devlink_trap_tunnel_vxlan.sh (9091B)
1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Test devlink-trap tunnel drops and exceptions functionality over mlxsw. 5# Check all traps to make sure they are triggered under the right 6# conditions. 7 8# +--------------------+ 9# | H1 (vrf) | 10# | + $h1 | 11# | | 192.0.2.1/28 | 12# +----|---------------+ 13# | 14# +----|----------------------------------------------------------------------+ 15# | SW | | 16# | +--|--------------------------------------------------------------------+ | 17# | | + $swp1 BR1 (802.1d) | | 18# | | | | 19# | | + vx1 (vxlan) | | 20# | | local 192.0.2.17 | | 21# | | id 1000 dstport $VXPORT | | 22# | +-----------------------------------------------------------------------+ | 23# | | 24# | + $rp1 | 25# | | 192.0.2.17/28 | 26# +----|----------------------------------------------------------------------+ 27# | 28# +----|--------------------------------------------------------+ 29# | | VRF2 | 30# | + $rp2 | 31# | 192.0.2.18/28 | 32# | | 33# +-------------------------------------------------------------+ 34 35lib_dir=$(dirname $0)/../../../net/forwarding 36 37ALL_TESTS=" 38 decap_error_test 39 overlay_smac_is_mc_test 40" 41 42NUM_NETIFS=4 43source $lib_dir/lib.sh 44source $lib_dir/tc_common.sh 45source $lib_dir/devlink_lib.sh 46 47: ${VXPORT:=4789} 48export VXPORT 49 50h1_create() 51{ 52 simple_if_init $h1 192.0.2.1/28 53} 54 55h1_destroy() 56{ 57 simple_if_fini $h1 192.0.2.1/28 58} 59 60switch_create() 61{ 62 ip link add name br1 type bridge vlan_filtering 0 mcast_snooping 0 63 # Make sure the bridge uses the MAC address of the local port and not 64 # that of the VxLAN's device. 65 ip link set dev br1 address $(mac_get $swp1) 66 ip link set dev br1 up 67 68 tc qdisc add dev $swp1 clsact 69 ip link set dev $swp1 master br1 70 ip link set dev $swp1 up 71 72 ip link add name vx1 type vxlan id 1000 local 192.0.2.17 \ 73 dstport "$VXPORT" nolearning noudpcsum tos inherit ttl 100 74 ip link set dev vx1 master br1 75 ip link set dev vx1 up 76 77 ip address add dev $rp1 192.0.2.17/28 78 ip link set dev $rp1 up 79} 80 81switch_destroy() 82{ 83 ip link set dev $rp1 down 84 ip address del dev $rp1 192.0.2.17/28 85 86 ip link set dev vx1 down 87 ip link set dev vx1 nomaster 88 ip link del dev vx1 89 90 ip link set dev $swp1 down 91 ip link set dev $swp1 nomaster 92 tc qdisc del dev $swp1 clsact 93 94 ip link set dev br1 down 95 ip link del dev br1 96} 97 98vrf2_create() 99{ 100 simple_if_init $rp2 192.0.2.18/28 101} 102 103vrf2_destroy() 104{ 105 simple_if_fini $rp2 192.0.2.18/28 106} 107 108setup_prepare() 109{ 110 h1=${NETIFS[p1]} 111 swp1=${NETIFS[p2]} 112 113 rp1=${NETIFS[p3]} 114 rp2=${NETIFS[p4]} 115 116 vrf_prepare 117 forwarding_enable 118 h1_create 119 switch_create 120 vrf2_create 121} 122 123cleanup() 124{ 125 pre_cleanup 126 127 vrf2_destroy 128 switch_destroy 129 h1_destroy 130 forwarding_restore 131 vrf_cleanup 132} 133 134ecn_payload_get() 135{ 136 dest_mac=$(mac_get $h1) 137 p=$(: 138 )"08:"$( : VXLAN flags 139 )"00:00:00:"$( : VXLAN reserved 140 )"00:03:e8:"$( : VXLAN VNI : 1000 141 )"00:"$( : VXLAN reserved 142 )"$dest_mac:"$( : ETH daddr 143 )"00:00:00:00:00:00:"$( : ETH saddr 144 )"08:00:"$( : ETH type 145 )"45:"$( : IP version + IHL 146 )"00:"$( : IP TOS 147 )"00:14:"$( : IP total length 148 )"00:00:"$( : IP identification 149 )"20:00:"$( : IP flags + frag off 150 )"40:"$( : IP TTL 151 )"00:"$( : IP proto 152 )"D6:E5:"$( : IP header csum 153 )"c0:00:02:03:"$( : IP saddr: 192.0.2.3 154 )"c0:00:02:01:"$( : IP daddr: 192.0.2.1 155 ) 156 echo $p 157} 158 159ecn_decap_test() 160{ 161 local trap_name="decap_error" 162 local desc=$1; shift 163 local ecn_desc=$1; shift 164 local outer_tos=$1; shift 165 local mz_pid 166 167 RET=0 168 169 tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ 170 flower src_ip 192.0.2.3 dst_ip 192.0.2.1 action pass 171 172 rp1_mac=$(mac_get $rp1) 173 payload=$(ecn_payload_get) 174 175 ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac -B 192.0.2.17 \ 176 -t udp sp=12345,dp=$VXPORT,tos=$outer_tos,p=$payload -q & 177 mz_pid=$! 178 179 devlink_trap_exception_test $trap_name 180 181 tc_check_packets "dev $swp1 egress" 101 0 182 check_err $? "Packets were not dropped" 183 184 log_test "$desc: Inner ECN is not ECT and outer is $ecn_desc" 185 186 kill $mz_pid && wait $mz_pid &> /dev/null 187 tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower 188} 189 190reserved_bits_payload_get() 191{ 192 dest_mac=$(mac_get $h1) 193 p=$(: 194 )"08:"$( : VXLAN flags 195 )"01:00:00:"$( : VXLAN reserved 196 )"00:03:e8:"$( : VXLAN VNI : 1000 197 )"00:"$( : VXLAN reserved 198 )"$dest_mac:"$( : ETH daddr 199 )"00:00:00:00:00:00:"$( : ETH saddr 200 )"08:00:"$( : ETH type 201 )"45:"$( : IP version + IHL 202 )"00:"$( : IP TOS 203 )"00:14:"$( : IP total length 204 )"00:00:"$( : IP identification 205 )"20:00:"$( : IP flags + frag off 206 )"40:"$( : IP TTL 207 )"00:"$( : IP proto 208 )"00:00:"$( : IP header csum 209 )"c0:00:02:03:"$( : IP saddr: 192.0.2.3 210 )"c0:00:02:01:"$( : IP daddr: 192.0.2.1 211 ) 212 echo $p 213} 214 215short_payload_get() 216{ 217 dest_mac=$(mac_get $h1) 218 p=$(: 219 )"08:"$( : VXLAN flags 220 )"00:00:00:"$( : VXLAN reserved 221 )"00:03:e8:"$( : VXLAN VNI : 1000 222 )"00:"$( : VXLAN reserved 223 )"$dest_mac:"$( : ETH daddr 224 )"00:00:00:00:00:00:"$( : ETH saddr 225 ) 226 echo $p 227} 228 229corrupted_packet_test() 230{ 231 local trap_name="decap_error" 232 local desc=$1; shift 233 local payload_get=$1; shift 234 local mz_pid 235 236 RET=0 237 238 # In case of too short packet, there is no any inner packet, 239 # so the matching will always succeed 240 tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ 241 flower skip_hw src_ip 192.0.2.3 dst_ip 192.0.2.1 action pass 242 243 rp1_mac=$(mac_get $rp1) 244 payload=$($payload_get) 245 ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac \ 246 -B 192.0.2.17 -t udp sp=12345,dp=$VXPORT,p=$payload -q & 247 mz_pid=$! 248 249 devlink_trap_exception_test $trap_name 250 251 tc_check_packets "dev $swp1 egress" 101 0 252 check_err $? "Packets were not dropped" 253 254 log_test "$desc" 255 256 kill $mz_pid && wait $mz_pid &> /dev/null 257 tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower 258} 259 260decap_error_test() 261{ 262 ecn_decap_test "Decap error" "ECT(1)" 01 263 ecn_decap_test "Decap error" "ECT(0)" 02 264 ecn_decap_test "Decap error" "CE" 03 265 266 corrupted_packet_test "Decap error: Reserved bits in use" \ 267 "reserved_bits_payload_get" 268 corrupted_packet_test "Decap error: Too short inner packet" \ 269 "short_payload_get" 270} 271 272mc_smac_payload_get() 273{ 274 dest_mac=$(mac_get $h1) 275 source_mac=01:02:03:04:05:06 276 p=$(: 277 )"08:"$( : VXLAN flags 278 )"00:00:00:"$( : VXLAN reserved 279 )"00:03:e8:"$( : VXLAN VNI : 1000 280 )"00:"$( : VXLAN reserved 281 )"$dest_mac:"$( : ETH daddr 282 )"$source_mac:"$( : ETH saddr 283 )"08:00:"$( : ETH type 284 )"45:"$( : IP version + IHL 285 )"00:"$( : IP TOS 286 )"00:14:"$( : IP total length 287 )"00:00:"$( : IP identification 288 )"20:00:"$( : IP flags + frag off 289 )"40:"$( : IP TTL 290 )"00:"$( : IP proto 291 )"00:00:"$( : IP header csum 292 )"c0:00:02:03:"$( : IP saddr: 192.0.2.3 293 )"c0:00:02:01:"$( : IP daddr: 192.0.2.1 294 ) 295 echo $p 296} 297 298overlay_smac_is_mc_test() 299{ 300 local trap_name="overlay_smac_is_mc" 301 local mz_pid 302 303 RET=0 304 305 # The matching will be checked on devlink_trap_drop_test() 306 # and the filter will be removed on devlink_trap_drop_cleanup() 307 tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \ 308 flower src_mac 01:02:03:04:05:06 action pass 309 310 rp1_mac=$(mac_get $rp1) 311 payload=$(mc_smac_payload_get) 312 313 ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -b $rp1_mac \ 314 -B 192.0.2.17 -t udp sp=12345,dp=$VXPORT,p=$payload -q & 315 mz_pid=$! 316 317 devlink_trap_drop_test $trap_name $swp1 101 318 319 log_test "Overlay source MAC is multicast" 320 321 devlink_trap_drop_cleanup $mz_pid $swp1 "ip" 1 101 322} 323 324trap cleanup EXIT 325 326setup_prepare 327setup_wait 328tests_run 329 330exit $EXIT_STATUS