1 /*
2 * Copyright 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * BandwidthControllerTest.cpp - unit tests for BandwidthController.cpp
17 */
18
19 #include <string>
20 #include <vector>
21
22 #include <inttypes.h>
23 #include <fcntl.h>
24 #include <unistd.h>
25 #include <sys/types.h>
26 #include <sys/socket.h>
27
28 #include <gtest/gtest.h>
29
30 #include <android-base/strings.h>
31 #include <android-base/stringprintf.h>
32
33 #include "BandwidthController.h"
34 #include "IptablesBaseTest.h"
35 #include "tun_interface.h"
36
37 using android::base::StringPrintf;
38 using android::net::TunInterface;
39
40 class BandwidthControllerTest : public IptablesBaseTest {
41 public:
BandwidthControllerTest()42 BandwidthControllerTest() {
43 BandwidthController::execFunction = fake_android_fork_exec;
44 BandwidthController::popenFunction = fake_popen;
45 BandwidthController::iptablesRestoreFunction = fakeExecIptablesRestoreWithOutput;
46 }
47 BandwidthController mBw;
48 TunInterface mTun;
49
SetUp()50 void SetUp() {
51 ASSERT_EQ(0, mTun.init());
52 }
53
TearDown()54 void TearDown() {
55 mTun.destroy();
56 }
57
addIptablesRestoreOutput(std::string contents)58 void addIptablesRestoreOutput(std::string contents) {
59 sIptablesRestoreOutput.push_back(contents);
60 }
61
addIptablesRestoreOutput(std::string contents1,std::string contents2)62 void addIptablesRestoreOutput(std::string contents1, std::string contents2) {
63 sIptablesRestoreOutput.push_back(contents1);
64 sIptablesRestoreOutput.push_back(contents2);
65 }
66
clearIptablesRestoreOutput()67 void clearIptablesRestoreOutput() {
68 sIptablesRestoreOutput.clear();
69 }
70
expectSetupCommands(const std::string & expectedClean,std::string expectedAccounting)71 void expectSetupCommands(const std::string& expectedClean, std::string expectedAccounting) {
72 std::string expectedList =
73 "*filter\n"
74 "-S\n"
75 "COMMIT\n";
76
77 std::string expectedFlush =
78 "*filter\n"
79 ":bw_INPUT -\n"
80 ":bw_OUTPUT -\n"
81 ":bw_FORWARD -\n"
82 ":bw_happy_box -\n"
83 ":bw_penalty_box -\n"
84 ":bw_data_saver -\n"
85 ":bw_costly_shared -\n"
86 "COMMIT\n"
87 "*raw\n"
88 ":bw_raw_PREROUTING -\n"
89 "COMMIT\n"
90 "*mangle\n"
91 ":bw_mangle_POSTROUTING -\n"
92 "COMMIT\n";
93
94 ExpectedIptablesCommands expected = {{ V4, expectedList }};
95 if (expectedClean.size()) {
96 expected.push_back({ V4V6, expectedClean });
97 }
98 expected.push_back({ V4V6, expectedFlush });
99 if (expectedAccounting.size()) {
100 expected.push_back({ V4V6, expectedAccounting });
101 }
102
103 expectIptablesRestoreCommands(expected);
104 }
105
106 using IptOp = BandwidthController::IptOp;
107
runIptablesAlertCmd(IptOp a,const char * b,int64_t c)108 int runIptablesAlertCmd(IptOp a, const char *b, int64_t c) {
109 return mBw.runIptablesAlertCmd(a, b, c);
110 }
111
runIptablesAlertFwdCmd(IptOp a,const char * b,int64_t c)112 int runIptablesAlertFwdCmd(IptOp a, const char *b, int64_t c) {
113 return mBw.runIptablesAlertFwdCmd(a, b, c);
114 }
115 };
116
TEST_F(BandwidthControllerTest,TestSetupIptablesHooks)117 TEST_F(BandwidthControllerTest, TestSetupIptablesHooks) {
118 // Pretend some bw_costly_shared_<iface> rules already exist...
119 addIptablesRestoreOutput(
120 "-P OUTPUT ACCEPT\n"
121 "-N bw_costly_rmnet_data0\n"
122 "-N bw_costly_shared\n"
123 "-N unrelated\n"
124 "-N bw_costly_rmnet_data7\n");
125
126 // ... and expect that they be flushed and deleted.
