1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Test that blackhole routes are marked as offloaded and that packets hitting 5# them are dropped by the ASIC and not by the kernel. 6# 7# +---------------------------------+ 8# | H1 (vrf) | 9# | + $h1 | 10# | | 192.0.2.1/24 | 11# | | 2001:db8:1::1/64 | 12# | | | 13# | | default via 192.0.2.2 | 14# | | default via 2001:db8:1::2 | 15# +----|----------------------------+ 16# | 17# +----|----------------------------------------------------------------------+ 18# | SW | | 19# | + $rp1 | 20# | 192.0.2.2/24 | 21# | 2001:db8:1::2/64 | 22# | | 23# | 2001:db8:2::2/64 | 24# | 198.51.100.2/24 | 25# | + $rp2 | 26# | | | 27# +----|----------------------------------------------------------------------+ 28# | 29# +----|----------------------------+ 30# | | default via 198.51.100.2 | 31# | | default via 2001:db8:2::2 | 32# | | | 33# | | 2001:db8:2::1/64 | 34# | | 198.51.100.1/24 | 35# | + $h2 | 36# | H2 (vrf) | 37# +---------------------------------+ 38 39lib_dir=$(dirname $0)/../../../net/forwarding 40 41ALL_TESTS=" 42 ping_ipv4 43 ping_ipv6 44 blackhole_ipv4 45 blackhole_ipv6 46" 47NUM_NETIFS=4 48source $lib_dir/tc_common.sh 49source $lib_dir/lib.sh 50 51h1_create() 52{ 53 simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64 54 55 ip -4 route add default vrf v$h1 nexthop via 192.0.2.2 56 ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2 57} 58 59h1_destroy() 60{ 61 ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2 62 ip -4 route del default vrf v$h1 nexthop via 192.0.2.2 63 64 simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64 65} 66 67h2_create() 68{ 69 simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64 70 71 ip -4 route add default vrf v$h2 nexthop via 198.51.100.2 72 ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2 73} 74 75h2_destroy() 76{ 77 ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2 78 ip -4 route del default vrf v$h2 nexthop via 198.51.100.2 79 80 simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64 81} 82 83router_create() 84{ 85 ip link set dev $rp1 up 86 ip link set dev $rp2 up 87 88 tc qdisc add dev $rp1 clsact 89 90 __addr_add_del $rp1 add 192.0.2.2/24 2001:db8:1::2/64 91 __addr_add_del $rp2 add 198.51.100.2/24 2001:db8:2::2/64 92} 93 94router_destroy() 95{ 96 __addr_add_del $rp2 del 198.51.100.2/24 2001:db8:2::2/64 97 __addr_add_del $rp1 del 192.0.2.2/24 2001:db8:1::2/64 98 99 tc qdisc del dev $rp1 clsact 100 101 ip link set dev $rp2 down 102 ip link set dev $rp1 down 103} 104 105ping_ipv4() 106{ 107 ping_test $h1 198.51.100.1 ": h1->h2" 108} 109 110ping_ipv6() 111{ 112 ping6_test $h1 2001:db8:2::1 ": h1->h2" 113} 114 115blackhole_ipv4() 116{ 117 # Transmit packets from H1 to H2 and make sure they are dropped by the 118 # ASIC and not by the kernel 119 RET=0 120 121 ip -4 route add blackhole 198.51.100.0/30 122 tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ 123 skip_hw dst_ip 198.51.100.1 src_ip 192.0.2.1 ip_proto icmp \ 124 action pass 125 126 ip -4 route show 198.51.100.0/30 | grep -q offload 127 check_err $? "route not marked as offloaded when should" 128 129 ping_do $h1 198.51.100.1 130 check_fail $? "ping passed when should not" 131 132 tc_check_packets "dev $rp1 ingress" 101 0 133 check_err $? "packets trapped and not dropped by ASIC" 134 135 log_test "IPv4 blackhole route" 136 137 tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower 138 ip -4 route del blackhole 198.51.100.0/30 139} 140 141blackhole_ipv6() 142{ 143 RET=0 144 145 ip -6 route add blackhole 2001:db8:2::/120 146 tc filter add dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower \ 147 skip_hw dst_ip 2001:db8:2::1 src_ip 2001:db8:1::1 \ 148 ip_proto icmpv6 action pass 149 150 ip -6 route show 2001:db8:2::/120 | grep -q offload 151 check_err $? "route not marked as offloaded when should" 152 153 ping6_do $h1 2001:db8:2::1 154 check_fail $? "ping passed when should not" 155 156 tc_check_packets "dev $rp1 ingress" 101 0 157 check_err $? "packets trapped and not dropped by ASIC" 158 159 log_test "IPv6 blackhole route" 160 161 tc filter del dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower 162 ip -6 route del blackhole 2001:db8:2::/120 163} 164 165setup_prepare() 166{ 167 h1=${NETIFS[p1]} 168 rp1=${NETIFS[p2]} 169 170 rp2=${NETIFS[p3]} 171 h2=${NETIFS[p4]} 172 173 vrf_prepare 174 forwarding_enable 175 176 h1_create 177 h2_create 178 router_create 179} 180 181cleanup() 182{ 183 pre_cleanup 184 185 router_destroy 186 h2_destroy 187 h1_destroy 188 189 forwarding_restore 190 vrf_cleanup 191} 192 193trap cleanup EXIT 194 195setup_prepare 196setup_wait 197 198tests_run 199 200exit $EXIT_STATUS 201