test: new test, poison.sh verifies stop-filter routes

This test verifies that stop-filter, or "poison pill", routes work as intended. I.e., unknown inbound multicast is blocked and only such that is actually wanted is properly routed. Example: mroute from eth0 group 225.1.2.3 to eth2 mroute from eth1 group 225.1.2.3 to eth2 These two multicast routes are dynamically installed in the kernel MFC when any source originating from eth0 or eth1 with a matching group is interecpted by the kernel and smcrouted is notified (NOCACHE msg). If multicast to the same multicast group comes in on eth2, smcrouted adds a stop-filter route, i.e., a route with no outbound interfaces, to prevent further NOCACHE upcall messages from the kernel. This does not affect any flow in the intended direction, esatablished before or after the stop-filter is created. However, should source `S` from eth0 suddenly appear on eth2, this would be considered a WRONGVIF event, which is not handled by smcrouted. This typically occurs when a layer-3 topolgy change is taking place. For the moment, users are recommended to either try pimd/pim6sd, or add a switch with multicast snooping between eth2 and the rest of the network. When a snooping switch is active it only forwards multicast to eth2 when it has sent a join (mgroup) for a given (source and) multicast group. Issue #143 Signed-off-by: Joachim Wiberg <[email protected]>
troglobit · Aug 9, 2021 · 31b2d70 · 31b2d70
1 parent a6d3590
commit 31b2d70
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 1 deletion.
diff --git a/test/Makefile.am b/test/Makefile.am
@@ -1,5 +1,5 @@
 EXTRA_DIST         = basic.sh bridge.sh dyn.sh expire.sh ipv6.sh include.sh isolated.sh
-EXTRA_DIST        += join.sh joinlen.sh lib.sh reload.sh reload6.sh vlan.sh
+EXTRA_DIST        += join.sh joinlen.sh lib.sh reload.sh poison.sh reload6.sh vlan.sh
 CLEANFILES         = *~ *.trs *.log
 TEST_EXTENSIONS    = .sh
 TESTS_ENVIRONMENT  = unshare -mrun
@@ -13,6 +13,7 @@ TESTS             += ipv6.sh
 TESTS             += isolated.sh
 TESTS             += join.sh
 TESTS             += joinlen.sh
+TESTS             += poison.sh
 TESTS             += reload.sh
 TESTS             += reload6.sh
 TESTS             += vlan.sh
diff --git a/test/poison.sh b/test/poison.sh
@@ -0,0 +1,77 @@
+#!/bin/sh
+# Verify stop-filter, or "poison pill", routes for non-matching routes,
+# and that they do not affect flows from matching routes.
+
+check_output()
+{
+    if ! ip $1 mroute | grep -q "$2"; then
+	FAIL "Did not even register $2"
+    fi
+
+    if ip $1 mroute | grep -q "$2" | grep -q "$3"; then
+	FAIL "No stop-filter route set for $2"
+    fi
+}
+
+# shellcheck source=/dev/null
+. "$(dirname "$0")/lib.sh"
+
+print "Creating world ..."
+topo multi
+ip -d l
+ip addr add 10.0.0.1/24  dev a1
+ip addr add 20.0.0.1/24  dev a2
+ip addr add 30.0.0.1/24  dev b3
+
+ip addr add 2001:1::1/64 dev a1
+ip addr add  fc00::42/64 dev a1
+ip addr add 2001:2::1/64 dev a2
+ip addr add 2001:3::1/64 dev b3
+ip -br a
+
+print "Creating config ..."
+cat <<EOF > "/tmp/$NM/conf"
+# basic (*,G/LEN) multicast routing
+phyint a1 enable
+phyint a2 enable
+phyint b3 enable
+
+mroute from a1 group 225.1.2.3/24 to b3
+mroute from a2 group 225.1.2.3/24 to b3
+mroute from a1 group ff2e::42/121 to b3
+EOF
+cat "/tmp/$NM/conf"
+
+print "Starting smcrouted ..."
+../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -S "/tmp/$NM/sock" &
+sleep 1
+
+collect b3 -c15 'dst 225.1.2.1 or dst ff2e::42'
+ip -d l
+ip -br a
+
+print "Starting emitter ..."
+ping    -c 3 -W 1 -I b3       -t 2 225.1.2.1   >/dev/null
+ping    -c 3 -W 1 -I a2       -t 2 225.1.2.1   >/dev/null
+ping    -c 3 -W 1 -I a1       -t 2 225.1.2.1   >/dev/null
+ping -6 -c 3 -W 1 -I b3       -t 2 ff2e::42    >/dev/null
+ping -6 -c 3 -W 1 -I fc00::42 -t 2 ff2e::42    >/dev/null
+
+show_mroute
+
+print "Analyzing ..."
+check_output -4 "(30.0.0.1,225.1.2.1)" "Oifs: b3"
+check_output -6 "(2001:3::1,ff2e::42)" "Oifs: b3"
+
+lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.1 | tee    "/tmp/$NM/result" | wc -l)
+lines2=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff2e::42  | tee -a "/tmp/$NM/result" | wc -l)
+
+cat "/tmp/$NM/result"
+echo " => $lines1 for 225.1.2.1,  expected >= 7"
+echo " => $lines2 for ff2e::42,   expected >= 5"
+
+########################################################################### DONE
+# Expect one frame lost due to initial (*,G) -> (S,G) route setup
+# shellcheck disable=SC2166 disable=SC2086
+[ $lines1 -ge 7 -a $lines2 -ge 5 ] && OK
+FAIL