summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/tests
diff options
context:
space:
mode:
authorGhanan Gowripalan <ghanan@google.com>2021-03-23 09:54:57 -0700
committergVisor bot <gvisor-bot@google.com>2021-03-23 09:57:01 -0700
commit409a11445442488ec7e0397372a673910062fa5f (patch)
tree16a555f5a33f591afc94105e1fc7e69e6b263a2c /pkg/tcpip/tests
parent7dbd6924a3f428d9b8698a5a7bf2707539722b6f (diff)
Explicitly allow martian loopback packets
...instead of opting out of them. Loopback traffic should be stack-local but gVisor has some clients that depend on the ability to receive loopback traffic that originated from outside of the stack. Because of this, we guard this change behind IP protocol options. A previous change provided the facility to deny these martian loopback packets but this change requires client to opt-in to accepting martian loopback packets as accepting martian loopback packets are not meant to be accepted, as per RFC 1122 section 3.2.1.3.g: (g) { 127, <any> } Internal host loopback address. Addresses of this form MUST NOT appear outside a host. PiperOrigin-RevId: 364581174
Diffstat (limited to 'pkg/tcpip/tests')
-rw-r--r--pkg/tcpip/tests/integration/loopback_test.go208
-rw-r--r--pkg/tcpip/tests/integration/route_test.go8
2 files changed, 108 insertions, 108 deletions
diff --git a/pkg/tcpip/tests/integration/loopback_test.go b/pkg/tcpip/tests/integration/loopback_test.go
index 0a9ea1aa8..6462e9d42 100644
--- a/pkg/tcpip/tests/integration/loopback_test.go
+++ b/pkg/tcpip/tests/integration/loopback_test.go
@@ -540,141 +540,141 @@ func TestExternalLoopbackTraffic(t *testing.T) {
}
tests := []struct {
- name string
- dropExternalLoopback bool
- forwarding bool
- rxICMP func(*channel.Endpoint)
- invalidAddressStat func(tcpip.IPStats) *tcpip.StatCounter
- shouldAccept bool
+ name string
+ allowExternalLoopback bool
+ forwarding bool
+ rxICMP func(*channel.Endpoint)
+ invalidAddressStat func(tcpip.IPStats) *tcpip.StatCounter
+ shouldAccept bool
}{
{
- name: "IPv4 external loopback sourced traffic without forwarding and drop external loopback disabled",
- dropExternalLoopback: false,
- forwarding: false,
- rxICMP: loopbackSourcedICMPv4,
- invalidAddressStat: invalidSrcAddrStat,
- shouldAccept: true,
+ name: "IPv4 external loopback sourced traffic without forwarding and drop external loopback disabled",
+ allowExternalLoopback: true,
+ forwarding: false,
+ rxICMP: loopbackSourcedICMPv4,
+ invalidAddressStat: invalidSrcAddrStat,
+ shouldAccept: true,
},
{
- name: "IPv4 external loopback sourced traffic without forwarding and drop external loopback enabled",
- dropExternalLoopback: true,
- forwarding: false,
- rxICMP: loopbackSourcedICMPv4,
- invalidAddressStat: invalidSrcAddrStat,
- shouldAccept: false,
+ name: "IPv4 external loopback sourced traffic without forwarding and drop external loopback enabled",
+ allowExternalLoopback: false,
+ forwarding: false,
+ rxICMP: loopbackSourcedICMPv4,
+ invalidAddressStat: invalidSrcAddrStat,
+ shouldAccept: false,
},
{
- name: "IPv4 external loopback sourced traffic with forwarding and drop external loopback disabled",
- dropExternalLoopback: false,
- forwarding: true,
- rxICMP: loopbackSourcedICMPv4,
- invalidAddressStat: invalidSrcAddrStat,
- shouldAccept: true,
+ name: "IPv4 external loopback sourced traffic with forwarding and drop external loopback disabled",
+ allowExternalLoopback: true,
+ forwarding: true,
+ rxICMP: loopbackSourcedICMPv4,
+ invalidAddressStat: invalidSrcAddrStat,
+ shouldAccept: true,
},
{
- name: "IPv4 external loopback sourced traffic with forwarding and drop external loopback enabled",
- dropExternalLoopback: true,
- forwarding: true,
- rxICMP: loopbackSourcedICMPv4,
- invalidAddressStat: invalidSrcAddrStat,
- shouldAccept: false,
+ name: "IPv4 external loopback sourced traffic with forwarding and drop external loopback enabled",
+ allowExternalLoopback: false,
+ forwarding: true,
+ rxICMP: loopbackSourcedICMPv4,
+ invalidAddressStat: invalidSrcAddrStat,
