diff --git a/tests/antispoof/test-ndp.c b/tests/antispoof/test-ndp.c index 2cbede441..2a975b4ef 100644 --- a/tests/antispoof/test-ndp.c +++ b/tests/antispoof/test-ndp.c @@ -148,102 +148,16 @@ static const unsigned char pkt2[86] = { 0x52, 0x54, 0x00, 0x12, 0x34, 0x06 /* RT..4. */ }; -/* legit packet - * Frame 16: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) - * Ethernet II, Src: RealtekU_12:34:02 (52:54:00:12:34:02), - * Dst: RealtekU_12:34:01 (52:54:00:12:34:01) - * Destination: RealtekU_12:34:01 (52:54:00:12:34:01) - Source: RealtekU_12:34:02 (52:54:00:12:34:02) - Type: IPv6 (0x86dd) -Internet Protocol Version 6, Src: 2001:db8:2000:aff0::2, - Dst: 2001:db8:2000:aff0::1 - 0110 .... = Version: 6 - .... 0000 0000 .... .... .... .... .... = - Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT) - .... .... .... 0000 0000 0000 0000 0000 = Flow label: 0x00000 - Payload length: 32 - Next header: UDP (17) - Hop limit: 255 - Source: 2001:db8:2000:aff0::2 - Destination: 2001:db8:2000:aff0::1 - [Source GeoIP: Unknown] - [Destination GeoIP: Unknown] -Internet Control Message Protocol v6 - Type: Neighbor Advertisement (136) - Code: 0 - Checksum: 0x9638 [correct] - [Checksum Status: Good] - Flags: 0x60000000 - 0... .... .... .... .... .... .... .... = Router: Not set - .1.. .... .... .... .... .... .... .... = Solicited: Set - ..1. .... .... .... .... .... .... .... = Override: Set - ...0 0000 0000 0000 0000 0000 0000 0000 = Reserved: 0 - Target Address: 2001:db8:2000:aff0::2 - ICMPv6 Option (Target link-layer address : 52:54:00:12:34:06) - Type: Target link-layer address (2) - Length: 1 (8 bytes) - Link-layer address: RealtekU_12:34:06 (52:54:00:12:34:06) -*/ -static const unsigned char pkt3[86] = { -0x52, 0x54, 0x00, 0x12, 0x34, 0x01, 0x52, 0x54, /* RT..4.RT */ -0x00, 0x12, 0x34, 0x02, 0x86, 0xdd, 0x60, 0x00, /* ..4...`. */ -0x00, 0x00, 0x00, 0x20, 0x11, 0xff, 0x20, 0x01, /* ... :. . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x20, 0x01, /* ...... . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x88, 0x00, /* ........ */ -0x96, 0x38, 0x60, 0x00, 0x00, 0x00, 0x20, 0x01, /* .8`... . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x01, /* ........ */ -0x52, 0x54, 0x00, 0x12, 0x34, 0x06 /* RT..4. */ -}; +/* pkt3 with Next header : UDP (17) + * + * */ +static unsigned char pkt3[86]; +memcpy(pkt3, pkt2, 86); +pkt3[21] = 0x11; -/* legit packet - * Frame 16: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) - * Ethernet II, Src: RealtekU_12:34:02 (52:54:00:12:34:02), - * Dst: RealtekU_12:34:01 (52:54:00:12:34:01) - * Destination: RealtekU_12:34:01 (52:54:00:12:34:01) - Source: RealtekU_12:34:02 (52:54:00:12:34:02) - Type: IPv6 (0x86dd) -Internet Protocol Version 6, Src: 2001:db8:2000:aff0::2, - Dst: 2001:db8:2000:aff0::1 - 0110 .... = Version: 6 - .... 0000 0000 .... .... .... .... .... = - Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT) - .... .... .... 0000 0000 0000 0000 0000 = Flow label: 0x00000 - Payload length: 32 - Next header: ICMPv6 (58) - Hop limit: 255 - Source: 2001:db8:2000:aff0::2 - Destination: 2001:db8:2000:aff0::1 - [Source GeoIP: Unknown] - [Destination GeoIP: Unknown] -Internet Control Message Protocol v6 - Type: Neighbor Advertisement (137) - Code: 0 - Checksum: 0x9638 [correct] - [Checksum Status: Good] - Flags: 0x60000000 - 0... .... .... .... .... .... .... .... = Router: Not set - .1.. .... .... .... .... .... .... .... = Solicited: Set - ..1. .... .... .... .... .... .... .... = Override: Set - ...0 0000 0000 0000 0000 0000 0000 0000 = Reserved: 0 - Target Address: 2001:db8:2000:aff0::2 - ICMPv6 Option (Target link-layer address : 52:54:00:12:34:06) - Type: Target link-layer address (2) - Length: 1 (8 bytes) - Link-layer address: RealtekU_12:34:06 (52:54:00:12:34:06) -*/ -static const unsigned char pkt4[86] = { -0x52, 0x54, 0x00, 0x12, 0x34, 0x01, 0x52, 0x54, /* RT..4.RT */ -0x00, 0x12, 0x34, 0x02, 0x86, 0xdd, 0x60, 0x00, /* ..4...