diff options
author | Ido Barnea <ibarnea@cisco.com> | 2016-07-06 11:04:52 +0300 |
---|---|---|
committer | Ido Barnea <ibarnea@cisco.com> | 2016-07-12 16:06:02 +0300 |
commit | cc5cc5631e9df4ef0eee9c26705208dfcf035e8c (patch) | |
tree | cf43869ae348d02f7b3c1551e88d07d8a3f28a9d /src/bp_gtest.cpp | |
parent | c19193cff9413a03dd85cc9facda0c28b28d37c2 (diff) |
NAT seq num randomization working version - Missing some functionality
Diffstat (limited to 'src/bp_gtest.cpp')
-rwxr-xr-x | src/bp_gtest.cpp | 72 |
1 files changed, 51 insertions, 21 deletions
diff --git a/src/bp_gtest.cpp b/src/bp_gtest.cpp index 79ea2458..3c6b2e40 100755 --- a/src/bp_gtest.cpp +++ b/src/bp_gtest.cpp @@ -2416,7 +2416,7 @@ public: assert(ipv4->getTimeToLive()==255); /* ip option packet */ printf(" rx got ip option packet ! \n"); - mg->handle_packet_ipv4(option,ipv4); + mg->handle_packet_ipv4(option, ipv4, true); delay(10); // delay for queue flush mg->handle_aging(); // flush the RxRing } @@ -2481,8 +2481,10 @@ protected: m_flow_info.Delete(); } public: - CCapFileFlowInfo m_flow_info; + void load_cap_file_errors_helper(std::string cap_file, enum CCapFileFlowInfo::load_cap_file_err expect); +public: + CCapFileFlowInfo m_flow_info; }; TEST_F(file_flow_info, f1) { @@ -2612,30 +2614,58 @@ TEST_F(file_flow_info, http_add_ipv6_option) { po->preview.set_ipv6_mode_enable(false); } +void file_flow_info::load_cap_file_errors_helper(std::string cap_file, enum CCapFileFlowInfo::load_cap_file_err expect) { + enum CCapFileFlowInfo::load_cap_file_err err; + + err = m_flow_info.load_cap_file(cap_file, 1, 0); + if (err == 0) err = m_flow_info.is_valid_template_load_time(); + if (err != expect) { + printf("Error in testing file %s. Expected error to be %d, but it is %d\n", cap_file.c_str(), expect, err); + } + assert (err == expect); +} + // Test error conditions when loading cap file TEST_F(file_flow_info, load_cap_file_errors) { - enum CCapFileFlowInfo::load_cap_file_err err; - CParserOption * po =&CGlobalInfo::m_options; - po->m_learn_mode = CParserOption::LEARN_MODE_TCP_ACK; + CParserOption *po = &CGlobalInfo::m_options; - // file does not exist - err = m_flow_info.load_cap_file("/tmp/not_exist",1,0); - assert (err == CCapFileFlowInfo::kFileNotExist); + po->m_learn_mode = CParserOption::LEARN_MODE_DISABLED; + load_cap_file_errors_helper("/tmp/not_exist", CCapFileFlowInfo::kFileNotExist); // file format not supported - err = m_flow_info.load_cap_file("cap2/dns.yaml",1,0); - assert (err == CCapFileFlowInfo::kFileNotExist); - // udp in tcp learn mode - err = m_flow_info.load_cap_file("./cap2/dns.pcap",1,0); - assert (err == CCapFileFlowInfo::kNoTCPFromServer); - // First TCP packet without syn - err = m_flow_info.load_cap_file("./exp/tcp_no_syn.pcap",1,0); - assert (err == CCapFileFlowInfo::kNoSyn); - // TCP flags offset is too big - err = m_flow_info.load_cap_file("./exp/many_ip_options.pcap",1,0); - assert (err == CCapFileFlowInfo::kTCPOffsetTooBig); + load_cap_file_errors_helper("cap2/dns.yaml", CCapFileFlowInfo::kFileNotExist); + load_cap_file_errors_helper("cap2/dns.pcap", CCapFileFlowInfo::kOK); + load_cap_file_errors_helper("./exp/tcp_no_syn.pcap", CCapFileFlowInfo::kOK); + load_cap_file_errors_helper("./exp/many_ip_options.pcap", CCapFileFlowInfo::kOK); // Non IP packet - err = m_flow_info.load_cap_file("./exp/bad_not_ip.pcap",1,0); - assert (err == CCapFileFlowInfo::kPktProcessFail); + load_cap_file_errors_helper("./exp/bad_not_ip.pcap", CCapFileFlowInfo::kPktProcessFail); + load_cap_file_errors_helper("./exp/tcp_2_pkts.pcap", CCapFileFlowInfo::kOK); + // more than 1 flow in cap file + load_cap_file_errors_helper("./exp/syn_attack.pcap", CCapFileFlowInfo::kCapFileErr); + + po->m_learn_mode = CParserOption::LEARN_MODE_IP_OPTION; + load_cap_file_errors_helper("cap2/dns.pcap", CCapFileFlowInfo::kOK); + load_cap_file_errors_helper("./exp/tcp_no_syn.pcap", CCapFileFlowInfo::kOK); + load_cap_file_errors_helper("./exp/many_ip_options.pcap", CCapFileFlowInfo::kIPOptionNotAllowed); + load_cap_file_errors_helper("./exp/tcp_2_pkts.pcap", CCapFileFlowInfo::kOK); + + po->m_learn_mode = CParserOption::LEARN_MODE_TCP_ACK_NO_SERVER_SEQ_RAND; + // udp in tcp learn mode + load_cap_file_errors_helper("cap2/dns.pcap", CCapFileFlowInfo::kNoTCPFromServer); + // no SYN in first packet + load_cap_file_errors_helper("./exp/tcp_no_syn.pcap", CCapFileFlowInfo::kNoSyn); + // TCP flags offset is too big. We don't allow IP option, so can comment this. + // open this if we do allow IP options in the future + // load_cap_file_errors_helper("./exp/many_ip_options.pcap", CCapFileFlowInfo::kTCPOffsetTooBig); + load_cap_file_errors_helper("./exp/tcp_2_pkts.pcap", CCapFileFlowInfo::kOK); + load_cap_file_errors_helper("./exp/no_tcp_syn_ack.pcap", CCapFileFlowInfo::kOK); + + po->m_learn_mode = CParserOption::LEARN_MODE_TCP_ACK; + // too short. only two packets + load_cap_file_errors_helper("./exp/tcp_2_pkts.pcap", CCapFileFlowInfo::kTCPLearnModeBadFlow); + // no SYN+ACK + load_cap_file_errors_helper("./exp/no_tcp_syn_ack.pcap", CCapFileFlowInfo::kNoTCPSynAck); + // IPG between TCP handshake packets too low + load_cap_file_errors_helper("./exp/tcp_low_ipg.pcap", CCapFileFlowInfo::kTCPIpgTooLow); } ////////////////////////////////////////////////////////////// |