2021-08-26 13:44:53 +00:00
|
|
|
//go:build linux
|
2017-02-20 17:34:32 +00:00
|
|
|
// +build linux
|
|
|
|
|
2015-11-26 10:50:07 +00:00
|
|
|
package netlink
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net"
|
|
|
|
"testing"
|
2017-10-20 20:38:07 +00:00
|
|
|
|
|
|
|
"golang.org/x/sys/unix"
|
2015-11-26 10:50:07 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestRuleAddDel(t *testing.T) {
|
2017-02-06 16:14:07 +00:00
|
|
|
skipUnlessRoot(t)
|
2017-11-28 06:59:57 +00:00
|
|
|
defer setUpNetlinkTest(t)()
|
2017-02-06 16:14:07 +00:00
|
|
|
|
2015-11-26 10:50:07 +00:00
|
|
|
srcNet := &net.IPNet{IP: net.IPv4(172, 16, 0, 1), Mask: net.CIDRMask(16, 32)}
|
|
|
|
dstNet := &net.IPNet{IP: net.IPv4(172, 16, 1, 1), Mask: net.CIDRMask(24, 32)}
|
|
|
|
|
2020-04-30 02:49:27 +00:00
|
|
|
rulesBegin, err := RuleList(FAMILY_V4)
|
2015-11-26 10:50:07 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2015-12-09 13:07:11 +00:00
|
|
|
rule := NewRule()
|
2023-07-10 22:37:32 +00:00
|
|
|
rule.Family = FAMILY_V4
|
2017-10-20 20:38:07 +00:00
|
|
|
rule.Table = unix.RT_TABLE_MAIN
|
2015-12-09 13:07:11 +00:00
|
|
|
rule.Src = srcNet
|
|
|
|
rule.Dst = dstNet
|
|
|
|
rule.Priority = 5
|
|
|
|
rule.OifName = "lo"
|
|
|
|
rule.IifName = "lo"
|
2017-11-07 17:34:56 +00:00
|
|
|
rule.Invert = true
|
2020-02-08 20:55:55 +00:00
|
|
|
rule.Tos = 0x10
|
2020-01-16 16:27:48 +00:00
|
|
|
rule.Dport = NewRulePortRange(80, 80)
|
|
|
|
rule.Sport = NewRulePortRange(1000, 1024)
|
2021-08-26 04:23:33 +00:00
|
|
|
rule.IPProto = unix.IPPROTO_UDP
|
2022-04-27 23:49:27 +00:00
|
|
|
rule.UIDRange = NewRuleUIDRange(100, 100)
|
2023-03-10 11:50:29 +00:00
|
|
|
rule.Protocol = unix.RTPROT_KERNEL
|
2015-11-26 10:50:07 +00:00
|
|
|
if err := RuleAdd(rule); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2020-04-30 02:49:27 +00:00
|
|
|
rules, err := RuleList(FAMILY_V4)
|
2015-11-26 10:50:07 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2016-03-20 00:12:26 +00:00
|
|
|
if len(rules) != len(rulesBegin)+1 {
|
2015-11-26 10:50:07 +00:00
|
|
|
t.Fatal("Rule not added properly")
|
|
|
|
}
|
|
|
|
|
|
|
|
// find this rule
|
2020-04-30 02:49:27 +00:00
|
|
|
found := ruleExists(rules, *rule)
|
2015-11-26 10:50:07 +00:00
|
|
|
if !found {
|
|
|
|
t.Fatal("Rule has diffrent options than one added")
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := RuleDel(rule); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2020-04-30 02:49:27 +00:00
|
|
|
rulesEnd, err := RuleList(FAMILY_V4)
|
2015-11-26 10:50:07 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2016-03-20 00:12:26 +00:00
|
|
|
if len(rulesEnd) != len(rulesBegin) {
|
2015-11-26 10:50:07 +00:00
|
|
|
t.Fatal("Rule not removed properly")
|
|
|
|
}
|
|
|
|
}
|
2020-04-30 02:49:27 +00:00
|
|
|
|
|
|
|
func TestRuleListFiltered(t *testing.T) {
|
|
|
|
skipUnlessRoot(t)
|
|
|
|
defer setUpNetlinkTest(t)()
|
|
|
|
|
|
|
|
t.Run("IPv4", testRuleListFilteredIPv4)
|
|
|
|
t.Run("IPv6", testRuleListFilteredIPv6)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testRuleListFilteredIPv4(t *testing.T) {
|
|
|
|
srcNet := &net.IPNet{IP: net.IPv4(172, 16, 0, 1), Mask: net.CIDRMask(16, 32)}
|
|
|
|
dstNet := &net.IPNet{IP: net.IPv4(172, 16, 1, 1), Mask: net.CIDRMask(24, 32)}
|
|
|
|
runRuleListFiltered(t, FAMILY_V4, srcNet, dstNet)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testRuleListFilteredIPv6(t *testing.T) {
|
|
|
|
ip1 := net.ParseIP("fd56:6b58:db28:2913::")
|
|
|
|
ip2 := net.ParseIP("fde9:379f:3b35:6635::")
|
|
|
|
|
|
|
|
srcNet := &net.IPNet{IP: ip1, Mask: net.CIDRMask(64, 128)}
