Back to home page

OSCL-LXR
 
 

     

0001 #!/bin/bash
0002 # SPDX-License-Identifier: GPL-2.0
0003 #
0004 # Test devlink-trap L2 drops functionality over mlxsw. Each registered L2 drop
0005 # packet trap is tested to make sure it is triggered under the right
0006 # conditions.
0007 
0008 lib_dir=$(dirname $0)/../../../net/forwarding
0009 
0010 ALL_TESTS="
0011         source_mac_is_multicast_test
0012         vlan_tag_mismatch_test
0013         ingress_vlan_filter_test
0014         ingress_stp_filter_test
0015         port_list_is_empty_test
0016         port_loopback_filter_test
0017 "
0018 NUM_NETIFS=4
0019 source $lib_dir/tc_common.sh
0020 source $lib_dir/lib.sh
0021 source $lib_dir/devlink_lib.sh
0022 
0023 h1_create()
0024 {
0025         simple_if_init $h1
0026 }
0027 
0028 h1_destroy()
0029 {
0030         simple_if_fini $h1
0031 }
0032 
0033 h2_create()
0034 {
0035         simple_if_init $h2
0036 }
0037 
0038 h2_destroy()
0039 {
0040         simple_if_fini $h2
0041 }
0042 
0043 switch_create()
0044 {
0045         ip link add dev br0 type bridge vlan_filtering 1 mcast_snooping 0
0046 
0047         ip link set dev $swp1 master br0
0048         ip link set dev $swp2 master br0
0049 
0050         ip link set dev br0 up
0051         ip link set dev $swp1 up
0052         ip link set dev $swp2 up
0053 
0054         tc qdisc add dev $swp2 clsact
0055 }
0056 
0057 switch_destroy()
0058 {
0059         tc qdisc del dev $swp2 clsact
0060 
0061         ip link set dev $swp2 down
0062         ip link set dev $swp1 down
0063 
0064         ip link del dev br0
0065 }
0066 
0067 setup_prepare()
0068 {
0069         h1=${NETIFS[p1]}
0070         swp1=${NETIFS[p2]}
0071 
0072         swp2=${NETIFS[p3]}
0073         h2=${NETIFS[p4]}
0074 
0075         vrf_prepare
0076 
0077         h1_create
0078         h2_create
0079 
0080         switch_create
0081 }
0082 
0083 cleanup()
0084 {
0085         pre_cleanup
0086 
0087         switch_destroy
0088 
0089         h2_destroy
0090         h1_destroy
0091 
0092         vrf_cleanup
0093 }
0094 
0095 source_mac_is_multicast_test()
0096 {
0097         local trap_name="source_mac_is_multicast"
0098         local smac=01:02:03:04:05:06
0099         local mz_pid
0100 
0101         tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
0102                 flower src_mac $smac action drop
0103 
0104         $MZ $h1 -c 0 -p 100 -a $smac -b bcast -t ip -d 1msec -q &
0105         mz_pid=$!
0106 
0107         RET=0
0108 
0109         devlink_trap_drop_test $trap_name $swp2 101
0110 
0111         log_test "Source MAC is multicast"
0112 
0113         devlink_trap_drop_cleanup $mz_pid $swp2 ip 1 101
0114 }
0115 
0116 __vlan_tag_mismatch_test()
0117 {
0118         local trap_name="vlan_tag_mismatch"
0119         local dmac=de:ad:be:ef:13:37
0120         local opt=$1; shift
0121         local mz_pid
0122 
0123         # Remove PVID flag. This should prevent untagged and prio-tagged
0124         # packets from entering the bridge.
0125         bridge vlan add vid 1 dev $swp1 untagged master
0126 
0127         tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
0128                 flower dst_mac $dmac action drop
0129 
0130         $MZ $h1 "$opt" -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
0131         mz_pid=$!
0132 
0133         devlink_trap_drop_test $trap_name $swp2 101
0134 
0135         # Add PVID and make sure packets are no longer dropped.
