blob: b8805983b728d8202c6fe03eb0cf6a982082d9e3 [file] [log] [blame]
Vladimir Nikishkin305c0412023-05-12 11:40:34 +08001#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4# This test is for checking the [no]localbypass VXLAN device option. The test
5# configures two VXLAN devices in the same network namespace and a tc filter on
6# the loopback device that drops encapsulated packets. The test sends packets
7# from the first VXLAN device and verifies that by default these packets are
8# received by the second VXLAN device. The test then enables the nolocalbypass
9# option and verifies that packets are no longer received by the second VXLAN
10# device.
11
Hangbin Liud79e9072023-12-06 15:07:56 +080012source lib.sh
Vladimir Nikishkin305c0412023-05-12 11:40:34 +080013ret=0
Vladimir Nikishkin305c0412023-05-12 11:40:34 +080014
15TESTS="
16 nolocalbypass
17"
18VERBOSE=0
19PAUSE_ON_FAIL=no
20PAUSE=no
21
22################################################################################
23# Utilities
24
25log_test()
26{
27 local rc=$1
28 local expected=$2
29 local msg="$3"
30
31 if [ ${rc} -eq ${expected} ]; then
32 printf "TEST: %-60s [ OK ]\n" "${msg}"
33 nsuccess=$((nsuccess+1))
34 else
35 ret=1
36 nfail=$((nfail+1))
37 printf "TEST: %-60s [FAIL]\n" "${msg}"
38 if [ "$VERBOSE" = "1" ]; then
39 echo " rc=$rc, expected $expected"
40 fi
41
42 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
43 echo
44 echo "hit enter to continue, 'q' to quit"
45 read a
46 [ "$a" = "q" ] && exit 1
47 fi
48 fi
49
50 if [ "${PAUSE}" = "yes" ]; then
51 echo
52 echo "hit enter to continue, 'q' to quit"
53 read a
54 [ "$a" = "q" ] && exit 1
55 fi
56
57 [ "$VERBOSE" = "1" ] && echo
58}
59
60run_cmd()
61{
62 local cmd="$1"
63 local out
64 local stderr="2>/dev/null"
65
66 if [ "$VERBOSE" = "1" ]; then
67 printf "COMMAND: $cmd\n"
68 stderr=
69 fi
70
71 out=$(eval $cmd $stderr)
72 rc=$?
73 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
74 echo " $out"
75 fi
76
77 return $rc
78}
79
80tc_check_packets()
81{
82 local ns=$1; shift
83 local id=$1; shift
84 local handle=$1; shift
85 local count=$1; shift
86 local pkts
87
88 sleep 0.1
89 pkts=$(tc -n $ns -j -s filter show $id \
90 | jq ".[] | select(.options.handle == $handle) | \
91 .options.actions[0].stats.packets")
92 [[ $pkts == $count ]]
93}
94
95################################################################################
96# Setup
97
98setup()
99{
Hangbin Liud79e9072023-12-06 15:07:56 +0800100 setup_ns ns1
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800101
Hangbin Liud79e9072023-12-06 15:07:56 +0800102 ip -n $ns1 address add 192.0.2.1/32 dev lo
103 ip -n $ns1 address add 198.51.100.1/32 dev lo
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800104
Hangbin Liud79e9072023-12-06 15:07:56 +0800105 ip -n $ns1 link add name vx0 up type vxlan id 100 local 198.51.100.1 \
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800106 dstport 4789 nolearning
Hangbin Liud79e9072023-12-06 15:07:56 +0800107 ip -n $ns1 link add name vx1 up type vxlan id 100 dstport 4790
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800108}
109
110cleanup()
111{
Hangbin Liud79e9072023-12-06 15:07:56 +0800112 cleanup_ns $ns1
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800113}
114
115################################################################################
116# Tests
117
118nolocalbypass()
119{
120 local smac=00:01:02:03:04:05
121 local dmac=00:0a:0b:0c:0d:0e
122
Hangbin Liud79e9072023-12-06 15:07:56 +0800123 run_cmd "bridge -n $ns1 fdb add $dmac dev vx0 self static dst 192.0.2.1 port 4790"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800124
Hangbin Liud79e9072023-12-06 15:07:56 +0800125 run_cmd "tc -n $ns1 qdisc add dev vx1 clsact"
126 run_cmd "tc -n $ns1 filter add dev vx1 ingress pref 1 handle 101 proto all flower src_mac $smac dst_mac $dmac action pass"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800127
