selftests: add xfrm policy insertion speed test script

Nothing special, just test how long insertion of x policies takes.
This should ideally show linear insertion speeds.

Do not run this by default, it has little value, but it can be useful to
check for insertion speed chahnges when altering the xfrm policy db
implementation.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile
index 8eaffd7a641c5d6bb5c63e3015fdd9f32c114550..e127a80ff713383dcda7443792c224c28730a354 100644 (file)
--- a/tools/testing/selftests/net/Makefile
+++ b/tools/testing/selftests/net/Makefile
@@ -56,7 +56,7 @@ TEST_PROGS += ip_local_port_range.sh
 TEST_PROGS += rps_default_mask.sh
 TEST_PROGS += big_tcp.sh
 TEST_PROGS += netns-sysctl.sh
-TEST_PROGS_EXTENDED := toeplitz_client.sh toeplitz.sh
+TEST_PROGS_EXTENDED := toeplitz_client.sh toeplitz.sh xfrm_policy_add_speed.sh
 TEST_GEN_FILES =  socket nettest
 TEST_GEN_FILES += psock_fanout psock_tpacket msg_zerocopy reuseport_addr_any
 TEST_GEN_FILES += tcp_mmap tcp_inq psock_snd txring_overwrite

diff --git a/tools/testing/selftests/net/xfrm_policy_add_speed.sh b/tools/testing/selftests/net/xfrm_policy_add_speed.sh
new file mode 100755 (executable)
index 0000000..2fab29d
--- /dev/null
+++ b/tools/testing/selftests/net/xfrm_policy_add_speed.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+#
+source lib.sh
+
+timeout=4m
+ret=0
+tmp=$(mktemp)
+cleanup() {
+       cleanup_all_ns
+       rm -f "$tmp"
+}
+
+trap cleanup EXIT
+
+maxpolicies=100000
+[ "$KSFT_MACHINE_SLOW" = "yes" ] && maxpolicies=10000
+
+do_dummies4() {
+       local dir="$1"
+       local max="$2"
+
+       local policies
+       local pfx
+       pfx=30
+       policies=0
+
+       ip netns exec "$ns" ip xfrm policy flush
+
+       for i in $(seq 1 100);do
+               local s
+               local d
+               for j in $(seq 1 255);do
+                       s=$((i+0))
+                       d=$((i+100))
+
+                       for a in $(seq 1 8 255); do
+                               policies=$((policies+1))
+                               [ "$policies" -gt "$max" ] && return
+                               echo xfrm policy add src 10.$s.$j.0/30 dst 10.$d.$j.$a/$pfx dir $dir action block
+                       done
+                       for a in $(seq 1 8 255); do
+                               policies=$((policies+1))
+                               [ "$policies" -gt "$max" ] && return
+                               echo xfrm policy add src 10.$s.$j.$a/30 dst 10.$d.$j.0/$pfx dir $dir action block
+                       done
+               done
+       done
+}
+
+setup_ns ns
+
+do_bench()
+{
+       local max="$1"
+
+       start=$(date +%s%3N)
+       do_dummies4 "out" "$max" > "$tmp"
+       if ! timeout "$timeout" ip netns exec "$ns" ip -batch "$tmp";then
+               echo "WARNING: policy insertion cancelled after $timeout"
+               ret=1
+       fi
+       stop=$(date +%s%3N)
+
+       result=$((stop-start))
+
+       policies=$(wc -l < "$tmp")
+       printf "Inserted %-06s policies in $result ms\n" $policies
+
+       have=$(ip netns exec "$ns" ip xfrm policy show | grep "action block" | wc -l)
+       if [ "$have" -ne "$policies" ]; then
+               echo "WARNING: mismatch, have $have policies, expected $policies"
+               ret=1
+       fi
+}
+
+p=100
+while [ $p -le "$maxpolicies" ]; do
+       do_bench "$p"
+       p="${p}0"
+done
+
+exit $ret