#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # This test is for checking IPv4 and IPv6 FIB behavior in response to # different events. source lib.sh ret=0 # all tests in this script. Can be overridden with -t option TESTS="unregister down carrier nexthop suppress ipv6_notify ipv4_notify \ ipv6_rt ipv4_rt ipv6_addr_metric ipv4_addr_metric ipv6_route_metrics \ ipv4_route_metrics ipv4_route_v6_gw rp_filter ipv4_del_addr \ ipv6_del_addr ipv4_mangle ipv6_mangle ipv4_bcast_neigh fib6_gc_test \ ipv4_mpath_list ipv6_mpath_list" VERBOSE=0 PAUSE_ON_FAIL=no PAUSE=no which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) log_test() { local rc=$1 local expected=$2 local msg="$3" if [ ${rc} -eq ${expected} ]; then printf " TEST: %-60s [ OK ]\n" "${msg}" nsuccess=$((nsuccess+1)) else ret=1 nfail=$((nfail+1)) printf " TEST: %-60s [FAIL]\n" "${msg}" if [ "${PAUSE_ON_FAIL}" = "yes" ]; then echo echo "hit enter to continue, 'q' to quit" read a [ "$a" = "q" ] && exit 1 fi fi if [ "${PAUSE}" = "yes" ]; then echo echo "hit enter to continue, 'q' to quit" read a [ "$a" = "q" ] && exit 1 fi } setup() { set -e setup_ns ns1 IP="$(which ip) -netns $ns1" NS_EXEC="$(which ip) netns exec $ns1" ip netns exec $ns1 sysctl -qw net.ipv4.ip_forward=1 ip netns exec $ns1 sysctl -qw net.ipv6.conf.all.forwarding=1 $IP link add dummy0 type dummy $IP link set dev dummy0 up $IP address add 198.51.100.1/24 dev dummy0 $IP -6 address add 2001:db8:1::1/64 dev dummy0 set +e } cleanup() { $IP link del dev dummy0 &> /dev/null cleanup_ns $ns1 $ns2 } get_linklocal() { local dev=$1 local addr addr=$($IP -6 -br addr show dev ${dev} | \ awk '{ for (i = 3; i <= NF; ++i) { if ($i ~ /^fe80/) print $i } }' ) addr=${addr/\/*} [ -z "$addr" ] && return 1 echo $addr return 0 } fib_unreg_unicast_test() { echo echo "Single path route test" setup echo " Start point" $IP route get fibmatch 198.51.100.2 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null log_test $? 0 "IPv6 fibmatch" set -e $IP link del dev dummy0 set +e echo " Nexthop device deleted" $IP route get fibmatch 198.51.100.2 &> /dev/null log_test $? 2 "IPv4 fibmatch - no route" $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null log_test $? 2 "IPv6 fibmatch - no route" cleanup } fib_unreg_multipath_test() { echo echo "Multipath route test" setup set -e $IP link add dummy1 type dummy $IP link set dev dummy1 up $IP address add 192.0.2.1/24 dev dummy1 $IP -6 address add 2001:db8:2::1/64 dev dummy1 $IP route add 203.0.113.0/24 \ nexthop via 198.51.100.2 dev dummy0 \ nexthop via 192.0.2.2 dev dummy1 $IP -6 route add 2001:db8:3::/64 \ nexthop via 2001:db8:1::2 dev dummy0 \ nexthop via 2001:db8:2::2 dev dummy1 set +e echo " Start point" $IP route get fibmatch 203.0.113.1 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null log_test $? 0 "IPv6 fibmatch" set -e $IP link del dev dummy0 set +e echo " One nexthop device deleted" $IP route get fibmatch 203.0.113.1 &> /dev/null log_test $? 2 "IPv4 - multipath route removed on delete" $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null # In IPv6 we do not flush the entire multipath route. log_test $? 0 "IPv6 - multipath down to single path" set -e $IP link del dev dummy1 set +e echo " Second nexthop device deleted" $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null log_test $? 2 "IPv6 - no route" cleanup } fib_unreg_test() { fib_unreg_unicast_test fib_unreg_multipath_test } fib_down_unicast_test() { echo echo "Single path, admin down" setup echo " Start point" $IP route get fibmatch 198.51.100.2 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null log_test $? 0 "IPv6 fibmatch" set -e $IP link set dev dummy0 down set +e echo " Route deleted on down" $IP route get fibmatch 198.51.100.2 &> /dev/null log_test $? 2 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null log_test $? 2 "IPv6 fibmatch" cleanup } fib_down_multipath_test_do() { local down_dev=$1 local up_dev=$2 $IP route get fibmatch 203.0.113.1 \ oif $down_dev &> /dev/null log_test $? 2 "IPv4 fibmatch on down device" $IP -6 route get fibmatch 2001:db8:3::1 \ oif $down_dev &> /dev/null log_test $? 2 "IPv6 fibmatch on down device" $IP route get fibmatch 203.0.113.1 \ oif $up_dev &> /dev/null log_test $? 0 "IPv4 fibmatch on up device" $IP -6 route get fibmatch 2001:db8:3::1 \ oif $up_dev &> /dev/null log_test $? 0 "IPv6 fibmatch on up device" $IP route get fibmatch 203.0.113.1 | \ grep $down_dev | grep -q "dead linkdown" log_test $? 0 "IPv4 flags on down device" $IP -6 route get fibmatch 2001:db8:3::1 | \ grep $down_dev | grep -q "dead linkdown" log_test $? 0 "IPv6 flags on down device" $IP route get fibmatch 203.0.113.1 | \ grep $up_dev | grep -q "dead linkdown" log_test $? 1 "IPv4 flags on up device" $IP -6 route get fibmatch 2001:db8:3::1 | \ grep $up_dev | grep -q "dead linkdown" log_test $? 1 "IPv6 flags on up device" } fib_down_multipath_test() { echo echo "Admin down multipath" setup set -e $IP link add dummy1 type dummy $IP link set dev dummy1 up $IP address add 192.0.2.1/24 dev dummy1 $IP -6 address add 2001:db8:2::1/64 dev dummy1 $IP route add 203.0.113.0/24 \ nexthop via 198.51.100.2 dev dummy0 \ nexthop via 192.0.2.2 dev dummy1 $IP -6 route add 2001:db8:3::/64 \ nexthop via 2001:db8:1::2 dev dummy0 \ nexthop via 2001:db8:2::2 dev dummy1 set +e echo " Verify start point" $IP route get fibmatch 203.0.113.1 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null log_test $? 0 "IPv6 fibmatch" set -e $IP link set dev dummy0 down set +e echo " One device down, one up" fib_down_multipath_test_do "dummy0" "dummy1" set -e $IP link set dev dummy0 up $IP link set dev dummy1 down set +e echo " Other device down and up" fib_down_multipath_test_do "dummy1" "dummy0" set -e $IP link set dev dummy0 down set +e echo " Both devices down" $IP route get fibmatch 203.0.113.1 &> /dev/null log_test $? 2 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null log_test $? 2 "IPv6 fibmatch" $IP link del dev dummy1 cleanup } fib_down_test() { fib_down_unicast_test fib_down_multipath_test } # Local routes should not be affected when carrier changes. fib_carrier_local_test() { echo echo "Local carrier tests - single path" setup set -e $IP link set dev dummy0 carrier on set +e echo " Start point" $IP route get fibmatch 198.51.100.1 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:1::1 &> /dev/null log_test $? 0 "IPv6 fibmatch" $IP route get fibmatch 198.51.100.1 | \ grep -q "linkdown" log_test $? 1 "IPv4 - no linkdown flag" $IP -6 route get fibmatch 2001:db8:1::1 | \ grep -q "linkdown" log_test $? 1 "IPv6 - no linkdown flag" set -e $IP link set dev dummy0 carrier off sleep 1 set +e echo " Carrier off on nexthop" $IP route get fibmatch 198.51.100.1 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:1::1 &> /dev/null log_test $? 0 "IPv6 fibmatch" $IP route get fibmatch 198.51.100.1 | \ grep -q "linkdown" log_test $? 1 "IPv4 - linkdown flag set" $IP -6 route get fibmatch 2001:db8:1::1 | \ grep -q "linkdown" log_test $? 1 "IPv6 - linkdown flag set" set -e $IP address add 192.0.2.1/24 dev dummy0 $IP -6 address add 2001:db8:2::1/64 dev dummy0 set +e echo " Route to local address with carrier down" $IP route get fibmatch 192.0.2.1 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:2::1 &> /dev/null log_test $? 0 "IPv6 fibmatch" $IP route get fibmatch 192.0.2.1 | \ grep -q "linkdown" log_test $? 1 "IPv4 linkdown flag set" $IP -6 route get fibmatch 2001:db8:2::1 | \ grep -q "linkdown" log_test $? 1 "IPv6 linkdown flag set" cleanup } fib_carrier_unicast_test() { ret=0 echo echo "Single path route carrier test" setup set -e $IP link set dev dummy0 carrier on set +e echo " Start point" $IP route get fibmatch 198.51.100.2 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null log_test $? 0 "IPv6 fibmatch" $IP route get fibmatch 198.51.100.2 | \ grep -q "linkdown" log_test $? 1 "IPv4 no linkdown flag" $IP -6 route get fibmatch 2001:db8:1::2 | \ grep -q "linkdown" log_test $? 1 "IPv6 no linkdown flag" set -e $IP link set dev dummy0 carrier off sleep 1 set +e echo " Carrier down" $IP route get fibmatch 198.51.100.2 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null log_test $? 0 "IPv6 fibmatch" $IP route get fibmatch 198.51.100.2 | \ grep -q "linkdown" log_test $? 0 "IPv4 linkdown flag set" $IP -6 route get fibmatch 2001:db8:1::2 | \ grep -q "linkdown" log_test $? 0 "IPv6 linkdown flag set" set -e $IP address add 192.0.2.1/24 dev dummy0 $IP -6 address add 2001:db8:2::1/64 dev dummy0 set +e echo " Second address added with carrier down" $IP route get fibmatch 192.0.2.2 &> /dev/null log_test $? 0 "IPv4 fibmatch" $IP -6 route get fibmatch 2001:db8:2::2 &> /dev/null log_test $? 0 "IPv6 fibmatch" $IP route get fibmatch 192.0.2.2 | \ grep -q "linkdown" log_test $? 0 "IPv4 linkdown flag set" $IP -6 route get fibmatch 2001:db8:2::2 | \ grep -q "linkdown" log_test $? 