d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests/libalias: Factor out common primitives

Browse Source 
Rework the tests to check the correct layer in a single test.
Factor out tests for reuse in other modules.

MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30412
This commit is contained in:
Lutz Donnerhacke 2021-05-24 14:43:01 +02:00
parent 3f2508b7f3
commit f1462ab051
4 changed files with 144 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
tests/sys/netinet/libalias/2_natout.c
View File

@ -38,63 +38,6 @@
#include "util.h"
/* common ip ranges */
static struct in_addr masq = { htonl(0x01020304) };
static struct in_addr pub = { htonl(0x0102dead) };
static struct in_addr prv1 = { htonl(0x0a00dead) };
static struct in_addr prv2 = { htonl(0xac10dead) };
static struct in_addr prv3 = { htonl(0xc0a8dead) };
static struct in_addr cgn = { htonl(0x6440dead) };
static struct in_addr ext = { htonl(0x12345678) };
#define NAT_CHECK(pip, src, msq) do { \
int res; \
int len = ntohs(pip->ip_len); \
struct in_addr dst = pip->ip_dst; \
pip->ip_src = src; \
res = LibAliasOut(la, pip, len); \
ATF_CHECK_MSG(res == PKT_ALIAS_OK, \
">%d< not met PKT_ALIAS_OK", res); \
ATF_CHECK(addr_eq(msq, pip->ip_src)); \
ATF_CHECK(addr_eq(dst, pip->ip_dst)); \
} while(0)
#define NAT_FAIL(pip, src, dst) do { \
int res; \
int len = ntohs(pip->ip_len); \
pip->ip_src = src; \
pip->ip_dst = dst; \
res = LibAliasOut(la, pip, len); \
ATF_CHECK_MSG(res != PKT_ALIAS_OK), \
">%d< not met !PKT_ALIAS_OK", res); \
ATF_CHECK(addr_eq(src, pip->ip_src)); \
ATF_CHECK(addr_eq(dst, pip->ip_dst)); \
} while(0)
#define UNNAT_CHECK(pip, src, dst, rel) do { \
int res; \
int len = ntohs(pip->ip_len); \
pip->ip_src = src; \
pip->ip_dst = dst; \
res = LibAliasIn(la, pip, len); \
ATF_CHECK_MSG(res == PKT_ALIAS_OK, \
">%d< not met PKT_ALIAS_OK", res); \
ATF_CHECK(addr_eq(src, pip->ip_src)); \
ATF_CHECK(addr_eq(rel, pip->ip_dst)); \
} while(0)
#define UNNAT_FAIL(pip, src, dst) do { \
int res; \
int len = ntohs(pip->ip_len); \
pip->ip_src = src; \
pip->ip_dst = dst; \
res = LibAliasIn(la, pip, len); \
ATF_CHECK_MSG(res != PKT_ALIAS_OK, \
">%d< not met !PKT_ALIAS_OK", res); \
ATF_CHECK(addr_eq(src, pip->ip_src)); \
ATF_CHECK(addr_eq(dst, pip->ip_dst)); \
} while(0)
ATF_TC_WITHOUT_HEAD(1_simplemasq);
ATF_TC_BODY(1_simplemasq, dummy)
{
@ -105,12 +48,12 @@ ATF_TC_BODY(1_simplemasq, dummy)
LibAliasSetAddress(la, masq);
LibAliasSetMode(la, 0, ~0);
pip = ip_packet(prv1, ext, 254, 64);
NAT_CHECK(pip, prv1, masq);
NAT_CHECK(pip, prv2, masq);
NAT_CHECK(pip, prv3, masq);
NAT_CHECK(pip, cgn, masq);
NAT_CHECK(pip, pub, masq);
pip = ip_packet(254, 64);
NAT_CHECK(pip, prv1, ext, masq);
NAT_CHECK(pip, prv2, ext, masq);
NAT_CHECK(pip, prv3, ext, masq);
NAT_CHECK(pip, cgn, ext, masq);
NAT_CHECK(pip, pub, ext, masq);
free(pip);
LibAliasUninit(la);
@ -126,12 +69,12 @@ ATF_TC_BODY(2_unregistered, dummy)
LibAliasSetAddress(la, masq);
LibAliasSetMode(la, PKT_ALIAS_UNREGISTERED_ONLY, ~0);
pip = ip_packet(prv1, ext, 254, 64);
NAT_CHECK(pip, prv1, masq);
NAT_CHECK(pip, prv2, masq);
NAT_CHECK(pip, prv3, masq);
NAT_CHECK(pip, cgn, cgn);
NAT_CHECK(pip, pub, pub);
pip = ip_packet(254, 64);
NAT_CHECK(pip, prv1, ext, masq);
NAT_CHECK(pip, prv2, ext, masq);
NAT_CHECK(pip, prv3, ext, masq);
NAT_CHECK(pip, cgn, ext, cgn);
NAT_CHECK(pip, pub, ext, pub);
/*
* State is only for new connections
@ -139,11 +82,11 @@ ATF_TC_BODY(2_unregistered, dummy)
* the mode setting should be ignored
*/
LibAliasSetMode(la, 0, PKT_ALIAS_UNREGISTERED_ONLY);
NAT_CHECK(pip, prv1, masq);
NAT_CHECK(pip, prv2, masq);
NAT_CHECK(pip, prv3, masq);
NAT_CHECK(pip, cgn, cgn);
NAT_CHECK(pip, pub, pub);
NAT_CHECK(pip, prv1, ext, masq);
NAT_CHECK(pip, prv2, ext, masq);
NAT_CHECK(pip, prv3, ext, masq);
NAT_CHECK(pip, cgn, ext, cgn);
NAT_CHECK(pip, pub, ext, pub);
free(pip);
LibAliasUninit(la);
@ -159,12 +102,12 @@ ATF_TC_BODY(3_cgn, dummy)
LibAliasSetAddress(la, masq);
LibAliasSetMode(la, PKT_ALIAS_UNREGISTERED_CGN, ~0);
pip = ip_packet(prv1, ext, 254, 64);
NAT_CHECK(pip, prv1, masq);
NAT_CHECK(pip, prv2, masq);
NAT_CHECK(pip, prv3, masq);
NAT_CHECK(pip, cgn, masq);
NAT_CHECK(pip, pub, pub);
pip = ip_packet(254, 64);
NAT_CHECK(pip, prv1, ext, masq);
NAT_CHECK(pip, prv2, ext, masq);
NAT_CHECK(pip, prv3, ext, masq);
NAT_CHECK(pip, cgn, ext, masq);
NAT_CHECK(pip, pub, ext, pub);
/*
* State is only for new connections
@ -172,11 +115,11 @@ ATF_TC_BODY(3_cgn, dummy)
* the mode setting should be ignored
*/
LibAliasSetMode(la, 0, PKT_ALIAS_UNREGISTERED_CGN);
NAT_CHECK(pip, prv1, masq);
NAT_CHECK(pip, prv2, masq);
NAT_CHECK(pip, prv3, masq);
NAT_CHECK(pip, cgn, masq);
NAT_CHECK(pip, pub, pub);
NAT_CHECK(pip, prv1, ext, masq);
NAT_CHECK(pip, prv2, ext, masq);
NAT_CHECK(pip, prv3, ext, masq);
NAT_CHECK(pip, cgn, ext, masq);
NAT_CHECK(pip, pub, ext, pub);
free(pip);
LibAliasUninit(la);
@ -197,41 +140,27 @@ ATF_TC_BODY(4_udp, dummy)
LibAliasSetMode(la, 0, ~0);
/* Query from prv1 */
po = ip_packet(prv1, ext, 0, 64);
uo = set_udp(po, sport, dport);
NAT_CHECK(po, prv1, masq);
ATF_CHECK(uo->uh_dport == htons(dport));
ATF_CHECK(addr_eq(po->ip_dst, ext));
po = ip_packet(0, 64);
UDP_NAT_CHECK(po, uo, prv1, sport, ext, dport, masq);
aport = ntohs(uo->uh_sport);
/* should use a different external port */
ATF_CHECK(aport != sport);
/* Response */
pi = ip_packet(po->ip_dst, po->ip_src, 0, 64);
ui = set_udp(pi, ntohs(uo->uh_dport), ntohs(uo->uh_sport));
UNNAT_CHECK(pi, ext, masq, prv1);
ATF_CHECK(ui->uh_sport == htons(dport));
ATF_CHECK(ui->uh_dport == htons(sport));
pi = ip_packet(0, 64);
UDP_UNNAT_CHECK(pi, ui, ext, dport, masq, aport, prv1, sport);
/* Query from different source with same ports */
uo = set_udp(po, sport, dport);
NAT_CHECK(po, prv2, masq);
ATF_CHECK(uo->uh_dport == htons(dport));
ATF_CHECK(addr_eq(po->ip_dst, ext));
UDP_NAT_CHECK(po, uo, prv2, sport, ext, dport, masq);
/* should use a different external port */
ATF_CHECK(uo->uh_sport != htons(aport));
/* Response to prv2 */
ui->uh_dport = uo->uh_sport;
UNNAT_CHECK(pi, ext, masq, prv2);
ATF_CHECK(ui->uh_sport == htons(dport));
ATF_CHECK(ui->uh_dport == htons(sport));
UDP_UNNAT_CHECK(pi, ui, ext, dport, masq, htons(uo->uh_sport), prv2, sport);
/* Response to prv1 again */
ui->uh_dport = htons(aport);
UNNAT_CHECK(pi, ext, masq, prv1);
ATF_CHECK(ui->uh_sport == htons(dport));
ATF_CHECK(ui->uh_dport == htons(sport));
UDP_UNNAT_CHECK(pi, ui, ext, dport, masq, aport, prv1, sport);
free(pi);
free(po);
@ -253,20 +182,14 @@ ATF_TC_BODY(5_sameport, dummy)
LibAliasSetMode(la, PKT_ALIAS_SAME_PORTS, ~0);
/* Query from prv1 */
p = ip_packet(prv1, ext, 0, 64);
u = set_udp(p, sport, dport);
NAT_CHECK(p, prv1, masq);
ATF_CHECK(u->uh_dport == htons(dport));
ATF_CHECK(addr_eq(p->ip_dst, ext));
p = ip_packet(0, 64);
UDP_NAT_CHECK(p, u, prv1, sport, ext, dport, masq);
aport = ntohs(u->uh_sport);
/* should use the same external port */
ATF_CHECK(aport == sport);
/* Query from different source with same ports */
u = set_udp(p, sport, dport);
NAT_CHECK(p, prv2, masq);
ATF_CHECK(u->uh_dport == htons(dport));
ATF_CHECK(addr_eq(p->ip_dst, ext));
UDP_NAT_CHECK(p, u, prv2, sport, ext, dport, masq);
/* should use a different external port */
ATF_CHECK(u->uh_sport != htons(aport));
@ -291,43 +214,30 @@ ATF_TC_BODY(6_cleartable, dummy)
LibAliasSetMode(la, PKT_ALIAS_DENY_INCOMING, PKT_ALIAS_DENY_INCOMING);
/* Query from prv1 */
po = ip_packet(prv1, ext, 0, 64);
uo = set_udp(po, sport, dport);
NAT_CHECK(po, prv1, masq);
ATF_CHECK(uo->uh_dport == htons(dport));
ATF_CHECK(addr_eq(po->ip_dst, ext));
po = ip_packet(0, 64);
UDP_NAT_CHECK(po, uo, prv1, sport, ext, dport, masq);
aport = ntohs(uo->uh_sport);
/* should use the same external port */
ATF_CHECK(aport == sport);
/* Response */
pi = ip_packet(po->ip_dst, po->ip_src, 0, 64);
ui = set_udp(pi, ntohs(uo->uh_dport), ntohs(uo->uh_sport));
UNNAT_CHECK(pi, ext, masq, prv1);
ATF_CHECK(ui->uh_sport == htons(dport));
ATF_CHECK(ui->uh_dport == htons(sport));
pi = ip_packet(0, 64);
UDP_UNNAT_CHECK(po, uo, ext, dport, masq, aport, prv1, sport);
/* clear table by keeping the address */
LibAliasSetAddress(la, ext);
LibAliasSetAddress(la, masq);
/* Response to prv1 again -> DENY_INCOMING */
ui->uh_dport = htons(aport);
UNNAT_FAIL(pi, ext, masq);
UDP_UNNAT_FAIL(pi, ui, ext, dport, masq, aport);
/* Query from different source with same ports */
uo = set_udp(po, sport, dport);
NAT_CHECK(po, prv2, masq);
ATF_CHECK(uo->uh_dport == htons(dport));
ATF_CHECK(addr_eq(po->ip_dst, ext));
UDP_NAT_CHECK(po, uo, prv2, sport, ext, dport, masq);
/* should use the same external port, because it's free */
ATF_CHECK(uo->uh_sport == htons(aport));
/* Response to prv2 */
ui->uh_dport = uo->uh_sport;
UNNAT_CHECK(pi, ext, masq, prv2);
ATF_CHECK(ui->uh_sport == htons(dport));
ATF_CHECK(ui->uh_dport == htons(sport));
UDP_UNNAT_CHECK(po, uo, ext, dport, masq, htons(uo->uh_sport), prv2, sport);
free(pi);
free(po);
@ -351,8 +261,7 @@ ATF_TC_BODY(7_stress, dummy)
ATF_REQUIRE(la != NULL);
LibAliasSetAddress(la, masq);
p = ip_packet(prv1, ext, 0, 64);
u = set_udp(p, 0, 0);
p = ip_packet(0, 64);
batch = calloc(batch_size, sizeof(*batch));
ATF_REQUIRE(batch != NULL);
@ -374,21 +283,20 @@ ATF_TC_BODY(7_stress, dummy)
}
for (i = 0; i < batch_size; i++) {
p->ip_dst = batch[i].dst;
u = set_udp(p, batch[i].sport, batch[i].dport);
NAT_CHECK(p, batch[i].src, masq);
ATF_CHECK(u->uh_dport == htons(batch[i].dport));
ATF_CHECK(addr_eq(p->ip_dst, batch[i].dst));
UDP_NAT_CHECK(p, u,
batch[i].src, batch[i].sport,
batch[i].dst, batch[i].dport,
masq);
batch[i].aport = htons(u->uh_sport);
}
qsort(batch, batch_size, sizeof(*batch), randcmp);
for (i = 0; i < batch_size; i++) {
u = set_udp(p, batch[i].dport, batch[i].aport);
UNNAT_CHECK(p, batch[i].dst, masq, batch[i].src);
ATF_CHECK(u->uh_dport == htons(batch[i].sport));
ATF_CHECK(u->uh_sport == htons(batch[i].dport));
UDP_UNNAT_CHECK(p, u,
batch[i].dst, batch[i].dport,
masq, batch[i].aport,
batch[i].src, batch[i].sport);
}
}

