__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# Test tc-police action.
#
# +---------------------------------+
# | H1 (vrf) |
# | + $h1 |
# | | 192.0.2.1/24 |
# | | |
# | | default via 192.0.2.2 |
# +----|----------------------------+
# |
# +----|----------------------------------------------------------------------+
# | SW | |
# | + $rp1 |
# | 192.0.2.2/24 |
# | |
# | 198.51.100.2/24 203.0.113.2/24 |
# | + $rp2 + $rp3 |
# | | | |
# +----|-----------------------------------------|----------------------------+
# | |
# +----|----------------------------+ +----|----------------------------+
# | | default via 198.51.100.2 | | | default via 203.0.113.2 |
# | | | | | |
# | | 198.51.100.1/24 | | | 203.0.113.1/24 |
# | + $h2 | | + $h3 |
# | H2 (vrf) | | H3 (vrf) |
# +---------------------------------+ +---------------------------------+
ALL_TESTS="
police_rx_test
police_tx_test
police_shared_test
police_rx_mirror_test
police_tx_mirror_test
police_pps_rx_test
police_pps_tx_test
police_mtu_rx_test
police_mtu_tx_test
"
NUM_NETIFS=6
source tc_common.sh
source lib.sh
h1_create()
{
simple_if_init $h1 192.0.2.1/24
ip -4 route add default vrf v$h1 nexthop via 192.0.2.2
}
h1_destroy()
{
ip -4 route del default vrf v$h1 nexthop via 192.0.2.2
simple_if_fini $h1 192.0.2.1/24
}
h2_create()
{
simple_if_init $h2 198.51.100.1/24
ip -4 route add default vrf v$h2 nexthop via 198.51.100.2
tc qdisc add dev $h2 clsact
}
h2_destroy()
{
tc qdisc del dev $h2 clsact
ip -4 route del default vrf v$h2 nexthop via 198.51.100.2
simple_if_fini $h2 198.51.100.1/24
}
h3_create()
{
simple_if_init $h3 203.0.113.1/24
ip -4 route add default vrf v$h3 nexthop via 203.0.113.2
tc qdisc add dev $h3 clsact
}
h3_destroy()
{
tc qdisc del dev $h3 clsact
ip -4 route del default vrf v$h3 nexthop via 203.0.113.2
simple_if_fini $h3 203.0.113.1/24
}
router_create()
{
ip link set dev $rp1 up
ip link set dev $rp2 up
ip link set dev $rp3 up
__addr_add_del $rp1 add 192.0.2.2/24
__addr_add_del $rp2 add 198.51.100.2/24
__addr_add_del $rp3 add 203.0.113.2/24
tc qdisc add dev $rp1 clsact
tc qdisc add dev $rp2 clsact
}
router_destroy()
{
tc qdisc del dev $rp2 clsact
tc qdisc del dev $rp1 clsact
__addr_add_del $rp3 del 203.0.113.2/24
__addr_add_del $rp2 del 198.51.100.2/24
__addr_add_del $rp1 del 192.0.2.2/24
ip link set dev $rp3 down
ip link set dev $rp2 down
ip link set dev $rp1 down
}
police_common_test()
{
local test_name=$1; shift
RET=0
# Rule to measure bandwidth on ingress of $h2
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action drop
mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
-t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
sleep 10
local t1=$(tc_rule_stats_get $h2 1 ingress .bytes)
local er=$((10 * 1000 * 1000))
local nr=$(rate $t0 $t1 10)
local nr_pct=$((100 * (nr - er) / er))
((-10 <= nr_pct && nr_pct <= 10))
check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
log_test "$test_name"
kill_process %%
tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
}
police_rx_test()
{
# Rule to police traffic destined to $h2 on ingress of $rp1
tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action police rate 10mbit burst 16k conform-exceed drop/ok
police_common_test "police on rx"
tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
}
police_tx_test()
{
# Rule to police traffic destined to $h2 on egress of $rp2
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action police rate 10mbit burst 16k conform-exceed drop/ok
police_common_test "police on tx"
tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
}
