1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \ 5 mirred_egress_mirror_test matchall_mirred_egress_mirror_test \ 6 gact_trap_test" 7NUM_NETIFS=4 8source tc_common.sh 9source lib.sh 10 11tcflags="skip_hw" 12 13h1_create() 14{ 15 simple_if_init $h1 192.0.2.1/24 16} 17 18h1_destroy() 19{ 20 simple_if_fini $h1 192.0.2.1/24 21} 22 23h2_create() 24{ 25 simple_if_init $h2 192.0.2.2/24 26 tc qdisc add dev $h2 clsact 27} 28 29h2_destroy() 30{ 31 tc qdisc del dev $h2 clsact 32 simple_if_fini $h2 192.0.2.2/24 33} 34 35switch_create() 36{ 37 simple_if_init $swp1 192.0.2.2/24 38 tc qdisc add dev $swp1 clsact 39 40 simple_if_init $swp2 192.0.2.1/24 41} 42 43switch_destroy() 44{ 45 simple_if_fini $swp2 192.0.2.1/24 46 47 tc qdisc del dev $swp1 clsact 48 simple_if_fini $swp1 192.0.2.2/24 49} 50 51mirred_egress_test() 52{ 53 local action=$1 54 local protocol=$2 55 local classifier=$3 56 local classifier_args=$4 57 58 RET=0 59 60 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 61 $tcflags dst_ip 192.0.2.2 action drop 62 63 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 64 -t ip -q 65 66 tc_check_packets "dev $h2 ingress" 101 1 67 check_fail $? "Matched without redirect rule inserted" 68 69 tc filter add dev $swp1 ingress protocol $protocol pref 1 handle 101 \ 70 $classifier $tcflags $classifier_args \ 71 action mirred egress $action dev $swp2 72 73 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 74 -t ip -q 75 76 tc_check_packets "dev $h2 ingress" 101 1 77 check_err $? "Did not match incoming $action packet" 78 79 tc filter del dev $swp1 ingress protocol $protocol pref 1 handle 101 \ 80 $classifier 81 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 82 83 log_test "mirred egress $classifier $action ($tcflags)" 84} 85 86gact_drop_and_ok_test() 87{ 88 RET=0 89 90 tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \ 91 $tcflags dst_ip 192.0.2.2 action drop 92 93 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 94 -t ip -q 95 96 tc_check_packets "dev $swp1 ingress" 102 1 97 check_err $? "Packet was not dropped" 98 99 tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \ 100 $tcflags dst_ip 192.0.2.2 action ok 101 102 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 103 -t ip -q 104 105 tc_check_packets "dev $swp1 ingress" 101 1 106 check_err $? "Did not see passed packet" 107 108 tc_check_packets "dev $swp1 ingress" 102 2 109 check_fail $? "Packet was dropped and it should not reach here" 110 111 tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower 112 tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower 113 114 log_test "gact drop and ok ($tcflags)" 115} 116 117gact_trap_test() 118{ 119 RET=0 120 121 if [[ "$tcflags" != "skip_sw" ]]; then 122 return 0; 123 fi 124 125 tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \ 126 skip_hw dst_ip 192.0.2.2 action drop 127 tc filter add dev $swp1 ingress protocol ip pref 3 handle 103 flower \ 128 $tcflags dst_ip 192.0.2.2 action mirred egress redirect \ 129 dev $swp2 130 131 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 132 -t ip -q 133 134 tc_check_packets "dev $swp1 ingress" 101 1 135 check_fail $? "Saw packet without trap rule inserted" 136 137 tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \ 138 $tcflags dst_ip 192.0.2.2 action trap 139 140 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 141 -t ip -q 142 143 tc_check_packets "dev $swp1 ingress" 102 1 144 check_err $? "Packet was not trapped" 145 146 tc_check_packets "dev $swp1 ingress" 101 1 147 check_err $? "Did not see trapped packet" 148 149 tc filter del dev $swp1 ingress protocol ip pref 3 handle 103 flower 150 tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower 151 tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower 152 153 log_test "trap ($tcflags)" 154} 155 156setup_prepare() 157{ 158 h1=${NETIFS[p1]} 159 swp1=${NETIFS[p2]} 160 161 swp2=${NETIFS[p3]} 162 h2=${NETIFS[p4]} 163 164 h1mac=$(mac_get $h1) 165 h2mac=$(mac_get $h2) 166 167 swp1origmac=$(mac_get $swp1) 168 swp2origmac=$(mac_get $swp2) 169 ip link set $swp1 address $h2mac 170 ip link set $swp2 address $h1mac 171 172 vrf_prepare 173 174 h1_create 175 h2_create 176 switch_create 177} 178 179cleanup() 180{ 181 pre_cleanup 182 183 switch_destroy 184 h2_destroy 185 h1_destroy 186 187 vrf_cleanup 188 189 ip link set $swp2 address $swp2origmac 190 ip link set $swp1 address $swp1origmac 191} 192 193mirred_egress_redirect_test() 194{ 195 mirred_egress_test "redirect" "ip" "flower" "dst_ip 192.0.2.2" 196} 197 198mirred_egress_mirror_test() 199{ 200 mirred_egress_test "mirror" "ip" "flower" "dst_ip 192.0.2.2" 201} 202 203matchall_mirred_egress_mirror_test() 204{ 205 mirred_egress_test "mirror" "all" "matchall" "" 206} 207 208trap cleanup EXIT 209 210setup_prepare 211setup_wait 212 213tests_run 214 215tc_offload_check 216if [[ $? -ne 0 ]]; then 217 log_info "Could not test offloaded functionality" 218else 219 tcflags="skip_sw" 220 tests_run 221fi 222 223exit $EXIT_STATUS 224