[PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust
@ 2022-04-19 13:51 Ido Schimmel
  2022-04-19 13:51 ` [PATCH net 1/2] selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets Ido Schimmel
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Ido Schimmel @ 2022-04-19 13:51 UTC (permalink / raw)
  To: netdev; +Cc: davem, kuba, pabeni, petrm, amcohen, mlxsw, Ido Schimmel

Make the VXLAN flooding tests (with IPv4 and IPv6 underlay) more robust
by preventing flooding of unwanted packets. See detailed description of
the problem and solution in the commit messages.

Ido Schimmel (2):
  selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
  selftests: mlxsw: vxlan_flooding_ipv6: Prevent flooding of unwanted
    packets

 .../net/mlxsw/spectrum-2/vxlan_flooding_ipv6.sh | 17 +++++++++++++++++
 .../drivers/net/mlxsw/vxlan_flooding.sh         | 17 +++++++++++++++++
 2 files changed, 34 insertions(+)

-- 
2.33.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH net 1/2] selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
  2022-04-19 13:51 [PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust Ido Schimmel
@ 2022-04-19 13:51 ` Ido Schimmel
  2022-04-19 13:51 ` [PATCH net 2/2] selftests: mlxsw: vxlan_flooding_ipv6: " Ido Schimmel
  2022-04-20 14:10 ` [PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust patchwork-bot+netdevbpf
  2 siblings, 0 replies; 4+ messages in thread
From: Ido Schimmel @ 2022-04-19 13:51 UTC (permalink / raw)
  To: netdev; +Cc: davem, kuba, pabeni, petrm, amcohen, mlxsw, Ido Schimmel

The test verifies that packets are correctly flooded by the bridge and
the VXLAN device by matching on the encapsulated packets at the other
end. However, if packets other than those generated by the test also
ingress the bridge (e.g., MLD packets), they will be flooded as well and
interfere with the expected count.

Make the test more robust by making sure that only the packets generated
by the test can ingress the bridge. Drop all the rest using tc filters
on the egress of 'br0' and 'h1'.

In the software data path, the problem can be solved by matching on the
inner destination MAC or dropping unwanted packets at the egress of the
VXLAN device, but this is not currently supported by mlxsw.

Fixes: 94d302deae25 ("selftests: mlxsw: Add a test for VxLAN flooding")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
---
 .../drivers/net/mlxsw/vxlan_flooding.sh         | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tools/testing/selftests/drivers/net/mlxsw/vxlan_flooding.sh b/tools/testing/selftests/drivers/net/mlxsw/vxlan_flooding.sh
index fedcb7b35af9..af5ea50ed5c0 100755
--- a/tools/testing/selftests/drivers/net/mlxsw/vxlan_flooding.sh
+++ b/tools/testing/selftests/drivers/net/mlxsw/vxlan_flooding.sh
@@ -172,6 +172,17 @@ flooding_filters_add()
 	local lsb
 	local i
 
+	# Prevent unwanted packets from entering the bridge and interfering
+	# with the test.
+	tc qdisc add dev br0 clsact
+	tc filter add dev br0 egress protocol all pref 1 handle 1 \
+		matchall skip_hw action drop
+	tc qdisc add dev $h1 clsact
+	tc filter add dev $h1 egress protocol all pref 1 handle 1 \
+		flower skip_hw dst_mac de:ad:be:ef:13:37 action pass
+	tc filter add dev $h1 egress protocol all pref 2 handle 2 \
+		matchall skip_hw action drop
+
 	tc qdisc add dev $rp2 clsact
 
 	for i in $(eval echo {1..$num_remotes}); do
@@ -194,6 +205,12 @@ flooding_filters_del()
 	done
 
 	tc qdisc del dev $rp2 clsact
+
+	tc filter del dev $h1 egress protocol all pref 2 handle 2 matchall
+	tc filter del dev $h1 egress protocol all pref 1 handle 1 flower
+	tc qdisc del dev $h1 clsact
+	tc filter del dev br0 egress protocol all pref 1 handle 1 matchall
+	tc qdisc del dev br0 clsact
 }
 
 flooding_check_packets()
-- 
2.33.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH net 2/2] selftests: mlxsw: vxlan_flooding_ipv6: Prevent flooding of unwanted packets
  2022-04-19 13:51 [PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust Ido Schimmel
  2022-04-19 13:51 ` [PATCH net 1/2] selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets Ido Schimmel
@ 2022-04-19 13:51 ` Ido Schimmel
  2022-04-20 14:10 ` [PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust patchwork-bot+netdevbpf
  2 siblings, 0 replies; 4+ messages in thread
From: Ido Schimmel @ 2022-04-19 13:51 UTC (permalink / raw)
  To: netdev; +Cc: davem, kuba, pabeni, petrm, amcohen, mlxsw, Ido Schimmel

The test verifies that packets are correctly flooded by the bridge and
the VXLAN device by matching on the encapsulated packets at the other
end. However, if packets other than those generated by the test also
ingress the bridge (e.g., MLD packets), they will be flooded as well and
interfere with the expected count.

