diff --git a/include/packetgraph/antispoof.h b/include/packetgraph/antispoof.h index 2fddb9c15..3461ceb5c 100644 --- a/include/packetgraph/antispoof.h +++ b/include/packetgraph/antispoof.h @@ -21,6 +21,9 @@ #include #include +#define PG_ARP_MAX 100 +#define PG_NPD_MAX 100 + struct ether_addr; /** diff --git a/src/antispoof.c b/src/antispoof.c index 6e70d6f11..2dd9bc2fd 100644 --- a/src/antispoof.c +++ b/src/antispoof.c @@ -25,9 +25,7 @@ #include "utils/mac.h" #include "utils/ip.h" #include "utils/network.h" - -#define ARP_MAX 100 -#define NPD_MAX 100 +#include struct pg_antispoof_arp { /* Format of hardware address. */ @@ -88,11 +86,11 @@ struct pg_antispoof_state { struct ether_addr mac; bool arp_enabled; uint16_t arps_size; - struct arp arps[ARP_MAX]; + struct arp arps[PG_ARP_MAX]; /* icmpv6 / neighbor discovery */ bool ndp_enabled; uint16_t ndps_size; - struct ndp ndps[NPD_MAX]; + struct ndp ndps[PG_NPD_MAX]; }; struct pg_antispoof_config { @@ -120,7 +118,7 @@ int pg_antispoof_arp_add(struct pg_brick *brick, uint32_t ip, uint16_t n = state->arps_size; struct arp *arp = &state->arps[n]; - if (unlikely(n == ARP_MAX)) { + if (unlikely(n == PG_ARP_MAX)) { *errp = pg_error_new("Maximal IP reached"); return -1; } @@ -229,7 +227,7 @@ int pg_antispoof_ndp_add(struct pg_brick *brick, uint8_t *ip, uint16_t n = state->ndps_size; struct ndp *ndp = &state->ndps[n]; - if (unlikely(n == NPD_MAX)) { + if (unlikely(n == PG_NPD_MAX)) { *errp = pg_error_new("Maximal IPV6 reached"); return -1; } @@ -412,5 +410,3 @@ static struct pg_brick_ops antispoof_ops = { pg_brick_register(antispoof, &antispoof_ops); -#undef NPD_MAX -#undef ARP_MAX diff --git a/tests/antispoof/tests.c b/tests/antispoof/tests.c index e46478c44..fa34174c1 100644 --- a/tests/antispoof/tests.c +++ b/tests/antispoof/tests.c @@ -50,6 +50,23 @@ static struct rte_mbuf *build_packet(const unsigned char *data, size_t len) return pkt; } +#define REPLAY(pass) \ + for (i = 0; i < pkts_nb; i++) { \ + g_assert(pg_brick_reset(col_east, &error) >= 0); \ + g_assert(!error); \ + packet = build_packet(pkts[i], pkts_size[i]); \ + pg_brick_poll(gen_west, &packet_count, &error); \ + g_assert(!error); \ + g_assert(packet_count == 1); \ + filtered_pkts = pg_brick_west_burst_get(col_east, \ + &filtered_pkts_mask, \ + &error); \ + g_assert(!error); \ + g_assert(pg_mask_count(filtered_pkts_mask) == (pass)); \ + g_assert(!!filtered_pkts == pass); \ + rte_pktmbuf_free(packet); \ + } + static void test_antispoof_mac(void) { # include "test-arp-gratuitous.c" @@ -64,6 +81,7 @@ static void test_antispoof_mac(void) uint16_t packet_count; uint16_t i; struct rte_mbuf *packet; + struct rte_mbuf **filtered_pkts; uint64_t filtered_pkts_mask; /* only those packets should pass */ @@ -83,17 +101,8 @@ static void test_antispoof_mac(void) pg_brick_link(antispoof, col_east, &error); g_assert(!error); - /* replay traffic */ - for (i = 0; i < pkts_nb; i++) { - packet = build_packet(pkts[i], pkts_size[i]); - pg_brick_poll(gen_west, &packet_count, &error); - g_assert(!error); - g_assert(packet_count == 1); - pg_brick_west_burst_get(col_east, &filtered_pkts_mask, &error); - g_assert(!error); - g_assert(pg_mask_count(filtered_pkts_mask) == 