tests/integration/signature/android/net/util/NetworkStackUtilsIntegrationTest.kt - platform/packages/modules/NetworkStack - Gitiles

 /*
  * Copyright (C) 2020 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.net.util

 import android.Manifest.permission.MANAGE_TEST_NETWORKS
 import android.content.Context
 import android.net.InetAddresses.parseNumericAddress
 import android.net.IpPrefix
 import android.net.MacAddress
 import android.net.TestNetworkInterface
 import android.net.TestNetworkManager
 import android.net.dhcp.DhcpPacket
 import android.os.HandlerThread
 import android.system.Os
 import android.system.OsConstants.AF_INET
 import android.system.OsConstants.AF_PACKET
 import android.system.OsConstants.ARPHRD_ETHER
 import android.system.OsConstants.ETH_P_IPV6
 import android.system.OsConstants.IPPROTO_UDP
 import android.system.OsConstants.SOCK_DGRAM
 import android.system.OsConstants.SOCK_NONBLOCK
 import android.system.OsConstants.SOCK_RAW
 import android.system.OsConstants.SOL_SOCKET
 import android.system.OsConstants.SO_RCVTIMEO
 import android.system.StructTimeval
 import androidx.test.platform.app.InstrumentationRegistry
 import com.android.net.module.util.InterfaceParams
 import com.android.net.module.util.Ipv6Utils
 import com.android.net.module.util.NetworkStackConstants.ETHER_ADDR_LEN
 import com.android.net.module.util.NetworkStackConstants.IPV4_ADDR_ANY
 import com.android.net.module.util.NetworkStackConstants.IPV6_ADDR_ALL_NODES_MULTICAST
 import com.android.net.module.util.structs.PrefixInformationOption
 import com.android.networkstack.util.NetworkStackUtils
 import com.android.testutils.ArpRequestFilter
 import com.android.testutils.ETHER_HEADER_LENGTH
 import com.android.testutils.IPV4_HEADER_LENGTH
 import com.android.testutils.IPv4UdpFilter
 import com.android.testutils.TapPacketReader
 import com.android.testutils.UDP_HEADER_LENGTH
 import org.junit.After
 import org.junit.Assert.assertArrayEquals
 import org.junit.Before
 import org.junit.Test
 import java.io.FileDescriptor
 import java.net.Inet4Address
 import java.net.Inet6Address
 import java.nio.ByteBuffer
 import kotlin.reflect.KClass
 import kotlin.test.assertEquals
 import kotlin.test.assertTrue
 import kotlin.test.fail

 class NetworkStackUtilsIntegrationTest {
     private val inst by lazy { InstrumentationRegistry.getInstrumentation() }
     private val context by lazy { inst.context }

     private val TEST_TIMEOUT_MS = 10_000L
     private val TEST_MTU = 1500
     private val TEST_TARGET_IPV4_ADDR = parseNumericAddress("192.0.2.42") as Inet4Address
     private val TEST_SRC_MAC = MacAddress.fromString("BA:98:76:54:32:10")
     private val TEST_TARGET_MAC = MacAddress.fromString("01:23:45:67:89:0A")
     private val TEST_INET6ADDR_1 = parseNumericAddress("2001:db8::1") as Inet6Address
     private val TEST_INET6ADDR_2 = parseNumericAddress("2001:db8::2") as Inet6Address

     private val readerHandler = HandlerThread(
             NetworkStackUtilsIntegrationTest::class.java.simpleName)
     private lateinit var iface: TestNetworkInterface
     private lateinit var reader: TapPacketReader

     @Before
     fun setUp() {
         inst.uiAutomation.adoptShellPermissionIdentity(MANAGE_TEST_NETWORKS)
         try {
             val tnm = context.assertHasService(TestNetworkManager::class)
             iface = tnm.createTapInterface()
         } finally {
             inst.uiAutomation.dropShellPermissionIdentity()
         }
         readerHandler.start()
         reader = TapPacketReader(readerHandler.threadHandler, iface.fileDescriptor.fileDescriptor,
                 1500 /* maxPacketSize */)
         readerHandler.threadHandler.post { reader.start() }
     }

