File: //usr/src/linux-headers-5.4.0-52/tools/testing/selftests/drivers/net/mlxsw/devlink_trap_l2_drops.sh
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# Test devlink-trap L2 drops functionality over mlxsw. Each registered L2 drop
# packet trap is tested to make sure it is triggered under the right
# conditions.
lib_dir=$(dirname $0)/../../../net/forwarding
ALL_TESTS="
source_mac_is_multicast_test
vlan_tag_mismatch_test
ingress_vlan_filter_test
ingress_stp_filter_test
port_list_is_empty_test
port_loopback_filter_test
"
NUM_NETIFS=4
source $lib_dir/tc_common.sh
source $lib_dir/lib.sh
source $lib_dir/devlink_lib.sh
h1_create()
{
simple_if_init $h1
}
h1_destroy()
{
simple_if_fini $h1
}
h2_create()
{
simple_if_init $h2
}
h2_destroy()
{
simple_if_fini $h2
}
switch_create()
{
ip link add dev br0 type bridge vlan_filtering 1 mcast_snooping 0
ip link set dev $swp1 master br0
ip link set dev $swp2 master br0
ip link set dev br0 up
ip link set dev $swp1 up
ip link set dev $swp2 up
tc qdisc add dev $swp2 clsact
}
switch_destroy()
{
tc qdisc del dev $swp2 clsact
ip link set dev $swp2 down
ip link set dev $swp1 down
ip link del dev br0
}
setup_prepare()
{
h1=${NETIFS[p1]}
swp1=${NETIFS[p2]}
swp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
vrf_prepare
h1_create
h2_create
switch_create
}
cleanup()
{
pre_cleanup
switch_destroy
h2_destroy
h1_destroy
vrf_cleanup
}
l2_drops_test()
{
local trap_name=$1; shift
local group_name=$1; shift
# This is the common part of all the tests. It checks that stats are
# initially idle, then non-idle after changing the trap action and
# finally idle again. It also makes sure the packets are dropped and
# never forwarded.
devlink_trap_stats_idle_test $trap_name
check_err $? "Trap stats not idle with initial drop action"
devlink_trap_group_stats_idle_test $group_name
check_err $? "Trap group stats not idle with initial drop action"
devlink_trap_action_set $trap_name "trap"
devlink_trap_stats_idle_test $trap_name
check_fail $? "Trap stats idle after setting action to trap"
devlink_trap_group_stats_idle_test $group_name
check_fail $? "Trap group stats idle after setting action to trap"
devlink_trap_action_set $trap_name "drop"
devlink_trap_stats_idle_test $trap_name
check_err $? "Trap stats not idle after setting action to drop"
devlink_trap_group_stats_idle_test $group_name
check_err $? "Trap group stats not idle after setting action to drop"
tc_check_packets "dev $swp2 egress" 101 0
check_err $? "Packets were not dropped"
}
l2_drops_cleanup()
{
local mz_pid=$1; shift
kill $mz_pid && wait $mz_pid &> /dev/null
tc filter del dev $swp2 egress protocol ip pref 1 handle 101 flower
}
source_mac_is_multicast_test()
{
local trap_name="source_mac_is_multicast"
local smac=01:02:03:04:05:06
local group_name="l2_drops"
local mz_pid
tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
flower src_mac $smac action drop
$MZ $h1 -c 0 -p 100 -a $smac -b bcast -t ip -d 1msec -q &
mz_pid=$!
RET=0
l2_drops_test $trap_name $group_name
log_test "Source MAC is multicast"
l2_drops_cleanup $mz_pid
}
__vlan_tag_mismatch_test()
{
local trap_name="vlan_tag_mismatch"
local dmac=de:ad:be:ef:13:37
local group_name="l2_drops"
local opt=$1; shift
local mz_pid
# Remove PVID flag. This should prevent untagged and prio-tagged
# packets from entering the bridge.
bridge vlan add vid 1 dev $swp1 untagged master
tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
flower dst_mac $dmac action drop
$MZ $h1 "$opt" -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
mz_pid=$!