127 std::string expectedCleanCmds =
128 "*filter\n"
129 ":bw_costly_rmnet_data0 -\n"
130 "-X bw_costly_rmnet_data0\n"
131 ":bw_costly_rmnet_data7 -\n"
132 "-X bw_costly_rmnet_data7\n"
133 "COMMIT\n";
134
135 mBw.setupIptablesHooks();
136 expectSetupCommands(expectedCleanCmds, "");
137 }
138
TEST_F(BandwidthControllerTest,TestEnableBandwidthControl)139 TEST_F(BandwidthControllerTest, TestEnableBandwidthControl) {
140 // Pretend no bw_costly_shared_<iface> rules already exist...
141 addIptablesRestoreOutput(
142 "-P OUTPUT ACCEPT\n"
143 "-N bw_costly_shared\n"
144 "-N unrelated\n");
145
146 // ... so none are flushed or deleted.
147 std::string expectedClean = "";
148
149 std::string expectedAccounting =
150 "*filter\n"
151 "-A bw_INPUT -m owner --socket-exists\n"
152 "-A bw_OUTPUT -m owner --socket-exists\n"
153 "-A bw_costly_shared --jump bw_penalty_box\n"
154 "-A bw_penalty_box --jump bw_happy_box\n"
155 "-A bw_happy_box --jump bw_data_saver\n"
156 "-A bw_data_saver -j RETURN\n"
157 "-I bw_happy_box -m owner --uid-owner 0-9999 --jump RETURN\n"
158 "COMMIT\n"
159 "*raw\n"
160 "-A bw_raw_PREROUTING -m owner --socket-exists\n"
161 "COMMIT\n"
162 "*mangle\n"
163 "-A bw_mangle_POSTROUTING -m owner --socket-exists\n"
164 "COMMIT\n";
165
166 mBw.enableBandwidthControl(false);
167 expectSetupCommands(expectedClean, expectedAccounting);
168 }
169
TEST_F(BandwidthControllerTest,TestDisableBandwidthControl)170 TEST_F(BandwidthControllerTest, TestDisableBandwidthControl) {
171 // Pretend some bw_costly_shared_<iface> rules already exist...
172 addIptablesRestoreOutput(
173 "-P OUTPUT ACCEPT\n"
174 "-N bw_costly_rmnet_data0\n"
175 "-N bw_costly_shared\n"
176 "-N unrelated\n"
177 "-N bw_costly_rmnet_data7\n");
178
179 // ... and expect that they be flushed.
180 std::string expectedCleanCmds =
181 "*filter\n"
182 ":bw_costly_rmnet_data0 -\n"
183 ":bw_costly_rmnet_data7 -\n"
184 "COMMIT\n";
185
186 mBw.disableBandwidthControl();
187 expectSetupCommands(expectedCleanCmds, "");
188 }
189
TEST_F(BandwidthControllerTest,TestEnableDataSaver)190 TEST_F(BandwidthControllerTest, TestEnableDataSaver) {
191 mBw.enableDataSaver(true);
192 std::vector<std::string> expected = {
193 "*filter\n"
194 "-R bw_data_saver 1 --jump REJECT\n"
195 "COMMIT\n"
196 };
197 expectIptablesRestoreCommands(expected);
198
199 mBw.enableDataSaver(false);
200 expected = {
201 "*filter\n"
202 "-R bw_data_saver 1 --jump RETURN\n"
203 "COMMIT\n"
204 };
205 expectIptablesRestoreCommands(expected);
206 }
207
208 std::string kIPv4TetherCounters = android::base::Join(std::vector<std::string> {
209 "Chain natctrl_tether_counters (4 references)",
210 " pkts bytes target prot opt in out source destination",
211 " 26 2373 RETURN all -- wlan0 rmnet0 0.0.0.0/0 0.0.0.0/0",
212 " 27 2002 RETURN all -- rmnet0 wlan0 0.0.0.0/0 0.0.0.0/0",
213 " 1040 107471 RETURN all -- bt-pan rmnet0 0.0.0.0/0 0.0.0.0/0",
214 " 1450 1708806 RETURN all -- rmnet0 bt-pan 0.0.0.0/0 0.0.0.0/0",
215 }, '\n');
216
217 std::string kIPv6TetherCounters = android::base::Join(std::vector<std::string> {
218 "Chain natctrl_tether_counters (2 references)",
219 " pkts bytes target prot opt in out source destination",
220 " 10000 10000000 RETURN all wlan0 rmnet0 ::/0 ::/0",
221 " 20000 20000000 RETURN all rmnet0 wlan0 ::/0 ::/0",
222 }, '\n');
