Add Gtests for iprange extention

This patch adds the Global testcases to
to test iprange extention of stc-iptables.

Change-Id: Idecbb0dbec9ca30f63acacea93c91c3822adb2dc
Signed-off-by: Milind Murhekar <m.murhekar@samsung.com>

diff --git a/unittest/rule.cpp b/unittest/rule.cpp
index 20172fc..520ccf0 100755 (executable)
--- a/unittest/rule.cpp
+++ b/unittest/rule.cpp
@@ -25,6 +25,7 @@
 Rule::Rule()
 {
        Create();
+       InitialiseRuleSet();
 }
 
 Rule::~Rule()
@@ -32,6 +33,121 @@ Rule::~Rule()
        Destroy();
 }
 
+void Rule::InitialiseRuleSet(void)
+{
+       memset(this->m_ChainName, 0, CHAIN_NAME_LEN);
+       memset(this->m_IfaceName, 0, IFACE_NAME_LEN);
+       memset(this->m_NfacctName, 0, NFACCT_NAME_LEN);
+       memset(this->m_TargetName, 0, TARGET_NAME_LEN);
+
+       this->m_ClassID = 0;
+       this->m_Direction = IPT_RULE_IN;
+
+       this->m_target_type = IPT_ACTION_NONE;
+       this->m_protocol = IPT_PROTOCOL_NONE;
+       this->m_s_ip_type = IPT_IP_NONE;
+       this->m_d_ip_type = IPT_IP_NONE;
+       this->m_s_ip1.s_addr = 0;
+       this->m_s_ip2.s_addr = 0;
+       this->m_d_ip1.s_addr = 0;
+       this->m_d_ip2.s_addr = 0;
+       this->m_s_port_type = IPT_PORT_NONE;
+       this->m_d_port_type = IPT_PORT_NONE;
+       this->m_s_port1 = 0;
+       this->m_s_port2 = 0;
+       this->m_d_port1 = 0;
+       this->m_d_port2 = 0;
+}
+
+error_e Rule::SetRule_iprange(const char *chain, ipt_direction_e direction,
+               const char *iface_name, int classid, const char *nfacct_name,
+               const char *target_name, ipt_target_action_e target_type,
+               ipt_protocol_type_e protocol,
+               ipt_ip_type_e s_ip_type,
+               ipt_ip_type_e d_ip_type,
+               const char *s_ip1, const char *s_ip2,
+               const char *d_ip1, const char *d_ip2,
+               ipt_port_type_e s_port_type,
+               ipt_port_type_e d_port_type,
+               unsigned int s_port1, unsigned int s_port2,
+               unsigned int d_port1, unsigned int d_port2)
+{
+       if (chain == NULL || strlen(chain) == 0)
+               this->m_ChainName[0] = '\0';
+       else
+               g_strlcpy(this->m_ChainName, chain, CHAIN_NAME_LEN);
+
+       switch (direction) {
+       case IPT_RULE_IN:
+       case IPT_RULE_OUT:
+               this->m_Direction = direction;
+               break;
+       default:
+               return ERROR_INVALID_PARAMETER;
+       }
+
+       if (iface_name == NULL || strlen(iface_name) == 0)
+               this->m_IfaceName[0] = '\0';
+       else
+               g_strlcpy(this->m_IfaceName, iface_name, IFACE_NAME_LEN);
+
+       if (classid > 0)
+               this->m_ClassID = classid;
+
+       if (nfacct_name == NULL || strlen(nfacct_name) == 0)
+               this->m_NfacctName[0] = '\0';
+       else
+               g_strlcpy(this->m_NfacctName, nfacct_name, NFACCT_NAME_LEN);
+
+       if (target_name == NULL || strlen(target_name) == 0)
+               this->m_TargetName[0] = '\0';
+       else
+               g_strlcpy(this->m_TargetName, target_name, TARGET_NAME_LEN);
+
+       this->m_target_type = target_type;
+       this->m_protocol = protocol;
+
+       this->m_s_ip_type = s_ip_type;
+       this->m_d_ip_type = d_ip_type;
+
+       if (s_ip1 == NULL || strlen(s_ip1) == 0)
+               this->m_s_ip1.s_addr = 0;
+       else
+               inet_aton(s_ip1, &this->m_s_ip1);
+
+       if (s_ip2 == NULL || strlen(s_ip2) == 0)
+               this->m_s_ip2.s_addr = 0;
+       else
+               inet_aton(s_ip2, &this->m_s_ip2);
+
+       if (d_ip1 == NULL || strlen(d_ip1) == 0)
+               this->m_d_ip1.s_addr = 0;
+       else
+               inet_aton(d_ip1, &this->m_d_ip1);
+
+       if (d_ip2 == NULL || strlen(d_ip2) == 0)
+               this->m_d_ip2.s_addr = 0;
+       else
+               inet_aton(d_ip2, &this->m_d_ip2);
+
+       this->m_s_port_type = s_port_type;
+       this->m_d_port_type = d_port_type;
+
+       if (s_port1 > 0)
+               this->m_s_port1 = s_port1;
+
+       if (s_port2 > 0)
+               this->m_s_port2 = s_port2;
+
+       if (d_port1 > 0)
+               this->m_d_port1 = d_port1;
+
+       if (d_port2 > 0)
+               this->m_d_port2 = d_port2;
+
+       return ERROR_NONE;
+}
+
 error_e Rule::SetRule(const char *chain, ipt_direction_e direction,
                const char *iface_name, int classid, const char *nfacct_name,
                const char *target_name)
@@ -77,23 +193,79 @@ void Rule::MakeRuleParams(GVariant **params)
 
        builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}"));
 
-       g_variant_builder_add(builder, "{sv}", RULE_CHAIN,
-               g_variant_new_string(this->m_ChainName));
+       if (this->m_ChainName[0] != '\0')
+               g_variant_builder_add(builder, "{sv}", RULE_CHAIN,
+                       g_variant_new_string(this->m_ChainName));
 
        g_variant_builder_add(builder, "{sv}", RULE_DIRECTION,
                g_variant_new_uint32(this->m_Direction));
 
-       g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
-               g_variant_new_string(this->m_IfaceName));
+       if (this->m_IfaceName[0] != '\0')
+               g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
+                       g_variant_new_string(this->m_IfaceName));
 
        g_variant_builder_add(builder, "{sv}", RULE_CGROUP,
                g_variant_new_uint32(this->m_ClassID));
 
-       g_variant_builder_add(builder, "{sv}", RULE_NFACCT,
-               g_variant_new_string(this->m_NfacctName));
+       if (this->m_NfacctName[0] != '\0')
+               g_variant_builder_add(builder, "{sv}", RULE_NFACCT,
+                       g_variant_new_string(this->m_NfacctName));
+
+       if (this->m_TargetName[0] != '\0')
+               g_variant_builder_add(builder, "{sv}", RULE_TARGET,
+                       g_variant_new_string(this->m_TargetName));
+
+       if (this->m_protocol > 0)
+               g_variant_builder_add(builder, "{sv}", RULE_PROTOCOL,
+                                     g_variant_new_uint16(this->m_protocol));
+
+       if (this->m_s_ip_type > 0)
+               g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE,
+                                     g_variant_new_uint16(this->m_s_ip_type));
+
+       if (this->m_d_ip_type > 0)
+               g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE,
+                                     g_variant_new_uint16(this->m_d_ip_type));
+
+       if (this->m_s_ip1.s_addr)
+               g_variant_builder_add(builder, "{sv}", RULE_SIP1,
+                                     g_variant_new_uint32(this->m_s_ip1.s_addr));
+
+       if (this->m_s_ip2.s_addr)
+               g_variant_builder_add(builder, "{sv}", RULE_SIP2,
+                                     g_variant_new_uint32(this->m_s_ip2.s_addr));
 
