bool TestCppBase::TestIpBlockMapIni() {
struct in6_addr addr;
int bits;
VERIFY(IpBlockMap::ReadIPv6Address("204.15.21.0/22", &addr, bits));
VS(bits, 118);
VS(in6addrWord(addr, 0), 0x00000000L);
VS(in6addrWord(addr, 1), 0x00000000L);
VS(in6addrWord(addr, 2), 0x0000FFFFL);
VS(in6addrWord(addr, 3), 0xCC0F1500L);
VERIFY(IpBlockMap::ReadIPv6Address("127.0.0.1", &addr, bits));
VS(bits, 128);
VS(in6addrWord(addr, 0), 0x00000000L);
VS(in6addrWord(addr, 1), 0x00000000L);
VS(in6addrWord(addr, 2), 0x0000FFFFL);
VS(in6addrWord(addr, 3), 0x7F000001L);
VERIFY(IpBlockMap::ReadIPv6Address(
"1111:2222:3333:4444:5555:6666:789a:bcde", &addr, bits));
VS(bits, 128);
VS(in6addrWord(addr, 0), 0x11112222L);
VS(in6addrWord(addr, 1), 0x33334444L);
VS(in6addrWord(addr, 2), 0x55556666L);
VS(in6addrWord(addr, 3), 0x789abcdeL);
VERIFY(IpBlockMap::ReadIPv6Address(
"1111:2222:3333:4444:5555:6666:789a:bcde/68", &addr, bits));
VS(bits, 68);
VS(in6addrWord(addr, 0), 0x11112222L);
VS(in6addrWord(addr, 1), 0x33334444L);
VS(in6addrWord(addr, 2), 0x55556666L);
VS(in6addrWord(addr, 3), 0x789abcdeL);
IpBlockMap::BinaryPrefixTrie root(true);
unsigned char value[16];
// Default value with no additional nodes
memset(value, 0, 16);
VERIFY(root.isAllowed(value, 1));
value[0] = 0x80;
VERIFY(root.isAllowed(value));
// Inheritance of parent allow value through multiple levels of new nodes
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 1, false);
value[0] = 0xf0;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 4, true);
VERIFY(root.isAllowed(value));
value[0] = 0xe0;
VERIFY(!root.isAllowed(value));
value[0] = 0xc0;
VERIFY(!root.isAllowed(value));
value[0] = 0x80;
VERIFY(!root.isAllowed(value));
value[0] = 0;
VERIFY(root.isAllowed(value));
// > 1 byte in address
value[2] = 0xff;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 24, false);
VERIFY(!root.isAllowed(value));
value[3] = 0xff;
VERIFY(!root.isAllowed(value));
value[2] = 0xfe;
VERIFY(root.isAllowed(value));
// Exact address match
value[2] = 0xff;
value[15] = 1;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 128, true);
VERIFY(root.isAllowed(value));
std::string inistr =
"hhvm.ip_block_map[0][location] = /test\n"
"hhvm.ip_block_map[0][allow_first] = true\n"
"hhvm.ip_block_map[0][ip][allow][0] = 127.0.0.1\n"
"hhvm.ip_block_map[0][ip][deny][0] = 8.32.0.0/24\n"
"hhvm.ip_block_map[0][ip][deny][1] = "
"aaaa:bbbb:cccc:dddd:eeee:ffff:1111::/80\n";
IniSetting::Map ini = IniSetting::Map::object;
Hdf empty;
Config::ParseIniString(inistr, ini);
IpBlockMap ibm(ini, empty);
VERIFY(!ibm.isBlocking("test/blah.php", "127.0.0.1"));
VERIFY(ibm.isBlocking("test/blah.php", "8.32.0.104"));
VERIFY(ibm.isBlocking("test/blah.php",
"aaaa:bbbb:cccc:dddd:eeee:9999:8888:7777"));
// allow first
VERIFY(!ibm.isBlocking("test/blah.php",
"aaaa:bbbb:cccc:dddd:eee3:4444:3333:2222"));
return Count(true);
}
bool TestCppBase::TestIpBlockMap() {
struct in6_addr addr;
int bits;
VERIFY(IpBlockMap::ReadIPv6Address("204.15.21.0/22", &addr, bits));
VS(bits, 118);
VS(in6addrWord(addr, 0), 0x00000000L);
VS(in6addrWord(addr, 1), 0x00000000L);
VS(in6addrWord(addr, 2), 0x0000FFFFL);
VS(in6addrWord(addr, 3), 0xCC0F1500L);
VERIFY(IpBlockMap::ReadIPv6Address("127.0.0.1", &addr, bits));
VS(bits, 128);
VS(in6addrWord(addr, 0), 0x00000000L);
VS(in6addrWord(addr, 1), 0x00000000L);
VS(in6addrWord(addr, 2), 0x0000FFFFL);
VS(in6addrWord(addr, 3), 0x7F000001L);
VERIFY(IpBlockMap::ReadIPv6Address(
"1111:2222:3333:4444:5555:6666:789a:bcde", &addr, bits));
VS(bits, 128);
VS(in6addrWord(addr, 0), 0x11112222L);
VS(in6addrWord(addr, 1), 0x33334444L);
VS(in6addrWord(addr, 2), 0x55556666L);
VS(in6addrWord(addr, 3), 0x789abcdeL);
VERIFY(IpBlockMap::ReadIPv6Address(
"1111:2222:3333:4444:5555:6666:789a:bcde/68", &addr, bits));
VS(bits, 68);
VS(in6addrWord(addr, 0), 0x11112222L);
VS(in6addrWord(addr, 1), 0x33334444L);
VS(in6addrWord(addr, 2), 0x55556666L);
VS(in6addrWord(addr, 3), 0x789abcdeL);
IpBlockMap::BinaryPrefixTrie root(true);
unsigned char value[16];
// Default value with no additional nodes
memset(value, 0, 16);
VERIFY(root.isAllowed(value, 1));
value[0] = 0x80;
VERIFY(root.isAllowed(value));
// Inheritance of parent allow value through multiple levels of new nodes
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 1, false);
value[0] = 0xf0;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 4, true);
VERIFY(root.isAllowed(value));
value[0] = 0xe0;
VERIFY(!root.isAllowed(value));
value[0] = 0xc0;
VERIFY(!root.isAllowed(value));
value[0] = 0x80;
VERIFY(!root.isAllowed(value));
value[0] = 0;
VERIFY(root.isAllowed(value));
// > 1 byte in address
value[2] = 0xff;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 24, false);
VERIFY(!root.isAllowed(value));
value[3] = 0xff;
VERIFY(!root.isAllowed(value));
value[2] = 0xfe;
VERIFY(root.isAllowed(value));
// Exact address match
value[2] = 0xff;
value[15] = 1;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 128, true);
VERIFY(root.isAllowed(value));
Hdf hdf;
hdf.fromString(
" 0 {\n"
" Location = /test\n"
" AllowFirst = true\n"
" Ip {\n"
" Allow {\n"
" * = 127.0.0.1\n"
" }\n"
" Deny {\n"
" * = 8.32.0.0/24\n"
" * = aaaa:bbbb:cccc:dddd:eeee:ffff:1111::/80\n"
" }\n"
" }\n"
" }\n"
);
IpBlockMap ibm(hdf);
VERIFY(!ibm.isBlocking("test/blah.php", "127.0.0.1"));
VERIFY(ibm.isBlocking("test/blah.php", "8.32.0.104"));
VERIFY(ibm.isBlocking("test/blah.php",
"aaaa:bbbb:cccc:dddd:eeee:9999:8888:7777"));
VERIFY(!ibm.isBlocking("test/blah.php",
"aaaa:bbbb:cccc:dddd:eee3:4444:3333:2222"));
return Count(true);
}
InstantiateBackwardMessagePtr
Instantiator::instantiate(InstantiateForwardMessage& mess)
{
HistoryPtr hist = mess.getHistory();
BeliefStatePtr interface_vars = mess.getInterfaceVars();
History::const_iterator hist_it = std::find(hist->begin(), hist->end(), ctx_id);
if (hist_it != hist->end())
{
// This context is already instantiated!
