2 # SPDX-License-Identifier: GPL-2.0
4 # Test tc-police action.
6 # +---------------------------------+
11 # | | default via 192.0.2.2 |
12 # +----|----------------------------+
14 # +----|----------------------------------------------------------------------+
19 # | 198.51.100.2/24 203.0.113.2/24 |
22 # +----|-----------------------------------------|----------------------------+
24 # +----|----------------------------+ +----|----------------------------+
25 # | | default via 198.51.100.2 | | | default via 203.0.113.2 |
27 # | | 198.51.100.1/24 | | | 203.0.113.1/24 |
29 # | H2 (vrf) | | H3 (vrf) |
30 # +---------------------------------+ +---------------------------------+
47 simple_if_init $h1 192.0.2.1/24
49 ip -4 route add default vrf v$h1 nexthop via 192.0.2.2
54 ip -4 route del default vrf v$h1 nexthop via 192.0.2.2
56 simple_if_fini $h1 192.0.2.1/24
61 simple_if_init $h2 198.51.100.1/24
63 ip -4 route add default vrf v$h2 nexthop via 198.51.100.2
65 tc qdisc add dev $h2 clsact
70 tc qdisc del dev $h2 clsact
72 ip -4 route del default vrf v$h2 nexthop via 198.51.100.2
74 simple_if_fini $h2 198.51.100.1/24
79 simple_if_init $h3 203.0.113.1/24
81 ip -4 route add default vrf v$h3 nexthop via 203.0.113.2
83 tc qdisc add dev $h3 clsact
88 tc qdisc del dev $h3 clsact
90 ip -4 route del default vrf v$h3 nexthop via 203.0.113.2
92 simple_if_fini $h3 203.0.113.1/24
97 ip link set dev $rp1 up
98 ip link set dev $rp2 up
99 ip link set dev $rp3 up
101 __addr_add_del $rp1 add 192.0.2.2/24
102 __addr_add_del $rp2 add 198.51.100.2/24
103 __addr_add_del $rp3 add 203.0.113.2/24
105 tc qdisc add dev $rp1 clsact
106 tc qdisc add dev $rp2 clsact
111 tc qdisc del dev $rp2 clsact
112 tc qdisc del dev $rp1 clsact
114 __addr_add_del $rp3 del 203.0.113.2/24
115 __addr_add_del $rp2 del 198.51.100.2/24
116 __addr_add_del $rp1 del 192.0.2.2/24
118 ip link set dev $rp3 down
119 ip link set dev $rp2 down
120 ip link set dev $rp1 down
125 local test_name=$1; shift
129 # Rule to measure bandwidth on ingress of $h2
130 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
131 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
134 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
135 -t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
137 local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
139 local t1=$(tc_rule_stats_get $h2 1 ingress .bytes)
141 local er=$((80 * 1000 * 1000))
142 local nr=$(rate $t0 $t1 10)
143 local nr_pct=$((100 * (nr - er) / er))
144 ((-10 <= nr_pct && nr_pct <= 10))
145 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
147 log_test "$test_name"
149 { kill %% && wait %%; } 2>/dev/null
150 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
155 # Rule to police traffic destined to $h2 on ingress of $rp1
156 tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
157 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
158 action police rate 80mbit burst 16k conform-exceed drop/ok
160 police_common_test "police on rx"
162 tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
167 # Rule to police traffic destined to $h2 on egress of $rp2
168 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \
169 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
170 action police rate 80mbit burst 16k conform-exceed drop/ok
172 police_common_test "police on tx"
174 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
177 police_shared_common_test()
179 local dport=$1; shift
180 local test_name=$1; shift
184 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
185 -t udp sp=12345,dp=$dport -p 1000 -c 0 -q &
187 local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
189 local t1=$(tc_rule_stats_get $h2 1 ingress .bytes)
191 local er=$((80 * 1000 * 1000))
192 local nr=$(rate $t0 $t1 10)
193 local nr_pct=$((100 * (nr - er) / er))
194 ((-10 <= nr_pct && nr_pct <= 10))
195 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
197 log_test "$test_name"
199 { kill %% && wait %%; } 2>/dev/null
204 # Rule to measure bandwidth on ingress of $h2
205 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
206 dst_ip 198.51.100.1 ip_proto udp src_port 12345 \
209 # Rule to police traffic destined to $h2 on ingress of $rp1