Hangbin Liud79e9072023-12-06 15:07:56 +0800128 run_cmd "tc -n $ns1 qdisc add dev lo clsact"
129 run_cmd "tc -n $ns1 filter add dev lo ingress pref 1 handle 101 proto ip flower ip_proto udp dst_port 4790 action drop"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800130
Hangbin Liud79e9072023-12-06 15:07:56 +0800131 run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800132 log_test $? 0 "localbypass enabled"
133
Hangbin Liud79e9072023-12-06 15:07:56 +0800134 run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800135
Hangbin Liud79e9072023-12-06 15:07:56 +0800136 tc_check_packets "$ns1" "dev vx1 ingress" 101 1
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800137 log_test $? 0 "Packet received by local VXLAN device - localbypass"
138
Hangbin Liud79e9072023-12-06 15:07:56 +0800139 run_cmd "ip -n $ns1 link set dev vx0 type vxlan nolocalbypass"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800140
Hangbin Liud79e9072023-12-06 15:07:56 +0800141 run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == false'"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800142 log_test $? 0 "localbypass disabled"
143
Hangbin Liud79e9072023-12-06 15:07:56 +0800144 run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800145
Hangbin Liud79e9072023-12-06 15:07:56 +0800146 tc_check_packets "$ns1" "dev vx1 ingress" 101 1
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800147 log_test $? 0 "Packet not received by local VXLAN device - nolocalbypass"
148
Hangbin Liud79e9072023-12-06 15:07:56 +0800149 run_cmd "ip -n $ns1 link set dev vx0 type vxlan localbypass"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800150
Hangbin Liud79e9072023-12-06 15:07:56 +0800151 run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800152 log_test $? 0 "localbypass enabled"
153
Hangbin Liud79e9072023-12-06 15:07:56 +0800154 run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800155
Hangbin Liud79e9072023-12-06 15:07:56 +0800156 tc_check_packets "$ns1" "dev vx1 ingress" 101 2
Vladimir Nikishkin305c0412023-05-12 11:40:34 +0800157 log_test $? 0 "Packet received by local VXLAN device - localbypass"
158}
159
160################################################################################
161# Usage
162
163usage()
164{
165 cat <<EOF
166usage: ${0##*/} OPTS
167
168 -t <test> Test(s) to run (default: all)
169 (options: $TESTS)
170 -p Pause on fail
171 -P Pause after each test before cleanup
172 -v Verbose mode (show commands and output)
173EOF
174}
175
176################################################################################
177# Main
178
179trap cleanup EXIT
180
181while getopts ":t:pPvh" opt; do
182 case $opt in
183 t) TESTS=$OPTARG ;;
184 p) PAUSE_ON_FAIL=yes;;
185 P) PAUSE=yes;;
186 v) VERBOSE=$(($VERBOSE + 1));;
187 h) usage; exit 0;;
188 *) usage; exit 1;;
189 esac
190done
191
192# Make sure we don't pause twice.
193[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
194
195if [ "$(id -u)" -ne 0 ];then
196 echo "SKIP: Need root privileges"
197 exit $ksft_skip;
198fi
199
200if [ ! -x "$(command -v ip)" ]; then
201 echo "SKIP: Could not run test without ip tool"
202 exit $ksft_skip
203fi
204
205if [ ! -x "$(command -v bridge)" ]; then
206 echo "SKIP: Could not run test without bridge tool"
207 exit $ksft_skip
208fi
209
210if [ ! -x "$(command -v mausezahn)" ]; then
211 echo "SKIP: Could not run test without mausezahn tool"
212 exit $ksft_skip
213fi
214
215if [ ! -x "$(command -v jq)" ]; then
216 echo "SKIP: Could not run test without jq tool"
217 exit $ksft_skip
218fi
219
220ip link help vxlan 2>&1 | grep -q "localbypass"
221if [ $? -ne 0 ]; then
222 echo "SKIP: iproute2 ip too old, missing VXLAN nolocalbypass support"
223 exit $ksft_skip
224fi
225
226cleanup
227
228for t in $TESTS
229do
230 setup; $t; cleanup;
231done
232
233if [ "$TESTS" != "none" ]; then
234 printf "\nTests passed: %3d\n" ${nsuccess}
235 printf "Tests failed: %3d\n" ${nfail}
236fi
237
238exit $ret