0); - rte_pktmbuf_free(packet); - } + REPLAY(0); + pg_brick_destroy(gen_west); pg_brick_destroy(antispoof); pg_brick_destroy(col_east); @@ -113,6 +122,7 @@ static void test_antispoof_rarp(void) uint16_t packet_count; uint16_t i; struct rte_mbuf *packet; + struct rte_mbuf **filtered_pkts; uint64_t filtered_pkts_mask; pg_scan_ether_addr(&inside_mac, "00:23:df:ff:c9:23"); @@ -132,17 +142,8 @@ static void test_antispoof_rarp(void) pg_brick_link(antispoof, col_east, &error); g_assert(!error); - /* replay traffic */ - for (i = 0; i < pkts_nb; i++) { - packet = build_packet(pkts[i], pkts_size[i]); - pg_brick_poll(gen_west, &packet_count, &error); - g_assert(!error); - g_assert(packet_count == 1); - pg_brick_west_burst_get(col_east, &filtered_pkts_mask, &error); - g_assert(!error); - g_assert(pg_mask_count(filtered_pkts_mask) == 0); - rte_pktmbuf_free(packet); - } + REPLAY(0); + pg_brick_destroy(gen_west); pg_brick_destroy(antispoof); pg_brick_destroy(col_east); @@ -179,23 +180,6 @@ static void test_antispoof_generic(const unsigned char **pkts, pg_brick_link(antispoof, col_east, &error); g_assert(!error); -#define REPLAY(pass) \ - for (i = 0; i < pkts_nb; i++) { \ - g_assert(pg_brick_reset(col_east, &error) >= 0); \ - g_assert(!error); \ - packet = build_packet(pkts[i], pkts_size[i]); \ - pg_brick_poll(gen_west, &packet_count, &error); \ - g_assert(!error); \ - g_assert(packet_count == 1); \ - filtered_pkts = pg_brick_west_burst_get(col_east, \ - &filtered_pkts_mask, \ - &error); \ - g_assert(!error); \ - g_assert(pg_mask_count(filtered_pkts_mask) == (pass)); \ - g_assert(!!filtered_pkts == pass); \ - rte_pktmbuf_free(packet); \ - } - /* enable ARP antispoof with the correct IP */ pg_antispoof_arp_enable(antispoof); g_assert(!pg_antispoof_arp_add(antispoof, inside_ip, &error)); @@ -275,7 +259,6 @@ static void test_antispoof_generic(const unsigned char **pkts, pg_brick_link(antispoof, col_east, &error); g_assert(!error); REPLAY(1); -#undef REPLAY pg_brick_destroy(gen_west); pg_brick_destroy(antispoof); @@ -322,38 +305,13 @@ static void test_pg_antispoof_arp_disable(void) g_assert(!pg_antispoof_arp_add(antispoof, inside_ip, &error)); g_assert(!error); - /* replay traffic */ - for (i = 0; i < pkts_nb; i++) { - packet = build_packet(pkts[i], pkts_size[i]); - pg_brick_poll(gen_west, &packet_count, &error); - g_assert(!error); - g_assert(packet_count == 1); - filtered_pkts = pg_brick_west_burst_get(col_east, - &filtered_pkts_mask, - &error); - g_assert(!error); - g_assert(pg_mask_count(filtered_pkts_mask) == 0); - pg_packets_free(filtered_pkts, filtered_pkts_mask); - rte_pktmbuf_free(packet); - } + REPLAY(0); /* disable ARP antispoof, should now pass */ pg_antispoof_arp_disable(antispoof); - /* replay traffic */ - for (i = 0; i < pkts_nb; i++) { - packet = build_packet(pkts[i], pkts_size[i]); - pg_brick_poll(gen_west, &packet_count, &error); - g_assert(!error); - g_assert(packet_count == 1); - filtered_pkts = pg_brick_west_burst_get(col_east, - &filtered_pkts_mask, - &error); - g_assert(!error); - g_assert(pg_mask_count(filtered_pkts_mask) == 1); - pg_packets_free(filtered_pkts, filtered_pkts_mask); - rte_pktmbuf_free(packet); - } + REPLAY(1); +#undef REPLAY pg_brick_destroy(gen_west); pg_brick_destroy(antispoof);