2 # SPDX-License-Identifier: GPL-2.0
4 ##############################################################################
7 # Can be overridden by the configuration file.
11 ARPING=${ARPING:=arping}
13 WAIT_TIME=${WAIT_TIME:=5}
14 PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
15 PAUSE_ON_CLEANUP=${PAUSE_ON_CLEANUP:=no}
16 NETIF_TYPE=${NETIF_TYPE:=veth}
17 NETIF_CREATE=${NETIF_CREATE:=yes}
19 relative_path="${BASH_SOURCE%/*}"
20 if [[ "$relative_path" == "${BASH_SOURCE}" ]]; then
24 if [[ -f $relative_path/forwarding.config ]]; then
25 source "$relative_path/forwarding.config"
28 ##############################################################################
34 if [[ $? -ne 0 ]]; then
35 echo "SKIP: iproute2 too old; tc is missing JSON support"
40 check_tc_shblock_support()
42 tc filter help 2>&1 | grep block &> /dev/null
43 if [[ $? -ne 0 ]]; then
44 echo "SKIP: iproute2 too old; tc is missing shared block support"
49 check_tc_chain_support()
51 tc help 2>&1|grep chain &> /dev/null
52 if [[ $? -ne 0 ]]; then
53 echo "SKIP: iproute2 too old; tc is missing chain support"
58 if [[ "$(id -u)" -ne 0 ]]; then
59 echo "SKIP: need root privileges"
63 if [[ "$CHECK_TC" = "yes" ]]; then
71 if [[ ! -x "$(command -v "$cmd")" ]]; then
72 echo "SKIP: $cmd not installed"
80 if [[ ! -v NUM_NETIFS ]]; then
81 echo "SKIP: importer does not define \"NUM_NETIFS\""
85 ##############################################################################
86 # Command line options handling
90 while [[ $# -gt 0 ]]; do
91 if [[ "$count" -eq "0" ]]; then
100 ##############################################################################
101 # Network interfaces configuration
107 for i in $(eval echo {1..$NUM_NETIFS}); do
110 ip link show dev ${NETIFS[p$i]} &> /dev/null
111 if [[ $? -ne 0 ]]; then
112 ip link add ${NETIFS[p$i]} type veth \
113 peer name ${NETIFS[p$j]}
114 if [[ $? -ne 0 ]]; then
115 echo "Failed to create netif"
125 case "$NETIF_TYPE" in
126 veth) create_netif_veth
128 *) echo "Can not create interfaces of type \'$NETIF_TYPE\'"
134 if [[ "$NETIF_CREATE" = "yes" ]]; then
138 for i in $(eval echo {1..$NUM_NETIFS}); do
139 ip link show dev ${NETIFS[p$i]} &> /dev/null
140 if [[ $? -ne 0 ]]; then
141 echo "SKIP: could not find all required interfaces"
146 ##############################################################################
149 # Exit status to return at the end. Set in case one of the tests fails.
151 # Per-test return value. Clear at the beginning of each test.
159 if [[ $RET -eq 0 && $err -ne 0 ]]; then
170 if [[ $RET -eq 0 && $err -eq 0 ]]; then
178 local should_fail=$1; shift
182 if ((should_fail)); then
183 check_fail $err "$what succeeded, but should have failed"
185 check_err $err "$what failed"
194 if [[ $# -eq 2 ]]; then
198 if [[ $RET -ne 0 ]]; then
200 printf "TEST: %-60s [FAIL]\n" "$test_name $opt_str"
201 if [[ ! -z "$retmsg" ]]; then
202 printf "\t%s\n" "$retmsg"
204 if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
205 echo "Hit enter to continue, 'q' to quit"
207 [ "$a" = "q" ] && exit 1
212 printf "TEST: %-60s [PASS]\n" "$test_name $opt_str"
228 ip link show dev $dev up \
229 | grep 'state UP' &> /dev/null
230 if [[ $? -ne 0 ]]; then
240 local num_netifs=${1:-$NUM_NETIFS}
242 for ((i = 1; i <= num_netifs; ++i)); do
243 setup_wait_dev ${NETIFS[p$i]}
246 # Make sure links are ready.
250 lldpad_app_wait_set()
254 while lldptool -t -i $dev -V APP -c app | grep -Eq "pending|unknown"; do
255 echo "$dev: waiting for lldpad to push pending APP updates"
260 lldpad_app_wait_del()
262 # Give lldpad a chance to push down the changes. If the device is downed
263 # too soon, the updates will be left pending. However, they will have
264 # been struck off the lldpad's DB already, so we won't be able to tell
265 # they are pending. Then on next test iteration this would cause
266 # weirdness as newly-added APP rules conflict with the old ones,
267 # sometimes getting stuck in an "unknown" state.
273 if [ "${PAUSE_ON_CLEANUP}" = "yes" ]; then
274 echo "Pausing before cleanup, hit any key to continue"
281 ip -4 rule add pref 32765 table local
282 ip -4 rule del pref 0
283 ip -6 rule add pref 32765 table local
284 ip -6 rule del pref 0
289 ip -6 rule add pref 0 table local
290 ip -6 rule del pref 32765
291 ip -4 rule add pref 0 table local
292 ip -4 rule del pref 32765
302 __last_tb_id=$((__last_tb_id + 1))
303 __TB_IDS[$vrf_name]=$__last_tb_id
311 return ${__TB_IDS[$vrf_name]}
319 __vrf_td_id_assign $vrf_name
322 ip link add dev $vrf_name type vrf table $tb_id
323 ip -4 route add table $tb_id unreachable default metric 4278198272
324 ip -6 route add table $tb_id unreachable default metric 4278198272
332 __vrf_td_id_lookup $vrf_name
335 ip -6 route del table $tb_id unreachable default metric 4278198272
336 ip -4 route del table $tb_id unreachable default metric 4278198272
337 ip link del dev $vrf_name
350 for addrstr in "${array[@]}"; do
351 ip address $add_del $addrstr dev $if_name
357 local if_name=$1; shift
358 local vrf_name=$1; shift
361 ip link set dev $if_name master $vrf_name
362 ip link set dev $if_name up
364 __addr_add_del $if_name add "${addrs[@]}"
369 local if_name=$1; shift
372 __addr_add_del $if_name del "${addrs[@]}"
374 ip link set dev $if_name down
375 ip link set dev $if_name nomaster
389 ip link set dev $vrf_name up
390 __simple_if_init $if_name $vrf_name "${array[@]}"
403 __simple_if_fini $if_name "${array[@]}"
404 vrf_destroy $vrf_name
411 local local=$1; shift
412 local remote=$1; shift
414 ip link add name $name type $type \
415 local $local remote $remote "$@"
416 ip link set dev $name up
423 ip link del dev $name
428 local if_name=$1; shift
432 local name=$if_name.$vid
434 ip link add name $name link $if_name type vlan id $vid
435 if [ "$vrf" != "" ]; then
436 ip link set dev $name master $vrf
438 ip link set dev $name up
439 __addr_add_del $name add "${ips[@]}"
444 local if_name=$1; shift
446 local name=$if_name.$vid
448 ip link del dev $name
453 local if_name=$1; shift
456 require_command $TEAMD
457 $TEAMD -t $if_name -d -c '{"runner": {"name": "'$mode'"}}'
458 for slave in "$@"; do
459 ip link set dev $slave down
460 ip link set dev $slave master $if_name
461 ip link set dev $slave up
463 ip link set dev $if_name up
468 local if_name=$1; shift
470 $TEAMD -t $if_name -k
477 ip -j link show dev $if_name | jq -r '.[]["master"]'
480 link_stats_tx_packets_get()
484 ip -j -s link show dev $if_name | jq '.[]["stats64"]["tx"]["packets"]'
493 tc -j -s filter show dev $dev ${dir:-ingress} pref $pref \
494 | jq '.[1].options.actions[].stats.packets'
502 ethtool -S $dev | grep "^ *$stat:" | head -n 1 | cut -d: -f2
509 ip -j link show dev $if_name | jq -r '.[]["address"]'
512 bridge_ageing_time_get()
517 # Need to divide by 100 to convert to seconds.
