cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

pedit_dsfield.sh (6789B)

      1#!/bin/bash
      2# SPDX-License-Identifier: GPL-2.0
      3
      4# This test sends traffic from H1 to H2. Either on ingress of $swp1, or on
      5# egress of $swp2, the traffic is acted upon by a pedit action. An ingress
      6# filter installed on $h2 verifies that the packet looks like expected.
      7#
      8# +----------------------+                             +----------------------+
      9# | H1                   |                             |                   H2 |
     10# |    + $h1             |                             |            $h2 +     |
     11# |    | 192.0.2.1/28    |                             |   192.0.2.2/28 |     |
     12# +----|-----------------+                             +----------------|-----+
     13#      |                                                                |
     14# +----|----------------------------------------------------------------|-----+
     15# | SW |                                                                |     |
     16# |  +-|----------------------------------------------------------------|-+   |
     17# |  | + $swp1                       BR                           $swp2 + |   |
     18# |  +--------------------------------------------------------------------+   |
     19# +---------------------------------------------------------------------------+
     20
     21ALL_TESTS="
     22	ping_ipv4
     23	ping_ipv6
     24	test_ip_dsfield
     25	test_ip_dscp
     26	test_ip_ecn
     27	test_ip_dscp_ecn
     28	test_ip6_dsfield
     29	test_ip6_dscp
     30	test_ip6_ecn
     31"
     32
     33NUM_NETIFS=4
     34source lib.sh
     35source tc_common.sh
     36
     37: ${HIT_TIMEOUT:=2000} # ms
     38
     39h1_create()
     40{
     41	simple_if_init $h1 192.0.2.1/28 2001:db8:1::1/64
     42}
     43
     44h1_destroy()
     45{
     46	simple_if_fini $h1 192.0.2.1/28 2001:db8:1::1/64
     47}
     48
     49h2_create()
     50{
     51	simple_if_init $h2 192.0.2.2/28 2001:db8:1::2/64
     52	tc qdisc add dev $h2 clsact
     53}
     54
     55h2_destroy()
     56{
     57	tc qdisc del dev $h2 clsact
     58	simple_if_fini $h2 192.0.2.2/28 2001:db8:1::2/64
     59}
     60
     61switch_create()
     62{
     63	ip link add name br1 up type bridge vlan_filtering 1
     64	ip link set dev $swp1 master br1
     65	ip link set dev $swp1 up
     66	ip link set dev $swp2 master br1
     67	ip link set dev $swp2 up
     68
     69	tc qdisc add dev $swp1 clsact
     70	tc qdisc add dev $swp2 clsact
     71}
     72
     73switch_destroy()
     74{
     75	tc qdisc del dev $swp2 clsact
     76	tc qdisc del dev $swp1 clsact
     77
     78	ip link set dev $swp2 down
     79	ip link set dev $swp2 nomaster
     80	ip link set dev $swp1 down
     81	ip link set dev $swp1 nomaster
     82	ip link del dev br1
     83}
     84
     85setup_prepare()
     86{
     87	h1=${NETIFS[p1]}
     88	swp1=${NETIFS[p2]}
     89
     90	swp2=${NETIFS[p3]}
     91	h2=${NETIFS[p4]}
     92
     93	h2mac=$(mac_get $h2)
     94
     95	vrf_prepare
     96	h1_create
     97	h2_create
     98	switch_create
     99}
    100
    101cleanup()
    102{
    103	pre_cleanup
    104
    105	switch_destroy
    106	h2_destroy
    107	h1_destroy
    108	vrf_cleanup
    109}
    110
    111ping_ipv4()
    112{
    113	ping_test $h1 192.0.2.2
    114}
    115
    116ping_ipv6()
    117{
    118	ping6_test $h1 2001:db8:1::2
    119}
    120
    121do_test_pedit_dsfield_common()
    122{
    123	local pedit_locus=$1; shift
    124	local pedit_action=$1; shift
    125	local mz_flags=$1; shift
    126
    127	RET=0
    128
    129	# TOS 125: DSCP 31, ECN 1. Used for testing that the relevant part is
    130	# overwritten when zero is selected.
    131	$MZ $mz_flags $h1 -c 10 -d 20msec -p 100 \
    132	    -a own -b $h2mac -q -t tcp tos=0x7d,sp=54321,dp=12345
    133
    134	local pkts
    135	pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \
    136			tc_rule_handle_stats_get "dev $h2 ingress" 101)
    137	check_err $? "Expected to get 10 packets on test probe, but got $pkts."
    138
    139	pkts=$(tc_rule_handle_stats_get "$pedit_locus" 101)
    140	((pkts >= 10))
    141	check_err $? "Expected to get 10 packets on pedit rule, but got $pkts."
