[linux-2.6-block.git] / tools / testing / selftests / net / forwarding / tc_actions.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0

ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \
	mirred_egress_mirror_test matchall_mirred_egress_mirror_test \
	gact_trap_test"
NUM_NETIFS=4
source tc_common.sh
source lib.sh

tcflags="skip_hw"

h1_create()
{
	simple_if_init $h1 192.0.2.1/24
}

h1_destroy()
{
	simple_if_fini $h1 192.0.2.1/24
}

h2_create()
{
	simple_if_init $h2 192.0.2.2/24
	tc qdisc add dev $h2 clsact
}

h2_destroy()
{
	tc qdisc del dev $h2 clsact
	simple_if_fini $h2 192.0.2.2/24
}

switch_create()
{
	simple_if_init $swp1 192.0.2.2/24
	tc qdisc add dev $swp1 clsact

	simple_if_init $swp2 192.0.2.1/24
}

switch_destroy()
{
	simple_if_fini $swp2 192.0.2.1/24

	tc qdisc del dev $swp1 clsact
	simple_if_fini $swp1 192.0.2.2/24
}

mirred_egress_test()
{
	local action=$1
	local protocol=$2
	local classifier=$3
	local classifier_args=$4

	RET=0

	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
		$tcflags dst_ip 192.0.2.2 action drop

	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
		-t ip -q

	tc_check_packets "dev $h2 ingress" 101 1
	check_fail $? "Matched without redirect rule inserted"

	tc filter add dev $swp1 ingress protocol $protocol pref 1 handle 101 \
		$classifier $tcflags $classifier_args \
		action mirred egress $action dev $swp2

	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
		-t ip -q

	tc_check_packets "dev $h2 ingress" 101 1
	check_err $? "Did not match incoming $action packet"

	tc filter del dev $swp1 ingress protocol $protocol pref 1 handle 101 \
		$classifier
	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower

	log_test "mirred egress $classifier $action ($tcflags)"
}

gact_drop_and_ok_test()
{
	RET=0

	tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
		$tcflags dst_ip 192.0.2.2 action drop

	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
		-t ip -q

	tc_check_packets "dev $swp1 ingress" 102 1
	check_err $? "Packet was not dropped"

	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
		$tcflags dst_ip 192.0.2.2 action ok

	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
		-t ip -q

	tc_check_packets "dev $swp1 ingress" 101 1
	check_err $? "Did not see passed packet"

	tc_check_packets "dev $swp1 ingress" 102 2
	check_fail $? "Packet was dropped and it should not reach here"

	tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower
	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower

	log_test "gact drop and ok ($tcflags)"
}

gact_trap_test()
{
	RET=0

	if [[ "$tcflags" != "skip_sw" ]]; then
		return 0;
	fi

	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
		skip_hw dst_ip 192.0.2.2 action drop
	tc filter add dev $swp1 ingress protocol ip pref 3 handle 103 flower \
		$tcflags dst_ip 192.0.2.2 action mirred egress redirect \
		dev $swp2

	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
		-t ip -q

	tc_check_packets "dev $swp1 ingress" 101 1
	check_fail $? "Saw packet without trap rule inserted"

	tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
		$tcflags dst_ip 192.0.2.2 action trap

	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
		-t ip -q

	tc_check_packets "dev $swp1 ingress" 102 1
	check_err $? "Packet was not trapped"

	tc_check_packets "dev $swp1 ingress" 101 1
	check_err $? "Did not see trapped packet"

	tc filter del dev $swp1 ingress protocol ip pref 3 handle 103 flower
	tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower
	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower

	log_test "trap ($tcflags)"
}

setup_prepare()
{
	h1=${NETIFS[p1]}
	swp1=${NETIFS[p2]}

	swp2=${NETIFS[p3]}
	h2=${NETIFS[p4]}

	h1mac=$(mac_get $h1)
	h2mac=$(mac_get $h2)

	swp1origmac=$(mac_get $swp1)
	swp2origmac=$(mac_get $swp2)
	ip link set $swp1 address $h2mac
	ip link set $swp2 address $h1mac

