cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

pedit_ip.sh (4511B)

      1#!/bin/bash
      2# SPDX-License-Identifier: GPL-2.0
      3
      4# This test sends traffic from H1 to H2. Either on ingress of $swp1, or on
      5# egress of $swp2, the traffic is acted upon by a pedit action. An ingress
      6# filter installed on $h2 verifies that the packet looks like expected.
      7#
      8# +----------------------+                             +----------------------+
      9# | H1                   |                             |                   H2 |
     10# |    + $h1             |                             |            $h2 +     |
     11# |    | 192.0.2.1/28    |                             |   192.0.2.2/28 |     |
     12# +----|-----------------+                             +----------------|-----+
     13#      |                                                                |
     14# +----|----------------------------------------------------------------|-----+
     15# | SW |                                                                |     |
     16# |  +-|----------------------------------------------------------------|-+   |
     17# |  | + $swp1                       BR                           $swp2 + |   |
     18# |  +--------------------------------------------------------------------+   |
     19# +---------------------------------------------------------------------------+
     20
     21ALL_TESTS="
     22	ping_ipv4
     23	ping_ipv6
     24	test_ip4_src
     25	test_ip4_dst
     26	test_ip6_src
     27	test_ip6_dst
     28"
     29
     30NUM_NETIFS=4
     31source lib.sh
     32source tc_common.sh
     33
     34h1_create()
     35{
     36	simple_if_init $h1 192.0.2.1/28 2001:db8:1::1/64
     37}
     38
     39h1_destroy()
     40{
     41	simple_if_fini $h1 192.0.2.1/28 2001:db8:1::1/64
     42}
     43
     44h2_create()
     45{
     46	simple_if_init $h2 192.0.2.2/28 2001:db8:1::2/64
     47	tc qdisc add dev $h2 clsact
     48}
     49
     50h2_destroy()
     51{
     52	tc qdisc del dev $h2 clsact
     53	simple_if_fini $h2 192.0.2.2/28 2001:db8:1::2/64
     54}
     55
     56switch_create()
     57{
     58	ip link add name br1 up type bridge vlan_filtering 1
     59	ip link set dev $swp1 master br1
     60	ip link set dev $swp1 up
     61	ip link set dev $swp2 master br1
     62	ip link set dev $swp2 up
     63
     64	tc qdisc add dev $swp1 clsact
     65	tc qdisc add dev $swp2 clsact
     66}
     67
     68switch_destroy()
     69{
     70	tc qdisc del dev $swp2 clsact
     71	tc qdisc del dev $swp1 clsact
     72
     73	ip link set dev $swp2 down
     74	ip link set dev $swp2 nomaster
     75	ip link set dev $swp1 down
     76	ip link set dev $swp1 nomaster
     77	ip link del dev br1
     78}
     79
     80setup_prepare()
     81{
     82	h1=${NETIFS[p1]}
     83	swp1=${NETIFS[p2]}
     84
     85	swp2=${NETIFS[p3]}
     86	h2=${NETIFS[p4]}
     87
     88	h2mac=$(mac_get $h2)
     89
     90	vrf_prepare
     91	h1_create
     92	h2_create
     93	switch_create
     94}
     95
     96cleanup()
     97{
     98	pre_cleanup
     99
    100	switch_destroy
    101	h2_destroy
    102	h1_destroy
    103	vrf_cleanup
    104}
    105
    106ping_ipv4()
    107{
    108	ping_test $h1 192.0.2.2
    109}
    110
    111ping_ipv6()
    112{
    113	ping6_test $h1 2001:db8:1::2
    114}
    115
    116do_test_pedit_ip()
    117{
    118	local pedit_locus=$1; shift
    119	local pedit_action=$1; shift
    120	local match_prot=$1; shift
    121	local match_flower=$1; shift
    122	local mz_flags=$1; shift
    123
    124	tc filter add $pedit_locus handle 101 pref 1 \
    125	   flower action pedit ex munge $pedit_action
    126	tc filter add dev $h2 ingress handle 101 pref 1 prot $match_prot \
    127	   flower skip_hw $match_flower action pass
    128
    129	RET=0
    130
    131	$MZ $mz_flags $h1 -c 10 -d 20msec -p 100 -a own -b $h2mac -q -t ip
    132
    133	local pkts
    134	pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \
    135			tc_rule_handle_stats_get "dev $h2 ingress" 101)
    136	check_err $? "Expected to get 10 packets, but got $pkts."
    137
    138	pkts=$(tc_rule_handle_stats_get "$pedit_locus" 101)
    139	((pkts >= 10))
    140	check_err $? "Expected to get 10 packets on pedit rule, but got $pkts."
    141
    142	log_test "$pedit_locus pedit $pedit_action"
    143
    144	tc filter del dev $h2 ingress pref 1
    145	tc filter del $pedit_locus pref 1
    146}
    147
    148do_test_pedit_ip6()
    149{
    150	local locus=$1; shift
    151	local pedit_addr=$1; shift
    152	local flower_addr=$1; shift
    153
    154	do_test_pedit_ip "$locus" "$pedit_addr set 2001:db8:2::1" ipv6	\
    155			 "$flower_addr 2001:db8:2::1"			\
    156			 "-6 -A 2001:db8:1::1 -B 2001:db8:1::2"
    157}
    158
    159do_test_pedit_ip4()
    160{
    161	local locus=$1; shift
    162	local pedit_addr=$1; shift
    163	local flower_addr=$1; shift
    164
    165	do_test_pedit_ip "$locus" "$pedit_addr set 198.51.100.1" ip	\
    166			 "$flower_addr 198.51.100.1"			\
    167			 "-A 192.0.2.1 -B 192.0.2.2"
    168}
    169
    170test_ip4_src()
    171{
    172	do_test_pedit_ip4 "dev $swp1 ingress" "ip src" src_ip
    173	do_test_pedit_ip4 "dev $swp2 egress"  "ip src" src_ip
    174}
    175
    176test_ip4_dst()
    177{
    178	do_test_pedit_ip4 "dev $swp1 ingress" "ip dst" dst_ip
    179	do_test_pedit_ip4 "dev $swp2 egress"  "ip dst" dst_ip
    180}
    181
    182test_ip6_src()
    183{
    184	do_test_pedit_ip6 "dev $swp1 ingress" "ip6 src" src_ip
    185	do_test_pedit_ip6 "dev $swp2 egress"  "ip6 src" src_ip
    186}
    187
    188test_ip6_dst()
    189{
    190	do_test_pedit_ip6 "dev $swp1 ingress" "ip6 dst" dst_ip
    191	do_test_pedit_ip6 "dev $swp2 egress"  "ip6 dst" dst_ip
    192}
    193
    194trap cleanup EXIT
    195
    196setup_prepare
    197setup_wait
    198
    199tests_run
    200
    201exit $EXIT_STATUS