From: claudio <claudio@openbsd.org>
Date: Mon, 17 Apr 2023 08:02:55 +0000 (+0000)
Subject: Add basic flowspec regress test.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b7341f443d6f521312741582bbbf30704fab5461;p=openbsd

Add basic flowspec regress test.
---

diff --git a/regress/usr.sbin/bgpd/unittests/Makefile b/regress/usr.sbin/bgpd/unittests/Makefile
index 36f0059915c..e2364e7ad4d 100644
--- a/regress/usr.sbin/bgpd/unittests/Makefile
+++ b/regress/usr.sbin/bgpd/unittests/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.10 2023/01/11 13:55:08 claudio Exp $
+# $OpenBSD: Makefile,v 1.11 2023/04/17 08:02:55 claudio Exp $
 
 .PATH:		${.CURDIR}/../../../../usr.sbin/bgpd
 
@@ -7,6 +7,7 @@ PROGS += rde_trie_test
 PROGS += rde_community_test
 PROGS += rde_decide_test
 PROGS += rde_aspa_test
+PROGS += rde_flowspec_test
 
 .for p in ${PROGS}
 REGRESS_TARGETS += run-regress-$p
@@ -39,4 +40,6 @@ SRCS_rde_community_test=	rde_community_test.c rde_community.c
 