Make the test more robust by making sure that only the packets generated
by the test can ingress the bridge. Drop all the rest using tc filters
on the egress of 'br0' and 'h1'.

In the software data path, the problem can be solved by matching on the
inner destination MAC or dropping unwanted packets at the egress of the
VXLAN device, but this is not currently supported by mlxsw.

Fixes: d01724dd2a66 ("selftests: mlxsw: spectrum-2: Add a test for VxLAN flooding with IPv6")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
---
 .../net/mlxsw/spectrum-2/vxlan_flooding_ipv6.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tools/testing/selftests/drivers/net/mlxsw/spectrum-2/vxlan_flooding_ipv6.sh b/tools/testing/selftests/drivers/net/mlxsw/spectrum-2/vxlan_flooding_ipv6.sh
index 429f7ee735cf..fd23c80eba31 100755
--- a/tools/testing/selftests/drivers/net/mlxsw/spectrum-2/vxlan_flooding_ipv6.sh
+++ b/tools/testing/selftests/drivers/net/mlxsw/spectrum-2/vxlan_flooding_ipv6.sh
@@ -159,6 +159,17 @@ flooding_remotes_add()
 	local lsb
 	local i
 
+	# Prevent unwanted packets from entering the bridge and interfering
+	# with the test.
+	tc qdisc add dev br0 clsact
+	tc filter add dev br0 egress protocol all pref 1 handle 1 \
+		matchall skip_hw action drop
+	tc qdisc add dev $h1 clsact
+	tc filter add dev $h1 egress protocol all pref 1 handle 1 \
+		flower skip_hw dst_mac de:ad:be:ef:13:37 action pass
+	tc filter add dev $h1 egress protocol all pref 2 handle 2 \
+		matchall skip_hw action drop
+
 	for i in $(eval echo {1..$num_remotes}); do
 		lsb=$((i + 1))
 
@@ -195,6 +206,12 @@ flooding_filters_del()
 	done
 
 	tc qdisc del dev $rp2 clsact
+
+	tc filter del dev $h1 egress protocol all pref 2 handle 2 matchall
+	tc filter del dev $h1 egress protocol all pref 1 handle 1 flower
+	tc qdisc del dev $h1 clsact
+	tc filter del dev br0 egress protocol all pref 1 handle 1 matchall
+	tc qdisc del dev br0 clsact
 }
 
 flooding_check_packets()
-- 
2.33.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust
  2022-04-19 13:51 [PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust Ido Schimmel
  2022-04-19 13:51 ` [PATCH net 1/2] selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets Ido Schimmel
  2022-04-19 13:51 ` [PATCH net 2/2] selftests: mlxsw: vxlan_flooding_ipv6: " Ido Schimmel
@ 2022-04-20 14:10 ` patchwork-bot+netdevbpf
  2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-04-20 14:10 UTC (permalink / raw)
  To: Ido Schimmel; +Cc: netdev, davem, kuba, pabeni, petrm, amcohen, mlxsw

Hello:

This series was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:

On Tue, 19 Apr 2022 16:51:53 +0300 you wrote:
> Make the VXLAN flooding tests (with IPv4 and IPv6 underlay) more robust
> by preventing flooding of unwanted packets. See detailed description of
> the problem and solution in the commit messages.
> 
> Ido Schimmel (2):
>   selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
>   selftests: mlxsw: vxlan_flooding_ipv6: Prevent flooding of unwanted
>     packets
> 
> [...]

Here is the summary with links:
  - [net,1/2] selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
    https://git.kernel.org/netdev/net/c/044011fdf162
  - [net,2/2] selftests: mlxsw: vxlan_flooding_ipv6: Prevent flooding of unwanted packets
    https://git.kernel.org/netdev/net/c/5e6242151d7f

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-04-20 14:16 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-19 13:51 [PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust Ido Schimmel
2022-04-19 13:51 ` [PATCH net 1/2] selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets Ido Schimmel
2022-04-19 13:51 ` [PATCH net 2/2] selftests: mlxsw: vxlan_flooding_ipv6: " Ido Schimmel
2022-04-20 14:10 ` [PATCH net 0/2] selftests: mlxsw: Make VXLAN flooding tests more robust patchwork-bot+netdevbpf

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.