| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238 |
- #!/bin/bash
- # SPDX-License-Identifier: GPL-2.0
- # This test is for checking the [no]localbypass VXLAN device option. The test
- # configures two VXLAN devices in the same network namespace and a tc filter on
- # the loopback device that drops encapsulated packets. The test sends packets
- # from the first VXLAN device and verifies that by default these packets are
- # received by the second VXLAN device. The test then enables the nolocalbypass
- # option and verifies that packets are no longer received by the second VXLAN
- # device.
- source lib.sh
- ret=0
- TESTS="
- nolocalbypass
- "
- VERBOSE=0
- PAUSE_ON_FAIL=no
- PAUSE=no
- ################################################################################
- # Utilities
- log_test()
- {
- local rc=$1
- local expected=$2
- local msg="$3"
- if [ ${rc} -eq ${expected} ]; then
- printf "TEST: %-60s [ OK ]\n" "${msg}"
- nsuccess=$((nsuccess+1))
- else
- ret=1
- nfail=$((nfail+1))
- printf "TEST: %-60s [FAIL]\n" "${msg}"
- if [ "$VERBOSE" = "1" ]; then
- echo " rc=$rc, expected $expected"
- fi
- if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
- echo
- echo "hit enter to continue, 'q' to quit"
- read a
- [ "$a" = "q" ] && exit 1
- fi
- fi
- if [ "${PAUSE}" = "yes" ]; then
- echo
- echo "hit enter to continue, 'q' to quit"
- read a
- [ "$a" = "q" ] && exit 1
- fi
- [ "$VERBOSE" = "1" ] && echo
- }
- run_cmd()
- {
- local cmd="$1"
- local out
- local stderr="2>/dev/null"
- if [ "$VERBOSE" = "1" ]; then
- printf "COMMAND: $cmd\n"
- stderr=
- fi
- out=$(eval $cmd $stderr)
- rc=$?
- if [ "$VERBOSE" = "1" -a -n "$out" ]; then
- echo " $out"
- fi
- return $rc
- }
- tc_check_packets()
- {
- local ns=$1; shift
- local id=$1; shift
- local handle=$1; shift
- local count=$1; shift
- local pkts
- sleep 0.1
- pkts=$(tc -n $ns -j -s filter show $id \
- | jq ".[] | select(.options.handle == $handle) | \
- .options.actions[0].stats.packets")
- [[ $pkts == $count ]]
- }
- ################################################################################
- # Setup
- setup()
- {
- setup_ns ns1
- ip -n $ns1 address add 192.0.2.1/32 dev lo
- ip -n $ns1 address add 198.51.100.1/32 dev lo
- ip -n $ns1 link add name vx0 up type vxlan id 100 local 198.51.100.1 \
- dstport 4789 nolearning
- ip -n $ns1 link add name vx1 up type vxlan id 100 dstport 4790
- }
- cleanup()
- {
- cleanup_ns $ns1
- }
- ################################################################################
- # Tests
- nolocalbypass()
- {
- local smac=00:01:02:03:04:05
- local dmac=00:0a:0b:0c:0d:0e
- run_cmd "bridge -n $ns1 fdb add $dmac dev vx0 self static dst 192.0.2.1 port 4790"
- run_cmd "tc -n $ns1 qdisc add dev vx1 clsact"
- run_cmd "tc -n $ns1 filter add dev vx1 ingress pref 1 handle 101 proto all flower src_mac $smac dst_mac $dmac action pass"
- run_cmd "tc -n $ns1 qdisc add dev lo clsact"
- run_cmd "tc -n $ns1 filter add dev lo ingress pref 1 handle 101 proto ip flower ip_proto udp dst_port 4790 action drop"
- run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'"
- log_test $? 0 "localbypass enabled"
- run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"
- tc_check_packets "$ns1" "dev vx1 ingress" 101 1
- log_test $? 0 "Packet received by local VXLAN device - localbypass"
- run_cmd "ip -n $ns1 link set dev vx0 type vxlan nolocalbypass"
- run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == false'"
- log_test $? 0 "localbypass disabled"
- run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"
- tc_check_packets "$ns1" "dev vx1 ingress" 101 1
- log_test $? 0 "Packet not received by local VXLAN device - nolocalbypass"
- run_cmd "ip -n $ns1 link set dev vx0 type vxlan localbypass"
- run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'"
- log_test $? 0 "localbypass enabled"
- run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"
- tc_check_packets "$ns1" "dev vx1 ingress" 101 2
- log_test $? 0 "Packet received by local VXLAN device - localbypass"
- }
- ################################################################################
- # Usage
- usage()
- {
- cat <<EOF
- usage: ${0##*/} OPTS
- -t <test> Test(s) to run (default: all)
- (options: $TESTS)
- -p Pause on fail
- -P Pause after each test before cleanup
- -v Verbose mode (show commands and output)
- EOF
- }
- ################################################################################
- # Main
- trap cleanup EXIT
- while getopts ":t:pPvh" opt; do
- case $opt in
- t) TESTS=$OPTARG ;;
- p) PAUSE_ON_FAIL=yes;;
- P) PAUSE=yes;;
- v) VERBOSE=$(($VERBOSE + 1));;
- h) usage; exit 0;;
- *) usage; exit 1;;
- esac
- done
- # Make sure we don't pause twice.
- [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
- if [ "$(id -u)" -ne 0 ];then
- echo "SKIP: Need root privileges"
- exit $ksft_skip;
- fi
- if [ ! -x "$(command -v ip)" ]; then
- echo "SKIP: Could not run test without ip tool"
- exit $ksft_skip
- fi
- if [ ! -x "$(command -v bridge)" ]; then
- echo "SKIP: Could not run test without bridge tool"
- exit $ksft_skip
- fi
- if [ ! -x "$(command -v mausezahn)" ]; then
- echo "SKIP: Could not run test without mausezahn tool"
- exit $ksft_skip
- fi
- if [ ! -x "$(command -v jq)" ]; then
- echo "SKIP: Could not run test without jq tool"
- exit $ksft_skip
- fi
- ip link help vxlan 2>&1 | grep -q "localbypass"
- if [ $? -ne 0 ]; then
- echo "SKIP: iproute2 ip too old, missing VXLAN nolocalbypass support"
- exit $ksft_skip
- fi
- cleanup
- for t in $TESTS
- do
- setup; $t; cleanup;
- done
- if [ "$TESTS" != "none" ]; then
- printf "\nTests passed: %3d\n" ${nsuccess}
- printf "Tests failed: %3d\n" ${nfail}
- fi
- exit $ret
|