2 # SPDX-License-Identifier: GPL-2.0
4 # Test for "tc action mirred egress mirror" when the underlay route points at a
5 # vlan device on top of a bridge device with vlan filtering (802.1q).
7 # +---------------------+ +---------------------+
10 # | | 192.0.2.1/28 | | 192.0.2.2/28 | |
11 # +-----|---------------+ +---------------|-----+
13 # +-----|-------------------------------------------------------------|-----+
14 # | SW o--> mirred egress mirror dev {gt4,gt6} | |
16 # | +---|-------------------------------------------------------------|---+ |
17 # | | + $swp1 br1 $swp2 + | |
20 # | +---|-----------------------------------------------------------------+ |
23 # | | 192.0.2.130/28 |
24 # | | 2001:db8:2::2/64 |
26 # | | + gt6 (ip6gretap) + gt4 (gretap) |
27 # | | : loc=2001:db8:2::1 : loc=192.0.2.129 |
28 # | | : rem=2001:db8:2::2 : rem=192.0.2.130 |
29 # | | : ttl=100 : ttl=100 |
30 # | | : tos=inherit : tos=inherit |
32 # +-----|---------------------:----------------------:----------------------+
34 # +-----|---------------------:----------------------:----------------------+
35 # | H3 + $h3 + h3-gt6 (ip6gretap) + h3-gt4 (gretap) |
36 # | | loc=2001:db8:2::2 loc=192.0.2.130 |
37 # | + $h3.555 rem=2001:db8:2::1 rem=192.0.2.129 |
38 # | 192.0.2.130/28 ttl=100 ttl=100 |
39 # | 2001:db8:2::2/64 tos=inherit tos=inherit |
41 # +-------------------------------------------------------------------------+
46 test_gretap_forbidden_cpu
47 test_ip6gretap_forbidden_cpu
48 test_gretap_forbidden_egress
49 test_ip6gretap_forbidden_egress
50 test_gretap_untagged_egress
51 test_ip6gretap_untagged_egress
52 test_gretap_fdb_roaming
53 test_ip6gretap_fdb_roaming
61 source mirror_gre_lib.sh
62 source mirror_gre_topo_lib.sh
64 require_command $ARPING
68 local add_del=$1; shift
71 ip addr $add_del dev $dev 192.0.2.130/28
72 ip addr $add_del dev $dev 2001:db8:2::2/64
86 # gt4's remote address is at $h3.555, not $h3. Thus the packets arriving
87 # directly to $h3 for test_gretap_untagged_egress() are rejected by
88 # rp_filter and the test spuriously fails.
89 sysctl_set net.ipv4.conf.all.rp_filter 0
90 sysctl_set net.ipv4.conf.$h3.rp_filter 0
93 mirror_gre_topo_create
95 vlan_create br1 555 "" 192.0.2.129/32 2001:db8:2::1/128
96 bridge vlan add dev br1 vid 555 self
97 ip route rep 192.0.2.130/32 dev br1.555
98 ip -6 route rep 2001:db8:2::2/128 dev br1.555
100 vlan_create $h3 555 v$h3
101 h3_addr_add_del add $h3.555
103 ip link set dev $swp3 master br1
104 bridge vlan add dev $swp3 vid 555
105 bridge vlan add dev $swp2 vid 555
112 ip link set dev $swp2 nomaster
113 ip link set dev $swp3 nomaster
115 h3_addr_add_del del $h3.555
119 mirror_gre_topo_destroy
122 sysctl_restore net.ipv4.conf.$h3.rp_filter
123 sysctl_restore net.ipv4.conf.all.rp_filter
128 local tundev=$1; shift
129 local vlan_match=$1; shift
132 full_test_span_gre_dir_vlan $tundev ingress "$vlan_match" 8 0 "$what"
133 full_test_span_gre_dir_vlan $tundev egress "$vlan_match" 0 8 "$what"
138 test_vlan_match gt4 'skip_hw vlan_id 555 vlan_ethtype ip' \
144 test_vlan_match gt6 'skip_hw vlan_id 555 vlan_ethtype ip' \
145 "mirror to ip6gretap"
148 test_span_gre_forbidden_cpu()
150 local tundev=$1; shift
155 # Run the pass-test first, to prime neighbor table.
156 mirror_install $swp1 ingress $tundev "matchall $tcflags"
157 quick_test_span_gre_dir $tundev ingress
159 # Now forbid the VLAN at the bridge and see it fail.
