Packetimpact test for IPv6 unknown options action

The Option Type identifiers are internally encoded such that their
highest-order two bits specify the action that must be taken if the
processing IPv6 node does not recognize the Option Type:

  00 - skip over this option and continue processing the header.
  01 - discard the packet.
  10 - discard the packet and, regardless of whether or not the
       packet's Destination Address was a multicast address, send an
       ICMP Parameter Problem, Code 2, message to the packet's
       Source Address, pointing to the unrecognized Option Type.
  11 - discard the packet and, only if the packet's Destination
       Address was not a multicast address, send an ICMP Parameter
       Problem, Code 2, message to the packet's Source Address,
       pointing to the unrecognized Option Type.

PiperOrigin-RevId: 318566613

2 files changed, 200 insertions, 0 deletions

diff --git a/test/packetimpact/tests/BUILD b/test/packetimpact/tests/BUILD
index 09e91b832..1c9f59df5 100644
--- a/test/packetimpact/tests/BUILD
+++ b/test/packetimpact/tests/BUILD
@@ -256,6 +256,19 @@ packetimpact_go_test(
 )
 
 packetimpact_go_test(
+    name = "ipv6_unknown_options_action",
+    srcs = ["ipv6_unknown_options_action_test.go"],
+    # TODO(b/159928940): Fix netstack then remove the line below.
+    expect_netstack_failure = True,
+    deps = [
+        "//pkg/tcpip",
+        "//pkg/tcpip/header",
+        "//test/packetimpact/testbench",
+        "@org_golang_x_sys//unix:go_default_library",
+    ],
+)
+
+packetimpact_go_test(
     name = "udp_send_recv_dgram",
     srcs = ["udp_send_recv_dgram_test.go"],
     deps = [
diff --git a/test/packetimpact/tests/ipv6_unknown_options_action_test.go b/test/packetimpact/tests/ipv6_unknown_options_action_test.go
new file mode 100644
index 000000000..d301d8829
--- /dev/null
+++ b/test/packetimpact/tests/ipv6_unknown_options_action_test.go
@@ -0,0 +1,187 @@
+// Copyright 2020 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ipv6_unknown_options_action_test
+
+import (
+	"encoding/binary"
+	"flag"
+	"net"
+	"testing"
+	"time"
+
+	"gvisor.dev/gvisor/pkg/tcpip"
+	"gvisor.dev/gvisor/pkg/tcpip/header"
+	tb "gvisor.dev/gvisor/test/packetimpact/testbench"
+)
+
+func init() {
+	tb.RegisterFlags(flag.CommandLine)
+}
+
+func mkHopByHopOptionsExtHdr(optType byte) tb.Layer {
+	return &tb.IPv6HopByHopOptionsExtHdr{
+		Options: []byte{optType, 0x04, 0x00, 0x00, 0x00, 0x00},
+	}
+}
+
+func mkDestinationOptionsExtHdr(optType byte) tb.Layer {
+	return &tb.IPv6DestinationOptionsExtHdr{
+		Options: []byte{optType, 0x04, 0x00, 0x00, 0x00, 0x00},
+	}
+}
+
+func optionTypeFromAction(action header.IPv6OptionUnknownAction) byte {
+	return byte(action << 6)
+}
+
+func TestIPv6UnknownOptionAction(t *testing.T) {
+	for _, tt := range []struct {
+		description  string
+		mkExtHdr     func(optType byte) tb.Layer
+		action       header.IPv6OptionUnknownAction
+		multicastDst bool
+		wantICMPv6   bool
+	}{
+		{
+			description:  "0b00/hbh",
+			mkExtHdr:     mkHopByHopOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionSkip,
+			multicastDst: false,
+			wantICMPv6:   false,
+		},
+		{
+			description:  "0b01/hbh",
+			mkExtHdr:     mkHopByHopOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscard,
+			multicastDst: false,
+			wantICMPv6:   false,
+		},
+		{
+			description:  "0b10/hbh/unicast",
+			mkExtHdr:     mkHopByHopOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscardSendICMP,
+			multicastDst: false,
+			wantICMPv6:   true,
+		},
