[mirror_ubuntu-eoan-kernel.git] / tools / testing / selftests / net / forwarding / mirror_gre_vlan_bridge_1q.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0

# Test for "tc action mirred egress mirror" when the underlay route points at a
# vlan device on top of a bridge device with vlan filtering (802.1q).
#
#   +---------------------+                             +---------------------+
#   | H1                  |                             |                  H2 |
#   |     + $h1           |                             |           $h2 +     |
#   |     | 192.0.2.1/28  |                             |  192.0.2.2/28 |     |
#   +-----|---------------+                             +---------------|-----+
#         |                                                             |
#   +-----|-------------------------------------------------------------|-----+
#   | SW  o--> mirred egress mirror dev {gt4,gt6}                       |     |
#   |     |                                                             |     |
#   | +---|-------------------------------------------------------------|---+ |
#   | |   + $swp1                    br1                          $swp2 +   | |
#   | |                                                                     | |
#   | |   + $swp3                                                           | |
#   | +---|-----------------------------------------------------------------+ |
#   |     |                        |                                          |
#   |     |                        + br1.555                                  |
#   |     |                          192.0.2.130/28                           |
#   |     |                          2001:db8:2::2/64                         |
#   |     |                                                                   |
#   |     |                     + gt6 (ip6gretap)      + gt4 (gretap)         |
#   |     |                     : loc=2001:db8:2::1    : loc=192.0.2.129      |
#   |     |                     : rem=2001:db8:2::2    : rem=192.0.2.130      |
#   |     |                     : ttl=100              : ttl=100              |
#   |     |                     : tos=inherit          : tos=inherit          |
#   |     |                     :                      :                      |
#   +-----|---------------------:----------------------:----------------------+
#         |                     :                      :
#   +-----|---------------------:----------------------:----------------------+
#   | H3  + $h3                 + h3-gt6 (ip6gretap)   + h3-gt4 (gretap)      |
#   |     |                       loc=2001:db8:2::2      loc=192.0.2.130      |
#   |     + $h3.555               rem=2001:db8:2::1      rem=192.0.2.129      |
#   |       192.0.2.130/28        ttl=100                ttl=100              |
#   |       2001:db8:2::2/64      tos=inherit            tos=inherit          |
#   |                                                                         |
#   +-------------------------------------------------------------------------+

ALL_TESTS="
	test_gretap
	test_ip6gretap
	test_gretap_forbidden_cpu
	test_ip6gretap_forbidden_cpu
	test_gretap_forbidden_egress
	test_ip6gretap_forbidden_egress
	test_gretap_untagged_egress
	test_ip6gretap_untagged_egress
	test_gretap_fdb_roaming
	test_ip6gretap_fdb_roaming
	test_gretap_stp
	test_ip6gretap_stp
"

NUM_NETIFS=6
source lib.sh
source mirror_lib.sh
source mirror_gre_lib.sh
source mirror_gre_topo_lib.sh

require_command $ARPING

h3_addr_add_del()
{
	local add_del=$1; shift
	local dev=$1; shift

	ip addr $add_del dev $dev 192.0.2.130/28
	ip addr $add_del dev $dev 2001:db8:2::2/64
}

setup_prepare()
{
	h1=${NETIFS[p1]}
	swp1=${NETIFS[p2]}

	swp2=${NETIFS[p3]}
	h2=${NETIFS[p4]}

	swp3=${NETIFS[p5]}
	h3=${NETIFS[p6]}

	# gt4's remote address is at $h3.555, not $h3. Thus the packets arriving
	# directly to $h3 for test_gretap_untagged_egress() are rejected by
	# rp_filter and the test spuriously fails.
	sysctl_set net.ipv4.conf.all.rp_filter 0
	sysctl_set net.ipv4.conf.$h3.rp_filter 0

	vrf_prepare
	mirror_gre_topo_create

	vlan_create br1 555 "" 192.0.2.129/32 2001:db8:2::1/128
	bridge vlan add dev br1 vid 555 self
	ip route rep 192.0.2.130/32 dev br1.555
	ip -6 route rep 2001:db8:2::2/128 dev br1.555

