Page Menu
Home
ClusterLabs Projects
Search
Configure Global Search
Log In
Files
F3152105
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
53 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c
index 642027be..9310f212 100644
--- a/libknet/links_acl_ip.c
+++ b/libknet/links_acl_ip.c
@@ -1,305 +1,305 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
*
* Author: Christine Caulfield <ccaulfie@redhat.com>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "internals.h"
#include "logging.h"
#include "transports.h"
#include "links_acl.h"
#include "links_acl_ip.h"
struct ip_acl_match_entry {
check_type_t type;
check_acceptreject_t acceptreject;
struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */
struct sockaddr_storage addr2; /* high IP address or address bitmask */
struct ip_acl_match_entry *next;
};
/*
* s6_addr32 is not defined in BSD userland, only kernel.
* definition is the same as linux and it works fine for
* what we need.
*/
#ifndef s6_addr32
#define s6_addr32 __u6_addr.__u6_addr32
#endif
/*
* IPv4 See if the address we have matches the current match entry
*/
static int ip_matches_v4(struct sockaddr_storage *checkip, struct ip_acl_match_entry *match_entry)
{
struct sockaddr_in *ip_to_check;
struct sockaddr_in *match1;
struct sockaddr_in *match2;
ip_to_check = (struct sockaddr_in *)checkip;
match1 = (struct sockaddr_in *)&match_entry->addr1;
match2 = (struct sockaddr_in *)&match_entry->addr2;
switch(match_entry->type) {
case CHECK_TYPE_ADDRESS:
if (ip_to_check->sin_addr.s_addr == match1->sin_addr.s_addr)
return 1;
break;
case CHECK_TYPE_MASK:
if ((ip_to_check->sin_addr.s_addr & match2->sin_addr.s_addr) ==
match1->sin_addr.s_addr)
return 1;
break;
case CHECK_TYPE_RANGE:
if ((ntohl(ip_to_check->sin_addr.s_addr) >= ntohl(match1->sin_addr.s_addr)) &&
(ntohl(ip_to_check->sin_addr.s_addr) <= ntohl(match2->sin_addr.s_addr)))
return 1;
break;
}
return 0;
}
/*
* Compare two IPv6 addresses
*/
static int ip6addr_cmp(struct in6_addr *a, struct in6_addr *b)
{
uint64_t a_high, a_low;
uint64_t b_high, b_low;
a_high = ((uint64_t)htonl(a->s6_addr32[0]) << 32) | (uint64_t)htonl(a->s6_addr32[1]);
a_low = ((uint64_t)htonl(a->s6_addr32[2]) << 32) | (uint64_t)htonl(a->s6_addr32[3]);
b_high = ((uint64_t)htonl(b->s6_addr32[0]) << 32) | (uint64_t)htonl(b->s6_addr32[1]);
b_low = ((uint64_t)htonl(b->s6_addr32[2]) << 32) | (uint64_t)htonl(b->s6_addr32[3]);
if (a_high > b_high)
return 1;
if (a_high < b_high)
return -1;
if (a_low > b_low)
return 1;
if (a_low < b_low)
return -1;
return 0;
}
/*
* IPv6 See if the address we have matches the current match entry
*/
static int ip_matches_v6(struct sockaddr_storage *checkip, struct ip_acl_match_entry *match_entry)
{
struct sockaddr_in6 *ip_to_check;
struct sockaddr_in6 *match1;
struct sockaddr_in6 *match2;
int i;
ip_to_check = (struct sockaddr_in6 *)checkip;
match1 = (struct sockaddr_in6 *)&match_entry->addr1;
match2 = (struct sockaddr_in6 *)&match_entry->addr2;
switch(match_entry->type) {
case CHECK_TYPE_ADDRESS:
if (!memcmp(ip_to_check->sin6_addr.s6_addr32, match1->sin6_addr.s6_addr32, sizeof(struct in6_addr)))
return 1;
break;
case CHECK_TYPE_MASK:
/*
* Note that this little loop will quit early if there is a non-match so the
* comparison might look backwards compared to the IPv4 one
*/
for (i=sizeof(struct in6_addr)/4-1; i>=0; i--) {
if ((ip_to_check->sin6_addr.s6_addr32[i] & match2->sin6_addr.s6_addr32[i]) !=
match1->sin6_addr.s6_addr32[i])
return 0;
}
return 1;
case CHECK_TYPE_RANGE:
if ((ip6addr_cmp(&ip_to_check->sin6_addr, &match1->sin6_addr) >= 0) &&
(ip6addr_cmp(&ip_to_check->sin6_addr, &match2->sin6_addr) <= 0))
return 1;
break;
}
return 0;
}
int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip)
{
struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
struct ip_acl_match_entry *match_entry = *match_entry_head;
int (*match_fn)(struct sockaddr_storage *checkip, struct ip_acl_match_entry *match_entry);
if (checkip->ss_family == AF_INET){
match_fn = ip_matches_v4;
} else {
match_fn = ip_matches_v6;
}
while (match_entry) {
if (match_fn(checkip, match_entry)) {
if (match_entry->acceptreject == CHECK_ACCEPT)
return 1;
else
return 0;
}
match_entry = match_entry->next;
}
return 0; /* Default reject */
}
/*
* Routines to manuipulate access lists
*/
void ipcheck_rmall(void *fd_tracker_match_entry_head)
