xref: /linux/tools/testing/selftests/net/openvswitch/openvswitch.sh (revision 05416ada37aa4efe93f25b0532f551d424fb7b3d) 
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# OVS kernel module self tests
5
6trap ovs_exit_sig EXIT TERM INT ERR
7
8# Kselftest framework requirement - SKIP code is 4.
9ksft_skip=4
10
11PAUSE_ON_FAIL=no
12VERBOSE=0
13TRACING=0
14WAIT_TIMEOUT=5
15
16if test "X$KSFT_MACHINE_SLOW" == "Xyes"; then
17	WAIT_TIMEOUT=10
18fi
19
20tests="
21	arp_ping				eth-arp: Basic arp ping between two NS
22	ct_connect_v4				ip4-ct-xon: Basic ipv4 tcp connection using ct
23	connect_v4				ip4-xon: Basic ipv4 ping between two NS
24	nat_connect_v4				ip4-nat-xon: Basic ipv4 tcp connection via NAT
25	nat_related_v4				ip4-nat-related: ICMP related matches work with SNAT
26	netlink_checks				ovsnl: validate netlink attrs and settings
27	upcall_interfaces			ovs: test the upcall interfaces
28	tunnel_metadata				ovs: test extraction of tunnel metadata
29	tunnel_refcount				ovs: test tunnel vport reference cleanup
30	drop_reason				drop: test drop reasons are emitted
31	psample					psample: Sampling packets with psample"
32
33info() {
34	[ "${ovs_dir}" != "" ] &&
35		echo "`date +"[%m-%d %H:%M:%S]"` $*" >> ${ovs_dir}/debug.log
36	[ $VERBOSE = 0 ] || echo $*
37}
38
39ovs_wait() {
40	info "waiting $WAIT_TIMEOUT s for: $@"
41
42	if "$@" ; then
43		info "wait succeeded immediately"
44		return 0
45	fi
46
47	# A quick re-check helps speed up small races in fast systems.
48	# However, fractional sleeps might not necessarily work.
49	local start=0
50	sleep 0.1 || { sleep 1; start=1; }
51
52	for (( i=start; i<WAIT_TIMEOUT; i++ )); do
53		if "$@" ; then
54			info "wait succeeded after $i seconds"
55			return 0
56		fi
57		sleep 1
58	done
59	info "wait failed after $i seconds"
60	return 1
61}
62
63ovs_base=`pwd`
64sbxs=
65sbx_add () {
66	info "adding sandbox '$1'"
67
68	sbxs="$sbxs $1"
69
70	NO_BIN=0
71
72	# Create sandbox.
73	local d="$ovs_base"/$1
74	if [ -e $d ]; then
75		info "removing $d"
76		rm -rf "$d"
77	fi
78	mkdir "$d" || return 1
79	ovs_setenv $1
80}
81
82ovs_exit_sig() {
83	[ -e ${ovs_dir}/cleanup ] && . "$ovs_dir/cleanup"
84}
85
86on_exit() {
87	echo "$1" > ${ovs_dir}/cleanup.tmp
88	cat ${ovs_dir}/cleanup >> ${ovs_dir}/cleanup.tmp
89	mv ${ovs_dir}/cleanup.tmp ${ovs_dir}/cleanup
90}
91
92ovs_setenv() {
93	sandbox=$1
94
95	ovs_dir=$ovs_base${1:+/$1}; export ovs_dir
96
97	test -e ${ovs_dir}/cleanup || : > ${ovs_dir}/cleanup
98}
99
100ovs_sbx() {
101	if test "X$2" != X; then
102		(ovs_setenv $1; shift;
103		 info "run cmd: $@"; "$@" >> ${ovs_dir}/debug.log)
104	else
105		ovs_setenv $1
106	fi
107}
108
109ovs_add_dp () {
110	info "Adding DP/Bridge IF: sbx:$1 dp:$2 {$3, $4, $5}"
111	sbxname="$1"
112	shift
113	ovs_sbx "$sbxname" python3 $ovs_base/ovs-dpctl.py add-dp $*
114	on_exit "ovs_sbx $sbxname python3 $ovs_base/ovs-dpctl.py del-dp $1;"
115}
116
117ovs_add_if () {
118	info "Adding IF to DP: br:$3 if:$4 ($2)"
119	if [ "$5" != "-u" ]; then
120		ovs_sbx "$1" python3 $ovs_base/ovs-dpctl.py add-if \
121		    -t "$2" "$3" "$4" || return 1
122	else
123		python3 $ovs_base/ovs-dpctl.py add-if \
124		    -u -t "$2" "$3" "$4" >$ovs_dir/$4.out 2>$ovs_dir/$4.err &
125		pid=$!
126		on_exit "ovs_sbx $1 kill -TERM $pid 2>/dev/null"
127	fi
128}
129
130ovs_del_if () {
131	info "Deleting IF from DP: br:$2 if:$3"
132	ovs_sbx "$1" python3 $ovs_base/ovs-dpctl.py del-if "$2" "$3" || return 1
133}
134
135ovs_netns_spawn_daemon() {
136	sbx=$1
137	shift
138	netns=$1
139	shift
140	if [ "$netns" == "_default" ]; then
141		$*  >> $ovs_dir/stdout  2>> $ovs_dir/stderr &
142	else
143		ip netns exec $netns $*  >> $ovs_dir/stdout  2>> $ovs_dir/stderr &
144	fi
145	pid=$!
