1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4############################################################################## 5# Defines 6 7# Can be overridden by the configuration file. 8PING=${PING:=ping} 9PING6=${PING6:=ping6} 10MZ=${MZ:=mausezahn} 11ARPING=${ARPING:=arping} 12TEAMD=${TEAMD:=teamd} 13WAIT_TIME=${WAIT_TIME:=5} 14PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no} 15PAUSE_ON_CLEANUP=${PAUSE_ON_CLEANUP:=no} 16NETIF_TYPE=${NETIF_TYPE:=veth} 17NETIF_CREATE=${NETIF_CREATE:=yes} 18MCD=${MCD:=smcrouted} 19MC_CLI=${MC_CLI:=smcroutectl} 20PING_TIMEOUT=${PING_TIMEOUT:=5} 21 22relative_path="${BASH_SOURCE%/*}" 23if [[ "$relative_path" == "${BASH_SOURCE}" ]]; then 24 relative_path="." 25fi 26 27if [[ -f $relative_path/forwarding.config ]]; then 28 source "$relative_path/forwarding.config" 29fi 30 31############################################################################## 32# Sanity checks 33 34check_tc_version() 35{ 36 tc -j &> /dev/null 37 if [[ $? -ne 0 ]]; then 38 echo "SKIP: iproute2 too old; tc is missing JSON support" 39 exit 1 40 fi 41} 42 43check_tc_shblock_support() 44{ 45 tc filter help 2>&1 | grep block &> /dev/null 46 if [[ $? -ne 0 ]]; then 47 echo "SKIP: iproute2 too old; tc is missing shared block support" 48 exit 1 49 fi 50} 51 52check_tc_chain_support() 53{ 54 tc help 2>&1|grep chain &> /dev/null 55 if [[ $? -ne 0 ]]; then 56 echo "SKIP: iproute2 too old; tc is missing chain support" 57 exit 1 58 fi 59} 60 61if [[ "$(id -u)" -ne 0 ]]; then 62 echo "SKIP: need root privileges" 63 exit 0 64fi 65 66if [[ "$CHECK_TC" = "yes" ]]; then 67 check_tc_version 68fi 69 70require_command() 71{ 72 local cmd=$1; shift 73 74 if [[ ! -x "$(command -v "$cmd")" ]]; then 75 echo "SKIP: $cmd not installed" 76 exit 1 77 fi 78} 79 80require_command jq 81require_command $MZ 82 83if [[ ! -v NUM_NETIFS ]]; then 84 echo "SKIP: importer does not define \"NUM_NETIFS\"" 85 exit 1 86fi 87 88############################################################################## 89# Command line options handling 90 91count=0 92 93while [[ $# -gt 0 ]]; do 94 if [[ "$count" -eq "0" ]]; then 95 unset NETIFS 96 declare -A NETIFS 97 fi 98 count=$((count + 1)) 99 NETIFS[p$count]="$1" 100 shift 101done 102 103############################################################################## 104# Network interfaces configuration 105 106create_netif_veth() 107{ 108 local i 109 110 for ((i = 1; i <= NUM_NETIFS; ++i)); do 111 local j=$((i+1)) 112 113 ip link show dev ${NETIFS[p$i]} &> /dev/null 114 if [[ $? -ne 0 ]]; then 115 ip link add ${NETIFS[p$i]} type veth \ 116 peer name ${NETIFS[p$j]} 117 if [[ $? -ne 0 ]]; then 118 echo "Failed to create netif" 119 exit 1 120 fi 121 fi 122 i=$j 123 done 124} 125 126create_netif() 127{ 128 case "$NETIF_TYPE" in 129 veth) create_netif_veth 130 ;; 131 *) echo "Can not create interfaces of type \'$NETIF_TYPE\'" 132 exit 1 133 ;; 134 esac 135} 136 137if [[ "$NETIF_CREATE" = "yes" ]]; then 138 create_netif 139fi 140 141for ((i = 1; i <= NUM_NETIFS; ++i)); do 142 ip link show dev ${NETIFS[p$i]} &> /dev/null 143 if [[ $? -ne 0 ]]; then 144 echo "SKIP: could not find all required interfaces" 145 exit 1 146 fi 147done 148 149############################################################################## 150# Helpers 151 152# Exit status to return at the end. Set in case one of the tests fails. 