devlink_trap_acl_drops.sh - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
devlink_trap_acl_drops.sh (2458B)
      1#!/bin/bash
      2# SPDX-License-Identifier: GPL-2.0
      3#
      4# Test devlink-trap ACL drops functionality over mlxsw.
      5
      6lib_dir=$(dirname $0)/../../../net/forwarding
      7
      8ALL_TESTS="
      9	ingress_flow_action_drop_test
     10	egress_flow_action_drop_test
     11"
     12NUM_NETIFS=4
     13source $lib_dir/tc_common.sh
     14source $lib_dir/lib.sh
     15source $lib_dir/devlink_lib.sh
     16
     17h1_create()
     18{
     19	simple_if_init $h1
     20}
     21
     22h1_destroy()
     23{
     24	simple_if_fini $h1
     25}
     26
     27h2_create()
     28{
     29	simple_if_init $h2
     30}
     31
     32h2_destroy()
     33{
     34	simple_if_fini $h2
     35}
     36
     37switch_create()
     38{
     39	ip link add dev br0 type bridge vlan_filtering 1 mcast_snooping 0
     40
     41	ip link set dev $swp1 master br0
     42	ip link set dev $swp2 master br0
     43
     44	ip link set dev br0 up
     45	ip link set dev $swp1 up
     46	ip link set dev $swp2 up
     47
     48	tc qdisc add dev $swp1 clsact
     49	tc qdisc add dev $swp2 clsact
     50}
     51
     52switch_destroy()
     53{
     54	tc qdisc del dev $swp2 clsact
     55	tc qdisc del dev $swp1 clsact
     56
     57	ip link set dev $swp2 down
     58	ip link set dev $swp1 down
     59
     60	ip link del dev br0
     61}
     62
     63setup_prepare()
     64{
     65	h1=${NETIFS[p1]}
     66	swp1=${NETIFS[p2]}
     67
     68	swp2=${NETIFS[p3]}
     69	h2=${NETIFS[p4]}
     70
     71	h1mac=$(mac_get $h1)
     72	h2mac=$(mac_get $h2)
     73
     74	vrf_prepare
     75
     76	h1_create
     77	h2_create
     78
     79	switch_create
     80}
     81
     82cleanup()
     83{
     84	pre_cleanup
     85
     86	switch_destroy
     87
     88	h2_destroy
     89	h1_destroy
     90
     91	vrf_cleanup
     92}
     93
     94ingress_flow_action_drop_test()
     95{
     96	local mz_pid
     97
     98	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
     99		flower src_mac $h1mac action pass
    100
    101	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 \
    102		flower dst_ip 192.0.2.2 action drop
    103
    104	$MZ $h1 -c 0 -p 100 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
    105		-t ip -d 1msec -q &
    106	mz_pid=$!
    107
    108	RET=0
    109
    110	devlink_trap_drop_test ingress_flow_action_drop $swp2 101
    111
    112	log_test "ingress_flow_action_drop"
    113
    114	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower
    115
    116	devlink_trap_drop_cleanup $mz_pid $swp2 ip 1 101
    117}
    118
    119egress_flow_action_drop_test()
    120{
    121	local mz_pid
    122
    123	tc filter add dev $swp2 egress protocol ip pref 2 handle 102 \
    124		flower src_mac $h1mac action pass
    125
    126	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
    127		flower dst_ip 192.0.2.2 action drop
    128
    129	$MZ $h1 -c 0 -p 100 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
    130		-t ip -d 1msec -q &
    131	mz_pid=$!
    132
    133	RET=0
    134
    135	devlink_trap_drop_test egress_flow_action_drop $swp2 102
    136
    137	log_test "egress_flow_action_drop"
    138
    139	tc filter del dev $swp2 egress protocol ip pref 1 handle 101 flower
    140
    141	devlink_trap_drop_cleanup $mz_pid $swp2 ip 2 102
    142}
    143
    144trap cleanup EXIT
    145
    146setup_prepare
    147setup_wait
    148
    149tests_run
    150
    151exit $EXIT_STATUS