1 // Copyright (C) 2022 The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "libclat/clatutils.h"
16
17 #include <android-base/stringprintf.h>
18 #include <arpa/inet.h>
19 #include <gtest/gtest.h>
20 #include <linux/if_packet.h>
21 #include <linux/if_tun.h>
22 #include "tun_interface.h"
23
24 extern "C" {
25 #include "checksum.h"
26 }
27
28 // Default translation parameters.
29 static const char kIPv4LocalAddr[] = "192.0.0.4";
30
31 namespace android {
32 namespace net {
33 namespace clat {
34
35 using android::net::TunInterface;
36 using base::StringPrintf;
37
38 class ClatUtils : public ::testing::Test {};
39
40 // Mock functions for isIpv4AddressFree.
neverFree(in_addr_t)41 bool neverFree(in_addr_t /* addr */) {
42 return 0;
43 }
alwaysFree(in_addr_t)44 bool alwaysFree(in_addr_t /* addr */) {
45 return 1;
46 }
only2Free(in_addr_t addr)47 bool only2Free(in_addr_t addr) {
48 return (ntohl(addr) & 0xff) == 2;
49 }
over6Free(in_addr_t addr)50 bool over6Free(in_addr_t addr) {
51 return (ntohl(addr) & 0xff) >= 6;
52 }
only10Free(in_addr_t addr)53 bool only10Free(in_addr_t addr) {
54 return (ntohl(addr) & 0xff) == 10;
55 }
56
57 // Apply mocked isIpv4AddressFree function for selectIpv4Address test.
selectIpv4Address(const in_addr ip,int16_t prefixlen,isIpv4AddrFreeFn fn)58 in_addr_t selectIpv4Address(const in_addr ip, int16_t prefixlen,
59 isIpv4AddrFreeFn fn /* mocked function */) {
60 // Call internal function to replace isIpv4AddressFreeFn for testing.
61 return selectIpv4AddressInternal(ip, prefixlen, fn);
62 }
63
TEST_F(ClatUtils,SelectIpv4Address)64 TEST_F(ClatUtils, SelectIpv4Address) {
65 struct in_addr addr;
66
67 inet_pton(AF_INET, kIPv4LocalAddr, &addr);
68
69 // If no addresses are free, return INADDR_NONE.
70 EXPECT_EQ(INADDR_NONE, selectIpv4Address(addr, 29, neverFree));
71 EXPECT_EQ(INADDR_NONE, selectIpv4Address(addr, 16, neverFree));
72
73 // If the configured address is free, pick that. But a prefix that's too big is invalid.
74 EXPECT_EQ(inet_addr(kIPv4LocalAddr), selectIpv4Address(addr, 29, alwaysFree));
75 EXPECT_EQ(inet_addr(kIPv4LocalAddr), selectIpv4Address(addr, 20, alwaysFree));
76 EXPECT_EQ(INADDR_NONE, selectIpv4Address(addr, 15, alwaysFree));
77
78 // A prefix length of 32 works, but anything above it is invalid.
79 EXPECT_EQ(inet_addr(kIPv4LocalAddr), selectIpv4Address(addr, 32, alwaysFree));
80 EXPECT_EQ(INADDR_NONE, selectIpv4Address(addr, 33, alwaysFree));
81
82 // If another address is free, pick it.
83 EXPECT_EQ(inet_addr("192.0.0.6"), selectIpv4Address(addr, 29, over6Free));
84
85 // Check that we wrap around to addresses that are lower than the first address.
86 EXPECT_EQ(inet_addr("192.0.0.2"), selectIpv4Address(addr, 29, only2Free));
87 EXPECT_EQ(INADDR_NONE, selectIpv4Address(addr, 30, only2Free));
88
89 // If a free address exists outside the prefix, we don't pick it.
90 EXPECT_EQ(INADDR_NONE, selectIpv4Address(addr, 29, only10Free));
91 EXPECT_EQ(inet_addr("192.0.0.10"), selectIpv4Address(addr, 24, only10Free));
92
93 // Now try using the real function which sees if IP addresses are free using bind().
94 // Assume that the machine running the test has the address 127.0.0.1, but not 8.8.8.8.
95 addr.s_addr = inet_addr("8.8.8.8");
96 EXPECT_EQ(inet_addr("8.8.8.8"), selectIpv4Address(addr, 29));
97
98 addr.s_addr = inet_addr("127.0.0.1");
99 EXPECT_EQ(inet_addr("127.0.0.2"), selectIpv4Address(addr, 29));
100 }
101
TEST_F(ClatUtils,MakeChecksumNeutral)102 TEST_F(ClatUtils, MakeChecksumNeutral) {
103 // We can't test generateIPv6Address here since it requires manipulating routing, which we can't
104 // do without talking to the real netd on the system.
