more tests, start to receive frames, ...
This commit is contained in:
parent
fb87aa4f11
commit
18e1ca848e
|
@ -5,6 +5,7 @@ module IPL4_example {
|
|||
import from TunDevice_Types all;
|
||||
import from NetfilterConntrack_Functions all;
|
||||
import from http_www_netfilter_org_xml_libnetfilter_conntrack all;
|
||||
import from XSD all;
|
||||
|
||||
external function enc_Flow(in Flow pdu) return octetstring
|
||||
with { extension "prototype (convert) encode(XER:XER_EXTENDED)" }
|
||||
|
@ -20,9 +21,11 @@ module IPL4_example {
|
|||
port TunDevice_PT TUN;
|
||||
port TunDevice_PT TUN2;
|
||||
var boolean initialized := false;
|
||||
timer T := 3.0;
|
||||
}
|
||||
|
||||
template (value) Tun_send tunmsg(octetstring p_data) := { msg := p_data };
|
||||
template (value) Tun_recv tunrcv(octetstring p_data) := { msg := p_data };
|
||||
|
||||
import from UsefulTtcn3Types all;
|
||||
|
||||
|
@ -37,14 +40,6 @@ module IPL4_example {
|
|||
unsignedshort dst_port
|
||||
}
|
||||
|
||||
template flow_info flow_info_udp := {
|
||||
l4_protocol := tsc_IP_Protocol_UDP
|
||||
}
|
||||
|
||||
template flow_info flow_info_tcp := {
|
||||
l4_protocol := tsc_IP_Protocol_TCP
|
||||
}
|
||||
|
||||
type record pkt_info {
|
||||
nfct_direction direction,
|
||||
octetstring payload optional
|
||||
|
@ -63,6 +58,11 @@ module IPL4_example {
|
|||
return flowi
|
||||
}
|
||||
|
||||
function get_random_port_offset() return unsignedshort {
|
||||
var float r := rnd();
|
||||
return float2int(r * (65535.0 - 2000.0));
|
||||
}
|
||||
|
||||
/* generate a packet according to the input flow + pkt information */
|
||||
function flow_gen_pkt(flow_info flowi, pkt_info pkti) return octetstring {
|
||||
var octetstring ret;
|
||||
|
@ -82,6 +82,11 @@ module IPL4_example {
|
|||
if (flowi.l4_protocol == tsc_IP_Protocol_UDP) {
|
||||
ret := f_IPv4IPv6_AnyUdpPacket(src_ip, dst_ip, src_port, dst_port);
|
||||
}
|
||||
/*
|
||||
if (pkti.trunc_len < lengthof(ret)) {
|
||||
ret := substr(ret, 0, trunc_len);
|
||||
}
|
||||
*/
|
||||
return ret
|
||||
}
|
||||
|
||||
|
@ -145,6 +150,7 @@ module IPL4_example {
|
|||
}
|
||||
|
||||
/* get a single conntrack entry derived from the specified flow_info */
|
||||
//{ meta := { direction := "original", choice := { orig_repl_group := { layer3 := { protoname := "ipv4", protonum := "2", src := "1.1.1.200", dst := "2.2.2.200" }, layer4 := { protoname := "udp", protonum := "17", sport := 1001, dport := 2001 }, zone := omit, counters := omit } } }, meta_1 := { direction := "reply", choice := { orig_repl_group := { layer3 := { protoname := "ipv4", protonum := "2", src := "2.2.2.200", dst := "1.1.1.200" }, layer4 := { protoname := "udp", protonum := "17", sport := 2001, dport := 1001 }, zone := omit, counters := omit } } }, meta_2 := { direction := "independent", choice := { indep_group := { state := omit, timeout_ := 30, mark := 0, secmark := omit, zone := omit, use := 2, id := 2741869312, assured := omit, unreplied := { }, timestamp := omit, deltatime := omit } } }, when := omit }
|
||||
function f_get_conntrack(flow_info flowi) return Flow {
|
||||
var charstring xml := f_get_conntrack_xml(flowi.src_ip, flowi.dst_ip, flowi.l4_protocol, flowi.src_port, flowi.dst_port)
|
||||
var Flows flows := dec_Flows(unichar2oct(xml));
|
||||
|
@ -154,11 +160,48 @@ module IPL4_example {
|
|||
function flow_send_pkt_tun1(flow_info flowi, pkt_info pkti) runs on dummy_CT {
|
||||
var octetstring pkt := flow_gen_pkt(flowi, pkti);
|
||||
TUN.send(tunmsg(pkt));
|
||||
T.start;
|
||||
alt {
|
||||
//[] TUN2.receive(tunrcv(pkt)) { }
|
||||
//[] TUN2.receive { log("unexpected receive"); repeat };
|
||||
[] TUN2.receive {}
|
||||
[] T.timeout { setverdict(inconc) }
|
||||
}
|
||||
T.stop;
