bool init_session_entry( u_int8_t l4protocol, struct session_entry *se )
{
struct in_addr src4;
struct in_addr dst4;
struct in6_addr src6;
struct in6_addr dst6;
if (!str_to_addr6_verbose(IPV6_INIT_SESSION_ENTRY_SRC_ADDR, &src6))
return false;
if (!str_to_addr6_verbose(IPV6_INIT_SESSION_ENTRY_DST_ADDR, &dst6))
return false;
if (!str_to_addr4_verbose(IPV4_INIT_SESSION_ENTRY_SRC_ADDR, &src4))
return false;
if (!str_to_addr4_verbose(IPV4_INIT_SESSION_ENTRY_DST_ADDR, &dst4))
return false;
se->ipv6.remote.address = src6; /* X' */
se->ipv6.remote.l4_id = IPV6_INIT_SESSION_ENTRY_SRC_PORT; /* x */
se->ipv6.local.address = dst6; /* Y' */
se->ipv6.local.l4_id = IPV6_INIT_SESSION_ENTRY_DST_PORT; /* y */
se->ipv4.local.address = src4; /* (T, t) */
se->ipv4.local.l4_id = IPV4_INIT_SESSION_ENTRY_SRC_PORT; /* (T, t) */
se->ipv4.remote.address = dst4; /* (Z, z) or (Z(Y’),y) */
se->ipv4.remote.l4_id = IPV4_INIT_SESSION_ENTRY_DST_PORT; /* (Z, z) or (Z(Y’),y) */
se->dying_time = 0;
se->bib = NULL;
INIT_LIST_HEAD(&se->entries_from_bib);
INIT_LIST_HEAD(&se->all_sessions);
se->l4_proto = l4protocol;
se->state = CLOSED;
return true;
}
bool test_allocate_ipv4_transport_address_digger( void )
{
struct in_addr expected_addr;
struct tuple tuple;
struct ipv4_tuple_address new_ipv4_transport_address;
bool success = true;
success &= inject_bib_entry( IPPROTO_ICMP );
success &= inject_bib_entry( IPPROTO_TCP );
success &= init_tuple_for_test_ipv6(&tuple, IPPROTO_UDP);
success &= str_to_addr4_verbose(IPV4_ALLOCATED_ADDR, &expected_addr);
if (!success)
return false;
success &= assert_true( allocate_ipv4_transport_address_digger(&tuple, IPPROTO_UDP, &new_ipv4_transport_address),
"Check that we can allocate a brand new IPv4 transport address for UDP.");
success &= assert_true( ipv4_addr_equals(&new_ipv4_transport_address.address, &expected_addr) ,
"Check that the allocated IPv4 address is correct for UDP.");
success &= assert_true( new_ipv4_transport_address.l4_id % 2 == 0,
"Check that the allocated IPv4 port is even.");
success &= assert_true( new_ipv4_transport_address.l4_id > 1023,
"Check that the allocated IPv4 port is in the upper range.");
return success;
}
bool test_allocate_ipv4_transport_address( void )
{
struct tuple tuple;
struct ipv4_tuple_address tuple_addr;
struct in_addr expected_addr;
bool success = true;
success &= str_to_addr4_verbose(IPV4_ALLOCATED_ADDR, &expected_addr);
success &= inject_bib_entry( IPPROTO_ICMP );
success &= inject_bib_entry( IPPROTO_TCP );
success &= inject_bib_entry( IPPROTO_UDP );
if (!success)
return false;
init_tuple_for_test_ipv6(&tuple, IPPROTO_ICMP);
success &= assert_true(allocate_ipv4_transport_address(&tuple, IPPROTO_ICMP, &tuple_addr),
"Function result for ICMP");
success &= assert_equals_ipv4(&expected_addr , &tuple_addr.address, "IPv4 address for ICMP");
init_tuple_for_test_ipv6(&tuple, IPPROTO_TCP);
success &= assert_true(allocate_ipv4_transport_address(&tuple, IPPROTO_TCP, &tuple_addr),
"Function result for TCP");
success &= assert_equals_ipv4(&expected_addr , &tuple_addr.address, "IPv4 address for TCP");
success &= assert_true(tuple_addr.l4_id > 1023, "Port range for TCP");
init_tuple_for_test_ipv6(&tuple, IPPROTO_UDP);
success &= assert_true(allocate_ipv4_transport_address(&tuple, IPPROTO_UDP, &tuple_addr),
"Function result for UDP");
success &= assert_equals_ipv4(&expected_addr , &tuple_addr.address, "IPv4 address for UDP");
success &= assert_true(tuple_addr.l4_id % 2 == 0, "Port parity for UDP");
success &= assert_true( tuple_addr.l4_id > 1023, "Port range for UDP");
return success;
}
bool test_allocate_ipv4_transport_address_digger( void )
{
struct in_addr expected_addr;
struct tuple tuple;
struct ipv4_tuple_address new_ipv4_transport_address;
bool success = true;
bib_init();
pool4_init(true);
success &= inject_bib_entry( IPPROTO_ICMP );
success &= inject_bib_entry( IPPROTO_TCP );
success &= init_tuple_for_test_ipv6(&tuple, IPPROTO_UDP);
success &= str_to_addr4_verbose(IPV4_ALLOCATED_ADDR, &expected_addr);
if (!success)
return false;
success &= assert_true( allocate_ipv4_transport_address_digger(&tuple, IPPROTO_UDP, &new_ipv4_transport_address),
"Check that we can allocate a brand new IPv4 transport address for UDP.");
success &= assert_true( ipv4_addr_equals(&new_ipv4_transport_address.address, &expected_addr) ,
"Check that the allocated IPv4 address is correct for UDP.");
success &= assert_equals_u16( IPV4_ALLOCATED_PORT_DIGGER, new_ipv4_transport_address.l4_id,
"Check that the allocated IPv4 port is correct for UDP.");
pool4_destroy();
bib_destroy();
return success;
}
bool init_tuple_for_test_ipv4(struct tuple *tuple, u_int8_t l4protocol)
{
if (!str_to_addr4_verbose(INIT_TUPLE_IPV4_DST_ADDR, &tuple->src.addr.ipv4))
return false;
if (!str_to_addr4_verbose(INIT_TUPLE_IPV4_SRC_ADDR, &tuple->dst.addr.ipv4))
return false;
tuple->l3_proto = PF_INET;
tuple->l4_proto = l4protocol;
if ( l4protocol == IPPROTO_ICMP )
{
tuple->icmp_id = INIT_TUPLE_IPV4_ICMP_ID;
tuple->dst.l4_id = INIT_TUPLE_IPV4_ICMP_ID;
}
else
{
tuple->src.l4_id = INIT_TUPLE_IPV4_DST_PORT;
tuple->dst.l4_id = INIT_TUPLE_IPV4_SRC_PORT;
}
return true;
}
bool test_transport_address_ipv4( void )
{
struct in_addr addr;
struct ipv4_tuple_address ta;
bool success = true;
if (!str_to_addr4_verbose(IPV4_TRANSPORT_ADDR, &addr))
return false;
transport_address_ipv4( addr, IPV4_TRANSPORT_PORT, &ta );
success &= assert_equals_ipv4(&ta.address, &addr,
"Check that the address part of an IPv4 transport address is correct.");
success &= assert_equals_u16(ta.l4_id, IPV4_TRANSPORT_PORT,
"Check that the port part of an IPv4 transport address is correct.");
return success;
}
bool test_embed_ipv4_in_ipv6( void )
{
struct in_addr embeddable4;
struct in6_addr embed6;
struct in6_addr embedded6;
bool success = true;
if (pool6_init(NULL, 9) != 0)
return false;
success &= str_to_addr4_verbose(IPV4_EMBEDDABLE_ADDR, &embeddable4);
success &= str_to_addr6_verbose(IPV6_EMBEDDED_ADDR, &embedded6);
success &= assert_true(append_ipv4( &embeddable4, &embed6 ) ,
"Check that we can embed an IPv4 address inside of an IPv6 address correctly.");
success &= assert_equals_ipv6( &embed6 , &embedded6 ,
"Verify that the IPv4 was embedded into a IPv6 address is correct.");
return success;
}
bool test_extract_ipv4_from_ipv6( void )
{
struct in6_addr addr6;
struct in_addr extracted4;
struct in_addr correct4;
bool success = true;
if (pool6_init(NULL, 0) != 0)
return false;
success &= str_to_addr6_verbose(IPV6_EXTRACT_ADDR, &addr6);
success &= str_to_addr4_verbose(IPV4_EXTRACTED_ADDR, &correct4);
success &= assert_true(extract_ipv4(&addr6, &extracted4),
"Check that an IPv4 address can be extracted from an IPv6 address.");
success &= assert_equals_ipv4(&extracted4, &correct4,
"Assert that the extraction of the IPv4 address was correct.");
pool6_destroy();
return success;
}
bool inject_bib_entry( u_int8_t l4protocol )
{
struct ipv4_tuple_address ta_ipv4;
struct ipv6_tuple_address ta_ipv6;
struct in_addr addr4;
struct in6_addr addr6;
struct bib_entry *bib_e;
if (!str_to_addr4_verbose(IPV4_INJECT_BIB_ENTRY_DST_ADDR, &addr4))
return false;
if (!str_to_addr6_verbose(IPV6_INJECT_BIB_ENTRY_SRC_ADDR, &addr6))
return false;
if ( l4protocol == IPPROTO_ICMP || l4protocol == IPPROTO_ICMPV6 )
{
transport_address_ipv4( addr4, INIT_TUPLE_ICMP_ID, &ta_ipv4 );
transport_address_ipv6( addr6, INIT_TUPLE_ICMP_ID, &ta_ipv6 );
}
else
{
transport_address_ipv4( addr4, IPV4_INJECT_BIB_ENTRY_DST_PORT, &ta_ipv4 );
transport_address_ipv6( addr6, IPV6_INJECT_BIB_ENTRY_SRC_PORT, &ta_ipv6 );
}
bib_e = bib_create( &ta_ipv4, &ta_ipv6, false);
if (!bib_e)
{
log_warning("Could not allocate the BIB entry.");
return false;
}
if (bib_add( bib_e, l4protocol ) != 0)
{
log_warning("Could not insert the BIB entry to the table.");
return false;
}
return true;
}
bool test_allocate_ipv4_transport_address( void )
{
u_int8_t protocols[] = { IPPROTO_ICMP, IPPROTO_TCP, IPPROTO_UDP };
__u16 expected_ports[] = { IPV6_ALLOCATE_PORT, IPV6_ALLOCATE_PORT, IPV6_ALLOCATE_PORT };
struct in_addr expected_addr;
struct tuple tuple;
struct ipv4_tuple_address new_ipv4_transport_address;
bool success = true;
int i;
success &= pool6_init();
success &= pool4_init(true);
success &= bib_init();
success &= str_to_addr4_verbose(IPV4_ALLOCATED_ADDR, &expected_addr);
success &= inject_bib_entry( IPPROTO_ICMP );
success &= inject_bib_entry( IPPROTO_TCP );
success &= inject_bib_entry( IPPROTO_UDP );
if (!success)
return false;
for (i = 0; i < ARRAY_SIZE(protocols); i++)
{
init_tuple_for_test_ipv6(&tuple, protocols[i]);
success &= assert_true(allocate_ipv4_transport_address(&tuple, protocols[i], &new_ipv4_transport_address),
"Check that we can allocate a brand new IPv4 transport address.");
success &= assert_equals_ipv4(&expected_addr , &new_ipv4_transport_address.address,
"Check that the allocated IPv4 address is correct.");
success &= assert_equals_u16( expected_ports[i], new_ipv4_transport_address.l4_id,
"Check that the allocated IPv4 port is correct.");
}
bib_destroy();
pool4_destroy();
pool6_destroy();
return success;
}
bool test_filtering_and_updating( void )
{
u_int8_t protocol;
struct tuple tuple;
struct sk_buff *skb;
struct in_addr addr4;
struct in6_addr addr6;
bool success = true;
log_debug(" >>> Errores de ICMP no deben afectar las tablas ");
protocol = IPPROTO_ICMP;
