void free_acl(void) { ipset_done(&black_list_ipv4); ipset_done(&black_list_ipv6); ipset_done(&white_list_ipv4); ipset_done(&white_list_ipv6); free_rules(&black_list_rules); free_rules(&white_list_rules); }
END_TEST START_TEST(test_empty_sets_equal) { ip_set_t set1, set2; ipset_init(&set1); ipset_init(&set2); fail_unless(ipset_is_equal(&set1, &set2), "Empty sets should be equal"); ipset_done(&set1); ipset_done(&set2); }
END_TEST START_TEST(test_empty_sets_not_unequal) { ip_set_t set1, set2; ipset_init(&set1); ipset_init(&set2); fail_if(ipset_is_not_equal(&set1, &set2), "Empty sets should not be unequal"); ipset_done(&set1); ipset_done(&set2); }
END_TEST START_TEST(test_ipv4_iterate_network_01) { struct ip_set set; ipset_init(&set); struct cork_ip ip1; cork_ip_init(&ip1, "192.168.0.0"); fail_if(ipset_ip_add_network(&set, &ip1, 31), "Element should not be present"); struct ipset_iterator *it = ipset_iterate_networks(&set, true); fail_if(it == NULL, "IP set iterator is NULL"); fail_if(it->finished, "IP set shouldn't be empty"); fail_unless(cork_ip_equal(&ip1, &it->addr), "IP address 0 doesn't match"); fail_unless(it->cidr_prefix == 31, "IP CIDR prefix 0 doesn't match"); ipset_iterator_advance(it); fail_unless(it->finished, "IP set should contain 1 elements"); ipset_iterator_free(it); ipset_done(&set); }
END_TEST START_TEST(test_ipv6_memory_size_2) { ip_set_t set; size_t expected, actual; ipset_init(&set); ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 24); #if GLIB_SIZEOF_VOID_P == 4 expected = 300; #elif GLIB_SIZEOF_VOID_P == 8 expected = 600; #else # error "Unknown architecture: not 32-bit or 64-bit" #endif actual = ipset_memory_size(&set); fail_unless(expected == actual, "Expected set to be %zu bytes, got %zu bytes", expected, actual); ipset_done(&set); }
END_TEST START_TEST(test_ipv6_iterate_01) { struct ip_set set; ipset_init(&set); struct cork_ip ip1; cork_ip_init(&ip1, "fe80::1"); fail_if(ipset_ip_add(&set, &ip1), "Element should not be present"); struct ipset_iterator *it = ipset_iterate(&set, true); fail_if(it == NULL, "IP set iterator is NULL"); fail_if(it->finished, "IP set shouldn't be empty"); fail_unless(cork_ip_equal(&ip1, &it->addr), "IP address 0 doesn't match"); fail_unless(it->cidr_prefix == IPV6_BIT_SIZE, "IP CIDR prefix 0 doesn't match"); ipset_iterator_advance(it); fail_unless(it->finished, "IP set should contain 1 element"); ipset_iterator_free(it); ipset_done(&set); }
END_TEST START_TEST(test_store_empty) { ip_set_t set; ip_set_t *read_set; ipset_init(&set); GOutputStream *ostream = g_memory_output_stream_new(NULL, 0, g_realloc, g_free); GMemoryOutputStream *mostream = G_MEMORY_OUTPUT_STREAM(ostream); fail_unless(ipset_save(ostream, &set, NULL), "Could not save set"); GInputStream *istream = g_memory_input_stream_new_from_data (g_memory_output_stream_get_data(mostream), g_memory_output_stream_get_data_size(mostream), NULL); read_set = ipset_load(istream, NULL); fail_if(read_set == NULL, "Could not read set"); fail_unless(ipset_is_equal(&set, read_set), "Set not same after saving/loading"); g_object_unref(ostream); g_object_unref(istream); ipset_done(&set); ipset_free(read_set); }
END_TEST START_TEST(test_ipv4_equality_1) { ip_set_t set1, set2; ipset_init(&set1); ipset_ipv4_add(&set1, &IPV4_ADDR_1); ipset_init(&set2); ipset_ipv4_add(&set2, &IPV4_ADDR_1); fail_unless(ipset_is_equal(&set1, &set2), "Expected {x} == {x}"); ipset_done(&set1); ipset_done(&set2); }
END_TEST START_TEST(test_ipv6_inequality_1) { ip_set_t set1, set2; ipset_init(&set1); ipset_ipv6_add(&set1, &IPV6_ADDR_1); ipset_init(&set2); ipset_ipv6_add_network(&set2, &IPV6_ADDR_1, 32); fail_unless(ipset_is_not_equal(&set1, &set2), "Expected {x} != {x}"); ipset_done(&set1); ipset_done(&set2); }
END_TEST START_TEST(test_generic_ip_iterate_02) { struct ip_set set; ipset_init(&set); /* * These addresses are carefully constructed so that the same BDD * variable assignments are used to store both, apart from the * IPv4/v6 discriminator variable. The goal is get a BDD that has * EITHER in the assignment for variable 0, but isn't simply the * empty or full set. */ struct cork_ip ip1; cork_ip_init(&ip1, "192.168.0.1"); /* 0xc0a80001 */ struct cork_ip ip2; cork_ip_init(&ip2, "c0a8:0001::"); fail_if(ipset_ip_add(&set, &ip1), "Element should not be present"); fail_if(ipset_ip_add_network(&set, &ip2, 32), "Element should not be present"); struct ipset_iterator *it = ipset_iterate_networks(&set, true); fail_if(it == NULL, "IP set iterator is NULL"); fail_if(it->finished, "IP set shouldn't be empty"); fail_unless(cork_ip_equal(&ip1, &it->addr), "IP address 0 doesn't match"); fail_unless(it->cidr_prefix == 32, "IP CIDR prefix 0 doesn't match"); ipset_iterator_advance(it); fail_if(it->finished, "IP set should have more than 1 element"); fail_unless(cork_ip_equal(&ip2, &it->addr), "IP address 1 doesn't match"); fail_unless(it->cidr_prefix == 32, "IP CIDR prefix 1 doesn't match"); ipset_iterator_advance(it); fail_unless(it->finished, "IP set should contain 2 elements"); ipset_iterator_free(it); ipset_done(&set); }
