test_tunnel_bpf.sh 7.9 KB
Newer Older
1
#!/bin/bash
2
# SPDX-License-Identifier: GPL-2.0
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
# In Namespace 0 (at_ns0) using native tunnel
# Overlay IP: 10.1.1.100
# local 192.16.1.100 remote 192.16.1.200
# veth0 IP: 172.16.1.100, tunnel dev <type>00

# Out of Namespace using BPF set/get on lwtunnel
# Overlay IP: 10.1.1.200
# local 172.16.1.200 remote 172.16.1.100
# veth1 IP: 172.16.1.200, tunnel dev <type>11

function config_device {
	ip netns add at_ns0
	ip link add veth0 type veth peer name veth1
	ip link set veth0 netns at_ns0
	ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0
	ip netns exec at_ns0 ip link set dev veth0 up
19
	ip link set dev veth1 up mtu 1500
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
	ip addr add dev veth1 172.16.1.200/24
}

function add_gre_tunnel {
	# in namespace
	ip netns exec at_ns0 \
		ip link add dev $DEV_NS type $TYPE key 2 local 172.16.1.100 remote 172.16.1.200
	ip netns exec at_ns0 ip link set dev $DEV_NS up
	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24

	# out of namespace
	ip link add dev $DEV type $TYPE key 2 external
	ip link set dev $DEV up
	ip addr add dev $DEV 10.1.1.200/24
}

36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
function add_ip6gretap_tunnel {

	# assign ipv6 address
	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
	ip netns exec at_ns0 ip link set dev veth0 up
	ip addr add dev veth1 ::22/96
	ip link set dev veth1 up

	# in namespace
	ip netns exec at_ns0 \
		ip link add dev $DEV_NS type $TYPE flowlabel 0xbcdef key 2 \
		local ::11 remote ::22

	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
	ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
	ip netns exec at_ns0 ip link set dev $DEV_NS up

	# out of namespace
	ip link add dev $DEV type $TYPE external
	ip addr add dev $DEV 10.1.1.200/24
	ip addr add dev $DEV fc80::200/24
	ip link set dev $DEV up
}

60 61
function add_erspan_tunnel {
	# in namespace
62 63 64 65 66 67 68 69 70 71 72
	if [ "$1" == "v1" ]; then
		ip netns exec at_ns0 \
		ip link add dev $DEV_NS type $TYPE seq key 2 \
		local 172.16.1.100 remote 172.16.1.200 \
		erspan_ver 1 erspan 123
	else
		ip netns exec at_ns0 \
		ip link add dev $DEV_NS type $TYPE seq key 2 \
		local 172.16.1.100 remote 172.16.1.200 \
		erspan_ver 2 erspan_dir 1 erspan_hwid 3
	fi
73 74 75 76 77 78 79 80 81
	ip netns exec at_ns0 ip link set dev $DEV_NS up
	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24

	# out of namespace
	ip link add dev $DEV type $TYPE external
	ip link set dev $DEV up
	ip addr add dev $DEV 10.1.1.200/24
}

82 83 84 85 86 87 88 89 90
function add_ip6erspan_tunnel {

	# assign ipv6 address
	ip netns exec at_ns0 ip addr add ::11/96 dev veth0
	ip netns exec at_ns0 ip link set dev veth0 up
	ip addr add dev veth1 ::22/96
	ip link set dev veth1 up

	# in namespace
91 92 93 94 95 96 97 98 99 100 101
	if [ "$1" == "v1" ]; then
		ip netns exec at_ns0 \
		ip link add dev $DEV_NS type $TYPE seq key 2 \
		local ::11 remote ::22 \
		erspan_ver 1 erspan 123
	else
		ip netns exec at_ns0 \
		ip link add dev $DEV_NS type $TYPE seq key 2 \
		local ::11 remote ::22 \
		erspan_ver 2 erspan_dir 1 erspan_hwid 7
	fi
102 103 104 105 106 107 108 109 110
	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
	ip netns exec at_ns0 ip link set dev $DEV_NS up

	# out of namespace
	ip link add dev $DEV type $TYPE external
	ip addr add dev $DEV 10.1.1.200/24
	ip link set dev $DEV up
}

111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
function add_vxlan_tunnel {
	# Set static ARP entry here because iptables set-mark works
	# on L3 packet, as a result not applying to ARP packets,
	# causing errors at get_tunnel_{key/opt}.

