]>
Commit | Line | Data |
---|---|---|
0056042f PM |
1 | #!/bin/bash |
2 | # SPDX-License-Identifier: GPL-2.0 | |
3 | ||
0056042f PM |
4 | # Test for "tc action mirred egress mirror" when the underlay route points at a |
5 | # vlan device on top of a bridge device with vlan filtering (802.1q). | |
35036b0b PM |
6 | # |
7 | # +---------------------+ +---------------------+ | |
8 | # | H1 | | H2 | | |
9 | # | + $h1 | | $h2 + | | |
10 | # | | 192.0.2.1/28 | | 192.0.2.2/28 | | | |
11 | # +-----|---------------+ +---------------|-----+ | |
12 | # | | | |
13 | # +-----|-------------------------------------------------------------|-----+ | |
14 | # | SW o--> mirred egress mirror dev {gt4,gt6} | | | |
15 | # | | | | | |
16 | # | +---|-------------------------------------------------------------|---+ | | |
17 | # | | + $swp1 br1 $swp2 + | | | |
18 | # | | | | | |
19 | # | | + $swp3 | | | |
20 | # | +---|-----------------------------------------------------------------+ | | |
21 | # | | | | | |
22 | # | | + br1.555 | | |
23 | # | | 192.0.2.130/28 | | |
24 | # | | 2001:db8:2::2/64 | | |
25 | # | | | | |
26 | # | | + gt6 (ip6gretap) + gt4 (gretap) | | |
27 | # | | : loc=2001:db8:2::1 : loc=192.0.2.129 | | |
28 | # | | : rem=2001:db8:2::2 : rem=192.0.2.130 | | |
29 | # | | : ttl=100 : ttl=100 | | |
30 | # | | : tos=inherit : tos=inherit | | |
31 | # | | : : | | |
32 | # +-----|---------------------:----------------------:----------------------+ | |
33 | # | : : | |
34 | # +-----|---------------------:----------------------:----------------------+ | |
35 | # | H3 + $h3 + h3-gt6 (ip6gretap) + h3-gt4 (gretap) | | |
36 | # | | loc=2001:db8:2::2 loc=192.0.2.130 | | |
37 | # | + $h3.555 rem=2001:db8:2::1 rem=192.0.2.129 | | |
38 | # | 192.0.2.130/28 ttl=100 ttl=100 | | |
39 | # | 2001:db8:2::2/64 tos=inherit tos=inherit | | |
40 | # | | | |
41 | # +-------------------------------------------------------------------------+ | |
0056042f PM |
42 | |
43 | ALL_TESTS=" | |
44 | test_gretap | |
45 | test_ip6gretap | |
68368016 PM |
46 | test_gretap_forbidden_cpu |
47 | test_ip6gretap_forbidden_cpu | |
9c7c8a82 PM |
48 | test_gretap_forbidden_egress |
49 | test_ip6gretap_forbidden_egress | |
50 | test_gretap_untagged_egress | |
51 | test_ip6gretap_untagged_egress | |
52 | test_gretap_fdb_roaming | |
53 | test_ip6gretap_fdb_roaming | |
54 | test_gretap_stp | |
55 | test_ip6gretap_stp | |
0056042f PM |
56 | " |
57 | ||
58 | NUM_NETIFS=6 | |
59 | source lib.sh | |
60 | source mirror_lib.sh | |
61 | source mirror_gre_lib.sh | |
62 | source mirror_gre_topo_lib.sh | |
63 | ||
ca70a562 PM |
64 | require_command $ARPING |
65 | ||
35036b0b PM |
66 | h3_addr_add_del() |
67 | { | |
68 | local add_del=$1; shift | |
69 | local dev=$1; shift | |
70 | ||
71 | ip addr $add_del dev $dev 192.0.2.130/28 | |
