1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# This test is for checking VXLAN MDB functionality. The topology consists of 5# two sets of namespaces: One for the testing of IPv4 underlay and another for 6# IPv6. In both cases, both IPv4 and IPv6 overlay traffic are tested. 7# 8# Data path functionality is tested by sending traffic from one of the upper 9# namespaces and checking using ingress tc filters that the expected traffic 10# was received by one of the lower namespaces. 11# 12# +------------------------------------+ +------------------------------------+ 13# | ns1_v4 | | ns1_v6 | 14# | | | | 15# | br0.10 br0.4000 br0.20 | | br0.10 br0.4000 br0.20 | 16# | + + + | | + + + | 17# | | | | | | | | | | 18# | | | | | | | | | | 19# | +---------+---------+ | | +---------+---------+ | 20# | | | | | | 21# | | | | | | 22# | + | | + | 23# | br0 | | br0 | 24# | + | | + | 25# | | | | | | 26# | | | | | | 27# | + | | + | 28# | vx0 | | vx0 | 29# | | | | 30# | | | | 31# | veth0 | | veth0 | 32# | + | | + | 33# +-----------------|------------------+ +-----------------|------------------+ 34# | | 35# +-----------------|------------------+ +-----------------|------------------+ 36# | + | | + | 37# | veth0 | | veth0 | 38# | | | | 39# | | | | 40# | vx0 | | vx0 | 41# | + | | + | 42# | | | | | | 43# | | | | | | 44# | + | | + | 45# | br0 | | br0 | 46# | + | | + | 47# | | | | | | 48# | | | | | | 49# | +---------+---------+ | | +---------+---------+ | 50# | | | | | | | | | | 51# | | | | | | | | | | 52# | + + + | | + + + | 53# | br0.10 br0.4000 br0.10 | | br0.10 br0.4000 br0.20 | 54# | | | | 55# | ns2_v4 | | ns2_v6 | 56# +------------------------------------+ +------------------------------------+ 57 58ret=0 59# Kselftest framework requirement - SKIP code is 4. 60ksft_skip=4 61 62CONTROL_PATH_TESTS=" 63 basic_star_g_ipv4_ipv4 64 basic_star_g_ipv6_ipv4 65 basic_star_g_ipv4_ipv6 66 basic_star_g_ipv6_ipv6 67 basic_sg_ipv4_ipv4 68 basic_sg_ipv6_ipv4 69 basic_sg_ipv4_ipv6 70 basic_sg_ipv6_ipv6 71 star_g_ipv4_ipv4 72 star_g_ipv6_ipv4 73 star_g_ipv4_ipv6 74 star_g_ipv6_ipv6 75 sg_ipv4_ipv4 76 sg_ipv6_ipv4 77 sg_ipv4_ipv6 78 sg_ipv6_ipv6 79 dump_ipv4_ipv4 80 dump_ipv6_ipv4 81 dump_ipv4_ipv6 82 dump_ipv6_ipv6 83" 84 85DATA_PATH_TESTS=" 86 encap_params_ipv4_ipv4 87 encap_params_ipv6_ipv4 88 encap_params_ipv4_ipv6 89 encap_params_ipv6_ipv6 90 starg_exclude_ir_ipv4_ipv4 91 starg_exclude_ir_ipv6_ipv4 92 starg_exclude_ir_ipv4_ipv6 93 starg_exclude_ir_ipv6_ipv6 94 starg_include_ir_ipv4_ipv4 95 starg_include_ir_ipv6_ipv4 96 starg_include_ir_ipv4_ipv6 97 starg_include_ir_ipv6_ipv6 98 starg_exclude_p2mp_ipv4_ipv4 99 starg_exclude_p2mp_ipv6_ipv4 100 starg_exclude_p2mp_ipv4_ipv6 101 starg_exclude_p2mp_ipv6_ipv6 102 starg_include_p2mp_ipv4_ipv4 103 starg_include_p2mp_ipv6_ipv4 104 starg_include_p2mp_ipv4_ipv6 105 starg_include_p2mp_ipv6_ipv6 106 egress_vni_translation_ipv4_ipv4 107 egress_vni_translation_ipv6_ipv4 108 egress_vni_translation_ipv4_ipv6 109 egress_vni_translation_ipv6_ipv6 110 all_zeros_mdb_ipv4 111 all_zeros_mdb_ipv6 112 mdb_fdb_ipv4_ipv4 113 mdb_fdb_ipv6_ipv4 114 mdb_fdb_ipv4_ipv6 115 mdb_fdb_ipv6_ipv6 116 mdb_torture_ipv4_ipv4 117 mdb_torture_ipv6_ipv4 118 mdb_torture_ipv4_ipv6 119 mdb_torture_ipv6_ipv6 120" 121 122# All tests in this script. Can be overridden with -t option. 123TESTS=" 124 $CONTROL_PATH_TESTS 125 $DATA_PATH_TESTS 126" 127VERBOSE=0 128PAUSE_ON_FAIL=no 129PAUSE=no 130 131################################################################################ 132# Utilities 133 134log_test() 135{ 136 local rc=$1 137 local expected=$2 138 local msg="$3" 139 140 if [ ${rc} -eq ${expected} ]; then 141 printf "TEST: %-60s [ OK ]\n" "${msg}" 142 nsuccess=$((nsuccess+1)) 143 else 144 ret=1 145 nfail=$((nfail+1)) 146 printf "TEST: %-60s [FAIL]\n" "${msg}" 147 if [ "$VERBOSE" = "1" ]; then 148 echo " rc=$rc, expected $expected" 149 fi 150 151 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 152 echo 153 echo "hit enter to continue, 'q' to quit" 154 read a 155 [ "$a" = "q" ] && exit 1 156 fi 157 fi 158 159 if [ "${PAUSE}" = "yes" ]; then 160 echo 161 echo "hit enter to continue, 'q' to quit" 162 read a 163 [ "$a" = "q" ] && exit 1 164 fi 165 166 [ "$VERBOSE" = "1" ] && echo 167} 168 169run_cmd() 170{ 171 local cmd="$1" 172 local out 173 local stderr="2>/dev/null" 174 175 if [ "$VERBOSE" = "1" ]; then 176 printf "COMMAND: $cmd\n" 177 stderr= 178 fi 179 180 out=$(eval $cmd $stderr) 181 rc=$? 182 if [ "$VERBOSE" = "1" -a -n "$out" ]; then 183 echo " $out" 184 fi 185 186 return $rc 187} 188 189tc_check_packets() 190{ 191 local ns=$1; shift 192 local id=$1; shift 193 local handle=$1; shift 194 local count=$1; shift 195 local pkts 196 197 sleep 0.1 198 pkts=$(tc -n $ns -j -s filter show $id \ 199 | jq ".[] | select(.options.handle == $handle) | \ 200 .options.actions[0].stats.packets") 201 [[ $pkts == $count ]] 202} 203 204################################################################################ 205# Setup 206 207setup_common_ns() 208{ 209 local ns=$1; shift 210 local local_addr=$1; shift 211 212 ip netns exec $ns sysctl -qw net.ipv4.ip_forward=1 213 ip netns exec $ns sysctl -qw net.ipv4.fib_multipath_use_neigh=1 214 ip netns exec $ns sysctl -qw net.ipv4.conf.default.ignore_routes_with_linkdown=1 215 ip netns exec $ns sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 216 ip netns exec $ns sysctl -qw net.ipv6.conf.all.forwarding=1 217 ip netns exec $ns sysctl -qw net.ipv6.conf.default.forwarding=1 218 ip netns exec $ns sysctl -qw net.ipv6.conf.default.ignore_routes_with_linkdown=1 219 ip netns exec $ns sysctl -qw net.ipv6.conf.all.accept_dad=0 220 ip netns exec $ns sysctl -qw net.ipv6.conf.default.accept_dad=0 221 222 ip -n $ns link set dev lo up 223 ip -n $ns address add $local_addr dev lo 224 225 ip -n $ns link set dev veth0 up 226 227 ip -n $ns link add name br0 up type bridge vlan_filtering 1 \ 228 vlan_default_pvid 0 mcast_snooping 0 229 230 ip -n $ns link add link br0 name br0.10 up type vlan id 10 231 bridge -n $ns vlan add vid 10 dev br0 self 232 233 ip -n $ns link add link br0 name br0.20 up type vlan id 20 234 bridge -n $ns vlan add vid 20 dev br0 self 235 236 ip -n $ns link add link br0 name br0.4000 up type vlan id 4000 237 bridge -n $ns vlan add vid 4000 dev br0 self 238 239 ip -n $ns link add name vx0 up master br0 type vxlan \ 240 local $local_addr dstport 4789 external vnifilter 241 bridge -n $ns link set dev vx0 vlan_tunnel on 242 243 bridge -n $ns vlan add vid 10 dev vx0 244 bridge -n $ns vlan add vid 10 dev vx0 tunnel_info id 10010 245 bridge -n $ns vni add vni 10010 dev vx0 246 247 bridge -n $ns vlan add vid 20 dev vx0 248 bridge -n $ns vlan add vid 20 dev vx0 tunnel_info id 10020 249 bridge -n $ns vni add vni 10020 dev vx0 250 251 bridge -n $ns vlan add vid 4000 dev vx0 pvid 252 bridge -n $ns vlan add vid 4000 dev vx0 tunnel_info id 14000 253 bridge -n $ns vni add vni 14000 dev vx0 254} 255 256setup_common() 257{ 258 local ns1=$1; shift 259 local ns2=$1; shift 260 local local_addr1=$1; shift 261 local local_addr2=$1; shift 262 263 ip netns add $ns1 264 ip netns add $ns2 265 266 ip link add name veth0 type veth peer name veth1 267 ip link set dev veth0 netns $ns1 name veth0 268 ip link set dev veth1 netns $ns2 name veth0 269 270 setup_common_ns $ns1 $local_addr1 271 setup_common_ns $ns2 $local_addr2 272} 273 274setup_v4() 275{ 276 setup_common ns1_v4 ns2_v4 192.0.2.1 192.0.2.2 277 278 ip -n ns1_v4 address add 192.0.2.17/28 dev veth0 279 ip -n ns2_v4 address add 192.0.2.18/28 dev veth0 280 281 ip -n ns1_v4 route add default via 192.0.2.18 282 ip -n ns2_v4 route add default via 192.0.2.17 283} 284 285cleanup_v4() 286{ 287 ip netns del ns2_v4 288 ip netns del ns1_v4 289} 290 291setup_v6() 292{ 293 setup_common ns1_v6 ns2_v6 2001:db8:1::1 2001:db8:1::2 294 295 ip -n ns1_v6 address add 2001:db8:2::1/64 dev veth0 nodad 296 ip -n ns2_v6 address add 2001:db8:2::2/64 dev veth0 nodad 297 298 ip -n ns1_v6 route add default via 2001:db8:2::2 299 ip -n ns2_v6 route add default via 2001:db8:2::1 300} 301 302cleanup_v6() 303{ 304 ip netns del ns2_v6 305 ip netns del ns1_v6 306} 307 308setup() 309{ 310 set -e 311 312 setup_v4 313 setup_v6 314 315 sleep 5 316 317 set +e 318} 319 320cleanup() 321{ 322 cleanup_v6 &> /dev/null 323 cleanup_v4 &> /dev/null 324} 325 326################################################################################ 327# Tests - Control path 328 329basic_common() 330{ 331 local ns1=$1; shift 332 local grp_key=$1; shift 333 local vtep_ip=$1; shift 334 335 # Test basic control path operations common to all MDB entry types. 336 337 # Basic add, replace and delete behavior. 338 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 339 log_test $? 0 "MDB entry addition" 340 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\"" 341 log_test $? 0 "MDB entry presence after addition" 342 343 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 344 log_test $? 0 "MDB entry replacement" 345 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\"" 346 log_test $? 0 "MDB entry presence after replacement" 347 348 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 349 log_test $? 0 "MDB entry deletion" 350 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\"" 351 log_test $? 1 "MDB entry presence after deletion" 352 353 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 354 log_test $? 255 "Non-existent MDB entry deletion" 355 356 # Default protocol and replacement. 357 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 358 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"proto static\"" 359 log_test $? 0 "MDB entry default protocol" 360 361 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent proto 123 dst $vtep_ip src_vni 10010" 362 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"proto 123\"" 363 log_test $? 0 "MDB entry protocol replacement" 364 365 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 366 367 # Default destination port and replacement. 368 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 369 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \" dst_port \"" 370 log_test $? 