Merge remote-tracking branch 'spi/for-5.9' into spi-linus

[linux-2.6-microblaze.git] / tools / testing / selftests / netfilter / nft_meta.sh

#!/bin/bash

# check iif/iifname/oifgroup/iiftype match.

# Kselftest framework requirement - SKIP code is 4.
ksft_skip=4
sfx=$(mktemp -u "XXXXXXXX")
ns0="ns0-$sfx"

nft --version > /dev/null 2>&1
if [ $? -ne 0 ];then
        echo "SKIP: Could not run test without nft tool"
        exit $ksft_skip
fi

cleanup()
{
        ip netns del "$ns0"
}

ip netns add "$ns0"
ip -net "$ns0" link set lo up
ip -net "$ns0" addr add 127.0.0.1 dev lo

trap cleanup EXIT

ip netns exec "$ns0" nft -f /dev/stdin <<EOF
table inet filter {
        counter iifcount {}
        counter iifnamecount {}
        counter iifgroupcount {}
        counter iiftypecount {}
        counter infproto4count {}
        counter il4protocounter {}
        counter imarkcounter {}

        counter oifcount {}
        counter oifnamecount {}
        counter oifgroupcount {}
        counter oiftypecount {}
        counter onfproto4count {}
        counter ol4protocounter {}
        counter oskuidcounter {}
        counter oskgidcounter {}
        counter omarkcounter {}

        chain input {
                type filter hook input priority 0; policy accept;

                meta iif lo counter name "iifcount"
                meta iifname "lo" counter name "iifnamecount"
                meta iifgroup "default" counter name "iifgroupcount"
                meta iiftype "loopback" counter name "iiftypecount"
                meta nfproto ipv4 counter name "infproto4count"
                meta l4proto icmp counter name "il4protocounter"
                meta mark 42 counter name "imarkcounter"
        }

        chain output {
                type filter hook output priority 0; policy accept;
                meta oif lo counter name "oifcount" counter
                meta oifname "lo" counter name "oifnamecount"
                meta oifgroup "default" counter name "oifgroupcount"
                meta oiftype "loopback" counter name "oiftypecount"
                meta nfproto ipv4 counter name "onfproto4count"
                meta l4proto icmp counter name "ol4protocounter"
                meta skuid 0 counter name "oskuidcounter"
                meta skgid 0 counter name "oskgidcounter"
                meta mark 42 counter name "omarkcounter"
        }
}
EOF

if [ $? -ne 0 ]; then
        echo "SKIP: Could not add test ruleset"
        exit $ksft_skip
fi

ret=0

check_one_counter()
{
        local cname="$1"
        local want="packets $2"
        local verbose="$3"

        cnt=$(ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want")
        if [ $? -ne 0 ];then
                echo "FAIL: $cname, want \"$want\", got"
                ret=1
                ip netns exec "$ns0" nft list counter inet filter $counter
        fi
}

check_lo_counters()
{
        local want="$1"
        local verbose="$2"
        local counter

        for counter in iifcount iifnamecount iifgroupcount iiftypecount infproto4count \
                       oifcount oifnamecount oifgroupcount oiftypecount onfproto4count \
                       il4protocounter \
                       ol4protocounter \
             ; do
                check_one_counter "$counter" "$want" "$verbose"
        done
}

check_lo_counters "0" false
ip netns exec "$ns0" ping -q -c 1 127.0.0.1 -m 42 > /dev/null

check_lo_counters "2" true

check_one_counter oskuidcounter "1" true
check_one_counter oskgidcounter "1" true
check_one_counter imarkcounter "1" true
check_one_counter omarkcounter "1" true

if [ $ret -eq 0 ];then
        echo "OK: nftables meta iif/oif counters at expected values"
fi

exit $ret