Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | # SPDX-License-Identifier: GPL-2.0 |
| 3 | |
| 4 | # This test is for checking the [no]localbypass VXLAN device option. The test |
| 5 | # configures two VXLAN devices in the same network namespace and a tc filter on |
| 6 | # the loopback device that drops encapsulated packets. The test sends packets |
| 7 | # from the first VXLAN device and verifies that by default these packets are |
| 8 | # received by the second VXLAN device. The test then enables the nolocalbypass |
| 9 | # option and verifies that packets are no longer received by the second VXLAN |
| 10 | # device. |
| 11 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 12 | source lib.sh |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 13 | ret=0 |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 14 | |
| 15 | TESTS=" |
| 16 | nolocalbypass |
| 17 | " |
| 18 | VERBOSE=0 |
| 19 | PAUSE_ON_FAIL=no |
| 20 | PAUSE=no |
| 21 | |
| 22 | ################################################################################ |
| 23 | # Utilities |
| 24 | |
| 25 | log_test() |
| 26 | { |
| 27 | local rc=$1 |
| 28 | local expected=$2 |
| 29 | local msg="$3" |
| 30 | |
| 31 | if [ ${rc} -eq ${expected} ]; then |
| 32 | printf "TEST: %-60s [ OK ]\n" "${msg}" |
| 33 | nsuccess=$((nsuccess+1)) |
| 34 | else |
| 35 | ret=1 |
| 36 | nfail=$((nfail+1)) |
| 37 | printf "TEST: %-60s [FAIL]\n" "${msg}" |
| 38 | if [ "$VERBOSE" = "1" ]; then |
| 39 | echo " rc=$rc, expected $expected" |
| 40 | fi |
| 41 | |
| 42 | if [ "${PAUSE_ON_FAIL}" = "yes" ]; then |
| 43 | echo |
| 44 | echo "hit enter to continue, 'q' to quit" |
| 45 | read a |
| 46 | [ "$a" = "q" ] && exit 1 |
| 47 | fi |
| 48 | fi |
| 49 | |
| 50 | if [ "${PAUSE}" = "yes" ]; then |
| 51 | echo |
| 52 | echo "hit enter to continue, 'q' to quit" |
| 53 | read a |
| 54 | [ "$a" = "q" ] && exit 1 |
| 55 | fi |
| 56 | |
| 57 | [ "$VERBOSE" = "1" ] && echo |
| 58 | } |
| 59 | |
| 60 | run_cmd() |
| 61 | { |
| 62 | local cmd="$1" |
| 63 | local out |
| 64 | local stderr="2>/dev/null" |
| 65 | |
| 66 | if [ "$VERBOSE" = "1" ]; then |
| 67 | printf "COMMAND: $cmd\n" |
| 68 | stderr= |
| 69 | fi |
| 70 | |
| 71 | out=$(eval $cmd $stderr) |
| 72 | rc=$? |
| 73 | if [ "$VERBOSE" = "1" -a -n "$out" ]; then |
| 74 | echo " $out" |
| 75 | fi |
| 76 | |
| 77 | return $rc |
| 78 | } |
| 79 | |
| 80 | tc_check_packets() |
| 81 | { |
| 82 | local ns=$1; shift |
| 83 | local id=$1; shift |
| 84 | local handle=$1; shift |
| 85 | local count=$1; shift |
| 86 | local pkts |
| 87 | |
| 88 | sleep 0.1 |
| 89 | pkts=$(tc -n $ns -j -s filter show $id \ |
| 90 | | jq ".[] | select(.options.handle == $handle) | \ |
| 91 | .options.actions[0].stats.packets") |
| 92 | [[ $pkts == $count ]] |
| 93 | } |
| 94 | |
| 95 | ################################################################################ |
| 96 | # Setup |
| 97 | |
| 98 | setup() |
| 99 | { |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 100 | setup_ns ns1 |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 101 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 102 | ip -n $ns1 address add 192.0.2.1/32 dev lo |
| 103 | ip -n $ns1 address add 198.51.100.1/32 dev lo |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 104 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 105 | ip -n $ns1 link add name vx0 up type vxlan id 100 local 198.51.100.1 \ |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 106 | dstport 4789 nolearning |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 107 | ip -n $ns1 link add name vx1 up type vxlan id 100 dstport 4790 |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 108 | } |
| 109 | |
| 110 | cleanup() |
| 111 | { |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 112 | cleanup_ns $ns1 |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 113 | } |
| 114 | |
| 115 | ################################################################################ |
| 116 | # Tests |
| 117 | |
| 118 | nolocalbypass() |
| 119 | { |
| 120 | local smac=00:01:02:03:04:05 |
| 121 | local dmac=00:0a:0b:0c:0d:0e |
| 122 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 123 | run_cmd "bridge -n $ns1 fdb add $dmac dev vx0 self static dst 192.0.2.1 port 4790" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 124 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 125 | run_cmd "tc -n $ns1 qdisc add dev vx1 clsact" |
| 126 | run_cmd "tc -n $ns1 filter add dev vx1 ingress pref 1 handle 101 proto all flower src_mac $smac dst_mac $dmac action pass" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 127 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 128 | run_cmd "tc -n $ns1 qdisc add dev lo clsact" |
| 129 | run_cmd "tc -n $ns1 filter add dev lo ingress pref 1 handle 101 proto ip flower ip_proto udp dst_port 4790 action drop" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 130 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 131 | run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 132 | log_test $? 0 "localbypass enabled" |
| 133 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 134 | run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 135 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 136 | tc_check_packets "$ns1" "dev vx1 ingress" 101 1 |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 137 | log_test $? 0 "Packet received by local VXLAN device - localbypass" |
| 138 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 139 | run_cmd "ip -n $ns1 link set dev vx0 type vxlan nolocalbypass" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 140 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 141 | run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == false'" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 142 | log_test $? 0 "localbypass disabled" |
| 143 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 144 | run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 145 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 146 | tc_check_packets "$ns1" "dev vx1 ingress" 101 1 |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 147 | log_test $? 0 "Packet not received by local VXLAN device - nolocalbypass" |
| 148 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 149 | run_cmd "ip -n $ns1 link set dev vx0 type vxlan localbypass" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 150 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 151 | run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 152 | log_test $? 0 "localbypass enabled" |
| 153 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 154 | run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q" |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 155 | |
Hangbin Liu | d79e907 | 2023-12-06 15:07:56 +0800 | [diff] [blame] | 156 | tc_check_packets "$ns1" "dev vx1 ingress" 101 2 |
Vladimir Nikishkin | 305c041 | 2023-05-12 11:40:34 +0800 | [diff] [blame] | 157 | log_test $? 0 "Packet received by local VXLAN device - localbypass" |
| 158 | } |
| 159 | |
| 160 | ################################################################################ |
| 161 | # Usage |
| 162 | |
| 163 | usage() |
| 164 | { |
| 165 | cat <<EOF |
| 166 | usage: ${0##*/} OPTS |
| 167 | |
| 168 | -t <test> Test(s) to run (default: all) |
| 169 | (options: $TESTS) |
| 170 | -p Pause on fail |
| 171 | -P Pause after each test before cleanup |
| 172 | -v Verbose mode (show commands and output) |
| 173 | EOF |
| 174 | } |
| 175 | |
| 176 | ################################################################################ |
| 177 | # Main |
| 178 | |
| 179 | trap cleanup EXIT |
| 180 | |
| 181 | while getopts ":t:pPvh" opt; do |
| 182 | case $opt in |
| 183 | t) TESTS=$OPTARG ;; |
| 184 | p) PAUSE_ON_FAIL=yes;; |
| 185 | P) PAUSE=yes;; |
| 186 | v) VERBOSE=$(($VERBOSE + 1));; |
| 187 | h) usage; exit 0;; |
| 188 | *) usage; exit 1;; |
| 189 | esac |
| 190 | done |
| 191 | |
| 192 | # Make sure we don't pause twice. |
| 193 | [ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no |
| 194 | |
| 195 | if [ "$(id -u)" -ne 0 ];then |
| 196 | echo "SKIP: Need root privileges" |
| 197 | exit $ksft_skip; |
| 198 | fi |
| 199 | |
| 200 | if [ ! -x "$(command -v ip)" ]; then |
| 201 | echo "SKIP: Could not run test without ip tool" |
| 202 | exit $ksft_skip |
| 203 | fi |
| 204 | |
| 205 | if [ ! -x "$(command -v bridge)" ]; then |
| 206 | echo "SKIP: Could not run test without bridge tool" |
| 207 | exit $ksft_skip |
| 208 | fi |
| 209 | |
| 210 | if [ ! -x "$(command -v mausezahn)" ]; then |
| 211 | echo "SKIP: Could not run test without mausezahn tool" |
| 212 | exit $ksft_skip |
| 213 | fi |
| 214 | |
| 215 | if [ ! -x "$(command -v jq)" ]; then |
| 216 | echo "SKIP: Could not run test without jq tool" |
| 217 | exit $ksft_skip |
| 218 | fi |
| 219 | |
| 220 | ip link help vxlan 2>&1 | grep -q "localbypass" |
| 221 | if [ $? -ne 0 ]; then |
| 222 | echo "SKIP: iproute2 ip too old, missing VXLAN nolocalbypass support" |
| 223 | exit $ksft_skip |
| 224 | fi |
| 225 | |
| 226 | cleanup |
| 227 | |
| 228 | for t in $TESTS |
| 229 | do |
| 230 | setup; $t; cleanup; |
| 231 | done |
| 232 | |
| 233 | if [ "$TESTS" != "none" ]; then |
| 234 | printf "\nTests passed: %3d\n" ${nsuccess} |
| 235 | printf "Tests failed: %3d\n" ${nfail} |
| 236 | fi |
| 237 | |
| 238 | exit $ret |