[asterisk-commits] mmichelson: branch mmichelson/acl-v6 r276265 - in /team/mmichelson/acl-v6: ma...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Jul 13 19:19:31 CDT 2010 

Author: mmichelson
Date: Tue Jul 13 19:19:20 2010
New Revision: 276265

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=276265
Log:
Add new ACL tests to test_acl.

The tests aren't currently passing, and it appears to be due to a flaw
in the netmask parsing code. Valgrind indicates I'm making use of an
uninitialized value, but it's not clear what the value is. --track-origins
provided no help at all on the matter.

More debugging will have to wait until tomorrow.


Modified:
    team/mmichelson/acl-v6/main/acl.c
    team/mmichelson/acl-v6/tests/test_acl.c

Modified: team/mmichelson/acl-v6/main/acl.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/main/acl.c?view=diff&rev=276265&r1=276264&r2=276265
==============================================================================
--- team/mmichelson/acl-v6/main/acl.c (original)
+++ team/mmichelson/acl-v6/main/acl.c Tue Jul 13 19:19:20 2010
@@ -348,6 +348,10 @@
 		make_v4_mapped(addr, addr);
 	}
 
+	ast_log(LOG_NOTICE, "Going to apply mask %s to address %s\n",
+			ast_sockaddr_stringify_addr(netmask),
+			ast_sockaddr_stringify_addr(addr));
+
 	addr6 = (struct sockaddr_in6 *) &addr->ss;
 
 	result6.sin6_family = AF_INET6;
@@ -395,9 +399,13 @@
 	sin6.sin6_family = AF_INET6;
 	for (i = 0; i < 4; ++i) {
 		if (mask >= 32) {
+			ast_log(LOG_NOTICE, "mask is larger than 32, so I set word %d to %x (%x in network order)\n",
+					i, 0xFFFFFFFF, htonl(0xFFFFFFFF));
 			V6_WORD(&sin6, i) = htonl(0xFFFFFFFF);
 			mask -= 32;
 		} else if (mask > 0) {
+			ast_log(LOG_NOTICE, "mask is %d, so I set word %d to %x (%x in network order)\n",
+					mask, i, 0xFFFFFFFF << (32 - mask), htonl(0xFFFFFFFF << (32 - mask)));
 			V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (32 - mask));
 			/* Set mask to 0 so the remaining parts of the address
 			 * Get filled in properly with zeros
@@ -407,11 +415,14 @@
 			/* Mask is 0. Special case to deal with unpredictable
 			 * behavior when trying to shift more than 31 bits
 			 */
-			V6_WORD(&sin6, i) = htonl(0);
+			ast_log(LOG_NOTICE, "mask is 0, so I set word %d to %x (%x in network order)\n",
+					i, 0, htonl(0));
+			V6_WORD(&sin6, i) = htonl(0x00000000);
 		}
 	}
 	memcpy(&addr->ss, &sin6, sizeof(sin6));
 	addr->len = sizeof(sin6);
+	ast_log(LOG_NOTICE, "Got mask %s for CIDR mask %s\n", ast_sockaddr_stringify_addr(addr), mask_str);
 	return 0;
 }
 

Modified: team/mmichelson/acl-v6/tests/test_acl.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/tests/test_acl.c?view=diff&rev=276265&r1=276264&r2=276265
==============================================================================
--- team/mmichelson/acl-v6/tests/test_acl.c (original)
+++ team/mmichelson/acl-v6/tests/test_acl.c Tue Jul 13 19:19:20 2010
@@ -132,17 +132,35 @@
 		{ "10.0.0.0/24", "permit" },
 	};
 
+	struct acl acl3[] = {
+		{ "::/0", "deny" },
+		{ "fe80::/64", "permit" },
+	};
+
+	struct acl acl4[] = {
+		{ "::/0", "deny" },
+		{ "fe80::/64", "permit" },
+		{ "fe80::ffff:0:0:0/80", "deny" },
+		{ "fe80::ffff:0:ffff:0/112", "permit" },
+	};
+
 	struct {
 		const char *test_address;
 		int acl1_result;
 		int acl2_result;
+		int acl3_result;
+		int acl4_result;
 	} acl_tests[] = {
-		{ "10.1.1.5", AST_SENSE_ALLOW, AST_SENSE_ALLOW },
-		{ "192.168.0.5", AST_SENSE_ALLOW, AST_SENSE_ALLOW },
-		{ "192.168.1.5", AST_SENSE_DENY, AST_SENSE_ALLOW },
-		{ "10.0.0.1", AST_SENSE_ALLOW, AST_SENSE_ALLOW },
-		{ "10.0.10.10", AST_SENSE_ALLOW, AST_SENSE_DENY },
-		{ "172.16.0.1", AST_SENSE_DENY, AST_SENSE_ALLOW },
+		{ "10.1.1.5", AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
+		{ "192.168.0.5", AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
+		{ "192.168.1.5", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
+		{ "10.0.0.1", AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
+		{ "10.0.10.10", AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_DENY },
+		{ "172.16.0.1", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
+		{ "fe80::1234", AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY },
+		{ "fe80:1234::1234", AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_DENY, },
+		{ "fe80::ffff:1213:dead:beef", AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY },
+		{ "fe80::ffff:0:ffff:ABCD", AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_ALLOW },
 	};
 
