2 # SPDX-License-Identifier: GPL-2.0
6 # This script evaluates ip tunnels that are capable of carrying L2 traffic
7 # if they inherit or set the inheritable fields.
8 # Namely these tunnels are: 'gretap', 'vxlan' and 'geneve'.
9 # Checked inheritable fields are: TOS and TTL.
10 # The outer tunnel protocol of 'IPv4' or 'IPv6' is verified-
11 # As payload frames of type 'IPv4', 'IPv6' and 'other'(ARP) are verified.
12 # In addition this script also checks if forcing a specific field in the
13 # outer header is working.
15 # Return 4 by default (Kselftest SKIP code)
18 if [ "$(id -u)" != "0" ]; then
19 echo "Please run as root."
22 if ! which tcpdump > /dev/null 2>&1; then
23 echo "No tcpdump found. Required for this test."
31 readonly NS0=$(mktemp -u ns0-XXXXXXXX)
32 readonly NS1=$(mktemp -u ns1-XXXXXXXX)
34 RUN_NS0="ip netns exec ${NS0}"
37 # Get a random hex tos value between 0x00 and 0xfc, a multiple of 4
38 echo "0x$(tr -dc '0-9a-f' < /dev/urandom | head -c 1)\
39 $(tr -dc '048c' < /dev/urandom | head -c 1)"
42 # Get a random dec value between 0 and 255
43 printf "%d" "0x$(tr -dc '0-9a-f' < /dev/urandom | head -c 2)"
46 # Expects to get the 'head -n 1' of a captured frame by tcpdump.
47 # Parses this first line and returns the specified field.
51 input="$(echo "$input" | tr -d '(),')"
52 for input_field in $input; do
57 # The next field that we iterate over is the looked for value
58 if [ "$input_field" = "$field" ]; then
73 # We don't want a test-tos of 0x00,
74 # because this is the value that we get when no tos is set.
75 expected_tos="$(get_random_tos)"
76 while [ "$expected_tos" = "0x00" ]; do
77 expected_tos="$(get_random_tos)"
79 if [ "$tos_ttl" = "random" ]; then
80 test_tos="$expected_tos"
82 elif [ "$tos_ttl" = "inherit" ]; then
84 tos="inherit $expected_tos"
87 # We don't want a test-ttl of 64 or 0,
88 # because 64 is when no ttl is set and 0 is not a valid ttl.
89 expected_ttl="$(get_random_ttl)"
90 while [ "$expected_ttl" = "64" ] || [ "$expected_ttl" = "0" ]; do
91 expected_ttl="$(get_random_ttl)"
94 if [ "$tos_ttl" = "random" ]; then
95 test_ttl="$expected_ttl"
97 elif [ "$tos_ttl" = "inherit" ]; then
99 ttl="inherit $expected_ttl"
101 printf "│%7s │%6s │%6s │%13s │%13s │%6s │" \
102 "$type" "$outer" "$inner" "$tos" "$ttl" "$vlan"
104 # Create netns NS0 and NS1 and connect them with a veth pair
105 ip netns add "${NS0}"
106 ip netns add "${NS1}"
107 ip link add name veth0 netns "${NS0}" type veth \
108 peer name veth1 netns "${NS1}"
109 ip -netns "${NS0}" link set dev veth0 up
110 ip -netns "${NS1}" link set dev veth1 up
111 ip -netns "${NS0}" address flush dev veth0
112 ip -netns "${NS1}" address flush dev veth1
116 if [ "$type" = "gre" ] || [ "$type" = "vxlan" ]; then
117 if [ "$outer" = "4" ]; then
