Move TCP keepalive filter test cases from ApfTest.java to ApfFilterTest.kt
Test: atest NetworkStackTests
Change-Id: I95f6564b2eab9168dfb33dc58fd6c00afd8b51f4
diff --git a/tests/unit/src/android/net/apf/ApfFilterTest.kt b/tests/unit/src/android/net/apf/ApfFilterTest.kt
index adefefa..c43f863 100644
--- a/tests/unit/src/android/net/apf/ApfFilterTest.kt
+++ b/tests/unit/src/android/net/apf/ApfFilterTest.kt
@@ -20,6 +20,7 @@
import android.net.LinkProperties
import android.net.MacAddress
import android.net.NattKeepalivePacketDataParcelable
+import android.net.TcpKeepalivePacketDataParcelable
import android.net.apf.ApfCounterTracker.Counter.DROPPED_ARP_NON_IPV4
import android.net.apf.ApfCounterTracker.Counter.DROPPED_ARP_OTHER_HOST
import android.net.apf.ApfCounterTracker.Counter.DROPPED_ARP_REPLY_SPA_NO_HOST
@@ -30,6 +31,7 @@
import android.net.apf.ApfCounterTracker.Counter.DROPPED_GARP_REPLY
import android.net.apf.ApfCounterTracker.Counter.DROPPED_IPV4_BROADCAST_ADDR
import android.net.apf.ApfCounterTracker.Counter.DROPPED_IPV4_BROADCAST_NET
+import android.net.apf.ApfCounterTracker.Counter.DROPPED_IPV4_KEEPALIVE_ACK
import android.net.apf.ApfCounterTracker.Counter.DROPPED_IPV4_L2_BROADCAST
import android.net.apf.ApfCounterTracker.Counter.DROPPED_IPV4_MULTICAST
import android.net.apf.ApfCounterTracker.Counter.DROPPED_IPV4_NATT_KEEPALIVE
@@ -670,6 +672,120 @@
}
@Test
+ fun testIPv4TcpKeepaliveFilter() {
+ val srcAddr = byteArrayOf(10, 0, 0, 5)
+ val dstAddr = byteArrayOf(10, 0, 0, 6)
+ val srcPort = 12345
+ val dstPort = 54321
+ val seqNum = 2123456789
+ val ackNum = 1234567890
+
+ // src: 10.0.0.5:12345
+ // dst: 10.0.0.6:54321
+ val parcel = TcpKeepalivePacketDataParcelable()
+ parcel.srcAddress = InetAddress.getByAddress(srcAddr).address
+ parcel.srcPort = srcPort
+ parcel.dstAddress = InetAddress.getByAddress(dstAddr).address
+ parcel.dstPort = dstPort
+ parcel.seq = seqNum
+ parcel.ack = ackNum
+
+ val apfConfig = getDefaultConfig()
+ apfConfig.multicastFilter = true
+ apfConfig.ieee802_3Filter = true
+ val apfFilter = getApfFilter(apfConfig)
+ consumeInstalledProgram(ipClientCallback, installCnt = 2)
+ apfFilter.addTcpKeepalivePacketFilter(1, parcel)
+ var program = consumeInstalledProgram(ipClientCallback, installCnt = 1)
+
+ // Drop IPv4 keepalive ack
+ // Using scapy to generate IPv4 TCP keepalive ack packet with seq + 1:
+ // eth = Ether(src="00:01:02:03:04:05", dst="01:02:03:04:05:06")
+ // ip = IP(src='10.0.0.6', dst='10.0.0.5')
+ // tcp = TCP(sport=54321, dport=12345, flags="A", seq=1234567890, ack=2123456790)
+ // pkt = eth/ip/tcp
+ val keepaliveAckPkt = """
+ 01020304050600010203040508004500002800010000400666c50a0000060a000005d4313039499602d2
+ 7e916116501020004b4f0000
+ """.replace("\\s+".toRegex(), "").trim()
+ verifyProgramRun(
+ APF_VERSION_6,
+ program,
+ HexDump.hexStringToByteArray(keepaliveAckPkt),
+ DROPPED_IPV4_KEEPALIVE_ACK
+ )
+
+ // Pass IPv4 non-keepalive ack from the same source address
+ // Using scapy to generate IPv4 TCP non-keepalive ack from the same source address:
+ // eth = Ether(src="00:01:02:03:04:05", dst="01:02:03:04:05:06")
+ // ip = IP(src='10.0.0.6', dst='10.0.0.5')
+ // tcp = TCP(sport=54321, dport=12345, flags="A", seq=1234567990, ack=2123456789)
