xref: /openbmc/linux/tools/testing/selftests/net/forwarding/lib.sh (revision cb3908c133f1285069673f11ad651d14ae0406cf)
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4##############################################################################
5# Defines
6
7# Can be overridden by the configuration file.
8PING=${PING:=ping}
9PING6=${PING6:=ping6}
10MZ=${MZ:=mausezahn}
11ARPING=${ARPING:=arping}
12TEAMD=${TEAMD:=teamd}
13WAIT_TIME=${WAIT_TIME:=5}
14PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
15PAUSE_ON_CLEANUP=${PAUSE_ON_CLEANUP:=no}
16NETIF_TYPE=${NETIF_TYPE:=veth}
17NETIF_CREATE=${NETIF_CREATE:=yes}
18MCD=${MCD:=smcrouted}
19MC_CLI=${MC_CLI:=smcroutectl}
20PING_TIMEOUT=${PING_TIMEOUT:=5}
21
22relative_path="${BASH_SOURCE%/*}"
23if [[ "$relative_path" == "${BASH_SOURCE}" ]]; then
24	relative_path="."
25fi
26
27if [[ -f $relative_path/forwarding.config ]]; then
28	source "$relative_path/forwarding.config"
29fi
30
31##############################################################################
32# Sanity checks
33
34check_tc_version()
35{
36	tc -j &> /dev/null
37	if [[ $? -ne 0 ]]; then
38		echo "SKIP: iproute2 too old; tc is missing JSON support"
39		exit 1
40	fi
41}
42
43check_tc_shblock_support()
44{
45	tc filter help 2>&1 | grep block &> /dev/null
46	if [[ $? -ne 0 ]]; then
47		echo "SKIP: iproute2 too old; tc is missing shared block support"
48		exit 1
49	fi
50}
51
52check_tc_chain_support()
53{
54	tc help 2>&1|grep chain &> /dev/null
55	if [[ $? -ne 0 ]]; then
56		echo "SKIP: iproute2 too old; tc is missing chain support"
57		exit 1
58	fi
59}
60
61if [[ "$(id -u)" -ne 0 ]]; then
62	echo "SKIP: need root privileges"
63	exit 0
64fi
65
66if [[ "$CHECK_TC" = "yes" ]]; then
67	check_tc_version
68fi
69
70require_command()
71{
72	local cmd=$1; shift
73
74	if [[ ! -x "$(command -v "$cmd")" ]]; then
75		echo "SKIP: $cmd not installed"
76		exit 1
77	fi
78}
79
80require_command jq
81require_command $MZ
82
83if [[ ! -v NUM_NETIFS ]]; then
84	echo "SKIP: importer does not define \"NUM_NETIFS\""
85	exit 1
86fi
87
88##############################################################################
89# Command line options handling
90
91count=0
92
93while [[ $# -gt 0 ]]; do
94	if [[ "$count" -eq "0" ]]; then
95		unset NETIFS
96		declare -A NETIFS
97	fi
98	count=$((count + 1))
99	NETIFS[p$count]="$1"
100	shift
101done
102
103##############################################################################
104# Network interfaces configuration
105
106create_netif_veth()
107{
108	local i
109
110	for ((i = 1; i <= NUM_NETIFS; ++i)); do
111		local j=$((i+1))
112
113		ip link show dev ${NETIFS[p$i]} &> /dev/null
114		if [[ $? -ne 0 ]]; then
115			ip link add ${NETIFS[p$i]} type veth \
116				peer name ${NETIFS[p$j]}
117			if [[ $? -ne 0 ]]; then
118				echo "Failed to create netif"
119				exit 1
120			fi
121		fi
122		i=$j
123	done
124}
125
126create_netif()
127{
128	case "$NETIF_TYPE" in
129	veth) create_netif_veth
130	      ;;
131	*) echo "Can not create interfaces of type \'$NETIF_TYPE\'"
132	   exit 1
133	   ;;
134	esac
135}
136
137if [[ "$NETIF_CREATE" = "yes" ]]; then
138	create_netif
139fi
140
141for ((i = 1; i <= NUM_NETIFS; ++i)); do
142	ip link show dev ${NETIFS[p$i]} &> /dev/null
143	if [[ $? -ne 0 ]]; then
144		echo "SKIP: could not find all required interfaces"
145		exit 1
146	fi
147done
148
149##############################################################################
150# Helpers
151
152# Exit status to return at the end. Set in case one of the tests fails.
