no_forwarding.sh - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
no_forwarding.sh (5592B)
      1#!/bin/bash
      2# SPDX-License-Identifier: GPL-2.0
      3
      4ALL_TESTS="standalone two_bridges one_bridge_two_pvids"
      5NUM_NETIFS=4
      6
      7source lib.sh
      8
      9h1=${NETIFS[p1]}
     10h2=${NETIFS[p3]}
     11swp1=${NETIFS[p2]}
     12swp2=${NETIFS[p4]}
     13
     14H1_IPV4="192.0.2.1"
     15H2_IPV4="192.0.2.2"
     16H1_IPV6="2001:db8:1::1"
     17H2_IPV6="2001:db8:1::2"
     18
     19IPV4_ALLNODES="224.0.0.1"
     20IPV6_ALLNODES="ff02::1"
     21MACV4_ALLNODES="01:00:5e:00:00:01"
     22MACV6_ALLNODES="33:33:00:00:00:01"
     23NON_IP_MC="01:02:03:04:05:06"
     24NON_IP_PKT="00:04 48:45:4c:4f"
     25BC="ff:ff:ff:ff:ff:ff"
     26
     27# The full 4K VLAN space is too much to check, so strategically pick some
     28# values which should provide reasonable coverage
     29vids=(0 1 2 5 10 20 50 100 200 500 1000 1000 2000 4000 4094)
     30
     31send_non_ip()
     32{
     33	local if_name=$1
     34	local smac=$2
     35	local dmac=$3
     36
     37	$MZ -q $if_name "$dmac $smac $NON_IP_PKT"
     38}
     39
     40send_uc_ipv4()
     41{
     42	local if_name=$1
     43	local dmac=$2
     44
     45	ip neigh add $H2_IPV4 lladdr $dmac dev $if_name
     46	ping_do $if_name $H2_IPV4
     47	ip neigh del $H2_IPV4 dev $if_name
     48}
     49
     50send_mc_ipv4()
     51{
     52	local if_name=$1
     53
     54	ping_do $if_name $IPV4_ALLNODES "-I $if_name"
     55}
     56
     57send_uc_ipv6()
     58{
     59	local if_name=$1
     60	local dmac=$2
     61
     62	ip -6 neigh add $H2_IPV6 lladdr $dmac dev $if_name
     63	ping6_do $if_name $H2_IPV6
     64	ip -6 neigh del $H2_IPV6 dev $if_name
     65}
     66
     67send_mc_ipv6()
     68{
     69	local if_name=$1
     70
     71	ping6_do $if_name $IPV6_ALLNODES%$if_name
     72}
     73
     74check_rcv()
     75{
     76	local if_name=$1
     77	local type=$2
     78	local pattern=$3
     79	local should_fail=1
     80
     81	RET=0
     82
     83	tcpdump_show $if_name | grep -q "$pattern"
     84
     85	check_err_fail "$should_fail" "$?" "reception"
     86
     87	log_test "$type"
     88}
     89
     90run_test()
     91{
     92	local test_name="$1"
     93	local smac=$(mac_get $h1)
     94	local dmac=$(mac_get $h2)
     95	local h1_ipv6_lladdr=$(ipv6_lladdr_get $h1)
     96	local vid=
     97
     98	echo "$test_name: Sending packets"
     99
    100	tcpdump_start $h2
    101
    102	send_non_ip $h1 $smac $dmac
    103	send_non_ip $h1 $smac $NON_IP_MC
    104	send_non_ip $h1 $smac $BC
    105	send_uc_ipv4 $h1 $dmac
    106	send_mc_ipv4 $h1
    107	send_uc_ipv6 $h1 $dmac
    108	send_mc_ipv6 $h1
    109
    110	for vid in "${vids[@]}"; do
    111		vlan_create $h1 $vid
    112		simple_if_init $h1.$vid $H1_IPV4/24 $H1_IPV6/64
    113
    114		send_non_ip $h1.$vid $smac $dmac
    115		send_non_ip $h1.$vid $smac $NON_IP_MC
    116		send_non_ip $h1.$vid $smac $BC
    117		send_uc_ipv4 $h1.$vid $dmac
    118		send_mc_ipv4 $h1.$vid
    119		send_uc_ipv6 $h1.$vid $dmac
    120		send_mc_ipv6 $h1.$vid
    121
    122		simple_if_fini $h1.$vid $H1_IPV4/24 $H1_IPV6/64
    123		vlan_destroy $h1 $vid
    124	done
    125
    126	sleep 1
    127
    128	echo "$test_name: Checking which packets were received"
    129
    130	tcpdump_stop $h2
    131
    132	check_rcv $h2 "$test_name: Unicast non-IP untagged" \
    133		"$smac > $dmac, 802.3, length 4:"
    134
    135	check_rcv $h2 "$test_name: Multicast non-IP untagged" \
    136		"$smac > $NON_IP_MC, 802.3, length 4:"
    137
    138	check_rcv $h2 "$test_name: Broadcast non-IP untagged" \
    139		"$smac > $BC, 802.3, length 4:"
    140
