git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ido Schimmel <idosch@nvidia.com>
	Tue, 19 Apr 2022 13:51:54 +0000 (16:51 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 27 Apr 2022 11:53:52 +0000 (13:53 +0200)
commit	3bf8ca35017024fa1cad55344f798cd5cd131c16
tree	a47b20dbdea0af33d99dfed20b46f8b769c01958	tree
parent	520aab8b723cb2bffef957844b634af04e96428d	commit \| diff

selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets

[ Upstream commit 044011fdf162c5dd61c02841930c8f438a9adadb ]

The test verifies that packets are correctly flooded by the bridge and
the VXLAN device by matching on the encapsulated packets at the other
end. However, if packets other than those generated by the test also
ingress the bridge (e.g., MLD packets), they will be flooded as well and
interfere with the expected count.

Make the test more robust by making sure that only the packets generated
by the test can ingress the bridge. Drop all the rest using tc filters
on the egress of 'br0' and 'h1'.

In the software data path, the problem can be solved by matching on the
inner destination MAC or dropping unwanted packets at the egress of the
VXLAN device, but this is not currently supported by mlxsw.

Fixes: 94d302deae25 ("selftests: mlxsw: Add a test for VxLAN flooding")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>