From 54334b5667158d4b0af55201f327faeb80c05e0e Mon Sep 17 00:00:00 2001 From: Jan Moskyto Matejka Date: Thu, 9 Mar 2017 15:57:54 +0100 Subject: [PATCH] Filter: ROA check test and mixed prefix test --- filter/test.conf | 146 +++++++++++++++++++++++++++++------------------ 1 file changed, 91 insertions(+), 55 deletions(-) diff --git a/filter/test.conf b/filter/test.conf index 7915e627..dc94f817 100644 --- a/filter/test.conf +++ b/filter/test.conf @@ -444,8 +444,8 @@ function test_pxset(prefix set pxs) function t_prefix_set() prefix set pxs; { - pxs = [ 1.2.0.0/16, 1.4.0.0/16+]; - bt_assert(format(pxs) = "[1.2.0.0/112{::0.1.0.0}, 1.4.0.0/112{::0.1.255.255}]"); + pxs = [ 1.2.0.0/16, 1.4.0.0/16+, 44.66.88.64/30{24,28}, 12.34.56.0/24{8,16} ]; + bt_assert(format(pxs) = "[1.2.0.0/112{::0.1.0.0}, 1.4.0.0/112{::0.1.255.255}, 12.34.0.0/112{::1.255.0.0}, 44.66.88.64/124{::1f0}]"); bt_assert(1.2.0.0/16 ~ pxs); bt_assert(1.4.0.0/16 ~ pxs); bt_assert(1.4.0.0/18 ~ pxs); @@ -1165,12 +1165,22 @@ int j; accept "ok I take that"; } +filter roa_filter +{ + print(net); + if net ~ [ 10.0.0.0/8{16,24}, 2000::/3{16,96} ] then { + print("accepted"); + accept; + } + reject; +} + roa4 table r4; roa6 table r6; protocol static { - roa4 { table r4; }; + roa4 { table r4; import filter roa_filter; }; route 10.110.0.0/16 max 16 as 1000 blackhole; route 10.120.0.0/16 max 24 as 1000 blackhole ; route 10.130.0.0/16 max 24 as 2000 blackhole; @@ -1179,66 +1189,92 @@ protocol static protocol static { - roa6 { table r6; }; + roa6 { table r6; import filter roa_filter; }; route 2001:0db8:85a3:8a2e::/64 max 96 as 1000 blackhole; } function test_roa_check() -{ - # cannot be tested in __startup(), sorry - print "Should be true: ", roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN, - " ", roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN, - " ", roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID, - " ", roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID, - " ", roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID, - " ", roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID; - print "Should be true: ", roa_check(r4, 10.120.32.0/20, 2000) = ROA_INVALID, - " ", roa_check(r4, 10.120.32.32/28, 1000) = ROA_INVALID, - " ", roa_check(r4, 10.130.130.0/24, 1000) = ROA_INVALID, - " ", roa_check(r4, 10.130.130.0/24, 2000) = ROA_VALID, - " ", roa_check(r4, 10.130.30.0/24, 3000) = ROA_INVALID, - " ", roa_check(r4, 10.130.130.0/24, 3000) = ROA_VALID; - print "Should be true: ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID, - " ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID, - " ", roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID, - " ", roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN; - - print "Should be true: ", roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN, - " ", roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN, - " ", roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID, - " ", roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID, - " ", roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID, - " ", roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID; - - print "Should be true: ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID, - " ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID, - " ", roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID, - " ", roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN; - - print "Should be true: ", roa_check(r4, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID || - roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID; - - print "Should be false: ", roa_check(r4, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_INVALID || - roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_INVALID, - " ", roa_check(r4, 2001:0db8:85a3::/48, 1000) = ROA_INVALID || - roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_INVALID; - - print "Should be true: ", 10.130.130.0/24 ~ 0.0.0.0/0, - " ", 