xref: /linux/tools/testing/selftests/net/test_vxlan_mdb.sh (revision 5027ec19f1049a07df5b0a37b1f462514cf2724b)
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# This test is for checking VXLAN MDB functionality. The topology consists of
5# two sets of namespaces: One for the testing of IPv4 underlay and another for
6# IPv6. In both cases, both IPv4 and IPv6 overlay traffic are tested.
7#
8# Data path functionality is tested by sending traffic from one of the upper
9# namespaces and checking using ingress tc filters that the expected traffic
10# was received by one of the lower namespaces.
11#
12# +------------------------------------+ +------------------------------------+
13# | ns1_v4                             | | ns1_v6                             |
14# |                                    | |                                    |
15# |    br0.10    br0.4000  br0.20      | |    br0.10    br0.4000  br0.20      |
16# |       +         +         +        | |       +         +         +        |
17# |       |         |         |        | |       |         |         |        |
18# |       |         |         |        | |       |         |         |        |
19# |       +---------+---------+        | |       +---------+---------+        |
20# |                 |                  | |                 |                  |
21# |                 |                  | |                 |                  |
22# |                 +                  | |                 +                  |
23# |                br0                 | |                br0                 |
24# |                 +                  | |                 +                  |
25# |                 |                  | |                 |                  |
26# |                 |                  | |                 |                  |
27# |                 +                  | |                 +                  |
28# |                vx0                 | |                vx0                 |
29# |                                    | |                                    |
30# |                                    | |                                    |
31# |               veth0                | |               veth0                |
32# |                 +                  | |                 +                  |
33# +-----------------|------------------+ +-----------------|------------------+
34#                   |                                      |
35# +-----------------|------------------+ +-----------------|------------------+
36# |                 +                  | |                 +                  |
37# |               veth0                | |               veth0                |
38# |                                    | |                                    |
39# |                                    | |                                    |
40# |                vx0                 | |                vx0                 |
41# |                 +                  | |                 +                  |
42# |                 |                  | |                 |                  |
43# |                 |                  | |                 |                  |
44# |                 +                  | |                 +                  |
45# |                br0                 | |                br0                 |
46# |                 +                  | |                 +                  |
47# |                 |                  | |                 |                  |
48# |                 |                  | |                 |                  |
49# |       +---------+---------+        | |       +---------+---------+        |
50# |       |         |         |        | |       |         |         |        |
51# |       |         |         |        | |       |         |         |        |
52# |       +         +         +        | |       +         +         +        |
53# |    br0.10    br0.4000  br0.10      | |    br0.10    br0.4000  br0.20      |
54# |                                    | |                                    |
55# | ns2_v4                             | | ns2_v6                             |
56# +------------------------------------+ +------------------------------------+
57
58ret=0
59# Kselftest framework requirement - SKIP code is 4.
60ksft_skip=4
61
62CONTROL_PATH_TESTS="
63	basic_star_g_ipv4_ipv4
64	basic_star_g_ipv6_ipv4
65	basic_star_g_ipv4_ipv6
66	basic_star_g_ipv6_ipv6
67	basic_sg_ipv4_ipv4
68	basic_sg_ipv6_ipv4
69	basic_sg_ipv4_ipv6
70	basic_sg_ipv6_ipv6
71	star_g_ipv4_ipv4
72	star_g_ipv6_ipv4
73	star_g_ipv4_ipv6
74	star_g_ipv6_ipv6
75	sg_ipv4_ipv4
76	sg_ipv6_ipv4
77	sg_ipv4_ipv6
78	sg_ipv6_ipv6
79	dump_ipv4_ipv4
80	dump_ipv6_ipv4
81	dump_ipv4_ipv6
82	dump_ipv6_ipv6
83"
84
85DATA_PATH_TESTS="
86	encap_params_ipv4_ipv4
87	encap_params_ipv6_ipv4
88	encap_params_ipv4_ipv6
89	encap_params_ipv6_ipv6
90	starg_exclude_ir_ipv4_ipv4
91	starg_exclude_ir_ipv6_ipv4
92	starg_exclude_ir_ipv4_ipv6
93	starg_exclude_ir_ipv6_ipv6
94	starg_include_ir_ipv4_ipv4
95	starg_include_ir_ipv6_ipv4
96	starg_include_ir_ipv4_ipv6
97	starg_include_ir_ipv6_ipv6
98	starg_exclude_p2mp_ipv4_ipv4
99	starg_exclude_p2mp_ipv6_ipv4
100	starg_exclude_p2mp_ipv4_ipv6
101	starg_exclude_p2mp_ipv6_ipv6
102	starg_include_p2mp_ipv4_ipv4
103	starg_include_p2mp_ipv6_ipv4
104	starg_include_p2mp_ipv4_ipv6
105	starg_include_p2mp_ipv6_ipv6
106	egress_vni_translation_ipv4_ipv4
107	egress_vni_translation_ipv6_ipv4
108	egress_vni_translation_ipv4_ipv6
109	egress_vni_translation_ipv6_ipv6
110	all_zeros_mdb_ipv4
111	all_zeros_mdb_ipv6
112	mdb_fdb_ipv4_ipv4
113	mdb_fdb_ipv6_ipv4
114	mdb_fdb_ipv4_ipv6
115	mdb_fdb_ipv6_ipv6
116	mdb_torture_ipv4_ipv4
117	mdb_torture_ipv6_ipv4
118	mdb_torture_ipv4_ipv6
119	mdb_torture_ipv6_ipv6
120"
121
122# All tests in this script. Can be overridden with -t option.
123TESTS="
124	$CONTROL_PATH_TESTS
125	$DATA_PATH_TESTS
126"
127VERBOSE=0
128PAUSE_ON_FAIL=no
129PAUSE=no
130
131################################################################################
132# Utilities
133
134log_test()
135{
136	local rc=$1
137	local expected=$2
138	local msg="$3"
139
140	if [ ${rc} -eq ${expected} ]; then
141		printf "TEST: %-60s  [ OK ]\n" "${msg}"
142		nsuccess=$((nsuccess+1))
143	else
144		ret=1
145		nfail=$((nfail+1))
146		printf "TEST: %-60s  [FAIL]\n" "${msg}"
147		if [ "$VERBOSE" = "1" ]; then
148			echo "    rc=$rc, expected $expected"
149		fi
150
151		if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
152		echo
153			echo "hit enter to continue, 'q' to quit"
154			read a
155			[ "$a" = "q" ] && exit 1
156		fi
157	fi
158
159	if [ "${PAUSE}" = "yes" ]; then
160		echo
161		echo "hit enter to continue, 'q' to quit"
162		read a
163		[ "$a" = "q" ] && exit 1
164	fi
165
166	[ "$VERBOSE" = "1" ] && echo
167}
168
169run_cmd()
170{
171	local cmd="$1"
172	local out
173	local stderr="2>/dev/null"
174
175	if [ "$VERBOSE" = "1" ]; then
176		printf "COMMAND: $cmd\n"
177		stderr=
178	fi
179
180	out=$(eval $cmd $stderr)
181	rc=$?
182	if [ "$VERBOSE" = "1" -a -n "$out" ]; then
183		echo "    $out"
184	fi
185
186	return $rc
187}
188
189tc_check_packets()
190{
191	local ns=$1; shift
192	local id=$1; shift
193	local handle=$1; shift
194	local count=$1; shift
195	local pkts
196
197	sleep 0.1
198	pkts=$(tc -n $ns -j -s filter show $id \
199		| jq ".[] | select(.options.handle == $handle) | \
200		.options.actions[0].stats.packets")
201	[[ $pkts == $count ]]
202}
203
204################################################################################
205# Setup
206
207setup_common_ns()
208{
209	local ns=$1; shift
210	local local_addr=$1; shift
211
212	ip netns exec $ns sysctl -qw net.ipv4.ip_forward=1
213	ip netns exec $ns sysctl -qw net.ipv4.fib_multipath_use_neigh=1
214	ip netns exec $ns sysctl -qw net.ipv4.conf.default.ignore_routes_with_linkdown=1
215	ip netns exec $ns sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
216	ip netns exec $ns sysctl -qw net.ipv6.conf.all.forwarding=1
217	ip netns exec $ns sysctl -qw net.ipv6.conf.default.forwarding=1
218	ip netns exec $ns sysctl -qw net.ipv6.conf.default.ignore_routes_with_linkdown=1
219	ip netns exec $ns sysctl -qw net.ipv6.conf.all.accept_dad=0
220	ip netns exec $ns sysctl -qw net.ipv6.conf.default.accept_dad=0
221
222	ip -n $ns link set dev lo up
223	ip -n $ns address add $local_addr dev lo
224
225	ip -n $ns link set dev veth0 up
226
227	ip -n $ns link add name br0 up type bridge vlan_filtering 1 \
228		vlan_default_pvid 0 mcast_snooping 0
229
230	ip -n $ns link add link br0 name br0.10 up type vlan id 10
231	bridge -n $ns vlan add vid 10 dev br0 self
232
233	ip -n $ns link add link br0 name br0.20 up type vlan id 20
234	bridge -n $ns vlan add vid 20 dev br0 self
235
236	ip -n $ns link add link br0 name br0.4000 up type vlan id 4000
237	bridge -n $ns vlan add vid 4000 dev br0 self
238
239	ip -n $ns link add name vx0 up master br0 type vxlan \
240		local $local_addr dstport 4789 external vnifilter
241	bridge -n $ns link set dev vx0 vlan_tunnel on
242
243	bridge -n $ns vlan add vid 10 dev vx0
244	bridge -n $ns vlan add vid 10 dev vx0 tunnel_info id 10010
245	bridge -n $ns vni add vni 10010 dev vx0
246
247	bridge -n $ns vlan add vid 20 dev vx0
248	bridge -n $ns vlan add vid 20 dev vx0 tunnel_info id 10020
249	bridge -n $ns vni add vni 10020 dev vx0
250
251	bridge -n $ns vlan add vid 4000 dev vx0 pvid
252	bridge -n $ns vlan add vid 4000 dev vx0 tunnel_info id 14000
253	bridge -n $ns vni add vni 14000 dev vx0
254}
255
256setup_common()
257{
258	local ns1=$1; shift
259	local ns2=$1; shift
260	local local_addr1=$1; shift
261	local local_addr2=$1; shift
262
263	ip netns add $ns1
264	ip netns add $ns2
265
266	ip link add name veth0 type veth peer name veth1
267	ip link set dev veth0 netns $ns1 name veth0
268	ip link set dev veth1 netns $ns2 name veth0
269
270	setup_common_ns $ns1 $local_addr1
271	setup_common_ns $ns2 $local_addr2
272}
273
274setup_v4()
275{
276	setup_common ns1_v4 ns2_v4 192.0.2.1 192.0.2.2
277
278	ip -n ns1_v4 address add 192.0.2.17/28 dev veth0
279	ip -n ns2_v4 address add 192.0.2.18/28 dev veth0
280
281	ip -n ns1_v4 route add default via 192.0.2.18
282	ip -n ns2_v4 route add default via 192.0.2.17
283}
284
285cleanup_v4()
286{
287	ip netns del ns2_v4
288	ip netns del ns1_v4
289}
290
291setup_v6()
292{
293	setup_common ns1_v6 ns2_v6 2001:db8:1::1 2001:db8:1::2
294
295	ip -n ns1_v6 address add 2001:db8:2::1/64 dev veth0 nodad
296	ip -n ns2_v6 address add 2001:db8:2::2/64 dev veth0 nodad
297
298	ip -n ns1_v6 route add default via 2001:db8:2::2
299	ip -n ns2_v6 route add default via 2001:db8:2::1
300}
301
302cleanup_v6()
303{
304	ip netns del ns2_v6
305	ip netns del ns1_v6
306}
307
308setup()
309{
310	set -e
311
312	setup_v4
313	setup_v6
314
315	sleep 5
316
317	set +e
318}
319
320cleanup()
321{
322	cleanup_v6 &> /dev/null
323	cleanup_v4 &> /dev/null
324}
325
326################################################################################
327# Tests - Control path
328
329basic_common()
330{
331	local ns1=$1; shift
332	local grp_key=$1; shift
333	local vtep_ip=$1; shift
334
335	# Test basic control path operations common to all MDB entry types.
336
337	# Basic add, replace and delete behavior.
338	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
339	log_test $? 0 "MDB entry addition"
340	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010"
341	log_test $? 0 "MDB entry presence after addition"
342
343	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
344	log_test $? 0 "MDB entry replacement"
345	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010"
346	log_test $? 0 "MDB entry presence after replacement"
347
348	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
349	log_test $? 0 "MDB entry deletion"
350	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010"
351	log_test $? 254 "MDB entry presence after deletion"
352
353	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
354	log_test $? 255 "Non-existent MDB entry deletion"
355
356	# Default protocol and replacement.
357	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
358	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"proto static\""
359	log_test $? 0 "MDB entry default protocol"
360
361	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent proto 123 dst $vtep_ip src_vni 10010"
362	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"proto 123\""
363	log_test $? 0 "MDB entry protocol replacement"
364
365	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
366
367	# Default destination port and replacement.
368	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
369	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \" dst_port \""
370	log_test $? 1 "MDB entry default destination port"
371
372	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip dst_port 1234 src_vni 10010"
373	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"dst_port 1234\""
374	log_test $? 0 "MDB entry destination port replacement"
375
376	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
377
378	# Default destination VNI and replacement.
379	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
380	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \" vni \""
381	log_test $? 1 "MDB entry default destination VNI"
382
383	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni 1234 src_vni 10010"
384	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"vni 1234\""
385	log_test $? 0 "MDB entry destination VNI replacement"
386
387	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
388
389	# Default outgoing interface and replacement.
390	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
391	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \" via \""
392	log_test $? 1 "MDB entry default outgoing interface"
393
394	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010 via veth0"
395	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"via veth0\""
396	log_test $? 0 "MDB entry outgoing interface replacement"
397
398	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
399
400	# Common error cases.
401	run_cmd "bridge -n $ns1 mdb add dev vx0 port veth0 $grp_key permanent dst $vtep_ip src_vni 10010"
402	log_test $? 255 "MDB entry with mismatch between device and port"
403
404	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key temp dst $vtep_ip src_vni 10010"
405	log_test $? 255 "MDB entry with temp state"
406
407	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent vid 10 dst $vtep_ip src_vni 10010"
408	log_test $? 255 "MDB entry with VLAN"
409
410	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp 01:02:03:04:05:06 permanent dst $vtep_ip src_vni 10010"
411	log_test $? 255 "MDB entry MAC address"
412
413	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent"
414	log_test $? 255 "MDB entry without extended parameters"
415
416	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent proto 3 dst $vtep_ip src_vni 10010"
417	log_test $? 255 "MDB entry with an invalid protocol"
418
419	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni $((2 ** 24)) src_vni 10010"
420	log_test $? 255 "MDB entry with an invalid destination VNI"
421
422	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni $((2 ** 24))"
423	log_test $? 255 "MDB entry with an invalid source VNI"
424
425	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent src_vni 10010"
426	log_test $? 255 "MDB entry without a remote destination IP"
427
428	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
429	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
430	log_test $? 255 "Duplicate MDB entries"
431	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
432}
433
434basic_star_g_ipv4_ipv4()
435{
436	local ns1=ns1_v4
437	local grp_key="grp 239.1.1.1"
438	local vtep_ip=198.51.100.100
439
440	echo
441	echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv4 underlay"
442	echo "--------------------------------------------------------------------"
443
444	basic_common $ns1 "$grp_key" $vtep_ip
445}
446
447basic_star_g_ipv6_ipv4()
448{
449	local ns1=ns1_v4
450	local grp_key="grp ff0e::1"
451	local vtep_ip=198.51.100.100
452
453	echo
454	echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv4 underlay"
455	echo "--------------------------------------------------------------------"
456
457	basic_common $ns1 "$grp_key" $vtep_ip
458}
459
460basic_star_g_ipv4_ipv6()
461{
462	local ns1=ns1_v6
463	local grp_key="grp 239.1.1.1"
464	local vtep_ip=2001:db8:1000::1
465
466	echo
467	echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv6 underlay"
468	echo "--------------------------------------------------------------------"
469
470	basic_common $ns1 "$grp_key" $vtep_ip
471}
472
473basic_star_g_ipv6_ipv6()
474{
475	local ns1=ns1_v6
476	local grp_key="grp ff0e::1"
477	local vtep_ip=2001:db8:1000::1
478
479	echo
480	echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv6 underlay"
481	echo "--------------------------------------------------------------------"
482
483	basic_common $ns1 "$grp_key" $vtep_ip
484}
485
486basic_sg_ipv4_ipv4()
487{
488	local ns1=ns1_v4
489	local grp_key="grp 239.1.1.1 src 192.0.2.129"
490	local vtep_ip=198.51.100.100
491
492	echo
493	echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv4 underlay"
494	echo "--------------------------------------------------------------------"
495
496	basic_common $ns1 "$grp_key" $vtep_ip
497}
498
499basic_sg_ipv6_ipv4()
500{
501	local ns1=ns1_v4
502	local grp_key="grp ff0e::1 src 2001:db8:100::1"
503	local vtep_ip=198.51.100.100
504
505	echo
506	echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv4 underlay"
507	echo "---------------------------------------------------------------------"
508
509	basic_common $ns1 "$grp_key" $vtep_ip
510}
511
512basic_sg_ipv4_ipv6()
513{
514	local ns1=ns1_v6
515	local grp_key="grp 239.1.1.1 src 192.0.2.129"
516	local vtep_ip=2001:db8:1000::1
517
518	echo
519	echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv6 underlay"
520	echo "--------------------------------------------------------------------"
521
522	basic_common $ns1 "$grp_key" $vtep_ip
523}
524
525basic_sg_ipv6_ipv6()
526{
527	local ns1=ns1_v6
528	local grp_key="grp ff0e::1 src 2001:db8:100::1"
529	local vtep_ip=2001:db8:1000::1
530
531	echo
532	echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv6 underlay"
533	echo "--------------------------------------------------------------------"
534
535	basic_common $ns1 "$grp_key" $vtep_ip
536}
537
538star_g_common()
539{
540	local ns1=$1; shift
541	local grp=$1; shift
542	local src1=$1; shift
543	local src2=$1; shift
544	local src3=$1; shift
545	local vtep_ip=$1; shift
546	local all_zeros_grp=$1; shift
547
548	# Test control path operations specific to (*, G) entries.
549
550	# Basic add, replace and delete behavior.
551	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
552	log_test $? 0 "(*, G) MDB entry addition with source list"
553	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010"
554	log_test $? 0 "(*, G) MDB entry presence after addition"
555	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
556	log_test $? 0 "(S, G) MDB entry presence after addition"
557
558	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
559	log_test $? 0 "(*, G) MDB entry replacement with source list"
560	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010"
561	log_test $? 0 "(*, G) MDB entry presence after replacement"
562	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
563	log_test $? 0 "(S, G) MDB entry presence after replacement"
564
565	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"
566	log_test $? 0 "(*, G) MDB entry deletion"
567	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010"
568	log_test $? 254 "(*, G) MDB entry presence after deletion"
569	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
570	log_test $? 254 "(S, G) MDB entry presence after deletion"
571
572	# Default filter mode and replacement.
573	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010"
574	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep exclude"
575	log_test $? 0 "(*, G) MDB entry default filter mode"
576
577	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $src1 dst $vtep_ip src_vni 10010"
578	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep include"
579	log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"include\""
580	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
581	log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"include\""
582	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep blocked"
583	log_test $? 1 "\"blocked\" flag after replacing filter mode to \"include\""
584
585	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
586	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep exclude"
587	log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"exclude\""
588	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grep grp $grp src $src1 src_vni 10010"
589	log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"exclude\""
590	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep blocked"
591	log_test $? 0 "\"blocked\" flag after replacing filter mode to \"exclude\""
592
593	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"
594
595	# Default source list and replacement.
