Coverage

src/brick-int.h

@@ -208,8 +208,8 @@ int pg_brick_reset(struct pg_brick *brick, struct pg_error **errp);
 
 /* testing */
 uint32_t pg_brick_links_count_get(const struct pg_brick *brick,
-				  const struct pg_brick *target,
-				  struct pg_error **errp);
+				const struct pg_brick *target,
+				struct pg_error **errp);
 int64_t pg_brick_refcount(const struct pg_brick *brick);
 
 /* generic functions used to factorize code */

src/brick.c

@@ -325,13 +325,13 @@ uint32_t pg_brick_links_count_get(const struct pg_brick *brick,
 				  const struct pg_brick *target,
 				  struct pg_error **errp)
 {
-	uint32_t count = 0;
+	int count = 0;
 	enum pg_side i;
 	const struct pg_brick_side *side;
 
 	if (!brick) {
 		*errp = pg_error_new("brick is NULL");
-		return 0;
+		return -1;
 	}
 
 	if (brick->type == PG_MULTIPOLE) {
@@ -349,6 +349,7 @@ uint32_t pg_brick_links_count_get(const struct pg_brick *brick,
 		if (side->edge.link && side->edge.link == target)
 			++count;
 	} else {
+		*errp = pg_error_new("brick config type is unknown");
 		return -1;
 	}
 

src/utils/errors.h

@@ -57,5 +57,10 @@ pg_error_make_ctx_internal(const char *file, uint64_t line, const char *func);
 	pg_error_make_ctx_internal(__FILE__, (__LINE__ + line_decalage), \
 				   __func__);
 
+#define PG_ERROR_EXISTS(error) do {					\
+		g_assert(error);					\
+		pg_error_free(error);					\
+		error = NULL;						\
+	} while (0)
 
 #endif /* _PG_UTILS_ERRORS_H */

tests/antispoof/test-ndp.c

@@ -147,3 +147,17 @@ static const unsigned char pkt2[86] = {
 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x01, /* ........ */
 0x52, 0x54, 0x00, 0x12, 0x34, 0x06              /* RT..4. */
 };
+
+/* pkt3 with Next header : UDP (17)
+ *
+ * */
+unsigned char pkt3[86];
+memcpy(pkt3, pkt2, 86);
+pkt3[20] = 0x11;
+
+/* Internet Control Message Protocol v6
+ * Type: Neighbor Advertisement (137)
+ * */
+unsigned char pkt4[86];
+memcpy(pkt4, pkt2, 86);
+pkt4[46] = 0x89;

tests/antispoof/tests.c

@@ -32,6 +32,7 @@
 #include "fail.h"
 #include "utils/mac.h"
 #include "utils/ip.h"
+#include "utils/errors.h"
 
 static struct rte_mbuf *build_packet(const unsigned char *data, size_t len)
 {
@@ -253,10 +254,57 @@ static void test_antispoof_generic(const unsigned char **pkts,
 	pg_error_free(error);
 	error = NULL;
 
+	/* re-add other IP and original IP, should pass */  
+	g_assert(!pg_antispoof_arp_del(antispoof, 42, &error));  
+	g_assert(!pg_antispoof_arp_del(antispoof, 51, &error));
+	g_assert(!pg_antispoof_arp_add(antispoof, 42, &error)); 
+	g_assert(!pg_antispoof_arp_add(antispoof, 51, &error)); 
+	g_assert(!pg_antispoof_arp_add(antispoof, inside_ip, &error));
+	g_assert(!error); 
+	REPLAY(1);
+
+	/* remove IP, should not pass */ 
+	pg_antispoof_arp_del_all(antispoof); 
+	REPLAY(0);
+
+	/* add ARP_MAX */
+	for (int i = 0; i <= 150; i++) {
+		if (i < PG_ARP_MAX) {
+			g_assert(!pg_antispoof_arp_add(antispoof, i, &error));
+			g_assert(!error);
+		} else {
+			g_assert(pg_antispoof_arp_add(antispoof, i, &error));
+			PG_ERROR_EXISTS(error);
+		}
+	}
+
+	/* remove IP, should not pass */
+	pg_antispoof_arp_del_all(antispoof);
+	REPLAY(0);
+
 	/* disable arp antispoof, should pass */
 	pg_antispoof_arp_disable(antispoof);
 	REPLAY(1);
 
