• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2
3# check iif/iifname/oifgroup/iiftype match.
4
5# Kselftest framework requirement - SKIP code is 4.
6ksft_skip=4
7sfx=$(mktemp -u "XXXXXXXX")
8ns0="ns0-$sfx"
9
10if ! nft --version > /dev/null 2>&1; then
11	echo "SKIP: Could not run test without nft tool"
12	exit $ksft_skip
13fi
14
15cleanup()
16{
17	ip netns del "$ns0"
18}
19
20ip netns add "$ns0"
21ip -net "$ns0" link set lo up
22ip -net "$ns0" addr add 127.0.0.1 dev lo
23
24trap cleanup EXIT
25
26currentyear=$(date +%Y)
27lastyear=$((currentyear-1))
28ip netns exec "$ns0" nft -f /dev/stdin <<EOF
29table inet filter {
30	counter iifcount {}
31	counter iifnamecount {}
32	counter iifgroupcount {}
33	counter iiftypecount {}
34	counter infproto4count {}
35	counter il4protocounter {}
36	counter imarkcounter {}
37	counter icpu0counter {}
38	counter ilastyearcounter {}
39	counter icurrentyearcounter {}
40
41	counter oifcount {}
42	counter oifnamecount {}
43	counter oifgroupcount {}
44	counter oiftypecount {}
45	counter onfproto4count {}
46	counter ol4protocounter {}
47	counter oskuidcounter {}
48	counter oskgidcounter {}
49	counter omarkcounter {}
50
51	chain input {
52		type filter hook input priority 0; policy accept;
53
54		meta iif lo counter name "iifcount"
55		meta iifname "lo" counter name "iifnamecount"
56		meta iifgroup "default" counter name "iifgroupcount"
57		meta iiftype "loopback" counter name "iiftypecount"
58		meta nfproto ipv4 counter name "infproto4count"
59		meta l4proto icmp counter name "il4protocounter"
60		meta mark 42 counter name "imarkcounter"
61		meta cpu 0 counter name "icpu0counter"
62		meta time "$lastyear-01-01" - "$lastyear-12-31" counter name ilastyearcounter
63		meta time "$currentyear-01-01" - "$currentyear-12-31" counter name icurrentyearcounter
64	}
65
66	chain output {
67		type filter hook output priority 0; policy accept;
68		meta oif lo counter name "oifcount" counter
69		meta oifname "lo" counter name "oifnamecount"
70		meta oifgroup "default" counter name "oifgroupcount"
71		meta oiftype "loopback" counter name "oiftypecount"
72		meta nfproto ipv4 counter name "onfproto4count"
73		meta l4proto icmp counter name "ol4protocounter"
74		meta skuid 0 counter name "oskuidcounter"
75		meta skgid 0 counter name "oskgidcounter"
76		meta mark 42 counter name "omarkcounter"
77	}
78}
79EOF
80
81if [ $? -ne 0 ]; then
82	echo "SKIP: Could not add test ruleset"
83	exit $ksft_skip
84fi
85
86ret=0
87
88check_one_counter()
89{
90	local cname="$1"
91	local want="packets $2"
92	local verbose="$3"
93
94	if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then
95		echo "FAIL: $cname, want \"$want\", got"
96		ret=1
97		ip netns exec "$ns0" nft list counter inet filter $cname
98	fi
99}
100
101check_lo_counters()
102{
103	local want="$1"
104	local verbose="$2"
105	local counter
106
107	for counter in iifcount iifnamecount iifgroupcount iiftypecount infproto4count \
108		       oifcount oifnamecount oifgroupcount oiftypecount onfproto4count \
109		       il4protocounter icurrentyearcounter ol4protocounter \
110	     ; do
111		check_one_counter "$counter" "$want" "$verbose"
112	done
113}
114
115check_lo_counters "0" false
116ip netns exec "$ns0" ping -q -c 1 127.0.0.1 -m 42 > /dev/null
117
118check_lo_counters "2" true
119
120check_one_counter oskuidcounter "1" true
121check_one_counter oskgidcounter "1" true
122check_one_counter imarkcounter "1" true
123check_one_counter omarkcounter "1" true
124check_one_counter ilastyearcounter "0" true
125
126if [ $ret -eq 0 ];then
127	echo "OK: nftables meta iif/oif counters at expected values"
128else
129	exit $ret
130fi
131
132#First CPU execution and counter
133taskset -p 01 $$ > /dev/null
134ip netns exec "$ns0" nft reset counters > /dev/null
135ip netns exec "$ns0" ping -q -c 1 127.0.0.1 > /dev/null
136check_one_counter icpu0counter "2" true
137
138if [ $ret -eq 0 ];then
139	echo "OK: nftables meta cpu counter at expected values"
140fi
141
142exit $ret
143