git: 755bab6d55e6 - main - tests/libalias: Test LibAliasIn on redirection
Lutz Donnerhacke
donner at FreeBSD.org
Wed May 26 14:22:14 UTC 2021
The branch main has been updated by donner:
URL: https://cgit.FreeBSD.org/src/commit/?id=755bab6d55e6e2df168f352f3e2fbdea87002ed8
commit 755bab6d55e6e2df168f352f3e2fbdea87002ed8
Author: Lutz Donnerhacke <donner at FreeBSD.org>
AuthorDate: 2021-05-23 20:39:30 +0000
Commit: Lutz Donnerhacke <donner at FreeBSD.org>
CommitDate: 2021-05-26 14:19:24 +0000
tests/libalias: Test LibAliasIn on redirection
Extend the test suite for libalias(3) to incoming connections.
Test the various types of redirections.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30408
---
tests/sys/netinet/libalias/3_natin.c | 381 +++++++++++++++++++++++++++++++++++
tests/sys/netinet/libalias/Makefile | 2 +
2 files changed, 383 insertions(+)
diff --git a/tests/sys/netinet/libalias/3_natin.c b/tests/sys/netinet/libalias/3_natin.c
new file mode 100644
index 000000000000..e8e5257e4baa
--- /dev/null
+++ b/tests/sys/netinet/libalias/3_natin.c
@@ -0,0 +1,381 @@
+/*
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Copyright 2021 Lutz Donnerhacke
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+ * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <atf-c.h>
+#include <alias.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "util.h"
+
+ATF_TC_WITHOUT_HEAD(1_portforward);
+ATF_TC_BODY(1_portforward, dummy)
+{
+ struct libalias *la = LibAliasInit(NULL);
+ struct alias_link *pf1, *pf2, *pf3, *pf4;
+ struct ip *p;
+ struct udphdr *u;
+
+ ATF_REQUIRE(la != NULL);
+ LibAliasSetAddress(la, masq);
+ LibAliasSetMode(la, PKT_ALIAS_RESET_ON_ADDR_CHANGE, ~0);
+ LibAliasSetMode(la, PKT_ALIAS_DENY_INCOMING, PKT_ALIAS_DENY_INCOMING);
+
+ /*
+ * Fully specified
+ */
+ pf1 = LibAliasRedirectPort(la, prv1, ntohs(0x1234), ext, ntohs(0x5678), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf1 != NULL);
+
+ p = ip_packet(0, 64);
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv1, 0x1234);
+ /* try again */
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv1, 0x1234);
+ /* different source */
+ UDP_UNNAT_FAIL(p, u, pub, 0x5678, masq, 0xabcd);
+ UDP_UNNAT_FAIL(p, u, ext, 0xdead, masq, 0xabcd);
+
+ /* clear table by keeping the address */
+ LibAliasSetAddress(la, ext);
+ LibAliasSetAddress(la, masq);
+
+ /* delete and try again */
+ LibAliasRedirectDelete(la, pf1);
+ UDP_UNNAT_FAIL(p, u, ext, 0x5678, masq, 0xabcd);
+
+ /*
+ * Any external port
+ */
+ pf2 = LibAliasRedirectPort(la, prv2, ntohs(0x1234), ext, ntohs(0), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf2 != NULL);
+
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv2, 0x1234);
+ /* try again */
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv2, 0x1234);
+ /* different source */
+ UDP_UNNAT_FAIL(p, u, pub, 0x5678, masq, 0xabcd);
+ UDP_UNNAT_CHECK(p, u, ext, 0xdead, masq, 0xabcd, prv2, 0x1234);
+
+ /* clear table by keeping the address */
+ LibAliasSetAddress(la, ext);
+ LibAliasSetAddress(la, masq);
+
+ /* delete and try again */
