Merge branch 'selftests-Add-tests-for-mirroring-to-gretap'

	vrf_destroy $vrf_name

}

tunnel_create()

{

	local name=$1; shift

	local type=$1; shift

	local local=$1; shift

	local remote=$1; shift

	ip link add name $name type $type \

	   local $local remote $remote "$@"

	ip link set dev $name up

}

tunnel_destroy()

{

	local name=$1; shift

	ip link del dev $name

}

master_name_get()

{

	local if_name=$1

       ip -j -s link show dev $if_name | jq '.[]["stats64"]["tx"]["packets"]'

}

tc_rule_stats_get()

{

	local dev=$1; shift

	local pref=$1; shift

	tc -j -s filter show dev $dev ingress pref $pref |

	jq '.[1].options.actions[].stats.packets'

}

mac_get()

{

	local if_name=$1

	return 0

}

slow_path_trap_install()

{

	local dev=$1; shift

	local direction=$1; shift

	if [ "${tcflags/skip_hw}" != "$tcflags" ]; then

		# For slow-path testing, we need to install a trap to get to

		# slow path the packets that would otherwise be switched in HW.

		tc filter add dev $dev $direction pref 1 \

		   flower skip_sw action trap

	fi

}

slow_path_trap_uninstall()

{

	local dev=$1; shift

	local direction=$1; shift

	if [ "${tcflags/skip_hw}" != "$tcflags" ]; then

		tc filter del dev $dev $direction pref 1 flower skip_sw

	fi

}

__icmp_capture_add_del()

{

	local add_del=$1; shift

	local pref=$1; shift

	local vsuf=$1; shift

	local tundev=$1; shift

	local filter=$1; shift

	tc filter $add_del dev "$tundev" ingress \

	   proto ip$vsuf pref $pref \

	   flower ip_proto icmp$vsuf $filter \

	   action pass

}

icmp_capture_install()

{

	__icmp_capture_add_del add 100 "" "$@"

}

icmp_capture_uninstall()

{

	__icmp_capture_add_del del 100 "" "$@"

}

icmp6_capture_install()

{

	__icmp_capture_add_del add 100 v6 "$@"

}

icmp6_capture_uninstall()

{

	__icmp_capture_add_del del 100 v6 "$@"

}

matchall_sink_create()

{

	local dev=$1; shift

	tc qdisc add dev $dev clsact

	tc filter add dev $dev ingress \

	   pref 10000 \

	   matchall \

	   action drop

}

##############################################################################

# Tests

#!/bin/bash

# SPDX-License-Identifier: GPL-2.0

# This test uses standard topology for testing gretap. See

# mirror_gre_topo_lib.sh for more details.

#

# Test for "tc action mirred egress mirror" when the device to mirror to is a

# gretap or ip6gretap netdevice. Expect that the packets come out encapsulated,

# and another gretap / ip6gretap netdevice is then capable of decapsulating the

# traffic. Test that the payload is what is expected (ICMP ping request or

# reply, depending on test).

NUM_NETIFS=6

source lib.sh

source mirror_lib.sh

source mirror_gre_lib.sh

source mirror_gre_topo_lib.sh

setup_prepare()

{

	h1=${NETIFS[p1]}

	swp1=${NETIFS[p2]}

	swp2=${NETIFS[p3]}

	h2=${NETIFS[p4]}

	swp3=${NETIFS[p5]}

	h3=${NETIFS[p6]}

	vrf_prepare

	mirror_gre_topo_create

	ip address add dev $swp3 192.0.2.129/28

	ip address add dev $h3 192.0.2.130/28

	ip address add dev $swp3 2001:db8:2::1/64

	ip address add dev $h3 2001:db8:2::2/64

}

cleanup()

{

	pre_cleanup

	ip address del dev $h3 2001:db8:2::2/64

	ip address del dev $swp3 2001:db8:2::1/64

	ip address del dev $h3 192.0.2.130/28

	ip address del dev $swp3 192.0.2.129/28

	mirror_gre_topo_destroy

	vrf_cleanup

}

test_span_gre_mac()

{

	local tundev=$1; shift

	local direction=$1; shift

	local prot=$1; shift

	local what=$1; shift

	local swp3mac=$(mac_get $swp3)

	local h3mac=$(mac_get $h3)