-       g_variant_builder_add(builder, "{sv}", RULE_TARGET,
-               g_variant_new_string(this->m_TargetName));
+       if (this->m_d_ip1.s_addr)
+               g_variant_builder_add(builder, "{sv}", RULE_DIP1,
+                                     g_variant_new_uint32(this->m_d_ip1.s_addr));
+
+       if (this->m_d_ip2.s_addr)
+               g_variant_builder_add(builder, "{sv}", RULE_DIP2,
+                                     g_variant_new_uint32(this->m_d_ip2.s_addr));
+
+       if (this->m_s_port_type > 0)
+               g_variant_builder_add(builder, "{sv}", RULE_SPORTTYPE,
+                                     g_variant_new_uint16(this->m_s_port_type));
+
+       if (this->m_d_port_type > 0)
+               g_variant_builder_add(builder, "{sv}", RULE_DPORTTYPE,
+                                     g_variant_new_uint16(this->m_d_port_type));
+
+       if (this->m_s_port1 > 0)
+               g_variant_builder_add(builder, "{sv}", RULE_SPORT1,
+                                     g_variant_new_uint32(this->m_s_port1));
+
+       if (this->m_s_port2 > 0)
+               g_variant_builder_add(builder, "{sv}", RULE_SPORT2,
+                                     g_variant_new_uint32(this->m_s_port2));
+
+       if (this->m_d_port1 > 0)
+               g_variant_builder_add(builder, "{sv}", RULE_DPORT1,
+                                     g_variant_new_uint32(this->m_d_port1));
+
+       if (this->m_d_port2 > 0)
+               g_variant_builder_add(builder, "{sv}", RULE_DPORT2,
+                                     g_variant_new_uint32(this->m_d_port2));
 
        *params = g_variant_new("(a{sv})", builder);
        g_variant_builder_unref(builder);
@@ -233,4 +405,4 @@ error_e Rule::Remove6Rule(void)
        g_variant_unref(message);
 
        return ERROR_NONE;
-}
\ No newline at end of file
+}

diff --git a/unittest/rule.h b/unittest/rule.h
index 1a9372a..9180bd2 100755 (executable)
--- a/unittest/rule.h
+++ b/unittest/rule.h
@@ -18,6 +18,7 @@
 
 #include <glib.h>
 #include <gio/gio.h>
+#include <arpa/inet.h>
 
 #include "stcmgr.h"
 #include "gdbus.h"
@@ -29,6 +30,7 @@
 #define RULE_NFACCT     "nfacct"
 #define RULE_PROTOCOL   "protocol"
 #define RULE_TARGET     "target"
+#define RULE_TARGETTYPE "target_type"
 
 #define RULE_SIPTYPE    "s_ip_type"
 #define RULE_SIP1       "s_ip1"
@@ -54,6 +56,39 @@ typedef enum {
        IPT_RULE_OUT
 } ipt_direction_e;
 
