IpTunnel_test.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  14. */
  15. #include "benc/String.h"
  16. #include "benc/Dict.h"
  17. #include "benc/serialization/standard/BencMessageWriter.h"
  18. #include "memory/Allocator.h"
  19. #include "memory/MallocAllocator.h"
  20. #include "interface/tuntap/TUNMessageType.h"
  21. #include "util/log/Log.h"
  22. #include "util/log/FileWriterLog.h"
  23. #include "util/events/EventBase.h"
  24. #include "crypto/random/Random.h"
  25. #include "crypto/Key.h"
  26. #include "tunnel/IpTunnel.h"
  27. #include "util/Bits.h"
  28. #include "util/Checksum.h"
  29. #include "util/CString.h"
  30. #include "util/Escape.h"
  31. #include "util/GlobalConfig.h"
  32. #include "wire/DataHeader.h"
  33. #include "wire/Message.h"
  34. #include "wire/Headers.h"
  35. #include "wire/Ethernet.h"
  36. struct Context
  37. {
  38. struct Allocator* alloc;
  39. struct Log* log;
  40. struct Random* rand;
  41. struct EventBase* base;
  42. uint8_t pubKey[32];
  43. uint8_t ipv6[16];
  44. // Per-request
  45. uint8_t sendingAddress[16];
  46. String* expectedResponse;
  47. int called;
  48. Identity
  49. };
  50. struct IfaceContext
  51. {
  52. struct Iface iface;
  53. struct Context* ctx;
  54. };
  55. static Iface_DEFUN responseWithIpCallback(struct Message* message, struct Iface* iface)
  56. {
  57. struct Context* ctx = Identity_check(((struct IfaceContext*)iface)->ctx);
  58. struct RouteHeader* rh = (struct RouteHeader*) message->msgbytes;
  59. Assert_true(!Bits_memcmp(ctx->ipv6, rh->ip6, 16));
  60. Assert_true(!Bits_memcmp(ctx->pubKey, rh->publicKey, 32));
  61. Er_assert(Message_eshift(message, -(RouteHeader_SIZE + DataHeader_SIZE)));
  62. struct Headers_IP6Header* ip = (struct Headers_IP6Header*) message->msgbytes;
  63. Assert_true(Headers_getIpVersion(ip) == 6);
  64. uint16_t length = Endian_bigEndianToHost16(ip->payloadLength_be);
  65. Assert_true(length + Headers_IP6Header_SIZE == Message_getLength(message));
  66. Assert_true(ip->nextHeader == 17);
  67. Assert_true(Bits_isZero(ip->sourceAddr, 32));
  68. Er_assert(Message_eshift(message, -Headers_IP6Header_SIZE));
  69. struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->msgbytes;
  70. Assert_true(!Checksum_udpIp6_be(ip->sourceAddr, message->msgbytes, length));
  71. Assert_true(uh->srcPort_be == 0);
  72. Assert_true(uh->destPort_be == 0);
  73. Assert_true(Endian_bigEndianToHost16(uh->length_be) + Headers_UDPHeader_SIZE == length);
  74. Er_assert(Message_eshift(message, -Headers_UDPHeader_SIZE));
  75. struct Allocator* alloc = Allocator_child(ctx->alloc);
  76. char* messageContent = Escape_getEscaped(message->msgbytes, Message_getLength(message), alloc);
  77. char* expectedContent =
  78. Escape_getEscaped(ctx->expectedResponse->bytes, ctx->expectedResponse->len, alloc);
  79. Log_debug(ctx->log, "Response: [%s]", messageContent);
  80. Log_debug(ctx->log, "Expected: [%s]", expectedContent);
  81. Allocator_free(alloc);
  82. // We can't check that the message is an exact match because the padding depends on the
  83. // alignment of the output but we can make sure the right content is there...
  84. // Message should start with "d0000" (with some number of zeros)
  85. Assert_true((int)ctx->expectedResponse->len == Message_getLength(message));
  86. Assert_true(!Bits_memcmp(message->msgbytes, ctx->expectedResponse->bytes, Message_getLength(message)));
  87. ctx->called |= 2;
  88. return NULL;
  89. }
  90. static Iface_DEFUN messageToTun(struct Message* msg, struct Iface* iface)
  91. {
  92. struct Context* ctx = Identity_check(((struct IfaceContext*)iface)->ctx);
  93. uint16_t type = Er_assert(TUNMessageType_pop(msg));
  94. if (type == Ethernet_TYPE_IP6) {
  95. struct Headers_IP6Header* ip = (struct Headers_IP6Header*) msg->msgbytes;
  96. Assert_true(Headers_getIpVersion(ip) == 6);
  97. Assert_true(!Bits_memcmp(ip->sourceAddr, ctx->sendingAddress, 16));
  98. Er_assert(Message_eshift(msg, -Headers_IP6Header_SIZE));
  99. ctx->called |= 4;
  100. } else if (type == Ethernet_TYPE_IP4) {
  101. struct Headers_IP4Header* ip = (struct Headers_IP4Header*) msg->msgbytes;
  102. Assert_true(Headers_getIpVersion(ip) == 4);
  103. Assert_true(!Bits_memcmp(ip->sourceAddr, ctx->sendingAddress, 4));
  104. Er_assert(Message_eshift(msg, -Headers_IP4Header_SIZE));
  105. ctx->called |= 1;
  106. } else {
  107. Assert_failure("unrecognized message type %u", (unsigned int)type);
  108. }
  109. Assert_true(Message_getLength(msg) == 12 && CString_strcmp(msg->msgbytes, "hello world") == 0);
  110. return NULL;
  111. }
  112. static void pushRouteDataHeaders(struct Context* ctx, struct Message* message)
  113. {
  114. Er_assert(Message_eshift(message, RouteHeader_SIZE + DataHeader_SIZE));
  115. struct RouteHeader* rh = (struct RouteHeader*) message->msgbytes;
  116. struct DataHeader* dh = (struct DataHeader*) &rh[1];
  117. Bits_memset(rh, 0, RouteHeader_SIZE + DataHeader_SIZE);
  118. Bits_memcpy(rh->ip6, ctx->ipv6, 16);
  119. Bits_memcpy(rh->publicKey, ctx->pubKey, 32);
  120. DataHeader_setContentType(dh, ContentType_IPTUN);
  121. }
  122. static bool trySend4(struct Allocator* alloc,
  123. uint32_t addr,
  124. struct Iface* sendTo,
  125. struct Context* ctx)
  126. {
  127. struct Message* msg4 = Message_new(0, 512, alloc);
  128. Er_assert(Message_epush(msg4, "hello world", 12));
  129. Er_assert(Message_epush(msg4, NULL, Headers_IP4Header_SIZE));
  130. struct Headers_IP4Header* iph = (struct Headers_IP4Header*) msg4->msgbytes;
  131. Headers_setIpVersion(iph);
  132. uint32_t addr_be = Endian_hostToBigEndian32(addr);
  133. Bits_memcpy(iph->sourceAddr, &addr_be, 4);
  134. Bits_memcpy(ctx->sendingAddress, &addr_be, 4);
  135. Bits_memcpy(iph->destAddr, ((uint8_t[]){ 11, 0, 0, 1 }), 4);
  136. pushRouteDataHeaders(ctx, msg4);
  137. Iface_send(sendTo, msg4);
  138. if (ctx->called == 1) {
  139. ctx->called = 0;
  140. return true;
  141. }
  142. Assert_true(ctx->called == 0);
  143. return false;
  144. }
  145. static bool trySend6(struct Allocator* alloc,
  146. uint64_t addrHigh,
  147. uint64_t addrLow,
  148. struct Iface* sendTo,
