linux/tools/testing/selftests/drivers/net/mlxsw/blackhole_routes.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# Test that blackhole routes are marked as offloaded and that packets hitting
# them are dropped by the ASIC and not by the kernel.
#
# +---------------------------------+
# | H1 (vrf)                        |
# |    + $h1                        |
# |    | 192.0.2.1/24               |
# |    | 2001:db8:1::1/64           |
# |    |                            |
# |    |  default via 192.0.2.2     |
# |    |  default via 2001:db8:1::2 |
# +----|----------------------------+
#      |
# +----|----------------------------------------------------------------------+
# | SW |                                                                      |
# |    + $rp1                                                                 |
# |        192.0.2.2/24                                                       |
# |        2001:db8:1::2/64                                                   |
# |                                                                           |
# |        2001:db8:2::2/64                                                   |
# |        198.51.100.2/24                                                    |
# |    + $rp2                                                                 |
# |    |                                                                      |
# +----|----------------------------------------------------------------------+
#      |
# +----|----------------------------+
# |    |  default via 198.51.100.2  |
# |    |  default via 2001:db8:2::2 |
# |    |                            |
# |    | 2001:db8:2::1/64           |
# |    | 198.51.100.1/24            |
# |    + $h2                        |
# | H2 (vrf)                        |
# +---------------------------------+

lib_dir=$(dirname $0)/../../../net/forwarding

ALL_TESTS="
	ping_ipv4
	ping_ipv6
	blackhole_ipv4
	blackhole_ipv6
"
NUM_NETIFS=4
: ${TIMEOUT:=20000} # ms
source $lib_dir/tc_common.sh
source $lib_dir/lib.sh

h1_create()
{
	simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64

	ip -4 route add default vrf v$h1 nexthop via 192.0.2.2
	ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2
}

h1_destroy()
{
	ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2
	ip -4 route del default vrf v$h1 nexthop via 192.0.2.2

	simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
}

h2_create()
{
	simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64

	ip -4 route add default vrf v$h2 nexthop via 198.51.100.2
	ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2
}

h2_destroy()
{
	ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2
	ip -4 route del default vrf v$h2 nexthop via 198.51.100.2

	simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64
}

router_create()
{
	ip link set dev $rp1 up
	ip link set dev $rp2 up

	tc qdisc add dev $rp1 clsact

	__addr_add_del $rp1 add 192.0.2.2/24 2001:db8:1::2/64
	__addr_add_del $rp2 add 198.51.100.2/24 2001:db8:2::2/64
}

router_destroy()
{
	__addr_add_del $rp2 del 198.51.100.2/24 2001:db8:2::2/64
	__addr_add_del $rp1 del 192.0.2.2/24 2001:db8:1::2/64

	tc qdisc del dev $rp1 clsact

	ip link set dev $rp2 down
	ip link set dev $rp1 down
}

ping_ipv4()
{
	ping_test $h1 198.51.100.1 ": h1->h2"
}

ping_ipv6()
{
	ping6_test $h1 2001:db8:2::1 ": h1->h2"
}

blackhole_ipv4()
{
	# Transmit packets from H1 to H2 and make sure they are dropped by the
	# ASIC and not by the kernel
	RET=0

	ip -4 route add blackhole 198.51.100.0/30
	tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
		skip_hw dst_ip 198.51.100.1 src_ip 192.0.2.1 ip_proto icmp \
		action pass

	busywait "$TIMEOUT" wait_for_offload ip -4 route show 198.51.100.0/30
	check_err $? "route not marked as offloaded when should"

	ping_do $h1 198.51.100.1
	check_fail $? "ping passed when should not"

	tc_check_packets "dev $rp1 ingress" 101 0
	check_err $? "packets trapped and not dropped by ASIC"

	log_test "IPv4 blackhole route"

	tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
	ip -4 route del blackhole 198.51.100.0/30
}

blackhole_ipv6()
{
	RET=0

	ip -6 route add blackhole 2001:db8:2::/120
	tc filter add dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower \
		skip_hw dst_ip 2001:db8:2::1 src_ip 2001:db8:1::1 \
		ip_proto icmpv6 action pass

	busywait "$TIMEOUT" wait_for_offload ip -6 route show 2001:db8:2::/120
	check_err $? "route not marked as offloaded when should"

	ping6_do $h1 2001:db8:2::1
	check_fail $? "ping passed when should not"

	tc_check_packets "dev $rp1 ingress" 101 0
	check_err $? "packets trapped and not dropped by ASIC"

	log_test "IPv6 blackhole route"

	tc filter del dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower
	ip -6 route del blackhole 2001:db8:2::/120
}

setup_prepare()
{
	h1=${NETIFS[p1]}
	rp1=${NETIFS[p2]}

	rp2=${NETIFS[p3]}
	h2=${NETIFS[p4]}

	vrf_prepare
	forwarding_enable

	h1_create
	h2_create
	router_create
}

cleanup()
{
	pre_cleanup

	router_destroy
	h2_destroy
	h1_destroy

	forwarding_restore
	vrf_cleanup
}

trap cleanup EXIT

setup_prepare
setup_wait

tests_run

exit $EXIT_STATUS