tools/testing/selftests/net/forwarding/lib.sh at v5.0 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / tools / testing / selftests / net / forwarding / lib.sh
at v5.0 1017 lines 19 kB view raw
   1#!/bin/bash
   2# SPDX-License-Identifier: GPL-2.0
   3
   4##############################################################################
   5# Defines
   6
   7# Can be overridden by the configuration file.
   8PING=${PING:=ping}
   9PING6=${PING6:=ping6}
  10MZ=${MZ:=mausezahn}
  11ARPING=${ARPING:=arping}
  12TEAMD=${TEAMD:=teamd}
  13WAIT_TIME=${WAIT_TIME:=5}
  14PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
  15PAUSE_ON_CLEANUP=${PAUSE_ON_CLEANUP:=no}
  16NETIF_TYPE=${NETIF_TYPE:=veth}
  17NETIF_CREATE=${NETIF_CREATE:=yes}
  18MCD=${MCD:=smcrouted}
  19MC_CLI=${MC_CLI:=smcroutectl}
  20
  21relative_path="${BASH_SOURCE%/*}"
  22if [[ "$relative_path" == "${BASH_SOURCE}" ]]; then
  23	relative_path="."
  24fi
  25
  26if [[ -f $relative_path/forwarding.config ]]; then
  27	source "$relative_path/forwarding.config"
  28fi
  29
  30##############################################################################
  31# Sanity checks
  32
  33check_tc_version()
  34{
  35	tc -j &> /dev/null
  36	if [[ $? -ne 0 ]]; then
  37		echo "SKIP: iproute2 too old; tc is missing JSON support"
  38		exit 1
  39	fi
  40}
  41
  42check_tc_shblock_support()
  43{
  44	tc filter help 2>&1 | grep block &> /dev/null
  45	if [[ $? -ne 0 ]]; then
  46		echo "SKIP: iproute2 too old; tc is missing shared block support"
  47		exit 1
  48	fi
  49}
  50
  51check_tc_chain_support()
  52{
  53	tc help 2>&1|grep chain &> /dev/null
  54	if [[ $? -ne 0 ]]; then
  55		echo "SKIP: iproute2 too old; tc is missing chain support"
  56		exit 1
  57	fi
  58}
  59
  60if [[ "$(id -u)" -ne 0 ]]; then
  61	echo "SKIP: need root privileges"
  62	exit 0
  63fi
  64
  65if [[ "$CHECK_TC" = "yes" ]]; then
  66	check_tc_version
  67fi
  68
  69require_command()
  70{
  71	local cmd=$1; shift
  72
  73	if [[ ! -x "$(command -v "$cmd")" ]]; then
  74		echo "SKIP: $cmd not installed"
  75		exit 1
  76	fi
  77}
  78
  79require_command jq
  80require_command $MZ
  81
  82if [[ ! -v NUM_NETIFS ]]; then
  83	echo "SKIP: importer does not define \"NUM_NETIFS\""
  84	exit 1
  85fi
  86
  87##############################################################################
  88# Command line options handling
  89
  90count=0
  91
  92while [[ $# -gt 0 ]]; do
  93	if [[ "$count" -eq "0" ]]; then
  94		unset NETIFS
  95		declare -A NETIFS
  96	fi
  97	count=$((count + 1))
  98	NETIFS[p$count]="$1"
  99	shift
 100done
 101
 102##############################################################################
 103# Network interfaces configuration
 104
 105create_netif_veth()
 106{
 107	local i
 108
 109	for ((i = 1; i <= NUM_NETIFS; ++i)); do
 110		local j=$((i+1))
 111
 112		ip link show dev ${NETIFS[p$i]} &> /dev/null
 113		if [[ $? -ne 0 ]]; then
 114			ip link add ${NETIFS[p$i]} type veth \
 115				peer name ${NETIFS[p$j]}
 116			if [[ $? -ne 0 ]]; then
 117				echo "Failed to create netif"
 118				exit 1
 119			fi
 120		fi
 121		i=$j
 122	done
 123}
 124
 125create_netif()
 126{
 127	case "$NETIF_TYPE" in
 128	veth) create_netif_veth
 129	      ;;
 130	*) echo "Can not create interfaces of type \'$NETIF_TYPE\'"
 131	   exit 1
 132	   ;;
 133	esac
 134}
 135
 136if [[ "$NETIF_CREATE" = "yes" ]]; then
 137	create_netif
 138fi
 139
 140for ((i = 1; i <= NUM_NETIFS; ++i)); do
 141	ip link show dev ${NETIFS[p$i]} &> /dev/null
 142	if [[ $? -ne 0 ]]; then
 143		echo "SKIP: could not find all required interfaces"
 144		exit 1
 145	fi
 146done
 147
 148##############################################################################
 149# Helpers
 150
 151# Exit status to return at the end. Set in case one of the tests fails.
