forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2024-10-09 05e59e5fb0064c97a1c10921ecd549f2d4a58565 
 kernel/tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh
....@@ -8,10 +8,13 @@
88 lib_dir=$(dirname $0)/../../../../net/forwarding
99 
1010 ALL_TESTS="single_mask_test identical_filters_test two_masks_test \
11
-	multiple_masks_test ctcam_edge_cases_test"
11
+	multiple_masks_test ctcam_edge_cases_test delta_simple_test \
12
+	delta_two_masks_one_key_test delta_simple_rehash_test \
13
+	bloom_simple_test bloom_complex_test bloom_delta_test"
1214 NUM_NETIFS=2
13
-source $lib_dir/tc_common.sh
1415 source $lib_dir/lib.sh
16
+source $lib_dir/tc_common.sh
17
+source $lib_dir/devlink_lib.sh
1518 
1619 tcflags="skip_hw"
1720 
....@@ -35,6 +38,55 @@
3538 {
3639 	tc qdisc del dev $h2 clsact
3740 	simple_if_fini $h2 192.0.2.2/24 198.51.100.2/24
41
+}
42
+
43
+tp_record()
44
+{
45
+	local tracepoint=$1
46
+	local cmd=$2
47
+
48
+	perf record -q -e $tracepoint $cmd
49
+	return $?
50
+}
51
+
52
+tp_record_all()
53
+{
54
+	local tracepoint=$1
55
+	local seconds=$2
56
+
57
+	perf record -a -q -e $tracepoint sleep $seconds
58
+	return $?
59
+}
60
+
61
+__tp_hit_count()
62
+{
63
+	local tracepoint=$1
64
+
65
+	local perf_output=`perf script -F trace:event,trace`
66
+	return `echo $perf_output | grep "$tracepoint:" | wc -l`
67
+}
68
+
69
+tp_check_hits()
70
+{
71
+	local tracepoint=$1
72
+	local count=$2
73
+
74
+	__tp_hit_count $tracepoint
75
+	if [[ "$?" -ne "$count" ]]; then
76
+		return 1
77
+	fi
78
+	return 0
79
+}
80
+
81
+tp_check_hits_any()
82
+{
83
+	local tracepoint=$1
84
+
85
+	__tp_hit_count $tracepoint
86
+	if [[ "$?" -eq "0" ]]; then
87
+		return 1
88
+	fi
89
+	return 0
3890 }
3991 
4092 single_mask_test()
....@@ -142,7 +194,7 @@
142194 	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
143195 		$tcflags dst_ip 192.0.2.2 action drop
144196 	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
145
-		$tcflags dst_ip 192.0.0.0/16 action drop
197
+		$tcflags dst_ip 192.0.0.0/8 action drop
146198 
147199 	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
148200 		-t ip -q
....@@ -181,20 +233,38 @@
181233 	# spillage is performed correctly and that the right filter is
182234 	# matched
183235 
236
+	if [[ "$tcflags" != "skip_sw" ]]; then
237
+		return 0;
238
+	fi
239
+
184240 	local index
185241 
186242 	RET=0
187243 
188244 	NUM_MASKS=32
245
+	NUM_ERPS=16
189246 	BASE_INDEX=100
190247 
191248 	for i in $(eval echo {1..$NUM_MASKS}); do
192249 		index=$((BASE_INDEX - i))
193250 
194
-		tc filter add dev $h2 ingress protocol ip pref $index \
195
-			handle $index \
196
-			flower $tcflags dst_ip 192.0.2.2/${i} src_ip 192.0.2.1 \
197
-			action drop
251
+		if ((i > NUM_ERPS)); then
252
+			exp_hits=1
253
+			err_msg="$i filters - C-TCAM spill did not happen when it was expected"
254
+		else
255
+			exp_hits=0
256
+			err_msg="$i filters - C-TCAM spill happened when it should not"
257
+		fi
258
+
259
+		tp_record "mlxsw:mlxsw_sp_acl_atcam_entry_add_ctcam_spill" \
260
+			"tc filter add dev $h2 ingress protocol ip pref $index \
261
+				handle $index \
262
+				flower $tcflags \
263
+				dst_ip 192.0.2.2/${i} src_ip 192.0.2.1/${i} \
264
+				action drop"
265
+		tp_check_hits "mlxsw:mlxsw_sp_acl_atcam_entry_add_ctcam_spill" \
266
+				$exp_hits
267
+		check_err $? "$err_msg"
198268 
199269 		$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 \
200270 			-B 192.0.2.2 -t ip -q
....@@ -235,7 +305,7 @@
235305 		$tcflags dst_ip 192.0.2.2 action drop
236306 	# Filter goes into A-TCAM
237307 	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
238
-		$tcflags dst_ip 192.0.2.0/24 action drop
308
+		$tcflags dst_ip 192.0.0.0/16 action drop
239309 
240310 	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
241311 		-t ip -q
....@@ -324,6 +394,595 @@
324394 	ctcam_no_atcam_masks_test
325395 }
326396 
397
+delta_simple_test()
398
+{
399
+	# The first filter will create eRP, the second filter will fit into
400
+	# the first eRP with delta. Remove the first rule then and check that
401
+        # the eRP stays (referenced by the second filter).
