Merge branch 'selftests-Add-tests-for-mirroring-to-gretap'

Petr Machata says:

====================
selftests: Add tests for mirroring to gretap

This suite tests GRE-encapsulated mirroring. The general topology that
most of the tests use is as follows, but each test defines details of
the topology based on its needs, and some tests actually use a somewhat
different topology.

+---------------------+                      +---------------------+
| H1                  |                      |                  H2 |
|     + $h1           |                      |           $h2 +     |
+-----|---------------+                      +---------------|-----+
      |                                                      |
+-----|------------------------------------------------------|-----+
| SW  o---> mirror                                           |     |
| +---|------------------------------------------------------|---+ |
| |   + $swp1               BR                         $swp2 +   | |
| +--------------------------------------------------------------+ |
|                                                                  |
|     + $swp3          + gt6 (ip6gretap)    + gt4 (gretap)         |
+-----|----------------:--------------------:----------------------+
      |                :                    :
+-----|----------------:--------------------:----------------------+
|     + $h3            + h3-gt6(ip6gretap)  + h3-gt4 (gretap)      |
| H3                                                               |
+------------------------------------------------------------------+

The following axes of configuration space are tested:

- ingress and egress mirroring
- mirroring triggered by matchall and flower
- mirroring to ipgretap and ip6gretap
- remote tunnel reachable directly or through a next-hop route
- skip_sw as well as skip_hw configurations

Apart from basic tests with the above mentioned features, the following
tests are included:

- handling of changes to neighbors pertinent to routing decisions in
  mirrored underlay
- handling of configuration changes at the mirrored-to tunnel (endpoint
  addresses, upness)

A suite of mlxsw-specific tests will be part of a separate submission
through linux-mlxsw patch queue.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2018-04-27 14:57:51 -04:00
commit e6b43d8546
10 changed files with 1230 additions and 0 deletions

View File

@ -321,6 +321,25 @@ simple_if_fini()
vrf_destroy $vrf_name
}
tunnel_create()
{
local name=$1; shift
local type=$1; shift
local local=$1; shift
local remote=$1; shift
ip link add name $name type $type \
local $local remote $remote "$@"
ip link set dev $name up
}
tunnel_destroy()
{
local name=$1; shift
ip link del dev $name
}
master_name_get()
{
local if_name=$1
@ -335,6 +354,15 @@ link_stats_tx_packets_get()
ip -j -s link show dev $if_name | jq '.[]["stats64"]["tx"]["packets"]'
}
tc_rule_stats_get()
{
local dev=$1; shift
local pref=$1; shift
tc -j -s filter show dev $dev ingress pref $pref |
jq '.[1].options.actions[].stats.packets'
}
mac_get()
{
local if_name=$1
@ -381,6 +409,74 @@ tc_offload_check()
return 0
}
slow_path_trap_install()
{
local dev=$1; shift
local direction=$1; shift
if [ "${tcflags/skip_hw}" != "$tcflags" ]; then
# For slow-path testing, we need to install a trap to get to
# slow path the packets that would otherwise be switched in HW.
tc filter add dev $dev $direction pref 1 \
flower skip_sw action trap
fi
}
slow_path_trap_uninstall()
{
local dev=$1; shift
local direction=$1; shift
if [ "${tcflags/skip_hw}" != "$tcflags" ]; then
tc filter del dev $dev $direction pref 1 flower skip_sw
fi
}
__icmp_capture_add_del()
{
local add_del=$1; shift
local pref=$1; shift
local vsuf=$1; shift
local tundev=$1; shift
local filter=$1; shift
tc filter $add_del dev "$tundev" ingress \
proto ip$vsuf pref $pref \
flower ip_proto icmp$vsuf $filter \
action pass
}
icmp_capture_install()
{
__icmp_capture_add_del add 100 "" "$@"
}
icmp_capture_uninstall()
{
__icmp_capture_add_del del 100 "" "$@"
}
icmp6_capture_install()
{
__icmp_capture_add_del add 100 v6 "$@"
}
icmp6_capture_uninstall()
{
__icmp_capture_add_del del 100 v6 "$@"
}
matchall_sink_create()
{
local dev=$1; shift
tc qdisc add dev $dev clsact
tc filter add dev $dev ingress \
pref 10000 \
matchall \
action drop
}
##############################################################################
# Tests

