Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / fdd115e1c7729131519528ee58b23682fec560c8 / . / patchpanel / datapath_test.cc
blob: bf075b8cd36117bc8658d3db7e40c603f105b490 [file] [log] [blame]
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]1// Copyright 2019 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]5#include "patchpanel/datapath.h"
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]6
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]7#include <linux/if_tun.h>
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]8#include <net/if.h>
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]9#include <sys/ioctl.h>
10
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]11#include <utility>
12#include <vector>
13
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]14#include <base/bind.h>
Qijiang Fane90b8792020-03-09 16:15:41 +0900[diff] [blame]15#include <base/bind_helpers.h>
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]16#include <base/strings/string_util.h>
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]17#include <gmock/gmock.h>
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]18#include <gtest/gtest.h>
19
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]20#include "patchpanel/mock_firewall.h"
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]21#include "patchpanel/net_util.h"
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]22
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]23using testing::_;
24using testing::ElementsAre;
25using testing::Return;
26using testing::StrEq;
27
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]28namespace patchpanel {
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]29namespace {
30
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]31// TODO(hugobenichi) Centralize this constant definition
32constexpr pid_t kTestPID = -2;
33
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]34std::vector<ioctl_req_t> ioctl_reqs;
35std::vector<std::pair<std::string, struct rtentry>> ioctl_rtentry_args;
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]36
37// Capture all ioctls and succeed.
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]38int ioctl_req_cap(int fd, ioctl_req_t req, ...) {
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]39 ioctl_reqs.push_back(req);
40 return 0;
41}
42
43// Capture ioctls for SIOCADDRT and SIOCDELRT and succeed.
44int ioctl_rtentry_cap(int fd, ioctl_req_t req, struct rtentry* arg) {
45 ioctl_reqs.push_back(req);
46 ioctl_rtentry_args.push_back({"", *arg});
47 // Copy the string poited by rtentry.rt_dev because Add/DeleteIPv4Route pass
48 // this value to ioctl() on the stack.
49 if (arg->rt_dev) {
50 auto& cap = ioctl_rtentry_args.back();
51 cap.first = std::string(arg->rt_dev);
52 cap.second.rt_dev = (char*)cap.first.c_str();
53 }
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]54 return 0;
55}
56
57} // namespace
58
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]59class MockProcessRunner : public MinijailedProcessRunner {
60 public:
61 MockProcessRunner() = default;
62 ~MockProcessRunner() = default;
63
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]64 MOCK_METHOD1(WriteSentinelToContainer, int(pid_t pid));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]65 MOCK_METHOD3(brctl,
66 int(const std::string& cmd,
67 const std::vector<std::string>& argv,
68 bool log_failures));
69 MOCK_METHOD4(chown,
70 int(const std::string& uid,
71 const std::string& gid,
72 const std::string& file,
73 bool log_failures));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]74 MOCK_METHOD4(ip,
75 int(const std::string& obj,
76 const std::string& cmd,
77 const std::vector<std::string>& args,
78 bool log_failures));
79 MOCK_METHOD4(ip6,
80 int(const std::string& obj,
81 const std::string& cmd,
82 const std::vector<std::string>& args,
83 bool log_failures));
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]84 MOCK_METHOD4(iptables,
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]85 int(const std::string& table,
86 const std::vector<std::string>& argv,
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]87 bool log_failures,
88 std::string* output));
89 MOCK_METHOD4(ip6tables,
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]90 int(const std::string& table,
91 const std::vector<std::string>& argv,
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]92 bool log_failures,
93 std::string* output));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]94 MOCK_METHOD2(modprobe_all,
95 int(const std::vector<std::string>& modules, bool log_failures));
96 MOCK_METHOD3(sysctl_w,
97 int(const std::string& key,
98 const std::string& value,
99 bool log_failures));
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]100 MOCK_METHOD3(ip_netns_attach,
101 int(const std::string& netns_name,
102 pid_t netns_pid,
103 bool log_failures));
104 MOCK_METHOD2(ip_netns_delete,
105 int(const std::string& netns_name, bool log_failures));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]106};
107
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]108TEST(DatapathTest, IpFamily) {
109 EXPECT_EQ(IpFamily::Dual, IpFamily::IPv4 | IpFamily::IPv6);
110 EXPECT_EQ(IpFamily::Dual & IpFamily::IPv4, IpFamily::IPv4);
111 EXPECT_EQ(IpFamily::Dual & IpFamily::IPv6, IpFamily::IPv6);
112 EXPECT_NE(IpFamily::Dual, IpFamily::IPv4);
113 EXPECT_NE(IpFamily::Dual, IpFamily::IPv6);
114 EXPECT_NE(IpFamily::IPv4, IpFamily::IPv6);
115}
116
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]117TEST(DatapathTest, Start) {
118 MockProcessRunner runner;
119 MockFirewall firewall;
120 // Asserts for sysctl modifications
121 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv4.ip_forward"), StrEq("1"), true));
122 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv4.ip_local_port_range"),
123 StrEq("32768 47103"), true));
124 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv6.conf.all.forwarding"),
125 StrEq("1"), true));
126 // Asserts for AddSNATMarkRules
127 EXPECT_CALL(
128 runner,
129 iptables(StrEq("filter"),
130 ElementsAre("-A", "FORWARD", "-m", "mark", "--mark", "1/1", "-m",
131 "state", "--state", "INVALID", "-j", "DROP", "-w"),
132 true, nullptr));
133 EXPECT_CALL(runner,
134 iptables(StrEq("filter"),
135 ElementsAre("-A", "FORWARD", "-m", "mark", "--mark",
136 "1/1", "-j", "ACCEPT", "-w"),
137 true, nullptr));
138 EXPECT_CALL(runner,
139 iptables(StrEq("nat"),
140 ElementsAre("-A", "POSTROUTING", "-m", "mark", "--mark",
141 "1/1", "-j", "MASQUERADE", "-w"),
142 true, nullptr));
143 // Asserts for AddForwardEstablishedRule
144 EXPECT_CALL(runner,
145 iptables(StrEq("filter"),
146 ElementsAre("-A", "FORWARD", "-m", "state", "--state",
147 "ESTABLISHED,RELATED", "-j", "ACCEPT", "-w"),
148 true, nullptr));
149 // Asserts for AddSourceIPv4DropRule() calls.
