Example #1
0
void
free_acl(void)
{
    ipset_done(&black_list_ipv4);
    ipset_done(&black_list_ipv6);
    ipset_done(&white_list_ipv4);
    ipset_done(&white_list_ipv6);

    free_rules(&black_list_rules);
    free_rules(&white_list_rules);
}
Example #2
0
END_TEST

START_TEST(test_empty_sets_equal)
{
    ip_set_t  set1, set2;

    ipset_init(&set1);
    ipset_init(&set2);
    fail_unless(ipset_is_equal(&set1, &set2),
                "Empty sets should be equal");
    ipset_done(&set1);
    ipset_done(&set2);
}
Example #3
0
END_TEST

START_TEST(test_empty_sets_not_unequal)
{
    ip_set_t  set1, set2;

    ipset_init(&set1);
    ipset_init(&set2);
    fail_if(ipset_is_not_equal(&set1, &set2),
            "Empty sets should not be unequal");
    ipset_done(&set1);
    ipset_done(&set2);
}
Example #4
0
END_TEST


START_TEST(test_ipv4_iterate_network_01)
{
    struct ip_set  set;
    ipset_init(&set);

    struct cork_ip  ip1;
    cork_ip_init(&ip1, "192.168.0.0");

    fail_if(ipset_ip_add_network(&set, &ip1, 31),
            "Element should not be present");

    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
    fail_if(it == NULL,
            "IP set iterator is NULL");

    fail_if(it->finished,
            "IP set shouldn't be empty");
    fail_unless(cork_ip_equal(&ip1, &it->addr),
                "IP address 0 doesn't match");
    fail_unless(it->cidr_prefix == 31,
                "IP CIDR prefix 0 doesn't match");

    ipset_iterator_advance(it);
    fail_unless(it->finished,
                "IP set should contain 1 elements");

    ipset_iterator_free(it);

    ipset_done(&set);
}
Example #5
0
END_TEST

START_TEST(test_ipv6_memory_size_2)
{
    ip_set_t  set;
    size_t  expected, actual;

    ipset_init(&set);
    ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 24);

#if GLIB_SIZEOF_VOID_P == 4
    expected = 300;
#elif GLIB_SIZEOF_VOID_P == 8
    expected = 600;
#else
#   error "Unknown architecture: not 32-bit or 64-bit"
#endif
    actual = ipset_memory_size(&set);

    fail_unless(expected == actual,
                "Expected set to be %zu bytes, got %zu bytes",
                expected, actual);

    ipset_done(&set);
}
Example #6
0
END_TEST


START_TEST(test_ipv6_iterate_01)
{
    struct ip_set  set;
    ipset_init(&set);

    struct cork_ip  ip1;
    cork_ip_init(&ip1, "fe80::1");

    fail_if(ipset_ip_add(&set, &ip1),
            "Element should not be present");

    struct ipset_iterator  *it = ipset_iterate(&set, true);
    fail_if(it == NULL,
            "IP set iterator is NULL");

    fail_if(it->finished,
            "IP set shouldn't be empty");
    fail_unless(cork_ip_equal(&ip1, &it->addr),
                "IP address 0 doesn't match");
    fail_unless(it->cidr_prefix == IPV6_BIT_SIZE,
                "IP CIDR prefix 0 doesn't match");

    ipset_iterator_advance(it);
    fail_unless(it->finished,
                "IP set should contain 1 element");

    ipset_iterator_free(it);

    ipset_done(&set);
}
Example #7
0
END_TEST

START_TEST(test_store_empty)
{
    ip_set_t  set;
    ip_set_t  *read_set;

    ipset_init(&set);

    GOutputStream  *ostream =
        g_memory_output_stream_new(NULL, 0, g_realloc, g_free);
    GMemoryOutputStream  *mostream =
        G_MEMORY_OUTPUT_STREAM(ostream);

    fail_unless(ipset_save(ostream, &set, NULL),
                "Could not save set");

    GInputStream  *istream =
        g_memory_input_stream_new_from_data
        (g_memory_output_stream_get_data(mostream),
         g_memory_output_stream_get_data_size(mostream),
         NULL);

    read_set = ipset_load(istream, NULL);
    fail_if(read_set == NULL,
            "Could not read set");

    fail_unless(ipset_is_equal(&set, read_set),
                "Set not same after saving/loading");

    g_object_unref(ostream);
    g_object_unref(istream);
    ipset_done(&set);
    ipset_free(read_set);
}
Example #8
0
END_TEST

START_TEST(test_ipv4_equality_1)
{
    ip_set_t  set1, set2;

    ipset_init(&set1);
    ipset_ipv4_add(&set1, &IPV4_ADDR_1);

    ipset_init(&set2);
    ipset_ipv4_add(&set2, &IPV4_ADDR_1);

    fail_unless(ipset_is_equal(&set1, &set2),
                "Expected {x} == {x}");

    ipset_done(&set1);
    ipset_done(&set2);
}
Example #9
0
END_TEST

START_TEST(test_ipv6_inequality_1)
{
    ip_set_t  set1, set2;

    ipset_init(&set1);
    ipset_ipv6_add(&set1, &IPV6_ADDR_1);

    ipset_init(&set2);
    ipset_ipv6_add_network(&set2, &IPV6_ADDR_1, 32);

    fail_unless(ipset_is_not_equal(&set1, &set2),
                "Expected {x} != {x}");

    ipset_done(&set1);
    ipset_done(&set2);
}
Example #10
0
END_TEST


START_TEST(test_generic_ip_iterate_02)
{
    struct ip_set  set;
    ipset_init(&set);

    /*
     * These addresses are carefully constructed so that the same BDD
     * variable assignments are used to store both, apart from the
     * IPv4/v6 discriminator variable.  The goal is get a BDD that has
     * EITHER in the assignment for variable 0, but isn't simply the
     * empty or full set.
     */

    struct cork_ip  ip1;
    cork_ip_init(&ip1, "192.168.0.1"); /* 0xc0a80001 */

    struct cork_ip  ip2;
    cork_ip_init(&ip2, "c0a8:0001::");

    fail_if(ipset_ip_add(&set, &ip1),
            "Element should not be present");
    fail_if(ipset_ip_add_network(&set, &ip2, 32),
            "Element should not be present");

    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
    fail_if(it == NULL,
            "IP set iterator is NULL");

    fail_if(it->finished,
            "IP set shouldn't be empty");
    fail_unless(cork_ip_equal(&ip1, &it->addr),
                "IP address 0 doesn't match");
    fail_unless(it->cidr_prefix == 32,
                "IP CIDR prefix 0 doesn't match");

    ipset_iterator_advance(it);
    fail_if(it->finished,
            "IP set should have more than 1 element");
    fail_unless(cork_ip_equal(&ip2, &it->addr),
                "IP address 1 doesn't match");
    fail_unless(it->cidr_prefix == 32,
                "IP CIDR prefix 1 doesn't match");

    ipset_iterator_advance(it);
    fail_unless(it->finished,
                "IP set should contain 2 elements");

    ipset_iterator_free(it);

    ipset_done(&set);
}
Example #11
0
END_TEST

START_TEST(test_ipv6_bad_netmask_02)
{
    ip_set_t  set;

    ipset_init(&set);
    ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 129);
    fail_unless(ipset_is_empty(&set),
                "Bad netmask shouldn't change set");
    ipset_done(&set);
}
Example #12
0
END_TEST

START_TEST(test_ipv6_insert_network_01)
{
    ip_set_t  set;

    ipset_init(&set);

    fail_if(ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 32),
            "Element should not be present");

    fail_unless(ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 32),
                "Element should be present");

    ipset_done(&set);
}
Example #13
0
END_TEST


START_TEST(test_ipv6_iterate_network_03)
{
    struct ip_set  set;
    ipset_init(&set);

    /*
     * If we add all of the IP addresses in a network individually, we
     * should still get the network as a whole from the iterator.
     */

    struct cork_ip  ip1;
    cork_ip_init(&ip1, "fe80::");

    struct cork_ip  ip2;
    cork_ip_init(&ip2, "fe80::1");

    fail_if(ipset_ip_add(&set, &ip1),
            "Element should not be present");

    fail_if(ipset_ip_add(&set, &ip2),
            "Element should not be present");

    struct ipset_iterator  *it = ipset_iterate_networks(&set, true);
    fail_if(it == NULL,
            "IP set iterator is NULL");

    fail_if(it->finished,
            "IP set shouldn't be empty");
    fail_unless(cork_ip_equal(&ip1, &it->addr),
                "IP address 0 doesn't match");
    fail_unless(it->cidr_prefix == 127,
                "IP CIDR prefix 0 doesn't match");

    ipset_iterator_advance(it);
    fail_unless(it->finished,
                "IP set should contain 1 elements");

    ipset_iterator_free(it);

    ipset_done(&set);
}
Example #14
0
END_TEST

START_TEST(test_ipv6_insert_network_02)
{
    ip_set_t  set;

    ipset_init(&set);

    ipset_ip_t  ip;
    ipset_ip_from_string(&ip, "fe80::21e:c2ff:fe9f:e8e1");

    fail_if(ipset_ip_add_network(&set, &ip, 32),
            "Element should not be present");

    fail_unless(ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 32),
                "Element should be present");

    ipset_done(&set);
}
Example #15
0
END_TEST

START_TEST(test_ipv4_insert_network_02)
{
    ip_set_t  set;

    ipset_init(&set);

    ipset_ip_t  ip;
    ipset_ip_from_string(&ip, "192.168.1.100");

    fail_if(ipset_ip_add_network(&set, &ip, 24),
            "Element should not be present");

    fail_unless(ipset_ipv4_add_network(&set, &IPV4_ADDR_1, 24),
                "Element should be present");

    ipset_done(&set);
}
Example #16
0
END_TEST


START_TEST(test_generic_ip_iterate_01)
{
    struct ip_set  set;
    ipset_init(&set);

    struct cork_ip  ip1;
    cork_ip_init(&ip1, "0.0.0.0");

    struct cork_ip  ip2;
    cork_ip_init(&ip2, "::");

    struct ipset_iterator  *it = ipset_iterate_networks(&set, false);
    fail_if(it == NULL,
            "IP set iterator is NULL");

    fail_if(it->finished,
            "IP set shouldn't be empty");
    fail_unless(cork_ip_equal(&ip1, &it->addr),
                "IP address 0 doesn't match");
    fail_unless(it->cidr_prefix == 0,
                "IP CIDR prefix 0 doesn't match");

    ipset_iterator_advance(it);
    fail_if(it->finished,
            "IP set should have more than 1 element");
    fail_unless(cork_ip_equal(&ip2, &it->addr),
                "IP address 1 doesn't match");
    fail_unless(it->cidr_prefix == 0,
                "IP CIDR prefix 1 doesn't match");

    ipset_iterator_advance(it);
    fail_unless(it->finished,
                "IP set should contain 2 elements");

    ipset_iterator_free(it);

    ipset_done(&set);
}
Example #17
0
END_TEST


/*-----------------------------------------------------------------------
 * IPv6 tests
 */

START_TEST(test_ipv6_insert_01)
{
    ip_set_t  set;

    ipset_init(&set);

    fail_if(ipset_ipv6_add(&set, &IPV6_ADDR_1),
            "Element should not be present");

    fail_unless(ipset_ipv6_add(&set, &IPV6_ADDR_1),
                "Element should be present");

    ipset_done(&set);
}
Example #18
0
static void
one_test(long num_elements)
{
    ip_set_t  set;
    long  i;
    size_t  size;
    double  size_per_element;

    ipset_init(&set);

    for (i = 0; i < num_elements; i++)
    {
        ipv4_addr_t  ip;

        random_ip(&ip);
        ipset_ipv4_add(&set, &ip);
    }

    size = ipset_memory_size(&set);
    size_per_element = ((double) size) / num_elements;
    fprintf(stdout, "%lu %zu %.3f\n", num_elements, size, size_per_element);

    ipset_done(&set);
}
Example #19
0
void free_acl(void)
{
    ipset_done(&acl_ip_set);
}
Example #20
0
void
ipset_free(struct ip_set *set)
{
    ipset_done(set);
    free(set);
}
Example #21
0
File: acl.c Project: 52M/xSocks
void
acl_free(void) {
    ipset_done(&acl_ipv4_set);
    ipset_done(&acl_ipv6_set);
}
Example #22
0
void free_acl(void)
{
    ipset_done(&acl_ipv4_set);
    ipset_done(&acl_ipv6_set);
}