`. */ -0x00, 0x00, 0x00, 0x20, 0x3a, 0xff, 0x20, 0x01, /* ... :. . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x20, 0x01, /* ...... . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x89, 0x00, /* ........ */ -0x96, 0x38, 0x60, 0x00, 0x00, 0x00, 0x20, 0x01, /* .8`... . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x01, /* ........ */ -0x52, 0x54, 0x00, 0x12, 0x34, 0x06 /* RT..4. */ -}; +/* Internet Control Message Protocol v6 + * Type: Neighbor Advertisement (137) + * */ +static unsigned char pkt4[86]; +memcpy(pkt4, pkt2, 86); +pkt4[47] = 0x89; diff --git a/tests/antispoof/tests.c b/tests/antispoof/tests.c index 2fb0544ac..ee54ed080 100644 --- a/tests/antispoof/tests.c +++ b/tests/antispoof/tests.c @@ -274,7 +274,7 @@ static void test_antispoof_generic(const unsigned char **pkts, } else { g_assert(pg_antispoof_arp_add(antispoof, i, &error)); g_assert(error); - g_error_free(error); + pg_error_free(error); error = NULL; } } @@ -286,10 +286,6 @@ static void test_antispoof_generic(const unsigned char **pkts, /* disable arp antispoof, should pass */ pg_antispoof_arp_disable(antispoof); REPLAY(1); - - /* remove IP, should not pass */ - pg_antispoof_arp_del_all(antispoof); - REPLAY(0); /* add ARP_MAX */ for (int i = 0; i <= 150; i++) { @@ -304,9 +300,9 @@ static void test_antispoof_generic(const unsigned char **pkts, } } - /* remove IP, should not pass */ + /* remove IP, should pass */ pg_antispoof_arp_del_all(antispoof); - REPLAY(0); + REPLAY(1); /* disable arp antispoof, should pass */ pg_antispoof_arp_disable(antispoof); @@ -491,8 +487,8 @@ static void test_antispoof_empty_burst(void) g_free(pkts); } -static int test_antispoof_filter(struct pg_brick *antispoof, - } struct rte_mbuf *packet) +static int test_antispoof_filter(struct pg_brick *antispoof, + struct rte_mbuf *packet) { struct pg_brick *gen_west; struct pg_brick *col_east; @@ -575,10 +571,11 @@ static void test_antispoof_ndp(void) pg_antispoof_ndp_enable(antispoof); pg_antispoof_ndp_del_all(antispoof); - /* add NDP_MAX adresses */ for (int i = 0; i < 150; i++) { - pg_ip_from_str(ip, "2001:db8:2000:aff0::"+i); + pg_autofree char *c = NULL; + c = g_strdup_printf("2001:db8:2000:aff0::%d",i); + pg_ip_from_str(ip, c); if (i < PG_NPD_MAX) { pg_antispoof_ndp_add(antispoof, ip, &error); g_assert(!error); @@ -599,14 +596,7 @@ static void test_antispoof_ndp(void) g_assert(!error); /* remove all addresses */ - g_assert(pg_antispoof_ndp_del(antispoof,ip,&error) == 0); - g_assert(!error); - - /* remove adresse */ - g_assert(pg_antispoof_ndp_del(antispoof,ip,&error) != 0); - g_assert(error); - pg_error_free(error); - error = NULL ; + pg_antispoof_ndp_del(antispoof,ip,&error); /* legit packet */ packet = build_packet(pkt0, 86); @@ -635,12 +625,12 @@ static void test_antispoof_ndp(void) /* legit packet with next header :UDP */ packet = build_packet(pkt3, 86); - g_assert(test_antispoof_filter(antispoof, packet) != 0); + g_assert(test_antispoof_filter(antispoof, packet) == 0); pg_packets_free(&packet, pg_mask_firsts(1)); - + /* legit packet with type Redirect Message */ packet = build_packet(pkt4, 86); - g_assert(test_antispoof_filter(antispoof, packet) != 0); + g_assert(test_antispoof_filter(antispoof, packet) == 0); pg_packets_free(&packet, pg_mask_firsts(1)); /* legit packet */