void test_IPv6Address(void) {
/* IPv6 addresses are assumed to have 64-bit host- and 64-bit network parts. */
const struct in6_addr input_address = {
0x20, 0x01, 0x0d, 0xb8,
0x85, 0xa3, 0x08, 0xd3,
0x13, 0x19, 0x8a, 0x2e,
0x03, 0x70, 0x73, 0x34
}; // 2001:0db8:85a3:08d3:1319:8a2e:0370:7334
const struct in6_addr expected_address = {
0x20, 0x01, 0x0d, 0xb8,
0x85, 0xa3, 0x08, 0xd3,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00
}; // 2001:0db8:85a3:08d3:0000:0000:0000:0000
sockaddr_u input;
input.sa6.sin6_family = AF_INET6;
input.sa6.sin6_addr = input_address;
SET_PORT(&input, 3000);
sockaddr_u expected;
expected.sa6.sin6_family = AF_INET6;
expected.sa6.sin6_addr = expected_address;
SET_PORT(&expected, 3000);
sockaddr_u* actual = netof(&input);
TEST_ASSERT_TRUE(actual != NULL);
TEST_ASSERT_TRUE(IsEqual(expected, *actual));
}
void test_ClassCAddress(void) {
sockaddr_u input = CreateSockaddr4("192.0.2.255", NTP_PORT);
sockaddr_u expected = CreateSockaddr4("192.0.2.0", NTP_PORT);
sockaddr_u* actual = netof(&input);
TEST_ASSERT_TRUE(actual != NULL);
TEST_ASSERT_TRUE(IsEqual(expected, *actual));
}
TEST_F(netofTest, ClassBAddress) {
sockaddr_u input = CreateSockaddr4("172.16.2.1", NTP_PORT);
sockaddr_u expected = CreateSockaddr4("172.16.0.0", NTP_PORT);
sockaddr_u* actual = netof(&input);
ASSERT_TRUE(actual != NULL);
EXPECT_TRUE(IsEqual(expected, *actual));
}
void test_ClassAAddress(void) {
/* Class A addresses are assumed to be classless,
* thus the same address should be returned.
*/
sockaddr_u input = CreateSockaddr4("10.20.30.40", NTP_PORT);
sockaddr_u expected = CreateSockaddr4("10.20.30.40", NTP_PORT);
sockaddr_u* actual = netof(&input);
TEST_ASSERT_TRUE(actual != NULL);
TEST_ASSERT_TRUE(IsEqual(expected, *actual));
}
void
test_ClassBAddress(void)
{
sockaddr_u input = CreateSockaddr4("172.16.2.1", NTP_PORT);
sockaddr_u expected = CreateSockaddr4("172.16.0.0", NTP_PORT);
sockaddr_u* actual = netof(&input);
TEST_ASSERT_TRUE(actual != NULL);
TEST_ASSERT_TRUE(IsEqual(expected, *actual));
return;
}
/*
* restrictions - return restrictions for this host
*/
int
restrictions(
struct sockaddr_in *srcadr
)
{
register struct restrictlist *rl;
register struct restrictlist *match;
register u_int32 hostaddr;
register int isntpport;
res_calls++;
/*
* We need the host address in host order. Also need to know
* whether this is from the ntp port or not.
*/
hostaddr = SRCADR(srcadr);
isntpport = (SRCPORT(srcadr) == NTP_PORT);
/*
* Ignore any packets with a multicast source address
* (this should be done early in the receive process, later!)
*/
if (IN_CLASSD(ntohl(srcadr->sin_addr.s_addr)))
return (int)RES_IGNORE;
/*
* Set match to first entry, which is default entry. Work our
* way down from there.
*/
match = restrictlist;
for (rl = match->next; rl != 0 && rl->addr <= hostaddr; rl = rl->next)
if ((hostaddr & rl->mask) == rl->addr) {
if ((rl->mflags & RESM_NTPONLY) && !isntpport)
continue;
match = rl;
}
match->count++;
if (match == restrictlist)
res_not_found++;
else
res_found++;
/*
* The following implements limiting the number of clients
* accepted from a given network. The notion of "same network"
* is determined by the mask and addr fields of the restrict
* list entry. The monitor mechanism has to be enabled for
* collecting info on current clients.
*
* The policy is as follows:
* - take the list of clients recorded
* from the given "network" seen within the last
* client_limit_period seconds
* - if there are at most client_limit entries:
* --> access allowed
* - otherwise sort by time first seen
* - current client among the first client_limit seen
* hosts?
* if yes: access allowed
* else: eccess denied
*/
if (match->flags & RES_LIMITED) {
int lcnt;
struct mon_data *md, *this_client;
#ifdef DEBUG
if (debug > 2)
printf("limited clients check: %ld clients, period %ld seconds, net is 0x%lX\n",
client_limit, client_limit_period,
(u_long)netof(hostaddr));
#endif /*DEBUG*/
if (mon_enabled == MON_OFF) {
#ifdef DEBUG
if (debug > 4)
printf("no limit - monitoring is off\n");
#endif
return (int)(match->flags & ~RES_LIMITED);
}
/*
* How nice, MRU list provides our current client as the
* first entry in the list.
* Monitoring was verified to be active above, thus we
* know an entry for our client must exist, or some
* brain dead set the memory limit for mon entries to ZERO!!!
*/
this_client = mon_mru_list.mru_next;
for (md = mon_fifo_list.fifo_next,lcnt = 0;
md != &mon_fifo_list;
md = md->fifo_next) {
if ((current_time - md->lasttime)
> client_limit_period) {
#ifdef DEBUG
if (debug > 5)
printf("checking: %s: ignore: too old: %ld\n",
numtoa(md->rmtadr),
current_time - md->lasttime);
#endif
continue;
}
if (md->mode == MODE_BROADCAST ||
md->mode == MODE_CONTROL ||
md->mode == MODE_PRIVATE) {
#ifdef DEBUG
if (debug > 5)
printf("checking: %s: ignore mode %d\n",
numtoa(md->rmtadr),
md->mode);
#endif
continue;
}
if (netof(md->rmtadr) !=
netof(hostaddr)) {
#ifdef DEBUG
if (debug > 5)
printf("checking: %s: different net 0x%lX\n",
numtoa(md->rmtadr),
(u_long)netof(md->rmtadr));
#endif
continue;
}
lcnt++;
if (lcnt > (int) client_limit ||
md->rmtadr == hostaddr) {
#ifdef DEBUG
if (debug > 5)
printf("considering %s: found host\n",
numtoa(md->rmtadr));
#endif
break;
}
#ifdef DEBUG
else {
if (debug > 5)
printf("considering %s: same net\n",
numtoa(md->rmtadr));
}
#endif
}
#ifdef DEBUG
if (debug > 4)
printf("this one is rank %d in list, limit is %lu: %s\n",
lcnt, client_limit,
(lcnt <= (int) client_limit) ? "ALLOW" : "REJECT");
#endif
if (lcnt <= (int) client_limit) {
this_client->lastdrop = 0;
return (int)(match->flags & ~RES_LIMITED);
} else {
this_client->lastdrop = current_time;
}
}
return (int)match->flags;
}
