1ca264ef6SAmit Cohen#!/bin/bash 2ca264ef6SAmit Cohen# SPDX-License-Identifier: GPL-2.0 3ca264ef6SAmit Cohen# 4ca264ef6SAmit Cohen# Test devlink-trap tunnel drops and exceptions functionality over mlxsw. 5ca264ef6SAmit Cohen# Check all traps to make sure they are triggered under the right 6ca264ef6SAmit Cohen# conditions. 7ca264ef6SAmit Cohen 8ca264ef6SAmit Cohen# +--------------------+ 9ca264ef6SAmit Cohen# | H1 (vrf) | 10ca264ef6SAmit Cohen# | + $h1 | 11ca264ef6SAmit Cohen# | | 192.0.2.1/28 | 12ca264ef6SAmit Cohen# +----|---------------+ 13ca264ef6SAmit Cohen# | 14ca264ef6SAmit Cohen# +----|----------------------------------------------------------------------+ 15ca264ef6SAmit Cohen# | SW | | 16ca264ef6SAmit Cohen# | +--|--------------------------------------------------------------------+ | 17ca264ef6SAmit Cohen# | | + $swp1 BR1 (802.1d) | | 18ca264ef6SAmit Cohen# | | | | 19ca264ef6SAmit Cohen# | | + vx1 (vxlan) | | 20ca264ef6SAmit Cohen# | | local 192.0.2.17 | | 21ca264ef6SAmit Cohen# | | id 1000 dstport $VXPORT | | 22ca264ef6SAmit Cohen# | +-----------------------------------------------------------------------+ | 23ca264ef6SAmit Cohen# | | 24ca264ef6SAmit Cohen# | + $rp1 | 25ca264ef6SAmit Cohen# | | 192.0.2.17/28 | 26ca264ef6SAmit Cohen# +----|----------------------------------------------------------------------+ 27ca264ef6SAmit Cohen# | 28ca264ef6SAmit Cohen# +----|--------------------------------------------------------+ 29ca264ef6SAmit Cohen# | | VRF2 | 30ca264ef6SAmit Cohen# | + $rp2 | 31ca264ef6SAmit Cohen# | 192.0.2.18/28 | 32ca264ef6SAmit Cohen# | | 33ca264ef6SAmit Cohen# +-------------------------------------------------------------+ 34ca264ef6SAmit Cohen 35ca264ef6SAmit Cohenlib_dir=$(dirname $0)/../../../net/forwarding 36ca264ef6SAmit Cohen 37ca264ef6SAmit CohenALL_TESTS=" 38ca264ef6SAmit Cohen decap_error_test 39b3073dfbSAmit Cohen overlay_smac_is_mc_test 40ca264ef6SAmit Cohen" 41ca264ef6SAmit Cohen 42ca264ef6SAmit CohenNUM_NETIFS=4 43ca264ef6SAmit Cohensource $lib_dir/lib.sh 44ca264ef6SAmit Cohensource $lib_dir/tc_common.sh 45ca264ef6SAmit Cohensource $lib_dir/devlink_lib.sh 46ca264ef6SAmit Cohen 47ca264ef6SAmit Cohen: ${VXPORT:=4789} 48ca264ef6SAmit Cohenexport VXPORT 49ca264ef6SAmit Cohen 50ca264ef6SAmit Cohenh1_create() 51ca264ef6SAmit Cohen{ 52ca264ef6SAmit Cohen simple_if_init $h1 192.0.2.1/28 53ca264ef6SAmit Cohen} 54ca264ef6SAmit Cohen 55ca264ef6SAmit Cohenh1_destroy() 56ca264ef6SAmit Cohen{ 57ca264ef6SAmit Cohen simple_if_fini $h1 192.0.2.1/28 58ca264ef6SAmit Cohen} 59ca264ef6SAmit Cohen 60ca264ef6SAmit Cohenswitch_create() 61ca264ef6SAmit Cohen{ 62ca264ef6SAmit Cohen ip link add name br1 type bridge vlan_filtering 0 mcast_snooping 0 63ca264ef6SAmit Cohen # Make sure the bridge uses the MAC address of the local port and not 64ca264ef6SAmit Cohen # that of the VxLAN's device. 65ca264ef6SAmit Cohen ip link set dev br1 address $(mac_get $swp1) 66ca264ef6SAmit Cohen ip link set dev br1 up 67ca264ef6SAmit Cohen 68ca264ef6SAmit Cohen tc qdisc add dev $swp1 clsact 69ca264ef6SAmit Cohen ip link set dev $swp1 master br1 70ca264ef6SAmit Cohen ip link set dev $swp1 up 71ca264ef6SAmit Cohen 72ca264ef6SAmit Cohen ip link add name vx1 type vxlan id 1000 local 192.0.2.17 \ 73ca264ef6SAmit Cohen dstport "$VXPORT" nolearning noudpcsum tos inherit ttl 100 74ca264ef6SAmit Cohen ip link set dev vx1 master br1 75ca264ef6SAmit Cohen ip link set dev vx1 up 76ca264ef6SAmit Cohen 77ca264ef6SAmit Cohen ip address add dev $rp1 192.0.2.17/28 78ca264ef6SAmit Cohen ip link set dev $rp1 up 79ca264ef6SAmit Cohen} 80ca264ef6SAmit Cohen 81ca264ef6SAmit Cohenswitch_destroy() 82ca264ef6SAmit Cohen{ 83ca264ef6SAmit Cohen ip link set dev $rp1 down 84ca264ef6SAmit Cohen ip address del dev $rp1 192.0.2.17/28 85ca264ef6SAmit Cohen 86ca264ef6SAmit Cohen ip link set dev vx1 down 87ca264ef6SAmit Cohen ip link set dev vx1 nomaster 88ca264ef6SAmit Cohen ip link del dev vx1 89ca264ef6SAmit Cohen 90ca264ef6SAmit Cohen ip link set dev $swp1 down 91ca264ef6SAmit Cohen ip link set dev $swp1 nomaster 92ca264ef6SAmit Cohen tc qdisc del dev $swp1 clsact 93ca264ef6SAmit Cohen 94ca264ef6SAmit Cohen ip link set dev br1 down 95ca264ef6SAmit Cohen ip link del dev br1 96ca264ef6SAmit Cohen} 97ca264ef6SAmit Cohen 98ca264ef6SAmit Cohenvrf2_create() 99ca264ef6SAmit Cohen{ 100ca264ef6SAmit Cohen simple_if_init $rp2 192.0.2.18/28 101ca264ef6SAmit Cohen} 102ca264ef6SAmit Cohen 103ca264ef6SAmit Cohenvrf2_destroy() 104ca264ef6SAmit Cohen{ 105ca264ef6SAmit Cohen simple_if_fini $rp2 192.0.2.18/28 106ca264ef6SAmit Cohen} 107ca264ef6SAmit Cohen 108ca264ef6SAmit Cohensetup_prepare() 109ca264ef6SAmit Cohen{ 110ca264ef6SAmit Cohen h1=${NETIFS[p1]} 111ca264ef6SAmit Cohen swp1=${NETIFS[p2]} 112ca264ef6SAmit Cohen 113ca264ef6SAmit Cohen rp1=${NETIFS[p3]} 114ca264ef6SAmit Cohen rp2=${NETIFS[p4]} 115ca264ef6SAmit Cohen 116ca264ef6SAmit Cohen vrf_prepare 117ca264ef6SAmit Cohen forwarding_enable 118ca264ef6SAmit Cohen h1_create 119ca264ef6SAmit Cohen switch_create 120ca264ef6SAmit Cohen vrf2_create 121ca264ef6SAmit Cohen} 122ca264ef6SAmit Cohen 123ca264ef6SAmit Cohencleanup() 124ca264ef6SAmit Cohen{ 125ca264ef6SAmit Cohen pre_cleanup 126ca264ef6SAmit Cohen 127ca264ef6SAmit Cohen vrf2_destroy 128ca264ef6SAmit Cohen switch_destroy 129ca264ef6SAmit Cohen h1_destroy 130ca264ef6SAmit Cohen forwarding_restore 131ca264ef6SAmit Cohen vrf_cleanup 132ca264ef6SAmit Cohen} 133ca264ef6SAmit Cohen 134ca264ef6SAmit Cohenecn_payload_get() 135ca264ef6SAmit Cohen{ 136ca264ef6SAmit Cohen dest_mac=$(mac_get $h1) 137ca264ef6SAmit Cohen p=$(: 138ca264ef6SAmit Cohen )"08:"$( : VXLAN flags 139ca264ef6SAmit Cohen )"00:00:00:"$( : VXLAN reserved 140ca264ef6SAmit Cohen )"00:03:e8:"$( : VXLAN VNI : 1000 