150 EXPECT_CALL(runner,
151 iptables(StrEq("filter"),
152 ElementsAre("-I", "OUTPUT", "-o", "eth+", "-s",
153 "100.115.92.0/23", "-j", "DROP", "-w"),
154 true, nullptr));
155 EXPECT_CALL(runner,
156 iptables(StrEq("filter"),
157 ElementsAre("-I", "OUTPUT", "-o", "wlan+", "-s",
158 "100.115.92.0/23", "-j", "DROP", "-w"),
159 true, nullptr));
160 EXPECT_CALL(runner,
161 iptables(StrEq("filter"),
162 ElementsAre("-I", "OUTPUT", "-o", "mlan+", "-s",
163 "100.115.92.0/23", "-j", "DROP", "-w"),
164 true, nullptr));
165 EXPECT_CALL(runner,
166 iptables(StrEq("filter"),
167 ElementsAre("-I", "OUTPUT", "-o", "usb+", "-s",
168 "100.115.92.0/23", "-j", "DROP", "-w"),
169 true, nullptr));
170 EXPECT_CALL(runner,
171 iptables(StrEq("filter"),
172 ElementsAre("-I", "OUTPUT", "-o", "wwan+", "-s",
173 "100.115.92.0/23", "-j", "DROP", "-w"),
174 true, nullptr));
175 EXPECT_CALL(runner,
176 iptables(StrEq("filter"),
177 ElementsAre("-I", "OUTPUT", "-o", "rmnet+", "-s",
178 "100.115.92.0/23", "-j", "DROP", "-w"),
179 true, nullptr));
180 // Asserts for AddOutboundIPv4SNATMark("vmtap+")
181 EXPECT_CALL(runner,
182 iptables(StrEq("mangle"),
183 ElementsAre("-A", "PREROUTING", "-i", "vmtap+", "-j",
184 "MARK", "--set-mark", "1/1", "-w"),
185 true, nullptr));
Hugo Benichi3ef370b2020-11-16 19:07:17 +0900[diff] [blame]186 // Asserts for apply_vpn_mark chain
187 EXPECT_CALL(runner, iptables(StrEq("mangle"),
188 ElementsAre("-N", "apply_vpn_mark", "-w"), true,
189 nullptr));
190 EXPECT_CALL(runner, iptables(StrEq("mangle"),
191 ElementsAre("-F", "apply_vpn_mark", "-w"), true,
192 nullptr));
193 EXPECT_CALL(runner, iptables(StrEq("mangle"),
194 ElementsAre("-A", "OUTPUT", "-m", "mark",
195 "--mark", "0x00008000/0x0000c000",
196 "-j", "apply_vpn_mark", "-w"),
197 true, nullptr));
198 EXPECT_CALL(runner, iptables(StrEq("mangle"),
199 ElementsAre("-A", "apply_vpn_mark", "-m", "mark",
200 "!", "--mark", "0x0/0xffff0000",
201 "-j", "ACCEPT", "-w"),
202 true, nullptr));
203 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
204 ElementsAre("-N", "apply_vpn_mark", "-w"), true,
205 nullptr));
206 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
207 ElementsAre("-F", "apply_vpn_mark", "-w"), true,
208 nullptr));
209 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
210 ElementsAre("-A", "OUTPUT", "-m", "mark",
211 "--mark", "0x00008000/0x0000c000",
212 "-j", "apply_vpn_mark", "-w"),
213 true, nullptr));
214 EXPECT_CALL(
215 runner,
216 ip6tables(StrEq("mangle"),
217 ElementsAre("-A", "apply_vpn_mark", "-m", "mark", "!", "--mark",
218 "0x0/0xffff0000", "-j", "ACCEPT", "-w"),
219 true, nullptr));
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]220
221 Datapath datapath(&runner, &firewall);
222 datapath.Start();
223}
224
225TEST(DatapathTest, Stop) {
226 MockProcessRunner runner;
227 MockFirewall firewall;
228 // Asserts for sysctl modifications
229 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv4.ip_local_port_range"),
230 StrEq("32768 61000"), true));
231 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv6.conf.all.forwarding"),
232 StrEq("0"), true));
233 EXPECT_CALL(runner, sysctl_w(StrEq("net.ipv4.ip_forward"), StrEq("0"), true));
234 // Asserts for RemoveOutboundIPv4SNATMark("vmtap+")
235 EXPECT_CALL(runner,
236 iptables(StrEq("mangle"),
237 ElementsAre("-D", "PREROUTING", "-i", "vmtap+", "-j",
238 "MARK", "--set-mark", "1/1", "-w"),
239 true, nullptr));
240 // Asserts for RemoveForwardEstablishedRule
241 EXPECT_CALL(runner,
242 iptables(StrEq("filter"),
243 ElementsAre("-D", "FORWARD", "-m", "state", "--state",
244 "ESTABLISHED,RELATED", "-j", "ACCEPT", "-w"),
245 true, nullptr));
246 // Asserts for RemoveSNATMarkRules
247 EXPECT_CALL(
248 runner,
249 iptables(StrEq("filter"),
250 ElementsAre("-D", "FORWARD", "-m", "mark", "--mark", "1/1", "-m",
251 "state", "--state", "INVALID", "-j", "DROP", "-w"),
252 true, nullptr));
253 EXPECT_CALL(runner,
254 iptables(StrEq("filter"),
255 ElementsAre("-D", "FORWARD", "-m", "mark", "--mark",
256 "1/1", "-j", "ACCEPT", "-w"),
257 true, nullptr));
258 EXPECT_CALL(runner,
259 iptables(StrEq("nat"),
260 ElementsAre("-D", "POSTROUTING", "-m", "mark", "--mark",
261 "1/1", "-j", "MASQUERADE", "-w"),
262 true, nullptr));
263 // Asserts for RemoveSourceIPv4DropRule() calls.
264 EXPECT_CALL(runner,
265 iptables(StrEq("filter"),
266 ElementsAre("-D", "OUTPUT", "-o", "eth+", "-s",
267 "100.115.92.0/23", "-j", "DROP", "-w"),
268 true, nullptr));
269 EXPECT_CALL(runner,
270 iptables(StrEq("filter"),
271 ElementsAre("-D", "OUTPUT", "-o", "wlan+", "-s",
272 "100.115.92.0/23", "-j", "DROP", "-w"),
273 true, nullptr));
274 EXPECT_CALL(runner,
275 iptables(StrEq("filter"),
276 ElementsAre("-D", "OUTPUT", "-o", "mlan+", "-s",
277 "100.115.92.0/23", "-j", "DROP", "-w"),
278 true, nullptr));
279 EXPECT_CALL(runner,
280 iptables(StrEq("filter"),
281 ElementsAre("-D", "OUTPUT", "-o", "usb+", "-s",
282 "100.115.92.0/23", "-j", "DROP", "-w"),
283 true, nullptr));
284 EXPECT_CALL(runner,
285 iptables(StrEq("filter"),
286 ElementsAre("-D", "OUTPUT", "-o", "wwan+", "-s",
287 "100.115.92.0/23", "-j", "DROP", "-w"),
288 true, nullptr));
289 EXPECT_CALL(runner,
290 iptables(StrEq("filter"),
291 ElementsAre("-D", "OUTPUT", "-o", "rmnet+", "-s",
292 "100.115.92.0/23", "-j", "DROP", "-w"),
293 true, nullptr));
Hugo Benichi3ef370b2020-11-16 19:07:17 +0900[diff] [blame]294 // Asserts for apply_vpn_mark chain
295 EXPECT_CALL(runner, iptables(StrEq("mangle"),
296 ElementsAre("-D", "OUTPUT", "-m", "mark",
297 "--mark", "0x00008000/0x0000c000",
298 "-j", "apply_vpn_mark", "-w"),
299 true, nullptr));
300 EXPECT_CALL(runner, iptables(StrEq("mangle"),
301 ElementsAre("-F", "apply_vpn_mark", "-w"), true,
302 nullptr));
303 EXPECT_CALL(runner, iptables(StrEq("mangle"),
304 ElementsAre("-X", "apply_vpn_mark", "-w"), true,
305 nullptr));
306 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
307 ElementsAre("-D", "OUTPUT", "-m", "mark",
308 "--mark", "0x00008000/0x0000c000",
309 "-j", "apply_vpn_mark", "-w"),
310 true, nullptr));
311 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
312 ElementsAre("-F", "apply_vpn_mark", "-w"), true,
313 nullptr));
314 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
315 ElementsAre("-X", "apply_vpn_mark", "-w"), true,
316 nullptr));
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]317
318 Datapath datapath(&runner, &firewall);
319 datapath.Stop();
320}
321
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]322TEST(DatapathTest, AddTAP) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]323 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]324 MockFirewall firewall;
325 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]326 MacAddress mac = {1, 2, 3, 4, 5, 6};
Qijiang Fane90b8792020-03-09 16:15:41 +0900[diff] [blame]327 Subnet subnet(Ipv4Addr(100, 115, 92, 4), 30, base::DoNothing());