153EXIT_STATUS=0
154# Per-test return value. Clear at the beginning of each test.
155RET=0
156
157check_err()
158{
159	local err=$1
160	local msg=$2
161
162	if [[ $RET -eq 0 && $err -ne 0 ]]; then
163		RET=$err
164		retmsg=$msg
165	fi
166}
167
168check_fail()
169{
170	local err=$1
171	local msg=$2
172
173	if [[ $RET -eq 0 && $err -eq 0 ]]; then
174		RET=1
175		retmsg=$msg
176	fi
177}
178
179check_err_fail()
180{
181	local should_fail=$1; shift
182	local err=$1; shift
183	local what=$1; shift
184
185	if ((should_fail)); then
186		check_fail $err "$what succeeded, but should have failed"
187	else
188		check_err $err "$what failed"
189	fi
190}
191
192log_test()
193{
194	local test_name=$1
195	local opt_str=$2
196
197	if [[ $# -eq 2 ]]; then
198		opt_str="($opt_str)"
199	fi
200
201	if [[ $RET -ne 0 ]]; then
202		EXIT_STATUS=1
203		printf "TEST: %-60s  [FAIL]\n" "$test_name $opt_str"
204		if [[ ! -z "$retmsg" ]]; then
205			printf "\t%s\n" "$retmsg"
206		fi
207		if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
208			echo "Hit enter to continue, 'q' to quit"
209			read a
210			[ "$a" = "q" ] && exit 1
211		fi
212		return 1
213	fi
214
215	printf "TEST: %-60s  [ OK ]\n" "$test_name $opt_str"
216	return 0
217}
218
219log_info()
220{
221	local msg=$1
222
223	echo "INFO: $msg"
224}
225
226setup_wait_dev()
227{
228	local dev=$1; shift
229
230	while true; do
231		ip link show dev $dev up \
232			| grep 'state UP' &> /dev/null
233		if [[ $? -ne 0 ]]; then
234			sleep 1
235		else
236			break
237		fi
238	done
239}
240
241setup_wait()
242{
243	local num_netifs=${1:-$NUM_NETIFS}
244
245	for ((i = 1; i <= num_netifs; ++i)); do
246		setup_wait_dev ${NETIFS[p$i]}
247	done
248
249	# Make sure links are ready.
250	sleep $WAIT_TIME
251}
252
253lldpad_app_wait_set()
254{
255	local dev=$1; shift
256
257	while lldptool -t -i $dev -V APP -c app | grep -Eq "pending|unknown"; do
258		echo "$dev: waiting for lldpad to push pending APP updates"
259		sleep 5
260	done
261}
262
263lldpad_app_wait_del()
264{
265	# Give lldpad a chance to push down the changes. If the device is downed
266	# too soon, the updates will be left pending. However, they will have
267	# been struck off the lldpad's DB already, so we won't be able to tell
268	# they are pending. Then on next test iteration this would cause
269	# weirdness as newly-added APP rules conflict with the old ones,
270	# sometimes getting stuck in an "unknown" state.
