Index: tests/sys/netinet/libalias/2_natout.c =================================================================== --- /dev/null +++ tests/sys/netinet/libalias/2_natout.c @@ -0,0 +1,217 @@ +#include +#include +#include +#include + +#include "util.h" + +/* common ip ranges */ +static struct in_addr masq = { htonl(0x01020304) }; +static struct in_addr pub = { htonl(0x0102dead) }; +static struct in_addr prv1 = { htonl(0x0a00dead) }; +static struct in_addr prv2 = { htonl(0xac10dead) }; +static struct in_addr prv3 = { htonl(0xc0a8dead) }; +static struct in_addr cgn = { htonl(0x6440dead) }; +static struct in_addr ext = { htonl(0x12345678) }; + +#define NAT_CHECK(pip, src, msq) do { \ + int res; \ + int len = ntohs(pip->ip_len); \ + struct in_addr dst = pip->ip_dst; \ + pip->ip_src = src; \ + res = LibAliasOut(la, pip, len); \ + ATF_CHECK_MSG(res == PKT_ALIAS_OK, \ + ">%d< not met PKT_ALIAS_OK", res); \ + ATF_CHECK(addr_eq(msq, pip->ip_src)); \ + ATF_CHECK(addr_eq(dst, pip->ip_dst)); \ +} while(0) + +#define NAT_FAIL(pip, src, dst) do { \ + int res; \ + int len = ntohs(pip->ip_len); \ + pip->ip_src = src; \ + pip->ip_dst = dst; \ + res = LibAliasOut(la, pip, len); \ + ATF_CHECK_MSG(res != PKT_ALIAS_OK), \ + ">%d< not met !PKT_ALIAS_OK", res); \ + ATF_CHECK(addr_eq(src, pip->ip_src)); \ + ATF_CHECK(addr_eq(dst, pip->ip_dst)); \ +} while(0) + +#define UNNAT_CHECK(pip, src, dst, rel) do { \ + int res; \ + int len = ntohs(pip->ip_len); \ + pip->ip_src = src; \ + pip->ip_dst = dst; \ + res = LibAliasIn(la, pip, len); \ + ATF_CHECK_MSG(res == PKT_ALIAS_OK, \ + ">%d< not met PKT_ALIAS_OK", res); \ + ATF_CHECK(addr_eq(src, pip->ip_src)); \ + ATF_CHECK(addr_eq(rel, pip->ip_dst)); \ +} while(0) + +#define UNNAT_FAIL(pip, src, dst) do { \ + int res; \ + int len = ntohs(pip->ip_len); \ + pip->ip_src = src; \ + pip->ip_dst = dst; \ + res = LibAliasIn(la, pip, len); \ + ATF_CHECK(res != PKT_ALIAS_OK, \ + ">%d< not met !PKT_ALIAS_OK", res));\ + ATF_CHECK(addr_eq(src, pip->ip_src)); \ + ATF_CHECK(addr_eq(dst, pip->ip_dst)); \ +} while(0) + +ATF_TC_WITHOUT_HEAD(1_simplemasq); +ATF_TC_BODY(1_simplemasq, dummy) +{ + struct libalias *la = LibAliasInit(NULL); + struct ip *pip; + + ATF_REQUIRE(la != NULL); + LibAliasSetAddress(la, masq); + LibAliasSetMode(la, 0, ~0); + + pip = ip_packet(prv1, ext, 254, 64); + NAT_CHECK(pip, prv1, masq); + NAT_CHECK(pip, prv2, masq); + NAT_CHECK(pip, prv3, masq); + NAT_CHECK(pip, cgn, masq); + NAT_CHECK(pip, pub, masq); + + free(pip); + LibAliasUninit(la); +} + +ATF_TC_WITHOUT_HEAD(2_unregistered); +ATF_TC_BODY(2_unregistered, dummy) +{ + struct libalias *la = LibAliasInit(NULL); + struct ip *pip; + + ATF_REQUIRE(la != NULL); + LibAliasSetAddress(la, masq); + LibAliasSetMode(la, PKT_ALIAS_UNREGISTERED_ONLY, ~0); + + pip = ip_packet(prv1, ext, 254, 