1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Test devlink-trap L3 exceptions functionality over mlxsw.
5# Check all exception traps to make sure they are triggered under the right
6# conditions.
7
8# +---------------------------------+
9# | H1 (vrf)                        |
10# |    + $h1                        |
11# |    | 192.0.2.1/24               |
12# |    | 2001:db8:1::1/64           |
13# |    |                            |
14# |    |  default via 192.0.2.2     |
15# |    |  default via 2001:db8:1::2 |
16# +----|----------------------------+
17#      |
18# +----|----------------------------------------------------------------------+
19# | SW |                                                                      |
20# |    + $rp1                                                                 |
21# |        192.0.2.2/24                                                       |
22# |        2001:db8:1::2/64                                                   |
23# |                                                                           |
24# |        2001:db8:2::2/64                                                   |
25# |        198.51.100.2/24                                                    |
26# |    + $rp2                                                                 |
27# |    |                                                                      |
28# +----|----------------------------------------------------------------------+
29#      |
30# +----|----------------------------+
31# |    |  default via 198.51.100.2  |
32# |    |  default via 2001:db8:2::2 |
33# |    |                            |
34# |    | 2001:db8:2::1/64           |
35# |    | 198.51.100.1/24            |
36# |    + $h2                        |
37# | H2 (vrf)                        |
38# +---------------------------------+
39
40lib_dir=$(dirname $0)/../../../net/forwarding
41
42ALL_TESTS="
43	mtu_value_is_too_small_test
44	ttl_value_is_too_small_test
45	mc_reverse_path_forwarding_test
46	reject_route_test
47	unresolved_neigh_test
48	ipv4_lpm_miss_test
49	ipv6_lpm_miss_test
50"
51
52NUM_NETIFS=4
53source $lib_dir/lib.sh
54source $lib_dir/tc_common.sh
55source $lib_dir/devlink_lib.sh
56
57require_command $MCD
58require_command $MC_CLI
59table_name=selftests
60
61h1_create()
62{
63	simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64
64
65	ip -4 route add default vrf v$h1 nexthop via 192.0.2.2
66	ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2
67
68	tc qdisc add dev $h1 clsact
69}
70
71h1_destroy()
72{
73	tc qdisc del dev $h1 clsact
74
75	ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2
76	ip -4 route del default vrf v$h1 nexthop via 192.0.2.2
77
78	simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
79}
80
81h2_create()
82{
83	simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64
84
85	ip -4 route add default vrf v$h2 nexthop via 198.51.100.2
86	ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2
87}
88
89h2_destroy()
90{
91	ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2
92	ip -4 route del default vrf v$h2 nexthop via 198.51.100.2
93
94	simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64
95}
96
97router_create()
98{
99	ip link set dev $rp1 up
100	ip link set dev $rp2 up
101
102	tc qdisc add dev $rp2 clsact
103
104	__addr_add_del $rp1 add 192.0.2.2/24 2001:db8:1::2/64
105	__addr_add_del $rp2 add 198.51.100.2/24 2001:db8:2::2/64
106}
107
108router_destroy()
109{
110	__addr_add_del $rp2 del 198.51.100.2/24 2001:db8:2::2/64
111	__addr_add_del $rp1 del 192.0.2.2/24 2001:db8:1::2/64
112
113	tc qdisc del dev $rp2 clsact
114
115	ip link set dev $rp2 down
116	ip link set dev $rp1 down
117}
118
119setup_prepare()
120{
121	h1=${NETIFS[p1]}
122	rp1=${NETIFS[p2]}
123
124	rp2=${NETIFS[p3]}
125	h2=${NETIFS[p4]}
126
127	rp1mac=$(mac_get $rp1)
128
129	start_mcd
130
131	vrf_prepare
132	forwarding_enable
133
134	h1_create
135	h2_create
136
137	router_create
138}
139
140cleanup()
141{
142	pre_cleanup
143
144	router_destroy
145
146	h2_destroy
147	h1_destroy
148
149	forwarding_restore
150	vrf_cleanup
151
152	kill_mcd
153}
154
155ping_check()
156{
157	ping_do $h1 198.51.100.1
158	check_err $? "Packets that should not be trapped were trapped"
159}
160
161trap_action_check()
162{
163	local trap_name=$1; shift
164	local expected_action=$1; shift
165
166	action=$(devlink_trap_action_get $trap_name)
167	if [ "$action" != $expected_action ]; then
168		check_err 1 "Trap $trap_name has wrong action: $action"
169	fi
170}
171
172mtu_value_is_too_small_test()
173{
174	local trap_name="mtu_value_is_too_small"
175	local expected_action="trap"
176	local mz_pid
177
178	RET=0
179
180	ping_check $trap_name
181	trap_action_check $trap_name $expected_action
182
183	# type - Destination Unreachable
184	# code - Fragmentation Needed and Don't Fragment was Set
185	tc filter add dev $h1 ingress protocol ip pref 1 handle 101 \
186		flower skip_hw ip_proto icmp type 3 code 4 action pass
187
188	mtu_set $rp2 1300
189
190	# Generate IP packets bigger than router's MTU with don't fragment
191	# flag on.
