// Copyright 2019 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <arpa/inet.h>
#include <linux/capability.h>
#include <linux/if_tun.h>
#include <net/if.h>
#include <netinet/in.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>

#include <cstdio>
#include <cstring>
#include <map>
#include <memory>
#include <unordered_map>
#include <unordered_set>
#include <utility>
#include <vector>

#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "test/syscalls/linux/ip_socket_test_util.h"
#include "test/syscalls/linux/socket_bind_to_device_util.h"
#include "test/syscalls/linux/socket_test_util.h"
#include "test/util/capability_util.h"
#include "test/util/test_util.h"
#include "test/util/thread_util.h"

namespace gvisor {
namespace testing {

using std::string;
using std::vector;

// Test fixture for SO_BINDTODEVICE tests the results of sequences of socket
// binding.
class BindToDeviceSequenceTest : public ::testing::TestWithParam<SocketKind> {
 protected:
  void SetUp() override {
    printf("Testing case: %s\n", GetParam().description.c_str());
    ASSERT_TRUE(ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)))
        << "CAP_NET_RAW is required to use SO_BINDTODEVICE";
    socket_factory_ = GetParam();

    interface_names_ = GetInterfaceNames();
  }

  PosixErrorOr<std::unique_ptr<FileDescriptor>> NewSocket() const {
    return socket_factory_.Create();
  }

  // Gets a device by device_id.  If the device_id has been seen before, returns
  // the previously returned device.  If not, finds or creates a new device.
  // Returns an empty string on failure.
  void GetDevice(int device_id, string *device_name) {
    auto device = devices_.find(device_id);
    if (device != devices_.end()) {
      *device_name = device->second;
      return;
    }

    // Need to pick a new device.  Try ethernet first.
    *device_name = absl::StrCat("eth", next_unused_eth_);
    if (interface_names_.find(*device_name) != interface_names_.end()) {
      devices_[device_id] = *device_name;
      next_unused_eth_++;
      return;
    }

    // Need to make a new tunnel device.  gVisor tests should have enough
    // ethernet devices to never reach here.
    ASSERT_FALSE(IsRunningOnGvisor());
    // Need a tunnel.
    tunnels_.push_back(ASSERT_NO_ERRNO_AND_VALUE(Tunnel::New()));
    devices_[device_id] = tunnels_.back()->GetName();
    *device_name = devices_[device_id];
  }

  // Release the socket
  void ReleaseSocket(int socket_id) {
    // Close the socket that was made in a previous action.  The socket_id
    // indicates which socket to close based on index into the list of actions.
    sockets_to_close_.erase(socket_id);
  }

  // Bind a socket with the reuse option and bind_to_device options.  Checks
  // that all steps succeed and that the bind command's error matches want.
  // Sets the socket_id to uniquely identify the socket bound if it is not
  // nullptr.
  void BindSocket(bool reuse, int device_id = 0, int want = 0,
                  int *socket_id = nullptr) {
    next_socket_id_++;
    sockets_to_close_[next_socket_id_] = ASSERT_NO_ERRNO_AND_VALUE(NewSocket());
    auto socket_fd = sockets_to_close_[next_socket_id_]->get();
    if (socket_id != nullptr) {
      *socket_id = next_socket_id_;
    }

    // If reuse is indicated, do that.
    if (reuse) {
      EXPECT_THAT(setsockopt(socket_fd, SOL_SOCKET, SO_REUSEPORT, &kSockOptOn,
                             sizeof(kSockOptOn)),
                  SyscallSucceedsWithValue(0));
    }

    // If the device is non-zero, bind to that device.
    if (device_id != 0) {
      string device_name;
      ASSERT_NO_FATAL_FAILURE(GetDevice(device_id, &device_name));
      EXPECT_THAT(setsockopt(socket_fd, SOL_SOCKET, SO_BINDTODEVICE,
                             device_name.c_str(), device_name.size() + 1),
                  SyscallSucceedsWithValue(0));
      char get_device[100];
      socklen_t get_device_size = 100;
      EXPECT_THAT(getsockopt(socket_fd, SOL_SOCKET, SO_BINDTODEVICE, get_device,
                             &get_device_size),
                  SyscallSucceedsWithValue(0));
    }

