1 #!/bin/bash
2 # SPDX-License-Identifier: GPL-2.0
3 #
4 # Test devlink-trap tunnel drops and exceptions functionality over mlxsw.
5 # Check all traps to make sure they are triggered under the right
6 # conditions.
7
8 # +------------------------+
9 # | H1 (vrf) |
10 # | + $h1 |
11 # | | 2001:db8:1::1/64 |
12 # +----|-------------------+
13 # |
14 # +----|----------------------------------------------------------------------+
15 # | SW | |
16 # | +--|--------------------------------------------------------------------+ |
17 # | | + $swp1 BR1 (802.1d) | |
18 # | | | |
19 # | | + vx1 (vxlan) | |
20 # | | local 2001:db8:3::1 | |
21 # | | id 1000 dstport $VXPORT | |
22 # | +-----------------------------------------------------------------------+ |
23 # | |
24 # | + $rp1 |
25 # | | 2001:db8:3::1/64 |
26 # +----|----------------------------------------------------------------------+
27 # |
28 # +----|--------------------------------------------------------+
29 # | | VRF2 |
30 # | + $rp2 |
31 # | 2001:db8:3::2/64 |
32 # | |
33 # +-------------------------------------------------------------+
34
35 lib_dir=$(dirname $0)/../../../net/forwarding
36
37 ALL_TESTS="
38 decap_error_test
39 overlay_smac_is_mc_test
40 "
41
42 NUM_NETIFS=4
43 source $lib_dir/lib.sh
44 source $lib_dir/tc_common.sh
45 source $lib_dir/devlink_lib.sh
46
47 : ${VXPORT:=4789}
48 export VXPORT
49
50 h1_create()
51 {
52 simple_if_init $h1 2001:db8:1::1/64
53 }
54
55 h1_destroy()
56 {
57 simple_if_fini $h1 2001:db8:1::1/64
58 }
59
60 switch_create()
61 {
62 ip link add name br1 type bridge vlan_filtering 0 mcast_snooping 0
63 # Make sure the bridge uses the MAC address of the local port and not
64 # that of the VxLAN's device.
65 ip link set dev br1 address $(mac_get $swp1)
66 ip link set dev br1 up
67
68 tc qdisc add dev $swp1 clsact
69 ip link set dev $swp1 master br1
70 ip link set dev $swp1 up
71
72 ip link add name vx1 type vxlan id 1000 local 2001:db8:3::1 \
73 dstport "$VXPORT" nolearning udp6zerocsumrx udp6zerocsumtx \
74 tos inherit ttl 100
75 ip link set dev vx1 master br1
76 ip link set dev vx1 up
77
78 ip link set dev $rp1 up
79 ip address add dev $rp1 2001:db8:3::1/64
80 }
81
82 switch_destroy()
83 {
84 ip address del dev $rp1 2001:db8:3::1/64
85 ip link set dev $rp1 down
86
87 ip link set dev vx1 down
88 ip link set dev vx1 nomaster
89 ip link del dev vx1
90
91 ip link set dev $swp1 down
92 ip link set dev $swp1 nomaster
93 tc qdisc del dev $swp1 clsact
94
95 ip link set dev br1 down
96 ip link del dev br1
97 }
98
99 vrf2_create()
100 {
101 simple_if_init $rp2 2001:db8:3::2/64
102 }
103
104 vrf2_destroy()
105 {
106 simple_if_fini $rp2 2001:db8:3::2/64
107 }
108
109 setup_prepare()
110 {
111 h1=${NETIFS[p1]}
112 swp1=${NETIFS[p2]}
113
114 rp1=${NETIFS[p3]}
115 rp2=${NETIFS[p4]}
116
117 vrf_prepare
118 forwarding_enable
119 h1_create
120 switch_create
121 vrf2_create
122 }
123
124 cleanup()
125 {
126 pre_cleanup
127
128 vrf2_destroy
129 switch_destroy
130 h1_destroy
131 forwarding_restore
132 vrf_cleanup
133 }
134
135 ecn_payload_get()
136 {
137 local dest_mac=$(mac_get $h1)
138 local saddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:03"
139 local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01"
140 p=$(:
141 )"08:"$( : VXLAN flags
142 )"00:00:00:"$( : VXLAN reserved
143 )"00:03:e8:"$( : VXLAN VNI : 1000
144 )"00:"$( : VXLAN reserved
145 )"$dest_mac:"$( : ETH daddr
146 )"00:00:00:00:00:00:"$( : ETH saddr
147 )"86:dd:"$( : ETH type
148 )"6"$( : IP version
149 )"0:0"$( : Traffic class
150 )"0:00:00:"$( : Flow label
151 )"00:08:"$( : Payload length
152 )"3a:"$( : Next header
153 )"04:"$( : Hop limit
154 )"$saddr:"$( : IP saddr
155 )"$daddr:"$( : IP daddr
156 )"80:"$( : ICMPv6.type
157 )"00:"$( : ICMPv6.code
158 )"00:"$( : ICMPv6.checksum
159 )
160 echo $p
161 }
162
163 ecn_decap_test()
164 {
165 local trap_name="decap_error"
166 local desc=$1; shift
167 local ecn_desc=$1; shift
168 local outer_tos=$1; shift
169 local mz_pid
170
171 RET=0
172
173 tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \
174 flower src_ip 2001:db8:1::3 dst_ip 2001:db8:1::1 action pass
175
176 rp1_mac=$(mac_get $rp1)
177 payload=$(ecn_payload_get)
178
179 ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -b $rp1_mac \
180 -B 2001:db8:3::1 -t udp \
181 sp=12345,dp=$VXPORT,tos=$outer_tos,p=$payload -q &
182 mz_pid=$!
