Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / 860ef53cf42018711b5ce60629d1e8252e60f31c / . / patchpanel / datapath_test.cc
blob: 10c6ee158b2cd87c488d5e74d84dcca5c8f722df [file] [log] [blame]
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]1// Copyright 2019 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]5#include "patchpanel/datapath.h"
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]6
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]7#include <linux/if_tun.h>
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]8#include <net/if.h>
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]9#include <sys/ioctl.h>
10
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]11#include <utility>
12#include <vector>
13
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]14#include <base/bind.h>
Qijiang Fane90b8792020-03-09 16:15:41 +0900[diff] [blame]15#include <base/bind_helpers.h>
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]16#include <base/strings/string_split.h>
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]17#include <base/strings/string_util.h>
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]18#include <gmock/gmock.h>
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]19#include <gtest/gtest.h>
20
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]21#include "patchpanel/mock_firewall.h"
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]22#include "patchpanel/net_util.h"
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]23
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]24using testing::_;
25using testing::ElementsAre;
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]26using testing::ElementsAreArray;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]27using testing::Return;
28using testing::StrEq;
29
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]30namespace patchpanel {
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]31namespace {
32
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]33// TODO(hugobenichi) Centralize this constant definition
34constexpr pid_t kTestPID = -2;
35
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]36std::vector<ioctl_req_t> ioctl_reqs;
37std::vector<std::pair<std::string, struct rtentry>> ioctl_rtentry_args;
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]38
39// Capture all ioctls and succeed.
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]40int ioctl_req_cap(int fd, ioctl_req_t req, ...) {
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]41 ioctl_reqs.push_back(req);
42 return 0;
43}
44
45// Capture ioctls for SIOCADDRT and SIOCDELRT and succeed.
46int ioctl_rtentry_cap(int fd, ioctl_req_t req, struct rtentry* arg) {
47 ioctl_reqs.push_back(req);
48 ioctl_rtentry_args.push_back({"", *arg});
49 // Copy the string poited by rtentry.rt_dev because Add/DeleteIPv4Route pass
50 // this value to ioctl() on the stack.
51 if (arg->rt_dev) {
52 auto& cap = ioctl_rtentry_args.back();
53 cap.first = std::string(arg->rt_dev);
54 cap.second.rt_dev = (char*)cap.first.c_str();
55 }
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]56 return 0;
57}
58
59} // namespace
60
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]61using IpFamily::Dual;
62using IpFamily::IPv4;
63using IpFamily::IPv6;
64
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]65class MockProcessRunner : public MinijailedProcessRunner {
66 public:
67 MockProcessRunner() = default;
68 ~MockProcessRunner() = default;
69
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]70 MOCK_METHOD1(WriteSentinelToContainer, int(pid_t pid));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]71 MOCK_METHOD3(brctl,
72 int(const std::string& cmd,
73 const std::vector<std::string>& argv,
74 bool log_failures));
75 MOCK_METHOD4(chown,
76 int(const std::string& uid,
77 const std::string& gid,
78 const std::string& file,
79 bool log_failures));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]80 MOCK_METHOD4(ip,
81 int(const std::string& obj,
82 const std::string& cmd,
83 const std::vector<std::string>& args,
84 bool log_failures));
85 MOCK_METHOD4(ip6,
86 int(const std::string& obj,
87 const std::string& cmd,
88 const std::vector<std::string>& args,
89 bool log_failures));
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]90 MOCK_METHOD4(iptables,
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]91 int(const std::string& table,
92 const std::vector<std::string>& argv,
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]93 bool log_failures,
94 std::string* output));
95 MOCK_METHOD4(ip6tables,
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]96 int(const std::string& table,
97 const std::vector<std::string>& argv,
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]98 bool log_failures,
99 std::string* output));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]100 MOCK_METHOD2(modprobe_all,
101 int(const std::vector<std::string>& modules, bool log_failures));
102 MOCK_METHOD3(sysctl_w,
103 int(const std::string& key,
104 const std::string& value,
105 bool log_failures));
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]106 MOCK_METHOD3(ip_netns_attach,
107 int(const std::string& netns_name,
108 pid_t netns_pid,
109 bool log_failures));
110 MOCK_METHOD2(ip_netns_delete,
111 int(const std::string& netns_name, bool log_failures));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]112};
113
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]114void Verify_iptables(MockProcessRunner& runner,
115 IpFamily family,
116 const std::string& command) {
117 auto args =
118 base::SplitString(command, " ", base::WhitespaceHandling::TRIM_WHITESPACE,
119 base::SplitResult::SPLIT_WANT_NONEMPTY);
120 const auto table = args[0];
121 args.erase(args.begin());
122 if (family & IPv4)
123 EXPECT_CALL(runner,
124 iptables(StrEq(table), ElementsAreArray(args), _, nullptr));
125 if (family & IPv6)
126 EXPECT_CALL(runner,
127 ip6tables(StrEq(table), ElementsAreArray(args), _, nullptr));
128}
129
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]130TEST(DatapathTest, IpFamily) {
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]131 EXPECT_EQ(Dual, IPv4 | IPv6);
132 EXPECT_EQ(Dual & IPv4, IPv4);
133 EXPECT_EQ(Dual & IPv6, IPv6);
134 EXPECT_NE(Dual, IPv4);
135 EXPECT_NE(Dual, IPv6);
136 EXPECT_NE(IPv4, IPv6);
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]137}
138
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]139TEST(DatapathTest, Start) {
140 MockProcessRunner runner;
141 MockFirewall firewall;
Hugo Benichi91ee09f2020-12-03 22:24:22 +0900[diff] [blame]142
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]143 // Asserts for sysctl modifications
144 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv4.ip_forward"), StrEq("1"), true));
145 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv4.ip_local_port_range"),
146 StrEq("32768 47103"), true));
147 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv6.conf.all.forwarding"),
148 StrEq("1"), true));
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]149
150 std::vector<std::pair<IpFamily, std::string>> iptables_commands = {
151 // Asserts for iptables chain reset.
152 {IPv4, "filter -D OUTPUT -j drop_guest_ipv4_prefix -w"},
153 {Dual, "filter -F FORWARD -w"},
154 {Dual, "mangle -F FORWARD -w"},
155 {Dual, "mangle -F INPUT -w"},
156 {Dual, "mangle -F OUTPUT -w"},
157 {Dual, "mangle -F POSTROUTING -w"},
158 {Dual, "mangle -F PREROUTING -w"},
159 {Dual, "mangle -L apply_local_source_mark -w"},
160 {Dual, "mangle -F apply_local_source_mark -w"},
161 {Dual, "mangle -X apply_local_source_mark -w"},
162 {Dual, "mangle -L apply_vpn_mark -w"},
163 {Dual, "mangle -F apply_vpn_mark -w"},
164 {Dual, "mangle -X apply_vpn_mark -w"},
165 {Dual, "mangle -L check_routing_mark -w"},
166 {Dual, "mangle -F check_routing_mark -w"},
167 {Dual, "mangle -X check_routing_mark -w"},
168 {IPv4, "filter -L drop_guest_ipv4_prefix -w"},
169 {IPv4, "filter -F drop_guest_ipv4_prefix -w"},
170 {IPv4, "filter -X drop_guest_ipv4_prefix -w"},
171 {IPv4, "nat -F POSTROUTING -w"},
172 // Asserts for SNAT rules.
