Quelle  test_vxlan_mdb.sh   Sprache: Shell

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# This test is for checking VXLAN MDB functionality. The topology consists of
# two sets of namespaces: One for the testing of IPv4 underlay and another for
# IPv6. In both cases, both IPv4 and IPv6 overlay traffic are tested.
#
# Data path functionality is tested by sending traffic from one of the upper
# namespaces and checking using ingress tc filters that the expected traffic
# was received by one of the lower namespaces.
#
# +------------------------------------+ +------------------------------------+
# | ns1_v4                             | | ns1_v6                             |
# |                                    | |                                    |
# |    br0.10    br0.4000  br0.20      | |    br0.10    br0.4000  br0.20      |
# |       +         +         +        | |       +         +         +        |
# |       |         |         |        | |       |         |         |        |
# |       |         |         |        | |       |         |         |        |
# |       +---------+---------+        | |       +---------+---------+        |
# |                 |                  | |                 |                  |
# |                 |                  | |                 |                  |
# |                 +                  | |                 +                  |
# |                br0                 | |                br0                 |
# |                 +                  | |                 +                  |
# |                 |                  | |                 |                  |
# |                 |                  | |                 |                  |
# |                 +                  | |                 +                  |
# |                vx0                 | |                vx0                 |
# |                                    | |                                    |
# |                                    | |                                    |
# |               veth0                | |               veth0                |
# |                 +                  | |                 +                  |
# +-----------------|------------------+ +-----------------|------------------+
#                   |                                      |
# +-----------------|------------------+ +-----------------|------------------+
# |                 +                  | |                 +                  |
# |               veth0                | |               veth0                |
# |                                    | |                                    |
# |                                    | |                                    |
# |                vx0                 | |                vx0                 |
# |                 +                  | |                 +                  |
# |                 |                  | |                 |                  |
# |                 |                  | |                 |                  |
# |                 +                  | |                 +                  |
# |                br0                 | |                br0                 |
# |                 +                  | |                 +                  |
# |                 |                  | |                 |                  |
# |                 |                  | |                 |                  |
# |       +---------+---------+        | |       +---------+---------+        |
# |       |         |         |        | |       |         |         |        |
# |       |         |         |        | |       |         |         |        |
# |       +         +         +        | |       +         +         +        |
# |    br0.10    br0.4000  br0.10      | |    br0.10    br0.4000  br0.20      |
# |                                    | |                                    |
# | ns2_v4                             | | ns2_v6                             |
# +------------------------------------+ +------------------------------------+

source lib.sh
ret=0

CONTROL_PATH_TESTS="
 basic_star_g_ipv4_ipv4
 basic_star_g_ipv6_ipv4
 basic_star_g_ipv4_ipv6
 basic_star_g_ipv6_ipv6
 basic_sg_ipv4_ipv4
 basic_sg_ipv6_ipv4
 basic_sg_ipv4_ipv6
 basic_sg_ipv6_ipv6
 star_g_ipv4_ipv4
 star_g_ipv6_ipv4
 star_g_ipv4_ipv6
 star_g_ipv6_ipv6
 sg_ipv4_ipv4
 sg_ipv6_ipv4
 sg_ipv4_ipv6
 sg_ipv6_ipv6
 dump_ipv4_ipv4
 dump_ipv6_ipv4
 dump_ipv4_ipv6
 dump_ipv6_ipv6
 flush
"

DATA_PATH_TESTS="
 encap_params_ipv4_ipv4
 encap_params_ipv6_ipv4
 encap_params_ipv4_ipv6
 encap_params_ipv6_ipv6
 starg_exclude_ir_ipv4_ipv4
 starg_exclude_ir_ipv6_ipv4
 starg_exclude_ir_ipv4_ipv6
 starg_exclude_ir_ipv6_ipv6
 starg_include_ir_ipv4_ipv4
 starg_include_ir_ipv6_ipv4
 starg_include_ir_ipv4_ipv6
 starg_include_ir_ipv6_ipv6
 starg_exclude_p2mp_ipv4_ipv4
 starg_exclude_p2mp_ipv6_ipv4
 starg_exclude_p2mp_ipv4_ipv6
 starg_exclude_p2mp_ipv6_ipv6
 starg_include_p2mp_ipv4_ipv4
 starg_include_p2mp_ipv6_ipv4
 starg_include_p2mp_ipv4_ipv6
 starg_include_p2mp_ipv6_ipv6
 egress_vni_translation_ipv4_ipv4
 egress_vni_translation_ipv6_ipv4
 egress_vni_translation_ipv4_ipv6
 egress_vni_translation_ipv6_ipv6
 all_zeros_mdb_ipv4
 all_zeros_mdb_ipv6
 mdb_fdb_ipv4_ipv4
 mdb_fdb_ipv6_ipv4
 mdb_fdb_ipv4_ipv6
 mdb_fdb_ipv6_ipv6
 mdb_torture_ipv4_ipv4
 mdb_torture_ipv6_ipv4
 mdb_torture_ipv4_ipv6
 mdb_torture_ipv6_ipv6
"

# All tests in this script. Can be overridden with -t option.
TESTS="
 $CONTROL_PATH_TESTS
 $DATA_PATH_TESTS
"
VERBOSE=0
PAUSE_ON_FAIL=no
PAUSE=no

################################################################################
# Utilities

log_test()
{
 local rc=$1
 local expected=$2
 local msg="$3"

 if [ ${rc} -eq ${expected} ]; then
  printf "TEST: %-60s [ OK ]\n" "${msg}"
  nsuccess=$((nsuccess+1))
 else
  ret=1
  nfail=$((nfail+1))
  printf "TEST: %-60s [FAIL]\n" "${msg}"
  if [ "$VERBOSE" = "1" ]; then
   echo " rc=$rc, expected $expected"
  fi

  if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
  echo
   echo "hit enter to continue, 'q' to quit"
   read a
   [ "$a" = "q" ] && exit 1
  fi
 fi

 if [ "${PAUSE}" = "yes" ]; then
  echo
  echo "hit enter to continue, 'q' to quit"
  read a
  [ "$a" = "q" ] && exit 1
 fi

 [ "$VERBOSE" = "1" ] && echo
}

run_cmd()
{
 local cmd="$1"
 local out
 local stderr="2>/dev/null"

 if [ "$VERBOSE" = "1" ]; then
  printf "COMMAND: $cmd\n"
  stderr=
 fi

 out=$(eval $cmd $stderr)
 rc=$?
 if [ "$VERBOSE" = "1" -a -n "$out" ]; then
  echo " $out"
 fi

 return $rc
}

tc_check_packets()
{
 local ns=$1; shift
 local id=$1; shift
 local handle=$1; shift
 local count=$1; shift
 local pkts

 sleep 0.1
 pkts=$(tc -n $ns -j -s filter show $id \
  | jq ".[] | select(.options.handle == $handle) | \
  .options.actions[0].stats.packets")
 [[ $pkts == $count ]]
}

