Commit 1d127eff authored by Davide Caratti's avatar Davide Caratti Committed by Jakub Kicinski

selftests: add a test case for mirred egress to ingress

add a selftest that verifies the correct behavior of TC act_mirred egress
to ingress: in particular, it checks if the dst_entry is removed from skb
before redirect egress -> ingress. The correct behavior is: an ICMP 'echo
request' generated by ping will be received and generate a reply the same
way as the one generated by mausezahn.
Suggested-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
Acked-by: default avatarCong Wang <cong.wang@bytedance.com>
Reviewed-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent f799ada6
...@@ -6,6 +6,7 @@ CONFIG_IPV6_MULTIPLE_TABLES=y ...@@ -6,6 +6,7 @@ CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_NET_VRF=m CONFIG_NET_VRF=m
CONFIG_BPF_SYSCALL=y CONFIG_BPF_SYSCALL=y
CONFIG_CGROUP_BPF=y CONFIG_CGROUP_BPF=y
CONFIG_NET_ACT_CT=m
CONFIG_NET_ACT_MIRRED=m CONFIG_NET_ACT_MIRRED=m
CONFIG_NET_ACT_MPLS=m CONFIG_NET_ACT_MPLS=m
CONFIG_NET_ACT_VLAN=m CONFIG_NET_ACT_VLAN=m
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \ ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \
mirred_egress_mirror_test matchall_mirred_egress_mirror_test \ mirred_egress_mirror_test matchall_mirred_egress_mirror_test \
gact_trap_test" gact_trap_test mirred_egress_to_ingress_test"
NUM_NETIFS=4 NUM_NETIFS=4
source tc_common.sh source tc_common.sh
source lib.sh source lib.sh
...@@ -13,10 +13,12 @@ tcflags="skip_hw" ...@@ -13,10 +13,12 @@ tcflags="skip_hw"
h1_create() h1_create()
{ {
simple_if_init $h1 192.0.2.1/24 simple_if_init $h1 192.0.2.1/24
tc qdisc add dev $h1 clsact
} }
h1_destroy() h1_destroy()
{ {
tc qdisc del dev $h1 clsact
simple_if_fini $h1 192.0.2.1/24 simple_if_fini $h1 192.0.2.1/24
} }
...@@ -153,6 +155,49 @@ gact_trap_test() ...@@ -153,6 +155,49 @@ gact_trap_test()
log_test "trap ($tcflags)" log_test "trap ($tcflags)"
} }
mirred_egress_to_ingress_test()
{
RET=0
tc filter add dev $h1 protocol ip pref 100 handle 100 egress flower \
ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 8 action \
ct commit nat src addr 192.0.2.2 pipe \
ct clear pipe \
ct commit nat dst addr 192.0.2.1 pipe \
mirred ingress redirect dev $h1
tc filter add dev $swp1 protocol ip pref 11 handle 111 ingress flower \
ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 8 action drop
tc filter add dev $swp1 protocol ip pref 12 handle 112 ingress flower \
ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 0 action pass
$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
-t icmp "ping,id=42,seq=10" -q
tc_check_packets "dev $h1 egress" 100 1
check_err $? "didn't mirror first packet"
tc_check_packets "dev $swp1 ingress" 111 1
check_fail $? "didn't redirect first packet"
tc_check_packets "dev $swp1 ingress" 112 1
check_err $? "didn't receive reply to first packet"
ping 192.0.2.2 -I$h1 -c1 -w1 -q 1>/dev/null 2>&1
tc_check_packets "dev $h1 egress" 100 2
check_err $? "didn't mirror second packet"
tc_check_packets "dev $swp1 ingress" 111 1
check_fail $? "didn't redirect second packet"
tc_check_packets "dev $swp1 ingress" 112 2
check_err $? "didn't receive reply to second packet"
tc filter del dev $h1 egress protocol ip pref 100 handle 100 flower
tc filter del dev $swp1 ingress protocol ip pref 11 handle 111 flower
tc filter del dev $swp1 ingress protocol ip pref 12 handle 112 flower
log_test "mirred_egress_to_ingress ($tcflags)"
}
setup_prepare() setup_prepare()
{ {
h1=${NETIFS[p1]} h1=${NETIFS[p1]}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment