From e6374de22507488de684be2fce3d8d2b9b51f88e Mon Sep 17 00:00:00 2001
From: German Service Network <support@gsnw.de>
Date: Wed, 1 Apr 2026 17:14:08 +0200
Subject: [PATCH] Test asymmetric routing (--oiface)

---
 .github/workflows/test.yml | 41 ++++++++++++++++++++
 ci/test-oiface.sh          | 79 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 120 insertions(+)
 create mode 100755 ci/test-oiface.sh

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index cfeca6e..4d283e8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -44,7 +44,48 @@ jobs:
           flag-name: ${{ matrix.os }}
           parallel: true
 
+      - name: Upload fping binary
+        uses: actions/upload-artifact@v6
+        with:
+          name: fping-binary-${{ matrix.os }}-${{ github.sha }}
+          path: src/fping
+
+  Test-Asymmetric-Routing:
+    needs: [Test-Linux]
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-24.04]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Download fping binary from Test-Linux
+        id: download
+        uses: actions/download-artifact@v6
+        with:
+          name: fping-binary-${{ matrix.os }}-${{ github.sha }}
+          path: src/
+        continue-on-error: true
+
+      - name: Fallback - Build fping if download failed
+        if: steps.download.outcome == 'failure'
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -y libcap2-bin libtest-command-perl
+          ci/build-1-autotools.sh
+          ci/build-4-compile.sh
+
+      - name: Make fping executable
+        run: chmod +x src/fping
+
+      - name: Install tcpdump and net-tools
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -y tcpdump net-tools
 
+      - name: Test asymmetric routing (--oiface)
+        run: sudo ci/test-oiface.sh
 
   Test-Mac:
     runs-on: macos-latest
diff --git a/ci/test-oiface.sh b/ci/test-oiface.sh
new file mode 100755
index 0000000..9b61321
--- /dev/null
+++ b/ci/test-oiface.sh
@@ -0,0 +1,79 @@
+set -ex
+
+NS_TESTER="tester_ns"
+NS_TARGET="target_ns"
+LOG_FILE="/tmp/asym_trace.log"
+
+cleanup() {
+    echo "--- FINALER TRACE-LOG ---"
+    [ -f "$LOG_FILE" ] && cat $LOG_FILE
+    sudo ip netns del $NS_TESTER 2>/dev/null || true
+    sudo ip netns del $NS_TARGET 2>/dev/null || true
+}
+trap cleanup EXIT
+
+echo "--- Network-Setup ---"
+sudo ip netns add $NS_TESTER
+sudo ip netns add $NS_TARGET
+
+sudo ip link add veth1_tst type veth peer name veth1_trg
+sudo ip link add veth2_tst type veth peer name veth2_trg
+
+sudo ip link set veth1_tst netns $NS_TESTER
+sudo ip link set veth2_tst netns $NS_TESTER
+sudo ip link set veth1_trg netns $NS_TARGET
+sudo ip link set veth2_trg netns $NS_TARGET
+
+sudo ip netns exec $NS_TESTER ip addr add 10.0.1.1/24 dev veth1_tst
+sudo ip netns exec $NS_TESTER ip addr add 10.0.2.1/24 dev veth2_tst
+sudo ip netns exec $NS_TARGET ip addr add 10.0.1.2/24 dev veth1_trg
+sudo ip netns exec $NS_TARGET ip addr add 10.0.2.2/24 dev veth2_trg
+
+sudo ip netns exec $NS_TESTER ip link set veth1_tst up
+sudo ip netns exec $NS_TESTER ip link set veth2_tst up
+sudo ip netns exec $NS_TESTER ip link set lo up
+sudo ip netns exec $NS_TARGET ip link set veth1_trg up
+sudo ip netns exec $NS_TARGET ip link set veth2_trg up
+sudo ip netns exec $NS_TARGET ip link set lo up
+
+echo "--- Configuration for asymmetric routing ---"
+for ns in $NS_TESTER $NS_TARGET; do
+    sudo ip netns exec $ns sysctl -w net.ipv4.conf.all.rp_filter=0
+    sudo ip netns exec $ns sysctl -w net.ipv4.conf.default.rp_filter=0
+    sudo ip netns exec $ns sysctl -w net.ipv4.conf.all.accept_local=1
+    sudo ip netns exec $ns sysctl -w net.ipv4.ip_forward=1
+
+    for dev in $(sudo ip netns exec $ns ls /sys/class/net/); do
+        sudo ip netns exec $ns sysctl -w net.ipv4.conf.$dev.rp_filter=0 2>/dev/null || true
+    done
+done
+
+T_MAC2=$(sudo ip netns exec $NS_TARGET cat /sys/class/net/veth2_trg/address)
+sudo ip netns exec $NS_TESTER arp -s 10.0.2.2 $T_MAC2 -i veth2_tst
+
+echo "--- Tests ---"
+sudo ip netns exec $NS_TESTER tcpdump -i any icmp -n -l > $LOG_FILE 2>&1 &
+TCP_PID=$!
+sleep 2
+
+echo "Send fping (asymmetry check)..."
+sudo ip netns exec $NS_TESTER ./src/fping -c 1 -t 1000 --oiface veth2_tst -S 10.0.1.1 10.0.2.2 || FPING_STATUS=$?
+
+sleep 1
+sudo kill $TCP_PID 2>/dev/null || true
+sleep 1
+
+echo "--- Analysis ---"
+
+REQ_OK=$(grep "veth2_tst Out IP 10.0.1.1 > 10.0.2.2" $LOG_FILE | wc -l)
+REP_OK=$(grep "veth1_tst In  IP 10.0.2.2 > 10.0.1.1" $LOG_FILE | wc -l)
+
+if [ "$REQ_OK" -gt 0 ] && [ "$REP_OK" -gt 0 ]; then
+    echo "RESULT: TEST SUCCESSFUL (True asymmetry detected)"
+    exit 0
+else
+    echo "RESULT: TEST FAILED"
+    [ "$REQ_OK" -eq 0 ] && echo "- The request was not sent correctly with source 10.0.1.1 via veth2_tst."
+    [ "$REP_OK" -eq 0 ] && echo "- The reply was not received asymmetrically via veth1_tst."
+    exit 1
+fi
\ No newline at end of file
-- 
2.43.0