0136         bridge vlan add vid 1 dev $swp1 pvid untagged master
0137         devlink_trap_action_set $trap_name "trap"
0138 
0139         devlink_trap_stats_idle_test $trap_name
0140         check_err $? "Trap stats not idle when packets should not be dropped"
0141         devlink_trap_group_stats_idle_test $(devlink_trap_group_get $trap_name)
0142         check_err $? "Trap group stats not idle with when packets should not be dropped"
0143 
0144         tc_check_packets "dev $swp2 egress" 101 0
0145         check_fail $? "Packets not forwarded when should"
0146 
0147         devlink_trap_action_set $trap_name "drop"
0148 
0149         devlink_trap_drop_cleanup $mz_pid $swp2 ip 1 101
0150 }
0151 
0152 vlan_tag_mismatch_untagged_test()
0153 {
0154         RET=0
0155 
0156         __vlan_tag_mismatch_test
0157 
0158         log_test "VLAN tag mismatch - untagged packets"
0159 }
0160 
0161 vlan_tag_mismatch_vid_0_test()
0162 {
0163         RET=0
0164 
0165         __vlan_tag_mismatch_test "-Q 0"
0166 
0167         log_test "VLAN tag mismatch - prio-tagged packets"
0168 }
0169 
0170 vlan_tag_mismatch_test()
0171 {
0172         vlan_tag_mismatch_untagged_test
0173         vlan_tag_mismatch_vid_0_test
0174 }
0175 
0176 ingress_vlan_filter_test()
0177 {
0178         local trap_name="ingress_vlan_filter"
0179         local dmac=de:ad:be:ef:13:37
0180         local mz_pid
0181         local vid=10
0182 
0183         bridge vlan add vid $vid dev $swp2 master
0184 
0185         RET=0
0186 
0187         tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
0188                 flower dst_mac $dmac action drop
0189 
0190         $MZ $h1 -Q $vid -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
0191         mz_pid=$!
0192 
0193         devlink_trap_drop_test $trap_name $swp2 101
0194 
0195         # Add the VLAN on the bridge port and make sure packets are no longer
0196         # dropped.
0197         bridge vlan add vid $vid dev $swp1 master
0198         devlink_trap_action_set $trap_name "trap"
0199 
0200         devlink_trap_stats_idle_test $trap_name
0201         check_err $? "Trap stats not idle when packets should not be dropped"
0202         devlink_trap_group_stats_idle_test $(devlink_trap_group_get $trap_name)
0203         check_err $? "Trap group stats not idle with when packets should not be dropped"
0204 
0205         tc_check_packets "dev $swp2 egress" 101 0
0206         check_fail $? "Packets not forwarded when should"
0207 
0208         devlink_trap_action_set $trap_name "drop"
0209 
0210         log_test "Ingress VLAN filter"
0211 
0212         devlink_trap_drop_cleanup $mz_pid $swp2 ip 1 101
0213 
0214         bridge vlan del vid $vid dev $swp1 master
0215         bridge vlan del vid $vid dev $swp2 master
0216 }
0217 
0218 __ingress_stp_filter_test()
0219 {
0220         local trap_name="ingress_spanning_tree_filter"
0221         local dmac=de:ad:be:ef:13:37
0222         local state=$1; shift
0223         local mz_pid
0224         local vid=20
0225 
0226         bridge vlan add vid $vid dev $swp2 master
0227         bridge vlan add vid $vid dev $swp1 master
0228         ip link set dev $swp1 type bridge_slave state $state
0229 
0230         tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
0231                 flower dst_mac $dmac action drop
0232 
0233         $MZ $h1 -Q $vid -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
0234         mz_pid=$!
0235 
0236         devlink_trap_drop_test $trap_name $swp2 101
0237 
0238         # Change STP state to forwarding and make sure packets are no longer
0239         # dropped.
0240         ip link set dev $swp1 type bridge_slave state 3
0241         devlink_trap_action_set $trap_name "trap"
0242 
0243         devlink_trap_stats_idle_test $trap_name
0244         check_err $? "Trap stats not idle when packets should not be dropped"
0245         devlink_trap_group_stats_idle_test $(devlink_trap_group_get $trap_name)
0246         check_err $? "Trap group stats not idle with when packets should not be dropped"
0247 
0248         tc_check_packets "dev $swp2 egress" 101 0
0249         check_fail $? "Packets not forwarded when should"
0250 
0251         devlink_trap_action_set $trap_name "drop"
0252 
0253         devlink_trap_drop_cleanup $mz_pid $swp2 ip 1 101
0254 
0255         bridge vlan del vid $vid dev $swp1 master
0256         bridge vlan del vid $vid dev $swp2 master
0257 }
0258 
0259 ingress_stp_filter_listening_test()
0260 {
0261         local state=$1; shift
0262 
0263         RET=0
0264 
0265         __ingress_stp_filter_test $state
0266 
0267         log_test "Ingress STP filter - listening state"
0268 }
0269 
0270 ingress_stp_filter_learning_test()
0271 {
0272         local state=$1; shift
0273 
0274         RET=0
0275 
0276         __ingress_stp_filter_test $state
0277 
0278         log_test "Ingress STP filter - learning state"
0279 }
0280 
0281 ingress_stp_filter_test()
0282 {
0283         ingress_stp_filter_listening_test 1
0284         ingress_stp_filter_learning_test 2
0285 }
0286 
0287 port_list_is_empty_uc_test()
0288 {
0289         local trap_name="port_list_is_empty"
0290         local dmac=de:ad:be:ef:13:37
0291         local mz_pid
0292 
0293         # Disable unicast flooding on both ports, so that packets cannot egress
0294         # any port.
0295         ip link set dev $swp1 type bridge_slave flood off
0296         ip link set dev $swp2 type bridge_slave flood off
0297 
0298         RET=0
0299 
0300         tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
0301                 flower dst_mac $dmac action drop
0302 
0303         $MZ $h1 -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
0304         mz_pid=$!
