#!/bin/bash
# SPDX-License-Identifier: GPL-2.0

# +------------------+
# | H1 (v$h1)        |
# | 2001:db8:1::2/64 |
# | 198.51.100.2/28  |
# |         $h1 +    |
# +-------------|----+
#               |
# +-------------|-------------------------------+
# | SW1         |                               |
# |        $rp1 +                               |
# | 198.51.100.1/28                             |
# | 2001:db8:1::1/64                            |
# |                                             |
# | 2001:db8:2::1/64           2001:db8:3::1/64 |
# | 198.51.100.17/28           198.51.100.33/28 |
# |         $rp2 +                     $rp3 +   |
# +--------------|--------------------------|---+
#                |                          |
#                |                          |
# +--------------|---+       +--------------|---+
# | H2 (v$h2)    |   |       | H3 (v$h3)    |   |
# |          $h2 +   |       |          $h3 +   |
# | 198.51.100.18/28 |       | 198.51.100.34/28 |
# | 2001:db8:2::2/64 |       | 2001:db8:3::2/64 |
# +------------------+       +------------------+
#

ALL_TESTS="mcast_v4 mcast_v6 rpf_v4 rpf_v6 unres_v4 unres_v6"
NUM_NETIFS=6
source lib.sh
source tc_common.sh

require_command $MCD
require_command $MC_CLI
table_name=selftests

h1_create()
{
	simple_if_init $h1 198.51.100.2/28 2001:db8:1::2/64

	ip route add 198.51.100.16/28 vrf v$h1 nexthop via 198.51.100.1
	ip route add 198.51.100.32/28 vrf v$h1 nexthop via 198.51.100.1

	ip route add 2001:db8:2::/64 vrf v$h1 nexthop via 2001:db8:1::1
	ip route add 2001:db8:3::/64 vrf v$h1 nexthop via 2001:db8:1::1

	tc qdisc add dev $h1 ingress
}

h1_destroy()
{
	tc qdisc del dev $h1 ingress

	ip route del 2001:db8:3::/64 vrf v$h1
	ip route del 2001:db8:2::/64 vrf v$h1

	ip route del 198.51.100.32/28 vrf v$h1
	ip route del 198.51.100.16/28 vrf v$h1

	simple_if_fini $h1 198.51.100.2/28 2001:db8:1::2/64
}

h2_create()
{
	simple_if_init $h2 198.51.100.18/28 2001:db8:2::2/64

	ip route add 198.51.100.0/28 vrf v$h2 nexthop via 198.51.100.17
	ip route add 198.51.100.32/28 vrf v$h2 nexthop via 198.51.100.17

	ip route add 2001:db8:1::/64 vrf v$h2 nexthop via 2001:db8:2::1
	ip route add 2001:db8:3::/64 vrf v$h2 nexthop via 2001:db8:2::1

	tc qdisc add dev $h2 ingress
}

h2_destroy()
{
	tc qdisc del dev $h2 ingress

	ip route del 2001:db8:3::/64 vrf v$h2
	ip route del 2001:db8:1::/64 vrf v$h2

	ip route del 198.51.100.32/28 vrf v$h2
	ip route del 198.51.100.0/28 vrf v$h2

	simple_if_fini $h2 198.51.100.18/28 2001:db8:2::2/64
}

h3_create()
{
	simple_if_init $h3 198.51.100.34/28 2001:db8:3::2/64

	ip route add 198.51.100.0/28 vrf v$h3 nexthop via 198.51.100.33
	ip route add 198.51.100.16/28 vrf v$h3 nexthop via 198.51.100.33

	ip route add 2001:db8:1::/64 vrf v$h3 nexthop via 2001:db8:3::1
	ip route add 2001:db8:2::/64 vrf v$h3 nexthop via 2001:db8:3::1

