#!/bin/bash
|
|
# check iif/iifname/oifgroup/iiftype match.
|
|
# Kselftest framework requirement - SKIP code is 4.
|
ksft_skip=4
|
sfx=$(mktemp -u "XXXXXXXX")
|
ns0="ns0-$sfx"
|
|
if ! nft --version > /dev/null 2>&1; then
|
echo "SKIP: Could not run test without nft tool"
|
exit $ksft_skip
|
fi
|
|
cleanup()
|
{
|
ip netns del "$ns0"
|
}
|
|
ip netns add "$ns0"
|
ip -net "$ns0" link set lo up
|
ip -net "$ns0" addr add 127.0.0.1 dev lo
|
|
trap cleanup EXIT
|
|
currentyear=$(date +%Y)
|
lastyear=$((currentyear-1))
|
ip netns exec "$ns0" nft -f /dev/stdin <<EOF
|
table inet filter {
|
counter iifcount {}
|
counter iifnamecount {}
|
counter iifgroupcount {}
|
counter iiftypecount {}
|
counter infproto4count {}
|
counter il4protocounter {}
|
counter imarkcounter {}
|
counter icpu0counter {}
|
counter ilastyearcounter {}
|
counter icurrentyearcounter {}
|
|
counter oifcount {}
|
counter oifnamecount {}
|
counter oifgroupcount {}
|
counter oiftypecount {}
|
counter onfproto4count {}
|
counter ol4protocounter {}
|
counter oskuidcounter {}
|
counter oskgidcounter {}
|
counter omarkcounter {}
|
|
chain input {
|
type filter hook input priority 0; policy accept;
|
|
meta iif lo counter name "iifcount"
|
meta iifname "lo" counter name "iifnamecount"
|
meta iifgroup "default" counter name "iifgroupcount"
|
meta iiftype "loopback" counter name "iiftypecount"
|
meta nfproto ipv4 counter name "infproto4count"
|
meta l4proto icmp counter name "il4protocounter"
|
meta mark 42 counter name "imarkcounter"
|
meta cpu 0 counter name "icpu0counter"
|
meta time "$lastyear-01-01" - "$lastyear-12-31" counter name ilastyearcounter
|
meta time "$currentyear-01-01" - "$currentyear-12-31" counter name icurrentyearcounter
|
}
|
|
chain output {
|
type filter hook output priority 0; policy accept;
|
meta oif lo counter name "oifcount" counter
|
meta oifname "lo" counter name "oifnamecount"
|
meta oifgroup "default" counter name "oifgroupcount"
|
meta oiftype "loopback" counter name "oiftypecount"
|
meta nfproto ipv4 counter name "onfproto4count"
|
meta l4proto icmp counter name "ol4protocounter"
|
meta skuid 0 counter name "oskuidcounter"
|
meta skgid 0 counter name "oskgidcounter"
|
meta mark 42 counter name "omarkcounter"
|
}
|
}
|
EOF
|
|
if [ $? -ne 0 ]; then
|
echo "SKIP: Could not add test ruleset"
|
exit $ksft_skip
|
fi
|
|
ret=0
|
|
check_one_counter()
|
{
|
local cname="$1"
|
local want="packets $2"
|
local verbose="$3"
|
|
if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then
|
echo "FAIL: $cname, want \"$want\", got"
|
ret=1
|
ip netns exec "$ns0" nft list counter inet filter $cname
|
fi
|
}
|
|
check_lo_counters()
|
{
|
local want="$1"
|
local verbose="$2"
|
local counter
|
|
for counter in iifcount iifnamecount iifgroupcount iiftypecount infproto4count \
|
oifcount oifnamecount oifgroupcount oiftypecount onfproto4count \
|
il4protocounter icurrentyearcounter ol4protocounter \
|
; do
|
check_one_counter "$counter" "$want" "$verbose"
|
done
|
}
|
|
check_lo_counters "0" false
|
ip netns exec "$ns0" ping -q -c 1 127.0.0.1 -m 42 > /dev/null
|
|
check_lo_counters "2" true
|
|
check_one_counter oskuidcounter "1" true
|
check_one_counter oskgidcounter "1" true
|
check_one_counter imarkcounter "1" true
|
check_one_counter omarkcounter "1" true
|
check_one_counter ilastyearcounter "0" true
|
|
if [ $ret -eq 0 ];then
|
echo "OK: nftables meta iif/oif counters at expected values"
|
else
|
exit $ret
|
fi
|
|
#First CPU execution and counter
|
taskset -p 01 $$ > /dev/null
|
ip netns exec "$ns0" nft reset counters > /dev/null
|
ip netns exec "$ns0" ping -q -c 1 127.0.0.1 > /dev/null
|
check_one_counter icpu0counter "2" true
|
|
if [ $ret -eq 0 ];then
|
echo "OK: nftables meta cpu counter at expected values"
|
fi
|
|
exit $ret
|
