BIND 10 trac998, updated. ddb1b2241fc03a1d08dea42907ee8f859d3b2f46 [trac998] Fix comment.
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Jun 23 17:35:00 UTC 2011
The branch, trac998 has been updated
via ddb1b2241fc03a1d08dea42907ee8f859d3b2f46 (commit)
via 0b838ba0d3c60203a52d1a918333846116e607cb (commit)
via f77021d7838e33e1662b42776ccc49be4435b1f2 (commit)
via 632cd6151b871e060d09a79f6b8a283cc0ab469c (commit)
via 81a2df84a879ca5cbaaa61dffce5c413d920011d (commit)
via 59b380d3682bb9fca26cae2c70c6c49934823f01 (commit)
via 8b2247a6ae88fbf16bfd65852feb0216a4ea4dac (commit)
via 1b01a9d09e5ecf21ff8bd9cce1c20372846a775c (commit)
via 735f817c7f66813135b4ef576c117aa424a5bdad (commit)
from 79ec6c320ec5c24036856fd6b589ba8bf8b26ffc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ddb1b2241fc03a1d08dea42907ee8f859d3b2f46
Author: Stephen Morris <stephen at isc.org>
Date: Thu Jun 23 18:34:36 2011 +0100
[trac998] Fix comment.
commit 0b838ba0d3c60203a52d1a918333846116e607cb
Author: Stephen Morris <stephen at isc.org>
Date: Thu Jun 23 18:32:26 2011 +0100
[trac998] Final tidy-up
commit f77021d7838e33e1662b42776ccc49be4435b1f2
Author: Stephen Morris <stephen at isc.org>
Date: Thu Jun 23 17:54:00 2011 +0100
[trac998] Dealt with most of the comments on the unit test
commit 632cd6151b871e060d09a79f6b8a283cc0ab469c
Author: Stephen Morris <stephen at isc.org>
Date: Thu Jun 23 15:46:16 2011 +0100
[trac998] Modifications to IPCheck based on Jinmei's comments
commit 81a2df84a879ca5cbaaa61dffce5c413d920011d
Author: Stephen Morris <stephen at isc.org>
Date: Thu Jun 23 15:00:33 2011 +0100
[trac998] Remove all constructors but the one from a string
commit 59b380d3682bb9fca26cae2c70c6c49934823f01
Author: Stephen Morris <stephen at isc.org>
Date: Thu Jun 23 14:46:39 2011 +0100
[trac998] Minor syntax changes
commit 8b2247a6ae88fbf16bfd65852feb0216a4ea4dac
Author: Stephen Morris <stephen at isc.org>
Date: Thu Jun 23 14:37:59 2011 +0100
[trac998] Remove -Werror as a build flag
commit 1b01a9d09e5ecf21ff8bd9cce1c20372846a775c
Author: Stephen Morris <stephen at isc.org>
Date: Thu Jun 23 14:36:20 2011 +0100
[trac998] Change IPV4/6 to IPv4/6 in comments.
commit 735f817c7f66813135b4ef576c117aa424a5bdad
Author: Stephen Morris <stephen at isc.org>
Date: Thu Jun 23 14:34:54 2011 +0100
[trac998] Get rid of default constructor
-----------------------------------------------------------------------
Summary of changes:
src/lib/acl/Makefile.am | 4 -
src/lib/acl/ip_check.cc | 35 ++--
src/lib/acl/ip_check.h | 203 ++++++----------
src/lib/acl/tests/ip_check_unittest.cc | 406 +++++++++++++++++---------------
4 files changed, 309 insertions(+), 339 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/acl/Makefile.am b/src/lib/acl/Makefile.am
index f7bee9b..d121788 100644
--- a/src/lib/acl/Makefile.am
+++ b/src/lib/acl/Makefile.am
@@ -15,9 +15,5 @@ libacl_la_SOURCES += ip_check.h ip_check.cc
# Note: the ordering matters: -Wno-... must follow -Wextra (defined in
# B10_CXXFLAGS)
libacl_la_CXXFLAGS = $(AM_CXXFLAGS)
-if USE_CLANGPP
-# Same for clang++, but we need to turn off -Werror completely.
-libacl_la_CXXFLAGS += -Wno-error
-endif
libacl_la_CPPFLAGS = $(AM_CPPFLAGS)
libacl_la_LIBADD = $(top_builddir)/src/lib/util/libutil.la
diff --git a/src/lib/acl/ip_check.cc b/src/lib/acl/ip_check.cc
index b6d6276..57291a6 100644
--- a/src/lib/acl/ip_check.cc
+++ b/src/lib/acl/ip_check.cc
@@ -12,8 +12,9 @@
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
+#include <boost/lexical_cast.hpp>
+
#include <acl/ip_check.h>
-#include <util/strutil.h>
using namespace std;
@@ -26,24 +27,14 @@ namespace internal {
pair<string, int>
splitIPAddress(const string& ipprefix) {
- // Set the default value for the prefix length. As the type of the address
- // is not known at the point this function is called, the maximum
- // allowable value is also not known. And the value of 0 is reserved for
- // a "match any address" match.
- int prefix_size = -1;
-
- // Only deal with the string after we've removed leading and trailing
- // spaces.
- string mod_prefix = isc::util::str::trim(ipprefix);
-
// Split string into its components - an address and a prefix length.
// We initialize by assuming that there is no slash in the string given.
- string address = mod_prefix;
+ string address = ipprefix;
string prefixlen = "";
- size_t slashpos = mod_prefix.find('/');
- if ((mod_prefix.size() == 0) || (slashpos == 0) ||
- (slashpos == (mod_prefix.size() - 1))) {
+ const size_t slashpos = ipprefix.find('/');
+ if ((ipprefix.size() == 0) || (slashpos == 0) ||
+ (slashpos == (ipprefix.size() - 1))) {
// Nothing in prefix, or it starts with or ends with a slash.
isc_throw(isc::InvalidParameter, "address prefix of " << ipprefix <<
" is not valid");
@@ -53,10 +44,16 @@ splitIPAddress(const string& ipprefix) {
// Don't worry about multiple slashes - if there are some, they will
// appear in the prefixlen segment and will be detected when an attempt
// is made to convert it to a number.
- address = mod_prefix.substr(0, slashpos);
- prefixlen = mod_prefix.substr(slashpos + 1);
+ address = ipprefix.substr(0, slashpos);
+ prefixlen = ipprefix.substr(slashpos + 1);
}
+ // Set the default value for the prefix length. As the type of the address
+ // is not known at the point this function is called, the maximum
+ // allowable value is also not known. The value of 0 is reserved for
+ // a "match any address" match.
+ int prefix_size = -1;
+
// If there is a prefixlength, attempt to convert it.
if (!prefixlen.empty()) {
try {
@@ -66,8 +63,8 @@ splitIPAddress(const string& ipprefix) {
ipprefix << " is not valid");
}
} catch (boost::bad_lexical_cast&) {
- isc_throw(isc::InvalidParameter, "prefix length of " << prefixlen <<
- " is not valid");
+ isc_throw(isc::InvalidParameter, "prefix length of '" <<
+ prefixlen << "' is not valid");
}
}
diff --git a/src/lib/acl/ip_check.h b/src/lib/acl/ip_check.h
index 2240d3f..fa00f0f 100644
--- a/src/lib/acl/ip_check.h
+++ b/src/lib/acl/ip_check.h
@@ -17,13 +17,9 @@
#include <algorithm>
#include <functional>
-#include <iterator>
-#include <utility>
#include <vector>
-#include <boost/lexical_cast.hpp>
#include <boost/static_assert.hpp>
-#include <boost/scoped_ptr.hpp>
#include <stdint.h>
#include <arpa/inet.h>
@@ -31,6 +27,7 @@
#include <acl/check.h>
#include <exceptions/exceptions.h>
+#include <util/strutil.h>
namespace isc {
namespace acl {
@@ -49,26 +46,23 @@ namespace internal {
/// return a uint8_t holding the binary value 11100000. This value is used as
/// a mask in the address checks.
///
-/// The function is templated on the data type of the mask.
-///
/// \param prefixlen number of bits to be set in the mask. This must be
-/// between 0 and 8*sizeof(T).
+/// between 0 and 8.
///
-/// \return Value with the most significant "prefixlen" bits set.
+/// \return uint8_t with the most significant "prefixlen" bits set.
///
/// \exception OutOfRange prefixlen is too large for the data type.
-template <typename T>
-T createMask(size_t prefixlen) {
+uint8_t createMask(size_t prefixlen) {
if (prefixlen == 0) {
return (0);
- } else if (prefixlen <= 8 * sizeof(T)) {
+ } else if (prefixlen <= 8) {
// In the following discussion:
//
- // w is the width of the data type T in bits.
+ // w is the width of the data type in bits.
// m is the value of prefixlen, the number of most signifcant bits we
// want to set.
// ** is exponentiation (i.e. 2**n is 2 raised to the power of n).
@@ -85,13 +79,12 @@ T createMask(size_t prefixlen) {
// This means 1<<(w-m) will fit into a variable of width w bits. In
// other words, in the expression below, no term will cause an integer
// overflow.
- return (~((1 << (8 * sizeof(T) - prefixlen)) - 1));
+ return (~((1 << (8 - prefixlen)) - 1));
}
// Mask size is too large. (Note that prefixlen is unsigned, so can't be
// negative.)
- isc_throw(isc::OutOfRange, "prefixlen argument must be between 0 and " <<
- 8 * sizeof(T));
+ isc_throw(isc::OutOfRange, "prefixlen argument must be between 0 and 8");
}
/// \brief Split IP Address Prefix
@@ -123,7 +116,7 @@ splitIPAddress(const std::string& ipprefix);
/// \brief IP Check
///
/// This class performs a match between an IP address prefix specified in an ACL
-/// and a given IP address. The check works for both IPV4 and IPV6 addresses.
+/// and a given IP address. The check works for both IPv4 and IPv6 addresses.
///
/// The class is templated on the type of a context structure passed to the
/// matches() method, and a template specialisation for that method must be
@@ -132,78 +125,43 @@ splitIPAddress(const std::string& ipprefix);
template <typename Context>
class IPCheck : public Check<Context> {
private:
- // Size of uint8_t array to holds different address types
+ // Size of uint8_t array needed to hold different address types
static const size_t IPV6_SIZE = sizeof(struct in6_addr);
static const size_t IPV4_SIZE = sizeof(struct in_addr);
-public:
- /// \brief Default Constructor
- ///
- /// Constructs an empty IPCheck object. The address family returned will
- /// be zero.
- IPCheck() : address_(), mask_(), family_(0)
- {}
-
- /// \brief IPV4 Constructor
- ///
- /// Constructs an IPCheck object from a network address given as a
- /// 32-bit value in network byte order and a prefix length.
- ///
- /// \param address IP address to check for (as an address in host-byte
- /// order). Note host-byte order - this is different to the IPV6
- /// constructor.
- /// \param prefixlen The prefix length specified as an integer between 0
- /// and 32. This determines the number of bits of the address to
- /// check. (A value of zero imples match all IPV4 addresses.)
- IPCheck(uint32_t address, int prefixlen = 8 * IPV4_SIZE) :
- address_(IPV4_SIZE), mask_(), family_(AF_INET)
- {
- // The address is stored in network-byte order, so the MS byte should
- // be stored at the lowest address in the array.
- address_[3] = static_cast<uint8_t>((address ) & 0xff);
- address_[2] = static_cast<uint8_t>((address >> 8) & 0xff);
- address_[1] = static_cast<uint8_t>((address >> 16) & 0xff);
- address_[0] = static_cast<uint8_t>((address >> 24) & 0xff);
-
- setMask(prefixlen);
- }
-
- /// \brief IPV6 Constructor
- ///
- /// Constructs an IPV6 Check object from a network address given as a
- /// 16-byte array in network-byte order and a prefix length.
- ///
- /// \param address IP address to check for (as an address in network-byte
- /// order).
- /// \param prefixlen The prefix length specified as an integer between 0
- /// and 128. This determines the number of bits of the address to
- /// check.
- IPCheck(const uint8_t* address, int prefixlen = 8 * IPV6_SIZE) :
- address_(address, address + IPV6_SIZE), mask_(), family_(AF_INET6)
- {
- setMask(prefixlen);
- }
+ // Confirm our assumption of relative sizes - this allows us to assume that
+ // an array sized for an IPv6 address can hold an IPv4 address.
+ BOOST_STATIC_ASSERT(IPV6_SIZE > IPV4_SIZE);
+public:
/// \brief String Constructor
///
/// Constructs an IP Check object from an address or address prefix in the
/// form <ip-address>/n".
///
/// Also allowed are the special keywords "any4" and "any6", which match
- /// any IPV4 or IPV6 address. These must be specified exactly as-is
- /// (i.e. lowercase, with no leading or trailing spaces).
+ /// any IPv4 or IPv6 address. These must be specified in lowercase.
///
/// \param ipprefix IP address prefix in the form "<ip-address>/n"
/// (where the "/n" part is optional and should be valid for the
/// address). If "n" is specified as zero, the match is for any
/// address in that address family. The address can also be
/// given as "any4" or "any6".
- IPCheck(const std::string& ipprefix) : address_(), mask_(), family_(0) {
+ IPCheck(const std::string& ipprefix) : family_(0) {
+
+ // Ensure array elements are correctly initialized with zeroes.
+ std::fill(address_, address_ + IPV6_SIZE, 0);
+ std::fill(mask_, mask_ + IPV6_SIZE, 0);
+
+ // Only deal with the string after we've removed leading and trailing
+ // spaces.
+ const std::string mod_prefix = isc::util::str::trim(ipprefix);
+
// Check for special cases first.
- if (ipprefix == "any4") {
+ if (mod_prefix == "any4") {
family_ = AF_INET;
- } else if (ipprefix == "any6") {
+ } else if (mod_prefix == "any6") {
family_ = AF_INET6;
} else {
@@ -211,37 +169,33 @@ public:
// General address prefix. Split into address part and prefix
// length.
const std::pair<std::string, int> result =
- internal::splitIPAddress(ipprefix);
+ internal::splitIPAddress(mod_prefix);
// Try to convert the address. If successful, the result is in
// network-byte order (most significant components at lower
// addresses).
- BOOST_STATIC_ASSERT(IPV6_SIZE > IPV4_SIZE);
- uint8_t address_bytes[IPV6_SIZE];
- int status = inet_pton(AF_INET6, result.first.c_str(),
- address_bytes);
+ int status = inet_pton(AF_INET6, result.first.c_str(), address_);
if (status == 1) {
- // It was an IPV6 address, copy into the address store
- std::copy(address_bytes, address_bytes + IPV6_SIZE,
- std::back_inserter(address_));
+ // It was an IPv6 address.
family_ = AF_INET6;
-
} else {
- // Not IPV6, try IPV4
- int status = inet_pton(AF_INET, result.first.c_str(),
- address_bytes);
+ // IPv6 interpretation failed, try IPv4.
+ status = inet_pton(AF_INET, result.first.c_str(), address_);
if (status == 1) {
- std::copy(address_bytes, address_bytes + IPV4_SIZE,
- std::back_inserter(address_));
family_ = AF_INET;
-
- } else {
- isc_throw(isc::InvalidParameter, "address prefix of " <<
- ipprefix << " is a not valid");
}
}
- // All done, so set the mask used in address comparison.
+ // Handle errors.
+ if (status == 0) {
+ isc_throw(isc::InvalidParameter, "address prefix of " <<
+ ipprefix << " is not valid");
+ } else if (status < 0) {
+ isc_throw(isc::Unexpected, "address conversion of " <<
+ ipprefix << " failed due to a system error");
+ }
+
+ // All done, so set the mask used in the address comparison.
setMask(result.second);
}
}
@@ -274,32 +228,35 @@ public:
/// \return Stored IP address
std::vector<uint8_t> getAddress() const {
- return (address_);
+ const size_t vector_len = (family_ == AF_INET ? IPV4_SIZE : IPV6_SIZE);
+ return (std::vector<uint8_t>(address_, address_ + vector_len));
}
/// \return Network mask applied to match
std::vector<uint8_t> getMask() const {
- return (mask_);
+ const size_t vector_len = (family_ == AF_INET ? IPV4_SIZE : IPV6_SIZE);
+ return (std::vector<uint8_t>(mask_, mask_ + vector_len));
}
/// \return Prefix length of the match
size_t getPrefixlen() const {
- // Work this out by shifting bits out of the mask
+ // Work this out by counting bits in the mask.
size_t count = 0;
- for (size_t i = 0; i < mask_.size(); ++i) {
+ for (size_t i = 0; i < IPV6_SIZE; ++i) {
if (mask_[i] == 0xff) {
- // Full byte, 8 bit set
+ // All bits set in this byte
count += 8;
} else if (mask_[i] != 0) {
- // Partial set, count the bits
+ // Only some bits set in this byte. Count them.
uint8_t byte = mask_[i];
- for (int i = 0; i < 8 * sizeof(uint8_t); ++i) {
+ for (int j = 0; j < 8; ++j) {
count += byte & 0x01; // Add one if the bit is set
byte >>= 1; // Go for next bit
}
-
- // There won't be any more bits set after this, so exit
+ } else {
+ // Encountered a zero byte, so exit - there are no more bits
+ // set.
break;
}
}
@@ -308,17 +265,10 @@ public:
/// \return Address family
int getFamily() const {
- // Check that a family_ value of 0 does not imply IPV4 or IPV6.
- // This avoids confusion if getFamily() is called on an object that
- // has been initialized by default.
- BOOST_STATIC_ASSERT(AF_INET != 0);
- BOOST_STATIC_ASSERT(AF_INET6 != 0);
-
return (family_);
}
///@}
-private:
/// \brief Comparison
///
/// This is the actual comparison function that checks the IP address passed
@@ -346,23 +296,26 @@ private:
//
// The result is checked for all bytes for which there are bits set in
// the mask. We stop at the first non-match (or when we run out of bits
- // in the mask). (Note that the mask represents a contiguous set of
- // bits. As such, as soon as we find a mask byte of zeroes, we have run
- // past the part of the address where we need to match.
+ // in the mask).
+ //
+ // Note that the mask represents a contiguous set of bits. As such, as
+ // soon as we find a mask byte of zeroes, we have run past the part of
+ // the address where we need to match.
//
- // Note that if the passed address was any4 or any6, we rely on the
- // fact that the size of address_ is zero - the loop will terminate
- // before the first iteration.
+ // Note also that when checking an IPv4 address, the constructor has
+ // set all bytes in the mask beyond the first four bytes to zero.
+ // As the loop stops when it encounters a zero mask byte, if the
+ // ACL is for an IPV4 address, the loop will never check more than four
+ // bytes.
bool match = true;
- for (int i = 0; match && (i < address_.size()) &&
- (mask_[i] != 0); ++i) {
+ for (int i = 0; match && (i < IPV6_SIZE) && (mask_[i] != 0); ++i) {
match = ((testaddr[i] & mask_[i]) == (address_[i] & mask_[i]));
}
return (match);
}
-
+private:
/// \brief Set Mask
///
/// Sets up the mask from the prefix length. This involves setting
@@ -377,11 +330,9 @@ private:
/// was given.)
void setMask(int requested) {
- mask_.clear();
- mask_.resize((family_ == AF_INET) ? IPV4_SIZE : IPV6_SIZE);
-
- // Set the maximum number of bits allowed in the mask.
