0001
0002
0003
0004 ALL_TESTS="unreachable_chain_test gact_goto_chain_test create_destroy_chain \
0005 template_filter_fits"
0006 NUM_NETIFS=2
0007 source tc_common.sh
0008 source lib.sh
0009
0010 tcflags="skip_hw"
0011
0012 h1_create()
0013 {
0014 simple_if_init $h1 192.0.2.1/24
0015 }
0016
0017 h1_destroy()
0018 {
0019 simple_if_fini $h1 192.0.2.1/24
0020 }
0021
0022 h2_create()
0023 {
0024 simple_if_init $h2 192.0.2.2/24
0025 tc qdisc add dev $h2 clsact
0026 }
0027
0028 h2_destroy()
0029 {
0030 tc qdisc del dev $h2 clsact
0031 simple_if_fini $h2 192.0.2.2/24
0032 }
0033
0034 unreachable_chain_test()
0035 {
0036 RET=0
0037
0038 tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \
0039 flower $tcflags dst_mac $h2mac action drop
0040
0041 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
0042 -t ip -q
0043
0044 tc_check_packets "dev $h2 ingress" 1101 1
0045 check_fail $? "matched on filter in unreachable chain"
0046
0047 tc filter del dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \
0048 flower
0049
0050 log_test "unreachable chain ($tcflags)"
0051 }
0052
0053 gact_goto_chain_test()
0054 {
0055 RET=0
0056
0057 tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \
0058 flower $tcflags dst_mac $h2mac action drop
0059 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
0060 $tcflags dst_mac $h2mac action drop
0061 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
0062 $tcflags dst_mac $h2mac action goto chain 1
0063
0064 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
0065 -t ip -q
0066
0067 tc_check_packets "dev $h2 ingress" 102 1
0068 check_fail $? "Matched on a wrong filter"
0069
0070 tc_check_packets "dev $h2 ingress" 101 1
0071 check_err $? "Did not match on correct filter with goto chain action"
0072
0073 tc_check_packets "dev $h2 ingress" 1101 1
0074 check_err $? "Did not match on correct filter in chain 1"
0075
0076 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
0077 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
0078 tc filter del dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \
0079 flower
0080
0081 log_test "gact goto chain ($tcflags)"
0082 }
0083
0084 create_destroy_chain()
0085 {
0086 RET=0
0087
0088 tc chain add dev $h2 ingress
0089 check_err $? "Failed to create default chain"
0090
0091 output="$(tc -j chain get dev $h2 ingress)"
0092 check_err $? "Failed to get default chain"
0093
0094 echo $output | jq -e ".[] | select(.chain == 0)" &> /dev/null
0095 check_err $? "Unexpected output for default chain"
0096
0097 tc chain add dev $h2 ingress chain 1
0098 check_err $? "Failed to create chain 1"
0099
0100 output="$(tc -j chain get dev $h2 ingress chain 1)"
0101 check_err $? "Failed to get chain 1"
0102
0103 echo $output | jq -e ".[] | select(.chain == 1)" &> /dev/null
0104 check_err $? "Unexpected output for chain 1"
0105
0106 output="$(tc -j chain show dev $h2 ingress)"
0107 check_err $? "Failed to dump chains"
0108
0109 echo $output | jq -e ".[] | select(.chain == 0)" &> /dev/null
0110 check_err $? "Can't find default chain in dump"
0111
0112 echo $output | jq -e ".[] | select(.chain == 1)" &> /dev/null
0113 check_err $? "Can't find chain 1 in dump"
0114
0115 tc chain del dev $h2 ingress
0116 check_err $? "Failed to destroy default chain"
0117
0118 tc chain del dev $h2 ingress chain 1
0119 check_err $? "Failed to destroy chain 1"
0120
0121 log_test "create destroy chain"
0122 }
0123
0124 template_filter_fits()
0125 {
0126 RET=0
0127
0128 tc chain add dev $h2 ingress protocol ip \
0129 flower dst_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF &> /dev/null
0130 tc chain add dev $h2 ingress chain 1 protocol ip \
0131 flower src_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF &> /dev/null
0132
0133 tc filter add dev $h2 ingress protocol ip pref 1 handle 1101 \
0134 flower dst_mac $h2mac action drop
0135 check_err $? "Failed to insert filter which fits template"
0136
0137 tc filter add dev $h2 ingress protocol ip pref 1 handle 1102 \
0138 flower src_mac $h2mac action drop &> /dev/null
0139 check_fail $? "Incorrectly succeeded to insert filter which does not template"
0140
0141 tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \
0142 flower src_mac $h2mac action drop
0143 check_err $? "Failed to insert filter which fits template"
0144
0145 tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1102 \
0146 flower dst_mac $h2mac action drop &> /dev/null
0147 check_fail $? "Incorrectly succeeded to insert filter which does not template"
0148
0149 tc filter del dev $h2 ingress chain 1 protocol ip pref 1 handle 1102 \
0150 flower &> /dev/null
0151 tc filter del dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \
0152 flower &> /dev/null
0153
0154 tc filter del dev $h2 ingress protocol ip pref 1 handle 1102 \
0155 flower &> /dev/null
0156 tc filter del dev $h2 ingress protocol ip pref 1 handle 1101 \
0157 flower &> /dev/null
0158
0159 tc chain del dev $h2 ingress chain 1
0160 tc chain del dev $h2 ingress
0161
0162 log_test "template filter fits"
0163 }
0164
0165 setup_prepare()
0166 {
0167 h1=${NETIFS[p1]}
0168 h2=${NETIFS[p2]}
0169 h1mac=$(mac_get $h1)
0170 h2mac=$(mac_get $h2)
0171
0172 vrf_prepare
0173
0174 h1_create
0175 h2_create
0176 }
0177
0178 cleanup()
0179 {
0180 pre_cleanup
0181
0182 h2_destroy
0183 h1_destroy
0184
0185 vrf_cleanup
0186 }
0187
0188 check_tc_chain_support
0189
0190 trap cleanup EXIT
0191
0192 setup_prepare
0193 setup_wait
0194
0195 tests_run
0196
0197 tc_offload_check
0198 if [[ $? -ne 0 ]]; then
0199 log_info "Could not test offloaded functionality"
0200 else
0201 tcflags="skip_sw"
0202 tests_run
0203 fi
0204
0205 exit $EXIT_STATUS
