 add_rt "Gateway can be local linklocal address in a VRF" 0 \ 587 - 2001:db8:110::1/64 $llv1 "veth0" 588 589 add_rt "Redirect to VRF lookup" 0 \ 590 - 2001:db8:111::/64 "" "red" 591 592 add_rt "VRF route, gateway can be local address in default VRF" 0 \ 593 red 2001:db8:112::/64 2001:db8:51::1 594 595 # local address in same VRF fails 596 add_rt "VRF route, gateway can not be a local address" 2 \ 597 red 2001:db8:113::1/64 2001:db8:2::1 598 add_rt "VRF route, gateway can not be a local addr with device" 2 \ 599 red 2001:db8:114::1/64 2001:db8:2::1 "dummy1" 600} 601 602# Default VRF: 603# dummy0 - 198.51.100.1/24 2001:db8:1::1/64 604# veth0 - 192.0.2.1/24 2001:db8:51::1/64 605# 606# VRF red: 607# dummy1 - 192.168.2.1/24 2001:db8:2::1/64 608# veth1 - 192.0.2.2/24 2001:db8:51::2/64 609# 610# [ dummy0 veth0 ]--[ veth1 dummy1 ] 611 612fib_nexthop_test() 613{ 614 setup 615 616 set -e 617 618 $IP -4 rule add pref 32765 table local 619 $IP -4 rule del pref 0 620 $IP -6 rule add pref 32765 table local 621 $IP -6 rule del pref 0 622 623 $IP link add red type vrf table 1 624 $IP link set red up 625 $IP -4 route add vrf red unreachable default metric 4278198272 626 $IP -6 route add vrf red unreachable default metric 4278198272 627 628 $IP link add veth0 type veth peer name veth1 629 $IP link set dev veth0 up 630 $IP address add 192.0.2.1/24 dev veth0 631 $IP -6 address add 2001:db8:51::1/64 dev veth0 632 633 $IP link set dev veth1 vrf red up 634 $IP address add 192.0.2.2/24 dev veth1 635 $IP -6 address add 2001:db8:51::2/64 dev veth1 636 637 $IP link add dummy1 type dummy 638 $IP link set dev dummy1 vrf red up 639 $IP address add 192.168.2.1/24 dev dummy1 640 $IP -6 address add 2001:db8:2::1/64 dev dummy1 641 set +e 642 643 sleep 1 644 fib4_nexthop 645 fib6_nexthop 646 647 ( 648 $IP link del dev dummy1 649 $IP link del veth0 650 $IP link del red 651 ) 2>/dev/null 652 cleanup 653} 654 655fib6_notify_test() 656{ 657 setup 658 659 echo 660 echo "Fib6 info length calculation in route notify test" 661 set -e 662 663 for i in 10 20 30 40 50 60 70; 664 do 665 $IP link add dummy_$i type dummy 666 $IP link set dev dummy_$i up 667 $IP -6 address add 2001:$i::1/64 dev dummy_$i 668 done 669 670 $NS_EXEC ip monitor route &> errors.txt & 671 sleep 2 672 673 $IP -6 route add 2001::/64 \ 674 nexthop via 2001:10::2 dev dummy_10 \ 675 nexthop encap ip6 dst 2002::20 via 2001:20::2 dev dummy_20 \ 676 nexthop encap ip6 dst 2002::30 via 2001:30::2 dev dummy_30 \ 677 nexthop encap ip6 dst 2002::40 via 2001:40::2 dev dummy_40 \ 678 nexthop encap ip6 dst 2002::50 via 2001:50::2 dev dummy_50 \ 679 nexthop encap ip6 dst 2002::60 via 2001:60::2 dev dummy_60 \ 680 nexthop encap ip6 dst 2002::70 via 2001:70::2 dev dummy_70 681 682 set +e 683 684 err=`cat errors.txt |grep "Message too long"` 685 if [ -z "$err" ];then 686 ret=0 687 else 688 ret=1 689 fi 690 691 log_test $ret 0 "ipv6 route add notify" 692 693 kill_process %% 694 695 #rm errors.txt 696 697 cleanup &> /dev/null 698} 699 700 701fib_notify_test() 702{ 703 setup 704 705 echo 706 echo "Fib4 info length calculation in route notify test" 707 708 set -e 709 710 for i in 10 20 30 40 50 60 70; 711 do 712 $IP link add dummy_$i type dummy 713 $IP link set dev dummy_$i up 714 $IP address add 20.20.$i.2/24 dev dummy_$i 715 done 716 717 $NS_EXEC ip monitor route &> errors.txt & 718 sleep 2 719 720 $IP route add 10.0.0.0/24 \ 721 nexthop via 20.20.10.1 dev dummy_10 \ 722 nexthop encap ip dst 192.168.10.20 via 20.20.20.1 dev dummy_20 \ 723 nexthop encap ip dst 192.168.10.30 via 20.20.30.1 dev dummy_30 \ 724 nexthop encap ip dst 192.168.10.40 via 20.20.40.1 dev dummy_40 \ 725 nexthop encap ip dst 192.168.10.50 via 20.20.50.1 dev dummy_50 \ 726 nexthop encap ip dst 192.168.10.60 via 20.20.60.1 dev dummy_60 \ 727 nexthop encap ip dst 192.168.10.70 via 20.20.70.1 dev dummy_70 728 729 set +e 730 731 err=`cat errors.txt |grep "Message too long"` 732 if [ -z "$err" ];then 733 ret=0 734 else 735 ret=1 736 fi 737 738 log_test $ret 0 "ipv4 route add notify" 739 740 kill_process %% 741 742 rm errors.txt 743 744 cleanup &> /dev/null 745} 746 747# Create a new dummy_10 to remove all associated routes. 748reset_dummy_10() 749{ 750 $IP link del dev dummy_10 751 752 $IP link add dummy_10 type dummy 753 $IP link set dev dummy_10 up 754 $IP -6 address add 2001:10::1/64 dev dummy_10 755} 756 757check_rt_num() 758{ 759 local expected=$1 760 local num=$2 761 762 if [ $num -ne $expected ]; then 763 echo "FAIL: Expected $expected routes, got $num" 764 ret=1 765 else 766 ret=0 767 fi 768} 769 770check_rt_num_clean() 771{ 772 local expected=$1 773 local num=$2 774 775 if [ $num -ne $expected ]; then 776 log_test 1 0 "expected $expected routes, got $num" 777 set +e 778 cleanup &> /dev/null 779 return 1 780 fi 781 return 0 782} 783 784fib6_gc_test() 785{ 786 setup 787 788 echo 789 echo "Fib6 garbage collection test" 790 set -e 791 792 EXPIRE=5 793 GC_WAIT_TIME=$((EXPIRE * 2 + 2)) 794 795 # Check expiration of routes every $EXPIRE seconds (GC) 796 $NS_EXEC sysctl -wq net.ipv6.route.gc_interval=$EXPIRE 797 798 $IP link add dummy_10 type dummy 799 $IP link set dev dummy_10 up 800 $IP -6 address add 2001:10::1/64 dev dummy_10 801 802 $NS_EXEC sysctl -wq net.ipv6.route.flush=1 803 804 # Temporary routes 805 for i in $(seq 1 5); do 806 # Expire route after $EXPIRE seconds 807 $IP -6 route add 2001:20::$i \ 808 via 2001:10::2 dev dummy_10 expires $EXPIRE 809 done 810 sleep $GC_WAIT_TIME 811 $NS_EXEC sysctl -wq net.ipv6.route.flush=1 812 check_rt_num 0 $($IP -6 route list |grep expires|wc -l) 813 log_test $ret 0 "ipv6 route garbage collection" 814 815 reset_dummy_10 816 817 # Permanent routes 818 for i in $(seq 1 5); do 819 $IP -6 route add 2001:30::$i \ 820 via 2001:10::2 dev dummy_10 821 done 822 # Temporary routes 823 for i in $(seq 1 5); do 824 # Expire route after $EXPIRE seconds 825 $IP -6 route add 2001:20::$i \ 826 via 2001:10::2 dev dummy_10 expires $EXPIRE 827 done 828 # Wait for GC 829 sleep $GC_WAIT_TIME 830 check_rt_num 0 $($IP -6 route list |grep expires|wc -l) 831 log_test $ret 0 "ipv6 route garbage collection (with permanent routes)" 832 833 reset_dummy_10 834 835 # Permanent routes 836 for i in $(seq 1 5); do 837 $IP -6 route add 2001:20::$i \ 838 via 2001:10::2 dev dummy_10 839 done 840 # Replace with temporary routes 841 for i in $(seq 1 5); do 842 # Expire route after $EXPIRE seconds 843 $IP -6 route replace 2001:20::$i \ 844 via 2001:10::2 dev dummy_10 expires $EXPIRE 845 done 846 # Wait for GC 847 sleep $GC_WAIT_TIME 848 check_rt_num 0 $($IP -6 route list |grep expires|wc -l) 849 log_test $ret 0 "ipv6 route garbage collection (replace with expires)" 850 851 reset_dummy_10 852 853 # Temporary routes 854 for i in $(seq 1 5); do 855 # Expire route after $EXPIRE seconds 856 $IP -6 route add 2001:20::$i \ 857 via 2001:10::2 dev dummy_10 expires $EXPIRE 858 done 859 # Replace with permanent routes 860 for i in $(seq 1 5); do 861 $IP -6 route replace 2001:20::$i \ 862 via 2001:10::2 dev dummy_10 863 done 864 check_rt_num_clean 0 $($IP -6 route list |grep expires|wc -l) || return 865 866 # Wait for GC 867 sleep $GC_WAIT_TIME 868 check_rt_num 5 $($IP -6 route list |grep -v expires|grep 2001:20::|wc -l) 869 log_test $ret 0 "ipv6 route garbage collection (replace with permanent)" 870 871 # ra6 is required for the next test. (ipv6toolkit) 872 if [ ! -x "$(command -v ra6)" ]; then 873 echo "SKIP: ra6 not found." 874 set +e 875 cleanup &> /dev/null 876 return 877 fi 878 879 # Delete dummy_10 and remove all routes 880 $IP link del dev dummy_10 881 882 # Create a pair of veth devices to send a RA message from one 883 # device to another. 884 $IP link add veth1 type veth peer name veth2 885 $IP link set dev veth1 up 886 $IP link set dev veth2 up 887 $IP -6 address add 2001:10::1/64 dev veth1 nodad 888 $IP -6 address add 2001:10::2/64 dev veth2 nodad 889 890 # Make veth1 ready to receive RA messages. 891 $NS_EXEC sysctl -wq net.ipv6.conf.veth1.accept_ra=2 892 893 # Send a RA message with a route from veth2 to veth1. 894 $NS_EXEC ra6 -i veth2 -d 2001:10::1 -t $EXPIRE 895 896 # Wait for the RA message. 897 sleep 1 898 899 # systemd may mess up the test. You syould make sure that 900 # systemd-networkd.service and systemd-networkd.socket are stopped. 901 check_rt_num_clean 1 $($IP -6 route list|grep expires|wc -l) || return 902 903 # Wait for GC 904 sleep $GC_WAIT_TIME 905 check_rt_num 0 $($IP -6 route list |grep expires|wc -l) 906 log_test $ret 0 "ipv6 route garbage collection (RA message)" 907 908 set +e 909 910 cleanup &> /dev/null 911} 912 913fib_suppress_test() 914{ 915 echo 916 echo "FIB rule with suppress_prefixlength" 917 setup 918 919 $IP link add dummy1 type dummy 920 $IP link set dummy1 up 921 $IP -6 route add default dev dummy1 922 $IP -6 rule add table main suppress_prefixlength 0 923 ping -f -c 1000 -W 1 1234::1 >/dev/null 2>&1 924 $IP -6 rule del table main suppress_prefixlength 0 925 $IP link del dummy1 926 927 # If we got here without crashing, we're good. 928 log_test 0 0 "FIB rule suppress test" 929 930 cleanup 931} 932 933################################################################################ 934# Tests on route add and replace 935 936run_cmd() 937{ 938 local cmd="$1" 939 local out 940 local stderr="2>/dev/null" 941 942 if [ "$VERBOSE" = "1" ]; then 943 printf " COMMAND: $cmd\n" 944 stderr= 945 fi 946 947 out=$(eval $cmd $stderr) 948 rc=$? 