################################################################################
# Setup

setup_common_ns()
{
 local ns=$1; shift
 local local_addr=$1; shift

 ip netns exec $ns sysctl -qw net.ipv4.ip_forward=1
 ip netns exec $ns sysctl -qw net.ipv4.fib_multipath_use_neigh=1
 ip netns exec $ns sysctl -qw net.ipv4.conf.default.ignore_routes_with_linkdown=1
 ip netns exec $ns sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
 ip netns exec $ns sysctl -qw net.ipv6.conf.all.forwarding=1
 ip netns exec $ns sysctl -qw net.ipv6.conf.default.forwarding=1
 ip netns exec $ns sysctl -qw net.ipv6.conf.default.ignore_routes_with_linkdown=1
 ip netns exec $ns sysctl -qw net.ipv6.conf.all.accept_dad=0
 ip netns exec $ns sysctl -qw net.ipv6.conf.default.accept_dad=0

 ip -n $ns link set dev lo up
 ip -n $ns address add $local_addr dev lo

 ip -n $ns link set dev veth0 up

 ip -n $ns link add name br0 up type bridge vlan_filtering 1 \
  vlan_default_pvid 0 mcast_snooping 0

 ip -n $ns link add link br0 name br0.10 up type vlan id 10
 bridge -n $ns vlan add vid 10 dev br0 self

 ip -n $ns link add link br0 name br0.20 up type vlan id 20
 bridge -n $ns vlan add vid 20 dev br0 self

 ip -n $ns link add link br0 name br0.4000 up type vlan id 4000
 bridge -n $ns vlan add vid 4000 dev br0 self

 ip -n $ns link add name vx0 up master br0 type vxlan \
  local $local_addr dstport 4789 external vnifilter
 bridge -n $ns link set dev vx0 vlan_tunnel on

 bridge -n $ns vlan add vid 10 dev vx0
 bridge -n $ns vlan add vid 10 dev vx0 tunnel_info id 10010
 bridge -n $ns vni add vni 10010 dev vx0

 bridge -n $ns vlan add vid 20 dev vx0
 bridge -n $ns vlan add vid 20 dev vx0 tunnel_info id 10020
 bridge -n $ns vni add vni 10020 dev vx0

 bridge -n $ns vlan add vid 4000 dev vx0 pvid
 bridge -n $ns vlan add vid 4000 dev vx0 tunnel_info id 14000
 bridge -n $ns vni add vni 14000 dev vx0
}

setup_common()
{
 local ns1=$1; shift
 local ns2=$1; shift
 local local_addr1=$1; shift
 local local_addr2=$1; shift

 ip link add name veth0 type veth peer name veth1
 ip link set dev veth0 netns $ns1 name veth0
 ip link set dev veth1 netns $ns2 name veth0

 setup_common_ns $ns1 $local_addr1
 setup_common_ns $ns2 $local_addr2
}

setup_v4()
{
 setup_ns ns1_v4 ns2_v4
 setup_common $ns1_v4 $ns2_v4 192.0.2.1 192.0.2.2

 ip -n $ns1_v4 address add 192.0.2.17/28 dev veth0
 ip -n $ns2_v4 address add 192.0.2.18/28 dev veth0

 ip -n $ns1_v4 route add default via 192.0.2.18
 ip -n $ns2_v4 route add default via 192.0.2.17
}

cleanup_v4()
{
 cleanup_ns $ns2_v4 $ns1_v4
}

setup_v6()
{
 setup_ns ns1_v6 ns2_v6
 setup_common $ns1_v6 $ns2_v6 2001:db8:1::1 2001:db8:1::2

 ip -n $ns1_v6 address add 2001:db8:2::1/64 dev veth0 nodad
 ip -n $ns2_v6 address add 2001:db8:2::2/64 dev veth0 nodad

 ip -n $ns1_v6 route add default via 2001:db8:2::2
 ip -n $ns2_v6 route add default via 2001:db8:2::1
}

cleanup_v6()
{
 cleanup_ns $ns2_v6 $ns1_v6
}

setup()
{
 set -e

 setup_v4
 setup_v6

 sleep 5

 set +e
}

cleanup()
{
 cleanup_v6 &> /dev/null
 cleanup_v4 &> /dev/null
}

################################################################################
# Tests - Control path

basic_common()
{
 local ns1=$1; shift
 local grp_key=$1; shift
 local vtep_ip=$1; shift

 # Test basic control path operations common to all MDB entry types.

 # Basic add, replace and delete behavior.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
 log_test $? 0 "MDB entry addition"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010"
 log_test $? 0 "MDB entry presence after addition"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
 log_test $? 0 "MDB entry replacement"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010"
 log_test $? 0 "MDB entry presence after replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
 log_test $? 0 "MDB entry deletion"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010"
 log_test $? 254 "MDB entry presence after deletion"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
 log_test $? 255 "Non-existent MDB entry deletion"

 # Default protocol and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"proto static\""
 log_test $? 0 "MDB entry default protocol"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent proto 123 dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"proto 123\""
 log_test $? 0 "MDB entry protocol replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"

 # Default destination port and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \" dst_port \""
 log_test $? 1 "MDB entry default destination port"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip dst_port 1234 src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"dst_port 1234\""
 log_test $? 0 "MDB entry destination port replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"

 # Default destination VNI and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \" vni \""
 log_test $? 1 "MDB entry default destination VNI"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni 1234 src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"vni 1234\""
 log_test $? 0 "MDB entry destination VNI replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"

 # Default outgoing interface and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \" via \""
 log_test $? 1 "MDB entry default outgoing interface"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010 via veth0"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 $grp_key src_vni 10010 | grep \"via veth0\""
 log_test $? 0 "MDB entry outgoing interface replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"

