bool TestCppBase::TestIpBlockMap() {
struct in6_addr addr;
int bits;
VERIFY(IpBlockMap::ReadIPv6Address("204.15.21.0/22", &addr, bits));
VS(bits, 118);
VS(in6addrWord(addr, 0), 0x00000000L);
VS(in6addrWord(addr, 1), 0x00000000L);
VS(in6addrWord(addr, 2), 0x0000FFFFL);
VS(in6addrWord(addr, 3), 0xCC0F1500L);
VERIFY(IpBlockMap::ReadIPv6Address("127.0.0.1", &addr, bits));
VS(bits, 128);
VS(in6addrWord(addr, 0), 0x00000000L);
VS(in6addrWord(addr, 1), 0x00000000L);
VS(in6addrWord(addr, 2), 0x0000FFFFL);
VS(in6addrWord(addr, 3), 0x7F000001L);
VERIFY(IpBlockMap::ReadIPv6Address(
"1111:2222:3333:4444:5555:6666:789a:bcde", &addr, bits));
VS(bits, 128);
VS(in6addrWord(addr, 0), 0x11112222L);
VS(in6addrWord(addr, 1), 0x33334444L);
VS(in6addrWord(addr, 2), 0x55556666L);
VS(in6addrWord(addr, 3), 0x789abcdeL);
VERIFY(IpBlockMap::ReadIPv6Address(
"1111:2222:3333:4444:5555:6666:789a:bcde/68", &addr, bits));
VS(bits, 68);
VS(in6addrWord(addr, 0), 0x11112222L);
VS(in6addrWord(addr, 1), 0x33334444L);
VS(in6addrWord(addr, 2), 0x55556666L);
VS(in6addrWord(addr, 3), 0x789abcdeL);
IpBlockMap::BinaryPrefixTrie root(true);
unsigned char value[16];
// Default value with no additional nodes
memset(value, 0, 16);
VERIFY(root.isAllowed(value, 1));
value[0] = 0x80;
VERIFY(root.isAllowed(value));
// Inheritance of parent allow value through multiple levels of new nodes
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 1, false);
value[0] = 0xf0;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 4, true);
VERIFY(root.isAllowed(value));
value[0] = 0xe0;
VERIFY(!root.isAllowed(value));
value[0] = 0xc0;
VERIFY(!root.isAllowed(value));
value[0] = 0x80;
VERIFY(!root.isAllowed(value));
value[0] = 0;
VERIFY(root.isAllowed(value));
// > 1 byte in address
value[2] = 0xff;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 24, false);
VERIFY(!root.isAllowed(value));
value[3] = 0xff;
VERIFY(!root.isAllowed(value));
value[2] = 0xfe;
VERIFY(root.isAllowed(value));
// Exact address match
value[2] = 0xff;
value[15] = 1;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 128, true);
VERIFY(root.isAllowed(value));
Hdf hdf;
hdf.fromString(
" 0 {\n"
" Location = /test\n"
" AllowFirst = true\n"
" Ip {\n"
" Allow {\n"
" * = 127.0.0.1\n"
" }\n"
" Deny {\n"
" * = 8.32.0.0/24\n"
" * = aaaa:bbbb:cccc:dddd:eeee:ffff:1111::/80\n"
" }\n"
" }\n"
" }\n"
);
IpBlockMap ibm(hdf);
VERIFY(!ibm.isBlocking("test/blah.php", "127.0.0.1"));
VERIFY(ibm.isBlocking("test/blah.php", "8.32.0.104"));
VERIFY(ibm.isBlocking("test/blah.php",
"aaaa:bbbb:cccc:dddd:eeee:9999:8888:7777"));
VERIFY(!ibm.isBlocking("test/blah.php",
"aaaa:bbbb:cccc:dddd:eee3:4444:3333:2222"));
return Count(true);
}
bool TestCppBase::TestIpBlockMapIni() {
struct in6_addr addr;
int bits;
