1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# This test is for checking VXLAN MDB functionality. The topology consists of 5# two sets of namespaces: One for the testing of IPv4 underlay and another for 6# IPv6. In both cases, both IPv4 and IPv6 overlay traffic are tested. 7# 8# Data path functionality is tested by sending traffic from one of the upper 9# namespaces and checking using ingress tc filters that the expected traffic 10# was received by one of the lower namespaces. 11# 12# +------------------------------------+ +------------------------------------+ 13# | ns1_v4 | | ns1_v6 | 14# | | | | 15# | br0.10 br0.4000 br0.20 | | br0.10 br0.4000 br0.20 | 16# | + + + | | + + + | 17# | | | | | | | | | | 18# | | | | | | | | | | 19# | +---------+---------+ | | +---------+---------+ | 20# | | | | | | 21# | | | | | | 22# | + | | + | 23# | br0 | | br0 | 24# | + | | + | 25# | | | | | | 26# | | | | | | 27# | + | | + | 28# | vx0 | | vx0 | 29# | | | | 30# | | | | 31# | veth0 | | veth0 | 32# | + | | + | 33# +-----------------|------------------+ +-----------------|------------------+ 34# | | 35# +-----------------|------------------+ +-----------------|------------------+ 36# | + | | + | 37# | veth0 | | veth0 | 38# | | | | 39# | | | | 40# | vx0 | | vx0 | 41# | + | | + | 42# | | | | | | 43# | | | | | | 44# | + | | + | 45# | br0 | | br0 | 46# | + | | + | 47# | | | | | | 48# | | | | | | 49# | +---------+---------+ | | +---------+---------+ | 50# | | | | | | | | | | 51# | | | | | | | | | | 52# | + + + | | + + + | 53# | br0.10 br0.4000 br0.10 | | br0.10 br0.4000 br0.20 | 54# | | | | 55# | ns2_v4 | | ns2_v6 | 56# +------------------------------------+ +------------------------------------+ 57 58ret=0 59# Kselftest framework requirement - SKIP code is 4. 60ksft_skip=4 61 62CONTROL_PATH_TESTS=" 63 basic_star_g_ipv4_ipv4 64 basic_star_g_ipv6_ipv4 65 basic_star_g_ipv4_ipv6 66 basic_star_g_ipv6_ipv6 67 basic_sg_ipv4_ipv4 68 basic_sg_ipv6_ipv4 69 basic_sg_ipv4_ipv6 70 basic_sg_ipv6_ipv6 71 star_g_ipv4_ipv4 72 star_g_ipv6_ipv4 73 star_g_ipv4_ipv6 74 star_g_ipv6_ipv6 75 sg_ipv4_ipv4 76 sg_ipv6_ipv4 77 sg_ipv4_ipv6 78 sg_ipv6_ipv6 79 dump_ipv4_ipv4 80 dump_ipv6_ipv4 81 dump_ipv4_ipv6 82 dump_ipv6_ipv6 83" 84 85DATA_PATH_TESTS=" 86 encap_params_ipv4_ipv4 87 encap_params_ipv6_ipv4 88 encap_params_ipv4_ipv6 89 encap_params_ipv6_ipv6 90 starg_exclude_ir_ipv4_ipv4 91 starg_exclude_ir_ipv6_ipv4 92 starg_exclude_ir_ipv4_ipv6 93 starg_exclude_ir_ipv6_ipv6 94 starg_include_ir_ipv4_ipv4 95 starg_include_ir_ipv6_ipv4 96 starg_include_ir_ipv4_ipv6 97 starg_include_ir_ipv6_ipv6 98 starg_exclude_p2mp_ipv4_ipv4 99 starg_exclude_p2mp_ipv6_ipv4 100 starg_exclude_p2mp_ipv4_ipv6 101 starg_exclude_p2mp_ipv6_ipv6 102 starg_include_p2mp_ipv4_ipv4 103 starg_include_p2mp_ipv6_ipv4 104 starg_include_p2mp_ipv4_ipv6 105 starg_include_p2mp_ipv6_ipv6 106 egress_vni_translation_ipv4_ipv4 107 egress_vni_translation_ipv6_ipv4 108 egress_vni_translation_ipv4_ipv6 109 egress_vni_translation_ipv6_ipv6 110 all_zeros_mdb_ipv4 111 all_zeros_mdb_ipv6 112 mdb_fdb_ipv4_ipv4 113 mdb_fdb_ipv6_ipv4 114 mdb_fdb_ipv4_ipv6 115 mdb_fdb_ipv6_ipv6 116 mdb_torture_ipv4_ipv4 117 mdb_torture_ipv6_ipv4 118 mdb_torture_ipv4_ipv6 119 mdb_torture_ipv6_ipv6 120" 121 122# All tests in this script. Can be overridden with -t option. 123TESTS=" 124 $CONTROL_PATH_TESTS 125 $DATA_PATH_TESTS 126" 127VERBOSE=0 128PAUSE_ON_FAIL=no 129PAUSE=no 130 131################################################################################ 132# Utilities 133 134log_test() 135{ 136 local rc=$1 137 local expected=$2 138 local msg="$3" 139 140 if [ ${rc} -eq ${expected} ]; then 141 printf "TEST: %-60s [ OK ]\n" "${msg}" 142 nsuccess=$((nsuccess+1)) 143 else 144 ret=1 145 nfail=$((nfail+1)) 146 printf "TEST: %-60s [FAIL]\n" "${msg}" 147 if [ "$VERBOSE" = "1" ]; then 148 echo " rc=$rc, expected $expected" 149 fi 150 151 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 152 echo 153 echo "hit enter to continue, 'q' to quit" 154 read a 155 [ "$a" = "q" ] && exit 1 156 fi 157 fi 158 159 if [ "${PAUSE}" = "yes" ]; then 160 echo 161 echo "hit enter to continue, 'q' to quit" 162 read a 163 [ "$a" = "q" ] && exit 1 164 fi 165 166 [ "$VERBOSE" = "1" ] && echo 167} 168 169run_cmd() 170{ 171 local cmd="$1" 172 local out 173 local stderr="2>/dev/null" 174 175 if [ "$VERBOSE" = "1" ]; then 176 printf "COMMAND: $cmd\n" 177 stderr= 178 fi 179 180 out=$(eval $cmd $stderr) 181 rc=$? 182 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 183 echo " $out" 184 fi 185 186 return $rc 187} 188 189tc_check_packets() 190{ 191 local ns=$1; shift 192 local id=$1; shift 193 local handle=$1; shift 194 local count=$1; shift 195 local pkts 196 197 sleep 0.1 198 pkts=$(tc -n $ns -j -s filter show $id \ 199 | jq ".[] | select(.options.handle == $handle) | \ 200 .options.actions[0].stats.packets") 201 [[ $pkts == $count ]] 202} 203 204################################################################################ 205# Setup 206 207setup_common_ns() 208{ 209 local ns=$1; shift 210 local local_addr=$1; shift 211 212 ip netns exec $ns sysctl -qw net.ipv4.ip_forward=1 213 ip netns exec $ns sysctl -qw net.ipv4.fib_multipath_use_neigh=1 214 ip netns exec $ns sysctl -qw net.ipv4.conf.default.ignore_routes_with_linkdown=1 215 ip netns exec $ns sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 216 ip netns exec $ns sysctl -qw net.ipv6.conf.all.forwarding=1 217 ip netns exec $ns sysctl -qw net.ipv6.conf.default.forwarding=1 218 ip netns exec $ns sysctl -qw net.ipv6.conf.default.ignore_routes_with_linkdown=1 219 ip netns exec $ns sysctl -qw net.ipv6.conf.all.accept_dad=0 220 ip netns exec $ns sysctl -qw net.ipv6.conf.default.accept_dad=0 221 222 ip -n $ns link set dev lo up 223 ip -n $ns address add $local_addr dev lo 224 225 ip -n $ns link set dev veth0 up 226 227 ip -n $ns link add name br0 up type bridge vlan_filtering 1 \ 228 vlan_default_pvid 0 mcast_snooping 0 229 230 ip -n $ns link add link br0 name br0.10 up type vlan id 10 231 bridge -n $ns vlan add vid 10 dev br0 self 232 233 ip -n $ns link add link br0 name br0.20 up type vlan id 20 234 bridge -n $ns vlan add vid 20 dev br0 self 235 236 ip -n $ns link add link br0 name br0.4000 up type vlan id 4000 237 bridge -n $ns vlan add vid 4000 dev br0 self 238 239 ip -n $ns link add name vx0 up master br0 type vxlan \ 240 local $local_addr dstport 4789 external vnifilter 241 bridge -n $ns link set dev vx0 vlan_tunnel on 242 243 bridge -n $ns vlan add vid 10 dev vx0 244 bridge -n $ns vlan add vid 10 dev vx0 tunnel_info id 10010 245 bridge -n $ns vni add vni 10010 dev vx0 246 247 bridge -n $ns vlan add vid 20 dev vx0 248 bridge -n $ns vlan add vid 20 dev vx0 tunnel_info id 10020 249 bridge -n $ns vni add vni 10020 dev vx0 250 251 bridge -n $ns vlan add vid 4000 dev vx0 pvid 252 bridge -n $ns vlan add vid 4000 dev vx0 tunnel_info id 14000 253 bridge -n $ns vni add vni 14000 dev vx0 254} 255 256setup_common() 257{ 258 local ns1=$1; shift 259 local ns2=$1; shift 260 local local_addr1=$1; shift 261 local local_addr2=$1; shift 262 263 ip netns add $ns1 264 ip netns add $ns2 265 266 ip link add name veth0 type veth peer name veth1 267 ip link set dev veth0 netns $ns1 name veth0 268 ip link set dev veth1 netns $ns2 name veth0 269 270 setup_common_ns $ns1 $local_addr1 271 setup_common_ns $ns2 $local_addr2 272} 273 274setup_v4() 275{ 276 setup_common ns1_v4 ns2_v4 192.0.2.1 192.0.2.2 277 278 ip -n ns1_v4 address add 192.0.2.17/28 dev veth0 279 ip -n ns2_v4 address add 192.0.2.18/28 dev veth0 280 281 ip -n ns1_v4 route add default via 192.0.2.18 282 ip -n ns2_v4 route add default via 192.0.2.17 283} 284 285cleanup_v4() 286{ 287 ip netns del ns2_v4 288 ip netns del ns1_v4 289} 290 291setup_v6() 292{ 293 setup_common ns1_v6 ns2_v6 2001:db8:1::1 2001:db8:1::2 294 295 ip -n ns1_v6 address add 2001:db8:2::1/64 dev veth0 nodad 296 ip -n ns2_v6 address add 2001:db8:2::2/64 dev veth0 nodad 297 298 ip -n ns1_v6 route add default via 2001:db8:2::2 299 ip -n ns2_v6 route add default via 2001:db8:2::1 300} 301 302cleanup_v6() 303{ 304 ip netns del ns2_v6 305 ip netns del ns1_v6 306} 307 308setup() 309{ 310 set -e 311 312 setup_v4 313 setup_v6 314 315 sleep 5 316 317 set +e 318} 319 320cleanup() 321{ 322 cleanup_v6 &> /dev/null 323 cleanup_v4 &> /dev/null 324} 325 326################################################################################ 327# Tests - Control path 328 329basic_common() 330{ 331 local ns1=$1; shift 332 local grp_key=$1; shift 333 local vtep_ip=$1; shift 334 335 # Test basic control path operations common to all MDB entry types. 336 337 # Basic add, replace and delete behavior. 338 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 339 log_test $? 0 "MDB entry addition" 340 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\"" 341 log_test $? 0 "MDB entry presence after addition" 342 343 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 344 log_test $? 0 "MDB entry replacement" 345 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\"" 346 log_test $? 0 "MDB entry presence after replacement" 347 348 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 349 log_test $? 0 "MDB entry deletion" 350 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\"" 351 log_test $? 1 "MDB entry presence after deletion" 352 353 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 354 log_test $? 255 "Non-existent MDB entry deletion" 355 356 # Default protocol and replacement. 357 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 358 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"proto static\"" 359 log_test $? 0 "MDB entry default protocol" 360 361 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent proto 123 dst $vtep_ip src_vni 10010" 362 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"proto 123\"" 363 log_test $? 0 "MDB entry protocol replacement" 364 365 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 366 367 # Default destination port and replacement. 368 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 369 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \" dst_port \"" 370 log_test $? 1 "MDB entry default destination port" 371 372 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip dst_port 1234 src_vni 10010" 373 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"dst_port 1234\"" 374 log_test $? 