View File

@ -0,0 +1,139 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# This test uses standard topology for testing gretap. See
# mirror_gre_topo_lib.sh for more details.
#
# Test for "tc action mirred egress mirror" when the device to mirror to is a
# gretap or ip6gretap netdevice. Expect that the packets come out encapsulated,
# and another gretap / ip6gretap netdevice is then capable of decapsulating the
# traffic. Test that the payload is what is expected (ICMP ping request or
# reply, depending on test).
NUM_NETIFS=6
source lib.sh
source mirror_lib.sh
source mirror_gre_lib.sh
source mirror_gre_topo_lib.sh
setup_prepare()
{
h1=${NETIFS[p1]}
swp1=${NETIFS[p2]}
swp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
swp3=${NETIFS[p5]}
h3=${NETIFS[p6]}
vrf_prepare
mirror_gre_topo_create
ip address add dev $swp3 192.0.2.129/28
ip address add dev $h3 192.0.2.130/28
ip address add dev $swp3 2001:db8:2::1/64
ip address add dev $h3 2001:db8:2::2/64
}
cleanup()
{
pre_cleanup
ip address del dev $h3 2001:db8:2::2/64
ip address del dev $swp3 2001:db8:2::1/64
ip address del dev $h3 192.0.2.130/28
ip address del dev $swp3 192.0.2.129/28
mirror_gre_topo_destroy
vrf_cleanup
}
test_span_gre_mac()
{
local tundev=$1; shift
local direction=$1; shift
local prot=$1; shift
local what=$1; shift
local swp3mac=$(mac_get $swp3)
local h3mac=$(mac_get $h3)
RET=0
mirror_install $swp1 $direction $tundev "matchall $tcflags"
tc qdisc add dev $h3 clsact
tc filter add dev $h3 ingress pref 77 prot $prot \
flower ip_proto 0x2f src_mac $swp3mac dst_mac $h3mac \
action pass
mirror_test v$h1 192.0.2.1 192.0.2.2 $h3 77 10
tc filter del dev $h3 ingress pref 77
tc qdisc del dev $h3 clsact
mirror_uninstall $swp1 $direction
log_test "$direction $what: envelope MAC ($tcflags)"
}
test_two_spans()
{
RET=0
mirror_install $swp1 ingress gt4 "matchall $tcflags"
mirror_install $swp1 egress gt6 "matchall $tcflags"
quick_test_span_gre_dir gt4 ingress
quick_test_span_gre_dir gt6 egress
mirror_uninstall $swp1 ingress
fail_test_span_gre_dir gt4 ingress
quick_test_span_gre_dir gt6 egress
mirror_install $swp1 ingress gt4 "matchall $tcflags"
mirror_uninstall $swp1 egress
quick_test_span_gre_dir gt4 ingress
fail_test_span_gre_dir gt6 egress
mirror_uninstall $swp1 ingress
log_test "two simultaneously configured mirrors ($tcflags)"
}
test_all()
{
slow_path_trap_install $swp1 ingress
slow_path_trap_install $swp1 egress
full_test_span_gre_dir gt4 ingress 8 0 "mirror to gretap"
full_test_span_gre_dir gt6 ingress 8 0 "mirror to ip6gretap"
full_test_span_gre_dir gt4 egress 0 8 "mirror to gretap"
full_test_span_gre_dir gt6 egress 0 8 "mirror to ip6gretap"
test_span_gre_mac gt4 ingress ip "mirror to gretap"
test_span_gre_mac gt6 ingress ipv6 "mirror to ip6gretap"
test_span_gre_mac gt4 egress ip "mirror to gretap"
test_span_gre_mac gt6 egress ipv6 "mirror to ip6gretap"
test_two_spans
slow_path_trap_uninstall $swp1 egress
slow_path_trap_uninstall $swp1 ingress
}
trap cleanup EXIT
setup_prepare
setup_wait
tcflags="skip_hw"
test_all
if ! tc_offload_check; then
echo "WARN: Could not test offloaded functionality"
else
tcflags="skip_sw"
test_all
fi
exit $EXIT_STATUS

