xref: /linux/tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh (revision 186779c036468038b0d077ec5333a51512f867e5)
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4ALL_TESTS="ping_ipv4 ping_ipv6 learning flooding vlan_deletion extern_learn other_tpid 8021p drop_untagged"
5NUM_NETIFS=4
6CHECK_TC="yes"
7source lib.sh
8
9h1_create()
10{
11	simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64
12}
13
14h1_destroy()
15{
16	simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
17}
18
19h2_create()
20{
21	simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64
22}
23
24h2_destroy()
25{
26	simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64
27}
28
29switch_create()
30{
31	ip link add dev br0 type bridge \
32		vlan_filtering 1 \
33		ageing_time $LOW_AGEING_TIME \
34		mcast_snooping 0
35
36	ip link set dev $swp1 master br0
37	ip link set dev $swp2 master br0
38
39	ip link set dev br0 up
40	ip link set dev $swp1 up
41	ip link set dev $swp2 up
42}
43
44switch_destroy()
45{
46	ip link set dev $swp2 down
47	ip link set dev $swp1 down
48
49	ip link del dev br0
50}
51
52setup_prepare()
53{
54	h1=${NETIFS[p1]}
55	swp1=${NETIFS[p2]}
56
57	swp2=${NETIFS[p3]}
58	h2=${NETIFS[p4]}
59
60	vrf_prepare
61
62	h1_create
63	h2_create
64
65	switch_create
66}
67
68cleanup()
69{
70	pre_cleanup
71
72	switch_destroy
73
74	h2_destroy
75	h1_destroy
76
77	vrf_cleanup
78}
79
80ping_ipv4()
81{
82	ping_test $h1 192.0.2.2
83}
84
85ping_ipv6()
86{
87	ping6_test $h1 2001:db8:1::2
88}
89
90learning()
91{
92	learning_test "br0" $swp1 $h1 $h2
93}
94
95flooding()
96{
97	flood_test $swp2 $h1 $h2
98}
99
100vlan_deletion()
101{
102	# Test that the deletion of a VLAN on a bridge port does not affect
103	# the PVID VLAN
104	log_info "Add and delete a VLAN on bridge port $swp1"
105
106	bridge vlan add vid 10 dev $swp1
107	bridge vlan del vid 10 dev $swp1
108
109	ping_ipv4
110	ping_ipv6
111}
112
113extern_learn()
114{
115	local mac=de:ad:be:ef:13:37
116	local ageing_time
117
118	# Test that externally learned FDB entries can roam, but not age out
119	RET=0
120
121	bridge fdb add de:ad:be:ef:13:37 dev $swp1 master extern_learn vlan 1
122
123	bridge fdb show brport $swp1 | grep -q de:ad:be:ef:13:37
124	check_err $? "Did not find FDB entry when should"
125
126	# Wait for 10 seconds after the ageing time to make sure the FDB entry
127	# was not aged out
128	ageing_time=$(bridge_ageing_time_get br0)
129	sleep $((ageing_time + 10))
130
131	bridge fdb show brport $swp1 | grep -q de:ad:be:ef:13:37
132	check_err $? "FDB entry was aged out when should not"
133
134	$MZ $h2 -c 1 -p 64 -a $mac -t ip -q
135
136	bridge fdb show brport $swp2 | grep -q de:ad:be:ef:13:37
137	check_err $? "FDB entry did not roam when should"
138
139	log_test "Externally learned FDB entry - ageing & roaming"
140
141	bridge fdb del de:ad:be:ef:13:37 dev $swp2 master vlan 1 &> /dev/null
142	bridge fdb del de:ad:be:ef:13:37 dev $swp1 master vlan 1 &> /dev/null
143}
144
145other_tpid()
146{
147	local mac=de:ad:be:ef:13:37
148
149	# Test that packets with TPID 802.1ad VID 3 + TPID 802.1Q VID 5 are
150	# classified as untagged by a bridge with vlan_protocol 802.1Q, and
151	# are processed in the PVID of the ingress port (here 1). Not VID 3,
152	# and not VID 5.
153	RET=0
154
155	tc qdisc add dev $h2 clsact
156	tc filter add dev $h2 ingress protocol all pref 1 handle 101 \
157		flower dst_mac $mac action drop
158	ip link set $h2 promisc on
159	ethtool -K $h2 rx-vlan-filter off rx-vlan-stag-filter off
160
161	$MZ -q $h1 -c 1 -b $mac -a own "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
162	sleep 1
163
164	# Match on 'self' addresses as well, for those drivers which
165	# do not push their learned addresses to the bridge software
166	# database
167	bridge -j fdb show $swp1 | \
168		jq -e ".[] | select(.mac == \"$(mac_get $h1)\") | select(.vlan == 1)" &> /dev/null
169	check_err $? "FDB entry was not learned when it should"
170
171	log_test "FDB entry in PVID for VLAN-tagged with other TPID"
172
173	RET=0
174	tc -j -s filter show dev $h2 ingress \
175		| jq -e ".[] | select(.options.handle == 101) \
176		| select(.options.actions[0].stats.packets == 1)" &> /dev/null
177	check_err $? "Packet was not forwarded when it should"
178	log_test "Reception of VLAN with other TPID as untagged"
179
180	bridge vlan del dev $swp1 vid 1
181
182	$MZ -q $h1 -c 1 -b $mac -a own "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
183	sleep 1
184
185	RET=0
186	tc -j -s filter show dev $h2 ingress \
187		| jq -e ".[] | select(.options.handle == 101) \
188		| select(.options.actions[0].stats.packets == 1)" &> /dev/null
189	check_err $? "Packet was forwarded when should not"
190	log_test "Reception of VLAN with other TPID as untagged (no PVID)"
191
192	bridge vlan add dev $swp1 vid 1 pvid untagged
193	ip link set $h2 promisc off
194	tc qdisc del dev $h2 clsact
195}
196
1978021p_do()
198{
199	local should_fail=$1; shift
200	local mac=de:ad:be:ef:13:37
201
202	tc filter add dev $h2 ingress protocol all pref 1 handle 101 \
203		flower dst_mac $mac action drop
204
205	$MZ -q $h1 -c 1 -b $mac -a own "81:00 00:00 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
206	sleep 1
207
208	tc -j -s filter show dev $h2 ingress \
209		| jq -e ".[] | select(.options.handle == 101) \
210		| select(.options.actions[0].stats.packets == 1)" &> /dev/null
211	check_err_fail $should_fail $? "802.1p-tagged reception"
212
213	tc filter del dev $h2 ingress pref 1
214}
215
2168021p()
217{
218	RET=0
219
220	tc qdisc add dev $h2 clsact
221	ip link set $h2 promisc on
222
223	# Test that with the default_pvid, 1, packets tagged with VID 0 are
224	# accepted.
225	8021p_do 0
226
227	# Test that packets tagged with VID 0 are still accepted after changing
228	# the default_pvid.
229	ip link set br0 type bridge vlan_default_pvid 10
230	8021p_do 0
231
232	log_test "Reception of 802.1p-tagged traffic"
233
234	ip link set $h2 promisc off
235	tc qdisc del dev $h2 clsact
236}
237
238send_untagged_and_8021p()
239{
240	ping_do $h1 192.0.2.2
241	check_fail $?
242
243	8021p_do 1
244}
245
246drop_untagged()
247{
248	RET=0
249
250	tc qdisc add dev $h2 clsact
251	ip link set $h2 promisc on
252
253	# Test that with no PVID, untagged and 802.1p-tagged traffic is
254	# dropped.
255	ip link set br0 type bridge vlan_default_pvid 1
256
257	# First we reconfigure the default_pvid, 1, as a non-PVID VLAN.
258	bridge vlan add dev $swp1 vid 1 untagged
259	send_untagged_and_8021p
260	bridge vlan add dev $swp1 vid 1 pvid untagged
261
262	# Next we try to delete VID 1 altogether
263	bridge vlan del dev $swp1 vid 1
264	send_untagged_and_8021p
265	bridge vlan add dev $swp1 vid 1 pvid untagged
266
267	# Set up the bridge without a default_pvid, then check that the 8021q
268	# module, when the bridge port goes down and then up again, does not
269	# accidentally re-enable untagged packet reception.
270	ip link set br0 type bridge vlan_default_pvid 0
271	ip link set $swp1 down
272	ip link set $swp1 up
273	setup_wait
274	send_untagged_and_8021p
275
276	# Remove swp1 as a bridge port and let it rejoin the bridge while it
277	# has no default_pvid.
278	ip link set $swp1 nomaster
279	ip link set $swp1 master br0
280	send_untagged_and_8021p
281
282	# Restore settings
283	ip link set br0 type bridge vlan_default_pvid 1
284
285	log_test "Dropping of untagged and 802.1p-tagged traffic with no PVID"
286
287	ip link set $h2 promisc off
288	tc qdisc del dev $h2 clsact
289}
290
291trap cleanup EXIT
292
293setup_prepare
294setup_wait
295
296tests_run
297
298exit $EXIT_STATUS
299