0 "MDB entry destination port replacement" 375 376 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 377 378 # Default destination VNI and replacement. 379 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 380 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \" vni \"" 381 log_test $? 1 "MDB entry default destination VNI" 382 383 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni 1234 src_vni 10010" 384 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"vni 1234\"" 385 log_test $? 0 "MDB entry destination VNI replacement" 386 387 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 388 389 # Default outgoing interface and replacement. 390 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 391 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \" via \"" 392 log_test $? 1 "MDB entry default outgoing interface" 393 394 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010 via veth0" 395 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"via veth0\"" 396 log_test $? 0 "MDB entry outgoing interface replacement" 397 398 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 399 400 # Common error cases. 401 run_cmd "bridge -n $ns1 mdb add dev vx0 port veth0 $grp_key permanent dst $vtep_ip src_vni 10010" 402 log_test $? 255 "MDB entry with mismatch between device and port" 403 404 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key temp dst $vtep_ip src_vni 10010" 405 log_test $? 255 "MDB entry with temp state" 406 407 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent vid 10 dst $vtep_ip src_vni 10010" 408 log_test $? 255 "MDB entry with VLAN" 409 410 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp 01:02:03:04:05:06 permanent dst $vtep_ip src_vni 10010" 411 log_test $? 255 "MDB entry MAC address" 412 413 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent" 414 log_test $? 255 "MDB entry without extended parameters" 415 416 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent proto 3 dst $vtep_ip src_vni 10010" 417 log_test $? 255 "MDB entry with an invalid protocol" 418 419 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni $((2 ** 24)) src_vni 10010" 420 log_test $? 255 "MDB entry with an invalid destination VNI" 421 422 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni $((2 ** 24))" 423 log_test $? 255 "MDB entry with an invalid source VNI" 424 425 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent src_vni 10010" 426 log_test $? 255 "MDB entry without a remote destination IP" 427 428 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 429 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 430 log_test $? 255 "Duplicate MDB entries" 431 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 432} 433 434basic_star_g_ipv4_ipv4() 435{ 436 local ns1=ns1_v4 437 local grp_key="grp 239.1.1.1" 438 local vtep_ip=198.51.100.100 439 440 echo 441 echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv4 underlay" 442 echo "--------------------------------------------------------------------" 443 444 basic_common $ns1 "$grp_key" $vtep_ip 445} 446 447basic_star_g_ipv6_ipv4() 448{ 449 local ns1=ns1_v4 450 local grp_key="grp ff0e::1" 451 local vtep_ip=198.51.100.100 452 453 echo 454 echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv4 underlay" 455 echo "--------------------------------------------------------------------" 456 457 basic_common $ns1 "$grp_key" $vtep_ip 458} 459 460basic_star_g_ipv4_ipv6() 461{ 462 local ns1=ns1_v6 463 local grp_key="grp 239.1.1.1" 464 local vtep_ip=2001:db8:1000::1 465 466 echo 467 echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv6 underlay" 468 echo "--------------------------------------------------------------------" 469 470 basic_common $ns1 "$grp_key" $vtep_ip 471} 472 473basic_star_g_ipv6_ipv6() 474{ 475 local ns1=ns1_v6 476 local grp_key="grp ff0e::1" 477 local vtep_ip=2001:db8:1000::1 478 479 echo 480 echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv6 underlay" 481 echo "--------------------------------------------------------------------" 482 483 basic_common $ns1 "$grp_key" $vtep_ip 484} 485 486basic_sg_ipv4_ipv4() 487{ 488 local ns1=ns1_v4 489 local grp_key="grp 239.1.1.1 src 192.0.2.129" 490 local vtep_ip=198.51.100.100 491 492 echo 493 echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv4 underlay" 494 echo "--------------------------------------------------------------------" 495 496 basic_common $ns1 "$grp_key" $vtep_ip 497} 498 499basic_sg_ipv6_ipv4() 500{ 501 local ns1=ns1_v4 502 local grp_key="grp ff0e::1 src 2001:db8:100::1" 503 local vtep_ip=198.51.100.100 504 505 echo 506 echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv4 underlay" 507 echo "---------------------------------------------------------------------" 508 509 basic_common $ns1 "$grp_key" $vtep_ip 510} 511 512basic_sg_ipv4_ipv6() 513{ 514 local ns1=ns1_v6 515 local grp_key="grp 239.1.1.1 src 192.0.2.129" 516 local vtep_ip=2001:db8:1000::1 517 518 echo 519 echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv6 underlay" 520 echo "--------------------------------------------------------------------" 521 522 basic_common $ns1 "$grp_key" $vtep_ip 523} 524 525basic_sg_ipv6_ipv6() 526{ 527 local ns1=ns1_v6 528 local grp_key="grp ff0e::1 src 2001:db8:100::1" 529 local vtep_ip=2001:db8:1000::1 530 531 echo 532 echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv6 underlay" 533 echo "--------------------------------------------------------------------" 534 535 basic_common $ns1 "$grp_key" $vtep_ip 536} 537 538star_g_common() 539{ 540 local ns1=$1; shift 541 local grp=$1; shift 542 local src1=$1; shift 543 local src2=$1; shift 544 local src3=$1; shift 545 local vtep_ip=$1; shift 546 local all_zeros_grp=$1; shift 547 548 # Test control path operations specific to (*, G) entries. 549 550 # Basic add, replace and delete behavior. 551 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 552 log_test $? 0 "(*, G) MDB entry addition with source list" 553 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \"" 554 log_test $? 0 "(*, G) MDB entry presence after addition" 555 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 556 log_test $? 0 "(S, G) MDB entry presence after addition" 557 558 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 559 log_test $? 0 "(*, G) MDB entry replacement with source list" 560 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \"" 561 log_test $? 0 "(*, G) MDB entry presence after replacement" 562 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 563 log_test $? 0 "(S, G) MDB entry presence after replacement" 564 565 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 566 log_test $? 0 "(*, G) MDB entry deletion" 567 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \"" 568 log_test $? 1 "(*, G) MDB entry presence after deletion" 569 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 570 log_test $? 1 "(S, G) MDB entry presence after deletion" 571 572 # Default filter mode and replacement. 573 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010" 574 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep exclude" 575 log_test $? 0 "(*, G) MDB entry default filter mode" 576 577 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $src1 dst $vtep_ip src_vni 10010" 578 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep include" 579 log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"include\"" 580 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 581 log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"include\"" 582 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\" | grep blocked" 583 log_test $? 1 "\"blocked\" flag after replacing filter mode to \"include\"" 584 585 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 586 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep exclude" 587 log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"exclude\"" 588 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 589 log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"exclude\"" 590 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\" | grep blocked" 591 log_test $? 0 "\"blocked\" flag after replacing filter mode to \"exclude\"" 592 593 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 594 595 # Default source list and replacement. 596 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010" 597 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep source_list" 598 log_test $? 1 "(*, G) MDB entry default source list" 599 600 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src2,$src3 dst $vtep_ip src_vni 10010" 601 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 602 log_test $? 0 "(S, G) MDB entry of 1st source after replacing source list" 603 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src2\"" 604 log_test $? 0 "(S, G) MDB entry of 2nd source after replacing source list" 605 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src3\"" 606 log_test $? 0 "(S, G) MDB entry of 3rd source after replacing source list" 607 608 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src3 dst $vtep_ip src_vni 10010" 609 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 610 log_test $? 0 "(S, G) MDB entry of 1st source after removing source" 611 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src2\"" 612 log_test $? 1 "(S, G) MDB entry of 2nd source after removing source" 613 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src3\"" 614 log_test $? 0 "(S, G) MDB entry of 3rd source after removing source" 615 616 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 617 618 # Default protocol and replacement. 619 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 620 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \"proto static\"" 621 log_test $? 0 "(*, G) MDB entry default protocol" 622 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \"proto static\"" 623 log_test $? 0 "(S, G) MDB entry default protocol" 624 625 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 proto bgp dst $vtep_ip src_vni 10010" 626 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \"proto bgp\"" 627 log_test $? 0 "(*, G) MDB entry protocol after replacement" 628 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \"proto bgp\"" 629 log_test $? 