1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Test devlink-trap tunnel drops and exceptions functionality over mlxsw. 5# Check all traps to make sure they are triggered under the right 6# conditions. 7 8# +--------------------+ 9# | H1 (vrf) | 10# | + $h1 | 11# | | 192.0.2.1/28 | 12# +----|---------------+ 13# | 14# +----|----------------------------------------------------------------------+ 15# | SW | | 16# | +--|--------------------------------------------------------------------+ | 17# | | + $swp1 BR1 (802.1d) | | 18# | | | | 19# | | + vx1 (vxlan) | | 20# | | local 192.0.2.17 | | 21# | | id 1000 dstport $VXPORT | | 22# | +-----------------------------------------------------------------------+ | 23# | | 24# | + $rp1 | 25# | | 192.0.2.17/28 | 26# +----|----------------------------------------------------------------------+ 27# | 28# +----|--------------------------------------------------------+ 29# | | VRF2 | 30# | + $rp2 | 31# | 192.0.2.18/28 | 32# | | 33# +-------------------------------------------------------------+ 34 35lib_dir=$(dirname $0)/../../../net/forwarding 36 37ALL_TESTS=" 38 decap_error_test 39 overlay_smac_is_mc_test 40" 41 42NUM_NETIFS=4 43source $lib_dir/lib.sh 44source $lib_dir/tc_common.sh 45source $lib_dir/devlink_lib.sh 46 47: ${VXPORT:=4789} 48export VXPORT 49 50h1_create() 51{ 52 simple_if_init $h1 192.0.2.1/28 53} 54 55h1_destroy() 56{ 57 simple_if_fini $h1 192.0.2.1/28 58} 59 60switch_create() 61{ 62 ip link add name br1 type bridge vlan_filtering 0 mcast_snooping 0 63 # Make sure the bridge uses the MAC address of the local port and not 64 # that of the VxLAN's device. 65 ip link set dev br1 address $(mac_get $swp1) 66 ip link set dev br1 up 67 68 tc qdisc add dev $swp1 clsact 69 ip link set dev $swp1 master br1 70 ip link set dev $swp1 up 71 72 ip link add name vx1 type vxlan id 1000 local 192.0.2.17 \ 73 dstport "$VXPORT" nolearning noudpcsum tos inherit ttl 100 74 ip link set dev vx1 master br1 75 ip link set dev vx1 up 76 77 ip address add dev $rp1 192.0.2.17/28 78 ip link set dev $rp1 up 79} 80 81switch_destroy() 82{ 83 ip link set dev $rp1 down 84 ip address del dev $rp1 192.0.2.17/28 85 86 ip link set dev vx1 down 87 ip link set dev vx1 nomaster 88 ip link del dev vx1 89 90 ip link set dev $swp1 down 91 ip link set dev $swp1 nomaster 92 tc qdisc del dev $swp1 clsact 93 94 ip link set dev br1 down 95 ip link del dev br1 96} 97 98vrf2_create() 99{ 100 simple_if_init $rp2 192.0.2.18/28 101} 102 103vrf2_destroy() 104{ 105 simple_if_fini $rp2 192.0.2.18/28 106} 107 108setup_prepare() 109{ 110 h1=${NETIFS[p1]} 111 swp1=${NETIFS[p2]} 112 113 rp1=${NETIFS[p3]} 114 rp2=${NETIFS[p4]} 115 116 vrf_prepare 117 forwarding_enable 118 h1_create 119 switch_create 120 vrf2_create 121} 122 123cleanup() 124{ 125 pre_cleanup 126 127 vrf2_destroy 128 switch_destroy 129 h1_destroy 130 forwarding_restore 131 vrf_cleanup 132} 133 134ecn_payload_get() 135{ 136 dest_mac=$(mac_get $h1) 137 p=$(: 138 )"08:"$( : VXLAN flags 139 )"00:00:00:"$( : VXLAN reserved 140 )"00:03:e8:"$( : VXLAN VNI : 1000 141 )"00:"$( : VXLAN reserved 142 )"$dest_mac:"$( : ETH daddr 143 )"00:00:00:00:00:00:"$( : ETH saddr 144 )"08:00:"$( : ETH type 145 )"45:"$( : IP version + IHL 146 )"00:"$( : IP TOS 147 )"00:14:"$( : IP total length 148 )"00:00:"$( : IP identification 149 )"20:00:"$( : IP flags + frag off 150 )"40:"$( : IP TTL 151 )"00:"$( : IP proto 152 )"D6:E5:"$( : IP header csum 153 )"c0:00:02:03:"$( : IP saddr: 192.0.2.3 154 )"c0:00:02:01:"$( : IP daddr: 192.0.2.1 155 ) 156 echo $p 157} 158 159ecn_decap_test() 160{ 161 local trap_name="decap_error" 162 local desc=$1; shift 163 local ecn_desc=$1; shift 164 local outer_tos=$1; shift 165 local mz_pid 166 167 RET=0 168 169 tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ 170 flower src_ip 192.0.2.3 dst_ip 192.0.2.1 action pass 171 172 rp1_mac=$(mac_get $rp1) 173 payload=$(ecn_payload_get) 174 175 ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac -B 192.0.2.17 \ 176 -t udp sp=12345,dp=$VXPORT,tos=$outer_tos,p=$payload -q & 177 mz_pid=$! 