Index: tests/sys/netinet/libalias/2_natout.c =================================================================== --- tests/sys/netinet/libalias/2_natout.c +++ tests/sys/netinet/libalias/2_natout.c @@ -38,63 +38,6 @@ #include "util.h" -/* common ip ranges */ -static struct in_addr masq = { htonl(0x01020304) }; -static struct in_addr pub = { htonl(0x0102dead) }; -static struct in_addr prv1 = { htonl(0x0a00dead) }; -static struct in_addr prv2 = { htonl(0xac10dead) }; -static struct in_addr prv3 = { htonl(0xc0a8dead) }; -static struct in_addr cgn = { htonl(0x6440dead) }; -static struct in_addr ext = { htonl(0x12345678) }; - -#define NAT_CHECK(pip, src, msq) do { \ - int res; \ - int len = ntohs(pip->ip_len); \ - struct in_addr dst = pip->ip_dst; \ - pip->ip_src = src; \ - res = LibAliasOut(la, pip, len); \ - ATF_CHECK_MSG(res == PKT_ALIAS_OK, \ - ">%d< not met PKT_ALIAS_OK", res); \ - ATF_CHECK(addr_eq(msq, pip->ip_src)); \ - ATF_CHECK(addr_eq(dst, pip->ip_dst)); \ -} while(0) - -#define NAT_FAIL(pip, src, dst) do { \ - int res; \ - int len = ntohs(pip->ip_len); \ - pip->ip_src = src; \ - pip->ip_dst = dst; \ - res = LibAliasOut(la, pip, len); \ - ATF_CHECK_MSG(res != PKT_ALIAS_OK), \ - ">%d< not met !PKT_ALIAS_OK", res); \ - ATF_CHECK(addr_eq(src, pip->ip_src)); \ - ATF_CHECK(addr_eq(dst, pip->ip_dst)); \ -} while(0) - -#define UNNAT_CHECK(pip, src, dst, rel) do { \ - int res; \ - int len = ntohs(pip->ip_len); \ - pip->ip_src = src; \ - pip->ip_dst = dst; \ - res = LibAliasIn(la, pip, len); \ - ATF_CHECK_MSG(res == PKT_ALIAS_OK, \ - ">%d< not met PKT_ALIAS_OK", res); \ - ATF_CHECK(addr_eq(src, pip->ip_src)); \ - ATF_CHECK(addr_eq(rel, pip->ip_dst)); \ -} while(0) - -#define UNNAT_FAIL(pip, src, dst) do { \ - int res; \ - int len = ntohs(pip->ip_len); \ - pip->ip_src = src; \ - pip->ip_dst = dst; \ - res = LibAliasIn(la, pip, len); \ - ATF_CHECK_MSG(res != PKT_ALIAS_OK, \ - ">%d< not met !PKT_ALIAS_OK", res); \ - ATF_CHECK(addr_eq(src, pip->ip_src)); \ - ATF_CHECK(addr_eq(dst, pip->ip_dst)); \ -} while(0) - ATF_TC_WITHOUT_HEAD(1_simplemasq); ATF_TC_BODY(1_simplemasq, dummy) { @@ -105,12 +48,12 @@ LibAliasSetAddress(la, masq); LibAliasSetMode(la, 0, ~0); - pip = ip_packet(prv1, ext, 254, 64); - NAT_CHECK(pip, prv1, masq); - NAT_CHECK(pip, prv2, masq); - NAT_CHECK(pip, prv3, masq); - NAT_CHECK(pip, cgn, masq); - NAT_CHECK(pip, pub, masq); + pip = ip_packet(254, 64); + NAT_CHECK(pip, prv1, ext, masq); + NAT_CHECK(pip, prv2, ext, masq); + NAT_CHECK(pip, prv3, ext, masq); + NAT_CHECK(pip, cgn, ext, masq); + NAT_CHECK(pip, pub, ext, masq); free(pip); LibAliasUninit(la); @@ -126,12 +69,12 @@ LibAliasSetAddress(la, masq); LibAliasSetMode(la, PKT_ALIAS_UNREGISTERED_ONLY, ~0); - pip = ip_packet(prv1, ext, 254, 64); - NAT_CHECK(pip, prv1, masq); - NAT_CHECK(pip, prv2, masq); - NAT_CHECK(pip, prv3, masq); - NAT_CHECK(pip, cgn, cgn); - NAT_CHECK(pip, pub, pub); + pip = ip_packet(254, 64); + NAT_CHECK(pip, prv1, ext, masq); + NAT_CHECK(pip, prv2, ext, masq); + NAT_CHECK(pip, prv3, ext, masq); + NAT_CHECK(pip, cgn, ext, cgn); + NAT_CHECK(pip, pub, ext, pub); /* * State is only for new connections @@ -139,11 +82,11 @@ * the mode setting should be ignored */ LibAliasSetMode(la, 0, PKT_ALIAS_UNREGISTERED_ONLY); - NAT_CHECK(pip, prv1, masq); - NAT_CHECK(pip, prv2, masq); - NAT_CHECK(pip, prv3, masq); - NAT_CHECK(pip, cgn, cgn); - NAT_CHECK(pip, pub, pub); + NAT_CHECK(pip, prv1, ext, masq); + NAT_CHECK(pip, prv2, ext, masq); + NAT_CHECK(pip, prv3, ext, masq); + NAT_CHECK(pip, cgn, ext, cgn); + NAT_CHECK(pip, pub, ext, pub); free(pip); LibAliasUninit(la); @@ -159,12 +102,12 @@ LibAliasSetAddress(la, masq); LibAliasSetMode(la, PKT_ALIAS_UNREGISTERED_CGN, ~0); - pip = ip_packet(prv1, ext, 254, 64); - NAT_CHECK(pip, prv1, masq); - NAT_CHECK(pip, prv2, masq); - NAT_CHECK(pip, prv3, masq); - NAT_CHECK(pip, cgn, masq); - NAT_CHECK(pip, pub, pub); + pip = ip_packet(254, 64); + NAT_CHECK(pip, prv1, ext, masq); + NAT_CHECK(pip, prv2, ext, masq); + NAT_CHECK(pip, prv3, ext, masq); + NAT_CHECK(pip, cgn, ext, masq); + NAT_CHECK(pip, pub, ext, pub); /* * State is only for new connections @@ -172,11 +115,11 @@ * the mode setting should be ignored */ LibAliasSetMode(la, 0, PKT_ALIAS_UNREGISTERED_CGN); - NAT_CHECK(pip, prv1, masq); - NAT_CHECK(pip, prv2, masq); - NAT_CHECK(pip, prv3, masq); - NAT_CHECK(pip, cgn, masq); - NAT_CHECK(pip, pub, pub); + NAT_CHECK(pip, prv1, ext, masq); + NAT_CHECK(pip, prv2, ext, masq); + NAT_CHECK(pip, prv3, ext, masq); + NAT_CHECK(pip, cgn, ext, masq); + NAT_CHECK(pip, pub, ext, pub); free(pip); LibAliasUninit(la); @@ -197,41 +140,27 @@ LibAliasSetMode(la, 0, ~0); /* Query from prv1 */ - po = ip_packet(prv1, ext, 0, 64); - uo = set_udp(po, sport, dport); - NAT_CHECK(po, prv1, masq); - ATF_CHECK(uo->uh_dport == htons(dport)); - ATF_CHECK(addr_eq(po->ip_dst, ext)); + po = ip_packet(0, 64); + UDP_NAT_CHECK(po, uo, prv1, sport, ext, dport, masq); aport = ntohs(uo->uh_sport); /* should use a different external port */ ATF_CHECK(aport != sport); /* Response */ - pi = ip_packet(po->ip_dst, po->ip_src, 0, 64); - ui = set_udp(pi, ntohs(uo->uh_dport), ntohs(uo->uh_sport)); - UNNAT_CHECK(pi, ext, masq, prv1); - ATF_CHECK(ui->uh_sport == htons(dport)); - ATF_CHECK(ui->uh_dport == htons(sport)); + pi = ip_packet(0, 64); + UDP_UNNAT_CHECK(pi, ui, ext, dport, masq, aport, prv1, sport); /* Query from different source with same ports */ - uo = set_udp(po, sport, dport); - NAT_CHECK(po, prv2, masq); - ATF_CHECK(uo->uh_dport == htons(dport)); - ATF_CHECK(addr_eq(po->ip_dst, ext)); + UDP_NAT_CHECK(po, uo, prv2, sport, ext, dport, masq); /* should use a different external port */ ATF_CHECK(uo->uh_sport != htons(aport)); /* Response to prv2 */ ui->uh_dport = uo->uh_sport; - UNNAT_CHECK(pi, ext, masq, prv2); - ATF_CHECK(ui->uh_sport == htons(dport)); - ATF_CHECK(ui->uh_dport == htons(sport)); + UDP_UNNAT_CHECK(pi, ui, ext, dport, masq, htons(uo->uh_sport), prv2, sport); /* Response to prv1 again */ - ui->uh_dport = htons(aport); - UNNAT_CHECK(pi, ext, masq, prv1); - ATF_CHECK(ui->uh_sport == htons(dport)); - ATF_CHECK(ui->uh_dport == htons(sport)); + UDP_UNNAT_CHECK(pi, ui, ext, dport, masq, aport, prv1, sport); free(pi); free(po); @@ -253,20 +182,14 @@ LibAliasSetMode(la, PKT_ALIAS_SAME_PORTS, ~0); /* Query from prv1 */ - p = ip_packet(prv1, ext, 0, 64); - u = set_udp(p, sport, dport); - NAT_CHECK(p, prv1, masq); - ATF_CHECK(u->uh_dport == htons(dport)); - ATF_CHECK(addr_eq(p->ip_dst, ext)); + p = ip_packet(0, 64); + UDP_NAT_CHECK(p, u, prv1, sport, ext, dport, masq); aport = ntohs(u->uh_sport); /* should use the same external port */ ATF_CHECK(aport == sport); /* Query from different source with same ports */ - u = set_udp(p, sport, dport); - NAT_CHECK(p, prv2, masq); - ATF_CHECK(u->uh_dport == htons(dport)); - ATF_CHECK(addr_eq(p->ip_dst, ext)); + UDP_NAT_CHECK(p, u, prv2, sport, ext, dport, masq); /* should use a different external port */ ATF_CHECK(u->uh_sport != htons(aport)); @@ -291,43 +214,30 @@ LibAliasSetMode(la, PKT_ALIAS_DENY_INCOMING, PKT_ALIAS_DENY_INCOMING); /* Query from prv1 */ - po = ip_packet(prv1, ext, 0, 64); - uo = set_udp(po, sport, dport); - NAT_CHECK(po, prv1, masq); - ATF_CHECK(uo->uh_dport == htons(dport)); - ATF_CHECK(addr_eq(po->ip_dst, ext)); + po = ip_packet(0, 64); + UDP_NAT_CHECK(po, uo, prv1, sport, ext, dport, masq); aport = ntohs(uo->uh_sport); /* should use the same external port */ ATF_CHECK(aport == sport); /* Response */ - pi = ip_packet(po->ip_dst, po->ip_src, 0, 64); - ui = set_udp(pi, ntohs(uo->uh_dport), ntohs(uo->uh_sport)); - UNNAT_CHECK(pi, ext, masq, prv1); - ATF_CHECK(ui->uh_sport == htons(dport)); - ATF_CHECK(ui->uh_dport == htons(sport)); + pi = ip_packet(0, 64); + UDP_UNNAT_CHECK(po, uo, ext, dport, masq, aport, prv1, sport); /* clear table by keeping the address */ LibAliasSetAddress(la, ext); LibAliasSetAddress(la, masq); /* Response to prv1 again -> DENY_INCOMING */ - ui->uh_dport = htons(aport); - UNNAT_FAIL(pi, ext, masq); + UDP_UNNAT_FAIL(pi, ui, ext, dport, masq, aport); /* Query from different source with same ports */ - uo = set_udp(po, sport, dport); - NAT_CHECK(po, prv2, masq); - ATF_CHECK(uo->uh_dport == htons(dport)); - ATF_CHECK(addr_eq(po->ip_dst, ext)); + UDP_NAT_CHECK(po, uo, prv2, sport, ext, dport, masq); /* should use the same external port, because it's free */ ATF_CHECK(uo->uh_sport == htons(aport)); /* Response to prv2 */ - ui->uh_dport = uo->uh_sport; - UNNAT_CHECK(pi, ext, masq, prv2); - ATF_CHECK(ui->uh_sport == htons(dport)); - ATF_CHECK(ui->uh_dport == htons(sport)); + UDP_UNNAT_CHECK(po, uo, ext, dport, masq, htons(uo->uh_sport), prv2, sport); free(pi); free(po); @@ -351,8 +261,7 @@ ATF_REQUIRE(la != NULL); LibAliasSetAddress(la, masq); - p = ip_packet(prv1, ext, 0, 64); - u = set_udp(p, 0, 0); + p = ip_packet(0, 64); batch = calloc(batch_size, sizeof(*batch)); ATF_REQUIRE(batch != NULL); @@ -374,21 +283,20 @@ } for (i = 0; i < batch_size; i++) { - p->ip_dst = batch[i].dst; - u = set_udp(p, batch[i].sport, batch[i].dport); - NAT_CHECK(p, batch[i].src, masq); - ATF_CHECK(u->uh_dport == htons(batch[i].dport)); - ATF_CHECK(addr_eq(p->ip_dst, batch[i].dst)); + UDP_NAT_CHECK(p, u, + batch[i].src, batch[i].sport, + batch[i].dst, batch[i].dport, + masq); batch[i].aport = htons(u->uh_sport); } qsort(batch, batch_size, sizeof(*batch), randcmp); for (i = 0; i < batch_size; i++) { - u = set_udp(p, batch[i].dport, batch[i].aport); - UNNAT_CHECK(p, batch[i].dst, masq, batch[i].src); - ATF_CHECK(u->uh_dport == htons(batch[i].sport)); - ATF_CHECK(u->uh_sport == htons(batch[i].dport)); + UDP_UNNAT_CHECK(p, u, + batch[i].dst, batch[i].dport, + masq, batch[i].aport, + batch[i].src, batch[i].sport); } } Index: tests/sys/netinet/libalias/perf.c =================================================================== --- tests/sys/netinet/libalias/perf.c +++ tests/sys/netinet/libalias/perf.c @@ -38,11 +38,6 @@ #include "util.h" #include -/* common ip ranges */ -static struct in_addr masq = { htonl(0x01020304) }; -static struct in_addr prv = { htonl(0x0a000000) }; -static struct in_addr ext = { htonl(0x12000000) }; - #define timevalcmp(tv, uv, cmp) \ (((tv).tv_sec == (uv).tv_sec) \ ? ((tv).tv_usec cmp (uv).tv_usec) \ @@ -88,10 +83,10 @@ LibAliasSetAddress(la, masq); LibAliasSetMode(la, PKT_ALIAS_DENY_INCOMING, PKT_ALIAS_DENY_INCOMING); - prv.s_addr &= htonl(0xffff0000); + prv1.s_addr &= htonl(0xffff0000); ext.s_addr &= htonl(0xffff0000); - p = ip_packet(prv, ext, 0, 64); + p = ip_packet(0, 64); u = set_udp(p, 0, 0); if (NULL == (batch = calloc(batch_size, sizeof(*batch)))) { @@ -112,7 +107,7 @@ gettimeofday(&start, NULL); printf("%5.1f ", max_seconds - timevaldiff(timeout, start)/1000000.0f); for (cnt = i = 0; i < batch_size; i++, cnt++) { - batch[i].src.s_addr = prv.s_addr | htonl(rand_range(0, 0xffff)); + batch[i].src.s_addr = prv1.s_addr | htonl(rand_range(0, 0xffff)); batch[i].dst.s_addr = ext.s_addr | htonl(rand_range(0, 0xffff)); batch[i].sport = rand_range(1000, 60000); batch[i].dport = rand_range(1000, 60000); Index: tests/sys/netinet/libalias/util.h =================================================================== --- tests/sys/netinet/libalias/util.h +++ tests/sys/netinet/libalias/util.h @@ -40,9 +40,12 @@ #ifndef _UTIL_H #define _UTIL_H +/* common ip ranges */ +extern struct in_addr masq, pub, prv1, prv2, prv3, cgn, ext, ANY_ADDR; + int randcmp(const void *a, const void *b); void hexdump(void *p, size_t len); -struct ip * ip_packet(struct in_addr src, struct in_addr dst, u_char protocol, size_t len); +struct ip * ip_packet(u_char protocol, size_t len); struct udphdr * set_udp(struct ip *p, u_short sport, u_short dport); inline int @@ -59,4 +62,76 @@ return min + rand()%(max - min); } +#define NAT_CHECK(pip, src, dst, msq) do { \ + int res; \ + int len = ntohs(pip->ip_len); \ + pip->ip_src = src; \ + pip->ip_dst = dst; \ + res = LibAliasOut(la, pip, len); \ + ATF_CHECK_MSG(res == PKT_ALIAS_OK, \ + ">%d< not met PKT_ALIAS_OK", res); \ + ATF_CHECK(addr_eq(msq, pip->ip_src)); \ + ATF_CHECK(addr_eq(dst, pip->ip_dst)); \ +} while(0) + +#define NAT_FAIL(pip, src, dst) do { \ + int res; \ + int len = ntohs(pip->ip_len); \ + pip->ip_src = src; \ + pip->ip_dst = dst; \ + res = LibAliasOut(la, pip, len); \ + ATF_CHECK_MSG(res != PKT_ALIAS_OK), \ + ">%d< not met !PKT_ALIAS_OK", res); \ + ATF_CHECK(addr_eq(src, pip->ip_src)); \ + ATF_CHECK(addr_eq(dst, pip->ip_dst)); \ +} while(0) + +#define UNNAT_CHECK(pip, src, dst, rel) do { \ + int res; \ + int len = ntohs(pip->ip_len); \ + pip->ip_src = src; \ + pip->ip_dst = dst; \ + res = LibAliasIn(la, pip, len); \ + ATF_CHECK_MSG(res == PKT_ALIAS_OK, \ + ">%d< not met PKT_ALIAS_OK", res); \ + ATF_CHECK(addr_eq(src, pip->ip_src)); \ + ATF_CHECK(addr_eq(rel, pip->ip_dst)); \ +} while(0) + +#define UNNAT_FAIL(pip, src, dst) do { \ + int res; \ + int len = ntohs(pip->ip_len); \ + pip->ip_src = src; \ + pip->ip_dst = dst; \ + res = LibAliasIn(la, pip, len); \ + ATF_CHECK_MSG(res != PKT_ALIAS_OK, \ + ">%d< not met !PKT_ALIAS_OK", res); \ + ATF_CHECK(addr_eq(src, pip->ip_src)); \ + ATF_CHECK(addr_eq(dst, pip->ip_dst)); \ +} while(0) + +#define UDP_NAT_CHECK(p, u, si, sp, di, dp, mi) do { \ + u = set_udp(p, (sp), (dp)); \ + NAT_CHECK(p, (si), (di), (mi)); \ + ATF_CHECK(u->uh_dport == htons(dp)); \ +} while(0) + +#define UDP_NAT_FAIL(p, u, si, sp, di, dp) do { \ + u = set_udp(p, (sp), (dp)); \ + NAT_FAIL(p, (si), (mi)); \ +} while(0) + +#define UDP_UNNAT_CHECK(p, u, si, sp, mi, mp, di, dp) \ +do { \ + u = set_udp(p, (sp), (mp)); \ + UNNAT_CHECK(p, (si), (mi), (di)); \ + ATF_CHECK(u->uh_sport == htons(sp)); \ + ATF_CHECK(u->uh_dport == htons(dp)); \ +} while(0) + +#define UDP_UNNAT_FAIL(p, u, si, sp, mi, mp) do { \ + u = set_udp(p, (sp), (mp)); \ + UNNAT_FAIL(p, (si), (mi)); \ +} while(0) + #endif /* _UTIL_H */ Index: tests/sys/netinet/libalias/util.c =================================================================== --- tests/sys/netinet/libalias/util.c +++ tests/sys/netinet/libalias/util.c @@ -38,6 +38,16 @@ #include "util.h" +/* common ip ranges */ +struct in_addr masq = { htonl(0x01020304) }; +struct in_addr pub = { htonl(0x0102dead) }; +struct in_addr prv1 = { htonl(0x0a00dead) }; +struct in_addr prv2 = { htonl(0xac10dead) }; +struct in_addr prv3 = { htonl(0xc0a8dead) }; +struct in_addr cgn = { htonl(0x6440dead) }; +struct in_addr ext = { htonl(0x12345678) }; +struct in_addr ANY_ADDR = { 0 }; + #define REQUIRE(x) do { \ if (!(x)) { \ fprintf(stderr, "Failed in %s %s:%d.\n",\ @@ -78,7 +88,7 @@ } struct ip * -ip_packet(struct in_addr src, struct in_addr dst, u_char protocol, size_t len) +ip_packet(u_char protocol, size_t len) { struct ip * p; @@ -91,8 +101,6 @@ p->ip_hl = sizeof(*p)/4; p->ip_len = htons(len); p->ip_ttl = IPDEFTTL; - p->ip_src = src; - p->ip_dst = dst; p->ip_p = protocol; REQUIRE(p->ip_hl == 5);