|
|
|
|
dstNet := &net.IPNet{IP: ip2, Mask: net.CIDRMask(96, 128)}
|
|
|
|
runRuleListFiltered(t, FAMILY_V6, srcNet, dstNet)
|
|
|
|
}
|
|
|
|
|
|
|
|
func runRuleListFiltered(t *testing.T, family int, srcNet, dstNet *net.IPNet) {
|
|
|
|
defaultRules, _ := RuleList(family)
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
ruleFilter *Rule
|
|
|
|
filterMask uint64
|
|
|
|
preRun func() *Rule // Creates sample rule harness
|
|
|
|
postRun func(*Rule) // Deletes sample rule harness
|
|
|
|
setupWant func(*Rule) ([]Rule, bool)
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "returns all rules",
|
|
|
|
ruleFilter: nil,
|
|
|
|
filterMask: 0,
|
|
|
|
preRun: func() *Rule { return nil },
|
|
|
|
postRun: func(r *Rule) {},
|
|
|
|
setupWant: func(_ *Rule) ([]Rule, bool) {
|
|
|
|
return defaultRules, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns one rule filtered by Src",
|
|
|
|
ruleFilter: &Rule{Src: srcNet},
|
|
|
|
filterMask: RT_FILTER_SRC,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1 // Must add priority and table otherwise it's auto-assigned
|
2023-07-10 22:37:32 +00:00
|
|
|
r.Family = family
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Table = 1
|
|
|
|
RuleAdd(r)
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns one rule filtered by Dst",
|
|
|
|
ruleFilter: &Rule{Dst: dstNet},
|
|
|
|
filterMask: RT_FILTER_DST,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Dst = dstNet
|
|
|
|
r.Priority = 1 // Must add priority and table otherwise it's auto-assigned
|
2023-07-10 22:37:32 +00:00
|
|
|
r.Family = family
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Table = 1
|
|
|
|
RuleAdd(r)
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns two rules filtered by Dst",
|
|
|
|
ruleFilter: &Rule{Dst: dstNet},
|
|
|
|
filterMask: RT_FILTER_DST,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Dst = dstNet
|
|
|
|
r.Priority = 1 // Must add priority and table otherwise it's auto-assigned
|
2023-07-10 22:37:32 +00:00
|
|
|
r.Family = family
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Table = 1
|
|
|
|
RuleAdd(r)
|
|
|
|
|
|
|
|
rc := *r // Create almost identical copy
|
|
|
|
rc.Src = srcNet
|
|
|
|
RuleAdd(&rc)
|
|
|
|
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) {
|
|
|
|
RuleDel(r)
|
|
|
|
|
|
|
|
rc := *r // Delete the almost identical copy
|
|
|
|
rc.Src = srcNet
|
|
|
|
RuleDel(&rc)
|
|
|
|
},
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
rs := []Rule{}
|
|
|
|
rs = append(rs, *r)
|
|
|
|
|
|
|
|
rc := *r // Append the almost identical copy
|
|
|
|
rc.Src = srcNet
|
|
|
|
rs = append(rs, rc)
|
|
|
|
|
|
|
|
return rs, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns one rule filtered by Src when two rules exist",
|
|
|
|
ruleFilter: &Rule{Src: srcNet},
|
|
|
|
filterMask: RT_FILTER_SRC,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Dst = dstNet
|
|
|
|
r.Priority = 1 // Must add priority and table otherwise it's auto-assigned
|
2023-07-10 22:37:32 +00:00
|
|
|
r.Family = family
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Table = 1
|
|
|
|
RuleAdd(r)
|
|
|
|
|
|
|
|
rc := *r // Create almost identical copy
|
|
|
|
rc.Src = srcNet
|
|
|
|
RuleAdd(&rc)
|
|
|
|
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) {
|
|
|
|
RuleDel(r)
|
|
|
|
|
|
|
|
rc := *r // Delete the almost identical copy
|
|
|
|
rc.Src = srcNet
|
|
|
|
RuleDel(&rc)
|
|
|
|
},
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
rs := []Rule{}
|
|
|
|
// Do not append `r`
|
|
|
|
|
|
|
|
rc := *r // Append the almost identical copy
|
|
|
|
rc.Src = srcNet
|
|
|
|
rs = append(rs, rc)
|
|
|
|
|
|
|
|
return rs, false
|
|
|
|
},
|
|
|
|
},
|
2024-03-27 21:23:31 +00:00
|
|
|
{
|
|
|
|
name: "returns one rule filtered by Priority(0) and Table",
|
|
|
|
ruleFilter: &Rule{Priority: 0, Table: 1},
|
|
|
|
filterMask: RT_FILTER_PRIORITY | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 0
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 1
|
|
|
|
RuleAdd(r)
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) {
|
|
|
|
RuleDel(r)
|
|
|
|
},
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns one rule filtered by Priority preceding main-table rule",
|
|
|
|
ruleFilter: &Rule{Priority: 32765},
|
|
|
|
filterMask: RT_FILTER_PRIORITY,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 1
|
|
|
|
RuleAdd(r)
|
2024-07-29 09:12:06 +00:00
|
|
|
|
2024-03-27 21:23:31 +00:00
|
|
|
r.Priority = 32765 // Set priority for assertion
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) {
|
|
|
|
RuleDel(r)
|
|
|
|
},
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
2020-04-30 02:49:27 +00:00
|
|
|
{
|
|
|
|
name: "returns rules with specific priority",
|
|
|
|
ruleFilter: &Rule{Priority: 5},
|
|
|
|
filterMask: RT_FILTER_PRIORITY,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 5
|
2023-07-10 22:37:32 +00:00
|
|
|
r.Family = family
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Table = 1
|
|
|
|
RuleAdd(r)
|
|
|
|
|
|
|
|
for i := 2; i < 5; i++ {
|
|
|
|
rc := *r // Create almost identical copy
|
|
|
|
rc.Table = i
|
|
|
|
RuleAdd(&rc)
|
|
|
|
}
|
|
|
|
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) {
|
|
|
|
RuleDel(r)
|
|
|
|
|
|
|
|
for i := 2; i < 5; i++ {
|
|
|
|
rc := *r // Delete the almost identical copy
|
|
|
|
rc.Table = -1
|
|
|
|
RuleDel(&rc)
|
|
|
|
}
|
|
|
|
},
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
rs := []Rule{}
|
|
|
|
rs = append(rs, *r)
|
|
|
|
|
|
|
|
for i := 2; i < 5; i++ {
|
|
|
|
rc := *r // Append the almost identical copy
|
|
|
|
rc.Table = i
|
|
|
|
rs = append(rs, rc)
|
|
|
|
}
|
|
|
|
|
|
|
|
return rs, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by Table",
|
|
|
|
ruleFilter: &Rule{Table: 199},
|
|
|
|
filterMask: RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1 // Must add priority otherwise it's auto-assigned
|
2023-07-10 22:37:32 +00:00
|
|
|
r.Family = family
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Table = 199
|
|
|
|
RuleAdd(r)
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by Mask",
|
2024-07-29 09:12:06 +00:00
|
|
|
ruleFilter: &Rule{Mask: &[]uint32{0x5}[0]},
|
2020-04-30 02:49:27 +00:00
|
|
|
filterMask: RT_FILTER_MASK,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1 // Must add priority and table otherwise it's auto-assigned
|
2023-07-10 22:37:32 +00:00
|
|
|
r.Family = family
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Table = 1
|
2024-07-29 09:12:06 +00:00
|
|
|
r.Mask = &[]uint32{0x5}[0]
|
2020-04-30 02:49:27 +00:00
|
|
|
RuleAdd(r)
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by Mark",
|
|
|
|
ruleFilter: &Rule{Mark: 0xbb},
|
|
|
|
filterMask: RT_FILTER_MARK,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1 // Must add priority, table, mask otherwise it's auto-assigned
|
2023-07-10 22:37:32 +00:00
|
|
|
r.Family = family
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Table = 1
|
2024-07-29 09:12:06 +00:00
|
|
|
r.Mask = &[]uint32{0xff}[0]
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Mark = 0xbb
|
|
|
|
RuleAdd(r)
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
2024-07-29 09:12:06 +00:00
|
|
|
{
|
|
|
|
name: "returns rules filtered by fwmark 0",
|
|
|
|
ruleFilter: &Rule{Mark: 0, Mask: nil, Table: 100},
|
|
|
|
filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 100
|
|
|
|
r.Mark = 0
|
|
|
|
r.Mask = nil
|
|
|
|
if err := RuleAdd(r); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by fwmark 0/0xFFFFFFFF",
|
|
|
|
ruleFilter: &Rule{Mark: 0, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
|
|
|
|
filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 100
|
|
|
|
r.Mark = 0
|
|
|
|
r.Mask = &[]uint32{0xFFFFFFFF}[0]
|
|
|
|
if err := RuleAdd(r); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by fwmark 0x1234/0",
|
|
|
|
ruleFilter: &Rule{Mark: 0x1234, Mask: &[]uint32{0}[0], Table: 100},
|
|
|
|
filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 100
|
|
|
|
r.Mark = 0x1234
|
|
|
|
r.Mask = &[]uint32{0}[0]
|
|
|
|
if err := RuleAdd(r); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by fwmark 0/0xFFFFFFFF",
|
|
|
|
ruleFilter: &Rule{Mark: 0, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
|
|
|
|
filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 100
|
|
|
|
r.Mark = 0
|
|
|
|
r.Mask = &[]uint32{0xFFFFFFFF}[0]
|
|
|
|
if err := RuleAdd(r); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by fwmark 0xFFFFFFFF",
|
|
|
|
ruleFilter: &Rule{Mark: 0xFFFFFFFF, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
|
|
|
|
filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 100
|
|
|
|
r.Mark = 0xFFFFFFFF
|
|
|
|
r.Mask = nil
|
|
|
|
if err := RuleAdd(r); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by fwmark 0x1234",
|
|
|
|
ruleFilter: &Rule{Mark: 0x1234, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
|
|
|
|
filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 100
|
|
|
|
r.Mark = 0x1234
|
|
|
|
r.Mask = nil
|
|
|
|
if err := RuleAdd(r); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by fwmark 0x12345678",
|
|
|
|
ruleFilter: &Rule{Mark: 0x12345678, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
|
|
|
|
filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 100
|
|
|
|
r.Mark = 0x12345678
|
|
|
|
r.Mask = nil
|
|
|
|
if err := RuleAdd(r); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by fwmark 0xFFFFFFFF/0",
|
|
|
|
ruleFilter: &Rule{Mark: 0xFFFFFFFF, Mask: &[]uint32{0}[0], Table: 100},
|
|
|
|
filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 100
|
|
|
|
r.Mark = 0xFFFFFFFF
|
|
|
|
r.Mask = &[]uint32{0}[0]
|
|
|
|
if err := RuleAdd(r); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "returns rules filtered by fwmark 0xFFFFFFFF/0xFFFFFFFF",
|
|
|
|
ruleFilter: &Rule{Mark: 0xFFFFFFFF, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
|
|
|
|
filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1
|
|
|
|
r.Family = family
|
|
|
|
r.Table = 100
|
|
|
|
r.Mark = 0xFFFFFFFF
|
|
|
|
r.Mask = &[]uint32{0xFFFFFFFF}[0]
|
|
|
|
if err := RuleAdd(r); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
2020-04-30 02:49:27 +00:00
|
|
|
{
|
|
|
|
name: "returns rules filtered by Tos",
|
|
|
|
ruleFilter: &Rule{Tos: 12},
|
|
|
|
filterMask: RT_FILTER_TOS,
|
|
|
|
preRun: func() *Rule {
|
|
|
|
r := NewRule()
|
|
|
|
r.Src = srcNet
|
|
|
|
r.Priority = 1 // Must add priority, table, mask otherwise it's auto-assigned
|
2023-07-10 22:37:32 +00:00
|
|
|
r.Family = family
|
2020-04-30 02:49:27 +00:00
|
|
|
r.Table = 12
|
|
|
|
r.Tos = 12 // Tos must equal table
|
|
|
|
RuleAdd(r)
|
|
|
|
return r
|
|
|
|
},
|
|
|
|
postRun: func(r *Rule) { RuleDel(r) },
|
|
|
|
setupWant: func(r *Rule) ([]Rule, bool) {
|
|
|
|
return []Rule{*r}, false
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
rule := tt.preRun()
|
|
|
|
rules, err := RuleListFiltered(family, tt.ruleFilter, tt.filterMask)
|
|
|
|
tt.postRun(rule)
|
|
|
|
|
|
|
|
wantRules, wantErr := tt.setupWant(rule)
|
|
|
|
|
|
|
|
if len(wantRules) != len(rules) {
|
|
|
|
t.Errorf("Expected len: %d, got: %d", len(wantRules), len(rules))
|
|
|
|
} else {
|
|
|
|
for i := range wantRules {
|
|
|
|
if !ruleEquals(wantRules[i], rules[i]) {
|
|
|
|
t.Errorf("Rules mismatch, want %v, got %v", wantRules[i], rules[i])
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (err != nil) != wantErr {
|
|
|
|
t.Errorf("Error expectation not met, want %v, got %v", (err != nil), wantErr)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-08-26 13:44:53 +00:00
|
|
|
func TestRuleString(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
testCases := map[string]struct {
|
|
|
|
r Rule
|
|
|
|
s string
|
|
|
|
}{
|
|
|
|
"empty rule": {
|
2024-08-22 19:13:23 +00:00
|
|
|
s: "ip rule 0: from all to all table 0 ",
|
2021-08-26 13:44:53 +00:00
|
|
|
},
|
|
|
|
"rule with src and dst equivalent to <nil>": {
|
|
|
|
r: Rule{
|
|
|
|
Priority: 100,
|
|
|
|
Src: &net.IPNet{IP: net.IPv4(10, 0, 0, 0)},
|
|
|
|
Dst: &net.IPNet{IP: net.IPv4(20, 0, 0, 0)},
|
|
|
|
Table: 99,
|
|
|
|
},
|
2024-08-22 19:13:23 +00:00
|
|
|
s: "ip rule 100: from all to all table 99 ",
|
2021-08-26 13:44:53 +00:00
|
|
|
},
|
|
|
|
"rule with src and dst": {
|
|
|
|
r: Rule{
|
|
|
|
Priority: 100,
|
|
|
|
Src: &net.IPNet{IP: net.IPv4(10, 0, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
|
|
|
|
Dst: &net.IPNet{IP: net.IPv4(20, 0, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
|
|
|
|
Table: 99,
|
|
|
|
},
|
2024-08-22 19:13:23 +00:00
|
|
|
s: "ip rule 100: from 10.0.0.0/24 to 20.0.0.0/24 table 99 ",
|
|
|
|
},
|
|
|
|
"rule with type": {
|
|
|
|
r: Rule{
|
|
|
|
Priority: 101,
|
|
|
|
Type: unix.RTN_UNREACHABLE,
|
|
|
|
},
|
|
|
|
s: "ip rule 101: from all to all table 0 unreachable",
|
2021-08-26 13:44:53 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, testCase := range testCases {
|
|
|
|
testCase := testCase
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
s := testCase.r.String()
|
|
|
|
|
|
|
|
if s != testCase.s {
|
|
|
|
t.Errorf("expected %q but got %q", testCase.s, s)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-04-30 02:49:27 +00:00
|
|
|
func ruleExists(rules []Rule, rule Rule) bool {
|
|
|
|
for i := range rules {
|
|
|
|
if ruleEquals(rules[i], rule) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func ruleEquals(a, b Rule) bool {
|
|
|
|
return a.Table == b.Table &&
|
|
|
|
((a.Src == nil && b.Src == nil) ||
|
|
|
|
(a.Src != nil && b.Src != nil && a.Src.String() == b.Src.String())) &&
|
|
|
|
((a.Dst == nil && b.Dst == nil) ||
|
|
|
|
(a.Dst != nil && b.Dst != nil && a.Dst.String() == b.Dst.String())) &&
|
|
|
|
a.OifName == b.OifName &&
|
|
|
|
a.Priority == b.Priority &&
|
2023-07-10 22:37:32 +00:00
|
|
|
a.Family == b.Family &&
|
2020-04-30 02:49:27 +00:00
|
|
|
a.IifName == b.IifName &&
|
|
|
|
a.Invert == b.Invert &&
|
2022-01-18 13:20:09 +00:00
|
|
|
a.Tos == b.Tos &&
|
2024-08-22 19:13:23 +00:00
|
|
|
a.Type == b.Type &&
|
2023-03-10 11:50:29 +00:00
|
|
|
a.IPProto == b.IPProto &&
|
2024-07-29 09:12:06 +00:00
|
|
|
a.Protocol == b.Protocol &&
|
|
|
|
a.Mark == b.Mark &&
|
|
|
|
(ptrEqual(a.Mask, b.Mask) || (a.Mark != 0 &&
|
|
|
|
(a.Mask == nil && *b.Mask == 0xFFFFFFFF || b.Mask == nil && *a.Mask == 0xFFFFFFFF)))
|
2020-04-30 02:49:27 +00:00
|
|
|
}
|