0 "(S, G) MDB entry protocol after replacement" 630 631 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 632 633 # Default destination port and replacement. 634 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 635 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" dst_port \"" 636 log_test $? 1 "(*, G) MDB entry default destination port" 637 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" dst_port \"" 638 log_test $? 1 "(S, G) MDB entry default destination port" 639 640 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip dst_port 1234 src_vni 10010" 641 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" dst_port 1234 \"" 642 log_test $? 0 "(*, G) MDB entry destination port after replacement" 643 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" dst_port 1234 \"" 644 log_test $? 0 "(S, G) MDB entry destination port after replacement" 645 646 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 647 648 # Default destination VNI and replacement. 649 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 650 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" vni \"" 651 log_test $? 1 "(*, G) MDB entry default destination VNI" 652 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" vni \"" 653 log_test $? 1 "(S, G) MDB entry default destination VNI" 654 655 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip vni 1234 src_vni 10010" 656 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" vni 1234 \"" 657 log_test $? 0 "(*, G) MDB entry destination VNI after replacement" 658 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" vni 1234 \"" 659 log_test $? 0 "(S, G) MDB entry destination VNI after replacement" 660 661 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 662 663 # Default outgoing interface and replacement. 664 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 665 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" via \"" 666 log_test $? 1 "(*, G) MDB entry default outgoing interface" 667 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" via \"" 668 log_test $? 1 "(S, G) MDB entry default outgoing interface" 669 670 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010 via veth0" 671 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" via veth0 \"" 672 log_test $? 0 "(*, G) MDB entry outgoing interface after replacement" 673 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" via veth0 \"" 674 log_test $? 0 "(S, G) MDB entry outgoing interface after replacement" 675 676 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 677 678 # Error cases. 679 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent filter_mode exclude dst $vtep_ip src_vni 10010" 680 log_test $? 255 "All-zeros group with filter mode" 681 682 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent source_list $src1 dst $vtep_ip src_vni 10010" 683 log_test $? 255 "All-zeros group with source list" 684 685 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode include dst $vtep_ip src_vni 10010" 686 log_test $? 255 "(*, G) INCLUDE with an empty source list" 687 688 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $grp dst $vtep_ip src_vni 10010" 689 log_test $? 255 "Invalid source in source list" 690 691 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent source_list $src1 dst $vtep_ip src_vni 10010" 692 log_test $? 255 "Source list without filter mode" 693} 694 695star_g_ipv4_ipv4() 696{ 697 local ns1=ns1_v4 698 local grp=239.1.1.1 699 local src1=192.0.2.129 700 local src2=192.0.2.130 701 local src3=192.0.2.131 702 local vtep_ip=198.51.100.100 703 local all_zeros_grp=0.0.0.0 704 705 echo 706 echo "Control path: (*, G) operations - IPv4 overlay / IPv4 underlay" 707 echo "--------------------------------------------------------------" 708 709 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 710} 711 712star_g_ipv6_ipv4() 713{ 714 local ns1=ns1_v4 715 local grp=ff0e::1 716 local src1=2001:db8:100::1 717 local src2=2001:db8:100::2 718 local src3=2001:db8:100::3 719 local vtep_ip=198.51.100.100 720 local all_zeros_grp=:: 721 722 echo 723 echo "Control path: (*, G) operations - IPv6 overlay / IPv4 underlay" 724 echo "--------------------------------------------------------------" 725 726 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 727} 728 729star_g_ipv4_ipv6() 730{ 731 local ns1=ns1_v6 732 local grp=239.1.1.1 733 local src1=192.0.2.129 734 local src2=192.0.2.130 735 local src3=192.0.2.131 736 local vtep_ip=2001:db8:1000::1 737 local all_zeros_grp=0.0.0.0 738 739 echo 740 echo "Control path: (*, G) operations - IPv4 overlay / IPv6 underlay" 741 echo "--------------------------------------------------------------" 742 743 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 744} 745 746star_g_ipv6_ipv6() 747{ 748 local ns1=ns1_v6 749 local grp=ff0e::1 750 local src1=2001:db8:100::1 751 local src2=2001:db8:100::2 752 local src3=2001:db8:100::3 753 local vtep_ip=2001:db8:1000::1 754 local all_zeros_grp=:: 755 756 echo 757 echo "Control path: (*, G) operations - IPv6 overlay / IPv6 underlay" 758 echo "--------------------------------------------------------------" 759 760 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 761} 762 763sg_common() 764{ 765 local ns1=$1; shift 766 local grp=$1; shift 767 local src=$1; shift 768 local vtep_ip=$1; shift 769 local all_zeros_grp=$1; shift 770 771 # Test control path operations specific to (S, G) entries. 772 773 # Default filter mode. 774 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010" 775 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep include" 776 log_test $? 0 "(S, G) MDB entry default filter mode" 777 778 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010" 779 780 # Error cases. 781 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent filter_mode include dst $vtep_ip src_vni 10010" 782 log_test $? 255 "(S, G) with filter mode" 783 784 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent source_list $src dst $vtep_ip src_vni 10010" 785 log_test $? 255 "(S, G) with source list" 786 787 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $grp permanent dst $vtep_ip src_vni 10010" 788 log_test $? 255 "(S, G) with an invalid source list" 789 790 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp src $src permanent dst $vtep_ip src_vni 10010" 791 log_test $? 255 "All-zeros group with source" 792} 793 794sg_ipv4_ipv4() 795{ 796 local ns1=ns1_v4 797 local grp=239.1.1.1 798 local src=192.0.2.129 799 local vtep_ip=198.51.100.100 800 local all_zeros_grp=0.0.0.0 801 802 echo 803 echo "Control path: (S, G) operations - IPv4 overlay / IPv4 underlay" 804 echo "--------------------------------------------------------------" 805 806 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 807} 808 809sg_ipv6_ipv4() 810{ 811 local ns1=ns1_v4 812 local grp=ff0e::1 813 local src=2001:db8:100::1 814 local vtep_ip=198.51.100.100 815 local all_zeros_grp=:: 816 817 echo 818 echo "Control path: (S, G) operations - IPv6 overlay / IPv4 underlay" 819 echo "--------------------------------------------------------------" 820 821 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 822} 823 824sg_ipv4_ipv6() 825{ 826 local ns1=ns1_v6 827 local grp=239.1.1.1 828 local src=192.0.2.129 829 local vtep_ip=2001:db8:1000::1 830 local all_zeros_grp=0.0.0.0 831 832 echo 833 echo "Control path: (S, G) operations - IPv4 overlay / IPv6 underlay" 834 echo "--------------------------------------------------------------" 835 836 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 837} 838 839sg_ipv6_ipv6() 840{ 841 local ns1=ns1_v6 842 local grp=ff0e::1 843 local src=2001:db8:100::1 844 local vtep_ip=2001:db8:1000::1 845 local all_zeros_grp=:: 846 847 echo 848 echo "Control path: (S, G) operations - IPv6 overlay / IPv6 underlay" 849 echo "--------------------------------------------------------------" 850 851 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 852} 853 854ipv4_grps_get() 855{ 856 local max_grps=$1; shift 857 local i 858 859 for i in $(seq 0 $((max_grps - 1))); do 860 echo "239.1.1.$i" 861 done 862} 863 864ipv6_grps_get() 865{ 866 local max_grps=$1; shift 867 local i 868 869 for i in $(seq 0 $((max_grps - 1))); do 870 echo "ff0e::$(printf %x $i)" 871 done 872} 873 874dump_common() 875{ 876 local ns1=$1; shift 877 local local_addr=$1; shift 878 local remote_prefix=$1; shift 879 local fn=$1; shift 880 local max_vxlan_devs=2 881 local max_remotes=64 882 local max_grps=256 883 local num_entries 884 local batch_file 885 local grp 886 local i j 887 888 # The kernel maintains various markers for the MDB dump. Add a test for 889 # large scale MDB dump to make sure that all the configured entries are 890 # dumped and that the markers are used correctly. 891 892 # Create net devices. 893 for i in $(seq 1 $max_vxlan_devs); do 894 ip -n $ns1 link add name vx-test${i} up type vxlan \ 895 local $local_addr dstport 4789 external vnifilter 896 done 897 898 # Create batch file with MDB entries. 899 batch_file=$(mktemp) 900 for i in $(seq 1 $max_vxlan_devs); do 901 for j in $(seq 1 $max_remotes); do 902 for grp in $($fn $max_grps); do 903 echo "mdb add dev vx-test${i} port vx-test${i} grp $grp permanent dst ${remote_prefix}${j}" >> $batch_file 904 done 905 done 906 done 907 908 # Program the batch file and check for expected number of entries. 909 bridge -n $ns1 -b $batch_file 910 for i in $(seq 1 $max_vxlan_devs); do 911 num_entries=$(bridge -n $ns1 mdb show dev vx-test${i} | grep "permanent" | wc -l) 912 [[ $num_entries -eq $((max_grps * max_remotes)) ]] 913 log_test $? 0 "Large scale dump - VXLAN device #$i" 914 done 915 916 rm -rf $batch_file 917} 918 919dump_ipv4_ipv4() 920{ 921 local ns1=ns1_v4 922 local local_addr=192.0.2.1 923 local remote_prefix=198.51.100. 924 local fn=ipv4_grps_get 925 926 echo 927 echo "Control path: Large scale MDB dump - IPv4 overlay / IPv4 underlay" 928 echo "-----------------------------------------------------------------" 929 930 dump_common $ns1 $local_addr $remote_prefix $fn 931} 932 933dump_ipv6_ipv4() 934{ 935 local ns1=ns1_v4 936 local local_addr=192.0.2.1 937 local remote_prefix=198.51.100. 