153EXIT_STATUS=0 154# Per-test return value. Clear at the beginning of each test. 155RET=0 156 157check_err() 158{ 159 local err=$1 160 local msg=$2 161 162 if [[ $RET -eq 0 && $err -ne 0 ]]; then 163 RET=$err 164 retmsg=$msg 165 fi 166} 167 168check_fail() 169{ 170 local err=$1 171 local msg=$2 172 173 if [[ $RET -eq 0 && $err -eq 0 ]]; then 174 RET=1 175 retmsg=$msg 176 fi 177} 178 179check_err_fail() 180{ 181 local should_fail=$1; shift 182 local err=$1; shift 183 local what=$1; shift 184 185 if ((should_fail)); then 186 check_fail $err "$what succeeded, but should have failed" 187 else 188 check_err $err "$what failed" 189 fi 190} 191 192log_test() 193{ 194 local test_name=$1 195 local opt_str=$2 196 197 if [[ $# -eq 2 ]]; then 198 opt_str="($opt_str)" 199 fi 200 201 if [[ $RET -ne 0 ]]; then 202 EXIT_STATUS=1 203 printf "TEST: %-60s [FAIL]\n" "$test_name $opt_str" 204 if [[ ! -z "$retmsg" ]]; then 205 printf "\t%s\n" "$retmsg" 206 fi 207 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 208 echo "Hit enter to continue, 'q' to quit" 209 read a 210 [ "$a" = "q" ] && exit 1 211 fi 212 return 1 213 fi 214 215 printf "TEST: %-60s [ OK ]\n" "$test_name $opt_str" 216 return 0 217} 218 219log_info() 220{ 221 local msg=$1 222 223 echo "INFO: $msg" 224} 225 226setup_wait_dev() 227{ 228 local dev=$1; shift 229 230 while true; do 231 ip link show dev $dev up \ 232 | grep 'state UP' &> /dev/null 233 if [[ $? -ne 0 ]]; then 234 sleep 1 235 else 236 break 237 fi 238 done 239} 240 241setup_wait() 242{ 243 local num_netifs=${1:-$NUM_NETIFS} 244 245 for ((i = 1; i <= num_netifs; ++i)); do 246 setup_wait_dev ${NETIFS[p$i]} 247 done 248 249 # Make sure links are ready. 250 sleep $WAIT_TIME 251} 252 253cmd_jq() 254{ 255 local cmd=$1 256 local jq_exp=$2 257 local ret 258 local output 259 260 output="$($cmd)" 261 # it the command fails, return error right away 262 ret=$? 263 if [[ $ret -ne 0 ]]; then 264 return $ret 265 fi 266 output=$(echo $output | jq -r "$jq_exp") 267 echo $output 268 # return success only in case of non-empty output 269 [ ! -z "$output" ] 270} 271 272lldpad_app_wait_set() 273{ 274 local dev=$1; shift 275 276 while lldptool -t -i $dev -V APP -c app | grep -Eq "pending|unknown"; do 277 echo "$dev: waiting for lldpad to push pending APP updates" 278 sleep 5 279 done 280} 281 282lldpad_app_wait_del() 283{ 284 # Give lldpad a chance to push down the changes. If the device is downed 285 # too soon, the updates will be left pending. However, they will have 286 # been struck off the lldpad's DB already, so we won't be able to tell 287 # they are pending. Then on next test iteration this would cause 288 # weirdness as newly-added APP rules conflict with the old ones, 289 # sometimes getting stuck in an "unknown" state. 