Linux 6.14-rc3

[linux.git] / tools / testing / selftests / net / forwarding / router_multicast.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0

# +------------------+
# | H1 (v$h1)        |
# | 2001:db8:1::2/64 |
# | 198.51.100.2/28  |
# |         $h1 +    |
# +-------------|----+
#               |
# +-------------|-------------------------------+
# | SW1         |                               |
# |        $rp1 +                               |
# | 198.51.100.1/28                             |
# | 2001:db8:1::1/64                            |
# |                                             |
# | 2001:db8:2::1/64           2001:db8:3::1/64 |
# | 198.51.100.17/28           198.51.100.33/28 |
# |         $rp2 +                     $rp3 +   |
# +--------------|--------------------------|---+
#                |                          |
#                |                          |
# +--------------|---+       +--------------|---+
# | H2 (v$h2)    |   |       | H3 (v$h3)    |   |
# |          $h2 +   |       |          $h3 +   |
# | 198.51.100.18/28 |       | 198.51.100.34/28 |
# | 2001:db8:2::2/64 |       | 2001:db8:3::2/64 |
# +------------------+       +------------------+
#

ALL_TESTS="mcast_v4 mcast_v6 rpf_v4 rpf_v6 unres_v4 unres_v6"
NUM_NETIFS=6
source lib.sh
source tc_common.sh

require_command $MCD
require_command $MC_CLI
table_name=selftests

h1_create()
{
        simple_if_init $h1 198.51.100.2/28 2001:db8:1::2/64

        ip route add 198.51.100.16/28 vrf v$h1 nexthop via 198.51.100.1
        ip route add 198.51.100.32/28 vrf v$h1 nexthop via 198.51.100.1

        ip route add 2001:db8:2::/64 vrf v$h1 nexthop via 2001:db8:1::1
        ip route add 2001:db8:3::/64 vrf v$h1 nexthop via 2001:db8:1::1

        tc qdisc add dev $h1 ingress
}

h1_destroy()
{
        tc qdisc del dev $h1 ingress

        ip route del 2001:db8:3::/64 vrf v$h1
        ip route del 2001:db8:2::/64 vrf v$h1

        ip route del 198.51.100.32/28 vrf v$h1
        ip route del 198.51.100.16/28 vrf v$h1

        simple_if_fini $h1 198.51.100.2/28 2001:db8:1::2/64
}

h2_create()
{
        simple_if_init $h2 198.51.100.18/28 2001:db8:2::2/64

        ip route add 198.51.100.0/28 vrf v$h2 nexthop via 198.51.100.17
        ip route add 198.51.100.32/28 vrf v$h2 nexthop via 198.51.100.17

        ip route add 2001:db8:1::/64 vrf v$h2 nexthop via 2001:db8:2::1
        ip route add 2001:db8:3::/64 vrf v$h2 nexthop via 2001:db8:2::1

        tc qdisc add dev $h2 ingress
}

h2_destroy()
{
        tc qdisc del dev $h2 ingress

        ip route del 2001:db8:3::/64 vrf v$h2
        ip route del 2001:db8:1::/64 vrf v$h2

        ip route del 198.51.100.32/28 vrf v$h2
        ip route del 198.51.100.0/28 vrf v$h2

        simple_if_fini $h2 198.51.100.18/28 2001:db8:2::2/64
}

h3_create()
{
        simple_if_init $h3 198.51.100.34/28 2001:db8:3::2/64

        ip route add 198.51.100.0/28 vrf v$h3 nexthop via 198.51.100.33
        ip route add 198.51.100.16/28 vrf v$h3 nexthop via 198.51.100.33

        ip route add 2001:db8:1::/64 vrf v$h3 nexthop via 2001:db8:3::1
        ip route add 2001:db8:2::/64 vrf v$h3 nexthop via 2001:db8:3::1

        tc qdisc add dev $h3 ingress
}

h3_destroy()
{
        tc qdisc del dev $h3 ingress

        ip route del 2001:db8:2::/64 vrf v$h3
        ip route del 2001:db8:1::/64 vrf v$h3