938 local fn=ipv6_grps_get 939 940 echo 941 echo "Control path: Large scale MDB dump - IPv6 overlay / IPv4 underlay" 942 echo "-----------------------------------------------------------------" 943 944 dump_common $ns1 $local_addr $remote_prefix $fn 945} 946 947dump_ipv4_ipv6() 948{ 949 local ns1=ns1_v6 950 local local_addr=2001:db8:1::1 951 local remote_prefix=2001:db8:1000:: 952 local fn=ipv4_grps_get 953 954 echo 955 echo "Control path: Large scale MDB dump - IPv4 overlay / IPv6 underlay" 956 echo "-----------------------------------------------------------------" 957 958 dump_common $ns1 $local_addr $remote_prefix $fn 959} 960 961dump_ipv6_ipv6() 962{ 963 local ns1=ns1_v6 964 local local_addr=2001:db8:1::1 965 local remote_prefix=2001:db8:1000:: 966 local fn=ipv6_grps_get 967 968 echo 969 echo "Control path: Large scale MDB dump - IPv6 overlay / IPv6 underlay" 970 echo "-----------------------------------------------------------------" 971 972 dump_common $ns1 $local_addr $remote_prefix $fn 973} 974 975################################################################################ 976# Tests - Data path 977 978encap_params_common() 979{ 980 local ns1=$1; shift 981 local ns2=$1; shift 982 local vtep1_ip=$1; shift 983 local vtep2_ip=$1; shift 984 local plen=$1; shift 985 local enc_ethtype=$1; shift 986 local grp=$1; shift 987 local grp_dmac=$1; shift 988 local src=$1; shift 989 local mz=$1; shift 990 991 # Test that packets forwarded by the VXLAN MDB are encapsulated with 992 # the correct parameters. Transmit packets from the first namespace and 993 # check that they hit the corresponding filters on the ingress of the 994 # second namespace. 995 996 run_cmd "tc -n $ns2 qdisc replace dev veth0 clsact" 997 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 998 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 999 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1000 1001 # Check destination IP. 1002 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1003 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep2_ip src_vni 10020" 1004 1005 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1006 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1007 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1008 log_test $? 0 "Destination IP - match" 1009 1010 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1011 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1012 log_test $? 0 "Destination IP - no match" 1013 1014 run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower" 1015 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10020" 1016 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 1017 1018 # Check destination port. 1019 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1020 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip dst_port 1111 src_vni 10020" 1021 1022 run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 4789 action pass" 1023 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1024 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1025 log_test $? 0 "Default destination port - match" 1026 1027 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1028 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1029 log_test $? 0 "Default destination port - no match" 1030 1031 run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 1111 action pass" 1032 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1033 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1034 log_test $? 0 "Non-default destination port - match" 1035 1036 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1037 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1038 log_test $? 0 "Non-default destination port - no match" 1039 1040 run_cmd "tc -n $ns2 filter del dev veth0 ingress pref 1 handle 101 flower" 1041 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020" 1042 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 1043 1044 # Check default VNI. 1045 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1046 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10020" 1047 1048 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10010 action pass" 1049 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1050 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1051 log_test $? 0 "Default destination VNI - match" 1052 1053 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1054 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1055 log_test $? 0 "Default destination VNI - no match" 1056 1057 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10020 src_vni 10010" 1058 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10010 src_vni 10020" 1059 1060 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10020 action pass" 1061 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1062 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1063 log_test $? 0 "Non-default destination VNI - match" 1064 1065 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1066 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1067 log_test $? 0 "Non-default destination VNI - no match" 1068 1069 run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower" 1070 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020" 1071 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 1072} 1073 1074encap_params_ipv4_ipv4() 1075{ 1076 local ns1=ns1_v4 1077 local ns2=ns2_v4 1078 local vtep1_ip=198.51.100.100 1079 local vtep2_ip=198.51.100.200 1080 local plen=32 1081 local enc_ethtype="ip" 1082 local grp=239.1.1.1 1083 local grp_dmac=01:00:5e:01:01:01 1084 local src=192.0.2.129 1085 1086 echo 1087 echo "Data path: Encapsulation parameters - IPv4 overlay / IPv4 underlay" 1088 echo "------------------------------------------------------------------" 1089 1090 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1091 $grp $grp_dmac $src "mausezahn" 1092} 1093 1094encap_params_ipv6_ipv4() 1095{ 1096 local ns1=ns1_v4 1097 local ns2=ns2_v4 1098 local vtep1_ip=198.51.100.100 1099 local vtep2_ip=198.51.100.200 1100 local plen=32 1101 local enc_ethtype="ip" 1102 local grp=ff0e::1 1103 local grp_dmac=33:33:00:00:00:01 1104 local src=2001:db8:100::1 1105 1106 echo 1107 echo "Data path: Encapsulation parameters - IPv6 overlay / IPv4 underlay" 1108 echo "------------------------------------------------------------------" 1109 1110 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1111 $grp $grp_dmac $src "mausezahn -6" 1112} 1113 1114encap_params_ipv4_ipv6() 1115{ 1116 local ns1=ns1_v6 1117 local ns2=ns2_v6 1118 local vtep1_ip=2001:db8:1000::1 1119 local vtep2_ip=2001:db8:2000::1 1120 local plen=128 1121 local enc_ethtype="ipv6" 1122 local grp=239.1.1.1 1123 local grp_dmac=01:00:5e:01:01:01 1124 local src=192.0.2.129 1125 1126 echo 1127 echo "Data path: Encapsulation parameters - IPv4 overlay / IPv6 underlay" 1128 echo "------------------------------------------------------------------" 1129 1130 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1131 $grp $grp_dmac $src "mausezahn" 1132} 1133 1134encap_params_ipv6_ipv6() 1135{ 1136 local ns1=ns1_v6 1137 local ns2=ns2_v6 1138 local vtep1_ip=2001:db8:1000::1 1139 local vtep2_ip=2001:db8:2000::1 1140 local plen=128 1141 local enc_ethtype="ipv6" 1142 local grp=ff0e::1 1143 local grp_dmac=33:33:00:00:00:01 1144 local src=2001:db8:100::1 1145 1146 echo 1147 echo "Data path: Encapsulation parameters - IPv6 overlay / IPv6 underlay" 1148 echo "------------------------------------------------------------------" 1149 1150 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1151 $grp $grp_dmac $src "mausezahn -6" 1152} 1153 1154starg_exclude_ir_common() 1155{ 1156 local ns1=$1; shift 1157 local ns2=$1; shift 1158 local vtep1_ip=$1; shift 1159 local vtep2_ip=$1; shift 1160 local plen=$1; shift 1161 local grp=$1; shift 1162 local grp_dmac=$1; shift 1163 local valid_src=$1; shift 1164 local invalid_src=$1; shift 1165 local mz=$1; shift 1166 1167 # Install a (*, G) EXCLUDE MDB entry with one source and two remote 1168 # VTEPs. Make sure that the source in the source list is not forwarded 1169 # and that a source not in the list is forwarded. Remove one of the 1170 # VTEPs from the entry and make sure that packets are only forwarded to 1171 # the remaining VTEP. 1172 1173 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1174 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1175 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1176 1177 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1178 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1179 1180 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep1_ip src_vni 10010" 1181 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep2_ip src_vni 10010" 1182 1183 # Check that invalid source is not forwarded to any VTEP. 1184 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1185 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1186 log_test $? 0 "Block excluded source - first VTEP" 1187 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1188 log_test $? 0 "Block excluded source - second VTEP" 1189 1190 # Check that valid source is forwarded to both VTEPs. 1191 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1192 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1193 log_test $? 0 "Forward valid source - first VTEP" 1194 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1195 log_test $? 0 "Forward valid source - second VTEP" 1196 1197 # Remove second VTEP. 1198 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010" 1199 1200 # Check that invalid source is not forwarded to any VTEP. 1201 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1202 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1203 log_test $? 0 "Block excluded source after removal - first VTEP" 1204 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1205 log_test $? 0 "Block excluded source after removal - second VTEP" 1206 1207 # Check that valid source is forwarded to the remaining VTEP. 1208 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1209 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1210 log_test $? 0 "Forward valid source after removal - first VTEP" 1211 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1212 log_test $? 