1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Load BPF flow dissector and verify it correctly dissects traffic 5export TESTNAME=test_flow_dissector 6unmount=0 7 8# Kselftest framework requirement - SKIP code is 4. 9ksft_skip=4 10 11msg="skip all tests:" 12if [ $UID != 0 ]; then 13 echo $msg please run this as root >&2 14 exit $ksft_skip 15fi 16 17# This test needs to be run in a network namespace with in_netns.sh. Check if 18# this is the case and run it with in_netns.sh if it is being run in the root 19# namespace. 20if [[ -z $(ip netns identify $$) ]]; then 21 ../net/in_netns.sh "$0" "$@" 22 exit $? 23fi 24 25# Determine selftest success via shell exit code 26exit_handler() 27{ 28 if (( $? == 0 )); then 29 echo "selftests: $TESTNAME [PASS]"; 30 else 31 echo "selftests: $TESTNAME [FAILED]"; 32 fi 33 34 set +e 35 36 # Cleanup 37 tc filter del dev lo ingress pref 1337 2> /dev/null 38 tc qdisc del dev lo ingress 2> /dev/null 39 ./flow_dissector_load -d 2> /dev/null 40 if [ $unmount -ne 0 ]; then 41 umount bpffs 2> /dev/null 42 fi 43} 44 45# Exit script immediately (well catched by trap handler) if any 46# program/thing exits with a non-zero status. 47set -e 48 49# (Use 'trap -l' to list meaning of numbers) 50trap exit_handler 0 2 3 6 9 51 52# Mount BPF file system 53if /bin/mount | grep /sys/fs/bpf > /dev/null; then 54 echo "bpffs already mounted" 55else 56 echo "bpffs not mounted. Mounting..." 57 unmount=1 58 /bin/mount bpffs /sys/fs/bpf -t bpf 59fi 60 61# Attach BPF program 62./flow_dissector_load -p bpf_flow.o -s flow_dissector 63 64# Setup 65tc qdisc add dev lo ingress 66echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter 67echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter 68echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter 69 70echo "Testing IPv4..." 71# Drops all IP/UDP packets coming from port 9 72tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \ 73 udp src_port 9 action drop 74 75# Send 10 IPv4/UDP packets from port 8. Filter should not drop any. 76./test_flow_dissector -i 4 -f 8 77# Send 10 IPv4/UDP packets from port 9. Filter should drop all. 78./test_flow_dissector -i 4 -f 9 -F 79# Send 10 IPv4/UDP packets from port 10. Filter should not drop any. 80./test_flow_dissector -i 4 -f 10 81 82echo "Testing IPIP..." 83# Send 10 IPv4/IPv4/UDP packets from port 8. Filter should not drop any. 84./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \ 85 -D 192.168.0.1 -S 1.1.1.1 -f 8 86# Send 10 IPv4/IPv4/UDP packets from port 9. Filter should drop all. 87./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \ 88 -D 192.168.0.1 -S 1.1.1.1 -f 9 -F 89# Send 10 IPv4/IPv4/UDP packets from port 10. Filter should not drop any. 90./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \ 91 -D 192.168.0.1 -S 1.1.1.1 -f 10 92 93echo "Testing IPv4 + GRE..." 94# Send 10 IPv4/GRE/IPv4/UDP packets from port 8. Filter should not drop any. 95./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \ 96 -D 192.168.0.1 -S 1.1.1.1 -f 8 97# Send 10 IPv4/GRE/IPv4/UDP packets from port 9. Filter should drop all. 98./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \ 99 -D 192.168.0.1 -S 1.1.1.1 -f 9 -F 100# Send 10 IPv4/GRE/IPv4/UDP packets from port 10. Filter should not drop any. 101./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \ 102 -D 192.168.0.1 -S 1.1.1.1 -f 10 103 104tc filter del dev lo ingress pref 1337 105 106echo "Testing IPv6..." 107# Drops all IPv6/UDP packets coming from port 9 108tc filter add dev lo parent ffff: protocol ipv6 pref 1337 flower ip_proto \ 109 udp src_port 9 action drop 110 111# Send 10 IPv6/UDP packets from port 8. Filter should not drop any. 112./test_flow_dissector -i 6 -f 8 113# Send 10 IPv6/UDP packets from port 9. Filter should drop all. 114./test_flow_dissector -i 6 -f 9 -F 115# Send 10 IPv6/UDP packets from port 10. Filter should not drop any. 116./test_flow_dissector -i 6 -f 10 117 118exit 0 119