X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=test.sh;h=850ab36389f29418a394aba6806c41c57442f630;hb=d05d679fa4de0002100a7cd806897a2d97d19b5f;hp=a64c82911cbc336657f2e5e08d653f8d0debc0e1;hpb=bcf836638563135278efe7d0476ece5772ff465a;p=flowspec-xdp diff --git a/test.sh b/test.sh index a64c829..850ab36 100755 --- a/test.sh +++ b/test.sh @@ -15,7 +15,7 @@ TEST_PKT='#define TEST \ "\xb5\xc3\xa9\xa6\x21\x14\xc7\xd9\x71\x07"' # Test all the things... -echo "flow4 { src 72.229.104.206/32; dst 103.99.170.10/32; proto = 17; sport = 56733; dport = 4242; length = 140; dscp 0/0xff; fragment !dont_fragment && !is_fragment && !first_fragment && !last_fragment };" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=ignore +echo "flow4 { src 72.229.104.206/32; dst 103.99.170.10/32; proto = 17; sport = 56733; dport = 4242; length = 140; dscp = 0; fragment !dont_fragment && !is_fragment && !first_fragment && !last_fragment };" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=ignore echo "$TEST_PKT" >> rules.h echo "#define TEST_EXP XDP_DROP" >> rules.h clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp @@ -41,20 +41,57 @@ echo "$TEST_PKT" >> rules.h echo "#define TEST_EXP XDP_PASS" >> rules.h clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp +# Some match-order tests... +# (43 && 42) || 4242 +echo "flow4 { port = 43 && 42, 4242; };" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=ignore +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_DROP" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + +# (43 && 42) || 4242 +echo "flow4 { port = 43 && 42 || 4242; };" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=ignore +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_DROP" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + +# 4242 || (42 && 43) +echo "flow4 { port = 4242, 42 && 43; };" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=ignore +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_DROP" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + +# (4242 && false) || (42 && 4242) +echo "flow4 { port = 4242 && false, 42 && 4242; };" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=ignore +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_PASS" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + +# (4242 && true) || (42 && 43) +echo "flow4 { port = 4242 && true, 42 && 43; };" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=ignore +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_DROP" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + +# 42 || true +echo "flow4 { port = 42, true; };" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=ignore +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_DROP" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + echo "flow4 { icmp code != 0; };" | ./genrules.py --ihl=drop-options --8021q=drop-vlan --v6frag=drop-frags echo "$TEST_PKT" >> rules.h echo "#define TEST_EXP XDP_PASS" >> rules.h clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp TEST_PKT='#define TEST \ -"\x00\x0d\xb9\x50\x11\x4c\x00\x17\x10\x95\xe8\x96\x86\xdd\x60\x00" \ +"\x00\x0d\xb9\x50\x11\x4c\x00\x17\x10\x95\xe8\x96\x86\xdd\x6f\xc0" \ "\x00\x00\x00\x20\x06\x37\x2a\x01\x04\xf8\x01\x30\x71\xd2\x00\x00" \ "\x00\x00\x00\x00\x00\x02\x26\x20\x00\x6e\xa0\x00\x20\x01\x00\x00" \ "\x00\x00\x00\x00\x00\x06\x20\x8d\xc2\x72\xff\x5f\x50\xa7\x1a\xfb" \ "\x41\xed\x80\x10\x06\xef\x87\x8c\x00\x00\x01\x01\x08\x0a\x98\x3d" \ "\x75\xde\xeb\x22\xd6\x80"' -# Some v6 TCP tests... +# Some v6 TCP tests with a DSCP of all 1s... echo "flow6 { src 2a01:4f8:130:71d2::2/128; dst 2620:6e:a000:2001::6/128; next header 6; port 8333 && 49778; tcp flags 0x010/0xfff;};" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=ignore echo "$TEST_PKT" >> rules.h echo "#define TEST_EXP XDP_DROP" >> rules.h @@ -65,6 +102,11 @@ echo "$TEST_PKT" >> rules.h echo "#define TEST_EXP XDP_DROP" >> rules.h clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp +echo "flow6 { dscp 0x3f; };" | ./genrules.py --ihl=drop-options --8021q=drop-vlan --v6frag=drop-frags +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_DROP" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + echo "flow6 { icmp code != 0; };" | ./genrules.py --ihl=drop-options --8021q=drop-vlan --v6frag=drop-frags echo "$TEST_PKT" >> rules.h echo "#define TEST_EXP XDP_PASS" >> rules.h @@ -72,14 +114,14 @@ clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wn TEST_PKT='#define TEST \ "\xcc\x2d\xe0\xf5\x02\xe1\x00\x0d\xb9\x50\x42\xfe\x81\x00\x00\x03" \ -"\x08\x00\x45\x00\x00\x54\xda\x85\x40\x00\x40\x01\x67\xc6\x0a\x45" \ +"\x08\x00\x45\xfc\x00\x54\xda\x85\x40\x00\x40\x01\x67\xc6\x0a\x45" \ "\x1e\x51\xd1\xfa\xfd\xcc\x08\x00\x18\x82\x7e\xda\x00\x02\xc8\xc4" \ "\x67\x60\x00\x00\x00\x00\x69\xa9\x08\x00\x00\x00\x00\x00\x10\x11" \ "\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21" \ "\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31" \ "\x32\x33\x34\x35\x36\x37"' -# ICMP and VLAN tests +# ICMP and VLAN tests with DSCP of all 1s... echo "flow4 { src 10.0.0.0/8; dst 209.250.0.0/16; proto = 1; icmp type 8; icmp code >= 0; length < 100; fragment dont_fragment; };" | ./genrules.py --ihl=accept-options --8021q=parse-vlan --v6frag=ignore echo "$TEST_PKT" >> rules.h echo "#define TEST_EXP XDP_DROP" >> rules.h @@ -115,6 +157,12 @@ echo "$TEST_PKT" >> rules.h echo "#define TEST_EXP XDP_PASS" >> rules.h clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp +echo "flow4 { dscp 0x3f; };" | ./genrules.py --ihl=drop-options --8021q=drop-vlan --v6frag=drop-frags +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_DROP" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + + # Test --8021q option handling echo "flow4 { port 42; };" | ./genrules.py --ihl=drop-options --8021q=drop-vlan --v6frag=drop-frags echo "$TEST_PKT" >> rules.h @@ -191,6 +239,17 @@ echo "$TEST_PKT" >> rules.h echo "#define TEST_EXP XDP_PASS" >> rules.h clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp +echo "flow6 { src 2620:6e:a007:233::1/128; dst 2001:470:0:503::2/128; fragment !is_fragment || first_fragment || !last_fragment; };" | ./genrules.py --ihl=drop-options --8021q=drop-vlan --v6frag=parse-frags +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_PASS" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + +# Note on the second fragment we don't know the ICMP header (though < 256 is trivially true) +echo "flow6 { icmp type < 256; };" | ./genrules.py --ihl=drop-options --8021q=drop-vlan --v6frag=parse-frags +echo "$TEST_PKT" >> rules.h +echo "#define TEST_EXP XDP_PASS" >> rules.h +clang -std=c99 -fsanitize=address -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O0 -g xdp.c -o xdp && ./xdp + #TODO Is nextheader frag correct to match on here? Should we support matching on any nexthdr? echo "flow6 { next header 44; };" | ./genrules.py --ihl=accept-options --8021q=accept-vlan --v6frag=parse-frags echo "$TEST_PKT" >> rules.h