bool test_ipv4_icmp4( void ) { u_int8_t protocol; struct tuple tuple; struct sk_buff* skb = NULL; bool success = true; protocol = IPPROTO_ICMP; success &= init_tuple_for_test_ipv4( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); success &= assert_equals_int(NF_DROP, ipv4_icmp4( skb, &tuple ), "See if we discard an IPv4 ICMP packet, which tries to start a communication."); kfree_skb(skb); protocol = IPPROTO_ICMP; success &= init_tuple_for_test_ipv6( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); success &= assert_equals_int(NF_ACCEPT, ipv6_icmp6(skb, &tuple ), "See if we can process correctly an IPv6 ICMP packet."); kfree_skb(skb); protocol = IPPROTO_ICMP; success &= init_tuple_for_test_ipv4( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); success &= assert_equals_int(NF_ACCEPT, ipv4_icmp4( skb, &tuple ), "See if we can process correctly an expected IPv4 ICMP packet."); kfree_skb(skb); return success; }
bool test_ipv4_udp( void ) { u_int8_t protocol = IPPROTO_UDP; struct tuple tuple; struct sk_buff* skb; bool success = true; skb = init_skb_for_test( &tuple, protocol ); if (!skb) return false; success &= init_tuple_for_test_ipv4( &tuple , protocol ); success &= assert_equals_int(NF_DROP, ipv4_udp( skb, &tuple ), "See if we discard an IPv4 UDP packet, which tries to start a communication."); success &= init_tuple_for_test_ipv6( &tuple , protocol ); success &= assert_equals_int(NF_ACCEPT, ipv6_udp( skb, &tuple ), "See if we can process correctly an IPv6 UDP packet."); success &= init_tuple_for_test_ipv4( &tuple , protocol ); success &= assert_equals_int(NF_ACCEPT, ipv4_udp( skb, &tuple ), "See if we can process correctly an expected IPv4 UDP packet."); kfree_skb(skb); return success; }
bool test_ipv4_udp( void ) { u_int8_t protocol = IPPROTO_UDP; struct tuple tuple; struct sk_buff* skb; bool success = true; if (!init_tuple_for_test_ipv4( &tuple , protocol)) return false; skb = init_skb_for_test( &tuple, protocol ); if (!skb) return false; success &= assert_equals_int(NF_DROP, ipv4_udp( skb, &tuple ), "See if we discard an IPv4 UDP packet, which tries to start a communication."); kfree_skb(skb); if (!init_tuple_for_test_ipv6( &tuple , protocol )) return false; skb = init_skb_for_test( &tuple, protocol ); if (!skb) return false; success &= assert_equals_int(NF_ACCEPT, ipv6_udp( skb, &tuple ), "See if we can process correctly an IPv6 UDP packet."); kfree_skb(skb); /* * TODO (test) The following code no longer works, because the BIB stored in the previous step * now uses a random port. These tests are missing lots of asserts anyway, so I'll fix both * issues at the same time later. */ /* if (!init_tuple_for_test_ipv4( &tuple , protocol )) return false; skb = init_skb_for_test( &tuple, protocol ); if (!skb) return false; success &= assert_equals_int(NF_ACCEPT, ipv4_udp( skb, &tuple ), "See if we can process correctly an expected IPv4 UDP packet."); kfree_skb(skb); */ return success; }
bool test_ipv6_udp( void ) { u_int8_t protocol = IPPROTO_UDP; struct tuple tuple; struct sk_buff *skb; bool success = true; if (!init_tuple_for_test_ipv6( &tuple, protocol )) return false; skb = init_skb_for_test( &tuple, protocol ); if (!skb) return false; success &= assert_equals_int(NF_ACCEPT, ipv6_udp( skb, &tuple ), "See if we can process correctly an IPv6 UDP packet."); kfree_skb(skb); return success; }
bool test_filtering_and_updating( void ) { u_int8_t protocol; struct tuple tuple; struct sk_buff *skb; struct in_addr addr4; struct in6_addr addr6; bool success = true; log_debug(" >>> Errores de ICMP no deben afectar las tablas "); protocol = IPPROTO_ICMP; success &= init_tuple_for_test_ipv4( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); icmp_hdr(skb)->type = ICMP_DEST_UNREACH; /* Error packet */ /* Process a tuple generated from a incoming IPv6 packet: */ success &= assert_equals_int(NF_ACCEPT, filtering_and_updating( skb, &tuple), "See if we can forward an IPv4 ICMP packet."); kfree_skb(skb); log_debug(" >>> Get rid of hairpinning loop "); protocol = IPPROTO_UDP; success &= init_tuple_for_test_ipv6( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); /* Add pref64 */ success &= str_to_addr6_verbose(INIT_TUPLE_IPV6_HAIR_LOOP_SRC_ADDR , &addr6); tuple.src.addr.ipv6 = addr6; success &= assert_equals_int(NF_DROP, filtering_and_updating( skb, &tuple), "See if we can get rid of hairpinning loop in IPv6."); kfree_skb(skb); log_debug(" >>> Get rid of unwanted packets "); success &= init_tuple_for_test_ipv6( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); /* Unwanted packet */ success &= str_to_addr6_verbose(INIT_TUPLE_IPV6_HAIR_LOOP_DST_ADDR , &addr6); tuple.dst.addr.ipv6 = addr6; success &= assert_equals_int(NF_DROP, filtering_and_updating( skb, &tuple), "See if we can get rid of unwanted packets in IPv6."); kfree_skb(skb); log_debug(" >>> Get rid of un-expected packets, destined to an address not in pool"); success &= init_tuple_for_test_ipv4( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); /* Packet destined to an address not in pool */ success &= str_to_addr4_verbose(INIT_TUPLE_IPV4_NOT_POOL_DST_ADDR , &addr4); tuple.dst.addr.ipv4 = addr4; success &= assert_equals_int(NF_DROP, filtering_and_updating( skb, &tuple), "See if we can get rid of packet destined to an address not in pool."); kfree_skb(skb); log_debug(" >>> IPv4 incoming packet --> reject"); success &= init_tuple_for_test_ipv4( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); success &= assert_equals_int(NF_DROP, filtering_and_updating( skb, &tuple), "See if we can do reject an incoming IPv4 UDP packet."); kfree_skb(skb); log_debug(" >>> IPv6 incoming packet --> accept"); success &= init_tuple_for_test_ipv6( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); success &= assert_equals_int(NF_ACCEPT, filtering_and_updating( skb, &tuple), "See if we can do filtering and updating on an incoming IPv6 UDP packet."); kfree_skb(skb); /* TODO (test) see test_ipv4_udp(). */ /* log_debug(" >>> IPv4 incoming packet --> accept"); success &= init_tuple_for_test_ipv4( &tuple , protocol ); skb = init_skb_for_test( &tuple, protocol ); success &= assert_not_null(skb, "init_skb_for_test"); success &= assert_equals_int(NF_ACCEPT, filtering_and_updating( skb, &tuple), "See if we can do filtering and updating on an incoming IPv4 UDP packet."); kfree_skb(skb); */ return success; }