596	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010"
597	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep source_list"
598	log_test $? 1 "(*, G) MDB entry default source list"
599
600	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src2,$src3 dst $vtep_ip src_vni 10010"
601	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
602	log_test $? 0 "(S, G) MDB entry of 1st source after replacing source list"
603	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src2 src_vni 10010"
604	log_test $? 0 "(S, G) MDB entry of 2nd source after replacing source list"
605	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src3 src_vni 10010"
606	log_test $? 0 "(S, G) MDB entry of 3rd source after replacing source list"
607
608	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src3 dst $vtep_ip src_vni 10010"
609	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
610	log_test $? 0 "(S, G) MDB entry of 1st source after removing source"
611	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src2 src_vni 10010"
612	log_test $? 254 "(S, G) MDB entry of 2nd source after removing source"
613	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src3 src_vni 10010"
614	log_test $? 0 "(S, G) MDB entry of 3rd source after removing source"
615
616	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"
617
618	# Default protocol and replacement.
619	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
620	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \"proto static\""
621	log_test $? 0 "(*, G) MDB entry default protocol"
622	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \"proto static\""
623	log_test $? 0 "(S, G) MDB entry default protocol"
624
625	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 proto bgp dst $vtep_ip src_vni 10010"
626	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \"proto bgp\""
627	log_test $? 0 "(*, G) MDB entry protocol after replacement"
628	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \"proto bgp\""
629	log_test $? 0 "(S, G) MDB entry protocol after replacement"
630
631	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"
632
633	# Default destination port and replacement.
634	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
635	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" dst_port \""
636	log_test $? 1 "(*, G) MDB entry default destination port"
637	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" dst_port \""
638	log_test $? 1 "(S, G) MDB entry default destination port"
639
640	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip dst_port 1234 src_vni 10010"
641	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" dst_port 1234 \""
642	log_test $? 0 "(*, G) MDB entry destination port after replacement"
643	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" dst_port 1234 \""
644	log_test $? 0 "(S, G) MDB entry destination port after replacement"
645
646	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"
647
648	# Default destination VNI and replacement.
649	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
650	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" vni \""
651	log_test $? 1 "(*, G) MDB entry default destination VNI"
652	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" vni \""
653	log_test $? 1 "(S, G) MDB entry default destination VNI"
654
655	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip vni 1234 src_vni 10010"
656	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" vni 1234 \""
657	log_test $? 0 "(*, G) MDB entry destination VNI after replacement"
658	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" vni 1234 \""
659	log_test $? 0 "(S, G) MDB entry destination VNI after replacement"
660
661	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"
662
663	# Default outgoing interface and replacement.
664	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
665	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" via \""
666	log_test $? 1 "(*, G) MDB entry default outgoing interface"
667	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" via \""
668	log_test $? 1 "(S, G) MDB entry default outgoing interface"
669
670	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010 via veth0"
671	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" via veth0 \""
672	log_test $? 0 "(*, G) MDB entry outgoing interface after replacement"
673	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" via veth0 \""
674	log_test $? 0 "(S, G) MDB entry outgoing interface after replacement"
675
676	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"
677
678	# Error cases.
679	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent filter_mode exclude dst $vtep_ip src_vni 10010"
680	log_test $? 255 "All-zeros group with filter mode"
681
682	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent source_list $src1 dst $vtep_ip src_vni 10010"
683	log_test $? 255 "All-zeros group with source list"
684
685	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode include dst $vtep_ip src_vni 10010"
686	log_test $? 255 "(*, G) INCLUDE with an empty source list"
687
688	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $grp dst $vtep_ip src_vni 10010"
689	log_test $? 255 "Invalid source in source list"
690
691	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent source_list $src1 dst $vtep_ip src_vni 10010"
692	log_test $? 255 "Source list without filter mode"
693}
694
695star_g_ipv4_ipv4()
696{
697	local ns1=ns1_v4
698	local grp=239.1.1.1
699	local src1=192.0.2.129
700	local src2=192.0.2.130
701	local src3=192.0.2.131
702	local vtep_ip=198.51.100.100
703	local all_zeros_grp=0.0.0.0
704
705	echo
706	echo "Control path: (*, G) operations - IPv4 overlay / IPv4 underlay"
707	echo "--------------------------------------------------------------"
708
709	star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp
710}
711
712star_g_ipv6_ipv4()
713{
714	local ns1=ns1_v4
715	local grp=ff0e::1
716	local src1=2001:db8:100::1
717	local src2=2001:db8:100::2
718	local src3=2001:db8:100::3
719	local vtep_ip=198.51.100.100
720	local all_zeros_grp=::
721
722	echo
723	echo "Control path: (*, G) operations - IPv6 overlay / IPv4 underlay"
724	echo "--------------------------------------------------------------"
725
726	star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp
727}
728
729star_g_ipv4_ipv6()
730{
731	local ns1=ns1_v6
732	local grp=239.1.1.1
733	local src1=192.0.2.129
734	local src2=192.0.2.130
735	local src3=192.0.2.131
736	local vtep_ip=2001:db8:1000::1
737	local all_zeros_grp=0.0.0.0
738
739	echo
740	echo "Control path: (*, G) operations - IPv4 overlay / IPv6 underlay"
741	echo "--------------------------------------------------------------"
742
743	star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp
744}
745
746star_g_ipv6_ipv6()
747{
748	local ns1=ns1_v6
749	local grp=ff0e::1
750	local src1=2001:db8:100::1
751	local src2=2001:db8:100::2
752	local src3=2001:db8:100::3
753	local vtep_ip=2001:db8:1000::1
754	local all_zeros_grp=::
755
756	echo
757	echo "Control path: (*, G) operations - IPv6 overlay / IPv6 underlay"
758	echo "--------------------------------------------------------------"
759
760	star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp
761}
762
763sg_common()
764{
765	local ns1=$1; shift
766	local grp=$1; shift
767	local src=$1; shift
768	local vtep_ip=$1; shift
769	local all_zeros_grp=$1; shift
770
771	# Test control path operations specific to (S, G) entries.
772
773	# Default filter mode.
774	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010"
775	run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src src_vni 10010 | grep include"
776	log_test $? 0 "(S, G) MDB entry default filter mode"
777
778	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010"
779
780	# Error cases.
781	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent filter_mode include dst $vtep_ip src_vni 10010"
782	log_test $? 255 "(S, G) with filter mode"
783
784	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent source_list $src dst $vtep_ip src_vni 10010"
785	log_test $? 255 "(S, G) with source list"
786
787	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $grp permanent dst $vtep_ip src_vni 10010"
788	log_test $? 255 "(S, G) with an invalid source list"
789
790	run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp src $src permanent dst $vtep_ip src_vni 10010"
791	log_test $? 255 "All-zeros group with source"
792}
793
794sg_ipv4_ipv4()
795{
796	local ns1=ns1_v4
797	local grp=239.1.1.1
798	local src=192.0.2.129
799	local vtep_ip=198.51.100.100
800	local all_zeros_grp=0.0.0.0
801
802	echo
803	echo "Control path: (S, G) operations - IPv4 overlay / IPv4 underlay"
804	echo "--------------------------------------------------------------"
805
806	sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp
807}
808
809sg_ipv6_ipv4()
810{
811	local ns1=ns1_v4
812	local grp=ff0e::1
813	local src=2001:db8:100::1
814	local vtep_ip=198.51.100.100
815	local all_zeros_grp=::
816
817	echo
818	echo "Control path: (S, G) operations - IPv6 overlay / IPv4 underlay"
819	echo "--------------------------------------------------------------"
820
821	sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp
822}
823
824sg_ipv4_ipv6()
825{
826	local ns1=ns1_v6
827	local grp=239.1.1.1
828	local src=192.0.2.129
829	local vtep_ip=2001:db8:1000::1
830	local all_zeros_grp=0.0.0.0
831
832	echo
833	echo "Control path: (S, G) operations - IPv4 overlay / IPv6 underlay"
834	echo "--------------------------------------------------------------"
835
836	sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp
837}
838
839sg_ipv6_ipv6()
840{
841	local ns1=ns1_v6
842	local grp=ff0e::1
843	local src=2001:db8:100::1
844	local vtep_ip=2001:db8:1000::1
845	local all_zeros_grp=::
846
847	echo
848	echo "Control path: (S, G) operations - IPv6 overlay / IPv6 underlay"
849	echo "--------------------------------------------------------------"
850
851	sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp
852}
853
854ipv4_grps_get()
855{
856	local max_grps=$1; shift
857	local i
858
859	for i in $(seq 0 $((max_grps - 1))); do
860		echo "239.1.1.$i"
861	done
862}
863
864ipv6_grps_get()
865{
866	local max_grps=$1; shift
867	local i
868
869	for i in $(seq 0 $((max_grps - 1))); do
870		echo "ff0e::$(printf %x $i)"
871	done
872}
873
874dump_common()
875{
876	local ns1=$1; shift
877	local local_addr=$1; shift
878	local remote_prefix=$1; shift
879	local fn=$1; shift
880	local max_vxlan_devs=2
881	local max_remotes=64
882	local max_grps=256
883	local num_entries
884	local batch_file
885	local grp
886	local i j
887
888	# The kernel maintains various markers for the MDB dump. Add a test for
889	# large scale MDB dump to make sure that all the configured entries are
890	# dumped and that the markers are used correctly.
891
892	# Create net devices.
893	for i in $(seq 1 $max_vxlan_devs); do
894		ip -n $ns1 link add name vx-test${i} up type vxlan \
895			local $local_addr dstport 4789 external vnifilter
896	done
897
898	# Create batch file with MDB entries.
899	batch_file=$(mktemp)
900	for i in $(seq 1 $max_vxlan_devs); do
901		for j in $(seq 1 $max_remotes); do
902			for grp in $($fn $max_grps); do
903				echo "mdb add dev vx-test${i} port vx-test${i} grp $grp permanent dst ${remote_prefix}${j}" >> $batch_file
904			done
905		done
906	done
907
908	# Program the batch file and check for expected number of entries.
909	bridge -n $ns1 -b $batch_file
910	for i in $(seq 1 $max_vxlan_devs); do
911		num_entries=$(bridge -n $ns1 mdb show dev vx-test${i} | grep "permanent" | wc -l)
912		[[ $num_entries -eq $((max_grps * max_remotes)) ]]
913		log_test $? 0 "Large scale dump - VXLAN device #$i"
914	done
915
916	rm -rf $batch_file
917}
918
919dump_ipv4_ipv4()
920{
921	local ns1=ns1_v4
922	local local_addr=192.0.2.1
923	local remote_prefix=198.51.100.
