xref: /openbmc/linux/tools/testing/selftests/net/forwarding/tc_flower.sh (revision 2eb0f624b709e78ec8e2f4c3412947703db99301) 
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4NUM_NETIFS=2
5source tc_common.sh
6source lib.sh
7
8tcflags="skip_hw"
9
10h1_create()
11{
12	simple_if_init $h1 192.0.2.1/24 198.51.100.1/24
13}
14
15h1_destroy()
16{
17	simple_if_fini $h1 192.0.2.1/24 198.51.100.1/24
18}
19
20h2_create()
21{
22	simple_if_init $h2 192.0.2.2/24 198.51.100.2/24
23	tc qdisc add dev $h2 clsact
24}
25
26h2_destroy()
27{
28	tc qdisc del dev $h2 clsact
29	simple_if_fini $h2 192.0.2.2/24 198.51.100.2/24
30}
31
32match_dst_mac_test()
33{
34	local dummy_mac=de:ad:be:ef:aa:aa
35
36	RET=0
37
38	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
39		$tcflags dst_mac $dummy_mac action drop
40	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
41		$tcflags dst_mac $h2mac action drop
42
43	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
44		-t ip -q
45
46	tc_check_packets "dev $h2 ingress" 101 1
47	check_fail $? "Matched on a wrong filter"
48
49	tc_check_packets "dev $h2 ingress" 102 1
50	check_err $? "Did not match on correct filter"
51
52	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
53	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
54
55	log_test "dst_mac match ($tcflags)"
56}
57
58match_src_mac_test()
59{
60	local dummy_mac=de:ad:be:ef:aa:aa
61
62	RET=0
63
64	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
65		$tcflags src_mac $dummy_mac action drop
66	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
67		$tcflags src_mac $h1mac action drop
68
69	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
70		-t ip -q
71
72	tc_check_packets "dev $h2 ingress" 101 1
73	check_fail $? "Matched on a wrong filter"
74
75	tc_check_packets "dev $h2 ingress" 102 1
76	check_err $? "Did not match on correct filter"
77
78	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
79	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
80
81	log_test "src_mac match ($tcflags)"
82}
83
84match_dst_ip_test()
85{
86	RET=0
87
88	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
89		$tcflags dst_ip 198.51.100.2 action drop
90	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
91		$tcflags dst_ip 192.0.2.2 action drop
92	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
93		$tcflags dst_ip 192.0.2.0/24 action drop
94
95	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
96		-t ip -q
97
98	tc_check_packets "dev $h2 ingress" 101 1
99	check_fail $? "Matched on a wrong filter"
100
101	tc_check_packets "dev $h2 ingress" 102 1
102	check_err $? "Did not match on correct filter"
103
104	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
105
106	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
107		-t ip -q
108
109	tc_check_packets "dev $h2 ingress" 103 1
110	check_err $? "Did not match on correct filter with mask"
111
112	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
113	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
114
115	log_test "dst_ip match ($tcflags)"
116}
117
118match_src_ip_test()
119{
120	RET=0
121
122	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
123		$tcflags src_ip 198.51.100.1 action drop
124	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
125		$tcflags src_ip 192.0.2.1 action drop
126	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
127		$tcflags src_ip 192.0.2.0/24 action drop
128
129	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
130		-t ip -q
131
132	tc_check_packets "dev $h2 ingress" 101 1
133	check_fail $? "Matched on a wrong filter"
134
135	tc_check_packets "dev $h2 ingress" 102 1
136	check_err $? "Did not match on correct filter"
137
138	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
139
140	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
141		-t ip -q
142
143	tc_check_packets "dev $h2 ingress" 103 1
144	check_err $? "Did not match on correct filter with mask"
145
146	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
147	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
148
149	log_test "src_ip match ($tcflags)"
150}
151
152match_ip_flags_test()
153{
154	RET=0
155
156	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
157		$tcflags ip_flags frag action continue
158	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
159		$tcflags ip_flags firstfrag action continue
160	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
161		$tcflags ip_flags nofirstfrag action continue
162	tc filter add dev $h2 ingress protocol ip pref 4 handle 104 flower \
163		$tcflags ip_flags nofrag action drop
164
165	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
166		-t ip "frag=0" -q
167
168	tc_check_packets "dev $h2 ingress" 101 1
169	check_fail $? "Matched on wrong frag filter (nofrag)"
170
171	tc_check_packets "dev $h2 ingress" 102 1
172	check_fail $? "Matched on wrong firstfrag filter (nofrag)"
173
174	tc_check_packets "dev $h2 ingress" 103 1
175	check_err $? "Did not match on nofirstfrag filter (nofrag) "
176
177	tc_check_packets "dev $h2 ingress" 104 1
178	check_err $? "Did not match on nofrag filter (nofrag)"
179
180	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
181		-t ip "frag=0,mf" -q
182
183	tc_check_packets "dev $h2 ingress" 101 1
184	check_err $? "Did not match on frag filter (1stfrag)"
185
186	tc_check_packets "dev $h2 ingress" 102 1
187	check_err $? "Did not match fistfrag filter (1stfrag)"
188
189	tc_check_packets "dev $h2 ingress" 103 1
190	check_err $? "Matched on wrong nofirstfrag filter (1stfrag)"
191
192	tc_check_packets "dev $h2 ingress" 104 1
193	check_err $? "Match on wrong nofrag filter (1stfrag)"
194
195	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
196		-t ip "frag=256,mf" -q
197	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
198		-t ip "frag=256" -q
199
200	tc_check_packets "dev $h2 ingress" 101 3
201	check_err $? "Did not match on frag filter (no1stfrag)"
202
203	tc_check_packets "dev $h2 ingress" 102 1
204	check_err $? "Matched on wrong firstfrag filter (no1stfrag)"
205
206	tc_check_packets "dev $h2 ingress" 103 3
207	check_err $? "Did not match on nofirstfrag filter (no1stfrag)"
208
209	tc_check_packets "dev $h2 ingress" 104 1
210	check_err $? "Matched on nofrag filter (no1stfrag)"
211
212	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
213	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
214	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
215	tc filter del dev $h2 ingress protocol ip pref 4 handle 104 flower
216
217	log_test "ip_flags match ($tcflags)"
218}
219
220setup_prepare()
221{
222	h1=${NETIFS[p1]}
223	h2=${NETIFS[p2]}
224	h1mac=$(mac_get $h1)
225	h2mac=$(mac_get $h2)
226
227	vrf_prepare
228
229	h1_create
230	h2_create
231}
232
233cleanup()
234{
235	pre_cleanup
236
237	h2_destroy
238	h1_destroy
239
240	vrf_cleanup
241}
242
243trap cleanup EXIT
244
245setup_prepare
246setup_wait
247
248match_dst_mac_test
249match_src_mac_test
250match_dst_ip_test
251match_src_ip_test
252match_ip_flags_test
253
254tc_offload_check
255if [[ $? -ne 0 ]]; then
256	log_info "Could not test offloaded functionality"
257else
258	tcflags="skip_sw"
259	match_dst_mac_test
260	match_src_mac_test
261	match_dst_ip_test
262	match_src_ip_test
263	match_ip_flags_test
264fi
265
266exit $EXIT_STATUS
267