146	ovs_sbx "$sbx" on_exit "kill -TERM $pid 2>/dev/null"
147}
148
149ovs_spawn_daemon() {
150	sbx=$1
151	shift
152	ovs_netns_spawn_daemon $sbx "_default" $*
153}
154
155ovs_add_netns_and_veths () {
156	info "Adding netns attached: sbx:$1 dp:$2 {$3, $4, $5}"
157	ovs_sbx "$1" ip netns add "$3" || return 1
158	on_exit "ovs_sbx $1 ip netns del $3"
159	ovs_sbx "$1" ip link add "$4" type veth peer name "$5" || return 1
160	on_exit "ovs_sbx $1 ip link del $4 >/dev/null 2>&1"
161	ovs_sbx "$1" ip link set "$4" up || return 1
162	ovs_sbx "$1" ip link set "$5" netns "$3" || return 1
163	ovs_sbx "$1" ip netns exec "$3" ip link set "$5" up || return 1
164
165	if [ "$6" != "" ]; then
166		ovs_sbx "$1" ip netns exec "$3" ip addr add "$6" dev "$5" \
167		    || return 1
168	fi
169
170	if [ "$7" != "-u" ]; then
171		ovs_add_if "$1" "netdev" "$2" "$4" || return 1
172	else
173		ovs_add_if "$1" "netdev" "$2" "$4" -u || return 1
174	fi
175
176	if [ $TRACING -eq 1 ]; then
177		ovs_netns_spawn_daemon "$1" "$3" tcpdump -l -i any -s 6553
178		ovs_wait grep -q "listening on any" ${ovs_dir}/stderr
179	fi
180
181	return 0
182}
183
184ovs_add_flow () {
185	info "Adding flow to DP: sbx:$1 br:$2 flow:$3 act:$4"
186	ovs_sbx "$1" python3 $ovs_base/ovs-dpctl.py add-flow "$2" "$3" "$4"
187	if [ $? -ne 0 ]; then
188		info "Flow [ $3 : $4 ] failed"
189		return 1
190	fi
191	return 0
192}
193
194ovs_del_flows () {
195	info "Deleting all flows from DP: sbx:$1 br:$2"
196	ovs_sbx "$1" python3 $ovs_base/ovs-dpctl.py del-flows "$2"
197	return 0
198}
199
200ovs_drop_record_and_run () {
201	local sbx=$1
202	shift
203
204	perf record -a -q -e skb:kfree_skb -o ${ovs_dir}/perf.data $* \
205		>> ${ovs_dir}/stdout 2>> ${ovs_dir}/stderr
206	return $?
207}
208
209ovs_drop_reason_count()
210{
211	local reason=$1
212
213	local perf_output=`perf script -i ${ovs_dir}/perf.data -F trace:event,trace`
214	local pattern="skb:kfree_skb:.*reason: $reason"
215
216	return `echo "$perf_output" | grep "$pattern" | wc -l`
217}
218
219ovs_test_flow_fails () {
220	ERR_MSG="Flow actions may not be safe on all matching packets"
221
222	PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
223	ovs_add_flow $@ &> /dev/null $@ && return 1
224	POST_TEST=$(dmesg | grep -c "${ERR_MSG}")
225
226	if [ "$PRE_TEST" == "$POST_TEST" ]; then
227		return 1
228	fi
229	return 0
230}
231
232usage() {
233	echo
234	echo "$0 [OPTIONS] [TEST]..."
235	echo "If no TEST argument is given, all tests will be run."
236	echo
237	echo "Options"
238	echo "  -t: capture traffic via tcpdump"
239	echo "  -v: verbose"
240	echo "  -p: pause on failure"
241	echo
242	echo "Available tests${tests}"
243	exit 1
244}
245
246
247# psample test
248# - use psample to observe packets
249test_psample() {
250	sbx_add "test_psample" || return $?
251
252	# Add a datapath with per-vport dispatching.
253	ovs_add_dp "test_psample" psample -V 2:1 || return 1
254
255	info "create namespaces"
256	ovs_add_netns_and_veths "test_psample" "psample" \
257		client c0 c1 172.31.110.10/24 -u || return 1
258	ovs_add_netns_and_veths "test_psample" "psample" \
259		server s0 s1 172.31.110.20/24 -u || return 1
260
261	# Check if psample actions can be configured.
262	ovs_add_flow "test_psample" psample \
263	'in_port(1),eth(),eth_type(0x0806),arp()' 'psample(group=1)' &> /dev/null
264	if [ $? == 1 ]; then
265		info "no support for psample - skipping"
266		ovs_exit_sig
267		return $ksft_skip
268	fi
269
270	ovs_del_flows "test_psample" psample
271
272	# Test action verification.
273	OLDIFS=$IFS
274	IFS='*'
275	min_key='in_port(1),eth(),eth_type(0x0800),ipv4()'
276	for testcase in \
277		"cookie to large"*"psample(group=1,cookie=1615141312111009080706050403020100)" \
278		"no group with cookie"*"psample(cookie=abcd)" \
279		"no group"*"psample()";
280	do
281		set -- $testcase;
282		ovs_test_flow_fails "test_psample" psample $min_key $2
283		if [ $? == 1 ]; then
284			info "failed - $1"
285			return 1
286		fi
287	done
288	IFS=$OLDIFS
289
290	ovs_del_flows "test_psample" psample
291	# Allow ARP
292	ovs_add_flow "test_psample" psample \
293		'in_port(1),eth(),eth_type(0x0806),arp()' '2' || return 1
294	ovs_add_flow "test_psample" psample \
295		'in_port(2),eth(),eth_type(0x0806),arp()' '1' || return 1
296
297	# Sample first 14 bytes of all traffic.
