// Copyright 2018 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package tcpconntrack_test
import (
"testing"
"gvisor.dev/gvisor/pkg/tcpip/header"
"gvisor.dev/gvisor/pkg/tcpip/transport/tcpconntrack"
)
// connected creates a connection tracker TCB and sets it to a connected state
// by performing a 3-way handshake.
func connected(t *testing.T, iss, irs uint32, isw, irw uint16) *tcpconntrack.TCB {
// Send SYN.
tcp := make(header.TCP, header.TCPMinimumSize)
tcp.Encode(&header.TCPFields{
SeqNum: iss,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: irw,
})
tcb := tcpconntrack.TCB{}
tcb.Init(tcp)
// Receive SYN-ACK.
tcp.Encode(&header.TCPFields{
SeqNum: irs,
AckNum: iss + 1,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn | header.TCPFlagAck,
WindowSize: isw,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Send ACK.
tcp.Encode(&header.TCPFields{
SeqNum: iss + 1,
AckNum: irs + 1,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck,
WindowSize: irw,
})
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
return &tcb
}
func TestConnectionRefused(t *testing.T) {
// Send SYN.
tcp := make(header.TCP, header.TCPMinimumSize)
tcp.Encode(&header.TCPFields{
SeqNum: 1234,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 30000,
})
tcb := tcpconntrack.TCB{}
tcb.Init(tcp)
// Receive RST.
tcp.Encode(&header.TCPFields{
SeqNum: 789,
AckNum: 1235,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagRst | header.TCPFlagAck,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultReset {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultReset)
}
}
func TestConnectionRefusedInSynRcvd(t *testing.T) {
// Send SYN.
tcp := make(header.TCP, header.TCPMinimumSize)
tcp.Encode(&header.TCPFields{
SeqNum: 1234,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 30000,
})
tcb := tcpconntrack.TCB{}
tcb.Init(tcp)
// Receive SYN.
tcp.Encode(&header.TCPFields{
SeqNum: 789,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Receive RST with no ACK.
tcp.Encode(&header.TCPFields{
SeqNum: 790,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagRst,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultReset {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultReset)
}
}
func TestConnectionResetInSynRcvd(t *testing.T) {
// Send SYN.
tcp := make(header.TCP, header.TCPMinimumSize)
tcp.Encode(&header.TCPFields{
SeqNum: 1234,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 30000,
})
tcb := tcpconntrack.TCB{}
tcb.Init(tcp)
// Receive SYN.
tcp.Encode(&header.TCPFields{
SeqNum: 789,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Send RST with no ACK.
tcp.Encode(&header.TCPFields{
SeqNum: 1235,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagRst,
})
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultReset {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultReset)
}
}
func TestRetransmitOnSynSent(t *testing.T) {
// Send initial SYN.
tcp := make(header.TCP, header.TCPMinimumSize)
tcp.Encode(&header.TCPFields{
SeqNum: 1234,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 30000,
})
tcb := tcpconntrack.TCB{}
tcb.Init(tcp)
// Retransmit the same SYN.
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultConnecting {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultConnecting)
}
}
func TestRetransmitOnSynRcvd(t *testing.T) {
// Send initial SYN.
tcp := make(header.TCP, header.TCPMinimumSize)
tcp.Encode(&header.TCPFields{
SeqNum: 1234,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 30000,
})
tcb := tcpconntrack.TCB{}
tcb.Init(tcp)
// Receive SYN. This will cause the state to go to SYN-RCVD.
tcp.Encode(&header.TCPFields{
SeqNum: 789,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Retransmit the original SYN.
tcp.Encode(&header.TCPFields{
SeqNum: 1234,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 30000,
})
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Transmit a SYN-ACK.
tcp.Encode(&header.TCPFields{
SeqNum: 1234,
AckNum: 790,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn | header.TCPFlagAck,
WindowSize: 30000,
})
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
}
func TestClosedBySelf(t *testing.T) {
tcb := connected(t, 1234, 789, 30000, 50000)
// Send FIN.
tcp := make(header.TCP, header.TCPMinimumSize)
tcp.Encode(&header.TCPFields{
SeqNum: 1235,
AckNum: 790,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck | header.TCPFlagFin,
WindowSize: 30000,
})
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Receive FIN/ACK.
tcp.Encode(&header.TCPFields{
SeqNum: 790,
AckNum: 1236,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck | header.TCPFlagFin,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Send ACK.
tcp.Encode(&header.TCPFields{
SeqNum: 1236,
AckNum: 791,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck,
WindowSize: 30000,
})
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultClosedBySelf {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultClosedBySelf)
}
}
func TestClosedByPeer(t *testing.T) {
tcb := connected(t, 1234, 789, 30000, 50000)
// Receive FIN.
tcp := make(header.TCP, header.TCPMinimumSize)
tcp.Encode(&header.TCPFields{
SeqNum: 790,
AckNum: 1235,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck | header.TCPFlagFin,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Send FIN/ACK.
tcp.Encode(&header.TCPFields{
SeqNum: 1235,
AckNum: 791,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck | header.TCPFlagFin,
WindowSize: 30000,
})
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Receive ACK.
tcp.Encode(&header.TCPFields{
SeqNum: 791,
AckNum: 1236,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultClosedByPeer {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultClosedByPeer)
}
}
func TestSendAndReceiveDataClosedBySelf(t *testing.T) {
sseq := uint32(1234)
rseq := uint32(789)
tcb := connected(t, sseq, rseq, 30000, 50000)
sseq++
rseq++
// Send some data.
tcp := make(header.TCP, header.TCPMinimumSize+1024)
for i := uint32(0); i < 10; i++ {
// Send some data.
tcp.Encode(&header.TCPFields{
SeqNum: sseq,
AckNum: rseq,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck,
WindowSize: 30000,
})
sseq += uint32(len(tcp)) - header.TCPMinimumSize
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Receive ack for data.
tcp.Encode(&header.TCPFields{
SeqNum: rseq,
AckNum: sseq,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp[:header.TCPMinimumSize]); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
}
for i := uint32(0); i < 10; i++ {
// Receive some data.
tcp.Encode(&header.TCPFields{
SeqNum: rseq,
AckNum: sseq,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck,
WindowSize: 50000,
})
rseq += uint32(len(tcp)) - header.TCPMinimumSize
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Send ack for data.
tcp.Encode(&header.TCPFields{
SeqNum: sseq,
AckNum: rseq,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck,
WindowSize: 30000,
})
if r := tcb.UpdateStateOutbound(tcp[:header.TCPMinimumSize]); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
}
// Send FIN.
tcp = tcp[:header.TCPMinimumSize]
tcp.Encode(&header.TCPFields{
SeqNum: sseq,
AckNum: rseq,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck | header.TCPFlagFin,
WindowSize: 30000,
})
sseq++
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Receive FIN/ACK.
tcp.Encode(&header.TCPFields{
SeqNum: rseq,
AckNum: sseq,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck | header.TCPFlagFin,
WindowSize: 50000,
})
rseq++
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Send ACK.
tcp.Encode(&header.TCPFields{
SeqNum: sseq,
AckNum: rseq,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck,
WindowSize: 30000,
})
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultClosedBySelf {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultClosedBySelf)
}
}
func TestIgnoreBadResetOnSynSent(t *testing.T) {
// Send SYN.
tcp := make(header.TCP, header.TCPMinimumSize)
tcp.Encode(&header.TCPFields{
SeqNum: 1234,
AckNum: 0,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn,
WindowSize: 30000,
})
tcb := tcpconntrack.TCB{}
tcb.Init(tcp)
// Receive a RST with a bad ACK, it should not cause the connection to
// be reset.
acks := []uint32{1234, 1236, 1000, 5000}
flags := []uint8{header.TCPFlagRst, header.TCPFlagRst | header.TCPFlagAck}
for _, a := range acks {
for _, f := range flags {
tcp.Encode(&header.TCPFields{
SeqNum: 789,
AckNum: a,
DataOffset: header.TCPMinimumSize,
Flags: f,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultConnecting {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
}
}
// Complete the handshake.
// Receive SYN-ACK.
tcp.Encode(&header.TCPFields{
SeqNum: 789,
AckNum: 1235,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagSyn | header.TCPFlagAck,
WindowSize: 50000,
})
if r := tcb.UpdateStateInbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
// Send ACK.
tcp.Encode(&header.TCPFields{
SeqNum: 1235,
AckNum: 790,
DataOffset: header.TCPMinimumSize,
Flags: header.TCPFlagAck,
WindowSize: 30000,
})
if r := tcb.UpdateStateOutbound(tcp); r != tcpconntrack.ResultAlive {
t.Fatalf("Bad result: got %v, want %v", r, tcpconntrack.ResultAlive)
}
}