[asterisk-commits] mmichelson: branch mmichelson/acl-v6 r276826 - in /team/mmichelson/acl-v6: in...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Jul 15 16:20:59 CDT 2010


Author: mmichelson
Date: Thu Jul 15 16:20:55 2010
New Revision: 276826

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=276826
Log:
Make modifications to my aclv6-branch based on discussion on the -dev list.

The main change made here was to not store all ACLs internally as IPv6 addresses.
Instead, there is a flag in the ast_ha struct that indicates what the address scheme
used in the particular rule. This way, IPv4 ACLs only apply to IPv4 addresses and
IPv6 ACLs only apply to IPv6 addresses.

IPv4-mapped addresses in all cases are stored and treated as IPv4 addresses. In
order to facilitate this, I had to make the ast_sockadr_ipv4_mapped() function
in netsock2.c public. I added an appopriate warning to the doxygen to indicate
that it's not likely to be needed very often like several of the other functions.




Modified:
    team/mmichelson/acl-v6/include/asterisk/acl.h
    team/mmichelson/acl-v6/include/asterisk/netsock2.h
    team/mmichelson/acl-v6/main/acl.c
    team/mmichelson/acl-v6/main/netsock2.c
    team/mmichelson/acl-v6/tests/test_acl.c

Modified: team/mmichelson/acl-v6/include/asterisk/acl.h
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/include/asterisk/acl.h?view=diff&rev=276826&r1=276825&r2=276826
==============================================================================
--- team/mmichelson/acl-v6/include/asterisk/acl.h (original)
+++ team/mmichelson/acl-v6/include/asterisk/acl.h Thu Jul 15 16:20:55 2010
@@ -51,6 +51,7 @@
 	struct ast_sockaddr netmask;
 	int sense;
 	struct ast_ha *next;
+	unsigned char is_ipv4;
 };
 
 /*!

Modified: team/mmichelson/acl-v6/include/asterisk/netsock2.h
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/include/asterisk/netsock2.h?view=diff&rev=276826&r1=276825&r2=276826
==============================================================================
--- team/mmichelson/acl-v6/include/asterisk/netsock2.h (original)
+++ team/mmichelson/acl-v6/include/asterisk/netsock2.h Thu Jul 15 16:20:55 2010
@@ -54,6 +54,20 @@
 	struct sockaddr_storage	 ss;
 	socklen_t len;
 };
+
+/*!
+ * \brief
+ * Convert an IPv4-mapped IPv6 address into an IPv4 address.
+ *
+ * \warning You should rarely need this function. Only call this
+ * if you know what you're doing.
+ *
+ * \param addr The IPv4-mapped address to convert
+ * \param mapped_addr The resulting IPv4 address
+ * \retval 0 Unable to make the conversion
+ * \retval 1 Successful conversion
+ */
+int ast_sockaddr_ipv4_mapped(const struct ast_sockaddr *addr, struct ast_sockaddr *ast_mapped);
 
 /*!
  * \since 1.8

Modified: team/mmichelson/acl-v6/main/acl.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/main/acl.c?view=diff&rev=276826&r1=276825&r2=276826
==============================================================================
--- team/mmichelson/acl-v6/main/acl.c (original)
+++ team/mmichelson/acl-v6/main/acl.c Thu Jul 15 16:20:55 2010
@@ -271,65 +271,17 @@
 	return ret;                             /* Return start of list */
 }
 