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]328 auto addr = subnet.AllocateAtOffset(0);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]329 auto ifname = datapath.AddTAP("foo0", &mac, addr.get(), "");
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]330 EXPECT_EQ(ifname, "foo0");
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]331 std::vector<ioctl_req_t> expected = {
332 TUNSETIFF, TUNSETPERSIST, SIOCSIFADDR, SIOCSIFNETMASK,
333 SIOCSIFHWADDR, SIOCGIFFLAGS, SIOCSIFFLAGS};
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]334 EXPECT_EQ(ioctl_reqs, expected);
335 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]336 ioctl_rtentry_args.clear();
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]337}
338
339TEST(DatapathTest, AddTAPWithOwner) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]340 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]341 MockFirewall firewall;
342 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]343 MacAddress mac = {1, 2, 3, 4, 5, 6};
Qijiang Fane90b8792020-03-09 16:15:41 +0900[diff] [blame]344 Subnet subnet(Ipv4Addr(100, 115, 92, 4), 30, base::DoNothing());
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]345 auto addr = subnet.AllocateAtOffset(0);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]346 auto ifname = datapath.AddTAP("foo0", &mac, addr.get(), "root");
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]347 EXPECT_EQ(ifname, "foo0");
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]348 std::vector<ioctl_req_t> expected = {
349 TUNSETIFF, TUNSETPERSIST, TUNSETOWNER, SIOCSIFADDR,
350 SIOCSIFNETMASK, SIOCSIFHWADDR, SIOCGIFFLAGS, SIOCSIFFLAGS};
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]351 EXPECT_EQ(ioctl_reqs, expected);
352 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]353 ioctl_rtentry_args.clear();
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]354}
355
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]356TEST(DatapathTest, AddTAPNoAddrs) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]357 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]358 MockFirewall firewall;
359 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]360 auto ifname = datapath.AddTAP("foo0", nullptr, nullptr, "");
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]361 EXPECT_EQ(ifname, "foo0");
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]362 std::vector<ioctl_req_t> expected = {TUNSETIFF, TUNSETPERSIST, SIOCGIFFLAGS,
363 SIOCSIFFLAGS};
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]364 EXPECT_EQ(ioctl_reqs, expected);
365 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]366 ioctl_rtentry_args.clear();
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]367}
368
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]369TEST(DatapathTest, RemoveTAP) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]370 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]371 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]372 EXPECT_CALL(runner, ip(StrEq("tuntap"), StrEq("del"),
373 ElementsAre("foo0", "mode", "tap"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]374 Datapath datapath(&runner, &firewall);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]375 datapath.RemoveTAP("foo0");
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]376}
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]377
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]378TEST(DatapathTest, NetnsAttachName) {
379 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]380 MockFirewall firewall;
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]381 EXPECT_CALL(runner, ip_netns_delete(StrEq("netns_foo"), false));
382 EXPECT_CALL(runner, ip_netns_attach(StrEq("netns_foo"), 1234, true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]383 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]384 EXPECT_TRUE(datapath.NetnsAttachName("netns_foo", 1234));
385}
386
387TEST(DatapathTest, NetnsDeleteName) {
388 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]389 MockFirewall firewall;
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]390 EXPECT_CALL(runner, ip_netns_delete(StrEq("netns_foo"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]391 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]392 EXPECT_TRUE(datapath.NetnsDeleteName("netns_foo"));
393}
394
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]395TEST(DatapathTest, AddBridge) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]396 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]397 MockFirewall firewall;
398 Datapath datapath(&runner, &firewall);
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]399 EXPECT_CALL(runner, brctl(StrEq("addbr"), ElementsAre("br"), true));
Garrick Evans6f4fa3a2020-02-10 16:15:09 +0900[diff] [blame]400 EXPECT_CALL(
401 runner,
402 ip(StrEq("addr"), StrEq("add"),
403 ElementsAre("1.1.1.1/30", "brd", "1.1.1.3", "dev", "br"), true));
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]404 EXPECT_CALL(runner,
405 ip(StrEq("link"), StrEq("set"), ElementsAre("br", "up"), true));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]406 EXPECT_CALL(runner, iptables(StrEq("mangle"),
407 ElementsAre("-A", "PREROUTING", "-i", "br", "-j",
Hugo Benichi6c445322020-08-12 16:46:19 +0900[diff] [blame]408 "MARK", "--set-mark", "1/1", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]409 true, nullptr));
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]410 datapath.AddBridge("br", Ipv4Addr(1, 1, 1, 1), 30);
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]411}
412
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]413TEST(DatapathTest, ConnectVethPair) {
414 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]415 MockFirewall firewall;
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]416 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("add"),
417 ElementsAre("veth_foo", "type", "veth", "peer", "name",
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]418 "peer_foo", "netns", "netns_foo"),
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]419 true));
420 EXPECT_CALL(runner, ip(StrEq("addr"), StrEq("add"),
421 ElementsAre("100.115.92.169/30", "brd",
422 "100.115.92.171", "dev", "peer_foo"),
423 true))
424 .WillOnce(Return(0));
425 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
426 ElementsAre("dev", "peer_foo", "up", "addr",
427 "01:02:03:04:05:06", "multicast", "on"),
428 true))
429 .WillOnce(Return(0));
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]430 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
431 ElementsAre("veth_foo", "up"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]432 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]433 EXPECT_TRUE(datapath.ConnectVethPair(kTestPID, "netns_foo", "veth_foo",
