#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # Test VLAN classification after routing and verify that the order of # configuration does not impact switch behavior. Verify that {RIF, Port}->VID # mapping is added correctly for existing {Port, VID}->FID mapping and that # {RIF, Port}->VID mapping is added correctly for new {Port, VID}->FID mapping. # +-------------------+ +--------------------+ # | H1 | | H2 | # | | | | # | $h1.10 + | | + $h2.10 | # | 192.0.2.1/28 | | | | 192.0.2.3/28 | # | | | | | | # | $h1 + | | + $h2 | # +----------------|--+ +--|-----------------+ # | | # +----------------|-------------------------|-----------------+ # | SW | | | # | +--------------|-------------------------|---------------+ | # | | $swp1 + + $swp2 | | # | | | | | | # | | $swp1.10 + + $swp2.10 | | # | | | | # | | br0 | | # | | 192.0.2.2/28 | | # | +--------------------------------------------------------+ | # | | # | $swp3.20 + | # | 192.0.2.17/28 | | # | | | # | $swp3 + | # +---------------|--------------------------------------------+ # | # +---------------|--+ # | $h3 + | # | | | # | $h3.20 + | # | 192.0.2.18/28 | # | | # | H3 | # +------------------+ lib_dir=$(dirname $0)/../../../net/forwarding ALL_TESTS=" port_vid_map_rif rif_port_vid_map " NUM_NETIFS=6 source $lib_dir/lib.sh source $lib_dir/tc_common.sh source $lib_dir/devlink_lib.sh h1_create() { simple_if_init $h1 vlan_create $h1 10 v$h1 192.0.2.1/28 ip route add 192.0.2.16/28 vrf v$h1 nexthop via 192.0.2.2 } h1_destroy() { ip route del 192.0.2.16/28 vrf v$h1 nexthop via 192.0.2.2 vlan_destroy $h1 10 simple_if_fini $h1 } h2_create() { simple_if_init $h2 vlan_create $h2 10 v$h2 192.0.2.3/28 } h2_destroy() { vlan_destroy $h2 10 simple_if_fini $h2 } h3_create() { simple_if_init $h3 vlan_create $h3 20 v$h3 192.0.2.18/28 ip route add 192.0.2.0/28 vrf v$h3 nexthop via 192.0.2.17 } h3_destroy() { ip route del 192.0.2.0/28 vrf v$h3 nexthop via 192.0.2.17 vlan_destroy $h3 20 simple_if_fini $h3 } switch_create() { ip link set dev $swp1 up tc qdisc add dev $swp1 clsact ip link add dev br0 type bridge mcast_snooping 0 # By default, a link-local address is generated when netdevice becomes # up. Adding an address to the bridge will cause creating a RIF for it. # Prevent generating link-local address to be able to control when the # RIF is added. sysctl_set net.ipv6.conf.br0.addr_gen_mode 1 ip link set dev br0 up ip link set dev $swp2 up vlan_create $swp2 10 ip link set dev $swp2.10 master br0 ip link set dev $swp3 up vlan_create $swp3 20 "" 192.0.2.17/28 # Replace neighbor to avoid 1 packet which is forwarded in software due # to "unresolved neigh". ip neigh replace dev $swp3.20 192.0.2.18 lladdr $(mac_get $h3.20) } switch_destroy() { vlan_destroy $swp3 20 ip link set dev $swp3 down ip link set dev $swp2.10 nomaster vlan_destroy $swp2 10 ip link set dev $swp2 down ip link set dev br0 down sysctl_restore net.ipv6.conf.br0.addr_gen_mode ip link del dev br0 tc qdisc del dev $swp1 clsact ip link set dev $swp1 down } setup_prepare() { h1=${NETIFS[p1]} swp1=${NETIFS[p2]} swp2=${NETIFS[p3]} h2=${NETIFS[p4]} swp3=${NETIFS[p5]} h3=${NETIFS[p6]} vrf_prepare forwarding_enable h1_create h2_create h3_create switch_create } cleanup() { pre_cleanup switch_destroy h3_destroy h2_destroy h1_destroy forwarding_restore vrf_cleanup } bridge_rif_add() { rifs_occ_t0=$(devlink_resource_occ_get rifs) __addr_add_del br0 add 192.0.2.2/28 rifs_occ_t1=$(devlink_resource_occ_get rifs) expected_rifs=$((rifs_occ_t0 + 1)) [[ $expected_rifs -eq $rifs_occ_t1 ]] check_err $? "Expected $expected_rifs RIFs, $rifs_occ_t1 are used" sleep 1 } bridge_rif_del() { __addr_add_del br0 del 192.0.2.2/28 } port_vid_map_rif() { RET=0 # First add {port, VID}->FID for swp1.10, then add a RIF and verify that # packets get the correct VID after routing. vlan_create $swp1 10 ip link set dev $swp1.10 master br0 bridge_rif_add # Replace neighbor to avoid 1 packet which is forwarded in software due # to "unresolved neigh". ip neigh replace dev br0 192.0.2.1 lladdr $(mac_get $h1.10) # The hardware matches on the first ethertype which is not VLAN, # so the protocol should be IP. tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ flower skip_sw dst_ip 192.0.2.1 action pass ping_do $h1.10 192.0.2.18 check_err $? "Ping failed" tc_check_at_least_x_packets "dev $swp1 egress" 101 10 check_err $? "Packets were not routed in hardware" log_test "Add RIF for existing {port, VID}->FID mapping" tc filter del dev $swp1 egress bridge_rif_del ip link set dev $swp1.10 nomaster vlan_destroy $swp1 10 } rif_port_vid_map() { RET=0 # First add an address to the bridge, which will create a RIF on top of # it, then add a new {port, VID}->FID mapping and verify that packets # get the correct VID after routing. bridge_rif_add vlan_create $swp1 10 ip link set dev $swp1.10 master br0 # Replace neighbor to avoid 1 packet which is forwarded in software due # to "unresolved neigh". ip neigh replace dev br0 192.0.2.1 lladdr $(mac_get $h1.10) # The hardware matches on the first ethertype which is not VLAN, # so the protocol should be IP. tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ flower skip_sw dst_ip 192.0.2.1 action pass ping_do $h1.10 192.0.2.18 check_err $? "Ping failed" tc_check_at_least_x_packets "dev $swp1 egress" 101 10 check_err $? "Packets were not routed in hardware" log_test "Add {port, VID}->FID mapping for FID with a RIF" tc filter del dev $swp1 egress ip link set dev $swp1.10 nomaster vlan_destroy $swp1 10 bridge_rif_del } trap cleanup EXIT setup_prepare setup_wait tests_run exit $EXIT_STATUS