        ip route del 198.51.100.16/28 vrf v$h3
        ip route del 198.51.100.0/28 vrf v$h3

        simple_if_fini $h3 198.51.100.34/28 2001:db8:3::2/64
}

router_create()
{
        ip link set dev $rp1 up
        ip link set dev $rp2 up
        ip link set dev $rp3 up

        ip address add 198.51.100.1/28 dev $rp1
        ip address add 198.51.100.17/28 dev $rp2
        ip address add 198.51.100.33/28 dev $rp3

        ip address add 2001:db8:1::1/64 dev $rp1
        ip address add 2001:db8:2::1/64 dev $rp2
        ip address add 2001:db8:3::1/64 dev $rp3

        tc qdisc add dev $rp3 ingress
}

router_destroy()
{
        tc qdisc del dev $rp3 ingress

        ip address del 2001:db8:3::1/64 dev $rp3
        ip address del 2001:db8:2::1/64 dev $rp2
        ip address del 2001:db8:1::1/64 dev $rp1

        ip address del 198.51.100.33/28 dev $rp3
        ip address del 198.51.100.17/28 dev $rp2
        ip address del 198.51.100.1/28 dev $rp1

        ip link set dev $rp3 down
        ip link set dev $rp2 down
        ip link set dev $rp1 down
}

start_mcd()
{
        SMCROUTEDIR="$(mktemp -d)"

        for ((i = 1; i <= $NUM_NETIFS; ++i)); do
                echo "phyint ${NETIFS[p$i]} enable" >> \
                        $SMCROUTEDIR/$table_name.conf
        done

        $MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \
                -P $SMCROUTEDIR/$table_name.pid
}

kill_mcd()
{
        pkill $MCD
        rm -rf $SMCROUTEDIR
}

setup_prepare()
{
        h1=${NETIFS[p1]}
        rp1=${NETIFS[p2]}

        rp2=${NETIFS[p3]}
        h2=${NETIFS[p4]}

        rp3=${NETIFS[p5]}
        h3=${NETIFS[p6]}

        start_mcd

        vrf_prepare

        h1_create
        h2_create
        h3_create

        router_create

        forwarding_enable
}

cleanup()
{
        pre_cleanup

        forwarding_restore

        router_destroy

        h3_destroy
        h2_destroy
        h1_destroy

        vrf_cleanup

        kill_mcd
}

create_mcast_sg()
{
        local if_name=$1; shift
        local s_addr=$1; shift
        local mcast=$1; shift
        local dest_ifs=${@}

        $MC_CLI -I $table_name add $if_name $s_addr $mcast $dest_ifs
}

delete_mcast_sg()
{
        local if_name=$1; shift
        local s_addr=$1; shift
        local mcast=$1; shift
        local dest_ifs=${@}

        $MC_CLI -I $table_name remove $if_name $s_addr $mcast $dest_ifs
}

mcast_v4()
{
        # Add two interfaces to an MC group, send a packet to the MC group and
        # verify packets are received on both. Then delete the route and verify
        # packets are no longer received.

        RET=0

        tc filter add dev $h2 ingress protocol ip pref 1 handle 122 flower \
                dst_ip 225.1.2.3 action drop
        tc filter add dev $h3 ingress protocol ip pref 1 handle 133 flower \
                dst_ip 225.1.2.3 action drop

        create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3

        # Send frames with the corresponding L2 destination address.
        $MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
                -A 198.51.100.2 -B 225.1.2.3 -q

        tc_check_packets "dev $h2 ingress" 122 5
        check_err $? "Multicast not received on first host"
        tc_check_packets "dev $h3 ingress" 133 5
        check_err $? "Multicast not received on second host"

        delete_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3

        $MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
                -A 198.51.100.2 -B 225.1.2.3 -q

        tc_check_packets "dev $h2 ingress" 122 5
        check_err $? "Multicast received on host although deleted"
        tc_check_packets "dev $h3 ingress" 133 5
        check_err $? "Multicast received on second host although deleted"

        tc filter del dev $h3 ingress protocol ip pref 1 handle 133 flower
        tc filter del dev $h2 ingress protocol ip pref 1 handle 122 flower

        log_test "mcast IPv4"
}

mcast_v6()
{
        # Add two interfaces to an MC group, send a packet to the MC group and
        # verify packets are received on both. Then delete the route and verify
        # packets are no longer received.