160 bridge vlan del dev br1 vid 555 self
162 fail_test_span_gre_dir $tundev ingress
164 bridge vlan add dev br1 vid 555 self
166 quick_test_span_gre_dir $tundev ingress
168 mirror_uninstall $swp1 ingress
170 log_test "$what: vlan forbidden at a bridge ($tcflags)"
173 test_gretap_forbidden_cpu()
175 test_span_gre_forbidden_cpu gt4 "mirror to gretap"
178 test_ip6gretap_forbidden_cpu()
180 test_span_gre_forbidden_cpu gt6 "mirror to ip6gretap"
183 test_span_gre_forbidden_egress()
185 local tundev=$1; shift
190 mirror_install $swp1 ingress $tundev "matchall $tcflags"
191 quick_test_span_gre_dir $tundev ingress
193 bridge vlan del dev $swp3 vid 555
195 fail_test_span_gre_dir $tundev ingress
197 bridge vlan add dev $swp3 vid 555
199 $ARPING -I br1.555 192.0.2.130 -fqc 1
201 quick_test_span_gre_dir $tundev ingress
203 mirror_uninstall $swp1 ingress
205 log_test "$what: vlan forbidden at a bridge egress ($tcflags)"
208 test_gretap_forbidden_egress()
210 test_span_gre_forbidden_egress gt4 "mirror to gretap"
213 test_ip6gretap_forbidden_egress()
215 test_span_gre_forbidden_egress gt6 "mirror to ip6gretap"
218 test_span_gre_untagged_egress()
220 local tundev=$1; shift
225 mirror_install $swp1 ingress $tundev "matchall $tcflags"
227 quick_test_span_gre_dir $tundev ingress
228 quick_test_span_vlan_dir $h3 555 ingress
230 h3_addr_add_del del $h3.555
231 bridge vlan add dev $swp3 vid 555 pvid untagged
232 h3_addr_add_del add $h3
235 quick_test_span_gre_dir $tundev ingress
236 fail_test_span_vlan_dir $h3 555 ingress
238 h3_addr_add_del del $h3
239 bridge vlan add dev $swp3 vid 555
240 h3_addr_add_del add $h3.555
243 quick_test_span_gre_dir $tundev ingress
244 quick_test_span_vlan_dir $h3 555 ingress
246 mirror_uninstall $swp1 ingress
248 log_test "$what: vlan untagged at a bridge egress ($tcflags)"
251 test_gretap_untagged_egress()
253 test_span_gre_untagged_egress gt4 "mirror to gretap"
256 test_ip6gretap_untagged_egress()
258 test_span_gre_untagged_egress gt6 "mirror to ip6gretap"
261 test_span_gre_fdb_roaming()
263 local tundev=$1; shift
265 local h3mac=$(mac_get $h3)
269 mirror_install $swp1 ingress $tundev "matchall $tcflags"
270 quick_test_span_gre_dir $tundev ingress
272 while ((RET == 0)); do
273 bridge fdb del dev $swp3 $h3mac vlan 555 master 2>/dev/null
274 bridge fdb add dev $swp2 $h3mac vlan 555 master
276 fail_test_span_gre_dir $tundev ingress
278 if ! bridge fdb sh dev $swp2 vlan 555 master \
279 | grep -q $h3mac; then
280 printf "TEST: %-60s [RETRY]\n" \
281 "$what: MAC roaming ($tcflags)"
282 # ARP or ND probably reprimed the FDB while the test
283 # was running. We would get a spurious failure.
290 bridge fdb del dev $swp2 $h3mac vlan 555 master 2>/dev/null
292 $ARPING -I br1.555 192.0.2.130 -fqc 1
294 quick_test_span_gre_dir $tundev ingress
296 mirror_uninstall $swp1 ingress
298 log_test "$what: MAC roaming ($tcflags)"
301 test_gretap_fdb_roaming()
303 test_span_gre_fdb_roaming gt4 "mirror to gretap"
306 test_ip6gretap_fdb_roaming()
308 test_span_gre_fdb_roaming gt6 "mirror to ip6gretap"
313 full_test_span_gre_stp gt4 $swp3 "mirror to gretap"
318 full_test_span_gre_stp gt6 $swp3 "mirror to ip6gretap"
323 slow_path_trap_install $swp1 ingress
324 slow_path_trap_install $swp1 egress
328 slow_path_trap_uninstall $swp1 egress
329 slow_path_trap_uninstall $swp1 ingress
340 if ! tc_offload_check; then
341 echo "WARN: Could not test offloaded functionality"