0 "IPv6 linkdown flag set" cleanup } fib_carrier_test() { fib_carrier_local_test fib_carrier_unicast_test } fib_rp_filter_test() { echo echo "IPv4 rp_filter tests" setup set -e setup_ns ns2 $IP link add name veth1 type veth peer name veth2 $IP link set dev veth2 netns $ns2 $IP address add 192.0.2.1/24 dev veth1 ip -netns $ns2 address add 192.0.2.1/24 dev veth2 $IP link set dev veth1 up ip -netns $ns2 link set dev veth2 up $IP link set dev lo address 52:54:00:6a:c7:5e $IP link set dev veth1 address 52:54:00:6a:c7:5e ip -netns $ns2 link set dev lo address 52:54:00:6a:c7:5e ip -netns $ns2 link set dev veth2 address 52:54:00:6a:c7:5e # 1. (ns2) redirect lo's egress to veth2's egress ip netns exec $ns2 tc qdisc add dev lo parent root handle 1: fq_codel ip netns exec $ns2 tc filter add dev lo parent 1: protocol arp basic \ action mirred egress redirect dev veth2 ip netns exec $ns2 tc filter add dev lo parent 1: protocol ip basic \ action mirred egress redirect dev veth2 # 2. (ns1) redirect veth1's ingress to lo's ingress $NS_EXEC tc qdisc add dev veth1 ingress $NS_EXEC tc filter add dev veth1 ingress protocol arp basic \ action mirred ingress redirect dev lo $NS_EXEC tc filter add dev veth1 ingress protocol ip basic \ action mirred ingress redirect dev lo # 3. (ns1) redirect lo's egress to veth1's egress $NS_EXEC tc qdisc add dev lo parent root handle 1: fq_codel $NS_EXEC tc filter add dev lo parent 1: protocol arp basic \ action mirred egress redirect dev veth1 $NS_EXEC tc filter add dev lo parent 1: protocol ip basic \ action mirred egress redirect dev veth1 # 4. (ns2) redirect veth2's ingress to lo's ingress ip netns exec $ns2 tc qdisc add dev veth2 ingress ip netns exec $ns2 tc filter add dev veth2 ingress protocol arp basic \ action mirred ingress redirect dev lo ip netns exec $ns2 tc filter add dev veth2 ingress protocol ip basic \ action mirred ingress redirect dev lo $NS_EXEC sysctl -qw net.ipv4.conf.all.rp_filter=1 $NS_EXEC sysctl -qw net.ipv4.conf.all.accept_local=1 $NS_EXEC sysctl -qw net.ipv4.conf.all.route_localnet=1 ip netns exec $ns2 sysctl -qw net.ipv4.conf.all.rp_filter=1 ip netns exec $ns2 sysctl -qw net.ipv4.conf.all.accept_local=1 ip netns exec $ns2 sysctl -qw net.ipv4.conf.all.route_localnet=1 set +e run_cmd "ip netns exec $ns2 ping -w1 -c1 192.0.2.1" log_test $? 0 "rp_filter passes local packets" run_cmd "ip netns exec $ns2 ping -w1 -c1 127.0.0.1" log_test $? 0 "rp_filter passes loopback packets" cleanup } ################################################################################ # Tests on nexthop spec # run 'ip route add' with given spec add_rt() { local desc="$1" local erc=$2 local vrf=$3 local pfx=$4 local gw=$5 local dev=$6 local cmd out rc [ "$vrf" = "-" ] && vrf="default" [ -n "$gw" ] && gw="via $gw" [ -n "$dev" ] && dev="dev $dev" cmd="$IP route add vrf $vrf $pfx $gw $dev" if [ "$VERBOSE" = "1" ]; then printf "\n COMMAND: $cmd\n" fi out=$(eval $cmd 2>&1) rc=$? if [ "$VERBOSE" = "1" -a -n "$out" ]; then echo " $out" fi log_test $rc $erc "$desc" } fib4_nexthop() { echo echo "IPv4 nexthop tests" echo "<<< write me >>>" } fib6_nexthop() { local lldummy=$(get_linklocal dummy0) local llv1=$(get_linklocal dummy0) if [ -z "$lldummy" ]; then echo "Failed to get linklocal address for dummy0" return 1 fi if [ -z "$llv1" ]; then echo "Failed to get linklocal address for veth1" return 1 fi echo echo "IPv6 nexthop tests" add_rt "Directly connected nexthop, unicast address" 0 \ - 2001:db8:101::/64 2001:db8:1::2 add_rt "Directly connected nexthop, unicast address with device" 0 \ - 2001:db8:102::/64 2001:db8:1::2 "dummy0" add_rt "Gateway is linklocal address" 0 \ - 2001:db8:103::1/64 $llv1 "veth0" # fails because LL address requires a device add_rt "Gateway is linklocal address, no device" 2 \ - 2001:db8:104::1/64 $llv1 # local address can not be a gateway add_rt "Gateway can not be local unicast address" 2 \ - 2001:db8:105::/64 2001:db8:1::1 add_rt "Gateway can not be local unicast address, with device" 2 \ - 2001:db8:106::/64 2001:db8:1::1 "dummy0" add_rt "Gateway can not be a local linklocal address" 2 \ - 2001:db8:107::1/64 $lldummy "dummy0" # VRF tests add_rt "Gateway can be local address in a VRF" 0 \ - 2001:db8:108::/64 2001:db8:51::2 add_rt "Gateway can be local address in a VRF, with device" 0 \ - 2001:db8:109::/64 2001:db8:51::2 "veth0" add_rt "Gateway can be local linklocal address in a VRF" 0 \ - 2001:db8:110::1/64 $llv1 "veth0" add_rt "Redirect to VRF lookup" 0 \ - 2001:db8:111::/64 "" "red" add_rt "VRF route, gateway can be local address in default VRF" 0 \ red 2001:db8:112::/64 2001:db8:51::1 # local address in same VRF fails add_rt "VRF route, gateway can not be a local address" 2 \ red 2001:db8:113::1/64 2001:db8:2::1 add_rt "VRF route, gateway can not be a local addr with device" 2 \ red 2001:db8:114::1/64 2001:db8:2::1 "dummy1" } # Default VRF: # dummy0 - 198.51.100.1/24 2001:db8:1::1/64 # veth0 - 192.0.2.1/24 2001:db8:51::1/64 # # VRF red: # dummy1 - 192.168.2.1/24 2001:db8:2::1/64 # veth1 - 192.0.2.2/24 2001:db8:51::2/64 # # [ dummy0 veth0 ]--[ veth1 dummy1 ] fib_nexthop_test() { setup set -e $IP -4 rule add pref 32765 table local $IP -4 rule del pref 0 $IP -6 rule add pref 32765 table local $IP -6 rule del pref 0 $IP link add red type vrf table 1 $IP link set red up $IP -4 route add vrf red unreachable default metric 4278198272 $IP -6 route add vrf red unreachable default metric 4278198272 $IP link add veth0 type veth peer name veth1 $IP link set dev veth0 up $IP address add 192.0.2.1/24 dev veth0 $IP -6 address add 2001:db8:51::1/64 dev veth0 $IP link set dev veth1 vrf red up $IP address add 192.0.2.2/24 dev veth1 $IP -6 address add 2001:db8:51::2/64 dev veth1 $IP link add dummy1 type dummy $IP link set dev dummy1 vrf red up $IP address add 192.168.2.1/24 dev dummy1 $IP -6 address add 2001:db8:2::1/64 dev dummy1 set +e sleep 1 fib4_nexthop fib6_nexthop ( $IP link del dev dummy1 $IP link del veth0 $IP link del red ) 2>/dev/null cleanup } fib6_notify_test() { setup echo echo "Fib6 info length calculation in route notify test" set -e for i in 10 20 30 40 50 60 70; do $IP link add dummy_$i type dummy $IP link set dev dummy_$i up $IP -6 address add 2001:$i::1/64 dev dummy_$i done $NS_EXEC ip monitor route &> errors.txt & sleep 2 $IP -6 route add 2001::/64 \ nexthop via 2001:10::2 dev dummy_10 \ nexthop encap ip6 dst 2002::20 via 2001:20::2 dev dummy_20 \ nexthop encap ip6 dst 2002::30 via 2001:30::2 dev dummy_30 \ nexthop encap ip6 dst 2002::40 via 2001:40::2 dev dummy_40 \ nexthop encap ip6 dst 2002::50 via 2001:50::2 dev dummy_50 \ nexthop encap ip6 dst 2002::60 via 2001:60::2 dev dummy_60 \ nexthop encap ip6 dst 2002::70 via 2001:70::2 dev dummy_70 set +e err=`cat errors.txt |grep "Message too long"` if [ -z "$err" ];then ret=0 else ret=1 fi log_test $ret 0 "ipv6 route add notify" { kill %% && wait %%; } 2>/dev/null #rm errors.txt cleanup &> /dev/null } fib_notify_test() { setup echo echo "Fib4 info length calculation in route notify test" set -e for i in 10 20 30 40 50 60 70; do $IP link add dummy_$i type dummy $IP link set dev dummy_$i up $IP address add 20.20.$i.2/24 dev dummy_$i done $NS_EXEC ip monitor route &> errors.txt & sleep 2 $IP route add 10.0.0.0/24 \ nexthop via 20.20.10.1 dev dummy_10 \ nexthop encap ip dst 192.168.10.20 via 20.20.20.1 dev dummy_20 \ nexthop encap ip dst 192.168.10.30 via 20.20.30.1 dev dummy_30 \ nexthop encap ip dst 192.168.10.40 via 20.20.40.1 dev dummy_40 \ nexthop encap ip dst 192.168.10.50 via 20.20.50.1 dev dummy_50 \ nexthop encap ip dst 192.168.10.60 via 20.20.60.1 dev dummy_60 \ nexthop encap ip dst 192.168.10.70 via 20.20.70.1 dev dummy_70 set +e err=`cat errors.txt |grep "Message too long"` if [ -z "$err" ];then ret=0 else ret=1 fi log_test $ret 0 "ipv4 route add notify" { kill %% && wait %%; } 2>/dev/null rm errors.txt cleanup &> /dev/null } # Create a new dummy_10 to remove all associated routes. reset_dummy_10() { $IP link del dev dummy_10 $IP link add dummy_10 type dummy $IP link set dev dummy_10 up $IP -6 address add 2001:10::1/64 dev dummy_10 } check_rt_num() { local expected=$1 local num=$2 if [ $num -ne $expected ]; then echo "FAIL: Expected $expected routes, got $num" ret=1 else ret=0 fi } check_rt_num_clean() { local expected=$1 local num=$2 if [ $num -ne $expected ]; then log_test 1 0 "expected $expected routes, got $num" set +e cleanup &> /dev/null return 1 fi return 0 } fib6_gc_test() { setup echo echo "Fib6 garbage collection test" set -e EXPIRE=5 GC_WAIT_TIME=$((EXPIRE * 2 + 2)) # Check expiration of routes every $EXPIRE seconds (GC) $NS_EXEC sysctl -wq net.ipv6.route.gc_interval=$EXPIRE $IP link add dummy_10 type dummy $IP link set dev dummy_10 up $IP -6 address add 2001:10::1/64 dev dummy_10 $NS_EXEC sysctl -wq net.ipv6.route.flush=1 # Temporary routes for i in $(seq 1 5); do # Expire route after $EXPIRE seconds $IP -6 route add 2001:20::$i \ via 2001:10::2 dev dummy_10 expires $EXPIRE done sleep $GC_WAIT_TIME $NS_EXEC sysctl -wq net.ipv6.route.flush=1 check_rt_num 0 $($IP -6 route list |grep expires|wc -l) log_test $ret 0 "ipv6 route garbage collection" reset_dummy_10 # Permanent routes for i in $(seq 1 5); do $IP -6 route add 2001:30::$i \ via 2001:10::2 dev dummy_10 done # Temporary routes for i in $(seq 1 5); do # Expire route after $EXPIRE seconds $IP -6 route add 2001:20::$i \ via 2001:10::2 dev dummy_10 expires $EXPIRE done # Wait for GC sleep $GC_WAIT_TIME check_rt_num 0 $($IP -6 route list |grep expires|wc -l) log_test $ret 0 "ipv6 route garbage collection (with permanent routes)" reset_dummy_10 # Permanent routes for i in $(seq 1 5); do $IP -6 route add 2001:20::$i \ via 2001:10::2 dev dummy_10 done # Replace with temporary routes for i in $(seq 1 5); do # Expire route after $EXPIRE seconds $IP -6 route replace 2001:20::$i \ via 2001:10::2 dev dummy_10 expires $EXPIRE done # Wait for GC sleep $GC_WAIT_TIME check_rt_num 0 $($IP -6 route list |grep expires|wc -l) log_test $ret 0 "ipv6 route garbage collection (replace with expires)" reset_dummy_10 # Temporary routes for i in $(seq 1 5); do # Expire route after $EXPIRE seconds $IP -6 route add 2001:20::$i \ via 2001:10::2 dev dummy_10 expires $EXPIRE done # Replace with permanent routes for i in $(seq 1 5); do $IP -6 route replace 2001:20::$i \ via 2001:10::2 dev dummy_10 done check_rt_num_clean 0 $($IP -6 route list |grep expires|wc -l) || return # Wait for GC sleep $GC_WAIT_TIME check_rt_num 5 $($IP -6 route list |grep -v expires|grep 2001:20::|wc -l) log_test $ret 0 "ipv6 route garbage collection (replace with permanent)" # ra6 is required for the next test. (ipv6toolkit) if [ ! -x "$(command -v ra6)" ]; then echo "SKIP: ra6 not found." set +e cleanup &> /dev/null return fi # Delete dummy_10 and remove all routes $IP link del dev dummy_10 # Create a pair of veth devices to send a RA message from one # device to another. $IP link add veth1 type veth peer name veth2 $IP link set dev veth1 up $IP link set dev veth2 up $IP -6 address add 2001:10::1/64 dev veth1 nodad $IP -6 address add 2001:10::2/64 dev veth2 nodad # Make veth1 ready to receive RA messages. $NS_EXEC sysctl -wq net.ipv6.conf.veth1.accept_ra=2 # Send a RA message with a route from veth2 to veth1. $NS_EXEC ra6 -i veth2 -d 2001:10::1 -t $EXPIRE # Wait for the RA message. sleep 1 # systemd may mess up the test. You syould make sure that # systemd-networkd.service and systemd-networkd.socket are stopped. check_rt_num_clean 1 $($IP -6 route list|grep expires|wc -l) || return # Wait for GC sleep $GC_WAIT_TIME check_rt_num 0 $($IP -6 route list |grep expires|wc -l) log_test $ret 0 "ipv6 route garbage collection (RA message)" set +e cleanup &> /dev/null } fib_suppress_test() { echo echo "FIB rule with suppress_prefixlength" setup $IP link add dummy1 type dummy $IP link set dummy1 up $IP -6 route add default dev dummy1 $IP -6 rule add table main suppress_prefixlength 0 ping -f -c 1000 -W 1 1234::1 >/dev/null 2>&1 $IP -6 rule del table main suppress_prefixlength 0 $IP link del dummy1 # If we got here without crashing, we're good. log_test 0 0 "FIB rule suppress test" cleanup } ################################################################################ # Tests on route add and replace run_cmd() { local cmd="$1" local out local stderr="2>/dev/null" if [ "$VERBOSE" = "1" ]; then printf " COMMAND: $cmd\n" stderr= fi out=$(eval $cmd $stderr) rc=$? if [ "$VERBOSE" = "1" -a -n "$out" ]; then echo " $out" fi [ "$VERBOSE" = "1" ] && echo return $rc } check_expected() { local out="$1" local expected="$2" local rc=0 [ "${out}" = "${expected}" ] && return 0 if [ -z "${out}" ]; then if [ "$VERBOSE" = "1" ]; then printf "\nNo route entry found\n" printf "Expected:\n" printf " ${expected}\n" fi return 1 fi # tricky way to convert output to 1-line without ip's # messy '\'; this drops all extra white space out=$(echo ${out}) if [ "${out}" != "${expected}" ]; then rc=1 if [ "${VERBOSE}" = "1" ]; then printf " Unexpected route entry. Have:\n" printf " ${out}\n" printf " Expected:\n" printf " ${expected}\n\n" fi fi return $rc } # add route for a prefix, flushing any existing routes first # expected to be the first step of a test add_route6() { local pfx="$1" local nh="$2" local out if [ "$VERBOSE" = "1" ]; then echo echo " ##################################################" echo fi run_cmd "$IP -6 ro flush ${pfx}" [ $? -ne 0 ] && exit 1 out=$($IP -6 ro ls match ${pfx}) if [ -n "$out" ]; then echo "Failed to flush routes for prefix used for tests." exit 1 fi run_cmd "$IP -6 ro add ${pfx} ${nh}" if [ $? -ne 0 ]; then echo "Failed to add initial route for test." exit 1 fi } # add initial route - used in replace route tests add_initial_route6() { add_route6 "2001:db8:104::/64" "$1" } check_route6() { local pfx local expected="$1" local out local rc=0 set -- $expected pfx=$1 out=$($IP -6 ro ls match ${pfx} | sed -e 's/ pref medium//') check_expected "${out}" "${expected}" } route_cleanup() { $IP li del red 2>/dev/null $IP li del dummy1 2>/dev/null $IP li del veth1 2>/dev/null $IP li del veth3 2>/dev/null cleanup &> /dev/null } route_setup() { route_cleanup setup [ "${VERBOSE}" = "1" ] && set -x set -e setup_ns ns2 ip netns exec $ns2 sysctl -qw net.ipv4.ip_forward=1 ip netns exec $ns2 sysctl -qw net.ipv6.conf.all.forwarding=1 $IP li add veth1 type veth peer name veth2 $IP li add veth3 type veth peer name veth4 $IP li set veth1 up $IP li set veth3 up $IP li set veth2 netns $ns2 up $IP li set veth4 netns $ns2 up ip -netns $ns2 li add dummy1 type dummy ip -netns $ns2 li set dummy1 up $IP -6 addr add 2001:db8:101::1/64 dev veth1 nodad $IP -6 addr add 2001:db8:103::1/64 dev veth3 nodad $IP addr add 172.16.101.1/24 dev veth1 $IP addr add 172.16.103.1/24 dev veth3 ip -netns $ns2 -6 addr add 2001:db8:101::2/64 dev veth2 nodad ip -netns $ns2 -6 addr add 2001:db8:103::2/64 dev veth4 nodad ip -netns $ns2 -6 addr add 2001:db8:104::1/64 dev dummy1 nodad ip -netns $ns2 addr add 172.16.101.2/24 dev veth2 ip -netns $ns2 addr add 172.16.103.2/24 dev veth4 ip -netns $ns2 addr add 172.16.104.1/24 dev dummy1 set +e } # assumption is that basic add of a single path route works # otherwise just adding an address on an interface is broken ipv6_rt_add() { local rc echo echo "IPv6 route add / append tests" # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" run_cmd "$IP -6 ro add 2001:db8:104::/64 via 2001:db8:103::2" log_test $? 2 "Attempt to add duplicate route - gw" # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" run_cmd "$IP -6 ro add 2001:db8:104::/64 dev veth3" log_test $? 2 "Attempt to add duplicate route - dev only" # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" run_cmd "$IP -6 ro add unreachable 2001:db8:104::/64" log_test $? 2 "Attempt to add duplicate route - reject route" # route append with same prefix adds a new route # - iproute2 sets NLM_F_CREATE | NLM_F_APPEND add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" run_cmd "$IP -6 ro append 2001:db8:104::/64 via 2001:db8:103::2" check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" log_test $? 0 "Append nexthop to existing route - gw" # insert mpath directly add_route6 "2001:db8:104::/64" "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" log_test $? 0 "Add multipath route" add_route6 "2001:db8:104::/64" "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" run_cmd "$IP -6 ro add 2001:db8:104::/64 nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" log_test $? 2 "Attempt to add duplicate multipath route" # insert of a second route without append but different metric add_route6 "2001:db8:104::/64" "via 2001:db8:101::2" run_cmd "$IP -6 ro add 2001:db8:104::/64 via 2001:db8:103::2 metric 512" rc=$? if [ $rc -eq 0 ]; then run_cmd "$IP -6 ro add 2001:db8:104::/64 via 2001:db8:103::3 metric 256" rc=$? fi log_test $rc 0 "Route add with different metrics" run_cmd "$IP -6 ro del 2001:db8:104::/64 metric 512" rc=$? if [ $rc -eq 0 ]; then check_route6 "2001:db8:104::/64 via 2001:db8:103::3 dev veth3 metric 256 2001:db8:104::/64 via 2001:db8:101::2 dev veth1 metric 1024" rc=$? fi log_test $rc 0 "Route delete with metric" } ipv6_rt_replace_single() { # single path with single path # add_initial_route6 "via 2001:db8:101::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 via 2001:db8:103::2" check_route6 "2001:db8:104::/64 via 2001:db8:103::2 dev veth3 metric 1024" log_test $? 0 "Single path with single path" # single path with multipath # add_initial_route6 "nexthop via 2001:db8:101::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:101::3 nexthop via 2001:db8:103::2" check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::3 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" log_test $? 0 "Single path with multipath" # single path with single path using MULTIPATH attribute # add_initial_route6 "via 2001:db8:101::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:103::2" check_route6 "2001:db8:104::/64 via 2001:db8:103::2 dev veth3 metric 1024" log_test $? 0 "Single path with single path via multipath attribute" # route replace fails - invalid nexthop add_initial_route6 "via 2001:db8:101::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 via 2001:db8:104::2" if [ $? -eq 0 ]; then # previous command is expected to fail so if it returns 0 # that means the test failed. log_test 0 1 "Invalid nexthop" else check_route6 "2001:db8:104::/64 via 2001:db8:101::2 dev veth1 metric 1024" log_test $? 0 "Invalid nexthop" fi # replace non-existent route # - note use of change versus replace since ip adds NLM_F_CREATE # for replace add_initial_route6 "via 2001:db8:101::2" run_cmd "$IP -6 ro change 2001:db8:105::/64 via 2001:db8:101::2" log_test $? 2 "Single path - replace of non-existent route" } ipv6_rt_replace_mpath() { # multipath with multipath add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:101::3 nexthop via 2001:db8:103::3" check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::3 dev veth1 weight 1 nexthop via 2001:db8:103::3 dev veth3 weight 1" log_test $? 0 "Multipath with multipath" # multipath with single add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 via 2001:db8:101::3" check_route6 "2001:db8:104::/64 via 2001:db8:101::3 dev veth1 metric 1024" log_test $? 0 "Multipath with single path" # multipath with single add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:101::3" check_route6 "2001:db8:104::/64 via 2001:db8:101::3 dev veth1 metric 1024" log_test $? 0 "Multipath with single path via multipath attribute" # multipath with dev-only add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 dev veth1" check_route6 "2001:db8:104::/64 dev veth1 metric 1024" log_test $? 0 "Multipath with dev-only" # route replace fails - invalid nexthop 1 add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:111::3 nexthop via 2001:db8:103::3" check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" log_test $? 0 "Multipath - invalid first nexthop" # route replace fails - invalid nexthop 2 add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:101::3 nexthop via 2001:db8:113::3" check_route6 "2001:db8:104::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" log_test $? 0 "Multipath - invalid second nexthop" # multipath non-existent route add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" run_cmd "$IP -6 ro change 2001:db8:105::/64 nexthop via 2001:db8:101::3 nexthop via 2001:db8:103::3" log_test $? 2 "Multipath - replace of non-existent route" } ipv6_rt_replace() { echo echo "IPv6 route replace tests" ipv6_rt_replace_single ipv6_rt_replace_mpath } ipv6_rt_dsfield() { echo echo "IPv6 route with dsfield tests" run_cmd "$IP -6 route flush 2001:db8:102::/64" # IPv6 doesn't support routing based on dsfield run_cmd "$IP -6 route add 2001:db8:102::/64 dsfield 0x04 via 2001:db8:101::2" log_test $? 2 "Reject route with dsfield" } ipv6_route_test() { route_setup ipv6_rt_add ipv6_rt_replace ipv6_rt_dsfield route_cleanup } ip_addr_metric_check() { ip addr help 2>&1 | grep -q metric if [ $? -ne 0 ]; then echo "iproute2 command does not support metric for addresses. Skipping test" return 1 fi return 0 } ipv6_addr_metric_test() { local rc echo echo "IPv6 prefix route tests" ip_addr_metric_check || return 1 setup set -e $IP li add dummy1 type dummy $IP li add dummy2 type dummy $IP li set dummy1 up $IP li set dummy2 up # default entry is metric 256 run_cmd "$IP -6 addr add dev dummy1 2001:db8:104::1/64" run_cmd "$IP -6 addr add dev dummy2 2001:db8:104::2/64" set +e check_route6 "2001:db8:104::/64 dev dummy1 proto kernel metric 256 2001:db8:104::/64 dev dummy2 proto kernel metric 256" log_test $? 0 "Default metric" set -e run_cmd "$IP -6 addr flush dev dummy1" run_cmd "$IP -6 addr add dev dummy1 2001:db8:104::1/64 metric 257" set +e check_route6 "2001:db8:104::/64 dev dummy2 proto kernel metric 256 2001:db8:104::/64 dev dummy1 proto kernel metric 257" log_test $? 0 "User specified metric on first device" set -e run_cmd "$IP -6 addr flush dev dummy2" run_cmd "$IP -6 addr add dev dummy2 2001:db8:104::2/64 metric 258" set +e check_route6 "2001:db8:104::/64 dev dummy1 proto kernel metric 257 2001:db8:104::/64 dev dummy2 proto kernel metric 258" log_test $? 0 "User specified metric on second device" run_cmd "$IP -6 addr del dev dummy1 2001:db8:104::1/64 metric 257" rc=$? if [ $rc -eq 0 ]; then check_route6 "2001:db8:104::/64 dev dummy2 proto kernel metric 258" rc=$? fi log_test $rc 0 "Delete of address on first device" run_cmd "$IP -6 addr change dev dummy2 2001:db8:104::2/64 metric 259" rc=$? if [ $rc -eq 0 ]; then check_route6 "2001:db8:104::/64 dev dummy2 proto kernel metric 259" rc=$? fi log_test $rc 0 "Modify metric of address" # verify prefix route removed on down run_cmd "ip netns exec $ns1 sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1" run_cmd "$IP li set dev dummy2 down" rc=$? if [ $rc -eq 0 ]; then out=$($IP -6 ro ls match 2001:db8:104::/64) check_expected "${out}" "" rc=$? fi log_test $rc 0 "Prefix route removed on link down" # verify prefix route re-inserted with assigned metric run_cmd "$IP li set dev dummy2 up" rc=$? if [ $rc -eq 0 ]; then check_route6 "2001:db8:104::/64 dev dummy2 proto kernel metric 259" rc=$? fi log_test $rc 0 "Prefix route with metric on link up" # verify peer metric added correctly set -e run_cmd "$IP -6 addr flush dev dummy2" run_cmd "$IP -6 addr add dev dummy2 2001:db8:104::1 peer 2001:db8:104::2 metric 260" set +e check_route6 "2001:db8:104::1 dev dummy2 proto kernel metric 260" log_test $? 0 "Set metric with peer route on local side" check_route6 "2001:db8:104::2 dev dummy2 proto kernel metric 260" log_test $? 0 "Set metric with peer route on peer side" set -e run_cmd "$IP -6 addr change dev dummy2 2001:db8:104::1 peer 2001:db8:104::3 metric 261" set +e check_route6 "2001:db8:104::1 dev dummy2 proto kernel metric 261" log_test $? 0 "Modify metric and peer address on local side" check_route6 "2001:db8:104::3 dev dummy2 proto kernel metric 261" log_test $? 0 "Modify metric and peer address on peer side" $IP li del dummy1 $IP li del dummy2 cleanup } ipv6_route_metrics_test() { local rc echo echo "IPv6 routes with metrics" route_setup # # single path with metrics # run_cmd "$IP -6 ro add 2001:db8:111::/64 via 2001:db8:101::2 mtu 1400" rc=$? if [ $rc -eq 0 ]; then check_route6 "2001:db8:111::/64 via 2001:db8:101::2 dev veth1 metric 1024 mtu 1400" rc=$? fi log_test $rc 0 "Single path route with mtu metric" # # multipath via separate routes with metrics # run_cmd "$IP -6 ro add 2001:db8:112::/64 via 2001:db8:101::2 mtu 1400" run_cmd "$IP -6 ro append 2001:db8:112::/64 via 2001:db8:103::2" rc=$? if [ $rc -eq 0 ]; then check_route6 "2001:db8:112::/64 metric 1024 mtu 1400 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" rc=$? fi log_test $rc 0 "Multipath route via 2 single routes with mtu metric on first" # second route is coalesced to first to make a multipath route. # MTU of the second path is hidden from display! run_cmd "$IP -6 ro add 2001:db8:113::/64 via 2001:db8:101::2" run_cmd "$IP -6 ro append 2001:db8:113::/64 via 2001:db8:103::2 mtu 1400" rc=$? if [ $rc -eq 0 ]; then check_route6 "2001:db8:113::/64 metric 1024 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" rc=$? fi log_test $rc 0 "Multipath route via 2 single routes with mtu metric on 2nd" run_cmd "$IP -6 ro del 2001:db8:113::/64 via 2001:db8:101::2" if [ $? -eq 0 ]; then check_route6 "2001:db8:113::/64 via 2001:db8:103::2 dev veth3 metric 1024 mtu 1400" log_test $? 0 " MTU of second leg" fi # # multipath with metrics # run_cmd "$IP -6 ro add 2001:db8:115::/64 mtu 1400 nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2" rc=$? if [ $rc -eq 0 ]; then check_route6 "2001:db8:115::/64 metric 1024 mtu 1400 nexthop via 2001:db8:101::2 dev veth1 weight 1 nexthop via 2001:db8:103::2 dev veth3 weight 1" rc=$? fi log_test $rc 0 "Multipath route with mtu metric" $IP -6 ro add 2001:db8:104::/64 via 2001:db8:101::2 mtu 1300 run_cmd "ip netns exec $ns1 ${ping6} -w1 -c1 -s 1500 2001:db8:104::1" log_test $? 0 "Using route with mtu metric" run_cmd "$IP -6 ro add 2001:db8:114::/64 via 2001:db8:101::2 congctl lock foo" log_test $? 2 "Invalid metric (fails metric_convert)" route_cleanup } # add route for a prefix, flushing any existing routes first # expected to be the first step of a test add_route() { local pfx="$1" local nh="$2" local out if [ "$VERBOSE" = "1" ]; then echo echo " ##################################################" echo fi run_cmd "$IP ro flush ${pfx}" [ $? -ne 0 ] && exit 1 out=$($IP ro ls match ${pfx}) if [ -n "$out" ]; then echo "Failed to flush routes for prefix used for tests." exit 1 fi run_cmd "$IP ro add ${pfx} ${nh}" if [ $? -ne 0 ]; then echo "Failed to add initial route for test." exit 1 fi } # add initial route - used in replace route tests add_initial_route() { add_route "172.16.104.0/24" "$1" } check_route() { local pfx local expected="$1" local out set -- $expected pfx=$1 [ "${pfx}" = "unreachable" ] && pfx=$2 out=$($IP ro ls match ${pfx}) check_expected "${out}" "${expected}" } # assumption is that basic add of a single path route works # otherwise just adding an address on an interface is broken ipv4_rt_add() { local rc echo echo "IPv4 route add / append tests" # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL add_route "172.16.104.0/24" "via 172.16.101.2" run_cmd "$IP ro add 172.16.104.0/24 via 172.16.103.2" log_test $? 2 "Attempt to add duplicate route - gw" # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL add_route "172.16.104.0/24" "via 172.16.101.2" run_cmd "$IP ro add 172.16.104.0/24 dev veth3" log_test $? 2 "Attempt to add duplicate route - dev only" # route add same prefix - fails with EEXISTS b/c ip adds NLM_F_EXCL add_route "172.16.104.0/24" "via 172.16.101.2" run_cmd "$IP ro add unreachable 172.16.104.0/24" log_test $? 2 "Attempt to add duplicate route - reject route" # iproute2 prepend only sets NLM_F_CREATE # - adds a new route; does NOT convert existing route to ECMP add_route "172.16.104.0/24" "via 172.16.101.2" run_cmd "$IP ro prepend 172.16.104.0/24 via 172.16.103.2" check_route "172.16.104.0/24 via 172.16.103.2 dev veth3 172.16.104.0/24 via 172.16.101.2 dev veth1" log_test $? 0 "Add new nexthop for existing prefix" # route append with same prefix adds a new route # - iproute2 sets NLM_F_CREATE | NLM_F_APPEND add_route "172.16.104.0/24" "via 172.16.101.2" run_cmd "$IP ro append 172.16.104.0/24 via 172.16.103.2" check_route "172.16.104.0/24 via 172.16.101.2 dev veth1 172.16.104.0/24 via 172.16.103.2 dev veth3" log_test $? 0 "Append nexthop to existing route - gw" add_route "172.16.104.0/24" "via 172.16.101.2" run_cmd "$IP ro append 172.16.104.0/24 dev veth3" check_route "172.16.104.0/24 via 172.16.101.2 dev veth1 172.16.104.0/24 dev veth3 scope link" log_test $? 0 "Append nexthop to existing route - dev only" add_route "172.16.104.0/24" "via 172.16.101.2" run_cmd "$IP ro append unreachable 172.16.104.0/24" check_route "172.16.104.0/24 via 172.16.101.2 dev veth1 unreachable 172.16.104.0/24" log_test $? 0 "Append nexthop to existing route - reject route" run_cmd "$IP ro flush 172.16.104.0/24" run_cmd "$IP ro add unreachable 172.16.104.0/24" run_cmd "$IP ro append 172.16.104.0/24 via 172.16.103.2" check_route "unreachable 172.16.104.0/24 172.16.104.0/24 via 172.16.103.2 dev veth3" log_test $? 0 "Append nexthop to existing reject route - gw" run_cmd "$IP ro flush 172.16.104.0/24" run_cmd "$IP ro add unreachable 172.16.104.0/24" run_cmd "$IP ro append 172.16.104.0/24 dev veth3" check_route "unreachable 172.16.104.0/24 172.16.104.0/24 dev veth3 scope link" log_test $? 0 "Append nexthop to existing reject route - dev only" # insert mpath directly add_route "172.16.104.0/24" "nexthop via 172.16.101.2 nexthop via 172.16.103.2" check_route "172.16.104.0/24 nexthop via 172.16.101.2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" log_test $? 0 "add multipath route" add_route "172.16.104.0/24" "nexthop via 172.16.101.2 nexthop via 172.16.103.2" run_cmd "$IP ro add 172.16.104.0/24 nexthop via 172.16.101.2 nexthop via 172.16.103.2" log_test $? 2 "Attempt to add duplicate multipath route" # insert of a second route without append but different metric add_route "172.16.104.0/24" "via 172.16.101.2" run_cmd "$IP ro add 172.16.104.0/24 via 172.16.103.2 metric 512" rc=$? if [ $rc -eq 0 ]; then run_cmd "$IP ro add 172.16.104.0/24 via 172.16.103.3 metric 256" rc=$? fi log_test $rc 0 "Route add with different metrics" run_cmd "$IP ro del 172.16.104.0/24 metric 512" rc=$? if [ $rc -eq 0 ]; then check_route "172.16.104.0/24 via 172.16.101.2 dev veth1 172.16.104.0/24 via 172.16.103.3 dev veth3 metric 256" rc=$? fi log_test $rc 0 "Route delete with metric" } ipv4_rt_replace_single() { # single path with single path # add_initial_route "via 172.16.101.2" run_cmd "$IP ro replace 172.16.104.0/24 via 172.16.103.2" check_route "172.16.104.0/24 via 172.16.103.2 dev veth3" log_test $? 0 "Single path with single path" # single path with multipath # add_initial_route "nexthop via 172.16.101.2" run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.101.3 nexthop via 172.16.103.2" check_route "172.16.104.0/24 nexthop via 172.16.101.3 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" log_test $? 0 "Single path with multipath" # single path with reject # add_initial_route "nexthop via 172.16.101.2" run_cmd "$IP ro replace unreachable 172.16.104.0/24" check_route "unreachable 172.16.104.0/24" log_test $? 0 "Single path with reject route" # single path with single path using MULTIPATH attribute # add_initial_route "via 172.16.101.2" run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.103.2" check_route "172.16.104.0/24 via 172.16.103.2 dev veth3" log_test $? 0 "Single path with single path via multipath attribute" # route replace fails - invalid nexthop add_initial_route "via 172.16.101.2" run_cmd "$IP ro replace 172.16.104.0/24 via 2001:db8:104::2" if [ $? -eq 0 ]; then # previous command is expected to fail so if it returns 0 # that means the test failed. log_test 0 1 "Invalid nexthop" else check_route "172.16.104.0/24 via 172.16.101.2 dev veth1" log_test $? 0 "Invalid nexthop" fi # replace non-existent route # - note use of change versus replace since ip adds NLM_F_CREATE # for replace add_initial_route "via 172.16.101.2" run_cmd "$IP ro change 172.16.105.0/24 via 172.16.101.2" log_test $? 2 "Single path - replace of non-existent route" } ipv4_rt_replace_mpath() { # multipath with multipath add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.101.3 nexthop via 172.16.103.3" check_route "172.16.104.0/24 nexthop via 172.16.101.3 dev veth1 weight 1 nexthop via 172.16.103.3 dev veth3 weight 1" log_test $? 0 "Multipath with multipath" # multipath with single add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" run_cmd "$IP ro replace 172.16.104.0/24 via 172.16.101.3" check_route "172.16.104.0/24 via 172.16.101.3 dev veth1" log_test $? 0 "Multipath with single path" # multipath with single add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.101.3" check_route "172.16.104.0/24 via 172.16.101.3 dev veth1" log_test $? 0 "Multipath with single path via multipath attribute" # multipath with reject add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" run_cmd "$IP ro replace unreachable 172.16.104.0/24" check_route "unreachable 172.16.104.0/24" log_test $? 0 "Multipath with reject route" # route replace fails - invalid nexthop 1 add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.111.3 nexthop via 172.16.103.3" check_route "172.16.104.0/24 nexthop via 172.16.101.2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" log_test $? 0 "Multipath - invalid first nexthop" # route replace fails - invalid nexthop 2 add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" run_cmd "$IP ro replace 172.16.104.0/24 nexthop via 172.16.101.3 nexthop via 172.16.113.3" check_route "172.16.104.0/24 nexthop via 172.16.101.2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" log_test $? 0 "Multipath - invalid second nexthop" # multipath non-existent route add_initial_route "nexthop via 172.16.101.2 nexthop via 172.16.103.2" run_cmd "$IP ro change 172.16.105.0/24 nexthop via 172.16.101.3 nexthop via 172.16.103.3" log_test $? 2 "Multipath - replace of non-existent route" } ipv4_rt_replace() { echo echo "IPv4 route replace tests" ipv4_rt_replace_single ipv4_rt_replace_mpath } # checks that cached input route on VRF port is deleted # when VRF is deleted ipv4_local_rt_cache() { run_cmd "ip addr add 10.0.0.1/32 dev lo" run_cmd "setup_ns test-ns" run_cmd "ip link add veth-outside type veth peer name veth-inside" run_cmd "ip link add vrf-100 type vrf table 1100" run_cmd "ip link set veth-outside master vrf-100" run_cmd "ip link set veth-inside netns $test-ns" run_cmd "ip link set veth-outside up" run_cmd "ip link set vrf-100 up" run_cmd "ip route add 10.1.1.1/32 dev veth-outside table 1100" run_cmd "ip netns exec $test-ns ip link set veth-inside up" run_cmd "ip netns exec $test-ns ip addr add 10.1.1.1/32 dev veth-inside" run_cmd "ip netns exec $test-ns ip route add 10.0.0.1/32 dev veth-inside" run_cmd "ip netns exec $test-ns ip route add default via 10.0.0.1" run_cmd "ip netns exec $test-ns ping 10.0.0.1 -c 1 -i 1" run_cmd "ip link delete vrf-100" # if we do not hang test is a success log_test $? 0 "Cached route removed from VRF port device" } ipv4_rt_dsfield() { echo echo "IPv4 route with dsfield tests" run_cmd "$IP route flush 172.16.102.0/24" # New routes should reject dsfield options that interfere with ECN run_cmd "$IP route add 172.16.102.0/24 dsfield 0x01 via 172.16.101.2" log_test $? 2 "Reject route with dsfield 0x01" run_cmd "$IP route add 172.16.102.0/24 dsfield 0x02 via 172.16.101.2" log_test $? 2 "Reject route with dsfield 0x02" run_cmd "$IP route add 172.16.102.0/24 dsfield 0x03 via 172.16.101.2" log_test $? 2 "Reject route with dsfield 0x03" # A generic route that doesn't take DSCP into account run_cmd "$IP route add 172.16.102.0/24 via 172.16.101.2" # A more specific route for DSCP 0x10 run_cmd "$IP route add 172.16.102.0/24 dsfield 0x10 via 172.16.103.2" # DSCP 0x10 should match the specific route, no matter the ECN bits $IP route get fibmatch 172.16.102.1 dsfield 0x10 | \ grep -q "via 172.16.103.2" log_test $? 0 "IPv4 route with DSCP and ECN:Not-ECT" $IP route get fibmatch 172.16.102.1 dsfield 0x11 | \ grep -q "via 172.16.103.2" log_test $? 0 "IPv4 route with DSCP and ECN:ECT(1)" $IP route get fibmatch 172.16.102.1 dsfield 0x12 | \ grep -q "via 172.16.103.2" log_test $? 0 "IPv4 route with DSCP and ECN:ECT(0)" $IP route get fibmatch 172.16.102.1 dsfield 0x13 | \ grep -q "via 172.16.103.2" log_test $? 0 "IPv4 route with DSCP and ECN:CE" # Unknown DSCP should match the generic route, no matter the ECN bits $IP route get fibmatch 172.16.102.1 dsfield 0x14 | \ grep -q "via 172.16.101.2" log_test $? 0 "IPv4 route with unknown DSCP and ECN:Not-ECT" $IP route get fibmatch 172.16.102.1 dsfield 0x15 | \ grep -q "via 172.16.101.2" log_test $? 0 "IPv4 route with unknown DSCP and ECN:ECT(1)" $IP route get fibmatch 172.16.102.1 dsfield 0x16 | \ grep -q "via 172.16.101.2" log_test $? 0 "IPv4 route with unknown DSCP and ECN:ECT(0)" $IP route get fibmatch 172.16.102.1 dsfield 0x17 | \ grep -q "via 172.16.101.2" log_test $? 0 "IPv4 route with unknown DSCP and ECN:CE" # Null DSCP should match the generic route, no matter the ECN bits $IP route get fibmatch 172.16.102.1 dsfield 0x00 | \ grep -q "via 172.16.101.2" log_test $? 