- int maxmask = 8 * (mask_.size());
+ // Set the maximum number of bits allowed in the mask, and request
+ // that number of bits if no prefix length was given in the constructor.
+ int maxmask = 8 * ((family_ == AF_INET) ? IPV4_SIZE : IPV6_SIZE);
if (requested < 0) {
requested = maxmask;
}
@@ -390,7 +341,7 @@ private:
if (requested <= maxmask) {
// Loop, setting the bits in the set of mask bytes until all the
- // specified bits have been used up. As both IPV4 and IPV6
+ // specified bits have been used up. As both IPv4 and IPv6
// addresses are stored in network-byte order, this works in
// both cases.
size_t bits_left = requested; // Bits remaining to set
@@ -401,23 +352,21 @@ private:
bits_left -= 8;
} else if (bits_left > 0) {
- mask_[++i] = internal::createMask<uint8_t>(bits_left);
+ mask_[++i] = internal::createMask(bits_left);
bits_left = 0;
-
}
}
} else {
isc_throw(isc::OutOfRange,
"mask size of " << requested << " is invalid " <<
- "for the given address");
+ "for the given address family");
}
}
- // Member variables
-
- std::vector<uint8_t> address_; ///< Address in binary form
- std::vector<uint8_t> mask_; ///< Address mask
- int family_; ///< Address family
+ // Member variables.
+ uint8_t address_[IPV6_SIZE]; ///< Address in binary form
+ uint8_t mask_[IPV6_SIZE]; ///< Address mask
+ int family_; ///< Address family
};
} // namespace acl
diff --git a/src/lib/acl/tests/ip_check_unittest.cc b/src/lib/acl/tests/ip_check_unittest.cc
index fe25408..6b5e02b 100644
--- a/src/lib/acl/tests/ip_check_unittest.cc
+++ b/src/lib/acl/tests/ip_check_unittest.cc
@@ -15,7 +15,6 @@
#include <gtest/gtest.h>
#include <acl/ip_check.h>
-#include <boost/scoped_ptr.hpp>
using namespace isc::acl;
using namespace isc::acl::internal;
@@ -32,9 +31,11 @@ const size_t IPV6_SIZE = 16;
// The structure is also used for converting an IPV4 address to a four-byte
// array.
struct GeneralAddress {
+ int family; // Family of the address
vector<uint8_t> addr; // Address type. Size indicates what it holds
- // Convert uint32_t address to a uint8_t vector
+ // Convert uint32_t address in host-byte order to a uint8_t vector in
+ // network-byte order.
vector<uint8_t> convertUint32(uint32_t address) {
BOOST_STATIC_ASSERT(sizeof(uint32_t) == IPV4_SIZE);
@@ -53,7 +54,7 @@ struct GeneralAddress {
// Convenience constructor for V4 address. As it is not marked as explicit,
// it allows the automatic promotion of a uint32_t to a GeneralAddress data
// type in calls to matches().
- GeneralAddress(uint32_t address) : addr()
+ GeneralAddress(uint32_t address) : family(AF_INET), addr()
{
addr = convertUint32(address);
}
@@ -61,9 +62,9 @@ struct GeneralAddress {
// Convenience constructor for V6 address. As it is not marked as explicit,
// it allows the automatic promotion of a vector<uint8_t> to a
// GeneralAddress data type in calls to matches().
- GeneralAddress(const vector<uint8_t>& address) : addr(address)
+ GeneralAddress(const vector<uint8_t>& address) : family(AF_INET6),
+ addr(address)
{
- // Implicit assertion here that an IPV6 address size is 16 bytes
if (address.size() != IPV6_SIZE) {
isc_throw(isc::InvalidParameter, "vector passed to GeneralAddress "
"constructor is " << address.size() << " bytes long - it "
@@ -76,7 +77,7 @@ struct GeneralAddress {
// Check that the IPV4 address is the same as that given.
bool equals(uint32_t address) {
- if (addr.size() == IPV4_SIZE) {
+ if (family == AF_INET) {
const vector<uint8_t> byte_address = convertUint32(address);
return (equal(byte_address.begin(), byte_address.end(),
addr.begin()));
@@ -84,7 +85,7 @@ struct GeneralAddress {
return (false);
}
- // Check that the array is equal to that given
+ // Check that the array is equal to that given.
bool equals(const vector<uint8_t>& byte_address) {
if (addr.size() == byte_address.size()) {
return (equal(byte_address.begin(), byte_address.end(),
@@ -101,8 +102,7 @@ namespace isc {
namespace acl {
template <>
bool IPCheck<GeneralAddress>::matches(const GeneralAddress& address) const {
- return (compare(&address.addr[0],
- (address.addr.size() == IPV4_SIZE) ? AF_INET : AF_INET6));
+ return (compare(&address.addr[0], address.family));
}
} // namespace acl
} // namespace isc
@@ -112,27 +112,14 @@ bool IPCheck<GeneralAddress>::matches(const GeneralAddress& address) const {
// Test the createMask() function.
TEST(IPFunctionCheck, CreateMask) {
- // 8-bit tests: invalid arguments should throw.
- EXPECT_THROW(createMask<uint8_t>(9), isc::OutOfRange);
+ // Invalid arguments should throw.
+ EXPECT_THROW(createMask(9), isc::OutOfRange);
- // Check on all possible 8-bit values. Use a signed type to generate a
- // variable with the most significant bits set (right-shifting will
- // introduce additional bits).
- int8_t expected8 = 0x80;
- for (size_t i = 1; i <= 8; ++i, expected8 >>= 1) {
- EXPECT_EQ(static_cast<uint8_t>(expected8), createMask<uint8_t>(i));
+ // Check on all possible 8-bit values.
+ uint16_t expected = 0xff00;
+ for (size_t i = 0; i <= 8; ++i, expected >>= 1) {
+ EXPECT_EQ(static_cast<uint8_t>(expected & 0xff), createMask(i));
}
- EXPECT_EQ(0, createMask<uint8_t>(0));
-
- // Do the same for 32 bits.
- EXPECT_THROW(createMask<int32_t>(33), isc::OutOfRange);
-
- int32_t expected32 = 0x80000000;
- for (size_t i = 1; i <= 32; ++i, expected32 >>= 1) {
- EXPECT_EQ(static_cast<uint32_t>(expected32),
- createMask<uint32_t>(i));
- }
- EXPECT_EQ(0, createMask<uint32_t>(0));
}
// Test the splitIPAddress() function.
@@ -155,6 +142,7 @@ TEST(IPFunctionCheck, SplitIPAddress) {
EXPECT_EQ(string("192.0.2.1"), result.first);
EXPECT_EQ(0, result.second);
+ EXPECT_THROW(splitIPAddress("192.0.2.43/27 "), isc::InvalidParameter);
EXPECT_THROW(splitIPAddress("192.0.2.43/-1"), isc::InvalidParameter);
EXPECT_THROW(splitIPAddress("192.0.2.43//1"), isc::InvalidParameter);
EXPECT_THROW(splitIPAddress("192.0.2.43/1/"), isc::InvalidParameter);
@@ -166,59 +154,17 @@ TEST(IPFunctionCheck, SplitIPAddress) {
EXPECT_THROW(splitIPAddress(" 1/ "), isc::InvalidParameter);
}
-// *** General tests ***
-
-TEST(IPCheck, DefaultConstructor) {
- IPCheck<GeneralAddress> acl;
- EXPECT_EQ(0, acl.getFamily());
-}
-
-// *** IPV4 Tests ***
-
-// Check that the constructor stores the elements correctly and, for the
-// address and mask, in network-byte order.
-
-TEST(IPCheck, V4ConstructorAddress) {
- GeneralAddress address(0x12345678);
-
- // Address is presented in network byte order in constructor, so no
- // conversion is needed for this test.
- IPCheck<GeneralAddress> acl(0x12345678);
- vector<uint8_t> stored = acl.getAddress();
-
- EXPECT_EQ(AF_INET, acl.getFamily());
- EXPECT_TRUE(address.equals(stored));
-}
-
-TEST(IPCheck, V4ConstructorMask) {
- // The mask is stored in network byte order. The conversion to a byte
- // array within the IPCheck object should take care of the ordering.
- IPCheck<GeneralAddress> acl1(1, 1); // Address of 1 is placeholder
- GeneralAddress mask1(0x80000000); // Expected mask
- vector<uint8_t> stored1 = acl1.getMask();
- EXPECT_TRUE(mask1.equals(stored1));
- EXPECT_EQ(1, acl1.getPrefixlen());
-
- // Different check
- IPCheck<GeneralAddress> acl2(1, 24);
- GeneralAddress mask2(0xffffff00);
- vector<uint8_t> stored2 = acl2.getMask();
- EXPECT_TRUE(mask2.equals(stored2));
- EXPECT_EQ(24, acl2.getPrefixlen());
-
- // ... and some invalid network masks
- EXPECT_THROW(IPCheck<GeneralAddress>(1, 33), isc::OutOfRange);
- vector<uint8_t> dummy(IPV6_SIZE);
- EXPECT_THROW(IPCheck<GeneralAddress>(&dummy[0], 129), isc::OutOfRange);
-}
+// *** IPv4 Tests ***
TEST(IPCheck, V4StringConstructor) {
- // Constructor with no mask given
+
+ // Constructor with no prefix length given (32 is assumed).
IPCheck<GeneralAddress> acl1("192.0.2.255");
EXPECT_EQ(32, acl1.getPrefixlen());
EXPECT_EQ(AF_INET, acl1.getFamily());
vector<uint8_t> stored1 = acl1.getAddress();
+ EXPECT_EQ(IPV4_SIZE, stored1.size());
GeneralAddress expected1(0xc00002ff);
EXPECT_TRUE(expected1.equals(stored1));
@@ -228,16 +174,45 @@ TEST(IPCheck, V4StringConstructor) {
EXPECT_EQ(AF_INET, acl2.getFamily());
vector<uint8_t> stored2 = acl2.getAddress();
+ EXPECT_EQ(IPV4_SIZE, stored2.size());
GeneralAddress expected2(0xc0000200);
EXPECT_TRUE(expected2.equals(stored2));
- // Any match
- IPCheck<GeneralAddress> acl3("any4");
+ // More valid masks
+ IPCheck<GeneralAddress> acl3("192.0.2.1/0");
EXPECT_EQ(0, acl3.getPrefixlen());
EXPECT_EQ(AF_INET, acl3.getFamily());
+ vector<uint8_t> stored3 = acl3.getAddress();
+ EXPECT_EQ(IPV4_SIZE, stored3.size());
+ GeneralAddress expected3(0xc0000201);
+ EXPECT_TRUE(expected3.equals(stored3));
+
+ IPCheck<GeneralAddress> acl4("192.0.2.2/32");
+ EXPECT_EQ(32, acl4.getPrefixlen());
+ EXPECT_EQ(AF_INET, acl4.getFamily());
+
+ vector<uint8_t> stored4 = acl4.getAddress();
+ EXPECT_EQ(IPV4_SIZE, stored4.size());
+ GeneralAddress expected4(0xc0000202);
+ EXPECT_TRUE(expected4.equals(stored4));
+
+ // Any match
+ IPCheck<GeneralAddress> acl5("any4");
+ EXPECT_EQ(0, acl5.getPrefixlen());
+ EXPECT_EQ(AF_INET, acl5.getFamily());
+
+ vector<uint8_t> stored5 = acl5.getAddress();
+ EXPECT_EQ(IPV4_SIZE, stored5.size());
+ GeneralAddress expected5(0);
+ EXPECT_TRUE(expected5.equals(stored5));
+
// Invalid prefix lengths
EXPECT_THROW(IPCheck<GeneralAddress>("192.0.2.0/33"), isc::OutOfRange);
+
+ // ... and invalid strings
+ EXPECT_THROW(IPCheck<GeneralAddress>("192.0.2.0/-1"),
+ isc::InvalidParameter);
EXPECT_THROW(IPCheck<GeneralAddress>("192.0.2.0/24/3"),
isc::InvalidParameter);
EXPECT_THROW(IPCheck<GeneralAddress>("192.0.2.0/ww"),
@@ -287,44 +262,48 @@ TEST(IPCheck, V4AssignmentOperator) {
// internal compare() code. (Also note that the argument to matches() will be
// automatically converted to the GeneralAddress data type used for the tests
// because of its constructor taking a uint32_t argument.
-//
-// As before, note that addresses passed to the class are expected to be in
-// network-byte order. Therefore for the comparisons to work as expected, we
-// must convert the values to network-byte order first.
TEST(IPCheck, V4Compare) {
// Exact address - match if given address matches stored address.
- IPCheck<GeneralAddress> acl1(0x23457f13, 32);
- EXPECT_TRUE(acl1.matches(0x23457f13));
- EXPECT_FALSE(acl1.matches(0x23457f12));
+ IPCheck<GeneralAddress> acl1("192.0.2.255/32");
+ EXPECT_TRUE(acl1.matches(0xc00002ff));
+ EXPECT_FALSE(acl1.matches(0xc00002fe));
EXPECT_FALSE(acl1.matches(0x13457f13));
- // Match if the address matches a mask
- IPCheck<GeneralAddress> acl2(0x23450000, 16);
- EXPECT_TRUE(acl2.matches(0x23450000));
- EXPECT_TRUE(acl2.matches(0x23450001));
- EXPECT_TRUE(acl2.matches(0x2345ffff));
- EXPECT_FALSE(acl2.matches(0x23460000));
- EXPECT_FALSE(acl2.matches(0x2346ffff));
+ IPCheck<GeneralAddress> acl2("192.0.2.255/27");
+ EXPECT_TRUE(acl2.matches(0xc00002ff));
+ EXPECT_TRUE(acl2.matches(0xc00002fe));
+ EXPECT_TRUE(acl2.matches(0xc00002ee));
+ EXPECT_FALSE(acl2.matches(0xc00002de));
+ EXPECT_FALSE(acl2.matches(0xd00002fe));
+ EXPECT_FALSE(acl2.matches(0x13457f13));
// Match if "any4" is specified
IPCheck<GeneralAddress> acl3("any4");
- EXPECT_TRUE(acl3.matches(0x23450000));
- EXPECT_TRUE(acl3.matches(0x23450001));
- EXPECT_TRUE(acl3.matches(0x2345ffff));
- EXPECT_TRUE(acl3.matches(0x23460000));
- EXPECT_TRUE(acl3.matches(0x2346ffff));
-
- IPCheck<GeneralAddress> acl4(0x23450000, 0);
- EXPECT_TRUE(acl4.matches(0x23450000));
- EXPECT_TRUE(acl4.matches(0x23450001));
- EXPECT_TRUE(acl4.matches(0x2345ffff));
- EXPECT_TRUE(acl4.matches(0x23460000));
- EXPECT_TRUE(acl4.matches(0x2346ffff));
+ EXPECT_TRUE(acl3.matches(0xc00002ff));
+ EXPECT_TRUE(acl3.matches(0xc00002fe));
+ EXPECT_TRUE(acl3.matches(0xc00002ee));
+ EXPECT_TRUE(acl3.matches(0xc00002de));
+ EXPECT_TRUE(acl3.matches(0xd00002fe));
+ EXPECT_TRUE(acl3.matches(0x13457f13));
+
+ IPCheck<GeneralAddress> acl4("0.0.0.0/0");
+ EXPECT_TRUE(acl4.matches(0xc00002ff));
+ EXPECT_TRUE(acl4.matches(0xc00002fe));
+ EXPECT_TRUE(acl4.matches(0xc00002ee));
+ EXPECT_TRUE(acl4.matches(0xc00002de));
+ EXPECT_TRUE(acl4.matches(0xd00002fe));
+ EXPECT_TRUE(acl4.matches(0x13457f13));
+
+ IPCheck<GeneralAddress> acl5("192.0.2.255/0");
+ EXPECT_TRUE(acl5.matches(0xc00002ff));
+ EXPECT_TRUE(acl5.matches(0xc00002fe));
+ EXPECT_TRUE(acl5.matches(0xc00002ee));
+ EXPECT_TRUE(acl5.matches(0xc00002de));
+ EXPECT_TRUE(acl5.matches(0xd00002fe));
+ EXPECT_TRUE(acl5.matches(0x13457f13));
}
-
-
// *** IPV6 Tests ***
// Some constants used in the tests
@@ -345,113 +324,102 @@ const uint8_t V6ADDR_2[] = {
// Identical to V6ADDR_2 to 48 bits
const uint8_t V6ADDR_2_48[] = {
- 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x55, 0x66,
+ 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0xff, 0x66,
0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
-// Identical to V6ADDR_2 to 52 bits
-const uint8_t V6ADDR_2_52[] = {
- 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x05, 0x66,
+// Identical to V6ADDR_2 to 49 bits
+const uint8_t V6ADDR_2_49[] = {
+ 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x7f, 0x66,
0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
-const char* V6ADDR_3_STRING = "::1";
-const uint8_t V6ADDR_3[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+// Identical to V6ADDR_2 to 50 bits
+const uint8_t V6ADDR_2_50[] = {
+ 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x3f, 0x66,
+ 0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
-
-// Mask with MS bit set
-const uint8_t MASK_1[] = {
- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+// Identical to V6ADDR_2 to 51 bits
+const uint8_t V6ADDR_2_51[] = {
+ 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x1f, 0x66,
+ 0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
-const uint8_t MASK_8[] = {
- 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+// Identical to V6ADDR_2 to 51 bits
+const uint8_t V6ADDR_2_52[] = {
+ 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x0f, 0x66,
+ 0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
-const uint8_t MASK_48[] = {
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+// Identical to V6ADDR_2 to 127 bits
+const uint8_t V6ADDR_2_127[] = {
+ 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xee
};
-const uint8_t MASK_51[] = {
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+const char* V6ADDR_3_STRING = "::1";
+const uint8_t V6ADDR_3[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
};
-const uint8_t MASK_128[] = {
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+const char* V6ADDR_4_STRING = "::";
+const uint8_t V6ADDR_4[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
} // Anonymous namespace
-TEST(IPCheck, V6ConstructorAddress) {
- IPCheck<GeneralAddress> acl1(V6ADDR_1);
- vector<uint8_t> stored = acl1.getAddress();
- EXPECT_EQ(sizeof(V6ADDR_1), stored.size());
- EXPECT_TRUE(equal(stored.begin(), stored.end(), V6ADDR_1));
-}
-
-TEST(IPCheck, V6ConstructorMask) {
-
- // Valid masks...
