selftests: forwarding: Add tc-police tests
Test tc-police action in various scenarios such as Rx policing, Tx policing, shared policer and police piped to mirred. The test passes with both veth pairs and loopbacked ports. # ./tc_police.sh TEST: police on rx [ OK ] TEST: police on tx [ OK ] TEST: police with shared policer - rx [ OK ] TEST: police with shared policer - tx [ OK ] TEST: police rx and mirror [ OK ] TEST: police tx and mirror [ OK ] Signed-off-by: Ido Schimmel <idosch@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
parent
af11e818a7
commit
afe231d32e
333
tools/testing/selftests/net/forwarding/tc_police.sh
Executable file
333
tools/testing/selftests/net/forwarding/tc_police.sh
Executable file
@ -0,0 +1,333 @@
|
||||
#!/bin/bash
|
||||
# SPDX-License-Identifier: GPL-2.0
|
||||
#
|
||||
# Test tc-police action.
|
||||
#
|
||||
# +---------------------------------+
|
||||
# | H1 (vrf) |
|
||||
# | + $h1 |
|
||||
# | | 192.0.2.1/24 |
|
||||
# | | |
|
||||
# | | default via 192.0.2.2 |
|
||||
# +----|----------------------------+
|
||||
# |
|
||||
# +----|----------------------------------------------------------------------+
|
||||
# | SW | |
|
||||
# | + $rp1 |
|
||||
# | 192.0.2.2/24 |
|
||||
# | |
|
||||
# | 198.51.100.2/24 203.0.113.2/24 |
|
||||
# | + $rp2 + $rp3 |
|
||||
# | | | |
|
||||
# +----|-----------------------------------------|----------------------------+
|
||||
# | |
|
||||
# +----|----------------------------+ +----|----------------------------+
|
||||
# | | default via 198.51.100.2 | | | default via 203.0.113.2 |
|
||||
# | | | | | |
|
||||
# | | 198.51.100.1/24 | | | 203.0.113.1/24 |
|
||||
# | + $h2 | | + $h3 |
|
||||
# | H2 (vrf) | | H3 (vrf) |
|
||||
# +---------------------------------+ +---------------------------------+
|
||||
|
||||
ALL_TESTS="
|
||||
police_rx_test
|
||||
police_tx_test
|
||||
police_shared_test
|
||||
police_rx_mirror_test
|
||||
police_tx_mirror_test
|
||||
"
|
||||
NUM_NETIFS=6
|
||||
source tc_common.sh
|
||||
source lib.sh
|
||||
|
||||
h1_create()
|
||||
{
|
||||
simple_if_init $h1 192.0.2.1/24
|
||||
|
||||
ip -4 route add default vrf v$h1 nexthop via 192.0.2.2
|
||||
}
|
||||
|
||||
h1_destroy()
|
||||
{
|
||||
ip -4 route del default vrf v$h1 nexthop via 192.0.2.2
|
||||
|
||||
simple_if_fini $h1 192.0.2.1/24
|
||||
}
|
||||
|
||||
h2_create()
|
||||
{
|
||||
simple_if_init $h2 198.51.100.1/24
|
||||
|
||||
ip -4 route add default vrf v$h2 nexthop via 198.51.100.2
|
||||
|
||||
tc qdisc add dev $h2 clsact
|
||||
}
|
||||
|
||||
h2_destroy()
|
||||
{
|
||||
tc qdisc del dev $h2 clsact
|
||||
|
||||
ip -4 route del default vrf v$h2 nexthop via 198.51.100.2
|
||||
|
||||
simple_if_fini $h2 198.51.100.1/24
|
||||
}
|
||||
|
||||
h3_create()
|
||||
{
|
||||
simple_if_init $h3 203.0.113.1/24
|
||||
|
||||
ip -4 route add default vrf v$h3 nexthop via 203.0.113.2
|
||||
|
||||
tc qdisc add dev $h3 clsact
|
||||
}
|
||||
|
||||
h3_destroy()
|
||||
{
|
||||
tc qdisc del dev $h3 clsact
|
||||
|
||||
ip -4 route del default vrf v$h3 nexthop via 203.0.113.2
|
||||
|
||||
simple_if_fini $h3 203.0.113.1/24
|
||||
}
|
||||
|
||||
router_create()
|
||||
{
|
||||
ip link set dev $rp1 up
|
||||
ip link set dev $rp2 up
|
||||
ip link set dev $rp3 up
|
||||
|
||||
__addr_add_del $rp1 add 192.0.2.2/24
|
||||
__addr_add_del $rp2 add 198.51.100.2/24
|
||||
__addr_add_del $rp3 add 203.0.113.2/24
|
||||
|
||||
tc qdisc add dev $rp1 clsact
|
||||
tc qdisc add dev $rp2 clsact
|
||||
}
|
||||
|
||||
router_destroy()
|
||||
{
|
||||
tc qdisc del dev $rp2 clsact
|
||||
tc qdisc del dev $rp1 clsact
|
||||
|
||||
__addr_add_del $rp3 del 203.0.113.2/24
|
||||
__addr_add_del $rp2 del 198.51.100.2/24
|
||||
__addr_add_del $rp1 del 192.0.2.2/24
|
||||
|
||||
ip link set dev $rp3 down
|
||||
ip link set dev $rp2 down
|
||||
ip link set dev $rp1 down
|
||||
}
|
||||
|
||||
police_common_test()
|
||||
{
|
||||
local test_name=$1; shift
|
||||
|
||||
RET=0
|
||||
|
||||
# Rule to measure bandwidth on ingress of $h2
|
||||
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
|
||||
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
|
||||
action drop
|
||||
|
||||
mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
|
||||
-t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
|
||||
|
||||
local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
|
||||
sleep 10
|
||||
local t1=$(tc_rule_stats_get $h2 1 ingress .bytes)
|
||||
|
||||
local er=$((80 * 1000 * 1000))
|
||||
local nr=$(rate $t0 $t1 10)
|
||||
local nr_pct=$((100 * (nr - er) / er))
|
||||
((-10 <= nr_pct && nr_pct <= 10))
|
||||
check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
|
||||
|
||||
log_test "$test_name"
|
||||
|
||||
{ kill %% && wait %%; } 2>/dev/null
|
||||
tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
|
||||
}
|
||||
|
||||
police_rx_test()
|
||||
{
|
||||
# Rule to police traffic destined to $h2 on ingress of $rp1
|
||||
tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
|
||||
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
|
||||
action police rate 80mbit burst 16k conform-exceed drop/ok
|
||||
|
||||
police_common_test "police on rx"
|
||||
|
||||
tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
|
||||
}
|
||||
|
||||
police_tx_test()
|
||||
{
|
||||
# Rule to police traffic destined to $h2 on egress of $rp2
|
||||
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \
|
||||
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
|
||||
action police rate 80mbit burst 16k conform-exceed drop/ok
|
||||
|
||||
police_common_test "police on tx"
|
||||
|
||||
tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
|
||||
}
|
||||
|
||||
police_shared_common_test()
|
||||
{
|
||||
local dport=$1; shift
|
||||
local test_name=$1; shift
|
||||
|
||||
RET=0
|
||||
|
||||
mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
|
||||
-t udp sp=12345,dp=$dport -p 1000 -c 0 -q &
|
||||
|
||||
local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
|
||||
sleep 10
|
||||
local t1=$(tc_rule_stats_get $h2 1 ingress .bytes)
|
||||
|
||||
local er=$((80 * 1000 * 1000))
|
||||
local nr=$(rate $t0 $t1 10)
|
||||
local nr_pct=$((100 * (nr - er) / er))
|
||||
((-10 <= nr_pct && nr_pct <= 10))
|
||||
check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
|
||||
|
||||
log_test "$test_name"
|
||||
|
||||
{ kill %% && wait %%; } 2>/dev/null
|
||||
}
|
||||
|
||||
police_shared_test()
|
||||
{
|
||||
# Rule to measure bandwidth on ingress of $h2
|
||||
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
|
||||
dst_ip 198.51.100.1 ip_proto udp src_port 12345 \
|
||||
action drop
|
||||
|
||||
# Rule to police traffic destined to $h2 on ingress of $rp1
|
||||
tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
|
||||
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
|
||||
action police rate 80mbit burst 16k conform-exceed drop/ok \
|
||||
index 10
|
||||
|
||||
# Rule to police a different flow destined to $h2 on egress of $rp2
|
||||
# using same policer
|
||||
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \
|
||||
dst_ip 198.51.100.1 ip_proto udp dst_port 22222 \
|
||||
action police index 10
|
||||
|
||||
police_shared_common_test 54321 "police with shared policer - rx"
|
||||
|
||||
police_shared_common_test 22222 "police with shared policer - tx"
|
||||
|
||||
tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
|
||||
tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
|
||||
tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
|
||||
}
|
||||
|
||||
police_mirror_common_test()
|
||||
{
|
||||
local pol_if=$1; shift
|
||||
local dir=$1; shift
|
||||
local test_name=$1; shift
|
||||
|
||||
RET=0
|
||||
|
||||
# Rule to measure bandwidth on ingress of $h2
|
||||
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
|
||||
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
|
||||
action drop
|
||||
|
||||
# Rule to measure bandwidth of mirrored traffic on ingress of $h3
|
||||
tc filter add dev $h3 ingress protocol ip pref 1 handle 101 flower \
|
||||
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
|
||||
action drop
|
||||
|
||||
# Rule to police traffic destined to $h2 and mirror to $h3
|
||||
tc filter add dev $pol_if $dir protocol ip pref 1 handle 101 flower \
|
||||
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
|
||||
action police rate 80mbit burst 16k conform-exceed drop/pipe \
|
||||
action mirred egress mirror dev $rp3
|
||||
|
||||
mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
|
||||
-t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
|
||||
|
||||
local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
|
||||
sleep 10
|
||||
local t1=$(tc_rule_stats_get $h2 1 ingress .bytes)
|
||||
|
||||
local er=$((80 * 1000 * 1000))
|
||||
local nr=$(rate $t0 $t1 10)
|
||||
local nr_pct=$((100 * (nr - er) / er))
|
||||
((-10 <= nr_pct && nr_pct <= 10))
|
||||
check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
|
||||
|
||||
local t0=$(tc_rule_stats_get $h3 1 ingress .bytes)
|
||||
sleep 10
|
||||
local t1=$(tc_rule_stats_get $h3 1 ingress .bytes)
|
||||
|
||||
local er=$((80 * 1000 * 1000))
|
||||
local nr=$(rate $t0 $t1 10)
|
||||
local nr_pct=$((100 * (nr - er) / er))
|
||||
((-10 <= nr_pct && nr_pct <= 10))
|
||||
check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
|
||||
|
||||
log_test "$test_name"
|
||||
|
||||
{ kill %% && wait %%; } 2>/dev/null
|
||||
tc filter del dev $pol_if $dir protocol ip pref 1 handle 101 flower
|
||||
tc filter del dev $h3 ingress protocol ip pref 1 handle 101 flower
|
||||
tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
|
||||
}
|
||||
|
||||
police_rx_mirror_test()
|
||||
{
|
||||
police_mirror_common_test $rp1 ingress "police rx and mirror"
|
||||
}
|
||||
|
||||
police_tx_mirror_test()
|
||||
{
|
||||
police_mirror_common_test $rp2 egress "police tx and mirror"
|
||||
}
|
||||
|
||||
setup_prepare()
|
||||
{
|
||||
h1=${NETIFS[p1]}
|
||||
rp1=${NETIFS[p2]}
|
||||
|
||||
rp2=${NETIFS[p3]}
|
||||
h2=${NETIFS[p4]}
|
||||
|
||||
rp3=${NETIFS[p5]}
|
||||
h3=${NETIFS[p6]}
|
||||
|
||||
vrf_prepare
|
||||
forwarding_enable
|
||||
|
||||
h1_create
|
||||
h2_create
|
||||
h3_create
|
||||
router_create
|
||||
}
|
||||
|
||||
cleanup()
|
||||
{
|
||||
pre_cleanup
|
||||
|
||||
router_destroy
|
||||
h3_destroy
|
||||
h2_destroy
|
||||
h1_destroy
|
||||
|
||||
forwarding_restore
|
||||
vrf_cleanup
|
||||
}
|
||||
|
||||
trap cleanup EXIT
|
||||
|
||||
setup_prepare
|
||||
setup_wait
|
||||
|
||||
tests_run
|
||||
|
||||
exit $EXIT_STATUS
|
Loading…
x
Reference in New Issue
Block a user