64); + NAT_CHECK(pip, prv1, masq); + NAT_CHECK(pip, prv2, masq); + NAT_CHECK(pip, prv3, masq); + NAT_CHECK(pip, cgn, cgn); + NAT_CHECK(pip, pub, pub); + + /* + * State is only for new connections + * Because they are now active, + * the mode setting should be ignored + */ + LibAliasSetMode(la, 0, PKT_ALIAS_UNREGISTERED_ONLY); + NAT_CHECK(pip, prv1, masq); + NAT_CHECK(pip, prv2, masq); + NAT_CHECK(pip, prv3, masq); + NAT_CHECK(pip, cgn, cgn); + NAT_CHECK(pip, pub, pub); + + free(pip); + LibAliasUninit(la); +} + +ATF_TC_WITHOUT_HEAD(3_cgn); +ATF_TC_BODY(3_cgn, dummy) +{ + struct libalias *la = LibAliasInit(NULL); + struct ip *pip; + + ATF_REQUIRE(la != NULL); + LibAliasSetAddress(la, masq); + LibAliasSetMode(la, PKT_ALIAS_UNREGISTERED_CGN, ~0); + + pip = ip_packet(prv1, ext, 254, 64); + NAT_CHECK(pip, prv1, masq); + NAT_CHECK(pip, prv2, masq); + NAT_CHECK(pip, prv3, masq); + NAT_CHECK(pip, cgn, masq); + NAT_CHECK(pip, pub, pub); + + /* + * State is only for new connections + * Because they are now active, + * the mode setting should be ignored + */ + LibAliasSetMode(la, 0, PKT_ALIAS_UNREGISTERED_CGN); + NAT_CHECK(pip, prv1, masq); + NAT_CHECK(pip, prv2, masq); + NAT_CHECK(pip, prv3, masq); + NAT_CHECK(pip, cgn, masq); + NAT_CHECK(pip, pub, pub); + + free(pip); + LibAliasUninit(la); +} + +ATF_TC_WITHOUT_HEAD(4_udp); +ATF_TC_BODY(4_udp, dummy) +{ + struct libalias *la = LibAliasInit(NULL); + struct ip *po, *pi; + struct udphdr *ui, *uo; + uint16_t sport = 0x1234; + uint16_t dport = 0x5678; + uint16_t aport; + + ATF_REQUIRE(la != NULL); + LibAliasSetAddress(la, masq); + LibAliasSetMode(la, PKT_ALIAS_LOG, ~0); + + /* Query from prv1 */ + po = ip_packet(prv1, ext, 0, 64); + uo = set_udp(po, sport, dport); + NAT_CHECK(po, prv1, masq); + ATF_CHECK(uo->uh_dport == htons(dport)); + ATF_CHECK(addr_eq(po->ip_dst, ext)); + aport = uo->uh_sport; + + /* Response */ + pi = ip_packet(po->ip_dst, po->ip_src, 0, 64); + ui = set_udp(pi, ntohs(uo->uh_dport), ntohs(uo->uh_sport)); + UNNAT_CHECK(pi, ext, masq, prv1); + ATF_CHECK(ui->uh_sport == htons(dport)); + ATF_CHECK(ui->uh_dport == htons(sport)); + + /* Query from different source with same ports */ + uo = set_udp(po, sport, dport); + NAT_CHECK(po, prv2, masq); + ATF_CHECK(uo->uh_dport == htons(dport)); + ATF_CHECK(addr_eq(po->ip_dst, ext)); + /* should use a different external port */ + ATF_CHECK(uo->uh_sport != aport); + + /* Response to prv2 */ + ui->uh_dport = uo->uh_sport; + UNNAT_CHECK(pi, ext, masq, prv2); + ATF_CHECK(ui->uh_sport == htons(dport)); + ATF_CHECK(ui->uh_dport == htons(sport)); + + /* Response to prv1 again */ + ui->uh_dport = aport; + UNNAT_CHECK(pi, ext, masq, prv1); + ATF_CHECK(ui->uh_sport == htons(dport)); + ATF_CHECK(ui->uh_dport == htons(sport)); + + free(pi); + free(po); + LibAliasUninit(la); +} + +ATF_TP_ADD_TCS(natout) +{ + /* Use "dd if=/dev/random bs=2 count=1 | od -x" to reproduce */ + srand(0x0b61); + + ATF_TP_ADD_TC(natout, 1_simplemasq); + ATF_TP_ADD_TC(natout, 2_unregistered); + ATF_TP_ADD_TC(natout, 3_cgn); + ATF_TP_ADD_TC(natout, 4_udp); + + return atf_no_error(); +} Index: tests/sys/netinet/libalias/Makefile =================================================================== --- tests/sys/netinet/libalias/Makefile +++ tests/sys/netinet/libalias/Makefile @@ -1,16 +1,17 @@ # $FreeBSD$ -.include - PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/netinet/libalias BINDIR= ${TESTSDIR} -ATF_TESTS_C+= 1_instance +ATF_TESTS_C+= 1_instance \ + 2_natout \ LIBADD+= alias +SRCS.2_natout= 2_natout.c util.c + .include # Index: tests/sys/netinet/libalias/util.h =================================================================== --- /dev/null +++ tests/sys/netinet/libalias/util.h @@ -0,0 +1,28 @@ +#include + +#include +#include +#include + +#ifndef _UTIL_H +#define _UTIL_H + +void hexdump(void *p, size_t len); +struct ip * ip_packet(struct in_addr src, struct in_addr dst, u_char protocol, size_t len); +struct udphdr * set_udp(struct ip *p, u_short sport, u_short dport); + +inline int +addr_eq(struct in_addr a, struct in_addr b) +{ + return a.s_addr == b.s_addr; +} + +#define a2h(a) ntohl(a.s_addr) + +inline int +rand_range(int min, int max) +{ + return min + rand()%(max - min); +} + +#endif /* _UTIL_H */ \ No newline at end of file Index: tests/sys/netinet/libalias/util.c =================================================================== --- /dev/null +++ tests/sys/netinet/libalias/util.c @@ -0,0 +1,60 @@ +#include +#include +#include + +#include + +#include "util.h" + +void +hexdump(void *p, size_t len) { + size_t i; + unsigned char *c = p; + + for (i = 0; i < len; i++) { + printf(" %02x", c[i]); + switch (i & 0xf) { + case 0xf: printf("\n"); break; + case 0x7: printf(" "); break; + default: break; + } + } + if ((i & 0xf) != 0x0) + printf("\n"); +} + +struct ip * +ip_packet(struct in_addr src, struct in_addr dst, u_char protocol, size_t len) { + struct ip * p; + + ATF_REQUIRE(len >= 64 && len <= IP_MAXPACKET); + + p = calloc(1, len); + ATF_REQUIRE(p != NULL); + + p->ip_v = IPVERSION; + p->ip_hl = sizeof(*p)/4; + p->ip_len = htons(len); + p->ip_ttl = IPDEFTTL; + p->ip_src = src; + p->ip_dst = dst; + p->ip_p = protocol; + ATF_REQUIRE(p->ip_hl == 5); + + return (p); +} + +struct udphdr * +set_udp(struct ip *p, u_short sport, u_short dport) { + uint32_t *up = (void *)p; + struct udphdr *u = (void *)&(up[p->ip_hl]); + int payload = ntohs(p->ip_len) - 4*p->ip_hl; + + ATF_REQUIRE(payload >= (int)sizeof(*u)); + p->ip_p = IPPROTO_UDP; + u->uh_sport = htons(sport); + u->uh_dport = htons(dport); + u->uh_ulen = htons(payload); + return (u); +} +