END_TEST START_TEST(test_ip_address) { DESCRIBE_TEST; struct cork_ip addr; #define GOOD(str, normalized) \ { \ struct cork_ip addr; \ fail_if_error(cork_ip_init(&addr, str)); \ char actual[CORK_IP_STRING_LENGTH]; \ cork_ip_to_raw_string(&addr, actual); \ fail_unless(strcmp(actual, normalized) == 0, \ "Unexpected string representation: " \ "got \"%s\", expected \"%s\"", \ actual, normalized); \ \ struct cork_ip addr2; \ cork_ip_init(&addr2, normalized); \ fail_unless(cork_ip_equal(&addr, &addr2), \ "IP instances should be equal"); \ } #define BAD(str, unused) \ { \ struct cork_ip addr; \ fail_unless_error \ (cork_ip_init(&addr, str), \ "Shouldn't be able to initialize IP address from \"%s\"", \ str); \ } IPV4_TESTS(GOOD, BAD); IPV6_TESTS(GOOD, BAD); #undef GOOD #undef BAD struct cork_ipv4 addr4; struct cork_ipv6 addr6; fprintf(stderr, "Testing IP address versions\n"); cork_ip_init(&addr, "192.168.1.1"); cork_ipv4_init(&addr4, "192.168.1.1"); fail_unless(addr.version == 4, "Unexpected IP address version (expected 4, got %u)", addr.version); fail_unless(cork_ipv4_equal(&addr.ip.v4, &addr4), "IP addresses should be equal"); cork_ip_init(&addr, "fe80::1"); cork_ipv6_init(&addr6, "fe80::1"); fail_unless(addr.version == 6, "Unexpected IP address version (expected 6, got %u)", addr.version); fail_unless(cork_ipv6_equal(&addr.ip.v6, &addr6), "IP addresses should be equal"); }
int init_acl(const char *path) { // initialize ipset ipset_init_library(); ipset_init(&acl_ip_set); // initialize array cork_string_array_init(&acl_domain_array); FILE *f = fopen(path, "r"); if (f == NULL) { LOGE("Invalid acl path."); return -1; } char line[256]; while(!feof(f)) { if (fgets(line, 256, f)) { // Trim the newline int len = strlen(line); if (len > 0 && line[len - 1] == '\n') { line[len - 1] = '\0'; } char *host = NULL; int cidr; parse_addr_cidr(line, &host, &cidr); if (cidr == -1) { cork_string_array_append(&acl_domain_array, host); } else { struct cork_ipv4 addr; int err = cork_ipv4_init(&addr, host); if (!err) { if (cidr >= 0) ipset_ipv4_add_network(&acl_ip_set, &addr, cidr); else ipset_ipv4_add(&acl_ip_set, &addr); } } if (host != NULL) free(host); } } fclose(f); return 0; }
int acl_contains_ip(const char* host) { struct cork_ipv4 addr; int err = cork_ipv4_init(&addr, host); if (err) return 0; struct cork_ip ip; cork_ip_from_ipv4(&ip, &addr); return ipset_contains_ip(&acl_ip_set, &ip); }
END_TEST /*----------------------------------------------------------------------- * IP addresses */ #define IPV4_TESTS(good, bad) \ good("192.168.1.100", "192.168.1.100"); \ good("01.002.0003.00000004", "1.2.3.4"); \ good("010.0020.00034.00000089", "10.20.34.89"); \ good("0100.000200.00.000", "100.200.0.0"); \ bad("", -1); \ bad(".", -1); \ bad("192.168.0.", -1); \ bad("192.168.0.1.", -1); \ bad("192..168.0.1", -1); \ bad("192.168.0.1.2", -1); \ bad(".168.0.1.2", -1); \ bad("256.0.0.0", -1); \ bad("00256.0.0.0", -1); \ bad("392.0.0.0", -1); \ bad("1920.0.0.0", -1); \ bad("stuv", -1); \ #define IPV6_TESTS(good, bad) \ good("::", "::"); \ good("0:0:0:0:0:0:0:0", "::"); \ good("0000:0000:0000:0000:0000:0000:0000:0000", "::"); \ good("fe80::", "fe80::"); \ good("fe80:0:0:0:0:0:0:0", "fe80::"); \ good("fe80:0000:0000:0000:0000:0000:0000:0000", "fe80::"); \ good("::1", "::1"); \ good("0:0:0:0:0:0:0:1", "::1"); \ good("0000:0000:0000:0000:0000:0000:0000:0001", "::1"); \ good("fe80::1", "fe80::1"); \ good("fe80:0:0:0:0:0:0:1", "fe80::1"); \ good("fe80:0000:0000:0000:0000:0000:0000:0001", "fe80::1"); \ good("0:1:2:3:4:5:6:7", "0:1:2:3:4:5:6:7"); \ good("1230:4567:89ab:cdef:1230:4567:89ab:cdef", \ "1230:4567:89ab:cdef:1230:4567:89ab:cdef"); \ good("::ffff:192.168.1.100", "::ffff:192.168.1.100"); \ bad("", -1); \ bad(":", -1); \ bad("fe80:", -1); \ bad("fe80::1::2", -1); \ bad("1:2:3:4:5:6:7", -1); \ bad("1:2:3:4:5:6:7:8:9", -1); \ bad("::1:", -1); \ bad("fe800::", -1); \ bad("stuv", -1); \ /* RFC 5952 recommendations */ \ good("2001:0db8::0001", "2001:db8::1"); \ good("2001:db8:0:0:0:0:2:1", "2001:db8::2:1"); \ good("2001:db8:0:1:1:1:1:1", "2001:db8:0:1:1:1:1:1"); \ good("2001:0:0:1:0:0:0:1", "2001:0:0:1::1"); \ good("2001:db8:0:0:1:0:0:1", "2001:db8::1:0:0:1"); \ good("0:1:A:B:C:D:E:F", "0:1:a:b:c:d:e:f"); \ START_TEST(test_ipv4_address) { DESCRIBE_TEST; #define GOOD(str, normalized) \ { \ struct cork_ipv4 addr; \ fail_if_error(cork_ipv4_init(&addr, str)); \ char actual[CORK_IPV4_STRING_LENGTH]; \ cork_ipv4_to_raw_string(&addr, actual); \ fail_unless(strcmp(actual, normalized) == 0, \ "Unexpected string representation: " \ "got \"%s\", expected \"%s\"", \ actual, normalized); \ \ struct cork_ipv4 addr2; \ cork_ipv4_init(&addr2, normalized); \ fail_unless(cork_ipv4_equal(&addr, &addr2), \ "IPv4 instances should be equal"); \ } #define BAD(str, unused) \ { \ struct cork_ipv4 addr; \ fail_unless_error \ (cork_ipv4_init(&addr, str), \ "Shouldn't be able to initialize IPv4 address from \"%s\"", \ str); \ } IPV4_TESTS(GOOD, BAD); IPV6_TESTS(BAD, BAD); #undef GOOD #undef BAD struct cork_ipv4 addr4; unsigned int ipv4_cidr_good = 30; unsigned int ipv4_cidr_bad_value = 24; unsigned int ipv4_cidr_bad_range = 33; fprintf(stderr, "Testing network prefixes\n"); cork_ipv4_init(&addr4, "1.2.3.4"); fail_unless(cork_ipv4_is_valid_network(&addr4, ipv4_cidr_good), "Bad CIDR block for 1.2.3.4 and %u", ipv4_cidr_good); fail_if(cork_ipv4_is_valid_network(&addr4, ipv4_cidr_bad_value), "IPv4 CIDR check should fail for %u", ipv4_cidr_bad_value); fail_if(cork_ipv4_is_valid_network(&addr4, ipv4_cidr_bad_range), "IPv4 CIDR check should fail for %u", ipv4_cidr_bad_range); }