	tc qdisc add dev $h3 ingress
}

h3_destroy()
{
	tc qdisc del dev $h3 ingress

	ip route del 2001:db8:2::/64 vrf v$h3
	ip route del 2001:db8:1::/64 vrf v$h3

	ip route del 198.51.100.16/28 vrf v$h3
	ip route del 198.51.100.0/28 vrf v$h3

	simple_if_fini $h3 198.51.100.34/28 2001:db8:3::2/64
}

router_create()
{
	ip link set dev $rp1 up
	ip link set dev $rp2 up
	ip link set dev $rp3 up

	ip address add 198.51.100.1/28 dev $rp1
	ip address add 198.51.100.17/28 dev $rp2
	ip address add 198.51.100.33/28 dev $rp3

	ip address add 2001:db8:1::1/64 dev $rp1
	ip address add 2001:db8:2::1/64 dev $rp2
	ip address add 2001:db8:3::1/64 dev $rp3

	tc qdisc add dev $rp3 ingress
}

router_destroy()
{
	tc qdisc del dev $rp3 ingress

	ip address del 2001:db8:3::1/64 dev $rp3
	ip address del 2001:db8:2::1/64 dev $rp2
	ip address del 2001:db8:1::1/64 dev $rp1

	ip address del 198.51.100.33/28 dev $rp3
	ip address del 198.51.100.17/28 dev $rp2
	ip address del 198.51.100.1/28 dev $rp1

	ip link set dev $rp3 down
	ip link set dev $rp2 down
	ip link set dev $rp1 down
}

start_mcd()
{
	SMCROUTEDIR="$(mktemp -d)"

	for ((i = 1; i <= $NUM_NETIFS; ++i)); do
		echo "phyint ${NETIFS[p$i]} enable" >> \
			$SMCROUTEDIR/$table_name.conf
	done

	$MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \
		-P $SMCROUTEDIR/$table_name.pid
}

kill_mcd()
{
	pkill $MCD
	rm -rf $SMCROUTEDIR
}

setup_prepare()
{
	h1=${NETIFS[p1]}
	rp1=${NETIFS[p2]}

	rp2=${NETIFS[p3]}
	h2=${NETIFS[p4]}

	rp3=${NETIFS[p5]}
	h3=${NETIFS[p6]}

	start_mcd

	vrf_prepare

	h1_create
	h2_create
	h3_create

	router_create

	forwarding_enable
}

cleanup()
{
	pre_cleanup

	forwarding_restore

	router_destroy

	h3_destroy
	h2_destroy
	h1_destroy

	vrf_cleanup

	kill_mcd
}

create_mcast_sg()
{
	local if_name=$1; shift
	local s_addr=$1; shift
	local mcast=$1; shift
	local dest_ifs=${@}

	$MC_CLI -I $table_name add $if_name $s_addr $mcast $dest_ifs
}

delete_mcast_sg()
{
	local if_name=$1; shift
	local s_addr=$1; shift
	local mcast=$1; shift
	local dest_ifs=${@}

        $MC_CLI -I $table_name remove $if_name $s_addr $mcast $dest_ifs
}

mcast_v4()
{
	# Add two interfaces to an MC group, send a packet to the MC group and
	# verify packets are received on both. Then delete the route and verify
	# packets are no longer received.

	RET=0

	tc filter add dev $h2 ingress protocol ip pref 1 handle 122 flower \
		dst_ip 225.1.2.3 action drop
	tc filter add dev $h3 ingress protocol ip pref 1 handle 133 flower \
		dst_ip 225.1.2.3 action drop

	create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3

	# Send frames with the corresponding L2 destination address.
	$MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
		-A 198.51.100.2 -B 225.1.2.3 -q

	tc_check_packets "dev $h2 ingress" 122 5
	check_err $? "Multicast not received on first host"
	tc_check_packets "dev $h3 ingress" 133 5
	check_err $? "Multicast not received on second host"

	delete_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3

	$MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
		-A 198.51.100.2 -B 225.1.2.3 -q

	tc_check_packets "dev $h2 ingress" 122 5
	check_err $? "Multicast received on host although deleted"
	tc_check_packets "dev $h3 ingress" 133 5
	check_err $? "Multicast received on second host although deleted"

	tc filter del dev $h3 ingress protocol ip pref 1 handle 133 flower
	tc filter del dev $h2 ingress protocol ip pref 1 handle 122 flower

	log_test "mcast IPv4"
}

mcast_v6()
{
	# Add two interfaces to an MC group, send a packet to the MC group and
	# verify packets are received on both. Then delete the route and verify
	# packets are no longer received.

