tools/testing/selftests/drivers/net/mlxsw/devlink_trap_l2_drops.sh at v5.6-rc7

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / tools / testing / selftests / drivers / net / mlxsw / devlink_trap_l2_drops.sh
at v5.6-rc7 437 lines 10 kB view raw
wrap content
  1#!/bin/bash
  2# SPDX-License-Identifier: GPL-2.0
  3#
  4# Test devlink-trap L2 drops functionality over mlxsw. Each registered L2 drop
  5# packet trap is tested to make sure it is triggered under the right
  6# conditions.
  7
  8lib_dir=$(dirname $0)/../../../net/forwarding
  9
 10ALL_TESTS="
 11	source_mac_is_multicast_test
 12	vlan_tag_mismatch_test
 13	ingress_vlan_filter_test
 14	ingress_stp_filter_test
 15	port_list_is_empty_test
 16	port_loopback_filter_test
 17"
 18NUM_NETIFS=4
 19source $lib_dir/tc_common.sh
 20source $lib_dir/lib.sh
 21source $lib_dir/devlink_lib.sh
 22
 23h1_create()
 24{
 25	simple_if_init $h1
 26}
 27
 28h1_destroy()
 29{
 30	simple_if_fini $h1
 31}
 32
 33h2_create()
 34{
 35	simple_if_init $h2
 36}
 37
 38h2_destroy()
 39{
 40	simple_if_fini $h2
 41}
 42
 43switch_create()
 44{
 45	ip link add dev br0 type bridge vlan_filtering 1 mcast_snooping 0
 46
 47	ip link set dev $swp1 master br0
 48	ip link set dev $swp2 master br0
 49
 50	ip link set dev br0 up
 51	ip link set dev $swp1 up
 52	ip link set dev $swp2 up
 53
 54	tc qdisc add dev $swp2 clsact
 55}
 56
 57switch_destroy()
 58{
 59	tc qdisc del dev $swp2 clsact
 60
 61	ip link set dev $swp2 down
 62	ip link set dev $swp1 down
 63
 64	ip link del dev br0
 65}
 66
 67setup_prepare()
 68{
 69	h1=${NETIFS[p1]}
 70	swp1=${NETIFS[p2]}
 71
 72	swp2=${NETIFS[p3]}
 73	h2=${NETIFS[p4]}
 74
 75	vrf_prepare
 76
 77	h1_create
 78	h2_create
 79
 80	switch_create
 81}
 82
 83cleanup()
 84{
 85	pre_cleanup
 86
 87	switch_destroy
 88
 89	h2_destroy
 90	h1_destroy
 91
 92	vrf_cleanup
 93}
 94
 95source_mac_is_multicast_test()
 96{
 97	local trap_name="source_mac_is_multicast"
 98	local smac=01:02:03:04:05:06
 99	local group_name="l2_drops"
100	local mz_pid
101
102	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
103		flower src_mac $smac action drop
104
105	$MZ $h1 -c 0 -p 100 -a $smac -b bcast -t ip -d 1msec -q &
106	mz_pid=$!
107
108	RET=0
109
110	devlink_trap_drop_test $trap_name $group_name $swp2
111
112	log_test "Source MAC is multicast"
113
114	devlink_trap_drop_cleanup $mz_pid $swp2 ip
115}
116
117__vlan_tag_mismatch_test()
118{
119	local trap_name="vlan_tag_mismatch"
120	local dmac=de:ad:be:ef:13:37
121	local group_name="l2_drops"
122	local opt=$1; shift
123	local mz_pid
124
125	# Remove PVID flag. This should prevent untagged and prio-tagged
126	# packets from entering the bridge.
127	bridge vlan add vid 1 dev $swp1 untagged master
128
129	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
130		flower dst_mac $dmac action drop
131
132	$MZ $h1 "$opt" -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
133	mz_pid=$!
134
135	devlink_trap_drop_test $trap_name $group_name $swp2
136
137	# Add PVID and make sure packets are no longer dropped.