police_shared_common_test()
{
local dport=$1; shift
local test_name=$1; shift
RET=0
mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
-t udp sp=12345,dp=$dport -p 1000 -c 0 -q &
local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
sleep 10
local t1=$(tc_rule_stats_get $h2 1 ingress .bytes)
local er=$((10 * 1000 * 1000))
local nr=$(rate $t0 $t1 10)
local nr_pct=$((100 * (nr - er) / er))
((-10 <= nr_pct && nr_pct <= 10))
check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
log_test "$test_name"
kill_process %%
}
police_shared_test()
{
# Rule to measure bandwidth on ingress of $h2
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp src_port 12345 \
action drop
# Rule to police traffic destined to $h2 on ingress of $rp1
tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action police rate 10mbit burst 16k conform-exceed drop/ok \
index 10
# Rule to police a different flow destined to $h2 on egress of $rp2
# using same policer
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 22222 \
action police index 10
police_shared_common_test 54321 "police with shared policer - rx"
police_shared_common_test 22222 "police with shared policer - tx"
tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
}
police_mirror_common_test()
{
local pol_if=$1; shift
local dir=$1; shift
local test_name=$1; shift
RET=0
# Rule to measure bandwidth on ingress of $h2
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action drop
# Rule to measure bandwidth of mirrored traffic on ingress of $h3
tc filter add dev $h3 ingress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action drop
# Rule to police traffic destined to $h2 and mirror to $h3
tc filter add dev $pol_if $dir protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action police rate 10mbit burst 16k conform-exceed drop/pipe \
action mirred egress mirror dev $rp3
mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
-t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
sleep 10
local t1=$(tc_rule_stats_get $h2 1 ingress .bytes)
local er=$((10 * 1000 * 1000))
local nr=$(rate $t0 $t1 10)
local nr_pct=$((100 * (nr - er) / er))
((-10 <= nr_pct && nr_pct <= 10))
check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
local t0=$(tc_rule_stats_get $h3 1 ingress .bytes)
sleep 10
local t1=$(tc_rule_stats_get $h3 1 ingress .bytes)
local er=$((10 * 1000 * 1000))
local nr=$(rate $t0 $t1 10)
local nr_pct=$((100 * (nr - er) / er))
((-10 <= nr_pct && nr_pct <= 10))
check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
log_test "$test_name"
kill_process %%
tc filter del dev $pol_if $dir protocol ip pref 1 handle 101 flower
tc filter del dev $h3 ingress protocol ip pref 1 handle 101 flower
tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
}
police_rx_mirror_test()
{
police_mirror_common_test $rp1 ingress "police rx and mirror"
}
police_tx_mirror_test()
{
police_mirror_common_test $rp2 egress "police tx and mirror"
}
police_pps_common_test()
{
local test_name=$1; shift
RET=0
# Rule to measure bandwidth on ingress of $h2
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action drop
mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
-t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
local t0=$(tc_rule_stats_get $h2 1 ingress .packets)
sleep 10
local t1=$(tc_rule_stats_get $h2 1 ingress .packets)
local er=$((2000))
local nr=$(packets_rate $t0 $t1 10)
local nr_pct=$((100 * (nr - er) / er))
((-10 <= nr_pct && nr_pct <= 10))
check_err $? "Expected rate $(humanize $er), got $(humanize $nr), which is $nr_pct% off. Required accuracy is +-10%."
log_test "$test_name"
kill_process %%
tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
}
police_pps_rx_test()
{
# Rule to police traffic destined to $h2 on ingress of $rp1
tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action police pkts_rate 2000 pkts_burst 400 conform-exceed drop/ok
police_pps_common_test "police pps on rx"
tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower
}
police_pps_tx_test()
{
# Rule to police traffic destined to $h2 on egress of $rp2
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action police pkts_rate 2000 pkts_burst 400 conform-exceed drop/ok
police_pps_common_test "police pps on tx"
tc filter del dev $rp2 egress protocol ip pref 1 handle 101 flower
}
police_mtu_common_test() {
RET=0
local test_name=$1; shift
local dev=$1; shift
local direction=$1; shift
tc filter add dev $dev $direction protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action police mtu 1042 conform-exceed drop/ok
# to count "conform" packets
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action drop
mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
-t udp sp=12345,dp=54321 -p 1001 -c 10 -q
mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
-t udp sp=12345,dp=54321 -p 1000 -c 3 -q
tc_check_packets "dev $dev $direction" 101 13
check_err $? "wrong packet counter"
# "exceed" packets
local overlimits_t0=$(tc_rule_stats_get ${dev} 1 ${direction} .overlimits)
test ${overlimits_t0} = 10
check_err $? "wrong overlimits, expected 10 got ${overlimits_t0}"
# "conform" packets
tc_check_packets "dev $h2 ingress" 101 3
check_err $? "forwarding error"
tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
tc filter del dev $dev $direction protocol ip pref 1 handle 101 flower
log_test "$test_name"
}
police_mtu_rx_test()
{
police_mtu_common_test "police mtu (rx)" $rp1 ingress
}
police_mtu_tx_test()
{
police_mtu_common_test "police mtu (tx)" $rp2 egress
}
setup_prepare()
{
h1=${NETIFS[p1]}
rp1=${NETIFS[p2]}
rp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
rp3=${NETIFS[p5]}
h3=${NETIFS[p6]}
vrf_prepare
forwarding_enable
h1_create
h2_create
h3_create
router_create
}
cleanup()
{
pre_cleanup
router_destroy
h3_destroy
h2_destroy
h1_destroy
forwarding_restore
vrf_cleanup
}
trap cleanup EXIT
setup_prepare
setup_wait
tests_run
exit $EXIT_STATUS
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| Makefile | File | 2.94 KB | 0644 |
|
| bridge_fdb_learning_limit.sh | File | 5.8 KB | 0755 |
|
| bridge_igmp.sh | File | 14.71 KB | 0755 |
|
| bridge_locked_port.sh | File | 9.25 KB | 0755 |
|
| bridge_mdb.sh | File | 45.15 KB | 0755 |
|
| bridge_mdb_host.sh | File | 1.66 KB | 0755 |
|
| bridge_mdb_max.sh | File | 29.98 KB | 0755 |
|
| bridge_mdb_port_down.sh | File | 2.24 KB | 0755 |
|
| bridge_mld.sh | File | 16.17 KB | 0755 |
|
| bridge_port_isolation.sh | File | 2.32 KB | 0755 |
|
