1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4NUM_NETIFS=4 5source tc_common.sh 6source lib.sh 7 8tcflags="skip_hw" 9 10h1_create() 11{ 12 simple_if_init $h1 192.0.2.1/24 13} 14 15h1_destroy() 16{ 17 simple_if_fini $h1 192.0.2.1/24 18} 19 20h2_create() 21{ 22 simple_if_init $h2 192.0.2.2/24 23 tc qdisc add dev $h2 clsact 24} 25 26h2_destroy() 27{ 28 tc qdisc del dev $h2 clsact 29 simple_if_fini $h2 192.0.2.2/24 30} 31 32switch_create() 33{ 34 simple_if_init $swp1 192.0.2.2/24 35 tc qdisc add dev $swp1 clsact 36 37 simple_if_init $swp2 192.0.2.1/24 38} 39 40switch_destroy() 41{ 42 simple_if_fini $swp2 192.0.2.1/24 43 44 tc qdisc del dev $swp1 clsact 45 simple_if_fini $swp1 192.0.2.2/24 46} 47 48mirred_egress_test() 49{ 50 local action=$1 51 52 RET=0 53 54 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 55 $tcflags dst_ip 192.0.2.2 action drop 56 57 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 58 -t ip -q 59 60 tc_check_packets "dev $h2 ingress" 101 1 61 check_fail $? "Matched without redirect rule inserted" 62 63 tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \ 64 $tcflags dst_ip 192.0.2.2 action mirred egress $action \ 65 dev $swp2 66 67 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 68 -t ip -q 69 70 tc_check_packets "dev $h2 ingress" 101 1 71 check_err $? "Did not match incoming $action packet" 72 73 tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower 74 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 75 76 log_test "mirred egress $action ($tcflags)" 77} 78 79gact_drop_and_ok_test() 80{ 81 RET=0 82 83 tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \ 84 $tcflags dst_ip 192.0.2.2 action drop 85 86 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 87 -t ip -q 88 89 tc_check_packets "dev $swp1 ingress" 102 1 90 check_err $? "Packet was not dropped" 91 92 tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \ 93 $tcflags dst_ip 192.0.2.2 action ok 94 95 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 96 -t ip -q 97 98 tc_check_packets "dev $swp1 ingress" 101 1 99 check_err $? "Did not see passed packet" 100 101 tc_check_packets "dev $swp1 ingress" 102 2 102 check_fail $? "Packet was dropped and it should not reach here" 103 104 tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower 105 tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower 106 107 log_test "gact drop and ok ($tcflags)" 108} 109 110gact_trap_test() 111{ 112 RET=0 113 114 tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \ 115 skip_hw dst_ip 192.0.2.2 action drop 116 tc filter add dev $swp1 ingress protocol ip pref 3 handle 103 flower \ 117 $tcflags dst_ip 192.0.2.2 action mirred egress redirect \ 118 dev $swp2 119 120 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 121 -t ip -q 122 123 tc_check_packets "dev $swp1 ingress" 101 1 124 check_fail $? "Saw packet without trap rule inserted" 125 126 tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \ 127 $tcflags dst_ip 192.0.2.2 action trap 128 129 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 130 -t ip -q 131 132 tc_check_packets "dev $swp1 ingress" 102 1 133 check_err $? "Packet was not trapped" 134 135 tc_check_packets "dev $swp1 ingress" 101 1 136 check_err $? "Did not see trapped packet" 137 138 tc filter del dev $swp1 ingress protocol ip pref 3 handle 103 flower 139 tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower 140 tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower 141 142 log_test "trap ($tcflags)" 143} 144 145setup_prepare() 146{ 147 h1=${NETIFS[p1]} 148 swp1=${NETIFS[p2]} 149 150 swp2=${NETIFS[p3]} 151 h2=${NETIFS[p4]} 152 153 h1mac=$(mac_get $h1) 154 h2mac=$(mac_get $h2) 155 156 swp1origmac=$(mac_get $swp1) 157 swp2origmac=$(mac_get $swp2) 158 ip link set $swp1 address $h2mac 159 ip link set $swp2 address $h1mac 160 161 vrf_prepare 162 163 h1_create 164 h2_create 165 switch_create 166} 167 168cleanup() 169{ 170 pre_cleanup 171 172 switch_destroy 173 h2_destroy 174 h1_destroy 175 176 vrf_cleanup 177 178 ip link set $swp2 address $swp2origmac 179 ip link set $swp1 address $swp1origmac 180} 181 182trap cleanup EXIT 183 184setup_prepare 185setup_wait 186 187gact_drop_and_ok_test 188mirred_egress_test "redirect" 189mirred_egress_test "mirror" 190 191tc_offload_check 192if [[ $? -ne 0 ]]; then 193 log_info "Could not test offloaded functionality" 194else 195 tcflags="skip_sw" 196 gact_drop_and_ok_test 197 mirred_egress_test "redirect" 198 mirred_egress_test "mirror" 199 gact_trap_test 200fi 201 202exit $EXIT_STATUS 203