[linux-block.git] / tools / testing / selftests / net / test_vxlan_nolocalbypass.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0

# This test is for checking the [no]localbypass VXLAN device option. The test
# configures two VXLAN devices in the same network namespace and a tc filter on
# the loopback device that drops encapsulated packets. The test sends packets
# from the first VXLAN device and verifies that by default these packets are
# received by the second VXLAN device. The test then enables the nolocalbypass
# option and verifies that packets are no longer received by the second VXLAN
# device.

source lib.sh
ret=0

TESTS="
	nolocalbypass
"
VERBOSE=0
PAUSE_ON_FAIL=no
PAUSE=no

################################################################################
# Utilities

log_test()
{
	local rc=$1
	local expected=$2
	local msg="$3"

	if [ ${rc} -eq ${expected} ]; then
		printf "TEST: %-60s  [ OK ]\n" "${msg}"
		nsuccess=$((nsuccess+1))
	else
		ret=1
		nfail=$((nfail+1))
		printf "TEST: %-60s  [FAIL]\n" "${msg}"
		if [ "$VERBOSE" = "1" ]; then
			echo "    rc=$rc, expected $expected"
		fi

		if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
		echo
			echo "hit enter to continue, 'q' to quit"
			read a
			[ "$a" = "q" ] && exit 1
		fi
	fi

	if [ "${PAUSE}" = "yes" ]; then
		echo
		echo "hit enter to continue, 'q' to quit"
		read a
		[ "$a" = "q" ] && exit 1
	fi

	[ "$VERBOSE" = "1" ] && echo
}

run_cmd()
{
	local cmd="$1"
	local out
	local stderr="2>/dev/null"

	if [ "$VERBOSE" = "1" ]; then
		printf "COMMAND: $cmd\n"
		stderr=
	fi

	out=$(eval $cmd $stderr)
	rc=$?
	if [ "$VERBOSE" = "1" -a -n "$out" ]; then
		echo "    $out"
	fi

	return $rc
}

tc_check_packets()
{
	local ns=$1; shift
	local id=$1; shift
	local handle=$1; shift
	local count=$1; shift
	local pkts

	sleep 0.1
	pkts=$(tc -n $ns -j -s filter show $id \
		| jq ".[] | select(.options.handle == $handle) | \
		.options.actions[0].stats.packets")
	[[ $pkts == $count ]]
}

################################################################################
# Setup

setup()
{
	setup_ns ns1

	ip -n $ns1 address add 192.0.2.1/32 dev lo
	ip -n $ns1 address add 198.51.100.1/32 dev lo

	ip -n $ns1 link add name vx0 up type vxlan id 100 local 198.51.100.1 \
		dstport 4789 nolearning
	ip -n $ns1 link add name vx1 up type vxlan id 100 dstport 4790
}

cleanup()
{
	cleanup_ns $ns1
}

################################################################################
# Tests

nolocalbypass()
{
	local smac=00:01:02:03:04:05
	local dmac=00:0a:0b:0c:0d:0e

	run_cmd "bridge -n $ns1 fdb add $dmac dev vx0 self static dst 192.0.2.1 port 4790"

	run_cmd "tc -n $ns1 qdisc add dev vx1 clsact"
	run_cmd "tc -n $ns1 filter add dev vx1 ingress pref 1 handle 101 proto all flower src_mac $smac dst_mac $dmac action pass"

	run_cmd "tc -n $ns1 qdisc add dev lo clsact"
	run_cmd "tc -n $ns1 filter add dev lo ingress pref 1 handle 101 proto ip flower ip_proto udp dst_port 4790 action drop"

	run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'"
	log_test $? 0 "localbypass enabled"

	run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"

	tc_check_packets "$ns1" "dev vx1 ingress" 101 1
	log_test $? 0 "Packet received by local VXLAN device - localbypass"

	run_cmd "ip -n $ns1 link set dev vx0 type vxlan nolocalbypass"