0 "IPv4 route with no DSCP and ECN:Not-ECT" $IP route get fibmatch 172.16.102.1 dsfield 0x01 | \ grep -q "via 172.16.101.2" log_test $? 0 "IPv4 route with no DSCP and ECN:ECT(1)" $IP route get fibmatch 172.16.102.1 dsfield 0x02 | \ grep -q "via 172.16.101.2" log_test $? 0 "IPv4 route with no DSCP and ECN:ECT(0)" $IP route get fibmatch 172.16.102.1 dsfield 0x03 | \ grep -q "via 172.16.101.2" log_test $? 0 "IPv4 route with no DSCP and ECN:CE" } ipv4_route_test() { route_setup ipv4_rt_add ipv4_rt_replace ipv4_local_rt_cache ipv4_rt_dsfield route_cleanup } ipv4_addr_metric_test() { local rc echo echo "IPv4 prefix route tests" ip_addr_metric_check || return 1 setup set -e $IP li add dummy1 type dummy $IP li add dummy2 type dummy $IP li set dummy1 up $IP li set dummy2 up # default entry is metric 256 run_cmd "$IP addr add dev dummy1 172.16.104.1/24" run_cmd "$IP addr add dev dummy2 172.16.104.2/24" set +e check_route "172.16.104.0/24 dev dummy1 proto kernel scope link src 172.16.104.1 172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2" log_test $? 0 "Default metric" set -e run_cmd "$IP addr flush dev dummy1" run_cmd "$IP addr add dev dummy1 172.16.104.1/24 metric 257" set +e check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 172.16.104.0/24 dev dummy1 proto kernel scope link src 172.16.104.1 metric 257" log_test $? 0 "User specified metric on first device" set -e run_cmd "$IP addr flush dev dummy2" run_cmd "$IP addr add dev dummy2 172.16.104.2/24 metric 258" set +e check_route "172.16.104.0/24 dev dummy1 proto kernel scope link src 172.16.104.1 metric 257 172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 metric 258" log_test $? 0 "User specified metric on second device" run_cmd "$IP addr del dev dummy1 172.16.104.1/24 metric 257" rc=$? if [ $rc -eq 0 ]; then check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 metric 258" rc=$? fi log_test $rc 0 "Delete of address on first device" run_cmd "$IP addr change dev dummy2 172.16.104.2/24 metric 259" rc=$? if [ $rc -eq 0 ]; then check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 metric 259" rc=$? fi log_test $rc 0 "Modify metric of address" # verify prefix route removed on down run_cmd "$IP li set dev dummy2 down" rc=$? if [ $rc -eq 0 ]; then out=$($IP ro ls match 172.16.104.0/24) check_expected "${out}" "" rc=$? fi log_test $rc 0 "Prefix route removed on link down" # verify prefix route re-inserted with assigned metric run_cmd "$IP li set dev dummy2 up" rc=$? if [ $rc -eq 0 ]; then check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.2 metric 259" rc=$? fi log_test $rc 0 "Prefix route with metric on link up" # explicitly check for metric changes on edge scenarios run_cmd "$IP addr flush dev dummy2" run_cmd "$IP addr add dev dummy2 172.16.104.0/24 metric 259" run_cmd "$IP addr change dev dummy2 172.16.104.0/24 metric 260" rc=$? if [ $rc -eq 0 ]; then check_route "172.16.104.0/24 dev dummy2 proto kernel scope link src 172.16.104.0 metric 260" rc=$? fi log_test $rc 0 "Modify metric of .0/24 address" run_cmd "$IP addr flush dev dummy2" run_cmd "$IP addr add dev dummy2 172.16.104.1/32 peer 172.16.104.2 metric 260" rc=$? if [ $rc -eq 0 ]; then check_route "172.16.104.2 dev dummy2 proto kernel scope link src 172.16.104.1 metric 260" rc=$? fi log_test $rc 0 "Set metric of address with peer route" run_cmd "$IP addr change dev dummy2 172.16.104.1/32 peer 172.16.104.3 metric 261" rc=$? if [ $rc -eq 0 ]; then check_route "172.16.104.3 dev dummy2 proto kernel scope link src 172.16.104.1 metric 261" rc=$? fi log_test $rc 0 "Modify metric and peer address for peer route" $IP li del dummy1 $IP li del dummy2 cleanup } ipv4_route_metrics_test() { local rc echo echo "IPv4 route add / append tests" route_setup run_cmd "$IP ro add 172.16.111.0/24 via 172.16.101.2 mtu 1400" rc=$? if [ $rc -eq 0 ]; then check_route "172.16.111.0/24 via 172.16.101.2 dev veth1 mtu 1400" rc=$? fi log_test $rc 0 "Single path route with mtu metric" run_cmd "$IP ro add 172.16.112.0/24 mtu 1400 nexthop via 172.16.101.2 nexthop via 172.16.103.2" rc=$? if [ $rc -eq 0 ]; then check_route "172.16.112.0/24 mtu 1400 nexthop via 172.16.101.2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" rc=$? fi log_test $rc 0 "Multipath route with mtu metric" $IP ro add 172.16.104.0/24 via 172.16.101.2 mtu 1300 run_cmd "ip netns exec $ns1 ping -w1 -c1 -s 1500 172.16.104.1" log_test $? 0 "Using route with mtu metric" run_cmd "$IP ro add 172.16.111.0/24 via 172.16.101.2 congctl lock foo" log_test $? 2 "Invalid metric (fails metric_convert)" route_cleanup } ipv4_del_addr_test() { echo echo "IPv4 delete address route tests" setup set -e $IP li add dummy1 type dummy $IP li set dummy1 up $IP li add dummy2 type dummy $IP li set dummy2 up $IP li add red type vrf table 1111 $IP li set red up $IP ro add vrf red unreachable default $IP li set dummy2 vrf red $IP addr add dev dummy1 172.16.104.1/24 $IP addr add dev dummy1 172.16.104.11/24 $IP addr add dev dummy1 172.16.104.12/24 $IP addr add dev dummy1 172.16.104.13/24 $IP addr add dev dummy2 172.16.104.1/24 $IP addr add dev dummy2 172.16.104.11/24 $IP addr add dev dummy2 172.16.104.12/24 $IP route add 172.16.105.0/24 via 172.16.104.2 src 172.16.104.11 $IP route add 172.16.106.0/24 dev lo src 172.16.104.12 $IP route add table 0 172.16.107.0/24 via 172.16.104.2 src 172.16.104.13 $IP route add vrf red 172.16.105.0/24 via 172.16.104.2 src 172.16.104.11 $IP route add vrf red 172.16.106.0/24 dev lo src 172.16.104.12 set +e # removing address from device in vrf should only remove route from vrf table echo " Regular FIB info" $IP addr del dev dummy2 172.16.104.11/24 $IP ro ls vrf red | grep -q 172.16.105.0/24 log_test $? 1 "Route removed from VRF when source address deleted" $IP ro ls | grep -q 172.16.105.0/24 log_test $? 0 "Route in default VRF not removed" $IP addr add dev dummy2 172.16.104.11/24 $IP route add vrf red 172.16.105.0/24 via 172.16.104.2 src 172.16.104.11 $IP addr del dev dummy1 172.16.104.11/24 $IP ro ls | grep -q 172.16.105.0/24 log_test $? 1 "Route removed in default VRF when source address deleted" $IP ro ls vrf red | grep -q 172.16.105.0/24 log_test $? 0 "Route in VRF is not removed by address delete" # removing address from device in vrf should only remove route from vrf # table even when the associated fib info only differs in table ID echo " Identical FIB info with different table ID" $IP addr del dev dummy2 172.16.104.12/24 $IP ro ls vrf red | grep -q 172.16.106.0/24 log_test $? 1 "Route removed from VRF when source address deleted" $IP ro ls | grep -q 172.16.106.0/24 log_test $? 0 "Route in default VRF not removed" $IP addr add dev dummy2 172.16.104.12/24 $IP route add vrf red 172.16.106.0/24 dev lo src 172.16.104.12 $IP addr del dev dummy1 172.16.104.12/24 $IP ro ls | grep -q 172.16.106.0/24 log_test $? 1 "Route removed in default VRF when source address deleted" $IP ro ls vrf red | grep -q 172.16.106.0/24 log_test $? 0 "Route in VRF is not removed by address delete" # removing address from device in default vrf should remove route from # the default vrf even when route was inserted with a table ID of 0. echo " Table ID 0" $IP addr del dev dummy1 172.16.104.13/24 $IP ro ls | grep -q 172.16.107.0/24 log_test $? 1 "Route removed in default VRF when source address deleted" $IP li del dummy1 $IP li del dummy2 cleanup } ipv6_del_addr_test() { echo echo "IPv6 delete address route tests" setup set -e for i in $(seq 6); do $IP li add dummy${i} up type dummy done $IP li add red up type vrf table 1111 $IP ro add vrf red unreachable default for i in $(seq 4 6); do $IP li set dummy${i} vrf red done $IP addr add dev dummy1 fe80::1/128 $IP addr add dev dummy1 2001:db8:101::1/64 $IP addr add dev dummy1 2001:db8:101::10/64 $IP addr add dev dummy1 2001:db8:101::11/64 $IP addr add dev dummy1 2001:db8:101::12/64 $IP addr add dev dummy1 2001:db8:101::13/64 $IP addr add dev dummy1 2001:db8:101::14/64 $IP addr add dev dummy1 2001:db8:101::15/64 $IP addr add dev dummy2 fe80::1/128 $IP addr add dev dummy2 2001:db8:101::1/64 $IP addr add dev dummy2 2001:db8:101::11/64 $IP addr add dev dummy3 fe80::1/128 $IP addr add dev dummy4 2001:db8:101::1/64 $IP addr add dev dummy4 2001:db8:101::10/64 $IP addr add dev dummy4 2001:db8:101::11/64 $IP addr add dev dummy4 2001:db8:101::12/64 $IP addr add dev dummy4 2001:db8:101::13/64 $IP addr add dev dummy4 2001:db8:101::14/64 $IP addr add dev dummy5 2001:db8:101::1/64 $IP addr add dev dummy5 2001:db8:101::11/64 # Single device using src address $IP route add 2001:db8:110::/64 dev dummy3 src 2001:db8:101::10 # Two devices with the same source address $IP route add 2001:db8:111::/64 dev dummy3 src 2001:db8:101::11 # VRF with single device using src address $IP route add vrf red 2001:db8:110::/64 dev dummy6 src 2001:db8:101::10 # VRF with two devices using src address $IP route add vrf red 2001:db8:111::/64 dev dummy6 src 2001:db8:101::11 # src address and nexthop dev in same VRF $IP route add 2001:db8:112::/64 dev dummy3 src 2001:db8:101::12 $IP route add vrf red 2001:db8:112::/64 dev dummy6 src 2001:db8:101::12 # src address and nexthop device in different VRF $IP route add 2001:db8:113::/64 dev lo src 2001:db8:101::13 $IP route add vrf red 2001:db8:113::/64 dev lo src 2001:db8:101::13 # table ID 0 $IP route add table 0 2001:db8:115::/64 via 2001:db8:101::2 src 2001:db8:101::15 # Link local source route $IP route add 2001:db8:116::/64 dev dummy2 src fe80::1 $IP route add 2001:db8:117::/64 dev dummy3 src fe80::1 set +e echo " Single device using src address" $IP addr del dev dummy1 2001:db8:101::10/64 $IP -6 route show | grep -q "src 2001:db8:101::10 " log_test $? 