 # Common error cases.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port veth0 $grp_key permanent dst $vtep_ip src_vni 10010"
 log_test $? 255 "MDB entry with mismatch between device and port"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key temp dst $vtep_ip src_vni 10010"
 log_test $? 255 "MDB entry with temp state"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent vid 10 dst $vtep_ip src_vni 10010"
 log_test $? 255 "MDB entry with VLAN"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp 01:02:03:04:05:06 permanent dst $vtep_ip src_vni 10010"
 log_test $? 255 "MDB entry MAC address"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent"
 log_test $? 255 "MDB entry without extended parameters"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent proto 3 dst $vtep_ip src_vni 10010"
 log_test $? 255 "MDB entry with an invalid protocol"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip vni $((2 ** 24)) src_vni 10010"
 log_test $? 255 "MDB entry with an invalid destination VNI"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni $((2 ** 24))"
 log_test $? 255 "MDB entry with an invalid source VNI"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent src_vni 10010"
 log_test $? 255 "MDB entry without a remote destination IP"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 $grp_key permanent dst $vtep_ip src_vni 10010"
 log_test $? 255 "Duplicate MDB entries"
 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 $grp_key dst $vtep_ip src_vni 10010"
}

basic_star_g_ipv4_ipv4()
{
 local ns1=$ns1_v4
 local grp_key="grp 239.1.1.1"
 local vtep_ip=198.51.100.100

 echo
 echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv4 underlay"
 echo "--------------------------------------------------------------------"

 basic_common $ns1 "$grp_key" $vtep_ip
}

basic_star_g_ipv6_ipv4()
{
 local ns1=$ns1_v4
 local grp_key="grp ff0e::1"
 local vtep_ip=198.51.100.100

 echo
 echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv4 underlay"
 echo "--------------------------------------------------------------------"

 basic_common $ns1 "$grp_key" $vtep_ip
}

basic_star_g_ipv4_ipv6()
{
 local ns1=$ns1_v6
 local grp_key="grp 239.1.1.1"
 local vtep_ip=2001:db8:1000::1

 echo
 echo "Control path: Basic (*, G) operations - IPv4 overlay / IPv6 underlay"
 echo "--------------------------------------------------------------------"

 basic_common $ns1 "$grp_key" $vtep_ip
}

basic_star_g_ipv6_ipv6()
{
 local ns1=$ns1_v6
 local grp_key="grp ff0e::1"
 local vtep_ip=2001:db8:1000::1

 echo
 echo "Control path: Basic (*, G) operations - IPv6 overlay / IPv6 underlay"
 echo "--------------------------------------------------------------------"

 basic_common $ns1 "$grp_key" $vtep_ip
}

basic_sg_ipv4_ipv4()
{
 local ns1=$ns1_v4
 local grp_key="grp 239.1.1.1 src 192.0.2.129"
 local vtep_ip=198.51.100.100

 echo
 echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv4 underlay"
 echo "--------------------------------------------------------------------"

 basic_common $ns1 "$grp_key" $vtep_ip
}

basic_sg_ipv6_ipv4()
{
 local ns1=$ns1_v4
 local grp_key="grp ff0e::1 src 2001:db8:100::1"
 local vtep_ip=198.51.100.100

 echo
 echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv4 underlay"
 echo "---------------------------------------------------------------------"

 basic_common $ns1 "$grp_key" $vtep_ip
}

basic_sg_ipv4_ipv6()
{
 local ns1=$ns1_v6
 local grp_key="grp 239.1.1.1 src 192.0.2.129"
 local vtep_ip=2001:db8:1000::1

 echo
 echo "Control path: Basic (S, G) operations - IPv4 overlay / IPv6 underlay"
 echo "--------------------------------------------------------------------"

 basic_common $ns1 "$grp_key" $vtep_ip
}

basic_sg_ipv6_ipv6()
{
 local ns1=$ns1_v6
 local grp_key="grp ff0e::1 src 2001:db8:100::1"
 local vtep_ip=2001:db8:1000::1

 echo
 echo "Control path: Basic (S, G) operations - IPv6 overlay / IPv6 underlay"
 echo "--------------------------------------------------------------------"

 basic_common $ns1 "$grp_key" $vtep_ip
}

star_g_common()
{
 local ns1=$1; shift
 local grp=$1; shift
 local src1=$1; shift
 local src2=$1; shift
 local src3=$1; shift
 local vtep_ip=$1; shift
 local all_zeros_grp=$1; shift

 # Test control path operations specific to (*, G) entries.

 # Basic add, replace and delete behavior.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
 log_test $? 0 "(*, G) MDB entry addition with source list"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010"
 log_test $? 0 "(*, G) MDB entry presence after addition"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
 log_test $? 0 "(S, G) MDB entry presence after addition"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
 log_test $? 0 "(*, G) MDB entry replacement with source list"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010"
 log_test $? 0 "(*, G) MDB entry presence after replacement"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
 log_test $? 0 "(S, G) MDB entry presence after replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"
 log_test $? 0 "(*, G) MDB entry deletion"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010"
 log_test $? 254 "(*, G) MDB entry presence after deletion"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
 log_test $? 254 "(S, G) MDB entry presence after deletion"

 # Default filter mode and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep exclude"
 log_test $? 0 "(*, G) MDB entry default filter mode"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $src1 dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep include"
 log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"include\""
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
 log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"include\""
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep blocked"
 log_test $? 1 "\"blocked\" flag after replacing filter mode to \"include\""

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep exclude"
 log_test $? 0 "(*, G) MDB entry after replacing filter mode to \"exclude\""
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grep grp $grp src $src1 src_vni 10010"
 log_test $? 0 "(S, G) MDB entry after replacing filter mode to \"exclude\""
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep blocked"
 log_test $? 0 "\"blocked\" flag after replacing filter mode to \"exclude\""

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"

 # Default source list and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep source_list"
 log_test $? 1 "(*, G) MDB entry default source list"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src2,$src3 dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
 log_test $? 0 "(S, G) MDB entry of 1st source after replacing source list"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src2 src_vni 10010"
 log_test $? 0 "(S, G) MDB entry of 2nd source after replacing source list"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src3 src_vni 10010"
 log_test $? 0 "(S, G) MDB entry of 3rd source after replacing source list"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1,$src3 dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010"
 log_test $? 0 "(S, G) MDB entry of 1st source after removing source"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src2 src_vni 10010"
 log_test $? 254 "(S, G) MDB entry of 2nd source after removing source"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src3 src_vni 10010"
 log_test $? 0 "(S, G) MDB entry of 3rd source after removing source"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"

 # Default protocol and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \"proto static\""
 log_test $? 0 "(*, G) MDB entry default protocol"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \"proto static\""
 log_test $? 0 "(S, G) MDB entry default protocol"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 proto bgp dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \"proto bgp\""
 log_test $? 0 "(*, G) MDB entry protocol after replacement"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \"proto bgp\""
 log_test $? 0 "(S, G) MDB entry protocol after replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"

