1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4ALL_TESTS="match_dst_mac_test match_src_mac_test match_dst_ip_test \ 5 match_src_ip_test match_ip_flags_test" 6NUM_NETIFS=2 7source tc_common.sh 8source lib.sh 9 10tcflags="skip_hw" 11 12h1_create() 13{ 14 simple_if_init $h1 192.0.2.1/24 198.51.100.1/24 15} 16 17h1_destroy() 18{ 19 simple_if_fini $h1 192.0.2.1/24 198.51.100.1/24 20} 21 22h2_create() 23{ 24 simple_if_init $h2 192.0.2.2/24 198.51.100.2/24 25 tc qdisc add dev $h2 clsact 26} 27 28h2_destroy() 29{ 30 tc qdisc del dev $h2 clsact 31 simple_if_fini $h2 192.0.2.2/24 198.51.100.2/24 32} 33 34match_dst_mac_test() 35{ 36 local dummy_mac=de:ad:be:ef:aa:aa 37 38 RET=0 39 40 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 41 $tcflags dst_mac $dummy_mac action drop 42 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 43 $tcflags dst_mac $h2mac action drop 44 45 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 46 -t ip -q 47 48 tc_check_packets "dev $h2 ingress" 101 1 49 check_fail $? "Matched on a wrong filter" 50 51 tc_check_packets "dev $h2 ingress" 102 1 52 check_err $? "Did not match on correct filter" 53 54 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 55 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 56 57 log_test "dst_mac match ($tcflags)" 58} 59 60match_src_mac_test() 61{ 62 local dummy_mac=de:ad:be:ef:aa:aa 63 64 RET=0 65 66 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 67 $tcflags src_mac $dummy_mac action drop 68 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 69 $tcflags src_mac $h1mac action drop 70 71 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 72 -t ip -q 73 74 tc_check_packets "dev $h2 ingress" 101 1 75 check_fail $? "Matched on a wrong filter" 76 77 tc_check_packets "dev $h2 ingress" 102 1 78 check_err $? "Did not match on correct filter" 79 80 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 81 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 82 83 log_test "src_mac match ($tcflags)" 84} 85 86match_dst_ip_test() 87{ 88 RET=0 89 90 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 91 $tcflags dst_ip 198.51.100.2 action drop 92 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 93 $tcflags dst_ip 192.0.2.2 action drop 94 tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \ 95 $tcflags dst_ip 192.0.2.0/24 action drop 96 97 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 98 -t ip -q 99 100 tc_check_packets "dev $h2 ingress" 101 1 101 check_fail $? "Matched on a wrong filter" 102 103 tc_check_packets "dev $h2 ingress" 102 1 104 check_err $? "Did not match on correct filter" 105 106 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 107 108 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 109 -t ip -q 110 111 tc_check_packets "dev $h2 ingress" 103 1 112 check_err $? "Did not match on correct filter with mask" 113 114 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 115 tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower 116 117 log_test "dst_ip match ($tcflags)" 118} 119 120match_src_ip_test() 121{ 122 RET=0 123 124 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 125 $tcflags src_ip 198.51.100.1 action drop 126 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 127 $tcflags src_ip 192.0.2.1 action drop 128 tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \ 129 $tcflags src_ip 192.0.2.0/24 action drop 130 131 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 132 -t ip -q 133 134 tc_check_packets "dev $h2 ingress" 101 1 135 check_fail $? "Matched on a wrong filter" 136 137 tc_check_packets "dev $h2 ingress" 102 1 138 check_err $? "Did not match on correct filter" 139 140 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 141 142 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 143 -t ip -q 144 145 tc_check_packets "dev $h2 ingress" 103 1 146 check_err $? "Did not match on correct filter with mask" 147 148 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 149 tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower 150 151 log_test "src_ip match ($tcflags)" 152} 153 154match_ip_flags_test() 155{ 156 RET=0 157 158 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 159 $tcflags ip_flags frag action continue 160 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 161 $tcflags ip_flags firstfrag action continue 162 tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \ 163 $tcflags ip_flags nofirstfrag action continue 164 tc filter add dev $h2 ingress protocol ip pref 4 handle 104 flower \ 165 $tcflags ip_flags nofrag action drop 166 167 $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 168 -t ip "frag=0" -q 169 170 tc_check_packets "dev $h2 ingress" 101 1 171 check_fail $? "Matched on wrong frag filter (nofrag)" 172 173 tc_check_packets "dev $h2 ingress" 102 1 174 check_fail $? "Matched on wrong firstfrag filter (nofrag)" 175 176 tc_check_packets "dev $h2 ingress" 103 1 177 check_err $? "Did not match on nofirstfrag filter (nofrag) " 178 179 tc_check_packets "dev $h2 ingress" 104 1 180 check_err $? "Did not match on nofrag filter (nofrag)" 181 182 $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 183 -t ip "frag=0,mf" -q 184 185 tc_check_packets "dev $h2 ingress" 101 1 186 check_err $? "Did not match on frag filter (1stfrag)" 187 188 tc_check_packets "dev $h2 ingress" 102 1 189 check_err $? "Did not match fistfrag filter (1stfrag)" 190 191 tc_check_packets "dev $h2 ingress" 103 1 192 check_err $? "Matched on wrong nofirstfrag filter (1stfrag)" 193 194 tc_check_packets "dev $h2 ingress" 104 1 195 check_err $? "Match on wrong nofrag filter (1stfrag)" 196 197 $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 198 -t ip "frag=256,mf" -q 199 $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 200 -t ip "frag=256" -q 201 202 tc_check_packets "dev $h2 ingress" 101 3 203 check_err $? "Did not match on frag filter (no1stfrag)" 204 205 tc_check_packets "dev $h2 ingress" 102 1 206 check_err $? "Matched on wrong firstfrag filter (no1stfrag)" 207 208 tc_check_packets "dev $h2 ingress" 103 3 209 check_err $? "Did not match on nofirstfrag filter (no1stfrag)" 210 211 tc_check_packets "dev $h2 ingress" 104 1 212 check_err $? "Matched on nofrag filter (no1stfrag)" 213 214 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 215 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 216 tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower 217 tc filter del dev $h2 ingress protocol ip pref 4 handle 104 flower 218 219 log_test "ip_flags match ($tcflags)" 220} 221 222setup_prepare() 223{ 224 h1=${NETIFS[p1]} 225 h2=${NETIFS[p2]} 226 h1mac=$(mac_get $h1) 227 h2mac=$(mac_get $h2) 228 229 vrf_prepare 230 231 h1_create 232 h2_create 233} 234 235cleanup() 236{ 237 pre_cleanup 238 239 h2_destroy 240 h1_destroy 241 242 vrf_cleanup 243} 244 245trap cleanup EXIT 246 247setup_prepare 248setup_wait 249 250tests_run 251 252tc_offload_check 253if [[ $? -ne 0 ]]; then 254 log_info "Could not test offloaded functionality" 255else 256 tcflags="skip_sw" 257 tests_run 258fi 259 260exit $EXIT_STATUS 261