linux-zen-desktop/tools/testing/selftests/drivers/net/mlxsw/one_armed_router.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# Test a "one-armed router" [1] scenario. Packets forwarded between H1 and H2
# should be forwarded by the ASIC, but also trapped so that ICMP redirect
# packets could be potentially generated.
#
# 1. https://en.wikipedia.org/wiki/One-armed_router
#
# +---------------------------------+
# | H1 (vrf)                        |
# |    + $h1                        |
# |    | 192.0.2.1/24               |
# |    | 2001:db8:1::1/64           |
# |    |                            |
# |    |  default via 192.0.2.2     |
# |    |  default via 2001:db8:1::2 |
# +----|----------------------------+
#      |
# +----|----------------------------------------------------------------------+
# | SW |                                                                      |
# | +--|--------------------------------------------------------------------+ |
# | |  + $swp1                   BR0 (802.1d)                               | |
# | |                                                                       | |
# | |                            192.0.2.2/24                               | |
# | |                          2001:db8:1::2/64                             | |
# | |                           198.51.100.2/24                             | |
# | |                          2001:db8:2::2/64                             | |
# | |                                                                       | |
# | |  + $swp2                                                              | |
# | +--|--------------------------------------------------------------------+ |
# |    |                                                                      |
# +----|----------------------------------------------------------------------+
#      |
# +----|----------------------------+
# |    |  default via 198.51.100.2  |
# |    |  default via 2001:db8:2::2 |
# |    |                            |
# |    | 2001:db8:2::1/64           |
# |    | 198.51.100.1/24            |
# |    + $h2                        |
# | H2 (vrf)                        |
# +---------------------------------+

lib_dir=$(dirname $0)/../../../net/forwarding

ALL_TESTS="ping_ipv4 ping_ipv6 fwd_mark_ipv4 fwd_mark_ipv6"
NUM_NETIFS=4
source $lib_dir/tc_common.sh
source $lib_dir/lib.sh

h1_create()
{
	simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64

	ip -4 route add default vrf v$h1 nexthop via 192.0.2.2
	ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2
}

h1_destroy()
{
	ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2
	ip -4 route del default vrf v$h1 nexthop via 192.0.2.2

	simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
}

h2_create()
{
	simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64

	ip -4 route add default vrf v$h2 nexthop via 198.51.100.2
	ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2
}

h2_destroy()
{
	ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2
	ip -4 route del default vrf v$h2 nexthop via 198.51.100.2

	simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64
}

switch_create()
{
	ip link add name br0 type bridge mcast_snooping 0
	ip link set dev br0 up

	ip link set dev $swp1 master br0
	ip link set dev $swp1 up
	ip link set dev $swp2 master br0
	ip link set dev $swp2 up

	tc qdisc add dev $swp1 clsact
	tc qdisc add dev $swp2 clsact

	__addr_add_del br0 add 192.0.2.2/24 2001:db8:1::2/64
	__addr_add_del br0 add 198.51.100.2/24 2001:db8:2::2/64
}

switch_destroy()
{
	__addr_add_del br0 del 198.51.100.2/24 2001:db8:2::2/64
	__addr_add_del br0 del 192.0.2.2/24 2001:db8:1::2/64

	tc qdisc del dev $swp2 clsact
	tc qdisc del dev $swp1 clsact

	ip link set dev $swp2 down
	ip link set dev $swp2 nomaster
	ip link set dev $swp1 down
	ip link set dev $swp1 nomaster

	ip link set dev br0 down
	ip link del dev br0
}

ping_ipv4()
{
	ping_test $h1 198.51.100.1 ": h1->h2"
}

ping_ipv6()
{
	ping6_test $h1 2001:db8:2::1 ": h1->h2"
}

fwd_mark_ipv4()
{
	# Transmit packets from H1 to H2 and make sure they are trapped at
	# swp1 due to loopback error, but only forwarded by the ASIC through
	# swp2

	tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
		skip_hw dst_ip 198.51.100.1 ip_proto udp dst_port 52768 \
		action pass

