1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Test that blackhole routes are marked as offloaded and that packets hitting
5# them are dropped by the ASIC and not by the kernel.
6#
7# +---------------------------------+
8# | H1 (vrf)                        |
9# |    + $h1                        |
10# |    | 192.0.2.1/24               |
11# |    | 2001:db8:1::1/64           |
12# |    |                            |
13# |    |  default via 192.0.2.2     |
14# |    |  default via 2001:db8:1::2 |
15# +----|----------------------------+
16#      |
17# +----|----------------------------------------------------------------------+
18# | SW |                                                                      |
19# |    + $rp1                                                                 |
20# |        192.0.2.2/24                                                       |
21# |        2001:db8:1::2/64                                                   |
22# |                                                                           |
23# |        2001:db8:2::2/64                                                   |
24# |        198.51.100.2/24                                                    |
25# |    + $rp2                                                                 |
26# |    |                                                                      |
27# +----|----------------------------------------------------------------------+
28#      |
29# +----|----------------------------+
30# |    |  default via 198.51.100.2  |
31# |    |  default via 2001:db8:2::2 |
32# |    |                            |
33# |    | 2001:db8:2::1/64           |
34# |    | 198.51.100.1/24            |
35# |    + $h2                        |
36# | H2 (vrf)                        |
37# +---------------------------------+
38
39lib_dir=$(dirname $0)/../../../net/forwarding
40
41ALL_TESTS="
42	ping_ipv4
43	ping_ipv6
44	blackhole_ipv4
45	blackhole_ipv6
46"
47NUM_NETIFS=4
48source $lib_dir/tc_common.sh
49source $lib_dir/lib.sh
50
51h1_create()
52{
53	simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64
54
55	ip -4 route add default vrf v$h1 nexthop via 192.0.2.2
56	ip -6 route add default vrf v$h1 nexthop via 2001:db8:1::2
57}
58
59h1_destroy()
60{
61	ip -6 route del default vrf v$h1 nexthop via 2001:db8:1::2
62	ip -4 route del default vrf v$h1 nexthop via 192.0.2.2
63
64	simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
65}
66
67h2_create()
68{
69	simple_if_init $h2 198.51.100.1/24 2001:db8:2::1/64
70
71	ip -4 route add default vrf v$h2 nexthop via 198.51.100.2
72	ip -6 route add default vrf v$h2 nexthop via 2001:db8:2::2
73}
74
75h2_destroy()
76{
77	ip -6 route del default vrf v$h2 nexthop via 2001:db8:2::2
78	ip -4 route del default vrf v$h2 nexthop via 198.51.100.2
79
80	simple_if_fini $h2 198.51.100.1/24 2001:db8:2::1/64
81}
82
83router_create()
84{
85	ip link set dev $rp1 up
86	ip link set dev $rp2 up
87
88	tc qdisc add dev $rp1 clsact
89
90	__addr_add_del $rp1 add 192.0.2.2/24 2001:db8:1::2/64
91	__addr_add_del $rp2 add 198.51.100.2/24 2001:db8:2::2/64
92}
93
94router_destroy()
95{
96	__addr_add_del $rp2 del 198.51.100.2/24 2001:db8:2::2/64
97	__addr_add_del $rp1 del 192.0.2.2/24 2001:db8:1::2/64
98
99	tc qdisc del dev $rp1 clsact
100
101	ip link set dev $rp2 down
102	ip link set dev $rp1 down
103}
104
105ping_ipv4()
106{
107	ping_test $h1 198.51.100.1 ": h1->h2"
108}
109
110ping_ipv6()
111{
112	ping6_test $h1 2001:db8:2::1 ": h1->h2"
113}
114
115blackhole_ipv4()
116{
117	# Transmit packets from H1 to H2 and make sure they are dropped by the
118	# ASIC and not by the kernel
119	RET=0
120
121	ip -4 route add blackhole 198.51.100.0/30
122	tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
123		skip_hw dst_ip 198.51.100.1 src_ip 192.0.2.1 ip_proto icmp \
124		action pass
125
126	ip -4 route show 198.51.100.0/30 | grep -q offload
127	check_err $? "route not marked as offloaded when should"
128
129	ping_do $h1 198.51.100.1
130	check_fail $? "ping passed when should not"
131
132	tc_check_packets "dev $rp1 ingress" 101 0
133	check_err $? "packets trapped and not dropped by ASIC"
134
135	log_test "IPv4 blackhole route"
136
137	tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
138	ip -4 route del blackhole 198.51.100.0/30
139}
140
141blackhole_ipv6()
142{
143	RET=0
144
145	ip -6 route add blackhole 2001:db8:2::/120
146	tc filter add dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower \
147		skip_hw dst_ip 2001:db8:2::1 src_ip 2001:db8:1::1 \
148		ip_proto icmpv6 action pass
149
150	ip -6 route show 2001:db8:2::/120 | grep -q offload
151	check_err $? "route not marked as offloaded when should"
152
153	ping6_do $h1 2001:db8:2::1
154	check_fail $? "ping passed when should not"
155
156	tc_check_packets "dev $rp1 ingress" 101 0
157	check_err $? "packets trapped and not dropped by ASIC"
158
159	log_test "IPv6 blackhole route"
160
161	tc filter del dev $rp1 ingress protocol ipv6 pref 1 handle 101 flower
162	ip -6 route del blackhole 2001:db8:2::/120
163}
164
165setup_prepare()
166{
167	h1=${NETIFS[p1]}
168	rp1=${NETIFS[p2]}
169
170	rp2=${NETIFS[p3]}
171	h2=${NETIFS[p4]}
172
173	vrf_prepare
174	forwarding_enable
175
176	h1_create
177	h2_create
178	router_create
179}
180
181cleanup()
182{
183	pre_cleanup
184
185	router_destroy
186	h2_destroy
187	h1_destroy
188
189	forwarding_restore
190	vrf_cleanup
191}
192
193trap cleanup EXIT
194
195setup_prepare
196setup_wait
197
198tests_run
199
200exit $EXIT_STATUS
201