Skip to content

GitLab

Commit f77021d7 authored by Stephen Morris's avatar Stephen Morris
Browse files

[trac998] Dealt with most of the comments on the unit test

parent 632cd615
Hide whitespace changes
Inline Side-by-side
src/lib/acl/ip_check.h
View file @ f77021d7
......@@ -52,21 +52,20 @@ namespace internal {
/// \param prefixlen number of bits to be set in the mask. This must be
/// between 0 and 8*sizeof(T).
///
/// \return Value with the most significant "prefixlen" bits set.
/// \return uint8_t with the most significant "prefixlen" bits set.
///
/// \exception OutOfRange prefixlen is too large for the data type.
template <typename T>
T createMask(size_t prefixlen) {
uint8_t createMask(size_t prefixlen) {
if (prefixlen == 0) {
return (0);
} else if (prefixlen <= 8 * sizeof(T)) {
} else if (prefixlen <= 8) {
// In the following discussion:
//
// w is the width of the data type T in bits.
// w is the width of the data type in bits.
// m is the value of prefixlen, the number of most signifcant bits we
// want to set.
// ** is exponentiation (i.e. 2**n is 2 raised to the power of n).
......@@ -83,13 +82,12 @@ T createMask(size_t prefixlen) {
// This means 1<<(w-m) will fit into a variable of width w bits. In
// other words, in the expression below, no term will cause an integer
// overflow.
return (~((1 << (8 * sizeof(T) - prefixlen)) - 1));
return (~((1 << (8 - prefixlen)) - 1));
}
// Mask size is too large. (Note that prefixlen is unsigned, so can't be
// negative.)
isc_throw(isc::OutOfRange, "prefixlen argument must be between 0 and " <<
8 * sizeof(T));
isc_throw(isc::OutOfRange, "prefixlen argument must be between 0 and 8");
}
/// \brief Split IP Address Prefix
......@@ -354,7 +352,7 @@ private:
bits_left -= 8;
} else if (bits_left > 0) {
mask_[++i] = internal::createMask<uint8_t>(bits_left);
mask_[++i] = internal::createMask(bits_left);
bits_left = 0;
}
......
src/lib/acl/tests/ip_check_unittest.cc
View file @ f77021d7
......@@ -32,10 +32,11 @@ const size_t IPV6_SIZE = 16;
// The structure is also used for converting an IPV4 address to a four-byte
// array.
struct GeneralAddress {
int family; // Family of the address
vector<uint8_t> addr; // Address type. Size indicates what it holds
// Convert uint32_t addressi in host-byte order to a uint8_t vector
// in network-byte order.
// Convert uint32_t address in host-byte order to a uint8_t vector in
// network-byte order.
vector<uint8_t> convertUint32(uint32_t address) {
BOOST_STATIC_ASSERT(sizeof(uint32_t) == IPV4_SIZE);
......@@ -54,7 +55,7 @@ struct GeneralAddress {
// Convenience constructor for V4 address. As it is not marked as explicit,
// it allows the automatic promotion of a uint32_t to a GeneralAddress data
// type in calls to matches().
GeneralAddress(uint32_t address) : addr()
GeneralAddress(uint32_t address) : family(AF_INET), addr()
{
addr = convertUint32(address);
}
......@@ -62,9 +63,9 @@ struct GeneralAddress {
// Convenience constructor for V6 address. As it is not marked as explicit,
// it allows the automatic promotion of a vector<uint8_t> to a
// GeneralAddress data type in calls to matches().
GeneralAddress(const vector<uint8_t>& address) : addr(address)
GeneralAddress(const vector<uint8_t>& address) : family(AF_INET6),
addr(address)
{
// Implicit assertion here that an IPV6 address size is 16 bytes
if (address.size() != IPV6_SIZE) {
isc_throw(isc::InvalidParameter, "vector passed to GeneralAddress "
"constructor is " << address.size() << " bytes long - it "
......@@ -77,7 +78,7 @@ struct GeneralAddress {
// Check that the IPV4 address is the same as that given.
