You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
173 lines
6.2 KiB
173 lines
6.2 KiB
#!/usr/bin/python
|
|
#
|
|
# Copyright 2015 The Android Open Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import itertools
|
|
import random
|
|
import unittest
|
|
|
|
from socket import *
|
|
|
|
import multinetwork_base
|
|
import net_test
|
|
import packets
|
|
|
|
class ForwardingTest(multinetwork_base.MultiNetworkBaseTest):
|
|
TCP_TIME_WAIT = 6
|
|
|
|
def ForwardBetweenInterfaces(self, enabled, iface1, iface2):
|
|
for iif, oif in itertools.permutations([iface1, iface2]):
|
|
self.iproute.IifRule(6, enabled, self.GetInterfaceName(iif),
|
|
self._TableForNetid(oif), self.PRIORITY_IIF)
|
|
|
|
def setUp(self):
|
|
self.SetSysctl("/proc/sys/net/ipv6/conf/all/forwarding", 1)
|
|
|
|
def tearDown(self):
|
|
self.SetSysctl("/proc/sys/net/ipv6/conf/all/forwarding", 0)
|
|
|
|
"""Checks that IPv6 forwarding works for UDP packets and is not broken by early demux.
|
|
|
|
Relevant kernel commits:
|
|
upstream:
|
|
5425077d73e0c8e net: ipv6: Add early demux handler for UDP unicast
|
|
0bd84065b19bca1 net: ipv6: Fix UDP early demux lookup with udp_l3mdev_accept=0
|
|
Ifa9c2ddfaa5b51 net: ipv6: reset daddr and dport in sk if connect() fails
|
|
"""
|
|
def CheckForwardingUdp(self, netid, iface1, iface2):
|
|
# TODO: Make a test for IPv4
|
|
# 1. Make version as an argument. Pick address to bind from array based
|
|
# on version.
|
|
# 2. The prefix length of the address is hardcoded to /64. Use the subnet
|
|
# mask there instead.
|
|
# 3. We recreate the address with SendRA, which obviously only works for
|
|
# IPv6. Use AddAddress for IPv4.
|
|
|
|
# Create a UDP socket and bind to it
|
|
version = 6
|
|
s = net_test.UDPSocket(AF_INET6)
|
|
self.SetSocketMark(s, netid)
|
|
s.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
|
|
s.bind(("::", 53))
|
|
|
|
remoteaddr = self.GetRemoteAddress(version)
|
|
myaddr = self.MyAddress(version, netid)
|
|
|
|
try:
|
|
# Delete address and check if packet is forwarded
|
|
# (and not dropped because an incorrect socket match happened)
|
|
self.iproute.DelAddress(myaddr, 64, self.ifindices[netid])
|
|
hoplimit = 39
|
|
desc, udp_pkt = packets.UDPWithOptions(version, myaddr, remoteaddr, 53)
|
|
# Decrements the hoplimit of a packet to simulate forwarding.
|
|
desc_fwded, udp_fwd = packets.UDPWithOptions(version, myaddr, remoteaddr,
|
|
53, hoplimit - 1)
|
|
msg = "Sent %s, expected %s" % (desc, desc_fwded)
|
|
self.ReceivePacketOn(iface1, udp_pkt)
|
|
self.ExpectPacketOn(iface2, msg, udp_fwd)
|
|
finally:
|
|
# Recreate the address.
|
|
self.SendRA(netid)
|
|
s.close()
|
|
|
|
"""Checks that IPv6 forwarding doesn't crash the system.
|
|
|
|
Relevant kernel commits:
|
|
upstream net-next:
|
|
e7eadb4 ipv6: inet6_sk() should use sk_fullsock()
|
|
android-3.10:
|
|
feee3c1 ipv6: inet6_sk() should use sk_fullsock()
|
|
cdab04e net: add sk_fullsock() helper
|
|
android-3.18:
|
|
8246f18 ipv6: inet6_sk() should use sk_fullsock()
|
|
bea19db net: add sk_fullsock() helper
|
|
"""
|
|
def CheckForwardingCrashTcp(self, netid, iface1, iface2):
|
|
version = 6
|
|
listensocket = net_test.IPv6TCPSocket()
|
|
self.SetSocketMark(listensocket, netid)
|
|
listenport = net_test.BindRandomPort(version, listensocket)
|
|
|
|
remoteaddr = self.GetRemoteAddress(version)
|
|
myaddr = self.MyAddress(version, netid)
|
|
|
|
desc, syn = packets.SYN(listenport, version, remoteaddr, myaddr)
|
|
synack_desc, synack = packets.SYNACK(version, myaddr, remoteaddr, syn)
|
|
msg = "Sent %s, expected %s" % (desc, synack_desc)
|
|
reply = self._ReceiveAndExpectResponse(netid, syn, synack, msg)
|
|
|
|
establishing_ack = packets.ACK(version, remoteaddr, myaddr, reply)[1]
|
|
self.ReceivePacketOn(netid, establishing_ack)
|
|
accepted, peer = listensocket.accept()
|
|
remoteport = accepted.getpeername()[1]
|
|
|
|
accepted.close()
|
|
desc, fin = packets.FIN(version, myaddr, remoteaddr, establishing_ack)
|
|
self.ExpectPacketOn(netid, msg + ": expecting %s after close" % desc, fin)
|
|
|
|
desc, finack = packets.FIN(version, remoteaddr, myaddr, fin)
|
|
self.ReceivePacketOn(netid, finack)
|
|
|
|
# Check our socket is now in TIME_WAIT.
|
|
sockets = self.ReadProcNetSocket("tcp6")
|
|
mysrc = "%s:%04X" % (net_test.FormatSockStatAddress(myaddr), listenport)
|
|
mydst = "%s:%04X" % (net_test.FormatSockStatAddress(remoteaddr), remoteport)
|
|
state = None
|
|
sockets = [s for s in sockets if s[0] == mysrc and s[1] == mydst]
|
|
self.assertEqual(1, len(sockets))
|
|
self.assertEqual("%02X" % self.TCP_TIME_WAIT, sockets[0][2])
|
|
|
|
# Remove our IP address.
|
|
try:
|
|
self.iproute.DelAddress(myaddr, 64, self.ifindices[netid])
|
|
|
|
self.ReceivePacketOn(iface1, finack)
|
|
self.ReceivePacketOn(iface1, establishing_ack)
|
|
self.ReceivePacketOn(iface1, establishing_ack)
|
|
# No crashes? Good.
|
|
|
|
finally:
|
|
# Put back our IP address.
|
|
self.SendRA(netid)
|
|
listensocket.close()
|
|
|
|
def CheckForwardingHandlerByProto(self, protocol, netid, iif, oif):
|
|
if protocol == IPPROTO_UDP:
|
|
self.CheckForwardingUdp(netid, iif, oif)
|
|
elif protocol == IPPROTO_TCP:
|
|
self.CheckForwardingCrashTcp(netid, iif, oif)
|
|
else:
|
|
raise NotImplementedError
|
|
|
|
def CheckForwardingByProto(self, proto):
|
|
# Run the test a few times as it doesn't crash/hang the first time.
|
|
for netids in itertools.permutations(self.tuns):
|
|
# Pick an interface to send traffic on and two to forward traffic between.
|
|
netid, iface1, iface2 = random.sample(netids, 3)
|
|
self.ForwardBetweenInterfaces(True, iface1, iface2)
|
|
try:
|
|
self.CheckForwardingHandlerByProto(proto, netid, iface1, iface2)
|
|
finally:
|
|
self.ForwardBetweenInterfaces(False, iface1, iface2)
|
|
|
|
def testForwardingUdp(self):
|
|
self.CheckForwardingByProto(IPPROTO_UDP)
|
|
|
|
def testForwardingCrashTcp(self):
|
|
self.CheckForwardingByProto(IPPROTO_TCP)
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|