1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4ALL_TESTS="match_dst_mac_test match_src_mac_test match_dst_ip_test \ 5 match_src_ip_test match_ip_flags_test match_pcp_test match_vlan_test \ 6 match_ip_tos_test match_indev_test match_ip_ttl_test" 7NUM_NETIFS=2 8source tc_common.sh 9source lib.sh 10 11tcflags="skip_hw" 12 13h1_create() 14{ 15 simple_if_init $h1 192.0.2.1/24 198.51.100.1/24 16} 17 18h1_destroy() 19{ 20 simple_if_fini $h1 192.0.2.1/24 198.51.100.1/24 21} 22 23h2_create() 24{ 25 simple_if_init $h2 192.0.2.2/24 198.51.100.2/24 26 tc qdisc add dev $h2 clsact 27} 28 29h2_destroy() 30{ 31 tc qdisc del dev $h2 clsact 32 simple_if_fini $h2 192.0.2.2/24 198.51.100.2/24 33} 34 35match_dst_mac_test() 36{ 37 local dummy_mac=de:ad:be:ef:aa:aa 38 39 RET=0 40 41 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 42 $tcflags dst_mac $dummy_mac action drop 43 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 44 $tcflags dst_mac $h2mac action drop 45 46 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 47 -t ip -q 48 49 tc_check_packets "dev $h2 ingress" 101 1 50 check_fail $? "Matched on a wrong filter" 51 52 tc_check_packets "dev $h2 ingress" 102 0 53 check_fail $? "Did not match on correct filter" 54 55 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 56 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 57 58 log_test "dst_mac match ($tcflags)" 59} 60 61match_src_mac_test() 62{ 63 local dummy_mac=de:ad:be:ef:aa:aa 64 65 RET=0 66 67 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 68 $tcflags src_mac $dummy_mac action drop 69 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 70 $tcflags src_mac $h1mac action drop 71 72 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 73 -t ip -q 74 75 tc_check_packets "dev $h2 ingress" 101 1 76 check_fail $? "Matched on a wrong filter" 77 78 tc_check_packets "dev $h2 ingress" 102 0 79 check_fail $? "Did not match on correct filter" 80 81 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 82 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 83 84 log_test "src_mac match ($tcflags)" 85} 86 87match_dst_ip_test() 88{ 89 RET=0 90 91 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 92 $tcflags dst_ip 198.51.100.2 action drop 93 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 94 $tcflags dst_ip 192.0.2.2 action drop 95 tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \ 96 $tcflags dst_ip 192.0.2.0/24 action drop 97 98 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 99 -t ip -q 100 101 tc_check_packets "dev $h2 ingress" 101 1 102 check_fail $? "Matched on a wrong filter" 103 104 tc_check_packets "dev $h2 ingress" 102 1 105 check_err $? "Did not match on correct filter" 106 107 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 108 109 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 110 -t ip -q 111 112 tc_check_packets "dev $h2 ingress" 103 1 113 check_err $? "Did not match on correct filter with mask" 114 115 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 116 tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower 117 118 log_test "dst_ip match ($tcflags)" 119} 120 121match_src_ip_test() 122{ 123 RET=0 124 125 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 126 $tcflags src_ip 198.51.100.1 action drop 127 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 128 $tcflags src_ip 192.0.2.1 action drop 129 tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \ 130 $tcflags src_ip 192.0.2.0/24 action drop 131 132 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 133 -t ip -q 134 135 tc_check_packets "dev $h2 ingress" 101 1 136 check_fail $? "Matched on a wrong filter" 137 138 tc_check_packets "dev $h2 ingress" 102 1 139 check_err $? "Did not match on correct filter" 140 141 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 142 143 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 144 -t ip -q 145 146 tc_check_packets "dev $h2 ingress" 103 1 147 check_err $? "Did not match on correct filter with mask" 148 149 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 150 tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower 151 152 log_test "src_ip match ($tcflags)" 153} 154 155match_ip_flags_test() 156{ 157 RET=0 158 159 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 160 $tcflags ip_flags frag action continue 161 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 162 $tcflags ip_flags firstfrag action continue 163 tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \ 164 $tcflags ip_flags nofirstfrag action continue 165 tc filter add dev $h2 ingress protocol ip pref 4 handle 104 flower \ 166 $tcflags ip_flags nofrag action drop 167 168 $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 169 -t ip "frag=0" -q 170 171 tc_check_packets "dev $h2 ingress" 101 1 172 check_fail $? "Matched on wrong frag filter (nofrag)" 173 174 tc_check_packets "dev $h2 ingress" 102 1 175 check_fail $? "Matched on wrong firstfrag filter (nofrag)" 176 177 tc_check_packets "dev $h2 ingress" 103 1 178 check_err $? "Did not match on nofirstfrag filter (nofrag) " 179 180 tc_check_packets "dev $h2 ingress" 104 1 181 check_err $? "Did not match on nofrag filter (nofrag)" 182 183 $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 184 -t ip "frag=0,mf" -q 185 186 tc_check_packets "dev $h2 ingress" 101 1 187 check_err $? "Did not match on frag filter (1stfrag)" 188 189 tc_check_packets "dev $h2 ingress" 102 1 190 check_err $? "Did not match fistfrag filter (1stfrag)" 191 192 tc_check_packets "dev $h2 ingress" 103 1 193 check_err $? "Matched on wrong nofirstfrag filter (1stfrag)" 194 195 tc_check_packets "dev $h2 ingress" 104 1 196 check_err $? "Match on wrong nofrag filter (1stfrag)" 197 198 $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 199 -t ip "frag=256,mf" -q 200 $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 201 -t ip "frag=256" -q 202 203 tc_check_packets "dev $h2 ingress" 101 3 204 check_err $? "Did not match on frag filter (no1stfrag)" 205 206 tc_check_packets "dev $h2 ingress" 102 1 207 check_err $? "Matched on wrong firstfrag filter (no1stfrag)" 208 209 tc_check_packets "dev $h2 ingress" 103 3 210 check_err $? "Did not match on nofirstfrag filter (no1stfrag)" 211 212 tc_check_packets "dev $h2 ingress" 104 1 213 check_err $? "Matched on nofrag filter (no1stfrag)" 214 215 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 216 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 217 tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower 218 tc filter del dev $h2 ingress protocol ip pref 4 handle 104 flower 219 220 log_test "ip_flags match ($tcflags)" 221} 222 223match_pcp_test() 224{ 225 RET=0 226 227 vlan_create $h2 85 v$h2 192.0.2.11/24 228 229 tc filter add dev $h2 ingress protocol 802.1q pref 1 handle 101 \ 230 flower vlan_prio 6 $tcflags dst_mac $h2mac action drop 231 tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \ 232 flower vlan_prio 7 $tcflags dst_mac $h2mac action drop 233 234 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 7:85 -t ip -q 235 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q 236 237 tc_check_packets "dev $h2 ingress" 101 0 238 check_err $? "Matched on specified PCP when should not" 239 240 tc_check_packets "dev $h2 ingress" 102 1 241 check_err $? "Did not match on specified PCP" 242 243 tc filter del dev $h2 ingress protocol 802.1q pref 2 handle 102 flower 244 tc filter del dev $h2 ingress protocol 802.1q pref 1 handle 101 flower 245 246 vlan_destroy $h2 85 247 248 log_test "PCP match ($tcflags)" 249} 250 251match_vlan_test() 252{ 253 RET=0 254 255 vlan_create $h2 85 v$h2 192.0.2.11/24 256 vlan_create $h2 75 v$h2 192.0.2.10/24 257 258 tc filter add dev $h2 ingress protocol 802.1q pref 1 handle 101 \ 259 flower vlan_id 75 $tcflags action drop 260 tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \ 261 flower vlan_id 85 $tcflags