+typedef enum {
+       IPT_IP_NONE,
+       IPT_IP_SINGLE,
+       IPT_IP_MASK,
+       IPT_IP_RANGE
+} ipt_ip_type_e;
+
+typedef enum {
+       IPT_PORT_NONE,
+       IPT_PORT_SINGLE,
+       IPT_PORT_RANGE
+} ipt_port_type_e;
+
+typedef enum {
+       IPT_PROTOCOL_NONE,
+       IPT_PROTOCOL_TCP,
+       IPT_PROTOCOL_UDP,
+       IPT_PROTOCOL_ICMP,
+       IPT_PROTOCOL_ESP,
+       IPT_PROTOCOL_AH,
+       IPT_PROTOCOL_SCTP,
+       IPT_PROTOCOL_MH,
+       IPT_PROTOCOL_ALL,
+} ipt_protocol_type_e;
+
+typedef enum {
+       IPT_ACTION_NONE,
+       IPT_ACTION_ACCEPT,
+       IPT_ACTION_DROP,
+       IPT_ACTION_LOG,
+       IPT_ACTION_NFLOG,
+} ipt_target_action_e;
+
 class Rule : public GDbus {
 private:
        char m_ChainName[CHAIN_NAME_LEN];
@@ -61,10 +96,39 @@ private:
        char m_NfacctName[NFACCT_NAME_LEN];
        char m_TargetName[TARGET_NAME_LEN];
        int m_ClassID;
+       ipt_target_action_e m_target_type;
+       ipt_protocol_type_e m_protocol;
+       ipt_ip_type_e m_s_ip_type;
+       ipt_ip_type_e m_d_ip_type;
+       ipt_port_type_e m_s_port_type;
+       ipt_port_type_e m_d_port_type;
+       struct in_addr m_s_ip1;
+       struct in_addr m_s_ip2;
+       struct in_addr m_d_ip1;
+       struct in_addr m_d_ip2;
+       unsigned int m_s_port1;
+       unsigned int m_s_port2;
+       unsigned int m_d_port1;
+       unsigned int m_d_port2;
        ipt_direction_e m_Direction;
 public:
        Rule();
        ~Rule();
+       void InitialiseRuleSet(void);
+
+       error_e SetRule_iprange(const char *chain, ipt_direction_e direction,
+               const char *iface_name, int classid, const char *nfacct_name,
+               const char *target_name, ipt_target_action_e target_type,
+               ipt_protocol_type_e protocol,
+               ipt_ip_type_e s_ip_type,
+               ipt_ip_type_e d_ip_type,
+               const char *s_ip1, const char *s_ip2,
+               const char *d_ip1, const char *d_ip2,
+               ipt_port_type_e s_port_type,
+               ipt_port_type_e d_port_type,
+               unsigned int s_port1, unsigned int s_port2,
+               unsigned int d_port1, unsigned int d_port2);
+
        error_e SetRule(const char *chain, ipt_direction_e direction,
                const char *iface_name, int classid, const char *nfacct_name,
                const char *target_name);

diff --git a/unittest/unittest.cpp b/unittest/unittest.cpp
index d84fffc..2d4d971 100755 (executable)
--- a/unittest/unittest.cpp
+++ b/unittest/unittest.cpp
@@ -38,6 +38,20 @@ using ::testing::TestCase;
 #define TARGET_DROP    "DROP"
 #define TARGET_LOG     "LOG"
 
+#define TEST_SRC_IP_1 "192.168.10.1"
+#define TEST_SRC_IP_2 "192.168.10.9"
+#define TEST_DST_IP_1 "192.168.10.10"
+#define TEST_DST_IP_2 "192.168.10.15"
+
+#define TEST_SRC_PORT_1 80
+#define TEST_SRC_PORT_2 90
+#define TEST_DST_PORT_1 80
+#define TEST_DST_PORT_2 90
+
+#define TEST_CLASSID 8
+#define TEST_NFACCT_NAME_IN "c2_1_8_seth_w0"
+#define TEST_NFACCT_NAME_OUT "c4_1_8_seth_w0"
+
 typedef struct {
        int classid;
        const char *nfacct;
@@ -156,6 +170,68 @@ TEST(StcIptables_Rule_Set, AddOut_p)
        }
 }
 
+TEST(StcIptables_Rule_Set, AddInIprange_p)
+{
+       error_e ret = ERROR_NONE;
+       Rule rule;
+
+       ret = rule.SetRule_iprange(TEST_IN_CHAIN,
+                       IPT_RULE_IN,
+                       TEST_IFNAME,
+                       TEST_CLASSID,
+                       TEST_NFACCT_NAME_IN,
+                       TARGET_ACCEPT,
+                       IPT_ACTION_ACCEPT,
+                       IPT_PROTOCOL_ALL,
+                       IPT_IP_RANGE,
+                       IPT_IP_RANGE,
+                       TEST_SRC_IP_1,
+                       TEST_SRC_IP_2,
+                       TEST_DST_IP_1,
+                       TEST_DST_IP_2,
+                       IPT_PORT_RANGE,
+                       IPT_PORT_RANGE,
+                       TEST_SRC_PORT_1,
+                       TEST_SRC_PORT_2,
+                       TEST_DST_PORT_1,
+                       TEST_DST_PORT_2);
+       EXPECT_EQ(ERROR_NONE, ret);
+
+       ret = rule.AddRule();
+       EXPECT_EQ(ERROR_NONE, ret);
+}
+
+TEST(StcIptables_Rule_Set, AddOutIprange_p)
+{
+       error_e ret = ERROR_NONE;
+       Rule rule;
+
+       ret = rule.SetRule_iprange(TEST_OUT_CHAIN,
+                       IPT_RULE_OUT,
+                       TEST_IFNAME,
+                       TEST_CLASSID,
+                       TEST_NFACCT_NAME_OUT,
+                       TARGET_ACCEPT,
+                       IPT_ACTION_ACCEPT,
+                       IPT_PROTOCOL_ALL,
+                       IPT_IP_RANGE,
+                       IPT_IP_RANGE,
+                       TEST_SRC_IP_1,
+                       TEST_SRC_IP_2,
+                       TEST_DST_IP_1,
+                       TEST_DST_IP_2,
+                       IPT_PORT_RANGE,
+                       IPT_PORT_RANGE,
+                       TEST_SRC_PORT_1,
+                       TEST_SRC_PORT_2,
+                       TEST_DST_PORT_1,
+                       TEST_DST_PORT_2);
+       EXPECT_EQ(ERROR_NONE, ret);
+
+       ret = rule.AddRule();
+       EXPECT_EQ(ERROR_NONE, ret);
+}
+
 TEST(StcIptables_Rule_Unset, RemoveIn_p)
 {
        error_e ret = ERROR_NONE;
@@ -202,6 +278,68 @@ TEST(StcIptables_Rule_Unset, RemoveOut_p)
        }
 }
 
+TEST(StcIptables_Rule_Set, RemoveInIprange_p)
+{
+       error_e ret = ERROR_NONE;
+       Rule rule;
+
+       ret = rule.SetRule_iprange(TEST_IN_CHAIN,
+                       IPT_RULE_IN,
+                       TEST_IFNAME,
+                       TEST_CLASSID,
+                       TEST_NFACCT_NAME_IN,
+                       TARGET_ACCEPT,
+                       IPT_ACTION_ACCEPT,
+                       IPT_PROTOCOL_ALL,
+                       IPT_IP_RANGE,
+                       IPT_IP_RANGE,
+                       TEST_SRC_IP_1,
+                       TEST_SRC_IP_2,
+                       TEST_DST_IP_1,
+                       TEST_DST_IP_2,
+                       IPT_PORT_RANGE,
+                       IPT_PORT_RANGE,
+                       TEST_SRC_PORT_1,
+                       TEST_SRC_PORT_2,
+                       TEST_DST_PORT_1,
+                       TEST_DST_PORT_2);
+       EXPECT_EQ(ERROR_NONE, ret);
+
+       ret = rule.RemoveRule();
+       EXPECT_EQ(ERROR_NONE, ret);
+}
+
+TEST(StcIptables_Rule_Set, RemoveOutIprange_p)
+{
+       error_e ret = ERROR_NONE;
+       Rule rule;
+
+       ret = rule.SetRule_iprange(TEST_OUT_CHAIN,
+                       IPT_RULE_OUT,
+                       TEST_IFNAME,
+                       TEST_CLASSID,
+                       TEST_NFACCT_NAME_OUT,
+                       TARGET_ACCEPT,
+                       IPT_ACTION_ACCEPT,
+                       IPT_PROTOCOL_ALL,
+                       IPT_IP_RANGE,
+                       IPT_IP_RANGE,
+                       TEST_SRC_IP_1,
+                       TEST_SRC_IP_2,
+                       TEST_DST_IP_1,
+                       TEST_DST_IP_2,
+                       IPT_PORT_RANGE,
+                       IPT_PORT_RANGE,
+                       TEST_SRC_PORT_1,
+                       TEST_SRC_PORT_2,
+                       TEST_DST_PORT_1,
+                       TEST_DST_PORT_2);
+       EXPECT_EQ(ERROR_NONE, ret);
+
+       ret = rule.RemoveRule();
+       EXPECT_EQ(ERROR_NONE, ret);
+}
+
 TEST(StcIptables_Chain_Unset, Flush_p)
 {
        error_e ret = ERROR_NONE;