selftests: add a test case for mirred egress to ingress

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

add a selftest that verifies the correct behavior of TC act_mirred egress
to ingress: in particular, it checks if the dst_entry is removed from skb
before redirect egress -> ingress. The correct behavior is: an ICMP 'echo
request' generated by ping will be received and generate a reply the same
way as the one generated by mausezahn.

Suggested-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Cong Wang <cong.wang@bytedance.com>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Davide Caratti and committed by

Jakub Kicinski 4 years ago 1d127eff f799ada6

+47 -1

2 changed files

expand all

tools

testing

selftests

net

forwarding

config

tc_actions.sh

tools/testing/selftests/net/forwarding/config

··· 6 6 CONFIG_NET_VRF=m 7 7 CONFIG_BPF_SYSCALL=y 8 8 CONFIG_CGROUP_BPF=y 9 + CONFIG_NET_ACT_CT=m 9 10 CONFIG_NET_ACT_MIRRED=m 10 11 CONFIG_NET_ACT_MPLS=m 11 12 CONFIG_NET_ACT_VLAN=m

+46 -1

tools/testing/selftests/net/forwarding/tc_actions.sh

··· 3 3 4 4 ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \ 5 5 mirred_egress_mirror_test matchall_mirred_egress_mirror_test \ 6 - gact_trap_test" 6 + gact_trap_test mirred_egress_to_ingress_test" 7 7 NUM_NETIFS=4 8 8 source tc_common.sh 9 9 source lib.sh ··· 13 13 h1_create() 14 14 { 15 15 simple_if_init $h1 192.0.2.1/24 16 + tc qdisc add dev $h1 clsact 16 17 } 17 18 18 19 h1_destroy() 19 20 { 21 + tc qdisc del dev $h1 clsact 20 22 simple_if_fini $h1 192.0.2.1/24 21 23 } 22 24 ··· 153 151 tc filter del dev $swp1 ingress protocol ip pref 1 handle 101 flower 154 152 155 153 log_test "trap ($tcflags)" 154 + } 155 + 156 + mirred_egress_to_ingress_test() 157 + { 158 + RET=0 159 + 160 + tc filter add dev $h1 protocol ip pref 100 handle 100 egress flower \ 161 + ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 8 action \ 162 + ct commit nat src addr 192.0.2.2 pipe \ 163 + ct clear pipe \ 164 + ct commit nat dst addr 192.0.2.1 pipe \ 165 + mirred ingress redirect dev $h1 166 + 167 + tc filter add dev $swp1 protocol ip pref 11 handle 111 ingress flower \ 168 + ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 8 action drop 169 + tc filter add dev $swp1 protocol ip pref 12 handle 112 ingress flower \ 170 + ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 0 action pass 171 + 172 + $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \ 173 + -t icmp "ping,id=42,seq=10" -q 174 + 175 + tc_check_packets "dev $h1 egress" 100 1 176 + check_err $? "didn't mirror first packet" 177 + 178 + tc_check_packets "dev $swp1 ingress" 111 1 179 + check_fail $? "didn't redirect first packet" 180 + tc_check_packets "dev $swp1 ingress" 112 1 181 + check_err $? "didn't receive reply to first packet" 182 + 183 + ping 192.0.2.2 -I$h1 -c1 -w1 -q 1>/dev/null 2>&1 184 + 185 + tc_check_packets "dev $h1 egress" 100 2 186 + check_err $? "didn't mirror second packet" 187 + tc_check_packets "dev $swp1 ingress" 111 1 188 + check_fail $? "didn't redirect second packet" 189 + tc_check_packets "dev $swp1 ingress" 112 2 190 + check_err $? "didn't receive reply to second packet" 191 + 192 + tc filter del dev $h1 egress protocol ip pref 100 handle 100 flower 193 + tc filter del dev $swp1 ingress protocol ip pref 11 handle 111 flower 194 + tc filter del dev $swp1 ingress protocol ip pref 12 handle 112 flower 195 + 196 + log_test "mirred_egress_to_ingress ($tcflags)" 156 197 } 157 198 158 199 setup_prepare()