1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# This test is for checking VXLAN MDB functionality. The topology consists of 5# two sets of namespaces: One for the testing of IPv4 underlay and another for 6# IPv6. In both cases, both IPv4 and IPv6 overlay traffic are tested. 7# 8# Data path functionality is tested by sending traffic from one of the upper 9# namespaces and checking using ingress tc filters that the expected traffic 10# was received by one of the lower namespaces. 11# 12# +------------------------------------+ +------------------------------------+ 13# | ns1_v4 | | ns1_v6 | 14# | | | | 15# | br0.10 br0.4000 br0.20 | | br0.10 br0.4000 br0.20 | 16# | + + + | | + + + | 17# | | | | | | | | | | 18# | | | | | | | | | | 19# | +---------+---------+ | | +---------+---------+ | 20# | | | | | | 21# | | | | | | 22# | + | | + | 23# | br0 | | br0 | 24# | + | | + | 25# | | | | | | 26# | | | | | | 27# | + | | + | 28# | vx0 | | vx0 | 29# | | | | 30# | | | | 31# | veth0 | | veth0 | 32# | + | | + | 33# +-----------------|------------------+ +-----------------|------------------+ 34# | | 35# +-----------------|------------------+ +-----------------|------------------+ 36# | + | | + | 37# | veth0 | | veth0 | 38# | | | | 39# | | | | 40# | vx0 | | vx0 | 41# | + | | + | 42# | | | | | | 43# | | | | | | 44# | + | | + | 45# | br0 | | br0 | 46# | + | | + | 47# | | | | | | 48# | | | | | | 49# | +---------+---------+ | | +---------+---------+ | 50# | | | | | | | | | | 51# | | | | | | | | | | 52# | + + + | | + + + | 53# | br0.10 br0.4000 br0.10 | | br0.10 br0.4000 br0.20 | 54# | | | | 55# | ns2_v4 | | ns2_v6 | 56# +------------------------------------+ +------------------------------------+ 57 58source lib.sh 59ret=0 60 61CONTROL_PATH_TESTS=" 62 basic_star_g_ipv4_ipv4 63 basic_star_g_ipv6_ipv4 64 basic_star_g_ipv4_ipv6 65 basic_star_g_ipv6_ipv6 66 basic_sg_ipv4_ipv4 67 basic_sg_ipv6_ipv4 68 basic_sg_ipv4_ipv6 69 basic_sg_ipv6_ipv6 70 star_g_ipv4_ipv4 71 star_g_ipv6_ipv4 72 star_g_ipv4_ipv6 73 star_g_ipv6_ipv6 74 sg_ipv4_ipv4 75 sg_ipv6_ipv4 76 sg_ipv4_ipv6 77 sg_ipv6_ipv6 78 dump_ipv4_ipv4 79 dump_ipv6_ipv4 80 dump_ipv4_ipv6 81 dump_ipv6_ipv6 82" 83 84DATA_PATH_TESTS=" 85 encap_params_ipv4_ipv4 86 encap_params_ipv6_ipv4 87 encap_params_ipv4_ipv6 88 encap_params_ipv6_ipv6 89 starg_exclude_ir_ipv4_ipv4 90 starg_exclude_ir_ipv6_ipv4 91 starg_exclude_ir_ipv4_ipv6 92 starg_exclude_ir_ipv6_ipv6 93 starg_include_ir_ipv4_ipv4 94 starg_include_ir_ipv6_ipv4 95 starg_include_ir_ipv4_ipv6 96 starg_include_ir_ipv6_ipv6 97 starg_exclude_p2mp_ipv4_ipv4 98 starg_exclude_p2mp_ipv6_ipv4 99 starg_exclude_p2mp_ipv4_ipv6 100 starg_exclude_p2mp_ipv6_ipv6 101 starg_include_p2mp_ipv4_ipv4 102 starg_include_p2mp_ipv6_ipv4 103 starg_include_p2mp_ipv4_ipv6 104 starg_include_p2mp_ipv6_ipv6 105 egress_vni_translation_ipv4_ipv4 106 egress_vni_translation_ipv6_ipv4 107 egress_vni_translation_ipv4_ipv6 108 egress_vni_translation_ipv6_ipv6 109 all_zeros_mdb_ipv4 110 all_zeros_mdb_ipv6 111 mdb_fdb_ipv4_ipv4 112 mdb_fdb_ipv6_ipv4 113 mdb_fdb_ipv4_ipv6 114 mdb_fdb_ipv6_ipv6 115 mdb_torture_ipv4_ipv4 116 mdb_torture_ipv6_ipv4 117 mdb_torture_ipv4_ipv6 118 mdb_torture_ipv6_ipv6 119" 120 121# All tests in this script. Can be overridden with -t option. 122TESTS=" 123 $CONTROL_PATH_TESTS 124 $DATA_PATH_TESTS 125" 126VERBOSE=0 127PAUSE_ON_FAIL=no 128PAUSE=no 129 130################################################################################ 131# Utilities 132 133log_test() 134{ 135 local rc=$1 136 local expected=$2 137 local msg="$3" 138 139 if [ ${rc} -eq ${expected} ]; then 140 printf "TEST: %-60s [ OK ]\n" "${msg}" 141 nsuccess=$((nsuccess+1)) 142 else 143 ret=1 144 nfail=$((nfail+1)) 145 printf "TEST: %-60s [FAIL]\n" "${msg}" 146 if [ "$VERBOSE" = "1" ]; then 147 echo " rc=$rc, expected $expected" 148 fi 149 150 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 151 echo 152 echo "hit enter to continue, 'q' to quit" 153 read a 154 [ "$a" = "q" ] && exit 1 155 fi 156 fi 157 158 if [ "${PAUSE}" = "yes" ]; then 159 echo 160 echo "hit enter to continue, 'q' to quit" 161 read a 162 [ "$a" = "q" ] && exit 1 163 fi 164 165 [ "$VERBOSE" = "1" ] && echo 166} 167 168run_cmd() 169{ 170 local cmd="$1" 171 local out 172 local stderr="2>/dev/null" 173 174 if [ "$VERBOSE" = "1" ]; then 175 printf "COMMAND: $cmd\n" 176 stderr= 177 fi 178 179 out=$(eval $cmd $stderr) 180 rc=$? 181 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 182 echo " $out" 183 fi 184 185 return $rc 186} 187 188tc_check_packets() 189{ 190 local ns=$1; shift 191 local id=$1; shift 192 local handle=$1; shift 193 local count=$1; shift 194 local pkts 195 196 sleep 0.1 197 pkts=$(tc -n $ns -j -s filter show $id \ 198 | jq ".[] | select(.options.handle == $handle) | \ 199 .options.actions[0].stats.packets") 200 [[ $pkts == $count ]] 201} 202 203################################################################################ 204# Setup 205 206setup_common_ns() 207{ 208 local ns=$1; shift 209 local local_addr=$1; shift 210 211 ip netns exec $ns sysctl -qw net.ipv4.ip_forward=1 212 ip netns exec $ns sysctl -qw net.ipv4.fib_multipath_use_neigh=1 213 ip netns exec $ns sysctl -qw net.ipv4.conf.default.ignore_routes_with_linkdown=1 214 ip netns exec $ns sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 215 ip netns exec $ns sysctl -qw net.ipv6.conf.all.forwarding=1 216 ip netns exec $ns sysctl -qw net.ipv6.conf.default.forwarding=1 217 ip netns exec $ns sysctl -qw net.ipv6.conf.default.ignore_routes_with_linkdown=1 218 ip netns exec $ns sysctl -qw net.ipv6.conf.all.accept_dad=0 219 ip netns exec $ns sysctl -qw net.ipv6.conf.default.accept_dad=0 220 221 ip -n $ns link set dev lo up 222 ip -n $ns address add $local_addr dev lo 223 224 ip -n $ns link set dev veth0 up 225 226 ip -n $ns link add name br0 up type bridge vlan_filtering 1 \ 227 vlan_default_pvid 0 mcast_snooping 0 228 229 ip -n $ns link add link br0 name br0.10 up type vlan id 10 230 bridge -n $ns vlan add vid 10 dev br0 self 231 232 ip -n $ns link add link br0 name br0.20 up type vlan id 20 233 bridge -n $ns vlan add vid 20 dev br0 self 234 235 ip -n $ns link add link br0 name br0.4000 up type vlan id 4000 236 bridge -n $ns vlan add vid 4000 dev br0 self 237 238 ip -n $ns link add name vx0 up master br0 type vxlan \ 239 local $local_addr dstport 4789 external vnifilter 240 bridge -n $ns link set dev vx0 vlan_tunnel on 241 242 bridge -n $ns vlan add vid 10 dev vx0 243 bridge -n $ns vlan add vid 10 dev vx0 tunnel_info id 10010 244 bridge -n $ns vni add vni 10010 dev vx0 245 246 bridge -n $ns vlan add vid 20 dev vx0 247 bridge -n $ns vlan add vid 20 dev vx0 tunnel_info id 10020 248 bridge -n $ns vni add vni 10020 dev vx0 249 250 bridge -n $ns vlan add vid 4000 dev vx0 pvid 251 bridge -n $ns vlan add vid 4000 dev vx0 tunnel_info id 14000 252 bridge -n $ns vni add vni 14000 dev vx0 253} 254 255setup_common() 256{ 257 local ns1=$1; shift 258 local ns2=$1; shift 259 local local_addr1=$1; shift 260 local local_addr2=$1; shift 261 262 ip link add name veth0 type veth peer name veth1 263 ip link set dev veth0 netns $ns1 name veth0 264 ip link set dev veth1 netns $ns2 name veth0 265 266 setup_common_ns $ns1 $local_addr1 267 setup_common_ns $ns2 $local_addr2 268} 269 270setup_v4() 271{ 272 setup_ns ns1_v4 ns2_v4 273 setup_common $ns1_v4 $ns2_v4 192.0.2.1 192.0.2.2 274 275 ip -n $ns1_v4 address add 192.0.2.17/28 dev veth0 276 ip -n $ns2_v4 address add 192.0.2.18/28 dev veth0 277 278 ip -n $ns1_v4 route add default via 192.0.2.18 279 ip -n $ns2_v4 route add default via 192.0.2.17 280} 281 282cleanup_v4() 283{ 284 cleanup_ns $ns2_v4 $ns1_v4 285} 286 287setup_v6() 288{ 289 setup_ns ns1_v6 ns2_v6 290 setup_common $ns1_v6 $ns2_v6 2001:db8:1::1 2001:db8:1::2 291 292 ip -n $ns1_v6 address add 2001:db8:2::1/64 dev veth0 nodad 293 ip -n $ns2_v6 address add 2001:db8:2::2/64 dev veth0 nodad 294 295 ip -n $ns1_v6 route add default via 2001:db8:2::2 296 ip -n $ns2_v6 route add default via 2001:db8:2::1 297} 298 299cleanup_v6() 300{ 301 cleanup_ns $ns2_v6 $ns1_v6 302} 303 304setup() 305{ 306 set -e 307 308 setup_v4 309 setup_v6 310 311 sleep 5 312 313 set +e 314} 315 316cleanup() 317{ 318 cleanup_v6 &> /dev/null 319 cleanup_v4 &> /dev/null 320} 321 322################################################################################ 323# Tests - Control path 324 325basic_common() 326{ 327 local ns1=$1; shift 328 local grp_key=$1; shift 329 local vtep_ip=$1; shift 330 331 # Test basic control path operations common to all MDB entry types. 332 333 # Basic add, replace and delete behavior. 334 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 335 log_test $? 0 "MDB entry addition" 336 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010" 337 log_test $? 0 "MDB entry presence after addition" 338 339 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 340 log_test $? 0 "MDB entry replacement" 341 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010" 342 log_test $? 0 "MDB entry presence after replacement" 343 344 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 345 log_test $? 0 "MDB entry deletion" 346 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010" 347 log_test $? 254 "MDB entry presence after deletion" 348 349 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 350 log_test $? 255 "Non-existent MDB entry deletion" 351 352 # Default protocol and replacement. 353 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 354 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"proto static\"" 355 log_test $? 0 "MDB entry default protocol" 356 357 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent proto 123 dst $vtep_ip src_vni 10010" 358 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"proto 123\"" 359 log_test $? 0 "MDB entry protocol replacement" 360 361 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 362 363 # Default destination port and replacement. 364 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 365 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \" dst_port \"" 366 log_test $? 