1 "MDB entry default destination port" 371 372 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip dst_port 1234 src_vni 10010" 373 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"dst_port 1234\"" 374 log_test $? 0 "MDB entry destination port replacement" 375 376 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 377 378 # Default destination VNI and replacement. 379 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 380 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \" vni \"" 381 log_test $? 1 "MDB entry default destination VNI" 382 383 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni 1234 src_vni 10010" 384 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"vni 1234\"" 385 log_test $? 0 "MDB entry destination VNI replacement" 386 387 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 388 389 # Default outgoing interface and replacement. 390 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 391 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \" via \"" 392 log_test $? 1 "MDB entry default outgoing interface" 393 394 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010 via veth0" 395 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep \"$grp_key\" | grep \"via veth0\"" 396 log_test $? 0 "MDB entry outgoing interface replacement" 397 398 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 399 400 # Common error cases. 401 run_cmd "bridge -n $ns1 mdb add dev vx0 port veth0 $grp_key permanent dst $vtep_ip src_vni 10010" 402 log_test $? 255 "MDB entry with mismatch between device and port" 403 404 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key temp dst $vtep_ip src_vni 10010" 405 log_test $? 255 "MDB entry with temp state" 406 407 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent vid 10 dst $vtep_ip src_vni 10010" 408 log_test $? 255 "MDB entry with VLAN" 409 410 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp 01:02:03:04:05:06 permanent dst $vtep_ip src_vni 10010" 411 log_test $? 255 "MDB entry MAC address" 412 413 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent" 414 log_test $? 255 "MDB entry without extended parameters" 415 416 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent proto 3 dst $vtep_ip src_vni 10010" 417 log_test $? 255 "MDB entry with an invalid protocol" 418 419 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni $((2 ** 24)) src_vni 10010" 420 log_test $? 255 "MDB entry with an invalid destination VNI" 421 422 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni $((2 ** 24))" 423 log_test $? 255 "MDB entry with an invalid source VNI" 424 425 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent src_vni 10010" 426 log_test $? 255 "MDB entry without a remote destination IP" 427 428 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 429 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010" 430 log_test $? 255 "Duplicate MDB entries" 431 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010" 432} 433 434basic_star_g_ipv4_ipv4() 435{ 436 local ns1=ns1_v4 437 local grp_key="grp 239.1.1.1" 438 local vtep_ip=198.51.100.100 439 440 echo 441 echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv4 underlay" 442 echo "--------------------------------------------------------------------" 443 444 basic_common $ns1 "$grp_key" $vtep_ip 445} 446 447basic_star_g_ipv6_ipv4() 448{ 449 local ns1=ns1_v4 450 local grp_key="grp ff0e::1" 451 local vtep_ip=198.51.100.100 452 453 echo 454 echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv4 underlay" 455 echo "--------------------------------------------------------------------" 456 457 basic_common $ns1 "$grp_key" $vtep_ip 458} 459 460basic_star_g_ipv4_ipv6() 461{ 462 local ns1=ns1_v6 463 local grp_key="grp 239.1.1.1" 464 local vtep_ip=2001:db8:1000::1 465 466 echo 467 echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv6 underlay" 468 echo "--------------------------------------------------------------------" 469 470 basic_common $ns1 "$grp_key" $vtep_ip 471} 472 473basic_star_g_ipv6_ipv6() 474{ 475 local ns1=ns1_v6 476 local grp_key="grp ff0e::1" 477 local vtep_ip=2001:db8:1000::1 478 479 echo 480 echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv6 underlay" 481 echo "--------------------------------------------------------------------" 482 483 basic_common $ns1 "$grp_key" $vtep_ip 484} 485 486basic_sg_ipv4_ipv4() 487{ 488 local ns1=ns1_v4 489 local grp_key="grp 239.1.1.1 src 192.0.2.129" 490 local vtep_ip=198.51.100.100 491 492 echo 493 echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv4 underlay" 494 echo "--------------------------------------------------------------------" 495 496 basic_common $ns1 "$grp_key" $vtep_ip 497} 498 499basic_sg_ipv6_ipv4() 500{ 501 local ns1=ns1_v4 502 local grp_key="grp ff0e::1 src 2001:db8:100::1" 503 local vtep_ip=198.51.100.100 504 505 echo 506 echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv4 underlay" 507 echo "---------------------------------------------------------------------" 508 509 basic_common $ns1 "$grp_key" $vtep_ip 510} 511 512basic_sg_ipv4_ipv6() 513{ 514 local ns1=ns1_v6 515 local grp_key="grp 239.1.1.1 src 192.0.2.129" 516 local vtep_ip=2001:db8:1000::1 517 518 echo 519 echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv6 underlay" 520 echo "--------------------------------------------------------------------" 521 522 basic_common $ns1 "$grp_key" $vtep_ip 523} 524 525basic_sg_ipv6_ipv6() 526{ 527 local ns1=ns1_v6 528 local grp_key="grp ff0e::1 src 2001:db8:100::1" 529 local vtep_ip=2001:db8:1000::1 530 531 echo 532 echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv6 underlay" 533 echo "--------------------------------------------------------------------" 534 535 basic_common $ns1 "$grp_key" $vtep_ip 536} 537 538star_g_common() 539{ 540 local ns1=$1; shift 541 local grp=$1; shift 542 local src1=$1; shift 543 local src2=$1; shift 544 local src3=$1; shift 545 local vtep_ip=$1; shift 546 local all_zeros_grp=$1; shift 547 548 # Test control path operations specific to (*, G) entries. 549 550 # Basic add, replace and delete behavior. 551 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 552 log_test $? 0 "(*, G) MDB entry addition with source list" 553 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \"" 554 log_test $? 0 "(*, G) MDB entry presence after addition" 555 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 556 log_test $? 0 "(S, G) MDB entry presence after addition" 557 558 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 559 log_test $? 0 "(*, G) MDB entry replacement with source list" 560 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \"" 561 log_test $? 0 "(*, G) MDB entry presence after replacement" 562 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 563 log_test $? 0 "(S, G) MDB entry presence after replacement" 564 565 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 566 log_test $? 0 "(*, G) MDB entry deletion" 567 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \"" 568 log_test $? 1 "(*, G) MDB entry presence after deletion" 569 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 570 log_test $? 1 "(S, G) MDB entry presence after deletion" 571 572 # Default filter mode and replacement. 573 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010" 574 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep exclude" 575 log_test $? 0 "(*, G) MDB entry default filter mode" 576 577 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $src1 dst $vtep_ip src_vni 10010" 578 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep include" 579 log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"include\"" 580 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 581 log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"include\"" 582 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\" | grep blocked" 583 log_test $? 1 "\"blocked\" flag after replacing filter mode to \"include\"" 584 585 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 586 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep exclude" 587 log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"exclude\"" 588 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 589 log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"exclude\"" 590 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\" | grep blocked" 591 log_test $? 0 "\"blocked\" flag after replacing filter mode to \"exclude\"" 592 593 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 594 595 # Default source list and replacement. 596 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010" 597 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep source_list" 598 log_test $? 1 "(*, G) MDB entry default source list" 599 600 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src2,$src3 dst $vtep_ip src_vni 10010" 601 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 602 log_test $? 0 "(S, G) MDB entry of 1st source after replacing source list" 603 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src2\"" 604 log_test $? 0 "(S, G) MDB entry of 2nd source after replacing source list" 605 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src3\"" 606 log_test $? 0 "(S, G) MDB entry of 3rd source after replacing source list" 607 608 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src3 dst $vtep_ip src_vni 10010" 609 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src1\"" 610 log_test $? 0 "(S, G) MDB entry of 1st source after removing source" 611 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src2\"" 612 log_test $? 1 "(S, G) MDB entry of 2nd source after removing source" 613 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \"src $src3\"" 614 log_test $? 0 "(S, G) MDB entry of 3rd source after removing source" 615 616 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 617 618 # Default protocol and replacement. 619 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 620 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \"proto static\"" 621 log_test $? 