0305 
0306         devlink_trap_drop_test $trap_name $swp2 101
0307 
0308         # Allow packets to be flooded to one port.
0309         ip link set dev $swp2 type bridge_slave flood on
0310         devlink_trap_action_set $trap_name "trap"
0311 
0312         devlink_trap_stats_idle_test $trap_name
0313         check_err $? "Trap stats not idle when packets should not be dropped"
0314         devlink_trap_group_stats_idle_test $(devlink_trap_group_get $trap_name)
0315         check_err $? "Trap group stats not idle with when packets should not be dropped"
0316 
0317         tc_check_packets "dev $swp2 egress" 101 0
0318         check_fail $? "Packets not forwarded when should"
0319 
0320         devlink_trap_action_set $trap_name "drop"
0321 
0322         log_test "Port list is empty - unicast"
0323 
0324         devlink_trap_drop_cleanup $mz_pid $swp2 ip 1 101
0325 
0326         ip link set dev $swp1 type bridge_slave flood on
0327 }
0328 
0329 port_list_is_empty_mc_test()
0330 {
0331         local trap_name="port_list_is_empty"
0332         local dmac=01:00:5e:00:00:01
0333         local dip=239.0.0.1
0334         local mz_pid
0335 
0336         # Disable multicast flooding on both ports, so that packets cannot
0337         # egress any port. We also need to flush IP addresses from the bridge
0338         # in order to prevent packets from being flooded to the router port.
0339         ip link set dev $swp1 type bridge_slave mcast_flood off
0340         ip link set dev $swp2 type bridge_slave mcast_flood off
0341         ip address flush dev br0
0342 
0343         RET=0
0344 
0345         tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
0346                 flower dst_mac $dmac action drop
0347 
0348         $MZ $h1 -c 0 -p 100 -a own -b $dmac -t ip -B $dip -d 1msec -q &
0349         mz_pid=$!
0350 
0351         devlink_trap_drop_test $trap_name $swp2 101
0352 
0353         # Allow packets to be flooded to one port.
0354         ip link set dev $swp2 type bridge_slave mcast_flood on
0355         devlink_trap_action_set $trap_name "trap"
0356 
0357         devlink_trap_stats_idle_test $trap_name
0358         check_err $? "Trap stats not idle when packets should not be dropped"
0359         devlink_trap_group_stats_idle_test $(devlink_trap_group_get $trap_name)
0360         check_err $? "Trap group stats not idle with when packets should not be dropped"
0361 
0362         tc_check_packets "dev $swp2 egress" 101 0
0363         check_fail $? "Packets not forwarded when should"
0364 
0365         devlink_trap_action_set $trap_name "drop"
0366 
0367         log_test "Port list is empty - multicast"
0368 
0369         devlink_trap_drop_cleanup $mz_pid $swp2 ip 1 101
0370 
0371         ip link set dev $swp1 type bridge_slave mcast_flood on
0372 }
0373 
0374 port_list_is_empty_test()
0375 {
0376         port_list_is_empty_uc_test
0377         port_list_is_empty_mc_test
0378 }
0379 
0380 port_loopback_filter_uc_test()
0381 {
0382         local trap_name="port_loopback_filter"
0383         local dmac=de:ad:be:ef:13:37
0384         local mz_pid
0385 
0386         # Make sure packets can only egress the input port.
0387         ip link set dev $swp2 type bridge_slave flood off
0388 
0389         RET=0
0390 
0391         tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
0392                 flower dst_mac $dmac action drop
0393 
0394         $MZ $h1 -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
0395         mz_pid=$!
0396 
0397         devlink_trap_drop_test $trap_name $swp2 101
0398 
0399         # Allow packets to be flooded.
0400         ip link set dev $swp2 type bridge_slave flood on
0401         devlink_trap_action_set $trap_name "trap"
0402 
0403         devlink_trap_stats_idle_test $trap_name
0404         check_err $? "Trap stats not idle when packets should not be dropped"
0405         devlink_trap_group_stats_idle_test $(devlink_trap_group_get $trap_name)
0406         check_err $? "Trap group stats not idle with when packets should not be dropped"
0407 
0408         tc_check_packets "dev $swp2 egress" 101 0
0409         check_fail $? "Packets not forwarded when should"
0410 
0411         devlink_trap_action_set $trap_name "drop"
0412 
0413         log_test "Port loopback filter - unicast"
0414 
0415         devlink_trap_drop_cleanup $mz_pid $swp2 ip 1 101
0416 }
0417 
0418 port_loopback_filter_test()
0419 {
0420         port_loopback_filter_uc_test
0421 }
0422 
0423 trap cleanup EXIT
0424 
0425 setup_prepare
0426 setup_wait
0427 
0428 tests_run
0429 
0430 exit $EXIT_STATUS
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!