+ shouldAccept: false,
},
{
- name: "IPv4 external loopback destined traffic without forwarding and drop external loopback disabled",
- dropExternalLoopback: false,
- forwarding: false,
- rxICMP: loopbackDestinedICMPv4,
- invalidAddressStat: invalidDestAddrStat,
- shouldAccept: false,
+ name: "IPv4 external loopback destined traffic without forwarding and drop external loopback disabled",
+ allowExternalLoopback: true,
+ forwarding: false,
+ rxICMP: loopbackDestinedICMPv4,
+ invalidAddressStat: invalidDestAddrStat,
+ shouldAccept: false,
},
{
- name: "IPv4 external loopback destined traffic without forwarding and drop external loopback enabled",
- dropExternalLoopback: true,
- forwarding: false,
- rxICMP: loopbackDestinedICMPv4,
- invalidAddressStat: invalidDestAddrStat,
- shouldAccept: false,
+ name: "IPv4 external loopback destined traffic without forwarding and drop external loopback enabled",
+ allowExternalLoopback: false,
+ forwarding: false,
+ rxICMP: loopbackDestinedICMPv4,
+ invalidAddressStat: invalidDestAddrStat,
+ shouldAccept: false,
},
{
- name: "IPv4 external loopback destined traffic with forwarding and drop external loopback disabled",
- dropExternalLoopback: false,
- forwarding: true,
- rxICMP: loopbackDestinedICMPv4,
- invalidAddressStat: invalidDestAddrStat,
- shouldAccept: true,
+ name: "IPv4 external loopback destined traffic with forwarding and drop external loopback disabled",
+ allowExternalLoopback: true,
+ forwarding: true,
+ rxICMP: loopbackDestinedICMPv4,
+ invalidAddressStat: invalidDestAddrStat,
+ shouldAccept: true,
},
{
- name: "IPv4 external loopback destined traffic with forwarding and drop external loopback enabled",
- dropExternalLoopback: true,
- forwarding: true,
- rxICMP: loopbackDestinedICMPv4,
- invalidAddressStat: invalidDestAddrStat,
- shouldAccept: false,
+ name: "IPv4 external loopback destined traffic with forwarding and drop external loopback enabled",
+ allowExternalLoopback: false,
+ forwarding: true,
+ rxICMP: loopbackDestinedICMPv4,
+ invalidAddressStat: invalidDestAddrStat,
+ shouldAccept: false,
},
{
- name: "IPv6 external loopback sourced traffic without forwarding and drop external loopback disabled",
- dropExternalLoopback: false,
- forwarding: false,
- rxICMP: loopbackSourcedICMPv6,
- invalidAddressStat: invalidSrcAddrStat,
- shouldAccept: true,
+ name: "IPv6 external loopback sourced traffic without forwarding and drop external loopback disabled",
+ allowExternalLoopback: true,
+ forwarding: false,
+ rxICMP: loopbackSourcedICMPv6,
+ invalidAddressStat: invalidSrcAddrStat,
+ shouldAccept: true,
},
{
- name: "IPv6 external loopback sourced traffic without forwarding and drop external loopback enabled",
- dropExternalLoopback: true,
- forwarding: false,
- rxICMP: loopbackSourcedICMPv6,
- invalidAddressStat: invalidSrcAddrStat,
- shouldAccept: false,
+ name: "IPv6 external loopback sourced traffic without forwarding and drop external loopback enabled",
+ allowExternalLoopback: false,
+ forwarding: false,
+ rxICMP: loopbackSourcedICMPv6,
+ invalidAddressStat: invalidSrcAddrStat,
+ shouldAccept: false,
},
{
- name: "IPv6 external loopback sourced traffic with forwarding and drop external loopback disabled",
- dropExternalLoopback: false,
- forwarding: true,
- rxICMP: loopbackSourcedICMPv6,
- invalidAddressStat: invalidSrcAddrStat,
- shouldAccept: true,
+ name: "IPv6 external loopback sourced traffic with forwarding and drop external loopback disabled",
+ allowExternalLoopback: true,
+ forwarding: true,
+ rxICMP: loopbackSourcedICMPv6,
+ invalidAddressStat: invalidSrcAddrStat,
+ shouldAccept: true,
},
{
- name: "IPv6 external loopback sourced traffic with forwarding and drop external loopback enabled",
- dropExternalLoopback: true,
- forwarding: true,
- rxICMP: loopbackSourcedICMPv6,
- invalidAddressStat: invalidSrcAddrStat,
- shouldAccept: false,
+ name: "IPv6 external loopback sourced traffic with forwarding and drop external loopback enabled",
