static int test_nfct_cmp_api_single(struct nf_conntrack *ct1, struct nf_conntrack *ct2, int attr) { char data[256]; struct nfct_bitmask *b; int bit; if (attr_is_readonly(attr)) return 0; switch (attr) { case ATTR_SECMARK: /* obsolete */ return 0; /* FIXME: not implemented comparators: */ case ATTR_SNAT_IPV4: case ATTR_DNAT_IPV4: case ATTR_SNAT_PORT: case ATTR_DNAT_PORT: case ATTR_TCP_FLAGS_ORIG: case ATTR_TCP_FLAGS_REPL: case ATTR_TCP_MASK_ORIG: case ATTR_TCP_MASK_REPL: case ATTR_MASTER_IPV4_SRC: case ATTR_MASTER_IPV4_DST: case ATTR_MASTER_IPV6_SRC: case ATTR_MASTER_IPV6_DST: case ATTR_MASTER_PORT_SRC: case ATTR_MASTER_PORT_DST: case ATTR_MASTER_L3PROTO: case ATTR_MASTER_L4PROTO: case ATTR_ORIG_NAT_SEQ_CORRECTION_POS: case ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE: case ATTR_ORIG_NAT_SEQ_OFFSET_AFTER: case ATTR_REPL_NAT_SEQ_CORRECTION_POS: case ATTR_REPL_NAT_SEQ_OFFSET_BEFORE: case ATTR_REPL_NAT_SEQ_OFFSET_AFTER: case ATTR_SCTP_VTAG_ORIG: case ATTR_SCTP_VTAG_REPL: case ATTR_HELPER_NAME: case ATTR_DCCP_ROLE: case ATTR_DCCP_HANDSHAKE_SEQ: case ATTR_TCP_WSCALE_ORIG: case ATTR_TCP_WSCALE_REPL: case ATTR_HELPER_INFO: return 0; /* XXX */ default: break; } if (attr >= ATTR_SCTP_STATE) { nfct_set_attr_u8(ct1, ATTR_REPL_L4PROTO, IPPROTO_SCTP); nfct_set_attr_u8(ct1, ATTR_L4PROTO, IPPROTO_SCTP); } else if (attr >= ATTR_TCP_FLAGS_ORIG) { nfct_set_attr_u8(ct1, ATTR_REPL_L4PROTO, IPPROTO_TCP); nfct_set_attr_u8(ct1, ATTR_L4PROTO, IPPROTO_TCP); } else if (attr >= ATTR_ICMP_CODE) { nfct_set_attr_u8(ct1, ATTR_REPL_L4PROTO, IPPROTO_ICMP); nfct_set_attr_u8(ct1, ATTR_L4PROTO, IPPROTO_ICMP); } else if (attr >= ATTR_ORIG_PORT_SRC) { nfct_set_attr_u8(ct1, ATTR_REPL_L4PROTO, IPPROTO_TCP); nfct_set_attr_u8(ct1, ATTR_L4PROTO, IPPROTO_TCP); } nfct_copy(ct2, ct1, NFCT_CP_OVERRIDE); memset(data, 42, sizeof(data)); assert(nfct_attr_is_set(ct1, attr)); assert(nfct_attr_is_set(ct2, attr)); switch (attr) { case ATTR_CONNLABELS: case ATTR_CONNLABELS_MASK: b = (void *) nfct_get_attr(ct1, attr); assert(b); b = nfct_bitmask_clone(b); assert(b); bit = nfct_bitmask_maxbit(b); if (nfct_bitmask_test_bit(b, bit)) { nfct_bitmask_unset_bit(b, bit); assert(!nfct_bitmask_test_bit(b, bit)); } else { nfct_bitmask_set_bit(b, bit); assert(nfct_bitmask_test_bit(b, bit)); } assert(nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 1); nfct_set_attr(ct2, attr, b); break; case ATTR_HELPER_INFO: nfct_set_attr_l(ct2, attr, "test", 4); break; default: nfct_set_attr(ct2, attr, data); break; } if (nfct_cmp(ct1, ct2, NFCT_CMP_ALL) != 0) { fprintf(stderr, "nfct_cmp assert failure for attr %d\n", attr); fprintf(stderr, "%p, %p, %x, %x\n", nfct_get_attr(ct1, attr), nfct_get_attr(ct2, attr), nfct_get_attr_u32(ct1, attr), nfct_get_attr_u32(ct2, attr)); return -1; } if (nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_STRICT) != 0) { fprintf(stderr, "nfct_cmp strict assert failure for attr %d\n", attr); return -1; } return 0; }
int main(void) { int ret, i; struct nf_conntrack *ct, *ct2, *tmp; struct nf_expect *exp, *tmp_exp; char data[256]; const char *val; int status; struct nfct_bitmask *b, *b2; srand(time(NULL)); /* initialize fake data for testing purposes */ for (i=0; i<sizeof(data); i++) data[i] = 0x01; ct = nfct_new(); if (!ct) { perror("nfct_new"); return 0; } tmp = nfct_new(); if (!tmp) { perror("nfct_new"); return 0; } printf("== test set API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_MAX; i++) nfct_set_attr(ct, i, data); exit(0); } else { wait(&status); eval_sigterm(status); } b = nfct_bitmask_new(rand() & 0xffff); assert(b); b2 = nfct_bitmask_new(rand() & 0xffff); assert(b2); for (i=0; i<ATTR_MAX; i++) { switch (i) { case ATTR_CONNLABELS: nfct_set_attr(ct, i, b); break; case ATTR_CONNLABELS_MASK: nfct_set_attr(ct, i, b2); break; default: nfct_set_attr(ct, i, data); break; } } printf("== test get API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_MAX; i++) nfct_get_attr(ct, i); exit(0); } else { wait(&status); eval_sigterm(status); } printf("== validate set API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_MAX; i++) { if (attr_is_readonly(i)) continue; switch(i) { /* These attributes require special handling */ case ATTR_HELPER_INFO: nfct_set_attr_l(ct, i, data, sizeof(data)); break; case ATTR_CONNLABELS: case ATTR_CONNLABELS_MASK: /* already set above */ break; default: data[0] = (uint8_t) i; nfct_set_attr(ct, i, data); } val = nfct_get_attr(ct, i); switch (i) { case ATTR_CONNLABELS: assert((void *) val == b); continue; case ATTR_CONNLABELS_MASK: assert((void *) val == b2); continue; } if (val[0] != data[0]) { printf("ERROR: set/get operations don't match " "for attribute %d (%x != %x)\n", i, val[0], data[0]); } } exit(0); } else { wait(&status); eval_sigterm(status); } printf("== test copy API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_MAX; i++) nfct_copy_attr(tmp, ct, i); exit(0); } else { wait(&status); eval_sigterm(status); } ret = fork(); if (ret == 0) { test_nfct_cmp_api(tmp, ct); exit(0); } else { wait(&status); eval_sigterm(status); } exp = nfexp_new(); if (!exp) { perror("nfexp_new"); return 0; } tmp_exp = nfexp_new(); if (!tmp_exp) { perror("nfexp_new"); return 0; } printf("== test expect set API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_EXP_MAX; i++) nfexp_set_attr(exp, i, data); exit(0); } else { wait(&status); eval_sigterm(status); } for (i=0; i<ATTR_EXP_MAX; i++) nfexp_set_attr(exp, i, data); printf("== test expect get API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_EXP_MAX; i++) nfexp_get_attr(exp, i); exit(0); } else { wait(&status); eval_sigterm(status); } printf("== validate expect set API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_EXP_MAX; i++) { data[0] = (uint8_t) i; nfexp_set_attr(exp, i, data); val = nfexp_get_attr(exp, i); if (val[0] != data[0]) { printf("ERROR: set/get operations don't match " "for attribute %d (%x != %x)\n", i, val[0], data[0]); } } exit(0); } else { wait(&status); eval_sigterm(status); } ret = fork(); if (ret == 0) { test_nfexp_cmp_api(tmp_exp, exp); exit(0); } else { wait(&status); eval_sigterm(status); } ct2 = nfct_new(); if (!ct2) { perror("nfct_new"); return 0; } printf("== test set grp API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_GRP_MAX; i++) nfct_set_attr_grp(ct2, i, data); exit(0); } else { wait(&status); eval_sigterm(status); } for (i=0; i<ATTR_GRP_MAX; i++) nfct_set_attr_grp(ct2, i, data); printf("== test get grp API ==\n"); ret = fork(); if (ret == 0) { char buf[32]; /* IPv6 group address is 16 bytes * 2 */ for (i=0; i<ATTR_GRP_MAX; i++) nfct_get_attr_grp(ct2, i, buf); exit(0); } else { wait(&status); eval_sigterm(status); } printf("== validate set grp API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_GRP_MAX; i++) { char buf[32]; /* IPv6 group address is 16 bytes */ data[0] = (uint8_t) i; nfct_set_attr_grp(ct2, i, data); nfct_get_attr_grp(ct2, i, buf); /* These attributes cannot be set, ignore them. */ switch(i) { case ATTR_GRP_ORIG_COUNTERS: case ATTR_GRP_REPL_COUNTERS: case ATTR_GRP_ORIG_ADDR_SRC: case ATTR_GRP_ORIG_ADDR_DST: case ATTR_GRP_REPL_ADDR_SRC: case ATTR_GRP_REPL_ADDR_DST: continue; } if (buf[0] != data[0]) { printf("ERROR: set/get operations don't match " "for attribute %d (%x != %x)\n", i, buf[0], data[0]); } } exit(0); } else { wait(&status); eval_sigterm(status); } nfct_destroy(ct2); printf("== destroy cloned ct entry ==\n"); nfct_destroy(ct); nfct_destroy(tmp); nfexp_destroy(exp); nfexp_destroy(tmp_exp); printf("OK\n"); test_nfct_bitmask(); return EXIT_SUCCESS; }
int main(void) { int ret, i; struct nf_conntrack *ct, *ct2, *tmp; struct nf_expect *exp, *tmp_exp; char data[256]; const char *val; int status; /* initialize fake data for testing purposes */ for (i=0; i<sizeof(data); i++) data[i] = 0x01; ct = nfct_new(); if (!ct) { perror("nfct_new"); return 0; } tmp = nfct_new(); if (!tmp) { perror("nfct_new"); return 0; } printf("== test set API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_MAX; i++) nfct_set_attr(ct, i, data); exit(0); } else { wait(&status); eval_sigterm(status); } for (i=0; i<ATTR_MAX; i++) nfct_set_attr(ct, i, data); printf("== test get API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_MAX; i++) nfct_get_attr(ct, i); exit(0); } else { wait(&status); eval_sigterm(status); } printf("== validate set API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_MAX; i++) { /* These attributes cannot be set, ignore them. */ switch(i) { case ATTR_ORIG_COUNTER_PACKETS: case ATTR_REPL_COUNTER_PACKETS: case ATTR_ORIG_COUNTER_BYTES: case ATTR_REPL_COUNTER_BYTES: case ATTR_USE: case ATTR_SECCTX: case ATTR_TIMESTAMP_START: case ATTR_TIMESTAMP_STOP: continue; /* These attributes require special handling */ case ATTR_HELPER_INFO: nfct_set_attr_l(ct, i, data, sizeof(data)); break; default: data[0] = (uint8_t) i; nfct_set_attr(ct, i, data); } val = nfct_get_attr(ct, i); if (val[0] != data[0]) { printf("ERROR: set/get operations don't match " "for attribute %d (%x != %x)\n", i, val[0], data[0]); } } exit(0); } else { wait(&status); eval_sigterm(status); } printf("== test copy API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_MAX; i++) nfct_copy_attr(tmp, ct, i); exit(0); } else { wait(&status); eval_sigterm(status); } printf("== test cmp API ==\n"); ret = fork(); if (ret == 0) { nfct_cmp(tmp, ct, NFCT_CMP_ALL); exit(0); } else { wait(&status); eval_sigterm(status); } exp = nfexp_new(); if (!exp) { perror("nfexp_new"); return 0; } tmp_exp = nfexp_new(); if (!tmp_exp) { perror("nfexp_new"); return 0; } printf("== test expect set API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_EXP_MAX; i++) nfexp_set_attr(exp, i, data); exit(0); } else { wait(&status); eval_sigterm(status); } for (i=0; i<ATTR_EXP_MAX; i++) nfexp_set_attr(exp, i, data); printf("== test expect get API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_EXP_MAX; i++) nfexp_get_attr(exp, i); exit(0); } else { wait(&status); eval_sigterm(status); } printf("== validate expect set API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_EXP_MAX; i++) { data[0] = (uint8_t) i; nfexp_set_attr(exp, i, data); val = nfexp_get_attr(exp, i); if (val[0] != data[0]) { printf("ERROR: set/get operations don't match " "for attribute %d (%x != %x)\n", i, val[0], data[0]); } } exit(0); } else { wait(&status); eval_sigterm(status); } /* XXX: missing nfexp_copy API. */ memcpy(tmp_exp, exp, nfexp_maxsize()); printf("== test expect cmp API ==\n"); ret = fork(); if (ret == 0) { nfexp_cmp(tmp_exp, exp, 0); exit(0); } else { wait(&status); eval_sigterm(status); } ct2 = nfct_clone(ct); assert(ct2); assert(nfct_cmp(ct, ct2, NFCT_CMP_ALL) == 1); nfct_destroy(ct2); ct2 = nfct_new(); if (!ct2) { perror("nfct_new"); return 0; } printf("== test set grp API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_GRP_MAX; i++) nfct_set_attr_grp(ct2, i, data); exit(0); } else { wait(&status); eval_sigterm(status); } for (i=0; i<ATTR_GRP_MAX; i++) nfct_set_attr_grp(ct2, i, data); printf("== test get grp API ==\n"); ret = fork(); if (ret == 0) { char buf[32]; /* IPv6 group address is 16 bytes * 2 */ for (i=0; i<ATTR_GRP_MAX; i++) nfct_get_attr_grp(ct2, i, buf); exit(0); } else { wait(&status); eval_sigterm(status); } printf("== validate set grp API ==\n"); ret = fork(); if (ret == 0) { for (i=0; i<ATTR_GRP_MAX; i++) { char buf[32]; /* IPv6 group address is 16 bytes */ data[0] = (uint8_t) i; nfct_set_attr_grp(ct2, i, data); nfct_get_attr_grp(ct2, i, buf); /* These attributes cannot be set, ignore them. */ switch(i) { case ATTR_GRP_ORIG_COUNTERS: case ATTR_GRP_REPL_COUNTERS: case ATTR_GRP_ORIG_ADDR_SRC: case ATTR_GRP_ORIG_ADDR_DST: case ATTR_GRP_REPL_ADDR_SRC: case ATTR_GRP_REPL_ADDR_DST: continue; } if (buf[0] != data[0]) { printf("ERROR: set/get operations don't match " "for attribute %d (%x != %x)\n", i, buf[0], data[0]); } } exit(0); } else { wait(&status); eval_sigterm(status); } nfct_destroy(ct2); printf("== destroy cloned ct entry ==\n"); nfct_destroy(ct); nfct_destroy(tmp); nfexp_destroy(exp); nfexp_destroy(tmp_exp); printf("OK\n"); return EXIT_SUCCESS; }