1#  Copyright (C) 2024 The Android Open Source Project
2#
3#  Licensed under the Apache License, Version 2.0 (the "License");
4#  you may not use this file except in compliance with the License.
5#  You may obtain a copy of the License at
6#
7#       http://www.apache.org/licenses/LICENSE-2.0
8#
9#  Unless required by applicable law or agreed to in writing, software
10#  distributed under the License is distributed on an "AS IS" BASIS,
11#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12#  See the License for the specific language governing permissions and
13#  limitations under the License.
14
15from absl.testing import parameterized
16from mobly import asserts
17from net_tests_utils.host.python import apf_test_base, apf_utils
18
19# Constants.
20COUNTER_DROPPED_ETHERTYPE_NOT_ALLOWED = "DROPPED_ETHERTYPE_NOT_ALLOWED"
21ETHER_BROADCAST_ADDR = "FFFFFFFFFFFF"
22
23
24class ApfV4Test(apf_test_base.ApfTestBase, parameterized.TestCase):
25  def setup_class(self):
26    super().setup_class()
27    # Check apf version preconditions.
28    caps = apf_utils.get_apf_capabilities(
29        self.clientDevice, self.client_iface_name
30    )
31    if self.client.getVsrApiLevel() >= 34:
32      # Enforce APFv4 support for Android 14+ VSR.
33      asserts.assert_true(
34          caps.apf_version_supported >= 4,
35          "APFv4 became mandatory in Android 14 VSR.",
36      )
37    else:
38      # Skip tests for APF version < 4 before Android 14 VSR.
39      apf_utils.assume_apf_version_support_at_least(
40          self.clientDevice, self.client_iface_name, 4
41      )
42
43  # APF L2 packet filtering on V+ Android allows only specific
44  # types: IPv4, ARP, IPv6, EAPOL, WAPI.
45  # Tests can use any disallowed packet type. Currently,
46  # several ethertypes from the legacy ApfFilter denylist are used.
47  @parameterized.parameters(
48      "88a2",  # ATA over Ethernet
49      "88a4",  # EtherCAT
50      "88b8",  # GOOSE (Generic Object Oriented Substation event)
51      "88cd",  # SERCOS III
52      "88e3",  # Media Redundancy Protocol (IEC62439-2)
53  )  # Declare inputs for state_str and expected_result.
54  def test_apf_drop_ethertype_not_allowed(self, blocked_ether_type):
55    # Ethernet header (14 bytes).
56    packet = ETHER_BROADCAST_ADDR  # Destination MAC (broadcast)
57    packet += self.server_mac_address.replace(":", "")  # Source MAC
58    packet += blocked_ether_type
59
60    # Pad with zeroes to minimum ethernet frame length.
61    packet += "00" * 46
62    self.send_packet_and_expect_counter_increased(
63        packet, COUNTER_DROPPED_ETHERTYPE_NOT_ALLOWED
64    )
65