Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / 0781d40df151373d4d8039104963da38c75b2a61 / . / patchpanel / datapath_test.cc
blob: 9f4cdc36b5bbebb1160ca7e0a7bb115d481967de [file] [log] [blame]
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]1// Copyright 2019 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]5#include "patchpanel/datapath.h"
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]6
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]7#include <linux/if_tun.h>
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]8#include <net/if.h>
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]9#include <sys/ioctl.h>
10
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]11#include <utility>
12#include <vector>
13
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]14#include <base/bind.h>
Qijiang Fane90b8792020-03-09 16:15:41 +0900[diff] [blame]15#include <base/bind_helpers.h>
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]16#include <base/strings/string_split.h>
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]17#include <base/strings/string_util.h>
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]18#include <gmock/gmock.h>
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]19#include <gtest/gtest.h>
20
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]21#include "patchpanel/mock_firewall.h"
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]22#include "patchpanel/net_util.h"
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]23
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]24using testing::_;
25using testing::ElementsAre;
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]26using testing::ElementsAreArray;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]27using testing::Return;
28using testing::StrEq;
29
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]30namespace patchpanel {
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]31namespace {
32
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]33// TODO(hugobenichi) Centralize this constant definition
34constexpr pid_t kTestPID = -2;
35
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]36std::vector<ioctl_req_t> ioctl_reqs;
37std::vector<std::pair<std::string, struct rtentry>> ioctl_rtentry_args;
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]38
39// Capture all ioctls and succeed.
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]40int ioctl_req_cap(int fd, ioctl_req_t req, ...) {
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]41 ioctl_reqs.push_back(req);
42 return 0;
43}
44
45// Capture ioctls for SIOCADDRT and SIOCDELRT and succeed.
46int ioctl_rtentry_cap(int fd, ioctl_req_t req, struct rtentry* arg) {
47 ioctl_reqs.push_back(req);
48 ioctl_rtentry_args.push_back({"", *arg});
49 // Copy the string poited by rtentry.rt_dev because Add/DeleteIPv4Route pass
50 // this value to ioctl() on the stack.
51 if (arg->rt_dev) {
52 auto& cap = ioctl_rtentry_args.back();
53 cap.first = std::string(arg->rt_dev);
54 cap.second.rt_dev = (char*)cap.first.c_str();
55 }
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]56 return 0;
57}
58
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]59std::vector<std::string> SplitCommand(const std::string& command) {
60 return base::SplitString(command, " ",
61 base::WhitespaceHandling::TRIM_WHITESPACE,
62 base::SplitResult::SPLIT_WANT_NONEMPTY);
63}
64
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]65} // namespace
66
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]67using IpFamily::Dual;
68using IpFamily::IPv4;
69using IpFamily::IPv6;
70
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]71class MockProcessRunner : public MinijailedProcessRunner {
72 public:
73 MockProcessRunner() = default;
74 ~MockProcessRunner() = default;
75
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]76 MOCK_METHOD3(brctl,
77 int(const std::string& cmd,
78 const std::vector<std::string>& argv,
79 bool log_failures));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]80 MOCK_METHOD4(ip,
81 int(const std::string& obj,
82 const std::string& cmd,
83 const std::vector<std::string>& args,
84 bool log_failures));
85 MOCK_METHOD4(ip6,
86 int(const std::string& obj,
87 const std::string& cmd,
88 const std::vector<std::string>& args,
89 bool log_failures));
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]90 MOCK_METHOD4(iptables,
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]91 int(const std::string& table,
92 const std::vector<std::string>& argv,
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]93 bool log_failures,
94 std::string* output));
95 MOCK_METHOD4(ip6tables,
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]96 int(const std::string& table,
97 const std::vector<std::string>& argv,
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]98 bool log_failures,
99 std::string* output));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]100 MOCK_METHOD3(sysctl_w,
101 int(const std::string& key,
102 const std::string& value,
103 bool log_failures));
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]104 MOCK_METHOD3(ip_netns_attach,
105 int(const std::string& netns_name,
106 pid_t netns_pid,
107 bool log_failures));
108 MOCK_METHOD2(ip_netns_delete,
109 int(const std::string& netns_name, bool log_failures));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]110};
111
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]112void Verify_brctl(MockProcessRunner& runner, const std::string& command) {
113 auto args = SplitCommand(command);
114 const auto action = args[0];
115 args.erase(args.begin());
116 EXPECT_CALL(runner, brctl(StrEq(action), ElementsAreArray(args), _));
117}
118
119void Verify_ip(MockProcessRunner& runner, const std::string& command) {
120 auto args = SplitCommand(command);
121 const auto object = args[0];
122 const auto action = args[1];
123 args.erase(args.begin());
124 args.erase(args.begin());
125 EXPECT_CALL(runner,
126 ip(StrEq(object), StrEq(action), ElementsAreArray(args), _));
127}
128
129void Verify_ip6(MockProcessRunner& runner, const std::string& command) {
130 auto args = SplitCommand(command);
131 const auto object = args[0];
132 const auto action = args[1];
133 args.erase(args.begin());
134 args.erase(args.begin());
135 EXPECT_CALL(runner,
136 ip6(StrEq(object), StrEq(action), ElementsAreArray(args), _));
137}
138
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]139void Verify_iptables(MockProcessRunner& runner,
140 IpFamily family,
141 const std::string& command) {
142 auto args =
143 base::SplitString(command, " ", base::WhitespaceHandling::TRIM_WHITESPACE,
144 base::SplitResult::SPLIT_WANT_NONEMPTY);
145 const auto table = args[0];
146 args.erase(args.begin());
147 if (family & IPv4)
148 EXPECT_CALL(runner,
149 iptables(StrEq(table), ElementsAreArray(args), _, nullptr));
150 if (family & IPv6)
151 EXPECT_CALL(runner,
152 ip6tables(StrEq(table), ElementsAreArray(args), _, nullptr));
153}
154
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]155void Verify_sysctl_w(MockProcessRunner& runner,
156 const std::string& key,
157 const std::string& value) {
158 EXPECT_CALL(runner, sysctl_w(StrEq(key), StrEq(value), _));
159}
160
161void Verify_ip_netns_attach(MockProcessRunner& runner,
162 const std::string& netns_name,
163 pid_t pid) {
164 EXPECT_CALL(runner, ip_netns_attach(StrEq(netns_name), pid, _));
165}
166
167void Verify_ip_netns_delete(MockProcessRunner& runner,
168 const std::string& netns_name) {
169 EXPECT_CALL(runner, ip_netns_delete(StrEq(netns_name), _));
170}
171
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]172TEST(DatapathTest, IpFamily) {
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]173 EXPECT_EQ(Dual, IPv4 | IPv6);
174 EXPECT_EQ(Dual & IPv4, IPv4);
175 EXPECT_EQ(Dual & IPv6, IPv6);
176 EXPECT_NE(Dual, IPv4);
177 EXPECT_NE(Dual, IPv6);
178 EXPECT_NE(IPv4, IPv6);
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]179}
180
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]181TEST(DatapathTest, Start) {
182 MockProcessRunner runner;
183 MockFirewall firewall;
Hugo Benichi91ee09f2020-12-03 22:24:22 +0900[diff] [blame]184
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]185 // Asserts for sysctl modifications
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]186 Verify_sysctl_w(runner, "net.ipv4.ip_forward", "1");
187 Verify_sysctl_w(runner, "net.ipv4.ip_local_port_range", "32768 47103");
188 Verify_sysctl_w(runner, "net.ipv6.conf.all.forwarding", "1");
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]189
190 std::vector<std::pair<IpFamily, std::string>> iptables_commands = {
191 // Asserts for iptables chain reset.
192 {IPv4, "filter -D OUTPUT -j drop_guest_ipv4_prefix -w"},
193 {Dual, "filter -F FORWARD -w"},
194 {Dual, "mangle -F FORWARD -w"},
195 {Dual, "mangle -F INPUT -w"},
196 {Dual, "mangle -F OUTPUT -w"},
197 {Dual, "mangle -F POSTROUTING -w"},
198 {Dual, "mangle -F PREROUTING -w"},
199 {Dual, "mangle -L apply_local_source_mark -w"},
200 {Dual, "mangle -F apply_local_source_mark -w"},
201 {Dual, "mangle -X apply_local_source_mark -w"},
202 {Dual, "mangle -L apply_vpn_mark -w"},
203 {Dual, "mangle -F apply_vpn_mark -w"},
204 {Dual, "mangle -X apply_vpn_mark -w"},
205 {Dual, "mangle -L check_routing_mark -w"},
206 {Dual, "mangle -F check_routing_mark -w"},
207 {Dual, "mangle -X check_routing_mark -w"},
208 {IPv4, "filter -L drop_guest_ipv4_prefix -w"},
209 {IPv4, "filter -F drop_guest_ipv4_prefix -w"},
210 {IPv4, "filter -X drop_guest_ipv4_prefix -w"},
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]211 {IPv4, "nat -L redirect_dns -w"},
212 {IPv4, "nat -F redirect_dns -w"},
213 {IPv4, "nat -X redirect_dns -w"},
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]214 {IPv4, "nat -F POSTROUTING -w"},
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]215 {IPv4, "nat -F OUTPUT -w"},
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]216 // Asserts for SNAT rules.
217 {IPv4,
218 "filter -A FORWARD -m mark --mark 1/1 -m state --state INVALID -j DROP "
219 "-w"},
220 {IPv4, "nat -A POSTROUTING -m mark --mark 1/1 -j MASQUERADE -w"},
221 // Asserts for AddForwardEstablishedRule
222 {IPv4,
223 "filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -w"},
224 // Asserts for AddSourceIPv4DropRule() calls.
225 {IPv4, "filter -N drop_guest_ipv4_prefix -w"},
226 {IPv4, "filter -I OUTPUT -j drop_guest_ipv4_prefix -w"},
227 {IPv4,
228 "filter -I drop_guest_ipv4_prefix -o eth+ -s 100.115.92.0/23 -j DROP "
229 "-w"},
230 {IPv4,
231 "filter -I drop_guest_ipv4_prefix -o wlan+ -s 100.115.92.0/23 -j DROP "
232 "-w"},
233 {IPv4,
234 "filter -I drop_guest_ipv4_prefix -o mlan+ -s 100.115.92.0/23 -j DROP "
235 "-w"},
236 {IPv4,
237 "filter -I drop_guest_ipv4_prefix -o usb+ -s 100.115.92.0/23 -j DROP "
238 "-w"},
239 {IPv4,
240 "filter -I drop_guest_ipv4_prefix -o wwan+ -s 100.115.92.0/23 -j DROP "
241 "-w"},
242 {IPv4,
243 "filter -I drop_guest_ipv4_prefix -o rmnet+ -s 100.115.92.0/23 -j DROP "
244 "-w"},
245 // Asserts for AddOutboundIPv4SNATMark("vmtap+")
246 {IPv4, "mangle -A PREROUTING -i vmtap+ -j MARK --set-mark 1/1 -w"},
247 // Asserts for OUTPUT ndp connmark bypass rule
248 {IPv6,
249 "mangle -I OUTPUT -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT "
250 "-w"},
251 {IPv6,
252 "mangle -I OUTPUT -p icmpv6 --icmpv6-type router-advertisement -j "
253 "ACCEPT -w"},
254 {IPv6,
255 "mangle -I OUTPUT -p icmpv6 --icmpv6-type neighbour-solicitation -j "
256 "ACCEPT -w"},
257 {IPv6,
258 "mangle -I OUTPUT -p icmpv6 --icmpv6-type neighbour-advertisement -j "
259 "ACCEPT -w"},
260 {IPv6,
261 "mangle -I check_routing_mark -p icmpv6 --icmpv6-type "
262 "router-solicitation -j RETURN -w"},
263 {IPv6,
264 "mangle -I check_routing_mark -p icmpv6 --icmpv6-type "
265 "router-advertisement -j RETURN -w"},
266 {IPv6,
267 "mangle -I check_routing_mark -p icmpv6 --icmpv6-type "
268 "neighbour-solicitation -j RETURN -w"},
269 {IPv6,
270 "mangle -I check_routing_mark -p icmpv6 --icmpv6-type "
271 "neighbour-advertisement -j RETURN -w"},
272 // Asserts for OUTPUT CONNMARK restore rule
273 {Dual,
274 "mangle -A OUTPUT -j CONNMARK --restore-mark --mask 0xffff0000 -w"},
275 // Asserts for apply_local_source_mark chain
276 {Dual, "mangle -N apply_local_source_mark -w"},
277 {Dual, "mangle -A OUTPUT -j apply_local_source_mark -w"},
278 {Dual,
279 "mangle -A apply_local_source_mark -m owner --uid-owner chronos -j MARK "
280 "--set-mark 0x00008100/0x0000ff00 -w"},
281 {Dual,
282 "mangle -A apply_local_source_mark -m owner --uid-owner debugd -j MARK "
283 "--set-mark 0x00008200/0x0000ff00 -w"},
284 {Dual,
285 "mangle -A apply_local_source_mark -m owner --uid-owner cups -j MARK "
286 "--set-mark 0x00008200/0x0000ff00 -w"},
287 {Dual,
288 "mangle -A apply_local_source_mark -m owner --uid-owner lpadmin -j MARK "
289 "--set-mark 0x00008200/0x0000ff00 -w"},
290 {Dual,
291 "mangle -A apply_local_source_mark -m owner --uid-owner kerberosd -j "
292 "MARK --set-mark 0x00008400/0x0000ff00 -w"},
293 {Dual,
294 "mangle -A apply_local_source_mark -m owner --uid-owner kerberosd-exec "
295 "-j MARK --set-mark 0x00008400/0x0000ff00 -w"},
296 {Dual,
297 "mangle -A apply_local_source_mark -m owner --uid-owner tlsdate -j MARK "
298 "--set-mark 0x00008400/0x0000ff00 -w"},
299 {Dual,
300 "mangle -A apply_local_source_mark -m owner --uid-owner pluginvm -j "
301 "MARK --set-mark 0x00008200/0x0000ff00 -w"},
302 {Dual,
303 "mangle -A apply_local_source_mark -m owner --uid-owner fuse-smbfs -j "
304 "MARK --set-mark 0x00008400/0x0000ff00 -w"},
305 {Dual,
306 "mangle -A apply_local_source_mark -m cgroup --cgroup 0x00010001 -j "
307 "MARK --set-mark 0x00000300/0x0000ff00 -w"},
308 {Dual,
309 "mangle -A apply_local_source_mark -m mark --mark 0x0/0x00003f00 -j "
310 "MARK --set-mark 0x00000400/0x00003f00 -w"},
311 // Asserts for apply_vpn_mark chain
312 {Dual, "mangle -N apply_vpn_mark -w"},
313 {Dual,
314 "mangle -A OUTPUT -m mark --mark 0x00008000/0x0000c000 -j "
315 "apply_vpn_mark -w"},
316 {Dual,
317 "mangle -A apply_vpn_mark -m mark ! --mark 0x0/0xffff0000 -j ACCEPT -w"},
318 // Asserts for check_routing_mark chain
319 {Dual, "mangle -N check_routing_mark -w"},
320 {Dual,
321 "mangle -A POSTROUTING -j CONNMARK --restore-mark --mask 0xffff0000 -w"},
322 {Dual,
323 "mangle -A POSTROUTING -m mark ! --mark 0x0/0xffff0000 -j "
324 "check_routing_mark -w"},
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]325 // Asserts for redirect_dns chain creation
326 {IPv4, "nat -N redirect_dns -w"},
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]327 };
328 for (const auto& c : iptables_commands) {
329 Verify_iptables(runner, c.first, c.second);
330 }
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]331
332 Datapath datapath(&runner, &firewall);
333 datapath.Start();
334}
335
336TEST(DatapathTest, Stop) {
337 MockProcessRunner runner;
338 MockFirewall firewall;
339 // Asserts for sysctl modifications
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]340 Verify_sysctl_w(runner, "net.ipv4.ip_local_port_range", "32768 61000");
341 Verify_sysctl_w(runner, "net.ipv6.conf.all.forwarding", "0");
342 Verify_sysctl_w(runner, "net.ipv4.ip_forward", "0");
Hugo Benichi91ee09f2020-12-03 22:24:22 +0900[diff] [blame]343 // Asserts for iptables chain reset.
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]344 std::vector<std::pair<IpFamily, std::string>> iptables_commands = {
345 {IPv4, "filter -D OUTPUT -j drop_guest_ipv4_prefix -w"},
346 {Dual, "filter -F FORWARD -w"},
347 {Dual, "mangle -F FORWARD -w"},
348 {Dual, "mangle -F INPUT -w"},
349 {Dual, "mangle -F OUTPUT -w"},
350 {Dual, "mangle -F POSTROUTING -w"},
351 {Dual, "mangle -F PREROUTING -w"},
352 {Dual, "mangle -L apply_local_source_mark -w"},
353 {Dual, "mangle -F apply_local_source_mark -w"},
354 {Dual, "mangle -X apply_local_source_mark -w"},
355 {Dual, "mangle -L apply_vpn_mark -w"},
356 {Dual, "mangle -F apply_vpn_mark -w"},
357 {Dual, "mangle -X apply_vpn_mark -w"},
358 {Dual, "mangle -L check_routing_mark -w"},
359 {Dual, "mangle -F check_routing_mark -w"},
360 {Dual, "mangle -X check_routing_mark -w"},
361 {IPv4, "filter -L drop_guest_ipv4_prefix -w"},
362 {IPv4, "filter -F drop_guest_ipv4_prefix -w"},
363 {IPv4, "filter -X drop_guest_ipv4_prefix -w"},
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]364 {IPv4, "nat -L redirect_dns -w"},
365 {IPv4, "nat -F redirect_dns -w"},
366 {IPv4, "nat -X redirect_dns -w"},
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]367 {IPv4, "nat -F POSTROUTING -w"},
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]368 {IPv4, "nat -F OUTPUT -w"},
Hugo Benichic72b07e2021-01-22 22:55:05 +0900[diff] [blame]369 };
370 for (const auto& c : iptables_commands) {
371 Verify_iptables(runner, c.first, c.second);
372 }
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]373
374 Datapath datapath(&runner, &firewall);
375 datapath.Stop();
376}
377
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]378TEST(DatapathTest, AddTAP) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]379 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]380 MockFirewall firewall;
381 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]382 MacAddress mac = {1, 2, 3, 4, 5, 6};
Qijiang Fane90b8792020-03-09 16:15:41 +0900[diff] [blame]383 Subnet subnet(Ipv4Addr(100, 115, 92, 4), 30, base::DoNothing());
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]384 auto addr = subnet.AllocateAtOffset(0);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]385 auto ifname = datapath.AddTAP("foo0", &mac, addr.get(), "");
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]386 EXPECT_EQ(ifname, "foo0");
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]387 std::vector<ioctl_req_t> expected = {
388 TUNSETIFF, TUNSETPERSIST, SIOCSIFADDR, SIOCSIFNETMASK,
389 SIOCSIFHWADDR, SIOCGIFFLAGS, SIOCSIFFLAGS};
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]390 EXPECT_EQ(ioctl_reqs, expected);
391 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]392 ioctl_rtentry_args.clear();
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]393}
394
395TEST(DatapathTest, AddTAPWithOwner) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]396 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]397 MockFirewall firewall;
398 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]399 MacAddress mac = {1, 2, 3, 4, 5, 6};
Qijiang Fane90b8792020-03-09 16:15:41 +0900[diff] [blame]400 Subnet subnet(Ipv4Addr(100, 115, 92, 4), 30, base::DoNothing());
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]401 auto addr = subnet.AllocateAtOffset(0);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]402 auto ifname = datapath.AddTAP("foo0", &mac, addr.get(), "root");
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]403 EXPECT_EQ(ifname, "foo0");
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]404 std::vector<ioctl_req_t> expected = {
405 TUNSETIFF, TUNSETPERSIST, TUNSETOWNER, SIOCSIFADDR,
406 SIOCSIFNETMASK, SIOCSIFHWADDR, SIOCGIFFLAGS, SIOCSIFFLAGS};
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]407 EXPECT_EQ(ioctl_reqs, expected);
408 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]409 ioctl_rtentry_args.clear();
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]410}
411
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]412TEST(DatapathTest, AddTAPNoAddrs) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]413 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]414 MockFirewall firewall;
415 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]416 auto ifname = datapath.AddTAP("foo0", nullptr, nullptr, "");
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]417 EXPECT_EQ(ifname, "foo0");
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]418 std::vector<ioctl_req_t> expected = {TUNSETIFF, TUNSETPERSIST, SIOCGIFFLAGS,
419 SIOCSIFFLAGS};
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]420 EXPECT_EQ(ioctl_reqs, expected);
421 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]422 ioctl_rtentry_args.clear();
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]423}
424
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]425TEST(DatapathTest, RemoveTAP) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]426 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]427 MockFirewall firewall;
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]428 Verify_ip(runner, "tuntap del foo0 mode tap");
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]429 Datapath datapath(&runner, &firewall);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]430 datapath.RemoveTAP("foo0");
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]431}
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]432
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]433TEST(DatapathTest, NetnsAttachName) {
434 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]435 MockFirewall firewall;
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]436 Verify_ip_netns_delete(runner, "netns_foo");
437 Verify_ip_netns_attach(runner, "netns_foo", 1234);
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]438 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]439 EXPECT_TRUE(datapath.NetnsAttachName("netns_foo", 1234));
440}
441
442TEST(DatapathTest, NetnsDeleteName) {
443 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]444 MockFirewall firewall;
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]445 EXPECT_CALL(runner, ip_netns_delete(StrEq("netns_foo"), true));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]446 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]447 EXPECT_TRUE(datapath.NetnsDeleteName("netns_foo"));
448}
449
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]450TEST(DatapathTest, AddBridge) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]451 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]452 MockFirewall firewall;
453 Datapath datapath(&runner, &firewall);
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]454 Verify_brctl(runner, "addbr br");
455 Verify_ip(runner, "addr add 1.1.1.1/30 brd 1.1.1.3 dev br");
456 Verify_ip(runner, "link set br up");
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]457 Verify_iptables(runner, IPv4,
458 "mangle -A PREROUTING -i br -j MARK --set-mark 1/1 -w");
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]459 datapath.AddBridge("br", Ipv4Addr(1, 1, 1, 1), 30);
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]460}
461