VERIFY(IpBlockMap::ReadIPv6Address("204.15.21.0/22", &addr, bits));
VS(bits, 118);
VS(in6addrWord(addr, 0), 0x00000000L);
VS(in6addrWord(addr, 1), 0x00000000L);
VS(in6addrWord(addr, 2), 0x0000FFFFL);
VS(in6addrWord(addr, 3), 0xCC0F1500L);
VERIFY(IpBlockMap::ReadIPv6Address("127.0.0.1", &addr, bits));
VS(bits, 128);
VS(in6addrWord(addr, 0), 0x00000000L);
VS(in6addrWord(addr, 1), 0x00000000L);
VS(in6addrWord(addr, 2), 0x0000FFFFL);
VS(in6addrWord(addr, 3), 0x7F000001L);
VERIFY(IpBlockMap::ReadIPv6Address(
"1111:2222:3333:4444:5555:6666:789a:bcde", &addr, bits));
VS(bits, 128);
VS(in6addrWord(addr, 0), 0x11112222L);
VS(in6addrWord(addr, 1), 0x33334444L);
VS(in6addrWord(addr, 2), 0x55556666L);
VS(in6addrWord(addr, 3), 0x789abcdeL);
VERIFY(IpBlockMap::ReadIPv6Address(
"1111:2222:3333:4444:5555:6666:789a:bcde/68", &addr, bits));
VS(bits, 68);
VS(in6addrWord(addr, 0), 0x11112222L);
VS(in6addrWord(addr, 1), 0x33334444L);
VS(in6addrWord(addr, 2), 0x55556666L);
VS(in6addrWord(addr, 3), 0x789abcdeL);
IpBlockMap::BinaryPrefixTrie root(true);
unsigned char value[16];
// Default value with no additional nodes
memset(value, 0, 16);
VERIFY(root.isAllowed(value, 1));
value[0] = 0x80;
VERIFY(root.isAllowed(value));
// Inheritance of parent allow value through multiple levels of new nodes
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 1, false);
value[0] = 0xf0;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 4, true);
VERIFY(root.isAllowed(value));
value[0] = 0xe0;
VERIFY(!root.isAllowed(value));
value[0] = 0xc0;
VERIFY(!root.isAllowed(value));
value[0] = 0x80;
VERIFY(!root.isAllowed(value));
value[0] = 0;
VERIFY(root.isAllowed(value));
// > 1 byte in address
value[2] = 0xff;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 24, false);
VERIFY(!root.isAllowed(value));
value[3] = 0xff;
VERIFY(!root.isAllowed(value));
value[2] = 0xfe;
VERIFY(root.isAllowed(value));
// Exact address match
value[2] = 0xff;
value[15] = 1;
IpBlockMap::BinaryPrefixTrie::InsertNewPrefix(&root, value, 128, true);
VERIFY(root.isAllowed(value));
std::string inistr =
"hhvm.ip_block_map[0][location] = /test\n"
"hhvm.ip_block_map[0][allow_first] = true\n"
"hhvm.ip_block_map[0][ip][allow][0] = 127.0.0.1\n"
"hhvm.ip_block_map[0][ip][deny][0] = 8.32.0.0/24\n"
"hhvm.ip_block_map[0][ip][deny][1] = "
"aaaa:bbbb:cccc:dddd:eeee:ffff:1111::/80\n";
IniSetting::Map ini = IniSetting::Map::object;
Hdf empty;
Config::ParseIniString(inistr, ini);
IpBlockMap ibm(ini, empty);
VERIFY(!ibm.isBlocking("test/blah.php", "127.0.0.1"));
VERIFY(ibm.isBlocking("test/blah.php", "8.32.0.104"));
VERIFY(ibm.isBlocking("test/blah.php",
"aaaa:bbbb:cccc:dddd:eeee:9999:8888:7777"));
// allow first
VERIFY(!ibm.isBlocking("test/blah.php",
"aaaa:bbbb:cccc:dddd:eee3:4444:3333:2222"));
return Count(true);
}