| #!/bin/bash |
| # SPDX-License-Identifier: GPL-2.0 |
| # |
| # This test is for checking bridge neighbor suppression functionality. The |
| # topology consists of two bridges (VTEPs) connected using VXLAN. A single |
| # host is connected to each bridge over multiple VLANs. The test checks that |
| # ARP/NS messages from the first host are suppressed on the VXLAN port when |
| # should. |
| # |
| # +-----------------------+ +------------------------+ |
| # | h1 | | h2 | |
| # | | | | |
| # | + eth0.10 | | + eth0.10 | |
| # | | 192.0.2.1/28 | | | 192.0.2.2/28 | |
| # | | 2001:db8:1::1/64 | | | 2001:db8:1::2/64 | |
| # | | | | | | |
| # | | + eth0.20 | | | + eth0.20 | |
| # | \ | 192.0.2.17/28 | | \ | 192.0.2.18/28 | |
| # | \ | 2001:db8:2::1/64 | | \ | 2001:db8:2::2/64 | |
| # | \| | | \| | |
| # | + eth0 | | + eth0 | |
| # +----|------------------+ +----|-------------------+ |
| # | | |
| # | | |
| # +----|-------------------------------+ +----|-------------------------------+ |
| # | + swp1 + vx0 | | + swp1 + vx0 | |
| # | | | | | | | | |
| # | | br0 | | | | | | |
| # | +------------+-----------+ | | +------------+-----------+ | |
| # | | | | | | |
| # | | | | | | |
| # | +---+---+ | | +---+---+ | |
| # | | | | | | | | |
| # | | | | | | | | |
| # | + + | | + + | |
| # | br0.10 br0.20 | | br0.10 br0.20 | |
| # | | | | |
| # | 192.0.2.33 | | 192.0.2.34 | |
| # | + lo | | + lo | |
| # | | | | |
| # | | | | |
| # | 192.0.2.49/28 | | 192.0.2.50/28 | |
| # | veth0 +-------+ veth0 | |
| # | | | | |
| # | sw1 | | sw2 | |
| # +------------------------------------+ +------------------------------------+ |
| |
| source lib.sh |
| ret=0 |
| |
| # All tests in this script. Can be overridden with -t option. |
| TESTS=" |
| neigh_suppress_arp |
| neigh_suppress_ns |
| neigh_vlan_suppress_arp |
| neigh_vlan_suppress_ns |
| " |
| VERBOSE=0 |
| PAUSE_ON_FAIL=no |
| PAUSE=no |
| |
| ################################################################################ |
| # Utilities |
| |
| log_test() |
| { |
| local rc=$1 |
| local expected=$2 |
| local msg="$3" |
| |
| if [ ${rc} -eq ${expected} ]; then |
| printf "TEST: %-60s [ OK ]\n" "${msg}" |
| nsuccess=$((nsuccess+1)) |
| else |
| ret=1 |
| nfail=$((nfail+1)) |
| printf "TEST: %-60s [FAIL]\n" "${msg}" |
| if [ "$VERBOSE" = "1" ]; then |
| echo " rc=$rc, expected $expected" |
| fi |
| |
| if [ "${PAUSE_ON_FAIL}" = "yes" ]; then |
| echo |
| echo "hit enter to continue, 'q' to quit" |
| read a |
| [ "$a" = "q" ] && exit 1 |
| fi |
| fi |
| |
| if [ "${PAUSE}" = "yes" ]; then |
| echo |
| echo "hit enter to continue, 'q' to quit" |
| read a |
| [ "$a" = "q" ] && exit 1 |
| fi |
| |
| [ "$VERBOSE" = "1" ] && echo |
| } |
| |
| run_cmd() |
| { |
| local cmd="$1" |
| local out |
| local stderr="2>/dev/null" |
| |
| if [ "$VERBOSE" = "1" ]; then |
| printf "COMMAND: $cmd\n" |
| stderr= |
| fi |
| |
| out=$(eval $cmd $stderr) |
| rc=$? |
| if [ "$VERBOSE" = "1" -a -n "$out" ]; then |
| echo " $out" |
| fi |
| |
| return $rc |
| } |
| |
| tc_check_packets() |
| { |
| local ns=$1; shift |
| local id=$1; shift |
| local handle=$1; shift |
| local count=$1; shift |
| local pkts |
| |
| sleep 0.1 |
| pkts=$(tc -n $ns -j -s filter show $id \ |
| | jq ".[] | select(.options.handle == $handle) | \ |
| .options.actions[0].stats.packets") |
| [[ $pkts == $count ]] |
| } |
| |
| ################################################################################ |
| # Setup |
| |
| setup_topo_ns() |
| { |
| local ns=$1; shift |
| |
| ip netns exec $ns sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 |
| ip netns exec $ns sysctl -qw net.ipv6.conf.default.ignore_routes_with_linkdown=1 |
| ip netns exec $ns sysctl -qw net.ipv6.conf.all.accept_dad=0 |
| ip netns exec $ns sysctl -qw net.ipv6.conf.default.accept_dad=0 |
| } |
| |
| setup_topo() |
| { |
| local ns |
| |
| setup_ns h1 h2 sw1 sw2 |
| for ns in $h1 $h2 $sw1 $sw2; do |
| setup_topo_ns $ns |
| done |