	RET=0

	mirror_install $swp1 $direction $tundev "matchall $tcflags"

	tc qdisc add dev $h3 clsact

	tc filter add dev $h3 ingress pref 77 prot $prot \

		flower ip_proto 0x2f src_mac $swp3mac dst_mac $h3mac \

		action pass

	mirror_test v$h1 192.0.2.1 192.0.2.2 $h3 77 10

	tc filter del dev $h3 ingress pref 77

	tc qdisc del dev $h3 clsact

	mirror_uninstall $swp1 $direction

	log_test "$direction $what: envelope MAC ($tcflags)"

}

test_two_spans()

{

	RET=0

	mirror_install $swp1 ingress gt4 "matchall $tcflags"

	mirror_install $swp1 egress gt6 "matchall $tcflags"

	quick_test_span_gre_dir gt4 ingress

	quick_test_span_gre_dir gt6 egress

	mirror_uninstall $swp1 ingress

	fail_test_span_gre_dir gt4 ingress

	quick_test_span_gre_dir gt6 egress

	mirror_install $swp1 ingress gt4 "matchall $tcflags"

	mirror_uninstall $swp1 egress

	quick_test_span_gre_dir gt4 ingress

	fail_test_span_gre_dir gt6 egress

	mirror_uninstall $swp1 ingress

	log_test "two simultaneously configured mirrors ($tcflags)"

}

test_all()

{

	slow_path_trap_install $swp1 ingress

	slow_path_trap_install $swp1 egress

	full_test_span_gre_dir gt4 ingress 8 0 "mirror to gretap"

	full_test_span_gre_dir gt6 ingress 8 0 "mirror to ip6gretap"

	full_test_span_gre_dir gt4 egress 0 8 "mirror to gretap"

	full_test_span_gre_dir gt6 egress 0 8 "mirror to ip6gretap"

	test_span_gre_mac gt4 ingress ip "mirror to gretap"

	test_span_gre_mac gt6 ingress ipv6 "mirror to ip6gretap"

	test_span_gre_mac gt4 egress ip "mirror to gretap"

	test_span_gre_mac gt6 egress ipv6 "mirror to ip6gretap"

	test_two_spans

	slow_path_trap_uninstall $swp1 egress

	slow_path_trap_uninstall $swp1 ingress

}

trap cleanup EXIT

setup_prepare

setup_wait

tcflags="skip_hw"

test_all

if ! tc_offload_check; then

	echo "WARN: Could not test offloaded functionality"

else

	tcflags="skip_sw"

	test_all

fi

exit $EXIT_STATUS

#!/bin/bash

# SPDX-License-Identifier: GPL-2.0

#   +---------------------+                             +---------------------+

#   | H1                  |                             |                  H2 |

#   |     + $h1           |                             |           $h2 +     |

#   |     | 192.0.2.1/28  |                             |  192.0.2.2/28 |     |

#   +-----|---------------+                             +---------------|-----+

#         |                                                             |

#   +-----|-------------------------------------------------------------|-----+

#   | SW  o--> mirror                                                   |     |

#   | +---|-------------------------------------------------------------|---+ |

#   | |   + $swp1                    BR                           $swp2 +   | |

#   | +---------------------------------------------------------------------+ |

#   |                                                                         |

#   | +---------------------------------------------------------------------+ |

#   | | OL                      + gt6 (ip6gretap)      + gt4 (gretap)       | |

#   | |                         : loc=2001:db8:2::1    : loc=192.0.2.129    | |

#   | |                         : rem=2001:db8:2::2    : rem=192.0.2.130    | |

#   | |                         : ttl=100              : ttl=100            | |

#   | |                         : tos=inherit          : tos=inherit        | |

#   | +-------------------------:--|-------------------:--|-----------------+ |

#   |                           :  |                   :  |                   |

#   | +-------------------------:--|-------------------:--|-----------------+ |

#   | | UL                      :  |,---------------------'                 | |

#   | |   + $swp3               :  ||                  :                    | |

#   | |   | 192.0.2.129/28      :  vv                  :                    | |

#   | |   | 2001:db8:2::1/64    :  + ul (dummy)        :                    | |

#   | +---|---------------------:----------------------:--------------------+ |

#   +-----|---------------------:----------------------:----------------------+

#         |                     :                      :

#   +-----|---------------------:----------------------:----------------------+

#   | H3  + $h3                 + h3-gt6 (ip6gretap)   + h3-gt4 (gretap)      |

#   |       192.0.2.130/28        loc=2001:db8:2::2      loc=192.0.2.130      |

#   |       2001:db8:2::2/64      rem=2001:db8:2::1      rem=192.0.2.129      |

#   |                             ttl=100                ttl=100              |

#   |                             tos=inherit            tos=inherit          |

#   |                                                                         |

#   +-------------------------------------------------------------------------+

#

# This tests mirroring to gretap and ip6gretap configured in an overlay /

# underlay manner, i.e. with a bound dummy device that marks underlay VRF where

# the encapsulated packed should be routed.

NUM_NETIFS=6

source lib.sh

source mirror_lib.sh

source mirror_gre_lib.sh

h1_create()

