1 #!/bin/bash 2 # SPDX-License-Identifier: GPL-2.0 3 4 ALL_TESTS=" 5 vlan_modify_ingress 6 vlan_modify_egress 7 " 8 9 NUM_NETIFS=4 10 CHECK_TC="yes" 11 source lib.sh 12 13 h1_create() 14 { 15 simple_if_init $h1 192.0.2.1/28 2001:db8:1::1/64 16 vlan_create $h1 85 v$h1 192.0.2.17/28 2001:db8:2::1/64 17 } 18 19 h1_destroy() 20 { 21 vlan_destroy $h1 85 22 simple_if_fini $h1 192.0.2.1/28 2001:db8:1::1/64 23 } 24 25 h2_create() 26 { 27 simple_if_init $h2 192.0.2.2/28 2001:db8:1::2/64 28 vlan_create $h2 65 v$h2 192.0.2.18/28 2001:db8:2::2/64 29 } 30 31 h2_destroy() 32 { 33 vlan_destroy $h2 65 34 simple_if_fini $h2 192.0.2.2/28 2001:db8:1::2/64 35 } 36 37 switch_create() 38 { 39 ip link add dev br0 type bridge vlan_filtering 1 mcast_snooping 0 40 41 ip link set dev $swp1 master br0 42 ip link set dev $swp2 master br0 43 44 ip link set dev br0 up 45 ip link set dev $swp1 up 46 ip link set dev $swp2 up 47 48 bridge vlan add dev $swp1 vid 85 49 bridge vlan add dev $swp2 vid 65 50 51 bridge vlan add dev $swp2 vid 85 52 bridge vlan add dev $swp1 vid 65 53 54 tc qdisc add dev $swp1 clsact 55 tc qdisc add dev $swp2 clsact 56 } 57 58 switch_destroy() 59 { 60 tc qdisc del dev $swp2 clsact 61 tc qdisc del dev $swp1 clsact 62 63 bridge vlan del vid 65 dev $swp1 64 bridge vlan del vid 85 dev $swp2 65 66 bridge vlan del vid 65 dev $swp2 67 bridge vlan del vid 85 dev $swp1 68 69 ip link set dev $swp2 down 70 ip link set dev $swp1 down 71 72 ip link del dev br0 73 } 74 75 setup_prepare() 76 { 77 h1=${NETIFS[p1]} 78 swp1=${NETIFS[p2]} 79 80 swp2=${NETIFS[p3]} 81 h2=${NETIFS[p4]} 82 83 vrf_prepare 84 85 h1_create 86 h2_create 87 88 switch_create 89 } 90 91 cleanup() 92 { 93 pre_cleanup 94 95 switch_destroy 96 97 h2_destroy 98 h1_destroy 99 100 vrf_cleanup 101 } 102 103 vlan_modify_ingress() 104 { 105 RET=0 106 107 ping_do $h1.85 192.0.2.18 108 check_fail $? "ping between two different vlans passed when should not" 109 110 ping6_do $h1.85 2001:db8:2::2 111 check_fail $? "ping6 between two different vlans passed when should not" 112 113 tc filter add dev $swp1 ingress protocol all pref 1 handle 1 \ 114 flower action vlan modify id 65 115 tc filter add dev $swp2 ingress protocol all pref 1 handle 1 \ 116 flower action vlan modify id 85 117 118 ping_do $h1.85 192.0.2.18 119 check_err $? "ping between two different vlans failed when should not" 120 121 ping6_do $h1.85 2001:db8:2::2 122 check_err $? "ping6 between two different vlans failed when should not" 123 124 log_test "VLAN modify at ingress" 125 126 tc filter del dev $swp2 ingress protocol all pref 1 handle 1 flower 127 tc filter del dev $swp1 ingress protocol all pref 1 handle 1 flower 128 } 129 130 vlan_modify_egress() 131 { 132 RET=0 133 134 ping_do $h1.85 192.0.2.18 135 check_fail $? "ping between two different vlans passed when should not" 136 137 ping6_do $h1.85 2001:db8:2::2 138 check_fail $? "ping6 between two different vlans passed when should not" 139 140 tc filter add dev $swp1 egress protocol all pref 1 handle 1 \ 141 flower action vlan modify id 85 142 tc filter add dev $swp2 egress protocol all pref 1 handle 1 \ 143 flower action vlan modify id 65 144 145 ping_do $h1.85 192.0.2.18 146 check_err $? "ping between two different vlans failed when should not" 147 148 ping6_do $h1.85 2001:db8:2::2 149 check_err $? "ping6 between two different vlans failed when should not" 150 151 log_test "VLAN modify at egress" 152 153 tc filter del dev $swp2 egress protocol all pref 1 handle 1 flower 154 tc filter del dev $swp1 egress protocol all pref 1 handle 1 flower 155 } 156 157 trap cleanup EXIT 158 159 setup_prepare 160 setup_wait 161 162 tests_run 163 164 exit $EXIT_STATUS 165