unit-tests: Accept numerical protocol/port numbers in traffic selector tests
[strongswan.git] / src / libstrongswan / tests / suites / test_traffic_selector.c
1 /*
2 * Copyright (C) 2015 Martin Willi
3 * Copyright (C) 2015 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <selectors/traffic_selector.h>
19
20
21 static void verify(const char *str, const char *alt, traffic_selector_t *ts)
22 {
23 char buf[512];
24
25 ck_assert(ts != NULL);
26 snprintf(buf, sizeof(buf), "%R", ts);
27 ts->destroy(ts);
28 if (!streq(buf, str) && !streq(buf, alt))
29 {
30 fail("%s != %s or %s", buf, str, alt);
31 }
32 }
33
34 START_TEST(test_create_from_string)
35 {
36 verify("10.1.0.0/16[tcp/http]", "10.1.0.0/16[6/80]",
37 traffic_selector_create_from_string(IPPROTO_TCP, TS_IPV4_ADDR_RANGE,
38 "10.1.0.0", 80, "10.1.255.255", 80));
39 verify("10.1.0.1..10.1.0.99[udp/1234-1235]",
40 "10.1.0.1..10.1.0.99[17/1234-1235]",
41 traffic_selector_create_from_string(IPPROTO_UDP, TS_IPV4_ADDR_RANGE,
42 "10.1.0.1", 1234, "10.1.0.99", 1235));
43 verify("fec1::/64", NULL,
44 traffic_selector_create_from_string(0, TS_IPV6_ADDR_RANGE,
45 "fec1::", 0, "fec1::ffff:ffff:ffff:ffff", 65535));
46 }
47 END_TEST
48
49 START_TEST(test_create_from_cidr)
50 {
51 verify("10.1.0.0/16", NULL,
52 traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535));
53 verify("10.1.0.1/32[udp/1234-1235]", "10.1.0.1/32[17/1234-1235]",
54 traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP,
55 1234, 1235));
56 }
57 END_TEST
58
59 START_TEST(test_create_from_bytes)
60 {
61 verify("10.1.0.0/16", NULL,
62 traffic_selector_create_from_bytes(0, TS_IPV4_ADDR_RANGE,
63 chunk_from_chars(0x0a,0x01,0x00,0x00), 0,
64 chunk_from_chars(0x0a,0x01,0xff,0xff), 65535));
65 }
66 END_TEST
67
68 START_TEST(test_create_from_subnet)
69 {
70 verify("10.1.0.0/16", NULL,
71 traffic_selector_create_from_subnet(
72 host_create_from_string("10.1.0.0", 0), 16, 0, 0, 65535));
73 }
74 END_TEST
75
76
77 START_TEST(test_subset)
78 {
79 traffic_selector_t *a, *b;
80
81 a = traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535);
82 b = traffic_selector_create_from_cidr("10.1.5.0/24", 0, 0, 65535);
83 verify("10.1.5.0/24", NULL, a->get_subset(a, b));
84 a->destroy(a);
85 b->destroy(b);
86 }
87 END_TEST
88
89 START_TEST(test_subset_port)
90 {
91 traffic_selector_t *a, *b;
92
93 a = traffic_selector_create_from_cidr("10.0.0.0/8", IPPROTO_TCP, 55, 60);
94 b = traffic_selector_create_from_cidr("10.2.7.16/30", 0, 0, 65535);
95 verify("10.2.7.16/30[tcp/55-60]", "10.2.7.16/30[6/55-60]",
96 a->get_subset(a, b));
97 a->destroy(a);
98 b->destroy(b);
99 }
100 END_TEST
101
102 START_TEST(test_subset_equal)
103 {
104 traffic_selector_t *a, *b;
105
