1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Test devlink-trap tunnel exceptions functionality over mlxsw.
5# Check all exception traps to make sure they are triggered under the right
6# conditions.
7
8# +-------------------------+
9# | H1                      |
10# |               $h1 +     |
11# |  2001:db8:1::1/64 |     |
12# +-------------------|-----+
13#                     |
14# +-------------------|-----+
15# | SW1               |     |
16# |             $swp1 +     |
17# |  2001:db8:1::2/64       |
18# |                         |
19# |  + g1 (ip6gre)          |
20# |    loc=2001:db8:3::1    |
21# |    rem=2001:db8:3::2    |
22# |    tos=inherit          |
23# |                         |
24# |  + $rp1                 |
25# |  | 2001:db8:10::1/64    |
26# +--|----------------------+
27#    |
28# +--|----------------------+
29# |  |                 VRF2 |
30# |  + $rp2                 |
31# |    2001:db8:10::2/64    |
32# +-------------------------+
33
34lib_dir=$(dirname $0)/../../../../net/forwarding
35
36ALL_TESTS="
37	decap_error_test
38"
39
40NUM_NETIFS=4
41source $lib_dir/lib.sh
42source $lib_dir/tc_common.sh
43source $lib_dir/devlink_lib.sh
44
45h1_create()
46{
47	simple_if_init $h1 2001:db8:1::1/64
48}
49
50h1_destroy()
51{
52	simple_if_fini $h1 2001:db8:1::1/64
53}
54
55vrf2_create()
56{
57	simple_if_init $rp2 2001:db8:10::2/64
58}
59
60vrf2_destroy()
61{
62	simple_if_fini $rp2 2001:db8:10::2/64
63}
64
65switch_create()
66{
67	ip link set dev $swp1 up
68	__addr_add_del $swp1 add 2001:db8:1::2/64
69	tc qdisc add dev $swp1 clsact
70
71	tunnel_create g1 ip6gre 2001:db8:3::1 2001:db8:3::2 tos inherit \
72		ttl inherit
73	ip link set dev g1 up
74	__addr_add_del g1 add 2001:db8:3::1/128
75
76	ip link set dev $rp1 up
77	__addr_add_del $rp1 add 2001:db8:10::1/64
78}
79
80switch_destroy()
81{
82	__addr_add_del $rp1 del 2001:db8:10::1/64
83	ip link set dev $rp1 down
84
85	__addr_add_del g1 del 2001:db8:3::1/128
86	ip link set dev g1 down
87	tunnel_destroy g1
88
89	tc qdisc del dev $swp1 clsact
90	__addr_add_del $swp1 del 2001:db8:1::2/64
91	ip link set dev $swp1 down
92}
93
94setup_prepare()
95{
96	h1=${NETIFS[p1]}
97	swp1=${NETIFS[p2]}
98
99	rp1=${NETIFS[p3]}
100	rp2=${NETIFS[p4]}
101
102	forwarding_enable
103	vrf_prepare
104	h1_create
105	switch_create
106	vrf2_create
107}
108
109cleanup()
110{
111	pre_cleanup
112
113	vrf2_destroy
114	switch_destroy
115	h1_destroy
116	vrf_cleanup
117	forwarding_restore
118}
119
120ipip_payload_get()
121{
122	local saddr="20:01:0d:b8:00:02:00:00:00:00:00:00:00:00:00:01"
123	local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01"
124	local flags=$1; shift
125	local key=$1; shift
126
127	p=$(:
128		)"$flags"$(		      : GRE flags
129	        )"0:00:"$(                    : Reserved + version
130		)"86:dd:"$(		      : ETH protocol type
131		)"$key"$( 		      : Key
132		)"6"$(	                      : IP version
133		)"0:0"$(		      : Traffic class
134		)"0:00:00:"$(		      : Flow label
135		)"00:00:"$(                   : Payload length
136		)"3a:"$(                      : Next header
137		)"04:"$(                      : Hop limit
138		)"$saddr:"$(                  : IP saddr
139		)"$daddr:"$(                  : IP daddr
140		)
141	echo $p
142}
143
144ecn_payload_get()
145{
146	echo $(ipip_payload_get "0")
147}
148
149ecn_decap_test()
150{
151	local trap_name="decap_error"
152	local desc=$1; shift
153	local ecn_desc=$1; shift
154	local outer_tos=$1; shift
155	local mz_pid
156
157	RET=0
158
159	tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \
160		flower src_ip 2001:db8:2::1 dst_ip 2001:db8:1::1 skip_sw \
161		action pass
162
163	rp1_mac=$(mac_get $rp1)
164	rp2_mac=$(mac_get $rp2)
165	payload=$(ecn_payload_get)
166
167	ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -a $rp2_mac -b $rp1_mac \
168		-A 2001:db8:3::2 -B 2001:db8:3::1 -t ip \
169			tos=$outer_tos,next=47,p=$payload -q &
170	mz_pid=$!
