1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4NUM_NETIFS=2 5source tc_common.sh 6source lib.sh 7 8tcflags="skip_hw" 9 10h1_create() 11{ 12 simple_if_init $h1 192.0.2.1/24 198.51.100.1/24 13} 14 15h1_destroy() 16{ 17 simple_if_fini $h1 192.0.2.1/24 198.51.100.1/24 18} 19 20h2_create() 21{ 22 simple_if_init $h2 192.0.2.2/24 198.51.100.2/24 23 tc qdisc add dev $h2 clsact 24} 25 26h2_destroy() 27{ 28 tc qdisc del dev $h2 clsact 29 simple_if_fini $h2 192.0.2.2/24 198.51.100.2/24 30} 31 32match_dst_mac_test() 33{ 34 local dummy_mac=de:ad:be:ef:aa:aa 35 36 RET=0 37 38 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 39 $tcflags dst_mac $dummy_mac action drop 40 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 41 $tcflags dst_mac $h2mac action drop 42 43 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 44 -t ip -q 45 46 tc_check_packets "dev $h2 ingress" 101 1 47 check_fail $? "Matched on a wrong filter" 48 49 tc_check_packets "dev $h2 ingress" 102 1 50 check_err $? "Did not match on correct filter" 51 52 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 53 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 54 55 log_test "dst_mac match ($tcflags)" 56} 57 58match_src_mac_test() 59{ 60 local dummy_mac=de:ad:be:ef:aa:aa 61 62 RET=0 63 64 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 65 $tcflags src_mac $dummy_mac action drop 66 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 67 $tcflags src_mac $h1mac action drop 68 69 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 70 -t ip -q 71 72 tc_check_packets "dev $h2 ingress" 101 1 73 check_fail $? "Matched on a wrong filter" 74 75 tc_check_packets "dev $h2 ingress" 102 1 76 check_err $? "Did not match on correct filter" 77 78 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 79 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 80 81 log_test "src_mac match ($tcflags)" 82} 83 84match_dst_ip_test() 85{ 86 RET=0 87 88 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 89 $tcflags dst_ip 198.51.100.2 action drop 90 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 91 $tcflags dst_ip 192.0.2.2 action drop 92 tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \ 93 $tcflags dst_ip 192.0.2.0/24 action drop 94 95 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 96 -t ip -q 97 98 tc_check_packets "dev $h2 ingress" 101 1 99 check_fail $? "Matched on a wrong filter" 100 101 tc_check_packets "dev $h2 ingress" 102 1 102 check_err $? "Did not match on correct filter" 103 104 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 105 106 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 107 -t ip -q 108 109 tc_check_packets "dev $h2 ingress" 103 1 110 check_err $? "Did not match on correct filter with mask" 111 112 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 113 tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower 114 115 log_test "dst_ip match ($tcflags)" 116} 117 118match_src_ip_test() 119{ 120 RET=0 121 122 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 123 $tcflags src_ip 198.51.100.1 action drop 124 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 125 $tcflags src_ip 192.0.2.1 action drop 126 tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \ 127 $tcflags src_ip 192.0.2.0/24 action drop 128 129 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 130 -t ip -q 131 132 tc_check_packets "dev $h2 ingress" 101 1 133 check_fail $? "Matched on a wrong filter" 134 135 tc_check_packets "dev $h2 ingress" 102 1 136 check_err $? "Did not match on correct filter" 137 138 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 139 140 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 141 -t ip -q 142 143 tc_check_packets "dev $h2 ingress" 103 1 144 check_err $? "Did not match on correct filter with mask" 145 146 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 147 tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower 148 149 log_test "src_ip match ($tcflags)" 150} 151 152setup_prepare() 153{ 154 h1=${NETIFS[p1]} 155 h2=${NETIFS[p2]} 156 h1mac=$(mac_get $h1) 157 h2mac=$(mac_get $h2) 158 159 vrf_prepare 160 161 h1_create 162 h2_create 163} 164 165cleanup() 166{ 167 pre_cleanup 168 169 h2_destroy 170 h1_destroy 171 172 vrf_cleanup 173} 174 175trap cleanup EXIT 176 177setup_prepare 178setup_wait 179 180match_dst_mac_test 181match_src_mac_test 182match_dst_ip_test 183match_src_ip_test 184 185tc_offload_check 186if [[ $? -ne 0 ]]; then 187 log_info "Could not test offloaded functionality" 188else 189 tcflags="skip_sw" 190 match_dst_mac_test 191 match_src_mac_test 192 match_dst_ip_test 193 match_src_ip_test 194fi 195 196exit $EXIT_STATUS 197