106 a = traffic_selector_create_from_cidr("10.1.0.0/16", IPPROTO_TCP, 80, 80);
107 b = traffic_selector_create_from_cidr("10.1.0.0/16", IPPROTO_TCP, 80, 80);
108 verify("10.1.0.0/16[tcp/http]", "10.1.0.0/16[6/80]", a->get_subset(a, b));
109 a->destroy(a);
110 b->destroy(b);
111 }
112 END_TEST
113
114 START_TEST(test_subset_nonet)
115 {
116 traffic_selector_t *a, *b;
117
118 a = traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535);
119 b = traffic_selector_create_from_cidr("10.2.0.0/16", 0, 0, 65535);
120 ck_assert(a->get_subset(a, b) == NULL);
121 a->destroy(a);
122 b->destroy(b);
123 }
124 END_TEST
125
126 START_TEST(test_subset_noport)
127 {
128 traffic_selector_t *a, *b;
129
130 a = traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 9999);
131 b = traffic_selector_create_from_cidr("10.1.0.0/16", 0, 10000, 65535);
132 ck_assert(a->get_subset(a, b) == NULL);
133 a->destroy(a);
134 b->destroy(b);
135 }
136 END_TEST
137
138 START_TEST(test_subset_noproto)
139 {
140 traffic_selector_t *a, *b;
141
142 a = traffic_selector_create_from_cidr("10.1.0.0/16", IPPROTO_TCP, 0, 65535);
143 b = traffic_selector_create_from_cidr("10.1.0.0/16", IPPROTO_UDP, 0, 65535);
144 ck_assert(a->get_subset(a, b) == NULL);
145 a->destroy(a);
146 b->destroy(b);
147 }
148 END_TEST
149
150 START_TEST(test_subset_nofamily)
151 {
152 traffic_selector_t *a, *b;
153
154 a = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
155 b = traffic_selector_create_from_cidr("::/0", 0, 0, 65535);
156 ck_assert(a->get_subset(a, b) == NULL);
157 a->destroy(a);
158 b->destroy(b);
159 }
160 END_TEST
161
162 struct {
163 char *net;
164 char *host;
165 bool inc;
166 } include_tests[] = {
167 { "0.0.0.0/0", "192.168.1.2", TRUE },
168 { "::/0", "fec2::1", TRUE },
169 { "fec2::/64", "fec2::afaf", TRUE },
170 { "10.1.0.0/16", "10.1.0.1", TRUE },
171 { "10.5.6.7/32", "10.5.6.7", TRUE },
172 { "0.0.0.0/0", "fec2::1", FALSE },
173 { "::/0", "1.2.3.4", FALSE },
174 { "10.0.0.0/16", "10.1.0.0", FALSE },
175 { "fec2::/64", "fec2:0:0:1::afaf", FALSE },
176 };
177
178 START_TEST(test_includes)
179 {
180 traffic_selector_t *ts;
181 host_t *h;
182
183 ts = traffic_selector_create_from_cidr(include_tests[_i].net, 0, 0, 65535);
184 h = host_create_from_string(include_tests[_i].host, 0);
185 ck_assert(ts->includes(ts, h) == include_tests[_i].inc);
186 ts->destroy(ts);
187 h->destroy(h);
188 }
189 END_TEST
190
191 struct {
192 int res;
193 struct {
194 char *net;
195 u_int8_t proto;
196 u_int16_t from_port;
197 u_int16_t to_port;
198 } a, b;
199 } cmp_tests[] = {
200 { 0, { "10.0.0.0/8", 0, 0, 65535 }, { "10.0.0.0/8", 0, 0, 65535 }, },
201 { 0, { "10.0.0.0/8", 17, 123, 456 }, { "10.0.0.0/8", 17, 123, 456 }, },
202 { 0, { "fec2::/64", 0, 0, 65535 }, { "fec2::/64", 0, 0, 65535 }, },
203 { 0, { "fec2::/64", 4, 0, 65535 }, { "fec2::/64", 4, 0, 65535 }, },
204
205 { -1, { "1.0.0.0/8", 0, 0, 65535 }, { "2.0.0.0/8", 0, 0, 65535 }, },
206 { 1, { "2.0.0.0/8", 0, 0, 65535 }, { "1.0.0.0/8", 0, 0, 65535 }, },
207 { -1, { "1.0.0.0/8", 0, 0, 65535 }, { "1.0.0.0/16", 0, 0, 65535 }, },
208 { 1, { "1.0.0.0/16", 0, 0, 65535 }, { "1.0.0.0/8", 0, 0, 65535 }, },
209
210 { -1, { "10.0.0.0/8", 0, 0, 65535 }, { "fec2::/64", 0, 0, 65535 }, },
211 { 1, { "fec2::/64", 0, 0, 65535 }, { "10.0.0.0/8", 0, 0, 65535 }, },
212
213 { -1, { "10.0.0.0/8", 16, 123, 456 }, { "10.0.0.0/8", 17, 123, 456 }, },
214 { 1, { "fec2::/64", 5, 0, 65535 }, { "fec2::/64", 4, 0, 65535 }, },
215
216 { -1, { "10.0.0.0/8", 17, 111, 456 }, { "10.0.0.0/8", 17, 222, 456 }, },
217 { 1, { "fec2::/64", 17, 555, 65535 }, { "fec2::/64", 17, 444, 65535 },},
218
219 { -1, { "10.0.0.0/8", 17, 55, 65535 }, { "10.0.0.0/8", 17, 55, 666 }, },
220 { 1, { "fec2::/64", 17, 55, 111 }, { "fec2::/64", 17, 55, 4567 }, },
221
222 };
223
224 START_TEST(test_cmp)
225 {
226 traffic_selector_t *a, *b;
227
228 a = traffic_selector_create_from_cidr(
229 cmp_tests[_i].a.net, cmp_tests[_i].a.proto,
230 cmp_tests[_i].a.from_port, cmp_tests[_i].a.to_port);
231 b = traffic_selector_create_from_cidr(
232 cmp_tests[_i].b.net, cmp_tests[_i].b.proto,
233 cmp_tests[_i].b.from_port, cmp_tests[_i].b.to_port);
234 switch (cmp_tests[_i].res)
235 {
236 case 0:
237 ck_assert(traffic_selector_cmp(a, b, NULL) == 0);
238 break;
239 case 1:
240 ck_assert(traffic_selector_cmp(a, b, NULL) > 0);
241 break;
242 case -1:
243 ck_assert(traffic_selector_cmp(a, b, NULL) < 0);
244 break;
245 }
246 a->destroy(a);
247 b->destroy(b);
248 }
249 END_TEST
250
251 Suite *traffic_selector_suite_create()
252 {
253 Suite *s;
254 TCase *tc;
255
256 s = suite_create("traffic selector");
257
258 tc = tcase_create("create");
259 tcase_add_test(tc, test_create_from_string);
260 tcase_add_test(tc, test_create_from_cidr);
261 tcase_add_test(tc, test_create_from_bytes);
262 tcase_add_test(tc, test_create_from_subnet);
263 suite_add_tcase(s, tc);
264
265 tc = tcase_create("subset");
266 tcase_add_test(tc, test_subset);
267 tcase_add_test(tc, test_subset_port);
268 tcase_add_test(tc, test_subset_equal);
269 tcase_add_test(tc, test_subset_nonet);
270 tcase_add_test(tc, test_subset_noport);
271 tcase_add_test(tc, test_subset_noproto);
272 tcase_add_test(tc, test_subset_nofamily);
273 suite_add_tcase(s, tc);
274
275 tc = tcase_create("includes");
276 tcase_add_loop_test(tc, test_includes, 0, countof(include_tests));
277 suite_add_tcase(s, tc);
278
279 tc = tcase_create("cmp");
280 tcase_add_loop_test(tc, test_cmp, 0, countof(cmp_tests));
281 suite_add_tcase(s, tc);
282
283 return s;
284 }