action drop 262 263 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q 264 265 tc_check_packets "dev $h2 ingress" 101 0 266 check_err $? "Matched on specified VLAN when should not" 267 268 tc_check_packets "dev $h2 ingress" 102 1 269 check_err $? "Did not match on specified VLAN" 270 271 tc filter del dev $h2 ingress protocol 802.1q pref 2 handle 102 flower 272 tc filter del dev $h2 ingress protocol 802.1q pref 1 handle 101 flower 273 274 vlan_destroy $h2 75 275 vlan_destroy $h2 85 276 277 log_test "VLAN match ($tcflags)" 278} 279 280match_ip_tos_test() 281{ 282 RET=0 283 284 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 285 $tcflags dst_ip 192.0.2.2 ip_tos 0x20 action drop 286 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 287 $tcflags dst_ip 192.0.2.2 ip_tos 0x18 action drop 288 289 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 290 -t ip tos=18 -q 291 292 tc_check_packets "dev $h2 ingress" 101 1 293 check_fail $? "Matched on a wrong filter (0x18)" 294 295 tc_check_packets "dev $h2 ingress" 102 1 296 check_err $? "Did not match on correct filter (0x18)" 297 298 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 299 -t ip tos=20 -q 300 301 tc_check_packets "dev $h2 ingress" 102 2 302 check_fail $? "Matched on a wrong filter (0x20)" 303 304 tc_check_packets "dev $h2 ingress" 101 1 305 check_err $? "Did not match on correct filter (0x20)" 306 307 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 308 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 309 310 log_test "ip_tos match ($tcflags)" 311} 312 313match_ip_ttl_test() 314{ 315 RET=0 316 317 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 318 $tcflags dst_ip 192.0.2.2 ip_ttl 63 action drop 319 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 320 $tcflags dst_ip 192.0.2.2 action drop 321 322 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 323 -t ip "ttl=63" -q 324 325 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 326 -t ip "ttl=63,mf,frag=256" -q 327 328 tc_check_packets "dev $h2 ingress" 102 1 329 check_fail $? "Matched on the wrong filter (no check on ttl)" 330 331 tc_check_packets "dev $h2 ingress" 101 2 332 check_err $? "Did not match on correct filter (ttl=63)" 333 334 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 335 -t ip "ttl=255" -q 336 337 tc_check_packets "dev $h2 ingress" 101 3 338 check_fail $? "Matched on a wrong filter (ttl=63)" 339 340 tc_check_packets "dev $h2 ingress" 102 1 341 check_err $? "Did not match on correct filter (no check on ttl)" 342 343 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 344 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 345 346 log_test "ip_ttl match ($tcflags)" 347} 348 349match_indev_test() 350{ 351 RET=0 352 353 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 354 $tcflags indev $h1 dst_mac $h2mac action drop 355 tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \ 356 $tcflags indev $h2 dst_mac $h2mac action drop 357 358 $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 359 -t ip -q 360 361 tc_check_packets "dev $h2 ingress" 101 1 362 check_fail $? "Matched on a wrong filter" 363 364 tc_check_packets "dev $h2 ingress" 102 1 365 check_err $? "Did not match on correct filter" 366 367 tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower 368 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 369 370 log_test "indev match ($tcflags)" 371} 372 373setup_prepare() 374{ 375 h1=${NETIFS[p1]} 376 h2=${NETIFS[p2]} 377 h1mac=$(mac_get $h1) 378 h2mac=$(mac_get $h2) 379 380 vrf_prepare 381 382 h1_create 383 h2_create 384} 385 386cleanup() 387{ 388 pre_cleanup 389 390 h2_destroy 391 h1_destroy 392 393 vrf_cleanup 394} 395 396trap cleanup EXIT 397 398setup_prepare 399setup_wait 400 401tests_run 402 403tc_offload_check 404if [[ $? -ne 0 ]]; then 405 log_info "Could not test offloaded functionality" 406else 407 tcflags="skip_sw" 408 tests_run 409fi 410 411exit $EXIT_STATUS 412