	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 flower \
		skip_hw dst_ip 198.51.100.1 ip_proto udp dst_port 52768 \
		action pass

	tc filter add dev $swp2 egress protocol ip pref 2 handle 102 flower \
		skip_sw dst_ip 198.51.100.1 ip_proto udp dst_port 52768 \
		action pass

	ip vrf exec v$h1 $MZ $h1 -c 10 -d 100msec -p 64 -A 192.0.2.1 \
		-B 198.51.100.1 -t udp dp=52768,sp=42768 -q

	RET=0

	tc_check_packets "dev $swp1 ingress" 101 10
	check_err $?

	log_test "fwd mark: trapping IPv4 packets due to LBERROR"

	RET=0

	tc_check_packets "dev $swp2 egress" 101 0
	check_err $?

	log_test "fwd mark: forwarding IPv4 packets in software"

	RET=0

	tc_check_packets "dev $swp2 egress" 102 10
	check_err $?

	log_test "fwd mark: forwarding IPv4 packets in hardware"

	tc filter del dev $swp2 egress protocol ip pref 2 handle 102 flower
	tc filter del dev $swp2 egress protocol ip pref 1 handle 101 flower
	tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower
}

fwd_mark_ipv6()
{
	tc filter add dev $swp1 ingress protocol ipv6 pref 1 handle 101 flower \
		skip_hw dst_ip 2001:db8:2::1 ip_proto udp dst_port 52768 \
		action pass

	tc filter add dev $swp2 egress protocol ipv6 pref 1 handle 101 flower \
		skip_hw dst_ip 2001:db8:2::1 ip_proto udp dst_port 52768 \
		action pass

	tc filter add dev $swp2 egress protocol ipv6 pref 2 handle 102 flower \
		skip_sw dst_ip 2001:db8:2::1 ip_proto udp dst_port 52768 \
		action pass

	ip vrf exec v$h1 $MZ $h1 -6 -c 10 -d 100msec -p 64 -A 2001:db8:1::1 \
		-B 2001:db8:2::1 -t udp dp=52768,sp=42768 -q

	RET=0

	tc_check_packets "dev $swp1 ingress" 101 10
	check_err $?

	log_test "fwd mark: trapping IPv6 packets due to LBERROR"

	RET=0

	tc_check_packets "dev $swp2 egress" 101 0
	check_err $?

	log_test "fwd mark: forwarding IPv6 packets in software"

	RET=0

	tc_check_packets "dev $swp2 egress" 102 10
	check_err $?

	log_test "fwd mark: forwarding IPv6 packets in hardware"

	tc filter del dev $swp2 egress protocol ipv6 pref 2 handle 102 flower
	tc filter del dev $swp2 egress protocol ipv6 pref 1 handle 101 flower
	tc filter del dev $swp1 ingress protocol ipv6 pref 1 handle 101 flower
}

setup_prepare()
{
	h1=${NETIFS[p1]}
	swp1=${NETIFS[p2]}

	swp2=${NETIFS[p3]}
	h2=${NETIFS[p4]}

	vrf_prepare
	forwarding_enable

	sysctl_set net.ipv4.conf.all.accept_redirects 0
	sysctl_set net.ipv6.conf.all.accept_redirects 0

	h1_create
	h2_create
	switch_create
}

cleanup()
{
	pre_cleanup

	switch_destroy
	h2_destroy
	h1_destroy

	sysctl_restore net.ipv6.conf.all.accept_redirects
	sysctl_restore net.ipv4.conf.all.accept_redirects

	forwarding_restore
	vrf_cleanup
}

trap cleanup EXIT

setup_prepare
setup_wait

tests_run

exit $EXIT_STATUS
Initial commit 2023-08-30 17:31:07 +02:00			`#!/bin/bash`
			`# SPDX-License-Identifier: GPL-2.0`
			`#`
			`# Test a "one-armed router" [1] scenario. Packets forwarded between H1 and H2`
			`# should be forwarded by the ASIC, but also trapped so that ICMP redirect`
			`# packets could be potentially generated.`
			`#`
			`# 1. https://en.wikipedia.org/wiki/One-armed_router`
			`#`
			`# +---------------------------------+`
			`# \| H1 (vrf) \|`
			`# \| + $h1 \|`
			`# \| \| 192.0.2.1/24 \|`
			`# \| \| 2001:db8:1::1/64 \|`
			`# \| \| \|`
			`# \| \| default via 192.0.2.2 \|`
			`# \| \| default via 2001:db8:1::2 \|`
			`# +----\|----------------------------+`
			`# \|`
			`# +----\|----------------------------------------------------------------------+`
			`# \| SW \| \|`
			`# \| +--\|--------------------------------------------------------------------+ \|`
			`# \| \| + $swp1 BR0 (802.1d) \| \|`
			`# \| \| \| \|`
			`# \| \| 192.0.2.2/24 \| \|`
			`# \| \| 2001:db8:1::2/64 \| \|`
			`# \| \| 198.51.100.2/24 \| \|`
			`# \| \| 2001:db8:2::2/64 \| \|`
			`# \| \| \| \|`
			`# \| \| + $swp2 \| \|`
			`# \| +--\|--------------------------------------------------------------------+ \|`
			`# \| \| \|`
			`# +----\|----------------------------------------------------------------------+`
			`# \|`
			`# +----\|----------------------------+`
			`# \| \| default via 198.51.100.2 \|`
			`# \| \| default via 2001:db8:2::2 \|`
			`# \| \| \|`
			`# \| \| 2001:db8:2::1/64 \|`
			`# \| \| 198.51.100.1/24 \|`
			`# \| + $h2 \|`
			`# \| H2 (vrf) \|`
			`# +---------------------------------+`

			`lib_dir=$(dirname $0)/../../../net/forwarding`

			`ALL_TESTS="ping_ipv4 ping_ipv6 fwd_mark_ipv4 fwd_mark_ipv6"`
			`NUM_NETIFS=4`
			`source $lib_dir/tc_common.sh`
			`source $lib_dir/lib.sh`

			`h1_create()`
			`{`
			`simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64`

			`ip -4 route add default vrf v$h1 nexthop via 192.0.2.2`
			`ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2`
			`}`

			`h1_destroy()`
			`{`
			`ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2`
			`ip -4 route del default vrf v$h1 nexthop via 192.0.2.2`

			`simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64`
			`}`

			`h2_create()`
			`{`
			`simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64`

			`ip -4 route add default vrf v$h2 nexthop via 198.51.100.2`
			`ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2`
			`}`

			`h2_destroy()`
			`{`
			`ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2`
			`ip -4 route del default vrf v$h2 nexthop via 198.51.100.2`

			`simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64`
			`}`

			`switch_create()`
			`{`
			`ip link add name br0 type bridge mcast_snooping 0`
			`ip link set dev br0 up`

			`ip link set dev $swp1 master br0`
			`ip link set dev $swp1 up`
			`ip link set dev $swp2 master br0`
			`ip link set dev $swp2 up`

			`tc qdisc add dev $swp1 clsact`
			`tc qdisc add dev $swp2 clsact`

			`__addr_add_del br0 add 192.0.2.2/24 2001:db8:1::2/64`
			`__addr_add_del br0 add 198.51.100.2/24 2001:db8:2::2/64`
			`}`

			`switch_destroy()`
			`{`
			`__addr_add_del br0 del 198.51.100.2/24 2001:db8:2::2/64`
			`__addr_add_del br0 del 192.0.2.2/24 2001:db8:1::2/64`

			`tc qdisc del dev $swp2 clsact`
			`tc qdisc del dev $swp1 clsact`

			`ip link set dev $swp2 down`
			`ip link set dev $swp2 nomaster`
			`ip link set dev $swp1 down`
			`ip link set dev $swp1 nomaster`

			`ip link set dev br0 down`
			`ip link del dev br0`
			`}`

			`ping_ipv4()`
			`{`
			`ping_test $h1 198.51.100.1 ": h1->h2"`
			`}`

			`ping_ipv6()`
			`{`
			`ping6_test $h1 2001:db8:2::1 ": h1->h2"`
			`}`

			`fwd_mark_ipv4()`
			`{`
			`# Transmit packets from H1 to H2 and make sure they are trapped at`
			`# swp1 due to loopback error, but only forwarded by the ASIC through`
			`# swp2`

			`tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \`
			`skip_hw dst_ip 198.51.100.1 ip_proto udp dst_port 52768 \`
			`action pass`

			`tc filter add dev $swp2 egress protocol ip pref 1 handle 101 flower \`
			`skip_hw dst_ip 198.51.100.1 ip_proto udp dst_port 52768 \`
			`action pass`

			`tc filter add dev $swp2 egress protocol ip pref 2 handle 102 flower \`
			`skip_sw dst_ip 198.51.100.1 ip_proto udp dst_port 52768 \`
			`action pass`

			`ip vrf exec v$h1 $MZ $h1 -c 10 -d 100msec -p 64 -A 192.0.2.1 \`
			`-B 198.51.100.1 -t udp dp=52768,sp=42768 -q`

			`RET=0`

			`tc_check_packets "dev $swp1 ingress" 101 10`
			`check_err $?`

			`log_test "fwd mark: trapping IPv4 packets due to LBERROR"`

			`RET=0`

			`tc_check_packets "dev $swp2 egress" 101 0`
			`check_err $?`

			`log_test "fwd mark: forwarding IPv4 packets in software"`

			`RET=0`

			`tc_check_packets "dev $swp2 egress" 102 10`
			`check_err $?`

			`log_test "fwd mark: forwarding IPv4 packets in hardware"`

			`tc filter del dev $swp2 egress protocol ip pref 2 handle 102 flower`
			`tc filter del dev $swp2 egress protocol ip pref 1 handle 101 flower`
			`tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower`
			`}`

			`fwd_mark_ipv6()`
			`{`
			`tc filter add dev $swp1 ingress protocol ipv6 pref 1 handle 101 flower \`
			`skip_hw dst_ip 2001:db8:2::1 ip_proto udp dst_port 52768 \`
			`action pass`

			`tc filter add dev $swp2 egress protocol ipv6 pref 1 handle 101 flower \`
			`skip_hw dst_ip 2001:db8:2::1 ip_proto udp dst_port 52768 \`
			`action pass`

			`tc filter add dev $swp2 egress protocol ipv6 pref 2 handle 102 flower \`
			`skip_sw dst_ip 2001:db8:2::1 ip_proto udp dst_port 52768 \`
			`action pass`

			`ip vrf exec v$h1 $MZ $h1 -6 -c 10 -d 100msec -p 64 -A 2001:db8:1::1 \`
			`-B 2001:db8:2::1 -t udp dp=52768,sp=42768 -q`

			`RET=0`

			`tc_check_packets "dev $swp1 ingress" 101 10`
			`check_err $?`

			`log_test "fwd mark: trapping IPv6 packets due to LBERROR"`

			`RET=0`

			`tc_check_packets "dev $swp2 egress" 101 0`
			`check_err $?`

			`log_test "fwd mark: forwarding IPv6 packets in software"`

			`RET=0`

			`tc_check_packets "dev $swp2 egress" 102 10`
			`check_err $?`

			`log_test "fwd mark: forwarding IPv6 packets in hardware"`

			`tc filter del dev $swp2 egress protocol ipv6 pref 2 handle 102 flower`
			`tc filter del dev $swp2 egress protocol ipv6 pref 1 handle 101 flower`
			`tc filter del dev $swp1 ingress protocol ipv6 pref 1 handle 101 flower`
			`}`

			`setup_prepare()`
			`{`
			`h1=${NETIFS[p1]}`
			`swp1=${NETIFS[p2]}`

			`swp2=${NETIFS[p3]}`
			`h2=${NETIFS[p4]}`

			`vrf_prepare`
			`forwarding_enable`

			`sysctl_set net.ipv4.conf.all.accept_redirects 0`
			`sysctl_set net.ipv6.conf.all.accept_redirects 0`

			`h1_create`
			`h2_create`
			`switch_create`
			`}`

			`cleanup()`
			`{`
			`pre_cleanup`

			`switch_destroy`
			`h2_destroy`
			`h1_destroy`

			`sysctl_restore net.ipv6.conf.all.accept_redirects`
			`sysctl_restore net.ipv4.conf.all.accept_redirects`

			`forwarding_restore`
			`vrf_cleanup`
			`}`

			`trap cleanup EXIT`

			`setup_prepare`
			`setup_wait`

			`tests_run`

			`exit $EXIT_STATUS`