bareudp.sh 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511
  1. #!/bin/bash
  2. # SPDX-License-Identifier: GPL-2.0
  3. # Test various bareudp tunnel configurations.
  4. #
  5. # The bareudp module allows to tunnel network protocols like IP or MPLS over
  6. # UDP, without adding any intermediate header. This scripts tests several
  7. # configurations of bareudp (using IPv4 or IPv6 as underlay and transporting
  8. # IPv4, IPv6 or MPLS packets on the overlay).
  9. #
  10. # Network topology:
  11. #
  12. # * A chain of 4 network namespaces, connected with veth pairs. Each veth
  13. # is assigned an IPv4 and an IPv6 address. A host-route allows a veth to
  14. # join its peer.
  15. #
  16. # * NS0 and NS3 are at the extremities of the chain. They have additional
  17. # IPv4 and IPv6 addresses on their loopback device. Routes are added in NS0
  18. # and NS3, so that they can communicate using these overlay IP addresses.
  19. # For IPv4 and IPv6 reachability tests, the route simply sets the peer's
  20. # veth address as gateway. For MPLS reachability tests, an MPLS header is
  21. # also pushed before the IP header.
  22. #
  23. # * NS1 and NS2 are the intermediate namespaces. They use a bareudp device to
  24. # encapsulate the traffic into UDP.
  25. #
  26. # +-----------------------------------------------------------------------+
  27. # | NS0 |
  28. # | |
  29. # | lo: |
  30. # | * IPv4 address: 192.0.2.100/32 |
  31. # | * IPv6 address: 2001:db8::100/128 |
  32. # | * IPv6 address: 2001:db8::200/128 |
  33. # | * IPv4 route: 192.0.2.103/32 reachable via 192.0.2.11 |
  34. # | * IPv6 route: 2001:db8::103/128 reachable via 2001:db8::11 |
  35. # | * IPv6 route: 2001:db8::203/128 reachable via 2001:db8::11 |
  36. # | (encapsulated with MPLS label 203) |
  37. # | |
  38. # | veth01: |
  39. # | ^ * IPv4 address: 192.0.2.10, peer 192.0.2.11/32 |
  40. # | | * IPv6 address: 2001:db8::10, peer 2001:db8::11/128 |
  41. # | | |
  42. # +---+-------------------------------------------------------------------+
  43. # |
  44. # | Traffic type: IP or MPLS (depending on test)
  45. # |
  46. # +---+-------------------------------------------------------------------+
  47. # | | NS1 |
  48. # | | |
  49. # | v |
  50. # | veth10: |
  51. # | * IPv4 address: 192.0.2.11, peer 192.0.2.10/32 |
  52. # | * IPv6 address: 2001:db8::11, peer 2001:db8::10/128 |
  53. # | |
  54. # | bareudp_ns1: |
  55. # | * Encapsulate IP or MPLS packets received on veth10 into UDP |
  56. # | and send the resulting packets through veth12. |
  57. # | * Decapsulate bareudp packets (either IP or MPLS, over UDP) |
  58. # | received on veth12 and send the inner packets through veth10. |
  59. # | |
  60. # | veth12: |
  61. # | ^ * IPv4 address: 192.0.2.21, peer 192.0.2.22/32 |
  62. # | | * IPv6 address: 2001:db8::21, peer 2001:db8::22/128 |
  63. # | | |
  64. # +---+-------------------------------------------------------------------+
  65. # |
  66. # | Traffic type: IP or MPLS (depending on test), over UDP
  67. # |
  68. # +---+-------------------------------------------------------------------+
  69. # | | NS2 |
  70. # | | |
  71. # | v |
  72. # | veth21: |
  73. # | * IPv4 address: 192.0.2.22, peer 192.0.2.21/32 |
  74. # | * IPv6 address: 2001:db8::22, peer 2001:db8::21/128 |
  75. # | |
  76. # | bareudp_ns2: |
  77. # | * Decapsulate bareudp packets (either IP or MPLS, over UDP) |
  78. # | received on veth21 and send the inner packets through veth23. |
  79. # | * Encapsulate IP or MPLS packets received on veth23 into UDP |
  80. # | and send the resulting packets through veth21. |
  81. # | |
  82. # | veth23: |
  83. # | ^ * IPv4 address: 192.0.2.32, peer 192.0.2.33/32 |
  84. # | | * IPv6 address: 2001:db8::32, peer 2001:db8::33/128 |
  85. # | | |
  86. # +---+-------------------------------------------------------------------+
  87. # |
  88. # | Traffic type: IP or MPLS (depending on test)
  89. # |
  90. # +---+-------------------------------------------------------------------+
  91. # | | NS3 |
  92. # | v |
  93. # | veth32: |
  94. # | * IPv4 address: 192.0.2.33, peer 192.0.2.32/32 |
  95. # | * IPv6 address: 2001:db8::33, peer 2001:db8::32/128 |
  96. # | |
  97. # | lo: |
  98. # | * IPv4 address: 192.0.2.103/32 |
  99. # | * IPv6 address: 2001:db8::103/128 |
  100. # | * IPv6 address: 2001:db8::203/128 |
  101. # | * IPv4 route: 192.0.2.100/32 reachable via 192.0.2.32 |
  102. # | * IPv6 route: 2001:db8::100/128 reachable via 2001:db8::32 |
  103. # | * IPv6 route: 2001:db8::200/128 reachable via 2001:db8::32 |
  104. # | (encapsulated with MPLS label 200) |
  105. # | |
  106. # +-----------------------------------------------------------------------+
  107. . ./lib.sh
  108. ERR=4 # Return 4 by default, which is the SKIP code for kselftest
  109. PING6="ping"
  110. PAUSE_ON_FAIL="no"
  111. # Exit the script after having removed the network namespaces it created
  112. exit_cleanup()
  113. {
  114. cleanup_all_ns
  115. if [ "${ERR}" -eq 4 ]; then
  116. echo "Error: Setting up the testing environment failed." >&2
  117. fi
  118. exit "${ERR}"
  119. }
  120. # Create the four network namespaces used by the script (NS0, NS1, NS2 and NS3)
  121. #
  122. # New namespaces are cleaned up manually in case of error, to ensure that only
  123. # namespaces created by this script are deleted.
  124. create_namespaces()
  125. {
  126. setup_ns NS0 NS1 NS2 NS3 || exit_cleanup
  127. }
  128. # Configure a network interface using a host route
  129. #
  130. # Parameters
  131. #
  132. # * $1: the netns the network interface resides in,
  133. # * $2: the network interface name,
  134. # * $3: the local IPv4 address to assign to this interface,
  135. # * $4: the IPv4 address of the remote network interface,
  136. # * $5: the local IPv6 address to assign to this interface,
  137. # * $6: the IPv6 address of the remote network interface.
  138. #
  139. iface_config()
  140. {
  141. local NS="${1}"; readonly NS
  142. local DEV="${2}"; readonly DEV
  143. local LOCAL_IP4="${3}"; readonly LOCAL_IP4
  144. local PEER_IP4="${4}"; readonly PEER_IP4
  145. local LOCAL_IP6="${5}"; readonly LOCAL_IP6
  146. local PEER_IP6="${6}"; readonly PEER_IP6
  147. ip -netns "${NS}" link set dev "${DEV}" up
  148. ip -netns "${NS}" address add dev "${DEV}" "${LOCAL_IP4}" peer "${PEER_IP4}"
  149. ip -netns "${NS}" address add dev "${DEV}" "${LOCAL_IP6}" peer "${PEER_IP6}" nodad
  150. }
  151. # Create base networking topology:
  152. #
  153. # * set up the loopback device in all network namespaces (NS0..NS3),
  154. # * set up a veth pair to connect each netns in sequence (NS0 with NS1,
  155. # NS1 with NS2, etc.),
  156. # * add and IPv4 and an IPv6 address on each veth interface,
  157. # * prepare the ingress qdiscs in the intermediate namespaces.
  158. #
  159. setup_underlay()
  160. {
  161. ip link add name veth01 netns "${NS0}" type veth peer name veth10 netns "${NS1}"
  162. ip link add name veth12 netns "${NS1}" type veth peer name veth21 netns "${NS2}"
  163. ip link add name veth23 netns "${NS2}" type veth peer name veth32 netns "${NS3}"
  164. iface_config "${NS0}" veth01 192.0.2.10 192.0.2.11/32 2001:db8::10 2001:db8::11/128
  165. iface_config "${NS1}" veth10 192.0.2.11 192.0.2.10/32 2001:db8::11 2001:db8::10/128
  166. iface_config "${NS1}" veth12 192.0.2.21 192.0.2.22/32 2001:db8::21 2001:db8::22/128
  167. iface_config "${NS2}" veth21 192.0.2.22 192.0.2.21/32 2001:db8::22 2001:db8::21/128
  168. iface_config "${NS2}" veth23 192.0.2.32 192.0.2.33/32 2001:db8::32 2001:db8::33/128
  169. iface_config "${NS3}" veth32 192.0.2.33 192.0.2.32/32 2001:db8::33 2001:db8::32/128
  170. tc -netns "${NS1}" qdisc add dev veth10 ingress
  171. tc -netns "${NS2}" qdisc add dev veth23 ingress
  172. }
  173. # Set up the IPv4, IPv6 and MPLS overlays.
  174. #
  175. # Configuration is similar for all protocols:
  176. #
  177. # * add an overlay IP address on the loopback interface of each edge
  178. # namespace,
  179. # * route these IP addresses via the intermediate namespaces (for the MPLS
  180. # tests, this is also where MPLS encapsulation is done),
  181. # * add routes for these IP addresses (or MPLS labels) in the intermediate
  182. # namespaces.
  183. #
  184. # The bareudp encapsulation isn't configured in setup_overlay_*(). That will be
  185. # done just before running the reachability tests.
  186. setup_overlay_ipv4()
  187. {
  188. # Add the overlay IP addresses and route them through the veth devices
  189. ip -netns "${NS0}" address add 192.0.2.100/32 dev lo
  190. ip -netns "${NS3}" address add 192.0.2.103/32 dev lo
  191. ip -netns "${NS0}" route add 192.0.2.103/32 src 192.0.2.100 via 192.0.2.11
  192. ip -netns "${NS3}" route add 192.0.2.100/32 src 192.0.2.103 via 192.0.2.32
  193. # Route the overlay addresses in the intermediate namespaces
  194. # (used after bareudp decapsulation)
  195. ip netns exec "${NS1}" sysctl -qw net.ipv4.ip_forward=1
  196. ip netns exec "${NS2}" sysctl -qw net.ipv4.ip_forward=1
  197. ip -netns "${NS1}" route add 192.0.2.100/32 via 192.0.2.10
  198. ip -netns "${NS2}" route add 192.0.2.103/32 via 192.0.2.33
  199. }
  200. setup_overlay_ipv6()
  201. {
  202. # Add the overlay IP addresses and route them through the veth devices
  203. ip -netns "${NS0}" address add 2001:db8::100/128 dev lo
  204. ip -netns "${NS3}" address add 2001:db8::103/128 dev lo
  205. ip -netns "${NS0}" route add 2001:db8::103/128 src 2001:db8::100 via 2001:db8::11
  206. ip -netns "${NS3}" route add 2001:db8::100/128 src 2001:db8::103 via 2001:db8::32
  207. # Route the overlay addresses in the intermediate namespaces
  208. # (used after bareudp decapsulation)
  209. ip netns exec "${NS1}" sysctl -qw net.ipv6.conf.all.forwarding=1
  210. ip netns exec "${NS2}" sysctl -qw net.ipv6.conf.all.forwarding=1
  211. ip -netns "${NS1}" route add 2001:db8::100/128 via 2001:db8::10
