1*4882a593Smuzhiyun#!/bin/bash 2*4882a593Smuzhiyun# Connects 6 network namespaces through veths. 3*4882a593Smuzhiyun# Each NS may have different IPv6 global scope addresses : 4*4882a593Smuzhiyun# NS1 ---- NS2 ---- NS3 ---- NS4 ---- NS5 ---- NS6 5*4882a593Smuzhiyun# fb00::1 fd00::1 fd00::2 fd00::3 fb00::6 6*4882a593Smuzhiyun# fc42::1 fd00::4 7*4882a593Smuzhiyun# 8*4882a593Smuzhiyun# All IPv6 packets going to fb00::/16 through NS2 will be encapsulated in a 9*4882a593Smuzhiyun# IPv6 header with a Segment Routing Header, with segments : 10*4882a593Smuzhiyun# fd00::1 -> fd00::2 -> fd00::3 -> fd00::4 11*4882a593Smuzhiyun# 12*4882a593Smuzhiyun# 3 fd00::/16 IPv6 addresses are binded to seg6local End.BPF actions : 13*4882a593Smuzhiyun# - fd00::1 : add a TLV, change the flags and apply a End.X action to fc42::1 14*4882a593Smuzhiyun# - fd00::2 : remove the TLV, change the flags, add a tag 15*4882a593Smuzhiyun# - fd00::3 : apply an End.T action to fd00::4, through routing table 117 16*4882a593Smuzhiyun# 17*4882a593Smuzhiyun# fd00::4 is a simple Segment Routing node decapsulating the inner IPv6 packet. 18*4882a593Smuzhiyun# Each End.BPF action will validate the operations applied on the SRH by the 19*4882a593Smuzhiyun# previous BPF program in the chain, otherwise the packet is dropped. 20*4882a593Smuzhiyun# 21*4882a593Smuzhiyun# An UDP datagram is sent from fb00::1 to fb00::6. The test succeeds if this 22*4882a593Smuzhiyun# datagram can be read on NS6 when binding to fb00::6. 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun# Kselftest framework requirement - SKIP code is 4. 25*4882a593Smuzhiyunksft_skip=4 26*4882a593Smuzhiyun 27*4882a593Smuzhiyunmsg="skip all tests:" 28*4882a593Smuzhiyunif [ $UID != 0 ]; then 29*4882a593Smuzhiyun echo $msg please run this as root >&2 30*4882a593Smuzhiyun exit $ksft_skip 31*4882a593Smuzhiyunfi 32*4882a593Smuzhiyun 33*4882a593SmuzhiyunTMP_FILE="/tmp/selftest_lwt_seg6local.txt" 34*4882a593Smuzhiyun 35*4882a593Smuzhiyuncleanup() 36*4882a593Smuzhiyun{ 37*4882a593Smuzhiyun if [ "$?" = "0" ]; then 38*4882a593Smuzhiyun echo "selftests: test_lwt_seg6local [PASS]"; 39*4882a593Smuzhiyun else 40*4882a593Smuzhiyun echo "selftests: test_lwt_seg6local [FAILED]"; 41*4882a593Smuzhiyun fi 42*4882a593Smuzhiyun 43*4882a593Smuzhiyun set +e 44*4882a593Smuzhiyun ip netns del ns1 2> /dev/null 45*4882a593Smuzhiyun ip netns del ns2 2> /dev/null 46*4882a593Smuzhiyun ip netns del ns3 2> /dev/null 47*4882a593Smuzhiyun ip netns del ns4 2> /dev/null 48*4882a593Smuzhiyun ip netns del ns5 2> /dev/null 49*4882a593Smuzhiyun ip netns del ns6 2> /dev/null 50*4882a593Smuzhiyun rm -f $TMP_FILE 51*4882a593Smuzhiyun} 52*4882a593Smuzhiyun 53*4882a593Smuzhiyunset -e 54*4882a593Smuzhiyun 55*4882a593Smuzhiyunip netns add ns1 56*4882a593Smuzhiyunip netns add ns2 57*4882a593Smuzhiyunip netns add ns3 58*4882a593Smuzhiyunip netns add ns4 59*4882a593Smuzhiyunip netns add ns5 60*4882a593Smuzhiyunip netns add ns6 