Filter: ROA check test and mixed prefix test

This commit is contained in:
Jan Moskyto Matejka 2017-03-09 15:57:54 +01:00
parent 665be7f6bd
commit 54334b5667

View file

@ -444,8 +444,8 @@ function test_pxset(prefix set pxs)
function t_prefix_set() function t_prefix_set()
prefix set pxs; prefix set pxs;
{ {
pxs = [ 1.2.0.0/16, 1.4.0.0/16+]; pxs = [ 1.2.0.0/16, 1.4.0.0/16+, 44.66.88.64/30{24,28}, 12.34.56.0/24{8,16} ];
bt_assert(format(pxs) = "[1.2.0.0/112{::0.1.0.0}, 1.4.0.0/112{::0.1.255.255}]"); bt_assert(format(pxs) = "[1.2.0.0/112{::0.1.0.0}, 1.4.0.0/112{::0.1.255.255}, 12.34.0.0/112{::1.255.0.0}, 44.66.88.64/124{::1f0}]");
bt_assert(1.2.0.0/16 ~ pxs); bt_assert(1.2.0.0/16 ~ pxs);
bt_assert(1.4.0.0/16 ~ pxs); bt_assert(1.4.0.0/16 ~ pxs);
bt_assert(1.4.0.0/18 ~ pxs); bt_assert(1.4.0.0/18 ~ pxs);
@ -1165,12 +1165,22 @@ int j;
accept "ok I take that"; accept "ok I take that";
} }
filter roa_filter
{
print(net);
if net ~ [ 10.0.0.0/8{16,24}, 2000::/3{16,96} ] then {
print("accepted");
accept;
}
reject;
}
roa4 table r4; roa4 table r4;
roa6 table r6; roa6 table r6;
protocol static protocol static
{ {
roa4 { table r4; }; roa4 { table r4; import filter roa_filter; };
route 10.110.0.0/16 max 16 as 1000 blackhole; route 10.110.0.0/16 max 16 as 1000 blackhole;
route 10.120.0.0/16 max 24 as 1000 blackhole ; route 10.120.0.0/16 max 24 as 1000 blackhole ;
route 10.130.0.0/16 max 24 as 2000 blackhole; route 10.130.0.0/16 max 24 as 2000 blackhole;
@ -1179,66 +1189,92 @@ protocol static
protocol static protocol static
{ {
roa6 { table r6; }; roa6 { table r6; import filter roa_filter; };
route 2001:0db8:85a3:8a2e::/64 max 96 as 1000 blackhole; route 2001:0db8:85a3:8a2e::/64 max 96 as 1000 blackhole;
} }
function test_roa_check() function test_roa_check()
{
# cannot be tested in __startup(), sorry
print "Should be true: ", roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN,
" ", roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN,
" ", roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID,
" ", roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID,
" ", roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID,
" ", roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID;
print "Should be true: ", roa_check(r4, 10.120.32.0/20, 2000) = ROA_INVALID,
" ", roa_check(r4, 10.120.32.32/28, 1000) = ROA_INVALID,
" ", roa_check(r4, 10.130.130.0/24, 1000) = ROA_INVALID,
" ", roa_check(r4, 10.130.130.0/24, 2000) = ROA_VALID,
" ", roa_check(r4, 10.130.30.0/24, 3000) = ROA_INVALID,
" ", roa_check(r4, 10.130.130.0/24, 3000) = ROA_VALID;
print "Should be true: ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID,
" ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID,
" ", roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID,
" ", roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN;
print "Should be true: ", roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN,
" ", roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN,
" ", roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID,
" ", roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID,
" ", roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID,
" ", roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID;
print "Should be true: ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID,
" ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID,
" ", roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID,
" ", roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN;
print "Should be true: ", roa_check(r4, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID ||
roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID;
print "Should be false: ", roa_check(r4, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_INVALID ||
roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_INVALID,
" ", roa_check(r4, 2001:0db8:85a3::/48, 1000) = ROA_INVALID ||
roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_INVALID;