l2_drops_test $trap_name $group_name
# Add PVID and make sure packets are no longer dropped.
bridge vlan add vid 1 dev $swp1 pvid untagged master
devlink_trap_action_set $trap_name "trap"
devlink_trap_stats_idle_test $trap_name
check_err $? "Trap stats not idle when packets should not be dropped"
devlink_trap_group_stats_idle_test $group_name
check_err $? "Trap group stats not idle with when packets should not be dropped"
tc_check_packets "dev $swp2 egress" 101 0
check_fail $? "Packets not forwarded when should"
devlink_trap_action_set $trap_name "drop"
l2_drops_cleanup $mz_pid
}
vlan_tag_mismatch_untagged_test()
{
RET=0
__vlan_tag_mismatch_test
log_test "VLAN tag mismatch - untagged packets"
}
vlan_tag_mismatch_vid_0_test()
{
RET=0
__vlan_tag_mismatch_test "-Q 0"
log_test "VLAN tag mismatch - prio-tagged packets"
}
vlan_tag_mismatch_test()
{
vlan_tag_mismatch_untagged_test
vlan_tag_mismatch_vid_0_test
}
ingress_vlan_filter_test()
{
local trap_name="ingress_vlan_filter"
local dmac=de:ad:be:ef:13:37
local group_name="l2_drops"
local mz_pid
local vid=10
bridge vlan add vid $vid dev $swp2 master
RET=0
tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
flower dst_mac $dmac action drop
$MZ $h1 -Q $vid -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
mz_pid=$!
l2_drops_test $trap_name $group_name
# Add the VLAN on the bridge port and make sure packets are no longer
# dropped.
bridge vlan add vid $vid dev $swp1 master
devlink_trap_action_set $trap_name "trap"
devlink_trap_stats_idle_test $trap_name
check_err $? "Trap stats not idle when packets should not be dropped"
devlink_trap_group_stats_idle_test $group_name
check_err $? "Trap group stats not idle with when packets should not be dropped"
tc_check_packets "dev $swp2 egress" 101 0
check_fail $? "Packets not forwarded when should"
devlink_trap_action_set $trap_name "drop"
log_test "Ingress VLAN filter"
l2_drops_cleanup $mz_pid
bridge vlan del vid $vid dev $swp1 master
bridge vlan del vid $vid dev $swp2 master
}
__ingress_stp_filter_test()
{
local trap_name="ingress_spanning_tree_filter"
local dmac=de:ad:be:ef:13:37
local group_name="l2_drops"
local state=$1; shift
local mz_pid
local vid=20
bridge vlan add vid $vid dev $swp2 master
bridge vlan add vid $vid dev $swp1 master
ip link set dev $swp1 type bridge_slave state $state
tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
flower dst_mac $dmac action drop
$MZ $h1 -Q $vid -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
mz_pid=$!
l2_drops_test $trap_name $group_name
# Change STP state to forwarding and make sure packets are no longer
# dropped.
ip link set dev $swp1 type bridge_slave state 3
devlink_trap_action_set $trap_name "trap"
devlink_trap_stats_idle_test $trap_name
check_err $? "Trap stats not idle when packets should not be dropped"
devlink_trap_group_stats_idle_test $group_name
check_err $? "Trap group stats not idle with when packets should not be dropped"
tc_check_packets "dev $swp2 egress" 101 0
check_fail $? "Packets not forwarded when should"
devlink_trap_action_set $trap_name "drop"
l2_drops_cleanup $mz_pid
bridge vlan del vid $vid dev $swp1 master
bridge vlan del vid $vid dev $swp2 master
}
ingress_stp_filter_listening_test()
{
local state=$1; shift
RET=0
__ingress_stp_filter_test $state
log_test "Ingress STP filter - listening state"
}
ingress_stp_filter_learning_test()
{
local state=$1; shift
RET=0
__ingress_stp_filter_test $state
log_test "Ingress STP filter - learning state"
}
ingress_stp_filter_test()
{
ingress_stp_filter_listening_test 1
ingress_stp_filter_learning_test 2
}
port_list_is_empty_uc_test()
{
local trap_name="port_list_is_empty"
local dmac=de:ad:be:ef:13:37
local group_name="l2_drops"
local mz_pid
# Disable unicast flooding on both ports, so that packets cannot egress
# any port.
ip link set dev $swp1 type bridge_slave flood off
ip link set dev $swp2 type bridge_slave flood off
RET=0
tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
flower dst_mac $dmac action drop
$MZ $h1 -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
mz_pid=$!
