[PATCH 5/5] selftest: Add bridge flood flag tests
From: Mattias Forsblad <hidden>
Date: 2022-03-17 06:51:01
Subsystem:
kernel selftest framework, networking [general], networking [ipv4/ipv6], the rest · Maintainers:
Shuah Khan, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern, Ido Schimmel, Linus Torvalds
Add test to check that the bridge flood flags works correctly.
When the bridge flag {flood,mcast_flood,bcast_flood} are cleared
no packets of the corresponding type should be flooded to the
bridge.
Signed-off-by: Mattias Forsblad <redacted>
---
.../testing/selftests/net/forwarding/Makefile | 1 +
.../selftests/net/forwarding/bridge_flood.sh | 169 ++++++++++++++++++
tools/testing/selftests/net/forwarding/lib.sh | 8 +
3 files changed, 178 insertions(+)
create mode 100755 tools/testing/selftests/net/forwarding/bridge_flood.sh
diff --git a/tools/testing/selftests/net/forwarding/Makefile b/tools/testing/selftests/net/forwarding/Makefile
index 8fa97ae9af9e..24ca6a333edd 100644
--- a/tools/testing/selftests/net/forwarding/Makefile
+++ b/tools/testing/selftests/net/forwarding/Makefile@@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0+ OR MIT TEST_PROGS = bridge_igmp.sh \ + bridge_flood.sh \ bridge_locked_port.sh \ bridge_port_isolation.sh \ bridge_sticky_fdb.sh \
diff --git a/tools/testing/selftests/net/forwarding/bridge_flood.sh b/tools/testing/selftests/net/forwarding/bridge_flood.sh
new file mode 100755
index 000000000000..ea3e7da139aa
--- /dev/null
+++ b/tools/testing/selftests/net/forwarding/bridge_flood.sh@@ -0,0 +1,169 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +ALL_TESTS="ping_test bridge_flood" +NUM_NETIFS=4 +CHECK_TC="no" +source lib.sh +bridge=br3 + +h1_create() +{ + simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64 +} + +h1_destroy() +{ + simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64 +} + +h2_create() +{ + simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64 +} + +h2_destroy() +{ + simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64 +} + +switch_create() +{ + ip link add dev $bridge type bridge + + ip link set dev $swp1 master $bridge + ip link set dev $swp2 master $bridge + ip link set dev $swp1 type bridge_slave learning off + ip link set dev $swp2 type bridge_slave learning off + + ip link set dev $bridge type bridge flood 0 mcast_flood 0 bcast_flood 0 + check_err $? "Can't set bridge flooding off on $bridge" + + ip link set dev $bridge up + ip link set dev $bridge promisc on + ip link set dev $swp1 up + ip link set dev $swp2 up +} + +switch_destroy() +{ + ip link set dev $swp2 down + ip link set dev $swp1 down + + ip link del dev $bridge +} + +setup_prepare() +{ + h1=${NETIFS[p1]} + swp1=${NETIFS[p2]} + + swp2=${NETIFS[p3]} + h2=${NETIFS[p4]} + + vrf_prepare + + h1_create + h2_create + + switch_create +} + +ping_test() +{ + echo "Check connectivity /w ping" + ping_do $h1 192.0.2.2 + check_err $? "ping fail" + log_test "ping test" +} + +cleanup() +{ + pre_cleanup + + switch_destroy + + h2_destroy + h1_destroy + + vrf_cleanup +} + +bridge_flood_test_do() +{ + local should_flood=$1 + local mac=$2 + local ip=$3 + local host1_if=$4 + local err=0 + local vrf_name + + + # Add an ACL on `host2_if` which will tell us whether the packet + # was flooded to it or not. + tc qdisc add dev $bridge ingress + tc filter add dev $bridge ingress protocol ip pref 1 handle 101 \ + flower dst_mac $mac action drop + + vrf_name=$(master_name_get $host1_if) + ip vrf exec $vrf_name \ + $MZ $host1_if -c 1 -p 64 -b $mac -B $ip -t ip -q + sleep 1 + + tc -j -s filter show dev $bridge ingress \ + | jq -e ".[] | select(.options.handle == 101) \ + | select(.options.actions[0].stats.packets == 1)" &> /dev/null + if [[ $? -ne 0 && $should_flood == "true" || \ + $? -eq 0 && $should_flood == "false" ]]; then + err=1 + fi + + tc filter del dev $bridge ingress protocol ip pref 1 handle 101 flower + tc qdisc del dev $bridge ingress + + return $err +} + +bridge_flood_test() +{ + local mac=$1 + local ip=$2 + local flag=$3 + + RET=0 + + ip link set dev $bridge type bridge $flag 0 + + bridge_flood_test_do false $mac $ip $h1 $bridge + check_err $? "Packet flooded when should not" + log_test "Bridge test flag $flag disabled" + + ip link set dev $bridge type bridge $flag 1 + + bridge_flood_test_do true $mac $ip $h1 $bridge + check_err $? "Packet was not flooded when should" + + log_test "Bridge test flag $flag enabled" +} + +bridge_flood() +{ + RET=0 + + check_bridge_flood_support $bridge || return 0 + + bridge_flood_test de:ad:be:ef:13:37 192.0.2.100 flood + + bridge_flood_test 01:00:5e:00:00:01 239.0.0.1 mcast_flood + + bridge_flood_test ff:ff:ff:ff:ff:ff 192.0.2.100 bcast_flood +} + +trap cleanup EXIT + +setup_prepare +setup_wait + +tests_run + +exit $EXIT_STATUS
diff --git a/tools/testing/selftests/net/forwarding/lib.sh b/tools/testing/selftests/net/forwarding/lib.sh
index 664b9ecaf228..12e69837374e 100644
--- a/tools/testing/selftests/net/forwarding/lib.sh
+++ b/tools/testing/selftests/net/forwarding/lib.sh@@ -134,6 +134,14 @@ check_locked_port_support() fi } +check_bridge_flood_support() +{ + if ! ip -d link show dev $1 | grep -q " flood"; then + echo "SKIP: iproute2 too old; Bridge flood feature not supported." + return $ksft_skip + fi +} + if [[ "$(id -u)" -ne 0 ]]; then echo "SKIP: need root privileges" exit $ksft_skip
--
2.25.1