  149. struct Context* ctx)
  150. {
  151. struct Message* msg6 = Message_new(0, 512, alloc);
  152. Er_assert(Message_epush(msg6, "hello world", 12));
  153. Er_assert(Message_epush(msg6, NULL, Headers_IP6Header_SIZE));
  154. struct Headers_IP6Header* iph = (struct Headers_IP6Header*) msg6->msgbytes;
  155. Headers_setIpVersion(iph);
  156. uint64_t addrHigh_be = Endian_hostToBigEndian64(addrHigh);
  157. uint64_t addrLow_be = Endian_hostToBigEndian64(addrLow);
  158. Bits_memcpy(iph->sourceAddr, &addrHigh_be, 8);
  159. Bits_memcpy(&iph->sourceAddr[8], &addrLow_be, 8);
  160. Bits_memcpy(ctx->sendingAddress, iph->sourceAddr, 16);
  161. uint8_t destAddr[16] = { 20, 01 };
  162. destAddr[15] = 1;
  163. Bits_memcpy(iph->destinationAddr, destAddr, 16);
  164. pushRouteDataHeaders(ctx, msg6);
  165. Iface_send(sendTo, msg6);
  166. if (ctx->called == 4) {
  167. ctx->called = 0;
  168. return true;
  169. }
  170. Assert_true(ctx->called == 0);
  171. return false;
  172. }
  173. static String* getExpectedResponse(struct Sockaddr* sa4, int prefix4, int alloc4,
  174. struct Sockaddr* sa6, int prefix6, int alloc6,
  175. struct Allocator* allocator)
  176. {
  177. Assert_true(alloc6 >= prefix6);
  178. Assert_true(alloc4 >= prefix4);
  179. struct Allocator* alloc = Allocator_child(allocator);
  180. Dict* addresses = Dict_new(alloc);
  181. if (sa4) {
  182. uint8_t* addr = NULL;
  183. Assert_true(Sockaddr_getAddress(sa4, &addr) == 4);
  184. String* addrStr = String_newBinary(addr, 4, alloc);
  185. Dict_putString(addresses, String_new("ip4", alloc), addrStr, alloc);
  186. Dict_putInt(addresses, String_new("ip4Prefix", alloc), prefix4, alloc);
  187. Dict_putInt(addresses, String_new("ip4Alloc", alloc), alloc4, alloc);
  188. }
  189. if (sa6) {
  190. uint8_t* addr = NULL;
  191. Assert_true(Sockaddr_getAddress(sa6, &addr) == 16);
  192. String* addrStr = String_newBinary(addr, 16, alloc);
  193. Dict_putString(addresses, String_new("ip6", alloc), addrStr, alloc);
  194. Dict_putInt(addresses, String_new("ip6Prefix", alloc), prefix6, alloc);
  195. Dict_putInt(addresses, String_new("ip6Alloc", alloc), alloc6, alloc);
  196. }
  197. Dict* output = Dict_new(alloc);
  198. Dict_putDict(output, String_new("addresses", alloc), addresses, alloc);
  199. Dict_putString(output, String_new("txid", alloc), String_new("abcd", alloc), alloc);
  200. struct Message* msg = Message_new(0, 512, alloc);
  201. Er_assert(BencMessageWriter_write(output, msg));
  202. String* outStr = String_newBinary(msg->msgbytes, Message_getLength(msg), allocator);
  203. Allocator_free(alloc);
  204. return outStr;
  205. }
  206. static void testAddr(struct Context* ctx,
  207. char* addr4, int prefix4, int alloc4,
  208. char* addr6, int prefix6, int alloc6)
  209. {
  210. struct Allocator* alloc = Allocator_child(ctx->alloc);
  211. struct GlobalConfig* gc = GlobalConfig_new(alloc);
  212. struct IpTunnel* ipTun = IpTunnel_new(ctx->log, ctx->base, alloc, ctx->rand, NULL, gc);
