diff options
Diffstat (limited to 'tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh')
-rwxr-xr-x | tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh | 352 |
1 files changed, 352 insertions, 0 deletions
diff --git a/tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh b/tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh new file mode 100755 index 000000000000..aff0a59f92d9 --- /dev/null +++ b/tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh @@ -0,0 +1,352 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright 2020 NXP + +WAIT_TIME=1 +NUM_NETIFS=4 +STABLE_MAC_ADDRS=yes +lib_dir=$(dirname $0)/../../../net/forwarding +source $lib_dir/tc_common.sh +source $lib_dir/lib.sh + +require_command tcpdump + +h1=${NETIFS[p1]} +swp1=${NETIFS[p2]} +swp2=${NETIFS[p3]} +h2=${NETIFS[p4]} + +# Helpers to map a VCAP IS1 and VCAP IS2 lookup and policy to a chain number +# used by the kernel driver. The numbers are: +# VCAP IS1 lookup 0: 10000 +# VCAP IS1 lookup 1: 11000 +# VCAP IS1 lookup 2: 12000 +# VCAP IS2 lookup 0 policy 0: 20000 +# VCAP IS2 lookup 0 policy 1: 20001 +# VCAP IS2 lookup 0 policy 255: 20255 +# VCAP IS2 lookup 1 policy 0: 21000 +# VCAP IS2 lookup 1 policy 1: 21001 +# VCAP IS2 lookup 1 policy 255: 21255 +IS1() +{ + local lookup=$1 + + echo $((10000 + 1000 * lookup)) +} + +IS2() +{ + local lookup=$1 + local pag=$2 + + echo $((20000 + 1000 * lookup + pag)) +} + +ES0() +{ + echo 0 +} + +# The Ocelot switches have a fixed ingress pipeline composed of: +# +# +----------------------------------------------+ +-----------------------------------------+ +# | VCAP IS1 | | VCAP IS2 | +# | | | | +# | +----------+ +----------+ +----------+ | | +----------+ +----------+ | +# | | Lookup 0 | | Lookup 1 | | Lookup 2 | | --+------> PAG 0: | Lookup 0 | -> | Lookup 1 | | +# | +----------+ -> +----------+ -> +----------+ | | | +----------+ +----------+ | +# | |key&action| |key&action| |key&action| | | | |key&action| |key&action| | +# | |key&action| |key&action| |key&action| | | | | .. | | .. | | +# | | .. | | .. | | .. | | | | +----------+ +----------+ | +# | +----------+ +----------+ +----------+ | | | | +# | selects PAG | | | +----------+ +----------+ | +# +----------------------------------------------+ +------> PAG 1: | Lookup 0 | -> | Lookup 1 | | +# | | +----------+ +----------+ | +# | | |key&action| |key&action| | +# | | | .. | | .. | | +# | | +----------+ +----------+ | +# | | ... | +# | | | +# | | +----------+ +----------+ | +# +----> PAG 254: | Lookup 0 | -> | Lookup 1 | | +# | | +----------+ +----------+ | +# | | |key&action| |key&action| | +# | | | .. | | .. | | +# | | +----------+ +----------+ | +# | | | +# | | +----------+ +----------+ | +# +----> PAG 255: | Lookup 0 | -> | Lookup 1 | | +# | +----------+ +----------+ | +# | |key&action| |key&action| | +# | | .. | | .. | | +# | +----------+ +----------+ | +# +-----------------------------------------+ +# +# Both the VCAP IS1 (Ingress Stage 1) and IS2 (Ingress Stage 2) are indexed +# (looked up) multiple times: IS1 3 times, and IS2 2 times. Each filter +# (key and action pair) can be configured to only match during the first, or +# second, etc, lookup. +# +# During one TCAM lookup, the