 152EXIT_STATUS=0
 153# Per-test return value. Clear at the beginning of each test.
 154RET=0
 155
 156check_err()
 157{
 158	local err=$1
 159	local msg=$2
 160
 161	if [[ $RET -eq 0 && $err -ne 0 ]]; then
 162		RET=$err
 163		retmsg=$msg
 164	fi
 165}
 166
 167check_fail()
 168{
 169	local err=$1
 170	local msg=$2
 171
 172	if [[ $RET -eq 0 && $err -eq 0 ]]; then
 173		RET=1
 174		retmsg=$msg
 175	fi
 176}
 177
 178check_err_fail()
 179{
 180	local should_fail=$1; shift
 181	local err=$1; shift
 182	local what=$1; shift
 183
 184	if ((should_fail)); then
 185		check_fail $err "$what succeeded, but should have failed"
 186	else
 187		check_err $err "$what failed"
 188	fi
 189}
 190
 191log_test()
 192{
 193	local test_name=$1
 194	local opt_str=$2
 195
 196	if [[ $# -eq 2 ]]; then
 197		opt_str="($opt_str)"
 198	fi
 199
 200	if [[ $RET -ne 0 ]]; then
 201		EXIT_STATUS=1
 202		printf "TEST: %-60s  [FAIL]\n" "$test_name $opt_str"
 203		if [[ ! -z "$retmsg" ]]; then
 204			printf "\t%s\n" "$retmsg"
 205		fi
 206		if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
 207			echo "Hit enter to continue, 'q' to quit"
 208			read a
 209			[ "$a" = "q" ] && exit 1
 210		fi
 211		return 1
 212	fi
 213
 214	printf "TEST: %-60s  [PASS]\n" "$test_name $opt_str"
 215	return 0
 216}
 217
 218log_info()
 219{
 220	local msg=$1
 221
 222	echo "INFO: $msg"
 223}
 224
 225setup_wait_dev()
 226{
 227	local dev=$1; shift
 228
 229	while true; do
 230		ip link show dev $dev up \
 231			| grep 'state UP' &> /dev/null
 232		if [[ $? -ne 0 ]]; then
 233			sleep 1
 234		else
 235			break
 236		fi
 237	done
 238}
 239
 240setup_wait()
 241{
 242	local num_netifs=${1:-$NUM_NETIFS}
 243
 244	for ((i = 1; i <= num_netifs; ++i)); do
 245		setup_wait_dev ${NETIFS[p$i]}
 246	done
 247
 248	# Make sure links are ready.
 249	sleep $WAIT_TIME
 250}
 251
 252lldpad_app_wait_set()
 253{
 254	local dev=$1; shift
 255
 256	while lldptool -t -i $dev -V APP -c app | grep -Eq "pending|unknown"; do
 257		echo "$dev: waiting for lldpad to push pending APP updates"
 258		sleep 5
 259	done
 260}
 261
 262lldpad_app_wait_del()
 263{
 264	# Give lldpad a chance to push down the changes. If the device is downed
 265	# too soon, the updates will be left pending. However, they will have
 266	# been struck off the lldpad's DB already, so we won't be able to tell
 267	# they are pending. Then on next test iteration this would cause
 268	# weirdness as newly-added APP rules conflict with the old ones,
 269	# sometimes getting stuck in an "unknown" state.
 270	sleep 5
 271}
 272
 273pre_cleanup()
 274{
 275	if [ "${PAUSE_ON_CLEANUP}" = "yes" ]; then
 276		echo "Pausing before cleanup, hit any key to continue"
 277		read
 278	fi
 279}
 280
 281vrf_prepare()
 282{
 283	ip -4 rule add pref 32765 table local
 284	ip -4 rule del pref 0
 285	ip -6 rule add pref 32765 table local
 286	ip -6 rule del pref 0
 287}
 288
 289vrf_cleanup()
 290{
 291	ip -6 rule add pref 0 table local
 292	ip -6 rule del pref 32765
 293	ip -4 rule add pref 0 table local
 294	ip -4 rule del pref 32765
 295}
 296
 297__last_tb_id=0
 298declare -A __TB_IDS
 299
 300__vrf_td_id_assign()
 301{
 302	local vrf_name=$1
 303
 304	__last_tb_id=$((__last_tb_id + 1))
 305	__TB_IDS[$vrf_name]=$__last_tb_id
 306	return $__last_tb_id
 307}
 308
 309__vrf_td_id_lookup()
 310{
 311	local vrf_name=$1
 312
 313	return ${__TB_IDS[$vrf_name]}
 314}
 315
 316vrf_create()
 317{
 318	local vrf_name=$1
 319	local tb_id
 320
 321	__vrf_td_id_assign $vrf_name
 322	tb_id=$?
 323
 324	ip link add dev $vrf_name type vrf table $tb_id
 325	ip -4 route add table $tb_id unreachable default metric 4278198272
 326	ip -6 route add table $tb_id unreachable default metric 4278198272
 327}
 328
 329vrf_destroy()
 330{
 331	local vrf_name=$1
 332	local tb_id
 333
 334	__vrf_td_id_lookup $vrf_name
 335	tb_id=$?
 336
 337	ip -6 route del table $tb_id unreachable default metric 4278198272
 338	ip -4 route del table $tb_id unreachable default metric 4278198272
 339	ip link del dev $vrf_name
 340}
 341
 342__addr_add_del()
 343{
 344	local if_name=$1
 345	local add_del=$2
 346	local array
 347
 348	shift
 349	shift
 350	array=("${@}")
 351
 352	for addrstr in "${array[@]}"; do
 353		ip address $add_del $addrstr dev $if_name
 354	done
 355}
 356
 357__simple_if_init()
 358{
 359	local if_name=$1; shift
 360	local vrf_name=$1; shift
 361	local addrs=("${@}")
 362
 363	ip link set dev $if_name master $vrf_name
 364	ip link set dev $if_name up
 365
 366	__addr_add_del $if_name add "${addrs[@]}"
 367}
 368
 369__simple_if_fini()
 370{
 371	local if_name=$1; shift
 372	local addrs=("${@}")
 373
 374	__addr_add_del $if_name del "${addrs[@]}"
 375
 376	ip link set dev $if_name down
 377	ip link set dev $if_name nomaster
 378}
 379
 380simple_if_init()
 381{
 382	local if_name=$1
 383	local vrf_name
 384	local array
 385
 386	shift
 387	vrf_name=v$if_name
 388	array=("${@}")
 389
 390	vrf_create $vrf_name
 391	ip link set dev $vrf_name up
 392	__simple_if_init $if_name $vrf_name "${array[@]}"
 393}
 394
 395simple_if_fini()
 396{
 397	local if_name=$1
 398	local vrf_name
 399	local array
 400
 401	shift
 402	vrf_name=v$if_name
 403	array=("${@}")
 404
 405	__simple_if_fini $if_name "${array[@]}"
 406	vrf_destroy $vrf_name
 407}
 408
 409tunnel_create()
 410{
 411	local name=$1; shift
 412	local type=$1; shift
 413	local local=$1; shift
 414	local remote=$1; shift
 415
 416	ip link add name $name type $type \
 417	   local $local remote $remote "$@"
 418	ip link set dev $name up
 419}
 420
 421tunnel_destroy()
 422{
 423	local name=$1; shift
 424
 425	ip link del dev $name
 426}
 427
 428vlan_create()
 429{
 430	local if_name=$1; shift
 431	local vid=$1; shift
 432	local vrf=$1; shift
 433	local ips=("${@}")
 434	local name=$if_name.$vid
 435
 436	ip link add name $name link $if_name type vlan id $vid
 437	if [ "$vrf" != "" ]; then
 438		ip link set dev $name master $vrf
 439	fi
 440	ip link set dev $name up
 441	__addr_add_del $name add "${ips[@]}"
 442}
 443
 444vlan_destroy()
 445{
 446	local if_name=$1; shift
 447	local vid=$1; shift
 448	local name=$if_name.$vid
 449
 450	ip link del dev $name
 451}
 452
 453team_create()
 454{
 455	local if_name=$1; shift
 456	local mode=$1; shift
 457
 458	require_command $TEAMD
 459	$TEAMD -t $if_name -d -c '{"runner": {"name": "'$mode'"}}'
 460	for slave in "$@"; do
 461		ip link set dev $slave down
 462		ip link set dev $slave master $if_name
 463		ip link set dev $slave up
 464	done
 465	ip link set dev $if_name up
 466}
 467
 468team_destroy()
 469{
 470	local if_name=$1; shift
 471
 472	$TEAMD -t $if_name -k
 473}
 474
 475master_name_get()
 476{
 477	local if_name=$1
 478
 479	ip -j link show dev $if_name | jq -r '.[]["master"]'
 480}
 481
 482link_stats_get()
 483{
 484	local if_name=$1; shift
 485	local dir=$1; shift
 486	local stat=$1; shift
 487
 488	ip -j -s link show dev $if_name \
 489		| jq '.[]["stats64"]["'$dir'"]["'$stat'"]'
 490}
 491
 492link_stats_tx_packets_get()
 493{
 494	link_stats_get $1 tx packets
 495}
 496
 497link_stats_rx_errors_get()
 498{
 499	link_stats_get $1 rx errors
 500}
 501
 502tc_rule_stats_get()
 503{
 504	local dev=$1; shift
 505	local pref=$1; shift
 506	local dir=$1; shift
 507
 508	tc -j -s filter show dev $dev ${dir:-ingress} pref $pref \
 509	    | jq '.[1].options.actions[].stats.packets'
 510}
 511
 512ethtool_stats_get()
 513{
 514	local dev=$1; shift
 515	local stat=$1; shift
 516
 517	ethtool -S $dev | grep "^ *$stat:" | head -n 1 | cut -d: -f2
 518}
 519
 520mac_get()
 521{
 522	local if_name=$1
 523
 524	ip -j link show dev $if_name | jq -r '.[]["address"]'
 525}
 526
 527bridge_ageing_time_get()
 528{
 529	local bridge=$1
 530	local ageing_time
 531
 532	# Need to divide by 100 to convert to seconds.
 533	ageing_time=$(ip -j -d link show dev $bridge \
 534		      | jq '.[]["linkinfo"]["info_data"]["ageing_time"]')
 535	echo $((ageing_time / 100))
 536}
 537
 538declare -A SYSCTL_ORIG
 539sysctl_set()
 540{
 541	local key=$1; shift
 542	local value=$1; shift
 543
 544	SYSCTL_ORIG[$key]=$(sysctl -n $key)
 545	sysctl -qw $key=$value
 546}
 547
 548sysctl_restore()
 549{
 550	local key=$1; shift
 551
 552	sysctl -qw $key=${SYSCTL_ORIG["$key"]}
 553}
 554
 555forwarding_enable()
 556{
 557	sysctl_set net.ipv4.conf.all.forwarding 1
 558	sysctl_set net.ipv6.conf.all.forwarding 1
 559}
 560
 561forwarding_restore()
 562{
 563	sysctl_restore net.ipv6.conf.all.forwarding
 564	sysctl_restore net.ipv4.conf.all.forwarding
 565}
 566
 567declare -A MTU_ORIG
 568mtu_set()
 569{
 570	local dev=$1; shift
 571	local mtu=$1; shift
 572
 573	MTU_ORIG["$dev"]=$(ip -j link show dev $dev | jq -e '.[].mtu')
 574	ip link set dev $dev mtu $mtu
 575}
 576
 577mtu_restore()
 578{
 579	local dev=$1; shift
 580
 581	ip link set dev $dev mtu ${MTU_ORIG["$dev"]}
 582}
 583
 584tc_offload_check()
 585{
 586	local num_netifs=${1:-$NUM_NETIFS}
 587
 588	for ((i = 1; i <= num_netifs; ++i)); do
 589		ethtool -k ${NETIFS[p$i]} \
 590			| grep "hw-tc-offload: on" &> /dev/null
 591		if [[ $? -ne 0 ]]; then
 592			return 1
 593		fi
 594	done
 595
 596	return 0
 597}
 598
 599trap_install()
 600{
 601	local dev=$1; shift
 602	local direction=$1; shift
 603
 604	# Some devices may not support or need in-hardware trapping of traffic
 605	# (e.g. the veth pairs that this library creates for non-existent
 606	# loopbacks). Use continue instead, so that there is a filter in there
 607	# (some tests check counters), and so that other filters are still
 608	# processed.
