void test_IPv6Address(void) { /* IPv6 addresses are assumed to have 64-bit host- and 64-bit network parts. */ const struct in6_addr input_address = { 0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0x08, 0xd3, 0x13, 0x19, 0x8a, 0x2e, 0x03, 0x70, 0x73, 0x34 }; // 2001:0db8:85a3:08d3:1319:8a2e:0370:7334 const struct in6_addr expected_address = { 0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0x08, 0xd3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; // 2001:0db8:85a3:08d3:0000:0000:0000:0000 sockaddr_u input; input.sa6.sin6_family = AF_INET6; input.sa6.sin6_addr = input_address; SET_PORT(&input, 3000); sockaddr_u expected; expected.sa6.sin6_family = AF_INET6; expected.sa6.sin6_addr = expected_address; SET_PORT(&expected, 3000); sockaddr_u* actual = netof(&input); TEST_ASSERT_TRUE(actual != NULL); TEST_ASSERT_TRUE(IsEqual(expected, *actual)); }
void test_ClassCAddress(void) { sockaddr_u input = CreateSockaddr4("192.0.2.255", NTP_PORT); sockaddr_u expected = CreateSockaddr4("192.0.2.0", NTP_PORT); sockaddr_u* actual = netof(&input); TEST_ASSERT_TRUE(actual != NULL); TEST_ASSERT_TRUE(IsEqual(expected, *actual)); }
TEST_F(netofTest, ClassBAddress) { sockaddr_u input = CreateSockaddr4("172.16.2.1", NTP_PORT); sockaddr_u expected = CreateSockaddr4("172.16.0.0", NTP_PORT); sockaddr_u* actual = netof(&input); ASSERT_TRUE(actual != NULL); EXPECT_TRUE(IsEqual(expected, *actual)); }
void test_ClassAAddress(void) { /* Class A addresses are assumed to be classless, * thus the same address should be returned. */ sockaddr_u input = CreateSockaddr4("10.20.30.40", NTP_PORT); sockaddr_u expected = CreateSockaddr4("10.20.30.40", NTP_PORT); sockaddr_u* actual = netof(&input); TEST_ASSERT_TRUE(actual != NULL); TEST_ASSERT_TRUE(IsEqual(expected, *actual)); }
void test_ClassBAddress(void) { sockaddr_u input = CreateSockaddr4("172.16.2.1", NTP_PORT); sockaddr_u expected = CreateSockaddr4("172.16.0.0", NTP_PORT); sockaddr_u* actual = netof(&input); TEST_ASSERT_TRUE(actual != NULL); TEST_ASSERT_TRUE(IsEqual(expected, *actual)); return; }
/* * restrictions - return restrictions for this host */ int restrictions( struct sockaddr_in *srcadr ) { register struct restrictlist *rl; register struct restrictlist *match; register u_int32 hostaddr; register int isntpport; res_calls++; /* * We need the host address in host order. Also need to know * whether this is from the ntp port or not. */ hostaddr = SRCADR(srcadr); isntpport = (SRCPORT(srcadr) == NTP_PORT); /* * Ignore any packets with a multicast source address * (this should be done early in the receive process, later!) */ if (IN_CLASSD(ntohl(srcadr->sin_addr.s_addr))) return (int)RES_IGNORE; /* * Set match to first entry, which is default entry. Work our * way down from there. */ match = restrictlist; for (rl = match->next; rl != 0 && rl->addr <= hostaddr; rl = rl->next) if ((hostaddr & rl->mask) == rl->addr) { if ((rl->mflags & RESM_NTPONLY) && !isntpport) continue; match = rl; } match->count++; if (match == restrictlist) res_not_found++; else res_found++; /* * The following implements limiting the number of clients * accepted from a given network. The notion of "same network" * is determined by the mask and addr fields of the restrict * list entry. The monitor mechanism has to be enabled for * collecting info on current clients. * * The policy is as follows: * - take the list of clients recorded * from the given "network" seen within the last * client_limit_period seconds * - if there are at most client_limit entries: * --> access allowed * - otherwise sort by time first seen * - current client among the first client_limit seen * hosts? * if yes: access allowed * else: eccess denied */ if (match->flags & RES_LIMITED) { int lcnt; struct mon_data *md, *this_client; #ifdef DEBUG if (debug > 2) printf("limited clients check: %ld clients, period %ld seconds, net is 0x%lX\n", client_limit, client_limit_period, (u_long)netof(hostaddr)); #endif /*DEBUG*/ if (mon_enabled == MON_OFF) { #ifdef DEBUG if (debug > 4) printf("no limit - monitoring is off\n"); #endif return (int)(match->flags & ~RES_LIMITED); } /* * How nice, MRU list provides our current client as the * first entry in the list. * Monitoring was verified to be active above, thus we * know an entry for our client must exist, or some * brain dead set the memory limit for mon entries to ZERO!!! */ this_client = mon_mru_list.mru_next; for (md = mon_fifo_list.fifo_next,lcnt = 0; md != &mon_fifo_list; md = md->fifo_next) { if ((current_time - md->lasttime) > client_limit_period) { #ifdef DEBUG if (debug > 5) printf("checking: %s: ignore: too old: %ld\n", numtoa(md->rmtadr), current_time - md->lasttime); #endif continue; } if (md->mode == MODE_BROADCAST || md->mode == MODE_CONTROL || md->mode == MODE_PRIVATE) { #ifdef DEBUG if (debug > 5) printf("checking: %s: ignore mode %d\n", numtoa(md->rmtadr), md->mode); #endif continue; } if (netof(md->rmtadr) != netof(hostaddr)) { #ifdef DEBUG if (debug > 5) printf("checking: %s: different net 0x%lX\n", numtoa(md->rmtadr), (u_long)netof(md->rmtadr)); #endif continue; } lcnt++; if (lcnt > (int) client_limit || md->rmtadr == hostaddr) { #ifdef DEBUG if (debug > 5) printf("considering %s: found host\n", numtoa(md->rmtadr)); #endif break; } #ifdef DEBUG else { if (debug > 5) printf("considering %s: same net\n", numtoa(md->rmtadr)); } #endif } #ifdef DEBUG if (debug > 4) printf("this one is rank %d in list, limit is %lu: %s\n", lcnt, client_limit, (lcnt <= (int) client_limit) ? "ALLOW" : "REJECT"); #endif if (lcnt <= (int) client_limit) { this_client->lastdrop = 0; return (int)(match->flags & ~RES_LIMITED); } else { this_client->lastdrop = current_time; } } return (int)match->flags; }