	RET=0

	tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 122 flower \
		dst_ip ff0e::3 action drop
	tc filter add dev $h3 ingress protocol ipv6 pref 1 handle 133 flower \
		dst_ip ff0e::3 action drop

	create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3

	# Send frames with the corresponding L2 destination address.
	$MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
		-b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q

	tc_check_packets "dev $h2 ingress" 122 5
	check_err $? "Multicast not received on first host"
	tc_check_packets "dev $h3 ingress" 133 5
	check_err $? "Multicast not received on second host"

	delete_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3

	$MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
		-b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q

	tc_check_packets "dev $h2 ingress" 122 5
	check_err $? "Multicast received on first host although deleted"
	tc_check_packets "dev $h3 ingress" 133 5
	check_err $? "Multicast received on second host although deleted"

	tc filter del dev $h3 ingress protocol ipv6 pref 1 handle 133 flower
	tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 122 flower

	log_test "mcast IPv6"
}

rpf_v4()
{
	# Add a multicast route from first router port to the other two. Send
	# matching packets and test that both hosts receive them. Then, send
	# the same packets via the third router port and test that they do not
	# reach any host due to RPF check. A filter with 'skip_hw' is added to
	# test that devices capable of multicast routing offload trap those
	# packets. The filter is essentialy a NOP in other scenarios.

	RET=0

	tc filter add dev $h1 ingress protocol ip pref 1 handle 1 flower \
		dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
	tc filter add dev $h2 ingress protocol ip pref 1 handle 1 flower \
		dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
	tc filter add dev $h3 ingress protocol ip pref 1 handle 1 flower \
		dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
	tc filter add dev $rp3 ingress protocol ip pref 1 handle 1 flower \
		skip_hw dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action pass

	create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3

	$MZ $h1 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
		-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
		-A 198.51.100.2 -B 225.1.2.3 -q

	tc_check_packets "dev $h2 ingress" 1 5
	check_err $? "Multicast not received on first host"
	tc_check_packets "dev $h3 ingress" 1 5
	check_err $? "Multicast not received on second host"

	$MZ $h3 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
		-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
		-A 198.51.100.2 -B 225.1.2.3 -q

	tc_check_packets "dev $h1 ingress" 1 0
	check_err $? "Multicast received on first host when should not"
	tc_check_packets "dev $h2 ingress" 1 5
	check_err $? "Multicast received on second host when should not"
	tc_check_packets "dev $rp3 ingress" 1 5
	check_err $? "Packets not trapped due to RPF check"

	delete_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3

	tc filter del dev $rp3 ingress protocol ip pref 1 handle 1 flower
	tc filter del dev $h3 ingress protocol ip pref 1 handle 1 flower
	tc filter del dev $h2 ingress protocol ip pref 1 handle 1 flower
	tc filter del dev $h1 ingress protocol ip pref 1 handle 1 flower

	log_test "RPF IPv4"
}

rpf_v6()
{
	RET=0

	tc filter add dev $h1 ingress protocol ipv6 pref 1 handle 1 flower \
		dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
	tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 1 flower \
		dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
	tc filter add dev $h3 ingress protocol ipv6 pref 1 handle 1 flower \
		dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
	tc filter add dev $rp3 ingress protocol ipv6 pref 1 handle 1 flower \
		skip_hw dst_ip ff0e::3 ip_proto udp dst_port 12345 action pass

	create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3

	$MZ $h1 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
		-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
		-A 2001:db8:1::2 -B ff0e::3 -q

	tc_check_packets "dev $h2 ingress" 1 5
	check_err $? "Multicast not received on first host"
	tc_check_packets "dev $h3 ingress" 1 5
	check_err $? "Multicast not received on second host"

	$MZ $h3 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
		-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
		-A 2001:db8:1::2 -B ff0e::3 -q

	tc_check_packets "dev $h1 ingress" 1 0
	check_err $? "Multicast received on first host when should not"
	tc_check_packets "dev $h2 ingress" 1 5
	check_err $? "Multicast received on second host when should not"
	tc_check_packets "dev $rp3 ingress" 1 5
	check_err $? "Packets not trapped due to RPF check"

	delete_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3

	tc filter del dev $rp3 ingress protocol ipv6 pref 1 handle 1 flower
	tc filter del dev $h3 ingress protocol ipv6 pref 1 handle 1 flower
	tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 1 flower
	tc filter del dev $h1 ingress protocol ipv6 pref 1 handle 1 flower

	log_test "RPF IPv6"
}

unres_v4()
{
	# Send a multicast packet not corresponding to an installed route,
	# causing the kernel to queue the packet for resolution and emit an
	# IGMPMSG_NOCACHE notification. smcrouted will react to this
	# notification by consulting its (*, G) list and installing an (S, G)
	# route, which will be used to forward the queued packet.

	RET=0

	tc filter add dev $h2 ingress protocol ip pref 1 handle 1 flower \
		dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
	tc filter add dev $h3 ingress protocol ip pref 1 handle 1 flower \
		dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop

	# Forwarding should fail before installing a matching (*, G).
	$MZ $h1 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
		-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
		-A 198.51.100.2 -B 225.1.2.3 -q

	tc_check_packets "dev $h2 ingress" 1 0
	check_err $? "Multicast received on first host when should not"
	tc_check_packets "dev $h3 ingress" 1 0
	check_err $? "Multicast received on second host when should not"

	# Create (*, G). Will not be installed in the kernel.
	create_mcast_sg $rp1 0.0.0.0 225.1.2.3 $rp2 $rp3

	$MZ $h1 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
		-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
		-A 198.51.100.2 -B 225.1.2.3 -q

	tc_check_packets "dev $h2 ingress" 1 1
	check_err $? "Multicast not received on first host"
	tc_check_packets "dev $h3 ingress" 1 1
	check_err $? "Multicast not received on second host"

	delete_mcast_sg $rp1 0.0.0.0 225.1.2.3 $rp2 $rp3

	tc filter del dev $h3 ingress protocol ip pref 1 handle 1 flower
	tc filter del dev $h2 ingress protocol ip pref 1 handle 1 flower

	log_test "Unresolved queue IPv4"
}

unres_v6()
{
	# Send a multicast packet not corresponding to an installed route,
	# causing the kernel to queue the packet for resolution and emit an
	# MRT6MSG_NOCACHE notification. smcrouted will react to this
	# notification by consulting its (*, G) list and installing an (S, G)
	# route, which will be used to forward the queued packet.

	RET=0

	tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 1 flower \
		dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
	tc filter add dev $h3 ingress protocol ipv6 pref 1 handle 1 flower \
		dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop

	# Forwarding should fail before installing a matching (*, G).
	$MZ $h1 -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
		-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
		-A 2001:db8:1::2 -B ff0e::3 -q

	tc_check_packets "dev $h2 ingress" 1 0
	check_err $? "Multicast received on first host when should not"
	tc_check_packets "dev $h3 ingress" 1 0
	check_err $? "Multicast received on second host when should not"

	# Create (*, G). Will not be installed in the kernel.
	create_mcast_sg $rp1 :: ff0e::3 $rp2 $rp3

	$MZ $h1 -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
		-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
		-A 2001:db8:1::2 -B ff0e::3 -q

	tc_check_packets "dev $h2 ingress" 1 1
	check_err $? "Multicast not received on first host"
	tc_check_packets "dev $h3 ingress" 1 1
	check_err $? "Multicast not received on second host"

	delete_mcast_sg $rp1 :: ff0e::3 $rp2 $rp3

	tc filter del dev $h3 ingress protocol ipv6 pref 1 handle 1 flower
	tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 1 flower

	log_test "Unresolved queue IPv6"
}

trap cleanup EXIT

setup_prepare
setup_wait

tests_run

exit $EXIT_STATUS