• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4ALL_TESTS="match_dst_mac_test match_src_mac_test match_dst_ip_test \
5	match_src_ip_test match_ip_flags_test match_pcp_test match_vlan_test \
6	match_ip_tos_test match_indev_test match_ip_ttl_test"
7NUM_NETIFS=2
8source tc_common.sh
9source lib.sh
10
11tcflags="skip_hw"
12
13h1_create()
14{
15	simple_if_init $h1 192.0.2.1/24 198.51.100.1/24
16}
17
18h1_destroy()
19{
20	simple_if_fini $h1 192.0.2.1/24 198.51.100.1/24
21}
22
23h2_create()
24{
25	simple_if_init $h2 192.0.2.2/24 198.51.100.2/24
26	tc qdisc add dev $h2 clsact
27}
28
29h2_destroy()
30{
31	tc qdisc del dev $h2 clsact
32	simple_if_fini $h2 192.0.2.2/24 198.51.100.2/24
33}
34
35match_dst_mac_test()
36{
37	local dummy_mac=de:ad:be:ef:aa:aa
38
39	RET=0
40
41	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
42		$tcflags dst_mac $dummy_mac action drop
43	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
44		$tcflags dst_mac $h2mac action drop
45
46	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
47		-t ip -q
48
49	tc_check_packets "dev $h2 ingress" 101 1
50	check_fail $? "Matched on a wrong filter"
51
52	tc_check_packets "dev $h2 ingress" 102 1
53	check_err $? "Did not match on correct filter"
54
55	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
56	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
57
58	log_test "dst_mac match ($tcflags)"
59}
60
61match_src_mac_test()
62{
63	local dummy_mac=de:ad:be:ef:aa:aa
64
65	RET=0
66
67	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
68		$tcflags src_mac $dummy_mac action drop
69	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
70		$tcflags src_mac $h1mac action drop
71
72	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
73		-t ip -q
74
75	tc_check_packets "dev $h2 ingress" 101 1
76	check_fail $? "Matched on a wrong filter"
77
78	tc_check_packets "dev $h2 ingress" 102 1
79	check_err $? "Did not match on correct filter"
80
81	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
82	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
83
84	log_test "src_mac match ($tcflags)"
85}
86
87match_dst_ip_test()
88{
89	RET=0
90
91	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
92		$tcflags dst_ip 198.51.100.2 action drop
93	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
94		$tcflags dst_ip 192.0.2.2 action drop
95	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
96		$tcflags dst_ip 192.0.2.0/24 action drop
97
98	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
99		-t ip -q
100
101	tc_check_packets "dev $h2 ingress" 101 1
102	check_fail $? "Matched on a wrong filter"
103
104	tc_check_packets "dev $h2 ingress" 102 1
105	check_err $? "Did not match on correct filter"
106
107	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
108
109	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
110		-t ip -q
111
112	tc_check_packets "dev $h2 ingress" 103 1
113	check_err $? "Did not match on correct filter with mask"
114
115	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
116	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
117
118	log_test "dst_ip match ($tcflags)"
119}
120
121match_src_ip_test()
122{
123	RET=0
124
125	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
126		$tcflags src_ip 198.51.100.1 action drop
127	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
128		$tcflags src_ip 192.0.2.1 action drop
129	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
130		$tcflags src_ip 192.0.2.0/24 action drop
131
132	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
133		-t ip -q
134
135	tc_check_packets "dev $h2 ingress" 101 1
136	check_fail $? "Matched on a wrong filter"
137
138	tc_check_packets "dev $h2 ingress" 102 1
139	check_err $? "Did not match on correct filter"
140
141	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
142
143	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
144		-t ip -q
145
146	tc_check_packets "dev $h2 ingress" 103 1