141ca264ef6SAmit Cohen )"00:"$( : VXLAN reserved 142ca264ef6SAmit Cohen )"$dest_mac:"$( : ETH daddr 143ca264ef6SAmit Cohen )"00:00:00:00:00:00:"$( : ETH saddr 144ca264ef6SAmit Cohen )"08:00:"$( : ETH type 145ca264ef6SAmit Cohen )"45:"$( : IP version + IHL 146ca264ef6SAmit Cohen )"00:"$( : IP TOS 147ca264ef6SAmit Cohen )"00:14:"$( : IP total length 148ca264ef6SAmit Cohen )"00:00:"$( : IP identification 149ca264ef6SAmit Cohen )"20:00:"$( : IP flags + frag off 150ca264ef6SAmit Cohen )"40:"$( : IP TTL 151ca264ef6SAmit Cohen )"00:"$( : IP proto 152ca264ef6SAmit Cohen )"D6:E5:"$( : IP header csum 153ca264ef6SAmit Cohen )"c0:00:02:03:"$( : IP saddr: 192.0.2.3 154ca264ef6SAmit Cohen )"c0:00:02:01:"$( : IP daddr: 192.0.2.1 155ca264ef6SAmit Cohen ) 156ca264ef6SAmit Cohen echo $p 157ca264ef6SAmit Cohen} 158ca264ef6SAmit Cohen 159ca264ef6SAmit Cohenecn_decap_test() 160ca264ef6SAmit Cohen{ 161ca264ef6SAmit Cohen local trap_name="decap_error" 162ca264ef6SAmit Cohen local desc=$1; shift 163ca264ef6SAmit Cohen local ecn_desc=$1; shift 164ca264ef6SAmit Cohen local outer_tos=$1; shift 165ca264ef6SAmit Cohen local mz_pid 166ca264ef6SAmit Cohen 167ca264ef6SAmit Cohen RET=0 168ca264ef6SAmit Cohen 169ca264ef6SAmit Cohen tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ 170ca264ef6SAmit Cohen flower src_ip 192.0.2.3 dst_ip 192.0.2.1 action pass 171ca264ef6SAmit Cohen 172ca264ef6SAmit Cohen rp1_mac=$(mac_get $rp1) 173ca264ef6SAmit Cohen payload=$(ecn_payload_get) 174ca264ef6SAmit Cohen 175ca264ef6SAmit Cohen ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac -B 192.0.2.17 \ 176ca264ef6SAmit Cohen -t udp sp=12345,dp=$VXPORT,tos=$outer_tos,p=$payload -q & 177ca264ef6SAmit Cohen mz_pid=$! 178ca264ef6SAmit Cohen 17904cc99d9SIdo Schimmel devlink_trap_exception_test $trap_name 180ca264ef6SAmit Cohen 181ca264ef6SAmit Cohen tc_check_packets "dev $swp1 egress" 101 0 182ca264ef6SAmit Cohen check_err $? "Packets were not dropped" 183ca264ef6SAmit Cohen 184ca264ef6SAmit Cohen log_test "$desc: Inner ECN is not ECT and outer is $ecn_desc" 185ca264ef6SAmit Cohen 186*46f6569cSPetr Machata kill_process $mz_pid 187ca264ef6SAmit Cohen tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower 188ca264ef6SAmit Cohen} 189ca264ef6SAmit Cohen 190ca264ef6SAmit Cohenreserved_bits_payload_get() 191ca264ef6SAmit Cohen{ 192ca264ef6SAmit Cohen dest_mac=$(mac_get $h1) 193ca264ef6SAmit Cohen p=$(: 194ca264ef6SAmit Cohen )"08:"$( : VXLAN flags 195ca264ef6SAmit Cohen )"01:00:00:"$( : VXLAN reserved 196ca264ef6SAmit Cohen )"00:03:e8:"$( : VXLAN VNI : 1000 197ca264ef6SAmit Cohen )"00:"$( : VXLAN reserved 198ca264ef6SAmit Cohen )"$dest_mac:"$( : ETH daddr 199ca264ef6SAmit Cohen )"00:00:00:00:00:00:"$( : ETH saddr 200ca264ef6SAmit Cohen )"08:00:"$( : ETH type 201ca264ef6SAmit Cohen )"45:"$( : IP version + IHL 202ca264ef6SAmit Cohen )"00:"$( : IP TOS 203ca264ef6SAmit Cohen )"00:14:"$( : IP total length 204ca264ef6SAmit Cohen )"00:00:"$( : IP identification 205ca264ef6SAmit Cohen )"20:00:"$( : IP flags + frag off 206ca264ef6SAmit Cohen )"40:"$( : IP TTL 207ca264ef6SAmit Cohen )"00:"$( : IP proto 208ca264ef6SAmit Cohen )"00:00:"$( : IP header csum 209ca264ef6SAmit Cohen )"c0:00:02:03:"$( : IP saddr: 192.0.2.3 210ca264ef6SAmit Cohen )"c0:00:02:01:"$( : IP daddr: 192.0.2.1 211ca264ef6SAmit Cohen ) 212ca264ef6SAmit Cohen echo $p 213ca264ef6SAmit Cohen} 214ca264ef6SAmit Cohen 215ca264ef6SAmit Cohenshort_payload_get() 216ca264ef6SAmit Cohen{ 217ca264ef6SAmit Cohen dest_mac=$(mac_get $h1) 218ca264ef6SAmit Cohen p=$(: 219ca264ef6SAmit Cohen )"08:"$( : VXLAN flags 220810ef955SAmit Cohen )"00:00:00:"$( : VXLAN reserved 221ca264ef6SAmit Cohen )"00:03:e8:"$( : VXLAN VNI : 1000 222ca264ef6SAmit Cohen )"00:"$( : VXLAN reserved 223810ef955SAmit Cohen )"$dest_mac:"$( : ETH daddr 224810ef955SAmit Cohen )"00:00:00:00:00:00:"$( : ETH saddr 225ca264ef6SAmit Cohen ) 226ca264ef6SAmit Cohen echo $p 227ca264ef6SAmit Cohen} 228ca264ef6SAmit Cohen 229ca264ef6SAmit Cohencorrupted_packet_test() 230ca264ef6SAmit Cohen{ 231ca264ef6SAmit Cohen local trap_name="decap_error" 232ca264ef6SAmit Cohen local desc=$1; shift 233ca264ef6SAmit Cohen local payload_get=$1; shift 234ca264ef6SAmit Cohen local mz_pid 235ca264ef6SAmit Cohen 236ca264ef6SAmit Cohen RET=0 237ca264ef6SAmit Cohen 238ca264ef6SAmit Cohen # In case of too short packet, there is no any inner packet, 239ca264ef6SAmit Cohen # so the matching will always succeed 240ca264ef6SAmit Cohen tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ 241ca264ef6SAmit Cohen flower skip_hw src_ip 192.0.2.3 dst_ip 192.0.2.1 action pass 242ca264ef6SAmit Cohen 243ca264ef6SAmit Cohen rp1_mac=$(mac_get $rp1) 244ca264ef6SAmit Cohen payload=$($payload_get) 245ca264ef6SAmit Cohen ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac \ 246ca264ef6SAmit Cohen -B 192.0.2.17 -t udp sp=12345,dp=$VXPORT,p=$payload -q & 247ca264ef6SAmit Cohen mz_pid=$! 248ca264ef6SAmit Cohen 24904cc99d9SIdo Schimmel devlink_trap_exception_test $trap_name 250ca264ef6SAmit Cohen 251ca264ef6SAmit Cohen tc_check_packets "dev $swp1 egress" 101 0 252ca264ef6SAmit Cohen check_err $? "Packets were not dropped" 253ca264ef6SAmit Cohen 254ca264ef6SAmit Cohen log_test "$desc" 255ca264ef6SAmit Cohen 256*46f6569cSPetr Machata kill_process $mz_pid 257ca264ef6SAmit Cohen tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower 258ca264ef6SAmit Cohen} 259ca264ef6SAmit Cohen 260ca264ef6SAmit Cohendecap_error_test() 261ca264ef6SAmit Cohen{ 262ca264ef6SAmit Cohen ecn_decap_test "Decap error" "ECT(1)" 01 263ca264ef6SAmit Cohen ecn_decap_test "Decap error" "ECT(0)" 02 264ca264ef6SAmit Cohen ecn_decap_test "Decap error" "CE" 03 265ca264ef6SAmit Cohen 266ca264ef6SAmit Cohen corrupted_packet_test "Decap error: Reserved bits