{
struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
struct ip_acl_match_entry *next_match_entry;
struct ip_acl_match_entry *match_entry = *match_entry_head;
while (match_entry) {
next_match_entry = match_entry->next;
free(match_entry);
match_entry = next_match_entry;
}
*match_entry_head = NULL;
}
static struct ip_acl_match_entry *ipcheck_findmatch(struct ip_acl_match_entry **match_entry_head,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject)
{
struct ip_acl_match_entry *match_entry = *match_entry_head;
while (match_entry) {
if ((!memcmp(&match_entry->addr1, ss1, sizeof(struct sockaddr_storage))) &&
(!memcmp(&match_entry->addr2, ss2, sizeof(struct sockaddr_storage))) &&
(match_entry->type == type) &&
(match_entry->acceptreject == acceptreject)) {
return match_entry;
}
match_entry = match_entry->next;
}
return NULL;
}
int ipcheck_rmip(void *fd_tracker_match_entry_head,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject)
{
struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
struct ip_acl_match_entry *next_match_entry = NULL;
struct ip_acl_match_entry *rm_match_entry;
struct ip_acl_match_entry *match_entry = *match_entry_head;
rm_match_entry = ipcheck_findmatch(match_entry_head, ss1, ss2, type, acceptreject);
if (!rm_match_entry) {
errno = ENOENT;
return -1;
}
while (match_entry) {
next_match_entry = match_entry->next;
/*
* we are removing the list head, be careful
*/
if (rm_match_entry == match_entry) {
*match_entry_head = next_match_entry;
free(match_entry);
break;
}
/*
* the next one is the one we need to remove
*/
if (rm_match_entry == next_match_entry) {
match_entry->next = next_match_entry->next;
free(next_match_entry);
break;
}
match_entry = next_match_entry;
}
return 0;
}
int ipcheck_addip(void *fd_tracker_match_entry_head, int index,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject)
{
struct ip_acl_match_entry **match_entry_head = (struct ip_acl_match_entry **)fd_tracker_match_entry_head;
struct ip_acl_match_entry *new_match_entry;
struct ip_acl_match_entry *match_entry = *match_entry_head;
int i = 0;
if (ipcheck_findmatch(match_entry_head, ss1, ss2, type, acceptreject) != NULL) {
errno = EEXIST;
return -1;
}
new_match_entry = malloc(sizeof(struct ip_acl_match_entry));
if (!new_match_entry) {
return -1;
}
memmove(&new_match_entry->addr1, ss1, sizeof(struct sockaddr_storage));
memmove(&new_match_entry->addr2, ss2, sizeof(struct sockaddr_storage));
new_match_entry->type = type;
new_match_entry->acceptreject = acceptreject;
new_match_entry->next = NULL;
if (match_entry) {
/*
* special case for index 0, since we need to update
* the head of the list
*/
if (index == 0) {
*match_entry_head = new_match_entry;
new_match_entry->next = match_entry;
} else {
/*
* find the end of the list or stop at "index"
*/
while ((match_entry->next) || (i < index)) {
match_entry = match_entry->next;
i++;
}
/*
* insert if there are more entries in the list
*/
if (match_entry->next) {
new_match_entry->next = match_entry->next;
}
/*
* add if we are at the end
*/
match_entry->next = new_match_entry;
}
} else {
/*
* first entry in the list
*/
*match_entry_head = new_match_entry;
}
return 0;
}
diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h
index fac58e21..b33ffb1e 100644
--- a/libknet/links_acl_ip.h
+++ b/libknet/links_acl_ip.h
@@ -1,27 +1,27 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
*
* Author: Christine Caulfield <ccaulfie@redhat.com>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#ifndef __KNET_LINKS_ACL_IP_H__
#define __KNET_LINKS_ACL_IP_H__
#include "internals.h"
#include "links_acl.h"
int ipcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
int ipcheck_addip(void *fd_tracker_match_entry_head, int index,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject);
int ipcheck_rmip(void *fd_tracker_match_entry_head,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject);
void ipcheck_rmall(void *fd_tracker_match_entry_head);
#endif
diff --git a/libknet/links_acl_loopback.c b/libknet/links_acl_loopback.c
index 97f8198f..044a51cb 100644
--- a/libknet/links_acl_loopback.c
+++ b/libknet/links_acl_loopback.c
@@ -1,41 +1,41 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
*
* Author: Christine Caulfield <ccaulfie@redhat.com>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include "internals.h"