+ // pkt = eth/ip/tcp
+ val nonKeepaliveAckPkt1 = """
+ 01020304050600010203040508004500002800010000400666c50a0000060a000005d431303949960336
+ 7e916115501020004aec0000
+ """.replace("\\s+".toRegex(), "").trim()
+ verifyProgramRun(
+ APF_VERSION_6,
+ program,
+ HexDump.hexStringToByteArray(nonKeepaliveAckPkt1),
+ PASSED_IPV4_UNICAST
+ )
+
+ // Pass IPv4 non-keepalive ack from the same source address
+ // Using scapy to generate IPv4 TCP non-keepalive ack from the same source address:
+ // eth = Ether(src="00:01:02:03:04:05", dst="01:02:03:04:05:06")
+ // ip = IP(src='10.0.0.6', dst='10.0.0.5')
+ // tcp = TCP(sport=54321, dport=12345, flags="A", seq=1234567890, ack=2123456790)
+ // payload = Raw(b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09')
+ // pkt = eth/ip/tcp/payload
+ val nonKeepaliveAckPkt2 = """
+ 01020304050600010203040508004500003200010000400666bb0a0000060a000005d4313039499602d27
+ e91611650102000372c000000010203040506070809
+ """.replace("\\s+".toRegex(), "").trim()
+ verifyProgramRun(
+ APF_VERSION_6,
+ program,
+ HexDump.hexStringToByteArray(nonKeepaliveAckPkt2),
+ PASSED_IPV4_UNICAST
+ )
+
+ // Pass IPv4 keepalive ack from another address
+ // Using scapy to generate IPv4 TCP keepalive ack from another address:
+ // eth = Ether(src="00:01:02:03:04:05", dst="01:02:03:04:05:06")
+ // ip = IP(src='10.0.0.7', dst='10.0.0.5')
+ // tcp = TCP(sport=23456, dport=65432, flags="A", seq=2123456780, ack=1123456789)
+ // pkt = eth/ip/tcp
+ val otherSrcKeepaliveAck = """
+ 01020304050600010203040508004500002800010000400666c40a0000070a0000055ba0ff987e91610c4
+ 2f697155010200066e60000
+ """.replace("\\s+".toRegex(), "").trim()
+ verifyProgramRun(
+ APF_VERSION_6,
+ program,
+ HexDump.hexStringToByteArray(otherSrcKeepaliveAck),
+ PASSED_IPV4_UNICAST
+ )
+
+ // test IPv4 packets when TCP keepalive filter is removed
+ apfFilter.removeKeepalivePacketFilter(1)
+ program = consumeInstalledProgram(ipClientCallback, installCnt = 1)
+ verifyProgramRun(
+ APF_VERSION_6,
+ program,
+ HexDump.hexStringToByteArray(keepaliveAckPkt),
+ PASSED_IPV4_UNICAST
+ )
+
+ verifyProgramRun(
+ APF_VERSION_6,
+ program,
+ HexDump.hexStringToByteArray(otherSrcKeepaliveAck),
+ PASSED_IPV4_UNICAST
+ )
+ }
+
+ @Test
fun testIPv4NattKeepaliveFilter() {
val srcAddr = byteArrayOf(10, 0, 0, 5)
val dstAddr = byteArrayOf(10, 0, 0, 6)
diff --git a/tests/unit/src/android/net/apf/ApfTest.java b/tests/unit/src/android/net/apf/ApfTest.java
index 15d3b1e..4ca5d56 100644
--- a/tests/unit/src/android/net/apf/ApfTest.java
+++ b/tests/unit/src/android/net/apf/ApfTest.java
@@ -73,7 +73,6 @@
import android.net.LinkAddress;
import android.net.LinkProperties;
import android.net.MacAddress;
-import android.net.TcpKeepalivePacketDataParcelable;
import android.net.apf.ApfCounterTracker.Counter;
import android.net.apf.ApfFilter.ApfConfiguration;
import android.net.apf.BaseApfGenerator.IllegalInstructionException;
@@ -2001,158 +2000,6 @@
private static final byte[] IPV6_ANOTHER_ADDR =
{(byte) 0x24, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0xfa, (byte) 0xf5};
- @Test
- public void testApfFilterKeepaliveAck() throws Exception {
- final ApfConfiguration config = getDefaultConfig();
- config.multicastFilter = DROP_MULTICAST;
- config.ieee802_3Filter = DROP_802_3_FRAMES;
- final ApfFilter apfFilter = getApfFilter(config);
- consumeInstalledProgram(mIpClientCb, 1 /* installCnt */);
- byte[] program;
- final int srcPort = 12345;
- final int dstPort = 54321;
- final int seqNum = 2123456789;
- final int ackNum = 1234567890;
- final int anotherSrcPort = 23456;
- final int anotherDstPort = 65432;
- final int anotherSeqNum = 2123456780;
- final int anotherAckNum = 1123456789;
- final int slot1 = 1;
- final int slot2 = 2;
- final int window = 14480;
- final int windowScale = 4;
-
- // src: 10.0.0.5, port: 12345
- // dst: 10.0.0.6, port: 54321
- InetAddress srcAddr = InetAddress.getByAddress(IPV4_KEEPALIVE_SRC_ADDR);
- InetAddress dstAddr = InetAddress.getByAddress(IPV4_KEEPALIVE_DST_ADDR);
-
- final TcpKeepalivePacketDataParcelable parcel = new TcpKeepalivePacketDataParcelable();
- parcel.srcAddress = srcAddr.getAddress();
- parcel.srcPort = srcPort;
- parcel.dstAddress = dstAddr.getAddress();
- parcel.dstPort = dstPort;
- parcel.seq = seqNum;
- parcel.ack = ackNum;
-
- apfFilter.addTcpKeepalivePacketFilter(slot1, parcel);
- program = consumeInstalledProgram(mIpClientCb, 1 /* installCnt */);
-
- // Verify IPv4 keepalive ack packet is dropped
- // src: 10.0.0.6, port: 54321
- // dst: 10.0.0.5, port: 12345
- assertDrop(program,
- ipv4TcpPacket(IPV4_KEEPALIVE_DST_ADDR, IPV4_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum, seqNum + 1, 0 /* dataLength */));
- // Verify IPv4 non-keepalive ack packet from the same source address is passed
- assertPass(program,
- ipv4TcpPacket(IPV4_KEEPALIVE_DST_ADDR, IPV4_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum + 100, seqNum, 0 /* dataLength */));
- assertPass(program,
- ipv4TcpPacket(IPV4_KEEPALIVE_DST_ADDR, IPV4_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum, seqNum + 1, 10 /* dataLength */));
- // Verify IPv4 packet from another address is passed
- assertPass(program,
- ipv4TcpPacket(IPV4_ANOTHER_ADDR, IPV4_KEEPALIVE_SRC_ADDR, anotherSrcPort,
- anotherDstPort, anotherSeqNum, anotherAckNum, 0 /* dataLength */));
-
- // Remove IPv4 keepalive filter
- apfFilter.removeKeepalivePacketFilter(slot1);
- program = consumeInstalledProgram(mIpClientCb, 1 /* installCnt */);
-
- try {
- // src: 2404:0:0:0:0:0:faf1, port: 12345
- // dst: 2404:0:0:0:0:0:faf2, port: 54321
- srcAddr = InetAddress.getByAddress(IPV6_KEEPALIVE_SRC_ADDR);
- dstAddr = InetAddress.getByAddress(IPV6_KEEPALIVE_DST_ADDR);
-
- final TcpKeepalivePacketDataParcelable ipv6Parcel =
- new TcpKeepalivePacketDataParcelable();
- ipv6Parcel.srcAddress = srcAddr.getAddress();
- ipv6Parcel.srcPort = srcPort;
- ipv6Parcel.dstAddress = dstAddr.getAddress();
- ipv6Parcel.dstPort = dstPort;
- ipv6Parcel.seq = seqNum;
- ipv6Parcel.ack = ackNum;
-
- apfFilter.addTcpKeepalivePacketFilter(slot1, ipv6Parcel);
- program = consumeInstalledProgram(mIpClientCb, 1 /* installCnt */);
-
- // Verify IPv6 keepalive ack packet is dropped
- // src: 2404:0:0:0:0:0:faf2, port: 54321
- // dst: 2404:0:0:0:0:0:faf1, port: 12345
- assertDrop(program,
- ipv6TcpPacket(IPV6_KEEPALIVE_DST_ADDR, IPV6_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum, seqNum + 1));
- // Verify IPv6 non-keepalive ack packet from the same source address is passed
- assertPass(program,
- ipv6TcpPacket(IPV6_KEEPALIVE_DST_ADDR, IPV6_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum + 100, seqNum));
- // Verify IPv6 packet from another address is passed
- assertPass(program,
- ipv6TcpPacket(IPV6_ANOTHER_ADDR, IPV6_KEEPALIVE_SRC_ADDR, anotherSrcPort,
- anotherDstPort, anotherSeqNum, anotherAckNum));
-
- // Remove IPv6 keepalive filter
- apfFilter.removeKeepalivePacketFilter(slot1);
-
- // Verify multiple filters
- apfFilter.addTcpKeepalivePacketFilter(slot1, parcel);
- apfFilter.addTcpKeepalivePacketFilter(slot2, ipv6Parcel);
- program = consumeInstalledProgram(mIpClientCb, 3 /* installCnt */);
-
- // Verify IPv4 keepalive ack packet is dropped
- // src: 10.0.0.6, port: 54321
- // dst: 10.0.0.5, port: 12345
- assertDrop(program,
- ipv4TcpPacket(IPV4_KEEPALIVE_DST_ADDR, IPV4_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum, seqNum + 1, 0 /* dataLength */));
- // Verify IPv4 non-keepalive ack packet from the same source address is passed
- assertPass(program,
- ipv4TcpPacket(IPV4_KEEPALIVE_DST_ADDR, IPV4_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum + 100, seqNum, 0 /* dataLength */));
- // Verify IPv4 packet from another address is passed
- assertPass(program,
- ipv4TcpPacket(IPV4_ANOTHER_ADDR, IPV4_KEEPALIVE_SRC_ADDR, anotherSrcPort,
- anotherDstPort, anotherSeqNum, anotherAckNum, 0 /* dataLength */));
-
- // Verify IPv6 keepalive ack packet is dropped
- // src: 2404:0:0:0:0:0:faf2, port: 54321
- // dst: 2404:0:0:0:0:0:faf1, port: 12345
- assertDrop(program,
- ipv6TcpPacket(IPV6_KEEPALIVE_DST_ADDR, IPV6_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum, seqNum + 1));
- // Verify IPv6 non-keepalive ack packet from the same source address is passed
- assertPass(program,
- ipv6TcpPacket(IPV6_KEEPALIVE_DST_ADDR, IPV6_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum + 100, seqNum));
- // Verify IPv6 packet from another address is passed
- assertPass(program,
- ipv6TcpPacket(IPV6_ANOTHER_ADDR, IPV6_KEEPALIVE_SRC_ADDR, anotherSrcPort,
- anotherDstPort, anotherSeqNum, anotherAckNum));
-
- // Remove keepalive filters
- apfFilter.removeKeepalivePacketFilter(slot1);
- apfFilter.removeKeepalivePacketFilter(slot2);
- } catch (UnsupportedOperationException e) {
- // TODO: support V6 packets
- }
-
- // Verify IPv4, IPv6 packets are passed
- assertPass(program,
- ipv4TcpPacket(IPV4_KEEPALIVE_DST_ADDR, IPV4_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum, seqNum + 1, 0 /* dataLength */));
- assertPass(program,
- ipv6TcpPacket(IPV6_KEEPALIVE_DST_ADDR, IPV6_KEEPALIVE_SRC_ADDR,
- dstPort, srcPort, ackNum, seqNum + 1));
- assertPass(program,
- ipv4TcpPacket(IPV4_ANOTHER_ADDR, IPV4_KEEPALIVE_SRC_ADDR, srcPort,
- dstPort, anotherSeqNum, anotherAckNum, 0 /* dataLength */));
- assertPass(program,
- ipv6TcpPacket(IPV6_ANOTHER_ADDR, IPV6_KEEPALIVE_SRC_ADDR, srcPort,
- dstPort, anotherSeqNum, anotherAckNum));
- }
-
private static byte[] ipv4TcpPacket(byte[] sip, byte[] dip, int sport,
int dport, int seq, int ack, int dataLength) {
final int totalLength = dataLength + IPV4_HEADER_LEN + IPV4_TCP_HEADER_LEN;
