tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selftests: net: Add a selftest for VXLAN with FDB nexthop groups

Add test cases for VXLAN with FDB nexthop groups, testing both IPv4 and
IPv6. Test basic Tx functionality as well as some corner cases.

Example output:

# ./test_vxlan_nh.sh
TEST: VXLAN FDB nexthop: IPv4 basic Tx [ OK ]
TEST: VXLAN FDB nexthop: IPv6 basic Tx [ OK ]
TEST: VXLAN FDB nexthop: learning [ OK ]
TEST: VXLAN FDB nexthop: IPv4 proxy [ OK ]
TEST: VXLAN FDB nexthop: IPv6 proxy [ OK ]

Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://patch.msgid.link/20250901065035.159644-4-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Ido Schimmel and committed by
Jakub Kicinski 2c9fb925 1f5d2fd1

+224
+1
tools/testing/selftests/net/Makefile
··· 99 99 TEST_GEN_PROGS += bind_timewait 100 100 TEST_PROGS += test_vxlan_mdb.sh 101 101 TEST_PROGS += test_bridge_neigh_suppress.sh 102 + TEST_PROGS += test_vxlan_nh.sh 102 103 TEST_PROGS += test_vxlan_nolocalbypass.sh 103 104 TEST_PROGS += test_bridge_backup_port.sh 104 105 TEST_PROGS += test_neigh.sh
+223
tools/testing/selftests/net/test_vxlan_nh.sh
··· 1 + #!/bin/bash 2 + # SPDX-License-Identifier: GPL-2.0 3 + 4 + source lib.sh 5 + TESTS=" 6 + basic_tx_ipv4 7 + basic_tx_ipv6 8 + learning 9 + proxy_ipv4 10 + proxy_ipv6 11 + " 12 + VERBOSE=0 13 + 14 + ################################################################################ 15 + # Utilities 16 + 17 + run_cmd() 18 + { 19 + local cmd="$1" 20 + local out 21 + local stderr="2>/dev/null" 22 + 23 + if [ "$VERBOSE" = "1" ]; then 24 + echo "COMMAND: $cmd" 25 + stderr= 26 + fi 27 + 28 + out=$(eval "$cmd" "$stderr") 29 + rc=$? 30 + if [ "$VERBOSE" -eq 1 ] && [ -n "$out" ]; then 31 + echo " $out" 32 + fi 33 + 34 + return $rc 35 + } 36 + 37 + ################################################################################ 38 + # Cleanup 39 + 40 + exit_cleanup_all() 41 + { 42 + cleanup_all_ns 43 + exit "${EXIT_STATUS}" 44 + } 45 + 46 + ################################################################################ 47 + # Tests 48 + 49 + nh_stats_get() 50 + { 51 + ip -n "$ns1" -s -j nexthop show id 10 | jq ".[][\"group_stats\"][][\"packets\"]" 52 + } 53 + 54 + tc_stats_get() 55 + { 56 + tc_rule_handle_stats_get "dev dummy1 egress" 101 ".packets" "-n $ns1" 57 + } 58 + 59 + basic_tx_common() 60 + { 61 + local af_str=$1; shift 62 + local proto=$1; shift 63 + local local_addr=$1; shift 64 + local plen=$1; shift 65 + local remote_addr=$1; shift 66 + 67 + RET=0 68 + 69 + # Test basic Tx functionality. Check that stats are incremented on 70 + # both the FDB nexthop group and the egress device. 71 + 72 + run_cmd "ip -n $ns1 link add name dummy1 up type dummy" 73 + run_cmd "ip -n $ns1 route add $remote_addr/$plen dev dummy1" 74 + run_cmd "tc -n $ns1 qdisc add dev dummy1 clsact" 75 + run_cmd "tc -n $ns1 filter add dev dummy1 egress proto $proto pref 1 handle 101 flower ip_proto udp dst_ip $remote_addr dst_port 4789 action pass" 76 + 77 + run_cmd "ip -n $ns1 address add $local_addr/$plen dev lo" 78 + 79 + run_cmd "ip -n $ns1 nexthop add id 1 via $remote_addr fdb" 80 + run_cmd "ip -n $ns1 nexthop add id 10 group 1 fdb" 81 + 82 + run_cmd "ip -n $ns1 link add name vx0 up type vxlan id 10010 local $local_addr dstport 4789" 83 + run_cmd "bridge -n $ns1 fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10" 84 + 85 + run_cmd "ip netns exec $ns1 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 1 -q" 86 + 87 + busywait "$BUSYWAIT_TIMEOUT" until_counter_is "== 1" nh_stats_get > /dev/null 88 + check_err $? "FDB nexthop group stats did not increase" 89 + 90 + busywait "$BUSYWAIT_TIMEOUT" until_counter_is "== 1" tc_stats_get > /dev/null 91 + check_err $? "tc filter stats did not increase" 92 + 93 + log_test "VXLAN FDB nexthop: $af_str basic Tx" 94 + } 95 + 96 + basic_tx_ipv4() 97 + { 98 + basic_tx_common "IPv4" ipv4 192.0.2.1 32 192.0.2.2 99 + } 100 + 101 + basic_tx_ipv6() 102 + { 103 + basic_tx_common "IPv6" ipv6 2001:db8:1::1 128 2001:db8:1::2 104 + } 105 + 106 + learning() 107 + { 108 + RET=0 109 + 110 + # When learning is enabled on the VXLAN device, an incoming packet 111 + # might try to refresh an FDB entry that points to an FDB nexthop group 112 + # instead of an ordinary remote destination. Check that the kernel does 113 + # not crash in this situation. 114 + 115 + run_cmd "ip -n $ns1 address add 192.0.2.1/32 dev lo" 116 + run_cmd "ip -n $ns1 address add 192.0.2.2/32 dev lo" 117 + 118 + run_cmd "ip -n $ns1 nexthop add id 1 via 192.0.2.3 fdb" 119 + run_cmd "ip -n $ns1 nexthop add id 10 group 1 fdb" 120 + 121 + run_cmd "ip -n $ns1 link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass" 122 + run_cmd "ip -n $ns1 link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning" 123 + 124 + run_cmd "bridge -n $ns1 fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020" 125 + run_cmd "bridge -n $ns1 fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10" 126 + 127 + run_cmd "ip netns exec $ns1 mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q" 128 + 129 + log_test "VXLAN FDB nexthop: learning" 130 + } 131 + 132 + proxy_common() 133 + { 134 + local af_str=$1; shift 135 + local local_addr=$1; shift 136 + local plen=$1; shift 137 + local remote_addr=$1; shift 138 + local neigh_addr=$1; shift 139 + local ping_cmd=$1; shift 140 + 141 + RET=0 142 + 143 + # When the "proxy" option is enabled on the VXLAN device, the device 144 + # will suppress ARP requests and IPv6 Neighbor Solicitation messages if 145 + # it is able to reply on behalf of the remote host. That is, if a 146 + # matching and valid neighbor entry is configured on the VXLAN device 147 + # whose MAC address is not behind the "any" remote (0.0.0.0 / ::). The 148 + # FDB entry for the neighbor's MAC address might point to an FDB 149 + # nexthop group instead of an ordinary remote destination. Check that 150 + # the kernel does not crash in this situation. 151 + 152 + run_cmd "ip -n $ns1 address add $local_addr/$plen dev lo" 153 + 154 + run_cmd "ip -n $ns1 nexthop add id 1 via $remote_addr fdb" 155 + run_cmd "ip -n $ns1 nexthop add id 10 group 1 fdb" 156 + 157 + run_cmd "ip -n $ns1 link add name vx0 up type vxlan id 10010 local $local_addr dstport 4789 proxy" 158 + 159 + run_cmd "ip -n $ns1 neigh add $neigh_addr lladdr 00:11:22:33:44:55 nud perm dev vx0" 160 + 161 + run_cmd "bridge -n $ns1 fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10" 162 + 163 + run_cmd "ip netns exec $ns1 $ping_cmd" 164 + 165 + log_test "VXLAN FDB nexthop: $af_str proxy" 166 + } 167 + 168 + proxy_ipv4() 169 + { 170 + proxy_common "IPv4" 192.0.2.1 32 192.0.2.2 192.0.2.3 \ 171 + "arping -b -c 1 -s 192.0.2.1 -I vx0 192.0.2.3" 172 + } 173 + 174 + proxy_ipv6() 175 + { 176 + proxy_common "IPv6" 2001:db8:1::1 128 2001:db8:1::2 2001:db8:1::3 \ 177 + "ndisc6 -r 1 -s 2001:db8:1::1 -w 1 2001:db8:1::3 vx0" 178 + } 179 + 180 + ################################################################################ 181 + # Usage 182 + 183 + usage() 184 + { 185 + cat <<EOF 186 + usage: ${0##*/} OPTS 187 + 188 + -t <test> Test(s) to run (default: all) 189 + (options: $TESTS) 190 + -p Pause on fail 191 + -v Verbose mode (show commands and output) 192 + EOF 193 + } 194 + 195 + ################################################################################ 196 + # Main 197 + 198 + while getopts ":t:pvh" opt; do 199 + case $opt in 200 + t) TESTS=$OPTARG;; 201 + p) PAUSE_ON_FAIL=yes;; 202 + v) VERBOSE=$((VERBOSE + 1));; 203 + h) usage; exit 0;; 204 + *) usage; exit 1;; 205 + esac 206 + done 207 + 208 + require_command mausezahn 209 + require_command arping 210 + require_command ndisc6 211 + require_command jq 212 + 213 + if ! ip nexthop help 2>&1 | grep -q "stats"; then 214 + echo "SKIP: iproute2 ip too old, missing nexthop stats support" 215 + exit "$ksft_skip" 216 + fi 217 + 218 + trap exit_cleanup_all EXIT 219 + 220 + for t in $TESTS 221 + do 222 + setup_ns ns1; $t; cleanup_all_ns; 223 + done