From 729f5345b021046dec12cbff25e0ad9b27ef2674 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Tue, 6 Aug 2024 15:11:00 +0000 Subject: [PATCH] new(libsinsp/test): add tests for net compare Signed-off-by: Luca Guerra --- userspace/libsinsp/test/CMakeLists.txt | 1 + .../test/filter_op_net_compare.ut.cpp | 110 ++++++++++++++++++ 2 files changed, 111 insertions(+) create mode 100644 userspace/libsinsp/test/filter_op_net_compare.ut.cpp diff --git a/userspace/libsinsp/test/CMakeLists.txt b/userspace/libsinsp/test/CMakeLists.txt index 00f71f290d..c3b4cc36f2 100644 --- a/userspace/libsinsp/test/CMakeLists.txt +++ b/userspace/libsinsp/test/CMakeLists.txt @@ -110,6 +110,7 @@ set(LIBSINSP_UNIT_TESTS_SOURCES filter_op_bcontains.ut.cpp filter_op_contains.ut.cpp filter_op_pmatch.ut.cpp + filter_op_net_compare.ut.cpp filter_op_numeric_compare.ut.cpp filter_compiler.ut.cpp filter_transformer.ut.cpp diff --git a/userspace/libsinsp/test/filter_op_net_compare.ut.cpp b/userspace/libsinsp/test/filter_op_net_compare.ut.cpp new file mode 100644 index 0000000000..60999f4f22 --- /dev/null +++ b/userspace/libsinsp/test/filter_op_net_compare.ut.cpp @@ -0,0 +1,110 @@ +// SPDX-License-Identifier: Apache-2.0 +/* +Copyright (C) 2024 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +*/ + +#include +#include + +#include + +TEST_F(sinsp_with_test_input, net_ipv4_compare) +{ + add_default_init_thread(); + open_inspector(); + sinsp_evt* evt = NULL; + + int64_t client_fd = 9; + add_event_advance_ts(increasing_ts(), 1, PPME_SOCKET_SOCKET_E, 3, (uint32_t) PPM_AF_INET, (uint32_t) SOCK_STREAM, (uint32_t) 0); + evt = add_event_advance_ts(increasing_ts(), 1, PPME_SOCKET_SOCKET_X, 1, client_fd); + + int64_t return_value = 0; + + sockaddr_in client = test_utils::fill_sockaddr_in(54321, "172.40.111.222"); + sockaddr_in server = test_utils::fill_sockaddr_in(443, "142.251.111.147"); + + std::vector server_sockaddr = test_utils::pack_sockaddr(reinterpret_cast(&server)); + evt = add_event_advance_ts(increasing_ts(), 1, PPME_SOCKET_CONNECT_E, 2, client_fd, scap_const_sized_buffer{server_sockaddr.data(), server_sockaddr.size()}); + + std::vector socktuple = test_utils::pack_socktuple(reinterpret_cast(&client), reinterpret_cast(&server)); + evt = add_event_advance_ts(increasing_ts(), 1, PPME_SOCKET_CONNECT_X, 3, return_value, scap_const_sized_buffer{socktuple.data(), socktuple.size()}, client_fd); + + EXPECT_TRUE(eval_filter(evt, "fd.ip == 142.251.111.147")); + EXPECT_TRUE(eval_filter(evt, "fd.sip == 142.251.111.147")); + EXPECT_TRUE(eval_filter(evt, "fd.lip == 142.251.111.147")); + + EXPECT_TRUE(eval_filter(evt, "fd.rip == 172.40.111.222")); + EXPECT_TRUE(eval_filter(evt, "fd.cip == 172.40.111.222")); + + EXPECT_FALSE(eval_filter(evt, "fd.ip != 142.251.111.147")); + + EXPECT_TRUE(eval_filter(evt, "fd.sip != 0:0:0:0:0:0:0:1")); + EXPECT_FALSE(eval_filter(evt, "fd.sip == '0:0:0:0:0:0:0:1'")); + + EXPECT_TRUE(eval_filter(evt, "fd.net == 142.0.0.0/4")); + EXPECT_TRUE(eval_filter(evt, "fd.net == 142.251.0.0/8")); + EXPECT_TRUE(eval_filter(evt, "fd.net == 142.251.111.0/16")); + EXPECT_TRUE(eval_filter(evt, "fd.net != 10.0.0.0/8")); + EXPECT_TRUE(eval_filter(evt, "fd.net != 2001:db8:abcd:0012::0/64")); + + EXPECT_FALSE(eval_filter(evt, "fd.net == 10.0.0.0/8")); + EXPECT_FALSE(eval_filter(evt, "fd.net == 2001:db8:abcd:0012::0/64")); +} + +TEST_F(sinsp_with_test_input, net_ipv6_compare) +{ + add_default_init_thread(); + open_inspector(); + sinsp_evt* evt = NULL; + + int64_t client_fd = 9; + add_event_advance_ts(increasing_ts(), 1, PPME_SOCKET_SOCKET_E, 3, (uint32_t) PPM_AF_INET6, (uint32_t) SOCK_DGRAM, (uint32_t) 0); + add_event_advance_ts(increasing_ts(), 1, PPME_SOCKET_SOCKET_X, 1, client_fd); + + int64_t return_value = 0; + + sockaddr_in6 client = test_utils::fill_sockaddr_in6(54321, "::1"); + sockaddr_in6 server1 = test_utils::fill_sockaddr_in6(443, "2001:4860:4860::8888"); + + std::vector server1_sockaddr = test_utils::pack_sockaddr(reinterpret_cast(&server1)); + + /* The connect enter event populates the destination ip and the destination port thanks to the `server_sockaddr` */ + add_event_advance_ts(increasing_ts(), 1, PPME_SOCKET_CONNECT_E, 2, client_fd, scap_const_sized_buffer{server1_sockaddr.data(), server1_sockaddr.size()}); + + std::vector socktuple = test_utils::pack_socktuple(reinterpret_cast(&client), reinterpret_cast(&server1)); + evt = add_event_advance_ts(increasing_ts(), 1, PPME_SOCKET_CONNECT_X, 3, return_value, scap_const_sized_buffer{socktuple.data(), socktuple.size()}, client_fd); + + EXPECT_TRUE(eval_filter(evt, "fd.ip == 2001:4860:4860::8888")); + EXPECT_TRUE(eval_filter(evt, "fd.sip == 2001:4860:4860::8888")); + EXPECT_TRUE(eval_filter(evt, "fd.lip == 2001:4860:4860::8888")); + + EXPECT_TRUE(eval_filter(evt, "fd.rip == ::1")); + EXPECT_TRUE(eval_filter(evt, "fd.cip == ::1")); + + EXPECT_FALSE(eval_filter(evt, "fd.ip != 2001:4860:4860::8888")); + + EXPECT_TRUE(eval_filter(evt, "fd.sip != 127.0.0.1")); + EXPECT_FALSE(eval_filter(evt, "fd.sip == '127.0.0.1'")); + + EXPECT_TRUE(eval_filter(evt, "fd.net == 2001::0/16")); + EXPECT_TRUE(eval_filter(evt, "fd.net == 2001:4860::0/32")); + EXPECT_TRUE(eval_filter(evt, "fd.net == 2001:4860:4860::8888/48")); + EXPECT_TRUE(eval_filter(evt, "fd.net != 10::0/16")); + EXPECT_TRUE(eval_filter(evt, "fd.net != 10.0.0.0/8")); + + EXPECT_FALSE(eval_filter(evt, "fd.net == 10.0.0.0/8")); + EXPECT_FALSE(eval_filter(evt, "fd.net == 2001:db8:abcd:0012::0/64")); +}