#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # # Test that packets are sampled when tc-sample is used and that reported # metadata is correct. Two sets of hosts (with and without LAG) are used, since # metadata extraction in mlxsw is a bit different when LAG is involved. # # +---------------------------------+ +---------------------------------+ # | H1 (vrf) | | H3 (vrf) | # | + $h1 | | + $h3_lag | # | | 192.0.2.1/28 | | | 192.0.2.17/28 | # | | | | | | # | | default via 192.0.2.2 | | | default via 192.0.2.18 | # +----|----------------------------+ +----|----------------------------+ # | | # +----|-----------------------------------------|----------------------------+ # | | 192.0.2.2/28 | 192.0.2.18/28 | # | + $rp1 + $rp3_lag | # | | # | + $rp2 + $rp4_lag | # | | 198.51.100.2/28 | 198.51.100.18/28 | # +----|-----------------------------------------|----------------------------+ # | | # +----|----------------------------+ +----|----------------------------+ # | | default via 198.51.100.2 | | | default via 198.51.100.18 | # | | | | | | # | | 198.51.100.1/28 | | | 198.51.100.17/28 | # | + $h2 | | + $h4_lag | # | H2 (vrf) | | H4 (vrf) | # +---------------------------------+ +---------------------------------+ lib_dir=$(dirname $0)/../../../net/forwarding ALL_TESTS=" tc_sample_rate_test tc_sample_max_rate_test tc_sample_conflict_test tc_sample_group_conflict_test tc_sample_md_iif_test tc_sample_md_lag_iif_test tc_sample_md_oif_test tc_sample_md_lag_oif_test tc_sample_md_out_tc_test tc_sample_md_out_tc_occ_test tc_sample_md_latency_test tc_sample_acl_group_conflict_test tc_sample_acl_rate_test tc_sample_acl_max_rate_test " NUM_NETIFS=8 CAPTURE_FILE=$(mktemp) source $lib_dir/lib.sh source $lib_dir/devlink_lib.sh source mlxsw_lib.sh # Available at https://github.com/Mellanox/libpsample require_command psample h1_create() { simple_if_init $h1 192.0.2.1/28 ip -4 route add default vrf v$h1 nexthop via 192.0.2.2 } h1_destroy() { ip -4 route del default vrf v$h1 nexthop via 192.0.2.2 simple_if_fini $h1 192.0.2.1/28 } h2_create() { simple_if_init $h2 198.51.100.1/28 ip -4 route add default vrf v$h2 nexthop via 198.51.100.2 } h2_destroy() { ip -4 route del default vrf v$h2 nexthop via 198.51.100.2 simple_if_fini $h2 198.51.100.1/28 } h3_create() { ip link set dev $h3 down ip link add name ${h3}_bond type bond mode 802.3ad ip link set dev $h3 master ${h3}_bond simple_if_init ${h3}_bond 192.0.2.17/28 ip -4 route add default vrf v${h3}_bond nexthop via 192.0.2.18 } h3_destroy() { ip -4 route del default vrf v${h3}_bond nexthop via 192.0.2.18 simple_if_fini ${h3}_bond 192.0.2.17/28 ip link set dev $h3 nomaster ip link del dev ${h3}_bond } h4_create() { ip link set dev $h4 down ip link add name ${h4}_bond type bond mode 802.3ad ip link set dev $h4 master ${h4}_bond simple_if_init ${h4}_bond 198.51.100.17/28 ip -4 route add default vrf v${h4}_bond nexthop via 198.51.100.18 } h4_destroy() { ip -4 route del default vrf v${h4}_bond nexthop via 198.51.100.18 simple_if_fini ${h4}_bond 198.51.100.17/28 ip link set dev $h4 nomaster ip link del dev ${h4}_bond } router_create() { ip link set dev $rp1 up __addr_add_del $rp1 add 192.0.2.2/28 tc qdisc add dev $rp1 clsact ip link set dev $rp2 up __addr_add_del $rp2 add 198.51.100.2/28 tc qdisc add dev $rp2 clsact ip link add name ${rp3}_bond type bond mode 802.3ad ip link set dev $rp3 master ${rp3}_bond __addr_add_del ${rp3}_bond add 192.0.2.18/28 tc qdisc add dev $rp3 clsact ip link set dev ${rp3}_bond up ip link add name ${rp4}_bond type bond mode 802.3ad ip link set dev $rp4 master ${rp4}_bond __addr_add_del ${rp4}_bond add 198.51.100.18/28 tc qdisc add dev $rp4 clsact ip link set dev ${rp4}_bond up } router_destroy() { ip link set dev ${rp4}_bond down tc qdisc del dev $rp4 clsact __addr_add_del ${rp4}_bond del 198.51.100.18/28 ip link set dev $rp4 nomaster ip link del dev ${rp4}_bond ip link set dev ${rp3}_bond down tc qdisc del dev $rp3 clsact __addr_add_del ${rp3}_bond del 192.0.2.18/28 ip link set dev $rp3 nomaster ip link del dev ${rp3}_bond tc qdisc del dev $rp2 clsact __addr_add_del $rp2 del 198.51.100.2/28 ip link set dev $rp2 down tc qdisc del dev $rp1 clsact __addr_add_del $rp1 del 192.0.2.2/28 ip link set dev $rp1 down } setup_prepare() { h1=${NETIFS[p1]} rp1=${NETIFS[p2]} rp2=${NETIFS[p3]} h2=${NETIFS[p4]} h3=${NETIFS[p5]} rp3=${NETIFS[p6]} h4=${NETIFS[p7]} rp4=${NETIFS[p8]} vrf_prepare h1_create h2_create h3_create h4_create router_create } cleanup() { pre_cleanup rm -f $CAPTURE_FILE router_destroy h4_destroy h3_destroy h2_destroy h1_destroy vrf_cleanup } psample_capture_start() { rm -f $CAPTURE_FILE psample &> $CAPTURE_FILE & sleep 1 } psample_capture_stop() { kill_process %% } __tc_sample_rate_test() { local desc=$1; shift local dip=$1; shift local pkts pct RET=0 tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 32 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 320000 -d 100usec -p 64 -A 192.0.2.1 \ -B $dip -t udp dp=52768,sp=42768 -q psample_capture_stop pkts=$(grep -e "group 1 " $CAPTURE_FILE | wc -l) pct=$((100 * (pkts - 10000) / 10000)) (( -25 <= pct && pct <= 25)) check_err $? "Expected 10000 packets, got $pkts packets, which is $pct% off. Required accuracy is +-25%" log_test "tc sample rate ($desc)" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_rate_test() { __tc_sample_rate_test "forward" 198.51.100.1 __tc_sample_rate_test "local receive" 192.0.2.2 } tc_sample_max_rate_test() { RET=0 tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate $((35 * 10 ** 8)) group 1 check_err $? "Failed to configure sampling rule with max rate" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate $((35 * 10 ** 8 + 1)) \ group 1 &> /dev/null check_fail $? "Managed to configure sampling rate above maximum" log_test "tc sample maximum rate" } tc_sample_conflict_test() { RET=0 # Test that two sampling rules cannot be configured on the same port, # even when they share the same parameters. tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule" tc filter add dev $rp1 ingress protocol all pref 2 handle 102 matchall \ skip_sw action sample rate 1024 group 1 &> /dev/null check_fail $? "Managed to configure second sampling rule" # Delete the first rule and make sure the second rule can now be # configured. tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall tc filter add dev $rp1 ingress protocol all pref 2 handle 102 matchall \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule after deletion" log_test "tc sample conflict test" tc filter del dev $rp1 ingress protocol all pref 2 handle 102 matchall } tc_sample_group_conflict_test() { RET=0 # Test that two sampling rules cannot be configured on the same port # with different groups. tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule" tc filter add dev $rp1 ingress protocol all pref 2 handle 102 matchall \ skip_sw action sample rate 1024 group 2 &> /dev/null check_fail $? "Managed to configure sampling rule with conflicting group" log_test "tc sample group conflict test" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_iif_test() { local rp1_ifindex RET=0 tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop rp1_ifindex=$(ip -j -p link show dev $rp1 | jq '.[]["ifindex"]') grep -q -e "in-ifindex $rp1_ifindex " $CAPTURE_FILE check_err $? "Sampled packets do not have expected in-ifindex" log_test "tc sample iif" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_lag_iif_test() { local rp3_ifindex RET=0 tc filter add dev $rp3 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v${h3}_bond $MZ ${h3}_bond -c 3200 -d 1msec -p 64 \ -A 192.0.2.17 -B 198.51.100.17 -t udp dp=52768,sp=42768 -q psample_capture_stop rp3_ifindex=$(ip -j -p link show dev $rp3 | jq '.[]["ifindex"]') grep -q -e "in-ifindex $rp3_ifindex " $CAPTURE_FILE check_err $? "Sampled packets do not have expected in-ifindex" log_test "tc sample lag iif" tc filter del dev $rp3 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_oif_test() { local rp2_ifindex RET=0 tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop rp2_ifindex=$(ip -j -p link show dev $rp2 | jq '.[]["ifindex"]') grep -q -e "out-ifindex $rp2_ifindex " $CAPTURE_FILE check_err $? "Sampled packets do not have expected out-ifindex" log_test "tc sample oif" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_lag_oif_test() { local rp4_ifindex RET=0 tc filter add dev $rp3 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v${h3}_bond $MZ ${h3}_bond -c 3200 -d 1msec -p 64 \ -A 192.0.2.17 -B 198.51.100.17 -t udp dp=52768,sp=42768 -q psample_capture_stop rp4_ifindex=$(ip -j -p link show dev $rp4 | jq '.[]["ifindex"]') grep -q -e "out-ifindex $rp4_ifindex " $CAPTURE_FILE check_err $? "Sampled packets do not have expected out-ifindex" log_test "tc sample lag oif" tc filter del dev $rp3 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_out_tc_test() { RET=0 # Output traffic class is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" # By default, all the packets should go to the same traffic class (0). psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop grep -q -e "out-tc 0 " $CAPTURE_FILE check_err $? "Sampled packets do not have expected out-tc (0)" # Map all priorities to highest traffic class (7) and check reported # out-tc. tc qdisc replace dev $rp2 root handle 1: \ prio bands 3 priomap 0 0 0 0 0 0 0 0 psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop grep -q -e "out-tc 7 " $CAPTURE_FILE check_err $? "Sampled packets do not have expected out-tc (7)" log_test "tc sample out-tc" tc qdisc del dev $rp2 root handle 1: tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_out_tc_occ_test() { local backlog pct occ RET=0 # Output traffic class occupancy is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule" # Configure a shaper on egress to create congestion. tc qdisc replace dev $rp2 root handle 1: \ tbf rate 1Mbit burst 256k limit 1M psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 0 -d 1usec -p 1400 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q & # Allow congestion to reach steady state. sleep 10 backlog=$(tc -j -p -s qdisc show dev $rp2 | jq '.[0]["backlog"]') # Kill mausezahn. kill_process %% psample_capture_stop # Record last congestion sample. occ=$(grep -e "out-tc-occ " $CAPTURE_FILE | tail -n 1 | \ cut -d ' ' -f 16) pct=$((100 * (occ - backlog) / backlog)) (( -1 <= pct && pct <= 1)) check_err $? "Recorded a congestion of $backlog bytes, but sampled congestion is $occ bytes, which is $pct% off. Required accuracy is +-5%" log_test "tc sample out-tc-occ" tc qdisc del dev $rp2 root handle 1: tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_latency_test() { RET=0 # Egress sampling not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp2 egress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop grep -q -e "latency " $CAPTURE_FILE check_err $? "Sampled packets do not have latency attribute" log_test "tc sample latency" tc filter del dev $rp2 egress protocol all pref 1 handle 101 matchall } tc_sample_acl_group_conflict_test() { RET=0 # Test that two flower sampling rules cannot be configured on the same # port with different groups. # Policy-based sampling is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule" tc filter add dev $rp1 ingress protocol ip pref 2 handle 102 flower \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule with same group" tc filter add dev $rp1 ingress protocol ip pref 3 handle 103 flower \ skip_sw action sample rate 1024 group 2 &> /dev/null check_fail $? "Managed to configure sampling rule with conflicting group" log_test "tc sample (w/ flower) group conflict test" tc filter del dev $rp1 ingress protocol ip pref 2 handle 102 flower tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower } __tc_sample_acl_rate_test() { local bind=$1; shift local port=$1; shift local pkts pct RET=0 # Policy-based sampling is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $port $bind protocol ip pref 1 handle 101 flower \ skip_sw dst_ip 198.51.100.1 action sample rate 32 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 320000 -d 100usec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop pkts=$(grep -e "group 1 " $CAPTURE_FILE | wc -l) pct=$((100 * (pkts - 10000) / 10000)) (( -25 <= pct && pct <= 25)) check_err $? "Expected 10000 packets, got $pkts packets, which is $pct% off. Required accuracy is +-25%" # Setup a filter that should not match any packet and make sure packets # are not sampled. tc filter del dev $port $bind protocol ip pref 1 handle 101 flower tc filter add dev $port $bind protocol ip pref 1 handle 101 flower \ skip_sw dst_ip 198.51.100.10 action sample rate 32 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop grep -q -e "group 1 " $CAPTURE_FILE check_fail $? "Sampled packets when should not" log_test "tc sample (w/ flower) rate ($bind)" tc filter del dev $port $bind protocol ip pref 1 handle 101 flower } tc_sample_acl_rate_test() { __tc_sample_acl_rate_test ingress $rp1 __tc_sample_acl_rate_test egress $rp2 } tc_sample_acl_max_rate_test() { RET=0 # Policy-based sampling is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ skip_sw action sample rate $((2 ** 24 - 1)) group 1 check_err $? "Failed to configure sampling rule with max rate" tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ skip_sw action sample rate $((2 ** 24)) \ group 1 &> /dev/null check_fail $? "Managed to configure sampling rate above maximum" log_test "tc sample (w/ flower) maximum rate" } trap cleanup EXIT setup_prepare setup_wait tests_run exit $EXIT_STATUS