{

	simple_if_init $h1 192.0.2.1/28

}

h1_destroy()

{

	simple_if_fini $h1 192.0.2.1/28

}

h2_create()

{

	simple_if_init $h2 192.0.2.2/28

}

h2_destroy()

{

	simple_if_fini $h2 192.0.2.2/28

}

h3_create()

{

	simple_if_init $h3 192.0.2.130/28 2001:db8:2::2/64

	tunnel_create h3-gt4 gretap 192.0.2.130 192.0.2.129

	ip link set h3-gt4 vrf v$h3

	matchall_sink_create h3-gt4

	tunnel_create h3-gt6 ip6gretap 2001:db8:2::2 2001:db8:2::1

	ip link set h3-gt6 vrf v$h3

	matchall_sink_create h3-gt6

}

h3_destroy()

{

	tunnel_destroy h3-gt6

	tunnel_destroy h3-gt4

	simple_if_fini $h3 192.0.2.130/28 2001:db8:2::2/64

}

switch_create()

{

	# Bridge between H1 and H2.

	ip link add name br1 type bridge vlan_filtering 1

	ip link set dev br1 up

	ip link set dev $swp1 master br1

	ip link set dev $swp1 up

	ip link set dev $swp2 master br1

	ip link set dev $swp2 up

	tc qdisc add dev $swp1 clsact

	# Underlay.

	simple_if_init $swp3 192.0.2.129/28 2001:db8:2::1/64

	ip link add name ul type dummy

	ip link set dev ul master v$swp3

	ip link set dev ul up

	# Overlay.

	vrf_create vrf-ol

	ip link set dev vrf-ol up

	tunnel_create gt4 gretap 192.0.2.129 192.0.2.130 \

		      ttl 100 tos inherit dev ul

	ip link set dev gt4 master vrf-ol

	ip link set dev gt4 up

	tunnel_create gt6 ip6gretap 2001:db8:2::1 2001:db8:2::2 \

		      ttl 100 tos inherit dev ul allow-localremote

	ip link set dev gt6 master vrf-ol

	ip link set dev gt6 up

}

switch_destroy()

{

	vrf_destroy vrf-ol

	tunnel_destroy gt6

	tunnel_destroy gt4

	simple_if_fini $swp3 192.0.2.129/28 2001:db8:2::1/64

	ip link del dev ul

	tc qdisc del dev $swp1 clsact

	ip link set dev $swp1 down

	ip link set dev $swp2 down

	ip link del dev br1

}

setup_prepare()

{

	h1=${NETIFS[p1]}

	swp1=${NETIFS[p2]}

	swp2=${NETIFS[p3]}

	h2=${NETIFS[p4]}

	swp3=${NETIFS[p5]}

	h3=${NETIFS[p6]}

	vrf_prepare

	h1_create

	h2_create

	h3_create

	switch_create

}

cleanup()

{

	pre_cleanup

	switch_destroy

	h3_destroy

	h2_destroy

	h1_destroy

	vrf_cleanup

}

test_all()

{

	RET=0

	slow_path_trap_install $swp1 ingress

	slow_path_trap_install $swp1 egress

	full_test_span_gre_dir gt4 ingress 8 0 "mirror to gretap w/ UL"

	full_test_span_gre_dir gt6 ingress 8 0 "mirror to ip6gretap w/ UL"

	full_test_span_gre_dir gt4 egress  0 8 "mirror to gretap w/ UL"

	full_test_span_gre_dir gt6 egress  0 8 "mirror to ip6gretap w/ UL"

	slow_path_trap_uninstall $swp1 egress

	slow_path_trap_uninstall $swp1 ingress

}

trap cleanup EXIT

setup_prepare

setup_wait

tcflags="skip_hw"

test_all

if ! tc_offload_check; then

	echo "WARN: Could not test offloaded functionality"

else

	tcflags="skip_sw"

	test_all

fi

exit $EXIT_STATUS

#!/bin/bash

# SPDX-License-Identifier: GPL-2.0

# This test uses standard topology for testing gretap. See

# mirror_gre_topo_lib.sh for more details.

#

# Test how mirrors to gretap and ip6gretap react to changes to relevant

# configuration.

NUM_NETIFS=6

source lib.sh

source mirror_lib.sh

source mirror_gre_lib.sh

source mirror_gre_topo_lib.sh

setup_prepare()