View File

@ -0,0 +1,213 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# +---------------------+ +---------------------+
# | H1 | | H2 |
# | + $h1 | | $h2 + |
# | | 192.0.2.1/28 | | 192.0.2.2/28 | |
# +-----|---------------+ +---------------|-----+
# | |
# +-----|-------------------------------------------------------------|-----+
# | SW o--> mirror | |
# | +---|-------------------------------------------------------------|---+ |
# | | + $swp1 BR $swp2 + | |
# | +---------------------------------------------------------------------+ |
# | |
# | +---------------------------------------------------------------------+ |
# | | OL + gt6 (ip6gretap) + gt4 (gretap) | |
# | | : loc=2001:db8:2::1 : loc=192.0.2.129 | |
# | | : rem=2001:db8:2::2 : rem=192.0.2.130 | |
# | | : ttl=100 : ttl=100 | |
# | | : tos=inherit : tos=inherit | |
# | +-------------------------:--|-------------------:--|-----------------+ |
# | : | : | |
# | +-------------------------:--|-------------------:--|-----------------+ |
# | | UL : |,---------------------' | |
# | | + $swp3 : || : | |
# | | | 192.0.2.129/28 : vv : | |
# | | | 2001:db8:2::1/64 : + ul (dummy) : | |
# | +---|---------------------:----------------------:--------------------+ |
# +-----|---------------------:----------------------:----------------------+
# | : :
# +-----|---------------------:----------------------:----------------------+
# | H3 + $h3 + h3-gt6 (ip6gretap) + h3-gt4 (gretap) |
# | 192.0.2.130/28 loc=2001:db8:2::2 loc=192.0.2.130 |
# | 2001:db8:2::2/64 rem=2001:db8:2::1 rem=192.0.2.129 |
# | ttl=100 ttl=100 |
# | tos=inherit tos=inherit |
# | |
# +-------------------------------------------------------------------------+
#
# This tests mirroring to gretap and ip6gretap configured in an overlay /
# underlay manner, i.e. with a bound dummy device that marks underlay VRF where
# the encapsulated packed should be routed.
NUM_NETIFS=6
source lib.sh
source mirror_lib.sh
source mirror_gre_lib.sh
h1_create()
{
simple_if_init $h1 192.0.2.1/28
}
h1_destroy()
{
simple_if_fini $h1 192.0.2.1/28
}
h2_create()
{
simple_if_init $h2 192.0.2.2/28
}
h2_destroy()
{
simple_if_fini $h2 192.0.2.2/28
}
h3_create()
{
simple_if_init $h3 192.0.2.130/28 2001:db8:2::2/64
tunnel_create h3-gt4 gretap 192.0.2.130 192.0.2.129
ip link set h3-gt4 vrf v$h3
matchall_sink_create h3-gt4
tunnel_create h3-gt6 ip6gretap 2001:db8:2::2 2001:db8:2::1
ip link set h3-gt6 vrf v$h3
matchall_sink_create h3-gt6
}
h3_destroy()
{
tunnel_destroy h3-gt6
tunnel_destroy h3-gt4
simple_if_fini $h3 192.0.2.130/28 2001:db8:2::2/64
}
switch_create()
{
# Bridge between H1 and H2.
ip link add name br1 type bridge vlan_filtering 1
ip link set dev br1 up
ip link set dev $swp1 master br1
ip link set dev $swp1 up
ip link set dev $swp2 master br1
ip link set dev $swp2 up
tc qdisc add dev $swp1 clsact
# Underlay.
simple_if_init $swp3 192.0.2.129/28 2001:db8:2::1/64
ip link add name ul type dummy
ip link set dev ul master v$swp3
ip link set dev ul up
# Overlay.
vrf_create vrf-ol
ip link set dev vrf-ol up
tunnel_create gt4 gretap 192.0.2.129 192.0.2.130 \
ttl 100 tos inherit dev ul
ip link set dev gt4 master vrf-ol
ip link set dev gt4 up
tunnel_create gt6 ip6gretap 2001:db8:2::1 2001:db8:2::2 \
ttl 100 tos inherit dev ul allow-localremote
ip link set dev gt6 master vrf-ol
ip link set dev gt6 up
}
switch_destroy()
{
vrf_destroy vrf-ol
tunnel_destroy gt6
tunnel_destroy gt4
simple_if_fini $swp3 192.0.2.129/28 2001:db8:2::1/64
ip link del dev ul
tc qdisc del dev $swp1 clsact
ip link set dev $swp1 down
ip link set dev $swp2 down
ip link del dev br1
}
setup_prepare()
{
h1=${NETIFS[p1]}
swp1=${NETIFS[p2]}
swp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
swp3=${NETIFS[p5]}
h3=${NETIFS[p6]}
vrf_prepare
h1_create
h2_create
h3_create
switch_create
}
cleanup()
{
pre_cleanup
switch_destroy
h3_destroy
h2_destroy
h1_destroy
vrf_cleanup
}
test_all()
{
RET=0
slow_path_trap_install $swp1 ingress
slow_path_trap_install $swp1 egress
full_test_span_gre_dir gt4 ingress 8 0 "mirror to gretap w/ UL"
full_test_span_gre_dir gt6 ingress 8 0 "mirror to ip6gretap w/ UL"
full_test_span_gre_dir gt4 egress 0 8 "mirror to gretap w/ UL"
full_test_span_gre_dir gt6 egress 0 8 "mirror to ip6gretap w/ UL"
slow_path_trap_uninstall $swp1 egress
slow_path_trap_uninstall $swp1 ingress
}
trap cleanup EXIT
setup_prepare
setup_wait
tcflags="skip_hw"
test_all
if ! tc_offload_check; then
echo "WARN: Could not test offloaded functionality"
else
tcflags="skip_sw"
test_all
fi
exit $EXIT_STATUS