  213. struct Sockaddr* sa4 = NULL;
  214. struct Sockaddr_storage ip6ToGive;
  215. struct Sockaddr_storage ip4ToGive;
  216. if (addr4) {
  217. Assert_true(!Sockaddr_parse(addr4, &ip4ToGive));
  218. sa4 = &ip4ToGive.addr;
  219. Assert_true(Sockaddr_getFamily(sa4) == Sockaddr_AF_INET);
  220. }
  221. struct Sockaddr* sa6 = NULL;
  222. if (addr6) {
  223. Assert_true(!Sockaddr_parse(addr6, &ip6ToGive));
  224. sa6 = &ip6ToGive.addr;
  225. Assert_true(Sockaddr_getFamily(sa6) == Sockaddr_AF_INET6);
  226. }
  227. IpTunnel_allowConnection(ctx->pubKey,
  228. sa6, prefix6, alloc6,
  229. sa4, prefix4, alloc4,
  230. ipTun);
  231. struct Message* msg = Message_new(64, 512, alloc);
  232. const char* requestForAddresses =
  233. "d"
  234. "1:q" "21:IpTunnel_getAddresses"
  235. "4:txid" "4:abcd"
  236. "e";
  237. CString_strcpy(msg->msgbytes, requestForAddresses);
  238. Er_assert(Message_truncate(msg, CString_strlen(requestForAddresses)));
  239. Er_assert(Message_epush(msg, NULL, Headers_UDPHeader_SIZE));
  240. struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) msg->msgbytes;
  241. uh->length_be = Endian_hostToBigEndian16(Message_getLength(msg) - Headers_UDPHeader_SIZE);
  242. uint16_t* checksum_be = &((struct Headers_UDPHeader*) msg->msgbytes)->checksum_be;
  243. *checksum_be = 0;
  244. uint32_t length = Message_getLength(msg);
  245. // Because of old reasons, we need to have at least an empty IPv6 header
  246. Er_assert(Message_epush(msg, NULL, Headers_IP6Header_SIZE));
  247. struct Headers_IP6Header* ip = (struct Headers_IP6Header*) msg->msgbytes;
  248. Headers_setIpVersion(ip);
  249. ip->payloadLength_be = Endian_hostToBigEndian16(Message_getLength(msg) - Headers_IP6Header_SIZE);
  250. ip->nextHeader = 17;
  251. *checksum_be = Checksum_udpIp6_be(ip->sourceAddr, (uint8_t*) uh, length);
  252. pushRouteDataHeaders(ctx, msg);
  253. struct IfaceContext* nodeIf = Allocator_calloc(alloc, sizeof(struct IfaceContext), 1);
  254. nodeIf->ctx = ctx;
  255. nodeIf->iface.send = responseWithIpCallback;
  256. struct IfaceContext* tunIf = Allocator_calloc(alloc, sizeof(struct IfaceContext), 1);
  257. tunIf->ctx = ctx;
  258. tunIf->iface.send = messageToTun;
  259. Iface_plumb(&nodeIf->iface, &ipTun->nodeInterface);
  260. Iface_plumb(&tunIf->iface, &ipTun->tunInterface);
  261. ctx->expectedResponse =
  262. getExpectedResponse(sa4, prefix4, alloc4, sa6, prefix6, alloc6, alloc);
  263. Iface_send(&nodeIf->iface, msg);
  264. Assert_true(ctx->called == 2);
  265. ctx->called = 0;
  266. if (sa4) {
  267. uint8_t* addrBytes = NULL;
  268. Assert_true(Sockaddr_getAddress(sa4, &addrBytes) == 4);
  269. uint32_t addr;
  270. Bits_memcpy(&addr, addrBytes, 4);
  271. addr = Endian_bigEndianToHost32(addr);
  272. // Send from the address specified
  273. Assert_true(trySend4(alloc, addr, &nodeIf->iface, ctx));
  274. if (alloc4 < 32) {
  275. // Send from another (random) address in the prefix
  276. uint32_t flip = Random_uint32(ctx->rand) >> alloc4;