filter processing stops at the first entry that +# matches, then the pipeline jumps to the next lookup. +# The driver maps each individual lookup of each individual ingress TCAM to a +# separate chain number. For correct rule offloading, it is mandatory that each +# filter installed in one TCAM is terminated by a non-optional GOTO action to +# the next lookup from the fixed pipeline. +# +# A chain can only be used if there is a GOTO action correctly set up from the +# prior lookup in the processing pipeline. Setting up all chains is not +# mandatory. + +# NOTE: VCAP IS1 currently uses only S1_NORMAL half keys and VCAP IS2 +# dynamically chooses between MAC_ETYPE, ARP, IP4_TCP_UDP, IP4_OTHER, which are +# all half keys as well. + +create_tcam_skeleton() +{ + local eth=$1 + + tc qdisc add dev $eth clsact + + # VCAP IS1 is the Ingress Classification TCAM and can offload the + # following actions: + # - skbedit priority + # - vlan pop + # - vlan modify + # - goto (only in lookup 2, the last IS1 lookup) + tc filter add dev $eth ingress chain 0 pref 49152 flower \ + skip_sw action goto chain $(IS1 0) + tc filter add dev $eth ingress chain $(IS1 0) pref 49152 \ + flower skip_sw action goto chain $(IS1 1) + tc filter add dev $eth ingress chain $(IS1 1) pref 49152 \ + flower skip_sw action goto chain $(IS1 2) + tc filter add dev $eth ingress chain $(IS1 2) pref 49152 \ + flower skip_sw action goto chain $(IS2 0 0) + + # VCAP IS2 is the Security Enforcement ingress TCAM and can offload the + # following actions: + # - trap + # - drop + # - police + # The two VCAP IS2 lookups can be segmented into up to 256 groups of + # rules, called Policies. A Policy is selected through the Policy + # Association Group (PAG) action of VCAP IS1 (which is the + # GOTO offload). + tc filter add dev $eth ingress chain $(IS2 0 0) pref 49152 \ + flower skip_sw action goto chain $(IS2 1 0) +} + +setup_prepare() +{ + ip link set $swp1 up + ip link set $swp2 up + ip link set $h2 up + ip link set $h1 up + + create_tcam_skeleton $swp1 + + ip link add br0 type bridge + ip link set $swp1 master br0 + ip link set $swp2 master br0 + ip link set br0 up + + ip link add link $h1 name $h1.100 type vlan id 100 + ip link set $h1.100 up + + ip link add link $h1 name $h1.200 type vlan id 200 + ip link set $h1.200 up + + tc filter add dev $swp1 ingress chain $(IS1 1) pref 1 \ + protocol 802.1Q flower skip_sw vlan_id 100 \ + action vlan pop \ + action goto chain $(IS1 2) + + tc filter add dev $swp1 egress chain $(ES0) pref 1 \ + flower skip_sw indev $swp2 \ + action vlan push protocol 802.1Q id 100 + + tc filter add dev $swp1 ingress chain $(IS1 0) pref 2 \ + protocol ipv4 flower skip_sw src_ip 10.1.1.2 \ + action skbedit priority 7 \ + action goto chain $(IS1 1) + + tc filter add dev $swp1 ingress chain $(IS2 0 0) pref 1 \ + protocol ipv4 flower skip_sw ip_proto udp dst_port 5201 \ + action police rate 50mbit burst 64k conform-exceed drop/pipe \ + action goto chain $(IS2 1 0) +} + +cleanup() +{ + ip link del $h1.200 + ip link del $h1.100 + tc qdisc del dev $swp1 clsact + ip link del br0 +} + +test_vlan_pop() +{ + local h1_mac=$(mac_get $h1) + local h2_mac=$(mac_get $h2) + + RET=0 + + tcpdump_start $h2 + + # Work around Mausezahn VLAN builder bug + # (https://github.com/netsniff-ng/netsniff-ng/issues/225) by using + # an 8021q upper + $MZ $h1.100 -q -c 1 -p 64 -a $h1_mac -b $h2_mac -t ip + + sleep 1 + + tcpdump_stop $h2 + + tcpdump_show $h2 | grep -q "$h1_mac > $h2_mac, ethertype IPv4" + check_err "$?" "untagged reception" + + tcpdump_cleanup $h2 + + log_test "VLAN pop" +} + +test_vlan_push() +{ + local h1_mac=$(mac_get $h1) + local h2_mac=$(mac_get $h2) + + RET=0 + + tcpdump_start $h1.100 + + $MZ $h2 -q -c 1 -p 64 -a $h2_mac -b $h1_mac -t ip + + sleep 1 + + tcpdump_stop $h1.100 + + tcpdump_show $h1.100 | grep -q "$h2_mac > $h1_mac" + check_err "$?" "tagged reception" + + tcpdump_cleanup $h1.100 + + log_test "VLAN push" +} + +test_vlan_ingress_modify() +{ + local h1_mac=$(mac_get $h1) + local h2_mac=$(mac_get $h2) + + RET=0 + + ip link set br0 type bridge vlan_filtering 1 + bridge vlan add dev $swp1 vid 200 + bridge vlan add dev $swp1 vid 300 + bridge vlan add dev $swp2 vid 300 + + tc filter add dev $swp1 ingress chain $(IS1 2) pref 3 \ + protocol 802.1Q flower skip_sw vlan_id 200 src_mac $h1_mac \ + action vlan modify id 300 \ + action goto chain $(IS2 0 0) + + tcpdump_start $h2 + + $MZ $h1.200 -q -c 1 -p 64 -a $h1_mac -b $h2_mac -t ip + + sleep 1 + + tcpdump_stop $h2 + + tcpdump_show $h2 | grep -q "$h1_mac > $h2_mac, .* vlan 300" + check_err "$?" "tagged reception" + + tcpdump_cleanup $h2 + + tc filter del dev $swp1 ingress chain $(IS1 2) pref 3 + + bridge vlan del dev $swp1 vid 200 + bridge vlan del dev $swp1 vid 300 + bridge vlan del dev $swp2 vid 300 + ip link set br0 type bridge vlan_filtering 0 + + log_test "Ingress VLAN modification" +} + +test_vlan_egress_modify() +{ + local h1_mac=$(mac_get $h1) + local h2_mac=$(mac_get $h2) + + RET=0 + + tc qdisc add dev $swp2 clsact + + ip link set br0 type bridge vlan_filtering 1 + bridge vlan add dev $swp1 vid 200 + bridge vlan add dev $swp2 vid 200 + + tc filter add dev $swp2 egress chain $(ES0) pref 3 \ + protocol 802.1Q flower skip_sw vlan_id 200 vlan_prio 0 \ + action vlan modify id 300 priority 7 + + tcpdump_start $h2 + + $MZ $h1.200 -q -c 1 -p 64 -a $h1_mac -b $h2_mac -t ip + + sleep 1 + + tcpdump_stop $h2 + + tcpdump_show $h2 | grep -q "$h1_mac > $h2_mac, .* vlan 300" + check_err "$?" "tagged reception" + + tcpdump_cleanup $h2 + + tc filter del dev $swp2 egress chain $(ES0) pref 3 + tc qdisc del dev $swp2 clsact + + bridge vlan del dev $swp1 vid 200 + bridge vlan del dev $swp2 vid 200 + ip link set br0 type bridge vlan_filtering 0 + + log_test "Egress VLAN modification" +} + +test_skbedit_priority() +{ + local h1_mac=$(mac_get $h1) + local h2_mac=$(mac_get $h2) + local num_pkts=100 + + before=$(ethtool_stats_get $swp1 'rx_green_prio_7') + + $MZ $h1 -q -c $num_pkts -p 64 -a $h1_mac -b $h2_mac -t ip -A 10.1.1.2 + + after=$(ethtool_stats_get $swp1 'rx_green_prio_7') + + if [ $((after - before)) = $num_pkts ]; then + RET=0 + else + RET=1 + fi + + log_test "Frame prioritization" +} + +trap cleanup EXIT + +ALL_TESTS=" + test_vlan_pop + test_vlan_push + test_vlan_ingress_modify + test_vlan_egress_modify + test_skbedit_priority +" + +setup_prepare +setup_wait + +tests_run + +exit $EXIT_STATUS |