InstantiateBackwardMessagePtr ibm(new InstantiateBackwardMessage(true, hist, interface_vars));
return ibm;
}
ContextSubstitutionPtr ctx_sub = mess.getCtxSubstitution();
NeighborListPtr neighbors(new NeighborList);
#ifdef DEBUG
std::cerr << "Instantiator::instantiate" << std::endl
<< "Context substitution = " << ctx_sub << std::endl;
#endif
for (BridgeRules::const_iterator r = schematic_bridge_rules->begin();
r != schematic_bridge_rules->end(); ++r)
{
// information from r
HeadPtr head = (*r)->first;
const PositiveBridgeBody& pbody = getPositiveBody(*r);
const NegativeBridgeBody& nbody = getNegativeBody(*r);
#ifdef DEBUG
std::cerr << "Instantiating schematic bridge rule: " << *r << std::endl;
#endif
// new parts for the instantiated bridge rule
PositiveBridgeBodyPtr pi_body(new PositiveBridgeBody);
NegativeBridgeBodyPtr ni_body(new NegativeBridgeBody);
std::pair<PositiveBridgeBodyPtr, NegativeBridgeBodyPtr> i_body(pi_body, ni_body);
BridgeRulePtr ri(new BridgeRule(head, i_body));
instantiate_body<PositiveBridgeBody>(pbody, pi_body, global_sigs, context_info, neighbors, ctx_sub, ctx_id);
instantiate_body<NegativeBridgeBody>(nbody, ni_body, global_sigs, context_info, neighbors, ctx_sub, ctx_id);
bridge_rules->push_back(ri);
}
#ifdef DEBUG
std::cerr << "RESULT: Instantiated bridge rules: " << std::endl
<< bridge_rules << std::endl;
#endif
// forward the instantiation request to all confirmed neighbors
#ifdef DEBUG
std::cerr << "Going to instantiate the following neighbors: " << std::endl;
std::cerr << *neighbors << std::endl;
#endif
hist->push_back(ctx_id);
for (NeighborList::const_iterator it = neighbors->begin(); it != neighbors->end(); ++it)
{
NeighborPtr nb = *it;
std::size_t neighbor_id = nb->neighbor_id;
// only invoke the not yet visited neighbors
History::const_iterator hist_it = std::find(hist->begin(), hist->end(), neighbor_id);
if (hist_it == hist->end())
{
boost::asio::io_service io_service;
boost::asio::ip::tcp::resolver resolver(io_service);
boost::asio::ip::tcp::resolver::query query(nb->hostname, nb->port);
boost::asio::ip::tcp::resolver::iterator res_it = resolver.resolve(query);
boost::asio::ip::tcp::endpoint endpoint = *res_it;
#if defined(DEBUG)
std::cerr << "Invoking neighbor " << neighbor_id << std::endl;
#endif // DEBUG
std::string header = HEADER_REQ_INSTANTIATE;
Client<InstantiatorCommandType> client(io_service, res_it, header, mess);
io_service.run();
InstantiateBackwardMessagePtr result = client.getResult();
#ifdef DEBUG
std::cerr << "Answer from neighbor: " << *result << std::endl;
#endif
if (result->getStatus() == false)
{
return result;
}
hist = result->getHistory();
interface_vars = result->getInterfaceVars();
}
else
{
#ifdef DEBUG
std::cerr << "Neighbor: " << neighbor_id << " was already instantiated." << std::endl;
#endif
}
}
InstantiateBackwardMessagePtr good_result(new InstantiateBackwardMessage(true, hist, interface_vars));
return good_result;
}