192	$MZ $h1 -t udp "sp=54321,dp=12345,df" -p 1400 -c 0 -d 1msec -b $rp1mac \
193		-B 198.51.100.1 -q &
194	mz_pid=$!
195
196	devlink_trap_exception_test $trap_name
197
198	tc_check_packets_hitting "dev $h1 ingress" 101
199	check_err $? "Packets were not received to h1"
200
201	log_test "MTU value is too small"
202
203	mtu_restore $rp2
204
205	kill $mz_pid && wait $mz_pid &> /dev/null
206	tc filter del dev $h1 ingress protocol ip pref 1 handle 101 flower
207}
208
209__ttl_value_is_too_small_test()
210{
211	local ttl_val=$1; shift
212	local trap_name="ttl_value_is_too_small"
213	local expected_action="trap"
214	local mz_pid
215
216	RET=0
217
218	ping_check $trap_name
219	trap_action_check $trap_name $expected_action
220
221	# type - Time Exceeded
222	# code - Time to Live exceeded in Transit
223	tc filter add dev $h1 ingress protocol ip pref 1 handle 101 \
224		 flower skip_hw ip_proto icmp type 11 code 0 action pass
225
226	# Generate IP packets with small TTL
227	$MZ $h1 -t udp "ttl=$ttl_val,sp=54321,dp=12345" -c 0 -d 1msec \
228		-b $rp1mac -B 198.51.100.1 -q &
229	mz_pid=$!
230
231	devlink_trap_exception_test $trap_name
232
233	tc_check_packets_hitting "dev $h1 ingress" 101
234	check_err $? "Packets were not received to h1"
235
236	log_test "TTL value is too small: TTL=$ttl_val"
237
238	kill $mz_pid && wait $mz_pid &> /dev/null
239	tc filter del dev $h1 ingress protocol ip pref 1 handle 101 flower
240}
241
242ttl_value_is_too_small_test()
243{
244	__ttl_value_is_too_small_test 0
245	__ttl_value_is_too_small_test 1
246}
247
248start_mcd()
249{
250	SMCROUTEDIR="$(mktemp -d)"
251	for ((i = 1; i <= $NUM_NETIFS; ++i)); do
252		 echo "phyint ${NETIFS[p$i]} enable" >> \
253			 $SMCROUTEDIR/$table_name.conf
254	done
255
256	$MCD -N -I $table_name -f $SMCROUTEDIR/$table_name.conf \
257		-P $SMCROUTEDIR/$table_name.pid
258}
259
260kill_mcd()
261{
262	pkill $MCD
263	rm -rf $SMCROUTEDIR
264}
265
266__mc_reverse_path_forwarding_test()
267{
268	local desc=$1; shift
269	local src_ip=$1; shift
270	local dst_ip=$1; shift
271	local dst_mac=$1; shift
272	local proto=$1; shift
273	local flags=${1:-""}; shift
274	local trap_name="mc_reverse_path_forwarding"
275	local expected_action="trap"
276	local mz_pid
277
278	RET=0
279
280	ping_check $trap_name
281	trap_action_check $trap_name $expected_action
282
283	tc filter add dev $rp2 egress protocol $proto pref 1 handle 101 \
284		flower dst_ip $dst_ip ip_proto udp action drop
285
286	$MC_CLI -I $table_name add $rp1 $src_ip $dst_ip $rp2
287
288	# Generate packets to multicast address.
289	$MZ $h2 $flags -t udp "sp=54321,dp=12345" -c 0 -p 128 \
290		-a 00:11:22:33:44:55 -b $dst_mac \
291		-A $src_ip -B $dst_ip -q &
292
293	mz_pid=$!