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]462TEST(DatapathTest, ConnectVethPair) {
463 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]464 MockFirewall firewall;
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]465 Verify_ip(runner,
466 "link add veth_foo type veth peer name peer_foo netns netns_foo");
467 Verify_ip(runner,
468 "addr add 100.115.92.169/30 brd 100.115.92.171 dev peer_foo");
469 Verify_ip(runner,
470 "link set dev peer_foo up addr 01:02:03:04:05:06 multicast on");
471 Verify_ip(runner, "link set veth_foo up");
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]472 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]473 EXPECT_TRUE(datapath.ConnectVethPair(kTestPID, "netns_foo", "veth_foo",
474 "peer_foo", {1, 2, 3, 4, 5, 6},
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]475 Ipv4Addr(100, 115, 92, 169), 30, true));
476}
477
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]478TEST(DatapathTest, AddVirtualInterfacePair) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]479 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]480 MockFirewall firewall;
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]481 Verify_ip(runner,
482 "link add veth_foo type veth peer name peer_foo netns netns_foo");
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]483 Datapath datapath(&runner, &firewall);
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]484 EXPECT_TRUE(
485 datapath.AddVirtualInterfacePair("netns_foo", "veth_foo", "peer_foo"));
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]486}
487
488TEST(DatapathTest, ToggleInterface) {
489 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]490 MockFirewall firewall;
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]491 Verify_ip(runner, "link set foo up");
492 Verify_ip(runner, "link set bar down");
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]493 Datapath datapath(&runner, &firewall);
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]494 EXPECT_TRUE(datapath.ToggleInterface("foo", true));
495 EXPECT_TRUE(datapath.ToggleInterface("bar", false));
496}
497
498TEST(DatapathTest, ConfigureInterface) {
499 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]500 MockFirewall firewall;
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]501 Verify_ip(runner, "addr add 1.1.1.1/30 brd 1.1.1.3 dev foo");
502 Verify_ip(runner, "link set dev foo up addr 02:02:02:02:02:02 multicast on");
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]503
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]504 Datapath datapath(&runner, &firewall);
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]505 MacAddress mac_addr = {2, 2, 2, 2, 2, 2};
506 EXPECT_TRUE(datapath.ConfigureInterface("foo", mac_addr, Ipv4Addr(1, 1, 1, 1),
507 30, true, true));
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]508}
509
510TEST(DatapathTest, RemoveInterface) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]511 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]512 MockFirewall firewall;
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]513 Verify_ip(runner, "link delete foo");
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]514 Datapath datapath(&runner, &firewall);
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]515 datapath.RemoveInterface("foo");
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]516}
517
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]518TEST(DatapathTest, RemoveBridge) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]519 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]520 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]521 Verify_iptables(runner, IPv4,
522 "mangle -D PREROUTING -i br -j MARK --set-mark 1/1 -w");
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]523 Verify_ip(runner, "link set br down");
524 Verify_brctl(runner, "delbr br");
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]525 Datapath datapath(&runner, &firewall);
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]526 datapath.RemoveBridge("br");
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]527}
528
Hugo Benichi321f23b2020-09-25 15:42:05 +0900[diff] [blame]529TEST(DatapathTest, AddRemoveSourceIPv4DropRule) {
530 MockProcessRunner runner;
531 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]532 Verify_iptables(
533 runner, IPv4,
534 "filter -I drop_guest_ipv4_prefix -o eth+ -s 100.115.92.0/24 -j DROP -w");
535 Verify_iptables(
536 runner, IPv4,
537 "filter -D drop_guest_ipv4_prefix -o eth+ -s 100.115.92.0/24 -j DROP -w");
Hugo Benichi321f23b2020-09-25 15:42:05 +0900[diff] [blame]538 Datapath datapath(&runner, &firewall);
539 datapath.AddSourceIPv4DropRule("eth+", "100.115.92.0/24");
540 datapath.RemoveSourceIPv4DropRule("eth+", "100.115.92.0/24");
541}
542
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]543TEST(DatapathTest, StartRoutingNamespace) {
544 MockProcessRunner runner;
545 MockFirewall firewall;
546 MacAddress mac = {1, 2, 3, 4, 5, 6};
547
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]548 Verify_ip_netns_delete(runner, "netns_foo");
549 Verify_ip_netns_attach(runner, "netns_foo", kTestPID);
550 Verify_ip(runner,
551 "link add arc_ns0 type veth peer name veth0 netns netns_foo");
552 Verify_ip(runner, "addr add 100.115.92.130/30 brd 100.115.92.131 dev veth0");
553 Verify_ip(runner,
554 "link set dev veth0 up addr 01:02:03:04:05:06 multicast off");
555 Verify_ip(runner, "link set arc_ns0 up");
556 Verify_ip(runner,
557 "addr add 100.115.92.129/30 brd 100.115.92.131 dev arc_ns0");
558 Verify_ip(runner,
559 "link set dev arc_ns0 up addr 01:02:03:04:05:06 multicast off");
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]560 Verify_iptables(runner, IPv4, "filter -A FORWARD -o arc_ns0 -j ACCEPT -w");
561 Verify_iptables(runner, IPv4, "filter -A FORWARD -i arc_ns0 -j ACCEPT -w");
562 Verify_iptables(runner, IPv4,
563 "mangle -A PREROUTING -i arc_ns0 -j MARK --set-mark 1/1 -w");
564 Verify_iptables(runner, Dual,
565 "mangle -A PREROUTING -i arc_ns0 -j MARK --set-mark "
566 "0x00000200/0x00003f00 -w");
567 Verify_iptables(runner, Dual,
568 "mangle -A PREROUTING -i arc_ns0 -j CONNMARK "
569 "--restore-mark --mask 0xffff0000 -w");
570 Verify_iptables(runner, Dual,
571 "mangle -A PREROUTING -i arc_ns0 -j apply_vpn_mark -w");
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]572
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]573 ConnectedNamespace nsinfo = {};
574 nsinfo.pid = kTestPID;
575 nsinfo.netns_name = "netns_foo";
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]576 nsinfo.source = TrafficSource::USER;
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]577 nsinfo.outbound_ifname = "";
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]578 nsinfo.route_on_vpn = true;
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]579 nsinfo.host_ifname = "arc_ns0";
580 nsinfo.peer_ifname = "veth0";
581 nsinfo.peer_subnet = std::make_unique<Subnet>(Ipv4Addr(100, 115, 92, 128), 30,
582 base::DoNothing());
583 nsinfo.peer_mac_addr = mac;
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]584 Datapath datapath(&runner, &firewall, (ioctl_t)ioctl_rtentry_cap);
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]585 datapath.StartRoutingNamespace(nsinfo);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]586 ioctl_reqs.clear();
587 ioctl_rtentry_args.clear();
588}
589
590TEST(DatapathTest, StopRoutingNamespace) {
591 MockProcessRunner runner;
592 MockFirewall firewall;
593
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]594 Verify_iptables(runner, IPv4, "filter -D FORWARD -o arc_ns0 -j ACCEPT -w");
595 Verify_iptables(runner, IPv4, "filter -D FORWARD -i arc_ns0 -j ACCEPT -w");
596 Verify_iptables(runner, IPv4,
597 "mangle -D PREROUTING -i arc_ns0 -j MARK --set-mark 1/1 -w");
598 Verify_iptables(runner, Dual,
599 "mangle -D PREROUTING -i arc_ns0 -j MARK --set-mark "
600 "0x00000200/0x00003f00 -w");
601 Verify_iptables(runner, Dual,
602 "mangle -D PREROUTING -i arc_ns0 -j CONNMARK "
603 "--restore-mark --mask 0xffff0000 -w");
604 Verify_iptables(runner, Dual,
605 "mangle -D PREROUTING -i arc_ns0 -j apply_vpn_mark -w");
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]606 Verify_ip_netns_delete(runner, "netns_foo");
607 Verify_ip(runner, "link delete arc_ns0");
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]608
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]609 ConnectedNamespace nsinfo = {};
610 nsinfo.pid = kTestPID;
611 nsinfo.netns_name = "netns_foo";
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]612 nsinfo.source = TrafficSource::USER;
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]613 nsinfo.outbound_ifname = "";
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]614 nsinfo.route_on_vpn = true;
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]615 nsinfo.host_ifname = "arc_ns0";
616 nsinfo.peer_ifname = "veth0";
617 nsinfo.peer_subnet = std::make_unique<Subnet>(Ipv4Addr(100, 115, 92, 128), 30,
618 base::DoNothing());
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]619 Datapath datapath(&runner, &firewall);
Hugo Benichifcf81022020-12-04 11:01:37 +0900[diff] [blame]620 datapath.StopRoutingNamespace(nsinfo);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]621}
622
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]623TEST(DatapathTest, StartRoutingDevice_Arc) {
624 MockProcessRunner runner;
625 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]626 Verify_iptables(
627 runner, IPv4,
628 "nat -A PREROUTING -i eth0 -m socket --nowildcard -j ACCEPT -w");
629 Verify_iptables(
630 runner, IPv4,
631 "nat -A PREROUTING -i eth0 -p tcp -j DNAT --to-destination 1.2.3.4 -w");
632 Verify_iptables(
633 runner, IPv4,
634 "nat -A PREROUTING -i eth0 -p udp -j DNAT --to-destination 1.2.3.4 -w");
635 Verify_iptables(runner, IPv4,
636 "filter -A FORWARD -i eth0 -o arc_eth0 -j ACCEPT -w");
637 Verify_iptables(runner, IPv4,
638 "filter -A FORWARD -i arc_eth0 -o eth0 -j ACCEPT -w");
639 Verify_iptables(runner, Dual,
640 "mangle -A PREROUTING -i arc_eth0 -j MARK --set-mark "
641 "0x00002000/0x00003f00 -w");
642 Verify_iptables(runner, Dual,
643 "mangle -A PREROUTING -i arc_eth0 -j MARK --set-mark "
644 "0x03ea0000/0xffff0000 -w");
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]645
646 Datapath datapath(&runner, &firewall);
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]647 datapath.SetIfnameIndex("eth0", 2);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]648 datapath.StartRoutingDevice("eth0", "arc_eth0", Ipv4Addr(1, 2, 3, 4),
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]649 TrafficSource::ARC, false);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]650}
651
652TEST(DatapathTest, StartRoutingDevice_CrosVM) {
653 MockProcessRunner runner;
654 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]655 Verify_iptables(runner, IPv4, "filter -A FORWARD -o vmtap0 -j ACCEPT -w");
656 Verify_iptables(runner, IPv4, "filter -A FORWARD -i vmtap0 -j ACCEPT -w");
657 Verify_iptables(runner, Dual,
658 "mangle -A PREROUTING -i vmtap0 -j MARK --set-mark "
659 "0x00002100/0x00003f00 -w");
660 Verify_iptables(runner, Dual,
661 "mangle -A PREROUTING -i vmtap0 -j CONNMARK "
662 "--restore-mark --mask 0xffff0000 -w");
663 Verify_iptables(runner, Dual,
664 "mangle -A PREROUTING -i vmtap0 -j apply_vpn_mark -w");
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]665
666 Datapath datapath(&runner, &firewall);
667 datapath.StartRoutingDevice("", "vmtap0", Ipv4Addr(1, 2, 3, 4),
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]668 TrafficSource::CROSVM, true);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]669}
670
671TEST(DatapathTest, StopRoutingDevice_Arc) {
672 MockProcessRunner runner;
673 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]674 Verify_iptables(
675 runner, IPv4,
676 "nat -D PREROUTING -i eth0 -m socket --nowildcard -j ACCEPT -w");
677 Verify_iptables(
678 runner, IPv4,
679 "nat -D PREROUTING -i eth0 -p tcp -j DNAT --to-destination 1.2.3.4 -w");
680 Verify_iptables(
681 runner, IPv4,
682 "nat -D PREROUTING -i eth0 -p udp -j DNAT --to-destination 1.2.3.4 -w");
683 Verify_iptables(runner, IPv4,
684 "filter -D FORWARD -i eth0 -o arc_eth0 -j ACCEPT -w");
685 Verify_iptables(runner, IPv4,
686 "filter -D FORWARD -i arc_eth0 -o eth0 -j ACCEPT -w");
687 Verify_iptables(runner, Dual,
688 "mangle -D PREROUTING -i arc_eth0 -j MARK --set-mark "
689 "0x00002000/0x00003f00 -w");
690 Verify_iptables(runner, Dual,
691 "mangle -D PREROUTING -i arc_eth0 -j MARK --set-mark "
692 "0x03ea0000/0xffff0000 -w");
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]693
694 Datapath datapath(&runner, &firewall);
Hugo Benichiaf9d8a72020-08-26 13:28:13 +0900[diff] [blame]695 datapath.SetIfnameIndex("eth0", 2);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]696 datapath.StopRoutingDevice("eth0", "arc_eth0", Ipv4Addr(1, 2, 3, 4),
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]697 TrafficSource::ARC, true);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]698}
699
700TEST(DatapathTest, StopRoutingDevice_CrosVM) {
701 MockProcessRunner runner;
702 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]703 Verify_iptables(runner, IPv4, "filter -D FORWARD -o vmtap0 -j ACCEPT -w");
704 Verify_iptables(runner, IPv4, "filter -D FORWARD -i vmtap0 -j ACCEPT -w");
705 Verify_iptables(runner, Dual,
706 "mangle -D PREROUTING -i vmtap0 -j MARK --set-mark "
707 "0x00002100/0x00003f00 -w");
708 Verify_iptables(runner, Dual,
709 "mangle -D PREROUTING -i vmtap0 -j CONNMARK "
710 "--restore-mark --mask 0xffff0000 -w");
711 Verify_iptables(runner, Dual,
712 "mangle -D PREROUTING -i vmtap0 -j apply_vpn_mark -w");
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]713
714 Datapath datapath(&runner, &firewall);
715 datapath.StopRoutingDevice("", "vmtap0", Ipv4Addr(1, 2, 3, 4),
Hugo Benichi93306e52020-12-04 16:08:00 +0900[diff] [blame]716 TrafficSource::CROSVM, true);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]717}
718
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]719TEST(DatapathTest, StartStopIpForwarding) {
720 struct {
721 IpFamily family;
722 std::string iif;
723 std::string oif;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]724 std::string start_args;
725 std::string stop_args;
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]726 bool result;
727 } testcases[] = {
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]728 {IPv4, "", "", {}, {}, false},
729 {NONE, "foo", "bar", {}, {}, false},
730 {IPv4, "foo", "bar", "filter -A FORWARD -i foo -o bar -j ACCEPT -w",
731 "filter -D FORWARD -i foo -o bar -j ACCEPT -w", true},
732 {IPv4, "", "bar", "filter -A FORWARD -o bar -j ACCEPT -w",
733 "filter -D FORWARD -o bar -j ACCEPT -w", true},
734 {IPv4, "foo", "", "filter -A FORWARD -i foo -j ACCEPT -w",
735 "filter -D FORWARD -i foo -j ACCEPT -w", true},
736 {IPv6, "foo", "bar", "filter -A FORWARD -i foo -o bar -j ACCEPT -w",
737 "filter -D FORWARD -i foo -o bar -j ACCEPT -w", true},
738 {IPv6, "", "bar", "filter -A FORWARD -o bar -j ACCEPT -w",
739 "filter -D FORWARD -o bar -j ACCEPT -w", true},
740 {IPv6, "foo", "", "filter -A FORWARD -i foo -j ACCEPT -w",
741 "filter -D FORWARD -i foo -j ACCEPT -w", true},
742 {Dual, "foo", "bar", "filter -A FORWARD -i foo -o bar -j ACCEPT -w",
743 "filter -D FORWARD -i foo -o bar -j ACCEPT -w", true},
744 {Dual, "", "bar", "filter -A FORWARD -o bar -j ACCEPT -w",
745 "filter -D FORWARD -o bar -j ACCEPT -w", true},
746 {Dual, "foo", "", "filter -A FORWARD -i foo -j ACCEPT -w",
747 "filter -D FORWARD -i foo -j ACCEPT -w", true},
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]748 };
749
750 for (const auto& tt : testcases) {
751 MockProcessRunner runner;
752 MockFirewall firewall;
753 if (tt.result) {
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]754 Verify_iptables(runner, tt.family, tt.start_args);
755 Verify_iptables(runner, tt.family, tt.stop_args);
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]756 }
757 Datapath datapath(&runner, &firewall);
758
759 EXPECT_EQ(tt.result, datapath.StartIpForwarding(tt.family, tt.iif, tt.oif));
760 EXPECT_EQ(tt.result, datapath.StopIpForwarding(tt.family, tt.iif, tt.oif));
761 }
762}
763
Hugo Benichi76be34a2020-08-26 22:35:54 +0900[diff] [blame]764TEST(DatapathTest, StartStopConnectionPinning) {
765 MockProcessRunner runner;
766 MockFirewall firewall;
Hugo Benichi1af52392020-11-27 18:09:32 +0900[diff] [blame]767
768 // Setup
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]769 Verify_iptables(runner, Dual,
770 "mangle -A check_routing_mark -o eth0 -m mark ! "
771 "--mark 0x03eb0000/0xffff0000 -j DROP -w");
772 Verify_iptables(runner, Dual,
773 "mangle -A POSTROUTING -o eth0 -j CONNMARK --set-mark "
774 "0x03eb0000/0xffff0000 -w");
775 Verify_iptables(runner, Dual,
776 "mangle -A POSTROUTING -o eth0 -j CONNMARK "
777 "--save-mark --mask 0x00003f00 -w");
778 Verify_iptables(runner, Dual,
779 "mangle -A PREROUTING -i eth0 -j CONNMARK "
780 "--restore-mark --mask 0x00003f00 -w");
Hugo Benichi155de002021-01-19 16:45:46 +0900[diff] [blame]781
Hugo Benichi1af52392020-11-27 18:09:32 +0900[diff] [blame]782 // Teardown
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]783 Verify_iptables(runner, Dual,
784 "mangle -D check_routing_mark -o eth0 -m mark ! "
785 "--mark 0x03eb0000/0xffff0000 -j DROP -w");
786 Verify_iptables(runner, Dual,
787 "mangle -D POSTROUTING -o eth0 -j CONNMARK --set-mark "
788 "0x03eb0000/0xffff0000 -w");
789 Verify_iptables(runner, Dual,
790 "mangle -D POSTROUTING -o eth0 -j CONNMARK "
791 "--save-mark --mask 0x00003f00 -w");
792 Verify_iptables(runner, Dual,
793 "mangle -D PREROUTING -i eth0 -j CONNMARK "
794 "--restore-mark --mask 0x00003f00 -w");
Hugo Benichi1af52392020-11-27 18:09:32 +0900[diff] [blame]795
Hugo Benichi76be34a2020-08-26 22:35:54 +0900[diff] [blame]796 Datapath datapath(&runner, &firewall);
797 datapath.SetIfnameIndex("eth0", 3);
798 datapath.StartConnectionPinning("eth0");
799 datapath.StopConnectionPinning("eth0");
800}
801
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]802TEST(DatapathTest, StartStopVpnRouting_ArcVpn) {
Hugo Benichi2a940542020-10-26 18:50:49 +0900[diff] [blame]803 MockProcessRunner runner;
804 MockFirewall firewall;
805
806 // Setup
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]807 Verify_iptables(runner, Dual,
808 "mangle -A check_routing_mark -o arcbr0 -m mark ! "
809 "--mark 0x03ed0000/0xffff0000 -j DROP -w");
810 Verify_iptables(runner, Dual,
811 "mangle -A POSTROUTING -o arcbr0 -j CONNMARK "
812 "--set-mark 0x03ed0000/0xffff0000 -w");
813 Verify_iptables(
814 runner, Dual,
815 "mangle -A apply_vpn_mark -j MARK --set-mark 0x03ed0000/0xffff0000 -w");
816 Verify_iptables(runner, Dual,
817 "mangle -A POSTROUTING -o arcbr0 -j CONNMARK "
818 "--save-mark --mask 0x00003f00 -w");
819 Verify_iptables(runner, Dual,
820 "mangle -A PREROUTING -i arcbr0 -j CONNMARK "
821 "--restore-mark --mask 0x00003f00 -w");
822 Verify_iptables(runner, IPv4,
823 "nat -A POSTROUTING -o arcbr0 -j MASQUERADE -w");
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]824 Verify_iptables(runner, IPv4,
825 "nat -A OUTPUT -m mark ! --mark 0x00008000/0x0000c000 -j "
826 "redirect_dns -w");
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]827
Hugo Benichi2a940542020-10-26 18:50:49 +0900[diff] [blame]828 // Teardown
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]829 Verify_iptables(runner, Dual,
830 "mangle -D check_routing_mark -o arcbr0 -m mark ! "
831 "--mark 0x03ed0000/0xffff0000 -j DROP -w");
832 Verify_iptables(runner, Dual,
833 "mangle -D POSTROUTING -o arcbr0 -j CONNMARK "
834 "--set-mark 0x03ed0000/0xffff0000 -w");
835 Verify_iptables(
836 runner, Dual,
837 "mangle -D apply_vpn_mark -j MARK --set-mark 0x03ed0000/0xffff0000 -w");
838 Verify_iptables(runner, Dual,
839 "mangle -D POSTROUTING -o arcbr0 -j CONNMARK "
840 "--save-mark --mask 0x00003f00 -w");
841 Verify_iptables(runner, Dual,
842 "mangle -D PREROUTING -i arcbr0 -j CONNMARK "
843 "--restore-mark --mask 0x00003f00 -w");
844 Verify_iptables(runner, IPv4,
845 "nat -D POSTROUTING -o arcbr0 -j MASQUERADE -w");
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]846 Verify_iptables(runner, IPv4,
847 "nat -D OUTPUT -m mark ! --mark 0x00008000/0x0000c000 -j "
848 "redirect_dns -w");
Hugo Benichi2a940542020-10-26 18:50:49 +0900[diff] [blame]849
850 Datapath datapath(&runner, &firewall);
851 datapath.SetIfnameIndex("arcbr0", 5);
852 datapath.StartVpnRouting("arcbr0");
853 datapath.StopVpnRouting("arcbr0");
854}
855
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]856TEST(DatapathTest, StartStopVpnRouting_HostVpn) {
857 MockProcessRunner runner;
858 MockFirewall firewall;
859
860 // Setup
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]861 Verify_iptables(runner, Dual,
862 "mangle -A check_routing_mark -o tun0 -m mark ! "
863 "--mark 0x03ed0000/0xffff0000 -j DROP -w");
864 Verify_iptables(runner, Dual,
865 "mangle -A POSTROUTING -o tun0 -j CONNMARK --set-mark "
866 "0x03ed0000/0xffff0000 -w");
867 Verify_iptables(
868 runner, Dual,
869 "mangle -A apply_vpn_mark -j MARK --set-mark 0x03ed0000/0xffff0000 -w");
870 Verify_iptables(runner, Dual,
871 "mangle -A POSTROUTING -o tun0 -j CONNMARK "
872 "--save-mark --mask 0x00003f00 -w");
873 Verify_iptables(runner, Dual,
874 "mangle -A PREROUTING -i tun0 -j CONNMARK "
875 "--restore-mark --mask 0x00003f00 -w");
876 Verify_iptables(runner, IPv4, "nat -A POSTROUTING -o tun0 -j MASQUERADE -w");
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]877 Verify_iptables(runner, IPv4,
878 "nat -A OUTPUT -m mark ! --mark 0x00008000/0x0000c000 -j "
879 "redirect_dns -w");