271	sleep 5
272}
273
274pre_cleanup()
275{
276	if [ "${PAUSE_ON_CLEANUP}" = "yes" ]; then
277		echo "Pausing before cleanup, hit any key to continue"
278		read
279	fi
280}
281
282vrf_prepare()
283{
284	ip -4 rule add pref 32765 table local
285	ip -4 rule del pref 0
286	ip -6 rule add pref 32765 table local
287	ip -6 rule del pref 0
288}
289
290vrf_cleanup()
291{
292	ip -6 rule add pref 0 table local
293	ip -6 rule del pref 32765
294	ip -4 rule add pref 0 table local
295	ip -4 rule del pref 32765
296}
297
298__last_tb_id=0
299declare -A __TB_IDS
300
301__vrf_td_id_assign()
302{
303	local vrf_name=$1
304
305	__last_tb_id=$((__last_tb_id + 1))
306	__TB_IDS[$vrf_name]=$__last_tb_id
307	return $__last_tb_id
308}
309
310__vrf_td_id_lookup()
311{
312	local vrf_name=$1
313
314	return ${__TB_IDS[$vrf_name]}
315}
316
317vrf_create()
318{
319	local vrf_name=$1
320	local tb_id
321
322	__vrf_td_id_assign $vrf_name
323	tb_id=$?
324
325	ip link add dev $vrf_name type vrf table $tb_id
326	ip -4 route add table $tb_id unreachable default metric 4278198272
327	ip -6 route add table $tb_id unreachable default metric 4278198272
328}
329
330vrf_destroy()
331{
332	local vrf_name=$1
333	local tb_id
334
335	__vrf_td_id_lookup $vrf_name
336	tb_id=$?
337
338	ip -6 route del table $tb_id unreachable default metric 4278198272
339	ip -4 route del table $tb_id unreachable default metric 4278198272
340	ip link del dev $vrf_name
341}
342
343__addr_add_del()
344{
345	local if_name=$1
346	local add_del=$2
347	local array
348
349	shift
350	shift
351	array=("${@}")
352
353	for addrstr in "${array[@]}"; do
354		ip address $add_del $addrstr dev $if_name
355	done
356}
357
358__simple_if_init()
359{
360	local if_name=$1; shift
361	local vrf_name=$1; shift
362	local addrs=("${@}")
363
364	ip link set dev $if_name master $vrf_name
365	ip link set dev $if_name up
366
367	__addr_add_del $if_name add "${addrs[@]}"
368}
369
370__simple_if_fini()
371{
372	local if_name=$1; shift
373	local addrs=("${@}")
374
375	__addr_add_del $if_name del "${addrs[@]}"
376
377	ip link set dev $if_name down
378	ip link set dev $if_name nomaster
379}
380
381simple_if_init()
382{
383	local if_name=$1
384	local vrf_name
385	local array
386
387	shift
388	vrf_name=v$if_name
389	array=("${@}")
390
391	vrf_create $vrf_name
392	ip link set dev $vrf_name up
393	__simple_if_init $if_name $vrf_name "${array[@]}"
394}
395
396simple_if_fini()
397{
398	local if_name=$1
399	local vrf_name
400	local array
401
402	shift
403	vrf_name=v$if_name
404	array=("${@}")
405
406	__simple_if_fini $if_name "${array[@]}"
407	vrf_destroy $vrf_name
408}
409
410tunnel_create()
411{
412	local name=$1; shift
413	local type=$1; shift
414	local local=$1; shift
415	local remote=$1; shift
416
417	ip link add name $name type $type \
418	   local $local remote $remote "$@"
419	ip link set dev $name up
420}
421
422tunnel_destroy()
423{
424	local name=$1; shift
425
426	ip link del dev $name
427}
428
429vlan_create()
430{
431	local if_name=$1; shift
432	local vid=$1; shift
433	local vrf=$1; shift
434	local ips=("${@}")
435	local name=$if_name.$vid
436
437	ip link add name $name link $if_name type vlan id $vid
438	if [ "$vrf" != "" ]; then
439		ip link set dev $name master $vrf
440	fi
441	ip link set dev $name up
442	__addr_add_del $name add "${ips[@]}"
443}
444
445vlan_destroy()
446{
