cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

vxlan_flooding_ipv6.sh (9468B)

      1#!/bin/bash
      2# SPDX-License-Identifier: GPL-2.0
      3#
      4# Test VxLAN flooding. The device stores flood records in a singly linked list
      5# where each record stores up to four IPv6 addresses of remote VTEPs. The test
      6# verifies that packets are correctly flooded in various cases such as deletion
      7# of a record in the middle of the list.
      8#
      9# +-----------------------+
     10# | H1 (vrf)              |
     11# |    + $h1              |
     12# |    | 2001:db8:1::1/64 |
     13# +----|------------------+
     14#      |
     15# +----|----------------------------------------------------------------------+
     16# | SW |                                                                      |
     17# | +--|--------------------------------------------------------------------+ |
     18# | |  + $swp1                   BR0 (802.1d)                               | |
     19# | |                                                                       | |
     20# | |  + vxlan0 (vxlan)                                                     | |
     21# | |    local 2001:db8:2::1                                                | |
     22# | |    remote 2001:db8:2::{2..17}                                         | |
     23# | |    id 10 dstport 4789                                                 | |
     24# | +-----------------------------------------------------------------------+ |
     25# |                                                                           |
     26# |  2001:db8:2::0/64 via 2001:db8:3::2                                       |
     27# |                                                                           |
     28# |    + $rp1                                                                 |
     29# |    | 2001:db8:3::1/64                                                     |
     30# +----|----------------------------------------------------------------------+
     31#      |
     32# +----|--------------------------------------------------------+
     33# |    |                                               R2 (vrf) |
     34# |    + $rp2                                                   |
     35# |      2001:db8:3::2/64                                       |
     36# |                                                             |
     37# +-------------------------------------------------------------+
     38
     39lib_dir=$(dirname $0)/../../../../net/forwarding
     40
     41ALL_TESTS="flooding_test"
     42NUM_NETIFS=4
     43source $lib_dir/tc_common.sh
     44source $lib_dir/lib.sh
     45
     46h1_create()
     47{
     48	simple_if_init $h1 2001:db8:1::1/64
     49}
     50
     51h1_destroy()
     52{
     53	simple_if_fini $h1 2001:db8:1::1/64
     54}
     55
     56switch_create()
     57{
     58	# Make sure the bridge uses the MAC address of the local port and
     59	# not that of the VxLAN's device
     60	ip link add dev br0 type bridge mcast_snooping 0
     61	ip link set dev br0 address $(mac_get $swp1)
     62
     63	ip link add name vxlan0 type vxlan id 10 nolearning \
     64		udp6zerocsumrx udp6zerocsumtx ttl 20 tos inherit \
     65		local 2001:db8:2::1 dstport 4789
     66
     67	ip address add 2001:db8:2::1/128 dev lo
     68
     69	ip link set dev $swp1 master br0
     70	ip link set dev vxlan0 master br0
     71
     72	ip link set dev br0 up
     73	ip link set dev $swp1 up
     74	ip link set dev vxlan0 up
     75}
     76
     77switch_destroy()
     78{
     79	ip link set dev vxlan0 down
     80	ip link set dev $swp1 down
     81	ip link set dev br0 down
     82
     83	ip link set dev vxlan0 nomaster
     84	ip link set dev $swp1 nomaster
     85
     86	ip address del 2001:db8:2::1/128 dev lo
     87
     88	ip link del dev vxlan0
     89
     90	ip link del dev br0
     91}
     92
     93router1_create()
     94{
     95	# This router is in the default VRF, where the VxLAN device is
     96	# performing the L3 lookup
     97	ip link set dev $rp1 up
     98	ip address add 2001:db8:3::1/64 dev $rp1
     99	ip route add 2001:db8:2::0/64 via 2001:db8:3::2
    100}
    101
    102router1_destroy()
    103{
    104	ip route del 2001:db8:2::0/64 via 2001:db8:3::2
    105	ip address del 2001:db8:3::1/64 dev $rp1
    106	ip link set dev $rp1 down
    107}
    108
    109router2_create()
    110{
    111	# This router is not in the default VRF, so use simple_if_init()
    112	simple_if_init $rp2 2001:db8:3::2/64
    113}
    114
    115router2_destroy()
    116{
    117	simple_if_fini $rp2 2001:db8:3::2/64
    118}
    119
    120setup_prepare()
    121{
    122	h1=${NETIFS[p1]}
    123	swp1=${NETIFS[p2]}
    124
    125	rp1=${NETIFS[p3]}
    126	rp2=${NETIFS[p4]}
    127
    128	vrf_prepare
    129
    130	h1_create
    131
    132	switch_create
    133
    134	router1_create
    135	router2_create
    136
    137	forwarding_enable
    138}
    139
    140cleanup()
    141{
    142	pre_cleanup
    143
    144	forwarding_restore
    145
    146	router2_destroy
    147	router1_destroy
    148
    149	switch_destroy
    150
    151	h1_destroy
    152
    153	vrf_cleanup
    154}
    155
    156flooding_remotes_add()
    157{
    158	local num_remotes=$1
    159	local lsb
    160	local i
    161
    162	# Prevent unwanted packets from entering the bridge and interfering
    163	# with the test.