     @After
     fun tearDown() {
         readerHandler.quitSafely()
         if (this::iface.isInitialized) iface.fileDescriptor.close()
     }

     @Test
     fun testAddArpEntry() {
         val socket = Os.socket(AF_INET, SOCK_DGRAM or SOCK_NONBLOCK, IPPROTO_UDP)
         SocketUtils.bindSocketToInterface(socket, iface.interfaceName)

         NetworkStackUtils.addArpEntry(TEST_TARGET_IPV4_ADDR, TEST_TARGET_MAC, iface.interfaceName,
                 socket)

         // Fake DHCP packet: would not be usable as a DHCP offer (most IPv4 addresses are all-zero,
         // no gateway or DNS servers, etc).
         // Using a DHCP packet to replicate actual usage of the API: it is used in DhcpServer to
         // send packets to clients before their IP address has been assigned.
         val buffer = DhcpPacket.buildOfferPacket(DhcpPacket.ENCAP_BOOTP, 123 /* transactionId */,
                 false /* broadcast */, IPV4_ADDR_ANY /* serverIpAddr */,
                 IPV4_ADDR_ANY /* relayIp */, IPV4_ADDR_ANY /* yourIp */,
                 TEST_TARGET_MAC.toByteArray(), 3600 /* timeout */, IPV4_ADDR_ANY /* netMask */,
                 IPV4_ADDR_ANY /* bcAddr */, emptyList<Inet4Address>() /* gateways */,
                 emptyList<Inet4Address>() /* dnsServers */,
                 IPV4_ADDR_ANY /* dhcpServerIdentifier */, null /* domainName */,
                 null /* hostname */, false /* metered */, 1500 /* mtu */,
                 null /* captivePortalUrl */)
         // Not using .array as per errorprone "ByteBufferBackingArray" recommendation
         val originalPacket = buffer.readAsArray()

         Os.sendto(socket, originalPacket, 0 /* bytesOffset */, originalPacket.size /* bytesCount */,
                 0 /* flags */, TEST_TARGET_IPV4_ADDR, DhcpPacket.DHCP_CLIENT.toInt() /* port */)

         // Verify the packet was sent to the mac address specified in the ARP entry
         // Also accept ARP requests, but expect that none is sent before the UDP packet
         // IPv6 NS may be sent on the interface but will be filtered out
         val sentPacket = reader.poll(TEST_TIMEOUT_MS, IPv4UdpFilter().or(ArpRequestFilter()))
                 ?: fail("Packet was not sent on the interface")

         val sentTargetAddr = MacAddress.fromBytes(sentPacket.copyOfRange(0, ETHER_ADDR_LEN))
         assertEquals(TEST_TARGET_MAC, sentTargetAddr, "Destination ethernet address does not match")

         val sentDhcpPacket = sentPacket.copyOfRange(
                 ETHER_HEADER_LENGTH + IPV4_HEADER_LENGTH + UDP_HEADER_LENGTH, sentPacket.size)

         assertArrayEquals("Sent packet != original packet", originalPacket, sentDhcpPacket)
     }

     @Test
     fun testAttachRaFilter() {
         val socket = Os.socket(AF_PACKET, SOCK_RAW, ETH_P_IPV6)
         val ifParams = InterfaceParams.getByName(iface.interfaceName)
                 ?: fail("Could not obtain interface params for ${iface.interfaceName}")
         val socketAddr = SocketUtils.makePacketSocketAddress(ETH_P_IPV6, ifParams.index)
         Os.bind(socket, socketAddr)
         Os.setsockoptTimeval(socket, SOL_SOCKET, SO_RCVTIMEO,
                 StructTimeval.fromMillis(TEST_TIMEOUT_MS))

