Linux/tools/testing/selftests/drivers/net/ocelot/tc_flower

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 #!/bin/bash 2 # SPDX-License-Identifier: GPL-2.0 3 # Copyright 2020 NXP 4 5 WAIT_TIME=1 6 NUM_NETIFS=4 7 STABLE_MAC_ADDRS=yes 8 lib_dir=$(dirname $0)/../../../net/forwarding 9 source $lib_dir/tc_common.sh 10 source $lib_dir/lib.sh 11 12 require_command tcpdump 13 14 h1=${NETIFS[p1]} 15 swp1=${NETIFS[p2]} 16 swp2=${NETIFS[p3]} 17 h2=${NETIFS[p4]} 18 19 # Helpers to map a VCAP IS1 and VCAP IS2 lookup and policy to a chain number 20 # used by the kernel driver. The numbers are: 21 # VCAP IS1 lookup 0: 10000 22 # VCAP IS1 lookup 1: 11000 23 # VCAP IS1 lookup 2: 12000 24 # VCAP IS2 lookup 0 policy 0: 20000 25 # VCAP IS2 lookup 0 policy 1: 20001 26 # VCAP IS2 lookup 0 policy 255: 20255 27 # VCAP IS2 lookup 1 policy 0: 21000 28 # VCAP IS2 lookup 1 policy 1: 21001 29 # VCAP IS2 lookup 1 policy 255: 21255 30 IS1() 31 { 32 local lookup=$1 33 34 echo $((10000 + 1000 * lookup)) 35 } 36 37 IS2() 38 { 39 local lookup=$1 40 local pag=$2 41 42 echo $((20000 + 1000 * lookup + pag)) 43 } 44 45 ES0() 46 { 47 echo 0 48 } 49 50 # The Ocelot switches have a fixed ingress pipeline composed of: 51 # 52 # +----------------------------------------------+ +-----------------------------------------+ 53 # | VCAP IS1 | | VCAP IS2 | 54 # | | | | 55 # | +----------+ +----------+ +----------+ | | +----------+ +----------+ | 56 # | | Lookup 0 | | Lookup 1 | | Lookup 2 | | --+------> PAG 0: | Lookup 0 | -> | Lookup 1 | | 57 # | +----------+ -> +----------+ -> +----------+ | | | +----------+ +----------+ | 58 # | |key&action| |key&action| |key&action| | | | |key&action| |key&action| | 59 # | |key&action| |key&action| |key&action| | | | | .. | | .. | | 60 # | | .. | | .. | | .. | | | | +----------+ +----------+ | 61 # | +----------+ +----------+ +----------+ | | | | 62 # | selects PAG | | | +----------+ +----------+ | 63 # +----------------------------------------------+ +------> PAG 1: | Lookup 0 | -> | Lookup 1 | | 64 # | | +----------+ +----------+ | 65 # | | |key&action| |key&action| | 66 # | | | .. | | .. | | 67 # | | +----------+ +----------+ | 68 # | | ... | 69 # | | | 70 # | | +----------+ +----------+ | 71 # +----> PAG 254: | Lookup 0 | -> | Lookup 1 | | 72 # | | +----------+ +----------+ | 73 # | | |key&action| |key&action| | 74 # | | | .. | | .. | | 75 # | | +----------+ +----------+ | 76 # | | | 77 # | | +----------+ +----------+ | 78 # +----> PAG 255: | Lookup 0 | -> | Lookup 1 | | 79 # | +----------+ +----------+ | 80 # | |key&action| |key&action| | 81 # | | .. | | .. | | 82 # | +----------+ +----------+ | 83 # +-----------------------------------------+ 84 # 85 # Both the VCAP IS1 (Ingress Stage 1) and IS2 (Ingress Stage 2) are indexed 86 # (looked up) multiple times: IS1 3 times, and IS2 2 times. Each filter 87 # (key and action pair) can be configured to only match during the first, or 88 # second, etc, lookup. 89 # 90 # During one TCAM lookup, the filter processing stops at the first entry that 91 # matches, then the pipeline jumps to the next lookup. 92 # The driver maps each individual lookup of each individual ingress TCAM to a 93 # separate chain number. For correct rule offloading, it is mandatory that each 94 # filter installed in one TCAM is terminated by a non-optional GOTO action to 95 # the next lookup from the fixed pipeline. 