#include "logging.h"
#include "transports.h"
#include "links_acl.h"
#include "links_acl_loopback.h"
int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip)
{
return 1;
}
void loopbackcheck_rmall(void *fd_tracker_match_entry_head)
{
return;
}
int loopbackcheck_rm(void *fd_tracker_match_entry_head,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject)
{
return 0;
}
int loopbackcheck_add(void *fd_tracker_match_entry_head, int index,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject)
{
return 0;
}
diff --git a/libknet/links_acl_loopback.h b/libknet/links_acl_loopback.h
index e75c4a4d..b51d2bfd 100644
--- a/libknet/links_acl_loopback.h
+++ b/libknet/links_acl_loopback.h
@@ -1,27 +1,27 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
*
* Author: Christine Caulfield <ccaulfie@redhat.com>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#ifndef __KNET_LINKS_ACL_LOOPBACK_H__
#define __KNET_LINKS_ACL_LOOPBACK_H__
#include "internals.h"
#include "links_acl.h"
int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
int loopbackcheck_add(void *fd_tracker_match_entry_head, int index,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject);
int loopbackcheck_rm(void *fd_tracker_match_entry_head,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject);
void loopbackcheck_rmall(void *fd_tracker_match_entry_head);
#endif
diff --git a/libknet/tests/api_knet_handle_enable_access_lists.c b/libknet/tests/api_knet_handle_enable_access_lists.c
index fc3bcc19..d08f175e 100644
--- a/libknet/tests/api_knet_handle_enable_access_lists.c
+++ b/libknet/tests/api_knet_handle_enable_access_lists.c
@@ -1,100 +1,100 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
*
* Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "libknet.h"
#include "internals.h"
#include "test-common.h"
static void test(void)
{
knet_handle_t knet_h;
int logfds[2];
printf("Test knet_handle_enable_access_lists with invalid knet_h\n");
if ((!knet_handle_enable_access_lists(NULL, 0)) || (errno != EINVAL)) {
printf("knet_handle_enable_access_lists accepted invalid knet_h parameter\n");
exit(FAIL);
}
setup_logpipes(logfds);
printf("Test knet_handle_enable_access_lists with invalid param (2) \n");
knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
if ((!knet_handle_enable_access_lists(knet_h, 2)) || (errno != EINVAL)) {
printf("knet_handle_enable_access_lists accepted invalid param for enabled: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_enable_access_lists with valid param (1) \n");
if (knet_handle_enable_access_lists(knet_h, 1) < 0) {
printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_h->use_access_lists != 1) {
printf("knet_handle_enable_access_lists failed to set correct value");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_enable_access_lists with valid param (0) \n");
if (knet_handle_enable_access_lists(knet_h, 0) < 0) {
printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_h->use_access_lists != 0) {
printf("knet_handle_enable_access_lists failed to set correct value");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
}
int main(int argc, char *argv[])
{
test();
return PASS;
}
diff --git a/libknet/tests/api_knet_link_add_acl.c b/libknet/tests/api_knet_link_add_acl.c
index b0181652..ff7a2e21 100644
--- a/libknet/tests/api_knet_link_add_acl.c
+++ b/libknet/tests/api_knet_link_add_acl.c
@@ -1,246 +1,246 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
*
* Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <inttypes.h>
#include "libknet.h"
#include "internals.h"
#include "netutils.h"
#include "test-common.h"
static void test(void)
{
knet_handle_t knet_h;
int logfds[2];
struct knet_host *host;
struct knet_link *link;
struct sockaddr_storage lo, lo6;
if (make_local_sockaddr(&lo, 0) < 0) {
printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
exit(FAIL);
}
if (make_local_sockaddr6(&lo6, 0) < 0) {
printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
exit(FAIL);
}
printf("Test knet_link_add_acl incorrect knet_h\n");
if ((!knet_link_add_acl(NULL, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
exit(FAIL);
}
setup_logpipes(logfds);
knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
printf("Test knet_link_add_acl with unconfigured host\n");
