xref: /openbmc/linux/tools/testing/selftests/net/forwarding/tc_flower.sh (revision 4f727ecefefbd180de10e25b3e74c03dce3f1e75) 
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4ALL_TESTS="match_dst_mac_test match_src_mac_test match_dst_ip_test \
5	match_src_ip_test match_ip_flags_test match_pcp_test match_vlan_test"
6NUM_NETIFS=2
7source tc_common.sh
8source lib.sh
9
10tcflags="skip_hw"
11
12h1_create()
13{
14	simple_if_init $h1 192.0.2.1/24 198.51.100.1/24
15}
16
17h1_destroy()
18{
19	simple_if_fini $h1 192.0.2.1/24 198.51.100.1/24
20}
21
22h2_create()
23{
24	simple_if_init $h2 192.0.2.2/24 198.51.100.2/24
25	tc qdisc add dev $h2 clsact
26}
27
28h2_destroy()
29{
30	tc qdisc del dev $h2 clsact
31	simple_if_fini $h2 192.0.2.2/24 198.51.100.2/24
32}
33
34match_dst_mac_test()
35{
36	local dummy_mac=de:ad:be:ef:aa:aa
37
38	RET=0
39
40	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
41		$tcflags dst_mac $dummy_mac action drop
42	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
43		$tcflags dst_mac $h2mac action drop
44
45	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
46		-t ip -q
47
48	tc_check_packets "dev $h2 ingress" 101 1
49	check_fail $? "Matched on a wrong filter"
50
51	tc_check_packets "dev $h2 ingress" 102 1
52	check_err $? "Did not match on correct filter"
53
54	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
55	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
56
57	log_test "dst_mac match ($tcflags)"
58}
59
60match_src_mac_test()
61{
62	local dummy_mac=de:ad:be:ef:aa:aa
63
64	RET=0
65
66	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
67		$tcflags src_mac $dummy_mac action drop
68	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
69		$tcflags src_mac $h1mac action drop
70
71	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
72		-t ip -q
73
74	tc_check_packets "dev $h2 ingress" 101 1
75	check_fail $? "Matched on a wrong filter"
76
77	tc_check_packets "dev $h2 ingress" 102 1
78	check_err $? "Did not match on correct filter"
79
80	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
81	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
82
83	log_test "src_mac match ($tcflags)"
84}
85
86match_dst_ip_test()
87{
88	RET=0
89
90	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
91		$tcflags dst_ip 198.51.100.2 action drop
92	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
93		$tcflags dst_ip 192.0.2.2 action drop
94	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
95		$tcflags dst_ip 192.0.2.0/24 action drop
96
97	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
98		-t ip -q
99
100	tc_check_packets "dev $h2 ingress" 101 1
101	check_fail $? "Matched on a wrong filter"
102
103	tc_check_packets "dev $h2 ingress" 102 1
104	check_err $? "Did not match on correct filter"
105
106	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
107
108	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
109		-t ip -q
110
111	tc_check_packets "dev $h2 ingress" 103 1
112	check_err $? "Did not match on correct filter with mask"
113
114	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
115	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
116
117	log_test "dst_ip match ($tcflags)"
118}
119
120match_src_ip_test()
121{
122	RET=0
123
124	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
125		$tcflags src_ip 198.51.100.1 action drop
126	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
127		$tcflags src_ip 192.0.2.1 action drop
128	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
129		$tcflags src_ip 192.0.2.0/24 action drop
130
131	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
132		-t ip -q
133
134	tc_check_packets "dev $h2 ingress" 101 1
135	check_fail $? "Matched on a wrong filter"
136
137	tc_check_packets "dev $h2 ingress" 102 1
138	check_err $? "Did not match on correct filter"
139
140	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
141
142	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
143		-t ip -q
144
145	tc_check_packets "dev $h2 ingress" 103 1
146	check_err $? "Did not match on correct filter with mask"
147
148	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
149	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
150
151	log_test "src_ip match ($tcflags)"
152}
153
154match_ip_flags_test()
155{
156	RET=0
157
158	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
159		$tcflags ip_flags frag action continue
160	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
161		$tcflags ip_flags firstfrag action continue