| bridge_sticky_fdb.sh | File | 1.13 KB | 0755 |
|
| bridge_vlan_aware.sh | File | 4.2 KB | 0755 |
|
| bridge_vlan_mcast.sh | File | 16.74 KB | 0755 |
|
| bridge_vlan_unaware.sh | File | 1.65 KB | 0755 |
|
| custom_multipath_hash.sh | File | 9.8 KB | 0755 |
|
| devlink_lib.sh | File | 12.81 KB | 0644 |
|
| dual_vxlan_bridge.sh | File | 11.21 KB | 0755 |
|
| fib_offload_lib.sh | File | 24.57 KB | 0644 |
|
| gre_custom_multipath_hash.sh | File | 12.51 KB | 0755 |
|
| gre_inner_v4_multipath.sh | File | 7.55 KB | 0755 |
|
| gre_inner_v6_multipath.sh | File | 7.66 KB | 0755 |
|
| gre_multipath.sh | File | 6.29 KB | 0755 |
|
| gre_multipath_nh.sh | File | 8.1 KB | 0755 |
|
| gre_multipath_nh_res.sh | File | 8.25 KB | 0755 |
|
| ip6_forward_instats_vrf.sh | File | 3.04 KB | 0755 |
|
| ip6gre_custom_multipath_hash.sh | File | 12.77 KB | 0755 |
|
| ip6gre_flat.sh | File | 1.18 KB | 0755 |
|
| ip6gre_flat_key.sh | File | 1.24 KB | 0755 |
|
| ip6gre_flat_keys.sh | File | 1.3 KB | 0755 |
|
| ip6gre_hier.sh | File | 1.27 KB | 0755 |
|
| ip6gre_hier_key.sh | File | 1.33 KB | 0755 |
|
| ip6gre_hier_keys.sh | File | 1.39 KB | 0755 |
|
| ip6gre_inner_v4_multipath.sh | File | 7.77 KB | 0755 |
|
| ip6gre_inner_v6_multipath.sh | File | 7.88 KB | 0755 |
|
| ip6gre_lib.sh | File | 15.75 KB | 0644 |
|
| ipip_flat_gre.sh | File | 838 B | 0755 |
|
| ipip_flat_gre_key.sh | File | 860 B | 0755 |
|
| ipip_flat_gre_keys.sh | File | 886 B | 0755 |
|
| ipip_hier_gre.sh | File | 887 B | 0755 |
|
| ipip_hier_gre_key.sh | File | 910 B | 0755 |
|
| ipip_hier_gre_keys.sh | File | 938 B | 0755 |
|
| ipip_lib.sh | File | 8.34 KB | 0644 |
|
| lib.sh | File | 41.63 KB | 0644 |
|
| lib_sh_test.sh | File | 3.57 KB | 0755 |
|
| local_termination.sh | File | 14.42 KB | 0755 |
|
| min_max_mtu.sh | File | 4.74 KB | 0755 |
|
| mirror_gre.sh | File | 2.9 KB | 0755 |
|
| mirror_gre_bound.sh | File | 5.51 KB | 0755 |
|
| mirror_gre_bridge_1d.sh | File | 4.12 KB | 0755 |
|
| mirror_gre_bridge_1d_vlan.sh | File | 2.37 KB | 0755 |
|
| mirror_gre_bridge_1q.sh | File | 3.97 KB | 0755 |
|
| mirror_gre_bridge_1q_lag.sh | File | 7.02 KB | 0755 |
|
| mirror_gre_changes.sh | File | 5.17 KB | 0755 |
|
| mirror_gre_flower.sh | File | 2.61 KB | 0755 |
|
| mirror_gre_lag_lacp.sh | File | 7.48 KB | 0755 |
|
| mirror_gre_lib.sh | File | 3.65 KB | 0644 |
|
| mirror_gre_neigh.sh | File | 2.08 KB | 0755 |
|
| mirror_gre_nh.sh | File | 2.53 KB | 0755 |
|
| mirror_gre_topo_lib.sh | File | 3.45 KB | 0644 |
|
| mirror_gre_vlan.sh | File | 1.36 KB | 0755 |
|
| mirror_gre_vlan_bridge_1q.sh | File | 8.46 KB | 0755 |
|
| mirror_lib.sh | File | 3.72 KB | 0644 |
|
| mirror_topo_lib.sh | File | 2.73 KB | 0644 |
|
| mirror_vlan.sh | File | 1.86 KB | 0755 |
|
| no_forwarding.sh | File | 5.52 KB | 0755 |
|
| pedit_dsfield.sh | File | 6.69 KB | 0755 |
|
| pedit_ip.sh | File | 4.41 KB | 0755 |
|
