static bool test_udp(void)
{
struct xlation state;
struct sk_buff *skb;
bool success = true;
xlation_init(&state, &jool);
log_debug("== An IPv4 packet attempts to be translated without state ==");
if (create_skb4_udp("0.0.0.4", 3434, "192.0.2.128", 1024, 16, 32, &skb))
return false;
if (pkt_init_ipv4(&state, skb))
return false;
if (determine_in_tuple(&state) != VERDICT_CONTINUE)
return false;
success &= ASSERT_VERDICT(UNTRANSLATABLE, ipv4_simple(&state), "result 1");
success &= assert_bib_count(0, L4PROTO_UDP);
success &= assert_session_count(0, L4PROTO_UDP);
kfree_skb(skb);
log_debug("== IPv6 packet gets translated correctly ==");
if (create_skb6_udp("1::2", 1212, "3::4", 3434, 16, 32, &skb))
return false;
if (pkt_init_ipv6(&state, skb))
return false;
if (determine_in_tuple(&state) != VERDICT_CONTINUE)
return false;
success &= ASSERT_VERDICT(CONTINUE, ipv6_simple(&state), "result 2");
success &= assert_bib_count(1, L4PROTO_UDP);
success &= assert_bib_exists("1::2", 1212, "192.0.2.128", 1024, L4PROTO_UDP, 1);
success &= assert_session_count(1, L4PROTO_UDP);
success &= assert_session_exists("1::2", 1212, "3::4", 3434,
"192.0.2.128", 1024, "0.0.0.4", 3434,
L4PROTO_UDP, ESTABLISHED,
SESSION_TIMER_EST, UDP_DEFAULT);
kfree_skb(skb);
log_debug("== Now that there's state, the IPv4 packet manages to traverse ==");
if (!invert_packet(&state, &skb))
return false;
success &= ASSERT_VERDICT(CONTINUE, ipv4_simple(&state), "result 3");
success &= assert_bib_count(1, L4PROTO_UDP);
success &= assert_bib_exists("1::2", 1212, "192.0.2.128", 1024, L4PROTO_UDP, 1);
success &= assert_session_count(1, L4PROTO_UDP);
success &= assert_session_exists("1::2", 1212, "3::4", 3434,
"192.0.2.128", 1024, "0.0.0.4", 3434,
L4PROTO_UDP, ESTABLISHED,
SESSION_TIMER_EST, UDP_DEFAULT);
kfree_skb(skb);
return success;
}
static bool test_determine_in_tuple_ipv4(void)
{
struct packet pkt;
struct sk_buff *skb;
struct tuple actual, expected;
bool success = true;
if (is_error(init_ipv4_tuple(&expected, "8.7.6.5", 8765, "5.6.7.8", 5678, L4PROTO_UDP)))
return false;
if (is_error(create_skb4_udp(&expected, &skb, 8, 32)))
return false;
if (is_error(pkt_init_ipv4(&pkt, skb)))
return false;
success &= assert_equals_int(VERDICT_CONTINUE, determine_in_tuple(&pkt, &actual), "verdict");
success &= assert_equals_tuple(&expected, &actual, "tuple");
kfree_skb(skb);
return success;
}
static bool
invert_packet(struct xlation *state, struct sk_buff **skb)
{
struct iphdr *hdr4;
struct udphdr *uhdr;
if (create_skb4_udp("1.1.1.1", 1111, "2.2.2.2", 2222, 100, 32, skb))
return false;
if (invert_tuple(state))
return false;
hdr4 = ip_hdr(*skb);
uhdr = udp_hdr(*skb);
hdr4->saddr = state->in.tuple.src.addr4.l3.s_addr;
uhdr->source = cpu_to_be16(state->in.tuple.src.addr4.l4);
hdr4->daddr = state->in.tuple.dst.addr4.l3.s_addr;
uhdr->dest = cpu_to_be16(state->in.tuple.dst.addr4.l4);
if (pkt_init_ipv4(state, *skb))
return false;
return true;
}
static bool test_filtering_and_updating(void)
{
struct xlation state;
struct sk_buff *skb;
bool success = true;
xlation_init(&state, &jool);
log_debug("== ICMPv4 errors should succeed but not affect the tables ==");
if (create_skb4_icmp_error("8.7.6.5", "192.0.2.128", 100, 32, &skb))
return false;
if (pkt_init_ipv4(&state, skb))
return false;
if (determine_in_tuple(&state) != VERDICT_CONTINUE)
return false;