434 "peer_foo", {1, 2, 3, 4, 5, 6},
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]435 Ipv4Addr(100, 115, 92, 169), 30, true));
436}
437
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]438TEST(DatapathTest, AddVirtualInterfacePair) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]439 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]440 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]441 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("add"),
442 ElementsAre("veth_foo", "type", "veth", "peer", "name",
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]443 "peer_foo", "netns", "netns_foo"),
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]444 true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]445 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]446 EXPECT_TRUE(
447 datapath.AddVirtualInterfacePair("netns_foo", "veth_foo", "peer_foo"));
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]448}
449
450TEST(DatapathTest, ToggleInterface) {
451 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]452 MockFirewall firewall;
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]453 EXPECT_CALL(runner,
454 ip(StrEq("link"), StrEq("set"), ElementsAre("foo", "up"), true));
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]455 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]456 ElementsAre("bar", "down"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]457 Datapath datapath(&runner, &firewall);
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]458 EXPECT_TRUE(datapath.ToggleInterface("foo", true));
459 EXPECT_TRUE(datapath.ToggleInterface("bar", false));
460}
461
462TEST(DatapathTest, ConfigureInterface) {
463 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]464 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]465 EXPECT_CALL(
466 runner,
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]467 ip(StrEq("addr"), StrEq("add"),
468 ElementsAre("1.1.1.1/30", "brd", "1.1.1.3", "dev", "foo"), true))
469 .WillOnce(Return(0));
470 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
471 ElementsAre("dev", "foo", "up", "addr",
472 "02:02:02:02:02:02", "multicast", "on"),
473 true))
474 .WillOnce(Return(0));
475
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]476 Datapath datapath(&runner, &firewall);
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]477 MacAddress mac_addr = {2, 2, 2, 2, 2, 2};
478 EXPECT_TRUE(datapath.ConfigureInterface("foo", mac_addr, Ipv4Addr(1, 1, 1, 1),
479 30, true, true));
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]480}
481
482TEST(DatapathTest, RemoveInterface) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]483 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]484 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]485 EXPECT_CALL(runner,
486 ip(StrEq("link"), StrEq("delete"), ElementsAre("foo"), false));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]487 Datapath datapath(&runner, &firewall);
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]488 datapath.RemoveInterface("foo");
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]489}
490
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]491TEST(DatapathTest, RemoveBridge) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]492 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]493 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]494 EXPECT_CALL(runner, iptables(StrEq("mangle"),
495 ElementsAre("-D", "PREROUTING", "-i", "br", "-j",
Hugo Benichi6c445322020-08-12 16:46:19 +0900[diff] [blame]496 "MARK", "--set-mark", "1/1", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]497 true, nullptr));
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]498 EXPECT_CALL(runner,
499 ip(StrEq("link"), StrEq("set"), ElementsAre("br", "down"), true));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]500 EXPECT_CALL(runner, brctl(StrEq("delbr"), ElementsAre("br"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]501 Datapath datapath(&runner, &firewall);
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]502 datapath.RemoveBridge("br");
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]503}
504
Hugo Benichi321f23b2020-09-25 15:42:05 +0900[diff] [blame]505TEST(DatapathTest, AddRemoveSourceIPv4DropRule) {
506 MockProcessRunner runner;
507 MockFirewall firewall;
508 EXPECT_CALL(runner,
509 iptables(StrEq("filter"),
510 ElementsAre("-I", "OUTPUT", "-o", "eth+", "-s",
511 "100.115.92.0/24", "-j", "DROP", "-w"),
512 true, nullptr));
513 EXPECT_CALL(runner,
514 iptables(StrEq("filter"),
515 ElementsAre("-D", "OUTPUT", "-o", "eth+", "-s",
516 "100.115.92.0/24", "-j", "DROP", "-w"),
517 true, nullptr));
518 Datapath datapath(&runner, &firewall);
519 datapath.AddSourceIPv4DropRule("eth+", "100.115.92.0/24");
520 datapath.RemoveSourceIPv4DropRule("eth+", "100.115.92.0/24");
521}
522
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]523TEST(DatapathTest, StartRoutingNamespace) {
524 MockProcessRunner runner;
525 MockFirewall firewall;
526 MacAddress mac = {1, 2, 3, 4, 5, 6};
527
528 EXPECT_CALL(runner, ip_netns_delete(StrEq("netns_foo"), false));
529 EXPECT_CALL(runner, ip_netns_attach(StrEq("netns_foo"), kTestPID, true));
530 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("add"),
531 ElementsAre("arc_ns0", "type", "veth", "peer", "name",
532 "veth0", "netns", "netns_foo"),
533 true));
534 EXPECT_CALL(runner, ip(StrEq("addr"), StrEq("add"),
535 ElementsAre("100.115.92.130/30", "brd",
536 "100.115.92.131", "dev", "veth0"),
537 true))
538 .WillOnce(Return(0));
539 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
540 ElementsAre("dev", "veth0", "up", "addr",
541 "01:02:03:04:05:06", "multicast", "off"),
542 true))
543 .WillOnce(Return(0));
544 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
545 ElementsAre("arc_ns0", "up"), true));
546 EXPECT_CALL(runner, ip(StrEq("addr"), StrEq("add"),
547 ElementsAre("100.115.92.129/30", "brd",
548 "100.115.92.131", "dev", "arc_ns0"),
549 true))
550 .WillOnce(Return(0));
551 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("set"),
552 ElementsAre("dev", "arc_ns0", "up", "addr",
553 "01:02:03:04:05:06", "multicast", "off"),
554 true))
555 .WillOnce(Return(0));
556 EXPECT_CALL(runner, iptables(StrEq("filter"),
557 ElementsAre("-A", "FORWARD", "-o", "arc_ns0",
558 "-j", "ACCEPT", "-w"),
559 true, nullptr));
560 EXPECT_CALL(runner,
561 iptables(StrEq("mangle"),
562 ElementsAre("-A", "PREROUTING", "-i", "arc_ns0", "-j",
563 "MARK", "--set-mark", "1/1", "-w"),
564 true, nullptr));
565
566 Datapath datapath(&runner, &firewall, (ioctl_t)ioctl_rtentry_cap);
567 datapath.StartRoutingNamespace(
568 kTestPID, "netns_foo", "arc_ns0", "veth0", Ipv4Addr(100, 115, 92, 128),
569 30, Ipv4Addr(100, 115, 92, 129), Ipv4Addr(100, 115, 92, 130), mac);
570 ioctl_reqs.clear();
571 ioctl_rtentry_args.clear();
572}
573
574TEST(DatapathTest, StopRoutingNamespace) {
575 MockProcessRunner runner;
576 MockFirewall firewall;
577
578 EXPECT_CALL(runner, iptables(StrEq("filter"),
579 ElementsAre("-D", "FORWARD", "-o", "arc_ns0",
580 "-j", "ACCEPT", "-w"),
581 true, nullptr));
582 EXPECT_CALL(runner,
583 iptables(StrEq("mangle"),
584 ElementsAre("-D", "PREROUTING", "-i", "arc_ns0", "-j",
585 "MARK", "--set-mark", "1/1", "-w"),
586 true, nullptr));
587 EXPECT_CALL(runner, ip_netns_delete(StrEq("netns_foo"), true));
588 EXPECT_CALL(runner, ip(StrEq("link"), StrEq("delete"), ElementsAre("arc_ns0"),
589 false));
590
591 Datapath datapath(&runner, &firewall);
592 datapath.StopRoutingNamespace("netns_foo", "arc_ns0",
593 Ipv4Addr(100, 115, 92, 128), 30,
594 Ipv4Addr(100, 115, 92, 129));
595}
596
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]597TEST(DatapathTest, StartRoutingDevice_Arc) {
598 MockProcessRunner runner;
599 MockFirewall firewall;
600 EXPECT_CALL(runner, iptables(StrEq("nat"),
601 ElementsAre("-A", "PREROUTING", "-i", "eth0",
602 "-m", "socket", "--nowildcard", "-j",
603 "ACCEPT", "-w"),
604 true, nullptr));
605 EXPECT_CALL(runner, iptables(StrEq("nat"),
606 ElementsAre("-A", "PREROUTING", "-i", "eth0",
607 "-p", "tcp", "-j", "DNAT",
608 "--to-destination", "1.2.3.4", "-w"),
609 true, nullptr));
610 EXPECT_CALL(runner, iptables(StrEq("nat"),
611 ElementsAre("-A", "PREROUTING", "-i", "eth0",
612 "-p", "udp", "-j", "DNAT",
613 "--to-destination", "1.2.3.4", "-w"),
614 true, nullptr));
615 EXPECT_CALL(runner, iptables(StrEq("filter"),
Hugo Benichic6ae67c2020-08-14 15:02:13 +0900[diff] [blame]616 ElementsAre("-A", "FORWARD", "-i", "eth0", "-o",
617 "arc_eth0", "-j", "ACCEPT", "-w"),
618 true, nullptr));
619 EXPECT_CALL(runner, iptables(StrEq("filter"),
620 ElementsAre("-A", "FORWARD", "-i", "arc_eth0",
621 "-o", "eth0", "-j", "ACCEPT", "-w"),
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]622 true, nullptr));
Hugo Benichi9be19b12020-08-14 15:33:40 +0900[diff] [blame]623 EXPECT_CALL(runner, iptables(StrEq("mangle"),
624 ElementsAre("-A", "PREROUTING", "-i", "arc_eth0",
625 "-j", "MARK", "--set-mark",
626 "0x00002000/0x00003f00", "-w"),
627 true, nullptr));
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]628 EXPECT_CALL(runner, iptables(StrEq("mangle"),
629 ElementsAre("-A", "PREROUTING", "-i", "arc_eth0",
630 "-j", "MARK", "--set-mark",
631 "0x03ea0000/0xffff0000", "-w"),
632 true, nullptr));
Hugo Benichi5c9c11c2020-09-15 17:25:26 +0900[diff] [blame]633 EXPECT_CALL(
634 runner,
635 ip6tables(StrEq("mangle"),
636 ElementsAre("-A", "PREROUTING", "-i", "arc_eth0", "-j", "MARK",
637 "--set-mark", "0x00002000/0x00003f00", "-w"),
638 true, nullptr));
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]639 EXPECT_CALL(
640 runner,
641 ip6tables(StrEq("mangle"),
642 ElementsAre("-A", "PREROUTING", "-i", "arc_eth0", "-j", "MARK",
643 "--set-mark", "0x03ea0000/0xffff0000", "-w"),
644 true, nullptr));
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]645
646 Datapath datapath(&runner, &firewall);
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]647 datapath.SetIfnameIndex("eth0", 2);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]648 datapath.StartRoutingDevice("eth0", "arc_eth0", Ipv4Addr(1, 2, 3, 4),
649 TrafficSource::ARC);
650}
651
652TEST(DatapathTest, StartRoutingDevice_CrosVM) {
653 MockProcessRunner runner;
654 MockFirewall firewall;
655 EXPECT_CALL(runner, iptables(StrEq("filter"),
656 ElementsAre("-A", "FORWARD", "-o", "vmtap0",
657 "-j", "ACCEPT", "-w"),
658 true, nullptr));
Hugo Benichic6ae67c2020-08-14 15:02:13 +0900[diff] [blame]659 EXPECT_CALL(runner, iptables(StrEq("filter"),
660 ElementsAre("-A", "FORWARD", "-i", "vmtap0",
661 "-j", "ACCEPT", "-w"),
662 true, nullptr));
Hugo Benichi9be19b12020-08-14 15:33:40 +0900[diff] [blame]663 EXPECT_CALL(runner, iptables(StrEq("mangle"),
664 ElementsAre("-A", "PREROUTING", "-i", "vmtap0",
665 "-j", "MARK", "--set-mark",
666 "0x00002100/0x00003f00", "-w"),
667 true, nullptr));
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]668 EXPECT_CALL(runner, iptables(StrEq("mangle"),
669 ElementsAre("-A", "PREROUTING", "-i", "vmtap0",
670 "-j", "CONNMARK", "--restore-mark",
671 "--mask", "0xffff0000", "-w"),
672 true, nullptr));
Hugo Benichi5c9c11c2020-09-15 17:25:26 +0900[diff] [blame]673 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
674 ElementsAre("-A", "PREROUTING", "-i", "vmtap0",
675 "-j", "MARK", "--set-mark",
676 "0x00002100/0x00003f00", "-w"),
677 true, nullptr));
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]678 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
679 ElementsAre("-A", "PREROUTING", "-i", "vmtap0",
680 "-j", "CONNMARK", "--restore-mark",
681 "--mask", "0xffff0000", "-w"),
682 true, nullptr));
Hugo Benichi3ef370b2020-11-16 19:07:17 +0900[diff] [blame]683 EXPECT_CALL(runner, iptables(StrEq("mangle"),
684 ElementsAre("-A", "PREROUTING", "-i", "vmtap0",
685 "-j", "apply_vpn_mark", "-w"),
686 true, nullptr));
687 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
688 ElementsAre("-A", "PREROUTING", "-i", "vmtap0",
689 "-j", "apply_vpn_mark", "-w"),
690 true, nullptr));
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]691
692 Datapath datapath(&runner, &firewall);
693 datapath.StartRoutingDevice("", "vmtap0", Ipv4Addr(1, 2, 3, 4),
694 TrafficSource::CROSVM);
695}
696
697TEST(DatapathTest, StopRoutingDevice_Arc) {
698 MockProcessRunner runner;
699 MockFirewall firewall;
700 EXPECT_CALL(runner, iptables(StrEq("nat"),
701 ElementsAre("-D", "PREROUTING", "-i", "eth0",
702 "-m", "socket", "--nowildcard", "-j",
703 "ACCEPT", "-w"),
704 true, nullptr));
705 EXPECT_CALL(runner, iptables(StrEq("nat"),
706 ElementsAre("-D", "PREROUTING", "-i", "eth0",
707 "-p", "tcp", "-j", "DNAT",
708 "--to-destination", "1.2.3.4", "-w"),
709 true, nullptr));
710 EXPECT_CALL(runner, iptables(StrEq("nat"),
711 ElementsAre("-D", "PREROUTING", "-i", "eth0",
712 "-p", "udp", "-j", "DNAT",
713 "--to-destination", "1.2.3.4", "-w"),
714 true, nullptr));
715 EXPECT_CALL(runner, iptables(StrEq("filter"),
Hugo Benichic6ae67c2020-08-14 15:02:13 +0900[diff] [blame]716 ElementsAre("-D", "FORWARD", "-i", "eth0", "-o",
717 "arc_eth0", "-j", "ACCEPT", "-w"),
718 true, nullptr));
719 EXPECT_CALL(runner, iptables(StrEq("filter"),
720 ElementsAre("-D", "FORWARD", "-i", "arc_eth0",
721 "-o", "eth0", "-j", "ACCEPT", "-w"),
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]722 true, nullptr));
Hugo Benichi9be19b12020-08-14 15:33:40 +0900[diff] [blame]723 EXPECT_CALL(runner, iptables(StrEq("mangle"),
724 ElementsAre("-D", "PREROUTING", "-i", "arc_eth0",
725 "-j", "MARK", "--set-mark",
726 "0x00002000/0x00003f00", "-w"),
727 true, nullptr));
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]728 EXPECT_CALL(runner, iptables(StrEq("mangle"),