  277. if (prefix4 != 32) {
  278. Assert_true(trySend4(alloc, addr ^ flip, &nodeIf->iface, ctx));
  279. } else {
  280. // If netSize is not specified, we do not allow multi-address
  281. Assert_true(!trySend4(alloc, addr ^ flip, &nodeIf->iface, ctx));
  282. }
  283. } else {
  284. Assert_true(!trySend4(alloc, addr ^ 1, &nodeIf->iface, ctx));
  285. }
  286. } else {
  287. uint32_t addr = Random_uint32(ctx->rand);
  288. Assert_true(!trySend4(alloc, addr, &nodeIf->iface, ctx));
  289. }
  290. if (sa6) {
  291. uint8_t* addrBytes = NULL;
  292. Assert_true(Sockaddr_getAddress(sa6, &addrBytes) == 16);
  293. uint64_t addrHigh;
  294. uint64_t addrLow;
  295. Bits_memcpy(&addrHigh, addrBytes, 8);
  296. Bits_memcpy(&addrLow, &addrBytes[8], 8);
  297. addrHigh = Endian_bigEndianToHost64(addrHigh);
  298. addrLow = Endian_bigEndianToHost64(addrLow);
  299. Assert_true(trySend6(alloc, addrHigh, addrLow, &nodeIf->iface, ctx));
  300. if (alloc6 < 128) {
  301. // Send from another (random) address in the prefix
  302. uint64_t flipHigh = Random_uint64(ctx->rand);
  303. uint64_t flipLow = Random_uint64(ctx->rand);
  304. if (alloc6 > 64) {
  305. flipHigh = flipHigh >> (alloc6 - 64);
  306. } else {
  307. flipHigh = 0;
  308. flipLow = flipLow >> alloc6;
  309. }
  310. if (prefix6 != 128) {
  311. Assert_true(trySend6(alloc,
  312. addrHigh ^ flipHigh,
  313. addrLow ^ flipLow,
  314. &nodeIf->iface,
  315. ctx) == true);
  316. } else {
  317. // If netSize is not specified, we do not allow multi-address
  318. Assert_true(trySend6(alloc,
  319. addrHigh ^ flipHigh,
  320. addrLow ^ flipLow,
  321. &nodeIf->iface,
  322. ctx) == false);
  323. }
  324. } else {
  325. Assert_true(!trySend6(alloc, addrHigh, addrLow ^ 1, &nodeIf->iface, ctx));
  326. }
  327. } else {
  328. uint64_t addr = Random_uint64(ctx->rand);
  329. Assert_true(!trySend6(alloc, 0, addr, &nodeIf->iface, ctx));
  330. }
  331. Allocator_free(alloc);
  332. }
  333. int main()
  334. {
  335. struct Allocator* alloc = MallocAllocator_new(1<<20);
  336. struct EventBase* eb = EventBase_new(alloc);
  337. struct Log* logger = FileWriterLog_new(stdout, alloc);
  338. struct Random* rand = Random_new(alloc, logger, NULL);
  339. struct Context* ctx = Allocator_calloc(alloc, sizeof(struct Context), 1);
  340. uint8_t privateKey[32];
  341. Identity_set(ctx);
  342. ctx->alloc = alloc;
  343. ctx->log = logger;
  344. ctx->rand = rand;
  345. ctx->base = eb;
  346. Assert_true(!Key_gen(ctx->ipv6, ctx->pubKey, privateKey, rand));
  347. testAddr(ctx, "192.168.1.1", 0, 32, NULL, 0, 0);
  348. testAddr(ctx, "192.168.1.1", 16, 24, NULL, 0, 0);
  349. testAddr(ctx, "192.168.1.1", 24, 32, NULL, 0, 0);
  350. testAddr(ctx, "192.168.1.1", 16, 24, "fd00::1", 0, 64);
  351. testAddr(ctx, "192.168.1.1", 16, 24, "fd00::1", 8, 64);
  352. testAddr(ctx, "192.168.1.1", 16, 24, "fd00::1", 64, 128);
  353. EventBase_beginLoop(eb);
  354. Allocator_free(alloc);
  355. return 0;
  356. }