1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4lib_dir=$(dirname $0)/../../../net/forwarding
5
6ALL_TESTS="
7	shared_block_drop_test
8	egress_redirect_test
9	multi_mirror_test
10	matchall_sample_egress_test
11	matchall_mirror_behind_flower_ingress_test
12	matchall_sample_behind_flower_ingress_test
13	matchall_mirror_behind_flower_egress_test
14"
15NUM_NETIFS=2
16
17source $lib_dir/tc_common.sh
18source $lib_dir/lib.sh
19
20switch_create()
21{
22	simple_if_init $swp1 192.0.2.1/24
23	simple_if_init $swp2 192.0.2.2/24
24}
25
26switch_destroy()
27{
28	simple_if_fini $swp2 192.0.2.2/24
29	simple_if_fini $swp1 192.0.2.1/24
30}
31
32shared_block_drop_test()
33{
34	RET=0
35
36	# It is forbidden in mlxsw driver to have mixed-bound
37	# shared block with a drop rule.
38
39	tc qdisc add dev $swp1 ingress_block 22 clsact
40	check_err $? "Failed to create clsact with ingress block"
41
42	tc filter add block 22 protocol ip pref 1 handle 101 flower \
43		skip_sw dst_ip 192.0.2.2 action drop
44	check_err $? "Failed to add drop rule to ingress bound block"
45
46	tc qdisc add dev $swp2 ingress_block 22 clsact
47	check_err $? "Failed to create another clsact with ingress shared block"
48
49	tc qdisc del dev $swp2 clsact
50
51	tc qdisc add dev $swp2 egress_block 22 clsact
52	check_fail $? "Incorrect success to create another clsact with egress shared block"
53
54	tc filter del block 22 protocol ip pref 1 handle 101 flower
55
56	tc qdisc add dev $swp2 egress_block 22 clsact
57	check_err $? "Failed to create another clsact with egress shared block after blocker drop rule removed"
58
59	tc filter add block 22 protocol ip pref 1 handle 101 flower \
60		skip_sw dst_ip 192.0.2.2 action drop
61	check_fail $? "Incorrect success to add drop rule to mixed bound block"
62
63	tc qdisc del dev $swp1 clsact
64
65	tc qdisc add dev $swp1 egress_block 22 clsact
66	check_err $? "Failed to create another clsact with egress shared block"
67
68	tc filter add block 22 protocol ip pref 1 handle 101 flower \
69		skip_sw dst_ip 192.0.2.2 action drop
70	check_err $? "Failed to add drop rule to egress bound shared block"
71
72	tc filter del block 22 protocol ip pref 1 handle 101 flower
73
74	tc qdisc del dev $swp2 clsact
75	tc qdisc del dev $swp1 clsact
76
77	log_test "shared block drop"
78}
79
80egress_redirect_test()
81{
82	RET=0
83
84	# It is forbidden in mlxsw driver to have mirred redirect on
85	# egress-bound block.
86
87	tc qdisc add dev $swp1 ingress_block 22 clsact
88	check_err $? "Failed to create clsact with ingress block"
89
90	tc filter add block 22 protocol ip pref 1 handle 101 flower \
91		skip_sw dst_ip 192.0.2.2 \
92		action mirred egress redirect dev $swp2
93	check_err $? "Failed to add redirect rule to ingress bound block"
94
95	tc qdisc add dev $swp2 ingress_block 22 clsact
96	check_err $? "Failed to create another clsact with ingress shared block"
97
98	tc qdisc del dev $swp2 clsact
99
100	tc qdisc add dev $swp2 egress_block 22 clsact
101	check_fail $? "Incorrect success to create another clsact with egress shared block"
102
103	tc filter del block 22 protocol ip pref 1 handle 101 flower
104
105	tc qdisc add dev $swp2 egress_block 22 clsact
106	check_err $? "Failed to create another clsact with egress shared block after blocker redirect rule removed"
107
108	tc filter add block 22 protocol ip pref 1 handle 101 flower \
109		skip_sw dst_ip 192.0.2.2 \
110		action mirred egress redirect dev $swp2
111	check_fail $? "Incorrect success to add redirect rule to mixed bound block"
112
113	tc qdisc del dev $swp1 clsact
114
115	tc qdisc add dev $swp1 egress_block 22 clsact
116	check_err $? "Failed to create another clsact with egress shared block"
117
118	tc filter add block 22 protocol ip pref 1 handle 101 flower \
119		skip_sw dst_ip 192.0.2.2 \
120		action mirred egress redirect dev $swp2
121	check_fail $? "Incorrect success to add redirect rule to egress bound shared block"
122
123	tc qdisc del dev $swp2 clsact
124
125	tc filter add block 22 protocol ip pref 1 handle 101 flower \
126		skip_sw dst_ip 192.0.2.2 \
127		action mirred egress redirect dev $swp2
128	check_fail $? "Incorrect success to add redirect rule to egress bound block"
129
130	tc qdisc del dev $swp1 clsact
131
132	log_test "shared block drop"
133}
134
135multi_mirror_test()
136{
137	RET=0
138
139	# It is forbidden in mlxsw driver to have multiple mirror
140	# actions in a single rule.
