xref: /linux/tools/testing/selftests/net/forwarding/tc_actions.sh (revision 2b64b2ed277ff23e785fbdb65098ee7e1252d64f)
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \
5	mirred_egress_mirror_test gact_trap_test"
6NUM_NETIFS=4
7source tc_common.sh
8source lib.sh
9
10tcflags="skip_hw"
11
12h1_create()
13{
14	simple_if_init $h1 192.0.2.1/24
15}
16
17h1_destroy()
18{
19	simple_if_fini $h1 192.0.2.1/24
20}
21
22h2_create()
23{
24	simple_if_init $h2 192.0.2.2/24
25	tc qdisc add dev $h2 clsact
26}
27
28h2_destroy()
29{
30	tc qdisc del dev $h2 clsact
31	simple_if_fini $h2 192.0.2.2/24
32}
33
34switch_create()
35{
36	simple_if_init $swp1 192.0.2.2/24
37	tc qdisc add dev $swp1 clsact
38
39	simple_if_init $swp2 192.0.2.1/24
40}
41
42switch_destroy()
43{
44	simple_if_fini $swp2 192.0.2.1/24
45
46	tc qdisc del dev $swp1 clsact
47	simple_if_fini $swp1 192.0.2.2/24
48}
49
50mirred_egress_test()
51{
52	local action=$1
53
54	RET=0
55
56	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
57		$tcflags dst_ip 192.0.2.2 action drop
58
59	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
60		-t ip -q
61
62	tc_check_packets "dev $h2 ingress" 101 1
63	check_fail $? "Matched without redirect rule inserted"
64
65	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
66		$tcflags dst_ip 192.0.2.2 action mirred egress $action \
67		dev $swp2
68
69	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
70		-t ip -q
71
72	tc_check_packets "dev $h2 ingress" 101 1
73	check_err $? "Did not match incoming $action packet"
74
75	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower
76	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
77
78	log_test "mirred egress $action ($tcflags)"
79}
80
81gact_drop_and_ok_test()
82{
83	RET=0
84
85	tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
86		$tcflags dst_ip 192.0.2.2 action drop
87
88	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
89		-t ip -q
90
91	tc_check_packets "dev $swp1 ingress" 102 1
92	check_err $? "Packet was not dropped"
93
94	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
95		$tcflags dst_ip 192.0.2.2 action ok
96
97	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
98		-t ip -q
99
100	tc_check_packets "dev $swp1 ingress" 101 1
101	check_err $? "Did not see passed packet"
102
103	tc_check_packets "dev $swp1 ingress" 102 2
104	check_fail $? "Packet was dropped and it should not reach here"
105
106	tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower
107	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower
108
109	log_test "gact drop and ok ($tcflags)"
110}
111
112gact_trap_test()
113{
114	RET=0
115
116	if [[ "$tcflags" != "skip_sw" ]]; then
117		return 0;
118	fi
119
120	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
121		skip_hw dst_ip 192.0.2.2 action drop
122	tc filter add dev $swp1 ingress protocol ip pref 3 handle 103 flower \
123		$tcflags dst_ip 192.0.2.2 action mirred egress redirect \
124		dev $swp2
125
126	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
127		-t ip -q
128
129	tc_check_packets "dev $swp1 ingress" 101 1
130	check_fail $? "Saw packet without trap rule inserted"
131
132	tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
133		$tcflags dst_ip 192.0.2.2 action trap
134
135	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
136		-t ip -q
137
138	tc_check_packets "dev $swp1 ingress" 102 1
139	check_err $? "Packet was not trapped"
140
141	tc_check_packets "dev $swp1 ingress" 101 1
142	check_err $? "Did not see trapped packet"
143
144	tc filter del dev $swp1 ingress protocol ip pref 3 handle 103 flower
145	tc filter del dev $swp1 ingress protocol ip pref 2 handle 102 flower
146	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower
147
148	log_test "trap ($tcflags)"
149}
150
151setup_prepare()
152{
153	h1=${NETIFS[p1]}
154	swp1=${NETIFS[p2]}
155
156	swp2=${NETIFS[p3]}
157	h2=${NETIFS[p4]}
158
159	h1mac=$(mac_get $h1)
160	h2mac=$(mac_get $h2)
161
162	swp1origmac=$(mac_get $swp1)
163	swp2origmac=$(mac_get $swp2)
164	ip link set $swp1 address $h2mac
165	ip link set $swp2 address $h1mac
166
167	vrf_prepare
168
169	h1_create
170	h2_create
171	switch_create
172}
173
174cleanup()
175{
176	pre_cleanup
177
178	switch_destroy
179	h2_destroy
180	h1_destroy
181
182	vrf_cleanup
183
184	ip link set $swp2 address $swp2origmac
185	ip link set $swp1 address $swp1origmac
186}
187
188mirred_egress_redirect_test()
189{
190	mirred_egress_test "redirect"
191}
192
193mirred_egress_mirror_test()
194{
195	mirred_egress_test "mirror"
196}
197
198trap cleanup EXIT
199
200setup_prepare
201setup_wait
202
203tests_run
204
205tc_offload_check
206if [[ $? -ne 0 ]]; then
207	log_info "Could not test offloaded functionality"
208else
209	tcflags="skip_sw"
210	tests_run
211fi
212
213exit $EXIT_STATUS
214