	vlan_create $h3 555 v$h3
	h3_addr_add_del add $h3.555

	ip link set dev $swp3 master br1
	bridge vlan add dev $swp3 vid 555
	bridge vlan add dev $swp2 vid 555
}

cleanup()
{
	pre_cleanup

	ip link set dev $swp2 nomaster
	ip link set dev $swp3 nomaster

	h3_addr_add_del del $h3.555
	vlan_destroy $h3 555
	vlan_destroy br1 555

	mirror_gre_topo_destroy
	vrf_cleanup

	sysctl_restore net.ipv4.conf.$h3.rp_filter
	sysctl_restore net.ipv4.conf.all.rp_filter
}

test_vlan_match()
{
	local tundev=$1; shift
	local vlan_match=$1; shift
	local what=$1; shift

	full_test_span_gre_dir_vlan $tundev ingress "$vlan_match" 8 0 "$what"
	full_test_span_gre_dir_vlan $tundev egress "$vlan_match" 0 8 "$what"
}

test_gretap()
{
	test_vlan_match gt4 'skip_hw vlan_id 555 vlan_ethtype ip' \
			"mirror to gretap"
}

test_ip6gretap()
{
	test_vlan_match gt6 'skip_hw vlan_id 555 vlan_ethtype ip' \
			"mirror to ip6gretap"
}

test_span_gre_forbidden_cpu()
{
	local tundev=$1; shift
	local what=$1; shift

	RET=0

	# Run the pass-test first, to prime neighbor table.
	mirror_install $swp1 ingress $tundev "matchall $tcflags"
	quick_test_span_gre_dir $tundev ingress

	# Now forbid the VLAN at the bridge and see it fail.
	bridge vlan del dev br1 vid 555 self
	sleep 1
	fail_test_span_gre_dir $tundev ingress

	bridge vlan add dev br1 vid 555 self
	sleep 1
	quick_test_span_gre_dir $tundev ingress

	mirror_uninstall $swp1 ingress

	log_test "$what: vlan forbidden at a bridge ($tcflags)"
}

test_gretap_forbidden_cpu()
{
	test_span_gre_forbidden_cpu gt4 "mirror to gretap"
}

test_ip6gretap_forbidden_cpu()
{
	test_span_gre_forbidden_cpu gt6 "mirror to ip6gretap"
}

test_span_gre_forbidden_egress()
{
	local tundev=$1; shift
	local what=$1; shift

	RET=0

	mirror_install $swp1 ingress $tundev "matchall $tcflags"
	quick_test_span_gre_dir $tundev ingress

	bridge vlan del dev $swp3 vid 555
	sleep 1
	fail_test_span_gre_dir $tundev ingress

	bridge vlan add dev $swp3 vid 555
	# Re-prime FDB
	$ARPING -I br1.555 192.0.2.130 -fqc 1
	sleep 1
	quick_test_span_gre_dir $tundev ingress

	mirror_uninstall $swp1 ingress

	log_test "$what: vlan forbidden at a bridge egress ($tcflags)"
}

test_gretap_forbidden_egress()
{
	test_span_gre_forbidden_egress gt4 "mirror to gretap"
}

test_ip6gretap_forbidden_egress()
{
	test_span_gre_forbidden_egress gt6 "mirror to ip6gretap"
}

test_span_gre_untagged_egress()
{
	local tundev=$1; shift
	local what=$1; shift

	RET=0

	mirror_install $swp1 ingress $tundev "matchall $tcflags"

	quick_test_span_gre_dir $tundev ingress
	quick_test_span_vlan_dir $h3 555 ingress

	h3_addr_add_del del $h3.555
	bridge vlan add dev $swp3 vid 555 pvid untagged
	h3_addr_add_del add $h3
	sleep 5

	quick_test_span_gre_dir $tundev ingress
	fail_test_span_vlan_dir $h3 555 ingress

	h3_addr_add_del del $h3
	bridge vlan add dev $swp3 vid 555
	h3_addr_add_del add $h3.555
	sleep 5

	quick_test_span_gre_dir $tundev ingress
	quick_test_span_vlan_dir $h3 555 ingress

	mirror_uninstall $swp1 ingress

	log_test "$what: vlan untagged at a bridge egress ($tcflags)"
}

test_gretap_untagged_egress()
{
	test_span_gre_untagged_egress gt4 "mirror to gretap"
}

test_ip6gretap_untagged_egress()
{
	test_span_gre_untagged_egress gt6 "mirror to ip6gretap"
}

test_span_gre_fdb_roaming()
{
	local tundev=$1; shift
	local what=$1; shift
	local h3mac=$(mac_get $h3)