|
||||
}
|
||||
|
||||
function flow_send_pkt_tun2(flow_info flowi, pkt_info pkti) runs on dummy_CT {
|
||||
var octetstring pkt := flow_gen_pkt(flowi, pkti);
|
||||
TUN2.send(tunmsg(pkt));
|
||||
T.start;
|
||||
alt {
|
||||
//[] TUN.receive(tunrcv(pkt)) { }
|
||||
//[] TUN.receive { log("unexpected"); repeat }
|
||||
[] TUN.receive {}
|
||||
[] T.timeout { setverdict(inconc) }
|
||||
}
|
||||
T.stop;
|
||||
}
|
||||
|
||||
function get_nfct_and_match(flow_info flowi, template Flow t_flow) return boolean {
|
||||
var Flow ct := f_get_conntrack(flowi);
|
||||
var boolean ret := match(ct, t_flow);
|
||||
if (not ret) {
|
||||
setverdict(fail);
|
||||
log("conntrack as read from kernel:", ct);
|
||||
log("template that didn't match:", t_flow);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* apply a certain tolerance of up to 1 second in the timeout * retrieved after the packet traversed conntrack */
|
||||
function timeout_range(NonNegativeInteger secs) return template NonNegativeInteger {
|
||||
return (secs-1 .. secs);
|
||||
}
|
||||
|
||||
/* update Flow template tiemout with timeout range of (tout-1 .. tout) */
|
||||
function tflow_set_timeout(inout template Flow tflow, NonNegativeInteger tout) {
|
||||
tflow.meta_2.choice.indep_group.timeout_ := timeout_range(tout);
|
||||
}
|
||||
|
||||
function init() runs on dummy_CT {
|
||||
|
@ -178,59 +221,83 @@ module IPL4_example {
|
|||
log(dec_Flows(unichar2oct(xml)))
|
||||
}
|
||||
|
||||
testcase TC_dummy() runs on dummy_CT {
|
||||
var octetstring msg := unichar2oct("foo")
|
||||
init();
|
||||
TUN.send(tunmsg(msg))
|
||||
|
||||
msg := unichar2oct("bar")
|
||||
TUN2.send(tunmsg(msg))
|
||||
|
||||
setverdict(pass);
|
||||
}
|
||||
|
||||
function get_nfct_and_match(flow_info flowi, template Flow t_flow) return boolean {
|
||||
var Flow ct := f_get_conntrack(flowi);
|
||||
return match(ct, t_flow);
|
||||
}
|
||||
|
||||
testcase TC_udp1() runs on dummy_CT {
|
||||
var flow_info flowi := flow_gen(1);
|
||||
testcase TC_udp_3way() runs on dummy_CT {
|
||||
var flow_info flowi := flow_gen(get_random_port_offset())
|
||||
var Flow ct;
|
||||
var template Flow t_flow;
|
||||
init();
|
||||
|
||||
log("First packet (ORIG): We expect to create conntrack: unreplied, 30s");
|
||||
flow_send_pkt_tun1(flowi, { direction := DIR_ORIG, payload := ''O })
|
||||
//{ meta := { direction := "original", choice := { orig_repl_group := { layer3 := { protoname := "ipv4", protonum := "2", src := "1.1.1.200", dst := "2.2.2.200" }, layer4 := { protoname := "udp", protonum := "17", sport := 1001, dport := 2001 }, zone := omit, counters := omit } } }, meta_1 := { direction := "reply", choice := { orig_repl_group := { layer3 := { protoname := "ipv4", protonum := "2", src := "2.2.2.200", dst := "1.1.1.200" }, layer4 := { protoname := "udp", protonum := "17", sport := 2001, dport := 1001 }, zone := omit, counters := omit } } }, meta_2 := { direction := "independent", choice := { indep_group := { state := omit, timeout_ := 30, mark := 0, secmark := omit, zone := omit, use := 2, id := 2741869312, assured := omit, unreplied := { }, timestamp := omit, deltatime := omit } } }, when := omit }
|
||||
t_flow := f_nfct_templ_from_flow(flowi)
|
||||
t_flow.meta_2.choice.indep_group.unreplied := {}
|
||||
t_flow.meta_2.choice.indep_group.timeout_ := ( 29 .. 30 )
|
||||
if (not get_nfct_and_match(flowi, t_flow)) {
|
||||
setverdict(fail);
|
||||
}
|
||||
t_flow := f_nfct_templ_from_flow(flowi);
|
||||
t_flow.meta_2.choice.indep_group.unreplied := {};
|
||||
tflow_set_timeout(t_flow, 30);
|
||||
get_nfct_and_match(flowi, t_flow);
|
||||
|
||||
log("Second packet (REPLY): Unreplied should go, still 30s");
|
||||