162	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
163		$tcflags ip_flags nofirstfrag action continue
164	tc filter add dev $h2 ingress protocol ip pref 4 handle 104 flower \
165		$tcflags ip_flags nofrag action drop
166
167	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
168		-t ip "frag=0" -q
169
170	tc_check_packets "dev $h2 ingress" 101 1
171	check_fail $? "Matched on wrong frag filter (nofrag)"
172
173	tc_check_packets "dev $h2 ingress" 102 1
174	check_fail $? "Matched on wrong firstfrag filter (nofrag)"
175
176	tc_check_packets "dev $h2 ingress" 103 1
177	check_err $? "Did not match on nofirstfrag filter (nofrag) "
178
179	tc_check_packets "dev $h2 ingress" 104 1
180	check_err $? "Did not match on nofrag filter (nofrag)"
181
182	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
183		-t ip "frag=0,mf" -q
184
185	tc_check_packets "dev $h2 ingress" 101 1
186	check_err $? "Did not match on frag filter (1stfrag)"
187
188	tc_check_packets "dev $h2 ingress" 102 1
189	check_err $? "Did not match fistfrag filter (1stfrag)"
190
191	tc_check_packets "dev $h2 ingress" 103 1
192	check_err $? "Matched on wrong nofirstfrag filter (1stfrag)"
193
194	tc_check_packets "dev $h2 ingress" 104 1
195	check_err $? "Match on wrong nofrag filter (1stfrag)"
196
197	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
198		-t ip "frag=256,mf" -q
199	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
200		-t ip "frag=256" -q
201
202	tc_check_packets "dev $h2 ingress" 101 3
203	check_err $? "Did not match on frag filter (no1stfrag)"
204
205	tc_check_packets "dev $h2 ingress" 102 1
206	check_err $? "Matched on wrong firstfrag filter (no1stfrag)"
207
208	tc_check_packets "dev $h2 ingress" 103 3
209	check_err $? "Did not match on nofirstfrag filter (no1stfrag)"
210
211	tc_check_packets "dev $h2 ingress" 104 1
212	check_err $? "Matched on nofrag filter (no1stfrag)"
213
214	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
215	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
216	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
217	tc filter del dev $h2 ingress protocol ip pref 4 handle 104 flower
218
219	log_test "ip_flags match ($tcflags)"
220}
221
222match_pcp_test()
223{
224	RET=0
225
226	vlan_create $h2 85 v$h2 192.0.2.11/24
227
228	tc filter add dev $h2 ingress protocol 802.1q pref 1 handle 101 \
229		flower vlan_prio 6 $tcflags dst_mac $h2mac action drop
230	tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \
231		flower vlan_prio 7 $tcflags dst_mac $h2mac action drop
232
233	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 7:85 -t ip -q
234	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q
235
236	tc_check_packets "dev $h2 ingress" 101 0
237	check_err $? "Matched on specified PCP when should not"
238
239	tc_check_packets "dev $h2 ingress" 102 1
240	check_err $? "Did not match on specified PCP"
241
242	tc filter del dev $h2 ingress protocol 802.1q pref 2 handle 102 flower
243	tc filter del dev $h2 ingress protocol 802.1q pref 1 handle 101 flower
244
245	vlan_destroy $h2 85
246
247	log_test "PCP match ($tcflags)"
248}
249
250match_vlan_test()
251{
252	RET=0
253
254	vlan_create $h2 85 v$h2 192.0.2.11/24
255	vlan_create $h2 75 v$h2 192.0.2.10/24
256
257	tc filter add dev $h2 ingress protocol 802.1q pref 1 handle 101 \
258		flower vlan_id 75 $tcflags action drop
259	tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \
260		flower vlan_id 85 $tcflags action drop
261
262	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q
263
264	tc_check_packets "dev $h2 ingress" 101 0
265	check_err $? "Matched on specified VLAN when should not"
266
267	tc_check_packets "dev $h2 ingress" 102 1
268	check_err $? "Did not match on specified VLAN"
269
270	tc filter del dev $h2 ingress protocol 802.1q pref 2 handle 102 flower
271	tc filter del dev $h2 ingress protocol 802.1q pref 1 handle 101 flower
272
273	vlan_destroy $h2 75
274	vlan_destroy $h2 85
275
276	log_test "VLAN match ($tcflags)"
277}
278
279setup_prepare()
280{
281	h1=${NETIFS[p1]}
282	h2=${NETIFS[p2]}
283	h1mac=$(mac_get $h1)
284	h2mac=$(mac_get $h2)
285
286	vrf_prepare
287
288	h1_create
289	h2_create
290}
291
292cleanup()
293{
294	pre_cleanup
295
296	h2_destroy
297	h1_destroy
298
299	vrf_cleanup
300}
301
302trap cleanup EXIT
303
304setup_prepare
305setup_wait
306
307tests_run
308
309tc_offload_check
310if [[ $? -ne 0 ]]; then
311	log_info "Could not test offloaded functionality"
312else
313	tcflags="skip_sw"
314	tests_run
315fi
316
317exit $EXIT_STATUS
318