290 sleep 5 291} 292 293pre_cleanup() 294{ 295 if [ "${PAUSE_ON_CLEANUP}" = "yes" ]; then 296 echo "Pausing before cleanup, hit any key to continue" 297 read 298 fi 299} 300 301vrf_prepare() 302{ 303 ip -4 rule add pref 32765 table local 304 ip -4 rule del pref 0 305 ip -6 rule add pref 32765 table local 306 ip -6 rule del pref 0 307} 308 309vrf_cleanup() 310{ 311 ip -6 rule add pref 0 table local 312 ip -6 rule del pref 32765 313 ip -4 rule add pref 0 table local 314 ip -4 rule del pref 32765 315} 316 317__last_tb_id=0 318declare -A __TB_IDS 319 320__vrf_td_id_assign() 321{ 322 local vrf_name=$1 323 324 __last_tb_id=$((__last_tb_id + 1)) 325 __TB_IDS[$vrf_name]=$__last_tb_id 326 return $__last_tb_id 327} 328 329__vrf_td_id_lookup() 330{ 331 local vrf_name=$1 332 333 return ${__TB_IDS[$vrf_name]} 334} 335 336vrf_create() 337{ 338 local vrf_name=$1 339 local tb_id 340 341 __vrf_td_id_assign $vrf_name 342 tb_id=$? 343 344 ip link add dev $vrf_name type vrf table $tb_id 345 ip -4 route add table $tb_id unreachable default metric 4278198272 346 ip -6 route add table $tb_id unreachable default metric 4278198272 347} 348 349vrf_destroy() 350{ 351 local vrf_name=$1 352 local tb_id 353 354 __vrf_td_id_lookup $vrf_name 355 tb_id=$? 356 357 ip -6 route del table $tb_id unreachable default metric 4278198272 358 ip -4 route del table $tb_id unreachable default metric 4278198272 359 ip link del dev $vrf_name 360} 361 362__addr_add_del() 363{ 364 local if_name=$1 365 local add_del=$2 366 local array 367 368 shift 369 shift 370 array=("${@}") 371 372 for addrstr in "${array[@]}"; do 373 ip address $add_del $addrstr dev $if_name 374 done 375} 376 377__simple_if_init() 378{ 379 local if_name=$1; shift 380 local vrf_name=$1; shift 381 local addrs=("${@}") 382 383 ip link set dev $if_name master $vrf_name 384 ip link set dev $if_name up 385 386 __addr_add_del $if_name add "${addrs[@]}" 387} 388 389__simple_if_fini() 390{ 391 local if_name=$1; shift 392 local addrs=("${@}") 393 394 __addr_add_del $if_name del "${addrs[@]}" 395 396 ip link set dev $if_name down 397 ip link set dev $if_name nomaster 398} 399 400simple_if_init() 401{ 402 local if_name=$1 403 local vrf_name 404 local array 405 406 shift 407 vrf_name=v$if_name 408 array=("${@}") 409 410 vrf_create $vrf_name 411 ip link set dev $vrf_name up 412 __simple_if_init $if_name $vrf_name "${array[@]}" 413} 414 415simple_if_fini() 416{ 417 local if_name=$1 418 local vrf_name 419 local array 420 421 shift 422 vrf_name=v$if_name 423 array=("${@}") 424 425 __simple_if_fini $if_name "${array[@]}" 426 vrf_destroy $vrf_name 427} 428 429tunnel_create() 430{ 431 local name=$1; shift 432 local type=$1; shift 433 local local=$1; shift 434 local remote=$1; shift 435 436 ip link add name $name type $type \ 437 local $local remote $remote "$@" 438 ip link set dev $name up 439} 440 441tunnel_destroy() 442{ 443 local name=$1; shift 444 445 ip link del dev $name 446} 447 448vlan_create() 449{ 450 local if_name=$1; shift 451 local vid=$1; shift 452 local vrf=$1; shift 453 local ips=("${@}") 454 local name=$if_name.$vid 455 456 ip link add name $name link $if_name type vlan id $vid 457 if [ "$vrf" != "" ]; then 458 ip link set dev $name master $vrf 459 fi 460 ip link set dev $name up 461 __addr_add_del $name add "${ips[@]}" 462} 463 464vlan_destroy() 465{ 466 local if_name=$1; shift 467 local vid=$1; shift 468 local name=$if_name.