xref: /linux/tools/testing/selftests/drivers/net/mlxsw/devlink_trap_acl_drops.sh (revision 4b4193256c8d3bc3a5397b5cd9494c2ad386317d) 
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Test devlink-trap ACL drops functionality over mlxsw.
5
6lib_dir=$(dirname $0)/../../../net/forwarding
7
8ALL_TESTS="
9	ingress_flow_action_drop_test
10	egress_flow_action_drop_test
11"
12NUM_NETIFS=4
13source $lib_dir/tc_common.sh
14source $lib_dir/lib.sh
15source $lib_dir/devlink_lib.sh
16
17h1_create()
18{
19	simple_if_init $h1
20}
21
22h1_destroy()
23{
24	simple_if_fini $h1
25}
26
27h2_create()
28{
29	simple_if_init $h2
30}
31
32h2_destroy()
33{
34	simple_if_fini $h2
35}
36
37switch_create()
38{
39	ip link add dev br0 type bridge vlan_filtering 1 mcast_snooping 0
40
41	ip link set dev $swp1 master br0
42	ip link set dev $swp2 master br0
43
44	ip link set dev br0 up
45	ip link set dev $swp1 up
46	ip link set dev $swp2 up
47
48	tc qdisc add dev $swp1 clsact
49	tc qdisc add dev $swp2 clsact
50}
51
52switch_destroy()
53{
54	tc qdisc del dev $swp2 clsact
55	tc qdisc del dev $swp1 clsact
56
57	ip link set dev $swp2 down
58	ip link set dev $swp1 down
59
60	ip link del dev br0
61}
62
63setup_prepare()
64{
65	h1=${NETIFS[p1]}
66	swp1=${NETIFS[p2]}
67
68	swp2=${NETIFS[p3]}
69	h2=${NETIFS[p4]}
70
71	h1mac=$(mac_get $h1)
72	h2mac=$(mac_get $h2)
73
74	vrf_prepare
75
76	h1_create
77	h2_create
78
79	switch_create
80}
81
82cleanup()
83{
84	pre_cleanup
85
86	switch_destroy
87
88	h2_destroy
89	h1_destroy
90
91	vrf_cleanup
92}
93
94ingress_flow_action_drop_test()
95{
96	local mz_pid
97
98	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
99		flower src_mac $h1mac action pass
100
101	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 \
102		flower dst_ip 192.0.2.2 action drop
103
104	$MZ $h1 -c 0 -p 100 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
105		-t ip -d 1msec -q &
106	mz_pid=$!
107
108	RET=0
109
110	devlink_trap_drop_test ingress_flow_action_drop $swp2 101
111
112	log_test "ingress_flow_action_drop"
113
114	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower
115
116	devlink_trap_drop_cleanup $mz_pid $swp2 ip 1 101
117}
118
119egress_flow_action_drop_test()
120{
121	local mz_pid
122
123	tc filter add dev $swp2 egress protocol ip pref 2 handle 102 \
124		flower src_mac $h1mac action pass
125
126	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
127		flower dst_ip 192.0.2.2 action drop
128
129	$MZ $h1 -c 0 -p 100 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
130		-t ip -d 1msec -q &
131	mz_pid=$!
132
133	RET=0
134
135	devlink_trap_drop_test egress_flow_action_drop $swp2 102
136
137	log_test "egress_flow_action_drop"
138
139	tc filter del dev $swp2 egress protocol ip pref 1 handle 101 flower
140
141	devlink_trap_drop_cleanup $mz_pid $swp2 ip 2 102
142}
143
144trap cleanup EXIT
145
146setup_prepare
147setup_wait
148
149tests_run
150
151exit $EXIT_STATUS
152