bool equals(uint32_t address) {
if (addr.size() == IPV4_SIZE) {
if (family == AF_INET) {
const vector<uint8_t> byte_address = convertUint32(address);
return (equal(byte_address.begin(), byte_address.end(),
addr.begin()));
......@@ -85,7 +86,7 @@ struct GeneralAddress {
return (false);
}
// Check that the array is equal to that given
// Check that the array is equal to that given.
bool equals(const vector<uint8_t>& byte_address) {
if (addr.size() == byte_address.size()) {
return (equal(byte_address.begin(), byte_address.end(),
......@@ -102,8 +103,7 @@ namespace isc {
namespace acl {
template <>
bool IPCheck<GeneralAddress>::matches(const GeneralAddress& address) const {
return (compare(&address.addr[0],
(address.addr.size() == IPV4_SIZE) ? AF_INET : AF_INET6));
return (compare(&address.addr[0], address.family));
}
} // namespace acl
} // namespace isc
......@@ -113,27 +113,14 @@ bool IPCheck<GeneralAddress>::matches(const GeneralAddress& address) const {
// Test the createMask() function.
TEST(IPFunctionCheck, CreateMask) {
// 8-bit tests: invalid arguments should throw.
EXPECT_THROW(createMask<uint8_t>(9), isc::OutOfRange);
// Invalid arguments should throw.
EXPECT_THROW(createMask(9), isc::OutOfRange);
// Check on all possible 8-bit values. Use a signed type to generate a
// variable with the most significant bits set (right-shifting will
// introduce additional bits).
int8_t expected8 = 0x80;
for (size_t i = 1; i <= 8; ++i, expected8 >>= 1) {
EXPECT_EQ(static_cast<uint8_t>(expected8), createMask<uint8_t>(i));
// Check on all possible 8-bit values.
uint16_t expected = 0xff00;
for (size_t i = 0; i <= 8; ++i, expected >>= 1) {
EXPECT_EQ(static_cast<uint8_t>(expected & 0xff), createMask(i));
}
EXPECT_EQ(0, createMask<uint8_t>(0));
// Do the same for 32 bits.
EXPECT_THROW(createMask<int32_t>(33), isc::OutOfRange);
int32_t expected32 = 0x80000000;
for (size_t i = 1; i <= 32; ++i, expected32 >>= 1) {
EXPECT_EQ(static_cast<uint32_t>(expected32),
createMask<uint32_t>(i));
}
EXPECT_EQ(0, createMask<uint32_t>(0));
}
// Test the splitIPAddress() function.
......@@ -152,6 +139,10 @@ TEST(IPFunctionCheck, SplitIPAddress) {
EXPECT_EQ(string("2001:db8::"), result.first);
EXPECT_EQ(128, result.second);
result = splitIPAddress(" 2001:db8::1/127 ");
EXPECT_EQ(string("2001:db8::1"), result.first);
EXPECT_EQ(127, result.second);
result = splitIPAddress("192.0.2.1/0");
EXPECT_EQ(string("192.0.2.1"), result.first);
EXPECT_EQ(0, result.second);
......@@ -167,15 +158,17 @@ TEST(IPFunctionCheck, SplitIPAddress) {
EXPECT_THROW(splitIPAddress(" 1/ "), isc::InvalidParameter);
}
// *** IPV4 Tests ***
// *** IPv4 Tests ***
TEST(IPCheck, V4StringConstructor) {
// Constructor with no mask given
// Constructor with no prefix length given (32 is assumed).
IPCheck<GeneralAddress> acl1("192.0.2.255");
EXPECT_EQ(32, acl1.getPrefixlen());
EXPECT_EQ(AF_INET, acl1.getFamily());
vector<uint8_t> stored1 = acl1.getAddress();
EXPECT_EQ(IPV4_SIZE, stored1.size());
GeneralAddress expected1(0xc00002ff);
EXPECT_TRUE(expected1.equals(stored1));
......@@ -185,16 +178,45 @@ TEST(IPCheck, V4StringConstructor) {
EXPECT_EQ(AF_INET, acl2.getFamily());
vector<uint8_t> stored2 = acl2.getAddress();
EXPECT_EQ(IPV4_SIZE, stored2.size());
GeneralAddress expected2(0xc0000200);
EXPECT_TRUE(expected2.equals(stored2));
// Any match
IPCheck<GeneralAddress> acl3("any4");
// More valid masks
IPCheck<GeneralAddress> acl3("192.0.2.1/0");
EXPECT_EQ(0, acl3.getPrefixlen());
EXPECT_EQ(AF_INET, acl3.getFamily());
vector<uint8_t> stored3 = acl3.getAddress();
EXPECT_EQ(IPV4_SIZE, stored3.size());
GeneralAddress expected3(0xc0000201);
EXPECT_TRUE(expected3.equals(stored3));
IPCheck<GeneralAddress> acl4("192.0.2.2/32");
EXPECT_EQ(32, acl4.getPrefixlen());
EXPECT_EQ(AF_INET, acl4.getFamily());
vector<uint8_t> stored4 = acl4.getAddress();
EXPECT_EQ(IPV4_SIZE, stored4.size());
GeneralAddress expected4(0xc0000202);
EXPECT_TRUE(expected4.equals(stored4));
// Any match
IPCheck<GeneralAddress> acl5("any4");
EXPECT_EQ(0, acl5.getPrefixlen());
EXPECT_EQ(AF_INET, acl5.getFamily());
vector<uint8_t> stored5 = acl5.getAddress();
EXPECT_EQ(IPV4_SIZE, stored5.size());
GeneralAddress expected5(0);
EXPECT_TRUE(expected5.equals(stored5));
// Invalid prefix lengths
EXPECT_THROW(IPCheck<GeneralAddress>("192.0.2.0/33"), isc::OutOfRange);
// ... and invalid strings
EXPECT_THROW(IPCheck<GeneralAddress>("192.0.2.0/-1"),
isc::InvalidParameter);
EXPECT_THROW(IPCheck<GeneralAddress>("192.0.2.0/24/3"),
isc::InvalidParameter);
EXPECT_THROW(IPCheck<GeneralAddress>("192.0.2.0/ww"),
......@@ -244,10 +266,6 @@ TEST(IPCheck, V4AssignmentOperator) {
// internal compare() code. (Also note that the argument to matches() will be
// automatically converted to the GeneralAddress data type used for the tests
// because of its constructor taking a uint32_t argument.
//
// As before, note that addresses passed to the class are expected to be in
// network-byte order. Therefore for the comparisons to work as expected, we
// must convert the values to network-byte order first.
TEST(IPCheck, V4Compare) {
// Exact address - match if given address matches stored address.
......@@ -280,6 +298,14 @@ TEST(IPCheck, V4Compare) {
EXPECT_TRUE(acl4.matches(0xc00002de));
EXPECT_TRUE(acl4.matches(0xd00002fe));
EXPECT_TRUE(acl4.matches(0x13457f13));
IPCheck<GeneralAddress> acl5("192.0.2.255/0");
EXPECT_TRUE(acl5.matches(0xc00002ff));
EXPECT_TRUE(acl5.matches(0xc00002fe));
EXPECT_TRUE(acl5.matches(0xc00002ee));
EXPECT_TRUE(acl5.matches(0xc00002de));
EXPECT_TRUE(acl5.matches(0xd00002fe));
EXPECT_TRUE(acl5.matches(0x13457f13));
}
// *** IPV6 Tests ***
......@@ -302,47 +328,50 @@ const uint8_t V6ADDR_2[] = {
// Identical to V6ADDR_2 to 48 bits
const uint8_t V6ADDR_2_48[] = {
0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x55, 0x66,
0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0xff, 0x66,
0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
// Identical to V6ADDR_2 to 52 bits
const uint8_t V6ADDR_2_52[] = {
0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x05, 0x66,
// Identical to V6ADDR_2 to 49 bits
const uint8_t V6ADDR_2_49[] = {
0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x7f, 0x66,
0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
const char* V6ADDR_3_STRING = "::1";
const uint8_t V6ADDR_3[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
// Identical to V6ADDR_2 to 50 bits
const uint8_t V6ADDR_2_50[] = {
0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x3f, 0x66,