223
readSocketClientResponse(int fd)224 std::string readSocketClientResponse(int fd) {
225 char buf[32768];
226 ssize_t bytesRead = read(fd, buf, sizeof(buf));
227 if (bytesRead < 0) {
228 return "";
229 }
230 for (int i = 0; i < bytesRead; i++) {
231 if (buf[i] == '\0') buf[i] = '\n';
232 }
233 return std::string(buf, bytesRead);
234 }
235
expectNoSocketClientResponse(int fd)236 void expectNoSocketClientResponse(int fd) {
237 char buf[64];
238 EXPECT_EQ(-1, read(fd, buf, sizeof(buf)));
239 }
240
TEST_F(BandwidthControllerTest,TestGetTetherStats)241 TEST_F(BandwidthControllerTest, TestGetTetherStats) {
242 int socketPair[2];
243 ASSERT_EQ(0, socketpair(AF_UNIX, SOCK_STREAM, 0, socketPair));
244 ASSERT_EQ(0, fcntl(socketPair[0], F_SETFL, O_NONBLOCK | fcntl(socketPair[0], F_GETFL)));
245 ASSERT_EQ(0, fcntl(socketPair[1], F_SETFL, O_NONBLOCK | fcntl(socketPair[1], F_GETFL)));
246 SocketClient cli(socketPair[0], false);
247
248 std::string err;
249 BandwidthController::TetherStats filter;
250
251 // If no filter is specified, both IPv4 and IPv6 counters must have at least one interface pair.
252 addIptablesRestoreOutput(kIPv4TetherCounters);
253 ASSERT_EQ(-1, mBw.getTetherStats(&cli, filter, err));
254 expectNoSocketClientResponse(socketPair[1]);
255 clearIptablesRestoreOutput();
256
257 addIptablesRestoreOutput(kIPv6TetherCounters);
258 ASSERT_EQ(-1, mBw.getTetherStats(&cli, filter, err));
259 clearIptablesRestoreOutput();
260
261 // IPv4 and IPv6 counters are properly added together.
262 addIptablesRestoreOutput(kIPv4TetherCounters, kIPv6TetherCounters);
263 filter = BandwidthController::TetherStats();
264 std::string expected =
265 "114 wlan0 rmnet0 10002373 10026 20002002 20027\n"
266 "114 bt-pan rmnet0 107471 1040 1708806 1450\n"
267 "200 Tethering stats list completed\n";
268 ASSERT_EQ(0, mBw.getTetherStats(&cli, filter, err));
269 ASSERT_EQ(expected, readSocketClientResponse(socketPair[1]));
270 expectNoSocketClientResponse(socketPair[1]);
271 clearIptablesRestoreOutput();
272
273 // Test filtering.
274 addIptablesRestoreOutput(kIPv4TetherCounters, kIPv6TetherCounters);
275 filter = BandwidthController::TetherStats("bt-pan", "rmnet0", -1, -1, -1, -1);
276 expected = "221 bt-pan rmnet0 107471 1040 1708806 1450\n";
277 ASSERT_EQ(0, mBw.getTetherStats(&cli, filter, err));
278 ASSERT_EQ(expected, readSocketClientResponse(socketPair[1]));
279 expectNoSocketClientResponse(socketPair[1]);
280 clearIptablesRestoreOutput();
281
282 addIptablesRestoreOutput(kIPv4TetherCounters, kIPv6TetherCounters);
283 filter = BandwidthController::TetherStats("wlan0", "rmnet0", -1, -1, -1, -1);
284 expected = "221 wlan0 rmnet0 10002373 10026 20002002 20027\n";
285 ASSERT_EQ(0, mBw.getTetherStats(&cli, filter, err));
286 ASSERT_EQ(expected, readSocketClientResponse(socketPair[1]));
287 clearIptablesRestoreOutput();
288
289 // Select nonexistent interfaces.
290 addIptablesRestoreOutput(kIPv4TetherCounters, kIPv6TetherCounters);
291 filter = BandwidthController::TetherStats("rmnet0", "foo0", -1, -1, -1, -1);
292 expected = "200 Tethering stats list completed\n";
293 ASSERT_EQ(0, mBw.getTetherStats(&cli, filter, err));
294 ASSERT_EQ(expected, readSocketClientResponse(socketPair[1]));
295 clearIptablesRestoreOutput();
296
297 // No stats with a filter: no error.
298 addIptablesRestoreOutput("", "");
299 ASSERT_EQ(0, mBw.getTetherStats(&cli, filter, err));
300 ASSERT_EQ("200 Tethering stats list completed\n", readSocketClientResponse(socketPair[1]));
301 clearIptablesRestoreOutput();
302
303 addIptablesRestoreOutput("foo", "foo");
304 ASSERT_EQ(0, mBw.getTetherStats(&cli, filter, err));
305 ASSERT_EQ("200 Tethering stats list completed\n", readSocketClientResponse(socketPair[1]));
306 clearIptablesRestoreOutput();
307
308 // No stats and empty filter: error.
309 filter = BandwidthController::TetherStats();
310 addIptablesRestoreOutput("", kIPv6TetherCounters);
311 ASSERT_EQ(-1, mBw.getTetherStats(&cli, filter, err));
312 expectNoSocketClientResponse(socketPair[1]);
313 clearIptablesRestoreOutput();
314
315 addIptablesRestoreOutput(kIPv4TetherCounters, "");
316 ASSERT_EQ(-1, mBw.getTetherStats(&cli, filter, err));
317 expectNoSocketClientResponse(socketPair[1]);
318 clearIptablesRestoreOutput();
319
320 // Include only one pair of interfaces and things are fine.
321 std::vector<std::string> counterLines = android::base::Split(kIPv4TetherCounters, "\n");
322 std::vector<std::string> brokenCounterLines = counterLines;
323 counterLines.resize(4);
324 std::string counters = android::base::Join(counterLines, "\n") + "\n";
325 addIptablesRestoreOutput(counters, counters);
326 expected =
327 "114 wlan0 rmnet0 4746 52 4004 54\n"
328 "200 Tethering stats list completed\n";
329 ASSERT_EQ(0, mBw.getTetherStats(&cli, filter, err));
330 ASSERT_EQ(expected, readSocketClientResponse(socketPair[1]));
331 clearIptablesRestoreOutput();
332
333 // But if interfaces aren't paired, it's always an error.
334 err = "";
335 counterLines.resize(3);
336 counters = android::base::Join(counterLines, "\n") + "\n";
337 addIptablesRestoreOutput(counters, counters);
338 ASSERT_EQ(-1, mBw.getTetherStats(&cli, filter, err));
339 expectNoSocketClientResponse(socketPair[1]);
340 clearIptablesRestoreOutput();
341
342 // Token unit test of the fact that we return the stats in the error message which the caller
343 // ignores.
344 std::string expectedError = counters;
345 EXPECT_EQ(expectedError, err);
346
347 // popen() failing is always an error.
348 addIptablesRestoreOutput(kIPv4TetherCounters);
349 ASSERT_EQ(-1, mBw.getTetherStats(&cli, filter, err));
350 expectNoSocketClientResponse(socketPair[1]);
351 clearIptablesRestoreOutput();
352 addIptablesRestoreOutput(kIPv6TetherCounters);
353 ASSERT_EQ(-1, mBw.getTetherStats(&cli, filter, err));
354 expectNoSocketClientResponse(socketPair[1]);
355 clearIptablesRestoreOutput();
356 }
357
makeInterfaceQuotaCommands(const char * iface,int ruleIndex,int64_t quota)358 const std::vector<std::string> makeInterfaceQuotaCommands(const char *iface, int ruleIndex,
359 int64_t quota) {
360 std::vector<std::string> cmds = {
361 StringPrintf("-F bw_costly_%s", iface),
362 StringPrintf("-N bw_costly_%s", iface),
363 StringPrintf("-A bw_costly_%s -j bw_penalty_box", iface),
364 StringPrintf("-D bw_INPUT -i %s --jump bw_costly_%s", iface, iface),
365 StringPrintf("-I bw_INPUT %d -i %s --jump bw_costly_%s", ruleIndex, iface, iface),
366 StringPrintf("-D bw_OUTPUT -o %s --jump bw_costly_%s", iface, iface),
367 StringPrintf("-I bw_OUTPUT %d -o %s --jump bw_costly_%s", ruleIndex, iface, iface),
368 StringPrintf("-D bw_FORWARD -o %s --jump bw_costly_%s", iface, iface),
369 StringPrintf("-A bw_FORWARD -o %s --jump bw_costly_%s", iface, iface),
370 StringPrintf("-A bw_costly_%s -m quota2 ! --quota %" PRIu64 " --name %s --jump REJECT",
371 iface, quota, iface),
372 };
373 return cmds;
374 }
375
removeInterfaceQuotaCommands(const char * iface)376 const std::vector<std::string> removeInterfaceQuotaCommands(const char *iface) {
377 std::vector<std::string> cmds = {
378 StringPrintf("-D bw_INPUT -i %s --jump bw_costly_%s", iface, iface),
379 StringPrintf("-D bw_OUTPUT -o %s --jump bw_costly_%s", iface, iface),
380 StringPrintf("-D bw_FORWARD -o %s --jump bw_costly_%s", iface, iface),
381 StringPrintf("-F bw_costly_%s", iface),
382 StringPrintf("-X bw_costly_%s", iface),
383 };
384 return cmds;
385 }
386
TEST_F(BandwidthControllerTest,TestSetInterfaceQuota)387 TEST_F(BandwidthControllerTest, TestSetInterfaceQuota) {
388 const char *iface = mTun.name().c_str();
389 std::vector<std::string> expected = makeInterfaceQuotaCommands(iface, 1, 123456);
390
391 // prepCostlyInterface assumes that exactly one of the "-F chain" and "-N chain" commands fails.
