blob: 15c5c020d147c4d9f1405e29753243f83f82452a [file] [log] [blame] [edit]
// Copyright 2021 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package network
import (
"context"
"time"
diagcommon "chromiumos/tast/common/network/diag"
"chromiumos/tast/ctxutil"
"chromiumos/tast/local/bundles/cros/network/diag"
"chromiumos/tast/local/bundles/cros/network/firewall"
"chromiumos/tast/testing"
)
type failFirewallParams struct {
Routine string
BlockPorts []string
}
func init() {
testing.AddTest(&testing.Test{
Func: DiagFailFirewall,
Desc: "Tests that the http/s firewall network diagnostic test fails when traffic is not allowed on certain ports",
Contacts: []string{
"khegde@chromium.org", // test maintainer
"cros-network-health@google.com", // network-health team
},
SoftwareDeps: []string{"chrome"},
Attr: []string{"group:mainline"},
Fixture: "networkDiagnosticsShillReset",
Params: []testing.Param{{
Name: "http",
Val: failFirewallParams{
Routine: diagcommon.RoutineHTTPFirewall,
BlockPorts: []string{"80"},
},
ExtraAttr: []string{"informational"},
}, {
Name: "https",
Val: failFirewallParams{
Routine: diagcommon.RoutineHTTPSFirewall,
BlockPorts: []string{"443"},
},
ExtraAttr: []string{"informational"},
}},
})
}
// DiagFailFirewall tests that when network traffic is blocked on port 80 and
// 443 the network diagnostic routine can detect this condition.
func DiagFailFirewall(ctx context.Context, s *testing.State) {
params := s.Param().(failFirewallParams)
// Create cleanup context to ensure iptables are restored.
cleanupCtx := ctx
ctx, cancel := ctxutil.Shorten(ctx, firewall.IptablesCleanupTimeout)
defer cancel()
if errs := firewall.SaveIptables(ctx, s.OutDir()); len(errs) != 0 {
msg := ""
for _, err := range errs {
msg = msg + err.Error()
}
s.Fatal("Unable to save iptables state: ", msg)
}
createFirewallParams := firewall.CreateFirewallParams{
// Drop http and https traffic.
BlockPorts: params.BlockPorts,
BlockProtocols: []string{"tcp", "udp"},
Timeout: 3 * time.Second,
}
if err := firewall.CreateFirewall(ctx, createFirewallParams); err != nil {
s.Fatal("Failed to create firewall: ", err)
}
defer func() {
if errs := firewall.RestoreIptables(cleanupCtx, s.OutDir()); len(errs) != 0 {
for _, err := range errs {
s.Log("Failed to restore iptables state: ", err)
}
}
}()
const problemFirewallDetected = 1
expectedResult := &diagcommon.RoutineResult{
Verdict: diagcommon.VerdictProblem,
Problems: []uint32{problemFirewallDetected},
}
mojo := s.FixtValue().(*diag.MojoAPI)
if err := mojo.PollRoutine(ctx, params.Routine, expectedResult); err != nil {
s.Fatal("Failed to poll routine: ", err)
}
}