118 local_addr1="local 198.18.0.1"
119 local_addr2="local 198.18.0.2"
120 elif [ "$outer" = "6" ]; then
121 local_addr1="local fdd1:ced0:5d88:3fce::1"
122 local_addr2="local fdd1:ced0:5d88:3fce::2"
126 if [ "$type" = "vxlan" ]; then
127 vxlan="vni 100 dstport 4789"
130 if [ "$type" = "geneve" ]; then
133 # Create tunnel and assign outer IPv4/IPv6 addresses
134 if [ "$outer" = "4" ]; then
135 if [ "$type" = "gre" ]; then
138 ip -netns "${NS0}" address add 198.18.0.1/24 dev veth0
139 ip -netns "${NS1}" address add 198.18.0.2/24 dev veth1
140 ip -netns "${NS0}" link add name tep0 type $type $local_addr1 \
141 remote 198.18.0.2 tos $test_tos ttl $test_ttl \
143 ip -netns "${NS1}" link add name tep1 type $type $local_addr2 \
144 remote 198.18.0.1 tos $test_tos ttl $test_ttl \
146 elif [ "$outer" = "6" ]; then
147 if [ "$type" = "gre" ]; then
150 ip -netns "${NS0}" address add fdd1:ced0:5d88:3fce::1/64 \
152 ip -netns "${NS1}" address add fdd1:ced0:5d88:3fce::2/64 \
154 ip -netns "${NS0}" link add name tep0 type $type $local_addr1 \
155 remote fdd1:ced0:5d88:3fce::2 tos $test_tos \
156 ttl $test_ttl $vxlan $geneve
157 ip -netns "${NS1}" link add name tep1 type $type $local_addr2 \
158 remote fdd1:ced0:5d88:3fce::1 tos $test_tos \
159 ttl $test_ttl $vxlan $geneve
162 # Bring L2-tunnel link up and create VLAN on top
163 ip -netns "${NS0}" link set tep0 up
164 ip -netns "${NS1}" link set tep1 up
165 ip -netns "${NS0}" address flush dev tep0
166 ip -netns "${NS1}" address flush dev tep1
170 ip -netns "${NS0}" link add link tep0 name ${parent}0 \
172 ip -netns "${NS1}" link add link tep1 name ${parent}1 \
174 ip -netns "${NS0}" link set dev ${parent}0 up
175 ip -netns "${NS1}" link set dev ${parent}1 up
176 ip -netns "${NS0}" address flush dev ${parent}0
177 ip -netns "${NS1}" address flush dev ${parent}1
182 # Assign inner IPv4/IPv6 addresses
183 if [ "$inner" = "4" ] || [ "$inner" = "other" ]; then
184 ip -netns "${NS0}" address add 198.19.0.1/24 brd + dev ${parent}0
185 ip -netns "${NS1}" address add 198.19.0.2/24 brd + dev ${parent}1
186 elif [ "$inner" = "6" ]; then
187 ip -netns "${NS0}" address add fdd4:96cf:4eae:443b::1/64 \
189 ip -netns "${NS1}" address add fdd4:96cf:4eae:443b::2/64 \
200 local ping_pid out captured_tos captured_ttl result
203 if [ "$inner" = "4" ]; then
204 ping_dst="198.19.0.2"
205 elif [ "$inner" = "6" ]; then
206 ping_dst="fdd4:96cf:4eae:443b::2"
207 elif [ "$inner" = "other" ]; then
208 ping_dst="198.19.0.3" # Generates ARPs which are not IPv4/IPv6
210 if [ "$tos_ttl" = "inherit" ]; then
211 ${RUN_NS0} ping -i 0.1 $ping_dst -Q "$expected_tos" \
212 -t "$expected_ttl" 2>/dev/null 1>&2 & ping_pid="$!"
214 ${RUN_NS0} ping -i 0.1 $ping_dst 2>/dev/null 1>&2 & ping_pid="$!"