447	local if_name=$1; shift
448	local vid=$1; shift
449	local name=$if_name.$vid
450
451	ip link del dev $name
452}
453
454team_create()
455{
456	local if_name=$1; shift
457	local mode=$1; shift
458
459	require_command $TEAMD
460	$TEAMD -t $if_name -d -c '{"runner": {"name": "'$mode'"}}'
461	for slave in "$@"; do
462		ip link set dev $slave down
463		ip link set dev $slave master $if_name
464		ip link set dev $slave up
465	done
466	ip link set dev $if_name up
467}
468
469team_destroy()
470{
471	local if_name=$1; shift
472
473	$TEAMD -t $if_name -k
474}
475
476master_name_get()
477{
478	local if_name=$1
479
480	ip -j link show dev $if_name | jq -r '.[]["master"]'
481}
482
483link_stats_get()
484{
485	local if_name=$1; shift
486	local dir=$1; shift
487	local stat=$1; shift
488
489	ip -j -s link show dev $if_name \
490		| jq '.[]["stats64"]["'$dir'"]["'$stat'"]'
491}
492
493link_stats_tx_packets_get()
494{
495	link_stats_get $1 tx packets
496}
497
498link_stats_rx_errors_get()
499{
500	link_stats_get $1 rx errors
501}
502
503tc_rule_stats_get()
504{
505	local dev=$1; shift
506	local pref=$1; shift
507	local dir=$1; shift
508
509	tc -j -s filter show dev $dev ${dir:-ingress} pref $pref \
510	    | jq '.[1].options.actions[].stats.packets'
511}
512
513ethtool_stats_get()
514{
515	local dev=$1; shift
516	local stat=$1; shift
517
518	ethtool -S $dev | grep "^ *$stat:" | head -n 1 | cut -d: -f2
519}
520
521mac_get()
522{
523	local if_name=$1
524
525	ip -j link show dev $if_name | jq -r '.[]["address"]'
526}
527
528bridge_ageing_time_get()
529{
530	local bridge=$1
531	local ageing_time
532
533	# Need to divide by 100 to convert to seconds.
534	ageing_time=$(ip -j -d link show dev $bridge \
535		      | jq '.[]["linkinfo"]["info_data"]["ageing_time"]')
536	echo $((ageing_time / 100))
537}
538
539declare -A SYSCTL_ORIG
540sysctl_set()
541{
542	local key=$1; shift
543	local value=$1; shift
544
545	SYSCTL_ORIG[$key]=$(sysctl -n $key)
546	sysctl -qw $key=$value
547}
548
549sysctl_restore()
550{
551	local key=$1; shift
552
553	sysctl -qw $key=${SYSCTL_ORIG["$key"]}
554}
555
556forwarding_enable()
557{
558	sysctl_set net.ipv4.conf.all.forwarding 1
559	sysctl_set net.ipv6.conf.all.forwarding 1
560}
561
562forwarding_restore()
563{
564	sysctl_restore net.ipv6.conf.all.forwarding
565	sysctl_restore net.ipv4.conf.all.forwarding
566}
567
568declare -A MTU_ORIG
569mtu_set()
570{
571	local dev=$1; shift
572	local mtu=$1; shift
573
574	MTU_ORIG["$dev"]=$(ip -j link show dev $dev | jq -e '.[].mtu')
575	ip link set dev $dev mtu $mtu
576}
577
578mtu_restore()
579{
580	local dev=$1; shift
581
582	ip link set dev $dev mtu ${MTU_ORIG["$dev"]}
583}
584
585tc_offload_check()
586{
587	local num_netifs=${1:-$NUM_NETIFS}
588
589	for ((i = 1; i <= num_netifs; ++i)); do
590		ethtool -k ${NETIFS[p$i]} \
591			| grep "hw-tc-offload: on" &> /dev/null
592		if [[ $? -ne 0 ]]; then
593			return 1
594		fi
595	done
596
597	return 0
598}
599
600trap_install()
601{
602	local dev=$1; shift
603	local direction=$1; shift
604
605	# Some devices may not support or need in-hardware trapping of traffic
606	# (e.g. the veth pairs that this library creates for non-existent
607	# loopbacks). Use continue instead, so that there is a filter in there
608	# (some tests check counters), and so that other filters are still
609	# processed.
610	tc filter add dev $dev $direction pref 1 \
611		flower skip_sw action trap 2>/dev/null \
612	    || tc filter add dev $dev $direction pref 1 \
613		       flower action continue
614}
615
616trap_uninstall()
617{
618	local dev=$1; shift
619	local direction=$1; shift
620
621	tc filter del dev $dev $direction pref 1 flower
622}
623
624slow_path_trap_install()
625{
626	# For slow-path testing, we need to install a trap to get to
627	# slow path the packets that would otherwise be switched in HW.
628	if [ "${tcflags/skip_hw}" != "$tcflags" ]; then
629		trap_install "$@"
630	fi
631}
632
633slow_path_trap_uninstall()
634{
635	if [ "${tcflags/skip_hw}" != "$tcflags" ]; then
636		trap_uninstall "$@"
637	fi
638}
639
640__icmp_capture_add_del()
641{
642	local add_del=$1; shift
643	local pref=$1; shift
644	local vsuf=$1; shift
645	local tundev=$1; shift
646	local filter=$1; shift
647
648	tc filter $add_del dev "$tundev" ingress \
649	   proto ip$vsuf pref $pref \
650	   flower ip_proto icmp$vsuf $filter \
651	   action pass
652}
653
654icmp_capture_install()
655{
656	__icmp_capture_add_del add 100 "" "$@"
657}
658
659icmp_capture_uninstall()
660{
661	__icmp_capture_add_del del 100 "" "$@"
662}
663
664icmp6_capture_install()
665{
666	__icmp_capture_add_del add 100 v6 "$@"
667}
668
669icmp6_capture_uninstall()
670{
671	__icmp_capture_add_del del 100 v6 "$@"
672}
673
674__vlan_capture_add_del()
675{
676	local add_del=$1; shift
677	local pref=$1; shift
678	local dev=$1; shift
679	local filter=$1; shift
680
681	tc filter $add_del dev "$dev" ingress \
682	   proto 802.1q pref $pref \
683	   flower $filter \
684	   action pass
685}
686
687vlan_capture_install()
688{
689	__vlan_capture_add_del add 100 "$@"
690}
691
692vlan_capture_uninstall()
693{
694	__vlan_capture_add_del del 100 "$@"
695}
696
697__dscp_capture_add_del()
698{
699	local add_del=$1; shift
700	local dev=$1; shift
701	local base=$1; shift
702	local dscp;
703
704	for prio in {0..7}; do
705		dscp=$((base + prio))
706		__icmp_capture_add_del $add_del $((dscp + 100)) "" $dev \
707				       "skip_hw ip_tos $((dscp << 2))"
708	done
709}
710
711dscp_capture_install()
712{
713	local dev=$1; shift
714	local base=$1; shift
715
716	__dscp_capture_add_del add $dev $base
717}
718
719dscp_capture_uninstall()
720{
721	local dev=$1; shift
722	local base=$1; shift
723
724	__dscp_capture_add_del del $dev $base
725}
726
727dscp_fetch_stats()
728{
729	local dev=$1; shift
730	local base=$1; shift
731
732	for prio in {0..7}; do
733		local dscp=$((base + prio))
734		local t=$(tc_rule_stats_get $dev $((dscp + 100)))
735		echo "[$dscp]=$t "
736	done
737}
738
739matchall_sink_create()
740{
741	local dev=$1; shift
742
743	tc qdisc add dev $dev clsact
744	tc filter add dev $dev ingress \
745	   pref 10000 \
746	   matchall \
747	   action drop
748}
749
750tests_run()
751{
752	local current_test
753
754	for current_test in ${TESTS:-$ALL_TESTS}; do
755		$current_test
756	done
757}
758
759multipath_eval()
760{
761	local desc="$1"
762	local weight_rp12=$2
763	local weight_rp13=$3
764	local packets_rp12=$4
765	local packets_rp13=$5
766	local weights_ratio packets_ratio diff
767
768	RET=0
769
770	if [[ "$weight_rp12" -gt "$weight_rp13" ]]; then
771		weights_ratio=$(echo "scale=2; $weight_rp12 / $weight_rp13" \
772				| bc -l)
773	else
774		weights_ratio=$(echo "scale=2; $weight_rp13 / $weight_rp12" \
775				| bc -l)
776	fi
777
778	if [[ "$packets_rp12" -eq "0" || "$packets_rp13" -eq "0" ]]; then
