cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

vxlan_symmetric.sh (18488B)

      1#!/bin/bash
      2# SPDX-License-Identifier: GPL-2.0
      3
      4# +---------------------------+                +------------------------------+
      5# |                    vrf-h1 |                |                       vrf-h2 |
      6# |    + $h1                  |                |    + $h2                     |
      7# |    | 10.1.1.101/24        |                |    | 10.1.2.101/24           |
      8# |    | default via 10.1.1.1 |                |    | default via 10.1.2.1    |
      9# +----|----------------------+                +----|-------------------------+
     10#      |                                            |
     11# +----|--------------------------------------------|-------------------------+
     12# | SW |                                            |                         |
     13# | +--|--------------------------------------------|-----------------------+ |
     14# | |  + $swp1                         br1          + $swp2                 | |
     15# | |     vid 10 pvid untagged                         vid 20 pvid untagged | |
     16# | |                                                                       | |
     17# | |  + vx10                                       + vx20                  | |
     18# | |    local 10.0.0.1                               local 10.0.0.1        | |
     19# | |    remote 10.0.0.2                              remote 10.0.0.2       | |
     20# | |    id 1010                                      id 1020               | |
     21# | |    dstport 4789                                 dstport 4789          | |
     22# | |    vid 10 pvid untagged                         vid 20 pvid untagged  | |
     23# | |                                                                       | |
     24# | |                             + vx4001                                  | |
     25# | |                               local 10.0.0.1                          | |
     26# | |                               remote 10.0.0.2                         | |
     27# | |                               id 104001                               | |
     28# | |                               dstport 4789                            | |
     29# | |                               vid 4001 pvid untagged                  | |
     30# | |                                                                       | |
     31# | +-----------------------------------+-----------------------------------+ |
     32# |                                     |                                     |
     33# | +-----------------------------------|-----------------------------------+ |
     34# | |                                   |                                   | |
     35# | |  +--------------------------------+--------------------------------+  | |
     36# | |  |                                |                                |  | |
     37# | |  + vlan10                         |                         vlan20 +  | |
     38# | |  | 10.1.1.11/24                   |                   10.1.2.11/24 |  | |
     39# | |  |                                |                                |  | |
     40# | |  + vlan10-v (macvlan)             +             vlan20-v (macvlan) +  | |
     41# | |    10.1.1.1/24                vlan4001                 10.1.2.1/24    | |
     42# | |    00:00:5e:00:01:01                             00:00:5e:00:01:01    | |
     43# | |                               vrf-green                               | |
     44# | +-----------------------------------------------------------------------+ |
     45# |                                                                           |
     46# |    + $rp1                                       +lo                       |
     47# |    | 192.0.2.1/24                                10.0.0.1/32              |
     48# +----|----------------------------------------------------------------------+
     49#      |
     50# +----|--------------------------------------------------------+
     51# |    |                            vrf-spine                   |
     52# |    + $rp2                                                   |
     53# |      192.0.2.2/24                                           |
     54# |                                                             |   (maybe) HW
     55# =============================================================================
     56# |                                                             |  (likely) SW
     57# |                                                             |
     58# |    + v1 (veth)                                              |
     59# |    | 192.0.3.2/24                                           |
     60# +----|--------------------------------------------------------+
     61#      |
     62# +----|----------------------------------------------------------------------+
     63# |    + v2 (veth)                                  +lo           NS1 (netns) |
     64# |      192.0.3.1/24                                10.0.0.2/32              |
     65# |                                                                           |