949 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 950 echo " $out" 951 fi 952 953 [ "$VERBOSE" = "1" ] && echo 954 955 return $rc 956} 957 958check_expected() 959{ 960 local out="$1" 961 local expected="$2" 962 local rc=0 963 964 [ "${out}" = "${expected}" ] && return 0 965 966 if [ -z "${out}" ]; then 967 if [ "$VERBOSE" = "1" ]; then 968 printf "\nNo route entry found\n" 969 printf "Expected:\n" 970 printf " ${expected}\n" 971 fi 972 return 1 973 fi 974 975 # tricky way to convert output to 1-line without ip's 976 # messy '\'; this drops all extra white space 977 out=$(echo ${out}) 978 if [ "${out}" != "${expected}" ]; then 979 rc=1 980 if [ "${VERBOSE}" = "1" ]; then 981 printf " Unexpected route entry. Have:\n" 982 printf " ${out}\n" 983 printf " Expected:\n" 984 printf " ${expected}\n\n" 985 fi 986 fi 987 988 return $rc 989} 990 991# add route for a prefix, flushing any existing routes first 992# expected to be the first step of a test 993add_route6() 994{ 995 local pfx="$1" 996 local nh="$2" 997 local out 998 999 if [ "$VERBOSE" = "1" ]; then 1000 echo 1001 echo " ##################################################" 1002 echo 1003 fi 1004 1005 run_cmd "$IP -6 ro flush ${pfx}" 1006 [ $? -ne 0 ] && exit 1 1007 1008 out=$($IP -6 ro ls match ${pfx}) 1009 if [ -n "$out" ]; then 1010 echo "Failed to flush routes for prefix used for tests." 1011 exit 1 1012 fi 1013 1014 run_cmd "$IP -6 ro add ${pfx} ${nh}" 1015 if [ $? -ne 0 ]; then 1016 echo "Failed to add initial route for test." 1017 exit 1 1018 fi 1019} 1020 1021# add initial route - used in replace route tests 1022add_initial_route6() 1023{ 1024 add_route6 "2001:db8:104::/64" "$1" 1025} 1026 1027check_route6() 1028{ 1029 local pfx 1030 local expected="$1" 1031 local out 1032 local rc=0 1033 1034 set -- $expected 1035 pfx=$1 1036 1037 out=$($IP -6 ro ls match ${pfx} | sed -e 's/ pref medium//') 1038 check_expected "${out}" "${expected}" 1039} 1040 1041route_cleanup() 1042{ 1043 $IP li del red 2>/dev/null 1044 $IP li del dummy1 2>/dev/null 1045 $IP li del veth1 2>/dev/null 1046 $IP li del veth3 2>/dev/null 1047 1048 cleanup &> /dev/null 1049} 1050 1051route_setup() 1052{ 1053 route_cleanup 1054 setup 1055 1056 [ "${VERBOSE}" = "1" ] && set -x 1057 set -e 1058 1059 setup_ns ns2 1060 ip netns exec $ns2 sysctl -qw net.ipv4.ip_forward=1 1061 ip netns exec $ns2 sysctl -qw net.ipv6.conf.all.forwarding=1 1062 1063 $IP li add veth1 type veth peer name veth2 1064 $IP li add veth3 type veth peer name veth4 1065 1066 $IP li set veth1 up 1067 $IP li set veth3 up 1068 $IP li set veth2 netns $ns2 up 1069 $IP li set veth4 netns $ns2 up 1070 ip -netns $ns2 li add dummy1 type dummy 1071 ip -netns $ns2 li set dummy1 up 1072 1073 $IP -6 addr add 2001:db8:101::1/64 dev veth1 nodad 1074 $IP -6 addr add 2001:db8:103::1/64 dev veth3 nodad 1075 $IP addr add 172.16.101.1/24 dev veth1 1076 $IP addr add 172.16.103.1/24 dev veth3 1077 1078 ip -netns $ns2 -6 addr add 2001:db8:101::2/64 dev veth2 nodad 1079 ip -netns $ns2 -6 addr add 2001:db8:103::2/64 dev veth4 nodad 1080 ip -netns $ns2 -6 addr add 2001:db8:104::1/64 dev dummy1 nodad 1081 1082 ip -netns $ns2 addr add 172.16.101.2/24 dev veth2 1083 ip -netns $ns2 addr add 172.16.103.2/24 dev veth4 1084 ip -netns $ns2 addr add 172.16.104.1/24 dev dummy1 1085 1086 set +e 1087} 1088 1089forwarding_cleanup() 1090{ 1091 cleanup_ns $ns3 1092 1093 route_cleanup 1094} 1095 1096# extend route_setup with an ns3 reachable through ns2 over both devices 1097forwarding_setup() 1098{ 1099 forwarding_cleanup 1100 1101 route_setup 1102 1103 setup_ns ns3 1104 1105 ip link add veth5 netns $ns3 type veth peer name veth6 netns $ns2 1106 ip -netns $ns3 link set veth5 up 1107 ip -netns $ns2 link set veth6 up 1108 1109 ip -netns $ns3 -4 addr add dev veth5 172.16.105.1/24 1110 ip -netns $ns2 -4 addr add dev veth6 172.16.105.2/24 1111 ip -netns $ns3 -4 route add 172.16.100.0/22 via 172.16.105.2 1112 1113 ip -netns $ns3 -6 addr add dev veth5 2001:db8:105::1/64 nodad 1114 ip -netns $ns2 -6 addr add dev veth6 2001:db8:105::2/64 nodad 1115 ip -netns $ns3 -6 route add 2001:db8:101::/33 via 2001:db8:105::2 1116} 1117 1118# assumption is that basic add of a single path route works 1119# otherwise just adding an address on an interface is broken 1120ipv6_rt_add() 1121{ 1122 local rc 1123 1124 echo 1125 echo "IPv6 route add / append tests" 1126 1127 # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL 1128 add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" 1129 run_cmd "$IP -6 ro add 2001:db8:104::/64 via 2001:db8:103::2" 1130 log_test $? 2 "Attempt to add duplicate route - gw" 1131 1132 # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL 1133 add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" 1134 run_cmd "$IP -6 ro add 2001:db8:104::/64 dev veth3" 1135 log_test $? 2 "Attempt to add duplicate route - dev only" 1136 1137 # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL 1138 add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" 1139 run_cmd "$IP -6 ro add unreachable 2001:db8:104::/64" 1140 log_test $? 2 "Attempt to add duplicate route - reject route" 1141 1142 # route append with same prefix adds a new route 1143 # - iproute2 sets NLM_F_CREATE | NLM_F_APPEND 1144 add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" 1145 run_cmd "$IP -6 ro append 2001:db8:104::/64 via 2001:db8:103::2" 1146 check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" 1147 log_test $? 0 "Append nexthop to existing route - gw" 1148 1149 # insert mpath directly 1150 add_route6 "2001:db8:104::/64" "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1151 check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" 1152 log_test $? 0 "Add multipath route" 1153 1154 add_route6 "2001:db8:104::/64" "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1155 run_cmd "$IP -6 ro add 2001:db8:104::/64 nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1156 log_test $? 2 "Attempt to add duplicate multipath route" 1157 1158 # insert of a second route without append but different metric 1159 add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" 1160 run_cmd "$IP -6 ro add 2001:db8:104::/64 via 2001:db8:103::2 metric 512" 1161 rc=$? 1162 if [ $rc -eq 0 ]; then 1163 run_cmd "$IP -6 ro add 2001:db8:104::/64 via 2001:db8:103::3 metric 256" 1164 rc=$? 1165 fi 1166 log_test $rc 0 "Route add with different metrics" 1167 1168 run_cmd "$IP -6 ro del 2001:db8:104::/64 metric 512" 1169 rc=$? 1170 if [ $rc -eq 0 ]; then 1171 check_route6 "2001:db8:104::/64 via 2001:db8:103::3 dev veth3 metric 256 2001:db8:104::/64 via 2001:db8:101::2 dev veth1 metric 1024" 1172 rc=$? 1173 fi 1174 log_test $rc 0 "Route delete with metric" 1175} 1176 1177ipv6_rt_replace_single() 1178{ 1179 # single path with single path 1180 # 1181 add_initial_route6 "via 2001:db8:101::2" 1182 run_cmd "$IP -6 ro replace 2001:db8:104::/64 via 2001:db8:103::2" 1183 check_route6 "2001:db8:104::/64 via 2001:db8:103::2 dev veth3 metric 1024" 1184 log_test $? 0 "Single path with single path" 1185 1186 # single path with multipath 1187 # 1188 add_initial_route6 "nexthop via 2001:db8:101::2" 1189 run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:101::3 nexthop via 2001:db8:103::2" 1190 check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::3 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" 1191 log_test $? 0 "Single path with multipath" 1192 1193 # single path with single path using MULTIPATH attribute 1194 # 1195 add_initial_route6 "via 2001:db8:101::2" 1196 run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:103::2" 1197 check_route6 "2001:db8:104::/64 via 2001:db8:103::2 dev veth3 metric 1024" 1198 log_test $? 0 "Single path with single path via multipath attribute" 1199 1200 # route replace fails - invalid nexthop 1201 add_initial_route6 "via 2001:db8:101::2" 1202 run_cmd "$IP -6 ro replace 2001:db8:104::/64 via 2001:db8:104::2" 1203 if [ $? -eq 0 ]; then 1204 # previous command is expected to fail so if it returns 0 1205 # that means the test failed. 1206 log_test 0 1 "Invalid nexthop" 1207 else 1208 check_route6 "2001:db8:104::/64 via 2001:db8:101::2 dev veth1 metric 1024" 1209 log_test $? 0 "Invalid nexthop" 1210 fi 1211 1212 # replace non-existent route 1213 # - note use of change versus replace since ip adds NLM_F_CREATE 1214 # for replace 1215 add_initial_route6 "via 2001:db8:101::2" 1216 run_cmd "$IP -6 ro change 2001:db8:105::/64 via 2001:db8:101::2" 1217 log_test $? 2 "Single path - replace of non-existent route" 1218} 1219 1220ipv6_rt_replace_mpath() 1221{ 1222 # multipath with multipath 1223 add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1224 run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:101::3 nexthop via 2001:db8:103::3" 1225 check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::3 dev veth1 weight 1 nexthop via 2001:db8:103::3 dev veth3 weight 1" 1226 log_test $? 0 "Multipath with multipath" 1227 1228 # multipath with single 1229 add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1230 run_cmd "$IP -6 ro replace 2001:db8:104::/64 via 2001:db8:101::3" 1231 check_route6 "2001:db8:104::/64 via 2001:db8:101::3 dev veth1 metric 1024" 1232 log_test $? 0 "Multipath with single path" 1233 1234 # multipath with single 1235 add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1236 run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:101::3" 1237 check_route6 "2001:db8:104::/64 via 2001:db8:101::3 dev veth1 metric 1024" 1238 log_test $? 0 "Multipath with single path via multipath attribute" 1239 1240 # multipath with dev-only 1241 add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1242 run_cmd "$IP -6 ro replace 2001:db8:104::/64 dev veth1" 1243 check_route6 "2001:db8:104::/64 dev veth1 metric 1024" 1244 log_test $? 