Accueil Explorer Aide
Connexion
Apq
/
sing-box
miroir de https://github.com/SagerNet/sing-box.git
1
0
Fork 0
Fichiers Tickets 0 Wiki
Branche: testing
Branches Tags
sing-box
/
common
/
windivert
/
filter_test.go

filter_test.go 4.7 KB
Lien permanent Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. package windivert
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/binary"
    5. 

  5. 	"net/netip"
    6. 

  6. 	"testing"
    7. 

  7. )
    8. 

  8. 

  9. func TestRejectFilter(t *testing.T) {
    10. 

  10. 	t.Parallel()
    11. 

  11. 	bin, flags, err := reject().encode()
    12. 

  12. 	if err != nil {
    13. 

  13. 		t.Fatal(err)
    14. 

  14. 	}
    15. 

  15. 	if len(bin) != filterInstBytes {
    16. 

  16. 		t.Fatalf("reject filter len: got %d, want %d", len(bin), filterInstBytes)
    17. 

  17. 	}
    18. 

  18. 	if flags != 0 {
    19. 

  19. 		t.Fatalf("reject filter flags: got %x, want 0", flags)
    20. 

  20. 	}
    21. 

  21. 	// word0: field=ZERO=0, test=EQ=0, success=REJECT=0x7FFF
    22. 

  22. 	word0 := binary.LittleEndian.Uint32(bin[0:4])
    23. 

  23. 	if word0 != uint32(resultReject)<<16 {
    24. 

  24. 		t.Fatalf("reject word0 = %08x", word0)
    25. 

  25. 	}
    26. 

  26. 	// word1: failure=REJECT
    27. 

  27. 	word1 := binary.LittleEndian.Uint32(bin[4:8])
    28. 

  28. 	if word1 != uint32(resultReject) {
    29. 

  29. 		t.Fatalf("reject word1 = %08x", word1)
    30. 

  30. 	}
    31. 

  31. }
    32. 

  32. 

  33. func TestOutboundTCPFilterIPv4(t *testing.T) {
    34. 

  34. 	t.Parallel()
    35. 

  35. 	src := netip.MustParseAddrPort("10.1.2.3:54321")
    36. 

  36. 	dst := netip.MustParseAddrPort("1.2.3.4:443")
    37. 

  37. 	f, err := OutboundTCP(src, dst)
    38. 

  38. 	if err != nil {
    39. 

  39. 		t.Fatal(err)
    40. 

  40. 	}
    41. 

  41. 	bin, flags, err := f.encode()
    42. 

  42. 	if err != nil {
    43. 

  43. 		t.Fatal(err)
    44. 

  44. 	}
    45. 

  45. 	if want := filterFlagOutbound | filterFlagIP; flags != want {
    46. 

  46. 		t.Fatalf("flags: got %x, want %x", flags, want)
    47. 

  47. 	}
    48. 

  48. 	// 7 instructions: OUTBOUND, IP, TCP, IP_SRCADDR, IP_DSTADDR, TCP_SRCPORT, TCP_DSTPORT
    49. 

  49. 	const wantInsts = 7
    50. 

  50. 	if len(bin) != wantInsts*filterInstBytes {
    51. 

  51. 		t.Fatalf("instruction count: got %d, want %d", len(bin)/filterInstBytes, wantInsts)
    52. 

  52. 	}
    53. 

  53. 

  54. 	// Inst 0: OUTBOUND == 1, success=1, failure=REJECT
    55. 

  55. 	checkInst(t, bin[0*filterInstBytes:], 0, fieldOutbound, testEQ, 1, resultReject, 1)
    56. 

  56. 	// Inst 1: IP == 1, success=2
    57. 

  57. 	checkInst(t, bin[1*filterInstBytes:], 1, fieldIP, testEQ, 2, resultReject, 1)
    58. 

  58. 	// Inst 2: TCP == 1, success=3
    59. 

  59. 	checkInst(t, bin[2*filterInstBytes:], 2, fieldTCP, testEQ, 3, resultReject, 1)
    60. 

  60. 	// Inst 3: IP_SRCADDR == 10.1.2.3 (host-order uint32 = 0x0A010203, arg[1]=0x0000FFFF marker)
    61. 

  61. 	checkInst(t, bin[3*filterInstBytes:], 3, fieldIPSrcAddr, testEQ, 4, resultReject, 0x0A010203)
    62. 

  62. 	checkArg1(t, bin[3*filterInstBytes:], 3, 0x0000FFFF)
    63. 

  63. 	// Inst 4: IP_DSTADDR == 1.2.3.4
    64. 

  64. 	checkInst(t, bin[4*filterInstBytes:], 4, fieldIPDstAddr, testEQ, 5, resultReject, 0x01020304)
    65. 

  65. 	checkArg1(t, bin[4*filterInstBytes:], 4, 0x0000FFFF)
    66. 

  66. 	// Inst 5: TCP_SRCPORT == 54321
    67. 

  67. 	checkInst(t, bin[5*filterInstBytes:], 5, fieldTCPSrcPort, testEQ, 6, resultReject, 54321)
    68. 

