/*
* Copyright 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ClatUtilsTest.cpp - unit tests for ClatUtils.cpp
*/
#include <gtest/gtest.h>
#include "ClatUtils.h"
#include <linux/if_arp.h>
#include <stdlib.h>
#include <sys/wait.h>
#include "bpf/BpfUtils.h"
#include "netdbpf/bpf_shared.h"
namespace android {
namespace net {
class ClatUtilsTest : public ::testing::Test {
public:
void SetUp() {}
};
TEST_F(ClatUtilsTest, HardwareAddressTypeOfNonExistingIf) {
ASSERT_EQ(-ENODEV, hardwareAddressType("not_existing_if"));
}
TEST_F(ClatUtilsTest, HardwareAddressTypeOfLoopback) {
ASSERT_EQ(ARPHRD_LOOPBACK, hardwareAddressType("lo"));
}
// If wireless 'wlan0' interface exists it should be Ethernet.
TEST_F(ClatUtilsTest, HardwareAddressTypeOfWireless) {
int type = hardwareAddressType("wlan0");
if (type == -ENODEV) return;
ASSERT_EQ(ARPHRD_ETHER, type);
}
// If cellular 'rmnet_data0' interface exists it should
// *probably* not be Ethernet and instead be RawIp.
TEST_F(ClatUtilsTest, HardwareAddressTypeOfCellular) {
int type = hardwareAddressType("rmnet_data0");
if (type == -ENODEV) return;
ASSERT_NE(ARPHRD_ETHER, type);
// ARPHRD_RAWIP is 530 on some pre-4.14 Qualcomm devices.
if (type == 530) return;
ASSERT_EQ(ARPHRD_RAWIP, type);
}
TEST_F(ClatUtilsTest, GetClatMapFd) {
SKIP_IF_BPF_NOT_SUPPORTED;
int fd = getClatIngressMapFd();
ASSERT_LE(3, fd); // 0,1,2 - stdin/out/err, thus 3 <= fd
close(fd);
}
TEST_F(ClatUtilsTest, GetClatRawIpProgFd) {
SKIP_IF_BPF_NOT_SUPPORTED;
int fd = getClatIngressProgFd(false);
ASSERT_LE(3, fd);
close(fd);
}
TEST_F(ClatUtilsTest, GetClatEtherProgFd) {
SKIP_IF_BPF_NOT_SUPPORTED;
int fd = getClatIngressProgFd(true);
ASSERT_LE(3, fd);
close(fd);
}
TEST_F(ClatUtilsTest, TryOpeningNetlinkSocket) {
int fd = openNetlinkSocket();
ASSERT_LE(3, fd);
close(fd);
}
// The SKIP_IF_BPF_NOT_SUPPORTED macro is effectively a check for 4.9+ kernel
// combined with a launched on P device. Ie. it's a test for 4.9-P or better.
// NET_SCH_INGRESS is only enabled starting with 4.9-Q and as such we need
// a separate way to test for this...
int doKernelSupportsNetSchIngress(void) {
// NOLINTNEXTLINE(cert-env33-c)
return system("zcat /proc/config.gz | egrep -q '^CONFIG_NET_SCH_INGRESS=[my]$'");
}
// NET_CLS_BPF is only enabled starting with 4.9-Q...
int doKernelSupportsNetClsBpf(void) {
// NOLINTNEXTLINE(cert-env33-c)
return system("zcat /proc/config.gz | egrep -q '^CONFIG_NET_CLS_BPF=[my]$'");
}
// Make sure the above functions actually execute correctly rather than failing
// due to missing binary or execution failure...
TEST_F(ClatUtilsTest, KernelSupportsNetFuncs) {
// Make sure the file is present and readable and decompressable.
// NOLINTNEXTLINE(cert-env33-c)
ASSERT_EQ(W_EXITCODE(0, 0), system("zcat /proc/config.gz > /dev/null"));
int v = doKernelSupportsNetSchIngress();
int w = doKernelSupportsNetClsBpf();
// They should always either return 0 (match) or 1 (no match),
// anything else is some sort of exec/environment/etc failure.
if (v != W_EXITCODE(1, 0)) ASSERT_EQ(v, W_EXITCODE(0, 0));
if (w != W_EXITCODE(1, 0)) ASSERT_EQ(w, W_EXITCODE(0, 0));
}
// True iff CONFIG_NET_SCH_INGRESS is enabled in /proc/config.gz
bool kernelSupportsNetSchIngress(void) {
return doKernelSupportsNetSchIngress() == W_EXITCODE(0, 0);
}
// True iff CONFIG_NET_CLS_BPF is enabled in /proc/config.gz
bool kernelSupportsNetClsBpf(void) {
return doKernelSupportsNetClsBpf() == W_EXITCODE(0, 0);
}
// See Linux kernel source in include/net/flow.h
#define LOOPBACK_IFINDEX 1
TEST_F(ClatUtilsTest, AttachReplaceDetachClsactLo) {
// Technically does not depend on ebpf, but does depend on clsact,
// and we do not really care if it works on pre-4.9-Q anyway.
SKIP_IF_BPF_NOT_SUPPORTED;
if (!kernelSupportsNetSchIngress()) return;
int fd = openNetlinkSocket();
ASSERT_LE(3, fd);
// This attaches and detaches a configuration-less and thus no-op clsact
// qdisc to loopback interface (and it takes fractions of a second)
EXPECT_EQ(0, tcQdiscAddDevClsact(fd, LOOPBACK_IFINDEX));
EXPECT_EQ(0, tcQdiscReplaceDevClsact(fd, LOOPBACK_IFINDEX));
EXPECT_EQ(0, tcQdiscDelDevClsact(fd, LOOPBACK_IFINDEX));
close(fd);
}
void checkAttachBpfFilterClsactLo(const bool ethernet) {
// This test requires kernel 4.9-Q or better
SKIP_IF_BPF_NOT_SUPPORTED;
if (!kernelSupportsNetSchIngress()) return;
if (!kernelSupportsNetClsBpf()) return;
int bpf_fd = getClatIngressProgFd(false);
ASSERT_LE(3, bpf_fd);
int fd = openNetlinkSocket();
EXPECT_LE(3, fd);
if (fd >= 0) {
// This attaches and detaches a clsact plus ebpf program to loopback
// interface, but it should not affect traffic by virtue of us not
// actually populating the ebpf control map.
// Furthermore: it only takes fractions of a second.
EXPECT_EQ(0, tcQdiscAddDevClsact(fd, LOOPBACK_IFINDEX));
EXPECT_EQ(0, tcFilterAddDevBpf(fd, LOOPBACK_IFINDEX, bpf_fd, ethernet));
EXPECT_EQ(0, tcQdiscDelDevClsact(fd, LOOPBACK_IFINDEX));
close(fd);
}
close(bpf_fd);
}
TEST_F(ClatUtilsTest, CheckAttachBpfFilterRawIpClsactLo) {
checkAttachBpfFilterClsactLo(false);
}
TEST_F(ClatUtilsTest, CheckAttachBpfFilterEthernetClsactLo) {
checkAttachBpfFilterClsactLo(true);
}
} // namespace net
} // namespace android