0 "Multipath with dev-only" 1245 1246 # route replace fails - invalid nexthop 1 1247 add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1248 run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:111::3 nexthop via 2001:db8:103::3" 1249 check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" 1250 log_test $? 0 "Multipath - invalid first nexthop" 1251 1252 # route replace fails - invalid nexthop 2 1253 add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1254 run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:101::3 nexthop via 2001:db8:113::3" 1255 check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" 1256 log_test $? 0 "Multipath - invalid second nexthop" 1257 1258 # multipath non-existent route 1259 add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1260 run_cmd "$IP -6 ro change 2001:db8:105::/64 nexthop via 2001:db8:101::3 nexthop via 2001:db8:103::3" 1261 log_test $? 2 "Multipath - replace of non-existent route" 1262} 1263 1264ipv6_rt_replace() 1265{ 1266 echo 1267 echo "IPv6 route replace tests" 1268 1269 ipv6_rt_replace_single 1270 ipv6_rt_replace_mpath 1271} 1272 1273ipv6_rt_dsfield() 1274{ 1275 echo 1276 echo "IPv6 route with dsfield tests" 1277 1278 run_cmd "$IP -6 route flush 2001:db8:102::/64" 1279 1280 # IPv6 doesn't support routing based on dsfield 1281 run_cmd "$IP -6 route add 2001:db8:102::/64 dsfield 0x04 via 2001:db8:101::2" 1282 log_test $? 2 "Reject route with dsfield" 1283} 1284 1285ipv6_route_test() 1286{ 1287 route_setup 1288 1289 ipv6_rt_add 1290 ipv6_rt_replace 1291 ipv6_rt_dsfield 1292 1293 route_cleanup 1294} 1295 1296ip_addr_metric_check() 1297{ 1298 ip addr help 2>&1 | grep -q metric 1299 if [ $? -ne 0 ]; then 1300 echo "iproute2 command does not support metric for addresses. Skipping test" 1301 return 1 1302 fi 1303 1304 return 0 1305} 1306 1307ipv6_addr_metric_test() 1308{ 1309 local rc 1310 1311 echo 1312 echo "IPv6 prefix route tests" 1313 1314 ip_addr_metric_check || return 1 1315 1316 setup 1317 1318 set -e 1319 $IP li add dummy1 type dummy 1320 $IP li add dummy2 type dummy 1321 $IP li set dummy1 up 1322 $IP li set dummy2 up 1323 1324 # default entry is metric 256 1325 run_cmd "$IP -6 addr add dev dummy1 2001:db8:104::1/64" 1326 run_cmd "$IP -6 addr add dev dummy2 2001:db8:104::2/64" 1327 set +e 1328 1329 check_route6 "2001:db8:104::/64 dev dummy1 proto kernel metric 256 2001:db8:104::/64 dev dummy2 proto kernel metric 256" 1330 log_test $? 0 "Default metric" 1331 1332 set -e 1333 run_cmd "$IP -6 addr flush dev dummy1" 1334 run_cmd "$IP -6 addr add dev dummy1 2001:db8:104::1/64 metric 257" 1335 set +e 1336 1337 check_route6 "2001:db8:104::/64 dev dummy2 proto kernel metric 256 2001:db8:104::/64 dev dummy1 proto kernel metric 257" 1338 log_test $? 0 "User specified metric on first device" 1339 1340 set -e 1341 run_cmd "$IP -6 addr flush dev dummy2" 1342 run_cmd "$IP -6 addr add dev dummy2 2001:db8:104::2/64 metric 258" 1343 set +e 1344 1345 check_route6 "2001:db8:104::/64 dev dummy1 proto kernel metric 257 2001:db8:104::/64 dev dummy2 proto kernel metric 258" 1346 log_test $? 0 "User specified metric on second device" 1347 1348 run_cmd "$IP -6 addr del dev dummy1 2001:db8:104::1/64 metric 257" 1349 rc=$? 1350 if [ $rc -eq 0 ]; then 1351 check_route6 "2001:db8:104::/64 dev dummy2 proto kernel metric 258" 1352 rc=$? 1353 fi 1354 log_test $rc 0 "Delete of address on first device" 1355 1356 run_cmd "$IP -6 addr change dev dummy2 2001:db8:104::2/64 metric 259" 1357 rc=$? 1358 if [ $rc -eq 0 ]; then 1359 check_route6 "2001:db8:104::/64 dev dummy2 proto kernel metric 259" 1360 rc=$? 1361 fi 1362 log_test $rc 0 "Modify metric of address" 1363 1364 # verify prefix route removed on down 1365 run_cmd "ip netns exec $ns1 sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1" 1366 run_cmd "$IP li set dev dummy2 down" 1367 rc=$? 1368 if [ $rc -eq 0 ]; then 1369 out=$($IP -6 ro ls match 2001:db8:104::/64) 1370 check_expected "${out}" "" 1371 rc=$? 1372 fi 1373 log_test $rc 0 "Prefix route removed on link down" 1374 1375 # verify prefix route re-inserted with assigned metric 1376 run_cmd "$IP li set dev dummy2 up" 1377 rc=$? 1378 if [ $rc -eq 0 ]; then 1379 check_route6 "2001:db8:104::/64 dev dummy2 proto kernel metric 259" 1380 rc=$? 1381 fi 1382 log_test $rc 0 "Prefix route with metric on link up" 1383 1384 # verify peer metric added correctly 1385 set -e 1386 run_cmd "$IP -6 addr flush dev dummy2" 1387 run_cmd "$IP -6 addr add dev dummy2 2001:db8:104::1 peer 2001:db8:104::2 metric 260" 1388 set +e 1389 1390 check_route6 "2001:db8:104::1 dev dummy2 proto kernel metric 260" 1391 log_test $? 0 "Set metric with peer route on local side" 1392 check_route6 "2001:db8:104::2 dev dummy2 proto kernel metric 260" 1393 log_test $? 0 "Set metric with peer route on peer side" 1394 1395 set -e 1396 run_cmd "$IP -6 addr change dev dummy2 2001:db8:104::1 peer 2001:db8:104::3 metric 261" 1397 set +e 1398 1399 check_route6 "2001:db8:104::1 dev dummy2 proto kernel metric 261" 1400 log_test $? 0 "Modify metric and peer address on local side" 1401 check_route6 "2001:db8:104::3 dev dummy2 proto kernel metric 261" 1402 log_test $? 0 "Modify metric and peer address on peer side" 1403 1404 $IP li del dummy1 1405 $IP li del dummy2 1406 cleanup 1407} 1408 1409ipv6_route_metrics_test() 1410{ 1411 local rc 1412 1413 echo 1414 echo "IPv6 routes with metrics" 1415 1416 route_setup 1417 1418 # 1419 # single path with metrics 1420 # 1421 run_cmd "$IP -6 ro add 2001:db8:111::/64 via 2001:db8:101::2 mtu 1400" 1422 rc=$? 1423 if [ $rc -eq 0 ]; then 1424 check_route6 "2001:db8:111::/64 via 2001:db8:101::2 dev veth1 metric 1024 mtu 1400" 1425 rc=$? 1426 fi 1427 log_test $rc 0 "Single path route with mtu metric" 1428 1429 1430 # 1431 # multipath via separate routes with metrics 1432 # 1433 run_cmd "$IP -6 ro add 2001:db8:112::/64 via 2001:db8:101::2 mtu 1400" 1434 run_cmd "$IP -6 ro append 2001:db8:112::/64 via 2001:db8:103::2" 1435 rc=$? 1436 if [ $rc -eq 0 ]; then 1437 check_route6 "2001:db8:112::/64 metric 1024 mtu 1400 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" 1438 rc=$? 1439 fi 1440 log_test $rc 0 "Multipath route via 2 single routes with mtu metric on first" 1441 1442 # second route is coalesced to first to make a multipath route. 1443 # MTU of the second path is hidden from display! 1444 run_cmd "$IP -6 ro add 2001:db8:113::/64 via 2001:db8:101::2" 1445 run_cmd "$IP -6 ro append 2001:db8:113::/64 via 2001:db8:103::2 mtu 1400" 1446 rc=$? 1447 if [ $rc -eq 0 ]; then 1448 check_route6 "2001:db8:113::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" 1449 rc=$? 1450 fi 1451 log_test $rc 0 "Multipath route via 2 single routes with mtu metric on 2nd" 1452 1453 run_cmd "$IP -6 ro del 2001:db8:113::/64 via 2001:db8:101::2" 1454 if [ $? -eq 0 ]; then 1455 check_route6 "2001:db8:113::/64 via 2001:db8:103::2 dev veth3 metric 1024 mtu 1400" 1456 log_test $? 0 " MTU of second leg" 1457 fi 1458 1459 # 1460 # multipath with metrics 1461 # 1462 run_cmd "$IP -6 ro add 2001:db8:115::/64 mtu 1400 nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" 1463 rc=$? 1464 if [ $rc -eq 0 ]; then 1465 check_route6 "2001:db8:115::/64 metric 1024 mtu 1400 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" 1466 rc=$? 1467 fi 1468 log_test $rc 0 "Multipath route with mtu metric" 1469 1470 $IP -6 ro add 2001:db8:104::/64 via 2001:db8:101::2 mtu 1300 1471 run_cmd "ip netns exec $ns1 ${ping6} -w1 -c1 -s 1500 2001:db8:104::1" 1472 log_test $? 0 "Using route with mtu metric" 1473 1474 run_cmd "$IP -6 ro add 2001:db8:114::/64 via 2001:db8:101::2 congctl lock foo" 1475 log_test $? 2 "Invalid metric (fails metric_convert)" 1476 1477 route_cleanup 1478} 1479 1480fib6_ra_to_static() 1481{ 1482 setup 1483 1484 echo 1485 echo "Fib6 route promotion from RA-learned to static test" 1486 set -e 1487 1488 # ra6 is required for the test. (ipv6toolkit) 1489 if [ ! -x "$(command -v ra6)" ]; then 1490 echo "SKIP: ra6 not found." 1491 set +e 1492 cleanup &> /dev/null 1493 return 1494 fi 1495 1496 # Create a pair of veth devices to send a RA message from one 1497 # device to another. 1498 $IP link add veth1 type veth peer name veth2 1499 $IP link set dev veth1 up 1500 $IP link set dev veth2 up 1501 $IP -6 address add 2001:10::1/64 dev veth1 nodad 1502 $IP -6 address add 2001:10::2/64 dev veth2 nodad 1503 1504 # Make veth1 ready to receive RA messages. 1505 $NS_EXEC sysctl -wq net.ipv6.conf.veth1.accept_ra=2 1506 1507 # Send a RA message with a prefix from veth2. 1508 $NS_EXEC ra6 -i veth2 -d 2001:10::1 -P 2001:12::/64\#LA\#120\#60 1509 1510 # Wait for the RA message. 1511 sleep 1 1512 1513 # systemd may mess up the test. Make sure that 1514 # systemd-networkd.service and systemd-networkd.socket are stopped. 1515 check_rt_num_clean 2 $($IP -6 route list|grep expires|wc -l) || return 1516 1517 # Configure static address on the same prefix 1518 $IP -6 address add 2001:12::dead/64 dev veth1 nodad 1519 1520 # On-link route won't expire anymore, default route still owned by RA 1521 check_rt_num 1 $($IP -6 route list |grep expires|wc -l) 1522 1523 # Send a second RA message with a prefix from veth2. 