11
tests/sys/netinet/libalias/perf.c
View File

@ -38,11 +38,6 @@
#include "util.h"
#include <alias.h>
/* common ip ranges */
static struct in_addr masq = { htonl(0x01020304) };
static struct in_addr prv = { htonl(0x0a000000) };
static struct in_addr ext = { htonl(0x12000000) };
#define timevalcmp(tv, uv, cmp) \
(((tv).tv_sec == (uv).tv_sec) \
? ((tv).tv_usec cmp (uv).tv_usec) \
@ -88,10 +83,10 @@ int main(int argc, char ** argv)
LibAliasSetAddress(la, masq);
LibAliasSetMode(la, PKT_ALIAS_DENY_INCOMING, PKT_ALIAS_DENY_INCOMING);
prv.s_addr &= htonl(0xffff0000);
prv1.s_addr &= htonl(0xffff0000);
ext.s_addr &= htonl(0xffff0000);
p = ip_packet(prv, ext, 0, 64);
p = ip_packet(0, 64);
u = set_udp(p, 0, 0);
if (NULL == (batch = calloc(batch_size, sizeof(*batch)))) {
@ -112,7 +107,7 @@ int main(int argc, char ** argv)
gettimeofday(&start, NULL);
printf("%5.1f ", max_seconds - timevaldiff(timeout, start)/1000000.0f);
for (cnt = i = 0; i < batch_size; i++, cnt++) {
batch[i].src.s_addr = prv.s_addr | htonl(rand_range(0, 0xffff));
batch[i].src.s_addr = prv1.s_addr | htonl(rand_range(0, 0xffff));
batch[i].dst.s_addr = ext.s_addr | htonl(rand_range(0, 0xffff));
batch[i].sport = rand_range(1000, 60000);
batch[i].dport = rand_range(1000, 60000);

14
tests/sys/netinet/libalias/util.c
View File

@ -38,6 +38,16 @@
#include "util.h"
/* common ip ranges */
struct in_addr masq = { htonl(0x01020304) };
struct in_addr pub = { htonl(0x0102dead) };
struct in_addr prv1 = { htonl(0x0a00dead) };
struct in_addr prv2 = { htonl(0xac10dead) };
struct in_addr prv3 = { htonl(0xc0a8dead) };
struct in_addr cgn = { htonl(0x6440dead) };
struct in_addr ext = { htonl(0x12345678) };
struct in_addr ANY_ADDR = { 0 };
#define REQUIRE(x) do { \
if (!(x)) { \
fprintf(stderr, "Failed in %s %s:%d.\n",\
@ -78,7 +88,7 @@ hexdump(void *p, size_t len)
}
struct ip *
ip_packet(struct in_addr src, struct in_addr dst, u_char protocol, size_t len)
ip_packet(u_char protocol, size_t len)
{
struct ip * p;
@ -91,8 +101,6 @@ ip_packet(struct in_addr src, struct in_addr dst, u_char protocol, size_t len)
p->ip_hl = sizeof(*p)/4;
p->ip_len = htons(len);
p->ip_ttl = IPDEFTTL;
p->ip_src = src;
p->ip_dst = dst;
p->ip_p = protocol;
REQUIRE(p->ip_hl == 5);

77
tests/sys/netinet/libalias/util.h
View File

@ -40,9 +40,12 @@
#ifndef _UTIL_H
#define _UTIL_H
/* common ip ranges */
extern struct in_addr masq, pub, prv1, prv2, prv3, cgn, ext, ANY_ADDR;
int randcmp(const void *a, const void *b);
void hexdump(void *p, size_t len);
struct ip * ip_packet(struct in_addr src, struct in_addr dst, u_char protocol, size_t len);
struct ip * ip_packet(u_char protocol, size_t len);
struct udphdr * set_udp(struct ip *p, u_short sport, u_short dport);
inline int
@ -59,4 +62,76 @@ rand_range(int min, int max)
return min + rand()%(max - min);
}
#define NAT_CHECK(pip, src, dst, msq) do { \
int res; \
int len = ntohs(pip->ip_len); \
pip->ip_src = src; \
pip->ip_dst = dst; \
res = LibAliasOut(la, pip, len); \
ATF_CHECK_MSG(res == PKT_ALIAS_OK, \
">%d< not met PKT_ALIAS_OK", res); \
ATF_CHECK(addr_eq(msq, pip->ip_src)); \
ATF_CHECK(addr_eq(dst, pip->ip_dst)); \
} while(0)
#define NAT_FAIL(pip, src, dst) do { \
int res; \
int len = ntohs(pip->ip_len); \
pip->ip_src = src; \
pip->ip_dst = dst; \
res = LibAliasOut(la, pip, len); \
ATF_CHECK_MSG(res != PKT_ALIAS_OK), \
">%d< not met !PKT_ALIAS_OK", res); \
ATF_CHECK(addr_eq(src, pip->ip_src)); \
ATF_CHECK(addr_eq(dst, pip->ip_dst)); \
} while(0)
#define UNNAT_CHECK(pip, src, dst, rel) do { \
int res; \
int len = ntohs(pip->ip_len); \
pip->ip_src = src; \
pip->ip_dst = dst; \
res = LibAliasIn(la, pip, len); \
ATF_CHECK_MSG(res == PKT_ALIAS_OK, \
">%d< not met PKT_ALIAS_OK", res); \
ATF_CHECK(addr_eq(src, pip->ip_src)); \
ATF_CHECK(addr_eq(rel, pip->ip_dst)); \
} while(0)
#define UNNAT_FAIL(pip, src, dst) do { \
int res; \
int len = ntohs(pip->ip_len); \
pip->ip_src = src; \
pip->ip_dst = dst; \
res = LibAliasIn(la, pip, len); \
ATF_CHECK_MSG(res != PKT_ALIAS_OK, \
">%d< not met !PKT_ALIAS_OK", res); \
ATF_CHECK(addr_eq(src, pip->ip_src)); \
ATF_CHECK(addr_eq(dst, pip->ip_dst)); \
} while(0)
#define UDP_NAT_CHECK(p, u, si, sp, di, dp, mi) do { \
u = set_udp(p, (sp), (dp)); \
NAT_CHECK(p, (si), (di), (mi)); \
ATF_CHECK(u->uh_dport == htons(dp)); \
} while(0)
#define UDP_NAT_FAIL(p, u, si, sp, di, dp) do { \
u = set_udp(p, (sp), (dp)); \
NAT_FAIL(p, (si), (mi)); \
} while(0)
#define UDP_UNNAT_CHECK(p, u, si, sp, mi, mp, di, dp) \
do { \
u = set_udp(p, (sp), (mp)); \
UNNAT_CHECK(p, (si), (mi), (di)); \
ATF_CHECK(u->uh_sport == htons(sp)); \
ATF_CHECK(u->uh_dport == htons(dp)); \
} while(0)
#define UDP_UNNAT_FAIL(p, u, si, sp, mi, mp) do { \
u = set_udp(p, (sp), (mp)); \
UNNAT_FAIL(p, (si), (mi)); \
} while(0)
#endif /* _UTIL_H */