linux/tools/testing/selftests/drivers/net/mlxsw/devlink_trap_tunnel_ipip.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# Test devlink-trap tunnel exceptions functionality over mlxsw.
# Check all exception traps to make sure they are triggered under the right
# conditions.

# +-------------------------+
# | H1                      |
# |               $h1 +     |
# |      192.0.2.1/28 |     |
# +-------------------|-----+
#                     |
# +-------------------|-----+
# | SW1               |     |
# |             $swp1 +     |
# |      192.0.2.2/28       |
# |                         |
# |  + g1a (gre)            |
# |    loc=192.0.2.65       |
# |    rem=192.0.2.66       |
# |    tos=inherit          |
# |                         |
# |  + $rp1                 |
# |  |  198.51.100.1/28     |
# +--|----------------------+
#    |
# +--|----------------------+
# |  |                 VRF2 |
# |  + $rp2                 |
# |    198.51.100.2/28      |
# +-------------------------+

lib_dir=$(dirname $0)/../../../net/forwarding

ALL_TESTS="
	decap_error_test
"

NUM_NETIFS=4
source $lib_dir/lib.sh
source $lib_dir/tc_common.sh
source $lib_dir/devlink_lib.sh

h1_create()
{
	simple_if_init $h1 192.0.2.1/28
}

h1_destroy()
{
	simple_if_fini $h1 192.0.2.1/28
}

vrf2_create()
{
	simple_if_init $rp2 198.51.100.2/28
}

vrf2_destroy()
{
	simple_if_fini $rp2 198.51.100.2/28
}

switch_create()
{
	__addr_add_del $swp1 add 192.0.2.2/28
	tc qdisc add dev $swp1 clsact
	ip link set dev $swp1 up

	tunnel_create g1 gre 192.0.2.65 192.0.2.66 tos inherit
	__addr_add_del g1 add 192.0.2.65/32
	ip link set dev g1 up

	__addr_add_del $rp1 add 198.51.100.1/28
	ip link set dev $rp1 up
}

switch_destroy()
{
	ip link set dev $rp1 down
	__addr_add_del $rp1 del 198.51.100.1/28

	ip link set dev g1 down
	__addr_add_del g1 del 192.0.2.65/32
	tunnel_destroy g1

	ip link set dev $swp1 down
	tc qdisc del dev $swp1 clsact
	__addr_add_del $swp1 del 192.0.2.2/28
}

setup_prepare()
{
	h1=${NETIFS[p1]}
	swp1=${NETIFS[p2]}

	rp1=${NETIFS[p3]}
	rp2=${NETIFS[p4]}

	forwarding_enable
	vrf_prepare
	h1_create
	switch_create
	vrf2_create
}

cleanup()
{
	pre_cleanup

	vrf2_destroy
	switch_destroy
	h1_destroy
	vrf_cleanup
	forwarding_restore
}

ipip_payload_get()
{
	local flags=$1; shift
	local key=$1; shift

	p=$(:
		)"$flags"$(		      : GRE flags
	        )"0:00:"$(                    : Reserved + version
		)"08:00:"$(		      : ETH protocol type
		)"$key"$( 		      : Key
		)"4"$(	                      : IP version
		)"5:"$(                       : IHL
		)"00:"$(                      : IP TOS
		)"00:14:"$(                   : IP total length
		)"00:00:"$(                   : IP identification
		)"20:00:"$(                   : IP flags + frag off
		)"30:"$(                      : IP TTL
		)"01:"$(                      : IP proto
		)"E7:E6:"$(    	              : IP header csum
		)"C0:00:01:01:"$(             : IP saddr : 192.0.1.1
		)"C0:00:02:01:"$(             : IP daddr : 192.0.2.1
		)
	echo $p
}

ecn_payload_get()
{
	echo $(ipip_payload_get "0")
}

ecn_decap_test()
{
	local trap_name="decap_error"
	local desc=$1; shift
	local ecn_desc=$1; shift
	local outer_tos=$1; shift
	local mz_pid

	RET=0

	tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \
		flower src_ip 192.0.1.1 dst_ip 192.0.2.1 action pass

	rp1_mac=$(mac_get $rp1)
	rp2_mac=$(mac_get $rp2)
	payload=$(ecn_payload_get)

	ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -a $rp2_mac -b $rp1_mac \
		-A 192.0.2.66 -B 192.0.2.65 -t ip \
			len=48,tos=$outer_tos,proto=47,p=$payload -q &

	mz_pid=$!

	devlink_trap_exception_test $trap_name

	tc_check_packets "dev $swp1 egress" 101 0
	check_err $? "Packets were not dropped"

	log_test "$desc: Inner ECN is not ECT and outer is $ecn_desc"

	kill $mz_pid && wait $mz_pid &> /dev/null
	tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower
}

no_matching_tunnel_test()
{
	local trap_name="decap_error"
	local desc=$1; shift
	local sip=$1; shift
	local mz_pid

	RET=0

	tc filter add dev $swp1 egress protocol ip pref 1 handle 101 \
		flower src_ip 192.0.1.1 dst_ip 192.0.2.1 action pass

	rp1_mac=$(mac_get $rp1)
	rp2_mac=$(mac_get $rp2)
	payload=$(ipip_payload_get "$@")

	ip vrf exec v$rp2 $MZ $rp2 -c 0 -d 1msec -a $rp2_mac -b $rp1_mac \
		-A $sip -B 192.0.2.65 -t ip len=48,proto=47,p=$payload -q &
	mz_pid=$!

	devlink_trap_exception_test $trap_name

	tc_check_packets "dev $swp1 egress" 101 0
	check_err $? "Packets were not dropped"

	log_test "$desc"

	kill $mz_pid && wait $mz_pid &> /dev/null
	tc filter del dev $swp1 egress protocol ip pref 1 handle 101 flower
}

decap_error_test()
{
	# Correct source IP - the remote address
	local sip=192.0.2.66

	ecn_decap_test "Decap error" "ECT(1)" 01
	ecn_decap_test "Decap error" "ECT(0)" 02
	ecn_decap_test "Decap error" "CE" 03

	no_matching_tunnel_test "Decap error: Source IP check failed" \
		192.0.2.68 "0"
	no_matching_tunnel_test \
		"Decap error: Key exists but was not expected" $sip "2" \
		"00:00:00:E9:"

	# Destroy the tunnel and create new one with key
	__addr_add_del g1 del 192.0.2.65/32
	tunnel_destroy g1

	tunnel_create g1 gre 192.0.2.65 192.0.2.66 tos inherit key 233
	__addr_add_del g1 add 192.0.2.65/32

	no_matching_tunnel_test \
		"Decap error: Key does not exist but was expected" $sip "0"
	no_matching_tunnel_test \
		"Decap error: Packet has a wrong key field" $sip "2" \
		"00:00:00:E8:"
}

trap cleanup EXIT

setup_prepare
setup_wait
tests_run

exit $EXIT_STATUS