cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

pedit_l4port.sh (4564B)

      1#!/bin/bash
      2# SPDX-License-Identifier: GPL-2.0
      3
      4# This test sends traffic from H1 to H2. Either on ingress of $swp1, or on egress of $swp2, the
      5# traffic is acted upon by a pedit action. An ingress filter installed on $h2 verifies that the
      6# packet looks like expected.
      7#
      8# +----------------------+                             +----------------------+
      9# | H1                   |                             |                   H2 |
     10# |    + $h1             |                             |            $h2 +     |
     11# |    | 192.0.2.1/28    |                             |   192.0.2.2/28 |     |
     12# +----|-----------------+                             +----------------|-----+
     13#      |                                                                |
     14# +----|----------------------------------------------------------------|-----+
     15# | SW |                                                                |     |
     16# |  +-|----------------------------------------------------------------|-+   |
     17# |  | + $swp1                       BR                           $swp2 + |   |
     18# |  +--------------------------------------------------------------------+   |
     19# +---------------------------------------------------------------------------+
     20
     21ALL_TESTS="
     22	ping_ipv4
     23	test_udp_sport
     24	test_udp_dport
     25	test_tcp_sport
     26	test_tcp_dport
     27"
     28
     29NUM_NETIFS=4
     30source lib.sh
     31source tc_common.sh
     32
     33: ${HIT_TIMEOUT:=2000} # ms
     34
     35h1_create()
     36{
     37	simple_if_init $h1 192.0.2.1/28 2001:db8:1::1/64
     38}
     39
     40h1_destroy()
     41{
     42	simple_if_fini $h1 192.0.2.1/28 2001:db8:1::1/64
     43}
     44
     45h2_create()
     46{
     47	simple_if_init $h2 192.0.2.2/28 2001:db8:1::2/64
     48	tc qdisc add dev $h2 clsact
     49}
     50
     51h2_destroy()
     52{
     53	tc qdisc del dev $h2 clsact
     54	simple_if_fini $h2 192.0.2.2/28 2001:db8:1::2/64
     55}
     56
     57switch_create()
     58{
     59	ip link add name br1 up type bridge vlan_filtering 1
     60	ip link set dev $swp1 master br1
     61	ip link set dev $swp1 up
     62	ip link set dev $swp2 master br1
     63	ip link set dev $swp2 up
     64
     65	tc qdisc add dev $swp1 clsact
     66	tc qdisc add dev $swp2 clsact
     67}
     68
     69switch_destroy()
     70{
     71	tc qdisc del dev $swp2 clsact
     72	tc qdisc del dev $swp1 clsact
     73
     74	ip link set dev $swp2 down
     75	ip link set dev $swp2 nomaster
     76	ip link set dev $swp1 down
     77	ip link set dev $swp1 nomaster
     78	ip link del dev br1
     79}
     80
     81setup_prepare()
     82{
     83	h1=${NETIFS[p1]}
     84	swp1=${NETIFS[p2]}
     85
     86	swp2=${NETIFS[p3]}
     87	h2=${NETIFS[p4]}
     88
     89	h2mac=$(mac_get $h2)
     90
     91	vrf_prepare
     92	h1_create
     93	h2_create
     94	switch_create
     95}
     96
     97cleanup()
     98{
     99	pre_cleanup
    100
    101	switch_destroy
    102	h2_destroy
    103	h1_destroy
    104	vrf_cleanup
    105}
    106
    107ping_ipv4()
    108{
    109	ping_test $h1 192.0.2.2
    110}
    111
    112ping_ipv6()
    113{
    114	ping6_test $h1 2001:db8:1::2
    115}
    116
    117do_test_pedit_l4port_one()
    118{
    119	local pedit_locus=$1; shift
    120	local pedit_prot=$1; shift
    121	local pedit_action=$1; shift
    122	local match_prot=$1; shift
    123	local match_flower=$1; shift
    124	local mz_flags=$1; shift
    125	local saddr=$1; shift
    126	local daddr=$1; shift
    127
    128	tc filter add $pedit_locus handle 101 pref 1 \
    129	   flower action pedit ex munge $pedit_action
    130	tc filter add dev $h2 ingress handle 101 pref 1 prot $match_prot \
    131	   flower skip_hw $match_flower action pass
    132
    133	RET=0
    134
    135	$MZ $mz_flags $h1 -c 10 -d 20msec -p 100 \
    136	    -a own -b $h2mac -q -t $pedit_prot sp=54321,dp=12345
    137
    138	local pkts
    139	pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \
    140			tc_rule_handle_stats_get "dev $h2 ingress" 101)
    141	check_err $? "Expected to get 10 packets, but got $pkts."
    142
    143	pkts=$(tc_rule_handle_stats_get "$pedit_locus" 101)
    144	((pkts >= 10))
    145	check_err $? "Expected to get 10 packets on pedit rule, but got $pkts."
    146
    147	log_test "$pedit_locus pedit $pedit_action"
    148
    149	tc filter del dev $h2 ingress pref 1
    150	tc filter del $pedit_locus pref 1
    151}
    152
    153do_test_pedit_l4port()
    154{
    155	local locus=$1; shift
    156	local prot=$1; shift
    157	local pedit_port=$1; shift
    158	local flower_port=$1; shift
    159	local port
    160
    161	for port in 1 11111 65535; do
    162		do_test_pedit_l4port_one "$locus" "$prot"			\
    163					 "$prot $pedit_port set $port"		\
    164					 ip "ip_proto $prot $flower_port $port"	\
    165					 "-A 192.0.2.1 -B 192.0.2.2"
    166	done
    167}
    168
    169test_udp_sport()
    170{
    171	do_test_pedit_l4port "dev $swp1 ingress" udp sport src_port
    172	do_test_pedit_l4port "dev $swp2 egress"  udp sport src_port
    173}
    174
    175test_udp_dport()
    176{
    177	do_test_pedit_l4port "dev $swp1 ingress" udp dport dst_port
    178	do_test_pedit_l4port "dev $swp2 egress"  udp dport dst_port
    179}
    180
    181test_tcp_sport()
    182{
    183	do_test_pedit_l4port "dev $swp1 ingress" tcp sport src_port
    184	do_test_pedit_l4port "dev $swp2 egress"  tcp sport src_port
    185}
    186
    187test_tcp_dport()
    188{
    189	do_test_pedit_l4port "dev $swp1 ingress" tcp dport dst_port
    190	do_test_pedit_l4port "dev $swp2 egress"  tcp dport dst_port
    191}
    192
    193trap cleanup EXIT
    194
    195setup_prepare
    196setup_wait
    197
    198tests_run
    199
    200exit $EXIT_STATUS