selftests: mlxsw: Add a test for blackhole routes
Use a simple topology consisting of two hosts directly connected to a router. Make sure IPv4/IPv6 ping works and then add blackhole routes. Test that ping fails and that the routes are marked as offloaded. Use a simple tc filter to test that packets were dropped by the ASIC and not trapped to the CPU. Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
2810c3b252
commit
a98232a164
200
tools/testing/selftests/drivers/net/mlxsw/blackhole_routes.sh
Executable file
200
tools/testing/selftests/drivers/net/mlxsw/blackhole_routes.sh
Executable file
@ -0,0 +1,200 @@
|
||||
#!/bin/bash
|
||||
# SPDX-License-Identifier: GPL-2.0
|
||||
#
|
||||
# Test that blackhole routes are marked as offloaded and that packets hitting
|
||||
# them are dropped by the ASIC and not by the kernel.
|
||||
#
|
||||
# +---------------------------------+
|
||||
# | H1 (vrf) |
|
||||
# | + $h1 |
|
||||
# | | 192.0.2.1/24 |
|
||||
# | | 2001:db8:1::1/64 |
|
||||
# | | |
|
||||
# | | default via 192.0.2.2 |
|
||||
# | | default via 2001:db8:1::2 |
|
||||
# +----|----------------------------+
|
||||
# |
|
||||
# +----|----------------------------------------------------------------------+
|
||||
# | SW | |
|
||||
# | + $rp1 |
|
||||
# | 192.0.2.2/24 |
|
||||
# | 2001:db8:1::2/64 |
|
||||
# | |
|
||||
# | 2001:db8:2::2/64 |
|
||||
# | 198.51.100.2/24 |
|
||||
# | + $rp2 |
|
||||
# | | |
|
||||
# +----|----------------------------------------------------------------------+
|
||||
# |
|
||||
# +----|----------------------------+
|
||||
# | | default via 198.51.100.2 |
|
||||
# | | default via 2001:db8:2::2 |
|
||||
# | | |
|
||||
# | | 2001:db8:2::1/64 |
|
||||
# | | 198.51.100.1/24 |
|
||||
# | + $h2 |
|
||||
# | H2 (vrf) |
|
||||
# +---------------------------------+
|
||||
|
||||
lib_dir=$(dirname $0)/../../../net/forwarding
|
||||
|
||||
ALL_TESTS="
|
||||
ping_ipv4
|
||||
ping_ipv6
|
||||
blackhole_ipv4
|
||||
blackhole_ipv6
|
||||
"
|
||||
NUM_NETIFS=4
|
||||
source $lib_dir/tc_common.sh
|
||||
source $lib_dir/lib.sh
|
||||
|
||||
h1_create()
|
||||
{
|
||||
simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64
|
||||
|
||||
ip -4 route add default vrf v$h1 nexthop via 192.0.2.2
|
||||
ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2
|
||||
}
|
||||
|
||||
h1_destroy()
|
||||
{
|
||||
ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2
|
||||
ip -4 route del default vrf v$h1 nexthop via 192.0.2.2
|
||||
|
||||
simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
|
||||
}
|
||||
|
||||
h2_create()
|
||||
{
|
||||
simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64
|
||||
|
||||
ip -4 route add default vrf v$h2 nexthop via 198.51.100.2
|
||||
ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2
|
||||
}
|
||||
|
||||
h2_destroy()
|
||||
{
|
||||
ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2
|
||||
ip -4 route del default vrf v$h2 nexthop via 198.51.100.2
|
||||
|
||||
simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64
|
||||
}
|
||||
|
||||
router_create()
|
||||
{
|
||||
ip link set dev $rp1 up
|
||||
ip link set dev $rp2 up
|
||||
|
||||
tc qdisc add dev $rp1 clsact
|
||||
|
||||
__addr_add_del $rp1 add 192.0.2.2/24 2001:db8:1::2/64
|
||||
__addr_add_del $rp2 add 198.51.100.2/24 2001:db8:2::2/64
|
||||
}
|
||||
|
||||
router_destroy()
|
||||
{
|
||||
__addr_add_del $rp2 del 198.51.100.2/24 2001:db8:2::2/64
|
||||
__addr_add_del $rp1 del 192.0.2.2/24 2001:db8:1::2/64
|
||||
|
||||
tc qdisc del dev $rp1 clsact
|
||||
|
||||
ip link set dev $rp2 down
|
||||
ip link set dev $rp1 down
|
||||
}
|
||||
|
||||
ping_ipv4()
|
||||
{
|
||||
ping_test $h1 198.51.100.1 ": h1->h2"
|
||||
}
|
||||
|
||||
ping_ipv6()
|
||||
{
|
||||
ping6_test $h1 2001:db8:2::1 ": h1->h2"
|
||||
}
|
||||
|
||||
blackhole_ipv4()
|
||||
{
|
||||
# Transmit packets from H1 to H2 and make sure they are dropped by the
|
||||
# ASIC and not by the kernel
|
||||
RET=0
|
||||
|
||||
ip -4 route add blackhole 198.51.100.0/30
|
||||
tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
|
||||
skip_hw dst_ip 198.51.100.1 src_ip 192.0.2.1 ip_proto icmp \
|
||||
action pass
|
||||
|
||||
ip -4 route show 198.51.100.0/30 | grep -q offload
|
||||
check_err $? "route not marked as offloaded when should"
|
||||
|
||||
ping_do $h1 198.51.100.1
|
||||
check_fail $? "ping passed when should not"
|
||||
|
||||
tc_check_packets "dev $rp1 ingress" 101 0
|
||||
check_err $? "packets trapped and not dropped by ASIC"
|
||||
|
||||
log_test "IPv4 blackhole route"
|
||||
|
||||
tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
|
||||
ip -4 route del blackhole 198.51.100.0/30
|
||||
}
|
||||
|
||||
blackhole_ipv6()
|
||||
{
|
||||
RET=0
|
||||
|
||||
ip -6 route add blackhole 2001:db8:2::/120
|
||||
tc filter add dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower \
|
||||
skip_hw dst_ip 2001:db8:2::1 src_ip 2001:db8:1::1 \
|
||||
ip_proto icmpv6 action pass
|
||||
|
||||
ip -6 route show 2001:db8:2::/120 | grep -q offload
|
||||
check_err $? "route not marked as offloaded when should"
|
||||
|
||||
ping6_do $h1 2001:db8:2::1
|
||||
check_fail $? "ping passed when should not"
|
||||
|
||||
tc_check_packets "dev $rp1 ingress" 101 0
|
||||
check_err $? "packets trapped and not dropped by ASIC"
|
||||
|
||||
log_test "IPv6 blackhole route"
|
||||
|
||||
tc filter del dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower
|
||||
ip -6 route del blackhole 2001:db8:2::/120
|
||||
}
|
||||
|
||||
setup_prepare()
|
||||
{
|
||||
h1=${NETIFS[p1]}
|
||||
rp1=${NETIFS[p2]}
|
||||
|
||||
rp2=${NETIFS[p3]}
|
||||
h2=${NETIFS[p4]}
|
||||
|
||||
vrf_prepare
|
||||
forwarding_enable
|
||||
|
||||
h1_create
|
||||
h2_create
|
||||
router_create
|
||||
}
|
||||
|
||||
cleanup()
|
||||
{
|
||||
pre_cleanup
|
||||
|
||||
router_destroy
|
||||
h2_destroy
|
||||
h1_destroy
|
||||
|
||||
forwarding_restore
|
||||
vrf_cleanup
|
||||
}
|
||||
|
||||
trap cleanup EXIT
|
||||
|
||||
setup_prepare
|
||||
setup_wait
|
||||
|
||||
tests_run
|
||||
|
||||
exit $EXIT_STATUS
|
Loading…
Reference in New Issue
Block a user