#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# This test is for checking bridge neighbor suppression functionality. The
# topology consists of two bridges (VTEPs) connected using VXLAN. A single
# host is connected to each bridge over multiple VLANs. The test checks that
# ARP/NS messages from the first host are suppressed on the VXLAN port when
# should.
#
# +-----------------------+ +------------------------+
# | h1 | | h2 |
# | | | |
# | + eth0.10 | | + eth0.10 |
# | | 192.0.2.1/28 | | | 192.0.2.2/28 |
# | | 2001:db8:1::1/64 | | | 2001:db8:1::2/64 |
# | | | | | |
# | | + eth0.20 | | | + eth0.20 |
# | \ | 192.0.2.17/28 | | \ | 192.0.2.18/28 |
# | \ | 2001:db8:2::1/64 | | \ | 2001:db8:2::2/64 |
# | \| | | \| |
# | + eth0 | | + eth0 |
# +----|------------------+ +----|-------------------+
# | |
# | |
# +----|-------------------------------+ +----|-------------------------------+
# | + swp1 + vx0 | | + swp1 + vx0 |
# | | | | | | | |
# | | br0 | | | | | |
# | +------------+-----------+ | | +------------+-----------+ |
# | | | | | |
# | | | | | |
# | +---+---+ | | +---+---+ |
# | | | | | | | |
# | | | | | | | |
# | + + | | + + |
# | br0.10 br0.20 | | br0.10 br0.20 |
# | | | |
# | 192.0.2.33 | | 192.0.2.34 |
# | + lo | | + lo |
# | | | |
# | | | |
# | 192.0.2.49/28 | | 192.0.2.50/28 |
# | veth0 +-------+ veth0 |
# | | | |
# | sw1 | | sw2 |
# +------------------------------------+ +------------------------------------+
source lib.sh
ret=0
# All tests in this script. Can be overridden with -t option.
TESTS="
neigh_suppress_arp
neigh_suppress_ns
neigh_vlan_suppress_arp
neigh_vlan_suppress_ns
"
VERBOSE=0
PAUSE_ON_FAIL=no
PAUSE=no
################################################################################
# Utilities
log_test()
{
local rc=$1
local expected=$2
local msg="$3"
if [ ${rc} -eq ${expected} ]; then
printf "TEST: %-60s [ OK ]\n" "${msg}"
nsuccess=$((nsuccess+1))
else
ret=1
nfail=$((nfail+1))
printf "TEST: %-60s [FAIL]\n" "${msg}"
if [ "$VERBOSE" = "1" ]; then
echo " rc=$rc, expected $expected"
fi
if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
echo
echo "hit enter to continue, 'q' to quit"
read a
[ "$a" = "q" ] && exit 1
fi
fi
if [ "${PAUSE}" = "yes" ]; then
echo
echo "hit enter to continue, 'q' to quit"
read a
[ "$a" = "q" ] && exit 1
fi
[ "$VERBOSE" = "1" ] && echo
}
run_cmd()
{
local cmd="$1"
local out
local stderr="2>/dev/null"
if [ "$VERBOSE" = "1" ]; then
printf "COMMAND: $cmd\n"
stderr=
fi
out=$(eval $cmd $stderr)
rc=$?
if [ "$VERBOSE" = "1" -a -n "$out" ]; then
echo " $out"
fi
return $rc
}
tc_check_packets()
{
local ns=$1; shift
local id=$1; shift
local handle=$1; shift
local count=$1; shift
local pkts
sleep 0.1
pkts=$(tc -n $ns -j -s filter show $id \
| jq ".[] | select(.options.handle == $handle) | \
.options.actions[0].stats.packets")
[[ $pkts == $count ]]
}
################################################################################
# Setup
setup_topo_ns()
{
local ns=$1; shift
ip netns exec $ns sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
ip netns exec $ns sysctl -qw net.ipv6.conf.default.ignore_routes_with_linkdown=1
ip netns exec $ns sysctl -qw net.ipv6.conf.all.accept_dad=0
ip netns exec $ns sysctl -qw net.ipv6.conf.default.accept_dad=0
}
setup_topo()
{
local ns
setup_ns h1 h2 sw1 sw2
for ns in $h1 $h2 $sw1 $sw2; do
setup_topo_ns $ns
done
ip -n $h1 link add name eth0 type veth peer name swp1 netns $sw1
ip -n $sw1 link add name veth0 type veth peer name veth0 netns $sw2
ip -n $h2 link add name eth0 type veth peer name swp1 netns $sw2
}
setup_host_common()
{
local ns=$1; shift
local v4addr1=$1; shift
local v4addr2=$1; shift
local v6addr1=$1; shift
local v6addr2=$1; shift
ip -n $ns link set dev eth0 up
ip -n $ns link add link eth0 name eth0.10 up type vlan id 10
ip -n $ns link add link eth0 name eth0.20 up type vlan id 20
ip -n $ns address add $v4addr1 dev eth0.10
ip -n $ns address add $v4addr2 dev eth0.20
ip -n $ns address add $v6addr1 dev eth0.10
ip -n $ns address add $v6addr2 dev eth0.20
}
setup_h1()
{
local ns=$h1
local v4addr1=192.0.2.1/28
local v4addr2=192.0.2.17/28
local v6addr1=2001:db8:1::1/64
local v6addr2=2001:db8:2::1/64
setup_host_common $ns $v4addr1 $v4addr2 $v6addr1 $v6addr2
}
setup_h2()
{
local ns=$h2
local v4addr1=192.0.2.2/28
local v4addr2=192.0.2.18/28
local v6addr1=2001:db8:1::2/64
local v6addr2=2001:db8:2::2/64
setup_host_common $ns $v4addr1 $v4addr2 $v6addr1 $v6addr2
}
setup_sw_common()
{
local ns=$1; shift
local local_addr=$1; shift
local remote_addr=$1; shift
local veth_addr=$1; shift
local gw_addr=$1; shift
ip -n $ns address add $local_addr/32 dev lo
ip -n $ns link set dev veth0 up
ip -n $ns address add $veth_addr/28 dev veth0
ip -n $ns route add default via $gw_addr
ip -n $ns link add name br0 up type bridge vlan_filtering 1 \
vlan_default_pvid 0 mcast_snooping 0
ip -n $ns link add link br0 name br0.10 up type vlan id 10
bridge -n $ns vlan add vid 10 dev br0 self
ip -n $ns link add link br0 name br0.20 up type vlan id 20
bridge -n $ns vlan add vid 20 dev br0 self
ip -n $ns link set dev swp1 up master br0
bridge -n $ns vlan add vid 10 dev swp1
bridge -n $ns vlan add vid 20 dev swp1
ip -n $ns link add name vx0 up master br0 type vxlan \
local $local_addr dstport 4789 nolearning external
bridge -n $ns fdb add 00:00:00:00:00:00 dev vx0 self static \
dst $remote_addr src_vni 10010
bridge -n $ns fdb add 00:00:00:00:00:00 dev vx0 self static \
dst $remote_addr src_vni 10020
bridge -n $ns link set dev vx0 vlan_tunnel on learning off
bridge -n $ns vlan add vid 10 dev vx0
bridge -n $ns vlan add vid 10 dev vx0 tunnel_info id 10010
bridge -n $ns vlan add vid 20 dev vx0
bridge -n $ns vlan add vid 20 dev vx0 tunnel_info id 10020
}
setup_sw1()
{
local ns=$sw1
local local_addr=192.0.2.33
local remote_addr=192.0.2.34
local veth_addr=192.0.2.49
local gw_addr=192.0.2.50
setup_sw_common $ns $local_addr $remote_addr $veth_addr $gw_addr
}
setup_sw2()
{
local ns=$sw2
local local_addr=192.0.2.34
local remote_addr=192.0.2.33
local veth_addr=192.0.2.50
local gw_addr=192.0.2.49
setup_sw_common $ns $local_addr $remote_addr $veth_addr $gw_addr
}
setup()
{
set -e
setup_topo
setup_h1
setup_h2
setup_sw1
setup_sw2
sleep 5
set +e
}
cleanup()
{
cleanup_ns $h1 $h2 $sw1 $sw2
}
################################################################################
# Tests
neigh_suppress_arp_common()
{
local vid=$1; shift
local sip=$1; shift
local tip=$1; shift
local h2_mac
echo
echo "Per-port ARP suppression - VLAN $vid"
echo "----------------------------------"
run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact"
run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto 0x0806 flower indev swp1 arp_tip $tip arp_sip $sip arp_op request action pass"