147	check_err $? "Did not match on correct filter with mask"
148
149	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
150	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
151
152	log_test "src_ip match ($tcflags)"
153}
154
155match_ip_flags_test()
156{
157	RET=0
158
159	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
160		$tcflags ip_flags frag action continue
161	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
162		$tcflags ip_flags firstfrag action continue
163	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
164		$tcflags ip_flags nofirstfrag action continue
165	tc filter add dev $h2 ingress protocol ip pref 4 handle 104 flower \
166		$tcflags ip_flags nofrag action drop
167
168	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
169		-t ip "frag=0" -q
170
171	tc_check_packets "dev $h2 ingress" 101 1
172	check_fail $? "Matched on wrong frag filter (nofrag)"
173
174	tc_check_packets "dev $h2 ingress" 102 1
175	check_fail $? "Matched on wrong firstfrag filter (nofrag)"
176
177	tc_check_packets "dev $h2 ingress" 103 1
178	check_err $? "Did not match on nofirstfrag filter (nofrag) "
179
180	tc_check_packets "dev $h2 ingress" 104 1
181	check_err $? "Did not match on nofrag filter (nofrag)"
182
183	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
184		-t ip "frag=0,mf" -q
185
186	tc_check_packets "dev $h2 ingress" 101 1
187	check_err $? "Did not match on frag filter (1stfrag)"
188
189	tc_check_packets "dev $h2 ingress" 102 1
190	check_err $? "Did not match fistfrag filter (1stfrag)"
191
192	tc_check_packets "dev $h2 ingress" 103 1
193	check_err $? "Matched on wrong nofirstfrag filter (1stfrag)"
194
195	tc_check_packets "dev $h2 ingress" 104 1
196	check_err $? "Match on wrong nofrag filter (1stfrag)"
197
198	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
199		-t ip "frag=256,mf" -q
200	$MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
201		-t ip "frag=256" -q
202
203	tc_check_packets "dev $h2 ingress" 101 3
204	check_err $? "Did not match on frag filter (no1stfrag)"
205
206	tc_check_packets "dev $h2 ingress" 102 1
207	check_err $? "Matched on wrong firstfrag filter (no1stfrag)"
208
209	tc_check_packets "dev $h2 ingress" 103 3
210	check_err $? "Did not match on nofirstfrag filter (no1stfrag)"
211
212	tc_check_packets "dev $h2 ingress" 104 1
213	check_err $? "Matched on nofrag filter (no1stfrag)"
214
215	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
216	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
217	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
218	tc filter del dev $h2 ingress protocol ip pref 4 handle 104 flower
219
220	log_test "ip_flags match ($tcflags)"
221}
222
223match_pcp_test()
224{
225	RET=0
226
227	vlan_create $h2 85 v$h2 192.0.2.11/24
228
229	tc filter add dev $h2 ingress protocol 802.1q pref 1 handle 101 \
230		flower vlan_prio 6 $tcflags dst_mac $h2mac action drop
231	tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \
232		flower vlan_prio 7 $tcflags dst_mac $h2mac action drop
233
234	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 7:85 -t ip -q
235	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q
236
237	tc_check_packets "dev $h2 ingress" 101 0
238	check_err $? "Matched on specified PCP when should not"
239
240	tc_check_packets "dev $h2 ingress" 102 1
241	check_err $? "Did not match on specified PCP"
242
243	tc filter del dev $h2 ingress protocol 802.1q pref 2 handle 102 flower
244	tc filter del dev $h2 ingress protocol 802.1q pref 1 handle 101 flower
245
246	vlan_destroy $h2 85
247
248	log_test "PCP match ($tcflags)"
249}
250
251match_vlan_test()
252{
253	RET=0
254
255	vlan_create $h2 85 v$h2 192.0.2.11/24
256	vlan_create $h2 75 v$h2 192.0.2.10/24
257
258	tc filter add dev $h2 ingress protocol 802.1q pref 1 handle 101 \
259		flower vlan_id 75 $tcflags action drop
260	tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \
261		flower vlan_id 85 $tcflags action drop
