[PATCH bpf 2/2] selftests/bpf: test L2 dissection in flow dissector

[Stanislav Fomichev <sdf@xxxxxxxxxx>]

Make sure that everything that's coming from a pre-defined mac address
can be dropped.

Signed-off-by: Stanislav Fomichev <sdf@xxxxxxxxxx>
---
 .../selftests/bpf/test_flow_dissector.sh      | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/tools/testing/selftests/bpf/test_flow_dissector.sh b/tools/testing/selftests/bpf/test_flow_dissector.sh
index d23d4da66b83..1505d0a5fb32 100755
--- a/tools/testing/selftests/bpf/test_flow_dissector.sh
+++ b/tools/testing/selftests/bpf/test_flow_dissector.sh
@@ -112,4 +112,27 @@ tc filter add dev lo parent ffff: protocol ipv6 pref 1337 flower ip_proto \
 # Send 10 IPv6/UDP packets from port 10. Filter should not drop any.
 ./test_flow_dissector -i 6 -f 10
 
+tc filter del dev lo ingress pref 1337
+
+echo "Testing L2..."
+ip link set lo address 02:01:03:04:05:06
+
+# Drops all packets coming from forged localhost mac
+tc filter add dev lo parent ffff: protocol ip pref 1337 flower \
+	src_mac 02:01:03:04:05:06 action drop
+
+# Send packets from any port. Filter should drop all.
+./test_flow_dissector -i 4 -f 8 -F
+
+tc filter del dev lo ingress pref 1337
+
+# Drops all packets coming from "random" non-localhost mac
+tc filter add dev lo parent ffff: protocol ip pref 1337 flower \
+	src_mac 02:01:03:04:05:07 action drop
+
+# Send packets from any port. Filter should not drop any.
+./test_flow_dissector -i 4 -f 8
+
+tc filter del dev lo ingress pref 1337
+
 exit 0
-- 
2.21.0.1020.gf2820cf01a-goog