1524 $NS_EXEC ra6 -i veth2 -d 2001:10::1 -P 2001:12::/64\#LA\#120\#60 1525 sleep 1 1526 1527 # Expire is not back, on-link route is still static 1528 check_rt_num 1 $($IP -6 route list |grep expires|wc -l) 1529 1530 $IP -6 address del 2001:12::dead/64 dev veth1 nodad 1531 1532 # Expire is back, on-link route is now owned by RA again 1533 check_rt_num 2 $($IP -6 route list |grep expires|wc -l) 1534 1535 log_test $ret 0 "ipv6 promote RA route to static" 1536 1537 set +e 1538 1539 cleanup &> /dev/null 1540} 1541 1542# add route for a prefix, flushing any existing routes first 1543# expected to be the first step of a test 1544add_route() 1545{ 1546 local pfx="$1" 1547 local nh="$2" 1548 local out 1549 1550 if [ "$VERBOSE" = "1" ]; then 1551 echo 1552 echo " ##################################################" 1553 echo 1554 fi 1555 1556 run_cmd "$IP ro flush ${pfx}" 1557 [ $? -ne 0 ] && exit 1 1558 1559 out=$($IP ro ls match ${pfx}) 1560 if [ -n "$out" ]; then 1561 echo "Failed to flush routes for prefix used for tests." 1562 exit 1 1563 fi 1564 1565 run_cmd "$IP ro add ${pfx} ${nh}" 1566 if [ $? -ne 0 ]; then 1567 echo "Failed to add initial route for test." 1568 exit 1 1569 fi 1570} 1571 1572# add initial route - used in replace route tests 1573add_initial_route() 1574{ 1575 add_route "172.16.104.0/24" "$1" 1576} 1577 1578check_route() 1579{ 1580 local pfx 1581 local expected="$1" 1582 local out 1583 1584 set -- $expected 1585 pfx=$1 1586 [ "${pfx}" = "unreachable" ] && pfx=$2 1587 1588 out=$($IP ro ls match ${pfx}) 1589 check_expected "${out}" "${expected}" 1590} 1591 1592# assumption is that basic add of a single path route works 1593# otherwise just adding an address on an interface is broken 1594ipv4_rt_add() 1595{ 1596 local rc 1597 1598 echo 1599 echo "IPv4 route add / append tests" 1600 1601 # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL 1602 add_route "172.16.104.0/24" "via 172.16.101.2" 1603 run_cmd "$IP ro add 172.16.104.0/24 via 172.16.103.2" 1604 log_test $? 2 "Attempt to add duplicate route - gw" 1605 1606 # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL 1607 add_route "172.16.104.0/24" "via 172.16.101.2" 1608 run_cmd "$IP ro add 172.16.104.0/24 dev veth3" 1609 log_test $? 2 "Attempt to add duplicate route - dev only" 1610 1611 # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL 1612 add_route "172.16.104.0/24" "via 172.16.101.2" 1613 run_cmd "$IP ro add unreachable 172.16.104.0/24" 1614 log_test $? 2 "Attempt to add duplicate route - reject route" 1615 1616 # iproute2 prepend only sets NLM_F_CREATE 1617 # - adds a new route; does NOT convert existing route to ECMP 1618 add_route "172.16.104.0/24" "via 172.16.101.2" 1619 run_cmd "$IP ro prepend 172.16.104.0/24 via 172.16.103.2" 1620 check_route "172.16.104.0/24 via 172.16.103.2 dev veth3 172.16.104.0/24 via 172.16.101.2 dev veth1" 1621 log_test $? 0 "Add new nexthop for existing prefix" 1622 1623 # route append with same prefix adds a new route 1624 # - iproute2 sets NLM_F_CREATE | NLM_F_APPEND 1625 add_route "172.16.104.0/24" "via 172.16.101.2" 1626 run_cmd "$IP ro append 172.16.104.0/24 via 172.16.103.2" 1627 check_route "172.16.104.0/24 via 172.16.101.2 dev veth1 172.16.104.0/24 via 172.16.103.2 dev veth3" 1628 log_test $? 0 "Append nexthop to existing route - gw" 1629 1630 add_route "172.16.104.0/24" "via 172.16.101.2" 1631 run_cmd "$IP ro append 172.16.104.0/24 dev veth3" 1632 check_route "172.16.104.0/24 via 172.16.101.2 dev veth1 172.16.104.0/24 dev veth3 scope link" 1633 log_test $? 0 "Append nexthop to existing route - dev only" 1634 1635 add_route "172.16.104.0/24" "via 172.16.101.2" 1636 run_cmd "$IP ro append unreachable 172.16.104.0/24" 1637 check_route "172.16.104.0/24 via 172.16.101.2 dev veth1 unreachable 172.16.104.0/24" 1638 log_test $? 0 "Append nexthop to existing route - reject route" 1639 1640 run_cmd "$IP ro flush 172.16.104.0/24" 1641 run_cmd "$IP ro add unreachable 172.16.104.0/24" 1642 run_cmd "$IP ro append 172.16.104.0/24 via 172.16.103.2" 1643 check_route "unreachable 172.16.104.0/24 172.16.104.0/24 via 172.16.103.2 dev veth3" 1644 log_test $? 0 "Append nexthop to existing reject route - gw" 1645 1646 run_cmd "$IP ro flush 172.16.104.0/24" 1647 run_cmd "$IP ro add unreachable 172.16.104.0/24" 1648 run_cmd "$IP ro append 172.16.104.0/24 dev veth3" 1649 check_route "unreachable 172.16.104.0/24 172.16.104.0/24 dev veth3 scope link" 1650 log_test $? 0 "Append nexthop to existing reject route - dev only" 1651 1652 # insert mpath directly 1653 add_route "172.16.104.0/24" "nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1654 check_route "172.16.104.0/24 nexthop via 172.16.101.2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" 1655 log_test $? 0 "add multipath route" 1656 1657 add_route "172.16.104.0/24" "nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1658 run_cmd "$IP ro add 172.16.104.0/24 nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1659 log_test $? 2 "Attempt to add duplicate multipath route" 1660 1661 # insert of a second route without append but different metric 1662 add_route "172.16.104.0/24" "via 172.16.101.2" 1663 run_cmd "$IP ro add 172.16.104.0/24 via 172.16.103.2 metric 512" 1664 rc=$? 1665 if [ $rc -eq 0 ]; then 1666 run_cmd "$IP ro add 172.16.104.0/24 via 172.16.103.3 metric 256" 1667 rc=$? 1668 fi 1669 log_test $rc 0 "Route add with different metrics" 1670 1671 run_cmd "$IP ro del 172.16.104.0/24 metric 512" 1672 rc=$? 1673 if [ $rc -eq 0 ]; then 1674 check_route "172.16.104.0/24 via 172.16.101.2 dev veth1 172.16.104.0/24 via 172.16.103.3 dev veth3 metric 256" 1675 rc=$? 1676 fi 1677 log_test $rc 0 "Route delete with metric" 1678} 1679 1680ipv4_rt_replace_single() 1681{ 1682 # single path with single path 1683 # 1684 add_initial_route "via 172.16.101.2" 1685 run_cmd "$IP ro replace 172.16.104.0/24 via 172.16.103.2" 1686 check_route "172.16.104.0/24 via 172.16.103.2 dev veth3" 1687 log_test $? 0 "Single path with single path" 1688 1689 # single path with multipath 1690 # 1691 add_initial_route "nexthop via 172.16.101.2" 1692 run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.101.3 nexthop via 172.16.103.2" 1693 check_route "172.16.104.0/24 nexthop via 172.16.101.3 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" 1694 log_test $? 0 "Single path with multipath" 1695 1696 # single path with reject 1697 # 1698 add_initial_route "nexthop via 172.16.101.2" 1699 run_cmd "$IP ro replace unreachable 172.16.104.0/24" 1700 check_route "unreachable 172.16.104.0/24" 1701 log_test $? 0 "Single path with reject route" 1702 1703 # single path with single path using MULTIPATH attribute 1704 # 1705 add_initial_route "via 172.16.101.2" 1706 run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.103.2" 1707 check_route "172.16.104.0/24 via 172.16.103.2 dev veth3" 1708 log_test $? 0 "Single path with single path via multipath attribute" 1709 1710 # route replace fails - invalid nexthop 1711 add_initial_route "via 172.16.101.2" 1712 run_cmd "$IP ro replace 172.16.104.0/24 via 2001:db8:104::2" 1713 if [ $? -eq 0 ]; then 1714 # previous command is expected to fail so if it returns 0 1715 # that means the test failed. 1716 log_test 0 1 "Invalid nexthop" 1717 else 1718 check_route "172.16.104.0/24 via 172.16.101.2 dev veth1" 1719 log_test $? 0 "Invalid nexthop" 1720 fi 1721 1722 # replace non-existent route 1723 # - note use of change versus replace since ip adds NLM_F_CREATE 1724 # for replace 1725 add_initial_route "via 172.16.101.2" 1726 run_cmd "$IP ro change 172.16.105.0/24 via 172.16.101.2" 1727 log_test $? 2 "Single path - replace of non-existent route" 1728} 1729 1730ipv4_rt_replace_mpath() 1731{ 1732 # multipath with multipath 1733 add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1734 run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.101.3 nexthop via 172.16.103.3" 1735 check_route "172.16.104.0/24 nexthop via 172.16.101.3 dev veth1 weight 1 nexthop via 172.16.103.3 dev veth3 weight 1" 1736 log_test $? 0 "Multipath with multipath" 1737 1738 # multipath with single 1739 add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1740 run_cmd "$IP ro replace 172.16.104.0/24 via 172.16.101.3" 1741 check_route "172.16.104.0/24 via 172.16.101.3 dev veth1" 1742 log_test $? 0 "Multipath with single path" 1743 1744 # multipath with single 1745 add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1746 run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.101.3" 1747 check_route "172.16.104.0/24 via 172.16.101.3 dev veth1" 1748 log_test $? 0 "Multipath with single path via multipath attribute" 1749 1750 # multipath with reject 1751 add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1752 run_cmd "$IP ro replace unreachable 172.16.104.0/24" 1753 check_route "unreachable 172.16.104.0/24" 1754 log_test $? 0 "Multipath with reject route" 1755 1756 # route replace fails - invalid nexthop 1 1757 add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1758 run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.111.3 nexthop via 172.16.103.3" 1759 check_route "172.16.104.0/24 nexthop via 172.16.101.2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" 1760 log_test $? 0 "Multipath - invalid first nexthop" 1761 1762 # route replace fails - invalid nexthop 2 1763 add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1764 run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.101.3 nexthop via 172.16.113.3" 1765 check_route "172.16.104.0/24 nexthop via 172.16.101.2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" 1766 log_test $? 0 "Multipath - invalid second nexthop" 1767 1768 # multipath non-existent route 1769 add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" 1770 run_cmd "$IP ro change 172.16.105.0/24 nexthop via 172.16.101.3 nexthop via 172.16.103.3" 1771 log_test $? 