$vid 469 470 ip link del dev $name 471} 472 473team_create() 474{ 475 local if_name=$1; shift 476 local mode=$1; shift 477 478 require_command $TEAMD 479 $TEAMD -t $if_name -d -c '{"runner": {"name": "'$mode'"}}' 480 for slave in "$@"; do 481 ip link set dev $slave down 482 ip link set dev $slave master $if_name 483 ip link set dev $slave up 484 done 485 ip link set dev $if_name up 486} 487 488team_destroy() 489{ 490 local if_name=$1; shift 491 492 $TEAMD -t $if_name -k 493} 494 495master_name_get() 496{ 497 local if_name=$1 498 499 ip -j link show dev $if_name | jq -r '.[]["master"]' 500} 501 502link_stats_get() 503{ 504 local if_name=$1; shift 505 local dir=$1; shift 506 local stat=$1; shift 507 508 ip -j -s link show dev $if_name \ 509 | jq '.[]["stats64"]["'$dir'"]["'$stat'"]' 510} 511 512link_stats_tx_packets_get() 513{ 514 link_stats_get $1 tx packets 515} 516 517link_stats_rx_errors_get() 518{ 519 link_stats_get $1 rx errors 520} 521 522tc_rule_stats_get() 523{ 524 local dev=$1; shift 525 local pref=$1; shift 526 local dir=$1; shift 527 528 tc -j -s filter show dev $dev ${dir:-ingress} pref $pref \ 529 | jq '.[1].options.actions[].stats.packets' 530} 531 532ethtool_stats_get() 533{ 534 local dev=$1; shift 535 local stat=$1; shift 536 537 ethtool -S $dev | grep "^ *$stat:" | head -n 1 | cut -d: -f2 538} 539 540mac_get() 541{ 542 local if_name=$1 543 544 ip -j link show dev $if_name | jq -r '.[]["address"]' 545} 546 547bridge_ageing_time_get() 548{ 549 local bridge=$1 550 local ageing_time 551 552 # Need to divide by 100 to convert to seconds. 553 ageing_time=$(ip -j -d link show dev $bridge \ 554 | jq '.[]["linkinfo"]["info_data"]["ageing_time"]') 555 echo $((ageing_time / 100)) 556} 557 558declare -A SYSCTL_ORIG 559sysctl_set() 560{ 561 local key=$1; shift 562 local value=$1; shift 563 564 SYSCTL_ORIG[$key]=$(sysctl -n $key) 565 sysctl -qw $key="$value" 566} 567 568sysctl_restore() 569{ 570 local key=$1; shift 571 572 sysctl -qw $key="${SYSCTL_ORIG[$key]}" 573} 574 575forwarding_enable() 576{ 577 sysctl_set net.ipv4.conf.all.forwarding 1 578 sysctl_set net.ipv6.conf.all.forwarding 1 579} 580 581forwarding_restore() 582{ 583 sysctl_restore net.ipv6.conf.all.forwarding 584 sysctl_restore net.ipv4.conf.all.forwarding 585} 586 587declare -A MTU_ORIG 588mtu_set() 589{ 590 local dev=$1; shift 591 local mtu=$1; shift 592 593 MTU_ORIG["$dev"]=$(ip -j link show dev $dev | jq -e '.[].mtu') 594 ip link set dev $dev mtu $mtu 595} 596 597mtu_restore() 598{ 599 local dev=$1; shift 600 601 ip link set dev $dev mtu ${MTU_ORIG["$dev"]} 602} 603 604tc_offload_check() 605{ 606 local num_netifs=${1:-$NUM_NETIFS} 607 608 for ((i = 1; i <= num_netifs; ++i)); do 609 ethtool -k ${NETIFS[p$i]} \ 610 | grep "hw-tc-offload: on" &> /dev/null 611 if [[ $? -ne 0 ]]; then 612 return 1 613 fi 614 done 615 616 return 0 617} 618 619trap_install() 620{ 621 local dev=$1; shift 622 local direction=$1; shift 623 624 # Some devices may not support or need in-hardware trapping of traffic 625 # (e.g. the veth pairs that this library creates for non-existent 626 # loopbacks). Use continue instead, so that there is a filter in there 627 # (some tests check counters), and so that other filters are still 628 # processed. 629 tc filter add dev $dev $direction pref 1 \ 630 flower skip_sw action trap 2>/dev/null \ 631 || tc filter add dev $dev $direction pref 1 \ 632 flower action continue 633} 634 635trap_uninstall() 636{ 637 local dev=$1; shift 638 local direction=$1; shift 639 640 tc filter del dev $dev $direction pref 1 flower 641} 642 643slow_path_trap_install() 644{ 645 # For slow-path testing, we need to install a trap to get to 646 # slow path the packets that would otherwise be switched in HW. 647 if [ "${tcflags/skip_hw}" != "$tcflags" ]; then 648 trap_install "$@" 649 fi 650} 651 652slow_path_trap_uninstall() 653{ 654 if [ "${tcflags/skip_hw}" != "$tcflags" ]; then 655 trap_uninstall "$@" 656 fi 657} 658 659__icmp_capture_add_del() 660{ 661 local add_del=$1; shift 662 local pref=$1; shift 663 local vsuf=$1; shift 664 local tundev=$1; shift 665 local filter=$1; shift 666 667 tc filter $add_del dev "$tundev" ingress \ 668 proto ip$vsuf pref $pref \ 669 flower ip_proto icmp$vsuf $filter \ 670 action pass 671} 672 673icmp_capture_install() 674{ 675 __icmp_capture_add_del add 100 "" "$@" 676} 677 678icmp_capture_uninstall() 679{ 680 __icmp_capture_add_del del 100 "" "$@" 681} 682 683icmp6_capture_install() 684{ 685 __icmp_capture_add_del add 100 v6 "$@" 686} 687 688icmp6_capture_uninstall() 689{ 690 __icmp_capture_add_del del 100 v6 "$@" 691} 692 693__vlan_capture_add_del() 694{ 695 local add_del=$1; shift 696 local pref=$1; shift 697 local dev=$1; shift 698 local filter=$1; shift 699 700 tc filter $add_del dev "$dev" ingress \ 701 proto 802.1q pref $pref \ 702 flower $filter \ 703 action pass 704} 705 706vlan_capture_install() 707{ 708 __vlan_capture_add_del add 100 "$@" 709} 710 711vlan_capture_uninstall() 712{ 713 __vlan_capture_add_del del 100 "$@" 714} 715 716__dscp_capture_add_del() 717{ 718 local add_del=$1; shift 719 local dev=$1; shift 720 local base=$1; shift 721 local dscp; 722 723 for prio in {0..7}; do 724 dscp=$((base + prio)) 725 __icmp_capture_add_del $add_del $((dscp + 100)) "" $dev \ 726 "skip_hw ip_tos $((dscp << 2))" 727 done 728} 729 730dscp_capture_install() 731{ 732 local dev=$1; shift 733 local base=$1; shift 734 735 __dscp_capture_add_del add $dev $base 736} 737 738dscp_capture_uninstall() 739{ 740 local dev=$1; shift 741 local base=$1; shift 742 743 __dscp_capture_add_del del $dev $base 744} 745 746dscp_fetch_stats() 747{ 748 local dev=$1; shift 749 local base=$1; shift 750 751 for prio in {0..7}; do 752 local dscp=$((base + prio)) 753 local t=$(tc_rule_stats_get $dev $((dscp + 100))) 754 echo "[$dscp]=$t " 755 done 756} 757 758matchall_sink_create() 759{ 760 local dev=$1; shift 761 762 tc qdisc add dev $dev clsact 763 tc filter add dev $dev ingress \ 764 pref 10000 \ 765 matchall \ 766 action drop 767} 768 769tests_run() 770{ 771 local current_test 772 773 for current_test in ${TESTS:-$ALL_TESTS}; do 774 $current_test 775 done 776} 777 778multipath_eval() 779{ 780 local desc="$1" 781 local weight_rp12=$2 782 local weight_rp13=$3 783 local packets_rp12=$4 784 local packets_rp13=$5 785 local weights_ratio packets_ratio diff 786 787 RET=0 788 789 if [[ "$weight_rp12" -gt "$weight_rp13" ]]; then 790 weights_ratio=$(echo "scale=2; $weight_rp12 / $weight_rp13" \ 791 | bc -l) 792 else 793 weights_ratio=$(echo "scale=2; $weight_rp13 / $weight_rp12" \ 794 | bc -l) 795 fi 796 797 if [[ "$packets_rp12" -eq "0" || "$packets_rp13" -eq "0" ]]; then 798 check_err 1 "Packet difference is 0" 799 log_test "Multipath" 800 log_info "Expected ratio $weights_ratio" 801 return 802 fi 803 804 if [[ "$weight_rp12" -gt "$weight_rp13" ]]; then 805 packets_ratio=$(echo "scale=2; $packets_rp12 / $packets_rp13" \ 806 | bc -l) 807 else 808 packets_ratio=$(echo "scale=2; $packets_rp13 / $packets_rp12" \ 809 | bc -l) 810 fi 811 812 diff=$(echo $weights_ratio - $packets_ratio | bc -l) 813 diff=${diff#-} 814 815 test "$(echo "$diff / $weights_ratio > 0.15" | bc -l)" -eq 0 816 check_err $? "Too large discrepancy between expected and measured ratios" 817 log_test "$desc" 818 log_info "Expected ratio $weights_ratio Measured ratio $packets_ratio" 819} 820 821in_ns() 822{ 823 local name=$1; shift 824 825 ip netns exec $name bash <<-EOF 826 NUM_NETIFS=0 827 source lib.sh 828 $(for a in "$@"; do printf "%q${IFS:0:1}" "$a"; done) 829 EOF 830} 831 832############################################################################## 833# Tests 834 835ping_do() 836{ 837 local if_name=$1 838 local dip=$2 839 local args=$3 840 local vrf_name 841 842 vrf_name=$(master_name_get $if_name) 843 ip vrf exec $vrf_name \ 844 $PING $args $dip -c 10 -i 0.1 -w $PING_TIMEOUT &> /dev/null 845} 846 847ping_test() 848{ 849 RET=0 850 851 ping_do $1 $2 852 check_err $? 853 log_test "ping$3" 854} 855 856ping6_do() 857{ 858 local if_name=$1 859 local dip=$2 860 local args=$3 861 local vrf_name 862 863 vrf_name=$(master_name_get $if_name) 864 ip vrf exec $vrf_name \ 865 $PING6 $args $dip -c 10 -i 0.1 -w $PING_TIMEOUT &> /dev/null 866} 867 868ping6_test() 869{ 870 RET=0 871 872 ping6_do $1 $2 873 check_err $? 874 log_test "ping6$3" 875} 876 877learning_test() 878{ 879 local bridge=$1 880 local br_port1=$2 # Connected to `host1_if`. 881 local host1_if=$3 882 local host2_if=$4 883 local mac=de:ad:be:ef:13:37 884 local ageing_time 885 886 RET=0 887 888 bridge -j fdb show br $bridge brport $br_port1 \ 889 | jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null 890 check_fail $? "Found FDB record when should not" 891 892 # Disable unknown unicast flooding on `br_port1` to make sure 893 # packets are only forwarded through the port after a matching 894 # FDB entry was installed. 895 bridge link set dev $br_port1 flood off 896 897 ip link set $host1_if promisc on 898 tc qdisc add dev $host1_if ingress 899 tc filter add dev $host1_if ingress protocol ip pref 1 handle 101 \ 900 flower dst_mac $mac action drop 901 902 $MZ $host2_if -c 1 -p 64 -b $mac -t ip -q 903 sleep 1 904 905 tc -j -s filter show dev $host1_if ingress \ 906 | jq -e ".[] | select(.options.handle == 101) \ 907 | select(.options.actions[0].stats.packets == 1)" &> /dev/null 908 check_fail $? "Packet reached first host when should not" 909 910 $MZ $host1_if -c 1 -p 64 -a $mac -t ip -q 911 sleep 1 912 913 bridge -j fdb show br $bridge brport $br_port1 \ 914 | jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null 915 check_err $? "Did not find FDB record when should" 916 917 $MZ $host2_if -c 1 -p 64 -b $mac -t ip -q 918 sleep 1 919 920 tc -j -s filter show dev $host1_if ingress \ 921 | jq -e ".