1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4ALL_TESTS="locked_port_ipv4 locked_port_ipv6 locked_port_vlan" 5NUM_NETIFS=4 6CHECK_TC="no" 7source lib.sh 8 9h1_create() 10{ 11 simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64 12 vlan_create $h1 100 v$h1 198.51.100.1/24 13} 14 15h1_destroy() 16{ 17 vlan_destroy $h1 100 18 simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64 19} 20 21h2_create() 22{ 23 simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64 24 vlan_create $h2 100 v$h2 198.51.100.2/24 25} 26 27h2_destroy() 28{ 29 vlan_destroy $h2 100 30 simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64 31} 32 33switch_create() 34{ 35 ip link add dev br0 type bridge vlan_filtering 1 36 37 ip link set dev $swp1 master br0 38 ip link set dev $swp2 master br0 39 40 bridge link set dev $swp1 learning off 41 42 ip link set dev br0 up 43 ip link set dev $swp1 up 44 ip link set dev $swp2 up 45} 46 47switch_destroy() 48{ 49 ip link set dev $swp2 down 50 ip link set dev $swp1 down 51 52 ip link del dev br0 53} 54 55setup_prepare() 56{ 57 h1=${NETIFS[p1]} 58 swp1=${NETIFS[p2]} 59 60 swp2=${NETIFS[p3]} 61 h2=${NETIFS[p4]} 62 63 vrf_prepare 64 65 h1_create 66 h2_create 67 68 switch_create 69} 70 71cleanup() 72{ 73 pre_cleanup 74 75 switch_destroy 76 77 h2_destroy 78 h1_destroy 79 80 vrf_cleanup 81} 82 83locked_port_ipv4() 84{ 85 RET=0 86 87 check_locked_port_support || return 0 88 89 ping_do $h1 192.0.2.2 90 check_err $? "Ping did not work before locking port" 91 92 bridge link set dev $swp1 locked on 93 94 ping_do $h1 192.0.2.2 95 check_fail $? "Ping worked after locking port, but before adding FDB entry" 96 97 bridge fdb add `mac_get $h1` dev $swp1 master static 98 99 ping_do $h1 192.0.2.2 100 check_err $? "Ping did not work after locking port and adding FDB entry" 101 102 bridge link set dev $swp1 locked off 103 bridge fdb del `mac_get $h1` dev $swp1 master static 104 105 ping_do $h1 192.0.2.2 106 check_err $? "Ping did not work after unlocking port and removing FDB entry." 107 108 log_test "Locked port ipv4" 109} 110 111locked_port_vlan() 112{ 113 RET=0 114 115 check_locked_port_support || return 0 116 117 bridge vlan add vid 100 dev $swp1 118 bridge vlan add vid 100 dev $swp2 119 120 ping_do $h1.100 198.51.100.2 121 check_err $? "Ping through vlan did not work before locking port" 122 123 bridge link set dev $swp1 locked on 124 ping_do $h1.100 198.51.100.2 125 check_fail $? "Ping through vlan worked after locking port, but before adding FDB entry" 126 127 bridge fdb add `mac_get $h1` dev $swp1 vlan 100 master static 128 129 ping_do $h1.100 198.51.100.2 130 check_err $? "Ping through vlan did not work after locking port and adding FDB entry" 131 132 bridge link set dev $swp1 locked off 133 bridge fdb del `mac_get $h1` dev $swp1 vlan 100 master static 134 135 ping_do $h1.100 198.51.100.2 136 check_err $? "Ping through vlan did not work after unlocking port and removing FDB entry" 137 138 bridge vlan del vid 100 dev $swp1 139 bridge vlan del vid 100 dev $swp2 140 log_test "Locked port vlan" 141} 142 143locked_port_ipv6() 144{ 145 RET=0 146 check_locked_port_support || return 0 147 148 ping6_do $h1 2001:db8:1::2 149 check_err $? "Ping6 did not work before locking port" 150 151 bridge link set dev $swp1 locked on 152 153 ping6_do $h1 2001:db8:1::2 154 check_fail $? "Ping6 worked after locking port, but before adding FDB entry" 155 156 bridge fdb add `mac_get $h1` dev $swp1 master static 157 ping6_do $h1 2001:db8:1::2 158 check_err $? "Ping6 did not work after locking port and adding FDB entry" 159 160 bridge link set dev $swp1 locked off 161 bridge fdb del `mac_get $h1` dev $swp1 master static 162 163 ping6_do $h1 2001:db8:1::2 164 check_err $? "Ping6 did not work after unlocking port and removing FDB entry" 165 166 log_test "Locked port ipv6" 167} 168 169trap cleanup EXIT 170 171setup_prepare 172setup_wait 173 174tests_run 175 176exit $EXIT_STATUS 177