779	       check_err 1 "Packet difference is 0"
780	       log_test "Multipath"
781	       log_info "Expected ratio $weights_ratio"
782	       return
783	fi
784
785	if [[ "$weight_rp12" -gt "$weight_rp13" ]]; then
786		packets_ratio=$(echo "scale=2; $packets_rp12 / $packets_rp13" \
787				| bc -l)
788	else
789		packets_ratio=$(echo "scale=2; $packets_rp13 / $packets_rp12" \
790				| bc -l)
791	fi
792
793	diff=$(echo $weights_ratio - $packets_ratio | bc -l)
794	diff=${diff#-}
795
796	test "$(echo "$diff / $weights_ratio > 0.15" | bc -l)" -eq 0
797	check_err $? "Too large discrepancy between expected and measured ratios"
798	log_test "$desc"
799	log_info "Expected ratio $weights_ratio Measured ratio $packets_ratio"
800}
801
802in_ns()
803{
804	local name=$1; shift
805
806	ip netns exec $name bash <<-EOF
807		NUM_NETIFS=0
808		source lib.sh
809		$(for a in "$@"; do printf "%q${IFS:0:1}" "$a"; done)
810	EOF
811}
812
813##############################################################################
814# Tests
815
816ping_do()
817{
818	local if_name=$1
819	local dip=$2
820	local args=$3
821	local vrf_name
822
823	vrf_name=$(master_name_get $if_name)
824	ip vrf exec $vrf_name \
825		$PING $args $dip -c 10 -i 0.1 -w $PING_TIMEOUT &> /dev/null
826}
827
828ping_test()
829{
830	RET=0
831
832	ping_do $1 $2
833	check_err $?
834	log_test "ping$3"
835}
836
837ping6_do()
838{
839	local if_name=$1
840	local dip=$2
841	local args=$3
842	local vrf_name
843
844	vrf_name=$(master_name_get $if_name)
845	ip vrf exec $vrf_name \
846		$PING6 $args $dip -c 10 -i 0.1 -w $PING_TIMEOUT &> /dev/null
847}
848
849ping6_test()
850{
851	RET=0
852
853	ping6_do $1 $2
854	check_err $?
855	log_test "ping6$3"
856}
857
858learning_test()
859{
860	local bridge=$1
861	local br_port1=$2	# Connected to `host1_if`.
862	local host1_if=$3
863	local host2_if=$4
864	local mac=de:ad:be:ef:13:37
865	local ageing_time
866
867	RET=0
868
869	bridge -j fdb show br $bridge brport $br_port1 \
870		| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
871	check_fail $? "Found FDB record when should not"
872
873	# Disable unknown unicast flooding on `br_port1` to make sure
874	# packets are only forwarded through the port after a matching
875	# FDB entry was installed.
876	bridge link set dev $br_port1 flood off
877
878	tc qdisc add dev $host1_if ingress
879	tc filter add dev $host1_if ingress protocol ip pref 1 handle 101 \
880		flower dst_mac $mac action drop
881
882	$MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
883	sleep 1
884
885	tc -j -s filter show dev $host1_if ingress \
886		| jq -e ".[] | select(.options.handle == 101) \
887		| select(.options.actions[0].stats.packets == 1)" &> /dev/null
888	check_fail $? "Packet reached second host when should not"
889
890	$MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
891	sleep 1
892
893	bridge -j fdb show br $bridge brport $br_port1 \
894		| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
895	check_err $? "Did not find FDB record when should"
896
897	$MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
898	sleep 1
899
900	tc -j -s filter show dev $host1_if ingress \
901		| jq -e ".[] | select(.options.handle == 101) \
902		| select(.options.actions[0].stats.packets == 1)" &> /dev/null
903	check_err $? "Packet did not reach second host when should"
904
905	# Wait for 10 seconds after the ageing time to make sure FDB
906	# record was aged-out.