	run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == false'"
	log_test $? 0 "localbypass disabled"

	run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"

	tc_check_packets "$ns1" "dev vx1 ingress" 101 1
	log_test $? 0 "Packet not received by local VXLAN device - nolocalbypass"

	run_cmd "ip -n $ns1 link set dev vx0 type vxlan localbypass"

	run_cmd "ip -n $ns1 -d -j link show dev vx0 | jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'"
	log_test $? 0 "localbypass enabled"

	run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"

	tc_check_packets "$ns1" "dev vx1 ingress" 101 2
	log_test $? 0 "Packet received by local VXLAN device - localbypass"
}

################################################################################
# Usage

usage()
{
	cat <<EOF
usage: ${0##*/} OPTS

        -t <test>   Test(s) to run (default: all)
                    (options: $TESTS)
        -p          Pause on fail
        -P          Pause after each test before cleanup
        -v          Verbose mode (show commands and output)
EOF
}

################################################################################
# Main

trap cleanup EXIT

while getopts ":t:pPvh" opt; do
	case $opt in
		t) TESTS=$OPTARG ;;
		p) PAUSE_ON_FAIL=yes;;
		P) PAUSE=yes;;
		v) VERBOSE=$(($VERBOSE + 1));;
		h) usage; exit 0;;
		*) usage; exit 1;;
	esac
done

# Make sure we don't pause twice.
[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no

if [ "$(id -u)" -ne 0 ];then
	echo "SKIP: Need root privileges"
	exit $ksft_skip;
fi

if [ ! -x "$(command -v ip)" ]; then
	echo "SKIP: Could not run test without ip tool"
	exit $ksft_skip
fi

if [ ! -x "$(command -v bridge)" ]; then
	echo "SKIP: Could not run test without bridge tool"
	exit $ksft_skip
fi

if [ ! -x "$(command -v mausezahn)" ]; then
	echo "SKIP: Could not run test without mausezahn tool"
	exit $ksft_skip
fi

if [ ! -x "$(command -v jq)" ]; then
	echo "SKIP: Could not run test without jq tool"
	exit $ksft_skip
fi

ip link help vxlan 2>&1 | grep -q "localbypass"
if [ $? -ne 0 ]; then
	echo "SKIP: iproute2 ip too old, missing VXLAN nolocalbypass support"
	exit $ksft_skip
fi

cleanup

for t in $TESTS
do
	setup; $t; cleanup;
done

if [ "$TESTS" != "none" ]; then
	printf "\nTests passed: %3d\n" ${nsuccess}
	printf "Tests failed: %3d\n"   ${nfail}
fi

exit $ret
Commit	Line	Data
305c0418 VN	1	#!/bin/bash
	2	# SPDX-License-Identifier: GPL-2.0
	3
	4	# This test is for checking the [no]localbypass VXLAN device option. The test
	5	# configures two VXLAN devices in the same network namespace and a tc filter on
	6	# the loopback device that drops encapsulated packets. The test sends packets
	7	# from the first VXLAN device and verifies that by default these packets are
	8	# received by the second VXLAN device. The test then enables the nolocalbypass
	9	# option and verifies that packets are no longer received by the second VXLAN
	10	# device.
	11
d79e907b	12	source lib.sh
305c0418	13	ret=0
305c0418 VN	14
	15	TESTS="
	16	nolocalbypass
	17	"
	18	VERBOSE=0
	19	PAUSE_ON_FAIL=no
	20	PAUSE=no
	21
	22	################################################################################
	23	# Utilities
	24
	25	log_test()
	26	{
	27	local rc=$1
	28	local expected=$2
	29	local msg="$3"
	30
	31	if [ ${rc} -eq ${expected} ]; then
	32	printf "TEST: %-60s [ OK ]\n" "${msg}"
	33	nsuccess=$((nsuccess+1))
	34	else
	35	ret=1
	36	nfail=$((nfail+1))
	37	printf "TEST: %-60s [FAIL]\n" "${msg}"
	38	if [ "$VERBOSE" = "1" ]; then
	39	echo " rc=$rc, expected $expected"
	40	fi
	41
	42	if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
	43	echo
	44	echo "hit enter to continue, 'q' to quit"
	45	read a
	46	[ "$a" = "q" ] && exit 1
	47	fi
	48	fi
	49
	50	if [ "${PAUSE}" = "yes" ]; then
	51	echo
	52	echo "hit enter to continue, 'q' to quit"
	53	read a
	54	[ "$a" = "q" ] && exit 1
	55	fi
	56
	57	[ "$VERBOSE" = "1" ] && echo
	58	}
	59
	60	run_cmd()
	61	{
	62	local cmd="$1"
	63	local out
	64	local stderr="2>/dev/null"
	65
	66	if [ "$VERBOSE" = "1" ]; then
	67	printf "COMMAND: $cmd\n"
	68	stderr=
	69	fi
	70
	71	out=$(eval $cmd $stderr)
	72	rc=$?
	73	if [ "$VERBOSE" = "1" -a -n "$out" ]; then
	74	echo " $out"
	75	fi
	76
	77	return $rc
78	}
79
80	tc_check_packets()
81	{
82	local ns=$1; shift
83	local id=$1; shift
84	local handle=$1; shift
85	local count=$1; shift
86	local pkts
87
88	sleep 0.1
89	pkts=$(tc -n $ns -j -s filter show $id \
90	\| jq ".[] \| select(.options.handle == $handle) \| \
91	.options.actions[0].stats.packets")
92	[[ $pkts == $count ]]
93	}
94
95	################################################################################
96	# Setup
97
98	setup()
99	{
d79e907b	100	setup_ns ns1
305c0418	101
d79e907b HL	102	ip -n $ns1 address add 192.0.2.1/32 dev lo
d79e907b HL	103	ip -n $ns1 address add 198.51.100.1/32 dev lo
305c0418	104
d79e907b	105	ip -n $ns1 link add name vx0 up type vxlan id 100 local 198.51.100.1 \
305c0418	106	dstport 4789 nolearning
d79e907b	107	ip -n $ns1 link add name vx1 up type vxlan id 100 dstport 4790
305c0418 VN	108	}
	109
	110	cleanup()
	111	{
d79e907b	112	cleanup_ns $ns1
305c0418 VN	113	}
	114
	115	################################################################################
	116	# Tests
	117
	118	nolocalbypass()
	119	{
	120	local smac=00:01:02:03:04:05
	121	local dmac=00:0a:0b:0c:0d:0e
	122
d79e907b	123	run_cmd "bridge -n $ns1 fdb add $dmac dev vx0 self static dst 192.0.2.1 port 4790"
305c0418	124
d79e907b HL	125	run_cmd "tc -n $ns1 qdisc add dev vx1 clsact"
d79e907b HL	126	run_cmd "tc -n $ns1 filter add dev vx1 ingress pref 1 handle 101 proto all flower src_mac $smac dst_mac $dmac action pass"
305c0418	127
d79e907b HL	128	run_cmd "tc -n $ns1 qdisc add dev lo clsact"
d79e907b HL	129	run_cmd "tc -n $ns1 filter add dev lo ingress pref 1 handle 101 proto ip flower ip_proto udp dst_port 4790 action drop"
