1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# In Namespace 0 (at_ns0) using native tunnel 4# Overlay IP: 10.1.1.100 5# local 192.16.1.100 remote 192.16.1.200 6# veth0 IP: 172.16.1.100, tunnel dev <type>00 7 8# Out of Namespace using BPF set/get on lwtunnel 9# Overlay IP: 10.1.1.200 10# local 172.16.1.200 remote 172.16.1.100 11# veth1 IP: 172.16.1.200, tunnel dev <type>11 12 13function config_device { 14 ip netns add at_ns0 15 ip link add veth0 type veth peer name veth1 16 ip link set veth0 netns at_ns0 17 ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0 18 ip netns exec at_ns0 ip link set dev veth0 up 19 ip link set dev veth1 up mtu 1500 20 ip addr add dev veth1 172.16.1.200/24 21} 22 23function add_gre_tunnel { 24 # in namespace 25 ip netns exec at_ns0 \ 26 ip link add dev $DEV_NS type $TYPE key 2 local 172.16.1.100 remote 172.16.1.200 27 ip netns exec at_ns0 ip link set dev $DEV_NS up 28 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 29 30 # out of namespace 31 ip link add dev $DEV type $TYPE key 2 external 32 ip link set dev $DEV up 33 ip addr add dev $DEV 10.1.1.200/24 34} 35 36function add_erspan_tunnel { 37 # in namespace 38 ip netns exec at_ns0 \ 39 ip link add dev $DEV_NS type $TYPE seq key 2 local 172.16.1.100 remote 172.16.1.200 erspan 123 40 ip netns exec at_ns0 ip link set dev $DEV_NS up 41 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 42 43 # out of namespace 44 ip link add dev $DEV type $TYPE external 45 ip link set dev $DEV up 46 ip addr add dev $DEV 10.1.1.200/24 47} 48 49function add_vxlan_tunnel { 50 # Set static ARP entry here because iptables set-mark works 51 # on L3 packet, as a result not applying to ARP packets, 52 # causing errors at get_tunnel_{key/opt}. 53 54 # in namespace 55 ip netns exec at_ns0 \ 56 ip link add dev $DEV_NS type $TYPE id 2 dstport 4789 gbp remote 172.16.1.200 57 ip netns exec at_ns0 ip link set dev $DEV_NS address 52:54:00:d9:01:00 up 58 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 59 ip netns exec at_ns0 arp -s 10.1.1.200 52:54:00:d9:02:00 60 ip netns exec at_ns0 iptables -A OUTPUT -j MARK --set-mark 0x800FF 61 62 # out of namespace 63 ip link add dev $DEV type $TYPE external gbp dstport 4789 64 ip link set dev $DEV address 52:54:00:d9:02:00 up 65 ip addr add dev $DEV 10.1.1.200/24 66 arp -s 10.1.1.100 52:54:00:d9:01:00 67} 68 69function add_geneve_tunnel { 70 # in namespace 71 ip netns exec at_ns0 \ 72 ip link add dev $DEV_NS type $TYPE id 2 dstport 6081 remote 172.16.1.200 73 ip netns exec at_ns0 ip link set dev $DEV_NS up 74 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 75 76 # out of namespace 77 ip link add dev $DEV type $TYPE dstport 6081 external 78 ip link set dev $DEV up 79 ip addr add dev $DEV 10.1.1.200/24 80} 81 82function add_ipip_tunnel { 83 # in namespace 84 ip netns exec at_ns0 \ 85 ip link add dev $DEV_NS type $TYPE local 172.16.1.100 remote 172.16.1.200 86 ip netns exec at_ns0 ip link set dev $DEV_NS up 87 ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 88 89 # out of namespace 90 ip link add dev $DEV type $TYPE external 91 ip link set dev $DEV up 92 ip addr add dev $DEV 10.1.1.200/24 93} 94 95function attach_bpf { 96 DEV=$1 97 SET_TUNNEL=$2 98 GET_TUNNEL=$3 99 tc qdisc add dev $DEV clsact 100 tc filter add dev $DEV egress bpf da obj tcbpf2_kern.o sec $SET_TUNNEL 101 tc filter add dev $DEV ingress bpf da obj tcbpf2_kern.o sec $GET_TUNNEL 102} 103 104function test_gre { 105 TYPE=gretap 106 DEV_NS=gretap00 107 DEV=gretap11 108 config_device 109 add_gre_tunnel 110 attach_bpf $DEV gre_set_tunnel gre_get_tunnel 111 ping -c 1 10.1.1.100 112 ip netns exec at_ns0 ping -c 1 10.1.1.200 113 cleanup 114} 115 116function test_erspan { 117 TYPE=erspan 118 DEV_NS=erspan00 119 DEV=erspan11 120 config_device 121 add_erspan_tunnel 122 attach_bpf $DEV erspan_set_tunnel erspan_get_tunnel 123 ping -c 1 10.1.1.100 124 ip netns exec at_ns0 ping -c 1 10.1.1.200 125 cleanup 126} 127 128function test_vxlan { 129 TYPE=vxlan 130 DEV_NS=vxlan00 131 DEV=vxlan11 132 config_device 133 add_vxlan_tunnel 134 attach_bpf $DEV vxlan_set_tunnel vxlan_get_tunnel 135 ping -c 1 10.1.1.100 136 ip netns exec at_ns0 ping -c 1 10.1.1.200 137 cleanup 138} 139 140function test_geneve { 141 TYPE=geneve 142 DEV_NS=geneve00 143 DEV=geneve11 144 config_device 145 add_geneve_tunnel 146 attach_bpf $DEV geneve_set_tunnel geneve_get_tunnel 147 ping -c 1 10.1.1.100 148 ip netns exec at_ns0 ping -c 1 10.1.1.200 149 cleanup 150} 151 152function test_ipip { 153 TYPE=ipip 154 DEV_NS=ipip00 155 DEV=ipip11 156 config_device 157 tcpdump -nei veth1 & 158 cat /sys/kernel/debug/tracing/trace_pipe & 159 add_ipip_tunnel 160 ethtool -K veth1 gso off gro off rx off tx off 161 ip link set dev veth1 mtu 1500 162 attach_bpf $DEV ipip_set_tunnel ipip_get_tunnel 163 ping -c 1 10.1.1.100 164 ip netns exec at_ns0 ping -c 1 10.1.1.200 165 ip netns exec at_ns0 iperf -sD -p 5200 > /dev/null 166 sleep 0.2 167 iperf -c 10.1.1.100 -n 5k -p 5200 168 cleanup 169} 170 171function cleanup { 172 set +ex 173 pkill iperf 174 ip netns delete at_ns0 175 ip link del veth1 176 ip link del ipip11 177 ip link del gretap11 178 ip link del vxlan11 179 ip link del geneve11 180 ip link del erspan11 181 pkill tcpdump 182 pkill cat 183 set -ex 184} 185 186trap cleanup 0 2 3 6 9 187cleanup 188echo "Testing GRE tunnel..." 189test_gre 190echo "Testing ERSPAN tunnel..." 191test_erspan 192echo "Testing VXLAN tunnel..." 193test_vxlan 194echo "Testing GENEVE tunnel..." 195test_geneve 196echo "Testing IPIP tunnel..." 197test_ipip 198echo "*** PASS ***" 199