cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

mirror_gre_scale.sh (5782B)

      1# SPDX-License-Identifier: GPL-2.0
      2
      3# Test offloading a number of mirrors-to-gretap. The test creates a number of
      4# tunnels. Then it adds one flower mirror for each of the tunnels, matching a
      5# given host IP. Then it generates traffic at each of the host IPs and checks
      6# that the traffic has been mirrored at the appropriate tunnel.
      7#
      8#   +--------------------------+                   +--------------------------+
      9#   | H1                       |                   |                       H2 |
     10#   |     + $h1                |                   |                $h2 +     |
     11#   |     | 2001:db8:1:X::1/64 |                   | 2001:db8:1:X::2/64 |     |
     12#   +-----|--------------------+                   +--------------------|-----+
     13#         |                                                             |
     14#   +-----|-------------------------------------------------------------|-----+
     15#   | SW  o--> mirrors                                                  |     |
     16#   | +---|-------------------------------------------------------------|---+ |
     17#   | |   + $swp1                    BR                           $swp2 +   | |
     18#   | +---------------------------------------------------------------------+ |
     19#   |                                                                         |
     20#   |     + $swp3                          + gt6-<X> (ip6gretap)              |
     21#   |     | 2001:db8:2:X::1/64             : loc=2001:db8:2:X::1              |
     22#   |     |                                : rem=2001:db8:2:X::2              |
     23#   |     |                                : ttl=100                          |
     24#   |     |                                : tos=inherit                      |
     25#   |     |                                :                                  |
     26#   +-----|--------------------------------:----------------------------------+
     27#         |                                :
     28#   +-----|--------------------------------:----------------------------------+
     29#   | H3  + $h3                            + h3-gt6-<X> (ip6gretap)           |
     30#   |       2001:db8:2:X::2/64               loc=2001:db8:2:X::2              |
     31#   |                                        rem=2001:db8:2:X::1              |
     32#   |                                        ttl=100                          |
     33#   |                                        tos=inherit                      |
     34#   |                                                                         |
     35#   +-------------------------------------------------------------------------+
     36
     37source ../../../../net/forwarding/mirror_lib.sh
     38
     39MIRROR_NUM_NETIFS=6
     40
     41mirror_gre_ipv6_addr()
     42{
     43	local net=$1; shift
     44	local num=$1; shift
     45
     46	printf "2001:db8:%x:%x" $net $num
     47}
     48
     49mirror_gre_tunnels_create()
     50{
     51	local count=$1; shift
     52	local should_fail=$1; shift
     53
     54	MIRROR_GRE_BATCH_FILE="$(mktemp)"
     55	for ((i=0; i < count; ++i)); do
     56		local match_dip=$(mirror_gre_ipv6_addr 1 $i)::2
     57		local htun=h3-gt6-$i
     58		local tun=gt6-$i
     59
     60		((mirror_gre_tunnels++))
     61
     62		ip address add dev $h1 $(mirror_gre_ipv6_addr 1 $i)::1/64
     63		ip address add dev $h2 $(mirror_gre_ipv6_addr 1 $i)::2/64
     64
     65		ip address add dev $swp3 $(mirror_gre_ipv6_addr 2 $i)::1/64
     66		ip address add dev $h3 $(mirror_gre_ipv6_addr 2 $i)::2/64
     67
     68		tunnel_create $tun ip6gretap \
     69			      $(mirror_gre_ipv6_addr 2 $i)::1 \
     70			      $(mirror_gre_ipv6_addr 2 $i)::2 \
     71			      ttl 100 tos inherit allow-localremote
     72
     73		tunnel_create $htun ip6gretap \
     74			      $(mirror_gre_ipv6_addr 2 $i)::2 \
     75			      $(mirror_gre_ipv6_addr 2 $i)::1
     76		ip link set $htun vrf v$h3
     77		matchall_sink_create $htun
     78
     79		cat >> $MIRROR_GRE_BATCH_FILE <<-EOF
     80			filter add dev $swp1 ingress pref 1000 \
     81				protocol ipv6 \
     82				flower $tcflags dst_ip $match_dip \
     83				action mirred egress mirror dev $tun
     84		EOF
     85	done
     86
     87	tc -b $MIRROR_GRE_BATCH_FILE
     88	check_err_fail $should_fail $? "Mirror rule insertion"
     89}
     90
     91mirror_gre_tunnels_destroy()
     92{
     93	local count=$1; shift
     94
     95	for ((i=0; i < count; ++i)); do
     96		local htun=h3-gt6-$i
     97		local tun=gt6-$i
     98
     99		ip address del dev $h3 $(mirror_gre_ipv6_addr 2 $i)::2/64
    100		ip address del dev $swp3 $(mirror_gre_ipv6_addr 2 $i)::1/64
    101
    102		ip address del dev $h2 $(mirror_gre_ipv6_addr 1 $i)::2/64
    103		ip address del dev $h1 $(mirror_gre_ipv6_addr 1 $i)::1/64
    104
    105		tunnel_destroy $htun
    106		tunnel_destroy $tun
    107	done
    108}
    109
    110__mirror_gre_test()
    111{
    112	local count=$1; shift
    113	local should_fail=$1; shift
    114
    115	mirror_gre_tunnels_create $count $should_fail
    116	if ((should_fail)); then
    117	    return
    118	fi
    119
    120	sleep 5
    121
    122	for ((i = 0; i < count; ++i)); do
    123		local sip=$(mirror_gre_ipv6_addr 1 $i)::1
    124		local dip=$(mirror_gre_ipv6_addr 1 $i)::2
    125		local htun=h3-gt6-$i
    126		local message
    127
    128		icmp6_capture_install $htun
    129		mirror_test v$h1 $sip $dip $htun 100 10
    130		icmp6_capture_uninstall $htun
    131	done
    132}
    133
    134mirror_gre_test()
    135{
    136	local count=$1; shift
    137	local should_fail=$1; shift
    138
    139	if ! tc_offload_check $TC_FLOWER_NUM_NETIFS; then
    140		check_err 1 "Could not test offloaded functionality"
    141		return
    142	fi
    143
    144	tcflags="skip_sw"
    145	__mirror_gre_test $count $should_fail
    146}
    147
    148mirror_gre_setup_prepare()
    149{
    150	h1=${NETIFS[p1]}
    151	swp1=${NETIFS[p2]}
    152
    153	swp2=${NETIFS[p3]}
    154	h2=${NETIFS[p4]}
    155
    156	swp3=${NETIFS[p5]}
    157	h3=${NETIFS[p6]}
    158
    159	mirror_gre_tunnels=0
    160
    161	vrf_prepare
    162
    163	simple_if_init $h1
    164	simple_if_init $h2
    165	simple_if_init $h3
    166
    167	ip link add name br1 type bridge vlan_filtering 1
    168	ip link set dev br1 up
    169
    170	ip link set dev $swp1 master br1
    171	ip link set dev $swp1 up
    172	tc qdisc add dev $swp1 clsact
    173
    174	ip link set dev $swp2 master br1
    175	ip link set dev $swp2 up
    176
    177	ip link set dev $swp3 up
    178}
    179
    180mirror_gre_cleanup()
    181{
    182	mirror_gre_tunnels_destroy $mirror_gre_tunnels
    183
    184	ip link set dev $swp3 down
    185
    186	ip link set dev $swp2 down
    187
    188	tc qdisc del dev $swp1 clsact
    189	ip link set dev $swp1 down
    190
    191	ip link del dev br1
    192
    193	simple_if_fini $h3
    194	simple_if_fini $h2
    195	simple_if_fini $h1
    196
    197	vrf_cleanup
    198}