staging: rtl8192u: remove redundant assignment to pointer crypt

[linux/fpc-iii.git] / tools / testing / selftests / drivers / net / mlxsw / spectrum-2 / tc_flower.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0

# This test is for checking the A-TCAM and C-TCAM operation in Spectrum-2.
# It tries to exercise as many code paths in the eRP state machine as
# possible.

lib_dir=$(dirname $0)/../../../../net/forwarding

ALL_TESTS="single_mask_test identical_filters_test two_masks_test \
        multiple_masks_test ctcam_edge_cases_test delta_simple_test \
        delta_two_masks_one_key_test delta_simple_rehash_test \
        bloom_simple_test bloom_complex_test bloom_delta_test"
NUM_NETIFS=2
source $lib_dir/lib.sh
source $lib_dir/tc_common.sh
source $lib_dir/devlink_lib.sh

tcflags="skip_hw"

h1_create()
{
        simple_if_init $h1 192.0.2.1/24 198.51.100.1/24
}

h1_destroy()
{
        simple_if_fini $h1 192.0.2.1/24 198.51.100.1/24
}

h2_create()
{
        simple_if_init $h2 192.0.2.2/24 198.51.100.2/24
        tc qdisc add dev $h2 clsact
}

h2_destroy()
{
        tc qdisc del dev $h2 clsact
        simple_if_fini $h2 192.0.2.2/24 198.51.100.2/24
}

tp_record()
{
        local tracepoint=$1
        local cmd=$2

        perf record -q -e $tracepoint $cmd
        return $?
}

tp_record_all()
{
        local tracepoint=$1
        local seconds=$2

        perf record -a -q -e $tracepoint sleep $seconds
        return $?
}

__tp_hit_count()
{
        local tracepoint=$1

        local perf_output=`perf script -F trace:event,trace`
        return `echo $perf_output | grep "$tracepoint:" | wc -l`
}

tp_check_hits()
{
        local tracepoint=$1
        local count=$2

        __tp_hit_count $tracepoint
        if [[ "$?" -ne "$count" ]]; then
                return 1
        fi
        return 0
}

tp_check_hits_any()
{
        local tracepoint=$1

        __tp_hit_count $tracepoint
        if [[ "$?" -eq "0" ]]; then
                return 1
        fi
        return 0
}

single_mask_test()
{
        # When only a single mask is required, the device uses the master
        # mask and not the eRP table. Verify that under this mode the right
        # filter is matched

        RET=0

        tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
                $tcflags dst_ip 192.0.2.2 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_err $? "Single filter - did not match"

        tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
                $tcflags dst_ip 198.51.100.2 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 2
        check_err $? "Two filters - did not match highest priority"

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 198.51.100.1 -B 198.51.100.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Two filters - did not match lowest priority"

        tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 198.51.100.1 -B 198.51.100.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 2
        check_err $? "Single filter - did not match after delete"

        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower

        log_test "single mask test ($tcflags)"
}

identical_filters_test()
{
        # When two filters that only differ in their priority are used,
        # one needs to be inserted into the C-TCAM. This test verifies
        # that filters are correctly spilled to C-TCAM and that the right
        # filter is matched

        RET=0

        tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
                $tcflags dst_ip 192.0.2.2 action drop
        tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
                $tcflags dst_ip 192.0.2.2 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_err $? "Did not match A-TCAM filter"

        tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Did not match C-TCAM filter after A-TCAM delete"

        tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
                $tcflags dst_ip 192.0.2.2 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 2
        check_err $? "Did not match C-TCAM filter after A-TCAM add"

        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 103 1
        check_err $? "Did not match A-TCAM filter after C-TCAM delete"

        tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower

        log_test "identical filters test ($tcflags)"
}

two_masks_test()
{
        # When more than one mask is required, the eRP table is used. This
        # test verifies that the eRP table is correctly allocated and used

