tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh

   1 #!/bin/bash
   2 # SPDX-License-Identifier: GPL-2.0
   3
   4 # Test for "tc action mirred egress mirror" when the underlay route points at a
   5 # vlan device on top of a bridge device with vlan filtering (802.1q).
   6 #
   7 #   +---------------------+                             +---------------------+
   8 #   | H1                  |                             |                  H2 |
   9 #   |     + $h1           |                             |           $h2 +     |
  10 #   |     | 192.0.2.1/28  |                             |  192.0.2.2/28 |     |
  11 #   +-----|---------------+                             +---------------|-----+
  12 #         |                                                             |
  13 #   +-----|-------------------------------------------------------------|-----+
  14 #   | SW  o--> mirred egress mirror dev {gt4,gt6}                       |     |
  15 #   |     |                                                             |     |
  16 #   | +---|-------------------------------------------------------------|---+ |
  17 #   | |   + $swp1                    br1                          $swp2 +   | |
  18 #   | |                                                                     | |
  19 #   | |   + $swp3                                                           | |
  20 #   | +---|-----------------------------------------------------------------+ |
  21 #   |     |                        |                                          |
  22 #   |     |                        + br1.555                                  |
  23 #   |     |                          192.0.2.130/28                           |
  24 #   |     |                          2001:db8:2::2/64                         |
  25 #   |     |                                                                   |
  26 #   |     |                     + gt6 (ip6gretap)      + gt4 (gretap)         |
  27 #   |     |                     : loc=2001:db8:2::1    : loc=192.0.2.129      |
  28 #   |     |                     : rem=2001:db8:2::2    : rem=192.0.2.130      |
  29 #   |     |                     : ttl=100              : ttl=100              |
  30 #   |     |                     : tos=inherit          : tos=inherit          |
  31 #   |     |                     :                      :                      |
  32 #   +-----|---------------------:----------------------:----------------------+
  33 #         |                     :                      :
  34 #   +-----|---------------------:----------------------:----------------------+
  35 #   | H3  + $h3                 + h3-gt6 (ip6gretap)   + h3-gt4 (gretap)      |
  36 #   |     |                       loc=2001:db8:2::2      loc=192.0.2.130      |
  37 #   |     + $h3.555               rem=2001:db8:2::1      rem=192.0.2.129      |
  38 #   |       192.0.2.130/28        ttl=100                ttl=100              |
  39 #   |       2001:db8:2::2/64      tos=inherit            tos=inherit          |
  40 #   |                                                                         |
  41 #   +-------------------------------------------------------------------------+
  42
  43 ALL_TESTS="
  44         test_gretap
  45         test_ip6gretap
  46         test_gretap_forbidden_cpu
  47         test_ip6gretap_forbidden_cpu
  48         test_gretap_forbidden_egress
  49         test_ip6gretap_forbidden_egress
  50         test_gretap_untagged_egress
  51         test_ip6gretap_untagged_egress
  52         test_gretap_fdb_roaming
  53         test_ip6gretap_fdb_roaming
  54         test_gretap_stp
  55         test_ip6gretap_stp
  56 "
  57
  58 NUM_NETIFS=6
  59 source lib.sh
  60 source mirror_lib.sh
  61 source mirror_gre_lib.sh
  62 source mirror_gre_topo_lib.sh
  63
  64 require_command $ARPING
  65
  66 h3_addr_add_del()
  67 {
  68         local add_del=$1; shift
  69         local dev=$1; shift
  70
  71         ip addr $add_del dev $dev 192.0.2.130/28
  72         ip addr $add_del dev $dev 2001:db8:2::2/64
  73 }
  74
  75 setup_prepare()
  76 {
  77         h1=${NETIFS[p1]}
  78         swp1=${NETIFS[p2]}
  79
  80         swp2=${NETIFS[p3]}
  81         h2=${NETIFS[p4]}
  82
  83         swp3=${NETIFS[p5]}
  84         h3=${NETIFS[p6]}
  85
  86         # gt4's remote address is at $h3.555, not $h3. Thus the packets arriving
  87         # directly to $h3 for test_gretap_untagged_egress() are rejected by
  88         # rp_filter and the test spuriously fails.