     66# | +-----------------------------------------------------------------------+ |
     67# | |                               vrf-green                               | |
     68# | |  + vlan10-v (macvlan)                           vlan20-v (macvlan) +  | |
     69# | |  | 10.1.1.1/24                                         10.1.2.1/24 |  | |
     70# | |  | 00:00:5e:00:01:01                             00:00:5e:00:01:01 |  | |
     71# | |  |                            vlan4001                             |  | |
     72# | |  + vlan10                         +                         vlan20 +  | |
     73# | |  | 10.1.1.12/24                   |                   10.1.2.12/24 |  | |
     74# | |  |                                |                                |  | |
     75# | |  +--------------------------------+--------------------------------+  | |
     76# | |                                   |                                   | |
     77# | +-----------------------------------|-----------------------------------+ |
     78# |                                     |                                     |
     79# | +-----------------------------------+-----------------------------------+ |
     80# | |                                                                       | |
     81# | |  + vx10                                     + vx20                    | |
     82# | |    local 10.0.0.2                             local 10.0.0.2          | |
     83# | |    remote 10.0.0.1                            remote 10.0.0.1         | |
     84# | |    id 1010                                    id 1020                 | |
     85# | |    dstport 4789                               dstport 4789            | |
     86# | |    vid 10 pvid untagged                       vid 20 pvid untagged    | |
     87# | |                                                                       | |
     88# | |                             + vx4001                                  | |
     89# | |                               local 10.0.0.2                          | |
     90# | |                               remote 10.0.0.1                         | |
     91# | |                               id 104001                               | |
     92# | |                               dstport 4789                            | |
     93# | |                               vid 4001 pvid untagged                  | |
     94# | |                                                                       | |
     95# | |  + w1 (veth)                                + w3 (veth)               | |
     96# | |  | vid 10 pvid untagged          br1        | vid 20 pvid untagged    | |
     97# | +--|------------------------------------------|-------------------------+ |
     98# |    |                                          |                           |
     99# |    |                                          |                           |
    100# | +--|----------------------+                +--|-------------------------+ |
    101# | |  |               vrf-h1 |                |  |                  vrf-h2 | |
    102# | |  + w2 (veth)            |                |  + w4 (veth)               | |
    103# | |    10.1.1.102/24        |                |    10.1.2.102/24           | |
    104# | |    default via 10.1.1.1 |                |    default via 10.1.2.1    | |
    105# | +-------------------------+                +----------------------------+ |
    106# +---------------------------------------------------------------------------+
    107
    108ALL_TESTS="
    109	ping_ipv4
    110"
    111NUM_NETIFS=6
    112source lib.sh
    113
    114hx_create()
    115{
    116	local vrf_name=$1; shift
    117	local if_name=$1; shift
    118	local ip_addr=$1; shift
    119	local gw_ip=$1; shift
    120
    121	vrf_create $vrf_name
    122	ip link set dev $if_name master $vrf_name
    123	ip link set dev $vrf_name up
    124	ip link set dev $if_name up
    125
    126	ip address add $ip_addr/24 dev $if_name
    127	ip neigh replace $gw_ip lladdr 00:00:5e:00:01:01 nud permanent \
    128		dev $if_name
    129	ip route add default vrf $vrf_name nexthop via $gw_ip
    130}
    131export -f hx_create
    132
    133hx_destroy()
    134{
    135	local vrf_name=$1; shift
    136	local if_name=$1; shift
    137	local ip_addr=$1; shift
    138	local gw_ip=$1; shift
    139
    140	ip route del default vrf $vrf_name nexthop via $gw_ip
    141	ip neigh del $gw_ip dev $if_name
    142	ip address del $ip_addr/24 dev $if_name
    143
    144	ip link set dev $if_name down
    145	vrf_destroy $vrf_name
    146}
    147
    148h1_create()
    149{
    150	hx_create "vrf-h1" $h1 10.1.1.101 10.1.1.1
    151}
    152
    153h1_destroy()
    154{
    155	hx_destroy "vrf-h1" $h1 10.1.1.101 10.1.1.1
    156}
    157
    158h2_create()
    159{
    160	hx_create "vrf-h2" $h2 10.1.2.101 10.1.2.1
    161}
    162
    163h2_destroy()
    164{
    165	hx_destroy "vrf-h2" $h2 10.1.2.101 10.1.2.1
    166}
    167
    168switch_create()
    169{
    170	ip link add name br1 type bridge vlan_filtering 1 vlan_default_pvid 0 \
    171		mcast_snooping 0
    172	# Make sure the bridge uses the MAC address of the local port and not
    173	# that of the VxLAN's device.
    174	ip link set dev br1 address $(mac_get $swp1)
    175	ip link set dev br1 up
    176
    177	ip link set dev $rp1 up
    178	ip address add dev $rp1 192.0.2.1/24
    179	ip route add 10.0.0.2/32 nexthop via 192.0.2.2
    180
    181	ip link add name vx10 type vxlan id 1010		\
    182		local 10.0.0.1 remote 10.0.0.2 dstport 4789	\
    183		nolearning noudpcsum tos inherit ttl 100
    184	ip link set dev vx10 up
    185
    186	ip link set dev vx10 master br1
    187	bridge vlan add vid 10 dev vx10 pvid untagged
    188
    189	ip link add name vx20 type vxlan id 1020		\
    190		local 10.0.0.1 remote 10.0.0.2 dstport 4789	\
    191		nolearning noudpcsum tos inherit ttl 100
    192	ip link set dev vx20 up
    193
    194	ip link set dev vx20 master br1
    195	bridge vlan add vid 20 dev vx20 pvid untagged
    196
    197	ip link set dev $swp1 master br1
    198	ip link set dev $swp1 up
    199	bridge vlan add vid 10 dev $swp1 pvid untagged
    200
    201	ip link set dev $swp2 master br1
    202	ip link set dev $swp2 up
    203	bridge vlan add vid 20 dev $swp2 pvid untagged
    204
    205	ip link add name vx4001 type vxlan id 104001		\
    206		local 10.0.0.1 dstport 4789			\
    207		nolearning noudpcsum tos inherit ttl 100
    208	ip link set dev vx4001 up
    209
    210	ip link set dev vx4001 master br1
    211	bridge vlan add vid 4001 dev vx4001 pvid untagged
    212
    213	ip address add 10.0.0.1/32 dev lo
    214
    215	# Create SVIs
    216	vrf_create "vrf-green"
    217	ip link set dev vrf-green up
    218
    219	ip link add link br1 name vlan10 up master vrf-green type vlan id 10
    220	ip address add 10.1.1.11/24 dev vlan10
    221	ip link add link vlan10 name vlan10-v up master vrf-green \
    222		address 00:00:5e:00:01:01 type macvlan mode private
    223	ip address add 10.1.1.1/24 dev vlan10-v
    224
    225	ip link add link br1 name vlan20 up master vrf-green type vlan id 20
    226	ip address add 10.1.2.11/24 dev vlan20
    227	ip link add link vlan20 name vlan20-v up master vrf-green \
    228		address 00:00:5e:00:01:01 type macvlan mode private
    229	ip address add 10.1.2.1/24 dev vlan20-v
    230
    231	ip link add link br1 name vlan4001 up master vrf-green \
    232		type vlan id 4001
    233
    234	bridge vlan add vid 10 dev br1 self
    235	bridge vlan add vid 20 dev br1 self
    236	bridge vlan add vid 4001 dev br1 self
    237
    238	bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 10
    239	bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 20
    240
    241	sysctl_set net.ipv4.conf.all.rp_filter 0
    242	sysctl_set net.ipv4.conf.vlan10-v.rp_filter 0
    243	sysctl_set net.ipv4.conf.vlan20-v.rp_filter 0
    244}
    245
    246switch_destroy()
    247{
    248	sysctl_restore net.ipv4.conf.all.rp_filter
    249
    250	bridge fdb del 00:00:5e:00:01:01 dev br1 self local vlan 20
    251	bridge fdb del 00:00:5e:00:01:01 dev br1 self local vlan 10
    252
    253	bridge vlan del vid 4001 dev br1 self
    254	bridge vlan del vid 20 dev br1 self
    255	bridge vlan del vid 10 dev br1 self
    256
    257	ip link del dev vlan4001
    258
    259	ip link del dev vlan20
    260
    261	ip link del dev vlan10
    262
    263	vrf_destroy "vrf-green"
    264
    265	ip address del 10.0.0.1/32 dev lo
    266
    267	bridge vlan del vid 20 dev $swp2
    268	ip link set dev $swp2 down
    269	ip link set dev $swp2 nomaster
    270
    271	bridge vlan del vid 10 dev $swp1
    272	ip link set dev $swp1 down
    273	ip link set dev $swp1 nomaster
    274
    275	bridge vlan del vid 4001 dev vx4001
    276	ip link set dev vx4001 nomaster
    277
    278	ip link set dev vx4001 down
    279	ip link del dev vx4001
    280
    281	bridge vlan del vid 20 dev vx20
    282	ip link set dev vx20 nomaster
    283
    284	ip link set dev vx20 down
    285	ip link del dev vx20
    286
    287	bridge vlan del vid 10 dev vx10
    288	ip link set dev vx10 nomaster
    289
