Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp3415581ioa;
        Tue, 26 Apr 2022 03:18:00 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzhU4i76zqHOcgixwqQxIRKZ7eH/UtVCAHvBXHqzUK3kmQL1PzhmWsVR/wTD0XNseXEcbUT
X-Received: by 2002:a17:907:3f82:b0:6df:919c:97a with SMTP id hr2-20020a1709073f8200b006df919c097amr20289365ejc.19.1650968280407;
        Tue, 26 Apr 2022 03:18:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650968280; cv=none;
        d=google.com; s=arc-20160816;
        b=Hhnvzh/1FGTwlBThFvA0pjYpVGn2bJCH2YyT5wnLTlYtDkfjqARWSJ1z8W3FAdENOO
         /QGOBhOEx01fUltecBtCxC9AlmnWh5au7VckAtUHX7diuwme5oTJ84G1QPQSjRcPFQcW
         HLDRSVwXg69yLtzE9hUnYuqnwzE31noJ1ANQResY3cUojemR+7IQYAeDDkw909zZ+5M1
         1Idtiv2ptZlGCoheXcC9k48gqH7P22rJ3UyjmYpHmEOR7WkN/selt254oqSxAzdp9Cdw
         PObUThNvjDXwA4FTF8MBHwIVrJXBH2nIpDNRtVUw35SsGj2NF4PqeN11xfXdaGGEVCeb
         OX9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=jOQ3UQBF+VWPOykmfsP2oXKW8R2L7PWwAzGZaAFrHho=;
        b=G0I5EbN70jg/rupSam4d7jZ2w5hX0In6N+A6DQCeyByOwrvNjuX6BQ0WVolqBmwS7B
         eNKGHguOEvz/C+rq/f58G++YbEDXgQTtU5Fi239P9yMFBLSLpUuwOs/C8J76qzKehk7I
         LbgqTX5BniC+OVXgAv45GBFoo/lr8zCc/LAo+oMLGyHvppW72jFxMFGtsTBVCN75o0UO
         Jm0PY5xxZbs+2DRyXPYoxw/rYTDIfeLq7Fl6dL9iIGSl5XDN+MttmLd5U2uEg7JBoFU2
         INkpda1QSZFPy3Aq1lfa7YdpeY4iF6a6xI2I79+BEhr0isMfBsw4LuCSBJT4h1Iel83T
         2ljg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eLWWUITk;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z16-20020a1709063ad000b006e7581023f3si14046827ejd.827.2022.04.26.03.17.36;
        Tue, 26 Apr 2022 03:18:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eLWWUITk;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1346519AbiDZJNV (ORCPT <rfc822;andre.cachopas@gmail.com>
        + 99 others); Tue, 26 Apr 2022 05:13:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52036 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1346532AbiDZIuJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 26 Apr 2022 04:50:09 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF4AC145845;
        Tue, 26 Apr 2022 01:38:21 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id BFC146090C;
        Tue, 26 Apr 2022 08:38:20 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id AFD83C385B1;
        Tue, 26 Apr 2022 08:38:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1650962300;
        bh=GwuxwJSY6TmdTZNREcQNOtDHNwXMuLUyUK+8yLIXuPA=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=eLWWUITk5MZQ+ABaE6V1E+RByk2bDIJ/Kf5GOAJbQFaDMFUW05fR9tJ/QbPLl2+Rl
         GDRRUUyWJuZu+OkjaZMGBm9z0jpqzqZdyRYXMOFCnhm/AxWBCAtexY5o3eCsi2YG6j
         +RIb6uSw1n4UNP07PvgsoURRlNdKJgqxYXfBXB5o=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Ido Schimmel <idosch@nvidia.com>,
        Amit Cohen <amcohen@nvidia.com>,
        "David S. Miller" <davem@davemloft.net>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.15 051/124] selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
Date:   Tue, 26 Apr 2022 10:20:52 +0200
Message-Id: <20220426081748.752816049@linuxfoundation.org>
X-Mailer: git-send-email 2.36.0
In-Reply-To: <20220426081747.286685339@linuxfoundation.org>
References: <20220426081747.286685339@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ido Schimmel <idosch@nvidia.com>

[ Upstream commit 044011fdf162c5dd61c02841930c8f438a9adadb ]

The test verifies that packets are correctly flooded by the bridge and
the VXLAN device by matching on the encapsulated packets at the other
end. However, if packets other than those generated by the test also
ingress the bridge (e.g., MLD packets), they will be flooded as well and
interfere with the expected count.

Make the test more robust by making sure that only the packets generated
by the test can ingress the bridge. Drop all the rest using tc filters
on the egress of 'br0' and 'h1'.

In the software data path, the problem can be solved by matching on the
inner destination MAC or dropping unwanted packets at the egress of the
VXLAN device, but this is not currently supported by mlxsw.

Fixes: 94d302deae25 ("selftests: mlxsw: Add a test for VxLAN flooding")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../drivers/net/mlxsw/vxlan_flooding.sh         | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tools/testing/selftests/drivers/net/mlxsw/vxlan_flooding.sh b/tools/testing/selftests/drivers/net/mlxsw/vxlan_flooding.sh
index fedcb7b35af9..af5ea50ed5c0 100755
--- a/tools/testing/selftests/drivers/net/mlxsw/vxlan_flooding.sh
+++ b/tools/testing/selftests/drivers/net/mlxsw/vxlan_flooding.sh
@@ -172,6 +172,17 @@ flooding_filters_add()
 	local lsb
 	local i
 
+	# Prevent unwanted packets from entering the bridge and interfering
+	# with the test.
+	tc qdisc add dev br0 clsact
+	tc filter add dev br0 egress protocol all pref 1 handle 1 \
+		matchall skip_hw action drop
+	tc qdisc add dev $h1 clsact
+	tc filter add dev $h1 egress protocol all pref 1 handle 1 \
+		flower skip_hw dst_mac de:ad:be:ef:13:37 action pass
+	tc filter add dev $h1 egress protocol all pref 2 handle 2 \
+		matchall skip_hw action drop
+
 	tc qdisc add dev $rp2 clsact
 
 	for i in $(eval echo {1..$num_remotes}); do
@@ -194,6 +205,12 @@ flooding_filters_del()
 	done
 
 	tc qdisc del dev $rp2 clsact
+
+	tc filter del dev $h1 egress protocol all pref 2 handle 2 matchall
+	tc filter del dev $h1 egress protocol all pref 1 handle 1 flower
+	tc qdisc del dev $h1 clsact
+	tc filter del dev br0 egress protocol all pref 1 handle 1 matchall
+	tc qdisc del dev br0 clsact
 }
 
 flooding_check_packets()
-- 
2.35.1