1 #!/bin/bash 2 # SPDX-License-Identifier: GPL-2.0 3 4 # Test for resource limit of offloaded flower rules. The test adds a given 5 # number of flower matches for different IPv6 addresses, then check the offload 6 # indication for all of the tc flower rules. This file contains functions to set 7 # up a testing topology and run the test, and is meant to be sourced from a test 8 # script that calls the testing routine with a given number of rules. 9 10 TC_FLOWER_NUM_NETIFS=2 11 12 tc_flower_h1_create() 13 { 14 simple_if_init $h1 15 tc qdisc add dev $h1 clsact 16 } 17 18 tc_flower_h1_destroy() 19 { 20 tc qdisc del dev $h1 clsact 21 simple_if_fini $h1 22 } 23 24 tc_flower_h2_create() 25 { 26 simple_if_init $h2 27 tc qdisc add dev $h2 clsact 28 } 29 30 tc_flower_h2_destroy() 31 { 32 tc qdisc del dev $h2 clsact 33 simple_if_fini $h2 34 } 35 36 tc_flower_setup_prepare() 37 { 38 h1=${NETIFS[p1]} 39 h2=${NETIFS[p2]} 40 41 vrf_prepare 42 43 tc_flower_h1_create 44 tc_flower_h2_create 45 } 46 47 tc_flower_cleanup() 48 { 49 pre_cleanup 50 51 tc_flower_h2_destroy 52 tc_flower_h1_destroy 53 54 vrf_cleanup 55 56 if [[ -v TC_FLOWER_BATCH_FILE ]]; then 57 rm -f $TC_FLOWER_BATCH_FILE 58 fi 59 } 60 61 tc_flower_addr() 62 { 63 local num=$1; shift 64 65 printf "2001:db8:1::%x" $num 66 } 67 68 tc_flower_rules_create() 69 { 70 local count=$1; shift 71 local should_fail=$1; shift 72 73 TC_FLOWER_BATCH_FILE="$(mktemp)" 74 75 for ((i = 0; i < count; ++i)); do 76 cat >> $TC_FLOWER_BATCH_FILE <<-EOF 77 filter add dev $h2 ingress \ 78 prot ipv6 \ 79 pref 1000 \ 80 handle 42$i \ 81 flower $tcflags dst_ip $(tc_flower_addr $i) \ 82 action drop 83 EOF 84 done 85 86 tc -b $TC_FLOWER_BATCH_FILE 87 check_err_fail $should_fail $? "Rule insertion" 88 } 89 90 __tc_flower_test() 91 { 92 local count=$1; shift 93 local should_fail=$1; shift 94 local last=$((count - 1)) 95 96 tc_flower_rules_create $count $should_fail 97 98 offload_count=$(tc -j -s filter show dev $h2 ingress | 99 jq -r '[ .[] | select(.kind == "flower") | 100 .options | .in_hw ]' | jq .[] | wc -l) 101 [[ $((offload_count - 1)) -eq $count ]] 102 check_err_fail $should_fail $? "Attempt to offload $count rules (actual result $((offload_count - 1)))" 103 } 104 105 tc_flower_test() 106 { 107 local count=$1; shift 108 local should_fail=$1; shift 109 110 # We use lower 16 bits of IPv6 address for match. Also there are only 16 111 # bits of rule priority space. 112 if ((count > 65536)); then 113 check_err 1 "Invalid count of $count. At most 65536 rules supported" 114 return 115 fi 116 117 if ! tc_offload_check $TC_FLOWER_NUM_NETIFS; then 118 check_err 1 "Could not test offloaded functionality" 119 return 120 fi 121 122 tcflags="skip_sw" 123 __tc_flower_test $count $should_fail 124 } 125 126 tc_flower_traffic_test() 127 { 128 local count=$1; shift 129 local i; 130 131 for ((i = count - 1; i > 0; i /= 2)); do 132 $MZ -6 $h1 -c 1 -d 20msec -p 100 -a own -b $(mac_get $h2) \ 133 -A $(tc_flower_addr 0) -B $(tc_flower_addr $i) \ 134 -q -t udp sp=54321,dp=12345 135 done 136 for ((i = count - 1; i > 0; i /= 2)); do 137 tc_check_packets "dev $h2 ingress" 42$i 1 138 check_err $? "Traffic not seen at rule #$i" 139 done 140 }
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.