bb44bf5a00db68ce5440b6ae4789990fd3151f65
[strongswan.git] / src / libstrongswan / tests / suites / test_traffic_selector.c
1 /*
2 * Copyright (C) 2015 Martin Willi
3 * Copyright (C) 2015 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <selectors/traffic_selector.h>
19
20
21 static void verify(const char *str, traffic_selector_t *ts)
22 {
23 char buf[512];
24
25 ck_assert(ts != NULL);
26 snprintf(buf, sizeof(buf), "%R", ts);
27 ts->destroy(ts);
28 ck_assert_str_eq(buf, str);
29 }
30
31 START_TEST(test_create_from_string)
32 {
33 verify("10.1.0.0/16[tcp/http]",
34 traffic_selector_create_from_string(IPPROTO_TCP, TS_IPV4_ADDR_RANGE,
35 "10.1.0.0", 80, "10.1.255.255", 80));
36 verify("10.1.0.1..10.1.0.99[udp/1234-1235]",
37 traffic_selector_create_from_string(IPPROTO_UDP, TS_IPV4_ADDR_RANGE,
38 "10.1.0.1", 1234, "10.1.0.99", 1235));
39 verify("fec1::/64",
40 traffic_selector_create_from_string(0, TS_IPV6_ADDR_RANGE,
41 "fec1::", 0, "fec1::ffff:ffff:ffff:ffff", 65535));
42 }
43 END_TEST
44
45 START_TEST(test_create_from_cidr)
46 {
47 verify("10.1.0.0/16",
48 traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535));
49 verify("10.1.0.1/32[udp/1234-1235]",
50 traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP,
51 1234, 1235));
52 }
53 END_TEST
54
55 START_TEST(test_create_from_bytes)
56 {
57 verify("10.1.0.0/16",
58 traffic_selector_create_from_bytes(0, TS_IPV4_ADDR_RANGE,
59 chunk_from_chars(0x0a,0x01,0x00,0x00), 0,
60 chunk_from_chars(0x0a,0x01,0xff,0xff), 65535));
61 }
62 END_TEST
63
64 START_TEST(test_create_from_subnet)
65 {
66 verify("10.1.0.0/16",
67 traffic_selector_create_from_subnet(
68 host_create_from_string("10.1.0.0", 0), 16, 0, 0, 65535));
69 }
70 END_TEST
71
72
73 START_TEST(test_subset)
74 {
75 traffic_selector_t *a, *b;
76
77 a = traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535);
78 b = traffic_selector_create_from_cidr("10.1.5.0/24", 0, 0, 65535);
79 verify("10.1.5.0/24", a->get_subset(a, b));
80 a->destroy(a);
81 b->destroy(b);
82 }
83 END_TEST
84
85 START_TEST(test_subset_port)
86 {
87 traffic_selector_t *a, *b;
88
89 a = traffic_selector_create_from_cidr("10.0.0.0/8", IPPROTO_TCP, 55, 60);
90 b = traffic_selector_create_from_cidr("10.2.7.16/30", 0, 0, 65535);
91 verify("10.2.7.16/30[tcp/55-60]", a->get_subset(a, b));
92 a->destroy(a);
93 b->destroy(b);
94 }
95 END_TEST
96
97 START_TEST(test_subset_equal)
98 {
99 traffic_selector_t *a, *b;
100
101 a = traffic_selector_create_from_cidr("10.1.0.0/16", IPPROTO_TCP, 80, 80);
102 b = traffic_selector_create_from_cidr("10.1.0.0/16", IPPROTO_TCP, 80, 80);
103 verify("10.1.0.0/16[tcp/http]", a->get_subset(a, b));
104 a->destroy(a);
105 b->destroy(b);
106 }
107 END_TEST
108
109 START_TEST(test_subset_nonet)
110 {
111 traffic_selector_t *a, *b;
112
113 a = traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535);
114 b = traffic_selector_create_from_cidr("10.2.0.0/16", 0, 0, 65535);
115 ck_assert(a->get_subset(a, b) == NULL);
116 a->destroy(a);
117 b->destroy(b);
118 }
119 END_TEST
120
121 START_TEST(test_subset_noport)
122 {
123 traffic_selector_t *a, *b;
124
125 a = traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 9999);
126 b = traffic_selector_create_from_cidr("10.1.0.0/16", 0, 10000, 65535);
127 ck_assert(a->get_subset(a, b) == NULL);
128 a->destroy(a);
129 b->destroy(b);
130 }
131 END_TEST
132
133 START_TEST(test_subset_noproto)
134 {
135 traffic_selector_t *a, *b;
136
137 a = traffic_selector_create_from_cidr("10.1.0.0/16", IPPROTO_TCP, 0, 65535);
138 b = traffic_selector_create_from_cidr("10.1.0.0/16", IPPROTO_UDP, 0, 65535);
139 ck_assert(a->get_subset(a, b) == NULL);
140 a->destroy(a);
141 b->destroy(b);
142 }
143 END_TEST
144
145 START_TEST(test_subset_nofamily)
146 {
147 traffic_selector_t *a, *b;
148
149 a = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
150 b = traffic_selector_create_from_cidr("::/0", 0, 0, 65535);
151 ck_assert(a->get_subset(a, b) == NULL);
152 a->destroy(a);
153 b->destroy(b);
154 }
155 END_TEST
156
157 struct {
158 char *net;
159 char *host;
160 bool inc;
161 } include_tests[] = {
162 { "0.0.0.0/0", "192.168.1.2", TRUE },
163 { "::/0", "fec2::1", TRUE },
164 { "fec2::/64", "fec2::afaf", TRUE },
165 { "10.1.0.0/16", "10.1.0.1", TRUE },
166 { "10.5.6.7/32", "10.5.6.7", TRUE },
167 { "0.0.0.0/0", "fec2::1", FALSE },
168 { "::/0", "1.2.3.4", FALSE },
169 { "10.0.0.0/16", "10.1.0.0", FALSE },
170 { "fec2::/64", "fec2:0:0:1::afaf", FALSE },
171 };
172
173 START_TEST(test_includes)
174 {
175 traffic_selector_t *ts;
176 host_t *h;
177
178 ts = traffic_selector_create_from_cidr(include_tests[_i].net, 0, 0, 65535);
179 h = host_create_from_string(include_tests[_i].host, 0);
180 ck_assert(ts->includes(ts, h) == include_tests[_i].inc);
181 ts->destroy(ts);
182 h->destroy(h);
183 }
184 END_TEST
185
186 struct {
187 int res;
188 struct {
189 char *net;
190 u_int8_t proto;
191 u_int16_t from_port;
192 u_int16_t to_port;
193 } a, b;
194 } cmp_tests[] = {
195 { 0, { "10.0.0.0/8", 0, 0, 65535 }, { "10.0.0.0/8", 0, 0, 65535 }, },
196 { 0, { "10.0.0.0/8", 17, 123, 456 }, { "10.0.0.0/8", 17, 123, 456 }, },
197 { 0, { "fec2::/64", 0, 0, 65535 }, { "fec2::/64", 0, 0, 65535 }, },
198 { 0, { "fec2::/64", 4, 0, 65535 }, { "fec2::/64", 4, 0, 65535 }, },
199
200 { -1, { "1.0.0.0/8", 0, 0, 65535 }, { "2.0.0.0/8", 0, 0, 65535 }, },
201 { 1, { "2.0.0.0/8", 0, 0, 65535 }, { "1.0.0.0/8", 0, 0, 65535 }, },
202 { -1, { "1.0.0.0/8", 0, 0, 65535 }, { "1.0.0.0/16", 0, 0, 65535 }, },
203 { 1, { "1.0.0.0/16", 0, 0, 65535 }, { "1.0.0.0/8", 0, 0, 65535 }, },
204
205 { -1, { "10.0.0.0/8", 0, 0, 65535 }, { "fec2::/64", 0, 0, 65535 }, },
206 { 1, { "fec2::/64", 0, 0, 65535 }, { "10.0.0.0/8", 0, 0, 65535 }, },
207
208 { -1, { "10.0.0.0/8", 16, 123, 456 }, { "10.0.0.0/8", 17, 123, 456 }, },
209 { 1, { "fec2::/64", 5, 0, 65535 }, { "fec2::/64", 4, 0, 65535 }, },
210
211 { -1, { "10.0.0.0/8", 17, 111, 456 }, { "10.0.0.0/8", 17, 222, 456 }, },
212 { 1, { "fec2::/64", 17, 555, 65535 }, { "fec2::/64", 17, 444, 65535 },},
213
214 { -1, { "10.0.0.0/8", 17, 55, 65535 }, { "10.0.0.0/8", 17, 55, 666 }, },
215 { 1, { "fec2::/64", 17, 55, 111 }, { "fec2::/64", 17, 55, 4567 }, },
216
217 };
218
219 START_TEST(test_cmp)
220 {
221 traffic_selector_t *a, *b;
222
223 a = traffic_selector_create_from_cidr(
224 cmp_tests[_i].a.net, cmp_tests[_i].a.proto,
225 cmp_tests[_i].a.from_port, cmp_tests[_i].a.to_port);
226 b = traffic_selector_create_from_cidr(
227 cmp_tests[_i].b.net, cmp_tests[_i].b.proto,
228 cmp_tests[_i].b.from_port, cmp_tests[_i].b.to_port);
229 switch (cmp_tests[_i].res)
230 {
231 case 0:
232 ck_assert(traffic_selector_cmp(a, b, NULL) == 0);
233 break;
234 case 1:
235 ck_assert(traffic_selector_cmp(a, b, NULL) > 0);
236 break;
237 case -1:
238 ck_assert(traffic_selector_cmp(a, b, NULL) < 0);
239 break;
240 }
241 a->destroy(a);
242 b->destroy(b);
243 }
244 END_TEST
245
246 Suite *traffic_selector_suite_create()
247 {
248 Suite *s;
249 TCase *tc;
250
251 s = suite_create("traffic selector");
252
253 tc = tcase_create("create");
254 tcase_add_test(tc, test_create_from_string);
255 tcase_add_test(tc, test_create_from_cidr);
256 tcase_add_test(tc, test_create_from_bytes);
257 tcase_add_test(tc, test_create_from_subnet);
258 suite_add_tcase(s, tc);
259
260 tc = tcase_create("subset");
261 tcase_add_test(tc, test_subset);
262 tcase_add_test(tc, test_subset_port);
263 tcase_add_test(tc, test_subset_equal);
264 tcase_add_test(tc, test_subset_nonet);
265 tcase_add_test(tc, test_subset_noport);
266 tcase_add_test(tc, test_subset_noproto);
267 tcase_add_test(tc, test_subset_nofamily);
268 suite_add_tcase(s, tc);
269
270 tc = tcase_create("includes");
271 tcase_add_loop_test(tc, test_includes, 0, countof(include_tests));
272 suite_add_tcase(s, tc);
273
274 tc = tcase_create("cmp");
275 tcase_add_loop_test(tc, test_cmp, 0, countof(cmp_tests));
276 suite_add_tcase(s, tc);
277
278 return s;
279 }