2 # SPDX-License-Identifier: GPL-2.0
4 # Test tc-police action.
6 # +---------------------------------+
11 # | | default via 192.0.2.2 |
12 # +----|----------------------------+
14 # +----|----------------------------------------------------------------------+
19 # | 198.51.100.2/24 203.0.113.2/24 |
22 # +----|-----------------------------------------|----------------------------+
24 # +----|----------------------------+ +----|----------------------------+
25 # | | default via 198.51.100.2 | | | default via 203.0.113.2 |
27 # | | 198.51.100.1/24 | | | 203.0.113.1/24 |
29 # | H2 (vrf) | | H3 (vrf) |
30 # +---------------------------------+ +---------------------------------+
45 simple_if_init
$h1 192.0.2.1/24
47 ip
-4 route add default vrf v
$h1 nexthop via
192.0.2.2
52 ip
-4 route del default vrf v
$h1 nexthop via
192.0.2.2
54 simple_if_fini
$h1 192.0.2.1/24
59 simple_if_init
$h2 198.51.100.1/24
61 ip
-4 route add default vrf v
$h2 nexthop via
198.51.100.2
63 tc qdisc add dev
$h2 clsact
68 tc qdisc del dev
$h2 clsact
70 ip
-4 route del default vrf v
$h2 nexthop via
198.51.100.2
72 simple_if_fini
$h2 198.51.100.1/24
77 simple_if_init
$h3 203.0.113.1/24
79 ip
-4 route add default vrf v
$h3 nexthop via
203.0.113.2
81 tc qdisc add dev
$h3 clsact
86 tc qdisc del dev
$h3 clsact
88 ip
-4 route del default vrf v
$h3 nexthop via
203.0.113.2
90 simple_if_fini
$h3 203.0.113.1/24
95 ip link
set dev
$rp1 up
96 ip link
set dev
$rp2 up
97 ip link
set dev
$rp3 up
99 __addr_add_del
$rp1 add
192.0.2.2/24
100 __addr_add_del
$rp2 add
198.51.100.2/24
101 __addr_add_del
$rp3 add
203.0.113.2/24
103 tc qdisc add dev
$rp1 clsact
104 tc qdisc add dev
$rp2 clsact
109 tc qdisc del dev
$rp2 clsact
110 tc qdisc del dev
$rp1 clsact
112 __addr_add_del
$rp3 del
203.0.113.2/24
113 __addr_add_del
$rp2 del
198.51.100.2/24
114 __addr_add_del
$rp1 del
192.0.2.2/24
116 ip link
set dev
$rp3 down
117 ip link
set dev
$rp2 down
118 ip link
set dev
$rp1 down
123 local test_name
=$1; shift
127 # Rule to measure bandwidth on ingress of $h2
128 tc filter add dev
$h2 ingress protocol ip pref
1 handle
101 flower \
129 dst_ip
198.51.100.1 ip_proto udp dst_port
54321 \
132 mausezahn
$h1 -a own
-b $
(mac_get
$rp1) -A 192.0.2.1 -B 198.51.100.1 \
133 -t udp sp
=12345,dp
=54321 -p 1000 -c 0 -q &
135 local t0
=$
(tc_rule_stats_get
$h2 1 ingress .bytes
)
137 local t1
=$
(tc_rule_stats_get
$h2 1 ingress .bytes
)
139 local er
=$
((80 * 1000 * 1000))
140 local nr
=$
(rate
$t0 $t1 10)
141 local nr_pct
=$
((100 * (nr
- er
) / er
))
142 ((-10 <= nr_pct
&& nr_pct
<= 10))
143 check_err $?
"Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
145 log_test
"$test_name"
147 { kill %% && wait %%; } 2>/dev
/null
148 tc filter del dev
$h2 ingress protocol ip pref
1 handle
101 flower
153 # Rule to police traffic destined to $h2 on ingress of $rp1
154 tc filter add dev
$rp1 ingress protocol ip pref
1 handle
101 flower \
155 dst_ip
198.51.100.1 ip_proto udp dst_port
54321 \
156 action police rate
80mbit burst
16k conform-exceed drop
/ok
158 police_common_test
"police on rx"
160 tc filter del dev
$rp1 ingress protocol ip pref
1 handle
101 flower
165 # Rule to police traffic destined to $h2 on egress of $rp2
166 tc filter add dev
$rp2 egress protocol ip pref
1 handle
101 flower \
167 dst_ip
198.51.100.1 ip_proto udp dst_port
54321 \
168 action police rate
80mbit burst
16k conform-exceed drop
/ok
170 police_common_test
"police on tx"
172 tc filter del dev
$rp2 egress protocol ip pref
1 handle
101 flower
175 police_shared_common_test
()
177 local dport
=$1; shift
178 local test_name
=$1; shift
182 mausezahn
$h1 -a own
-b $
(mac_get
$rp1) -A 192.0.2.1 -B 198.51.100.1 \
183 -t udp sp
=12345,dp
=$dport -p 1000 -c 0 -q &
185 local t0
=$
(tc_rule_stats_get
$h2 1 ingress .bytes
)
187 local t1
=$
(tc_rule_stats_get
$h2 1 ingress .bytes
)
189 local er
=$
((80 * 1000 * 1000))
190 local nr
=$
(rate
$t0 $t1 10)
191 local nr_pct
=$
((100 * (nr
- er
) / er
))
192 ((-10 <= nr_pct
&& nr_pct
<= 10))
193 check_err $?
"Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
195 log_test
"$test_name"
197 { kill %% && wait %%; } 2>/dev
/null
202 # Rule to measure bandwidth on ingress of $h2
203 tc filter add dev
$h2 ingress protocol ip pref
1 handle
101 flower \
204 dst_ip
198.51.100.1 ip_proto udp src_port
12345 \
207 # Rule to police traffic destined to $h2 on ingress of $rp1
208 tc filter add dev
$rp1 ingress protocol ip pref
1 handle
101 flower \
209 dst_ip
198.51.100.1 ip_proto udp dst_port
54321 \
210 action police rate
80mbit burst
16k conform-exceed drop
/ok \
213 # Rule to police a different flow destined to $h2 on egress of $rp2
215 tc filter add dev
$rp2 egress protocol ip pref
1 handle
101 flower \
216 dst_ip
198.51.100.1 ip_proto udp dst_port
22222 \
217 action police index
10
219 police_shared_common_test
54321 "police with shared policer - rx"
221 police_shared_common_test
22222 "police with shared policer - tx"
223 tc filter del dev
$rp2 egress protocol ip pref
1 handle
101 flower
224 tc filter del dev
$rp1 ingress protocol ip pref
1 handle
101 flower
225 tc filter del dev
$h2 ingress protocol ip pref
1 handle
101 flower
228 police_mirror_common_test
()
230 local pol_if
=$1; shift
232 local test_name
=$1; shift
236 # Rule to measure bandwidth on ingress of $h2
237 tc filter add dev
$h2 ingress protocol ip pref
1 handle
101 flower \
238 dst_ip
198.51.100.1 ip_proto udp dst_port
54321 \
241 # Rule to measure bandwidth of mirrored traffic on ingress of $h3
242 tc filter add dev
$h3 ingress protocol ip pref
1 handle
101 flower \
243 dst_ip
198.51.100.1 ip_proto udp dst_port
54321 \
246 # Rule to police traffic destined to $h2 and mirror to $h3
247 tc filter add dev
$pol_if $dir protocol ip pref
1 handle
101 flower \
248 dst_ip
198.51.100.1 ip_proto udp dst_port
54321 \
249 action police rate
80mbit burst
16k conform-exceed drop
/pipe \
250 action mirred egress mirror dev
$rp3
252 mausezahn
$h1 -a own
-b $
(mac_get
$rp1) -A 192.0.2.1 -B 198.51.100.1 \
253 -t udp sp
=12345,dp
=54321 -p 1000 -c 0 -q &
255 local t0
=$
(tc_rule_stats_get
$h2 1 ingress .bytes
)
257 local t1
=$
(tc_rule_stats_get
$h2 1 ingress .bytes
)
259 local er
=$
((80 * 1000 * 1000))
260 local nr
=$
(rate
$t0 $t1 10)
261 local nr_pct
=$
((100 * (nr
- er
) / er
))
262 ((-10 <= nr_pct
&& nr_pct
<= 10))
263 check_err $?
"Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
265 local t0
=$
(tc_rule_stats_get
$h3 1 ingress .bytes
)
267 local t1
=$
(tc_rule_stats_get
$h3 1 ingress .bytes
)
269 local er
=$
((80 * 1000 * 1000))
270 local nr
=$
(rate
$t0 $t1 10)
271 local nr_pct
=$
((100 * (nr
- er
) / er
))
272 ((-10 <= nr_pct
&& nr_pct
<= 10))
273 check_err $?
"Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
275 log_test
"$test_name"
277 { kill %% && wait %%; } 2>/dev
/null
278 tc filter del dev
$pol_if $dir protocol ip pref
1 handle
101 flower
279 tc filter del dev
$h3 ingress protocol ip pref
1 handle
101 flower
280 tc filter del dev
$h2 ingress protocol ip pref
1 handle
101 flower
283 police_rx_mirror_test
()
285 police_mirror_common_test
$rp1 ingress
"police rx and mirror"
288 police_tx_mirror_test
()
290 police_mirror_common_test
$rp2 egress
"police tx and mirror"