Add test to make sure that the localbypass option is on by default.
Add test to change vxlan localbypass to nolocalbypass and check that packets are delivered to userspace.
Signed-off-by: Vladimir Nikishkin vladimir@nikishkin.pw --- tools/testing/selftests/net/Makefile | 1 + .../selftests/net/test_vxlan_nolocalbypass.sh | 234 ++++++++++++++++++ 2 files changed, 235 insertions(+) create mode 100755 tools/testing/selftests/net/test_vxlan_nolocalbypass.sh
diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile index c12df57d5539..7f3ab2a93ed6 100644 --- a/tools/testing/selftests/net/Makefile +++ b/tools/testing/selftests/net/Makefile @@ -84,6 +84,7 @@ TEST_GEN_FILES += ip_local_port_range TEST_GEN_FILES += bind_wildcard TEST_PROGS += test_vxlan_mdb.sh TEST_PROGS += test_bridge_neigh_suppress.sh +TEST_PROGS += test_vxlan_nolocalbypass.sh
TEST_FILES := settings
diff --git a/tools/testing/selftests/net/test_vxlan_nolocalbypass.sh b/tools/testing/selftests/net/test_vxlan_nolocalbypass.sh new file mode 100755 index 000000000000..d8e48ab1e7e0 --- /dev/null +++ b/tools/testing/selftests/net/test_vxlan_nolocalbypass.sh @@ -0,0 +1,234 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +# This file is testing that the [no]localbypass option for a vxlan device is +# working. With the nolocalbypass option, packets to a local destination, which +# have no corresponding vxlan in the kernel, will be delivered to userspace, for +# any userspace process to process. In this test tcpdump plays the role of such a +# process. This is what the test 1 is checking. +# The test 2 checks that without the nolocalbypass (which is equivalent to the +# localbypass option), the packets do not reach userspace. + +EXIT_SUCCESS=0 +EXIT_FAIL=1 +ksft_skip=4 +nsuccess=0 +nfail=0 + +ret=0 + +TESTS=" +changelink_nolocalbypass_simple +" +VERBOSE=0 +PAUSE_ON_FAIL=no +PAUSE=no + + +NETNS_NAME=vxlan_nolocalbypass_test + +################################################################################ +# Utilities + +log_test() +{ + local rc=$1 + local expected=$2 + local msg="$3" + + if [ ${rc} -eq ${expected} ]; then + printf "TEST: %-60s [ OK ]\n" "${msg}" + nsuccess=$((nsuccess+1)) + else + ret=1 + nfail=$((nfail+1)) + printf "TEST: %-60s [FAIL]\n" "${msg}" + if [ "$VERBOSE" = "1" ]; then + echo " rc=$rc, expected $expected" + fi + + if [ "${PAUSE_ON_FAIL}" = "yes" ]; then + echo + echo "hit enter to continue, 'q' to quit" + read a + [ "$a" = "q" ] && exit 1 + fi + fi + + if [ "${PAUSE}" = "yes" ]; then + echo + echo "hit enter to continue, 'q' to quit" + read a + [ "$a" = "q" ] && exit 1 + fi + + [ "$VERBOSE" = "1" ] && echo +} + +run_cmd() +{ + local cmd="$1" + local out + local stderr="2>/dev/null" + + if [ "$VERBOSE" = "1" ]; then + printf "COMMAND: $cmd\n" + stderr= + fi + + out=$(eval $cmd $stderr) + rc=$? + if [ "$VERBOSE" = "1" -a -n "$out" ]; then + echo " $out" + fi + + return $rc +} + +socat_check_packets() +{ + echo TODO + exit 1 +} + +################################################################################ +# Setup + +setup() +{ + ip netns add "$NETNS_NAME" + ip -n "$NETNS_NAME" link set up lo + ip -n "$NETNS_NAME" addr add 127.0.0.1 dev lo +} + +cleanup() +{ + ip netns del "$NETNS_NAME" +} + + +################################################################################ +# Tests + +changelink_nolocalbypass_simple() +{ + # test 1: by default, packets are dropped + + run_cmd "ip -n $NETNS_NAME link add testvxlan0 type vxlan \ + id 100 \ + dstport 4789 \ + srcport 4789 4790 \ + nolearning noproxy" + log_test $? 