xref: /linux/tools/testing/selftests/drivers/net/mlxsw/devlink_trap_tunnel_vxlan_ipv6.sh (revision 03ab8e6297acd1bc0eedaa050e2a1635c576fd11) 
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Test devlink-trap tunnel drops and exceptions functionality over mlxsw.
5# Check all traps to make sure they are triggered under the right
6# conditions.
7
8# +------------------------+
9# | H1 (vrf)               |
10# |    + $h1               |
11# |    | 2001:db8:1::1/64  |
12# +----|-------------------+
13#      |
14# +----|----------------------------------------------------------------------+
15# | SW |                                                                      |
16# | +--|--------------------------------------------------------------------+ |
17# | |  + $swp1                   BR1 (802.1d)                               | |
18# | |                                                                       | |
19# | |  + vx1 (vxlan)                                                        | |
20# | |    local 2001:db8:3::1                                                | |
21# | |    id 1000 dstport $VXPORT                                            | |
22# | +-----------------------------------------------------------------------+ |
23# |                                                                           |
24# |    + $rp1                                                                 |
25# |    | 2001:db8:3::1/64                                                     |
26# +----|----------------------------------------------------------------------+
27#      |
28# +----|--------------------------------------------------------+
29# |    |                                             VRF2       |
30# |    + $rp2                                                   |
31# |      2001:db8:3::2/64                                       |
32# |                                                             |
33# +-------------------------------------------------------------+
34
35lib_dir=$(dirname $0)/../../../net/forwarding
36
37ALL_TESTS="
38	decap_error_test
39	overlay_smac_is_mc_test
40"
41
42NUM_NETIFS=4
43source $lib_dir/lib.sh
44source $lib_dir/tc_common.sh
45source $lib_dir/devlink_lib.sh
46
47: ${VXPORT:=4789}
48export VXPORT
49
50h1_create()
51{
52	simple_if_init $h1 2001:db8:1::1/64
53}
54
55h1_destroy()
56{
57	simple_if_fini $h1 2001:db8:1::1/64
58}
59
60switch_create()
61{
62	ip link add name br1 type bridge vlan_filtering 0 mcast_snooping 0
63	# Make sure the bridge uses the MAC address of the local port and not
64	# that of the VxLAN's device.
65	ip link set dev br1 address $(mac_get $swp1)
66	ip link set dev br1 up
67
68	tc qdisc add dev $swp1 clsact
69	ip link set dev $swp1 master br1
70	ip link set dev $swp1 up
71
72	ip link add name vx1 type vxlan id 1000 local 2001:db8:3::1 \
73		dstport "$VXPORT" nolearning udp6zerocsumrx udp6zerocsumtx \
74		tos inherit ttl 100
75	ip link set dev vx1 master br1
76	ip link set dev vx1 up
77
78	ip link set dev $rp1 up
79	ip address add dev $rp1 2001:db8:3::1/64
80}
81
82switch_destroy()
83{
84	ip address del dev $rp1 2001:db8:3::1/64
85	ip link set dev $rp1 down
86
87	ip link set dev vx1 down
88	ip link set dev vx1 nomaster
89	ip link del dev vx1
90
91	ip link set dev $swp1 down
92	ip link set dev $swp1 nomaster
93	tc qdisc del dev $swp1 clsact
94
95	ip link set dev br1 down
96	ip link del dev br1
97}
98
99vrf2_create()
100{
101	simple_if_init $rp2 2001:db8:3::2/64
102}
103
104vrf2_destroy()
105{
106	simple_if_fini $rp2 2001:db8:3::2/64
107}
108
109setup_prepare()
110{
111	h1=${NETIFS[p1]}
112	swp1=${NETIFS[p2]}
113
114	rp1=${NETIFS[p3]}
115	rp2=${NETIFS[p4]}
116
117	vrf_prepare
118	forwarding_enable
119	h1_create
120	switch_create
121	vrf2_create
122}
123
124cleanup()
125{
126	pre_cleanup
127
128	vrf2_destroy
129	switch_destroy
130	h1_destroy
131	forwarding_restore
132	vrf_cleanup
133}
134
135ecn_payload_get()
136{
137	local dest_mac=$(mac_get $h1)
138	local saddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:03"