298	ovs_add_flow "test_psample" psample \
299	    "in_port(1),eth(),eth_type(0x0800),ipv4()" \
300            "trunc(14),psample(group=1,cookie=c0ffee),2"
301
302	# Sample all traffic. In this case, use a sample() action with both
303	# psample and an upcall emulating simultaneous local sampling and
304	# sFlow / IPFIX.
305	nlpid=$(grep -E "listening on upcall packet handler" \
306            $ovs_dir/s0.out | cut -d ":" -f 2 | tr -d ' ')
307
308	ovs_add_flow "test_psample" psample \
309            "in_port(2),eth(),eth_type(0x0800),ipv4()" \
310            "sample(sample=100%,actions(psample(group=2,cookie=eeff0c),userspace(pid=${nlpid},userdata=eeff0c))),1"
311
312	# Record psample data.
313	ovs_spawn_daemon "test_psample" python3 $ovs_base/ovs-dpctl.py psample-events
314	ovs_wait grep -q "listening for psample events" ${ovs_dir}/stdout
315
316	# Send a single ping.
317	ovs_sbx "test_psample" ip netns exec client ping -I c1 172.31.110.20 -c 1 || return 1
318
319	# We should have received one userspace action upcall and 2 psample packets.
320	ovs_wait grep -q "userspace action command" $ovs_dir/s0.out || return 1
321
322	# client -> server samples should only contain the first 14 bytes of the packet.
323	ovs_wait grep -qE "rate:4294967295,group:1,cookie:c0ffee data:[0-9a-f]{28}$" \
324		$ovs_dir/stdout || return 1
325
326	ovs_wait grep -q "rate:4294967295,group:2,cookie:eeff0c" $ovs_dir/stdout || return 1
327
328	return 0
329}
330
331# drop_reason test
332# - drop packets and verify the right drop reason is reported
333test_drop_reason() {
334	which perf >/dev/null 2>&1 || return $ksft_skip
335	which pahole >/dev/null 2>&1 || return $ksft_skip
336
337	ovs_drop_subsys=$(pahole -C skb_drop_reason_subsys |
338			      awk '/OPENVSWITCH/ { print $3; }' |
339			      tr -d ,)
340
341	sbx_add "test_drop_reason" || return $?
342
343	ovs_add_dp "test_drop_reason" dropreason || return 1
344
345	info "create namespaces"
346	for ns in client server; do
347		ovs_add_netns_and_veths "test_drop_reason" "dropreason" "$ns" \
348			"${ns:0:1}0" "${ns:0:1}1" || return 1
349	done
350
351	# Setup client namespace
352	ip netns exec client ip addr add 172.31.110.10/24 dev c1
353	ip netns exec client ip link set c1 up
354
355	# Setup server namespace
356	ip netns exec server ip addr add 172.31.110.20/24 dev s1
357	ip netns exec server ip link set s1 up
358
359	# Check if drop reasons can be sent
360	ovs_add_flow "test_drop_reason" dropreason \
361		'in_port(1),eth(),eth_type(0x0806),arp()' 'drop(10)' 2>/dev/null
362	if [ $? == 1 ]; then
363		info "no support for drop reasons - skipping"
364		ovs_exit_sig
365		return $ksft_skip
366	fi
367
368	ovs_del_flows "test_drop_reason" dropreason
369
370	# Allow ARP
371	ovs_add_flow "test_drop_reason" dropreason \
372		'in_port(1),eth(),eth_type(0x0806),arp()' '2' || return 1
373	ovs_add_flow "test_drop_reason" dropreason \
374		'in_port(2),eth(),eth_type(0x0806),arp()' '1' || return 1
375
376	# Allow client ICMP traffic but drop return path
377	ovs_add_flow "test_drop_reason" dropreason \
378		"in_port(1),eth(),eth_type(0x0800),ipv4(src=172.31.110.10,proto=1),icmp()" '2'
379	ovs_add_flow "test_drop_reason" dropreason \
380		"in_port(2),eth(),eth_type(0x0800),ipv4(src=172.31.110.20,proto=1),icmp()" 'drop'
381
382	ovs_drop_record_and_run "test_drop_reason" ip netns exec client ping -c 2 172.31.110.20
383	ovs_drop_reason_count 0x${ovs_drop_subsys}0001 # OVS_DROP_FLOW_ACTION
384	if [[ "$?" -ne "2" ]]; then
385		info "Did not detect expected drops: $?"
386		return 1
387	fi
388
389	# Drop UDP 6000 traffic with an explicit action and an error code.
390	ovs_add_flow "test_drop_reason" dropreason \
391		"in_port(1),eth(),eth_type(0x0800),ipv4(src=172.31.110.10,proto=17),udp(dst=6000)" \
392                'drop(42)'
393	# Drop UDP 7000 traffic with an explicit action with no error code.
