2018-09-14 07:46:22 -07:00
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# Load BPF flow dissector and verify it correctly dissects traffic
export TESTNAME = test_flow_dissector
unmount = 0
# Kselftest framework requirement - SKIP code is 4.
ksft_skip = 4
msg = "skip all tests:"
if [ $UID != 0 ] ; then
echo $msg please run this as root >& 2
exit $ksft_skip
fi
# This test needs to be run in a network namespace with in_netns.sh. Check if
# this is the case and run it with in_netns.sh if it is being run in the root
# namespace.
if [ [ -z $( ip netns identify $$ ) ] ] ; then
2019-10-07 09:21:03 -07:00
err = 0
if bpftool = " $( which bpftool) " ; then
echo "Testing global flow dissector..."
$bpftool prog loadall ./bpf_flow.o /sys/fs/bpf/flow \
type flow_dissector
if ! unshare --net $bpftool prog attach pinned \
2021-10-21 14:48:14 -07:00
/sys/fs/bpf/flow/_dissect flow_dissector; then
2019-10-07 09:21:03 -07:00
echo "Unexpected unsuccessful attach in namespace" >& 2
err = 1
fi
2021-10-21 14:48:14 -07:00
$bpftool prog attach pinned /sys/fs/bpf/flow/_dissect \
2019-10-07 09:21:03 -07:00
flow_dissector
if unshare --net $bpftool prog attach pinned \
2021-10-21 14:48:14 -07:00
/sys/fs/bpf/flow/_dissect flow_dissector; then
2019-10-07 09:21:03 -07:00
echo "Unexpected successful attach in namespace" >& 2
err = 1
fi
if ! $bpftool prog detach pinned \
2021-10-21 14:48:14 -07:00
/sys/fs/bpf/flow/_dissect flow_dissector; then
2019-10-07 09:21:03 -07:00
echo "Failed to detach flow dissector" >& 2
err = 1
fi
rm -rf /sys/fs/bpf/flow
else
echo "Skipping root flow dissector test, bpftool not found" >& 2
fi
# Run the rest of the tests in a net namespace.
2018-09-14 07:46:22 -07:00
../net/in_netns.sh " $0 " " $@ "
2019-10-07 09:21:03 -07:00
err = $(( $err + $? ))
2018-09-14 07:46:22 -07:00
2019-10-07 09:21:03 -07:00
if ( ( $err = = 0 ) ) ; then
2018-09-14 07:46:22 -07:00
echo " selftests: $TESTNAME [PASS] " ;
else
echo " selftests: $TESTNAME [FAILED] " ;
fi
2019-10-07 09:21:03 -07:00
exit $err
fi
# Determine selftest success via shell exit code
exit_handler( )
{
2018-09-14 07:46:22 -07:00
set +e
# Cleanup
tc filter del dev lo ingress pref 1337 2> /dev/null
tc qdisc del dev lo ingress 2> /dev/null
./flow_dissector_load -d 2> /dev/null
if [ $unmount -ne 0 ] ; then
umount bpffs 2> /dev/null
fi
}
# Exit script immediately (well catched by trap handler) if any
# program/thing exits with a non-zero status.
set -e
# (Use 'trap -l' to list meaning of numbers)
trap exit_handler 0 2 3 6 9
# Mount BPF file system
if /bin/mount | grep /sys/fs/bpf > /dev/null; then
echo "bpffs already mounted"
else
echo "bpffs not mounted. Mounting..."
unmount = 1
/bin/mount bpffs /sys/fs/bpf -t bpf
fi
# Attach BPF program
2021-10-21 14:48:14 -07:00
./flow_dissector_load -p bpf_flow.o -s _dissect
2018-09-14 07:46:22 -07:00
# Setup
tc qdisc add dev lo ingress
2019-10-08 15:10:44 +02:00
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
2018-09-14 07:46:22 -07:00
echo "Testing IPv4..."
# Drops all IP/UDP packets coming from port 9
tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \
udp src_port 9 action drop
# Send 10 IPv4/UDP packets from port 8. Filter should not drop any.
./test_flow_dissector -i 4 -f 8
# Send 10 IPv4/UDP packets from port 9. Filter should drop all.
./test_flow_dissector -i 4 -f 9 -F
# Send 10 IPv4/UDP packets from port 10. Filter should not drop any.
./test_flow_dissector -i 4 -f 10
echo "Testing IPIP..."
# Send 10 IPv4/IPv4/UDP packets from port 8. Filter should not drop any.
./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
-D 192.168.0.1 -S 1.1.1.1 -f 8
# Send 10 IPv4/IPv4/UDP packets from port 9. Filter should drop all.
./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
-D 192.168.0.1 -S 1.1.1.1 -f 9 -F
# Send 10 IPv4/IPv4/UDP packets from port 10. Filter should not drop any.
./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
-D 192.168.0.1 -S 1.1.1.1 -f 10
echo "Testing IPv4 + GRE..."
# Send 10 IPv4/GRE/IPv4/UDP packets from port 8. Filter should not drop any.
./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
-D 192.168.0.1 -S 1.1.1.1 -f 8
# Send 10 IPv4/GRE/IPv4/UDP packets from port 9. Filter should drop all.
./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
-D 192.168.0.1 -S 1.1.1.1 -f 9 -F
# Send 10 IPv4/GRE/IPv4/UDP packets from port 10. Filter should not drop any.
./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
-D 192.168.0.1 -S 1.1.1.1 -f 10
tc filter del dev lo ingress pref 1337
2020-01-17 16:05:33 +09:00
echo "Testing port range..."
# Drops all IP/UDP packets coming from port 8-10
tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \
udp src_port 8-10 action drop
# Send 10 IPv4/UDP packets from port 7. Filter should not drop any.
./test_flow_dissector -i 4 -f 7
# Send 10 IPv4/UDP packets from port 9. Filter should drop all.
./test_flow_dissector -i 4 -f 9 -F
# Send 10 IPv4/UDP packets from port 11. Filter should not drop any.
./test_flow_dissector -i 4 -f 11
tc filter del dev lo ingress pref 1337
2018-09-14 07:46:22 -07:00
echo "Testing IPv6..."
# Drops all IPv6/UDP packets coming from port 9
tc filter add dev lo parent ffff: protocol ipv6 pref 1337 flower ip_proto \
udp src_port 9 action drop
# Send 10 IPv6/UDP packets from port 8. Filter should not drop any.
./test_flow_dissector -i 6 -f 8
# Send 10 IPv6/UDP packets from port 9. Filter should drop all.
./test_flow_dissector -i 6 -f 9 -F
# Send 10 IPv6/UDP packets from port 10. Filter should not drop any.
./test_flow_dissector -i 6 -f 10
exit 0