if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_add_acl with unconfigured link\n");
if (knet_host_add(knet_h, 1) < 0) {
printf("knet_host_add failed: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_add_acl with invalid link\n");
if ((!knet_link_add_acl(knet_h, 1, KNET_MAX_LINK, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_add_acl with invalid ss1\n");
if ((!knet_link_add_acl(knet_h, 1, 0, NULL, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted invalid ss1 or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_add_acl with invalid ss2\n");
if ((!knet_link_add_acl(knet_h, 1, 0, &lo, NULL, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted invalid ss2 or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_add_acl with non matching families\n");
if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo6, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted non matching families or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_add_acl with wrong check_type\n");
if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_RANGE + CHECK_TYPE_MASK + CHECK_TYPE_ADDRESS + 1, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_add_acl with wrong acceptreject\n");
if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT + CHECK_REJECT + 1)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_add_acl with point to point link\n");
if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
printf("Unable to configure link: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if ((!knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_add_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_link_clear_config(knet_h, 1, 0);
printf("Test knet_link_add_acl with dynamic link\n");
if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
printf("Unable to configure link: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
host = knet_h->host_index[1];
link = &host->link[0];
if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
printf("match list not empty!");
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
printf("knet_link_add_acl did not accept dynamic link error: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
printf("match list empty!");
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
}
int main(int argc, char *argv[])
{
test();
return PASS;
}
diff --git a/libknet/tests/api_knet_link_clear_acl.c b/libknet/tests/api_knet_link_clear_acl.c
index 78b7d79e..234a76b6 100644
--- a/libknet/tests/api_knet_link_clear_acl.c
+++ b/libknet/tests/api_knet_link_clear_acl.c
@@ -1,196 +1,196 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
*
* Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <inttypes.h>
#include "libknet.h"
#include "internals.h"
#include "netutils.h"
#include "test-common.h"
static void test(void)
{
knet_handle_t knet_h;
int logfds[2];
struct knet_host *host;
struct knet_link *link;
struct sockaddr_storage lo;
if (make_local_sockaddr(&lo, 0) < 0) {
printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
exit(FAIL);
}
printf("Test knet_link_clear_acl incorrect knet_h\n");
if ((!knet_link_clear_acl(NULL, 1, 0)) || (errno != EINVAL)) {
printf("knet_link_clear_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
exit(FAIL);
}
setup_logpipes(logfds);
knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
printf("Test knet_link_clear_acl with unconfigured host\n");
if ((!knet_link_clear_acl(knet_h, 1, 0)) || (errno != EINVAL)) {
printf("knet_link_clear_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_clear_acl with unconfigured link\n");
if (knet_host_add(knet_h, 1) < 0) {
printf("knet_host_add failed: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if ((!knet_link_clear_acl(knet_h, 1, 0)) || (errno != EINVAL)) {
printf("knet_link_clear_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_clear_acl with invalid link\n");
if ((!knet_link_clear_acl(knet_h, 1, KNET_MAX_LINK)) || (errno != EINVAL)) {
printf("knet_link_clear_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_clear_acl with point to point link\n");
if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
printf("Unable to configure link: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if ((!knet_link_clear_acl(knet_h, 1, 0)) || (errno != EINVAL)) {
printf("knet_link_clear_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_link_clear_config(knet_h, 1, 0);