 SRCS_rde_decide_test=	rde_decide_test.c rde_decide.c rde_attr.c util.c
 
+SRCS_rde_flowspec_test=	rde_flowspec_test.c flowspec.c util.c
+
 .include <bsd.regress.mk>
diff --git a/regress/usr.sbin/bgpd/unittests/rde_flowspec_test.c b/regress/usr.sbin/bgpd/unittests/rde_flowspec_test.c
new file mode 100644
index 00000000000..e25826858c6
--- /dev/null
+++ b/regress/usr.sbin/bgpd/unittests/rde_flowspec_test.c
@@ -0,0 +1,198 @@
+/*	$OpenBSD: rde_flowspec_test.c,v 1.1 2023/04/17 08:02:55 claudio Exp $ */
+
+/*
+ * Copyright (c) 2023 Claudio Jeker <claudio@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <err.h>
+#include <stdio.h>
+
+#include "bgpd.h"
+#include "rde.h"
+
+const uint8_t ordered0[] = { 0x01, 0x00, 0x02, 0x00, 0x03, 0x80, 0x00 };
+const uint8_t ordered1[] = { 0x02, 0x00, 0x01, 0x00, 0x03, 0x80, 0x00 };
+const uint8_t ordered2[] = { 0x02, 0x00, 0x03, 0x80, 0x00, 0x01, 0x00 };
+const uint8_t ordered3[] = { 0x01, 0x00, 0x01, 0x00, 0x03, 0x80, 0x00 };
+
+const uint8_t minmax0[] = { 0x00, 0x00 };
+const uint8_t minmax1[] = { 0x0e, 0x00 };
+const uint8_t minmax2[] = { 0xfe, 0x00 };
+
+const uint8_t flow[] = { 0x0d, 0x80, 0x00 };
+
+const uint8_t badand[] = { 0x04, 0xc0, 0x00 };
+const uint8_t goodand[] = { 0x04, 0x00, 0x00, 0xc0, 0x00 };
+
+const uint8_t overflow0[] = { 0x04 };
+const uint8_t overflow1[] = { 0x04, 0x80 };
+const uint8_t overflow2[] = { 0x04, 0x90, 0x00 };
+const uint8_t overflow3[] = { 0x04, 0xc0, 0x00, 0x00, 0x00 };
+const uint8_t overflow4[] = { 0x04, 0x00, 0x00 };
+const uint8_t overflow5[] = { 0x04, 0x00, 0x00, 0x80 };
+const uint8_t overflow6[] = { 0x04, 0x10, 0x00, 0x80 };
+const uint8_t prefix0[] = { 0x01 };
+const uint8_t prefix1[] = { 0x01, 0x07 };
+const uint8_t prefix2[] = { 0x01, 0x0a, 0xef };
+const uint8_t prefix3[] = { 0x01, 0x11, 0xef, 0x00 };
+const uint8_t prefix4[] = { 0x01, 0x21, 0xef, 0x00, 0x00, 0x01, 0x00 };
+const uint8_t prefix60[] = { 0x01 };
+const uint8_t prefix61[] = { 0x01, 0x07 };
+const uint8_t prefix62[] = { 0x01, 0x10, 0x1 };
+const uint8_t prefix63[] = { 0x01, 0x10, 0x01, 0x20 };
+const uint8_t prefix64[] = { 0x01, 0x81, 0x73, 0x20, 0x01 };
+const uint8_t prefix65[] = { 0x01, 0x80, 0x83, 0x20, 0x01 };
+const uint8_t prefix66[] = { 0x01, 0x40, 0x40, 0x20, 0x01 };
+
+static void
+test_flowspec_valid(void)
+{
+	/* empty NLRI is invalid */
+	if (flowspec_valid(NULL, 0, 0) != -1)
+		errx(1, "empty NLRI is not invalid");
+
+	/* ensure that type range is checked */
+	if (flowspec_valid(minmax0, sizeof(minmax0), 0) != -1 ||
+	    flowspec_valid(minmax1, sizeof(minmax1), 0) != -1 ||
+	    flowspec_valid(minmax2, sizeof(minmax2), 0) != -1)
+		errx(1, "out of range type is not invalid");
+
+	/* ensure that types are ordered */
+	if (flowspec_valid(ordered0, sizeof(ordered0), 0) != 0)
+		errx(1, "in order NLRI is not valid");
+	if (flowspec_valid(ordered1, sizeof(ordered1), 0) != -1 ||
+	    flowspec_valid(ordered2, sizeof(ordered2), 0) != -1 ||
+	    flowspec_valid(ordered3, sizeof(ordered3), 0) != -1)
+		errx(1, "out of order types are not invalid");
+
+	/* flow is only valid in the IPv6 case */
+	if (flowspec_valid(flow, sizeof(flow), 0) != -1)
+		errx(1, "FLOW type for IPv4 is not invalid");
+	if (flowspec_valid(flow, sizeof(flow), 1) != 0)
+		errx(1, "FLOW type for IPv4 is not valid");
+
+	/* first component cannot have and flag set */
+	if (flowspec_valid(badand, sizeof(badand), 0) != -1)
+		errx(1, "AND in first element is not invalid");
+	if (flowspec_valid(goodand, sizeof(goodand), 0) != 0)
+		errx(1, "AND in other element is not valid");
+
+	/* various overflows */
+	if (flowspec_valid(overflow0, sizeof(overflow0), 0) != -1 ||
+	    flowspec_valid(overflow1, sizeof(overflow1), 0) != -1 ||
+	    flowspec_valid(overflow2, sizeof(overflow2), 0) != -1 ||
+	    flowspec_valid(overflow3, sizeof(overflow3), 0) != -1 ||
+	    flowspec_valid(overflow4, sizeof(overflow4), 0) != -1 ||
+	    flowspec_valid(overflow5, sizeof(overflow5), 0) != -1 ||