394	ovs_add_flow "test_drop_reason" dropreason \
395		"in_port(1),eth(),eth_type(0x0800),ipv4(src=172.31.110.10,proto=17),udp(dst=7000)" \
396                'drop(0)'
397
398	ovs_drop_record_and_run \
399            "test_drop_reason" ip netns exec client nc -i 1 -zuv 172.31.110.20 6000
400	ovs_drop_reason_count 0x${ovs_drop_subsys}0004 # OVS_DROP_EXPLICIT_ACTION_ERROR
401	if [[ "$?" -ne "1" ]]; then
402		info "Did not detect expected explicit error drops: $?"
403		return 1
404	fi
405
406	ovs_drop_record_and_run \
407            "test_drop_reason" ip netns exec client nc -i 1 -zuv 172.31.110.20 7000
408	ovs_drop_reason_count 0x${ovs_drop_subsys}0003 # OVS_DROP_EXPLICIT_ACTION
409	if [[ "$?" -ne "1" ]]; then
410		info "Did not detect expected explicit drops: $?"
411		return 1
412	fi
413
414	return 0
415}
416
417# arp_ping test
418# - client has 1500 byte MTU
419# - server has 1500 byte MTU
420# - send ARP ping between two ns
421test_arp_ping () {
422
423	which arping >/dev/null 2>&1 || return $ksft_skip
424
425	sbx_add "test_arp_ping" || return $?
426
427	ovs_add_dp "test_arp_ping" arpping || return 1
428
429	info "create namespaces"
430	for ns in client server; do
431		ovs_add_netns_and_veths "test_arp_ping" "arpping" "$ns" \
432		    "${ns:0:1}0" "${ns:0:1}1" || return 1
433	done
434
435	# Setup client namespace
436	ip netns exec client ip addr add 172.31.110.10/24 dev c1
437	ip netns exec client ip link set c1 up
438	HW_CLIENT=`ip netns exec client ip link show dev c1 | grep -E 'link/ether [0-9a-f:]+' | awk '{print $2;}'`
439	info "Client hwaddr: $HW_CLIENT"
440
441	# Setup server namespace
442	ip netns exec server ip addr add 172.31.110.20/24 dev s1
443	ip netns exec server ip link set s1 up
444	HW_SERVER=`ip netns exec server ip link show dev s1 | grep -E 'link/ether [0-9a-f:]+' | awk '{print $2;}'`
445	info "Server hwaddr: $HW_SERVER"
446
447	ovs_add_flow "test_arp_ping" arpping \
448		"in_port(1),eth(),eth_type(0x0806),arp(sip=172.31.110.10,tip=172.31.110.20,sha=$HW_CLIENT,tha=ff:ff:ff:ff:ff:ff)" '2' || return 1
449	ovs_add_flow "test_arp_ping" arpping \
450		"in_port(2),eth(),eth_type(0x0806),arp()" '1' || return 1
451
452	ovs_sbx "test_arp_ping" ip netns exec client arping -I c1 172.31.110.20 -c 1 || return 1
453
454	return 0
455}
456
457# ct_connect_v4 test
458#  - client has 1500 byte MTU
459#  - server has 1500 byte MTU
460#  - use ICMP to ping in each direction
461#  - only allow CT state stuff to pass through new in c -> s
462test_ct_connect_v4 () {
463
464	which nc >/dev/null 2>/dev/null || return $ksft_skip
465
466	sbx_add "test_ct_connect_v4" || return $?
467
468	ovs_add_dp "test_ct_connect_v4" ct4 || return 1
469	info "create namespaces"
470	for ns in client server; do
471		ovs_add_netns_and_veths "test_ct_connect_v4" "ct4" "$ns" \
472		    "${ns:0:1}0" "${ns:0:1}1" || return 1
473	done
474
475	ip netns exec client ip addr add 172.31.110.10/24 dev c1
476	ip netns exec client ip link set c1 up
477	ip netns exec server ip addr add 172.31.110.20/24 dev s1
478	ip netns exec server ip link set s1 up
479
480	# Add forwarding for ARP and ip packets - completely wildcarded
481	ovs_add_flow "test_ct_connect_v4" ct4 \
482		'in_port(1),eth(),eth_type(0x0806),arp()' '2' || return 1
483	ovs_add_flow "test_ct_connect_v4" ct4 \
484		'in_port(2),eth(),eth_type(0x0806),arp()' '1' || return 1
485	ovs_add_flow "test_ct_connect_v4" ct4 \
486		     'ct_state(-trk),eth(),eth_type(0x0800),ipv4()' \
487		     'ct(commit),recirc(0x1)' || return 1
488	ovs_add_flow "test_ct_connect_v4" ct4 \
489		     'recirc_id(0x1),ct_state(+trk+new),in_port(1),eth(),eth_type(0x0800),ipv4(src=172.31.110.10)' \
490		     '2' || return 1
491	ovs_add_flow "test_ct_connect_v4" ct4 \
492		     'recirc_id(0x1),ct_state(+trk+est),in_port(1),eth(),eth_type(0x0800),ipv4(src=172.31.110.10)' \
493		     '2' || return 1
494	ovs_add_flow "test_ct_connect_v4" ct4 \
495		     'recirc_id(0x1),ct_state(+trk+est),in_port(2),eth(),eth_type(0x0800),ipv4(dst=172.31.110.10)' \
496		     '1' || return 1
497	ovs_add_flow "test_ct_connect_v4" ct4 \
498		     'recirc_id(0x1),ct_state(+trk+inv),eth(),eth_type(0x0800),ipv4()' 'drop' || \
499		     return 1
500
501	# do a ping
502	ovs_sbx "test_ct_connect_v4" ip netns exec client ping 172.31.110.20 -c 3 || return 1
503
504	# create an echo server in 'server'
505	echo "server" | \
506		ovs_netns_spawn_daemon "test_ct_connect_v4" "server" \
507				nc -lvnp 4443
508	ovs_sbx "test_ct_connect_v4" ip netns exec client nc -i 1 -zv 172.31.110.20 4443 || return 1
509
510	# Now test in the other direction (should fail)
511	echo "client" | \
512		ovs_netns_spawn_daemon "test_ct_connect_v4" "client" \
513				nc -lvnp 4443
514	ovs_sbx "test_ct_connect_v4" ip netns exec client nc -i 1 -zv 172.31.110.10 4443
515	if [ $? == 0 ]; then
516	   info "ct connect to client was successful"
517	   return 1
518	fi
519
520	info "done..."
521	return 0
522}
523
524# connect_v4 test
525#  - client has 1500 byte MTU
526#  - server has 1500 byte MTU
527#  - use ICMP to ping in each direction
528test_connect_v4 () {
529
530	sbx_add "test_connect_v4" || return $?
531
532	ovs_add_dp "test_connect_v4" cv4 || return 1
533
534	info "create namespaces"
535	for ns in client server; do
536		ovs_add_netns_and_veths "test_connect_v4" "cv4" "$ns" \
537		    "${ns:0:1}0" "${ns:0:1}1" || return 1
538	done
539
540
541	ip netns exec client ip addr add 172.31.110.10/24 dev c1
542	ip netns exec client ip link set c1 up
543	ip netns exec server ip addr add 172.31.110.20/24 dev s1
544	ip netns exec server ip link set s1 up
545
546	# Add forwarding for ARP and ip packets - completely wildcarded
547	ovs_add_flow "test_connect_v4" cv4 \
548		'in_port(1),eth(),eth_type(0x0806),arp()' '2' || return 1
549	ovs_add_flow "test_connect_v4" cv4 \
550		'in_port(2),eth(),eth_type(0x0806),arp()' '1' || return 1
551	ovs_add_flow "test_connect_v4" cv4 \
552		'in_port(1),eth(),eth_type(0x0800),ipv4(src=172.31.110.10)' '2' || return 1
553	ovs_add_flow "test_connect_v4" cv4 \
554		'in_port(2),eth(),eth_type(0x0800),ipv4(src=172.31.110.20)' '1' || return 1
555
556	# do a ping
557	ovs_sbx "test_connect_v4" ip netns exec client ping 172.31.110.20 -c 3 || return 1
558
559	info "done..."
560	return 0
561}
562
563# nat_connect_v4 test
564#  - client has 1500 byte MTU
565#  - server has 1500 byte MTU
566#  - use ICMP to ping in each direction
567#  - only allow CT state stuff to pass through new in c -> s
568test_nat_connect_v4 () {
569	which nc >/dev/null 2>/dev/null || return $ksft_skip
570
571	sbx_add "test_nat_connect_v4" || return $?
572
573	ovs_add_dp "test_nat_connect_v4" nat4 || return 1
574	info "create namespaces"
575	for ns in client server; do
576		ovs_add_netns_and_veths "test_nat_connect_v4" "nat4" "$ns" \
577		    "${ns:0:1}0" "${ns:0:1}1" || return 1
578	done
579
580	ip netns exec client ip addr add 172.31.110.10/24 dev c1
581	ip netns exec client ip link set c1 up
582	ip netns exec server ip addr add 172.31.110.20/24 dev s1
583	ip netns exec server ip link set s1 up
584
585	ip netns exec client ip route add default via 172.31.110.20
586
587	ovs_add_flow "test_nat_connect_v4" nat4 \
588		'in_port(1),eth(),eth_type(0x0806),arp()' '2' || return 1
589	ovs_add_flow "test_nat_connect_v4" nat4 \
590		'in_port(2),eth(),eth_type(0x0806),arp()' '1' || return 1
591	ovs_add_flow "test_nat_connect_v4" nat4 \
592		"ct_state(-trk),in_port(1),eth(),eth_type(0x0800),ipv4(dst=192.168.0.20)" \
593		"ct(commit,nat(dst=172.31.110.20)),recirc(0x1)"
594	ovs_add_flow "test_nat_connect_v4" nat4 \
595		"ct_state(-trk),in_port(2),eth(),eth_type(0x0800),ipv4()" \
596		"ct(commit,nat),recirc(0x2)"
597
598	ovs_add_flow "test_nat_connect_v4" nat4 \
599		"recirc_id(0x1),ct_state(+trk-inv),in_port(1),eth(),eth_type(0x0800),ipv4()" "2"
600	ovs_add_flow "test_nat_connect_v4" nat4 \
601		"recirc_id(0x2),ct_state(+trk-inv),in_port(2),eth(),eth_type(0x0800),ipv4()" "1"
602
603	# do a ping
604	ovs_sbx "test_nat_connect_v4" ip netns exec client ping 192.168.0.20 -c 3 || return 1
605
606	# create an echo server in 'server'
607	echo "server" | \
608		ovs_netns_spawn_daemon "test_nat_connect_v4" "server" \
609				nc -lvnp 4443
610	ovs_sbx "test_nat_connect_v4" ip netns exec client nc -i 1 -zv 192.168.0.20 4443 || return 1
611
612	# Now test in the other direction (should fail)
613	echo "client" | \
614		ovs_netns_spawn_daemon "test_nat_connect_v4" "client" \
615				nc -lvnp 4443
616	ovs_sbx "test_nat_connect_v4" ip netns exec client nc -i 1 -zv 172.31.110.10 4443
617	if [ $? == 0 ]; then
618	   info "connect to client was successful"
619	   return 1
620	fi
621
622	info "done..."