924	local fn=ipv4_grps_get
925
926	echo
927	echo "Control path: Large scale MDB dump - IPv4 overlay / IPv4 underlay"
928	echo "-----------------------------------------------------------------"
929
930	dump_common $ns1 $local_addr $remote_prefix $fn
931}
932
933dump_ipv6_ipv4()
934{
935	local ns1=ns1_v4
936	local local_addr=192.0.2.1
937	local remote_prefix=198.51.100.
938	local fn=ipv6_grps_get
939
940	echo
941	echo "Control path: Large scale MDB dump - IPv6 overlay / IPv4 underlay"
942	echo "-----------------------------------------------------------------"
943
944	dump_common $ns1 $local_addr $remote_prefix $fn
945}
946
947dump_ipv4_ipv6()
948{
949	local ns1=ns1_v6
950	local local_addr=2001:db8:1::1
951	local remote_prefix=2001:db8:1000::
952	local fn=ipv4_grps_get
953
954	echo
955	echo "Control path: Large scale MDB dump - IPv4 overlay / IPv6 underlay"
956	echo "-----------------------------------------------------------------"
957
958	dump_common $ns1 $local_addr $remote_prefix $fn
959}
960
961dump_ipv6_ipv6()
962{
963	local ns1=ns1_v6
964	local local_addr=2001:db8:1::1
965	local remote_prefix=2001:db8:1000::
966	local fn=ipv6_grps_get
967
968	echo
969	echo "Control path: Large scale MDB dump - IPv6 overlay / IPv6 underlay"
970	echo "-----------------------------------------------------------------"
971
972	dump_common $ns1 $local_addr $remote_prefix $fn
973}
974
975################################################################################
976# Tests - Data path
977
978encap_params_common()
979{
980	local ns1=$1; shift
981	local ns2=$1; shift
982	local vtep1_ip=$1; shift
983	local vtep2_ip=$1; shift
984	local plen=$1; shift
985	local enc_ethtype=$1; shift
986	local grp=$1; shift
987	local src=$1; shift
988	local mz=$1; shift
989
990	# Test that packets forwarded by the VXLAN MDB are encapsulated with
991	# the correct parameters. Transmit packets from the first namespace and
992	# check that they hit the corresponding filters on the ingress of the
993	# second namespace.
994
995	run_cmd "tc -n $ns2 qdisc replace dev veth0 clsact"
996	run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
997	run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo"
998	run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo"
999
1000	# Check destination IP.
1001	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010"
1002	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep2_ip src_vni 10020"
1003
1004	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass"
1005	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1006	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1007	log_test $? 0 "Destination IP - match"
1008
1009	run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1010	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1011	log_test $? 0 "Destination IP - no match"
1012
1013	run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower"
1014	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10020"
1015	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010"
1016
1017	# Check destination port.
1018	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010"
1019	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip dst_port 1111 src_vni 10020"
1020
1021	run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 4789 action pass"
1022	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1023	tc_check_packets "$ns2" "dev veth0 ingress" 101 1
1024	log_test $? 0 "Default destination port - match"
1025
1026	run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1027	tc_check_packets "$ns2" "dev veth0 ingress" 101 1
1028	log_test $? 0 "Default destination port - no match"
1029
1030	run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 1111 action pass"
1031	run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1032	tc_check_packets "$ns2" "dev veth0 ingress" 101 1
1033	log_test $? 0 "Non-default destination port - match"
1034
1035	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1036	tc_check_packets "$ns2" "dev veth0 ingress" 101 1
1037	log_test $? 0 "Non-default destination port - no match"
1038
1039	run_cmd "tc -n $ns2 filter del dev veth0 ingress pref 1 handle 101 flower"
1040	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020"
1041	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010"
1042
1043	# Check default VNI.
1044	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010"
1045	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10020"
1046
1047	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10010 action pass"
1048	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1049	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1050	log_test $? 0 "Default destination VNI - match"
1051
1052	run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1053	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1054	log_test $? 0 "Default destination VNI - no match"
1055
1056	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10020 src_vni 10010"
1057	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10010 src_vni 10020"
1058
1059	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10020 action pass"
1060	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1061	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1062	log_test $? 0 "Non-default destination VNI - match"
1063
1064	run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1065	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1066	log_test $? 0 "Non-default destination VNI - no match"
1067
1068	run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower"
1069	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020"
1070	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010"
1071}
1072
1073encap_params_ipv4_ipv4()
1074{
1075	local ns1=ns1_v4
1076	local ns2=ns2_v4
1077	local vtep1_ip=198.51.100.100
1078	local vtep2_ip=198.51.100.200
1079	local plen=32
1080	local enc_ethtype="ip"
1081	local grp=239.1.1.1
1082	local src=192.0.2.129
1083
1084	echo
1085	echo "Data path: Encapsulation parameters - IPv4 overlay / IPv4 underlay"
1086	echo "------------------------------------------------------------------"
1087
1088	encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \
1089		$grp $src "mausezahn"
1090}
1091
1092encap_params_ipv6_ipv4()
1093{
1094	local ns1=ns1_v4
1095	local ns2=ns2_v4
1096	local vtep1_ip=198.51.100.100
1097	local vtep2_ip=198.51.100.200
1098	local plen=32
1099	local enc_ethtype="ip"
1100	local grp=ff0e::1
1101	local src=2001:db8:100::1
1102
1103	echo
1104	echo "Data path: Encapsulation parameters - IPv6 overlay / IPv4 underlay"
1105	echo "------------------------------------------------------------------"
1106
1107	encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \
1108		$grp $src "mausezahn -6"
1109}
1110
1111encap_params_ipv4_ipv6()
1112{
1113	local ns1=ns1_v6
1114	local ns2=ns2_v6
1115	local vtep1_ip=2001:db8:1000::1
1116	local vtep2_ip=2001:db8:2000::1
1117	local plen=128
1118	local enc_ethtype="ipv6"
1119	local grp=239.1.1.1
1120	local src=192.0.2.129
1121
1122	echo
1123	echo "Data path: Encapsulation parameters - IPv4 overlay / IPv6 underlay"
1124	echo "------------------------------------------------------------------"
1125
1126	encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \
1127		$grp $src "mausezahn"
1128}
1129
1130encap_params_ipv6_ipv6()
1131{
1132	local ns1=ns1_v6
1133	local ns2=ns2_v6
1134	local vtep1_ip=2001:db8:1000::1
1135	local vtep2_ip=2001:db8:2000::1
1136	local plen=128
1137	local enc_ethtype="ipv6"
1138	local grp=ff0e::1
1139	local src=2001:db8:100::1
1140
1141	echo
1142	echo "Data path: Encapsulation parameters - IPv6 overlay / IPv6 underlay"
1143	echo "------------------------------------------------------------------"
1144
1145	encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \
1146		$grp $src "mausezahn -6"
1147}
1148
1149starg_exclude_ir_common()
1150{
1151	local ns1=$1; shift
1152	local ns2=$1; shift
1153	local vtep1_ip=$1; shift
1154	local vtep2_ip=$1; shift
1155	local plen=$1; shift
1156	local grp=$1; shift
1157	local valid_src=$1; shift
1158	local invalid_src=$1; shift
1159	local mz=$1; shift
1160
1161	# Install a (*, G) EXCLUDE MDB entry with one source and two remote
1162	# VTEPs. Make sure that the source in the source list is not forwarded
1163	# and that a source not in the list is forwarded. Remove one of the
1164	# VTEPs from the entry and make sure that packets are only forwarded to
1165	# the remaining VTEP.
1166
1167	run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
1168	run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo"
1169	run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo"
1170
1171	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass"
1172	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass"
1173
1174	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep1_ip src_vni 10010"
1175	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep2_ip src_vni 10010"
1176
1177	# Check that invalid source is not forwarded to any VTEP.
1178	run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1179	tc_check_packets "$ns2" "dev vx0 ingress" 101 0
1180	log_test $? 0 "Block excluded source - first VTEP"
1181	tc_check_packets "$ns2" "dev vx0 ingress" 102 0
1182	log_test $? 0 "Block excluded source - second VTEP"
1183
1184	# Check that valid source is forwarded to both VTEPs.
1185	run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1186	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1187	log_test $? 0 "Forward valid source - first VTEP"
1188	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1189	log_test $? 0 "Forward valid source - second VTEP"
1190
1191	# Remove second VTEP.
1192	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010"
1193
1194	# Check that invalid source is not forwarded to any VTEP.
1195	run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1196	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1197	log_test $? 0 "Block excluded source after removal - first VTEP"
1198	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1199	log_test $? 0 "Block excluded source after removal - second VTEP"
1200
1201	# Check that valid source is forwarded to the remaining VTEP.