    164	tc qdisc add dev br0 clsact
    165	tc filter add dev br0 egress protocol all pref 1 handle 1 \
    166		matchall skip_hw action drop
    167	tc qdisc add dev $h1 clsact
    168	tc filter add dev $h1 egress protocol all pref 1 handle 1 \
    169		flower skip_hw dst_mac de:ad:be:ef:13:37 action pass
    170	tc filter add dev $h1 egress protocol all pref 2 handle 2 \
    171		matchall skip_hw action drop
    172
    173	for i in $(eval echo {1..$num_remotes}); do
    174		lsb=$((i + 1))
    175
    176		bridge fdb append 00:00:00:00:00:00 dev vxlan0 self \
    177			dst 2001:db8:2::$lsb
    178	done
    179}
    180
    181flooding_filters_add()
    182{
    183	local num_remotes=$1
    184	local lsb
    185	local i
    186
    187	tc qdisc add dev $rp2 clsact
    188
    189	for i in $(eval echo {1..$num_remotes}); do
    190		lsb=$((i + 1))
    191
    192		tc filter add dev $rp2 ingress protocol ipv6 pref $i handle $i \
    193			flower ip_proto udp dst_ip 2001:db8:2::$lsb \
    194			dst_port 4789 skip_sw action drop
    195	done
    196}
    197
    198flooding_filters_del()
    199{
    200	local num_remotes=$1
    201	local i
    202
    203	for i in $(eval echo {1..$num_remotes}); do
    204		tc filter del dev $rp2 ingress protocol ipv6 pref $i \
    205			handle $i flower
    206	done
    207
    208	tc qdisc del dev $rp2 clsact
    209
    210	tc filter del dev $h1 egress protocol all pref 2 handle 2 matchall
    211	tc filter del dev $h1 egress protocol all pref 1 handle 1 flower
    212	tc qdisc del dev $h1 clsact
    213	tc filter del dev br0 egress protocol all pref 1 handle 1 matchall
    214	tc qdisc del dev br0 clsact
    215}
    216
    217flooding_check_packets()
    218{
    219	local packets=("$@")
    220	local num_remotes=${#packets[@]}
    221	local i
    222
    223	for i in $(eval echo {1..$num_remotes}); do
    224		tc_check_packets "dev $rp2 ingress" $i ${packets[i - 1]}
    225		check_err $? "remote $i - did not get expected number of packets"
    226	done
    227}
    228
    229flooding_test()
    230{
    231	# Use 16 remote VTEPs that will be stored in 4 records. The array
    232	# 'packets' will store how many packets are expected to be received
    233	# by each remote VTEP at each stage of the test
    234	declare -a packets=(1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1)
    235	local num_remotes=16
    236
    237	RET=0
    238
    239	# Add FDB entries for remote VTEPs and corresponding tc filters on the
    240	# ingress of the nexthop router. These filters will count how many
    241	# packets were flooded to each remote VTEP
    242	flooding_remotes_add $num_remotes
    243	flooding_filters_add $num_remotes
    244
    245	# Send one packet and make sure it is flooded to all the remote VTEPs
    246	$MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1
    247	flooding_check_packets "${packets[@]}"
    248	log_test "flood after 1 packet"
    249
    250	# Delete the third record which corresponds to VTEPs with LSB 10..13
    251	# and check that packet is flooded correctly when we remove a record
    252	# from the middle of the list
    253	RET=0
    254
    255	packets=(2 2 2 2 2 2 2 2 1 1 1 1 2 2 2 2)
    256	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::10
    257	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::11
    258	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::12
    259	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::13
    260
    261	$MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1
    262	flooding_check_packets "${packets[@]}"
    263	log_test "flood after 2 packets"
    264
    265	# Delete the first record and make sure the packet is flooded correctly
    266	RET=0
    267
    268	packets=(2 2 2 2 3 3 3 3 1 1 1 1 3 3 3 3)
    269	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::2
    270	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::3
    271	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::4
    272	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::5
    273
    274	$MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1
    275	flooding_check_packets "${packets[@]}"
    276	log_test "flood after 3 packets"
    277
    278	# Delete the last record and make sure the packet is flooded correctly
    279	RET=0
    280
    281	packets=(2 2 2 2 4 4 4 4 1 1 1 1 3 3 3 3)
    282	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::14
    283	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::15
    284	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::16
    285	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::17
    286
    287	$MZ -6 $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1
    288	flooding_check_packets "${packets[@]}"
    289	log_test "flood after 4 packets"
    290
    291	# Delete the last record, one entry at a time and make sure single
    292	# entries are correctly removed
    293	RET=0
    294
    295	packets=(2 2 2 2 4 5 5 5 1 1 1 1 3 3 3 3)
    296	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::6
    297
    298	$MZ -6 $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1
    299	flooding_check_packets "${packets[@]}"
    300	log_test "flood after 5 packets"
    301
    302	RET=0
    303
    304	packets=(2 2 2 2 4 5 6 6 1 1 1 1 3 3 3 3)
    305	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::7
    306
    307	$MZ -6 $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1
    308	flooding_check_packets "${packets[@]}"
    309	log_test "flood after 6 packets"
    310
    311	RET=0
    312
    313	packets=(2 2 2 2 4 5 6 7 1 1 1 1 3 3 3 3)
    314	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::8
    315
    316	$MZ -6 $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1
    317	flooding_check_packets "${packets[@]}"
    318	log_test "flood after 7 packets"
    319
    320	RET=0
    321
    322	packets=(2 2 2 2 4 5 6 7 1 1 1 1 3 3 3 3)
    323	bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 2001:db8:2::9
    324
    325	$MZ -6 $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1
    326	flooding_check_packets "${packets[@]}"
    327	log_test "flood after 8 packets"
    328
    329	flooding_filters_del $num_remotes
    330}
    331
    332trap cleanup EXIT
    333
    334setup_prepare
    335setup_wait
    336
    337tests_run
    338
    339exit $EXIT_STATUS