2 "Multipath - replace of non-existent route" 1772} 1773 1774ipv4_rt_replace() 1775{ 1776 echo 1777 echo "IPv4 route replace tests" 1778 1779 ipv4_rt_replace_single 1780 ipv4_rt_replace_mpath 1781} 1782 1783# checks that cached input route on VRF port is deleted 1784# when VRF is deleted 1785ipv4_local_rt_cache() 1786{ 1787 run_cmd "ip addr add 10.0.0.1/32 dev lo" 1788 run_cmd "setup_ns test-ns" 1789 run_cmd "ip link add veth-outside type veth peer name veth-inside" 1790 run_cmd "ip link add vrf-100 type vrf table 1100" 1791 run_cmd "ip link set veth-outside master vrf-100" 1792 run_cmd "ip link set veth-inside netns $test-ns" 1793 run_cmd "ip link set veth-outside up" 1794 run_cmd "ip link set vrf-100 up" 1795 run_cmd "ip route add 10.1.1.1/32 dev veth-outside table 1100" 1796 run_cmd "ip netns exec $test-ns ip link set veth-inside up" 1797 run_cmd "ip netns exec $test-ns ip addr add 10.1.1.1/32 dev veth-inside" 1798 run_cmd "ip netns exec $test-ns ip route add 10.0.0.1/32 dev veth-inside" 1799 run_cmd "ip netns exec $test-ns ip route add default via 10.0.0.1" 1800 run_cmd "ip netns exec $test-ns ping 10.0.0.1 -c 1 -i 1" 1801 run_cmd "ip link delete vrf-100" 1802 1803 # if we do not hang test is a success 1804 log_test $? 0 "Cached route removed from VRF port device" 1805} 1806 1807ipv4_rt_dsfield() 1808{ 1809 echo 1810 echo "IPv4 route with dsfield tests" 1811 1812 run_cmd "$IP route flush 172.16.102.0/24" 1813 1814 # New routes should reject dsfield options that interfere with ECN 1815 run_cmd "$IP route add 172.16.102.0/24 dsfield 0x01 via 172.16.101.2" 1816 log_test $? 2 "Reject route with dsfield 0x01" 1817 1818 run_cmd "$IP route add 172.16.102.0/24 dsfield 0x02 via 172.16.101.2" 1819 log_test $? 2 "Reject route with dsfield 0x02" 1820 1821 run_cmd "$IP route add 172.16.102.0/24 dsfield 0x03 via 172.16.101.2" 1822 log_test $? 2 "Reject route with dsfield 0x03" 1823 1824 # A generic route that doesn't take DSCP into account 1825 run_cmd "$IP route add 172.16.102.0/24 via 172.16.101.2" 1826 1827 # A more specific route for DSCP 0x10 1828 run_cmd "$IP route add 172.16.102.0/24 dsfield 0x10 via 172.16.103.2" 1829 1830 # DSCP 0x10 should match the specific route, no matter the ECN bits 1831 $IP route get fibmatch 172.16.102.1 dsfield 0x10 | \ 1832 grep -q "172.16.102.0/24 tos 0x10 via 172.16.103.2" 1833 log_test $? 0 "IPv4 route with DSCP and ECN:Not-ECT" 1834 1835 $IP route get fibmatch 172.16.102.1 dsfield 0x11 | \ 1836 grep -q "172.16.102.0/24 tos 0x10 via 172.16.103.2" 1837 log_test $? 0 "IPv4 route with DSCP and ECN:ECT(1)" 1838 1839 $IP route get fibmatch 172.16.102.1 dsfield 0x12 | \ 1840 grep -q "172.16.102.0/24 tos 0x10 via 172.16.103.2" 1841 log_test $? 0 "IPv4 route with DSCP and ECN:ECT(0)" 1842 1843 $IP route get fibmatch 172.16.102.1 dsfield 0x13 | \ 1844 grep -q "172.16.102.0/24 tos 0x10 via 172.16.103.2" 1845 log_test $? 0 "IPv4 route with DSCP and ECN:CE" 1846 1847 # Unknown DSCP should match the generic route, no matter the ECN bits 1848 $IP route get fibmatch 172.16.102.1 dsfield 0x14 | \ 1849 grep -q "172.16.102.0/24 via 172.16.101.2" 1850 log_test $? 0 "IPv4 route with unknown DSCP and ECN:Not-ECT" 1851 1852 $IP route get fibmatch 172.16.102.1 dsfield 0x15 | \ 1853 grep -q "172.16.102.0/24 via 172.16.101.2" 1854 log_test $? 0 "IPv4 route with unknown DSCP and ECN:ECT(1)" 1855 1856 $IP route get fibmatch 172.16.102.1 dsfield 0x16 | \ 1857 grep -q "172.16.102.0/24 via 172.16.101.2" 1858 log_test $? 0 "IPv4 route with unknown DSCP and ECN:ECT(0)" 1859 1860 $IP route get fibmatch 172.16.102.1 dsfield 0x17 | \ 1861 grep -q "172.16.102.0/24 via 172.16.101.2" 1862 log_test $? 0 "IPv4 route with unknown DSCP and ECN:CE" 1863 1864 # Null DSCP should match the generic route, no matter the ECN bits 1865 $IP route get fibmatch 172.16.102.1 dsfield 0x00 | \ 1866 grep -q "172.16.102.0/24 via 172.16.101.2" 1867 log_test $? 0 "IPv4 route with no DSCP and ECN:Not-ECT" 1868 1869 $IP route get fibmatch 172.16.102.1 dsfield 0x01 | \ 1870 grep -q "172.16.102.0/24 via 172.16.101.2" 1871 log_test $? 0 "IPv4 route with no DSCP and ECN:ECT(1)" 1872 1873 $IP route get fibmatch 172.16.102.1 dsfield 0x02 | \ 1874 grep -q "172.16.102.0/24 via 172.16.101.2" 1875 log_test $? 0 "IPv4 route with no DSCP and ECN:ECT(0)" 1876 1877 $IP route get fibmatch 172.16.102.1 dsfield 0x03 | \ 1878 grep -q "172.16.102.0/24 via 172.16.101.2" 1879 log_test $? 0 "IPv4 route with no DSCP and ECN:CE" 1880} 1881 1882ipv4_route_test() 1883{ 1884 route_setup 1885 1886 ipv4_rt_add 1887 ipv4_rt_replace 1888 ipv4_local_rt_cache 1889 ipv4_rt_dsfield 1890 1891 route_cleanup 1892} 1893 1894ipv4_addr_metric_test() 1895{ 1896 local rc 1897 1898 echo 1899 echo "IPv4 prefix route tests" 1900 1901 ip_addr_metric_check || return 1 1902 1903 setup 1904 1905 set -e 1906 $IP li add dummy1 type dummy 1907 $IP li add dummy2 type dummy 1908 $IP li set dummy1 up 1909 $IP li set dummy2 up 1910 1911 # default entry is metric 256 1912 run_cmd "$IP addr add dev dummy1 172.16.104.1/24" 1913 run_cmd "$IP addr add dev dummy2 172.16.104.2/24" 1914 set +e 1915 1916 check_route "172.16.104.0/24 dev dummy1 proto kernel scope link src 172.16.104.1 172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2" 1917 log_test $? 0 "Default metric" 1918 1919 set -e 1920 run_cmd "$IP addr flush dev dummy1" 1921 run_cmd "$IP addr add dev dummy1 172.16.104.1/24 metric 257" 1922 set +e 1923 1924 check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 172.16.104.0/24 dev dummy1 proto kernel scope link src 172.16.104.1 metric 257" 1925 log_test $? 0 "User specified metric on first device" 1926 1927 set -e 1928 run_cmd "$IP addr flush dev dummy2" 1929 run_cmd "$IP addr add dev dummy2 172.16.104.2/24 metric 258" 1930 set +e 1931 1932 check_route "172.16.104.0/24 dev dummy1 proto kernel scope link src 172.16.104.1 metric 257 172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 metric 258" 1933 log_test $? 0 "User specified metric on second device" 1934 1935 run_cmd "$IP addr del dev dummy1 172.16.104.1/24 metric 257" 1936 rc=$? 1937 if [ $rc -eq 0 ]; then 1938 check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 metric 258" 1939 rc=$? 1940 fi 1941 log_test $rc 0 "Delete of address on first device" 1942 1943 run_cmd "$IP addr change dev dummy2 172.16.104.2/24 metric 259" 1944 rc=$? 1945 if [ $rc -eq 0 ]; then 1946 check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 metric 259" 1947 rc=$? 1948 fi 1949 log_test $rc 0 "Modify metric of address" 1950 1951 # verify prefix route removed on down 1952 run_cmd "$IP li set dev dummy2 down" 1953 rc=$? 1954 if [ $rc -eq 0 ]; then 1955 out=$($IP ro ls match 172.16.104.0/24) 1956 check_expected "${out}" "" 1957 rc=$? 1958 fi 1959 log_test $rc 0 "Prefix route removed on link down" 1960 1961 # verify prefix route re-inserted with assigned metric 1962 run_cmd "$IP li set dev dummy2 up" 1963 rc=$? 1964 if [ $rc -eq 0 ]; then 1965 check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 metric 259" 1966 rc=$? 1967 fi 1968 log_test $rc 0 "Prefix route with metric on link up" 1969 1970 # explicitly check for metric changes on edge scenarios 1971 run_cmd "$IP addr flush dev dummy2" 1972 run_cmd "$IP addr add dev dummy2 172.16.104.0/24 metric 259" 1973 run_cmd "$IP addr change dev dummy2 172.16.104.0/24 metric 260" 1974 rc=$? 1975 if [ $rc -eq 0 ]; then 1976 check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.0 metric 260" 1977 rc=$? 1978 fi 1979 log_test $rc 0 "Modify metric of .0/24 address" 1980 1981 run_cmd "$IP addr flush dev dummy2" 1982 run_cmd "$IP addr add dev dummy2 172.16.104.1/32 peer 172.16.104.2 metric 260" 1983 rc=$? 1984 if [ $rc -eq 0 ]; then 1985 check_route "172.16.104.2 dev dummy2 proto kernel scope link src 172.16.104.1 metric 260" 1986 rc=$? 1987 fi 1988 log_test $rc 0 "Set metric of address with peer route" 1989 1990 run_cmd "$IP addr change dev dummy2 172.16.104.1/32 peer 172.16.104.3 metric 261" 1991 rc=$? 1992 if [ $rc -eq 0 ]; then 1993 check_route "172.16.104.3 dev dummy2 proto kernel scope link src 172.16.104.1 metric 261" 1994 rc=$? 1995 fi 1996 log_test $rc 0 "Modify metric and peer address for peer route" 1997 1998 $IP li del dummy1 1999 $IP li del dummy2 2000 cleanup 2001} 2002 2003ipv4_route_metrics_test() 2004{ 2005 local rc 2006 2007 echo 2008 echo "IPv4 route add / append tests" 2009 2010 route_setup 2011 2012 run_cmd "$IP ro add 172.16.111.0/24 via 172.16.101.2 mtu 1400" 2013 rc=$? 2014 if [ $rc -eq 0 ]; then 2015 check_route "172.16.111.0/24 via 172.16.101.2 dev veth1 mtu 1400" 2016 rc=$? 2017 fi 2018 log_test $rc 0 "Single path route with mtu metric" 2019 2020 2021 run_cmd "$IP ro add 172.16.112.0/24 mtu 1400 nexthop via 172.16.101.2 nexthop via 172.16.103.2" 2022 rc=$? 2023 if [ $rc -eq 0 ]; then 2024 check_route "172.16.112.0/24 mtu 1400 nexthop via 172.16.101.2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" 2025 rc=$? 2026 fi 2027 log_test $rc 0 "Multipath route with mtu metric" 2028 2029 $IP ro add 172.16.104.0/24 via 172.16.101.2 mtu 1300 2030 run_cmd "ip netns exec $ns1 ping -w1 -c1 -s 1500 172.16.104.1" 2031 log_test $? 0 "Using route with mtu metric" 2032 2033 run_cmd "$IP ro add 172.16.111.0/24 via 172.16.101.2 congctl lock foo" 2034 log_test $? 