141
142	tc qdisc add dev $swp1 clsact
143
144	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
145		skip_sw dst_ip 192.0.2.2 \
146		action mirred egress mirror dev $swp2
147	check_err $? "Failed to add rule with single mirror action"
148
149	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower
150
151	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
152		skip_sw dst_ip 192.0.2.2 \
153		action mirred egress mirror dev $swp2 \
154		action mirred egress mirror dev $swp1
155	check_fail $? "Incorrect success to add rule with two mirror actions"
156
157	tc qdisc del dev $swp1 clsact
158
159	log_test "multi mirror"
160}
161
162matchall_sample_egress_test()
163{
164	RET=0
165
166	# It is forbidden in mlxsw driver to have matchall with sample action
167	# bound on egress
168
169	tc qdisc add dev $swp1 clsact
170
171	tc filter add dev $swp1 ingress protocol all pref 1 handle 101 \
172		matchall skip_sw action sample rate 100 group 1
173	check_err $? "Failed to add rule with sample action on ingress"
174
175	tc filter del dev $swp1 ingress protocol all pref 1 handle 101 matchall
176
177	tc filter add dev $swp1 egress protocol all pref 1 handle 101 \
178		matchall skip_sw action sample rate 100 group 1
179	check_fail $? "Incorrect success to add rule with sample action on egress"
180
181	tc qdisc del dev $swp1 clsact
182
183	log_test "matchall sample egress"
184}
185
186matchall_behind_flower_ingress_test()
187{
188	local action=$1
189	local action_args=$2
190
191	RET=0
192
193	# On ingress, all matchall-mirror and matchall-sample
194	# rules have to be in front of the flower rules
195
196	tc qdisc add dev $swp1 clsact
197
198	tc filter add dev $swp1 ingress protocol ip pref 10 handle 101 flower \
199		skip_sw dst_ip 192.0.2.2 action drop
200
201	tc filter add dev $swp1 ingress protocol all pref 9 handle 102 \
202		matchall skip_sw action $action_args
203	check_err $? "Failed to add matchall rule in front of a flower rule"
204
205	tc filter del dev $swp1 ingress protocol all pref 9 handle 102 matchall
206
207	tc filter add dev $swp1 ingress protocol all pref 11 handle 102 \
208		matchall skip_sw action $action_args
209	check_fail $? "Incorrect success to add matchall rule behind a flower rule"
210
211	tc filter del dev $swp1 ingress protocol ip pref 10 handle 101 flower
212
213	tc filter add dev $swp1 ingress protocol all pref 9 handle 102 \
214		matchall skip_sw action $action_args
215
216	tc filter add dev $swp1 ingress protocol ip pref 10 handle 101 flower \
217		skip_sw dst_ip 192.0.2.2 action drop
218	check_err $? "Failed to add flower rule behind a matchall rule"
219
220	tc filter del dev $swp1 ingress protocol ip pref 10 handle 101 flower
221
222	tc filter add dev $swp1 ingress protocol ip pref 8 handle 101 flower \
223		skip_sw dst_ip 192.0.2.2 action drop
224	check_fail $? "Incorrect success to add flower rule in front of a matchall rule"
225
226	tc qdisc del dev $swp1 clsact
227
228	log_test "matchall $action flower ingress"
229}
230
231matchall_mirror_behind_flower_ingress_test()
232{
233	matchall_behind_flower_ingress_test "mirror" "mirred egress mirror dev $swp2"
234}
235
236matchall_sample_behind_flower_ingress_test()
237{
238	matchall_behind_flower_ingress_test "sample" "sample rate 100 group 1"
239}
240
241matchall_behind_flower_egress_test()
242{
243	local action=$1
244	local action_args=$2
245
246	RET=0
247
248	# On egress, all matchall-mirror rules have to be behind the flower rules
249
250	tc qdisc add dev $swp1 clsact
251
252	tc filter add dev $swp1 egress protocol ip pref 10 handle 101 flower \
253		skip_sw dst_ip 192.0.2.2 action drop
254
255	tc filter add dev $swp1 egress protocol all pref 11 handle 102 \
256		matchall skip_sw action $action_args
257	check_err $? "Failed to add matchall rule in front of a flower rule"
258
259	tc filter del dev $swp1 egress protocol all pref 11 handle 102 matchall
260
261	tc filter add dev $swp1 egress protocol all pref 9 handle 102 \
262		matchall skip_sw action $action_args
263	check_fail $? "Incorrect success to add matchall rule behind a flower rule"
264
265	tc filter del dev $swp1 egress protocol ip pref 10 handle 101 flower
266
267	tc filter add dev $swp1 egress protocol all pref 11 handle 102 \
268		matchall skip_sw action $action_args
269
270	tc filter add dev $swp1 egress protocol ip pref 10 handle 101 flower \
271		skip_sw dst_ip 192.0.2.2 action drop
272	check_err $? "Failed to add flower rule behind a matchall rule"
273
274	tc filter del dev $swp1 egress protocol ip pref 10 handle 101 flower
275
276	tc filter add dev $swp1 egress protocol ip pref 12 handle 101 flower \
277		skip_sw dst_ip 192.0.2.2 action drop
278	check_fail $? "Incorrect success to add flower rule in front of a matchall rule"
279
280	tc qdisc del dev $swp1 clsact
281
282	log_test "matchall $action flower egress"
283}
284
285matchall_mirror_behind_flower_egress_test()
286{
287	matchall_behind_flower_egress_test "mirror" "mirred egress mirror dev $swp2"
288}
289
290setup_prepare()
291{
292	swp1=${NETIFS[p1]}
293	swp2=${NETIFS[p2]}
294
295	vrf_prepare
296
297	switch_create
298}
299
300cleanup()
301{
302	pre_cleanup
303
304	switch_destroy
305
306	vrf_cleanup
307}
308
309check_tc_shblock_support
310
311trap cleanup EXIT
312
313setup_prepare
314setup_wait
315
316tests_run
317
318exit $EXIT_STATUS
319