{

	h1=${NETIFS[p1]}

	swp1=${NETIFS[p2]}

	swp2=${NETIFS[p3]}

	h2=${NETIFS[p4]}

	swp3=${NETIFS[p5]}

	h3=${NETIFS[p6]}

	vrf_prepare

	mirror_gre_topo_create

	# This test downs $swp3, which deletes the configured IPv6 address

	# unless this sysctl is set.

	local key=net.ipv6.conf.$swp3.keep_addr_on_down

	SWP3_KEEP_ADDR_ON_DOWN=$(sysctl -n $key)

	sysctl -qw $key=1

	ip address add dev $swp3 192.0.2.129/28

	ip address add dev $h3 192.0.2.130/28

	ip address add dev $swp3 2001:db8:2::1/64

	ip address add dev $h3 2001:db8:2::2/64

}

cleanup()

{

	pre_cleanup

	ip address del dev $h3 2001:db8:2::2/64

	ip address del dev $swp3 2001:db8:2::1/64

	ip address del dev $h3 192.0.2.130/28

	ip address del dev $swp3 192.0.2.129/28

	local key=net.ipv6.conf.$swp3.keep_addr_on_down

	sysctl -qw $key=$SWP3_KEEP_ADDR_ON_DOWN

	mirror_gre_topo_destroy

	vrf_cleanup

}

test_span_gre_ttl()

{

	local tundev=$1; shift

	local type=$1; shift

	local prot=$1; shift

	local what=$1; shift

	RET=0

	mirror_install $swp1 ingress $tundev "matchall $tcflags"

	tc qdisc add dev $h3 clsact

	tc filter add dev $h3 ingress pref 77 prot $prot \

		flower ip_ttl 50 action pass

	mirror_test v$h1 192.0.2.1 192.0.2.2 $h3 77 0

	ip link set dev $tundev type $type ttl 50

	mirror_test v$h1 192.0.2.1 192.0.2.2 $h3 77 10

	ip link set dev $tundev type $type ttl 100

	tc filter del dev $h3 ingress pref 77

	tc qdisc del dev $h3 clsact

	mirror_uninstall $swp1 ingress

	log_test "$what: TTL change ($tcflags)"

}

test_span_gre_tun_up()

{

	local tundev=$1; shift

	local what=$1; shift

	RET=0

	ip link set dev $tundev down

	mirror_install $swp1 ingress $tundev "matchall $tcflags"

	fail_test_span_gre_dir $tundev ingress

	ip link set dev $tundev up

	quick_test_span_gre_dir $tundev ingress

	mirror_uninstall $swp1 ingress

	log_test "$what: tunnel down/up ($tcflags)"

}

test_span_gre_egress_up()

{

	local tundev=$1; shift

	local remote_ip=$1; shift

	local what=$1; shift

	RET=0

	ip link set dev $swp3 down

	mirror_install $swp1 ingress $tundev "matchall $tcflags"

	fail_test_span_gre_dir $tundev ingress

	# After setting the device up, wait for neighbor to get resolved so that

	# we can expect mirroring to work.

	ip link set dev $swp3 up

	while true; do

		ip neigh sh dev $swp3 $remote_ip nud reachable |

		    grep -q ^

		if [[ $? -ne 0 ]]; then

			sleep 1

		else

			break

		fi

	done

	quick_test_span_gre_dir $tundev ingress

	mirror_uninstall $swp1 ingress

	log_test "$what: egress down/up ($tcflags)"

}

test_span_gre_remote_ip()

{

	local tundev=$1; shift

	local type=$1; shift

	local correct_ip=$1; shift

	local wrong_ip=$1; shift

	local what=$1; shift

	RET=0

	ip link set dev $tundev type $type remote $wrong_ip

	mirror_install $swp1 ingress $tundev "matchall $tcflags"

	fail_test_span_gre_dir $tundev ingress

	ip link set dev $tundev type $type remote $correct_ip

	quick_test_span_gre_dir $tundev ingress

	mirror_uninstall $swp1 ingress

	log_test "$what: remote address change ($tcflags)"

}

test_all()

{

	slow_path_trap_install $swp1 ingress

	slow_path_trap_install $swp1 egress

	test_span_gre_ttl gt4 gretap ip "mirror to gretap"

	test_span_gre_ttl gt6 ip6gretap ipv6 "mirror to ip6gretap"

	test_span_gre_tun_up gt4 "mirror to gretap"

	test_span_gre_tun_up gt6 "mirror to ip6gretap"

	test_span_gre_egress_up gt4 192.0.2.130 "mirror to gretap"

	test_span_gre_egress_up gt6 2001:db8:2::2 "mirror to ip6gretap"

	test_span_gre_remote_ip gt4 gretap 192.0.2.130 192.0.2.132 "mirror to gretap"

	test_span_gre_remote_ip gt6 ip6gretap 2001:db8:2::2 2001:db8:2::4 "mirror to ip6gretap"

	slow_path_trap_uninstall $swp1 egress

	slow_path_trap_uninstall $swp1 ingress

}

trap cleanup EXIT

setup_prepare

setup_wait

tcflags="skip_hw"

test_all

if ! tc_offload_check; then

	echo "WARN: Could not test offloaded functionality"

else

	tcflags="skip_sw"

	test_all

fi

exit $EXIT_STATUS

#!/bin/bash

# SPDX-License-Identifier: GPL-2.0

# This test uses standard topology for testing gretap. See

# mirror_gre_topo_lib.sh for more details.

#

# This tests flower-triggered mirroring to gretap and ip6gretap netdevices. The

# interfaces on H1 and H2 have two addresses each. Flower match on one of the

# addresses is configured with mirror action. It is expected that when pinging

# this address, mirroring takes place, whereas when pinging the other one,

# there's no mirroring.

NUM_NETIFS=6

source lib.sh

source mirror_lib.sh

source mirror_gre_lib.sh

source mirror_gre_topo_lib.sh

setup_prepare()

{

	h1=${NETIFS[p1]}

	swp1=${NETIFS[p2]}

	swp2=${NETIFS[p3]}

	h2=${NETIFS[p4]}

	swp3=${NETIFS[p5]}

	h3=${NETIFS[p6]}

	vrf_prepare

	mirror_gre_topo_create

	ip address add dev $swp3 192.0.2.129/28

	ip address add dev $h3 192.0.2.130/28

	ip address add dev $swp3 2001:db8:2::1/64

	ip address add dev $h3 2001:db8:2::2/64

	ip address add dev $h1 192.0.2.3/28

	ip address add dev $h2 192.0.2.4/28

}

cleanup()

{

	pre_cleanup

	ip address del dev $h2 192.0.2.4/28

	ip address del dev $h1 192.0.2.3/28

	ip address del dev $h3 2001:db8:2::2/64

	ip address del dev $swp3 2001:db8:2::1/64

	ip address del dev $h3 192.0.2.130/28

	ip address del dev $swp3 192.0.2.129/28

	mirror_gre_topo_destroy

	vrf_cleanup

}

test_span_gre_dir_acl()

{

	test_span_gre_dir_ips "$@" 192.0.2.3 192.0.2.4

}

full_test_span_gre_dir_acl()

{

	local tundev=$1; shift

	local direction=$1; shift

	local forward_type=$1; shift

	local backward_type=$1; shift

	local match_dip=$1; shift

	local what=$1; shift

	mirror_install $swp1 $direction $tundev \

		       "protocol ip flower $tcflags dst_ip $match_dip"

	fail_test_span_gre_dir $tundev $direction

	test_span_gre_dir_acl "$tundev" "$direction" \

			  "$forward_type" "$backward_type"

	mirror_uninstall $swp1 $direction

	log_test "$direction $what ($tcflags)"

}

test_all()

{

	RET=0

	slow_path_trap_install $swp1 ingress

	slow_path_trap_install $swp1 egress

	full_test_span_gre_dir_acl gt4 ingress 8 0 192.0.2.4 "ACL mirror to gretap"

	full_test_span_gre_dir_acl gt6 ingress 8 0 192.0.2.4 "ACL mirror to ip6gretap"

	full_test_span_gre_dir_acl gt4 egress 0 8 192.0.2.3 "ACL mirror to gretap"

	full_test_span_gre_dir_acl gt6 egress 0 8 192.0.2.3 "ACL mirror to ip6gretap"

	slow_path_trap_uninstall $swp1 egress

	slow_path_trap_uninstall $swp1 ingress

}

trap cleanup EXIT

setup_prepare

setup_wait

tcflags="skip_hw"

test_all

if ! tc_offload_check; then

	echo "WARN: Could not test offloaded functionality"

else

	tcflags="skip_sw"

	test_all

fi

exit $EXIT_STATUS