2 "Invalid metric (fails metric_convert)" 2035 2036 route_cleanup 2037} 2038 2039ipv4_del_addr_test() 2040{ 2041 echo 2042 echo "IPv4 delete address route tests" 2043 2044 setup 2045 2046 set -e 2047 $IP li add dummy1 type dummy 2048 $IP li set dummy1 up 2049 $IP li add dummy2 type dummy 2050 $IP li set dummy2 up 2051 $IP li add red type vrf table 1111 2052 $IP li set red up 2053 $IP ro add vrf red unreachable default 2054 $IP li set dummy2 vrf red 2055 2056 $IP addr add dev dummy1 172.16.104.1/24 2057 $IP addr add dev dummy1 172.16.104.11/24 2058 $IP addr add dev dummy1 172.16.104.12/24 2059 $IP addr add dev dummy1 172.16.104.13/24 2060 $IP addr add dev dummy2 172.16.104.1/24 2061 $IP addr add dev dummy2 172.16.104.11/24 2062 $IP addr add dev dummy2 172.16.104.12/24 2063 $IP route add 172.16.105.0/24 via 172.16.104.2 src 172.16.104.11 2064 $IP route add 172.16.106.0/24 dev lo src 172.16.104.12 2065 $IP route add table 0 172.16.107.0/24 via 172.16.104.2 src 172.16.104.13 2066 $IP route add vrf red 172.16.105.0/24 via 172.16.104.2 src 172.16.104.11 2067 $IP route add vrf red 172.16.106.0/24 dev lo src 172.16.104.12 2068 set +e 2069 2070 # removing address from device in vrf should only remove route from vrf table 2071 echo " Regular FIB info" 2072 2073 $IP addr del dev dummy2 172.16.104.11/24 2074 $IP ro ls vrf red | grep -q 172.16.105.0/24 2075 log_test $? 1 "Route removed from VRF when source address deleted" 2076 2077 $IP ro ls | grep -q 172.16.105.0/24 2078 log_test $? 0 "Route in default VRF not removed" 2079 2080 $IP addr add dev dummy2 172.16.104.11/24 2081 $IP route add vrf red 172.16.105.0/24 via 172.16.104.2 src 172.16.104.11 2082 2083 $IP addr del dev dummy1 172.16.104.11/24 2084 $IP ro ls | grep -q 172.16.105.0/24 2085 log_test $? 1 "Route removed in default VRF when source address deleted" 2086 2087 $IP ro ls vrf red | grep -q 172.16.105.0/24 2088 log_test $? 0 "Route in VRF is not removed by address delete" 2089 2090 # removing address from device in vrf should only remove route from vrf 2091 # table even when the associated fib info only differs in table ID 2092 echo " Identical FIB info with different table ID" 2093 2094 $IP addr del dev dummy2 172.16.104.12/24 2095 $IP ro ls vrf red | grep -q 172.16.106.0/24 2096 log_test $? 1 "Route removed from VRF when source address deleted" 2097 2098 $IP ro ls | grep -q 172.16.106.0/24 2099 log_test $? 0 "Route in default VRF not removed" 2100 2101 $IP addr add dev dummy2 172.16.104.12/24 2102 $IP route add vrf red 172.16.106.0/24 dev lo src 172.16.104.12 2103 2104 $IP addr del dev dummy1 172.16.104.12/24 2105 $IP ro ls | grep -q 172.16.106.0/24 2106 log_test $? 1 "Route removed in default VRF when source address deleted" 2107 2108 $IP ro ls vrf red | grep -q 172.16.106.0/24 2109 log_test $? 0 "Route in VRF is not removed by address delete" 2110 2111 # removing address from device in default vrf should remove route from 2112 # the default vrf even when route was inserted with a table ID of 0. 2113 echo " Table ID 0" 2114 2115 $IP addr del dev dummy1 172.16.104.13/24 2116 $IP ro ls | grep -q 172.16.107.0/24 2117 log_test $? 1 "Route removed in default VRF when source address deleted" 2118 2119 $IP li del dummy1 2120 $IP li del dummy2 2121 cleanup 2122} 2123 2124ipv6_del_addr_test() 2125{ 2126 echo 2127 echo "IPv6 delete address route tests" 2128 2129 setup 2130 2131 set -e 2132 for i in $(seq 6); do 2133 $IP li add dummy${i} up type dummy 2134 done 2135 2136 $IP li add red up type vrf table 1111 2137 $IP ro add vrf red unreachable default 2138 for i in $(seq 4 6); do 2139 $IP li set dummy${i} vrf red 2140 done 2141 2142 $IP addr add dev dummy1 fe80::1/128 2143 $IP addr add dev dummy1 2001:db8:101::1/64 2144 $IP addr add dev dummy1 2001:db8:101::10/64 2145 $IP addr add dev dummy1 2001:db8:101::11/64 2146 $IP addr add dev dummy1 2001:db8:101::12/64 2147 $IP addr add dev dummy1 2001:db8:101::13/64 2148 $IP addr add dev dummy1 2001:db8:101::14/64 2149 $IP addr add dev dummy1 2001:db8:101::15/64 2150 $IP addr add dev dummy2 fe80::1/128 2151 $IP addr add dev dummy2 2001:db8:101::1/64 2152 $IP addr add dev dummy2 2001:db8:101::11/64 2153 $IP addr add dev dummy3 fe80::1/128 2154 2155 $IP addr add dev dummy4 2001:db8:101::1/64 2156 $IP addr add dev dummy4 2001:db8:101::10/64 2157 $IP addr add dev dummy4 2001:db8:101::11/64 2158 $IP addr add dev dummy4 2001:db8:101::12/64 2159 $IP addr add dev dummy4 2001:db8:101::13/64 2160 $IP addr add dev dummy4 2001:db8:101::14/64 2161 $IP addr add dev dummy5 2001:db8:101::1/64 2162 $IP addr add dev dummy5 2001:db8:101::11/64 2163 2164 # Single device using src address 2165 $IP route add 2001:db8:110::/64 dev dummy3 src 2001:db8:101::10 2166 # Two devices with the same source address 2167 $IP route add 2001:db8:111::/64 dev dummy3 src 2001:db8:101::11 2168 # VRF with single device using src address 2169 $IP route add vrf red 2001:db8:110::/64 dev dummy6 src 2001:db8:101::10 2170 # VRF with two devices using src address 2171 $IP route add vrf red 2001:db8:111::/64 dev dummy6 src 2001:db8:101::11 2172 # src address and nexthop dev in same VRF 2173 $IP route add 2001:db8:112::/64 dev dummy3 src 2001:db8:101::12 2174 $IP route add vrf red 2001:db8:112::/64 dev dummy6 src 2001:db8:101::12 2175 # src address and nexthop device in different VRF 2176 $IP route add 2001:db8:113::/64 dev lo src 2001:db8:101::13 2177 $IP route add vrf red 2001:db8:113::/64 dev lo src 2001:db8:101::13 2178 # table ID 0 2179 $IP route add table 0 2001:db8:115::/64 via 2001:db8:101::2 src 2001:db8:101::15 2180 # Link local source route 2181 $IP route add 2001:db8:116::/64 dev dummy2 src fe80::1 2182 $IP route add 2001:db8:117::/64 dev dummy3 src fe80::1 2183 set +e 2184 2185 echo " Single device using src address" 2186 2187 $IP addr del dev dummy1 2001:db8:101::10/64 2188 $IP -6 route show | grep -q "src 2001:db8:101::10 " 2189 log_test $? 1 "Prefsrc removed when src address removed on other device" 2190 2191 echo " Two devices with the same source address" 2192 2193 $IP addr del dev dummy1 2001:db8:101::11/64 2194 $IP -6 route show | grep -q "src 2001:db8:101::11 " 2195 log_test $? 0 "Prefsrc not removed when src address exist on other device" 2196 2197 $IP addr del dev dummy2 2001:db8:101::11/64 2198 $IP -6 route show | grep -q "src 2001:db8:101::11 " 2199 log_test $? 1 "Prefsrc removed when src address removed on all devices" 2200 2201 echo " VRF with single device using src address" 2202 2203 $IP addr del dev dummy4 2001:db8:101::10/64 2204 $IP -6 route show vrf red | grep -q "src 2001:db8:101::10 " 2205 log_test $? 1 "Prefsrc removed when src address removed on other device" 2206 2207 echo " VRF with two devices using src address" 2208 2209 $IP addr del dev dummy4 2001:db8:101::11/64 2210 $IP -6 route show vrf red | grep -q "src 2001:db8:101::11 " 2211 log_test $? 0 "Prefsrc not removed when src address exist on other device" 2212 2213 $IP addr del dev dummy5 2001:db8:101::11/64 2214 $IP -6 route show vrf red | grep -q "src 2001:db8:101::11 " 2215 log_test $? 1 "Prefsrc removed when src address removed on all devices" 2216 2217 echo " src address and nexthop dev in same VRF" 2218 2219 $IP addr del dev dummy4 2001:db8:101::12/64 2220 $IP -6 route show vrf red | grep -q "src 2001:db8:101::12 " 2221 log_test $? 1 "Prefsrc removed from VRF when source address deleted" 2222 $IP -6 route show | grep -q " src 2001:db8:101::12 " 2223 log_test $? 0 "Prefsrc in default VRF not removed" 2224 2225 $IP addr add dev dummy4 2001:db8:101::12/64 2226 $IP route replace vrf red 2001:db8:112::/64 dev dummy6 src 2001:db8:101::12 2227 $IP addr del dev dummy1 2001:db8:101::12/64 2228 $IP -6 route show vrf red | grep -q "src 2001:db8:101::12 " 2229 log_test $? 0 "Prefsrc not removed from VRF when source address exist" 2230 $IP -6 route show | grep -q " src 2001:db8:101::12 " 2231 log_test $? 1 "Prefsrc in default VRF removed" 2232 2233 echo " src address and nexthop device in different VRF" 2234 2235 $IP addr del dev dummy4 2001:db8:101::13/64 2236 $IP -6 route show vrf red | grep -q "src 2001:db8:101::13 " 2237 log_test $? 0 "Prefsrc not removed from VRF when nexthop dev in diff VRF" 2238 $IP -6 route show | grep -q "src 2001:db8:101::13 " 2239 log_test $? 0 "Prefsrc not removed in default VRF" 2240 2241 $IP addr add dev dummy4 2001:db8:101::13/64 2242 $IP addr del dev dummy1 2001:db8:101::13/64 2243 $IP -6 route show vrf red | grep -q "src 2001:db8:101::13 " 2244 log_test $? 1 "Prefsrc removed from VRF when nexthop dev in diff VRF" 2245 $IP -6 route show | grep -q "src 2001:db8:101::13 " 2246 log_test $? 1 "Prefsrc removed in default VRF" 2247 2248 echo " Table ID 0" 2249 2250 $IP addr del dev dummy1 2001:db8:101::15/64 2251 $IP -6 route show | grep -q "src 2001:db8:101::15" 2252 log_test $? 1 "Prefsrc removed from default VRF when source address deleted" 2253 2254 echo " Link local source route" 2255 $IP addr del dev dummy1 fe80::1/128 2256 $IP -6 route show | grep -q "2001:db8:116::/64 dev dummy2 src fe80::1" 2257 log_test $? 0 "Prefsrc not removed when delete ll addr from other dev" 2258 $IP addr del dev dummy2 fe80::1/128 2259 $IP -6 route show | grep -q "2001:db8:116::/64 dev dummy2 src fe80::1" 2260 log_test $? 1 "Prefsrc removed when delete ll addr" 2261 $IP -6 route show | grep -q "2001:db8:117::/64 dev dummy3 src fe80::1" 2262 log_test $? 0 "Prefsrc not removed when delete ll addr from other dev" 2263 $IP addr add dev dummy1 fe80::1/128 2264 $IP addr del dev dummy3 fe80::1/128 2265 $IP -6 route show | grep -q "2001:db8:117::/64 dev dummy3 src fe80::1" 2266 log_test $? 1 "Prefsrc removed even ll addr still exist on other dev" 2267 2268 for i in $(seq 6); do 2269 $IP li del dummy${i} 2270 done 2271 cleanup 2272} 2273 2274ipv4_route_v6_gw_test() 2275{ 2276 local rc 2277 2278 echo 2279 echo "IPv4 route with IPv6 gateway tests" 2280 2281 route_setup 2282 sleep 2 2283 2284 # 2285 # single path route 2286 # 2287 run_cmd "$IP ro add 172.16.104.0/24 via inet6 2001:db8:101::2" 2288 rc=$? 