-#define V6_WORD(sin6, index) ((uint32_t *)&((sin6)->sin6_addr))[(index)]
-
 /*!
  * \brief
- * Make an IPv4 address into an IPv4-mapped IPv6 address
- *
- * \details
- * To simplify application of ACLs, we store all rules internally
- * as IPv6 addresses. If a rule is based on an IPv4 address, then we
- * will use this function to store the representation as an IPv4-mapped
- * IPv6 address.
- *
- * \param input An IPv4 ast_sockaddr to convert.
- * \param[out] output The resulting IPv4-mapped IPv6 address.
- * \retval void
+ * Isolate a 32-bit section of an IPv6 address
+ *
+ * An IPv6 address can be divided into 4 32-bit chunks. This gives
+ * easy access to one of these chunks.
+ *
+ * \param sin6 A pointer to a struct sockaddr_in6
+ * \param index Which 32-bit chunk to operate on. Must be in the range 0-3.
  */
-static void make_v4_mapped(struct ast_sockaddr *input, struct ast_sockaddr *output)
-{
-	struct sockaddr_in6 sin6 = {0, };
-	static const uint32_t prefix = 0x0000FFFF;
-
-	sin6.sin6_family = AF_INET6;
-	V6_WORD(&sin6, 0) = htonl(0);
-	V6_WORD(&sin6, 1) = htonl(0);
-	V6_WORD(&sin6, 2) = htonl(prefix);
-	V6_WORD(&sin6, 3) = htonl(ast_sockaddr_ipv4(input));
-
-	memcpy(&output->ss, &sin6, sizeof(sin6));
-	output->len = sizeof(sin6);
-}
-
-/*!
- * \brief
- * Convert an IPv4 netmask into an IPv6 netmask
- *
- * \details
- * ast_ha uses IPv6 internally for its rules, even though IPv4
- * addresses can be specified in a rule. To accomplish this, we
- * will map the mask into an IPv6 address. The exception is if
- * an all 0s IPv4 netmask is specified. In this case, we make
- * an all 0s IPv6 netmask.
- *
- * \param input The IPv4 netmask to convert
- * \param output The resulting IPv6 netmask
- * \retval void
- */
-static void map_mask(struct ast_sockaddr *input, struct ast_sockaddr *output)
-{
-	struct sockaddr_in6 sin6;
-	if (!ast_sockaddr_is_any(input)) {
-		make_v4_mapped(input, output);
-		return;
-	}
-	memset(&sin6, 0, sizeof(sin6));
-	sin6.sin6_family = AF_INET6;
-	memset(&sin6.sin6_addr, 0x00, 16);
-	memcpy(&output->ss, &sin6, sizeof(sin6));
-	output->len = sizeof(sin6);
-}
+#define V6_WORD(sin6, index) ((uint32_t *)&((sin6)->sin6_addr))[(index)]
 
 /*!
  * \brief
@@ -347,28 +299,25 @@
 static void apply_netmask(struct ast_sockaddr *addr, struct ast_sockaddr *netmask,
 		struct ast_sockaddr *result)
 {
-	struct sockaddr_in6 *addr6;
-	struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss;
-	struct sockaddr_in6 result6 = {0,};
-	struct ast_sockaddr mapped_addr;
-	struct ast_sockaddr *addr_to_use;
-	int i;
-
 	if (ast_sockaddr_is_ipv4(addr)) {
-		make_v4_mapped(addr, &mapped_addr);
-		addr_to_use = &mapped_addr;
+		struct sockaddr_in result4 = { 0, };
+		struct sockaddr_in *addr4 = (struct sockaddr_in *) &addr->ss;
+		struct sockaddr_in *mask4 = (struct sockaddr_in *) &netmask->ss;
+		result4.sin_family = AF_INET;
+		result4.sin_addr.s_addr = addr4->sin_addr.s_addr & mask4->sin_addr.s_addr;
+		ast_sockaddr_from_sin(result, &result4);
 	} else {
-		addr_to_use = addr;
-	}
-
-	addr6 = (struct sockaddr_in6 *) &addr_to_use->ss;
-
-	result6.sin6_family = AF_INET6;
-	for (i = 0; i < 4; ++i) {
-		V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i);
-	}
-	memcpy(&result->ss, &result6, sizeof(result6));
-	result->len = sizeof(result6);
+		struct sockaddr_in6 result6 = { 0, };
+		struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr->ss;
+		struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss;
+		int i;
+		result6.sin6_family = AF_INET6;
+		for (i = 0; i < 4; ++i) {
+			V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i);
+		}
+		memcpy(&result->ss, &result6, sizeof(result6));
+		result->len = sizeof(result6);
+	}
 }
 
