| Current File : //usr/lib/modules/6.14.0-1012-aws/build/tools/testing/selftests/net/forwarding/vxlan_reserved.sh |
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# +--------------------+
# | H1 (vrf) |
# | + $h1 |
# | | 192.0.2.1/28 |
# +----|---------------+
# |
# +----|--------------------------------+
# | SW | |
# | +--|------------------------------+ |
# | | + $swp1 BR1 (802.1d) | |
# | | | |
# | | + vx1 (vxlan) | |
# | | local 192.0.2.17 | |
# | | id 1000 dstport $VXPORT | |
# | +---------------------------------+ |
# | |
# | 192.0.2.32/28 via 192.0.2.18 |
# | |
# | + $rp1 |
# | | 192.0.2.17/28 |
# +--|----------------------------------+
# |
# +--|----------------------------------+
# | | |
# | + $rp2 |
# | 192.0.2.18/28 |
# | |
# | VRP2 (vrf) |
# +-------------------------------------+
: ${VXPORT:=4789}
: ${ALL_TESTS:="
default_test
plain_test
reserved_0_test
reserved_10_test
reserved_31_test
reserved_56_test
reserved_63_test
"}
NUM_NETIFS=4
source lib.sh
h1_create()
{
simple_if_init $h1 192.0.2.1/28
defer simple_if_fini $h1 192.0.2.1/28
tc qdisc add dev $h1 clsact
defer tc qdisc del dev $h1 clsact
tc filter add dev $h1 ingress pref 77 \
prot ip flower skip_hw ip_proto icmp action drop
defer tc filter del dev $h1 ingress pref 77
}
switch_create()
{
ip_link_add br1 type bridge vlan_filtering 0 mcast_snooping 0
# Make sure the bridge uses the MAC address of the local port and not
# that of the VxLAN's device.
ip_link_set_addr br1 $(mac_get $swp1)
ip_link_set_up br1
ip_link_set_up $rp1
ip_addr_add $rp1 192.0.2.17/28
ip_route_add 192.0.2.32/28 nexthop via 192.0.2.18
ip_link_set_master $swp1 br1
ip_link_set_up $swp1
}
vrp2_create()
{
simple_if_init $rp2 192.0.2.18/28
defer simple_if_fini $rp2 192.0.2.18/28
}
setup_prepare()
{
h1=${NETIFS[p1]}
swp1=${NETIFS[p2]}
rp1=${NETIFS[p3]}
rp2=${NETIFS[p4]}
vrf_prepare
defer vrf_cleanup
forwarding_enable
defer forwarding_restore
h1_create
switch_create
vrp2_create
}
vxlan_header_bytes()
{
local vni=$1; shift
local -a extra_bits=("$@")
local -a bits
local i
for ((i=0; i < 64; i++)); do
bits[i]=0
done
# Bit 4 is the I flag and is always on.
bits[4]=1
for i in ${extra_bits[@]}; do
bits[i]=1
done
# Bits 32..55 carry the VNI
local mask=0x800000
for ((i=0; i < 24; i++)); do
bits[$((i + 32))]=$(((vni & mask) != 0))
((mask >>= 1))
done
local bytes
for ((i=0; i < 8; i++)); do
local byte=0
local j
for ((j=0; j < 8; j++)); do
local bit=${bits[8 * i + j]}
((byte += bit << (7 - j)))
done
bytes+=$(printf %02x $byte):
done
echo ${bytes%:}
}
neg_bytes()
{
local bytes=$1; shift
local -A neg=([0]=f [1]=e [2]=d [3]=c [4]=b [5]=a [6]=9 [7]=8
[8]=7 [9]=6 [a]=5 [b]=4 [c]=3 [d]=2 [e]=1 [f]=0 [:]=:)
local out
local i
for ((i=0; i < ${#bytes}; i++)); do
local c=${bytes:$i:1}
out+=${neg[$c]}
done
echo $out
}
vxlan_ping_do()
{
local count=$1; shift
local dev=$1; shift
local next_hop_mac=$1; shift
local dest_ip=$1; shift
local dest_mac=$1; shift
local vni=$1; shift
local reserved_bits=$1; shift
local vxlan_header=$(vxlan_header_bytes $vni $reserved_bits)
$MZ $dev -c $count -d 100msec -q \
-b $next_hop_mac -B $dest_ip \
-t udp sp=23456,dp=$VXPORT,p=$(:
)"$vxlan_header:"$( : VXLAN
)"$dest_mac:"$( : ETH daddr
)"00:11:22:33:44:55:"$( : ETH saddr
)"08:00:"$( : ETH type
)"45:"$( : IP version + IHL
)"00:"$( : IP TOS
)"00:54:"$( : IP total length
)"99:83:"$( : IP identification
)"40:00:"$( : IP flags + frag off
)"40:"$( : IP TTL
)"01:"$( : IP proto
)"00:00:"$( : IP header csum
)"$(ipv4_to_bytes 192.0.2.3):"$( : IP saddr
)"$(ipv4_to_bytes 192.0.2.1):"$( : IP daddr
)"08:"$( : ICMP type
)"00:"$( : ICMP code
)"8b:f2:"$( : ICMP csum
)"1f:6a:"$( : ICMP request identifier
)"00:01:"$( : ICMP request seq. number
)"4f:ff:c5:5b:00:00:00:00:"$( : ICMP payload
)"6d:74:0b:00:00:00:00:00:"$( :
)"10:11:12:13:14:15:16:17:"$( :
)"18:19:1a:1b:1c:1d:1e:1f:"$( :
)"20:21:22:23:24:25:26:27:"$( :
)"28:29:2a:2b:2c:2d:2e:2f:"$( :
)"30:31:32:33:34:35:36:37"
}
vxlan_device_add()
{
ip_link_add vx1 up type vxlan id 1000 \
local 192.0.2.17 dstport "$VXPORT" \
nolearning noudpcsum tos inherit ttl 100 "$@"
ip_link_set_master vx1 br1
}
vxlan_all_reserved_bits()
{
local i
for ((i=0; i < 64; i++)); do
if ((i == 4 || i >= 32 && i < 56)); then
continue
fi
echo $i
done
}
vxlan_ping_vanilla()
{
vxlan_ping_do 10 $rp2 $(mac_get $rp1) 192.0.2.17 $(mac_get $h1) 1000
}
vxlan_ping_reserved()
{
for bit in $(vxlan_all_reserved_bits); do
vxlan_ping_do 1 $rp2 $(mac_get $rp1) \
192.0.2.17 $(mac_get $h1) 1000 "$bit"
((n++))
done
}
vxlan_ping_test()
{
local what=$1; shift
local get_stat=$1; shift
local expect=$1; shift
RET=0
local t0=$($get_stat)
"$@"
check_err $? "Failure when running $@"
local t1=$($get_stat)
local delta=$((t1 - t0))
((expect == delta))
check_err $? "Expected to capture $expect packets, got $delta."
log_test "$what"
}
__default_test_do()
{
local n_allowed_bits=$1; shift
local what=$1; shift
vxlan_ping_test "$what: clean packets" \
"tc_rule_stats_get $h1 77 ingress" \
10 vxlan_ping_vanilla
local t0=$(link_stats_get vx1 rx errors)
vxlan_ping_test "$what: mangled packets" \
"tc_rule_stats_get $h1 77 ingress" \
$n_allowed_bits vxlan_ping_reserved
local t1=$(link_stats_get vx1 rx errors)
RET=0
local expect=$((39 - n_allowed_bits))
local delta=$((t1 - t0))
((expect == delta))
check_err $? "Expected $expect error packets, got $delta."
log_test "$what: drops reported"
}
default_test_do()
{
vxlan_device_add
__default_test_do 0 "Default"
}
default_test()
{
in_defer_scope \
default_test_do
}
plain_test_do()
{
vxlan_device_add reserved_bits 0xf7ffffff000000ff
__default_test_do 0 "reserved_bits 0xf7ffffff000000ff"
}
plain_test()
{
in_defer_scope \
plain_test_do
}
reserved_test()
{
local bit=$1; shift
local allowed_bytes=$(vxlan_header_bytes 0xffffff $bit)
local reserved_bytes=$(neg_bytes $allowed_bytes)
local reserved_bits=${reserved_bytes//:/}
vxlan_device_add reserved_bits 0x$reserved_bits
__default_test_do 1 "reserved_bits 0x$reserved_bits"
}
reserved_0_test()
{
in_defer_scope \
reserved_test 0
}
reserved_10_test()
{
in_defer_scope \
reserved_test 10
}
reserved_31_test()
{
in_defer_scope \
reserved_test 31
}
reserved_56_test()
{
in_defer_scope \
reserved_test 56
}
reserved_63_test()
{
in_defer_scope \
reserved_test 63
}
trap cleanup EXIT
setup_prepare
setup_wait
tests_run
exit $EXIT_STATUS