15 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
21 static void eval_sigterm(
int status)
23 switch(WTERMSIG(status)) {
25 printf(
"received SIGSEV\n");
31 printf(
"exited with signal: %d\n", WTERMSIG(status));
36 static void test_nfct_bitmask(
void)
38 struct nfct_bitmask *a, *b;
39 unsigned short int maxb, i;
40 struct nf_conntrack *ct1, *ct2;
42 printf(
"== test nfct_bitmask_* API ==\n");
44 maxb = rand() & 0xffff;
46 a = nfct_bitmask_new(maxb);
48 assert(!nfct_bitmask_test_bit(a, maxb + 32));
49 nfct_bitmask_set_bit(a, maxb + 32);
50 assert(!nfct_bitmask_test_bit(a, maxb + 32));
52 for (i = 0; i <= maxb; i++)
53 assert(!nfct_bitmask_test_bit(a, i));
55 for (i = 0; i <= maxb; i++) {
57 assert(!nfct_bitmask_test_bit(a, i));
60 nfct_bitmask_set_bit(a, i);
61 assert(nfct_bitmask_test_bit(a, i));
64 b = nfct_bitmask_clone(a);
67 for (i = 0; i <= maxb; i++) {
68 if (nfct_bitmask_test_bit(a, i))
69 assert(nfct_bitmask_test_bit(b, i));
71 assert(!nfct_bitmask_test_bit(b, i));
74 nfct_bitmask_destroy(a);
76 for (i = 0; i <= maxb; i++) {
79 nfct_bitmask_unset_bit(b, i);
80 assert(!nfct_bitmask_test_bit(b, i));
84 for (i = 0; i < maxb; i++) {
85 nfct_bitmask_set_bit(b, i);
86 assert(nfct_bitmask_test_bit(b, i));
87 nfct_bitmask_clear(b);
88 assert(!nfct_bitmask_test_bit(b, i));
91 for (i = 0; i < maxb; i++)
92 nfct_bitmask_set_bit(b, i);
93 nfct_bitmask_clear(b);
94 for (i = 0; i < maxb; i++)
95 assert(!nfct_bitmask_test_bit(b, i));
98 for (i = 0; i < maxb / 32 * 32; i += 32) {
99 a = nfct_bitmask_new(i);
100 assert(!nfct_bitmask_equal(a, b));
101 nfct_bitmask_destroy(a);
104 a = nfct_bitmask_clone(b);
105 assert(nfct_bitmask_equal(a, b));
106 for (i = 0; i < maxb; i++) {
107 if (nfct_bitmask_test_bit(a, i)) {
108 nfct_bitmask_unset_bit(a, i);
109 assert(!nfct_bitmask_equal(a, b));
110 nfct_bitmask_set_bit(a, i);
112 nfct_bitmask_set_bit(a, i);
113 assert(!nfct_bitmask_equal(a, b));
114 nfct_bitmask_unset_bit(a, i);
116 assert(nfct_bitmask_equal(a, b));
119 nfct_bitmask_destroy(a);
120 nfct_bitmask_destroy(b);
125 maxb = rand() & 0xff;
128 a = nfct_bitmask_new(maxb * 2);
129 b = nfct_bitmask_new(maxb);
133 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 1);
135 nfct_bitmask_set_bit(a, maxb);
136 nfct_bitmask_set_bit(b, maxb);
137 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 1);
139 nfct_bitmask_set_bit(a, maxb * 2);
140 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 0);
147 static int attr_is_readonly(
int attr)
150 case ATTR_ORIG_COUNTER_PACKETS:
151 case ATTR_REPL_COUNTER_PACKETS:
152 case ATTR_ORIG_COUNTER_BYTES:
153 case ATTR_REPL_COUNTER_BYTES:
156 case ATTR_TIMESTAMP_START:
157 case ATTR_TIMESTAMP_STOP:
164 static int test_nfct_cmp_api_single(
struct nf_conntrack *ct1,
165 struct nf_conntrack *ct2,
int attr)
168 struct nfct_bitmask *b;
171 if (attr_is_readonly(attr))
186 case ATTR_TCP_FLAGS_ORIG:
187 case ATTR_TCP_FLAGS_REPL:
188 case ATTR_TCP_MASK_ORIG:
189 case ATTR_TCP_MASK_REPL:
191 case ATTR_MASTER_IPV4_SRC:
192 case ATTR_MASTER_IPV4_DST:
193 case ATTR_MASTER_IPV6_SRC:
194 case ATTR_MASTER_IPV6_DST:
195 case ATTR_MASTER_PORT_SRC:
196 case ATTR_MASTER_PORT_DST:
197 case ATTR_MASTER_L3PROTO:
198 case ATTR_MASTER_L4PROTO:
200 case ATTR_ORIG_NAT_SEQ_CORRECTION_POS:
201 case ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE:
202 case ATTR_ORIG_NAT_SEQ_OFFSET_AFTER:
203 case ATTR_REPL_NAT_SEQ_CORRECTION_POS:
204 case ATTR_REPL_NAT_SEQ_OFFSET_BEFORE:
205 case ATTR_REPL_NAT_SEQ_OFFSET_AFTER:
207 case ATTR_SCTP_VTAG_ORIG:
208 case ATTR_SCTP_VTAG_REPL:
210 case ATTR_HELPER_NAME:
213 case ATTR_DCCP_HANDSHAKE_SEQ:
215 case ATTR_TCP_WSCALE_ORIG:
216 case ATTR_TCP_WSCALE_REPL:
218 case ATTR_HELPER_INFO:
225 if (attr >= ATTR_SCTP_STATE) {
228 }
else if (attr >= ATTR_TCP_FLAGS_ORIG) {
231 }
else if (attr >= ATTR_ICMP_CODE) {
234 }
else if (attr >= ATTR_ORIG_PORT_SRC) {
240 memset(data, 42,
sizeof(data));
246 case ATTR_CONNLABELS:
247 case ATTR_CONNLABELS_MASK:
250 b = nfct_bitmask_clone(b);
252 bit = nfct_bitmask_maxbit(b);
253 if (nfct_bitmask_test_bit(b, bit)) {
254 nfct_bitmask_unset_bit(b, bit);
255 assert(!nfct_bitmask_test_bit(b, bit));
257 nfct_bitmask_set_bit(b, bit);
258 assert(nfct_bitmask_test_bit(b, bit));
260 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 1);
263 case ATTR_HELPER_INFO:
271 if (
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) != 0) {
272 fprintf(stderr,
"nfct_cmp assert failure for attr %d\n", attr);
273 fprintf(stderr,
"%p, %p, %x, %x\n",
nfct_get_attr(ct1, attr),
278 if (
nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_STRICT) != 0) {
279 fprintf(stderr,
"nfct_cmp strict assert failure for attr %d\n", attr);
285 static int test_cmp_attr32(
int attr,
bool at1,
bool at2,
286 uint32_t v1, uint32_t v2,
unsigned int flags)
288 struct nf_conntrack *ct1 =
nfct_new();
289 struct nf_conntrack *ct2 =
nfct_new();
297 ret =
nfct_cmp(ct1, ct2, NFCT_CMP_ALL | flags);
305 static void test_nfct_cmp_attr(
int attr)
307 unsigned int flags = 0;
311 assert(test_cmp_attr32(attr,
false,
false, 0, 0, flags) == 1);
312 assert(test_cmp_attr32(attr,
true,
false, 0, 0, flags) == 1);
313 assert(test_cmp_attr32(attr,
false,
true, 0, 0, flags) == 1);
314 assert(test_cmp_attr32(attr,
true,
true, 0, 0, flags) == 1);
315 assert(test_cmp_attr32(attr,
false,
false, 1, 0, flags) == 1);
316 assert(test_cmp_attr32(attr,
true,
false, 1, 0, flags) == 1);
317 assert(test_cmp_attr32(attr,
false,
true, 1, 0, flags) == 1);
318 assert(test_cmp_attr32(attr,
true,
true, 1, 0, flags) == 0);
319 assert(test_cmp_attr32(attr,
false,
false, 0, 1, flags) == 1);
320 assert(test_cmp_attr32(attr,
true,
false, 0, 1, flags) == 1);
321 assert(test_cmp_attr32(attr,
false,
true, 0, 1, flags) == 1);
322 assert(test_cmp_attr32(attr,
true,
true, 0, 1, flags) == 0);
323 assert(test_cmp_attr32(attr,
false,
false, 1, 1, flags) == 1);
324 assert(test_cmp_attr32(attr,
true,
false, 1, 1, flags) == 1);
325 assert(test_cmp_attr32(attr,
false,
true, 1, 1, flags) == 1);
326 assert(test_cmp_attr32(attr,
true,
true, 1, 1, flags) == 1);
328 flags = NFCT_CMP_STRICT;
329 assert(test_cmp_attr32(attr,
false,
false, 0, 0, flags) == 1);
330 assert(test_cmp_attr32(attr,
true,
false, 0, 0, flags) == 1);
331 assert(test_cmp_attr32(attr,
false,
true, 0, 0, flags) == 1);
332 assert(test_cmp_attr32(attr,
true,
true, 0, 0, flags) == 1);
333 assert(test_cmp_attr32(attr,
false,
false, 1, 0, flags) == 1);
334 assert(test_cmp_attr32(attr,
true,
false, 1, 0, flags) == 0);
335 assert(test_cmp_attr32(attr,
false,
true, 1, 0, flags) == 1);
336 assert(test_cmp_attr32(attr,
true,
true, 1, 0, flags) == 0);
337 assert(test_cmp_attr32(attr,
false,
false, 0, 1, flags) == 1);
338 assert(test_cmp_attr32(attr,
true,
false, 0, 1, flags) == 1);
339 assert(test_cmp_attr32(attr,
false,
true, 0, 1, flags) == 0);
340 assert(test_cmp_attr32(attr,
true,
true, 0, 1, flags) == 0);
341 assert(test_cmp_attr32(attr,
false,
false, 1, 1, flags) == 1);
342 assert(test_cmp_attr32(attr,
true,
false, 1, 1, flags) == 0);
343 assert(test_cmp_attr32(attr,
false,
true, 1, 1, flags) == 0);
344 assert(test_cmp_attr32(attr,
true,
true, 1, 1, flags) == 1);
346 flags = NFCT_CMP_MASK;
347 assert(test_cmp_attr32(attr,
false,
false, 0, 0, flags) == 1);
348 assert(test_cmp_attr32(attr,
true,
false, 0, 0, flags) == 1);
349 assert(test_cmp_attr32(attr,
false,
true, 0, 0, flags) == 1);
350 assert(test_cmp_attr32(attr,
true,
true, 0, 0, flags) == 1);
351 assert(test_cmp_attr32(attr,
false,
false, 1, 0, flags) == 1);
352 assert(test_cmp_attr32(attr,
true,
false, 1, 0, flags) == 0);
353 assert(test_cmp_attr32(attr,
false,
true, 1, 0, flags) == 1);
354 assert(test_cmp_attr32(attr,
true,
true, 1, 0, flags) == 0);
355 assert(test_cmp_attr32(attr,
false,
false, 0, 1, flags) == 1);
356 assert(test_cmp_attr32(attr,
true,
false, 0, 1, flags) == 1);
357 assert(test_cmp_attr32(attr,
false,
true, 0, 1, flags) == 1);
358 assert(test_cmp_attr32(attr,
true,
true, 0, 1, flags) == 0);
359 assert(test_cmp_attr32(attr,
false,
false, 1, 1, flags) == 1);
360 assert(test_cmp_attr32(attr,
true,
false, 1, 1, flags) == 0);
361 assert(test_cmp_attr32(attr,
false,
true, 1, 1, flags) == 1);
362 assert(test_cmp_attr32(attr,
true,
true, 1, 1, flags) == 1);
364 flags = NFCT_CMP_STRICT|NFCT_CMP_MASK;
365 assert(test_cmp_attr32(attr,
false,
false, 0, 0, flags) == 1);
366 assert(test_cmp_attr32(attr,
true,
false, 0, 0, flags) == 1);
367 assert(test_cmp_attr32(attr,
false,
true, 0, 0, flags) == 1);
368 assert(test_cmp_attr32(attr,
true,
true, 0, 0, flags) == 1);
369 assert(test_cmp_attr32(attr,
false,
false, 1, 0, flags) == 1);
370 assert(test_cmp_attr32(attr,
true,
false, 1, 0, flags) == 0);
371 assert(test_cmp_attr32(attr,
false,
true, 1, 0, flags) == 1);
372 assert(test_cmp_attr32(attr,
true,
true, 1, 0, flags) == 0);
373 assert(test_cmp_attr32(attr,
false,
false, 0, 1, flags) == 1);
374 assert(test_cmp_attr32(attr,
true,
false, 0, 1, flags) == 1);
375 assert(test_cmp_attr32(attr,
false,
true, 0, 1, flags) == 0);
376 assert(test_cmp_attr32(attr,
true,
true, 0, 1, flags) == 0);
377 assert(test_cmp_attr32(attr,
false,
false, 1, 1, flags) == 1);
378 assert(test_cmp_attr32(attr,
true,
false, 1, 1, flags) == 0);
379 assert(test_cmp_attr32(attr,
false,
true, 1, 1, flags) == 0);
380 assert(test_cmp_attr32(attr,
true,
true, 1, 1, flags) == 1);
383 static void test_nfct_cmp_api(
struct nf_conntrack *ct1,
struct nf_conntrack *ct2)
387 printf(
"== test cmp API ==\n");
389 test_nfct_cmp_attr(ATTR_ZONE);
390 test_nfct_cmp_attr(ATTR_ORIG_ZONE);
391 test_nfct_cmp_attr(ATTR_REPL_ZONE);
392 test_nfct_cmp_attr(ATTR_MARK);
394 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 1);
395 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_STRICT) == 0);
399 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 1);
400 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_STRICT) == 1);
402 for (i=0; i < ATTR_MAX ; i++) {
405 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 1);
406 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_STRICT) == 0);
407 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_MASK) == 1);
410 for (i=0; i < ATTR_MAX ; i++) {
413 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 1);
414 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_STRICT) == 0);
415 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_MASK) == 0);
418 for (i=0; i < ATTR_MAX ; i++)
419 assert(test_nfct_cmp_api_single(ct1, ct2, i) == 0);
422 for (i=0; i < ATTR_MAX ; i++) {
426 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL) == 1);
427 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_STRICT) == 1);
428 assert(
nfct_cmp(ct1, ct2, NFCT_CMP_ALL|NFCT_CMP_MASK) == 1);
434 static void test_nfexp_cmp_api(
struct nf_expect *ex1,
struct nf_expect *ex2)
438 printf(
"== test expect cmp API ==\n");
444 assert(
nfexp_cmp(ex1, ex2, NFCT_CMP_STRICT) == 1);
451 for (i=0; i < ATTR_EXP_MAX; i++) {
455 assert(
nfexp_cmp(ex1, ex2, NFCT_CMP_STRICT) == 0);
456 assert(
nfexp_cmp(ex1, ex2, NFCT_CMP_MASK) == 1);
459 for (i=0; i < ATTR_EXP_MAX; i++) {
463 assert(
nfexp_cmp(ex1, ex2, NFCT_CMP_MASK) == 0);
466 for (i=0; i < ATTR_EXP_MAX; i++) {
471 assert(
nfexp_cmp(ex1, ex2, NFCT_CMP_STRICT) == 1);
472 assert(
nfexp_cmp(ex1, ex2, NFCT_CMP_MASK) == 1);
481 struct nf_conntrack *ct, *ct2, *tmp;
482 struct nf_expect *exp, *tmp_exp;
486 struct nfct_bitmask *b, *b2;
491 for (i=0; i<
sizeof(data); i++)
505 printf(
"== test set API ==\n");
508 for (i=0; i<ATTR_MAX; i++)
513 eval_sigterm(status);
516 b = nfct_bitmask_new(rand() & 0xffff);
518 b2 = nfct_bitmask_new(rand() & 0xffff);
521 for (i=0; i<ATTR_MAX; i++) {
523 case ATTR_CONNLABELS:
526 case ATTR_CONNLABELS_MASK:
535 printf(
"== test get API ==\n");
538 for (i=0; i<ATTR_MAX; i++)
543 eval_sigterm(status);
546 printf(
"== validate set API ==\n");
549 for (i=0; i<ATTR_MAX; i++) {
550 if (attr_is_readonly(i))
554 case ATTR_HELPER_INFO:
557 case ATTR_CONNLABELS:
558 case ATTR_CONNLABELS_MASK:
562 data[0] = (uint8_t) i;
567 case ATTR_CONNLABELS:
568 assert((
void *) val == b);
570 case ATTR_CONNLABELS_MASK:
571 assert((
void *) val == b2);
575 if (val[0] != data[0]) {
576 printf(
"ERROR: set/get operations don't match "
577 "for attribute %d (%x != %x)\n",
584 eval_sigterm(status);
587 printf(
"== test copy API ==\n");
590 for (i=0; i<ATTR_MAX; i++)
595 eval_sigterm(status);
600 test_nfct_cmp_api(tmp, ct);
604 eval_sigterm(status);
618 printf(
"== test expect set API ==\n");
