#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # # Test a "one-armed router" [1] scenario. Packets forwarded between H1 and H2 # should be forwarded by the ASIC, but also trapped so that ICMP redirect # packets could be potentially generated. # # 1. https://en.wikipedia.org/wiki/One-armed_router # # +---------------------------------+ # | H1 (vrf) | # | + $h1 | # | | 192.0.2.1/24 | # | | 2001:db8:1::1/64 | # | | | # | | default via 192.0.2.2 | # | | default via 2001:db8:1::2 | # +----|----------------------------+ # | # +----|----------------------------------------------------------------------+ # | SW | | # | +--|--------------------------------------------------------------------+ | # | | + $swp1 BR0 (802.1d) | | # | | | | # | | 192.0.2.2/24 | | # | | 2001:db8:1::2/64 | | # | | 198.51.100.2/24 | | # | | 2001:db8:2::2/64 | | # | | | | # | | + $swp2 | | # | +--|--------------------------------------------------------------------+ | # | | | # +----|----------------------------------------------------------------------+ # | # +----|----------------------------+ # | | default via 198.51.100.2 | # | | default via 2001:db8:2::2 | # | | | # | | 2001:db8:2::1/64 | # | | 198.51.100.1/24 | # | + $h2 | # | H2 (vrf) | # +---------------------------------+ lib_dir=$(dirname $0)/../../../net/forwarding ALL_TESTS="ping_ipv4 ping_ipv6 fwd_mark_ipv4 fwd_mark_ipv6" NUM_NETIFS=4 source $lib_dir/tc_common.sh source $lib_dir/lib.sh h1_create() { simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64 ip -4 route add default vrf v$h1 nexthop via 192.0.2.2 ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2 } h1_destroy() { ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2 ip -4 route del default vrf v$h1 nexthop via 192.0.2.2 simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64 } h2_create() { simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64 ip -4 route add default vrf v$h2 nexthop via 198.51.100.2 ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2 } h2_destroy() { ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2 ip -4 route del default vrf v$h2 nexthop via 198.51.100.2 simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64 } switch_create() { ip link add name br0 type bridge mcast_snooping 0 ip link set dev br0 up ip link set dev $swp1 master br0 ip link set dev $swp1 up ip link set dev $swp2 master br0 ip link set dev $swp2 up tc qdisc add dev $swp1 clsact tc qdisc add dev $swp2 clsact __addr_add_del br0 add 192.0.2.2/24 2001:db8:1::2/64 __addr_add_del br0 add 198.51.100.2/24 2001:db8:2::2/64 } switch_destroy() { __addr_add_del br0 del 198.51.100.2/24 2001:db8:2::2/64 __addr_add_del br0 del 192.0.2.2/24 2001:db8:1::2/64 tc qdisc del dev $swp2 clsact tc qdisc del dev $swp1 clsact ip link set dev $swp2 down ip link set dev $swp2 nomaster ip link set dev $swp1 down ip link set dev $swp1 nomaster ip link set dev br0 down ip link del dev br0 } ping_ipv4() { ping_test $h1 198.51.100.1 ": h1->h2" } ping_ipv6() { ping6_test $h1 2001:db8:2::1 ": h1->h2" } fwd_mark_ipv4() { # Transmit packets from H1 to H2 and make sure they are trapped at # swp1 due to loopback error, but only forwarded by the ASIC through # swp2 tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \ skip_hw dst_ip 198.51.100.1 ip_proto udp dst_port 52768 \ action pass tc filter add dev $swp2 egress protocol ip pref 1 handle 101 flower \ skip_hw dst_ip 198.51.100.1 ip_proto udp dst_port 52768 \ action pass tc filter add dev $swp2 egress protocol ip pref 2 handle 102 flower \ skip_sw dst_ip 198.51.100.1 ip_proto udp dst_port 52768 \ action pass ip vrf exec v$h1 $MZ $h1 -c 10 -d 100msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q RET=0 tc_check_packets "dev $swp1 ingress" 101 10 check_err $? log_test "fwd mark: trapping IPv4 packets due to LBERROR" RET=0 tc_check_packets "dev $swp2 egress" 101 0 check_err $? log_test "fwd mark: forwarding IPv4 packets in software" RET=0 tc_check_packets "dev $swp2 egress" 102 10 check_err $? log_test "fwd mark: forwarding IPv4 packets in hardware" tc filter del dev $swp2 egress protocol ip pref 2 handle 102 flower tc filter del dev $swp2 egress protocol ip pref 1 handle 101 flower tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower } fwd_mark_ipv6() { tc filter add dev $swp1 ingress protocol ipv6 pref 1 handle 101 flower \ skip_hw dst_ip 2001:db8:2::1 ip_proto udp dst_port 52768 \ action pass tc filter add dev $swp2 egress protocol ipv6 pref 1 handle 101 flower \ skip_hw dst_ip 2001:db8:2::1 ip_proto udp dst_port 52768 \ action pass tc filter add dev $swp2 egress protocol ipv6 pref 2 handle 102 flower \ skip_sw dst_ip 2001:db8:2::1 ip_proto udp dst_port 52768 \ action pass ip vrf exec v$h1 $MZ $h1 -6 -c 10 -d 100msec -p 64 -A 2001:db8:1::1 \ -B 2001:db8:2::1 -t udp dp=52768,sp=42768 -q RET=0 tc_check_packets "dev $swp1 ingress" 101 10 check_err $? log_test "fwd mark: trapping IPv6 packets due to LBERROR" RET=0 tc_check_packets "dev $swp2 egress" 101 0 check_err $? log_test "fwd mark: forwarding IPv6 packets in software" RET=0 tc_check_packets "dev $swp2 egress" 102 10 check_err $? log_test "fwd mark: forwarding IPv6 packets in hardware" tc filter del dev $swp2 egress protocol ipv6 pref 2 handle 102 flower tc filter del dev $swp2 egress protocol ipv6 pref 1 handle 101 flower tc filter del dev $swp1 ingress protocol ipv6 pref 1 handle 101 flower } setup_prepare() { h1=${NETIFS[p1]} swp1=${NETIFS[p2]} swp2=${NETIFS[p3]} h2=${NETIFS[p4]} vrf_prepare forwarding_enable sysctl_set net.ipv4.conf.all.accept_redirects 0 sysctl_set net.ipv6.conf.all.accept_redirects 0 h1_create h2_create switch_create } cleanup() { pre_cleanup switch_destroy h2_destroy h1_destroy sysctl_restore net.ipv6.conf.all.accept_redirects sysctl_restore net.ipv4.conf.all.accept_redirects forwarding_restore vrf_cleanup } trap cleanup EXIT setup_prepare setup_wait tests_run exit $EXIT_STATUS