        RET=0

        tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 122 flower \
                dst_ip ff0e::3 action drop
        tc filter add dev $h3 ingress protocol ipv6 pref 1 handle 133 flower \
                dst_ip ff0e::3 action drop

        create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3

        # Send frames with the corresponding L2 destination address.
        $MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
                -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q

        tc_check_packets "dev $h2 ingress" 122 5
        check_err $? "Multicast not received on first host"
        tc_check_packets "dev $h3 ingress" 133 5
        check_err $? "Multicast not received on second host"

        delete_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3

        $MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
                -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q

        tc_check_packets "dev $h2 ingress" 122 5
        check_err $? "Multicast received on first host although deleted"
        tc_check_packets "dev $h3 ingress" 133 5
        check_err $? "Multicast received on second host although deleted"

        tc filter del dev $h3 ingress protocol ipv6 pref 1 handle 133 flower
        tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 122 flower

        log_test "mcast IPv6"
}

rpf_v4()
{
        # Add a multicast route from first router port to the other two. Send
        # matching packets and test that both hosts receive them. Then, send
        # the same packets via the third router port and test that they do not
        # reach any host due to RPF check. A filter with 'skip_hw' is added to
        # test that devices capable of multicast routing offload trap those
        # packets. The filter is essentialy a NOP in other scenarios.

        RET=0

        tc filter add dev $h1 ingress protocol ip pref 1 handle 1 flower \
                dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
        tc filter add dev $h2 ingress protocol ip pref 1 handle 1 flower \
                dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
        tc filter add dev $h3 ingress protocol ip pref 1 handle 1 flower \
                dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
        tc filter add dev $rp3 ingress protocol ip pref 1 handle 1 flower \
                skip_hw dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action pass

        create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3

        $MZ $h1 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
                -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
                -A 198.51.100.2 -B 225.1.2.3 -q

        tc_check_packets "dev $h2 ingress" 1 5
        check_err $? "Multicast not received on first host"
        tc_check_packets "dev $h3 ingress" 1 5
        check_err $? "Multicast not received on second host"

        $MZ $h3 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
                -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
                -A 198.51.100.2 -B 225.1.2.3 -q

        tc_check_packets "dev $h1 ingress" 1 0
        check_err $? "Multicast received on first host when should not"
        tc_check_packets "dev $h2 ingress" 1 5
        check_err $? "Multicast received on second host when should not"
        tc_check_packets "dev $rp3 ingress" 1 5
        check_err $? "Packets not trapped due to RPF check"

        delete_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3

        tc filter del dev $rp3 ingress protocol ip pref 1 handle 1 flower
        tc filter del dev $h3 ingress protocol ip pref 1 handle 1 flower
        tc filter del dev $h2 ingress protocol ip pref 1 handle 1 flower
        tc filter del dev $h1 ingress protocol ip pref 1 handle 1 flower

        log_test "RPF IPv4"
}

rpf_v6()
{
        RET=0

        tc filter add dev $h1 ingress protocol ipv6 pref 1 handle 1 flower \
                dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
        tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 1 flower \
                dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
        tc filter add dev $h3 ingress protocol ipv6 pref 1 handle 1 flower \
                dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
        tc filter add dev $rp3 ingress protocol ipv6 pref 1 handle 1 flower \
                skip_hw dst_ip ff0e::3 ip_proto udp dst_port 12345 action pass

        create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3

        $MZ $h1 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
                -a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
                -A 2001:db8:1::2 -B ff0e::3 -q

        tc_check_packets "dev $h2 ingress" 1 5
        check_err $? "Multicast not received on first host"
        tc_check_packets "dev $h3 ingress" 1 5
        check_err $? "Multicast not received on second host"