printf("Test knet_link_clear_acl with dynamic link\n");
if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
printf("Unable to configure link: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
host = knet_h->host_index[1];
link = &host->link[0];
if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
printf("match list NOT empty!");
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
printf("knet_link_clear_acl did not accept dynamic link error: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
printf("match list empty!");
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_link_clear_acl(knet_h, 1, 0) < 0) {
printf("knet_link_clear_acl failed to clear. error: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
printf("match list NOT empty!");
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
}
int main(int argc, char *argv[])
{
test();
return PASS;
}
diff --git a/libknet/tests/api_knet_link_insert_acl.c b/libknet/tests/api_knet_link_insert_acl.c
index 547f92bb..79d04dfc 100644
--- a/libknet/tests/api_knet_link_insert_acl.c
+++ b/libknet/tests/api_knet_link_insert_acl.c
@@ -1,246 +1,246 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
*
* Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <inttypes.h>
#include "libknet.h"
#include "internals.h"
#include "netutils.h"
#include "test-common.h"
static void test(void)
{
knet_handle_t knet_h;
int logfds[2];
struct knet_host *host;
struct knet_link *link;
struct sockaddr_storage lo, lo6;
if (make_local_sockaddr(&lo, 0) < 0) {
printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
exit(FAIL);
}
if (make_local_sockaddr6(&lo6, 0) < 0) {
printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
exit(FAIL);
}
printf("Test knet_link_insert_acl incorrect knet_h\n");
if ((!knet_link_insert_acl(NULL, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
exit(FAIL);
}
setup_logpipes(logfds);
knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
printf("Test knet_link_insert_acl with unconfigured host\n");
if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_insert_acl with unconfigured link\n");
if (knet_host_add(knet_h, 1) < 0) {
printf("knet_host_add failed: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_insert_acl with invalid link\n");
if ((!knet_link_insert_acl(knet_h, 1, KNET_MAX_LINK, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_insert_acl with invalid ss1\n");
if ((!knet_link_insert_acl(knet_h, 1, 0, 0, NULL, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted invalid ss1 or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_insert_acl with invalid ss2\n");
if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, NULL, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted invalid ss2 or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_insert_acl with non matching families\n");
if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo6, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted non matching families or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_insert_acl with wrong check_type\n");
if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_RANGE + CHECK_TYPE_MASK + CHECK_TYPE_ADDRESS + 1, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_insert_acl with wrong acceptreject\n");
if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT + CHECK_REJECT + 1)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_insert_acl with point to point link\n");
if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
printf("Unable to configure link: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if ((!knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_insert_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_link_clear_config(knet_h, 1, 0);
printf("Test knet_link_insert_acl with dynamic link\n");
if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
printf("Unable to configure link: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
host = knet_h->host_index[1];
link = &host->link[0];
if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
printf("match list not empty!");
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_link_insert_acl(knet_h, 1, 0, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
printf("knet_link_insert_acl did not accept dynamic link error: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (!knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
printf("match list empty!");
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
}
int main(int argc, char *argv[])
{
test();
return PASS;
}
diff --git a/libknet/tests/api_knet_link_rm_acl.c b/libknet/tests/api_knet_link_rm_acl.c
index 49a82d97..d132c541 100644
--- a/libknet/tests/api_knet_link_rm_acl.c
+++ b/libknet/tests/api_knet_link_rm_acl.c
@@ -1,256 +1,256 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
*
* Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <inttypes.h>
#include "libknet.h"
#include "internals.h"
#include "netutils.h"
#include "test-common.h"
static void test(void)
{
knet_handle_t knet_h;
int logfds[2];
struct knet_host *host;
struct knet_link *link;
struct sockaddr_storage lo, lo6;
if (make_local_sockaddr(&lo, 0) < 0) {
printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
exit(FAIL);
}
if (make_local_sockaddr6(&lo6, 0) < 0) {
printf("Unable to convert loopback to sockaddr: %s\n", strerror(errno));
exit(FAIL);
}
printf("Test knet_link_rm_acl incorrect knet_h\n");
if ((!knet_link_rm_acl(NULL, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
exit(FAIL);
}
setup_logpipes(logfds);
knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
printf("Test knet_link_rm_acl with unconfigured host\n");
if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted unconfigured host or returned incorrect error: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_rm_acl with unconfigured link\n");
if (knet_host_add(knet_h, 1) < 0) {
printf("knet_host_add failed: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted unconfigured link or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_rm_acl with invalid link\n");
if ((!knet_link_rm_acl(knet_h, 1, KNET_MAX_LINK, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted invalid link or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_rm_acl with invalid ss1\n");
if ((!knet_link_rm_acl(knet_h, 1, 0, NULL, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted invalid ss1 or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_rm_acl with invalid ss2\n");
if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, NULL, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted invalid ss2 or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_rm_acl with non matching families\n");
if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo6, CHECK_TYPE_RANGE, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted non matching families or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_rm_acl with wrong check_type\n");
if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_RANGE + CHECK_TYPE_MASK + CHECK_TYPE_ADDRESS + 1, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_rm_acl with wrong acceptreject\n");
if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT + CHECK_REJECT + 1)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted incorrect check_type or returned incorrect error: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_link_rm_acl with point to point link\n");
if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, &lo, 0) < 0) {
printf("Unable to configure link: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if ((!knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT)) || (errno != EINVAL)) {
printf("knet_link_rm_acl accepted point ot point link or returned incorrect error: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_link_clear_config(knet_h, 1, 0);
printf("Test knet_link_rm_acl with dynamic link\n");
if (knet_link_set_config(knet_h, 1, 0, KNET_TRANSPORT_UDP, &lo, NULL, 0) < 0) {
printf("Unable to configure link: %s\n", strerror(errno));
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
host = knet_h->host_index[1];
link = &host->link[0];
if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
printf("match list not empty!");
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_link_add_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
printf("Failed to add an access list: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_link_rm_acl(knet_h, 1, 0, &lo, &lo, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
printf("knet_link_rm_acl did not accept dynamic link error: %s\n", strerror(errno));