1 "MDB entry default destination port" 367 368 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip dst_port 1234 src_vni 10010" 369 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"dst_port 1234\"" 370 log_test $? 0 "MDB entry destination port replacement" 371 372 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 373 374 # Default destination VNI and replacement. 375 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 376 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \" vni \"" 377 log_test $? 1 "MDB entry default destination VNI" 378 379 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni 1234 src_vni 10010" 380 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"vni 1234\"" 381 log_test $? 0 "MDB entry destination VNI replacement" 382 383 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 384 385 # Default outgoing interface and replacement. 386 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 387 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \" via \"" 388 log_test $? 1 "MDB entry default outgoing interface" 389 390 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010 via veth0" 391 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"via veth0\"" 392 log_test $? 0 "MDB entry outgoing interface replacement" 393 394 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 395 396 # Common error cases. 397 run_cmd "bridge -n $ns1 mdb add dev vx0 port veth0 $grp_key permanent dst $vtep_ip src_vni 10010" 398 log_test $? 255 "MDB entry with mismatch between device and port" 399 400 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key temp dst $vtep_ip src_vni 10010" 401 log_test $? 255 "MDB entry with temp state" 402 403 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent vid 10 dst $vtep_ip src_vni 10010" 404 log_test $? 255 "MDB entry with VLAN" 405 406 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp 01:02:03:04:05:06 permanent dst $vtep_ip src_vni 10010" 407 log_test $? 255 "MDB entry MAC address" 408 409 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent" 410 log_test $? 255 "MDB entry without extended parameters" 411 412 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent proto 3 dst $vtep_ip src_vni 10010" 413 log_test $? 255 "MDB entry with an invalid protocol" 414 415 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni $((2 ** 24)) src_vni 10010" 416 log_test $? 255 "MDB entry with an invalid destination VNI" 417 418 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni $((2 ** 24))" 419 log_test $? 255 "MDB entry with an invalid source VNI" 420 421 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent src_vni 10010" 422 log_test $? 255 "MDB entry without a remote destination IP" 423 424 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 425 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 426 log_test $? 255 "Duplicate MDB entries" 427 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 428} 429 430basic_star_g_ipv4_ipv4() 431{ 432 local ns1=$ns1_v4 433 local grp_key="grp 239.1.1.1" 434 local vtep_ip=198.51.100.100 435 436 echo 437 echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv4 underlay" 438 echo "--------------------------------------------------------------------" 439 440 basic_common $ns1 "$grp_key" $vtep_ip 441} 442 443basic_star_g_ipv6_ipv4() 444{ 445 local ns1=$ns1_v4 446 local grp_key="grp ff0e::1" 447 local vtep_ip=198.51.100.100 448 449 echo 450 echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv4 underlay" 451 echo "--------------------------------------------------------------------" 452 453 basic_common $ns1 "$grp_key" $vtep_ip 454} 455 456basic_star_g_ipv4_ipv6() 457{ 458 local ns1=$ns1_v6 459 local grp_key="grp 239.1.1.1" 460 local vtep_ip=2001:db8:1000::1 461 462 echo 463 echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv6 underlay" 464 echo "--------------------------------------------------------------------" 465 466 basic_common $ns1 "$grp_key" $vtep_ip 467} 468 469basic_star_g_ipv6_ipv6() 470{ 471 local ns1=$ns1_v6 472 local grp_key="grp ff0e::1" 473 local vtep_ip=2001:db8:1000::1 474 475 echo 476 echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv6 underlay" 477 echo "--------------------------------------------------------------------" 478 479 basic_common $ns1 "$grp_key" $vtep_ip 480} 481 482basic_sg_ipv4_ipv4() 483{ 484 local ns1=$ns1_v4 485 local grp_key="grp 239.1.1.1 src 192.0.2.129" 486 local vtep_ip=198.51.100.100 487 488 echo 489 echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv4 underlay" 490 echo "--------------------------------------------------------------------" 491 492 basic_common $ns1 "$grp_key" $vtep_ip 493} 494 495basic_sg_ipv6_ipv4() 496{ 497 local ns1=$ns1_v4 498 local grp_key="grp ff0e::1 src 2001:db8:100::1" 499 local vtep_ip=198.51.100.100 500 501 echo 502 echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv4 underlay" 503 echo "---------------------------------------------------------------------" 504 505 basic_common $ns1 "$grp_key" $vtep_ip 506} 507 508basic_sg_ipv4_ipv6() 509{ 510 local ns1=$ns1_v6 511 local grp_key="grp 239.1.1.1 src 192.0.2.129" 512 local vtep_ip=2001:db8:1000::1 513 514 echo 515 echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv6 underlay" 516 echo "--------------------------------------------------------------------" 517 518 basic_common $ns1 "$grp_key" $vtep_ip 519} 520 521basic_sg_ipv6_ipv6() 522{ 523 local ns1=$ns1_v6 524 local grp_key="grp ff0e::1 src 2001:db8:100::1" 525 local vtep_ip=2001:db8:1000::1 526 527 echo 528 echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv6 underlay" 529 echo "--------------------------------------------------------------------" 530 531 basic_common $ns1 "$grp_key" $vtep_ip 532} 533 534star_g_common() 535{ 536 local ns1=$1; shift 537 local grp=$1; shift 538 local src1=$1; shift 539 local src2=$1; shift 540 local src3=$1; shift 541 local vtep_ip=$1; shift 542 local all_zeros_grp=$1; shift 543 544 # Test control path operations specific to (*, G) entries. 545 546 # Basic add, replace and delete behavior. 547 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 548 log_test $? 0 "(*, G) MDB entry addition with source list" 549 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010" 550 log_test $? 0 "(*, G) MDB entry presence after addition" 551 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010" 552 log_test $? 0 "(S, G) MDB entry presence after addition" 553 554 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 555 log_test $? 0 "(*, G) MDB entry replacement with source list" 556 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010" 557 log_test $? 0 "(*, G) MDB entry presence after replacement" 558 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010" 559 log_test $? 0 "(S, G) MDB entry presence after replacement" 560 561 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 562 log_test $? 0 "(*, G) MDB entry deletion" 563 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010" 564 log_test $? 254 "(*, G) MDB entry presence after deletion" 565 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010" 566 log_test $? 254 "(S, G) MDB entry presence after deletion" 567 568 # Default filter mode and replacement. 569 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010" 570 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep exclude" 571 log_test $? 0 "(*, G) MDB entry default filter mode" 572 573 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $src1 dst $vtep_ip src_vni 10010" 574 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep include" 575 log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"include\"" 576 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010" 577 log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"include\"" 578 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep blocked" 579 log_test $? 1 "\"blocked\" flag after replacing filter mode to \"include\"" 580 581 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 582 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep exclude" 583 log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"exclude\"" 584 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grep grp $grp src $src1 src_vni 10010" 585 log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"exclude\"" 586 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep blocked" 587 log_test $? 0 "\"blocked\" flag after replacing filter mode to \"exclude\"" 588 589 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 590 591 # Default source list and replacement. 592 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010" 593 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep source_list" 594 log_test $? 1 "(*, G) MDB entry default source list" 595 596 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src2,$src3 dst $vtep_ip src_vni 10010" 597 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010" 598 log_test $? 0 "(S, G) MDB entry of 1st source after replacing source list" 599 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src2 src_vni 10010" 600 log_test $? 0 "(S, G) MDB entry of 2nd source after replacing source list" 601 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src3 src_vni 10010" 602 log_test $? 0 "(S, G) MDB entry of 3rd source after replacing source list" 603 604 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src3 dst $vtep_ip src_vni 10010" 605 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010" 606 log_test $? 0 "(S, G) MDB entry of 1st source after removing source" 607 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src2 src_vni 10010" 608 log_test $? 254 "(S, G) MDB entry of 2nd source after removing source" 609 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src3 src_vni 10010" 610 log_test $? 0 "(S, G) MDB entry of 3rd source after removing source" 611 612 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 613 614 # Default protocol and replacement. 615 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 616 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \"proto static\"" 617 log_test $? 0 "(*, G) MDB entry default protocol" 618 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \"proto static\"" 619 log_test $? 0 "(S, G) MDB entry default protocol" 620 621 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 proto bgp dst $vtep_ip src_vni 10010" 622 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \"proto bgp\"" 623 log_test $? 0 "(*, G) MDB entry protocol after replacement" 624 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \"proto bgp\"" 625 log_test $? 0 "(S, G) MDB entry protocol after replacement" 626 627 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 628 629 # Default destination port and replacement. 630 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 631 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" dst_port \"" 632 log_test $? 1 "(*, G) MDB entry default destination port" 633 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" dst_port \"" 634 log_test $? 1 "(S, G) MDB entry default destination port" 635 636 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip dst_port 1234 src_vni 10010" 637 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" dst_port 1234 \"" 638 log_test $? 0 "(*, G) MDB entry destination port after replacement" 639 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" dst_port 1234 \"" 640 log_test $? 0 "(S, G) MDB entry destination port after replacement" 641 642 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 643 644 # Default destination VNI and replacement. 645 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 646 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" vni \"" 647 log_test $? 1 "(*, G) MDB entry default destination VNI" 648 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" vni \"" 649 log_test $? 1 "(S, G) MDB entry default destination VNI" 650 651 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip vni 1234 src_vni 10010" 652 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" vni 1234 \"" 653 log_test $? 0 "(*, G) MDB entry destination VNI after replacement" 654 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" vni 1234 \"" 655 log_test $? 0 "(S, G) MDB entry destination VNI after replacement" 656 657 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 658 659 # Default outgoing interface and replacement. 660 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 661 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" via \"" 662 log_test $? 1 "(*, G) MDB entry default outgoing interface" 663 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" via \"" 664 log_test $? 1 "(S, G) MDB entry default outgoing interface" 665 666 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010 via veth0" 667 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" via veth0 \"" 668 log_test $? 0 "(*, G) MDB entry outgoing interface after replacement" 669 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" via veth0 \"" 670 log_test $? 0 "(S, G) MDB entry outgoing interface after replacement" 671 672 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 673 674 # Error cases. 675 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent filter_mode exclude dst $vtep_ip src_vni 10010" 676 log_test $? 255 "All-zeros group with filter mode" 677 678 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent source_list $src1 dst $vtep_ip src_vni 10010" 679 log_test $? 255 "All-zeros group with source list" 680 681 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode include dst $vtep_ip src_vni 10010" 682 log_test $? 255 "(*, G) INCLUDE with an empty source list" 683 684 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $grp dst $vtep_ip src_vni 10010" 685 log_test $? 255 "Invalid source in source list" 686 687 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent source_list $src1 dst $vtep_ip src_vni 10010" 688 log_test $? 255 "Source list without filter mode" 689} 690 691star_g_ipv4_ipv4() 692{ 693 local ns1=$ns1_v4 694 local grp=239.1.1.1 695 local src1=192.0.2.129 696 local src2=192.0.2.130 697 local src3=192.0.2.131 698 local vtep_ip=198.51.100.100 699 local all_zeros_grp=0.0.0.0 700 701 echo 702 echo "Control path: (*, G) operations - IPv4 overlay / IPv4 underlay" 703 echo "--------------------------------------------------------------" 704 705 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 706} 707 708star_g_ipv6_ipv4() 709{ 710 local ns1=$ns1_v4 711 local grp=ff0e::1 712 local src1=2001:db8:100::1 713 local src2=2001:db8:100::2 714 local src3=2001:db8:100::3 715 local vtep_ip=198.51.100.100 716 local all_zeros_grp=:: 717 718 echo 719 echo "Control path: (*, G) operations - IPv6 overlay / IPv4 underlay" 720 echo "--------------------------------------------------------------" 721 722 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 723} 724 725star_g_ipv4_ipv6() 726{ 727 local ns1=$ns1_v6 728 local grp=239.1.1.1 729 local src1=192.0.2.129 730 local src2=192.0.2.130 731 local src3=192.0.2.131 732 local vtep_ip=2001:db8:1000::1 733 local all_zeros_grp=0.0.0.0 734 735 echo 736 echo "Control path: (*, G) operations - IPv4 overlay / IPv6 underlay" 737 echo "--------------------------------------------------------------" 738 739 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 740} 741 742star_g_ipv6_ipv6() 743{ 744 local ns1=$ns1_v6 745 local grp=ff0e::1 746 local src1=2001:db8:100::1 747 local src2=2001:db8:100::2 748 local src3=2001:db8:100::3 749 local vtep_ip=2001:db8:1000::1 750 local all_zeros_grp=:: 751 752 echo 753 echo "Control path: (*, G) operations - IPv6 overlay / IPv6 underlay" 754 echo "--------------------------------------------------------------" 755 756 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 757} 758 759sg_common() 760{ 761 local ns1=$1; shift 762 local grp=$1; shift 763 local src=$1; shift 764 local vtep_ip=$1; shift 765 local all_zeros_grp=$1; shift 766 767 # Test control path operations specific to (S, G) entries. 768 769 # Default filter mode. 770 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010" 771 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src src_vni 10010 | grep include" 772 log_test $? 0 "(S, G) MDB entry default filter mode" 773 774 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010" 775 776 # Error cases. 777 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent filter_mode include dst $vtep_ip src_vni 10010" 778 log_test $? 255 "(S, G) with filter mode" 779 780 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent source_list $src dst $vtep_ip src_vni 10010" 781 log_test $? 255 "(S, G) with source list" 782 783 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $grp permanent dst $vtep_ip src_vni 10010" 784 log_test $? 255 "(S, G) with an invalid source list" 785 786 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp src $src permanent dst $vtep_ip src_vni 10010" 787 log_test $? 255 "All-zeros group with source" 788} 789 790sg_ipv4_ipv4() 791{ 792 local ns1=$ns1_v4 793 local grp=239.1.1.1 794 local src=192.0.2.129 795 local vtep_ip=198.51.100.100 796 local all_zeros_grp=0.0.0.0 797 798 echo 799 echo "Control path: (S, G) operations - IPv4 overlay / IPv4 underlay" 800 echo "--------------------------------------------------------------" 801 802 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 803} 804 805sg_ipv6_ipv4() 806{ 807 local ns1=$ns1_v4 808 local grp=ff0e::1 809 local src=2001:db8:100::1 810 local vtep_ip=198.51.100.100 811 local all_zeros_grp=:: 812 813 echo 814 echo "Control path: (S, G) operations - IPv6 overlay / IPv4 underlay" 815 echo "--------------------------------------------------------------" 816 817 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 818} 819 820sg_ipv4_ipv6() 821{ 822 local ns1=$ns1_v6 823 local grp=239.1.1.1 824 local src=192.0.2.129 825 local vtep_ip=2001:db8:1000::1 826 local all_zeros_grp=0.0.0.0 827 828 echo 829 echo "Control path: (S, G) operations - IPv4 overlay / IPv6 underlay" 830 echo "--------------------------------------------------------------" 831 832 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 833} 834 835sg_ipv6_ipv6() 836{ 837 local ns1=$ns1_v6 838 local grp=ff0e::1 839 local src=2001:db8:100::1 840 local vtep_ip=2001:db8:1000::1 841 local all_zeros_grp=:: 842 843 echo 844 echo "Control path: (S, G) operations - IPv6 overlay / IPv6 underlay" 845 echo "--------------------------------------------------------------" 846 847 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 848} 849 850ipv4_grps_get() 851{ 852 local max_grps=$1; shift 853 local i 854 855 for i in $(seq 0 $((max_grps - 1))); do 856 echo "239.1.1.$i" 857 done 858} 859 860ipv6_grps_get() 861{ 862 local max_grps=$1; shift 863 local i 864 865 for i in $(seq 0 $((max_grps - 1))); do 866 echo "ff0e::$(printf %x $i)" 867 done 868} 869 870dump_common() 871{ 872 local ns1=$1; shift 873 local local_addr=$1; shift 874 local remote_prefix=$1; shift 875 local fn=$1; shift 876 local max_vxlan_devs=2 877 local max_remotes=64 878 local max_grps=256 879 local num_entries 880 local batch_file 881 local grp 882 local i j 883 884 # The kernel maintains various markers for the MDB dump. Add a test for 885 # large scale MDB dump to make sure that all the configured entries are 886 # dumped and that the markers are used correctly. 887 888 # Create net devices. 889 for i in $(seq 1 $max_vxlan_devs); do 890 ip -n $ns1 link add name vx-test${i} up type vxlan \ 891 local $local_addr dstport 4789 external vnifilter 892 done 893 894 # Create batch file with MDB entries. 895 batch_file=$(mktemp) 896 for i in $(seq 1 $max_vxlan_devs); do 897 for j in $(seq 1 $max_remotes); do 898 for grp in $($fn $max_grps); do 899 echo "mdb add dev vx-test${i} port vx-test${i} grp $grp permanent dst ${remote_prefix}${j}" >> $batch_file 900 done 901 done 902 done 903 904 # Program the batch file and check for expected number of entries. 905 bridge -n $ns1 -b $batch_file 906 for i in $(seq 1 $max_vxlan_devs); do 907 num_entries=$(bridge -n $ns1 mdb show dev vx-test${i} | grep "permanent" | wc -l) 908 [[ $num_entries -eq $((max_grps * max_remotes)) ]] 909 log_test $? 0 "Large scale dump - VXLAN device #$i" 910 done 911 912 rm -rf $batch_file 913} 914 915dump_ipv4_ipv4() 916{ 917 local ns1=$ns1_v4 918 local local_addr=192.0.2.1 919 local remote_prefix=198.51.100. 920 local fn=ipv4_grps_get 921 922 echo 923 echo "Control path: Large scale MDB dump - IPv4 overlay / IPv4 underlay" 924 echo "-----------------------------------------------------------------" 925 926 dump_common $ns1 $local_addr $remote_prefix $fn 927} 928 929dump_ipv6_ipv4() 930{ 931 local ns1=$ns1_v4 932 local local_addr=192.0.2.1 933 local remote_prefix=198.51.100. 934 local fn=ipv6_grps_get 935 936 echo 937 echo "Control path: Large scale MDB dump - IPv6 overlay / IPv4 underlay" 938 echo "-----------------------------------------------------------------" 939 940 dump_common $ns1 $local_addr $remote_prefix $fn 941} 942 943dump_ipv4_ipv6() 944{ 945 local ns1=$ns1_v6 946 local local_addr=2001:db8:1::1 947 local remote_prefix=2001:db8:1000:: 948 local fn=ipv4_grps_get 949 950 echo 951 echo "Control path: Large scale MDB dump - IPv4 overlay / IPv6 underlay" 952 echo "-----------------------------------------------------------------" 953 954 dump_common $ns1 $local_addr $remote_prefix $fn 955} 956 957dump_ipv6_ipv6() 958{ 959 local ns1=$ns1_v6 960 local local_addr=2001:db8:1::1 961 local remote_prefix=2001:db8:1000:: 962 local fn=ipv6_grps_get 963 964 echo 965 echo "Control path: Large scale MDB dump - IPv6 overlay / IPv6 underlay" 966 echo "-----------------------------------------------------------------" 967 968 dump_common $ns1 $local_addr $remote_prefix $fn 969} 970 971################################################################################ 972# Tests - Data path 973 974encap_params_common() 975{ 976 local ns1=$1; shift 977 local ns2=$1; shift 978 local vtep1_ip=$1; shift 979 local vtep2_ip=$1; shift 980 local plen=$1; shift 981 local enc_ethtype=$1; shift 982 local grp=$1; shift 983 local src=$1; shift 984 local mz=$1; shift 985 986 # Test that packets forwarded by the VXLAN MDB are encapsulated with 987 # the correct parameters. Transmit packets from the first namespace and 988 # check that they hit the corresponding filters on the ingress of the 989 # second namespace. 990 991 run_cmd "tc -n $ns2 qdisc replace dev veth0 clsact" 992 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 993 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 994 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 995 996 # Check destination IP. 997 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 998 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep2_ip src_vni 10020" 999 1000 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1001 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1002 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1003 log_test $? 0 "Destination IP - match" 1004 1005 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1006 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1007 log_test $? 0 "Destination IP - no match" 1008 1009 run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower" 1010 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10020" 1011 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 1012 1013 # Check destination port. 1014 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1015 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip dst_port 1111 src_vni 10020" 1016 1017 run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 4789 action pass" 1018 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1019 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1020 log_test $? 0 "Default destination port - match" 1021 1022 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1023 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1024 log_test $? 0 "Default destination port - no match" 1025 1026 run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 1111 action pass" 1027 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1028 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1029 log_test $? 0 "Non-default destination port - match" 1030 1031 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1032 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1033 log_test $? 0 "Non-default destination port - no match" 1034 1035 run_cmd "tc -n $ns2 filter del dev veth0 ingress pref 1 handle 101 flower" 1036 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020" 1037 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 1038 1039 # Check default VNI. 1040 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1041 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10020" 1042 1043 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10010 action pass" 1044 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1045 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1046 log_test $? 0 "Default destination VNI - match" 1047 1048 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1049 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1050 log_test $? 0 "Default destination VNI - no match" 1051 1052 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10020 src_vni 10010" 1053 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10010 src_vni 10020" 1054 1055 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10020 action pass" 1056 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1057 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1058 log_test $? 0 "Non-default destination VNI - match" 1059 1060 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1061 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1062 log_test $? 0 "Non-default destination VNI - no match" 1063 1064 run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower" 1065 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020" 1066 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 1067} 1068 1069encap_params_ipv4_ipv4() 1070{ 1071 local ns1=$ns1_v4 1072 local ns2=$ns2_v4 1073 local vtep1_ip=198.51.100.100 1074 local vtep2_ip=198.51.100.200 1075 local plen=32 1076 local enc_ethtype="ip" 1077 local grp=239.1.1.1 1078 local src=192.0.2.129 1079 1080 echo 1081 echo "Data path: Encapsulation parameters - IPv4 overlay / IPv4 underlay" 1082 echo "------------------------------------------------------------------" 1083 1084 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1085 $grp $src "mausezahn" 1086} 1087 1088encap_params_ipv6_ipv4() 1089{ 1090 local ns1=$ns1_v4 1091 local ns2=$ns2_v4 1092 local vtep1_ip=198.51.100.100 1093 local vtep2_ip=198.51.100.200 1094 local plen=32 1095 local enc_ethtype="ip" 1096 local grp=ff0e::1 1097 local src=2001:db8:100::1 1098 1099 echo 1100 echo "Data path: Encapsulation parameters - IPv6 overlay / IPv4 underlay" 1101 echo "------------------------------------------------------------------" 1102 1103 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1104 $grp $src "mausezahn -6" 1105} 1106 1107encap_params_ipv4_ipv6() 1108{ 1109 local ns1=$ns1_v6 1110 local ns2=$ns2_v6 1111 local vtep1_ip=2001:db8:1000::1 1112 local vtep2_ip=2001:db8:2000::1 1113 local plen=128 1114 local enc_ethtype="ipv6" 1115 local grp=239.1.1.1 1116 local src=192.0.2.129 1117 1118 echo 1119 echo "Data path: Encapsulation parameters - IPv4 overlay / IPv6 underlay" 1120 echo "------------------------------------------------------------------" 1121 1122 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1123 $grp $src "mausezahn" 1124} 1125 1126encap_params_ipv6_ipv6() 1127{ 1128 local ns1=$ns1_v6 1129 local ns2=$ns2_v6 1130 local vtep1_ip=2001:db8:1000::1 1131 local vtep2_ip=2001:db8:2000::1 1132 local plen=128 1133 local enc_ethtype="ipv6" 1134 local grp=ff0e::1 1135 local src=2001:db8:100::1 1136 1137 echo 1138 echo "Data path: Encapsulation parameters - IPv6 overlay / IPv6 underlay" 1139 echo "------------------------------------------------------------------" 1140 1141 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1142 $grp $src "mausezahn -6" 1143} 1144 1145starg_exclude_ir_common() 1146{ 1147 local ns1=$1; shift 1148 local ns2=$1; shift 1149 local vtep1_ip=$1; shift 1150 local vtep2_ip=$1; shift 1151 local plen=$1; shift 1152 local grp=$1; shift 1153 local valid_src=$1; shift 1154 local invalid_src=$1; shift 1155 local mz=$1; shift 1156 1157 # Install a (*, G) EXCLUDE MDB entry with one source and two remote 1158 # VTEPs. Make sure that the source in the source list is not forwarded 1159 # and that a source not in the list is forwarded. Remove one of the 1160 # VTEPs from the entry and make sure that packets are only forwarded to 1161 # the remaining VTEP. 1162 1163 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1164 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1165 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1166 1167 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1168 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1169 1170 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep1_ip src_vni 10010" 1171 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep2_ip src_vni 10010" 1172 1173 # Check that invalid source is not forwarded to any VTEP. 1174 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1175 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1176 log_test $? 0 "Block excluded source - first VTEP" 1177 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1178 log_test $? 0 "Block excluded source - second VTEP" 1179 1180 # Check that valid source is forwarded to both VTEPs. 1181 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1182 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1183 log_test $? 0 "Forward valid source - first VTEP" 1184 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1185 log_test $? 0 "Forward valid source - second VTEP" 1186 1187 # Remove second VTEP. 1188 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010" 1189 1190 # Check that invalid source is not forwarded to any VTEP. 1191 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1192 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1193 log_test $? 