Module Name: src
Committed By: riz
Date: Sun Nov 18 21:48:56 UTC 2012
Modified Files:
src/sys/net/npf [netbsd-6]: npf_alg_icmp.c npf_session.c
src/usr.sbin/npf/npftest [netbsd-6]: npfstream.c npftest.c
src/usr.sbin/npf/npftest/libnpftest [netbsd-6]: npf_nbuf_test.c
npf_processor_test.c npf_rule_test.c npf_state_test.c
npf_table_test.c
Log Message:
Pull up following revision(s) (requested by rmind in ticket #679):
sys/net/npf/npf_session.c: revision 1.18
usr.sbin/npf/npftest/npftest.c: revision 1.6
usr.sbin/npf/npftest/npftest.c: revision 1.7
usr.sbin/npf/npftest/npftest.c: revision 1.8
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.2
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.3
usr.sbin/npf/npftest/libnpftest/npf_table_test.c: revision 1.5
sys/net/npf/npf_alg_icmp.c: revision 1.13
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.2
usr.sbin/npf/npftest/npfstream.c: revision 1.4
usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.3
npftest:
- Do not stop running other tests, if some tests fail.
- Fix some endianness bugs in the test cases.
Tested on sparc64 by martin@, all tests pass.
Add two new command line options to help integration into ATF:
-L lists the available test cases, -T executes a single named test.
Fix printf format
Mark npf_session_worker as __dead.
More __dead
npf_icmp_uniqid: split into npf_icmp_uniqid4() and npf_icmp_uniqid6() parts.
To generate a diff of this commit:
cvs rdiff -u -r1.8.4.4 -r1.8.4.5 src/sys/net/npf/npf_alg_icmp.c
cvs rdiff -u -r1.10.4.6 -r1.10.4.7 src/sys/net/npf/npf_session.c
cvs rdiff -u -r1.1.2.4 -r1.1.2.5 src/usr.sbin/npf/npftest/npfstream.c
cvs rdiff -u -r1.3.2.4 -r1.3.2.5 src/usr.sbin/npf/npftest/npftest.c
cvs rdiff -u -r1.1.4.2 -r1.1.4.3 \
src/usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c
cvs rdiff -u -r1.1.4.3 -r1.1.4.4 \
src/usr.sbin/npf/npftest/libnpftest/npf_processor_test.c
cvs rdiff -u -r1.1.2.2 -r1.1.2.3 \
src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
cvs rdiff -u -r1.1.2.3 -r1.1.2.4 \
src/usr.sbin/npf/npftest/libnpftest/npf_state_test.c
cvs rdiff -u -r1.2.2.5 -r1.2.2.6 \
src/usr.sbin/npf/npftest/libnpftest/npf_table_test.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_alg_icmp.c
diff -u src/sys/net/npf/npf_alg_icmp.c:1.8.4.4 src/sys/net/npf/npf_alg_icmp.c:1.8.4.5
--- src/sys/net/npf/npf_alg_icmp.c:1.8.4.4 Thu Sep 13 22:33:05 2012
+++ src/sys/net/npf/npf_alg_icmp.c Sun Nov 18 21:48:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg_icmp.c,v 1.8.4.4 2012/09/13 22:33:05 riz Exp $ */
+/* $NetBSD: npf_alg_icmp.c,v 1.8.4.5 2012/11/18 21:48:56 riz Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.8.4.4 2012/09/13 22:33:05 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.8.4.5 2012/11/18 21:48:56 riz Exp $");
#include <sys/param.h>
#include <sys/module.h>
@@ -151,109 +151,110 @@ npfa_icmp_match(npf_cache_t *npc, nbuf_t
}
/*
- * npf_icmp_uniqid: retrieve unique identifiers - either ICMP query ID
+ * npf_icmp{4,6}_uniqid: retrieve unique identifiers - either ICMP query ID
* or TCP/UDP ports of the original packet, which is embedded.
*/
+
static bool
-npf_icmp_uniqid(const int npcinf, const int type,
- npf_cache_t *npc, nbuf_t *nbuf, void *n_ptr)
+npf_icmp4_uniqid(const int type, npf_cache_t *npc, nbuf_t *nbuf, void *n_ptr)
{
- struct icmp *ic;
- struct icmp6_hdr *ic6;
- u_int offby;
+ struct icmp *ic;
+ u_int offby;
- if (npcinf & NPC_IP4) {
- /* Per RFC 792. */
- switch (type) {
- case ICMP_UNREACH:
- case ICMP_SOURCEQUENCH:
- case ICMP_REDIRECT:
- case ICMP_TIMXCEED:
- case ICMP_PARAMPROB:
- /* Should contain original IP header. */
- offby = offsetof(struct icmp, icmp_ip);
- if ((n_ptr = nbuf_advance(&nbuf, n_ptr, offby)) == NULL) {
- return false;
- }
- /* Fetch into the cache. */
- if (!npf_fetch_ip(npc, nbuf, n_ptr)) {
- return false;
- }
- switch (npf_cache_ipproto(npc)) {
- case IPPROTO_TCP:
- return npf_fetch_tcp(npc, nbuf, n_ptr);
- case IPPROTO_UDP:
- return npf_fetch_udp(npc, nbuf, n_ptr);
- default:
- return false;
- }
- return true;
-
- case ICMP_ECHOREPLY:
- case ICMP_ECHO:
- case ICMP_TSTAMP:
- case ICMP_TSTAMPREPLY:
- case ICMP_IREQ:
- case ICMP_IREQREPLY:
- /* Should contain ICMP query ID. */
- ic = &npc->npc_l4.icmp;
- offby = offsetof(struct icmp, icmp_id);
- if (nbuf_advfetch(&nbuf, &n_ptr, offby,
- sizeof(uint16_t), &ic->icmp_id)) {
- return false;
- }
- npc->npc_info |= NPC_ICMP_ID;
- return true;
+ /* Per RFC 792. */
+ switch (type) {
+ case ICMP_UNREACH:
+ case ICMP_SOURCEQUENCH:
+ case ICMP_REDIRECT:
+ case ICMP_TIMXCEED:
+ case ICMP_PARAMPROB:
+ /* Should contain original IP header. */
+ offby = offsetof(struct icmp, icmp_ip);
+ if ((n_ptr = nbuf_advance(&nbuf, n_ptr, offby)) == NULL) {
+ return false;
+ }
+ /* Fetch into the cache. */
+ if (!npf_fetch_ip(npc, nbuf, n_ptr)) {
+ return false;
+ }
+ switch (npf_cache_ipproto(npc)) {
+ case IPPROTO_TCP:
+ return npf_fetch_tcp(npc, nbuf, n_ptr);
+ case IPPROTO_UDP:
+ return npf_fetch_udp(npc, nbuf, n_ptr);
default:
- break;
+ return false;
}
- /* No unique IDs. */
- return false;
+ return true;
+
+ case ICMP_ECHOREPLY:
+ case ICMP_ECHO:
+ case ICMP_TSTAMP:
+ case ICMP_TSTAMPREPLY:
+ case ICMP_IREQ:
+ case ICMP_IREQREPLY:
+ /* Should contain ICMP query ID. */
+ ic = &npc->npc_l4.icmp;
+ offby = offsetof(struct icmp, icmp_id);
+ if (nbuf_advfetch(&nbuf, &n_ptr, offby,
+ sizeof(uint16_t), &ic->icmp_id)) {
+ return false;
+ }
+ npc->npc_info |= NPC_ICMP_ID;
+ return true;
+ default:
+ break;
}
- if (npcinf & NPC_IP6) {
- switch (type) {
- /* Per RFC 4443. */
- case ICMP6_DST_UNREACH:
- case ICMP6_PACKET_TOO_BIG:
- case ICMP6_TIME_EXCEEDED:
- case ICMP6_PARAM_PROB:
- /* Should contain original IP header. */
- offby = sizeof(struct icmp6_hdr);
- if ((n_ptr = nbuf_advance(&nbuf, n_ptr, offby)) == NULL) {
- return false;
- }
- /* Fetch into the cache. */
- if (!npf_fetch_ip(npc, nbuf, n_ptr)) {
- return false;
- }
- switch (npf_cache_ipproto(npc)) {
- case IPPROTO_TCP:
- return npf_fetch_tcp(npc, nbuf, n_ptr);
- case IPPROTO_UDP:
- return npf_fetch_udp(npc, nbuf, n_ptr);
- default:
- return false;
- }
- return true;
-
- case ICMP6_ECHO_REQUEST:
- case ICMP6_ECHO_REPLY:
- /* Should contain ICMP query ID. */
- ic6 = &npc->npc_l4.icmp6;
- offby = offsetof(struct icmp6_hdr, icmp6_id);
- if (nbuf_advfetch(&nbuf, &n_ptr, offby,
- sizeof(uint16_t), &ic6->icmp6_id)) {
- return false;
- }
- npc->npc_info |= NPC_ICMP_ID;
- return true;
+ /* No unique IDs. */
+ return false;
+}
+
+static bool
+npf_icmp6_uniqid(const int type, npf_cache_t *npc, nbuf_t *nbuf, void *n_ptr)
+{
+ struct icmp6_hdr *ic6;
+ u_int offby;
+
+ /* Per RFC 4443. */
+ switch (type) {
+ case ICMP6_DST_UNREACH:
+ case ICMP6_PACKET_TOO_BIG:
+ case ICMP6_TIME_EXCEEDED:
+ case ICMP6_PARAM_PROB:
+ /* Should contain original IP header. */
+ offby = sizeof(struct icmp6_hdr);
+ if ((n_ptr = nbuf_advance(&nbuf, n_ptr, offby)) == NULL) {
+ return false;
+ }
+ /* Fetch into the cache. */
+ if (!npf_fetch_ip(npc, nbuf, n_ptr)) {
+ return false;
+ }
+ switch (npf_cache_ipproto(npc)) {
+ case IPPROTO_TCP:
+ return npf_fetch_tcp(npc, nbuf, n_ptr);
+ case IPPROTO_UDP:
+ return npf_fetch_udp(npc, nbuf, n_ptr);
default:
- break;
+ return false;
}
- /* No unique IDs. */
- return false;
+ return true;
+
+ case ICMP6_ECHO_REQUEST:
+ case ICMP6_ECHO_REPLY:
+ /* Should contain ICMP query ID. */
+ ic6 = &npc->npc_l4.icmp6;
+ offby = offsetof(struct icmp6_hdr, icmp6_id);
+ if (nbuf_advfetch(&nbuf, &n_ptr, offby,
+ sizeof(uint16_t), &ic6->icmp6_id)) {
+ return false;
+ }
+ npc->npc_info |= NPC_ICMP_ID;
+ return true;
+ default:
+ break;
}
- /* Whatever protocol that may have been ... */
+ /* No unique IDs. */
return false;
}
@@ -287,6 +288,8 @@ static bool
npfa_icmp_session(npf_cache_t *npc, nbuf_t *nbuf, void *keyptr)
{
npf_cache_t *key = keyptr;
+ bool ret;
+
KASSERT(key->npc_info == 0);
/* IP + ICMP? Get unique identifiers from ICMP packet. */
@@ -306,10 +309,22 @@ npfa_icmp_session(npf_cache_t *npc, nbuf
return false;
}
- /* Fetch relevant data into the separate ("key") cache. */
+ /*
+ * Fetch relevant data into the separate ("key") cache.
+ */
struct icmp *ic = &npc->npc_l4.icmp;
- if (!npf_icmp_uniqid(npc->npc_info & NPC_IP46, ic->icmp_type,
- key, nbuf, n_ptr)) {
+
+ if (npf_iscached(npc, NPC_IP4)) {
+ ret = npf_icmp4_uniqid(ic->icmp_type, key, nbuf, n_ptr);
+ } else if (npf_iscached(npc, NPC_IP6)) {
+ KASSERT(offsetof(struct icmp, icmp_id) ==
+ offsetof(struct icmp6_hdr, icmp6_id));
+ ret = npf_icmp6_uniqid(ic->icmp_type, key, nbuf, n_ptr);
+ } else {
+ ret = false;
+ }
+
+ if (!ret) {
return false;
}
Index: src/sys/net/npf/npf_session.c
diff -u src/sys/net/npf/npf_session.c:1.10.4.6 src/sys/net/npf/npf_session.c:1.10.4.7
--- src/sys/net/npf/npf_session.c:1.10.4.6 Mon Aug 13 17:49:52 2012
+++ src/sys/net/npf/npf_session.c Sun Nov 18 21:48:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_session.c,v 1.10.4.6 2012/08/13 17:49:52 riz Exp $ */
+/* $NetBSD: npf_session.c,v 1.10.4.7 2012/11/18 21:48:56 riz Exp $ */
/*-
* Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -80,7 +80,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_session.c,v 1.10.4.6 2012/08/13 17:49:52 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_session.c,v 1.10.4.7 2012/11/18 21:48:56 riz Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -194,7 +194,7 @@ static lwp_t * sess_gc_lwp;
static void sess_tracking_stop(void);
static void npf_session_destroy(npf_session_t *);
-static void npf_session_worker(void *);
+static void npf_session_worker(void *) __dead;
/*
* npf_session_sys{init,fini}: initialise/destroy session handling structures.
Index: src/usr.sbin/npf/npftest/npfstream.c
diff -u src/usr.sbin/npf/npftest/npfstream.c:1.1.2.4 src/usr.sbin/npf/npftest/npfstream.c:1.1.2.5
--- src/usr.sbin/npf/npftest/npfstream.c:1.1.2.4 Mon Aug 13 17:49:52 2012
+++ src/usr.sbin/npf/npftest/npfstream.c Sun Nov 18 21:48:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npfstream.c,v 1.1.2.4 2012/08/13 17:49:52 riz Exp $ */
+/* $NetBSD: npfstream.c,v 1.1.2.5 2012/11/18 21:48:56 riz Exp $ */
/*
* NPF stream processor.
@@ -73,7 +73,7 @@ process_tcpip(const void *data, size_t l
len = ntohs(ip->ip_len);
error = rumpns_npf_test_handlepkt(ip, len, idx, forw, result);
- fprintf(fp, "%s%2x %5d %3d %11u %11u %11u %11u %12lx",
+ fprintf(fp, "%s%2x %5d %3d %11u %11u %11u %11u %12" PRIxPTR,
forw ? ">" : "<", (th->th_flags & (TH_SYN | TH_ACK | TH_FIN)),
packetno, error, (u_int)seq, (u_int)ntohl(th->th_ack),
tcpdlen, ntohs(th->th_win), (uintptr_t)result[0]);
Index: src/usr.sbin/npf/npftest/npftest.c
diff -u src/usr.sbin/npf/npftest/npftest.c:1.3.2.4 src/usr.sbin/npf/npftest/npftest.c:1.3.2.5
--- src/usr.sbin/npf/npftest/npftest.c:1.3.2.4 Sun Nov 18 21:45:08 2012
+++ src/usr.sbin/npf/npftest/npftest.c Sun Nov 18 21:48:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npftest.c,v 1.3.2.4 2012/11/18 21:45:08 riz Exp $ */
+/* $NetBSD: npftest.c,v 1.3.2.5 2012/11/18 21:48:56 riz Exp $ */
/*
* NPF testing framework.