| |
| ip -n $h1 link add name eth0 type veth peer name swp1 netns $sw1 |
| ip -n $sw1 link add name veth0 type veth peer name veth0 netns $sw2 |
| ip -n $h2 link add name eth0 type veth peer name swp1 netns $sw2 |
| } |
| |
| setup_host_common() |
| { |
| local ns=$1; shift |
| local v4addr1=$1; shift |
| local v4addr2=$1; shift |
| local v6addr1=$1; shift |
| local v6addr2=$1; shift |
| |
| ip -n $ns link set dev eth0 up |
| ip -n $ns link add link eth0 name eth0.10 up type vlan id 10 |
| ip -n $ns link add link eth0 name eth0.20 up type vlan id 20 |
| |
| ip -n $ns address add $v4addr1 dev eth0.10 |
| ip -n $ns address add $v4addr2 dev eth0.20 |
| ip -n $ns address add $v6addr1 dev eth0.10 |
| ip -n $ns address add $v6addr2 dev eth0.20 |
| } |
| |
| setup_h1() |
| { |
| local ns=$h1 |
| local v4addr1=192.0.2.1/28 |
| local v4addr2=192.0.2.17/28 |
| local v6addr1=2001:db8:1::1/64 |
| local v6addr2=2001:db8:2::1/64 |
| |
| setup_host_common $ns $v4addr1 $v4addr2 $v6addr1 $v6addr2 |
| } |
| |
| setup_h2() |
| { |
| local ns=$h2 |
| local v4addr1=192.0.2.2/28 |
| local v4addr2=192.0.2.18/28 |
| local v6addr1=2001:db8:1::2/64 |
| local v6addr2=2001:db8:2::2/64 |
| |
| setup_host_common $ns $v4addr1 $v4addr2 $v6addr1 $v6addr2 |
| } |
| |
| setup_sw_common() |
| { |
| local ns=$1; shift |
| local local_addr=$1; shift |
| local remote_addr=$1; shift |
| local veth_addr=$1; shift |
| local gw_addr=$1; shift |
| |
| ip -n $ns address add $local_addr/32 dev lo |
| |
| ip -n $ns link set dev veth0 up |
| ip -n $ns address add $veth_addr/28 dev veth0 |
| ip -n $ns route add default via $gw_addr |
| |
| ip -n $ns link add name br0 up type bridge vlan_filtering 1 \ |
| vlan_default_pvid 0 mcast_snooping 0 |
| |
| ip -n $ns link add link br0 name br0.10 up type vlan id 10 |
| bridge -n $ns vlan add vid 10 dev br0 self |
| |
| ip -n $ns link add link br0 name br0.20 up type vlan id 20 |
| bridge -n $ns vlan add vid 20 dev br0 self |
| |
| ip -n $ns link set dev swp1 up master br0 |
| bridge -n $ns vlan add vid 10 dev swp1 |
| bridge -n $ns vlan add vid 20 dev swp1 |
| |
| ip -n $ns link add name vx0 up master br0 type vxlan \ |
| local $local_addr dstport 4789 nolearning external |
| bridge -n $ns fdb add 00:00:00:00:00:00 dev vx0 self static \ |
| dst $remote_addr src_vni 10010 |
| bridge -n $ns fdb add 00:00:00:00:00:00 dev vx0 self static \ |
| dst $remote_addr src_vni 10020 |
| bridge -n $ns link set dev vx0 vlan_tunnel on learning off |
| |
| bridge -n $ns vlan add vid 10 dev vx0 |
| bridge -n $ns vlan add vid 10 dev vx0 tunnel_info id 10010 |
| |
| bridge -n $ns vlan add vid 20 dev vx0 |
| bridge -n $ns vlan add vid 20 dev vx0 tunnel_info id 10020 |
| } |
| |
| setup_sw1() |
| { |
| local ns=$sw1 |
| local local_addr=192.0.2.33 |
| local remote_addr=192.0.2.34 |
| local veth_addr=192.0.2.49 |
| local gw_addr=192.0.2.50 |
| |
| setup_sw_common $ns $local_addr $remote_addr $veth_addr $gw_addr |
| } |
| |
| setup_sw2() |
| { |
| local ns=$sw2 |
| local local_addr=192.0.2.34 |
| local remote_addr=192.0.2.33 |
| local veth_addr=192.0.2.50 |
| local gw_addr=192.0.2.49 |
| |
| setup_sw_common $ns $local_addr $remote_addr $veth_addr $gw_addr |
| } |
| |
| setup() |
| { |
| set -e |
| |
| setup_topo |
| setup_h1 |
| setup_h2 |
| setup_sw1 |
| setup_sw2 |
| |
| sleep 5 |
| |
| set +e |
| } |
| |
| cleanup() |
| { |
| cleanup_ns $h1 $h2 $sw1 $sw2 |
| } |
| |
| ################################################################################ |
| # Tests |
| |
| neigh_suppress_arp_common() |
| { |
| local vid=$1; shift |
| local sip=$1; shift |
| local tip=$1; shift |
| local h2_mac |
| |
| echo |
| echo "Per-port ARP suppression - VLAN $vid" |
| echo "----------------------------------" |
| |
| run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact" |
| run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto 0x0806 flower indev swp1 arp_tip $tip arp_sip $sip arp_op request action pass" |
