1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4# This test sends traffic from H1 to H2. Either on ingress of $swp1, or on 5# egress of $swp2, the traffic is acted upon by a pedit action. An ingress 6# filter installed on $h2 verifies that the packet looks like expected. 7# 8# +----------------------+ +----------------------+ 9# | H1 | | H2 | 10# | + $h1 | | $h2 + | 11# | | 192.0.2.1/28 | | 192.0.2.2/28 | | 12# +----|-----------------+ +----------------|-----+ 13# | | 14# +----|----------------------------------------------------------------|-----+ 15# | SW | | | 16# | +-|----------------------------------------------------------------|-+ | 17# | | + $swp1 BR $swp2 + | | 18# | +--------------------------------------------------------------------+ | 19# +---------------------------------------------------------------------------+ 20 21ALL_TESTS=" 22 ping_ipv4 23 ping_ipv6 24 test_ip4_src 25 test_ip4_dst 26 test_ip6_src 27 test_ip6_dst 28" 29 30NUM_NETIFS=4 31source lib.sh 32source tc_common.sh 33 34h1_create() 35{ 36 simple_if_init $h1 192.0.2.1/28 2001:db8:1::1/64 37} 38 39h1_destroy() 40{ 41 simple_if_fini $h1 192.0.2.1/28 2001:db8:1::1/64 42} 43 44h2_create() 45{ 46 simple_if_init $h2 192.0.2.2/28 2001:db8:1::2/64 47 tc qdisc add dev $h2 clsact 48} 49 50h2_destroy() 51{ 52 tc qdisc del dev $h2 clsact 53 simple_if_fini $h2 192.0.2.2/28 2001:db8:1::2/64 54} 55 56switch_create() 57{ 58 ip link add name br1 up type bridge vlan_filtering 1 59 ip link set dev $swp1 master br1 60 ip link set dev $swp1 up 61 ip link set dev $swp2 master br1 62 ip link set dev $swp2 up 63 64 tc qdisc add dev $swp1 clsact 65 tc qdisc add dev $swp2 clsact 66} 67 68switch_destroy() 69{ 70 tc qdisc del dev $swp2 clsact 71 tc qdisc del dev $swp1 clsact 72 73 ip link set dev $swp2 down 74 ip link set dev $swp2 nomaster 75 ip link set dev $swp1 down 76 ip link set dev $swp1 nomaster 77 ip link del dev br1 78} 79 80setup_prepare() 81{ 82 h1=${NETIFS[p1]} 83 swp1=${NETIFS[p2]} 84 85 swp2=${NETIFS[p3]} 86 h2=${NETIFS[p4]} 87 88 h2mac=$(mac_get $h2) 89 90 vrf_prepare 91 h1_create 92 h2_create 93 switch_create 94 95 if [ -f /proc/sys/net/bridge/bridge-nf-call-iptables ]; then 96 sysctl_set net.bridge.bridge-nf-call-iptables 0 97 fi 98} 99 100cleanup() 101{ 102 pre_cleanup 103 104 if [ -f /proc/sys/net/bridge/bridge-nf-call-iptables ]; then 105 sysctl_restore net.bridge.bridge-nf-call-iptables 106 fi 107 108 switch_destroy 109 h2_destroy 110 h1_destroy 111 vrf_cleanup 112} 113 114ping_ipv4() 115{ 116 ping_test $h1 192.0.2.2 117} 118 119ping_ipv6() 120{ 121 ping6_test $h1 2001:db8:1::2 122} 123 124do_test_pedit_ip() 125{ 126 local pedit_locus=$1; shift 127 local pedit_action=$1; shift 128 local match_prot=$1; shift 129 local match_flower=$1; shift 130 local mz_flags=$1; shift 131 132 tc filter add $pedit_locus handle 101 pref 1 \ 133 flower action pedit ex munge $pedit_action 134 tc filter add dev $h2 ingress handle 101 pref 1 prot $match_prot \ 135 flower skip_hw $match_flower action pass 136 137 RET=0 138 139 $MZ $mz_flags $h1 -c 10 -d 20msec -p 100 -a own -b $h2mac -q -t ip 140 141 local pkts 142 pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \ 143 tc_rule_handle_stats_get "dev $h2 ingress" 101) 144 check_err $? "Expected to get 10 packets, but got $pkts." 145 146 pkts=$(tc_rule_handle_stats_get "$pedit_locus" 101) 147 ((pkts >= 10)) 148 check_err $? "Expected to get 10 packets on pedit rule, but got $pkts." 149 150 log_test "$pedit_locus pedit $pedit_action" 151 152 tc filter del dev $h2 ingress pref 1 153 tc filter del $pedit_locus pref 1 154} 155 156do_test_pedit_ip6() 157{ 158 local locus=$1; shift 159 local pedit_addr=$1; shift 160 local flower_addr=$1; shift 161 162 do_test_pedit_ip "$locus" "$pedit_addr set 2001:db8:2::1" ipv6 \ 163 "$flower_addr 2001:db8:2::1" \ 164 "-6 -A 2001:db8:1::1 -B 2001:db8:1::2" 165} 166 167do_test_pedit_ip4() 168{ 169 local locus=$1; shift 170 local pedit_addr=$1; shift 171 local flower_addr=$1; shift 172 173 do_test_pedit_ip "$locus" "$pedit_addr set 198.51.100.1" ip \ 174 "$flower_addr 198.51.100.1" \ 175 "-A 192.0.2.1 -B 192.0.2.2" 176} 177 178test_ip4_src() 179{ 180 do_test_pedit_ip4 "dev $swp1 ingress" "ip src" src_ip 181 do_test_pedit_ip4 "dev $swp2 egress" "ip src" src_ip 182} 183 184test_ip4_dst() 185{ 186 do_test_pedit_ip4 "dev $swp1 ingress" "ip dst" dst_ip 187 do_test_pedit_ip4 "dev $swp2 egress" "ip dst" dst_ip 188} 189 190test_ip6_src() 191{ 192 do_test_pedit_ip6 "dev $swp1 ingress" "ip6 src" src_ip 193 do_test_pedit_ip6 "dev $swp2 egress" "ip6 src" src_ip 194} 195 196test_ip6_dst() 197{ 198 do_test_pedit_ip6 "dev $swp1 ingress" "ip6 dst" dst_ip 199 do_test_pedit_ip6 "dev $swp2 egress" "ip6 dst" dst_ip 200} 201 202trap cleanup EXIT 203 204setup_prepare 205setup_wait 206 207tests_run 208 209exit $EXIT_STATUS 210