1d67a94e8SPetr Machata#!/bin/bash 2d67a94e8SPetr Machata# SPDX-License-Identifier: GPL-2.0 3d67a94e8SPetr Machata 4d67a94e8SPetr Machata# Test for resource limit of offloaded flower rules. The test adds a given 5d67a94e8SPetr Machata# number of flower matches for different IPv6 addresses, then generates traffic, 6d67a94e8SPetr Machata# and ensures each was hit exactly once. This file contains functions to set up 7d67a94e8SPetr Machata# a testing topology and run the test, and is meant to be sourced from a test 8d67a94e8SPetr Machata# script that calls the testing routine with a given number of rules. 9d67a94e8SPetr Machata 10d67a94e8SPetr MachataTC_FLOWER_NUM_NETIFS=2 11d67a94e8SPetr Machata 12d67a94e8SPetr Machatatc_flower_h1_create() 13d67a94e8SPetr Machata{ 14d67a94e8SPetr Machata simple_if_init $h1 15d67a94e8SPetr Machata tc qdisc add dev $h1 clsact 16d67a94e8SPetr Machata} 17d67a94e8SPetr Machata 18d67a94e8SPetr Machatatc_flower_h1_destroy() 19d67a94e8SPetr Machata{ 20d67a94e8SPetr Machata tc qdisc del dev $h1 clsact 21d67a94e8SPetr Machata simple_if_fini $h1 22d67a94e8SPetr Machata} 23d67a94e8SPetr Machata 24d67a94e8SPetr Machatatc_flower_h2_create() 25d67a94e8SPetr Machata{ 26d67a94e8SPetr Machata simple_if_init $h2 27d67a94e8SPetr Machata tc qdisc add dev $h2 clsact 28d67a94e8SPetr Machata} 29d67a94e8SPetr Machata 30d67a94e8SPetr Machatatc_flower_h2_destroy() 31d67a94e8SPetr Machata{ 32d67a94e8SPetr Machata tc qdisc del dev $h2 clsact 33d67a94e8SPetr Machata simple_if_fini $h2 34d67a94e8SPetr Machata} 35d67a94e8SPetr Machata 36d67a94e8SPetr Machatatc_flower_setup_prepare() 37d67a94e8SPetr Machata{ 38d67a94e8SPetr Machata h1=${NETIFS[p1]} 39d67a94e8SPetr Machata h2=${NETIFS[p2]} 40d67a94e8SPetr Machata 41d67a94e8SPetr Machata vrf_prepare 42d67a94e8SPetr Machata 43d67a94e8SPetr Machata tc_flower_h1_create 44d67a94e8SPetr Machata tc_flower_h2_create 45d67a94e8SPetr Machata} 46d67a94e8SPetr Machata 47d67a94e8SPetr Machatatc_flower_cleanup() 48d67a94e8SPetr Machata{ 49d67a94e8SPetr Machata pre_cleanup 50d67a94e8SPetr Machata 51d67a94e8SPetr Machata tc_flower_h2_destroy 52d67a94e8SPetr Machata tc_flower_h1_destroy 53d67a94e8SPetr Machata 54d67a94e8SPetr Machata vrf_cleanup 55d67a94e8SPetr Machata 56d67a94e8SPetr Machata if [[ -v TC_FLOWER_BATCH_FILE ]]; then 57d67a94e8SPetr Machata rm -f $TC_FLOWER_BATCH_FILE 58d67a94e8SPetr Machata fi 59d67a94e8SPetr Machata} 60d67a94e8SPetr Machata 61d67a94e8SPetr Machatatc_flower_addr() 62d67a94e8SPetr Machata{ 63d67a94e8SPetr Machata local num=$1; shift 64d67a94e8SPetr Machata 65d67a94e8SPetr Machata printf "2001:db8:1::%x" $num 66d67a94e8SPetr Machata} 67d67a94e8SPetr Machata 68d67a94e8SPetr Machatatc_flower_rules_create() 69d67a94e8SPetr Machata{ 70d67a94e8SPetr Machata local count=$1; shift 71d67a94e8SPetr Machata local should_fail=$1; shift 72d67a94e8SPetr Machata 73d67a94e8SPetr Machata TC_FLOWER_BATCH_FILE="$(mktemp)" 74d67a94e8SPetr Machata 75d67a94e8SPetr Machata for ((i = 0; i < count; ++i)); do 76d67a94e8SPetr Machata cat >> $TC_FLOWER_BATCH_FILE <<-EOF 77d67a94e8SPetr Machata filter add dev $h2 ingress \ 78d67a94e8SPetr Machata prot ipv6 \ 79d67a94e8SPetr Machata pref 1000 \ 80d67a94e8SPetr Machata flower $tcflags dst_ip $(tc_flower_addr $i) \ 81d67a94e8SPetr Machata action drop 82d67a94e8SPetr Machata EOF 83d67a94e8SPetr Machata done 84d67a94e8SPetr Machata 85d67a94e8SPetr Machata tc -b $TC_FLOWER_BATCH_FILE 86d67a94e8SPetr Machata check_err_fail $should_fail $? "Rule insertion" 87d67a94e8SPetr Machata} 88d67a94e8SPetr Machata 89d67a94e8SPetr Machata__tc_flower_test() 90d67a94e8SPetr Machata{ 91d67a94e8SPetr Machata local count=$1; shift 92d67a94e8SPetr Machata local should_fail=$1; shift 93d67a94e8SPetr Machata local last=$((count - 1)) 94d67a94e8SPetr Machata 95d67a94e8SPetr Machata tc_flower_rules_create $count $should_fail 96d67a94e8SPetr Machata 97d67a94e8SPetr Machata for ((i = 0; i < count; ++i)); do 98d67a94e8SPetr Machata $MZ $h1 -q -c 1 -t ip -p 20 -b bc -6 \ 99d67a94e8SPetr Machata -A 2001:db8:2::1 \ 100d67a94e8SPetr Machata -B $(tc_flower_addr $i) 101d67a94e8SPetr Machata done 102d67a94e8SPetr Machata 103d67a94e8SPetr Machata MISMATCHES=$( 104d67a94e8SPetr Machata tc -j -s filter show dev $h2 ingress | 105d67a94e8SPetr Machata jq -r '[ .[] | select(.kind == "flower") | .options | 106d67a94e8SPetr Machata values as $rule | .actions[].stats.packets | 107d67a94e8SPetr Machata select(. != 1) | "\(.) on \($rule.keys.dst_ip)" ] | 108d67a94e8SPetr Machata join(", ")' 109d67a94e8SPetr Machata ) 110d67a94e8SPetr Machata 111d67a94e8SPetr Machata test -z "$MISMATCHES" 112d67a94e8SPetr Machata check_err $? "Expected to capture 1 packet for each IP, but got $MISMATCHES" 113d67a94e8SPetr Machata} 114d67a94e8SPetr Machata 115d67a94e8SPetr Machatatc_flower_test() 116d67a94e8SPetr Machata{ 117d67a94e8SPetr Machata local count=$1; shift 118d67a94e8SPetr Machata local should_fail=$1; shift 119d67a94e8SPetr Machata 120d67a94e8SPetr Machata # We use lower 16 bits of IPv6 address for match. Also there are only 16 121d67a94e8SPetr Machata # bits of rule priority space. 122d67a94e8SPetr Machata if ((count > 65536)); then 123d67a94e8SPetr Machata check_err 1 "Invalid count of $count. At most 65536 rules supported" 124d67a94e8SPetr Machata return 125d67a94e8SPetr Machata fi 126d67a94e8SPetr Machata 127d67a94e8SPetr Machata if ! tc_offload_check $TC_FLOWER_NUM_NETIFS; then 128d67a94e8SPetr Machata check_err 1 "Could not test offloaded functionality" 129d67a94e8SPetr Machata return 130d67a94e8SPetr Machata fi 131d67a94e8SPetr Machata 132d67a94e8SPetr Machata tcflags="skip_sw" 133d67a94e8SPetr Machata __tc_flower_test $count $should_fail 134d67a94e8SPetr Machata} 135