From c8a9867b6dd61f69bc02cf6bc29ebced186fad66 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Fri, 11 Oct 2019 15:49:59 +0000 Subject: [PATCH 1/3] tests:improve coverage of antispoof Signed-off-by: Cloud User --- include/packetgraph/antispoof.h | 3 + src/antispoof.c | 14 ++-- src/brick-int.h | 4 +- tests/antispoof/test-ndp.c | 100 +++++++++++++++++++++++++++++ tests/antispoof/tests.c | 109 ++++++++++++++++++++++++++++++-- tests/core/test-core.c | 5 ++ 6 files changed, 220 insertions(+), 15 deletions(-) diff --git a/include/packetgraph/antispoof.h b/include/packetgraph/antispoof.h index 2fddb9c15..3461ceb5c 100644 --- a/include/packetgraph/antispoof.h +++ b/include/packetgraph/antispoof.h @@ -21,6 +21,9 @@ #include #include +#define PG_ARP_MAX 100 +#define PG_NPD_MAX 100 + struct ether_addr; /** diff --git a/src/antispoof.c b/src/antispoof.c index 6e70d6f11..2dd9bc2fd 100644 --- a/src/antispoof.c +++ b/src/antispoof.c @@ -25,9 +25,7 @@ #include "utils/mac.h" #include "utils/ip.h" #include "utils/network.h" - -#define ARP_MAX 100 -#define NPD_MAX 100 +#include struct pg_antispoof_arp { /* Format of hardware address. */ @@ -88,11 +86,11 @@ struct pg_antispoof_state { struct ether_addr mac; bool arp_enabled; uint16_t arps_size; - struct arp arps[ARP_MAX]; + struct arp arps[PG_ARP_MAX]; /* icmpv6 / neighbor discovery */ bool ndp_enabled; uint16_t ndps_size; - struct ndp ndps[NPD_MAX]; + struct ndp ndps[PG_NPD_MAX]; }; struct pg_antispoof_config { @@ -120,7 +118,7 @@ int pg_antispoof_arp_add(struct pg_brick *brick, uint32_t ip, uint16_t n = state->arps_size; struct arp *arp = &state->arps[n]; - if (unlikely(n == ARP_MAX)) { + if (unlikely(n == PG_ARP_MAX)) { *errp = pg_error_new("Maximal IP reached"); return -1; } @@ -229,7 +227,7 @@ int pg_antispoof_ndp_add(struct pg_brick *brick, uint8_t *ip, uint16_t n = state->ndps_size; struct ndp *ndp = &state->ndps[n]; - if (unlikely(n == NPD_MAX)) { + if (unlikely(n == PG_NPD_MAX)) { *errp = pg_error_new("Maximal IPV6 reached"); return -1; } @@ -412,5 +410,3 @@ static struct pg_brick_ops antispoof_ops = { pg_brick_register(antispoof, &antispoof_ops); -#undef NPD_MAX -#undef ARP_MAX diff --git a/src/brick-int.h b/src/brick-int.h index e8c6a8524..3afad9afd 100644 --- a/src/brick-int.h +++ b/src/brick-int.h @@ -208,8 +208,8 @@ int pg_brick_reset(struct pg_brick *brick, struct pg_error **errp); /* testing */ uint32_t pg_brick_links_count_get(const struct pg_brick *brick, - const struct pg_brick *target, - struct pg_error **errp); + const struct pg_brick *target, + struct pg_error **errp); int64_t pg_brick_refcount(const struct pg_brick *brick); /* generic functions used to factorize code */ diff --git a/tests/antispoof/test-ndp.c b/tests/antispoof/test-ndp.c index 1a8fa41c9..2cbede441 100644 --- a/tests/antispoof/test-ndp.c +++ b/tests/antispoof/test-ndp.c @@ -147,3 +147,103 @@ static const unsigned char pkt2[86] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x01, /* ........ */ 0x52, 0x54, 0x00, 0x12, 0x34, 0x06 /* RT..4. */ }; + +/* legit packet + * Frame 16: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) + * Ethernet II, Src: RealtekU_12:34:02 (52:54:00:12:34:02), + * Dst: RealtekU_12:34:01 (52:54:00:12:34:01) + * Destination: RealtekU_12:34:01 (52:54:00:12:34:01) + Source: RealtekU_12:34:02 (52:54:00:12:34:02) + Type: IPv6 (0x86dd) +Internet Protocol Version 6, Src: 2001:db8:2000:aff0::2, + Dst: 2001:db8:2000:aff0::1 + 0110 .... = Version: 6 + .... 0000 0000 .... .... .... .... .... = + Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT) + .... .... .... 