2 # SPDX-License-Identifier: GPL-2.0
4 # This test is for checking IPv4 and IPv6 FIB rules API
6 # Kselftest framework requirement - SKIP code is 4.
11 PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
21 DEV_ADDR6=2001:db8:1::1
30 if [ ${rc} -eq ${expected} ]; then
31 nsuccess=$((nsuccess+1))
32 printf "\n TEST: %-50s [ OK ]\n" "${msg}"
36 printf "\n TEST: %-50s [FAIL]\n" "${msg}"
37 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
39 echo "hit enter to continue, 'q' to quit"
41 [ "$a" = "q" ] && exit 1
49 echo "######################################################################"
50 echo "TEST SECTION: $*"
51 echo "######################################################################"
58 $IP link set dev lo up
60 $IP link add dummy0 type dummy
61 $IP link set dev dummy0 up
62 $IP address add $DEV_ADDR/24 dev dummy0
63 $IP -6 address add $DEV_ADDR6/64 dev dummy0
70 $IP link del dev dummy0 &> /dev/null
74 fib_check_iproute_support()
76 ip rule help 2>&1 | grep -q $1
78 echo "SKIP: iproute2 iprule too old, missing $1 match"
82 ip route get help 2>&1 | grep -q $2
84 echo "SKIP: iproute2 get route too old, missing $2 match"
94 log_test $? 0 "rule6 del $1"
97 fib_rule6_del_by_pref()
99 pref=$($IP -6 rule show $1 table $RTABLE | cut -d ":" -f 1)
100 $IP -6 rule del pref $pref
103 fib_rule6_test_match_n_redirect()
107 local description="$3"
109 $IP -6 rule add $match table $RTABLE
110 $IP -6 route get $GW_IP6 $getmatch | grep -q "table $RTABLE"
111 log_test $? 0 "rule6 check: $description"
113 fib_rule6_del_by_pref "$match"
114 log_test $? 0 "rule6 del by pref: $description"
117 fib_rule6_test_reject()
122 $IP -6 rule add $match table $RTABLE 2>/dev/null
124 log_test $rc 2 "rule6 check: $match"
126 if [ $rc -eq 0 ]; then
127 $IP -6 rule del $match table $RTABLE
137 # setup the fib rule redirect route
138 $IP -6 route add table $RTABLE default via $GW_IP6 dev $DEV onlink
141 fib_rule6_test_match_n_redirect "$match" "$match" "oif redirect to table"
143 match="from $SRC_IP6 iif $DEV"
144 fib_rule6_test_match_n_redirect "$match" "$match" "iif redirect to table"
146 # Reject dsfield (tos) options which have ECN bits set
147 for cnt in $(seq 1 3); do
149 fib_rule6_test_reject "$match"
152 # Don't take ECN bits into account when matching on dsfield
154 for cnt in "0x10" "0x11" "0x12" "0x13"; do
155 # Using option 'tos' instead of 'dsfield' as old iproute2
156 # versions don't support 'dsfield' in ip rule show.
158 fib_rule6_test_match_n_redirect "$match" "$getmatch" \
159 "$getmatch redirect to table"
164 fib_rule6_test_match_n_redirect "$match" "$getmatch" "fwmark redirect to table"
166 fib_check_iproute_support "uidrange" "uid"
167 if [ $? -eq 0 ]; then
168 match="uidrange 100-100"
170 fib_rule6_test_match_n_redirect "$match" "$getmatch" "uid redirect to table"
173 fib_check_iproute_support "sport" "sport"
174 if [ $? -eq 0 ]; then
175 match="sport 666 dport 777"
176 fib_rule6_test_match_n_redirect "$match" "$match" "sport and dport redirect to table"
179 fib_check_iproute_support "ipproto" "ipproto"
180 if [ $? -eq 0 ]; then
182 fib_rule6_test_match_n_redirect "$match" "$match" "ipproto match"
185 fib_check_iproute_support "ipproto" "ipproto"
186 if [ $? -eq 0 ]; then
187 match="ipproto ipv6-icmp"
188 fib_rule6_test_match_n_redirect "$match" "$match" "ipproto ipv6-icmp match"
195 log_test $? 0 "del $1"
198 fib_rule4_del_by_pref()
200 pref=$($IP rule show $1 table $RTABLE | cut -d ":" -f 1)
201 $IP rule del pref $pref
204 fib_rule4_test_match_n_redirect()
208 local description="$3"
210 $IP rule add $match table $RTABLE
211 $IP route get $GW_IP4 $getmatch | grep -q "table $RTABLE"
212 log_test $? 0 "rule4 check: $description"
214 fib_rule4_del_by_pref "$match"
215 log_test $? 0 "rule4 del by pref: $description"
218 fib_rule4_test_reject()
223 $IP rule add $match table $RTABLE 2>/dev/null
225 log_test $rc 2 "rule4 check: $match"
227 if [ $rc -eq 0 ]; then
228 $IP rule del $match table $RTABLE
238 # setup the fib rule redirect route
239 $IP route add table $RTABLE default via $GW_IP4 dev $DEV onlink
242 fib_rule4_test_match_n_redirect "$match" "$match" "oif redirect to table"
244 # need enable forwarding and disable rp_filter temporarily as all the
245 # addresses are in the same subnet and egress device == ingress device.
246 ip netns exec testns sysctl -qw net.ipv4.ip_forward=1
247 ip netns exec testns sysctl -qw net.ipv4.conf.$DEV.rp_filter=0
248 match="from $SRC_IP iif $DEV"
249 fib_rule4_test_match_n_redirect "$match" "$match" "iif redirect to table"
250 ip netns exec testns sysctl -qw net.ipv4.ip_forward=0
252 # Reject dsfield (tos) options which have ECN bits set
253 for cnt in $(seq 1 3); do
255 fib_rule4_test_reject "$match"
258 # Don't take ECN bits into account when matching on dsfield
260 for cnt in "0x10" "0x11" "0x12" "0x13"; do
261 # Using option 'tos' instead of 'dsfield' as old iproute2
262 # versions don't support 'dsfield' in ip rule show.
264 fib_rule4_test_match_n_redirect "$match" "$getmatch" \
265 "$getmatch redirect to table"
270 fib_rule4_test_match_n_redirect "$match" "$getmatch" "fwmark redirect to table"
272 fib_check_iproute_support "uidrange" "uid"
273 if [ $? -eq 0 ]; then
274 match="uidrange 100-100"
276 fib_rule4_test_match_n_redirect "$match" "$getmatch" "uid redirect to table"
279 fib_check_iproute_support "sport" "sport"
280 if [ $? -eq 0 ]; then
281 match="sport 666 dport 777"
282 fib_rule4_test_match_n_redirect "$match" "$match" "sport and dport redirect to table"
285 fib_check_iproute_support "ipproto" "ipproto"
286 if [ $? -eq 0 ]; then
288 fib_rule4_test_match_n_redirect "$match" "$match" "ipproto tcp match"
291 fib_check_iproute_support "ipproto" "ipproto"
292 if [ $? -eq 0 ]; then
294 fib_rule4_test_match_n_redirect "$match" "$match" "ipproto icmp match"
300 log_section "IPv4 fib rule"
302 log_section "IPv6 fib rule"
306 if [ "$(id -u)" -ne 0 ];then
307 echo "SKIP: Need root privileges"
311 if [ ! -x "$(command -v ip)" ]; then
312 echo "SKIP: Could not run test without ip tool"
322 if [ "$TESTS" != "none" ]; then
323 printf "\nTests passed: %3d\n" ${nsuccess}
324 printf "Tests failed: %3d\n" ${nfail}