0 "Block excluded source after removal - first VTEP" 1194 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1195 log_test $? 0 "Block excluded source after removal - second VTEP" 1196 1197 # Check that valid source is forwarded to the remaining VTEP. 1198 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1199 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1200 log_test $? 0 "Forward valid source after removal - first VTEP" 1201 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1202 log_test $? 0 "Forward valid source after removal - second VTEP" 1203} 1204 1205starg_exclude_ir_ipv4_ipv4() 1206{ 1207 local ns1=$ns1_v4 1208 local ns2=$ns2_v4 1209 local vtep1_ip=198.51.100.100 1210 local vtep2_ip=198.51.100.200 1211 local plen=32 1212 local grp=239.1.1.1 1213 local valid_src=192.0.2.129 1214 local invalid_src=192.0.2.145 1215 1216 echo 1217 echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv4 underlay" 1218 echo "-------------------------------------------------------------" 1219 1220 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1221 $valid_src $invalid_src "mausezahn" 1222} 1223 1224starg_exclude_ir_ipv6_ipv4() 1225{ 1226 local ns1=$ns1_v4 1227 local ns2=$ns2_v4 1228 local vtep1_ip=198.51.100.100 1229 local vtep2_ip=198.51.100.200 1230 local plen=32 1231 local grp=ff0e::1 1232 local valid_src=2001:db8:100::1 1233 local invalid_src=2001:db8:200::1 1234 1235 echo 1236 echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv4 underlay" 1237 echo "-------------------------------------------------------------" 1238 1239 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1240 $valid_src $invalid_src "mausezahn -6" 1241} 1242 1243starg_exclude_ir_ipv4_ipv6() 1244{ 1245 local ns1=$ns1_v6 1246 local ns2=$ns2_v6 1247 local vtep1_ip=2001:db8:1000::1 1248 local vtep2_ip=2001:db8:2000::1 1249 local plen=128 1250 local grp=239.1.1.1 1251 local valid_src=192.0.2.129 1252 local invalid_src=192.0.2.145 1253 1254 echo 1255 echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv6 underlay" 1256 echo "-------------------------------------------------------------" 1257 1258 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1259 $valid_src $invalid_src "mausezahn" 1260} 1261 1262starg_exclude_ir_ipv6_ipv6() 1263{ 1264 local ns1=$ns1_v6 1265 local ns2=$ns2_v6 1266 local vtep1_ip=2001:db8:1000::1 1267 local vtep2_ip=2001:db8:2000::1 1268 local plen=128 1269 local grp=ff0e::1 1270 local valid_src=2001:db8:100::1 1271 local invalid_src=2001:db8:200::1 1272 1273 echo 1274 echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv6 underlay" 1275 echo "-------------------------------------------------------------" 1276 1277 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1278 $valid_src $invalid_src "mausezahn -6" 1279} 1280 1281starg_include_ir_common() 1282{ 1283 local ns1=$1; shift 1284 local ns2=$1; shift 1285 local vtep1_ip=$1; shift 1286 local vtep2_ip=$1; shift 1287 local plen=$1; shift 1288 local grp=$1; shift 1289 local valid_src=$1; shift 1290 local invalid_src=$1; shift 1291 local mz=$1; shift 1292 1293 # Install a (*, G) INCLUDE MDB entry with one source and two remote 1294 # VTEPs. Make sure that the source in the source list is forwarded and 1295 # that a source not in the list is not forwarded. Remove one of the 1296 # VTEPs from the entry and make sure that packets are only forwarded to 1297 # the remaining VTEP. 1298 1299 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1300 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1301 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1302 1303 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1304 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1305 1306 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep1_ip src_vni 10010" 1307 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep2_ip src_vni 10010" 1308 1309 # Check that invalid source is not forwarded to any VTEP. 1310 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1311 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1312 log_test $? 0 "Block excluded source - first VTEP" 1313 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1314 log_test $? 0 "Block excluded source - second VTEP" 1315 1316 # Check that valid source is forwarded to both VTEPs. 1317 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1318 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1319 log_test $? 0 "Forward valid source - first VTEP" 1320 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1321 log_test $? 0 "Forward valid source - second VTEP" 1322 1323 # Remove second VTEP. 1324 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010" 1325 1326 # Check that invalid source is not forwarded to any VTEP. 1327 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1328 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1329 log_test $? 0 "Block excluded source after removal - first VTEP" 1330 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1331 log_test $? 0 "Block excluded source after removal - second VTEP" 1332 1333 # Check that valid source is forwarded to the remaining VTEP. 1334 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1335 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1336 log_test $? 0 "Forward valid source after removal - first VTEP" 1337 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1338 log_test $? 0 "Forward valid source after removal - second VTEP" 1339} 1340 1341starg_include_ir_ipv4_ipv4() 1342{ 1343 local ns1=$ns1_v4 1344 local ns2=$ns2_v4 1345 local vtep1_ip=198.51.100.100 1346 local vtep2_ip=198.51.100.200 1347 local plen=32 1348 local grp=239.1.1.1 1349 local valid_src=192.0.2.129 1350 local invalid_src=192.0.2.145 1351 1352 echo 1353 echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv4 underlay" 1354 echo "-------------------------------------------------------------" 1355 1356 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1357 $valid_src $invalid_src "mausezahn" 1358} 1359 1360starg_include_ir_ipv6_ipv4() 1361{ 1362 local ns1=$ns1_v4 1363 local ns2=$ns2_v4 1364 local vtep1_ip=198.51.100.100 1365 local vtep2_ip=198.51.100.200 1366 local plen=32 1367 local grp=ff0e::1 1368 local valid_src=2001:db8:100::1 1369 local invalid_src=2001:db8:200::1 1370 1371 echo 1372 echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv4 underlay" 1373 echo "-------------------------------------------------------------" 1374 1375 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1376 $valid_src $invalid_src "mausezahn -6" 1377} 1378 1379starg_include_ir_ipv4_ipv6() 1380{ 1381 local ns1=$ns1_v6 1382 local ns2=$ns2_v6 1383 local vtep1_ip=2001:db8:1000::1 1384 local vtep2_ip=2001:db8:2000::1 1385 local plen=128 1386 local grp=239.1.1.1 1387 local valid_src=192.0.2.129 1388 local invalid_src=192.0.2.145 1389 1390 echo 1391 echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv6 underlay" 1392 echo "-------------------------------------------------------------" 1393 1394 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1395 $valid_src $invalid_src "mausezahn" 1396} 1397 1398starg_include_ir_ipv6_ipv6() 1399{ 1400 local ns1=$ns1_v6 1401 local ns2=$ns2_v6 1402 local vtep1_ip=2001:db8:1000::1 1403 local vtep2_ip=2001:db8:2000::1 1404 local plen=128 1405 local grp=ff0e::1 1406 local valid_src=2001:db8:100::1 1407 local invalid_src=2001:db8:200::1 1408 1409 echo 1410 echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv6 underlay" 1411 echo "-------------------------------------------------------------" 1412 1413 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1414 $valid_src $invalid_src "mausezahn -6" 1415} 1416 1417starg_exclude_p2mp_common() 1418{ 1419 local ns1=$1; shift 1420 local ns2=$1; shift 1421 local mcast_grp=$1; shift 1422 local plen=$1; shift 1423 local grp=$1; shift 1424 local valid_src=$1; shift 1425 local invalid_src=$1; shift 1426 local mz=$1; shift 1427 1428 # Install a (*, G) EXCLUDE MDB entry with one source and one multicast 1429 # group to which packets are sent. Make sure that the source in the 1430 # source list is not forwarded and that a source not in the list is 1431 # forwarded. 1432 1433 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1434 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin" 1435 1436 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $mcast_grp action pass" 1437 1438 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $mcast_grp src_vni 10010 via veth0" 1439 1440 # Check that invalid source is not forwarded. 1441 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1442 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1443 log_test $? 0 "Block excluded source" 1444 1445 # Check that valid source is forwarded. 1446 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1447 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1448 log_test $? 0 "Forward valid source" 1449 1450 # Remove the VTEP from the multicast group. 1451 run_cmd "ip -n $ns2 address del $mcast_grp/$plen dev veth0" 1452 1453 # Check that valid source is not received anymore. 1454 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1455 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1456 log_test $? 0 "Receive of valid source after removal from group" 1457} 1458 1459starg_exclude_p2mp_ipv4_ipv4() 1460{ 1461 local ns1=$ns1_v4 1462 local ns2=$ns2_v4 1463 local mcast_grp=238.1.1.1 1464 local plen=32 1465 local grp=239.1.1.1 1466 local valid_src=192.0.2.129 1467 local invalid_src=192.0.2.145 1468 1469 echo 1470 echo "Data path: (*, G) EXCLUDE - P2MP - IPv4 overlay / IPv4 underlay" 1471 echo "---------------------------------------------------------------" 1472 1473 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1474 $valid_src $invalid_src "mausezahn" 1475} 1476 1477starg_exclude_p2mp_ipv6_ipv4() 1478{ 1479 local ns1=$ns1_v4 1480 local ns2=$ns2_v4 1481 local mcast_grp=238.1.1.1 1482 local plen=32 1483 local grp=ff0e::1 1484 local valid_src=2001:db8:100::1 1485 local invalid_src=2001:db8:200::1 1486 1487 echo 1488 echo "Data path: (*, G) EXCLUDE - P2MP - IPv6 overlay / IPv4 underlay" 1489 echo "---------------------------------------------------------------" 1490 1491 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1492 $valid_src $invalid_src "mausezahn -6" 1493} 1494 1495starg_exclude_p2mp_ipv4_ipv6() 1496{ 1497 local ns1=$ns1_v6 1498 local ns2=$ns2_v6 1499 local mcast_grp=ff0e::2 1500 local plen=128 1501 local grp=239.1.1.1 1502 local valid_src=192.0.2.129 1503 local invalid_src=192.0.2.145 1504 1505 echo 1506 echo "Data path: (*, G) EXCLUDE - P2MP - IPv4 overlay / IPv6 underlay" 1507 echo "---------------------------------------------------------------" 1508 1509 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1510 $valid_src $invalid_src "mausezahn" 1511} 1512 1513starg_exclude_p2mp_ipv6_ipv6() 1514{ 1515 local ns1=$ns1_v6 1516 local ns2=$ns2_v6 1517 local mcast_grp=ff0e::2 1518 local plen=128 1519 local grp=ff0e::1 1520 local valid_src=2001:db8:100::1 1521 local invalid_src=2001:db8:200::1 1522 1523 echo 1524 echo "Data path: (*, G) EXCLUDE - P2MP - IPv6 overlay / IPv6 underlay" 1525 echo "---------------------------------------------------------------" 1526 1527 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1528 $valid_src $invalid_src "mausezahn -6" 1529} 1530 1531starg_include_p2mp_common() 1532{ 1533 local ns1=$1; shift 1534 local ns2=$1; shift 1535 local mcast_grp=$1; shift 1536 local plen=$1; shift 1537 local grp=$1; shift 1538 local valid_src=$1; shift 1539 local invalid_src=$1; shift 1540 local mz=$1; shift 1541 1542 # Install a (*, G) INCLUDE MDB entry with one source and one multicast 1543 # group to which packets are sent. Make sure that the source in the 1544 # source list is forwarded and that a source not in the list is not 1545 # forwarded. 1546 1547 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1548 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin" 1549 1550 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $mcast_grp action pass" 1551 1552 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $mcast_grp src_vni 10010 via veth0" 1553 1554 # Check that invalid source is not forwarded. 1555 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1556 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1557 log_test $? 0 "Block excluded source" 1558 1559 # Check that valid source is forwarded. 1560 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1561 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1562 log_test $? 0 "Forward valid source" 1563 1564 # Remove the VTEP from the multicast group. 1565 run_cmd "ip -n $ns2 address del $mcast_grp/$plen dev veth0" 1566 1567 # Check that valid source is not received anymore. 1568 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1569 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1570 log_test $? 0 "Receive of valid source after removal from group" 1571} 1572 1573starg_include_p2mp_ipv4_ipv4() 1574{ 1575 local ns1=$ns1_v4 1576 local ns2=$ns2_v4 1577 local mcast_grp=238.1.1.1 1578 local plen=32 1579 local grp=239.1.1.1 1580 local valid_src=192.0.2.129 1581 local invalid_src=192.0.2.145 1582 1583 echo 1584 echo "Data path: (*, G) INCLUDE - P2MP - IPv4 overlay / IPv4 underlay" 1585 echo "---------------------------------------------------------------" 1586 1587 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1588 $valid_src $invalid_src "mausezahn" 1589} 1590 1591starg_include_p2mp_ipv6_ipv4() 1592{ 1593 local ns1=$ns1_v4 1594 local ns2=$ns2_v4 1595 local mcast_grp=238.1.1.1 1596 local plen=32 1597 local grp=ff0e::1 1598 local valid_src=2001:db8:100::1 1599 local invalid_src=2001:db8:200::1 1600 1601 echo 1602 echo "Data path: (*, G) INCLUDE - P2MP - IPv6 overlay / IPv4 underlay" 1603 echo "---------------------------------------------------------------" 1604 1605 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1606 $valid_src $invalid_src "mausezahn -6" 1607} 1608 1609starg_include_p2mp_ipv4_ipv6() 1610{ 1611 local ns1=$ns1_v6 1612 local ns2=$ns2_v6 1613 local mcast_grp=ff0e::2 1614 local plen=128 1615 local grp=239.1.1.1 1616 local valid_src=192.0.2.129 1617 local invalid_src=192.0.2.145 1618 1619 echo 1620 echo "Data path: (*, G) INCLUDE - P2MP - IPv4 overlay / IPv6 underlay" 1621 echo "---------------------------------------------------------------" 1622 1623 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1624 $valid_src $invalid_src "mausezahn" 1625} 1626 1627starg_include_p2mp_ipv6_ipv6() 1628{ 1629 local ns1=$ns1_v6 1630 local ns2=$ns2_v6 1631 local mcast_grp=ff0e::2 1632 local plen=128 1633 local grp=ff0e::1 1634 local valid_src=2001:db8:100::1 1635 local invalid_src=2001:db8:200::1 1636 1637 echo 1638 echo "Data path: (*, G) INCLUDE - P2MP - IPv6 overlay / IPv6 underlay" 1639 echo "---------------------------------------------------------------" 1640 1641 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1642 $valid_src $invalid_src "mausezahn -6" 1643} 1644 1645egress_vni_translation_common() 1646{ 1647 local ns1=$1; shift 1648 local ns2=$1; shift 1649 local mcast_grp=$1; shift 1650 local plen=$1; shift 1651 local proto=$1; shift 1652 local grp=$1; shift 1653 local src=$1; shift 1654 local mz=$1; shift 1655 1656 # When P2MP tunnels are used with optimized inter-subnet multicast 1657 # (OISM) [1], the ingress VTEP does not perform VNI translation and 1658 # uses the VNI of the source broadcast domain (BD). If the egress VTEP 1659 # is a member in the source BD, then no VNI translation is needed. 1660 # Otherwise, the egress VTEP needs to translate the VNI to the 1661 # supplementary broadcast domain (SBD) VNI, which is usually the L3VNI. 1662 # 1663 # In this test, remove the VTEP in the second namespace from VLAN 10 1664 # (VNI 10010) and make sure that a packet sent from this VLAN on the 1665 # first VTEP is received by the SVI corresponding to the L3VNI (14000 / 1666 # VLAN 4000) on the second VTEP. 1667 # 1668 # The second VTEP will be able to decapsulate the packet with VNI 10010 1669 # because this VNI is configured on its shared VXLAN device. Later, 1670 # when ingressing the bridge, the VNI to VLAN lookup will fail because 1671 # the VTEP is not a member in VLAN 10, which will cause the packet to 1672 # be tagged with VLAN 4000 since it is configured as PVID. 1673 # 1674 # [1] https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-mcast 1675 1676 run_cmd "tc -n $ns2 qdisc replace dev br0.4000 clsact" 1677 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin" 1678 run_cmd "tc -n $ns2 filter replace dev br0.4000 ingress pref 1 handle 101 proto $proto flower src_ip $src dst_ip $grp action pass" 1679 1680 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp src $src permanent dst $mcast_grp src_vni 10010 via veth0" 1681 1682 # Remove the second VTEP from VLAN 10. 1683 run_cmd "bridge -n $ns2 vlan del vid 10 dev vx0" 1684 1685 # Make sure that packets sent from the first VTEP over VLAN 10 are 1686 # received by the SVI corresponding to the L3VNI (14000 / VLAN 4000) on 1687 # the second VTEP, since it is configured as PVID. 1688 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1689 tc_check_packets "$ns2" "dev br0.4000 ingress" 101 1 1690 log_test $? 0 "Egress VNI translation - PVID configured" 1691 1692 # Remove PVID flag from VLAN 4000 on the second VTEP and make sure 1693 # packets are no longer received by the SVI interface. 1694 run_cmd "bridge -n $ns2 vlan add vid 4000 dev vx0" 1695 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1696 tc_check_packets "$ns2" "dev br0.4000 ingress" 101 1 1697 log_test $? 0 "Egress VNI translation - no PVID configured" 1698 1699 # Reconfigure the PVID and make sure packets are received again. 1700 run_cmd "bridge -n $ns2 vlan add vid 4000 dev vx0 pvid" 1701 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1702 tc_check_packets "$ns2" "dev br0.4000 ingress" 101 2 1703 log_test $? 0 "Egress VNI translation - PVID reconfigured" 1704} 1705 1706egress_vni_translation_ipv4_ipv4() 1707{ 1708 local ns1=$ns1_v4 1709 local ns2=$ns2_v4 1710 local mcast_grp=238.1.1.1 1711 local plen=32 1712 local proto="ipv4" 1713 local grp=239.1.1.1 1714 local src=192.0.2.129 1715 1716 echo 1717 echo "Data path: Egress VNI translation - IPv4 overlay / IPv4 underlay" 1718 echo "----------------------------------------------------------------" 1719 1720 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1721 $src "mausezahn" 1722} 1723 1724egress_vni_translation_ipv6_ipv4() 1725{ 1726 local ns1=$ns1_v4 1727 local ns2=$ns2_v4 1728 local mcast_grp=238.1.1.1 1729 local plen=32 1730 local proto="ipv6" 1731 local grp=ff0e::1 1732 local src=2001:db8:100::1 1733 1734 echo 1735 echo "Data path: Egress VNI translation - IPv6 overlay / IPv4 underlay" 1736 echo "----------------------------------------------------------------" 1737 1738 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1739 $src "mausezahn -6" 1740} 1741 1742egress_vni_translation_ipv4_ipv6() 1743{ 1744 local ns1=$ns1_v6 1745 local ns2=$ns2_v6 1746 local mcast_grp=ff0e::2 1747 local plen=128 1748 local proto="ipv4" 1749 local grp=239.1.1.1 1750 local src=192.0.2.129 1751 1752 echo 1753 echo "Data path: Egress VNI translation - IPv4 overlay / IPv6 underlay" 1754 echo "----------------------------------------------------------------" 1755 1756 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1757 $src "mausezahn" 1758} 1759 1760egress_vni_translation_ipv6_ipv6() 1761{ 1762 local ns1=$ns1_v6 1763 local ns2=$ns2_v6 1764 local mcast_grp=ff0e::2 1765 local plen=128 1766 local proto="ipv6" 1767 local grp=ff0e::1 1768 local src=2001:db8:100::1 1769 1770 echo 1771 echo "Data path: Egress VNI translation - IPv6 overlay / IPv6 underlay" 1772 echo "----------------------------------------------------------------" 1773 1774 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1775 $src "mausezahn -6" 1776} 1777 1778all_zeros_mdb_common() 1779{ 1780 local ns1=$1; shift 1781 local ns2=$1; shift 1782 local vtep1_ip=$1; shift 1783 local vtep2_ip=$1; shift 1784 local vtep3_ip=$1; shift 1785 local vtep4_ip=$1; shift 1786 local plen=$1; shift 1787 local ipv4_grp=239.1.1.1 1788 local ipv4_unreg_grp=239.2.2.2 1789 local ipv4_ll_grp=224.0.0.100 1790 local ipv4_src=192.0.2.129 1791 local ipv6_grp=ff0e::1 1792 local ipv6_unreg_grp=ff0e::2 1793 local ipv6_ll_grp=ff02::1 1794 local ipv6_src=2001:db8:100::1 1795 1796 # Install all-zeros (catchall) MDB entries for IPv4 and IPv6 traffic 1797 # and make sure they only forward unregistered IP multicast traffic 1798 # which is not link-local. Also make sure that each entry only forwards 1799 # traffic from the matching address family. 