icmp.sh 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. #!/bin/bash
  2. # SPDX-License-Identifier: GPL-2.0
  3. # Test for checking ICMP response with dummy address instead of 0.0.0.0.
  4. # Sets up two namespaces like:
  5. # +----------------------+ +--------------------+
  6. # | ns1 | v4-via-v6 routes: | ns2 |
  7. # | | ' | |
  8. # | +--------+ -> 172.16.1.0/24 -> +--------+ |
  9. # | | veth0 +--------------------------+ veth0 | |
  10. # | +--------+ <- 172.16.0.0/24 <- +--------+ |
  11. # | 172.16.0.1 | | 2001:db8:1::2/64 |
  12. # | 2001:db8:1::2/64 | | |
  13. # +----------------------+ +--------------------+
  14. #
  15. # And then tries to ping 172.16.1.1 from ns1. This results in a "net
  16. # unreachable" message being sent from ns2, but there is no IPv4 address set in
  17. # that address space, so the kernel should substitute the dummy address
  18. # 192.0.0.8 defined in RFC7600.
  19. source lib.sh
  20. H1_IP=172.16.0.1/32
  21. H1_IP6=2001:db8:1::1
  22. RT1=172.16.1.0/24
  23. PINGADDR=172.16.1.1
  24. RT2=172.16.0.0/24
  25. H2_IP6=2001:db8:1::2
  26. TMPFILE=$(mktemp)
  27. cleanup()
  28. {
  29. rm -f "$TMPFILE"
  30. cleanup_ns $NS1 $NS2
  31. }
  32. trap cleanup EXIT
  33. # Namespaces
  34. setup_ns NS1 NS2
  35. # Connectivity
  36. ip -netns $NS1 link add veth0 type veth peer name veth0 netns $NS2
  37. ip -netns $NS1 link set dev veth0 up
  38. ip -netns $NS2 link set dev veth0 up
  39. ip -netns $NS1 addr add $H1_IP dev veth0
  40. ip -netns $NS1 addr add $H1_IP6/64 dev veth0 nodad
  41. ip -netns $NS2 addr add $H2_IP6/64 dev veth0 nodad
  42. ip -netns $NS1 route add $RT1 via inet6 $H2_IP6
  43. ip -netns $NS2 route add $RT2 via inet6 $H1_IP6
  44. # Make sure ns2 will respond with ICMP unreachable
  45. ip netns exec $NS2 sysctl -qw net.ipv4.icmp_ratelimit=0 net.ipv4.ip_forward=1
  46. # Run the test - a ping runs in the background, and we capture ICMP responses
  47. # with tcpdump; -c 1 means it should exit on the first ping, but add a timeout
  48. # in case something goes wrong
  49. ip netns exec $NS1 ping -w 3 -i 0.5 $PINGADDR >/dev/null &
  50. ip netns exec $NS1 timeout 10 tcpdump -tpni veth0 -c 1 'icmp and icmp[icmptype] != icmp-echo' > $TMPFILE 2>/dev/null
  51. # Parse response and check for dummy address
  52. # tcpdump output looks like:
  53. # IP 192.0.0.8 > 172.16.0.1: ICMP net 172.16.1.1 unreachable, length 92
  54. RESP_IP=$(awk '{print $2}' < $TMPFILE)
  55. if [[ "$RESP_IP" != "192.0.0.8" ]]; then
  56. echo "FAIL - got ICMP response from $RESP_IP, should be 192.0.0.8"
  57. exit 1
  58. else
  59. echo "OK"
  60. exit 0
  61. fi