0000 0000 0000 0000 0000 = Flow label: 0x00000 + Payload length: 32 + Next header: UDP (17) + Hop limit: 255 + Source: 2001:db8:2000:aff0::2 + Destination: 2001:db8:2000:aff0::1 + [Source GeoIP: Unknown] + [Destination GeoIP: Unknown] +Internet Control Message Protocol v6 + Type: Neighbor Advertisement (136) + Code: 0 + Checksum: 0x9638 [correct] + [Checksum Status: Good] + Flags: 0x60000000 + 0... .... .... .... .... .... .... .... = Router: Not set + .1.. .... .... .... .... .... .... .... = Solicited: Set + ..1. .... .... .... .... .... .... .... = Override: Set + ...0 0000 0000 0000 0000 0000 0000 0000 = Reserved: 0 + Target Address: 2001:db8:2000:aff0::2 + ICMPv6 Option (Target link-layer address : 52:54:00:12:34:06) + Type: Target link-layer address (2) + Length: 1 (8 bytes) + Link-layer address: RealtekU_12:34:06 (52:54:00:12:34:06) +*/ +static const unsigned char pkt3[86] = { +0x52, 0x54, 0x00, 0x12, 0x34, 0x01, 0x52, 0x54, /* RT..4.RT */ +0x00, 0x12, 0x34, 0x02, 0x86, 0xdd, 0x60, 0x00, /* ..4...`. */ +0x00, 0x00, 0x00, 0x20, 0x11, 0xff, 0x20, 0x01, /* ... :. . */ +0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ +0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x20, 0x01, /* ...... . */ +0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ +0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x88, 0x00, /* ........ */ +0x96, 0x38, 0x60, 0x00, 0x00, 0x00, 0x20, 0x01, /* .8`... . */ +0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ +0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x01, /* ........ */ +0x52, 0x54, 0x00, 0x12, 0x34, 0x06 /* RT..4. */ +}; + +/* legit packet + * Frame 16: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) + * Ethernet II, Src: RealtekU_12:34:02 (52:54:00:12:34:02), + * Dst: RealtekU_12:34:01 (52:54:00:12:34:01) + * Destination: RealtekU_12:34:01 (52:54:00:12:34:01) + Source: RealtekU_12:34:02 (52:54:00:12:34:02) + Type: IPv6 (0x86dd) +Internet Protocol Version 6, Src: 2001:db8:2000:aff0::2, + Dst: 2001:db8:2000:aff0::1 + 0110 .... = Version: 6 + .... 0000 0000 .... .... .... .... .... = + Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT) + .... .... .... 0000 0000 0000 0000 0000 = Flow label: 0x00000 + Payload length: 32 + Next header: ICMPv6 (58) + Hop limit: 255 + Source: 2001:db8:2000:aff0::2 + Destination: 2001:db8:2000:aff0::1 + [Source GeoIP: Unknown] + [Destination GeoIP: Unknown] +Internet Control Message Protocol v6 + Type: Neighbor Advertisement (137) + Code: 0 + Checksum: 0x9638 [correct] + [Checksum Status: Good] + Flags: 0x60000000 + 0... .... .... .... .... .... .... .... = Router: Not set + .1.. .... .... .... .... .... .... .... = Solicited: Set + ..1. .... .... .... .... .... .... .... = Override: Set + ...0 0000 0000 0000 0000 0000 0000 0000 = Reserved: 0 + Target Address: 2001:db8:2000:aff0::2 + ICMPv6 Option (Target link-layer address : 52:54:00:12:34:06) + Type: Target link-layer address (2) + Length: 1 (8 bytes) + Link-layer address: RealtekU_12:34:06 (52:54:00:12:34:06) +*/ +static const unsigned char pkt4[86] = { +0x52, 0x54, 0x00, 0x12, 0x34, 0x01, 0x52, 0x54, /* RT..4.RT */ +0x00, 0x12, 0x34, 0x02, 0x86, 0xdd, 0x60, 0x00, /* ..4...`. */ +0x00, 0x00, 0x00, 0x20, 0x3a, 0xff, 0x20, 0x01, /* ... :. . */ +0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ +0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x20, 0x01, /* ...... . */ +0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ +0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x89, 0x00, /* ........ */ +0x96, 0x38, 0x60, 0x00, 0x00, 0x00, 0x20, 0x01, /* .8`... . */ +0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ +0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x01, /* ........ */ +0x52, 0x54, 0x00, 0x12, 0x34, 0x06 /* RT..4. */ +}; diff --git a/tests/antispoof/tests.c b/tests/antispoof/tests.c index e46478c44..2fb0544ac 100644 --- a/tests/antispoof/tests.c +++ b/tests/antispoof/tests.c @@ -253,9 +253,64 @@ static void test_antispoof_generic(const unsigned char **pkts, pg_error_free(error); error = NULL; + /* re-add other IP and original IP, should pass */ + g_assert(!pg_antispoof_arp_del(antispoof, 42, &error)); + g_assert(!pg_antispoof_arp_del(antispoof, 51, &error)); + g_assert(!pg_antispoof_arp_add(antispoof, 42, &error)); + g_assert(!pg_antispoof_arp_add(antispoof, 51, &error)); + g_assert(!pg_antispoof_arp_add(antispoof, inside_ip, &error)); + g_assert(!error); + REPLAY(1); + + /* remove IP, should not pass */ + pg_antispoof_arp_del_all(antispoof); + REPLAY(0); + + /* add ARP_MAX */ + for (int i = 0; i <= 150; i++) { + if (i < PG_ARP_MAX) { + g_assert(!pg_antispoof_arp_add(antispoof, i, &error)); + g_assert(!error); + } else { + g_assert(pg_antispoof_arp_add(antispoof, i, &error)); + g_assert(error); + g_error_free(error); + error = NULL; + } + } + + /* remove IP, should not pass */ + pg_antispoof_arp_del_all(antispoof); + REPLAY(0); + /* disable arp antispoof, should pass */ pg_antispoof_arp_disable(antispoof); REPLAY(1); + + /* remove IP, should not pass */ + pg_antispoof_arp_del_all(antispoof); + REPLAY(0); + + /* add ARP_MAX */ + for (int i = 0; i <= 150; i++) { + if (i < PG_ARP_MAX) { + g_assert(!pg_antispoof_arp_add(antispoof, i, &error)); + g_assert(!error); + } else { + g_assert(pg_antispoof_arp_add(antispoof, i, &error)); + g_assert(error); + pg_error_free(error); + error = NULL; + } + } + + /* remove IP, should not pass */ + pg_antispoof_arp_del_all(antispoof); + REPLAY(0); + + /* disable arp antispoof, should pass */ + pg_antispoof_arp_disable(antispoof); + REPLAY(1); /* enable arp antispoof again, should re-block */ pg_antispoof_arp_enable(antispoof); @@ -265,8 +320,7 @@ static void test_antispoof_generic(const unsigned char **pkts, pg_brick_unlink(antispoof, &error); g_assert(!error); pg_brick_destroy(antispoof); - antispoof = pg_antispoof_new("antispoof", PG_WEST_SIDE, - &inside_mac, &error); + antispoof = pg_antispoof_new("antispoof", PG_WEST_SIDE, &inside_mac, &error); pg_antispoof_arp_enable(antispoof); g_assert(!pg_antispoof_arp_add(antispoof, inside_ip, &error)); g_assert(!error); @@ -438,7 +492,7 @@ static void test_antispoof_empty_burst(void) } static int test_antispoof_filter(struct pg_brick *antispoof, - struct rte_mbuf *packet) + } struct rte_mbuf *packet) { struct pg_brick *gen_west; struct pg_brick *col_east; @@ -521,6 +575,39 @@ static void test_antispoof_ndp(void) pg_antispoof_ndp_enable(antispoof); pg_antispoof_ndp_del_all(antispoof); + + /* add NDP_MAX adresses */ + for (int i = 0; i < 150; i++) { + pg_ip_from_str(ip, "2001:db8:2000:aff0::"+i); + if (i < PG_NPD_MAX) { + pg_antispoof_ndp_add(antispoof, ip, &error); + g_assert(!error); + } else { + pg_antispoof_ndp_add(antispoof, ip, &error); + g_assert(error); + pg_error_free(error); + error = NULL; + } + } + + /* remove all adresses */ + pg_antispoof_ndp_del_all(antispoof); + + /* add several bad addresses */ + pg_ip_from_str(ip, "2001:db8:2000:aff0::42"); + pg_antispoof_ndp_add(antispoof, ip, &error); + g_assert(!error); + + /* remove all addresses */ + g_assert(pg_antispoof_ndp_del(antispoof,ip,&error) == 0); + g_assert(!error); + + /* remove adresse */ + g_assert(pg_antispoof_ndp_del(antispoof,ip,&error) != 0); + g_assert(error); + pg_error_free(error); + error = NULL ; + /* legit packet */ packet = build_packet(pkt0, 86); g_assert(test_antispoof_filter(antispoof, packet) == 0); @@ -538,10 +625,24 @@ static void test_antispoof_ndp(void) pg_ip_from_str(ip, "2001:db8:2000:aff0::42"); pg_antispoof_ndp_add(antispoof, ip, &error); g_assert(!error); - pg_ip_from_str(ip, "2001:db8:2000:aff0::43"); + pg_ip_from_str(ip, "0"); pg_antispoof_ndp_add(antispoof, ip, &error); g_assert(!error); + /* remove adresse */ + g_assert(pg_antispoof_ndp_del(antispoof,ip,&error) == 0); + g_assert(!error); + + /* legit packet with next header :UDP */ + packet = build_packet(pkt3, 86); + g_assert(test_antispoof_filter(antispoof, packet) != 0); + pg_packets_free(&packet, pg_mask_firsts(1)); + + /* legit packet with type Redirect Message */ + packet = build_packet(pkt4, 86); + g_assert(test_antispoof_filter(antispoof, packet) != 0); + pg_packets_free(&packet, pg_mask_firsts(1)); + /* legit packet */ packet = build_packet(pkt0, 86); g_assert(test_antispoof_filter(antispoof, packet) == 0); diff --git a/tests/core/test-core.c b/tests/core/test-core.c index e79359384..cd85e63a0 100644 --- a/tests/core/test-core.c +++ b/tests/core/test-core.c @@ -828,6 +828,11 @@ static void test_brick_core_verify_re_link(void) test_brick_sanity_check_expected(f, 0, 0); test_brick_sanity_check_expected(a, 0, 0); + pg_brick_unlink(NULL, &e); + g_assert(e); + pg_error_free(e); + e = NULL; + /* Link v and s */ pg_brick_link(v, s, &e); g_assert(!e); From 0feab84f8d87955154f459853c816ac63d9839fa Mon Sep 17 00:00:00 2001 From: hanen mizouni Date: Fri, 25 Oct 2019 12:52:22 +0000 Subject: [PATCH 2/3] test:improve coverage of brick --- src/brick-int.h | 2 +- src/brick.c | 7 +- tests/core/test-core.c | 183 ++++++++++++++++++++++++++++++++++++++++- 3 files changed, 184 insertions(+), 8 deletions(-) diff --git a/src/brick-int.h b/src/brick-int.h index 3afad9afd..3ce9b8bb8 100644 --- a/src/brick-int.h +++ b/src/brick-int.h @@ -207,7 +207,7 @@ struct pg_brick *pg_brick_decref(struct pg_brick *brick, int pg_brick_reset(struct pg_brick *brick, struct pg_error **errp); /* testing */ -uint32_t pg_brick_links_count_get(const struct pg_brick *brick, +int pg_brick_links_count_get(const struct pg_brick *brick, const struct pg_brick *target, struct pg_error **errp); int64_t pg_brick_refcount(const struct pg_brick *brick); diff --git a/src/brick.c b/src/brick.c index df1c28f07..e359b8b11 100644 --- a/src/brick.c +++ b/src/brick.c @@ -321,17 +321,17 @@ static uint16_t count_side(const struct pg_brick_side *side, * @param errp a return pointer for an error message * @return the total number of link from the brick to the target */ -uint32_t pg_brick_links_count_get(const struct pg_brick *brick, +int pg_brick_links_count_get(const struct pg_brick *brick, const struct pg_brick *target, struct pg_error **errp) { - uint32_t count = 0; + int count = 0; enum pg_side i; const struct pg_brick_side *side; if (!brick) { *errp = pg_error_new("brick is NULL"); - return 0; + return -1; } if (brick->type == PG_MULTIPOLE) { @@ -349,6 +349,7 @@ uint32_t pg_brick_links_count_get(const struct pg_brick *brick, if (side->edge.link && side->edge.link == target) ++count; } else { + *errp = pg_error_new("brick config type is unknown"); return -1; } diff --git a/tests/core/test-core.c b/tests/core/test-core.c index cd85e63a0..2dc130462 100644 --- a/tests/core/test-core.c +++ b/tests/core/test-core.c @@ -30,8 +30,52 @@ static void test_brick_core_simple_lifecycle(void) { struct pg_error *error = NULL; struct pg_brick *brick; - struct pg_brick_config *config = pg_brick_config_new("mybrick", 2, 2, - PG_MULTIPOLE); + struct pg_brick_config *config = pg_brick_config_new("mybrick", 2, 2, PG_MULTIPOLE); + struct pg_brick_config *config1 = pg_brick_config_new("mybrick", 2, 2, PG_MONOPOLE); + struct pg_brick_config *config2 = pg_brick_config_new("mybrick", UINT16_MAX, UINT16_MAX, PG_MULTIPOLE); + + brick = pg_brick_new("nop", config1, &error); + g_assert(!brick); + g_assert(error); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "A 'PG_MONOPOLE' cannot have more than one neibour per side"); + pg_error_free(error); + error = NULL; + + brick = pg_brick_new("nop", config2, &error); + g_assert(!brick); + g_assert(error); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "A 'PG_MULTIPOLE' cannot have more than 65535 edge on PG_WEST_SIDE"); + pg_error_free(error); + error = NULL; + + brick = pg_brick_new(NULL, NULL, &error); + g_assert(!brick); + g_assert(error); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "Brick config not set"); + pg_error_free(error); + error = NULL; + + brick = pg_brick_new(NULL, config, &error); + g_assert(!brick); + g_assert(error); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "Brick name not set"); + pg_error_free(error); + error = NULL; + + pg_brick_decref(brick, &error); + g_assert(error); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "NULL brick"); + pg_error_free(error);error = NULL; + + g_assert(pg_brick_reset(brick,&error) < 0); + g_assert(error); + pg_error_free(error); + error = NULL; brick = pg_brick_new("foo", config, &error); g_assert(!brick); @@ -44,9 +88,11 @@ static void test_brick_core_simple_lifecycle(void) brick = pg_brick_new("nop", config, &error); g_assert(brick); g_assert(!error); + printf("brick refcount is %ld\n",brick->refcount); pg_brick_decref(brick, &error); g_assert(!error); + printf("brick refcount is %ld\n",brick->refcount); brick = pg_brick_decref(NULL, &error); g_assert(!brick); @@ -107,6 +153,11 @@ static void test_brick_core_link(void) g_assert(middle_brick); g_assert(!error); + g_assert(pg_brick_reset(middle_brick,&error)!=0); + g_assert(error); + pg_error_free(error); + error = NULL; + east_brick = pg_brick_new("nop", config, &error); g_assert(east_brick); g_assert(!error); @@ -180,6 +231,22 @@ static void test_brick_core_unlink_edge(void) g_assert(ret == 0); g_assert(!error); + ret = pg_brick_link(west_brick, west_brick, &error); + g_assert(ret == -1); + g_assert(error); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "Can not link a brick to itself"); + pg_error_free(error); + error = NULL; + + ret = pg_brick_link(NULL, west_brick, &error); + g_assert(ret == -1); + g_assert(error); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "Node is not valid"); + pg_error_free(error); + error = NULL; + ret = pg_brick_link(middle_brick, east_brick, &error); g_assert(ret == 0); g_assert(!error); @@ -199,6 +266,14 @@ static void test_brick_core_unlink_edge(void) g_assert(error); pg_error_free(error); error = NULL; + g_assert(pg_brick_unlink_edge(east_brick, NULL, &error) == -1); + g_assert(error); + pg_error_free(error); + error = NULL; + g_assert(pg_brick_unlink_edge(NULL, west_brick, &error) == -1); + g_assert(error); + pg_error_free(error); + error = NULL; g_assert(!pg_brick_unlink_edge(west_brick, middle_brick, &error)); refcount = pg_brick_refcount(west_brick); @@ -628,9 +703,19 @@ static void test_brick_sanity_check_expected(struct pg_brick *brick, static void test_brick_core_verify_multiple_link(void) { - struct pg_brick *west_brick, *middle_brick, *east_brick; + struct pg_brick *west_brick, *middle_brick, *east_brick, + *west_brick1, *middle_brick1, *east_brick1, + *west_brick2, *middle_brick2, *east_brick2, + *west_brick3, *middle_brick3, *east_brick3; + struct pg_brick_config *config = pg_brick_config_new("mybrick", 4, 4, PG_MULTIPOLE); + struct pg_brick_config *config1 = pg_brick_config_new("mybrick", 1, 1, + PG_DIPOLE); + struct pg_brick_config *config2 = pg_brick_config_new("mybrick", 1, 1, + PG_MONOPOLE); + struct pg_brick_config *config3 = pg_brick_config_new("mybrick", 1, 1, + 4); uint32_t links_count; struct pg_error *error = NULL; @@ -641,6 +726,27 @@ static void test_brick_core_verify_multiple_link(void) east_brick = pg_brick_new("nop", config, &error); g_assert(!error); + west_brick1 = pg_brick_new("nop", config1, &error); + g_assert(!error); + middle_brick1 = pg_brick_new("nop", config1, &error); + g_assert(!error); + east_brick1 = pg_brick_new("nop", config1, &error); + g_assert(!error); + + west_brick2 = pg_brick_new("nop", config2, &error); + g_assert(!error); + middle_brick2 = pg_brick_new("nop", config2, &error); + g_assert(!error); + east_brick2 = pg_brick_new("nop", config2, &error); + g_assert(!error); + + west_brick3 = pg_brick_new("nop", config3, &error); + g_assert(!error); + middle_brick3 = pg_brick_new("nop", config3, &error); + g_assert(!error); + east_brick3 = pg_brick_new("nop", config3, &error); + g_assert(!error); + /* create a few links */ pg_brick_link(west_brick, middle_brick, &error); g_assert(!error); @@ -652,13 +758,61 @@ static void test_brick_core_verify_multiple_link(void) g_assert(!error); pg_brick_link(middle_brick, east_brick, &error); g_assert(!error); + pg_brick_link(middle_brick1, east_brick1, &error); + g_assert(!error); + pg_brick_link(middle_brick2, east_brick2, &error); + g_assert(!error); + + pg_brick_link(middle_brick1, west_brick1, &error); + g_assert(error); + pg_error_free(error); + error = NULL; + + pg_brick_link(middle_brick2, west_brick2, &error); + g_assert(error); + pg_error_free(error); + error = NULL; + pg_brick_link(middle_brick3, west_brick3, &error); + g_assert(error); + pg_error_free(error); + error = NULL; + + pg_brick_link(west_brick3, middle_brick3, &error); + g_assert(error); + pg_error_free(error); + error = NULL; + /* sanity checks */ test_brick_sanity_check(west_brick); test_brick_sanity_check(middle_brick); test_brick_sanity_check(east_brick); - /* check the link count */ + /* check the link count */ + links_count = pg_brick_links_count_get(NULL, west_brick, &error); + g_assert(error); + g_assert(links_count == (uint32_t) -1); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "brick is NULL"); + pg_error_free(error); + error = NULL; + + links_count = pg_brick_links_count_get(middle_brick3, west_brick3, &error); + g_assert(error); + g_assert(links_count == (uint32_t)-1); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "brick config type is unknown"); + pg_error_free(error); + error = NULL; + + links_count = pg_brick_links_count_get(east_brick3, west_brick3, &error); + g_assert(error); + g_assert(links_count == (uint32_t)-1); + g_assert(error->message); + g_assert_cmpstr(error->message, ==, "brick config type is unknown"); + pg_error_free(error); + error = NULL; + links_count = pg_brick_links_count_get(west_brick, west_brick, &error); g_assert(!error); g_assert(links_count == 0); @@ -694,6 +848,22 @@ static void test_brick_core_verify_multiple_link(void) g_assert(!error); g_assert(links_count == 3); + links_count = pg_brick_links_count_get(middle_brick1,east_brick1, &error); + g_assert(!error); + g_assert(links_count == 1); + + links_count = pg_brick_links_count_get(middle_brick2, east_brick2, &error); + g_assert(!error); + g_assert(links_count == 1); + + links_count = pg_brick_links_count_get(west_brick2, middle_brick2, &error); + g_assert(!error); + g_assert(links_count == 0); + + links_count = pg_brick_links_count_get(east_brick1, east_brick1, &error); + g_assert(!error); + g_assert(links_count == 0); + /* unlink the west brick */ pg_brick_unlink(west_brick, &error); @@ -821,6 +991,11 @@ static void test_brick_core_verify_re_link(void) test_brick_sanity_check_expected(f, 1, 1); test_brick_sanity_check_expected(a, 1, 0); + pg_brick_chained_links(&e,v,NULL); + g_assert(e); + pg_error_free(e); + e = NULL; + /* Unlink f */ pg_brick_unlink(f, &e); g_assert(!e); From 496f0f7aa352deac80272ba355c7f8b83b76203c Mon Sep 17 00:00:00 2001 From: hanen mizouni Date: Thu, 12 Dec 2019 14:11:53 +0000 Subject: [PATCH 3/3] tests: update packet creation and correct some tests