	RET=0

	mirror_install $swp1 ingress $tundev "matchall $tcflags"
	quick_test_span_gre_dir $tundev ingress

	while ((RET == 0)); do
		bridge fdb del dev $swp3 $h3mac vlan 555 master 2>/dev/null
		bridge fdb add dev $swp2 $h3mac vlan 555 master
		sleep 1
		fail_test_span_gre_dir $tundev ingress

		if ! bridge fdb sh dev $swp2 vlan 555 master \
		    | grep -q $h3mac; then
			printf "TEST: %-60s  [RETRY]\n" \
				"$what: MAC roaming ($tcflags)"
			# ARP or ND probably reprimed the FDB while the test
			# was running. We would get a spurious failure.
			RET=0
			continue
		fi
		break
	done

	bridge fdb del dev $swp2 $h3mac vlan 555 master 2>/dev/null
	# Re-prime FDB
	$ARPING -I br1.555 192.0.2.130 -fqc 1
	sleep 1
	quick_test_span_gre_dir $tundev ingress

	mirror_uninstall $swp1 ingress

	log_test "$what: MAC roaming ($tcflags)"
}

test_gretap_fdb_roaming()
{
	test_span_gre_fdb_roaming gt4 "mirror to gretap"
}

test_ip6gretap_fdb_roaming()
{
	test_span_gre_fdb_roaming gt6 "mirror to ip6gretap"
}

test_gretap_stp()
{
	full_test_span_gre_stp gt4 $swp3 "mirror to gretap"
}

test_ip6gretap_stp()
{
	full_test_span_gre_stp gt6 $swp3 "mirror to ip6gretap"
}

test_all()
{
	slow_path_trap_install $swp1 ingress
	slow_path_trap_install $swp1 egress

	tests_run

	slow_path_trap_uninstall $swp1 egress
	slow_path_trap_uninstall $swp1 ingress
}

trap cleanup EXIT

setup_prepare
setup_wait

tcflags="skip_hw"
test_all

if ! tc_offload_check; then
	echo "WARN: Could not test offloaded functionality"
else
	tcflags="skip_sw"
	test_all
fi