    struct sockaddr_in addr = {};
    addr.sin_family = AF_INET;
    addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
    addr.sin_port = port_;
    if (want == 0) {
      ASSERT_THAT(
          bind(socket_fd, reinterpret_cast<const struct sockaddr *>(&addr),
               sizeof(addr)),
          SyscallSucceeds());
    } else {
      ASSERT_THAT(
          bind(socket_fd, reinterpret_cast<const struct sockaddr *>(&addr),
               sizeof(addr)),
          SyscallFailsWithErrno(want));
    }

    if (port_ == 0) {
      // We don't yet know what port we'll be using so we need to fetch it and
      // remember it for future commands.
      socklen_t addr_size = sizeof(addr);
      ASSERT_THAT(
          getsockname(socket_fd, reinterpret_cast<struct sockaddr *>(&addr),
                      &addr_size),
          SyscallSucceeds());
      port_ = addr.sin_port;
    }
  }

 private:
  SocketKind socket_factory_;
  // devices maps from the device id in the test case to the name of the device.
  std::unordered_map<int, string> devices_;
  // These are the tunnels that were created for the test and will be destroyed
  // by the destructor.
  vector<std::unique_ptr<Tunnel>> tunnels_;
  // A list of all interface names before the test started.
  std::unordered_set<string> interface_names_;
  // The next ethernet device to use when requested a device.
  int next_unused_eth_ = 1;
  // The port for all tests.  Originally 0 (any) and later set to the port that
  // all further commands will use.
  in_port_t port_ = 0;
  // sockets_to_close_ is a map from action index to the socket that was
  // created.
  std::unordered_map<int,
                     std::unique_ptr<gvisor::testing::FileDescriptor>>
      sockets_to_close_;
  int next_socket_id_ = 0;
};

TEST_P(BindToDeviceSequenceTest, BindTwiceWithDeviceFails) {
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 3));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 3, EADDRINUSE));
}

TEST_P(BindToDeviceSequenceTest, BindToDevice) {
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 1));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 2));
}

TEST_P(BindToDeviceSequenceTest, BindToDeviceAndThenWithoutDevice) {
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 123));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 0, EADDRINUSE));
}

TEST_P(BindToDeviceSequenceTest, BindWithoutDevice) {
  ASSERT_NO_FATAL_FAILURE(BindSocket(/* reuse */ false));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 123, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 123, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 0, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 0, EADDRINUSE));
}

TEST_P(BindToDeviceSequenceTest, BindWithDevice) {
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 123, 0));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 123, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 123, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 0, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 0, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 456, 0));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 789, 0));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 0, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 0, EADDRINUSE));
}

TEST_P(BindToDeviceSequenceTest, BindWithReuse) {
  ASSERT_NO_FATAL_FAILURE(BindSocket(/* reuse */ true));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 123, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 123));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 0, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(BindSocket(/* reuse */ true, /* bind_to_device */ 0));
}

TEST_P(BindToDeviceSequenceTest, BindingWithReuseAndDevice) {
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 123));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 123, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 123));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 0, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 456));
  ASSERT_NO_FATAL_FAILURE(BindSocket(/* reuse */ true));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 789));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 999, EADDRINUSE));
}

TEST_P(BindToDeviceSequenceTest, MixingReuseAndNotReuseByBindingToDevice) {
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 123, 0));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 456, 0));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 789, 0));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 999, 0));
}

TEST_P(BindToDeviceSequenceTest, CannotBindTo0AfterMixingReuseAndNotReuse) {
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 123));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 456));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 0, EADDRINUSE));
}

TEST_P(BindToDeviceSequenceTest, BindAndRelease) {
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 123));
  int to_release;
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 0, 0, &to_release));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 345, EADDRINUSE));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 789));
  // Release the bind to device 0 and try again.
  ASSERT_NO_FATAL_FAILURE(ReleaseSocket(to_release));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 345));
}

TEST_P(BindToDeviceSequenceTest, BindTwiceWithReuseOnce) {
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ false, /* bind_to_device */ 123));
  ASSERT_NO_FATAL_FAILURE(
      BindSocket(/* reuse */ true, /* bind_to_device */ 0, EADDRINUSE));
}

INSTANTIATE_TEST_SUITE_P(BindToDeviceTest, BindToDeviceSequenceTest,
                         ::testing::Values(IPv4UDPUnboundSocket(0),
                                           IPv4TCPUnboundSocket(0)));

}  // namespace testing
}  // namespace gvisor