cf99e2442b
[ Upstream commit e8023b030ce1748930e2dc76353a262fe47d4745 ]
For tc ip_proto filter, when we extract the flow via __skb_flow_dissect()
without flag FLOW_DISSECTOR_F_STOP_AT_ENCAP, we will continue extract to
the inner proto.
So for GRE + ICMP messages, we should not track GRE proto, but inner ICMP
proto.
For test mirror_gre.sh, it may make user confused if we capture ICMP
message on $h3(since the flow is GRE message). So I move the capture
dev to h3-gt{4,6}, and only capture ICMP message.
Before the fix:
]# ./mirror_gre.sh
TEST: ingress mirror to gretap (skip_hw) [ OK ]
TEST: egress mirror to gretap (skip_hw) [ OK ]
TEST: ingress mirror to ip6gretap (skip_hw) [ OK ]
TEST: egress mirror to ip6gretap (skip_hw) [ OK ]
TEST: ingress mirror to gretap: envelope MAC (skip_hw) [FAIL]
Expected to capture 10 packets, got 0.
TEST: egress mirror to gretap: envelope MAC (skip_hw) [FAIL]
Expected to capture 10 packets, got 0.
TEST: ingress mirror to ip6gretap: envelope MAC (skip_hw) [FAIL]
Expected to capture 10 packets, got 0.
TEST: egress mirror to ip6gretap: envelope MAC (skip_hw) [FAIL]
Expected to capture 10 packets, got 0.
TEST: two simultaneously configured mirrors (skip_hw) [ OK ]
WARN: Could not test offloaded functionality
After fix:
]# ./mirror_gre.sh
TEST: ingress mirror to gretap (skip_hw) [ OK ]
TEST: egress mirror to gretap (skip_hw) [ OK ]
TEST: ingress mirror to ip6gretap (skip_hw) [ OK ]
TEST: egress mirror to ip6gretap (skip_hw) [ OK ]
TEST: ingress mirror to gretap: envelope MAC (skip_hw) [ OK ]
TEST: egress mirror to gretap: envelope MAC (skip_hw) [ OK ]
TEST: ingress mirror to ip6gretap: envelope MAC (skip_hw) [ OK ]
TEST: egress mirror to ip6gretap: envelope MAC (skip_hw) [ OK ]
TEST: two simultaneously configured mirrors (skip_hw) [ OK ]
WARN: Could not test offloaded functionality
Fixes:
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| bridge_port_isolation.sh | ||
| bridge_vlan_aware.sh | ||
| bridge_vlan_unaware.sh | ||
| config | ||
| devlink_lib.sh | ||
| forwarding.config.sample | ||
| gre_multipath.sh | ||
| lib.sh | ||
| mirror_gre.sh | ||
| mirror_gre_bound.sh | ||
| mirror_gre_bridge_1d.sh | ||
| mirror_gre_bridge_1d_vlan.sh | ||
| mirror_gre_bridge_1q.sh | ||
| mirror_gre_bridge_1q_lag.sh | ||
| mirror_gre_changes.sh | ||
| mirror_gre_flower.sh | ||
| mirror_gre_lag_lacp.sh | ||
| mirror_gre_lib.sh | ||
| mirror_gre_neigh.sh | ||
| mirror_gre_nh.sh | ||
| mirror_gre_topo_lib.sh | ||
| mirror_gre_vlan.sh | ||
| mirror_gre_vlan_bridge_1q.sh | ||
| mirror_lib.sh | ||
| mirror_topo_lib.sh | ||
| mirror_vlan.sh | ||
| README | ||
| router.sh | ||
| router_bridge.sh | ||
| router_bridge_vlan.sh | ||
| router_broadcast.sh | ||
| router_multipath.sh | ||
| tc_actions.sh | ||
| tc_chains.sh | ||
| tc_common.sh | ||
| tc_flower.sh | ||
| tc_shblocks.sh | ||
Motivation
==========
One of the nice things about network namespaces is that they allow one
to easily create and test complex environments.
Unfortunately, these namespaces can not be used with actual switching
ASICs, as their ports can not be migrated to other network namespaces
(NETIF_F_NETNS_LOCAL) and most of them probably do not support the
L1-separation provided by namespaces.
However, a similar kind of flexibility can be achieved by using VRFs and
by looping the switch ports together. For example:
br0
+
vrf-h1 | vrf-h2
+ +---+----+ +
| | | |
192.0.2.1/24 + + + + 192.0.2.2/24
swp1 swp2 swp3 swp4
+ + + +
| | | |
+--------+ +--------+
The VRFs act as lightweight namespaces representing hosts connected to
the switch.
This approach for testing switch ASICs has several advantages over the
traditional method that requires multiple physical machines, to name a
few:
1. Only the device under test (DUT) is being tested without noise from
other system.
2. Ability to easily provision complex topologies. Testing bridging
between 4-ports LAGs or 8-way ECMP requires many physical links that are
not always available. With the VRF-based approach one merely needs to
loopback more ports.
These tests are written with switch ASICs in mind, but they can be run
on any Linux box using veth pairs to emulate physical loopbacks.
Guidelines for Writing Tests
============================
o Where possible, reuse an existing topology for different tests instead
of recreating the same topology.
o Tests that use anything but the most trivial topologies should include
an ASCII art showing the topology.
o Where possible, IPv6 and IPv4 addresses shall conform to RFC 3849 and
RFC 5737, respectively.
o Where possible, tests shall be written so that they can be reused by
multiple topologies and added to lib.sh.
o Checks shall be added to lib.sh for any external dependencies.
o Code shall be checked using ShellCheck [1] prior to submission.
1. https://www.shellcheck.net/