Linux/tools/testing/selftests/net/forwarding/tc

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 #!/bin/bash 2 # SPDX-License-Identifier: GPL-2.0 3 # 4 # Test tc-police action. 5 # 6 # +---------------------------------+ 7 # | H1 (vrf) | 8 # | + $h1 | 9 # | | 192.0.2.1/24 | 10 # | | | 11 # | | default via 192.0.2.2 | 12 # +----|----------------------------+ 13 # | 14 # +----|----------------------------------------------------------------------+ 15 # | SW | | 16 # | + $rp1 | 17 # | 192.0.2.2/24 | 18 # | | 19 # | 198.51.100.2/24 203.0.113.2/24 | 20 # | + $rp2 + $rp3 | 21 # | | | | 22 # +----|-----------------------------------------|----------------------------+ 23 # | | 24 # +----|----------------------------+ +----|----------------------------+ 25 # | | default via 198.51.100.2 | | | default via 203.0.113.2 | 26 # | | | | | | 27 # | | 198.51.100.1/24 | | | 203.0.113.1/24 | 28 # | + $h2 | | + $h3 | 29 # | H2 (vrf) | | H3 (vrf) | 30 # +---------------------------------+ +---------------------------------+ 31 32 ALL_TESTS=" 33 police_rx_test 34 police_tx_test 35 police_shared_test 36 police_rx_mirror_test 37 police_tx_mirror_test 38 police_pps_rx_test 39 police_pps_tx_test 40 police_mtu_rx_test 41 police_mtu_tx_test 42 " 43 NUM_NETIFS=6 44 source tc_common.sh 45 source lib.sh 46 47 h1_create() 48 { 49 simple_if_init $h1 192.0.2.1/24 50 51 ip -4 route add default vrf v$h1 nexthop via 192.0.2.2 52 } 53 54 h1_destroy() 55 { 56 ip -4 route del default vrf v$h1 nexthop via 192.0.2.2 57 58 simple_if_fini $h1 192.0.2.1/24 59 } 60 61 h2_create() 62 { 63 simple_if_init $h2 198.51.100.1/24 64 65 ip -4 route add default vrf v$h2 nexthop via 198.51.100.2 66 67 tc qdisc add dev $h2 clsact 68 } 69 70 h2_destroy() 71 { 72 tc qdisc del dev $h2 clsact 73 74 ip -4 route del default vrf v$h2 nexthop via 198.51.100.2 75 76 simple_if_fini $h2 198.51.100.1/24 77 } 78 79 h3_create() 80 { 81 simple_if_init $h3 203.0.113.1/24 82 83 ip -4 route add default vrf v$h3 nexthop via 203.0.113.2 84 85 tc qdisc add dev $h3 clsact 86 } 87 88 h3_destroy() 89 { 90 tc qdisc del dev $h3 clsact 91 92 ip -4 route del default vrf v$h3 nexthop via 203.0.113.2 93 94 simple_if_fini $h3 203.0.113.1/24 95 } 96 97 router_create() 98 { 99 ip link set dev $rp1 up 100 ip link set dev $rp2 up 101 ip link set dev $rp3 up 102 103 __addr_add_del $rp1 add 192.0.2.2/24 104 __addr_add_del $rp2 add 198.51.100.2/24 105 __addr_add_del $rp3 add 203.0.113.2/24 106 107 tc qdisc add dev $rp1 clsact 108 tc qdisc add dev $rp2 clsact 109 } 110 111 router_destroy() 112 { 113 tc qdisc del dev $rp2 clsact 114 tc qdisc del dev $rp1 clsact 115 116 __addr_add_del $rp3 del 203.0.113.2/24 117 __addr_add_del $rp2 del 198.51.100.2/24 118 __addr_add_del $rp1 del 192.0.2.2/24 119 120 ip link set dev $rp3 down 121 ip link set dev $rp2 down 122 ip link set dev $rp1 down 123 } 124 125 police_common_test() 126 { 127 local test_name=$1; shift 128 129 RET=0 130 131 # Rule to measure bandwidth on ingress of $h2 132 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 133 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 134 action drop 135 136 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \ 137 -t udp sp=12345,dp=54321 -p 1000 -c 0 -q & 138 139 local t0=$(tc_rule_stats_get $h2 1 ingress .bytes) 140 sleep 10 141 local t1=$(tc_rule_stats_get $h2 1 ingress .bytes) 142 143 local er=$((10 * 1000 * 1000)) 144 local nr=$(rate $t0 $t1 10) 145 local nr_pct=$((100 * (nr - er) / er)) 146 ((-10 <= nr_pct && nr_pct <= 10)) 147 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%." 