17e9838b7SToke Høiland-Jørgensen#!/bin/bash 27e9838b7SToke Høiland-Jørgensen# SPDX-License-Identifier: GPL-2.0 37e9838b7SToke Høiland-Jørgensen 47e9838b7SToke Høiland-Jørgensen# Test for checking ICMP response with dummy address instead of 0.0.0.0. 57e9838b7SToke Høiland-Jørgensen# Sets up two namespaces like: 67e9838b7SToke Høiland-Jørgensen# +----------------------+ +--------------------+ 77e9838b7SToke Høiland-Jørgensen# | ns1 | v4-via-v6 routes: | ns2 | 87e9838b7SToke Høiland-Jørgensen# | | ' | | 97e9838b7SToke Høiland-Jørgensen# | +--------+ -> 172.16.1.0/24 -> +--------+ | 107e9838b7SToke Høiland-Jørgensen# | | veth0 +--------------------------+ veth0 | | 117e9838b7SToke Høiland-Jørgensen# | +--------+ <- 172.16.0.0/24 <- +--------+ | 127e9838b7SToke Høiland-Jørgensen# | 172.16.0.1 | | 2001:db8:1::2/64 | 137e9838b7SToke Høiland-Jørgensen# | 2001:db8:1::2/64 | | | 147e9838b7SToke Høiland-Jørgensen# +----------------------+ +--------------------+ 157e9838b7SToke Høiland-Jørgensen# 167e9838b7SToke Høiland-Jørgensen# And then tries to ping 172.16.1.1 from ns1. This results in a "net 177e9838b7SToke Høiland-Jørgensen# unreachable" message being sent from ns2, but there is no IPv4 address set in 187e9838b7SToke Høiland-Jørgensen# that address space, so the kernel should substitute the dummy address 197e9838b7SToke Høiland-Jørgensen# 192.0.0.8 defined in RFC7600. 207e9838b7SToke Høiland-Jørgensen 21*80b74bd3SHangbin Liusource lib.sh 22*80b74bd3SHangbin Liu 237e9838b7SToke Høiland-JørgensenH1_IP=172.16.0.1/32 247e9838b7SToke Høiland-JørgensenH1_IP6=2001:db8:1::1 257e9838b7SToke Høiland-JørgensenRT1=172.16.1.0/24 267e9838b7SToke Høiland-JørgensenPINGADDR=172.16.1.1 277e9838b7SToke Høiland-JørgensenRT2=172.16.0.0/24 287e9838b7SToke Høiland-JørgensenH2_IP6=2001:db8:1::2 297e9838b7SToke Høiland-Jørgensen 307e9838b7SToke Høiland-JørgensenTMPFILE=$(mktemp) 317e9838b7SToke Høiland-Jørgensen 327e9838b7SToke Høiland-Jørgensencleanup() 337e9838b7SToke Høiland-Jørgensen{ 347e9838b7SToke Høiland-Jørgensen rm -f "$TMPFILE" 35*80b74bd3SHangbin Liu cleanup_ns $NS1 $NS2 367e9838b7SToke Høiland-Jørgensen} 377e9838b7SToke Høiland-Jørgensen 387e9838b7SToke Høiland-Jørgensentrap cleanup EXIT 397e9838b7SToke Høiland-Jørgensen 407e9838b7SToke Høiland-Jørgensen# Namespaces 41*80b74bd3SHangbin Liusetup_ns NS1 NS2 427e9838b7SToke Høiland-Jørgensen 437e9838b7SToke Høiland-Jørgensen# Connectivity 447e9838b7SToke Høiland-Jørgensenip -netns $NS1 link add veth0 type veth peer name veth0 netns $NS2 457e9838b7SToke Høiland-Jørgensenip -netns $NS1 link set dev veth0 up 467e9838b7SToke Høiland-Jørgensenip -netns $NS2 link set dev veth0 up 477e9838b7SToke Høiland-Jørgensenip -netns $NS1 addr add $H1_IP dev veth0 487e9838b7SToke Høiland-Jørgensenip -netns $NS1 addr add $H1_IP6/64 dev veth0 nodad 497e9838b7SToke Høiland-Jørgensenip -netns $NS2 addr add $H2_IP6/64 dev veth0 nodad 507e9838b7SToke Høiland-Jørgensenip -netns $NS1 route add $RT1 via inet6 $H2_IP6 517e9838b7SToke Høiland-Jørgensenip -netns $NS2 route add $RT2 via inet6 $H1_IP6 527e9838b7SToke Høiland-Jørgensen 537e9838b7SToke Høiland-Jørgensen# Make sure ns2 will respond with ICMP unreachable 547e9838b7SToke Høiland-Jørgensenip netns exec $NS2 sysctl -qw net.ipv4.icmp_ratelimit=0 net.ipv4.ip_forward=1 557e9838b7SToke Høiland-Jørgensen 567e9838b7SToke Høiland-Jørgensen# Run the test - a ping runs in the background, and we capture ICMP responses 577e9838b7SToke Høiland-Jørgensen# with tcpdump; -c 1 means it should exit on the first ping, but add a timeout 587e9838b7SToke Høiland-Jørgensen# in case something goes wrong 597e9838b7SToke Høiland-Jørgensenip netns exec $NS1 ping -w 3 -i 0.5 $PINGADDR >/dev/null & 607e9838b7SToke Høiland-Jørgensenip netns exec $NS1 timeout 10 tcpdump -tpni veth0 -c 1 'icmp and icmp[icmptype] != icmp-echo' > $TMPFILE 2>/dev/null 617e9838b7SToke Høiland-Jørgensen 627e9838b7SToke Høiland-Jørgensen# Parse response and check for dummy address 637e9838b7SToke Høiland-Jørgensen# tcpdump output looks like: 647e9838b7SToke Høiland-Jørgensen# IP 192.0.0.8 > 172.16.0.1: ICMP net 172.16.1.1 unreachable, length 92 657e9838b7SToke Høiland-JørgensenRESP_IP=$(awk '{print $2}' < $TMPFILE) 667e9838b7SToke Høiland-Jørgensenif [[ "$RESP_IP" != "192.0.0.8" ]]; then 677e9838b7SToke Høiland-Jørgensen echo "FAIL - got ICMP response from $RESP_IP, should be 192.0.0.8" 687e9838b7SToke Høiland-Jørgensen exit 1 697e9838b7SToke Høiland-Jørgensenelse 707e9838b7SToke Høiland-Jørgensen echo "OK" 717e9838b7SToke Høiland-Jørgensen exit 0 727e9838b7SToke Høiland-Jørgensenfi 73