216 local tunnel_type_offset tunnel_type_proto req_proto_offset req_offset
217 if [ "$type" = "gre" ]; then
218 tunnel_type_proto="0x2f"
219 elif [ "$type" = "vxlan" ] || [ "$type" = "geneve" ]; then
220 tunnel_type_proto="0x11"
222 if [ "$outer" = "4" ]; then
223 tunnel_type_offset="9"
224 if [ "$inner" = "4" ]; then
225 req_proto_offset="47"
227 if [ "$type" = "vxlan" ] || [ "$type" = "geneve" ]; then
228 req_proto_offset="$((req_proto_offset + 12))"
229 req_offset="$((req_offset + 12))"
232 req_proto_offset="$((req_proto_offset + 4))"
233 req_offset="$((req_offset + 4))"
235 out="$(${RUN_NS0} tcpdump --immediate-mode -p -c 1 -v \
237 ip[$tunnel_type_offset] = $tunnel_type_proto and \
238 ip[$req_proto_offset] = 0x01 and \
239 ip[$req_offset] = 0x08 2>/dev/null \
241 elif [ "$inner" = "6" ]; then
242 req_proto_offset="44"
244 if [ "$type" = "vxlan" ] || [ "$type" = "geneve" ]; then
245 req_proto_offset="$((req_proto_offset + 12))"
246 req_offset="$((req_offset + 12))"
249 req_proto_offset="$((req_proto_offset + 4))"
250 req_offset="$((req_offset + 4))"
252 out="$(${RUN_NS0} tcpdump --immediate-mode -p -c 1 -v \
254 ip[$tunnel_type_offset] = $tunnel_type_proto and \
255 ip[$req_proto_offset] = 0x3a and \
256 ip[$req_offset] = 0x80 2>/dev/null \
258 elif [ "$inner" = "other" ]; then
259 req_proto_offset="36"
261 if [ "$type" = "vxlan" ] || [ "$type" = "geneve" ]; then
262 req_proto_offset="$((req_proto_offset + 12))"
263 req_offset="$((req_offset + 12))"
266 req_proto_offset="$((req_proto_offset + 4))"
267 req_offset="$((req_offset + 4))"
269 if [ "$tos_ttl" = "inherit" ]; then
273 out="$(${RUN_NS0} tcpdump --immediate-mode -p -c 1 -v \
275 ip[$tunnel_type_offset] = $tunnel_type_proto and \
276 ip[$req_proto_offset] = 0x08 and \
277 ip[$((req_proto_offset + 1))] = 0x06 and \
278 ip[$req_offset] = 0x01 2>/dev/null \
281 elif [ "$outer" = "6" ]; then
282 if [ "$type" = "gre" ]; then
283 tunnel_type_offset="40"
284 elif [ "$type" = "vxlan" ] || [ "$type" = "geneve" ]; then
285 tunnel_type_offset="6"
287 if [ "$inner" = "4" ]; then
288 local req_proto_offset="75"
289 local req_offset="86"
290 if [ "$type" = "vxlan" ] || [ "$type" = "geneve" ]; then
291 req_proto_offset="$((req_proto_offset + 4))"
292 req_offset="$((req_offset + 4))"
295 req_proto_offset="$((req_proto_offset + 4))"
296 req_offset="$((req_offset + 4))"
298 out="$(${RUN_NS0} tcpdump --immediate-mode -p -c 1 -v \
300 ip6[$tunnel_type_offset] = $tunnel_type_proto and \
301 ip6[$req_proto_offset] = 0x01 and \
302 ip6[$req_offset] = 0x08 2>/dev/null \
304 elif [ "$inner" = "6" ]; then
305 local req_proto_offset="72"
306 local req_offset="106"
307 if [ "$type" = "vxlan" ] || [ "$type" = "geneve" ]; then
308 req_proto_offset="$((req_proto_offset + 4))"
309 req_offset="$((req_offset + 4))"
312 req_proto_offset="$((req_proto_offset + 4))"
313 req_offset="$((req_offset + 4))"
315 out="$(${RUN_NS0} tcpdump --immediate-mode -p -c 1 -v \
317 ip6[$tunnel_type_offset] = $tunnel_type_proto and \
318 ip6[$req_proto_offset] = 0x3a and \