+		{
+			description:  "0b10/hbh/multicast",
+			mkExtHdr:     mkHopByHopOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscardSendICMP,
+			multicastDst: true,
+			wantICMPv6:   true,
+		},
+		{
+			description:  "0b11/hbh/unicast",
+			mkExtHdr:     mkHopByHopOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscardSendICMPNoMulticastDest,
+			multicastDst: false,
+			wantICMPv6:   true,
+		},
+		{
+			description:  "0b11/hbh/multicast",
+			mkExtHdr:     mkHopByHopOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscardSendICMPNoMulticastDest,
+			multicastDst: true,
+			wantICMPv6:   false,
+		},
+		{
+			description:  "0b00/destination",
+			mkExtHdr:     mkDestinationOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionSkip,
+			multicastDst: false,
+			wantICMPv6:   false,
+		},
+		{
+			description:  "0b01/destination",
+			mkExtHdr:     mkDestinationOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscard,
+			multicastDst: false,
+			wantICMPv6:   false,
+		},
+		{
+			description:  "0b10/destination/unicast",
+			mkExtHdr:     mkDestinationOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscardSendICMP,
+			multicastDst: false,
+			wantICMPv6:   true,
+		},
+		{
+			description:  "0b10/destination/multicast",
+			mkExtHdr:     mkDestinationOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscardSendICMP,
+			multicastDst: true,
+			wantICMPv6:   true,
+		},
+		{
+			description:  "0b11/destination/unicast",
+			mkExtHdr:     mkDestinationOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscardSendICMPNoMulticastDest,
+			multicastDst: false,
+			wantICMPv6:   true,
+		},
+		{
+			description:  "0b11/destination/multicast",
+			mkExtHdr:     mkDestinationOptionsExtHdr,
+			action:       header.IPv6OptionUnknownActionDiscardSendICMPNoMulticastDest,
+			multicastDst: true,
+			wantICMPv6:   false,
+		},
+	} {
+		t.Run(tt.description, func(t *testing.T) {
+			dut := tb.NewDUT(t)
+			defer dut.TearDown()
+			ipv6Conn := tb.NewIPv6Conn(t, tb.IPv6{}, tb.IPv6{})
+			conn := (*tb.Connection)(&ipv6Conn)
+			defer ipv6Conn.Close()
+
+			outgoingOverride := tb.Layers{}
+			if tt.multicastDst {
+				outgoingOverride = tb.Layers{&tb.IPv6{
+					DstAddr: tb.Address(tcpip.Address(net.ParseIP("ff02::1"))),
+				}}
+			}
+
+			outgoing := conn.CreateFrame(outgoingOverride, tt.mkExtHdr(optionTypeFromAction(tt.action)))
+			conn.SendFrame(outgoing)
+			ipv6Sent := outgoing[1:]
+			invokingPacket, err := ipv6Sent.ToBytes()
+			if err != nil {
+				t.Fatalf("failed to serialize the outgoing packet: %s", err)
+			}
+			icmpv6Payload := make([]byte, 4)
+			// The pointer in the ICMPv6 parameter problem message should point to
+			// the option type of the unknown option. In our test case, it is the
+			// first option in the extension header whose option type is 2 bytes
+			// after the IPv6 header (after NextHeader and ExtHdrLen).
+			binary.BigEndian.PutUint32(icmpv6Payload, header.IPv6MinimumSize+2)
+			icmpv6Payload = append(icmpv6Payload, invokingPacket...)
+			gotICMPv6, err := ipv6Conn.ExpectFrame(tb.Layers{
+				&tb.Ether{},
+				&tb.IPv6{},
+				&tb.ICMPv6{
+					Type:       tb.ICMPv6Type(header.ICMPv6ParamProblem),
+					Code:       tb.Byte(2),
+					NDPPayload: icmpv6Payload,
+				},
+			}, time.Second)
+			if tt.wantICMPv6 && err != nil {
+				t.Fatalf("expected ICMPv6 Parameter Problem but got none: %s", err)
+			}
+			if !tt.wantICMPv6 && gotICMPv6 != nil {
+				t.Fatalf("expected no ICMPv6 Parameter Problem but got one: %s", gotICMPv6)
+			}
+		})
+	}
+}