2289 log_test $rc 0 "Single path route with IPv6 gateway" 2290 if [ $rc -eq 0 ]; then 2291 check_route "172.16.104.0/24 via inet6 2001:db8:101::2 dev veth1" 2292 fi 2293 2294 run_cmd "ip netns exec $ns1 ping -w1 -c1 172.16.104.1" 2295 log_test $rc 0 "Single path route with IPv6 gateway - ping" 2296 2297 run_cmd "$IP ro del 172.16.104.0/24 via inet6 2001:db8:101::2" 2298 rc=$? 2299 log_test $rc 0 "Single path route delete" 2300 if [ $rc -eq 0 ]; then 2301 check_route "172.16.112.0/24" 2302 fi 2303 2304 # 2305 # multipath - v6 then v4 2306 # 2307 run_cmd "$IP ro add 172.16.104.0/24 nexthop via inet6 2001:db8:101::2 dev veth1 nexthop via 172.16.103.2 dev veth3" 2308 rc=$? 2309 log_test $rc 0 "Multipath route add - v6 nexthop then v4" 2310 if [ $rc -eq 0 ]; then 2311 check_route "172.16.104.0/24 nexthop via inet6 2001:db8:101::2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" 2312 fi 2313 2314 run_cmd "$IP ro del 172.16.104.0/24 nexthop via 172.16.103.2 dev veth3 nexthop via inet6 2001:db8:101::2 dev veth1" 2315 log_test $? 2 " Multipath route delete - nexthops in wrong order" 2316 2317 run_cmd "$IP ro del 172.16.104.0/24 nexthop via inet6 2001:db8:101::2 dev veth1 nexthop via 172.16.103.2 dev veth3" 2318 log_test $? 0 " Multipath route delete exact match" 2319 2320 # 2321 # multipath - v4 then v6 2322 # 2323 run_cmd "$IP ro add 172.16.104.0/24 nexthop via 172.16.103.2 dev veth3 nexthop via inet6 2001:db8:101::2 dev veth1" 2324 rc=$? 2325 log_test $rc 0 "Multipath route add - v4 nexthop then v6" 2326 if [ $rc -eq 0 ]; then 2327 check_route "172.16.104.0/24 nexthop via 172.16.103.2 dev veth3 weight 1 nexthop via inet6 2001:db8:101::2 dev veth1 weight 1" 2328 fi 2329 2330 run_cmd "$IP ro del 172.16.104.0/24 nexthop via inet6 2001:db8:101::2 dev veth1 nexthop via 172.16.103.2 dev veth3" 2331 log_test $? 2 " Multipath route delete - nexthops in wrong order" 2332 2333 run_cmd "$IP ro del 172.16.104.0/24 nexthop via 172.16.103.2 dev veth3 nexthop via inet6 2001:db8:101::2 dev veth1" 2334 log_test $? 0 " Multipath route delete exact match" 2335 2336 route_cleanup 2337} 2338 2339socat_check() 2340{ 2341 if [ ! -x "$(command -v socat)" ]; then 2342 echo "socat command not found. Skipping test" 2343 return 1 2344 fi 2345 2346 return 0 2347} 2348 2349iptables_check() 2350{ 2351 iptables -t mangle -L OUTPUT &> /dev/null 2352 if [ $? -ne 0 ]; then 2353 echo "iptables configuration not supported. Skipping test" 2354 return 1 2355 fi 2356 2357 return 0 2358} 2359 2360ip6tables_check() 2361{ 2362 ip6tables -t mangle -L OUTPUT &> /dev/null 2363 if [ $? -ne 0 ]; then 2364 echo "ip6tables configuration not supported. Skipping test" 2365 return 1 2366 fi 2367 2368 return 0 2369} 2370 2371ipv4_mangle_test() 2372{ 2373 local rc 2374 2375 echo 2376 echo "IPv4 mangling tests" 2377 2378 socat_check || return 1 2379 iptables_check || return 1 2380 2381 route_setup 2382 sleep 2 2383 2384 local tmp_file=$(mktemp) 2385 ip netns exec $ns2 socat UDP4-LISTEN:54321,fork $tmp_file & 2386 2387 # Add a FIB rule and a route that will direct our connection to the 2388 # listening server. 2389 $IP rule add pref 100 ipproto udp sport 12345 dport 54321 table 123 2390 $IP route add table 123 172.16.101.0/24 dev veth1 2391 2392 # Add an unreachable route to the main table that will block our 2393 # connection in case the FIB rule is not hit. 2394 $IP route add unreachable 172.16.101.2/32 2395 2396 run_cmd "echo a | $NS_EXEC socat STDIN UDP4:172.16.101.2:54321,sourceport=12345" 2397 log_test $? 0 " Connection with correct parameters" 2398 2399 run_cmd "echo a | $NS_EXEC socat STDIN UDP4:172.16.101.2:54321,sourceport=11111" 2400 log_test $? 1 " Connection with incorrect parameters" 2401 2402 # Add a mangling rule and make sure connection is still successful. 2403 $NS_EXEC iptables -t mangle -A OUTPUT -j MARK --set-mark 1 2404 2405 run_cmd "echo a | $NS_EXEC socat STDIN UDP4:172.16.101.2:54321,sourceport=12345" 2406 log_test $? 0 " Connection with correct parameters - mangling" 2407 2408 # Delete the mangling rule and make sure connection is still 2409 # successful. 2410 $NS_EXEC iptables -t mangle -D OUTPUT -j MARK --set-mark 1 2411 2412 run_cmd "echo a | $NS_EXEC socat STDIN UDP4:172.16.101.2:54321,sourceport=12345" 2413 log_test $? 0 " Connection with correct parameters - no mangling" 2414 2415 # Verify connections were indeed successful on server side. 2416 [[ $(cat $tmp_file | wc -l) -eq 3 ]] 2417 log_test $? 0 " Connection check - server side" 2418 2419 $IP route del unreachable 172.16.101.2/32 2420 $IP route del table 123 172.16.101.0/24 dev veth1 2421 $IP rule del pref 100 2422 2423 kill_process %% 2424 rm $tmp_file 2425 2426 route_cleanup 2427} 2428 2429ipv6_mangle_test() 2430{ 2431 local rc 2432 2433 echo 2434 echo "IPv6 mangling tests" 2435 2436 socat_check || return 1 2437 ip6tables_check || return 1 2438 2439 route_setup 2440 sleep 2 2441 2442 local tmp_file=$(mktemp) 2443 ip netns exec $ns2 socat UDP6-LISTEN:54321,fork $tmp_file & 2444 2445 # Add a FIB rule and a route that will direct our connection to the 2446 # listening server. 2447 $IP -6 rule add pref 100 ipproto udp sport 12345 dport 54321 table 123 2448 $IP -6 route add table 123 2001:db8:101::/64 dev veth1 2449 2450 # Add an unreachable route to the main table that will block our 2451 # connection in case the FIB rule is not hit. 2452 $IP -6 route add unreachable 2001:db8:101::2/128 2453 2454 run_cmd "echo a | $NS_EXEC socat STDIN UDP6:[2001:db8:101::2]:54321,sourceport=12345" 2455 log_test $? 0 " Connection with correct parameters" 2456 2457 run_cmd "echo a | $NS_EXEC socat STDIN UDP6:[2001:db8:101::2]:54321,sourceport=11111" 2458 log_test $? 1 " Connection with incorrect parameters" 2459 2460 # Add a mangling rule and make sure connection is still successful. 2461 $NS_EXEC ip6tables -t mangle -A OUTPUT -j MARK --set-mark 1 2462 2463 run_cmd "echo a | $NS_EXEC socat STDIN UDP6:[2001:db8:101::2]:54321,sourceport=12345" 2464 log_test $? 0 " Connection with correct parameters - mangling" 2465 2466 # Delete the mangling rule and make sure connection is still 2467 # successful. 2468 $NS_EXEC ip6tables -t mangle -D OUTPUT -j MARK --set-mark 1 2469 2470 run_cmd "echo a | $NS_EXEC socat STDIN UDP6:[2001:db8:101::2]:54321,sourceport=12345" 2471 log_test $? 0 " Connection with correct parameters - no mangling" 2472 2473 # Verify connections were indeed successful on server side. 2474 [[ $(cat $tmp_file | wc -l) -eq 3 ]] 2475 log_test $? 0 " Connection check - server side" 2476 2477 $IP -6 route del unreachable 2001:db8:101::2/128 2478 $IP -6 route del table 123 2001:db8:101::/64 dev veth1 2479 $IP -6 rule del pref 100 2480 2481 kill_process %% 2482 rm $tmp_file 2483 2484 route_cleanup 2485} 2486 2487ip_neigh_get_check() 2488{ 2489 ip neigh help 2>&1 | grep -q 'ip neigh get' 2490 if [ $? -ne 0 ]; then 2491 echo "iproute2 command does not support neigh get. Skipping test" 2492 return 1 2493 fi 2494 2495 return 0 2496} 2497 2498ipv4_bcast_neigh_test() 2499{ 2500 local rc 2501 2502 echo 2503 echo "IPv4 broadcast neighbour tests" 2504 2505 ip_neigh_get_check || return 1 2506 2507 setup 2508 2509 set -e 2510 run_cmd "$IP neigh add 192.0.2.111 lladdr 00:11:22:33:44:55 nud perm dev dummy0" 2511 run_cmd "$IP neigh add 192.0.2.255 lladdr 00:11:22:33:44:55 nud perm dev dummy0" 2512 2513 run_cmd "$IP neigh get 192.0.2.111 dev dummy0" 2514 run_cmd "$IP neigh get 192.0.2.255 dev dummy0" 2515 2516 run_cmd "$IP address add 192.0.2.1/24 broadcast 192.0.2.111 dev dummy0" 2517 2518 run_cmd "$IP neigh add 203.0.113.111 nud failed dev dummy0" 2519 run_cmd "$IP neigh add 203.0.113.255 nud failed dev dummy0" 2520 2521 run_cmd "$IP neigh get 203.0.113.111 dev dummy0" 2522 run_cmd "$IP neigh get 203.0.113.255 dev dummy0" 2523 2524 run_cmd "$IP address add 203.0.113.1/24 broadcast 203.0.113.111 dev dummy0" 2525 set +e 2526 2527 run_cmd "$IP neigh get 192.0.2.111 dev dummy0" 2528 log_test $? 0 "Resolved neighbour for broadcast address" 2529 2530 run_cmd "$IP neigh get 192.0.2.255 dev dummy0" 2531 log_test $? 0 "Resolved neighbour for network broadcast address" 2532 2533 run_cmd "$IP neigh get 203.0.113.111 dev dummy0" 2534 log_test $? 2 "Unresolved neighbour for broadcast address" 2535 2536 run_cmd "$IP neigh get 203.0.113.255 dev dummy0" 2537 log_test $? 2 "Unresolved neighbour for network broadcast address" 2538 2539 cleanup 2540} 2541 2542mpath_dep_check() 2543{ 2544 if [ ! -x "$(command -v mausezahn)" ]; then 2545 echo "mausezahn command not found. Skipping test" 2546 return 1 2547 fi 2548 2549 if [ ! -x "$(command -v jq)" ]; then 2550 echo "jq command not found. Skipping test" 2551 return 1 2552 fi 2553 2554 if [ ! -x "$(command -v bc)" ]; then 2555 echo "bc command not found. Skipping test" 2556 return 1 2557 fi 2558 2559 if [ ! -x "$(command -v perf)" ]; then 2560 echo "perf command not found. Skipping test" 2561 return 1 2562 fi 2563 2564 perf list fib:* | grep -q fib_table_lookup 2565 if [ $? -ne 0 ]; then 2566 echo "IPv4 FIB tracepoint not found. Skipping test" 2567 return 1 2568 fi 2569 2570 perf list fib6:* | grep -q fib6_table_lookup 2571 if [ $? -ne 0 ]; then 2572 echo "IPv6 FIB tracepoint not found. Skipping test" 2573 return 1 2574 fi 2575 2576 return 0 2577} 2578 2579link_stats_get() 2580{ 2581 local ns=$1; shift 2582 local dev=$1; shift 2583 local dir=$1; shift 2584 local stat=$1; shift 2585 2586 ip -n $ns -j -s link show dev $dev \ 2587 | jq '.