2 # SPDX-License-Identifier: GPL-2.0
5 # - - - - - - - - - - - - - - - - - - - - - - - - -
6 # | veth1 veth2 veth3 | ... init net
7 # - -| - - - - - - | - - - - - - | - -
8 # --------- --------- ---------
9 # | veth0 | | veth0 | | veth0 | ...
10 # --------- --------- ---------
14 # XDP modes: generic, native, native + egress_prog
17 # ARP: Testing BPF_F_BROADCAST, the ingress interface also should receive
19 # ns1 -> gw: ns1, ns2, ns3, should receive the arp request
20 # IPv4: Testing BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS, the ingress
21 # interface should not receive the redirects.
22 # ns1 -> gw: ns1 should not receive, ns2, ns3 should receive redirects.
23 # IPv6: Testing none flag, all the pkts should be redirected back
24 # ping test: ns1 -> ns2 (block), echo requests will be redirect back
26 # all src mac should be egress interface's mac
31 DRV_MODE="xdpgeneric xdpdrv xdpegress"
50 for i in $(seq $NUM); do
51 ip link del veth$i 2> /dev/null
52 ip netns del ns$i 2> /dev/null
56 # Kselftest framework requirement - SKIP code is 4.
59 ip link set dev lo xdpgeneric off &>/dev/null
61 echo "selftests: [SKIP] Could not run test without the ip xdpgeneric support"
65 which tcpdump &>/dev/null
67 echo "selftests: [SKIP] Could not run test without tcpdump"
77 if [ "$mode" = "xdpegress" ]; then
81 for i in $(seq $NUM); do
83 ip link add veth$i type veth peer name veth0 netns ns$i
85 ip -n ns$i link set veth0 up
87 ip -n ns$i addr add 192.0.2.$i/24 dev veth0
88 ip -n ns$i addr add 2001:db8::$i/64 dev veth0
89 # Add a neigh entry for IPv4 ping test
90 ip -n ns$i neigh add 192.0.2.253 lladdr 00:00:00:00:00:01 dev veth0
91 ip -n ns$i link set veth0 $mode obj \
92 xdp_dummy.o sec xdp &> /dev/null || \
93 { test_fail "Unable to load dummy xdp" && exit 1; }
94 IFACES="$IFACES veth$i"
95 veth_mac[$i]=$(ip link show veth$i | awk '/link\/ether/ {print $2}')
104 ip netns exec ns2 tcpdump -e -i veth0 -nn -l -e &> ${LOG_DIR}/mac_ns1-2_${mode}.log &
105 ip netns exec ns3 tcpdump -e -i veth0 -nn -l -e &> ${LOG_DIR}/mac_ns1-3_${mode}.log &
107 ip netns exec ns1 ping 192.0.2.254 -i 0.1 -c 4 &> /dev/null
112 grep -q "${veth_mac[2]} > ff:ff:ff:ff:ff:ff" ${LOG_DIR}/mac_ns1-2_${mode}.log && \
113 test_pass "$mode mac ns1-2" || test_fail "$mode mac ns1-2"
114 grep -q "${veth_mac[3]} > ff:ff:ff:ff:ff:ff" ${LOG_DIR}/mac_ns1-3_${mode}.log && \
115 test_pass "$mode mac ns1-3" || test_fail "$mode mac ns1-3"
122 # ping6 test: echo request should be redirect back to itself, not others
123 ip netns exec ns1 ip neigh add 2001:db8::2 dev veth0 lladdr 00:00:00:00:00:02
125 ip netns exec ns1 tcpdump -i veth0 -nn -l -e &> ${LOG_DIR}/ns1-1_${mode}.log &
126 ip netns exec ns2 tcpdump -i veth0 -nn -l -e &> ${LOG_DIR}/ns1-2_${mode}.log &
127 ip netns exec ns3 tcpdump -i veth0 -nn -l -e &> ${LOG_DIR}/ns1-3_${mode}.log &
130 ip netns exec ns1 ping 192.0.2.254 -i 0.1 -c 4 &> /dev/null
132 ip netns exec ns1 ping 192.0.2.253 -i 0.1 -c 4 &> /dev/null
134 ip netns exec ns1 ping6 2001:db8::2 -i 0.1 -c 2 &> /dev/null
138 # All netns should receive the redirect arp requests
139 [ $(grep -c "who-has 192.0.2.254" ${LOG_DIR}/ns1-1_${mode}.log) -gt 4 ] && \
140 test_pass "$mode arp(F_BROADCAST) ns1-1" || \
141 test_fail "$mode arp(F_BROADCAST) ns1-1"
142 [ $(grep -c "who-has 192.0.2.254" ${LOG_DIR}/ns1-2_${mode}.log) -le 4 ] && \
143 test_pass "$mode arp(F_BROADCAST) ns1-2" || \
144 test_fail "$mode arp(F_BROADCAST) ns1-2"
145 [ $(grep -c "who-has 192.0.2.254" ${LOG_DIR}/ns1-3_${mode}.log) -le 4 ] && \
146 test_pass "$mode arp(F_BROADCAST) ns1-3" || \
147 test_fail "$mode arp(F_BROADCAST) ns1-3"
149 # ns1 should not receive the redirect echo request, others should
150 [ $(grep -c "ICMP echo request" ${LOG_DIR}/ns1-1_${mode}.log) -eq 4 ] && \
151 test_pass "$mode IPv4 (F_BROADCAST|F_EXCLUDE_INGRESS) ns1-1" || \
152 test_fail "$mode IPv4 (F_BROADCAST|F_EXCLUDE_INGRESS) ns1-1"
153 [ $(grep -c "ICMP echo request" ${LOG_DIR}/ns1-2_${mode}.log) -eq 4 ] && \
154 test_pass "$mode IPv4 (F_BROADCAST|F_EXCLUDE_INGRESS) ns1-2" || \
155 test_fail "$mode IPv4 (F_BROADCAST|F_EXCLUDE_INGRESS) ns1-2"
156 [ $(grep -c "ICMP echo request" ${LOG_DIR}/ns1-3_${mode}.log) -eq 4 ] && \
157 test_pass "$mode IPv4 (F_BROADCAST|F_EXCLUDE_INGRESS) ns1-3" || \
158 test_fail "$mode IPv4 (F_BROADCAST|F_EXCLUDE_INGRESS) ns1-3"
160 # ns1 should receive the echo request, ns2 should not
161 [ $(grep -c "ICMP6, echo request" ${LOG_DIR}/ns1-1_${mode}.log) -eq 4 ] && \
162 test_pass "$mode IPv6 (no flags) ns1-1" || \
163 test_fail "$mode IPv6 (no flags) ns1-1"
164 [ $(grep -c "ICMP6, echo request" ${LOG_DIR}/ns1-2_${mode}.log) -eq 0 ] && \
165 test_pass "$mode IPv6 (no flags) ns1-2" || \
166 test_fail "$mode IPv6 (no flags) ns1-2"
176 xdpegress) drv_p="-X";;
177 xdpgeneric) drv_p="-S";;
180 ./xdp_redirect_multi $drv_p $IFACES &> ${LOG_DIR}/xdp_redirect_${mode}.log &
184 if [ "$mode" = "xdpegress" ]; then
185 do_egress_tests $mode
193 trap clean_up 0 2 3 6 9
197 for mode in ${DRV_MODE}; do
204 echo "Summary: PASS $PASS, FAIL $FAIL"
205 [ $FAIL -eq 0 ] && exit 0 || exit 1