262
263	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q
264
265	tc_check_packets "dev $h2 ingress" 101 0
266	check_err $? "Matched on specified VLAN when should not"
267
268	tc_check_packets "dev $h2 ingress" 102 1
269	check_err $? "Did not match on specified VLAN"
270
271	tc filter del dev $h2 ingress protocol 802.1q pref 2 handle 102 flower
272	tc filter del dev $h2 ingress protocol 802.1q pref 1 handle 101 flower
273
274	vlan_destroy $h2 75
275	vlan_destroy $h2 85
276
277	log_test "VLAN match ($tcflags)"
278}
279
280match_ip_tos_test()
281{
282	RET=0
283
284	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
285		$tcflags dst_ip 192.0.2.2 ip_tos 0x20 action drop
286	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
287		$tcflags dst_ip 192.0.2.2 ip_tos 0x18 action drop
288
289	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
290		-t ip tos=18 -q
291
292	tc_check_packets "dev $h2 ingress" 101 1
293	check_fail $? "Matched on a wrong filter (0x18)"
294
295	tc_check_packets "dev $h2 ingress" 102 1
296	check_err $? "Did not match on correct filter (0x18)"
297
298	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
299		-t ip tos=20 -q
300
301	tc_check_packets "dev $h2 ingress" 102 2
302	check_fail $? "Matched on a wrong filter (0x20)"
303
304	tc_check_packets "dev $h2 ingress" 101 1
305	check_err $? "Did not match on correct filter (0x20)"
306
307	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
308	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
309
310	log_test "ip_tos match ($tcflags)"
311}
312
313match_ip_ttl_test()
314{
315	RET=0
316
317	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
318		$tcflags dst_ip 192.0.2.2 ip_ttl 63 action drop
319	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
320		$tcflags dst_ip 192.0.2.2 action drop
321
322	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
323		-t ip "ttl=63" -q
324
325	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
326		-t ip "ttl=63,mf,frag=256" -q
327
328	tc_check_packets "dev $h2 ingress" 102 1
329	check_fail $? "Matched on the wrong filter (no check on ttl)"
330
331	tc_check_packets "dev $h2 ingress" 101 2
332	check_err $? "Did not match on correct filter (ttl=63)"
333
334	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
335		-t ip "ttl=255" -q
336
337	tc_check_packets "dev $h2 ingress" 101 3
338	check_fail $? "Matched on a wrong filter (ttl=63)"
339
340	tc_check_packets "dev $h2 ingress" 102 1
341	check_err $? "Did not match on correct filter (no check on ttl)"
342
343	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
344	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
345
346	log_test "ip_ttl match ($tcflags)"
347}
348
349match_indev_test()
350{
351	RET=0
352
353	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
354		$tcflags indev $h1 dst_mac $h2mac action drop
355	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
356		$tcflags indev $h2 dst_mac $h2mac action drop
357
358	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
359		-t ip -q
360
361	tc_check_packets "dev $h2 ingress" 101 1
362	check_fail $? "Matched on a wrong filter"
363
364	tc_check_packets "dev $h2 ingress" 102 1
365	check_err $? "Did not match on correct filter"
366
367	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
368	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
369
370	log_test "indev match ($tcflags)"
371}
372
373setup_prepare()
374{
375	h1=${NETIFS[p1]}
376	h2=${NETIFS[p2]}
377	h1mac=$(mac_get $h1)
378	h2mac=$(mac_get $h2)
379
380	vrf_prepare
381
382	h1_create
383	h2_create
384}
385
386cleanup()
387{
388	pre_cleanup
389
390	h2_destroy
391	h1_destroy
392
393	vrf_cleanup
394}
395
396trap cleanup EXIT
397
398setup_prepare
399setup_wait
400
401tests_run
402
403tc_offload_check
404if [[ $? -ne 0 ]]; then
405	log_info "Could not test offloaded functionality"
406else
407	tcflags="skip_sw"
408	tests_run
409fi
410
411exit $EXIT_STATUS
412