729 ElementsAre("-D", "PREROUTING", "-i", "arc_eth0",
730 "-j", "MARK", "--set-mark",
731 "0x03ea0000/0xffff0000", "-w"),
732 true, nullptr));
Hugo Benichi5c9c11c2020-09-15 17:25:26 +0900[diff] [blame]733 EXPECT_CALL(
734 runner,
735 ip6tables(StrEq("mangle"),
736 ElementsAre("-D", "PREROUTING", "-i", "arc_eth0", "-j", "MARK",
737 "--set-mark", "0x00002000/0x00003f00", "-w"),
738 true, nullptr));
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]739 EXPECT_CALL(
740 runner,
741 ip6tables(StrEq("mangle"),
742 ElementsAre("-D", "PREROUTING", "-i", "arc_eth0", "-j", "MARK",
743 "--set-mark", "0x03ea0000/0xffff0000", "-w"),
744 true, nullptr));
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]745
746 Datapath datapath(&runner, &firewall);
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]747 datapath.SetIfnameIndex("eth0", 2);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]748 datapath.StopRoutingDevice("eth0", "arc_eth0", Ipv4Addr(1, 2, 3, 4),
749 TrafficSource::ARC);
750}
751
752TEST(DatapathTest, StopRoutingDevice_CrosVM) {
753 MockProcessRunner runner;
754 MockFirewall firewall;
755 EXPECT_CALL(runner, iptables(StrEq("filter"),
756 ElementsAre("-D", "FORWARD", "-o", "vmtap0",
757 "-j", "ACCEPT", "-w"),
758 true, nullptr));
Hugo Benichic6ae67c2020-08-14 15:02:13 +0900[diff] [blame]759 EXPECT_CALL(runner, iptables(StrEq("filter"),
760 ElementsAre("-D", "FORWARD", "-i", "vmtap0",
761 "-j", "ACCEPT", "-w"),
762 true, nullptr));
Hugo Benichi9be19b12020-08-14 15:33:40 +0900[diff] [blame]763 EXPECT_CALL(runner, iptables(StrEq("mangle"),
764 ElementsAre("-D", "PREROUTING", "-i", "vmtap0",
765 "-j", "MARK", "--set-mark",
766 "0x00002100/0x00003f00", "-w"),
767 true, nullptr));
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]768 EXPECT_CALL(runner, iptables(StrEq("mangle"),
769 ElementsAre("-D", "PREROUTING", "-i", "vmtap0",
770 "-j", "CONNMARK", "--restore-mark",
771 "--mask", "0xffff0000", "-w"),
772 true, nullptr));
Hugo Benichi5c9c11c2020-09-15 17:25:26 +0900[diff] [blame]773 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
774 ElementsAre("-D", "PREROUTING", "-i", "vmtap0",
775 "-j", "MARK", "--set-mark",
776 "0x00002100/0x00003f00", "-w"),
777 true, nullptr));
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]778 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
779 ElementsAre("-D", "PREROUTING", "-i", "vmtap0",
780 "-j", "CONNMARK", "--restore-mark",
781 "--mask", "0xffff0000", "-w"),
782 true, nullptr));
Hugo Benichi3ef370b2020-11-16 19:07:17 +0900[diff] [blame]783 EXPECT_CALL(runner, iptables(StrEq("mangle"),
784 ElementsAre("-D", "PREROUTING", "-i", "vmtap0",
785 "-j", "apply_vpn_mark", "-w"),
786 true, nullptr));
787 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
788 ElementsAre("-D", "PREROUTING", "-i", "vmtap0",
789 "-j", "apply_vpn_mark", "-w"),
790 true, nullptr));
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]791
792 Datapath datapath(&runner, &firewall);
793 datapath.StopRoutingDevice("", "vmtap0", Ipv4Addr(1, 2, 3, 4),
794 TrafficSource::CROSVM);
795}
796
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]797TEST(DatapathTest, StartStopIpForwarding) {
798 struct {
799 IpFamily family;
800 std::string iif;
801 std::string oif;
802 std::vector<std::string> start_args;
803 std::vector<std::string> stop_args;
804 bool result;
805 } testcases[] = {
806 {IpFamily::IPv4, "", "", {}, {}, false},
807 {IpFamily::NONE, "foo", "bar", {}, {}, false},
808 {IpFamily::IPv4,
809 "foo",
810 "bar",
811 {"-A", "FORWARD", "-i", "foo", "-o", "bar", "-j", "ACCEPT", "-w"},
812 {"-D", "FORWARD", "-i", "foo", "-o", "bar", "-j", "ACCEPT", "-w"},
813 true},
814 {IpFamily::IPv4,
815 "",
816 "bar",
817 {"-A", "FORWARD", "-o", "bar", "-j", "ACCEPT", "-w"},
818 {"-D", "FORWARD", "-o", "bar", "-j", "ACCEPT", "-w"},
819 true},
820 {IpFamily::IPv4,
821 "foo",
822 "",
823 {"-A", "FORWARD", "-i", "foo", "-j", "ACCEPT", "-w"},
824 {"-D", "FORWARD", "-i", "foo", "-j", "ACCEPT", "-w"},
825 true},
826 {IpFamily::IPv6,
827 "foo",
828 "bar",
829 {"-A", "FORWARD", "-i", "foo", "-o", "bar", "-j", "ACCEPT", "-w"},
830 {"-D", "FORWARD", "-i", "foo", "-o", "bar", "-j", "ACCEPT", "-w"},
831 true},
832 {IpFamily::IPv6,
833 "",
834 "bar",
835 {"-A", "FORWARD", "-o", "bar", "-j", "ACCEPT", "-w"},
836 {"-D", "FORWARD", "-o", "bar", "-j", "ACCEPT", "-w"},
837 true},
838 {IpFamily::IPv6,
839 "foo",
840 "",
841 {"-A", "FORWARD", "-i", "foo", "-j", "ACCEPT", "-w"},
842 {"-D", "FORWARD", "-i", "foo", "-j", "ACCEPT", "-w"},
843 true},
844 {IpFamily::Dual,
845 "foo",
846 "bar",
847 {"-A", "FORWARD", "-i", "foo", "-o", "bar", "-j", "ACCEPT", "-w"},
848 {"-D", "FORWARD", "-i", "foo", "-o", "bar", "-j", "ACCEPT", "-w"},
849 true},
850 {IpFamily::Dual,
851 "",
852 "bar",
853 {"-A", "FORWARD", "-o", "bar", "-j", "ACCEPT", "-w"},
854 {"-D", "FORWARD", "-o", "bar", "-j", "ACCEPT", "-w"},
855 true},
856 {IpFamily::Dual,
857 "foo",
858 "",
859 {"-A", "FORWARD", "-i", "foo", "-j", "ACCEPT", "-w"},
860 {"-D", "FORWARD", "-i", "foo", "-j", "ACCEPT", "-w"},
861 true},
862 };
863
864 for (const auto& tt : testcases) {
865 MockProcessRunner runner;
866 MockFirewall firewall;
867 if (tt.result) {
868 if (tt.family & IpFamily::IPv4) {
869 EXPECT_CALL(runner,
870 iptables(StrEq("filter"), tt.start_args, true, nullptr))
871 .WillOnce(Return(0));
872 EXPECT_CALL(runner,
873 iptables(StrEq("filter"), tt.stop_args, true, nullptr))
874 .WillOnce(Return(0));
875 }
876 if (tt.family & IpFamily::IPv6) {
877 EXPECT_CALL(runner,
878 ip6tables(StrEq("filter"), tt.start_args, true, nullptr))
879 .WillOnce(Return(0));
880 EXPECT_CALL(runner,
881 ip6tables(StrEq("filter"), tt.stop_args, true, nullptr))
882 .WillOnce(Return(0));
883 }
884 }
885 Datapath datapath(&runner, &firewall);
886
887 EXPECT_EQ(tt.result, datapath.StartIpForwarding(tt.family, tt.iif, tt.oif));
888 EXPECT_EQ(tt.result, datapath.StopIpForwarding(tt.family, tt.iif, tt.oif));
889 }
890}
891
Hugo Benichi76be34a2020-08-26 22:35:54 +0900[diff] [blame]892TEST(DatapathTest, StartStopConnectionPinning) {
893 MockProcessRunner runner;
894 MockFirewall firewall;
895 EXPECT_CALL(runner, iptables(StrEq("mangle"),
896 ElementsAre("-A", "POSTROUTING", "-o", "eth0",
897 "-j", "CONNMARK", "--set-mark",
898 "0x03eb0000/0xffff0000", "-w"),
899 true, nullptr));
900 EXPECT_CALL(runner, iptables(StrEq("mangle"),
901 ElementsAre("-D", "POSTROUTING", "-o", "eth0",
902 "-j", "CONNMARK", "--set-mark",
903 "0x03eb0000/0xffff0000", "-w"),
904 true, nullptr));
905 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
906 ElementsAre("-A", "POSTROUTING", "-o", "eth0",
907 "-j", "CONNMARK", "--set-mark",
908 "0x03eb0000/0xffff0000", "-w"),
909 true, nullptr));
910 EXPECT_CALL(runner, ip6tables(StrEq("mangle"),
911 ElementsAre("-D", "POSTROUTING", "-o", "eth0",