210 tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
211 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
212 action police rate 80mbit burst 16k conform-exceed drop/ok \
215 # Rule to police a different flow destined to $h2 on egress of $rp2
217 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \
218 dst_ip 198.51.100.1 ip_proto udp dst_port 22222 \
219 action police index 10
221 police_shared_common_test 54321 "police with shared policer - rx"
223 police_shared_common_test 22222 "police with shared policer - tx"
225 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
226 tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
227 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
230 police_mirror_common_test()
232 local pol_if=$1; shift
234 local test_name=$1; shift
238 # Rule to measure bandwidth on ingress of $h2
239 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
240 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
243 # Rule to measure bandwidth of mirrored traffic on ingress of $h3
244 tc filter add dev $h3 ingress protocol ip pref 1 handle 101 flower \
245 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
248 # Rule to police traffic destined to $h2 and mirror to $h3
249 tc filter add dev $pol_if $dir protocol ip pref 1 handle 101 flower \
250 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
251 action police rate 80mbit burst 16k conform-exceed drop/pipe \
252 action mirred egress mirror dev $rp3
254 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
255 -t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
257 local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
259 local t1=$(tc_rule_stats_get $h2 1 ingress .bytes)
261 local er=$((80 * 1000 * 1000))
262 local nr=$(rate $t0 $t1 10)
263 local nr_pct=$((100 * (nr - er) / er))
264 ((-10 <= nr_pct && nr_pct <= 10))
265 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
267 local t0=$(tc_rule_stats_get $h3 1 ingress .bytes)
269 local t1=$(tc_rule_stats_get $h3 1 ingress .bytes)
271 local er=$((80 * 1000 * 1000))
272 local nr=$(rate $t0 $t1 10)
273 local nr_pct=$((100 * (nr - er) / er))
274 ((-10 <= nr_pct && nr_pct <= 10))
275 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
277 log_test "$test_name"
279 { kill %% && wait %%; } 2>/dev/null
280 tc filter del dev $pol_if $dir protocol ip pref 1 handle 101 flower
281 tc filter del dev $h3 ingress protocol ip pref 1 handle 101 flower
282 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
285 police_rx_mirror_test()
287 police_mirror_common_test $rp1 ingress "police rx and mirror"
290 police_tx_mirror_test()
292 police_mirror_common_test $rp2 egress "police tx and mirror"
295 police_pps_common_test()
297 local test_name=$1; shift
301 # Rule to measure bandwidth on ingress of $h2
302 tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
303 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
306 mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
307 -t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
309 local t0=$(tc_rule_stats_get $h2 1 ingress .packets)
311 local t1=$(tc_rule_stats_get $h2 1 ingress .packets)
314 local nr=$(packets_rate $t0 $t1 10)
315 local nr_pct=$((100 * (nr - er) / er))
316 ((-10 <= nr_pct && nr_pct <= 10))
317 check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
319 log_test "$test_name"
321 { kill %% && wait %%; } 2>/dev/null
322 tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
327 # Rule to police traffic destined to $h2 on ingress of $rp1
328 tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
329 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
330 action police pkts_rate 2000 pkts_burst 400 conform-exceed drop/ok
332 police_pps_common_test "police pps on rx"
334 tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
339 # Rule to police traffic destined to $h2 on egress of $rp2
340 tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \
341 dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
342 action police pkts_rate 2000 pkts_burst 400 conform-exceed drop/ok
344 police_pps_common_test "police pps on tx"
346 tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower