1*f24987efSGabriel Goller#!/bin/bash 2*f24987efSGabriel Goller# SPDX-License-Identifier: GPL-2.0 3*f24987efSGabriel Goller# 4*f24987efSGabriel Goller# Test IPv6 force_forwarding interface property 5*f24987efSGabriel Goller# 6*f24987efSGabriel Goller# This test verifies that the force_forwarding property works correctly: 7*f24987efSGabriel Goller# - When global forwarding is disabled, packets are not forwarded normally 8*f24987efSGabriel Goller# - When force_forwarding is enabled on an interface, packets are forwarded 9*f24987efSGabriel Goller# regardless of the global forwarding setting 10*f24987efSGabriel Goller 11*f24987efSGabriel Gollersource lib.sh 12*f24987efSGabriel Goller 13*f24987efSGabriel Gollercleanup() { 14*f24987efSGabriel Goller cleanup_ns $ns1 $ns2 $ns3 15*f24987efSGabriel Goller} 16*f24987efSGabriel Goller 17*f24987efSGabriel Gollertrap cleanup EXIT 18*f24987efSGabriel Goller 19*f24987efSGabriel Gollersetup_test() { 20*f24987efSGabriel Goller # Create three namespaces: sender, router, receiver 21*f24987efSGabriel Goller setup_ns ns1 ns2 ns3 22*f24987efSGabriel Goller 23*f24987efSGabriel Goller # Create veth pairs: ns1 <-> ns2 <-> ns3 24*f24987efSGabriel Goller ip link add name veth12 type veth peer name veth21 25*f24987efSGabriel Goller ip link add name veth23 type veth peer name veth32 26*f24987efSGabriel Goller 27*f24987efSGabriel Goller # Move interfaces to namespaces 28*f24987efSGabriel Goller ip link set veth12 netns $ns1 29*f24987efSGabriel Goller ip link set veth21 netns $ns2 30*f24987efSGabriel Goller ip link set veth23 netns $ns2 31*f24987efSGabriel Goller ip link set veth32 netns $ns3 32*f24987efSGabriel Goller 33*f24987efSGabriel Goller # Configure interfaces 34*f24987efSGabriel Goller ip -n $ns1 addr add 2001:db8:1::1/64 dev veth12 nodad 35*f24987efSGabriel Goller ip -n $ns2 addr add 2001:db8:1::2/64 dev veth21 nodad 36*f24987efSGabriel Goller ip -n $ns2 addr add 2001:db8:2::1/64 dev veth23 nodad 37*f24987efSGabriel Goller ip -n $ns3 addr add 2001:db8:2::2/64 dev veth32 nodad 38*f24987efSGabriel Goller 39*f24987efSGabriel Goller # Bring up interfaces 40*f24987efSGabriel Goller ip -n $ns1 link set veth12 up 41*f24987efSGabriel Goller ip -n $ns2 link set veth21 up 42*f24987efSGabriel Goller ip -n $ns2 link set veth23 up 43*f24987efSGabriel Goller ip -n $ns3 link set veth32 up 44*f24987efSGabriel Goller 45*f24987efSGabriel Goller # Add routes 46*f24987efSGabriel Goller ip -n $ns1 route add 2001:db8:2::/64 via 2001:db8:1::2 47*f24987efSGabriel Goller ip -n $ns3 route add 2001:db8:1::/64 via 2001:db8:2::1 48*f24987efSGabriel Goller 49*f24987efSGabriel Goller # Disable global forwarding 50*f24987efSGabriel Goller ip netns exec $ns2 sysctl -qw net.ipv6.conf.all.forwarding=0 51*f24987efSGabriel Goller} 52*f24987efSGabriel Goller 53*f24987efSGabriel Gollertest_force_forwarding() { 54*f24987efSGabriel Goller local ret=0 55*f24987efSGabriel Goller 56*f24987efSGabriel Goller echo "TEST: force_forwarding functionality" 57*f24987efSGabriel Goller 58*f24987efSGabriel Goller # Check if force_forwarding sysctl exists 59*f24987efSGabriel Goller if ! ip netns exec $ns2 test -f /proc/sys/net/ipv6/conf/veth21/force_forwarding; then 60*f24987efSGabriel Goller echo "SKIP: force_forwarding not available" 61*f24987efSGabriel Goller return $ksft_skip 62*f24987efSGabriel Goller fi 63*f24987efSGabriel Goller 64*f24987efSGabriel Goller # Test 1: Without force_forwarding, ping should fail 65*f24987efSGabriel Goller ip netns exec $ns2 sysctl -qw net.ipv6.conf.veth21.force_forwarding=0 66*f24987efSGabriel Goller ip netns exec $ns2 sysctl -qw net.ipv6.conf.veth23.force_forwarding=0 67*f24987efSGabriel Goller 68*f24987efSGabriel Goller if ip netns exec $ns1 ping -6 -c 1 -W 2 2001:db8:2::2 &>/dev/null; then 69*f24987efSGabriel Goller echo "FAIL: ping succeeded when forwarding disabled" 70*f24987efSGabriel Goller ret=1 71*f24987efSGabriel Goller else 72*f24987efSGabriel Goller echo "PASS: forwarding disabled correctly" 73*f24987efSGabriel Goller fi 74*f24987efSGabriel Goller 75*f24987efSGabriel Goller # Test 2: With force_forwarding enabled, ping should succeed 76*f24987efSGabriel Goller ip netns exec $ns2 sysctl -qw net.ipv6.conf.veth21.force_forwarding=1 77*f24987efSGabriel Goller ip netns exec $ns2 sysctl -qw net.ipv6.conf.veth23.force_forwarding=1 78*f24987efSGabriel Goller 79*f24987efSGabriel Goller if ip netns exec $ns1 ping -6 -c 1 -W 2 2001:db8:2::2 &>/dev/null; then 80*f24987efSGabriel Goller echo "PASS: force_forwarding enabled forwarding" 81*f24987efSGabriel Goller else 82*f24987efSGabriel Goller echo "FAIL: ping failed with force_forwarding enabled" 83*f24987efSGabriel Goller ret=1 84*f24987efSGabriel Goller fi 85*f24987efSGabriel Goller 86*f24987efSGabriel Goller return $ret 87*f24987efSGabriel Goller} 88*f24987efSGabriel Goller 89*f24987efSGabriel Gollerecho "IPv6 force_forwarding test" 90*f24987efSGabriel Gollerecho "==========================" 91*f24987efSGabriel Goller 92*f24987efSGabriel Gollersetup_test 93*f24987efSGabriel Gollertest_force_forwarding 94*f24987efSGabriel Gollerret=$? 95*f24987efSGabriel Goller 96*f24987efSGabriel Gollerif [ $ret -eq 0 ]; then 97*f24987efSGabriel Goller echo "OK" 98*f24987efSGabriel Goller exit 0 99*f24987efSGabriel Gollerelif [ $ret -eq $ksft_skip ]; then 100*f24987efSGabriel Goller echo "SKIP" 101*f24987efSGabriel Goller exit $ksft_skip 102*f24987efSGabriel Gollerelse 103*f24987efSGabriel Goller echo "FAIL" 104*f24987efSGabriel Goller exit 1 105*f24987efSGabriel Gollerfi 106