xref: /aosp_15_r20/external/linux-kselftest/tools/testing/selftests/net/icmp.sh (revision 053f45be4e351dfd5e965df293cd45b779f579ee)
1*053f45beSAndroid Build Coastguard Worker#!/bin/bash
2*053f45beSAndroid Build Coastguard Worker# SPDX-License-Identifier: GPL-2.0
3*053f45beSAndroid Build Coastguard Worker
4*053f45beSAndroid Build Coastguard Worker# Test for checking ICMP response with dummy address instead of 0.0.0.0.
5*053f45beSAndroid Build Coastguard Worker# Sets up two namespaces like:
6*053f45beSAndroid Build Coastguard Worker# +----------------------+                          +--------------------+
7*053f45beSAndroid Build Coastguard Worker# | ns1                  |    v4-via-v6 routes:     | ns2                |
8*053f45beSAndroid Build Coastguard Worker# |                      |                  '       |                    |
9*053f45beSAndroid Build Coastguard Worker# |             +--------+   -> 172.16.1.0/24 ->    +--------+           |
10*053f45beSAndroid Build Coastguard Worker# |             | veth0  +--------------------------+  veth0 |           |
11*053f45beSAndroid Build Coastguard Worker# |             +--------+   <- 172.16.0.0/24 <-    +--------+           |
12*053f45beSAndroid Build Coastguard Worker# |           172.16.0.1 |                          | 2001:db8:1::2/64   |
13*053f45beSAndroid Build Coastguard Worker# |     2001:db8:1::2/64 |                          |                    |
14*053f45beSAndroid Build Coastguard Worker# +----------------------+                          +--------------------+
15*053f45beSAndroid Build Coastguard Worker#
16*053f45beSAndroid Build Coastguard Worker# And then tries to ping 172.16.1.1 from ns1. This results in a "net
17*053f45beSAndroid Build Coastguard Worker# unreachable" message being sent from ns2, but there is no IPv4 address set in
18*053f45beSAndroid Build Coastguard Worker# that address space, so the kernel should substitute the dummy address
19*053f45beSAndroid Build Coastguard Worker# 192.0.0.8 defined in RFC7600.
20*053f45beSAndroid Build Coastguard Worker
21*053f45beSAndroid Build Coastguard WorkerNS1=ns1
22*053f45beSAndroid Build Coastguard WorkerNS2=ns2
23*053f45beSAndroid Build Coastguard WorkerH1_IP=172.16.0.1/32
24*053f45beSAndroid Build Coastguard WorkerH1_IP6=2001:db8:1::1
25*053f45beSAndroid Build Coastguard WorkerRT1=172.16.1.0/24
26*053f45beSAndroid Build Coastguard WorkerPINGADDR=172.16.1.1
27*053f45beSAndroid Build Coastguard WorkerRT2=172.16.0.0/24
28*053f45beSAndroid Build Coastguard WorkerH2_IP6=2001:db8:1::2
29*053f45beSAndroid Build Coastguard Worker
30*053f45beSAndroid Build Coastguard WorkerTMPFILE=$(mktemp)
31*053f45beSAndroid Build Coastguard Worker
32*053f45beSAndroid Build Coastguard Workercleanup()
33*053f45beSAndroid Build Coastguard Worker{
34*053f45beSAndroid Build Coastguard Worker    rm -f "$TMPFILE"
35*053f45beSAndroid Build Coastguard Worker    ip netns del $NS1
36*053f45beSAndroid Build Coastguard Worker    ip netns del $NS2
37*053f45beSAndroid Build Coastguard Worker}
38*053f45beSAndroid Build Coastguard Worker
39*053f45beSAndroid Build Coastguard Workertrap cleanup EXIT
40*053f45beSAndroid Build Coastguard Worker
41*053f45beSAndroid Build Coastguard Worker# Namespaces
42*053f45beSAndroid Build Coastguard Workerip netns add $NS1
43*053f45beSAndroid Build Coastguard Workerip netns add $NS2
44*053f45beSAndroid Build Coastguard Worker
45*053f45beSAndroid Build Coastguard Worker# Connectivity
46*053f45beSAndroid Build Coastguard Workerip -netns $NS1 link add veth0 type veth peer name veth0 netns $NS2
47*053f45beSAndroid Build Coastguard Workerip -netns $NS1 link set dev veth0 up
48*053f45beSAndroid Build Coastguard Workerip -netns $NS2 link set dev veth0 up
49*053f45beSAndroid Build Coastguard Workerip -netns $NS1 addr add $H1_IP dev veth0
50*053f45beSAndroid Build Coastguard Workerip -netns $NS1 addr add $H1_IP6/64 dev veth0 nodad
51*053f45beSAndroid Build Coastguard Workerip -netns $NS2 addr add $H2_IP6/64 dev veth0 nodad
52*053f45beSAndroid Build Coastguard Workerip -netns $NS1 route add $RT1 via inet6 $H2_IP6
53*053f45beSAndroid Build Coastguard Workerip -netns $NS2 route add $RT2 via inet6 $H1_IP6
54*053f45beSAndroid Build Coastguard Worker
55*053f45beSAndroid Build Coastguard Worker# Make sure ns2 will respond with ICMP unreachable
56*053f45beSAndroid Build Coastguard Workerip netns exec $NS2 sysctl -qw net.ipv4.icmp_ratelimit=0 net.ipv4.ip_forward=1
57*053f45beSAndroid Build Coastguard Worker
58*053f45beSAndroid Build Coastguard Worker# Run the test - a ping runs in the background, and we capture ICMP responses
59*053f45beSAndroid Build Coastguard Worker# with tcpdump; -c 1 means it should exit on the first ping, but add a timeout
60*053f45beSAndroid Build Coastguard Worker# in case something goes wrong
61*053f45beSAndroid Build Coastguard Workerip netns exec $NS1 ping -w 3 -i 0.5 $PINGADDR >/dev/null &
62*053f45beSAndroid Build Coastguard Workerip netns exec $NS1 timeout 10 tcpdump -tpni veth0 -c 1 'icmp and icmp[icmptype] != icmp-echo' > $TMPFILE 2>/dev/null
63*053f45beSAndroid Build Coastguard Worker
64*053f45beSAndroid Build Coastguard Worker# Parse response and check for dummy address
65*053f45beSAndroid Build Coastguard Worker# tcpdump output looks like:
66*053f45beSAndroid Build Coastguard Worker# IP 192.0.0.8 > 172.16.0.1: ICMP net 172.16.1.1 unreachable, length 92
67*053f45beSAndroid Build Coastguard WorkerRESP_IP=$(awk '{print $2}' < $TMPFILE)
68*053f45beSAndroid Build Coastguard Workerif [[ "$RESP_IP" != "192.0.0.8" ]]; then
69*053f45beSAndroid Build Coastguard Worker    echo "FAIL - got ICMP response from $RESP_IP, should be 192.0.0.8"
70*053f45beSAndroid Build Coastguard Worker    exit 1
71*053f45beSAndroid Build Coastguard Workerelse
72*053f45beSAndroid Build Coastguard Worker    echo "OK"
73*053f45beSAndroid Build Coastguard Worker    exit 0
74*053f45beSAndroid Build Coastguard Workerfi
75