518 ageing_time=$(ip -j -d link show dev $bridge \
519 | jq '.[]["linkinfo"]["info_data"]["ageing_time"]')
520 echo $((ageing_time / 100))
523 declare -A SYSCTL_ORIG
527 local value=$1; shift
529 SYSCTL_ORIG[$key]=$(sysctl -n $key)
530 sysctl -qw $key=$value
537 sysctl -qw $key=${SYSCTL_ORIG["$key"]}
542 sysctl_set net.ipv4.conf.all.forwarding 1
543 sysctl_set net.ipv6.conf.all.forwarding 1
548 sysctl_restore net.ipv6.conf.all.forwarding
549 sysctl_restore net.ipv4.conf.all.forwarding
558 MTU_ORIG["$dev"]=$(ip -j link show dev $dev | jq -e '.[].mtu')
559 ip link set dev $dev mtu $mtu
566 ip link set dev $dev mtu ${MTU_ORIG["$dev"]}
571 local num_netifs=${1:-$NUM_NETIFS}
573 for ((i = 1; i <= num_netifs; ++i)); do
574 ethtool -k ${NETIFS[p$i]} \
575 | grep "hw-tc-offload: on" &> /dev/null
576 if [[ $? -ne 0 ]]; then
587 local direction=$1; shift
589 # Some devices may not support or need in-hardware trapping of traffic
590 # (e.g. the veth pairs that this library creates for non-existent
591 # loopbacks). Use continue instead, so that there is a filter in there
592 # (some tests check counters), and so that other filters are still
594 tc filter add dev $dev $direction pref 1 \
595 flower skip_sw action trap 2>/dev/null \
596 || tc filter add dev $dev $direction pref 1 \
597 flower action continue
603 local direction=$1; shift
605 tc filter del dev $dev $direction pref 1 flower
608 slow_path_trap_install()
610 # For slow-path testing, we need to install a trap to get to
611 # slow path the packets that would otherwise be switched in HW.
612 if [ "${tcflags/skip_hw}" != "$tcflags" ]; then
617 slow_path_trap_uninstall()
619 if [ "${tcflags/skip_hw}" != "$tcflags" ]; then
624 __icmp_capture_add_del()
626 local add_del=$1; shift
629 local tundev=$1; shift
630 local filter=$1; shift
632 tc filter $add_del dev "$tundev" ingress \
633 proto ip$vsuf pref $pref \
634 flower ip_proto icmp$vsuf $filter \
638 icmp_capture_install()
640 __icmp_capture_add_del add 100 "" "$@"
643 icmp_capture_uninstall()
645 __icmp_capture_add_del del 100 "" "$@"
648 icmp6_capture_install()
650 __icmp_capture_add_del add 100 v6 "$@"
653 icmp6_capture_uninstall()
655 __icmp_capture_add_del del 100 v6 "$@"
658 __vlan_capture_add_del()
660 local add_del=$1; shift
663 local filter=$1; shift
665 tc filter $add_del dev "$dev" ingress \
666 proto 802.1q pref $pref \
671 vlan_capture_install()
673 __vlan_capture_add_del add 100 "$@"
676 vlan_capture_uninstall()
678 __vlan_capture_add_del del 100 "$@"
681 __dscp_capture_add_del()
683 local add_del=$1; shift
688 for prio in {0..7}; do
689 dscp=$((base + prio))
690 __icmp_capture_add_del $add_del $((dscp + 100)) "" $dev \
691 "skip_hw ip_tos $((dscp << 2))"
695 dscp_capture_install()
700 __dscp_capture_add_del add $dev $base
703 dscp_capture_uninstall()
708 __dscp_capture_add_del del $dev $base
716 for prio in {0..7}; do
717 local dscp=$((base + prio))
718 local t=$(tc_rule_stats_get $dev $((dscp + 100)))
723 matchall_sink_create()
727 tc qdisc add dev $dev clsact
728 tc filter add dev $dev ingress \
738 for current_test in ${TESTS:-$ALL_TESTS}; do
748 local packets_rp12=$4
749 local packets_rp13=$5
750 local weights_ratio packets_ratio diff
754 if [[ "$weight_rp12" -gt "$weight_rp13" ]]; then
755 weights_ratio=$(echo "scale=2; $weight_rp12 / $weight_rp13" \
758 weights_ratio=$(echo "scale=2; $weight_rp13 / $weight_rp12" \
762 if [[ "$packets_rp12" -eq "0" || "$packets_rp13" -eq "0" ]]; then
763 check_err 1 "Packet difference is 0"
765 log_info "Expected ratio $weights_ratio"
769 if [[ "$weight_rp12" -gt "$weight_rp13" ]]; then
770 packets_ratio=$(echo "scale=2; $packets_rp12 / $packets_rp13" \
773 packets_ratio=$(echo "scale=2; $packets_rp13 / $packets_rp12" \
777 diff=$(echo $weights_ratio - $packets_ratio | bc -l)
780 test "$(echo "$diff / $weights_ratio > 0.15" | bc -l)" -eq 0
781 check_err $? "Too large discrepancy between expected and measured ratios"
783 log_info "Expected ratio $weights_ratio Measured ratio $packets_ratio"
786 ##############################################################################
795 vrf_name=$(master_name_get $if_name)
796 ip vrf exec $vrf_name $PING $dip -c 10 -i 0.1 -w 2 &> /dev/null
814 vrf_name=$(master_name_get $if_name)
815 ip vrf exec $vrf_name $PING6 $dip -c 10 -i 0.1 -w 2 &> /dev/null
830 local br_port1=$2 # Connected to `host1_if`.
833 local mac=de:ad:be:ef:13:37
838 bridge -j fdb show br $bridge brport $br_port1 \
839 | jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
840 check_fail $? "Found FDB record when should not"
842 # Disable unknown unicast flooding on `br_port1` to make sure
843 # packets are only forwarded through the port after a matching
844 # FDB entry was installed.
845 bridge link set dev $br_port1 flood off
847 tc qdisc add dev $host1_if ingress
848 tc filter add dev $host1_if ingress protocol ip pref 1 handle 101 \
849 flower dst_mac $mac action drop
851 $MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
854 tc -j -s filter show dev $host1_if ingress \
855 | jq -e ".[] | select(.options.handle == 101) \
856 | select(.options.actions[0].stats.packets == 1)" &> /dev/null
857 check_fail $? "Packet reached second host when should not"
859 $MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
862 bridge -j fdb show br $bridge brport $br_port1 \
863 | jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
864 check_err $? "Did not find FDB record when should"
866 $MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
869 tc -j -s filter show dev $host1_if ingress \
870 | jq -e ".[] | select(.options.handle == 101) \
871 | select(.options.actions[0].stats.packets == 1)" &> /dev/null
872 check_err $? "Packet did not reach second host when should"
874 # Wait for 10 seconds after the ageing time to make sure FDB
875 # record was aged-out.
876 ageing_time=$(bridge_ageing_time_get $bridge)
877 sleep $((ageing_time + 10))
879 bridge -j fdb show br $bridge brport $br_port1 \
880 | jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
881 check_fail $? "Found FDB record when should not"
883 bridge link set dev $br_port1 learning off
885 $MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
888 bridge -j fdb show br $bridge brport $br_port1 \
889 | jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
890 check_fail $? "Found FDB record when should not"
892 bridge link set dev $br_port1 learning on
894 tc filter del dev $host1_if ingress protocol ip pref 1 handle 101 flower
895 tc qdisc del dev $host1_if ingress
897 bridge link set dev $br_port1 flood on
899 log_test "FDB learning"
904 local should_flood=$1
911 # Add an ACL on `host2_if` which will tell us whether the packet
912 # was flooded to it or not.
913 tc qdisc add dev $host2_if ingress
914 tc filter add dev $host2_if ingress protocol ip pref 1 handle 101 \
915 flower dst_mac $mac action drop
917 $MZ $host1_if -c 1 -p 64 -b $mac -B $ip -t ip -q
920 tc -j -s filter show dev $host2_if ingress \
921 | jq -e ".[] | select(.options.handle == 101) \
922 | select(.options.actions[0].stats.packets == 1)" &> /dev/null
923 if [[ $? -ne 0 && $should_flood == "true" || \
924 $? -eq 0 && $should_flood == "false" ]]; then
928 tc filter del dev $host2_if ingress protocol ip pref 1 handle 101 flower
929 tc qdisc del dev $host2_if ingress
939 local mac=de:ad:be:ef:13:37
944 bridge link set dev $br_port flood off
946 flood_test_do false $mac $ip $host1_if $host2_if
947 check_err $? "Packet flooded when should not"
949 bridge link set dev $br_port flood on
951 flood_test_do true $mac $ip $host1_if $host2_if
952 check_err $? "Packet was not flooded when should"
954 log_test "Unknown unicast flood"
957 flood_multicast_test()
962 local mac=01:00:5e:00:00:01
967 bridge link set dev $br_port mcast_flood off
969 flood_test_do false $mac $ip $host1_if $host2_if
970 check_err $? "Packet flooded when should not"
972 bridge link set dev $br_port mcast_flood on
974 flood_test_do true $mac $ip $host1_if $host2_if
975 check_err $? "Packet was not flooded when should"
977 log_test "Unregistered multicast flood"
982 # `br_port` is connected to `host2_if`
987 flood_unicast_test $br_port $host1_if $host2_if
988 flood_multicast_test $br_port $host1_if $host2_if