        RET=0

        tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
                $tcflags dst_ip 192.0.2.2 action drop
        tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
                $tcflags dst_ip 192.0.0.0/8 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_err $? "Two filters - did not match highest priority"

        tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 103 1
        check_err $? "Single filter - did not match"

        tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
                $tcflags dst_ip 192.0.2.0/24 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Two filters - did not match highest priority after add"

        tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower

        log_test "two masks test ($tcflags)"
}

multiple_masks_test()
{
        # The number of masks in a region is limited. Once the maximum
        # number of masks has been reached filters that require new
        # masks are spilled to the C-TCAM. This test verifies that
        # spillage is performed correctly and that the right filter is
        # matched

        if [[ "$tcflags" != "skip_sw" ]]; then
                return 0;
        fi

        local index

        RET=0

        NUM_MASKS=32
        NUM_ERPS=16
        BASE_INDEX=100

        for i in $(eval echo {1..$NUM_MASKS}); do
                index=$((BASE_INDEX - i))

                if ((i > NUM_ERPS)); then
                        exp_hits=1
                        err_msg="$i filters - C-TCAM spill did not happen when it was expected"
                else
                        exp_hits=0
                        err_msg="$i filters - C-TCAM spill happened when it should not"
                fi

                tp_record "mlxsw:mlxsw_sp_acl_atcam_entry_add_ctcam_spill" \
                        "tc filter add dev $h2 ingress protocol ip pref $index \
                                handle $index \
                                flower $tcflags \
                                dst_ip 192.0.2.2/${i} src_ip 192.0.2.1/${i} \
                                action drop"
                tp_check_hits "mlxsw:mlxsw_sp_acl_atcam_entry_add_ctcam_spill" \
                                $exp_hits
                check_err $? "$err_msg"

                $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 \
                        -B 192.0.2.2 -t ip -q

                tc_check_packets "dev $h2 ingress" $index 1
                check_err $? "$i filters - did not match highest priority (add)"
        done

        for i in $(eval echo {$NUM_MASKS..1}); do
                index=$((BASE_INDEX - i))

                $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 \
                        -B 192.0.2.2 -t ip -q

                tc_check_packets "dev $h2 ingress" $index 2
                check_err $? "$i filters - did not match highest priority (del)"

                tc filter del dev $h2 ingress protocol ip pref $index \
                        handle $index flower
        done

        log_test "multiple masks test ($tcflags)"
}

ctcam_two_atcam_masks_test()
{
        RET=0

        # First case: C-TCAM is disabled when there are two A-TCAM masks.
        # We push a filter into the C-TCAM by using two identical filters
        # as in identical_filters_test()

        # Filter goes into A-TCAM
        tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
                $tcflags dst_ip 192.0.2.2 action drop
        # Filter goes into C-TCAM
        tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
                $tcflags dst_ip 192.0.2.2 action drop
        # Filter goes into A-TCAM
        tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
                $tcflags dst_ip 192.0.0.0/16 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_err $? "Did not match A-TCAM filter"

        # Delete both A-TCAM and C-TCAM filters and make sure the remaining
        # A-TCAM filter still works
        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
        tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 103 1
        check_err $? "Did not match A-TCAM filter"

        tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower

        log_test "ctcam with two atcam masks test ($tcflags)"
}

ctcam_one_atcam_mask_test()
{
        RET=0

        # Second case: C-TCAM is disabled when there is one A-TCAM mask.
        # The test is similar to identical_filters_test()

        # Filter goes into A-TCAM
        tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
                $tcflags dst_ip 192.0.2.2 action drop
        # Filter goes into C-TCAM
        tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
                $tcflags dst_ip 192.0.2.2 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_err $? "Did not match C-TCAM filter"

        tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Did not match A-TCAM filter"

        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower

        log_test "ctcam with one atcam mask test ($tcflags)"
}

ctcam_no_atcam_masks_test()
{
        RET=0

        # Third case: C-TCAM is disabled when there are no A-TCAM masks
        # This test exercises the code path that transitions the eRP table
        # to its initial state after deleting the last C-TCAM mask

        # Filter goes into A-TCAM
        tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
                $tcflags dst_ip 192.0.2.2 action drop
        # Filter goes into C-TCAM
        tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
                $tcflags dst_ip 192.0.2.2 action drop

        tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower

        log_test "ctcam with no atcam masks test ($tcflags)"
}

ctcam_edge_cases_test()
{
        # When the C-TCAM is disabled after deleting the last C-TCAM
        # mask, we want to make sure the eRP state machine is put in
        # the correct state

        ctcam_two_atcam_masks_test
        ctcam_one_atcam_mask_test
        ctcam_no_atcam_masks_test
}

delta_simple_test()
{
        # The first filter will create eRP, the second filter will fit into
        # the first eRP with delta. Remove the first rule then and check that
        # the eRP stays (referenced by the second filter).

        RET=0

        if [[ "$tcflags" != "skip_sw" ]]; then
                return 0;
        fi

        tp_record "objagg:*" "tc filter add dev $h2 ingress protocol ip \
                   pref 1 handle 101 flower $tcflags dst_ip 192.0.0.0/24 \
                   action drop"
        tp_check_hits "objagg:objagg_obj_root_create" 1
        check_err $? "eRP was not created"

        tp_record "objagg:*" "tc filter add dev $h2 ingress protocol ip \
                   pref 2 handle 102 flower $tcflags dst_ip 192.0.2.2 \
                   action drop"
        tp_check_hits "objagg:objagg_obj_root_create" 0
        check_err $? "eRP was incorrectly created"
        tp_check_hits "objagg:objagg_obj_parent_assign" 1
        check_err $? "delta was not created"

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_fail $? "Matched a wrong filter"

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Did not match on correct filter"

        tp_record "objagg:*" "tc filter del dev $h2 ingress protocol ip \
                   pref 1 handle 101 flower"
        tp_check_hits "objagg:objagg_obj_root_destroy" 0
        check_err $? "eRP was incorrectly destroyed"
        tp_check_hits "objagg:objagg_obj_parent_unassign" 0
        check_err $? "delta was incorrectly destroyed"

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 2
        check_err $? "Did not match on correct filter after the first was removed"

        tp_record "objagg:*" "tc filter del dev $h2 ingress protocol ip \
                   pref 2 handle 102 flower"
        tp_check_hits "objagg:objagg_obj_parent_unassign" 1
        check_err $? "delta was not destroyed"
        tp_check_hits "objagg:objagg_obj_root_destroy" 1
        check_err $? "eRP was not destroyed"

        log_test "delta simple test ($tcflags)"
}

delta_two_masks_one_key_test()
{
        # If 2 keys are the same and only differ in mask in a way that
        # they belong under the same ERP (second is delta of the first),
        # there should be no C-TCAM spill.

        RET=0

        if [[ "$tcflags" != "skip_sw" ]]; then
                return 0;
        fi

        tp_record "mlxsw:*" "tc filter add dev $h2 ingress protocol ip \
                   pref 1 handle 101 flower $tcflags dst_ip 192.0.2.0/24 \
                   action drop"
        tp_check_hits "mlxsw:mlxsw_sp_acl_atcam_entry_add_ctcam_spill" 0
        check_err $? "incorrect C-TCAM spill while inserting the first rule"

        tp_record "mlxsw:*" "tc filter add dev $h2 ingress protocol ip \
                   pref 2 handle 102 flower $tcflags dst_ip 192.0.2.2 \
                   action drop"
        tp_check_hits "mlxsw:mlxsw_sp_acl_atcam_entry_add_ctcam_spill" 0
        check_err $? "incorrect C-TCAM spill while inserting the second rule"

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_err $? "Did not match on correct filter"

        tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Did not match on correct filter"