907	ageing_time=$(bridge_ageing_time_get $bridge)
908	sleep $((ageing_time + 10))
909
910	bridge -j fdb show br $bridge brport $br_port1 \
911		| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
912	check_fail $? "Found FDB record when should not"
913
914	bridge link set dev $br_port1 learning off
915
916	$MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
917	sleep 1
918
919	bridge -j fdb show br $bridge brport $br_port1 \
920		| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
921	check_fail $? "Found FDB record when should not"
922
923	bridge link set dev $br_port1 learning on
924
925	tc filter del dev $host1_if ingress protocol ip pref 1 handle 101 flower
926	tc qdisc del dev $host1_if ingress
927
928	bridge link set dev $br_port1 flood on
929
930	log_test "FDB learning"
931}
932
933flood_test_do()
934{
935	local should_flood=$1
936	local mac=$2
937	local ip=$3
938	local host1_if=$4
939	local host2_if=$5
940	local err=0
941
942	# Add an ACL on `host2_if` which will tell us whether the packet
943	# was flooded to it or not.
944	tc qdisc add dev $host2_if ingress
945	tc filter add dev $host2_if ingress protocol ip pref 1 handle 101 \
946		flower dst_mac $mac action drop
947
948	$MZ $host1_if -c 1 -p 64 -b $mac -B $ip -t ip -q
949	sleep 1
950
951	tc -j -s filter show dev $host2_if ingress \
952		| jq -e ".[] | select(.options.handle == 101) \
953		| select(.options.actions[0].stats.packets == 1)" &> /dev/null
954	if [[ $? -ne 0 && $should_flood == "true" || \
955	      $? -eq 0 && $should_flood == "false" ]]; then
956		err=1
957	fi
958
959	tc filter del dev $host2_if ingress protocol ip pref 1 handle 101 flower
960	tc qdisc del dev $host2_if ingress
961
962	return $err
963}
964
965flood_unicast_test()
966{
967	local br_port=$1
968	local host1_if=$2
969	local host2_if=$3
970	local mac=de:ad:be:ef:13:37
971	local ip=192.0.2.100
972
973	RET=0
974
975	bridge link set dev $br_port flood off
976
977	flood_test_do false $mac $ip $host1_if $host2_if
978	check_err $? "Packet flooded when should not"
979
980	bridge link set dev $br_port flood on
981
982	flood_test_do true $mac $ip $host1_if $host2_if
983	check_err $? "Packet was not flooded when should"
984
985	log_test "Unknown unicast flood"
986}
987
988flood_multicast_test()
989{
990	local br_port=$1
991	local host1_if=$2
992	local host2_if=$3
993	local mac=01:00:5e:00:00:01
994	local ip=239.0.0.1
995
996	RET=0
997
998	bridge link set dev $br_port mcast_flood off
999
1000	flood_test_do false $mac $ip $host1_if $host2_if
1001	check_err $? "Packet flooded when should not"
1002
1003	bridge link set dev $br_port mcast_flood on
1004
1005	flood_test_do true $mac $ip $host1_if $host2_if
1006	check_err $? "Packet was not flooded when should"
1007
1008	log_test "Unregistered multicast flood"
1009}
1010
1011flood_test()
1012{
1013	# `br_port` is connected to `host2_if`
1014	local br_port=$1
1015	local host1_if=$2
1016	local host2_if=$3
1017
1018	flood_unicast_test $br_port $host1_if $host2_if
1019	flood_multicast_test $br_port $host1_if $host2_if
1020}
1021