xref: /linux/tools/testing/selftests/net/icmp.sh (revision 06d07429858317ded2db7986113a9e0129cd599b) 
17e9838b7SToke Høiland-Jørgensen#!/bin/bash
27e9838b7SToke Høiland-Jørgensen# SPDX-License-Identifier: GPL-2.0
37e9838b7SToke Høiland-Jørgensen
47e9838b7SToke Høiland-Jørgensen# Test for checking ICMP response with dummy address instead of 0.0.0.0.
57e9838b7SToke Høiland-Jørgensen# Sets up two namespaces like:
67e9838b7SToke Høiland-Jørgensen# +----------------------+                          +--------------------+
77e9838b7SToke Høiland-Jørgensen# | ns1                  |    v4-via-v6 routes:     | ns2                |
87e9838b7SToke Høiland-Jørgensen# |                      |                  '       |                    |
97e9838b7SToke Høiland-Jørgensen# |             +--------+   -> 172.16.1.0/24 ->    +--------+           |
107e9838b7SToke Høiland-Jørgensen# |             | veth0  +--------------------------+  veth0 |           |
117e9838b7SToke Høiland-Jørgensen# |             +--------+   <- 172.16.0.0/24 <-    +--------+           |
127e9838b7SToke Høiland-Jørgensen# |           172.16.0.1 |                          | 2001:db8:1::2/64   |
137e9838b7SToke Høiland-Jørgensen# |     2001:db8:1::2/64 |                          |                    |
147e9838b7SToke Høiland-Jørgensen# +----------------------+                          +--------------------+
157e9838b7SToke Høiland-Jørgensen#
167e9838b7SToke Høiland-Jørgensen# And then tries to ping 172.16.1.1 from ns1. This results in a "net
177e9838b7SToke Høiland-Jørgensen# unreachable" message being sent from ns2, but there is no IPv4 address set in
187e9838b7SToke Høiland-Jørgensen# that address space, so the kernel should substitute the dummy address
197e9838b7SToke Høiland-Jørgensen# 192.0.0.8 defined in RFC7600.
207e9838b7SToke Høiland-Jørgensen
21*80b74bd3SHangbin Liusource lib.sh
22*80b74bd3SHangbin Liu
237e9838b7SToke Høiland-JørgensenH1_IP=172.16.0.1/32
247e9838b7SToke Høiland-JørgensenH1_IP6=2001:db8:1::1
257e9838b7SToke Høiland-JørgensenRT1=172.16.1.0/24
267e9838b7SToke Høiland-JørgensenPINGADDR=172.16.1.1
277e9838b7SToke Høiland-JørgensenRT2=172.16.0.0/24
287e9838b7SToke Høiland-JørgensenH2_IP6=2001:db8:1::2
297e9838b7SToke Høiland-Jørgensen
307e9838b7SToke Høiland-JørgensenTMPFILE=$(mktemp)
317e9838b7SToke Høiland-Jørgensen
327e9838b7SToke Høiland-Jørgensencleanup()
337e9838b7SToke Høiland-Jørgensen{
347e9838b7SToke Høiland-Jørgensen    rm -f "$TMPFILE"
35*80b74bd3SHangbin Liu    cleanup_ns $NS1 $NS2
367e9838b7SToke Høiland-Jørgensen}
377e9838b7SToke Høiland-Jørgensen
387e9838b7SToke Høiland-Jørgensentrap cleanup EXIT
397e9838b7SToke Høiland-Jørgensen
407e9838b7SToke Høiland-Jørgensen# Namespaces
41*80b74bd3SHangbin Liusetup_ns NS1 NS2
427e9838b7SToke Høiland-Jørgensen
437e9838b7SToke Høiland-Jørgensen# Connectivity
447e9838b7SToke Høiland-Jørgensenip -netns $NS1 link add veth0 type veth peer name veth0 netns $NS2
457e9838b7SToke Høiland-Jørgensenip -netns $NS1 link set dev veth0 up
467e9838b7SToke Høiland-Jørgensenip -netns $NS2 link set dev veth0 up
477e9838b7SToke Høiland-Jørgensenip -netns $NS1 addr add $H1_IP dev veth0
487e9838b7SToke Høiland-Jørgensenip -netns $NS1 addr add $H1_IP6/64 dev veth0 nodad
497e9838b7SToke Høiland-Jørgensenip -netns $NS2 addr add $H2_IP6/64 dev veth0 nodad
507e9838b7SToke Høiland-Jørgensenip -netns $NS1 route add $RT1 via inet6 $H2_IP6
517e9838b7SToke Høiland-Jørgensenip -netns $NS2 route add $RT2 via inet6 $H1_IP6
527e9838b7SToke Høiland-Jørgensen
537e9838b7SToke Høiland-Jørgensen# Make sure ns2 will respond with ICMP unreachable
547e9838b7SToke Høiland-Jørgensenip netns exec $NS2 sysctl -qw net.ipv4.icmp_ratelimit=0 net.ipv4.ip_forward=1
557e9838b7SToke Høiland-Jørgensen
567e9838b7SToke Høiland-Jørgensen# Run the test - a ping runs in the background, and we capture ICMP responses
577e9838b7SToke Høiland-Jørgensen# with tcpdump; -c 1 means it should exit on the first ping, but add a timeout
587e9838b7SToke Høiland-Jørgensen# in case something goes wrong
597e9838b7SToke Høiland-Jørgensenip netns exec $NS1 ping -w 3 -i 0.5 $PINGADDR >/dev/null &
607e9838b7SToke Høiland-Jørgensenip netns exec $NS1 timeout 10 tcpdump -tpni veth0 -c 1 'icmp and icmp[icmptype] != icmp-echo' > $TMPFILE 2>/dev/null
617e9838b7SToke Høiland-Jørgensen
627e9838b7SToke Høiland-Jørgensen# Parse response and check for dummy address
637e9838b7SToke Høiland-Jørgensen# tcpdump output looks like:
647e9838b7SToke Høiland-Jørgensen# IP 192.0.0.8 > 172.16.0.1: ICMP net 172.16.1.1 unreachable, length 92
657e9838b7SToke Høiland-JørgensenRESP_IP=$(awk '{print $2}' < $TMPFILE)
667e9838b7SToke Høiland-Jørgensenif [[ "$RESP_IP" != "192.0.0.8" ]]; then
677e9838b7SToke Høiland-Jørgensen    echo "FAIL - got ICMP response from $RESP_IP, should be 192.0.0.8"
687e9838b7SToke Høiland-Jørgensen    exit 1
697e9838b7SToke Høiland-Jørgensenelse
707e9838b7SToke Høiland-Jørgensen    echo "OK"
717e9838b7SToke Høiland-Jørgensen    exit 0
727e9838b7SToke Høiland-Jørgensenfi
73