| pedit_l4port.sh | File | 4.46 KB | 0755 |
|
| q_in_vni.sh | File | 10.71 KB | 0755 |
|
| q_in_vni_ipv6.sh | File | 10.87 KB | 0755 |
|
| router.sh | File | 7.32 KB | 0755 |
|
| router_bridge.sh | File | 3.97 KB | 0755 |
|
| router_bridge_1d.sh | File | 5.1 KB | 0755 |
|
| router_bridge_1d_lag.sh | File | 9.3 KB | 0755 |
|
| router_bridge_lag.sh | File | 6.82 KB | 0755 |
|
| router_bridge_pvid_vlan_upper.sh | File | 3.5 KB | 0755 |
|
| router_bridge_vlan.sh | File | 5.46 KB | 0755 |
|
| router_bridge_vlan_upper.sh | File | 3.92 KB | 0755 |
|
| router_bridge_vlan_upper_pvid.sh | File | 3.7 KB | 0755 |
|
| router_broadcast.sh | File | 5.02 KB | 0755 |
|
| router_mpath_nh.sh | File | 10.73 KB | 0755 |
|
| router_mpath_nh_lib.sh | File | 3.2 KB | 0644 |
|
| router_mpath_nh_res.sh | File | 12.71 KB | 0755 |
|
| router_mpath_seed.sh | File | 7.37 KB | 0755 |
|
| router_multicast.sh | File | 14.6 KB | 0755 |
|
| router_multipath.sh | File | 7.07 KB | 0755 |
|
| router_nh.sh | File | 3.31 KB | 0755 |
|
| router_vid_1.sh | File | 3.52 KB | 0755 |
|
| sch_ets.sh | File | 745 B | 0755 |
|
| sch_ets_core.sh | File | 7.33 KB | 0644 |
|
| sch_ets_tests.sh | File | 4.09 KB | 0644 |
|
| sch_red.sh | File | 11.14 KB | 0755 |
|
| sch_tbf_core.sh | File | 4.77 KB | 0644 |
|
| sch_tbf_ets.sh | File | 118 B | 0755 |
|
| sch_tbf_etsprio.sh | File | 1.37 KB | 0644 |
|
| sch_tbf_prio.sh | File | 118 B | 0755 |
|
| sch_tbf_root.sh | File | 496 B | 0755 |
|
| skbedit_priority.sh | File | 3.87 KB | 0755 |
|
| tc_actions.sh | File | 9.3 KB | 0755 |
|
| tc_chains.sh | File | 4.83 KB | 0755 |
|
| tc_common.sh | File | 710 B | 0644 |
|
| tc_flower.sh | File | 21.24 KB | 0755 |
|
| tc_flower_cfm.sh | File | 4.85 KB | 0755 |
|
| tc_flower_l2_miss.sh | File | 9.13 KB | 0755 |
|
| tc_flower_port_range.sh | File | 7.35 KB | 0755 |
|
| tc_flower_router.sh | File | 3.02 KB | 0755 |
|
| tc_mpls_l2vpn.sh | File | 5.03 KB | 0755 |
|
| tc_police.sh | File | 11.75 KB | 0755 |
|
| tc_shblocks.sh | File | 2.68 KB | 0755 |
|
| tc_tunnel_key.sh | File | 3.71 KB | 0755 |
|
| tc_vlan_modify.sh | File | 3.17 KB | 0755 |
|
| tsn_lib.sh | File | 5.47 KB | 0644 |
|
| vxlan_asymmetric.sh | File | 17.55 KB | 0755 |
|
| vxlan_asymmetric_ipv6.sh | File | 16.03 KB | 0755 |
|
| vxlan_bridge_1d.sh | File | 20.4 KB | 0755 |
|
| vxlan_bridge_1d_ipv6.sh | File | 21.31 KB | 0755 |
|
| vxlan_bridge_1d_port_8472.sh | File | 172 B | 0755 |
|
| vxlan_bridge_1d_port_8472_ipv6.sh | File | 188 B | 0755 |
|
| vxlan_bridge_1q.sh | File | 22.91 KB | 0755 |
|
| vxlan_bridge_1q_ipv6.sh | File | 24.35 KB | 0755 |
|
| vxlan_bridge_1q_port_8472.sh | File | 172 B | 0755 |
|
| vxlan_bridge_1q_port_8472_ipv6.sh | File | 188 B | 0755 |
|
| vxlan_reserved.sh | File | 7.23 KB | 0755 |
|
| vxlan_symmetric.sh | File | 18.05 KB | 0755 |
|
| vxlan_symmetric_ipv6.sh | File | 18.31 KB | 0755 |
|