github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/enforcer/nfqdatapath/nflog/nflog_test.go (about) 1 // +build linux 2 3 package nflog 4 5 import ( 6 "errors" 7 "strconv" 8 "testing" 9 "time" 10 11 . "github.com/smartystreets/goconvey/convey" 12 "go.aporeto.io/enforcerd/trireme-lib/common" 13 "go.aporeto.io/enforcerd/trireme-lib/controller/internal/enforcer/utils/packetgen" 14 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/counters" 15 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/packet" 16 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/pucontext" 17 "go.aporeto.io/enforcerd/trireme-lib/policy" 18 "go.aporeto.io/netlink-go/nflog" 19 ) 20 21 func TestRecordDroppedPacket(t *testing.T) { 22 Convey("I report a dropped packet", t, func() { 23 puID := "SomeProcessingUnitId" 24 puInfo := policy.NewPUInfo(puID, "/ns", common.ContainerPU) 25 26 pu, err := pucontext.NewPU("contextID", puInfo, nil, 5*time.Second) 27 So(err, ShouldBeNil) 28 29 Convey("I report a packet with length less than 64 bytes", func() { 30 // packetbuf := make([]byte, 40) 31 PacketFlow := packetgen.NewTemplateFlow() 32 33 _, err := PacketFlow.GenerateTCPFlow(packetgen.PacketFlowTypeGoodFlowTemplate) 34 So(err, ShouldBeNil) 35 pkt := PacketFlow.GetNthPacket(0) 36 payloadBuf, _ := pkt.ToBytes() 37 nfPacket := &nflog.NfPacket{ 38 Payload: payloadBuf, 39 } 40 ipPacket, err := packet.New(packet.PacketTypeNetwork, nfPacket.Payload, "", false) 41 So(err, ShouldBeNil) 42 nfPacket.Protocol = ipPacket.IPProto() 43 report, err := recordDroppedPacket(nfPacket.Payload, nfPacket.Protocol, nfPacket.SrcIP, nfPacket.DstIP, nfPacket.SrcPort, nfPacket.DstPort, pu, true) 44 So(report.TriremePacket, ShouldBeFalse) 45 So(err, ShouldBeNil) 46 So(len(report.Payload), ShouldEqual, len(nfPacket.Payload)) 47 48 }) 49 Convey("I report a packet with length greater than 64 bytes", func() { 50 PacketFlow := packetgen.NewTemplateFlow() 51 _, err := PacketFlow.GenerateTCPFlow(packetgen.PacketFlowTypeGoodFlowTemplate) 52 So(err, ShouldBeNil) 53 pkt := PacketFlow.GetAckPackets().GetNthPacket(1) 54 err = pkt.NewTCPPayload("abcdedghijklmnopqrstuvwxyz") 55 So(err, ShouldBeNil) 56 payloadBuf, err := pkt.ToBytes() 57 So(err, ShouldBeNil) 58 nfPacket := &nflog.NfPacket{ 59 Payload: payloadBuf, 60 } 61 62 ipPacket, err := packet.New(packet.PacketTypeNetwork, nfPacket.Payload, "", false) 63 nfPacket.Protocol = ipPacket.IPProto() 64 nfPacket.SrcIP = ipPacket.SourceAddress() 65 nfPacket.DstIP = ipPacket.DestinationAddress() 66 So(err, ShouldBeNil) 67 report, err := recordDroppedPacket(nfPacket.Payload, nfPacket.Protocol, nfPacket.SrcIP, nfPacket.DstIP, nfPacket.SrcPort, nfPacket.DstPort, pu, true) 68 So(err, ShouldBeNil) 69 So(report.TriremePacket, ShouldBeFalse) 70 So(report.Protocol, ShouldEqual, int(packet.IPProtocolTCP)) 71 So(len(report.Payload), ShouldEqual, 64) 72 id, _ := strconv.Atoi(ipPacket.ID()) 73 So(report.PacketID, ShouldEqual, id) 74 So(report.SourceIP, ShouldEqual, ipPacket.SourceAddress().String()) 75 So(report.DestinationIP, ShouldEqual, ipPacket.DestinationAddress().String()) 76 77 So(report.Payload, ShouldResemble, payloadBuf[:64]) 78 }) 79 80 }) 81 } 82 83 func dummyPUContext(string) (*pucontext.PUContext, error) { 84 return nil, errors.New("Unknown Context") 85 } 86 func TestRecordFromNFLogBuffer(t *testing.T) { 87 // puID := "SomeProcessingUnitId" 88 // puInfo := policy.NewPUInfo(puID, "/ns", common.ContainerPU) 89 // pu, err := pucontext.NewPU("contextID", puInfo, 5*time.Second) 90 // So(err, ShouldBeNil) 91 nflogger := NewNFLogger(10, 11, nil, nil) 92 Convey("I get a nfpacket from nflog library", t, func() { 93 Convey("If Packet does not contain valid format prefix", func() { 94 PacketFlow := packetgen.NewTemplateFlow() 95 96 _, err := PacketFlow.GenerateTCPFlow(packetgen.PacketFlowTypeGoodFlowTemplate) 97 So(err, ShouldBeNil) 98 pkt := PacketFlow.GetNthPacket(0) 99 payloadBuf, _ := pkt.ToBytes() 100 nfPacket := &nflog.NfPacket{ 101 Payload: payloadBuf, 102 } 103 nfPacket.Prefix = "p1:p2" 104 flowreport, packetreport, err := nflogger.