File: arp_ndisc_untracked_subnets.sh

package info (click to toggle)
linux 6.1.8-1
links: PTS, VCS
area: main
in suites: bookworm
size: 1,488,076 kB
sloc: ansic: 23,401,844; asm: 266,744; sh: 108,976; makefile: 49,705; python: 36,927; perl: 36,810; cpp: 6,044; yacc: 4,904; lex: 2,722; awk: 1,440; ruby: 25; sed: 5
file content (308 lines) | stat: -rwxr-xr-x 7,551 bytes
parent folder | download | duplicates (3)
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# 2 namespaces: one host and one router. Use arping from the host to send a
# garp to the router. Router accepts or ignores based on its arp_accept
# or accept_untracked_na configuration.

TESTS="arp ndisc"

ROUTER_NS="ns-router"
ROUTER_NS_V6="ns-router-v6"
ROUTER_INTF="veth-router"
ROUTER_ADDR="10.0.10.1"
ROUTER_ADDR_V6="2001:db8:abcd:0012::1"

HOST_NS="ns-host"
HOST_NS_V6="ns-host-v6"
HOST_INTF="veth-host"
HOST_ADDR="10.0.10.2"
HOST_ADDR_V6="2001:db8:abcd:0012::2"

SUBNET_WIDTH=24
PREFIX_WIDTH_V6=64

cleanup() {
	ip netns del ${HOST_NS}
	ip netns del ${ROUTER_NS}
}

cleanup_v6() {
	ip netns del ${HOST_NS_V6}
	ip netns del ${ROUTER_NS_V6}
}

setup() {
	set -e
	local arp_accept=$1

	# Set up two namespaces
	ip netns add ${ROUTER_NS}
	ip netns add ${HOST_NS}

	# Set up interfaces veth0 and veth1, which are pairs in separate
	# namespaces. veth0 is veth-router, veth1 is veth-host.
	# first, set up the inteface's link to the namespace
	# then, set the interface "up"
	ip netns exec ${ROUTER_NS} ip link add name ${ROUTER_INTF} \
		type veth peer name ${HOST_INTF}

	ip netns exec ${ROUTER_NS} ip link set dev ${ROUTER_INTF} up
	ip netns exec ${ROUTER_NS} ip link set dev ${HOST_INTF} netns ${HOST_NS}

	ip netns exec ${HOST_NS} ip link set dev ${HOST_INTF} up
	ip netns exec ${ROUTER_NS} ip addr add ${ROUTER_ADDR}/${SUBNET_WIDTH} \
		dev ${ROUTER_INTF}

	ip netns exec ${HOST_NS} ip addr add ${HOST_ADDR}/${SUBNET_WIDTH} \
		dev ${HOST_INTF}
	ip netns exec ${HOST_NS} ip route add default via ${HOST_ADDR} \
		dev ${HOST_INTF}
	ip netns exec ${ROUTER_NS} ip route add default via ${ROUTER_ADDR} \
		dev ${ROUTER_INTF}

	ROUTER_CONF=net.ipv4.conf.${ROUTER_INTF}
	ip netns exec ${ROUTER_NS} sysctl -w \
		${ROUTER_CONF}.arp_accept=${arp_accept} >/dev/null 2>&1
	set +e
}

setup_v6() {
	set -e
	local accept_untracked_na=$1

	# Set up two namespaces
	ip netns add ${ROUTER_NS_V6}
	ip netns add ${HOST_NS_V6}

	# Set up interfaces veth0 and veth1, which are pairs in separate
	# namespaces. veth0 is veth-router, veth1 is veth-host.
	# first, set up the inteface's link to the namespace
	# then, set the interface "up"
	ip -6 -netns ${ROUTER_NS_V6} link add name ${ROUTER_INTF} \
		type veth peer name ${HOST_INTF}

	ip -6 -netns ${ROUTER_NS_V6} link set dev ${ROUTER_INTF} up
	ip -6 -netns ${ROUTER_NS_V6} link set dev ${HOST_INTF} netns \
		${HOST_NS_V6}

	ip -6 -netns ${HOST_NS_V6} link set dev ${HOST_INTF} up
	ip -6 -netns ${ROUTER_NS_V6} addr add \
		${ROUTER_ADDR_V6}/${PREFIX_WIDTH_V6} dev ${ROUTER_INTF} nodad

	HOST_CONF=net.ipv6.conf.${HOST_INTF}
	ip netns exec ${HOST_NS_V6} sysctl -qw ${HOST_CONF}.ndisc_notify=1
	ip netns exec ${HOST_NS_V6} sysctl -qw ${HOST_CONF}.disable_ipv6=0
	ip -6 -netns ${HOST_NS_V6} addr add ${HOST_ADDR_V6}/${PREFIX_WIDTH_V6} \
		dev ${HOST_INTF}

	ROUTER_CONF=net.ipv6.conf.${ROUTER_INTF}

	ip netns exec ${ROUTER_NS_V6} sysctl -w \
		${ROUTER_CONF}.forwarding=1 >/dev/null 2>&1
	ip netns exec ${ROUTER_NS_V6} sysctl -w \
		${ROUTER_CONF}.drop_unsolicited_na=0 >/dev/null 2>&1
	ip netns exec ${ROUTER_NS_V6} sysctl -w \
		${ROUTER_CONF}.accept_untracked_na=${accept_untracked_na} \
		>/dev/null 2>&1
	set +e
}

verify_arp() {
	local arp_accept=$1
	local same_subnet=$2

	neigh_show_output=$(ip netns exec ${ROUTER_NS} ip neigh get \
		${HOST_ADDR} dev ${ROUTER_INTF} 2>/dev/null)

	if [ ${arp_accept} -eq 1 ]; then
		# Neighbor entries expected
		[[ ${neigh_show_output} ]]
	elif [ ${arp_accept} -eq 2 ]; then
		if [ ${same_subnet} -eq 1 ]; then
			# Neighbor entries expected
			[[ ${neigh_show_output} ]]
		else
			[[ -z "${neigh_show_output}" ]]
		fi
	else
		[[ -z "${neigh_show_output}" ]]
	fi
 }

arp_test_gratuitous() {
	set -e
	local arp_accept=$1
	local same_subnet=$2

	if [ ${arp_accept} -eq 2 ]; then
		test_msg=("test_arp: "
			  "accept_arp=$1 "
			  "same_subnet=$2")
		if [ ${same_subnet} -eq 0 ]; then
			HOST_ADDR=10.0.11.3
		else
			HOST_ADDR=10.0.10.3
		fi
	else
		test_msg=("test_arp: "
			  "accept_arp=$1")
	fi
	# Supply arp_accept option to set up which sets it in sysctl
	setup ${arp_accept}
	ip netns exec ${HOST_NS} arping -A -U ${HOST_ADDR} -c1 2>&1 >/dev/null

	if verify_arp $1 $2; then
		printf "    TEST: %-60s  [ OK ]\n" "${test_msg[*]}"
	else
		printf "    TEST: %-60s  [FAIL]\n" "${test_msg[*]}"
	fi
	cleanup
	set +e
}

arp_test_gratuitous_combinations() {
	arp_test_gratuitous 0
	arp_test_gratuitous 1
	arp_test_gratuitous 2 0 # Second entry indicates subnet or not
	arp_test_gratuitous 2 1
}

cleanup_tcpdump() {
	set -e
	[[ ! -z  ${tcpdump_stdout} ]] && rm -f ${tcpdump_stdout}
	[[ ! -z  ${tcpdump_stderr} ]] && rm -f ${tcpdump_stderr}
	tcpdump_stdout=
	tcpdump_stderr=
	set +e
}

start_tcpdump() {
	set -e
	tcpdump_stdout=`mktemp`
	tcpdump_stderr=`mktemp`
	ip netns exec ${ROUTER_NS_V6} timeout 15s \
		tcpdump --immediate-mode -tpni ${ROUTER_INTF} -c 1 \
		"icmp6 && icmp6[0] == 136 && src ${HOST_ADDR_V6}" \
		> ${tcpdump_stdout} 2> /dev/null
	set +e
}

verify_ndisc() {
	local accept_untracked_na=$1
	local same_subnet=$2

	neigh_show_output=$(ip -6 -netns ${ROUTER_NS_V6} neigh show \
		to ${HOST_ADDR_V6} dev ${ROUTER_INTF} nud stale)

	if [ ${accept_untracked_na} -eq 1 ]; then
		# Neighbour entry expected to be present
		[[ ${neigh_show_output} ]]
	elif [ ${accept_untracked_na} -eq 2 ]; then
		if [ ${same_subnet} -eq 1 ]; then
			[[ ${neigh_show_output} ]]
		else
			[[ -z "${neigh_show_output}" ]]
		fi
	else
		# Neighbour entry expected to be absent for all other cases
		[[ -z "${neigh_show_output}" ]]
	fi
}

ndisc_test_untracked_advertisements() {
	set -e
	test_msg=("test_ndisc: "
		  "accept_untracked_na=$1")

	local accept_untracked_na=$1
	local same_subnet=$2
	if [ ${accept_untracked_na} -eq 2 ]; then
		test_msg=("test_ndisc: "
			  "accept_untracked_na=$1 "
			  "same_subnet=$2")
		if [ ${same_subnet} -eq 0 ]; then
			# Not same subnet
			HOST_ADDR_V6=2000:db8:abcd:0013::4
		else
			HOST_ADDR_V6=2001:db8:abcd:0012::3
		fi
	fi
	setup_v6 $1 $2
	start_tcpdump

	if verify_ndisc $1 $2; then
		printf "    TEST: %-60s  [ OK ]\n" "${test_msg[*]}"
	else
		printf "    TEST: %-60s  [FAIL]\n" "${test_msg[*]}"
	fi

	cleanup_tcpdump
	cleanup_v6
	set +e
}

ndisc_test_untracked_combinations() {
	ndisc_test_untracked_advertisements 0
	ndisc_test_untracked_advertisements 1
	ndisc_test_untracked_advertisements 2 0
	ndisc_test_untracked_advertisements 2 1
}

################################################################################
# usage

usage()
{
	cat <<EOF
usage: ${0##*/} OPTS

	-t <test>       Test(s) to run (default: all)
			(options: $TESTS)
EOF
}

################################################################################
# main

while getopts ":t:h" opt; do
	case $opt in
		t) TESTS=$OPTARG;;
		h) usage; exit 0;;
		*) usage; exit 1;;
	esac
done

if [ "$(id -u)" -ne 0 ];then
	echo "SKIP: Need root privileges"
	exit $ksft_skip;
fi

if [ ! -x "$(command -v ip)" ]; then
	echo "SKIP: Could not run test without ip tool"
	exit $ksft_skip
fi

if [ ! -x "$(command -v tcpdump)" ]; then
	echo "SKIP: Could not run test without tcpdump tool"
	exit $ksft_skip
fi

if [ ! -x "$(command -v arping)" ]; then
	echo "SKIP: Could not run test without arping tool"
	exit $ksft_skip
fi

# start clean
cleanup &> /dev/null
cleanup_v6 &> /dev/null

for t in $TESTS
do
	case $t in
	arp_test_gratuitous_combinations|arp) arp_test_gratuitous_combinations;;
	ndisc_test_untracked_combinations|ndisc) \
		ndisc_test_untracked_combinations;;
	help) echo "Test names: $TESTS"; exit 0;;
esac
done