2 # SPDX-License-Identifier: GPL-2.0
4 # Test devlink-trap tunnel drops and exceptions functionality over mlxsw.
5 # Check all traps to make sure they are triggered under the right
8 # +--------------------+
12 # +----|---------------+
14 # +----|----------------------------------------------------------------------+
16 # | +--|--------------------------------------------------------------------+ |
17 # | | + $swp1 BR1 (802.1d) | |
19 # | | + vx1 (vxlan) | |
20 # | | local 192.0.2.17 | |
21 # | | id 1000 dstport $VXPORT | |
22 # | +-----------------------------------------------------------------------+ |
26 # +----|----------------------------------------------------------------------+
28 # +----|--------------------------------------------------------+
33 # +-------------------------------------------------------------+
35 lib_dir=$(dirname $0)/../../../net/forwarding
39 overlay_smac_is_mc_test
43 source $lib_dir/lib.sh
44 source $lib_dir/tc_common.sh
45 source $lib_dir/devlink_lib.sh
52 simple_if_init $h1 192.0.2.1/28
57 simple_if_fini $h1 192.0.2.1/28
62 ip link add name br1 type bridge vlan_filtering 0 mcast_snooping 0
63 # Make sure the bridge uses the MAC address of the local port and not
64 # that of the VxLAN's device.
65 ip link set dev br1 address $(mac_get $swp1)
66 ip link set dev br1 up
68 tc qdisc add dev $swp1 clsact
69 ip link set dev $swp1 master br1
70 ip link set dev $swp1 up
72 ip link add name vx1 type vxlan id 1000 local 192.0.2.17 \
73 dstport "$VXPORT" nolearning noudpcsum tos inherit ttl 100
74 ip link set dev vx1 master br1
75 ip link set dev vx1 up
77 ip address add dev $rp1 192.0.2.17/28
78 ip link set dev $rp1 up
83 ip link set dev $rp1 down
84 ip address del dev $rp1 192.0.2.17/28
86 ip link set dev vx1 down
87 ip link set dev vx1 nomaster
90 ip link set dev $swp1 down
91 ip link set dev $swp1 nomaster
92 tc qdisc del dev $swp1 clsact
94 ip link set dev br1 down
100 simple_if_init $rp2 192.0.2.18/28
105 simple_if_fini $rp2 192.0.2.18/28
136 dest_mac=$(mac_get $h1)
138 )"08:"$( : VXLAN flags
139 )"00:00:00:"$( : VXLAN reserved
140 )"00:03:e8:"$( : VXLAN VNI : 1000
141 )"00:"$( : VXLAN reserved
142 )"$dest_mac:"$( : ETH daddr
143 )"00:00:00:00:00:00:"$( : ETH saddr
144 )"08:00:"$( : ETH type
145 )"45:"$( : IP version + IHL
147 )"00:14:"$( : IP total length
148 )"00:00:"$( : IP identification
149 )"20:00:"$( : IP flags + frag off
152 )"D6:E5:"$( : IP header csum
153 )"c0:00:02:03:"$( : IP saddr: 192.0.2.3
154 )"c0:00:02:01:"$( : IP daddr: 192.0.2.1
161 local trap_name="decap_error"
162 local group_name="tunnel_drops"
164 local ecn_desc=$1; shift
165 local outer_tos=$1; shift
170 tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \
171 flower src_ip 192.0.2.3 dst_ip 192.0.2.1 action pass
173 rp1_mac=$(mac_get $rp1)
174 payload=$(ecn_payload_get)
176 ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac -B 192.0.2.17 \
177 -t udp sp=12345,dp=$VXPORT,tos=$outer_tos,p=$payload -q &
180 devlink_trap_exception_test $trap_name $group_name
182 tc_check_packets "dev $swp1 egress" 101 0
183 check_err $? "Packets were not dropped"
185 log_test "$desc: Inner ECN is not ECT and outer is $ecn_desc"
