1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4# Test for "tc action mirred egress mirror" when the underlay route points at a 5# vlan device on top of a bridge device with vlan filtering (802.1q). 6# 7# +---------------------+ +---------------------+ 8# | H1 | | H2 | 9# | + $h1 | | $h2 + | 10# | | 192.0.2.1/28 | | 192.0.2.2/28 | | 11# +-----|---------------+ +---------------|-----+ 12# | | 13# +-----|-------------------------------------------------------------|-----+ 14# | SW o--> mirred egress mirror dev {gt4,gt6} | | 15# | | | | 16# | +---|-------------------------------------------------------------|---+ | 17# | | + $swp1 br1 $swp2 + | | 18# | | | | 19# | | + $swp3 | | 20# | +---|-----------------------------------------------------------------+ | 21# | | | | 22# | | + br1.555 | 23# | | 192.0.2.130/28 | 24# | | 2001:db8:2::2/64 | 25# | | | 26# | | + gt6 (ip6gretap) + gt4 (gretap) | 27# | | : loc=2001:db8:2::1 : loc=192.0.2.129 | 28# | | : rem=2001:db8:2::2 : rem=192.0.2.130 | 29# | | : ttl=100 : ttl=100 | 30# | | : tos=inherit : tos=inherit | 31# | | : : | 32# +-----|---------------------:----------------------:----------------------+ 33# | : : 34# +-----|---------------------:----------------------:----------------------+ 35# | H3 + $h3 + h3-gt6 (ip6gretap) + h3-gt4 (gretap) | 36# | | loc=2001:db8:2::2 loc=192.0.2.130 | 37# | + $h3.555 rem=2001:db8:2::1 rem=192.0.2.129 | 38# | 192.0.2.130/28 ttl=100 ttl=100 | 39# | 2001:db8:2::2/64 tos=inherit tos=inherit | 40# | | 41# +-------------------------------------------------------------------------+ 42 43ALL_TESTS=" 44 test_gretap 45 test_ip6gretap 46 test_gretap_forbidden_cpu 47 test_ip6gretap_forbidden_cpu 48 test_gretap_forbidden_egress 49 test_ip6gretap_forbidden_egress 50 test_gretap_untagged_egress 51 test_ip6gretap_untagged_egress 52 test_gretap_fdb_roaming 53 test_ip6gretap_fdb_roaming 54 test_gretap_stp 55 test_ip6gretap_stp 56" 57 58NUM_NETIFS=6 59source lib.sh 60source mirror_lib.sh 61source mirror_gre_lib.sh 62source mirror_gre_topo_lib.sh 63 64require_command $ARPING 65 66h3_addr_add_del() 67{ 68 local add_del=$1; shift 69 local dev=$1; shift 70 71 ip addr $add_del dev $dev 192.0.2.130/28 72 ip addr $add_del dev $dev 2001:db8:2::2/64 73} 74 75setup_prepare() 76{ 77 h1=${NETIFS[p1]} 78 swp1=${NETIFS[p2]} 79 80 swp2=${NETIFS[p3]} 81 h2=${NETIFS[p4]} 82 83 swp3=${NETIFS[p5]} 84 h3=${NETIFS[p6]} 85 86 # gt4's remote address is at $h3.555, not $h3. Thus the packets arriving 87 # directly to $h3 for test_gretap_untagged_egress() are rejected by 88 # rp_filter and the test spuriously fails. 89 sysctl_set net.ipv4.conf.all.rp_filter 0 90 sysctl_set net.ipv4.conf.$h3.rp_filter 0 91 92 vrf_prepare 93 mirror_gre_topo_create 94 95 vlan_create br1 555 "" 192.0.2.129/32 2001:db8:2::1/128 96 bridge vlan add dev br1 vid 555 self 97 ip route rep 192.0.2.130/32 dev br1.555 98 ip -6 route rep 2001:db8:2::2/128 dev br1.555 99 100 vlan_create $h3 555 v$h3 101 h3_addr_add_del add $h3.555 102 103 ip link set dev $swp3 master br1 104 bridge vlan add dev $swp3 vid 555 105 bridge vlan add dev $swp2 vid 555 106} 107 108cleanup() 109{ 110 pre_cleanup 111 112 ip link set dev $swp2 nomaster 113 ip link set dev $swp3 nomaster 114 115 h3_addr_add_del del $h3.555 116 vlan_destroy $h3 555 117 vlan_destroy br1 555 118 119 mirror_gre_topo_destroy 120 vrf_cleanup 121 122 sysctl_restore net.ipv4.conf.$h3.rp_filter 123 sysctl_restore net.ipv4.conf.all.rp_filter 124} 125 126test_vlan_match() 127{ 128 local tundev=$1; shift 129 local vlan_match=$1; shift 130 local what=$1; shift 131 132 full_test_span_gre_dir_vlan $tundev ingress "$vlan_match" 8 0 "$what" 133 full_test_span_gre_dir_vlan $tundev egress "$vlan_match" 0 8 "$what" 134} 135 136test_gretap() 137{ 138 test_vlan_match gt4 'skip_hw vlan_id 555 vlan_ethtype ip' \ 139 "mirror to gretap" 140} 141 142test_ip6gretap() 143{ 144 test_vlan_match gt6 'skip_hw vlan_id 555 vlan_ethtype ip' \ 145 "mirror to ip6gretap" 146} 147 148test_span_gre_forbidden_cpu() 149{ 150 local tundev=$1; shift 151 local what=$1; shift 152 153 RET=0 154 155 # Run the pass-test first, to prime neighbor table. 156 mirror_install $swp1 ingress $tundev "matchall $tcflags" 157 quick_test_span_gre_dir $tundev ingress 158 159 # Now forbid the VLAN at the bridge and see it fail. 160 bridge vlan del dev br1 vid 555 self 161 sleep 1 162 fail_test_span_gre_dir $tundev ingress 163 164 bridge vlan add dev br1 vid 555 self 165 sleep 1 166 quick_test_span_gre_dir $tundev ingress 167 168 mirror_uninstall $swp1 ingress 169 170 log_test "$what: vlan forbidden at a bridge ($tcflags)" 171} 172 173test_gretap_forbidden_cpu() 174{ 175 test_span_gre_forbidden_cpu gt4 "mirror to gretap" 176} 177 178test_ip6gretap_forbidden_cpu() 179{ 180 test_span_gre_forbidden_cpu gt6 "mirror to ip6gretap" 181} 182 183test_span_gre_forbidden_egress() 184{ 185 local tundev=$1; shift 186 local what=$1; shift 187 188 RET=0 189 190 mirror_install $swp1 ingress $tundev "matchall $tcflags" 191 quick_test_span_gre_dir $tundev ingress 192 193 bridge vlan del dev $swp3 vid 555 194 sleep 1 195 fail_test_span_gre_dir $tundev ingress 196 197 bridge vlan add dev $swp3 vid 555 198 # Re-prime FDB 199 $ARPING -I br1.555 192.0.2.130 -fqc 1 200 sleep 1 201 quick_test_span_gre_dir $tundev ingress 202 203 mirror_uninstall $swp1 ingress 204 205 log_test "$what: vlan forbidden at a bridge egress ($tcflags)" 206} 207 208test_gretap_forbidden_egress() 209{ 210 test_span_gre_forbidden_egress gt4 "mirror to gretap" 211} 212 213test_ip6gretap_forbidden_egress() 214{ 215 test_span_gre_forbidden_egress gt6 "mirror to ip6gretap" 216} 217 218test_span_gre_untagged_egress() 219{ 220 local tundev=$1; shift 221 local what=$1; shift 222 223 RET=0 224 225 mirror_install $swp1 ingress $tundev "matchall $tcflags" 226 227 quick_test_span_gre_dir $tundev ingress 228 quick_test_span_vlan_dir $h3 555 ingress 229 230 h3_addr_add_del del $h3.555 231 bridge vlan add dev $swp3 vid 555 pvid untagged 232 h3_addr_add_del add $h3 233 sleep 5 234 235 quick_test_span_gre_dir $tundev ingress 236 fail_test_span_vlan_dir $h3 555 ingress 237 238 h3_addr_add_del del $h3 239 bridge vlan add dev $swp3 vid 555 240 h3_addr_add_del add $h3.555 241 sleep 5 242 243 quick_test_span_gre_dir $tundev ingress 244 quick_test_span_vlan_dir $h3 555 ingress 245 246 mirror_uninstall $swp1 ingress 247 248 log_test "$what: vlan untagged at a bridge egress ($tcflags)" 249} 250 251test_gretap_untagged_egress() 252{ 253 test_span_gre_untagged_egress gt4 "mirror to gretap" 254} 255 256test_ip6gretap_untagged_egress() 257{ 258 test_span_gre_untagged_egress gt6 "mirror to ip6gretap" 259} 260 261test_span_gre_fdb_roaming() 262{ 263 local tundev=$1; shift 264 local what=$1; shift 265 local h3mac=$(mac_get $h3) 266 267 RET=0 268 269 mirror_install $swp1 ingress $tundev "matchall $tcflags" 270 quick_test_span_gre_dir $tundev ingress 271 272 bridge fdb del dev $swp3 $h3mac vlan 555 master 273 bridge fdb add dev $swp2 $h3mac vlan 555 master 274 sleep 1 275 fail_test_span_gre_dir $tundev ingress 276 277 bridge fdb del dev $swp2 $h3mac vlan 555 master 278 # Re-prime FDB 279 $ARPING -I br1.555 192.0.2.130 -fqc 1 280 sleep 1 281 quick_test_span_gre_dir $tundev ingress 282 283 mirror_uninstall $swp1 ingress 284 285 log_test "$what: MAC roaming ($tcflags)" 286} 287 288test_gretap_fdb_roaming() 289{ 290 test_span_gre_fdb_roaming gt4 "mirror to gretap" 291} 292 293test_ip6gretap_fdb_roaming() 294{ 295 test_span_gre_fdb_roaming gt6 "mirror to ip6gretap" 296} 297 298test_gretap_stp() 299{ 300 full_test_span_gre_stp gt4 $swp3 "mirror to gretap" 301} 302 303test_ip6gretap_stp() 304{ 305 full_test_span_gre_stp gt6 $swp3 "mirror to ip6gretap" 306} 307 308test_all() 309{ 310 slow_path_trap_install $swp1 ingress 311 slow_path_trap_install $swp1 egress 312 313 tests_run 314 315 slow_path_trap_uninstall $swp1 egress 316 slow_path_trap_uninstall $swp1 ingress 317} 318 319trap cleanup EXIT 320 321setup_prepare 322setup_wait 323 324tcflags="skip_hw" 325test_all 326 327if ! tc_offload_check; then 328 echo "WARN: Could not test offloaded functionality" 329else 330 tcflags="skip_sw" 331 test_all 332fi 333 334exit $EXIT_STATUS 335