294
295	devlink_trap_exception_test $trap_name
296
297	tc_check_packets "dev $rp2 egress" 101 0
298	check_err $? "Packets were not dropped"
299
300	log_test "Multicast reverse path forwarding: $desc"
301
302	kill $mz_pid && wait $mz_pid &> /dev/null
303	tc filter del dev $rp2 egress protocol $proto pref 1 handle 101 flower
304}
305
306mc_reverse_path_forwarding_test()
307{
308	__mc_reverse_path_forwarding_test "IPv4" "192.0.2.1" "225.1.2.3" \
309		"01:00:5e:01:02:03" "ip"
310	__mc_reverse_path_forwarding_test "IPv6" "2001:db8:1::1" "ff0e::3" \
311		"33:33:00:00:00:03" "ipv6" "-6"
312}
313
314__reject_route_test()
315{
316	local desc=$1; shift
317	local dst_ip=$1; shift
318	local proto=$1; shift
319	local ip_proto=$1; shift
320	local type=$1; shift
321	local code=$1; shift
322	local unreachable=$1; shift
323	local flags=${1:-""}; shift
324	local trap_name="reject_route"
325	local expected_action="trap"
326	local mz_pid
327
328	RET=0
329
330	ping_check $trap_name
331	trap_action_check $trap_name $expected_action
332
333	tc filter add dev $h1 ingress protocol $proto pref 1 handle 101 flower \
334		skip_hw ip_proto $ip_proto type $type code $code action pass
335
336	ip route add unreachable $unreachable
337
338	# Generate pacekts to h2. The destination IP is unreachable.
339	$MZ $flags $h1 -t udp "sp=54321,dp=12345" -c 0 -d 1msec -b $rp1mac \
340		-B $dst_ip -q &
341	mz_pid=$!
342
343	devlink_trap_exception_test $trap_name
344
345	tc_check_packets_hitting "dev $h1 ingress" 101
346	check_err $? "ICMP packet was not received to h1"
347
348	log_test "Reject route: $desc"
349
350	kill $mz_pid && wait $mz_pid &> /dev/null
351	ip route del unreachable $unreachable
352	tc filter del dev $h1 ingress protocol $proto pref 1 handle 101 flower
353}
354
355reject_route_test()
356{
357	# type - Destination Unreachable
358	# code - Host Unreachable
359	__reject_route_test "IPv4" 198.51.100.1 "ip" "icmp" 3 1 \
360		"198.51.100.0/26"
361	# type - Destination Unreachable
362	# code - No Route
363	__reject_route_test "IPv6" 2001:db8:2::1 "ipv6" "icmpv6" 1 0 \
364		"2001:db8:2::0/66" "-6"
365}
366
367__host_miss_test()
368{
369	local desc=$1; shift
370	local dip=$1; shift
371	local trap_name="unresolved_neigh"
372	local expected_action="trap"
373	local mz_pid
374
375	RET=0
376
377	ping_check $trap_name
378	trap_action_check $trap_name $expected_action
379
380	ip neigh flush dev $rp2
381
382	t0_packets=$(devlink_trap_rx_packets_get $trap_name)
383
384	# Generate packets to h2 (will incur a unresolved neighbor).
385	# The ping should pass and devlink counters should be increased.
386	ping_do $h1 $dip
387	check_err $? "ping failed: $desc"
388
389	t1_packets=$(devlink_trap_rx_packets_get $trap_name)
390
391	if [[ $t0_packets -eq $t1_packets ]]; then
392		check_err 1 "Trap counter did not increase"
393	fi
394
395	log_test "Unresolved neigh: host miss: $desc"
396}
397
398__invalid_nexthop_test()
399{
400	local desc=$1; shift
401	local dip=$1; shift
402	local extra_add=$1; shift
403	local subnet=$1; shift
404	local via_add=$1; shift
405	local trap_name="unresolved_neigh"
406	local expected_action="trap"
407	local mz_pid
408
409	RET=0
410
411	ping_check $trap_name
412	trap_action_check $trap_name $expected_action
413
414	ip address add $extra_add/$subnet dev $h2
415
416	# Check that correct route does not trigger unresolved_neigh
417	ip $flags route add $dip via $extra_add dev $rp2
418
419	# Generate packets in order to discover all neighbours.