105 uint32_t rand = arc4random_uniform(0xffffffff);
106 uint16_t rand1 = rand & 0xffff;
107 uint16_t rand2 = (rand >> 16) & 0xffff;
108 std::string v6PrefixStr = StringPrintf("2001:db8:%x:%x", rand1, rand2);
109 std::string v6InterfaceAddrStr = StringPrintf("%s::%x:%x", v6PrefixStr.c_str(), rand2, rand1);
110 std::string nat64PrefixStr = StringPrintf("2001:db8:%x:%x::", rand2, rand1);
111
112 in_addr v4 = {inet_addr(kIPv4LocalAddr)};
113 in6_addr v6InterfaceAddr;
114 ASSERT_TRUE(inet_pton(AF_INET6, v6InterfaceAddrStr.c_str(), &v6InterfaceAddr));
115 in6_addr nat64Prefix;
116 ASSERT_TRUE(inet_pton(AF_INET6, nat64PrefixStr.c_str(), &nat64Prefix));
117
118 // Generate a boatload of random IIDs.
119 int onebits = 0;
120 uint64_t prev_iid = 0;
121 for (int i = 0; i < 100000; i++) {
122 in6_addr v6 = v6InterfaceAddr;
123 makeChecksumNeutral(&v6, v4, nat64Prefix);
124
125 // Check the generated IP address is in the same prefix as the interface IPv6 address.
126 EXPECT_EQ(0, memcmp(&v6, &v6InterfaceAddr, 8));
127
128 // Check that consecutive IIDs are not the same.
129 uint64_t iid = *(uint64_t*)(&v6.s6_addr[8]);
130 ASSERT_TRUE(iid != prev_iid)
131 << "Two consecutive random IIDs are the same: " << std::showbase << std::hex << iid
132 << "\n";
133 prev_iid = iid;
134
135 // Check that the IID is checksum-neutral with the NAT64 prefix and the
136 // local prefix.
137 uint16_t c1 = ip_checksum_finish(ip_checksum_add(0, &v4, sizeof(v4)));
138 uint16_t c2 = ip_checksum_finish(ip_checksum_add(0, &nat64Prefix, sizeof(nat64Prefix)) +
139 ip_checksum_add(0, &v6, sizeof(v6)));
140
141 if (c1 != c2) {
142 char v6Str[INET6_ADDRSTRLEN];
143 inet_ntop(AF_INET6, &v6, v6Str, sizeof(v6Str));
144 FAIL() << "Bad IID: " << v6Str << " not checksum-neutral with " << kIPv4LocalAddr
145 << " and " << nat64PrefixStr.c_str() << std::showbase << std::hex
146 << "\n IPv4 checksum: " << c1 << "\n IPv6 checksum: " << c2 << "\n";
147 }
148
149 // Check that IIDs are roughly random and use all the bits by counting the
150 // total number of bits set to 1 in a random sample of 100000 generated IIDs.
151 onebits += __builtin_popcountll(*(uint64_t*)&iid);
152 }
153 EXPECT_LE(3190000, onebits);
154 EXPECT_GE(3210000, onebits);
155 }
156
TEST_F(ClatUtils,DetectMtu)157 TEST_F(ClatUtils, DetectMtu) {
158 // ::1 with bottom 32 bits set to 1 is still ::1 which routes via lo with mtu of 64KiB
159 ASSERT_EQ(detect_mtu(&in6addr_loopback, htonl(1), 0 /*MARK_UNSET*/), 65536);
160 }
161
TEST_F(ClatUtils,ConfigurePacketSocket)162 TEST_F(ClatUtils, ConfigurePacketSocket) {
163 // Create an interface for configure_packet_socket to attach socket filter to.
164 TunInterface v6Iface;
165 ASSERT_EQ(0, v6Iface.init());
166
167 int s = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_IPV6));
168 EXPECT_LE(0, s);
169 struct in6_addr addr6;
170 EXPECT_EQ(1, inet_pton(AF_INET6, "2001:db8::f00", &addr6));
171 EXPECT_EQ(0, configure_packet_socket(s, &addr6, v6Iface.ifindex()));
172
173 // Check that the packet socket is bound to the interface. We can't check the socket filter
174 // because there is no way to fetch it from the kernel.
175 sockaddr_ll sll;
176 socklen_t len = sizeof(sll);
177 ASSERT_EQ(0, getsockname(s, reinterpret_cast<sockaddr*>(&sll), &len));
178 EXPECT_EQ(htons(ETH_P_IPV6), sll.sll_protocol);
179 EXPECT_EQ(sll.sll_ifindex, v6Iface.ifindex());
180
181 close(s);
182 v6Iface.destroy();
183 }
184
185 } // namespace clat
186 } // namespace net
187 } // namespace android
188