Thread (28 messages) 28 messages, 3 authors, 2022-10-18

Re: [PATCH v7 net-next 9/9] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests

From: Ido Schimmel <idosch@nvidia.com>
Date: 2022-10-13 12:16:53
Also in: bridge, linux-arm-kernel, linux-kselftest, linux-mediatek, lkml
Subsystem: kernel selftest framework, networking [general], networking [ipv4/ipv6], the rest · Maintainers: Shuah Khan, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern, Ido Schimmel, Linus Torvalds

On Sun, Oct 09, 2022 at 07:40:52PM +0200, Hans J. Schultz wrote:
quoted hunk ↗ jump to hunk
+++ b/tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh
@@ -0,0 +1,134 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+ALL_TESTS="blackhole_fdb"
+NUM_NETIFS=4
+source tc_common.sh
+source lib.sh
+
+h1_create()
+{
+	simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64
+	vlan_create $h1 100 v$h1 198.51.100.1/24
+}
+
+h1_destroy()
+{
+	vlan_destroy $h1 100
+	simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
+}
+
+h2_create()
+{
+	simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64
+	vlan_create $h2 100 v$h2 198.51.100.2/24
+}
+
+h2_destroy()
+{
+	vlan_destroy $h2 100
+	simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64
+}
There is unnecessary configuration here. Can be simplified:
diff --git a/tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh b/tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh
index 77d166180bc4..cc2145ea1968 100755
--- a/tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh
@@ -8,26 +8,22 @@ source lib.sh
 
 h1_create()
 {
-	simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64
-	vlan_create $h1 100 v$h1 198.51.100.1/24
+	simple_if_init $h1 192.0.2.1/24
 }
 
 h1_destroy()
 {
-	vlan_destroy $h1 100
-	simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
+	simple_if_fini $h1 192.0.2.1/24
 }
 
 h2_create()
 {
-	simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64
-	vlan_create $h2 100 v$h2 198.51.100.2/24
+	simple_if_init $h2 192.0.2.2/24
 }
 
 h2_destroy()
 {
-	vlan_destroy $h2 100
-	simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64
+	simple_if_fini $h2 192.0.2.2/24
 }
 
 switch_create()
+
+switch_create()
+{
+	ip link add dev br0 type bridge vlan_filtering 1
+
+	ip link set dev $swp1 master br0
+	ip link set dev $swp2 master br0
+
+	ip link set dev br0 up
+	ip link set dev $swp1 up
+	ip link set dev $swp2 up
+
+	tc qdisc add dev $swp2 clsact
+}
+
+switch_destroy()
+{
+	tc qdisc del dev $swp2 clsact
+
+	ip link set dev $swp2 down
+	ip link set dev $swp1 down
+
+	ip link del dev br0
+}
+
+setup_prepare()
+{
+	h1=${NETIFS[p1]}
+	swp1=${NETIFS[p2]}
+	h2=${NETIFS[p3]}
+	swp2=${NETIFS[p4]}
+
+	vrf_prepare
+
+	h1_create
+	h2_create
+
+	switch_create
+}
+
+cleanup()
+{
+	pre_cleanup
+
+	switch_destroy
+
+	h2_destroy
+	h1_destroy
+
+	vrf_cleanup
+}
+
+# Check that there is no egress with blackhole entry and that blackhole entries can be replaced
Wrap this to 80 columns:

# Check that there is no egress with blackhole entry and that blackhole entries
# can be replaced.
+blackhole_fdb()
+{
+	RET=0
+
+	check_blackhole_fdb_support || return 0
+
+	tc filter add dev $swp2 egress protocol ip pref 1 handle 1 flower \
+		dst_ip 192.0.2.2 ip_proto udp dst_port 12345 action pass
+
+	$MZ $h1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
+		-a own -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q
+
+	tc_check_packets "dev $swp2 egress" 1 1
+	check_err $? "Packet not seen on egress before adding blackhole entry"
+
+	bridge fdb replace `mac_get $h2` dev br0 blackhole
vlan 1
+	bridge fdb get `mac_get $h2` br br0 | grep -q blackhole
vlan 1
+	check_err $? "Blackhole entry not found"
+
+	$MZ $h1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
+		-a own -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q
+
+	tc_check_packets "dev $swp2 egress" 1 1
+	check_err $? "Packet seen on egress after adding blackhole entry"
+
+	# Check blackhole entries can be replaced.
+	bridge fdb replace `mac_get $h2` dev $swp2 master static
vlan 1
+	bridge fdb get `mac_get $h2` br br0 | grep -q blackhole
vlan 1
+	check_fail $? "Blackhole entry found after replacement"
+
+	$MZ $h1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
+		-a own -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q
+
+	tc_check_packets "dev $swp2 egress" 1 2
+	check_err $? "Packet not seen on egress after replacing blackhole entry"
+
+	bridge fdb del `mac_get $h2` dev $swp2 master static
vlan 1
+	tc filter del dev $swp2 egress protocol ip pref 1 handle 1 flower
+
+	log_test "Blackhole FDB entry"
+}
Tested with veth pairs. Looks OK to me.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help