exit $EXIT_STATUS
Commit	Line	Data
0056042f PM	1	#!/bin/bash
	2	# SPDX-License-Identifier: GPL-2.0
	3
0056042f PM	4	# Test for "tc action mirred egress mirror" when the underlay route points at a
0056042f PM	5	# vlan device on top of a bridge device with vlan filtering (802.1q).
35036b0b PM	6	#
	7	# +---------------------+ +---------------------+
	8	# \| H1 \| \| H2 \|
	9	# \| + $h1 \| \| $h2 + \|
	10	# \| \| 192.0.2.1/28 \| \| 192.0.2.2/28 \| \|
	11	# +-----\|---------------+ +---------------\|-----+
	12	# \| \|
	13	# +-----\|-------------------------------------------------------------\|-----+
	14	# \| SW o--> mirred egress mirror dev {gt4,gt6} \| \|
	15	# \| \| \| \|
	16	# \| +---\|-------------------------------------------------------------\|---+ \|
	17	# \| \| + $swp1 br1 $swp2 + \| \|
	18	# \| \| \| \|
	19	# \| \| + $swp3 \| \|
	20	# \| +---\|-----------------------------------------------------------------+ \|
	21	# \| \| \| \|
	22	# \| \| + br1.555 \|
	23	# \| \| 192.0.2.130/28 \|
	24	# \| \| 2001:db8:2::2/64 \|
	25	# \| \| \|
	26	# \| \| + gt6 (ip6gretap) + gt4 (gretap) \|
	27	# \| \| : loc=2001:db8:2::1 : loc=192.0.2.129 \|
	28	# \| \| : rem=2001:db8:2::2 : rem=192.0.2.130 \|
	29	# \| \| : ttl=100 : ttl=100 \|
	30	# \| \| : tos=inherit : tos=inherit \|
	31	# \| \| : : \|
	32	# +-----\|---------------------:----------------------:----------------------+
	33	# \| : :
	34	# +-----\|---------------------:----------------------:----------------------+
	35	# \| H3 + $h3 + h3-gt6 (ip6gretap) + h3-gt4 (gretap) \|
	36	# \| \| loc=2001:db8:2::2 loc=192.0.2.130 \|
	37	# \| + $h3.555 rem=2001:db8:2::1 rem=192.0.2.129 \|
	38	# \| 192.0.2.130/28 ttl=100 ttl=100 \|
	39	# \| 2001:db8:2::2/64 tos=inherit tos=inherit \|
	40	# \| \|
	41	# +-------------------------------------------------------------------------+
0056042f PM	42
	43	ALL_TESTS="
	44	test_gretap
	45	test_ip6gretap
68368016 PM	46	test_gretap_forbidden_cpu
68368016 PM	47	test_ip6gretap_forbidden_cpu
9c7c8a82 PM	48	test_gretap_forbidden_egress
	49	test_ip6gretap_forbidden_egress
	50	test_gretap_untagged_egress
	51	test_ip6gretap_untagged_egress
	52	test_gretap_fdb_roaming
	53	test_ip6gretap_fdb_roaming
	54	test_gretap_stp
	55	test_ip6gretap_stp
0056042f PM	56	"
	57
	58	NUM_NETIFS=6
	59	source lib.sh
	60	source mirror_lib.sh
	61	source mirror_gre_lib.sh
	62	source mirror_gre_topo_lib.sh
	63
ca70a562 PM	64	require_command $ARPING
ca70a562 PM	65
35036b0b PM	66	h3_addr_add_del()
	67	{
	68	local add_del=$1; shift
	69	local dev=$1; shift
	70
	71	ip addr $add_del dev $dev 192.0.2.130/28
	72	ip addr $add_del dev $dev 2001:db8:2::2/64
	73	}
	74
0056042f PM	75	setup_prepare()
	76	{
	77	h1=${NETIFS[p1]}
	78	swp1=${NETIFS[p2]}
	79
	80	swp2=${NETIFS[p3]}
	81	h2=${NETIFS[p4]}
	82
	83	swp3=${NETIFS[p5]}
	84	h3=${NETIFS[p6]}
	85
27a2628b PM	86	# gt4's remote address is at $h3.555, not $h3. Thus the packets arriving
	87	# directly to $h3 for test_gretap_untagged_egress() are rejected by
	88	# rp_filter and the test spuriously fails.
	89	sysctl_set net.ipv4.conf.all.rp_filter 0
	90	sysctl_set net.ipv4.conf.$h3.rp_filter 0
	91
0056042f PM	92	vrf_prepare
	93	mirror_gre_topo_create
	94
	95	vlan_create br1 555 "" 192.0.2.129/32 2001:db8:2::1/128
	96	bridge vlan add dev br1 vid 555 self