@@ -26,23 +26,41 @@
static bool verbose, quiet;
-static void
+__dead static void
usage(void)
{
- printf("usage: %s: [ -q | -v ] [ -c <config> ] "
- "[ -i <interface> ] < -b | -t | -s file >\n"
+ printf("usage:\n"
+ " %s [ -q | -v ] [ -c <config> ] "
+ "[ -i <interface> ] < -b | -t | -s file >\n"
+ " %s -T <testname> -c <config>\n"
+ " %s -L\n"
+ "where:\n"
"\t-b: benchmark\n"
"\t-t: regression test\n"
+ "\t-T <testname>: specific test\n"
"\t-s <file>: pcap stream\n"
"\t-c <config>: NPF configuration file\n"
"\t-i <interface>: primary interface\n"
+ "\t-L: list testnames and description for -T\n"
"\t-q: quiet mode\n"
"\t-v: verbose mode\n",
- getprogname());
+ getprogname(), getprogname(), getprogname());
exit(EXIT_FAILURE);
}
-static void
+__dead static void
+describe_tests(void)
+{
+ printf( "nbuf\tbasic npf mbuf handling\n"
+ "processor\tncode processing\n"
+ "table\ttable handling\n"
+ "state\tstate handling and processing\n"
+ "rule\trule processing\n"
+ "nat\tNAT rule processing\n");
+ exit(EXIT_SUCCESS);
+}
+
+static bool
result(const char *testcase, bool ok)
{
if (!quiet) {
@@ -51,9 +69,7 @@ result(const char *testcase, bool ok)
if (verbose) {
puts("-----");
}
- if (!ok) {
- exit(EXIT_FAILURE);
- }
+ return !ok;
}
static void
@@ -121,13 +137,15 @@ arc4random(void)
int
main(int argc, char **argv)
{
- bool benchmark, test, ok;
- char *config, *interface, *stream;
+ bool benchmark, test, ok, fail, tname_matched;
+ char *config, *interface, *stream, *testname;
int idx = -1, ch;
benchmark = false;
test = false;
+ tname_matched = false;
+ testname = NULL;
config = NULL;
interface = NULL;
stream = NULL;
@@ -135,7 +153,7 @@ main(int argc, char **argv)
verbose = false;
quiet = false;
- while ((ch = getopt(argc, argv, "bqvc:i:s:t")) != -1) {
+ while ((ch = getopt(argc, argv, "bqvc:i:s:tT:L")) != -1) {
switch (ch) {
case 'b':
benchmark = true;
@@ -158,6 +176,12 @@ main(int argc, char **argv)
case 't':
test = true;
break;
+ case 'T':
+ test = true;
+ testname = optarg;
+ break;
+ case 'L':
+ describe_tests();
default:
usage();
}
@@ -188,27 +212,46 @@ main(int argc, char **argv)
}
srandom(1);
+ fail = false;
if (test) {
- ok = rumpns_npf_nbuf_test(verbose);
- result("nbuf", ok);
+ if (!testname || strcmp("nbuf", testname) == 0) {
+ ok = rumpns_npf_nbuf_test(verbose);
+ fail |= result("nbuf", ok);
+ tname_matched = true;
+ }
- ok = rumpns_npf_processor_test(verbose);
- result("processor", ok);
+ if (!testname || strcmp("processor", testname) == 0) {
+ ok = rumpns_npf_processor_test(verbose);
+ fail |= result("processor", ok);
+ tname_matched = true;
+ }
- ok = rumpns_npf_table_test(verbose);
- result("table", ok);
+ if (!testname || strcmp("table", testname) == 0) {
+ ok = rumpns_npf_table_test(verbose);
+ fail |= result("table", ok);
+ tname_matched = true;
+ }
- ok = rumpns_npf_state_test(verbose);
- result("state", ok);
+ if (!testname || strcmp("state", testname) == 0) {
+ ok = rumpns_npf_state_test(verbose);
+ fail |= result("state", ok);
+ tname_matched = true;
+ }
}
if (test && config) {
- ok = rumpns_npf_rule_test(verbose);
- result("rule", ok);
+ if (!testname || strcmp("rule", testname) == 0) {
+ ok = rumpns_npf_rule_test(verbose);
+ fail |= result("rule", ok);
+ tname_matched = true;
+ }
- ok = rumpns_npf_nat_test(verbose);
- result("nat", ok);
+ if (!testname || strcmp("nat", testname) == 0) {
+ ok = rumpns_npf_nat_test(verbose);
+ fail |= result("nat", ok);
+ tname_matched = true;
+ }
}
if (stream) {
@@ -217,5 +260,8 @@ main(int argc, char **argv)
rump_unschedule();
- return EXIT_SUCCESS;
+ if (testname && !tname_matched)
+ errx(EXIT_FAILURE, "test \"%s\" unknown", testname);
+
+ return fail ? EXIT_FAILURE : EXIT_SUCCESS;
}
Index: src/usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c:1.1.4.2 src/usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c:1.1.4.3
--- src/usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c:1.1.4.2 Tue Jun 26 00:07:18 2012
+++ src/usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c Sun Nov 18 21:48:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_nbuf_test.c,v 1.1.4.2 2012/06/26 00:07:18 riz Exp $ */
+/* $NetBSD: npf_nbuf_test.c,v 1.1.4.3 2012/11/18 21:48:56 riz Exp $ */
/*
* NPF nbuf interface test.
@@ -157,20 +157,17 @@ npf_nbuf_test(bool verbose)
{
struct mbuf *m1, *m2;
char *bufa, *bufb;
+ bool fail = false;
m1 = mbuf_random_len(MBUF_CHAIN_LEN);
bufa = mbuf_getstring(m1);
bufb = parse_nbuf_chain(m1, m1->m_data);
- if (!validate_mbuf_data(m1, verbose, bufa, bufb)) {
- return false;
- }
+ fail |= !validate_mbuf_data(m1, verbose, bufa, bufb);
m2 = mbuf_bytesize(MBUF_CHAIN_LEN);
bufa = mbuf_getstring(m2);
bufb = parse_nbuf_chain(m2, m2->m_data);
- if (!validate_mbuf_data(m2, verbose, bufa, bufb)) {
- return false;
- }
+ fail |= !validate_mbuf_data(m2, verbose, bufa, bufb);
- return true;
+ return !fail;
}
Index: src/usr.sbin/npf/npftest/libnpftest/npf_processor_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_processor_test.c:1.1.4.3 src/usr.sbin/npf/npftest/libnpftest/npf_processor_test.c:1.1.4.4
--- src/usr.sbin/npf/npftest/libnpftest/npf_processor_test.c:1.1.4.3 Thu Jul 5 17:48:43 2012
+++ src/usr.sbin/npf/npftest/libnpftest/npf_processor_test.c Sun Nov 18 21:48:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_processor_test.c,v 1.1.4.3 2012/07/05 17:48:43 riz Exp $ */
+/* $NetBSD: npf_processor_test.c,v 1.1.4.4 2012/11/18 21:48:56 riz Exp $ */
/*
* NPF n-code processor test.
@@ -7,87 +7,77 @@
*/
#include <sys/types.h>
+#include <sys/endian.h>
#include "npf_impl.h"
#include "npf_ncode.h"
#include "npf_test.h"
-/*
- * In network byte order:
- * 192.168.2.0 == 0x0002a8c0
- * 192.168.2.1 == 0x0102a8c0
- * 192.168.2.100 == 0x6402a8c0
- * fe80:: == 0x000080fe
- * 0x00000000
- * 0x00000000
- * 0x00000000
- * fe80::2a0:c0ff:fe10:1234 == 0x000080fe
- * 0x00000000
- * 0xffc0a002
- * 0x341210fe
- * htons(ETHERTYPE_IP) == 0x08
- * (htons(80) << 16) | htons(80) == 0x50005000
- * (htons(80) << 16) | htons(15000) == 0x5000983a
- */
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define IP4(a, b, c, d) ((a << 0) | (b << 8) | (c << 16) | (d << 24))
+#elif BYTE_ORDER == BIG_ENDIAN
+#define IP4(a, b, c, d) ((a << 24) | (b << 16) | (c << 8) | (d << 0))
+#endif
+
+#define PORTS(a, b) ((htons(a) << 16) | htons(b))
-static uint32_t nc_match[ ] __aligned(4) = {
+static const uint32_t nc_match[] = {
NPF_OPCODE_CMP, NPF_LAYER_3, 0,
NPF_OPCODE_BEQ, 0x0c,
- NPF_OPCODE_ETHER, 0x00, 0x00, 0x08,
+ NPF_OPCODE_ETHER, 0x00, 0x00, htons(ETHERTYPE_IP),
NPF_OPCODE_BEQ, 0x04,
NPF_OPCODE_RET, 0xff,
NPF_OPCODE_ADVR, 3,
- NPF_OPCODE_IP4MASK, 0x01, 0x0002a8c0, 24,
+ NPF_OPCODE_IP4MASK, 0x01, IP4(192,168,2,0), 24,
NPF_OPCODE_BEQ, 0x04,
NPF_OPCODE_RET, 0xff,
- NPF_OPCODE_TCP_PORTS, 0x00, 0x50005000,
+ NPF_OPCODE_TCP_PORTS, 0x00, PORTS(80, 80),
NPF_OPCODE_BEQ, 0x04,
NPF_OPCODE_RET, 0xff,
NPF_OPCODE_RET, 0x00
};
-static uint32_t nc_nmatch[ ] __aligned(4) = {
+static const uint32_t nc_nmatch[] = {
NPF_OPCODE_CMP, NPF_LAYER_3, 0,
NPF_OPCODE_BEQ, 0x0c,
- NPF_OPCODE_ETHER, 0x00, 0x00, 0x08,
+ NPF_OPCODE_ETHER, 0x00, 0x00, htons(ETHERTYPE_IP),
NPF_OPCODE_BEQ, 0x04,
NPF_OPCODE_RET, 0xff,
NPF_OPCODE_ADVR, 3,
- NPF_OPCODE_IP4MASK, 0x01, 0x0102a8c0, 32,
+ NPF_OPCODE_IP4MASK, 0x01, IP4(192,168,2,1), 32,
NPF_OPCODE_BEQ, 0x04,
NPF_OPCODE_RET, 0xff,
NPF_OPCODE_RET, 0x00
};
-static uint32_t nc_rmatch[ ] __aligned(4) = {
+static const uint32_t nc_rmatch[] = {
NPF_OPCODE_MOVE, offsetof(struct ip, ip_src), 1,
NPF_OPCODE_ADVR, 1,
NPF_OPCODE_LW, sizeof(in_addr_t), 0,
- NPF_OPCODE_CMP, 0x6402a8c0, 0,
+ NPF_OPCODE_CMP, IP4(192,168,2,100), 0,
NPF_OPCODE_BEQ, 0x04,
NPF_OPCODE_RET, 0xff,
NPF_OPCODE_MOVE, sizeof(struct ip) - offsetof(struct ip, ip_src)
+ offsetof(struct tcphdr, th_sport), 1,
NPF_OPCODE_ADVR, 1,
NPF_OPCODE_LW, 2 * sizeof(in_port_t), 0,
- NPF_OPCODE_CMP, 0x5000983a, 0,
+ NPF_OPCODE_CMP, htonl((15000 << 16) | 80), 0,
NPF_OPCODE_BEQ, 0x04,
NPF_OPCODE_RET, 0xff,
NPF_OPCODE_RET, 0x01
};
-static uint32_t nc_inval[ ] __aligned(4) = {
+static const uint32_t nc_inval[] = {
NPF_OPCODE_BEQ, 0x05,
NPF_OPCODE_RET, 0xff,
NPF_OPCODE_RET, 0x01
};
-static uint32_t nc_match6[ ] __aligned(4) = {
- NPF_OPCODE_IP6MASK, 0x01,
- 0x000080fe, 0x00000000, 0x00000000, 0x00000000, 10,
+static const uint32_t nc_match6[] = {
+ NPF_OPCODE_IP6MASK, 0x01, htonl(0xfe80 << 16), 0x0, 0x0, 0x0, 10,
NPF_OPCODE_BEQ, 0x04,
NPF_OPCODE_RET, 0xff,
- NPF_OPCODE_TCP_PORTS, 0x00, 0x50005000,
+ NPF_OPCODE_TCP_PORTS, 0x00, PORTS(80, 80),
NPF_OPCODE_BEQ, 0x04,
NPF_OPCODE_RET, 0xff,
NPF_OPCODE_RET, 0x00
@@ -116,8 +106,14 @@ fill_packet(int proto, bool ether)
static struct mbuf *
fill_packet6(int proto)
{
- uint32_t src[] = { 0x000080fe, 0x00000000, 0xffc0a002, 0x341210fe };
- uint32_t dst[] = { 0x000080fe, 0x00000000, 0xffc0a002, 0x111110fe };
+ uint16_t src[] = {
+ htons(0xfe80), 0x0, 0x0, 0x0,
+ htons(0x2a0), htons(0xc0ff), htons(0xfe10), htons(0x1234)
+ };
+ uint16_t dst[] = {
+ htons(0xfe80), 0x0, 0x0, 0x0,
+ htons(0x2a0), htons(0xc0ff), htons(0xfe10), htons(0x1111)
+ };
struct mbuf *m;
struct ip6_hdr *ip;
struct tcphdr *th;
@@ -134,15 +130,15 @@ fill_packet6(int proto)
