2 # SPDX-License-Identifier: GPL-2.0
4 # Load BPF flow dissector and verify it correctly dissects traffic
5 export TESTNAME=test_flow_dissector
8 # Kselftest framework requirement - SKIP code is 4.
12 if [ $UID != 0 ]; then
13 echo $msg please run this as root >&2
17 # This test needs to be run in a network namespace with in_netns.sh. Check if
18 # this is the case and run it with in_netns.sh if it is being run in the root
20 if [[ -z $(ip netns identify $$) ]]; then
21 ../net/in_netns.sh "$0" "$@"
25 # Determine selftest success via shell exit code
28 if (( $? == 0 )); then
29 echo "selftests: $TESTNAME [PASS]";
31 echo "selftests: $TESTNAME [FAILED]";
37 tc filter del dev lo ingress pref 1337 2> /dev/null
38 tc qdisc del dev lo ingress 2> /dev/null
39 ./flow_dissector_load -d 2> /dev/null
40 if [ $unmount -ne 0 ]; then
41 umount bpffs 2> /dev/null
45 # Exit script immediately (well catched by trap handler) if any
46 # program/thing exits with a non-zero status.
49 # (Use 'trap -l' to list meaning of numbers)
50 trap exit_handler 0 2 3 6 9
52 # Mount BPF file system
53 if /bin/mount | grep /sys/fs/bpf > /dev/null; then
54 echo "bpffs already mounted"
56 echo "bpffs not mounted. Mounting..."
58 /bin/mount bpffs /sys/fs/bpf -t bpf
62 ./flow_dissector_load -p bpf_flow.o -s flow_dissector
65 tc qdisc add dev lo ingress
66 echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
67 echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
68 echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
70 echo "Testing IPv4..."
71 # Drops all IP/UDP packets coming from port 9
72 tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \
73 udp src_port 9 action drop
75 # Send 10 IPv4/UDP packets from port 8. Filter should not drop any.
76 ./test_flow_dissector -i 4 -f 8
77 # Send 10 IPv4/UDP packets from port 9. Filter should drop all.
78 ./test_flow_dissector -i 4 -f 9 -F
79 # Send 10 IPv4/UDP packets from port 10. Filter should not drop any.
80 ./test_flow_dissector -i 4 -f 10
82 echo "Testing IPIP..."
83 # Send 10 IPv4/IPv4/UDP packets from port 8. Filter should not drop any.
84 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
85 -D 192.168.0.1 -S 1.1.1.1 -f 8
86 # Send 10 IPv4/IPv4/UDP packets from port 9. Filter should drop all.
87 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
88 -D 192.168.0.1 -S 1.1.1.1 -f 9 -F
89 # Send 10 IPv4/IPv4/UDP packets from port 10. Filter should not drop any.
90 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
91 -D 192.168.0.1 -S 1.1.1.1 -f 10
93 echo "Testing IPv4 + GRE..."
94 # Send 10 IPv4/GRE/IPv4/UDP packets from port 8. Filter should not drop any.
95 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
96 -D 192.168.0.1 -S 1.1.1.1 -f 8
97 # Send 10 IPv4/GRE/IPv4/UDP packets from port 9. Filter should drop all.
98 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
99 -D 192.168.0.1 -S 1.1.1.1 -f 9 -F
100 # Send 10 IPv4/GRE/IPv4/UDP packets from port 10. Filter should not drop any.
101 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
102 -D 192.168.0.1 -S 1.1.1.1 -f 10
104 tc filter del dev lo ingress pref 1337
106 echo "Testing IPv6..."
107 # Drops all IPv6/UDP packets coming from port 9
108 tc filter add dev lo parent ffff: protocol ipv6 pref 1337 flower ip_proto \
109 udp src_port 9 action drop
111 # Send 10 IPv6/UDP packets from port 8. Filter should not drop any.
112 ./test_flow_dissector -i 6 -f 8
113 # Send 10 IPv6/UDP packets from port 9. Filter should drop all.
114 ./test_flow_dissector -i 6 -f 9 -F
115 # Send 10 IPv6/UDP packets from port 10. Filter should not drop any.
116 ./test_flow_dissector -i 6 -f 10