braccept: more br_parent tests (#3285)

Add test for the following cases:
- revoked parent interface
- svc tests
- revoked child (not owned) interface
- one-hop-path parent interface tests
- scmp BAD_HOST test case

Also fix some braccept issues when cloning packets.

acceptance/br_multi_acceptance/conf/topology.json

@@ -108,11 +108,6 @@
       }
     }
   },
-  "PathService": {
-    "psA": { "Addrs": {
-        "IPv4": { "Public": { "L4Port": 20005, "Addr": "192.168.0.51" } }
-    } }
-  },
   "BeaconService": {
     "bsA": { "Addrs": {
         "IPv4": { "Public": { "L4Port": 20006, "Addr": "192.168.0.61" } }
@@ -121,6 +116,17 @@
   "CertificateService": {
     "csA": { "Addrs": {
         "IPv4": { "Public": { "L4Port": 20007, "Addr": "192.168.0.71" } }
+    } },
+    "csB": { "Addrs": {
+        "IPv4": { "Public": { "L4Port": 20007, "Addr": "192.168.0.72" } }
+    } }
+  },
+  "PathService": {
+    "psA": { "Addrs": {
+        "IPv4": { "Public": { "L4Port": 20005, "Addr": "192.168.0.51" } }
+    } },
+    "psB": { "Addrs": {
+        "IPv4": { "Public": { "L4Port": 20055, "Addr": "192.168.0.51" } }
     } }
   }
 }

acceptance/br_multi_acceptance/test

@@ -10,7 +10,7 @@ COMMAND="${1:?}"
 # This function is called from test_setup
 set_veths() {
     create_veth veth_int_host veth_int 192.168.0.11/24 f0:0d:ca:fe:00:01 \
-        192.168.0.12 192.168.0.13 192.168.0.14 192.168.0.51 192.168.0.61 192.168.0.71
+        192.168.0.12 192.168.0.13 192.168.0.14 192.168.0.51 192.168.0.61 192.168.0.71 192.168.0.72
     create_veth veth_121_host veth_121 192.168.12.2/31 f0:0d:ca:fe:00:12 192.168.12.3
     create_veth veth_131_host veth_131 192.168.13.2/31 f0:0d:ca:fe:00:13 192.168.13.3
     create_veth veth_141_host veth_141 192.168.14.2/31 f0:0d:ca:fe:00:14 192.168.14.3

acceptance/br_parent_acceptance/conf/topology.json

@@ -81,11 +81,6 @@
       }
     }
   },
-  "PathService": {
-    "psA": { "Addrs": {
-        "IPv4": { "Public": { "L4Port": 20005, "Addr": "192.168.0.51" } }
-    } }
-  },
   "BeaconService": {
     "bsA": { "Addrs": {
         "IPv4": { "Public": { "L4Port": 20006, "Addr": "192.168.0.61" } }
@@ -94,6 +89,17 @@
   "CertificateService": {
     "csA": { "Addrs": {
         "IPv4": { "Public": { "L4Port": 20007, "Addr": "192.168.0.71" } }
+    } },
+    "csB": { "Addrs": {
+        "IPv4": { "Public": { "L4Port": 20007, "Addr": "192.168.0.72" } }
+    } }
+  },
+  "PathService": {
+    "psA": { "Addrs": {
+        "IPv4": { "Public": { "L4Port": 20005, "Addr": "192.168.0.51" } }
+    } },
+    "psB": { "Addrs": {
+        "IPv4": { "Public": { "L4Port": 20055, "Addr": "192.168.0.51" } }
     } }
   }
 }

acceptance/br_parent_acceptance/test

@@ -10,7 +10,7 @@ COMMAND="${1:?}"
 # This function is called from test_setup
 set_veths() {
     create_veth veth_int_host veth_int 192.168.0.11/24 f0:0d:ca:fe:00:01 \
-        192.168.0.12 192.168.0.13 192.168.0.14 192.168.0.51 192.168.0.61 192.168.0.71
+        192.168.0.12 192.168.0.13 192.168.0.14 192.168.0.51 192.168.0.61 192.168.0.71 192.168.0.72
     create_veth veth_131_host veth_131 192.168.13.2/31 f0:0d:ca:fe:00:13 192.168.13.3
 }
 

go/border/braccept/BUILD.bazel

@@ -21,6 +21,7 @@ go_library(
         "revocation_tests.go",
         "send.go",
         "sleep.go",
+        "svc_tests.go",
     ],
     importpath = "github.com/scionproto/scion/go/border/braccept",
     visibility = ["//visibility:private"],

go/border/braccept/br_tests.go

@@ -72,5 +72,22 @@ func br_parent() int {
 	failures += parent_to_internal_child()
 	failures += internal_child_to_parent()
 
+	// XXX(sgmonroy) the following tests are only run for this specific BR configuration
+	// with a single parent interface. In the current implementation, the behavior would be
+	// the same regardless of the link type that the packet was recevied on.
+	failures += svc_anycast_parent_to_internal_host()
+	failures += svc_multicast_parent_to_internal_host()
+	failures += svc_multicast_same_host_parent_to_internal_host()
+
+	failures += revocation_owned_parent()
+	failures += revocation_not_owned_child_link()
+
+	failures += ohp_parent_to_internal_bs()
+	failures += ohp_udp_parent_to_internal_bs()
+	failures += ohp_udp_internal_bs_to_parent()
+	failures += ohp_internal_bs_to_parent()
+
+	failures += parent_scmp_routing_bad_host()
+
 	return failures
 }

go/border/braccept/layers/addrhdr.go

@@ -15,7 +15,9 @@
 package layers
 
 import (
+	"bytes"
 	"fmt"
+	"net"
 
 	"github.com/scionproto/scion/go/lib/addr"
 	"github.com/scionproto/scion/go/lib/common"
@@ -129,3 +131,36 @@ func (a *AddrHdr) String() string {
 	return fmt.Sprintf("SrcIA: %s, SrcHost: %s, DstIA: %s, DstHost: %s",
 		a.SrcIA, a.SrcHost, a.DstIA, a.DstHost)
 }
+
+var _ addr.HostAddr = (HostBad)(nil)
+
+type HostBad common.RawBytes
+
+func (h HostBad) Size() int {
+	return len(h)
+}
+
+func (h HostBad) Type() addr.HostAddrType {
+	return addr.HostTypeNone
+}
+
+func (h HostBad) Pack() common.RawBytes {
+	return common.RawBytes(h)
+}
+
+func (h HostBad) IP() net.IP {
+	return nil
+}
+
+func (h HostBad) Copy() addr.HostAddr {
+	return HostBad(append(common.RawBytes(nil), h...))
+}
+
+func (h HostBad) Equal(o addr.HostAddr) bool {
+	hb, ok := o.(HostBad)
+	return ok && bytes.Equal(h, hb)
+}
+
+func (h HostBad) String() string {
+	return fmt.Sprintf("%s", common.RawBytes(h))
+}

go/border/braccept/layers/scmp.go

@@ -108,6 +108,9 @@ func (s *SCMP) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
 func (s *SCMP) String() string {
 	var str []string
 	str = append(str, fmt.Sprintf("%s", &s.Hdr))
+	if s.Pld == nil {
+		return strings.Join(str, " ")
+	}
 	if s.Meta != nil {
 		str = append(str, fmt.Sprintf("Meta={ %s }", s.Meta))
 	}

go/border/braccept/layers/scnpath.go

@@ -27,6 +27,17 @@ type ScnPath struct {
 	raw  common.RawBytes
 }
 
+func (p *ScnPath) Clone() *ScnPath {
+	clone := &ScnPath{}
+	clone.raw = make(common.RawBytes, len(p.raw))
+	copy(clone.raw, p.raw)
+	clone.Segs = make([]*Segment, len(p.Segs))
+	for i := range p.Segs {
+		clone.Segs[i] = p.Segs[i].Clone()
+	}
+	return clone
+}
+
 func (p *ScnPath) Parse(b common.RawBytes) error {
 	if len(b) == 0 {
 		return nil
@@ -87,6 +98,18 @@ type Segment struct {
 	Hops []*spath.HopField
 }
 
+func (s *Segment) Clone() *Segment {
+	clone := &Segment{}
+	inf := *s.Inf
+	clone.Inf = &inf
+	clone.Hops = make([]*spath.HopField, len(s.Hops))
+	for i := range s.Hops {
+		hop := *s.Hops[i]
+		clone.Hops[i] = &hop
+	}
+	return clone
+}
+
 func (s *Segment) Parse(b common.RawBytes) (int, error) {
 	minSegLen := spath.InfoFieldLength + 2*spath.HopFieldLength
 	if minSegLen > len(b) {

go/border/braccept/parent_tests.go

@@ -14,6 +14,10 @@
 
 package main
 
+import (
+	"fmt"
+)
+
 func parent_to_internal_host() int {
 	pkt0 := AllocatePacket()
 	pkt0.ParsePacket(`
@@ -141,3 +145,181 @@ func internal_child_to_parent() int {
 
 	return ExpectedPackets("internal/child to parent", defaultTimeout, pkt1)
 }
+
+func ohp_parent_to_internal_bs() int {
+	pkt0 := AllocatePacket()
+	pkt0.ParsePacket(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:be:ef DstMAC=f0:0d:ca:fe:00:13 EthernetType=IPv4
+		IP4: Src=192.168.13.3 Dst=192.168.13.2 NextHdr=UDP Flags=DF
+		UDP: Src=40000 Dst=50000
+		SCION: NextHdr=HBH CurrInfoF=4 CurrHopF=6 SrcType=IPv4 DstType=SVC
+			ADDR: SrcIA=1-ff00:0:3 Src=172.16.3.1 DstIA=1-ff00:0:1 Dst=BS
+			IF_1: ISD=1 Hops=2 Flags=ConsDir
+				HF_1: ConsIngress=0 ConsEgress=311
+				HF_2: ConsIngress=0 ConsEgress=0 Mac=000000
+		HBH: NextHdr=HBH Type=OHP
+			HBH.OHP:
+	`)
+	// XXX HBH and None are the same NextHdr value
+	pkt0.SetDev("veth_131")
+	pkt0.SetChecksum("UDP", "IP4")
+
+	pkt1 := pkt0.CloneAndUpdate(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:00:01 DstMAC=f0:0d:ca:fe:be:ef
+		IP4: Src=192.168.0.11 Dst=192.168.0.61 Checksum=0
+		UDP: Src=30001 Dst=30041
+		SCION:
+			HF_2: ConsIngress=131 ConsEgress=0 ExpTime=63
+	`)
+	// XXX Go BR sets ExpTime to default, which is currently 63
+	pkt1.SetDev("veth_int")
+	pkt1.SetChecksum("UDP", "IP4")
+	pkt1.GenerateMac("SCION", "IF_1", "HF_2", "HF_1")
+
+	SendPackets(pkt0)
+
+	return ExpectedPackets("one-hop-path parent to internal/bs", defaultTimeout, pkt1)
+}
+
+func ohp_udp_parent_to_internal_bs() int {
+	pkt0 := AllocatePacket()
+	pkt0.ParsePacket(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:be:ef DstMAC=f0:0d:ca:fe:00:13 EthernetType=IPv4
+		IP4: Src=192.168.13.3 Dst=192.168.13.2 NextHdr=UDP Flags=DF
+		UDP: Src=40000 Dst=50000
+		SCION: NextHdr=HBH CurrInfoF=4 CurrHopF=6 SrcType=IPv4 DstType=SVC
+			ADDR: SrcIA=1-ff00:0:3 Src=172.16.3.1 DstIA=1-ff00:0:1 Dst=BS
+			IF_1: ISD=1 Hops=2 Flags=ConsDir
+				HF_1: ConsIngress=0 ConsEgress=311
+				HF_2: ConsIngress=0 ConsEgress=0 Mac=000000
+		HBH: NextHdr=UDP Type=OHP
+			HBH.OHP:
+		UDP_1: Src=40111 Dst=40222
+	`)
+	pkt0.SetDev("veth_131")
+	pkt0.SetChecksum("UDP", "IP4")
+	pkt0.SetChecksum("UDP_1", "SCION")
+
+	pkt1 := pkt0.CloneAndUpdate(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:00:01 DstMAC=f0:0d:ca:fe:be:ef
+		IP4: Src=192.168.0.11 Dst=192.168.0.61 Checksum=0
+		UDP: Src=30001 Dst=30041
+		SCION:
+			HF_2: ConsIngress=131 ConsEgress=0 ExpTime=63
+	`)
+	// XXX Go BR sets ExpTime to default, which is currently 63
+	pkt1.SetDev("veth_int")
+	pkt1.SetChecksum("UDP", "IP4")
+	pkt1.GenerateMac("SCION", "IF_1", "HF_2", "HF_1")
+
+	SendPackets(pkt0)
+
+	return ExpectedPackets("one-hop-path udp parent to internal/bs", defaultTimeout, pkt1)
+}
+
+func ohp_udp_internal_bs_to_parent() int {
+	pkt0 := AllocatePacket()
+	pkt0.ParsePacket(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:be:ef DstMAC=f0:0d:ca:fe:00:01 EthernetType=IPv4
+		IP4: Src=192.168.0.51 Dst=192.168.0.11 NextHdr=UDP Flags=DF
+		UDP: Src=30041 Dst=30001
+		SCION: NextHdr=HBH CurrInfoF=4 CurrHopF=5 SrcType=IPv4 DstType=SVC
+			ADDR: SrcIA=1-ff00:0:1 Src=192.168.0.61 DstIA=1-ff00:0:3 Dst=BS
+			IF_1: ISD=1 Hops=2
+				HF_1: ConsIngress=131 ConsEgress=0
+				HF_2: ConsIngress=0   ConsEgress=0 Mac=000000
+		HBH: NextHdr=HBH Type=OHP
+			HBH.OHP:
+	`)
+	pkt0.SetDev("veth_int")
+	pkt0.SetChecksum("UDP", "IP4")
+	pkt0.GenerateMac("SCION", "IF_1", "HF_1", "HF_2")
+
+	pkt1 := pkt0.CloneAndUpdate(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:00:13 DstMAC=f0:0d:ca:fe:be:ef
+		IP4: Src=192.168.13.2 Dst=192.168.13.3 Checksum=0
+		UDP: Src=50000 Dst=40000
+		SCION: CurrHopF=6
+	`)
+	pkt1.SetDev("veth_131")
+	pkt1.SetChecksum("UDP", "IP4")
+
+	SendPackets(pkt0)
+
+	return ExpectedPackets("one-hop-path up segment internal/bs to parent", defaultTimeout, pkt1)
+}
+
+func ohp_internal_bs_to_parent() int {
+	pkt0 := AllocatePacket()
+	pkt0.ParsePacket(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:be:ef DstMAC=f0:0d:ca:fe:00:01 EthernetType=IPv4
+		IP4: Src=192.168.0.51 Dst=192.168.0.11 NextHdr=UDP Flags=DF
+		UDP: Src=30041 Dst=30001
+		SCION: NextHdr=HBH CurrInfoF=4 CurrHopF=5 SrcType=IPv4 DstType=SVC