0 "(*, G) MDB entry default protocol" 622 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \"proto static\"" 623 log_test $? 0 "(S, G) MDB entry default protocol" 624 625 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 proto bgp dst $vtep_ip src_vni 10010" 626 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \"proto bgp\"" 627 log_test $? 0 "(*, G) MDB entry protocol after replacement" 628 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \"proto bgp\"" 629 log_test $? 0 "(S, G) MDB entry protocol after replacement" 630 631 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 632 633 # Default destination port and replacement. 634 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 635 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" dst_port \"" 636 log_test $? 1 "(*, G) MDB entry default destination port" 637 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" dst_port \"" 638 log_test $? 1 "(S, G) MDB entry default destination port" 639 640 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip dst_port 1234 src_vni 10010" 641 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" dst_port 1234 \"" 642 log_test $? 0 "(*, G) MDB entry destination port after replacement" 643 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" dst_port 1234 \"" 644 log_test $? 0 "(S, G) MDB entry destination port after replacement" 645 646 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 647 648 # Default destination VNI and replacement. 649 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 650 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" vni \"" 651 log_test $? 1 "(*, G) MDB entry default destination VNI" 652 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" vni \"" 653 log_test $? 1 "(S, G) MDB entry default destination VNI" 654 655 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip vni 1234 src_vni 10010" 656 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" vni 1234 \"" 657 log_test $? 0 "(*, G) MDB entry destination VNI after replacement" 658 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" vni 1234 \"" 659 log_test $? 0 "(S, G) MDB entry destination VNI after replacement" 660 661 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 662 663 # Default outgoing interface and replacement. 664 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010" 665 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" via \"" 666 log_test $? 1 "(*, G) MDB entry default outgoing interface" 667 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" via \"" 668 log_test $? 1 "(S, G) MDB entry default outgoing interface" 669 670 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010 via veth0" 671 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep -v \" src \" | grep \" via veth0 \"" 672 log_test $? 0 "(*, G) MDB entry outgoing interface after replacement" 673 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep \" src \" | grep \" via veth0 \"" 674 log_test $? 0 "(S, G) MDB entry outgoing interface after replacement" 675 676 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010" 677 678 # Error cases. 679 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent filter_mode exclude dst $vtep_ip src_vni 10010" 680 log_test $? 255 "All-zeros group with filter mode" 681 682 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent source_list $src1 dst $vtep_ip src_vni 10010" 683 log_test $? 255 "All-zeros group with source list" 684 685 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode include dst $vtep_ip src_vni 10010" 686 log_test $? 255 "(*, G) INCLUDE with an empty source list" 687 688 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $grp dst $vtep_ip src_vni 10010" 689 log_test $? 255 "Invalid source in source list" 690 691 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent source_list $src1 dst $vtep_ip src_vni 10010" 692 log_test $? 255 "Source list without filter mode" 693} 694 695star_g_ipv4_ipv4() 696{ 697 local ns1=ns1_v4 698 local grp=239.1.1.1 699 local src1=192.0.2.129 700 local src2=192.0.2.130 701 local src3=192.0.2.131 702 local vtep_ip=198.51.100.100 703 local all_zeros_grp=0.0.0.0 704 705 echo 706 echo "Control path: (*, G) operations - IPv4 overlay / IPv4 underlay" 707 echo "--------------------------------------------------------------" 708 709 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 710} 711 712star_g_ipv6_ipv4() 713{ 714 local ns1=ns1_v4 715 local grp=ff0e::1 716 local src1=2001:db8:100::1 717 local src2=2001:db8:100::2 718 local src3=2001:db8:100::3 719 local vtep_ip=198.51.100.100 720 local all_zeros_grp=:: 721 722 echo 723 echo "Control path: (*, G) operations - IPv6 overlay / IPv4 underlay" 724 echo "--------------------------------------------------------------" 725 726 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 727} 728 729star_g_ipv4_ipv6() 730{ 731 local ns1=ns1_v6 732 local grp=239.1.1.1 733 local src1=192.0.2.129 734 local src2=192.0.2.130 735 local src3=192.0.2.131 736 local vtep_ip=2001:db8:1000::1 737 local all_zeros_grp=0.0.0.0 738 739 echo 740 echo "Control path: (*, G) operations - IPv4 overlay / IPv6 underlay" 741 echo "--------------------------------------------------------------" 742 743 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 744} 745 746star_g_ipv6_ipv6() 747{ 748 local ns1=ns1_v6 749 local grp=ff0e::1 750 local src1=2001:db8:100::1 751 local src2=2001:db8:100::2 752 local src3=2001:db8:100::3 753 local vtep_ip=2001:db8:1000::1 754 local all_zeros_grp=:: 755 756 echo 757 echo "Control path: (*, G) operations - IPv6 overlay / IPv6 underlay" 758 echo "--------------------------------------------------------------" 759 760 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp 761} 762 763sg_common() 764{ 765 local ns1=$1; shift 766 local grp=$1; shift 767 local src=$1; shift 768 local vtep_ip=$1; shift 769 local all_zeros_grp=$1; shift 770 771 # Test control path operations specific to (S, G) entries. 772 773 # Default filter mode. 774 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010" 775 run_cmd "bridge -n $ns1 -d -s mdb show dev vx0 | grep $grp | grep include" 776 log_test $? 0 "(S, G) MDB entry default filter mode" 777 778 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010" 779 780 # Error cases. 781 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent filter_mode include dst $vtep_ip src_vni 10010" 782 log_test $? 255 "(S, G) with filter mode" 783 784 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent source_list $src dst $vtep_ip src_vni 10010" 785 log_test $? 255 "(S, G) with source list" 786 787 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $grp permanent dst $vtep_ip src_vni 10010" 788 log_test $? 255 "(S, G) with an invalid source list" 789 790 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp src $src permanent dst $vtep_ip src_vni 10010" 791 log_test $? 255 "All-zeros group with source" 792} 793 794sg_ipv4_ipv4() 795{ 796 local ns1=ns1_v4 797 local grp=239.1.1.1 798 local src=192.0.2.129 799 local vtep_ip=198.51.100.100 800 local all_zeros_grp=0.0.0.0 801 802 echo 803 echo "Control path: (S, G) operations - IPv4 overlay / IPv4 underlay" 804 echo "--------------------------------------------------------------" 805 806 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 807} 808 809sg_ipv6_ipv4() 810{ 811 local ns1=ns1_v4 812 local grp=ff0e::1 813 local src=2001:db8:100::1 814 local vtep_ip=198.51.100.100 815 local all_zeros_grp=:: 816 817 echo 818 echo "Control path: (S, G) operations - IPv6 overlay / IPv4 underlay" 819 echo "--------------------------------------------------------------" 820 821 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 822} 823 824sg_ipv4_ipv6() 825{ 826 local ns1=ns1_v6 827 local grp=239.1.1.1 828 local src=192.0.2.129 829 local vtep_ip=2001:db8:1000::1 830 local all_zeros_grp=0.0.0.0 831 832 echo 833 echo "Control path: (S, G) operations - IPv4 overlay / IPv6 underlay" 834 echo "--------------------------------------------------------------" 835 836 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 837} 838 839sg_ipv6_ipv6() 840{ 841 local ns1=ns1_v6 842 local grp=ff0e::1 843 local src=2001:db8:100::1 844 local vtep_ip=2001:db8:1000::1 845 local all_zeros_grp=:: 846 847 echo 848 echo "Control path: (S, G) operations - IPv6 overlay / IPv6 underlay" 849 echo "--------------------------------------------------------------" 850 851 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp 852} 853 854ipv4_grps_get() 855{ 856 local max_grps=$1; shift 857 local i 858 859 for i in $(seq 0 $((max_grps - 1))); do 860 echo "239.1.1.$i" 861 done 862} 863 864ipv6_grps_get() 865{ 866 local max_grps=$1; shift 867 local i 868 869 for i in $(seq 0 $((max_grps - 1))); do 870 echo "ff0e::$(printf %x $i)" 871 done 872} 873 874dump_common() 875{ 876 local ns1=$1; shift 877 local local_addr=$1; shift 878 local remote_prefix=$1; shift 879 local fn=$1; shift 880 local max_vxlan_devs=2 881 local max_remotes=64 882 local max_grps=256 883 local num_entries 884 local batch_file 885 local grp 886 local i j 887 888 # The kernel maintains various markers for the MDB dump. Add a test for 889 # large scale MDB dump to make sure that all the configured entries are 890 # dumped and that the markers are used correctly. 891 892 # Create net devices. 893 for i in $(seq 1 $max_vxlan_devs); do 894 ip -n $ns1 link add name vx-test${i} up type vxlan \ 895 local $local_addr dstport 4789 external vnifilter 896 done 897 898 # Create batch file with MDB entries. 899 batch_file=$(mktemp) 900 for i in $(seq 1 $max_vxlan_devs); do 901 for j in $(seq 1 $max_remotes); do 902 for grp in $($fn $max_grps); do 903 echo "mdb add dev vx-test${i} port vx-test${i} grp $grp permanent dst ${remote_prefix}${j}" >> $batch_file 904 done 905 done 906 done 907 908 # Program the batch file and check for expected number of entries. 909 bridge -n $ns1 -b $batch_file 910 for i in $(seq 1 $max_vxlan_devs); do 911 num_entries=$(bridge -n $ns1 mdb show dev vx-test${i} | grep "permanent" | wc -l) 912 [[ $num_entries -eq $((max_grps * max_remotes)) ]] 913 log_test $? 