  212. ip -netns "${NS2}" route add 2001:db8::103/128 via 2001:db8::33
  213. }
  214. setup_overlay_mpls()
  215. {
  216. # Add specific overlay IP addresses, routed over MPLS
  217. ip -netns "${NS0}" address add 2001:db8::200/128 dev lo
  218. ip -netns "${NS3}" address add 2001:db8::203/128 dev lo
  219. ip -netns "${NS0}" route add 2001:db8::203/128 src 2001:db8::200 encap mpls 203 via 2001:db8::11
  220. ip -netns "${NS3}" route add 2001:db8::200/128 src 2001:db8::203 encap mpls 200 via 2001:db8::32
  221. # Route the MPLS packets in the intermediate namespaces
  222. # (used after bareudp decapsulation)
  223. ip netns exec "${NS1}" sysctl -qw net.mpls.platform_labels=256
  224. ip netns exec "${NS2}" sysctl -qw net.mpls.platform_labels=256
  225. ip -netns "${NS1}" -family mpls route add 200 via inet6 2001:db8::10
  226. ip -netns "${NS2}" -family mpls route add 203 via inet6 2001:db8::33
  227. }
  228. # Run "ping" from NS0 and print the result
  229. #
  230. # Parameters:
  231. #
  232. # * $1: the variant of ping to use (normally either "ping" or "ping6"),
  233. # * $2: the IP address to ping,
  234. # * $3: a human readable description of the purpose of the test.
  235. #
  236. # If the test fails and PAUSE_ON_FAIL is active, the user is given the
  237. # possibility to continue with the next test or to quit immediately.
  238. #
  239. ping_test_one()
  240. {
  241. local PING="$1"; readonly PING
  242. local IP="$2"; readonly IP
  243. local MSG="$3"; readonly MSG
  244. local RET
  245. printf "TEST: %-60s " "${MSG}"
  246. set +e
  247. ip netns exec "${NS0}" "${PING}" -w 5 -c 1 "${IP}" > /dev/null 2>&1
  248. RET=$?
  249. set -e
  250. if [ "${RET}" -eq 0 ]; then
  251. printf "[ OK ]\n"
  252. else
  253. ERR=1
  254. printf "[FAIL]\n"
  255. if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
  256. printf "\nHit enter to continue, 'q' to quit\n"
  257. read a
  258. if [ "$a" = "q" ]; then
  259. exit 1
  260. fi
  261. fi
  262. fi
  263. }
  264. # Run reachability tests
  265. #
  266. # Parameters:
  267. #
  268. # * $1: human readable string describing the underlay protocol.
  269. #
  270. # $IPV4, $IPV6, $MPLS_UC and $MULTIPROTO are inherited from the calling
  271. # function.
  272. #
  273. ping_test()
  274. {
  275. local UNDERLAY="$1"; readonly UNDERLAY
  276. local MODE
  277. local MSG
  278. if [ "${MULTIPROTO}" = "multiproto" ]; then
  279. MODE=" (multiproto mode)"
  280. else
  281. MODE=""
  282. fi
  283. if [ $IPV4 ]; then
  284. ping_test_one "ping" "192.0.2.103" "IPv4 packets over ${UNDERLAY}${MODE}"
  285. fi
  286. if [ $IPV6 ]; then
  287. ping_test_one "${PING6}" "2001:db8::103" "IPv6 packets over ${UNDERLAY}${MODE}"
  288. fi
  289. if [ $MPLS_UC ]; then
  290. ping_test_one "${PING6}" "2001:db8::203" "Unicast MPLS packets over ${UNDERLAY}${MODE}"
  291. fi
  292. }
  293. # Set up a bareudp overlay and run reachability tests over IPv4 and IPv6
  294. #
  295. # Parameters:
  296. #
  297. # * $1: the packet type (protocol) to be handled by bareudp,
  298. # * $2: a flag to activate or deactivate bareudp's "multiproto" mode.