0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
// Mask with MS bit set
const uint8_t MASK_1[] = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
// Identical to V6ADDR_2 to 51 bits
const uint8_t V6ADDR_2_51[] = {
0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x1f, 0x66,
0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
const uint8_t MASK_8[] = {
0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
// Identical to V6ADDR_2 to 51 bits
const uint8_t V6ADDR_2_52[] = {
0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x0f, 0x66,
0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xef
};
const uint8_t MASK_48[] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
// Identical to V6ADDR_2 to 127 bits
const uint8_t V6ADDR_2_127[] = {
0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xde, 0xad, 0xbe, 0xee
};
const uint8_t MASK_51[] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
const char* V6ADDR_3_STRING = "::1";
const uint8_t V6ADDR_3[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
};
const uint8_t MASK_128[] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
const char* V6ADDR_4_STRING = "::";
const uint8_t V6ADDR_4[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
} // Anonymous namespace
......@@ -350,30 +379,51 @@ const uint8_t MASK_128[] = {
TEST(IPCheck, V6StringConstructor) {
IPCheck<GeneralAddress> acl1(V6ADDR_1_STRING);
vector<uint8_t> address = acl1.getAddress();
EXPECT_EQ(128, acl1.getPrefixlen());
EXPECT_EQ(AF_INET6, acl1.getFamily());
EXPECT_EQ(IPV6_SIZE, address.size());
EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_1));
IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/48"));
IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/51"));
address = acl2.getAddress();
EXPECT_EQ(48, acl2.getPrefixlen());
EXPECT_EQ(IPV6_SIZE, address.size());
EXPECT_EQ(51, acl2.getPrefixlen());
EXPECT_EQ(AF_INET6, acl2.getFamily());
EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_2));
IPCheck<GeneralAddress> acl3("::1");
IPCheck<GeneralAddress> acl3(string(V6ADDR_2_STRING) + string("/127"));
address = acl3.getAddress();
EXPECT_EQ(128, acl3.getPrefixlen());
EXPECT_EQ(IPV6_SIZE, address.size());
EXPECT_EQ(127, acl3.getPrefixlen());
EXPECT_EQ(AF_INET6, acl3.getFamily());
EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_3));
EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_2));
// Any match
IPCheck<GeneralAddress> acl4("any6");
EXPECT_EQ(0, acl4.getPrefixlen());
IPCheck<GeneralAddress> acl4("::1");
address = acl4.getAddress();
EXPECT_EQ(IPV6_SIZE, address.size());
EXPECT_EQ(128, acl4.getPrefixlen());
EXPECT_EQ(AF_INET6, acl4.getFamily());
EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_3));
EXPECT_NO_THROW(IPCheck<GeneralAddress>("::1/0"));
// Any match. In these cases, the address should all be zeroes.
IPCheck<GeneralAddress> acl5("any6");
address = acl5.getAddress();
EXPECT_EQ(IPV6_SIZE, address.size());
EXPECT_EQ(0, acl5.getPrefixlen());
EXPECT_EQ(AF_INET6, acl5.getFamily());
EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_4));
IPCheck<GeneralAddress> acl6("::/0");
address = acl6.getAddress();
EXPECT_EQ(0, acl6.getPrefixlen());
EXPECT_EQ(AF_INET6, acl6.getFamily());
EXPECT_TRUE(equal(address.begin(), address.end(), V6ADDR_4));
// Some invalid strings
EXPECT_THROW(IPCheck<GeneralAddress>("::1/129"), isc::OutOfRange);
EXPECT_THROW(IPCheck<GeneralAddress>("::1/24/3"), isc::InvalidParameter);
EXPECT_THROW(IPCheck<GeneralAddress>(":::1/24"), isc::InvalidParameter);
EXPECT_THROW(IPCheck<GeneralAddress>("2001:0db8::abcd/ww"),
isc::InvalidParameter);
EXPECT_THROW(IPCheck<GeneralAddress>("2xx1:0db8::abcd/32"),
......@@ -426,37 +476,86 @@ TEST(IPCheck, V6AssignmentOperator) {
TEST(IPCheck, V6Compare) {
// Set up some data.