+ allowExternalLoopback: false,
+ forwarding: true,
+ rxICMP: loopbackSourcedICMPv6,
+ invalidAddressStat: invalidSrcAddrStat,
+ shouldAccept: false,
},
{
- name: "IPv6 external loopback destined traffic without forwarding and drop external loopback disabled",
- dropExternalLoopback: false,
- forwarding: false,
- rxICMP: loopbackDestinedICMPv6,
- invalidAddressStat: invalidDestAddrStat,
- shouldAccept: false,
+ name: "IPv6 external loopback destined traffic without forwarding and drop external loopback disabled",
+ allowExternalLoopback: true,
+ forwarding: false,
+ rxICMP: loopbackDestinedICMPv6,
+ invalidAddressStat: invalidDestAddrStat,
+ shouldAccept: false,
},
{
- name: "IPv6 external loopback destined traffic without forwarding and drop external loopback enabled",
- dropExternalLoopback: true,
- forwarding: false,
- rxICMP: loopbackDestinedICMPv6,
- invalidAddressStat: invalidDestAddrStat,
- shouldAccept: false,
+ name: "IPv6 external loopback destined traffic without forwarding and drop external loopback enabled",
+ allowExternalLoopback: false,
+ forwarding: false,
+ rxICMP: loopbackDestinedICMPv6,
+ invalidAddressStat: invalidDestAddrStat,
+ shouldAccept: false,
},
{
- name: "IPv6 external loopback destined traffic with forwarding and drop external loopback disabled",
- dropExternalLoopback: false,
- forwarding: true,
- rxICMP: loopbackDestinedICMPv6,
- invalidAddressStat: invalidDestAddrStat,
- shouldAccept: true,
+ name: "IPv6 external loopback destined traffic with forwarding and drop external loopback disabled",
+ allowExternalLoopback: true,
+ forwarding: true,
+ rxICMP: loopbackDestinedICMPv6,
+ invalidAddressStat: invalidDestAddrStat,
+ shouldAccept: true,
},
{
- name: "IPv6 external loopback destined traffic with forwarding and drop external loopback enabled",
- dropExternalLoopback: true,
- forwarding: true,
- rxICMP: loopbackDestinedICMPv6,
- invalidAddressStat: invalidDestAddrStat,
- shouldAccept: false,
+ name: "IPv6 external loopback destined traffic with forwarding and drop external loopback enabled",
+ allowExternalLoopback: false,
+ forwarding: true,
+ rxICMP: loopbackDestinedICMPv6,
+ invalidAddressStat: invalidDestAddrStat,
+ shouldAccept: false,
},
}
@@ -683,10 +683,10 @@ func TestExternalLoopbackTraffic(t *testing.T) {
s := stack.New(stack.Options{
NetworkProtocols: []stack.NetworkProtocolFactory{
ipv4.NewProtocolWithOptions(ipv4.Options{
- DropExternalLoopbackTraffic: test.dropExternalLoopback,
+ AllowExternalLoopbackTraffic: test.allowExternalLoopback,
}),
ipv6.NewProtocolWithOptions(ipv6.Options{
- DropExternalLoopbackTraffic: test.dropExternalLoopback,
+ AllowExternalLoopbackTraffic: test.allowExternalLoopback,
}),
},
TransportProtocols: []stack.TransportProtocolFactory{icmp.NewProtocol4, icmp.NewProtocol6},
diff --git a/pkg/tcpip/tests/integration/route_test.go b/pkg/tcpip/tests/integration/route_test.go
index 568a982bb..ed499179f 100644
--- a/pkg/tcpip/tests/integration/route_test.go
+++ b/pkg/tcpip/tests/integration/route_test.go
@@ -162,15 +162,15 @@ func TestLocalPing(t *testing.T) {
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
- for _, dropExternalLoopback := range []bool{true, false} {
- t.Run(fmt.Sprintf("DropExternalLoopback=%t", dropExternalLoopback), func(t *testing.T) {
+ for _, allowExternalLoopback := range []bool{true, false} {
+ t.Run(fmt.Sprintf("AllowExternalLoopback=%t", allowExternalLoopback), func(t *testing.T) {
s := stack.New(stack.Options{
NetworkProtocols: []stack.NetworkProtocolFactory{
ipv4.NewProtocolWithOptions(ipv4.Options{
- DropExternalLoopbackTraffic: dropExternalLoopback,
+ AllowExternalLoopbackTraffic: allowExternalLoopback,
}),
ipv6.NewProtocolWithOptions(ipv6.Options{
- DropExternalLoopbackTraffic: dropExternalLoopback,
+ AllowExternalLoopbackTraffic: allowExternalLoopback,
}),
},
TransportProtocols: []stack.TransportProtocolFactory{icmp.NewProtocol4, icmp.NewProtocol6},
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 08:54:26 +0000