173 {IPv4,
174 "filter -A FORWARD -m mark --mark 1/1 -m state --state INVALID -j DROP "
175 "-w"},
176 {IPv4, "nat -A POSTROUTING -m mark --mark 1/1 -j MASQUERADE -w"},
177 // Asserts for AddForwardEstablishedRule
178 {IPv4,
179 "filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -w"},
180 // Asserts for AddSourceIPv4DropRule() calls.
181 {IPv4, "filter -N drop_guest_ipv4_prefix -w"},
182 {IPv4, "filter -I OUTPUT -j drop_guest_ipv4_prefix -w"},
183 {IPv4,
184 "filter -I drop_guest_ipv4_prefix -o eth+ -s 100.115.92.0/23 -j DROP "
185 "-w"},
186 {IPv4,
187 "filter -I drop_guest_ipv4_prefix -o wlan+ -s 100.115.92.0/23 -j DROP "
188 "-w"},
189 {IPv4,
190 "filter -I drop_guest_ipv4_prefix -o mlan+ -s 100.115.92.0/23 -j DROP "
191 "-w"},
192 {IPv4,
193 "filter -I drop_guest_ipv4_prefix -o usb+ -s 100.115.92.0/23 -j DROP "
194 "-w"},
195 {IPv4,
196 "filter -I drop_guest_ipv4_prefix -o wwan+ -s 100.115.92.0/23 -j DROP "
197 "-w"},
198 {IPv4,
199 "filter -I drop_guest_ipv4_prefix -o rmnet+ -s 100.115.92.0/23 -j DROP "
200 "-w"},
201 // Asserts for AddOutboundIPv4SNATMark("vmtap+")
202 {IPv4, "mangle -A PREROUTING -i vmtap+ -j MARK --set-mark 1/1 -w"},
203 // Asserts for OUTPUT ndp connmark bypass rule
204 {IPv6,
205 "mangle -I OUTPUT -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT "
206 "-w"},
207 {IPv6,
208 "mangle -I OUTPUT -p icmpv6 --icmpv6-type router-advertisement -j "
209 "ACCEPT -w"},
210 {IPv6,
211 "mangle -I OUTPUT -p icmpv6 --icmpv6-type neighbour-solicitation -j "
212 "ACCEPT -w"},
213 {IPv6,
214 "mangle -I OUTPUT -p icmpv6 --icmpv6-type neighbour-advertisement -j "
215 "ACCEPT -w"},
216 {IPv6,
217 "mangle -I check_routing_mark -p icmpv6 --icmpv6-type "
218 "router-solicitation -j RETURN -w"},
219 {IPv6,
220 "mangle -I check_routing_mark -p icmpv6 --icmpv6-type "
221 "router-advertisement -j RETURN -w"},
222 {IPv6,
223 "mangle -I check_routing_mark -p icmpv6 --icmpv6-type "
224 "neighbour-solicitation -j RETURN -w"},
225 {IPv6,
226 "mangle -I check_routing_mark -p icmpv6 --icmpv6-type "
227 "neighbour-advertisement -j RETURN -w"},
228 // Asserts for OUTPUT CONNMARK restore rule
229 {Dual,
230 "mangle -A OUTPUT -j CONNMARK --restore-mark --mask 0xffff0000 -w"},
231 // Asserts for apply_local_source_mark chain
232 {Dual, "mangle -N apply_local_source_mark -w"},
233 {Dual, "mangle -A OUTPUT -j apply_local_source_mark -w"},
234 {Dual,
235 "mangle -A apply_local_source_mark -m owner --uid-owner chronos -j MARK "
236 "--set-mark 0x00008100/0x0000ff00 -w"},
237 {Dual,
238 "mangle -A apply_local_source_mark -m owner --uid-owner debugd -j MARK "
239 "--set-mark 0x00008200/0x0000ff00 -w"},
240 {Dual,
241 "mangle -A apply_local_source_mark -m owner --uid-owner cups -j MARK "
242 "--set-mark 0x00008200/0x0000ff00 -w"},
243 {Dual,
244 "mangle -A apply_local_source_mark -m owner --uid-owner lpadmin -j MARK "
245 "--set-mark 0x00008200/0x0000ff00 -w"},
246 {Dual,
247 "mangle -A apply_local_source_mark -m owner --uid-owner kerberosd -j "
248 "MARK --set-mark 0x00008400/0x0000ff00 -w"},
249 {Dual,
250 "mangle -A apply_local_source_mark -m owner --uid-owner kerberosd-exec "
251 "-j MARK --set-mark 0x00008400/0x0000ff00 -w"},
252 {Dual,
253 "mangle -A apply_local_source_mark -m owner --uid-owner tlsdate -j MARK "
254 "--set-mark 0x00008400/0x0000ff00 -w"},
255 {Dual,
256 "mangle -A apply_local_source_mark -m owner --uid-owner pluginvm -j "
257 "MARK --set-mark 0x00008200/0x0000ff00 -w"},
258 {Dual,
259 "mangle -A apply_local_source_mark -m owner --uid-owner fuse-smbfs -j "
260 "MARK --set-mark 0x00008400/0x0000ff00 -w"},
261 {Dual,
262 "mangle -A apply_local_source_mark -m cgroup --cgroup 0x00010001 -j "
263 "MARK --set-mark 0x00000300/0x0000ff00 -w"},
264 {Dual,
265 "mangle -A apply_local_source_mark -m mark --mark 0x0/0x00003f00 -j "
266 "MARK --set-mark 0x00000400/0x00003f00 -w"},
267 // Asserts for apply_vpn_mark chain
268 {Dual, "mangle -N apply_vpn_mark -w"},
269 {Dual,
270 "mangle -A OUTPUT -m mark --mark 0x00008000/0x0000c000 -j "
271 "apply_vpn_mark -w"},
272 {Dual,
273 "mangle -A apply_vpn_mark -m mark ! --mark 0x0/0xffff0000 -j ACCEPT -w"},
274 // Asserts for check_routing_mark chain
275 {Dual, "mangle -N check_routing_mark -w"},
276 {Dual,
277 "mangle -A POSTROUTING -j CONNMARK --restore-mark --mask 0xffff0000 -w"},
278 {Dual,
279 "mangle -A POSTROUTING -m mark ! --mark 0x0/0xffff0000 -j "
280 "check_routing_mark -w"},
281 };
282 for (const auto& c : iptables_commands) {
283 Verify_iptables(runner, c.first, c.second);
284 }
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]285
286 Datapath datapath(&runner, &firewall);
287 datapath.Start();
288}
289
290TEST(DatapathTest, Stop) {
291 MockProcessRunner runner;
292 MockFirewall firewall;
293 // Asserts for sysctl modifications
294 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv4.ip_local_port_range"),
295 StrEq("32768 61000"), true));
296 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv6.conf.all.forwarding"),
297 StrEq("0"), true));
298 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv4.ip_forward"), StrEq("0"), true));
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]299
Hugo Benichi91ee09f2020-12-03 22:24:22 +0900[diff] [blame]300 // Asserts for iptables chain reset.
