From ca88fcdfd1d3adfff965a2547e9c417a2950df24 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 27 Jan 2022 15:55:38 +0100 Subject: [PATCH] tests: update interface dump mock data Reorder and extend ubus interface dump mock. Ensure that the lan interface has two IPv4 and IPv6 addresses each to cover address selection logic in various fw4 parts. Signed-off-by: Jo-Philipp Wich --- tests/01_configuration/01_ruleset | 26 +-- tests/mocks/ubus/network.interface~dump.json | 226 +++++++++++++++++-- 2 files changed, 216 insertions(+), 36 deletions(-) diff --git a/tests/01_configuration/01_ruleset b/tests/01_configuration/01_ruleset index da33cce..1b006d8 100644 --- a/tests/01_configuration/01_ruleset +++ b/tests/01_configuration/01_ruleset @@ -26,7 +26,7 @@ table inet fw4 { flowtable ft { hook ingress priority 0; - devices = { "br-lan", "wan" }; + devices = { "br-lan", "eth1" }; flags offload; } @@ -40,9 +40,9 @@ table inet fw4 { # define lan_devices = { "br-lan" } - define lan_subnets = { 192.168.26.0/24, fd63:e2f:f706::/60 } - define wan_devices = { "wan" } - define wan_subnets = { 10.11.12.0/24 } + define lan_subnets = { 10.0.0.0/24, 192.168.26.0/24, 2001:db8:1000::/60, fd63:e2f:f706::/60 } + define wan_devices = { "eth1" } + define wan_subnets = { 10.11.12.0/24, 2001:db8:54:321::/64 } # # User includes @@ -63,7 +63,7 @@ table inet fw4 { ct state established,related accept comment "!fw4: Allow inbound established and related flows" tcp flags & (fin | syn | rst | ack) == syn jump syn_flood comment "!fw4: Rate limit TCP syn packets" iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic" - iifname "wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" + iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" } chain forward { @@ -72,7 +72,7 @@ table inet fw4 { meta l4proto { tcp, udp } flow offload @ft; ct state established,related accept comment "!fw4: Allow forwarded established and related flows" iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic" - iifname "wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" + iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" jump handle_reject } @@ -84,7 +84,7 @@ table inet fw4 { ct state established,related accept comment "!fw4: Allow outbound established and related flows" meta l4proto tcp counter comment "!fw4: Test-Deprecated-Rule-Option" oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic" - oifname "wan" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" + oifname "eth1" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" } chain handle_reject { @@ -142,15 +142,15 @@ table inet fw4 { } chain accept_to_wan { - oifname "wan" counter accept comment "!fw4: accept wan IPv4/IPv6 traffic" + oifname "eth1" counter accept comment "!fw4: accept wan IPv4/IPv6 traffic" } chain reject_from_wan { - iifname "wan" counter jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic" + iifname "eth1" counter jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic" } chain reject_to_wan { - oifname "wan" counter jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic" + oifname "eth1" counter jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic" } @@ -164,7 +164,7 @@ table inet fw4 { chain srcnat { type nat hook postrouting priority srcnat; policy accept; - oifname "wan" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic" + oifname "eth1" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic" } chain srcnat_wan { @@ -271,8 +271,8 @@ table inet fw4 { chain mangle_forward { type filter hook forward priority mangle; policy accept; - iifname "wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing" - oifname "wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing" + iifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing" + oifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing" } } -- End -- diff --git a/tests/mocks/ubus/network.interface~dump.json b/tests/mocks/ubus/network.interface~dump.json index 25d3415..4f6f4eb 100644 --- a/tests/mocks/ubus/network.interface~dump.json +++ b/tests/mocks/ubus/network.interface~dump.json @@ -1,5 +1,73 @@ { "interface": [ + { + "interface": "loopback", + "up": true, + "pending": false, + "available": true, + "autostart": true, + "dynamic": false, + "uptime": 89939, + "l3_device": "lo", + "proto": "static", + "device": "lo", + "updated": [ + "addresses" + ], + "metric": 0, + "dns_metric": 0, + "delegation": true, + "ipv4-address": [ + { + "address": "127.0.0.1", + "mask": 8 + } + ], + "ipv6-address": [ + + ], + "ipv6-prefix": [ + + ], + "ipv6-prefix-assignment": [ + + ], + "route": [ + + ], + "dns-server": [ + + ], + "dns-search": [ + + ], + "neighbors": [ + + ], + "inactive": { + "ipv4-address": [ + + ], + "ipv6-address": [ + + ], + "route": [ + + ], + "dns-server": [ + + ], + "dns-search": [ + + ], + "neighbors": [ + + ] + }, + "data": { + + } + }, { "interface": "lan", "up": true, @@ -18,6 +86,10 @@ "dns_metric": 0, "delegation": true, "ipv4-address": [ + { + "address": "10.0.0.1", + "mask": 24 + }, { "address": "192.168.26.1", "mask": 24 @@ -31,10 +103,18 @@ ], "ipv6-prefix-assignment": [ { - "address": "fd63:e2f:f706::", + "address": "2001:db8:1000:1::", "mask": 60, "local-address": { - "address": "fd63:e2f:f706::1", + "address": "2001:db8:1000:1::1", + "mask": 60 + } + }, + { + "address": "fd63:e2f:f706:1::", + "mask": 60, + "local-address": { + "address": "fd63:e2f:f706:1::1", "mask": 60 } } @@ -76,16 +156,16 @@ } }, { - "interface": "loopback", + "interface": "guest", "up": true, "pending": false, "available": true, "autostart": true, "dynamic": false, - "uptime": 89939, - "l3_device": "lo", + "uptime": 89940, + "l3_device": "br-guest", "proto": "static", - "device": "lo", + "device": "br-guest", "updated": [ "addresses" ], @@ -94,8 +174,12 @@ "delegation": true, "ipv4-address": [ { - "address": "127.0.0.1", - "mask": 8 + "address": "10.1.0.1", + "mask": 24 + }, + { + "address": "192.168.27.1", + "mask": 24 } ], "ipv6-address": [ @@ -105,7 +189,22 @@ ], "ipv6-prefix-assignment": [ - + { + "address": "2001:db8:1000:2::", + "mask": 60, + "local-address": { + "address": "2001:db8:1000:2::1", + "mask": 60 + } + }, + { + "address": "fd63:e2f:f706:2::", + "mask": 60, + "local-address": { + "address": "fd63:e2f:f706:2::1", + "mask": 60 + } + } ], "route": [ @@ -143,19 +242,6 @@ } }, - { - "interface": "wan6", - "up": false, - "pending": true, - "available": true, - "autostart": true, - "dynamic": false, - "proto": "dhcpv6", - "device": "wan", - "data": { - - } - }, { "interface": "wan", "up": true, @@ -164,7 +250,7 @@ "autostart": true, "dynamic": false, "uptime": 35968, - "l3_device": "wan", + "l3_device": "eth1", "proto": "dhcp", "device": "wan", "metric": 0, @@ -226,6 +312,100 @@ "hostname": "OpenWrt", "leasetime": 43200 } + }, + { + "interface": "wan6", + "up": true, + "pending": false, + "available": true, + "autostart": true, + "dynamic": false, + "uptime": 16264, + "l3_device": "eth1", + "proto": "6in4", + "updated": [ + "addresses", + "routes", + "prefixes" + ], + "metric": 0, + "dns_metric": 0, + "delegation": true, + "ipv4-address": [ + + ], + "ipv6-address": [ + { + "address": "2001:db8:54:321::2", + "mask": 64 + } + ], + "ipv6-prefix": [ + { + "address": "2001:db8:1000::", + "mask": 48, + "class": "wan6", + "assigned": { + "lan": { + "address": "2001:db8:1000:1::", + "mask": 60 + }, + "guest": { + "address": "2001:db8:1000:2::", + "mask": 60 + } + } + } + ], + "ipv6-prefix-assignment": [ + + ], + "route": [ + { + "target": "::", + "mask": 0, + "nexthop": "::", + "source": "2001:db8:1000::/48" + }, + { + "target": "::", + "mask": 0, + "nexthop": "::", + "source": "2001:db8:54:321::2/64" + } + ], + "dns-server": [ + + ], + "dns-search": [ + + ], + "neighbors": [ + + ], + "inactive": { + "ipv4-address": [ + + ], + "ipv6-address": [ + + ], + "route": [ + + ], + "dns-server": [ + + ], + "dns-search": [ + + ], + "neighbors": [ + + ] + }, + "data": { + + } } ] } -- 2.30.2