    142
    143	log_test "$pedit_locus pedit $pedit_action"
    144}
    145
    146do_test_pedit_dsfield()
    147{
    148	local pedit_locus=$1; shift
    149	local pedit_action=$1; shift
    150	local match_prot=$1; shift
    151	local match_flower=$1; shift
    152	local mz_flags=$1; shift
    153	local saddr=$1; shift
    154	local daddr=$1; shift
    155
    156	tc filter add $pedit_locus handle 101 pref 1 \
    157	   flower action pedit ex munge $pedit_action
    158	tc filter add dev $h2 ingress handle 101 pref 1 prot $match_prot \
    159	   flower skip_hw $match_flower action pass
    160
    161	do_test_pedit_dsfield_common "$pedit_locus" "$pedit_action" "$mz_flags"
    162
    163	tc filter del dev $h2 ingress pref 1
    164	tc filter del $pedit_locus pref 1
    165}
    166
    167do_test_ip_dsfield()
    168{
    169	local locus=$1; shift
    170	local dsfield
    171
    172	for dsfield in 0 1 2 3 128 252 253 254 255; do
    173		do_test_pedit_dsfield "$locus"				\
    174				      "ip dsfield set $dsfield"		\
    175				      ip "ip_tos $dsfield"		\
    176				      "-A 192.0.2.1 -B 192.0.2.2"
    177	done
    178}
    179
    180test_ip_dsfield()
    181{
    182	do_test_ip_dsfield "dev $swp1 ingress"
    183	do_test_ip_dsfield "dev $swp2 egress"
    184}
    185
    186do_test_ip_dscp()
    187{
    188	local locus=$1; shift
    189	local dscp
    190
    191	for dscp in 0 1 2 3 32 61 62 63; do
    192		do_test_pedit_dsfield "$locus"				       \
    193				  "ip dsfield set $((dscp << 2)) retain 0xfc"  \
    194				  ip "ip_tos $(((dscp << 2) | 1))"	       \
    195				  "-A 192.0.2.1 -B 192.0.2.2"
    196	done
    197}
    198
    199test_ip_dscp()
    200{
    201	do_test_ip_dscp "dev $swp1 ingress"
    202	do_test_ip_dscp "dev $swp2 egress"
    203}
    204
    205do_test_ip_ecn()
    206{
    207	local locus=$1; shift
    208	local ecn
    209
    210	for ecn in 0 1 2 3; do
    211		do_test_pedit_dsfield "$locus"				\
    212				      "ip dsfield set $ecn retain 0x03"	\
    213				      ip "ip_tos $((124 | $ecn))"	\
    214				      "-A 192.0.2.1 -B 192.0.2.2"
    215	done
    216}
    217
    218test_ip_ecn()
    219{
    220	do_test_ip_ecn "dev $swp1 ingress"
    221	do_test_ip_ecn "dev $swp2 egress"
    222}
    223
    224do_test_ip_dscp_ecn()
    225{
    226	local locus=$1; shift
    227
    228	tc filter add $locus handle 101 pref 1				\
    229	   flower action pedit ex munge ip dsfield set 124 retain 0xfc	\
    230		  action pedit ex munge ip dsfield set 1 retain 0x03
    231	tc filter add dev $h2 ingress handle 101 pref 1 prot ip		\
    232	   flower skip_hw ip_tos 125 action pass
    233
    234	do_test_pedit_dsfield_common "$locus" "set DSCP + set ECN"	\
    235				      "-A 192.0.2.1 -B 192.0.2.2"
    236
    237	tc filter del dev $h2 ingress pref 1
    238	tc filter del $locus pref 1
    239}
    240
    241test_ip_dscp_ecn()
    242{
    243	do_test_ip_dscp_ecn "dev $swp1 ingress"
    244	do_test_ip_dscp_ecn "dev $swp2 egress"
    245}
    246
    247do_test_ip6_dsfield()
    248{
    249	local locus=$1; shift
    250	local dsfield
    251
    252	for dsfield in 0 1 2 3 128 252 253 254 255; do
    253		do_test_pedit_dsfield "$locus"				\
    254				  "ip6 traffic_class set $dsfield"	\
    255				  ipv6 "ip_tos $dsfield"		\
    256				  "-6 -A 2001:db8:1::1 -B 2001:db8:1::2"
    257	done
    258}
    259
    260test_ip6_dsfield()
    261{
    262	do_test_ip6_dsfield "dev $swp1 ingress"
    263	do_test_ip6_dsfield "dev $swp2 egress"
    264}
    265
    266do_test_ip6_dscp()
    267{
    268	local locus=$1; shift
    269	local dscp
    270
    271	for dscp in 0 1 2 3 32 61 62 63; do
    272		do_test_pedit_dsfield "$locus"				       \
    273			    "ip6 traffic_class set $((dscp << 2)) retain 0xfc" \
    274			    ipv6 "ip_tos $(((dscp << 2) | 1))"		       \
    275			    "-6 -A 2001:db8:1::1 -B 2001:db8:1::2"
    276	done
    277}
    278
    279test_ip6_dscp()
    280{
    281	do_test_ip6_dscp "dev $swp1 ingress"
    282	do_test_ip6_dscp "dev $swp2 egress"
    283}
    284
    285do_test_ip6_ecn()
    286{
    287	local locus=$1; shift
    288	local ecn
    289
    290	for ecn in 0 1 2 3; do
    291		do_test_pedit_dsfield "$locus"				\
    292				"ip6 traffic_class set $ecn retain 0x3"	\
    293				ipv6 "ip_tos $((124 | $ecn))"		\
    294				"-6 -A 2001:db8:1::1 -B 2001:db8:1::2"
    295	done
    296}
    297
    298test_ip6_ecn()
    299{
    300	do_test_ip6_ecn "dev $swp1 ingress"
    301	do_test_ip6_ecn "dev $swp2 egress"
    302}
    303
    304trap cleanup EXIT
    305
    306setup_prepare
    307setup_wait
    308
    309tests_run
    310
    311exit $EXIT_STATUS