diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
new file mode 100644
index 0000000..66d585b
--- /dev/null
+++ b/.github/workflows/test.yaml
@@ -0,0 +1,99 @@
+name: Build and Test
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+    - name: Set up Go
+      uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
+      with:
+        go-version: 1.21.0
+
+    - name: Check module vendoring
+      run: |
+        go mod tidy
+        go mod verify
+        go generate ./...
+        test -z "$(git status --porcelain)" || (echo "please run 'go mod tidy && go mod vendor', and submit your changes"; exit 1)
+
+    - name: Generate and build
+      run: |
+        go mod download
+        sudo apt-get install -y curl unzip gcc flex bison make
+        curl https://github.com/the-tcpdump-group/libpcap/archive/refs/tags/libpcap-1.10.4.zip -OL
+        unzip libpcap-1.10.4.zip
+        sh -c 'cd libpcap-libpcap-1.10.4/ && ./configure --enable-dbus=no && make && sudo make install'
+        go build
+
+    - name: Store executable
+      uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
+      with:
+        name: skbdump
+        path: skbdump
+
+  test:
+    runs-on: ubuntu-latest
+    name: Test
+    needs: build
+    strategy:
+      fail-fast: false
+      matrix:
+        kernel: [ '5.10-v0.3', '5.15-v0.3', '6.3-main', 'bpf-next-main' ]
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+      - name: Retrieve stored skbdump executable
+        uses: actions/download-artifact@v3
+        with:
+          name: skbdump
+          path: skbdump
+
+      - name: Provision LVH VMs
+        uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12
+        with:
+          test-name: skbdump-test
+          image-version: ${{ matrix.kernel }}
+          host-mount: ./
+          dns-resolver: '1.1.1.1'
+          install-dependencies: 'true'
+          cmd: |
+            chmod +x /host/skbdump/skbdump
+
+      - name: Test netns -> 1.1.1.1
+        uses: cilium/little-vm-helper@908ab1ff8a596a03cd5221a1f8602dc44c3f906d # v0.0.12
+        with:
+          provision: 'false'
+          cmd: |
+            sysctl net.ipv4.conf.all.proxy_arp=1
+            sysctl net.ipv4.conf.default.proxy_arp=1
+
+            ip net a testns
+            ip l a testns-veth type veth peer name testns-peer
+            ip l s testns-peer up
+            ip l s testns-veth netns testns
+            ip net e testns ip l s testns-veth up
+            ip r a 10.0.0.1 dev testns-peer
+            ip net e testns ip a a 10.0.0.1 dev testns-veth
+            ip net e testns ip r a default dev testns-veth
+
+            iptables -t filter --policy FORWARD ACCEPT
+            iptables -t nat -I POSTROUTING 1 -s 10.0.0.1/24 -o enp0s2 -j MASQUERADE
+
+            /host/skbdump/skbdump -i any 'dst host 1.1.1.1 and tcp[tcpflags] = tcp-syn' &
+            pid=\$!
+
+            sleep 10s
+
+            ip net e testns curl --connect-timeout 1 1.1.1.1 &>/dev/null || true
+
+            kill -9 \$pid