 /*!
@@ -390,48 +339,48 @@
 static int parse_cidr_mask(struct ast_sockaddr *addr, int is_v4, const char *mask_str)
 {
 	int mask;
-	struct sockaddr_in6 sin6 = {0,};
-	int i;
 
 	if (sscanf(mask_str, "%30d", &mask) != 1) {
 		return -1;
 	}
 
-	sin6.sin6_family = AF_INET6;
-
 	if (is_v4) {
+		struct sockaddr_in sin;
 		if (mask < 0 || mask > 32) {
 			return -1;
 		}
-		memset(&sin6.sin6_addr, 0x00, 8);
-		V6_WORD(&sin6, 2) = htonl(mask == 0 ? 0x00000000 : 0x0000FFFF);
-		if (mask == 0) {
-			/* Special case to deal with unpredictable behavior
-			 * when attempting to shift more than 31 bits
-			 */
-			V6_WORD(&sin6, 3) = htonl(0x00000000);
-		} else {
-			V6_WORD(&sin6, 3) = htonl(0xFFFFFFFF << (32 - mask));
-		}
+		memset(&sin, 0, sizeof(sin));
+		sin.sin_family = AF_INET;
+		/* If mask is 0, then we already have the
+		 * appropriate all 0s address in sin from
+		 * the above memset.
+		 */
+		if (mask != 0) {
+			sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask));
+		}
+		ast_sockaddr_from_sin(addr, &sin);
 	} else {
+		struct sockaddr_in6 sin6;
+		int i;
 		if (mask < 0 || mask > 128) {
 			return -1;
 		}
+		memset(&sin6, 0, sizeof(sin6));
+		sin6.sin6_family = AF_INET6;
 		for (i = 0; i < 4; ++i) {
+			/* Once mask reaches 0, we don't have
+			 * to explicitly set anything anymore
+			 * since sin6 was zeroed out already
+			 */
 			if (mask > 0) {
 				V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0));
 				mask -= mask < 32 ? mask : 32;
-			} else {
-				/* Mask is 0. Special case to deal with unpredictable
-				 * behavior when trying to shift more than 31 bits
-				 */
-				V6_WORD(&sin6, i) = htonl(0x00000000);
 			}
 		}
-	}
-
-	memcpy(&addr->ss, &sin6, sizeof(sin6));
-	addr->len = sizeof(sin6);
+		memcpy(&addr->ss, &sin6, sizeof(sin6));
+		addr->len = sizeof(sin6);
+	}
+
 	return 0;
 }
 
@@ -442,7 +391,6 @@
 	struct ast_ha *ret;
 	char *tmp = ast_strdupa(stuff);
 	char *address = NULL, *mask = NULL;
-	struct ast_sockaddr addr_sock;
 	int addr_is_v4;
 
 	ret = path;
@@ -462,44 +410,50 @@
 		mask = tmp;
 	}
 
-	if (!ast_sockaddr_parse(&addr_sock, address, PARSE_PORT_FORBID)) {
+	if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) {
 		ast_log(LOG_WARNING, "Invalid IP address: %s\n", address);
 		ast_free_ha(ha);
 		*error = 1;
 		return ret;
 	}
 
-	addr_is_v4 = ast_sockaddr_is_ipv4(&addr_sock);
-	if (addr_is_v4) {
-		make_v4_mapped(&addr_sock, &ha->addr);
-	} else {
-		ast_sockaddr_copy(&ha->addr, &addr_sock);
-	}
+	/* If someone specifies an IPv4-mapped IPv6 address,
+	 * we just convert this to an IPv4 ACL
+	 */
+	if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) {
+		ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. "
+				"Converting to an IPv4 ACL network address.\n");
+	}
+
+	addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr);
 
 	if (!mask) {
 		parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128");
 	} else if (strchr(mask, ':') || strchr(mask, '.')) {
 		int mask_is_v4;
-		struct ast_sockaddr mask_sock;
 		/* Mask is of x.x.x.x or x:x:x:x:x:x:x:x variety */
-		if (!ast_sockaddr_parse(&mask_sock, mask, PARSE_PORT_FORBID)) {
+		if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) {
 			ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask);
 			ast_free_ha(ha);
 			*error = 1;
 			return ret;
 		}
-		mask_is_v4 = ast_sockaddr_is_ipv4(&mask_sock);
+		/* If someone specifies an IPv4-mapped IPv6 netmask,
+		 * we just convert this to an IPv4 ACL
+		 */
+		if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) {
+			ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. "
+					"Converting to an IPv4 ACL netmask.\n");
+		}
+		mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask);
 		if (addr_is_v4 ^ mask_is_v4) {
 			ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n");
 			ast_free_ha(ha);
 			*error = 1;
 			return ret;
 		}
-		if (mask_is_v4) {
-			map_mask(&mask_sock, &ha->netmask);
-		}
 	} else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) {
-		ast_log(LOG_WARNING, "Invalid CIDR netmask: %s", mask);
+		ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask);
 		ast_free_ha(ha);
 		*error = 1;
 		return ret;
@@ -508,6 +462,7 @@
 	apply_netmask(&ha->addr, &ha->netmask, &ha->addr);
 
 	ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
+	ha->is_ipv4 = addr_is_v4;
 
 	ha->next = NULL;
 	if (prev) {
@@ -525,8 +480,12 @@
 {
 	/* Start optimistic */
 	int res = AST_SENSE_ALLOW;
-	while (ha) {
+	struct ast_ha *current_ha;
+
+	for (current_ha = ha; current_ha; current_ha = current_ha->next) {
 		struct ast_sockaddr result;
+		struct ast_sockaddr mapped_addr;
+		struct ast_sockaddr *addr_to_use;
 #if 0	/* debugging code */
 		char iabuf[INET_ADDRSTRLEN];
 		char iabuf2[INET_ADDRSTRLEN];
@@ -535,13 +494,35 @@
 		ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
 		ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
 #endif
+		if (current_ha->is_ipv4) {
+			if (ast_sockaddr_is_ipv6(addr)) {
+				if (ast_sockaddr_is_ipv4_mapped(addr)) {
+					/* IPv4 ACLs apply to IPv4-mapped addresses */
+					ast_sockaddr_ipv4_mapped(addr, &mapped_addr);
+					addr_to_use = &mapped_addr;
+				} else {
+					/* An IPv4 ACL does not apply to an IPv6 address */
+					continue;
+				}
+			} else {
+				/* Address is IPv4 and ACL is IPv4. No biggie */
+				addr_to_use = addr;
+			}
+		} else {
+			if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) {
+				addr_to_use = addr;
+			} else {
+				/* Address is IPv4 or IPv4 mapped but ACL is IPv6. Skip */
+				continue;
+			}
+		}
+
 		/* For each rule, if this address and the netmask = the net address
 		   apply the current rule */
-		apply_netmask(addr, &ha->netmask, &result);
-		if (!ast_sockaddr_cmp_addr(&result, &ha->addr)) {
-			res = ha->sense;
-		}
-		ha = ha->next;
+		apply_netmask(addr_to_use, &current_ha->netmask, &result);
+		if (!ast_sockaddr_cmp_addr(&result, &current_ha->addr)) {
+			res = current_ha->sense;
+		}
 	}
 	return res;
 }

Modified: team/mmichelson/acl-v6/main/netsock2.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/main/netsock2.c?view=diff&rev=276826&r1=276825&r2=276826
==============================================================================
--- team/mmichelson/acl-v6/main/netsock2.c (original)
+++ team/mmichelson/acl-v6/main/netsock2.c Thu Jul 15 16:20:55 2010
@@ -32,7 +32,7 @@
 #include "asterisk/utils.h"
 #include "asterisk/threadstorage.h"
 
-static int ast_sockaddr_ipv4_mapped(const struct ast_sockaddr *addr, struct ast_sockaddr *ast_mapped)
+int ast_sockaddr_ipv4_mapped(const struct ast_sockaddr *addr, struct ast_sockaddr *ast_mapped)
 {
 	const struct sockaddr_in6 *sin6;
 	struct sockaddr_in sin4;

Modified: team/mmichelson/acl-v6/tests/test_acl.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/tests/test_acl.c?view=diff&rev=276826&r1=276825&r2=276826
==============================================================================
--- team/mmichelson/acl-v6/tests/test_acl.c (original)
+++ team/mmichelson/acl-v6/tests/test_acl.c Thu Jul 15 16:20:55 2010
@@ -74,7 +74,7 @@
 		/* Leading and trailing colons for IPv6 address */
 		":1234:/15",
 		/* IPv6 address and IPv4 netmask */
-		"::ffff/255.255.255.0",
+		"fe80::1234/255.255.255.0",
 	};
 
 	enum ast_test_result_state res = AST_TEST_PASS;
@@ -114,6 +114,13 @@
 	const char *access;
 };
 
