2 * Copyright 2016 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 * NatControllerTest.cpp - unit tests for NatController.cpp
24 #include <sys/types.h>
25 #include <sys/socket.h>
27 #include <gtest/gtest.h>
29 #include <android-base/stringprintf.h>
30 #include <android-base/strings.h>
32 #include "NatController.h"
33 #include "IptablesBaseTest.h"
35 using android::base::StringPrintf;
37 class NatControllerTest : public IptablesBaseTest {
40 NatController::execFunction = fake_android_fork_exec;
44 NatController mNatCtrl;
47 return mNatCtrl.setDefaults();
50 const ExpectedIptablesCommands FLUSH_COMMANDS = {
51 { V4, "-F natctrl_FORWARD" },
52 { V4, "-A natctrl_FORWARD -j DROP" },
53 { V4, "-t nat -F natctrl_nat_POSTROUTING" },
56 const ExpectedIptablesCommands SETUP_COMMANDS = {
57 { V4, "-F natctrl_FORWARD" },
58 { V4, "-A natctrl_FORWARD -j DROP" },
59 { V4, "-t nat -F natctrl_nat_POSTROUTING" },
60 { V4, "-F natctrl_tether_counters" },
61 { V4, "-X natctrl_tether_counters" },
62 { V4, "-N natctrl_tether_counters" },
63 { V4, "-t mangle -A natctrl_mangle_FORWARD -p tcp --tcp-flags SYN SYN "
64 "-j TCPMSS --clamp-mss-to-pmtu" },
67 const ExpectedIptablesCommands TWIDDLE_COMMANDS = {
68 { V4, "-D natctrl_FORWARD -j DROP" },
69 { V4, "-A natctrl_FORWARD -j DROP" },
72 ExpectedIptablesCommands enableMasqueradeCommand(const char *extIf) {
74 { V4, StringPrintf("-t nat -A natctrl_nat_POSTROUTING -o %s -j MASQUERADE", extIf) },
78 ExpectedIptablesCommands startNatCommands(const char *intIf, const char *extIf) {
80 { V4, StringPrintf("-A natctrl_FORWARD -i %s -o %s -m state --state"
81 " ESTABLISHED,RELATED -g natctrl_tether_counters", extIf, intIf) },
82 { V4, StringPrintf("-A natctrl_FORWARD -i %s -o %s -m state --state INVALID -j DROP",
84 { V4, StringPrintf("-A natctrl_FORWARD -i %s -o %s -g natctrl_tether_counters",
86 { V4, StringPrintf("-A natctrl_tether_counters -i %s -o %s -j RETURN", intIf, extIf) },
87 { V4, StringPrintf("-A natctrl_tether_counters -i %s -o %s -j RETURN", extIf, intIf) },
91 ExpectedIptablesCommands stopNatCommands(const char *intIf, const char *extIf) {
93 { V4, StringPrintf("-D natctrl_FORWARD -i %s -o %s -m state --state"
94 " ESTABLISHED,RELATED -g natctrl_tether_counters", extIf, intIf) },
95 { V4, StringPrintf("-D natctrl_FORWARD -i %s -o %s -m state --state INVALID -j DROP",
97 { V4, StringPrintf("-D natctrl_FORWARD -i %s -o %s -g natctrl_tether_counters",
103 TEST_F(NatControllerTest, TestSetupIptablesHooks) {
104 mNatCtrl.setupIptablesHooks();
105 expectIptablesCommands(SETUP_COMMANDS);
108 TEST_F(NatControllerTest, TestSetDefaults) {
110 expectIptablesCommands(FLUSH_COMMANDS);
113 TEST_F(NatControllerTest, TestAddAndRemoveNat) {
115 std::vector<ExpectedIptablesCommands> startFirstNat = {
116 enableMasqueradeCommand("rmnet0"),
117 startNatCommands("wlan0", "rmnet0"),
120 mNatCtrl.enableNat("wlan0", "rmnet0");
121 expectIptablesCommands(startFirstNat);
123 std::vector<ExpectedIptablesCommands> startOtherNat = {
124 startNatCommands("usb0", "rmnet0"),
127 mNatCtrl.enableNat("usb0", "rmnet0");
128 expectIptablesCommands(startOtherNat);
130 ExpectedIptablesCommands stopOtherNat = stopNatCommands("wlan0", "rmnet0");
131 mNatCtrl.disableNat("wlan0", "rmnet0");
132 expectIptablesCommands(stopOtherNat);
134 std::vector<ExpectedIptablesCommands> stopLastNat = {
135 stopNatCommands("usb0", "rmnet0"),
138 mNatCtrl.disableNat("usb0", "rmnet0");
139 expectIptablesCommands(stopLastNat);