0 "Large scale dump - VXLAN device #$i" 914 done 915 916 rm -rf $batch_file 917} 918 919dump_ipv4_ipv4() 920{ 921 local ns1=ns1_v4 922 local local_addr=192.0.2.1 923 local remote_prefix=198.51.100. 924 local fn=ipv4_grps_get 925 926 echo 927 echo "Control path: Large scale MDB dump - IPv4 overlay / IPv4 underlay" 928 echo "-----------------------------------------------------------------" 929 930 dump_common $ns1 $local_addr $remote_prefix $fn 931} 932 933dump_ipv6_ipv4() 934{ 935 local ns1=ns1_v4 936 local local_addr=192.0.2.1 937 local remote_prefix=198.51.100. 938 local fn=ipv6_grps_get 939 940 echo 941 echo "Control path: Large scale MDB dump - IPv6 overlay / IPv4 underlay" 942 echo "-----------------------------------------------------------------" 943 944 dump_common $ns1 $local_addr $remote_prefix $fn 945} 946 947dump_ipv4_ipv6() 948{ 949 local ns1=ns1_v6 950 local local_addr=2001:db8:1::1 951 local remote_prefix=2001:db8:1000:: 952 local fn=ipv4_grps_get 953 954 echo 955 echo "Control path: Large scale MDB dump - IPv4 overlay / IPv6 underlay" 956 echo "-----------------------------------------------------------------" 957 958 dump_common $ns1 $local_addr $remote_prefix $fn 959} 960 961dump_ipv6_ipv6() 962{ 963 local ns1=ns1_v6 964 local local_addr=2001:db8:1::1 965 local remote_prefix=2001:db8:1000:: 966 local fn=ipv6_grps_get 967 968 echo 969 echo "Control path: Large scale MDB dump - IPv6 overlay / IPv6 underlay" 970 echo "-----------------------------------------------------------------" 971 972 dump_common $ns1 $local_addr $remote_prefix $fn 973} 974 975################################################################################ 976# Tests - Data path 977 978encap_params_common() 979{ 980 local ns1=$1; shift 981 local ns2=$1; shift 982 local vtep1_ip=$1; shift 983 local vtep2_ip=$1; shift 984 local plen=$1; shift 985 local enc_ethtype=$1; shift 986 local grp=$1; shift 987 local src=$1; shift 988 local mz=$1; shift 989 990 # Test that packets forwarded by the VXLAN MDB are encapsulated with 991 # the correct parameters. Transmit packets from the first namespace and 992 # check that they hit the corresponding filters on the ingress of the 993 # second namespace. 994 995 run_cmd "tc -n $ns2 qdisc replace dev veth0 clsact" 996 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 997 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 998 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 999 1000 # Check destination IP. 1001 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1002 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep2_ip src_vni 10020" 1003 1004 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1005 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1006 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1007 log_test $? 0 "Destination IP - match" 1008 1009 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1010 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1011 log_test $? 0 "Destination IP - no match" 1012 1013 run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower" 1014 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10020" 1015 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 1016 1017 # Check destination port. 1018 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1019 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip dst_port 1111 src_vni 10020" 1020 1021 run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 4789 action pass" 1022 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1023 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1024 log_test $? 0 "Default destination port - match" 1025 1026 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1027 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1028 log_test $? 0 "Default destination port - no match" 1029 1030 run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 1111 action pass" 1031 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1032 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1033 log_test $? 0 "Non-default destination port - match" 1034 1035 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1036 tc_check_packets "$ns2" "dev veth0 ingress" 101 1 1037 log_test $? 0 "Non-default destination port - no match" 1038 1039 run_cmd "tc -n $ns2 filter del dev veth0 ingress pref 1 handle 101 flower" 1040 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020" 1041 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 1042 1043 # Check default VNI. 1044 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1045 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10020" 1046 1047 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10010 action pass" 1048 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1049 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1050 log_test $? 0 "Default destination VNI - match" 1051 1052 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1053 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1054 log_test $? 0 "Default destination VNI - no match" 1055 1056 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10020 src_vni 10010" 1057 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10010 src_vni 10020" 1058 1059 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10020 action pass" 1060 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1061 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1062 log_test $? 0 "Non-default destination VNI - match" 1063 1064 run_cmd "ip netns exec $ns1 $mz br0.20 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1065 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1066 log_test $? 0 "Non-default destination VNI - no match" 1067 1068 run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower" 1069 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020" 1070 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 1071} 1072 1073encap_params_ipv4_ipv4() 1074{ 1075 local ns1=ns1_v4 1076 local ns2=ns2_v4 1077 local vtep1_ip=198.51.100.100 1078 local vtep2_ip=198.51.100.200 1079 local plen=32 1080 local enc_ethtype="ip" 1081 local grp=239.1.1.1 1082 local src=192.0.2.129 1083 1084 echo 1085 echo "Data path: Encapsulation parameters - IPv4 overlay / IPv4 underlay" 1086 echo "------------------------------------------------------------------" 1087 1088 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1089 $grp $src "mausezahn" 1090} 1091 1092encap_params_ipv6_ipv4() 1093{ 1094 local ns1=ns1_v4 1095 local ns2=ns2_v4 1096 local vtep1_ip=198.51.100.100 1097 local vtep2_ip=198.51.100.200 1098 local plen=32 1099 local enc_ethtype="ip" 1100 local grp=ff0e::1 1101 local src=2001:db8:100::1 1102 1103 echo 1104 echo "Data path: Encapsulation parameters - IPv6 overlay / IPv4 underlay" 1105 echo "------------------------------------------------------------------" 1106 1107 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1108 $grp $src "mausezahn -6" 1109} 1110 1111encap_params_ipv4_ipv6() 1112{ 1113 local ns1=ns1_v6 1114 local ns2=ns2_v6 1115 local vtep1_ip=2001:db8:1000::1 1116 local vtep2_ip=2001:db8:2000::1 1117 local plen=128 1118 local enc_ethtype="ipv6" 1119 local grp=239.1.1.1 1120 local src=192.0.2.129 1121 1122 echo 1123 echo "Data path: Encapsulation parameters - IPv4 overlay / IPv6 underlay" 1124 echo "------------------------------------------------------------------" 1125 1126 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1127 $grp $src "mausezahn" 1128} 1129 1130encap_params_ipv6_ipv6() 1131{ 1132 local ns1=ns1_v6 1133 local ns2=ns2_v6 1134 local vtep1_ip=2001:db8:1000::1 1135 local vtep2_ip=2001:db8:2000::1 1136 local plen=128 1137 local enc_ethtype="ipv6" 1138 local grp=ff0e::1 1139 local src=2001:db8:100::1 1140 1141 echo 1142 echo "Data path: Encapsulation parameters - IPv6 overlay / IPv6 underlay" 1143 echo "------------------------------------------------------------------" 1144 1145 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \ 1146 $grp $src "mausezahn -6" 1147} 1148 1149starg_exclude_ir_common() 1150{ 1151 local ns1=$1; shift 1152 local ns2=$1; shift 1153 local vtep1_ip=$1; shift 1154 local vtep2_ip=$1; shift 1155 local plen=$1; shift 1156 local grp=$1; shift 1157 local valid_src=$1; shift 1158 local invalid_src=$1; shift 1159 local mz=$1; shift 1160 1161 # Install a (*, G) EXCLUDE MDB entry with one source and two remote 1162 # VTEPs. Make sure that the source in the source list is not forwarded 1163 # and that a source not in the list is forwarded. Remove one of the 1164 # VTEPs from the entry and make sure that packets are only forwarded to 1165 # the remaining VTEP. 1166 1167 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1168 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1169 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1170 1171 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1172 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1173 1174 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep1_ip src_vni 10010" 1175 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep2_ip src_vni 10010" 1176 1177 # Check that invalid source is not forwarded to any VTEP. 1178 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1179 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1180 log_test $? 0 "Block excluded source - first VTEP" 1181 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1182 log_test $? 0 "Block excluded source - second VTEP" 1183 1184 # Check that valid source is forwarded to both VTEPs. 1185 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1186 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1187 log_test $? 0 "Forward valid source - first VTEP" 1188 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1189 log_test $? 0 "Forward valid source - second VTEP" 1190 1191 # Remove second VTEP. 1192 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010" 1193 1194 # Check that invalid source is not forwarded to any VTEP. 1195 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1196 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1197 log_test $? 