72 | ip addr $add_del dev $dev 2001:db8:2::2/64 | |
73 | } | |
74 | ||
0056042f PM |
75 | setup_prepare() |
76 | { | |
77 | h1=${NETIFS[p1]} | |
78 | swp1=${NETIFS[p2]} | |
79 | ||
80 | swp2=${NETIFS[p3]} | |
81 | h2=${NETIFS[p4]} | |
82 | ||
83 | swp3=${NETIFS[p5]} | |
84 | h3=${NETIFS[p6]} | |
85 | ||
27a2628b PM |
86 | # gt4's remote address is at $h3.555, not $h3. Thus the packets arriving |
87 | # directly to $h3 for test_gretap_untagged_egress() are rejected by | |
88 | # rp_filter and the test spuriously fails. | |
89 | sysctl_set net.ipv4.conf.all.rp_filter 0 | |
90 | sysctl_set net.ipv4.conf.$h3.rp_filter 0 | |
91 | ||
0056042f PM |
92 | vrf_prepare |
93 | mirror_gre_topo_create | |
94 | ||
95 | vlan_create br1 555 "" 192.0.2.129/32 2001:db8:2::1/128 | |
96 | bridge vlan add dev br1 vid 555 self | |
97 | ip route rep 192.0.2.130/32 dev br1.555 | |
98 | ip -6 route rep 2001:db8:2::2/128 dev br1.555 | |
99 | ||
35036b0b PM |
100 | vlan_create $h3 555 v$h3 |
101 | h3_addr_add_del add $h3.555 | |
0056042f PM |
102 | |
103 | ip link set dev $swp3 master br1 | |
104 | bridge vlan add dev $swp3 vid 555 | |
9c7c8a82 | 105 | bridge vlan add dev $swp2 vid 555 |
0056042f PM |
106 | } |
107 | ||
108 | cleanup() | |
109 | { | |
110 | pre_cleanup | |
111 | ||
9c7c8a82 | 112 | ip link set dev $swp2 nomaster |
0056042f | 113 | ip link set dev $swp3 nomaster |
35036b0b PM |
114 | |
115 | h3_addr_add_del del $h3.555 | |
0056042f PM |
116 | vlan_destroy $h3 555 |
117 | vlan_destroy br1 555 | |
118 | ||
119 | mirror_gre_topo_destroy | |
120 | vrf_cleanup | |
27a2628b PM |
121 | |
122 | sysctl_restore net.ipv4.conf.$h3.rp_filter | |
123 | sysctl_restore net.ipv4.conf.all.rp_filter | |
0056042f PM |
124 | } |
125 | ||
126 | test_vlan_match() | |
127 | { | |
128 | local tundev=$1; shift | |
129 | local vlan_match=$1; shift | |
130 | local what=$1; shift | |
131 | ||
132 | full_test_span_gre_dir_vlan $tundev ingress "$vlan_match" 8 0 "$what" | |
133 | full_test_span_gre_dir_vlan $tundev egress "$vlan_match" 0 8 "$what" | |
134 | } | |
135 | ||
136 | test_gretap() | |
137 | { | |
ec9fdc99 PM |
138 | test_vlan_match gt4 'skip_hw vlan_id 555 vlan_ethtype ip' \ |
139 | "mirror to gretap" | |
0056042f PM |
140 | } |
141 | ||
142 | test_ip6gretap() | |
143 | { | |
ec9fdc99 PM |
144 | test_vlan_match gt6 'skip_hw vlan_id 555 vlan_ethtype ip' \ |
145 | "mirror to ip6gretap" | |
0056042f PM |
146 | } |
147 | ||
68368016 | 148 | test_span_gre_forbidden_cpu() |
0056042f PM |
149 | { |
150 | local tundev=$1; shift | |
151 | local what=$1; shift | |
152 | ||
153 | RET=0 | |
154 | ||
155 | # Run the pass-test first, to prime neighbor table. | |
156 | mirror_install $swp1 ingress $tundev "matchall $tcflags" | |
157 | quick_test_span_gre_dir $tundev ingress | |
158 | ||
159 | # Now forbid the VLAN at the bridge and see it fail. | |