402
+
403
+	RET=0
404
+
405
+	if [[ "$tcflags" != "skip_sw" ]]; then
406
+		return 0;
407
+	fi
408
+
409
+	tp_record "objagg:*" "tc filter add dev $h2 ingress protocol ip \
410
+		   pref 1 handle 101 flower $tcflags dst_ip 192.0.0.0/24 \
411
+		   action drop"
412
+	tp_check_hits "objagg:objagg_obj_root_create" 1
413
+	check_err $? "eRP was not created"
414
+
415
+	tp_record "objagg:*" "tc filter add dev $h2 ingress protocol ip \
416
+		   pref 2 handle 102 flower $tcflags dst_ip 192.0.2.2 \
417
+		   action drop"
418
+	tp_check_hits "objagg:objagg_obj_root_create" 0
419
+	check_err $? "eRP was incorrectly created"
420
+	tp_check_hits "objagg:objagg_obj_parent_assign" 1
421
+	check_err $? "delta was not created"
422
+
423
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
424
+		-t ip -q
425
+
426
+	tc_check_packets "dev $h2 ingress" 101 1
427
+	check_fail $? "Matched a wrong filter"
428
+
429
+	tc_check_packets "dev $h2 ingress" 102 1
430
+	check_err $? "Did not match on correct filter"
431
+
432
+	tp_record "objagg:*" "tc filter del dev $h2 ingress protocol ip \
433
+		   pref 1 handle 101 flower"
434
+	tp_check_hits "objagg:objagg_obj_root_destroy" 0
435
+	check_err $? "eRP was incorrectly destroyed"
436
+	tp_check_hits "objagg:objagg_obj_parent_unassign" 0
437
+	check_err $? "delta was incorrectly destroyed"
438
+
439
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
440
+		-t ip -q
441
+
442
+	tc_check_packets "dev $h2 ingress" 102 2
443
+	check_err $? "Did not match on correct filter after the first was removed"
444
+
445
+	tp_record "objagg:*" "tc filter del dev $h2 ingress protocol ip \
446
+		   pref 2 handle 102 flower"
447
+	tp_check_hits "objagg:objagg_obj_parent_unassign" 1
448
+	check_err $? "delta was not destroyed"
449
+	tp_check_hits "objagg:objagg_obj_root_destroy" 1
450
+	check_err $? "eRP was not destroyed"
451
+
452
+	log_test "delta simple test ($tcflags)"
453
+}
454
+
455
+delta_two_masks_one_key_test()
456
+{
457
+	# If 2 keys are the same and only differ in mask in a way that
458
+	# they belong under the same ERP (second is delta of the first),
459
+	# there should be no C-TCAM spill.