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_h->knet_transport_fd_tracker[link->outsock].access_list_match_entry_head) {
printf("match list NOT empty!");
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_link_clear_config(knet_h, 1, 0);
knet_host_remove(knet_h, 1);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
}
int main(int argc, char *argv[])
{
test();
return PASS;
}
diff --git a/libknet/tests/int_links_acl_ip.c b/libknet/tests/int_links_acl_ip.c
index a7d2aed8..93dff638 100644
--- a/libknet/tests/int_links_acl_ip.c
+++ b/libknet/tests/int_links_acl_ip.c
@@ -1,399 +1,399 @@
/*
- * Copyright (C) 2016-2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019 Red Hat, Inc. All rights reserved.
*
* Author: Christine Caulfield <ccaulfie@redhat.com>
*
* This software licensed under GPL-2.0+, LGPL-2.0+
*/
#include "config.h"
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <errno.h>
#include "internals.h"
#include "links_acl.h"
#include "links_acl_ip.h"
#include "test-common.h"
static struct acl_match_entry *match_entry_v4;
static struct acl_match_entry *match_entry_v6;
/* This is a test program .. remember! */
#define BUFLEN 1024
static int get_ipaddress(const char *buf, struct sockaddr_storage *addr)
{
struct addrinfo *info;
struct addrinfo hints;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
if (getaddrinfo(buf, NULL, &hints, &info)) {
return -1;
}
memmove(addr, info->ai_addr, info->ai_addrlen);
freeaddrinfo(info);
return 0;
}
static int read_2ip(const char *buf, const char *delim, struct sockaddr_storage *addr, struct sockaddr_storage *addr2)
{
char tmpbuf[BUFLEN];
char *deli;
deli = strstr(buf, delim);
if (!deli) {
return -1;
}
strncpy(tmpbuf, buf, deli-buf);
tmpbuf[deli-buf] = '\0';
if (get_ipaddress(tmpbuf, addr)) {
return -1;
}
if (get_ipaddress(deli+1, addr2)) {
return -1;
}
return 0;
}
/*
* be aware that ordering is important
* so we can test all the rules with few
* ipcheck_validate calls
*/
const char *rules[100] = {
/*
* ipv4
*/
"RA192.168.0.3", /* reject address */
"AA192.168.0.1", /* accept address */
"RR192.168.0.10-192.168.0.20", /* reject range */
"AR192.168.0.0-192.168.0.255", /* accept range */
"RM192.168.2.0/255.255.255.0", /* reject mask */
"AM192.168.2.0/255.255.254.0", /* accept mask */
/*
* ipv6
*/
"RA3ffe::3",
"AA3ffe::1",
"RR3ffe::10-3ffe::20",
"AR3ffe::0-3ffe::ff",
"RM3ffe:1::0/ffff:ffff:ffff:ffff:ffff:ffff:ffff:0",
"AM3ffe:1::0/ffff:ffff:ffff:ffff::0"
};
static int _ipcheck_addip(void *fd_tracker_match_entry_head,
struct sockaddr_storage *ss1, struct sockaddr_storage *ss2,
check_type_t type, check_acceptreject_t acceptreject)
{
return ipcheck_addip(fd_tracker_match_entry_head, -1, ss1, ss2, type, acceptreject);
}
static int default_rules(int load)
{
int ret;
check_type_t type;
check_acceptreject_t acceptreject;
struct sockaddr_storage addr1;
struct sockaddr_storage addr2;
int i = 0;
int (*loadfn)(void *fd_tracker_match_entry_head, struct sockaddr_storage *ss1, struct sockaddr_storage *ss2, check_type_t type, check_acceptreject_t acceptreject);
if (load) {
loadfn = _ipcheck_addip;
} else {
loadfn = ipcheck_rmip;
}
while (rules[i] != NULL) {
printf("Parsing rule: %s\n", rules[i]);
memset(&addr1, 0, sizeof(struct sockaddr_storage));
memset(&addr2, 0, sizeof(struct sockaddr_storage));
/*
* First char is A (accept) or R (Reject)
*/
switch(rules[i][0] & 0x5F) {
case 'A':
acceptreject = CHECK_ACCEPT;
break;
case 'R':
acceptreject = CHECK_REJECT;
break;
default:
fprintf(stderr, "Unknown record type on line %d: %s\n", i, rules[i]);
goto next_record;
}
/*
* Second char is the filter type:
* A Address
* M Mask
* R Range
*/
switch(rules[i][1] & 0x5F) {
case 'A':
type = CHECK_TYPE_ADDRESS;
ret = get_ipaddress(rules[i]+2, &addr1);
break;
case 'M':
type = CHECK_TYPE_MASK;
ret = read_2ip(rules[i]+2, "/", &addr1, &addr2);
break;
case 'R':
type = CHECK_TYPE_RANGE;
ret = read_2ip(rules[i]+2, "-", &addr1, &addr2);
break;
default:
fprintf(stderr, "Unknown filter type on line %d: %s\n", i, rules[i]);
goto next_record;
break;
}
if (ret) {
fprintf(stderr, "Failed to parse address on line %d: %s\n", i, rules[i]);
return -1;
} else {
if (addr1.ss_family == AF_INET) {
if (loadfn(&match_entry_v4, &addr1, &addr2, type, acceptreject) < 0) {
fprintf(stderr, "Failed to add/rm address on line %d: %s (errno: %s)\n", i, rules[i], strerror(errno));
return -1;
}
} else {
if (loadfn(&match_entry_v6, &addr1, &addr2, type, acceptreject) < 0) {
fprintf(stderr, "Failed to add/rm address on line %d: %s (errno: %s)\n", i, rules[i], strerror(errno));
return -1;
}
}
}
next_record:
i++;
}
return 0;
}
const char *tests[100] = {
/*
* ipv4
*/
"R192.168.0.3", /* reject address */
"A192.168.0.1", /* accept address */
"R192.168.0.11", /* reject range */
"A192.168.0.8", /* accept range */
"R192.168.2.1", /* reject mask */
"A192.168.3.1", /* accept mask */
/*
* ipv6
*/
"R3ffe::3",
"A3ffe::1",
"R3ffe::11",
"A3ffe::8",
"R3ffe:1::1",
"A3ffe:1::1:1"
};
const char *after_insert_tests[100] = {
/*
* ipv4
*/
"R192.168.0.3", /* reject address */
"A192.168.0.1", /* accept address */
"R192.168.0.11", /* reject range */
"A192.168.0.8", /* accept range */
"A192.168.2.1", /* reject mask */
"A192.168.3.1", /* accept mask */
/*
* ipv6
*/
"R3ffe::3",
"A3ffe::1",
"R3ffe::11",
"A3ffe::8",
"A3ffe:1::1",
"A3ffe:1::1:1"
};
int test(void)
{
int i = 0;
int expected;
struct sockaddr_storage saddr;
struct acl_match_entry *match_entry;
/*
* default tests
*/
while (tests[i] != NULL) {
/*
* First char is A (accept) or R (Reject)
*/
switch(tests[i][0] & 0x5F) {
case 'A':
expected = 1;
break;
case 'R':
expected = 0;
break;
default:
fprintf(stderr, "Unknown record type on line %d: %s\n", i, tests[i]);
return FAIL;
break;
}
if (get_ipaddress(tests[i]+1, &saddr)) {
fprintf(stderr, "Cannot parse address %s\n", tests[i]+1);
return FAIL;
}
if (saddr.ss_family == AF_INET) {
match_entry = match_entry_v4;
} else {
match_entry = match_entry_v6;
}
if (ipcheck_validate(&match_entry, &saddr) != expected) {
fprintf(stderr, "Failed to check access list for ip: %s\n", tests[i]);
return FAIL;
}
i++;
}
/*
* insert tests
*/
if (get_ipaddress("192.168.2.1", &saddr)) {
fprintf(stderr, "Cannot parse address 192.168.2.1\n");
return FAIL;
}
if (ipcheck_addip(&match_entry_v4, 3, &saddr, &saddr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
fprintf(stderr, "Unable to insert address in position 3 192.168.2.1\n");
return FAIL;
}
if (get_ipaddress("3ffe:1::1", &saddr)) {
fprintf(stderr, "Cannot parse address 3ffe:1::1\n");
return FAIL;
}
if (ipcheck_addip(&match_entry_v6, 3, &saddr, &saddr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT) < 0) {
fprintf(stderr, "Unable to insert address in position 3 3ffe:1::1\n");
return FAIL;
}
while (after_insert_tests[i] != NULL) {
/*
* First char is A (accept) or R (Reject)
*/
switch(after_insert_tests[i][0] & 0x5F) {
case 'A':
expected = 1;
break;
case 'R':
expected = 0;
break;
default:
fprintf(stderr, "Unknown record type on line %d: %s\n", i, after_insert_tests[i]);
return FAIL;
break;
}
if (get_ipaddress(after_insert_tests[i]+1, &saddr)) {
fprintf(stderr, "Cannot parse address %s\n", after_insert_tests[i]+1);
return FAIL;
}
if (saddr.ss_family == AF_INET) {
match_entry = match_entry_v4;
} else {
match_entry = match_entry_v6;
}
if (ipcheck_validate(&match_entry, &saddr) != expected) {
fprintf(stderr, "Failed to check access list for ip: %s\n", after_insert_tests[i]);
return FAIL;
}
i++;
}
return PASS;
}
int main(int argc, char *argv[])
{
struct sockaddr_storage saddr;
struct acl_match_entry *match_entry;
int ret = PASS;
int i;
if (default_rules(1) < 0) {
return -1;
}
if (argc > 1) {
/*
* run manual check against default access lists
*/
for (i=1; i<argc; i++) {
if (get_ipaddress(argv[i], &saddr)) {
fprintf(stderr, "Cannot parse address %s\n", argv[i]);
ret = FAIL;
goto out;
} else {
if (saddr.ss_family == AF_INET) {
match_entry = match_entry_v4;
} else {
match_entry = match_entry_v6;
}
if (ipcheck_validate(&match_entry, &saddr)) {
printf("%s is VALID\n", argv[i]);
ret = PASS;
} else {
printf("%s is not allowed\n", argv[i]);
ret = FAIL;
}
}
}
} else {
/*
* run automatic tests
*/
ret = test();
}
/*
* test memory leaks with ipcheck_rmip
*/
if (default_rules(0) < 0) {
return FAIL;
}
/*
* test memory leaks with ipcheck_rmall
*/
if (default_rules(1) < 0) {
return FAIL;
}
out:
ipcheck_rmall(&match_entry_v4);
ipcheck_rmall(&match_entry_v6);
return ret;
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Mon, Feb 24, 3:59 PM (1 h, 49 m ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1464318
Default Alt Text
(53 KB)
Attached To
Mode
rK kronosnet
Attached
Detach File
Event Timeline
Log In to Comment