160 | bridge vlan del dev br1 vid 555 self | |
161 | sleep 1 | |
0056042f | 162 | fail_test_span_gre_dir $tundev ingress |
0056042f PM |
163 | |
164 | bridge vlan add dev br1 vid 555 self | |
165 | sleep 1 | |
a6f3282e PM |
166 | quick_test_span_gre_dir $tundev ingress |
167 | ||
168 | mirror_uninstall $swp1 ingress | |
0056042f PM |
169 | |
170 | log_test "$what: vlan forbidden at a bridge ($tcflags)" | |
171 | } | |
172 | ||
68368016 | 173 | test_gretap_forbidden_cpu() |
0056042f | 174 | { |
68368016 | 175 | test_span_gre_forbidden_cpu gt4 "mirror to gretap" |
0056042f PM |
176 | } |
177 | ||
68368016 | 178 | test_ip6gretap_forbidden_cpu() |
0056042f | 179 | { |
68368016 | 180 | test_span_gre_forbidden_cpu gt6 "mirror to ip6gretap" |
0056042f PM |
181 | } |
182 | ||
9c7c8a82 PM |
183 | test_span_gre_forbidden_egress() |
184 | { | |
185 | local tundev=$1; shift | |
186 | local what=$1; shift | |
187 | ||
188 | RET=0 | |
189 | ||
190 | mirror_install $swp1 ingress $tundev "matchall $tcflags" | |
191 | quick_test_span_gre_dir $tundev ingress | |
192 | ||
193 | bridge vlan del dev $swp3 vid 555 | |
194 | sleep 1 | |
195 | fail_test_span_gre_dir $tundev ingress | |
196 | ||
197 | bridge vlan add dev $swp3 vid 555 | |
198 | # Re-prime FDB | |
ca70a562 | 199 | $ARPING -I br1.555 192.0.2.130 -fqc 1 |
9c7c8a82 PM |
200 | sleep 1 |
201 | quick_test_span_gre_dir $tundev ingress | |
202 | ||
203 | mirror_uninstall $swp1 ingress | |
204 | ||
205 | log_test "$what: vlan forbidden at a bridge egress ($tcflags)" | |
206 | } | |
207 | ||
208 | test_gretap_forbidden_egress() | |
209 | { | |
210 | test_span_gre_forbidden_egress gt4 "mirror to gretap" | |
211 | } | |
212 | ||
213 | test_ip6gretap_forbidden_egress() | |
214 | { | |
215 | test_span_gre_forbidden_egress gt6 "mirror to ip6gretap" | |
216 | } | |
217 | ||
218 | test_span_gre_untagged_egress() | |
219 | { | |
220 | local tundev=$1; shift | |
221 | local what=$1; shift | |
222 | ||
223 | RET=0 | |
224 | ||
225 | mirror_install $swp1 ingress $tundev "matchall $tcflags" | |
226 | ||
227 | quick_test_span_gre_dir $tundev ingress | |
228 | quick_test_span_vlan_dir $h3 555 ingress | |
229 | ||
35036b0b | 230 | h3_addr_add_del del $h3.555 |
9c7c8a82 | 231 | bridge vlan add dev $swp3 vid 555 pvid untagged |
35036b0b PM |
232 | h3_addr_add_del add $h3 |
233 | sleep 5 | |
234 | ||
9c7c8a82 PM |
235 | quick_test_span_gre_dir $tundev ingress |
236 | fail_test_span_vlan_dir $h3 555 ingress | |
237 | ||
35036b0b | 238 | h3_addr_add_del del $h3 |
9c7c8a82 | 239 | bridge vlan add dev $swp3 vid 555 |
35036b0b PM |
240 | h3_addr_add_del add $h3.555 |
241 | sleep 5 | |
242 | ||
9c7c8a82 PM |
243 | quick_test_span_gre_dir $tundev ingress |
244 | quick_test_span_vlan_dir $h3 555 ingress | |
245 | ||
246 | mirror_uninstall $swp1 ingress | |
247 | ||