183
184 devlink_trap_exception_test $trap_name
185
186 tc_check_packets "dev $swp1 egress" 101 0
187 check_err $? "Packets were not dropped"
188
189 log_test "$desc: Inner ECN is not ECT and outer is $ecn_desc"
190
191 kill $mz_pid && wait $mz_pid &> /dev/null
192 tc filter del dev $swp1 egress protocol ipv6 pref 1 handle 101 flower
193 }
194
195 reserved_bits_payload_get()
196 {
197 local dest_mac=$(mac_get $h1)
198 local saddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:03"
199 local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01"
200 p=$(:
201 )"08:"$( : VXLAN flags
202 )"01:00:00:"$( : VXLAN reserved
203 )"00:03:e8:"$( : VXLAN VNI : 1000
204 )"00:"$( : VXLAN reserved
205 )"$dest_mac:"$( : ETH daddr
206 )"00:00:00:00:00:00:"$( : ETH saddr
207 )"86:dd:"$( : ETH type
208 )"6"$( : IP version
209 )"0:0"$( : Traffic class
210 )"0:00:00:"$( : Flow label
211 )"00:08:"$( : Payload length
212 )"3a:"$( : Next header
213 )"04:"$( : Hop limit
214 )"$saddr:"$( : IP saddr
215 )"$daddr:"$( : IP daddr
216 )"80:"$( : ICMPv6.type
217 )"00:"$( : ICMPv6.code
218 )"00:"$( : ICMPv6.checksum
219 )
220 echo $p
221 }
222
223 short_payload_get()
224 {
225 dest_mac=$(mac_get $h1)
226 p=$(:
227 )"08:"$( : VXLAN flags
228 )"00:00:00:"$( : VXLAN reserved
229 )"00:03:e8:"$( : VXLAN VNI : 1000
230 )"00:"$( : VXLAN reserved
231 )"$dest_mac:"$( : ETH daddr
232 )"00:00:00:00:00:00:"$( : ETH saddr
233 )
234 echo $p
235 }
236
237 corrupted_packet_test()
238 {
239 local trap_name="decap_error"
240 local desc=$1; shift
241 local payload_get=$1; shift
242 local mz_pid
243
244 RET=0
245
246 # In case of too short packet, there is no any inner packet,
247 # so the matching will always succeed
248 tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \
249 flower skip_hw src_ip 2001:db8:3::1 dst_ip 2001:db8:1::1 \
250 action pass
251
252 rp1_mac=$(mac_get $rp1)
253 payload=$($payload_get)
254 ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -b $rp1_mac \
255 -B 2001:db8:3::1 -t udp sp=12345,dp=$VXPORT,p=$payload -q &
256 mz_pid=$!
257
258 devlink_trap_exception_test $trap_name
259
260 tc_check_packets "dev $swp1 egress" 101 0
261 check_err $? "Packets were not dropped"
262
263 log_test "$desc"
264
265 kill $mz_pid && wait $mz_pid &> /dev/null
266 tc filter del dev $swp1 egress protocol ipv6 pref 1 handle 101 flower
267 }
268
269 decap_error_test()
270 {
271 ecn_decap_test "Decap error" "ECT(1)" 01
272 ecn_decap_test "Decap error" "ECT(0)" 02
273 ecn_decap_test "Decap error" "CE" 03
274
275 corrupted_packet_test "Decap error: Reserved bits in use" \
276 "reserved_bits_payload_get"
277 corrupted_packet_test "Decap error: Too short inner packet" \
278 "short_payload_get"
279 }
280
281 mc_smac_payload_get()
282 {
283 local dest_mac=$(mac_get $h1)
284 local source_mac="01:02:03:04:05:06"
285 local saddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:03"
286 local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01"
287 p=$(:
288 )"08:"$( : VXLAN flags
289 )"00:00:00:"$( : VXLAN reserved
290 )"00:03:e8:"$( : VXLAN VNI : 1000
291 )"00:"$( : VXLAN reserved
292 )"$dest_mac:"$( : ETH daddr
293 )"$source_mac:"$( : ETH saddr
294 )"86:dd:"$( : ETH type
295 )"6"$( : IP version
296 )"0:0"$( : Traffic class
297 )"0:00:00:"$( : Flow label
298 )"00:08:"$( : Payload length
299 )"3a:"$( : Next header
300 )"04:"$( : Hop limit
301 )"$saddr:"$( : IP saddr
302 )"$daddr:"$( : IP daddr
303 )"80:"$( : ICMPv6.type
304 )"00:"$( : ICMPv6.code
305 )"00:"$( : ICMPv6.checksum
306 )
307 echo $p
308 }
309
310 overlay_smac_is_mc_test()
311 {
312 local trap_name="overlay_smac_is_mc"
313 local mz_pid
314
315 RET=0
316
317 # The matching will be checked on devlink_trap_drop_test()
318 # and the filter will be removed on devlink_trap_drop_cleanup()
319 tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \
320 flower src_mac 01:02:03:04:05:06 action pass
321
322 rp1_mac=$(mac_get $rp1)
323 payload=$(mc_smac_payload_get)
324
325 ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -b $rp1_mac \
326 -B 2001:db8:3::1 -t udp sp=12345,dp=$VXPORT,p=$payload -q &
327 mz_pid=$!
328
329 devlink_trap_drop_test $trap_name $swp1 101
330
331 log_test "Overlay source MAC is multicast"
332
333 devlink_trap_drop_cleanup $mz_pid $swp1 "ipv6" 1 101
334 }
335
336 trap cleanup EXIT
337
338 setup_prepare
339 setup_wait
340 tests_run
341
342 exit $EXIT_STATUS
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.