+/* These constants are defined for the sole purpose of being shorter
+ * than their real names. It makes lines in this test quite a bit shorter
+ */
+
+#define TACL_A AST_SENSE_ALLOW
+#define TACL_D AST_SENSE_DENY
+
 AST_TEST_DEFINE(acl)
 {
 	struct acl permitallv4 = { "0.0.0.0/0", "permit" };
@@ -146,21 +153,25 @@
 
 	struct {
 		const char *test_address;
+		int v4_permitall_result;
+		int v4_denyall_result;
+		int v6_permitall_result;
+		int v6_denyall_result;
 		int acl1_result;
 		int acl2_result;
 		int acl3_result;
 		int acl4_result;
 	} acl_tests[] = {
-		{ "10.1.1.5", AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
-		{ "192.168.0.5", AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
-		{ "192.168.1.5", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
-		{ "10.0.0.1", AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
-		{ "10.0.10.10", AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_DENY },
-		{ "172.16.0.1", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
-		{ "fe80::1234", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_ALLOW },
-		{ "fe80:1234::1234", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY, },
-		{ "fe80::ffff:1213:dead:beef", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_DENY },
-		{ "fe80::ffff:0:ffff:ABCD", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_ALLOW },
+		{ "10.1.1.5", TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A },
+		{ "192.168.0.5", TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A },
+		{ "192.168.1.5", TACL_A, TACL_D, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A },
+		{ "10.0.0.1", TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A },
+		{ "10.0.10.10", TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A },
+		{ "172.16.0.1", TACL_A, TACL_D, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A },
+		{ "fe80::1234", TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A },
+		{ "fe80:1234::1234", TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_D, TACL_D, },
+		{ "fe80::ffff:1213:dead:beef", TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_D },
+		{ "fe80::ffff:0:ffff:ABCD", TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A },
 	};
 
 	struct ast_ha *permit_hav4 = NULL;
@@ -269,30 +280,30 @@
 		acl3_res = ast_apply_ha(ha3, &addr);
 		acl4_res = ast_apply_ha(ha4, &addr);
 
-		if (permit_resv4 != AST_SENSE_ALLOW) {
-			ast_test_status_update(test, "Access denied to %s on permit_all ACL\n",
-					acl_tests[i].test_address);
-			res = AST_TEST_FAIL;
-			goto acl_cleanup;
-		}
-
-		if (deny_resv4 != AST_SENSE_DENY) {
-			ast_test_status_update(test, "Access allowed to %s on deny_all ACL\n",
-					acl_tests[i].test_address);
-			res = AST_TEST_FAIL;
-			goto acl_cleanup;
-		}
-
-		if (permit_resv6 != AST_SENSE_ALLOW) {
-			ast_test_status_update(test, "Access denied to %s on permit_all ACL\n",
-					acl_tests[i].test_address);
-			res = AST_TEST_FAIL;
-			goto acl_cleanup;
-		}
-
-		if (deny_resv6 != AST_SENSE_DENY) {
-			ast_test_status_update(test, "Access allowed to %s on deny_all ACL\n",
-					acl_tests[i].test_address);
+		if (permit_resv4 != acl_tests[i].v4_permitall_result) {
+			ast_test_status_update(test, "Access not as expected to %s on permitallv4. Expected %d but "
+					"got %d instead\n", acl_tests[i].test_address, acl_tests[i].v4_permitall_result, permit_resv4);
+			res = AST_TEST_FAIL;
+			goto acl_cleanup;
+		}
+
+		if (deny_resv4 != acl_tests[i].v4_denyall_result) {
+			ast_test_status_update(test, "Access not as expected to %s on denyallv4. Expected %d but "
+					"got %d instead\n", acl_tests[i].test_address, acl_tests[i].v4_denyall_result, deny_resv4);
+			res = AST_TEST_FAIL;
+			goto acl_cleanup;
+		}
+
+		if (permit_resv6 != acl_tests[i].v6_permitall_result) {
+			ast_test_status_update(test, "Access not as expected to %s on permitallv6. Expected %d but "
+					"got %d instead\n", acl_tests[i].test_address, acl_tests[i].v6_permitall_result, permit_resv6);
+			res = AST_TEST_FAIL;
+			goto acl_cleanup;
+		}
+
+		if (deny_resv6 != acl_tests[i].v6_denyall_result) {
+			ast_test_status_update(test, "Access not as expected to %s on denyallv6. Expected %d but "
+					"got %d instead\n", acl_tests[i].test_address, acl_tests[i].v6_denyall_result, deny_resv6);
 			res = AST_TEST_FAIL;
 			goto acl_cleanup;
 		}




More information about the asterisk-commits mailing list