+ LibAliasRedirectDelete(la, pf2);
+ UDP_UNNAT_FAIL(p, u, ext, 0x5678, masq, 0xabcd);
+
+ /*
+ * Any external host
+ */
+ pf3 = LibAliasRedirectPort(la, prv3, ntohs(0x1234), ANY_ADDR, ntohs(0x5678), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf3 != NULL);
+
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv3, 0x1234);
+ /* try again */
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv3, 0x1234);
+ /* different source */
+ UDP_UNNAT_CHECK(p, u, pub, 0x5678, masq, 0xabcd, prv3, 0x1234);
+ UDP_UNNAT_FAIL(p, u, ext, 0xdead, masq, 0xabcd);
+
+ /* clear table by keeping the address */
+ LibAliasSetAddress(la, ext);
+ LibAliasSetAddress(la, masq);
+
+ /* delete and try again */
+ LibAliasRedirectDelete(la, pf2);
+ UDP_UNNAT_FAIL(p, u, ext, 0x5678, masq, 0xabcd);
+
+ /*
+ * Any external host, any port
+ */
+ pf4 = LibAliasRedirectPort(la, cgn, ntohs(0x1234), ANY_ADDR, ntohs(0), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf4 != NULL);
+
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, cgn, 0x1234);
+ /* try again */
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, cgn, 0x1234);
+ /* different source */
+ UDP_UNNAT_CHECK(p, u, pub, 0x5678, masq, 0xabcd, cgn, 0x1234);
+ UDP_UNNAT_CHECK(p, u, ext, 0xdead, masq, 0xabcd, cgn, 0x1234);
+
+ /* clear table by keeping the address */
+ LibAliasSetAddress(la, ext);
+ LibAliasSetAddress(la, masq);
+
+ /* delete and try again */
+ LibAliasRedirectDelete(la, pf2);
+ UDP_UNNAT_FAIL(p, u, ext, 0x5678, masq, 0xabcd);
+
+ free(p);
+ LibAliasUninit(la);
+}
+
+ATF_TC_WITHOUT_HEAD(2_portoverlap);
+ATF_TC_BODY(2_portoverlap, dummy)
+{
+ struct libalias *la = LibAliasInit(NULL);
+ struct alias_link *pf1, *pf2, *pf3, *pf4;
+ struct ip *p;
+ struct udphdr *u;
+
+ ATF_REQUIRE(la != NULL);
+ LibAliasSetAddress(la, masq);
+ LibAliasSetMode(la, PKT_ALIAS_RESET_ON_ADDR_CHANGE, ~0);
+ LibAliasSetMode(la, PKT_ALIAS_DENY_INCOMING, PKT_ALIAS_DENY_INCOMING);
+
+ /*
+ * Fully specified
+ */
+ pf1 = LibAliasRedirectPort(la, prv2, ntohs(0x1234), ext, ntohs(0x5678), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf1 != NULL);
+
+ p = ip_packet(0, 64);
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv2, 0x1234);
+
+ /* clear table by keeping the address */
+ LibAliasSetAddress(la, ext);
+ LibAliasSetAddress(la, masq);
+
+ /*
+ * Fully specified (override)
+ */
+ pf1 = LibAliasRedirectPort(la, prv1, ntohs(0x1234), ext, ntohs(0x5678), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf1 != NULL);
+
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv1, 0x1234);
+
+ /* clear table by keeping the address */
+ LibAliasSetAddress(la, ext);
+ LibAliasSetAddress(la, masq);
+
+ /*
+ * Any external port
+ */
+ pf2 = LibAliasRedirectPort(la, prv2, ntohs(0x1234), ext, ntohs(0), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf2 != NULL);
+
+ UDP_UNNAT_CHECK(p, u, ext, 0x5679, masq, 0xabcd, prv2, 0x1234);
+ /* more specific rule wins */
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv1, 0x1234);
+
+ /* clear table by keeping the address */
+ LibAliasSetAddress(la, ext);