139	local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01"
140	p=$(:
141		)"08:"$(                      : VXLAN flags
142		)"00:00:00:"$(                : VXLAN reserved
143		)"00:03:e8:"$(                : VXLAN VNI : 1000
144		)"00:"$(                      : VXLAN reserved
145		)"$dest_mac:"$(               : ETH daddr
146		)"00:00:00:00:00:00:"$(       : ETH saddr
147		)"86:dd:"$(                   : ETH type
148		)"6"$(                        : IP version
149		)"0:0"$(		      : Traffic class
150		)"0:00:00:"$(                 : Flow label
151		)"00:08:"$(                   : Payload length
152		)"3a:"$(                      : Next header
153		)"04:"$(                      : Hop limit
154		)"$saddr:"$(                  : IP saddr
155		)"$daddr:"$(		      : IP daddr
156		)"80:"$(                      : ICMPv6.type
157		)"00:"$(                      : ICMPv6.code
158		)"00:"$(                      : ICMPv6.checksum
159		)
160	echo $p
161}
162
163ecn_decap_test()
164{
165	local trap_name="decap_error"
166	local desc=$1; shift
167	local ecn_desc=$1; shift
168	local outer_tos=$1; shift
169	local mz_pid
170
171	RET=0
172
173	tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \
174		flower src_ip 2001:db8:1::3 dst_ip 2001:db8:1::1 action pass
175
176	rp1_mac=$(mac_get $rp1)
177	payload=$(ecn_payload_get)
178
179	ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -b $rp1_mac \
180		-B 2001:db8:3::1 -t udp \
181		sp=12345,dp=$VXPORT,tos=$outer_tos,p=$payload -q &
182	mz_pid=$!
183
184	devlink_trap_exception_test $trap_name
185
186	tc_check_packets "dev $swp1 egress" 101 0
187	check_err $? "Packets were not dropped"
188
189	log_test "$desc: Inner ECN is not ECT and outer is $ecn_desc"
190
191	kill $mz_pid && wait $mz_pid &> /dev/null
192	tc filter del dev $swp1 egress protocol ipv6 pref 1 handle 101 flower
193}
194
195reserved_bits_payload_get()
196{
197	local dest_mac=$(mac_get $h1)
198	local saddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:03"
199	local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01"
200	p=$(:
201		)"08:"$(                      : VXLAN flags
202		)"01:00:00:"$(                : VXLAN reserved
203		)"00:03:e8:"$(                : VXLAN VNI : 1000
204		)"00:"$(                      : VXLAN reserved
205		)"$dest_mac:"$(               : ETH daddr
206		)"00:00:00:00:00:00:"$(       : ETH saddr
207		)"86:dd:"$(                   : ETH type
208		)"6"$(                        : IP version
209		)"0:0"$(		      : Traffic class
210		)"0:00:00:"$(                 : Flow label
211		)"00:08:"$(                   : Payload length
212		)"3a:"$(                      : Next header
213		)"04:"$(                      : Hop limit
214		)"$saddr:"$(                  : IP saddr
215		)"$daddr:"$(		      : IP daddr
216		)"80:"$(                      : ICMPv6.type
217		)"00:"$(                      : ICMPv6.code
218		)"00:"$(                      : ICMPv6.checksum
219		)
220	echo $p
221}
222
223short_payload_get()
224{
225        dest_mac=$(mac_get $h1)
226        p=$(:
227		)"08:"$(                      : VXLAN flags
228		)"00:00:00:"$(                : VXLAN reserved
229		)"00:03:e8:"$(                : VXLAN VNI : 1000
230		)"00:"$(                      : VXLAN reserved
231		)"$dest_mac:"$(               : ETH daddr
232		)"00:00:00:00:00:00:"$(       : ETH saddr
233		)
234        echo $p
235}
236
237corrupted_packet_test()
238{
239	local trap_name="decap_error"
240	local desc=$1; shift
241	local payload_get=$1; shift
242	local mz_pid
243
244	RET=0
245
246	# In case of too short packet, there is no any inner packet,
247	# so the matching will always succeed
248	tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \
249		flower skip_hw src_ip 2001:db8:3::1 dst_ip 2001:db8:1::1 \
250		action pass
251
252	rp1_mac=$(mac_get $rp1)
253	payload=$($payload_get)
254	ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -b $rp1_mac \
255		-B 2001:db8:3::1 -t udp sp=12345,dp=$VXPORT,p=$payload -q &
256	mz_pid=$!