305c0418	130
d79e907b	131	run_cmd "ip -n $ns1 -d -j link show dev vx0 \| jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'"
305c0418 VN	132	log_test $? 0 "localbypass enabled"
305c0418 VN	133
d79e907b	134	run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"
305c0418	135
d79e907b	136	tc_check_packets "$ns1" "dev vx1 ingress" 101 1
305c0418 VN	137	log_test $? 0 "Packet received by local VXLAN device - localbypass"
305c0418 VN	138
d79e907b	139	run_cmd "ip -n $ns1 link set dev vx0 type vxlan nolocalbypass"
305c0418	140
d79e907b	141	run_cmd "ip -n $ns1 -d -j link show dev vx0 \| jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == false'"
305c0418 VN	142	log_test $? 0 "localbypass disabled"
305c0418 VN	143
d79e907b	144	run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"
305c0418	145
d79e907b	146	tc_check_packets "$ns1" "dev vx1 ingress" 101 1
305c0418 VN	147	log_test $? 0 "Packet not received by local VXLAN device - nolocalbypass"
305c0418 VN	148
d79e907b	149	run_cmd "ip -n $ns1 link set dev vx0 type vxlan localbypass"
305c0418	150
d79e907b	151	run_cmd "ip -n $ns1 -d -j link show dev vx0 \| jq -e '.[][\"linkinfo\"][\"info_data\"][\"localbypass\"] == true'"
305c0418 VN	152	log_test $? 0 "localbypass enabled"
305c0418 VN	153
d79e907b	154	run_cmd "ip netns exec $ns1 mausezahn vx0 -a $smac -b $dmac -c 1 -p 100 -q"
305c0418	155
d79e907b	156	tc_check_packets "$ns1" "dev vx1 ingress" 101 2
305c0418 VN	157	log_test $? 0 "Packet received by local VXLAN device - localbypass"
	158	}
	159
	160	################################################################################
	161	# Usage
	162
	163	usage()
	164	{
	165	cat <<EOF
	166	usage: ${0##*/} OPTS
	167
	168	-t <test> Test(s) to run (default: all)
	169	(options: $TESTS)
	170	-p Pause on fail
	171	-P Pause after each test before cleanup
	172	-v Verbose mode (show commands and output)
	173	EOF
	174	}
	175
	176	################################################################################
	177	# Main
	178
	179	trap cleanup EXIT
	180
	181	while getopts ":t:pPvh" opt; do
	182	case $opt in
	183	t) TESTS=$OPTARG ;;
	184	p) PAUSE_ON_FAIL=yes;;
	185	P) PAUSE=yes;;
	186	v) VERBOSE=$(($VERBOSE + 1));;
	187	h) usage; exit 0;;
	188	*) usage; exit 1;;
	189	esac
	190	done
	191
	192	# Make sure we don't pause twice.
	193	[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
	194
	195	if [ "$(id -u)" -ne 0 ];then
	196	echo "SKIP: Need root privileges"
	197	exit $ksft_skip;
	198	fi
	199
	200	if [ ! -x "$(command -v ip)" ]; then
	201	echo "SKIP: Could not run test without ip tool"
	202	exit $ksft_skip
	203	fi
	204
	205	if [ ! -x "$(command -v bridge)" ]; then
	206	echo "SKIP: Could not run test without bridge tool"
	207	exit $ksft_skip
	208	fi
	209
	210	if [ ! -x "$(command -v mausezahn)" ]; then
	211	echo "SKIP: Could not run test without mausezahn tool"
	212	exit $ksft_skip
	213	fi
	214
	215	if [ ! -x "$(command -v jq)" ]; then
	216	echo "SKIP: Could not run test without jq tool"
	217	exit $ksft_skip
	218	fi
	219
	220	ip link help vxlan 2>&1 \| grep -q "localbypass"
221	if [ $? -ne 0 ]; then
222	echo "SKIP: iproute2 ip too old, missing VXLAN nolocalbypass support"
223	exit $ksft_skip
224	fi
225
226	cleanup
227
228	for t in $TESTS
229	do
230	setup; $t; cleanup;
231	done
232
233	if [ "$TESTS" != "none" ]; then
234	printf "\nTests passed: %3d\n" ${nsuccess}
235	printf "Tests failed: %3d\n" ${nfail}
236	fi
237
238	exit $ret