+	/* add ARP_MAX */
+       for (int i = 0; i <= 150; i++) {
+	       if (i < PG_ARP_MAX) {
+		       g_assert(!pg_antispoof_arp_add(antispoof, i, &error));
+		       g_assert(!error);
+	       } else {
+		       g_assert(pg_antispoof_arp_add(antispoof, i, &error));
+		       PG_ERROR_EXISTS(error);
+	       }
+       }
+
+       /* remove IP, should pass */
+        pg_antispoof_arp_del_all(antispoof);
+        REPLAY(1);
+
+        /* disable arp antispoof, should pass */
+        pg_antispoof_arp_disable(antispoof);
+        REPLAY(1);
+
 	/* enable arp antispoof again, should re-block */
 	pg_antispoof_arp_enable(antispoof);
 	REPLAY(0);
@@ -265,8 +313,7 @@ static void test_antispoof_generic(const unsigned char **pkts,
 	pg_brick_unlink(antispoof, &error);
 	g_assert(!error);
 	pg_brick_destroy(antispoof);
-	antispoof = pg_antispoof_new("antispoof", PG_WEST_SIDE,
-				     &inside_mac, &error);
+	antispoof = pg_antispoof_new("antispoof", PG_WEST_SIDE, &inside_mac, &error);
 	pg_antispoof_arp_enable(antispoof);
 	g_assert(!pg_antispoof_arp_add(antispoof, inside_ip, &error));
 	g_assert(!error);
@@ -275,6 +322,7 @@ static void test_antispoof_generic(const unsigned char **pkts,
 	pg_brick_link(antispoof, col_east, &error);
 	g_assert(!error);
 	REPLAY(1);
+	pg_brick_destroy(antispoof);
 #undef REPLAY
 
 	pg_brick_destroy(gen_west);
@@ -437,8 +485,8 @@ static void test_antispoof_empty_burst(void)
 	g_free(pkts);
 }
 
-static int test_antispoof_filter(struct pg_brick *antispoof,
-				 struct rte_mbuf *packet)
+static int test_antispoof_filter(struct pg_brick *antispoof, 
+		                 struct rte_mbuf *packet)
 {
 	struct pg_brick *gen_west;
 	struct pg_brick *col_east;
@@ -521,6 +569,30 @@ static void test_antispoof_ndp(void)
 	pg_antispoof_ndp_enable(antispoof);
 	pg_antispoof_ndp_del_all(antispoof);
 
+	/* add NDP_MAX adresses  */
+	for (int i = 0; i < 150; i++) {
+		pg_autofree char *c = g_strdup_printf("2001:db8:2000:aff0::%d",i);
+		pg_ip_from_str(ip, c);
+		if (i < PG_NPD_MAX) {
+		        pg_antispoof_ndp_add(antispoof, ip, &error);
+			g_assert(!error);
+		} else {
+			pg_antispoof_ndp_add(antispoof, ip, &error);
+			PG_ERROR_EXISTS(error);
+		}
+	}
+
+	/* remove all adresses */
+        pg_antispoof_ndp_del_all(antispoof);
+
+	/* add several bad addresses */
+	pg_ip_from_str(ip, "2001:db8:2000:aff0::42");
+	pg_antispoof_ndp_add(antispoof, ip, &error);
+	g_assert(!error);
+
+	/* remove all addresses */
+	pg_antispoof_ndp_del(antispoof,ip,&error);
+
 	/* legit packet */
 	packet = build_packet(pkt0, 86);
 	g_assert(test_antispoof_filter(antispoof, packet) == 0);
@@ -538,10 +610,24 @@ static void test_antispoof_ndp(void)
 	pg_ip_from_str(ip, "2001:db8:2000:aff0::42");
 	pg_antispoof_ndp_add(antispoof, ip, &error);
 	g_assert(!error);
-	pg_ip_from_str(ip, "2001:db8:2000:aff0::43");
+	pg_ip_from_str(ip, "0");
 	pg_antispoof_ndp_add(antispoof, ip, &error);
 	g_assert(!error);
 
+	/* remove adresse */
+	g_assert(pg_antispoof_ndp_del(antispoof,ip,&error) == 0);
+	g_assert(!error);
+
+	/* legit packet with next header :UDP */
+	packet = build_packet(pkt3, 86);
+	g_assert(test_antispoof_filter(antispoof, packet) != 0);
+	pg_packets_free(&packet, pg_mask_firsts(1));
+
+	/*  legit packet with type Redirect Message */
+	packet = build_packet(pkt4, 86); 
+	g_assert(test_antispoof_filter(antispoof, packet) == 0);
+	pg_packets_free(&packet, pg_mask_firsts(1));
+
 	/* legit packet */
 	packet = build_packet(pkt0, 86);
 	g_assert(test_antispoof_filter(antispoof, packet) == 0);