96 # 97 # A chain can only be used if there is a GOTO action correctly set up from the 98 # prior lookup in the processing pipeline. Setting up all chains is not 99 # mandatory. 100 101 # NOTE: VCAP IS1 currently uses only S1_NORMAL half keys and VCAP IS2 102 # dynamically chooses between MAC_ETYPE, ARP, IP4_TCP_UDP, IP4_OTHER, which are 103 # all half keys as well. 104 105 create_tcam_skeleton() 106 { 107 local eth=$1 108 109 tc qdisc add dev $eth clsact 110 111 # VCAP IS1 is the Ingress Classification TCAM and can offload the 112 # following actions: 113 # - skbedit priority 114 # - vlan pop 115 # - vlan modify 116 # - goto (only in lookup 2, the last IS1 lookup) 117 tc filter add dev $eth ingress chain 0 pref 49152 flower \ 118 skip_sw action goto chain $(IS1 0) 119 tc filter add dev $eth ingress chain $(IS1 0) pref 49152 \ 120 flower skip_sw action goto chain $(IS1 1) 121 tc filter add dev $eth ingress chain $(IS1 1) pref 49152 \ 122 flower skip_sw action goto chain $(IS1 2) 123 tc filter add dev $eth ingress chain $(IS1 2) pref 49152 \ 124 flower skip_sw action goto chain $(IS2 0 0) 125 126 # VCAP IS2 is the Security Enforcement ingress TCAM and can offload the 127 # following actions: 128 # - trap 129 # - drop 130 # - police 131 # The two VCAP IS2 lookups can be segmented into up to 256 groups of 132 # rules, called Policies. A Policy is selected through the Policy 133 # Association Group (PAG) action of VCAP IS1 (which is the 134 # GOTO offload). 135 tc filter add dev $eth ingress chain $(IS2 0 0) pref 49152 \ 136 flower skip_sw action goto chain $(IS2 1 0) 137 } 138 139 setup_prepare() 140 { 141 ip link set $swp1 up 142 ip link set $swp2 up 143 ip link set $h2 up 144 ip link set $h1 up 145 146 create_tcam_skeleton $swp1 147 148 ip link add br0 type bridge 149 ip link set $swp1 master br0 150 ip link set $swp2 master br0 151 ip link set br0 up 152 153 ip link add link $h1 name $h1.100 type vlan id 100 154 ip link set $h1.100 up 155 156 ip link add link $h1 name $h1.200 type vlan id 200 157 ip link set $h1.200 up 158 159 tc filter add dev $swp1 ingress chain $(IS1 1) pref 1 \ 160 protocol 802.1Q flower skip_sw vlan_id 100 \ 161 action vlan pop \ 162 action goto chain $(IS1 2) 163 164 tc filter add dev $swp1 egress chain $(ES0) pref 1 \ 165 flower skip_sw indev $swp2 \ 166 action vlan push protocol 802.1Q id 100 167 168 tc filter add dev $swp1 ingress chain $(IS1 0) pref 2 \ 169 protocol ipv4 flower skip_sw src_ip 10.1.1.2 \ 170 action skbedit priority 7 \ 171 action goto chain $(IS1 1) 172 173 tc filter add dev $swp1 ingress chain $(IS2 0 0) pref 1 \ 174 protocol ipv4 flower skip_sw ip_proto udp dst_port 5201 \ 175 action police rate 50mbit burst 64k conform-exceed drop/pipe \ 176 action goto chain $(IS2 1 0) 177 } 178 179 cleanup() 180 { 181 ip link del $h1.200 182 ip link del $h1.100 183 tc qdisc del dev $swp1 clsact 184 ip link del br0 185 } 186 187 test_vlan_pop() 188 { 189 local h1_mac=$(mac_get $h1) 190 local h2_mac=$(mac_get $h2) 191 192 RET=0 193 194 tcpdump_start $h2 195 196 # Work around Mausezahn VLAN builder bug 197 # (https://github.com/netsniff-ng/netsniff-ng/issues/225) by using 198 # an 8021q upper 199 $MZ $h1.100 -q -c 1 -p 64 -a $h1_mac -b $h2_mac -t ip 200 201 sleep 1 202 203 tcpdump_stop $h2 204 205 tcpdump_show $h2 | grep -q "$h1_mac > $h2_mac, ethertype IPv4" 206 check_err "$?" "untagged reception" 207 208 tcpdump_cleanup $h2 209 210 log_test "VLAN pop" 211 } 212 213 test_vlan_push() 214 { 215 local h1_mac=$(mac_get $h1) 216 local h2_mac=$(mac_get $h2) 217 218 RET=0 219 220 tcpdump_start $h1.100 221 222 $MZ $h2 -q -c 1 -p 64 -a $h2_mac -b $h1_mac -t ip 223 224 sleep 1 225 226 tcpdump_stop $h1.100 227 228 tcpdump_show $h1.100 | grep -q "$h2_mac > $h1_mac" 229 check_err "$?" "tagged reception" 230 231 tcpdump_cleanup $h1.100 232 233 log_test "VLAN push" 234 } 235 236 test_vlan_ingress_modify() 237 { 238 local h1_mac=$(mac_get $h1) 239 local h2_mac=$(mac_get $h2) 240 241 RET=0 242 243 ip link set br0 type bridge vlan_filtering 1 244 bridge vlan add dev $swp1 vid 200 245 bridge vlan add dev $swp1 vid 300 246 bridge vlan add dev $swp2 vid 300 247 248 tc filter add dev $swp1 ingress chain $(IS1 2) pref 3 \ 249 protocol 802.1Q flower skip_sw vlan_id 200 src_mac $h1_mac \ 250 action vlan modify id 300 \ 251 action goto chain $(IS2 0 0) 252 253 tcpdump_start $h2 254 255 $MZ $h1.200 -q -c 1 -p 64 -a $h1_mac -b $h2_mac -t ip 256 257 sleep 1 258 259 tcpdump_stop $h2 260 261 tcpdump_show $h2 | grep -q "$h1_mac > $h2_mac, .* vlan 300" 262 check_err "$?" "tagged reception" 263 264 tcpdump_cleanup $h2 265 266 tc filter del dev $swp1 ingress chain $(IS1 2) pref 3 267 268 bridge vlan del dev $swp1 vid 200 269 bridge vlan del dev $swp1 vid 300 270 bridge vlan del dev $swp2 vid 300 271 ip link set br0 type bridge vlan_filtering 0 272 273 log_test "Ingress VLAN modification" 274 } 275 276 test_vlan_egress_modify() 277 { 278 local h1_mac=$(mac_get $h1) 279 local h2_mac=$(mac_get $h2) 280 281 RET=0 282 283 tc qdisc add dev $swp2 clsact 284 285 ip link set br0 type bridge vlan_filtering 1 286 bridge vlan add dev $swp1 vid 200 287 bridge vlan add dev $swp2 vid 200 288 289 tc filter add dev $swp2 egress chain $(ES0) pref 3 \ 290 protocol 802.1Q flower skip_sw vlan_id 200 vlan_prio 0 \ 291 action vlan modify id 300 priority 7 292 293 tcpdump_start $h2 294 295 $MZ $h1.200 -q -c 1 -p 64 -a $h1_mac -b $h2_mac -t ip 296 297 sleep 1 298 299 tcpdump_stop $h2 300 301 tcpdump_show $h2 | grep -q "$h1_mac > $h2_mac, .* vlan 300" 302 check_err "$?" "tagged reception" 303 304 tcpdump_cleanup $h2 305 306 tc filter del dev $swp2 egress chain $(ES0) pref 3 307 tc qdisc del dev $swp2 clsact 308 309 bridge vlan del dev $swp1 vid 200 310 bridge vlan del dev $swp2 vid 200 311 ip link set br0 type bridge vlan_filtering 0 312 313 log_test "Egress VLAN modification" 314 } 315 316 test_skbedit_priority() 317 { 318 local h1_mac=$(mac_get $h1) 319 local h2_mac=$(mac_get $h2) 320 local num_pkts=100 321 322 before=$(ethtool_stats_get $swp1 'rx_green_prio_7') 323 324 $MZ $h1 -q -c $num_pkts -p 64 -a $h1_mac -b $h2_mac -t ip -A 10.1.1.2 325 326 after=$(ethtool_stats_get $swp1 'rx_green_prio_7') 327 328 if [ $((after - before)) = $num_pkts ]; then 329 RET=0 330 else 331 RET=1 332 fi 333 334 log_test "Frame prioritization" 335 } 336 337 trap cleanup EXIT 338 339 ALL_TESTS=" 340 test_vlan_pop 341 test_vlan_push 342 test_vlan_ingress_modify 343 test_vlan_egress_modify 344 test_skbedit_priority 345 " 346 347 setup_prepare 348 setup_wait 349 350 tests_run 351 352 exit $EXIT_STATUS

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh