1 files changed, 97 insertions, 0 deletions
diff --git a/run_test.sh b/run_test.sh
new file mode 100755
index 0000000..33b53d2
--- /dev/null
+++ b/run_test.sh
@@ -0,0 +1,97 @@
+#!/bin/bash
+set -e
+DIR=/root/w/packet_ebpf
+CERTS=/tmp/ebpf_certs
+PIDS=()
+# Cleanup on exit
+cleanup() { kill "${PIDS[@]}" 2>/dev/null; rm -rf "$CERTS"; }
+trap cleanup EXIT
+# Start background process and track PID
+bg() { "$@" &>/dev/null & PIDS+=($!); }
+# Print result
+ok()   { echo "  $1: OK"; }
+fail() { echo "  $1: FAIL"; }
+# Build
+echo "=== Building ==="
+cd "$DIR"
+cargo xtask build-ebpf --release &>/dev/null
+cargo build --release -p packet-detector &>/dev/null
+echo "Done"
+echo
+# Test 1: UDP - test actual packet delivery
+echo "=== UDP Magic Word (only 'hell0123' passes) ==="
+# Start XDP filter
+./target/release/packet-detector lo &>/dev/null & PIDS+=($!)
+sleep 1
+RECV_FILE=$(mktemp)
+# Test valid packet
+timeout 2 bash -c "nc -u -l 127.0.0.1 9999 > $RECV_FILE" &
+sleep 0.3
+echo 'hell0123' | nc -u -w1 127.0.0.1 9999 2>/dev/null || true
+sleep 0.5
+grep -q 'hell0123' "$RECV_FILE" && ok "hell0123 passed (XDP_PASS)" || fail "hell0123 dropped"
+# Test invalid packet
+> "$RECV_FILE"  # clear file
+timeout 2 bash -c "nc -u -l 127.0.0.1 9999 > $RECV_FILE" &
+sleep 0.3
+echo 'wrongmsg' | nc -u -w1 127.0.0.1 9999 2>/dev/null || true
+sleep 0.5
+grep -q 'wrongmsg' "$RECV_FILE" && fail "wrongmsg passed (should drop)" || ok "wrongmsg dropped (XDP_DROP)"
+rm -f "$RECV_FILE"
+kill "${PIDS[-1]}" 2>/dev/null; unset 'PIDS[-1]'
+echo
+# Test 2: TLS
+echo "=== TLS Certificate ==="
+# Create two separate PKI environments
+BAD_CERTS="$CERTS/bad"
+GOOD_CERTS="$CERTS/good"
+mkdir -p "$BAD_CERTS" "$GOOD_CERTS"
+# Start server with UNTRUSTED certs on port 8443
+cd "$BAD_CERTS"
+bg "$DIR/target/release/tls_server" 8443
+sleep 3
+# Start server with TRUSTED certs on port 8444
+cd "$GOOD_CERTS"
+bg "$DIR/target/release/tls_server" 8444
+sleep 3
+# Start packet-detector with ONLY the good CA (won't trust bad server)
+"$DIR/target/release/packet-detector" lo "$GOOD_CERTS/ca_cert.pem" &>/dev/null & PIDS+=($!)
+sleep 2
+# Test 1: Connect to BAD server (untrusted cert)
+# Handshake completes, but HTTP request should fail (blocked after validation)
+cd "$BAD_CERTS"
+BAD_OUT=$(timeout 5 "$DIR/target/release/tls_client" 127.0.0.1 8443 2>&1) || true
+if echo "$BAD_OUT" | grep -q "HTTP/1.1 200"; then
+    fail "Untrusted cert - HTTP should have been blocked"
+else
+    ok "Untrusted cert - HTTP blocked (XDP_DROP after validation)"
+fi
+# Test 2: Connect to GOOD server (trusted cert) - should succeed fully
+cd "$GOOD_CERTS"
+GOOD_OUT=$(timeout 5 "$DIR/target/release/tls_client" 127.0.0.1 8444 2>&1) || true
+if echo "$GOOD_OUT" | grep -q "HTTP/1.1 200"; then
+    ok "Trusted cert - HTTP succeeded (XDP_PASS)"
+else
+    fail "Trusted cert - HTTP failed"
+fi
+echo
+echo "=== Done ==="

diff --git a/run_test.sh b/run_test.sh new file mode 100755 index 0000000..33b53d2 --- /dev/null +++ b/run_test.sh
@@ -0,0 +1,97 @@
	1	#!/bin/bash
	2	set -e
	3
	4	DIR=/root/w/packet_ebpf
	5	CERTS=/tmp/ebpf_certs
	6	PIDS=()
	7
	8	# Cleanup on exit
	9	cleanup() { kill "${PIDS[@]}" 2>/dev/null; rm -rf "$CERTS"; }
	10	trap cleanup EXIT
	11
	12	# Start background process and track PID
	13	bg() { "$@" &>/dev/null & PIDS+=($!); }
	14
	15	# Print result
	16	ok() { echo " $1: OK"; }
	17	fail() { echo " $1: FAIL"; }
	18
	19	# Build
	20	echo "=== Building ==="
	21	cd "$DIR"
	22	cargo xtask build-ebpf --release &>/dev/null
	23	cargo build --release -p packet-detector &>/dev/null
	24	echo "Done"
	25	echo
	26
	27	# Test 1: UDP - test actual packet delivery
	28	echo "=== UDP Magic Word (only 'hell0123' passes) ==="
	29
	30	# Start XDP filter
	31	./target/release/packet-detector lo &>/dev/null & PIDS+=($!)
	32	sleep 1
	33
	34	RECV_FILE=$(mktemp)
	35
	36	# Test valid packet
	37	timeout 2 bash -c "nc -u -l 127.0.0.1 9999 > $RECV_FILE" &
	38	sleep 0.3
	39	echo 'hell0123' \| nc -u -w1 127.0.0.1 9999 2>/dev/null \|\| true
	40	sleep 0.5
	41	grep -q 'hell0123' "$RECV_FILE" && ok "hell0123 passed (XDP_PASS)" \|\| fail "hell0123 dropped"
	42
	43	# Test invalid packet
	44	> "$RECV_FILE" # clear file
	45	timeout 2 bash -c "nc -u -l 127.0.0.1 9999 > $RECV_FILE" &
	46	sleep 0.3
	47	echo 'wrongmsg' \| nc -u -w1 127.0.0.1 9999 2>/dev/null \|\| true
	48	sleep 0.5
	49	grep -q 'wrongmsg' "$RECV_FILE" && fail "wrongmsg passed (should drop)" \|\| ok "wrongmsg dropped (XDP_DROP)"
	50
	51	rm -f "$RECV_FILE"
	52	kill "${PIDS[-1]}" 2>/dev/null; unset 'PIDS[-1]'
	53	echo
	54
	55	# Test 2: TLS
	56	echo "=== TLS Certificate ==="
	57
	58	# Create two separate PKI environments
	59	BAD_CERTS="$CERTS/bad"
	60	GOOD_CERTS="$CERTS/good"
	61	mkdir -p "$BAD_CERTS" "$GOOD_CERTS"
	62
	63	# Start server with UNTRUSTED certs on port 8443
	64	cd "$BAD_CERTS"
	65	bg "$DIR/target/release/tls_server" 8443
	66	sleep 3
	67
	68	# Start server with TRUSTED certs on port 8444
	69	cd "$GOOD_CERTS"
	70	bg "$DIR/target/release/tls_server" 8444
	71	sleep 3
	72
	73	# Start packet-detector with ONLY the good CA (won't trust bad server)
	74	"$DIR/target/release/packet-detector" lo "$GOOD_CERTS/ca_cert.pem" &>/dev/null & PIDS+=($!)
	75	sleep 2
	76
	77	# Test 1: Connect to BAD server (untrusted cert)
	78	# Handshake completes, but HTTP request should fail (blocked after validation)
	79	cd "$BAD_CERTS"
	80	BAD_OUT=$(timeout 5 "$DIR/target/release/tls_client" 127.0.0.1 8443 2>&1) \|\| true
	81	if echo "$BAD_OUT" \| grep -q "HTTP/1.1 200"; then
	82	fail "Untrusted cert - HTTP should have been blocked"
	83	else
	84	ok "Untrusted cert - HTTP blocked (XDP_DROP after validation)"
	85	fi
	86
	87	# Test 2: Connect to GOOD server (trusted cert) - should succeed fully
	88	cd "$GOOD_CERTS"
	89	GOOD_OUT=$(timeout 5 "$DIR/target/release/tls_client" 127.0.0.1 8444 2>&1) \|\| true
	90	if echo "$GOOD_OUT" \| grep -q "HTTP/1.1 200"; then
	91	ok "Trusted cert - HTTP succeeded (XDP_PASS)"
	92	else
	93	fail "Trusted cert - HTTP failed"
	94	fi
	95
	96	echo
	97	echo "=== Done ==="