  299. #
  300. test_overlay()
  301. {
  302. local ETHERTYPE="$1"; readonly ETHERTYPE
  303. local MULTIPROTO="$2"; readonly MULTIPROTO
  304. local IPV4
  305. local IPV6
  306. local MPLS_UC
  307. case "${ETHERTYPE}" in
  308. "ipv4")
  309. IPV4="ipv4"
  310. if [ "${MULTIPROTO}" = "multiproto" ]; then
  311. IPV6="ipv6"
  312. else
  313. IPV6=""
  314. fi
  315. MPLS_UC=""
  316. ;;
  317. "ipv6")
  318. IPV6="ipv6"
  319. IPV4=""
  320. MPLS_UC=""
  321. ;;
  322. "mpls_uc")
  323. MPLS_UC="mpls_uc"
  324. IPV4=""
  325. IPV6=""
  326. ;;
  327. *)
  328. exit 1
  329. ;;
  330. esac
  331. readonly IPV4
  332. readonly IPV6
  333. readonly MPLS_UC
  334. # Create the bareudp devices in the intermediate namespaces
  335. ip -netns "${NS1}" link add name bareudp_ns1 up type bareudp dstport 6635 ethertype "${ETHERTYPE}" "${MULTIPROTO}"
  336. ip -netns "${NS2}" link add name bareudp_ns2 up type bareudp dstport 6635 ethertype "${ETHERTYPE}" "${MULTIPROTO}"
  337. # IPv4 over UDPv4
  338. if [ $IPV4 ]; then
  339. # Encapsulation instructions for bareudp over IPv4
  340. tc -netns "${NS1}" filter add dev veth10 ingress protocol ipv4 \
  341. flower dst_ip 192.0.2.103/32 \
  342. action tunnel_key set src_ip 192.0.2.21 dst_ip 192.0.2.22 id 0 \
  343. action mirred egress redirect dev bareudp_ns1
  344. tc -netns "${NS2}" filter add dev veth23 ingress protocol ipv4 \
  345. flower dst_ip 192.0.2.100/32 \
  346. action tunnel_key set src_ip 192.0.2.22 dst_ip 192.0.2.21 id 0 \
  347. action mirred egress redirect dev bareudp_ns2
  348. fi
  349. # IPv6 over UDPv4
  350. if [ $IPV6 ]; then
  351. # Encapsulation instructions for bareudp over IPv4
  352. tc -netns "${NS1}" filter add dev veth10 ingress protocol ipv6 \
  353. flower dst_ip 2001:db8::103/128 \
  354. action tunnel_key set src_ip 192.0.2.21 dst_ip 192.0.2.22 id 0 \
  355. action mirred egress redirect dev bareudp_ns1
  356. tc -netns "${NS2}" filter add dev veth23 ingress protocol ipv6 \
  357. flower dst_ip 2001:db8::100/128 \
  358. action tunnel_key set src_ip 192.0.2.22 dst_ip 192.0.2.21 id 0 \
  359. action mirred egress redirect dev bareudp_ns2
  360. fi
  361. # MPLS (unicast) over UDPv4
  362. if [ $MPLS_UC ]; then
  363. ip netns exec "${NS1}" sysctl -qw net.mpls.conf.bareudp_ns1.input=1
  364. ip netns exec "${NS2}" sysctl -qw net.mpls.conf.bareudp_ns2.input=1
  365. # Encapsulation instructions for bareudp over IPv4
  366. tc -netns "${NS1}" filter add dev veth10 ingress protocol mpls_uc \
  367. flower mpls_label 203 \
  368. action tunnel_key set src_ip 192.0.2.21 dst_ip 192.0.2.22 id 0 \
  369. action mirred egress redirect dev bareudp_ns1
  370. tc -netns "${NS2}" filter add dev veth23 ingress protocol mpls_uc \
  371. flower mpls_label 200 \
  372. action tunnel_key set src_ip 192.0.2.22 dst_ip 192.0.2.21 id 0 \
  373. action mirred egress redirect dev bareudp_ns2
  374. fi
  375. # Test IPv4 underlay
  376. ping_test "UDPv4"
  377. # Cleanup bareudp encapsulation instructions, as they were specific to
  378. # the IPv4 underlay, before setting up and testing the IPv6 underlay
  379. tc -netns "${NS1}" filter delete dev veth10 ingress