	# in namespace
	ip netns exec at_ns0 \
		ip link add dev $DEV_NS type $TYPE id 2 dstport 4789 gbp remote 172.16.1.200
	ip netns exec at_ns0 ip link set dev $DEV_NS address 52:54:00:d9:01:00 up
	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
	ip netns exec at_ns0 arp -s 10.1.1.200 52:54:00:d9:02:00
	ip netns exec at_ns0 iptables -A OUTPUT -j MARK --set-mark 0x800FF

	# out of namespace
	ip link add dev $DEV type $TYPE external gbp dstport 4789
	ip link set dev $DEV address 52:54:00:d9:02:00 up
	ip addr add dev $DEV 10.1.1.200/24
	arp -s 10.1.1.100 52:54:00:d9:01:00
}

function add_geneve_tunnel {
	# in namespace
	ip netns exec at_ns0 \
		ip link add dev $DEV_NS type $TYPE id 2 dstport 6081 remote 172.16.1.200
	ip netns exec at_ns0 ip link set dev $DEV_NS up
	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24

	# out of namespace
	ip link add dev $DEV type $TYPE dstport 6081 external
	ip link set dev $DEV up
	ip addr add dev $DEV 10.1.1.200/24
}

144 145 146 147 148 149 150 151 152 153 154 155 156
function add_ipip_tunnel {
	# in namespace
	ip netns exec at_ns0 \
		ip link add dev $DEV_NS type $TYPE local 172.16.1.100 remote 172.16.1.200
	ip netns exec at_ns0 ip link set dev $DEV_NS up
	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24

	# out of namespace
	ip link add dev $DEV type $TYPE external
	ip link set dev $DEV up
	ip addr add dev $DEV 10.1.1.200/24
}

157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174
function attach_bpf {
	DEV=$1
	SET_TUNNEL=$2
	GET_TUNNEL=$3
	tc qdisc add dev $DEV clsact
	tc filter add dev $DEV egress bpf da obj tcbpf2_kern.o sec $SET_TUNNEL
	tc filter add dev $DEV ingress bpf da obj tcbpf2_kern.o sec $GET_TUNNEL
}

function test_gre {
	TYPE=gretap
	DEV_NS=gretap00
	DEV=gretap11
	config_device
	add_gre_tunnel
	attach_bpf $DEV gre_set_tunnel gre_get_tunnel
	ping -c 1 10.1.1.100
	ip netns exec at_ns0 ping -c 1 10.1.1.200
175
	cleanup
176 177
}

178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212
function test_ip6gre {
	TYPE=ip6gre
	DEV_NS=ip6gre00
	DEV=ip6gre11
	config_device
	# reuse the ip6gretap function
	add_ip6gretap_tunnel
	attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
	# underlay
	ping6 -c 4 ::11
	# overlay: ipv4 over ipv6
	ip netns exec at_ns0 ping -c 1 10.1.1.200
	ping -c 1 10.1.1.100
	# overlay: ipv6 over ipv6
	ip netns exec at_ns0 ping6 -c 1 fc80::200
	cleanup
}

function test_ip6gretap {
	TYPE=ip6gretap
	DEV_NS=ip6gretap00
	DEV=ip6gretap11
	config_device
	add_ip6gretap_tunnel
	attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
	# underlay
	ping6 -c 4 ::11
	# overlay: ipv4 over ipv6
	ip netns exec at_ns0 ping -i .2 -c 1 10.1.1.200
	ping -c 1 10.1.1.100
	# overlay: ipv6 over ipv6
	ip netns exec at_ns0 ping6 -c 1 fc80::200
	cleanup
}