1 "Prefsrc removed when src address removed on other device" echo " Two devices with the same source address" $IP addr del dev dummy1 2001:db8:101::11/64 $IP -6 route show | grep -q "src 2001:db8:101::11 " log_test $? 0 "Prefsrc not removed when src address exist on other device" $IP addr del dev dummy2 2001:db8:101::11/64 $IP -6 route show | grep -q "src 2001:db8:101::11 " log_test $? 1 "Prefsrc removed when src address removed on all devices" echo " VRF with single device using src address" $IP addr del dev dummy4 2001:db8:101::10/64 $IP -6 route show vrf red | grep -q "src 2001:db8:101::10 " log_test $? 1 "Prefsrc removed when src address removed on other device" echo " VRF with two devices using src address" $IP addr del dev dummy4 2001:db8:101::11/64 $IP -6 route show vrf red | grep -q "src 2001:db8:101::11 " log_test $? 0 "Prefsrc not removed when src address exist on other device" $IP addr del dev dummy5 2001:db8:101::11/64 $IP -6 route show vrf red | grep -q "src 2001:db8:101::11 " log_test $? 1 "Prefsrc removed when src address removed on all devices" echo " src address and nexthop dev in same VRF" $IP addr del dev dummy4 2001:db8:101::12/64 $IP -6 route show vrf red | grep -q "src 2001:db8:101::12 " log_test $? 1 "Prefsrc removed from VRF when source address deleted" $IP -6 route show | grep -q " src 2001:db8:101::12 " log_test $? 0 "Prefsrc in default VRF not removed" $IP addr add dev dummy4 2001:db8:101::12/64 $IP route replace vrf red 2001:db8:112::/64 dev dummy6 src 2001:db8:101::12 $IP addr del dev dummy1 2001:db8:101::12/64 $IP -6 route show vrf red | grep -q "src 2001:db8:101::12 " log_test $? 0 "Prefsrc not removed from VRF when source address exist" $IP -6 route show | grep -q " src 2001:db8:101::12 " log_test $? 1 "Prefsrc in default VRF removed" echo " src address and nexthop device in different VRF" $IP addr del dev dummy4 2001:db8:101::13/64 $IP -6 route show vrf red | grep -q "src 2001:db8:101::13 " log_test $? 0 "Prefsrc not removed from VRF when nexthop dev in diff VRF" $IP -6 route show | grep -q "src 2001:db8:101::13 " log_test $? 0 "Prefsrc not removed in default VRF" $IP addr add dev dummy4 2001:db8:101::13/64 $IP addr del dev dummy1 2001:db8:101::13/64 $IP -6 route show vrf red | grep -q "src 2001:db8:101::13 " log_test $? 1 "Prefsrc removed from VRF when nexthop dev in diff VRF" $IP -6 route show | grep -q "src 2001:db8:101::13 " log_test $? 1 "Prefsrc removed in default VRF" echo " Table ID 0" $IP addr del dev dummy1 2001:db8:101::15/64 $IP -6 route show | grep -q "src 2001:db8:101::15" log_test $? 1 "Prefsrc removed from default VRF when source address deleted" echo " Link local source route" $IP addr del dev dummy1 fe80::1/128 $IP -6 route show | grep -q "2001:db8:116::/64 dev dummy2 src fe80::1" log_test $? 0 "Prefsrc not removed when delete ll addr from other dev" $IP addr del dev dummy2 fe80::1/128 $IP -6 route show | grep -q "2001:db8:116::/64 dev dummy2 src fe80::1" log_test $? 1 "Prefsrc removed when delete ll addr" $IP -6 route show | grep -q "2001:db8:117::/64 dev dummy3 src fe80::1" log_test $? 0 "Prefsrc not removed when delete ll addr from other dev" $IP addr add dev dummy1 fe80::1/128 $IP addr del dev dummy3 fe80::1/128 $IP -6 route show | grep -q "2001:db8:117::/64 dev dummy3 src fe80::1" log_test $? 1 "Prefsrc removed even ll addr still exist on other dev" for i in $(seq 6); do $IP li del dummy${i} done cleanup } ipv4_route_v6_gw_test() { local rc echo echo "IPv4 route with IPv6 gateway tests" route_setup sleep 2 # # single path route # run_cmd "$IP ro add 172.16.104.0/24 via inet6 2001:db8:101::2" rc=$? log_test $rc 0 "Single path route with IPv6 gateway" if [ $rc -eq 0 ]; then check_route "172.16.104.0/24 via inet6 2001:db8:101::2 dev veth1" fi run_cmd "ip netns exec $ns1 ping -w1 -c1 172.16.104.1" log_test $rc 0 "Single path route with IPv6 gateway - ping" run_cmd "$IP ro del 172.16.104.0/24 via inet6 2001:db8:101::2" rc=$? log_test $rc 0 "Single path route delete" if [ $rc -eq 0 ]; then check_route "172.16.112.0/24" fi # # multipath - v6 then v4 # run_cmd "$IP ro add 172.16.104.0/24 nexthop via inet6 2001:db8:101::2 dev veth1 nexthop via 172.16.103.2 dev veth3" rc=$? log_test $rc 0 "Multipath route add - v6 nexthop then v4" if [ $rc -eq 0 ]; then check_route "172.16.104.0/24 nexthop via inet6 2001:db8:101::2 dev veth1 weight 1 nexthop via 172.16.103.2 dev veth3 weight 1" fi run_cmd "$IP ro del 172.16.104.0/24 nexthop via 172.16.103.2 dev veth3 nexthop via inet6 2001:db8:101::2 dev veth1" log_test $? 2 " Multipath route delete - nexthops in wrong order" run_cmd "$IP ro del 172.16.104.0/24 nexthop via inet6 2001:db8:101::2 dev veth1 nexthop via 172.16.103.2 dev veth3" log_test $? 0 " Multipath route delete exact match" # # multipath - v4 then v6 # run_cmd "$IP ro add 172.16.104.0/24 nexthop via 172.16.103.2 dev veth3 nexthop via inet6 2001:db8:101::2 dev veth1" rc=$? log_test $rc 0 "Multipath route add - v4 nexthop then v6" if [ $rc -eq 0 ]; then check_route "172.16.104.0/24 nexthop via 172.16.103.2 dev veth3 weight 1 nexthop via inet6 2001:db8:101::2 dev veth1 weight 1" fi run_cmd "$IP ro del 172.16.104.0/24 nexthop via inet6 2001:db8:101::2 dev veth1 nexthop via 172.16.103.2 dev veth3" log_test $? 2 " Multipath route delete - nexthops in wrong order" run_cmd "$IP ro del 172.16.104.0/24 nexthop via 172.16.103.2 dev veth3 nexthop via inet6 2001:db8:101::2 dev veth1" log_test $? 0 " Multipath route delete exact match" route_cleanup } socat_check() { if [ ! -x "$(command -v socat)" ]; then echo "socat command not found. Skipping test" return 1 fi return 0 } iptables_check() { iptables -t mangle -L OUTPUT &> /dev/null if [ $? -ne 0 ]; then echo "iptables configuration not supported. Skipping test" return 1 fi return 0 } ip6tables_check() { ip6tables -t mangle -L OUTPUT &> /dev/null if [ $? -ne 0 ]; then echo "ip6tables configuration not supported. Skipping test" return 1 fi return 0 } ipv4_mangle_test() { local rc echo echo "IPv4 mangling tests" socat_check || return 1 iptables_check || return 1 route_setup sleep 2 local tmp_file=$(mktemp) ip netns exec $ns2 socat UDP4-LISTEN:54321,fork $tmp_file & # Add a FIB rule and a route that will direct our connection to the # listening server. $IP rule add pref 100 ipproto udp sport 12345 dport 54321 table 123 $IP route add table 123 172.16.101.0/24 dev veth1 # Add an unreachable route to the main table that will block our # connection in case the FIB rule is not hit. $IP route add unreachable 172.16.101.2/32 run_cmd "echo a | $NS_EXEC socat STDIN UDP4:172.16.101.2:54321,sourceport=12345" log_test $? 0 " Connection with correct parameters" run_cmd "echo a | $NS_EXEC socat STDIN UDP4:172.16.101.2:54321,sourceport=11111" log_test $? 1 " Connection with incorrect parameters" # Add a mangling rule and make sure connection is still successful. $NS_EXEC iptables -t mangle -A OUTPUT -j MARK --set-mark 1 run_cmd "echo a | $NS_EXEC socat STDIN UDP4:172.16.101.2:54321,sourceport=12345" log_test $? 0 " Connection with correct parameters - mangling" # Delete the mangling rule and make sure connection is still # successful. $NS_EXEC iptables -t mangle -D OUTPUT -j MARK --set-mark 1 run_cmd "echo a | $NS_EXEC socat STDIN UDP4:172.16.101.2:54321,sourceport=12345" log_test $? 0 " Connection with correct parameters - no mangling" # Verify connections were indeed successful on server side. [[ $(cat $tmp_file | wc -l) -eq 3 ]] log_test $? 0 " Connection check - server side" $IP route del unreachable 172.16.101.2/32 $IP route del table 123 172.16.101.0/24 dev veth1 $IP rule del pref 100 { kill %% && wait %%; } 2>/dev/null rm $tmp_file route_cleanup } ipv6_mangle_test() { local rc echo echo "IPv6 mangling tests" socat_check || return 1 ip6tables_check || return 1 route_setup sleep 2 local tmp_file=$(mktemp) ip netns exec $ns2 socat UDP6-LISTEN:54321,fork $tmp_file & # Add a FIB rule and a route that will direct our connection to the # listening server. $IP -6 rule add pref 100 ipproto udp sport 12345 dport 54321 table 123 $IP -6 route add table 123 2001:db8:101::/64 dev veth1 # Add an unreachable route to the main table that will block our # connection in case the FIB rule is not hit. $IP -6 route add unreachable 2001:db8:101::2/128 run_cmd "echo a | $NS_EXEC socat STDIN UDP6:[2001:db8:101::2]:54321,sourceport=12345" log_test $? 0 " Connection with correct parameters" run_cmd "echo a | $NS_EXEC socat STDIN UDP6:[2001:db8:101::2]:54321,sourceport=11111" log_test $? 1 " Connection with incorrect parameters" # Add a mangling rule and make sure connection is still successful. $NS_EXEC ip6tables -t mangle -A OUTPUT -j MARK --set-mark 1 run_cmd "echo a | $NS_EXEC socat STDIN UDP6:[2001:db8:101::2]:54321,sourceport=12345" log_test $? 