#!/usr/bin/python
#
# Copyright 2015 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import itertools
import random
import unittest
from socket import *
import multinetwork_base
import net_test
import packets
class ForwardingTest(multinetwork_base.MultiNetworkBaseTest):
TCP_TIME_WAIT = 6
def ForwardBetweenInterfaces(self, enabled, iface1, iface2):
for iif, oif in itertools.permutations([iface1, iface2]):
self.iproute.IifRule(6, enabled, self.GetInterfaceName(iif),
self._TableForNetid(oif), self.PRIORITY_IIF)
def setUp(self):
self.SetSysctl("/proc/sys/net/ipv6/conf/all/forwarding", 1)
def tearDown(self):
self.SetSysctl("/proc/sys/net/ipv6/conf/all/forwarding", 0)
"""Checks that IPv6 forwarding works for UDP packets and is not broken by early demux.
Relevant kernel commits:
upstream:
5425077d73e0c8e net: ipv6: Add early demux handler for UDP unicast
0bd84065b19bca1 net: ipv6: Fix UDP early demux lookup with udp_l3mdev_accept=0
Ifa9c2ddfaa5b51 net: ipv6: reset daddr and dport in sk if connect() fails
"""
def CheckForwardingUdp(self, netid, iface1, iface2):
# TODO: Make a test for IPv4
# 1. Make version as an argument. Pick address to bind from array based
# on version.
# 2. The prefix length of the address is hardcoded to /64. Use the subnet
# mask there instead.
# 3. We recreate the address with SendRA, which obviously only works for
# IPv6. Use AddAddress for IPv4.
# Create a UDP socket and bind to it
version = 6
s = net_test.UDPSocket(AF_INET6)
self.SetSocketMark(s, netid)
s.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
s.bind(("::", 53))
remoteaddr = self.GetRemoteAddress(version)
myaddr = self.MyAddress(version, netid)
try:
# Delete address and check if packet is forwarded
# (and not dropped because an incorrect socket match happened)
self.iproute.DelAddress(myaddr, 64, self.ifindices[netid])
hoplimit = 39
desc, udp_pkt = packets.UDPWithOptions(version, myaddr, remoteaddr, 53)
# Decrements the hoplimit of a packet to simulate forwarding.
desc_fwded, udp_fwd = packets.UDPWithOptions(version, myaddr, remoteaddr,
53, hoplimit - 1)
msg = "Sent %s, expected %s" % (desc, desc_fwded)
self.ReceivePacketOn(iface1, udp_pkt)
self.ExpectPacketOn(iface2, msg, udp_fwd)
finally:
# Recreate the address.
self.SendRA(netid)
s.close()
"""Checks that IPv6 forwarding doesn't crash the system.
Relevant kernel commits:
upstream net-next:
e7eadb4 ipv6: inet6_sk() should use sk_fullsock()
android-3.10:
feee3c1 ipv6: inet6_sk() should use sk_fullsock()
cdab04e net: add sk_fullsock() helper
android-3.18:
8246f18 ipv6: inet6_sk() should use sk_fullsock()
bea19db net: add sk_fullsock() helper
"""
def CheckForwardingCrashTcp(self, netid, iface1, iface2):
version = 6
listensocket = net_test.IPv6TCPSocket()
self.SetSocketMark(listensocket, netid)
listenport = net_test.BindRandomPort(version, listensocket)
remoteaddr = self.GetRemoteAddress(version)
myaddr = self.MyAddress(version, netid)
desc, syn = packets.SYN(listenport, version, remoteaddr, myaddr)
synack_desc, synack = packets.SYNACK(version, myaddr, remoteaddr, syn)
msg = "Sent %s, expected %s" % (desc, synack_desc)
reply = self._ReceiveAndExpectResponse(netid, syn, synack, msg)
establishing_ack = packets.ACK(version, remoteaddr, myaddr, reply)[1]
self.ReceivePacketOn(netid, establishing_ack)
accepted, peer = listensocket.accept()
remoteport = accepted.getpeername()[1]
accepted.close()
desc, fin = packets.FIN(version, myaddr, remoteaddr, establishing_ack)
self.ExpectPacketOn(netid, msg + ": expecting %s after close" % desc, fin)
desc, finack = packets.FIN(version, remoteaddr, myaddr, fin)
self.ReceivePacketOn(netid, finack)
# Check our socket is now in TIME_WAIT.
sockets = self.ReadProcNetSocket("tcp6")
mysrc = "%s:%04X" % (net_test.FormatSockStatAddress(myaddr), listenport)
mydst = "%s:%04X" % (net_test.FormatSockStatAddress(remoteaddr), remoteport)
state = None
sockets = [s for s in sockets if s[0] == mysrc and s[1] == mydst]
self.assertEquals(1, len(sockets))
self.assertEquals("%02X" % self.TCP_TIME_WAIT, sockets[0][2])
# Remove our IP address.
try:
self.iproute.DelAddress(myaddr, 64, self.ifindices[netid])
self.ReceivePacketOn(iface1, finack)
self.ReceivePacketOn(iface1, establishing_ack)
self.ReceivePacketOn(iface1, establishing_ack)
# No crashes? Good.
finally:
# Put back our IP address.
self.SendRA(netid)
listensocket.close()
def CheckForwardingHandlerByProto(self, protocol, netid, iif, oif):
if protocol == IPPROTO_UDP:
self.CheckForwardingUdp(netid, iif, oif)
elif protocol == IPPROTO_TCP:
self.CheckForwardingCrashTcp(netid, iif, oif)
else:
raise NotImplementedError
def CheckForwardingByProto(self, proto):
# Run the test a few times as it doesn't crash/hang the first time.
for netids in itertools.permutations(self.tuns):
# Pick an interface to send traffic on and two to forward traffic between.
netid, iface1, iface2 = random.sample(netids, 3)
self.ForwardBetweenInterfaces(True, iface1, iface2)
try:
self.CheckForwardingHandlerByProto(proto, netid, iface1, iface2)
finally:
self.ForwardBetweenInterfaces(False, iface1, iface2)
def testForwardingUdp(self):
self.CheckForwardingByProto(IPPROTO_UDP)
def testForwardingCrashTcp(self):
self.CheckForwardingByProto(IPPROTO_TCP)
if __name__ == "__main__":
unittest.main()