~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/bpf/test_flow_dissector.sh

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 #!/bin/bash
  2 # SPDX-License-Identifier: GPL-2.0
  3 #
  4 # Load BPF flow dissector and verify it correctly dissects traffic
  5 
  6 BPF_FILE="bpf_flow.bpf.o"
  7 export TESTNAME=test_flow_dissector
  8 unmount=0
  9 
 10 # Kselftest framework requirement - SKIP code is 4.
 11 ksft_skip=4
 12 
 13 msg="skip all tests:"
 14 if [ $UID != 0 ]; then
 15         echo $msg please run this as root >&2
 16         exit $ksft_skip
 17 fi
 18 
 19 # This test needs to be run in a network namespace with in_netns.sh. Check if
 20 # this is the case and run it with in_netns.sh if it is being run in the root
 21 # namespace.
 22 if [[ -z $(ip netns identify $$) ]]; then
 23         err=0
 24         if bpftool="$(which bpftool)"; then
 25                 echo "Testing global flow dissector..."
 26 
 27                 $bpftool prog loadall $BPF_FILE /sys/fs/bpf/flow \
 28                         type flow_dissector
 29 
 30                 if ! unshare --net $bpftool prog attach pinned \
 31                         /sys/fs/bpf/flow/_dissect flow_dissector; then
 32                         echo "Unexpected unsuccessful attach in namespace" >&2
 33                         err=1
 34                 fi
 35 
 36                 $bpftool prog attach pinned /sys/fs/bpf/flow/_dissect \
 37                         flow_dissector
 38 
 39                 if unshare --net $bpftool prog attach pinned \
 40                         /sys/fs/bpf/flow/_dissect flow_dissector; then
 41                         echo "Unexpected successful attach in namespace" >&2
 42                         err=1
 43                 fi
 44 
 45                 if ! $bpftool prog detach pinned \
 46                         /sys/fs/bpf/flow/_dissect flow_dissector; then
 47                         echo "Failed to detach flow dissector" >&2
 48                         err=1
 49                 fi
 50 
 51                 rm -rf /sys/fs/bpf/flow
 52         else
 53                 echo "Skipping root flow dissector test, bpftool not found" >&2
 54         fi
 55 
 56         # Run the rest of the tests in a net namespace.
 57         ../net/in_netns.sh "$0" "$@"
 58         err=$(( $err + $? ))
 59 
 60         if (( $err == 0 )); then
 61                 echo "selftests: $TESTNAME [PASS]";
 62         else
 63                 echo "selftests: $TESTNAME [FAILED]";
 64         fi
 65 
 66         exit $err
 67 fi
 68 
 69 # Determine selftest success via shell exit code
 70 exit_handler()
 71 {
 72         set +e
 73 
 74         # Cleanup
 75         tc filter del dev lo ingress pref 1337 2> /dev/null
 76         tc qdisc del dev lo ingress 2> /dev/null
 77         ./flow_dissector_load -d 2> /dev/null
 78         if [ $unmount -ne 0 ]; then
 79                 umount bpffs 2> /dev/null
 80         fi
 81 }
 82 
 83 # Exit script immediately (well catched by trap handler) if any
 84 # program/thing exits with a non-zero status.
 85 set -e
 86 
 87 # (Use 'trap -l' to list meaning of numbers)
 88 trap exit_handler 0 2 3 6 9
 89 
 90 # Mount BPF file system
 91 if /bin/mount | grep /sys/fs/bpf > /dev/null; then
 92         echo "bpffs already mounted"
 93 else
 94         echo "bpffs not mounted. Mounting..."
 95         unmount=1
 96         /bin/mount bpffs /sys/fs/bpf -t bpf
 97 fi
 98 
 99 # Attach BPF program
100 ./flow_dissector_load -p $BPF_FILE -s _dissect
101 
102 # Setup
103 tc qdisc add dev lo ingress
104 echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
105 echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
106 echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
107 
108 echo "Testing IPv4..."
109 # Drops all IP/UDP packets coming from port 9
110 tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \
111         udp src_port 9 action drop
112 
113 # Send 10 IPv4/UDP packets from port 8. Filter should not drop any.
114 ./test_flow_dissector -i 4 -f 8
115 # Send 10 IPv4/UDP packets from port 9. Filter should drop all.
116 ./test_flow_dissector -i 4 -f 9 -F
117 # Send 10 IPv4/UDP packets from port 10. Filter should not drop any.
118 ./test_flow_dissector -i 4 -f 10
119 
120 echo "Testing IPv4 from 127.0.0.127 (fallback to generic dissector)..."
121 # Send 10 IPv4/UDP packets from port 8. Filter should not drop any.
122 ./test_flow_dissector -i 4 -S 127.0.0.127 -f 8
123 # Send 10 IPv4/UDP packets from port 9. Filter should drop all.
124 ./test_flow_dissector -i 4 -S 127.0.0.127 -f 9 -F
125 # Send 10 IPv4/UDP packets from port 10. Filter should not drop any.
126 ./test_flow_dissector -i 4 -S 127.0.0.127 -f 10
127 
128 echo "Testing IPIP..."
129 # Send 10 IPv4/IPv4/UDP packets from port 8. Filter should not drop any.
130 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
131         -D 192.168.0.1 -S 1.1.1.1 -f 8
132 # Send 10 IPv4/IPv4/UDP packets from port 9. Filter should drop all.
133 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
134         -D 192.168.0.1 -S 1.1.1.1 -f 9 -F
135 # Send 10 IPv4/IPv4/UDP packets from port 10. Filter should not drop any.
136 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
137         -D 192.168.0.1 -S 1.1.1.1 -f 10
138 
139 echo "Testing IPv4 + GRE..."
140 # Send 10 IPv4/GRE/IPv4/UDP packets from port 8. Filter should not drop any.
141 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
142         -D 192.168.0.1 -S 1.1.1.1 -f 8
143 # Send 10 IPv4/GRE/IPv4/UDP packets from port 9. Filter should drop all.
144 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
145         -D 192.168.0.1 -S 1.1.1.1 -f 9 -F
146 # Send 10 IPv4/GRE/IPv4/UDP packets from port 10. Filter should not drop any.
147 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
148         -D 192.168.0.1 -S 1.1.1.1 -f 10
149 
150 tc filter del dev lo ingress pref 1337
151 
152 echo "Testing port range..."
153 # Drops all IP/UDP packets coming from port 8-10
154 tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \
155         udp src_port 8-10 action drop
156 
157 # Send 10 IPv4/UDP packets from port 7. Filter should not drop any.
158 ./test_flow_dissector -i 4 -f 7
159 # Send 10 IPv4/UDP packets from port 9. Filter should drop all.
160 ./test_flow_dissector -i 4 -f 9 -F
161 # Send 10 IPv4/UDP packets from port 11. Filter should not drop any.
162 ./test_flow_dissector -i 4 -f 11
163 
164 tc filter del dev lo ingress pref 1337
165 
166 echo "Testing IPv6..."
167 # Drops all IPv6/UDP packets coming from port 9
168 tc filter add dev lo parent ffff: protocol ipv6 pref 1337 flower ip_proto \
169         udp src_port 9 action drop
170 
171 # Send 10 IPv6/UDP packets from port 8. Filter should not drop any.
172 ./test_flow_dissector -i 6 -f 8
173 # Send 10 IPv6/UDP packets from port 9. Filter should drop all.
174 ./test_flow_dissector -i 6 -f 9 -F
175 # Send 10 IPv6/UDP packets from port 10. Filter should not drop any.
176 ./test_flow_dissector -i 6 -f 10
177 
178 exit 0

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php