 # Default destination port and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" dst_port \""
 log_test $? 1 "(*, G) MDB entry default destination port"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" dst_port \""
 log_test $? 1 "(S, G) MDB entry default destination port"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip dst_port 1234 src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" dst_port 1234 \""
 log_test $? 0 "(*, G) MDB entry destination port after replacement"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" dst_port 1234 \""
 log_test $? 0 "(S, G) MDB entry destination port after replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"

 # Default destination VNI and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" vni \""
 log_test $? 1 "(*, G) MDB entry default destination VNI"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" vni \""
 log_test $? 1 "(S, G) MDB entry default destination VNI"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip vni 1234 src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" vni 1234 \""
 log_test $? 0 "(*, G) MDB entry destination VNI after replacement"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" vni 1234 \""
 log_test $? 0 "(S, G) MDB entry destination VNI after replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"

 # Default outgoing interface and replacement.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" via \""
 log_test $? 1 "(*, G) MDB entry default outgoing interface"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" via \""
 log_test $? 1 "(S, G) MDB entry default outgoing interface"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $src1 dst $vtep_ip src_vni 10010 via veth0"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src_vni 10010 | grep \" via veth0 \""
 log_test $? 0 "(*, G) MDB entry outgoing interface after replacement"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src1 src_vni 10010 | grep \" via veth0 \""
 log_test $? 0 "(S, G) MDB entry outgoing interface after replacement"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep_ip src_vni 10010"

 # Error cases.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent filter_mode exclude dst $vtep_ip src_vni 10010"
 log_test $? 255 "All-zeros group with filter mode"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp permanent source_list $src1 dst $vtep_ip src_vni 10010"
 log_test $? 255 "All-zeros group with source list"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode include dst $vtep_ip src_vni 10010"
 log_test $? 255 "(*, G) INCLUDE with an empty source list"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $grp dst $vtep_ip src_vni 10010"
 log_test $? 255 "Invalid source in source list"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp permanent source_list $src1 dst $vtep_ip src_vni 10010"
 log_test $? 255 "Source list without filter mode"
}

star_g_ipv4_ipv4()
{
 local ns1=$ns1_v4
 local grp=239.1.1.1
 local src1=192.0.2.129
 local src2=192.0.2.130
 local src3=192.0.2.131
 local vtep_ip=198.51.100.100
 local all_zeros_grp=0.0.0.0

 echo
 echo "Control path: (*, G) operations - IPv4 overlay / IPv4 underlay"
 echo "--------------------------------------------------------------"

 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp
}

star_g_ipv6_ipv4()
{
 local ns1=$ns1_v4
 local grp=ff0e::1
 local src1=2001:db8:100::1
 local src2=2001:db8:100::2
 local src3=2001:db8:100::3
 local vtep_ip=198.51.100.100
 local all_zeros_grp=::

 echo
 echo "Control path: (*, G) operations - IPv6 overlay / IPv4 underlay"
 echo "--------------------------------------------------------------"

 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp
}

star_g_ipv4_ipv6()
{
 local ns1=$ns1_v6
 local grp=239.1.1.1
 local src1=192.0.2.129
 local src2=192.0.2.130
 local src3=192.0.2.131
 local vtep_ip=2001:db8:1000::1
 local all_zeros_grp=0.0.0.0

 echo
 echo "Control path: (*, G) operations - IPv4 overlay / IPv6 underlay"
 echo "--------------------------------------------------------------"

 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp
}

star_g_ipv6_ipv6()
{
 local ns1=$ns1_v6
 local grp=ff0e::1
 local src1=2001:db8:100::1
 local src2=2001:db8:100::2
 local src3=2001:db8:100::3
 local vtep_ip=2001:db8:1000::1
 local all_zeros_grp=::

 echo
 echo "Control path: (*, G) operations - IPv6 overlay / IPv6 underlay"
 echo "--------------------------------------------------------------"

 star_g_common $ns1 $grp $src1 $src2 $src3 $vtep_ip $all_zeros_grp
}

sg_common()
{
 local ns1=$1; shift
 local grp=$1; shift
 local src=$1; shift
 local vtep_ip=$1; shift
 local all_zeros_grp=$1; shift

 # Test control path operations specific to (S, G) entries.

 # Default filter mode.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010"
 run_cmd "bridge -n $ns1 -d -s mdb get dev vx0 grp $grp src $src src_vni 10010 | grep include"
 log_test $? 0 "(S, G) MDB entry default filter mode"

 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp src $src permanent dst $vtep_ip src_vni 10010"

 # Error cases.
 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent filter_mode include dst $vtep_ip src_vni 10010"
 log_test $? 255 "(S, G) with filter mode"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $src permanent source_list $src dst $vtep_ip src_vni 10010"
 log_test $? 255 "(S, G) with source list"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $grp src $grp permanent dst $vtep_ip src_vni 10010"
 log_test $? 255 "(S, G) with an invalid source list"

 run_cmd "bridge -n $ns1 mdb add dev vx0 port vx0 grp $all_zeros_grp src $src permanent dst $vtep_ip src_vni 10010"
 log_test $? 255 "All-zeros group with source"
}

sg_ipv4_ipv4()
{
 local ns1=$ns1_v4
 local grp=239.1.1.1
 local src=192.0.2.129
 local vtep_ip=198.51.100.100
 local all_zeros_grp=0.0.0.0

 echo
 echo "Control path: (S, G) operations - IPv4 overlay / IPv4 underlay"
 echo "--------------------------------------------------------------"

 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp
}

sg_ipv6_ipv4()
{
 local ns1=$ns1_v4
 local grp=ff0e::1
 local src=2001:db8:100::1
 local vtep_ip=198.51.100.100
 local all_zeros_grp=::

 echo
 echo "Control path: (S, G) operations - IPv6 overlay / IPv4 underlay"
 echo "--------------------------------------------------------------"

 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp
}

sg_ipv4_ipv6()
{
 local ns1=$ns1_v6
 local grp=239.1.1.1
 local src=192.0.2.129
 local vtep_ip=2001:db8:1000::1
 local all_zeros_grp=0.0.0.0

 echo
 echo "Control path: (S, G) operations - IPv4 overlay / IPv6 underlay"
 echo "--------------------------------------------------------------"

 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp
}

sg_ipv6_ipv6()
{
 local ns1=$ns1_v6
 local grp=ff0e::1
 local src=2001:db8:100::1
 local vtep_ip=2001:db8:1000::1
 local all_zeros_grp=::

 echo
 echo "Control path: (S, G) operations - IPv6 overlay / IPv6 underlay"
 echo "--------------------------------------------------------------"

 sg_common $ns1 $grp $src $vtep_ip $all_zeros_grp
}

ipv4_grps_get()
{
 local max_grps=$1; shift
 local i

 for i in $(seq 0 $((max_grps - 1))); do
  echo "239.1.1.$i"
 done
}

ipv6_grps_get()
{
 local max_grps=$1; shift
 local i

 for i in $(seq 0 $((max_grps - 1))); do
  echo "ff0e::$(printf %x $i)"
 done
}

dump_common()
{
 local ns1=$1; shift
 local local_addr=$1; shift
 local remote_prefix=$1; shift
 local fn=$1; shift
 local max_vxlan_devs=2
 local max_remotes=64
 local max_grps=256
 local num_entries
 local batch_file
 local grp
 local i j

 # The kernel maintains various markers for the MDB dump. Add a test for
 # large scale MDB dump to make sure that all the configured entries are
 # dumped and that the markers are used correctly.