         // Verify that before setting any filter, the socket receives pings
         val echo = Ipv6Utils.buildEchoRequestPacket(TEST_SRC_MAC, TEST_TARGET_MAC, TEST_INET6ADDR_1,
                 TEST_INET6ADDR_2)
         reader.sendResponse(echo)
         echo.rewind()
         assertNextPacketEquals(socket, echo.readAsArray(), "ICMPv6 echo")

         NetworkStackUtils.attachRaFilter(socket, ARPHRD_ETHER)
         // Send another echo, then an RA. After setting the filter expect only the RA.
         echo.rewind()
         reader.sendResponse(echo)
         val pio = PrefixInformationOption.build(IpPrefix("2001:db8:1::/64"),
                 0.toByte() /* flags */, 3600 /* validLifetime */, 1800 /* preferredLifetime */)
         val ra = Ipv6Utils.buildRaPacket(TEST_SRC_MAC, TEST_TARGET_MAC,
                 TEST_INET6ADDR_1 /* routerAddr */, IPV6_ADDR_ALL_NODES_MULTICAST,
                 0.toByte() /* flags */, 1800 /* lifetime */, 0 /* reachableTime */,
                 0 /* retransTimer */, pio)
         reader.sendResponse(ra)
         ra.rewind()

         assertNextPacketEquals(socket, ra.readAsArray(), "ICMPv6 RA")
     }

     private fun assertNextPacketEquals(socket: FileDescriptor, expected: ByteArray, descr: String) {
         val buffer = ByteArray(TEST_MTU)
         val readPacket = Os.read(socket, buffer, 0 /* byteOffset */, buffer.size)
         assertTrue(readPacket > 0, "$descr not received")
         assertEquals(expected.size, readPacket, "Received packet size does not match for $descr")
         assertArrayEquals("Received packet != expected $descr",
                 expected, buffer.copyOfRange(0, readPacket))
     }
 }

 private fun ByteBuffer.readAsArray(): ByteArray {
     val out = ByteArray(remaining())
     get(out)
     return out
 }

 private fun <T : Any> Context.assertHasService(manager: KClass<T>) = getSystemService(manager.java)
         ?: fail("Could not find service $manager")
	/*
	* Copyright (C) 2020 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.net.util

	import android.Manifest.permission.MANAGE_TEST_NETWORKS
	import android.content.Context
	import android.net.InetAddresses.parseNumericAddress
	import android.net.IpPrefix
	import android.net.MacAddress
	import android.net.TestNetworkInterface
	import android.net.TestNetworkManager
	import android.net.dhcp.DhcpPacket
	import android.os.HandlerThread
	import android.system.Os
	import android.system.OsConstants.AF_INET
	import android.system.OsConstants.AF_PACKET
	import android.system.OsConstants.ARPHRD_ETHER
	import android.system.OsConstants.ETH_P_IPV6
	import android.system.OsConstants.IPPROTO_UDP
	import android.system.OsConstants.SOCK_DGRAM
	import android.system.OsConstants.SOCK_NONBLOCK
	import android.system.OsConstants.SOCK_RAW
	import android.system.OsConstants.SOL_SOCKET
	import android.system.OsConstants.SO_RCVTIMEO
	import android.system.StructTimeval
	import androidx.test.platform.app.InstrumentationRegistry
	import com.android.net.module.util.InterfaceParams
	import com.android.net.module.util.Ipv6Utils
	import com.android.net.module.util.NetworkStackConstants.ETHER_ADDR_LEN
	import com.android.net.module.util.NetworkStackConstants.IPV4_ADDR_ANY
	import com.android.net.module.util.NetworkStackConstants.IPV6_ADDR_ALL_NODES_MULTICAST
	import com.android.net.module.util.structs.PrefixInformationOption
	import com.android.networkstack.util.NetworkStackUtils
	import com.android.testutils.ArpRequestFilter
	import com.android.testutils.ETHER_HEADER_LENGTH
	import com.android.testutils.IPV4_HEADER_LENGTH
	import com.android.testutils.IPv4UdpFilter
	import com.android.testutils.TapPacketReader
	import com.android.testutils.UDP_HEADER_LENGTH
	import org.junit.After
	import org.junit.Assert.assertArrayEquals
	import org.junit.Before
	import org.junit.Test
	import java.io.FileDescriptor
	import java.net.Inet4Address
	import java.net.Inet6Address
	import java.nio.ByteBuffer
	import kotlin.reflect.KClass
	import kotlin.test.assertEquals
	import kotlin.test.assertTrue
	import kotlin.test.fail

	class NetworkStackUtilsIntegrationTest {
	private val inst by lazy { InstrumentationRegistry.getInstrumentation() }
	private val context by lazy { inst.context }

	private val TEST_TIMEOUT_MS = 10_000L
	private val TEST_MTU = 1500
	private val TEST_TARGET_IPV4_ADDR = parseNumericAddress("192.0.2.42") as Inet4Address
	private val TEST_SRC_MAC = MacAddress.fromString("BA:98:76:54:32:10")
	private val TEST_TARGET_MAC = MacAddress.fromString("01:23:45:67:89:0A")
	private val TEST_INET6ADDR_1 = parseNumericAddress("2001:db8::1") as Inet6Address
	private val TEST_INET6ADDR_2 = parseNumericAddress("2001:db8::2") as Inet6Address

	private val readerHandler = HandlerThread(
	NetworkStackUtilsIntegrationTest::class.java.simpleName)
	private lateinit var iface: TestNetworkInterface
	private lateinit var reader: TapPacketReader

	@Before
	fun setUp() {
	inst.uiAutomation.adoptShellPermissionIdentity(MANAGE_TEST_NETWORKS)
	try {
	val tnm = context.assertHasService(TestNetworkManager::class)
	iface = tnm.createTapInterface()
	} finally {
	inst.uiAutomation.dropShellPermissionIdentity()
	}
	readerHandler.start()
	reader = TapPacketReader(readerHandler.threadHandler, iface.fileDescriptor.fileDescriptor,
	1500 /* maxPacketSize */)
	readerHandler.threadHandler.post { reader.start() }
	}

	@After
	fun tearDown() {
	readerHandler.quitSafely()
	if (this::iface.isInitialized) iface.fileDescriptor.close()
	}

	@Test
	fun testAddArpEntry() {
	val socket = Os.socket(AF_INET, SOCK_DGRAM or SOCK_NONBLOCK, IPPROTO_UDP)
	SocketUtils.bindSocketToInterface(socket, iface.interfaceName)

	NetworkStackUtils.addArpEntry(TEST_TARGET_IPV4_ADDR, TEST_TARGET_MAC, iface.interfaceName,
	socket)

	// Fake DHCP packet: would not be usable as a DHCP offer (most IPv4 addresses are all-zero,
	// no gateway or DNS servers, etc).
	// Using a DHCP packet to replicate actual usage of the API: it is used in DhcpServer to
	// send packets to clients before their IP address has been assigned.
	val buffer = DhcpPacket.buildOfferPacket(DhcpPacket.ENCAP_BOOTP, 123 /* transactionId */,
	false /* broadcast /, IPV4_ADDR_ANY / serverIpAddr */,
	IPV4_ADDR_ANY /* relayIp /, IPV4_ADDR_ANY / yourIp */,
	TEST_TARGET_MAC.toByteArray(), 3600 /* timeout /, IPV4_ADDR_ANY / netMask */,
	IPV4_ADDR_ANY /* bcAddr /, emptyList<Inet4Address>() / gateways */,
	emptyList<Inet4Address>() /* dnsServers */,
	IPV4_ADDR_ANY /* dhcpServerIdentifier /, null / domainName */,
	null /* hostname /, false / metered /, 1500 / mtu */,
	null /* captivePortalUrl */)
	// Not using .array as per errorprone "ByteBufferBackingArray" recommendation
	val originalPacket = buffer.readAsArray()