  380. tc -netns "${NS2}" filter delete dev veth23 ingress
  381. # IPv4 over UDPv6
  382. if [ $IPV4 ]; then
  383. # New encapsulation instructions for bareudp over IPv6
  384. tc -netns "${NS1}" filter add dev veth10 ingress protocol ipv4 \
  385. flower dst_ip 192.0.2.103/32 \
  386. action tunnel_key set src_ip 2001:db8::21 dst_ip 2001:db8::22 id 0 \
  387. action mirred egress redirect dev bareudp_ns1
  388. tc -netns "${NS2}" filter add dev veth23 ingress protocol ipv4 \
  389. flower dst_ip 192.0.2.100/32 \
  390. action tunnel_key set src_ip 2001:db8::22 dst_ip 2001:db8::21 id 0 \
  391. action mirred egress redirect dev bareudp_ns2
  392. fi
  393. # IPv6 over UDPv6
  394. if [ $IPV6 ]; then
  395. # New encapsulation instructions for bareudp over IPv6
  396. tc -netns "${NS1}" filter add dev veth10 ingress protocol ipv6 \
  397. flower dst_ip 2001:db8::103/128 \
  398. action tunnel_key set src_ip 2001:db8::21 dst_ip 2001:db8::22 id 0 \
  399. action mirred egress redirect dev bareudp_ns1
  400. tc -netns "${NS2}" filter add dev veth23 ingress protocol ipv6 \
  401. flower dst_ip 2001:db8::100/128 \
  402. action tunnel_key set src_ip 2001:db8::22 dst_ip 2001:db8::21 id 0 \
  403. action mirred egress redirect dev bareudp_ns2
  404. fi
  405. # MPLS (unicast) over UDPv6
  406. if [ $MPLS_UC ]; then
  407. # New encapsulation instructions for bareudp over IPv6
  408. tc -netns "${NS1}" filter add dev veth10 ingress protocol mpls_uc \
  409. flower mpls_label 203 \
  410. action tunnel_key set src_ip 2001:db8::21 dst_ip 2001:db8::22 id 0 \
  411. action mirred egress redirect dev bareudp_ns1
  412. tc -netns "${NS2}" filter add dev veth23 ingress protocol mpls_uc \
  413. flower mpls_label 200 \
  414. action tunnel_key set src_ip 2001:db8::22 dst_ip 2001:db8::21 id 0 \
  415. action mirred egress redirect dev bareudp_ns2
  416. fi
  417. # Test IPv6 underlay
  418. ping_test "UDPv6"
  419. tc -netns "${NS1}" filter delete dev veth10 ingress
  420. tc -netns "${NS2}" filter delete dev veth23 ingress
  421. ip -netns "${NS1}" link delete bareudp_ns1
  422. ip -netns "${NS2}" link delete bareudp_ns2
  423. }
  424. check_features()
  425. {
  426. ip link help 2>&1 | grep -q bareudp
  427. if [ $? -ne 0 ]; then
  428. echo "Missing bareudp support in iproute2" >&2
  429. exit_cleanup
  430. fi
  431. # Use ping6 on systems where ping doesn't handle IPv6
  432. ping -w 1 -c 1 ::1 > /dev/null 2>&1 || PING6="ping6"
  433. }
  434. usage()
  435. {
  436. echo "Usage: $0 [-p]"
  437. exit 1
  438. }
  439. while getopts :p o
  440. do
  441. case $o in
  442. p) PAUSE_ON_FAIL="yes";;
  443. *) usage;;
  444. esac
  445. done
  446. check_features
  447. set -e
  448. trap exit_cleanup EXIT
  449. create_namespaces
  450. setup_underlay
  451. setup_overlay_ipv4
  452. setup_overlay_ipv6
  453. setup_overlay_mpls
  454. test_overlay ipv4 nomultiproto
  455. test_overlay ipv6 nomultiproto
  456. test_overlay ipv4 multiproto
  457. test_overlay mpls_uc nomultiproto
  458. if [ "${ERR}" -eq 1 ]; then
  459. echo "Some tests failed." >&2
  460. else
  461. ERR=0
  462. fi