1 #!/bin/bash 2 # SPDX-License-Identifier: GPL-2.0 3 4 ALL_TESTS="unreachable_chain_test gact_goto_chain_test create_destroy_chain \ 5 template_filter_fits" 6 NUM_NETIFS=2 7 source tc_common.sh 8 source lib.sh 9 10 tcflags="skip_hw" 11 12 h1_create() 13 { 14 simple_if_init $h1 192.0.2.1/24 15 } 16 17 h1_destroy() 18 { 19 simple_if_fini $h1 192.0.2.1/24 20 } 21 22 h2_create() 23 { 24 simple_if_init $h2 192.0.2.2/24 25 tc qdisc add dev $h2 clsact 26 } 27 28 h2_destroy() 29 { 30 tc qdisc del dev $h2 clsact 31 simple_if_fini $h2 192.0.2.2/24 32 } 33 34 unreachable_chain_test() 35 { 36 RET=0 37 38 tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \ 39 flower $tcflags dst_mac $h2mac action drop 40 41 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 42 -t ip -q 43 44 tc_check_packets "dev $h2 ingress" 1101 1 45 check_fail $? "matched on filter in unreachable chain" 46 47 tc filter del dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \ 48 flower 49 50 log_test "unreachable chain ($tcflags)" 51 } 52 53 gact_goto_chain_test() 54 { 55 RET=0 56 57 tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \ 58 flower $tcflags dst_mac $h2mac action drop 59 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 60 $tcflags dst_mac $h2mac action drop 61 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 62 $tcflags dst_mac $h2mac action goto chain 1 63 64 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 65 -t ip -q 66 67 tc_check_packets "dev $h2 ingress" 102 1 68 check_fail $? "Matched on a wrong filter" 69 70 tc_check_packets "dev $h2 ingress" 101 1 71 check_err $? "Did not match on correct filter with goto chain action" 72 73 tc_check_packets "dev $h2 ingress" 1101 1 74 check_err $? "Did not match on correct filter in chain 1" 75 76 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 77 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 78 tc filter del dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \ 79 flower 80 81 log_test "gact goto chain ($tcflags)" 82 } 83 84 create_destroy_chain() 85 { 86 RET=0 87 88 tc chain add dev $h2 ingress 89 check_err $? "Failed to create default chain" 90 91 output="$(tc -j chain get dev $h2 ingress)" 92 check_err $? "Failed to get default chain" 93 94 echo $output | jq -e ".[] | select(.chain == 0)" &> /dev/null 95 check_err $? "Unexpected output for default chain" 96 97 tc chain add dev $h2 ingress chain 1 98 check_err $? "Failed to create chain 1" 99 100 output="$(tc -j chain get dev $h2 ingress chain 1)" 101 check_err $? "Failed to get chain 1" 102 103 echo $output | jq -e ".[] | select(.chain == 1)" &> /dev/null 104 check_err $? "Unexpected output for chain 1" 105 106 output="$(tc -j chain show dev $h2 ingress)" 107 check_err $? "Failed to dump chains" 108 109 echo $output | jq -e ".[] | select(.chain == 0)" &> /dev/null 110 check_err $? "Can't find default chain in dump" 111 112 echo $output | jq -e ".[] | select(.chain == 1)" &> /dev/null 113 check_err $? "Can't find chain 1 in dump" 114 115 tc chain del dev $h2 ingress 116 check_err $? "Failed to destroy default chain" 117 118 tc chain del dev $h2 ingress chain 1 119 check_err $? "Failed to destroy chain 1" 120 121 log_test "create destroy chain" 122 } 123 124 template_filter_fits() 125 { 126 RET=0 127 128 tc chain add dev $h2 ingress protocol ip \ 129 flower dst_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF &> /dev/null 130 tc chain add dev $h2 ingress chain 1 protocol ip \ 131 flower src_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF &> /dev/null 132 133 tc filter add dev $h2 ingress protocol ip pref 1 handle 1101 \ 134 flower dst_mac $h2mac action drop 135 check_err $? "Failed to insert filter which fits template" 136 137 tc filter add dev $h2 ingress protocol ip pref 1 handle 1102 \ 138 flower src_mac $h2mac action drop &> /dev/null 139 check_fail $? "Incorrectly succeeded to insert filter which does not template" 140 141 tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \ 142 flower src_mac $h2mac action drop 143 check_err $? "Failed to insert filter which fits template" 144 145 tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1102 \ 146 flower dst_mac $h2mac action drop &> /dev/null 147 check_fail $? "Incorrectly succeeded to insert filter which does not template" 148 149 tc filter del dev $h2 ingress chain 1 protocol ip pref 1 handle 1102 \ 150 flower &> /dev/null 151 tc filter del dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \ 152 flower &> /dev/null 153 154 tc filter del dev $h2 ingress protocol ip pref 1 handle 1102 \ 155 flower &> /dev/null 156 tc filter del dev $h2 ingress protocol ip pref 1 handle 1101 \ 157 flower &> /dev/null 158 159 tc chain del dev $h2 ingress chain 1 160 tc chain del dev $h2 ingress 161 162 log_test "template filter fits" 163 } 164 165 setup_prepare() 166 { 167 h1=${NETIFS[p1]} 168 h2=${NETIFS[p2]} 169 h1mac=$(mac_get $h1) 170 h2mac=$(mac_get $h2) 171 172 vrf_prepare 173 174 h1_create 175 h2_create 176 } 177 178 cleanup() 179 { 180 pre_cleanup 181 182 h2_destroy 183 h1_destroy 184 185 vrf_cleanup 186 } 187 188 check_tc_chain_support 189 190 trap cleanup EXIT 191 192 setup_prepare 193 setup_wait 194 195 tests_run 196 197 tc_offload_check 198 if [[ $? -ne 0 ]]; then 199 log_info "Could not test offloaded functionality" 200 else 201 tcflags="skip_sw" 202 tests_run 203 fi 204 205 exit $EXIT_STATUS
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.