138	bridge vlan add vid 1 dev $swp1 pvid untagged master
139	devlink_trap_action_set $trap_name "trap"
140
141	devlink_trap_stats_idle_test $trap_name
142	check_err $? "Trap stats not idle when packets should not be dropped"
143	devlink_trap_group_stats_idle_test $group_name
144	check_err $? "Trap group stats not idle with when packets should not be dropped"
145
146	tc_check_packets "dev $swp2 egress" 101 0
147	check_fail $? "Packets not forwarded when should"
148
149	devlink_trap_action_set $trap_name "drop"
150
151	devlink_trap_drop_cleanup $mz_pid $swp2 ip
152}
153
154vlan_tag_mismatch_untagged_test()
155{
156	RET=0
157
158	__vlan_tag_mismatch_test
159
160	log_test "VLAN tag mismatch - untagged packets"
161}
162
163vlan_tag_mismatch_vid_0_test()
164{
165	RET=0
166
167	__vlan_tag_mismatch_test "-Q 0"
168
169	log_test "VLAN tag mismatch - prio-tagged packets"
170}
171
172vlan_tag_mismatch_test()
173{
174	vlan_tag_mismatch_untagged_test
175	vlan_tag_mismatch_vid_0_test
176}
177
178ingress_vlan_filter_test()
179{
180	local trap_name="ingress_vlan_filter"
181	local dmac=de:ad:be:ef:13:37
182	local group_name="l2_drops"
183	local mz_pid
184	local vid=10
185
186	bridge vlan add vid $vid dev $swp2 master
187
188	RET=0
189
190	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
191		flower dst_mac $dmac action drop
192
193	$MZ $h1 -Q $vid -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
194	mz_pid=$!
195
196	devlink_trap_drop_test $trap_name $group_name $swp2
197
198	# Add the VLAN on the bridge port and make sure packets are no longer
199	# dropped.
200	bridge vlan add vid $vid dev $swp1 master
201	devlink_trap_action_set $trap_name "trap"
202
203	devlink_trap_stats_idle_test $trap_name
204	check_err $? "Trap stats not idle when packets should not be dropped"
205	devlink_trap_group_stats_idle_test $group_name
206	check_err $? "Trap group stats not idle with when packets should not be dropped"
207
208	tc_check_packets "dev $swp2 egress" 101 0
209	check_fail $? "Packets not forwarded when should"
210
211	devlink_trap_action_set $trap_name "drop"
212
213	log_test "Ingress VLAN filter"
214
215	devlink_trap_drop_cleanup $mz_pid $swp2 ip
216
217	bridge vlan del vid $vid dev $swp1 master
218	bridge vlan del vid $vid dev $swp2 master
219}
220
221__ingress_stp_filter_test()
222{
223	local trap_name="ingress_spanning_tree_filter"
224	local dmac=de:ad:be:ef:13:37
225	local group_name="l2_drops"
226	local state=$1; shift
227	local mz_pid
228	local vid=20
229
230	bridge vlan add vid $vid dev $swp2 master
231	bridge vlan add vid $vid dev $swp1 master
232	ip link set dev $swp1 type bridge_slave state $state
233
234	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
235		flower dst_mac $dmac action drop
236
237	$MZ $h1 -Q $vid -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
238	mz_pid=$!
239
240	devlink_trap_drop_test $trap_name $group_name $swp2
241
242	# Change STP state to forwarding and make sure packets are no longer
243	# dropped.
244	ip link set dev $swp1 type bridge_slave state 3
245	devlink_trap_action_set $trap_name "trap"
246
247	devlink_trap_stats_idle_test $trap_name
248	check_err $? "Trap stats not idle when packets should not be dropped"
249	devlink_trap_group_stats_idle_test $group_name
250	check_err $? "Trap group stats not idle with when packets should not be dropped"
251
252	tc_check_packets "dev $swp2 egress" 101 0
253	check_fail $? "Packets not forwarded when should"
254
255	devlink_trap_action_set $trap_name "drop"
256
257	devlink_trap_drop_cleanup $mz_pid $swp2 ip
258
259	bridge vlan del vid $vid dev $swp1 master
260	bridge vlan del vid $vid dev $swp2 master
261}
262
263ingress_stp_filter_listening_test()
264{
265	local state=$1; shift
266
267	RET=0
268
269	__ingress_stp_filter_test $state
270
271	log_test "Ingress STP filter - listening state"
272}
273
274ingress_stp_filter_learning_test()
275{
276	local state=$1; shift
277
278	RET=0
279
280	__ingress_stp_filter_test $state
281
282	log_test "Ingress STP filter - learning state"
283}
284
285ingress_stp_filter_test()
286{
287	ingress_stp_filter_listening_test 1
288	ingress_stp_filter_learning_test 2
289}
290
291port_list_is_empty_uc_test()
292{
293	local trap_name="port_list_is_empty"
294	local dmac=de:ad:be:ef:13:37
295	local group_name="l2_drops"
296	local mz_pid
297
298	# Disable unicast flooding on both ports, so that packets cannot egress
299	# any port.
300	ip link set dev $swp1 type bridge_slave flood off
301	ip link set dev $swp2 type bridge_slave flood off
302
303	RET=0
304
305	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
306		flower dst_mac $dmac action drop
307
308	$MZ $h1 -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
309	mz_pid=$!
310
311	devlink_trap_drop_test $trap_name $group_name $swp2
312
313	# Allow packets to be flooded to one port.
314	ip link set dev $swp2 type bridge_slave flood on
315	devlink_trap_action_set $trap_name "trap"
316
317	devlink_trap_stats_idle_test $trap_name
318	check_err $? "Trap stats not idle when packets should not be dropped"
319	devlink_trap_group_stats_idle_test $group_name
320	check_err $? "Trap group stats not idle with when packets should not be dropped"
321
322	tc_check_packets "dev $swp2 egress" 101 0
323	check_fail $? "Packets not forwarded when should"
324
325	devlink_trap_action_set $trap_name "drop"
326
327	log_test "Port list is empty - unicast"
328
329	devlink_trap_drop_cleanup $mz_pid $swp2 ip
330
331	ip link set dev $swp1 type bridge_slave flood on
332}
333
334port_list_is_empty_mc_test()
335{
336	local trap_name="port_list_is_empty"
337	local dmac=01:00:5e:00:00:01
338	local group_name="l2_drops"
339	local dip=239.0.0.1
340	local mz_pid
341
342	# Disable multicast flooding on both ports, so that packets cannot
343	# egress any port. We also need to flush IP addresses from the bridge
344	# in order to prevent packets from being flooded to the router port.
345	ip link set dev $swp1 type bridge_slave mcast_flood off
346	ip link set dev $swp2 type bridge_slave mcast_flood off
347	ip address flush dev br0
348
349	RET=0
350
351	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
352		flower dst_mac $dmac action drop
353
354	$MZ $h1 -c 0 -p 100 -a own -b $dmac -t ip -B $dip -d 1msec -q &
355	mz_pid=$!
356
357	devlink_trap_drop_test $trap_name $group_name $swp2
358
359	# Allow packets to be flooded to one port.
360	ip link set dev $swp2 type bridge_slave mcast_flood on
361	devlink_trap_action_set $trap_name "trap"
362
363	devlink_trap_stats_idle_test $trap_name
364	check_err $? "Trap stats not idle when packets should not be dropped"
365	devlink_trap_group_stats_idle_test $group_name
366	check_err $? "Trap group stats not idle with when packets should not be dropped"
367
368	tc_check_packets "dev $swp2 egress" 101 0
369	check_fail $? "Packets not forwarded when should"
370
371	devlink_trap_action_set $trap_name "drop"
372
373	log_test "Port list is empty - multicast"
374
375	devlink_trap_drop_cleanup $mz_pid $swp2 ip
376
377	ip link set dev $swp1 type bridge_slave mcast_flood on
378}
379
380port_list_is_empty_test()
381{
382	port_list_is_empty_uc_test
383	port_list_is_empty_mc_test
384}
385
386port_loopback_filter_uc_test()
387{
388	local trap_name="port_loopback_filter"
389	local dmac=de:ad:be:ef:13:37
390	local group_name="l2_drops"
391	local mz_pid
392
393	# Make sure packets can only egress the input port.
394	ip link set dev $swp2 type bridge_slave flood off
395
396	RET=0
397
398	tc filter add dev $swp2 egress protocol ip pref 1 handle 101 \
399		flower dst_mac $dmac action drop
400
401	$MZ $h1 -c 0 -p 100 -a own -b $dmac -t ip -d 1msec -q &
402	mz_pid=$!
403
404	devlink_trap_drop_test $trap_name $group_name $swp2
405
406	# Allow packets to be flooded.
407	ip link set dev $swp2 type bridge_slave flood on
408	devlink_trap_action_set $trap_name "trap"
409
410	devlink_trap_stats_idle_test $trap_name
411	check_err $? "Trap stats not idle when packets should not be dropped"
412	devlink_trap_group_stats_idle_test $group_name
413	check_err $? "Trap group stats not idle with when packets should not be dropped"
414
415	tc_check_packets "dev $swp2 egress" 101 0
416	check_fail $? "Packets not forwarded when should"
417
418	devlink_trap_action_set $trap_name "drop"
419
420	log_test "Port loopback filter - unicast"
421
422	devlink_trap_drop_cleanup $mz_pid $swp2 ip
423}
424
425port_loopback_filter_test()
426{
427	port_loopback_filter_uc_test
428}
429
430trap cleanup EXIT
431
432setup_prepare
433setup_wait
434
435tests_run
436
437exit $EXIT_STATUS
Configure Feed

Configure Feed
