add unit test, fix orientation of ports

slackhq · Oct 10, 2024 · e816127 · e816127
1 parent ddd1c2b
commit e816127
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 6 deletions.
diff --git a/outside.go b/outside.go
@@ -335,11 +335,11 @@ func parseV6(data []byte, incoming bool, fp *firewall.Packet) error {
 			}
 			fp.Protocol = uint8(proto)
 			if incoming {
-				fp.RemotePort = binary.BigEndian.Uint16(data[offset+2 : offset+4])
-				fp.LocalPort = binary.BigEndian.Uint16(data[offset : offset+2])
-			} else {
 				fp.RemotePort = binary.BigEndian.Uint16(data[offset : offset+2])
 				fp.LocalPort = binary.BigEndian.Uint16(data[offset+2 : offset+4])
+			} else {
+				fp.LocalPort = binary.BigEndian.Uint16(data[offset : offset+2])
+				fp.RemotePort = binary.BigEndian.Uint16(data[offset+2 : offset+4])
 			}
 			fp.Fragment = false
 			return nil
@@ -350,11 +350,11 @@ func parseV6(data []byte, incoming bool, fp *firewall.Packet) error {
 			}
 			fp.Protocol = uint8(proto)
 			if incoming {
-				fp.RemotePort = binary.BigEndian.Uint16(data[offset+2 : offset+4])
-				fp.LocalPort = binary.BigEndian.Uint16(data[offset : offset+2])
-			} else {
 				fp.RemotePort = binary.BigEndian.Uint16(data[offset : offset+2])
 				fp.LocalPort = binary.BigEndian.Uint16(data[offset+2 : offset+4])
+			} else {
+				fp.LocalPort = binary.BigEndian.Uint16(data[offset : offset+2])
+				fp.RemotePort = binary.BigEndian.Uint16(data[offset+2 : offset+4])
 			}
 			fp.Fragment = false
 			return nil

diff --git a/outside_test.go b/outside_test.go
@@ -1,6 +1,8 @@
 package nebula
 
 import (
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
 	"net"
 	"net/netip"
 	"testing"
@@ -87,3 +89,55 @@ func Test_newPacket(t *testing.T) {
 	assert.Equal(t, p.RemotePort, uint16(6))
 	assert.Equal(t, p.LocalPort, uint16(5))
 }
+
+func Test_newPacket_v6(t *testing.T) {
+	p := &firewall.Packet{}
+
+	ip := layers.IPv6{
+		Version:    6,
+		NextHeader: firewall.ProtoUDP,
+		HopLimit:   128,
+		SrcIP:      net.IPv6linklocalallrouters,
+		DstIP:      net.IPv6linklocalallnodes,
+	}
+
+	udp := layers.UDP{
+		SrcPort: layers.UDPPort(36123),
+		DstPort: layers.UDPPort(22),
+	}
+	err := udp.SetNetworkLayerForChecksum(&ip)
+	if err != nil {
+		panic(err)
+	}
+
+	buffer := gopacket.NewSerializeBuffer()
+	opt := gopacket.SerializeOptions{
+		ComputeChecksums: true,
+		FixLengths:       true,
+	}
+	err = gopacket.SerializeLayers(buffer, opt, &ip, &udp, gopacket.Payload([]byte{0xde, 0xad, 0xbe, 0xef}))
+	if err != nil {
+		panic(err)
+	}
+	b := buffer.Bytes()
+
+	//test incoming
+	err = newPacket(b, true, p)
+
+	assert.Nil(t, err)
+	assert.Equal(t, p.Protocol, uint8(firewall.ProtoUDP))
+	assert.Equal(t, p.RemoteIP, netip.MustParseAddr("ff02::2"))
+	assert.Equal(t, p.LocalIP, netip.MustParseAddr("ff02::1"))
+	assert.Equal(t, p.RemotePort, uint16(36123))
+	assert.Equal(t, p.LocalPort, uint16(22))
+
+	//test outgoing
+	err = newPacket(b, false, p)
+
+	assert.Nil(t, err)
+	assert.Equal(t, p.Protocol, uint8(firewall.ProtoUDP))
+	assert.Equal(t, p.LocalIP, netip.MustParseAddr("ff02::2"))
+	assert.Equal(t, p.RemoteIP, netip.MustParseAddr("ff02::1"))
+	assert.Equal(t, p.LocalPort, uint16(36123))
+	assert.Equal(t, p.RemotePort, uint16(22))
+}