+			ADDR: SrcIA=1-ff00:0:1 Src=192.168.0.61 DstIA=1-ff00:0:3 Dst=BS
+			IF_1: ISD=1 Hops=2 Flags=ConsDir
+				HF_1: ConsIngress=0 ConsEgress=131
+				HF_2: ConsIngress=0 ConsEgress=0 Mac=000000
+		HBH: NextHdr=HBH Type=OHP
+			HBH.OHP:
+	`)
+	pkt0.SetDev("veth_int")
+	pkt0.SetChecksum("UDP", "IP4")
+	pkt0.GenerateMac("SCION", "IF_1", "HF_1", "")
+
+	pkt1 := pkt0.CloneAndUpdate(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:00:13 DstMAC=f0:0d:ca:fe:be:ef
+		IP4: Src=192.168.13.2 Dst=192.168.13.3 Checksum=0
+		UDP: Src=50000 Dst=40000
+		SCION: CurrHopF=6
+	`)
+	pkt1.SetDev("veth_131")
+	pkt1.SetChecksum("UDP", "IP4")
+
+	SendPackets(pkt0)
+
+	return ExpectedPackets("one-hop-path internal/bs to parent", defaultTimeout, pkt1)
+}
+
+func parent_scmp_routing_bad_host() int {
+	pkt0 := AllocatePacket()
+	pkt0.ParsePacket(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:be:ef DstMAC=f0:0d:ca:fe:00:13 EthernetType=IPv4
+		IP4: Src=192.168.13.3 Dst=192.168.13.2 NextHdr=UDP Flags=DF
+		UDP: Src=40000 Dst=50000
+		SCION: NextHdr=UDP CurrInfoF=4 CurrHopF=6 SrcType=IPv4 DstType=SVC
+			ADDR: SrcIA=1-ff00:0:3 Src=172.16.3.1 DstIA=1-ff00:0:1 Dst=0009
+			IF_1: ISD=1 Hops=2 Flags=ConsDir
+				HF_1: ConsIngress=0   ConsEgress=311
+				HF_2: ConsIngress=131 ConsEgress=0
+		UDP_1: Src=40111 Dst=40222
+	`)
+	pkt0.SetDev("veth_131")
+	pkt0.SetChecksum("UDP", "IP4")
+	pkt0.SetChecksum("UDP_1", "SCION")
+	pkt0.GenerateMac("SCION", "IF_1", "HF_2", "HF_1")
+
+	pkt1 := AllocatePacket()
+	pkt1.ParsePacket(fmt.Sprintf(`
+		Ethernet: SrcMAC=f0:0d:ca:fe:00:13 DstMAC=f0:0d:ca:fe:be:ef EthernetType=IPv4
+		IP4: Src=192.168.13.2 Dst=192.168.13.3 NextHdr=UDP Flags=DF Checksum=0
+		UDP: Src=50000 Dst=40000 Checksum=0
+		SCION: NextHdr=HBH CurrInfoF=4 CurrHopF=6 SrcType=IPv4 DstType=IPv4
+			ADDR: SrcIA=1-ff00:0:1 Src=192.168.0.11 DstIA=1-ff00:0:3 Dst=172.16.3.1
+			IF_1: ISD=1 Hops=2
+				HF_1: ConsIngress=131 ConsEgress=0
+				HF_2: ConsIngress=0   ConsEgress=311
+		HBH: NextHdr=SCMP Type=SCMP
+			HBH.SCMP: Flags=Error,HBH
+		SCMP: Class=ROUTING Type=BAD_HOST Checksum=0
+			QUOTED: RawPkt=%s
+	`, pkt0.Serialize()))
+	pkt1.SetDev("veth_131")
+	pkt1.SetChecksum("UDP", "IP4")
+	pkt1.SetChecksum("SCMP", "SCION")
+	pkt1.GenerateMac("SCION", "IF_1", "HF_1", "HF_2")
+
+	SendPackets(pkt0)
+
+	return ExpectedPackets("parent scmp routing bad host", defaultTimeout, pkt1)
+}