vector<uint8_t> v6addr_2(V6ADDR_2, V6ADDR_2 + sizeof(V6ADDR_2));
vector<uint8_t> v6addr_2_48(V6ADDR_2_48, V6ADDR_2_48 + sizeof(V6ADDR_2_48));
vector<uint8_t> v6addr_2_52(V6ADDR_2_52, V6ADDR_2_52 + sizeof(V6ADDR_2_52));
vector<uint8_t> v6addr_3(V6ADDR_3, V6ADDR_3 + sizeof(V6ADDR_3));
vector<uint8_t> v6addr_2(V6ADDR_2, V6ADDR_2 + IPV6_SIZE);
vector<uint8_t> v6addr_2_48(V6ADDR_2_48, V6ADDR_2_48 + IPV6_SIZE);
vector<uint8_t> v6addr_2_49(V6ADDR_2_49, V6ADDR_2_49 + IPV6_SIZE);
vector<uint8_t> v6addr_2_50(V6ADDR_2_50, V6ADDR_2_50 + IPV6_SIZE);
vector<uint8_t> v6addr_2_51(V6ADDR_2_51, V6ADDR_2_51 + IPV6_SIZE);
vector<uint8_t> v6addr_2_52(V6ADDR_2_52, V6ADDR_2_52 + IPV6_SIZE);
vector<uint8_t> v6addr_2_127(V6ADDR_2_127, V6ADDR_2_127 + IPV6_SIZE);
vector<uint8_t> v6addr_3(V6ADDR_3, V6ADDR_3 + IPV6_SIZE);
// Exact address - match if given address matches stored address.
IPCheck<GeneralAddress> acl1(string(V6ADDR_2_STRING) + string("/128"));
EXPECT_TRUE(acl1.matches(v6addr_2));
EXPECT_FALSE(acl1.matches(v6addr_2_127));
EXPECT_FALSE(acl1.matches(v6addr_2_52));
EXPECT_FALSE(acl1.matches(v6addr_2_51));
EXPECT_FALSE(acl1.matches(v6addr_2_50));
EXPECT_FALSE(acl1.matches(v6addr_2_49));
EXPECT_FALSE(acl1.matches(v6addr_2_48));
EXPECT_FALSE(acl1.matches(v6addr_3));
// Match if the address matches a mask
IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/52"));
// Match to various prefixes.
IPCheck<GeneralAddress> acl2(string(V6ADDR_2_STRING) + string("/127"));
EXPECT_TRUE(acl2.matches(v6addr_2));
EXPECT_TRUE(acl2.matches(v6addr_2_52));
EXPECT_TRUE(acl2.matches(v6addr_2_127));
EXPECT_FALSE(acl2.matches(v6addr_2_52));
EXPECT_FALSE(acl2.matches(v6addr_2_51));
EXPECT_FALSE(acl2.matches(v6addr_2_50));
EXPECT_FALSE(acl2.matches(v6addr_2_49));
EXPECT_FALSE(acl2.matches(v6addr_2_48));
EXPECT_FALSE(acl2.matches(v6addr_3));
// Match on any address
IPCheck<GeneralAddress> acl3("any6");
IPCheck<GeneralAddress> acl3(string(V6ADDR_2_STRING) + string("/52"));
EXPECT_TRUE(acl3.matches(v6addr_2));
EXPECT_TRUE(acl3.matches(v6addr_2_127));
EXPECT_TRUE(acl3.matches(v6addr_2_52));
EXPECT_TRUE(acl3.matches(v6addr_2_48));
EXPECT_TRUE(acl3.matches(v6addr_3));
EXPECT_FALSE(acl3.matches(v6addr_2_51));
EXPECT_FALSE(acl3.matches(v6addr_2_50));
EXPECT_FALSE(acl3.matches(v6addr_2_49));
EXPECT_FALSE(acl3.matches(v6addr_2_48));
EXPECT_FALSE(acl3.matches(v6addr_3));
IPCheck<GeneralAddress> acl4(string(V6ADDR_1_STRING) + string("/0"));
IPCheck<GeneralAddress> acl4(string(V6ADDR_2_STRING) + string("/51"));
EXPECT_TRUE(acl4.matches(v6addr_2));
EXPECT_TRUE(acl4.matches(v6addr_2_127));
EXPECT_TRUE(acl4.matches(v6addr_2_52));
EXPECT_TRUE(acl4.matches(v6addr_2_48));
EXPECT_TRUE(acl4.matches(v6addr_3));
EXPECT_TRUE(acl4.matches(v6addr_2_51));