in use" \ 267ca264ef6SAmit Cohen "reserved_bits_payload_get" 268810ef955SAmit Cohen corrupted_packet_test "Decap error: Too short inner packet" \ 269810ef955SAmit Cohen "short_payload_get" 270ca264ef6SAmit Cohen} 271ca264ef6SAmit Cohen 272b3073dfbSAmit Cohenmc_smac_payload_get() 273b3073dfbSAmit Cohen{ 274b3073dfbSAmit Cohen dest_mac=$(mac_get $h1) 275b3073dfbSAmit Cohen source_mac=01:02:03:04:05:06 276b3073dfbSAmit Cohen p=$(: 277b3073dfbSAmit Cohen )"08:"$( : VXLAN flags 278b3073dfbSAmit Cohen )"00:00:00:"$( : VXLAN reserved 279b3073dfbSAmit Cohen )"00:03:e8:"$( : VXLAN VNI : 1000 280b3073dfbSAmit Cohen )"00:"$( : VXLAN reserved 281b3073dfbSAmit Cohen )"$dest_mac:"$( : ETH daddr 282b3073dfbSAmit Cohen )"$source_mac:"$( : ETH saddr 283b3073dfbSAmit Cohen )"08:00:"$( : ETH type 284b3073dfbSAmit Cohen )"45:"$( : IP version + IHL 285b3073dfbSAmit Cohen )"00:"$( : IP TOS 286b3073dfbSAmit Cohen )"00:14:"$( : IP total length 287b3073dfbSAmit Cohen )"00:00:"$( : IP identification 288b3073dfbSAmit Cohen )"20:00:"$( : IP flags + frag off 289b3073dfbSAmit Cohen )"40:"$( : IP TTL 290b3073dfbSAmit Cohen )"00:"$( : IP proto 291b3073dfbSAmit Cohen )"00:00:"$( : IP header csum 292b3073dfbSAmit Cohen )"c0:00:02:03:"$( : IP saddr: 192.0.2.3 293b3073dfbSAmit Cohen )"c0:00:02:01:"$( : IP daddr: 192.0.2.1 294b3073dfbSAmit Cohen ) 295b3073dfbSAmit Cohen echo $p 296b3073dfbSAmit Cohen} 297b3073dfbSAmit Cohen 298b3073dfbSAmit Cohenoverlay_smac_is_mc_test() 299b3073dfbSAmit Cohen{ 300b3073dfbSAmit Cohen local trap_name="overlay_smac_is_mc" 301b3073dfbSAmit Cohen local mz_pid 302b3073dfbSAmit Cohen 303b3073dfbSAmit Cohen RET=0 304b3073dfbSAmit Cohen 305b3073dfbSAmit Cohen # The matching will be checked on devlink_trap_drop_test() 306b3073dfbSAmit Cohen # and the filter will be removed on devlink_trap_drop_cleanup() 307b3073dfbSAmit Cohen tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ 308b3073dfbSAmit Cohen flower src_mac 01:02:03:04:05:06 action pass 309b3073dfbSAmit Cohen 310b3073dfbSAmit Cohen rp1_mac=$(mac_get $rp1) 311b3073dfbSAmit Cohen payload=$(mc_smac_payload_get) 312b3073dfbSAmit Cohen 313b3073dfbSAmit Cohen ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac \ 314b3073dfbSAmit Cohen -B 192.0.2.17 -t udp sp=12345,dp=$VXPORT,p=$payload -q & 315b3073dfbSAmit Cohen mz_pid=$! 316b3073dfbSAmit Cohen 31704cc99d9SIdo Schimmel devlink_trap_drop_test $trap_name $swp1 101 318b3073dfbSAmit Cohen 319b3073dfbSAmit Cohen log_test "Overlay source MAC is multicast" 320b3073dfbSAmit Cohen 321c902a52cSJiri Pirko devlink_trap_drop_cleanup $mz_pid $swp1 "ip" 1 101 322b3073dfbSAmit Cohen} 323b3073dfbSAmit Cohen 324ca264ef6SAmit Cohentrap cleanup EXIT 325ca264ef6SAmit Cohen 326ca264ef6SAmit Cohensetup_prepare 327ca264ef6SAmit Cohensetup_wait 328ca264ef6SAmit Cohentests_run 329ca264ef6SAmit Cohen 330ca264ef6SAmit Cohenexit $EXIT_STATUS 331