1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4ALL_TESTS="ping_ipv4 ping_ipv6 learning flooding vlan_deletion extern_learn other_tpid 8021p drop_untagged" 5NUM_NETIFS=4 6CHECK_TC="yes" 7source lib.sh 8 9h1_create() 10{ 11 simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64 12} 13 14h1_destroy() 15{ 16 simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64 17} 18 19h2_create() 20{ 21 simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64 22} 23 24h2_destroy() 25{ 26 simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64 27} 28 29switch_create() 30{ 31 ip link add dev br0 type bridge \ 32 vlan_filtering 1 \ 33 ageing_time $LOW_AGEING_TIME \ 34 mcast_snooping 0 35 36 ip link set dev $swp1 master br0 37 ip link set dev $swp2 master br0 38 39 ip link set dev br0 up 40 ip link set dev $swp1 up 41 ip link set dev $swp2 up 42} 43 44switch_destroy() 45{ 46 ip link set dev $swp2 down 47 ip link set dev $swp1 down 48 49 ip link del dev br0 50} 51 52setup_prepare() 53{ 54 h1=${NETIFS[p1]} 55 swp1=${NETIFS[p2]} 56 57 swp2=${NETIFS[p3]} 58 h2=${NETIFS[p4]} 59 60 vrf_prepare 61 62 h1_create 63 h2_create 64 65 switch_create 66} 67 68cleanup() 69{ 70 pre_cleanup 71 72 switch_destroy 73 74 h2_destroy 75 h1_destroy 76 77 vrf_cleanup 78} 79 80ping_ipv4() 81{ 82 ping_test $h1 192.0.2.2 83} 84 85ping_ipv6() 86{ 87 ping6_test $h1 2001:db8:1::2 88} 89 90learning() 91{ 92 learning_test "br0" $swp1 $h1 $h2 93} 94 95flooding() 96{ 97 flood_test $swp2 $h1 $h2 98} 99 100vlan_deletion() 101{ 102 # Test that the deletion of a VLAN on a bridge port does not affect 103 # the PVID VLAN 104 log_info "Add and delete a VLAN on bridge port $swp1" 105 106 bridge vlan add vid 10 dev $swp1 107 bridge vlan del vid 10 dev $swp1 108 109 ping_ipv4 110 ping_ipv6 111} 112 113extern_learn() 114{ 115 local mac=de:ad:be:ef:13:37 116 local ageing_time 117 118 # Test that externally learned FDB entries can roam, but not age out 119 RET=0 120 121 bridge fdb add de:ad:be:ef:13:37 dev $swp1 master extern_learn vlan 1 122 123 bridge fdb show brport $swp1 | grep -q de:ad:be:ef:13:37 124 check_err $? "Did not find FDB entry when should" 125 126 # Wait for 10 seconds after the ageing time to make sure the FDB entry 127 # was not aged out 128 ageing_time=$(bridge_ageing_time_get br0) 129 sleep $((ageing_time + 10)) 130 131 bridge fdb show brport $swp1 | grep -q de:ad:be:ef:13:37 132 check_err $? "FDB entry was aged out when should not" 133 134 $MZ $h2 -c 1 -p 64 -a $mac -t ip -q 135 136 bridge fdb show brport $swp2 | grep -q de:ad:be:ef:13:37 137 check_err $? "FDB entry did not roam when should" 138 139 log_test "Externally learned FDB entry - ageing & roaming" 140 141 bridge fdb del de:ad:be:ef:13:37 dev $swp2 master vlan 1 &> /dev/null 142 bridge fdb del de:ad:be:ef:13:37 dev $swp1 master vlan 1 &> /dev/null 143} 144 145other_tpid() 146{ 147 local mac=de:ad:be:ef:13:37 148 149 # Test that packets with TPID 802.1ad VID 3 + TPID 802.1Q VID 5 are 150 # classified as untagged by a bridge with vlan_protocol 802.1Q, and 151 # are processed in the PVID of the ingress port (here 1). Not VID 3, 152 # and not VID 5. 153 RET=0 154 155 tc qdisc add dev $h2 clsact 156 tc filter add dev $h2 ingress protocol all pref 1 handle 101 \ 157 flower dst_mac $mac action drop 158 ip link set $h2 promisc on 159 ethtool -K $h2 rx-vlan-filter off rx-vlan-stag-filter off 160 161 $MZ -q $h1 -c 1 -b $mac -a own "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa" 162 sleep 1 163 164 # Match on 'self' addresses as well, for those drivers which 165 # do not push their learned addresses to the bridge software 166 # database 167 bridge -j fdb show $swp1 | \ 168 jq -e ".[] | select(.mac == \"$(mac_get $h1)\") | select(.vlan == 1)" &> /dev/null 169 check_err $? "FDB entry was not learned when it should" 170 171 log_test "FDB entry in PVID for VLAN-tagged with other TPID" 172 173 RET=0 174 tc -j -s filter show dev $h2 ingress \ 175 | jq -e ".[] | select(.options.handle == 101) \ 176 | select(.options.actions[0].stats.packets == 1)" &> /dev/null 177 check_err $? "Packet was not forwarded when it should" 178 log_test "Reception of VLAN with other TPID as untagged" 179 180 bridge vlan del dev $swp1 vid 1 181 182 $MZ -q $h1 -c 1 -b $mac -a own "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa" 183 sleep 1 184 185 RET=0 186 tc -j -s filter show dev $h2 ingress \ 187 | jq -e ".[] | select(.options.handle == 101) \ 188 | select(.options.actions[0].stats.packets == 1)" &> /dev/null 189 check_err $? "Packet was forwarded when should not" 190 log_test "Reception of VLAN with other TPID as untagged (no PVID)" 191 192 bridge vlan add dev $swp1 vid 1 pvid untagged 193 ip link set $h2 promisc off 194 tc qdisc del dev $h2 clsact 195} 196 1978021p_do() 198{ 199 local should_fail=$1; shift 200 local mac=de:ad:be:ef:13:37 201 202 tc filter add dev $h2 ingress protocol all pref 1 handle 101 \ 203 flower dst_mac $mac action drop 204 205 $MZ -q $h1 -c 1 -b $mac -a own "81:00 00:00 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa" 206 sleep 1 207 208 tc -j -s filter show dev $h2 ingress \ 209 | jq -e ".[] | select(.options.handle == 101) \ 210 | select(.options.actions[0].stats.packets == 1)" &> /dev/null 211 check_err_fail $should_fail $? "802.1p-tagged reception" 212 213 tc filter del dev $h2 ingress pref 1 214} 215 2168021p() 217{ 218 RET=0 219 220 tc qdisc add dev $h2 clsact 221 ip link set $h2 promisc on 222 223 # Test that with the default_pvid, 1, packets tagged with VID 0 are 224 # accepted. 225 8021p_do 0 226 227 # Test that packets tagged with VID 0 are still accepted after changing 228 # the default_pvid. 229 ip link set br0 type bridge vlan_default_pvid 10 230 8021p_do 0 231 232 log_test "Reception of 802.1p-tagged traffic" 233 234 ip link set $h2 promisc off 235 tc qdisc del dev $h2 clsact 236} 237 238send_untagged_and_8021p() 239{ 240 ping_do $h1 192.0.2.2 241 check_fail $? 242 243 8021p_do 1 244} 245 246drop_untagged() 247{ 248 RET=0 249 250 tc qdisc add dev $h2 clsact 251 ip link set $h2 promisc on 252 253 # Test that with no PVID, untagged and 802.1p-tagged traffic is 254 # dropped. 255 ip link set br0 type bridge vlan_default_pvid 1 256 257 # First we reconfigure the default_pvid, 1, as a non-PVID VLAN. 258 bridge vlan add dev $swp1 vid 1 untagged 259 send_untagged_and_8021p 260 bridge vlan add dev $swp1 vid 1 pvid untagged 261 262 # Next we try to delete VID 1 altogether 263 bridge vlan del dev $swp1 vid 1 264 send_untagged_and_8021p 265 bridge vlan add dev $swp1 vid 1 pvid untagged 266 267 # Set up the bridge without a default_pvid, then check that the 8021q 268 # module, when the bridge port goes down and then up again, does not 269 # accidentally re-enable untagged packet reception. 270 ip link set br0 type bridge vlan_default_pvid 0 271 ip link set $swp1 down 272 ip link set $swp1 up 273 setup_wait 274 send_untagged_and_8021p 275 276 # Remove swp1 as a bridge port and let it rejoin the bridge while it 277 # has no default_pvid. 278 ip link set $swp1 nomaster 279 ip link set $swp1 master br0 280 send_untagged_and_8021p 281 282 # Restore settings 283 ip link set br0 type bridge vlan_default_pvid 1 284 285 log_test "Dropping of untagged and 802.1p-tagged traffic with no PVID" 286 287 ip link set $h2 promisc off 288 tc qdisc del dev $h2 clsact 289} 290 291trap cleanup EXIT 292 293setup_prepare 294setup_wait 295 296tests_run 297 298exit $EXIT_STATUS 299