171
172	devlink_trap_exception_test $trap_name
173
174	tc_check_packets "dev $swp1 egress" 101 0
175	check_err $? "Packets were not dropped"
176
177	log_test "$desc: Inner ECN is not ECT and outer is $ecn_desc"
178
179	kill $mz_pid && wait $mz_pid &> /dev/null
180	tc filter del dev $swp1 egress protocol ipv6 pref 1 handle 101 flower
181}
182
183no_matching_tunnel_test()
184{
185	local trap_name="decap_error"
186	local desc=$1; shift
187	local sip=$1; shift
188	local mz_pid
189
190	RET=0
191
192	tc filter add dev $swp1 egress protocol ipv6 pref 1 handle 101 \
193		flower src_ip 2001:db8:2::1 dst_ip 2001:db8:1::1 action pass
194
195	rp1_mac=$(mac_get $rp1)
196	rp2_mac=$(mac_get $rp2)
197	payload=$(ipip_payload_get "$@")
198
199	ip vrf exec v$rp2 $MZ -6 $rp2 -c 0 -d 1msec -a $rp2_mac -b $rp1_mac \
200		-A $sip -B 2001:db8:3::1 -t ip next=47,p=$payload -q &
201	mz_pid=$!
202
203	devlink_trap_exception_test $trap_name
204
205	tc_check_packets "dev $swp1 egress" 101 0
206	check_err $? "Packets were not dropped"
207
208	log_test "$desc"
209
210	kill $mz_pid && wait $mz_pid &> /dev/null
211	tc filter del dev $swp1 egress protocol ipv6 pref 1 handle 101 flower
212}
213
214decap_error_test()
215{
216	# Correct source IP - the remote address
217	local sip=2001:db8:3::2
218
219	ecn_decap_test "Decap error" "ECT(1)" 01
220	ecn_decap_test "Decap error" "ECT(0)" 02
221	ecn_decap_test "Decap error" "CE" 03
222
223	no_matching_tunnel_test "Decap error: Source IP check failed" \
224		2001:db8:4::2 "0"
225	no_matching_tunnel_test \
226		"Decap error: Key exists but was not expected" $sip "2" \
227		"00:00:00:E9:"
228
229	# Destroy the tunnel and create new one with key
230	__addr_add_del g1 del 2001:db8:3::1/128
231	tunnel_destroy g1
232
233	tunnel_create g1 ip6gre 2001:db8:3::1 2001:db8:3::2 tos inherit \
234		ttl inherit key 233
235	__addr_add_del g1 add 2001:db8:3::1/128
236
237	no_matching_tunnel_test \
238		"Decap error: Key does not exist but was expected" $sip "0"
239	no_matching_tunnel_test \
240		"Decap error: Packet has a wrong key field" $sip "2" \
241		"00:00:00:E8:"
242}
243
244trap cleanup EXIT
245
246setup_prepare
247setup_wait
248tests_run
249
250exit $EXIT_STATUS
251