From: Milind Murhekar <m.murhekar@samsung.com>
Date: Fri, 14 Sep 2018 12:50:09 +0000 (+0530)
Subject: Add Gtests for iprange extention
X-Git-Tag: submit/tizen/20190726.063122~1^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F39%2F189239%2F3;p=platform%2Fcore%2Fconnectivity%2Fstc-iptables.git

Add Gtests for iprange extention

This patch adds the Global testcases to
to test iprange extention of stc-iptables.

Change-Id: Idecbb0dbec9ca30f63acacea93c91c3822adb2dc
Signed-off-by: Milind Murhekar <m.murhekar@samsung.com>
---

diff --git a/unittest/rule.cpp b/unittest/rule.cpp
index 20172fc..520ccf0 100755
--- a/unittest/rule.cpp
+++ b/unittest/rule.cpp
@@ -25,6 +25,7 @@
 Rule::Rule()
 {
 	Create();
+	InitialiseRuleSet();
 }
 
 Rule::~Rule()
@@ -32,6 +33,121 @@ Rule::~Rule()
 	Destroy();
 }
 
+void Rule::InitialiseRuleSet(void)
+{
+	memset(this->m_ChainName, 0, CHAIN_NAME_LEN);
+	memset(this->m_IfaceName, 0, IFACE_NAME_LEN);
+	memset(this->m_NfacctName, 0, NFACCT_NAME_LEN);
+	memset(this->m_TargetName, 0, TARGET_NAME_LEN);
+
+	this->m_ClassID = 0;
+	this->m_Direction = IPT_RULE_IN;
+
+	this->m_target_type = IPT_ACTION_NONE;
+	this->m_protocol = IPT_PROTOCOL_NONE;
+	this->m_s_ip_type = IPT_IP_NONE;
+	this->m_d_ip_type = IPT_IP_NONE;
+	this->m_s_ip1.s_addr = 0;
+	this->m_s_ip2.s_addr = 0;
+	this->m_d_ip1.s_addr = 0;
+	this->m_d_ip2.s_addr = 0;
+	this->m_s_port_type = IPT_PORT_NONE;
+	this->m_d_port_type = IPT_PORT_NONE;
+	this->m_s_port1 = 0;
+	this->m_s_port2 = 0;
+	this->m_d_port1 = 0;
+	this->m_d_port2 = 0;
+}
+
+error_e Rule::SetRule_iprange(const char *chain, ipt_direction_e direction,
+		const char *iface_name, int classid, const char *nfacct_name,
+		const char *target_name, ipt_target_action_e target_type,
+		ipt_protocol_type_e protocol,
+		ipt_ip_type_e s_ip_type,
+		ipt_ip_type_e d_ip_type,
+		const char *s_ip1, const char *s_ip2,
+		const char *d_ip1, const char *d_ip2,
+		ipt_port_type_e s_port_type,
+		ipt_port_type_e d_port_type,
+		unsigned int s_port1, unsigned int s_port2,
+		unsigned int d_port1, unsigned int d_port2)
+{
+	if (chain == NULL || strlen(chain) == 0)
+		this->m_ChainName[0] = '\0';
+	else
+		g_strlcpy(this->m_ChainName, chain, CHAIN_NAME_LEN);
+
+	switch (direction) {
+	case IPT_RULE_IN:
+	case IPT_RULE_OUT:
+		this->m_Direction = direction;
+		break;
+	default:
+		return ERROR_INVALID_PARAMETER;
+	}
+
+	if (iface_name == NULL || strlen(iface_name) == 0)
+		this->m_IfaceName[0] = '\0';
+	else
+		g_strlcpy(this->m_IfaceName, iface_name, IFACE_NAME_LEN);
+
+	if (classid > 0)
+		this->m_ClassID = classid;
+
+	if (nfacct_name == NULL || strlen(nfacct_name) == 0)
+		this->m_NfacctName[0] = '\0';
+	else
+		g_strlcpy(this->m_NfacctName, nfacct_name, NFACCT_NAME_LEN);
+
+	if (target_name == NULL || strlen(target_name) == 0)
+		this->m_TargetName[0] = '\0';
+	else
+		g_strlcpy(this->m_TargetName, target_name, TARGET_NAME_LEN);
+
+	this->m_target_type = target_type;
+	this->m_protocol = protocol;
+
+	this->m_s_ip_type = s_ip_type;
+	this->m_d_ip_type = d_ip_type;
+
+	if (s_ip1 == NULL || strlen(s_ip1) == 0)
+		this->m_s_ip1.s_addr = 0;
+	else
+		inet_aton(s_ip1, &this->m_s_ip1);
+
+	if (s_ip2 == NULL || strlen(s_ip2) == 0)
+		this->m_s_ip2.s_addr = 0;
+	else
+		inet_aton(s_ip2, &this->m_s_ip2);
+
+	if (d_ip1 == NULL || strlen(d_ip1) == 0)
+		this->m_d_ip1.s_addr = 0;
+	else
+		inet_aton(d_ip1, &this->m_d_ip1);
+
+	if (d_ip2 == NULL || strlen(d_ip2) == 0)
+		this->m_d_ip2.s_addr = 0;
+	else
+		inet_aton(d_ip2, &this->m_d_ip2);
+
+	this->m_s_port_type = s_port_type;
+	this->m_d_port_type = d_port_type;
+
+	if (s_port1 > 0)
+		this->m_s_port1 = s_port1;
+
+	if (s_port2 > 0)
+		this->m_s_port2 = s_port2;
+
+	if (d_port1 > 0)
+		this->m_d_port1 = d_port1;
+
+	if (d_port2 > 0)
+		this->m_d_port2 = d_port2;
+
+	return ERROR_NONE;
+}
+
 error_e Rule::SetRule(const char *chain, ipt_direction_e direction,
 		const char *iface_name, int classid, const char *nfacct_name,
 		const char *target_name)
@@ -77,23 +193,79 @@ void Rule::MakeRuleParams(GVariant **params)
 
 	builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}"));
 
-	g_variant_builder_add(builder, "{sv}", RULE_CHAIN,
-		g_variant_new_string(this->m_ChainName));
+	if (this->m_ChainName[0] != '\0')
+		g_variant_builder_add(builder, "{sv}", RULE_CHAIN,
+			g_variant_new_string(this->m_ChainName));
 
 	g_variant_builder_add(builder, "{sv}", RULE_DIRECTION,
 		g_variant_new_uint32(this->m_Direction));
 
-	g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
-		g_variant_new_string(this->m_IfaceName));
+	if (this->m_IfaceName[0] != '\0')
+		g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
+			g_variant_new_string(this->m_IfaceName));
 
 	g_variant_builder_add(builder, "{sv}", RULE_CGROUP,
 		g_variant_new_uint32(this->m_ClassID));
 
-	g_variant_builder_add(builder, "{sv}", RULE_NFACCT,
-		g_variant_new_string(this->m_NfacctName));
+	if (this->m_NfacctName[0] != '\0')
+		g_variant_builder_add(builder, "{sv}", RULE_NFACCT,
+			g_variant_new_string(this->m_NfacctName));
+
+	if (this->m_TargetName[0] != '\0')
+		g_variant_builder_add(builder, "{sv}", RULE_TARGET,
+			g_variant_new_string(this->m_TargetName));
+
+	if (this->m_protocol > 0)
+		g_variant_builder_add(builder, "{sv}", RULE_PROTOCOL,
+				      g_variant_new_uint16(this->m_protocol));
+
+	if (this->m_s_ip_type > 0)
+		g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE,
+				      g_variant_new_uint16(this->m_s_ip_type));
+
+	if (this->m_d_ip_type > 0)
+		g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE,
+				      g_variant_new_uint16(this->m_d_ip_type));
+
+	if (this->m_s_ip1.s_addr)
+		g_variant_builder_add(builder, "{sv}", RULE_SIP1,
+				      g_variant_new_uint32(this->m_s_ip1.s_addr));
+
+	if (this->m_s_ip2.s_addr)
+		g_variant_builder_add(builder, "{sv}", RULE_SIP2,
+				      g_variant_new_uint32(this->m_s_ip2.s_addr));
 
-	g_variant_builder_add(builder, "{sv}", RULE_TARGET,
-		g_variant_new_string(this->m_TargetName));
+	if (this->m_d_ip1.s_addr)
+		g_variant_builder_add(builder, "{sv}", RULE_DIP1,
+				      g_variant_new_uint32(this->m_d_ip1.s_addr));
+
+	if (this->m_d_ip2.s_addr)
+		g_variant_builder_add(builder, "{sv}", RULE_DIP2,
+				      g_variant_new_uint32(this->m_d_ip2.s_addr));
+
+	if (this->m_s_port_type > 0)
+		g_variant_builder_add(builder, "{sv}", RULE_SPORTTYPE,
+				      g_variant_new_uint16(this->m_s_port_type));
+
+	if (this->m_d_port_type > 0)
+		g_variant_builder_add(builder, "{sv}", RULE_DPORTTYPE,
+				      g_variant_new_uint16(this->m_d_port_type));
+
+	if (this->m_s_port1 > 0)
+		g_variant_builder_add(builder, "{sv}", RULE_SPORT1,
+				      g_variant_new_uint32(this->m_s_port1));
+
+	if (this->m_s_port2 > 0)
+		g_variant_builder_add(builder, "{sv}", RULE_SPORT2,
+				      g_variant_new_uint32(this->m_s_port2));
+
+	if (this->m_d_port1 > 0)
+		g_variant_builder_add(builder, "{sv}", RULE_DPORT1,
+				      g_variant_new_uint32(this->m_d_port1));
+
+	if (this->m_d_port2 > 0)
+		g_variant_builder_add(builder, "{sv}", RULE_DPORT2,
+				      g_variant_new_uint32(this->m_d_port2));
 
 	*params = g_variant_new("(a{sv})", builder);
 	g_variant_builder_unref(builder);
@@ -233,4 +405,4 @@ error_e Rule::Remove6Rule(void)
 	g_variant_unref(message);
 
 	return ERROR_NONE;
-}
\ No newline at end of file
+}
diff --git a/unittest/rule.h b/unittest/rule.h
index 1a9372a..9180bd2 100755
--- a/unittest/rule.h
+++ b/unittest/rule.h
@@ -18,6 +18,7 @@
 
 #include <glib.h>
 #include <gio/gio.h>
+#include <arpa/inet.h>
 
 #include "stcmgr.h"
 #include "gdbus.h"
@@ -29,6 +30,7 @@
 #define RULE_NFACCT     "nfacct"
 #define RULE_PROTOCOL   "protocol"
 #define RULE_TARGET     "target"
+#define RULE_TARGETTYPE "target_type"
 
 #define RULE_SIPTYPE    "s_ip_type"
 #define RULE_SIP1       "s_ip1"
@@ -54,6 +56,39 @@ typedef enum {
 	IPT_RULE_OUT
 } ipt_direction_e;
 
+typedef enum {
+	IPT_IP_NONE,
+	IPT_IP_SINGLE,
+	IPT_IP_MASK,
+	IPT_IP_RANGE
+} ipt_ip_type_e;
+
+typedef enum {
+	IPT_PORT_NONE,
+	IPT_PORT_SINGLE,
+	IPT_PORT_RANGE
+} ipt_port_type_e;
+
+typedef enum {
+	IPT_PROTOCOL_NONE,
+	IPT_PROTOCOL_TCP,
+	IPT_PROTOCOL_UDP,
+	IPT_PROTOCOL_ICMP,
+	IPT_PROTOCOL_ESP,
+	IPT_PROTOCOL_AH,
+	IPT_PROTOCOL_SCTP,
+	IPT_PROTOCOL_MH,
+	IPT_PROTOCOL_ALL,
+} ipt_protocol_type_e;
+
+typedef enum {
+	IPT_ACTION_NONE,
+	IPT_ACTION_ACCEPT,
+	IPT_ACTION_DROP,
+	IPT_ACTION_LOG,
+	IPT_ACTION_NFLOG,
+} ipt_target_action_e;
+
 class Rule : public GDbus {
 private:
 	char m_ChainName[CHAIN_NAME_LEN];
@@ -61,10 +96,39 @@ private:
 	char m_NfacctName[NFACCT_NAME_LEN];
 	char m_TargetName[TARGET_NAME_LEN];
 	int m_ClassID;
+	ipt_target_action_e m_target_type;
+	ipt_protocol_type_e m_protocol;
+	ipt_ip_type_e m_s_ip_type;
+	ipt_ip_type_e m_d_ip_type;
+	ipt_port_type_e m_s_port_type;
+	ipt_port_type_e m_d_port_type;
+	struct in_addr m_s_ip1;
+	struct in_addr m_s_ip2;
+	struct in_addr m_d_ip1;
+	struct in_addr m_d_ip2;
+	unsigned int m_s_port1;
+	unsigned int m_s_port2;
+	unsigned int m_d_port1;
+	unsigned int m_d_port2;
 	ipt_direction_e m_Direction;
 public:
 	Rule();
 	~Rule();
+	void InitialiseRuleSet(void);
+
+	error_e SetRule_iprange(const char *chain, ipt_direction_e direction,
+		const char *iface_name, int classid, const char *nfacct_name,
+		const char *target_name, ipt_target_action_e target_type,
+		ipt_protocol_type_e protocol,
+		ipt_ip_type_e s_ip_type,
+		ipt_ip_type_e d_ip_type,
+		const char *s_ip1, const char *s_ip2,
+		const char *d_ip1, const char *d_ip2,
+		ipt_port_type_e s_port_type,
+		ipt_port_type_e d_port_type,
+		unsigned int s_port1, unsigned int s_port2,
+		unsigned int d_port1, unsigned int d_port2);
+
 	error_e SetRule(const char *chain, ipt_direction_e direction,
 		const char *iface_name, int classid, const char *nfacct_name,
 		const char *target_name);
diff --git a/unittest/unittest.cpp b/unittest/unittest.cpp
index d84fffc..2d4d971 100755
--- a/unittest/unittest.cpp
+++ b/unittest/unittest.cpp
@@ -38,6 +38,20 @@ using ::testing::TestCase;
 #define TARGET_DROP    "DROP"
 #define TARGET_LOG     "LOG"
 
+#define TEST_SRC_IP_1 "192.168.10.1"
+#define TEST_SRC_IP_2 "192.168.10.9"
+#define TEST_DST_IP_1 "192.168.10.10"
+#define TEST_DST_IP_2 "192.168.10.15"
+
+#define TEST_SRC_PORT_1 80
+#define TEST_SRC_PORT_2 90
+#define TEST_DST_PORT_1 80
+#define TEST_DST_PORT_2 90
+
+#define TEST_CLASSID 8
+#define TEST_NFACCT_NAME_IN "c2_1_8_seth_w0"
+#define TEST_NFACCT_NAME_OUT "c4_1_8_seth_w0"
+
 typedef struct {
 	int classid;
 	const char *nfacct;
@@ -156,6 +170,68 @@ TEST(StcIptables_Rule_Set, AddOut_p)
 	}
 }
 
+TEST(StcIptables_Rule_Set, AddInIprange_p)
+{
+	error_e ret = ERROR_NONE;
+	Rule rule;
+
+	ret = rule.SetRule_iprange(TEST_IN_CHAIN,
+			IPT_RULE_IN,
+			TEST_IFNAME,
+			TEST_CLASSID,
+			TEST_NFACCT_NAME_IN,
+			TARGET_ACCEPT,
+			IPT_ACTION_ACCEPT,
+			IPT_PROTOCOL_ALL,
+			IPT_IP_RANGE,
+			IPT_IP_RANGE,
+			TEST_SRC_IP_1,
+			TEST_SRC_IP_2,
+			TEST_DST_IP_1,
+			TEST_DST_IP_2,
+			IPT_PORT_RANGE,
+			IPT_PORT_RANGE,
+			TEST_SRC_PORT_1,
+			TEST_SRC_PORT_2,
+			TEST_DST_PORT_1,
+			TEST_DST_PORT_2);
+	EXPECT_EQ(ERROR_NONE, ret);
+
+	ret = rule.AddRule();
+	EXPECT_EQ(ERROR_NONE, ret);
+}
+
+TEST(StcIptables_Rule_Set, AddOutIprange_p)
+{
+	error_e ret = ERROR_NONE;
+	Rule rule;
+
+	ret = rule.SetRule_iprange(TEST_OUT_CHAIN,
+			IPT_RULE_OUT,
+			TEST_IFNAME,
+			TEST_CLASSID,
+			TEST_NFACCT_NAME_OUT,
+			TARGET_ACCEPT,
+			IPT_ACTION_ACCEPT,
+			IPT_PROTOCOL_ALL,
+			IPT_IP_RANGE,
+			IPT_IP_RANGE,
+			TEST_SRC_IP_1,
+			TEST_SRC_IP_2,
+			TEST_DST_IP_1,
+			TEST_DST_IP_2,
+			IPT_PORT_RANGE,
+			IPT_PORT_RANGE,
+			TEST_SRC_PORT_1,
+			TEST_SRC_PORT_2,
+			TEST_DST_PORT_1,
+			TEST_DST_PORT_2);
+	EXPECT_EQ(ERROR_NONE, ret);
+
+	ret = rule.AddRule();
+	EXPECT_EQ(ERROR_NONE, ret);
+}
+
 TEST(StcIptables_Rule_Unset, RemoveIn_p)
 {
 	error_e ret = ERROR_NONE;
@@ -202,6 +278,68 @@ TEST(StcIptables_Rule_Unset, RemoveOut_p)
 	}
 }
 
+TEST(StcIptables_Rule_Set, RemoveInIprange_p)
+{
+	error_e ret = ERROR_NONE;
+	Rule rule;
+
+	ret = rule.SetRule_iprange(TEST_IN_CHAIN,
+			IPT_RULE_IN,
+			TEST_IFNAME,
+			TEST_CLASSID,
+			TEST_NFACCT_NAME_IN,
+			TARGET_ACCEPT,
+			IPT_ACTION_ACCEPT,
+			IPT_PROTOCOL_ALL,
+			IPT_IP_RANGE,
+			IPT_IP_RANGE,
+			TEST_SRC_IP_1,
+			TEST_SRC_IP_2,
+			TEST_DST_IP_1,
+			TEST_DST_IP_2,
+			IPT_PORT_RANGE,
+			IPT_PORT_RANGE,
+			TEST_SRC_PORT_1,
+			TEST_SRC_PORT_2,
+			TEST_DST_PORT_1,
+			TEST_DST_PORT_2);
+	EXPECT_EQ(ERROR_NONE, ret);
+
+	ret = rule.RemoveRule();
+	EXPECT_EQ(ERROR_NONE, ret);
+}
+
+TEST(StcIptables_Rule_Set, RemoveOutIprange_p)
+{
+	error_e ret = ERROR_NONE;
+	Rule rule;
+
+	ret = rule.SetRule_iprange(TEST_OUT_CHAIN,
+			IPT_RULE_OUT,
+			TEST_IFNAME,
+			TEST_CLASSID,
+			TEST_NFACCT_NAME_OUT,
+			TARGET_ACCEPT,
+			IPT_ACTION_ACCEPT,
+			IPT_PROTOCOL_ALL,
+			IPT_IP_RANGE,
+			IPT_IP_RANGE,
+			TEST_SRC_IP_1,
+			TEST_SRC_IP_2,
+			TEST_DST_IP_1,
+			TEST_DST_IP_2,
+			IPT_PORT_RANGE,
+			IPT_PORT_RANGE,
+			TEST_SRC_PORT_1,
+			TEST_SRC_PORT_2,
+			TEST_DST_PORT_1,
+			TEST_DST_PORT_2);
+	EXPECT_EQ(ERROR_NONE, ret);
+
+	ret = rule.RemoveRule();
+	EXPECT_EQ(ERROR_NONE, ret);
+}
+
 TEST(StcIptables_Chain_Unset, Flush_p)
 {
 	error_e ret = ERROR_NONE;