0 "Create vxlan with localbypass by default" + run_cmd "ip -n $NETNS_NAME link set up dev testvxlan0" + log_test $? 0 "Bring up vxlan device" + run_cmd "bridge -n $NETNS_NAME fdb add 00:00:00:00:00:00 dev testvxlan0 dst 127.0.0.1 port 4792" + log_test $? 0 "Add the most general fdb entry" + run_cmd "ip -n $NETNS_NAME address add 172.16.100.1/24 dev testvxlan0" + + local tmp_file="$(mktemp)" + ip netns exec $NETNS_NAME socat UDP4-LISTEN:4792,fork "$tmp_file" & + + run_cmd "ip netns exec $NETNS_NAME timeout 3 ping 172.16.100.2" + + l_size=$(stat -c '%s' "$tmp_file" | tr -d '\n') + log_test $l_size 0 " Packets dropped by default." + + { kill %% && wait %%; } 2>/dev/null + rm -rf "$tmp_file" + touch "$tmp_file" + # test 2: nolocalbypass works + + run_cmd "ip -n $NETNS_NAME link set testvxlan0 type vxlan nolocalbypass" + + ip netns exec $NETNS_NAME socat UDP4-LISTEN:4792,fork "$tmp_file" & + sleep 1 + run_cmd "ip netns exec $NETNS_NAME timeout 3 ping 172.16.100.2" + + l_size=$(stat -c '%s' "$tmp_file" | tr -d '\n') + if [[ "$l_size" != 0 ]] ; then + log_test 1 1 " Packets dropped by default." + else + log_test 0 1 " Packets dropped by default." + fi + + run_cmd "ip -n $NETNS_NAME link del dev testvxlan0 1>/dev/null 2>&1" + + { kill %% && wait %%; } 2>/dev/null + rm -rf "$tmp_file" + +} + +################################################################################ +# Usage + +usage() +{ + cat <<EOF +usage: ${0##*/} OPTS + + -t <test> Test(s) to run (default: all) + (options: $TESTS) + -p Pause on fail + -P Pause after each test before cleanup + -v Verbose mode (show commands and output) +EOF +} + +################################################################################ +# Main + +trap cleanup EXIT + +while getopts ":t:pPvh" opt; do + case $opt in + t) TESTS=$OPTARG ;; + p) PAUSE_ON_FAIL=yes;; + P) PAUSE=yes;; + v) VERBOSE=$(($VERBOSE + 1));; + h) usage; exit 0;; + *) usage; exit 1;; + esac +done + +# Make sure we don't pause twice. +[ "${PAUSE}" = "yes" ] && PAUSE_ON_FAIL=no + +if [ "$(id -u)" -ne 0 ];then + echo "SKIP: Need root privileges" + exit $ksft_skip; +fi + +if [ ! -x "$(command -v ip)" ]; then + echo "SKIP: Could not run test without ip tool" + exit $ksft_skip +fi + +if [ ! -x "$(command -v bridge)" ]; then + echo "SKIP: Could not run test without bridge tool" + exit $ksft_skip +fi +if [ ! -x "$(command -v socat)" ]; then + echo "socat command not found. Skipping test" + return 1 +fi + +ip link help vxlan 2>&1 | grep -q "localbypass" +if [ $? -ne 0 ]; then + echo "SKIP: iproute2 ip too old, missing VXLAN nolocalbypass support" + exit $ksft_skip +fi + +cleanup + +for t in $TESTS +do + setup; $t; cleanup; +done + +if [ "$TESTS" != "none" ]; then + printf "\nTests passed: %3d\n" ${nsuccess} + printf "Tests failed: %3d\n" ${nfail} +fi + +exit $ret