        $MZ $h3 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
                -a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
                -A 2001:db8:1::2 -B ff0e::3 -q

        tc_check_packets "dev $h1 ingress" 1 0
        check_err $? "Multicast received on first host when should not"
        tc_check_packets "dev $h2 ingress" 1 5
        check_err $? "Multicast received on second host when should not"
        tc_check_packets "dev $rp3 ingress" 1 5
        check_err $? "Packets not trapped due to RPF check"

        delete_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3

        tc filter del dev $rp3 ingress protocol ipv6 pref 1 handle 1 flower
        tc filter del dev $h3 ingress protocol ipv6 pref 1 handle 1 flower
        tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 1 flower
        tc filter del dev $h1 ingress protocol ipv6 pref 1 handle 1 flower

        log_test "RPF IPv6"
}

unres_v4()
{
        # Send a multicast packet not corresponding to an installed route,
        # causing the kernel to queue the packet for resolution and emit an
        # IGMPMSG_NOCACHE notification. smcrouted will react to this
        # notification by consulting its (*, G) list and installing an (S, G)
        # route, which will be used to forward the queued packet.

        RET=0

        tc filter add dev $h2 ingress protocol ip pref 1 handle 1 flower \
                dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
        tc filter add dev $h3 ingress protocol ip pref 1 handle 1 flower \
                dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop

        # Forwarding should fail before installing a matching (*, G).
        $MZ $h1 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
                -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
                -A 198.51.100.2 -B 225.1.2.3 -q

        tc_check_packets "dev $h2 ingress" 1 0
        check_err $? "Multicast received on first host when should not"
        tc_check_packets "dev $h3 ingress" 1 0
        check_err $? "Multicast received on second host when should not"

        # Create (*, G). Will not be installed in the kernel.
        create_mcast_sg $rp1 0.0.0.0 225.1.2.3 $rp2 $rp3

        $MZ $h1 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
                -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
                -A 198.51.100.2 -B 225.1.2.3 -q

        tc_check_packets "dev $h2 ingress" 1 1
        check_err $? "Multicast not received on first host"
        tc_check_packets "dev $h3 ingress" 1 1
        check_err $? "Multicast not received on second host"

        delete_mcast_sg $rp1 0.0.0.0 225.1.2.3 $rp2 $rp3

        tc filter del dev $h3 ingress protocol ip pref 1 handle 1 flower
        tc filter del dev $h2 ingress protocol ip pref 1 handle 1 flower

        log_test "Unresolved queue IPv4"
}

unres_v6()
{
        # Send a multicast packet not corresponding to an installed route,
        # causing the kernel to queue the packet for resolution and emit an
        # MRT6MSG_NOCACHE notification. smcrouted will react to this
        # notification by consulting its (*, G) list and installing an (S, G)
        # route, which will be used to forward the queued packet.

        RET=0

        tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 1 flower \
                dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
        tc filter add dev $h3 ingress protocol ipv6 pref 1 handle 1 flower \
                dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop

        # Forwarding should fail before installing a matching (*, G).
        $MZ $h1 -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
                -a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
                -A 2001:db8:1::2 -B ff0e::3 -q

        tc_check_packets "dev $h2 ingress" 1 0
        check_err $? "Multicast received on first host when should not"
        tc_check_packets "dev $h3 ingress" 1 0
        check_err $? "Multicast received on second host when should not"

        # Create (*, G). Will not be installed in the kernel.
        create_mcast_sg $rp1 :: ff0e::3 $rp2 $rp3

        $MZ $h1 -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
                -a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
                -A 2001:db8:1::2 -B ff0e::3 -q

        tc_check_packets "dev $h2 ingress" 1 1
        check_err $? "Multicast not received on first host"
        tc_check_packets "dev $h3 ingress" 1 1
        check_err $? "Multicast not received on second host"

        delete_mcast_sg $rp1 :: ff0e::3 $rp2 $rp3

        tc filter del dev $h3 ingress protocol ipv6 pref 1 handle 1 flower
        tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 1 flower

        log_test "Unresolved queue IPv6"
}

trap cleanup EXIT

setup_prepare
setup_wait

tests_run

exit $EXIT_STATUS