#!/bin/bash function config_device { ip netns add at_ns0 ip link add veth0 type veth peer name veth0b ip link set veth0b up ip link set veth0 netns at_ns0 ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0 ip netns exec at_ns0 ip addr add 2401:db00::1/64 dev veth0 nodad ip netns exec at_ns0 ip link set dev veth0 up ip addr add 172.16.1.101/24 dev veth0b ip addr add 2401:db00::2/64 dev veth0b nodad } function config_cgroup { rm -rf /tmp/cgroupv2 mkdir -p /tmp/cgroupv2 mount -t cgroup2 none /tmp/cgroupv2 mkdir -p /tmp/cgroupv2/foo echo $$ >> /tmp/cgroupv2/foo/cgroup.procs } function attach_bpf { test_cgrp2_sock2 /tmp/cgroupv2/foo sock_flags_kern.o $1 [ $? -ne 0 ] && exit 1 } function cleanup { ip link del veth0b ip netns delete at_ns0 umount /tmp/cgroupv2 rm -rf /tmp/cgroupv2 } cleanup 2>/dev/null set -e config_device config_cgroup set +e # # Test 1 - fail ping6 # attach_bpf 0 ping -c1 -w1 172.16.1.100 if [ $? -ne 0 ]; then echo "ping failed when it should succeed" cleanup exit 1 fi ping6 -c1 -w1 2401:db00::1 if [ $? -eq 0 ]; then echo "ping6 succeeded when it should not" cleanup exit 1 fi # # Test 2 - fail ping # attach_bpf 1 ping6 -c1 -w1 2401:db00::1 if [ $? -ne 0 ]; then echo "ping6 failed when it should succeed" cleanup exit 1 fi ping -c1 -w1 172.16.1.100 if [ $? -eq 0 ]; then echo "ping succeeded when it should not" cleanup exit 1 fi cleanup echo echo "*** PASS ***" s Klauser
summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorLiping Zhang <zlpnobody@gmail.com>2016-12-25 19:58:59 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2017-01-03 14:33:26 +0100
commit949a358418aae397d7cf1622aa6515eca766b9e7 (patch)
tree9b67c64eb688d91983115627063d4f77e90c27b5 /include
parent237bab6611c607a9e63d50164609923feb8b83b3 (diff)
netfilter: nft_ct: add average bytes per packet support
Similar to xt_connbytes, user can match how many average bytes per packet a connection has transferred so far. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')