1202	run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1203	tc_check_packets "$ns2" "dev vx0 ingress" 101 2
1204	log_test $? 0 "Forward valid source after removal - first VTEP"
1205	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1206	log_test $? 0 "Forward valid source after removal - second VTEP"
1207}
1208
1209starg_exclude_ir_ipv4_ipv4()
1210{
1211	local ns1=ns1_v4
1212	local ns2=ns2_v4
1213	local vtep1_ip=198.51.100.100
1214	local vtep2_ip=198.51.100.200
1215	local plen=32
1216	local grp=239.1.1.1
1217	local valid_src=192.0.2.129
1218	local invalid_src=192.0.2.145
1219
1220	echo
1221	echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv4 underlay"
1222	echo "-------------------------------------------------------------"
1223
1224	starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
1225		$valid_src $invalid_src "mausezahn"
1226}
1227
1228starg_exclude_ir_ipv6_ipv4()
1229{
1230	local ns1=ns1_v4
1231	local ns2=ns2_v4
1232	local vtep1_ip=198.51.100.100
1233	local vtep2_ip=198.51.100.200
1234	local plen=32
1235	local grp=ff0e::1
1236	local valid_src=2001:db8:100::1
1237	local invalid_src=2001:db8:200::1
1238
1239	echo
1240	echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv4 underlay"
1241	echo "-------------------------------------------------------------"
1242
1243	starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
1244		$valid_src $invalid_src "mausezahn -6"
1245}
1246
1247starg_exclude_ir_ipv4_ipv6()
1248{
1249	local ns1=ns1_v6
1250	local ns2=ns2_v6
1251	local vtep1_ip=2001:db8:1000::1
1252	local vtep2_ip=2001:db8:2000::1
1253	local plen=128
1254	local grp=239.1.1.1
1255	local valid_src=192.0.2.129
1256	local invalid_src=192.0.2.145
1257
1258	echo
1259	echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv6 underlay"
1260	echo "-------------------------------------------------------------"
1261
1262	starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
1263		$valid_src $invalid_src "mausezahn"
1264}
1265
1266starg_exclude_ir_ipv6_ipv6()
1267{
1268	local ns1=ns1_v6
1269	local ns2=ns2_v6
1270	local vtep1_ip=2001:db8:1000::1
1271	local vtep2_ip=2001:db8:2000::1
1272	local plen=128
1273	local grp=ff0e::1
1274	local valid_src=2001:db8:100::1
1275	local invalid_src=2001:db8:200::1
1276
1277	echo
1278	echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv6 underlay"
1279	echo "-------------------------------------------------------------"
1280
1281	starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
1282		$valid_src $invalid_src "mausezahn -6"
1283}
1284
1285starg_include_ir_common()
1286{
1287	local ns1=$1; shift
1288	local ns2=$1; shift
1289	local vtep1_ip=$1; shift
1290	local vtep2_ip=$1; shift
1291	local plen=$1; shift
1292	local grp=$1; shift
1293	local valid_src=$1; shift
1294	local invalid_src=$1; shift
1295	local mz=$1; shift
1296
1297	# Install a (*, G) INCLUDE MDB entry with one source and two remote
1298	# VTEPs. Make sure that the source in the source list is forwarded and
1299	# that a source not in the list is not forwarded. Remove one of the
1300	# VTEPs from the entry and make sure that packets are only forwarded to
1301	# the remaining VTEP.
1302
1303	run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
1304	run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo"
1305	run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo"
1306
1307	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass"
1308	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass"
1309
1310	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep1_ip src_vni 10010"
1311	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep2_ip src_vni 10010"
1312
1313	# Check that invalid source is not forwarded to any VTEP.
1314	run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1315	tc_check_packets "$ns2" "dev vx0 ingress" 101 0
1316	log_test $? 0 "Block excluded source - first VTEP"
1317	tc_check_packets "$ns2" "dev vx0 ingress" 102 0
1318	log_test $? 0 "Block excluded source - second VTEP"
1319
1320	# Check that valid source is forwarded to both VTEPs.
1321	run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1322	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1323	log_test $? 0 "Forward valid source - first VTEP"
1324	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1325	log_test $? 0 "Forward valid source - second VTEP"
1326
1327	# Remove second VTEP.
1328	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010"
1329
1330	# Check that invalid source is not forwarded to any VTEP.
1331	run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1332	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1333	log_test $? 0 "Block excluded source after removal - first VTEP"
1334	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1335	log_test $? 0 "Block excluded source after removal - second VTEP"
1336
1337	# Check that valid source is forwarded to the remaining VTEP.
1338	run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1339	tc_check_packets "$ns2" "dev vx0 ingress" 101 2
1340	log_test $? 0 "Forward valid source after removal - first VTEP"
1341	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1342	log_test $? 0 "Forward valid source after removal - second VTEP"
1343}
1344
1345starg_include_ir_ipv4_ipv4()
1346{
1347	local ns1=ns1_v4
1348	local ns2=ns2_v4
1349	local vtep1_ip=198.51.100.100
1350	local vtep2_ip=198.51.100.200
1351	local plen=32
1352	local grp=239.1.1.1
1353	local valid_src=192.0.2.129
1354	local invalid_src=192.0.2.145
1355
1356	echo
1357	echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv4 underlay"
1358	echo "-------------------------------------------------------------"
1359
1360	starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
1361		$valid_src $invalid_src "mausezahn"
1362}
1363
1364starg_include_ir_ipv6_ipv4()
1365{
1366	local ns1=ns1_v4
1367	local ns2=ns2_v4
1368	local vtep1_ip=198.51.100.100
1369	local vtep2_ip=198.51.100.200
1370	local plen=32
1371	local grp=ff0e::1
1372	local valid_src=2001:db8:100::1
1373	local invalid_src=2001:db8:200::1
1374
1375	echo
1376	echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv4 underlay"
1377	echo "-------------------------------------------------------------"
1378
1379	starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
1380		$valid_src $invalid_src "mausezahn -6"
1381}
1382
1383starg_include_ir_ipv4_ipv6()
1384{
1385	local ns1=ns1_v6
1386	local ns2=ns2_v6
1387	local vtep1_ip=2001:db8:1000::1
1388	local vtep2_ip=2001:db8:2000::1
1389	local plen=128
1390	local grp=239.1.1.1
1391	local valid_src=192.0.2.129
1392	local invalid_src=192.0.2.145
1393
1394	echo
1395	echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv6 underlay"
1396	echo "-------------------------------------------------------------"
1397
1398	starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
1399		$valid_src $invalid_src "mausezahn"
1400}
1401
1402starg_include_ir_ipv6_ipv6()
1403{
1404	local ns1=ns1_v6
1405	local ns2=ns2_v6
1406	local vtep1_ip=2001:db8:1000::1
1407	local vtep2_ip=2001:db8:2000::1
1408	local plen=128
1409	local grp=ff0e::1
1410	local valid_src=2001:db8:100::1
1411	local invalid_src=2001:db8:200::1
1412
1413	echo
1414	echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv6 underlay"
1415	echo "-------------------------------------------------------------"
1416
1417	starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
1418		$valid_src $invalid_src "mausezahn -6"
1419}
1420
1421starg_exclude_p2mp_common()
1422{
1423	local ns1=$1; shift
1424	local ns2=$1; shift
1425	local mcast_grp=$1; shift
1426	local plen=$1; shift
1427	local grp=$1; shift
1428	local valid_src=$1; shift
1429	local invalid_src=$1; shift
1430	local mz=$1; shift
1431
1432	# Install a (*, G) EXCLUDE MDB entry with one source and one multicast
1433	# group to which packets are sent. Make sure that the source in the
1434	# source list is not forwarded and that a source not in the list is
1435	# forwarded.
1436
1437	run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
1438	run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin"
1439
1440	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $mcast_grp action pass"
1441
1442	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $mcast_grp src_vni 10010 via veth0"
1443
1444	# Check that invalid source is not forwarded.
1445	run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1446	tc_check_packets "$ns2" "dev vx0 ingress" 101 0
1447	log_test $? 0 "Block excluded source"
1448
1449	# Check that valid source is forwarded.
1450	run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1451	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1452	log_test $? 0 "Forward valid source"
1453
1454	# Remove the VTEP from the multicast group.
1455	run_cmd "ip -n $ns2 address del $mcast_grp/$plen dev veth0"
1456
1457	# Check that valid source is not received anymore.
1458	run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1459	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1460	log_test $? 0 "Receive of valid source after removal from group"
1461}
1462
1463starg_exclude_p2mp_ipv4_ipv4()
1464{
1465	local ns1=ns1_v4
1466	local ns2=ns2_v4
1467	local mcast_grp=238.1.1.1
1468	local plen=32
1469	local grp=239.1.1.1
1470	local valid_src=192.0.2.129
1471	local invalid_src=192.0.2.145
1472
1473	echo
1474	echo "Data path: (*, G) EXCLUDE - P2MP - IPv4 overlay / IPv4 underlay"
1475	echo "---------------------------------------------------------------"
1476
1477	starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \
1478		$valid_src $invalid_src "mausezahn"
1479}
1480
1481starg_exclude_p2mp_ipv6_ipv4()
1482{
1483	local ns1=ns1_v4
1484	local ns2=ns2_v4
1485	local mcast_grp=238.1.1.1
1486	local plen=32
1487	local grp=ff0e::1
1488	local valid_src=2001:db8:100::1
1489	local invalid_src=2001:db8:200::1
1490
1491	echo
1492	echo "Data path: (*, G) EXCLUDE - P2MP - IPv6 overlay / IPv4 underlay"
1493	echo "---------------------------------------------------------------"
1494
1495	starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \
1496		$valid_src $invalid_src "mausezahn -6"
1497}
1498
1499starg_exclude_p2mp_ipv4_ipv6()
1500{
1501	local ns1=ns1_v6
1502	local ns2=ns2_v6
1503	local mcast_grp=ff0e::2
1504	local plen=128
1505	local grp=239.1.1.1
1506	local valid_src=192.0.2.129
1507	local invalid_src=192.0.2.145
1508
1509	echo
1510	echo "Data path: (*, G) EXCLUDE - P2MP - IPv4 overlay / IPv6 underlay"
1511	echo "---------------------------------------------------------------"
1512
1513	starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \
1514		$valid_src $invalid_src "mausezahn"
1515}
1516
1517starg_exclude_p2mp_ipv6_ipv6()
1518{
1519	local ns1=ns1_v6
1520	local ns2=ns2_v6
1521	local mcast_grp=ff0e::2
1522	local plen=128
1523	local grp=ff0e::1
1524	local valid_src=2001:db8:100::1
1525	local invalid_src=2001:db8:200::1
1526
1527	echo
1528	echo "Data path: (*, G) EXCLUDE - P2MP - IPv6 overlay / IPv6 underlay"
1529	echo "---------------------------------------------------------------"
1530
1531	starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \
1532		$valid_src $invalid_src "mausezahn -6"
1533}
1534
1535starg_include_p2mp_common()
1536{
1537	local ns1=$1; shift
1538	local ns2=$1; shift
1539	local mcast_grp=$1; shift
1540	local plen=$1; shift
1541	local grp=$1; shift
1542	local valid_src=$1; shift
1543	local invalid_src=$1; shift
1544	local mz=$1; shift
1545
1546	# Install a (*, G) INCLUDE MDB entry with one source and one multicast
1547	# group to which packets are sent. Make sure that the source in the
1548	# source list is forwarded and that a source not in the list is not
1549	# forwarded.
1550
1551	run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
1552	run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin"
1553
1554	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $mcast_grp action pass"
1555
1556	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $mcast_grp src_vni 10010 via veth0"
1557
1558	# Check that invalid source is not forwarded.
1559	run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1560	tc_check_packets "$ns2" "dev vx0 ingress" 101 0
1561	log_test $? 0 "Block excluded source"
1562
1563	# Check that valid source is forwarded.
1564	run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1565	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1566	log_test $? 0 "Forward valid source"
1567
1568	# Remove the VTEP from the multicast group.
1569	run_cmd "ip -n $ns2 address del $mcast_grp/$plen dev veth0"
1570
1571	# Check that valid source is not received anymore.
1572	run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1573	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1574	log_test $? 0 "Receive of valid source after removal from group"
1575}
1576
1577starg_include_p2mp_ipv4_ipv4()
1578{
1579	local ns1=ns1_v4
1580	local ns2=ns2_v4
1581	local mcast_grp=238.1.1.1
1582	local plen=32
1583	local grp=239.1.1.1
1584	local valid_src=192.0.2.129
1585	local invalid_src=192.0.2.145
1586
1587	echo
1588	echo "Data path: (*, G) INCLUDE - P2MP - IPv4 overlay / IPv4 underlay"
1589	echo "---------------------------------------------------------------"
1590
1591	starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \
1592		$valid_src $invalid_src "mausezahn"
1593}
1594
1595starg_include_p2mp_ipv6_ipv4()
1596{
1597	local ns1=ns1_v4
1598	local ns2=ns2_v4
1599	local mcast_grp=238.1.1.1
1600	local plen=32
1601	local grp=ff0e::1
1602	local valid_src=2001:db8:100::1
1603	local invalid_src=2001:db8:200::1
1604
1605	echo
1606	echo "Data path: (*, G) INCLUDE - P2MP - IPv6 overlay / IPv4 underlay"
1607	echo "---------------------------------------------------------------"
1608
1609	starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \
1610		$valid_src $invalid_src "mausezahn -6"
1611}
1612
1613starg_include_p2mp_ipv4_ipv6()
1614{
1615	local ns1=ns1_v6
1616	local ns2=ns2_v6
1617	local mcast_grp=ff0e::2
1618	local plen=128
1619	local grp=239.1.1.1
1620	local valid_src=192.0.2.129
1621	local invalid_src=192.0.2.145
1622
1623	echo
1624	echo "Data path: (*, G) INCLUDE - P2MP - IPv4 overlay / IPv6 underlay"
1625	echo "---------------------------------------------------------------"
1626
1627	starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \
1628		$valid_src $invalid_src "mausezahn"
1629}
1630
1631starg_include_p2mp_ipv6_ipv6()
1632{
1633	local ns1=ns1_v6
1634	local ns2=ns2_v6
1635	local mcast_grp=ff0e::2
1636	local plen=128
1637	local grp=ff0e::1
1638	local valid_src=2001:db8:100::1
1639	local invalid_src=2001:db8:200::1
1640
1641	echo
1642	echo "Data path: (*, G) INCLUDE - P2MP - IPv6 overlay / IPv6 underlay"
1643	echo "---------------------------------------------------------------"
1644
1645	starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \
1646		$valid_src $invalid_src "mausezahn -6"
1647}
1648
1649egress_vni_translation_common()
1650{
1651	local ns1=$1; shift
1652	local ns2=$1; shift
1653	local mcast_grp=$1; shift
1654	local plen=$1; shift
1655	local proto=$1; shift
1656	local grp=$1; shift
1657	local src=$1; shift
1658	local mz=$1; shift
1659
1660	# When P2MP tunnels are used with optimized inter-subnet multicast
1661	# (OISM) [1], the ingress VTEP does not perform VNI translation and
1662	# uses the VNI of the source broadcast domain (BD). If the egress VTEP
1663	# is a member in the source BD, then no VNI translation is needed.
1664	# Otherwise, the egress VTEP needs to translate the VNI to the
1665	# supplementary broadcast domain (SBD) VNI, which is usually the L3VNI.
1666	#
1667	# In this test, remove the VTEP in the second namespace from VLAN 10
1668	# (VNI 10010) and make sure that a packet sent from this VLAN on the
1669	# first VTEP is received by the SVI corresponding to the L3VNI (14000 /
1670	# VLAN 4000) on the second VTEP.
1671	#
1672	# The second VTEP will be able to decapsulate the packet with VNI 10010
1673	# because this VNI is configured on its shared VXLAN device. Later,
1674	# when ingressing the bridge, the VNI to VLAN lookup will fail because
1675	# the VTEP is not a member in VLAN 10, which will cause the packet to
1676	# be tagged with VLAN 4000 since it is configured as PVID.
1677	#
1678	# [1] https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-mcast
1679
1680	run_cmd "tc -n $ns2 qdisc replace dev br0.4000 clsact"
1681	run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin"
1682	run_cmd "tc -n $ns2 filter replace dev br0.4000 ingress pref 1 handle 101 proto $proto flower src_ip $src dst_ip $grp action pass"
1683
1684	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp src $src permanent dst $mcast_grp src_vni 10010 via veth0"
1685
1686	# Remove the second VTEP from VLAN 10.
1687	run_cmd "bridge -n $ns2 vlan del vid 10 dev vx0"
1688
1689	# Make sure that packets sent from the first VTEP over VLAN 10 are
1690	# received by the SVI corresponding to the L3VNI (14000 / VLAN 4000) on
1691	# the second VTEP, since it is configured as PVID.
1692	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1693	tc_check_packets "$ns2" "dev br0.4000 ingress" 101 1
1694	log_test $? 0 "Egress VNI translation - PVID configured"
1695
1696	# Remove PVID flag from VLAN 4000 on the second VTEP and make sure
1697	# packets are no longer received by the SVI interface.
1698	run_cmd "bridge -n $ns2 vlan add vid 4000 dev vx0"
1699	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1700	tc_check_packets "$ns2" "dev br0.4000 ingress" 101 1
1701	log_test $? 0 "Egress VNI translation - no PVID configured"
1702
1703	# Reconfigure the PVID and make sure packets are received again.
1704	run_cmd "bridge -n $ns2 vlan add vid 4000 dev vx0 pvid"
1705	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1706	tc_check_packets "$ns2" "dev br0.4000 ingress" 101 2
1707	log_test $? 0 "Egress VNI translation - PVID reconfigured"
1708}
1709
1710egress_vni_translation_ipv4_ipv4()
1711{
1712	local ns1=ns1_v4
1713	local ns2=ns2_v4
1714	local mcast_grp=238.1.1.1
1715	local plen=32
1716	local proto="ipv4"
1717	local grp=239.1.1.1
1718	local src=192.0.2.129
1719
1720	echo
1721	echo "Data path: Egress VNI translation - IPv4 overlay / IPv4 underlay"
1722	echo "----------------------------------------------------------------"
1723
1724	egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \
1725		$src "mausezahn"
1726}
1727
1728egress_vni_translation_ipv6_ipv4()
1729{
1730	local ns1=ns1_v4
1731	local ns2=ns2_v4
1732	local mcast_grp=238.1.1.1
1733	local plen=32
1734	local proto="ipv6"
1735	local grp=ff0e::1
1736	local src=2001:db8:100::1
1737
1738	echo
1739	echo "Data path: Egress VNI translation - IPv6 overlay / IPv4 underlay"
1740	echo "----------------------------------------------------------------"
1741
1742	egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \
1743		$src "mausezahn -6"
1744}
1745
1746egress_vni_translation_ipv4_ipv6()
1747{
1748	local ns1=ns1_v6
1749	local ns2=ns2_v6
1750	local mcast_grp=ff0e::2
1751	local plen=128
1752	local proto="ipv4"
1753	local grp=239.1.1.1
1754	local src=192.0.2.129
1755
1756	echo
1757	echo "Data path: Egress VNI translation - IPv4 overlay / IPv6 underlay"
1758	echo "----------------------------------------------------------------"
1759
1760	egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \
1761		$src "mausezahn"
1762}
1763
1764egress_vni_translation_ipv6_ipv6()
1765{
1766	local ns1=ns1_v6
1767	local ns2=ns2_v6
1768	local mcast_grp=ff0e::2
1769	local plen=128
1770	local proto="ipv6"
1771	local grp=ff0e::1
1772	local src=2001:db8:100::1
1773
1774	echo
1775	echo "Data path: Egress VNI translation - IPv6 overlay / IPv6 underlay"
1776	echo "----------------------------------------------------------------"
1777
1778	egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \
1779		$src "mausezahn -6"
1780}
1781
1782all_zeros_mdb_common()
1783{
1784	local ns1=$1; shift
1785	local ns2=$1; shift
1786	local vtep1_ip=$1; shift
1787	local vtep2_ip=$1; shift
1788	local vtep3_ip=$1; shift
1789	local vtep4_ip=$1; shift
1790	local plen=$1; shift
1791	local ipv4_grp=239.1.1.1
1792	local ipv4_unreg_grp=239.2.2.2
1793	local ipv4_ll_grp=224.0.0.100
1794	local ipv4_src=192.0.2.129
1795	local ipv6_grp=ff0e::1
1796	local ipv6_unreg_grp=ff0e::2
1797	local ipv6_ll_grp=ff02::1
1798	local ipv6_src=2001:db8:100::1
1799
1800	# Install all-zeros (catchall) MDB entries for IPv4 and IPv6 traffic
1801	# and make sure they only forward unregistered IP multicast traffic
1802	# which is not link-local. Also make sure that each entry only forwards
1803	# traffic from the matching address family.
1804
1805	# Associate two different VTEPs with one all-zeros MDB entry: Two with
1806	# the IPv4 entry (0.0.0.0) and another two with the IPv6 one (::).
1807	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp 0.0.0.0 permanent dst $vtep1_ip src_vni 10010"
1808	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp 0.0.0.0 permanent dst $vtep2_ip src_vni 10010"
1809	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp :: permanent dst $vtep3_ip src_vni 10010"
1810	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp :: permanent dst $vtep4_ip src_vni 10010"
1811
1812	# Associate one VTEP from each set with a regular MDB entry: One with
1813	# an IPv4 entry and another with an IPv6 one.