213 214 215 216 217
function test_erspan {
	TYPE=erspan
	DEV_NS=erspan00
	DEV=erspan11
	config_device
218
	add_erspan_tunnel $1
219 220 221 222 223 224
	attach_bpf $DEV erspan_set_tunnel erspan_get_tunnel
	ping -c 1 10.1.1.100
	ip netns exec at_ns0 ping -c 1 10.1.1.200
	cleanup
}

225 226 227 228 229
function test_ip6erspan {
	TYPE=ip6erspan
	DEV_NS=ip6erspan00
	DEV=ip6erspan11
	config_device
230
	add_ip6erspan_tunnel $1
231 232 233 234 235 236
	attach_bpf $DEV ip4ip6erspan_set_tunnel ip4ip6erspan_get_tunnel
	ping6 -c 3 ::11
	ip netns exec at_ns0 ping -c 1 10.1.1.200
	cleanup
}

237 238 239 240 241 242 243 244 245
function test_vxlan {
	TYPE=vxlan
	DEV_NS=vxlan00
	DEV=vxlan11
	config_device
	add_vxlan_tunnel
	attach_bpf $DEV vxlan_set_tunnel vxlan_get_tunnel
	ping -c 1 10.1.1.100
	ip netns exec at_ns0 ping -c 1 10.1.1.200
246
	cleanup
247 248 249 250 251 252 253 254 255 256 257
}

function test_geneve {
	TYPE=geneve
	DEV_NS=geneve00
	DEV=geneve11
	config_device
	add_geneve_tunnel
	attach_bpf $DEV geneve_set_tunnel geneve_get_tunnel
	ping -c 1 10.1.1.100
	ip netns exec at_ns0 ping -c 1 10.1.1.200
258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277
	cleanup
}

function test_ipip {
	TYPE=ipip
	DEV_NS=ipip00
	DEV=ipip11
	config_device
	tcpdump -nei veth1 &
	cat /sys/kernel/debug/tracing/trace_pipe &
	add_ipip_tunnel
	ethtool -K veth1 gso off gro off rx off tx off
	ip link set dev veth1 mtu 1500
	attach_bpf $DEV ipip_set_tunnel ipip_get_tunnel
	ping -c 1 10.1.1.100
	ip netns exec at_ns0 ping -c 1 10.1.1.200
	ip netns exec at_ns0 iperf -sD -p 5200 > /dev/null
	sleep 0.2
	iperf -c 10.1.1.100 -n 5k -p 5200
	cleanup
278 279 280
}

function cleanup {
281 282
	set +ex
	pkill iperf
283 284
	ip netns delete at_ns0
	ip link del veth1
285 286
	ip link del ipip11
	ip link del gretap11
287 288
	ip link del ip6gre11
	ip link del ip6gretap11
W
William Tu 已提交
289
	ip link del vxlan11
290
	ip link del geneve11
291
	ip link del erspan11
292
	ip link del ip6erspan11
293 294 295
	pkill tcpdump
	pkill cat
	set -ex
296 297
}

298
trap cleanup 0 2 3 6 9
299
cleanup
300 301
echo "Testing GRE tunnel..."
test_gre
302 303 304 305
echo "Testing IP6GRE tunnel..."
test_ip6gre
echo "Testing IP6GRETAP tunnel..."
test_ip6gretap
306
echo "Testing ERSPAN tunnel..."
307 308
test_erspan v1
test_erspan v2
309
echo "Testing IP6ERSPAN tunnel..."
310 311
test_ip6erspan v1
test_ip6erspan v2
312 313 314 315
echo "Testing VXLAN tunnel..."
test_vxlan
echo "Testing GENEVE tunnel..."
test_geneve
316 317 318
echo "Testing IPIP tunnel..."
test_ipip
echo "*** PASS ***"