patch(bpf): Don't clear checksum on wan_egress #42
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Kernel Test | |
on: | |
pull_request: | |
paths: | |
- "**/*.go" | |
- "**/*.c" | |
- "**/*.h" | |
- "go.mod" | |
- "go.sum" | |
- ".github/workflows/kernel-test.yml" | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- name: Set up Go | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe | |
with: | |
go-version: 1.21.0 | |
- name: Generate and build | |
run: | | |
git submodule update --init | |
make GOFLAGS="-buildvcs=false" CC=clang | |
- name: Store executable | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 | |
with: | |
name: dae | |
path: dae | |
test: | |
runs-on: ubuntu-22.04 | |
name: Test | |
needs: build | |
strategy: | |
fail-fast: false | |
matrix: | |
kernel: [ '5.10-v0.3', '5.15-v0.3', '6.3-main', 'bpf-next-20231030.012704' ] | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- name: Retrieve stored executable | |
uses: actions/download-artifact@v3 | |
with: | |
name: dae | |
path: dae | |
- name: Provision LVH VMs | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
test-name: dae-test | |
image-version: ${{ matrix.kernel }} | |
host-mount: ./ | |
dns-resolver: '1.1.1.1' | |
install-dependencies: 'true' | |
cmd: | | |
chmod +x /host/dae/dae | |
apt update | |
apt install -y unzip | |
- name: Setup network | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
docker network create --ipv6 --subnet 2001:0DB8::/112 dae | |
docker run -td --name v2ray --privileged --network dae -v /host:/host ubuntu:22.04 bash | |
docker run -td --name dae --privileged --network dae -v /host:/host -v /sys:/sys ubuntu:22.04 bash | |
- name: Setup v2ray server | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
cd /host | |
curl -OL https://github.com/v2fly/v2ray-core/releases/download/v4.31.0/v2ray-linux-64.zip | |
unzip v2ray-linux-64.zip | |
docker cp ./v2ray v2ray:/usr/bin | |
docker cp ./v2ctl v2ray:/usr/bin | |
cat > ./v2ray.json <<! | |
{ | |
"log": { | |
"access": "/host/v2ray.access.log", | |
"error": "/host/v2ray.error.log", | |
"loglevel": "warning" | |
}, | |
"inbound": { | |
"port": 23333, | |
"protocol": "vmess", | |
"settings": { | |
"clients": [ | |
{ | |
"id": "b004539e-0d7b-7996-c378-fb040e42de70", | |
"level": 0, | |
"alterId": 0 | |
} | |
] | |
} | |
}, | |
"outbound": { | |
"protocol": "freedom", | |
"settings": {} | |
}, | |
"inboundDetour": [], | |
"outboundDetour": [] | |
} | |
! | |
nohup docker exec v2ray v2ray -c /host/v2ray.json &> v2ray.log & | |
sleep 5s | |
cat v2ray.log | |
echo '{"v":"2","ps":"test","add":"v2ray","port":"23333","id":"b004539e-0d7b-7996-c378-fb040e42de70","aid":"0","net":"tcp","tls":"","type":"none","path":"","host":"v2ray"}' > vmess.json | |
- name: Setup dae server | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
cd /host | |
docker exec dae apt update | |
docker exec dae apt install -y curl dnsutils netcat | |
vmess_link=$(base64 -w0 vmess.json) | |
cat > ./conf.dae <<! | |
global { | |
tproxy_port: 12345 | |
log_level: trace | |
lan_interface: auto | |
wan_interface: auto | |
allow_insecure: false | |
auto_config_kernel_parameter: true | |
} | |
node { | |
local: 'vmess://\$vmess_link' | |
} | |
group { | |
proxy { | |
policy: min_moving_avg | |
} | |
} | |
routing { | |
pname(dae) -> direct | |
fallback: proxy | |
} | |
! | |
chmod 600 ./conf.dae | |
nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log & | |
sleep 10s | |
cat dae.log | |
- name: Check WAN IPv4 TCP | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
docker exec dae curl 1.1.1.1:443 | |
cat /host/dae.log | grep -F -- '-> 1.1.1.1:443' | |
cat /host/v2ray.access.log | grep -q 'accepted tcp:1.1.1.1:443' | |
- name: Check WAN IPv4 UDP | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
docker exec dae dig @1.1.1.1 one.one.one.one | |
cat /host/dae.log | grep -F -- '-> 1.1.1.1:53' | |
cat /host/v2ray.access.log | grep -q 'accepted udp:1.1.1.1:53' | |
- name: Check WAN IPv6 TCP | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
docker exec dae nc -v -w1 2606:4700:4700::1111 443 &> /host/nc.log | |
cat /host/nc.log | grep -q 'succeeded!' | |
cat /host/dae.log | grep -F -- '-> [2606:4700:4700::1111]:443' | |
- name: Check WAN IPv6 UDP | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
if docker exec dae dig @2606:4700:4700::1111 one.one.one.one; then | |
echo "Shouldn't succeed until https://github.com/daeuniverse/dae/issues/387 is resolved" | |
false | |
else | |
echo "Ingore failure until https://github.com/daeuniverse/dae/issues/387 is resolved" | |
true | |
fi | |
- name: Setup LAN | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
cd /host | |
docker restart -t0 dae | |
docker exec dae apt install -y iproute2 iptables iputils-ping | |
cat >lan.bash <<! | |
set -ex | |
ip net a dae | |
ip l a dae-veth type veth peer name dae-veth-peer | |
ip l s dae-veth-peer up | |
ip l s dae-veth netns dae | |
ip net e dae ip l s dae-veth up | |
ip r a 10.0.0.1 dev dae-veth-peer | |
ip net e dae ip a a 10.0.0.1 dev dae-veth | |
ip net e dae ip r a 169.254.0.1 dev dae-veth | |
ip net e dae ip r a default via 169.254.0.1 dev dae-veth | |
sysctl net.ipv6.conf.dae-veth-peer.disable_ipv6=0 | |
ip -6 r a fd00:ffff::1 dev dae-veth-peer | |
ip -6 a a fe80::ecee:eeff:feee:eeee dev dae-veth-peer | |
ip net e dae ip -6 a a fd00:ffff::1 dev dae-veth | |
ip net e dae ip -6 r r default via fe80::ecee:eeff:feee:eeee dev dae-veth | |
sysctl net.ipv4.conf.dae-veth-peer.proxy_arp=1 | |
sysctl net.ipv4.conf.dae-veth-peer.rp_filter=2 | |
iptables-legacy -t nat -A POSTROUTING -s 10.0.0.1/32 -j MASQUERADE | |
! | |
docker exec dae bash /host/lan.bash | |
docker exec dae ping -c1 10.0.0.1 | |
docker exec dae ip net e dae curl 1.0.0.1 | |
docker exec dae ping -c1 fd00:ffff::1 | |
docker exec dae sysctl net.ipv4.conf.dae-veth-peer.send_redirects=0 | |
docker exec dae sysctl net.ipv6.conf.dae-veth-peer.forwarding=1 | |
vmess_link=$(base64 -w0 vmess.json) | |
cat > ./conf.dae <<! | |
global { | |
tproxy_port: 12345 | |
log_level: trace | |
lan_interface: dae-veth-peer | |
wan_interface: auto | |
allow_insecure: false | |
auto_config_kernel_parameter: true | |
} | |
node { | |
local: 'vmess://\$vmess_link' | |
} | |
group { | |
proxy { | |
policy: min_moving_avg | |
} | |
} | |
routing { | |
pname(dae) -> direct | |
fallback: proxy | |
} | |
! | |
chmod 600 ./conf.dae | |
nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log & | |
sleep 10s | |
cat dae.log | |
- name: Check LAN IPv4 TCP | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
docker exec dae ip net e dae curl 1.0.0.1 | |
cat /host/dae.log | grep -F -- '-> 1.0.0.1:80' | |
cat /host/v2ray.access.log | grep -q 'accepted tcp:1.0.0.1:80' | |
- name: Check LAN IPv4 UDP | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
docker exec dae ip net e dae dig @8.8.4.4 one.one.one.one | |
cat /host/dae.log | grep -F -- '-> 8.8.4.4:53' | |
cat /host/v2ray.access.log | grep -q 'accepted udp:8.8.4.4:53' | |
- name: Check LAN IPv6 TCP | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
docker exec dae ip net e dae nc -v -w1 2606:4700:4700::1001 80 &> /host/nc.log | |
cat /host/nc.log | grep -q 'succeeded!' | |
cat /host/dae.log | grep -F -- '-> [2606:4700:4700::1001]:80' | |
- name: Check LAN IPv6 UDP | |
uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12 | |
with: | |
provision: 'false' | |
cmd: | | |
set -ex | |
docker exec dae ip net e dae dig @2001:4860:4860::8844 one.one.one.one | |
cat /host/dae.log | grep -F -- '-> [2001:4860:4860::8844]:53' |