}
static bool
-validate_retcode(const char *msg, bool verbose, int ret, int expected)
+retcode_fail_p(const char *msg, bool verbose, int ret, int expected)
{
- bool ok = (ret == expected);
+ bool fail = (ret != expected);
if (verbose) {
printf("%-25s\t%-4d == %4d\t-> %s\n",
- msg, ret, expected, ok ? "ok" : "fail");
+ msg, ret, expected, fail ? "fail" : "ok");
}
- return ok;
+ return fail;
}
bool
@@ -151,71 +147,54 @@ npf_processor_test(bool verbose)
npf_cache_t npc;
struct mbuf *m;
int errat, ret;
+ bool fail = false;
/* Layer 2 (Ethernet + IP + TCP). */
m = fill_packet(IPPROTO_TCP, true);
ret = npf_ncode_validate(nc_match, sizeof(nc_match), &errat);
- if (!validate_retcode("Ether validation", verbose, ret, 0)) {
- return false;
- }
+ fail |= retcode_fail_p("Ether validation", verbose, ret, 0);
+
memset(&npc, 0, sizeof(npf_cache_t));
ret = npf_ncode_process(&npc, nc_match, m, NPF_LAYER_2);
- if (!validate_retcode("Ether", verbose, ret, 0)) {
- return false;
- }
+ fail |= retcode_fail_p("Ether", verbose, ret, 0);
m_freem(m);
/* Layer 3 (IP + TCP). */
m = fill_packet(IPPROTO_TCP, false);
memset(&npc, 0, sizeof(npf_cache_t));
ret = npf_ncode_process(&npc, nc_match, m, NPF_LAYER_3);
- if (!validate_retcode("IPv4 mask 1", verbose, ret, 0)) {
- return false;
- }
+ fail |= retcode_fail_p("IPv4 mask 1", verbose, ret, 0);
/* Non-matching IPv4 case. */
ret = npf_ncode_validate(nc_nmatch, sizeof(nc_nmatch), &errat);
- if (!validate_retcode("IPv4 mask 2 validation", verbose, ret, 0)) {
- return false;
- }
+ fail |= retcode_fail_p("IPv4 mask 2 validation", verbose, ret, 0);
+
memset(&npc, 0, sizeof(npf_cache_t));
ret = npf_ncode_process(&npc, nc_nmatch, m, NPF_LAYER_3);
- if (!validate_retcode("IPv4 mask 2", verbose, ret, 255)) {
- return false;
- }
+ fail |= retcode_fail_p("IPv4 mask 2", verbose, ret, 255);
/* Invalid n-code case. */
ret = npf_ncode_validate(nc_inval, sizeof(nc_inval), &errat);
- if (!validate_retcode("Invalid n-code", verbose, ret, NPF_ERR_JUMP)) {
- return false;
- }
+ fail |= retcode_fail_p("Invalid n-code", verbose, ret, NPF_ERR_JUMP);
/* RISC-like insns. */
ret = npf_ncode_validate(nc_rmatch, sizeof(nc_rmatch), &errat);
- if (!validate_retcode("RISC-like n-code validation", verbose, ret, 0)) {
- return false;
- }
+ fail |= retcode_fail_p("RISC-like n-code validation", verbose, ret, 0);
+
memset(&npc, 0, sizeof(npf_cache_t));
ret = npf_ncode_process(&npc, nc_rmatch, m, NPF_LAYER_3);
- if (!validate_retcode("RISC-like n-code", verbose, ret, 1)) {
- return false;
- }
-
+ fail |= retcode_fail_p("RISC-like n-code", verbose, ret, 1);
m_freem(m);
/* IPv6 matching. */
ret = npf_ncode_validate(nc_match6, sizeof(nc_match6), &errat);
- if (!validate_retcode("IPv6 mask validation", verbose, ret, 0)) {
- return false;
- }
+ fail |= retcode_fail_p("IPv6 mask validation", verbose, ret, 0);
+
m = fill_packet6(IPPROTO_TCP);
memset(&npc, 0, sizeof(npf_cache_t));
ret = npf_ncode_process(&npc, nc_match6, m, NPF_LAYER_3);
- if (!validate_retcode("IPv6 mask", verbose, ret, 0)) {
- return false;
- }
-
+ fail |= retcode_fail_p("IPv6 mask", verbose, ret, 0);
m_freem(m);
- return true;
+ return !fail;
}
Index: src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.1.2.2 src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.1.2.3
--- src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.1.2.2 Mon Aug 13 17:49:53 2012
+++ src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c Sun Nov 18 21:48:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_rule_test.c,v 1.1.2.2 2012/08/13 17:49:53 riz Exp $ */
+/* $NetBSD: npf_rule_test.c,v 1.1.2.3 2012/11/18 21:48:56 riz Exp $ */
/*
* NPF ruleset test.
@@ -99,10 +99,11 @@ npf_rule_raw_test(bool verbose, struct m
bool
npf_rule_test(bool verbose)
{
+ bool fail = false;
+
for (unsigned i = 0; i < __arraycount(test_cases); i++) {
const struct test_case *t = &test_cases[i];
ifnet_t *ifp = ifunit(t->ifname);
- struct mbuf *m = fill_packet(t);
int serror, error;
if (ifp == NULL) {
@@ -110,6 +111,7 @@ npf_rule_test(bool verbose)
return false;
}
+ struct mbuf *m = fill_packet(t);
error = npf_rule_raw_test(verbose, m, ifp, t->di);
serror = npf_packet_handler(NULL, &m, ifp, t->di);
@@ -122,9 +124,7 @@ npf_rule_test(bool verbose)
"-> returned %d and %d.\n",
i + 1, t->stateful_ret, t->ret, serror, error);
}
- if (serror != t->stateful_ret || error != t->ret) {
- return false;
- }
+ fail |= (serror != t->stateful_ret || error != t->ret);
}
- return true;
+ return !fail;
}
Index: src/usr.sbin/npf/npftest/libnpftest/npf_state_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_state_test.c:1.1.2.3 src/usr.sbin/npf/npftest/libnpftest/npf_state_test.c:1.1.2.4
--- src/usr.sbin/npf/npftest/libnpftest/npf_state_test.c:1.1.2.3 Thu Jul 5 17:48:43 2012
+++ src/usr.sbin/npf/npftest/libnpftest/npf_state_test.c Sun Nov 18 21:48:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_state_test.c,v 1.1.2.3 2012/07/05 17:48:43 riz Exp $ */
+/* $NetBSD: npf_state_test.c,v 1.1.2.4 2012/11/18 21:48:56 riz Exp $ */
/*
* NPF state tracking test.
@@ -164,6 +164,7 @@ npf_state_test(bool verbose)
{
npf_state_t nst;
bool snew = true;
+ bool ok = true;
for (u_int i = 0; i < __arraycount(packet_sequence); i++) {
if (process_packet(i, &nst, &snew)) {
@@ -173,7 +174,7 @@ npf_state_test(bool verbose)
printf("Failed on packet %d, state dump:\n", i);
npf_state_dump(&nst);
}
- return false;
+ ok = false;
}
- return true;
+ return ok;
}
Index: src/usr.sbin/npf/npftest/libnpftest/npf_table_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_table_test.c:1.2.2.5 src/usr.sbin/npf/npftest/libnpftest/npf_table_test.c:1.2.2.6
--- src/usr.sbin/npf/npftest/libnpftest/npf_table_test.c:1.2.2.5 Mon Jul 16 22:13:29 2012
+++ src/usr.sbin/npf/npftest/libnpftest/npf_table_test.c Sun Nov 18 21:48:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_table_test.c,v 1.2.2.5 2012/07/16 22:13:29 riz Exp $ */
+/* $NetBSD: npf_table_test.c,v 1.2.2.6 2012/11/18 21:48:56 riz Exp $ */
/*
* NPF tableset test.
@@ -22,11 +22,23 @@ static const char *ip_list[] = {
"10.0.0.2",
};
-static const uint32_t ip6_list[][4] = {
- { 0x000080fe, 0x00000000, 0xffc0a002, 0x341210fe },
- { 0x000080fe, 0x00000000, 0xffc0a002, 0x00000000 },
- { 0x000080fe, 0x00000000, 0x00000000, 0x00000000 },
- { 0x000080fe, 0x00000000, 0xffc0a002, 0x301210fe },
+static const uint16_t ip6_list[][8] = {
+ {
+ htons(0xfe80), 0x0, 0x0, 0x0,
+ htons(0x2a0), htons(0xc0ff), htons(0xfe10), htons(0x1234)
+ },
+ {
+ htons(0xfe80), 0x0, 0x0, 0x0,
+ htons(0x2a0), htons(0xc0ff), 0x00, 0x0
+ },
+ {
+ htons(0xfe80), 0x0, 0x0, 0x0,
+ 0x0, 0x0, 0x0, 0x0
+ },
+ {
+ htons(0xfe80), 0x0, 0x0, 0x0,
+ htons(0x2a0), htons(0xc0ff), htons(0xfe10), htons(0x1230)
+ }
};
#define HASH_TID 1
@@ -40,52 +52,53 @@ npf_table_test(bool verbose)
npf_tableset_t *tblset;
npf_table_t *t1, *t2;
int error, alen;
+ bool fail = false;
u_int i;
npf_tableset_sysinit();
tblset = npf_tableset_create();
- assert(tblset != NULL);
+ fail |= !(tblset != NULL);
/* Table ID 1, using hash table with 256 lists. */
t1 = npf_table_create(HASH_TID, NPF_TABLE_HASH, 256);
- assert(t1 != NULL);
+ fail |= !(t1 != NULL);
error = npf_tableset_insert(tblset, t1);
- assert(error == 0);
+ fail |= !(error == 0);
/* Check for double-insert. */
error = npf_tableset_insert(tblset, t1);
- assert(error != 0);
+ fail |= !(error != 0);
/* Table ID 2, using RB-tree. */
t2 = npf_table_create(TREE_TID, NPF_TABLE_TREE, 0);
- assert(t2 != NULL);
+ fail |= !(t2 != NULL);
error = npf_tableset_insert(tblset, t2);
- assert(error == 0);
+ fail |= !(error == 0);
/* Attempt to match non-existing entries - should fail. */
addr->s6_addr32[0] = inet_addr(ip_list[0]);
alen = sizeof(struct in_addr);
error = npf_table_lookup(tblset, HASH_TID, alen, addr);
- assert(error != 0);
+ fail |= !(error != 0);
error = npf_table_lookup(tblset, TREE_TID, alen, addr);
- assert(error != 0);
+ fail |= !(error != 0);
/* Fill both tables with IP addresses. */
for (i = 0; i < __arraycount(ip_list); i++) {
addr->s6_addr32[0] = inet_addr(ip_list[i]);
error = npf_table_insert(tblset, HASH_TID, alen, addr, nm);
- assert(error == 0);
+ fail |= !(error == 0);
error = npf_table_insert(tblset, HASH_TID, alen, addr, nm);
- assert(error != 0);
+ fail |= !(error != 0);
error = npf_table_insert(tblset, TREE_TID, alen, addr, nm);
- assert(error == 0);
+ fail |= !(error == 0);
error = npf_table_insert(tblset, TREE_TID, alen, addr, nm);
- assert(error != 0);
+ fail |= !(error != 0);
}
/* Attempt to add duplicates - should fail. */
@@ -93,18 +106,18 @@ npf_table_test(bool verbose)
alen = sizeof(struct in_addr);
error = npf_table_insert(tblset, HASH_TID, alen, addr, nm);
- assert(error != 0);
+ fail |= !(error != 0);
error = npf_table_insert(tblset, TREE_TID, alen, addr, nm);
- assert(error != 0);
+ fail |= !(error != 0);
/* Reference checks. */
t1 = npf_table_get(tblset, HASH_TID);
- assert(t1 != NULL);
+ fail |= !(t1 != NULL);
npf_table_put(t1);
t2 = npf_table_get(tblset, TREE_TID);
- assert(t2 != NULL);
+ fail |= !(t2 != NULL);
npf_table_put(t2);
/* Match (validate) each IP entry. */
@@ -112,10 +125,10 @@ npf_table_test(bool verbose)
addr->s6_addr32[0] = inet_addr(ip_list[i]);
error = npf_table_lookup(tblset, HASH_TID, alen, addr);
- assert(error == 0);
+ fail |= !(error == 0);
error = npf_table_lookup(tblset, TREE_TID, alen, addr);
- assert(error == 0);
+ fail |= !(error == 0);
}
/* IPv6 addresses. */
@@ -123,18 +136,18 @@ npf_table_test(bool verbose)
alen = sizeof(struct in6_addr);
error = npf_table_insert(tblset, HASH_TID, alen, addr, nm);
- assert(error == 0);
+ fail |= !(error == 0);
error = npf_table_lookup(tblset, HASH_TID, alen, addr);
- assert(error == 0);
+ fail |= !(error == 0);
error = npf_table_remove(tblset, HASH_TID, alen, addr, nm);
- assert(error == 0);
+ fail |= !(error == 0);
error = npf_table_insert(tblset, TREE_TID, alen, addr, nm);
- assert(error == 0);
+ fail |= !(error == 0);
error = npf_table_lookup(tblset, TREE_TID, alen, addr);
- assert(error == 0);
+ fail |= !(error == 0);
error = npf_table_remove(tblset, TREE_TID, alen, addr, nm);
- assert(error == 0);
+ fail |= !(error == 0);
/*
* Masking: 96, 32, 127.
@@ -142,41 +155,41 @@ npf_table_test(bool verbose)
memcpy(addr, ip6_list[1], sizeof(ip6_list[1]));
error = npf_table_insert(tblset, TREE_TID, alen, addr, 96);
- assert(error == 0);
+ fail |= !(error == 0);
memcpy(addr, ip6_list[0], sizeof(ip6_list[0]));
error = npf_table_lookup(tblset, TREE_TID, alen, addr);
- assert(error == 0);
+ fail |= !(error == 0);
memcpy(addr, ip6_list[1], sizeof(ip6_list[1]));
error = npf_table_remove(tblset, TREE_TID, alen, addr, 96);
- assert(error == 0);
+ fail |= !(error == 0);
memcpy(addr, ip6_list[2], sizeof(ip6_list[2]));
error = npf_table_insert(tblset, TREE_TID, alen, addr, 32);
- assert(error == 0);
+ fail |= !(error == 0);
memcpy(addr, ip6_list[0], sizeof(ip6_list[0]));
error = npf_table_lookup(tblset, TREE_TID, alen, addr);
- assert(error == 0);
+ fail |= !(error == 0);
memcpy(addr, ip6_list[2], sizeof(ip6_list[2]));
error = npf_table_remove(tblset, TREE_TID, alen, addr, 32);
- assert(error == 0);
+ fail |= !(error == 0);
memcpy(addr, ip6_list[3], sizeof(ip6_list[3]));
error = npf_table_insert(tblset, TREE_TID, alen, addr, 126);
- assert(error == 0);
+ fail |= !(error == 0);
memcpy(addr, ip6_list[0], sizeof(ip6_list[0]));
error = npf_table_lookup(tblset, TREE_TID, alen, addr);
- assert(error != 0);
+ fail |= !(error != 0);
memcpy(addr, ip6_list[3], sizeof(ip6_list[3]));
error = npf_table_remove(tblset, TREE_TID, alen, addr, 126);
- assert(error == 0);
+ fail |= !(error == 0);
alen = sizeof(struct in_addr);
@@ -186,14 +199,14 @@ npf_table_test(bool verbose)
addr->s6_addr32[0] = inet_addr(ip_list[i]);
error = npf_table_remove(tblset, HASH_TID, alen, addr, nm);
- assert(error == 0);
+ fail |= !(error == 0);
error = npf_table_remove(tblset, TREE_TID, alen, addr, nm);
- assert(error == 0);
+ fail |= !(error == 0);
}
npf_tableset_destroy(tblset);
npf_tableset_sysfini();
- return true;
+ return !fail;
}