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]880 // Teardown
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]881 Verify_iptables(runner, Dual,
882 "mangle -D check_routing_mark -o tun0 -m mark ! "
883 "--mark 0x03ed0000/0xffff0000 -j DROP -w");
884 Verify_iptables(runner, Dual,
885 "mangle -D POSTROUTING -o tun0 -j CONNMARK --set-mark "
886 "0x03ed0000/0xffff0000 -w");
887 Verify_iptables(
888 runner, Dual,
889 "mangle -D apply_vpn_mark -j MARK --set-mark 0x03ed0000/0xffff0000 -w");
890 Verify_iptables(runner, Dual,
891 "mangle -D POSTROUTING -o tun0 -j CONNMARK "
892 "--save-mark --mask 0x00003f00 -w");
893 Verify_iptables(runner, Dual,
894 "mangle -D PREROUTING -i tun0 -j CONNMARK "
895 "--restore-mark --mask 0x00003f00 -w");
896 Verify_iptables(runner, IPv4, "nat -D POSTROUTING -o tun0 -j MASQUERADE -w");
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]897 Verify_iptables(runner, IPv4,
898 "nat -D OUTPUT -m mark ! --mark 0x00008000/0x0000c000 -j "
899 "redirect_dns -w");
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]900 // Start tun0 <-> arcbr0 routing
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]901 Verify_iptables(runner, IPv4,
902 "filter -A FORWARD -i tun0 -o arcbr0 -j ACCEPT -w");
903 Verify_iptables(runner, IPv4,
904 "filter -A FORWARD -i arcbr0 -o tun0 -j ACCEPT -w");
905 Verify_iptables(runner, Dual,
906 "mangle -A PREROUTING -i arcbr0 -j MARK --set-mark "
907 "0x00002000/0x00003f00 -w");
908 Verify_iptables(runner, Dual,
909 "mangle -A PREROUTING -i arcbr0 -j MARK --set-mark "
910 "0x03ed0000/0xffff0000 -w");
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]911 // Stop tun0 <-> arcbr0 routing
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]912 Verify_iptables(runner, IPv4,
913 "filter -D FORWARD -i tun0 -o arcbr0 -j ACCEPT -w");
914 Verify_iptables(runner, IPv4,
915 "filter -D FORWARD -i arcbr0 -o tun0 -j ACCEPT -w");
916 Verify_iptables(runner, Dual,
917 "mangle -D PREROUTING -i arcbr0 -j MARK --set-mark "
918 "0x00002000/0x00003f00 -w");
919 Verify_iptables(runner, Dual,
920 "mangle -D PREROUTING -i arcbr0 -j MARK --set-mark "
921 "0x03ed0000/0xffff0000 -w");
Hugo Benichibfc49112020-12-14 12:54:44 +0900[diff] [blame]922
923 Datapath datapath(&runner, &firewall);
924 datapath.SetIfnameIndex("tun0", 5);
925 datapath.StartVpnRouting("tun0");
926 datapath.StopVpnRouting("tun0");
927}
928
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]929TEST(DatapathTest, AddInboundIPv4DNAT) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]930 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]931 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]932 Verify_iptables(
933 runner, IPv4,
934 "nat -A PREROUTING -i eth0 -m socket --nowildcard -j ACCEPT -w");
935 Verify_iptables(
936 runner, IPv4,
937 "nat -A PREROUTING -i eth0 -p tcp -j DNAT --to-destination 1.2.3.4 -w");
938 Verify_iptables(
939 runner, IPv4,
940 "nat -A PREROUTING -i eth0 -p udp -j DNAT --to-destination 1.2.3.4 -w");
941
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]942 Datapath datapath(&runner, &firewall);
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]943 datapath.AddInboundIPv4DNAT("eth0", "1.2.3.4");
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]944}
945
946TEST(DatapathTest, RemoveInboundIPv4DNAT) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]947 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]948 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]949 Verify_iptables(
950 runner, IPv4,
951 "nat -D PREROUTING -i eth0 -m socket --nowildcard -j ACCEPT -w");
952 Verify_iptables(
953 runner, IPv4,
954 "nat -D PREROUTING -i eth0 -p tcp -j DNAT --to-destination 1.2.3.4 -w");
955 Verify_iptables(
956 runner, IPv4,
957 "nat -D PREROUTING -i eth0 -p udp -j DNAT --to-destination 1.2.3.4 -w");
958
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]959 Datapath datapath(&runner, &firewall);
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]960 datapath.RemoveInboundIPv4DNAT("eth0", "1.2.3.4");
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]961}
962
Garrick Evans664a82f2019-12-17 12:18:05 +0900[diff] [blame]963TEST(DatapathTest, MaskInterfaceFlags) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]964 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]965 MockFirewall firewall;
966 Datapath datapath(&runner, &firewall, ioctl_req_cap);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]967
Garrick Evans664a82f2019-12-17 12:18:05 +0900[diff] [blame]968 bool result = datapath.MaskInterfaceFlags("foo0", IFF_DEBUG);
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]969 EXPECT_TRUE(result);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]970 std::vector<ioctl_req_t> expected = {SIOCGIFFLAGS, SIOCSIFFLAGS};
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]971 EXPECT_EQ(ioctl_reqs, expected);
972 ioctl_reqs.clear();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]973 ioctl_rtentry_args.clear();
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]974}
975
976TEST(DatapathTest, AddIPv6Forwarding) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]977 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]978 MockFirewall firewall;
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]979 // Return 1 on iptables -C to simulate rule not existing case
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]980 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
981 ElementsAre("-C", "FORWARD", "-i", "eth0", "-o",
982 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]983 false, nullptr))
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]984 .WillOnce(Return(1));
985 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
986 ElementsAre("-A", "FORWARD", "-i", "eth0", "-o",
987 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]988 true, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]989 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
990 ElementsAre("-C", "FORWARD", "-i", "arc_eth0",
991 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]992 false, nullptr))
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]993 .WillOnce(Return(1));
994 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
995 ElementsAre("-A", "FORWARD", "-i", "arc_eth0",
996 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]997 true, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]998 Datapath datapath(&runner, &firewall);
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]999 datapath.AddIPv6Forwarding("eth0", "arc_eth0");
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1000}
1001
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]1002TEST(DatapathTest, AddIPv6ForwardingRuleExists) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1003 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1004 MockFirewall firewall;
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1005 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
1006 ElementsAre("-C", "FORWARD", "-i", "eth0", "-o",
1007 "arc_eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1008 false, nullptr));
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1009 EXPECT_CALL(runner, ip6tables(StrEq("filter"),
1010 ElementsAre("-C", "FORWARD", "-i", "arc_eth0",