0 "Forward valid source after removal - second VTEP" 1213} 1214 1215starg_exclude_ir_ipv4_ipv4() 1216{ 1217 local ns1=ns1_v4 1218 local ns2=ns2_v4 1219 local vtep1_ip=198.51.100.100 1220 local vtep2_ip=198.51.100.200 1221 local plen=32 1222 local grp=239.1.1.1 1223 local grp_dmac=01:00:5e:01:01:01 1224 local valid_src=192.0.2.129 1225 local invalid_src=192.0.2.145 1226 1227 echo 1228 echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv4 underlay" 1229 echo "-------------------------------------------------------------" 1230 1231 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1232 $grp_dmac $valid_src $invalid_src "mausezahn" 1233} 1234 1235starg_exclude_ir_ipv6_ipv4() 1236{ 1237 local ns1=ns1_v4 1238 local ns2=ns2_v4 1239 local vtep1_ip=198.51.100.100 1240 local vtep2_ip=198.51.100.200 1241 local plen=32 1242 local grp=ff0e::1 1243 local grp_dmac=33:33:00:00:00:01 1244 local valid_src=2001:db8:100::1 1245 local invalid_src=2001:db8:200::1 1246 1247 echo 1248 echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv4 underlay" 1249 echo "-------------------------------------------------------------" 1250 1251 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1252 $grp_dmac $valid_src $invalid_src "mausezahn -6" 1253} 1254 1255starg_exclude_ir_ipv4_ipv6() 1256{ 1257 local ns1=ns1_v6 1258 local ns2=ns2_v6 1259 local vtep1_ip=2001:db8:1000::1 1260 local vtep2_ip=2001:db8:2000::1 1261 local plen=128 1262 local grp=239.1.1.1 1263 local grp_dmac=01:00:5e:01:01:01 1264 local valid_src=192.0.2.129 1265 local invalid_src=192.0.2.145 1266 1267 echo 1268 echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv6 underlay" 1269 echo "-------------------------------------------------------------" 1270 1271 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1272 $grp_dmac $valid_src $invalid_src "mausezahn" 1273} 1274 1275starg_exclude_ir_ipv6_ipv6() 1276{ 1277 local ns1=ns1_v6 1278 local ns2=ns2_v6 1279 local vtep1_ip=2001:db8:1000::1 1280 local vtep2_ip=2001:db8:2000::1 1281 local plen=128 1282 local grp=ff0e::1 1283 local grp_dmac=33:33:00:00:00:01 1284 local valid_src=2001:db8:100::1 1285 local invalid_src=2001:db8:200::1 1286 1287 echo 1288 echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv6 underlay" 1289 echo "-------------------------------------------------------------" 1290 1291 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1292 $grp_dmac $valid_src $invalid_src "mausezahn -6" 1293} 1294 1295starg_include_ir_common() 1296{ 1297 local ns1=$1; shift 1298 local ns2=$1; shift 1299 local vtep1_ip=$1; shift 1300 local vtep2_ip=$1; shift 1301 local plen=$1; shift 1302 local grp=$1; shift 1303 local grp_dmac=$1; shift 1304 local valid_src=$1; shift 1305 local invalid_src=$1; shift 1306 local mz=$1; shift 1307 1308 # Install a (*, G) INCLUDE MDB entry with one source and two remote 1309 # VTEPs. Make sure that the source in the source list is forwarded and 1310 # that a source not in the list is not forwarded. Remove one of the 1311 # VTEPs from the entry and make sure that packets are only forwarded to 1312 # the remaining VTEP. 1313 1314 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1315 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1316 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1317 1318 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1319 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1320 1321 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep1_ip src_vni 10010" 1322 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep2_ip src_vni 10010" 1323 1324 # Check that invalid source is not forwarded to any VTEP. 1325 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1326 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1327 log_test $? 0 "Block excluded source - first VTEP" 1328 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1329 log_test $? 0 "Block excluded source - second VTEP" 1330 1331 # Check that valid source is forwarded to both VTEPs. 1332 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1333 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1334 log_test $? 0 "Forward valid source - first VTEP" 1335 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1336 log_test $? 0 "Forward valid source - second VTEP" 1337 1338 # Remove second VTEP. 1339 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010" 1340 1341 # Check that invalid source is not forwarded to any VTEP. 1342 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1343 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1344 log_test $? 0 "Block excluded source after removal - first VTEP" 1345 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1346 log_test $? 0 "Block excluded source after removal - second VTEP" 1347 1348 # Check that valid source is forwarded to the remaining VTEP. 1349 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1350 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1351 log_test $? 0 "Forward valid source after removal - first VTEP" 1352 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1353 log_test $? 0 "Forward valid source after removal - second VTEP" 1354} 1355 1356starg_include_ir_ipv4_ipv4() 1357{ 1358 local ns1=ns1_v4 1359 local ns2=ns2_v4 1360 local vtep1_ip=198.51.100.100 1361 local vtep2_ip=198.51.100.200 1362 local plen=32 1363 local grp=239.1.1.1 1364 local grp_dmac=01:00:5e:01:01:01 1365 local valid_src=192.0.2.129 1366 local invalid_src=192.0.2.145 1367 1368 echo 1369 echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv4 underlay" 1370 echo "-------------------------------------------------------------" 1371 1372 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1373 $grp_dmac $valid_src $invalid_src "mausezahn" 1374} 1375 1376starg_include_ir_ipv6_ipv4() 1377{ 1378 local ns1=ns1_v4 1379 local ns2=ns2_v4 1380 local vtep1_ip=198.51.100.100 1381 local vtep2_ip=198.51.100.200 1382 local plen=32 1383 local grp=ff0e::1 1384 local grp_dmac=33:33:00:00:00:01 1385 local valid_src=2001:db8:100::1 1386 local invalid_src=2001:db8:200::1 1387 1388 echo 1389 echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv4 underlay" 1390 echo "-------------------------------------------------------------" 1391 1392 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1393 $grp_dmac $valid_src $invalid_src "mausezahn -6" 1394} 1395 1396starg_include_ir_ipv4_ipv6() 1397{ 1398 local ns1=ns1_v6 1399 local ns2=ns2_v6 1400 local vtep1_ip=2001:db8:1000::1 1401 local vtep2_ip=2001:db8:2000::1 1402 local plen=128 1403 local grp=239.1.1.1 1404 local grp_dmac=01:00:5e:01:01:01 1405 local valid_src=192.0.2.129 1406 local invalid_src=192.0.2.145 1407 1408 echo 1409 echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv6 underlay" 1410 echo "-------------------------------------------------------------" 1411 1412 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1413 $grp_dmac $valid_src $invalid_src "mausezahn" 1414} 1415 1416starg_include_ir_ipv6_ipv6() 1417{ 1418 local ns1=ns1_v6 1419 local ns2=ns2_v6 1420 local vtep1_ip=2001:db8:1000::1 1421 local vtep2_ip=2001:db8:2000::1 1422 local plen=128 1423 local grp=ff0e::1 1424 local grp_dmac=33:33:00:00:00:01 1425 local valid_src=2001:db8:100::1 1426 local invalid_src=2001:db8:200::1 1427 1428 echo 1429 echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv6 underlay" 1430 echo "-------------------------------------------------------------" 1431 1432 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1433 $grp_dmac $valid_src $invalid_src "mausezahn -6" 1434} 1435 1436starg_exclude_p2mp_common() 1437{ 1438 local ns1=$1; shift 1439 local ns2=$1; shift 1440 local mcast_grp=$1; shift 1441 local plen=$1; shift 1442 local grp=$1; shift 1443 local grp_dmac=$1; shift 1444 local valid_src=$1; shift 1445 local invalid_src=$1; shift 1446 local mz=$1; shift 1447 1448 # Install a (*, G) EXCLUDE MDB entry with one source and one multicast 1449 # group to which packets are sent. Make sure that the source in the 1450 # source list is not forwarded and that a source not in the list is 1451 # forwarded. 1452 1453 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1454 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin" 1455 1456 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $mcast_grp action pass" 1457 1458 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $mcast_grp src_vni 10010 via veth0" 1459 1460 # Check that invalid source is not forwarded. 1461 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1462 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1463 log_test $? 0 "Block excluded source" 1464 1465 # Check that valid source is forwarded. 1466 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1467 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1468 log_test $? 0 "Forward valid source" 1469 1470 # Remove the VTEP from the multicast group. 1471 run_cmd "ip -n $ns2 address del $mcast_grp/$plen dev veth0" 1472 1473 # Check that valid source is not received anymore. 1474 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1475 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1476 log_test $? 0 "Receive of valid source after removal from group" 1477} 1478 1479starg_exclude_p2mp_ipv4_ipv4() 1480{ 1481 local ns1=ns1_v4 1482 local ns2=ns2_v4 1483 local mcast_grp=238.1.1.1 1484 local plen=32 1485 local grp=239.1.1.1 1486 local grp_dmac=01:00:5e:01:01:01 1487 local valid_src=192.0.2.129 1488 local invalid_src=192.0.2.145 1489 1490 echo 1491 echo "Data path: (*, G) EXCLUDE - P2MP - IPv4 overlay / IPv4 underlay" 1492 echo "---------------------------------------------------------------" 1493 1494 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \ 1495 $valid_src $invalid_src "mausezahn" 1496} 1497 1498starg_exclude_p2mp_ipv6_ipv4() 1499{ 1500 local ns1=ns1_v4 1501 local ns2=ns2_v4 1502 local mcast_grp=238.1.1.1 1503 local plen=32 1504 local grp=ff0e::1 1505 local grp_dmac=33:33:00:00:00:01 1506 local valid_src=2001:db8:100::1 1507 local invalid_src=2001:db8:200::1 1508 1509 echo 1510 echo "Data path: (*, G) EXCLUDE - P2MP - IPv6 overlay / IPv4 underlay" 1511 echo "---------------------------------------------------------------" 1512 1513 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \ 1514 $valid_src $invalid_src "mausezahn -6" 1515} 1516 1517starg_exclude_p2mp_ipv4_ipv6() 1518{ 1519 local ns1=ns1_v6 1520 local ns2=ns2_v6 1521 local mcast_grp=ff0e::2 1522 local plen=128 1523 local grp=239.1.1.1 1524 local grp_dmac=01:00:5e:01:01:01 1525 local valid_src=192.0.2.129 1526 local invalid_src=192.0.2.145 1527 1528 echo 1529 echo "Data path: (*, G) EXCLUDE - P2MP - IPv4 overlay / IPv6 underlay" 1530 echo "---------------------------------------------------------------" 1531 1532 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \ 1533 $valid_src $invalid_src "mausezahn" 1534} 1535 1536starg_exclude_p2mp_ipv6_ipv6() 1537{ 1538 local ns1=ns1_v6 1539 local ns2=ns2_v6 1540 local mcast_grp=ff0e::2 1541 local plen=128 1542 local grp=ff0e::1 1543 local grp_dmac=33:33:00:00:00:01 1544 local valid_src=2001:db8:100::1 1545 local invalid_src=2001:db8:200::1 1546 1547 echo 1548 echo "Data path: (*, G) EXCLUDE - P2MP - IPv6 overlay / IPv6 underlay" 1549 echo "---------------------------------------------------------------" 1550 1551 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \ 1552 $valid_src $invalid_src "mausezahn -6" 1553} 1554 1555starg_include_p2mp_common() 1556{ 1557 local ns1=$1; shift 1558 local ns2=$1; shift 1559 local mcast_grp=$1; shift 1560 local plen=$1; shift 1561 local grp=$1; shift 1562 local grp_dmac=$1; shift 1563 local valid_src=$1; shift 1564 local invalid_src=$1; shift 1565 local mz=$1; shift 1566 1567 # Install a (*, G) INCLUDE MDB entry with one source and one multicast 1568 # group to which packets are sent. Make sure that the source in the 1569 # source list is forwarded and that a source not in the list is not 1570 # forwarded. 