	vrf_prepare

	h1_create
	h2_create
	switch_create
}

cleanup()
{
	pre_cleanup

	switch_destroy
	h2_destroy
	h1_destroy

	vrf_cleanup

	ip link set $swp2 address $swp2origmac
	ip link set $swp1 address $swp1origmac
}

mirred_egress_redirect_test()
{
	mirred_egress_test "redirect" "ip" "flower" "dst_ip 192.0.2.2"
}

mirred_egress_mirror_test()
{
	mirred_egress_test "mirror" "ip" "flower" "dst_ip 192.0.2.2"
}

matchall_mirred_egress_mirror_test()
{
	mirred_egress_test "mirror" "all" "matchall" ""
}

trap cleanup EXIT

setup_prepare
setup_wait

tests_run

tc_offload_check
if [[ $? -ne 0 ]]; then
	log_info "Could not test offloaded functionality"
else
	tcflags="skip_sw"
	tests_run
fi

exit $EXIT_STATUS
Commit	Line	Data
bc13af29 JP	1	#!/bin/bash
	2	# SPDX-License-Identifier: GPL-2.0
	3
0eb8053c	4	ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \
075c8aa7 JP	5	mirred_egress_mirror_test matchall_mirred_egress_mirror_test \
075c8aa7 JP	6	gact_trap_test"
bc13af29	7	NUM_NETIFS=4
bc13af29	8	source tc_common.sh
198979be	9	source lib.sh
bc13af29 JP	10
	11	tcflags="skip_hw"
	12
	13	h1_create()
	14	{
	15	simple_if_init $h1 192.0.2.1/24
	16	}
	17
	18	h1_destroy()
	19	{
	20	simple_if_fini $h1 192.0.2.1/24
	21	}
	22
	23	h2_create()
	24	{
	25	simple_if_init $h2 192.0.2.2/24
	26	tc qdisc add dev $h2 clsact
	27	}
	28
	29	h2_destroy()
	30	{
	31	tc qdisc del dev $h2 clsact
	32	simple_if_fini $h2 192.0.2.2/24
	33	}
	34
	35	switch_create()
	36	{
	37	simple_if_init $swp1 192.0.2.2/24
	38	tc qdisc add dev $swp1 clsact
	39
	40	simple_if_init $swp2 192.0.2.1/24
	41	}
	42
	43	switch_destroy()
	44	{
	45	simple_if_fini $swp2 192.0.2.1/24
	46
	47	tc qdisc del dev $swp1 clsact
	48	simple_if_fini $swp1 192.0.2.2/24
	49	}
	50
200066a5	51	mirred_egress_test()
bc13af29	52	{
200066a5	53	local action=$1
075c8aa7 JP	54	local protocol=$2
	55	local classifier=$3
	56	local classifier_args=$4
200066a5	57
bc13af29 JP	58	RET=0
	59
	60	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
	61	$tcflags dst_ip 192.0.2.2 action drop
	62
	63	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
	64	-t ip -q
	65
	66	tc_check_packets "dev $h2 ingress" 101 1
	67	check_fail $? "Matched without redirect rule inserted"
	68
075c8aa7 JP	69	tc filter add dev $swp1 ingress protocol $protocol pref 1 handle 101 \
	70	$classifier $tcflags $classifier_args \
	71	action mirred egress $action dev $swp2
bc13af29 JP	72
	73	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
	74	-t ip -q
	75
	76	tc_check_packets "dev $h2 ingress" 101 1
200066a5	77	check_err $? "Did not match incoming $action packet"
bc13af29	78
075c8aa7 JP	79	tc filter del dev $swp1 ingress protocol $protocol pref 1 handle 101 \
075c8aa7 JP	80	$classifier
bc13af29 JP	81	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
bc13af29 JP	82
075c8aa7	83	log_test "mirred egress $classifier $action ($tcflags)"
bc13af29 JP	84	}
	85
	86	gact_drop_and_ok_test()
	87	{
	88	RET=0
	89
	90	tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
dff58a09	91	$tcflags dst_ip 192.0.2.2 action drop
bc13af29 JP	92
	93	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
	94	-t ip -q
	95
	96	tc_check_packets "dev $swp1 ingress" 102 1
	97	check_err $? "Packet was not dropped"
	98
	99	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
	100	$tcflags dst_ip 192.0.2.2 action ok
	101
	102	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
	103	-t ip -q
	104
	105	tc_check_packets "dev $swp1 ingress" 101 1
0c17db05 JP	106	check_err $? "Did not see passed packet"
	107
	108	tc_check_packets "dev $swp1 ingress" 102 2
	109	check_fail $? "Packet was dropped and it should not reach here"
bc13af29 JP	110
	111	tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower
	112	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower
	113
	114	log_test "gact drop and ok ($tcflags)"
	115	}
	116
	117	gact_trap_test()
	118	{
	119	RET=0
	120
0eb8053c IS	121	if [[ "$tcflags" != "skip_sw" ]]; then
	122	return 0;
	123	fi
	124
bc13af29 JP	125	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
	126	skip_hw dst_ip 192.0.2.2 action drop
	127	tc filter add dev $swp1 ingress protocol ip pref 3 handle 103 flower \
	128	$tcflags dst_ip 192.0.2.2 action mirred egress redirect \
	129	dev $swp2
	130
	131	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
	132	-t ip -q
	133
	134	tc_check_packets "dev $swp1 ingress" 101 1
	135	check_fail $? "Saw packet without trap rule inserted"
	136
	137	tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
	138	$tcflags dst_ip 192.0.2.2 action trap
	139
	140	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
	141	-t ip -q
	142
	143	tc_check_packets "dev $swp1 ingress" 102 1
	144	check_err $? "Packet was not trapped"
	145
	146	tc_check_packets "dev $swp1 ingress" 101 1
	147	check_err $? "Did not see trapped packet"
	148
	149	tc filter del dev $swp1 ingress protocol ip pref 3 handle 103 flower
	150	tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower
	151	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower
	152
	153	log_test "trap ($tcflags)"
	154	}
	155
	156	setup_prepare()
	157	{
	158	h1=${NETIFS[p1]}
	159	swp1=${NETIFS[p2]}
	160
	161	swp2=${NETIFS[p3]}
	162	h2=${NETIFS[p4]}
	163
	164	h1mac=$(mac_get $h1)
	165	h2mac=$(mac_get $h2)
	166
	167	swp1origmac=$(mac_get $swp1)
	168	swp2origmac=$(mac_get $swp2)
	169	ip link set $swp1 address $h2mac
	170	ip link set $swp2 address $h1mac
	171
	172	vrf_prepare
	173
	174	h1_create
	175	h2_create
	176	switch_create
	177	}
	178
	179	cleanup()
	180	{
	181	pre_cleanup
	182
	183	switch_destroy
	184	h2_destroy
	185	h1_destroy
	186
	187	vrf_cleanup
	188
189	ip link set $swp2 address $swp2origmac
190	ip link set $swp1 address $swp1origmac
191	}
192
0eb8053c IS	193	mirred_egress_redirect_test()
0eb8053c IS	194	{
075c8aa7	195	mirred_egress_test "redirect" "ip" "flower" "dst_ip 192.0.2.2"
0eb8053c IS	196	}
	197
	198	mirred_egress_mirror_test()
	199	{
075c8aa7 JP	200	mirred_egress_test "mirror" "ip" "flower" "dst_ip 192.0.2.2"
	201	}
	202
	203	matchall_mirred_egress_mirror_test()
	204	{
	205	mirred_egress_test "mirror" "all" "matchall" ""
0eb8053c IS	206	}
0eb8053c IS	207
bc13af29 JP	208	trap cleanup EXIT
	209
	210	setup_prepare
	211	setup_wait
	212
0eb8053c	213	tests_run
bc13af29 JP	214
	215	tc_offload_check
	216	if [[ $? -ne 0 ]]; then
	217	log_info "Could not test offloaded functionality"
	218	else
	219	tcflags="skip_sw"
0eb8053c	220	tests_run
bc13af29 JP	221	fi
	222
	223	exit $EXIT_STATUS