l2_drops_test $trap_name $group_name
# Allow packets to be flooded to one port.
ip link set dev $swp2 type bridge_slave flood on
devlink_trap_action_set $trap_name "trap"
devlink_trap_stats_idle_test $trap_name
check_err $? "Trap stats not idle when packets should not be dropped"
devlink_trap_group_stats_idle_test $group_name
check_err $? "Trap group stats not idle with when packets should not be dropped"
tc_check_packets "dev $swp2 egress" 101 0
check_fail $? "Packets not forwarded when should"
devlink_trap_action_set $trap_name "drop"
log_test "Port list is empty - unicast"
l2_drops_cleanup $mz_pid
ip link set dev $swp1 type bridge_slave flood on
}
port_list_is_empty_mc_test()
{
local trap_name="port_list_is_empty"
local dmac=01:00:5e:00:00:01
local group_name="l2_drops"
local dip=239.0.0.1
local mz_pid
# Disable multicast flooding on both ports, so that packets cannot
# egress any port. We also need to flush IP addresses from the bridge
# in order to prevent packets from being flooded to the router port.
ip link set dev $swp1 type bridge_slave mcast_flood off
ip link set dev $swp2 type bridge_slave mcast_flood off
ip address flush dev br0
RET=0
tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
flower dst_mac $dmac action drop
$MZ $h1 -c 0 -p 100 -a own -b $dmac -t ip -B $dip -d 1msec -q &
mz_pid=$!
l2_drops_test $trap_name $group_name
# Allow packets to be flooded to one port.
ip link set dev $swp2 type bridge_slave mcast_flood on
devlink_trap_action_set $trap_name "trap"
devlink_trap_stats_idle_test $trap_name
check_err $? "Trap stats not idle when packets should not be dropped"
devlink_trap_group_stats_idle_test $group_name
check_err $? "Trap group stats not idle with when packets should not be dropped"
tc_check_packets "dev $swp2 egress" 101 0
check_fail $? "Packets not forwarded when should"
devlink_trap_action_set $trap_name "drop"
log_test "Port list is empty - multicast"
l2_drops_cleanup $mz_pid
ip link set dev $swp1 type bridge_slave mcast_flood on
}
port_list_is_empty_test()
{
port_list_is_empty_uc_test
port_list_is_empty_mc_test
}
port_loopback_filter_uc_test()
{
local trap_name="port_loopback_filter"
local dmac=de:ad:be:ef:13:37
local group_name="l2_drops"
local mz_pid
# Make sure packets can only egress the input port.
ip link set dev $swp2 type bridge_slave flood off
RET=0
tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
flower dst_mac $dmac action drop
$MZ $h1 -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
mz_pid=$!
l2_drops_test $trap_name $group_name
# Allow packets to be flooded.
ip link set dev $swp2 type bridge_slave flood on
devlink_trap_action_set $trap_name "trap"
devlink_trap_stats_idle_test $trap_name
check_err $? "Trap stats not idle when packets should not be dropped"
devlink_trap_group_stats_idle_test $group_name
check_err $? "Trap group stats not idle with when packets should not be dropped"
tc_check_packets "dev $swp2 egress" 101 0
check_fail $? "Packets not forwarded when should"
devlink_trap_action_set $trap_name "drop"
log_test "Port loopback filter - unicast"
l2_drops_cleanup $mz_pid
}
port_loopback_filter_test()
{
port_loopback_filter_uc_test
}
trap cleanup EXIT
setup_prepare
setup_wait
tests_run
exit $EXIT_STATUS