 609	tc filter add dev $dev $direction pref 1 \
 610		flower skip_sw action trap 2>/dev/null \
 611	    || tc filter add dev $dev $direction pref 1 \
 612		       flower action continue
 613}
 614
 615trap_uninstall()
 616{
 617	local dev=$1; shift
 618	local direction=$1; shift
 619
 620	tc filter del dev $dev $direction pref 1 flower
 621}
 622
 623slow_path_trap_install()
 624{
 625	# For slow-path testing, we need to install a trap to get to
 626	# slow path the packets that would otherwise be switched in HW.
 627	if [ "${tcflags/skip_hw}" != "$tcflags" ]; then
 628		trap_install "$@"
 629	fi
 630}
 631
 632slow_path_trap_uninstall()
 633{
 634	if [ "${tcflags/skip_hw}" != "$tcflags" ]; then
 635		trap_uninstall "$@"
 636	fi
 637}
 638
 639__icmp_capture_add_del()
 640{
 641	local add_del=$1; shift
 642	local pref=$1; shift
 643	local vsuf=$1; shift
 644	local tundev=$1; shift
 645	local filter=$1; shift
 646
 647	tc filter $add_del dev "$tundev" ingress \
 648	   proto ip$vsuf pref $pref \
 649	   flower ip_proto icmp$vsuf $filter \
 650	   action pass
 651}
 652
 653icmp_capture_install()
 654{
 655	__icmp_capture_add_del add 100 "" "$@"
 656}
 657
 658icmp_capture_uninstall()
 659{
 660	__icmp_capture_add_del del 100 "" "$@"
 661}
 662
 663icmp6_capture_install()
 664{
 665	__icmp_capture_add_del add 100 v6 "$@"
 666}
 667
 668icmp6_capture_uninstall()
 669{
 670	__icmp_capture_add_del del 100 v6 "$@"
 671}
 672
 673__vlan_capture_add_del()
 674{
 675	local add_del=$1; shift
 676	local pref=$1; shift
 677	local dev=$1; shift
 678	local filter=$1; shift
 679
 680	tc filter $add_del dev "$dev" ingress \
 681	   proto 802.1q pref $pref \
 682	   flower $filter \
 683	   action pass
 684}
 685
 686vlan_capture_install()
 687{
 688	__vlan_capture_add_del add 100 "$@"
 689}
 690
 691vlan_capture_uninstall()
 692{
 693	__vlan_capture_add_del del 100 "$@"
 694}
 695
 696__dscp_capture_add_del()
 697{
 698	local add_del=$1; shift
 699	local dev=$1; shift
 700	local base=$1; shift
 701	local dscp;
 702
 703	for prio in {0..7}; do
 704		dscp=$((base + prio))
 705		__icmp_capture_add_del $add_del $((dscp + 100)) "" $dev \
 706				       "skip_hw ip_tos $((dscp << 2))"
 707	done
 708}
 709
 710dscp_capture_install()
 711{
 712	local dev=$1; shift
 713	local base=$1; shift
 714
 715	__dscp_capture_add_del add $dev $base
 716}
 717
 718dscp_capture_uninstall()
 719{
 720	local dev=$1; shift
 721	local base=$1; shift
 722
 723	__dscp_capture_add_del del $dev $base
 724}
 725
 726dscp_fetch_stats()
 727{
 728	local dev=$1; shift
 729	local base=$1; shift
 730
 731	for prio in {0..7}; do
 732		local dscp=$((base + prio))
 733		local t=$(tc_rule_stats_get $dev $((dscp + 100)))
 734		echo "[$dscp]=$t "
 735	done
 736}
 737
 738matchall_sink_create()
 739{
 740	local dev=$1; shift
 741
 742	tc qdisc add dev $dev clsact
 743	tc filter add dev $dev ingress \
 744	   pref 10000 \
 745	   matchall \
 746	   action drop
 747}
 748
 749tests_run()
 750{
 751	local current_test
 752
 753	for current_test in ${TESTS:-$ALL_TESTS}; do
 754		$current_test
 755	done
 756}
 757
 758multipath_eval()
 759{
 760	local desc="$1"
 761	local weight_rp12=$2
 762	local weight_rp13=$3
 763	local packets_rp12=$4
 764	local packets_rp13=$5
 765	local weights_ratio packets_ratio diff
 766
 767	RET=0
 768
 769	if [[ "$weight_rp12" -gt "$weight_rp13" ]]; then
 770		weights_ratio=$(echo "scale=2; $weight_rp12 / $weight_rp13" \
 771				| bc -l)
 772	else
 773		weights_ratio=$(echo "scale=2; $weight_rp13 / $weight_rp12" \
 774				| bc -l)
 775	fi
 776
