Commit | Line | Data |
---|---|---|
bc13af29 JP |
1 | #!/bin/bash |
2 | # SPDX-License-Identifier: GPL-2.0 | |
3 | ||
0eb8053c | 4 | ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \ |
075c8aa7 | 5 | mirred_egress_mirror_test matchall_mirred_egress_mirror_test \ |
ca22da2f DC |
6 | gact_trap_test mirred_egress_to_ingress_test \ |
7 | mirred_egress_to_ingress_tcp_test" | |
bc13af29 | 8 | NUM_NETIFS=4 |
bc13af29 | 9 | source tc_common.sh |
198979be | 10 | source lib.sh |
bc13af29 | 11 | |
5e867061 IS |
12 | require_command ncat |
13 | ||
bc13af29 JP |
14 | tcflags="skip_hw" |
15 | ||
16 | h1_create() | |
17 | { | |
18 | simple_if_init $h1 192.0.2.1/24 | |
1d127eff | 19 | tc qdisc add dev $h1 clsact |
bc13af29 JP |
20 | } |
21 | ||
22 | h1_destroy() | |
23 | { | |
1d127eff | 24 | tc qdisc del dev $h1 clsact |
bc13af29 JP |
25 | simple_if_fini $h1 192.0.2.1/24 |
26 | } | |
27 | ||
28 | h2_create() | |
29 | { | |
30 | simple_if_init $h2 192.0.2.2/24 | |
31 | tc qdisc add dev $h2 clsact | |
32 | } | |
33 | ||
34 | h2_destroy() | |
35 | { | |
36 | tc qdisc del dev $h2 clsact | |
37 | simple_if_fini $h2 192.0.2.2/24 | |
38 | } | |
39 | ||
40 | switch_create() | |
41 | { | |
42 | simple_if_init $swp1 192.0.2.2/24 | |
43 | tc qdisc add dev $swp1 clsact | |
44 | ||
45 | simple_if_init $swp2 192.0.2.1/24 | |
46 | } | |
47 | ||
48 | switch_destroy() | |
49 | { | |
50 | simple_if_fini $swp2 192.0.2.1/24 | |
51 | ||
52 | tc qdisc del dev $swp1 clsact | |
53 | simple_if_fini $swp1 192.0.2.2/24 | |
54 | } | |
55 | ||
200066a5 | 56 | mirred_egress_test() |
bc13af29 | 57 | { |
200066a5 | 58 | local action=$1 |
075c8aa7 JP |
59 | local protocol=$2 |
60 | local classifier=$3 | |
61 | local classifier_args=$4 | |
200066a5 | 62 | |
bc13af29 JP |
63 | RET=0 |
64 | ||
65 | tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ | |
b57c7e8b | 66 | dst_ip 192.0.2.2 action drop |
bc13af29 JP |
67 | |
68 | $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ | |
69 | -t ip -q | |
70 | ||
71 | tc_check_packets "dev $h2 ingress" 101 1 | |
72 | check_fail $? "Matched without redirect rule inserted" | |
73 | ||
075c8aa7 JP |
74 | tc filter add dev $swp1 ingress protocol $protocol pref 1 handle 101 \ |
75 | $classifier $tcflags $classifier_args \ | |
76 | action mirred egress $action dev $swp2 | |
bc13af29 JP |
77 | |
78 | $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ | |
79 | -t ip -q | |
80 | ||
81 | tc_check_packets "dev $h2 ingress" 101 1 | |
200066a5 | 82 | check_err $? "Did not match incoming $action packet" |
bc13af29 | 83 | |
075c8aa7 JP |
84 | tc filter del dev $swp1 ingress protocol $protocol pref 1 handle 101 \ |
85 | $classifier | |
bc13af29 JP |
86 | tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower |
87 | ||
075c8aa7 | 88 | log_test "mirred egress $classifier $action ($tcflags)" |
bc13af29 JP |
89 | } |
90 | ||
91 | gact_drop_and_ok_test() | |
92 | { | |
93 | RET=0 | |
94 | ||
95 | tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \ | |
dff58a09 | 96 | $tcflags dst_ip 192.0.2.2 action drop |
bc13af29 JP |
97 | |
98 | $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ | |
99 | -t ip -q | |
100 | ||
101 | tc_check_packets "dev $swp1 ingress" 102 1 | |
102 | check_err $? "Packet was not dropped" | |
103 | ||
104 | tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \ | |
105 | $tcflags dst_ip 192.0.2.2 action ok | |
106 | ||
107 | $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ | |
108 | -t ip -q | |
109 | ||
110 | tc_check_packets "dev $swp1 ingress" 101 1 | |
0c17db05 JP |
111 | check_err $? "Did not see passed packet" |
112 | ||
113 | tc_check_packets "dev $swp1 ingress" 102 2 | |
114 | check_fail $? "Packet was dropped and it should not reach here" | |
bc13af29 JP |
115 | |