| |
| # Initial state - check that ARP requests are not suppressed and that |
| # ARP replies are received. |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip" |
| log_test $? 0 "arping" |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "ARP suppression" |
| |
| # Enable neighbor suppression and check that nothing changes compared |
| # to the initial state. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\"" |
| log_test $? 0 "\"neigh_suppress\" is on" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip" |
| log_test $? 0 "arping" |
| tc_check_packets $sw1 "dev vx0 egress" 101 2 |
| log_test $? 0 "ARP suppression" |
| |
| # Install an FDB entry for the remote host and check that nothing |
| # changes compared to the initial state. |
| h2_mac=$(ip -n $h2 -j -p link show eth0.$vid | jq -r '.[]["address"]') |
| run_cmd "bridge -n $sw1 fdb replace $h2_mac dev vx0 master static vlan $vid" |
| log_test $? 0 "FDB entry installation" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip" |
| log_test $? 0 "arping" |
| tc_check_packets $sw1 "dev vx0 egress" 101 3 |
| log_test $? 0 "ARP suppression" |
| |
| # Install a neighbor on the matching SVI interface and check that ARP |
| # requests are suppressed. |
| run_cmd "ip -n $sw1 neigh replace $tip lladdr $h2_mac nud permanent dev br0.$vid" |
| log_test $? 0 "Neighbor entry installation" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip" |
| log_test $? 0 "arping" |
| tc_check_packets $sw1 "dev vx0 egress" 101 3 |
| log_test $? 0 "ARP suppression" |
| |
| # Take the second host down and check that ARP requests are suppressed |
| # and that ARP replies are received. |
| run_cmd "ip -n $h2 link set dev eth0.$vid down" |
| log_test $? 0 "H2 down" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip" |
| log_test $? 0 "arping" |
| tc_check_packets $sw1 "dev vx0 egress" 101 3 |
| log_test $? 0 "ARP suppression" |
| |
| run_cmd "ip -n $h2 link set dev eth0.$vid up" |
| log_test $? 0 "H2 up" |
| |
| # Disable neighbor suppression and check that ARP requests are no |
| # longer suppressed. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress off" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress off\"" |
| log_test $? 0 "\"neigh_suppress\" is off" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip" |
| log_test $? 0 "arping" |
| tc_check_packets $sw1 "dev vx0 egress" 101 4 |
| log_test $? 0 "ARP suppression" |
| |
| # Take the second host down and check that ARP requests are not |
| # suppressed and that ARP replies are not received. |
| run_cmd "ip -n $h2 link set dev eth0.$vid down" |
| log_test $? 0 "H2 down" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip" |
| log_test $? 1 "arping" |
| tc_check_packets $sw1 "dev vx0 egress" 101 5 |
| log_test $? 0 "ARP suppression" |
| } |
| |
| neigh_suppress_arp() |
| { |
| local vid=10 |
| local sip=192.0.2.1 |
| local tip=192.0.2.2 |
| |
| neigh_suppress_arp_common $vid $sip $tip |
| |
| vid=20 |
| sip=192.0.2.17 |
| tip=192.0.2.18 |
| neigh_suppress_arp_common $vid $sip $tip |
| } |
| |
| neigh_suppress_ns_common() |
| { |
| local vid=$1; shift |
| local saddr=$1; shift |
| local daddr=$1; shift |
| local maddr=$1; shift |
| local h2_mac |
| |
| echo |
| echo "Per-port NS suppression - VLAN $vid" |
| echo "---------------------------------" |
| |
| run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact" |
| run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip $maddr src_ip $saddr type 135 code 0 action pass" |
| |
| # Initial state - check that NS messages are not suppressed and that ND |
| # messages are received. |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid" |
| log_test $? 0 "ndisc6" |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "NS suppression" |
| |
| # Enable neighbor suppression and check that nothing changes compared |
| # to the initial state. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\"" |
| log_test $? 0 "\"neigh_suppress\" is on" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid" |
| log_test $? 0 "ndisc6" |
| tc_check_packets $sw1 "dev vx0 egress" 101 2 |
| log_test $? 0 "NS suppression" |
| |
| # Install an FDB entry for the remote host and check that nothing |
| # changes compared to the initial state. |
| h2_mac=$(ip -n $h2 -j -p link show eth0.$vid | jq -r '.[]["address"]') |
| run_cmd "bridge -n $sw1 fdb replace $h2_mac dev vx0 master static vlan $vid" |
| log_test $? 0 "FDB entry installation" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid" |
| log_test $? 0 "ndisc6" |
| tc_check_packets $sw1 "dev vx0 egress" 101 3 |
| log_test $? 0 "NS suppression" |
| |
| # Install a neighbor on the matching SVI interface and check that NS |
| # messages are suppressed. |
| run_cmd "ip -n $sw1 neigh replace $daddr lladdr $h2_mac nud permanent dev br0.$vid" |
| log_test $? 0 "Neighbor entry installation" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid" |
| log_test $? 0 "ndisc6" |
| tc_check_packets $sw1 "dev vx0 egress" 101 3 |
| log_test $? 0 "NS suppression" |
| |
| # Take the second host down and check that NS messages are suppressed |
| # and that ND messages are received. |
| run_cmd "ip -n $h2 link set dev eth0.$vid down" |
| log_test $? 0 "H2 down" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid" |
| log_test $? 0 "ndisc6" |
| tc_check_packets $sw1 "dev vx0 egress" 101 3 |
| log_test $? 0 "NS suppression" |
| |
| run_cmd "ip -n $h2 link set dev eth0.$vid up" |
| log_test $? 0 "H2 up" |
| |
| # Disable neighbor suppression and check that NS messages are no longer |
| # suppressed. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress off" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress off\"" |
| log_test $? 0 "\"neigh_suppress\" is off" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid" |
| log_test $? 0 "ndisc6" |
| tc_check_packets $sw1 "dev vx0 egress" 101 4 |
| log_test $? 0 "NS suppression" |
| |
| # Take the second host down and check that NS messages are not |
| # suppressed and that ND messages are not received. |
| run_cmd "ip -n $h2 link set dev eth0.$vid down" |
| log_test $? 0 "H2 down" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid" |
| log_test $? 2 "ndisc6" |
| tc_check_packets $sw1 "dev vx0 egress" 101 5 |
| log_test $? 0 "NS suppression" |
| } |
| |
| neigh_suppress_ns() |
| { |
| local vid=10 |
| local saddr=2001:db8:1::1 |
| local daddr=2001:db8:1::2 |
| local maddr=ff02::1:ff00:2 |
| |
| neigh_suppress_ns_common $vid $saddr $daddr $maddr |
| |
| vid=20 |
| saddr=2001:db8:2::1 |
| daddr=2001:db8:2::2 |
| maddr=ff02::1:ff00:2 |
| |
| neigh_suppress_ns_common $vid $saddr $daddr $maddr |
| } |
| |
| neigh_vlan_suppress_arp() |
| { |
| local vid1=10 |
| local vid2=20 |
| local sip1=192.0.2.1 |
| local sip2=192.0.2.17 |
| local tip1=192.0.2.2 |
| local tip2=192.0.2.18 |
| local h2_mac1 |
| local h2_mac2 |
| |
| echo |
| echo "Per-{Port, VLAN} ARP suppression" |
| echo "--------------------------------" |
| |
| run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact" |
| run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto 0x0806 flower indev swp1 arp_tip $tip1 arp_sip $sip1 arp_op request action pass" |
| run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 102 proto 0x0806 flower indev swp1 arp_tip $tip2 arp_sip $sip2 arp_op request action pass" |
| |
| h2_mac1=$(ip -n $h2 -j -p link show eth0.$vid1 | jq -r '.[]["address"]') |
| h2_mac2=$(ip -n $h2 -j -p link show eth0.$vid2 | jq -r '.[]["address"]') |
| run_cmd "bridge -n $sw1 fdb replace $h2_mac1 dev vx0 master static vlan $vid1" |
| run_cmd "bridge -n $sw1 fdb replace $h2_mac2 dev vx0 master static vlan $vid2" |
| run_cmd "ip -n $sw1 neigh replace $tip1 lladdr $h2_mac1 nud permanent dev br0.$vid1" |
| run_cmd "ip -n $sw1 neigh replace $tip2 lladdr $h2_mac2 nud permanent dev br0.$vid2" |
| |
| # Enable per-{Port, VLAN} neighbor suppression and check that ARP |
| # requests are not suppressed and that ARP replies are received. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_vlan_suppress on" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_vlan_suppress on\"" |
| log_test $? 0 "\"neigh_vlan_suppress\" is on" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1" |
| log_test $? 0 "arping (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2" |
| log_test $? 0 "arping (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "ARP suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 1 |
| log_test $? 0 "ARP suppression (VLAN $vid2)" |
| |
| # Enable neighbor suppression on VLAN 10 and check that only on this |
| # VLAN ARP requests are suppressed. |
| run_cmd "bridge -n $sw1 vlan set vid $vid1 dev vx0 neigh_suppress on" |
| run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid1 | grep \"neigh_suppress on\"" |
| log_test $? 0 "\"neigh_suppress\" is on (VLAN $vid1)" |
| run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid2 | grep \"neigh_suppress off\"" |
| log_test $? 0 "\"neigh_suppress\" is off (VLAN $vid2)" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1" |
| log_test $? 0 "arping (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2" |
| log_test $? 0 "arping (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "ARP suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 2 |
| log_test $? 0 "ARP suppression (VLAN $vid2)" |
| |
| # Enable neighbor suppression on the port and check that it has no |
| # effect compared to previous state. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\"" |
| log_test $? 0 "\"neigh_suppress\" is on" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1" |
| log_test $? 0 "arping (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2" |
| log_test $? 0 "arping (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "ARP suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 3 |
| log_test $? 0 "ARP suppression (VLAN $vid2)" |
| |
| # Disable neighbor suppression on the port and check that it has no |
| # effect compared to previous state. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress off" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress off\"" |
| log_test $? 0 "\"neigh_suppress\" is off" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1" |
| log_test $? 0 "arping (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2" |
| log_test $? 0 "arping (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "ARP suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 4 |
| log_test $? 0 "ARP suppression (VLAN $vid2)" |
| |
| # Disable neighbor suppression on VLAN 10 and check that ARP requests |
| # are no longer suppressed on this VLAN. |
| run_cmd "bridge -n $sw1 vlan set vid $vid1 dev vx0 neigh_suppress off" |
| run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid1 | grep \"neigh_suppress off\"" |
| log_test $? 0 "\"neigh_suppress\" is off (VLAN $vid1)" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1" |
| log_test $? 0 "arping (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2" |
| log_test $? 0 "arping (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 2 |
| log_test $? 0 "ARP suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 5 |
| log_test $? 0 "ARP suppression (VLAN $vid2)" |
| |
| # Disable per-{Port, VLAN} neighbor suppression, enable neighbor |
| # suppression on the port and check that on both VLANs ARP requests are |
| # suppressed. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_vlan_suppress off" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_vlan_suppress off\"" |
| log_test $? 0 "\"neigh_vlan_suppress\" is off" |
| |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\"" |
| log_test $? 0 "\"neigh_suppress\" is on" |
| |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1" |
| log_test $? 0 "arping (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2" |
| log_test $? 0 "arping (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 2 |
| log_test $? 0 "ARP suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 5 |
| log_test $? 0 "ARP suppression (VLAN $vid2)" |
| } |
| |
| neigh_vlan_suppress_ns() |
| { |
| local vid1=10 |
| local vid2=20 |
| local saddr1=2001:db8:1::1 |
| local saddr2=2001:db8:2::1 |
| local daddr1=2001:db8:1::2 |
| local daddr2=2001:db8:2::2 |
| local maddr=ff02::1:ff00:2 |
| local h2_mac1 |
| local h2_mac2 |
| |
| echo |
| echo "Per-{Port, VLAN} NS suppression" |
| echo "-------------------------------" |
| |
| run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact" |
| run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip $maddr src_ip $saddr1 type 135 code 0 action pass" |
| run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 102 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip $maddr src_ip $saddr2 type 135 code 0 action pass" |
| |
| h2_mac1=$(ip -n $h2 -j -p link show eth0.$vid1 | jq -r '.[]["address"]') |
| h2_mac2=$(ip -n $h2 -j -p link show eth0.$vid2 | jq -r '.[]["address"]') |
| run_cmd "bridge -n $sw1 fdb replace $h2_mac1 dev vx0 master static vlan $vid1" |
| run_cmd "bridge -n $sw1 fdb replace $h2_mac2 dev vx0 master static vlan $vid2" |
| run_cmd "ip -n $sw1 neigh replace $daddr1 lladdr $h2_mac1 nud permanent dev br0.$vid1" |
| run_cmd "ip -n $sw1 neigh replace $daddr2 lladdr $h2_mac2 nud permanent dev br0.$vid2" |
| |
| # Enable per-{Port, VLAN} neighbor suppression and check that NS |
| # messages are not suppressed and that ND messages are received. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_vlan_suppress on" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_vlan_suppress on\"" |
| log_test $? 0 "\"neigh_vlan_suppress\" is on" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1" |
| log_test $? 0 "ndisc6 (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2" |
| log_test $? 0 "ndisc6 (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "NS suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 1 |
| log_test $? 0 "NS suppression (VLAN $vid2)" |
| |
| # Enable neighbor suppression on VLAN 10 and check that only on this |
| # VLAN NS messages are suppressed. |
| run_cmd "bridge -n $sw1 vlan set vid $vid1 dev vx0 neigh_suppress on" |
| run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid1 | grep \"neigh_suppress on\"" |
| log_test $? 0 "\"neigh_suppress\" is on (VLAN $vid1)" |
| run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid2 | grep \"neigh_suppress off\"" |
| log_test $? 0 "\"neigh_suppress\" is off (VLAN $vid2)" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1" |
| log_test $? 0 "ndisc6 (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2" |
| log_test $? 0 "ndisc6 (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "NS suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 2 |
| log_test $? 0 "NS suppression (VLAN $vid2)" |
| |
| # Enable neighbor suppression on the port and check that it has no |
| # effect compared to previous state. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\"" |
| log_test $? 0 "\"neigh_suppress\" is on" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1" |
| log_test $? 0 "ndisc6 (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2" |
| log_test $? 0 "ndisc6 (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "NS suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 3 |
| log_test $? 0 "NS suppression (VLAN $vid2)" |
| |
| # Disable neighbor suppression on the port and check that it has no |
| # effect compared to previous state. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress off" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress off\"" |
| log_test $? 0 "\"neigh_suppress\" is off" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1" |
| log_test $? 0 "ndisc6 (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2" |
| log_test $? 0 "ndisc6 (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 1 |
| log_test $? 0 "NS suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 4 |
| log_test $? 0 "NS suppression (VLAN $vid2)" |
| |
| # Disable neighbor suppression on VLAN 10 and check that NS messages |
| # are no longer suppressed on this VLAN. |
| run_cmd "bridge -n $sw1 vlan set vid $vid1 dev vx0 neigh_suppress off" |
| run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid1 | grep \"neigh_suppress off\"" |
| log_test $? 0 "\"neigh_suppress\" is off (VLAN $vid1)" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1" |
| log_test $? 0 "ndisc6 (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2" |
| log_test $? 0 "ndisc6 (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 2 |
| log_test $? 0 "NS suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 5 |
| log_test $? 0 "NS suppression (VLAN $vid2)" |
| |
| # Disable per-{Port, VLAN} neighbor suppression, enable neighbor |
| # suppression on the port and check that on both VLANs NS messages are |
| # suppressed. |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_vlan_suppress off" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_vlan_suppress off\"" |
| log_test $? 0 "\"neigh_vlan_suppress\" is off" |
| |
| run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on" |
| run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\"" |
| log_test $? 0 "\"neigh_suppress\" is on" |
| |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1" |
| log_test $? 0 "ndisc6 (VLAN $vid1)" |
| run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2" |
| log_test $? 0 "ndisc6 (VLAN $vid2)" |
| |
| tc_check_packets $sw1 "dev vx0 egress" 101 2 |
| log_test $? 0 "NS suppression (VLAN $vid1)" |
| tc_check_packets $sw1 "dev vx0 egress" 102 5 |
| log_test $? 0 "NS suppression (VLAN $vid2)" |
| } |
| |
| ################################################################################ |
| # Usage |
| |
| usage() |
| { |
| cat <<EOF |
| usage: ${0##*/} OPTS |
| |
| -t <test> Test(s) to run (default: all) |
| (options: $TESTS) |
| -p Pause on fail |
| -P Pause after each test before cleanup |
| -v Verbose mode (show commands and output) |
| EOF |
| } |
| |
| ################################################################################ |
| # Main |
| |
| trap cleanup EXIT |
| |
| while getopts ":t:pPvh" opt; do |
| case $opt in |
| t) TESTS=$OPTARG;; |
| p) PAUSE_ON_FAIL=yes;; |
| P) PAUSE=yes;; |
| v) VERBOSE=$(($VERBOSE + 1));; |
| h) usage; exit 0;; |
| *) usage; exit 1;; |
| esac |
| done |
| |
| # Make sure we don't pause twice. |
| [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no |
| |
| if [ "$(id -u)" -ne 0 ];then |
| echo "SKIP: Need root privileges" |
| exit $ksft_skip; |
| fi |
| |
| if [ ! -x "$(command -v ip)" ]; then |
| echo "SKIP: Could not run test without ip tool" |
| exit $ksft_skip |
| fi |
| |
| if [ ! -x "$(command -v bridge)" ]; then |
| echo "SKIP: Could not run test without bridge tool" |
| exit $ksft_skip |
| fi |
| |
| if [ ! -x "$(command -v tc)" ]; then |
| echo "SKIP: Could not run test without tc tool" |
| exit $ksft_skip |
| fi |
| |
| if [ ! -x "$(command -v arping)" ]; then |
| echo "SKIP: Could not run test without arping tool" |
| exit $ksft_skip |
| fi |
| |
| if [ ! -x "$(command -v ndisc6)" ]; then |
| echo "SKIP: Could not run test without ndisc6 tool" |
| exit $ksft_skip |
| fi |
| |
| if [ ! -x "$(command -v jq)" ]; then |
| echo "SKIP: Could not run test without jq tool" |
| exit $ksft_skip |
| fi |
| |
| bridge link help 2>&1 | grep -q "neigh_vlan_suppress" |
| if [ $? -ne 0 ]; then |
| echo "SKIP: iproute2 bridge too old, missing per-VLAN neighbor suppression support" |
| exit $ksft_skip |
| fi |
| |
| # Start clean. |
| cleanup |
| |
| for t in $TESTS |
| do |
| setup; $t; cleanup; |
| done |
| |
| if [ "$TESTS" != "none" ]; then |
| printf "\nTests passed: %3d\n" ${nsuccess} |
| printf "Tests failed: %3d\n" ${nfail} |
| fi |
| |
| exit $ret |