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]301 std::vector<std::pair<IpFamily, std::string>> iptables_commands = {
302 {IPv4, "filter -D OUTPUT -j drop_guest_ipv4_prefix -w"},
303 {Dual, "filter -F FORWARD -w"},
304 {Dual, "mangle -F FORWARD -w"},
305 {Dual, "mangle -F INPUT -w"},
306 {Dual, "mangle -F OUTPUT -w"},
307 {Dual, "mangle -F POSTROUTING -w"},
308 {Dual, "mangle -F PREROUTING -w"},
309 {Dual, "mangle -L apply_local_source_mark -w"},
310 {Dual, "mangle -F apply_local_source_mark -w"},
311 {Dual, "mangle -X apply_local_source_mark -w"},
312 {Dual, "mangle -L apply_vpn_mark -w"},
313 {Dual, "mangle -F apply_vpn_mark -w"},
314 {Dual, "mangle -X apply_vpn_mark -w"},
315 {Dual, "mangle -L check_routing_mark -w"},
316 {Dual, "mangle -F check_routing_mark -w"},
317 {Dual, "mangle -X check_routing_mark -w"},
318 {IPv4, "filter -L drop_guest_ipv4_prefix -w"},
319 {IPv4, "filter -F drop_guest_ipv4_prefix -w"},
320 {IPv4, "filter -X drop_guest_ipv4_prefix -w"},
321 {IPv4, "nat -F POSTROUTING -w"},
322 };
323 for (const auto& c : iptables_commands) {
324 Verify_iptables(runner, c.first, c.second);
325 }
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]326
327 Datapath datapath(&runner, &firewall);
328 datapath.Stop();
329}
330
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]331TEST(DatapathTest, AddTAP) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]332 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]333 MockFirewall firewall;
334 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]335 MacAddress mac = {1, 2, 3, 4, 5, 6};
Qijiang Fane90b8792020-03-09 16:15:41 +0900[diff] [blame]336 Subnet subnet(Ipv4Addr(100, 115, 92, 4), 30, base::DoNothing());
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]337 auto addr = subnet.AllocateAtOffset(0);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]338 auto ifname = datapath.AddTAP("foo0", &mac, addr.get(), "");
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]339 EXPECT_EQ(ifname, "foo0");
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]340 std::vector<ioctl_req_t> expected = {
341 TUNSETIFF, TUNSETPERSIST, SIOCSIFADDR, SIOCSIFNETMASK,
342 SIOCSIFHWADDR, SIOCGIFFLAGS, SIOCSIFFLAGS};
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]343 EXPECT_EQ(ioctl_reqs, expected);
344 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]345 ioctl_rtentry_args.clear();
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]346}
347
348TEST(DatapathTest, AddTAPWithOwner) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]349 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]350 MockFirewall firewall;
351 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]352 MacAddress mac = {1, 2, 3, 4, 5, 6};
Qijiang Fane90b8792020-03-09 16:15:41 +0900[diff] [blame]353 Subnet subnet(Ipv4Addr(100, 115, 92, 4), 30, base::DoNothing());
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]354 auto addr = subnet.AllocateAtOffset(0);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]355 auto ifname = datapath.AddTAP("foo0", &mac, addr.get(), "root");
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]356 EXPECT_EQ(ifname, "foo0");
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]357 std::vector<ioctl_req_t> expected = {
358 TUNSETIFF, TUNSETPERSIST, TUNSETOWNER, SIOCSIFADDR,
359 SIOCSIFNETMASK, SIOCSIFHWADDR, SIOCGIFFLAGS, SIOCSIFFLAGS};
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]360 EXPECT_EQ(ioctl_reqs, expected);
361 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]362 ioctl_rtentry_args.clear();
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]363}
364
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]365TEST(DatapathTest, AddTAPNoAddrs) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]366 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]367 MockFirewall firewall;
368 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]369 auto ifname = datapath.AddTAP("foo0", nullptr, nullptr, "");
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]370 EXPECT_EQ(ifname, "foo0");
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]371 std::vector<ioctl_req_t> expected = {TUNSETIFF, TUNSETPERSIST, SIOCGIFFLAGS,
372 SIOCSIFFLAGS};
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]373 EXPECT_EQ(ioctl_reqs, expected);
374 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]375 ioctl_rtentry_args.clear();
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]376}
377
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]378TEST(DatapathTest, RemoveTAP) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]379 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]380 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]381 EXPECT_CALL(runner, ip(StrEq("tuntap"), StrEq("del"),
382 ElementsAre("foo0", "mode", "tap"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]383 Datapath datapath(&runner, &firewall);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]384 datapath.RemoveTAP("foo0");
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]385}
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]386
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]387TEST(DatapathTest, NetnsAttachName) {
388 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]389 MockFirewall firewall;
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]390 EXPECT_CALL(runner, ip_netns_delete(StrEq("netns_foo"), false));
391 EXPECT_CALL(runner, ip_netns_attach(StrEq("netns_foo"), 1234, true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]392 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]393 EXPECT_TRUE(datapath.NetnsAttachName("netns_foo", 1234));
394}
395
396TEST(DatapathTest, NetnsDeleteName) {
397 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]398 MockFirewall firewall;
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]399 EXPECT_CALL(runner, ip_netns_delete(StrEq("netns_foo"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]400 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]401 EXPECT_TRUE(datapath.NetnsDeleteName("netns_foo"));
402}
403
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]404TEST(DatapathTest, AddBridge) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]405 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]406 MockFirewall firewall;
407 Datapath datapath(&runner, &firewall);
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]408 EXPECT_CALL(runner, brctl(StrEq("addbr"), ElementsAre("br"), true));
Garrick Evans6f4fa3a2020-02-10 16:15:09 +0900[diff] [blame]409 EXPECT_CALL(
410 runner,
411 ip(StrEq("addr"), StrEq("add"),
412 ElementsAre("1.1.1.1/30", "brd", "1.1.1.3", "dev", "br"), true));
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]413 EXPECT_CALL(runner,
414 ip(StrEq("link"), StrEq("set"), ElementsAre("br", "up"), true));
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]415 Verify_iptables(runner, IPv4,
416 "mangle -A PREROUTING -i br -j MARK --set-mark 1/1 -w");
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]417 datapath.AddBridge("br", Ipv4Addr(1, 1, 1, 1), 30);
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]418}
419
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]420TEST(DatapathTest, ConnectVethPair) {
421 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]422 MockFirewall firewall;
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]423 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("add"),
424 ElementsAre("veth_foo", "type", "veth", "peer", "name",
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]425 "peer_foo", "netns", "netns_foo"),
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]426 true));
427 EXPECT_CALL(runner, ip(StrEq("addr"), StrEq("add"),
428 ElementsAre("100.115.92.169/30", "brd",
429 "100.115.92.171", "dev", "peer_foo"),
430 true))
431 .WillOnce(Return(0));
432 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
433 ElementsAre("dev", "peer_foo", "up", "addr",
434 "01:02:03:04:05:06", "multicast", "on"),
435 true))
436 .WillOnce(Return(0));
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]437 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
438 ElementsAre("veth_foo", "up"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]439 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]440 EXPECT_TRUE(datapath.ConnectVethPair(kTestPID, "netns_foo", "veth_foo",
441 "peer_foo", {1, 2, 3, 4, 5, 6},
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]442 Ipv4Addr(100, 115, 92, 169), 30, true));
443}
444
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]445TEST(DatapathTest, AddVirtualInterfacePair) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]446 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]447 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]448 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("add"),
449 ElementsAre("veth_foo", "type", "veth", "peer", "name",
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]450 "peer_foo", "netns", "netns_foo"),
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]451 true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]452 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]453 EXPECT_TRUE(
454 datapath.AddVirtualInterfacePair("netns_foo", "veth_foo", "peer_foo"));
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]455}
456
457TEST(DatapathTest, ToggleInterface) {
458 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]459 MockFirewall firewall;
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]460 EXPECT_CALL(runner,
461 ip(StrEq("link"), StrEq("set"), ElementsAre("foo", "up"), true));
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]462 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]463 ElementsAre("bar", "down"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]464 Datapath datapath(&runner, &firewall);
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]465 EXPECT_TRUE(datapath.ToggleInterface("foo", true));
466 EXPECT_TRUE(datapath.ToggleInterface("bar", false));
467}
468
469TEST(DatapathTest, ConfigureInterface) {
470 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]471 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]472 EXPECT_CALL(
473 runner,
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]474 ip(StrEq("addr"), StrEq("add"),
475 ElementsAre("1.1.1.1/30", "brd", "1.1.1.3", "dev", "foo"), true))
476 .WillOnce(Return(0));
477 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
478 ElementsAre("dev", "foo", "up", "addr",
479 "02:02:02:02:02:02", "multicast", "on"),
480 true))
481 .WillOnce(Return(0));
482
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]483 Datapath datapath(&runner, &firewall);
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]484 MacAddress mac_addr = {2, 2, 2, 2, 2, 2};
485 EXPECT_TRUE(datapath.ConfigureInterface("foo", mac_addr, Ipv4Addr(1, 1, 1, 1),
486 30, true, true));
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]487}
488
489TEST(DatapathTest, RemoveInterface) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]490 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]491 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]492 EXPECT_CALL(runner,
493 ip(StrEq("link"), StrEq("delete"), ElementsAre("foo"), false));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]494 Datapath datapath(&runner, &firewall);
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]495 datapath.RemoveInterface("foo");
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]496}
497
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]498TEST(DatapathTest, RemoveBridge) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]499 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]500 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]501 Verify_iptables(runner, IPv4,
502 "mangle -D PREROUTING -i br -j MARK --set-mark 1/1 -w");
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]503 EXPECT_CALL(runner,
504 ip(StrEq("link"), StrEq("set"), ElementsAre("br", "down"), true));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]505 EXPECT_CALL(runner, brctl(StrEq("delbr"), ElementsAre("br"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]506 Datapath datapath(&runner, &firewall);
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]507 datapath.RemoveBridge("br");
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]508}
509
Hugo Benichi321f23b2020-09-25 15:42:05 +0900[diff] [blame]510TEST(DatapathTest, AddRemoveSourceIPv4DropRule) {
511 MockProcessRunner runner;
512 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]513 Verify_iptables(
514 runner, IPv4,
515 "filter -I drop_guest_ipv4_prefix -o eth+ -s 100.115.92.0/24 -j DROP -w");
516 Verify_iptables(
517 runner, IPv4,
518 "filter -D drop_guest_ipv4_prefix -o eth+ -s 100.115.92.0/24 -j DROP -w");
Hugo Benichi321f23b2020-09-25 15:42:05 +0900[diff] [blame]519 Datapath datapath(&runner, &firewall);
520 datapath.AddSourceIPv4DropRule("eth+", "100.115.92.0/24");
521 datapath.RemoveSourceIPv4DropRule("eth+", "100.115.92.0/24");
522}
523
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]524TEST(DatapathTest, StartRoutingNamespace) {
525 MockProcessRunner runner;
526 MockFirewall firewall;
527 MacAddress mac = {1, 2, 3, 4, 5, 6};
528
529 EXPECT_CALL(runner, ip_netns_delete(StrEq("netns_foo"), false));
530 EXPECT_CALL(runner, ip_netns_attach(StrEq("netns_foo"), kTestPID, true));
531 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("add"),
532 ElementsAre("arc_ns0", "type", "veth", "peer", "name",
533 "veth0", "netns", "netns_foo"),
534 true));
535 EXPECT_CALL(runner, ip(StrEq("addr"), StrEq("add"),
536 ElementsAre("100.115.92.130/30", "brd",
537 "100.115.92.131", "dev", "veth0"),
538 true))
539 .WillOnce(Return(0));
540 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
541 ElementsAre("dev", "veth0", "up", "addr",
542 "01:02:03:04:05:06", "multicast", "off"),
543 true))
544 .WillOnce(Return(0));