  89         sysctl_set net.ipv4.conf.all.rp_filter 0
  90         sysctl_set net.ipv4.conf.$h3.rp_filter 0
  91
  92         vrf_prepare
  93         mirror_gre_topo_create
  94
  95         vlan_create br1 555 "" 192.0.2.129/32 2001:db8:2::1/128
  96         bridge vlan add dev br1 vid 555 self
  97         ip route rep 192.0.2.130/32 dev br1.555
  98         ip -6 route rep 2001:db8:2::2/128 dev br1.555
  99
 100         vlan_create $h3 555 v$h3
 101         h3_addr_add_del add $h3.555
 102
 103         ip link set dev $swp3 master br1
 104         bridge vlan add dev $swp3 vid 555
 105         bridge vlan add dev $swp2 vid 555
 106 }
 107
 108 cleanup()
 109 {
 110         pre_cleanup
 111
 112         ip link set dev $swp2 nomaster
 113         ip link set dev $swp3 nomaster
 114
 115         h3_addr_add_del del $h3.555
 116         vlan_destroy $h3 555
 117         vlan_destroy br1 555
 118
 119         mirror_gre_topo_destroy
 120         vrf_cleanup
 121
 122         sysctl_restore net.ipv4.conf.$h3.rp_filter
 123         sysctl_restore net.ipv4.conf.all.rp_filter
 124 }
 125
 126 test_vlan_match()
 127 {
 128         local tundev=$1; shift
 129         local vlan_match=$1; shift
 130         local what=$1; shift
 131
 132         full_test_span_gre_dir_vlan $tundev ingress "$vlan_match" 8 0 "$what"
 133         full_test_span_gre_dir_vlan $tundev egress "$vlan_match" 0 8 "$what"
 134 }
 135
 136 test_gretap()
 137 {
 138         test_vlan_match gt4 'skip_hw vlan_id 555 vlan_ethtype ip' \
 139                         "mirror to gretap"
 140 }
 141
 142 test_ip6gretap()
 143 {
 144         test_vlan_match gt6 'skip_hw vlan_id 555 vlan_ethtype ip' \
 145                         "mirror to ip6gretap"
 146 }
 147
 148 test_span_gre_forbidden_cpu()
 149 {
 150         local tundev=$1; shift
 151         local what=$1; shift
 152
 153         RET=0
 154
 155         # Run the pass-test first, to prime neighbor table.
 156         mirror_install $swp1 ingress $tundev "matchall $tcflags"
 157         quick_test_span_gre_dir $tundev ingress
 158
 159         # Now forbid the VLAN at the bridge and see it fail.
 160         bridge vlan del dev br1 vid 555 self
 161         sleep 1
 162         fail_test_span_gre_dir $tundev ingress
 163
 164         bridge vlan add dev br1 vid 555 self
 165         sleep 1
 166         quick_test_span_gre_dir $tundev ingress
 167
 168         mirror_uninstall $swp1 ingress
 169
 170         log_test "$what: vlan forbidden at a bridge ($tcflags)"
 171 }
 172
 173 test_gretap_forbidden_cpu()
 174 {
 175         test_span_gre_forbidden_cpu gt4 "mirror to gretap"
 176 }
 177
 178 test_ip6gretap_forbidden_cpu()
 179 {
 180         test_span_gre_forbidden_cpu gt6 "mirror to ip6gretap"
 181 }
 182
 183 test_span_gre_forbidden_egress()
 184 {
 185         local tundev=$1; shift
 186         local what=$1; shift
 187
 188         RET=0
 189
 190         mirror_install $swp1 ingress $tundev "matchall $tcflags"
 191         quick_test_span_gre_dir $tundev ingress
 192
 193         bridge vlan del dev $swp3 vid 555
 194         sleep 1
 195         fail_test_span_gre_dir $tundev ingress
 196
 197         bridge vlan add dev $swp3 vid 555
 198         # Re-prime FDB
 199         $ARPING -I br1.555 192.0.2.130 -fqc 1
 200         sleep 1
 201         quick_test_span_gre_dir $tundev ingress
 202
 203         mirror_uninstall $swp1 ingress
 204
 205         log_test "$what: vlan forbidden at a bridge egress ($tcflags)"
 206 }
 207
 208 test_gretap_forbidden_egress()
 209 {
 210         test_span_gre_forbidden_egress gt4 "mirror to gretap"
 211 }
 212
 213 test_ip6gretap_forbidden_egress()
 214 {
 215         test_span_gre_forbidden_egress gt6 "mirror to ip6gretap"
 216 }
 217
 218 test_span_gre_untagged_egress()
 219 {
 220         local tundev=$1; shift
 221         local what=$1; shift
 222
 223         RET=0
 224
 225         mirror_install $swp1 ingress $tundev "matchall $tcflags"
 226
 227         quick_test_span_gre_dir $tundev ingress
 228         quick_test_span_vlan_dir $h3 555 ingress
 229
 230         h3_addr_add_del del $h3.555
 231         bridge vlan add dev $swp3 vid 555 pvid untagged
 232         h3_addr_add_del add $h3
 233         sleep 5
 234
 235         quick_test_span_gre_dir $tundev ingress
 236         fail_test_span_vlan_dir $h3 555 ingress
 237
 238         h3_addr_add_del del $h3
 239         bridge vlan add dev $swp3 vid 555
 240         h3_addr_add_del add $h3.555
 241         sleep 5
 242
 243         quick_test_span_gre_dir $tundev ingress
 244         quick_test_span_vlan_dir $h3 555 ingress
 245
 246         mirror_uninstall $swp1 ingress
 247
 248         log_test "$what: vlan untagged at a bridge egress ($tcflags)"
 249 }
 250
 251 test_gretap_untagged_egress()
 252 {
 253         test_span_gre_untagged_egress gt4 "mirror to gretap"
 254 }
 255
 256 test_ip6gretap_untagged_egress()
 257 {
 258         test_span_gre_untagged_egress gt6 "mirror to ip6gretap"
 259 }
 260
 261 test_span_gre_fdb_roaming()
 262 {
 263         local tundev=$1; shift
 264         local what=$1; shift
 265         local h3mac=$(mac_get $h3)
 266
 267         RET=0
 268
 269         mirror_install $swp1 ingress $tundev "matchall $tcflags"
 270         quick_test_span_gre_dir $tundev ingress
 271
 272         while ((RET == 0)); do
 273                 bridge fdb del dev $swp3 $h3mac vlan 555 master 2>/dev/null
 274                 bridge fdb add dev $swp2 $h3mac vlan 555 master
 275                 sleep 1
 276                 fail_test_span_gre_dir $tundev ingress
 277
 278                 if ! bridge fdb sh dev $swp2 vlan 555 master \
 279                     | grep -q $h3mac; then
 280                         printf "TEST: %-60s  [RETRY]\n" \
 281                                 "$what: MAC roaming ($tcflags)"
 282                         # ARP or ND probably reprimed the FDB while the test
 283                         # was running. We would get a spurious failure.
 284                         RET=0
 285                         continue
 286                 fi
 287                 break
 288         done
 289
 290         bridge fdb del dev $swp2 $h3mac vlan 555 master 2>/dev/null
 291         # Re-prime FDB
 292         $ARPING -I br1.555 192.0.2.130 -fqc 1
 293         sleep 1
 294         quick_test_span_gre_dir $tundev ingress
 295
 296         mirror_uninstall $swp1 ingress
 297
 298         log_test "$what: MAC roaming ($tcflags)"
 299 }
 300
 301 test_gretap_fdb_roaming()
 302 {
 303         test_span_gre_fdb_roaming gt4 "mirror to gretap"
 304 }
 305
 306 test_ip6gretap_fdb_roaming()
 307 {
 308         test_span_gre_fdb_roaming gt6 "mirror to ip6gretap"
 309 }
 310
 311 test_gretap_stp()
 312 {
 313         full_test_span_gre_stp gt4 $swp3 "mirror to gretap"
 314 }
 315
 316 test_ip6gretap_stp()
 317 {
 318         full_test_span_gre_stp gt6 $swp3 "mirror to ip6gretap"
 319 }
 320
 321 test_all()
 322 {
 323         slow_path_trap_install $swp1 ingress
 324         slow_path_trap_install $swp1 egress
 325
 326         tests_run
 327
 328         slow_path_trap_uninstall $swp1 egress
 329         slow_path_trap_uninstall $swp1 ingress
 330 }
 331
 332 trap cleanup EXIT
 333
 334 setup_prepare
 335 setup_wait
 336
 337 tcflags="skip_hw"
 338 test_all
 339
 340 if ! tc_offload_check; then
 341         echo "WARN: Could not test offloaded functionality"
 342 else
 343         tcflags="skip_sw"
 344         test_all
 345 fi
 346
 347 exit $EXIT_STATUS