# Initial state - check that ARP requests are not suppressed and that
# ARP replies are received.
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip"
log_test $? 0 "arping"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "ARP suppression"
# Enable neighbor suppression and check that nothing changes compared
# to the initial state.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\""
log_test $? 0 "\"neigh_suppress\" is on"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip"
log_test $? 0 "arping"
tc_check_packets $sw1 "dev vx0 egress" 101 2
log_test $? 0 "ARP suppression"
# Install an FDB entry for the remote host and check that nothing
# changes compared to the initial state.
h2_mac=$(ip -n $h2 -j -p link show eth0.$vid | jq -r '.[]["address"]')
run_cmd "bridge -n $sw1 fdb replace $h2_mac dev vx0 master static vlan $vid"
log_test $? 0 "FDB entry installation"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip"
log_test $? 0 "arping"
tc_check_packets $sw1 "dev vx0 egress" 101 3
log_test $? 0 "ARP suppression"
# Install a neighbor on the matching SVI interface and check that ARP
# requests are suppressed.
run_cmd "ip -n $sw1 neigh replace $tip lladdr $h2_mac nud permanent dev br0.$vid"
log_test $? 0 "Neighbor entry installation"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip"
log_test $? 0 "arping"
tc_check_packets $sw1 "dev vx0 egress" 101 3
log_test $? 0 "ARP suppression"
# Take the second host down and check that ARP requests are suppressed
# and that ARP replies are received.
run_cmd "ip -n $h2 link set dev eth0.$vid down"
log_test $? 0 "H2 down"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip"
log_test $? 0 "arping"
tc_check_packets $sw1 "dev vx0 egress" 101 3
log_test $? 0 "ARP suppression"
run_cmd "ip -n $h2 link set dev eth0.$vid up"
log_test $? 0 "H2 up"
# Disable neighbor suppression and check that ARP requests are no
# longer suppressed.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress off"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress off\""
log_test $? 0 "\"neigh_suppress\" is off"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip"
log_test $? 0 "arping"
tc_check_packets $sw1 "dev vx0 egress" 101 4
log_test $? 0 "ARP suppression"
# Take the second host down and check that ARP requests are not
# suppressed and that ARP replies are not received.
run_cmd "ip -n $h2 link set dev eth0.$vid down"
log_test $? 0 "H2 down"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip -I eth0.$vid $tip"
log_test $? 1 "arping"
tc_check_packets $sw1 "dev vx0 egress" 101 5
log_test $? 0 "ARP suppression"
}
neigh_suppress_arp()
{
local vid=10
local sip=192.0.2.1
local tip=192.0.2.2
neigh_suppress_arp_common $vid $sip $tip
vid=20
sip=192.0.2.17
tip=192.0.2.18
neigh_suppress_arp_common $vid $sip $tip
}
neigh_suppress_ns_common()
{
local vid=$1; shift
local saddr=$1; shift
local daddr=$1; shift
local maddr=$1; shift
local h2_mac
echo
echo "Per-port NS suppression - VLAN $vid"
echo "---------------------------------"
run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact"
run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip $maddr src_ip $saddr type 135 code 0 action pass"
# Initial state - check that NS messages are not suppressed and that ND
# messages are received.
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid"
log_test $? 0 "ndisc6"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "NS suppression"
# Enable neighbor suppression and check that nothing changes compared
# to the initial state.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\""
log_test $? 0 "\"neigh_suppress\" is on"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid"
log_test $? 0 "ndisc6"
tc_check_packets $sw1 "dev vx0 egress" 101 2
log_test $? 0 "NS suppression"
# Install an FDB entry for the remote host and check that nothing
# changes compared to the initial state.
h2_mac=$(ip -n $h2 -j -p link show eth0.$vid | jq -r '.[]["address"]')
run_cmd "bridge -n $sw1 fdb replace $h2_mac dev vx0 master static vlan $vid"
log_test $? 0 "FDB entry installation"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid"
log_test $? 0 "ndisc6"
tc_check_packets $sw1 "dev vx0 egress" 101 3
log_test $? 0 "NS suppression"
# Install a neighbor on the matching SVI interface and check that NS
# messages are suppressed.
run_cmd "ip -n $sw1 neigh replace $daddr lladdr $h2_mac nud permanent dev br0.$vid"
log_test $? 0 "Neighbor entry installation"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid"
log_test $? 0 "ndisc6"
tc_check_packets $sw1 "dev vx0 egress" 101 3
log_test $? 0 "NS suppression"