success &= ASSERT_VERDICT(CONTINUE, filtering_and_updating(&state), "ICMP error 1");
success &= assert_bib_count(0, L4PROTO_TCP);
success &= assert_bib_count(0, L4PROTO_UDP);
success &= assert_bib_count(0, L4PROTO_ICMP);
success &= assert_session_count(0, L4PROTO_TCP);
success &= assert_session_count(0, L4PROTO_UDP);
success &= assert_session_count(0, L4PROTO_ICMP);
kfree_skb(skb);
if (!success)
return false;
log_debug("== ICMPv6 errors should succeed but not affect the tables ==");
if (create_skb6_icmp_error("1::2", "3::3:4", 100, 32, &skb))
return false;
if (pkt_init_ipv6(&state, skb))
return false;
if (determine_in_tuple(&state) != VERDICT_CONTINUE)
return false;
success &= ASSERT_VERDICT(CONTINUE, filtering_and_updating(&state), "ICMP error 2");
success &= assert_bib_count(0, L4PROTO_TCP);
success &= assert_bib_count(0, L4PROTO_UDP);
success &= assert_bib_count(0, L4PROTO_ICMP);
success &= assert_session_count(0, L4PROTO_TCP);
success &= assert_session_count(0, L4PROTO_UDP);
success &= assert_session_count(0, L4PROTO_ICMP);
kfree_skb(skb);
if (!success)
return false;
log_debug("== Hairpinning loops should be dropped ==");
if (create_skb6_udp("3::1:2", 1212, "3::3:4", 3434, 100, 32, &skb))
return false;
if (pkt_init_ipv6(&state, skb))
return false;
if (determine_in_tuple(&state) != VERDICT_CONTINUE)
return false;
success &= ASSERT_VERDICT(DROP, filtering_and_updating(&state), "Hairpinning");
success &= assert_bib_count(0, L4PROTO_UDP);
success &= assert_session_count(0, L4PROTO_UDP);
kfree_skb(skb);
if (!success)
return false;
log_debug("== Packets not headed to pool6 must not be translated ==");
if (create_skb6_udp("1::2", 1212, "4::1", 3434, 100, 32, &skb))
return false;
if (pkt_init_ipv6(&state, skb))
return false;
if (determine_in_tuple(&state) != VERDICT_CONTINUE)
return false;
success &= ASSERT_VERDICT(UNTRANSLATABLE, filtering_and_updating(&state), "Not pool6 packet");
success &= assert_bib_count(0, L4PROTO_UDP);
success &= assert_session_count(0, L4PROTO_UDP);
kfree_skb(skb);
if (!success)
return false;
log_debug("== Packets not headed to pool4 must not be translated ==");
if (create_skb4_udp("8.7.6.5", 8765, "5.6.7.8", 5678, 100, 32, &skb))
return false;
if (pkt_init_ipv4(&state, skb))
return false;
if (determine_in_tuple(&state) != VERDICT_CONTINUE)
return false;
success &= ASSERT_VERDICT(UNTRANSLATABLE, filtering_and_updating(&state), "Not pool4 packet");
success &= assert_bib_count(0, L4PROTO_UDP);
success &= assert_session_count(0, L4PROTO_UDP);
kfree_skb(skb);
if (!success)
return false;
log_debug("== Other IPv6 packets should survive validations ==");
if (create_skb6_udp("1::2", 1212, "3::3:4", 3434, 100, 32, &skb))
return false;
if (pkt_init_ipv6(&state, skb))
return false;
if (determine_in_tuple(&state) != VERDICT_CONTINUE)
return false;
success &= ASSERT_VERDICT(CONTINUE, filtering_and_updating(&state), "IPv6 success");
success &= assert_bib_count(1, L4PROTO_UDP);
success &= assert_session_count(1, L4PROTO_UDP);
kfree_skb(skb);
if (!success)
return false;
log_debug("== Other IPv4 packets should survive validations ==");
if (!invert_packet(&state, &skb))
return false;
success &= ASSERT_VERDICT(CONTINUE, filtering_and_updating(&state), "IPv4 success");
success &= assert_bib_count(1, L4PROTO_UDP);
success &= assert_session_count(1, L4PROTO_UDP);
kfree_skb(skb);
return success;
}