- IPCheck<GeneralAddress> acl1(V6ADDR_1, 1);
- vector<uint8_t> stored = acl1.getMask();
- EXPECT_EQ(sizeof(MASK_1), stored.size());
- EXPECT_TRUE(equal(stored.begin(), stored.end(), MASK_1));
-
- IPCheck<GeneralAddress> acl2(V6ADDR_1, 8);
- stored = acl2.getMask();
- EXPECT_TRUE(equal(stored.begin(), stored.end(), MASK_8));
-
- IPCheck<GeneralAddress> acl3(V6ADDR_1, 48);
- stored = acl3.getMask();
- EXPECT_TRUE(equal(stored.begin(), stored.end(), MASK_48));
-
- IPCheck<GeneralAddress> acl4(V6ADDR_1, 51);
- stored = acl4.getMask();
- EXPECT_TRUE(equal(stored.begin(), stored.end(), MASK_51));
-
- IPCheck<GeneralAddress> acl5(V6ADDR_1, 128);
- stored = acl5.getMask();
- EXPECT_TRUE(equal(stored.begin(), stored.end(), MASK_128));
-
- // ... and some invalid network masks
- EXPECT_THROW(IPCheck<GeneralAddress>(V6ADDR_1, 129), isc::OutOfRange);
-}
-
TEST(IPCheck, V6StringConstructor) {
IPCheck<GeneralAddress> acl1(V6ADDR_1_STRING);
vector<uint8_t> address = acl1.getAddress();
+
EXPECT_EQ(128, acl1.getPrefixlen());
EXPECT_EQ(AF_INET6, acl1.getFamily());
+ EXPECT_EQ(IPV6_SIZE, address.size());
EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_1));
- IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/48"));
+ IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/51"));
address = acl2.getAddress();
- EXPECT_EQ(48, acl2.getPrefixlen());
+ EXPECT_EQ(IPV6_SIZE, address.size());
+ EXPECT_EQ(51, acl2.getPrefixlen());
EXPECT_EQ(AF_INET6, acl2.getFamily());
EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_2));
- IPCheck<GeneralAddress> acl3("::1");
+ IPCheck<GeneralAddress> acl3(string(V6ADDR_2_STRING) + string("/127"));
address = acl3.getAddress();
- EXPECT_EQ(128, acl3.getPrefixlen());
+ EXPECT_EQ(IPV6_SIZE, address.size());
+ EXPECT_EQ(127, acl3.getPrefixlen());
EXPECT_EQ(AF_INET6, acl3.getFamily());
- EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_3));
+ EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_2));
- // Any match
- IPCheck<GeneralAddress> acl4("any6");
- EXPECT_EQ(0, acl4.getPrefixlen());
+ IPCheck<GeneralAddress> acl4("::1");
+ address = acl4.getAddress();
+ EXPECT_EQ(IPV6_SIZE, address.size());
+ EXPECT_EQ(128, acl4.getPrefixlen());
EXPECT_EQ(AF_INET6, acl4.getFamily());
+ EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_3));
- EXPECT_NO_THROW(IPCheck<GeneralAddress>("::1/0"));
+ // Any match. In these cases, the address should all be zeroes.
+ IPCheck<GeneralAddress> acl5("any6");
+ address = acl5.getAddress();
+ EXPECT_EQ(IPV6_SIZE, address.size());
+ EXPECT_EQ(0, acl5.getPrefixlen());
+ EXPECT_EQ(AF_INET6, acl5.getFamily());
+ EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_4));
+
+ IPCheck<GeneralAddress> acl6("::/0");
+ address = acl6.getAddress();
+ EXPECT_EQ(0, acl6.getPrefixlen());
+ EXPECT_EQ(AF_INET6, acl6.getFamily());
+ EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_4));
+
+ // Some invalid strings
EXPECT_THROW(IPCheck<GeneralAddress>("::1/129"), isc::OutOfRange);
EXPECT_THROW(IPCheck<GeneralAddress>("::1/24/3"), isc::InvalidParameter);
+ EXPECT_THROW(IPCheck<GeneralAddress>(":::1/24"), isc::InvalidParameter);
EXPECT_THROW(IPCheck<GeneralAddress>("2001:0db8::abcd/ww"),
isc::InvalidParameter);
EXPECT_THROW(IPCheck<GeneralAddress>("2xx1:0db8::abcd/32"),
@@ -504,37 +472,86 @@ TEST(IPCheck, V6AssignmentOperator) {
TEST(IPCheck, V6Compare) {
// Set up some data.
- vector<uint8_t> v6addr_2(V6ADDR_2, V6ADDR_2 + sizeof(V6ADDR_2));
- vector<uint8_t> v6addr_2_48(V6ADDR_2_48, V6ADDR_2_48 + sizeof(V6ADDR_2_48));
- vector<uint8_t> v6addr_2_52(V6ADDR_2_52, V6ADDR_2_52 + sizeof(V6ADDR_2_52));
- vector<uint8_t> v6addr_3(V6ADDR_3, V6ADDR_3 + sizeof(V6ADDR_3));
+ vector<uint8_t> v6addr_2(V6ADDR_2, V6ADDR_2 + IPV6_SIZE);
+ vector<uint8_t> v6addr_2_48(V6ADDR_2_48, V6ADDR_2_48 + IPV6_SIZE);
+ vector<uint8_t> v6addr_2_49(V6ADDR_2_49, V6ADDR_2_49 + IPV6_SIZE);
+ vector<uint8_t> v6addr_2_50(V6ADDR_2_50, V6ADDR_2_50 + IPV6_SIZE);
+ vector<uint8_t> v6addr_2_51(V6ADDR_2_51, V6ADDR_2_51 + IPV6_SIZE);
+ vector<uint8_t> v6addr_2_52(V6ADDR_2_52, V6ADDR_2_52 + IPV6_SIZE);
+ vector<uint8_t> v6addr_2_127(V6ADDR_2_127, V6ADDR_2_127 + IPV6_SIZE);
+ vector<uint8_t> v6addr_3(V6ADDR_3, V6ADDR_3 + IPV6_SIZE);
// Exact address - match if given address matches stored address.
IPCheck<GeneralAddress> acl1(string(V6ADDR_2_STRING) + string("/128"));
EXPECT_TRUE(acl1.matches(v6addr_2));
+ EXPECT_FALSE(acl1.matches(v6addr_2_127));
EXPECT_FALSE(acl1.matches(v6addr_2_52));
+ EXPECT_FALSE(acl1.matches(v6addr_2_51));
+ EXPECT_FALSE(acl1.matches(v6addr_2_50));
+ EXPECT_FALSE(acl1.matches(v6addr_2_49));
EXPECT_FALSE(acl1.matches(v6addr_2_48));
EXPECT_FALSE(acl1.matches(v6addr_3));
- // Match if the address matches a mask
- IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/52"));
+ // Match to various prefixes.
+ IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/127"));
EXPECT_TRUE(acl2.matches(v6addr_2));
- EXPECT_TRUE(acl2.matches(v6addr_2_52));
+ EXPECT_TRUE(acl2.matches(v6addr_2_127));
+ EXPECT_FALSE(acl2.matches(v6addr_2_52));
+ EXPECT_FALSE(acl2.matches(v6addr_2_51));
+ EXPECT_FALSE(acl2.matches(v6addr_2_50));
+ EXPECT_FALSE(acl2.matches(v6addr_2_49));
EXPECT_FALSE(acl2.matches(v6addr_2_48));
EXPECT_FALSE(acl2.matches(v6addr_3));
- // Match on any address
- IPCheck<GeneralAddress> acl3("any6");
+ IPCheck<GeneralAddress> acl3(string(V6ADDR_2_STRING) + string("/52"));
EXPECT_TRUE(acl3.matches(v6addr_2));
+ EXPECT_TRUE(acl3.matches(v6addr_2_127));
EXPECT_TRUE(acl3.matches(v6addr_2_52));
- EXPECT_TRUE(acl3.matches(v6addr_2_48));
- EXPECT_TRUE(acl3.matches(v6addr_3));
+ EXPECT_FALSE(acl3.matches(v6addr_2_51));
+ EXPECT_FALSE(acl3.matches(v6addr_2_50));
+ EXPECT_FALSE(acl3.matches(v6addr_2_49));
+ EXPECT_FALSE(acl3.matches(v6addr_2_48));
+ EXPECT_FALSE(acl3.matches(v6addr_3));
- IPCheck<GeneralAddress> acl4(string(V6ADDR_1_STRING) + string("/0"));
+ IPCheck<GeneralAddress> acl4(string(V6ADDR_2_STRING) + string("/51"));
EXPECT_TRUE(acl4.matches(v6addr_2));
+ EXPECT_TRUE(acl4.matches(v6addr_2_127));
EXPECT_TRUE(acl4.matches(v6addr_2_52));
- EXPECT_TRUE(acl4.matches(v6addr_2_48));
- EXPECT_TRUE(acl4.matches(v6addr_3));
+ EXPECT_TRUE(acl4.matches(v6addr_2_51));
+ EXPECT_FALSE(acl4.matches(v6addr_2_50));
+ EXPECT_FALSE(acl4.matches(v6addr_2_49));
+ EXPECT_FALSE(acl4.matches(v6addr_2_48));
+ EXPECT_FALSE(acl4.matches(v6addr_3));
+
+ IPCheck<GeneralAddress> acl5(string(V6ADDR_2_STRING) + string("/50"));
+ EXPECT_TRUE(acl5.matches(v6addr_2));
+ EXPECT_TRUE(acl5.matches(v6addr_2_127));
+ EXPECT_TRUE(acl5.matches(v6addr_2_52));
+ EXPECT_TRUE(acl5.matches(v6addr_2_51));
+ EXPECT_TRUE(acl5.matches(v6addr_2_50));
+ EXPECT_FALSE(acl5.matches(v6addr_2_49));
+ EXPECT_FALSE(acl5.matches(v6addr_2_48));
+ EXPECT_FALSE(acl5.matches(v6addr_3));
+
+ IPCheck<GeneralAddress> acl6(string(V6ADDR_2_STRING) + string("/0"));
+ EXPECT_TRUE(acl6.matches(v6addr_2));
+ EXPECT_TRUE(acl6.matches(v6addr_2_127));
+ EXPECT_TRUE(acl6.matches(v6addr_2_52));
+ EXPECT_TRUE(acl6.matches(v6addr_2_51));
+ EXPECT_TRUE(acl6.matches(v6addr_2_50));
+ EXPECT_TRUE(acl6.matches(v6addr_2_49));
+ EXPECT_TRUE(acl6.matches(v6addr_2_48));
+ EXPECT_TRUE(acl6.matches(v6addr_3));
+
+ // Match on any address
+ IPCheck<GeneralAddress> acl7("any6");
+ EXPECT_TRUE(acl7.matches(v6addr_2));
+ EXPECT_TRUE(acl7.matches(v6addr_2_127));
+ EXPECT_TRUE(acl7.matches(v6addr_2_52));
+ EXPECT_TRUE(acl7.matches(v6addr_2_51));
+ EXPECT_TRUE(acl7.matches(v6addr_2_50));
+ EXPECT_TRUE(acl7.matches(v6addr_2_49));
+ EXPECT_TRUE(acl7.matches(v6addr_2_48));
}
// *** Mixed-mode tests - mainly to check that no exception is thrown ***
@@ -543,14 +560,13 @@ TEST(IPCheck, MixedMode) {
// ACL has a V4 address specified, check against a V6 address.
IPCheck<GeneralAddress> acl1("192.0.2.255/24");
- GeneralAddress test1(vector<uint8_t>(V6ADDR_1, V6ADDR_1 + sizeof(V6ADDR_1)));
+ GeneralAddress test1(vector<uint8_t>(V6ADDR_1, V6ADDR_1 + IPV6_SIZE));
EXPECT_NO_THROW(acl1.matches(test1));
EXPECT_FALSE(acl1.matches(test1));
// Now the reverse - the ACL is specified with a V6 address.
IPCheck<GeneralAddress> acl2(V6ADDR_2_STRING);
GeneralAddress test2(0x12345678);
- EXPECT_NO_THROW(acl2.matches(test2));
EXPECT_FALSE(acl2.matches(test2));
// Ensure only a V4 address matches "any4".
@@ -562,4 +578,16 @@ TEST(IPCheck, MixedMode) {
IPCheck<GeneralAddress> acl4("any6");
EXPECT_TRUE(acl4.matches(test1));
EXPECT_FALSE(acl4.matches(test2));
+
+ // Check where the bit pattern of an IPv4 address matches that of an IPv6
+ // one.
+ IPCheck<GeneralAddress> acl5("2001:db8::/32");
+ GeneralAddress test5(0x20010db8);
+ EXPECT_FALSE(acl5.matches(test5));
+
+ // ... and where the reverse is true. (2001:db8 corresponds to 32.1.13.184).
+ IPCheck<GeneralAddress> acl6("32.1.13.184");
+ GeneralAddress test6(vector<uint8_t>(V6ADDR_1, V6ADDR_1 + IPV6_SIZE));
+ EXPECT_FALSE(acl6.matches(test6));
}
+
More information about the bind10-changes
mailing list