 # Create net devices.
 for i in $(seq 1 $max_vxlan_devs); do
  ip -n $ns1 link add name vx-test${i} up type vxlan \
   local $local_addr dstport 4789 external vnifilter
 done

 # Create batch file with MDB entries.
 batch_file=$(mktemp)
 for i in $(seq 1 $max_vxlan_devs); do
  for j in $(seq 1 $max_remotes); do
   for grp in $($fn $max_grps); do
    echo "mdb add dev vx-test${i} port vx-test${i} grp $grp permanent dst ${remote_prefix}${j}" >> $batch_file
   done
  done
 done

 # Program the batch file and check for expected number of entries.
 bridge -n $ns1 -b $batch_file
 for i in $(seq 1 $max_vxlan_devs); do
  num_entries=$(bridge -n $ns1 mdb show dev vx-test${i} | grep "permanent" | wc -l)
  [[ $num_entries -eq $((max_grps * max_remotes)) ]]
  log_test $? 0 "Large scale dump - VXLAN device #$i"
 done

 rm -rf $batch_file
}

dump_ipv4_ipv4()
{
 local ns1=$ns1_v4
 local local_addr=192.0.2.1
 local remote_prefix=198.51.100.
 local fn=ipv4_grps_get

 echo
 echo "Control path: Large scale MDB dump - IPv4 overlay / IPv4 underlay"
 echo "-----------------------------------------------------------------"

 dump_common $ns1 $local_addr $remote_prefix $fn
}

dump_ipv6_ipv4()
{
 local ns1=$ns1_v4
 local local_addr=192.0.2.1
 local remote_prefix=198.51.100.
 local fn=ipv6_grps_get

 echo
 echo "Control path: Large scale MDB dump - IPv6 overlay / IPv4 underlay"
 echo "-----------------------------------------------------------------"

 dump_common $ns1 $local_addr $remote_prefix $fn
}

dump_ipv4_ipv6()
{
 local ns1=$ns1_v6
 local local_addr=2001:db8:1::1
 local remote_prefix=2001:db8:1000::
 local fn=ipv4_grps_get

 echo
 echo "Control path: Large scale MDB dump - IPv4 overlay / IPv6 underlay"
 echo "-----------------------------------------------------------------"

 dump_common $ns1 $local_addr $remote_prefix $fn
}

dump_ipv6_ipv6()
{
 local ns1=$ns1_v6
 local local_addr=2001:db8:1::1
 local remote_prefix=2001:db8:1000::
 local fn=ipv6_grps_get

 echo
 echo "Control path: Large scale MDB dump - IPv6 overlay / IPv6 underlay"
 echo "-----------------------------------------------------------------"

 dump_common $ns1 $local_addr $remote_prefix $fn
}

flush()
{
 local num_entries

 echo
 echo "Control path: Flush"
 echo "-------------------"

 # Add entries with different attributes and check that they are all
 # flushed when the flush command is given with no parameters.

 # Different source VNI.
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.2 permanent dst 198.51.100.1 src_vni 10011"

 # Different routing protocol.
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.3 permanent proto bgp dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.4 permanent proto zebra dst 198.51.100.1 src_vni 10010"

 # Different destination IP.
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.5 permanent dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.6 permanent dst 198.51.100.2 src_vni 10010"

 # Different destination port.
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.7 permanent dst 198.51.100.1 dst_port 11111 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.8 permanent dst 198.51.100.1 dst_port 22222 src_vni 10010"

 # Different VNI.
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.9 permanent dst 198.51.100.1 vni 10010 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.10 permanent dst 198.51.100.1 vni 10020 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0"
 num_entries=$(bridge -n $ns1_v4 mdb show dev vx0 | wc -l)
 [[ $num_entries -eq 0 ]]
 log_test $? 0 "Flush all"

 # Check that entries are flushed when port is specified as the VXLAN
 # device and that an error is returned when port is specified as a
 # different net device.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.2 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 port vx0"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010"
 log_test $? 254 "Flush by port - matching"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 port veth0"
 log_test $? 255 "Flush by port - non-matching"

 # Check that when flushing by source VNI only entries programmed with
 # the specified source VNI are flushed and the rest are not.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.2 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.1 src_vni 10011"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.2 src_vni 10011"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010"
 log_test $? 254 "Flush by source VNI - matching"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10011"
 log_test $? 0 "Flush by source VNI - non-matching"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0"

 # Check that all entries are flushed when "permanent" is specified and
 # that an error is returned when "nopermanent" is specified.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.2 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 permanent"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010"
 log_test $? 254 "Flush by \"permanent\" state"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 nopermanent"
 log_test $? 255 "Flush by \"nopermanent\" state"

 # Check that when flushing by routing protocol only entries programmed
 # with the specified routing protocol are flushed and the rest are not.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent proto bgp dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent proto zebra dst 198.51.100.2 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 proto bgp"

 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep \"proto bgp\""
 log_test $? 1 "Flush by routing protocol - matching"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep \"proto zebra\""
 log_test $? 0 "Flush by routing protocol - non-matching"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0"

 # Check that when flushing by destination IP only entries programmed
 # with the specified destination IP are flushed and the rest are not.

