1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Load BPF flow dissector and verify it correctly dissects traffic 5export TESTNAME=test_flow_dissector 6unmount=0 7 8# Kselftest framework requirement - SKIP code is 4. 9ksft_skip=4 10 11msg="skip all tests:" 12if [ $UID != 0 ]; then 13 echo $msg please run this as root >&2 14 exit $ksft_skip 15fi 16 17# This test needs to be run in a network namespace with in_netns.sh. Check if 18# this is the case and run it with in_netns.sh if it is being run in the root 19# namespace. 20if [[ -z $(ip netns identify $$) ]]; then 21 ../net/in_netns.sh "$0" "$@" 22 exit $? 23fi 24 25# Determine selftest success via shell exit code 26exit_handler() 27{ 28 if (( $? == 0 )); then 29 echo "selftests: $TESTNAME [PASS]"; 30 else 31 echo "selftests: $TESTNAME [FAILED]"; 32 fi 33 34 set +e 35 36 # Cleanup 37 tc filter del dev lo ingress pref 1337 2> /dev/null 38 tc qdisc del dev lo ingress 2> /dev/null 39 ./flow_dissector_load -d 2> /dev/null 40 if [ $unmount -ne 0 ]; then 41 umount bpffs 2> /dev/null 42 fi 43} 44 45# Exit script immediately (well catched by trap handler) if any 46# program/thing exits with a non-zero status. 47set -e 48 49# (Use 'trap -l' to list meaning of numbers) 50trap exit_handler 0 2 3 6 9 51 52# Mount BPF file system 53if /bin/mount | grep /sys/fs/bpf > /dev/null; then 54 echo "bpffs already mounted" 55else 56 echo "bpffs not mounted. Mounting..." 57 unmount=1 58 /bin/mount bpffs /sys/fs/bpf -t bpf 59fi 60 61# Attach BPF program 62./flow_dissector_load -p bpf_flow.o -s dissect 63 64# Setup 65tc qdisc add dev lo ingress 66 67echo "Testing IPv4..." 68# Drops all IP/UDP packets coming from port 9 69tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \ 70 udp src_port 9 action drop 71 72# Send 10 IPv4/UDP packets from port 8. Filter should not drop any. 73./test_flow_dissector -i 4 -f 8 74# Send 10 IPv4/UDP packets from port 9. Filter should drop all. 75./test_flow_dissector -i 4 -f 9 -F 76# Send 10 IPv4/UDP packets from port 10. Filter should not drop any. 77./test_flow_dissector -i 4 -f 10 78 79echo "Testing IPIP..." 80# Send 10 IPv4/IPv4/UDP packets from port 8. Filter should not drop any. 81./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \ 82 -D 192.168.0.1 -S 1.1.1.1 -f 8 83# Send 10 IPv4/IPv4/UDP packets from port 9. Filter should drop all. 84./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \ 85 -D 192.168.0.1 -S 1.1.1.1 -f 9 -F 86# Send 10 IPv4/IPv4/UDP packets from port 10. Filter should not drop any. 87./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \ 88 -D 192.168.0.1 -S 1.1.1.1 -f 10 89 90echo "Testing IPv4 + GRE..." 91# Send 10 IPv4/GRE/IPv4/UDP packets from port 8. Filter should not drop any. 92./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \ 93 -D 192.168.0.1 -S 1.1.1.1 -f 8 94# Send 10 IPv4/GRE/IPv4/UDP packets from port 9. Filter should drop all. 95./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \ 96 -D 192.168.0.1 -S 1.1.1.1 -f 9 -F 97# Send 10 IPv4/GRE/IPv4/UDP packets from port 10. Filter should not drop any. 98./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \ 99 -D 192.168.0.1 -S 1.1.1.1 -f 10 100 101tc filter del dev lo ingress pref 1337 102 103echo "Testing IPv6..." 104# Drops all IPv6/UDP packets coming from port 9 105tc filter add dev lo parent ffff: protocol ipv6 pref 1337 flower ip_proto \ 106 udp src_port 9 action drop 107 108# Send 10 IPv6/UDP packets from port 8. Filter should not drop any. 109./test_flow_dissector -i 6 -f 8 110# Send 10 IPv6/UDP packets from port 9. Filter should drop all. 111./test_flow_dissector -i 6 -f 9 -F 112# Send 10 IPv6/UDP packets from port 10. Filter should not drop any. 113./test_flow_dissector -i 6 -f 10 114 115exit 0 116