912 "-j", "CONNMARK", "--set-mark",
913 "0x03eb0000/0xffff0000", "-w"),
914 true, nullptr));
915 Datapath datapath(&runner, &firewall);
916 datapath.SetIfnameIndex("eth0", 3);
917 datapath.StartConnectionPinning("eth0");
918 datapath.StopConnectionPinning("eth0");
919}
920
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]921TEST(DatapathTest, AddInboundIPv4DNAT) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]922 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]923 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]924 EXPECT_CALL(runner, iptables(StrEq("nat"),
925 ElementsAre("-A", "PREROUTING", "-i", "eth0",
926 "-m", "socket", "--nowildcard", "-j",
927 "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]928 true, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]929 EXPECT_CALL(runner, iptables(StrEq("nat"),
930 ElementsAre("-A", "PREROUTING", "-i", "eth0",
931 "-p", "tcp", "-j", "DNAT",
932 "--to-destination", "1.2.3.4", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]933 true, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]934 EXPECT_CALL(runner, iptables(StrEq("nat"),
935 ElementsAre("-A", "PREROUTING", "-i", "eth0",
936 "-p", "udp", "-j", "DNAT",
937 "--to-destination", "1.2.3.4", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]938 true, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]939 Datapath datapath(&runner, &firewall);
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]940 datapath.AddInboundIPv4DNAT("eth0", "1.2.3.4");
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]941}
942
943TEST(DatapathTest, RemoveInboundIPv4DNAT) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]944 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]945 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]946 EXPECT_CALL(runner, iptables(StrEq("nat"),
947 ElementsAre("-D", "PREROUTING", "-i", "eth0",
948 "-m", "socket", "--nowildcard", "-j",
949 "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]950 true, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]951 EXPECT_CALL(runner, iptables(StrEq("nat"),
952 ElementsAre("-D", "PREROUTING", "-i", "eth0",
953 "-p", "tcp", "-j", "DNAT",
954 "--to-destination", "1.2.3.4", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]955 true, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]956 EXPECT_CALL(runner, iptables(StrEq("nat"),
957 ElementsAre("-D", "PREROUTING", "-i", "eth0",
958 "-p", "udp", "-j", "DNAT",
959 "--to-destination", "1.2.3.4", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]960 true, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]961 Datapath datapath(&runner, &firewall);
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]962 datapath.RemoveInboundIPv4DNAT("eth0", "1.2.3.4");
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]963}
964
Garrick Evans664a82f2019-12-17 12:18:05 +0900[diff] [blame]965TEST(DatapathTest, MaskInterfaceFlags) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]966 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]967 MockFirewall firewall;
968 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]969
Garrick Evans664a82f2019-12-17 12:18:05 +0900[diff] [blame]970 bool result = datapath.MaskInterfaceFlags("foo0", IFF_DEBUG);
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]971 EXPECT_TRUE(result);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]972 std::vector<ioctl_req_t> expected = {SIOCGIFFLAGS, SIOCSIFFLAGS};
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]973 EXPECT_EQ(ioctl_reqs, expected);
974 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]975 ioctl_rtentry_args.clear();
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]976}
977
978TEST(DatapathTest, AddIPv6Forwarding) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]979 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]980 MockFirewall firewall;
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]981 // Return 1 on iptables -C to simulate rule not existing case
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]982 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
983 ElementsAre("-C", "FORWARD", "-i", "eth0", "-o",
984 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]985 false, nullptr))
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]986 .WillOnce(Return(1));
987 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
988 ElementsAre("-A", "FORWARD", "-i", "eth0", "-o",
989 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]990 true, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]991 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
992 ElementsAre("-C", "FORWARD", "-i", "arc_eth0",
993 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]994 false, nullptr))
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]995 .WillOnce(Return(1));
996 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
997 ElementsAre("-A", "FORWARD", "-i", "arc_eth0",
998 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]999 true, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1000 Datapath datapath(&runner, &firewall);
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1001 datapath.AddIPv6Forwarding("eth0", "arc_eth0");
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1002}
1003
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]1004TEST(DatapathTest, AddIPv6ForwardingRuleExists) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1005 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1006 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1007 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
1008 ElementsAre("-C", "FORWARD", "-i", "eth0", "-o",
1009 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1010 false, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1011 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
1012 ElementsAre("-C", "FORWARD", "-i", "arc_eth0",
1013 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1014 false, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1015 Datapath datapath(&runner, &firewall);
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]1016 datapath.AddIPv6Forwarding("eth0", "arc_eth0");
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]1017}
1018
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1019TEST(DatapathTest, RemoveIPv6Forwarding) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1020 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1021 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1022 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
1023 ElementsAre("-D", "FORWARD", "-i", "eth0", "-o",
1024 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1025 true, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1026 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
1027 ElementsAre("-D", "FORWARD", "-i", "arc_eth0",