 	struct ast_ha *permit_hav4 = NULL;
@@ -151,6 +169,8 @@
 	struct ast_ha *deny_hav6 = NULL;
 	struct ast_ha *ha1 = NULL;
 	struct ast_ha *ha2 = NULL;
+	struct ast_ha *ha3 = NULL;
+	struct ast_ha *ha4 = NULL;
 	enum ast_test_result_state res = AST_TEST_PASS;
 	int err = 0;
 	int i;
@@ -209,6 +229,24 @@
 		}
 	}
 
+	for (i = 0; i < ARRAY_LEN(acl3); ++i) {
+		if (!(ha3 = ast_append_ha(acl3[i].access, acl3[i].host, ha3, &err))) {
+			ast_test_status_update(test, "Failed to add rule %s with access %s to ha3\n",
+					acl3[i].host, acl3[i].access);
+			res = AST_TEST_FAIL;
+			goto acl_cleanup;
+		}
+	}
+
+	for (i = 0; i < ARRAY_LEN(acl4); ++i) {
+		if (!(ha4 = ast_append_ha(acl4[i].access, acl4[i].host, ha4, &err))) {
+			ast_test_status_update(test, "Failed to add rule %s with access %s to ha4\n",
+					acl4[i].host, acl4[i].access);
+			res = AST_TEST_FAIL;
+			goto acl_cleanup;
+		}
+	}
+
 	for (i = 0; i < ARRAY_LEN(acl_tests); ++i) {
 		struct ast_sockaddr addr;
 		int permit_resv4;
@@ -217,6 +255,8 @@
 		int deny_resv6;
 		int acl1_res;
 		int acl2_res;
+		int acl3_res;
+		int acl4_res;
 
 		ast_sockaddr_parse(&addr, acl_tests[i].test_address, PARSE_PORT_FORBID);
 
@@ -226,6 +266,8 @@
 		deny_resv6 = ast_apply_ha(deny_hav6, &addr);
 		acl1_res = ast_apply_ha(ha1, &addr);
 		acl2_res = ast_apply_ha(ha2, &addr);
+		acl3_res = ast_apply_ha(ha3, &addr);
+		acl4_res = ast_apply_ha(ha4, &addr);
 
 		if (permit_resv4 != AST_SENSE_ALLOW) {
 			ast_test_status_update(test, "Access denied to %s on permit_all ACL\n",
@@ -256,15 +298,29 @@
 		}
 
 		if (acl1_res != acl_tests[i].acl1_result) {
-			ast_test_status_update(test, "Access not as expected to %s on acl1. Expected %d but"
+			ast_test_status_update(test, "Access not as expected to %s on acl1. Expected %d but "
 					"got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl1_result, acl1_res);
 			res = AST_TEST_FAIL;
 			goto acl_cleanup;
 		}
 
 		if (acl2_res != acl_tests[i].acl2_result) {
-			ast_test_status_update(test, "Access not as expected to %s on acl2. Expected %d but"
+			ast_test_status_update(test, "Access not as expected to %s on acl2. Expected %d but "
 					"got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl2_result, acl2_res);
+			res = AST_TEST_FAIL;
+			goto acl_cleanup;
+		}
+
+		if (acl3_res != acl_tests[i].acl3_result) {
+			ast_test_status_update(test, "Access not as expected to %s on acl3. Expected %d but "
+					"got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl3_result, acl3_res);
+			res = AST_TEST_FAIL;
+			goto acl_cleanup;
+		}
+
+		if (acl4_res != acl_tests[i].acl4_result) {
+			ast_test_status_update(test, "Access not as expected to %s on acl4. Expected %d but "
+					"got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl4_result, acl4_res);
 			res = AST_TEST_FAIL;
 			goto acl_cleanup;
 		}
@@ -286,8 +342,14 @@
 	if (ha1) {
 		ast_free_ha(ha1);
 	}
-	if (ha1) {
+	if (ha2) {
 		ast_free_ha(ha2);
+	}
+	if (ha3) {
+		ast_free_ha(ha3);
+	}
+	if (ha4) {
+		ast_free_ha(ha4);
 	}
 	return res;
 }

More information about the asterisk-commits mailing list