460
+
461
+	RET=0
462
+
463
+	if [[ "$tcflags" != "skip_sw" ]]; then
464
+		return 0;
465
+	fi
466
+
467
+	tp_record "mlxsw:*" "tc filter add dev $h2 ingress protocol ip \
468
+		   pref 1 handle 101 flower $tcflags dst_ip 192.0.2.0/24 \
469
+		   action drop"
470
+	tp_check_hits "mlxsw:mlxsw_sp_acl_atcam_entry_add_ctcam_spill" 0
471
+	check_err $? "incorrect C-TCAM spill while inserting the first rule"
472
+
473
+	tp_record "mlxsw:*" "tc filter add dev $h2 ingress protocol ip \
474
+		   pref 2 handle 102 flower $tcflags dst_ip 192.0.2.2 \
475
+		   action drop"
476
+	tp_check_hits "mlxsw:mlxsw_sp_acl_atcam_entry_add_ctcam_spill" 0
477
+	check_err $? "incorrect C-TCAM spill while inserting the second rule"
478
+
479
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
480
+		-t ip -q
481
+
482
+	tc_check_packets "dev $h2 ingress" 101 1
483
+	check_err $? "Did not match on correct filter"
484
+
485
+	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
486
+
487
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
488
+		-t ip -q
489
+
490
+	tc_check_packets "dev $h2 ingress" 102 1
491
+	check_err $? "Did not match on correct filter"
492
+
493
+	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
494
+
495
+	log_test "delta two masks one key test ($tcflags)"
496
+}
497
+
498
+delta_simple_rehash_test()
499
+{
500
+	RET=0
501
+
502
+	if [[ "$tcflags" != "skip_sw" ]]; then
503
+		return 0;
504
+	fi
505
+
506
+	devlink dev param set $DEVLINK_DEV \
507
+		name acl_region_rehash_interval cmode runtime value 0
508
+	check_err $? "Failed to set ACL region rehash interval"
509
+
510
+	tp_record_all mlxsw:mlxsw_sp_acl_tcam_vregion_rehash 7
511
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
512
+	check_fail $? "Rehash trace was hit even when rehash should be disabled"
513
+
514
+	devlink dev param set $DEVLINK_DEV \
515
+		name acl_region_rehash_interval cmode runtime value 3000
516
+	check_err $? "Failed to set ACL region rehash interval"
517
+
518
+	sleep 1
519
+
520
+	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
521
+		$tcflags dst_ip 192.0.1.0/25 action drop
522
+	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
523
+		$tcflags dst_ip 192.0.2.2 action drop
524
+	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
525
+		$tcflags dst_ip 192.0.3.0/24 action drop
526
+
527
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
528
+		-t ip -q
529
+
530
+	tc_check_packets "dev $h2 ingress" 101 1
531
+	check_fail $? "Matched a wrong filter"
532
+
533
+	tc_check_packets "dev $h2 ingress" 103 1
534
+	check_fail $? "Matched a wrong filter"
535
+
536
+	tc_check_packets "dev $h2 ingress" 102 1
537
+	check_err $? "Did not match on correct filter"
538
+
539
+	tp_record_all mlxsw:* 3
540
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
541
+	check_err $? "Rehash trace was not hit"
542
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate
543
+	check_err $? "Migrate trace was not hit"
544
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate_end
545
+	check_err $? "Migrate end trace was not hit"
546
+	tp_record_all mlxsw:* 3
547
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
548
+	check_err $? "Rehash trace was not hit"
549
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate
550
+	check_fail $? "Migrate trace was hit when no migration should happen"
551
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate_end
552
+	check_fail $? "Migrate end trace was hit when no migration should happen"
553
+
554
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
555
+		-t ip -q
556
+
557
+	tc_check_packets "dev $h2 ingress" 101 1
558