	97	ip route rep 192.0.2.130/32 dev br1.555
	98	ip -6 route rep 2001:db8:2::2/128 dev br1.555
	99
35036b0b PM	100	vlan_create $h3 555 v$h3
35036b0b PM	101	h3_addr_add_del add $h3.555
0056042f PM	102
	103	ip link set dev $swp3 master br1
	104	bridge vlan add dev $swp3 vid 555
9c7c8a82	105	bridge vlan add dev $swp2 vid 555
0056042f PM	106	}
	107
	108	cleanup()
	109	{
	110	pre_cleanup
	111
9c7c8a82	112	ip link set dev $swp2 nomaster
0056042f	113	ip link set dev $swp3 nomaster
35036b0b PM	114
35036b0b PM	115	h3_addr_add_del del $h3.555
0056042f PM	116	vlan_destroy $h3 555
	117	vlan_destroy br1 555
	118
	119	mirror_gre_topo_destroy
	120	vrf_cleanup
27a2628b PM	121
	122	sysctl_restore net.ipv4.conf.$h3.rp_filter
	123	sysctl_restore net.ipv4.conf.all.rp_filter
0056042f PM	124	}
	125
	126	test_vlan_match()
	127	{
	128	local tundev=$1; shift
	129	local vlan_match=$1; shift
	130	local what=$1; shift
	131
	132	full_test_span_gre_dir_vlan $tundev ingress "$vlan_match" 8 0 "$what"
	133	full_test_span_gre_dir_vlan $tundev egress "$vlan_match" 0 8 "$what"
	134	}
	135
	136	test_gretap()
	137	{
ec9fdc99 PM	138	test_vlan_match gt4 'skip_hw vlan_id 555 vlan_ethtype ip' \
ec9fdc99 PM	139	"mirror to gretap"
0056042f PM	140	}
	141
	142	test_ip6gretap()
	143	{
ec9fdc99 PM	144	test_vlan_match gt6 'skip_hw vlan_id 555 vlan_ethtype ip' \
ec9fdc99 PM	145	"mirror to ip6gretap"
0056042f PM	146	}
0056042f PM	147
68368016	148	test_span_gre_forbidden_cpu()
0056042f PM	149	{
	150	local tundev=$1; shift
	151	local what=$1; shift
	152
	153	RET=0
	154
	155	# Run the pass-test first, to prime neighbor table.
	156	mirror_install $swp1 ingress $tundev "matchall $tcflags"
	157	quick_test_span_gre_dir $tundev ingress
	158
	159	# Now forbid the VLAN at the bridge and see it fail.
	160	bridge vlan del dev br1 vid 555 self
	161	sleep 1
0056042f	162	fail_test_span_gre_dir $tundev ingress
0056042f PM	163
	164	bridge vlan add dev br1 vid 555 self
	165	sleep 1
a6f3282e PM	166	quick_test_span_gre_dir $tundev ingress
	167
	168	mirror_uninstall $swp1 ingress
0056042f PM	169
	170	log_test "$what: vlan forbidden at a bridge ($tcflags)"
	171	}
	172
68368016	173	test_gretap_forbidden_cpu()
0056042f	174	{
68368016	175	test_span_gre_forbidden_cpu gt4 "mirror to gretap"
0056042f PM	176	}
0056042f PM	177
68368016	178	test_ip6gretap_forbidden_cpu()
0056042f	179	{
68368016	180	test_span_gre_forbidden_cpu gt6 "mirror to ip6gretap"
0056042f PM	181	}
0056042f PM	182
9c7c8a82 PM	183	test_span_gre_forbidden_egress()
	184	{
	185	local tundev=$1; shift
	186	local what=$1; shift
	187
	188	RET=0
	189
	190	mirror_install $swp1 ingress $tundev "matchall $tcflags"
	191	quick_test_span_gre_dir $tundev ingress
	192
	193	bridge vlan del dev $swp3 vid 555
	194	sleep 1
	195	fail_test_span_gre_dir $tundev ingress
	196
	197	bridge vlan add dev $swp3 vid 555
	198	# Re-prime FDB
ca70a562	199	$ARPING -I br1.555 192.0.2.130 -fqc 1
9c7c8a82 PM	200	sleep 1
	201	quick_test_span_gre_dir $tundev ingress
	202
	203	mirror_uninstall $swp1 ingress
	204
	205	log_test "$what: vlan forbidden at a bridge egress ($tcflags)"
	206	}
	207
	208	test_gretap_forbidden_egress()
	209	{
	210	test_span_gre_forbidden_egress gt4 "mirror to gretap"
	211	}
	212
	213	test_ip6gretap_forbidden_egress()
	214	{
	215	test_span_gre_forbidden_egress gt6 "mirror to ip6gretap"
	216	}
	217
	218	test_span_gre_untagged_egress()
	219	{
	220	local tundev=$1; shift
	221	local what=$1; shift
	222
	223	RET=0
	224
	225	mirror_install $swp1 ingress $tundev "matchall $tcflags"
	226
	227	quick_test_span_gre_dir $tundev ingress
	228	quick_test_span_vlan_dir $h3 555 ingress
	229
35036b0b	230	h3_addr_add_del del $h3.555
9c7c8a82	231	bridge vlan add dev $swp3 vid 555 pvid untagged
35036b0b PM	232	h3_addr_add_del add $h3
	233	sleep 5
	234
9c7c8a82 PM	235	quick_test_span_gre_dir $tundev ingress
	236	fail_test_span_vlan_dir $h3 555 ingress
	237
35036b0b	238	h3_addr_add_del del $h3
9c7c8a82	239	bridge vlan add dev $swp3 vid 555
35036b0b PM	240	h3_addr_add_del add $h3.555
	241	sleep 5
	242
9c7c8a82 PM	243	quick_test_span_gre_dir $tundev ingress
	244	quick_test_span_vlan_dir $h3 555 ingress
	245
	246	mirror_uninstall $swp1 ingress
	247
	248	log_test "$what: vlan untagged at a bridge egress ($tcflags)"
	249	}
	250
	251	test_gretap_untagged_egress()
	252	{
	253	test_span_gre_untagged_egress gt4 "mirror to gretap"
	254	}
	255
	256	test_ip6gretap_untagged_egress()
	257	{
	258	test_span_gre_untagged_egress gt6 "mirror to ip6gretap"
	259	}
	260
	261	test_span_gre_fdb_roaming()
	262	{
	263	local tundev=$1; shift
	264	local what=$1; shift
	265	local h3mac=$(mac_get $h3)
	266
	267	RET=0
	268
	269	mirror_install $swp1 ingress $tundev "matchall $tcflags"
	270	quick_test_span_gre_dir $tundev ingress
	271
ccdb66dd PM	272	while ((RET == 0)); do
	273	bridge fdb del dev $swp3 $h3mac vlan 555 master 2>/dev/null
	274	bridge fdb add dev $swp2 $h3mac vlan 555 master
	275	sleep 1
	276	fail_test_span_gre_dir $tundev ingress
	277
	278	if ! bridge fdb sh dev $swp2 vlan 555 master \
	279	\| grep -q $h3mac; then
	280	printf "TEST: %-60s [RETRY]\n" \
	281	"$what: MAC roaming ($tcflags)"
	282	# ARP or ND probably reprimed the FDB while the test
	283	# was running. We would get a spurious failure.
	284	RET=0
	285	continue
	286	fi
	287	break
	288	done
	289
	290	bridge fdb del dev $swp2 $h3mac vlan 555 master 2>/dev/null
9c7c8a82	291	# Re-prime FDB
ca70a562	292	$ARPING -I br1.555 192.0.2.130 -fqc 1
9c7c8a82 PM	293	sleep 1
	294	quick_test_span_gre_dir $tundev ingress
	295
	296	mirror_uninstall $swp1 ingress
	297
	298	log_test "$what: MAC roaming ($tcflags)"
	299	}
	300
	301	test_gretap_fdb_roaming()
	302	{
	303	test_span_gre_fdb_roaming gt4 "mirror to gretap"
	304	}
	305
	306	test_ip6gretap_fdb_roaming()
	307	{
	308	test_span_gre_fdb_roaming gt6 "mirror to ip6gretap"
	309	}
	310
	311	test_gretap_stp()
	312	{
	313	full_test_span_gre_stp gt4 $swp3 "mirror to gretap"
	314	}
	315
	316	test_ip6gretap_stp()
	317	{
	318	full_test_span_gre_stp gt6 $swp3 "mirror to ip6gretap"
	319	}
	320
0056042f PM	321	test_all()
	322	{
	323	slow_path_trap_install $swp1 ingress
	324	slow_path_trap_install $swp1 egress
	325
	326	tests_run
	327
	328	slow_path_trap_uninstall $swp1 egress
	329	slow_path_trap_uninstall $swp1 ingress
	330	}
	331
	332	trap cleanup EXIT
	333
	334	setup_prepare
	335	setup_wait
	336
	337	tcflags="skip_hw"
	338	test_all
	339
	340	if ! tc_offload_check; then
	341	echo "WARN: Could not test offloaded functionality"
	342	else
	343	tcflags="skip_sw"
	344	test_all
	345	fi
	346
	347	exit $EXIT_STATUS