135 lines
2.6 KiB
Bash
135 lines
2.6 KiB
Bash
#!/bin/bash
|
|
# SPDX-License-Identifier: GPL-2.0
|
|
|
|
# Test for resource limit of offloaded flower rules. The test adds a given
|
|
# number of flower matches for different IPv6 addresses, then generates traffic,
|
|
# and ensures each was hit exactly once. This file contains functions to set up
|
|
# a testing topology and run the test, and is meant to be sourced from a test
|
|
# script that calls the testing routine with a given number of rules.
|
|
|
|
TC_FLOWER_NUM_NETIFS=2
|
|
|
|
tc_flower_h1_create()
|
|
{
|
|
simple_if_init $h1
|
|
tc qdisc add dev $h1 clsact
|
|
}
|
|
|
|
tc_flower_h1_destroy()
|
|
{
|
|
tc qdisc del dev $h1 clsact
|
|
simple_if_fini $h1
|
|
}
|
|
|
|
tc_flower_h2_create()
|
|
{
|
|
simple_if_init $h2
|
|
tc qdisc add dev $h2 clsact
|
|
}
|
|
|
|
tc_flower_h2_destroy()
|
|
{
|
|
tc qdisc del dev $h2 clsact
|
|
simple_if_fini $h2
|
|
}
|
|
|
|
tc_flower_setup_prepare()
|
|
{
|
|
h1=${NETIFS[p1]}
|
|
h2=${NETIFS[p2]}
|
|
|
|
vrf_prepare
|
|
|
|
tc_flower_h1_create
|
|
tc_flower_h2_create
|
|
}
|
|
|
|
tc_flower_cleanup()
|
|
{
|
|
pre_cleanup
|
|
|
|
tc_flower_h2_destroy
|
|
tc_flower_h1_destroy
|
|
|
|
vrf_cleanup
|
|
|
|
if [[ -v TC_FLOWER_BATCH_FILE ]]; then
|
|
rm -f $TC_FLOWER_BATCH_FILE
|
|
fi
|
|
}
|
|
|
|
tc_flower_addr()
|
|
{
|
|
local num=$1; shift
|
|
|
|
printf "2001:db8:1::%x" $num
|
|
}
|
|
|
|
tc_flower_rules_create()
|
|
{
|
|
local count=$1; shift
|
|
local should_fail=$1; shift
|
|
|
|
TC_FLOWER_BATCH_FILE="$(mktemp)"
|
|
|
|
for ((i = 0; i < count; ++i)); do
|
|
cat >> $TC_FLOWER_BATCH_FILE <<-EOF
|
|
filter add dev $h2 ingress \
|
|
prot ipv6 \
|
|
pref 1000 \
|
|
flower $tcflags dst_ip $(tc_flower_addr $i) \
|
|
action drop
|
|
EOF
|
|
done
|
|
|
|
tc -b $TC_FLOWER_BATCH_FILE
|
|
check_err_fail $should_fail $? "Rule insertion"
|
|
}
|
|
|
|
__tc_flower_test()
|
|
{
|
|
local count=$1; shift
|
|
local should_fail=$1; shift
|
|
local last=$((count - 1))
|
|
|
|
tc_flower_rules_create $count $should_fail
|
|
|
|
for ((i = 0; i < count; ++i)); do
|
|
$MZ $h1 -q -c 1 -t ip -p 20 -b bc -6 \
|
|
-A 2001:db8:2::1 \
|
|
-B $(tc_flower_addr $i)
|
|
done
|
|
|
|
MISMATCHES=$(
|
|
tc -j -s filter show dev $h2 ingress |
|
|
jq -r '[ .[] | select(.kind == "flower") | .options |
|
|
values as $rule | .actions[].stats.packets |
|
|
select(. != 1) | "\(.) on \($rule.keys.dst_ip)" ] |
|
|
join(", ")'
|
|
)
|
|
|
|
test -z "$MISMATCHES"
|
|
check_err $? "Expected to capture 1 packet for each IP, but got $MISMATCHES"
|
|
}
|
|
|
|
tc_flower_test()
|
|
{
|
|
local count=$1; shift
|
|
local should_fail=$1; shift
|
|
|
|
# We use lower 16 bits of IPv6 address for match. Also there are only 16
|
|
# bits of rule priority space.
|
|
if ((count > 65536)); then
|
|
check_err 1 "Invalid count of $count. At most 65536 rules supported"
|
|
return
|
|
fi
|
|
|
|
if ! tc_offload_check $TC_FLOWER_NUM_NETIFS; then
|
|
check_err 1 "Could not test offloaded functionality"
|
|
return
|
|
fi
|
|
|
|
tcflags="skip_sw"
|
|
__tc_flower_test $count $should_fail
|
|
}
|