# Take the second host down and check that NS messages are suppressed
# and that ND messages are received.
run_cmd "ip -n $h2 link set dev eth0.$vid down"
log_test $? 0 "H2 down"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid"
log_test $? 0 "ndisc6"
tc_check_packets $sw1 "dev vx0 egress" 101 3
log_test $? 0 "NS suppression"
run_cmd "ip -n $h2 link set dev eth0.$vid up"
log_test $? 0 "H2 up"
# Disable neighbor suppression and check that NS messages are no longer
# suppressed.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress off"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress off\""
log_test $? 0 "\"neigh_suppress\" is off"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid"
log_test $? 0 "ndisc6"
tc_check_packets $sw1 "dev vx0 egress" 101 4
log_test $? 0 "NS suppression"
# Take the second host down and check that NS messages are not
# suppressed and that ND messages are not received.
run_cmd "ip -n $h2 link set dev eth0.$vid down"
log_test $? 0 "H2 down"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr -w 5000 $daddr eth0.$vid"
log_test $? 2 "ndisc6"
tc_check_packets $sw1 "dev vx0 egress" 101 5
log_test $? 0 "NS suppression"
}
neigh_suppress_ns()
{
local vid=10
local saddr=2001:db8:1::1
local daddr=2001:db8:1::2
local maddr=ff02::1:ff00:2
neigh_suppress_ns_common $vid $saddr $daddr $maddr
vid=20
saddr=2001:db8:2::1
daddr=2001:db8:2::2
maddr=ff02::1:ff00:2
neigh_suppress_ns_common $vid $saddr $daddr $maddr
}
neigh_vlan_suppress_arp()
{
local vid1=10
local vid2=20
local sip1=192.0.2.1
local sip2=192.0.2.17
local tip1=192.0.2.2
local tip2=192.0.2.18
local h2_mac1
local h2_mac2
echo
echo "Per-{Port, VLAN} ARP suppression"
echo "--------------------------------"
run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact"
run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto 0x0806 flower indev swp1 arp_tip $tip1 arp_sip $sip1 arp_op request action pass"
run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 102 proto 0x0806 flower indev swp1 arp_tip $tip2 arp_sip $sip2 arp_op request action pass"
h2_mac1=$(ip -n $h2 -j -p link show eth0.$vid1 | jq -r '.[]["address"]')
h2_mac2=$(ip -n $h2 -j -p link show eth0.$vid2 | jq -r '.[]["address"]')
run_cmd "bridge -n $sw1 fdb replace $h2_mac1 dev vx0 master static vlan $vid1"
run_cmd "bridge -n $sw1 fdb replace $h2_mac2 dev vx0 master static vlan $vid2"
run_cmd "ip -n $sw1 neigh replace $tip1 lladdr $h2_mac1 nud permanent dev br0.$vid1"
run_cmd "ip -n $sw1 neigh replace $tip2 lladdr $h2_mac2 nud permanent dev br0.$vid2"
# Enable per-{Port, VLAN} neighbor suppression and check that ARP
# requests are not suppressed and that ARP replies are received.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_vlan_suppress on"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_vlan_suppress on\""
log_test $? 0 "\"neigh_vlan_suppress\" is on"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1"
log_test $? 0 "arping (VLAN $vid1)"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2"
log_test $? 0 "arping (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "ARP suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 1
log_test $? 0 "ARP suppression (VLAN $vid2)"
# Enable neighbor suppression on VLAN 10 and check that only on this
# VLAN ARP requests are suppressed.
run_cmd "bridge -n $sw1 vlan set vid $vid1 dev vx0 neigh_suppress on"
run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid1 | grep \"neigh_suppress on\""
log_test $? 0 "\"neigh_suppress\" is on (VLAN $vid1)"
run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid2 | grep \"neigh_suppress off\""
log_test $? 0 "\"neigh_suppress\" is off (VLAN $vid2)"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1"
log_test $? 0 "arping (VLAN $vid1)"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2"
log_test $? 0 "arping (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "ARP suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 2
log_test $? 0 "ARP suppression (VLAN $vid2)"
# Enable neighbor suppression on the port and check that it has no
# effect compared to previous state.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\""
log_test $? 0 "\"neigh_suppress\" is on"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1"
log_test $? 0 "arping (VLAN $vid1)"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2"
log_test $? 0 "arping (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "ARP suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 3
log_test $? 0 "ARP suppression (VLAN $vid2)"
# Disable neighbor suppression on the port and check that it has no
# effect compared to previous state.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress off"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress off\""
log_test $? 0 "\"neigh_suppress\" is off"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1"
log_test $? 0 "arping (VLAN $vid1)"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2"
log_test $? 0 "arping (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "ARP suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 4
log_test $? 0 "ARP suppression (VLAN $vid2)"