	Os.sendto(socket, originalPacket, 0 /* bytesOffset /, originalPacket.size / bytesCount */,
	0 /* flags /, TEST_TARGET_IPV4_ADDR, DhcpPacket.DHCP_CLIENT.toInt() / port */)

	// Verify the packet was sent to the mac address specified in the ARP entry
	// Also accept ARP requests, but expect that none is sent before the UDP packet
	// IPv6 NS may be sent on the interface but will be filtered out
	val sentPacket = reader.poll(TEST_TIMEOUT_MS, IPv4UdpFilter().or(ArpRequestFilter()))
	?: fail("Packet was not sent on the interface")

	val sentTargetAddr = MacAddress.fromBytes(sentPacket.copyOfRange(0, ETHER_ADDR_LEN))
	assertEquals(TEST_TARGET_MAC, sentTargetAddr, "Destination ethernet address does not match")

	val sentDhcpPacket = sentPacket.copyOfRange(
	ETHER_HEADER_LENGTH + IPV4_HEADER_LENGTH + UDP_HEADER_LENGTH, sentPacket.size)

	assertArrayEquals("Sent packet != original packet", originalPacket, sentDhcpPacket)
	}

	@Test
	fun testAttachRaFilter() {
	val socket = Os.socket(AF_PACKET, SOCK_RAW, ETH_P_IPV6)
	val ifParams = InterfaceParams.getByName(iface.interfaceName)
	?: fail("Could not obtain interface params for ${iface.interfaceName}")
	val socketAddr = SocketUtils.makePacketSocketAddress(ETH_P_IPV6, ifParams.index)
	Os.bind(socket, socketAddr)
	Os.setsockoptTimeval(socket, SOL_SOCKET, SO_RCVTIMEO,
	StructTimeval.fromMillis(TEST_TIMEOUT_MS))

	// Verify that before setting any filter, the socket receives pings
	val echo = Ipv6Utils.buildEchoRequestPacket(TEST_SRC_MAC, TEST_TARGET_MAC, TEST_INET6ADDR_1,
	TEST_INET6ADDR_2)
	reader.sendResponse(echo)
	echo.rewind()
	assertNextPacketEquals(socket, echo.readAsArray(), "ICMPv6 echo")

	NetworkStackUtils.attachRaFilter(socket, ARPHRD_ETHER)
	// Send another echo, then an RA. After setting the filter expect only the RA.
	echo.rewind()
	reader.sendResponse(echo)
	val pio = PrefixInformationOption.build(IpPrefix("2001:db8:1::/64"),
	0.toByte() /* flags /, 3600 / validLifetime /, 1800 / preferredLifetime */)
	val ra = Ipv6Utils.buildRaPacket(TEST_SRC_MAC, TEST_TARGET_MAC,
	TEST_INET6ADDR_1 /* routerAddr */, IPV6_ADDR_ALL_NODES_MULTICAST,
	0.toByte() /* flags /, 1800 / lifetime /, 0 / reachableTime */,
	0 /* retransTimer */, pio)
	reader.sendResponse(ra)
	ra.rewind()

	assertNextPacketEquals(socket, ra.readAsArray(), "ICMPv6 RA")
	}

	private fun assertNextPacketEquals(socket: FileDescriptor, expected: ByteArray, descr: String) {
	val buffer = ByteArray(TEST_MTU)
	val readPacket = Os.read(socket, buffer, 0 /* byteOffset */, buffer.size)
	assertTrue(readPacket > 0, "$descr not received")
	assertEquals(expected.size, readPacket, "Received packet size does not match for $descr")
	assertArrayEquals("Received packet != expected $descr",
	expected, buffer.copyOfRange(0, readPacket))
	}
	}

	private fun ByteBuffer.readAsArray(): ByteArray {
	val out = ByteArray(remaining())
	get(out)
	return out
	}

	private fun <T : Any> Context.assertHasService(manager: KClass<T>) = getSystemService(manager.java)
	?: fail("Could not find service $manager")