END_TEST START_TEST(test_ipv6_bad_netmask_01) { ip_set_t set; ipset_init(&set); ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 0); fail_unless(ipset_is_empty(&set), "Bad netmask shouldn't change set"); ipset_done(&set); }
int init_acl(const char *path, int mode) { acl_mode = mode; // initialize ipset ipset_init_library(); ipset_init(&acl_ipv4_set); ipset_init(&acl_ipv6_set); FILE *f = fopen(path, "r"); if (f == NULL) { LOGE("Invalid acl path."); return -1; } char line[256]; while (!feof(f)) if (fgets(line, 256, f)) { // Trim the newline int len = strlen(line); if (len > 0 && line[len - 1] == '\n') { line[len - 1] = '\0'; } char host[256]; int cidr; parse_addr_cidr(line, host, &cidr); struct cork_ip addr; int err = cork_ip_init(&addr, host); if (!err) { if (addr.version == 4) { if (cidr >= 0) { ipset_ipv4_add_network(&acl_ipv4_set, &(addr.ip.v4), cidr); } else { ipset_ipv4_add(&acl_ipv4_set, &(addr.ip.v4)); } } else if (addr.version == 6) { if (cidr >= 0) { ipset_ipv6_add_network(&acl_ipv6_set, &(addr.ip.v6), cidr); } else { ipset_ipv6_add(&acl_ipv6_set, &(addr.ip.v6)); } } } } fclose(f); return 0; }
END_TEST START_TEST(test_ipv6_inequality_1) { ip_set_t set1, set2; ipset_init(&set1); ipset_ipv6_add(&set1, &IPV6_ADDR_1); ipset_init(&set2); ipset_ipv6_add_network(&set2, &IPV6_ADDR_1, 32); fail_unless(ipset_is_not_equal(&set1, &set2), "Expected {x} != {x}"); ipset_done(&set1); ipset_done(&set2); }
END_TEST START_TEST(test_ipv6_insert_network_02) { ip_set_t set; ipset_init(&set); ipset_ip_t ip; ipset_ip_from_string(&ip, "fe80::21e:c2ff:fe9f:e8e1"); fail_if(ipset_ip_add_network(&set, &ip, 32), "Element should not be present"); fail_unless(ipset_ipv6_add_network(&set, &IPV6_ADDR_1, 32), "Element should be present"); ipset_done(&set); }
END_TEST START_TEST(test_ipv6_store_03) { ip_set_t set; ip_set_t *read_set; ipset_init(&set); ipset_ipv6_add(&set, &IPV6_ADDR_1); ipset_ipv6_add(&set, &IPV6_ADDR_2); ipset_ipv6_add_network(&set, &IPV6_ADDR_3, 24); GOutputStream *ostream = g_memory_output_stream_new(NULL, 0, g_realloc, g_free); GMemoryOutputStream *mostream = G_MEMORY_OUTPUT_STREAM(ostream); fail_unless(ipset_save(ostream, &set, NULL), "Could not save set"); GInputStream *istream = g_memory_input_stream_new_from_data (g_memory_output_stream_get_data(mostream), g_memory_output_stream_get_data_size(mostream), NULL); read_set = ipset_load(istream, NULL); fail_if(read_set == NULL, "Could not read set"); fail_unless(ipset_is_equal(&set, read_set), "Set not same after saving/loading"); g_object_unref(ostream); g_object_unref(istream); ipset_done(&set); ipset_free(read_set); }
int init_acl(const char *path) { // initialize ipset ipset_init_library(); ipset_init(&white_list_ipv4); ipset_init(&white_list_ipv6); ipset_init(&black_list_ipv4); ipset_init(&black_list_ipv6); ipset_init(&outbound_block_list_ipv4); ipset_init(&outbound_block_list_ipv6); cork_dllist_init(&black_list_rules); cork_dllist_init(&white_list_rules); cork_dllist_init(&outbound_block_list_rules); struct ip_set *list_ipv4 = &black_list_ipv4; struct ip_set *list_ipv6 = &black_list_ipv6; struct cork_dllist *rules = &black_list_rules; FILE *f = fopen(path, "r"); if (f == NULL) { LOGE("Invalid acl path."); return -1; } char buf[257]; while (!feof(f)) if (fgets(buf, 256, f)) { // Trim the newline int len = strlen(buf); if (len > 0 && buf[len - 1] == '\n') { buf[len - 1] = '\0'; } char *comment = strchr(buf, '#'); if (comment) { *comment = '\0'; } char *line = trimwhitespace(buf); if (strlen(line) == 0) { continue; } if (strcmp(line, "[outbound_block_list]") == 0) { list_ipv4 = &outbound_block_list_ipv4; list_ipv6 = &outbound_block_list_ipv6; rules = &outbound_block_list_rules; continue; } else if (strcmp(line, "[black_list]") == 0 || strcmp(line, "[bypass_list]") == 0) { list_ipv4 = &black_list_ipv4; list_ipv6 = &black_list_ipv6; rules = &black_list_rules; continue; } else if (strcmp(line, "[white_list]") == 0 || strcmp(line, "[proxy_list]") == 0) { list_ipv4 = &white_list_ipv4; list_ipv6 = &white_list_ipv6; rules = &white_list_rules; continue; } else if (strcmp(line, "[reject_all]") == 0 || strcmp(line, "[bypass_all]") == 0) { acl_mode = WHITE_LIST; continue; } else if (strcmp(line, "[accept_all]") == 0 || strcmp(line, "[proxy_all]") == 0) { acl_mode = BLACK_LIST; continue; } else if (strcmp(line, "[remote_dns]") == 0) { continue; } char host[257]; int cidr; parse_addr_cidr(line, host, &cidr); struct cork_ip addr; int err = cork_ip_init(&addr, host); if (!err) { if (addr.version == 4) { if (cidr >= 0) { ipset_ipv4_add_network(list_ipv4, &(addr.ip.v4), cidr); } else { ipset_ipv4_add(list_ipv4, &(addr.ip.v4)); } } else if (addr.version == 6) { if (cidr >= 0) { ipset_ipv6_add_network(list_ipv6, &(addr.ip.v6), cidr); } else { ipset_ipv6_add(list_ipv6, &(addr.ip.v6)); } } } else { rule_t *rule = new_rule(); accept_rule_arg(rule, line); init_rule(rule); add_rule(rules, rule); } } fclose(f); return 0; }