545 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
546 ElementsAre("arc_ns0", "up"), true));
547 EXPECT_CALL(runner, ip(StrEq("addr"), StrEq("add"),
548 ElementsAre("100.115.92.129/30", "brd",
549 "100.115.92.131", "dev", "arc_ns0"),
550 true))
551 .WillOnce(Return(0));
552 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
553 ElementsAre("dev", "arc_ns0", "up", "addr",
554 "01:02:03:04:05:06", "multicast", "off"),
555 true))
556 .WillOnce(Return(0));
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]557 Verify_iptables(runner, IPv4, "filter -A FORWARD -o arc_ns0 -j ACCEPT -w");
558 Verify_iptables(runner, IPv4, "filter -A FORWARD -i arc_ns0 -j ACCEPT -w");
559 Verify_iptables(runner, IPv4,
560 "mangle -A PREROUTING -i arc_ns0 -j MARK --set-mark 1/1 -w");
561 Verify_iptables(runner, Dual,
562 "mangle -A PREROUTING -i arc_ns0 -j MARK --set-mark "
563 "0x00000200/0x00003f00 -w");
564 Verify_iptables(runner, Dual,
565 "mangle -A PREROUTING -i arc_ns0 -j CONNMARK "
566 "--restore-mark --mask 0xffff0000 -w");
567 Verify_iptables(runner, Dual,
568 "mangle -A PREROUTING -i arc_ns0 -j apply_vpn_mark -w");
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]569
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]570 ConnectedNamespace nsinfo = {};
571 nsinfo.pid = kTestPID;
572 nsinfo.netns_name = "netns_foo";
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]573 nsinfo.source = TrafficSource::USER;
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]574 nsinfo.outbound_ifname = "";
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]575 nsinfo.route_on_vpn = true;
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]576 nsinfo.host_ifname = "arc_ns0";
577 nsinfo.peer_ifname = "veth0";
578 nsinfo.peer_subnet = std::make_unique<Subnet>(Ipv4Addr(100, 115, 92, 128), 30,
579 base::DoNothing());
580 nsinfo.peer_mac_addr = mac;
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]581 Datapath datapath(&runner, &firewall, (ioctl_t)ioctl_rtentry_cap);
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]582 datapath.StartRoutingNamespace(nsinfo);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]583 ioctl_reqs.clear();
584 ioctl_rtentry_args.clear();
585}
586
587TEST(DatapathTest, StopRoutingNamespace) {
588 MockProcessRunner runner;
589 MockFirewall firewall;
590
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]591 Verify_iptables(runner, IPv4, "filter -D FORWARD -o arc_ns0 -j ACCEPT -w");
592 Verify_iptables(runner, IPv4, "filter -D FORWARD -i arc_ns0 -j ACCEPT -w");
593 Verify_iptables(runner, IPv4,
594 "mangle -D PREROUTING -i arc_ns0 -j MARK --set-mark 1/1 -w");
595 Verify_iptables(runner, Dual,
596 "mangle -D PREROUTING -i arc_ns0 -j MARK --set-mark "
597 "0x00000200/0x00003f00 -w");
598 Verify_iptables(runner, Dual,
599 "mangle -D PREROUTING -i arc_ns0 -j CONNMARK "
600 "--restore-mark --mask 0xffff0000 -w");
601 Verify_iptables(runner, Dual,
602 "mangle -D PREROUTING -i arc_ns0 -j apply_vpn_mark -w");
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]603 EXPECT_CALL(runner, ip_netns_delete(StrEq("netns_foo"), true));
604 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("delete"), ElementsAre("arc_ns0"),
605 false));
606
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]607 ConnectedNamespace nsinfo = {};
608 nsinfo.pid = kTestPID;
609 nsinfo.netns_name = "netns_foo";
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]610 nsinfo.source = TrafficSource::USER;
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]611 nsinfo.outbound_ifname = "";
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]612 nsinfo.route_on_vpn = true;
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]613 nsinfo.host_ifname = "arc_ns0";
614 nsinfo.peer_ifname = "veth0";
615 nsinfo.peer_subnet = std::make_unique<Subnet>(Ipv4Addr(100, 115, 92, 128), 30,
616 base::DoNothing());
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]617 Datapath datapath(&runner, &firewall);
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]618 datapath.StopRoutingNamespace(nsinfo);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]619}
620
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]621TEST(DatapathTest, StartRoutingDevice_Arc) {
622 MockProcessRunner runner;
623 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]624 Verify_iptables(
625 runner, IPv4,
626 "nat -A PREROUTING -i eth0 -m socket --nowildcard -j ACCEPT -w");
627 Verify_iptables(
628 runner, IPv4,
629 "nat -A PREROUTING -i eth0 -p tcp -j DNAT --to-destination 1.2.3.4 -w");
630 Verify_iptables(
631 runner, IPv4,
632 "nat -A PREROUTING -i eth0 -p udp -j DNAT --to-destination 1.2.3.4 -w");
633 Verify_iptables(runner, IPv4,
634 "filter -A FORWARD -i eth0 -o arc_eth0 -j ACCEPT -w");
635 Verify_iptables(runner, IPv4,
636 "filter -A FORWARD -i arc_eth0 -o eth0 -j ACCEPT -w");
637 Verify_iptables(runner, Dual,
638 "mangle -A PREROUTING -i arc_eth0 -j MARK --set-mark "
639 "0x00002000/0x00003f00 -w");
640 Verify_iptables(runner, Dual,
641 "mangle -A PREROUTING -i arc_eth0 -j MARK --set-mark "
642 "0x03ea0000/0xffff0000 -w");
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]643
644 Datapath datapath(&runner, &firewall);
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]645 datapath.SetIfnameIndex("eth0", 2);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]646 datapath.StartRoutingDevice("eth0", "arc_eth0", Ipv4Addr(1, 2, 3, 4),
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]647 TrafficSource::ARC, false);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]648}
649
650TEST(DatapathTest, StartRoutingDevice_CrosVM) {
651 MockProcessRunner runner;
652 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]653 Verify_iptables(runner, IPv4, "filter -A FORWARD -o vmtap0 -j ACCEPT -w");
654 Verify_iptables(runner, IPv4, "filter -A FORWARD -i vmtap0 -j ACCEPT -w");
655 Verify_iptables(runner, Dual,
656 "mangle -A PREROUTING -i vmtap0 -j MARK --set-mark "
657 "0x00002100/0x00003f00 -w");
658 Verify_iptables(runner, Dual,
659 "mangle -A PREROUTING -i vmtap0 -j CONNMARK "
660 "--restore-mark --mask 0xffff0000 -w");
661 Verify_iptables(runner, Dual,
662 "mangle -A PREROUTING -i vmtap0 -j apply_vpn_mark -w");
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]663
664 Datapath datapath(&runner, &firewall);
665 datapath.StartRoutingDevice("", "vmtap0", Ipv4Addr(1, 2, 3, 4),
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]666 TrafficSource::CROSVM, true);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]667}
668
669TEST(DatapathTest, StopRoutingDevice_Arc) {
670 MockProcessRunner runner;
671 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]672 Verify_iptables(
673 runner, IPv4,
674 "nat -D PREROUTING -i eth0 -m socket --nowildcard -j ACCEPT -w");
675 Verify_iptables(
676 runner, IPv4,
677 "nat -D PREROUTING -i eth0 -p tcp -j DNAT --to-destination 1.2.3.4 -w");
678 Verify_iptables(
679 runner, IPv4,
680 "nat -D PREROUTING -i eth0 -p udp -j DNAT --to-destination 1.2.3.4 -w");