Signed-off-by: hanen mizouni --- tests/antispoof/test-ndp.c | 110 ++++--------------------------------- tests/antispoof/tests.c | 34 ++++-------- 2 files changed, 24 insertions(+), 120 deletions(-) diff --git a/tests/antispoof/test-ndp.c b/tests/antispoof/test-ndp.c index 2cbede441..2a975b4ef 100644 --- a/tests/antispoof/test-ndp.c +++ b/tests/antispoof/test-ndp.c @@ -148,102 +148,16 @@ static const unsigned char pkt2[86] = { 0x52, 0x54, 0x00, 0x12, 0x34, 0x06 /* RT..4. */ }; -/* legit packet - * Frame 16: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) - * Ethernet II, Src: RealtekU_12:34:02 (52:54:00:12:34:02), - * Dst: RealtekU_12:34:01 (52:54:00:12:34:01) - * Destination: RealtekU_12:34:01 (52:54:00:12:34:01) - Source: RealtekU_12:34:02 (52:54:00:12:34:02) - Type: IPv6 (0x86dd) -Internet Protocol Version 6, Src: 2001:db8:2000:aff0::2, - Dst: 2001:db8:2000:aff0::1 - 0110 .... = Version: 6 - .... 0000 0000 .... .... .... .... .... = - Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT) - .... .... .... 0000 0000 0000 0000 0000 = Flow label: 0x00000 - Payload length: 32 - Next header: UDP (17) - Hop limit: 255 - Source: 2001:db8:2000:aff0::2 - Destination: 2001:db8:2000:aff0::1 - [Source GeoIP: Unknown] - [Destination GeoIP: Unknown] -Internet Control Message Protocol v6 - Type: Neighbor Advertisement (136) - Code: 0 - Checksum: 0x9638 [correct] - [Checksum Status: Good] - Flags: 0x60000000 - 0... .... .... .... .... .... .... .... = Router: Not set - .1.. .... .... .... .... .... .... .... = Solicited: Set - ..1. .... .... .... .... .... .... .... = Override: Set - ...0 0000 0000 0000 0000 0000 0000 0000 = Reserved: 0 - Target Address: 2001:db8:2000:aff0::2 - ICMPv6 Option (Target link-layer address : 52:54:00:12:34:06) - Type: Target link-layer address (2) - Length: 1 (8 bytes) - Link-layer address: RealtekU_12:34:06 (52:54:00:12:34:06) -*/ -static const unsigned char pkt3[86] = { -0x52, 0x54, 0x00, 0x12, 0x34, 0x01, 0x52, 0x54, /* RT..4.RT */ -0x00, 0x12, 0x34, 0x02, 0x86, 0xdd, 0x60, 0x00, /* ..4...`. */ -0x00, 0x00, 0x00, 0x20, 0x11, 0xff, 0x20, 0x01, /* ... :. . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x20, 0x01, /* ...... . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x88, 0x00, /* ........ */ -0x96, 0x38, 0x60, 0x00, 0x00, 0x00, 0x20, 0x01, /* .8`... . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x01, /* ........ */ -0x52, 0x54, 0x00, 0x12, 0x34, 0x06 /* RT..4. */ -}; +/* pkt3 with Next header : UDP (17) + * + * */ +static unsigned char pkt3[86]; +memcpy(pkt3, pkt2, 86); +pkt3[21] = 0x11; -/* legit packet - * Frame 16: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) - * Ethernet II, Src: RealtekU_12:34:02 (52:54:00:12:34:02), - * Dst: RealtekU_12:34:01 (52:54:00:12:34:01) - * Destination: RealtekU_12:34:01 (52:54:00:12:34:01) - Source: RealtekU_12:34:02 (52:54:00:12:34:02) - Type: IPv6 (0x86dd) -Internet Protocol Version 6, Src: 2001:db8:2000:aff0::2, - Dst: 2001:db8:2000:aff0::1 - 0110 .... = Version: 6 - .... 0000 0000 .... .... .... .... .... = - Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT) - .... .... .... 0000 0000 0000 0000 0000 = Flow label: 0x00000 - Payload length: 32 - Next header: ICMPv6 (58) - Hop limit: 255 - Source: 2001:db8:2000:aff0::2 - Destination: 2001:db8:2000:aff0::1 - [Source GeoIP: Unknown] - [Destination GeoIP: Unknown] -Internet Control Message Protocol v6 - Type: Neighbor Advertisement (137) - Code: 0 - Checksum: 0x9638 [correct] - [Checksum Status: Good] - Flags: 0x60000000 - 0... .... .... .... .... .... .... .... = Router: Not set - .1.. .... .... .... .... .... .... .... = Solicited: Set - ..1. .... .... .... .... .... .... .... = Override: Set - ...0 0000 0000 0000 0000 0000 0000 0000 = Reserved: 0 - Target Address: 2001:db8:2000:aff0::2 - ICMPv6 Option (Target link-layer address : 52:54:00:12:34:06) - Type: Target link-layer address (2) - Length: 1 (8 bytes) - Link-layer address: RealtekU_12:34:06 (52:54:00:12:34:06) -*/ -static const unsigned char pkt4[86] = { -0x52, 0x54, 0x00, 0x12, 0x34, 0x01, 0x52, 0x54, /* RT..4.RT */ -0x00, 0x12, 0x34, 0x02, 0x86, 0xdd, 0x60, 0x00, /* ..4...`. */ -0x00, 0x00, 0x00, 0x20, 0x3a, 0xff, 0x20, 0x01, /* ... :. . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x20, 0x01, /* ...... . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x89, 0x00, /* ........ */ -0x96, 0x38, 0x60, 0x00, 0x00, 0x00, 0x20, 0x01, /* .8`... . */ -0x0d, 0xb8, 0x20, 0x00, 0xaf, 0xf0, 0x00, 0x00, /* .. ..... */ -0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x01, /* ........ */ -0x52, 0x54, 0x00, 0x12, 0x34, 0x06 /* RT..4. */ -}; +/* Internet Control Message Protocol v6 + * Type: Neighbor Advertisement (137) + * */ +static unsigned char pkt4[86]; +memcpy(pkt4, pkt2, 86); +pkt4[47] = 0x89; diff --git a/tests/antispoof/tests.c b/tests/antispoof/tests.c index 2fb0544ac..ee54ed080 100644 --- a/tests/antispoof/tests.c +++ b/tests/antispoof/tests.c @@ -274,7 +274,7 @@ static void test_antispoof_generic(const unsigned char **pkts, } else { g_assert(pg_antispoof_arp_add(antispoof, i, &error)); g_assert(error); - g_error_free(error); + pg_error_free(error); error = NULL; } } @@ -286,10 +286,6 @@ static void test_antispoof_generic(const unsigned char **pkts, /* disable arp antispoof, should pass */ pg_antispoof_arp_disable(antispoof); REPLAY(1); - - /* remove IP, should not pass */ - pg_antispoof_arp_del_all(antispoof); - REPLAY(0); /* add ARP_MAX */ for (int i = 0; i <= 150; i++) { @@ -304,9 +300,9 @@ static void test_antispoof_generic(const unsigned char **pkts, } } - /* remove IP, should not pass */ + /* remove IP, should pass */ pg_antispoof_arp_del_all(antispoof); - REPLAY(0); + REPLAY(1); /* disable arp antispoof, should pass */ pg_antispoof_arp_disable(antispoof); @@ -491,8 +487,8 @@ static void test_antispoof_empty_burst(void) g_free(pkts); } -static int test_antispoof_filter(struct pg_brick *antispoof, - } struct rte_mbuf *packet) +static int test_antispoof_filter(struct pg_brick *antispoof, + struct rte_mbuf *packet) { struct pg_brick *gen_west; struct pg_brick *col_east; @@ -575,10 +571,11 @@ static void test_antispoof_ndp(void) pg_antispoof_ndp_enable(antispoof); pg_antispoof_ndp_del_all(antispoof); - /* add NDP_MAX adresses */ for (int i = 0; i < 150; i++) { - pg_ip_from_str(ip, "2001:db8:2000:aff0::"+i); + pg_autofree char *c = NULL; + c = g_strdup_printf("2001:db8:2000:aff0::%d",i); + pg_ip_from_str(ip, c); if (i < PG_NPD_MAX) { pg_antispoof_ndp_add(antispoof, ip, &error); g_assert(!error); @@ -599,14 +596,7 @@ static void test_antispoof_ndp(void) g_assert(!error); /* remove all addresses */ - g_assert(pg_antispoof_ndp_del(antispoof,ip,&error) == 0); - g_assert(!error); - - /* remove adresse */ - g_assert(pg_antispoof_ndp_del(antispoof,ip,&error) != 0); - g_assert(error); - pg_error_free(error); - error = NULL ; + pg_antispoof_ndp_del(antispoof,ip,&error); /* legit packet */ packet = build_packet(pkt0, 86); @@ -635,12 +625,12 @@ static void test_antispoof_ndp(void) /* legit packet with next header :UDP */ packet = build_packet(pkt3, 86); - g_assert(test_antispoof_filter(antispoof, packet) != 0); + g_assert(test_antispoof_filter(antispoof, packet) == 0); pg_packets_free(&packet, pg_mask_firsts(1)); - + /* legit packet with type Redirect Message */ packet = build_packet(pkt4, 86); - g_assert(test_antispoof_filter(antispoof, packet) != 0); + g_assert(test_antispoof_filter(antispoof, packet) == 0); pg_packets_free(&packet, pg_mask_firsts(1)); /* legit packet */