From 9c0ed46f68cada9f3455be91adb553d020012596 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Sat, 9 Mar 2019 11:56:05 +0100
Subject: Rename 'qa' directory to 'tests'

When searching for library tests, 'qa' is easily overlooked. Use a more
common name instead.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/ct_mark_filter.c | 149 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 149 insertions(+)
 create mode 100644 tests/ct_mark_filter.c

(limited to 'tests/ct_mark_filter.c')

diff --git a/tests/ct_mark_filter.c b/tests/ct_mark_filter.c
new file mode 100644
index 0000000..cd6dd27
--- /dev/null
+++ b/tests/ct_mark_filter.c
@@ -0,0 +1,149 @@
+#include <assert.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <netinet/in.h>
+
+#include <libmnl/libmnl.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+#include "nssocket.h"
+
+static void tcp_echo_before_fin(const struct mnl_socket *nl,
+			       const char *pre, const char *post)
+{
+	uint8_t proto = IPPROTO_TCP;
+
+	sync_fifo(pre);
+	timeout.tv_sec = INIT_TIMEOUT;
+	handle_qacb(nl, true, cb_tcp_new, &proto);
+	handle_qacb(nl, true, cb_tcp_syn_recv, &proto);
+	handle_qacb(nl, true, cb_tcp_established, &proto);
+	handle_qacb(nl, false, NULL, NULL);
+	sync_fifo(post);
+}
+
+static void tcp_echo_after_fin(const struct mnl_socket *nl,
+			       const char *pre, const char *post)
+{
+	uint8_t proto = IPPROTO_TCP;
+
+	sync_fifo(pre);
+	timeout.tv_sec = INIT_TIMEOUT;
+	handle_qacb(nl, true, cb_tcp_fin_wait, &proto);
+	handle_qacb(nl, true, cb_tcp_close_wait, &proto);
+	handle_qacb(nl, true, cb_tcp_close, &proto);
+	handle_qacb(nl, true, cb_tcp_destroy, &proto);
+	handle_qacb(nl, false, NULL, NULL);
+	sync_fifo(post);
+}
+
+static void filter_mark_zero(const struct mnl_socket *nl,
+			     const char *pre, const char *post)
+{
+	struct nfct_filter *filter = nfct_filter_create();
+	struct nfct_filter_dump_mark mark = {val: 0, mask: 0};
+
+	nfct_filter_add_attr(filter, NFCT_FILTER_MARK, &mark);
+	assert(nfct_filter_attach(mnl_socket_get_fd(nl), filter) != -1);
+	nfct_filter_destroy(filter);
+	tcp_echo(nl, pre, post);
+	assert(nfct_filter_detach(mnl_socket_get_fd(nl)) != -1);
+}
+
+static void filter_mark_1_1(const struct mnl_socket *nl,
+			    const char *pre, const char *post)
+{
+	struct nfct_filter *filter = nfct_filter_create();
+	struct nfct_filter_dump_mark mark = {val: 1, mask: 1};
+
+	nfct_filter_add_attr(filter, NFCT_FILTER_MARK, &mark);
+	assert(nfct_filter_attach(mnl_socket_get_fd(nl), filter) != -1);
+	nfct_filter_destroy(filter);
+	tcp_echo_after_fin(nl, pre, post);
+	assert(nfct_filter_detach(mnl_socket_get_fd(nl)) != -1);
+}
+
+static void filter_mark_neg_1_1(const struct mnl_socket *nl,
+				const char *pre, const char *post)
+{
+	struct nfct_filter *filter = nfct_filter_create();
+	struct nfct_filter_dump_mark mark = {val: 1, mask: 1};
+
+	nfct_filter_add_attr(filter, NFCT_FILTER_MARK, &mark);
+	assert(nfct_filter_set_logic(filter, NFCT_FILTER_MARK,
+				     NFCT_FILTER_LOGIC_NEGATIVE) != -1);
+	assert(nfct_filter_attach(mnl_socket_get_fd(nl), filter) != -1);
+	nfct_filter_destroy(filter);
+	tcp_echo_before_fin(nl, pre, post);
+	assert(nfct_filter_detach(mnl_socket_get_fd(nl)) != -1);
+}
+
+static void filter_mark_neg_0_fffffffd(const struct mnl_socket *nl,
+				       const char *pre, const char *post)
+{
+	struct nfct_filter *filter = nfct_filter_create();
+	struct nfct_filter_dump_mark mark = {val: 0, mask: 0xfffffffd};
+
+	nfct_filter_add_attr(filter, NFCT_FILTER_MARK, &mark);
+	assert(nfct_filter_set_logic(filter, NFCT_FILTER_MARK,
+				     NFCT_FILTER_LOGIC_NEGATIVE) != -1);
+	assert(nfct_filter_attach(mnl_socket_get_fd(nl), filter) != -1);
+	nfct_filter_destroy(filter);
+	tcp_echo_after_fin(nl, pre, post);
+	assert(nfct_filter_detach(mnl_socket_get_fd(nl)) != -1);
+}
+
+static void filter_mark_max(const struct mnl_socket *nl,
+			    const char *pre, const char *post)
+{
+	struct nfct_filter *filter = nfct_filter_create();
+	struct nfct_filter_dump_mark mark;
+	int i;
+
+	for (i = 0; i < 126; i++) {
+		/* does not match to mark value 3 */
+		mark = (struct nfct_filter_dump_mark){val: 0, mask: 3};
+		nfct_filter_add_attr(filter, NFCT_FILTER_MARK, &mark);
+	}
+
+	/* __FILTER_MARK_MAX      127, should be added */
+	mark = (struct nfct_filter_dump_mark){val: 1, mask: 1};
+	nfct_filter_add_attr(filter, NFCT_FILTER_MARK, &mark);
+
+	/* over __FILTER_MARK_MAX, should be ignored */
+	mark = (struct nfct_filter_dump_mark){val: 0, mask: 0};
+	nfct_filter_add_attr(filter, NFCT_FILTER_MARK, &mark);
+
+	assert(nfct_filter_attach(mnl_socket_get_fd(nl), filter) != -1);
+	nfct_filter_destroy(filter);
+	tcp_echo_after_fin(nl, pre, post);
+	assert(nfct_filter_detach(mnl_socket_get_fd(nl)) != -1);
+}
+
+int main(int argc, char *argv[])
+{
+	struct mnl_socket *nl;
+	char *pre, *post;
+
+	if (argc != 4) {
+		fprintf(stderr, "usage: %s <netns> <pre_fifo> <post_fifo>\n", argv[0]);
+		exit(EXIT_FAILURE);
+	}
+	pre = argv[2];
+	post = argv[3];
+
+	nl = mnl_event_nssocket(argv[1]);
+	if (nl == NULL) {
+		perror("init_mnl_socket");
+		exit(EXIT_FAILURE);
+	}
+
+	filter_mark_zero(nl, pre, post);
+	filter_mark_1_1(nl, pre, post);
+	filter_mark_neg_1_1(nl, pre, post);
+	filter_mark_neg_0_fffffffd(nl, pre, post);
+	filter_mark_max(nl, pre, post);
+
+	return fini_nssocket();
+}
-- 
cgit v1.2.3