END_TEST START_TEST(test_ipv6_bad_netmask_02) { ip_set_t set; ipset_init(&set); ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 129); fail_unless(ipset_is_empty(&set), "Bad netmask shouldn't change set"); ipset_done(&set); }
END_TEST START_TEST(test_ipv6_insert_network_01) { ip_set_t set; ipset_init(&set); fail_if(ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 32), "Element should not be present"); fail_unless(ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 32), "Element should be present"); ipset_done(&set); }
END_TEST START_TEST(test_ipv6_iterate_network_03) { struct ip_set set; ipset_init(&set); /* * If we add all of the IP addresses in a network individually, we * should still get the network as a whole from the iterator. */ struct cork_ip ip1; cork_ip_init(&ip1, "fe80::"); struct cork_ip ip2; cork_ip_init(&ip2, "fe80::1"); fail_if(ipset_ip_add(&set, &ip1), "Element should not be present"); fail_if(ipset_ip_add(&set, &ip2), "Element should not be present"); struct ipset_iterator *it = ipset_iterate_networks(&set, true); fail_if(it == NULL, "IP set iterator is NULL"); fail_if(it->finished, "IP set shouldn't be empty"); fail_unless(cork_ip_equal(&ip1, &it->addr), "IP address 0 doesn't match"); fail_unless(it->cidr_prefix == 127, "IP CIDR prefix 0 doesn't match"); ipset_iterator_advance(it); fail_unless(it->finished, "IP set should contain 1 elements"); ipset_iterator_free(it); ipset_done(&set); }
END_TEST START_TEST(test_ipv6_insert_network_02) { ip_set_t set; ipset_init(&set); ipset_ip_t ip; ipset_ip_from_string(&ip, "fe80::21e:c2ff:fe9f:e8e1"); fail_if(ipset_ip_add_network(&set, &ip, 32), "Element should not be present"); fail_unless(ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 32), "Element should be present"); ipset_done(&set); }
END_TEST START_TEST(test_ipv4_insert_network_02) { ip_set_t set; ipset_init(&set); ipset_ip_t ip; ipset_ip_from_string(&ip, "192.168.1.100"); fail_if(ipset_ip_add_network(&set, &ip, 24), "Element should not be present"); fail_unless(ipset_ipv4_add_network(&set, &IPV4_ADDR_1, 24), "Element should be present"); ipset_done(&set); }
END_TEST START_TEST(test_generic_ip_iterate_01) { struct ip_set set; ipset_init(&set); struct cork_ip ip1; cork_ip_init(&ip1, "0.0.0.0"); struct cork_ip ip2; cork_ip_init(&ip2, "::"); struct ipset_iterator *it = ipset_iterate_networks(&set, false); fail_if(it == NULL, "IP set iterator is NULL"); fail_if(it->finished, "IP set shouldn't be empty"); fail_unless(cork_ip_equal(&ip1, &it->addr), "IP address 0 doesn't match"); fail_unless(it->cidr_prefix == 0, "IP CIDR prefix 0 doesn't match"); ipset_iterator_advance(it); fail_if(it->finished, "IP set should have more than 1 element"); fail_unless(cork_ip_equal(&ip2, &it->addr), "IP address 1 doesn't match"); fail_unless(it->cidr_prefix == 0, "IP CIDR prefix 1 doesn't match"); ipset_iterator_advance(it); fail_unless(it->finished, "IP set should contain 2 elements"); ipset_iterator_free(it); ipset_done(&set); }
END_TEST /*----------------------------------------------------------------------- * IPv6 tests */ START_TEST(test_ipv6_insert_01) { ip_set_t set; ipset_init(&set); fail_if(ipset_ipv6_add(&set, &IPV6_ADDR_1), "Element should not be present"); fail_unless(ipset_ipv6_add(&set, &IPV6_ADDR_1), "Element should be present"); ipset_done(&set); }
static void one_test(long num_elements) { ip_set_t set; long i; size_t size; double size_per_element; ipset_init(&set); for (i = 0; i < num_elements; i++) { ipv4_addr_t ip; random_ip(&ip); ipset_ipv4_add(&set, &ip); } size = ipset_memory_size(&set); size_per_element = ((double) size) / num_elements; fprintf(stdout, "%lu %zu %.3f\n", num_elements, size, size_per_element); ipset_done(&set); }
void free_acl(void) { ipset_done(&acl_ip_set); }
void ipset_free(struct ip_set *set) { ipset_done(set); free(set); }
void acl_free(void) { ipset_done(&acl_ipv4_set); ipset_done(&acl_ipv6_set); }
void free_acl(void) { ipset_done(&acl_ipv4_set); ipset_done(&acl_ipv6_set); }