0 " Connection with correct parameters - mangling" # Delete the mangling rule and make sure connection is still # successful. $NS_EXEC ip6tables -t mangle -D OUTPUT -j MARK --set-mark 1 run_cmd "echo a | $NS_EXEC socat STDIN UDP6:[2001:db8:101::2]:54321,sourceport=12345" log_test $? 0 " Connection with correct parameters - no mangling" # Verify connections were indeed successful on server side. [[ $(cat $tmp_file | wc -l) -eq 3 ]] log_test $? 0 " Connection check - server side" $IP -6 route del unreachable 2001:db8:101::2/128 $IP -6 route del table 123 2001:db8:101::/64 dev veth1 $IP -6 rule del pref 100 { kill %% && wait %%; } 2>/dev/null rm $tmp_file route_cleanup } ip_neigh_get_check() { ip neigh help 2>&1 | grep -q 'ip neigh get' if [ $? -ne 0 ]; then echo "iproute2 command does not support neigh get. Skipping test" return 1 fi return 0 } ipv4_bcast_neigh_test() { local rc echo echo "IPv4 broadcast neighbour tests" ip_neigh_get_check || return 1 setup set -e run_cmd "$IP neigh add 192.0.2.111 lladdr 00:11:22:33:44:55 nud perm dev dummy0" run_cmd "$IP neigh add 192.0.2.255 lladdr 00:11:22:33:44:55 nud perm dev dummy0" run_cmd "$IP neigh get 192.0.2.111 dev dummy0" run_cmd "$IP neigh get 192.0.2.255 dev dummy0" run_cmd "$IP address add 192.0.2.1/24 broadcast 192.0.2.111 dev dummy0" run_cmd "$IP neigh add 203.0.113.111 nud failed dev dummy0" run_cmd "$IP neigh add 203.0.113.255 nud failed dev dummy0" run_cmd "$IP neigh get 203.0.113.111 dev dummy0" run_cmd "$IP neigh get 203.0.113.255 dev dummy0" run_cmd "$IP address add 203.0.113.1/24 broadcast 203.0.113.111 dev dummy0" set +e run_cmd "$IP neigh get 192.0.2.111 dev dummy0" log_test $? 0 "Resolved neighbour for broadcast address" run_cmd "$IP neigh get 192.0.2.255 dev dummy0" log_test $? 0 "Resolved neighbour for network broadcast address" run_cmd "$IP neigh get 203.0.113.111 dev dummy0" log_test $? 2 "Unresolved neighbour for broadcast address" run_cmd "$IP neigh get 203.0.113.255 dev dummy0" log_test $? 2 "Unresolved neighbour for network broadcast address" cleanup } mpath_dep_check() { if [ ! -x "$(command -v mausezahn)" ]; then echo "mausezahn command not found. Skipping test" return 1 fi if [ ! -x "$(command -v jq)" ]; then echo "jq command not found. Skipping test" return 1 fi if [ ! -x "$(command -v bc)" ]; then echo "bc command not found. Skipping test" return 1 fi if [ ! -x "$(command -v perf)" ]; then echo "perf command not found. Skipping test" return 1 fi perf list fib:* | grep -q fib_table_lookup if [ $? -ne 0 ]; then echo "IPv4 FIB tracepoint not found. Skipping test" return 1 fi perf list fib6:* | grep -q fib6_table_lookup if [ $? -ne 0 ]; then echo "IPv6 FIB tracepoint not found. Skipping test" return 1 fi return 0 } link_stats_get() { local ns=$1; shift local dev=$1; shift local dir=$1; shift local stat=$1; shift ip -n $ns -j -s link show dev $dev \ | jq '.[]["stats64"]["'$dir'"]["'$stat'"]' } list_rcv_eval() { local file=$1; shift local expected=$1; shift local count=$(tail -n 1 $file | jq '.["counter-value"] | tonumber | floor') local ratio=$(echo "scale=2; $count / $expected" | bc -l) local res=$(echo "$ratio >= 0.95" | bc) [[ $res -eq 1 ]] log_test $? 0 "Multipath route hit ratio ($ratio)" } ipv4_mpath_list_test() { echo echo "IPv4 multipath list receive tests" mpath_dep_check || return 1 route_setup set -e run_cmd "ip netns exec $ns1 ethtool -K veth1 tcp-segmentation-offload off" run_cmd "ip netns exec $ns2 bash -c \"echo 20000 > /sys/class/net/veth2/gro_flush_timeout\"" run_cmd "ip netns exec $ns2 bash -c \"echo 1 > /sys/class/net/veth2/napi_defer_hard_irqs\"" run_cmd "ip netns exec $ns2 ethtool -K veth2 generic-receive-offload on" run_cmd "ip -n $ns2 link add name nh1 up type dummy" run_cmd "ip -n $ns2 link add name nh2 up type dummy" run_cmd "ip -n $ns2 address add 172.16.201.1/24 dev nh1" run_cmd "ip -n $ns2 address add 172.16.202.1/24 dev nh2" run_cmd "ip -n $ns2 neigh add 172.16.201.2 lladdr 00:11:22:33:44:55 nud perm dev nh1" run_cmd "ip -n $ns2 neigh add 172.16.202.2 lladdr 00:aa:bb:cc:dd:ee nud perm dev nh2" run_cmd "ip -n $ns2 route add 203.0.113.0/24 nexthop via 172.16.201.2 nexthop via 172.16.202.2" run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.fib_multipath_hash_policy=1" run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.conf.veth2.rp_filter=0" run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.conf.all.rp_filter=0" run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.conf.default.rp_filter=0" set +e local dmac=$(ip -n $ns2 -j link show dev veth2 | jq -r '.[]["address"]') local tmp_file=$(mktemp) local cmd="ip netns exec $ns1 mausezahn veth1 -a own -b $dmac -A 172.16.101.1 -B 203.0.113.1 -t udp 'sp=12345,dp=0-65535' -q" # Packets forwarded in a list using a multipath route must not reuse a # cached result so that a flow always hits the same nexthop. In other # words, the FIB lookup tracepoint needs to be triggered for every # packet. local t0_rx_pkts=$(link_stats_get $ns2 veth2 rx packets) run_cmd "perf stat -a -e fib:fib_table_lookup --filter 'err == 0' -j -o $tmp_file -- $cmd" local t1_rx_pkts=$(link_stats_get $ns2 veth2 rx packets) local diff=$(echo $t1_rx_pkts - $t0_rx_pkts | bc -l) list_rcv_eval $tmp_file $diff rm $tmp_file route_cleanup } ipv6_mpath_list_test() { echo echo "IPv6 multipath list receive tests" mpath_dep_check || return 1 route_setup set -e run_cmd "ip netns exec $ns1 ethtool -K veth1 tcp-segmentation-offload off" run_cmd "ip netns exec $ns2 bash -c \"echo 20000 > /sys/class/net/veth2/gro_flush_timeout\"" run_cmd "ip netns exec $ns2 bash -c \"echo 1 > /sys/class/net/veth2/napi_defer_hard_irqs\"" run_cmd "ip netns exec $ns2 ethtool -K veth2 generic-receive-offload on" run_cmd "ip -n $ns2 link add name nh1 up type dummy" run_cmd "ip -n $ns2 link add name nh2 up type dummy" run_cmd "ip -n $ns2 -6 address add 2001:db8:201::1/64 dev nh1" run_cmd "ip -n $ns2 -6 address add 2001:db8:202::1/64 dev nh2" run_cmd "ip -n $ns2 -6 neigh add 2001:db8:201::2 lladdr 00:11:22:33:44:55 nud perm dev nh1" run_cmd "ip -n $ns2 -6 neigh add 2001:db8:202::2 lladdr 00:aa:bb:cc:dd:ee nud perm dev nh2" run_cmd "ip -n $ns2 -6 route add 2001:db8:301::/64 nexthop via 2001:db8:201::2 nexthop via 2001:db8:202::2" run_cmd "ip netns exec $ns2 sysctl -qw net.ipv6.fib_multipath_hash_policy=1" set +e local dmac=$(ip -n $ns2 -j link show dev veth2 | jq -r '.[]["address"]') local tmp_file=$(mktemp) local cmd="ip netns exec $ns1 mausezahn -6 veth1 -a own -b $dmac -A 2001:db8:101::1 -B 2001:db8:301::1 -t udp 'sp=12345,dp=0-65535' -q" # Packets forwarded in a list using a multipath route must not reuse a # cached result so that a flow always hits the same nexthop. In other # words, the FIB lookup tracepoint needs to be triggered for every # packet. local t0_rx_pkts=$(link_stats_get $ns2 veth2 rx packets) run_cmd "perf stat -a -e fib6:fib6_table_lookup --filter 'err == 0' -j -o $tmp_file -- $cmd" local t1_rx_pkts=$(link_stats_get $ns2 veth2 rx packets) local diff=$(echo $t1_rx_pkts - $t0_rx_pkts | bc -l) list_rcv_eval $tmp_file $diff rm $tmp_file route_cleanup } ################################################################################ # usage usage() { cat < Test(s) to run (default: all) (options: $TESTS) -p Pause on fail -P Pause after each test before cleanup -v verbose mode (show commands and output) EOF } ################################################################################ # main trap cleanup EXIT while getopts :t:pPhv o do case $o in t) TESTS=$OPTARG;; p) PAUSE_ON_FAIL=yes;; P) PAUSE=yes;; v) VERBOSE=$(($VERBOSE + 1));; h) usage; exit 0;; *) usage; exit 1;; esac done PEER_CMD="ip netns exec ${PEER_NS}" # make sure we don't pause twice [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no if [ "$(id -u)" -ne 0 ];then echo "SKIP: Need root privileges" exit $ksft_skip; fi if [ ! -x "$(command -v ip)" ]; then echo "SKIP: Could not run test without ip tool" exit $ksft_skip fi ip route help 2>&1 | grep -q fibmatch if [ $? -ne 0 ]; then echo "SKIP: iproute2 too old, missing fibmatch" exit $ksft_skip fi # start clean cleanup &> /dev/null for t in $TESTS do case $t in fib_unreg_test|unregister) fib_unreg_test;; fib_down_test|down) fib_down_test;; fib_carrier_test|carrier) fib_carrier_test;; fib_rp_filter_test|rp_filter) fib_rp_filter_test;; fib_nexthop_test|nexthop) fib_nexthop_test;; fib_notify_test|ipv4_notify) fib_notify_test;; fib6_notify_test|ipv6_notify) fib6_notify_test;; fib_suppress_test|suppress) fib_suppress_test;; ipv6_route_test|ipv6_rt) ipv6_route_test;; ipv4_route_test|ipv4_rt) ipv4_route_test;; ipv6_addr_metric) ipv6_addr_metric_test;; ipv4_addr_metric) ipv4_addr_metric_test;; ipv4_del_addr) ipv4_del_addr_test;; ipv6_del_addr) ipv6_del_addr_test;; ipv6_route_metrics) ipv6_route_metrics_test;; ipv4_route_metrics) ipv4_route_metrics_test;; ipv4_route_v6_gw) ipv4_route_v6_gw_test;; ipv4_mangle) ipv4_mangle_test;; ipv6_mangle) ipv6_mangle_test;; ipv4_bcast_neigh) ipv4_bcast_neigh_test;; fib6_gc_test|ipv6_gc) fib6_gc_test;; ipv4_mpath_list) ipv4_mpath_list_test;; ipv6_mpath_list) ipv6_mpath_list_test;; help) echo "Test names: $TESTS"; exit 0;; esac done if [ "$TESTS" != "none" ]; then printf "\nTests passed: %3d\n" ${nsuccess} printf "Tests failed: %3d\n" ${nfail} fi exit $ret