61*4882a593Smuzhiyun 62*4882a593Smuzhiyuntrap cleanup 0 2 3 6 9 63*4882a593Smuzhiyun 64*4882a593Smuzhiyunip link add veth1 type veth peer name veth2 65*4882a593Smuzhiyunip link add veth3 type veth peer name veth4 66*4882a593Smuzhiyunip link add veth5 type veth peer name veth6 67*4882a593Smuzhiyunip link add veth7 type veth peer name veth8 68*4882a593Smuzhiyunip link add veth9 type veth peer name veth10 69*4882a593Smuzhiyun 70*4882a593Smuzhiyunip link set veth1 netns ns1 71*4882a593Smuzhiyunip link set veth2 netns ns2 72*4882a593Smuzhiyunip link set veth3 netns ns2 73*4882a593Smuzhiyunip link set veth4 netns ns3 74*4882a593Smuzhiyunip link set veth5 netns ns3 75*4882a593Smuzhiyunip link set veth6 netns ns4 76*4882a593Smuzhiyunip link set veth7 netns ns4 77*4882a593Smuzhiyunip link set veth8 netns ns5 78*4882a593Smuzhiyunip link set veth9 netns ns5 79*4882a593Smuzhiyunip link set veth10 netns ns6 80*4882a593Smuzhiyun 81*4882a593Smuzhiyunip netns exec ns1 ip link set dev veth1 up 82*4882a593Smuzhiyunip netns exec ns2 ip link set dev veth2 up 83*4882a593Smuzhiyunip netns exec ns2 ip link set dev veth3 up 84*4882a593Smuzhiyunip netns exec ns3 ip link set dev veth4 up 85*4882a593Smuzhiyunip netns exec ns3 ip link set dev veth5 up 86*4882a593Smuzhiyunip netns exec ns4 ip link set dev veth6 up 87*4882a593Smuzhiyunip netns exec ns4 ip link set dev veth7 up 88*4882a593Smuzhiyunip netns exec ns5 ip link set dev veth8 up 89*4882a593Smuzhiyunip netns exec ns5 ip link set dev veth9 up 90*4882a593Smuzhiyunip netns exec ns6 ip link set dev veth10 up 91*4882a593Smuzhiyunip netns exec ns6 ip link set dev lo up 92*4882a593Smuzhiyun 93*4882a593Smuzhiyun# All link scope addresses and routes required between veths 94*4882a593Smuzhiyunip netns exec ns1 ip -6 addr add fb00::12/16 dev veth1 scope link 95*4882a593Smuzhiyunip netns exec ns1 ip -6 route add fb00::21 dev veth1 scope link 96*4882a593Smuzhiyunip netns exec ns2 ip -6 addr add fb00::21/16 dev veth2 scope link 97*4882a593Smuzhiyunip netns exec ns2 ip -6 addr add fb00::34/16 dev veth3 scope link 98*4882a593Smuzhiyunip netns exec ns2 ip -6 route add fb00::43 dev veth3 scope link 99*4882a593Smuzhiyunip netns exec ns3 ip -6 route add fb00::65 dev veth5 scope link 100*4882a593Smuzhiyunip netns exec ns3 ip -6 addr add fb00::43/16 dev veth4 scope link 101*4882a593Smuzhiyunip netns exec ns3 ip -6 addr add fb00::56/16 dev veth5 scope link 102*4882a593Smuzhiyunip netns exec ns4 ip -6 addr add fb00::65/16 dev veth6 scope link 103*4882a593Smuzhiyunip netns exec ns4 ip -6 addr add fb00::78/16 dev veth7 scope link 104*4882a593Smuzhiyunip netns exec ns4 ip -6 route add fb00::87 dev veth7 scope link 105*4882a593Smuzhiyunip netns exec ns5 ip -6 addr add fb00::87/16 dev veth8 scope link 106*4882a593Smuzhiyunip netns exec ns5 ip -6 addr add fb00::910/16 dev veth9 scope link 107*4882a593Smuzhiyunip netns exec ns5 ip -6 route add fb00::109 dev veth9 scope link 108*4882a593Smuzhiyunip netns exec ns5 ip -6 route add fb00::109 table 117 dev veth9 scope link 109*4882a593Smuzhiyunip netns exec ns6 ip -6 addr add fb00::109/16 dev veth10 scope link 110*4882a593Smuzhiyun 111*4882a593Smuzhiyunip netns exec ns1 ip -6 addr add fb00::1/16 dev lo 112*4882a593Smuzhiyunip netns exec ns1 ip -6 route add fb00::6 dev veth1 via fb00::21 113*4882a593Smuzhiyun 114*4882a593Smuzhiyunip netns exec ns2 ip -6 route add fb00::6 encap bpf in obj test_lwt_seg6local.o sec encap_srh dev veth2 115*4882a593Smuzhiyunip netns exec ns2 ip -6 route add fd00::1 dev veth3 via fb00::43 scope link 116*4882a593Smuzhiyun 117*4882a593Smuzhiyunip netns exec ns3 ip -6 route add fc42::1 dev veth5 via fb00::65 118*4882a593Smuzhiyunip netns exec ns3 ip -6 route add fd00::1 encap seg6local action End.BPF endpoint obj test_lwt_seg6local.o sec add_egr_x dev veth4 119*4882a593Smuzhiyun 120*4882a593Smuzhiyunip netns exec ns4 ip -6 route add fd00::2 encap seg6local action End.BPF endpoint obj test_lwt_seg6local.o sec pop_egr dev veth6 121*4882a593Smuzhiyunip netns exec ns4 ip -6 addr add fc42::1 dev lo 122*4882a593Smuzhiyunip netns exec ns4 ip -6 route add fd00::3 dev veth7 via fb00::87 123*4882a593Smuzhiyun 124*4882a593Smuzhiyunip netns exec ns5 ip -6 route add fd00::4 table 117 dev veth9 via fb00::109 125*4882a593Smuzhiyunip netns exec ns5 ip -6 route add fd00::3 encap seg6local action End.BPF endpoint obj test_lwt_seg6local.o sec inspect_t dev veth8 126*4882a593Smuzhiyun 127*4882a593Smuzhiyunip netns exec ns6 ip -6 addr add fb00::6/16 dev lo 128*4882a593Smuzhiyunip netns exec ns6 ip -6 addr add fd00::4/16 dev lo 129*4882a593Smuzhiyun 130*4882a593Smuzhiyunip netns exec ns1 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null 131*4882a593Smuzhiyunip netns exec ns2 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null 132*4882a593Smuzhiyunip netns exec ns3 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null 133*4882a593Smuzhiyunip netns exec ns4 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null 134*4882a593Smuzhiyunip netns exec ns5 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null 135*4882a593Smuzhiyun 136*4882a593Smuzhiyunip netns exec ns6 sysctl net.ipv6.conf.all.seg6_enabled=1 > /dev/null 137*4882a593Smuzhiyunip netns exec ns6 sysctl net.ipv6.conf.lo.seg6_enabled=1 > /dev/null 138*4882a593Smuzhiyunip netns exec ns6 sysctl net.ipv6.conf.veth10.seg6_enabled=1 > /dev/null 139*4882a593Smuzhiyun 140*4882a593Smuzhiyunip netns exec ns6 nc -l -6 -u -d 7330 > $TMP_FILE & 141*4882a593Smuzhiyunip netns exec ns1 bash -c "echo 'foobar' | nc -w0 -6 -u -p 2121 -s fb00::1 fb00::6 7330" 142*4882a593Smuzhiyunsleep 5 # wait enough time to ensure the UDP datagram arrived to the last segment 143*4882a593Smuzhiyunkill -TERM $! 144*4882a593Smuzhiyun 145*4882a593Smuzhiyunif [[ $(< $TMP_FILE) != "foobar" ]]; then 146*4882a593Smuzhiyun exit 1 147*4882a593Smuzhiyunfi 148*4882a593Smuzhiyun 149*4882a593Smuzhiyunexit 0 150