116 | tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower | |
117 | tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower | |
118 | ||
119 | log_test "gact drop and ok ($tcflags)" | |
120 | } | |
121 | ||
122 | gact_trap_test() | |
123 | { | |
124 | RET=0 | |
125 | ||
0eb8053c IS |
126 | if [[ "$tcflags" != "skip_sw" ]]; then |
127 | return 0; | |
128 | fi | |
129 | ||
bc13af29 JP |
130 | tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \ |
131 | skip_hw dst_ip 192.0.2.2 action drop | |
132 | tc filter add dev $swp1 ingress protocol ip pref 3 handle 103 flower \ | |
133 | $tcflags dst_ip 192.0.2.2 action mirred egress redirect \ | |
134 | dev $swp2 | |
135 | ||
136 | $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ | |
137 | -t ip -q | |
138 | ||
139 | tc_check_packets "dev $swp1 ingress" 101 1 | |
140 | check_fail $? "Saw packet without trap rule inserted" | |
141 | ||
142 | tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \ | |
143 | $tcflags dst_ip 192.0.2.2 action trap | |
144 | ||
145 | $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ | |
146 | -t ip -q | |
147 | ||
148 | tc_check_packets "dev $swp1 ingress" 102 1 | |
149 | check_err $? "Packet was not trapped" | |
150 | ||
151 | tc_check_packets "dev $swp1 ingress" 101 1 | |
152 | check_err $? "Did not see trapped packet" | |
153 | ||
154 | tc filter del dev $swp1 ingress protocol ip pref 3 handle 103 flower | |
155 | tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower | |
156 | tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower | |
157 | ||
158 | log_test "trap ($tcflags)" | |
159 | } | |
160 | ||
1d127eff DC |
161 | mirred_egress_to_ingress_test() |
162 | { | |
163 | RET=0 | |
164 | ||
165 | tc filter add dev $h1 protocol ip pref 100 handle 100 egress flower \ | |
166 | ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 8 action \ | |
167 | ct commit nat src addr 192.0.2.2 pipe \ | |
168 | ct clear pipe \ | |
169 | ct commit nat dst addr 192.0.2.1 pipe \ | |
170 | mirred ingress redirect dev $h1 | |
171 | ||
172 | tc filter add dev $swp1 protocol ip pref 11 handle 111 ingress flower \ | |
173 | ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 8 action drop | |
174 | tc filter add dev $swp1 protocol ip pref 12 handle 112 ingress flower \ | |
175 | ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 0 action pass | |
176 | ||
177 | $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ | |
178 | -t icmp "ping,id=42,seq=10" -q | |
179 | ||
180 | tc_check_packets "dev $h1 egress" 100 1 | |
181 | check_err $? "didn't mirror first packet" | |
182 | ||
183 | tc_check_packets "dev $swp1 ingress" 111 1 | |
184 | check_fail $? "didn't redirect first packet" | |
185 | tc_check_packets "dev $swp1 ingress" 112 1 | |
186 | check_err $? "didn't receive reply to first packet" | |
187 | ||
188 | ping 192.0.2.2 -I$h1 -c1 -w1 -q 1>/dev/null 2>&1 | |
189 | ||
190 | tc_check_packets "dev $h1 egress" 100 2 | |
191 | check_err $? "didn't mirror second packet" | |
192 | tc_check_packets "dev $swp1 ingress" 111 1 | |
193 | check_fail $? "didn't redirect second packet" | |
194 | tc_check_packets "dev $swp1 ingress" 112 2 | |
195 | check_err $? "didn't receive reply to second packet" | |
196 | ||
197 | tc filter del dev $h1 egress protocol ip pref 100 handle 100 flower | |
198 | tc filter del dev $swp1 ingress protocol ip pref 11 handle 111 flower | |
199 | tc filter del dev $swp1 ingress protocol ip pref 12 handle 112 flower | |
200 | ||
201 | log_test "mirred_egress_to_ingress ($tcflags)" | |
202 | } | |
203 | ||
ca22da2f DC |
204 | mirred_egress_to_ingress_tcp_test() |
205 | { | |
f5853171 | 206 | mirred_e2i_tf1=$(mktemp) mirred_e2i_tf2=$(mktemp) |
ca22da2f DC |
207 | |
208 | RET=0 | |
f5853171 | 209 | dd conv=sparse status=none if=/dev/zero bs=1M count=2 of=$mirred_e2i_tf1 |
ca22da2f DC |
210 | tc filter add dev $h1 protocol ip pref 100 handle 100 egress flower \ |
211 | $tcflags ip_proto tcp src_ip 192.0.2.1 dst_ip 192.0.2.2 \ | |
212 | action ct commit nat src addr 192.0.2.2 pipe \ | |
213 | action ct clear pipe \ | |
214 | action ct commit nat dst addr 192.0.2.1 pipe \ | |
215 | action ct clear pipe \ | |
216 | action skbedit ptype host pipe \ | |
217 | action mirred ingress redirect dev $h1 | |
218 | tc filter add dev $h1 protocol ip pref 101 handle 101 egress flower \ | |
219 | $tcflags ip_proto icmp \ | |
220 | action mirred ingress redirect dev $h1 | |
221 | tc filter add dev $h1 protocol ip pref 102 handle 102 ingress flower \ | |
222 | ip_proto icmp \ | |
223 | action drop | |
224 | ||
5e867061 | 225 | ip vrf exec v$h1 ncat --recv-only -w10 -l -p 12345 -o $mirred_e2i_tf2 & |
ca22da2f | 226 | local rpid=$! |
5e867061 | 227 | ip vrf exec v$h1 ncat -w1 --send-only 192.0.2.2 12345 <$mirred_e2i_tf1 |
ca22da2f | 228 | wait -n $rpid |
f5853171 | 229 | cmp -s $mirred_e2i_tf1 $mirred_e2i_tf2 |
ca22da2f DC |
230 | check_err $? "server output check failed" |
231 | ||
232 | $MZ $h1 -c 10 -p 64 -a $h1mac -b $h1mac -A 192.0.2.1 -B 192.0.2.1 \ | |
233 | -t icmp "ping,id=42,seq=5" -q | |
234 | tc_check_packets "dev $h1 egress" 101 10 | |
235 | check_err $? "didn't mirred redirect ICMP" | |
236 | tc_check_packets "dev $h1 ingress" 102 10 | |
237 | check_err $? "didn't drop mirred ICMP" | |
ca22da2f DC |
238 | |
239 | tc filter del dev $h1 egress protocol ip pref 100 handle 100 flower | |
240 | tc filter del dev $h1 egress protocol ip pref 101 handle 101 flower | |
241 | tc filter del dev $h1 ingress protocol ip pref 102 handle 102 flower | |
242 | ||
f5853171 | 243 | rm -f $mirred_e2i_tf1 $mirred_e2i_tf2 |
ca22da2f DC |
244 | log_test "mirred_egress_to_ingress_tcp ($tcflags)" |
245 | } | |
246 | ||
bc13af29 JP |
247 | setup_prepare() |
248 | { | |
249 | h1=${NETIFS[p1]} | |
250 | swp1=${NETIFS[p2]} | |
251 | ||
252 | swp2=${NETIFS[p3]} | |
253 | h2=${NETIFS[p4]} | |
254 | ||
255 | h1mac=$(mac_get $h1) | |
256 | h2mac=$(mac_get $h2) | |
257 | ||
258 | swp1origmac=$(mac_get $swp1) | |
259 | swp2origmac=$(mac_get $swp2) | |
260 | ip link set $swp1 address $h2mac | |
261 | ip link set $swp2 address $h1mac | |
262 | ||
263 | vrf_prepare | |
264 | ||
265 | h1_create | |
266 | h2_create | |
267 | switch_create | |
268 | } | |
269 | ||
270 | cleanup() | |
271 | { | |
f5853171 DC |
272 | local tf |
273 | ||
bc13af29 JP |
274 | pre_cleanup |
275 | ||
276 | switch_destroy | |
277 | h2_destroy | |
278 | h1_destroy | |
279 | ||
280 | vrf_cleanup | |
281 | ||
282 | ip link set $swp2 address $swp2origmac | |
283 | ip link set $swp1 address $swp1origmac | |
f5853171 DC |
284 | |
285 | for tf in $mirred_e2i_tf1 $mirred_e2i_tf2; do rm -f $tf; done | |
bc13af29 JP |
286 | } |
287 | ||
0eb8053c IS |
288 | mirred_egress_redirect_test() |
289 | { | |
075c8aa7 | 290 | mirred_egress_test "redirect" "ip" "flower" "dst_ip 192.0.2.2" |
0eb8053c IS |
291 | } |
292 | ||
293 | mirred_egress_mirror_test() | |
294 | { | |
075c8aa7 JP |
295 | mirred_egress_test "mirror" "ip" "flower" "dst_ip 192.0.2.2" |
296 | } | |
297 | ||
298 | matchall_mirred_egress_mirror_test() | |
299 | { | |
300 | mirred_egress_test "mirror" "all" "matchall" "" | |
0eb8053c IS |
301 | } |
302 | ||
bc13af29 JP |
303 | trap cleanup EXIT |
304 | ||
305 | setup_prepare | |
306 | setup_wait | |
307 | ||
0eb8053c | 308 | tests_run |
bc13af29 JP |
309 | |
310 | tc_offload_check | |
311 | if [[ $? -ne 0 ]]; then | |
312 | log_info "Could not test offloaded functionality" | |
313 | else | |
314 | tcflags="skip_sw" | |
0eb8053c | 315 | tests_run |
bc13af29 JP |
316 | fi |
317 | ||
318 | exit $EXIT_STATUS |