success &= init_tuple_for_test_ipv4( &tuple , protocol );
skb = init_skb_for_test( &tuple, protocol );
success &= assert_not_null(skb, "init_skb_for_test");
icmp_hdr(skb)->type = ICMP_DEST_UNREACH; /* Error packet */
/* Process a tuple generated from a incoming IPv6 packet: */
success &= assert_equals_int(NF_ACCEPT, filtering_and_updating( skb, &tuple),
"See if we can forward an IPv4 ICMP packet.");
kfree_skb(skb);
log_debug(" >>> Get rid of hairpinning loop ");
protocol = IPPROTO_UDP;
success &= init_tuple_for_test_ipv6( &tuple , protocol );
skb = init_skb_for_test( &tuple, protocol );
success &= assert_not_null(skb, "init_skb_for_test");
/* Add pref64 */
success &= str_to_addr6_verbose(INIT_TUPLE_IPV6_HAIR_LOOP_SRC_ADDR , &addr6);
tuple.src.addr.ipv6 = addr6;
success &= assert_equals_int(NF_DROP, filtering_and_updating( skb, &tuple),
"See if we can get rid of hairpinning loop in IPv6.");
kfree_skb(skb);
log_debug(" >>> Get rid of unwanted packets ");
success &= init_tuple_for_test_ipv6( &tuple , protocol );
skb = init_skb_for_test( &tuple, protocol );
success &= assert_not_null(skb, "init_skb_for_test");
/* Unwanted packet */
success &= str_to_addr6_verbose(INIT_TUPLE_IPV6_HAIR_LOOP_DST_ADDR , &addr6);
tuple.dst.addr.ipv6 = addr6;
success &= assert_equals_int(NF_DROP, filtering_and_updating( skb, &tuple),
"See if we can get rid of unwanted packets in IPv6.");
kfree_skb(skb);
log_debug(" >>> Get rid of un-expected packets, destined to an address not in pool");
success &= init_tuple_for_test_ipv4( &tuple , protocol );
skb = init_skb_for_test( &tuple, protocol );
success &= assert_not_null(skb, "init_skb_for_test");
/* Packet destined to an address not in pool */
success &= str_to_addr4_verbose(INIT_TUPLE_IPV4_NOT_POOL_DST_ADDR , &addr4);
tuple.dst.addr.ipv4 = addr4;
success &= assert_equals_int(NF_DROP, filtering_and_updating( skb, &tuple),
"See if we can get rid of packet destined to an address not in pool.");
kfree_skb(skb);
log_debug(" >>> IPv4 incoming packet --> reject");
success &= init_tuple_for_test_ipv4( &tuple , protocol );
skb = init_skb_for_test( &tuple, protocol );
success &= assert_not_null(skb, "init_skb_for_test");
success &= assert_equals_int(NF_DROP, filtering_and_updating( skb, &tuple),
"See if we can do reject an incoming IPv4 UDP packet.");
kfree_skb(skb);
log_debug(" >>> IPv6 incoming packet --> accept");
success &= init_tuple_for_test_ipv6( &tuple , protocol );
skb = init_skb_for_test( &tuple, protocol );
success &= assert_not_null(skb, "init_skb_for_test");
success &= assert_equals_int(NF_ACCEPT, filtering_and_updating( skb, &tuple),
"See if we can do filtering and updating on an incoming IPv6 UDP packet.");
kfree_skb(skb);
/* TODO (test) see test_ipv4_udp(). */
/*
log_debug(" >>> IPv4 incoming packet --> accept");
success &= init_tuple_for_test_ipv4( &tuple , protocol );
skb = init_skb_for_test( &tuple, protocol );
success &= assert_not_null(skb, "init_skb_for_test");
success &= assert_equals_int(NF_ACCEPT, filtering_and_updating( skb, &tuple),
"See if we can do filtering and updating on an incoming IPv4 UDP packet.");
kfree_skb(skb);
*/
return success;
}