621 for (i=0; i<ATTR_EXP_MAX; i++)
626 eval_sigterm(status);
629 for (i=0; i<ATTR_EXP_MAX; i++)
632 printf(
"== test expect get API ==\n");
635 for (i=0; i<ATTR_EXP_MAX; i++)
640 eval_sigterm(status);
643 printf(
"== validate expect set API ==\n");
646 for (i=0; i<ATTR_EXP_MAX; i++) {
647 data[0] = (uint8_t) i;
650 if (val[0] != data[0]) {
651 printf(
"ERROR: set/get operations don't match "
652 "for attribute %d (%x != %x)\n",
659 eval_sigterm(status);
664 test_nfexp_cmp_api(tmp_exp, exp);
668 eval_sigterm(status);
677 printf(
"== test set grp API ==\n");
680 for (i=0; i<ATTR_GRP_MAX; i++)
685 eval_sigterm(status);
688 for (i=0; i<ATTR_GRP_MAX; i++)
691 printf(
"== test get grp API ==\n");
696 for (i=0; i<ATTR_GRP_MAX; i++)
701 eval_sigterm(status);
704 printf(
"== validate set grp API ==\n");
707 for (i=0; i<ATTR_GRP_MAX; i++) {
710 data[0] = (uint8_t) i;
715 case ATTR_GRP_ORIG_COUNTERS:
716 case ATTR_GRP_REPL_COUNTERS:
717 case ATTR_GRP_ORIG_ADDR_SRC:
718 case ATTR_GRP_ORIG_ADDR_DST:
719 case ATTR_GRP_REPL_ADDR_SRC:
720 case ATTR_GRP_REPL_ADDR_DST:
723 if (buf[0] != data[0]) {
724 printf(
"ERROR: set/get operations don't match "
725 "for attribute %d (%x != %x)\n",
732 eval_sigterm(status);
736 printf(
"== destroy cloned ct entry ==\n");
void nfexp_set_attr(struct nf_expect *exp, const enum nf_expect_attr type, const void *value)
size_t nfexp_maxsize(void)
void nfct_set_attr_l(struct nf_conntrack *ct, const enum nf_conntrack_attr type, const void *value, size_t len)
void nfct_set_attr_u32(struct nf_conntrack *ct, const enum nf_conntrack_attr type, uint32_t value)
void nfct_set_attr(struct nf_conntrack *ct, const enum nf_conntrack_attr type, const void *value)
void nfct_copy_attr(struct nf_conntrack *ct1, const struct nf_conntrack *ct2, const enum nf_conntrack_attr type)
int nfexp_cmp(const struct nf_expect *exp1, const struct nf_expect *exp2, unsigned int flags)
int nfct_get_attr_grp(const struct nf_conntrack *ct, const enum nf_conntrack_attr_grp type, void *data)
void nfct_copy(struct nf_conntrack *dest, const struct nf_conntrack *source, unsigned int flags)
void nfct_destroy(struct nf_conntrack *ct)
void nfct_set_attr_grp(struct nf_conntrack *ct, const enum nf_conntrack_attr_grp type, const void *value)
struct nf_expect * nfexp_new(void)
int nfexp_attr_unset(struct nf_expect *exp, const enum nf_expect_attr type)
uint32_t nfct_get_attr_u32(const struct nf_conntrack *ct, const enum nf_conntrack_attr type)
struct nf_conntrack * nfct_new(void)
int nfct_cmp(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags)
void nfct_set_attr_u8(struct nf_conntrack *ct, const enum nf_conntrack_attr type, uint8_t value)
const void * nfct_get_attr(const struct nf_conntrack *ct, const enum nf_conntrack_attr type)
int nfexp_attr_is_set(const struct nf_expect *exp, const enum nf_expect_attr type)
int nfct_attr_is_set(const struct nf_conntrack *ct, const enum nf_conntrack_attr type)
void nfexp_destroy(struct nf_expect *exp)
const void * nfexp_get_attr(const struct nf_expect *exp, const enum nf_expect_attr type)
int nfct_attr_unset(struct nf_conntrack *ct, const enum nf_conntrack_attr type)