View File

@ -0,0 +1,194 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# This test uses standard topology for testing gretap. See
# mirror_gre_topo_lib.sh for more details.
#
# Test how mirrors to gretap and ip6gretap react to changes to relevant
# configuration.
NUM_NETIFS=6
source lib.sh
source mirror_lib.sh
source mirror_gre_lib.sh
source mirror_gre_topo_lib.sh
setup_prepare()
{
h1=${NETIFS[p1]}
swp1=${NETIFS[p2]}
swp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
swp3=${NETIFS[p5]}
h3=${NETIFS[p6]}
vrf_prepare
mirror_gre_topo_create
# This test downs $swp3, which deletes the configured IPv6 address
# unless this sysctl is set.
local key=net.ipv6.conf.$swp3.keep_addr_on_down
SWP3_KEEP_ADDR_ON_DOWN=$(sysctl -n $key)
sysctl -qw $key=1
ip address add dev $swp3 192.0.2.129/28
ip address add dev $h3 192.0.2.130/28
ip address add dev $swp3 2001:db8:2::1/64
ip address add dev $h3 2001:db8:2::2/64
}
cleanup()
{
pre_cleanup
ip address del dev $h3 2001:db8:2::2/64
ip address del dev $swp3 2001:db8:2::1/64
ip address del dev $h3 192.0.2.130/28
ip address del dev $swp3 192.0.2.129/28
local key=net.ipv6.conf.$swp3.keep_addr_on_down
sysctl -qw $key=$SWP3_KEEP_ADDR_ON_DOWN
mirror_gre_topo_destroy
vrf_cleanup
}
test_span_gre_ttl()
{
local tundev=$1; shift
local type=$1; shift
local prot=$1; shift
local what=$1; shift
RET=0
mirror_install $swp1 ingress $tundev "matchall $tcflags"
tc qdisc add dev $h3 clsact
tc filter add dev $h3 ingress pref 77 prot $prot \
flower ip_ttl 50 action pass
mirror_test v$h1 192.0.2.1 192.0.2.2 $h3 77 0
ip link set dev $tundev type $type ttl 50
mirror_test v$h1 192.0.2.1 192.0.2.2 $h3 77 10
ip link set dev $tundev type $type ttl 100
tc filter del dev $h3 ingress pref 77
tc qdisc del dev $h3 clsact
mirror_uninstall $swp1 ingress
log_test "$what: TTL change ($tcflags)"
}
test_span_gre_tun_up()
{
local tundev=$1; shift
local what=$1; shift
RET=0
ip link set dev $tundev down
mirror_install $swp1 ingress $tundev "matchall $tcflags"
fail_test_span_gre_dir $tundev ingress
ip link set dev $tundev up
quick_test_span_gre_dir $tundev ingress
mirror_uninstall $swp1 ingress
log_test "$what: tunnel down/up ($tcflags)"
}
test_span_gre_egress_up()
{
local tundev=$1; shift
local remote_ip=$1; shift
local what=$1; shift
RET=0
ip link set dev $swp3 down
mirror_install $swp1 ingress $tundev "matchall $tcflags"
fail_test_span_gre_dir $tundev ingress
# After setting the device up, wait for neighbor to get resolved so that
# we can expect mirroring to work.
ip link set dev $swp3 up
while true; do
ip neigh sh dev $swp3 $remote_ip nud reachable |
grep -q ^
if [[ $? -ne 0 ]]; then
sleep 1
else
break
fi
done
quick_test_span_gre_dir $tundev ingress
mirror_uninstall $swp1 ingress
log_test "$what: egress down/up ($tcflags)"
}
test_span_gre_remote_ip()
{
local tundev=$1; shift
local type=$1; shift
local correct_ip=$1; shift
local wrong_ip=$1; shift
local what=$1; shift
RET=0
ip link set dev $tundev type $type remote $wrong_ip
mirror_install $swp1 ingress $tundev "matchall $tcflags"
fail_test_span_gre_dir $tundev ingress
ip link set dev $tundev type $type remote $correct_ip
quick_test_span_gre_dir $tundev ingress
mirror_uninstall $swp1 ingress
log_test "$what: remote address change ($tcflags)"
}
test_all()
{
slow_path_trap_install $swp1 ingress
slow_path_trap_install $swp1 egress
test_span_gre_ttl gt4 gretap ip "mirror to gretap"
test_span_gre_ttl gt6 ip6gretap ipv6 "mirror to ip6gretap"
test_span_gre_tun_up gt4 "mirror to gretap"
test_span_gre_tun_up gt6 "mirror to ip6gretap"
test_span_gre_egress_up gt4 192.0.2.130 "mirror to gretap"
test_span_gre_egress_up gt6 2001:db8:2::2 "mirror to ip6gretap"
test_span_gre_remote_ip gt4 gretap 192.0.2.130 192.0.2.132 "mirror to gretap"
test_span_gre_remote_ip gt6 ip6gretap 2001:db8:2::2 2001:db8:2::4 "mirror to ip6gretap"
slow_path_trap_uninstall $swp1 egress
slow_path_trap_uninstall $swp1 ingress
}
trap cleanup EXIT
setup_prepare
setup_wait
tcflags="skip_hw"
test_all
if ! tc_offload_check; then
echo "WARN: Could not test offloaded functionality"
else
tcflags="skip_sw"
test_all
fi
exit $EXIT_STATUS

View File

@ -0,0 +1,116 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# This test uses standard topology for testing gretap. See
# mirror_gre_topo_lib.sh for more details.
#
# This tests flower-triggered mirroring to gretap and ip6gretap netdevices. The
# interfaces on H1 and H2 have two addresses each. Flower match on one of the
# addresses is configured with mirror action. It is expected that when pinging
# this address, mirroring takes place, whereas when pinging the other one,
# there's no mirroring.
NUM_NETIFS=6
source lib.sh
source mirror_lib.sh
source mirror_gre_lib.sh
source mirror_gre_topo_lib.sh
setup_prepare()
{
h1=${NETIFS[p1]}
swp1=${NETIFS[p2]}
swp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
swp3=${NETIFS[p5]}
h3=${NETIFS[p6]}
vrf_prepare
mirror_gre_topo_create
ip address add dev $swp3 192.0.2.129/28
ip address add dev $h3 192.0.2.130/28
ip address add dev $swp3 2001:db8:2::1/64
ip address add dev $h3 2001:db8:2::2/64
ip address add dev $h1 192.0.2.3/28
ip address add dev $h2 192.0.2.4/28
}
cleanup()
{
pre_cleanup
ip address del dev $h2 192.0.2.4/28
ip address del dev $h1 192.0.2.3/28
ip address del dev $h3 2001:db8:2::2/64
ip address del dev $swp3 2001:db8:2::1/64
ip address del dev $h3 192.0.2.130/28
ip address del dev $swp3 192.0.2.129/28
mirror_gre_topo_destroy
vrf_cleanup
}
test_span_gre_dir_acl()
{
test_span_gre_dir_ips "$@" 192.0.2.3 192.0.2.4
}
full_test_span_gre_dir_acl()
{
local tundev=$1; shift
local direction=$1; shift
local forward_type=$1; shift
local backward_type=$1; shift
local match_dip=$1; shift
local what=$1; shift
mirror_install $swp1 $direction $tundev \
"protocol ip flower $tcflags dst_ip $match_dip"
fail_test_span_gre_dir $tundev $direction
test_span_gre_dir_acl "$tundev" "$direction" \
"$forward_type" "$backward_type"
mirror_uninstall $swp1 $direction
log_test "$direction $what ($tcflags)"
}
test_all()
{
RET=0
slow_path_trap_install $swp1 ingress
slow_path_trap_install $swp1 egress
full_test_span_gre_dir_acl gt4 ingress 8 0 192.0.2.4 "ACL mirror to gretap"
full_test_span_gre_dir_acl gt6 ingress 8 0 192.0.2.4 "ACL mirror to ip6gretap"
full_test_span_gre_dir_acl gt4 egress 0 8 192.0.2.3 "ACL mirror to gretap"
full_test_span_gre_dir_acl gt6 egress 0 8 192.0.2.3 "ACL mirror to ip6gretap"
slow_path_trap_uninstall $swp1 egress
slow_path_trap_uninstall $swp1 ingress
}
trap cleanup EXIT
setup_prepare
setup_wait
tcflags="skip_hw"
test_all
if ! tc_offload_check; then
echo "WARN: Could not test offloaded functionality"
else
tcflags="skip_sw"
test_all
fi
exit $EXIT_STATUS

View File

@ -0,0 +1,85 @@
# SPDX-License-Identifier: GPL-2.0
do_test_span_gre_dir_ips()
{
local expect=$1; shift
local tundev=$1; shift
local direction=$1; shift
local ip1=$1; shift
local ip2=$1; shift
icmp_capture_install h3-$tundev
mirror_test v$h1 $ip1 $ip2 h3-$tundev 100 $expect
mirror_test v$h2 $ip2 $ip1 h3-$tundev 100 $expect
icmp_capture_uninstall h3-$tundev
}
quick_test_span_gre_dir_ips()
{
do_test_span_gre_dir_ips 10 "$@"
}
fail_test_span_gre_dir_ips()
{
do_test_span_gre_dir_ips 0 "$@"
}
test_span_gre_dir_ips()
{
local tundev=$1; shift
local direction=$1; shift
local forward_type=$1; shift
local backward_type=$1; shift
local ip1=$1; shift
local ip2=$1; shift
quick_test_span_gre_dir_ips "$tundev" "$direction" "$ip1" "$ip2"
icmp_capture_install h3-$tundev "type $forward_type"
mirror_test v$h1 $ip1 $ip2 h3-$tundev 100 10
icmp_capture_uninstall h3-$tundev
icmp_capture_install h3-$tundev "type $backward_type"
mirror_test v$h2 $ip2 $ip1 h3-$tundev 100 10
icmp_capture_uninstall h3-$tundev
}
full_test_span_gre_dir_ips()
{
local tundev=$1; shift
local direction=$1; shift
local forward_type=$1; shift
local backward_type=$1; shift
local what=$1; shift
local ip1=$1; shift
local ip2=$1; shift
RET=0
mirror_install $swp1 $direction $tundev "matchall $tcflags"
test_span_gre_dir_ips "$tundev" "$direction" "$forward_type" \
"$backward_type" "$ip1" "$ip2"
mirror_uninstall $swp1 $direction
log_test "$direction $what ($tcflags)"
}
quick_test_span_gre_dir()
{
quick_test_span_gre_dir_ips "$@" 192.0.2.1 192.0.2.2
}
fail_test_span_gre_dir()
{
fail_test_span_gre_dir_ips "$@" 192.0.2.1 192.0.2.2
}
test_span_gre_dir()
{
test_span_gre_dir_ips "$@" 192.0.2.1 192.0.2.2
}
full_test_span_gre_dir()
{
full_test_span_gre_dir_ips "$@" 192.0.2.1 192.0.2.2
}

View File

@ -0,0 +1,101 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# This test uses standard topology for testing gretap. See
# mirror_gre_topo_lib.sh for more details.
#
# Test for mirroring to gretap and ip6gretap, such that the neighbor entry for
# the tunnel remote address has invalid address at the time that the mirroring
# is set up. Later on, the neighbor is deleted and it is expected to be
# reinitialized using the usual ARP process, and the mirroring offload updated.
NUM_NETIFS=6
source lib.sh
source mirror_lib.sh
source mirror_gre_lib.sh
source mirror_gre_topo_lib.sh
setup_prepare()
{
h1=${NETIFS[p1]}
swp1=${NETIFS[p2]}
swp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
swp3=${NETIFS[p5]}
h3=${NETIFS[p6]}
vrf_prepare
mirror_gre_topo_create
ip address add dev $swp3 192.0.2.129/28
ip address add dev $h3 192.0.2.130/28
ip address add dev $swp3 2001:db8:2::1/64
ip address add dev $h3 2001:db8:2::2/64
}
cleanup()
{
pre_cleanup
ip address del dev $h3 2001:db8:2::2/64
ip address del dev $swp3 2001:db8:2::1/64
ip address del dev $h3 192.0.2.130/28
ip address del dev $swp3 192.0.2.129/28
mirror_gre_topo_destroy
vrf_cleanup
}
test_span_gre_neigh()
{
local addr=$1; shift
local tundev=$1; shift
local direction=$1; shift
local what=$1; shift
RET=0
ip neigh replace dev $swp3 $addr lladdr 00:11:22:33:44:55
mirror_install $swp1 $direction $tundev "matchall $tcflags"
fail_test_span_gre_dir $tundev ingress
ip neigh del dev $swp3 $addr
quick_test_span_gre_dir $tundev ingress
mirror_uninstall $swp1 $direction
log_test "$direction $what: neighbor change ($tcflags)"
}
test_all()
{
slow_path_trap_install $swp1 ingress
slow_path_trap_install $swp1 egress
test_span_gre_neigh 192.0.2.130 gt4 ingress "mirror to gretap"
test_span_gre_neigh 192.0.2.130 gt4 egress "mirror to gretap"
test_span_gre_neigh 2001:db8:2::2 gt6 ingress "mirror to ip6gretap"
test_span_gre_neigh 2001:db8:2::2 gt6 egress "mirror to ip6gretap"
slow_path_trap_uninstall $swp1 egress
slow_path_trap_uninstall $swp1 ingress
}
trap cleanup EXIT
setup_prepare
setup_wait
tcflags="skip_hw"
test_all
if ! tc_offload_check; then
echo "WARN: Could not test offloaded functionality"
else
tcflags="skip_sw"
test_all
fi
exit $EXIT_STATUS