        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower

        log_test "delta two masks one key test ($tcflags)"
}

delta_simple_rehash_test()
{
        RET=0

        if [[ "$tcflags" != "skip_sw" ]]; then
                return 0;
        fi

        devlink dev param set $DEVLINK_DEV \
                name acl_region_rehash_interval cmode runtime value 0
        check_err $? "Failed to set ACL region rehash interval"

        tp_record_all mlxsw:mlxsw_sp_acl_tcam_vregion_rehash 7
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
        check_fail $? "Rehash trace was hit even when rehash should be disabled"

        devlink dev param set $DEVLINK_DEV \
                name acl_region_rehash_interval cmode runtime value 3000
        check_err $? "Failed to set ACL region rehash interval"

        sleep 1

        tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
                $tcflags dst_ip 192.0.1.0/25 action drop
        tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
                $tcflags dst_ip 192.0.2.2 action drop
        tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
                $tcflags dst_ip 192.0.3.0/24 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_fail $? "Matched a wrong filter"

        tc_check_packets "dev $h2 ingress" 103 1
        check_fail $? "Matched a wrong filter"

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Did not match on correct filter"

        tp_record_all mlxsw:* 3
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
        check_err $? "Rehash trace was not hit"
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate
        check_err $? "Migrate trace was not hit"
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate_end
        check_err $? "Migrate end trace was not hit"
        tp_record_all mlxsw:* 3
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
        check_err $? "Rehash trace was not hit"
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate
        check_fail $? "Migrate trace was hit when no migration should happen"
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate_end
        check_fail $? "Migrate end trace was hit when no migration should happen"

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_fail $? "Matched a wrong filter after rehash"

        tc_check_packets "dev $h2 ingress" 103 1
        check_fail $? "Matched a wrong filter after rehash"

        tc_check_packets "dev $h2 ingress" 102 2
        check_err $? "Did not match on correct filter after rehash"

        tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
        tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower

        log_test "delta simple rehash test ($tcflags)"
}

delta_simple_ipv6_rehash_test()
{
        RET=0

        if [[ "$tcflags" != "skip_sw" ]]; then
                return 0;
        fi

        devlink dev param set $DEVLINK_DEV \
                name acl_region_rehash_interval cmode runtime value 0
        check_err $? "Failed to set ACL region rehash interval"

        tp_record_all mlxsw:mlxsw_sp_acl_tcam_vregion_rehash 7
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
        check_fail $? "Rehash trace was hit even when rehash should be disabled"

        devlink dev param set $DEVLINK_DEV \
                name acl_region_rehash_interval cmode runtime value 3000
        check_err $? "Failed to set ACL region rehash interval"

        sleep 1

        tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 101 flower \
                $tcflags dst_ip 2001:db8:1::0/121 action drop
        tc filter add dev $h2 ingress protocol ipv6 pref 2 handle 102 flower \
                $tcflags dst_ip 2001:db8:2::2 action drop
        tc filter add dev $h2 ingress protocol ipv6 pref 3 handle 103 flower \
                $tcflags dst_ip 2001:db8:3::0/120 action drop

        $MZ $h1 -6 -c 1 -p 64 -a $h1mac -b $h2mac \
                -A 2001:db8:2::1 -B 2001:db8:2::2 -t udp -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_fail $? "Matched a wrong filter"

        tc_check_packets "dev $h2 ingress" 103 1
        check_fail $? "Matched a wrong filter"

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Did not match on correct filter"

        tp_record_all mlxsw:* 3
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
        check_err $? "Rehash trace was not hit"
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate
        check_err $? "Migrate trace was not hit"
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate_end
        check_err $? "Migrate end trace was not hit"
        tp_record_all mlxsw:* 3
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
        check_err $? "Rehash trace was not hit"
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate
        check_fail $? "Migrate trace was hit when no migration should happen"
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate_end
        check_fail $? "Migrate end trace was hit when no migration should happen"

        $MZ $h1 -6 -c 1 -p 64 -a $h1mac -b $h2mac \
                -A 2001:db8:2::1 -B 2001:db8:2::2 -t udp -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_fail $? "Matched a wrong filter after rehash"

        tc_check_packets "dev $h2 ingress" 103 1
        check_fail $? "Matched a wrong filter after rehash"

        tc_check_packets "dev $h2 ingress" 102 2
        check_err $? "Did not match on correct filter after rehash"

        tc filter del dev $h2 ingress protocol ipv6 pref 3 handle 103 flower
        tc filter del dev $h2 ingress protocol ipv6 pref 2 handle 102 flower
        tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 101 flower

        log_test "delta simple IPv6 rehash test ($tcflags)"
}

TEST_RULE_BASE=256
declare -a test_rules_inserted

test_rule_add()
{
        local iface=$1
        local tcflags=$2
        local index=$3

        if ! [ ${test_rules_inserted[$index]} ] ; then
                test_rules_inserted[$index]=false
        fi
        if ${test_rules_inserted[$index]} ; then
                return
        fi

        local number=$(( $index + $TEST_RULE_BASE ))
        printf -v hexnumber '%x' $number

        batch="${batch}filter add dev $iface ingress protocol ipv6 pref 1 \
                handle $number flower $tcflags \
                src_ip 2001:db8:1::$hexnumber action drop\n"
        test_rules_inserted[$index]=true
}

test_rule_del()
{
        local iface=$1
        local index=$2

        if ! [ ${test_rules_inserted[$index]} ] ; then
                test_rules_inserted[$index]=false
        fi
        if ! ${test_rules_inserted[$index]} ; then
                return
        fi

        local number=$(( $index + $TEST_RULE_BASE ))
        printf -v hexnumber '%x' $number

        batch="${batch}filter del dev $iface ingress protocol ipv6 pref 1 \
                handle $number flower\n"
        test_rules_inserted[$index]=false
}

test_rule_add_or_remove()
{
        local iface=$1
        local tcflags=$2
        local index=$3

        if ! [ ${test_rules_inserted[$index]} ] ; then
                test_rules_inserted[$index]=false
        fi
        if ${test_rules_inserted[$index]} ; then
                test_rule_del $iface $index
        else
                test_rule_add $iface $tcflags $index
        fi
}

test_rule_add_or_remove_random_batch()
{
        local iface=$1
        local tcflags=$2
        local total_count=$3
        local skip=0
        local count=0
        local MAXSKIP=20
        local MAXCOUNT=20

        for ((i=1;i<=total_count;i++)); do
                if (( $skip == 0 )) && (($count == 0)); then
                        ((skip=$RANDOM % $MAXSKIP + 1))
                        ((count=$RANDOM % $MAXCOUNT + 1))
                fi
                if (( $skip != 0 )); then
                        ((skip-=1))
                else
                        ((count-=1))
                        test_rule_add_or_remove $iface $tcflags $i
                fi
        done
}

delta_massive_ipv6_rehash_test()
{
        RET=0

        if [[ "$tcflags" != "skip_sw" ]]; then
                return 0;
        fi

        devlink dev param set $DEVLINK_DEV \
                name acl_region_rehash_interval cmode runtime value 0
        check_err $? "Failed to set ACL region rehash interval"

        tp_record_all mlxsw:mlxsw_sp_acl_tcam_vregion_rehash 7
        tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
        check_fail $? "Rehash trace was hit even when rehash should be disabled"

        RANDOM=4432897
        declare batch=""
        test_rule_add_or_remove_random_batch $h2 $tcflags 5000

        echo -n -e $batch | tc -b -

        declare batch=""
        test_rule_add_or_remove_random_batch $h2 $tcflags 5000

        devlink dev param set $DEVLINK_DEV \
                name acl_region_rehash_interval cmode runtime value 3000
        check_err $? "Failed to set ACL region rehash interval"

        sleep 1

        tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 101 flower \
                $tcflags dst_ip 2001:db8:1::0/121 action drop
        tc filter add dev $h2 ingress protocol ipv6 pref 2 handle 102 flower \
                $tcflags dst_ip 2001:db8:2::2 action drop
        tc filter add dev $h2 ingress protocol ipv6 pref 3 handle 103 flower \
                $tcflags dst_ip 2001:db8:3::0/120 action drop

        $MZ $h1 -6 -c 1 -p 64 -a $h1mac -b $h2mac \
                -A 2001:db8:2::1 -B 2001:db8:2::2 -t udp -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_fail $? "Matched a wrong filter"

        tc_check_packets "dev $h2 ingress" 103 1
        check_fail $? "Matched a wrong filter"

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Did not match on correct filter"

        echo -n -e $batch | tc -b -

        devlink dev param set $DEVLINK_DEV \
                name acl_region_rehash_interval cmode runtime value 0
        check_err $? "Failed to set ACL region rehash interval"

        $MZ $h1 -6 -c 1 -p 64 -a $h1mac -b $h2mac \
                -A 2001:db8:2::1 -B 2001:db8:2::2 -t udp -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_fail $? "Matched a wrong filter after rehash"

        tc_check_packets "dev $h2 ingress" 103 1
        check_fail $? "Matched a wrong filter after rehash"

        tc_check_packets "dev $h2 ingress" 102 2
        check_err $? "Did not match on correct filter after rehash"

        tc filter del dev $h2 ingress protocol ipv6 pref 3 handle 103 flower
        tc filter del dev $h2 ingress protocol ipv6 pref 2 handle 102 flower
        tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 101 flower

        declare batch=""
        for i in {1..5000}; do
                test_rule_del $h2 $tcflags $i
        done
        echo -e $batch | tc -b -

        log_test "delta massive IPv6 rehash test ($tcflags)"
}

bloom_simple_test()
{
        # Bloom filter requires that the eRP table is used. This test
        # verifies that Bloom filter is not harming correctness of ACLs.
        # First, make sure that eRP table is used and then set rule patterns
        # which are distant enough and will result skipping a lookup after
        # consulting the Bloom filter. Although some eRP lookups are skipped,
        # the correct filter should be hit.

        RET=0

        tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
                $tcflags dst_ip 192.0.2.2 action drop
        tc filter add dev $h2 ingress protocol ip pref 5 handle 104 flower \
                $tcflags dst_ip 198.51.100.2 action drop
        tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
                $tcflags dst_ip 192.0.0.0/8 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 101 1
        check_err $? "Two filters - did not match highest priority"

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 198.51.100.1 -B 198.51.100.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 104 1
        check_err $? "Single filter - did not match"

        tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 103 1
        check_err $? "Low prio filter - did not match"

        tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
                $tcflags dst_ip 198.0.0.0/8 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 198.51.100.1 -B 198.51.100.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Two filters - did not match highest priority after add"

        tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
        tc filter del dev $h2 ingress protocol ip pref 5 handle 104 flower

        log_test "bloom simple test ($tcflags)"
}

bloom_complex_test()
{
        # Bloom filter index computation is affected from region ID, eRP
        # ID and from the region key size. In order to excercise those parts
        # of the Bloom filter code, use a series of regions, each with a
        # different key size and send packet that should hit all of them.
        local index

        RET=0
        NUM_CHAINS=4
        BASE_INDEX=100

        # Create chain with up to 2 key blocks (ip_proto only)
        tc chain add dev $h2 ingress chain 1 protocol ip flower \
                ip_proto tcp &> /dev/null
        # Create chain with 2-4 key blocks (ip_proto, src MAC)
        tc chain add dev $h2 ingress chain 2 protocol ip flower \
                ip_proto tcp \
                src_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF &> /dev/null
        # Create chain with 4-8 key blocks (ip_proto, src & dst MAC, IPv4 dest)
        tc chain add dev $h2 ingress chain 3 protocol ip flower \
                ip_proto tcp \
                dst_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF \
                src_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF \
                dst_ip 0.0.0.0/32 &> /dev/null
        # Default chain contains all fields and therefore is 8-12 key blocks
        tc chain add dev $h2 ingress chain 4