1814	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $ipv4_grp permanent dst $vtep1_ip src_vni 10010"
1815	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $ipv6_grp permanent dst $vtep3_ip src_vni 10010"
1816
1817	# Add filters to match on decapsulated traffic in the second namespace.
1818	run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
1819	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass"
1820	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass"
1821	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 103 proto all flower enc_dst_ip $vtep3_ip action pass"
1822	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 104 proto all flower enc_dst_ip $vtep4_ip action pass"
1823
1824	# Configure the VTEP addresses in the second namespace to enable
1825	# decapsulation.
1826	run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo"
1827	run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo"
1828	run_cmd "ip -n $ns2 address replace $vtep3_ip/$plen dev lo"
1829	run_cmd "ip -n $ns2 address replace $vtep4_ip/$plen dev lo"
1830
1831	# Send registered IPv4 multicast and make sure it only arrives to the
1832	# first VTEP.
1833	run_cmd "ip netns exec $ns1 mausezahn br0.10 -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1834	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
1835	log_test $? 0 "Registered IPv4 multicast - first VTEP"
1836	tc_check_packets "$ns2" "dev vx0 ingress" 102 0
1837	log_test $? 0 "Registered IPv4 multicast - second VTEP"
1838
1839	# Send unregistered IPv4 multicast that is not link-local and make sure
1840	# it arrives to the first and second VTEPs.
1841	run_cmd "ip netns exec $ns1 mausezahn br0.10 -A $ipv4_src -B $ipv4_unreg_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1842	tc_check_packets "$ns2" "dev vx0 ingress" 101 2
1843	log_test $? 0 "Unregistered IPv4 multicast - first VTEP"
1844	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1845	log_test $? 0 "Unregistered IPv4 multicast - second VTEP"
1846
1847	# Send IPv4 link-local multicast traffic and make sure it does not
1848	# arrive to any VTEP.
1849	run_cmd "ip netns exec $ns1 mausezahn br0.10 -A $ipv4_src -B $ipv4_ll_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1850	tc_check_packets "$ns2" "dev vx0 ingress" 101 2
1851	log_test $? 0 "Link-local IPv4 multicast - first VTEP"
1852	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1853	log_test $? 0 "Link-local IPv4 multicast - second VTEP"
1854
1855	# Send registered IPv4 multicast using a unicast MAC address and make
1856	# sure it does not arrive to any VTEP.
1857	run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b 00:11:22:33:44:55 -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1858	tc_check_packets "$ns2" "dev vx0 ingress" 101 2
1859	log_test $? 0 "Registered IPv4 multicast with a unicast MAC - first VTEP"
1860	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1861	log_test $? 0 "Registered IPv4 multicast with a unicast MAC - second VTEP"
1862
1863	# Send registered IPv4 multicast using a broadcast MAC address and make
1864	# sure it does not arrive to any VTEP.
1865	run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b bcast -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1866	tc_check_packets "$ns2" "dev vx0 ingress" 101 2
1867	log_test $? 0 "Registered IPv4 multicast with a broadcast MAC - first VTEP"
1868	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
1869	log_test $? 0 "Registered IPv4 multicast with a broadcast MAC - second VTEP"
1870
1871	# Make sure IPv4 traffic did not reach the VTEPs associated with
1872	# IPv6 entries.
1873	tc_check_packets "$ns2" "dev vx0 ingress" 103 0
1874	log_test $? 0 "IPv4 traffic - third VTEP"
1875	tc_check_packets "$ns2" "dev vx0 ingress" 104 0
1876	log_test $? 0 "IPv4 traffic - fourth VTEP"
1877
1878	# Reset IPv4 filters before testing IPv6 traffic.
1879	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass"
1880	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass"
1881
1882	# Send registered IPv6 multicast and make sure it only arrives to the
1883	# third VTEP.
1884	run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1885	tc_check_packets "$ns2" "dev vx0 ingress" 103 1
1886	log_test $? 0 "Registered IPv6 multicast - third VTEP"
1887	tc_check_packets "$ns2" "dev vx0 ingress" 104 0
1888	log_test $? 0 "Registered IPv6 multicast - fourth VTEP"
1889
1890	# Send unregistered IPv6 multicast that is not link-local and make sure
1891	# it arrives to the third and fourth VTEPs.
1892	run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -A $ipv6_src -B $ipv6_unreg_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1893	tc_check_packets "$ns2" "dev vx0 ingress" 103 2
1894	log_test $? 0 "Unregistered IPv6 multicast - third VTEP"
1895	tc_check_packets "$ns2" "dev vx0 ingress" 104 1
1896	log_test $? 0 "Unregistered IPv6 multicast - fourth VTEP"
1897
1898	# Send IPv6 link-local multicast traffic and make sure it does not
1899	# arrive to any VTEP.
1900	run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -A $ipv6_src -B $ipv6_ll_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1901	tc_check_packets "$ns2" "dev vx0 ingress" 103 2
1902	log_test $? 0 "Link-local IPv6 multicast - third VTEP"
1903	tc_check_packets "$ns2" "dev vx0 ingress" 104 1
1904	log_test $? 0 "Link-local IPv6 multicast - fourth VTEP"
1905
1906	# Send registered IPv6 multicast using a unicast MAC address and make
1907	# sure it does not arrive to any VTEP.
1908	run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b 00:11:22:33:44:55 -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1909	tc_check_packets "$ns2" "dev vx0 ingress" 103 2
1910	log_test $? 0 "Registered IPv6 multicast with a unicast MAC - third VTEP"
1911	tc_check_packets "$ns2" "dev vx0 ingress" 104 1
1912	log_test $? 0 "Registered IPv6 multicast with a unicast MAC - fourth VTEP"
1913
1914	# Send registered IPv6 multicast using a broadcast MAC address and make
1915	# sure it does not arrive to any VTEP.
1916	run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b bcast -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1917	tc_check_packets "$ns2" "dev vx0 ingress" 103 2
1918	log_test $? 0 "Registered IPv6 multicast with a broadcast MAC - third VTEP"
1919	tc_check_packets "$ns2" "dev vx0 ingress" 104 1
1920	log_test $? 0 "Registered IPv6 multicast with a broadcast MAC - fourth VTEP"
1921
1922	# Make sure IPv6 traffic did not reach the VTEPs associated with
1923	# IPv4 entries.
1924	tc_check_packets "$ns2" "dev vx0 ingress" 101 0
1925	log_test $? 0 "IPv6 traffic - first VTEP"
1926	tc_check_packets "$ns2" "dev vx0 ingress" 102 0
1927	log_test $? 0 "IPv6 traffic - second VTEP"
1928}
1929
1930all_zeros_mdb_ipv4()
1931{
1932	local ns1=ns1_v4
1933	local ns2=ns2_v4
1934	local vtep1_ip=198.51.100.101
1935	local vtep2_ip=198.51.100.102
1936	local vtep3_ip=198.51.100.103
1937	local vtep4_ip=198.51.100.104
1938	local plen=32
1939
1940	echo
1941	echo "Data path: All-zeros MDB entry - IPv4 underlay"
1942	echo "----------------------------------------------"
1943
1944	all_zeros_mdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $vtep3_ip \
1945		$vtep4_ip $plen
1946}
1947
1948all_zeros_mdb_ipv6()
1949{
1950	local ns1=ns1_v6
1951	local ns2=ns2_v6
1952	local vtep1_ip=2001:db8:1000::1
1953	local vtep2_ip=2001:db8:2000::1
1954	local vtep3_ip=2001:db8:3000::1
1955	local vtep4_ip=2001:db8:4000::1
1956	local plen=128
1957
1958	echo
1959	echo "Data path: All-zeros MDB entry - IPv6 underlay"
1960	echo "----------------------------------------------"
1961
1962	all_zeros_mdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $vtep3_ip \
1963		$vtep4_ip $plen
1964}
1965
1966mdb_fdb_common()
1967{
1968	local ns1=$1; shift
1969	local ns2=$1; shift
1970	local vtep1_ip=$1; shift
1971	local vtep2_ip=$1; shift
1972	local plen=$1; shift
1973	local proto=$1; shift
1974	local grp=$1; shift
1975	local src=$1; shift
1976	local mz=$1; shift
1977
1978	# Install an MDB entry and an FDB entry and make sure that the FDB
1979	# entry only forwards traffic that was not forwarded by the MDB.
1980
1981	# Associate the MDB entry with one VTEP and the FDB entry with another
1982	# VTEP.
1983	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010"
1984	run_cmd "bridge -n $ns1 fdb add 00:00:00:00:00:00 dev vx0 self static dst $vtep2_ip src_vni 10010"
1985
1986	# Add filters to match on decapsulated traffic in the second namespace.
1987	run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
1988	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto $proto flower ip_proto udp dst_port 54321 enc_dst_ip $vtep1_ip action pass"
1989	run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto $proto flower ip_proto udp dst_port 54321 enc_dst_ip $vtep2_ip action pass"
1990
1991	# Configure the VTEP addresses in the second namespace to enable
1992	# decapsulation.
1993	run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo"
1994	run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo"
1995
1996	# Send IP multicast traffic and make sure it is forwarded by the MDB
1997	# and only arrives to the first VTEP.
1998	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
1999	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
2000	log_test $? 0 "IP multicast - first VTEP"
2001	tc_check_packets "$ns2" "dev vx0 ingress" 102 0
2002	log_test $? 0 "IP multicast - second VTEP"
2003
2004	# Send broadcast traffic and make sure it is forwarded by the FDB and
2005	# only arrives to the second VTEP.
2006	run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b bcast -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
2007	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
2008	log_test $? 0 "Broadcast - first VTEP"
2009	tc_check_packets "$ns2" "dev vx0 ingress" 102 1
2010	log_test $? 0 "Broadcast - second VTEP"
2011
2012	# Remove the MDB entry and make sure that IP multicast is now forwarded
2013	# by the FDB to the second VTEP.