+	check_fail $? "Matched a wrong filter after rehash"
559
+
560
+	tc_check_packets "dev $h2 ingress" 103 1
561
+	check_fail $? "Matched a wrong filter after rehash"
562
+
563
+	tc_check_packets "dev $h2 ingress" 102 2
564
+	check_err $? "Did not match on correct filter after rehash"
565
+
566
+	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
567
+	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
568
+	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
569
+
570
+	log_test "delta simple rehash test ($tcflags)"
571
+}
572
+
573
+delta_simple_ipv6_rehash_test()
574
+{
575
+	RET=0
576
+
577
+	if [[ "$tcflags" != "skip_sw" ]]; then
578
+		return 0;
579
+	fi
580
+
581
+	devlink dev param set $DEVLINK_DEV \
582
+		name acl_region_rehash_interval cmode runtime value 0
583
+	check_err $? "Failed to set ACL region rehash interval"
584
+
585
+	tp_record_all mlxsw:mlxsw_sp_acl_tcam_vregion_rehash 7
586
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
587
+	check_fail $? "Rehash trace was hit even when rehash should be disabled"
588
+
589
+	devlink dev param set $DEVLINK_DEV \
590
+		name acl_region_rehash_interval cmode runtime value 3000
591
+	check_err $? "Failed to set ACL region rehash interval"
592
+
593
+	sleep 1
594
+
595
+	tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 101 flower \
596
+		$tcflags dst_ip 2001:db8:1::0/121 action drop
597
+	tc filter add dev $h2 ingress protocol ipv6 pref 2 handle 102 flower \
598
+		$tcflags dst_ip 2001:db8:2::2 action drop
599
+	tc filter add dev $h2 ingress protocol ipv6 pref 3 handle 103 flower \
600
+		$tcflags dst_ip 2001:db8:3::0/120 action drop
601
+
602
+	$MZ $h1 -6 -c 1 -p 64 -a $h1mac -b $h2mac \
603
+		-A 2001:db8:2::1 -B 2001:db8:2::2 -t udp -q
604
+
605
+	tc_check_packets "dev $h2 ingress" 101 1
606
+	check_fail $? "Matched a wrong filter"
607
+
608
+	tc_check_packets "dev $h2 ingress" 103 1
609
+	check_fail $? "Matched a wrong filter"
610
+
611
+	tc_check_packets "dev $h2 ingress" 102 1
612
+	check_err $? "Did not match on correct filter"
613
+
614
+	tp_record_all mlxsw:* 3
615
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
616
+	check_err $? "Rehash trace was not hit"
617
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate
618
+	check_err $? "Migrate trace was not hit"
619
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate_end
620
+	check_err $? "Migrate end trace was not hit"
621
+	tp_record_all mlxsw:* 3
622
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
623
+	check_err $? "Rehash trace was not hit"
624
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate
625
+	check_fail $? "Migrate trace was hit when no migration should happen"
626
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_migrate_end
627
+	check_fail $? "Migrate end trace was hit when no migration should happen"
628
+
629
+	$MZ $h1 -6 -c 1 -p 64 -a $h1mac -b $h2mac \
630
+		-A 2001:db8:2::1 -B 2001:db8:2::2 -t udp -q
631
+
632
+	tc_check_packets "dev $h2 ingress" 101 1
633
+	check_fail $? "Matched a wrong filter after rehash"
634
+
635
+	tc_check_packets "dev $h2 ingress" 103 1
636
+	check_fail $? "Matched a wrong filter after rehash"
637
+
638
+	tc_check_packets "dev $h2 ingress" 102 2
639
+	check_err $? "Did not match on correct filter after rehash"
640
+
641
+	tc filter del dev $h2 ingress protocol ipv6 pref 3 handle 103 flower
642
+	tc filter del dev $h2 ingress protocol ipv6 pref 2 handle 102 flower
643
+	tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 101 flower
644
+
645
+	log_test "delta simple IPv6 rehash test ($tcflags)"
646
+}
647
+
648
+TEST_RULE_BASE=256
649
+declare -a test_rules_inserted
650
+
651
+test_rule_add()
652
+{
653
+	local iface=$1
654
+	local tcflags=$2
655
+	local index=$3
656
+
657
+	if ! [ ${test_rules_inserted[$index]} ] ; then
658
+		test_rules_inserted[$index]=false
659
+	fi
660
+	if ${test_rules_inserted[$index]} ; then
661
+		return
662
+	fi
663
+
664
+	local number=$(( $index + $TEST_RULE_BASE ))
665
+	printf -v hexnumber '%x' $number
666
+
667
+	batch="${batch}filter add dev $iface ingress protocol ipv6 pref 1 \
668
+		handle $number flower $tcflags \
669
+		src_ip 2001:db8:1::$hexnumber action drop\n"
670
+	test_rules_inserted[$index]=true
671
+}
672
+
673
+test_rule_del()
674
+{
675
+	local iface=$1
676
+	local index=$2
677
+
678
+	if ! [ ${test_rules_inserted[$index]} ] ; then
679
+		test_rules_inserted[$index]=false
680
+	fi
681
+	if ! ${test_rules_inserted[$index]} ; then
682
+		return
683
+	fi
684
+
685
+	local number=$(( $index + $TEST_RULE_BASE ))
686
+	printf -v hexnumber '%x' $number
687
+
688
+	batch="${batch}filter del dev $iface ingress protocol ipv6 pref 1 \
689
+		handle $number flower\n"
690
+	test_rules_inserted[$index]=false
691
+}
692
+
693
+test_rule_add_or_remove()
694
+{
695
+	local iface=$1
696
+	local tcflags=$2
697
+	local index=$3
698
+
699
+	if ! [ ${test_rules_inserted[$index]} ] ; then
700
+		test_rules_inserted[$index]=false
701
+	fi
702
+	if ${test_rules_inserted[$index]} ; then
703
+		test_rule_del $iface $index
704
+	else
705
+		test_rule_add $iface $tcflags $index
706
+	fi
707
+}
708
+
709
+test_rule_add_or_remove_random_batch()
710
+{
711
+	local iface=$1
712
+	local tcflags=$2
713
+	local total_count=$3
714
+	local skip=0
715
+	local count=0
716
+	local MAXSKIP=20
717
+	local MAXCOUNT=20
718
+
719
+	for ((i=1;i<=total_count;i++)); do
720
+		if (( $skip == 0 )) && (($count == 0)); then
721
+			((skip=$RANDOM % $MAXSKIP + 1))
722
+			((count=$RANDOM % $MAXCOUNT + 1))
723
+		fi
724
+		if (( $skip != 0 )); then
725
+			((skip-=1))
726
+		else
727
+			((count-=1))
728
+			test_rule_add_or_remove $iface $tcflags $i
729
+		fi
730
+	done
731
+}
732
+
733
+delta_massive_ipv6_rehash_test()
734
+{
735
+	RET=0
736
+
737
+	if [[ "$tcflags" != "skip_sw" ]]; then
738
+		return 0;
739
+	fi
740
+
741
+	devlink dev param set $DEVLINK_DEV \
742
+		name acl_region_rehash_interval cmode runtime value 0
743
+	check_err $? "Failed to set ACL region rehash interval"
744
+
745
+	tp_record_all mlxsw:mlxsw_sp_acl_tcam_vregion_rehash 7
746
+	tp_check_hits_any mlxsw:mlxsw_sp_acl_tcam_vregion_rehash
747
+	check_fail $? "Rehash trace was hit even when rehash should be disabled"
748
+
749
+	RANDOM=4432897
750
+	declare batch=""
751
+	test_rule_add_or_remove_random_batch $h2 $tcflags 5000
752
+
753
+	echo -n -e $batch | tc -b -
754
+
755
+	declare batch=""
756
+	test_rule_add_or_remove_random_batch $h2 $tcflags 5000
757
+
758
+	devlink dev param set $DEVLINK_DEV \
759
+		name acl_region_rehash_interval cmode runtime value 3000
760
+	check_err $? "Failed to set ACL region rehash interval"
761
+
762
+	sleep 1
763
+
764
+	tc filter add dev $h2 ingress protocol ipv6 pref 1 handle 101 flower \
765
+		$tcflags dst_ip 2001:db8:1::0/121 action drop
766
+	tc filter add dev $h2 ingress protocol ipv6 pref 2 handle 102 flower \
767
+		$tcflags dst_ip 2001:db8:2::2 action drop
768
+	tc filter add dev $h2 ingress protocol ipv6 pref 3 handle 103 flower \
769
+		$tcflags dst_ip 2001:db8:3::0/120 action drop
770
+
771
+	$MZ $h1 -6 -c 1 -p 64 -a $h1mac -b $h2mac \
772
+		-A 2001:db8:2::1 -B 2001:db8:2::2 -t udp -q
773
+
774
+	tc_check_packets "dev $h2 ingress" 101 1
775
+	check_fail $? "Matched a wrong filter"
776
+
777
+	tc_check_packets "dev $h2 ingress" 103 1
778
+	check_fail $? "Matched a wrong filter"
779
+
780
+	tc_check_packets "dev $h2 ingress" 102 1
781
+	check_err $? "Did not match on correct filter"
782
+
783
+	echo -n -e $batch | tc -b -
784
+
785
+	devlink dev param set $DEVLINK_DEV \
786
+		name acl_region_rehash_interval cmode runtime value 0
787
+	check_err $? "Failed to set ACL region rehash interval"
788
+
789
+	$MZ $h1 -6 -c 1 -p 64 -a $h1mac -b $h2mac \
790
+		-A 2001:db8:2::1 -B 2001:db8:2::2 -t udp -q
791
+
792
+	tc_check_packets "dev $h2 ingress" 101 1
793
+	check_fail $? "Matched a wrong filter after rehash"
794
+
795
+	tc_check_packets "dev $h2 ingress" 103 1
796
+	check_fail $? "Matched a wrong filter after rehash"
797
+
798
+	tc_check_packets "dev $h2 ingress" 102 2
799
+	check_err $? "Did not match on correct filter after rehash"
800
+
801
+	tc filter del dev $h2 ingress protocol ipv6 pref 3 handle 103 flower
802
+	tc filter del dev $h2 ingress protocol ipv6 pref 2 handle 102 flower
803
+	tc filter del dev $h2 ingress protocol ipv6 pref 1 handle 101 flower
804
+
805
+	declare batch=""
806
+	for i in {1..5000}; do
807
+		test_rule_del $h2 $tcflags $i
808
+	done
809
+	echo -e $batch | tc -b -
810
+
811
+	log_test "delta massive IPv6 rehash test ($tcflags)"
812
+}
813
+
814
+bloom_simple_test()
815
+{
816
+	# Bloom filter requires that the eRP table is used. This test
817
+	# verifies that Bloom filter is not harming correctness of ACLs.
818
+	# First, make sure that eRP table is used and then set rule patterns
819
+	# which are distant enough and will result skipping a lookup after
820
+	# consulting the Bloom filter. Although some eRP lookups are skipped,
821
+	# the correct filter should be hit.
822
+
823
+	RET=0
824
+
825
+	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
826
+		$tcflags dst_ip 192.0.2.2 action drop
827
+	tc filter add dev $h2 ingress protocol ip pref 5 handle 104 flower \
828
+		$tcflags dst_ip 198.51.100.2 action drop
829
+	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
830
+		$tcflags dst_ip 192.0.0.0/8 action drop
831
+
832
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
833
+		-t ip -q
834
+
835
+	tc_check_packets "dev $h2 ingress" 101 1
836
+	check_err $? "Two filters - did not match highest priority"
837
+
838
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 198.51.100.1 -B 198.51.100.2 \
839
+		-t ip -q
840
+
841
+	tc_check_packets "dev $h2 ingress" 104 1
842
+	check_err $? "Single filter - did not match"
843
+
844
+	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
845
+
846
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
847
+		-t ip -q
848
+
849
+	tc_check_packets "dev $h2 ingress" 103 1
850
+	check_err $? "Low prio filter - did not match"
851
+
852
+	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
853
+		$tcflags dst_ip 198.0.0.0/8 action drop
854
+
855
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 198.51.100.1 -B 198.51.100.2 \
856
+		-t ip -q
857
+
858
+	tc_check_packets "dev $h2 ingress" 102 1
859
+	check_err $? "Two filters - did not match highest priority after add"
860
+
861
+	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
862
+	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
863
+	tc filter del dev $h2 ingress protocol ip pref 5 handle 104 flower
864
+
865
+	log_test "bloom simple test ($tcflags)"
866
+}
867
+
868
+bloom_complex_test()
869
+{
870
+	# Bloom filter index computation is affected from region ID, eRP
871
+	# ID and from the region key size. In order to excercise those parts
872
+	# of the Bloom filter code, use a series of regions, each with a
873
+	# different key size and send packet that should hit all of them.
874
+	local index
875
+
876
+	RET=0
877
+	NUM_CHAINS=4
878
+	BASE_INDEX=100
879
+
880
+	# Create chain with up to 2 key blocks (ip_proto only)
881
+	tc chain add dev $h2 ingress chain 1 protocol ip flower \
882
+		ip_proto tcp &> /dev/null
883
+	# Create chain with 2-4 key blocks (ip_proto, src MAC)
884
+	tc chain add dev $h2 ingress chain 2 protocol ip flower \
885
+		ip_proto tcp \
886
+		src_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF &> /dev/null
887
+	# Create chain with 4-8 key blocks (ip_proto, src & dst MAC, IPv4 dest)
888
+	tc chain add dev $h2 ingress chain 3 protocol ip flower \
889
+		ip_proto tcp \
890
+		dst_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF \
891
+		src_mac 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF \
892
+		dst_ip 0.0.0.0/32 &> /dev/null
893
+	# Default chain contains all fields and therefore is 8-12 key blocks
894
+	tc chain add dev $h2 ingress chain 4
895
+
896
+	# We need at least 2 rules in every region to have eRP table active
897
+	# so create a dummy rule per chain using a different pattern
898
+	for i in $(eval echo {0..$NUM_CHAINS}); do
899
+		index=$((BASE_INDEX - 1 - i))
900
+		tc filter add dev $h2 ingress chain $i protocol ip \
901
+			pref 2 handle $index flower \
902
+			$tcflags ip_proto tcp action drop
903
+	done
904
+
905
+	# Add rules to test Bloom filter, each in a different chain
906
+	index=$BASE_INDEX
907
+	tc filter add dev $h2 ingress protocol ip \
908
+		pref 1 handle $((++index)) flower \
909
+		$tcflags dst_ip 192.0.0.0/16 action goto chain 1
910
+	tc filter add dev $h2 ingress chain 1 protocol ip \
911
+		pref 1 handle $((++index)) flower \
912
+		$tcflags action goto chain 2
913
+	tc filter add dev $h2 ingress chain 2 protocol ip \
914
+		pref 1 handle $((++index)) flower \
915
+		$tcflags src_mac $h1mac action goto chain 3
916
+	tc filter add dev $h2 ingress chain 3 protocol ip \
917
+		pref 1 handle $((++index)) flower \
918
+		$tcflags dst_ip 192.0.0.0/8 action goto chain 4
919
+	tc filter add dev $h2 ingress chain 4 protocol ip \
920
+		pref 1 handle $((++index)) flower \
921
+		$tcflags src_ip 192.0.2.0/24 action drop
922
+
923
+	# Send a packet that is supposed to hit all chains
924
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
925
+		-t ip -q
926
+
927
+	for i in $(eval echo {0..$NUM_CHAINS}); do
928
+		index=$((BASE_INDEX + i + 1))
929
+		tc_check_packets "dev $h2 ingress" $index 1
930
+		check_err $? "Did not match chain $i"
931
+	done
932
+
933
+	# Rules cleanup
934
+	for i in $(eval echo {$NUM_CHAINS..0}); do
935
+		index=$((BASE_INDEX - i - 1))
936
+		tc filter del dev $h2 ingress chain $i \
937
+			pref 2 handle $index flower
938
+		index=$((BASE_INDEX + i + 1))
939
+		tc filter del dev $h2 ingress chain $i \
940
+			pref 1 handle $index flower
941
+	done
942
+
943
+	# Chains cleanup
944
+	for i in $(eval echo {$NUM_CHAINS..1}); do
945
+		tc chain del dev $h2 ingress chain $i
946
+	done
947
+
948
+	log_test "bloom complex test ($tcflags)"
949
+}
950
+
951
+
952
+bloom_delta_test()
953
+{
954
+	# When multiple masks are used, the eRP table is activated. When
955
+	# masks are close enough (delta) the masks reside on the same
956
+	# eRP table. This test verifies that the eRP table is correctly
957
+	# allocated and used in delta condition and that Bloom filter is
958
+	# still functional with delta.
959
+
960
+	RET=0
961
+
962
+	tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
963
+		$tcflags dst_ip 192.1.0.0/16 action drop
964
+
965
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.1.2.1 -B 192.1.2.2 \
966
+		-t ip -q
967
+
968
+	tc_check_packets "dev $h2 ingress" 103 1
969
+	check_err $? "Single filter - did not match"
970
+
971
+	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
972
+		$tcflags dst_ip 192.2.1.0/24 action drop
973
+
974
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.2.1.1 -B 192.2.1.2 \
975
+		-t ip -q
976
+
977
+	tc_check_packets "dev $h2 ingress" 102 1
978
+	check_err $? "Delta filters - did not match second filter"
979
+
980
+	tc filter del dev $h2 ingress protocol ip pref 3 handle 103 flower
981
+	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
982
+
983
+	log_test "bloom delta test ($tcflags)"
984
+}
985
+
327986 setup_prepare()
328987 {
329988 	h1=${NETIFS[p1]}