#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # # Test devlink-trap L3 exceptions functionality over mlxsw. # Check all exception traps to make sure they are triggered under the right # conditions. # +---------------------------------+ # | H1 (vrf) | # | + $h1 | # | | 192.0.2.1/24 | # | | 2001:db8:1::1/64 | # | | | # | | default via 192.0.2.2 | # | | default via 2001:db8:1::2 | # +----|----------------------------+ # | # +----|----------------------------------------------------------------------+ # | SW | | # | + $rp1 | # | 192.0.2.2/24 | # | 2001:db8:1::2/64 | # | | # | 2001:db8:2::2/64 | # | 198.51.100.2/24 | # | + $rp2 | # | | | # +----|----------------------------------------------------------------------+ # | # +----|----------------------------+ # | | default via 198.51.100.2 | # | | default via 2001:db8:2::2 | # | | | # | | 2001:db8:2::1/64 | # | | 198.51.100.1/24 | # | + $h2 | # | H2 (vrf) | # +---------------------------------+ lib_dir=$(dirname $0)/../../../net/forwarding ALL_TESTS=" mtu_value_is_too_small_test ttl_value_is_too_small_test mc_reverse_path_forwarding_test reject_route_test unresolved_neigh_test ipv4_lpm_miss_test ipv6_lpm_miss_test " NUM_NETIFS=4 source $lib_dir/lib.sh source $lib_dir/tc_common.sh source $lib_dir/devlink_lib.sh require_command $MCD require_command $MC_CLI table_name=selftests h1_create() { simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64 ip -4 route add default vrf v$h1 nexthop via 192.0.2.2 ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2 tc qdisc add dev $h1 clsact } h1_destroy() { tc qdisc del dev $h1 clsact ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2 ip -4 route del default vrf v$h1 nexthop via 192.0.2.2 simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64 } h2_create() { simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64 ip -4 route add default vrf v$h2 nexthop via 198.51.100.2 ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2 } h2_destroy() { ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2 ip -4 route del default vrf v$h2 nexthop via 198.51.100.2 simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64 } router_create() { ip link set dev $rp1 up ip link set dev $rp2 up tc qdisc add dev $rp2 clsact __addr_add_del $rp1 add 192.0.2.2/24 2001:db8:1::2/64 __addr_add_del $rp2 add 198.51.100.2/24 2001:db8:2::2/64 } router_destroy() { __addr_add_del $rp2 del 198.51.100.2/24 2001:db8:2::2/64 __addr_add_del $rp1 del 192.0.2.2/24 2001:db8:1::2/64 tc qdisc del dev $rp2 clsact } setup_prepare() { h1=${NETIFS[p1]} rp1=${NETIFS[p2]} rp2=${NETIFS[p3]} h2=${NETIFS[p4]} rp1mac=$(mac_get $rp1) start_mcd vrf_prepare forwarding_enable h1_create h2_create router_create } cleanup() { pre_cleanup router_destroy h2_destroy h1_destroy forwarding_restore vrf_cleanup kill_mcd } ping_check() { ping_do $h1 198.51.100.1 check_err $? "Packets that should not be trapped were trapped" } trap_action_check() { local trap_name=$1; shift local expected_action=$1; shift action=$(devlink_trap_action_get $trap_name) if [ "$action" != $expected_action ]; then check_err 1 "Trap $trap_name has wrong action: $action" fi } mtu_value_is_too_small_test() { local trap_name="mtu_value_is_too_small" local group_name="l3_drops" local expected_action="trap" local mz_pid RET=0 ping_check $trap_name trap_action_check $trap_name $expected_action # type - Destination Unreachable # code - Fragmentation Needed and Don't Fragment was Set tc filter add dev $h1 ingress protocol ip pref 1 handle 101 \ flower skip_hw ip_proto icmp type 3 code 4 action pass mtu_set $rp2 1300 # Generate IP packets bigger than router's MTU with don't fragment # flag on. $MZ $h1 -t udp "sp=54321,dp=12345,df" -p 1400 -c 0 -d 1msec -b $rp1mac \ -B 198.51.100.1 -q & mz_pid=$! devlink_trap_exception_test $trap_name $group_name tc_check_packets_hitting "dev $h1 ingress" 101 check_err $? "Packets were not received to h1" log_test "MTU value is too small" mtu_restore $rp2 kill $mz_pid && wait $mz_pid &> /dev/null tc filter del dev $h1 ingress protocol ip pref 1 handle 101 flower } __ttl_value_is_too_small_test() { local ttl_val=$1; shift local trap_name="ttl_value_is_too_small" local group_name="l3_drops" local expected_action="trap" local mz_pid RET=0 ping_check $trap_name trap_action_check $trap_name $expected_action # type - Time Exceeded # code - Time to Live exceeded in Transit tc filter add dev $h1 ingress protocol ip pref 1 handle 101 \ flower skip_hw ip_proto icmp type 11 code 0 action pass # Generate IP packets with small TTL $MZ $h1 -t udp "ttl=$ttl_val,sp=54321,dp=12345" -c 0 -d 1msec \ -b $rp1mac -B 198.51.100.1 -q & mz_pid=$! devlink_trap_exception_test $trap_name $group_name tc_check_packets_hitting "dev $h1 ingress" 101 check_err $? "Packets were not received to h1" log_test "TTL value is too small: TTL=$ttl_val" kill $mz_pid && wait $mz_pid &> /dev/null tc filter del dev $h1 ingress protocol ip pref 1 handle 101 flower } ttl_value_is_too_small_test() { __ttl_value_is_too_small_test 0 __ttl_value_is_too_small_test 1 } start_mcd() { SMCROUTEDIR="$(mktemp -d)" for ((i = 1; i <= $NUM_NETIFS; ++i)); do echo "phyint ${NETIFS[p$i]} enable" >> \ $SMCROUTEDIR/$table_name.conf done $MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \ -P $SMCROUTEDIR/$table_name.pid } kill_mcd() { pkill $MCD rm -rf $SMCROUTEDIR } __mc_reverse_path_forwarding_test() { local desc=$1; shift local src_ip=$1; shift local dst_ip=$1; shift local dst_mac=$1; shift local proto=$1; shift local flags=${1:-""}; shift local trap_name="mc_reverse_path_forwarding" local group_name="l3_drops" local expected_action="trap" local mz_pid RET=0 ping_check $trap_name trap_action_check $trap_name $expected_action tc filter add dev $rp2 egress protocol $proto pref 1 handle 101 \ flower dst_ip $dst_ip ip_proto udp action drop $MC_CLI -I $table_name add $rp1 $src_ip $dst_ip $rp2 # Generate packets to multicast address. $MZ $h2 $flags -t udp "sp=54321,dp=12345" -c 0 -p 128 \ -a 00:11:22:33:44:55 -b $dst_mac \ -A $src_ip -B $dst_ip -q & mz_pid=$! devlink_trap_exception_test $trap_name $group_name tc_check_packets "dev $rp2 egress" 101 0 check_err $? "Packets were not dropped" log_test "Multicast reverse path forwarding: $desc" kill $mz_pid && wait $mz_pid &> /dev/null tc filter del dev $rp2 egress protocol $proto pref 1 handle 101 flower } mc_reverse_path_forwarding_test() { __mc_reverse_path_forwarding_test "IPv4" "192.0.2.1" "225.1.2.3" \ "01:00:5e:01:02:03" "ip" __mc_reverse_path_forwarding_test "IPv6" "2001:db8:1::1" "ff0e::3" \ "33:33:00:00:00:03" "ipv6" "-6" } __reject_route_test() { local desc=$1; shift local dst_ip=$1; shift local proto=$1; shift local ip_proto=$1; shift local type=$1; shift local code=$1; shift local unreachable=$1; shift local flags=${1:-""}; shift local trap_name="reject_route" local group_name="l3_drops" local expected_action="trap" local mz_pid RET=0 ping_check $trap_name trap_action_check $trap_name $expected_action tc filter add dev $h1 ingress protocol $proto pref 1 handle 101 flower \ skip_hw ip_proto $ip_proto type $type code $code action pass ip route add unreachable $unreachable # Generate pacekts to h2. The destination IP is unreachable. $MZ $flags $h1 -t udp "sp=54321,dp=12345" -c 0 -d 1msec -b $rp1mac \ -B $dst_ip -q & mz_pid=$! devlink_trap_exception_test $trap_name $group_name tc_check_packets_hitting "dev $h1 ingress" 101 check_err $? "ICMP packet was not received to h1" log_test "Reject route: $desc" kill $mz_pid && wait $mz_pid &> /dev/null ip route del unreachable $unreachable tc filter del dev $h1 ingress protocol $proto pref 1 handle 101 flower } reject_route_test() { # type - Destination Unreachable # code - Host Unreachable __reject_route_test "IPv4" 198.51.100.1 "ip" "icmp" 3 1 \ "198.51.100.0/26" # type - Destination Unreachable # code - No Route __reject_route_test "IPv6" 2001:db8:2::1 "ipv6" "icmpv6" 1 0 \ "2001:db8:2::0/66" "-6" } __host_miss_test() { local desc=$1; shift local dip=$1; shift local trap_name="unresolved_neigh" local group_name="l3_drops" local expected_action="trap" local mz_pid RET=0 ping_check $trap_name trap_action_check $trap_name $expected_action ip neigh flush dev $rp2 t0_packets=$(devlink_trap_rx_packets_get $trap_name) # Generate packets to h2 (will incur a unresolved neighbor). # The ping should pass and devlink counters should be increased. ping_do $h1 $dip check_err $? "ping failed: $desc" t1_packets=$(devlink_trap_rx_packets_get $trap_name) if [[ $t0_packets -eq $t1_packets ]]; then check_err 1 "Trap counter did not increase" fi log_test "Unresolved neigh: host miss: $desc" } __invalid_nexthop_test() { local desc=$1; shift local dip=$1; shift local extra_add=$1; shift local subnet=$1; shift local via_add=$1; shift local trap_name="unresolved_neigh" local group_name="l3_drops" local expected_action="trap" local mz_pid RET=0 ping_check $trap_name trap_action_check $trap_name $expected_action ip address add $extra_add/$subnet dev $h2 # Check that correct route does not trigger unresolved_neigh ip $flags route add $dip via $extra_add dev $rp2 # Generate packets in order to discover all neighbours. # Without it, counters of unresolved_neigh will be increased # during neighbours discovery and the check below will fail # for a wrong reason ping_do $h1 $dip t0_packets=$(devlink_trap_rx_packets_get $trap_name) ping_do $h1 $dip t1_packets=$(devlink_trap_rx_packets_get $trap_name) if [[ $t0_packets -ne $t1_packets ]]; then check_err 1 "Trap counter increased when it should not" fi ip $flags route del $dip via $extra_add dev $rp2 # Check that route to nexthop that does not exist trigger # unresolved_neigh ip $flags route add $dip via $via_add dev $h2 t0_packets=$(devlink_trap_rx_packets_get $trap_name) ping_do $h1 $dip t1_packets=$(devlink_trap_rx_packets_get $trap_name) if [[ $t0_packets -eq $t1_packets ]]; then check_err 1 "Trap counter did not increase" fi ip $flags route del $dip via $via_add dev $h2 ip address del $extra_add/$subnet dev $h2 log_test "Unresolved neigh: nexthop does not exist: $desc" } unresolved_neigh_test() { __host_miss_test "IPv4" 198.51.100.1 __host_miss_test "IPv6" 2001:db8:2::1 __invalid_nexthop_test "IPv4" 198.51.100.1 198.51.100.3 24 198.51.100.4 __invalid_nexthop_test "IPv6" 2001:db8:2::1 2001:db8:2::3 64 \ 2001:db8:2::4 } vrf_without_routes_create() { # VRF creating makes the links to be down and then up again. # By default, IPv6 address is not saved after link becomes down. # Save IPv6 address using sysctl configuration. sysctl_set net.ipv6.conf.$rp1.keep_addr_on_down 1 sysctl_set net.ipv6.conf.$rp2.keep_addr_on_down 1 ip link add dev vrf1 type vrf table 101 ip link set dev $rp1 master vrf1 ip link set dev $rp2 master vrf1 ip link set dev vrf1 up # Wait for rp1 and rp2 to be up setup_wait } vrf_without_routes_destroy() { ip link set dev $rp1 nomaster ip link set dev $rp2 nomaster ip link del dev vrf1 sysctl_restore net.ipv6.conf.$rp2.keep_addr_on_down sysctl_restore net.ipv6.conf.$rp1.keep_addr_on_down # Wait for interfaces to be up setup_wait } ipv4_lpm_miss_test() { local trap_name="ipv4_lpm_miss" local group_name="l3_drops" local expected_action="trap" local mz_pid RET=0 ping_check $trap_name trap_action_check $trap_name $expected_action # Create a VRF without a default route vrf_without_routes_create # Generate packets through a VRF without a matching route. $MZ $h1 -t udp "sp=54321,dp=12345" -c 0 -d 1msec -b $rp1mac \ -B 203.0.113.1 -q & mz_pid=$! devlink_trap_exception_test $trap_name $group_name log_test "LPM miss: IPv4" kill $mz_pid && wait $mz_pid &> /dev/null vrf_without_routes_destroy } ipv6_lpm_miss_test() { local trap_name="ipv6_lpm_miss" local group_name="l3_drops" local expected_action="trap" local mz_pid RET=0 ping_check $trap_name trap_action_check $trap_name $expected_action # Create a VRF without a default route vrf_without_routes_create # Generate packets through a VRF without a matching route. $MZ -6 $h1 -t udp "sp=54321,dp=12345" -c 0 -d 1msec -b $rp1mac \ -B 2001:db8::1 -q & mz_pid=$! devlink_trap_exception_test $trap_name $group_name log_test "LPM miss: IPv6" kill $mz_pid && wait $mz_pid &> /dev/null vrf_without_routes_destroy } trap cleanup EXIT setup_prepare setup_wait tests_run exit $EXIT_STATUS