# Disable neighbor suppression on VLAN 10 and check that ARP requests
# are no longer suppressed on this VLAN.
run_cmd "bridge -n $sw1 vlan set vid $vid1 dev vx0 neigh_suppress off"
run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid1 | grep \"neigh_suppress off\""
log_test $? 0 "\"neigh_suppress\" is off (VLAN $vid1)"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1"
log_test $? 0 "arping (VLAN $vid1)"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2"
log_test $? 0 "arping (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 2
log_test $? 0 "ARP suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 5
log_test $? 0 "ARP suppression (VLAN $vid2)"
# Disable per-{Port, VLAN} neighbor suppression, enable neighbor
# suppression on the port and check that on both VLANs ARP requests are
# suppressed.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_vlan_suppress off"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_vlan_suppress off\""
log_test $? 0 "\"neigh_vlan_suppress\" is off"
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\""
log_test $? 0 "\"neigh_suppress\" is on"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip1 -I eth0.$vid1 $tip1"
log_test $? 0 "arping (VLAN $vid1)"
run_cmd "ip netns exec $h1 arping -q -b -c 1 -w 5 -s $sip2 -I eth0.$vid2 $tip2"
log_test $? 0 "arping (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 2
log_test $? 0 "ARP suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 5
log_test $? 0 "ARP suppression (VLAN $vid2)"
}
neigh_vlan_suppress_ns()
{
local vid1=10
local vid2=20
local saddr1=2001:db8:1::1
local saddr2=2001:db8:2::1
local daddr1=2001:db8:1::2
local daddr2=2001:db8:2::2
local maddr=ff02::1:ff00:2
local h2_mac1
local h2_mac2
echo
echo "Per-{Port, VLAN} NS suppression"
echo "-------------------------------"
run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact"
run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip $maddr src_ip $saddr1 type 135 code 0 action pass"
run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 102 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip $maddr src_ip $saddr2 type 135 code 0 action pass"
h2_mac1=$(ip -n $h2 -j -p link show eth0.$vid1 | jq -r '.[]["address"]')
h2_mac2=$(ip -n $h2 -j -p link show eth0.$vid2 | jq -r '.[]["address"]')
run_cmd "bridge -n $sw1 fdb replace $h2_mac1 dev vx0 master static vlan $vid1"
run_cmd "bridge -n $sw1 fdb replace $h2_mac2 dev vx0 master static vlan $vid2"
run_cmd "ip -n $sw1 neigh replace $daddr1 lladdr $h2_mac1 nud permanent dev br0.$vid1"
run_cmd "ip -n $sw1 neigh replace $daddr2 lladdr $h2_mac2 nud permanent dev br0.$vid2"
# Enable per-{Port, VLAN} neighbor suppression and check that NS
# messages are not suppressed and that ND messages are received.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_vlan_suppress on"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_vlan_suppress on\""
log_test $? 0 "\"neigh_vlan_suppress\" is on"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1"
log_test $? 0 "ndisc6 (VLAN $vid1)"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2"
log_test $? 0 "ndisc6 (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "NS suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 1
log_test $? 0 "NS suppression (VLAN $vid2)"
# Enable neighbor suppression on VLAN 10 and check that only on this
# VLAN NS messages are suppressed.
run_cmd "bridge -n $sw1 vlan set vid $vid1 dev vx0 neigh_suppress on"
run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid1 | grep \"neigh_suppress on\""
log_test $? 0 "\"neigh_suppress\" is on (VLAN $vid1)"
run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid2 | grep \"neigh_suppress off\""
log_test $? 0 "\"neigh_suppress\" is off (VLAN $vid2)"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1"
log_test $? 0 "ndisc6 (VLAN $vid1)"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2"
log_test $? 0 "ndisc6 (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "NS suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 2
log_test $? 0 "NS suppression (VLAN $vid2)"
# Enable neighbor suppression on the port and check that it has no
# effect compared to previous state.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\""
log_test $? 0 "\"neigh_suppress\" is on"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1"
log_test $? 0 "ndisc6 (VLAN $vid1)"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2"
log_test $? 0 "ndisc6 (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "NS suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 3
log_test $? 0 "NS suppression (VLAN $vid2)"
# Disable neighbor suppression on the port and check that it has no
# effect compared to previous state.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress off"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress off\""
log_test $? 0 "\"neigh_suppress\" is off"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1"
log_test $? 0 "ndisc6 (VLAN $vid1)"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2"
log_test $? 0 "ndisc6 (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 1
log_test $? 0 "NS suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 4
log_test $? 0 "NS suppression (VLAN $vid2)"