623	return 0
624}
625
626# nat_related_v4 test
627#  - client->server ip packets go via SNAT
628#  - client solicits ICMP destination unreachable packet from server
629#  - undo NAT for ICMP reply and test dst ip has been updated
630test_nat_related_v4 () {
631	which nc >/dev/null 2>/dev/null || return $ksft_skip
632
633	sbx_add "test_nat_related_v4" || return $?
634
635	ovs_add_dp "test_nat_related_v4" natrelated4 || return 1
636	info "create namespaces"
637	for ns in client server; do
638		ovs_add_netns_and_veths "test_nat_related_v4" "natrelated4" "$ns" \
639			"${ns:0:1}0" "${ns:0:1}1" || return 1
640	done
641
642	ip netns exec client ip addr add 172.31.110.10/24 dev c1
643	ip netns exec client ip link set c1 up
644	ip netns exec server ip addr add 172.31.110.20/24 dev s1
645	ip netns exec server ip link set s1 up
646
647	ip netns exec server ip route add 192.168.0.20/32 via 172.31.110.10
648
649	# Allow ARP
650	ovs_add_flow "test_nat_related_v4" natrelated4 \
651		"in_port(1),eth(),eth_type(0x0806),arp()" "2" || return 1
652	ovs_add_flow "test_nat_related_v4" natrelated4 \
653		"in_port(2),eth(),eth_type(0x0806),arp()" "1" || return 1
654
655	# Allow IP traffic from client->server, rewrite source IP with SNAT to 192.168.0.20
656	ovs_add_flow "test_nat_related_v4" natrelated4 \
657		"ct_state(-trk),in_port(1),eth(),eth_type(0x0800),ipv4(dst=172.31.110.20)" \
658		"ct(commit,nat(src=192.168.0.20)),recirc(0x1)" || return 1
659	ovs_add_flow "test_nat_related_v4" natrelated4 \
660		"recirc_id(0x1),ct_state(+trk-inv),in_port(1),eth(),eth_type(0x0800),ipv4()" \
661		"2" || return 1
662
663	# Allow related ICMP responses back from server and undo NAT to restore original IP
664	# Drop any ICMP related packets where dst ip hasn't been restored back to original IP
665	ovs_add_flow "test_nat_related_v4" natrelated4 \
666		"ct_state(-trk),in_port(2),eth(),eth_type(0x0800),ipv4()" \
667		"ct(commit,nat),recirc(0x2)" || return 1
668	ovs_add_flow "test_nat_related_v4" natrelated4 \
669		"recirc_id(0x2),ct_state(+rel+trk),in_port(2),eth(),eth_type(0x0800),ipv4(src=172.31.110.20,dst=172.31.110.10,proto=1),icmp()" \
670		"1" || return 1
671	ovs_add_flow "test_nat_related_v4" natrelated4 \
672		"recirc_id(0x2),ct_state(+rel+trk),in_port(2),eth(),eth_type(0x0800),ipv4(dst=192.168.0.20,proto=1),icmp()" \
673		"drop" || return 1
674
675	# Solicit destination unreachable response from server
676	ovs_sbx "test_nat_related_v4" ip netns exec client \
677		bash -c "echo a | nc -u -w 1 172.31.110.20 10000"
678
679	# Check to make sure no packets matched the drop rule with incorrect dst ip
680	python3 "$ovs_base/ovs-dpctl.py" dump-flows natrelated4 \
681		| grep "drop" | grep "packets:0" >/dev/null || return 1
682
683	info "done..."
684	return 0
685}
686
687# netlink_validation
688# - Create a dp
689# - check no warning with "old version" simulation
690test_netlink_checks () {
691	sbx_add "test_netlink_checks" || return 1
692
693	info "setting up new DP"
694	ovs_add_dp "test_netlink_checks" nv0 || return 1
695	# now try again
696	PRE_TEST=$(dmesg | grep -E "RIP: [0-9a-fA-Fx]+:ovs_dp_cmd_new\+")
697	ovs_add_dp "test_netlink_checks" nv0 -V 0 || return 1
698	POST_TEST=$(dmesg | grep -E "RIP: [0-9a-fA-Fx]+:ovs_dp_cmd_new\+")
699	if [ "$PRE_TEST" != "$POST_TEST" ]; then
700		info "failed - gen warning"
701		return 1
702	fi
703
704	ovs_add_netns_and_veths "test_netlink_checks" nv0 left left0 l0 || \
705	    return 1
706	ovs_add_netns_and_veths "test_netlink_checks" nv0 right right0 r0 || \
707	    return 1
708	[ $(python3 $ovs_base/ovs-dpctl.py show nv0 | grep port | \
709	    wc -l) == 3 ] || \
710	      return 1
711	ovs_del_if "test_netlink_checks" nv0 right0 || return 1
712	[ $(python3 $ovs_base/ovs-dpctl.py show nv0 | grep port | \
713	    wc -l) == 2 ] || \
714	      return 1
715
716	info "Checking clone depth"
717	ERR_MSG="Flow actions may not be safe on all matching packets"
718	PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
