| #!/bin/bash |
| # SPDX-License-Identifier: GPL-2.0 |
| # |
| # Test that blackhole routes are marked as offloaded and that packets hitting |
| # them are dropped by the ASIC and not by the kernel. |
| # |
| # +---------------------------------+ |
| # | H1 (vrf) | |
| # | + $h1 | |
| # | | 192.0.2.1/24 | |
| # | | 2001:db8:1::1/64 | |
| # | | | |
| # | | default via 192.0.2.2 | |
| # | | default via 2001:db8:1::2 | |
| # +----|----------------------------+ |
| # | |
| # +----|----------------------------------------------------------------------+ |
| # | SW | | |
| # | + $rp1 | |
| # | 192.0.2.2/24 | |
| # | 2001:db8:1::2/64 | |
| # | | |
| # | 2001:db8:2::2/64 | |
| # | 198.51.100.2/24 | |
| # | + $rp2 | |
| # | | | |
| # +----|----------------------------------------------------------------------+ |
| # | |
| # +----|----------------------------+ |
| # | | default via 198.51.100.2 | |
| # | | default via 2001:db8:2::2 | |
| # | | | |
| # | | 2001:db8:2::1/64 | |
| # | | 198.51.100.1/24 | |
| # | + $h2 | |
| # | H2 (vrf) | |
| # +---------------------------------+ |
| |
| lib_dir=$(dirname $0)/../../../net/forwarding |
| |
| ALL_TESTS=" |
| ping_ipv4 |
| ping_ipv6 |
| blackhole_ipv4 |
| blackhole_ipv6 |
| " |
| NUM_NETIFS=4 |
| source $lib_dir/tc_common.sh |
| source $lib_dir/lib.sh |
| |
| h1_create() |
| { |
| simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64 |
| |
| ip -4 route add default vrf v$h1 nexthop via 192.0.2.2 |
| ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2 |
| } |
| |
| h1_destroy() |
| { |
| ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2 |
| ip -4 route del default vrf v$h1 nexthop via 192.0.2.2 |
| |
| simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64 |
| } |
| |
| h2_create() |
| { |
| simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64 |
| |
| ip -4 route add default vrf v$h2 nexthop via 198.51.100.2 |
| ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2 |
| } |
| |
| h2_destroy() |
| { |
| ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2 |
| ip -4 route del default vrf v$h2 nexthop via 198.51.100.2 |
| |
| simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64 |
| } |
| |
| router_create() |
| { |
| ip link set dev $rp1 up |
| ip link set dev $rp2 up |
| |
| tc qdisc add dev $rp1 clsact |
| |
| __addr_add_del $rp1 add 192.0.2.2/24 2001:db8:1::2/64 |
| __addr_add_del $rp2 add 198.51.100.2/24 2001:db8:2::2/64 |
| } |
| |
| router_destroy() |
| { |
| __addr_add_del $rp2 del 198.51.100.2/24 2001:db8:2::2/64 |
| __addr_add_del $rp1 del 192.0.2.2/24 2001:db8:1::2/64 |
| |
| tc qdisc del dev $rp1 clsact |
| |
| ip link set dev $rp2 down |
| ip link set dev $rp1 down |
| } |
| |
| ping_ipv4() |
| { |
| ping_test $h1 198.51.100.1 ": h1->h2" |
| } |
| |
| ping_ipv6() |
| { |
| ping6_test $h1 2001:db8:2::1 ": h1->h2" |
| } |
| |
| blackhole_ipv4() |
| { |
| # Transmit packets from H1 to H2 and make sure they are dropped by the |
| # ASIC and not by the kernel |
| RET=0 |
| |
| ip -4 route add blackhole 198.51.100.0/30 |
| tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ |
| skip_hw dst_ip 198.51.100.1 src_ip 192.0.2.1 ip_proto icmp \ |
| action pass |
| |
| ip -4 route show 198.51.100.0/30 | grep -q offload |
| check_err $? "route not marked as offloaded when should" |
| |
| ping_do $h1 198.51.100.1 |
| check_fail $? "ping passed when should not" |
| |
| tc_check_packets "dev $rp1 ingress" 101 0 |
| check_err $? "packets trapped and not dropped by ASIC" |
| |
| log_test "IPv4 blackhole route" |
| |
| tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower |
| ip -4 route del blackhole 198.51.100.0/30 |
| } |
| |
| blackhole_ipv6() |
| { |
| RET=0 |
| |
| ip -6 route add blackhole 2001:db8:2::/120 |
| tc filter add dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower \ |
| skip_hw dst_ip 2001:db8:2::1 src_ip 2001:db8:1::1 \ |
| ip_proto icmpv6 action pass |
| |
| ip -6 route show 2001:db8:2::/120 | grep -q offload |
| check_err $? "route not marked as offloaded when should" |
| |
| ping6_do $h1 2001:db8:2::1 |
| check_fail $? "ping passed when should not" |
| |
| tc_check_packets "dev $rp1 ingress" 101 0 |
| check_err $? "packets trapped and not dropped by ASIC" |
| |
| log_test "IPv6 blackhole route" |
| |
| tc filter del dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower |
| ip -6 route del blackhole 2001:db8:2::/120 |
| } |
| |
| setup_prepare() |
| { |
| h1=${NETIFS[p1]} |
| rp1=${NETIFS[p2]} |
| |
| rp2=${NETIFS[p3]} |
| h2=${NETIFS[p4]} |
| |
| vrf_prepare |
| forwarding_enable |
| |
| h1_create |
| h2_create |
| router_create |
| } |
| |
| cleanup() |
| { |
| pre_cleanup |
| |
| router_destroy |
| h2_destroy |
| h1_destroy |
| |
| forwarding_restore |
| vrf_cleanup |
| } |
| |
| trap cleanup EXIT |
| |
| setup_prepare |
| setup_wait |
| |
| tests_run |
| |
| exit $EXIT_STATUS |