flow_send_pkt_tun2(flowi, { direction := DIR_REPLY, payload := ''O })
|
||||
//{ meta := { direction := "original", choice := { orig_repl_group := { layer3 := { protoname := "ipv4", protonum := "2", src := "1.1.1.200", dst := "2.2.2.200" }, layer4 := { protoname := "udp", protonum := "17", sport := 1001, dport := 2001 }, zone := omit, counters := omit } } }, meta_1 := { direction := "reply", choice := { orig_repl_group := { layer3 := { protoname := "ipv4", protonum := "2", src := "2.2.2.200", dst := "1.1.1.200" }, layer4 := { protoname := "udp", protonum := "17", sport := 2001, dport := 1001 }, zone := omit, counters := omit } } }, meta_2 := { direction := "independent", choice := { indep_group := { state := omit, timeout_ := 30, mark := 0, secmark := omit, zone := omit, use := 2, id := 2741869312, assured := omit, unreplied := omit, timestamp := omit, deltatime := omit } } }, when := omit }
|
||||
t_flow := f_nfct_templ_from_flow(flowi)
|
||||
t_flow.meta_2.choice.indep_group.timeout_ := ( 29 .. 30 )
|
||||
if (not get_nfct_and_match(flowi, t_flow)) {
|
||||
setverdict(fail);
|
||||
}
|
||||
t_flow := f_nfct_templ_from_flow(flowi);
|
||||
tflow_set_timeout(t_flow, 30);
|
||||
get_nfct_and_match(flowi, t_flow);
|
||||
|
||||
log("Third packet (ORIG): Assured, 180s");
|
||||
flow_send_pkt_tun1(flowi, { direction := DIR_ORIG, payload := ''O })
|
||||
t_flow := f_nfct_templ_from_flow(flowi);
|
||||
t_flow := f_nfct_templ_from_flow(flowi);
|
||||
t_flow.meta_2.choice.indep_group.assured := {};
|
||||
t_flow.meta_2.choice.indep_group.timeout_ := ( 179 .. 180 );
|
||||
if (not get_nfct_and_match(flowi, t_flow)) {
|
||||
setverdict(fail);
|
||||
tflow_set_timeout(t_flow, 180);
|
||||
get_nfct_and_match(flowi, t_flow);
|
||||
|
||||
setverdict(pass);
|
||||
}
|
||||
|
||||
testcase TC_udp_uni2() runs on dummy_CT {
|
||||
var flow_info flowi := flow_gen(get_random_port_offset());
|
||||
var template Flow t_flow;
|
||||
var integer i;
|
||||
init();
|
||||
|
||||
for (i := 1; i <= 2; i := i+1) {
|
||||
log("Packet (ORIG): We expect to create conntrack: unreplied, 30s");
|
||||
flow_send_pkt_tun1(flowi, { direction := DIR_ORIG, payload := ''O })
|
||||
t_flow := f_nfct_templ_from_flow(flowi);
|
||||
t_flow.meta_2.choice.indep_group.unreplied := {};
|
||||
tflow_set_timeout(t_flow, 30);
|
||||
get_nfct_and_match(flowi, t_flow);
|
||||
}
|
||||
|
||||
setverdict(pass)
|
||||
log("First (REPLY): Unreplied should go, still 30s");
|
||||
flow_send_pkt_tun2(flowi, { direction := DIR_REPLY, payload := ''O })
|
||||
t_flow := f_nfct_templ_from_flow(flowi);
|
||||
tflow_set_timeout(t_flow, 30);
|
||||
get_nfct_and_match(flowi, t_flow);
|
||||
|
||||
log("Second (REPLY): now 180s");
|
||||
flow_send_pkt_tun2(flowi, { direction := DIR_REPLY, payload := ''O })
|
||||
t_flow := f_nfct_templ_from_flow(flowi);
|
||||
t_flow.meta_2.choice.indep_group.assured := {};
|
||||
tflow_set_timeout(t_flow, 180);
|
||||
get_nfct_and_match(flowi, t_flow);
|
||||
|
||||
setverdict(pass);
|
||||
}
|
||||
|
||||
testcase TC_udp_shorthdr() runs on dummy_CT {
|
||||
var flow_info flowi := flow_gen(get_random_port_offset());
|
||||
var template Flow t_flow;
|
||||
init();
|
||||
|
||||
log("First packet (ORIG): We expect to create no conntrack");
|
||||
flow_send_pkt_tun1(flowi, { direction := DIR_ORIG, payload := ''O})
|
||||
t_flow := f_nfct_templ_from_flow(flowi);
|
||||
get_nfct_and_match(flowi, t_flow);
|
||||
|
||||
setverdict(pass);
|
||||
}
|
||||
|
||||
control {
|
||||
execute(TC_xml());
|
||||
//execute(TC_dummy());
|
||||
execute(TC_udp1());
|
||||
//execute(TC_xml());
|
||||
execute(TC_udp_3way());
|
||||
execute(TC_udp_uni2());
|
||||
//execute(TC_udp_shorthdr());
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue