bridge_port_isolation.sh - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
bridge_port_isolation.sh (2378B)
      1#!/bin/bash
      2# SPDX-License-Identifier: GPL-2.0
      3
      4ALL_TESTS="ping_ipv4 ping_ipv6 flooding"
      5NUM_NETIFS=6
      6CHECK_TC="yes"
      7source lib.sh
      8
      9h1_create()
     10{
     11	simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64
     12}
     13
     14h1_destroy()
     15{
     16	simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
     17}
     18
     19h2_create()
     20{
     21	simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64
     22}
     23
     24h2_destroy()
     25{
     26	simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64
     27}
     28
     29h3_create()
     30{
     31	simple_if_init $h3 192.0.2.3/24 2001:db8:1::3/64
     32}
     33
     34h3_destroy()
     35{
     36	simple_if_fini $h3 192.0.2.3/24 2001:db8:1::3/64
     37}
     38
     39switch_create()
     40{
     41	ip link add dev br0 type bridge
     42
     43	ip link set dev $swp1 master br0
     44	ip link set dev $swp2 master br0
     45	ip link set dev $swp3 master br0
     46
     47	ip link set dev $swp1 type bridge_slave isolated on
     48	check_err $? "Can't set isolation on port $swp1"
     49	ip link set dev $swp2 type bridge_slave isolated on
     50	check_err $? "Can't set isolation on port $swp2"
     51	ip link set dev $swp3 type bridge_slave isolated off
     52	check_err $? "Can't disable isolation on port $swp3"
     53
     54	ip link set dev br0 up
     55	ip link set dev $swp1 up
     56	ip link set dev $swp2 up
     57	ip link set dev $swp3 up
     58}
     59
     60switch_destroy()
     61{
     62	ip link set dev $swp3 down
     63	ip link set dev $swp2 down
     64	ip link set dev $swp1 down
     65
     66	ip link del dev br0
     67}
     68
     69setup_prepare()
     70{
     71	h1=${NETIFS[p1]}
     72	swp1=${NETIFS[p2]}
     73
     74	swp2=${NETIFS[p3]}
     75	h2=${NETIFS[p4]}
     76
     77	swp3=${NETIFS[p5]}
     78	h3=${NETIFS[p6]}
     79
     80	vrf_prepare
     81
     82	h1_create
     83	h2_create
     84	h3_create
     85
     86	switch_create
     87}
     88
     89cleanup()
     90{
     91	pre_cleanup
     92
     93	switch_destroy
     94
     95	h3_destroy
     96	h2_destroy
     97	h1_destroy
     98
     99	vrf_cleanup
    100}
    101
    102ping_ipv4()
    103{
    104	RET=0
    105	ping_do $h1 192.0.2.2
    106	check_fail $? "Ping worked when it should not have"
    107
    108	RET=0
    109	ping_do $h3 192.0.2.2
    110	check_err $? "Ping didn't work when it should have"
    111
    112	log_test "Isolated port ping"
    113}
    114
    115ping_ipv6()
    116{
    117	RET=0
    118	ping6_do $h1 2001:db8:1::2
    119	check_fail $? "Ping6 worked when it should not have"
    120
    121	RET=0
    122	ping6_do $h3 2001:db8:1::2
    123	check_err $? "Ping6 didn't work when it should have"
    124
    125	log_test "Isolated port ping6"
    126}
    127
    128flooding()
    129{
    130	local mac=de:ad:be:ef:13:37
    131	local ip=192.0.2.100
    132
    133	RET=0
    134	flood_test_do false $mac $ip $h1 $h2
    135	check_err $? "Packet was flooded when it should not have been"
    136
    137	RET=0
    138	flood_test_do true $mac $ip $h3 $h2
    139	check_err $? "Packet was not flooded when it should have been"
    140
    141	log_test "Isolated port flooding"
    142}
    143
    144trap cleanup EXIT
    145
    146setup_prepare
    147setup_wait
    148
    149tests_run
    150
    151exit $EXIT_STATUS