165b2b493SRoopa Prabhu#!/bin/bash 265b2b493SRoopa Prabhu# SPDX-License-Identifier: GPL-2.0 365b2b493SRoopa Prabhu 465b2b493SRoopa Prabhu# This test is for checking IPv4 and IPv6 FIB rules API 565b2b493SRoopa Prabhu 66c0ee7b4SHangbin Liusource lib.sh 765b2b493SRoopa Prabhuret=0 865b2b493SRoopa PrabhuPAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no} 965b2b493SRoopa Prabhu 1065b2b493SRoopa PrabhuRTABLE=100 11c21a20d9SGuillaume NaultRTABLE_PEER=101 12*7e36c337SIdo SchimmelRTABLE_VRF=102 1365b2b493SRoopa PrabhuGW_IP4=192.51.100.2 1465b2b493SRoopa PrabhuSRC_IP=192.51.100.3 1565b2b493SRoopa PrabhuGW_IP6=2001:db8:1::2 1665b2b493SRoopa PrabhuSRC_IP6=2001:db8:1::3 1765b2b493SRoopa Prabhu 1865b2b493SRoopa PrabhuDEV_ADDR=192.51.100.1 1934632975SHangbin LiuDEV_ADDR6=2001:db8:1::1 2065b2b493SRoopa PrabhuDEV=dummy0 21*7e36c337SIdo SchimmelTESTS=" 22*7e36c337SIdo Schimmel fib_rule6 23*7e36c337SIdo Schimmel fib_rule4 24*7e36c337SIdo Schimmel fib_rule6_connect 25*7e36c337SIdo Schimmel fib_rule4_connect 26*7e36c337SIdo Schimmel fib_rule6_vrf 27*7e36c337SIdo Schimmel fib_rule4_vrf 28*7e36c337SIdo Schimmel" 29c21a20d9SGuillaume Nault 30c21a20d9SGuillaume NaultSELFTEST_PATH="" 3165b2b493SRoopa Prabhu 3265b2b493SRoopa Prabhulog_test() 3365b2b493SRoopa Prabhu{ 3465b2b493SRoopa Prabhu local rc=$1 3565b2b493SRoopa Prabhu local expected=$2 3665b2b493SRoopa Prabhu local msg="$3" 3765b2b493SRoopa Prabhu 38*7e36c337SIdo Schimmel $IP rule show | grep -q l3mdev 39*7e36c337SIdo Schimmel if [ $? -eq 0 ]; then 40*7e36c337SIdo Schimmel msg="$msg (VRF)" 41*7e36c337SIdo Schimmel fi 42*7e36c337SIdo Schimmel 4365b2b493SRoopa Prabhu if [ ${rc} -eq ${expected} ]; then 4465b2b493SRoopa Prabhu nsuccess=$((nsuccess+1)) 45*7e36c337SIdo Schimmel printf "\n TEST: %-60s [ OK ]\n" "${msg}" 4665b2b493SRoopa Prabhu else 47f68d7c44SHangbin Liu ret=1 4865b2b493SRoopa Prabhu nfail=$((nfail+1)) 49*7e36c337SIdo Schimmel printf "\n TEST: %-60s [FAIL]\n" "${msg}" 5065b2b493SRoopa Prabhu if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 5165b2b493SRoopa Prabhu echo 5265b2b493SRoopa Prabhu echo "hit enter to continue, 'q' to quit" 5365b2b493SRoopa Prabhu read a 5465b2b493SRoopa Prabhu [ "$a" = "q" ] && exit 1 5565b2b493SRoopa Prabhu fi 5665b2b493SRoopa Prabhu fi 5765b2b493SRoopa Prabhu} 5865b2b493SRoopa Prabhu 5965b2b493SRoopa Prabhulog_section() 6065b2b493SRoopa Prabhu{ 6165b2b493SRoopa Prabhu echo 6265b2b493SRoopa Prabhu echo "######################################################################" 6365b2b493SRoopa Prabhu echo "TEST SECTION: $*" 6465b2b493SRoopa Prabhu echo "######################################################################" 6565b2b493SRoopa Prabhu} 6665b2b493SRoopa Prabhu 67c21a20d9SGuillaume Naultcheck_nettest() 68c21a20d9SGuillaume Nault{ 69c21a20d9SGuillaume Nault if which nettest > /dev/null 2>&1; then 70c21a20d9SGuillaume Nault return 0 71c21a20d9SGuillaume Nault fi 72c21a20d9SGuillaume Nault 73c21a20d9SGuillaume Nault # Add the selftest directory to PATH if not already done 74c21a20d9SGuillaume Nault if [ "${SELFTEST_PATH}" = "" ]; then 75c21a20d9SGuillaume Nault SELFTEST_PATH="$(dirname $0)" 76c21a20d9SGuillaume Nault PATH="${PATH}:${SELFTEST_PATH}" 77c21a20d9SGuillaume Nault 78c21a20d9SGuillaume Nault # Now retry with the new path 79c21a20d9SGuillaume Nault if which nettest > /dev/null 2>&1; then 80c21a20d9SGuillaume Nault return 0 81c21a20d9SGuillaume Nault fi 82c21a20d9SGuillaume Nault 83c21a20d9SGuillaume Nault if [ "${ret}" -eq 0 ]; then 84c21a20d9SGuillaume Nault ret="${ksft_skip}" 85c21a20d9SGuillaume Nault fi 86c21a20d9SGuillaume Nault echo "nettest not found (try 'make -C ${SELFTEST_PATH} nettest')" 87c21a20d9SGuillaume Nault fi 88c21a20d9SGuillaume Nault 89c21a20d9SGuillaume Nault return 1 90c21a20d9SGuillaume Nault} 91c21a20d9SGuillaume Nault 9265b2b493SRoopa Prabhusetup() 9365b2b493SRoopa Prabhu{ 9465b2b493SRoopa Prabhu set -e 956c0ee7b4SHangbin Liu setup_ns testns 966c0ee7b4SHangbin Liu IP="ip -netns $testns" 9765b2b493SRoopa Prabhu 9865b2b493SRoopa Prabhu $IP link add dummy0 type dummy 9965b2b493SRoopa Prabhu $IP link set dev dummy0 up 10034632975SHangbin Liu $IP address add $DEV_ADDR/24 dev dummy0 10134632975SHangbin Liu $IP -6 address add $DEV_ADDR6/64 dev dummy0 10265b2b493SRoopa Prabhu 10365b2b493SRoopa Prabhu set +e 10465b2b493SRoopa Prabhu} 10565b2b493SRoopa Prabhu 10665b2b493SRoopa Prabhucleanup() 10765b2b493SRoopa Prabhu{ 10865b2b493SRoopa Prabhu $IP link del dev dummy0 &> /dev/null 1096c0ee7b4SHangbin Liu cleanup_ns $testns 11065b2b493SRoopa Prabhu} 11165b2b493SRoopa Prabhu 112c21a20d9SGuillaume Naultsetup_peer() 113c21a20d9SGuillaume Nault{ 114c21a20d9SGuillaume Nault set -e 115c21a20d9SGuillaume Nault 1166c0ee7b4SHangbin Liu setup_ns peerns 1176c0ee7b4SHangbin Liu IP_PEER="ip -netns $peerns" 118c21a20d9SGuillaume Nault $IP_PEER link set dev lo up 119c21a20d9SGuillaume Nault 1206c0ee7b4SHangbin Liu ip link add name veth0 netns $testns type veth \ 1216c0ee7b4SHangbin Liu peer name veth1 netns $peerns 122c21a20d9SGuillaume Nault $IP link set dev veth0 up 123c21a20d9SGuillaume Nault $IP_PEER link set dev veth1 up 124c21a20d9SGuillaume Nault 125c21a20d9SGuillaume Nault $IP address add 192.0.2.10 peer 192.0.2.11/32 dev veth0 126c21a20d9SGuillaume Nault $IP_PEER address add 192.0.2.11 peer 192.0.2.10/32 dev veth1 127c21a20d9SGuillaume Nault 128c21a20d9SGuillaume Nault $IP address add 2001:db8::10 peer 2001:db8::11/128 dev veth0 nodad 129c21a20d9SGuillaume Nault $IP_PEER address add 2001:db8::11 peer 2001:db8::10/128 dev veth1 nodad 130c21a20d9SGuillaume Nault 131c21a20d9SGuillaume Nault $IP_PEER address add 198.51.100.11/32 dev lo 132c21a20d9SGuillaume Nault $IP route add table $RTABLE_PEER 198.51.100.11/32 via 192.0.2.11 133c21a20d9SGuillaume Nault 134c21a20d9SGuillaume Nault $IP_PEER address add 2001:db8::1:11/128 dev lo 135c21a20d9SGuillaume Nault $IP route add table $RTABLE_PEER 2001:db8::1:11/128 via 2001:db8::11 136c21a20d9SGuillaume Nault 137c21a20d9SGuillaume Nault set +e 138c21a20d9SGuillaume Nault} 139c21a20d9SGuillaume Nault 140c21a20d9SGuillaume Naultcleanup_peer() 141c21a20d9SGuillaume Nault{ 142c21a20d9SGuillaume Nault $IP link del dev veth0 1436c0ee7b4SHangbin Liu ip netns del $peerns 144c21a20d9SGuillaume Nault} 145c21a20d9SGuillaume Nault 146*7e36c337SIdo Schimmelsetup_vrf() 147*7e36c337SIdo Schimmel{ 148*7e36c337SIdo Schimmel $IP link add name vrf0 up type vrf table $RTABLE_VRF 149*7e36c337SIdo Schimmel $IP link set dev $DEV master vrf0 150*7e36c337SIdo Schimmel} 151*7e36c337SIdo Schimmel 152*7e36c337SIdo Schimmelcleanup_vrf() 153*7e36c337SIdo Schimmel{ 154*7e36c337SIdo Schimmel $IP link del dev vrf0 155*7e36c337SIdo Schimmel} 156*7e36c337SIdo Schimmel 15765b2b493SRoopa Prabhufib_check_iproute_support() 15865b2b493SRoopa Prabhu{ 15965b2b493SRoopa Prabhu ip rule help 2>&1 | grep -q $1 16065b2b493SRoopa Prabhu if [ $? -ne 0 ]; then 16165b2b493SRoopa Prabhu echo "SKIP: iproute2 iprule too old, missing $1 match" 16265b2b493SRoopa Prabhu return 1 16365b2b493SRoopa Prabhu fi 16465b2b493SRoopa Prabhu 16565b2b493SRoopa Prabhu ip route get help 2>&1 | grep -q $2 16665b2b493SRoopa Prabhu if [ $? -ne 0 ]; then 16765b2b493SRoopa Prabhu echo "SKIP: iproute2 get route too old, missing $2 match" 16865b2b493SRoopa Prabhu return 1 16965b2b493SRoopa Prabhu fi 17065b2b493SRoopa Prabhu 17165b2b493SRoopa Prabhu return 0 17265b2b493SRoopa Prabhu} 17365b2b493SRoopa Prabhu 17465b2b493SRoopa Prabhufib_rule6_del() 17565b2b493SRoopa Prabhu{ 17665b2b493SRoopa Prabhu $IP -6 rule del $1 17765b2b493SRoopa Prabhu log_test $? 0 "rule6 del $1" 17865b2b493SRoopa Prabhu} 17965b2b493SRoopa Prabhu 18065b2b493SRoopa Prabhufib_rule6_del_by_pref() 18165b2b493SRoopa Prabhu{ 1822e252113SGuillaume Nault pref=$($IP -6 rule show $1 table $RTABLE | cut -d ":" -f 1) 18365b2b493SRoopa Prabhu $IP -6 rule del pref $pref 18465b2b493SRoopa Prabhu} 18565b2b493SRoopa Prabhu 18665b2b493SRoopa Prabhufib_rule6_test_match_n_redirect() 18765b2b493SRoopa Prabhu{ 18865b2b493SRoopa Prabhu local match="$1" 18965b2b493SRoopa Prabhu local getmatch="$2" 19021f25cd4SGuillaume Nault local description="$3" 19165b2b493SRoopa Prabhu 19265b2b493SRoopa Prabhu $IP -6 rule add $match table $RTABLE 19365b2b493SRoopa Prabhu $IP -6 route get $GW_IP6 $getmatch | grep -q "table $RTABLE" 19421f25cd4SGuillaume Nault log_test $? 0 "rule6 check: $description" 19565b2b493SRoopa Prabhu 19665b2b493SRoopa Prabhu fib_rule6_del_by_pref "$match" 19721f25cd4SGuillaume Nault log_test $? 0 "rule6 del by pref: $description" 19865b2b493SRoopa Prabhu} 19965b2b493SRoopa Prabhu 200a410a0cfSGuillaume Naultfib_rule6_test_reject() 201a410a0cfSGuillaume Nault{ 202a410a0cfSGuillaume Nault local match="$1" 203a410a0cfSGuillaume Nault local rc 204a410a0cfSGuillaume Nault 205a410a0cfSGuillaume Nault $IP -6 rule add $match table $RTABLE 2>/dev/null 206a410a0cfSGuillaume Nault rc=$? 207a410a0cfSGuillaume Nault log_test $rc 2 "rule6 check: $match" 208a410a0cfSGuillaume Nault 209a410a0cfSGuillaume Nault if [ $rc -eq 0 ]; then 210a410a0cfSGuillaume Nault $IP -6 rule del $match table $RTABLE 211a410a0cfSGuillaume Nault fi 212a410a0cfSGuillaume Nault} 213a410a0cfSGuillaume Nault 21465b2b493SRoopa Prabhufib_rule6_test() 21565b2b493SRoopa Prabhu{ 2168af2ba9aSGuillaume Nault local getmatch 2178af2ba9aSGuillaume Nault local match 218a410a0cfSGuillaume Nault local cnt 2198af2ba9aSGuillaume Nault 22065b2b493SRoopa Prabhu # setup the fib rule redirect route 22165b2b493SRoopa Prabhu $IP -6 route add table $RTABLE default via $GW_IP6 dev $DEV onlink 22265b2b493SRoopa Prabhu 22365b2b493SRoopa Prabhu match="oif $DEV" 22465b2b493SRoopa Prabhu fib_rule6_test_match_n_redirect "$match" "$match" "oif redirect to table" 22565b2b493SRoopa Prabhu 22665b2b493SRoopa Prabhu match="from $SRC_IP6 iif $DEV" 22765b2b493SRoopa Prabhu fib_rule6_test_match_n_redirect "$match" "$match" "iif redirect to table" 22865b2b493SRoopa Prabhu 229a410a0cfSGuillaume Nault # Reject dsfield (tos) options which have ECN bits set 230a410a0cfSGuillaume Nault for cnt in $(seq 1 3); do 231a410a0cfSGuillaume Nault match="dsfield $cnt" 232a410a0cfSGuillaume Nault fib_rule6_test_reject "$match" 233a410a0cfSGuillaume Nault done 234a410a0cfSGuillaume Nault 235a410a0cfSGuillaume Nault # Don't take ECN bits into account when matching on dsfield 23665b2b493SRoopa Prabhu match="tos 0x10" 237a410a0cfSGuillaume Nault for cnt in "0x10" "0x11" "0x12" "0x13"; do 238a410a0cfSGuillaume Nault # Using option 'tos' instead of 'dsfield' as old iproute2 239a410a0cfSGuillaume Nault # versions don't support 'dsfield' in ip rule show. 240a410a0cfSGuillaume Nault getmatch="tos $cnt" 241a410a0cfSGuillaume Nault fib_rule6_test_match_n_redirect "$match" "$getmatch" \ 242a410a0cfSGuillaume Nault "$getmatch redirect to table" 243a410a0cfSGuillaume Nault done 24465b2b493SRoopa Prabhu 24565b2b493SRoopa Prabhu match="fwmark 0x64" 24665b2b493SRoopa Prabhu getmatch="mark 0x64" 24765b2b493SRoopa Prabhu fib_rule6_test_match_n_redirect "$match" "$getmatch" "fwmark redirect to table" 24865b2b493SRoopa Prabhu 24965b2b493SRoopa Prabhu fib_check_iproute_support "uidrange" "uid" 25065b2b493SRoopa Prabhu if [ $? -eq 0 ]; then 25165b2b493SRoopa Prabhu match="uidrange 100-100" 25265b2b493SRoopa Prabhu getmatch="uid 100" 25365b2b493SRoopa Prabhu fib_rule6_test_match_n_redirect "$match" "$getmatch" "uid redirect to table" 25465b2b493SRoopa Prabhu fi 25565b2b493SRoopa Prabhu 25665b2b493SRoopa Prabhu fib_check_iproute_support "sport" "sport" 25765b2b493SRoopa Prabhu if [ $? -eq 0 ]; then 25865b2b493SRoopa Prabhu match="sport 666 dport 777" 25965b2b493SRoopa Prabhu fib_rule6_test_match_n_redirect "$match" "$match" "sport and dport redirect to table" 26065b2b493SRoopa Prabhu fi 26165b2b493SRoopa Prabhu 26265b2b493SRoopa Prabhu fib_check_iproute_support "ipproto" "ipproto" 26365b2b493SRoopa Prabhu if [ $? -eq 0 ]; then 26465b2b493SRoopa Prabhu match="ipproto tcp" 26565b2b493SRoopa Prabhu fib_rule6_test_match_n_redirect "$match" "$match" "ipproto match" 26665b2b493SRoopa Prabhu fi 26765b2b493SRoopa Prabhu 26865b2b493SRoopa Prabhu fib_check_iproute_support "ipproto" "ipproto" 26965b2b493SRoopa Prabhu if [ $? -eq 0 ]; then 27015d55baeSDavid Ahern match="ipproto ipv6-icmp" 27115d55baeSDavid Ahern fib_rule6_test_match_n_redirect "$match" "$match" "ipproto ipv6-icmp match" 27265b2b493SRoopa Prabhu fi 27365b2b493SRoopa Prabhu} 27465b2b493SRoopa Prabhu 275*7e36c337SIdo Schimmelfib_rule6_vrf_test() 276*7e36c337SIdo Schimmel{ 277*7e36c337SIdo Schimmel setup_vrf 278*7e36c337SIdo Schimmel fib_rule6_test 279*7e36c337SIdo Schimmel cleanup_vrf 280*7e36c337SIdo Schimmel} 281*7e36c337SIdo Schimmel 282c21a20d9SGuillaume Nault# Verify that the IPV6_TCLASS option of UDPv6 and TCPv6 sockets is properly 283c21a20d9SGuillaume Nault# taken into account when connecting the socket and when sending packets. 284c21a20d9SGuillaume Naultfib_rule6_connect_test() 285c21a20d9SGuillaume Nault{ 286c21a20d9SGuillaume Nault local dsfield 287c21a20d9SGuillaume Nault 288c21a20d9SGuillaume Nault if ! check_nettest; then 289c21a20d9SGuillaume Nault echo "SKIP: Could not run test without nettest tool" 290c21a20d9SGuillaume Nault return 291c21a20d9SGuillaume Nault fi 292c21a20d9SGuillaume Nault 293c21a20d9SGuillaume Nault setup_peer 294c21a20d9SGuillaume Nault $IP -6 rule add dsfield 0x04 table $RTABLE_PEER 295c21a20d9SGuillaume Nault 296c21a20d9SGuillaume Nault # Combine the base DS Field value (0x04) with all possible ECN values 297c21a20d9SGuillaume Nault # (Not-ECT: 0, ECT(1): 1, ECT(0): 2, CE: 3). 298c21a20d9SGuillaume Nault # The ECN bits shouldn't influence the result of the test. 299c21a20d9SGuillaume Nault for dsfield in 0x04 0x05 0x06 0x07; do 3006c0ee7b4SHangbin Liu nettest -q -6 -B -t 5 -N $testns -O $peerns -U -D \ 301c21a20d9SGuillaume Nault -Q "${dsfield}" -l 2001:db8::1:11 -r 2001:db8::1:11 302c21a20d9SGuillaume Nault log_test $? 0 "rule6 dsfield udp connect (dsfield ${dsfield})" 303c21a20d9SGuillaume Nault 3046c0ee7b4SHangbin Liu nettest -q -6 -B -t 5 -N $testns -O $peerns -Q "${dsfield}" \ 305c21a20d9SGuillaume Nault -l 2001:db8::1:11 -r 2001:db8::1:11 306c21a20d9SGuillaume Nault log_test $? 0 "rule6 dsfield tcp connect (dsfield ${dsfield})" 307c21a20d9SGuillaume Nault done 308c21a20d9SGuillaume Nault 309c21a20d9SGuillaume Nault $IP -6 rule del dsfield 0x04 table $RTABLE_PEER 310c21a20d9SGuillaume Nault cleanup_peer 311c21a20d9SGuillaume Nault} 312c21a20d9SGuillaume Nault 31365b2b493SRoopa Prabhufib_rule4_del() 31465b2b493SRoopa Prabhu{ 31565b2b493SRoopa Prabhu $IP rule del $1 31665b2b493SRoopa Prabhu log_test $? 0 "del $1" 31765b2b493SRoopa Prabhu} 31865b2b493SRoopa Prabhu 31965b2b493SRoopa Prabhufib_rule4_del_by_pref() 32065b2b493SRoopa Prabhu{ 3212e252113SGuillaume Nault pref=$($IP rule show $1 table $RTABLE | cut -d ":" -f 1) 32265b2b493SRoopa Prabhu $IP rule del pref $pref 32365b2b493SRoopa Prabhu} 32465b2b493SRoopa Prabhu 32565b2b493SRoopa Prabhufib_rule4_test_match_n_redirect() 32665b2b493SRoopa Prabhu{ 32765b2b493SRoopa Prabhu local match="$1" 32865b2b493SRoopa Prabhu local getmatch="$2" 32921f25cd4SGuillaume Nault local description="$3" 33065b2b493SRoopa Prabhu 33165b2b493SRoopa Prabhu $IP rule add $match table $RTABLE 33265b2b493SRoopa Prabhu $IP route get $GW_IP4 $getmatch | grep -q "table $RTABLE" 33321f25cd4SGuillaume Nault log_test $? 0 "rule4 check: $description" 33465b2b493SRoopa Prabhu 33565b2b493SRoopa Prabhu fib_rule4_del_by_pref "$match" 33621f25cd4SGuillaume Nault log_test $? 0 "rule4 del by pref: $description" 33765b2b493SRoopa Prabhu} 33865b2b493SRoopa Prabhu 339563f8e97SGuillaume Naultfib_rule4_test_reject() 340563f8e97SGuillaume Nault{ 341563f8e97SGuillaume Nault local match="$1" 342563f8e97SGuillaume Nault local rc 343563f8e97SGuillaume Nault 344563f8e97SGuillaume Nault $IP rule add $match table $RTABLE 2>/dev/null 345563f8e97SGuillaume Nault rc=$? 346563f8e97SGuillaume Nault log_test $rc 2 "rule4 check: $match" 347563f8e97SGuillaume Nault 348563f8e97SGuillaume Nault if [ $rc -eq 0 ]; then 349563f8e97SGuillaume Nault $IP rule del $match table $RTABLE 350563f8e97SGuillaume Nault fi 351563f8e97SGuillaume Nault} 352563f8e97SGuillaume Nault 35365b2b493SRoopa Prabhufib_rule4_test() 35465b2b493SRoopa Prabhu{ 3558af2ba9aSGuillaume Nault local getmatch 3568af2ba9aSGuillaume Nault local match 357563f8e97SGuillaume Nault local cnt 3588af2ba9aSGuillaume Nault 35965b2b493SRoopa Prabhu # setup the fib rule redirect route 36065b2b493SRoopa Prabhu $IP route add table $RTABLE default via $GW_IP4 dev $DEV onlink 36165b2b493SRoopa Prabhu 36265b2b493SRoopa Prabhu match="oif $DEV" 36365b2b493SRoopa Prabhu fib_rule4_test_match_n_redirect "$match" "$match" "oif redirect to table" 36465b2b493SRoopa Prabhu 365d1abf388SHangbin Liu # need enable forwarding and disable rp_filter temporarily as all the 366d1abf388SHangbin Liu # addresses are in the same subnet and egress device == ingress device. 3676c0ee7b4SHangbin Liu ip netns exec $testns sysctl -qw net.ipv4.ip_forward=1 3686c0ee7b4SHangbin Liu ip netns exec $testns sysctl -qw net.ipv4.conf.$DEV.rp_filter=0 36965b2b493SRoopa Prabhu match="from $SRC_IP iif $DEV" 37065b2b493SRoopa Prabhu fib_rule4_test_match_n_redirect "$match" "$match" "iif redirect to table" 3716c0ee7b4SHangbin Liu ip netns exec $testns sysctl -qw net.ipv4.ip_forward=0 37265b2b493SRoopa Prabhu 373563f8e97SGuillaume Nault # Reject dsfield (tos) options which have ECN bits set 374563f8e97SGuillaume Nault for cnt in $(seq 1 3); do 375563f8e97SGuillaume Nault match="dsfield $cnt" 376563f8e97SGuillaume Nault fib_rule4_test_reject "$match" 377563f8e97SGuillaume Nault done 378563f8e97SGuillaume Nault 379563f8e97SGuillaume Nault # Don't take ECN bits into account when matching on dsfield 38065b2b493SRoopa Prabhu match="tos 0x10" 381563f8e97SGuillaume Nault for cnt in "0x10" "0x11" "0x12" "0x13"; do 382563f8e97SGuillaume Nault # Using option 'tos' instead of 'dsfield' as old iproute2 383563f8e97SGuillaume Nault # versions don't support 'dsfield' in ip rule show. 384563f8e97SGuillaume Nault getmatch="tos $cnt" 385563f8e97SGuillaume Nault fib_rule4_test_match_n_redirect "$match" "$getmatch" \ 386563f8e97SGuillaume Nault "$getmatch redirect to table" 387563f8e97SGuillaume Nault done 38865b2b493SRoopa Prabhu 38965b2b493SRoopa Prabhu match="fwmark 0x64" 39065b2b493SRoopa Prabhu getmatch="mark 0x64" 39165b2b493SRoopa Prabhu fib_rule4_test_match_n_redirect "$match" "$getmatch" "fwmark redirect to table" 39265b2b493SRoopa Prabhu 39365b2b493SRoopa Prabhu fib_check_iproute_support "uidrange" "uid" 39465b2b493SRoopa Prabhu if [ $? -eq 0 ]; then 39565b2b493SRoopa Prabhu match="uidrange 100-100" 39665b2b493SRoopa Prabhu getmatch="uid 100" 39765b2b493SRoopa Prabhu fib_rule4_test_match_n_redirect "$match" "$getmatch" "uid redirect to table" 39865b2b493SRoopa Prabhu fi 39965b2b493SRoopa Prabhu 40065b2b493SRoopa Prabhu fib_check_iproute_support "sport" "sport" 40165b2b493SRoopa Prabhu if [ $? -eq 0 ]; then 40265b2b493SRoopa Prabhu match="sport 666 dport 777" 40365b2b493SRoopa Prabhu fib_rule4_test_match_n_redirect "$match" "$match" "sport and dport redirect to table" 40465b2b493SRoopa Prabhu fi 40565b2b493SRoopa Prabhu 40665b2b493SRoopa Prabhu fib_check_iproute_support "ipproto" "ipproto" 40765b2b493SRoopa Prabhu if [ $? -eq 0 ]; then 40865b2b493SRoopa Prabhu match="ipproto tcp" 40965b2b493SRoopa Prabhu fib_rule4_test_match_n_redirect "$match" "$match" "ipproto tcp match" 41065b2b493SRoopa Prabhu fi 41165b2b493SRoopa Prabhu 41265b2b493SRoopa Prabhu fib_check_iproute_support "ipproto" "ipproto" 41365b2b493SRoopa Prabhu if [ $? -eq 0 ]; then 41465b2b493SRoopa Prabhu match="ipproto icmp" 41565b2b493SRoopa Prabhu fib_rule4_test_match_n_redirect "$match" "$match" "ipproto icmp match" 41665b2b493SRoopa Prabhu fi 41765b2b493SRoopa Prabhu} 41865b2b493SRoopa Prabhu 419*7e36c337SIdo Schimmelfib_rule4_vrf_test() 420*7e36c337SIdo Schimmel{ 421*7e36c337SIdo Schimmel setup_vrf 422*7e36c337SIdo Schimmel fib_rule4_test 423*7e36c337SIdo Schimmel cleanup_vrf 424*7e36c337SIdo Schimmel} 425*7e36c337SIdo Schimmel 426c21a20d9SGuillaume Nault# Verify that the IP_TOS option of UDPv4 and TCPv4 sockets is properly taken 427c21a20d9SGuillaume Nault# into account when connecting the socket and when sending packets. 428c21a20d9SGuillaume Naultfib_rule4_connect_test() 429c21a20d9SGuillaume Nault{ 430c21a20d9SGuillaume Nault local dsfield 431c21a20d9SGuillaume Nault 432c21a20d9SGuillaume Nault if ! check_nettest; then 433c21a20d9SGuillaume Nault echo "SKIP: Could not run test without nettest tool" 434c21a20d9SGuillaume Nault return 435c21a20d9SGuillaume Nault fi 436c21a20d9SGuillaume Nault 437c21a20d9SGuillaume Nault setup_peer 438c21a20d9SGuillaume Nault $IP -4 rule add dsfield 0x04 table $RTABLE_PEER 439c21a20d9SGuillaume Nault 440c21a20d9SGuillaume Nault # Combine the base DS Field value (0x04) with all possible ECN values 441c21a20d9SGuillaume Nault # (Not-ECT: 0, ECT(1): 1, ECT(0): 2, CE: 3). 442c21a20d9SGuillaume Nault # The ECN bits shouldn't influence the result of the test. 443c21a20d9SGuillaume Nault for dsfield in 0x04 0x05 0x06 0x07; do 4446c0ee7b4SHangbin Liu nettest -q -B -t 5 -N $testns -O $peerns -D -U -Q "${dsfield}" \ 445c21a20d9SGuillaume Nault -l 198.51.100.11 -r 198.51.100.11 446c21a20d9SGuillaume Nault log_test $? 0 "rule4 dsfield udp connect (dsfield ${dsfield})" 447c21a20d9SGuillaume Nault 4486c0ee7b4SHangbin Liu nettest -q -B -t 5 -N $testns -O $peerns -Q "${dsfield}" \ 449c21a20d9SGuillaume Nault -l 198.51.100.11 -r 198.51.100.11 450c21a20d9SGuillaume Nault log_test $? 0 "rule4 dsfield tcp connect (dsfield ${dsfield})" 451c21a20d9SGuillaume Nault done 452c21a20d9SGuillaume Nault 453c21a20d9SGuillaume Nault $IP -4 rule del dsfield 0x04 table $RTABLE_PEER 454c21a20d9SGuillaume Nault cleanup_peer 455c21a20d9SGuillaume Nault} 456c21a20d9SGuillaume Nault 45765b2b493SRoopa Prabhurun_fibrule_tests() 45865b2b493SRoopa Prabhu{ 45965b2b493SRoopa Prabhu log_section "IPv4 fib rule" 46065b2b493SRoopa Prabhu fib_rule4_test 46165b2b493SRoopa Prabhu log_section "IPv6 fib rule" 46265b2b493SRoopa Prabhu fib_rule6_test 46365b2b493SRoopa Prabhu} 4649c154ab4SAlaa Mohamed################################################################################ 4659c154ab4SAlaa Mohamed# usage 4669c154ab4SAlaa Mohamed 4679c154ab4SAlaa Mohamedusage() 4689c154ab4SAlaa Mohamed{ 4699c154ab4SAlaa Mohamed cat <<EOF 4709c154ab4SAlaa Mohamedusage: ${0##*/} OPTS 4719c154ab4SAlaa Mohamed 4729c154ab4SAlaa Mohamed -t <test> Test(s) to run (default: all) 4739c154ab4SAlaa Mohamed (options: $TESTS) 4749c154ab4SAlaa MohamedEOF 4759c154ab4SAlaa Mohamed} 4769c154ab4SAlaa Mohamed 4779c154ab4SAlaa Mohamed################################################################################ 4789c154ab4SAlaa Mohamed# main 4799c154ab4SAlaa Mohamed 4809c154ab4SAlaa Mohamedwhile getopts ":t:h" opt; do 4819c154ab4SAlaa Mohamed case $opt in 4829c154ab4SAlaa Mohamed t) TESTS=$OPTARG;; 4839c154ab4SAlaa Mohamed h) usage; exit 0;; 4849c154ab4SAlaa Mohamed *) usage; exit 1;; 4859c154ab4SAlaa Mohamed esac 4869c154ab4SAlaa Mohameddone 48765b2b493SRoopa Prabhu 48865b2b493SRoopa Prabhuif [ "$(id -u)" -ne 0 ];then 48965b2b493SRoopa Prabhu echo "SKIP: Need root privileges" 4907844ec21SPo-Hsu Lin exit $ksft_skip 49165b2b493SRoopa Prabhufi 49265b2b493SRoopa Prabhu 49365b2b493SRoopa Prabhuif [ ! -x "$(command -v ip)" ]; then 49465b2b493SRoopa Prabhu echo "SKIP: Could not run test without ip tool" 4957844ec21SPo-Hsu Lin exit $ksft_skip 49665b2b493SRoopa Prabhufi 49765b2b493SRoopa Prabhu 49865b2b493SRoopa Prabhu# start clean 49965b2b493SRoopa Prabhucleanup &> /dev/null 50065b2b493SRoopa Prabhusetup 501816cda9aSAlaa Mohamedfor t in $TESTS 502816cda9aSAlaa Mohameddo 503816cda9aSAlaa Mohamed case $t in 504816cda9aSAlaa Mohamed fib_rule6_test|fib_rule6) fib_rule6_test;; 505816cda9aSAlaa Mohamed fib_rule4_test|fib_rule4) fib_rule4_test;; 506c21a20d9SGuillaume Nault fib_rule6_connect_test|fib_rule6_connect) fib_rule6_connect_test;; 507c21a20d9SGuillaume Nault fib_rule4_connect_test|fib_rule4_connect) fib_rule4_connect_test;; 508*7e36c337SIdo Schimmel fib_rule6_vrf_test|fib_rule6_vrf) fib_rule6_vrf_test;; 509*7e36c337SIdo Schimmel fib_rule4_vrf_test|fib_rule4_vrf) fib_rule4_vrf_test;; 510816cda9aSAlaa Mohamed 511816cda9aSAlaa Mohamed help) echo "Test names: $TESTS"; exit 0;; 512816cda9aSAlaa Mohamed 513816cda9aSAlaa Mohamed esac 514816cda9aSAlaa Mohameddone 51565b2b493SRoopa Prabhucleanup 51665b2b493SRoopa Prabhu 517f68d7c44SHangbin Liuif [ "$TESTS" != "none" ]; then 518f68d7c44SHangbin Liu printf "\nTests passed: %3d\n" ${nsuccess} 519f68d7c44SHangbin Liu printf "Tests failed: %3d\n" ${nfail} 520f68d7c44SHangbin Liufi 521f68d7c44SHangbin Liu 52265b2b493SRoopa Prabhuexit $ret 523