257
258	devlink_trap_exception_test $trap_name
259
260	tc_check_packets "dev $swp1 egress" 101 0
261	check_err $? "Packets were not dropped"
262
263	log_test "$desc"
264
265	kill $mz_pid && wait $mz_pid &> /dev/null
266	tc filter del dev $swp1 egress protocol ipv6 pref 1 handle 101 flower
267}
268
269decap_error_test()
270{
271	ecn_decap_test "Decap error" "ECT(1)" 01
272	ecn_decap_test "Decap error" "ECT(0)" 02
273	ecn_decap_test "Decap error" "CE" 03
274
275	corrupted_packet_test "Decap error: Reserved bits in use" \
276		"reserved_bits_payload_get"
277	corrupted_packet_test "Decap error: Too short inner packet" \
278		"short_payload_get"
279}
280
281mc_smac_payload_get()
282{
283	local dest_mac=$(mac_get $h1)
284	local source_mac="01:02:03:04:05:06"
285	local saddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:03"
286	local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01"
287	p=$(:
288		)"08:"$(                      : VXLAN flags
289		)"00:00:00:"$(                : VXLAN reserved
290		)"00:03:e8:"$(                : VXLAN VNI : 1000
291		)"00:"$(                      : VXLAN reserved
292		)"$dest_mac:"$(               : ETH daddr
293		)"$source_mac:"$(	      : ETH saddr
294		)"86:dd:"$(                   : ETH type
295		)"6"$(                        : IP version
296		)"0:0"$(		      : Traffic class
297		)"0:00:00:"$(                 : Flow label
298		)"00:08:"$(                   : Payload length
299		)"3a:"$(                      : Next header
300		)"04:"$(                      : Hop limit
301		)"$saddr:"$(                  : IP saddr
302		)"$daddr:"$(		      : IP daddr
303		)"80:"$(                      : ICMPv6.type
304		)"00:"$(                      : ICMPv6.code
305		)"00:"$(                      : ICMPv6.checksum
306		)
307	echo $p
308}
309
310overlay_smac_is_mc_test()
311{
312	local trap_name="overlay_smac_is_mc"
313	local mz_pid
314
315	RET=0
316
317	# The matching will be checked on devlink_trap_drop_test()
318	# and the filter will be removed on devlink_trap_drop_cleanup()
319	tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \
320		flower src_mac 01:02:03:04:05:06 action pass
321
322	rp1_mac=$(mac_get $rp1)
323	payload=$(mc_smac_payload_get)
324
325	ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -b $rp1_mac \
326		-B 2001:db8:3::1 -t udp sp=12345,dp=$VXPORT,p=$payload -q &
327	mz_pid=$!
328
329	devlink_trap_drop_test $trap_name $swp1 101
330
331	log_test "Overlay source MAC is multicast"
332
333	devlink_trap_drop_cleanup $mz_pid $swp1 "ipv6" 1 101
334}
335
336trap cleanup EXIT
337
338setup_prepare
339setup_wait
340tests_run
341
342exit $EXIT_STATUS
343