[] | select(.options.handle == 101) \ 922 | select(.options.actions[0].stats.packets == 1)" &> /dev/null 923 check_err $? "Packet did not reach second host when should" 924 925 # Wait for 10 seconds after the ageing time to make sure FDB 926 # record was aged-out. 927 ageing_time=$(bridge_ageing_time_get $bridge) 928 sleep $((ageing_time + 10)) 929 930 bridge -j fdb show br $bridge brport $br_port1 \ 931 | jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null 932 check_fail $? "Found FDB record when should not" 933 934 bridge link set dev $br_port1 learning off 935 936 $MZ $host1_if -c 1 -p 64 -a $mac -t ip -q 937 sleep 1 938 939 bridge -j fdb show br $bridge brport $br_port1 \ 940 | jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null 941 check_fail $? "Found FDB record when should not" 942 943 bridge link set dev $br_port1 learning on 944 945 tc filter del dev $host1_if ingress protocol ip pref 1 handle 101 flower 946 tc qdisc del dev $host1_if ingress 947 ip link set $host1_if promisc off 948 949 bridge link set dev $br_port1 flood on 950 951 log_test "FDB learning" 952} 953 954flood_test_do() 955{ 956 local should_flood=$1 957 local mac=$2 958 local ip=$3 959 local host1_if=$4 960 local host2_if=$5 961 local err=0 962 963 # Add an ACL on `host2_if` which will tell us whether the packet 964 # was flooded to it or not. 965 ip link set $host2_if promisc on 966 tc qdisc add dev $host2_if ingress 967 tc filter add dev $host2_if ingress protocol ip pref 1 handle 101 \ 968 flower dst_mac $mac action drop 969 970 $MZ $host1_if -c 1 -p 64 -b $mac -B $ip -t ip -q 971 sleep 1 972 973 tc -j -s filter show dev $host2_if ingress \ 974 | jq -e ".[] | select(.options.handle == 101) \ 975 | select(.options.actions[0].stats.packets == 1)" &> /dev/null 976 if [[ $? -ne 0 && $should_flood == "true" || \ 977 $? -eq 0 && $should_flood == "false" ]]; then 978 err=1 979 fi 980 981 tc filter del dev $host2_if ingress protocol ip pref 1 handle 101 flower 982 tc qdisc del dev $host2_if ingress 983 ip link set $host2_if promisc off 984 985 return $err 986} 987 988flood_unicast_test() 989{ 990 local br_port=$1 991 local host1_if=$2 992 local host2_if=$3 993 local mac=de:ad:be:ef:13:37 994 local ip=192.0.2.100 995 996 RET=0 997 998 bridge link set dev $br_port flood off 999 1000 flood_test_do false $mac $ip $host1_if $host2_if 1001 check_err $? "Packet flooded when should not" 1002 1003 bridge link set dev $br_port flood on 1004 1005 flood_test_do true $mac $ip $host1_if $host2_if 1006 check_err $? "Packet was not flooded when should" 1007 1008 log_test "Unknown unicast flood" 1009} 1010 1011flood_multicast_test() 1012{ 1013 local br_port=$1 1014 local host1_if=$2 1015 local host2_if=$3 1016 local mac=01:00:5e:00:00:01 1017 local ip=239.0.0.1 1018 1019 RET=0 1020 1021 bridge link set dev $br_port mcast_flood off 1022 1023 flood_test_do false $mac $ip $host1_if $host2_if 1024 check_err $? "Packet flooded when should not" 1025 1026 bridge link set dev $br_port mcast_flood on 1027 1028 flood_test_do true $mac $ip $host1_if $host2_if 1029 check_err $? "Packet was not flooded when should" 1030 1031 log_test "Unregistered multicast flood" 1032} 1033 1034flood_test() 1035{ 1036 # `br_port` is connected to `host2_if` 1037 local br_port=$1 1038 local host1_if=$2 1039 local host2_if=$3 1040 1041 flood_unicast_test $br_port $host1_if $host2_if 1042 flood_multicast_test $br_port $host1_if $host2_if 1043} 1044