#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # # Test devlink-trap tunnel exceptions functionality over mlxsw. # Check all exception traps to make sure they are triggered under the right # conditions. # +-------------------------+ # | H1 | # | $h1 + | # | 2001:db8:1::1/64 | | # +-------------------|-----+ # | # +-------------------|-----+ # | SW1 | | # | $swp1 + | # | 2001:db8:1::2/64 | # | | # | + g1 (ip6gre) | # | loc=2001:db8:3::1 | # | rem=2001:db8:3::2 | # | tos=inherit | # | | # | + $rp1 | # | | 2001:db8:10::1/64 | # +--|----------------------+ # | # +--|----------------------+ # | | VRF2 | # | + $rp2 | # | 2001:db8:10::2/64 | # +-------------------------+ lib_dir=$(dirname $0)/../../../../net/forwarding ALL_TESTS=" decap_error_test " NUM_NETIFS=4 source $lib_dir/lib.sh source $lib_dir/tc_common.sh source $lib_dir/devlink_lib.sh h1_create() { simple_if_init $h1 2001:db8:1::1/64 } h1_destroy() { simple_if_fini $h1 2001:db8:1::1/64 } vrf2_create() { simple_if_init $rp2 2001:db8:10::2/64 } vrf2_destroy() { simple_if_fini $rp2 2001:db8:10::2/64 } switch_create() { ip link set dev $swp1 up __addr_add_del $swp1 add 2001:db8:1::2/64 tc qdisc add dev $swp1 clsact tunnel_create g1 ip6gre 2001:db8:3::1 2001:db8:3::2 tos inherit \ ttl inherit ip link set dev g1 up __addr_add_del g1 add 2001:db8:3::1/128 ip link set dev $rp1 up __addr_add_del $rp1 add 2001:db8:10::1/64 } switch_destroy() { __addr_add_del $rp1 del 2001:db8:10::1/64 ip link set dev $rp1 down __addr_add_del g1 del 2001:db8:3::1/128 ip link set dev g1 down tunnel_destroy g1 tc qdisc del dev $swp1 clsact __addr_add_del $swp1 del 2001:db8:1::2/64 ip link set dev $swp1 down } setup_prepare() { h1=${NETIFS[p1]} swp1=${NETIFS[p2]} rp1=${NETIFS[p3]} rp2=${NETIFS[p4]} forwarding_enable vrf_prepare h1_create switch_create vrf2_create } cleanup() { pre_cleanup vrf2_destroy switch_destroy h1_destroy vrf_cleanup forwarding_restore } ipip_payload_get() { local saddr="20:01:0d:b8:00:02:00:00:00:00:00:00:00:00:00:01" local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01" local flags=$1; shift local key=$1; shift p=$(: )"$flags"$( : GRE flags )"0:00:"$( : Reserved + version )"86:dd:"$( : ETH protocol type )"$key"$( : Key )"6"$( : IP version )"0:0"$( : Traffic class )"0:00:00:"$( : Flow label )"00:00:"$( : Payload length )"3a:"$( : Next header )"04:"$( : Hop limit )"$saddr:"$( : IP saddr )"$daddr:"$( : IP daddr ) echo $p } ecn_payload_get() { echo $(ipip_payload_get "0") } ecn_decap_test() { local trap_name="decap_error" local desc=$1; shift local ecn_desc=$1; shift local outer_tos=$1; shift local mz_pid RET=0 tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \ flower src_ip 2001:db8:2::1 dst_ip 2001:db8:1::1 skip_sw \ action pass rp1_mac=$(mac_get $rp1) rp2_mac=$(mac_get $rp2) payload=$(ecn_payload_get) ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -a $rp2_mac -b $rp1_mac \ -A 2001:db8:3::2 -B 2001:db8:3::1 -t ip \ tos=$outer_tos,next=47,p=$payload -q & mz_pid=$! devlink_trap_exception_test $trap_name tc_check_packets "dev $swp1 egress" 101 0 check_err $? "Packets were not dropped" log_test "$desc: Inner ECN is not ECT and outer is $ecn_desc" kill $mz_pid && wait $mz_pid &> /dev/null tc filter del dev $swp1 egress protocol ipv6 pref 1 handle 101 flower } no_matching_tunnel_test() { local trap_name="decap_error" local desc=$1; shift local sip=$1; shift local mz_pid RET=0 tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \ flower src_ip 2001:db8:2::1 dst_ip 2001:db8:1::1 action pass rp1_mac=$(mac_get $rp1) rp2_mac=$(mac_get $rp2) payload=$(ipip_payload_get "$@") ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -a $rp2_mac -b $rp1_mac \ -A $sip -B 2001:db8:3::1 -t ip next=47,p=$payload -q & mz_pid=$! devlink_trap_exception_test $trap_name tc_check_packets "dev $swp1 egress" 101 0 check_err $? "Packets were not dropped" log_test "$desc" kill $mz_pid && wait $mz_pid &> /dev/null tc filter del dev $swp1 egress protocol ipv6 pref 1 handle 101 flower } decap_error_test() { # Correct source IP - the remote address local sip=2001:db8:3::2 ecn_decap_test "Decap error" "ECT(1)" 01 ecn_decap_test "Decap error" "ECT(0)" 02 ecn_decap_test "Decap error" "CE" 03 no_matching_tunnel_test "Decap error: Source IP check failed" \ 2001:db8:4::2 "0" no_matching_tunnel_test \ "Decap error: Key exists but was not expected" $sip "2" \ "00:00:00:E9:" # Destroy the tunnel and create new one with key __addr_add_del g1 del 2001:db8:3::1/128 tunnel_destroy g1 tunnel_create g1 ip6gre 2001:db8:3::1 2001:db8:3::2 tos inherit \ ttl inherit key 233 __addr_add_del g1 add 2001:db8:3::1/128 no_matching_tunnel_test \ "Decap error: Key does not exist but was expected" $sip "0" no_matching_tunnel_test \ "Decap error: Packet has a wrong key field" $sip "2" \ "00:00:00:E8:" } trap cleanup EXIT setup_prepare setup_wait tests_run exit $EXIT_STATUS