1011 "-o", "eth0", "-j", "ACCEPT", "-w"),
Jie Jiangcf5ce9c2020-07-14 17:22:03 +0900[diff] [blame]1012 false, nullptr));
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1013 Datapath datapath(&runner, &firewall);
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]1014 datapath.AddIPv6Forwarding("eth0", "arc_eth0");
Taoyu Lica49c832019-12-06 17:56:43 +0900[diff] [blame]1015}
1016
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1017TEST(DatapathTest, RemoveIPv6Forwarding) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1018 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1019 MockFirewall firewall;
Hugo Benichi860ef532021-01-25 17:19:36 +0900[diff] [blame]1020 Verify_iptables(runner, IPv6,
1021 "filter -D FORWARD -i eth0 -o arc_eth0 -j ACCEPT -w");
1022 Verify_iptables(runner, IPv6,
1023 "filter -D FORWARD -i arc_eth0 -o eth0 -j ACCEPT -w");
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1024 Datapath datapath(&runner, &firewall);
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1025 datapath.RemoveIPv6Forwarding("eth0", "arc_eth0");
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]1026}
1027
Taoyu Lieb6cc8f2019-12-09 15:53:04 +0900[diff] [blame]1028TEST(DatapathTest, AddIPv6HostRoute) {
Garrick Evans8e8e3472020-01-23 14:03:50 +0900[diff] [blame]1029 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1030 MockFirewall firewall;
Hugo Benichi1e3bab52021-01-25 22:41:58 +0900[diff] [blame]1031 Verify_ip6(runner, "route replace 2001:da8:e00::1234/128 dev eth0");
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1032 Datapath datapath(&runner, &firewall);
Taoyu Lieb6cc8f2019-12-09 15:53:04 +0900[diff] [blame]1033 datapath.AddIPv6HostRoute("eth0", "2001:da8:e00::1234", 128);
Taoyu Lieb6cc8f2019-12-09 15:53:04 +0900[diff] [blame]1034}
1035
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1036TEST(DatapathTest, AddIPv4Route) {
1037 MockProcessRunner runner;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]1038 MockFirewall firewall;
1039 Datapath datapath(&runner, &firewall, (ioctl_t)ioctl_rtentry_cap);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1040
1041 datapath.AddIPv4Route(Ipv4Addr(192, 168, 1, 1), Ipv4Addr(100, 115, 93, 0),
1042 Ipv4Addr(255, 255, 255, 0));
1043 datapath.DeleteIPv4Route(Ipv4Addr(192, 168, 1, 1), Ipv4Addr(100, 115, 93, 0),
1044 Ipv4Addr(255, 255, 255, 0));
1045 datapath.AddIPv4Route("eth0", Ipv4Addr(100, 115, 92, 8),
1046 Ipv4Addr(255, 255, 255, 252));
1047 datapath.DeleteIPv4Route("eth0", Ipv4Addr(100, 115, 92, 8),
1048 Ipv4Addr(255, 255, 255, 252));
1049
1050 std::vector<ioctl_req_t> expected_reqs = {SIOCADDRT, SIOCDELRT, SIOCADDRT,
1051 SIOCDELRT};
1052 EXPECT_EQ(expected_reqs, ioctl_reqs);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1053
1054 std::string route1 =
1055 "{rt_dst: {family: AF_INET, port: 0, addr: 100.115.93.0}, rt_genmask: "
1056 "{family: AF_INET, port: 0, addr: 255.255.255.0}, rt_gateway: {family: "
1057 "AF_INET, port: 0, addr: 192.168.1.1}, rt_dev: null, rt_flags: RTF_UP | "
1058 "RTF_GATEWAY}";
1059 std::string route2 =
1060 "{rt_dst: {family: AF_INET, port: 0, addr: 100.115.92.8}, rt_genmask: "
1061 "{family: AF_INET, port: 0, addr: 255.255.255.252}, rt_gateway: {unset}, "
1062 "rt_dev: eth0, rt_flags: RTF_UP | RTF_GATEWAY}";
1063 std::vector<std::string> captured_routes;
1064 for (const auto& route : ioctl_rtentry_args) {
1065 std::ostringstream stream;
1066 stream << route.second;
1067 captured_routes.emplace_back(stream.str());
1068 }
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1069 EXPECT_EQ(route1, captured_routes[0]);
1070 EXPECT_EQ(route1, captured_routes[1]);
1071 EXPECT_EQ(route2, captured_routes[2]);
1072 EXPECT_EQ(route2, captured_routes[3]);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]1073 ioctl_reqs.clear();
1074 ioctl_rtentry_args.clear();
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]1075}
1076
Hugo Benichi1e0656f2021-02-15 15:43:38 +0900[diff] [blame]1077TEST(DatapathTest, RedirectDnsRules) {
1078 MockProcessRunner runner;
1079 MockFirewall firewall;
1080
1081 Verify_iptables(runner, IPv4,
1082 "nat -I redirect_dns -p tcp --dport 53 -o eth0 -j DNAT "
1083 "--to-destination 192.168.1.1 -w");
1084 Verify_iptables(runner, IPv4,
1085 "nat -I redirect_dns -p udp --dport 53 -o eth0 -j DNAT "
1086 "--to-destination 192.168.1.1 -w");
1087 Verify_iptables(runner, IPv4,
1088 "nat -I redirect_dns -p tcp --dport 53 -o wlan0 -j DNAT "
1089 "--to-destination 1.1.1.1 -w");
1090 Verify_iptables(runner, IPv4,
1091 "nat -I redirect_dns -p udp --dport 53 -o wlan0 -j DNAT "
1092 "--to-destination 1.1.1.1 -w");
1093 Verify_iptables(runner, IPv4,
1094 "nat -D redirect_dns -p tcp --dport 53 -o wlan0 -j DNAT "
1095 "--to-destination 1.1.1.1 -w");
1096 Verify_iptables(runner, IPv4,
1097 "nat -D redirect_dns -p udp --dport 53 -o wlan0 -j DNAT "
1098 "--to-destination 1.1.1.1 -w");
1099 Verify_iptables(runner, IPv4,
1100 "nat -I redirect_dns -p tcp --dport 53 -o wlan0 -j DNAT "
1101 "--to-destination 8.8.8.8 -w");
1102 Verify_iptables(runner, IPv4,
1103 "nat -I redirect_dns -p udp --dport 53 -o wlan0 -j DNAT "
1104 "--to-destination 8.8.8.8 -w");
1105 Verify_iptables(runner, IPv4,
1106 "nat -D redirect_dns -p tcp --dport 53 -o eth0 -j DNAT "
1107 "--to-destination 192.168.1.1 -w");
1108 Verify_iptables(runner, IPv4,
1109 "nat -D redirect_dns -p udp --dport 53 -o eth0 -j DNAT "
1110 "--to-destination 192.168.1.1 -w");
1111 Verify_iptables(runner, IPv4,
1112 "nat -D redirect_dns -p tcp --dport 53 -o wlan0 -j DNAT "
1113 "--to-destination 8.8.8.8 -w");
1114 Verify_iptables(runner, IPv4,
1115 "nat -D redirect_dns -p udp --dport 53 -o wlan0 -j DNAT "
1116 "--to-destination 8.8.8.8 -w");
1117
1118 Datapath datapath(&runner, &firewall);
1119 datapath.RemoveRedirectDnsRule("wlan0");
1120 datapath.RemoveRedirectDnsRule("unknown");
1121 datapath.AddRedirectDnsRule("eth0", "192.168.1.1");
1122 datapath.AddRedirectDnsRule("wlan0", "1.1.1.1");
1123 datapath.AddRedirectDnsRule("wlan0", "8.8.8.8");
1124 datapath.RemoveRedirectDnsRule("eth0");
1125 datapath.RemoveRedirectDnsRule("wlan0");
1126}
1127
Garrick Evans2f581a02020-05-11 10:43:35 +0900[diff] [blame]1128TEST(DatapathTest, ArcVethHostName) {
1129 EXPECT_EQ("vetheth0", ArcVethHostName("eth0"));
1130 EXPECT_EQ("vethrmnet0", ArcVethHostName("rmnet0"));
1131 EXPECT_EQ("vethrmnet_data0", ArcVethHostName("rmnet_data0"));
1132 EXPECT_EQ("vethifnamsiz_i0", ArcVethHostName("ifnamsiz_ifnam0"));
1133 auto ifname = ArcVethHostName("exceeds_ifnamesiz_checkanyway");
1134 EXPECT_EQ("vethexceeds_ify", ifname);
1135 EXPECT_LT(ifname.length(), IFNAMSIZ);
1136}
1137
Garrick Evans8a067562020-05-11 12:47:30 +0900[diff] [blame]1138TEST(DatapathTest, ArcBridgeName) {
1139 EXPECT_EQ("arc_eth0", ArcBridgeName("eth0"));
1140 EXPECT_EQ("arc_rmnet0", ArcBridgeName("rmnet0"));
1141 EXPECT_EQ("arc_rmnet_data0", ArcBridgeName("rmnet_data0"));
1142 EXPECT_EQ("arc_ifnamsiz_i0", ArcBridgeName("ifnamsiz_ifnam0"));
1143 auto ifname = ArcBridgeName("exceeds_ifnamesiz_checkanyway");
1144 EXPECT_EQ("arc_exceeds_ify", ifname);
1145 EXPECT_LT(ifname.length(), IFNAMSIZ);
1146}
1147
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]1148} // namespace patchpanel