681 Verify_iptables(runner, IPv4,
682 "filter -D FORWARD -i eth0 -o arc_eth0 -j ACCEPT -w");
683 Verify_iptables(runner, IPv4,
684 "filter -D FORWARD -i arc_eth0 -o eth0 -j ACCEPT -w");
685 Verify_iptables(runner, Dual,
686 "mangle -D PREROUTING -i arc_eth0 -j MARK --set-mark "
687 "0x00002000/0x00003f00 -w");
688 Verify_iptables(runner, Dual,
689 "mangle -D PREROUTING -i arc_eth0 -j MARK --set-mark "
690 "0x03ea0000/0xffff0000 -w");
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]691
692 Datapath datapath(&runner, &firewall);
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]693 datapath.SetIfnameIndex("eth0", 2);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]694 datapath.StopRoutingDevice("eth0", "arc_eth0", Ipv4Addr(1, 2, 3, 4),
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]695 TrafficSource::ARC, true);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]696}
697
698TEST(DatapathTest, StopRoutingDevice_CrosVM) {
699 MockProcessRunner runner;
700 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]701 Verify_iptables(runner, IPv4, "filter -D FORWARD -o vmtap0 -j ACCEPT -w");
702 Verify_iptables(runner, IPv4, "filter -D FORWARD -i vmtap0 -j ACCEPT -w");
703 Verify_iptables(runner, Dual,
704 "mangle -D PREROUTING -i vmtap0 -j MARK --set-mark "
705 "0x00002100/0x00003f00 -w");
706 Verify_iptables(runner, Dual,
707 "mangle -D PREROUTING -i vmtap0 -j CONNMARK "
708 "--restore-mark --mask 0xffff0000 -w");
709 Verify_iptables(runner, Dual,
710 "mangle -D PREROUTING -i vmtap0 -j apply_vpn_mark -w");
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]711
712 Datapath datapath(&runner, &firewall);
713 datapath.StopRoutingDevice("", "vmtap0", Ipv4Addr(1, 2, 3, 4),
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]714 TrafficSource::CROSVM, true);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]715}
716
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]717TEST(DatapathTest, StartStopIpForwarding) {
718 struct {
719 IpFamily family;
720 std::string iif;
721 std::string oif;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]722 std::string start_args;
723 std::string stop_args;
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]724 bool result;
725 } testcases[] = {
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]726 {IPv4, "", "", {}, {}, false},
727 {NONE, "foo", "bar", {}, {}, false},
728 {IPv4, "foo", "bar", "filter -A FORWARD -i foo -o bar -j ACCEPT -w",
729 "filter -D FORWARD -i foo -o bar -j ACCEPT -w", true},
730 {IPv4, "", "bar", "filter -A FORWARD -o bar -j ACCEPT -w",
731 "filter -D FORWARD -o bar -j ACCEPT -w", true},
732 {IPv4, "foo", "", "filter -A FORWARD -i foo -j ACCEPT -w",
733 "filter -D FORWARD -i foo -j ACCEPT -w", true},
734 {IPv6, "foo", "bar", "filter -A FORWARD -i foo -o bar -j ACCEPT -w",
735 "filter -D FORWARD -i foo -o bar -j ACCEPT -w", true},
736 {IPv6, "", "bar", "filter -A FORWARD -o bar -j ACCEPT -w",
737 "filter -D FORWARD -o bar -j ACCEPT -w", true},
738 {IPv6, "foo", "", "filter -A FORWARD -i foo -j ACCEPT -w",
739 "filter -D FORWARD -i foo -j ACCEPT -w", true},
740 {Dual, "foo", "bar", "filter -A FORWARD -i foo -o bar -j ACCEPT -w",
741 "filter -D FORWARD -i foo -o bar -j ACCEPT -w", true},
742 {Dual, "", "bar", "filter -A FORWARD -o bar -j ACCEPT -w",
743 "filter -D FORWARD -o bar -j ACCEPT -w", true},
744 {Dual, "foo", "", "filter -A FORWARD -i foo -j ACCEPT -w",
745 "filter -D FORWARD -i foo -j ACCEPT -w", true},
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]746 };
747
748 for (const auto& tt : testcases) {
749 MockProcessRunner runner;
750 MockFirewall firewall;
751 if (tt.result) {
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]752 Verify_iptables(runner, tt.family, tt.start_args);
753 Verify_iptables(runner, tt.family, tt.stop_args);
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]754 }
755 Datapath datapath(&runner, &firewall);
756
757 EXPECT_EQ(tt.result, datapath.StartIpForwarding(tt.family, tt.iif, tt.oif));
758 EXPECT_EQ(tt.result, datapath.StopIpForwarding(tt.family, tt.iif, tt.oif));
759 }
760}
761
Hugo Benichi76be34a2020-08-26 22:35:54 +0900[diff] [blame]762TEST(DatapathTest, StartStopConnectionPinning) {
763 MockProcessRunner runner;
764 MockFirewall firewall;
Hugo Benichi1af52392020-11-27 18:09:32 +0900[diff] [blame]765
766 // Setup
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]767 Verify_iptables(runner, Dual,
768 "mangle -A check_routing_mark -o eth0 -m mark ! "
769 "--mark 0x03eb0000/0xffff0000 -j DROP -w");
770 Verify_iptables(runner, Dual,
771 "mangle -A POSTROUTING -o eth0 -j CONNMARK --set-mark "
772 "0x03eb0000/0xffff0000 -w");
773 Verify_iptables(runner, Dual,
774 "mangle -A POSTROUTING -o eth0 -j CONNMARK "
775 "--save-mark --mask 0x00003f00 -w");
776 Verify_iptables(runner, Dual,
777 "mangle -A PREROUTING -i eth0 -j CONNMARK "
778 "--restore-mark --mask 0x00003f00 -w");
Hugo Benichi155de002021-01-19 16:45:46 +0900[diff] [blame]779
Hugo Benichi1af52392020-11-27 18:09:32 +0900[diff] [blame]780 // Teardown
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]781 Verify_iptables(runner, Dual,
782 "mangle -D check_routing_mark -o eth0 -m mark ! "
783 "--mark 0x03eb0000/0xffff0000 -j DROP -w");
784 Verify_iptables(runner, Dual,
785 "mangle -D POSTROUTING -o eth0 -j CONNMARK --set-mark "
786 "0x03eb0000/0xffff0000 -w");
787 Verify_iptables(runner, Dual,
788 "mangle -D POSTROUTING -o eth0 -j CONNMARK "
789 "--save-mark --mask 0x00003f00 -w");
790 Verify_iptables(runner, Dual,
791 "mangle -D PREROUTING -i eth0 -j CONNMARK "
792 "--restore-mark --mask 0x00003f00 -w");
Hugo Benichi1af52392020-11-27 18:09:32 +0900[diff] [blame]793
Hugo Benichi76be34a2020-08-26 22:35:54 +0900[diff] [blame]794 Datapath datapath(&runner, &firewall);
795 datapath.SetIfnameIndex("eth0", 3);
796 datapath.StartConnectionPinning("eth0");
797 datapath.StopConnectionPinning("eth0");
798}
799
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]800TEST(DatapathTest, StartStopVpnRouting_ArcVpn) {
Hugo Benichi2a940542020-10-26 18:50:49 +0900[diff] [blame]801 MockProcessRunner runner;
802 MockFirewall firewall;
803
804 // Setup
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]805 Verify_iptables(runner, Dual,
806 "mangle -A check_routing_mark -o arcbr0 -m mark ! "
807 "--mark 0x03ed0000/0xffff0000 -j DROP -w");
808 Verify_iptables(runner, Dual,
809 "mangle -A POSTROUTING -o arcbr0 -j CONNMARK "
810 "--set-mark 0x03ed0000/0xffff0000 -w");
811 Verify_iptables(
812 runner, Dual,
813 "mangle -A apply_vpn_mark -j MARK --set-mark 0x03ed0000/0xffff0000 -w");
814 Verify_iptables(runner, Dual,
815 "mangle -A POSTROUTING -o arcbr0 -j CONNMARK "
816 "--save-mark --mask 0x00003f00 -w");
817 Verify_iptables(runner, Dual,
818 "mangle -A PREROUTING -i arcbr0 -j CONNMARK "
819 "--restore-mark --mask 0x00003f00 -w");
820 Verify_iptables(runner, IPv4,
821 "nat -A POSTROUTING -o arcbr0 -j MASQUERADE -w");
822
Hugo Benichi2a940542020-10-26 18:50:49 +0900[diff] [blame]823 // Teardown
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]824 Verify_iptables(runner, Dual,
825 "mangle -D check_routing_mark -o arcbr0 -m mark ! "
826 "--mark 0x03ed0000/0xffff0000 -j DROP -w");
827 Verify_iptables(runner, Dual,
828 "mangle -D POSTROUTING -o arcbr0 -j CONNMARK "
829 "--set-mark 0x03ed0000/0xffff0000 -w");
830 Verify_iptables(
831 runner, Dual,
832 "mangle -D apply_vpn_mark -j MARK --set-mark 0x03ed0000/0xffff0000 -w");
833 Verify_iptables(runner, Dual,
834 "mangle -D POSTROUTING -o arcbr0 -j CONNMARK "
835 "--save-mark --mask 0x00003f00 -w");
836 Verify_iptables(runner, Dual,
837 "mangle -D PREROUTING -i arcbr0 -j CONNMARK "
838 "--restore-mark --mask 0x00003f00 -w");
839 Verify_iptables(runner, IPv4,
840 "nat -D POSTROUTING -o arcbr0 -j MASQUERADE -w");
Hugo Benichi2a940542020-10-26 18:50:49 +0900[diff] [blame]841
842 Datapath datapath(&runner, &firewall);
843 datapath.SetIfnameIndex("arcbr0", 5);
844 datapath.StartVpnRouting("arcbr0");
845 datapath.StopVpnRouting("arcbr0");
846}
847
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]848TEST(DatapathTest, StartStopVpnRouting_HostVpn) {
849 MockProcessRunner runner;
850 MockFirewall firewall;
851
852 // Setup
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]853 Verify_iptables(runner, Dual,
854 "mangle -A check_routing_mark -o tun0 -m mark ! "
855 "--mark 0x03ed0000/0xffff0000 -j DROP -w");
856 Verify_iptables(runner, Dual,
857 "mangle -A POSTROUTING -o tun0 -j CONNMARK --set-mark "
858 "0x03ed0000/0xffff0000 -w");
859 Verify_iptables(
860 runner, Dual,
861 "mangle -A apply_vpn_mark -j MARK --set-mark 0x03ed0000/0xffff0000 -w");
862 Verify_iptables(runner, Dual,
863 "mangle -A POSTROUTING -o tun0 -j CONNMARK "
864 "--save-mark --mask 0x00003f00 -w");
865 Verify_iptables(runner, Dual,
866 "mangle -A PREROUTING -i tun0 -j CONNMARK "
867 "--restore-mark --mask 0x00003f00 -w");
868 Verify_iptables(runner, IPv4, "nat -A POSTROUTING -o tun0 -j MASQUERADE -w");
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]869 // Teardown
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]870 Verify_iptables(runner, Dual,
871 "mangle -D check_routing_mark -o tun0 -m mark ! "
872 "--mark 0x03ed0000/0xffff0000 -j DROP -w");
873 Verify_iptables(runner, Dual,
874 "mangle -D POSTROUTING -o tun0 -j CONNMARK --set-mark "
875 "0x03ed0000/0xffff0000 -w");
876 Verify_iptables(
877 runner, Dual,
878 "mangle -D apply_vpn_mark -j MARK --set-mark 0x03ed0000/0xffff0000 -w");
879 Verify_iptables(runner, Dual,
880 "mangle -D POSTROUTING -o tun0 -j CONNMARK "
881 "--save-mark --mask 0x00003f00 -w");
882 Verify_iptables(runner, Dual,
883 "mangle -D PREROUTING -i tun0 -j CONNMARK "
884 "--restore-mark --mask 0x00003f00 -w");
885 Verify_iptables(runner, IPv4, "nat -D POSTROUTING -o tun0 -j MASQUERADE -w");
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]886 // Start tun0 <-> arcbr0 routing
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]887 Verify_iptables(runner, IPv4,
888 "filter -A FORWARD -i tun0 -o arcbr0 -j ACCEPT -w");
889 Verify_iptables(runner, IPv4,
890 "filter -A FORWARD -i arcbr0 -o tun0 -j ACCEPT -w");
891 Verify_iptables(runner, Dual,
892 "mangle -A PREROUTING -i arcbr0 -j MARK --set-mark "
893 "0x00002000/0x00003f00 -w");
894 Verify_iptables(runner, Dual,
895 "mangle -A PREROUTING -i arcbr0 -j MARK --set-mark "
896 "0x03ed0000/0xffff0000 -w");
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]897 // Stop tun0 <-> arcbr0 routing
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]898 Verify_iptables(runner, IPv4,
899 "filter -D FORWARD -i tun0 -o arcbr0 -j ACCEPT -w");
900 Verify_iptables(runner, IPv4,
901 "filter -D FORWARD -i arcbr0 -o tun0 -j ACCEPT -w");
902 Verify_iptables(runner, Dual,
903 "mangle -D PREROUTING -i arcbr0 -j MARK --set-mark "
904 "0x00002000/0x00003f00 -w");
905 Verify_iptables(runner, Dual,
906 "mangle -D PREROUTING -i arcbr0 -j MARK --set-mark "
907 "0x03ed0000/0xffff0000 -w");
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]908
909 Datapath datapath(&runner, &firewall);
910 datapath.SetIfnameIndex("tun0", 5);
911 datapath.StartVpnRouting("tun0");
912 datapath.StopVpnRouting("tun0");
913}
914
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]915TEST(DatapathTest, AddInboundIPv4DNAT) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]916 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]917 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]918 Verify_iptables(
919 runner, IPv4,
920 "nat -A PREROUTING -i eth0 -m socket --nowildcard -j ACCEPT -w");
921 Verify_iptables(
922 runner, IPv4,
923 "nat -A PREROUTING -i eth0 -p tcp -j DNAT --to-destination 1.2.3.4 -w");
924 Verify_iptables(
925 runner, IPv4,
926 "nat -A PREROUTING -i eth0 -p udp -j DNAT --to-destination 1.2.3.4 -w");
927
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]928 Datapath datapath(&runner, &firewall);
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]929 datapath.AddInboundIPv4DNAT("eth0", "1.2.3.4");
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]930}
931
932TEST(DatapathTest, RemoveInboundIPv4DNAT) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]933 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]934 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]935 Verify_iptables(
936 runner, IPv4,
937 "nat -D PREROUTING -i eth0 -m socket --nowildcard -j ACCEPT -w");
938 Verify_iptables(
939 runner, IPv4,
940 "nat -D PREROUTING -i eth0 -p tcp -j DNAT --to-destination 1.2.3.4 -w");
941 Verify_iptables(
942 runner, IPv4,
943 "nat -D PREROUTING -i eth0 -p udp -j DNAT --to-destination 1.2.3.4 -w");
944
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]945 Datapath datapath(&runner, &firewall);
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]946 datapath.RemoveInboundIPv4DNAT("eth0", "1.2.3.4");
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]947}
948
Garrick Evans664a82f2019-12-17 12:18:05 +0900[diff] [blame]949TEST(DatapathTest, MaskInterfaceFlags) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]950 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]951 MockFirewall firewall;
952 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]953
Garrick Evans664a82f2019-12-17 12:18:05 +0900[diff] [blame]954 bool result = datapath.MaskInterfaceFlags("foo0", IFF_DEBUG);
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]955 EXPECT_TRUE(result);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]956 std::vector<ioctl_req_t> expected = {SIOCGIFFLAGS, SIOCSIFFLAGS};
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]957 EXPECT_EQ(ioctl_reqs, expected);
958 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]959 ioctl_rtentry_args.clear();
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]960}
961
962TEST(DatapathTest, AddIPv6Forwarding) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]963 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]964 MockFirewall firewall;