    141	check_rcv $h2 "$test_name: Unicast IPv4 untagged" \
    142		"$smac > $dmac, ethertype IPv4 (0x0800)"
    143
    144	check_rcv $h2 "$test_name: Multicast IPv4 untagged" \
    145		"$smac > $MACV4_ALLNODES, ethertype IPv4 (0x0800).*: $H1_IPV4 > $IPV4_ALLNODES"
    146
    147	check_rcv $h2 "$test_name: Unicast IPv6 untagged" \
    148		"$smac > $dmac, ethertype IPv6 (0x86dd).*8: $H1_IPV6 > $H2_IPV6"
    149
    150	check_rcv $h2 "$test_name: Multicast IPv6 untagged" \
    151		"$smac > $MACV6_ALLNODES, ethertype IPv6 (0x86dd).*: $h1_ipv6_lladdr > $IPV6_ALLNODES"
    152
    153	for vid in "${vids[@]}"; do
    154		check_rcv $h2 "$test_name: Unicast non-IP VID $vid" \
    155			"$smac > $dmac, ethertype 802.1Q (0x8100).*vlan $vid,.*length 4"
    156
    157		check_rcv $h2 "$test_name: Multicast non-IP VID $vid" \
    158			"$smac > $NON_IP_MC, ethertype 802.1Q (0x8100).*vlan $vid,.*length 4"
    159
    160		check_rcv $h2 "$test_name: Broadcast non-IP VID $vid" \
    161			"$smac > $BC, ethertype 802.1Q (0x8100).*vlan $vid,.*length 4"
    162
    163		check_rcv $h2 "$test_name: Unicast IPv4 VID $vid" \
    164			"$smac > $dmac, ethertype 802.1Q (0x8100).*vlan $vid,.*ethertype IPv4 (0x0800), $H1_IPV4 > $H2_IPV4"
    165
    166		check_rcv $h2 "$test_name: Multicast IPv4 VID $vid" \
    167			"$smac > $MACV4_ALLNODES, ethertype 802.1Q (0x8100).*vlan $vid,.*ethertype IPv4 (0x0800), $H1_IPV4 > $IPV4_ALLNODES"
    168
    169		check_rcv $h2 "$test_name: Unicast IPv6 VID $vid" \
    170			"$smac > $dmac, ethertype 802.1Q (0x8100).*vlan $vid,.*ethertype IPv6 (0x86dd), $H1_IPV6 > $H2_IPV6"
    171
    172		check_rcv $h2 "$test_name: Multicast IPv6 VID $vid" \
    173			"$smac > $MACV6_ALLNODES, ethertype 802.1Q (0x8100).*vlan $vid,.*ethertype IPv6 (0x86dd), $h1_ipv6_lladdr > $IPV6_ALLNODES"
    174	done
    175
    176	tcpdump_cleanup $h2
    177}
    178
    179standalone()
    180{
    181	run_test "Standalone switch ports"
    182}
    183
    184two_bridges()
    185{
    186	ip link add br0 type bridge && ip link set br0 up
    187	ip link add br1 type bridge && ip link set br1 up
    188	ip link set $swp1 master br0
    189	ip link set $swp2 master br1
    190
    191	run_test "Switch ports in different bridges"
    192
    193	ip link del br1
    194	ip link del br0
    195}
    196
    197one_bridge_two_pvids()
    198{
    199	ip link add br0 type bridge vlan_filtering 1 vlan_default_pvid 0
    200	ip link set br0 up
    201	ip link set $swp1 master br0
    202	ip link set $swp2 master br0
    203
    204	bridge vlan add dev $swp1 vid 1 pvid untagged
    205	bridge vlan add dev $swp1 vid 2 pvid untagged
    206
    207	run_test "Switch ports in VLAN-aware bridge with different PVIDs"
    208
    209	ip link del br0
    210}
    211
    212h1_create()
    213{
    214	simple_if_init $h1 $H1_IPV4/24 $H1_IPV6/64
    215}
    216
    217h1_destroy()
    218{
    219	simple_if_fini $h1 $H1_IPV4/24 $H1_IPV6/64
    220}
    221
    222h2_create()
    223{
    224	simple_if_init $h2 $H2_IPV4/24 $H2_IPV6/64
    225}
    226
    227h2_destroy()
    228{
    229	simple_if_fini $h2 $H2_IPV4/24 $H2_IPV6/64
    230}
    231
    232cleanup()
    233{
    234	pre_cleanup
    235
    236	h2_destroy
    237	h1_destroy
    238
    239	vrf_cleanup
    240}
    241
    242setup_prepare()
    243{
    244	vrf_prepare
    245
    246	h1_create
    247	h2_create
    248	# we call simple_if_init from the test itself, but setup_wait expects
    249	# that we call it from here, and waits until the interfaces are up
    250	ip link set dev $swp1 up
    251	ip link set dev $swp2 up
    252}
    253
    254trap cleanup EXIT
    255
    256setup_prepare
    257setup_wait
    258
    259tests_run
    260
    261exit $EXIT_STATUS