420	# Without it, counters of unresolved_neigh will be increased
421	# during neighbours discovery and the check below will fail
422	# for a wrong reason
423	ping_do $h1 $dip
424
425	t0_packets=$(devlink_trap_rx_packets_get $trap_name)
426	ping_do $h1 $dip
427	t1_packets=$(devlink_trap_rx_packets_get $trap_name)
428
429	if [[ $t0_packets -ne $t1_packets ]]; then
430		check_err 1 "Trap counter increased when it should not"
431	fi
432
433	ip $flags route del $dip via $extra_add dev $rp2
434
435	# Check that route to nexthop that does not exist trigger
436	# unresolved_neigh
437	ip $flags route add $dip via $via_add dev $h2
438
439	t0_packets=$(devlink_trap_rx_packets_get $trap_name)
440	ping_do $h1 $dip
441	t1_packets=$(devlink_trap_rx_packets_get $trap_name)
442
443	if [[ $t0_packets -eq $t1_packets ]]; then
444		check_err 1 "Trap counter did not increase"
445	fi
446
447	ip $flags route del $dip via $via_add dev $h2
448	ip address del $extra_add/$subnet dev $h2
449	log_test "Unresolved neigh: nexthop does not exist: $desc"
450}
451
452__invalid_nexthop_bucket_test()
453{
454	local desc=$1; shift
455	local dip=$1; shift
456	local via_add=$1; shift
457	local trap_name="unresolved_neigh"
458
459	RET=0
460
461	# Check that route to nexthop that does not exist triggers
462	# unresolved_neigh
463	ip nexthop add id 1 via $via_add dev $rp2
464	ip nexthop add id 10 group 1 type resilient buckets 32
465	ip route add $dip nhid 10
466
467	t0_packets=$(devlink_trap_rx_packets_get $trap_name)
468	ping_do $h1 $dip
469	t1_packets=$(devlink_trap_rx_packets_get $trap_name)
470
471	if [[ $t0_packets -eq $t1_packets ]]; then
472		check_err 1 "Trap counter did not increase"
473	fi
474
475	ip route del $dip nhid 10
476	ip nexthop del id 10
477	ip nexthop del id 1
478	log_test "Unresolved neigh: nexthop bucket does not exist: $desc"
479}
480
481unresolved_neigh_test()
482{
483	__host_miss_test "IPv4" 198.51.100.1
484	__host_miss_test "IPv6" 2001:db8:2::1
485	__invalid_nexthop_test "IPv4" 198.51.100.1 198.51.100.3 24 198.51.100.4
486	__invalid_nexthop_test "IPv6" 2001:db8:2::1 2001:db8:2::3 64 \
487		2001:db8:2::4
488	__invalid_nexthop_bucket_test "IPv4" 198.51.100.1 198.51.100.4
489	__invalid_nexthop_bucket_test "IPv6" 2001:db8:2::1 2001:db8:2::4
490}
491
492vrf_without_routes_create()
493{
494	# VRF creating makes the links to be down and then up again.
495	# By default, IPv6 address is not saved after link becomes down.
496	# Save IPv6 address using sysctl configuration.
497	sysctl_set net.ipv6.conf.$rp1.keep_addr_on_down 1
498	sysctl_set net.ipv6.conf.$rp2.keep_addr_on_down 1
499
500	ip link add dev vrf1 type vrf table 101
501	ip link set dev $rp1 master vrf1
502	ip link set dev $rp2 master vrf1
503	ip link set dev vrf1 up
504
505	# Wait for rp1 and rp2 to be up
506	setup_wait
507}
508
509vrf_without_routes_destroy()
510{
511	ip link set dev $rp1 nomaster
512	ip link set dev $rp2 nomaster
513	ip link del dev vrf1
514
515	sysctl_restore net.ipv6.conf.$rp2.keep_addr_on_down
516	sysctl_restore net.ipv6.conf.$rp1.keep_addr_on_down
517
518	# Wait for interfaces to be up
519	setup_wait
520}
521
522ipv4_lpm_miss_test()
523{
524	local trap_name="ipv4_lpm_miss"
525	local expected_action="trap"
526	local mz_pid
527
528	RET=0
529
530	ping_check $trap_name
531	trap_action_check $trap_name $expected_action
532
533	# Create a VRF without a default route
534	vrf_without_routes_create
535
536	# Generate packets through a VRF without a matching route.
537	$MZ $h1 -t udp "sp=54321,dp=12345" -c 0 -d 1msec -b $rp1mac \
538		-B 203.0.113.1 -q &
539	mz_pid=$!
540
541	devlink_trap_exception_test $trap_name
542
543	log_test "LPM miss: IPv4"
544
545	kill $mz_pid && wait $mz_pid &> /dev/null
546	vrf_without_routes_destroy
547}
548
549ipv6_lpm_miss_test()
550{
551	local trap_name="ipv6_lpm_miss"
552	local expected_action="trap"
553	local mz_pid
554
555	RET=0
556
557	ping_check $trap_name
558	trap_action_check $trap_name $expected_action
559
560	# Create a VRF without a default route
561	vrf_without_routes_create
562
563	# Generate packets through a VRF without a matching route.
564	$MZ -6 $h1 -t udp "sp=54321,dp=12345" -c 0 -d 1msec -b $rp1mac \
565		-B 2001:db8::1 -q &
566	mz_pid=$!
567
568	devlink_trap_exception_test $trap_name
569
570	log_test "LPM miss: IPv6"
571
572	kill $mz_pid && wait $mz_pid &> /dev/null
573	vrf_without_routes_destroy
574}
575
576trap cleanup EXIT
577
578setup_prepare
579setup_wait
580
581tests_run
582
583exit $EXIT_STATUS
584