View File

@ -0,0 +1,117 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# This test uses standard topology for testing gretap. See
# mirror_gre_topo_lib.sh for more details.
#
# Test that gretap and ip6gretap mirroring works when the other tunnel endpoint
# is reachable through a next-hop route (as opposed to directly-attached route).
NUM_NETIFS=6
source lib.sh
source mirror_lib.sh
source mirror_gre_lib.sh
source mirror_gre_topo_lib.sh
setup_prepare()
{
h1=${NETIFS[p1]}
swp1=${NETIFS[p2]}
swp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
swp3=${NETIFS[p5]}
h3=${NETIFS[p6]}
vrf_prepare
mirror_gre_topo_create
ip address add dev $swp3 192.0.2.161/28
ip address add dev $h3 192.0.2.162/28
ip address add dev gt4 192.0.2.129/32
ip address add dev h3-gt4 192.0.2.130/32
# IPv6 route can't be added after address. Such routes are rejected due
# to the gateway address having been configured on the local system. It
# works the other way around though.
ip address add dev $swp3 2001:db8:4::1/64
ip -6 route add 2001:db8:2::2/128 via 2001:db8:4::2
ip address add dev $h3 2001:db8:4::2/64
ip address add dev gt6 2001:db8:2::1
ip address add dev h3-gt6 2001:db8:2::2
}
cleanup()
{
pre_cleanup
ip -6 route del 2001:db8:2::2/128 via 2001:db8:4::2
ip address del dev $h3 2001:db8:4::2/64
ip address del dev $swp3 2001:db8:4::1/64
ip address del dev $h3 192.0.2.162/28
ip address del dev $swp3 192.0.2.161/28
mirror_gre_topo_destroy
vrf_cleanup
}
test_gretap()
{
RET=0
mirror_install $swp1 ingress gt4 "matchall $tcflags"
# For IPv4, test that there's no mirroring without the route directing
# the traffic to tunnel remote address. Then add it and test that
# mirroring starts. For IPv6 we can't test this due to the limitation
# that routes for locally-specified IPv6 addresses can't be added.
fail_test_span_gre_dir gt4 ingress
ip route add 192.0.2.130/32 via 192.0.2.162
quick_test_span_gre_dir gt4 ingress
ip route del 192.0.2.130/32 via 192.0.2.162
mirror_uninstall $swp1 ingress
log_test "mirror to gre with next-hop remote ($tcflags)"
}
test_ip6gretap()
{
RET=0
mirror_install $swp1 ingress gt6 "matchall $tcflags"
quick_test_span_gre_dir gt6 ingress
mirror_uninstall $swp1 ingress
log_test "mirror to ip6gre with next-hop remote ($tcflags)"
}
test_all()
{
slow_path_trap_install $swp1 ingress
slow_path_trap_install $swp1 egress
test_gretap
test_ip6gretap
slow_path_trap_uninstall $swp1 egress
slow_path_trap_uninstall $swp1 ingress
}
trap cleanup EXIT
setup_prepare
setup_wait
tcflags="skip_hw"
test_all
if ! tc_offload_check; then
echo "WARN: Could not test offloaded functionality"
else
tcflags="skip_sw"
test_all
fi
exit $EXIT_STATUS

View File

@ -0,0 +1,129 @@
# SPDX-License-Identifier: GPL-2.0
# This is the standard topology for testing mirroring to gretap and ip6gretap
# netdevices. The tests that use it tweak it in one way or another--importantly,
# $swp3 and $h3 need to have addresses set up.
#
# +---------------------+ +---------------------+
# | H1 | | H2 |
# | + $h1 | | $h2 + |
# | | 192.0.2.1/28 | | 192.0.2.2/28 | |
# +-----|---------------+ +---------------|-----+
# | |
# +-----|-------------------------------------------------------------|-----+
# | SW o--> mirror | |
# | +---|-------------------------------------------------------------|---+ |
# | | + $swp1 BR $swp2 + | |
# | +---------------------------------------------------------------------+ |
# | |
# | + $swp3 + gt6 (ip6gretap) + gt4 (gretap) |
# | | : loc=2001:db8:2::1 : loc=192.0.2.129 |
# | | : rem=2001:db8:2::2 : rem=192.0.2.130 |
# | | : ttl=100 : ttl=100 |
# | | : tos=inherit : tos=inherit |
# | | : : |
# +-----|---------------------:----------------------:----------------------+
# | : :
# +-----|---------------------:----------------------:----------------------+
# | H3 + $h3 + h3-gt6 (ip6gretap) + h3-gt4 (gretap) |
# | loc=2001:db8:2::2 loc=192.0.2.130 |
# | rem=2001:db8:2::1 rem=192.0.2.129 |
# | ttl=100 ttl=100 |
# | tos=inherit tos=inherit |
# | |
# +-------------------------------------------------------------------------+
mirror_gre_topo_h1_create()
{
simple_if_init $h1 192.0.2.1/28
}
mirror_gre_topo_h1_destroy()
{
simple_if_fini $h1 192.0.2.1/28
}
mirror_gre_topo_h2_create()
{
simple_if_init $h2 192.0.2.2/28
}
mirror_gre_topo_h2_destroy()
{
simple_if_fini $h2 192.0.2.2/28
}
mirror_gre_topo_h3_create()
{
simple_if_init $h3
tunnel_create h3-gt4 gretap 192.0.2.130 192.0.2.129
ip link set h3-gt4 vrf v$h3
matchall_sink_create h3-gt4
tunnel_create h3-gt6 ip6gretap 2001:db8:2::2 2001:db8:2::1
ip link set h3-gt6 vrf v$h3
matchall_sink_create h3-gt6
}
mirror_gre_topo_h3_destroy()
{
tunnel_destroy h3-gt6
tunnel_destroy h3-gt4
simple_if_fini $h3
}
mirror_gre_topo_switch_create()
{
ip link set dev $swp3 up
ip link add name br1 type bridge vlan_filtering 1
ip link set dev br1 up
ip link set dev $swp1 master br1
ip link set dev $swp1 up
ip link set dev $swp2 master br1
ip link set dev $swp2 up
tunnel_create gt4 gretap 192.0.2.129 192.0.2.130 \
ttl 100 tos inherit
tunnel_create gt6 ip6gretap 2001:db8:2::1 2001:db8:2::2 \
ttl 100 tos inherit allow-localremote
tc qdisc add dev $swp1 clsact
}
mirror_gre_topo_switch_destroy()
{
tc qdisc del dev $swp1 clsact
tunnel_destroy gt6
tunnel_destroy gt4
ip link set dev $swp1 down
ip link set dev $swp2 down
ip link del dev br1
ip link set dev $swp3 down
}
mirror_gre_topo_create()
{
mirror_gre_topo_h1_create
mirror_gre_topo_h2_create
mirror_gre_topo_h3_create
mirror_gre_topo_switch_create
}
mirror_gre_topo_destroy()
{
mirror_gre_topo_switch_destroy
mirror_gre_topo_h3_destroy
mirror_gre_topo_h2_destroy
mirror_gre_topo_h1_destroy
}

View File

@ -0,0 +1,40 @@
# SPDX-License-Identifier: GPL-2.0
mirror_install()
{
local from_dev=$1; shift
local direction=$1; shift
local to_dev=$1; shift
local filter=$1; shift
tc filter add dev $from_dev $direction \
pref 1000 $filter \
action mirred egress mirror dev $to_dev
}
mirror_uninstall()
{
local from_dev=$1; shift
local direction=$1; shift
tc filter del dev $swp1 $direction pref 1000
}
mirror_test()
{
local vrf_name=$1; shift
local sip=$1; shift
local dip=$1; shift
local dev=$1; shift
local pref=$1; shift
local expect=$1; shift
local t0=$(tc_rule_stats_get $dev $pref)
ip vrf exec $vrf_name \
${PING} ${sip:+-I $sip} $dip -c 10 -i 0.1 -w 2 &> /dev/null
local t1=$(tc_rule_stats_get $dev $pref)
local delta=$((t1 - t0))
# Tolerate a couple stray extra packets.
((expect <= delta && delta <= expect + 2))
check_err $? "Expected to capture $expect packets, got $delta."
}