319 ip6[$req_offset] = 0x80 2>/dev/null \
321 elif [ "$inner" = "other" ]; then
322 local req_proto_offset="64"
323 local req_offset="73"
324 if [ "$type" = "vxlan" ] || [ "$type" = "geneve" ]; then
325 req_proto_offset="$((req_proto_offset + 4))"
326 req_offset="$((req_offset + 4))"
329 req_proto_offset="$((req_proto_offset + 4))"
330 req_offset="$((req_offset + 4))"
332 if [ "$tos_ttl" = "inherit" ]; then
336 out="$(${RUN_NS0} tcpdump --immediate-mode -p -c 1 -v \
338 ip6[$tunnel_type_offset] = $tunnel_type_proto and \
339 ip6[$req_proto_offset] = 0x08 and \
340 ip6[$((req_proto_offset + 1))] = 0x06 and \
341 ip6[$req_offset] = 0x01 2>/dev/null \
346 wait $ping_pid 2>/dev/null || true
348 if [ "$outer" = "4" ]; then
349 captured_ttl="$(get_field "ttl" "$out")"
350 captured_tos="$(printf "0x%02x" "$(get_field "tos" "$out")")"
351 if [ "$captured_tos" = "$expected_tos" ] &&
352 [ "$captured_ttl" = "$expected_ttl" ]; then
355 elif [ "$outer" = "6" ]; then
356 captured_ttl="$(get_field "hlim" "$out")"
357 captured_tos="$(printf "0x%02x" "$(get_field "class" "$out")")"
358 if [ "$captured_tos" = "$expected_tos" ] &&
359 [ "$captured_ttl" = "$expected_ttl" ]; then
364 printf "%7s │\n" "$result"
365 if [ "$result" = "FAIL" ]; then
367 if [ "$captured_tos" != "$expected_tos" ]; then
368 printf "│%43s%27s │\n" \
369 "Expected TOS value: $expected_tos" \
370 "Captured TOS value: $captured_tos"
372 if [ "$captured_ttl" != "$expected_ttl" ]; then
373 printf "│%43s%27s │\n" \
374 "Expected TTL value: $expected_ttl" \
375 "Captured TTL value: $captured_ttl"
377 printf "│%71s│\n" " "
382 ip netns del "${NS0}" 2>/dev/null
383 ip netns del "${NS1}" 2>/dev/null
387 # Don't exit immediately if one of the intermediate commands fails.
388 # We might be called at the end of the script, when the network
389 # namespaces have already been deleted. So cleanup() may fail, but we
390 # still need to run until 'exit $ERR' or the script won't return the
391 # correct error code.
399 # Restore the default SIGINT handler (just in case) and exit.
400 # The exit handler will take care of cleaning everything up.
408 trap exit_handler EXIT
411 printf "┌────────┬───────┬───────┬──────────────┬"
412 printf "──────────────┬───────┬────────┐\n"
413 for type in gre vxlan geneve; do
414 if ! $(modprobe "$type" 2>/dev/null); then
418 printf "├────────┼───────┼───────┼──────────────┼"
419 printf "──────────────┼───────┼────────┤\n"
420 printf "│ Type │ outer | inner │ tos │"
421 printf " ttl │ vlan │ result │\n"
422 for inner in 4 6 other; do
423 printf "├────────┼───────┼───────┼──────────────┼"
424 printf "──────────────┼───────┼────────┤\n"
425 for tos_ttl in inherit random; do
426 for vlan in false true; do
427 setup "$type" "$outer" "$inner" \
429 verify "$outer" "$inner" "$tos_ttl" \
437 printf "└────────┴───────┴───────┴──────────────┴"
438 printf "──────────────┴───────┴────────┘\n"
441 # Set ERR appropriately: it will be returned by the exit handler.
projects / linux.git / blob