1028 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1029 true, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1030 Datapath datapath(&runner, &firewall);
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1031 datapath.RemoveIPv6Forwarding("eth0", "arc_eth0");
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1032}
1033
Taoyu Lieb6cc8f2019-12-09 15:53:04 +0900[diff] [blame]1034TEST(DatapathTest, AddIPv6HostRoute) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1035 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1036 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1037 EXPECT_CALL(runner,
1038 ip6(StrEq("route"), StrEq("replace"),
1039 ElementsAre("2001:da8:e00::1234/128", "dev", "eth0"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1040 Datapath datapath(&runner, &firewall);
Taoyu Lieb6cc8f2019-12-09 15:53:04 +0900[diff] [blame]1041 datapath.AddIPv6HostRoute("eth0", "2001:da8:e00::1234", 128);
Taoyu Lieb6cc8f2019-12-09 15:53:04 +0900[diff] [blame]1042}
1043
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1044TEST(DatapathTest, AddIPv4Route) {
1045 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1046 MockFirewall firewall;
1047 Datapath datapath(&runner, &firewall, (ioctl_t)ioctl_rtentry_cap);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1048
1049 datapath.AddIPv4Route(Ipv4Addr(192, 168, 1, 1), Ipv4Addr(100, 115, 93, 0),
1050 Ipv4Addr(255, 255, 255, 0));
1051 datapath.DeleteIPv4Route(Ipv4Addr(192, 168, 1, 1), Ipv4Addr(100, 115, 93, 0),
1052 Ipv4Addr(255, 255, 255, 0));
1053 datapath.AddIPv4Route("eth0", Ipv4Addr(100, 115, 92, 8),
1054 Ipv4Addr(255, 255, 255, 252));
1055 datapath.DeleteIPv4Route("eth0", Ipv4Addr(100, 115, 92, 8),
1056 Ipv4Addr(255, 255, 255, 252));
1057
1058 std::vector<ioctl_req_t> expected_reqs = {SIOCADDRT, SIOCDELRT, SIOCADDRT,
1059 SIOCDELRT};
1060 EXPECT_EQ(expected_reqs, ioctl_reqs);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1061
1062 std::string route1 =
1063 "{rt_dst: {family: AF_INET, port: 0, addr: 100.115.93.0}, rt_genmask: "
1064 "{family: AF_INET, port: 0, addr: 255.255.255.0}, rt_gateway: {family: "
1065 "AF_INET, port: 0, addr: 192.168.1.1}, rt_dev: null, rt_flags: RTF_UP | "
1066 "RTF_GATEWAY}";
1067 std::string route2 =
1068 "{rt_dst: {family: AF_INET, port: 0, addr: 100.115.92.8}, rt_genmask: "
1069 "{family: AF_INET, port: 0, addr: 255.255.255.252}, rt_gateway: {unset}, "
1070 "rt_dev: eth0, rt_flags: RTF_UP | RTF_GATEWAY}";
1071 std::vector<std::string> captured_routes;
1072 for (const auto& route : ioctl_rtentry_args) {
1073 std::ostringstream stream;
1074 stream << route.second;
1075 captured_routes.emplace_back(stream.str());
1076 }
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1077 EXPECT_EQ(route1, captured_routes[0]);
1078 EXPECT_EQ(route1, captured_routes[1]);
1079 EXPECT_EQ(route2, captured_routes[2]);
1080 EXPECT_EQ(route2, captured_routes[3]);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]1081 ioctl_reqs.clear();
1082 ioctl_rtentry_args.clear();
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1083}
1084
Garrick Evansd291af62020-05-25 10:39:06 +0900[diff] [blame]1085TEST(DatapathTest, AddSNATMarkRules) {
1086 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1087 MockFirewall firewall;
Taoyu Li79871c92020-07-02 16:09:39 +0900[diff] [blame]1088 EXPECT_CALL(
1089 runner,
1090 iptables(StrEq("filter"),
Hugo Benichi6c445322020-08-12 16:46:19 +0900[diff] [blame]1091 ElementsAre("-A", "FORWARD", "-m", "mark", "--mark", "1/1", "-m",
Taoyu Li79871c92020-07-02 16:09:39 +0900[diff] [blame]1092 "state", "--state", "INVALID", "-j", "DROP", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1093 true, nullptr));
Hugo Benichi6c445322020-08-12 16:46:19 +0900[diff] [blame]1094 EXPECT_CALL(runner,
1095 iptables(StrEq("filter"),
1096 ElementsAre("-A", "FORWARD", "-m", "mark", "--mark",
1097 "1/1", "-j", "ACCEPT", "-w"),
1098 true, nullptr));
Garrick Evansd291af62020-05-25 10:39:06 +0900[diff] [blame]1099 EXPECT_CALL(runner,
1100 iptables(StrEq("nat"),
1101 ElementsAre("-A", "POSTROUTING", "-m", "mark", "--mark",
Hugo Benichi6c445322020-08-12 16:46:19 +0900[diff] [blame]1102 "1/1", "-j", "MASQUERADE", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1103 true, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1104 Datapath datapath(&runner, &firewall);
Garrick Evansd291af62020-05-25 10:39:06 +0900[diff] [blame]1105 datapath.AddSNATMarkRules();
1106}
1107
1108TEST(DatapathTest, RemoveSNATMarkRules) {
1109 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1110 MockFirewall firewall;
Taoyu Li79871c92020-07-02 16:09:39 +0900[diff] [blame]1111 EXPECT_CALL(
1112 runner,
1113 iptables(StrEq("filter"),
Hugo Benichi6c445322020-08-12 16:46:19 +0900[diff] [blame]1114 ElementsAre("-D", "FORWARD", "-m", "mark", "--mark", "1/1", "-m",
Taoyu Li79871c92020-07-02 16:09:39 +0900[diff] [blame]1115 "state", "--state", "INVALID", "-j", "DROP", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1116 true, nullptr));
Hugo Benichi6c445322020-08-12 16:46:19 +0900[diff] [blame]1117 EXPECT_CALL(runner,
1118 iptables(StrEq("filter"),
1119 ElementsAre("-D", "FORWARD", "-m", "mark", "--mark",
1120 "1/1", "-j", "ACCEPT", "-w"),
1121 true, nullptr));
Garrick Evansd291af62020-05-25 10:39:06 +0900[diff] [blame]1122 EXPECT_CALL(runner,
1123 iptables(StrEq("nat"),
1124 ElementsAre("-D", "POSTROUTING", "-m", "mark", "--mark",
Hugo Benichi6c445322020-08-12 16:46:19 +0900[diff] [blame]1125 "1/1", "-j", "MASQUERADE", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1126 true, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1127 Datapath datapath(&runner, &firewall);
Garrick Evansd291af62020-05-25 10:39:06 +0900[diff] [blame]1128 datapath.RemoveSNATMarkRules();
1129}
1130
Garrick Evans2f581a02020-05-11 10:43:35 +0900[diff] [blame]1131TEST(DatapathTest, ArcVethHostName) {
1132 EXPECT_EQ("vetheth0", ArcVethHostName("eth0"));
1133 EXPECT_EQ("vethrmnet0", ArcVethHostName("rmnet0"));
1134 EXPECT_EQ("vethrmnet_data0", ArcVethHostName("rmnet_data0"));
1135 EXPECT_EQ("vethifnamsiz_i0", ArcVethHostName("ifnamsiz_ifnam0"));
1136 auto ifname = ArcVethHostName("exceeds_ifnamesiz_checkanyway");
1137 EXPECT_EQ("vethexceeds_ify", ifname);
1138 EXPECT_LT(ifname.length(), IFNAMSIZ);
1139}
1140
Garrick Evans8a067562020-05-11 12:47:30 +0900[diff] [blame]1141TEST(DatapathTest, ArcBridgeName) {
1142 EXPECT_EQ("arc_eth0", ArcBridgeName("eth0"));
1143 EXPECT_EQ("arc_rmnet0", ArcBridgeName("rmnet0"));
1144 EXPECT_EQ("arc_rmnet_data0", ArcBridgeName("rmnet_data0"));
1145 EXPECT_EQ("arc_ifnamsiz_i0", ArcBridgeName("ifnamsiz_ifnam0"));
1146 auto ifname = ArcBridgeName("exceeds_ifnamesiz_checkanyway");
1147 EXPECT_EQ("arc_exceeds_ify", ifname);
1148 EXPECT_LT(ifname.length(), IFNAMSIZ);
1149}
1150
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]1151} // namespace patchpanel