719	ovs_add_flow "test_netlink_checks" nv0 \
720		'in_port(1),eth(),eth_type(0x800),ipv4()' \
721		'clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(drop)))))))))))))))))' \
722		>/dev/null 2>&1 && return 1
723	POST_TEST=$(dmesg | grep -c "${ERR_MSG}")
724
725	if [ "$PRE_TEST" == "$POST_TEST" ]; then
726		info "failed - clone depth too large"
727		return 1
728	fi
729
730	PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
731	ovs_add_flow "test_netlink_checks" nv0 \
732		'in_port(1),eth(),eth_type(0x0806),arp()' 'drop(0),2' \
733		&> /dev/null && return 1
734	POST_TEST=$(dmesg | grep -c "${ERR_MSG}")
735	if [ "$PRE_TEST" == "$POST_TEST" ]; then
736		info "failed - error not generated"
737		return 1
738	fi
739	return 0
740}
741
742test_upcall_interfaces() {
743	sbx_add "test_upcall_interfaces" || return 1
744
745	info "setting up new DP"
746	ovs_add_dp "test_upcall_interfaces" ui0 -V 2:1 || return 1
747
748	ovs_add_netns_and_veths "test_upcall_interfaces" ui0 upc left0 l0 \
749	    172.31.110.1/24 -u || return 1
750
751	ovs_wait grep -q "listening on upcall packet handler" ${ovs_dir}/left0.out
752
753	info "sending arping"
754	ip netns exec upc arping -I l0 172.31.110.20 -c 1 \
755	    >$ovs_dir/arping.stdout 2>$ovs_dir/arping.stderr
756
757	grep -E "MISS upcall\[0/yes\]: .*arp\(sip=172.31.110.1,tip=172.31.110.20,op=1,sha=" $ovs_dir/left0.out >/dev/null 2>&1 || return 1
758	return 0
759}
760
761ovs_add_kernel_tunnel() {
762	local sbxname=$1; shift
763	local ns=$1; shift
764	local tnl_type=$1; shift
765	local name=$1; shift
766	local addr=$1; shift
767
768	info "setting up kernel ${tnl_type} tunnel ${name}"
769	ovs_sbx "${sbxname}" ip -netns ${ns} link add dev ${name} type ${tnl_type} $* || return 1
770	on_exit "ovs_sbx ${sbxname} ip -netns ${ns} link del ${name} >/dev/null 2>&1"
771	ovs_sbx "${sbxname}" ip -netns ${ns} addr add dev ${name} ${addr} || return 1
772	ovs_sbx "${sbxname}" ip -netns ${ns} link set dev ${name} mtu 1450 up || return 1
773}
774
775test_tunnel_metadata() {
776	which arping >/dev/null 2>&1 || return $ksft_skip
777
778	sbxname="test_tunnel_metadata"
779	sbx_add "${sbxname}" || return 1
780
781	info "setting up new DP"
782	ovs_add_dp "${sbxname}" tdp0 -V 2:1 || return 1
783
784	ovs_add_netns_and_veths "${sbxname}" tdp0 tns left0 l0 \
785		172.31.110.1/24 || return 1
786
787	info "removing veth interface from openvswitch and setting IP"
788	ovs_del_if "${sbxname}" tdp0 left0 || return 1
789	ovs_sbx "${sbxname}" ip addr add 172.31.110.2/24 dev left0 || return 1
790	ovs_sbx "${sbxname}" ip link set left0 up || return 1
791
792	info "setting up tunnel port in openvswitch"
793	ovs_add_if "${sbxname}" "vxlan" tdp0 ovs-vxlan0 -u || return 1
794	on_exit "ovs_sbx ${sbxname} ip link del ovs-vxlan0"
795	ovs_wait ip link show ovs-vxlan0 &>/dev/null || return 1
796	ovs_sbx "${sbxname}" ip link set ovs-vxlan0 up || return 1
797
798	configs=$(echo '
799	    1 172.31.221.1/24 1155332 32   set   udpcsum flags\(df\|csum\)
800	    2 172.31.222.1/24 1234567 45   set noudpcsum flags\(df\)
801	    3 172.31.223.1/24 1020304 23 unset   udpcsum flags\(csum\)
802	    4 172.31.224.1/24 1357986 15 unset noudpcsum' | sed '/^$/d')
803
804	while read -r i addr id ttl df csum flags; do
805		ovs_add_kernel_tunnel "${sbxname}" tns vxlan vxlan${i} ${addr} \
806			remote 172.31.110.2 id ${id} dstport 4789 \
807			ttl ${ttl} df ${df} ${csum} || return 1
808	done <<< "${configs}"
809
810	ovs_wait grep -q 'listening on upcall packet handler' \
811		${ovs_dir}/ovs-vxlan0.out || return 1
812
813	info "sending arping"
814	for i in 1 2 3 4; do
815		ovs_sbx "${sbxname}" ip netns exec tns \
816			arping -I vxlan${i} 172.31.22${i}.2 -c 1 \
817			>${ovs_dir}/arping.stdout 2>${ovs_dir}/arping.stderr
818	done
819
820	info "checking that received decapsulated packets carry correct metadata"
821	while read -r i addr id ttl df csum flags; do
822		arp_hdr="arp\\(sip=172.31.22${i}.1,tip=172.31.22${i}.2,op=1,sha="
823		addrs="src=172.31.110.1,dst=172.31.110.2"
824		ports="tp_src=[0-9]*,tp_dst=4789"
825		tnl_md="tunnel\\(tun_id=${id},${addrs},ttl=${ttl},${ports},${flags}\\)"
826
827		ovs_sbx "${sbxname}" grep -qE "MISS upcall.*${tnl_md}.*${arp_hdr}" \
828			${ovs_dir}/ovs-vxlan0.out || return 1
829	done <<< "${configs}"
830
831	return 0
832}
833
834test_tunnel_refcount() {
835	sbxname="test_tunnel_refcount"
836	sbx_add "${sbxname}" || return 1
837
838	ovs_sbx "${sbxname}" ip netns add trefns || return 1
839	on_exit "ovs_sbx ${sbxname} ip netns del trefns"
840
841	for tun_type in gre vxlan geneve; do
842		info "testing ${tun_type} tunnel vport refcount"
843
844		ovs_sbx "${sbxname}" ip netns exec trefns \
845			python3 $ovs_base/ovs-dpctl.py \
846			add-dp dp-${tun_type} || return 1
847
848		ovs_sbx "${sbxname}" ip netns exec trefns \
849			python3 $ovs_base/ovs-dpctl.py \
850			add-if --no-lwt -t ${tun_type} \
851			dp-${tun_type} ovs-${tun_type}0 || return 1
852
853		ovs_wait ip -netns trefns link show \
854			ovs-${tun_type}0 >/dev/null 2>&1 || return 1
855
856		info "deleting dp - may hang if reference counting is broken"
857		ovs_sbx "${sbxname}" ip netns exec trefns \
858			python3 $ovs_base/ovs-dpctl.py \
859			del-dp dp-${tun_type} &
860
861		dev_removed() {
862			! ip -netns trefns link show "$1" >/dev/null 2>&1
863		}
864		ovs_wait dev_removed dp-${tun_type} || return 1
865		ovs_wait dev_removed ovs-${tun_type}0 || return 1
866	done
867	return 0
868}
869
870run_test() {
871	(
872	tname="$1"
873	tdesc="$2"
874
875	if python3 ovs-dpctl.py -h 2>&1 | \
876	     grep -E "Need to (install|upgrade) the python" >/dev/null 2>&1; then
877		stdbuf -o0 printf "TEST: %-60s  [PYLIB]\n" "${tdesc}"
878		return $ksft_skip
879	fi
880
881	python3 ovs-dpctl.py show >/dev/null 2>&1 || \
882		echo "[DPCTL] show exception."
883
884	if ! lsmod | grep openvswitch >/dev/null 2>&1; then
885		stdbuf -o0 printf "TEST: %-60s  [NOMOD]\n" "${tdesc}"
886		return $ksft_skip
887	fi
888
889	printf "TEST: %-60s  [START]\n" "${tname}"
890
891	unset IFS
892
893	eval test_${tname}
894	ret=$?
895
896	if [ $ret -eq 0 ]; then
897		printf "TEST: %-60s  [ OK ]\n" "${tdesc}"
898		ovs_exit_sig
899		rm -rf "$ovs_dir"
900	elif [ $ret -eq 1 ]; then
901		printf "TEST: %-60s  [FAIL]\n" "${tdesc}"
902		if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
903			echo
904			echo "Pausing. Logs in $ovs_dir/. Hit enter to continue"
905			read a
906		fi
907		ovs_exit_sig
908		[ "${PAUSE_ON_FAIL}" = "yes" ] || rm -rf "$ovs_dir"
909		exit 1
910	elif [ $ret -eq $ksft_skip ]; then
911		printf "TEST: %-60s  [SKIP]\n" "${tdesc}"
912	elif [ $ret -eq 2 ]; then
913		rm -rf test_${tname}
914		run_test "$1" "$2"
915	fi
916
917	return $ret
918	)
919	ret=$?
920	case $ret in
921		0)
922			[ $all_skipped = true ] && [ $exitcode=$ksft_skip ] && exitcode=0
923			all_skipped=false
924		;;
925		$ksft_skip)
926			[ $all_skipped = true ] && exitcode=$ksft_skip
927		;;
928		*)
929			all_skipped=false
930			exitcode=1
931		;;
932	esac
933
934	return $ret
935}
936
937
938exitcode=0
939desc=0
940all_skipped=true
941
942while getopts :pvt o
943do
944	case $o in
945	p) PAUSE_ON_FAIL=yes;;
946	v) VERBOSE=1;;
947	t) if which tcpdump > /dev/null 2>&1; then
948		TRACING=1
949	   else
950		echo "=== tcpdump not available, tracing disabled"
951	   fi
952	   ;;
953	*) usage;;
954	esac
955done
956shift $(($OPTIND-1))
957
958IFS="
959"
960
961for arg do
962	# Check first that all requested tests are available before running any
963	command -v > /dev/null "test_${arg}" || { echo "=== Test ${arg} not found"; usage; }
964done
965
966name=""
967desc=""
968for t in ${tests}; do
969	[ "${name}" = "" ]	&& name="${t}"	&& continue
970	[ "${desc}" = "" ]	&& desc="${t}"
971
972	run_this=1
973	for arg do
974		[ "${arg}" != "${arg#--*}" ] && continue
975		[ "${arg}" = "${name}" ] && run_this=1 && break
976		run_this=0
977	done
978	if [ $run_this -eq 1 ]; then
979		run_test "${name}" "${desc}"
980	fi
981	name=""
982	desc=""
983done
984
985exit ${exitcode}
986