# Disable neighbor suppression on VLAN 10 and check that NS messages
# are no longer suppressed on this VLAN.
run_cmd "bridge -n $sw1 vlan set vid $vid1 dev vx0 neigh_suppress off"
run_cmd "bridge -n $sw1 -d vlan show dev vx0 vid $vid1 | grep \"neigh_suppress off\""
log_test $? 0 "\"neigh_suppress\" is off (VLAN $vid1)"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1"
log_test $? 0 "ndisc6 (VLAN $vid1)"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2"
log_test $? 0 "ndisc6 (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 2
log_test $? 0 "NS suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 5
log_test $? 0 "NS suppression (VLAN $vid2)"
# Disable per-{Port, VLAN} neighbor suppression, enable neighbor
# suppression on the port and check that on both VLANs NS messages are
# suppressed.
run_cmd "bridge -n $sw1 link set dev vx0 neigh_vlan_suppress off"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_vlan_suppress off\""
log_test $? 0 "\"neigh_vlan_suppress\" is off"
run_cmd "bridge -n $sw1 link set dev vx0 neigh_suppress on"
run_cmd "bridge -n $sw1 -d link show dev vx0 | grep \"neigh_suppress on\""
log_test $? 0 "\"neigh_suppress\" is on"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr1 -w 5000 $daddr1 eth0.$vid1"
log_test $? 0 "ndisc6 (VLAN $vid1)"
run_cmd "ip netns exec $h1 ndisc6 -q -r 1 -s $saddr2 -w 5000 $daddr2 eth0.$vid2"
log_test $? 0 "ndisc6 (VLAN $vid2)"
tc_check_packets $sw1 "dev vx0 egress" 101 2
log_test $? 0 "NS suppression (VLAN $vid1)"
tc_check_packets $sw1 "dev vx0 egress" 102 5
log_test $? 0 "NS suppression (VLAN $vid2)"
}
################################################################################
# Usage
usage()
{
cat <<EOF
usage: ${0##*/} OPTS
-t <test> Test(s) to run (default: all)
(options: $TESTS)
-p Pause on fail
-P Pause after each test before cleanup
-v Verbose mode (show commands and output)
EOF
}
################################################################################
# Main
trap cleanup EXIT
while getopts ":t:pPvh" opt; do
case $opt in
t) TESTS=$OPTARG;;
p) PAUSE_ON_FAIL=yes;;
P) PAUSE=yes;;
v) VERBOSE=$(($VERBOSE + 1));;
h) usage; exit 0;;
*) usage; exit 1;;
esac
done
# Make sure we don't pause twice.
[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no
if [ "$(id -u)" -ne 0 ];then
echo "SKIP: Need root privileges"
exit $ksft_skip;
fi
if [ ! -x "$(command -v ip)" ]; then
echo "SKIP: Could not run test without ip tool"
exit $ksft_skip
fi
if [ ! -x "$(command -v bridge)" ]; then
echo "SKIP: Could not run test without bridge tool"
exit $ksft_skip
fi
if [ ! -x "$(command -v tc)" ]; then
echo "SKIP: Could not run test without tc tool"
exit $ksft_skip
fi
if [ ! -x "$(command -v arping)" ]; then
echo "SKIP: Could not run test without arping tool"
exit $ksft_skip
fi
if [ ! -x "$(command -v ndisc6)" ]; then
echo "SKIP: Could not run test without ndisc6 tool"
exit $ksft_skip
fi
if [ ! -x "$(command -v jq)" ]; then
echo "SKIP: Could not run test without jq tool"
exit $ksft_skip
fi
bridge link help 2>&1 | grep -q "neigh_vlan_suppress"
if [ $? -ne 0 ]; then
echo "SKIP: iproute2 bridge too old, missing per-VLAN neighbor suppression support"
exit $ksft_skip
fi
# Start clean.
cleanup
for t in $TESTS
do
setup; $t; cleanup;
done
if [ "$TESTS" != "none" ]; then
printf "\nTests passed: %3d\n" ${nsuccess}
printf "Tests failed: %3d\n" ${nfail}
fi
exit $ret