1571 1572 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1573 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin" 1574 1575 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $mcast_grp action pass" 1576 1577 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $mcast_grp src_vni 10010 via veth0" 1578 1579 # Check that invalid source is not forwarded. 1580 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1581 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1582 log_test $? 0 "Block excluded source" 1583 1584 # Check that valid source is forwarded. 1585 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1586 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1587 log_test $? 0 "Forward valid source" 1588 1589 # Remove the VTEP from the multicast group. 1590 run_cmd "ip -n $ns2 address del $mcast_grp/$plen dev veth0" 1591 1592 # Check that valid source is not received anymore. 1593 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1594 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1595 log_test $? 0 "Receive of valid source after removal from group" 1596} 1597 1598starg_include_p2mp_ipv4_ipv4() 1599{ 1600 local ns1=ns1_v4 1601 local ns2=ns2_v4 1602 local mcast_grp=238.1.1.1 1603 local plen=32 1604 local grp=239.1.1.1 1605 local grp_dmac=01:00:5e:01:01:01 1606 local valid_src=192.0.2.129 1607 local invalid_src=192.0.2.145 1608 1609 echo 1610 echo "Data path: (*, G) INCLUDE - P2MP - IPv4 overlay / IPv4 underlay" 1611 echo "---------------------------------------------------------------" 1612 1613 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \ 1614 $valid_src $invalid_src "mausezahn" 1615} 1616 1617starg_include_p2mp_ipv6_ipv4() 1618{ 1619 local ns1=ns1_v4 1620 local ns2=ns2_v4 1621 local mcast_grp=238.1.1.1 1622 local plen=32 1623 local grp=ff0e::1 1624 local grp_dmac=33:33:00:00:00:01 1625 local valid_src=2001:db8:100::1 1626 local invalid_src=2001:db8:200::1 1627 1628 echo 1629 echo "Data path: (*, G) INCLUDE - P2MP - IPv6 overlay / IPv4 underlay" 1630 echo "---------------------------------------------------------------" 1631 1632 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \ 1633 $valid_src $invalid_src "mausezahn -6" 1634} 1635 1636starg_include_p2mp_ipv4_ipv6() 1637{ 1638 local ns1=ns1_v6 1639 local ns2=ns2_v6 1640 local mcast_grp=ff0e::2 1641 local plen=128 1642 local grp=239.1.1.1 1643 local grp_dmac=01:00:5e:01:01:01 1644 local valid_src=192.0.2.129 1645 local invalid_src=192.0.2.145 1646 1647 echo 1648 echo "Data path: (*, G) INCLUDE - P2MP - IPv4 overlay / IPv6 underlay" 1649 echo "---------------------------------------------------------------" 1650 1651 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \ 1652 $valid_src $invalid_src "mausezahn" 1653} 1654 1655starg_include_p2mp_ipv6_ipv6() 1656{ 1657 local ns1=ns1_v6 1658 local ns2=ns2_v6 1659 local mcast_grp=ff0e::2 1660 local plen=128 1661 local grp=ff0e::1 1662 local grp_dmac=33:33:00:00:00:01 1663 local valid_src=2001:db8:100::1 1664 local invalid_src=2001:db8:200::1 1665 1666 echo 1667 echo "Data path: (*, G) INCLUDE - P2MP - IPv6 overlay / IPv6 underlay" 1668 echo "---------------------------------------------------------------" 1669 1670 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \ 1671 $valid_src $invalid_src "mausezahn -6" 1672} 1673 1674egress_vni_translation_common() 1675{ 1676 local ns1=$1; shift 1677 local ns2=$1; shift 1678 local mcast_grp=$1; shift 1679 local plen=$1; shift 1680 local proto=$1; shift 1681 local grp=$1; shift 1682 local grp_dmac=$1; shift 1683 local src=$1; shift 1684 local mz=$1; shift 1685 1686 # When P2MP tunnels are used with optimized inter-subnet multicast 1687 # (OISM) [1], the ingress VTEP does not perform VNI translation and 1688 # uses the VNI of the source broadcast domain (BD). If the egress VTEP 1689 # is a member in the source BD, then no VNI translation is needed. 1690 # Otherwise, the egress VTEP needs to translate the VNI to the 1691 # supplementary broadcast domain (SBD) VNI, which is usually the L3VNI. 1692 # 1693 # In this test, remove the VTEP in the second namespace from VLAN 10 1694 # (VNI 10010) and make sure that a packet sent from this VLAN on the 1695 # first VTEP is received by the SVI corresponding to the L3VNI (14000 / 1696 # VLAN 4000) on the second VTEP. 1697 # 1698 # The second VTEP will be able to decapsulate the packet with VNI 10010 1699 # because this VNI is configured on its shared VXLAN device. Later, 1700 # when ingressing the bridge, the VNI to VLAN lookup will fail because 1701 # the VTEP is not a member in VLAN 10, which will cause the packet to 1702 # be tagged with VLAN 4000 since it is configured as PVID. 1703 # 1704 # [1] https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-mcast 1705 1706 run_cmd "tc -n $ns2 qdisc replace dev br0.4000 clsact" 1707 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin" 1708 run_cmd "tc -n $ns2 filter replace dev br0.4000 ingress pref 1 handle 101 proto $proto flower src_ip $src dst_ip $grp action pass" 1709 1710 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp src $src permanent dst $mcast_grp src_vni 10010 via veth0" 1711 1712 # Remove the second VTEP from VLAN 10. 1713 run_cmd "bridge -n $ns2 vlan del vid 10 dev vx0" 1714 1715 # Make sure that packets sent from the first VTEP over VLAN 10 are 1716 # received by the SVI corresponding to the L3VNI (14000 / VLAN 4000) on 1717 # the second VTEP, since it is configured as PVID. 1718 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1719 tc_check_packets "$ns2" "dev br0.4000 ingress" 101 1 1720 log_test $? 0 "Egress VNI translation - PVID configured" 1721 1722 # Remove PVID flag from VLAN 4000 on the second VTEP and make sure 1723 # packets are no longer received by the SVI interface. 1724 run_cmd "bridge -n $ns2 vlan add vid 4000 dev vx0" 1725 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1726 tc_check_packets "$ns2" "dev br0.4000 ingress" 101 1 1727 log_test $? 0 "Egress VNI translation - no PVID configured" 1728 1729 # Reconfigure the PVID and make sure packets are received again. 1730 run_cmd "bridge -n $ns2 vlan add vid 4000 dev vx0 pvid" 1731 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1732 tc_check_packets "$ns2" "dev br0.4000 ingress" 101 2 1733 log_test $? 0 "Egress VNI translation - PVID reconfigured" 1734} 1735 1736egress_vni_translation_ipv4_ipv4() 1737{ 1738 local ns1=ns1_v4 1739 local ns2=ns2_v4 1740 local mcast_grp=238.1.1.1 1741 local plen=32 1742 local proto="ipv4" 1743 local grp=239.1.1.1 1744 local grp_dmac=01:00:5e:01:01:01 1745 local src=192.0.2.129 1746 1747 echo 1748 echo "Data path: Egress VNI translation - IPv4 overlay / IPv4 underlay" 1749 echo "----------------------------------------------------------------" 1750 1751 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1752 $grp_dmac $src "mausezahn" 1753} 1754 1755egress_vni_translation_ipv6_ipv4() 1756{ 1757 local ns1=ns1_v4 1758 local ns2=ns2_v4 1759 local mcast_grp=238.1.1.1 1760 local plen=32 1761 local proto="ipv6" 1762 local grp=ff0e::1 1763 local grp_dmac=33:33:00:00:00:01 1764 local src=2001:db8:100::1 1765 1766 echo 1767 echo "Data path: Egress VNI translation - IPv6 overlay / IPv4 underlay" 1768 echo "----------------------------------------------------------------" 1769 1770 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1771 $grp_dmac $src "mausezahn -6" 1772} 1773 1774egress_vni_translation_ipv4_ipv6() 1775{ 1776 local ns1=ns1_v6 1777 local ns2=ns2_v6 1778 local mcast_grp=ff0e::2 1779 local plen=128 1780 local proto="ipv4" 1781 local grp=239.1.1.1 1782 local grp_dmac=01:00:5e:01:01:01 1783 local src=192.0.2.129 1784 1785 echo 1786 echo "Data path: Egress VNI translation - IPv4 overlay / IPv6 underlay" 1787 echo "----------------------------------------------------------------" 1788 1789 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1790 $grp_dmac $src "mausezahn" 1791} 1792 1793egress_vni_translation_ipv6_ipv6() 1794{ 1795 local ns1=ns1_v6 1796 local ns2=ns2_v6 1797 local mcast_grp=ff0e::2 1798 local plen=128 1799 local proto="ipv6" 1800 local grp=ff0e::1 1801 local grp_dmac=33:33:00:00:00:01 1802 local src=2001:db8:100::1 1803 1804 echo 1805 echo "Data path: Egress VNI translation - IPv6 overlay / IPv6 underlay" 1806 echo "----------------------------------------------------------------" 1807 1808 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1809 $grp_dmac $src "mausezahn -6" 1810} 1811 1812all_zeros_mdb_common() 1813{ 1814 local ns1=$1; shift 1815 local ns2=$1; shift 1816 local vtep1_ip=$1; shift 1817 local vtep2_ip=$1; shift 1818 local vtep3_ip=$1; shift 1819 local vtep4_ip=$1; shift 1820 local plen=$1; shift 1821 local ipv4_grp=239.1.1.1 1822 local ipv4_grp_dmac=01:00:5e:01:01:01 1823 local ipv4_unreg_grp=239.2.2.2 1824 local ipv4_unreg_grp_dmac=01:00:5e:02:02:02 1825 local ipv4_ll_grp=224.0.0.100 1826 local ipv4_ll_grp_dmac=01:00:5e:00:00:64 1827 local ipv4_src=192.0.2.129 1828 local ipv6_grp=ff0e::1 1829 local ipv6_grp_dmac=33:33:00:00:00:01 1830 local ipv6_unreg_grp=ff0e::2 1831 local ipv6_unreg_grp_dmac=33:33:00:00:00:02 1832 local ipv6_ll_grp=ff02::1 1833 local ipv6_ll_grp_dmac=33:33:00:00:00:01 1834 local ipv6_src=2001:db8:100::1 1835 1836 # Install all-zeros (catchall) MDB entries for IPv4 and IPv6 traffic 1837 # and make sure they only forward unregistered IP multicast traffic 1838 # which is not link-local. Also make sure that each entry only forwards 1839 # traffic from the matching address family. 