Home | History | Annotate | Line # | Download | only in libnpftest 
      1 /*
      2  * NPF layer 2 ruleset tests.
      3  *
      4  * Public Domain.
      5  */
      6 
      7 #ifdef _KERNEL
      8 #include <sys/types.h>
      9 #endif
     10 
     11 #include "npf_impl.h"
     12 #include "npf_test.h"
     13 
     14 #define	RESULT_PASS	0
     15 #define	RESULT_BLOCK	ENETUNREACH
     16 
     17 /*
     18  * in this module, we run tests on layer 2 packets for configs that has only layer 3 rules
     19  * All incoming frames at layer 2 should pass so we ensure that
     20  * npf config with no layer 2 rules should for no chance be blocked by npf
     21  * at layer 2
     22  * config to be loaded is ../npfl3test.conf
     23  */
     24 
     25 static const struct test_case {
     26 	const char *src;
     27 	const char *dst;
     28 	uint16_t    etype;
     29 	const char *ifname;
     30 	int	    di;
     31 	int	    ret;
     32 } test_cases[] = {
     33 	{
     34 		.src = "00:00:5E:00:53:00",	.dst = "00:00:5E:00:53:01",
     35 		.ifname = IFNAME_INT,		.etype = ETHERTYPE_IPV6,
     36 		.di = PFIL_IN,			.ret = RESULT_PASS
     37 	},
     38 	{
     39 		.src = "00:00:5E:00:53:01",	.dst = "00:00:5E:00:53:02",
     40 		.ifname = IFNAME_INT,		.etype = ETHERTYPE_IP,
     41 		.di = PFIL_OUT,			.ret = RESULT_PASS
     42 	},
     43 	{
     44 		.src = "00:00:5E:00:53:00",	.dst = "00:00:5E:00:53:02",
     45 		.ifname = IFNAME_INT,		.etype = ETHERTYPE_IP,
     46 		.di = PFIL_IN,			.ret = RESULT_PASS
     47 	},
     48 };
     49 
     50 static int
     51 run_handler_testcase(unsigned i)
     52 {
     53 	const struct test_case *t = &test_cases[i];
     54 	ifnet_t *ifp = npf_test_getif(t->ifname);
     55 	npf_t *npf = npf_getkernctx();
     56 	struct mbuf *m;
     57 	int error;
     58 
     59 	m = mbuf_get_frame(t->src, t->dst, htons(t->etype));
     60 	error = npfk_layer2_handler(npf, &m, ifp, t->di);
     61 	if (m) {
     62 		m_freem(m);
     63 	}
     64 	return error;
     65 }
     66 
     67 static bool
     68 test_static(bool verbose)
     69 {
     70 	for (unsigned i = 0; i < __arraycount(test_cases); i++) {
     71 		const struct test_case *t = &test_cases[i];
     72 		int error;
     73 
     74 		if (npf_test_getif(t->ifname) == NULL) {
     75 			printf("Interface %s is not configured.\n", t->ifname);
     76 			return false;
     77 		}
     78 
     79 		error = run_handler_testcase(i);
     80 
     81 		if (verbose) {
     82 			printf("rule test %d:\texpected %d\n"
     83 				"\t\t-> returned %d\n",
     84 				i + 1, t->ret, error);
     85 		}
     86 		CHECK_TRUE(error == t->ret);
     87 	}
     88 	return true;
     89 }
     90 
     91 /* sorry for long function name */
     92 bool
     93 npf_layer2only_test(bool verbose)
     94 {
     95 	bool ok;
     96 
     97 	ok = test_static(verbose);
     98 	CHECK_TRUE(ok);
     99 
    100 	return true;
    101 }
    102