    290	ip link set dev vx10 down
    291	ip link del dev vx10
    292
    293	ip route del 10.0.0.2/32 nexthop via 192.0.2.2
    294	ip address del dev $rp1 192.0.2.1/24
    295	ip link set dev $rp1 down
    296
    297	ip link set dev br1 down
    298	ip link del dev br1
    299}
    300
    301spine_create()
    302{
    303	vrf_create "vrf-spine"
    304	ip link set dev $rp2 master vrf-spine
    305	ip link set dev v1 master vrf-spine
    306	ip link set dev vrf-spine up
    307	ip link set dev $rp2 up
    308	ip link set dev v1 up
    309
    310	ip address add 192.0.2.2/24 dev $rp2
    311	ip address add 192.0.3.2/24 dev v1
    312
    313	ip route add 10.0.0.1/32 vrf vrf-spine nexthop via 192.0.2.1
    314	ip route add 10.0.0.2/32 vrf vrf-spine nexthop via 192.0.3.1
    315}
    316
    317spine_destroy()
    318{
    319	ip route del 10.0.0.2/32 vrf vrf-spine nexthop via 192.0.3.1
    320	ip route del 10.0.0.1/32 vrf vrf-spine nexthop via 192.0.2.1
    321
    322	ip address del 192.0.3.2/24 dev v1
    323	ip address del 192.0.2.2/24 dev $rp2
    324
    325	ip link set dev v1 down
    326	ip link set dev $rp2 down
    327	vrf_destroy "vrf-spine"
    328}
    329
    330ns_h1_create()
    331{
    332	hx_create "vrf-h1" w2 10.1.1.102 10.1.1.1
    333}
    334export -f ns_h1_create
    335
    336ns_h2_create()
    337{
    338	hx_create "vrf-h2" w4 10.1.2.102 10.1.2.1
    339}
    340export -f ns_h2_create
    341
    342ns_switch_create()
    343{
    344	ip link add name br1 type bridge vlan_filtering 1 vlan_default_pvid 0 \
    345		mcast_snooping 0
    346	ip link set dev br1 up
    347
    348	ip link set dev v2 up
    349	ip address add dev v2 192.0.3.1/24
    350	ip route add 10.0.0.1/32 nexthop via 192.0.3.2
    351
    352	ip link add name vx10 type vxlan id 1010		\
    353		local 10.0.0.2 remote 10.0.0.1 dstport 4789	\
    354		nolearning noudpcsum tos inherit ttl 100
    355	ip link set dev vx10 up
    356
    357	ip link set dev vx10 master br1
    358	bridge vlan add vid 10 dev vx10 pvid untagged
    359
    360	ip link add name vx20 type vxlan id 1020		\
    361		local 10.0.0.2 remote 10.0.0.1 dstport 4789	\
    362		nolearning noudpcsum tos inherit ttl 100
    363	ip link set dev vx20 up
    364
    365	ip link set dev vx20 master br1
    366	bridge vlan add vid 20 dev vx20 pvid untagged
    367
    368	ip link add name vx4001 type vxlan id 104001		\
    369		local 10.0.0.2 dstport 4789			\
    370		nolearning noudpcsum tos inherit ttl 100
    371	ip link set dev vx4001 up
    372
    373	ip link set dev vx4001 master br1
    374	bridge vlan add vid 4001 dev vx4001 pvid untagged
    375
    376	ip link set dev w1 master br1
    377	ip link set dev w1 up
    378	bridge vlan add vid 10 dev w1 pvid untagged
    379
    380	ip link set dev w3 master br1
    381	ip link set dev w3 up
    382	bridge vlan add vid 20 dev w3 pvid untagged
    383
    384	ip address add 10.0.0.2/32 dev lo
    385
    386	# Create SVIs
    387	vrf_create "vrf-green"
    388	ip link set dev vrf-green up
    389
    390	ip link add link br1 name vlan10 up master vrf-green type vlan id 10
    391	ip address add 10.1.1.12/24 dev vlan10
    392	ip link add link vlan10 name vlan10-v up master vrf-green \
    393		address 00:00:5e:00:01:01 type macvlan mode private
    394	ip address add 10.1.1.1/24 dev vlan10-v
    395
    396	ip link add link br1 name vlan20 up master vrf-green type vlan id 20
    397	ip address add 10.1.2.12/24 dev vlan20
    398	ip link add link vlan20 name vlan20-v up master vrf-green \
    399		address 00:00:5e:00:01:01 type macvlan mode private
    400	ip address add 10.1.2.1/24 dev vlan20-v
    401
    402	ip link add link br1 name vlan4001 up master vrf-green \
    403		type vlan id 4001
    404
    405	bridge vlan add vid 10 dev br1 self
    406	bridge vlan add vid 20 dev br1 self
    407	bridge vlan add vid 4001 dev br1 self
    408
    409	bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 10
    410	bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 20
    411
    412	sysctl_set net.ipv4.conf.all.rp_filter 0
    413	sysctl_set net.ipv4.conf.vlan10-v.rp_filter 0
    414	sysctl_set net.ipv4.conf.vlan20-v.rp_filter 0
    415}
    416export -f ns_switch_create
    417
    418ns_init()
    419{
    420	ip link add name w1 type veth peer name w2
    421	ip link add name w3 type veth peer name w4
    422
    423	ip link set dev lo up
    424
    425	ns_h1_create
    426	ns_h2_create
    427	ns_switch_create
    428}
    429export -f ns_init
    430
    431ns1_create()
    432{
    433	ip netns add ns1
    434	ip link set dev v2 netns ns1
    435	in_ns ns1 ns_init
    436}
    437
    438ns1_destroy()
    439{
    440	ip netns exec ns1 ip link set dev v2 netns 1
    441	ip netns del ns1
    442}
    443
    444__l2_vni_init()
    445{
    446	local mac1=$1; shift
    447	local mac2=$1; shift
    448	local ip1=$1; shift
    449	local ip2=$1; shift
    450	local dst=$1; shift
    451
    452	bridge fdb add $mac1 dev vx10 self master extern_learn static \
    453		dst $dst vlan 10
    454	bridge fdb add $mac2 dev vx20 self master extern_learn static \
    455		dst $dst vlan 20
    456
    457	ip neigh add $ip1 lladdr $mac1 nud noarp dev vlan10 \
    458		extern_learn
    459	ip neigh add $ip2 lladdr $mac2 nud noarp dev vlan20 \
    460		extern_learn
    461}
    462export -f __l2_vni_init
    463
    464l2_vni_init()
    465{
    466	local h1_ns_mac=$(in_ns ns1 mac_get w2)
    467	local h2_ns_mac=$(in_ns ns1 mac_get w4)
    468	local h1_mac=$(mac_get $h1)
    469	local h2_mac=$(mac_get $h2)
    470
    471	__l2_vni_init $h1_ns_mac $h2_ns_mac 10.1.1.102 10.1.2.102 10.0.0.2
    472	in_ns ns1 __l2_vni_init $h1_mac $h2_mac 10.1.1.101 10.1.2.101 10.0.0.1
    473}
    474
    475__l3_vni_init()
    476{
    477	local mac=$1; shift
    478	local vtep_ip=$1; shift
    479	local host1_ip=$1; shift
    480	local host2_ip=$1; shift
    481
    482	bridge fdb add $mac dev vx4001 self master extern_learn static \
    483		dst $vtep_ip vlan 4001
    484
    485	ip neigh add $vtep_ip lladdr $mac nud noarp dev vlan4001 extern_learn
    486
    487	ip route add $host1_ip/32 vrf vrf-green nexthop via $vtep_ip \
    488		dev vlan4001 onlink
    489	ip route add $host2_ip/32 vrf vrf-green nexthop via $vtep_ip \
    490		dev vlan4001 onlink
    491}
    492export -f __l3_vni_init
    493
    494l3_vni_init()
    495{
    496	local vlan4001_ns_mac=$(in_ns ns1 mac_get vlan4001)
    497	local vlan4001_mac=$(mac_get vlan4001)
    498
    499	__l3_vni_init $vlan4001_ns_mac 10.0.0.2 10.1.1.102 10.1.2.102
    500	in_ns ns1 __l3_vni_init $vlan4001_mac 10.0.0.1 10.1.1.101 10.1.2.101
    501}
    502
    503setup_prepare()
    504{
    505	h1=${NETIFS[p1]}
    506	swp1=${NETIFS[p2]}
    507
    508	swp2=${NETIFS[p3]}
    509	h2=${NETIFS[p4]}
    510
    511	rp1=${NETIFS[p5]}
    512	rp2=${NETIFS[p6]}
    513
    514	vrf_prepare
    515	forwarding_enable
    516
    517	h1_create
    518	h2_create
    519	switch_create
    520
    521	ip link add name v1 type veth peer name v2
    522	spine_create
    523	ns1_create
    524
    525	l2_vni_init
    526	l3_vni_init
    527}
    528
    529cleanup()
    530{
    531	pre_cleanup
    532
    533	ns1_destroy
    534	spine_destroy
    535	ip link del dev v1
    536
    537	switch_destroy
    538	h2_destroy
    539	h1_destroy
    540
    541	forwarding_restore
    542	vrf_cleanup
    543}
    544
    545ping_ipv4()
    546{
    547	ping_test $h1 10.1.2.101 ": local->local vid 10->vid 20"
    548	ping_test $h1 10.1.1.102 ": local->remote vid 10->vid 10"
    549	ping_test $h2 10.1.2.102 ": local->remote vid 20->vid 20"
    550	ping_test $h1 10.1.2.102 ": local->remote vid 10->vid 20"
    551	ping_test $h2 10.1.1.102 ": local->remote vid 20->vid 10"
    552}
    553
    554trap cleanup EXIT
    555
    556setup_prepare
    557setup_wait
    558
    559tests_run
    560
    561exit $EXIT_STATUS