(*nfLog).recordFromNFLogBuffer(nfPacket, false) 105 So(flowreport, ShouldBeNil) 106 So(packetreport, ShouldBeNil) 107 So(err, ShouldNotBeNil) 108 }) 109 Convey("nfPacket with hashID that is not for a valid PU", func() { 110 111 nflogger.(*nfLog).getPUContext = dummyPUContext 112 PacketFlow := packetgen.NewTemplateFlow() 113 114 _, err := PacketFlow.GenerateTCPFlow(packetgen.PacketFlowTypeGoodFlowTemplate) 115 So(err, ShouldBeNil) 116 pkt := PacketFlow.GetNthPacket(0) 117 payloadBuf, _ := pkt.ToBytes() 118 nfPacket := &nflog.NfPacket{ 119 Payload: payloadBuf, 120 } 121 nfPacket.Prefix = "p1:p2:p4:p5" 122 flowreport, packetreport, err := nflogger.(*nfLog).recordFromNFLogBuffer(nfPacket, false) 123 So(flowreport, ShouldBeNil) 124 So(packetreport, ShouldBeNil) 125 So(err, ShouldNotBeNil) 126 127 }) 128 129 }) 130 } 131 132 func Test_RecordCounters(t *testing.T) { 133 Convey("I report a dropped packet", t, func() { 134 puID := "SomeProcessingUnitId" 135 puInfo := policy.NewPUInfo(puID, "/ns", common.ContainerPU) 136 pu, err := pucontext.NewPU("contextID", puInfo, nil, 5*time.Second) 137 So(err, ShouldBeNil) 138 139 Convey("I call record counters", func() { 140 recordCounters(6, 80, 2333, pu, true) 141 So(pu.Counters().GetErrorCounters()[counters.ErrDroppedTCPPackets], ShouldEqual, 1) 142 143 recordCounters(17, 80, 2333, pu, true) 144 c := pu.Counters().GetErrorCounters() 145 So(c[counters.ErrDroppedUDPPackets], ShouldEqual, 1) 146 recordCounters(17, 53, 2333, pu, true) 147 c = pu.Counters().GetErrorCounters() 148 So(c[counters.ErrDroppedUDPPackets], ShouldEqual, 1) 149 So(c[counters.ErrDroppedDNSPackets], ShouldEqual, 1) 150 recordCounters(17, 67, 2333, pu, true) 151 c = pu.Counters().GetErrorCounters() 152 So(c[counters.ErrDroppedUDPPackets], ShouldEqual, 1) 153 So(c[counters.ErrDroppedDHCPPackets], ShouldEqual, 1) 154 recordCounters(17, 68, 2333, pu, true) 155 c = pu.Counters().GetErrorCounters() 156 So(c[counters.ErrDroppedUDPPackets], ShouldEqual, 1) 157 So(c[counters.ErrDroppedDHCPPackets], ShouldEqual, 1) 158 recordCounters(17, 123, 2333, pu, true) 159 c = pu.Counters().GetErrorCounters() 160 So(c[counters.ErrDroppedUDPPackets], ShouldEqual, 1) 161 So(c[counters.ErrDroppedNTPPackets], ShouldEqual, 1) 162 163 recordCounters(17, 2333, 53, pu, false) 164 c = pu.Counters().GetErrorCounters() 165 So(c[counters.ErrDroppedUDPPackets], ShouldEqual, 1) 166 So(c[counters.ErrDroppedDNSPackets], ShouldEqual, 1) 167 recordCounters(17, 2333, 67, pu, false) 168 recordCounters(17, 2333, 67, pu, false) 169 c = pu.Counters().GetErrorCounters() 170 So(c[counters.ErrDroppedUDPPackets], ShouldEqual, 2) 171 So(c[counters.ErrDroppedDHCPPackets], ShouldEqual, 2) 172 recordCounters(17, 2333, 68, pu, false) 173 c = pu.Counters().GetErrorCounters() 174 So(c[counters.ErrDroppedUDPPackets], ShouldEqual, 1) 175 So(c[counters.ErrDroppedDHCPPackets], ShouldEqual, 1) 176 recordCounters(17, 2333, 123, pu, false) 177 c = pu.Counters().GetErrorCounters() 178 So(c[counters.ErrDroppedUDPPackets], ShouldEqual, 1) 179 So(c[counters.ErrDroppedNTPPackets], ShouldEqual, 1) 180 181 recordCounters(1, 80, 2333, pu, true) 182 So(pu.Counters().GetErrorCounters()[counters.ErrDroppedICMPPackets], ShouldEqual, 1) 183 }) 184 }) 185 }