2001:0db8:85a3:8a2e::/64 ~ ::/0; - print "Should be false: ", 10.130.130.0/24 ~ ::/0, - " ", 2001:0db8:85a3:8a2e::/64 ~ 0.0.0.0/0; -} - -function roa_operators_test() prefix pfx; { - print "Testing ROA prefix operators '.maxlen' and '.asn':"; + # cannot be tested in __startup(), sorry + bt_assert(roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN); + bt_assert(roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN); + bt_assert(roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID); + bt_assert(roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID); + bt_assert(roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID); + bt_assert(roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID); + bt_assert(roa_check(r4, 10.120.32.0/20, 2000) = ROA_INVALID); + bt_assert(roa_check(r4, 10.120.32.32/28, 1000) = ROA_INVALID); + bt_assert(roa_check(r4, 10.130.130.0/24, 1000) = ROA_INVALID); + bt_assert(roa_check(r4, 10.130.130.0/24, 2000) = ROA_VALID); + bt_assert(roa_check(r4, 10.130.30.0/24, 3000) = ROA_INVALID); + bt_assert(roa_check(r4, 10.130.130.0/24, 3000) = ROA_VALID); + + bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID); + bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID); + bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID); + bt_assert(roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN); + + bt_assert(roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN); + bt_assert(roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN); + bt_assert(roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID); + bt_assert(roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID); + bt_assert(roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID); + bt_assert(roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID); + + bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID); + bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID); + bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID); + bt_assert(roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN); + + bt_assert(roa_check(r4, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_UNKNOWN); + bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID); + + bt_assert(roa_check(r4, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_UNKNOWN); + bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID); + bt_assert(roa_check(r4, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN); + bt_assert(roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN); + + bt_assert(10.130.130.0/24 ~ 0.0.0.0/0); + bt_assert(2001:0db8:85a3:8a2e::/64 ~ ::/0); + bt_assert(10.130.130.0/24 !~ ::/0); + bt_assert(2001:0db8:85a3:8a2e::/64 !~ 0.0.0.0/0); pfx = 12.13.0.0/16 max 24 as 1234; - print pfx; - print "Should be true: ", pfx.len = 16, " ", pfx.maxlen = 24, " ", pfx.asn = 1234; + bt_assert(pfx.len = 16); + bt_assert(pfx.maxlen = 24); + bt_assert(pfx.asn = 1234); pfx = 1000::/8 max 32 as 1234; - print pfx; - print "Should be true: ", pfx.len = 8, " ", pfx.maxlen = 32, " ", pfx.asn = 1234; + bt_assert(pfx.len = 8); + bt_assert(pfx.maxlen = 32); + bt_assert(pfx.asn = 1234); } + +bt_test_suite(test_roa_check, "Testing ROA"); + +/* + * Testing Mixed Net Types + * ----------------------- + */ + +function t_mixed_prefix() +prefix set pxs; +prefix set pxt; +{ + pxs = [ 98.45.0.0/16, 128.128.0.0/12+, 2200::/42-, ::ffff:d000:0/100{98,102}]; + print format(pxs); + bt_assert(format(pxs) = "[::/0, ::/2{c000::}, 98.45.0.0/112{::0.1.0.0}, 128.128.0.0/108{::0.31.255.255}, 208.0.0.0/100{::124.0.0.0}, 2200::/42{ffff:ffff:ffc0::}]"); + bt_assert(::fe00:0:0/88 !~ pxs); + bt_assert(::fffe:0:0/95 !~ pxs); + bt_assert(::ffff:d800:0/101 ~ pxs); + bt_assert(216.0.0.0/5 ~ pxs); + bt_assert(212.0.0.0/6 ~ pxs); + bt_assert(212.0.0.0/7 !~ pxs); + bt_assert(::ffff:8080:8080/121 ~ pxs); + bt_assert(::/0 ~ pxs); + bt_assert(0.0.0.0/0 !~ pxs); + bt_assert(128.135.64.17/32 ~ pxs); +} + +bt_test_suite(t_mixed_prefix, "Testing mixed net types");