2014	run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010"
2015	run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
2016	tc_check_packets "$ns2" "dev vx0 ingress" 101 1
2017	log_test $? 0 "IP multicast after removal - first VTEP"
2018	tc_check_packets "$ns2" "dev vx0 ingress" 102 2
2019	log_test $? 0 "IP multicast after removal - second VTEP"
2020}
2021
2022mdb_fdb_ipv4_ipv4()
2023{
2024	local ns1=ns1_v4
2025	local ns2=ns2_v4
2026	local vtep1_ip=198.51.100.100
2027	local vtep2_ip=198.51.100.200
2028	local plen=32
2029	local proto="ipv4"
2030	local grp=239.1.1.1
2031	local src=192.0.2.129
2032
2033	echo
2034	echo "Data path: MDB with FDB - IPv4 overlay / IPv4 underlay"
2035	echo "------------------------------------------------------"
2036
2037	mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \
2038		"mausezahn"
2039}
2040
2041mdb_fdb_ipv6_ipv4()
2042{
2043	local ns1=ns1_v4
2044	local ns2=ns2_v4
2045	local vtep1_ip=198.51.100.100
2046	local vtep2_ip=198.51.100.200
2047	local plen=32
2048	local proto="ipv6"
2049	local grp=ff0e::1
2050	local src=2001:db8:100::1
2051
2052	echo
2053	echo "Data path: MDB with FDB - IPv6 overlay / IPv4 underlay"
2054	echo "------------------------------------------------------"
2055
2056	mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \
2057		"mausezahn -6"
2058}
2059
2060mdb_fdb_ipv4_ipv6()
2061{
2062	local ns1=ns1_v6
2063	local ns2=ns2_v6
2064	local vtep1_ip=2001:db8:1000::1
2065	local vtep2_ip=2001:db8:2000::1
2066	local plen=128
2067	local proto="ipv4"
2068	local grp=239.1.1.1
2069	local src=192.0.2.129
2070
2071	echo
2072	echo "Data path: MDB with FDB - IPv4 overlay / IPv6 underlay"
2073	echo "------------------------------------------------------"
2074
2075	mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \
2076		"mausezahn"
2077}
2078
2079mdb_fdb_ipv6_ipv6()
2080{
2081	local ns1=ns1_v6
2082	local ns2=ns2_v6
2083	local vtep1_ip=2001:db8:1000::1
2084	local vtep2_ip=2001:db8:2000::1
2085	local plen=128
2086	local proto="ipv6"
2087	local grp=ff0e::1
2088	local src=2001:db8:100::1
2089
2090	echo
2091	echo "Data path: MDB with FDB - IPv6 overlay / IPv6 underlay"
2092	echo "------------------------------------------------------"
2093
2094	mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \
2095		"mausezahn -6"
2096}
2097
2098mdb_grp1_loop()
2099{
2100	local ns1=$1; shift
2101	local vtep1_ip=$1; shift
2102	local grp1=$1; shift
2103
2104	while true; do
2105		bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp1 dst $vtep1_ip src_vni 10010
2106		bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp1 permanent dst $vtep1_ip src_vni 10010
2107	done >/dev/null 2>&1
2108}
2109
2110mdb_grp2_loop()
2111{
2112	local ns1=$1; shift
2113	local vtep1_ip=$1; shift
2114	local vtep2_ip=$1; shift
2115	local grp2=$1; shift
2116
2117	while true; do
2118		bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp2 dst $vtep1_ip src_vni 10010
2119		bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp2 permanent dst $vtep1_ip src_vni 10010
2120		bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep2_ip src_vni 10010
2121	done >/dev/null 2>&1
2122}
2123
2124mdb_torture_common()
2125{
2126	local ns1=$1; shift
2127	local vtep1_ip=$1; shift
2128	local vtep2_ip=$1; shift
2129	local grp1=$1; shift
2130	local grp2=$1; shift
2131	local src=$1; shift
2132	local mz=$1; shift
2133	local pid1
2134	local pid2
2135	local pid3
2136	local pid4
2137
2138	# Continuously send two streams that are forwarded by two different MDB
2139	# entries. The first entry will be added and deleted in a loop. This
2140	# allows us to test that the data path does not use freed MDB entry
2141	# memory. The second entry will have two remotes, one that is added and
2142	# deleted in a loop and another that is replaced in a loop. This allows
2143	# us to test that the data path does not use freed remote entry memory.
2144	# The test is considered successful if nothing crashed.
2145
2146	# Create the MDB entries that will be continuously deleted / replaced.
2147	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp1 permanent dst $vtep1_ip src_vni 10010"
2148	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep1_ip src_vni 10010"
2149	run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep2_ip src_vni 10010"
2150
2151	mdb_grp1_loop $ns1 $vtep1_ip $grp1 &
2152	pid1=$!
2153	mdb_grp2_loop $ns1 $vtep1_ip $vtep2_ip $grp2 &
2154	pid2=$!
2155	ip netns exec $ns1 $mz br0.10 -A $src -B $grp1 -t udp sp=12345,dp=54321 -p 100 -c 0 -q &
2156	pid3=$!
2157	ip netns exec $ns1 $mz br0.10 -A $src -B $grp2 -t udp sp=12345,dp=54321 -p 100 -c 0 -q &
2158	pid4=$!
2159
2160	sleep 30
2161	kill -9 $pid1 $pid2 $pid3 $pid4
2162	wait $pid1 $pid2 $pid3 $pid4 2>/dev/null
2163
2164	log_test 0 0 "Torture test"
2165}
2166
2167mdb_torture_ipv4_ipv4()
2168{
2169	local ns1=ns1_v4
2170	local vtep1_ip=198.51.100.100
2171	local vtep2_ip=198.51.100.200
2172	local grp1=239.1.1.1
2173	local grp2=239.2.2.2
2174	local src=192.0.2.129
2175
2176	echo
2177	echo "Data path: MDB torture test - IPv4 overlay / IPv4 underlay"
2178	echo "----------------------------------------------------------"
2179
2180	mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \
2181		"mausezahn"
2182}
2183
2184mdb_torture_ipv6_ipv4()
2185{
2186	local ns1=ns1_v4
2187	local vtep1_ip=198.51.100.100
2188	local vtep2_ip=198.51.100.200
2189	local grp1=ff0e::1
2190	local grp2=ff0e::2
2191	local src=2001:db8:100::1
2192
2193	echo
2194	echo "Data path: MDB torture test - IPv6 overlay / IPv4 underlay"
2195	echo "----------------------------------------------------------"
2196
2197	mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \
2198		"mausezahn -6"
2199}
2200
2201mdb_torture_ipv4_ipv6()
2202{
2203	local ns1=ns1_v6
2204	local vtep1_ip=2001:db8:1000::1
2205	local vtep2_ip=2001:db8:2000::1
2206	local grp1=239.1.1.1
2207	local grp2=239.2.2.2
2208	local src=192.0.2.129
2209
2210	echo
2211	echo "Data path: MDB torture test - IPv4 overlay / IPv6 underlay"
2212	echo "----------------------------------------------------------"
2213
2214	mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \
2215		"mausezahn"
2216}
2217
2218mdb_torture_ipv6_ipv6()
2219{
2220	local ns1=ns1_v6
2221	local vtep1_ip=2001:db8:1000::1
2222	local vtep2_ip=2001:db8:2000::1
2223	local grp1=ff0e::1
2224	local grp2=ff0e::2
2225	local src=2001:db8:100::1
2226
2227	echo
2228	echo "Data path: MDB torture test - IPv6 overlay / IPv6 underlay"
2229	echo "----------------------------------------------------------"
2230
2231	mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \
2232		"mausezahn -6"
2233}
2234
2235################################################################################
2236# Usage
2237
2238usage()
2239{
2240	cat <<EOF
2241usage: ${0##*/} OPTS
2242
2243        -t <test>   Test(s) to run (default: all)
2244                    (options: $TESTS)
2245        -c          Control path tests only
2246        -d          Data path tests only
2247        -p          Pause on fail
2248        -P          Pause after each test before cleanup
2249        -v          Verbose mode (show commands and output)
2250EOF
2251}
2252
2253################################################################################
2254# Main
2255
2256trap cleanup EXIT
2257
2258while getopts ":t:cdpPvh" opt; do
2259	case $opt in
2260		t) TESTS=$OPTARG;;
2261		c) TESTS=${CONTROL_PATH_TESTS};;
2262		d) TESTS=${DATA_PATH_TESTS};;
2263		p) PAUSE_ON_FAIL=yes;;
2264		P) PAUSE=yes;;
2265		v) VERBOSE=$(($VERBOSE + 1));;
2266		h) usage; exit 0;;
2267		*) usage; exit 1;;
2268	esac
2269done
2270
2271# Make sure we don't pause twice.
2272[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
2273
2274if [ "$(id -u)" -ne 0 ];then
2275	echo "SKIP: Need root privileges"
2276	exit $ksft_skip;
2277fi
2278
2279if [ ! -x "$(command -v ip)" ]; then
2280	echo "SKIP: Could not run test without ip tool"
2281	exit $ksft_skip
2282fi
2283
2284if [ ! -x "$(command -v bridge)" ]; then
2285	echo "SKIP: Could not run test without bridge tool"
2286	exit $ksft_skip
2287fi
2288
2289if [ ! -x "$(command -v mausezahn)" ]; then
2290	echo "SKIP: Could not run test without mausezahn tool"
2291	exit $ksft_skip
2292fi
2293
2294if [ ! -x "$(command -v jq)" ]; then
2295	echo "SKIP: Could not run test without jq tool"
2296	exit $ksft_skip
2297fi
2298
2299bridge mdb help 2>&1 | grep -q "get"
2300if [ $? -ne 0 ]; then
2301   echo "SKIP: iproute2 bridge too old, missing VXLAN MDB get support"
2302   exit $ksft_skip
2303fi
2304
2305# Start clean.
2306cleanup
2307
2308for t in $TESTS
2309do
2310	setup; $t; cleanup;
2311done
2312
2313if [ "$TESTS" != "none" ]; then
2314	printf "\nTests passed: %3d\n" ${nsuccess}
2315	printf "Tests failed: %3d\n"   ${nfail}
2316fi
2317
2318exit $ret
2319