  68. 	// Last inst 6: TCP_DSTPORT == 443, success=ACCEPT
    69. 

  69. 	checkInst(t, bin[6*filterInstBytes:], 6, fieldTCPDstPort, testEQ, resultAccept, resultReject, 443)
    70. 

  70. }
    71. 

  71. 

  72. func TestOutboundTCPFilterIPv6(t *testing.T) {
    73. 

  73. 	t.Parallel()
    74. 

  74. 	src := netip.MustParseAddrPort("[2001:db8::1]:54321")
    75. 

  75. 	dst := netip.MustParseAddrPort("[2001:db8::2]:443")
    76. 

  76. 	f, err := OutboundTCP(src, dst)
    77. 

  77. 	if err != nil {
    78. 

  78. 		t.Fatal(err)
    79. 

  79. 	}
    80. 

  80. 	bin, flags, err := f.encode()
    81. 

  81. 	if err != nil {
    82. 

  82. 		t.Fatal(err)
    83. 

  83. 	}
    84. 

  84. 	if want := filterFlagOutbound | filterFlagIPv6; flags != want {
    85. 

  85. 		t.Fatalf("flags: got %x, want %x", flags, want)
    86. 

  86. 	}
    87. 

  87. 	// Inst 3: IPv6_SRCADDR. The driver stores the address in reversed
    88. 

  88. 	// word order: arg[0]=low (bytes 12..15)=1, arg[3]=high (bytes 0..3)=0x20010db8.
    89. 

  89. 	off := 3 * filterInstBytes
    90. 

  90. 	a0 := binary.LittleEndian.Uint32(bin[off+8:])
    91. 

  91. 	a1 := binary.LittleEndian.Uint32(bin[off+12:])
    92. 

  92. 	a2 := binary.LittleEndian.Uint32(bin[off+16:])
    93. 

  93. 	a3 := binary.LittleEndian.Uint32(bin[off+20:])
    94. 

  94. 	if a0 != 1 || a1 != 0 || a2 != 0 || a3 != 0x20010db8 {
    95. 

  95. 		t.Fatalf("ipv6 src arg=[%08x %08x %08x %08x], want [1 0 0 0x20010db8]", a0, a1, a2, a3)
    96. 

  96. 	}
    97. 

  97. }
    98. 

  98. 

  99. func TestOutboundTCPFilterMixedFamily(t *testing.T) {
    100. 

  100. 	t.Parallel()
    101. 

  101. 	src := netip.MustParseAddrPort("10.0.0.1:1234")
    102. 

  102. 	dst := netip.MustParseAddrPort("[2001:db8::1]:443")
    103. 

  103. 	if _, err := OutboundTCP(src, dst); err == nil {
    104. 

  104. 		t.Fatal("expected error for mixed families")
    105. 

  105. 	}
    106. 

  106. }
    107. 

  107. 

  108. func checkArg1(t *testing.T, raw []byte, idx int, arg1 uint32) {
    109. 

  109. 	t.Helper()
    110. 

  110. 	got := binary.LittleEndian.Uint32(raw[12:16])
    111. 

  111. 	if got != arg1 {
    112. 

  112. 		t.Errorf("inst %d arg[1]: got %08x, want %08x", idx, got, arg1)
    113. 

  113. 	}
    114. 

  114. }
    115. 

  115. 

  116. func checkInst(t *testing.T, raw []byte, idx int, field uint16, test uint8, success, failure uint16, arg0 uint32) {
    117. 

  117. 	t.Helper()
    118. 

  118. 	word0 := binary.LittleEndian.Uint32(raw[0:4])
    119. 

  119. 	word1 := binary.LittleEndian.Uint32(raw[4:8])
    120. 

  120. 	a0 := binary.LittleEndian.Uint32(raw[8:12])
    121. 

  121. 	gotField := uint16(word0 & 0x7FF)
    122. 

  122. 	gotTest := uint8((word0 >> 11) & 0x1F)
    123. 

  123. 	gotSuccess := uint16(word0 >> 16)
    124. 

  124. 	gotFailure := uint16(word1 & 0xFFFF)
    125. 

  125. 	if gotField != field {
    126. 

  126. 		t.Errorf("inst %d field: got %d, want %d", idx, gotField, field)
    127. 

  127. 	}
    128. 

  128. 	if gotTest != test {
    129. 

  129. 		t.Errorf("inst %d test: got %d, want %d", idx, gotTest, test)
    130. 

  130. 	}
    131. 

  131. 	if gotSuccess != success {
    132. 

  132. 		t.Errorf("inst %d success: got %d, want %d", idx, gotSuccess, success)
    133. 

  133. 	}
    134. 

  134. 	if gotFailure != failure {
    135. 

  135. 		t.Errorf("inst %d failure: got %d, want %d", idx, gotFailure, failure)
    136. 

  136. 	}
    137. 

  137. 	if a0 != arg0 {
    138. 

  138. 		t.Errorf("inst %d arg[0]: got %08x, want %08x", idx, a0, arg0)
    139. 

  139. 	}
    140. 

  140. }
    141.