178 179 devlink_trap_exception_test $trap_name 180 181 tc_check_packets "dev $swp1 egress" 101 0 182 check_err $? "Packets were not dropped" 183 184 log_test "$desc: Inner ECN is not ECT and outer is $ecn_desc" 185 186 kill $mz_pid && wait $mz_pid &> /dev/null 187 tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower 188} 189 190reserved_bits_payload_get() 191{ 192 dest_mac=$(mac_get $h1) 193 p=$(: 194 )"08:"$( : VXLAN flags 195 )"01:00:00:"$( : VXLAN reserved 196 )"00:03:e8:"$( : VXLAN VNI : 1000 197 )"00:"$( : VXLAN reserved 198 )"$dest_mac:"$( : ETH daddr 199 )"00:00:00:00:00:00:"$( : ETH saddr 200 )"08:00:"$( : ETH type 201 )"45:"$( : IP version + IHL 202 )"00:"$( : IP TOS 203 )"00:14:"$( : IP total length 204 )"00:00:"$( : IP identification 205 )"20:00:"$( : IP flags + frag off 206 )"40:"$( : IP TTL 207 )"00:"$( : IP proto 208 )"00:00:"$( : IP header csum 209 )"c0:00:02:03:"$( : IP saddr: 192.0.2.3 210 )"c0:00:02:01:"$( : IP daddr: 192.0.2.1 211 ) 212 echo $p 213} 214 215short_payload_get() 216{ 217 dest_mac=$(mac_get $h1) 218 p=$(: 219 )"08:"$( : VXLAN flags 220 )"01:00:00:"$( : VXLAN reserved 221 )"00:03:e8:"$( : VXLAN VNI : 1000 222 )"00:"$( : VXLAN reserved 223 ) 224 echo $p 225} 226 227corrupted_packet_test() 228{ 229 local trap_name="decap_error" 230 local desc=$1; shift 231 local payload_get=$1; shift 232 local mz_pid 233 234 RET=0 235 236 # In case of too short packet, there is no any inner packet, 237 # so the matching will always succeed 238 tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ 239 flower skip_hw src_ip 192.0.2.3 dst_ip 192.0.2.1 action pass 240 241 rp1_mac=$(mac_get $rp1) 242 payload=$($payload_get) 243 ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac \ 244 -B 192.0.2.17 -t udp sp=12345,dp=$VXPORT,p=$payload -q & 245 mz_pid=$! 246 247 devlink_trap_exception_test $trap_name 248 249 tc_check_packets "dev $swp1 egress" 101 0 250 check_err $? "Packets were not dropped" 251 252 log_test "$desc" 253 254 kill $mz_pid && wait $mz_pid &> /dev/null 255 tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower 256} 257 258decap_error_test() 259{ 260 ecn_decap_test "Decap error" "ECT(1)" 01 261 ecn_decap_test "Decap error" "ECT(0)" 02 262 ecn_decap_test "Decap error" "CE" 03 263 264 corrupted_packet_test "Decap error: Reserved bits in use" \ 265 "reserved_bits_payload_get" 266 corrupted_packet_test "Decap error: No L2 header" "short_payload_get" 267} 268 269mc_smac_payload_get() 270{ 271 dest_mac=$(mac_get $h1) 272 source_mac=01:02:03:04:05:06 273 p=$(: 274 )"08:"$( : VXLAN flags 275 )"00:00:00:"$( : VXLAN reserved 276 )"00:03:e8:"$( : VXLAN VNI : 1000 277 )"00:"$( : VXLAN reserved 278 )"$dest_mac:"$( : ETH daddr 279 )"$source_mac:"$( : ETH saddr 280 )"08:00:"$( : ETH type 281 )"45:"$( : IP version + IHL 282 )"00:"$( : IP TOS 283 )"00:14:"$( : IP total length 284 )"00:00:"$( : IP identification 285 )"20:00:"$( : IP flags + frag off 286 )"40:"$( : IP TTL 287 )"00:"$( : IP proto 288 )"00:00:"$( : IP header csum 289 )"c0:00:02:03:"$( : IP saddr: 192.0.2.3 290 )"c0:00:02:01:"$( : IP daddr: 192.0.2.1 291 ) 292 echo $p 293} 294 295overlay_smac_is_mc_test() 296{ 297 local trap_name="overlay_smac_is_mc" 298 local mz_pid 299 300 RET=0 301 302 # The matching will be checked on devlink_trap_drop_test() 303 # and the filter will be removed on devlink_trap_drop_cleanup() 304 tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ 305 flower src_mac 01:02:03:04:05:06 action pass 306 307 rp1_mac=$(mac_get $rp1) 308 payload=$(mc_smac_payload_get) 309 310 ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac \ 311 -B 192.0.2.17 -t udp sp=12345,dp=$VXPORT,p=$payload -q & 312 mz_pid=$! 313 314 devlink_trap_drop_test $trap_name $swp1 101 315 316 log_test "Overlay source MAC is multicast" 317 318 devlink_trap_drop_cleanup $mz_pid $swp1 "ip" 1 101 319} 320 321trap cleanup EXIT 322 323setup_prepare 324setup_wait 325tests_run 326 327exit $EXIT_STATUS 328