0 "Block excluded source after removal - first VTEP" 1198 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1199 log_test $? 0 "Block excluded source after removal - second VTEP" 1200 1201 # Check that valid source is forwarded to the remaining VTEP. 1202 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1203 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1204 log_test $? 0 "Forward valid source after removal - first VTEP" 1205 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1206 log_test $? 0 "Forward valid source after removal - second VTEP" 1207} 1208 1209starg_exclude_ir_ipv4_ipv4() 1210{ 1211 local ns1=ns1_v4 1212 local ns2=ns2_v4 1213 local vtep1_ip=198.51.100.100 1214 local vtep2_ip=198.51.100.200 1215 local plen=32 1216 local grp=239.1.1.1 1217 local valid_src=192.0.2.129 1218 local invalid_src=192.0.2.145 1219 1220 echo 1221 echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv4 underlay" 1222 echo "-------------------------------------------------------------" 1223 1224 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1225 $valid_src $invalid_src "mausezahn" 1226} 1227 1228starg_exclude_ir_ipv6_ipv4() 1229{ 1230 local ns1=ns1_v4 1231 local ns2=ns2_v4 1232 local vtep1_ip=198.51.100.100 1233 local vtep2_ip=198.51.100.200 1234 local plen=32 1235 local grp=ff0e::1 1236 local valid_src=2001:db8:100::1 1237 local invalid_src=2001:db8:200::1 1238 1239 echo 1240 echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv4 underlay" 1241 echo "-------------------------------------------------------------" 1242 1243 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1244 $valid_src $invalid_src "mausezahn -6" 1245} 1246 1247starg_exclude_ir_ipv4_ipv6() 1248{ 1249 local ns1=ns1_v6 1250 local ns2=ns2_v6 1251 local vtep1_ip=2001:db8:1000::1 1252 local vtep2_ip=2001:db8:2000::1 1253 local plen=128 1254 local grp=239.1.1.1 1255 local valid_src=192.0.2.129 1256 local invalid_src=192.0.2.145 1257 1258 echo 1259 echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv6 underlay" 1260 echo "-------------------------------------------------------------" 1261 1262 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1263 $valid_src $invalid_src "mausezahn" 1264} 1265 1266starg_exclude_ir_ipv6_ipv6() 1267{ 1268 local ns1=ns1_v6 1269 local ns2=ns2_v6 1270 local vtep1_ip=2001:db8:1000::1 1271 local vtep2_ip=2001:db8:2000::1 1272 local plen=128 1273 local grp=ff0e::1 1274 local valid_src=2001:db8:100::1 1275 local invalid_src=2001:db8:200::1 1276 1277 echo 1278 echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv6 underlay" 1279 echo "-------------------------------------------------------------" 1280 1281 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1282 $valid_src $invalid_src "mausezahn -6" 1283} 1284 1285starg_include_ir_common() 1286{ 1287 local ns1=$1; shift 1288 local ns2=$1; shift 1289 local vtep1_ip=$1; shift 1290 local vtep2_ip=$1; shift 1291 local plen=$1; shift 1292 local grp=$1; shift 1293 local valid_src=$1; shift 1294 local invalid_src=$1; shift 1295 local mz=$1; shift 1296 1297 # Install a (*, G) INCLUDE MDB entry with one source and two remote 1298 # VTEPs. Make sure that the source in the source list is forwarded and 1299 # that a source not in the list is not forwarded. Remove one of the 1300 # VTEPs from the entry and make sure that packets are only forwarded to 1301 # the remaining VTEP. 1302 1303 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1304 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1305 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1306 1307 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1308 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1309 1310 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep1_ip src_vni 10010" 1311 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep2_ip src_vni 10010" 1312 1313 # Check that invalid source is not forwarded to any VTEP. 1314 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1315 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1316 log_test $? 0 "Block excluded source - first VTEP" 1317 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1318 log_test $? 0 "Block excluded source - second VTEP" 1319 1320 # Check that valid source is forwarded to both VTEPs. 1321 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1322 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1323 log_test $? 0 "Forward valid source - first VTEP" 1324 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1325 log_test $? 0 "Forward valid source - second VTEP" 1326 1327 # Remove second VTEP. 1328 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010" 1329 1330 # Check that invalid source is not forwarded to any VTEP. 1331 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1332 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1333 log_test $? 0 "Block excluded source after removal - first VTEP" 1334 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1335 log_test $? 0 "Block excluded source after removal - second VTEP" 1336 1337 # Check that valid source is forwarded to the remaining VTEP. 1338 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1339 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1340 log_test $? 0 "Forward valid source after removal - first VTEP" 1341 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1342 log_test $? 0 "Forward valid source after removal - second VTEP" 1343} 1344 1345starg_include_ir_ipv4_ipv4() 1346{ 1347 local ns1=ns1_v4 1348 local ns2=ns2_v4 1349 local vtep1_ip=198.51.100.100 1350 local vtep2_ip=198.51.100.200 1351 local plen=32 1352 local grp=239.1.1.1 1353 local valid_src=192.0.2.129 1354 local invalid_src=192.0.2.145 1355 1356 echo 1357 echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv4 underlay" 1358 echo "-------------------------------------------------------------" 1359 1360 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1361 $valid_src $invalid_src "mausezahn" 1362} 1363 1364starg_include_ir_ipv6_ipv4() 1365{ 1366 local ns1=ns1_v4 1367 local ns2=ns2_v4 1368 local vtep1_ip=198.51.100.100 1369 local vtep2_ip=198.51.100.200 1370 local plen=32 1371 local grp=ff0e::1 1372 local valid_src=2001:db8:100::1 1373 local invalid_src=2001:db8:200::1 1374 1375 echo 1376 echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv4 underlay" 1377 echo "-------------------------------------------------------------" 1378 1379 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1380 $valid_src $invalid_src "mausezahn -6" 1381} 1382 1383starg_include_ir_ipv4_ipv6() 1384{ 1385 local ns1=ns1_v6 1386 local ns2=ns2_v6 1387 local vtep1_ip=2001:db8:1000::1 1388 local vtep2_ip=2001:db8:2000::1 1389 local plen=128 1390 local grp=239.1.1.1 1391 local valid_src=192.0.2.129 1392 local invalid_src=192.0.2.145 1393 1394 echo 1395 echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv6 underlay" 1396 echo "-------------------------------------------------------------" 1397 1398 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1399 $valid_src $invalid_src "mausezahn" 1400} 1401 1402starg_include_ir_ipv6_ipv6() 1403{ 1404 local ns1=ns1_v6 1405 local ns2=ns2_v6 1406 local vtep1_ip=2001:db8:1000::1 1407 local vtep2_ip=2001:db8:2000::1 1408 local plen=128 1409 local grp=ff0e::1 1410 local valid_src=2001:db8:100::1 1411 local invalid_src=2001:db8:200::1 1412 1413 echo 1414 echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv6 underlay" 1415 echo "-------------------------------------------------------------" 1416 1417 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \ 1418 $valid_src $invalid_src "mausezahn -6" 1419} 1420 1421starg_exclude_p2mp_common() 1422{ 1423 local ns1=$1; shift 1424 local ns2=$1; shift 1425 local mcast_grp=$1; shift 1426 local plen=$1; shift 1427 local grp=$1; shift 1428 local valid_src=$1; shift 1429 local invalid_src=$1; shift 1430 local mz=$1; shift 1431 1432 # Install a (*, G) EXCLUDE MDB entry with one source and one multicast 1433 # group to which packets are sent. Make sure that the source in the 1434 # source list is not forwarded and that a source not in the list is 1435 # forwarded. 1436 1437 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1438 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin" 1439 1440 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $mcast_grp action pass" 1441 1442 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $mcast_grp src_vni 10010 via veth0" 1443 1444 # Check that invalid source is not forwarded. 1445 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1446 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1447 log_test $? 0 "Block excluded source" 1448 1449 # Check that valid source is forwarded. 1450 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1451 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1452 log_test $? 0 "Forward valid source" 1453 1454 # Remove the VTEP from the multicast group. 1455 run_cmd "ip -n $ns2 address del $mcast_grp/$plen dev veth0" 1456 1457 # Check that valid source is not received anymore. 1458 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1459 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1460 log_test $? 0 "Receive of valid source after removal from group" 1461} 1462 1463starg_exclude_p2mp_ipv4_ipv4() 1464{ 1465 local ns1=ns1_v4 1466 local ns2=ns2_v4 1467 local mcast_grp=238.1.1.1 1468 local plen=32 1469 local grp=239.1.1.1 1470 local valid_src=192.0.2.129 1471 local invalid_src=192.0.2.145 1472 1473 echo 1474 echo "Data path: (*, G) EXCLUDE - P2MP - IPv4 overlay / IPv4 underlay" 1475 echo "---------------------------------------------------------------" 1476 1477 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1478 $valid_src $invalid_src "mausezahn" 1479} 1480 1481starg_exclude_p2mp_ipv6_ipv4() 1482{ 1483 local ns1=ns1_v4 1484 local ns2=ns2_v4 1485 local mcast_grp=238.1.1.1 1486 local plen=32 1487 local grp=ff0e::1 1488 local valid_src=2001:db8:100::1 1489 local invalid_src=2001:db8:200::1 1490 1491 echo 1492 echo "Data path: (*, G) EXCLUDE - P2MP - IPv6 overlay / IPv4 underlay" 1493 echo "---------------------------------------------------------------" 1494 1495 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1496 $valid_src $invalid_src "mausezahn -6" 1497} 1498 1499starg_exclude_p2mp_ipv4_ipv6() 1500{ 1501 local ns1=ns1_v6 1502 local ns2=ns2_v6 1503 local mcast_grp=ff0e::2 1504 local plen=128 1505 local grp=239.1.1.1 1506 local valid_src=192.0.2.129 1507 local invalid_src=192.0.2.145 1508 1509 echo 1510 echo "Data path: (*, G) EXCLUDE - P2MP - IPv4 overlay / IPv6 underlay" 1511 echo "---------------------------------------------------------------" 1512 1513 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1514 $valid_src $invalid_src "mausezahn" 1515} 1516 1517starg_exclude_p2mp_ipv6_ipv6() 1518{ 1519 local ns1=ns1_v6 1520 local ns2=ns2_v6 1521 local mcast_grp=ff0e::2 1522 local plen=128 1523 local grp=ff0e::1 1524 local valid_src=2001:db8:100::1 1525 local invalid_src=2001:db8:200::1 1526 1527 echo 1528 echo "Data path: (*, G) EXCLUDE - P2MP - IPv6 overlay / IPv6 underlay" 1529 echo "---------------------------------------------------------------" 1530 1531 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1532 $valid_src $invalid_src "mausezahn -6" 1533} 1534 1535starg_include_p2mp_common() 1536{ 1537 local ns1=$1; shift 1538 local ns2=$1; shift 1539 local mcast_grp=$1; shift 1540 local plen=$1; shift 1541 local grp=$1; shift 1542 local valid_src=$1; shift 1543 local invalid_src=$1; shift 1544 local mz=$1; shift 1545 1546 # Install a (*, G) INCLUDE MDB entry with one source and one multicast 1547 # group to which packets are sent. Make sure that the source in the 1548 # source list is forwarded and that a source not in the list is not 1549 # forwarded. 1550 1551 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1552 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin" 1553 1554 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $mcast_grp action pass" 1555 1556 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $mcast_grp src_vni 10010 via veth0" 1557 1558 # Check that invalid source is not forwarded. 1559 run_cmd "ip netns exec $ns1 $mz br0.10 -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1560 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1561 log_test $? 0 "Block excluded source" 1562 1563 # Check that valid source is forwarded. 1564 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1565 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1566 log_test $? 0 "Forward valid source" 1567 1568 # Remove the VTEP from the multicast group. 1569 run_cmd "ip -n $ns2 address del $mcast_grp/$plen dev veth0" 1570 1571 # Check that valid source is not received anymore. 1572 run_cmd "ip netns exec $ns1 $mz br0.10 -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1573 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1574 log_test $? 0 "Receive of valid source after removal from group" 1575} 1576 1577starg_include_p2mp_ipv4_ipv4() 1578{ 1579 local ns1=ns1_v4 1580 local ns2=ns2_v4 1581 local mcast_grp=238.1.1.1 1582 local plen=32 1583 local grp=239.1.1.1 1584 local valid_src=192.0.2.129 1585 local invalid_src=192.0.2.145 1586 1587 echo 1588 echo "Data path: (*, G) INCLUDE - P2MP - IPv4 overlay / IPv4 underlay" 1589 echo "---------------------------------------------------------------" 1590 1591 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1592 $valid_src $invalid_src "mausezahn" 1593} 1594 1595starg_include_p2mp_ipv6_ipv4() 1596{ 1597 local ns1=ns1_v4 1598 local ns2=ns2_v4 1599 local mcast_grp=238.1.1.1 1600 local plen=32 1601 local grp=ff0e::1 1602 local valid_src=2001:db8:100::1 1603 local invalid_src=2001:db8:200::1 1604 1605 echo 1606 echo "Data path: (*, G) INCLUDE - P2MP - IPv6 overlay / IPv4 underlay" 1607 echo "---------------------------------------------------------------" 1608 1609 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1610 $valid_src $invalid_src "mausezahn -6" 1611} 1612 1613starg_include_p2mp_ipv4_ipv6() 1614{ 1615 local ns1=ns1_v6 1616 local ns2=ns2_v6 1617 local mcast_grp=ff0e::2 1618 local plen=128 1619 local grp=239.1.1.1 1620 local valid_src=192.0.2.129 1621 local invalid_src=192.0.2.145 1622 1623 echo 1624 echo "Data path: (*, G) INCLUDE - P2MP - IPv4 overlay / IPv6 underlay" 1625 echo "---------------------------------------------------------------" 1626 1627 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1628 $valid_src $invalid_src "mausezahn" 1629} 1630 1631starg_include_p2mp_ipv6_ipv6() 1632{ 1633 local ns1=ns1_v6 1634 local ns2=ns2_v6 1635 local mcast_grp=ff0e::2 1636 local plen=128 1637 local grp=ff0e::1 1638 local valid_src=2001:db8:100::1 1639 local invalid_src=2001:db8:200::1 1640 1641 echo 1642 echo "Data path: (*, G) INCLUDE - P2MP - IPv6 overlay / IPv6 underlay" 1643 echo "---------------------------------------------------------------" 1644 1645 starg_include_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp \ 1646 $valid_src $invalid_src "mausezahn -6" 1647} 1648 1649egress_vni_translation_common() 1650{ 1651 local ns1=$1; shift 1652 local ns2=$1; shift 1653 local mcast_grp=$1; shift 1654 local plen=$1; shift 1655 local proto=$1; shift 1656 local grp=$1; shift 1657 local src=$1; shift 1658 local mz=$1; shift 1659 1660 # When P2MP tunnels are used with optimized inter-subnet multicast 1661 # (OISM) [1], the ingress VTEP does not perform VNI translation and 1662 # uses the VNI of the source broadcast domain (BD). If the egress VTEP 1663 # is a member in the source BD, then no VNI translation is needed. 1664 # Otherwise, the egress VTEP needs to translate the VNI to the 1665 # supplementary broadcast domain (SBD) VNI, which is usually the L3VNI. 1666 # 1667 # In this test, remove the VTEP in the second namespace from VLAN 10 1668 # (VNI 10010) and make sure that a packet sent from this VLAN on the 1669 # first VTEP is received by the SVI corresponding to the L3VNI (14000 / 1670 # VLAN 4000) on the second VTEP. 1671 # 1672 # The second VTEP will be able to decapsulate the packet with VNI 10010 1673 # because this VNI is configured on its shared VXLAN device. Later, 1674 # when ingressing the bridge, the VNI to VLAN lookup will fail because 1675 # the VTEP is not a member in VLAN 10, which will cause the packet to 1676 # be tagged with VLAN 4000 since it is configured as PVID. 1677 # 1678 # [1] https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-mcast 1679 1680 run_cmd "tc -n $ns2 qdisc replace dev br0.4000 clsact" 1681 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin" 1682 run_cmd "tc -n $ns2 filter replace dev br0.4000 ingress pref 1 handle 101 proto $proto flower src_ip $src dst_ip $grp action pass" 1683 1684 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp src $src permanent dst $mcast_grp src_vni 10010 via veth0" 1685 1686 # Remove the second VTEP from VLAN 10. 1687 run_cmd "bridge -n $ns2 vlan del vid 10 dev vx0" 1688 1689 # Make sure that packets sent from the first VTEP over VLAN 10 are 1690 # received by the SVI corresponding to the L3VNI (14000 / VLAN 4000) on 1691 # the second VTEP, since it is configured as PVID. 1692 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1693 tc_check_packets "$ns2" "dev br0.4000 ingress" 101 1 1694 log_test $? 0 "Egress VNI translation - PVID configured" 1695 1696 # Remove PVID flag from VLAN 4000 on the second VTEP and make sure 1697 # packets are no longer received by the SVI interface. 1698 run_cmd "bridge -n $ns2 vlan add vid 4000 dev vx0" 1699 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1700 tc_check_packets "$ns2" "dev br0.4000 ingress" 101 1 1701 log_test $? 0 "Egress VNI translation - no PVID configured" 1702 1703 # Reconfigure the PVID and make sure packets are received again. 1704 run_cmd "bridge -n $ns2 vlan add vid 4000 dev vx0 pvid" 1705 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1706 tc_check_packets "$ns2" "dev br0.4000 ingress" 101 2 1707 log_test $? 0 "Egress VNI translation - PVID reconfigured" 1708} 1709 1710egress_vni_translation_ipv4_ipv4() 1711{ 1712 local ns1=ns1_v4 1713 local ns2=ns2_v4 1714 local mcast_grp=238.1.1.1 1715 local plen=32 1716 local proto="ipv4" 1717 local grp=239.1.1.1 1718 local src=192.0.2.129 1719 1720 echo 1721 echo "Data path: Egress VNI translation - IPv4 overlay / IPv4 underlay" 1722 echo "----------------------------------------------------------------" 1723 1724 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1725 $src "mausezahn" 1726} 1727 1728egress_vni_translation_ipv6_ipv4() 1729{ 1730 local ns1=ns1_v4 1731 local ns2=ns2_v4 1732 local mcast_grp=238.1.1.1 1733 local plen=32 1734 local proto="ipv6" 1735 local grp=ff0e::1 1736 local src=2001:db8:100::1 1737 1738 echo 1739 echo "Data path: Egress VNI translation - IPv6 overlay / IPv4 underlay" 1740 echo "----------------------------------------------------------------" 1741 1742 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1743 $src "mausezahn -6" 1744} 1745 1746egress_vni_translation_ipv4_ipv6() 1747{ 1748 local ns1=ns1_v6 1749 local ns2=ns2_v6 1750 local mcast_grp=ff0e::2 1751 local plen=128 1752 local proto="ipv4" 1753 local grp=239.1.1.1 1754 local src=192.0.2.129 1755 1756 echo 1757 echo "Data path: Egress VNI translation - IPv4 overlay / IPv6 underlay" 1758 echo "----------------------------------------------------------------" 1759 1760 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1761 $src "mausezahn" 1762} 1763 1764egress_vni_translation_ipv6_ipv6() 1765{ 1766 local ns1=ns1_v6 1767 local ns2=ns2_v6 1768 local mcast_grp=ff0e::2 1769 local plen=128 1770 local proto="ipv6" 1771 local grp=ff0e::1 1772 local src=2001:db8:100::1 1773 1774 echo 1775 echo "Data path: Egress VNI translation - IPv6 overlay / IPv6 underlay" 1776 echo "----------------------------------------------------------------" 1777 1778 egress_vni_translation_common $ns1 $ns2 $mcast_grp $plen $proto $grp \ 1779 $src "mausezahn -6" 1780} 1781 1782all_zeros_mdb_common() 1783{ 1784 local ns1=$1; shift 1785 local ns2=$1; shift 1786 local vtep1_ip=$1; shift 1787 local vtep2_ip=$1; shift 1788 local vtep3_ip=$1; shift 1789 local vtep4_ip=$1; shift 1790 local plen=$1; shift 1791 local ipv4_grp=239.1.1.1 1792 local ipv4_unreg_grp=239.2.2.2 1793 local ipv4_ll_grp=224.0.0.100 1794 local ipv4_src=192.0.2.129 1795 local ipv6_grp=ff0e::1 1796 local ipv6_unreg_grp=ff0e::2 1797 local ipv6_ll_grp=ff02::1 1798 local ipv6_src=2001:db8:100::1 1799 1800 # Install all-zeros (catchall) MDB entries for IPv4 and IPv6 traffic 1801 # and make sure they only forward unregistered IP multicast traffic 1802 # which is not link-local. Also make sure that each entry only forwards 1803 # traffic from the matching address family. 1804 1805 # Associate two different VTEPs with one all-zeros MDB entry: Two with 1806 # the IPv4 entry (0.0.0.0) and another two with the IPv6 one (::). 1807 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp 0.0.0.0 permanent dst $vtep1_ip src_vni 10010" 1808 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp 0.0.0.0 permanent dst $vtep2_ip src_vni 10010" 1809 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp :: permanent dst $vtep3_ip src_vni 10010" 1810 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp :: permanent dst $vtep4_ip src_vni 10010" 1811 1812 # Associate one VTEP from each set with a regular MDB entry: One with 1813 # an IPv4 entry and another with an IPv6 one. 1814 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $ipv4_grp permanent dst $vtep1_ip src_vni 10010" 1815 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $ipv6_grp permanent dst $vtep3_ip src_vni 10010" 1816 1817 # Add filters to match on decapsulated traffic in the second namespace. 1818 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1819 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1820 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1821 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 103 proto all flower enc_dst_ip $vtep3_ip action pass" 1822 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 104 proto all flower enc_dst_ip $vtep4_ip action pass" 1823 1824 # Configure the VTEP addresses in the second namespace to enable 1825 # decapsulation. 1826 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1827 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1828 run_cmd "ip -n $ns2 address replace $vtep3_ip/$plen dev lo" 1829 run_cmd "ip -n $ns2 address replace $vtep4_ip/$plen dev lo" 1830 1831 # Send registered IPv4 multicast and make sure it only arrives to the 1832 # first VTEP. 1833 run_cmd "ip netns exec $ns1 mausezahn br0.10 -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1834 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 1835 log_test $? 0 "Registered IPv4 multicast - first VTEP" 1836 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1837 log_test $? 0 "Registered IPv4 multicast - second VTEP" 1838 1839 # Send unregistered IPv4 multicast that is not link-local and make sure 1840 # it arrives to the first and second VTEPs. 1841 run_cmd "ip netns exec $ns1 mausezahn br0.10 -A $ipv4_src -B $ipv4_unreg_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1842 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1843 log_test $? 0 "Unregistered IPv4 multicast - first VTEP" 1844 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1845 log_test $? 0 "Unregistered IPv4 multicast - second VTEP" 1846 1847 # Send IPv4 link-local multicast traffic and make sure it does not 1848 # arrive to any VTEP. 1849 run_cmd "ip netns exec $ns1 mausezahn br0.10 -A $ipv4_src -B $ipv4_ll_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1850 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1851 log_test $? 0 "Link-local IPv4 multicast - first VTEP" 1852 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1853 log_test $? 0 "Link-local IPv4 multicast - second VTEP" 1854 1855 # Send registered IPv4 multicast using a unicast MAC address and make 1856 # sure it does not arrive to any VTEP. 1857 run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b 00:11:22:33:44:55 -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1858 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1859 log_test $? 0 "Registered IPv4 multicast with a unicast MAC - first VTEP" 1860 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1861 log_test $? 0 "Registered IPv4 multicast with a unicast MAC - second VTEP" 1862 1863 # Send registered IPv4 multicast using a broadcast MAC address and make 1864 # sure it does not arrive to any VTEP. 1865 run_cmd "ip netns exec $ns1 mausezahn br0.10 -a own -b bcast -A $ipv4_src -B $ipv4_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1866 tc_check_packets "$ns2" "dev vx0 ingress" 101 2 1867 log_test $? 0 "Registered IPv4 multicast with a broadcast MAC - first VTEP" 1868 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 1869 log_test $? 0 "Registered IPv4 multicast with a broadcast MAC - second VTEP" 1870 1871 # Make sure IPv4 traffic did not reach the VTEPs associated with 1872 # IPv6 entries. 1873 tc_check_packets "$ns2" "dev vx0 ingress" 103 0 1874 log_test $? 0 "IPv4 traffic - third VTEP" 1875 tc_check_packets "$ns2" "dev vx0 ingress" 104 0 1876 log_test $? 0 "IPv4 traffic - fourth VTEP" 1877 1878 # Reset IPv4 filters before testing IPv6 traffic. 1879 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass" 1880 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass" 1881 1882 # Send registered IPv6 multicast and make sure it only arrives to the 1883 # third VTEP. 1884 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1885 tc_check_packets "$ns2" "dev vx0 ingress" 103 1 1886 log_test $? 0 "Registered IPv6 multicast - third VTEP" 1887 tc_check_packets "$ns2" "dev vx0 ingress" 104 0 1888 log_test $? 0 "Registered IPv6 multicast - fourth VTEP" 1889 1890 # Send unregistered IPv6 multicast that is not link-local and make sure 1891 # it arrives to the third and fourth VTEPs. 1892 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -A $ipv6_src -B $ipv6_unreg_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1893 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1894 log_test $? 0 "Unregistered IPv6 multicast - third VTEP" 1895 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1896 log_test $? 0 "Unregistered IPv6 multicast - fourth VTEP" 1897 1898 # Send IPv6 link-local multicast traffic and make sure it does not 1899 # arrive to any VTEP. 1900 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -A $ipv6_src -B $ipv6_ll_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1901 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1902 log_test $? 0 "Link-local IPv6 multicast - third VTEP" 1903 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1904 log_test $? 0 "Link-local IPv6 multicast - fourth VTEP" 1905 1906 # Send registered IPv6 multicast using a unicast MAC address and make 1907 # sure it does not arrive to any VTEP. 1908 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b 00:11:22:33:44:55 -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1909 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1910 log_test $? 0 "Registered IPv6 multicast with a unicast MAC - third VTEP" 1911 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1912 log_test $? 0 "Registered IPv6 multicast with a unicast MAC - fourth VTEP" 1913 1914 # Send registered IPv6 multicast using a broadcast MAC address and make 1915 # sure it does not arrive to any VTEP. 1916 run_cmd "ip netns exec $ns1 mausezahn -6 br0.10 -a own -b bcast -A $ipv6_src -B $ipv6_grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1917 tc_check_packets "$ns2" "dev vx0 ingress" 103 2 1918 log_test $? 0 "Registered IPv6 multicast with a broadcast MAC - third VTEP" 1919 tc_check_packets "$ns2" "dev vx0 ingress" 104 1 1920 log_test $? 0 "Registered IPv6 multicast with a broadcast MAC - fourth VTEP" 1921 1922 # Make sure IPv6 traffic did not reach the VTEPs associated with 1923 # IPv4 entries. 1924 tc_check_packets "$ns2" "dev vx0 ingress" 101 0 1925 log_test $? 0 "IPv6 traffic - first VTEP" 1926 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 1927 log_test $? 0 "IPv6 traffic - second VTEP" 1928} 1929 1930all_zeros_mdb_ipv4() 1931{ 1932 local ns1=ns1_v4 1933 local ns2=ns2_v4 1934 local vtep1_ip=198.51.100.101 1935 local vtep2_ip=198.51.100.102 1936 local vtep3_ip=198.51.100.103 1937 local vtep4_ip=198.51.100.104 1938 local plen=32 1939 1940 echo 1941 echo "Data path: All-zeros MDB entry - IPv4 underlay" 1942 echo "----------------------------------------------" 1943 1944 all_zeros_mdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $vtep3_ip \ 1945 $vtep4_ip $plen 1946} 1947 1948all_zeros_mdb_ipv6() 1949{ 1950 local ns1=ns1_v6 1951 local ns2=ns2_v6 1952 local vtep1_ip=2001:db8:1000::1 1953 local vtep2_ip=2001:db8:2000::1 1954 local vtep3_ip=2001:db8:3000::1 1955 local vtep4_ip=2001:db8:4000::1 1956 local plen=128 1957 1958 echo 1959 echo "Data path: All-zeros MDB entry - IPv6 underlay" 1960 echo "----------------------------------------------" 1961 1962 all_zeros_mdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $vtep3_ip \ 1963 $vtep4_ip $plen 1964} 1965 1966mdb_fdb_common() 1967{ 1968 local ns1=$1; shift 1969 local ns2=$1; shift 1970 local vtep1_ip=$1; shift 1971 local vtep2_ip=$1; shift 1972 local plen=$1; shift 1973 local proto=$1; shift 1974 local grp=$1; shift 1975 local src=$1; shift 1976 local mz=$1; shift 1977 1978 # Install an MDB entry and an FDB entry and make sure that the FDB 1979 # entry only forwards traffic that was not forwarded by the MDB. 1980 1981 # Associate the MDB entry with one VTEP and the FDB entry with another 1982 # VTEP. 1983 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010" 1984 run_cmd "bridge -n $ns1 fdb add 00:00:00:00:00:00 dev vx0 self static dst $vtep2_ip src_vni 10010" 1985 1986 # Add filters to match on decapsulated traffic in the second namespace. 1987 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact" 1988 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto $proto flower ip_proto udp dst_port 54321 enc_dst_ip $vtep1_ip action pass" 1989 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto $proto flower ip_proto udp dst_port 54321 enc_dst_ip $vtep2_ip action pass" 1990 1991 # Configure the VTEP addresses in the second namespace to enable 1992 # decapsulation. 1993 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo" 1994 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo" 1995 1996 # Send IP multicast traffic and make sure it is forwarded by the MDB 1997 # and only arrives to the first VTEP. 1998 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 1999 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 2000 log_test $? 0 "IP multicast - first VTEP" 2001 tc_check_packets "$ns2" "dev vx0 ingress" 102 0 2002 log_test $? 0 "IP multicast - second VTEP" 2003 2004 # Send broadcast traffic and make sure it is forwarded by the FDB and 2005 # only arrives to the second VTEP. 2006 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b bcast -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 2007 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 2008 log_test $? 0 "Broadcast - first VTEP" 2009 tc_check_packets "$ns2" "dev vx0 ingress" 102 1 2010 log_test $? 0 "Broadcast - second VTEP" 2011 2012 # Remove the MDB entry and make sure that IP multicast is now forwarded 2013 # by the FDB to the second VTEP. 2014 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010" 2015 run_cmd "ip netns exec $ns1 $mz br0.10 -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q" 2016 tc_check_packets "$ns2" "dev vx0 ingress" 101 1 2017 log_test $? 0 "IP multicast after removal - first VTEP" 2018 tc_check_packets "$ns2" "dev vx0 ingress" 102 2 2019 log_test $? 0 "IP multicast after removal - second VTEP" 2020} 2021 2022mdb_fdb_ipv4_ipv4() 2023{ 2024 local ns1=ns1_v4 2025 local ns2=ns2_v4 2026 local vtep1_ip=198.51.100.100 2027 local vtep2_ip=198.51.100.200 2028 local plen=32 2029 local proto="ipv4" 2030 local grp=239.1.1.1 2031 local src=192.0.2.129 2032 2033 echo 2034 echo "Data path: MDB with FDB - IPv4 overlay / IPv4 underlay" 2035 echo "------------------------------------------------------" 2036 2037 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \ 2038 "mausezahn" 2039} 2040 2041mdb_fdb_ipv6_ipv4() 2042{ 2043 local ns1=ns1_v4 2044 local ns2=ns2_v4 2045 local vtep1_ip=198.51.100.100 2046 local vtep2_ip=198.51.100.200 2047 local plen=32 2048 local proto="ipv6" 2049 local grp=ff0e::1 2050 local src=2001:db8:100::1 2051 2052 echo 2053 echo "Data path: MDB with FDB - IPv6 overlay / IPv4 underlay" 2054 echo "------------------------------------------------------" 2055 2056 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \ 2057 "mausezahn -6" 2058} 2059 2060mdb_fdb_ipv4_ipv6() 2061{ 2062 local ns1=ns1_v6 2063 local ns2=ns2_v6 2064 local vtep1_ip=2001:db8:1000::1 2065 local vtep2_ip=2001:db8:2000::1 2066 local plen=128 2067 local proto="ipv4" 2068 local grp=239.1.1.1 2069 local src=192.0.2.129 2070 2071 echo 2072 echo "Data path: MDB with FDB - IPv4 overlay / IPv6 underlay" 2073 echo "------------------------------------------------------" 2074 2075 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \ 2076 "mausezahn" 2077} 2078 2079mdb_fdb_ipv6_ipv6() 2080{ 2081 local ns1=ns1_v6 2082 local ns2=ns2_v6 2083 local vtep1_ip=2001:db8:1000::1 2084 local vtep2_ip=2001:db8:2000::1 2085 local plen=128 2086 local proto="ipv6" 2087 local grp=ff0e::1 2088 local src=2001:db8:100::1 2089 2090 echo 2091 echo "Data path: MDB with FDB - IPv6 overlay / IPv6 underlay" 2092 echo "------------------------------------------------------" 2093 2094 mdb_fdb_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $proto $grp $src \ 2095 "mausezahn -6" 2096} 2097 2098mdb_grp1_loop() 2099{ 2100 local ns1=$1; shift 2101 local vtep1_ip=$1; shift 2102 local grp1=$1; shift 2103 2104 while true; do 2105 bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp1 dst $vtep1_ip src_vni 10010 2106 bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp1 permanent dst $vtep1_ip src_vni 10010 2107 done >/dev/null 2>&1 2108} 2109 2110mdb_grp2_loop() 2111{ 2112 local ns1=$1; shift 2113 local vtep1_ip=$1; shift 2114 local vtep2_ip=$1; shift 2115 local grp2=$1; shift 2116 2117 while true; do 2118 bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp2 dst $vtep1_ip src_vni 10010 2119 bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp2 permanent dst $vtep1_ip src_vni 10010 2120 bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep2_ip src_vni 10010 2121 done >/dev/null 2>&1 2122} 2123 2124mdb_torture_common() 2125{ 2126 local ns1=$1; shift 2127 local vtep1_ip=$1; shift 2128 local vtep2_ip=$1; shift 2129 local grp1=$1; shift 2130 local grp2=$1; shift 2131 local src=$1; shift 2132 local mz=$1; shift 2133 local pid1 2134 local pid2 2135 local pid3 2136 local pid4 2137 2138 # Continuously send two streams that are forwarded by two different MDB 2139 # entries. The first entry will be added and deleted in a loop. This 2140 # allows us to test that the data path does not use freed MDB entry 2141 # memory. The second entry will have two remotes, one that is added and 2142 # deleted in a loop and another that is replaced in a loop. This allows 2143 # us to test that the data path does not use freed remote entry memory. 2144 # The test is considered successful if nothing crashed. 2145 2146 # Create the MDB entries that will be continuously deleted / replaced. 2147 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp1 permanent dst $vtep1_ip src_vni 10010" 2148 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep1_ip src_vni 10010" 2149 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp2 permanent dst $vtep2_ip src_vni 10010" 2150 2151 mdb_grp1_loop $ns1 $vtep1_ip $grp1 & 2152 pid1=$! 2153 mdb_grp2_loop $ns1 $vtep1_ip $vtep2_ip $grp2 & 2154 pid2=$! 2155 ip netns exec $ns1 $mz br0.10 -A $src -B $grp1 -t udp sp=12345,dp=54321 -p 100 -c 0 -q & 2156 pid3=$! 2157 ip netns exec $ns1 $mz br0.10 -A $src -B $grp2 -t udp sp=12345,dp=54321 -p 100 -c 0 -q & 2158 pid4=$! 2159 2160 sleep 30 2161 kill -9 $pid1 $pid2 $pid3 $pid4 2162 wait $pid1 $pid2 $pid3 $pid4 2>/dev/null 2163 2164 log_test 0 0 "Torture test" 2165} 2166 2167mdb_torture_ipv4_ipv4() 2168{ 2169 local ns1=ns1_v4 2170 local vtep1_ip=198.51.100.100 2171 local vtep2_ip=198.51.100.200 2172 local grp1=239.1.1.1 2173 local grp2=239.2.2.2 2174 local src=192.0.2.129 2175 2176 echo 2177 echo "Data path: MDB torture test - IPv4 overlay / IPv4 underlay" 2178 echo "----------------------------------------------------------" 2179 2180 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \ 2181 "mausezahn" 2182} 2183 2184mdb_torture_ipv6_ipv4() 2185{ 2186 local ns1=ns1_v4 2187 local vtep1_ip=198.51.100.100 2188 local vtep2_ip=198.51.100.200 2189 local grp1=ff0e::1 2190 local grp2=ff0e::2 2191 local src=2001:db8:100::1 2192 2193 echo 2194 echo "Data path: MDB torture test - IPv6 overlay / IPv4 underlay" 2195 echo "----------------------------------------------------------" 2196 2197 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \ 2198 "mausezahn -6" 2199} 2200 2201mdb_torture_ipv4_ipv6() 2202{ 2203 local ns1=ns1_v6 2204 local vtep1_ip=2001:db8:1000::1 2205 local vtep2_ip=2001:db8:2000::1 2206 local grp1=239.1.1.1 2207 local grp2=239.2.2.2 2208 local src=192.0.2.129 2209 2210 echo 2211 echo "Data path: MDB torture test - IPv4 overlay / IPv6 underlay" 2212 echo "----------------------------------------------------------" 2213 2214 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \ 2215 "mausezahn" 2216} 2217 2218mdb_torture_ipv6_ipv6() 2219{ 2220 local ns1=ns1_v6 2221 local vtep1_ip=2001:db8:1000::1 2222 local vtep2_ip=2001:db8:2000::1 2223 local grp1=ff0e::1 2224 local grp2=ff0e::2 2225 local src=2001:db8:100::1 2226 2227 echo 2228 echo "Data path: MDB torture test - IPv6 overlay / IPv6 underlay" 2229 echo "----------------------------------------------------------" 2230 2231 mdb_torture_common $ns1 $vtep1_ip $vtep2_ip $grp1 $grp2 $src \ 2232 "mausezahn -6" 2233} 2234 2235################################################################################ 2236# Usage 2237 2238usage() 2239{ 2240 cat <<EOF 2241usage: ${0##*/} OPTS 2242 2243 -t <test> Test(s) to run (default: all) 2244 (options: $TESTS) 2245 -c Control path tests only 2246 -d Data path tests only 2247 -p Pause on fail 2248 -P Pause after each test before cleanup 2249 -v Verbose mode (show commands and output) 2250EOF 2251} 2252 2253################################################################################ 2254# Main 2255 2256trap cleanup EXIT 2257 2258while getopts ":t:cdpPvh" opt; do 2259 case $opt in 2260 t) TESTS=$OPTARG;; 2261 c) TESTS=${CONTROL_PATH_TESTS};; 2262 d) TESTS=${DATA_PATH_TESTS};; 2263 p) PAUSE_ON_FAIL=yes;; 2264 P) PAUSE=yes;; 2265 v) VERBOSE=$(($VERBOSE + 1));; 2266 h) usage; exit 0;; 2267 *) usage; exit 1;; 2268 esac 2269done 2270 2271# Make sure we don't pause twice. 2272[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no 2273 2274if [ "$(id -u)" -ne 0 ];then 2275 echo "SKIP: Need root privileges" 2276 exit $ksft_skip; 2277fi 2278 2279if [ ! -x "$(command -v ip)" ]; then 2280 echo "SKIP: Could not run test without ip tool" 2281 exit $ksft_skip 2282fi 2283 2284if [ ! -x "$(command -v bridge)" ]; then 2285 echo "SKIP: Could not run test without bridge tool" 2286 exit $ksft_skip 2287fi 2288 2289if [ ! -x "$(command -v mausezahn)" ]; then 2290 echo "SKIP: Could not run test without mausezahn tool" 2291 exit $ksft_skip 2292fi 2293 2294if [ ! -x "$(command -v jq)" ]; then 2295 echo "SKIP: Could not run test without jq tool" 2296 exit $ksft_skip 2297fi 2298 2299bridge mdb help 2>&1 | grep -q "src_vni" 2300if [ $? -ne 0 ]; then 2301 echo "SKIP: iproute2 bridge too old, missing VXLAN MDB support" 2302 exit $ksft_skip 2303fi 2304 2305# Start clean. 2306cleanup 2307 2308for t in $TESTS 2309do 2310 setup; $t; cleanup; 2311done 2312 2313if [ "$TESTS" != "none" ]; then 2314 printf "\nTests passed: %3d\n" ${nsuccess} 2315 printf "Tests failed: %3d\n" ${nfail} 2316fi 2317 2318exit $ret 2319