EXPECT_FALSE(acl4.matches(v6addr_2_50));
EXPECT_FALSE(acl4.matches(v6addr_2_49));
EXPECT_FALSE(acl4.matches(v6addr_2_48));
EXPECT_FALSE(acl4.matches(v6addr_3));
IPCheck<GeneralAddress> acl5(string(V6ADDR_2_STRING) + string("/50"));
EXPECT_TRUE(acl5.matches(v6addr_2));
EXPECT_TRUE(acl5.matches(v6addr_2_127));
EXPECT_TRUE(acl5.matches(v6addr_2_52));
EXPECT_TRUE(acl5.matches(v6addr_2_51));
EXPECT_TRUE(acl5.matches(v6addr_2_50));
EXPECT_FALSE(acl5.matches(v6addr_2_49));
EXPECT_FALSE(acl5.matches(v6addr_2_48));
EXPECT_FALSE(acl5.matches(v6addr_3));
IPCheck<GeneralAddress> acl6(string(V6ADDR_2_STRING) + string("/0"));
EXPECT_TRUE(acl6.matches(v6addr_2));
EXPECT_TRUE(acl6.matches(v6addr_2_127));
EXPECT_TRUE(acl6.matches(v6addr_2_52));
EXPECT_TRUE(acl6.matches(v6addr_2_51));
EXPECT_TRUE(acl6.matches(v6addr_2_50));
EXPECT_TRUE(acl6.matches(v6addr_2_49));
EXPECT_TRUE(acl6.matches(v6addr_2_48));
EXPECT_TRUE(acl6.matches(v6addr_3));
// Match on any address
IPCheck<GeneralAddress> acl7("any6");
EXPECT_TRUE(acl7.matches(v6addr_2));
EXPECT_TRUE(acl7.matches(v6addr_2_127));
EXPECT_TRUE(acl7.matches(v6addr_2_52));
EXPECT_TRUE(acl7.matches(v6addr_2_51));
EXPECT_TRUE(acl7.matches(v6addr_2_50));
EXPECT_TRUE(acl7.matches(v6addr_2_49));
EXPECT_TRUE(acl7.matches(v6addr_2_48));
}
// *** Mixed-mode tests - mainly to check that no exception is thrown ***
......@@ -465,14 +564,13 @@ TEST(IPCheck, MixedMode) {
// ACL has a V4 address specified, check against a V6 address.
IPCheck<GeneralAddress> acl1("192.0.2.255/24");
GeneralAddress test1(vector<uint8_t>(V6ADDR_1, V6ADDR_1 + sizeof(V6ADDR_1)));
GeneralAddress test1(vector<uint8_t>(V6ADDR_1, V6ADDR_1 + IPV6_SIZE));
EXPECT_NO_THROW(acl1.matches(test1));
EXPECT_FALSE(acl1.matches(test1));
// Now the reverse - the ACL is specified with a V6 address.
IPCheck<GeneralAddress> acl2(V6ADDR_2_STRING);
GeneralAddress test2(0x12345678);
EXPECT_NO_THROW(acl2.matches(test2));
EXPECT_FALSE(acl2.matches(test2));
// Ensure only a V4 address matches "any4".
......@@ -484,5 +582,17 @@ TEST(IPCheck, MixedMode) {
IPCheck<GeneralAddress> acl4("any6");
EXPECT_TRUE(acl4.matches(test1));
EXPECT_FALSE(acl4.matches(test2));
// Check where the bit pattern of an IPv4 address matches that of an IPv6
// one. 2001:db8.
IPCheck<GeneralAddress> acl5("2001:db8::/32");
GeneralAddress test5(0x20010db8);
EXPECT_FALSE(acl5.matches(test5));
// ... and where the reverse is true. (2001:db8 corresponds to 32.1.13.184).
// (To get the bytes for the IPv6 address into a GeneralAddress structure,
IPCheck<GeneralAddress> acl6("32.1.13.184");
GeneralAddress test6(vector<uint8_t>(V6ADDR_1, V6ADDR_1 + IPV6_SIZE));
EXPECT_FALSE(acl6.matches(test6));
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment