1*053f45beSAndroid Build Coastguard Worker#!/bin/bash 2*053f45beSAndroid Build Coastguard Worker# SPDX-License-Identifier: GPL-2.0 3*053f45beSAndroid Build Coastguard Worker 4*053f45beSAndroid Build Coastguard Worker# Test for checking ICMP response with dummy address instead of 0.0.0.0. 5*053f45beSAndroid Build Coastguard Worker# Sets up two namespaces like: 6*053f45beSAndroid Build Coastguard Worker# +----------------------+ +--------------------+ 7*053f45beSAndroid Build Coastguard Worker# | ns1 | v4-via-v6 routes: | ns2 | 8*053f45beSAndroid Build Coastguard Worker# | | ' | | 9*053f45beSAndroid Build Coastguard Worker# | +--------+ -> 172.16.1.0/24 -> +--------+ | 10*053f45beSAndroid Build Coastguard Worker# | | veth0 +--------------------------+ veth0 | | 11*053f45beSAndroid Build Coastguard Worker# | +--------+ <- 172.16.0.0/24 <- +--------+ | 12*053f45beSAndroid Build Coastguard Worker# | 172.16.0.1 | | 2001:db8:1::2/64 | 13*053f45beSAndroid Build Coastguard Worker# | 2001:db8:1::2/64 | | | 14*053f45beSAndroid Build Coastguard Worker# +----------------------+ +--------------------+ 15*053f45beSAndroid Build Coastguard Worker# 16*053f45beSAndroid Build Coastguard Worker# And then tries to ping 172.16.1.1 from ns1. This results in a "net 17*053f45beSAndroid Build Coastguard Worker# unreachable" message being sent from ns2, but there is no IPv4 address set in 18*053f45beSAndroid Build Coastguard Worker# that address space, so the kernel should substitute the dummy address 19*053f45beSAndroid Build Coastguard Worker# 192.0.0.8 defined in RFC7600. 20*053f45beSAndroid Build Coastguard Worker 21*053f45beSAndroid Build Coastguard WorkerNS1=ns1 22*053f45beSAndroid Build Coastguard WorkerNS2=ns2 23*053f45beSAndroid Build Coastguard WorkerH1_IP=172.16.0.1/32 24*053f45beSAndroid Build Coastguard WorkerH1_IP6=2001:db8:1::1 25*053f45beSAndroid Build Coastguard WorkerRT1=172.16.1.0/24 26*053f45beSAndroid Build Coastguard WorkerPINGADDR=172.16.1.1 27*053f45beSAndroid Build Coastguard WorkerRT2=172.16.0.0/24 28*053f45beSAndroid Build Coastguard WorkerH2_IP6=2001:db8:1::2 29*053f45beSAndroid Build Coastguard Worker 30*053f45beSAndroid Build Coastguard WorkerTMPFILE=$(mktemp) 31*053f45beSAndroid Build Coastguard Worker 32*053f45beSAndroid Build Coastguard Workercleanup() 33*053f45beSAndroid Build Coastguard Worker{ 34*053f45beSAndroid Build Coastguard Worker rm -f "$TMPFILE" 35*053f45beSAndroid Build Coastguard Worker ip netns del $NS1 36*053f45beSAndroid Build Coastguard Worker ip netns del $NS2 37*053f45beSAndroid Build Coastguard Worker} 38*053f45beSAndroid Build Coastguard Worker 39*053f45beSAndroid Build Coastguard Workertrap cleanup EXIT 40*053f45beSAndroid Build Coastguard Worker 41*053f45beSAndroid Build Coastguard Worker# Namespaces 42*053f45beSAndroid Build Coastguard Workerip netns add $NS1 43*053f45beSAndroid Build Coastguard Workerip netns add $NS2 44*053f45beSAndroid Build Coastguard Worker 45*053f45beSAndroid Build Coastguard Worker# Connectivity 46*053f45beSAndroid Build Coastguard Workerip -netns $NS1 link add veth0 type veth peer name veth0 netns $NS2 47*053f45beSAndroid Build Coastguard Workerip -netns $NS1 link set dev veth0 up 48*053f45beSAndroid Build Coastguard Workerip -netns $NS2 link set dev veth0 up 49*053f45beSAndroid Build Coastguard Workerip -netns $NS1 addr add $H1_IP dev veth0 50*053f45beSAndroid Build Coastguard Workerip -netns $NS1 addr add $H1_IP6/64 dev veth0 nodad 51*053f45beSAndroid Build Coastguard Workerip -netns $NS2 addr add $H2_IP6/64 dev veth0 nodad 52*053f45beSAndroid Build Coastguard Workerip -netns $NS1 route add $RT1 via inet6 $H2_IP6 53*053f45beSAndroid Build Coastguard Workerip -netns $NS2 route add $RT2 via inet6 $H1_IP6 54*053f45beSAndroid Build Coastguard Worker 55*053f45beSAndroid Build Coastguard Worker# Make sure ns2 will respond with ICMP unreachable 56*053f45beSAndroid Build Coastguard Workerip netns exec $NS2 sysctl -qw net.ipv4.icmp_ratelimit=0 net.ipv4.ip_forward=1 57*053f45beSAndroid Build Coastguard Worker 58*053f45beSAndroid Build Coastguard Worker# Run the test - a ping runs in the background, and we capture ICMP responses 59*053f45beSAndroid Build Coastguard Worker# with tcpdump; -c 1 means it should exit on the first ping, but add a timeout 60*053f45beSAndroid Build Coastguard Worker# in case something goes wrong 61*053f45beSAndroid Build Coastguard Workerip netns exec $NS1 ping -w 3 -i 0.5 $PINGADDR >/dev/null & 62*053f45beSAndroid Build Coastguard Workerip netns exec $NS1 timeout 10 tcpdump -tpni veth0 -c 1 'icmp and icmp[icmptype] != icmp-echo' > $TMPFILE 2>/dev/null 63*053f45beSAndroid Build Coastguard Worker 64*053f45beSAndroid Build Coastguard Worker# Parse response and check for dummy address 65*053f45beSAndroid Build Coastguard Worker# tcpdump output looks like: 66*053f45beSAndroid Build Coastguard Worker# IP 192.0.0.8 > 172.16.0.1: ICMP net 172.16.1.1 unreachable, length 92 67*053f45beSAndroid Build Coastguard WorkerRESP_IP=$(awk '{print $2}' < $TMPFILE) 68*053f45beSAndroid Build Coastguard Workerif [[ "$RESP_IP" != "192.0.0.8" ]]; then 69*053f45beSAndroid Build Coastguard Worker echo "FAIL - got ICMP response from $RESP_IP, should be 192.0.0.8" 70*053f45beSAndroid Build Coastguard Worker exit 1 71*053f45beSAndroid Build Coastguard Workerelse 72*053f45beSAndroid Build Coastguard Worker echo "OK" 73*053f45beSAndroid Build Coastguard Worker exit 0 74*053f45beSAndroid Build Coastguard Workerfi 75