print "Should be true: ", 10.130.130.0/24 ~ 0.0.0.0/0,
" ", 2001:0db8:85a3:8a2e::/64 ~ ::/0;
print "Should be false: ", 10.130.130.0/24 ~ ::/0,
" ", 2001:0db8:85a3:8a2e::/64 ~ 0.0.0.0/0;
}
function roa_operators_test()
prefix pfx; prefix pfx;
{ {
print "Testing ROA prefix operators '.maxlen' and '.asn':"; # cannot be tested in __startup(), sorry
bt_assert(roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN);
bt_assert(roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN);
bt_assert(roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID);
bt_assert(roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID);
bt_assert(roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID);
bt_assert(roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID);
bt_assert(roa_check(r4, 10.120.32.0/20, 2000) = ROA_INVALID);
bt_assert(roa_check(r4, 10.120.32.32/28, 1000) = ROA_INVALID);
bt_assert(roa_check(r4, 10.130.130.0/24, 1000) = ROA_INVALID);
bt_assert(roa_check(r4, 10.130.130.0/24, 2000) = ROA_VALID);
bt_assert(roa_check(r4, 10.130.30.0/24, 3000) = ROA_INVALID);
bt_assert(roa_check(r4, 10.130.130.0/24, 3000) = ROA_VALID);
bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID);
bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID);
bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID);
bt_assert(roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN);
bt_assert(roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN);
bt_assert(roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN);
bt_assert(roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID);
bt_assert(roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID);
bt_assert(roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID);
bt_assert(roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID);
bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID);
bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID);
bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID);
bt_assert(roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN);
bt_assert(roa_check(r4, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_UNKNOWN);
bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID);
bt_assert(roa_check(r4, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_UNKNOWN);
bt_assert(roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID);
bt_assert(roa_check(r4, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN);
bt_assert(roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN);
bt_assert(10.130.130.0/24 ~ 0.0.0.0/0);
bt_assert(2001:0db8:85a3:8a2e::/64 ~ ::/0);
bt_assert(10.130.130.0/24 !~ ::/0);
bt_assert(2001:0db8:85a3:8a2e::/64 !~ 0.0.0.0/0);
pfx = 12.13.0.0/16 max 24 as 1234; pfx = 12.13.0.0/16 max 24 as 1234;
print pfx; bt_assert(pfx.len = 16);
print "Should be true: ", pfx.len = 16, " ", pfx.maxlen = 24, " ", pfx.asn = 1234; bt_assert(pfx.maxlen = 24);
bt_assert(pfx.asn = 1234);
pfx = 1000::/8 max 32 as 1234; pfx = 1000::/8 max 32 as 1234;
print pfx; bt_assert(pfx.len = 8);
print "Should be true: ", pfx.len = 8, " ", pfx.maxlen = 32, " ", pfx.asn = 1234; bt_assert(pfx.maxlen = 32);
bt_assert(pfx.asn = 1234);
} }
bt_test_suite(test_roa_check, "Testing ROA");
/*
* Testing Mixed Net Types
* -----------------------
*/
function t_mixed_prefix()
prefix set pxs;
prefix set pxt;
{
pxs = [ 98.45.0.0/16, 128.128.0.0/12+, 2200::/42-, ::ffff:d000:0/100{98,102}];
print format(pxs);
bt_assert(format(pxs) = "[::/0, ::/2{c000::}, 98.45.0.0/112{::0.1.0.0}, 128.128.0.0/108{::0.31.255.255}, 208.0.0.0/100{::124.0.0.0}, 2200::/42{ffff:ffff:ffc0::}]");
bt_assert(::fe00:0:0/88 !~ pxs);
bt_assert(::fffe:0:0/95 !~ pxs);
bt_assert(::ffff:d800:0/101 ~ pxs);
bt_assert(216.0.0.0/5 ~ pxs);
bt_assert(212.0.0.0/6 ~ pxs);
bt_assert(212.0.0.0/7 !~ pxs);
bt_assert(::ffff:8080:8080/121 ~ pxs);
bt_assert(::/0 ~ pxs);
bt_assert(0.0.0.0/0 !~ pxs);
bt_assert(128.135.64.17/32 ~ pxs);
}
bt_test_suite(t_mixed_prefix, "Testing mixed net types");