248 | log_test "$what: vlan untagged at a bridge egress ($tcflags)" | |
249 | } | |
250 | ||
251 | test_gretap_untagged_egress() | |
252 | { | |
253 | test_span_gre_untagged_egress gt4 "mirror to gretap" | |
254 | } | |
255 | ||
256 | test_ip6gretap_untagged_egress() | |
257 | { | |
258 | test_span_gre_untagged_egress gt6 "mirror to ip6gretap" | |
259 | } | |
260 | ||
261 | test_span_gre_fdb_roaming() | |
262 | { | |
263 | local tundev=$1; shift | |
264 | local what=$1; shift | |
265 | local h3mac=$(mac_get $h3) | |
266 | ||
267 | RET=0 | |
268 | ||
269 | mirror_install $swp1 ingress $tundev "matchall $tcflags" | |
270 | quick_test_span_gre_dir $tundev ingress | |
271 | ||
ccdb66dd PM |
272 | while ((RET == 0)); do |
273 | bridge fdb del dev $swp3 $h3mac vlan 555 master 2>/dev/null | |
274 | bridge fdb add dev $swp2 $h3mac vlan 555 master | |
275 | sleep 1 | |
276 | fail_test_span_gre_dir $tundev ingress | |
277 | ||
278 | if ! bridge fdb sh dev $swp2 vlan 555 master \ | |
279 | | grep -q $h3mac; then | |
280 | printf "TEST: %-60s [RETRY]\n" \ | |
281 | "$what: MAC roaming ($tcflags)" | |
282 | # ARP or ND probably reprimed the FDB while the test | |
283 | # was running. We would get a spurious failure. | |
284 | RET=0 | |
285 | continue | |
286 | fi | |
287 | break | |
288 | done | |
289 | ||
290 | bridge fdb del dev $swp2 $h3mac vlan 555 master 2>/dev/null | |
9c7c8a82 | 291 | # Re-prime FDB |
ca70a562 | 292 | $ARPING -I br1.555 192.0.2.130 -fqc 1 |
9c7c8a82 PM |
293 | sleep 1 |
294 | quick_test_span_gre_dir $tundev ingress | |
295 | ||
296 | mirror_uninstall $swp1 ingress | |
297 | ||
298 | log_test "$what: MAC roaming ($tcflags)" | |
299 | } | |
300 | ||
301 | test_gretap_fdb_roaming() | |
302 | { | |
303 | test_span_gre_fdb_roaming gt4 "mirror to gretap" | |
304 | } | |
305 | ||
306 | test_ip6gretap_fdb_roaming() | |
307 | { | |
308 | test_span_gre_fdb_roaming gt6 "mirror to ip6gretap" | |
309 | } | |
310 | ||
311 | test_gretap_stp() | |
312 | { | |
313 | full_test_span_gre_stp gt4 $swp3 "mirror to gretap" | |
314 | } | |
315 | ||
316 | test_ip6gretap_stp() | |
317 | { | |
318 | full_test_span_gre_stp gt6 $swp3 "mirror to ip6gretap" | |
319 | } | |
320 | ||
0056042f PM |
321 | test_all() |
322 | { | |
323 | slow_path_trap_install $swp1 ingress | |
324 | slow_path_trap_install $swp1 egress | |
325 | ||
326 | tests_run | |
327 | ||
328 | slow_path_trap_uninstall $swp1 egress | |
329 | slow_path_trap_uninstall $swp1 ingress | |
330 | } | |
331 | ||
332 | trap cleanup EXIT | |
333 | ||
334 | setup_prepare | |
335 | setup_wait | |
336 | ||
337 | tcflags="skip_hw" | |
338 | test_all | |
339 | ||
340 | if ! tc_offload_check; then | |
341 | echo "WARN: Could not test offloaded functionality" | |
342 | else | |
343 | tcflags="skip_sw" | |
344 | test_all | |
345 | fi | |
346 | ||
347 | exit $EXIT_STATUS |