[]["stats64"]["'$dir'"]["'$stat'"]' 2588} 2589 2590list_rcv_eval() 2591{ 2592 local file=$1; shift 2593 local expected=$1; shift 2594 2595 local count=$(tail -n 1 $file | jq '.["counter-value"] | tonumber | floor') 2596 local ratio=$(echo "scale=2; $count / $expected" | bc -l) 2597 local res=$(echo "$ratio >= 0.95" | bc) 2598 [[ $res -eq 1 ]] 2599 log_test $? 0 "Multipath route hit ratio ($ratio)" 2600} 2601 2602ipv4_mpath_list_test() 2603{ 2604 echo 2605 echo "IPv4 multipath list receive tests" 2606 2607 mpath_dep_check || return 1 2608 2609 route_setup 2610 2611 set -e 2612 run_cmd "ip netns exec $ns1 ethtool -K veth1 tcp-segmentation-offload off" 2613 2614 run_cmd "ip netns exec $ns2 bash -c \"echo 20000 > /sys/class/net/veth2/gro_flush_timeout\"" 2615 run_cmd "ip netns exec $ns2 bash -c \"echo 1 > /sys/class/net/veth2/napi_defer_hard_irqs\"" 2616 run_cmd "ip netns exec $ns2 ethtool -K veth2 generic-receive-offload on" 2617 run_cmd "ip -n $ns2 link add name nh1 up type dummy" 2618 run_cmd "ip -n $ns2 link add name nh2 up type dummy" 2619 run_cmd "ip -n $ns2 address add 172.16.201.1/24 dev nh1" 2620 run_cmd "ip -n $ns2 address add 172.16.202.1/24 dev nh2" 2621 run_cmd "ip -n $ns2 neigh add 172.16.201.2 lladdr 00:11:22:33:44:55 nud perm dev nh1" 2622 run_cmd "ip -n $ns2 neigh add 172.16.202.2 lladdr 00:aa:bb:cc:dd:ee nud perm dev nh2" 2623 run_cmd "ip -n $ns2 route add 203.0.113.0/24 2624 nexthop via 172.16.201.2 nexthop via 172.16.202.2" 2625 run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.fib_multipath_hash_policy=1" 2626 set +e 2627 2628 local dmac=$(ip -n $ns2 -j link show dev veth2 | jq -r '.[]["address"]') 2629 local tmp_file=$(mktemp) 2630 local cmd="ip netns exec $ns1 mausezahn veth1 -a own -b $dmac 2631 -A 172.16.101.1 -B 203.0.113.1 -t udp 'sp=12345,dp=0-65535' -q" 2632 2633 # Packets forwarded in a list using a multipath route must not reuse a 2634 # cached result so that a flow always hits the same nexthop. In other 2635 # words, the FIB lookup tracepoint needs to be triggered for every 2636 # packet. 2637 local t0_rx_pkts=$(link_stats_get $ns2 veth2 rx packets) 2638 run_cmd "perf stat -a -e fib:fib_table_lookup --filter 'err == 0' -j -o $tmp_file -- $cmd" 2639 local t1_rx_pkts=$(link_stats_get $ns2 veth2 rx packets) 2640 local diff=$(echo $t1_rx_pkts - $t0_rx_pkts | bc -l) 2641 list_rcv_eval $tmp_file $diff 2642 2643 rm $tmp_file 2644 route_cleanup 2645} 2646 2647ipv6_mpath_list_test() 2648{ 2649 echo 2650 echo "IPv6 multipath list receive tests" 2651 2652 mpath_dep_check || return 1 2653 2654 route_setup 2655 2656 set -e 2657 run_cmd "ip netns exec $ns1 ethtool -K veth1 tcp-segmentation-offload off" 2658 2659 run_cmd "ip netns exec $ns2 bash -c \"echo 20000 > /sys/class/net/veth2/gro_flush_timeout\"" 2660 run_cmd "ip netns exec $ns2 bash -c \"echo 1 > /sys/class/net/veth2/napi_defer_hard_irqs\"" 2661 run_cmd "ip netns exec $ns2 ethtool -K veth2 generic-receive-offload on" 2662 run_cmd "ip -n $ns2 link add name nh1 up type dummy" 2663 run_cmd "ip -n $ns2 link add name nh2 up type dummy" 2664 run_cmd "ip -n $ns2 -6 address add 2001:db8:201::1/64 dev nh1" 2665 run_cmd "ip -n $ns2 -6 address add 2001:db8:202::1/64 dev nh2" 2666 run_cmd "ip -n $ns2 -6 neigh add 2001:db8:201::2 lladdr 00:11:22:33:44:55 nud perm dev nh1" 2667 run_cmd "ip -n $ns2 -6 neigh add 2001:db8:202::2 lladdr 00:aa:bb:cc:dd:ee nud perm dev nh2" 2668 run_cmd "ip -n $ns2 -6 route add 2001:db8:301::/64 2669 nexthop via 2001:db8:201::2 nexthop via 2001:db8:202::2" 2670 run_cmd "ip netns exec $ns2 sysctl -qw net.ipv6.fib_multipath_hash_policy=1" 2671 set +e 2672 2673 local dmac=$(ip -n $ns2 -j link show dev veth2 | jq -r '.[]["address"]') 2674 local tmp_file=$(mktemp) 2675 local cmd="ip netns exec $ns1 mausezahn -6 veth1 -a own -b $dmac 2676 -A 2001:db8:101::1 -B 2001:db8:301::1 -t udp 'sp=12345,dp=0-65535' -q" 2677 2678 # Packets forwarded in a list using a multipath route must not reuse a 2679 # cached result so that a flow always hits the same nexthop. In other 2680 # words, the FIB lookup tracepoint needs to be triggered for every 2681 # packet. 2682 local t0_rx_pkts=$(link_stats_get $ns2 veth2 rx packets) 2683 run_cmd "perf stat -a -e fib6:fib6_table_lookup --filter 'err == 0' -j -o $tmp_file -- $cmd" 2684 local t1_rx_pkts=$(link_stats_get $ns2 veth2 rx packets) 2685 local diff=$(echo $t1_rx_pkts - $t0_rx_pkts | bc -l) 2686 list_rcv_eval $tmp_file $diff 2687 2688 rm $tmp_file 2689 route_cleanup 2690} 2691 2692tc_set_flower_counter__saddr_syn() { 2693 tc_set_flower_counter $1 $2 $3 "src_ip $4 ip_proto tcp tcp_flags 0x2" 2694} 2695 2696ip_mpath_balance_dep_check() 2697{ 2698 if [ ! -x "$(command -v socat)" ]; then 2699 echo "socat command not found. Skipping test" 2700 return 1 2701 fi 2702 2703 if [ ! -x "$(command -v jq)" ]; then 2704 echo "jq command not found. Skipping test" 2705 return 1 2706 fi 2707} 2708 2709ip_mpath_balance() { 2710 local -r ipver=$1 2711 local -r daddr=$2 2712 local -r num_conn=20 2713 2714 for i in $(seq 1 $num_conn); do 2715 ip netns exec $ns3 socat $ipver TCP-LISTEN:8000 STDIO >/dev/null & 2716 sleep 0.02 2717 echo -n a | ip netns exec $ns1 socat $ipver STDIO TCP:$daddr:8000 2718 done 2719 2720 local -r syn0="$(tc_get_flower_counter $ns1 veth1)" 2721 local -r syn1="$(tc_get_flower_counter $ns1 veth3)" 2722 local -r syns=$((syn0+syn1)) 2723 2724 [ "$VERBOSE" = "1" ] && echo "multipath: syns seen: ($syn0,$syn1)" 2725 2726 [[ $syns -ge $num_conn ]] && [[ $syn0 -gt 0 ]] && [[ $syn1 -gt 0 ]] 2727} 2728 2729ipv4_mpath_balance_test() 2730{ 2731 echo 2732 echo "IPv4 multipath load balance test" 2733 2734 ip_mpath_balance_dep_check || return 1 2735 forwarding_setup 2736 2737 $IP route add 172.16.105.1 \ 2738 nexthop via 172.16.101.2 \ 2739 nexthop via 172.16.103.2 2740 2741 ip netns exec $ns1 \ 2742 sysctl -q -w net.ipv4.fib_multipath_hash_policy=1 2743 2744 tc_set_flower_counter__saddr_syn $ns1 4 veth1 172.16.101.1 2745 tc_set_flower_counter__saddr_syn $ns1 4 veth3 172.16.103.1 2746 2747 ip_mpath_balance -4 172.16.105.1 2748 2749 log_test $? 0 "IPv4 multipath loadbalance" 2750 2751 forwarding_cleanup 2752} 2753 2754ipv6_mpath_balance_test() 2755{ 2756 echo 2757 echo "IPv6 multipath load balance test" 2758 2759 ip_mpath_balance_dep_check || return 1 2760 forwarding_setup 2761 2762 $IP route add 2001:db8:105::1\ 2763 nexthop via 2001:db8:101::2 \ 2764 nexthop via 2001:db8:103::2 2765 2766 ip netns exec $ns1 \ 2767 sysctl -q -w net.ipv6.fib_multipath_hash_policy=1 2768 2769 tc_set_flower_counter__saddr_syn $ns1 6 veth1 2001:db8:101::1 2770 tc_set_flower_counter__saddr_syn $ns1 6 veth3 2001:db8:103::1 2771 2772 ip_mpath_balance -6 "[2001:db8:105::1]" 2773 2774 log_test $? 0 "IPv6 multipath loadbalance" 2775 2776 forwarding_cleanup 2777} 2778 2779################################################################################ 2780# usage 2781 2782usage() 2783{ 2784 cat <<EOF 2785usage: ${0##*/} OPTS 2786 2787 -t <test> Test(s) to run (default: all) 2788 (options: $TESTS) 2789 -p Pause on fail 2790 -P Pause after each test before cleanup 2791 -v verbose mode (show commands and output) 2792EOF 2793} 2794 2795################################################################################ 2796# main 2797 2798trap cleanup EXIT 2799 2800while getopts :t:pPhv o 2801do 2802 case $o in 2803 t) TESTS=$OPTARG;; 2804 p) PAUSE_ON_FAIL=yes;; 2805 P) PAUSE=yes;; 2806 v) VERBOSE=$(($VERBOSE + 1));; 2807 h) usage; exit 0;; 2808 *) usage; exit 1;; 2809 esac 2810done 2811 2812PEER_CMD="ip netns exec ${PEER_NS}" 2813 2814# make sure we don't pause twice 2815[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no 2816 2817if [ "$(id -u)" -ne 0 ];then 2818 echo "SKIP: Need root privileges" 2819 exit $ksft_skip; 2820fi 2821 2822if [ ! -x "$(command -v ip)" ]; then 2823 echo "SKIP: Could not run test without ip tool" 2824 exit $ksft_skip 2825fi 2826 2827ip route help 2>&1 | grep -q fibmatch 2828if [ $? -ne 0 ]; then 2829 echo "SKIP: iproute2 too old, missing fibmatch" 2830 exit $ksft_skip 2831fi 2832 2833# start clean 2834cleanup &> /dev/null 2835 2836for t in $TESTS 2837do 2838 case $t in 2839 fib_unreg_test|unregister) fib_unreg_test;; 2840 fib_down_test|down) fib_down_test;; 2841 fib_carrier_test|carrier) fib_carrier_test;; 2842 fib_rp_filter_test|rp_filter) fib_rp_filter_test;; 2843 fib_nexthop_test|nexthop) fib_nexthop_test;; 2844 fib_notify_test|ipv4_notify) fib_notify_test;; 2845 fib6_notify_test|ipv6_notify) fib6_notify_test;; 2846 fib_suppress_test|suppress) fib_suppress_test;; 2847 ipv6_route_test|ipv6_rt) ipv6_route_test;; 2848 ipv4_route_test|ipv4_rt) ipv4_route_test;; 2849 ipv6_addr_metric) ipv6_addr_metric_test;; 2850 ipv4_addr_metric) ipv4_addr_metric_test;; 2851 ipv4_del_addr) ipv4_del_addr_test;; 2852 ipv6_del_addr) ipv6_del_addr_test;; 2853 ipv6_route_metrics) ipv6_route_metrics_test;; 2854 ipv4_route_metrics) ipv4_route_metrics_test;; 2855 ipv4_route_v6_gw) ipv4_route_v6_gw_test;; 2856 ipv4_mangle) ipv4_mangle_test;; 2857 ipv6_mangle) ipv6_mangle_test;; 2858 ipv4_bcast_neigh) ipv4_bcast_neigh_test;; 2859 fib6_gc_test|ipv6_gc) fib6_gc_test;; 2860 ipv4_mpath_list) ipv4_mpath_list_test;; 2861 ipv6_mpath_list) ipv6_mpath_list_test;; 2862 ipv4_mpath_balance) ipv4_mpath_balance_test;; 2863 ipv6_mpath_balance) ipv6_mpath_balance_test;; 2864 fib6_ra_to_static) fib6_ra_to_static;; 2865 2866 help) echo "Test names: $TESTS"; exit 0;; 2867 esac 2868done 2869 2870if [ "$TESTS" != "none" ]; then 2871 printf "\nTests passed: %3d\n" ${nsuccess} 2872 printf "Tests failed: %3d\n" ${nfail} 2873fi 2874 2875exit $ret 2876