        # We need at least 2 rules in every region to have eRP table active
        # so create a dummy rule per chain using a different pattern
        for i in $(eval echo {0..$NUM_CHAINS}); do
                index=$((BASE_INDEX - 1 - i))
                tc filter add dev $h2 ingress chain $i protocol ip \
                        pref 2 handle $index flower \
                        $tcflags ip_proto tcp action drop
        done

        # Add rules to test Bloom filter, each in a different chain
        index=$BASE_INDEX
        tc filter add dev $h2 ingress protocol ip \
                pref 1 handle $((++index)) flower \
                $tcflags dst_ip 192.0.0.0/16 action goto chain 1
        tc filter add dev $h2 ingress chain 1 protocol ip \
                pref 1 handle $((++index)) flower \
                $tcflags action goto chain 2
        tc filter add dev $h2 ingress chain 2 protocol ip \
                pref 1 handle $((++index)) flower \
                $tcflags src_mac $h1mac action goto chain 3
        tc filter add dev $h2 ingress chain 3 protocol ip \
                pref 1 handle $((++index)) flower \
                $tcflags dst_ip 192.0.0.0/8 action goto chain 4
        tc filter add dev $h2 ingress chain 4 protocol ip \
                pref 1 handle $((++index)) flower \
                $tcflags src_ip 192.0.2.0/24 action drop

        # Send a packet that is supposed to hit all chains
        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
                -t ip -q

        for i in $(eval echo {0..$NUM_CHAINS}); do
                index=$((BASE_INDEX + i + 1))
                tc_check_packets "dev $h2 ingress" $index 1
                check_err $? "Did not match chain $i"
        done

        # Rules cleanup
        for i in $(eval echo {$NUM_CHAINS..0}); do
                index=$((BASE_INDEX - i - 1))
                tc filter del dev $h2 ingress chain $i \
                        pref 2 handle $index flower
                index=$((BASE_INDEX + i + 1))
                tc filter del dev $h2 ingress chain $i \
                        pref 1 handle $index flower
        done

        # Chains cleanup
        for i in $(eval echo {$NUM_CHAINS..1}); do
                tc chain del dev $h2 ingress chain $i
        done

        log_test "bloom complex test ($tcflags)"
}


bloom_delta_test()
{
        # When multiple masks are used, the eRP table is activated. When
        # masks are close enough (delta) the masks reside on the same
        # eRP table. This test verifies that the eRP table is correctly
        # allocated and used in delta condition and that Bloom filter is
        # still functional with delta.

        RET=0

        tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
                $tcflags dst_ip 192.1.0.0/16 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.1.2.1 -B 192.1.2.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 103 1
        check_err $? "Single filter - did not match"

        tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
                $tcflags dst_ip 192.2.1.0/24 action drop

        $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.2.1.1 -B 192.2.1.2 \
                -t ip -q

        tc_check_packets "dev $h2 ingress" 102 1
        check_err $? "Delta filters - did not match second filter"

        tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
        tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower

        log_test "bloom delta test ($tcflags)"
}

setup_prepare()
{
        h1=${NETIFS[p1]}
        h2=${NETIFS[p2]}
        h1mac=$(mac_get $h1)
        h2mac=$(mac_get $h2)

        vrf_prepare

        h1_create
        h2_create
}

cleanup()
{
        pre_cleanup

        h2_destroy
        h1_destroy

        vrf_cleanup
}

trap cleanup EXIT

setup_prepare
setup_wait

tests_run

if ! tc_offload_check; then
        check_err 1 "Could not test offloaded functionality"
        log_test "mlxsw-specific tests for tc flower"
        exit
else
        tcflags="skip_sw"
        tests_run
fi

exit $EXIT_STATUS