 777	if [[ "$packets_rp12" -eq "0" || "$packets_rp13" -eq "0" ]]; then
 778	       check_err 1 "Packet difference is 0"
 779	       log_test "Multipath"
 780	       log_info "Expected ratio $weights_ratio"
 781	       return
 782	fi
 783
 784	if [[ "$weight_rp12" -gt "$weight_rp13" ]]; then
 785		packets_ratio=$(echo "scale=2; $packets_rp12 / $packets_rp13" \
 786				| bc -l)
 787	else
 788		packets_ratio=$(echo "scale=2; $packets_rp13 / $packets_rp12" \
 789				| bc -l)
 790	fi
 791
 792	diff=$(echo $weights_ratio - $packets_ratio | bc -l)
 793	diff=${diff#-}
 794
 795	test "$(echo "$diff / $weights_ratio > 0.15" | bc -l)" -eq 0
 796	check_err $? "Too large discrepancy between expected and measured ratios"
 797	log_test "$desc"
 798	log_info "Expected ratio $weights_ratio Measured ratio $packets_ratio"
 799}
 800
 801in_ns()
 802{
 803	local name=$1; shift
 804
 805	ip netns exec $name bash <<-EOF
 806		NUM_NETIFS=0
 807		source lib.sh
 808		$(for a in "$@"; do printf "%q${IFS:0:1}" "$a"; done)
 809	EOF
 810}
 811
 812##############################################################################
 813# Tests
 814
 815ping_do()
 816{
 817	local if_name=$1
 818	local dip=$2
 819	local args=$3
 820	local vrf_name
 821
 822	vrf_name=$(master_name_get $if_name)
 823	ip vrf exec $vrf_name $PING $args $dip -c 10 -i 0.1 -w 2 &> /dev/null
 824}
 825
 826ping_test()
 827{
 828	RET=0
 829
 830	ping_do $1 $2
 831	check_err $?
 832	log_test "ping$3"
 833}
 834
 835ping6_do()
 836{
 837	local if_name=$1
 838	local dip=$2
 839	local args=$3
 840	local vrf_name
 841
 842	vrf_name=$(master_name_get $if_name)
 843	ip vrf exec $vrf_name $PING6 $args $dip -c 10 -i 0.1 -w 2 &> /dev/null
 844}
 845
 846ping6_test()
 847{
 848	RET=0
 849
 850	ping6_do $1 $2
 851	check_err $?
 852	log_test "ping6$3"
 853}
 854
 855learning_test()
 856{
 857	local bridge=$1
 858	local br_port1=$2	# Connected to `host1_if`.
 859	local host1_if=$3
 860	local host2_if=$4
 861	local mac=de:ad:be:ef:13:37
 862	local ageing_time
 863
 864	RET=0
 865
 866	bridge -j fdb show br $bridge brport $br_port1 \
 867		| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
 868	check_fail $? "Found FDB record when should not"
 869
 870	# Disable unknown unicast flooding on `br_port1` to make sure
 871	# packets are only forwarded through the port after a matching
 872	# FDB entry was installed.
 873	bridge link set dev $br_port1 flood off
 874
 875	tc qdisc add dev $host1_if ingress
 876	tc filter add dev $host1_if ingress protocol ip pref 1 handle 101 \
 877		flower dst_mac $mac action drop
 878
 879	$MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
 880	sleep 1
 881
 882	tc -j -s filter show dev $host1_if ingress \
 883		| jq -e ".[] | select(.options.handle == 101) \
 884		| select(.options.actions[0].stats.packets == 1)" &> /dev/null
 885	check_fail $? "Packet reached second host when should not"
 886
 887	$MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
 888	sleep 1
 889
 890	bridge -j fdb show br $bridge brport $br_port1 \
 891		| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
 892	check_err $? "Did not find FDB record when should"
 893
 894	$MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
 895	sleep 1
 896
 897	tc -j -s filter show dev $host1_if ingress \
 898		| jq -e ".[] | select(.options.handle == 101) \
 899		| select(.options.actions[0].stats.packets == 1)" &> /dev/null
 900	check_err $? "Packet did not reach second host when should"
 901
 902	# Wait for 10 seconds after the ageing time to make sure FDB
 903	# record was aged-out.
 904	ageing_time=$(bridge_ageing_time_get $bridge)
 905	sleep $((ageing_time + 10))
 906
 907	bridge -j fdb show br $bridge brport $br_port1 \
 908		| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
 909	check_fail $? "Found FDB record when should not"
 910
 911	bridge link set dev $br_port1 learning off
 912
 913	$MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
 914	sleep 1
 915
 916	bridge -j fdb show br $bridge brport $br_port1 \
 917		| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
 918	check_fail $? "Found FDB record when should not"
 919
 920	bridge link set dev $br_port1 learning on
 921
 922	tc filter del dev $host1_if ingress protocol ip pref 1 handle 101 flower
 923	tc qdisc del dev $host1_if ingress
 924
 925	bridge link set dev $br_port1 flood on
 926
 927	log_test "FDB learning"
 928}
 929
 930flood_test_do()
 931{
 932	local should_flood=$1
 933	local mac=$2
 934	local ip=$3
 935	local host1_if=$4
 936	local host2_if=$5
 937	local err=0
 938
 939	# Add an ACL on `host2_if` which will tell us whether the packet
 940	# was flooded to it or not.
 941	tc qdisc add dev $host2_if ingress
 942	tc filter add dev $host2_if ingress protocol ip pref 1 handle 101 \
 943		flower dst_mac $mac action drop
 944
 945	$MZ $host1_if -c 1 -p 64 -b $mac -B $ip -t ip -q
 946	sleep 1
 947
 948	tc -j -s filter show dev $host2_if ingress \
 949		| jq -e ".[] | select(.options.handle == 101) \
 950		| select(.options.actions[0].stats.packets == 1)" &> /dev/null
 951	if [[ $? -ne 0 && $should_flood == "true" || \
 952	      $? -eq 0 && $should_flood == "false" ]]; then
 953		err=1
 954	fi
 955
 956	tc filter del dev $host2_if ingress protocol ip pref 1 handle 101 flower
 957	tc qdisc del dev $host2_if ingress
 958
 959	return $err
 960}
 961
 962flood_unicast_test()
 963{
 964	local br_port=$1
 965	local host1_if=$2
 966	local host2_if=$3
 967	local mac=de:ad:be:ef:13:37
 968	local ip=192.0.2.100
 969
 970	RET=0
 971
 972	bridge link set dev $br_port flood off
 973
 974	flood_test_do false $mac $ip $host1_if $host2_if
 975	check_err $? "Packet flooded when should not"
 976
 977	bridge link set dev $br_port flood on
 978
 979	flood_test_do true $mac $ip $host1_if $host2_if
 980	check_err $? "Packet was not flooded when should"
 981
 982	log_test "Unknown unicast flood"
 983}
 984
 985flood_multicast_test()
 986{
 987	local br_port=$1
 988	local host1_if=$2
 989	local host2_if=$3
 990	local mac=01:00:5e:00:00:01
 991	local ip=239.0.0.1
 992
 993	RET=0
 994
 995	bridge link set dev $br_port mcast_flood off
 996
 997	flood_test_do false $mac $ip $host1_if $host2_if
 998	check_err $? "Packet flooded when should not"
 999
1000	bridge link set dev $br_port mcast_flood on
1001
1002	flood_test_do true $mac $ip $host1_if $host2_if
1003	check_err $? "Packet was not flooded when should"
1004
1005	log_test "Unregistered multicast flood"
1006}
1007
1008flood_test()
1009{
1010	# `br_port` is connected to `host2_if`
1011	local br_port=$1
1012	local host1_if=$2
1013	local host2_if=$3
1014
1015	flood_unicast_test $br_port $host1_if $host2_if
1016	flood_multicast_test $br_port $host1_if $host2_if
1017}