+	    flowspec_valid(overflow6, sizeof(overflow6), 0) != -1)
+		errx(1, "overflow not detected");
+
+	if (flowspec_valid(prefix0, sizeof(prefix0), 0) != -1 ||
+	    flowspec_valid(prefix1, sizeof(prefix1), 0) != -1 ||
+	    flowspec_valid(prefix2, sizeof(prefix2), 0) != -1 ||
+	    flowspec_valid(prefix3, sizeof(prefix3), 0) != -1 ||
+	    flowspec_valid(prefix4, sizeof(prefix4), 0) != -1)
+		errx(1, "bad prefix encoding is not invalid");
+
+	if (flowspec_valid(prefix60, sizeof(prefix60), 1) != -1 ||
+	    flowspec_valid(prefix61, sizeof(prefix61), 1) != -1 ||
+	    flowspec_valid(prefix62, sizeof(prefix62), 1) != -1 ||
+	    flowspec_valid(prefix63, sizeof(prefix63), 1) != -1 ||
+	    flowspec_valid(prefix64, sizeof(prefix64), 1) != -1 ||
+	    flowspec_valid(prefix65, sizeof(prefix65), 1) != -1 ||
+	    flowspec_valid(prefix66, sizeof(prefix66), 1) != -1)
+		errx(1, "bad IPv6 prefix encoding is not invalid");
+}
+
+static int
+do_cmp(const uint8_t *a, int alen, const uint8_t *b, int blen, int is_v6)
+{
+	if (flowspec_cmp(a, alen, b, blen, is_v6) != 1 ||
+	    flowspec_cmp(b, blen, a, alen, is_v6) != -1)
+		return -1;
+	return 0;
+}
+
+const uint8_t cmp1[] = { 0x01, 0x00 };
+const uint8_t cmp2[] = { 0x02, 0x00 };
+const uint8_t cmp3[] = { 0x01, 0x00, 0x2, 0x00 };
+const uint8_t cmp4[] = { 0x04, 0x80, 0x2 };
+const uint8_t cmp5[] = { 0x04, 0x80, 0x3 };
+const uint8_t cmp6[] = { 0x04, 0x00, 0x3, 0x80, 0x02 };
+
+const uint8_t cmp41[] = { 0x01, 24, 192, 168, 16 };
+const uint8_t cmp42[] = { 0x01, 24, 192, 168, 32 };
+const uint8_t cmp43[] = { 0x01, 24, 192, 168, 42 };
+const uint8_t cmp44[] = { 0x01, 20, 192, 168, 32 };
+
+const uint8_t cmp61[] = { 0x01, 48, 0, 0x20, 0x01, 0x0d, 0xb8, 0xc0, 0xfe };
+const uint8_t cmp62[] = { 0x01, 48, 8, 0x01, 0x0d, 0xb8, 0xc0, 0xfe };
+const uint8_t cmp63[] = { 0x01, 40, 0, 0x20, 0x01, 0x0d, 0xb8, 0xc0 };
+const uint8_t cmp64[] = { 0x01, 40, 0, 0x20, 0x01, 0x0d, 0xb8, 0xd0 };
+
+static void
+test_flowspec_cmp(void)
+{
+	if (do_cmp(cmp1, sizeof(cmp1), cmp2, sizeof(cmp2), 0) != 0)
+		errx(1, "cmp on type failed");
+	if (do_cmp(cmp3, sizeof(cmp3), cmp1, sizeof(cmp1), 0) != 0)
+		errx(1, "cmp on more components failed");
+	if (do_cmp(cmp4, sizeof(cmp4), cmp5, sizeof(cmp5), 0) != 0)
+		errx(1, "cmp on lowest common component failed");
+	if (do_cmp(cmp6, sizeof(cmp6), cmp5, sizeof(cmp5), 0) != 0)
+		errx(1, "cmp on lowest common component failed");
+	if (do_cmp(cmp6, sizeof(cmp6), cmp4, sizeof(cmp4), 0) != 0)
+		errx(1, "cmp on lowest common component failed");
+
+	if (do_cmp(cmp41, sizeof(cmp41), cmp42, sizeof(cmp42), 0) != 0)
+		errx(1, "cmp 1 on prefix component failed");
+	if (do_cmp(cmp41, sizeof(cmp41), cmp43, sizeof(cmp43), 0) != 0)
+		errx(1, "cmp 2 on prefix component failed");
+	if (do_cmp(cmp41, sizeof(cmp41), cmp44, sizeof(cmp44), 0) != 0)
+		errx(1, "cmp 3 on prefix component failed");
+	if (do_cmp(cmp42, sizeof(cmp42), cmp43, sizeof(cmp43), 0) != 0)
+		errx(1, "cmp 4 on prefix component failed");
+	if (do_cmp(cmp42, sizeof(cmp42), cmp44, sizeof(cmp44), 0) != 0)
+		errx(1, "cmp 5 on prefix component failed");
+	if (do_cmp(cmp43, sizeof(cmp43), cmp44, sizeof(cmp44), 0) != 0)
+		errx(1, "cmp 6 on prefix component failed");
+
+	if (do_cmp(cmp61, sizeof(cmp61), cmp62, sizeof(cmp62), 1) != 0)
+		errx(1, "cmp 1 on inet6 prefix component failed");
+	if (do_cmp(cmp61, sizeof(cmp61), cmp63, sizeof(cmp63), 1) != 0)
+		errx(1, "cmp 1 on inet6 prefix component failed");
+	if (do_cmp(cmp61, sizeof(cmp61), cmp64, sizeof(cmp64), 1) != 0)
+		errx(1, "cmp 1 on inet6 prefix component failed");
+	if (do_cmp(cmp63, sizeof(cmp63), cmp64, sizeof(cmp64), 1) != 0)
+		errx(1, "cmp 1 on inet6 prefix component failed");
+}
+
+int
+main(int argc, char **argv)
+{
+	test_flowspec_valid();
+	test_flowspec_cmp();
+	printf("OK\n");
+	return 0;
+}
+
+__dead void
+fatalx(const char *emsg, ...)
+{
+	va_list ap;
+	va_start(ap, emsg);
+	verrx(2, emsg, ap);
+}
+