148 149 log_test "$test_name" 150 151 { kill %% && wait %%; } 2>/dev/null 152 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 153 } 154 155 police_rx_test() 156 { 157 # Rule to police traffic destined to $h2 on ingress of $rp1 158 tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ 159 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 160 action police rate 10mbit burst 16k conform-exceed drop/ok 161 162 police_common_test "police on rx" 163 164 tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower 165 } 166 167 police_tx_test() 168 { 169 # Rule to police traffic destined to $h2 on egress of $rp2 170 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \ 171 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 172 action police rate 10mbit burst 16k conform-exceed drop/ok 173 174 police_common_test "police on tx" 175 176 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower 177 } 178 179 police_shared_common_test() 180 { 181 local dport=$1; shift 182 local test_name=$1; shift 183 184 RET=0 185 186 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \ 187 -t udp sp=12345,dp=$dport -p 1000 -c 0 -q & 188 189 local t0=$(tc_rule_stats_get $h2 1 ingress .bytes) 190 sleep 10 191 local t1=$(tc_rule_stats_get $h2 1 ingress .bytes) 192 193 local er=$((10 * 1000 * 1000)) 194 local nr=$(rate $t0 $t1 10) 195 local nr_pct=$((100 * (nr - er) / er)) 196 ((-10 <= nr_pct && nr_pct <= 10)) 197 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%." 198 199 log_test "$test_name" 200 201 { kill %% && wait %%; } 2>/dev/null 202 } 203 204 police_shared_test() 205 { 206 # Rule to measure bandwidth on ingress of $h2 207 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 208 dst_ip 198.51.100.1 ip_proto udp src_port 12345 \ 209 action drop 210 211 # Rule to police traffic destined to $h2 on ingress of $rp1 212 tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ 213 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 214 action police rate 10mbit burst 16k conform-exceed drop/ok \ 215 index 10 216 217 # Rule to police a different flow destined to $h2 on egress of $rp2 218 # using same policer 219 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \ 220 dst_ip 198.51.100.1 ip_proto udp dst_port 22222 \ 221 action police index 10 222 223 police_shared_common_test 54321 "police with shared policer - rx" 224 225 police_shared_common_test 22222 "police with shared policer - tx" 226 227 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower 228 tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower 229 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 230 } 231 232 police_mirror_common_test() 233 { 234 local pol_if=$1; shift 235 local dir=$1; shift 236 local test_name=$1; shift 237 238 RET=0 239 240 # Rule to measure bandwidth on ingress of $h2 241 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 242 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 243 action drop 244 245 # Rule to measure bandwidth of mirrored traffic on ingress of $h3 246 tc filter add dev $h3 ingress protocol ip pref 1 handle 101 flower \ 247 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 248 action drop 249 250 # Rule to police traffic destined to $h2 and mirror to $h3 251 tc filter add dev $pol_if $dir protocol ip pref 1 handle 101 flower \ 252 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 253 action police rate 10mbit burst 16k conform-exceed drop/pipe \ 254 action mirred egress mirror dev $rp3 255 256 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \ 257 -t udp sp=12345,dp=54321 -p 1000 -c 0 -q & 258 259 local t0=$(tc_rule_stats_get $h2 1 ingress .bytes) 260 sleep 10 261 local t1=$(tc_rule_stats_get $h2 1 ingress .bytes) 262 263 local er=$((10 * 1000 * 1000)) 264 local nr=$(rate $t0 $t1 10) 265 local nr_pct=$((100 * (nr - er) / er)) 266 ((-10 <= nr_pct && nr_pct <= 10)) 267 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%." 268 269 local t0=$(tc_rule_stats_get $h3 1 ingress .bytes) 270 sleep 10 271 local t1=$(tc_rule_stats_get $h3 1 ingress .bytes) 272 273 local er=$((10 * 1000 * 1000)) 274 local nr=$(rate $t0 $t1 10) 275 local nr_pct=$((100 * (nr - er) / er)) 276 ((-10 <= nr_pct && nr_pct <= 10)) 277 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%." 278 279 log_test "$test_name" 280 281 { kill %% && wait %%; } 2>/dev/null 282 tc filter del dev $pol_if $dir protocol ip pref 1 handle 101 flower 283 tc filter del dev $h3 ingress protocol ip pref 1 handle 101 flower 284 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 285 } 286 287 police_rx_mirror_test() 288 { 289 police_mirror_common_test $rp1 ingress "police rx and mirror" 290 } 291 292 police_tx_mirror_test() 293 { 294 police_mirror_common_test $rp2 egress "police tx and mirror" 295 } 296 297 police_pps_common_test() 298 { 299 local test_name=$1; shift 300 301 RET=0 302 303 # Rule to measure bandwidth on ingress of $h2 304 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 305 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 306 action drop 307 308 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \ 309 -t udp sp=12345,dp=54321 -p 1000 -c 0 -q & 310 311 local t0=$(tc_rule_stats_get $h2 1 ingress .packets) 312 sleep 10 313 local t1=$(tc_rule_stats_get $h2 1 ingress .packets) 314 315 local er=$((2000)) 316 local nr=$(packets_rate $t0 $t1 10) 317 local nr_pct=$((100 * (nr - er) / er)) 318 ((-10 <= nr_pct && nr_pct <= 10)) 319 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%." 320 321 log_test "$test_name" 322 323 { kill %% && wait %%; } 2>/dev/null 324 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 325 } 326 327 police_pps_rx_test() 328 { 329 # Rule to police traffic destined to $h2 on ingress of $rp1 330 tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ 331 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 332 action police pkts_rate 2000 pkts_burst 400 conform-exceed drop/ok 333 334 police_pps_common_test "police pps on rx" 335 336 tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower 337 } 338 339 police_pps_tx_test() 340 { 341 # Rule to police traffic destined to $h2 on egress of $rp2 342 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \ 343 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 344 action police pkts_rate 2000 pkts_burst 400 conform-exceed drop/ok 345 346 police_pps_common_test "police pps on tx" 347 348 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower 349 } 350 351 police_mtu_common_test() { 352 RET=0 353 354 local test_name=$1; shift 355 local dev=$1; shift 356 local direction=$1; shift 357 358 tc filter add dev $dev $direction protocol ip pref 1 handle 101 flower \ 359 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 360 action police mtu 1042 conform-exceed drop/ok 361 362 # to count "conform" packets 363 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \ 364 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \ 365 action drop 366 367 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \ 368 -t udp sp=12345,dp=54321 -p 1001 -c 10 -q 369 370 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \ 371 -t udp sp=12345,dp=54321 -p 1000 -c 3 -q 372 373 tc_check_packets "dev $dev $direction" 101 13 374 check_err $? "wrong packet counter" 375 376 # "exceed" packets 377 local overlimits_t0=$(tc_rule_stats_get ${dev} 1 ${direction} .overlimits) 378 test ${overlimits_t0} = 10 379 check_err $? "wrong overlimits, expected 10 got ${overlimits_t0}" 380 381 # "conform" packets 382 tc_check_packets "dev $h2 ingress" 101 3 383 check_err $? "forwarding error" 384 385 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower 386 tc filter del dev $dev $direction protocol ip pref 1 handle 101 flower 387 388 log_test "$test_name" 389 } 390 391 police_mtu_rx_test() 392 { 393 police_mtu_common_test "police mtu (rx)" $rp1 ingress 394 } 395 396 police_mtu_tx_test() 397 { 398 police_mtu_common_test "police mtu (tx)" $rp2 egress 399 } 400 401 setup_prepare() 402 { 403 h1=${NETIFS[p1]} 404 rp1=${NETIFS[p2]} 405 406 rp2=${NETIFS[p3]} 407 h2=${NETIFS[p4]} 408 409 rp3=${NETIFS[p5]} 410 h3=${NETIFS[p6]} 411 412 vrf_prepare 413 forwarding_enable 414 415 h1_create 416 h2_create 417 h3_create 418 router_create 419 } 420 421 cleanup() 422 { 423 pre_cleanup 424 425 router_destroy 426 h3_destroy 427 h2_destroy 428 h1_destroy 429 430 forwarding_restore 431 vrf_cleanup 432 } 433 434 trap cleanup EXIT 435 436 setup_prepare 437 setup_wait 438 439 tests_run 440 441 exit $EXIT_STATUS

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/tools/testing/selftests/net/forwarding/tc_police.sh

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/net/forwarding/tc_police.sh