392 // So pretend that the first two commands (the IPv4 -F and the IPv6 -F) fail.
393 std::deque<int> returnValues(expected.size() * 2, 0);
394 returnValues[0] = 1;
395 returnValues[1] = 1;
396 setReturnValues(returnValues);
397
398 EXPECT_EQ(0, mBw.setInterfaceQuota(iface, 123456));
399 expectIptablesCommands(expected);
400
401 expected = removeInterfaceQuotaCommands(iface);
402 EXPECT_EQ(0, mBw.removeInterfaceQuota(iface));
403 expectIptablesCommands(expected);
404 }
405
TEST_F(BandwidthControllerTest,IptablesAlertCmd)406 TEST_F(BandwidthControllerTest, IptablesAlertCmd) {
407 std::vector<std::string> expected = {
408 "*filter\n"
409 "-I bw_INPUT -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
410 "-I bw_OUTPUT -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
411 "COMMIT\n"
412 };
413 EXPECT_EQ(0, runIptablesAlertCmd(IptOp::IptOpInsert, "MyWonderfulAlert", 123456));
414 expectIptablesRestoreCommands(expected);
415
416 expected = {
417 "*filter\n"
418 "-D bw_INPUT -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
419 "-D bw_OUTPUT -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
420 "COMMIT\n"
421 };
422 EXPECT_EQ(0, runIptablesAlertCmd(IptOp::IptOpDelete, "MyWonderfulAlert", 123456));
423 expectIptablesRestoreCommands(expected);
424 }
425
TEST_F(BandwidthControllerTest,IptablesAlertFwdCmd)426 TEST_F(BandwidthControllerTest, IptablesAlertFwdCmd) {
427 std::vector<std::string> expected = {
428 "*filter\n"
429 "-I bw_FORWARD -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
430 "COMMIT\n"
431 };
432 EXPECT_EQ(0, runIptablesAlertFwdCmd(IptOp::IptOpInsert, "MyWonderfulAlert", 123456));
433 expectIptablesRestoreCommands(expected);
434
435 expected = {
436 "*filter\n"
437 "-D bw_FORWARD -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
438 "COMMIT\n"
439 };
440 EXPECT_EQ(0, runIptablesAlertFwdCmd(IptOp::IptOpDelete, "MyWonderfulAlert", 123456));
441 expectIptablesRestoreCommands(expected);
442 }
443
TEST_F(BandwidthControllerTest,ManipulateSpecialApps)444 TEST_F(BandwidthControllerTest, ManipulateSpecialApps) {
445 std::vector<const char *> appUids = { "1000", "1001", "10012" };
446
447 std::vector<std::string> expected = {
448 "*filter\n"
449 "-I bw_happy_box -m owner --uid-owner 1000 --jump RETURN\n"
450 "-I bw_happy_box -m owner --uid-owner 1001 --jump RETURN\n"
451 "-I bw_happy_box -m owner --uid-owner 10012 --jump RETURN\n"
452 "COMMIT\n"
453 };
454 EXPECT_EQ(0, mBw.addNiceApps(appUids.size(), const_cast<char**>(&appUids[0])));
455 expectIptablesRestoreCommands(expected);
456
457 expected = {
458 "*filter\n"
459 "-D bw_penalty_box -m owner --uid-owner 1000 --jump REJECT\n"
460 "-D bw_penalty_box -m owner --uid-owner 1001 --jump REJECT\n"
461 "-D bw_penalty_box -m owner --uid-owner 10012 --jump REJECT\n"
462 "COMMIT\n"
463 };
464 EXPECT_EQ(0, mBw.removeNaughtyApps(appUids.size(), const_cast<char**>(&appUids[0])));
465 expectIptablesRestoreCommands(expected);
466 }
467