linux/tools/testing/selftests/net/icmp.sh
<<
>>
Prefs
   1#!/bin/bash
   2# SPDX-License-Identifier: GPL-2.0
   3
   4# Test for checking ICMP response with dummy address instead of 0.0.0.0.
   5# Sets up two namespaces like:
   6# +----------------------+                          +--------------------+
   7# | ns1                  |    v4-via-v6 routes:     | ns2                |
   8# |                      |                  '       |                    |
   9# |             +--------+   -> 172.16.1.0/24 ->    +--------+           |
  10# |             | veth0  +--------------------------+  veth0 |           |
  11# |             +--------+   <- 172.16.0.0/24 <-    +--------+           |
  12# |           172.16.0.1 |                          | 2001:db8:1::2/64   |
  13# |     2001:db8:1::2/64 |                          |                    |
  14# +----------------------+                          +--------------------+
  15#
  16# And then tries to ping 172.16.1.1 from ns1. This results in a "net
  17# unreachable" message being sent from ns2, but there is no IPv4 address set in
  18# that address space, so the kernel should substitute the dummy address
  19# 192.0.0.8 defined in RFC7600.
  20
  21NS1=ns1
  22NS2=ns2
  23H1_IP=172.16.0.1/32
  24H1_IP6=2001:db8:1::1
  25RT1=172.16.1.0/24
  26PINGADDR=172.16.1.1
  27RT2=172.16.0.0/24
  28H2_IP6=2001:db8:1::2
  29
  30TMPFILE=$(mktemp)
  31
  32cleanup()
  33{
  34    rm -f "$TMPFILE"
  35    ip netns del $NS1
  36    ip netns del $NS2
  37}
  38
  39trap cleanup EXIT
  40
  41# Namespaces
  42ip netns add $NS1
  43ip netns add $NS2
  44
  45# Connectivity
  46ip -netns $NS1 link add veth0 type veth peer name veth0 netns $NS2
  47ip -netns $NS1 link set dev veth0 up
  48ip -netns $NS2 link set dev veth0 up
  49ip -netns $NS1 addr add $H1_IP dev veth0
  50ip -netns $NS1 addr add $H1_IP6/64 dev veth0 nodad
  51ip -netns $NS2 addr add $H2_IP6/64 dev veth0 nodad
  52ip -netns $NS1 route add $RT1 via inet6 $H2_IP6
  53ip -netns $NS2 route add $RT2 via inet6 $H1_IP6
  54
  55# Make sure ns2 will respond with ICMP unreachable
  56ip netns exec $NS2 sysctl -qw net.ipv4.icmp_ratelimit=0 net.ipv4.ip_forward=1
  57
  58# Run the test - a ping runs in the background, and we capture ICMP responses
  59# with tcpdump; -c 1 means it should exit on the first ping, but add a timeout
  60# in case something goes wrong
  61ip netns exec $NS1 ping -w 3 -i 0.5 $PINGADDR >/dev/null &
  62ip netns exec $NS1 timeout 10 tcpdump -tpni veth0 -c 1 'icmp and icmp[icmptype] != icmp-echo' > $TMPFILE 2>/dev/null
  63
  64# Parse response and check for dummy address
  65# tcpdump output looks like:
  66# IP 192.0.0.8 > 172.16.0.1: ICMP net 172.16.1.1 unreachable, length 92
  67RESP_IP=$(awk '{print $2}' < $TMPFILE)
  68if [[ "$RESP_IP" != "192.0.0.8" ]]; then
  69    echo "FAIL - got ICMP response from $RESP_IP, should be 192.0.0.8"
  70    exit 1
  71else
  72    echo "OK"
  73    exit 0
  74fi
  75