cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

tc_flower_scale.sh (2460B)

      1#!/bin/bash
      2# SPDX-License-Identifier: GPL-2.0
      3
      4# Test for resource limit of offloaded flower rules. The test adds a given
      5# number of flower matches for different IPv6 addresses, then check the offload
      6# indication for all of the tc flower rules. This file contains functions to set
      7# up a testing topology and run the test, and is meant to be sourced from a test
      8# script that calls the testing routine with a given number of rules.
      9
     10TC_FLOWER_NUM_NETIFS=2
     11
     12tc_flower_h1_create()
     13{
     14	simple_if_init $h1
     15	tc qdisc add dev $h1 clsact
     16}
     17
     18tc_flower_h1_destroy()
     19{
     20	tc qdisc del dev $h1 clsact
     21	simple_if_fini $h1
     22}
     23
     24tc_flower_h2_create()
     25{
     26	simple_if_init $h2
     27	tc qdisc add dev $h2 clsact
     28}
     29
     30tc_flower_h2_destroy()
     31{
     32	tc qdisc del dev $h2 clsact
     33	simple_if_fini $h2
     34}
     35
     36tc_flower_setup_prepare()
     37{
     38	h1=${NETIFS[p1]}
     39	h2=${NETIFS[p2]}
     40
     41	vrf_prepare
     42
     43	tc_flower_h1_create
     44	tc_flower_h2_create
     45}
     46
     47tc_flower_cleanup()
     48{
     49	pre_cleanup
     50
     51	tc_flower_h2_destroy
     52	tc_flower_h1_destroy
     53
     54	vrf_cleanup
     55
     56	if [[ -v TC_FLOWER_BATCH_FILE ]]; then
     57		rm -f $TC_FLOWER_BATCH_FILE
     58	fi
     59}
     60
     61tc_flower_addr()
     62{
     63	local num=$1; shift
     64
     65	printf "2001:db8:1::%x" $num
     66}
     67
     68tc_flower_rules_create()
     69{
     70	local count=$1; shift
     71	local should_fail=$1; shift
     72
     73	TC_FLOWER_BATCH_FILE="$(mktemp)"
     74
     75	for ((i = 0; i < count; ++i)); do
     76		cat >> $TC_FLOWER_BATCH_FILE <<-EOF
     77			filter add dev $h2 ingress \
     78				prot ipv6 \
     79				pref 1000 \
     80				flower $tcflags dst_ip $(tc_flower_addr $i) \
     81				action drop
     82		EOF
     83	done
     84
     85	tc -b $TC_FLOWER_BATCH_FILE
     86	check_err_fail $should_fail $? "Rule insertion"
     87}
     88
     89__tc_flower_test()
     90{
     91	local count=$1; shift
     92	local should_fail=$1; shift
     93	local last=$((count - 1))
     94
     95	tc_flower_rules_create $count $should_fail
     96
     97	offload_count=$(tc -j -s filter show dev $h2 ingress    |
     98			jq -r '[ .[] | select(.kind == "flower") |
     99			.options | .in_hw ]' | jq .[] | wc -l)
    100	[[ $((offload_count - 1)) -eq $count ]]
    101	check_err_fail $should_fail $? "Attempt to offload $count rules (actual result $((offload_count - 1)))"
    102}
    103
    104tc_flower_test()
    105{
    106	local count=$1; shift
    107	local should_fail=$1; shift
    108
    109	# We use lower 16 bits of IPv6 address for match. Also there are only 16
    110	# bits of rule priority space.
    111	if ((count > 65536)); then
    112		check_err 1 "Invalid count of $count. At most 65536 rules supported"
    113		return
    114	fi
    115
    116	if ! tc_offload_check $TC_FLOWER_NUM_NETIFS; then
    117		check_err 1 "Could not test offloaded functionality"
    118		return
    119	fi
    120
    121	tcflags="skip_sw"
    122	__tc_flower_test $count $should_fail
    123}