LXR linux/tools/testing/selftests/bpf/test_flow

   1#!/bin/bash
   2# SPDX-License-Identifier: GPL-2.0
   3#
   4# Load BPF flow dissector and verify it correctly dissects traffic
   5export TESTNAME=test_flow_dissector
   6unmount=0
   7
   8# Kselftest framework requirement - SKIP code is 4.
   9ksft_skip=4
  10
  11msg="skip all tests:"
  12if [ $UID != 0 ]; then
  13        echo $msg please run this as root >&2
  14        exit $ksft_skip
  15fi
  16
  17# This test needs to be run in a network namespace with in_netns.sh. Check if
  18# this is the case and run it with in_netns.sh if it is being run in the root
  19# namespace.
  20if [[ -z $(ip netns identify $$) ]]; then
  21        err=0
  22        if bpftool="$(which bpftool)"; then
  23                echo "Testing global flow dissector..."
  24
  25                $bpftool prog loadall ./bpf_flow.o /sys/fs/bpf/flow \
  26                        type flow_dissector
  27
  28                if ! unshare --net $bpftool prog attach pinned \
  29                        /sys/fs/bpf/flow/flow_dissector flow_dissector; then
  30                        echo "Unexpected unsuccessful attach in namespace" >&2
  31                        err=1
  32                fi
  33
  34                $bpftool prog attach pinned /sys/fs/bpf/flow/flow_dissector \
  35                        flow_dissector
  36
  37                if unshare --net $bpftool prog attach pinned \
  38                        /sys/fs/bpf/flow/flow_dissector flow_dissector; then
  39                        echo "Unexpected successful attach in namespace" >&2
  40                        err=1
  41                fi
  42
  43                if ! $bpftool prog detach pinned \
  44                        /sys/fs/bpf/flow/flow_dissector flow_dissector; then
  45                        echo "Failed to detach flow dissector" >&2
  46                        err=1
  47                fi
  48
  49                rm -rf /sys/fs/bpf/flow
  50        else
  51                echo "Skipping root flow dissector test, bpftool not found" >&2
  52        fi
  53
  54        # Run the rest of the tests in a net namespace.
  55        ../net/in_netns.sh "$0" "$@"
  56        err=$(( $err + $? ))
  57
  58        if (( $err == 0 )); then
  59                echo "selftests: $TESTNAME [PASS]";
  60        else
  61                echo "selftests: $TESTNAME [FAILED]";
  62        fi
  63
  64        exit $err
  65fi
  66
  67# Determine selftest success via shell exit code
  68exit_handler()
  69{
  70        set +e
  71
  72        # Cleanup
  73        tc filter del dev lo ingress pref 1337 2> /dev/null
  74        tc qdisc del dev lo ingress 2> /dev/null
  75        ./flow_dissector_load -d 2> /dev/null
  76        if [ $unmount -ne 0 ]; then
  77                umount bpffs 2> /dev/null
  78        fi
  79}
  80
  81# Exit script immediately (well catched by trap handler) if any
  82# program/thing exits with a non-zero status.
  83set -e
  84
  85# (Use 'trap -l' to list meaning of numbers)
  86trap exit_handler 0 2 3 6 9
  87
  88# Mount BPF file system
  89if /bin/mount | grep /sys/fs/bpf > /dev/null; then
  90        echo "bpffs already mounted"
  91else
  92        echo "bpffs not mounted. Mounting..."
  93        unmount=1
  94        /bin/mount bpffs /sys/fs/bpf -t bpf
  95fi
  96
  97# Attach BPF program
  98./flow_dissector_load -p bpf_flow.o -s flow_dissector
  99
 100# Setup
 101tc qdisc add dev lo ingress
 102echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
 103echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
 104echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
 105
 106echo "Testing IPv4..."
 107# Drops all IP/UDP packets coming from port 9
 108tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \
 109        udp src_port 9 action drop
 110
 111# Send 10 IPv4/UDP packets from port 8. Filter should not drop any.
 112./test_flow_dissector -i 4 -f 8
 113# Send 10 IPv4/UDP packets from port 9. Filter should drop all.
 114./test_flow_dissector -i 4 -f 9 -F
 115# Send 10 IPv4/UDP packets from port 10. Filter should not drop any.
 116./test_flow_dissector -i 4 -f 10
 117
 118echo "Testing IPIP..."
 119# Send 10 IPv4/IPv4/UDP packets from port 8. Filter should not drop any.
 120./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
 121        -D 192.168.0.1 -S 1.1.1.1 -f 8
 122# Send 10 IPv4/IPv4/UDP packets from port 9. Filter should drop all.
 123./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
 124        -D 192.168.0.1 -S 1.1.1.1 -f 9 -F
 125# Send 10 IPv4/IPv4/UDP packets from port 10. Filter should not drop any.
 126./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \
 127        -D 192.168.0.1 -S 1.1.1.1 -f 10
 128
 129echo "Testing IPv4 + GRE..."
 130# Send 10 IPv4/GRE/IPv4/UDP packets from port 8. Filter should not drop any.
 131./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
 132        -D 192.168.0.1 -S 1.1.1.1 -f 8
 133# Send 10 IPv4/GRE/IPv4/UDP packets from port 9. Filter should drop all.
 134./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
 135        -D 192.168.0.1 -S 1.1.1.1 -f 9 -F
 136# Send 10 IPv4/GRE/IPv4/UDP packets from port 10. Filter should not drop any.
 137./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e gre -i 4 \
 138        -D 192.168.0.1 -S 1.1.1.1 -f 10
 139
 140tc filter del dev lo ingress pref 1337
 141
 142echo "Testing IPv6..."
 143# Drops all IPv6/UDP packets coming from port 9
 144tc filter add dev lo parent ffff: protocol ipv6 pref 1337 flower ip_proto \
 145        udp src_port 9 action drop
 146
 147# Send 10 IPv6/UDP packets from port 8. Filter should not drop any.
 148./test_flow_dissector -i 6 -f 8
 149# Send 10 IPv6/UDP packets from port 9. Filter should drop all.
 150./test_flow_dissector -i 6 -f 9 -F
 151# Send 10 IPv6/UDP packets from port 10. Filter should not drop any.
 152./test_flow_dissector -i 6 -f 10
 153
 154exit 0
 155