+ LibAliasSetAddress(la, masq);
+
+ /*
+ * Any external host
+ */
+ pf3 = LibAliasRedirectPort(la, prv3, ntohs(0x1234), ANY_ADDR, ntohs(0x5678), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf3 != NULL);
+
+ UDP_UNNAT_CHECK(p, u, pub, 0x5678, masq, 0xabcd, prv3, 0x1234);
+ /* more specific rule wins */
+ UDP_UNNAT_CHECK(p, u, ext, 0x5679, masq, 0xabcd, prv2, 0x1234);
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv1, 0x1234);
+
+ /* clear table by keeping the address */
+ LibAliasSetAddress(la, ext);
+ LibAliasSetAddress(la, masq);
+
+ /*
+ * Any external host, any port
+ */
+ pf4 = LibAliasRedirectPort(la, cgn, ntohs(0x1234), ANY_ADDR, ntohs(0), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf4 != NULL);
+
+ UDP_UNNAT_CHECK(p, u, prv1, 0x5679, masq, 0xabcd, cgn, 0x1234);
+ /* more specific rule wins */
+ UDP_UNNAT_CHECK(p, u, pub, 0x5678, masq, 0xabcd, prv3, 0x1234);
+ UDP_UNNAT_CHECK(p, u, ext, 0x5679, masq, 0xabcd, prv2, 0x1234);
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv1, 0x1234);
+
+ free(p);
+ LibAliasUninit(la);
+}
+
+ATF_TC_WITHOUT_HEAD(3_redirectany);
+ATF_TC_BODY(3_redirectany, dummy)
+{
+ struct libalias *la = LibAliasInit(NULL);
+ struct alias_link *pf;
+ struct ip *p;
+ struct udphdr *u;
+
+ ATF_REQUIRE(la != NULL);
+ LibAliasSetMode(la, PKT_ALIAS_DENY_INCOMING, ~0);
+ p = ip_packet(0, 64);
+
+ pf = LibAliasRedirectPort(la, prv1, ntohs(0x1234), ANY_ADDR, 0, ANY_ADDR, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf != NULL);
+
+ LibAliasSetAddress(la, masq);
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv1, 0x1234);
+ UDP_UNNAT_FAIL(p, u, pub, 0x5678, pub, 0xabcd);
+
+ LibAliasSetAddress(la, pub);
+ UDP_UNNAT_CHECK(p, u, pub, 0x5679, pub, 0xabcd, prv1, 0x1234);
+ UDP_UNNAT_FAIL(p, u, ext, 0x5679, masq, 0xabcd);
+
+ free(p);
+ LibAliasUninit(la);
+}
+
+ATF_TC_WITHOUT_HEAD(4_redirectaddr);
+ATF_TC_BODY(4_redirectaddr, dummy)
+{
+ struct libalias *la = LibAliasInit(NULL);
+ struct alias_link *pf1, *pf2;
+ struct ip *p;
+
+ ATF_REQUIRE(la != NULL);
+ LibAliasSetAddress(la, masq);
+ pf1 = LibAliasRedirectAddr(la, prv1, pub);
+ ATF_REQUIRE(pf1 != NULL);
+
+ p = ip_packet(254, 64);
+ UNNAT_CHECK(p, ext, pub, prv1);
+ UNNAT_CHECK(p, ext, masq, masq);
+
+ pf2 = LibAliasRedirectAddr(la, prv2, pub);
+ ATF_REQUIRE(pf2 != NULL);
+ UNNAT_CHECK(p, ext, pub, prv1);
+ p->ip_p = 253; /* new flows */
+ UNNAT_CHECK(p, ext, pub, prv2);
+ UNNAT_CHECK(p, ext, masq, masq);
+
+ p->ip_p = 252; /* new flows */
+ NAT_CHECK(p, prv1, ext, pub);
+ NAT_CHECK(p, prv2, ext, pub);
+ NAT_CHECK(p, prv3, ext, masq);
+
+ LibAliasSetMode(la, PKT_ALIAS_DENY_INCOMING, ~0);
+ p->ip_p = 251; /* new flows */
+ UNNAT_FAIL(p, ext, pub);
+ UNNAT_FAIL(p, ext, masq);
+
+ /* unhide older version */
+ LibAliasRedirectDelete(la, pf2);
+ LibAliasSetMode(la, 0, ~0);
+ p->ip_p = 250; /* new flows */
+ UNNAT_CHECK(p, ext, pub, prv1);
+
+ p->ip_p = 249; /* new flows */
+ NAT_CHECK(p, prv1, ext, pub);
+ NAT_CHECK(p, prv2, ext, masq);
+ NAT_CHECK(p, prv3, ext, masq);
+
+ free(p);
+ LibAliasUninit(la);
+}
+
+ATF_TC_WITHOUT_HEAD(5_lsnat);
+ATF_TC_BODY(5_lsnat, dummy)
+{
+ struct libalias *la = LibAliasInit(NULL);
+ struct alias_link *pf;
+ struct ip *p;
+ struct udphdr *u;
+
+ ATF_REQUIRE(la != NULL);
+ LibAliasSetMode(la, 0, ~0);
+ p = ip_packet(0, 64);
+
+ pf = LibAliasRedirectPort(la, cgn, ntohs(0xdead), ANY_ADDR, 0, masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf != NULL);
+
+ ATF_REQUIRE(0 == LibAliasAddServer(la, pf, prv1, ntohs(0x1234)));
+ ATF_REQUIRE(0 == LibAliasAddServer(la, pf, prv2, ntohs(0x2345)));
+ ATF_REQUIRE(0 == LibAliasAddServer(la, pf, prv3, ntohs(0x3456)));
+
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv3, 0x3456);
+ UDP_UNNAT_CHECK(p, u, ext, 0x5679, masq, 0xabcd, prv2, 0x2345);
+ UDP_UNNAT_CHECK(p, u, ext, 0x567a, masq, 0xabcd, prv1, 0x1234);
+ UDP_UNNAT_CHECK(p, u, ext, 0x567b, masq, 0xabcd, prv3, 0x3456);
+ UDP_UNNAT_CHECK(p, u, ext, 0x567c, masq, 0xabcd, prv2, 0x2345);
+ UDP_UNNAT_CHECK(p, u, ext, 0x567d, masq, 0xabcd, prv1, 0x1234);
+
+ free(p);
+ LibAliasUninit(la);
+}
+
+ATF_TC_WITHOUT_HEAD(6_oneshot);
+ATF_TC_BODY(6_oneshot, dummy)
+{
+ struct libalias *la = LibAliasInit(NULL);
+ struct alias_link *pf;
+ struct ip *p;
+ struct udphdr *u;
+
+ ATF_REQUIRE(la != NULL);
+ LibAliasSetMode(la, 0, ~0);
+ LibAliasSetMode(la, PKT_ALIAS_RESET_ON_ADDR_CHANGE, ~0);
+ LibAliasSetMode(la, PKT_ALIAS_DENY_INCOMING, PKT_ALIAS_DENY_INCOMING);
+
+ pf = LibAliasRedirectPort(la, prv1, ntohs(0x1234), ANY_ADDR, 0, masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf != NULL);
+ /* only for fully specified links */
+ ATF_CHECK(-1 == LibAliasRedirectDynamic(la, pf));
+ LibAliasRedirectDelete(la, pf);
+
+ pf = LibAliasRedirectPort(la, prv1, ntohs(0x1234), ext, ntohs(0x5678), masq, ntohs(0xabcd), IPPROTO_UDP);
+ ATF_REQUIRE(pf != NULL);
+ ATF_CHECK(0 == LibAliasRedirectDynamic(la, pf));
+
+ p = ip_packet(0, 64);
+ UDP_UNNAT_CHECK(p, u, ext, 0x5678, masq, 0xabcd, prv1, 0x1234);
+
+ /* clear table by keeping the address */
+ LibAliasSetAddress(la, ext);
+ LibAliasSetAddress(la, masq);
+
+ /* does not work anymore */
+ UDP_UNNAT_FAIL(p, u, ext, 0x5678, masq, 0xabcd);
+
+ free(p);
+ LibAliasUninit(la);
+}
+
+ATF_TP_ADD_TCS(natin)
+{
+ /* Use "dd if=/dev/random bs=2 count=1 | od -x" to reproduce */
+ srand(0xe859);
+
+ ATF_TP_ADD_TC(natin, 1_portforward);
+ ATF_TP_ADD_TC(natin, 2_portoverlap);
+ ATF_TP_ADD_TC(natin, 3_redirectany);
+ ATF_TP_ADD_TC(natin, 4_redirectaddr);
+ ATF_TP_ADD_TC(natin, 5_lsnat);
+ ATF_TP_ADD_TC(natin, 6_oneshot);
+
+ return atf_no_error();
+}
diff --git a/tests/sys/netinet/libalias/Makefile b/tests/sys/netinet/libalias/Makefile
index 6ee2fc0e0e1f..e5ed88f52fcd 100644
--- a/tests/sys/netinet/libalias/Makefile
+++ b/tests/sys/netinet/libalias/Makefile
@@ -7,6 +7,7 @@ BINDIR= ${TESTSDIR}
ATF_TESTS_C+= 1_instance \
2_natout \
+ 3_natin \
PROGS+= perf
@@ -14,6 +15,7 @@ LIBADD+= alias
SRCS.1_instance=1_instance.c util.c
SRCS.2_natout= 2_natout.c util.c
+SRCS.3_natin= 3_natin.c util.c
SRCS.perf= perf.c util.c
.include <bsd.test.mk>
More information about the dev-commits-src-main
mailing list