1840 1841 # Associate two different VTEPs with one all-zeros MDB entry: Two with 1842 # the IPv4 entry (0.0.0.0) and another two with the IPv6 one (::). 1843 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp 0.0.0.0 permanent dst $vtep1_ip src_vni 10010" 1844 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp 0.0.0.0 permanent dst $vtep2_ip src_vni 10010" 1845 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp :: permanent dst $vtep3_ip src_vni 10010" 1846 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp :: permanent dst $vtep4_ip src_vni 10010" 1847 1848 # Associate one VTEP from each set with a regular MDB entry: One with 1849 # an IPv4 entry and another with an IPv6 one. 1850 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $ipv4_grp permanent dst $vtep1_ip src_vni 10010" 1851 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $ipv6_grp permanent dst $vtep3_ip src_vni 10010" 1852 1853 # Add filters to match on decapsulated traffic in the second namespace. 1854 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1855 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1856 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1857 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 103 proto all flower enc_dst_ip $vtep3_ip action pass" 1858 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 104 proto all flower enc_dst_ip $vtep4_ip action pass" 1859 1860 # Configure the VTEP addresses in the second namespace to enable 1861 # decapsulation. 1862 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1863 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1864 run_cmd "ip -n $ns2 address replace $vtep3_ip/$plen dev lo" 1865 run_cmd "ip -n $ns2 address replace $vtep4_ip/$plen dev lo" 1866 1867 # Send registered IPv4 multicast and make sure it only arrives to the 1868 # first VTEP. 1869 run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b $ipv4_grp_dmac -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1870 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1871 log_test $? 0 "Registered IPv4 multicast - first VTEP" 1872 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1873 log_test $? 0 "Registered IPv4 multicast - second VTEP" 1874 1875 # Send unregistered IPv4 multicast that is not link-local and make sure 1876 # it arrives to the first and second VTEPs. 1877 run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b $ipv4_unreg_grp_dmac -A $ipv4_src -B $ipv4_unreg_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1878 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1879 log_test $? 0 "Unregistered IPv4 multicast - first VTEP" 1880 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1881 log_test $? 0 "Unregistered IPv4 multicast - second VTEP" 1882 1883 # Send IPv4 link-local multicast traffic and make sure it does not 1884 # arrive to any VTEP. 1885 run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b $ipv4_ll_grp_dmac -A $ipv4_src -B $ipv4_ll_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1886 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1887 log_test $? 0 "Link-local IPv4 multicast - first VTEP" 1888 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1889 log_test $? 0 "Link-local IPv4 multicast - second VTEP" 1890 1891 # Send registered IPv4 multicast using a unicast MAC address and make 1892 # sure it does not arrive to any VTEP. 1893 run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b 00:11:22:33:44:55 -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1894 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1895 log_test $? 0 "Registered IPv4 multicast with a unicast MAC - first VTEP" 1896 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1897 log_test $? 0 "Registered IPv4 multicast with a unicast MAC - second VTEP" 1898 1899 # Send registered IPv4 multicast using a broadcast MAC address and make 1900 # sure it does not arrive to any VTEP. 1901 run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b bcast -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1902 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1903 log_test $? 0 "Registered IPv4 multicast with a broadcast MAC - first VTEP" 1904 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1905 log_test $? 0 "Registered IPv4 multicast with a broadcast MAC - second VTEP" 1906 1907 # Make sure IPv4 traffic did not reach the VTEPs associated with 1908 # IPv6 entries. 1909 tc_check_packets "$ns2" "dev vx0 ingress" 103 0 1910 log_test $? 0 "IPv4 traffic - third VTEP" 1911 tc_check_packets "$ns2" "dev vx0 ingress" 104 0 1912 log_test $? 0 "IPv4 traffic - fourth VTEP" 1913 1914 # Reset IPv4 filters before testing IPv6 traffic. 1915 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1916 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1917 1918 # Send registered IPv6 multicast and make sure it only arrives to the 1919 # third VTEP. 1920 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b $ipv6_grp_dmac -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1921 tc_check_packets "$ns2" "dev vx0 ingress" 103 1 1922 log_test $? 0 "Registered IPv6 multicast - third VTEP" 1923 tc_check_packets "$ns2" "dev vx0 ingress" 104 0 1924 log_test $? 0 "Registered IPv6 multicast - fourth VTEP" 1925 1926 # Send unregistered IPv6 multicast that is not link-local and make sure 1927 # it arrives to the third and fourth VTEPs. 1928 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b $ipv6_unreg_grp_dmac -A $ipv6_src -B $ipv6_unreg_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1929 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1930 log_test $? 0 "Unregistered IPv6 multicast - third VTEP" 1931 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1932 log_test $? 0 "Unregistered IPv6 multicast - fourth VTEP" 1933 1934 # Send IPv6 link-local multicast traffic and make sure it does not 1935 # arrive to any VTEP. 1936 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b $ipv6_ll_grp_dmac -A $ipv6_src -B $ipv6_ll_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1937 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1938 log_test $? 0 "Link-local IPv6 multicast - third VTEP" 1939 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1940 log_test $? 0 "Link-local IPv6 multicast - fourth VTEP" 1941 1942 # Send registered IPv6 multicast using a unicast MAC address and make 1943 # sure it does not arrive to any VTEP. 1944 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b 00:11:22:33:44:55 -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1945 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1946 log_test $? 0 "Registered IPv6 multicast with a unicast MAC - third VTEP" 1947 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1948 log_test $? 0 "Registered IPv6 multicast with a unicast MAC - fourth VTEP" 1949 1950 # Send registered IPv6 multicast using a broadcast MAC address and make 1951 # sure it does not arrive to any VTEP. 1952 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b bcast -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1953 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1954 log_test $? 0 "Registered IPv6 multicast with a broadcast MAC - third VTEP" 1955 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1956 log_test $? 0 "Registered IPv6 multicast with a broadcast MAC - fourth VTEP" 1957 1958 # Make sure IPv6 traffic did not reach the VTEPs associated with 1959 # IPv4 entries. 1960 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1961 log_test $? 0 "IPv6 traffic - first VTEP" 1962 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1963 log_test $? 0 "IPv6 traffic - second VTEP" 1964} 1965 1966all_zeros_mdb_ipv4() 1967{ 1968 local ns1=ns1_v4 1969 local ns2=ns2_v4 1970 local vtep1_ip=198.51.100.101 1971 local vtep2_ip=198.51.100.102 1972 local vtep3_ip=198.51.100.103 1973 local vtep4_ip=198.51.100.104 1974 local plen=32 1975 1976 echo 1977 echo "Data path: All-zeros MDB entry - IPv4 underlay" 1978 echo "----------------------------------------------" 1979 1980 all_zeros_mdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $vtep3_ip \ 1981 $vtep4_ip $plen 1982} 1983 1984all_zeros_mdb_ipv6() 1985{ 1986 local ns1=ns1_v6 1987 local ns2=ns2_v6 1988 local vtep1_ip=2001:db8:1000::1 1989 local vtep2_ip=2001:db8:2000::1 1990 local vtep3_ip=2001:db8:3000::1 1991 local vtep4_ip=2001:db8:4000::1 1992 local plen=128 1993 1994 echo 1995 echo "Data path: All-zeros MDB entry - IPv6 underlay" 1996 echo "----------------------------------------------" 1997 1998 all_zeros_mdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $vtep3_ip \ 1999 $vtep4_ip $plen 2000} 2001 2002mdb_fdb_common() 2003{ 2004 local ns1=$1; shift 2005 local ns2=$1; shift 2006 local vtep1_ip=$1; shift 2007 local vtep2_ip=$1; shift 2008 local plen=$1; shift 2009 local proto=$1; shift 2010 local grp=$1; shift 2011 local grp_dmac=$1; shift 2012 local src=$1; shift 2013 local mz=$1; shift 2014 2015 # Install an MDB entry and an FDB entry and make sure that the FDB 2016 # entry only forwards traffic that was not forwarded by the MDB. 2017 2018 # Associate the MDB entry with one VTEP and the FDB entry with another 2019 # VTEP. 2020 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 2021 run_cmd "bridge -n $ns1 fdb add 00:00:00:00:00:00 dev vx0 self static dst $vtep2_ip src_vni 10010" 2022 2023 # Add filters to match on decapsulated traffic in the second namespace. 2024 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 2025 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto $proto flower ip_proto udp dst_port 54321 enc_dst_ip $vtep1_ip action pass" 2026 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto $proto flower ip_proto udp dst_port 54321 enc_dst_ip $vtep2_ip action pass" 2027 2028 # Configure the VTEP addresses in the second namespace to enable 2029 # decapsulation. 2030 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 2031 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 2032 2033 # Send IP multicast traffic and make sure it is forwarded by the MDB 2034 # and only arrives to the first VTEP. 2035 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 2036 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 2037 log_test $? 0 "IP multicast - first VTEP" 2038 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 2039 log_test $? 0 "IP multicast - second VTEP" 2040 2041 # Send broadcast traffic and make sure it is forwarded by the FDB and 2042 # only arrives to the second VTEP. 2043 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b bcast -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 2044 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 2045 log_test $? 0 "Broadcast - first VTEP" 2046 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 2047 log_test $? 0 "Broadcast - second VTEP" 2048 2049 # Remove the MDB entry and make sure that IP multicast is now forwarded 2050 # by the FDB to the second VTEP. 2051 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 2052 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 2053 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 2054 log_test $? 0 "IP multicast after removal - first VTEP" 2055 tc_check_packets "$ns2" "dev vx0 ingress" 102 2 2056 log_test $? 0 "IP multicast after removal - second VTEP" 2057} 2058 2059mdb_fdb_ipv4_ipv4() 2060{ 2061 local ns1=ns1_v4 2062 local ns2=ns2_v4 2063 local vtep1_ip=198.51.100.100 2064 local vtep2_ip=198.51.100.200 2065 local plen=32 2066 local proto="ipv4" 2067 local grp=239.1.1.1 2068 local grp_dmac=01:00:5e:01:01:01 2069 local src=192.0.2.129 2070 2071 echo 2072 echo "Data path: MDB with FDB - IPv4 overlay / IPv4 underlay" 2073 echo "------------------------------------------------------" 2074 2075 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp \ 2076 $grp_dmac $src "mausezahn" 2077} 2078 2079mdb_fdb_ipv6_ipv4() 2080{ 2081 local ns1=ns1_v4 2082 local ns2=ns2_v4 2083 local vtep1_ip=198.51.100.100 2084 local vtep2_ip=198.51.100.200 2085 local plen=32 2086 local proto="ipv6" 2087 local grp=ff0e::1 2088 local grp_dmac=33:33:00:00:00:01 2089 local src=2001:db8:100::1 2090 2091 echo 2092 echo "Data path: MDB with FDB - IPv6 overlay / IPv4 underlay" 2093 echo "------------------------------------------------------" 2094 2095 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp \ 2096 $grp_dmac $src "mausezahn -6" 2097} 2098 2099mdb_fdb_ipv4_ipv6() 2100{ 2101 local ns1=ns1_v6 2102 local ns2=ns2_v6 2103 local vtep1_ip=2001:db8:1000::1 2104 local vtep2_ip=2001:db8:2000::1 2105 local plen=128 2106 local proto="ipv4" 2107 local grp=239.1.1.1 2108 local grp_dmac=01:00:5e:01:01:01 2109 local src=192.0.2.129 2110 2111 echo 2112 echo "Data path: MDB with FDB - IPv4 overlay / IPv6 underlay" 2113 echo "------------------------------------------------------" 2114 2115 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp \ 2116 $grp_dmac $src "mausezahn" 2117} 2118 2119mdb_fdb_ipv6_ipv6() 2120{ 2121 local ns1=ns1_v6 2122 local ns2=ns2_v6 2123 local vtep1_ip=2001:db8:1000::1 2124 local vtep2_ip=2001:db8:2000::1 2125 local plen=128 2126 local proto="ipv6" 2127 local grp=ff0e::1 2128 local grp_dmac=33:33:00:00:00:01 2129 local src=2001:db8:100::1 2130 2131 echo 2132 echo "Data path: MDB with FDB - IPv6 overlay / IPv6 underlay" 2133 echo "------------------------------------------------------" 2134 2135 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp \ 2136 $grp_dmac $src "mausezahn -6" 2137} 2138 2139mdb_grp1_loop() 2140{ 2141 local ns1=$1; shift 2142 local vtep1_ip=$1; shift 2143 local grp1=$1; shift 2144 2145 while true; do 2146 bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp1 dst $vtep1_ip src_vni 10010 2147 bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp1 permanent dst $vtep1_ip src_vni 10010 2148 done >/dev/null 2>&1 2149} 2150 2151mdb_grp2_loop() 2152{ 2153 local ns1=$1; shift 2154 local vtep1_ip=$1; shift 2155 local vtep2_ip=$1; shift 2156 local grp2=$1; shift 2157 2158 while true; do 2159 bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp2 dst $vtep1_ip src_vni 10010 2160 bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp2 permanent dst $vtep1_ip src_vni 10010 2161 bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep2_ip src_vni 10010 2162 done >/dev/null 2>&1 2163} 2164 2165mdb_torture_common() 2166{ 2167 local ns1=$1; shift 2168 local vtep1_ip=$1; shift 2169 local vtep2_ip=$1; shift 2170 local grp1=$1; shift 2171 local grp1_dmac=$1; shift 2172 local grp2=$1; shift 2173 local grp2_dmac=$1; shift 2174 local src=$1; shift 2175 local mz=$1; shift 2176 local pid1 2177 local pid2 2178 local pid3 2179 local pid4 2180 2181 # Continuously send two streams that are forwarded by two different MDB 2182 # entries. The first entry will be added and deleted in a loop. This 2183 # allows us to test that the data path does not use freed MDB entry 2184 # memory. The second entry will have two remotes, one that is added and 2185 # deleted in a loop and another that is replaced in a loop. This allows 2186 # us to test that the data path does not use freed remote entry memory. 2187 # The test is considered successful if nothing crashed. 2188 2189 # Create the MDB entries that will be continuously deleted / replaced. 2190 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp1 permanent dst $vtep1_ip src_vni 10010" 2191 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep1_ip src_vni 10010" 2192 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep2_ip src_vni 10010" 2193 2194 mdb_grp1_loop $ns1 $vtep1_ip $grp1 & 2195 pid1=$! 2196 mdb_grp2_loop $ns1 $vtep1_ip $vtep2_ip $grp2 & 2197 pid2=$! 2198 ip netns exec $ns1 $mz br0.10 -a own -b $grp1_dmac -A $src -B $grp1 -t udp sp=12345,dp=54321 -p 100 -c 0 -q & 2199 pid3=$! 2200 ip netns exec $ns1 $mz br0.10 -a own -b $grp2_dmac -A $src -B $grp2 -t udp sp=12345,dp=54321 -p 100 -c 0 -q & 2201 pid4=$! 2202 2203 sleep 30 2204 kill -9 $pid1 $pid2 $pid3 $pid4 2205 wait $pid1 $pid2 $pid3 $pid4 2>/dev/null 2206 2207 log_test 0 0 "Torture test" 2208} 2209 2210mdb_torture_ipv4_ipv4() 2211{ 2212 local ns1=ns1_v4 2213 local vtep1_ip=198.51.100.100 2214 local vtep2_ip=198.51.100.200 2215 local grp1=239.1.1.1 2216 local grp1_dmac=01:00:5e:01:01:01 2217 local grp2=239.2.2.2 2218 local grp2_dmac=01:00:5e:02:02:02 2219 local src=192.0.2.129 2220 2221 echo 2222 echo "Data path: MDB torture test - IPv4 overlay / IPv4 underlay" 2223 echo "----------------------------------------------------------" 2224 2225 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp1_dmac $grp2 \ 2226 $grp2_dmac $src "mausezahn" 2227} 2228 2229mdb_torture_ipv6_ipv4() 2230{ 2231 local ns1=ns1_v4 2232 local vtep1_ip=198.51.100.100 2233 local vtep2_ip=198.51.100.200 2234 local grp1=ff0e::1 2235 local grp1_dmac=33:33:00:00:00:01 2236 local grp2=ff0e::2 2237 local grp2_dmac=33:33:00:00:00:02 2238 local src=2001:db8:100::1 2239 2240 echo 2241 echo "Data path: MDB torture test - IPv6 overlay / IPv4 underlay" 2242 echo "----------------------------------------------------------" 2243 2244 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp1_dmac $grp2 \ 2245 $grp2_dmac $src "mausezahn -6" 2246} 2247 2248mdb_torture_ipv4_ipv6() 2249{ 2250 local ns1=ns1_v6 2251 local vtep1_ip=2001:db8:1000::1 2252 local vtep2_ip=2001:db8:2000::1 2253 local grp1=239.1.1.1 2254 local grp1_dmac=01:00:5e:01:01:01 2255 local grp2=239.2.2.2 2256 local grp2_dmac=01:00:5e:02:02:02 2257 local src=192.0.2.129 2258 2259 echo 2260 echo "Data path: MDB torture test - IPv4 overlay / IPv6 underlay" 2261 echo "----------------------------------------------------------" 2262 2263 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp1_dmac $grp2 \ 2264 $grp2_dmac $src "mausezahn" 2265} 2266 2267mdb_torture_ipv6_ipv6() 2268{ 2269 local ns1=ns1_v6 2270 local vtep1_ip=2001:db8:1000::1 2271 local vtep2_ip=2001:db8:2000::1 2272 local grp1=ff0e::1 2273 local grp1_dmac=33:33:00:00:00:01 2274 local grp2=ff0e::2 2275 local grp2_dmac=33:33:00:00:00:02 2276 local src=2001:db8:100::1 2277 2278 echo 2279 echo "Data path: MDB torture test - IPv6 overlay / IPv6 underlay" 2280 echo "----------------------------------------------------------" 2281 2282 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp1_dmac $grp2 \ 2283 $grp2_dmac $src "mausezahn -6" 2284} 2285 2286################################################################################ 2287# Usage 2288 2289usage() 2290{ 2291 cat <<EOF 2292usage: ${0##*/} OPTS 2293 2294 -t <test> Test(s) to run (default: all) 2295 (options: $TESTS) 2296 -c Control path tests only 2297 -d Data path tests only 2298 -p Pause on fail 2299 -P Pause after each test before cleanup 2300 -v Verbose mode (show commands and output) 2301EOF 2302} 2303 2304################################################################################ 2305# Main 2306 2307trap cleanup EXIT 2308 2309while getopts ":t:cdpPvh" opt; do 2310 case $opt in 2311 t) TESTS=$OPTARG;; 2312 c) TESTS=${CONTROL_PATH_TESTS};; 2313 d) TESTS=${DATA_PATH_TESTS};; 2314 p) PAUSE_ON_FAIL=yes;; 2315 P) PAUSE=yes;; 2316 v) VERBOSE=$(($VERBOSE + 1));; 2317 h) usage; exit 0;; 2318 *) usage; exit 1;; 2319 esac 2320done 2321 2322# Make sure we don't pause twice. 2323[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no 2324 2325if [ "$(id -u)" -ne 0 ];then 2326 echo "SKIP: Need root privileges" 2327 exit $ksft_skip; 2328fi 2329 2330if [ ! -x "$(command -v ip)" ]; then 2331 echo "SKIP: Could not run test without ip tool" 2332 exit $ksft_skip 2333fi 2334 2335if [ ! -x "$(command -v bridge)" ]; then 2336 echo "SKIP: Could not run test without bridge tool" 2337 exit $ksft_skip 2338fi 2339 2340if [ ! -x "$(command -v mausezahn)" ]; then 2341 echo "SKIP: Could not run test without mausezahn tool" 2342 exit $ksft_skip 2343fi 2344 2345if [ ! -x "$(command -v jq)" ]; then 2346 echo "SKIP: Could not run test without jq tool" 2347 exit $ksft_skip 2348fi 2349 2350bridge mdb help 2>&1 | grep -q "src_vni" 2351if [ $? -ne 0 ]; then 2352 echo "SKIP: iproute2 bridge too old, missing VXLAN MDB support" 2353 exit $ksft_skip 2354fi 2355 2356# Start clean. 2357cleanup 2358 2359for t in $TESTS 2360do 2361 setup; $t; cleanup; 2362done 2363 2364if [ "$TESTS" != "none" ]; then 2365 printf "\nTests passed: %3d\n" ${nsuccess} 2366 printf "Tests failed: %3d\n" ${nfail} 2367fi 2368 2369exit $ret 2370