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]965 // Return 1 on iptables -C to simulate rule not existing case
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]966 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
967 ElementsAre("-C", "FORWARD", "-i", "eth0", "-o",
968 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]969 false, nullptr))
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]970 .WillOnce(Return(1));
971 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
972 ElementsAre("-A", "FORWARD", "-i", "eth0", "-o",
973 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]974 true, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]975 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
976 ElementsAre("-C", "FORWARD", "-i", "arc_eth0",
977 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]978 false, nullptr))
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]979 .WillOnce(Return(1));
980 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
981 ElementsAre("-A", "FORWARD", "-i", "arc_eth0",
982 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]983 true, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]984 Datapath datapath(&runner, &firewall);
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]985 datapath.AddIPv6Forwarding("eth0", "arc_eth0");
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]986}
987
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]988TEST(DatapathTest, AddIPv6ForwardingRuleExists) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]989 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]990 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]991 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
992 ElementsAre("-C", "FORWARD", "-i", "eth0", "-o",
993 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]994 false, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]995 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
996 ElementsAre("-C", "FORWARD", "-i", "arc_eth0",
997 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]998 false, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]999 Datapath datapath(&runner, &firewall);
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]1000 datapath.AddIPv6Forwarding("eth0", "arc_eth0");
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]1001}
1002
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1003TEST(DatapathTest, RemoveIPv6Forwarding) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1004 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1005 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame^]1006 Verify_iptables(runner, IPv6,
1007 "filter -D FORWARD -i eth0 -o arc_eth0 -j ACCEPT -w");
1008 Verify_iptables(runner, IPv6,
1009 "filter -D FORWARD -i arc_eth0 -o eth0 -j ACCEPT -w");
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1010 Datapath datapath(&runner, &firewall);
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1011 datapath.RemoveIPv6Forwarding("eth0", "arc_eth0");
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1012}
1013
Taoyu Lieb6cc8f2019-12-09 15:53:04 +0900[diff] [blame]1014TEST(DatapathTest, AddIPv6HostRoute) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1015 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1016 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1017 EXPECT_CALL(runner,
1018 ip6(StrEq("route"), StrEq("replace"),
1019 ElementsAre("2001:da8:e00::1234/128", "dev", "eth0"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1020 Datapath datapath(&runner, &firewall);
Taoyu Lieb6cc8f2019-12-09 15:53:04 +0900[diff] [blame]1021 datapath.AddIPv6HostRoute("eth0", "2001:da8:e00::1234", 128);
Taoyu Lieb6cc8f2019-12-09 15:53:04 +0900[diff] [blame]1022}
1023
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1024TEST(DatapathTest, AddIPv4Route) {
1025 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1026 MockFirewall firewall;
1027 Datapath datapath(&runner, &firewall, (ioctl_t)ioctl_rtentry_cap);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1028
1029 datapath.AddIPv4Route(Ipv4Addr(192, 168, 1, 1), Ipv4Addr(100, 115, 93, 0),
1030 Ipv4Addr(255, 255, 255, 0));
1031 datapath.DeleteIPv4Route(Ipv4Addr(192, 168, 1, 1), Ipv4Addr(100, 115, 93, 0),
1032 Ipv4Addr(255, 255, 255, 0));
1033 datapath.AddIPv4Route("eth0", Ipv4Addr(100, 115, 92, 8),
1034 Ipv4Addr(255, 255, 255, 252));
1035 datapath.DeleteIPv4Route("eth0", Ipv4Addr(100, 115, 92, 8),
1036 Ipv4Addr(255, 255, 255, 252));
1037
1038 std::vector<ioctl_req_t> expected_reqs = {SIOCADDRT, SIOCDELRT, SIOCADDRT,
1039 SIOCDELRT};
1040 EXPECT_EQ(expected_reqs, ioctl_reqs);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1041
1042 std::string route1 =
1043 "{rt_dst: {family: AF_INET, port: 0, addr: 100.115.93.0}, rt_genmask: "
1044 "{family: AF_INET, port: 0, addr: 255.255.255.0}, rt_gateway: {family: "
1045 "AF_INET, port: 0, addr: 192.168.1.1}, rt_dev: null, rt_flags: RTF_UP | "
1046 "RTF_GATEWAY}";
1047 std::string route2 =
1048 "{rt_dst: {family: AF_INET, port: 0, addr: 100.115.92.8}, rt_genmask: "
1049 "{family: AF_INET, port: 0, addr: 255.255.255.252}, rt_gateway: {unset}, "
1050 "rt_dev: eth0, rt_flags: RTF_UP | RTF_GATEWAY}";
1051 std::vector<std::string> captured_routes;
1052 for (const auto& route : ioctl_rtentry_args) {
1053 std::ostringstream stream;
1054 stream << route.second;
1055 captured_routes.emplace_back(stream.str());
1056 }
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1057 EXPECT_EQ(route1, captured_routes[0]);
1058 EXPECT_EQ(route1, captured_routes[1]);
1059 EXPECT_EQ(route2, captured_routes[2]);
1060 EXPECT_EQ(route2, captured_routes[3]);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]1061 ioctl_reqs.clear();
1062 ioctl_rtentry_args.clear();
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1063}
1064
Garrick Evans2f581a02020-05-11 10:43:35 +0900[diff] [blame]1065TEST(DatapathTest, ArcVethHostName) {
1066 EXPECT_EQ("vetheth0", ArcVethHostName("eth0"));
1067 EXPECT_EQ("vethrmnet0", ArcVethHostName("rmnet0"));
1068 EXPECT_EQ("vethrmnet_data0", ArcVethHostName("rmnet_data0"));
1069 EXPECT_EQ("vethifnamsiz_i0", ArcVethHostName("ifnamsiz_ifnam0"));
1070 auto ifname = ArcVethHostName("exceeds_ifnamesiz_checkanyway");
1071 EXPECT_EQ("vethexceeds_ify", ifname);
1072 EXPECT_LT(ifname.length(), IFNAMSIZ);
1073}
1074
Garrick Evans8a067562020-05-11 12:47:30 +0900[diff] [blame]1075TEST(DatapathTest, ArcBridgeName) {
1076 EXPECT_EQ("arc_eth0", ArcBridgeName("eth0"));
1077 EXPECT_EQ("arc_rmnet0", ArcBridgeName("rmnet0"));
1078 EXPECT_EQ("arc_rmnet_data0", ArcBridgeName("rmnet_data0"));
1079 EXPECT_EQ("arc_ifnamsiz_i0", ArcBridgeName("ifnamsiz_ifnam0"));
1080 auto ifname = ArcBridgeName("exceeds_ifnamesiz_checkanyway");
1081 EXPECT_EQ("arc_exceeds_ify", ifname);
1082 EXPECT_LT(ifname.length(), IFNAMSIZ);
1083}
1084
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]1085} // namespace patchpanel