-
Notifications
You must be signed in to change notification settings - Fork 94
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve IPv4 and IPv6 address handling
by: 1. Farming out address expansion and validation to battle-tested tools, when possible (sipcalc, Python's "ipaddress" module), 2. Making native IPv6 expansion and validation handle a wider variety of address representations (not just what is allowed by RFC 5952), 3. Fixing various bugs in the native IPv6 address expansion routines, 4. Making the native IP expansion routines log _why_ address expansion failed, when it failed, and 5. Adding a variety of test cases to show that addresses are expanded properly and that the different expansion implementations (Python, sipcalc, and native) agree with one another.
- Loading branch information
Showing
10 changed files
with
1,054 additions
and
157 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,17 @@ | ||
--- | ||
# Don't need sudo access or to install anything | ||
arch: | ||
- amd64 | ||
- arm64 | ||
- ppc64le | ||
sudo: false | ||
install: true | ||
|
||
sudo: true | ||
|
||
language: python | ||
python: | ||
- '3.9' | ||
|
||
install: | ||
- sudo apt-get -y install sipcalc | ||
|
||
script: | ||
- ./run-tests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
source "${BASH_SOURCE[0]%/*}/helpers/ipv6.sh" | ||
|
||
script_type="up" | ||
dev="tun19" | ||
|
||
# busctl should not be called for any test in here | ||
TEST_BUSCTL_CALLED=0 | ||
|
||
cases=( | ||
# More than one \`::' | ||
1234::567::89:ab | ||
1:::8 | ||
|
||
# Too long | ||
1234:567:89:a:b:c:d:e:f | ||
|
||
# Also too long | ||
1234:567:89:0::c:d:e:f | ||
|
||
# Leading colon | ||
:1234:567:89:a:b:c:d:e | ||
|
||
# Trailing colon | ||
1234:567:89:a:b:c:d:e: | ||
|
||
# Not hexadecimal | ||
::zzzz | ||
|
||
# Bad embedded IPv4 | ||
::ffff:999.999.999.999 | ||
|
||
# Embedded IPv4 in wrong location | ||
1.2.3.4::ffff | ||
|
||
# Leading garbage | ||
$'\n'::1 | ||
|
||
# Plain garbage | ||
: | ||
::: | ||
) | ||
|
||
all_ipv6_addresses_invalid() { | ||
local -a improperly_accepted_ipv6=() | ||
local -a wrongly_parsed_ipv6=() | ||
local ipv6 bad status | ||
|
||
for ipv6 in "${cases[@]}"; do | ||
foreign_option_1="dhcp-option DNS ${ipv6}" | ||
|
||
if source update-systemd-resolved; then | ||
improperly_accepted_ipv6+=("$ipv6") | ||
fi | ||
|
||
if ! bad="$(all_ipv6_expansion_implementations "$ipv6")"; then | ||
wrongly_parsed_ipv6+=("$bad") | ||
fi | ||
done | ||
|
||
if (( ${#improperly_accepted_ipv6[@]} > 0 )); then | ||
printf 1>&2 -- 'improperly accepted the following IPv6 addresses:\n' | ||
printf 1>&2 -- ' %s\n' "${improperly_accepted_ipv6[@]}" | ||
status=1 | ||
fi | ||
|
||
if (( ${#wrongly_parsed_ipv6[@]} > 0 )); then | ||
printf 1>&2 -- 'parse for the following IPv6 addresses wrongly succeeded:\n' | ||
|
||
for bad in "${wrongly_parsed_ipv6[@]}"; do | ||
printf 1>&2 -- ' %s\n' "$bad" | ||
done | ||
|
||
status=1 | ||
fi | ||
|
||
return "${status:-0}" | ||
} | ||
|
||
TEST_TITLE="Known-bad IPv6 addresses are all rejected" | ||
checktest all_ipv6_addresses_invalid |
Oops, something went wrong.