def test_conntrack_delete_icmp_entry(self):
conntrack_filter = mock.Mock()
nl_lib.nfct.nfct_new.return_value = conntrack_filter
with nl_lib.ConntrackManager() as conntrack:
nl_lib.nfct.nfct_open.assert_called_once()
conntrack.delete_entries([FAKE_ENTRY])
calls = [
mock.call(conntrack_filter, nl_constants.ATTR_L3PROTO,
nl_constants.IPVERSION_SOCKET[4]),
mock.call(conntrack_filter, nl_constants.ATTR_L4PROTO,
constants.IP_PROTOCOL_MAP['icmp']),
mock.call(conntrack_filter, nl_constants.ATTR_ICMP_CODE,
int(FAKE_ENTRY['code'])),
mock.call(conntrack_filter, nl_constants.ATTR_ICMP_TYPE,
int(FAKE_ENTRY['type']))
]
nl_lib.nfct.nfct_set_attr_u8.assert_has_calls(calls,
any_order=True)
calls = [
mock.call(conntrack_filter, nl_constants.ATTR_ICMP_ID,
nl_lib.libc.htons(FAKE_ENTRY['id'])),
]
nl_lib.nfct.nfct_set_attr_u16.assert_has_calls(calls)
calls = [
mock.call(conntrack_filter, nl_constants.ATTR_IPV4_SRC,
nl_lib.libc.inet_addr(FAKE_ENTRY['src'])),
mock.call(conntrack_filter, nl_constants.ATTR_IPV4_DST,
nl_lib.libc.inet_addr(FAKE_ENTRY['dst'])),
]
nl_lib.nfct.nfct_set_attr_u32.assert_has_calls(calls,
any_order=True)
nl_lib.nfct.nfct_destroy.assert_called_once()
nl_lib.nfct.nfct_close.assert_called_once()
def test_conntrack_list_entries(self):
with nl_lib.ConntrackManager() as conntrack:
nl_lib.nfct.nfct_open.assert_called_once()
conntrack.list_entries()
nl_lib.nfct.nfct_callback_register.assert_called_once()
nl_lib.nfct.nfct_query.assert_called_once()
nl_lib.nfct.nfct_close.assert_called_once()
def test_conntrack_new_failed(self):
nl_lib.nfct.nfct_new.return_value = None
with nl_lib.ConntrackManager() as conntrack:
nl_lib.nfct.nfct_open.assert_called_once()
conntrack.delete_entries([FAKE_ENTRY])
nl_lib.nfct.nfct_new.assert_called_once()
nl_lib.nfct.nfct_destroy.assert_called_once()
nl_lib.nfct.nfct_close.assert_called_once()
def test_conntrack_delete_tcp_entry(self):
conntrack_filter = mock.Mock()
nl_lib.nfct.nfct_new.return_value = conntrack_filter
with nl_lib.ConntrackManager() as conntrack:
nl_lib.nfct.nfct_open.assert_called_once()
conntrack.delete_entries([FAKE_TCP_ENTRY])
calls = [
mock.call(conntrack_filter,
nl_constants.ATTR_L3PROTO,
nl_constants.IPVERSION_SOCKET[4]),
mock.call(conntrack_filter,
nl_constants.ATTR_L4PROTO,
constants.IP_PROTOCOL_MAP['tcp'])
]
nl_lib.nfct.nfct_set_attr_u8.assert_has_calls(calls,
any_order=True)
calls = [
mock.call(conntrack_filter,
nl_constants.ATTR_PORT_SRC,
nl_lib.libc.htons(FAKE_TCP_ENTRY['sport'])),
mock.call(conntrack_filter,
nl_constants.ATTR_PORT_DST,
nl_lib.libc.htons(FAKE_TCP_ENTRY['dport']))
]
nl_lib.nfct.nfct_set_attr_u16.assert_has_calls(calls,
any_order=True)
calls = [
mock.call(conntrack_filter,
nl_constants.ATTR_IPV4_SRC,
conntrack._convert_text_to_binary(
FAKE_TCP_ENTRY['src'], 4)),
mock.call(conntrack_filter,
nl_constants.ATTR_IPV4_DST,
conntrack._convert_text_to_binary(
FAKE_TCP_ENTRY['dst'], 4)),
]
nl_lib.nfct.nfct_set_attr.assert_has_calls(calls, any_order=True)
nl_lib.nfct.nfct_destroy.assert_called_once()
nl_lib.nfct.nfct_close.assert_called_once()
def test_open_new_conntrack_handler_pass(self):
with nl_lib.ConntrackManager():
nl_lib.nfct.nfct_open.assert_called_once()
nl_lib.nfct.nfct_close.assert_called_once()
def test_open_new_conntrack_handler_failed(self):
nl_lib.nfct.nfct_open.return_value = None
with testtools.ExpectedException(nl_lib.ConntrackOpenFailedExit):
with nl_lib.ConntrackManager():
nl_lib.nfct.nfct_open.assert_called_once()
nl_lib.nfct.nfct_close.assert_not_called()