187 kill $mz_pid && wait $mz_pid &> /dev/null
188 tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower
191 reserved_bits_payload_get()
193 dest_mac=$(mac_get $h1)
195 )"08:"$( : VXLAN flags
196 )"01:00:00:"$( : VXLAN reserved
197 )"00:03:e8:"$( : VXLAN VNI : 1000
198 )"00:"$( : VXLAN reserved
199 )"$dest_mac:"$( : ETH daddr
200 )"00:00:00:00:00:00:"$( : ETH saddr
201 )"08:00:"$( : ETH type
202 )"45:"$( : IP version + IHL
204 )"00:14:"$( : IP total length
205 )"00:00:"$( : IP identification
206 )"20:00:"$( : IP flags + frag off
209 )"00:00:"$( : IP header csum
210 )"c0:00:02:03:"$( : IP saddr: 192.0.2.3
211 )"c0:00:02:01:"$( : IP daddr: 192.0.2.1
218 dest_mac=$(mac_get $h1)
220 )"08:"$( : VXLAN flags
221 )"01:00:00:"$( : VXLAN reserved
222 )"00:03:e8:"$( : VXLAN VNI : 1000
223 )"00:"$( : VXLAN reserved
228 corrupted_packet_test()
230 local trap_name="decap_error"
231 local group_name="tunnel_drops"
233 local payload_get=$1; shift
238 # In case of too short packet, there is no any inner packet,
239 # so the matching will always succeed
240 tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \
241 flower skip_hw src_ip 192.0.2.3 dst_ip 192.0.2.1 action pass
243 rp1_mac=$(mac_get $rp1)
244 payload=$($payload_get)
245 ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac \
246 -B 192.0.2.17 -t udp sp=12345,dp=$VXPORT,p=$payload -q &
249 devlink_trap_exception_test $trap_name $group_name
251 tc_check_packets "dev $swp1 egress" 101 0
252 check_err $? "Packets were not dropped"
256 kill $mz_pid && wait $mz_pid &> /dev/null
257 tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower
262 ecn_decap_test "Decap error" "ECT(1)" 01
263 ecn_decap_test "Decap error" "ECT(0)" 02
264 ecn_decap_test "Decap error" "CE" 03
266 corrupted_packet_test "Decap error: Reserved bits in use" \
267 "reserved_bits_payload_get"
268 corrupted_packet_test "Decap error: No L2 header" "short_payload_get"
271 mc_smac_payload_get()
273 dest_mac=$(mac_get $h1)
274 source_mac=01:02:03:04:05:06
276 )"08:"$( : VXLAN flags
277 )"00:00:00:"$( : VXLAN reserved
278 )"00:03:e8:"$( : VXLAN VNI : 1000
279 )"00:"$( : VXLAN reserved
280 )"$dest_mac:"$( : ETH daddr
281 )"$source_mac:"$( : ETH saddr
282 )"08:00:"$( : ETH type
283 )"45:"$( : IP version + IHL
285 )"00:14:"$( : IP total length
286 )"00:00:"$( : IP identification
287 )"20:00:"$( : IP flags + frag off
290 )"00:00:"$( : IP header csum
291 )"c0:00:02:03:"$( : IP saddr: 192.0.2.3
292 )"c0:00:02:01:"$( : IP daddr: 192.0.2.1
297 overlay_smac_is_mc_test()
299 local trap_name="overlay_smac_is_mc"
300 local group_name="tunnel_drops"
305 # The matching will be checked on devlink_trap_drop_test()
306 # and the filter will be removed on devlink_trap_drop_cleanup()
307 tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \
308 flower src_mac 01:02:03:04:05:06 action pass
310 rp1_mac=$(mac_get $rp1)
311 payload=$(mc_smac_payload_get)
313 ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac \
314 -B 192.0.2.17 -t udp sp=12345,dp=$VXPORT,p=$payload -q &
317 devlink_trap_drop_test $trap_name $group_name $swp1 101
319 log_test "Overlay source MAC is multicast"
321 devlink_trap_drop_cleanup $mz_pid $swp1 "ip" 1 101