1800 1801 # Associate two different VTEPs with one all-zeros MDB entry: Two with 1802 # the IPv4 entry (0.0.0.0) and another two with the IPv6 one (::). 1803 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp 0.0.0.0 permanent dst $vtep1_ip src_vni 10010" 1804 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp 0.0.0.0 permanent dst $vtep2_ip src_vni 10010" 1805 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp :: permanent dst $vtep3_ip src_vni 10010" 1806 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp :: permanent dst $vtep4_ip src_vni 10010" 1807 1808 # Associate one VTEP from each set with a regular MDB entry: One with 1809 # an IPv4 entry and another with an IPv6 one. 1810 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $ipv4_grp permanent dst $vtep1_ip src_vni 10010" 1811 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $ipv6_grp permanent dst $vtep3_ip src_vni 10010" 1812 1813 # Add filters to match on decapsulated traffic in the second namespace. 1814 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1815 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1816 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1817 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 103 proto all flower enc_dst_ip $vtep3_ip action pass" 1818 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 104 proto all flower enc_dst_ip $vtep4_ip action pass" 1819 1820 # Configure the VTEP addresses in the second namespace to enable 1821 # decapsulation. 1822 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1823 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1824 run_cmd "ip -n $ns2 address replace $vtep3_ip/$plen dev lo" 1825 run_cmd "ip -n $ns2 address replace $vtep4_ip/$plen dev lo" 1826 1827 # Send registered IPv4 multicast and make sure it only arrives to the 1828 # first VTEP. 1829 run_cmd "ip netns exec $ns1 mausezahn br0.10 -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1830 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1831 log_test $? 0 "Registered IPv4 multicast - first VTEP" 1832 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1833 log_test $? 0 "Registered IPv4 multicast - second VTEP" 1834 1835 # Send unregistered IPv4 multicast that is not link-local and make sure 1836 # it arrives to the first and second VTEPs. 1837 run_cmd "ip netns exec $ns1 mausezahn br0.10 -A $ipv4_src -B $ipv4_unreg_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1838 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1839 log_test $? 0 "Unregistered IPv4 multicast - first VTEP" 1840 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1841 log_test $? 0 "Unregistered IPv4 multicast - second VTEP" 1842 1843 # Send IPv4 link-local multicast traffic and make sure it does not 1844 # arrive to any VTEP. 1845 run_cmd "ip netns exec $ns1 mausezahn br0.10 -A $ipv4_src -B $ipv4_ll_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1846 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1847 log_test $? 0 "Link-local IPv4 multicast - first VTEP" 1848 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1849 log_test $? 0 "Link-local IPv4 multicast - second VTEP" 1850 1851 # Send registered IPv4 multicast using a unicast MAC address and make 1852 # sure it does not arrive to any VTEP. 1853 run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b 00:11:22:33:44:55 -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1854 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1855 log_test $? 0 "Registered IPv4 multicast with a unicast MAC - first VTEP" 1856 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1857 log_test $? 0 "Registered IPv4 multicast with a unicast MAC - second VTEP" 1858 1859 # Send registered IPv4 multicast using a broadcast MAC address and make 1860 # sure it does not arrive to any VTEP. 1861 run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b bcast -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1862 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1863 log_test $? 0 "Registered IPv4 multicast with a broadcast MAC - first VTEP" 1864 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1865 log_test $? 0 "Registered IPv4 multicast with a broadcast MAC - second VTEP" 1866 1867 # Make sure IPv4 traffic did not reach the VTEPs associated with 1868 # IPv6 entries. 1869 tc_check_packets "$ns2" "dev vx0 ingress" 103 0 1870 log_test $? 0 "IPv4 traffic - third VTEP" 1871 tc_check_packets "$ns2" "dev vx0 ingress" 104 0 1872 log_test $? 0 "IPv4 traffic - fourth VTEP" 1873 1874 # Reset IPv4 filters before testing IPv6 traffic. 1875 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1876 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1877 1878 # Send registered IPv6 multicast and make sure it only arrives to the 1879 # third VTEP. 1880 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1881 tc_check_packets "$ns2" "dev vx0 ingress" 103 1 1882 log_test $? 0 "Registered IPv6 multicast - third VTEP" 1883 tc_check_packets "$ns2" "dev vx0 ingress" 104 0 1884 log_test $? 0 "Registered IPv6 multicast - fourth VTEP" 1885 1886 # Send unregistered IPv6 multicast that is not link-local and make sure 1887 # it arrives to the third and fourth VTEPs. 1888 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -A $ipv6_src -B $ipv6_unreg_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1889 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1890 log_test $? 0 "Unregistered IPv6 multicast - third VTEP" 1891 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1892 log_test $? 0 "Unregistered IPv6 multicast - fourth VTEP" 1893 1894 # Send IPv6 link-local multicast traffic and make sure it does not 1895 # arrive to any VTEP. 1896 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -A $ipv6_src -B $ipv6_ll_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1897 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1898 log_test $? 0 "Link-local IPv6 multicast - third VTEP" 1899 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1900 log_test $? 0 "Link-local IPv6 multicast - fourth VTEP" 1901 1902 # Send registered IPv6 multicast using a unicast MAC address and make 1903 # sure it does not arrive to any VTEP. 1904 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b 00:11:22:33:44:55 -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1905 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1906 log_test $? 0 "Registered IPv6 multicast with a unicast MAC - third VTEP" 1907 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1908 log_test $? 0 "Registered IPv6 multicast with a unicast MAC - fourth VTEP" 1909 1910 # Send registered IPv6 multicast using a broadcast MAC address and make 1911 # sure it does not arrive to any VTEP. 1912 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b bcast -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1913 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1914 log_test $? 0 "Registered IPv6 multicast with a broadcast MAC - third VTEP" 1915 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1916 log_test $? 0 "Registered IPv6 multicast with a broadcast MAC - fourth VTEP" 1917 1918 # Make sure IPv6 traffic did not reach the VTEPs associated with 1919 # IPv4 entries. 1920 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1921 log_test $? 0 "IPv6 traffic - first VTEP" 1922 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1923 log_test $? 0 "IPv6 traffic - second VTEP" 1924} 1925 1926all_zeros_mdb_ipv4() 1927{ 1928 local ns1=$ns1_v4 1929 local ns2=$ns2_v4 1930 local vtep1_ip=198.51.100.101 1931 local vtep2_ip=198.51.100.102 1932 local vtep3_ip=198.51.100.103 1933 local vtep4_ip=198.51.100.104 1934 local plen=32 1935 1936 echo 1937 echo "Data path: All-zeros MDB entry - IPv4 underlay" 1938 echo "----------------------------------------------" 1939 1940 all_zeros_mdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $vtep3_ip \ 1941 $vtep4_ip $plen 1942} 1943 1944all_zeros_mdb_ipv6() 1945{ 1946 local ns1=$ns1_v6 1947 local ns2=$ns2_v6 1948 local vtep1_ip=2001:db8:1000::1 1949 local vtep2_ip=2001:db8:2000::1 1950 local vtep3_ip=2001:db8:3000::1 1951 local vtep4_ip=2001:db8:4000::1 1952 local plen=128 1953 1954 echo 1955 echo "Data path: All-zeros MDB entry - IPv6 underlay" 1956 echo "----------------------------------------------" 1957 1958 all_zeros_mdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $vtep3_ip \ 1959 $vtep4_ip $plen 1960} 1961 1962mdb_fdb_common() 1963{ 1964 local ns1=$1; shift 1965 local ns2=$1; shift 1966 local vtep1_ip=$1; shift 1967 local vtep2_ip=$1; shift 1968 local plen=$1; shift 1969 local proto=$1; shift 1970 local grp=$1; shift 1971 local src=$1; shift 1972 local mz=$1; shift 1973 1974 # Install an MDB entry and an FDB entry and make sure that the FDB 1975 # entry only forwards traffic that was not forwarded by the MDB. 1976 1977 # Associate the MDB entry with one VTEP and the FDB entry with another 1978 # VTEP. 1979 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1980 run_cmd "bridge -n $ns1 fdb add 00:00:00:00:00:00 dev vx0 self static dst $vtep2_ip src_vni 10010" 1981 1982 # Add filters to match on decapsulated traffic in the second namespace. 