[net-next 2/2] selftests: tc_flower: add destination port tests

Wed, 27 May 2020 14:04:23 -0700 

Verify that tc flower can match on destination port for
udp/tcp for both non-fragment and first fragment cases.

Cc: Jamal Hadi Salim <j...@mojatatu.com>
Cc: Cong Wang <xiyou.wangc...@gmail.com>
Cc: Jiri Pirko <j...@resnulli.us>
Signed-off-by: Jason Baron <jba...@akamai.com>
---
 .../testing/selftests/net/forwarding/tc_flower.sh  | 73 +++++++++++++++++++++-
 1 file changed, 72 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/net/forwarding/tc_flower.sh 
b/tools/testing/selftests/net/forwarding/tc_flower.sh
index 058c746..6424084 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower.sh
@@ -3,7 +3,8 @@
 
 ALL_TESTS="match_dst_mac_test match_src_mac_test match_dst_ip_test \
        match_src_ip_test match_ip_flags_test match_pcp_test match_vlan_test \
-       match_ip_tos_test match_indev_test"
+       match_ip_tos_test match_indev_test match_dst_port_tcp_test \
+       match_dst_port_udp_test"
 NUM_NETIFS=2
 source tc_common.sh
 source lib.sh
@@ -334,6 +335,76 @@ match_indev_test()
        log_test "indev match ($tcflags)"
 }
 
+match_dst_port_test_helper()
+{
+       RET=0
+       proto="$1"
+
+       tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
+               $tcflags ip_proto $proto dst_port 80 action drop
+       tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
+               $tcflags action drop
+
+       # port match, no fragment
+       $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+               -t $proto dp=80 -q
+
+       tc_check_packets "dev $h2 ingress" 101 1
+       check_err $? "Did not match on correct filter"
+
+       tc_check_packets "dev $h2 ingress" 102 1
+       check_fail $? "Matched on a wrong filter"
+
+       # port mis-match, no fragment
+       $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+               -t $proto dp=81 -q
+
+       tc_check_packets "dev $h2 ingress" 101 2
+       check_fail $? "Matched on a wrong filter"
+
+       tc_check_packets "dev $h2 ingress" 102 1
+       check_err $? "Did not match on correct filter"
+
+       # port match, first fragment
+       $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+               -t $proto dp=80,frag=0,mf -q
+
+       tc_check_packets "dev $h2 ingress" 101 2
+       check_err $? "Did not match on correct filter"
+
+       tc_check_packets "dev $h2 ingress" 102 2
+       check_fail $? "Matched on a wrong filter"
+
+       # port match, non-first fragment
+       $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+               -t $proto dp=80,frag=2,mf -q
+
+       tc_check_packets "dev $h2 ingress" 101 3
+       check_fail $? "Matched on a wrong filter"
+
+       tc_check_packets "dev $h2 ingress" 102 2
+       check_err $? "Did not match on correct filter"
+
+       tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
+       tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
+}
+
+match_dst_port_tcp_test()
+{
+       RET=0
+
+       match_dst_port_test_helper "tcp"
+       log_test "dst_port_tcp match ($tcflags)"
+}
+
+match_dst_port_udp_test()
+{
+       RET=0
+
+       match_dst_port_test_helper "udp"
+       log_test "dst_port_udp match ($tcflags)"
+}
+
 setup_prepare()
 {
        h1=${NETIFS[p1]}
-- 
2.7.4

Reply via email to