 # IPv4.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.2 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 dst 198.51.100.2"

 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep 198.51.100.2"
 log_test $? 1 "Flush by IPv4 destination IP - matching"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep 198.51.100.1"
 log_test $? 0 "Flush by IPv4 destination IP - non-matching"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0"

 # IPv6.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 2001:db8:1000::1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 2001:db8:1000::2 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 dst 2001:db8:1000::2"

 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep 2001:db8:1000::2"
 log_test $? 1 "Flush by IPv6 destination IP - matching"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep 2001:db8:1000::1"
 log_test $? 0 "Flush by IPv6 destination IP - non-matching"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0"

 # Check that when flushing by UDP destination port only entries
 # programmed with the specified port are flushed and the rest are not.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst_port 11111 dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst_port 22222 dst 198.51.100.2 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 dst_port 11111"

 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep \"dst_port 11111\""
 log_test $? 1 "Flush by UDP destination port - matching"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep \"dst_port 22222\""
 log_test $? 0 "Flush by UDP destination port - non-matching"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0"

 # When not specifying a UDP destination port for an entry, traffic is
 # encapsulated with the device's UDP destination port. Check that when
 # flushing by the device's UDP destination port only entries programmed
 # with this port are flushed and the rest are not.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst_port 22222 dst 198.51.100.2 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 dst_port 4789"

 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep 198.51.100.1"
 log_test $? 1 "Flush by device's UDP destination port - matching"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep 198.51.100.2"
 log_test $? 0 "Flush by device's UDP destination port - non-matching"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0"

 # Check that when flushing by destination VNI only entries programmed
 # with the specified destination VNI are flushed and the rest are not.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent vni 20010 dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent vni 20011 dst 198.51.100.2 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 vni 20010"

 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep \" vni 20010\""
 log_test $? 1 "Flush by destination VNI - matching"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep \" vni 20011\""
 log_test $? 0 "Flush by destination VNI - non-matching"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0"

 # When not specifying a destination VNI for an entry, traffic is
 # encapsulated with the source VNI. Check that when flushing by a
 # destination VNI that is equal to the source VNI only such entries are
 # flushed and the rest are not.

 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent dst 198.51.100.1 src_vni 10010"
 run_cmd "bridge -n $ns1_v4 mdb add dev vx0 port vx0 grp 239.1.1.1 permanent vni 20010 dst 198.51.100.2 src_vni 10010"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 vni 10010"

 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep 198.51.100.1"
 log_test $? 1 "Flush by destination VNI equal to source VNI - matching"
 run_cmd "bridge -n $ns1_v4 -d -s mdb get dev vx0 grp 239.1.1.1 src_vni 10010 | grep 198.51.100.2"
 log_test $? 0 "Flush by destination VNI equal to source VNI - non-matching"

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0"

 # Test that an error is returned when trying to flush using VLAN ID.

 run_cmd "bridge -n $ns1_v4 mdb flush dev vx0 vid 10"
 log_test $? 255 "Flush by VLAN ID"
}

################################################################################
# Tests - Data path

encap_params_common()
{
 local ns1=$1; shift
 local ns2=$1; shift
 local vtep1_ip=$1; shift
 local vtep2_ip=$1; shift
 local plen=$1; shift
 local enc_ethtype=$1; shift
 local grp=$1; shift
 local grp_dmac=$1; shift
 local src=$1; shift
 local mz=$1; shift

 # Test that packets forwarded by the VXLAN MDB are encapsulated with
 # the correct parameters. Transmit packets from the first namespace and
 # check that they hit the corresponding filters on the ingress of the
 # second namespace.

 run_cmd "tc -n $ns2 qdisc replace dev veth0 clsact"
 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo"
 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo"

 # Check destination IP.
 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010"
 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep2_ip src_vni 10020"

 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass"
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Destination IP - match"

 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Destination IP - no match"

 run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower"
 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10020"
 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010"

 # Check destination port.
 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010"
 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip dst_port 1111 src_vni 10020"

 run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 4789 action pass"
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev veth0 ingress" 101 1
 log_test $? 0 "Default destination port - match"

 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev veth0 ingress" 101 1
 log_test $? 0 "Default destination port - no match"

 run_cmd "tc -n $ns2 filter replace dev veth0 ingress pref 1 handle 101 proto $enc_ethtype flower ip_proto udp dst_port 1111 action pass"
 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev veth0 ingress" 101 1
 log_test $? 0 "Non-default destination port - match"

 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev veth0 ingress" 101 1
 log_test $? 0 "Non-default destination port - no match"

 run_cmd "tc -n $ns2 filter del dev veth0 ingress pref 1 handle 101 flower"
 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020"
 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010"

 # Check default VNI.
 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10010"
 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip src_vni 10020"

 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10010 action pass"
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Default destination VNI - match"

 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Default destination VNI - no match"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10020 src_vni 10010"
 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent dst $vtep1_ip vni 10010 src_vni 10020"

 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_key_id 10020 action pass"
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Non-default destination VNI - match"

 run_cmd "ip netns exec $ns1 $mz br0.20 -a own -b $grp_dmac -A $src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Non-default destination VNI - no match"

 run_cmd "tc -n $ns2 filter del dev vx0 ingress pref 1 handle 101 flower"
 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10020"
 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep1_ip src_vni 10010"
}

encap_params_ipv4_ipv4()
{
 local ns1=$ns1_v4
 local ns2=$ns2_v4
 local vtep1_ip=198.51.100.100
 local vtep2_ip=198.51.100.200
 local plen=32
 local enc_ethtype="ip"
 local grp=239.1.1.1
 local grp_dmac=01:00:5e:01:01:01
 local src=192.0.2.129

 echo
 echo "Data path: Encapsulation parameters - IPv4 overlay / IPv4 underlay"
 echo "------------------------------------------------------------------"

 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \
  $grp $grp_dmac $src "mausezahn"
}

encap_params_ipv6_ipv4()
{
 local ns1=$ns1_v4
 local ns2=$ns2_v4
 local vtep1_ip=198.51.100.100
 local vtep2_ip=198.51.100.200
 local plen=32
 local enc_ethtype="ip"
 local grp=ff0e::1
 local grp_dmac=33:33:00:00:00:01
 local src=2001:db8:100::1

 echo
 echo "Data path: Encapsulation parameters - IPv6 overlay / IPv4 underlay"
 echo "------------------------------------------------------------------"

 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \
  $grp $grp_dmac $src "mausezahn -6"
}

encap_params_ipv4_ipv6()
{
 local ns1=$ns1_v6
 local ns2=$ns2_v6
 local vtep1_ip=2001:db8:1000::1
 local vtep2_ip=2001:db8:2000::1
 local plen=128
 local enc_ethtype="ipv6"
 local grp=239.1.1.1
 local grp_dmac=01:00:5e:01:01:01
 local src=192.0.2.129

 echo
 echo "Data path: Encapsulation parameters - IPv4 overlay / IPv6 underlay"
 echo "------------------------------------------------------------------"

 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \
  $grp $grp_dmac $src "mausezahn"
}

encap_params_ipv6_ipv6()
{
 local ns1=$ns1_v6
 local ns2=$ns2_v6
 local vtep1_ip=2001:db8:1000::1
 local vtep2_ip=2001:db8:2000::1
 local plen=128
 local enc_ethtype="ipv6"
 local grp=ff0e::1
 local grp_dmac=33:33:00:00:00:01
 local src=2001:db8:100::1

 echo
 echo "Data path: Encapsulation parameters - IPv6 overlay / IPv6 underlay"
 echo "------------------------------------------------------------------"

 encap_params_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $enc_ethtype \
  $grp $grp_dmac $src "mausezahn -6"
}

starg_exclude_ir_common()
{
 local ns1=$1; shift
 local ns2=$1; shift
 local vtep1_ip=$1; shift
 local vtep2_ip=$1; shift
 local plen=$1; shift
 local grp=$1; shift
 local grp_dmac=$1; shift
 local valid_src=$1; shift
 local invalid_src=$1; shift
 local mz=$1; shift

 # Install a (*, G) EXCLUDE MDB entry with one source and two remote
 # VTEPs. Make sure that the source in the source list is not forwarded
 # and that a source not in the list is forwarded. Remove one of the
 # VTEPs from the entry and make sure that packets are only forwarded to
 # the remaining VTEP.

 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo"
 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo"

 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass"
 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep1_ip src_vni 10010"
 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $vtep2_ip src_vni 10010"

 # Check that invalid source is not forwarded to any VTEP.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 0
 log_test $? 0 "Block excluded source - first VTEP"
 tc_check_packets "$ns2" "dev vx0 ingress" 102 0
 log_test $? 0 "Block excluded source - second VTEP"

 # Check that valid source is forwarded to both VTEPs.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Forward valid source - first VTEP"
 tc_check_packets "$ns2" "dev vx0 ingress" 102 1
 log_test $? 0 "Forward valid source - second VTEP"

 # Remove second VTEP.
 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010"

 # Check that invalid source is not forwarded to any VTEP.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Block excluded source after removal - first VTEP"
 tc_check_packets "$ns2" "dev vx0 ingress" 102 1
 log_test $? 0 "Block excluded source after removal - second VTEP"

 # Check that valid source is forwarded to the remaining VTEP.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 2
 log_test $? 0 "Forward valid source after removal - first VTEP"
 tc_check_packets "$ns2" "dev vx0 ingress" 102 1
 log_test $? 0 "Forward valid source after removal - second VTEP"
}

starg_exclude_ir_ipv4_ipv4()
{
 local ns1=$ns1_v4
 local ns2=$ns2_v4
 local vtep1_ip=198.51.100.100
 local vtep2_ip=198.51.100.200
 local plen=32
 local grp=239.1.1.1
 local grp_dmac=01:00:5e:01:01:01
 local valid_src=192.0.2.129
 local invalid_src=192.0.2.145

 echo
 echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv4 underlay"
 echo "-------------------------------------------------------------"

 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
  $grp_dmac $valid_src $invalid_src "mausezahn"
}

starg_exclude_ir_ipv6_ipv4()
{
 local ns1=$ns1_v4
 local ns2=$ns2_v4
 local vtep1_ip=198.51.100.100
 local vtep2_ip=198.51.100.200
 local plen=32
 local grp=ff0e::1
 local grp_dmac=33:33:00:00:00:01
 local valid_src=2001:db8:100::1
 local invalid_src=2001:db8:200::1

 echo
 echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv4 underlay"
 echo "-------------------------------------------------------------"

 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
  $grp_dmac $valid_src $invalid_src "mausezahn -6"
}

starg_exclude_ir_ipv4_ipv6()
{
 local ns1=$ns1_v6
 local ns2=$ns2_v6
 local vtep1_ip=2001:db8:1000::1
 local vtep2_ip=2001:db8:2000::1
 local plen=128
 local grp=239.1.1.1
 local grp_dmac=01:00:5e:01:01:01
 local valid_src=192.0.2.129
 local invalid_src=192.0.2.145

 echo
 echo "Data path: (*, G) EXCLUDE - IR - IPv4 overlay / IPv6 underlay"
 echo "-------------------------------------------------------------"

 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
  $grp_dmac $valid_src $invalid_src "mausezahn"
}

starg_exclude_ir_ipv6_ipv6()
{
 local ns1=$ns1_v6
 local ns2=$ns2_v6
 local vtep1_ip=2001:db8:1000::1
 local vtep2_ip=2001:db8:2000::1
 local plen=128
 local grp=ff0e::1
 local grp_dmac=33:33:00:00:00:01
 local valid_src=2001:db8:100::1
 local invalid_src=2001:db8:200::1

 echo
 echo "Data path: (*, G) EXCLUDE - IR - IPv6 overlay / IPv6 underlay"
 echo "-------------------------------------------------------------"

 starg_exclude_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
  $grp_dmac $valid_src $invalid_src "mausezahn -6"
}

starg_include_ir_common()
{
 local ns1=$1; shift
 local ns2=$1; shift
 local vtep1_ip=$1; shift
 local vtep2_ip=$1; shift
 local plen=$1; shift
 local grp=$1; shift
 local grp_dmac=$1; shift
 local valid_src=$1; shift
 local invalid_src=$1; shift
 local mz=$1; shift

 # Install a (*, G) INCLUDE MDB entry with one source and two remote
 # VTEPs. Make sure that the source in the source list is forwarded and
 # that a source not in the list is not forwarded. Remove one of the
 # VTEPs from the entry and make sure that packets are only forwarded to
 # the remaining VTEP.

 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
 run_cmd "ip -n $ns2 address replace $vtep1_ip/$plen dev lo"
 run_cmd "ip -n $ns2 address replace $vtep2_ip/$plen dev lo"

 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $vtep1_ip action pass"
 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 102 proto all flower enc_dst_ip $vtep2_ip action pass"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep1_ip src_vni 10010"
 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode include source_list $valid_src dst $vtep2_ip src_vni 10010"

 # Check that invalid source is not forwarded to any VTEP.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 0
 log_test $? 0 "Block excluded source - first VTEP"
 tc_check_packets "$ns2" "dev vx0 ingress" 102 0
 log_test $? 0 "Block excluded source - second VTEP"

 # Check that valid source is forwarded to both VTEPs.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Forward valid source - first VTEP"
 tc_check_packets "$ns2" "dev vx0 ingress" 102 1
 log_test $? 0 "Forward valid source - second VTEP"

 # Remove second VTEP.
 run_cmd "bridge -n $ns1 mdb del dev vx0 port vx0 grp $grp dst $vtep2_ip src_vni 10010"

 # Check that invalid source is not forwarded to any VTEP.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Block excluded source after removal - first VTEP"
 tc_check_packets "$ns2" "dev vx0 ingress" 102 1
 log_test $? 0 "Block excluded source after removal - second VTEP"

 # Check that valid source is forwarded to the remaining VTEP.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 2
 log_test $? 0 "Forward valid source after removal - first VTEP"
 tc_check_packets "$ns2" "dev vx0 ingress" 102 1
 log_test $? 0 "Forward valid source after removal - second VTEP"
}

starg_include_ir_ipv4_ipv4()
{
 local ns1=$ns1_v4
 local ns2=$ns2_v4
 local vtep1_ip=198.51.100.100
 local vtep2_ip=198.51.100.200
 local plen=32
 local grp=239.1.1.1
 local grp_dmac=01:00:5e:01:01:01
 local valid_src=192.0.2.129
 local invalid_src=192.0.2.145

 echo
 echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv4 underlay"
 echo "-------------------------------------------------------------"

 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
  $grp_dmac $valid_src $invalid_src "mausezahn"
}

starg_include_ir_ipv6_ipv4()
{
 local ns1=$ns1_v4
 local ns2=$ns2_v4
 local vtep1_ip=198.51.100.100
 local vtep2_ip=198.51.100.200
 local plen=32
 local grp=ff0e::1
 local grp_dmac=33:33:00:00:00:01
 local valid_src=2001:db8:100::1
 local invalid_src=2001:db8:200::1

 echo
 echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv4 underlay"
 echo "-------------------------------------------------------------"

 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
  $grp_dmac $valid_src $invalid_src "mausezahn -6"
}

starg_include_ir_ipv4_ipv6()
{
 local ns1=$ns1_v6
 local ns2=$ns2_v6
 local vtep1_ip=2001:db8:1000::1
 local vtep2_ip=2001:db8:2000::1
 local plen=128
 local grp=239.1.1.1
 local grp_dmac=01:00:5e:01:01:01
 local valid_src=192.0.2.129
 local invalid_src=192.0.2.145

 echo
 echo "Data path: (*, G) INCLUDE - IR - IPv4 overlay / IPv6 underlay"
 echo "-------------------------------------------------------------"

 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
  $grp_dmac $valid_src $invalid_src "mausezahn"
}

starg_include_ir_ipv6_ipv6()
{
 local ns1=$ns1_v6
 local ns2=$ns2_v6
 local vtep1_ip=2001:db8:1000::1
 local vtep2_ip=2001:db8:2000::1
 local plen=128
 local grp=ff0e::1
 local grp_dmac=33:33:00:00:00:01
 local valid_src=2001:db8:100::1
 local invalid_src=2001:db8:200::1

 echo
 echo "Data path: (*, G) INCLUDE - IR - IPv6 overlay / IPv6 underlay"
 echo "-------------------------------------------------------------"

 starg_include_ir_common $ns1 $ns2 $vtep1_ip $vtep2_ip $plen $grp \
  $grp_dmac $valid_src $invalid_src "mausezahn -6"
}

starg_exclude_p2mp_common()
{
 local ns1=$1; shift
 local ns2=$1; shift
 local mcast_grp=$1; shift
 local plen=$1; shift
 local grp=$1; shift
 local grp_dmac=$1; shift
 local valid_src=$1; shift
 local invalid_src=$1; shift
 local mz=$1; shift

 # Install a (*, G) EXCLUDE MDB entry with one source and one multicast
 # group to which packets are sent. Make sure that the source in the
 # source list is not forwarded and that a source not in the list is
 # forwarded.

 run_cmd "tc -n $ns2 qdisc replace dev vx0 clsact"
 run_cmd "ip -n $ns2 address replace $mcast_grp/$plen dev veth0 autojoin"

 run_cmd "tc -n $ns2 filter replace dev vx0 ingress pref 1 handle 101 proto all flower enc_dst_ip $mcast_grp action pass"

 run_cmd "bridge -n $ns1 mdb replace dev vx0 port vx0 grp $grp permanent filter_mode exclude source_list $invalid_src dst $mcast_grp src_vni 10010 via veth0"

 # Check that invalid source is not forwarded.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $invalid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 0
 log_test $? 0 "Block excluded source"

 # Check that valid source is forwarded.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Forward valid source"

 # Remove the VTEP from the multicast group.
 run_cmd "ip -n $ns2 address del $mcast_grp/$plen dev veth0"

 # Check that valid source is not received anymore.
 run_cmd "ip netns exec $ns1 $mz br0.10 -a own -b $grp_dmac -A $valid_src -B $grp -t udp sp=12345,dp=54321 -p 100 -c 1 -q"
 tc_check_packets "$ns2" "dev vx0 ingress" 101 1
 log_test $? 0 "Receive of valid source after removal from group"
}

starg_exclude_p2mp_ipv4_ipv4()
{
 local ns1=$ns1_v4
 local ns2=$ns2_v4
 local mcast_grp=238.1.1.1
 local plen=32
 local grp=239.1.1.1
 local grp_dmac=01:00:5e:01:01:01
 local valid_src=192.0.2.129
 local invalid_src=192.0.2.145

 echo
 echo "Data path: (*, G) EXCLUDE - P2MP - IPv4 overlay / IPv4 underlay"
 echo "---------------------------------------------------------------"

 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \
  $valid_src $invalid_src "mausezahn"
}

starg_exclude_p2mp_ipv6_ipv4()
{
 local ns1=$ns1_v4
 local ns2=$ns2_v4
 local mcast_grp=238.1.1.1
 local plen=32
 local grp=ff0e::1
 local grp_dmac=33:33:00:00:00:01
 local valid_src=2001:db8:100::1
 local invalid_src=2001:db8:200::1

 echo
 echo "Data path: (*, G) EXCLUDE - P2MP - IPv6 overlay / IPv4 underlay"
 echo "---------------------------------------------------------------"

 starg_exclude_p2mp_common $ns1 $ns2 $mcast_grp $plen $grp $grp_dmac \
  $valid_src $invalid_src "mausezahn -6"
}

starg_exclude_p2mp_ipv4_ipv6()
{
 local ns1=$ns1_v6
 local ns2=$ns2_v6
 local mcast_grp=ff0e::2
 local plen=128
 local grp=239.1.1.1
--> --------------------

--> maximum size reached

--> --------------------