1983 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1984 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto $proto flower ip_proto udp dst_port 54321 enc_dst_ip $vtep1_ip action pass" 1985 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto $proto flower ip_proto udp dst_port 54321 enc_dst_ip $vtep2_ip action pass" 1986 1987 # Configure the VTEP addresses in the second namespace to enable 1988 # decapsulation. 1989 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1990 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1991 1992 # Send IP multicast traffic and make sure it is forwarded by the MDB 1993 # and only arrives to the first VTEP. 1994 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1995 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1996 log_test $? 0 "IP multicast - first VTEP" 1997 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1998 log_test $? 0 "IP multicast - second VTEP" 1999 2000 # Send broadcast traffic and make sure it is forwarded by the FDB and 2001 # only arrives to the second VTEP. 2002 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b bcast -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 2003 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 2004 log_test $? 0 "Broadcast - first VTEP" 2005 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 2006 log_test $? 0 "Broadcast - second VTEP" 2007 2008 # Remove the MDB entry and make sure that IP multicast is now forwarded 2009 # by the FDB to the second VTEP. 2010 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 2011 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 2012 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 2013 log_test $? 0 "IP multicast after removal - first VTEP" 2014 tc_check_packets "$ns2" "dev vx0 ingress" 102 2 2015 log_test $? 0 "IP multicast after removal - second VTEP" 2016} 2017 2018mdb_fdb_ipv4_ipv4() 2019{ 2020 local ns1=$ns1_v4 2021 local ns2=$ns2_v4 2022 local vtep1_ip=198.51.100.100 2023 local vtep2_ip=198.51.100.200 2024 local plen=32 2025 local proto="ipv4" 2026 local grp=239.1.1.1 2027 local src=192.0.2.129 2028 2029 echo 2030 echo "Data path: MDB with FDB - IPv4 overlay / IPv4 underlay" 2031 echo "------------------------------------------------------" 2032 2033 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \ 2034 "mausezahn" 2035} 2036 2037mdb_fdb_ipv6_ipv4() 2038{ 2039 local ns1=$ns1_v4 2040 local ns2=$ns2_v4 2041 local vtep1_ip=198.51.100.100 2042 local vtep2_ip=198.51.100.200 2043 local plen=32 2044 local proto="ipv6" 2045 local grp=ff0e::1 2046 local src=2001:db8:100::1 2047 2048 echo 2049 echo "Data path: MDB with FDB - IPv6 overlay / IPv4 underlay" 2050 echo "------------------------------------------------------" 2051 2052 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \ 2053 "mausezahn -6" 2054} 2055 2056mdb_fdb_ipv4_ipv6() 2057{ 2058 local ns1=$ns1_v6 2059 local ns2=$ns2_v6 2060 local vtep1_ip=2001:db8:1000::1 2061 local vtep2_ip=2001:db8:2000::1 2062 local plen=128 2063 local proto="ipv4" 2064 local grp=239.1.1.1 2065 local src=192.0.2.129 2066 2067 echo 2068 echo "Data path: MDB with FDB - IPv4 overlay / IPv6 underlay" 2069 echo "------------------------------------------------------" 2070 2071 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \ 2072 "mausezahn" 2073} 2074 2075mdb_fdb_ipv6_ipv6() 2076{ 2077 local ns1=$ns1_v6 2078 local ns2=$ns2_v6 2079 local vtep1_ip=2001:db8:1000::1 2080 local vtep2_ip=2001:db8:2000::1 2081 local plen=128 2082 local proto="ipv6" 2083 local grp=ff0e::1 2084 local src=2001:db8:100::1 2085 2086 echo 2087 echo "Data path: MDB with FDB - IPv6 overlay / IPv6 underlay" 2088 echo "------------------------------------------------------" 2089 2090 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \ 2091 "mausezahn -6" 2092} 2093 2094mdb_grp1_loop() 2095{ 2096 local ns1=$1; shift 2097 local vtep1_ip=$1; shift 2098 local grp1=$1; shift 2099 2100 while true; do 2101 bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp1 dst $vtep1_ip src_vni 10010 2102 bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp1 permanent dst $vtep1_ip src_vni 10010 2103 done >/dev/null 2>&1 2104} 2105 2106mdb_grp2_loop() 2107{ 2108 local ns1=$1; shift 2109 local vtep1_ip=$1; shift 2110 local vtep2_ip=$1; shift 2111 local grp2=$1; shift 2112 2113 while true; do 2114 bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp2 dst $vtep1_ip src_vni 10010 2115 bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp2 permanent dst $vtep1_ip src_vni 10010 2116 bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep2_ip src_vni 10010 2117 done >/dev/null 2>&1 2118} 2119 2120mdb_torture_common() 2121{ 2122 local ns1=$1; shift 2123 local vtep1_ip=$1; shift 2124 local vtep2_ip=$1; shift 2125 local grp1=$1; shift 2126 local grp2=$1; shift 2127 local src=$1; shift 2128 local mz=$1; shift 2129 local pid1 2130 local pid2 2131 local pid3 2132 local pid4 2133 2134 # Continuously send two streams that are forwarded by two different MDB 2135 # entries. The first entry will be added and deleted in a loop. This 2136 # allows us to test that the data path does not use freed MDB entry 2137 # memory. The second entry will have two remotes, one that is added and 2138 # deleted in a loop and another that is replaced in a loop. This allows 2139 # us to test that the data path does not use freed remote entry memory. 2140 # The test is considered successful if nothing crashed. 2141 2142 # Create the MDB entries that will be continuously deleted / replaced. 2143 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp1 permanent dst $vtep1_ip src_vni 10010" 2144 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep1_ip src_vni 10010" 2145 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep2_ip src_vni 10010" 2146 2147 mdb_grp1_loop $ns1 $vtep1_ip $grp1 & 2148 pid1=$! 2149 mdb_grp2_loop $ns1 $vtep1_ip $vtep2_ip $grp2 & 2150 pid2=$! 2151 ip netns exec $ns1 $mz br0.10 -A $src -B $grp1 -t udp sp=12345,dp=54321 -p 100 -c 0 -q & 2152 pid3=$! 2153 ip netns exec $ns1 $mz br0.10 -A $src -B $grp2 -t udp sp=12345,dp=54321 -p 100 -c 0 -q & 2154 pid4=$! 2155 2156 sleep 30 2157 kill -9 $pid1 $pid2 $pid3 $pid4 2158 wait $pid1 $pid2 $pid3 $pid4 2>/dev/null 2159 2160 log_test 0 0 "Torture test" 2161} 2162 2163mdb_torture_ipv4_ipv4() 2164{ 2165 local ns1=$ns1_v4 2166 local vtep1_ip=198.51.100.100 2167 local vtep2_ip=198.51.100.200 2168 local grp1=239.1.1.1 2169 local grp2=239.2.2.2 2170 local src=192.0.2.129 2171 2172 echo 2173 echo "Data path: MDB torture test - IPv4 overlay / IPv4 underlay" 2174 echo "----------------------------------------------------------" 2175 2176 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \ 2177 "mausezahn" 2178} 2179 2180mdb_torture_ipv6_ipv4() 2181{ 2182 local ns1=$ns1_v4 2183 local vtep1_ip=198.51.100.100 2184 local vtep2_ip=198.51.100.200 2185 local grp1=ff0e::1 2186 local grp2=ff0e::2 2187 local src=2001:db8:100::1 2188 2189 echo 2190 echo "Data path: MDB torture test - IPv6 overlay / IPv4 underlay" 2191 echo "----------------------------------------------------------" 2192 2193 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \ 2194 "mausezahn -6" 2195} 2196 2197mdb_torture_ipv4_ipv6() 2198{ 2199 local ns1=$ns1_v6 2200 local vtep1_ip=2001:db8:1000::1 2201 local vtep2_ip=2001:db8:2000::1 2202 local grp1=239.1.1.1 2203 local grp2=239.2.2.2 2204 local src=192.0.2.129 2205 2206 echo 2207 echo "Data path: MDB torture test - IPv4 overlay / IPv6 underlay" 2208 echo "----------------------------------------------------------" 2209 2210 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \ 2211 "mausezahn" 2212} 2213 2214mdb_torture_ipv6_ipv6() 2215{ 2216 local ns1=$ns1_v6 2217 local vtep1_ip=2001:db8:1000::1 2218 local vtep2_ip=2001:db8:2000::1 2219 local grp1=ff0e::1 2220 local grp2=ff0e::2 2221 local src=2001:db8:100::1 2222 2223 echo 2224 echo "Data path: MDB torture test - IPv6 overlay / IPv6 underlay" 2225 echo "----------------------------------------------------------" 2226 2227 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \ 2228 "mausezahn -6" 2229} 2230 2231################################################################################ 2232# Usage 2233 2234usage() 2235{ 2236 cat <<EOF 2237usage: ${0##*/} OPTS 2238 2239 -t <test> Test(s) to run (default: all) 2240 (options: $TESTS) 2241 -c Control path tests only 2242 -d Data path tests only 2243 -p Pause on fail 2244 -P Pause after each test before cleanup 2245 -v Verbose mode (show commands and output) 2246EOF 2247} 2248 2249################################################################################ 2250# Main 2251 2252trap cleanup EXIT 2253 2254while getopts ":t:cdpPvh" opt; do 2255 case $opt in 2256 t) TESTS=$OPTARG;; 2257 c) TESTS=${CONTROL_PATH_TESTS};; 2258 d) TESTS=${DATA_PATH_TESTS};; 2259 p) PAUSE_ON_FAIL=yes;; 2260 P) PAUSE=yes;; 2261 v) VERBOSE=$(($VERBOSE + 1));; 2262 h) usage; exit 0;; 2263 *) usage; exit 1;; 2264 esac 2265done 2266 2267# Make sure we don't pause twice. 2268[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no 2269 2270if [ "$(id -u)" -ne 0 ];then 2271 echo "SKIP: Need root privileges" 2272 exit $ksft_skip; 2273fi 2274 2275if [ ! -x "$(command -v ip)" ]; then 2276 echo "SKIP: Could not run test without ip tool" 2277 exit $ksft_skip 2278fi 2279 2280if [ ! -x "$(command -v bridge)" ]; then 2281 echo "SKIP: Could not run test without bridge tool" 2282 exit $ksft_skip 2283fi 2284 2285if [ ! -x "$(command -v mausezahn)" ]; then 2286 echo "SKIP: Could not run test without mausezahn tool" 2287 exit $ksft_skip 2288fi 2289 2290if [ ! -x "$(command -v jq)" ]; then 2291 echo "SKIP: Could not run test without jq tool" 2292 exit $ksft_skip 2293fi 2294 2295bridge mdb help 2>&1 | grep -q "get" 2296if [ $? -ne 0 ]; then 2297 echo "SKIP: iproute2 bridge too old, missing VXLAN MDB get support" 2298 exit $ksft_skip 2299fi 2300 2301# Start clean. 2302cleanup 2303 2304for t in $TESTS 2305do 2306 setup; $t; cleanup; 2307done 2308 2309if [ "$TESTS" != "none" ]; then 2310 printf "\nTests passed: %3d\n" ${nsuccess} 2311 printf "Tests failed: %3d\n" ${nfail} 2312fi 2313 2314exit $ret 2315